From e99fbbb680307fe016c8db7d6611f1a3249761fb Mon Sep 17 00:00:00 2001 From: Doug Barton Date: Sun, 10 Dec 2006 07:09:56 +0000 Subject: [PATCH] Vendor import of BIND 9.3.3 --- contrib/bind9/CHANGES | 342 +- contrib/bind9/COPYRIGHT | 4 +- contrib/bind9/FAQ | 389 +- contrib/bind9/FAQ.xml | 198 +- contrib/bind9/Makefile.in | 7 +- contrib/bind9/README | 18 +- contrib/bind9/bin/check/named-checkconf.8 | 25 +- contrib/bind9/bin/check/named-checkconf.c | 44 +- contrib/bind9/bin/check/named-checkconf.html | 16 +- contrib/bind9/bin/check/named-checkzone.8 | 45 +- .../bind9/bin/check/named-checkzone.docbook | 7 +- contrib/bind9/bin/check/named-checkzone.html | 20 +- contrib/bind9/bin/dig/dig.1 | 101 +- contrib/bind9/bin/dig/dig.c | 6 +- contrib/bind9/bin/dig/dig.html | 22 +- contrib/bind9/bin/dig/dighost.c | 99 +- contrib/bind9/bin/dig/host.1 | 15 +- contrib/bind9/bin/dig/host.c | 44 +- contrib/bind9/bin/dig/host.html | 12 +- contrib/bind9/bin/dig/include/dig/dig.h | 9 +- contrib/bind9/bin/dig/nslookup.1 | 91 +- contrib/bind9/bin/dig/nslookup.c | 5 +- contrib/bind9/bin/dig/nslookup.docbook | 7 +- contrib/bind9/bin/dig/nslookup.html | 22 +- contrib/bind9/bin/dnssec/dnssec-keygen.8 | 51 +- contrib/bind9/bin/dnssec/dnssec-keygen.html | 18 +- contrib/bind9/bin/dnssec/dnssec-signzone.8 | 55 +- contrib/bind9/bin/dnssec/dnssec-signzone.c | 8 +- contrib/bind9/bin/dnssec/dnssec-signzone.html | 16 +- contrib/bind9/bin/named/aclconf.c | 32 +- contrib/bind9/bin/named/client.c | 105 +- contrib/bind9/bin/named/config.c | 97 +- contrib/bind9/bin/named/controlconf.c | 134 +- .../bind9/bin/named/include/named/aclconf.h | 8 +- .../bind9/bin/named/include/named/client.h | 10 +- .../bind9/bin/named/include/named/config.h | 27 +- .../bind9/bin/named/include/named/control.h | 6 +- .../bind9/bin/named/include/named/globals.h | 6 +- .../bind9/bin/named/include/named/logconf.h | 6 +- .../bind9/bin/named/include/named/lwresd.h | 9 +- .../bind9/bin/named/include/named/server.h | 6 +- .../bind9/bin/named/include/named/sortlist.h | 15 +- .../bind9/bin/named/include/named/tkeyconf.h | 8 +- .../bind9/bin/named/include/named/tsigconf.h | 6 +- .../bind9/bin/named/include/named/zoneconf.h | 11 +- contrib/bind9/bin/named/interfacemgr.c | 16 +- contrib/bind9/bin/named/logconf.c | 60 +- contrib/bind9/bin/named/lwdgabn.c | 6 +- contrib/bind9/bin/named/lwdgrbn.c | 8 +- contrib/bind9/bin/named/lwresd.8 | 41 +- contrib/bind9/bin/named/lwresd.c | 25 +- contrib/bind9/bin/named/lwresd.html | 16 +- contrib/bind9/bin/named/main.c | 10 +- contrib/bind9/bin/named/named.8 | 52 +- contrib/bind9/bin/named/named.conf.5 | 52 +- contrib/bind9/bin/named/named.conf.docbook | 16 +- contrib/bind9/bin/named/named.conf.html | 47 +- contrib/bind9/bin/named/named.docbook | 9 +- contrib/bind9/bin/named/named.html | 23 +- contrib/bind9/bin/named/query.c | 81 +- contrib/bind9/bin/named/server.c | 293 +- contrib/bind9/bin/named/sortlist.c | 20 +- contrib/bind9/bin/named/tkeyconf.c | 12 +- contrib/bind9/bin/named/tsigconf.c | 28 +- contrib/bind9/bin/named/unix/os.c | 11 +- contrib/bind9/bin/named/update.c | 34 +- contrib/bind9/bin/named/zoneconf.c | 78 +- contrib/bind9/bin/nsupdate/nsupdate.8 | 63 +- contrib/bind9/bin/nsupdate/nsupdate.c | 10 +- contrib/bind9/bin/nsupdate/nsupdate.html | 20 +- contrib/bind9/bin/rndc/rndc-confgen.8 | 35 +- contrib/bind9/bin/rndc/rndc-confgen.html | 18 +- contrib/bind9/bin/rndc/rndc.8 | 30 +- contrib/bind9/bin/rndc/rndc.c | 52 +- contrib/bind9/bin/rndc/rndc.conf.5 | 19 +- contrib/bind9/bin/rndc/rndc.conf.html | 16 +- contrib/bind9/bin/rndc/rndc.html | 16 +- contrib/bind9/config.threads.in | 25 + contrib/bind9/configure.in | 196 +- contrib/bind9/doc/arm/Bv9ARM-book.xml | 583 +- contrib/bind9/doc/arm/Bv9ARM.ch01.html | 100 +- contrib/bind9/doc/arm/Bv9ARM.ch02.html | 44 +- contrib/bind9/doc/arm/Bv9ARM.ch03.html | 69 +- contrib/bind9/doc/arm/Bv9ARM.ch04.html | 246 +- contrib/bind9/doc/arm/Bv9ARM.ch05.html | 18 +- contrib/bind9/doc/arm/Bv9ARM.ch06.html | 663 +- contrib/bind9/doc/arm/Bv9ARM.ch07.html | 54 +- contrib/bind9/doc/arm/Bv9ARM.ch08.html | 36 +- contrib/bind9/doc/arm/Bv9ARM.ch09.html | 239 +- contrib/bind9/doc/arm/Bv9ARM.html | 162 +- contrib/bind9/doc/arm/Bv9ARM.pdf | 7775 +++++++++-------- contrib/bind9/lib/bind/Makefile.in | 11 +- contrib/bind9/lib/bind/api | 2 +- contrib/bind9/lib/bind/config.h.in | 1 + contrib/bind9/lib/bind/configure | 1314 ++- contrib/bind9/lib/bind/configure.in | 338 +- contrib/bind9/lib/bind/dst/dst_api.c | 23 +- contrib/bind9/lib/bind/dst/hmac_link.c | 25 +- .../lib/bind/include/arpa/nameser_compat.h | 7 +- contrib/bind9/lib/bind/include/isc/list.h | 8 +- contrib/bind9/lib/bind/include/netdb.h | 53 +- contrib/bind9/lib/bind/inet/inet_cidr_ntop.c | 10 +- contrib/bind9/lib/bind/inet/inet_net_ntop.c | 4 +- contrib/bind9/lib/bind/irs/dns.c | 4 +- contrib/bind9/lib/bind/irs/dns_ho.c | 22 +- contrib/bind9/lib/bind/irs/gai_strerror.c | 25 +- contrib/bind9/lib/bind/irs/gen_ho.c | 4 +- contrib/bind9/lib/bind/irs/getaddrinfo.c | 34 +- contrib/bind9/lib/bind/irs/gethostent.c | 4 +- contrib/bind9/lib/bind/irs/getnameinfo.c | 10 + contrib/bind9/lib/bind/irs/getprotoent_r.c | 8 +- contrib/bind9/lib/bind/irs/getservent_r.c | 16 +- contrib/bind9/lib/bind/irs/irp.c | 7 +- contrib/bind9/lib/bind/irs/irp_nw.c | 4 +- contrib/bind9/lib/bind/irs/irpmarshall.c | 6 +- contrib/bind9/lib/bind/irs/irs_data.c | 20 +- contrib/bind9/lib/bind/irs/lcl_ho.c | 4 +- contrib/bind9/lib/bind/irs/lcl_pr.c | 10 +- contrib/bind9/lib/bind/isc/ev_connects.c | 10 +- contrib/bind9/lib/bind/isc/eventlib.c | 9 +- contrib/bind9/lib/bind/isc/eventlib_p.h | 4 +- contrib/bind9/lib/bind/isc/heap.c | 10 +- contrib/bind9/lib/bind/isc/hex.c | 5 +- contrib/bind9/lib/bind/isc/memcluster.c | 9 +- contrib/bind9/lib/bind/nameser/ns_sign.c | 7 +- contrib/bind9/lib/bind/nameser/ns_verify.c | 6 +- contrib/bind9/lib/bind/port_after.h.in | 4 + contrib/bind9/lib/bind/port_before.h.in | 4 + contrib/bind9/lib/bind/resolv/mtctxres.c | 7 +- contrib/bind9/lib/bind/resolv/res_init.c | 17 +- contrib/bind9/lib/bind/resolv/res_send.c | 17 +- .../bind9/lib/bind/resolv/res_sendsigned.c | 5 +- contrib/bind9/lib/bind9/api | 2 +- contrib/bind9/lib/bind9/check.c | 205 +- contrib/bind9/lib/bind9/include/bind9/check.h | 9 +- contrib/bind9/lib/dns/Makefile.in | 7 +- contrib/bind9/lib/dns/acl.c | 42 +- contrib/bind9/lib/dns/adb.c | 7 +- contrib/bind9/lib/dns/api | 4 +- contrib/bind9/lib/dns/cache.c | 69 +- contrib/bind9/lib/dns/compress.c | 12 +- contrib/bind9/lib/dns/dispatch.c | 87 +- contrib/bind9/lib/dns/dnssec.c | 7 +- contrib/bind9/lib/dns/dst_api.c | 8 +- contrib/bind9/lib/dns/gen.c | 11 +- contrib/bind9/lib/dns/include/dns/acl.h | 38 +- contrib/bind9/lib/dns/include/dns/cache.h | 6 +- contrib/bind9/lib/dns/include/dns/compress.h | 10 +- contrib/bind9/lib/dns/include/dns/keytable.h | 10 +- contrib/bind9/lib/dns/include/dns/message.h | 29 +- contrib/bind9/lib/dns/include/dns/name.h | 11 +- contrib/bind9/lib/dns/include/dns/peer.h | 7 +- contrib/bind9/lib/dns/include/dns/rdataset.h | 12 +- contrib/bind9/lib/dns/include/dns/resolver.h | 6 +- contrib/bind9/lib/dns/include/dns/types.h | 6 +- contrib/bind9/lib/dns/include/dns/validator.h | 71 +- contrib/bind9/lib/dns/include/dns/xfrin.h | 12 +- contrib/bind9/lib/dns/include/dns/zone.h | 34 +- contrib/bind9/lib/dns/keytable.c | 13 +- contrib/bind9/lib/dns/lookup.c | 14 +- contrib/bind9/lib/dns/masterdump.c | 10 +- contrib/bind9/lib/dns/message.c | 46 +- contrib/bind9/lib/dns/name.c | 14 +- contrib/bind9/lib/dns/openssl_link.c | 8 +- contrib/bind9/lib/dns/openssldh_link.c | 77 +- contrib/bind9/lib/dns/openssldsa_link.c | 81 +- contrib/bind9/lib/dns/opensslrsa_link.c | 24 +- contrib/bind9/lib/dns/peer.c | 8 +- contrib/bind9/lib/dns/portlist.c | 6 +- contrib/bind9/lib/dns/rbtdb.c | 202 +- contrib/bind9/lib/dns/rdata.c | 6 +- .../bind9/lib/dns/rdata/generic/dlv_32769.c | 281 + .../bind9/lib/dns/rdata/generic/dlv_32769.h | 33 + contrib/bind9/lib/dns/rdataset.c | 16 +- contrib/bind9/lib/dns/request.c | 8 +- contrib/bind9/lib/dns/resolver.c | 51 +- contrib/bind9/lib/dns/tcpmsg.c | 7 +- contrib/bind9/lib/dns/tkey.c | 8 +- contrib/bind9/lib/dns/tsig.c | 43 +- contrib/bind9/lib/dns/validator.c | 435 +- contrib/bind9/lib/dns/xfrin.c | 67 +- contrib/bind9/lib/dns/zone.c | 94 +- contrib/bind9/lib/isc/api | 4 +- contrib/bind9/lib/isc/hash.c | 13 +- contrib/bind9/lib/isc/heap.c | 58 +- contrib/bind9/lib/isc/hmacmd5.c | 5 +- contrib/bind9/lib/isc/include/isc/heap.h | 143 +- contrib/bind9/lib/isc/include/isc/list.h | 12 +- contrib/bind9/lib/isc/include/isc/sockaddr.h | 14 +- contrib/bind9/lib/isc/include/isc/symtab.h | 5 +- contrib/bind9/lib/isc/lex.c | 20 +- contrib/bind9/lib/isc/log.c | 7 +- contrib/bind9/lib/isc/netscope.c | 6 +- contrib/bind9/lib/isc/nothreads/condition.c | 6 +- contrib/bind9/lib/isc/nothreads/mutex.c | 6 +- contrib/bind9/lib/isc/print.c | 13 +- contrib/bind9/lib/isc/sockaddr.c | 14 +- contrib/bind9/lib/isc/taskpool.c | 8 +- contrib/bind9/lib/isc/timer.c | 13 +- contrib/bind9/lib/isc/unix/entropy.c | 14 +- contrib/bind9/lib/isc/unix/fsaccess.c | 6 +- contrib/bind9/lib/isc/unix/ifiter_ioctl.c | 10 +- contrib/bind9/lib/isc/unix/ipv6.c | 6 +- contrib/bind9/lib/isc/unix/socket.c | 32 +- contrib/bind9/lib/isccc/api | 2 +- contrib/bind9/lib/isccfg/include/isccfg/cfg.h | 75 +- .../bind9/lib/isccfg/include/isccfg/grammar.h | 32 +- contrib/bind9/lib/isccfg/namedconf.c | 18 +- contrib/bind9/lib/isccfg/parser.c | 136 +- contrib/bind9/lib/lwres/api | 2 +- contrib/bind9/lib/lwres/gai_strerror.c | 6 +- contrib/bind9/lib/lwres/getaddrinfo.c | 30 +- contrib/bind9/lib/lwres/lwconfig.c | 6 +- contrib/bind9/lib/lwres/man/lwres.3 | 15 +- contrib/bind9/lib/lwres/man/lwres.html | 16 +- contrib/bind9/lib/lwres/man/lwres_buffer.3 | 53 +- contrib/bind9/lib/lwres/man/lwres_buffer.html | 130 +- contrib/bind9/lib/lwres/man/lwres_config.3 | 28 +- contrib/bind9/lib/lwres/man/lwres_config.html | 60 +- contrib/bind9/lib/lwres/man/lwres_context.3 | 29 +- .../bind9/lib/lwres/man/lwres_context.html | 61 +- contrib/bind9/lib/lwres/man/lwres_gabn.3 | 32 +- contrib/bind9/lib/lwres/man/lwres_gabn.html | 42 +- .../bind9/lib/lwres/man/lwres_gai_strerror.3 | 39 +- .../lib/lwres/man/lwres_gai_strerror.html | 10 +- .../bind9/lib/lwres/man/lwres_getaddrinfo.3 | 32 +- .../lib/lwres/man/lwres_getaddrinfo.html | 29 +- .../bind9/lib/lwres/man/lwres_gethostent.3 | 57 +- .../bind9/lib/lwres/man/lwres_gethostent.html | 51 +- contrib/bind9/lib/lwres/man/lwres_getipnode.3 | 49 +- .../bind9/lib/lwres/man/lwres_getipnode.html | 34 +- .../bind9/lib/lwres/man/lwres_getnameinfo.3 | 30 +- .../lib/lwres/man/lwres_getnameinfo.html | 19 +- .../lib/lwres/man/lwres_getrrsetbyname.3 | 33 +- .../lib/lwres/man/lwres_getrrsetbyname.html | 29 +- contrib/bind9/lib/lwres/man/lwres_gnba.3 | 32 +- contrib/bind9/lib/lwres/man/lwres_gnba.html | 51 +- contrib/bind9/lib/lwres/man/lwres_hstrerror.3 | 29 +- .../bind9/lib/lwres/man/lwres_hstrerror.html | 12 +- contrib/bind9/lib/lwres/man/lwres_inetntop.3 | 17 +- .../bind9/lib/lwres/man/lwres_inetntop.html | 17 +- contrib/bind9/lib/lwres/man/lwres_noop.3 | 32 +- contrib/bind9/lib/lwres/man/lwres_noop.html | 42 +- contrib/bind9/lib/lwres/man/lwres_packet.3 | 48 +- contrib/bind9/lib/lwres/man/lwres_packet.html | 20 +- contrib/bind9/lib/lwres/man/lwres_resutil.3 | 25 +- .../bind9/lib/lwres/man/lwres_resutil.html | 32 +- contrib/bind9/libtool.m4 | 2 +- contrib/bind9/ltmain.sh | 14 +- contrib/bind9/make/rules.in | 10 +- contrib/bind9/version | 8 +- 251 files changed, 12415 insertions(+), 7547 deletions(-) create mode 100644 contrib/bind9/lib/dns/rdata/generic/dlv_32769.c create mode 100644 contrib/bind9/lib/dns/rdata/generic/dlv_32769.h diff --git a/contrib/bind9/CHANGES b/contrib/bind9/CHANGES index b45cec78ac6..f4b36d9204e 100644 --- a/contrib/bind9/CHANGES +++ b/contrib/bind9/CHANGES @@ -1,5 +1,37 @@ - --- 9.3.2-P2 released --- + --- 9.3.3 released --- + +2107. [bug] dighost.c: more cleanup of buffers. [RT #16499] + +2104. [port] Fix Solaris SMF error message. + +2103. [port] Add /usr/sfw to list of locations for OpenSSL + under Solaris. + +2102. [port] Silence solaris 10 warnings. + +2101. [bug] OpenSSL version checks were not quite right. + [RT #16476] + +2100. [port] win32: copy libeay32.dll to Build\Debug. + +2099. [port] win32: more manifiest issues. + + --- 9.3.3rc3 released --- + +2096. [bug] libbind: handle applications that fail to detect + res_init() failures better. + +2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and + net_cidr_ntop_ipv6(). [RT #16388] + +2094. [contrib] Update named-bootconf. [RT# 16404] + +2092. [bug] win32: dig, host, nslookup. Use registry config + if resolv.conf does not exist or no nameservers + listed. [RT #15877] + +2091. [port] dighost.c: race condition on cleanup. [RT #16417] 2090. [port] win32: Visual C++ 2005 command line manifest support. [RT #16417] @@ -12,15 +44,307 @@ 2088. [security] Change the default RSA exponent from 3 to 65537. [RT #16391] +2086. [port] libbind: FreeBSD now has get*by*_r() functions. + [RT #16403] + +2085. [doc] win32: added index.html and README to zip. [RT #16201] + +2084. [contrib] dbus update for 9.3.3rc2. + 2083. [port] win32: Visual C++ 2005 support. - --- 9.3.2-P1 released --- +2082. [doc] Document 'cache-file' as a test only option. + + --- 9.3.3rc2 released --- + +2081. [port] libbind: minor 64-bit portability fix in memcluster.c. + [RT #16360] + +2080. [port] libbind: res_init.c did not compile on older versions + of Solaris. [RT #16363] + +2076. [bug] Several files were missing #include + causing build failures on OSF. [RT #16341] + +2074. [bug] dns_request_createvia2(), dns_request_createvia3(), + dns_request_createraw2() and dns_request_createraw3() + failed to send multiple UDP requests. [RT #16349] 2066. [security] Handle SIG queries gracefully. [RT #16300] + --- 9.3.3rc1 released --- + +2071. [port] Test whether gcc accepts -fno-strict-aliasing. + [RT #16324] + +2070. [bug] The remote address was not always displayed when + reporting dispatch failures. [RT #16315] + +2069. [bug] Cross compiling was not working. [RT #16330] + +2067. [bug] 'rndc' could close the socket too early triggering + a INSIST under Windows. [RT #16317] + +2065. [bug] libbind: probe for HPUX prototypes for + endprotoent_r() and endservent_r(). [RT 16313] + +2064. [bug] libbind: silence AIX compiler warnings. [RT #16218] + +2063. [bug] Change #1955 introduced a bug which caused the first + 'rndc flush' call to not free memory. [RT #16244] + +2062. [bug] 'dig +nssearch' was reusing a buffer before it had + been returned by the socket code. [RT #16307] + +2057. [bug] Make setting "ra" dependent on both allow-query and + allow-recursion. [RT #16290] + +2056. [bug] dig: ixfr= was not being treated case insensitively + at all times. [RT #15955] + +2055. [bug] Missing goto after dropping multicast query. + [RT #15944] + +2054. [port] freebsd: do not explicitly link against -lpthread. + [RT #16170] + +2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220] + +2052. [bug] 'rndc' improve connect failed message to report + the failing address. [RT #15978] + +2051. [port] More strtol() fixes. [RT #16249] + +2050. [bug] Parsing of NSAP records was not case insensitive. + [RT #16287] + +2049. [bug] Restore SOA before AXFR when falling back from + a attempted IXFR when transfering in a zone. + Allow a initial SOA query before attempting + a AXFR to be requested. [RT #16156] + +2048. [bug] It was possible to loop forever when using + avoid-v4-udp-ports / avoid-v6-udp-ports when + the OS always returned the same local port. + [RT #16182] + +2047. [bug] Failed to initialise the interface flags to zero. + [RT #16245] + +2043. [port] nsupdate/nslookup: Force the flushing of the prompt + for interactive sessions. [RT#16148] + +2038. [bug] dig/nslookup/host was unlinking from wrong list + when handling errors. [RT #16122] + +2037. [func] When unlinking the first or last element in a list + check that the list head points to the element to + be unlinked. [RT #15959] + +2036. [bug] 'rndc recursing' could cause trigger a REQUIRE. + [RT #16075] + +2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124] + + --- 9.3.3b1 released --- + +2031. [bug] Emit a error message when "rndc refresh" is called on + a non slave/stub zone. [RT # 16073] + +2030. [bug] We were being overly conservative when disabling + openssl engine support. [RT #16030] + +2029. [bug] host printed out the server multiple times when + specified on the command line. [RT #15992] + +2028. [port] linux: socket.c compatability for old systems. + [RT #16015] + +2027. [port] libbind: Solaris x86 support. [RT #16020] + +2026. [bug] Rate limit the two recursive client exceeded messages. + [RT #16044] + +2024. [bug] named emited spurious "zone serial unchanged" + messages on reload. [RT #16027] + +2023. [bug] "make install" should create ${localstatedir}/run and + ${sysconfdir} if they do not exist. [RT #16033] + +2016. [bug] Return a partial answer if recursion is not + allowed but requested and we had the answer + to the original qname. [RT #15945] + +2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR + responses more gracefully. [RT #15941] + +2009. [bug] libbind: coverity fixes. [RT #15808] + +2005. [bug] libbind: Retransmission timeouts should be + based on which attempt it is to the nameserver + and not the nameserver itself. [RT #13548] + +2004. [bug] dns_tsig_sign() could pass a NULL pointer to + dst_context_destroy() when cleaning up after a + error. [RT #15835] + +2003. [bug] libbind: The DNS name/address lookup functions could + occasionally follow a random pointer due to + structures not being completely zeroed. [RT #15806] + +2002. [bug] libbind: tighten the constraints on when + struct addrinfo._ai_pad exists. [RT #15783] + +2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812] + +1998. [bug] Restrict handling of fifos as sockets to just SunOS. + This allows named to connect to entropy gathering + daemons that use fifos instead of sockets. [RT #15840] + +1997. [bug] Named was failing to replace negative cache entries + when a positive one for the type was learnt. + [RT #15818] + +1995. [bug] 'host' was reporting multiple "is an alias" messages. + [RT #15702] + +1994. [port] OpenSSL 0.9.8 support. [RT #15694] + +1993. [bug] Log messsage, via syslog, were missing the space + after the timestamp if "print-time yes" was specified. + [RT #15844] + +1991. [cleanup] The configuration data, once read, should be treated + as readonly. Expand the use of const to enforce this + at compile time. [RT #15813] + +1990. [bug] libbind: isc's override of broken gettimeofday() + implementions was not always effective. + [RT #15709] + +1989. [bug] win32: don't check the service password when + re-installing. [RT #15882] + +1985. [protocol] DLV has now been assigned a official type code of + 32769. [RT #15807] + + Note: care should be taken to ensure you upgrade + both named and dnssec-signzone at the same time for + zones with DLV records where named is the master + server for the zone. Also any zones that contain + DLV records should be removed when upgrading a slave + zone. You do not however have to upgrade all + servers for a zone with DLV records simultaniously. + +1982. [bug] DNSKEY was being accepted on the parent side of + a delegation. KEY is still accepted there for + RFC 3007 validated updates. [RT #15620] + +1981. [bug] win32: condition.c:wait() could fail to reattain + the mutex lock. + +1979. [port] linux: allow named to drop core after changing + user ids. [RT #15753] + +1978. [port] Handle systems which have a broken recvmsg(). + [RT #15742] + +1977. [bug] Silence noisy log message. [RT #15704] + +1976. [bug] Handle systems with no IPv4 addresses. [RT #15695] + +1975. [bug] libbind: isc_gethexstring() could misparse multi-line + hex strings with comments. [RT #15814] + +1974. [doc] List each of the zone types and associated zone + options seperately in the ARM. + +1972. [contrib] DBUS dynamic forwarders integation from + Jason Vas Dias . + +1971. [port] linux: make detection of missing IF_NAMESIZE more + robust. [RT #15443] + +1970. [bug] nsupdate: adjust UDP timeout when falling back to + unsigned SOA query. [RT #15775] + +1969. [bug] win32: the socket code was freeing the socket + structure too early. [RT #15776] + +1968. [bug] Missing lock in resolver.c:validated(). [RT #15739] + +1966. [bug] Don't set CD when we have fallen back to plain DNS. + [RT #15727] + +1963. [port] Tru64 4.0E doesn't support send() and recv(). + [RT #15586] + +1962. [bug] Named failed to clear old update-policy when it + was removed. [RT #15491] + +1961. [bug] Check the port and address of responses forwarded + to dispatch. [RT #15474] + +1960. [bug] Update code should set NSEC ttls from SOA MINIMUM. + [RT #15465] + +1958. [bug] Named failed to update the zone's secure state + until the zone was reloaded. [RT #15412] + +1957. [bug] Dig mishandled responses to class ANY queries. + [RT #15402] + +1956. [bug] Improve cross compile support, 'gen' is now built + by native compiler. See README for additional + cross compile support information. [RT #15148] + +1955. [bug] Pre-allocate the cache cleaning interator. [RT #14998] + +1952. [port] hpux: tell the linker to build a runtime link + path "-Wl,+b:". [RT #14816]. + +1951. [security] Drop queries from particular well known ports. + Don't return FORMERR to queries from particular + well known ports. [RT #15636] + +1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect() + a TCP socket. This prevents the source address being + set for TCP connections. [RT #15628] + +1948. [bug] If was possible to trigger a REQUIRE failure in + xfrin.c:maybe_free() if named ran out of memory. + [RT #15568] + +1946. [bug] resume_dslookup() could trigger a REQUIRE failure + when using forwarders. [RT #15549] + +1944. [cleanup] isc_hash_create() does not need a read/write lock. + [RT #15522] + +1943. [bug] Set the loadtime after rolling forward the journal. + [RT #15647] + +1942. [bug] If the name of a DNSKEY match that of one in + trusted-keys do not attempt to validate the DNSKEY + using the parents DS RRset. [RT #15649] + 1941. [bug] ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] +1940. [bug] Fixed a number of error conditions reported by + Coverity. + +1939. [bug] The resolver could dereference a null pointer after + validation if all the queries have timed out. + [RT #15528] + +1938. [bug] The validator was not correctly handling unsecure + negative responses at or below a SEP. [RT #15528] + +1919. [contrib] queryperf: a set of new features: collecting/printing + response delays, printing intermediate results, and + adjusting query rate for the "target" qps. + --- 9.3.2 released --- --- 9.3.2rc1 released --- @@ -338,14 +662,14 @@ 1779. [port] OSF 5.1: libtool didn't handle -pthread correctly. -1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and +1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT macros. -1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and +1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT macros. -1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and - IN6ADDR_LOOPBACK_INIT macros. +1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and + IN6ADDR_LOOPBACK_INIT macros. 1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205] @@ -1188,8 +1512,8 @@ 1414. [func] Support for KSK flag. -1413. [func] Explictly request the (re-)generation of DS records from - keysets (dnssec-signzone -g). +1413. [func] Explicitly request the (re-)generation of DS records + from keysets (dnssec-signzone -g). 1412. [func] You can now specify servers to be tried if a nameserver has IPv6 address and you only support IPv4 or the @@ -5586,7 +5910,7 @@ , , or . - 119. [cleanup] structure definitions for generic rdata stuctures do + 119. [cleanup] structure definitions for generic rdata structures do not have _generic_ in their names. 118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting diff --git a/contrib/bind9/COPYRIGHT b/contrib/bind9/COPYRIGHT index 484dac8e451..8bbcf244d65 100644 --- a/contrib/bind9/COPYRIGHT +++ b/contrib/bind9/COPYRIGHT @@ -1,4 +1,4 @@ -Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") Copyright (C) 1996-2003 Internet Software Consortium. Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -$Id: COPYRIGHT,v 1.6.2.2.8.3 2005/01/10 23:51:37 marka Exp $ +$Id: COPYRIGHT,v 1.6.2.2.8.4 2006/01/04 00:37:22 marka Exp $ Portions Copyright (C) 1996-2001 Nominum, Inc. diff --git a/contrib/bind9/FAQ b/contrib/bind9/FAQ index 9b806cbde53..5c6a2a7368c 100644 --- a/contrib/bind9/FAQ +++ b/contrib/bind9/FAQ @@ -4,26 +4,36 @@ Frequently Asked Questions about BIND 9 Q: Why doesn't -u work on Linux 2.2.x when I build with --enable-threads? -A: Linux threads do not fully implement the Posix threads (pthreads) standard. - In particular, setuid() operates only on the current thread, not the full - process. Because of this limitation, BIND 9 cannot use setuid() on Linux as - it can on all other supported platforms. setuid() cannot be called before - creating threads, since the server does not start listening on reserved - ports until after threads have started. +A: Linux threads do not fully implement the Posix threads (pthreads) standard. In + particular, setuid() operates only on the current thread, not the full process. + Because of this limitation, BIND 9 cannot use setuid() on Linux as it can on + all other supported platforms. setuid() cannot be called before creating + threads, since the server does not start listening on reserved ports until + after threads have started. In the 2.2.18 or 2.3.99-pre3 and newer kernels, the ability to preserve capabilities across a setuid() call is present. This allows BIND 9 to call - setuid() early, while retaining the ability to bind reserved ports. This is - a Linux-specific hack. + setuid() early, while retaining the ability to bind reserved ports. This is a + Linux-specific hack. - On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less - of a security risk than a root process that has not dropped privileges. + On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less of + a security risk than a root process that has not dropped privileges. If Linux threads ever work correctly, this restriction will go away. Configuring BIND9 with the --disable-threads option (the default) causes a non-threaded version to be built, which will allow -u to be used. +Q: Why do I get the following errors: + + general: errno2result.c:109: unexpected error: + general: unable to convert errno to isc_result: 14: Bad address + client: UDP client handler shutting down due to fatal receive error: unexpected error + +A: This is the result of a Linux kernel bug. + + See: http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2 + Q: Why does named log the warning message "no TTL specified - using SOA MINTTL instead"? @@ -40,23 +50,26 @@ A: Your zone file is illegal according to RFC1035. It must either have a line Q: Why do I see 5 (or more) copies of named on Linux? A: Linux threads each show up as a process under ps. The approximate number of - threads running is n+4, where n is the number of CPUs. Note that the amount - of memory used is not cumulative; if each process is using 10M of memory, - only a total of 10M is used. + threads running is n+4, where n is the number of CPUs. Note that the amount of + memory used is not cumulative; if each process is using 10M of memory, only a + total of 10M is used. + + Newer versions of Linux's ps command hide the individual threads and require -L + to display them. Q: Why does BIND 9 log "permission denied" errors accessing its configuration files or zones on my Linux system even though it is running as root? -A: On Linux, BIND 9 drops most of its root privileges on startup. This - including the privilege to open files owned by other users. Therefore, if - the server is running as root, the configuration files and zone files should - also be owned by root. +A: On Linux, BIND 9 drops most of its root privileges on startup. This including + the privilege to open files owned by other users. Therefore, if the server is + running as root, the configuration files and zone files should also be owned by + root. -Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master file - bar: ran out of space"? +Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master file bar: + ran out of space"? -A: This is often caused by TXT records with missing close quotes. Check that - all TXT records containing quoted strings have both open and close quotes. +A: This is often caused by TXT records with missing close quotes. Check that all + TXT records containing quoted strings have both open and close quotes. Q: How do I produce a usable core file from a multithreaded named on Linux? @@ -68,16 +81,16 @@ A: If the Linux kernel is 2.4.7 or newer, multithreaded core dumps are usable Q: How do I restrict people from looking up the server version? -A: Put a "version" option containing something other than the real version in - the "options" section of named.conf. Note doing this will not prevent - attacks and may impede people trying to diagnose problems with your server. - Also it is possible to "fingerprint" nameservers to determine their version. +A: Put a "version" option containing something other than the real version in the + "options" section of named.conf. Note doing this will not prevent attacks and + may impede people trying to diagnose problems with your server. Also it is + possible to "fingerprint" nameservers to determine their version. Q: How do I restrict only remote users from looking up the server version? -A: The following view statement will intercept lookups as the internal view - that holds the version information will be matched last. The caveats of the - previous answer still apply, of course. +A: The following view statement will intercept lookups as the internal view that + holds the version information will be matched last. The caveats of the previous + answer still apply, of course. view "chaos" chaos { match-clients { ; }; @@ -91,48 +104,45 @@ A: The following view statement will intercept lookups as the internal view Q: What do "no source of entropy found" or "could not open entropy source foo" mean? -A: The server requires a source of entropy to perform certain operations, - mostly DNSSEC related. These messages indicate that you have no source of - entropy. On systems with /dev/random or an equivalent, it is used by - default. A source of entropy can also be defined using the random-device - option in named.conf. +A: The server requires a source of entropy to perform certain operations, mostly + DNSSEC related. These messages indicate that you have no source of entropy. On + systems with /dev/random or an equivalent, it is used by default. A source of + entropy can also be defined using the random-device option in named.conf. Q: I installed BIND 9 and restarted named, but it's still BIND 8. Why? A: BIND 9 is installed under /usr/local by default. BIND 8 is often installed under /usr. Check that the correct named is running. -Q: I'm trying to use TSIG to authenticate dynamic updates or zone transfers. - I'm sure I have the keys set up correctly, but the server is rejecting the - TSIG. Why? +Q: I'm trying to use TSIG to authenticate dynamic updates or zone transfers. I'm + sure I have the keys set up correctly, but the server is rejecting the TSIG. + Why? -A: This may be a clock skew problem. Check that the the clocks on the client - and server are properly synchronised (e.g., using ntp). +A: This may be a clock skew problem. Check that the the clocks on the client and + server are properly synchronised (e.g., using ntp). Q: I'm trying to compile BIND 9, and "make" is failing due to files not being found. Why? A: Using a parallel or distributed "make" to build BIND 9 is not supported, and - doesn't work. If you are using one of these, use normal make or gmake - instead. + doesn't work. If you are using one of these, use normal make or gmake instead. -Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is logging - error messages like "notify to 10.0.0.1#53 failed: unexpected end of input". - What's wrong? +Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is logging error + messages like "notify to 10.0.0.1#53 failed: unexpected end of input". What's + wrong? -A: This error message is caused by a known bug in BIND 8.2.3 and is fixed in - BIND 8.2.4. It can be safely ignored - the notify has been acted on by the - slave despite the error message. +A: This error message is caused by a known bug in BIND 8.2.3 and is fixed in BIND + 8.2.4. It can be safely ignored - the notify has been acted on by the slave + despite the error message. Q: I keep getting log messages like the following. Why? Dec 4 23:47:59 client 10.0.0.1#1355: updating zone 'example.com/IN': update - failed: 'RRset exists (value dependent)' prerequisite not satisfied - (NXRRSET) + failed: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET) -A: DNS updates allow the update request to test to see if certain conditions - are met prior to proceeding with the update. The message above is saying - that conditions were not met and the update is not proceeding. See doc/rfc/ +A: DNS updates allow the update request to test to see if certain conditions are + met prior to proceeding with the update. The message above is saying that + conditions were not met and the update is not proceeding. See doc/rfc/ rfc2136.txt for more details on prerequisites. Q: I keep getting log messages like the following. Why? @@ -140,11 +150,11 @@ Q: I keep getting log messages like the following. Why? Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied A: Someone is trying to update your DNS data using the RFC2136 Dynamic Update - protocol. Windows 2000 machines have a habit of sending dynamic update - requests to DNS servers without being specifically configured to do so. If - the update requests are coming from a Windows 2000 machine, see http:// - support.microsoft.com/support/kb/articles/q246/8/04.asp for information - about how to turn them off. + protocol. Windows 2000 machines have a habit of sending dynamic update requests + to DNS servers without being specifically configured to do so. If the update + requests are coming from a Windows 2000 machine, see http:// + support.microsoft.com/support/kb/articles/q246/8/04.asp for information about + how to turn them off. Q: I see a log message like the following. Why? @@ -152,59 +162,59 @@ Q: I see a log message like the following. Why? A: You are most likely running named as a non-root user, and that user does not have permission to write in /var/run. The common ways of fixing this are to - create a /var/run/named directory owned by the named user and set pid-file - to "/var/run/named/named.pid", or set pid-file to "named.pid", which will - put the file in the directory specified by the directory option (which, in - this case, must be writable by the named user). + create a /var/run/named directory owned by the named user and set pid-file to " + /var/run/named/named.pid", or set pid-file to "named.pid", which will put the + file in the directory specified by the directory option (which, in this case, + must be writable by the named user). -Q: When I do a "dig . ns", many of the A records for the root servers are - missing. Why? +Q: When I do a "dig . ns", many of the A records for the root servers are missing. + Why? -A: This is normal and harmless. It is a somewhat confusing side effect of the - way BIND 9 does RFC2181 trust ranking and of the efforts BIND 9 makes to - avoid promoting glue into answers. +A: This is normal and harmless. It is a somewhat confusing side effect of the way + BIND 9 does RFC2181 trust ranking and of the efforts BIND 9 makes to avoid + promoting glue into answers. - When BIND 9 first starts up and primes its cache, it receives the root - server addresses as additional data in an authoritative response from a root - server, and these records are eligible for inclusion as additional data in - responses. Subsequently it receives a subset of the root server addresses as - additional data in a non-authoritative (referral) response from a root - server. This causes the addresses to now be considered non-authoritative - (glue) data, which is not eligible for inclusion in responses. + When BIND 9 first starts up and primes its cache, it receives the root server + addresses as additional data in an authoritative response from a root server, + and these records are eligible for inclusion as additional data in responses. + Subsequently it receives a subset of the root server addresses as additional + data in a non-authoritative (referral) response from a root server. This causes + the addresses to now be considered non-authoritative (glue) data, which is not + eligible for inclusion in responses. The server does have a complete set of root server addresses cached at all times, it just may not include all of them as additional data, depending on - whether they were last received as answers or as glue. You can always look - up the addresses with explicit queries like "dig a.root-servers.net A". + whether they were last received as answers or as glue. You can always look up + the addresses with explicit queries like "dig a.root-servers.net A". Q: Zone transfers from my BIND 9 master to my Windows 2000 slave fail. Why? -A: This may be caused by a bug in the Windows 2000 DNS server where DNS - messages larger than 16K are not handled properly. This can be worked around - by setting the option "transfer-format one-answer;". Also check whether your - zone contains domain names with embedded spaces or other special characters, - like "John\032Doe\213s\032Computer", since such names have been known to - cause Windows 2000 slaves to incorrectly reject the zone. +A: This may be caused by a bug in the Windows 2000 DNS server where DNS messages + larger than 16K are not handled properly. This can be worked around by setting + the option "transfer-format one-answer;". Also check whether your zone contains + domain names with embedded spaces or other special characters, like "John\ + 032Doe\213s\032Computer", since such names have been known to cause Windows + 2000 slaves to incorrectly reject the zone. Q: Why don't my zones reload when I do an "rndc reload" or SIGHUP? -A: A zone can be updated either by editing zone files and reloading the server - or by dynamic update, but not both. If you have enabled dynamic update for a - zone using the "allow-update" option, you are not supposed to edit the zone - file by hand, and the server will not attempt to reload it. +A: A zone can be updated either by editing zone files and reloading the server or + by dynamic update, but not both. If you have enabled dynamic update for a zone + using the "allow-update" option, you are not supposed to edit the zone file by + hand, and the server will not attempt to reload it. Q: I can query the nameserver from the nameserver but not from other machines. Why? -A: This is usually the result of the firewall configuration stopping the - queries and / or the replies. +A: This is usually the result of the firewall configuration stopping the queries + and / or the replies. Q: How can I make a server a slave for both an internal and an external view at - the same time? When I tried, both views on the slave were transferred from - the same view on the master. + the same time? When I tried, both views on the slave were transferred from the + same view on the master. -A: You will need to give the master and slave multiple IP addresses and use - those to make sure you reach the correct view on the other machine. +A: You will need to give the master and slave multiple IP addresses and use those + to make sure you reach the correct view on the other machine. Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias) internal: @@ -232,8 +242,8 @@ A: You will need to give the master and slave multiple IP addresses and use transfer-source 10.0.1.4; query-source address 10.0.1.4; - You put the external address on the alias so that all the other dns clients - on these boxes see the internal view by default. + You put the external address on the alias so that all the other dns clients on + these boxes see the internal view by default. A: BIND 9.3 and later: Use TSIG to select the appropriate view. @@ -248,7 +258,7 @@ A: BIND 9.3 and later: Use TSIG to select the appropriate view. }; view "external" { match-clients { key external; any; }; - server 10.0.0.2 { keys external; }; + server 10.0.1.2 { keys external; }; recursion no; ... }; @@ -264,7 +274,7 @@ A: BIND 9.3 and later: Use TSIG to select the appropriate view. }; view "external" { match-clients { key external; any; }; - server 10.0.0.1 { keys external; }; + server 10.0.1.1 { keys external; }; recursion no; ... }; @@ -272,8 +282,8 @@ A: BIND 9.3 and later: Use TSIG to select the appropriate view. Q: I have FreeBSD 4.x and "rndc-confgen -a" just sits there. A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to use - certain interrupts as a source of random events. You can make this permanent - by setting rand_irqs in /etc/rc.conf. + certain interrupts as a source of random events. You can make this permanent by + setting rand_irqs in /etc/rc.conf. /etc/rc.conf rand_irqs="3 14 15" @@ -283,34 +293,33 @@ A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to use Q: Why is named listening on UDP port other than 53? A: Named uses a system selected port to make queries of other nameservers. This - behaviour can be overridden by using query-source to lock down the port and/ - or address. See also notify-source and transfer-source. + behaviour can be overridden by using query-source to lock down the port and/or + address. See also notify-source and transfer-source. -Q: I get error messages like "multiple RRs of singleton type" and "CNAME and - other data" when transferring a zone. What does this mean? +Q: I get error messages like "multiple RRs of singleton type" and "CNAME and other + data" when transferring a zone. What does this mean? A: These indicate a malformed master zone. You can identify the exact records - involved by transferring the zone using dig then running named-checkzone on - it. + involved by transferring the zone using dig then running named-checkzone on it. dig axfr example.com @master-server > tmp named-checkzone example.com tmp - A CNAME record cannot exist with the same name as another record except for - the DNSSEC records which prove its existance (NSEC). + A CNAME record cannot exist with the same name as another record except for the + DNSSEC records which prove its existance (NSEC). RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other data should be present; this ensures that the data for a canonical name and its - aliases cannot be different. This rule also insures that a cached CNAME can - be used without checking with an authoritative server for other RR types." + aliases cannot be different. This rule also insures that a cached CNAME can be + used without checking with an authoritative server for other RR types." -Q: I get error messages like "named.conf:99: unexpected end of input" where 99 - is the last line of named.conf. +Q: I get error messages like "named.conf:99: unexpected end of input" where 99 is + the last line of named.conf. A: Some text editors (notepad and wordpad) fail to put a line title indication - (e.g. CR/LF) on the last line of a text file. This can be fixed by "adding" - a blank line to the end of the file. Named expects to see EOF immediately - after EOL and treats text files where this is not met as truncated. + (e.g. CR/LF) on the last line of a text file. This can be fixed by "adding" a + blank line to the end of the file. Named expects to see EOF immediately after + EOL and treats text files where this is not met as truncated. Q: I get warning messages like "zone example.com/IN: refresh: failure trying master 1.2.3.4#53: timed out". @@ -319,15 +328,15 @@ A: Check that you can make UDP queries from the slave to the master dig +norec example.com soa @1.2.3.4 - You could be generating queries faster than the slave can cope with. Lower - the serial query rate. + You could be generating queries faster than the slave can cope with. Lower the + serial query rate. serial-query-rate 5; // default 20 Q: How do I share a dynamic zone between multiple views? -A: You choose one view to be master and the second a slave and transfer the - zone between views. +A: You choose one view to be master and the second a slave and transfer the zone + between views. Master 10.0.1.1: key "external" { @@ -370,14 +379,14 @@ Q: I get a error message like "zone wireless.ietf56.ietf.org/IN: loading master file primaries/wireless.ietf56.ietf.org: no owner". A: This error is produced when a line in the master file contains leading white - space (tab/space) but the is no current record owner name to inherit the - name from. Usually this is the result of putting white space before a - comment. Forgeting the "@" for the SOA record or indenting the master file. + space (tab/space) but the is no current record owner name to inherit the name + from. Usually this is the result of putting white space before a comment. + Forgeting the "@" for the SOA record or indenting the master file. Q: Why are my logs in GMT (UTC). -A: You are running chrooted (-t) and have not supplied local timzone - information in the chroot area. +A: You are running chrooted (-t) and have not supplied local timzone information + in the chroot area. FreeBSD: /etc/localtime Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo @@ -395,23 +404,23 @@ Q: I get "rndc: connect failed: connection refused" when I try to run rndc. A: This is usually a configuration error. - First ensure that named is running and no errors are being reported at - startup (/var/log/messages or equivalent). Running "named -g " from a title can help at this point. + First ensure that named is running and no errors are being reported at startup + (/var/log/messages or equivalent). Running "named -g " from a + title can help at this point. Secondly ensure that named is configured to use rndc either by "rndc-confgen - -a", rndc-confgen or manually. The Administrators Reference manual has - details on how to do this. + -a", rndc-confgen or manually. The Administrators Reference manual has details + on how to do this. Old versions of rndc-confgen used localhost rather than 127.0.0.1 in /etc/ rndc.conf for the default server. Update /etc/rndc.conf if necessary so that the default server listed in /etc/rndc.conf matches the addresses used in named.conf. "localhost" has two address (127.0.0.1 and ::1). - If you use "rndc-confgen -a" and named is running with -t or -u ensure that - /etc/rndc.conf has the correct ownership and that a copy is in the chroot - area. You can do this by re-running "rndc-confgen -a" with appropriate -t - and -u arguments. + If you use "rndc-confgen -a" and named is running with -t or -u ensure that / + etc/rndc.conf has the correct ownership and that a copy is in the chroot area. + You can do this by re-running "rndc-confgen -a" with appropriate -t and -u + arguments. Q: I don't get RRSIG's returned when I use "dig +dnssec". @@ -419,12 +428,11 @@ A: You need to ensure DNSSEC is enabled (dnssec-enable yes;). Q: I get "Error 1067" when starting named under Windows. -A: This is the service manager saying that named exited. You need to examine - the Application log in the EventViewer to find out why. +A: This is the service manager saying that named exited. You need to examine the + Application log in the EventViewer to find out why. - Common causes are that you failed to create "named.conf" (usually "C:\ - windows\dns\etc\named.conf") or failed to specify the directory in - named.conf. + Common causes are that you failed to create "named.conf" (usually "C:\windows\ + dns\etc\named.conf") or failed to specify the directory in named.conf. options { Directory "C:\windows\dns\etc"; @@ -439,11 +447,11 @@ A: These indicate a filesystem permission error preventing named creating / "dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied" - Named needs write permission on the directory containing the file. Named - writes the new cache file to a temporary file then renames it to the name - specified in named.conf to ensure that the contents are always complete. - This is to prevent named loading a partial zone in the event of power - failure or similar interrupting the write of the master file. + Named needs write permission on the directory containing the file. Named writes + the new cache file to a temporary file then renames it to the name specified in + named.conf to ensure that the contents are always complete. This is to prevent + named loading a partial zone in the event of power failure or similar + interrupting the write of the master file. Note file names are relative to the directory specified in options and any chroot directory ([/][]). @@ -489,8 +497,8 @@ A: If the IN-ADDR.ARPA name covered refers to a internal address space you are If you are not using these private addresses then a client has queried for them. You can just ignore the messages, get the offending client to stop - sending you these messages as they are most probably leaking them or setup - your own zones empty zones to serve answers to these queries. + sending you these messages as they are most probably leaking them or setup your + own zones empty zones to serve answers to these queries. zone "10.IN-ADDR.ARPA" { type master; @@ -523,3 +531,102 @@ A: If the IN-ADDR.ARPA name covered refers to a internal address space you are Future versions of named are likely to do this automatically. +Q: I'm running BIND on Red Hat Enterprise Linux or Fedora Core - + + Why can't named update slave zone database files? + + Why can't named create DDNS journal files or update the master zones from + journals? + + Why can't named create custom log files? + +A: Red Hat Security Enhanced Linux (SELinux) policy security protections : + + Red Hat have adopted the National Security Agency's SELinux security policy ( + see http://www.nsa.gov/selinux ) and recommendations for BIND security , which + are more secure than running named in a chroot and make use of the bind-chroot + environment unecessary . + + By default, named is not allowed by the SELinux policy to write, create or + delete any files EXCEPT in these directories: + + $ROOTDIR/var/named/slaves + $ROOTDIR/var/named/data + $ROOTDIR/var/tmp + + + where $ROOTDIR may be set in /etc/sysconfig/named if bind-chroot is installed. + + The SELinux policy particularly does NOT allow named to modify the $ROOTDIR/var + /named directory, the default location for master zone database files. + + SELinux policy overrules file access permissions - so even if all the files + under /var/named have ownership named:named and mode rw-rw-r--, named will + still not be able to write or create files except in the directories above, + with SELinux in Enforcing mode. + + So, to allow named to update slave or DDNS zone files, it is best to locate + them in $ROOTDIR/var/named/slaves, with named.conf zone statements such as: + + zone "slave.zone." IN { + type slave; + file "slaves/slave.zone.db"; + ... + }; + zone "ddns.zone." IN { + type master; + allow-updates {...}; + file "slaves/ddns.zone.db"; + }; + + + To allow named to create its cache dump and statistics files, for example, you + could use named.conf options statements such as: + + options { + ... + dump-file "/var/named/data/cache_dump.db"; + statistics-file "/var/named/data/named_stats.txt"; + ... + }; + + + You can also tell SELinux to allow named to update any zone database files, by + setting the SELinux tunable boolean parameter 'named_write_master_zones=1', + using the system-config-securitylevel GUI, using the 'setsebool' command, or in + /etc/selinux/targeted/booleans. + + You can disable SELinux protection for named entirely by setting the + 'named_disable_trans=1' SELinux tunable boolean parameter. + + The SELinux named policy defines these SELinux contexts for named: + + named_zone_t : for zone database files - $ROOTDIR/var/named/* + named_conf_t : for named configuration files - $ROOTDIR/etc/{named,rndc}.* + named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,data}} + + + If you want to retain use of the SELinux policy for named, and put named files + in different locations, you can do so by changing the context of the custom + file locations . + + To create a custom configuration file location, eg. '/root/named.conf', to use + with the 'named -c' option, do: + + # chcon system_u:object_r:named_conf_t /root/named.conf + + + To create a custom modifiable named data location, eg. '/var/log/named' for a + log file, do: + + # chcon system_u:object_r:named_cache_t /var/log/named + + + To create a custom zone file location, eg. /root/zones/, do: + + # chcon system_u:object_r:named_zone_t /root/zones/{.,*} + + + See these man-pages for more information : selinux(8), named_selinux(8), chcon + (1), setsebool(8) + diff --git a/contrib/bind9/FAQ.xml b/contrib/bind9/FAQ.xml index 963cd0a8c40..8c43ed5a7fa 100644 --- a/contrib/bind9/FAQ.xml +++ b/contrib/bind9/FAQ.xml @@ -1,7 +1,7 @@ - +
Frequently Asked Questions about BIND 9 @@ -64,6 +64,26 @@ + + + + Why do I get the following errors: +general: errno2result.c:109: unexpected error: +general: unable to convert errno to isc_result: 14: Bad address +client: UDP client handler shutting down due to fatal receive error: unexpected error + + + + + This is the result of a Linux kernel bug. + + + See: + http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2 + + + + @@ -105,6 +125,10 @@ example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 ) + + Newer versions of Linux's ps command hide the individual threads + and require -L to display them. + @@ -516,7 +540,7 @@ Master 10.0.1.1: }; view "external" { match-clients { key external; any; }; - server 10.0.0.2 { keys external; }; + server 10.0.1.2 { keys external; }; recursion no; ... }; @@ -532,7 +556,7 @@ Slave 10.0.1.2: }; view "external" { match-clients { key external; any; }; - server 10.0.0.1 { keys external; }; + server 10.0.1.1 { keys external; }; recursion no; ... }; @@ -997,11 +1021,177 @@ empty: 1 3600 1200 604800 10800 ) @ 10800 IN NS <name-of-server>. + Future versions of named are likely to do this automatically. + + + + + I'm running BIND on Red Hat Enterprise Linux or Fedora Core - + + + Why can't named update slave zone database files? + + + Why can't named create DDNS journal files or update + the master zones from journals? + + + Why can't named create custom log files? + + + + + + Red Hat Security Enhanced Linux (SELinux) policy security + protections : + + + + Red Hat have adopted the National Security Agency's + SELinux security policy ( see http://www.nsa.gov/selinux + ) and recommendations for BIND security , which are more + secure than running named in a chroot and make use of + the bind-chroot environment unecessary . + + + + By default, named is not allowed by the SELinux policy + to write, create or delete any files EXCEPT in these + directories: + + +$ROOTDIR/var/named/slaves +$ROOTDIR/var/named/data +$ROOTDIR/var/tmp + + + where $ROOTDIR may be set in /etc/sysconfig/named if + bind-chroot is installed. + + + + The SELinux policy particularly does NOT allow named to modify + the $ROOTDIR/var/named directory, the default location for master + zone database files. + + + + SELinux policy overrules file access permissions - so + even if all the files under /var/named have ownership + named:named and mode rw-rw-r--, named will still not be + able to write or create files except in the directories + above, with SELinux in Enforcing mode. + + + + So, to allow named to update slave or DDNS zone files, + it is best to locate them in $ROOTDIR/var/named/slaves, + with named.conf zone statements such as: + + +zone "slave.zone." IN { + type slave; + file "slaves/slave.zone.db"; + ... +}; +zone "ddns.zone." IN { + type master; + allow-updates {...}; + file "slaves/ddns.zone.db"; +}; + + + + + + To allow named to create its cache dump and statistics + files, for example, you could use named.conf options + statements such as: + + +options { + ... + dump-file "/var/named/data/cache_dump.db"; + statistics-file "/var/named/data/named_stats.txt"; + ... +}; + + + + + + You can also tell SELinux to allow named to update any + zone database files, by setting the SELinux tunable boolean + parameter 'named_write_master_zones=1', using the + system-config-securitylevel GUI, using the 'setsebool' + command, or in /etc/selinux/targeted/booleans. + + + + You can disable SELinux protection for named entirely by + setting the 'named_disable_trans=1' SELinux tunable boolean + parameter. + + + + The SELinux named policy defines these SELinux contexts for named: + + +named_zone_t : for zone database files - $ROOTDIR/var/named/* +named_conf_t : for named configuration files - $ROOTDIR/etc/{named,rndc}.* +named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,data}} + + + + + + If you want to retain use of the SELinux policy for named, + and put named files in different locations, you can do + so by changing the context of the custom file locations + . + + + + To create a custom configuration file location, eg. + '/root/named.conf', to use with the 'named -c' option, + do: + + +# chcon system_u:object_r:named_conf_t /root/named.conf + + + + + + To create a custom modifiable named data location, eg. + '/var/log/named' for a log file, do: + + +# chcon system_u:object_r:named_cache_t /var/log/named + + + + + + To create a custom zone file location, eg. /root/zones/, do: + + +# chcon system_u:object_r:named_zone_t /root/zones/{.,*} + + + + + + See these man-pages for more information : selinux(8), + named_selinux(8), chcon(1), setsebool(8) + + +
diff --git a/contrib/bind9/Makefile.in b/contrib/bind9/Makefile.in index a2a06531b87..7f3a6888baa 100644 --- a/contrib/bind9/Makefile.in +++ b/contrib/bind9/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2002 Internet Software Consortium. # # Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.41.2.2.2.2 2004/03/08 04:04:12 marka Exp $ +# $Id: Makefile.in,v 1.41.2.2.2.4 2006/05/19 00:04:00 marka Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -44,7 +44,8 @@ maintainer-clean:: rm -f configure installdirs: - $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} \ + ${DESTDIR}${localstatedir}/run ${DESTDIR}${sysconfdir} install:: isc-config.sh installdirs ${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir} diff --git a/contrib/bind9/README b/contrib/bind9/README index 574b07d7324..709df1267ae 100644 --- a/contrib/bind9/README +++ b/contrib/bind9/README @@ -194,6 +194,9 @@ BIND 9.2.0 --with-libtool does not work on AIX. + --with-libtool does not work on SunOS 4. configure + requires "printf" which is not available. + A bug in the Windows 2000 DNS server can cause zone transfers from a BIND 9 server to a W2K server to fail. For details, see the "Zone Transfers" section in doc/misc/migration. @@ -226,7 +229,7 @@ Building Red Hat Linux 7.1 Debian GNU/Linux 2.2 and 3.0 Mandrake 8.1 - OpenBSD 2.6, 2.8, 2.9 + OpenBSD 2.6, 2.8, 2.9, 3.1, 3.6, 3.8 UnixWare 7.1.1 HP-UX 10.20 BSD/OS 4.2 @@ -265,10 +268,23 @@ Building Enable DNSSEC signature chasing support in dig. -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and -DDIG_SIGCHASE_BU=1) + Disable dropping queries from particular well known ports. + -DNS_CLIENT_DROPPORT=0 LDFLAGS Linker flags. Defaults to empty string. + The following need to be set when cross compiling. + + BUILD_CC + The native C compiler. + BUILD_CFLAGS (optional) + BUILD_CPPFLAGS (optional) + Possible Settings: + -DNEED_OPTARG=1 (optarg is not declared in ) + BUILD_LDFLAGS (optional) + BUILD_LIBS (optional) + To build shared libraries, specify "--with-libtool" on the configure command line. diff --git a/contrib/bind9/bin/check/named-checkconf.8 b/contrib/bind9/bin/check/named-checkconf.8 index 68b745aed29..7d0633582db 100644 --- a/contrib/bind9/bin/check/named-checkconf.8 +++ b/contrib/bind9/bin/check/named-checkconf.8 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named-checkconf.8,v 1.11.12.7 2005/10/13 02:33:41 marka Exp $ +.\" $Id: named-checkconf.8,v 1.11.12.8 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: named\-checkconf +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: June 14, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "NAMED\-CHECKCONF" "8" "June 14, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -36,24 +39,24 @@ named\-checkconf \- named configuration file syntax checking tool \fBnamed\-checkconf\fR checks the syntax, but not the semantics, of a named configuration file. .SH "OPTIONS" -.TP +.TP 3n \-t \fIdirectory\fR chroot to \fIdirectory\fR so that include directives in the configuration file are processed as if run by a similarly chrooted named. -.TP +.TP 3n \-v Print the version of the \fBnamed\-checkconf\fR program and exit. -.TP +.TP 3n \-z Perform a check load the master zonefiles found in \fInamed.conf\fR. -.TP +.TP 3n \-j When loading a zonefile read the journal if it exists. -.TP +.TP 3n filename The name of the configuration file to be checked. If not specified, it defaults to \fI/etc/named.conf\fR. @@ -68,3 +71,5 @@ BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/check/named-checkconf.c b/contrib/bind9/bin/check/named-checkconf.c index e7f91386ff0..f50461d7925 100644 --- a/contrib/bind9/bin/check/named-checkconf.c +++ b/contrib/bind9/bin/check/named-checkconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named-checkconf.c,v 1.12.12.9 2005/03/03 06:33:38 marka Exp $ */ +/* $Id: named-checkconf.c,v 1.12.12.11 2006/03/02 00:37:20 marka Exp $ */ #include @@ -60,9 +60,9 @@ usage(void) { } static isc_result_t -directory_callback(const char *clausename, cfg_obj_t *obj, void *arg) { +directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) { isc_result_t result; - char *directory; + const char *directory; REQUIRE(strcasecmp("directory", clausename) == 0); @@ -85,18 +85,18 @@ directory_callback(const char *clausename, cfg_obj_t *obj, void *arg) { } static isc_result_t -configure_zone(const char *vclass, const char *view, cfg_obj_t *zconfig, - isc_mem_t *mctx) +configure_zone(const char *vclass, const char *view, + const cfg_obj_t *zconfig, isc_mem_t *mctx) { isc_result_t result; const char *zclass; const char *zname; const char *zfile; - cfg_obj_t *zoptions = NULL; - cfg_obj_t *classobj = NULL; - cfg_obj_t *typeobj = NULL; - cfg_obj_t *fileobj = NULL; - cfg_obj_t *dbobj = NULL; + const cfg_obj_t *zoptions = NULL; + const cfg_obj_t *classobj = NULL; + const cfg_obj_t *typeobj = NULL; + const cfg_obj_t *fileobj = NULL; + const cfg_obj_t *dbobj = NULL; zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name")); classobj = cfg_tuple_get(zconfig, "class"); @@ -125,12 +125,12 @@ configure_zone(const char *vclass, const char *view, cfg_obj_t *zconfig, } static isc_result_t -configure_view(const char *vclass, const char *view, cfg_obj_t *config, - cfg_obj_t *vconfig, isc_mem_t *mctx) +configure_view(const char *vclass, const char *view, const cfg_obj_t *config, + const cfg_obj_t *vconfig, isc_mem_t *mctx) { - cfg_listelt_t *element; - cfg_obj_t *voptions; - cfg_obj_t *zonelist; + const cfg_listelt_t *element; + const cfg_obj_t *voptions; + const cfg_obj_t *zonelist; isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; @@ -148,7 +148,7 @@ configure_view(const char *vclass, const char *view, cfg_obj_t *config, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *zconfig = cfg_listelt_value(element); + const cfg_obj_t *zconfig = cfg_listelt_value(element); tresult = configure_zone(vclass, view, zconfig, mctx); if (tresult != ISC_R_SUCCESS) result = tresult; @@ -158,11 +158,11 @@ configure_view(const char *vclass, const char *view, cfg_obj_t *config, static isc_result_t -load_zones_fromconfig(cfg_obj_t *config, isc_mem_t *mctx) { - cfg_listelt_t *element; - cfg_obj_t *classobj; - cfg_obj_t *views; - cfg_obj_t *vconfig; +load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) { + const cfg_listelt_t *element; + const cfg_obj_t *classobj; + const cfg_obj_t *views; + const cfg_obj_t *vconfig; const char *vclass; isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; diff --git a/contrib/bind9/bin/check/named-checkconf.html b/contrib/bind9/bin/check/named-checkconf.html index 14b8ff89cb1..2283c516261 100644 --- a/contrib/bind9/bin/check/named-checkconf.html +++ b/contrib/bind9/bin/check/named-checkconf.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + named-checkconf - +
-
+

Name

named-checkconf — named configuration file syntax checking tool

@@ -32,14 +32,14 @@

named-checkconf [-v] [-j] [-t directory] {filename} [-z]

-

DESCRIPTION

+

DESCRIPTION

named-checkconf checks the syntax, but not the semantics, of a named configuration file.

-

OPTIONS

+

OPTIONS

-t directory

@@ -69,21 +69,21 @@

-

RETURN VALUES

+

RETURN VALUES

named-checkconf returns an exit status of 1 if errors were detected and 0 otherwise.

-

SEE ALSO

+

SEE ALSO

named(8), BIND 9 Administrator Reference Manual.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/bin/check/named-checkzone.8 b/contrib/bind9/bin/check/named-checkzone.8 index 33402d5fe8d..f50085c7845 100644 --- a/contrib/bind9/bin/check/named-checkzone.8 +++ b/contrib/bind9/bin/check/named-checkzone.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2002 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named-checkzone.8,v 1.11.2.1.8.8 2005/10/13 02:33:41 marka Exp $ +.\" $Id: named-checkzone.8,v 1.11.2.1.8.11 2006/10/05 02:50:17 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: named\-checkzone +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: June 13, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "NAMED\-CHECKZONE" "8" "June 13, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -40,61 +43,61 @@ does when loading a zone. This makes \fBnamed\-checkzone\fR useful for checking zone files before configuring them into a name server. .SH "OPTIONS" -.TP +.TP 3n \-d Enable debugging. -.TP +.TP 3n \-q Quiet mode \- exit code only. -.TP +.TP 3n \-v Print the version of the \fBnamed\-checkzone\fR program and exit. -.TP +.TP 3n \-j When loading the zone file read the journal if it exists. -.TP +.TP 3n \-c \fIclass\fR Specify the class of the zone. If not specified "IN" is assumed. -.TP +.TP 3n \-k \fImode\fR Perform -\fB"check\-name"\fR +\fB"check\-names"\fR checks with the specified failure mode. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR. -.TP +.TP 3n \-n \fImode\fR Specify whether NS records should be checked to see if they are addresses. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR. -.TP +.TP 3n \-o \fIfilename\fR Write zone output to \fIfilename\fR. -.TP +.TP 3n \-t \fIdirectory\fR chroot to \fIdirectory\fR so that include directives in the configuration file are processed as if run by a similarly chrooted named. -.TP +.TP 3n \-w \fIdirectory\fR chdir to \fIdirectory\fR so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in \fInamed.conf\fR. -.TP +.TP 3n \-D Dump zone file in canonical format. -.TP +.TP 3n zonename The domain name of the zone being checked. -.TP +.TP 3n filename The name of the zone file. .SH "RETURN VALUES" @@ -109,3 +112,5 @@ BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/check/named-checkzone.docbook b/contrib/bind9/bin/check/named-checkzone.docbook index ce0d78bdbdf..a24e92b4996 100644 --- a/contrib/bind9/bin/check/named-checkzone.docbook +++ b/contrib/bind9/bin/check/named-checkzone.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" []> - + @@ -35,6 +35,7 @@ 2004 2005 + 2006 Internet Systems Consortium, Inc. ("ISC") @@ -134,7 +135,7 @@ -k mode - Perform "check-name" checks with the specified failure mode. + Perform "check-names" checks with the specified failure mode. Possible modes are "fail", "warn" (default) and "ignore". diff --git a/contrib/bind9/bin/check/named-checkzone.html b/contrib/bind9/bin/check/named-checkzone.html index cf544c94728..8f5195a6d8f 100644 --- a/contrib/bind9/bin/check/named-checkzone.html +++ b/contrib/bind9/bin/check/named-checkzone.html @@ -1,5 +1,5 @@ - + named-checkzone - +
-
+

Name

named-checkzone — zone file validity checking tool

@@ -32,7 +32,7 @@

named-checkzone [-d] [-j] [-q] [-v] [-c class] [-k mode] [-n mode] [-o filename] [-t directory] [-w directory] [-D] {zonename} {filename}

-

DESCRIPTION

+

DESCRIPTION

named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named @@ -42,7 +42,7 @@

-

OPTIONS

+

OPTIONS

-d

@@ -67,7 +67,7 @@

-k mode

- Perform "check-name" checks with the specified failure mode. + Perform "check-names" checks with the specified failure mode. Possible modes are "fail", "warn" (default) and "ignore". @@ -111,14 +111,14 @@

-

RETURN VALUES

+

RETURN VALUES

named-checkzone returns an exit status of 1 if errors were detected and 0 otherwise.

-

SEE ALSO

+

SEE ALSO

named(8), RFC 1035, @@ -126,7 +126,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/bin/dig/dig.1 b/contrib/bind9/bin/dig/dig.1 index 7031217dd2b..735f31c2a57 100644 --- a/contrib/bind9/bin/dig/dig.1 +++ b/contrib/bind9/bin/dig/dig.1 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dig.1,v 1.14.2.4.2.10 2005/10/13 02:33:42 marka Exp $ +.\" $Id: dig.1,v 1.14.2.4.2.11 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: dig +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "DIG" "1" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -68,12 +71,14 @@ A typical invocation of \fBdig\fR looks like: .sp +.RS 3n .nf dig @server name type .fi +.RE .sp where: -.TP +.TP 3n \fBserver\fR is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied \fIserver\fR @@ -86,10 +91,10 @@ argument is provided, consults \fI/etc/resolv.conf\fR and queries the name servers listed there. The reply from the name server that responds is displayed. -.TP +.TP 3n \fBname\fR is the name of the resource record that is to be looked up. -.TP +.TP 3n \fBtype\fR indicates what type of query is required \(em ANY, A, MX, SIG, etc. \fItype\fR @@ -197,18 +202,18 @@ Each query option is identified by a keyword preceded by a plus sign (+). Some k no to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form \fB+keyword=value\fR. The query options are: -.TP +.TP 3n \fB+[no]tcp\fR Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used. -.TP +.TP 3n \fB+[no]vc\fR Use [do not use] TCP when querying name servers. This alternate syntax to \fI+[no]tcp\fR is provided for backwards compatibility. The "vc" stands for "virtual circuit". -.TP +.TP 3n \fB+[no]ignore\fR Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed. -.TP +.TP 3n \fB+domain=somename\fR Set the search list to contain the single domain \fIsomename\fR, as if specified in a @@ -217,35 +222,35 @@ directive in \fI/etc/resolv.conf\fR, and enable search list processing as if the \fI+search\fR option were given. -.TP +.TP 3n \fB+[no]search\fR Use [do not use] the search list defined by the searchlist or domain directive in \fIresolv.conf\fR (if any). The search list is not used by default. -.TP +.TP 3n \fB+[no]defname\fR Deprecated, treated as a synonym for \fI+[no]search\fR -.TP +.TP 3n \fB+[no]aaonly\fR Sets the "aa" flag in the query. -.TP +.TP 3n \fB+[no]aaflag\fR A synonym for \fI+[no]aaonly\fR. -.TP +.TP 3n \fB+[no]adflag\fR Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness. -.TP +.TP 3n \fB+[no]cdflag\fR Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses. -.TP +.TP 3n \fB+[no]cl\fR Display [do not display] the CLASS when printing the record. -.TP +.TP 3n \fB+[no]ttlid\fR Display [do not display] the TTL when printing the record. -.TP +.TP 3n \fB+[no]recurse\fR Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means \fBdig\fR @@ -254,74 +259,74 @@ normally sends recursive queries. Recursion is automatically disabled when the or \fI+trace\fR query options are used. -.TP +.TP 3n \fB+[no]nssearch\fR When this option is set, \fBdig\fR attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone. -.TP +.TP 3n \fB+[no]trace\fR Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled, \fBdig\fR makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup. -.TP +.TP 3n \fB+[no]cmd\fR toggles the printing of the initial comment in the output identifying the version of \fBdig\fR and the query options that have been applied. This comment is printed by default. -.TP +.TP 3n \fB+[no]short\fR Provide a terse answer. The default is to print the answer in a verbose form. -.TP +.TP 3n \fB+[no]identify\fR Show [or do not show] the IP address and port number that supplied the answer when the \fI+short\fR option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer. -.TP +.TP 3n \fB+[no]comments\fR Toggle the display of comment lines in the output. The default is to print comments. -.TP +.TP 3n \fB+[no]stats\fR This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics. -.TP +.TP 3n \fB+[no]qr\fR Print [do not print] the query as it is sent. By default, the query is not printed. -.TP +.TP 3n \fB+[no]question\fR Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment. -.TP +.TP 3n \fB+[no]answer\fR Display [do not display] the answer section of a reply. The default is to display it. -.TP +.TP 3n \fB+[no]authority\fR Display [do not display] the authority section of a reply. The default is to display it. -.TP +.TP 3n \fB+[no]additional\fR Display [do not display] the additional section of a reply. The default is to display it. -.TP +.TP 3n \fB+[no]all\fR Set or clear all display flags. -.TP +.TP 3n \fB+time=T\fR Sets the timeout for a query to \fIT\fR seconds. The default time out is 5 seconds. An attempt to set \fIT\fR to less than 1 will result in a query timeout of 1 second being applied. -.TP +.TP 3n \fB+tries=T\fR Sets the number of times to try UDP queries to server to \fIT\fR instead of the default, 3. If \fIT\fR is less than or equal to zero, the number of tries is silently rounded up to 1. -.TP +.TP 3n \fB+retry=T\fR Sets the number of times to retry UDP queries to server to \fIT\fR instead of the default, 2. Unlike \fI+tries\fR, this does not include the initial query. -.TP +.TP 3n \fB+ndots=D\fR Set the number of dots that have to appear in \fIname\fR @@ -334,29 +339,29 @@ or \fBdomain\fR directive in \fI/etc/resolv.conf\fR. -.TP +.TP 3n \fB+bufsize=B\fR Set the UDP message buffer size advertised using EDNS0 to \fIB\fR bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. -.TP +.TP 3n \fB+[no]multiline\fR Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the \fBdig\fR output. -.TP +.TP 3n \fB+[no]fail\fR Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour. -.TP +.TP 3n \fB+[no]besteffort\fR Attempt to display the contents of messages which are malformed. The default is to not display malformed answers. -.TP +.TP 3n \fB+[no]dnssec\fR Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query. -.TP +.TP 3n \fB+[no]sigchase\fR Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE. -.TP +.TP 3n \fB+trusted\-key=####\fR Specifies a file containing trusted keys to be used with \fB+sigchase\fR. Each DNSKEY record must be on its own line. @@ -370,7 +375,7 @@ then in the current directory. .sp Requires dig be compiled with \-DDIG_SIGCHASE. -.TP +.TP 3n \fB+[no]topdown\fR When chasing DNSSEC signature chains perform a top down validation. Requires dig be compiled with \-DDIG_SIGCHASE. .SH "MULTIPLE QUERIES" @@ -389,9 +394,11 @@ A global set of query options, which should be applied to all queries, can also \fB+[no]cmd\fR option) can be overridden by a query\-specific set of query options. For example: .sp +.RS 3n .nf dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr .fi +.RE .sp shows how \fBdig\fR @@ -421,3 +428,5 @@ RFC1035. .SH "BUGS " .PP There are probably too many query options. +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/dig/dig.c b/contrib/bind9/bin/dig/dig.c index 52df6608685..619e0298064 100644 --- a/contrib/bind9/bin/dig/dig.c +++ b/contrib/bind9/bin/dig/dig.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.c,v 1.157.2.13.2.29 2005/10/14 01:38:40 marka Exp $ */ +/* $Id: dig.c,v 1.157.2.13.2.31 2006/07/22 23:52:57 marka Exp $ */ #include #include @@ -1437,7 +1437,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, * Anything which isn't an option */ if (open_type_class) { - if (strncmp(rv[0], "ixfr=", 5) == 0) { + if (strncasecmp(rv[0], "ixfr=", 5) == 0) { rdtype = dns_rdatatype_ixfr; result = ISC_R_SUCCESS; } else { diff --git a/contrib/bind9/bin/dig/dig.html b/contrib/bind9/bin/dig/dig.html index 3425fb3d21b..06771b3a1c2 100644 --- a/contrib/bind9/bin/dig/dig.html +++ b/contrib/bind9/bin/dig/dig.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + dig - +
-
+

Name

dig — DNS lookup utility

@@ -34,7 +34,7 @@

dig [global-queryopt...] [query...]

-

DESCRIPTION

+

DESCRIPTION

dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and @@ -69,7 +69,7 @@ are applied before the command line arguments.

-

SIMPLE USAGE

+

SIMPLE USAGE

A typical invocation of dig looks like:

@@ -107,7 +107,7 @@ ANY, A, MX, SIG, etc.

-

OPTIONS

+

OPTIONS

The -b option sets the source IP address of the query to address. This must be a valid address on @@ -188,7 +188,7 @@ being used. In BIND, this is done by providing appropriate

-

QUERY OPTIONS

+

QUERY OPTIONS

dig provides a number of query options which affect the way in which lookups are made and the results displayed. Some of @@ -446,7 +446,7 @@ Requires dig be compiled with -DDIG_SIGCHASE.

-

MULTIPLE QUERIES

+

MULTIPLE QUERIES

The BIND 9 implementation of dig supports specifying multiple queries on the command line (in addition to @@ -487,7 +487,7 @@ will not print the initial query when it looks up the NS records for

-

FILES

+

FILES

/etc/resolv.conf

@@ -496,7 +496,7 @@ will not print the initial query when it looks up the NS records for

-

SEE ALSO

+

SEE ALSO

host(1), named(8), @@ -505,7 +505,7 @@ will not print the initial query when it looks up the NS records for

-

BUGS

+

BUGS

There are probably too many query options.

diff --git a/contrib/bind9/bin/dig/dighost.c b/contrib/bind9/bin/dig/dighost.c index 6129fedb6c6..398711d4f1c 100644 --- a/contrib/bind9/bin/dig/dighost.c +++ b/contrib/bind9/bin/dig/dighost.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dighost.c,v 1.221.2.19.2.31 2005/10/14 01:38:40 marka Exp $ */ +/* $Id: dighost.c,v 1.221.2.19.2.36 2006/12/07 01:26:33 marka Exp $ */ /* * Notice to programmers: Do not use this code as an example of how to @@ -314,6 +314,9 @@ cancel_lookup(dig_lookup_t *lookup); static void recv_done(isc_task_t *task, isc_event_t *event); +static void +send_udp(dig_query_t *query); + static void connect_timeout(isc_task_t *task, isc_event_t *event); @@ -945,9 +948,8 @@ setup_system(void) { if (lwresult != LWRES_R_SUCCESS) fatal("lwres_context_create failed"); - if (isc_file_exists(RESOLV_CONF)) - lwresult = lwres_conf_parse(lwctx, RESOLV_CONF); - if (lwresult != LWRES_R_SUCCESS) + lwresult = lwres_conf_parse(lwctx, RESOLV_CONF); + if (lwresult != LWRES_R_SUCCESS && lwresult != LWRES_R_NOTFOUND) fatal("parse of %s failed", RESOLV_CONF); lwconf = lwres_conf_get(lwctx); @@ -1194,7 +1196,10 @@ clear_query(dig_query_t *query) { isc_mempool_put(commctx, query->recvspace); isc_buffer_invalidate(&query->recvbuf); isc_buffer_invalidate(&query->lengthbuf); - isc_mem_free(mctx, query); + if (query->waiting_senddone) + query->pending_free = ISC_TRUE; + else + isc_mem_free(mctx, query); } /* @@ -1219,9 +1224,10 @@ try_clear_lookup(dig_lookup_t *lookup) { debug("query to %s still pending", q->servname); q = ISC_LIST_NEXT(q, link); } - return (ISC_FALSE); } + return (ISC_FALSE); } + /* * At this point, we know there are no queries on the lookup, * so can make it go away also. @@ -1254,7 +1260,6 @@ try_clear_lookup(dig_lookup_t *lookup) { return (ISC_TRUE); } - /* * If we can, start the next lookup in the queue running. * This assumes that the lookup on the head of the queue hasn't been @@ -1784,9 +1789,9 @@ setup_lookup(dig_lookup_t *lookup) { check_result(result, "dns_compress_init"); debug("starting to render the message"); - isc_buffer_init(&lookup->sendbuf, lookup->sendspace, COMMSIZE); + isc_buffer_init(&lookup->renderbuf, lookup->sendspace, COMMSIZE); result = dns_message_renderbegin(lookup->sendmsg, &cctx, - &lookup->sendbuf); + &lookup->renderbuf); check_result(result, "dns_message_renderbegin"); if (lookup->udpsize > 0 || lookup->dnssec) { if (lookup->udpsize == 0) @@ -1809,7 +1814,7 @@ setup_lookup(dig_lookup_t *lookup) { /* * Force TCP mode if the request is larger than 512 bytes. */ - if (isc_buffer_usedlength(&lookup->sendbuf) > 512) + if (isc_buffer_usedlength(&lookup->renderbuf) > 512) lookup->tcp_mode = ISC_TRUE; lookup->pending = ISC_FALSE; @@ -1825,6 +1830,8 @@ setup_lookup(dig_lookup_t *lookup) { query, lookup); query->lookup = lookup; query->waiting_connect = ISC_FALSE; + query->waiting_senddone = ISC_FALSE; + query->pending_free = ISC_FALSE; query->recv_made = ISC_FALSE; query->first_pass = ISC_TRUE; query->first_soa_rcvd = ISC_FALSE; @@ -1848,6 +1855,7 @@ setup_lookup(dig_lookup_t *lookup) { isc_buffer_init(&query->recvbuf, query->recvspace, COMMSIZE); isc_buffer_init(&query->lengthbuf, query->lengthspace, 2); isc_buffer_init(&query->slbuf, query->slspace, 2); + query->sendbuf = lookup->renderbuf; ISC_LINK_INIT(query, link); ISC_LIST_ENQUEUE(lookup->q, query, link); @@ -1865,18 +1873,43 @@ setup_lookup(dig_lookup_t *lookup) { */ static void send_done(isc_task_t *_task, isc_event_t *event) { + isc_socketevent_t *sevent = (isc_socketevent_t *)event; + isc_buffer_t *b = NULL; + dig_query_t *query, *next; + dig_lookup_t *l; + REQUIRE(event->ev_type == ISC_SOCKEVENT_SENDDONE); UNUSED(_task); LOCK_LOOKUP; - isc_event_free(&event); - debug("send_done()"); sendcount--; debug("sendcount=%d", sendcount); INSIST(sendcount >= 0); + + for (b = ISC_LIST_HEAD(sevent->bufferlist); + b != NULL; + b = ISC_LIST_HEAD(sevent->bufferlist)) + ISC_LIST_DEQUEUE(sevent->bufferlist, b, link); + + query = event->ev_arg; + query->waiting_senddone = ISC_FALSE; + l = query->lookup; + + if (l->ns_search_only && !l->trace_root) { + debug("sending next, since searching"); + next = ISC_LIST_NEXT(query, link); + if (next != NULL) + send_udp(next); + } + + isc_event_free(&event); + + if (query->pending_free) + isc_mem_free(mctx, query); + check_if_done(); UNLOCK_LOOKUP; } @@ -2020,7 +2053,6 @@ send_tcp_connect(dig_query_t *query) { static void send_udp(dig_query_t *query) { dig_lookup_t *l = NULL; - dig_query_t *next; isc_result_t result; debug("send_udp(%p)", query); @@ -2062,27 +2094,16 @@ send_udp(dig_query_t *query) { debug("recvcount=%d", recvcount); } ISC_LIST_INIT(query->sendlist); - ISC_LINK_INIT(&l->sendbuf, link); - ISC_LIST_ENQUEUE(query->sendlist, &l->sendbuf, - link); + ISC_LIST_ENQUEUE(query->sendlist, &query->sendbuf, link); debug("sending a request"); TIME_NOW(&query->time_sent); INSIST(query->sock != NULL); + query->waiting_senddone = ISC_TRUE; result = isc_socket_sendtov(query->sock, &query->sendlist, global_task, send_done, query, &query->sockaddr, NULL); check_result(result, "isc_socket_sendtov"); sendcount++; - /* - * If we're at the endgame of a nameserver search, we need to - * immediately bring up all the queries. Do it here. - */ - if (l->ns_search_only && !l->trace_root) { - debug("sending next, since searching"); - next = ISC_LIST_NEXT(query, link); - if (next != NULL) - send_udp(next); - } } /* @@ -2171,6 +2192,10 @@ tcp_length_done(isc_task_t *task, isc_event_t *event) { recvcount--; INSIST(recvcount >= 0); + b = ISC_LIST_HEAD(sevent->bufferlist); + INSIST(b == &query->lengthbuf); + ISC_LIST_DEQUEUE(sevent->bufferlist, b, link); + if (sevent->result == ISC_R_CANCELED) { isc_event_free(&event); l = query->lookup; @@ -2196,8 +2221,6 @@ tcp_length_done(isc_task_t *task, isc_event_t *event) { UNLOCK_LOOKUP; return; } - b = ISC_LIST_HEAD(sevent->bufferlist); - ISC_LIST_DEQUEUE(sevent->bufferlist, &query->lengthbuf, link); length = isc_buffer_getuint16(b); if (length == 0) { isc_event_free(&event); @@ -2254,16 +2277,12 @@ launch_next_query(dig_query_t *query, isc_boolean_t include_question) { isc_buffer_clear(&query->slbuf); isc_buffer_clear(&query->lengthbuf); - isc_buffer_putuint16(&query->slbuf, - (isc_uint16_t) query->lookup->sendbuf.used); + isc_buffer_putuint16(&query->slbuf, (isc_uint16_t) query->sendbuf.used); ISC_LIST_INIT(query->sendlist); ISC_LINK_INIT(&query->slbuf, link); ISC_LIST_ENQUEUE(query->sendlist, &query->slbuf, link); - if (include_question) { - ISC_LINK_INIT(&query->lookup->sendbuf, link); - ISC_LIST_ENQUEUE(query->sendlist, &query->lookup->sendbuf, - link); - } + if (include_question) + ISC_LIST_ENQUEUE(query->sendlist, &query->sendbuf, link); ISC_LINK_INIT(&query->lengthbuf, link); ISC_LIST_ENQUEUE(query->lengthlist, &query->lengthbuf, link); @@ -2275,6 +2294,7 @@ launch_next_query(dig_query_t *query, isc_boolean_t include_question) { if (!query->first_soa_rcvd) { debug("sending a request in launch_next_query"); TIME_NOW(&query->time_sent); + query->waiting_senddone = ISC_TRUE; result = isc_socket_sendv(query->sock, &query->sendlist, global_task, send_done, query); check_result(result, "isc_socket_sendv"); @@ -2558,6 +2578,10 @@ recv_done(isc_task_t *task, isc_event_t *event) { REQUIRE(event->ev_type == ISC_SOCKEVENT_RECVDONE); sevent = (isc_socketevent_t *)event; + b = ISC_LIST_HEAD(sevent->bufferlist); + INSIST(b == &query->recvbuf); + ISC_LIST_DEQUEUE(sevent->bufferlist, &query->recvbuf, link); + if ((l->tcp_mode) && (l->timer != NULL)) isc_timer_touch(l->timer); if ((!l->pending && !l->ns_search_only) || cancel_now) { @@ -2591,9 +2615,6 @@ recv_done(isc_task_t *task, isc_event_t *event) { return; } - b = ISC_LIST_HEAD(sevent->bufferlist); - ISC_LIST_DEQUEUE(sevent->bufferlist, &query->recvbuf, link); - if (!l->tcp_mode && !isc_sockaddr_equal(&sevent->address, &query->sockaddr)) { char buf1[ISC_SOCKADDR_FORMATSIZE]; diff --git a/contrib/bind9/bin/dig/host.1 b/contrib/bind9/bin/dig/host.1 index cf44a5c3f35..3a0432cc1d3 100644 --- a/contrib/bind9/bin/dig/host.1 +++ b/contrib/bind9/bin/dig/host.1 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: host.1,v 1.11.2.1.4.7 2005/10/13 02:33:43 marka Exp $ +.\" $Id: host.1,v 1.11.2.1.4.8 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: host +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "HOST" "1" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -183,3 +186,5 @@ will effectively wait forever for a reply. The time to wait for a response will .PP \fBdig\fR(1), \fBnamed\fR(8). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/dig/host.c b/contrib/bind9/bin/dig/host.c index 468d53bf944..7d8ce9b80b1 100644 --- a/contrib/bind9/bin/dig/host.c +++ b/contrib/bind9/bin/dig/host.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: host.c,v 1.76.2.5.2.13 2005/07/04 03:29:45 marka Exp $ */ +/* $Id: host.c,v 1.76.2.5.2.16 2006/05/23 04:43:47 marka Exp $ */ #include #include @@ -37,6 +37,7 @@ #include #include #include +#include #include @@ -45,6 +46,7 @@ static isc_boolean_t default_lookups = ISC_TRUE; static int seen_error = -1; static isc_boolean_t list_addresses = ISC_TRUE; static dns_rdatatype_t list_type = dns_rdatatype_a; +static isc_boolean_t printed_server = ISC_FALSE; static const char *opcodetext[] = { "QUERY", @@ -351,6 +353,32 @@ printrdata(dns_message_t *msg, dns_rdataset_t *rdataset, dns_name_t *owner, return (ISC_R_SUCCESS); } +static void +chase_cnamechain(dns_message_t *msg, dns_name_t *qname) { + isc_result_t result; + dns_rdataset_t *rdataset; + dns_rdata_cname_t cname; + dns_rdata_t rdata = DNS_RDATA_INIT; + unsigned int i = msg->counts[DNS_SECTION_ANSWER]; + + while (i-- > 0) { + rdataset = NULL; + result = dns_message_findname(msg, DNS_SECTION_ANSWER, qname, + dns_rdatatype_cname, 0, NULL, + &rdataset); + if (result != ISC_R_SUCCESS) + return; + result = dns_rdataset_first(rdataset); + check_result(result, "dns_rdataset_first"); + dns_rdata_reset(&rdata); + dns_rdataset_current(rdataset, &rdata); + result = dns_rdata_tostruct(&rdata, &cname, NULL); + check_result(result, "dns_rdata_tostruct"); + dns_name_copy(&cname.cname, qname, NULL); + dns_rdata_freestruct(&cname); + } +} + isc_result_t printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { isc_boolean_t did_flag = ISC_FALSE; @@ -367,7 +395,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { */ force_error = (seen_error == 1) ? 1 : 0; seen_error = 1; - if (listed_server) { + if (listed_server && !printed_server) { char sockstr[ISC_SOCKADDR_FORMATSIZE]; printf("Using domain server:\n"); @@ -376,6 +404,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { sizeof(sockstr)); printf("Address: %s\n", sockstr); printf("Aliases: \n\n"); + printed_server = ISC_TRUE; } if (msg->rcode != 0) { @@ -389,10 +418,15 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { if (default_lookups && query->lookup->rdtype == dns_rdatatype_a) { char namestr[DNS_NAME_FORMATSIZE]; dig_lookup_t *lookup; + dns_fixedname_t fixed; + dns_name_t *name; /* Add AAAA and MX lookups. */ - - dns_name_format(query->lookup->name, namestr, sizeof(namestr)); + dns_fixedname_init(&fixed); + name = dns_fixedname_name(&fixed); + dns_name_copy(query->lookup->name, name, NULL); + chase_cnamechain(msg, name); + dns_name_format(name, namestr, sizeof(namestr)); lookup = clone_lookup(query->lookup, ISC_FALSE); if (lookup != NULL) { strncpy(lookup->textname, namestr, diff --git a/contrib/bind9/bin/dig/host.html b/contrib/bind9/bin/dig/host.html index 7670868ceed..4c162151044 100644 --- a/contrib/bind9/bin/dig/host.html +++ b/contrib/bind9/bin/dig/host.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + host - +
-
+

Name

host — DNS lookup utility

@@ -32,7 +32,7 @@

host [-aCdlnrTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-4] [-6] {name} [server]

-

DESCRIPTION

+

DESCRIPTION

host is a simple utility for performing DNS lookups. @@ -155,13 +155,13 @@ value for an integer quantity.

-

FILES

+

FILES

/etc/resolv.conf

-

SEE ALSO

+

SEE ALSO

dig(1), named(8). diff --git a/contrib/bind9/bin/dig/include/dig/dig.h b/contrib/bind9/bin/dig/include/dig/dig.h index 431d109cf08..91dae5cf2e2 100644 --- a/contrib/bind9/bin/dig/include/dig/dig.h +++ b/contrib/bind9/bin/dig/include/dig/dig.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.h,v 1.71.2.6.2.11 2005/07/04 03:29:45 marka Exp $ */ +/* $Id: dig.h,v 1.71.2.6.2.14 2006/12/07 01:26:33 marka Exp $ */ #ifndef DIG_H #define DIG_H @@ -146,7 +146,7 @@ isc_boolean_t sigchase; char onamespace[BUFSIZE]; isc_buffer_t namebuf; isc_buffer_t onamebuf; - isc_buffer_t sendbuf; + isc_buffer_t renderbuf; char *sendspace; dns_name_t *name; isc_timer_t *timer; @@ -173,6 +173,8 @@ isc_boolean_t sigchase; struct dig_query { dig_lookup_t *lookup; isc_boolean_t waiting_connect, + pending_free, + waiting_senddone, first_pass, first_soa_rcvd, second_rr_rcvd, @@ -198,6 +200,7 @@ struct dig_query { ISC_LINK(dig_query_t) link; isc_sockaddr_t sockaddr; isc_time_t time_sent; + isc_buffer_t sendbuf; }; struct dig_server { diff --git a/contrib/bind9/bin/dig/nslookup.1 b/contrib/bind9/bin/dig/nslookup.1 index 3de04ca4f91..7b1d4d2f7f7 100644 --- a/contrib/bind9/bin/dig/nslookup.1 +++ b/contrib/bind9/bin/dig/nslookup.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,14 +12,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nslookup.1,v 1.1.6.5 2005/10/13 02:33:43 marka Exp $ +.\" $Id: nslookup.1,v 1.1.6.7 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: nslookup +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "NSLOOKUP" "1" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -39,26 +42,28 @@ has two modes: interactive and non\-interactive. Interactive mode allows the use .SH "ARGUMENTS" .PP Interactive mode is entered in the following cases: -.TP 3 +.TP 3n 1. when no arguments are given (the default name server will be used) -.TP +.TP 3n 2. when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server. +.sp +.RE .PP Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server. .PP Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type: -.IP .sp .nf nslookup \-query=hinfo \-timeout=10 .fi +.sp .RS 3n .nf nslookup \-query=hinfo \-timeout=10 .fi .RE .SH "INTERACTIVE COMMANDS" -.TP +.TP 3n host [server] Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name. .sp To look up a host not in the current domain, append a period to the name. -.TP +.TP 3n \fBserver\fR \fIdomain\fR -.TP +.TP 3n \fBlserver\fR \fIdomain\fR Change the default server to \fIdomain\fR; @@ -67,107 +72,107 @@ uses the initial server to look up information about \fIdomain\fR, while \fBserver\fR uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned. -.TP +.TP 3n \fBroot\fR not implemented -.TP +.TP 3n \fBfinger\fR not implemented -.TP +.TP 3n \fBls\fR not implemented -.TP +.TP 3n \fBview\fR not implemented -.TP +.TP 3n \fBhelp\fR not implemented -.TP +.TP 3n \fB?\fR not implemented -.TP +.TP 3n \fBexit\fR Exits the program. -.TP +.TP 3n \fBset\fR \fIkeyword\fR\fI[=value]\fR This command is used to change state information that affects the lookups. Valid keywords are: -.RS -.TP +.RS 3n +.TP 3n \fBall\fR Prints the current values of the frequently used options to \fBset\fR. Information about the current default server and host is also printed. -.TP +.TP 3n \fBclass=\fR\fIvalue\fR Change the query class to one of: -.RS -.TP +.RS 3n +.TP 3n \fBIN\fR the Internet class -.TP +.TP 3n \fBCH\fR the Chaos class -.TP +.TP 3n \fBHS\fR the Hesiod class -.TP +.TP 3n \fBANY\fR wildcard .RE -.IP +.IP "" 3n The class specifies the protocol group of the information. .sp (Default = IN; abbreviation = cl) -.TP +.TP 3n \fB\fI[no]\fR\fR\fBdebug\fR Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer. .sp (Default = nodebug; abbreviation = [no]deb) -.TP +.TP 3n \fB\fI[no]\fR\fR\fBd2\fR Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer. .sp (Default = nod2) -.TP +.TP 3n \fBdomain=\fR\fIname\fR Sets the search list to \fIname\fR. -.TP +.TP 3n \fB\fI[no]\fR\fR\fBsearch\fR If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received. .sp (Default = search) -.TP +.TP 3n \fBport=\fR\fIvalue\fR Change the default TCP/UDP name server port to \fIvalue\fR. .sp (Default = 53; abbreviation = po) -.TP +.TP 3n \fBquerytype=\fR\fIvalue\fR -.TP +.TP 3n \fBtype=\fR\fIvalue\fR -Change the top of the information query. +Change the type of the information query. .sp (Default = A; abbreviations = q, ty) -.TP +.TP 3n \fB\fI[no]\fR\fR\fBrecurse\fR Tell the name server to query other servers if it does not have the information. .sp (Default = recurse; abbreviation = [no]rec) -.TP +.TP 3n \fBretry=\fR\fInumber\fR Set the number of retries to number. -.TP +.TP 3n \fBtimeout=\fR\fInumber\fR Change the initial timeout interval for waiting for a reply to number seconds. -.TP +.TP 3n \fB\fI[no]\fR\fR\fBvc\fR Always use a virtual circuit when sending requests to the server. .sp (Default = novc) .RE -.IP +.IP "" 3n .SH "FILES" .PP \fI/etc/resolv.conf\fR @@ -179,3 +184,5 @@ Always use a virtual circuit when sending requests to the server. .SH "AUTHOR" .PP Andrew Cherenson +.SH "COPYRIGHT" +Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/dig/nslookup.c b/contrib/bind9/bin/dig/nslookup.c index ab9ed68764c..5ae64d0d594 100644 --- a/contrib/bind9/bin/dig/nslookup.c +++ b/contrib/bind9/bin/dig/nslookup.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nslookup.c,v 1.90.2.4.2.10 2005/07/12 05:47:42 marka Exp $ */ +/* $Id: nslookup.c,v 1.90.2.4.2.12 2006/06/09 23:50:53 marka Exp $ */ #include @@ -708,6 +708,7 @@ get_next_command(void) { if (buf == NULL) fatal("memory allocation failure"); fputs("> ", stderr); + fflush(stderr); isc_app_block(); ptr = fgets(buf, COMMSIZE, stdin); isc_app_unblock(); diff --git a/contrib/bind9/bin/dig/nslookup.docbook b/contrib/bind9/bin/dig/nslookup.docbook index 189fabe8507..741ad345a27 100644 --- a/contrib/bind9/bin/dig/nslookup.docbook +++ b/contrib/bind9/bin/dig/nslookup.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" []> - + - + nslookup - +

-
+

Name

nslookup — query Internet name servers interactively

@@ -31,7 +31,7 @@

nslookup [-option] [name | -] [server]

-

DESCRIPTION

+

DESCRIPTION

Nslookup is a program to query Internet domain name servers. Nslookup @@ -43,7 +43,7 @@ domain.

-

ARGUMENTS

+

ARGUMENTS

Interactive mode is entered in the following cases:

@@ -75,7 +75,7 @@ nslookup -query=hinfo -timeout=10

-

INTERACTIVE COMMANDS

+

INTERACTIVE COMMANDS

host [server]
@@ -200,7 +200,7 @@ the lookups. Valid keywords are:
type=value

- Change the top of the information query. + Change the type of the information query.

(Default = A; abbreviations = q, ty) @@ -241,13 +241,13 @@ the lookups. Valid keywords are:

-

FILES

+

FILES

/etc/resolv.conf

-

SEE ALSO

+

SEE ALSO

dig(1), host(1), @@ -255,7 +255,7 @@ the lookups. Valid keywords are:

-

Author

+

Author

Andrew Cherenson

diff --git a/contrib/bind9/bin/dnssec/dnssec-keygen.8 b/contrib/bind9/bin/dnssec/dnssec-keygen.8 index 0f8f003de42..35bb0efda57 100644 --- a/contrib/bind9/bin/dnssec/dnssec-keygen.8 +++ b/contrib/bind9/bin/dnssec/dnssec-keygen.8 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-keygen.8,v 1.19.12.9 2005/10/13 02:33:45 marka Exp $ +.\" $Id: dnssec-keygen.8,v 1.19.12.10 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: dnssec\-keygen +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: June 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "DNSSEC\-KEYGEN" "8" "June 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -36,7 +39,7 @@ dnssec\-keygen \- DNSSEC key generation tool \fBdnssec\-keygen\fR generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC . It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845. .SH "OPTIONS" -.TP +.TP 3n \-a \fIalgorithm\fR Selects the cryptographic algorithm. The value of \fBalgorithm\fR @@ -45,37 +48,37 @@ must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5. Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory. .sp Note 2: HMAC\-MD5 and DH automatically set the \-k flag. -.TP +.TP 3n \-b \fIkeysize\fR Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits. -.TP +.TP 3n \-n \fInametype\fR Specifies the owner type of the key. The value of \fBnametype\fR must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive. -.TP +.TP 3n \-c \fIclass\fR Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used. -.TP +.TP 3n \-e If generating an RSAMD5/RSASHA1 key, use a large exponent. -.TP +.TP 3n \-f \fIflag\fR Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY. -.TP +.TP 3n \-g \fIgenerator\fR If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2. -.TP +.TP 3n \-h Prints a short summary of the options and arguments to \fBdnssec\-keygen\fR. -.TP +.TP 3n \-k Generate KEY records rather than DNSKEY records. -.TP +.TP 3n \-p \fIprotocol\fR Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors. -.TP +.TP 3n \-r \fIrandomdev\fR Specifies the source of randomness. If the operating system does not provide a \fI/dev/random\fR @@ -84,15 +87,15 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP +.TP 3n \-s \fIstrength\fR Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC. -.TP +.TP 3n \-t \fItype\fR Indicates the use of the key. \fBtype\fR must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data. -.TP +.TP 3n \-v \fIlevel\fR Sets the debugging level. .SH "GENERATED KEYS" @@ -102,18 +105,20 @@ When completes successfully, it prints a string of the form \fIKnnnn.+aaa+iiiii\fR to the standard output. This is an identification string for the key it has generated. -.TP 3 +.TP 3n \(bu \fInnnn\fR is the key name. -.TP +.TP 3n \(bu \fIaaa\fR is the numeric representation of the algorithm. -.TP +.TP 3n \(bu \fIiiiii\fR is the key identifier (or footprint). +.sp +.RE .PP \fBdnssec\-keygen\fR creates two file, with names based on the printed string. @@ -162,3 +167,5 @@ RFC 2539. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/dnssec/dnssec-keygen.html b/contrib/bind9/bin/dnssec/dnssec-keygen.html index 00271faadf4..7a15099bae0 100644 --- a/contrib/bind9/bin/dnssec/dnssec-keygen.html +++ b/contrib/bind9/bin/dnssec/dnssec-keygen.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + dnssec-keygen - +
-
+

Name

dnssec-keygen — DNSSEC key generation tool

@@ -32,7 +32,7 @@

dnssec-keygen {-a algorithm} {-b keysize} {-n nametype} [-c class] [-e] [-f flag] [-g generator] [-h] [-k] [-p protocol] [-r randomdev] [-s strength] [-t type] [-v level] {name}

-

DESCRIPTION

+

DESCRIPTION

dnssec-keygen generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\>. It can also generate @@ -41,7 +41,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm
@@ -144,7 +144,7 @@
-

GENERATED KEYS

+

GENERATED KEYS

When dnssec-keygen completes successfully, it prints a string of the form Knnnn.+aaa+iiiii @@ -187,7 +187,7 @@

-

EXAMPLE

+

EXAMPLE

To generate a 768-bit DSA key for the domain example.com, the following command would be @@ -209,7 +209,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-signzone(8), BIND 9 Administrator Reference Manual, @@ -219,7 +219,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/bin/dnssec/dnssec-signzone.8 b/contrib/bind9/bin/dnssec/dnssec-signzone.8 index 63ffadba644..734eca6f807 100644 --- a/contrib/bind9/bin/dnssec/dnssec-signzone.8 +++ b/contrib/bind9/bin/dnssec/dnssec-signzone.8 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.10 2005/10/13 02:33:45 marka Exp $ +.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.11 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: dnssec\-signzone +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: June 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "DNSSEC\-SIGNZONE" "8" "June 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -38,49 +41,49 @@ signs a zone. It generates NSEC and RRSIG records and produces a signed version \fIkeyset\fR file for each child zone. .SH "OPTIONS" -.TP +.TP 3n \-a Verify all generated signatures. -.TP +.TP 3n \-c \fIclass\fR Specifies the DNS class of the zone. -.TP +.TP 3n \-k \fIkey\fR Treat specified key as a key signing key ignoring any key flags. This option may be specified multiple times. -.TP +.TP 3n \-l \fIdomain\fR Generate a DLV set in addition to the key (DNSKEY) and DS sets. The domain is appended to the name of the records. -.TP +.TP 3n \-d \fIdirectory\fR Look for \fIkeyset\fR files in \fBdirectory\fR as the directory -.TP +.TP 3n \-g Generate DS records for child zones from keyset files. Existing DS records will be removed. -.TP +.TP 3n \-s \fIstart\-time\fR Specify the date and time when the generated RRSIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no \fBstart\-time\fR is specified, the current time minus 1 hour (to allow for clock skew) is used. -.TP +.TP 3n \-e \fIend\-time\fR Specify the date and time when the generated RRSIG records expire. As with \fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no \fBend\-time\fR is specified, 30 days from the start time is used as a default. -.TP +.TP 3n \-f \fIoutput\-file\fR The name of the output file containing the signed zone. The default is to append \fI.signed\fR to the input file. -.TP +.TP 3n \-h Prints a short summary of the options and arguments to \fBdnssec\-signzone\fR. -.TP +.TP 3n \-i \fIinterval\fR When a previously signed zone is passed as input, records may be resigned. The \fBinterval\fR @@ -93,16 +96,16 @@ or are specified, \fBdnssec\-signzone\fR generates signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing RRSIG records are due to expire in less than 7.5 days, they would be replaced. -.TP +.TP 3n \-n \fIncpus\fR Specifies the number of threads to use. By default, one thread is started for each detected CPU. -.TP +.TP 3n \-o \fIorigin\fR The zone origin. If not specified, the name of the zone file is assumed to be the origin. -.TP +.TP 3n \-p Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited. -.TP +.TP 3n \-r \fIrandomdev\fR Specifies the source of randomness. If the operating system does not provide a \fI/dev/random\fR @@ -111,19 +114,19 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP +.TP 3n \-t Print statistics at completion. -.TP +.TP 3n \-v \fIlevel\fR Sets the debugging level. -.TP +.TP 3n \-z Ignore KSK flag on key when determining what to sign. -.TP +.TP 3n zonefile The file containing the zone to be signed. -.TP +.TP 3n key The keys used to sign the zone. If no keys are specified, the default all zone keys that have private key files in the current directory. .SH "EXAMPLE" @@ -155,3 +158,5 @@ RFC 2535. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/dnssec/dnssec-signzone.c b/contrib/bind9/bin/dnssec/dnssec-signzone.c index 93caf497e26..4ac840df06b 100644 --- a/contrib/bind9/bin/dnssec/dnssec-signzone.c +++ b/contrib/bind9/bin/dnssec/dnssec-signzone.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2003 Internet Software Consortium. * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * @@ -16,7 +16,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-signzone.c,v 1.139.2.2.4.21 2005/10/14 01:38:41 marka Exp $ */ +/* $Id: dnssec-signzone.c,v 1.139.2.2.4.23 2006/01/04 23:50:19 marka Exp $ */ #include @@ -1292,10 +1292,6 @@ nsecify(void) { result = dns_dbiterator_next(dbiter); continue; } - if (result != ISC_R_SUCCESS) { - dns_db_detachnode(gdb, &nextnode); - break; - } if (!dns_name_issubdomain(nextname, gorigin) || (zonecut != NULL && dns_name_issubdomain(nextname, zonecut))) diff --git a/contrib/bind9/bin/dnssec/dnssec-signzone.html b/contrib/bind9/bin/dnssec/dnssec-signzone.html index 5cc8c0747cc..bd926312e86 100644 --- a/contrib/bind9/bin/dnssec/dnssec-signzone.html +++ b/contrib/bind9/bin/dnssec/dnssec-signzone.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + dnssec-signzone - +
-
+

Name

dnssec-signzone — DNSSEC zone signing tool

@@ -32,7 +32,7 @@

dnssec-signzone [-a] [-c class] [-d directory] [-e end-time] [-f output-file] [-g] [-h] [-k key] [-l domain] [-i interval] [-n nthreads] [-o origin] [-p] [-r randomdev] [-s start-time] [-t] [-v level] [-z] {zonefile} [key...]

-

DESCRIPTION

+

DESCRIPTION

dnssec-signzone signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -43,7 +43,7 @@

-

OPTIONS

+

OPTIONS

-a

@@ -179,7 +179,7 @@

-

EXAMPLE

+

EXAMPLE

The following command signs the example.com zone with the DSA key generated in the dnssec-keygen @@ -203,7 +203,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), BIND 9 Administrator Reference Manual, @@ -211,7 +211,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/bin/named/aclconf.c b/contrib/bind9/bin/named/aclconf.c index 8b6d0c767d4..102a891033a 100644 --- a/contrib/bind9/bin/named/aclconf.c +++ b/contrib/bind9/bin/named/aclconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: aclconf.c,v 1.27.12.5 2005/03/17 03:58:25 marka Exp $ */ +/* $Id: aclconf.c,v 1.27.12.7 2006/03/02 00:37:20 marka Exp $ */ #include @@ -54,10 +54,10 @@ ns_aclconfctx_destroy(ns_aclconfctx_t *ctx) { * Find the definition of the named acl whose name is "name". */ static isc_result_t -get_acl_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) { +get_acl_def(const cfg_obj_t *cctx, const char *name, const cfg_obj_t **ret) { isc_result_t result; - cfg_obj_t *acls = NULL; - cfg_listelt_t *elt; + const cfg_obj_t *acls = NULL; + const cfg_listelt_t *elt; result = cfg_map_get(cctx, "acl", &acls); if (result != ISC_R_SUCCESS) @@ -65,7 +65,7 @@ get_acl_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) { for (elt = cfg_list_first(acls); elt != NULL; elt = cfg_list_next(elt)) { - cfg_obj_t *acl = cfg_listelt_value(elt); + const cfg_obj_t *acl = cfg_listelt_value(elt); const char *aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name")); if (strcasecmp(aclname, name) == 0) { *ret = cfg_tuple_get(acl, "value"); @@ -76,15 +76,15 @@ get_acl_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) { } static isc_result_t -convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx, +convert_named_acl(const cfg_obj_t *nameobj, const cfg_obj_t *cctx, ns_aclconfctx_t *ctx, isc_mem_t *mctx, dns_acl_t **target) { isc_result_t result; - cfg_obj_t *cacl = NULL; + const cfg_obj_t *cacl = NULL; dns_acl_t *dacl; dns_acl_t loop; - char *aclname = cfg_obj_asstring(nameobj); + const char *aclname = cfg_obj_asstring(nameobj); /* Look for an already-converted version. */ for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache); @@ -113,7 +113,7 @@ convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx, */ memset(&loop, 0, sizeof(loop)); ISC_LINK_INIT(&loop, nextincache); - loop.name = aclname; + DE_CONST(aclname, loop.name); loop.magic = LOOP_MAGIC; ISC_LIST_APPEND(ctx->named_acl_cache, &loop, nextincache); result = ns_acl_fromconfig(cacl, cctx, ctx, mctx, &dacl); @@ -131,7 +131,7 @@ convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx, } static isc_result_t -convert_keyname(cfg_obj_t *keyobj, isc_mem_t *mctx, dns_name_t *dnsname) { +convert_keyname(const cfg_obj_t *keyobj, isc_mem_t *mctx, dns_name_t *dnsname) { isc_result_t result; isc_buffer_t buf; dns_fixedname_t fixname; @@ -154,8 +154,8 @@ convert_keyname(cfg_obj_t *keyobj, isc_mem_t *mctx, dns_name_t *dnsname) { } isc_result_t -ns_acl_fromconfig(cfg_obj_t *caml, - cfg_obj_t *cctx, +ns_acl_fromconfig(const cfg_obj_t *caml, + const cfg_obj_t *cctx, ns_aclconfctx_t *ctx, isc_mem_t *mctx, dns_acl_t **target) @@ -164,7 +164,7 @@ ns_acl_fromconfig(cfg_obj_t *caml, unsigned int count; dns_acl_t *dacl = NULL; dns_aclelement_t *de; - cfg_listelt_t *elt; + const cfg_listelt_t *elt; REQUIRE(target != NULL && *target == NULL); @@ -183,7 +183,7 @@ ns_acl_fromconfig(cfg_obj_t *caml, elt != NULL; elt = cfg_list_next(elt)) { - cfg_obj_t *ce = cfg_listelt_value(elt); + const cfg_obj_t *ce = cfg_listelt_value(elt); if (cfg_obj_istuple(ce)) { /* This must be a negated element. */ ce = cfg_tuple_get(ce, "value"); @@ -215,7 +215,7 @@ ns_acl_fromconfig(cfg_obj_t *caml, goto cleanup; } else if (cfg_obj_isstring(ce)) { /* ACL name */ - char *name = cfg_obj_asstring(ce); + const char *name = cfg_obj_asstring(ce); if (strcasecmp(name, "localhost") == 0) { de->type = dns_aclelementtype_localhost; } else if (strcasecmp(name, "localnets") == 0) { diff --git a/contrib/bind9/bin/named/client.c b/contrib/bind9/bin/named/client.c index baecc2345cb..b0ce793b98e 100644 --- a/contrib/bind9/bin/named/client.c +++ b/contrib/bind9/bin/named/client.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.c,v 1.176.2.13.4.26 2005/07/27 02:53:14 marka Exp $ */ +/* $Id: client.c,v 1.176.2.13.4.31 2006/07/22 01:09:38 marka Exp $ */ #include @@ -164,6 +164,12 @@ struct ns_clientmgr { * Must be greater than any valid state. */ +/* + * Enable ns_client_dropport() by default. + */ +#ifndef NS_CLIENT_DROPPORT +#define NS_CLIENT_DROPPORT 1 +#endif static void client_read(ns_client_t *client); static void client_accept(ns_client_t *client); @@ -285,8 +291,17 @@ exit_check(ns_client_t *client) { } /* * I/O cancel is complete. Burn down all state - * related to the current request. + * related to the current request. Ensure that + * the client is on the active list and not the + * recursing list. */ + LOCK(&client->manager->lock); + if (client->list == &client->manager->recursing) { + ISC_LIST_UNLINK(*client->list, client, link); + ISC_LIST_APPEND(client->manager->active, client, link); + client->list = &client->manager->active; + } + UNLOCK(&client->manager->lock); ns_client_endrequest(client); client->state = NS_CLIENTSTATE_READING; @@ -972,6 +987,34 @@ ns_client_send(ns_client_t *client) { ns_client_next(client, result); } +#if NS_CLIENT_DROPPORT +#define DROPPORT_NO 0 +#define DROPPORT_REQUEST 1 +#define DROPPORT_RESPONSE 2 +/*% + * ns_client_dropport determines if certain requests / responses + * should be dropped based on the port number. + * + * Returns: + * \li 0: Don't drop. + * \li 1: Drop request. + * \li 2: Drop (error) response. + */ +static int +ns_client_dropport(in_port_t port) { + switch (port) { + case 7: /* echo */ + case 13: /* daytime */ + case 19: /* chargen */ + case 37: /* time */ + return (DROPPORT_REQUEST); + case 464: /* kpasswd */ + return (DROPPORT_RESPONSE); + } + return (DROPPORT_NO); +} +#endif + void ns_client_error(ns_client_t *client, isc_result_t result) { dns_rcode_t rcode; @@ -984,6 +1027,28 @@ ns_client_error(ns_client_t *client, isc_result_t result) { message = client->message; rcode = dns_result_torcode(result); +#if NS_CLIENT_DROPPORT + /* + * Don't send FORMERR to ports on the drop port list. + */ + if (rcode == dns_rcode_formerr && + ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) != + DROPPORT_NO) { + char buf[64]; + isc_buffer_t b; + + isc_buffer_init(&b, buf, sizeof(buf) - 1); + if (dns_rcode_totext(rcode, &b) != ISC_R_SUCCESS) + isc_buffer_putstr(&b, "UNKNOWN RCODE"); + ns_client_log(client, DNS_LOGCATEGORY_SECURITY, + NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10), + "dropped error (%.*s) response: suspicious port", + (int)isc_buffer_usedlength(&b), buf); + ns_client_next(client, ISC_R_SUCCESS); + return; + } +#endif + /* * Message may be an in-progress reply that we had trouble * with, in which case QR will be set. We need to clear QR before @@ -1208,6 +1273,17 @@ client_request(isc_task_t *task, isc_event_t *event) { isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); +#if NS_CLIENT_DROPPORT + if (ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) == + DROPPORT_REQUEST) { + ns_client_log(client, DNS_LOGCATEGORY_SECURITY, + NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10), + "dropped request: suspicious port"); + ns_client_next(client, ISC_R_SUCCESS); + goto cleanup; + } +#endif + ns_client_log(client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), "%s request", @@ -1242,6 +1318,7 @@ client_request(isc_task_t *task, isc_event_t *event) { NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(2), "dropping multicast request"); ns_client_next(client, DNS_R_REFUSED); + goto cleanup; } result = dns_message_peekheader(buffer, &id, &flags); @@ -1532,12 +1609,15 @@ client_request(isc_task_t *task, isc_event_t *event) { * Decide whether recursive service is available to this client. * We do this here rather than in the query code so that we can * set the RA bit correctly on all kinds of responses, not just - * responses to ordinary queries. + * responses to ordinary queries. Note if you can't query the + * cache there is no point in setting RA. */ ra = ISC_FALSE; if (client->view->resolver != NULL && client->view->recursion == ISC_TRUE && ns_client_checkaclsilent(client, client->view->recursionacl, + ISC_TRUE) == ISC_R_SUCCESS && + ns_client_checkaclsilent(client, client->view->queryacl, ISC_TRUE) == ISC_R_SUCCESS) ra = ISC_TRUE; @@ -2364,3 +2444,20 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) { } UNLOCK(&manager->lock); } + +void +ns_client_qnamereplace(ns_client_t *client, dns_name_t *name) { + + if (client->manager != NULL) + LOCK(&client->manager->lock); + if (client->query.restarts > 0) { + /* + * client->query.qname was dynamically allocated. + */ + dns_message_puttempname(client->message, + &client->query.qname); + } + client->query.qname = name; + if (client->manager != NULL) + UNLOCK(&client->manager->lock); +} diff --git a/contrib/bind9/bin/named/config.c b/contrib/bind9/bin/named/config.c index 99e5ffa7f41..7b5b99e6720 100644 --- a/contrib/bind9/bin/named/config.c +++ b/contrib/bind9/bin/named/config.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.c,v 1.11.2.4.8.29 2004/10/05 02:52:26 marka Exp $ */ +/* $Id: config.c,v 1.11.2.4.8.32 2006/02/28 06:32:53 marka Exp $ */ #include @@ -196,7 +196,7 @@ ns_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf) { } isc_result_t -ns_config_get(cfg_obj_t **maps, const char *name, cfg_obj_t **obj) { +ns_config_get(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) { int i; for (i = 0;; i++) { @@ -208,11 +208,13 @@ ns_config_get(cfg_obj_t **maps, const char *name, cfg_obj_t **obj) { } isc_result_t -ns_checknames_get(cfg_obj_t **maps, const char *which, cfg_obj_t **obj) { - cfg_listelt_t *element; - cfg_obj_t *checknames; - cfg_obj_t *type; - cfg_obj_t *value; +ns_checknames_get(const cfg_obj_t **maps, const char *which, + const cfg_obj_t **obj) +{ + const cfg_listelt_t *element; + const cfg_obj_t *checknames; + const cfg_obj_t *type; + const cfg_obj_t *value; int i; for (i = 0;; i++) { @@ -243,8 +245,8 @@ ns_checknames_get(cfg_obj_t **maps, const char *which, cfg_obj_t **obj) { } int -ns_config_listcount(cfg_obj_t *list) { - cfg_listelt_t *e; +ns_config_listcount(const cfg_obj_t *list) { + const cfg_listelt_t *e; int i = 0; for (e = cfg_list_first(list); e != NULL; e = cfg_list_next(e)) @@ -254,9 +256,9 @@ ns_config_listcount(cfg_obj_t *list) { } isc_result_t -ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass, +ns_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass, dns_rdataclass_t *classp) { - char *str; + const char *str; isc_textregion_t r; isc_result_t result; @@ -265,7 +267,7 @@ ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass, return (ISC_R_SUCCESS); } str = cfg_obj_asstring(classobj); - r.base = str; + DE_CONST(str, r.base); r.length = strlen(str); result = dns_rdataclass_fromtext(classp, &r); if (result != ISC_R_SUCCESS) @@ -275,9 +277,9 @@ ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass, } isc_result_t -ns_config_gettype(cfg_obj_t *typeobj, dns_rdatatype_t deftype, +ns_config_gettype(const cfg_obj_t *typeobj, dns_rdatatype_t deftype, dns_rdatatype_t *typep) { - char *str; + const char *str; isc_textregion_t r; isc_result_t result; @@ -286,7 +288,7 @@ ns_config_gettype(cfg_obj_t *typeobj, dns_rdatatype_t deftype, return (ISC_R_SUCCESS); } str = cfg_obj_asstring(typeobj); - r.base = str; + DE_CONST(str, r.base); r.length = strlen(str); result = dns_rdatatype_fromtext(typep, &r); if (result != ISC_R_SUCCESS) @@ -296,9 +298,9 @@ ns_config_gettype(cfg_obj_t *typeobj, dns_rdatatype_t deftype, } dns_zonetype_t -ns_config_getzonetype(cfg_obj_t *zonetypeobj) { +ns_config_getzonetype(const cfg_obj_t *zonetypeobj) { dns_zonetype_t ztype = dns_zone_none; - char *str; + const char *str; str = cfg_obj_asstring(zonetypeobj); if (strcasecmp(str, "master") == 0) @@ -313,14 +315,14 @@ ns_config_getzonetype(cfg_obj_t *zonetypeobj) { } isc_result_t -ns_config_getiplist(cfg_obj_t *config, cfg_obj_t *list, +ns_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list, in_port_t defport, isc_mem_t *mctx, isc_sockaddr_t **addrsp, isc_uint32_t *countp) { int count, i = 0; - cfg_obj_t *addrlist; - cfg_obj_t *portobj; - cfg_listelt_t *element; + const cfg_obj_t *addrlist; + const cfg_obj_t *portobj; + const cfg_listelt_t *element; isc_sockaddr_t *addrs; in_port_t port; isc_result_t result; @@ -380,10 +382,12 @@ ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp, } static isc_result_t -get_masters_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) { +get_masters_def(const cfg_obj_t *cctx, const char *name, + const cfg_obj_t **ret) +{ isc_result_t result; - cfg_obj_t *masters = NULL; - cfg_listelt_t *elt; + const cfg_obj_t *masters = NULL; + const cfg_listelt_t *elt; result = cfg_map_get(cctx, "masters", &masters); if (result != ISC_R_SUCCESS) @@ -391,7 +395,7 @@ get_masters_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) { for (elt = cfg_list_first(masters); elt != NULL; elt = cfg_list_next(elt)) { - cfg_obj_t *list; + const cfg_obj_t *list; const char *listname; list = cfg_listelt_value(elt); @@ -406,24 +410,24 @@ get_masters_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) { } isc_result_t -ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx, - isc_sockaddr_t **addrsp, dns_name_t ***keysp, - isc_uint32_t *countp) +ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, + isc_mem_t *mctx, isc_sockaddr_t **addrsp, + dns_name_t ***keysp, isc_uint32_t *countp) { isc_uint32_t addrcount = 0, keycount = 0, i = 0; isc_uint32_t listcount = 0, l = 0, j; isc_uint32_t stackcount = 0, pushed = 0; isc_result_t result; - cfg_listelt_t *element; - cfg_obj_t *addrlist; - cfg_obj_t *portobj; + const cfg_listelt_t *element; + const cfg_obj_t *addrlist; + const cfg_obj_t *portobj; in_port_t port; dns_fixedname_t fname; isc_sockaddr_t *addrs = NULL; dns_name_t **keys = NULL; - char **lists = NULL; + const char **lists = NULL; struct { - cfg_listelt_t *element; + const cfg_listelt_t *element; in_port_t port; } *stack = NULL; @@ -439,13 +443,14 @@ ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx, if (val > ISC_UINT16_MAX) { cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR, "port '%u' out of range", val); - return (ISC_R_RANGE); + result = ISC_R_RANGE; + goto cleanup; } port = (in_port_t) val; } else { result = ns_config_getport(config, &port); if (result != ISC_R_SUCCESS) - return (result); + goto cleanup; } result = ISC_R_NOMEMORY; @@ -456,9 +461,9 @@ ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *addr; - cfg_obj_t *key; - char *keystr; + const cfg_obj_t *addr; + const cfg_obj_t *key; + const char *keystr; isc_buffer_t b; addr = cfg_tuple_get(cfg_listelt_value(element), @@ -466,7 +471,7 @@ ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx, key = cfg_tuple_get(cfg_listelt_value(element), "key"); if (!cfg_obj_issockaddr(addr)) { - char *listname = cfg_obj_asstring(addr); + const char *listname = cfg_obj_asstring(addr); isc_result_t tresult; /* Grow lists? */ @@ -606,9 +611,9 @@ ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx, if (new == NULL) goto cleanup; memcpy(new, addrs, newsize); - isc_mem_put(mctx, addrs, oldsize); } else new = NULL; + isc_mem_put(mctx, addrs, oldsize); addrs = new; addrcount = i; @@ -619,9 +624,9 @@ ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx, if (new == NULL) goto cleanup; memcpy(new, keys, newsize); - isc_mem_put(mctx, keys, oldsize); } else new = NULL; + isc_mem_put(mctx, keys, oldsize); keys = new; keycount = i; } @@ -682,10 +687,10 @@ ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp, } isc_result_t -ns_config_getport(cfg_obj_t *config, in_port_t *portp) { - cfg_obj_t *maps[3]; - cfg_obj_t *options = NULL; - cfg_obj_t *portobj = NULL; +ns_config_getport(const cfg_obj_t *config, in_port_t *portp) { + const cfg_obj_t *maps[3]; + const cfg_obj_t *options = NULL; + const cfg_obj_t *portobj = NULL; isc_result_t result; int i; diff --git a/contrib/bind9/bin/named/controlconf.c b/contrib/bind9/bin/named/controlconf.c index 5b87fb9c0a1..b6bcc166200 100644 --- a/contrib/bind9/bin/named/controlconf.c +++ b/contrib/bind9/bin/named/controlconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: controlconf.c,v 1.28.2.9.2.6 2004/03/08 09:04:14 marka Exp $ */ +/* $Id: controlconf.c,v 1.28.2.9.2.10 2006/02/28 06:32:53 marka Exp $ */ #include @@ -356,6 +356,9 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { { ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer); ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer); + if (secret.rstart != NULL) + isc_mem_put(listener->mctx, secret.rstart, + REGION_SIZE(secret)); secret.rstart = isc_mem_get(listener->mctx, key->secret.length); if (secret.rstart == NULL) goto cleanup; @@ -371,8 +374,6 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { */ if (request != NULL) isccc_sexpr_free(&request); - isc_mem_put(listener->mctx, secret.rstart, - REGION_SIZE(secret)); } else { log_invalid(&conn->ccmsg, result); goto cleanup; @@ -649,10 +650,12 @@ ns_controls_shutdown(ns_controls_t *controls) { } static isc_result_t -cfgkeylist_find(cfg_obj_t *keylist, const char *keyname, cfg_obj_t **objp) { - cfg_listelt_t *element; +cfgkeylist_find(const cfg_obj_t *keylist, const char *keyname, + const cfg_obj_t **objp) +{ + const cfg_listelt_t *element; const char *str; - cfg_obj_t *obj; + const cfg_obj_t *obj; for (element = cfg_list_first(keylist); element != NULL; @@ -671,13 +674,13 @@ cfgkeylist_find(cfg_obj_t *keylist, const char *keyname, cfg_obj_t **objp) { } static isc_result_t -controlkeylist_fromcfg(cfg_obj_t *keylist, isc_mem_t *mctx, +controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx, controlkeylist_t *keyids) { - cfg_listelt_t *element; + const cfg_listelt_t *element; char *newstr = NULL; const char *str; - cfg_obj_t *obj; + const cfg_obj_t *obj; controlkey_t *key = NULL; for (element = cfg_list_first(keylist); @@ -712,11 +715,11 @@ controlkeylist_fromcfg(cfg_obj_t *keylist, isc_mem_t *mctx, } static void -register_keys(cfg_obj_t *control, cfg_obj_t *keylist, +register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist, controlkeylist_t *keyids, isc_mem_t *mctx, const char *socktext) { controlkey_t *keyid, *next; - cfg_obj_t *keydef; + const cfg_obj_t *keydef; char secret[1024]; isc_buffer_t b; isc_result_t result; @@ -736,10 +739,10 @@ register_keys(cfg_obj_t *control, cfg_obj_t *keylist, ISC_LIST_UNLINK(*keyids, keyid, link); free_controlkey(keyid, mctx); } else { - cfg_obj_t *algobj = NULL; - cfg_obj_t *secretobj = NULL; - char *algstr = NULL; - char *secretstr = NULL; + const cfg_obj_t *algobj = NULL; + const cfg_obj_t *secretobj = NULL; + const char *algstr = NULL; + const char *secretstr = NULL; (void)cfg_map_get(keydef, "algorithm", &algobj); (void)cfg_map_get(keydef, "secret", &secretobj); @@ -805,11 +808,11 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { isc_result_t result; cfg_parser_t *pctx = NULL; cfg_obj_t *config = NULL; - cfg_obj_t *key = NULL; - cfg_obj_t *algobj = NULL; - cfg_obj_t *secretobj = NULL; - char *algstr = NULL; - char *secretstr = NULL; + const cfg_obj_t *key = NULL; + const cfg_obj_t *algobj = NULL; + const cfg_obj_t *secretobj = NULL; + const char *algstr = NULL; + const char *secretstr = NULL; controlkey_t *keyid = NULL; char secret[1024]; isc_buffer_t b; @@ -888,12 +891,13 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { * valid or both are NULL. */ static void -get_key_info(cfg_obj_t *config, cfg_obj_t *control, - cfg_obj_t **global_keylistp, cfg_obj_t **control_keylistp) +get_key_info(const cfg_obj_t *config, const cfg_obj_t *control, + const cfg_obj_t **global_keylistp, + const cfg_obj_t **control_keylistp) { isc_result_t result; - cfg_obj_t *control_keylist = NULL; - cfg_obj_t *global_keylist = NULL; + const cfg_obj_t *control_keylist = NULL; + const cfg_obj_t *global_keylist = NULL; REQUIRE(global_keylistp != NULL && *global_keylistp == NULL); REQUIRE(control_keylistp != NULL && *control_keylistp == NULL); @@ -912,15 +916,15 @@ get_key_info(cfg_obj_t *config, cfg_obj_t *control, } static void -update_listener(ns_controls_t *cp, - controllistener_t **listenerp, cfg_obj_t *control, - cfg_obj_t *config, isc_sockaddr_t *addr, - ns_aclconfctx_t *aclconfctx, const char *socktext) +update_listener(ns_controls_t *cp, controllistener_t **listenerp, + const cfg_obj_t *control, const cfg_obj_t *config, + isc_sockaddr_t *addr, ns_aclconfctx_t *aclconfctx, + const char *socktext) { controllistener_t *listener; - cfg_obj_t *allow; - cfg_obj_t *global_keylist = NULL; - cfg_obj_t *control_keylist = NULL; + const cfg_obj_t *allow; + const cfg_obj_t *global_keylist = NULL; + const cfg_obj_t *control_keylist = NULL; dns_acl_t *new_acl = NULL; controlkeylist_t keys; isc_result_t result = ISC_R_SUCCESS; @@ -977,18 +981,25 @@ update_listener(ns_controls_t *cp, result = get_rndckey(listener->mctx, &listener->keys); } - if (result != ISC_R_SUCCESS && global_keylist != NULL) + if (result != ISC_R_SUCCESS && global_keylist != NULL) { /* * This message might be a little misleading since the * "new keys" might in fact be identical to the old ones, * but tracking whether they are identical just for the * sake of avoiding this message would be too much trouble. */ - cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING, - "couldn't install new keys for " - "command channel %s: %s", - socktext, isc_result_totext(result)); - + if (control != NULL) + cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING, + "couldn't install new keys for " + "command channel %s: %s", + socktext, isc_result_totext(result)); + else + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_CONTROL, ISC_LOG_WARNING, + "couldn't install new keys for " + "command channel %s: %s", + socktext, isc_result_totext(result)); + } /* * Now, keep the old access list unless a new one can be made. @@ -1005,26 +1016,33 @@ update_listener(ns_controls_t *cp, dns_acl_detach(&listener->acl); dns_acl_attach(new_acl, &listener->acl); dns_acl_detach(&new_acl); - } else /* XXXDCL say the old acl is still used? */ + } else if (control != NULL) cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING, "couldn't install new acl for " "command channel %s: %s", socktext, isc_result_totext(result)); + else + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_CONTROL, ISC_LOG_WARNING, + "couldn't install new acl for " + "command channel %s: %s", + socktext, isc_result_totext(result)); *listenerp = listener; } static void add_listener(ns_controls_t *cp, controllistener_t **listenerp, - cfg_obj_t *control, cfg_obj_t *config, isc_sockaddr_t *addr, - ns_aclconfctx_t *aclconfctx, const char *socktext) + const cfg_obj_t *control, const cfg_obj_t *config, + isc_sockaddr_t *addr, ns_aclconfctx_t *aclconfctx, + const char *socktext) { isc_mem_t *mctx = cp->server->mctx; controllistener_t *listener; - cfg_obj_t *allow; - cfg_obj_t *global_keylist = NULL; - cfg_obj_t *control_keylist = NULL; + const cfg_obj_t *allow; + const cfg_obj_t *global_keylist = NULL; + const cfg_obj_t *control_keylist = NULL; dns_acl_t *new_acl = NULL; isc_result_t result = ISC_R_SUCCESS; @@ -1135,13 +1153,13 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp, } isc_result_t -ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config, +ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config, ns_aclconfctx_t *aclconfctx) { controllistener_t *listener; controllistenerlist_t new_listeners; - cfg_obj_t *controlslist = NULL; - cfg_listelt_t *element, *element2; + const cfg_obj_t *controlslist = NULL; + const cfg_listelt_t *element, *element2; char socktext[ISC_SOCKADDR_FORMATSIZE]; ISC_LIST_INIT(new_listeners); @@ -1163,8 +1181,8 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config, for (element = cfg_list_first(controlslist); element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *controls; - cfg_obj_t *inetcontrols = NULL; + const cfg_obj_t *controls; + const cfg_obj_t *inetcontrols = NULL; controls = cfg_listelt_value(element); (void)cfg_map_get(controls, "inet", &inetcontrols); @@ -1174,9 +1192,9 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config, for (element2 = cfg_list_first(inetcontrols); element2 != NULL; element2 = cfg_list_next(element2)) { - cfg_obj_t *control; - cfg_obj_t *obj; - isc_sockaddr_t *addr; + const cfg_obj_t *control; + const cfg_obj_t *obj; + isc_sockaddr_t addr; /* * The parser handles BIND 8 configuration file @@ -1189,12 +1207,12 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config, control = cfg_listelt_value(element2); obj = cfg_tuple_get(control, "address"); - addr = cfg_obj_assockaddr(obj); - if (isc_sockaddr_getport(addr) == 0) - isc_sockaddr_setport(addr, + addr = *cfg_obj_assockaddr(obj); + if (isc_sockaddr_getport(&addr) == 0) + isc_sockaddr_setport(&addr, NS_CONTROL_PORT); - isc_sockaddr_format(addr, socktext, + isc_sockaddr_format(&addr, socktext, sizeof(socktext)); isc_log_write(ns_g_lctx, @@ -1205,7 +1223,7 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config, socktext); update_listener(cp, &listener, control, config, - addr, aclconfctx, socktext); + &addr, aclconfctx, socktext); if (listener != NULL) /* @@ -1219,7 +1237,7 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config, * This is a new listener. */ add_listener(cp, &listener, control, - config, addr, aclconfctx, + config, &addr, aclconfctx, socktext); if (listener != NULL) diff --git a/contrib/bind9/bin/named/include/named/aclconf.h b/contrib/bind9/bin/named/include/named/aclconf.h index 81265727848..a5b333a9faa 100644 --- a/contrib/bind9/bin/named/include/named/aclconf.h +++ b/contrib/bind9/bin/named/include/named/aclconf.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: aclconf.h,v 1.12.208.1 2004/03/06 10:21:23 marka Exp $ */ +/* $Id: aclconf.h,v 1.12.208.3 2006/03/02 00:37:20 marka Exp $ */ #ifndef NS_ACLCONF_H #define NS_ACLCONF_H 1 @@ -49,8 +49,8 @@ ns_aclconfctx_destroy(ns_aclconfctx_t *ctx); */ isc_result_t -ns_acl_fromconfig(cfg_obj_t *caml, - cfg_obj_t *cctx, +ns_acl_fromconfig(const cfg_obj_t *caml, + const cfg_obj_t *cctx, ns_aclconfctx_t *ctx, isc_mem_t *mctx, dns_acl_t **target); diff --git a/contrib/bind9/bin/named/include/named/client.h b/contrib/bind9/bin/named/include/named/client.h index 7097a3bb05b..f602be84e6b 100644 --- a/contrib/bind9/bin/named/include/named/client.h +++ b/contrib/bind9/bin/named/include/named/client.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.h,v 1.60.2.2.10.10 2005/07/29 00:13:08 marka Exp $ */ +/* $Id: client.h,v 1.60.2.2.10.12 2006/06/06 00:11:40 marka Exp $ */ #ifndef NAMED_CLIENT_H #define NAMED_CLIENT_H 1 @@ -198,6 +198,12 @@ ns_client_next(ns_client_t *client, isc_result_t result); * return no response to the client. */ +void +ns_client_qnamereplace(ns_client_t *client, dns_name_t *name); +/*% + * Replace the qname. + */ + isc_boolean_t ns_client_shuttingdown(ns_client_t *client); /* diff --git a/contrib/bind9/bin/named/include/named/config.h b/contrib/bind9/bin/named/include/named/config.h index b3b4f121606..8e5b94a7fc3 100644 --- a/contrib/bind9/bin/named/include/named/config.h +++ b/contrib/bind9/bin/named/include/named/config.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001, 2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.h,v 1.4.12.4 2004/04/20 14:12:10 marka Exp $ */ +/* $Id: config.h,v 1.4.12.6 2006/03/02 00:37:20 marka Exp $ */ #ifndef NAMED_CONFIG_H #define NAMED_CONFIG_H 1 @@ -29,27 +29,28 @@ isc_result_t ns_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf); isc_result_t -ns_config_get(cfg_obj_t **maps, const char* name, cfg_obj_t **obj); +ns_config_get(const cfg_obj_t **maps, const char* name, const cfg_obj_t **obj); isc_result_t -ns_checknames_get(cfg_obj_t **maps, const char* name, cfg_obj_t **obj); +ns_checknames_get(const cfg_obj_t **maps, const char* name, + const cfg_obj_t **obj); int -ns_config_listcount(cfg_obj_t *list); +ns_config_listcount(const cfg_obj_t *list); isc_result_t -ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass, +ns_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass, dns_rdataclass_t *classp); isc_result_t -ns_config_gettype(cfg_obj_t *typeobj, dns_rdatatype_t deftype, +ns_config_gettype(const cfg_obj_t *typeobj, dns_rdatatype_t deftype, dns_rdatatype_t *typep); dns_zonetype_t -ns_config_getzonetype(cfg_obj_t *zonetypeobj); +ns_config_getzonetype(const cfg_obj_t *zonetypeobj); isc_result_t -ns_config_getiplist(cfg_obj_t *config, cfg_obj_t *list, +ns_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list, in_port_t defport, isc_mem_t *mctx, isc_sockaddr_t **addrsp, isc_uint32_t *countp); @@ -58,16 +59,16 @@ ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp, isc_uint32_t count); isc_result_t -ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx, - isc_sockaddr_t **addrsp, dns_name_t ***keys, - isc_uint32_t *countp); +ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, + isc_mem_t *mctx, isc_sockaddr_t **addrsp, + dns_name_t ***keys, isc_uint32_t *countp); void ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp, dns_name_t ***keys, isc_uint32_t count); isc_result_t -ns_config_getport(cfg_obj_t *config, in_port_t *portp); +ns_config_getport(const cfg_obj_t *config, in_port_t *portp); isc_result_t ns_config_getkeyalgorithm(const char *str, dns_name_t **name); diff --git a/contrib/bind9/bin/named/include/named/control.h b/contrib/bind9/bin/named/include/named/control.h index bbb7d36cbbe..bdb706e3cf4 100644 --- a/contrib/bind9/bin/named/include/named/control.h +++ b/contrib/bind9/bin/named/include/named/control.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: control.h,v 1.6.2.2.2.7 2004/09/03 03:43:32 marka Exp $ */ +/* $Id: control.h,v 1.6.2.2.2.9 2006/03/02 00:37:20 marka Exp $ */ #ifndef NAMED_CONTROL_H #define NAMED_CONTROL_H 1 @@ -67,7 +67,7 @@ ns_controls_destroy(ns_controls_t **ctrlsp); */ isc_result_t -ns_controls_configure(ns_controls_t *controls, cfg_obj_t *config, +ns_controls_configure(ns_controls_t *controls, const cfg_obj_t *config, ns_aclconfctx_t *aclconfctx); /* * Configure zero or more command channels into 'controls' diff --git a/contrib/bind9/bin/named/include/named/globals.h b/contrib/bind9/bin/named/include/named/globals.h index 2cc85483956..b8137e8d332 100644 --- a/contrib/bind9/bin/named/include/named/globals.h +++ b/contrib/bind9/bin/named/include/named/globals.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: globals.h,v 1.59.68.5 2004/03/08 04:04:20 marka Exp $ */ +/* $Id: globals.h,v 1.59.68.7 2006/03/02 00:37:20 marka Exp $ */ #ifndef NAMED_GLOBALS_H #define NAMED_GLOBALS_H 1 @@ -75,7 +75,7 @@ EXTERN unsigned int ns_g_debuglevel INIT(0); * Current configuration information. */ EXTERN cfg_obj_t * ns_g_config INIT(NULL); -EXTERN cfg_obj_t * ns_g_defaults INIT(NULL); +EXTERN const cfg_obj_t * ns_g_defaults INIT(NULL); EXTERN const char * ns_g_conffile INIT(NS_SYSCONFDIR "/named.conf"); EXTERN const char * ns_g_keyfile INIT(NS_SYSCONFDIR diff --git a/contrib/bind9/bin/named/include/named/logconf.h b/contrib/bind9/bin/named/include/named/logconf.h index a6f7450c938..b92ad31384e 100644 --- a/contrib/bind9/bin/named/include/named/logconf.h +++ b/contrib/bind9/bin/named/include/named/logconf.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: logconf.h,v 1.10.208.1 2004/03/06 10:21:24 marka Exp $ */ +/* $Id: logconf.h,v 1.10.208.3 2006/03/02 00:37:20 marka Exp $ */ #ifndef NAMED_LOGCONF_H #define NAMED_LOGCONF_H 1 @@ -23,7 +23,7 @@ #include isc_result_t -ns_log_configure(isc_logconfig_t *logconf, cfg_obj_t *logstmt); +ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt); /* * Set up the logging configuration in '*logconf' according to * the named.conf data in 'logstmt'. diff --git a/contrib/bind9/bin/named/include/named/lwresd.h b/contrib/bind9/bin/named/include/named/lwresd.h index 7ba857c04ed..2aa1d55ccef 100644 --- a/contrib/bind9/bin/named/include/named/lwresd.h +++ b/contrib/bind9/bin/named/include/named/lwresd.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwresd.h,v 1.12.208.1 2004/03/06 10:21:25 marka Exp $ */ +/* $Id: lwresd.h,v 1.12.208.3 2006/03/02 00:37:20 marka Exp $ */ #ifndef NAMED_LWRESD_H #define NAMED_LWRESD_H 1 @@ -56,7 +56,7 @@ struct ns_lwreslistener { * Configure lwresd. */ isc_result_t -ns_lwresd_configure(isc_mem_t *mctx, cfg_obj_t *config); +ns_lwresd_configure(isc_mem_t *mctx, const cfg_obj_t *config); isc_result_t ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx, @@ -72,7 +72,8 @@ ns_lwresd_shutdown(void); * Manager functions */ isc_result_t -ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres, ns_lwresd_t **lwresdp); +ns_lwdmanager_create(isc_mem_t *mctx, const cfg_obj_t *lwres, + ns_lwresd_t **lwresdp); void ns_lwdmanager_attach(ns_lwresd_t *source, ns_lwresd_t **targetp); diff --git a/contrib/bind9/bin/named/include/named/server.h b/contrib/bind9/bin/named/include/named/server.h index 97eb2efce34..37526c0bef6 100644 --- a/contrib/bind9/bin/named/include/named/server.h +++ b/contrib/bind9/bin/named/include/named/server.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.h,v 1.58.2.1.10.11 2004/03/08 04:04:21 marka Exp $ */ +/* $Id: server.h,v 1.58.2.1.10.13 2006/03/02 00:37:20 marka Exp $ */ #ifndef NAMED_SERVER_H #define NAMED_SERVER_H 1 @@ -208,6 +208,6 @@ ns_server_dumprecursing(ns_server_t *server); * Maintain a list of dispatches that require reserved ports. */ void -ns_add_reserved_dispatch(ns_server_t *server, isc_sockaddr_t *addr); +ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr); #endif /* NAMED_SERVER_H */ diff --git a/contrib/bind9/bin/named/include/named/sortlist.h b/contrib/bind9/bin/named/include/named/sortlist.h index 88a14938779..9966686e636 100644 --- a/contrib/bind9/bin/named/include/named/sortlist.h +++ b/contrib/bind9/bin/named/include/named/sortlist.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sortlist.h,v 1.4.208.1 2004/03/06 10:21:26 marka Exp $ */ +/* $Id: sortlist.h,v 1.4.208.3 2006/03/02 00:37:20 marka Exp $ */ #ifndef NAMED_SORTLIST_H #define NAMED_SORTLIST_H 1 @@ -28,7 +28,7 @@ * Type for callback functions that rank addresses. */ typedef int -(*dns_addressorderfunc_t)(isc_netaddr_t *address, void *arg); +(*dns_addressorderfunc_t)(const isc_netaddr_t *address, const void *arg); /* * Return value type for setup_sortlist. @@ -40,7 +40,8 @@ typedef enum { } ns_sortlisttype_t; ns_sortlisttype_t -ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, void **argp); +ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, + const void **argp); /* * Find the sortlist statement in 'acl' that applies to 'clientaddr', if any. * @@ -55,14 +56,14 @@ ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, void **argp); */ int -ns_sortlist_addrorder1(isc_netaddr_t *addr, void *arg); +ns_sortlist_addrorder1(const isc_netaddr_t *addr, const void *arg); /* * Find the sort order of 'addr' in 'arg', the matching element * of a 1-element top-level sortlist statement. */ int -ns_sortlist_addrorder2(isc_netaddr_t *addr, void *arg); +ns_sortlist_addrorder2(const isc_netaddr_t *addr, const void *arg); /* * Find the sort order of 'addr' in 'arg', a topology-like * ACL forming the second element in a 2-element top-level @@ -72,7 +73,7 @@ ns_sortlist_addrorder2(isc_netaddr_t *addr, void *arg); void ns_sortlist_byaddrsetup(dns_acl_t *sortlist_acl, isc_netaddr_t *client_addr, dns_addressorderfunc_t *orderp, - void **argp); + const void **argp); /* * Find the sortlist statement in 'acl' that applies to 'clientaddr', if any. * If a sortlist statement applies, return in '*orderp' a pointer to a function diff --git a/contrib/bind9/bin/named/include/named/tkeyconf.h b/contrib/bind9/bin/named/include/named/tkeyconf.h index e3710eae3e0..ac72f3e98e0 100644 --- a/contrib/bind9/bin/named/include/named/tkeyconf.h +++ b/contrib/bind9/bin/named/include/named/tkeyconf.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tkeyconf.h,v 1.9.208.1 2004/03/06 10:21:26 marka Exp $ */ +/* $Id: tkeyconf.h,v 1.9.208.3 2006/03/02 00:37:20 marka Exp $ */ #ifndef NS_TKEYCONF_H #define NS_TKEYCONF_H 1 @@ -28,8 +28,8 @@ ISC_LANG_BEGINDECLS isc_result_t -ns_tkeyctx_fromconfig(cfg_obj_t *options, isc_mem_t *mctx, isc_entropy_t *ectx, - dns_tkeyctx_t **tctxp); +ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx, + isc_entropy_t *ectx, dns_tkeyctx_t **tctxp); /* * Create a TKEY context and configure it, including the default DH key * and default domain, according to 'options'. diff --git a/contrib/bind9/bin/named/include/named/tsigconf.h b/contrib/bind9/bin/named/include/named/tsigconf.h index ef4161ded8a..fcb415eb429 100644 --- a/contrib/bind9/bin/named/include/named/tsigconf.h +++ b/contrib/bind9/bin/named/include/named/tsigconf.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tsigconf.h,v 1.9.208.1 2004/03/06 10:21:26 marka Exp $ */ +/* $Id: tsigconf.h,v 1.9.208.3 2006/03/02 00:37:20 marka Exp $ */ #ifndef NS_TSIGCONF_H #define NS_TSIGCONF_H 1 @@ -26,7 +26,7 @@ ISC_LANG_BEGINDECLS isc_result_t -ns_tsigkeyring_fromconfig(cfg_obj_t *config, cfg_obj_t *vconfig, +ns_tsigkeyring_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig, isc_mem_t *mctx, dns_tsig_keyring_t **ringp); /* * Create a TSIG key ring and configure it according to the 'key' diff --git a/contrib/bind9/bin/named/include/named/zoneconf.h b/contrib/bind9/bin/named/include/named/zoneconf.h index 3b8f200dc79..3e63053f389 100644 --- a/contrib/bind9/bin/named/include/named/zoneconf.h +++ b/contrib/bind9/bin/named/include/named/zoneconf.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zoneconf.h,v 1.16.2.2.8.1 2004/03/06 10:21:27 marka Exp $ */ +/* $Id: zoneconf.h,v 1.16.2.2.8.3 2006/03/02 00:37:20 marka Exp $ */ #ifndef NS_ZONECONF_H #define NS_ZONECONF_H 1 @@ -30,8 +30,9 @@ ISC_LANG_BEGINDECLS isc_result_t -ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig, - ns_aclconfctx_t *ac, dns_zone_t *zone); +ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, + const cfg_obj_t *zconfig, ns_aclconfctx_t *ac, + dns_zone_t *zone); /* * Configure or reconfigure a zone according to the named.conf * data in 'cctx' and 'czone'. @@ -48,7 +49,7 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig, */ isc_boolean_t -ns_zone_reusable(dns_zone_t *zone, cfg_obj_t *zconfig); +ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig); /* * If 'zone' can be safely reconfigured according to the configuration * data in 'zconfig', return ISC_TRUE. If the configuration data is so diff --git a/contrib/bind9/bin/named/interfacemgr.c b/contrib/bind9/bin/named/interfacemgr.c index b212892c8e1..a3410567e63 100644 --- a/contrib/bind9/bin/named/interfacemgr.c +++ b/contrib/bind9/bin/named/interfacemgr.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: interfacemgr.c,v 1.59.2.5.8.15 2004/08/10 04:56:23 jinmei Exp $ */ +/* $Id: interfacemgr.c,v 1.59.2.5.8.18 2006/07/19 00:16:28 marka Exp $ */ #include @@ -182,6 +182,7 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, ifp->mgr = NULL; ifp->generation = mgr->generation; ifp->addr = *addr; + ifp->flags = 0; strncpy(ifp->name, name, sizeof(ifp->name)); ifp->name[sizeof(ifp->name)-1] = '\0'; ifp->clientmgr = NULL; @@ -717,9 +718,8 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, * See if the address matches the listen-on statement; * if not, ignore the interface. */ - result = dns_acl_match(&listen_netaddr, NULL, - le->acl, &mgr->aclenv, - &match, NULL); + (void)dns_acl_match(&listen_netaddr, NULL, le->acl, + &mgr->aclenv, &match, NULL); if (match <= 0) continue; @@ -745,9 +745,9 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, for (ele = ISC_LIST_HEAD(ext_listen->elts); ele != NULL; ele = ISC_LIST_NEXT(ele, link)) { - dns_acl_match(&listen_netaddr, NULL, - ele->acl, NULL, - &match, NULL); + (void)dns_acl_match(&listen_netaddr, + NULL, ele->acl, + NULL, &match, NULL); if (match > 0 && ele->port == le->port) break; else diff --git a/contrib/bind9/bin/named/logconf.c b/contrib/bind9/bin/named/logconf.c index 596d40166bb..1bf3b5589e2 100644 --- a/contrib/bind9/bin/named/logconf.c +++ b/contrib/bind9/bin/named/logconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: logconf.c,v 1.30.2.3.10.2 2004/03/06 10:21:18 marka Exp $ */ +/* $Id: logconf.c,v 1.30.2.3.10.4 2006/03/02 00:37:20 marka Exp $ */ #include @@ -41,13 +41,13 @@ * in 'ccat' and add it to 'lctx'. */ static isc_result_t -category_fromconf(cfg_obj_t *ccat, isc_logconfig_t *lctx) { +category_fromconf(const cfg_obj_t *ccat, isc_logconfig_t *lctx) { isc_result_t result; const char *catname; isc_logcategory_t *category; isc_logmodule_t *module; - cfg_obj_t *destinations = NULL; - cfg_listelt_t *element = NULL; + const cfg_obj_t *destinations = NULL; + const cfg_listelt_t *element = NULL; catname = cfg_obj_asstring(cfg_tuple_get(ccat, "name")); category = isc_log_categorybyname(ns_g_lctx, catname); @@ -68,8 +68,8 @@ category_fromconf(cfg_obj_t *ccat, isc_logconfig_t *lctx) { element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *channel = cfg_listelt_value(element); - char *channelname = cfg_obj_asstring(channel); + const cfg_obj_t *channel = cfg_listelt_value(element); + const char *channelname = cfg_obj_asstring(channel); result = isc_log_usechannel(lctx, channelname, category, module); @@ -89,18 +89,18 @@ category_fromconf(cfg_obj_t *ccat, isc_logconfig_t *lctx) { * in 'cchan' and add it to 'lctx'. */ static isc_result_t -channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) { +channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) { isc_result_t result; isc_logdestination_t dest; unsigned int type; unsigned int flags = 0; int level; const char *channelname; - cfg_obj_t *fileobj = NULL; - cfg_obj_t *syslogobj = NULL; - cfg_obj_t *nullobj = NULL; - cfg_obj_t *stderrobj = NULL; - cfg_obj_t *severity = NULL; + const cfg_obj_t *fileobj = NULL; + const cfg_obj_t *syslogobj = NULL; + const cfg_obj_t *nullobj = NULL; + const cfg_obj_t *stderrobj = NULL; + const cfg_obj_t *severity = NULL; int i; channelname = cfg_obj_asstring(cfg_map_getname(channel)); @@ -130,9 +130,10 @@ channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) { type = ISC_LOG_TONULL; if (fileobj != NULL) { - cfg_obj_t *pathobj = cfg_tuple_get(fileobj, "file"); - cfg_obj_t *sizeobj = cfg_tuple_get(fileobj, "size"); - cfg_obj_t *versionsobj = cfg_tuple_get(fileobj, "versions"); + const cfg_obj_t *pathobj = cfg_tuple_get(fileobj, "file"); + const cfg_obj_t *sizeobj = cfg_tuple_get(fileobj, "size"); + const cfg_obj_t *versionsobj = + cfg_tuple_get(fileobj, "versions"); isc_int32_t versions = ISC_LOG_ROLLNEVER; isc_offset_t size = 0; @@ -157,7 +158,7 @@ channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) { type = ISC_LOG_TOSYSLOG; if (cfg_obj_isstring(syslogobj)) { - char *facilitystr = cfg_obj_asstring(syslogobj); + const char *facilitystr = cfg_obj_asstring(syslogobj); (void)isc_syslog_facilityfromstring(facilitystr, &facility); } @@ -174,9 +175,9 @@ channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) { * Munge flags. */ { - cfg_obj_t *printcat = NULL; - cfg_obj_t *printsev = NULL; - cfg_obj_t *printtime = NULL; + const cfg_obj_t *printcat = NULL; + const cfg_obj_t *printsev = NULL; + const cfg_obj_t *printtime = NULL; (void)cfg_map_get(channel, "print-category", &printcat); (void)cfg_map_get(channel, "print-severity", &printsev); @@ -193,7 +194,7 @@ channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) { level = ISC_LOG_INFO; if (cfg_map_get(channel, "severity", &severity) == ISC_R_SUCCESS) { if (cfg_obj_isstring(severity)) { - char *str = cfg_obj_asstring(severity); + const char *str = cfg_obj_asstring(severity); if (strcasecmp(str, "critical") == 0) level = ISC_LOG_CRITICAL; else if (strcasecmp(str, "error") == 0) @@ -242,13 +243,14 @@ channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) { } isc_result_t -ns_log_configure(isc_logconfig_t *logconf, cfg_obj_t *logstmt) { +ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt) { isc_result_t result; - cfg_obj_t *channels = NULL; - cfg_obj_t *categories = NULL; - cfg_listelt_t *element; + const cfg_obj_t *channels = NULL; + const cfg_obj_t *categories = NULL; + const cfg_listelt_t *element; isc_boolean_t default_set = ISC_FALSE; isc_boolean_t unmatched_set = ISC_FALSE; + const cfg_obj_t *catname; CHECK(ns_log_setdefaultchannels(logconf)); @@ -257,7 +259,7 @@ ns_log_configure(isc_logconfig_t *logconf, cfg_obj_t *logstmt) { element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *channel = cfg_listelt_value(element); + const cfg_obj_t *channel = cfg_listelt_value(element); CHECK(channel_fromconf(channel, logconf)); } @@ -266,15 +268,15 @@ ns_log_configure(isc_logconfig_t *logconf, cfg_obj_t *logstmt) { element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *category = cfg_listelt_value(element); + const cfg_obj_t *category = cfg_listelt_value(element); CHECK(category_fromconf(category, logconf)); if (!default_set) { - cfg_obj_t *catname = cfg_tuple_get(category, "name"); + catname = cfg_tuple_get(category, "name"); if (strcmp(cfg_obj_asstring(catname), "default") == 0) default_set = ISC_TRUE; } if (!unmatched_set) { - cfg_obj_t *catname = cfg_tuple_get(category, "name"); + catname = cfg_tuple_get(category, "name"); if (strcmp(cfg_obj_asstring(catname), "unmatched") == 0) unmatched_set = ISC_TRUE; } diff --git a/contrib/bind9/bin/named/lwdgabn.c b/contrib/bind9/bin/named/lwdgabn.c index 030a77ae786..539c25bf3d1 100644 --- a/contrib/bind9/bin/named/lwdgabn.c +++ b/contrib/bind9/bin/named/lwdgabn.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdgabn.c,v 1.13.12.3 2004/03/08 04:04:19 marka Exp $ */ +/* $Id: lwdgabn.c,v 1.13.12.5 2006/03/02 00:37:20 marka Exp $ */ #include @@ -120,7 +120,7 @@ sort_addresses(ns_lwdclient_t *client) { rankedaddress *addrs; isc_netaddr_t remote; dns_addressorderfunc_t order; - void *arg; + const void *arg; ns_lwresd_t *lwresd = client->clientmgr->listener->manager; unsigned int i; isc_result_t result; diff --git a/contrib/bind9/bin/named/lwdgrbn.c b/contrib/bind9/bin/named/lwdgrbn.c index 665226539b4..3ad9e9e38d5 100644 --- a/contrib/bind9/bin/named/lwdgrbn.c +++ b/contrib/bind9/bin/named/lwdgrbn.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdgrbn.c,v 1.11.208.3 2004/03/08 04:04:19 marka Exp $ */ +/* $Id: lwdgrbn.c,v 1.11.208.5 2006/01/04 23:50:19 marka Exp $ */ #include @@ -358,7 +358,7 @@ lookup_done(isc_task_t *task, isc_event_t *event) { client->sendlength = r.length; result = ns_lwdclient_sendreply(client, &r); if (result != ISC_R_SUCCESS) - goto out; + goto out2; NS_LWDCLIENT_SETSEND(client); @@ -378,7 +378,7 @@ lookup_done(isc_task_t *task, isc_event_t *event) { if (grbn->siglen != NULL) isc_mem_put(cm->mctx, grbn->siglen, grbn->nsigs * sizeof(lwres_uint16_t)); - + out2: if (client->lookup != NULL) dns_lookup_destroy(&client->lookup); if (lwb.base != NULL) diff --git a/contrib/bind9/bin/named/lwresd.8 b/contrib/bind9/bin/named/lwresd.8 index 58f24b06237..1333a5d5092 100644 --- a/contrib/bind9/bin/named/lwresd.8 +++ b/contrib/bind9/bin/named/lwresd.8 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwresd.8,v 1.13.208.5 2005/10/13 02:33:47 marka Exp $ +.\" $Id: lwresd.8,v 1.13.208.6 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwresd +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: June 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRESD" "8" "June 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -57,41 +60,41 @@ entries are present, or if forwarding fails, \fBlwresd\fR resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints. .SH "OPTIONS" -.TP +.TP 3n \-C \fIconfig\-file\fR Use \fIconfig\-file\fR as the configuration file instead of the default, \fI/etc/resolv.conf\fR. -.TP +.TP 3n \-d \fIdebug\-level\fR Set the daemon's debug level to \fIdebug\-level\fR. Debugging traces from \fBlwresd\fR become more verbose as the debug level increases. -.TP +.TP 3n \-f Run the server in the foreground (i.e. do not daemonize). -.TP +.TP 3n \-g Run the server in the foreground and force all logging to \fIstderr\fR. -.TP +.TP 3n \-n \fI#cpus\fR Create \fI#cpus\fR worker threads to take advantage of multiple CPUs. If not specified, \fBlwresd\fR will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. -.TP +.TP 3n \-P \fIport\fR Listen for lightweight resolver queries on port \fIport\fR. If not specified, the default is port 921. -.TP +.TP 3n \-p \fIport\fR Send DNS lookups to port \fIport\fR. If not specified, the default is port 53. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number. -.TP +.TP 3n \-s Write memory usage statistics to \fIstdout\fR @@ -100,7 +103,7 @@ on exit. .B "Note:" This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release. .RE -.TP +.TP 3n \-t \fIdirectory\fR \fBchroot()\fR to @@ -114,20 +117,20 @@ option, as chrooting a process running as root doesn't enhance security on most \fBchroot()\fR is defined allows a process with root privileges to escape a chroot jail. .RE -.TP +.TP 3n \-u \fIuser\fR \fBsetuid()\fR to \fIuser\fR after completing privileged operations, such as creating sockets that listen on privileged ports. -.TP +.TP 3n \-v Report the version number and exit. .SH "FILES" -.TP +.TP 3n \fI/etc/resolv.conf\fR The default configuration file. -.TP +.TP 3n \fI/var/run/lwresd.pid\fR The default process\-id file. .SH "SEE ALSO" @@ -138,3 +141,5 @@ The default process\-id file. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/named/lwresd.c b/contrib/bind9/bin/named/lwresd.c index 9da41681a53..e48822f7119 100644 --- a/contrib/bind9/bin/named/lwresd.c +++ b/contrib/bind9/bin/named/lwresd.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwresd.c,v 1.37.2.2.2.5 2004/03/08 04:04:19 marka Exp $ */ +/* $Id: lwresd.c,v 1.37.2.2.2.8 2006/02/28 06:32:53 marka Exp $ */ /* * Main program for the Lightweight Resolver Daemon. @@ -285,14 +285,14 @@ ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx, * Handle lwresd manager objects */ isc_result_t -ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres, +ns_lwdmanager_create(isc_mem_t *mctx, const cfg_obj_t *lwres, ns_lwresd_t **lwresdp) { ns_lwresd_t *lwresd; const char *vname; dns_rdataclass_t vclass; - cfg_obj_t *obj, *viewobj, *searchobj; - cfg_listelt_t *element; + const cfg_obj_t *obj, *viewobj, *searchobj; + const cfg_listelt_t *element; isc_result_t result; INSIST(lwresdp != NULL && *lwresdp == NULL); @@ -356,8 +356,8 @@ ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *search; - char *searchstr; + const cfg_obj_t *search; + const char *searchstr; isc_buffer_t namebuf; dns_fixedname_t fname; dns_name_t *name; @@ -407,6 +407,7 @@ ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres, ns_lwsearchlist_detach(&lwresd->search); if (lwresd->mctx != NULL) isc_mem_detach(&lwresd->mctx); + isc_mem_put(mctx, lwresd, sizeof(ns_lwresd_t)); return (result); } @@ -744,11 +745,11 @@ configure_listener(isc_sockaddr_t *address, ns_lwresd_t *lwresd, } isc_result_t -ns_lwresd_configure(isc_mem_t *mctx, cfg_obj_t *config) { - cfg_obj_t *lwreslist = NULL; - cfg_obj_t *lwres = NULL; - cfg_obj_t *listenerslist = NULL; - cfg_listelt_t *element = NULL; +ns_lwresd_configure(isc_mem_t *mctx, const cfg_obj_t *config) { + const cfg_obj_t *lwreslist = NULL; + const cfg_obj_t *lwres = NULL; + const cfg_obj_t *listenerslist = NULL; + const cfg_listelt_t *element = NULL; ns_lwreslistener_t *listener; ns_lwreslistenerlist_t newlisteners; isc_result_t result; diff --git a/contrib/bind9/bin/named/lwresd.html b/contrib/bind9/bin/named/lwresd.html index 439153aa826..6ab78242e73 100644 --- a/contrib/bind9/bin/named/lwresd.html +++ b/contrib/bind9/bin/named/lwresd.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwresd - +
-
+

Name

lwresd — lightweight resolver daemon

@@ -32,7 +32,7 @@

lwresd [-C config-file] [-d debug-level] [-f] [-g] [-i pid-file] [-n #cpus] [-P port] [-p port] [-s] [-t directory] [-u user] [-v]

-

DESCRIPTION

+

DESCRIPTION

lwresd is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver @@ -67,7 +67,7 @@

-

OPTIONS

+

OPTIONS

-C config-file

@@ -159,7 +159,7 @@

-

FILES

+

FILES

/etc/resolv.conf

@@ -172,7 +172,7 @@

-

SEE ALSO

+

SEE ALSO

named(8), lwres(3), @@ -180,7 +180,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/bin/named/main.c b/contrib/bind9/bin/named/main.c index c155291d6ca..960de2a34bb 100644 --- a/contrib/bind9/bin/named/main.c +++ b/contrib/bind9/bin/named/main.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: main.c,v 1.119.2.3.2.22 2005/04/29 01:04:47 marka Exp $ */ +/* $Id: main.c,v 1.119.2.3.2.25 2006/11/10 18:51:06 marka Exp $ */ #include @@ -473,7 +473,7 @@ create_managers(void) { result = isc_taskmgr_create(ns_g_mctx, ns_g_cpus, 0, &ns_g_taskmgr); if (result != ISC_R_SUCCESS) { UNEXPECTED_ERROR(__FILE__, __LINE__, - "ns_taskmgr_create() failed: %s", + "isc_taskmgr_create() failed: %s", isc_result_totext(result)); return (ISC_R_UNEXPECTED); } @@ -481,7 +481,7 @@ create_managers(void) { result = isc_timermgr_create(ns_g_mctx, &ns_g_timermgr); if (result != ISC_R_SUCCESS) { UNEXPECTED_ERROR(__FILE__, __LINE__, - "ns_timermgr_create() failed: %s", + "isc_timermgr_create() failed: %s", isc_result_totext(result)); return (ISC_R_UNEXPECTED); } @@ -856,7 +856,7 @@ main(int argc, char *argv[]) { if (result == ISC_R_SUCCESS && instance != NULL) { if (smf_disable_instance(instance, 0) != 0) UNEXPECTED_ERROR(__FILE__, __LINE__, - "smf_disable_instance() ", + "smf_disable_instance() " "failed for %s : %s", instance, scf_strerror(scf_error())); diff --git a/contrib/bind9/bin/named/named.8 b/contrib/bind9/bin/named/named.8 index e072c169be3..7172393534d 100644 --- a/contrib/bind9/bin/named/named.8 +++ b/contrib/bind9/bin/named/named.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.8,v 1.17.208.6 2005/10/13 02:33:46 marka Exp $ +.\" $Id: named.8,v 1.17.208.9 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: named +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: June 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "NAMED" "8" "June 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -41,21 +44,21 @@ When invoked without arguments, will read the default configuration file \fI/etc/named.conf\fR, read any initial data, and listen for queries. .SH "OPTIONS" -.TP +.TP 3n \-4 Use IPv4 only even if the host machine is capable of IPv6. \fB\-4\fR and \fB\-6\fR are mutually exclusive. -.TP +.TP 3n \-6 Use IPv6 only even if the host machine is capable of IPv4. \fB\-4\fR and \fB\-6\fR are mutually exclusive. -.TP +.TP 3n \-c \fIconfig\-file\fR Use \fIconfig\-file\fR @@ -65,31 +68,31 @@ as the configuration file instead of the default, option in the configuration file, \fIconfig\-file\fR should be an absolute pathname. -.TP +.TP 3n \-d \fIdebug\-level\fR Set the daemon's debug level to \fIdebug\-level\fR. Debugging traces from \fBnamed\fR become more verbose as the debug level increases. -.TP +.TP 3n \-f Run the server in the foreground (i.e. do not daemonize). -.TP +.TP 3n \-g Run the server in the foreground and force all logging to \fIstderr\fR. -.TP +.TP 3n \-n \fI#cpus\fR Create \fI#cpus\fR worker threads to take advantage of multiple CPUs. If not specified, \fBnamed\fR will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. -.TP +.TP 3n \-p \fIport\fR Listen for queries on port \fIport\fR. If not specified, the default is port 53. -.TP +.TP 3n \-s Write memory usage statistics to \fIstdout\fR @@ -98,7 +101,7 @@ on exit. .B "Note:" This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release. .RE -.TP +.TP 3n \-t \fIdirectory\fR \fBchroot()\fR to @@ -112,7 +115,7 @@ option, as chrooting a process running as root doesn't enhance security on most \fBchroot()\fR is defined allows a process with root privileges to escape a chroot jail. .RE -.TP +.TP 3n \-u \fIuser\fR \fBsetuid()\fR to @@ -131,10 +134,10 @@ option only works when is run on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since previous kernels did not allow privileges to be retained after \fBsetuid()\fR. .RE -.TP +.TP 3n \-v Report the version number and exit. -.TP +.TP 3n \-x \fIcache\-file\fR Load data from \fIcache\-file\fR @@ -148,10 +151,10 @@ This option must not be used. It is only of interest to BIND 9 developers and ma In routine operation, signals should not be used to control the nameserver; \fBrndc\fR should be used instead. -.TP +.TP 3n SIGHUP Force a reload of the server. -.TP +.TP 3n SIGINT, SIGTERM Shut down the server. .PP @@ -163,10 +166,10 @@ The configuration file is too complex to describe in detail here. A complete description is provided in the BIND 9 Administrator Reference Manual. .SH "FILES" -.TP +.TP 3n \fI/etc/named.conf\fR The default configuration file. -.TP +.TP 3n \fI/var/run/named.pid\fR The default process\-id file. .SH "SEE ALSO" @@ -176,7 +179,10 @@ RFC 1034, RFC 1035, \fBrndc\fR(8), \fBlwresd\fR(8), +\fBnamed.conf\fR(5), BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/named/named.conf.5 b/contrib/bind9/bin/named/named.conf.5 index d0b690b1b5a..1ace4da31cd 100644 --- a/contrib/bind9/bin/named/named.conf.5 +++ b/contrib/bind9/bin/named/named.conf.5 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,15 +12,18 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.conf.5,v 1.1.4.6 2005/10/13 02:33:47 marka Exp $ +.\" $Id: named.conf.5,v 1.1.4.10 2006/09/13 02:56:20 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. -.TH "\\FINAMED.CONF\\FR" "5" "Aug 13, 2004" "BIND9" "BIND9" +.\" Title: \fInamed.conf\fR +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Aug 13, 2004 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" +.TH "\fINAMED.CONF\fR" "5" "Aug 13, 2004" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -43,27 +46,34 @@ C++ style: // to end of line Unix style: # to end of line .SH "ACL" .sp +.RS 3n .nf acl \fIstring\fR { \fIaddress_match_element\fR; ... }; .fi +.RE .SH "KEY" .sp +.RS 3n .nf key \fIdomain_name\fR { algorithm \fIstring\fR; secret \fIstring\fR; }; .fi +.RE .SH "MASTERS" .sp +.RS 3n .nf masters \fIstring\fR [ port \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] | \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ... }; .fi +.RE .SH "SERVER" .sp +.RS 3n .nf server ( \fIipv4_address\fR | \fIipv6_address\fR ) { bogus \fIboolean\fR; @@ -80,15 +90,19 @@ server ( \fIipv4_address\fR | \fIipv6_address\fR ) { support\-ixfr \fIboolean\fR; // obsolete }; .fi +.RE .SH "TRUSTED\-KEYS" .sp +.RS 3n .nf trusted\-keys { \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ... }; .fi +.RE .SH "CONTROLS" .sp +.RS 3n .nf controls { inet ( \fIipv4_address\fR | \fIipv6_address\fR | * ) @@ -98,8 +112,10 @@ controls { unix \fIunsupported\fR; // not implemented }; .fi +.RE .SH "LOGGING" .sp +.RS 3n .nf logging { channel \fIstring\fR { @@ -115,8 +131,10 @@ logging { category \fIstring\fR { \fIstring\fR; ... }; }; .fi +.RE .SH "LWRES" .sp +.RS 3n .nf lwres { listen\-on [ port \fIinteger\fR ] { @@ -127,8 +145,10 @@ lwres { ndots \fIinteger\fR; }; .fi +.RE .SH "OPTIONS" .sp +.RS 3n .nf options { avoid\-v4\-udp\-ports { \fIport\fR; ... }; @@ -137,6 +157,7 @@ options { coresize \fIsize\fR; datasize \fIsize\fR; directory \fIquoted_string\fR; + cache\-file \fIquoted_string\fR; // test option dump\-file \fIquoted_string\fR; files \fIsize\fR; heartbeat\-interval \fIinteger\fR; @@ -184,8 +205,8 @@ options { rfc2308\-type1 \fIboolean\fR; // not yet implemented additional\-from\-auth \fIboolean\fR; additional\-from\-cache \fIboolean\fR; - query\-source \fIquerysource4\fR; - query\-source\-v6 \fIquerysource6\fR; + query\-source [ address ( \fIipv4_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ]; + query\-source\-v6 [ address ( \fIipv6_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ]; cleaning\-interval \fIinteger\fR; min\-roots \fIinteger\fR; // not implemented lame\-ttl \fIinteger\fR; @@ -260,8 +281,10 @@ options { use\-id\-pool \fIboolean\fR; // obsolete }; .fi +.RE .SH "VIEW" .sp +.RS 3n .nf view \fIstring\fR \fIoptional_class\fR { match\-clients { \fIaddress_match_element\fR; ... }; @@ -295,8 +318,8 @@ view \fIstring\fR \fIoptional_class\fR { rfc2308\-type1 \fIboolean\fR; // not yet implemented additional\-from\-auth \fIboolean\fR; additional\-from\-cache \fIboolean\fR; - query\-source \fIquerysource4\fR; - query\-source\-v6 \fIquerysource6\fR; + query\-source [ address ( \fIipv4_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ]; + query\-source\-v6 [ address ( \fIipv6_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ]; cleaning\-interval \fIinteger\fR; min\-roots \fIinteger\fR; // not implemented lame\-ttl \fIinteger\fR; @@ -363,8 +386,10 @@ view \fIstring\fR \fIoptional_class\fR { max\-ixfr\-log\-size \fIsize\fR; // obsolete }; .fi +.RE .SH "ZONE" .sp +.RS 3n .nf zone \fIstring\fR \fIoptional_class\fR { type ( master | slave | stub | hint | @@ -428,6 +453,7 @@ zone \fIstring\fR \fIoptional_class\fR { pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete }; .fi +.RE .SH "FILES" .PP \fI/etc/named.conf\fR @@ -435,4 +461,6 @@ zone \fIstring\fR \fIoptional_class\fR { .PP \fBnamed\fR(8), \fBrndc\fR(8), -\fBBIND 9 Adminstrators Reference Manual\fR(). +\fBBIND 9 Administrator Reference Manual\fR(). +.SH "COPYRIGHT" +Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/named/named.conf.docbook b/contrib/bind9/bin/named/named.conf.docbook index 4ba10844cc3..fb8a5ef61a1 100644 --- a/contrib/bind9/bin/named/named.conf.docbook +++ b/contrib/bind9/bin/named/named.conf.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" []> - + @@ -34,6 +34,7 @@ 2004 2005 + 2006 Internet Systems Consortium, Inc. ("ISC") @@ -183,6 +184,7 @@ options { coresize size; datasize size; directory quoted_string; + cache-file quoted_string; // test option dump-file quoted_string; files size; heartbeat-interval integer; @@ -230,8 +232,8 @@ options { rfc2308-type1 boolean; // not yet implemented additional-from-auth boolean; additional-from-cache boolean; - query-source querysource4; - query-source-v6 querysource6; + query-source address ( ipv4_address | * ) port ( integer | * ) ; + query-source-v6 address ( ipv6_address | * ) port ( integer | * ) ; cleaning-interval integer; min-roots integer; // not implemented lame-ttl integer; @@ -357,8 +359,8 @@ view string optional_class rfc2308-type1 boolean; // not yet implemented additional-from-auth boolean; additional-from-cache boolean; - query-source querysource4; - query-source-v6 querysource6; + query-source address ( ipv4_address | * ) port ( integer | * ) ; + query-source-v6 address ( ipv6_address | * ) port ( integer | * ) ; cleaning-interval integer; min-roots integer; // not implemented lame-ttl integer; @@ -530,7 +532,7 @@ zone string optional_class rndc8 , -BIND 9 Adminstrators Reference Manual +BIND 9 Administrator Reference Manual . diff --git a/contrib/bind9/bin/named/named.conf.html b/contrib/bind9/bin/named/named.conf.html index 8b3b517d7d7..b43ee7f83c6 100644 --- a/contrib/bind9/bin/named/named.conf.html +++ b/contrib/bind9/bin/named/named.conf.html @@ -1,5 +1,5 @@ - + named.conf - +
-
+

Name

named.conf — configuration file for named

@@ -31,7 +31,7 @@

named.conf

-

DESCRIPTION

+

DESCRIPTION

named.conf is the configuration file for named. Statements are enclosed @@ -50,14 +50,14 @@

-

ACL

+

ACL


acl string { address_match_element; ... };

-

KEY

+

KEY


key domain_name {
algorithm string;
@@ -66,7 +66,7 @@ key

-

MASTERS

+

MASTERS


masters string [ port integer ] {
masters | ipv4_address [port integer] |
@@ -75,7 +75,7 @@ masters

-

SERVER

+

SERVER


server ( ipv4_address | ipv6_address ) {
bogus boolean;
@@ -95,7 +95,7 @@ server

-

TRUSTED-KEYS

+

TRUSTED-KEYS


trusted-keys {
domain_name flags protocol algorithm key; ... 
@@ -103,7 +103,7 @@ trusted-keys

-

CONTROLS

+

CONTROLS


controls {
inet ( ipv4_address | ipv6_address | * )
@@ -115,7 +115,7 @@ controls

-

LOGGING

+

LOGGING


logging {
channel string {
@@ -133,7 +133,7 @@ logging

-

LWRES

+

LWRES


lwres {
listen-on [ port integer ] {
@@ -146,7 +146,7 @@ lwres

-

OPTIONS

+

OPTIONS


options {
avoid-v4-udp-ports { port; ... };
@@ -155,6 +155,7 @@ options coresize size;
datasize size;
directory quoted_string;
+ cache-file quoted_string; // test option
dump-file quoted_string;
files size;
heartbeat-interval integer;
@@ -202,8 +203,8 @@ options rfc2308-type1 boolean; // not yet implemented
additional-from-auth boolean;
additional-from-cache boolean;
- query-source querysource4;
- query-source-v6 querysource6;
+ query-source [ address ( ipv4_address | * ) ] [ port ( integer | * ) ];
+ query-source-v6 [ address ( ipv6_address | * ) ] [ port ( integer | * ) ];
cleaning-interval integer;
min-roots integer; // not implemented
lame-ttl integer;
@@ -289,7 +290,7 @@ options

-

VIEW

+

VIEW


view string optional_class {
match-clients { address_match_element; ... };
@@ -328,8 +329,8 @@ view rfc2308-type1 boolean; // not yet implemented
additional-from-auth boolean;
additional-from-cache boolean;
- query-source querysource4;
- query-source-v6 querysource6;
+ query-source [ address ( ipv4_address | * ) ] [ port ( integer | * ) ];
+ query-source-v6 [ address ( ipv6_address | * ) ] [ port ( integer | * ) ];
cleaning-interval integer;
min-roots integer; // not implemented
lame-ttl integer;
@@ -407,7 +408,7 @@ view

-

ZONE

+

ZONE


zone string optional_class {
type ( master | slave | stub | hint |
@@ -483,17 +484,17 @@ zone

-

FILES

+

FILES

/etc/named.conf

-

SEE ALSO

+

SEE ALSO

named(8), rndc(8), -BIND 9 Adminstrators Reference Manual. +BIND 9 Administrator Reference Manual.

diff --git a/contrib/bind9/bin/named/named.docbook b/contrib/bind9/bin/named/named.docbook index 47ccf54b38e..f7cae12b135 100644 --- a/contrib/bind9/bin/named/named.docbook +++ b/contrib/bind9/bin/named/named.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" []> - + @@ -35,6 +35,7 @@ 2004 2005 + 2006 Internet Systems Consortium, Inc. ("ISC") @@ -365,6 +366,10 @@ lwresd 8 , + + named.conf + 5 + , BIND 9 Administrator Reference Manual. diff --git a/contrib/bind9/bin/named/named.html b/contrib/bind9/bin/named/named.html index f266e70af55..6e77e5b9c3b 100644 --- a/contrib/bind9/bin/named/named.html +++ b/contrib/bind9/bin/named/named.html @@ -1,5 +1,5 @@ - + named - +
-
+

Name

named — Internet domain name server

@@ -32,7 +32,7 @@

named [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-n #cpus] [-p port] [-s] [-t directory] [-u user] [-v] [-x cache-file]

-

DESCRIPTION

+

DESCRIPTION

named is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -46,7 +46,7 @@

-

OPTIONS

+

OPTIONS

-4

@@ -177,7 +177,7 @@

-

SIGNALS

+

SIGNALS

In routine operation, signals should not be used to control the nameserver; rndc should be used @@ -198,7 +198,7 @@

-

CONFIGURATION

+

CONFIGURATION

The named configuration file is too complex to describe in detail here. A complete description is @@ -207,7 +207,7 @@

-

FILES

+

FILES

/etc/named.conf

@@ -220,18 +220,19 @@

-

SEE ALSO

+

SEE ALSO

RFC 1033, RFC 1034, RFC 1035, rndc(8), lwresd(8), + named.conf(5), BIND 9 Administrator Reference Manual.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/bin/named/query.c b/contrib/bind9/bin/named/query.c index 6533ce49360..c0a76a8bdd1 100644 --- a/contrib/bind9/bin/named/query.c +++ b/contrib/bind9/bin/named/query.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.198.2.13.4.36.6.2 2006/10/04 07:06:01 marka Exp $ */ +/* $Id: query.c,v 1.198.2.13.4.43 2006/08/31 03:57:11 marka Exp $ */ #include @@ -148,18 +148,6 @@ query_next(ns_client_t *client, isc_result_t result) { ns_client_next(client, result); } -static inline void -query_maybeputqname(ns_client_t *client) { - if (client->query.restarts > 0) { - /* - * client->query.qname was dynamically allocated. - */ - dns_message_puttempname(client->message, - &client->query.qname); - client->query.qname = NULL; - } -} - static inline void query_freefreeversions(ns_client_t *client, isc_boolean_t everything) { ns_dbversion_t *dbversion, *dbversion_next; @@ -240,8 +228,14 @@ query_reset(ns_client_t *client, isc_boolean_t everything) { } } - query_maybeputqname(client); - + if (client->query.restarts > 0) { + /* + * client->query.qname was dynamically allocated. + */ + dns_message_puttempname(client->message, + &client->query.qname); + } + client->query.qname = NULL; client->query.attributes = (NS_QUERYATTR_RECURSIONOK | NS_QUERYATTR_CACHEOK | NS_QUERYATTR_SECURE); @@ -2091,17 +2085,31 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain, result = isc_quota_attach(&ns_g_server->recursionquota, &client->recursionquota); if (result == ISC_R_SOFTQUOTA) { - ns_client_log(client, NS_LOGCATEGORY_CLIENT, - NS_LOGMODULE_QUERY, ISC_LOG_WARNING, - "recursive-clients soft limit exceeded, " - "aborting oldest query"); + static isc_stdtime_t last = 0; + isc_stdtime_t now; + isc_stdtime_get(&now); + if (now != last) { + last = now; + ns_client_log(client, NS_LOGCATEGORY_CLIENT, + NS_LOGMODULE_QUERY, + ISC_LOG_WARNING, + "recursive-clients soft limit " + "exceeded, aborting oldest query"); + } ns_client_killoldestquery(client); result = ISC_R_SUCCESS; } else if (result == ISC_R_QUOTA) { - ns_client_log(client, NS_LOGCATEGORY_CLIENT, - NS_LOGMODULE_QUERY, ISC_LOG_WARNING, - "no more recursive clients: %s", - isc_result_totext(result)); + static isc_stdtime_t last = 0; + isc_stdtime_t now; + isc_stdtime_get(&now); + if (now != last) { + last = now; + ns_client_log(client, NS_LOGCATEGORY_CLIENT, + NS_LOGMODULE_QUERY, + ISC_LOG_WARNING, + "no more recursive clients: %s", + isc_result_totext(result)); + } ns_client_killoldestquery(client); } if (result == ISC_R_SUCCESS && !client->mortal && @@ -2182,7 +2190,7 @@ do { \ * ISC_R_NOTIMPLEMENTED The rdata is not a known address type. */ static isc_result_t -rdata_tonetaddr(dns_rdata_t *rdata, isc_netaddr_t *netaddr) { +rdata_tonetaddr(const dns_rdata_t *rdata, isc_netaddr_t *netaddr) { struct in_addr ina; struct in6_addr in6a; @@ -2208,7 +2216,7 @@ rdata_tonetaddr(dns_rdata_t *rdata, isc_netaddr_t *netaddr) { * sortlist statement. */ static int -query_sortlist_order_2element(dns_rdata_t *rdata, void *arg) { +query_sortlist_order_2element(const dns_rdata_t *rdata, const void *arg) { isc_netaddr_t netaddr; if (rdata_tonetaddr(rdata, &netaddr) != ISC_R_SUCCESS) @@ -2221,7 +2229,7 @@ query_sortlist_order_2element(dns_rdata_t *rdata, void *arg) { * of a 1-element top-level sortlist statement. */ static int -query_sortlist_order_1element(dns_rdata_t *rdata, void *arg) { +query_sortlist_order_1element(const dns_rdata_t *rdata, const void *arg) { isc_netaddr_t netaddr; if (rdata_tonetaddr(rdata, &netaddr) != ISC_R_SUCCESS) @@ -2237,7 +2245,7 @@ static void setup_query_sortlist(ns_client_t *client) { isc_netaddr_t netaddr; dns_rdatasetorderfunc_t order = NULL; - void *order_arg = NULL; + const void *order_arg = NULL; isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); switch (ns_sortlist_setup(client->view->sortlist, @@ -2469,7 +2477,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) /* * First we must find the right database. */ - options = 0; + options &= DNS_GETDB_NOLOG; /* Preserve DNS_GETDB_NOLOG. */ if (dns_rdatatype_atparent(qtype) && !dns_name_equal(client->query.qname, dns_rootname)) options |= DNS_GETDB_NOEXACT; @@ -2509,9 +2517,10 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) } } if (result != ISC_R_SUCCESS) { - if (result == DNS_R_REFUSED) - QUERY_ERROR(DNS_R_REFUSED); - else + if (result == DNS_R_REFUSED) { + if (!PARTIALANSWER(client)) + QUERY_ERROR(DNS_R_REFUSED); + } else QUERY_ERROR(DNS_R_SERVFAIL); goto cleanup; } @@ -2995,9 +3004,10 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) goto cleanup; } dns_rdata_freestruct(&cname); - query_maybeputqname(client); - client->query.qname = tname; + ns_client_qnamereplace(client, tname); want_restart = ISC_TRUE; + if (!WANTRECURSION(client)) + options |= DNS_GETDB_NOLOG; goto addauth; case DNS_R_DNAME: /* @@ -3111,10 +3121,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) /* * Switch to the new qname and restart. */ - query_maybeputqname(client); - client->query.qname = fname; + ns_client_qnamereplace(client, fname); fname = NULL; want_restart = ISC_TRUE; + if (!WANTRECURSION(client)) + options |= DNS_GETDB_NOLOG; goto addauth; default: /* diff --git a/contrib/bind9/bin/named/server.c b/contrib/bind9/bin/named/server.c index b9d30d02f64..f29321e5106 100644 --- a/contrib/bind9/bin/named/server.c +++ b/contrib/bind9/bin/named/server.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.339.2.15.2.65 2005/07/27 02:53:15 marka Exp $ */ +/* $Id: server.c,v 1.339.2.15.2.70 2006/05/24 04:30:24 marka Exp $ */ #include @@ -167,25 +167,25 @@ static void ns_server_reload(isc_task_t *task, isc_event_t *event); static isc_result_t -ns_listenelt_fromconfig(cfg_obj_t *listener, cfg_obj_t *config, +ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, ns_aclconfctx_t *actx, isc_mem_t *mctx, ns_listenelt_t **target); static isc_result_t -ns_listenlist_fromconfig(cfg_obj_t *listenlist, cfg_obj_t *config, +ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, ns_aclconfctx_t *actx, isc_mem_t *mctx, ns_listenlist_t **target); static isc_result_t -configure_forward(cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, - cfg_obj_t *forwarders, cfg_obj_t *forwardtype); +configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, + const cfg_obj_t *forwarders, const cfg_obj_t *forwardtype); static isc_result_t -configure_alternates(cfg_obj_t *config, dns_view_t *view, - cfg_obj_t *alternates); +configure_alternates(const cfg_obj_t *config, dns_view_t *view, + const cfg_obj_t *alternates); static isc_result_t -configure_zone(cfg_obj_t *config, cfg_obj_t *zconfig, cfg_obj_t *vconfig, - isc_mem_t *mctx, dns_view_t *view, +configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, + const cfg_obj_t *vconfig, isc_mem_t *mctx, dns_view_t *view, ns_aclconfctx_t *aclconf); static void @@ -197,13 +197,13 @@ end_reserved_dispatches(ns_server_t *server, isc_boolean_t all); * (for a global default). */ static isc_result_t -configure_view_acl(cfg_obj_t *vconfig, cfg_obj_t *config, +configure_view_acl(const cfg_obj_t *vconfig, const cfg_obj_t *config, const char *aclname, ns_aclconfctx_t *actx, isc_mem_t *mctx, dns_acl_t **aclp) { isc_result_t result; - cfg_obj_t *maps[3]; - cfg_obj_t *aclobj = NULL; + const cfg_obj_t *maps[3]; + const cfg_obj_t *aclobj = NULL; int i = 0; if (*aclp != NULL) @@ -211,14 +211,14 @@ configure_view_acl(cfg_obj_t *vconfig, cfg_obj_t *config, if (vconfig != NULL) maps[i++] = cfg_tuple_get(vconfig, "options"); if (config != NULL) { - cfg_obj_t *options = NULL; + const cfg_obj_t *options = NULL; (void)cfg_map_get(config, "options", &options); if (options != NULL) maps[i++] = options; } maps[i] = NULL; - result = ns_config_get(maps, aclname, &aclobj); + (void)ns_config_get(maps, aclname, &aclobj); if (aclobj == NULL) /* * No value available. *aclp == NULL. @@ -231,13 +231,13 @@ configure_view_acl(cfg_obj_t *vconfig, cfg_obj_t *config, } static isc_result_t -configure_view_dnsseckey(cfg_obj_t *vconfig, cfg_obj_t *key, +configure_view_dnsseckey(const cfg_obj_t *vconfig, const cfg_obj_t *key, dns_keytable_t *keytable, isc_mem_t *mctx) { dns_rdataclass_t viewclass; dns_rdata_dnskey_t keystruct; isc_uint32_t flags, proto, alg; - char *keystr, *keynamestr; + const char *keystr, *keynamestr; unsigned char keydata[4096]; isc_buffer_t keydatabuf; unsigned char rrdata[4096]; @@ -258,7 +258,7 @@ configure_view_dnsseckey(cfg_obj_t *vconfig, cfg_obj_t *key, if (vconfig == NULL) viewclass = dns_rdataclass_in; else { - cfg_obj_t *classobj = cfg_tuple_get(vconfig, "class"); + const cfg_obj_t *classobj = cfg_tuple_get(vconfig, "class"); CHECK(ns_config_getclass(classobj, dns_rdataclass_in, &viewclass)); } @@ -334,15 +334,15 @@ configure_view_dnsseckey(cfg_obj_t *vconfig, cfg_obj_t *key, * from 'vconfig' and 'config'. The variable to be configured is '*target'. */ static isc_result_t -configure_view_dnsseckeys(cfg_obj_t *vconfig, cfg_obj_t *config, +configure_view_dnsseckeys(const cfg_obj_t *vconfig, const cfg_obj_t *config, isc_mem_t *mctx, dns_keytable_t **target) { isc_result_t result; - cfg_obj_t *keys = NULL; - cfg_obj_t *voptions = NULL; - cfg_listelt_t *element, *element2; - cfg_obj_t *keylist; - cfg_obj_t *key; + const cfg_obj_t *keys = NULL; + const cfg_obj_t *voptions = NULL; + const cfg_listelt_t *element, *element2; + const cfg_obj_t *keylist; + const cfg_obj_t *key; dns_keytable_t *keytable = NULL; CHECK(dns_keytable_create(mctx, &keytable)); @@ -381,10 +381,10 @@ configure_view_dnsseckeys(cfg_obj_t *vconfig, cfg_obj_t *config, } static isc_result_t -mustbesecure(cfg_obj_t *mbs, dns_resolver_t *resolver) +mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver) { - cfg_listelt_t *element; - cfg_obj_t *obj; + const cfg_listelt_t *element; + const cfg_obj_t *obj; const char *str; dns_fixedname_t fixed; dns_name_t *name; @@ -418,14 +418,14 @@ mustbesecure(cfg_obj_t *mbs, dns_resolver_t *resolver) * Get a dispatch appropriate for the resolver of a given view. */ static isc_result_t -get_view_querysource_dispatch(cfg_obj_t **maps, +get_view_querysource_dispatch(const cfg_obj_t **maps, int af, dns_dispatch_t **dispatchp) { isc_result_t result; dns_dispatch_t *disp; isc_sockaddr_t sa; unsigned int attrs, attrmask; - cfg_obj_t *obj = NULL; + const cfg_obj_t *obj = NULL; /* * Make compiler happy. @@ -436,7 +436,6 @@ get_view_querysource_dispatch(cfg_obj_t **maps, case AF_INET: result = ns_config_get(maps, "query-source", &obj); INSIST(result == ISC_R_SUCCESS); - break; case AF_INET6: result = ns_config_get(maps, "query-source-v6", &obj); @@ -517,10 +516,10 @@ get_view_querysource_dispatch(cfg_obj_t **maps, } static isc_result_t -configure_order(dns_order_t *order, cfg_obj_t *ent) { +configure_order(dns_order_t *order, const cfg_obj_t *ent) { dns_rdataclass_t rdclass; dns_rdatatype_t rdtype; - cfg_obj_t *obj; + const cfg_obj_t *obj; dns_fixedname_t fixed; unsigned int mode = 0; const char *str; @@ -567,7 +566,7 @@ configure_order(dns_order_t *order, cfg_obj_t *ent) { /* * "*" should match everything including the root (BIND 8 compat). * As dns_name_matcheswildcard(".", "*.") returns FALSE add a - * explict entry for "." when the name is "*". + * explicit entry for "." when the name is "*". */ if (addroot) { result = dns_order_add(order, dns_rootname, @@ -581,12 +580,12 @@ configure_order(dns_order_t *order, cfg_obj_t *ent) { } static isc_result_t -configure_peer(cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) { - isc_sockaddr_t *sa; +configure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) { + const isc_sockaddr_t *sa; isc_netaddr_t na; dns_peer_t *peer; - cfg_obj_t *obj; - char *str; + const cfg_obj_t *obj; + const char *str; isc_result_t result; sa = cfg_obj_assockaddr(cfg_map_getname(cpeer)); @@ -664,10 +663,10 @@ configure_peer(cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) { } static isc_result_t -disable_algorithms(cfg_obj_t *disabled, dns_resolver_t *resolver) { +disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) { isc_result_t result; - cfg_obj_t *algorithms; - cfg_listelt_t *element; + const cfg_obj_t *algorithms; + const cfg_listelt_t *element; const char *str; dns_fixedname_t fixed; dns_name_t *name; @@ -688,7 +687,7 @@ disable_algorithms(cfg_obj_t *disabled, dns_resolver_t *resolver) { isc_textregion_t r; dns_secalg_t alg; - r.base = cfg_obj_asstring(cfg_listelt_value(element)); + DE_CONST(cfg_obj_asstring(cfg_listelt_value(element)), r.base); r.length = strlen(r.base); result = dns_secalg_fromtext(&alg, &r); @@ -717,21 +716,21 @@ disable_algorithms(cfg_obj_t *disabled, dns_resolver_t *resolver) { * global defaults in 'config' used exclusively. */ static isc_result_t -configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, - isc_mem_t *mctx, ns_aclconfctx_t *actx, +configure_view(dns_view_t *view, const cfg_obj_t *config, + const cfg_obj_t *vconfig, isc_mem_t *mctx, ns_aclconfctx_t *actx, isc_boolean_t need_hints) { - cfg_obj_t *maps[4]; - cfg_obj_t *cfgmaps[3]; - cfg_obj_t *options = NULL; - cfg_obj_t *voptions = NULL; - cfg_obj_t *forwardtype; - cfg_obj_t *forwarders; - cfg_obj_t *alternates; - cfg_obj_t *zonelist; - cfg_obj_t *disabled; - cfg_obj_t *obj; - cfg_listelt_t *element; + const cfg_obj_t *maps[4]; + const cfg_obj_t *cfgmaps[3]; + const cfg_obj_t *options = NULL; + const cfg_obj_t *voptions = NULL; + const cfg_obj_t *forwardtype; + const cfg_obj_t *forwarders; + const cfg_obj_t *alternates; + const cfg_obj_t *zonelist; + const cfg_obj_t *disabled; + const cfg_obj_t *obj; + const cfg_listelt_t *element; in_port_t port; dns_cache_t *cache = NULL; isc_result_t result; @@ -792,7 +791,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *zconfig = cfg_listelt_value(element); + const cfg_obj_t *zconfig = cfg_listelt_value(element); CHECK(configure_zone(config, zconfig, vconfig, mctx, view, actx)); } @@ -1018,8 +1017,8 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, * Configure the view's peer list. */ { - cfg_obj_t *peers = NULL; - cfg_listelt_t *element; + const cfg_obj_t *peers = NULL; + const cfg_listelt_t *element; dns_peerlist_t *newpeers = NULL; (void)ns_config_get(cfgmaps, "server", &peers); @@ -1028,7 +1027,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *cpeer = cfg_listelt_value(element); + const cfg_obj_t *cpeer = cfg_listelt_value(element); dns_peer_t *peer; CHECK(configure_peer(cpeer, mctx, &peer)); @@ -1043,8 +1042,8 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, * Configure the views rrset-order. */ { - cfg_obj_t *rrsetorder = NULL; - cfg_listelt_t *element; + const cfg_obj_t *rrsetorder = NULL; + const cfg_listelt_t *element; (void)ns_config_get(maps, "rrset-order", &rrsetorder); CHECK(dns_order_create(mctx, &order)); @@ -1052,7 +1051,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *ent = cfg_listelt_value(element); + const cfg_obj_t *ent = cfg_listelt_value(element); CHECK(configure_order(order, ent)); } @@ -1078,7 +1077,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, * Configure the "match-recursive-only" option. */ obj = NULL; - (void) ns_config_get(maps, "match-recursive-only", &obj); + (void)ns_config_get(maps, "match-recursive-only", &obj); if (obj != NULL && cfg_obj_asboolean(obj)) view->matchrecursiveonly = ISC_TRUE; else @@ -1275,8 +1274,8 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, dns_fixedname_t fixed; dns_name_t *name; isc_buffer_t b; - char *str; - cfg_obj_t *exclude; + const char *str; + const cfg_obj_t *exclude; dns_fixedname_init(&fixed); name = dns_fixedname_name(&fixed); @@ -1330,12 +1329,12 @@ configure_hints(dns_view_t *view, const char *filename) { } static isc_result_t -configure_alternates(cfg_obj_t *config, dns_view_t *view, - cfg_obj_t *alternates) +configure_alternates(const cfg_obj_t *config, dns_view_t *view, + const cfg_obj_t *alternates) { - cfg_obj_t *portobj; - cfg_obj_t *addresses; - cfg_listelt_t *element; + const cfg_obj_t *portobj; + const cfg_obj_t *addresses; + const cfg_listelt_t *element; isc_result_t result = ISC_R_SUCCESS; in_port_t port; @@ -1368,14 +1367,14 @@ configure_alternates(cfg_obj_t *config, dns_view_t *view, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *alternate = cfg_listelt_value(element); + const cfg_obj_t *alternate = cfg_listelt_value(element); isc_sockaddr_t sa; if (!cfg_obj_issockaddr(alternate)) { dns_fixedname_t fixed; dns_name_t *name; - char *str = cfg_obj_asstring(cfg_tuple_get(alternate, - "name")); + const char *str = cfg_obj_asstring(cfg_tuple_get( + alternate, "name")); isc_buffer_t buffer; in_port_t myport = port; @@ -1415,12 +1414,12 @@ configure_alternates(cfg_obj_t *config, dns_view_t *view, } static isc_result_t -configure_forward(cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, - cfg_obj_t *forwarders, cfg_obj_t *forwardtype) +configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, + const cfg_obj_t *forwarders, const cfg_obj_t *forwardtype) { - cfg_obj_t *portobj; - cfg_obj_t *faddresses; - cfg_listelt_t *element; + const cfg_obj_t *portobj; + const cfg_obj_t *faddresses; + const cfg_listelt_t *element; dns_fwdpolicy_t fwdpolicy = dns_fwdpolicy_none; isc_sockaddrlist_t addresses; isc_sockaddr_t *sa; @@ -1458,7 +1457,7 @@ configure_forward(cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *forwarder = cfg_listelt_value(element); + const cfg_obj_t *forwarder = cfg_listelt_value(element); sa = isc_mem_get(view->mctx, sizeof(isc_sockaddr_t)); if (sa == NULL) { result = ISC_R_NOMEMORY; @@ -1481,7 +1480,7 @@ configure_forward(cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, if (forwardtype == NULL) fwdpolicy = dns_fwdpolicy_first; else { - char *forwardstr = cfg_obj_asstring(forwardtype); + const char *forwardstr = cfg_obj_asstring(forwardtype); if (strcasecmp(forwardstr, "first") == 0) fwdpolicy = dns_fwdpolicy_first; else if (strcasecmp(forwardstr, "only") == 0) @@ -1523,14 +1522,16 @@ configure_forward(cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, * The view created is attached to '*viewp'. */ static isc_result_t -create_view(cfg_obj_t *vconfig, dns_viewlist_t *viewlist, dns_view_t **viewp) { +create_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist, + dns_view_t **viewp) +{ isc_result_t result; const char *viewname; dns_rdataclass_t viewclass; dns_view_t *view = NULL; if (vconfig != NULL) { - cfg_obj_t *classobj = NULL; + const cfg_obj_t *classobj = NULL; viewname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name")); classobj = cfg_tuple_get(vconfig, "class"); @@ -1560,19 +1561,19 @@ create_view(cfg_obj_t *vconfig, dns_viewlist_t *viewlist, dns_view_t **viewp) { * Configure or reconfigure a zone. */ static isc_result_t -configure_zone(cfg_obj_t *config, cfg_obj_t *zconfig, cfg_obj_t *vconfig, - isc_mem_t *mctx, dns_view_t *view, +configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, + const cfg_obj_t *vconfig, isc_mem_t *mctx, dns_view_t *view, ns_aclconfctx_t *aclconf) { dns_view_t *pview = NULL; /* Production view */ dns_zone_t *zone = NULL; /* New or reused zone */ dns_zone_t *dupzone = NULL; - cfg_obj_t *options = NULL; - cfg_obj_t *zoptions = NULL; - cfg_obj_t *typeobj = NULL; - cfg_obj_t *forwarders = NULL; - cfg_obj_t *forwardtype = NULL; - cfg_obj_t *only = NULL; + const cfg_obj_t *options = NULL; + const cfg_obj_t *zoptions = NULL; + const cfg_obj_t *typeobj = NULL; + const cfg_obj_t *forwarders = NULL; + const cfg_obj_t *forwardtype = NULL; + const cfg_obj_t *only = NULL; isc_result_t result; isc_result_t tresult; isc_buffer_t buffer; @@ -1629,7 +1630,7 @@ configure_zone(cfg_obj_t *config, cfg_obj_t *zconfig, cfg_obj_t *vconfig, * configure it and return. */ if (strcasecmp(ztypestr, "hint") == 0) { - cfg_obj_t *fileobj = NULL; + const cfg_obj_t *fileobj = NULL; if (cfg_map_get(zoptions, "file", &fileobj) != ISC_R_SUCCESS) { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, @@ -1639,7 +1640,7 @@ configure_zone(cfg_obj_t *config, cfg_obj_t *zconfig, cfg_obj_t *vconfig, goto cleanup; } if (dns_name_equal(origin, dns_rootname)) { - char *hintsfile = cfg_obj_asstring(fileobj); + const char *hintsfile = cfg_obj_asstring(fileobj); result = configure_hints(view, hintsfile); if (result != ISC_R_SUCCESS) { @@ -1795,9 +1796,10 @@ configure_zone(cfg_obj_t *config, cfg_obj_t *zconfig, cfg_obj_t *vconfig, * Configure a single server quota. */ static void -configure_server_quota(cfg_obj_t **maps, const char *name, isc_quota_t *quota) +configure_server_quota(const cfg_obj_t **maps, const char *name, + isc_quota_t *quota) { - cfg_obj_t *obj = NULL; + const cfg_obj_t *obj = NULL; isc_result_t result; result = ns_config_get(maps, name, &obj); @@ -1810,9 +1812,9 @@ configure_server_quota(cfg_obj_t **maps, const char *name, isc_quota_t *quota) * parsed. This can be extended to support other options if necessary. */ static isc_result_t -directory_callback(const char *clausename, cfg_obj_t *obj, void *arg) { +directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) { isc_result_t result; - char *directory; + const char *directory; REQUIRE(strcasecmp("directory", clausename) == 0); @@ -1891,8 +1893,7 @@ add_listenelt(isc_mem_t *mctx, ns_listenlist_t *list, isc_sockaddr_t *addr) { clean: INSIST(lelt == NULL); - if (src_acl != NULL) - dns_acl_detach(&src_acl); + dns_acl_detach(&src_acl); return (result); } @@ -2049,7 +2050,7 @@ setstring(ns_server_t *server, char **field, const char *value) { * or NULL if whether 'obj' is a string or void value, respectively. */ static isc_result_t -setoptstring(ns_server_t *server, char **field, cfg_obj_t *obj) { +setoptstring(ns_server_t *server, char **field, const cfg_obj_t *obj) { if (cfg_obj_isvoid(obj)) return (setstring(server, field, NULL)); else @@ -2057,11 +2058,12 @@ setoptstring(ns_server_t *server, char **field, cfg_obj_t *obj) { } static void -set_limit(cfg_obj_t **maps, const char *configname, const char *description, - isc_resource_t resourceid, isc_resourcevalue_t defaultvalue) +set_limit(const cfg_obj_t **maps, const char *configname, + const char *description, isc_resource_t resourceid, + isc_resourcevalue_t defaultvalue) { - cfg_obj_t *obj = NULL; - char *resource; + const cfg_obj_t *obj = NULL; + const char *resource; isc_resourcevalue_t value; isc_result_t result; @@ -2092,7 +2094,7 @@ set_limit(cfg_obj_t **maps, const char *configname, const char *description, ns_g_init ## resource) static void -set_limits(cfg_obj_t **maps) { +set_limits(const cfg_obj_t **maps) { SETLIMIT("stacksize", stacksize, "stack size"); SETLIMIT("datasize", datasize, "data size"); SETLIMIT("coresize", coresize, "core size"); @@ -2101,15 +2103,15 @@ set_limits(cfg_obj_t **maps) { static isc_result_t portlist_fromconf(dns_portlist_t *portlist, unsigned int family, - cfg_obj_t *ports) + const cfg_obj_t *ports) { - cfg_listelt_t *element; + const cfg_listelt_t *element; isc_result_t result = ISC_R_SUCCESS; for (element = cfg_list_first(ports); element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *obj = cfg_listelt_value(element); + const cfg_obj_t *obj = cfg_listelt_value(element); in_port_t port = (in_port_t)cfg_obj_asuint32(obj); result = dns_portlist_add(portlist, family, port); @@ -2126,13 +2128,13 @@ load_configuration(const char *filename, ns_server_t *server, isc_result_t result; cfg_parser_t *parser = NULL; cfg_obj_t *config; - cfg_obj_t *options; - cfg_obj_t *views; - cfg_obj_t *obj; - cfg_obj_t *v4ports, *v6ports; - cfg_obj_t *maps[3]; - cfg_obj_t *builtin_views; - cfg_listelt_t *element; + const cfg_obj_t *options; + const cfg_obj_t *views; + const cfg_obj_t *obj; + const cfg_obj_t *v4ports, *v6ports; + const cfg_obj_t *maps[3]; + const cfg_obj_t *builtin_views; + const cfg_listelt_t *element; dns_view_t *view = NULL; dns_view_t *view_next; dns_viewlist_t viewlist; @@ -2319,7 +2321,7 @@ load_configuration(const char *filename, ns_server_t *server, * statement. */ { - cfg_obj_t *clistenon = NULL; + const cfg_obj_t *clistenon = NULL; ns_listenlist_t *listenon = NULL; clistenon = NULL; @@ -2353,7 +2355,7 @@ load_configuration(const char *filename, ns_server_t *server, * Ditto for IPv6. */ { - cfg_obj_t *clistenon = NULL; + const cfg_obj_t *clistenon = NULL; ns_listenlist_t *listenon = NULL; if (options != NULL) @@ -2438,7 +2440,7 @@ load_configuration(const char *filename, ns_server_t *server, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *vconfig = cfg_listelt_value(element); + const cfg_obj_t *vconfig = cfg_listelt_value(element); view = NULL; CHECK(create_view(vconfig, &viewlist, &view)); @@ -2478,7 +2480,7 @@ load_configuration(const char *filename, ns_server_t *server, element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *vconfig = cfg_listelt_value(element); + const cfg_obj_t *vconfig = cfg_listelt_value(element); CHECK(create_view(vconfig, &viewlist, &view)); CHECK(configure_view(view, config, vconfig, ns_g_mctx, &aclconfctx, ISC_FALSE)); @@ -2582,7 +2584,7 @@ load_configuration(const char *filename, ns_server_t *server, "ignoring config file logging " "statement due to -g option"); } else { - cfg_obj_t *logobj = NULL; + const cfg_obj_t *logobj = NULL; isc_logconfig_t *logc = NULL; CHECKM(isc_logconfig_create(ns_g_lctx, &logc), @@ -2621,8 +2623,8 @@ load_configuration(const char *filename, ns_server_t *server, * compatibility. */ if (first_time) { - cfg_obj_t *logobj = NULL; - cfg_obj_t *categories = NULL; + const cfg_obj_t *logobj = NULL; + const cfg_obj_t *categories = NULL; obj = NULL; if (ns_config_get(maps, "querylog", &obj) == ISC_R_SUCCESS) { @@ -2634,13 +2636,13 @@ load_configuration(const char *filename, ns_server_t *server, (void)cfg_map_get(logobj, "category", &categories); if (categories != NULL) { - cfg_listelt_t *element; + const cfg_listelt_t *element; for (element = cfg_list_first(categories); element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *catobj; - char *str; + const cfg_obj_t *catobj; + const char *str; obj = cfg_listelt_value(element); catobj = cfg_tuple_get(obj, "name"); @@ -3133,7 +3135,7 @@ end_reserved_dispatches(ns_server_t *server, isc_boolean_t all) { } void -ns_add_reserved_dispatch(ns_server_t *server, isc_sockaddr_t *addr) { +ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr) { ns_dispatch_t *dispatch; in_port_t port; char addrbuf[ISC_SOCKADDR_FORMATSIZE]; @@ -3458,20 +3460,29 @@ isc_result_t ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) { isc_result_t result; dns_zone_t *zone = NULL; - const unsigned char msg[] = "zone refresh queued"; + const unsigned char msg1[] = "zone refresh queued"; + const unsigned char msg2[] = "not a slave or stub zone"; + dns_zonetype_t type; result = zone_from_args(server, args, &zone); if (result != ISC_R_SUCCESS) return (result); if (zone == NULL) return (ISC_R_UNEXPECTEDEND); - - dns_zone_refresh(zone); - dns_zone_detach(&zone); - if (sizeof(msg) <= isc_buffer_availablelength(text)) - isc_buffer_putmem(text, msg, sizeof(msg)); - return (ISC_R_SUCCESS); + type = dns_zone_gettype(zone); + if (type == dns_zone_slave || type == dns_zone_stub) { + dns_zone_refresh(zone); + dns_zone_detach(&zone); + if (sizeof(msg1) <= isc_buffer_availablelength(text)) + isc_buffer_putmem(text, msg1, sizeof(msg1)); + return (ISC_R_SUCCESS); + } + + dns_zone_detach(&zone); + if (sizeof(msg2) <= isc_buffer_availablelength(text)) + isc_buffer_putmem(text, msg2, sizeof(msg2)); + return (ISC_R_FAILURE); } isc_result_t @@ -3486,12 +3497,12 @@ ns_server_togglequerylog(ns_server_t *server) { } static isc_result_t -ns_listenlist_fromconfig(cfg_obj_t *listenlist, cfg_obj_t *config, +ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, ns_aclconfctx_t *actx, isc_mem_t *mctx, ns_listenlist_t **target) { isc_result_t result; - cfg_listelt_t *element; + const cfg_listelt_t *element; ns_listenlist_t *dlist = NULL; REQUIRE(target != NULL && *target == NULL); @@ -3505,7 +3516,7 @@ ns_listenlist_fromconfig(cfg_obj_t *listenlist, cfg_obj_t *config, element = cfg_list_next(element)) { ns_listenelt_t *delt = NULL; - cfg_obj_t *listener = cfg_listelt_value(element); + const cfg_obj_t *listener = cfg_listelt_value(element); result = ns_listenelt_fromconfig(listener, config, actx, mctx, &delt); if (result != ISC_R_SUCCESS) @@ -3525,12 +3536,12 @@ ns_listenlist_fromconfig(cfg_obj_t *listenlist, cfg_obj_t *config, * data structure. */ static isc_result_t -ns_listenelt_fromconfig(cfg_obj_t *listener, cfg_obj_t *config, +ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, ns_aclconfctx_t *actx, isc_mem_t *mctx, ns_listenelt_t **target) { isc_result_t result; - cfg_obj_t *portobj; + const cfg_obj_t *portobj; in_port_t port; ns_listenelt_t *delt = NULL; REQUIRE(target != NULL && *target == NULL); @@ -3823,6 +3834,11 @@ ns_server_dumpdb(ns_server_t *server, char *args) { char *ptr; const char *sep; + /* Skip the command name. */ + ptr = next_token(&args, " \t"); + if (ptr == NULL) + return (ISC_R_UNEXPECTEDEND); + dctx = isc_mem_get(server->mctx, sizeof(*dctx)); if (dctx == NULL) return (ISC_R_NOMEMORY); @@ -3845,11 +3861,6 @@ ns_server_dumpdb(ns_server_t *server, char *args) { CHECKMF(isc_stdio_open(server->dumpfile, "w", &dctx->fp), "could not open dump file", server->dumpfile); - /* Skip the command name. */ - ptr = next_token(&args, " \t"); - if (ptr == NULL) - return (ISC_R_UNEXPECTEDEND); - sep = (args == NULL) ? "" : ": "; isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, diff --git a/contrib/bind9/bin/named/sortlist.c b/contrib/bind9/bin/named/sortlist.c index 0098fe779c8..0feba3bbee8 100644 --- a/contrib/bind9/bin/named/sortlist.c +++ b/contrib/bind9/bin/named/sortlist.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sortlist.c,v 1.5.12.4 2004/03/08 04:04:19 marka Exp $ */ +/* $Id: sortlist.c,v 1.5.12.6 2006/03/02 00:37:20 marka Exp $ */ #include @@ -30,7 +30,9 @@ #include ns_sortlisttype_t -ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, void **argp) { +ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, + const void **argp) +{ unsigned int i; if (acl == NULL) @@ -44,7 +46,7 @@ ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, void **argp) { dns_aclelement_t *e = &acl->elements[i]; dns_aclelement_t *try_elt; dns_aclelement_t *order_elt = NULL; - dns_aclelement_t *matched_elt = NULL; + const dns_aclelement_t *matched_elt = NULL; if (e->type == dns_aclelementtype_nestedacl) { dns_acl_t *inner = e->u.nestedacl; @@ -106,8 +108,8 @@ ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, void **argp) { } int -ns_sortlist_addrorder2(isc_netaddr_t *addr, void *arg) { - dns_acl_t *sortacl = (dns_acl_t *) arg; +ns_sortlist_addrorder2(const isc_netaddr_t *addr, const void *arg) { + const dns_acl_t *sortacl = (const dns_acl_t *) arg; int match; (void)dns_acl_match(addr, NULL, sortacl, @@ -122,8 +124,8 @@ ns_sortlist_addrorder2(isc_netaddr_t *addr, void *arg) { } int -ns_sortlist_addrorder1(isc_netaddr_t *addr, void *arg) { - dns_aclelement_t *matchelt = (dns_aclelement_t *) arg; +ns_sortlist_addrorder1(const isc_netaddr_t *addr, const void *arg) { + const dns_aclelement_t *matchelt = (const dns_aclelement_t *) arg; if (dns_aclelement_match(addr, NULL, matchelt, &ns_g_server->aclenv, NULL)) { @@ -136,7 +138,7 @@ ns_sortlist_addrorder1(isc_netaddr_t *addr, void *arg) { void ns_sortlist_byaddrsetup(dns_acl_t *sortlist_acl, isc_netaddr_t *client_addr, dns_addressorderfunc_t *orderp, - void **argp) + const void **argp) { ns_sortlisttype_t sortlisttype; diff --git a/contrib/bind9/bin/named/tkeyconf.c b/contrib/bind9/bin/named/tkeyconf.c index 7fc13f3d9c0..f23c1dba5f2 100644 --- a/contrib/bind9/bin/named/tkeyconf.c +++ b/contrib/bind9/bin/named/tkeyconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tkeyconf.c,v 1.19.208.2 2004/06/11 00:30:51 marka Exp $ */ +/* $Id: tkeyconf.c,v 1.19.208.4 2006/03/02 00:37:20 marka Exp $ */ #include @@ -42,17 +42,17 @@ isc_result_t -ns_tkeyctx_fromconfig(cfg_obj_t *options, isc_mem_t *mctx, isc_entropy_t *ectx, - dns_tkeyctx_t **tctxp) +ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx, + isc_entropy_t *ectx, dns_tkeyctx_t **tctxp) { isc_result_t result; dns_tkeyctx_t *tctx = NULL; - char *s; + const char *s; isc_uint32_t n; dns_fixedname_t fname; dns_name_t *name; isc_buffer_t b; - cfg_obj_t *obj; + const cfg_obj_t *obj; int type; result = dns_tkeyctx_create(mctx, ectx, &tctx); diff --git a/contrib/bind9/bin/named/tsigconf.c b/contrib/bind9/bin/named/tsigconf.c index 38524c37fad..a90438d85ef 100644 --- a/contrib/bind9/bin/named/tsigconf.c +++ b/contrib/bind9/bin/named/tsigconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tsigconf.c,v 1.21.208.4 2004/03/08 04:04:19 marka Exp $ */ +/* $Id: tsigconf.c,v 1.21.208.6 2006/03/02 00:37:20 marka Exp $ */ #include @@ -35,10 +35,12 @@ #include static isc_result_t -add_initial_keys(cfg_obj_t *list, dns_tsig_keyring_t *ring, isc_mem_t *mctx) { - cfg_listelt_t *element; - cfg_obj_t *key = NULL; - char *keyid = NULL; +add_initial_keys(const cfg_obj_t *list, dns_tsig_keyring_t *ring, + isc_mem_t *mctx) +{ + const cfg_listelt_t *element; + const cfg_obj_t *key = NULL; + const char *keyid = NULL; unsigned char *secret = NULL; int secretalloc = 0; int secretlen = 0; @@ -49,14 +51,14 @@ add_initial_keys(cfg_obj_t *list, dns_tsig_keyring_t *ring, isc_mem_t *mctx) { element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *algobj = NULL; - cfg_obj_t *secretobj = NULL; + const cfg_obj_t *algobj = NULL; + const cfg_obj_t *secretobj = NULL; dns_name_t keyname; dns_name_t *alg; - char *algstr; + const char *algstr; char keynamedata[1024]; isc_buffer_t keynamesrc, keynamebuf; - char *secretstr; + const char *secretstr; isc_buffer_t secretbuf; key = cfg_listelt_value(element); @@ -129,11 +131,11 @@ add_initial_keys(cfg_obj_t *list, dns_tsig_keyring_t *ring, isc_mem_t *mctx) { } isc_result_t -ns_tsigkeyring_fromconfig(cfg_obj_t *config, cfg_obj_t *vconfig, +ns_tsigkeyring_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig, isc_mem_t *mctx, dns_tsig_keyring_t **ringp) { - cfg_obj_t *maps[3]; - cfg_obj_t *keylist; + const cfg_obj_t *maps[3]; + const cfg_obj_t *keylist; dns_tsig_keyring_t *ring = NULL; isc_result_t result; int i; diff --git a/contrib/bind9/bin/named/unix/os.c b/contrib/bind9/bin/named/unix/os.c index f306f146225..361d1b63639 100644 --- a/contrib/bind9/bin/named/unix/os.c +++ b/contrib/bind9/bin/named/unix/os.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.c,v 1.46.2.4.8.22 2005/05/20 01:37:19 marka Exp $ */ +/* $Id: os.c,v 1.46.2.4.8.24 2006/02/03 23:51:37 marka Exp $ */ #include #include @@ -497,6 +497,13 @@ ns_os_changeuser(void) { #if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS) linux_minprivs(); #endif +#if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE) + /* + * Restore the ability of named to drop core after the setuid() + * call has disabled it. + */ + prctl(PR_SET_DUMPABLE,1,0,0,0); +#endif } void diff --git a/contrib/bind9/bin/named/update.c b/contrib/bind9/bin/named/update.c index 6c2d7597f79..fa0ddb01049 100644 --- a/contrib/bind9/bin/named/update.c +++ b/contrib/bind9/bin/named/update.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: update.c,v 1.88.2.5.2.27 2005/10/08 00:21:06 marka Exp $ */ +/* $Id: update.c,v 1.88.2.5.2.29 2006/01/06 00:01:42 marka Exp $ */ #include @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include @@ -1517,7 +1518,8 @@ next_active(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, */ static isc_result_t add_nsec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, - dns_dbversion_t *ver, dns_name_t *name, dns_diff_t *diff) + dns_dbversion_t *ver, dns_name_t *name, dns_ttl_t nsecttl, + dns_diff_t *diff) { isc_result_t result; dns_dbnode_t *node = NULL; @@ -1552,8 +1554,7 @@ add_nsec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, * Add the new NSEC and record the change. */ CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, name, - 3600, /* XXXRTH */ - &rdata, &tuple)); + nsecttl, &rdata, &tuple)); CHECK(do_one_tuple(&tuple, db, ver, diff)); INSIST(tuple == NULL); @@ -1678,6 +1679,11 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, unsigned int nkeys = 0; unsigned int i; isc_stdtime_t now, inception, expire; + dns_ttl_t nsecttl; + dns_rdata_soa_t soa; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdataset_t rdataset; + dns_dbnode_t *node = NULL; dns_diff_init(client->mctx, &diffnames); dns_diff_init(client->mctx, &affected); @@ -1698,6 +1704,20 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, inception = now - 3600; /* Allow for some clock skew. */ expire = now + sigvalidityinterval; + /* + * Get the NSEC's TTL from the SOA MINIMUM field. + */ + CHECK(dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node)); + dns_rdataset_init(&rdataset); + CHECK(dns_db_findrdataset(db, node, newver, dns_rdatatype_soa, 0, + (isc_stdtime_t) 0, &rdataset, NULL)); + CHECK(dns_rdataset_first(&rdataset)); + dns_rdataset_current(&rdataset, &rdata); + CHECK(dns_rdata_tostruct(&rdata, &soa, NULL)); + nsecttl = soa.minimum; + dns_rdataset_disassociate(&rdataset); + dns_db_detachnode(db, &node); + /* * Find all RRsets directly affected by the update, and * update their RRSIGs. Also build a list of names affected @@ -1901,8 +1921,8 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, * there is other data, and if there is other data, * there are other RRSIGs. */ - CHECK(add_nsec(client, zone, db, newver, - &t->name, &nsec_diff)); + CHECK(add_nsec(client, zone, db, newver, &t->name, + nsecttl, &nsec_diff)); } } diff --git a/contrib/bind9/bin/named/zoneconf.c b/contrib/bind9/bin/named/zoneconf.c index 41ce69d6a62..66ef9050c53 100644 --- a/contrib/bind9/bin/named/zoneconf.c +++ b/contrib/bind9/bin/named/zoneconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zoneconf.c,v 1.87.2.4.10.15 2005/09/06 02:12:39 marka Exp $ */ +/* $Id: zoneconf.c,v 1.87.2.4.10.19 2006/02/28 06:32:53 marka Exp $ */ #include @@ -55,15 +55,15 @@ * Convenience function for configuring a single zone ACL. */ static isc_result_t -configure_zone_acl(cfg_obj_t *zconfig, cfg_obj_t *vconfig, cfg_obj_t *config, - const char *aclname, ns_aclconfctx_t *actx, - dns_zone_t *zone, +configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig, + const cfg_obj_t *config, const char *aclname, + ns_aclconfctx_t *actx, dns_zone_t *zone, void (*setzacl)(dns_zone_t *, dns_acl_t *), void (*clearzacl)(dns_zone_t *)) { isc_result_t result; - cfg_obj_t *maps[4]; - cfg_obj_t *aclobj = NULL; + const cfg_obj_t *maps[4]; + const cfg_obj_t *aclobj = NULL; int i = 0; dns_acl_t *dacl = NULL; @@ -72,7 +72,7 @@ configure_zone_acl(cfg_obj_t *zconfig, cfg_obj_t *vconfig, cfg_obj_t *config, if (vconfig != NULL) maps[i++] = cfg_tuple_get(vconfig, "options"); if (config != NULL) { - cfg_obj_t *options = NULL; + const cfg_obj_t *options = NULL; (void)cfg_map_get(config, "options", &options); if (options != NULL) maps[i++] = options; @@ -98,16 +98,18 @@ configure_zone_acl(cfg_obj_t *zconfig, cfg_obj_t *vconfig, cfg_obj_t *config, * Parse the zone update-policy statement. */ static isc_result_t -configure_zone_ssutable(cfg_obj_t *zconfig, dns_zone_t *zone) { - cfg_obj_t *updatepolicy = NULL; - cfg_listelt_t *element, *element2; +configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone) { + const cfg_obj_t *updatepolicy = NULL; + const cfg_listelt_t *element, *element2; dns_ssutable_t *table = NULL; isc_mem_t *mctx = dns_zone_getmctx(zone); isc_result_t result; (void)cfg_map_get(zconfig, "update-policy", &updatepolicy); - if (updatepolicy == NULL) + if (updatepolicy == NULL) { + dns_zone_setssutable(zone, NULL); return (ISC_R_SUCCESS); + } result = dns_ssutable_create(mctx, &table); if (result != ISC_R_SUCCESS) @@ -117,13 +119,13 @@ configure_zone_ssutable(cfg_obj_t *zconfig, dns_zone_t *zone) { element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *stmt = cfg_listelt_value(element); - cfg_obj_t *mode = cfg_tuple_get(stmt, "mode"); - cfg_obj_t *identity = cfg_tuple_get(stmt, "identity"); - cfg_obj_t *matchtype = cfg_tuple_get(stmt, "matchtype"); - cfg_obj_t *dname = cfg_tuple_get(stmt, "name"); - cfg_obj_t *typelist = cfg_tuple_get(stmt, "types"); - char *str; + const cfg_obj_t *stmt = cfg_listelt_value(element); + const cfg_obj_t *mode = cfg_tuple_get(stmt, "mode"); + const cfg_obj_t *identity = cfg_tuple_get(stmt, "identity"); + const cfg_obj_t *matchtype = cfg_tuple_get(stmt, "matchtype"); + const cfg_obj_t *dname = cfg_tuple_get(stmt, "name"); + const cfg_obj_t *typelist = cfg_tuple_get(stmt, "types"); + const char *str; isc_boolean_t grant = ISC_FALSE; unsigned int mtype = DNS_SSUMATCHTYPE_NAME; dns_fixedname_t fname, fident; @@ -191,14 +193,14 @@ configure_zone_ssutable(cfg_obj_t *zconfig, dns_zone_t *zone) { element2 != NULL; element2 = cfg_list_next(element2)) { - cfg_obj_t *typeobj; + const cfg_obj_t *typeobj; isc_textregion_t r; INSIST(i < n); typeobj = cfg_listelt_value(element2); str = cfg_obj_asstring(typeobj); - r.base = str; + DE_CONST(str, r.base); r.length = strlen(str); result = dns_rdatatype_fromtext(&types[i++], &r); @@ -237,8 +239,8 @@ configure_zone_ssutable(cfg_obj_t *zconfig, dns_zone_t *zone) { * Convert a config file zone type into a server zone type. */ static inline dns_zonetype_t -zonetype_fromconfig(cfg_obj_t *map) { - cfg_obj_t *obj = NULL; +zonetype_fromconfig(const cfg_obj_t *map) { + const cfg_obj_t *obj = NULL; isc_result_t result; result = cfg_map_get(map, "type", &obj); @@ -293,7 +295,9 @@ strtoargv(isc_mem_t *mctx, char *s, unsigned int *argcp, char ***argvp) { } static void -checknames(dns_zonetype_t ztype, cfg_obj_t **maps, cfg_obj_t **objp) { +checknames(dns_zonetype_t ztype, const cfg_obj_t **maps, + const cfg_obj_t **objp) +{ const char *zone = NULL; isc_result_t result; @@ -308,17 +312,18 @@ checknames(dns_zonetype_t ztype, cfg_obj_t **maps, cfg_obj_t **objp) { } isc_result_t -ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig, - ns_aclconfctx_t *ac, dns_zone_t *zone) +ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, + const cfg_obj_t *zconfig, ns_aclconfctx_t *ac, + dns_zone_t *zone) { isc_result_t result; - char *zname; + const char *zname; dns_rdataclass_t zclass; dns_rdataclass_t vclass; - cfg_obj_t *maps[5]; - cfg_obj_t *zoptions = NULL; - cfg_obj_t *options = NULL; - cfg_obj_t *obj; + const cfg_obj_t *maps[5]; + const cfg_obj_t *zoptions = NULL; + const cfg_obj_t *options = NULL; + const cfg_obj_t *obj; const char *filename = NULL; dns_notifytype_t notifytype = dns_notifytype_yes; isc_sockaddr_t *addrs; @@ -428,7 +433,7 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig, else dialup = dns_dialuptype_no; } else { - char *dialupstr = cfg_obj_asstring(obj); + const char *dialupstr = cfg_obj_asstring(obj); if (strcasecmp(dialupstr, "notify") == 0) dialup = dns_dialuptype_notify; else if (strcasecmp(dialupstr, "notify-passive") == 0) @@ -462,7 +467,7 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig, else notifytype = dns_notifytype_no; } else { - char *notifystr = cfg_obj_asstring(obj); + const char *notifystr = cfg_obj_asstring(obj); if (strcasecmp(notifystr, "explicit") == 0) notifytype = dns_notifytype_explicit; else @@ -612,6 +617,7 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig, switch (ztype) { case dns_zone_slave: case dns_zone_stub: + count = 0; obj = NULL; result = cfg_map_get(zoptions, "masters", &obj); if (obj != NULL) { @@ -715,9 +721,9 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig, } isc_boolean_t -ns_zone_reusable(dns_zone_t *zone, cfg_obj_t *zconfig) { - cfg_obj_t *zoptions = NULL; - cfg_obj_t *obj = NULL; +ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig) { + const cfg_obj_t *zoptions = NULL; + const cfg_obj_t *obj = NULL; const char *cfilename; const char *zfilename; diff --git a/contrib/bind9/bin/nsupdate/nsupdate.8 b/contrib/bind9/bin/nsupdate/nsupdate.8 index 602a55b1831..7e254e0e2ea 100644 --- a/contrib/bind9/bin/nsupdate/nsupdate.8 +++ b/contrib/bind9/bin/nsupdate/nsupdate.8 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nsupdate.8,v 1.24.2.2.2.8 2005/10/13 02:33:48 marka Exp $ +.\" $Id: nsupdate.8,v 1.24.2.2.2.9 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: nsupdate +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "NSUPDATE" "8" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -30,7 +33,7 @@ nsupdate \- Dynamic DNS update utility .SH "SYNOPSIS" .HP 9 -\fBnsupdate\fR [\fB\-d\fR] [[\fB\-y\ \fR\fB\fIkeyname:secret\fR\fR] [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-v\fR] [filename] +\fBnsupdate\fR [\fB\-d\fR] [[\fB\-y\ \fR\fB\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-v\fR] [filename] .SH "DESCRIPTION" .PP \fBnsupdate\fR @@ -79,7 +82,8 @@ reads the shared secret from the file must also be present. When the \fB\-y\fR option is used, a signature is generated from -\fIkeyname:secret.\fR\fIkeyname\fR +\fIkeyname:secret.\fR +\fIkeyname\fR is the name of the key, and \fIsecret\fR is the base64 encoded shared secret. Use of the @@ -123,7 +127,7 @@ Every update request consists of zero or more prerequisites and zero or more upd command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server. .PP The command formats and their meaning are as follows: -.TP +.TP 3n .HP 7 \fBserver\fR {servername} [port] Sends all dynamic update requests to the name server \fIservername\fR. When no server statement is provided, @@ -133,7 +137,7 @@ will send updates to the master server of the correct zone. The MNAME field of t is the port number on \fIservername\fR where the dynamic update requests get sent. If no port number is specified, the default DNS port number of 53 is used. -.TP +.TP 3n .HP 6 \fBlocal\fR {address} [port] Sends all dynamic update requests using the local \fIaddress\fR. When no local statement is provided, @@ -141,7 +145,7 @@ Sends all dynamic update requests using the local will send updates using an address and port chosen by the system. \fIport\fR can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one. -.TP +.TP 3n .HP 5 \fBzone\fR {zonename} Specifies that all updates are to be made to the zone \fIzonename\fR. If no @@ -149,32 +153,33 @@ Specifies that all updates are to be made to the zone statement is provided, \fBnsupdate\fR will attempt determine the correct zone to update based on the rest of the input. -.TP +.TP 3n .HP 6 \fBclass\fR {classname} Specify the default class. If no \fIclass\fR is specified the default class is \fIIN\fR. -.TP +.TP 3n .HP 4 \fBkey\fR {name} {secret} Specifies that all updates are to be TSIG signed using the -\fIkeyname\fR\fIkeysecret\fR +\fIkeyname\fR +\fIkeysecret\fR pair. The \fBkey\fR command overrides any key specified on the command line via \fB\-y\fR or \fB\-k\fR. -.TP +.TP 3n .HP 16 \fBprereq nxdomain\fR {domain\-name} Requires that no resource record of any type exists with name \fIdomain\-name\fR. -.TP +.TP 3n .HP 16 \fBprereq yxdomain\fR {domain\-name} Requires that \fIdomain\-name\fR exists (has as at least one resource record, of any type). -.TP +.TP 3n .HP 15 \fBprereq nxrrset\fR {domain\-name} [class] {type} Requires that no resource record exists of the specified \fItype\fR, @@ -183,7 +188,7 @@ and \fIdomain\-name\fR. If \fIclass\fR is omitted, IN (internet) is assumed. -.TP +.TP 3n .HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} This requires that a resource record of the specified \fItype\fR, @@ -193,7 +198,7 @@ and must exist. If \fIclass\fR is omitted, IN (internet) is assumed. -.TP +.TP 3n .HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} {data...} The \fIdata\fR @@ -207,7 +212,7 @@ are combined to form a set of RRs. This set of RRs must exactly match the set of \fIdomain\-name\fR. The \fIdata\fR are written in the standard text representation of the resource record's RDATA. -.TP +.TP 3n .HP 14 \fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]] Deletes any resource records named \fIdomain\-name\fR. If @@ -219,20 +224,20 @@ is provided, only matching resource records will be removed. The internet class is not supplied. The \fIttl\fR is ignored, and is only allowed for compatibility. -.TP +.TP 3n .HP 11 \fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...} Adds a new resource record with the specified \fIttl\fR, \fIclass\fR and \fIdata\fR. -.TP +.TP 3n .HP 5 \fBshow\fR Displays the current message, containing all of the prerequisites and updates specified since the last send. -.TP +.TP 3n .HP 5 \fBsend\fR Sends the current message. This is equivalent to entering a blank line. -.TP +.TP 3n .HP 7 \fBanswer\fR Displays the answer. .PP @@ -246,12 +251,14 @@ could be used to insert and delete resource records from the zone. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for \fBexample.com\fR. .sp +.RS 3n .nf # nsupdate > update delete oldhost.example.com A > update add newhost.example.com 86400 A 172.16.1.1 > send .fi +.RE .sp .PP Any A records for @@ -260,25 +267,27 @@ are deleted. and an A record for \fBnewhost.example.com\fR it IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (86400 seconds) .sp +.RS 3n .nf # nsupdate > prereq nxdomain nickname.example.com > update add nickname.example.com 86400 CNAME somehost.example.com > send .fi +.RE .sp .PP The prerequisite condition gets the name server to check that there are no resource records of any type for \fBnickname.example.com\fR. If there are, the update request fails. If this name does not exist, a CNAME for it is added. This ensures that when the CNAME is added, it cannot conflict with the long\-standing rule in RFC1034 that a name must not exist as any other record type if it exists as a CNAME. (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have RRSIG, DNSKEY and NSEC records.) .SH "FILES" -.TP +.TP 3n \fB/etc/resolv.conf\fR used to identify default name server -.TP +.TP 3n \fBK{name}.+157.+{random}.key\fR base\-64 encoding of HMAC\-MD5 key created by \fBdnssec\-keygen\fR(8). -.TP +.TP 3n \fBK{name}.+157.+{random}.private\fR base\-64 encoding of HMAC\-MD5 key created by \fBdnssec\-keygen\fR(8). @@ -296,3 +305,5 @@ base\-64 encoding of HMAC\-MD5 key created by .SH "BUGS" .PP The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases. +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/nsupdate/nsupdate.c b/contrib/bind9/bin/nsupdate/nsupdate.c index 7c728b6db95..107d85f9803 100644 --- a/contrib/bind9/bin/nsupdate/nsupdate.c +++ b/contrib/bind9/bin/nsupdate/nsupdate.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsupdate.c,v 1.103.2.15.2.20 2005/03/17 03:58:26 marka Exp $ */ +/* $Id: nsupdate.c,v 1.103.2.15.2.23 2006/06/09 07:29:24 marka Exp $ */ #include @@ -1343,8 +1343,10 @@ get_next_command(void) { char *word; ddebug("get_next_command()"); - if (interactive) + if (interactive) { fprintf(stdout, "> "); + fflush(stdout); + } isc_app_block(); cmdline = fgets(cmdlinebuf, MAXCMD, input); isc_app_unblock(); @@ -1665,7 +1667,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { result = dns_request_createvia3(requestmgr, soaquery, localaddr, addr, 0, NULL, FIND_TIMEOUT * 20, - FIND_TIMEOUT * 20, 3, + FIND_TIMEOUT, 3, global_task, recvsoa, reqinfo, &request); check_result(result, "dns_request_createvia"); diff --git a/contrib/bind9/bin/nsupdate/nsupdate.html b/contrib/bind9/bin/nsupdate/nsupdate.html index 74ba2fbe277..4df8280ce86 100644 --- a/contrib/bind9/bin/nsupdate/nsupdate.html +++ b/contrib/bind9/bin/nsupdate/nsupdate.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + nsupdate - +
-
+

Name

nsupdate — Dynamic DNS update utility

@@ -32,7 +32,7 @@

nsupdate [-d] [[-y keyname:secret] | [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-v] [filename]

-

DESCRIPTION

+

DESCRIPTION

nsupdate is used to submit Dynamic DNS Update requests as defined in RFC2136 @@ -160,7 +160,7 @@ and number of UDP retries.

-

INPUT FORMAT

+

INPUT FORMAT

nsupdate reads input from @@ -317,7 +317,7 @@ are written in the standard text representation of the resource record's RDATA.

-

update delete {domain-name} [ttl] [class] [type [data...]]

+

update delete {domain-name} [ttl] [class] [type [data...]]

Deletes any resource records named @@ -370,7 +370,7 @@ Lines beginning with a semicolon are comments and are ignored.

-

EXAMPLES

+

EXAMPLES

The examples below show how nsupdate @@ -423,7 +423,7 @@ RRSIG, DNSKEY and NSEC records.)

-

FILES

+

FILES

/etc/resolv.conf

@@ -442,7 +442,7 @@ base-64 encoding of HMAC-MD5 key created by

-

SEE ALSO

+

SEE ALSO

RFC2136, RFC3007, @@ -456,7 +456,7 @@ base-64 encoding of HMAC-MD5 key created by

-

BUGS

+

BUGS

The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/contrib/bind9/bin/rndc/rndc-confgen.8 b/contrib/bind9/bin/rndc/rndc-confgen.8 index b29f0095cc0..c6a421879b4 100644 --- a/contrib/bind9/bin/rndc/rndc-confgen.8 +++ b/contrib/bind9/bin/rndc/rndc-confgen.8 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc-confgen.8,v 1.3.2.5.2.7 2005/10/13 02:33:50 marka Exp $ +.\" $Id: rndc-confgen.8,v 1.3.2.5.2.8 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: rndc\-confgen +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Aug 27, 2001 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "RNDC\-CONFGEN" "8" "Aug 27, 2001" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -53,7 +56,7 @@ file and a \fBcontrols\fR statement altogether. .SH "OPTIONS" -.TP +.TP 3n \-a Do automatic \fBrndc\fR @@ -97,30 +100,30 @@ option and set up a and \fInamed.conf\fR as directed. -.TP +.TP 3n \-b \fIkeysize\fR Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128. -.TP +.TP 3n \-c \fIkeyfile\fR Used with the \fB\-a\fR option to specify an alternate location for \fIrndc.key\fR. -.TP +.TP 3n \-h Prints a short summary of the options and arguments to \fBrndc\-confgen\fR. -.TP +.TP 3n \-k \fIkeyname\fR Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is \fBrndc\-key\fR. -.TP +.TP 3n \-p \fIport\fR Specifies the command channel port where \fBnamed\fR listens for connections from \fBrndc\fR. The default is 953. -.TP +.TP 3n \-r \fIrandomfile\fR Specifies a source of random data for generating the authorization. If the operating system does not provide a \fI/dev/random\fR @@ -129,13 +132,13 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP +.TP 3n \-s \fIaddress\fR Specifies the IP address where \fBnamed\fR listens for command channel connections from \fBrndc\fR. The default is the loopback address 127.0.0.1. -.TP +.TP 3n \-t \fIchrootdir\fR Used with the \fB\-a\fR @@ -145,7 +148,7 @@ will run chrooted. An additional copy of the \fIrndc.key\fR will be written relative to this directory so that it will be found by the chrooted \fBnamed\fR. -.TP +.TP 3n \-u \fIuser\fR Used with the \fB\-a\fR @@ -181,3 +184,5 @@ BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/rndc/rndc-confgen.html b/contrib/bind9/bin/rndc/rndc-confgen.html index ca754008419..058cd56d163 100644 --- a/contrib/bind9/bin/rndc/rndc-confgen.html +++ b/contrib/bind9/bin/rndc/rndc-confgen.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + rndc-confgen - +

-
+

Name

rndc-confgen — rndc key generation tool

@@ -32,7 +32,7 @@

rndc-confgen [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

-

DESCRIPTION

+

DESCRIPTION

rndc-confgen generates configuration files for rndc. It can be used as a @@ -48,7 +48,7 @@

-

OPTIONS

+

OPTIONS

-a
@@ -57,7 +57,7 @@ This creates a file rndc.key in /etc (or whatever sysconfdir - was specified as when BIND was built) + was specified as when BIND was built) that is read by both rndc and named on startup. The rndc.key file defines a default @@ -148,7 +148,7 @@
-

EXAMPLES

+

EXAMPLES

To allow rndc to be used with no manual configuration, run @@ -167,7 +167,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc.conf(5), @@ -176,7 +176,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/bin/rndc/rndc.8 b/contrib/bind9/bin/rndc/rndc.8 index fba5529e405..04bd133f376 100644 --- a/contrib/bind9/bin/rndc/rndc.8 +++ b/contrib/bind9/bin/rndc/rndc.8 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.8,v 1.24.206.5 2005/10/13 02:33:49 marka Exp $ +.\" $Id: rndc.8,v 1.24.206.6 2006/06/29 13:02:30 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: rndc +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: June 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "RNDC" "8" "June 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -50,13 +53,13 @@ named the only supported authentication algorithm is HMAC\-MD5, which uses a sha \fBrndc\fR reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use. .SH "OPTIONS" -.TP +.TP 3n \-c \fIconfig\-file\fR Use \fIconfig\-file\fR as the configuration file instead of the default, \fI/etc/rndc.conf\fR. -.TP +.TP 3n \-k \fIkey\-file\fR Use \fIkey\-file\fR @@ -66,20 +69,20 @@ as the key file instead of the default, will be used to authenticate commands sent to the server if the \fIconfig\-file\fR does not exist. -.TP +.TP 3n \-s \fIserver\fR \fIserver\fR is the name or address of the server which matches a server statement in the configuration file for \fBrndc\fR. If no server is supplied on the command line, the host named by the default\-server clause in the option statement of the configuration file will be used. -.TP +.TP 3n \-p \fIport\fR Send commands to TCP port \fIport\fR instead of BIND 9's default control channel port, 953. -.TP +.TP 3n \-V Enable verbose logging. -.TP +.TP 3n \-y \fIkeyid\fR Use the key \fIkeyid\fR @@ -111,8 +114,11 @@ Several error messages could be clearer. .PP \fBrndc.conf\fR(5), \fBnamed\fR(8), -\fBnamed.conf\fR(5)\fBndc\fR(8), +\fBnamed.conf\fR(5) +\fBndc\fR(8), BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/rndc/rndc.c b/contrib/bind9/bin/rndc/rndc.c index 63e8f23b9ff..a5e912ddfd4 100644 --- a/contrib/bind9/bin/rndc/rndc.c +++ b/contrib/bind9/bin/rndc/rndc.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc.c,v 1.77.2.5.2.15 2005/03/17 03:58:27 marka Exp $ */ +/* $Id: rndc.c,v 1.77.2.5.2.19 2006/08/04 03:03:08 marka Exp $ */ /* * Principal Author: DCL @@ -154,6 +154,11 @@ rndc_senddone(isc_task_t *task, isc_event_t *event) { if (sevent->result != ISC_R_SUCCESS) fatal("send failed: %s", isc_result_totext(sevent->result)); isc_event_free(&event); + if (sends == 0 && recvs == 0) { + isc_socket_detach(&sock); + isc_task_shutdown(task); + RUNTIME_CHECK(isc_app_shutdown() == ISC_R_SUCCESS); + } } static void @@ -204,9 +209,11 @@ rndc_recvdone(isc_task_t *task, isc_event_t *event) { isc_event_free(&event); isccc_sexpr_free(&response); - isc_socket_detach(&sock); - isc_task_shutdown(task); - RUNTIME_CHECK(isc_app_shutdown() == ISC_R_SUCCESS); + if (sends == 0 && recvs == 0) { + isc_socket_detach(&sock); + isc_task_shutdown(task); + RUNTIME_CHECK(isc_app_shutdown() == ISC_R_SUCCESS); + } } static void @@ -288,6 +295,7 @@ rndc_recvnonce(isc_task_t *task, isc_event_t *event) { static void rndc_connected(isc_task_t *task, isc_event_t *event) { + char socktext[ISC_SOCKADDR_FORMATSIZE]; isc_socketevent_t *sevent = (isc_socketevent_t *)event; isccc_sexpr_t *request = NULL; isccc_sexpr_t *data; @@ -301,17 +309,19 @@ rndc_connected(isc_task_t *task, isc_event_t *event) { connects--; if (sevent->result != ISC_R_SUCCESS) { + isc_sockaddr_format(&serveraddrs[currentaddr], socktext, + sizeof(socktext)); if (sevent->result != ISC_R_CANCELED && - currentaddr < nserveraddrs) + ++currentaddr < nserveraddrs) { - notify("connection failed: %s", + notify("connection failed: %s: %s", socktext, isc_result_totext(sevent->result)); isc_socket_detach(&sock); isc_event_free(&event); - rndc_startconnect(&serveraddrs[currentaddr++], task); + rndc_startconnect(&serveraddrs[currentaddr], task); return; } else - fatal("connect failed: %s", + fatal("connect failed: %s: %s", socktext, isc_result_totext(sevent->result)); } @@ -369,7 +379,7 @@ rndc_start(isc_task_t *task, isc_event_t *event) { get_addresses(servername, (in_port_t) remoteport); currentaddr = 0; - rndc_startconnect(&serveraddrs[currentaddr++], task); + rndc_startconnect(&serveraddrs[currentaddr], task); } static void @@ -378,17 +388,17 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, { isc_result_t result; const char *conffile = admin_conffile; - cfg_obj_t *defkey = NULL; - cfg_obj_t *options = NULL; - cfg_obj_t *servers = NULL; - cfg_obj_t *server = NULL; - cfg_obj_t *keys = NULL; - cfg_obj_t *key = NULL; - cfg_obj_t *defport = NULL; - cfg_obj_t *secretobj = NULL; - cfg_obj_t *algorithmobj = NULL; + const cfg_obj_t *defkey = NULL; + const cfg_obj_t *options = NULL; + const cfg_obj_t *servers = NULL; + const cfg_obj_t *server = NULL; + const cfg_obj_t *keys = NULL; + const cfg_obj_t *key = NULL; + const cfg_obj_t *defport = NULL; + const cfg_obj_t *secretobj = NULL; + const cfg_obj_t *algorithmobj = NULL; cfg_obj_t *config = NULL; - cfg_listelt_t *elt; + const cfg_listelt_t *elt; const char *secretstr; const char *algorithm; static char secretarray[1024]; @@ -420,7 +430,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, if (key_only && servername == NULL) servername = "127.0.0.1"; else if (servername == NULL && options != NULL) { - cfg_obj_t *defserverobj = NULL; + const cfg_obj_t *defserverobj = NULL; (void)cfg_map_get(options, "default-server", &defserverobj); if (defserverobj != NULL) servername = cfg_obj_asstring(defserverobj); diff --git a/contrib/bind9/bin/rndc/rndc.conf.5 b/contrib/bind9/bin/rndc/rndc.conf.5 index 1c21e363d61..3a06a44cd0b 100644 --- a/contrib/bind9/bin/rndc/rndc.conf.5 +++ b/contrib/bind9/bin/rndc/rndc.conf.5 @@ -13,15 +13,18 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.conf.5,v 1.21.206.5 2005/10/13 02:33:50 marka Exp $ +.\" $Id: rndc.conf.5,v 1.21.206.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. -.TH "\\FIRNDC.CONF\\FR" "5" "June 30, 2000" "BIND9" "BIND9" +.\" Title: \fIrndc.conf\fR +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: June 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" +.TH "\fIRNDC.CONF\fR" "5" "June 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -98,6 +101,7 @@ program, also known as does not ship with BIND 9 but is available on many systems. See the EXAMPLE section for sample command lines for each. .SH "EXAMPLE" .sp +.RS 3n .nf options { default\-server localhost; @@ -111,6 +115,7 @@ does not ship with BIND 9 but is available on many systems. See the EXAMPLE sect secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; }; .fi +.RE .PP In the above example, \fBrndc\fR @@ -152,3 +157,5 @@ BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/bin/rndc/rndc.conf.html b/contrib/bind9/bin/rndc/rndc.conf.html index 05db0eca644..fefe616d8dc 100644 --- a/contrib/bind9/bin/rndc/rndc.conf.html +++ b/contrib/bind9/bin/rndc/rndc.conf.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + rndc.conf - +
-
+

Name

rndc.conf — rndc configuration file

@@ -32,7 +32,7 @@

rndc.conf

-

DESCRIPTION

+

DESCRIPTION

rndc.conf is the configuration file for rndc, the BIND 9 name server control @@ -105,7 +105,7 @@

-

EXAMPLE

+

EXAMPLE

     options {
         default-server  localhost;
@@ -151,7 +151,7 @@
-

NAME SERVER CONFIGURATION

+

NAME SERVER CONFIGURATION

The name server must be configured to accept rndc connections and to recognize the key specified in the rndc.conf @@ -161,7 +161,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc-confgen(8), @@ -170,7 +170,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/bin/rndc/rndc.html b/contrib/bind9/bin/rndc/rndc.html index d23f4682c01..4dfd3188142 100644 --- a/contrib/bind9/bin/rndc/rndc.html +++ b/contrib/bind9/bin/rndc/rndc.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + rndc - +
-
+

Name

rndc — name server control utility

@@ -32,7 +32,7 @@

rndc [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

-

DESCRIPTION

+

DESCRIPTION

rndc controls the operation of a name server. It supersedes the ndc utility @@ -61,7 +61,7 @@

-

OPTIONS

+

OPTIONS

-c config-file

@@ -123,7 +123,7 @@

-

LIMITATIONS

+

LIMITATIONS

rndc does not yet support all the commands of the BIND 8 ndc utility. @@ -137,7 +137,7 @@

-

SEE ALSO

+

SEE ALSO

rndc.conf(5), named(8), @@ -147,7 +147,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/contrib/bind9/config.threads.in b/contrib/bind9/config.threads.in index f2816c447fb..c1c113b9372 100644 --- a/contrib/bind9/config.threads.in +++ b/contrib/bind9/config.threads.in @@ -140,6 +140,31 @@ then fi fi ;; + *-freebsd*) + # We don't want to set -lpthread as that break + # the ability to choose threads library at final + # link time and is not valid for all architectures. + + PTHREAD= + if test "X$GCC" = "Xyes"; then + saved_cc="$CC" + CC="$CC -pthread" + AC_MSG_CHECKING(for gcc -pthread support); + AC_TRY_LINK([#include ], + [printf("%x\n", pthread_create);], + PTHREAD="yes" + AC_MSG_RESULT(yes), + AC_MSG_RESULT(no)) + CC="$saved_cc" + fi + if test "X$PTHREAD" != "Xyes"; then + AC_CHECK_LIB(pthread, pthread_create,, + AC_CHECK_LIB(thr, thread_create,, + AC_CHECK_LIB(c_r, pthread_create,, + AC_CHECK_LIB(c, pthread_create,, + AC_MSG_ERROR("could not find thread libraries"))))) + fi + ;; *) AC_CHECK_LIB(pthread, pthread_create,, AC_CHECK_LIB(pthread, __pthread_create,, diff --git a/contrib/bind9/configure.in b/contrib/bind9/configure.in index cf7517b0b5d..050a2722314 100644 --- a/contrib/bind9/configure.in +++ b/contrib/bind9/configure.in @@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl esyscmd([sed "s/^/# /" COPYRIGHT])dnl AC_DIVERT_POP()dnl -AC_REVISION($Revision: 1.294.2.23.2.51.4.3 $) +AC_REVISION($Revision: 1.294.2.23.2.73 $) AC_INIT(lib/dns/name.c) AC_PREREQ(2.13) @@ -364,7 +364,7 @@ AC_ARG_WITH(openssl, (Required for DNSSEC)], use_openssl="$withval", use_openssl="auto") -openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg" +openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw" if test "$use_openssl" = "auto" then for d in $openssldirs @@ -417,6 +417,9 @@ case "$use_openssl" in *-solaris*) DNS_OPENSSL_LIBS="-L$use_openssl/lib -R$use_openssl/lib -lcrypto" ;; + *-hp-hpux*) + DNS_OPENSSL_LIBS="-L$use_openssl/lib -Wl,+b: -lcrypto" + ;; *) DNS_OPENSSL_LIBS="-L$use_openssl/lib -lcrypto" ;; @@ -463,9 +466,19 @@ shared library configuration (e.g., LD_LIBRARY_PATH).)], [AC_MSG_RESULT(assuming it does work on target platform)] ) + AC_CHECK_FUNC(DH_generate_parameters, + AC_DEFINE(HAVE_DH_GENERATE_PARAMETERS, 1, + [Define if libcrypto has DH_generate_parameters])) + AC_CHECK_FUNC(RSA_generate_key, + AC_DEFINE(HAVE_RSA_GENERATE_KEY, 1, + [Define if libcrypto has RSA_generate_key])) + AC_CHECK_FUNC(DSA_generate_parameters, + AC_DEFINE(HAVE_DSA_GENERATE_PARAMETERS, 1, + [Define if libcrypto has DSA_generate_parameters])) + AC_ARG_ENABLE(openssl-version-check, [AC_HELP_STRING([--enable-openssl-version-check], - [Check OpenSSL Version @<:@default=yes@:>@])]) + [Check OpenSSL Version @<:@default=yes@:>@])]) case "$enable_openssl_version_check" in yes|'') AC_MSG_CHECKING(OpenSSL library version) @@ -473,9 +486,9 @@ yes|'') #include #include int main() { - if ((OPENSSL_VERSION_NUMBER >= 0x009070cfL && - OPENSSL_VERSION_NUMBER < 0x009080000L) || - OPENSSL_VERSION_NUMBER >= 0x0090804fL) + if ((OPENSSL_VERSION_NUMBER >= 0x009070cfL && + OPENSSL_VERSION_NUMBER < 0x00908000L) || + OPENSSL_VERSION_NUMBER >= 0x0090804fL) return (0); printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n", OPENSSL_VERSION_NUMBER); @@ -601,16 +614,61 @@ sinclude(config.threads.in)dnl if $use_threads then + if test "X$GCC" = "Xyes"; then + case "$host" in + *-freebsd*) + CC="$CC -pthread" + CCOPT="$CCOPT -pthread" + STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" + ;; + *-openbsd*) + CC="$CC -pthread" + CCOPT="$CCOPT -pthread" + ;; + *-solaris*) + LIBS="$LIBS -lthread" + ;; + *-ibm-aix*) + STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" + ;; + esac + else + case $host in + *-dec-osf*) + CC="$CC -pthread" + CCOPT="$CCOPT -pthread" + ;; + *-solaris*) + CC="$CC -mt" + CCOPT="$CCOPT -mt" + ;; + *-ibm-aix*) + STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" + ;; + *-sco-sysv*uw*|*-*-sysv*UnixWare*) + CC="$CC -Kthread" + CCOPT="$CCOPT -Kthread" + ;; + *-*-sysv*OpenUNIX*) + CC="$CC -Kpthread" + CCOPT="$CCOPT -Kpthread" + ;; + esac + fi + ALWAYS_DEFINES="-D_REENTRANT" + ISC_PLATFORM_USETHREADS="#define ISC_PLATFORM_USETHREADS 1" + thread_dir=pthreads # # We'd like to use sigwait() too # - AC_CHECK_LIB(c, sigwait, - AC_DEFINE(HAVE_SIGWAIT), - AC_CHECK_LIB(pthread, sigwait, - AC_DEFINE(HAVE_SIGWAIT), - AC_CHECK_LIB(pthread, _Psigwait, - AC_DEFINE(HAVE_SIGWAIT),)) - ) + AC_CHECK_FUNC(sigwait, + AC_DEFINE(HAVE_SIGWAIT), + AC_CHECK_LIB(c, sigwait, + AC_DEFINE(HAVE_SIGWAIT), + AC_CHECK_LIB(pthread, sigwait, + AC_DEFINE(HAVE_SIGWAIT), + AC_CHECK_LIB(pthread, _Psigwait, + AC_DEFINE(HAVE_SIGWAIT),)))) AC_CHECK_FUNC(pthread_attr_getstacksize, AC_DEFINE(HAVE_PTHREAD_ATTR_GETSTACKSIZE),) @@ -674,50 +732,6 @@ then # AC_CHECK_FUNC(sysconf, AC_DEFINE(HAVE_SYSCONF),) - if test "X$GCC" = "Xyes"; then - case "$host" in - *-freebsd*) - CC="$CC -pthread" - CCOPT="$CCOPT -pthread" - STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" - ;; - *-openbsd*) - CC="$CC -pthread" - CCOPT="$CCOPT -pthread" - ;; - *-solaris*) - LIBS="$LIBS -lthread" - ;; - *-ibm-aix*) - STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" - ;; - esac - else - case $host in - *-dec-osf*) - CC="$CC -pthread" - CCOPT="$CCOPT -pthread" - ;; - *-solaris*) - CC="$CC -mt" - CCOPT="$CCOPT -mt" - ;; - *-ibm-aix*) - STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" - ;; - *-sco-sysv*uw*|*-*-sysv*UnixWare*) - CC="$CC -Kthread" - CCOPT="$CCOPT -Kthread" - ;; - *-*-sysv*OpenUNIX*) - CC="$CC -Kpthread" - CCOPT="$CCOPT -Kpthread" - ;; - esac - fi - ALWAYS_DEFINES="-D_REENTRANT" - ISC_PLATFORM_USETHREADS="#define ISC_PLATFORM_USETHREADS 1" - thread_dir=pthreads else ISC_PLATFORM_USETHREADS="#undef ISC_PLATFORM_USETHREADS" thread_dir=nothreads @@ -777,7 +791,18 @@ MKDEPCFLAGS="-M" IRIX_DNSSEC_WARNINGS_HACK="" if test "X$GCC" = "Xyes"; then - STD_CWARNINGS="$STD_CWARNINGS -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat" + AC_MSG_CHECKING(if "$CC" supports -fno-strict-aliasing) + SAVE_CFLAGS=$CFLAGS + CFLAGS=-fno-strict-aliasing + AC_TRY_COMPILE(,, [FNOSTRICTALIASING=yes],[FNOSTRICTALIASING=no]) + CFLAGS=$SAVE_CFLAGS + if test "$FNOSTRICTALIASING" = "yes"; then + AC_MSG_RESULT(yes) + STD_CWARNINGS="$STD_CWARNINGS -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith -fno-strict-aliasing" + else + AC_MSG_RESULT(no) + STD_CWARNINGS="$STD_CWARNINGS -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith" + fi case "$host" in *-hp-hpux*) LDFLAGS="-Wl,+vnocompatwarnings $LDFLAGS" @@ -1555,11 +1580,11 @@ AC_SUBST(ISC_PLATFORM_NEEDMEMMOVE) AC_CHECK_FUNC(strtoul, [ISC_PLATFORM_NEEDSTRTOUL="#undef ISC_PLATFORM_NEEDSTRTOUL" - LWRES_PLATFORM_NEEDSTRTOUL="#undef ISC_PLATFORM_NEEDSTRTOUL" + LWRES_PLATFORM_NEEDSTRTOUL="#undef LWRES_PLATFORM_NEEDSTRTOUL" GENRANDOMLIB=""], [ISC_PLATFORM_NEEDSTRTOUL="#define ISC_PLATFORM_NEEDSTRTOUL 1" - LWRES_PLATFORM_NEEDSTRTOUL="#define ISC_PLATFORM_NEEDSTRTOUL 1" - "GENRANDOMLIB=${ISCLIBS}"]) + LWRES_PLATFORM_NEEDSTRTOUL="#define LWRES_PLATFORM_NEEDSTRTOUL 1" + GENRANDOMLIB='${ISCLIBS}']) AC_SUBST(ISC_PLATFORM_NEEDSTRTOUL) AC_SUBST(LWRES_PLATFORM_NEEDSTRTOUL) AC_SUBST(GENRANDOMLIB) @@ -1674,6 +1699,7 @@ AC_TRY_COMPILE([ [optarg = 0;], [AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no) +GEN_NEED_OPTARG="-DNEED_OPTARG=1" AC_DEFINE(NEED_OPTARG, 1, [Defined if extern char *optarg is not declared.])]) # @@ -1736,6 +1762,17 @@ case "$host" in ;; esac +# +# Some hosts need msg_namelen to match the size of the socket structure. +# Some hosts don't set msg_namelen appropriately on return from recvmsg(). +# +case $host in +*os2*|*hp-mpeix*) + AC_DEFINE(BROKEN_RECVMSG, 1, + [Define if recvmsg() does not meet all of the BSD socket API specifications.]) + ;; +esac + # # Microsoft has their own way of handling shared libraries that requires # additional qualifiers on extern variables. Unix systems don't need it. @@ -1753,7 +1790,7 @@ AC_SUBST(ISC_PLATFORM_BRACEPTHREADONCEINIT) ISC_PLATFORM_BRACEPTHREADONCEINIT="#undef ISC_PLATFORM_BRACEPTHREADONCEINIT" case "$host" in - *-aix5.1.*) + *-aix5.[[123]].*) hack_shutup_pthreadonceinit=yes ;; *-bsdi3.1*) @@ -1769,6 +1806,9 @@ case "$host" in [*-solaris2.[89]]) hack_shutup_pthreadonceinit=yes ;; + *-solaris2.10) + hack_shutup_pthreadonceinit=yes + ;; esac case "$hack_shutup_pthreadonceinit" in @@ -1849,6 +1889,16 @@ case "$host" in ;; esac # +# Solaris 2.5.1 and earlier cannot bind() then connect() a TCP socket. +# This prevents the source address being set. +# +case "$host" in +*-solaris2.[[012345]]|*-solaris2.5.1) + AC_DEFINE(BROKEN_TCP_BIND_BEFORE_CONNECT, 1, + [Define if you cannot bind() before connect() for TCP sockets.]) + ;; +esac +# # The following sections deal with tools used for formatting # the documentation. They are all optional, unless you are # a developer editing the documentation source. @@ -2024,6 +2074,28 @@ LIBBIND9_API=$srcdir/lib/bind9/api AC_SUBST_FILE(LIBLWRES_API) LIBLWRES_API=$srcdir/lib/lwres/api +if test "$cross_compiling" = "yes"; then + if test -z "$BUILD_CC"; then + AC_ERROR([BUILD_CC not set]) + fi + BUILD_CFLAGS="$BUILD_CFLAGS" + BUILD_CPPFLAGS="$BUILD_CPPFLAGS" + BUILD_LDFLAGS="$BUILD_LDFLAGS" + BUILD_LIBS="$BUILD_LIBS" +else + BUILD_CC="$CC" + BUILD_CFLAGS="$CFLAGS" + BUILD_CPPFLAGS="$CPPFLAGS $GEN_NEED_OPTARG" + BUILD_LDFLAGS="$LDFLAGS" + BUILD_LIBS="$LIBS" +fi + +AC_SUBST(BUILD_CC) +AC_SUBST(BUILD_CFLAGS) +AC_SUBST(BUILD_CPPFLAGS) +AC_SUBST(BUILD_LDFLAGS) +AC_SUBST(BUILD_LIBS) + AC_OUTPUT( make/rules make/includes diff --git a/contrib/bind9/doc/arm/Bv9ARM-book.xml b/contrib/bind9/doc/arm/Bv9ARM-book.xml index 28ccb360afe..bccb088a664 100644 --- a/contrib/bind9/doc/arm/Bv9ARM-book.xml +++ b/contrib/bind9/doc/arm/Bv9ARM-book.xml @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" []> - + BIND 9 Administrator Reference Manual @@ -27,6 +27,7 @@ 2004 2005 + 2006 Internet Systems Consortium, Inc. ("ISC") @@ -50,7 +51,7 @@ Scope of Document - The Berkeley Internet Name Domain (BIND) implements an + The Berkeley Internet Name Domain (BIND) implements a domain name server for a number of operating systems. This document provides basic information about the installation and care of the Internet Software Consortium (ISC) @@ -334,7 +335,7 @@ caching are intimately connected, the terms caching server are often used synonymously. The length of time for which a record may be retained in -in the cache of a caching name server is controlled by the +the cache of a caching name server is controlled by the Time To Live (TTL) field associated with each resource record. @@ -729,7 +730,7 @@ of a server. command command - command is one of the following: + The command is one of the following: @@ -758,7 +759,7 @@ of a server. freeze zone class view - Suspend updates to a dynamic zone. If no zone is specified + Suspend updates to a dynamic zone. If no zone is specified, then all zones are suspended. This allows manual edits to be made to a zone normally updated by dynamic update. It also causes changes in the journal file to be synced into the master @@ -770,17 +771,12 @@ of a server. class view Enable updates to a frozen dynamic zone. If no zone is - specified then all frozen zones are enabled. This causes + specified, then all frozen zones are enabled. This causes the server to reload the zone from disk, and re-enables dynamic updates after the load has completed. After a zone is thawed, dynamic updates will no longer be refused. - notify zone - class - view - Resend NOTIFY messages for the zone - reconfig Reload the configuration file and load new zones, but do not reload existing zone files even if they have changed. @@ -803,19 +799,22 @@ of a server. dumpdb -all|-cache|-zone view ... Dump the server's caches (default) and / or zones to the - dump file for the specified views. If no view is specified all + dump file for the specified views. If no view is specified, all views are dumped. stop -p Stop the server, making sure any recent changes made through dynamic update or IXFR are first saved to the master files - of the updated zones. If -p is specified named's process id is returned. + of the updated zones. If -p is specified named's process id is returned. + This allows an external process to determine when named had completed stopping. halt -p Stop the server immediately. Recent changes made through dynamic update or IXFR are not saved to the master files, but will be rolled forward from the journal files when the server - is restarted. If -p is specified named's process id is returned. + is restarted. If -p is specified named's process id is returned. + This allows an external process to determine when named had completed + stopping. trace Increment the servers debugging level by one. @@ -835,8 +834,8 @@ of a server. status Display status of the server. -Note the number of zones includes the internal bind/CH zone -and the default ./IN hint zone if there is not a +Note that the number of zones includes the internal bind/CH zone +and the default ./IN hint zone if there is not an explicit root zone configured. recursing @@ -893,7 +892,7 @@ the name of a key as its argument, as defined by a key statem port is given on the command line or in a server statement. -The key statement defines an key to be used +The key statement defines a key to be used by rndc when authenticating with named. Its syntax is identical to the key statement in named.conf. @@ -1063,7 +1062,7 @@ protocol is specified in RFC 1996. The zone files of dynamic zones cannot normally be edited by hand because they are not guaranteed to contain the most recent - dynamic changes - those are only in the journal file. + dynamic changes — those are only in the journal file. The only way to ensure that the zone file of a dynamic zone is up to date is to run rndc stop. @@ -1073,7 +1072,7 @@ protocol is specified in RFC 1996. rndc freeze zone. This will also remove the zone's .jnl file and update the master file. Edit the zone file. Run - rndc unfreeze zone + rndc thaw zone to reload the changed zone and re-enable dynamic updates. @@ -1184,7 +1183,7 @@ internal clients will now be able to: Look up any hostnames on the Internet. - Exchange mail with internal AND external people. + Exchange mail with both internal AND external people. Hosts on the Internet will be able to: Look up any hostnames in the site1 and @@ -1196,7 +1195,7 @@ internal clients will now be able to: Here is an example configuration for the setup we just described above. Note that this is only configuration information; for information on how to configure your zone files, see + linkend="sample_configuration"/>. Internal DNS server config: @@ -1318,11 +1317,11 @@ for TSIG. An arbitrary key name is chosen: "host1-host2.". The key name must be the same on both hosts. Automatic Generation -The following command will generate a 128 bit (16 byte) HMAC-MD5 +The following command will generate a 128-bit (16 byte) HMAC-MD5 key as described above. Longer keys are better, but shorter keys are easier to read. Note that the maximum key length is 512 bits; -keys longer than that will be digested with MD5 to produce a 128 -bit key. +keys longer than that will be digested with MD5 to produce a +128-bit key. dnssec-keygen -a hmac-md5 -b 128 -n HOST host1-host2. The key is in the file Khost1-host2.+157+00000.private. Nothing directly uses this file, but the base-64 encoded string @@ -1402,11 +1401,12 @@ allow-update { key host1-host2. ;}; Errors The processing of TSIG signed messages can result in - several errors. If a signed message is sent to a non-TSIG aware - server, a FORMERR will be returned, since the server will not - understand the record. This is a result of misconfiguration, - since the server must be explicitly configured to send a TSIG - signed message to a specific server. + several errors. If a signed message is sent to a non-TSIG + aware server, a FORMERR (format error) will be returned, since + the server will not understand the record. This is a result + of misconfiguration, since the server must be explicitly + configured to send a TSIG signed message to a specific + server. If a TSIG aware server receives a message signed by an unknown key, the response will be unsigned with the TSIG @@ -1418,7 +1418,7 @@ allow-update { key host1-host2. ;}; the TSIG extended error code set to BADTIME, and the time values will be adjusted so that the response can be successfully verified. In any of these cases, the message's rcode is set to - NOTAUTH. + NOTAUTH (not authenticated). @@ -1462,7 +1462,7 @@ allow-update { key host1-host2. ;}; When a SIG(0) signed message is received, it will only be verified if the key is known and trusted by the server; the server - will not attempt to locate and/or validate the key. + will not attempt to locate and / or validate the key. SIG(0) signing of multiple-message TCP streams is not supported. @@ -1475,9 +1475,10 @@ allow-update { key host1-host2. ;}; DNSSEC Cryptographic authentication of DNS information is possible - through the DNS Security (DNSSEC-bis) extensions, - defined in RFC <TBA>. This section describes the creation and use - of DNSSEC signed zones. + through the DNS Security (DNSSEC-bis) + extensions, defined in RFC 4033, RFC4034 and RFC4035. This + section describes the creation and use of DNSSEC signed + zones. In order to set up a DNSSEC secure zone, there are a series of steps which must be followed. BIND 9 ships @@ -1493,7 +1494,7 @@ allow-update { key host1-host2. ;}; There must also be communication with the administrators of the parent and/or child zone to transmit keys. A zone's security status must be indicated by the parent zone for a DNSSEC capable - resolver to trust its data. This is done through the presense + resolver to trust its data. This is done through the presence or absence of a DS record at the delegation point. @@ -1516,7 +1517,7 @@ allow-update { key host1-host2. ;}; designated as "mandatory to implement" by the IETF; currently the only one is RSASHA1. - The following command will generate a 768 bit RSASHA1 key for + The following command will generate a 768-bit RSASHA1 key for the child.example zone: dnssec-keygen -a RSASHA1 -b 768 -n ZONE child.example. @@ -1552,7 +1553,7 @@ allow-update { key host1-host2. ;}; generate NSEC and RRSIG records for the zone, as well as DS for the child zones if '-d' is specified. - If '-d' is not specified then DS RRsets for + If '-d' is not specified, then DS RRsets for the secure child zones need to be added manually. The following command signs the zone, assuming it is in a @@ -1577,14 +1578,93 @@ allow-update { key host1-host2. ;}; Configuring Servers -Unlike BIND 8, -BIND 9 does not verify signatures on load, -so zone keys for authoritative zones do not need to be specified -in the configuration file. + + To enable named to respond appropriately + to DNS requests from DNSSEC aware clients, + dnssec-enable must be set to yes. + + + + To enable named to validate answers from + other servers dnssec-enable and + some trusted-keys must be configured + into named.conf. + -The public key for any security root must be present in -the configuration file's trusted-keys -statement, as described later in this document. + + trusted-keys are copies of DNSKEY RRs + for zones that are used to form the first link in the + cryptographic chain of trust. All keys listed in + trusted-keys (and corresponding zones) + are deemed to exist and only the listed keys will be used + to validated the DNSKEY RRset that they are from. + + + + trusted-keys are described in more detail + later in this document. + + + + Unlike BIND 8, BIND + 9 does not verify signatures on load, so zone keys for + authoritative zones do not need to be specified in the + configuration file. + + + + After DNSSEC gets established, a typical DNSSEC configuration + will look something like the following. It has a one or + more public keys for the root. This allows answers from + outside the organization to be validated. It will also + have several keys for parts of the namespace the organization + controls. These are here to ensure that named is immune + to compromises in the DNSSEC components of the security + of parent zones. + + + +trusted-keys { + + /* Root Key */ +"." 257 3 3 "BNY4wrWM1nCfJ+CXd0rVXyYmobt7sEEfK3clRbGaTwSJxrGkxJWoZu6I7PzJu/ + E9gx4UC1zGAHlXKdE4zYIpRhaBKnvcC2U9mZhkdUpd1Vso/HAdjNe8LmMlnzY3 + zy2Xy4klWOADTPzSv9eamj8V18PHGjBLaVtYvk/ln5ZApjYghf+6fElrmLkdaz + MQ2OCnACR817DF4BBa7UR/beDHyp5iWTXWSi6XmoJLbG9Scqc7l70KDqlvXR3M + /lUUVRbkeg1IPJSidmK3ZyCllh4XSKbje/45SKucHgnwU5jefMtq66gKodQj+M + iA21AfUVe7u99WzTLzY3qlxDhxYQQ20FQ97S+LKUTpQcq27R7AT3/V5hRQxScI + Nqwcz4jYqZD2fQdgxbcDTClU0CRBdiieyLMNzXG3"; + +/* Key for our organization's forward zone */ +example.com. 257 3 5 "AwEAAaxPMcR2x0HbQV4WeZB6oEDX+r0QM65KbhTjrW1ZaARmPhEZZe + 3Y9ifgEuq7vZ/zGZUdEGNWy+JZzus0lUptwgjGwhUS1558Hb4JKUbb + OTcM8pwXlj0EiX3oDFVmjHO444gLkBO UKUf/mC7HvfwYH/Be22GnC + lrinKJp1Og4ywzO9WglMk7jbfW33gUKvirTHr25GL7STQUzBb5Usxt + 8lgnyTUHs1t3JwCY5hKZ6CqFxmAVZP20igTixin/1LcrgX/KMEGd/b + iuvF4qJCyduieHukuY3H4XMAcR+xia2 nIUPvm/oyWR8BW/hWdzOvn + SCThlHf3xiYleDbt/o1OTQ09A0="; + +/* Key for our reverse zone. */ +2.0.192.IN-ADDRPA.NET. 257 3 5 "AQOnS4xn/IgOUpBPJ3bogzwcxOdNax071L18QqZnQQQA + VVr+iLhGTnNGp3HoWQLUIzKrJVZ3zggy3WwNT6kZo6c0 + tszYqbtvchmgQC8CzKojM/W16i6MG/ea fGU3siaOdS0 + yOI6BgPsw+YZdzlYMaIJGf4M4dyoKIhzdZyQ2bYQrjyQ + 4LB0lC7aOnsMyYKHHYeRv PxjIQXmdqgOJGq+vsevG06 + zW+1xgYJh9rCIfnm1GX/KMgxLPG2vXTD/RnLX+D3T3UL + 7HJYHJhAZD5L59VvjSPsZJHeDCUyWYrvPZesZDIRvhDD + 52SKvbheeTJUm6EhkzytNN2SN96QRk8j/iI8ib"; +}; + +options { + ... + dnssec-enable yes; +}; + + + + None of the keys listed in this example are valid. In particular, + the root key is not valid. + @@ -1779,7 +1859,7 @@ ambiguity, and need to be disambiguated. An IP port number. number is limited to 0 through 65535, with values below 1024 typically restricted to use by processes running as root. -In some cases an asterisk (`*') character can be used as a placeholder to +In some cases, an asterisk (`*') character can be used as a placeholder to select a random high-numbered port. @@ -1803,7 +1883,7 @@ separated by semicolons and ending with a semicolon. number -A non-negative 32 bit integer +A non-negative 32-bit integer (i.e., a number between 0 and 4294967295, inclusive). Its acceptable value might further be limited by the context in which it is used. @@ -1930,7 +2010,7 @@ in the C, C++, or shell/perl style. Definition and Usage -Comments may appear anywhere that whitespace may appear in +Comments may appear anywhere that white space may appear in a BIND configuration file. C-style comments start with the two characters /* (slash, star) and end with */ (star, slash). Because they are completely @@ -2018,7 +2098,7 @@ the log messages are sent. lwres configures named to -also act as a light weight resolver daemon (lwresd). +also act as a light-weight resolver daemon (lwresd). masters @@ -2132,7 +2212,7 @@ IPv6 addresses, just like localhost. ip_port on the specified ip_addr, which can be an IPv4 or IPv6 address. An ip_addr - of * is interpreted as the IPv4 wildcard + of * (asterisk) is interpreted as the IPv4 wildcard address; connections will be accepted on any of the system's IPv4 addresses. To listen on the IPv6 wildcard address, use an ip_addr of ::. @@ -2144,7 +2224,7 @@ IPv6 addresses, just like localhost. If no port is specified, port 953 - is used. "*" cannot be used for + is used. The asterisk "*" cannot be used for ip_port. The ability to issue commands over the control channel is @@ -2206,13 +2286,14 @@ installed. permissions set such that only the owner of the file (the user that named is running as) can access it. If you desire greater flexibility in allowing other users to access - rndc commands then you need to create an - rndc.conf and make it group readable by a group + rndc commands, then you need to create a + rndc.conf file and make it group readable by a group that contains the users who should have access. The UNIX control channel type of BIND 8 is not supported - in BIND 9, and is not expected to be added in future - releases. If it is present in the controls statement from a + in BIND 9.0, BIND 9.1, + BIND 9.2 and BIND 9.3. + If it is present in the controls statement from a BIND 8 configuration file, it is ignored and a warning is logged. @@ -2359,8 +2440,8 @@ of the file will be saved each time the file is opened. If you use the versions log file option, then named will retain that many backup versions of the file by -renaming them when opening. For example, if you choose to keep 3 old versions -of the file lamers.log then just before it is opened +renaming them when opening. For example, if you choose to keep three old versions +of the file lamers.log, then just before it is opened lamers.log.1 is renamed to lamers.log.2, lamers.log.0 is renamed to lamers.log.1, and lamers.log is @@ -2436,7 +2517,7 @@ level is set either by starting the named server with the flag followed by a positive integer, or by running rndc trace. The global debug level -can be set to zero, and debugging mode turned off, by running ndc +can be set to zero, and debugging mode turned off, by running rndc notrace. All debugging messages in the server have a debug level, and higher debug levels give more detailed output. Channels that specify a specific debug severity, for example: @@ -2499,7 +2580,7 @@ channel null { The default_debug channel has the special property that it only produces output when the server's debug level is -nonzero. It normally writes to a file named.run +nonzero. It normally writes to a file called named.run in the server's working directory. For security reasons, when the "" @@ -2619,12 +2700,12 @@ the null channel. queries Specify where queries should be logged to. -At startup, specifing the category queries will also +At startup, specifying the category queries will also enable query logging unless querylog option has been specified. -The query log entry reports the client's IP address and port number. The +The query log entry reports the client's IP address and port number, and the query name, class and type. It also reports whether the Recursion Desired flag was set (+ if set, - if not set), EDNS was in use (E) or if the query was signed (S). @@ -2683,8 +2764,8 @@ statement in the named.conf file: <command>lwres</command> Statement Definition and Usage The lwres statement configures the name -server to also act as a lightweight resolver server, see -. There may be be multiple +server to also act as a lightweight resolver server. (See +.) There may be be multiple lwres statements configuring lightweight resolver servers with different properties. @@ -2737,6 +2818,7 @@ statement in the named.conf file: named-xfer path_name; tkey-domain domainname; tkey-dhkey key_name key_tag; + cache-file path_name; dump-file path_name; memstatistics-file path_name; pid-file path_name; @@ -2897,6 +2979,15 @@ public and private keys from files in the working directory. In most cases, the keyname should be the server's host name. + + cache-file + + + This is for testing only. Do not use. + + + + dump-file The pathname of the file the server dumps the database to when instructed to do so with @@ -2925,7 +3016,7 @@ double quotes. to when instructed to do so using rndc stats. If not specified, the default is named.stats in the server's current directory. The format of the file is described -in +in . port @@ -2954,19 +3045,19 @@ is ignored on subsequent reloads. preferred-glue -If specified the listed type (A or AAAA) will be emitted before other glue +If specified, the listed type (A or AAAA) will be emitted before other glue in the additional section of a query response. -The default is not to preference any type (NONE). +The default is not to prefer any type (NONE). root-delegation-only -Turn on enforcement of delegation-only in TLDs and root zones with an optional -exclude list. +Turn on enforcement of delegation-only in TLDs (top level domains) +and root zones with an optional exclude list. -Note some TLDs are NOT delegation only (e.g. "DE", "LV", "US" and "MUSEUM"). +Note some TLDs are not delegation only (e.g. "DE", "LV", "US" and "MUSEUM"). options { @@ -2984,7 +3075,7 @@ Only the most specific will be applied. dnssec-lookaside -When set dnssec-lookaside provides the +When set, dnssec-lookaside provides the validator with an alternate method to validate DNSKEY records at the top of a zone. When a DNSKEY is at or below a domain specified by the deepest dnssec-lookaside, and the normal dnssec validation @@ -2996,10 +3087,10 @@ record does) the DNSKEY RRset is deemed to be trusted. dnssec-must-be-secure -Specify heirarchies which must / may not be secure (signed and validated). -If yes then named will only accept answers if they +Specify heirarchies which must be or may not be secure (signed and validated). +If yes, then named will only accept answers if they are secure. -If no then normal dnssec validation applies +If no, then normal dnssec validation applies allowing for insecure answers to be accepted. The specified domain must be under a trusted-key or dnssec-lookaside must be active. @@ -3026,7 +3117,7 @@ the checks. dialup If yes, then the server treats all zones as if they are doing zone transfers across -a dial on demand dialup link, which can be brought up by traffic +a dial-on-demand dialup link, which can be brought up by traffic originating from this server. This has different effects according to zone type and concentrates the zone maintenance so that it all happens in a short interval, once every heartbeat-interval and @@ -3037,7 +3128,7 @@ may also be specified in the view and zone statements, in which case it overrides the global dialup option. -If the zone is a master zone then the server will send out a NOTIFY +If the zone is a master zone, then the server will send out a NOTIFY request to all the slaves (default). This should trigger the zone serial number check in the slave (providing it supports NOTIFY) allowing the slave to verify the zone while the connection is active. @@ -3129,7 +3220,7 @@ and BIND 9 never does it. flush-zones-on-shutdown When the nameserver exits due receiving SIGTERM, -flush / do not flush any pending zone writes. The default is +flush or do not flush any pending zone writes. The default is flush-zones-on-shutdown no. @@ -3238,7 +3329,7 @@ in . See also See the description of provide-ixfr in - +. request-ixfr @@ -3246,7 +3337,7 @@ See the description of See the description of request-ixfr in - +. treat-cr-as-space @@ -3338,7 +3429,7 @@ The use of this option for any other purpose is discouraged. ixfr-from-differences -When 'yes' and the server loads a new version of a master +When yes and the server loads a new version of a master zone from its zone file or receives a new version of a slave file by a non-incremental zone transfer, it will compare the new version to the previous one and calculate a set @@ -3361,7 +3452,7 @@ difference set. This should be set when you have multiple masters for a zone and the -addresses refer to different machines. If 'yes' named will not log +addresses refer to different machines. If yes, named will not log when the serial number on the master is less than what named currently has. The default is no. @@ -3369,7 +3460,7 @@ has. The default is no. dnssec-enable -Enable DNSSEC support in named. Unless set to yes +Enable DNSSEC support in named. Unless set to yes, named behaves as if it does not support DNSSEC. The default is no. @@ -3377,8 +3468,8 @@ The default is no. querylog -Specify whether query logging should be started when named start. -If querylog is not specified then the query logging +Specify whether query logging should be started when named starts. +If querylog is not specified, then the query logging is determined by the presence of the logging category queries. @@ -3390,10 +3481,10 @@ certain domain names in master files and/or DNS responses received from the network. The default varies according to usage area. For master zones the default is fail. For slave zones the default is warn. -For answer received from the network (response) +For answers received from the network (response) the default is ignore. -The rules for legal hostnames / mail domains are derived from RFC 952 +The rules for legal hostnames and mail domains are derived from RFC 952 and RFC 821 as modified by RFC 1123. check-names applies to the owner names of A, AAA and @@ -3421,8 +3512,8 @@ its cache. forward This option is only meaningful if the forwarders list is not empty. A value of first, -the default, causes the server to query the forwarders first, and -if that doesn't answer the question the server will then look for +the default, causes the server to query the forwarders first — and +if that doesn't answer the question, the server will then look for the answer itself. If only is specified, the server will only query the forwarders. @@ -3448,10 +3539,10 @@ on the host machine. dual-stack-servers -Specifies host names / addresses of machines with access to -both IPv4 and IPv6 transports. If a hostname is used the server must be able +Specifies host names or addresses of machines with access to +both IPv4 and IPv6 transports. If a hostname is used, the server must be able to resolve the name using only the transport it has. If the machine is dual -stacked then the dual-stack-servers have no effect unless +stacked, then the dual-stack-servers have no effect unless access to a transport has been disabled on the command line (e.g. named -4). @@ -3600,12 +3691,12 @@ the server will not listen on any IPv6 address. query other name servers. query-source specifies the address and port used for such queries. For queries sent over IPv6, there is a separate query-source-v6 option. -If address is * or is omitted, +If address is * (asterisk) or is omitted, a wildcard IP address (INADDR_ANY) will be used. If port is * or is omitted, -a random unprivileged port will be used, avoid-v4-udp-ports -and avoid-v6-udp-ports can be used to prevent named -from selecting certain ports. The defaults are +a random unprivileged port will be used. The avoid-v4-udp-ports +and avoid-v6-udp-ports options can be used to prevent named +from selecting certain ports. The defaults are: query-source address * port *; query-source-v6 address * port *; @@ -3617,6 +3708,12 @@ unprivileged port. See also transfer-source and notify-source. + + + Solaris 2.5.1 and earlier does not support setting the source + address for TCP sockets. + + Zone Transfers @@ -3699,7 +3796,8 @@ resource record transferred. possible into a message. many-answers is more efficient, but is only supported by relatively new slave servers, such as BIND 9, BIND 8.x and patched -versions of BIND 4.9.5. The default is +versions of BIND 4.9.5. The many-answers +format is also supported by recent Microsoft Windows nameservers. The default is many-answers. transfer-format may be overridden on a per-server basis by using the server statement. @@ -3763,7 +3861,7 @@ except zone transfers are performed using IPv6. If you do not wish the alternate transfer source - to be used you should set + to be used, you should set use-alt-transfer-source appropriately and you should not depend upon getting a answer back to the first refresh @@ -3791,9 +3889,15 @@ send NOTIFY messages. This address must appear in the slave server's masters zone clause or in an allow-notify clause. This statement sets the notify-source for all zones, -but can be overridden on a per-zone / per-view basis by including a +but can be overridden on a per-zone or per-view basis by including a notify-source statement within the zone or view block in the configuration file. + + + Solaris 2.5.1 and earlier does not support setting the + source address for TCP sockets. + + notify-source-v6 @@ -3827,8 +3931,8 @@ example, 1G can be used instead of 1073741824 to specify a limit of one gigabyte. unlimited requests unlimited use, or the maximum available amount. default uses the limit -that was in force when the server was started. See the description of -size_spec in size_spec in . The following options set operating system resource limits for @@ -3894,14 +3998,14 @@ function in BIND 8. max-journal-size Sets a maximum size for each journal file -(). When the journal file approaches +(see ). When the journal file approaches the specified size, some of the oldest transactions in the journal will be automatically removed. The default is unlimited. host-statistics-max -In BIND 8, specifies the maximum number of host statistic +In BIND 8, specifies the maximum number of host statistics entries to be kept. Not implemented in BIND 9. @@ -3954,7 +4058,7 @@ silently raised. The server will remove expired resource records from the cache every cleaning-interval minutes. The default is 60 minutes. The maximum value is 28 days (40320 minutes). -If set to 0, no periodic cleaning will occur. +If set to 0, no periodic cleaning will occur. heartbeat-interval @@ -4033,7 +4137,7 @@ statement in ). The client resolver code should rearrange the RRs as appropriate, that is, using any addresses on the local net in preference to other addresses. However, not all resolvers can do this or are correctly configured. -When a client is using a local server the sorting can be performed +When a client is using a local server, the sorting can be performed in the server, based on the client's address. This only requires configuring the name servers, not all the clients. @@ -4113,7 +4217,7 @@ See also the sortlist statement, If no class is specified, the default is ANY. If no type is specified, the default is ANY. -If no name is specified, the default is "*". +If no name is specified, the default is "*" (asterisk). The legal values for ordering are: @@ -4163,13 +4267,13 @@ BIND 9 currently does not support "fixed" ordering. Sets the number of seconds to cache a lame server indication. 0 disables caching. (This is NOT recommended.) -Default is 600 (10 minutes). Maximum value is +The default is 600 (10 minutes) and the maximum value is 1800 (30 minutes). max-ncache-ttl -To reduce network traffic and increase performance +To reduce network traffic and increase performance, the server stores negative answers. max-ncache-ttl is used to set a maximum retention time for these answers in the server in seconds. The default @@ -4179,17 +4283,17 @@ be silently truncated to 7 days if set to a greater value. max-cache-ttl -max-cache-ttl sets +Sets the maximum time for which the server will cache ordinary (positive) answers. The default is one week (7 days). min-roots The minimum number of root servers that -is required for a request for the root servers to be accepted. Default +is required for a request for the root servers to be accepted. The default is 2. -Not implemented in BIND9. +Not implemented in BIND 9. sig-validity-interval @@ -4224,9 +4328,9 @@ and clamp the SOA refresh and retry times to the specified values. edns-udp-size edns-udp-size sets the advertised EDNS UDP buffer -size. Valid values are 512 to 4096 (values outside this range will be +size in bytes. Valid values are 512 to 4096 bytes (values outside this range will be silently adjusted). The default value is 4096. The usual reason for -setting edns-udp-size to a non default value it to get UDP answers to +setting edns-udp-size to a non-default value it to get UDP answers to pass through broken firewalls that block fragmented packets and/or block UDP packets that are greater than 512 bytes. @@ -4266,7 +4370,7 @@ disables processing of the queries. the name hostname.bind with type TXT, class CHAOS. This defaults to the hostname of the machine hosting the name server as -found by gethostname(). The primary purpose of such queries is to +found by the gethostname() function. The primary purpose of such queries is to identify which of a group of anycast servers is actually answering your queries. Specifying hostname none; disables processing of the queries. @@ -4281,7 +4385,7 @@ identify which of a group of anycast servers is actually answering your queries. Specifying server-id none; disables processing of the queries. Specifying server-id hostname; will cause named to -use the hostname as found by gethostname(). +use the hostname as found by the gethostname() function. The default server-id is none. @@ -4297,16 +4401,25 @@ The default server-id is none. is similar, but not identical, to that generated by BIND 8. -The statistics dump begins with the line +++ Statistics Dump -+++ (973798949), where the number in parentheses is a standard +The statistics dump begins with a line, like: + + +++ Statistics Dump +++ (973798949) + + The numberr in parentheses is a standard Unix-style timestamp, measured as seconds since January 1, 1970. Following that line are a series of lines containing a counter type, the value of the counter, optionally a zone name, and optionally a view name. The lines without view and zone listed are global statistics for the entire server. Lines with a zone and view name for the given view and zone (the view name is -omitted for the default view). The statistics dump ends -with the line --- Statistics Dump --- (973798949), where the -number is identical to the number in the beginning line. +omitted for the default view). + + +The statistics dump ends with the line where the +number is identical to the number in the beginning line; for example: + + +--- Statistics Dump --- (973798949) + The following statistics counters are maintained: transfer-source can be specified. Similarly, for an IPv6 remote server, only transfer-source-v6 can be specified. -Form more details, see the description of +For more details, see the description of transfer-source and transfer-source-v6 in . @@ -4479,19 +4592,37 @@ Form more details, see the description of }; -<command>trusted-keys</command> Statement Definition -and Usage -The trusted-keys statement defines DNSSEC -security roots. DNSSEC is described in . A security root is defined when the public key for a non-authoritative -zone is known, but cannot be securely obtained through DNS, either -because it is the DNS root zone or because its parent zone is unsigned. -Once a key has been configured as a trusted key, it is treated as -if it had been validated and proven secure. The resolver attempts -DNSSEC validation on all DNS data in subdomains of a security root. -The trusted-keys statement can contain -multiple key entries, each consisting of the key's domain name, -flags, protocol, algorithm, and the base-64 representation of the -key data. + + + <command>trusted-keys</command> Statement Definition + and Usage + + The trusted-keys statement defines + DNSSEC security roots. DNSSEC is described in . A security root is defined when the + public key for a non-authoritative zone is known, but + cannot be securely obtained through DNS, either because + it is the DNS root zone or because its parent zone is + unsigned. Once a key has been configured as a trusted + key, it is treated as if it had been validated and + proven secure. The resolver attempts DNSSEC validation + on all DNS data in subdomains of a security root. + + + All keys (and corresponding zones) listed in + trusted-keys are deemed to exist regardless + of what parent zones say. Similarly for all keys listed in + trusted-keys only those keys are + used to validate the DNSKEY RRset. The parent's DS RRset + will not be used. + + + The trusted-keys statement can contain + multiple key entries, each consisting of the key's + domain name, flags, protocol, algorithm, and the Base-64 + representation of the key data. + + <command>view</command> Statement Grammar @@ -4557,7 +4688,7 @@ statements are present, all zone statements must occur inside view statements. Here is an example of a typical split DNS setup implemented -using view statements. +using view statements: view "internal" { // This should match our internal networks. match-clients { 10.0.0.0/8; }; @@ -4591,18 +4722,47 @@ view "external" { <command>zone</command> Statement Grammar - zone zone_name class { - type ( master | slave | hint | stub | forward | delegation-only ) ; - allow-notify { address_match_list } ; +zone zone_name class { + type master; allow-query { address_match_list } ; allow-transfer { address_match_list } ; allow-update { address_match_list } ; update-policy { update_policy_rule ... } ; + also-notify { ip_addr port ip_port ; ip_addr port ip_port ; ... }; + check-names (warn|fail|ignore) ; + dialup dialup_option ; + file string ; + forward (only|first) ; + forwarders { ip_addr port ip_port ; ... }; + ixfr-base string ; + ixfr-tmp-file string ; + maintain-ixfr-base yes_or_no ; + max-ixfr-log-size number ; + max-transfer-idle-out number ; + max-transfer-time-out number ; + notify yes_or_no | explicit ; + pubkey number number number string ; + notify-source (ip4_addr | *) port ip_port ; + notify-source-v6 (ip6_addr | *) port ip_port ; + zone-statistics yes_or_no ; + sig-validity-interval number ; + database string ; + min-refresh-time number ; + max-refresh-time number ; + min-retry-time number ; + max-retry-time number ; + key-directory path_name; +}; + +zone zone_name class { + type slave; + allow-notify { address_match_list } ; + allow-query { address_match_list } ; + allow-transfer { address_match_list } ; allow-update-forwarding { address_match_list } ; also-notify { ip_addr port ip_port ; ip_addr port ip_port ; ... }; check-names (warn|fail|ignore) ; dialup dialup_option ; - delegation-only yes_or_no ; file string ; forward (only|first) ; forwarders { ip_addr port ip_port ; ... }; @@ -4625,6 +4785,40 @@ Statement Grammar notify-source (ip4_addr | *) port ip_port ; notify-source-v6 (ip6_addr | *) port ip_port ; zone-statistics yes_or_no ; + database string ; + min-refresh-time number ; + max-refresh-time number ; + min-retry-time number ; + max-retry-time number ; + multi-master yes_or_no ; +}; + +zone zone_name class { + type hint; + file string ; + delegation-only yes_or_no ; + check-names (warn|fail|ignore) ; // Not Implemented. +}; + +zone zone_name class { + type stub; + allow-query { address_match_list } ; + check-names (warn|fail|ignore) ; + dialup dialup_option ; + delegation-only yes_or_no ; + file string ; + forward (only|first) ; + forwarders { ip_addr port ip_port ; ... }; + masters port ip_port { ( masters_list | ip_addr port ip_port key key ) ; ... } ; + max-transfer-idle-in number ; + max-transfer-time-in number ; + pubkey number number number string ; + transfer-source (ip4_addr | *) port ip_port ; + transfer-source-v6 (ip6_addr | *) port ip_port ; + alt-transfer-source (ip4_addr | *) port ip_port ; + alt-transfer-source-v6 (ip6_addr | *) port ip_port ; + use-alt-transfer-source yes_or_no; + zone-statistics yes_or_no ; sig-validity-interval number ; database string ; min-refresh-time number ; @@ -4632,9 +4826,18 @@ Statement Grammar min-retry-time number ; max-retry-time number ; multi-master yes_or_no ; - key-directory path_name; +}; -}; +zone zone_name class { + type forward; + forward (only|first) ; + forwarders { ip_addr port ip_port ; ... }; + delegation-only yes_or_no ; +}; + +zone zone_name class { + type delegation-only; +}; <command>zone</command> Statement Definition and Usage @@ -4664,10 +4867,10 @@ Authentication to the master can also be done with per-server TSIG keys. If a file is specified, then the replica will be written to this file whenever the zone is changed, and reloaded from this file on a server restart. Use of a file is -recommended, since it often speeds server start-up and eliminates +recommended, since it often speeds server startup and eliminates a needless waste of bandwidth. Note that for large numbers (in the tens or hundreds of thousands) of zones per server, it is best to -use a two level naming scheme for zone file names. For example, +use a two-level naming scheme for zone file names. For example, a slave server for the zone example.com might place the zone contents into a file called ex/example.com where ex/ is @@ -4701,7 +4904,7 @@ configured. Stub zones can also be used as a way of forcing the resolution of a given domain to use a particular set of authoritative servers. For example, the caching name servers on a private network using -RFC1981 addressing may be configured with stub zones for +RFC1918 addressing may be configured with stub zones for 10.in-addr.arpa to use a set of internal name servers as the authoritative servers for that domain. @@ -4718,8 +4921,8 @@ an empty list for forwarders is given, then no forwarding will be done for the domain, canceling the effects of any forwarders in the options statement. Thus if you want to use this type of zone to change the behavior of the -global forward option (that is, "forward first -to", then "forward only", or vice versa, but want to use the same +global forward option (that is, "forward first" +to, then "forward only", or vice versa, but want to use the same servers as set globally) you need to re-specify the global forwarders. @@ -4734,11 +4937,11 @@ Classes other than IN have no built-in defaults hints. delegation-only -This is used to enforce the delegation only +This is used to enforce the delegation-only status of infrastructure zones (e.g. COM, NET, ORG). Any answer that -is received without a explicit or implicit delegation in the authority +is received without an explicit or implicit delegation in the authority section will be treated as NXDOMAIN. This does not apply to the zone -apex. This SHOULD NOT be applied to leaf zones. +apex. This should not be applied to leaf zones. delegation-only has no effect on answers received from forwarders. @@ -4765,12 +4968,12 @@ in the mid-1970s. Zone data for it can be specified with the CHAOSallow-notify See the description of -allow-notify in +allow-notify in . allow-query See the description of -allow-query in +allow-query in . allow-transfer @@ -4840,7 +5043,7 @@ with the distribution but none are linked in by default. delegation-only The flag only applies to hint and stub zones. If set -to yes then the zone will also be treated as if it +to yes, then the zone will also be treated as if it is also a delegation-only type zone. @@ -4855,7 +5058,7 @@ allow a normal lookup to be tried. forwarders Used to override the list of global forwarders. If it is not specified in a zone of type forward, -no forwarding is done for the zone; the global options are not used. +no forwarding is done for the zone and the global options are not used. ixfr-base @@ -4916,31 +5119,31 @@ information for this zone, which can be dumped to the transfer-source See the description of -transfer-source in +transfer-source in . transfer-source-v6 See the description of -transfer-source-v6 in +transfer-source-v6 in . alt-transfer-source See the description of -alt-transfer-source in +alt-transfer-source in . alt-transfer-source-v6 See the description of -alt-transfer-source-v6 in +alt-transfer-source-v6 in . use-alt-transfer-source See the description of -use-alt-transfer-source in +use-alt-transfer-source in . @@ -4973,7 +5176,7 @@ See the description in . key-directory See the description of -key-directory in +key-directory in . multi-master @@ -5113,19 +5316,19 @@ and implemented in the DNS. These are also included. type -an encoded 16 bit value that specifies +an encoded 16-bit value that specifies the type of the resource record. TTL -the time to live of the RR. This field -is a 32 bit integer in units of seconds, and is primarily used by +the time-to-live of the RR. This field +is a 32-bit integer in units of seconds, and is primarily used by resolvers when they cache RRs. The TTL describes how long a RR can be cached before it should be discarded. class -an encoded 16 bit value that identifies +an encoded 16-bit value that identifies a protocol family or instance of a protocol. @@ -5217,7 +5420,7 @@ Experimental. MX identifies a mail exchange for the domain. -a 16 bit preference value (lower is better) +A 16-bit preference value (lower is better) followed by the host name of the mail exchange. Described in RFC 974, RFC 1035. @@ -5409,10 +5612,10 @@ knowledge of the typical representation for the data. -The MX RRs have an RDATA section which consists of a 16 bit +The MX RRs have an RDATA section which consists of a 16-bit number followed by a domain name. The address RRs use a standard -IP address format to contain a 32 bit internet address. -This example shows six RRs, with two RRs at each of three +IP address format to contain a 32-bit internet address. +The above example shows six RRs, with two RRs at each of three domain names. Similarly we might see: any order), and if neither of those succeed, delivery to mail.backup.org will be attempted. Setting TTLs -The time to live of the RR field is a 32 bit integer represented +The time-to-live of the RR field is a 32-bit integer represented in units of seconds, and is primarily used by resolvers when they cache RRs. The TTL describes how long a RR can be cached before it should be discarded. The following three types of TTL are currently @@ -5647,13 +5850,14 @@ $GENERATE 1-127 $ CNAME $.0 range This can be one of two forms: start-stop -or start-stop/step. If the first form is used then step is set to +or start-stop/step. If the first form is used, then step is set to 1. All of start, stop and step must be positive. lhs lhs describes the -owner name of the resource records to be created. Any single $ symbols +owner name of the resource records to be created. Any single +$ (dollar sign) symbols within the lhs side are replaced by the iterator value. To get a $ in the output you need to escape the $ @@ -5662,20 +5866,20 @@ e.g. \$. The $ may optionally be followed by modifiers which change the offset from the iterator, field width and base. Modifiers are introduced by a { immediately following the $ as ${offset[,width[,base]]}. -e.g. ${-20,3,d} which subtracts 20 from the current value, -prints the result as a decimal in a zero padded field of with 3. Available +For example, ${-20,3,d} which subtracts 20 from the current value, +prints the result as a decimal in a zero-padded field of width 3. Available output forms are decimal (d), octal (o) and hexadecimal (x or X for uppercase). The default modifier is ${0,0,d}. If the lhs is not absolute, the current $ORIGIN is appended to the name. -For compatibility with earlier versions $$ is still -recognized a indicating a literal $ in the output. +For compatibility with earlier versions, $$ is still +recognized as indicating a literal $ in the output. ttl - ttl specifies the + Specifies the ttl of the generated records. If not specified this will be inherited using the normal ttl inheritance rules. class and ttl can be @@ -5683,7 +5887,7 @@ recognized a indicating a literal $ in the output. class - class specifies the + Specifies the class of the generated records. This must match the zone class if it is specified. class and ttl can be @@ -5696,7 +5900,7 @@ PTR, CNAME, DNAME, A, AAAA and NS. rhs - rhs is a domain name. It is processed + A domain name. It is processed similarly to lhs. @@ -5719,13 +5923,14 @@ your name server, without cluttering up your config files with huge lists of IP addresses. It is a good idea to use ACLs, and to control access to your server. Limiting access to your server by -outside parties can help prevent spoofing and DoS attacks against -your server. +outside parties can help prevent spoofing and denial of service (DoS) +attacks against your server. Here is an example of how to properly apply ACLs: // Set up an ACL named "bogusnets" that will block RFC1918 space, // which is commonly used in spoofing attacks. acl bogusnets { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; }; + // Set up an ACL called our-nets. Replace this with the real IP numbers. acl our-nets { x.x.x.x/24; x.x.x.x/21; }; options { @@ -5737,6 +5942,7 @@ options { blackhole { bogusnets; }; ... }; + zone "example.com" { type master; file "m/example.com"; @@ -5751,20 +5957,20 @@ see the AUSCERT advisory at <command>chroot</command> and <command>setuid</command> (for UNIX servers) On UNIX servers, it is possible to run BIND in a chrooted environment -(chroot()) by specifying the "" +(using the chroot() function) by specifying the "" option. This can help improve system security by placing BIND in a "sandbox", which will limit the damage done if a server is compromised. Another useful feature in the UNIX version of BIND is the ability to run the daemon as an unprivileged user ( user ). We suggest running as an unprivileged user when using the chroot feature. -Here is an example command line to load BIND in a chroot() sandbox, +Here is an example command line to load BIND in a chroot sandbox, /var/named, and to run named setuid to user 202: /usr/local/bin/named -u 202 -t /var/named The <command>chroot</command> Environment -In order for a chroot() environment to +In order for a chroot environment to work properly in a particular directory (for example, /var/named), you will need to set up an environment that includes everything @@ -5782,7 +5988,7 @@ However, depending on your operating system, you may need to set up things like /dev/zero, /dev/random, -/dev/log, and/or +/dev/log, and /etc/localtime. @@ -5804,7 +6010,7 @@ server is reloaded. Access to the dynamic update facility should be strictly limited. In earlier versions of -BIND the only way to do this was based on the IP +BIND, the only way to do this was based on the IP address of the host requesting the update, by listing an IP address or network prefix in the allow-update zone option. This method is insecure since the source address of the update UDP packet @@ -5822,7 +6028,7 @@ list only TSIG key names, not IP addresses or network prefixes. Alternatively, the new update-policy option can be used. -Some sites choose to keep all dynamically updated DNS data +Some sites choose to keep all dynamically-updated DNS data in a subdomain and delegate that subdomain to a separate zone. This way, the top-level zone containing critical data such as the IP addresses of public web and mail servers need not allow dynamic update at @@ -5901,7 +6107,7 @@ all. core of the new system was described in 1983 in RFCs 882 and 883. From 1984 to 1987, the ARPAnet (the precursor to today's Internet) became a testbed of experimentation for developing the - new naming/addressing scheme in an rapidly expanding, + new naming/addressing scheme in a rapidly expanding, operational network environment. New RFCs were written and published in 1987 that modified the original documents to incorporate improvements based on the working model. RFC 1034, @@ -5919,7 +6125,10 @@ Center (SRI-NIC). A DNS server for Unix machines, the Berkele Name Domain (BIND) package, was written soon after by a group of graduate students at the University of California at Berkeley under a grant from the US Defense Advanced Research Projects Administration -(DARPA). Versions of BIND through 4.8.3 were maintained by the Computer +(DARPA). + + +Versions of BIND through 4.8.3 were maintained by the Computer Systems Research Group (CSRG) at UC Berkeley. Douglas Terry, Mark Painter, David Riggle and Songnian Zhou made up the initial BIND project team. After that, additional work on the software package @@ -5931,12 +6140,12 @@ Mike Muuss, Jim Bloom and Mike Schwartz. BIND maintenance was handled by Mike Karels and O. Kure. BIND versions 4.9 and 4.9.1 were released by Digital Equipment Corporation (now Compaq Computer Corporation). Paul Vixie, then -a DEC employee, became BIND's primary caretaker. Paul was assisted +a DEC employee, became BIND's primary caretaker. He was assisted by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan Beecher, Andrew Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat Baran, Anant Kumar, Art Harkin, Win Treese, Don Lewis, Christophe Wolfhugel, and others. - BIND Version 4.9.2 was sponsored by Vixie Enterprises. Paul + BIND version 4.9.2 was sponsored by Vixie Enterprises. Paul Vixie became BIND's principal architect/programmer. BIND versions from 4.9.3 onward have been developed and maintained by the Internet Software Consortium with support being provided diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch01.html b/contrib/bind9/doc/arm/Bv9ARM.ch01.html index 37f1eec39ab..3f3aebb10c4 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch01.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch01.html @@ -1,5 +1,5 @@ - + Chapter 1. Introduction - + @@ -45,51 +45,51 @@

Table of Contents

-
Scope of Document
-
Organization of This Document
-
Conventions Used in This Document
-
The Domain Name System (DNS)
+
Scope of Document
+
Organization of This Document
+
Conventions Used in This Document
+
The Domain Name System (DNS)
-
DNS Fundamentals
-
Domains and Domain Names
-
Zones
-
Authoritative Name Servers
-
Caching Name Servers
-
Name Servers in Multiple Roles
+
DNS Fundamentals
+
Domains and Domain Names
+
Zones
+
Authoritative Name Servers
+
Caching Name Servers
+
Name Servers in Multiple Roles
-

The Internet Domain Name System (DNS) consists of the syntax +

The Internet Domain Name System (DNS) consists of the syntax to specify the names of entities in the Internet in a hierarchical manner, the rules used for delegating authority over names, and the system implementation that actually maps names to Internet - addresses. DNS data is maintained in a group of distributed + addresses. DNS data is maintained in a group of distributed hierarchical databases.

-Scope of Document

-

The Berkeley Internet Name Domain (BIND) implements an +Scope of Document

+

The Berkeley Internet Name Domain (BIND) implements a domain name server for a number of operating systems. This document provides basic information about the installation and - care of the Internet Software Consortium (ISC) - BIND version 9 software package for system + care of the Internet Software Consortium (ISC) + BIND version 9 software package for system administrators.

This version of the manual corresponds to BIND version 9.3.

-Organization of This Document

+Organization of This Document

In this document, Section 1 introduces - the basic DNS and BIND concepts. Section 2 - describes resource requirements for running BIND in various + the basic DNS and BIND concepts. Section 2 + describes resource requirements for running BIND in various environments. Information in Section 3 is task-oriented in its presentation and is organized functionally, to aid in the process of installing the - BIND 9 software. The task-oriented section is followed by + BIND 9 software. The task-oriented section is followed by Section 4, which contains more advanced concepts that the system administrator may need for implementing certain options. Section 5 - describes the BIND 9 lightweight + describes the BIND 9 lightweight resolver. The contents of Section 6 are organized as in a reference manual to aid in the ongoing maintenance of the software. Section 7 @@ -98,12 +98,12 @@ main body of the document is followed by several Appendices which contain useful reference information, such as a Bibliography and - historic information related to BIND and the Domain Name + historic information related to BIND and the Domain Name System.

-Conventions Used in This Document

+Conventions Used in This Document

In this document, we use the following general typographic conventions:

@@ -140,7 +140,7 @@ input

The following conventions are used in descriptions of the -BIND configuration file:

+BIND configuration file:

@@ -169,15 +169,15 @@ describe:

-The Domain Name System (DNS)

+The Domain Name System (DNS)

The purpose of this document is to explain the installation -and upkeep of the BIND software package, and we +and upkeep of the BIND software package, and we begin by reviewing the fundamentals of the Domain Name System -(DNS) as they relate to BIND. +(DNS) as they relate to BIND.

-DNS Fundamentals

+DNS Fundamentals

The Domain Name System (DNS) is the hierarchical, distributed database. It stores information for mapping Internet host names to IP addresses and vice versa, mail routing information, and other data @@ -185,14 +185,14 @@ used by Internet applications.

Clients look up information in the DNS by calling a resolver library, which sends queries to one or more name servers and interprets the responses. -The BIND 9 software distribution contains a +The BIND 9 software distribution contains a name server, named, and two resolver libraries, liblwres and libbind.

-Domains and Domain Names

+Domains and Domain Names

The data stored in the DNS is identified by domain names that are organized as a tree according to organizational or administrative boundaries. Each node of the tree, @@ -220,7 +220,7 @@ server, which answers queries about the zone using the DNS protocol.

The data associated with each domain name is stored in the -form of resource records (RRs). +form of resource records (RRs). Some of the supported resource record types are described in the section called “Types of Resource Records and When to Use Them”.

For more detailed information about the design of the DNS and @@ -229,12 +229,12 @@ the DNS protocol, please refer to the standards documents listed in

-Zones

+Zones

To properly operate a name server, it is important to understand the difference between a zone and a domain.

As we stated previously, a zone is a point of delegation in -the DNS tree. A zone consists of +the DNS tree. A zone consists of those contiguous parts of the domain tree for which a name server has complete information and over which it has authority. It contains all domain names from a certain point @@ -252,7 +252,7 @@ only delegations for the aaa.example.com and bbb.example.com zones. A zone can map exactly to a single domain, but could also include only part of a domain, the rest of which could be delegated to other -name servers. Every name in the DNS tree is a +name servers. Every name in the DNS tree is a domain, even if it is terminal, that is, has no subdomains. Every subdomain is a domain and @@ -260,7 +260,7 @@ every domain except the root is also a subdomain. The terminology is not intuitive and we suggest that you read RFCs 1033, 1034 and 1035 to gain a complete understanding of this difficult and subtle topic.

-

Though BIND is called a "domain name server", +

Though BIND is called a "domain name server", it deals primarily in terms of zones. The master and slave declarations in the named.conf file specify zones, not domains. When you ask some other site if it is willing to @@ -269,7 +269,7 @@ actually asking for slave service for some collection of zones.

-Authoritative Name Servers

+Authoritative Name Servers

Each zone is served by at least one authoritative name server, which contains the complete data for the zone. @@ -282,7 +282,7 @@ easy to identify when debugging DNS configurations using tools like dig (the section called “Diagnostic Tools”).

-The Primary Master

+The Primary Master

The authoritative server where the master copy of the zone data is maintained is called the primary master server, or simply the @@ -293,7 +293,7 @@ the zone file or <

-Slave Servers

+Slave Servers

The other authoritative servers, the slave servers (also known as secondary servers) load the zone contents from another server using a replication process @@ -304,7 +304,7 @@ may itself act as a master to a subordinate slave server.

-Stealth Servers

+Stealth Servers

Usually all of the zone's authoritative servers are listed in NS records in the parent zone. These NS records constitute a delegation of the zone from the parent. @@ -329,7 +329,7 @@ with the outside world.

-Caching Name Servers

+Caching Name Servers

The resolver libraries provided by most operating systems are stub resolvers, meaning that they are not capable of performing the full DNS resolution process by themselves by talking @@ -343,12 +343,12 @@ caching are intimately connected, the terms recursive server and caching server are often used synonymously.

The length of time for which a record may be retained in -in the cache of a caching name server is controlled by the +the cache of a caching name server is controlled by the Time To Live (TTL) field associated with each resource record.

-Forwarding

+Forwarding

Even a caching name server does not necessarily perform the complete recursive lookup itself. Instead, it can forward some or all of the queries @@ -360,9 +360,9 @@ and they are queried in turn until the list is exhausted or an answer is found. Forwarders are typically used when you do not wish all the servers at a given site to interact directly with the rest of the Internet servers. A typical scenario would involve a number -of internal DNS servers and an Internet firewall. Servers unable +of internal DNS servers and an Internet firewall. Servers unable to pass packets through the firewall would forward to the server -that can do it, and that server would query the Internet DNS servers +that can do it, and that server would query the Internet DNS servers on the internal server's behalf. An added benefit of using the forwarding feature is that the central machine develops a much more complete cache of information that all the clients can take advantage @@ -371,8 +371,8 @@ of.

-Name Servers in Multiple Roles

-

The BIND name server can simultaneously act as +Name Servers in Multiple Roles

+

The BIND name server can simultaneously act as a master for some zones, a slave for other zones, and as a caching (recursive) server for a set of local clients.

However, since the functions of authoritative name service @@ -404,7 +404,7 @@ be placed inside a firewall.

- +
BIND 9 Administrator Reference Manual  Home Chapter 2. BIND Resource Requirements Chapter 2. BIND Resource Requirements
diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch02.html b/contrib/bind9/doc/arm/Bv9ARM.ch02.html index d3e946ad770..d1e3445d9c1 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch02.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch02.html @@ -1,5 +1,5 @@ - + Chapter 2. BIND Resource Requirements - + @@ -28,7 +28,7 @@
- + @@ -41,44 +41,44 @@

-Chapter 2. BIND Resource Requirements

+Chapter 2. BIND Resource Requirements

Table of Contents

-
Hardware requirements
-
CPU Requirements
-
Memory Requirements
-
Name Server Intensive Environment Issues
-
Supported Operating Systems
+
Hardware requirements
+
CPU Requirements
+
Memory Requirements
+
Name Server Intensive Environment Issues
+
Supported Operating Systems

-Hardware requirements

-

DNS hardware requirements have traditionally been quite modest. +Hardware requirements

+

DNS hardware requirements have traditionally been quite modest. For many installations, servers that have been pensioned off from -active duty have performed admirably as DNS servers.

-

The DNSSEC and IPv6 features of BIND 9 may prove to be quite +active duty have performed admirably as DNS servers.

+

The DNSSEC and IPv6 features of BIND 9 may prove to be quite CPU intensive however, so organizations that make heavy use of these features may wish to consider larger systems for these applications. -BIND 9 is fully multithreaded, allowing full utilization of +BIND 9 is fully multithreaded, allowing full utilization of multiprocessor systems for installations that need it.

-CPU Requirements

-

CPU requirements for BIND 9 range from i486-class machines +CPU Requirements

+

CPU requirements for BIND 9 range from i486-class machines for serving of static zones without caching, to enterprise-class machines if you intend to process many dynamic updates and DNSSEC signed zones, serving many thousands of queries per second.

-Memory Requirements

+Memory Requirements

The memory of the server has to be large enough to fit the cache and zones loaded off disk. The max-cache-size option can be used to limit the amount of memory used by the cache, -at the expense of reducing cache hit rates and causing more DNS +at the expense of reducing cache hit rates and causing more DNS traffic. It is still good practice to have enough memory to load all zone and cache data into memory — unfortunately, the best way to determine this for a given installation is to watch the name server @@ -88,7 +88,7 @@ fast as they are being inserted.

-Name Server Intensive Environment Issues

+Name Server Intensive Environment Issues

For name server intensive environments, there are two alternative configurations that may be used. The first is where clients and any second-level internal name servers query a main name server, which @@ -102,8 +102,8 @@ as none of the name servers share their cached data.

-Supported Operating Systems

-

ISC BIND 9 compiles and runs on a large number +Supported Operating Systems

+

ISC BIND 9 compiles and runs on a large number of Unix-like operating system and on Windows NT / 2000. For an up-to-date list of supported systems, see the README file in the top level directory of the BIND 9 source distribution.

diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch03.html b/contrib/bind9/doc/arm/Bv9ARM.ch03.html index 4d6d93be1f1..399c8269d2d 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch03.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch03.html @@ -1,5 +1,5 @@ - +Chapter 3. Name Server Configuration - + @@ -47,14 +47,14 @@
Sample Configurations
-
A Caching-only Name Server
-
An Authoritative-only Name Server
+
A Caching-only Name Server
+
An Authoritative-only Name Server
-
Load Balancing
-
Name Server Operations
+
Load Balancing
+
Name Server Operations
-
Tools for Use With the Name Server Daemon
-
Signals
+
Tools for Use With the Name Server Daemon
+
Signals
@@ -66,7 +66,7 @@ option setting.

Sample Configurations

-A Caching-only Name Server

+A Caching-only Name Server

The following sample configuration is appropriate for a caching-only name server for use by clients internal to a corporation. All queries from outside clients are refused using the allow-query @@ -89,7 +89,7 @@ zone "0.0.127.in-addr.arpa" {

-An Authoritative-only Name Server

+An Authoritative-only Name Server

This sample configuration is for an authoritative-only server that is the master server for "example.com" and a slave for the subdomain "eng.example.com".

@@ -128,9 +128,9 @@ zone "eng.example.com" {

-Load Balancing

+Load Balancing

A primitive form of load balancing can be achieved in -the DNS by using multiple A records for one name.

+the DNS by using multiple A records for one name.

For example, if you have three WWW servers with network addresses of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the following means that clients will connect to each machine one third @@ -174,7 +174,7 @@ of the time:

Chapter 2. BIND Resource Requirements
Chapter 2. BIND Resource Requirements
Prev 
-

When a resolver queries for these records, BIND will rotate +

When a resolver queries for these records, BIND will rotate them and respond to the query with the records in a different order. In the example above, clients will randomly receive records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients @@ -184,15 +184,15 @@ of the time:

options statement, see RRset Ordering. This substatement is not supported in - BIND 9, and only the ordering scheme described above is + BIND 9, and only the ordering scheme described above is available.

-Name Server Operations

+Name Server Operations

-Tools for Use With the Name Server Daemon

+Tools for Use With the Name Server Daemon

There are several indispensable diagnostic, administrative and monitoring tools available to the system administrator for controlling and debugging the name server daemon. We describe several in this @@ -237,7 +237,7 @@ and non-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non-interactive mode is used to print just the name and requested information for a host or domain.

-

nslookup [-option...] [[host-to-find] | [- [server]]]

+

nslookup [-option...] [[host-to-find] | [- [server]]]

Interactive mode is entered when no arguments are given (the default name server will be used) or when the first argument is a hyphen (`-') and the second argument is the host name or Internet address @@ -283,7 +283,7 @@ of a server.

If you run rndc without any options it will display a usage message as follows:

rndc [-c config] [-s server] [-p port] [-y key] command [command...]

-

command is one of the following:

+

The command is one of the following:

reload

Reload configuration file and zones.

@@ -302,7 +302,7 @@ of a server.

freeze [zone [class [view]]]
-

Suspend updates to a dynamic zone. If no zone is specified +

Suspend updates to a dynamic zone. If no zone is specified, then all zones are suspended. This allows manual edits to be made to a zone normally updated by dynamic update. It also causes changes in the journal file to be synced into the master @@ -312,14 +312,10 @@ of a server.

[class [view]]]

Enable updates to a frozen dynamic zone. If no zone is - specified then all frozen zones are enabled. This causes + specified, then all frozen zones are enabled. This causes the server to reload the zone from disk, and re-enables dynamic updates after the load has completed. After a zone is thawed, dynamic updates will no longer be refused.

-
notify zone - [class - [view]]
-

Resend NOTIFY messages for the zone

reconfig

Reload the configuration file and load new zones, but do not reload existing zone files even if they have changed. @@ -337,17 +333,20 @@ of a server.

named.conf.

dumpdb [-all|-cache|-zone] [view ...]

Dump the server's caches (default) and / or zones to the - dump file for the specified views. If no view is specified all + dump file for the specified views. If no view is specified, all views are dumped.

stop [-p]

Stop the server, making sure any recent changes made through dynamic update or IXFR are first saved to the master files - of the updated zones. If -p is specified named's process id is returned.

+ of the updated zones. If -p is specified named's process id is returned. + This allows an external process to determine when named had completed stopping.

halt [-p]

Stop the server immediately. Recent changes made through dynamic update or IXFR are not saved to the master files, but will be rolled forward from the journal files when the server - is restarted. If -p is specified named's process id is returned.

+ is restarted. If -p is specified named's process id is returned. + This allows an external process to determine when named had completed + stopping.

trace

Increment the servers debugging level by one.

trace level
@@ -361,15 +360,15 @@ of a server.

Flushes the given name from the server's cache.

status

Display status of the server. -Note the number of zones includes the internal bind/CH zone -and the default ./IN hint zone if there is not a +Note that the number of zones includes the internal bind/CH zone +and the default ./IN hint zone if there is not an explicit root zone configured.

recursing

Dump the list of queries named is currently recursing on.

-

In BIND 9.2, rndc +

In BIND 9.2, rndc supports all the commands of the BIND 8 ndc utility except ndc start and ndc restart, which were also @@ -386,7 +385,7 @@ option. If the configuration file is not found, rndc will also look in /etc/rndc.key (or whatever sysconfdir was defined when -the BIND build was configured). +the BIND build was configured). The rndc.key file is generated by running rndc-confgen -a as described in the section called “controls Statement Definition and Usage”.

@@ -412,7 +411,7 @@ the name of a key as its argument, as defined by a rndc should connect if no port is given on the command line or in a server statement.

-

The key statement defines an key to be used +

The key statement defines a key to be used by rndc when authenticating with named. Its syntax is identical to the key statement in named.conf. @@ -474,7 +473,7 @@ a rndc.key file and not modify

-Signals

+Signals

Certain UNIX signals cause the name server to take specific actions, as described in the following table. These signals can be sent using the kill command.

@@ -515,7 +514,7 @@ reload the database.

-Chapter 2. BIND Resource Requirements  +Chapter 2. BIND Resource Requirements  Home  Chapter 4. Advanced DNS Features diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch04.html b/contrib/bind9/doc/arm/Bv9ARM.ch04.html index 8165dbba967..adf2036930d 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch04.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch04.html @@ -1,5 +1,5 @@ - + Chapter 4. Advanced DNS Features - + @@ -49,40 +49,40 @@
Dynamic Update
The journal file
Incremental Zone Transfers (IXFR)
-
Split DNS
+
Split DNS
TSIG
-
Generate Shared Keys for Each Pair of Hosts
-
Copying the Shared Secret to Both Machines
-
Informing the Servers of the Key's Existence
-
Instructing the Server to Use the Key
-
TSIG Key Based Access Control
-
Errors
+
Generate Shared Keys for Each Pair of Hosts
+
Copying the Shared Secret to Both Machines
+
Informing the Servers of the Key's Existence
+
Instructing the Server to Use the Key
+
TSIG Key Based Access Control
+
Errors
-
TKEY
-
SIG(0)
+
TKEY
+
SIG(0)
DNSSEC
-
Generating Keys
-
Signing the Zone
-
Configuring Servers
+
Generating Keys
+
Signing the Zone
+
Configuring Servers
-
IPv6 Support in BIND 9
+
IPv6 Support in BIND 9
-
Address Lookups Using AAAA Records
-
Address to Name Lookups Using Nibble Format
+
Address Lookups Using AAAA Records
+
Address to Name Lookups Using Nibble Format

Notify

-

DNS NOTIFY is a mechanism that allows master +

DNS NOTIFY is a mechanism that allows master servers to notify their slave servers of changes to a zone's data. In response to a NOTIFY from a master server, the slave will check to see that its version of the zone is the current version and, if not, initiate a zone transfer.

-

DNS +

DNS For more information about NOTIFY, see the description of the notify option in the section called “Boolean Options” and @@ -130,7 +130,7 @@ protocol is specified in RFC 1996. journalled in a similar way.

The zone files of dynamic zones cannot normally be edited by hand because they are not guaranteed to contain the most recent - dynamic changes - those are only in the journal file. + dynamic changes — those are only in the journal file. The only way to ensure that the zone file of a dynamic zone is up to date is to run rndc stop.

If you have to make changes to a dynamic zone @@ -139,7 +139,7 @@ protocol is specified in RFC 1996. rndc freeze zone. This will also remove the zone's .jnl file and update the master file. Edit the zone file. Run - rndc unfreeze zone + rndc thaw zone to reload the changed zone and re-enable dynamic updates.

@@ -150,7 +150,7 @@ protocol is specified in RFC 1996. slave servers to transfer only changed data, instead of having to transfer the entire zone. The IXFR protocol is specified in RFC 1995. See Proposed Standards.

-

When acting as a master, BIND 9 +

When acting as a master, BIND 9 supports IXFR for those zones where the necessary change history information is available. These include master zones maintained by dynamic update and slave zones @@ -160,7 +160,7 @@ transfer (AXFR), IXFR is supported only if the option ixfr-from-differences is set to yes.

-

When acting as a slave, BIND 9 will +

When acting as a slave, BIND 9 will attempt to use IXFR unless it is explicitly disabled. For more information about disabling IXFR, see the description of the request-ixfr clause @@ -168,7 +168,7 @@ of the server statement.

-Split DNS

+Split DNS

Setting up different views, or visibility, of the DNS space to internal and external resolvers is usually referred to as a Split DNS setup. There are several reasons an organization @@ -243,7 +243,7 @@ internal clients will now be able to:

  • Look up any hostnames in the site1.internal and site2.internal domains.
  • Look up any hostnames on the Internet.
    • -
  • Exchange mail with internal AND external people.
    • +
  • Exchange mail with both internal AND external people.

    • Hosts on the Internet will be able to:

      @@ -254,7 +254,7 @@ internal clients will now be able to:

    Here is an example configuration for the setup we just described above. Note that this is only configuration information; - for information on how to configure your zone files, see the section called “Sample Configurations”

    + for information on how to configure your zone files, see the section called “Sample Configurations”.

    Internal DNS server config:

     
@@ -355,13 +355,13 @@ nameserver 172.16.72.4
 
    
 TSIG
    
 
    This is a short guide to setting up Transaction SIGnatures
-(TSIG) based transaction security in BIND. It describes changes
+(TSIG) based transaction security in BIND. It describes changes
 to the configuration file as well as what changes are required for
 different features, including the process of creating transaction
-keys and using transaction signatures with BIND.
    
-
    BIND primarily supports TSIG for server to server communication.
+keys and using transaction signatures with BIND.
    
+
    BIND primarily supports TSIG for server to server communication.
 This includes zone transfer, notify, and recursive query messages.
-Resolvers based on newer versions of BIND 8 have limited support
+Resolvers based on newer versions of BIND 8 have limited support
 for TSIG.
    
 
    TSIG might be most useful for dynamic update. A primary
     server for a dynamic zone should use access control to control
@@ -372,18 +372,18 @@ for TSIG.
    
     -y command line options.
    
 
    
 
    
-Generate Shared Keys for Each Pair of Hosts
    
+Generate Shared Keys for Each Pair of Hosts

    A shared secret is generated to be shared between host1 and host2. An arbitrary key name is chosen: "host1-host2.". The key name must be the same on both hosts.

    -Automatic Generation

    -

    The following command will generate a 128 bit (16 byte) HMAC-MD5 +Automatic Generation

    +

    The following command will generate a 128-bit (16 byte) HMAC-MD5 key as described above. Longer keys are better, but shorter keys are easier to read. Note that the maximum key length is 512 bits; -keys longer than that will be digested with MD5 to produce a 128 -bit key.

    +keys longer than that will be digested with MD5 to produce a +128-bit key.

    dnssec-keygen -a hmac-md5 -b 128 -n HOST host1-host2.

    The key is in the file Khost1-host2.+157+00000.private. Nothing directly uses this file, but the base-64 encoded string @@ -395,7 +395,7 @@ be used as the shared secret.

    -Manual Generation

    +Manual Generation

    The shared secret is simply a random sequence of bits, encoded in base-64. Most ASCII strings are valid base-64 strings (assuming the length is a multiple of 4 and only valid characters are used), @@ -406,13 +406,13 @@ a similar program to generate base-64 encoded data.

    -Copying the Shared Secret to Both Machines

    +Copying the Shared Secret to Both Machines

    This is beyond the scope of DNS. A secure transport mechanism should be used. This could be secure FTP, ssh, telephone, etc.

    -Informing the Servers of the Key's Existence

    +Informing the Servers of the Key's Existence

    Imagine host1 and host 2 are both servers. The following is added to each server's named.conf file:

    @@ -421,7 +421,7 @@ key host1-host2. {
   secret "La/E5CjG9O+os1jq0a2jdA==";
 };
    -

    The algorithm, hmac-md5, is the only one supported by BIND. +

    The algorithm, hmac-md5, is the only one supported by BIND. The secret is the one generated above. Since this is a secret, it is recommended that either named.conf be non-world readable, or the key directive be added to a non-world readable @@ -433,7 +433,7 @@ response is signed by the same key.

    -Instructing the Server to Use the Key

    +Instructing the Server to Use the Key

    Since keys are shared between two hosts only, the server must be told when keys are to be used. The following is added to the named.conf file for host1, if the IP address of host2 is @@ -456,8 +456,8 @@ sign request messages to host1.

    -TSIG Key Based Access Control

    -

    BIND allows IP addresses and ranges to be specified in ACL +TSIG Key Based Access Control

    +

    BIND allows IP addresses and ranges to be specified in ACL definitions and allow-{ query | transfer | update } directives. This has been extended to allow TSIG keys also. The above key would @@ -474,13 +474,14 @@ allow-update { key host1-host2. ;};

    -Errors

    +Errors

    The processing of TSIG signed messages can result in - several errors. If a signed message is sent to a non-TSIG aware - server, a FORMERR will be returned, since the server will not - understand the record. This is a result of misconfiguration, - since the server must be explicitly configured to send a TSIG - signed message to a specific server.

    + several errors. If a signed message is sent to a non-TSIG + aware server, a FORMERR (format error) will be returned, since + the server will not understand the record. This is a result + of misconfiguration, since the server must be explicitly + configured to send a TSIG signed message to a specific + server.

    If a TSIG aware server receives a message signed by an unknown key, the response will be unsigned with the TSIG extended error code set to BADKEY. If a TSIG aware server @@ -491,16 +492,16 @@ allow-update { key host1-host2. ;}; the TSIG extended error code set to BADTIME, and the time values will be adjusted so that the response can be successfully verified. In any of these cases, the message's rcode is set to - NOTAUTH.

    + NOTAUTH (not authenticated).

    -TKEY

    +TKEY

    TKEY is a mechanism for automatically generating a shared secret between two hosts. There are several "modes" of TKEY that specify how the key is - generated or assigned. BIND 9 + generated or assigned. BIND 9 implements only one of these modes, the Diffie-Hellman key exchange. Both hosts are required to have a Diffie-Hellman KEY record (although this record is not required @@ -523,29 +524,30 @@ allow-update { key host1-host2. ;};

    -SIG(0)

    -

    BIND 9 partially supports DNSSEC SIG(0) +SIG(0)

    +

    BIND 9 partially supports DNSSEC SIG(0) transaction signatures as specified in RFC 2535 and RFC2931. SIG(0) uses public/private keys to authenticate messages. Access control is performed in the same manner as TSIG keys; privileges can be granted or denied based on the key name.

    When a SIG(0) signed message is received, it will only be verified if the key is known and trusted by the server; the server - will not attempt to locate and/or validate the key.

    + will not attempt to locate and / or validate the key.

    SIG(0) signing of multiple-message TCP streams is not supported.

    -

    The only tool shipped with BIND 9 that +

    The only tool shipped with BIND 9 that generates SIG(0) signed messages is nsupdate.

    DNSSEC

    Cryptographic authentication of DNS information is possible - through the DNS Security (DNSSEC-bis) extensions, - defined in RFC <TBA>. This section describes the creation and use - of DNSSEC signed zones.

    + through the DNS Security (DNSSEC-bis) + extensions, defined in RFC 4033, RFC4034 and RFC4035. This + section describes the creation and use of DNSSEC signed + zones.

    In order to set up a DNSSEC secure zone, there are a series - of steps which must be followed. BIND 9 ships + of steps which must be followed. BIND 9 ships with several tools that are used in this process, which are explained in more detail below. In all cases, the -h option prints a @@ -557,7 +559,7 @@ allow-update { key host1-host2. ;};

    There must also be communication with the administrators of the parent and/or child zone to transmit keys. A zone's security status must be indicated by the parent zone for a DNSSEC capable - resolver to trust its data. This is done through the presense + resolver to trust its data. This is done through the presence or absence of a DS record at the delegation point.

    For other servers to trust data in this zone, they must @@ -565,7 +567,7 @@ allow-update { key host1-host2. ;}; zone key of another zone above this one in the DNS tree.

    -Generating Keys

    +Generating Keys

    The dnssec-keygen program is used to generate keys.

    A secure zone must contain one or more zone keys. The @@ -576,7 +578,7 @@ allow-update { key host1-host2. ;}; It is recommended that zone keys use a cryptographic algorithm designated as "mandatory to implement" by the IETF; currently the only one is RSASHA1.

    -

    The following command will generate a 768 bit RSASHA1 key for +

    The following command will generate a 768-bit RSASHA1 key for the child.example zone:

    dnssec-keygen -a RSASHA1 -b 768 -n ZONE child.example.

    Two output files will be produced: @@ -598,7 +600,7 @@ allow-update { key host1-host2. ;};

    -Signing the Zone

    +Signing the Zone

    The dnssec-signzone program is used to sign a zone.

    Any keyset files corresponding @@ -606,7 +608,7 @@ allow-update { key host1-host2. ;}; generate NSEC and RRSIG records for the zone, as well as DS for the child zones if '-d' is specified. - If '-d' is not specified then DS RRsets for + If '-d' is not specified, then DS RRsets for the secure child zones need to be added manually.

    The following command signs the zone, assuming it is in a file called zone.child.example. By @@ -625,48 +627,122 @@ allow-update { key host1-host2. ;};

    -Configuring Servers

    -

    Unlike BIND 8, -BIND 9 does not verify signatures on load, -so zone keys for authoritative zones do not need to be specified -in the configuration file.

    -

    The public key for any security root must be present in -the configuration file's trusted-keys -statement, as described later in this document.

    +Configuring Servers
    +

    + To enable named to respond appropriately + to DNS requests from DNSSEC aware clients, + dnssec-enable must be set to yes. +

    +

    + To enable named to validate answers from + other servers dnssec-enable and + some trusted-keys must be configured + into named.conf. +

    +

    + trusted-keys are copies of DNSKEY RRs + for zones that are used to form the first link in the + cryptographic chain of trust. All keys listed in + trusted-keys (and corresponding zones) + are deemed to exist and only the listed keys will be used + to validated the DNSKEY RRset that they are from. +

    +

    + trusted-keys are described in more detail + later in this document. +

    +

    + Unlike BIND 8, BIND + 9 does not verify signatures on load, so zone keys for + authoritative zones do not need to be specified in the + configuration file. +

    +

    + After DNSSEC gets established, a typical DNSSEC configuration + will look something like the following. It has a one or + more public keys for the root. This allows answers from + outside the organization to be validated. It will also + have several keys for parts of the namespace the organization + controls. These are here to ensure that named is immune + to compromises in the DNSSEC components of the security + of parent zones. +

    +
    +trusted-keys {
+
+	/* Root Key */
+"." 257 3 3 "BNY4wrWM1nCfJ+CXd0rVXyYmobt7sEEfK3clRbGaTwSJxrGkxJWoZu6I7PzJu/
+	     E9gx4UC1zGAHlXKdE4zYIpRhaBKnvcC2U9mZhkdUpd1Vso/HAdjNe8LmMlnzY3
+	     zy2Xy4klWOADTPzSv9eamj8V18PHGjBLaVtYvk/ln5ZApjYghf+6fElrmLkdaz
+	     MQ2OCnACR817DF4BBa7UR/beDHyp5iWTXWSi6XmoJLbG9Scqc7l70KDqlvXR3M
+	     /lUUVRbkeg1IPJSidmK3ZyCllh4XSKbje/45SKucHgnwU5jefMtq66gKodQj+M
+	     iA21AfUVe7u99WzTLzY3qlxDhxYQQ20FQ97S+LKUTpQcq27R7AT3/V5hRQxScI
+	     Nqwcz4jYqZD2fQdgxbcDTClU0CRBdiieyLMNzXG3";
+
+/* Key for our organization's forward zone */
+example.com. 257 3 5 "AwEAAaxPMcR2x0HbQV4WeZB6oEDX+r0QM65KbhTjrW1ZaARmPhEZZe
+                      3Y9ifgEuq7vZ/zGZUdEGNWy+JZzus0lUptwgjGwhUS1558Hb4JKUbb
+	              OTcM8pwXlj0EiX3oDFVmjHO444gLkBO UKUf/mC7HvfwYH/Be22GnC
+		      lrinKJp1Og4ywzO9WglMk7jbfW33gUKvirTHr25GL7STQUzBb5Usxt
+		      8lgnyTUHs1t3JwCY5hKZ6CqFxmAVZP20igTixin/1LcrgX/KMEGd/b
+		      iuvF4qJCyduieHukuY3H4XMAcR+xia2 nIUPvm/oyWR8BW/hWdzOvn
+		      SCThlHf3xiYleDbt/o1OTQ09A0=";
+
+/* Key for our reverse zone. */
+2.0.192.IN-ADDRPA.NET. 257 3 5 "AQOnS4xn/IgOUpBPJ3bogzwcxOdNax071L18QqZnQQQA
+                                VVr+iLhGTnNGp3HoWQLUIzKrJVZ3zggy3WwNT6kZo6c0
+				tszYqbtvchmgQC8CzKojM/W16i6MG/ea fGU3siaOdS0
+				yOI6BgPsw+YZdzlYMaIJGf4M4dyoKIhzdZyQ2bYQrjyQ
+				4LB0lC7aOnsMyYKHHYeRv PxjIQXmdqgOJGq+vsevG06
+			        zW+1xgYJh9rCIfnm1GX/KMgxLPG2vXTD/RnLX+D3T3UL
+				7HJYHJhAZD5L59VvjSPsZJHeDCUyWYrvPZesZDIRvhDD
+				52SKvbheeTJUm6EhkzytNN2SN96QRk8j/iI8ib";
+};
+
+options {
+	...
+	dnssec-enable yes;
+};
+
    +
    +

    Note

    + None of the keys listed in this example are valid. In particular, + the root key is not valid. +

    -IPv6 Support in BIND 9

    -

    BIND 9 fully supports all currently defined forms of IPv6 +IPv6 Support in BIND 9

    +

    BIND 9 fully supports all currently defined forms of IPv6 name to address and address to name lookups. It will also use IPv6 addresses to make queries when running on an IPv6 capable system.

    -

    For forward lookups, BIND 9 supports only AAAA +

    For forward lookups, BIND 9 supports only AAAA records. The use of A6 records is deprecated by RFC 3363, and the - support for forward lookups in BIND 9 is + support for forward lookups in BIND 9 is removed accordingly. - However, authoritative BIND 9 name servers still + However, authoritative BIND 9 name servers still load zone files containing A6 records correctly, answer queries for A6 records, and accept zone transfer for a zone containing A6 records.

    -

    For IPv6 reverse lookups, BIND 9 supports +

    For IPv6 reverse lookups, BIND 9 supports the traditional "nibble" format used in the ip6.arpa domain, as well as the older, deprecated ip6.int domain. - BIND 9 formerly + BIND 9 formerly supported the "binary label" (also known as "bitstring") format. The support of binary labels, however, is now completely removed according to the changes in RFC 3363. - Any applications in BIND 9 do not understand + Any applications in BIND 9 do not understand the format any more, and will return an error if given. - In particular, an authoritative BIND 9 name + In particular, an authoritative BIND 9 name server rejects to load a zone file containing binary labels.

    For an overview of the format and structure of IPv6 addresses, see the section called “IPv6 addresses (AAAA)”.

    -Address Lookups Using AAAA Records

    +Address Lookups Using AAAA Records

    The AAAA record is a parallel to the IPv4 A record. It specifies the entire address in a single record. For example,

    @@ -681,7 +757,7 @@ host 3600 IN AAAA 2001:db8::1

    -Address to Name Lookups Using Nibble Format

    +Address to Name Lookups Using Nibble Format

    When looking up an address in nibble format, the address components are simply reversed, just as in IPv4, and ip6.arpa. is appended to the resulting name. @@ -708,7 +784,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. Chapter 3. Name Server Configuration  Home - Chapter 5. The BIND 9 Lightweight Resolver + Chapter 5. The BIND 9 Lightweight Resolver diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch05.html b/contrib/bind9/doc/arm/Bv9ARM.ch05.html index 1720660b65a..51abc5857ff 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch05.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch05.html @@ -1,5 +1,5 @@ - + Chapter 5. The BIND 9 Lightweight Resolver - + @@ -28,7 +28,7 @@

    - + @@ -41,17 +41,17 @@

    -Chapter 5. The BIND 9 Lightweight Resolver

    +Chapter 5. The BIND 9 Lightweight Resolver

    Table of Contents

    -
    The Lightweight Resolver Library
    +
    The Lightweight Resolver Library
    Running a Resolver Daemon

    -The Lightweight Resolver Library

    +The Lightweight Resolver Library

    Traditionally applications have been linked with a stub resolver library that sends recursive DNS queries to a local caching name server.

    @@ -60,7 +60,7 @@ such as following A6 chains and DNAME records, and simultaneous lookup of IPv4 and IPv6 addresses. Though most of the complexity was then removed, these are hard or impossible to implement in a traditional stub resolver.

    -

    Instead, BIND 9 provides resolution services to local clients +

    Instead, BIND 9 provides resolution services to local clients using a combination of a lightweight resolver library and a resolver daemon process running on the local host. These communicate using a simple UDP-based protocol, the "lightweight resolver protocol" @@ -107,7 +107,7 @@ be configured to act as a lightweight resolver daemon using the

    - +
    Chapter 5. The BIND 9 Lightweight Resolver
    Chapter 5. The BIND 9 Lightweight Resolver
    Prev 
    Chapter 4. Advanced DNS Features  Home Chapter 6. BIND 9 Configuration Reference Chapter 6. BIND 9 Configuration Reference
    diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch06.html b/contrib/bind9/doc/arm/Bv9ARM.ch06.html index 4b5300069d1..1474685df1d 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch06.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch06.html @@ -1,5 +1,5 @@ - + Chapter 6. BIND 9 Configuration Reference - + @@ -28,7 +28,7 @@
    - + @@ -41,70 +41,70 @@

    -Chapter 6. BIND 9 Configuration Reference

    +Chapter 6. BIND 9 Configuration Reference

    Table of Contents

    Configuration File Elements
    Address Match Lists
    -
    Comment Syntax
    +
    Comment Syntax
    Configuration File Grammar
    -
    acl Statement Grammar
    +
    acl Statement Grammar
    acl Statement Definition and Usage
    -
    controls Statement Grammar
    +
    controls Statement Grammar
    controls Statement Definition and Usage
    -
    include Statement Grammar
    -
    include Statement Definition and Usage
    -
    key Statement Grammar
    -
    key Statement Definition and Usage
    -
    logging Statement Grammar
    -
    logging Statement Definition and Usage
    -
    lwres Statement Grammar
    -
    lwres Statement Definition and Usage
    -
    masters Statement Grammar
    -
    masters Statement Definition and Usage
    -
    options Statement Grammar
    +
    include Statement Grammar
    +
    include Statement Definition and Usage
    +
    key Statement Grammar
    +
    key Statement Definition and Usage
    +
    logging Statement Grammar
    +
    logging Statement Definition and Usage
    +
    lwres Statement Grammar
    +
    lwres Statement Definition and Usage
    +
    masters Statement Grammar
    +
    masters Statement Definition and Usage
    +
    options Statement Grammar
    options Statement Definition and Usage
    server Statement Grammar
    server Statement Definition and Usage
    -
    trusted-keys Statement Grammar
    -
    trusted-keys Statement Definition -and Usage
    +
    trusted-keys Statement Grammar
    +
    trusted-keys Statement Definition + and Usage
    view Statement Grammar
    -
    view Statement Definition and Usage
    +
    view Statement Definition and Usage
    zone Statement Grammar
    -
    zone Statement Definition and Usage
    +
    zone Statement Definition and Usage
    -
    Zone File
    +
    Zone File
    Types of Resource Records and When to Use Them
    -
    Discussion of MX Records
    +
    Discussion of MX Records
    Setting TTLs
    -
    Inverse Mapping in IPv4
    -
    Other Zone File Directives
    -
    BIND Master File Extension: the $GENERATE Directive
    +
    Inverse Mapping in IPv4
    +
    Other Zone File Directives
    +
    BIND Master File Extension: the $GENERATE Directive
    -

    BIND 9 configuration is broadly similar -to BIND 8; however, there are a few new areas -of configuration, such as views. BIND -8 configuration files should work with few alterations in BIND +

    BIND 9 configuration is broadly similar +to BIND 8; however, there are a few new areas +of configuration, such as views. BIND +8 configuration files should work with few alterations in BIND 9, although more complex configurations should be reviewed to check if they can be more efficiently implemented using the new features -found in BIND 9.

    -

    BIND 4 configuration files can be converted to the new format +found in BIND 9.

    +

    BIND 4 configuration files can be converted to the new format using the shell script contrib/named-bootconf/named-bootconf.sh.

    Configuration File Elements

    -

    Following is a list of elements used throughout the BIND configuration +

    Following is a list of elements used throughout the BIND configuration file documentation:

    Chapter 6. BIND 9 Configuration Reference
    Chapter 6. BIND 9 Configuration Reference
    Prev 
    @@ -167,7 +167,7 @@ ambiguity, and need to be disambiguated.

    @@ -191,7 +191,7 @@ separated by semicolons and ending with a semicolon.

    - @@ -244,7 +244,7 @@ are restricted to slave and stub zones.

    Address Match Lists

    -Syntax

    +Syntax
    address_match_list = address_match_list_element ;
   [ address_match_list_element; ... ]
 address_match_list_element = [ ! ] (ip_address [/length] |
@@ -253,7 +253,7 @@ are restricted to slave and stub zones.
    
 
 
    
 
    
-Definition and Usage
    
+Definition and Usage
    
 
    Address match lists are primarily used to determine access
 control for various server operations. They are also used in
 the listen-on and sortlist
@@ -303,29 +303,29 @@ other 1.2.3.* hosts fall through.
    
 
 
    
 
    
-Comment Syntax
    
-
    The BIND 9 comment syntax allows for comments to appear
-anywhere that white space may appear in a BIND configuration
+Comment Syntax
    
+
    The BIND 9 comment syntax allows for comments to appear
+anywhere that white space may appear in a BIND configuration
 file. To appeal to programmers of all kinds, they can be written
 in the C, C++, or shell/perl style.
    
 
    
 
    
-Syntax
    
-
    /* This is a BIND comment as in C */
    
+Syntax
    
+
    /* This is a BIND comment as in C */
    
 
    
 
    
-
    // This is a BIND comment as in C++
    
+
    // This is a BIND comment as in C++
    
 
    
 
    
-
    # This is a BIND comment as in common UNIX shells and perl
    
+
    # This is a BIND comment as in common UNIX shells and perl
    
 
    
       
    
 
 
    
 
    
-Definition and Usage
    
-
    Comments may appear anywhere that whitespace may appear in
-a BIND configuration file.
    
+Definition and Usage
    
+
    Comments may appear anywhere that white space may appear in
+a BIND configuration file.
    
 
    C-style comments start with the two characters /* (slash,
 star) and end with */ (star, slash). Because they are completely
 delimited with these characters, they can be used to comment only
@@ -369,7 +369,7 @@ physical line, as in C++ comments.
    
 
    
 
    
 Configuration File Grammar
    
-
    A BIND 9 configuration consists of statements and comments.
+
    A BIND 9 configuration consists of statements and comments.
     Statements end with a semicolon. Statements and comments are the
     only elements that can appear without enclosing braces. Many
     statements contain a block of sub-statements, which are also
@@ -408,7 +408,7 @@ the log messages are sent.
    +also act as a light-weight resolver daemon (lwresd).

    @@ -444,7 +444,7 @@ a per-server basis.

    configuration.

    -acl Statement Grammar

    +acl Statement Grammar
    acl acl-name { 
     address_match_list 
 };
@@ -495,7 +495,7 @@ IPv6 addresses, just like localhost
 
    
 
    
-controls Statement Grammar
    
+controls Statement Grammar
    
 
    controls {
    inet ( ip_addr | * ) [ port ip_port ] allow {  address_match_list  }
                 keys {  key_list  };
@@ -516,7 +516,7 @@ IPv6 addresses, just like localhostip_port on the specified
       ip_addr, which can be an IPv4 or IPv6
       address.  An ip_addr
-      of * is interpreted as the IPv4 wildcard
+      of * (asterisk) is interpreted as the IPv4 wildcard
       address; connections will be accepted on any of the system's
       IPv4 addresses.  To listen on the IPv6 wildcard address,
       use an ip_addr of ::.
@@ -527,7 +527,7 @@ IPv6 addresses, just like localhost
 
    
       If no port is specified, port 953
-      is used.  "*" cannot be used for
+      is used.  The asterisk "*" cannot be used for
       ip_port.
    
 
    The ability to issue commands over the control channel is
       restricted by the allow and
@@ -557,17 +557,17 @@ is present but does not have a keysnamed will attempt to load the command channel key
 from the file rndc.key in
 /etc (or whatever sysconfdir
-was specified as when BIND was built).
+was specified as when BIND was built).
 To create a rndc.key file, run
 rndc-confgen -a.
 
    
 
    The rndc.key feature was created to
-      ease the transition of systems from BIND 8,
+      ease the transition of systems from BIND 8,
       which did not have digital signatures on its command channel messages
       and thus did not have a keys clause.
 
-It makes it possible to use an existing BIND 8
-configuration file in BIND 9 unchanged,
+It makes it possible to use an existing BIND 8
+configuration file in BIND 9 unchanged,
 and still have rndc work the same way
 ndc worked in BIND 8, simply by executing the
 command rndc-confgen -a after BIND 9 is
@@ -576,7 +576,7 @@ installed.
 
    
       Since the rndc.key feature
       is only intended to allow the backward-compatible usage of
-      BIND 8 configuration files, this feature does not
+      BIND 8 configuration files, this feature does not
       have a high degree of configurability.  You cannot easily change
       the key name or the size of the secret, so you should make a
       rndc.conf with your own key if you wish to change
@@ -584,13 +584,14 @@ installed.
       permissions set such that only the owner of the file (the user that
       named is running as) can access it.  If you
       desire greater flexibility in allowing other users to access
-      rndc commands then you need to create an
-      rndc.conf and make it group readable by a group
+      rndc commands, then you need to create a
+      rndc.conf file and make it group readable by a group
       that contains the users who should have access.
    
-
    The UNIX control channel type of BIND 8 is not supported
-      in BIND 9, and is not expected to be added in future
-      releases.  If it is present in the controls statement from a
-      BIND 8 configuration file, it is ignored
+
    The UNIX control channel type of BIND 8 is not supported
+      in BIND 9.0, BIND 9.1,
+      BIND 9.2 and BIND 9.3.
+      If it is present in the controls statement from a
+      BIND 8 configuration file, it is ignored
       and a warning is logged.
    
 
    
 To disable the command channel, use an empty controls
@@ -599,12 +600,12 @@ statement: controls { };.
 
 
    
 
    
-include Statement Grammar
    
+include Statement Grammar
    
 
    include filename;
    
 
 
    
 
    
-include Statement Definition and Usage
    
+include Statement Definition and Usage
    
 
    The include statement inserts the
       specified file at the point where the include
       statement is encountered. The include
@@ -615,7 +616,7 @@ statement: controls { };.
 
 
    
 
    
-key Statement Grammar
    
+key Statement Grammar
    
 
    key key_id {
     algorithm string;
     secret string;
@@ -624,7 +625,7 @@ statement: controls { };.
 
 
    
 
    
-key Statement Definition and Usage
    
+key Statement Definition and Usage
    
 
    The key statement defines a shared
 secret key for use with TSIG (see the section called “TSIG”)
 or the command channel
@@ -656,7 +657,7 @@ string.
    
 
 
    
 
    
-logging Statement Grammar
    
+logging Statement Grammar
    
 
    logging {
    [ channel channel_name {
      ( file path name
@@ -680,7 +681,7 @@ string.
    
 
 
    
 
    
-logging Statement Definition and Usage
    
+logging Statement Definition and Usage
    
 
    The logging statement configures a wide
 variety of logging options for the name server. Its channel phrase
 associates output methods, format options and severity levels with
@@ -694,8 +695,8 @@ the logging configuration will be:
    
      category unmatched { null; };
 };
 
    
-
    In BIND 9, the logging configuration is only established when
-the entire configuration file has been parsed.  In BIND 8, it was
+
    In BIND 9, the logging configuration is only established when
+the entire configuration file has been parsed.  In BIND 8, it was
 established as soon as the logging statement
 was parsed. When the server is starting up, all logging messages
 regarding syntax errors in the configuration file go to the default
@@ -703,7 +704,7 @@ channels, or to standard error if the "-g" option
 was specified.
    
 
    
 
    
-The channel Phrase
    
+The channel Phrase
    
 
    All log output goes to one or more channels;
 you can make as many of them as you want.
    
 
    Every channel definition must include a destination clause that
@@ -723,8 +724,8 @@ both on how large the file is allowed to become, and how many versions
 of the file will be saved each time the file is opened.
    
 
    If you use the versions log file option, then
 named will retain that many backup versions of the file by
-renaming them when opening.  For example, if you choose to keep 3 old versions
-of the file lamers.log then just before it is opened
+renaming them when opening.  For example, if you choose to keep three old versions
+of the file lamers.log, then just before it is opened
 lamers.log.1 is renamed to
 lamers.log.2, lamers.log.0 is renamed
 to lamers.log.1, and lamers.log is
@@ -794,7 +795,7 @@ level is set either by starting the named
 with the -d flag followed by a positive integer,
 or by running rndc trace.
 The global debug level
-can be set to zero, and debugging mode turned off, by running ndc
+can be set to zero, and debugging mode turned off, by running rndc
 notrace. All debugging messages in the server have a debug
 level, and higher debug levels give more detailed output. Channels
 that specify a specific debug severity, for example:
    
@@ -853,7 +854,7 @@ channel null {
 
    
 
    The default_debug channel has the special
 property that it only produces output when the server's debug level is
-nonzero.  It normally writes to a file named.run
+nonzero.  It normally writes to a file called named.run
 in the server's working directory.
    
 
    For security reasons, when the "-u"
 command line option is used, the named.run file
@@ -895,7 +896,7 @@ category notify { null; };
 
    
 
    Following are the available categories and brief descriptions
 of the types of log information they contain. More
-categories may be added in future BIND releases.
    
+categories may be added in future BIND releases.

    An IP port number. number is limited to 0 through 65535, with values below 1024 typically restricted to use by processes running as root. -In some cases an asterisk (`*') character can be used as a placeholder to +In some cases, an asterisk (`*') character can be used as a placeholder to select a random high-numbered port.

    number

    A non-negative 32 bit integer +

    A non-negative 32-bit integer (i.e., a number between 0 and 4294967295, inclusive). Its acceptable value might further be limited by the context in which it is used.

    lwres

    configures named to -also act as a light weight resolver daemon (lwresd).

    masters
    @@ -972,12 +973,12 @@ the null channel.

     - + - +

    Specify where queries should be logged to.

    -At startup, specifing the category queries will also +At startup, specifying the category queries will also enable query logging unless querylog option has been specified.

    -The query log entry reports the client's IP address and port number. The +The query log entry reports the client's IP address and port number, and the query name, class and type. It also reports whether the Recursion Desired flag was set (+ if set, - if not set), EDNS was in use (E) or if the query was signed (S).

    @@ -1018,7 +1019,7 @@ a delegation-only in a hint or stu

    -lwres Statement Grammar

    +lwres Statement Grammar

    This is the grammar of the lwres statement in the named.conf file:

    lwres {
@@ -1031,10 +1032,10 @@ statement in the named.conf file:
    
 
 
    
 
    
-lwres Statement Definition and Usage
    
+lwres Statement Definition and Usage
    
 
    The lwres statement configures the name
-server to also act as a lightweight resolver server, see
-the section called “Running a Resolver Daemon”.  There may be be multiple
+server to also act as a lightweight resolver server. (See
+the section called “Running a Resolver Daemon”.)  There may be be multiple
 lwres statements configuring
 lightweight resolver servers with different properties.
    
 
    The listen-on statement specifies a list of
@@ -1059,20 +1060,20 @@ exact match lookup before search path elements are appended.
    
 
 
    
 
    
-masters Statement Grammar
    
+masters Statement Grammar
    
 
     masters name [port ip_port] { ( masters_list | ip_addr [port ip_port] [key key] ) ; [...] } ; 
 
    
 
 
    
 
    
-masters Statement Definition and Usage 
    
+masters Statement Definition and Usage 
    
 
    masters lists allow for a common set of masters
 to be easily used by multiple stub and slave zones.
    
 
 
    
 
    
-options Statement Grammar
    
+options Statement Grammar
    
 
    This is the grammar of the options
 statement in the named.conf file:
    
 
    options {
@@ -1084,6 +1085,7 @@ statement in the named.conf file:
    
     [ named-xfer path_name; ]
     [ tkey-domain domainname; ]
     [ tkey-dhkey key_name key_tag; ]
+    [ cache-file path_name; ]
     [ dump-file path_name; ]
     [ memstatistics-file path_name; ]
     [ pid-file path_name; ]
@@ -1190,7 +1192,7 @@ statement in the named.conf file:
    
 
    
 options Statement Definition and Usage
    
 
    The options statement sets up global options
-to be used by BIND. This statement may appear only
+to be used by BIND. This statement may appear only
 once in a configuration file. If there is no options
 statement, an options block with each option set to its default will
 be used.
    
@@ -1210,9 +1212,9 @@ if different than the current working directory.  The directory specified
 must be an absolute path.
    
 
    named-xfer
    
 
    This option is obsolete.
-It was used in BIND 8 to
+It was used in BIND 8 to
 specify the pathname to the named-xfer program.
-In BIND 9, no separate named-xfer program is
+In BIND 9, no separate named-xfer program is
 needed; its functionality is built into the name server.
    
 
    tkey-domain
    
 
    The domain appended to the names of all
@@ -1231,6 +1233,10 @@ to generate shared keys with clients using the Diffie-Hellman mode
 of TKEY. The server must be able to load the
 public and private keys from files in the working directory. In
 most cases, the keyname should be the server's host name.
    
+
    cache-file
    
+
    
+		This is for testing only.  Do not use.
+              
    
 
    dump-file
    
 
    The pathname of the file the server dumps
 the database to when instructed to do so with
@@ -1254,7 +1260,7 @@ double quotes.
    
 to when instructed to do so using rndc stats.
 If not specified, the default is named.stats in the
 server's current directory.  The format of the file is described
-in the section called “The Statistics File”
    
+in the section called “The Statistics File”.
    
 
    port
    
 
    
 The UDP/TCP port number the server uses for 
@@ -1277,18 +1283,18 @@ the initial configuration load at server startup time and
 is ignored on subsequent reloads.
    
 
    preferred-glue
    
 
    
-If specified the listed type (A or AAAA) will be emitted before other glue
+If specified, the listed type (A or AAAA) will be emitted before other glue
 in the additional section of a query response.
-The default is not to preference any type (NONE).
+The default is not to prefer any type (NONE).
 
    
 
    root-delegation-only
    
 
    
 
    
-Turn on enforcement of delegation-only in TLDs and root zones with an optional
-exclude list.
+Turn on enforcement of delegation-only in TLDs (top level domains)
+and root zones with an optional exclude list.
 
    
 
    
-Note some TLDs are NOT delegation only (e.g. "DE", "LV", "US" and "MUSEUM").
+Note some TLDs are not delegation only (e.g. "DE", "LV", "US" and "MUSEUM").
 
    
 
     options {
@@ -1304,7 +1310,7 @@ Only the most specific will be applied.
 
    
 
    dnssec-lookaside
    
 
    
-When set dnssec-lookaside provides the
+When set, dnssec-lookaside provides the
 validator with an alternate method to validate DNSKEY records at the
 top of a zone.  When a DNSKEY is at or below a domain specified by the
 deepest dnssec-lookaside, and the normal dnssec validation
@@ -1315,10 +1321,10 @@ record does) the DNSKEY RRset is deemed to be trusted.
 
    
 
    dnssec-must-be-secure
    
 
    
-Specify heirarchies which must / may not be secure (signed and validated).
-If yes then named will only accept answers if they
+Specify heirarchies which must be or may not be secure (signed and validated).
+If yes, then named will only accept answers if they
 are secure.
-If no then normal dnssec validation applies
+If no, then normal dnssec validation applies
 allowing for insecure answers to be accepted.
 The specified domain must be under a trusted-key or
 dnssec-lookaside must be active.
@@ -1332,17 +1338,17 @@ The specified domain must be under a trusted-key
    If yes, then the AA bit
 is always set on NXDOMAIN responses, even if the server is not actually
 authoritative. The default is no; this is
-a change from BIND 8. If you are using very old DNS software, you
+a change from BIND 8. If you are using very old DNS software, you
 may need to set it to yes.
    
 
    deallocate-on-exit
    
-
    This option was used in BIND 8 to enable checking
-for memory leaks on exit. BIND 9 ignores the option and always performs
+
    This option was used in BIND 8 to enable checking
+for memory leaks on exit. BIND 9 ignores the option and always performs
 the checks.
    
 
    dialup
    
 
    
 
    If yes, then the
 server treats all zones as if they are doing zone transfers across
-a dial on demand dialup link, which can be brought up by traffic
+a dial-on-demand dialup link, which can be brought up by traffic
 originating from this server. This has different effects according
 to zone type and concentrates the zone maintenance so that it all
 happens in a short interval, once every heartbeat-interval and
@@ -1353,7 +1359,7 @@ may also be specified in the view
 zone statements,
 in which case it overrides the global dialup
 option.
    
-
    If the zone is a master zone then the server will send out a NOTIFY 
+
    If the zone is a master zone, then the server will send out a NOTIFY 
 request to all the slaves (default). This should trigger the zone serial
 number check in the slave (providing it supports NOTIFY) allowing the slave
 to verify the zone while the connection is active.
@@ -1428,9 +1434,9 @@ processing.
    
 dialup.
    
 
    
 
    fake-iquery
    
-
    In BIND 8, this option
+
    In BIND 8, this option
 enabled simulating the obsolete DNS query type
-IQUERY. BIND 9 never does IQUERY simulation.
+IQUERY. BIND 9 never does IQUERY simulation.
 
    
 
    fetch-glue
    
 
    This option is obsolete.
@@ -1441,12 +1447,12 @@ data section of a response.  This is now considered a bad idea
 and BIND 9 never does it.
    
 
    flush-zones-on-shutdown
    
 
    When the nameserver exits due receiving SIGTERM,
-flush / do not flush any pending zone writes.  The default is
+flush or do not flush any pending zone writes.  The default is
 flush-zones-on-shutdown no.
 
    
 
    has-old-clients
    
 
    This option was incorrectly implemented
-in BIND 8, and is ignored by BIND 9.
+in BIND 8, and is ignored by BIND 9.
 To achieve the intended effect
 of
 has-old-clients yes, specify
@@ -1460,8 +1466,8 @@ Not implemented in BIND 9.
 
    
 
    maintain-ixfr-base
    
 
    This option is obsolete.
- It was used in BIND 8 to determine whether a transaction log was
-kept for Incremental Zone Transfer. BIND 9 maintains a transaction
+ It was used in BIND 8 to determine whether a transaction log was
+kept for Incremental Zone Transfer. BIND 9 maintains a transaction
 log whenever possible.  If you need to disable outgoing incremental zone
 transfers, use provide-ixfr no.
 
    
@@ -1473,9 +1479,9 @@ negative responses).  This may improve the performance of the server.
 The default is no.
 
    
 
    multiple-cnames
    
-
    This option was used in BIND 8 to allow
+
    This option was used in BIND 8 to allow
 a domain name to have multiple CNAME records in violation of the
-DNS standards.  BIND 9.2 always strictly
+DNS standards.  BIND 9.2 always strictly
 enforces the CNAME rules both in master files and dynamic updates.
 
    
 
    notify
    
@@ -1519,12 +1525,12 @@ cause the server to send NS records along with the SOA record for negative
 answers. The default is no.
    
 
    
 
    Note
    
-
    Not yet implemented in BIND 9.
    
+
    Not yet implemented in BIND 9.
    
 
    
 
 
    use-id-pool
    
 
    This option is obsolete.
-BIND 9 always allocates query IDs from a pool.
+BIND 9 always allocates query IDs from a pool.
 
    
 
    zone-statistics
    
 
    If yes, the server will collect
@@ -1545,20 +1551,20 @@ in provide-ixfr in
-the section called “server Statement Definition and Usage”
+the section called “server Statement Definition and Usage”.
 
    
 
    request-ixfr
    
 
    
 See the description of
 request-ixfr in
-the section called “server Statement Definition and Usage”
+the section called “server Statement Definition and Usage”.
 
    
 
    treat-cr-as-space
    
-
    This option was used in BIND 8 to make
+
    This option was used in BIND 8 to make
 the server treat carriage return ("\r") characters the same way
 as a space or tab character,
 to facilitate loading of zone files on a UNIX system that were generated
-on an NT or DOS machine. In BIND 9, both UNIX "\n"
+on an NT or DOS machine. In BIND 9, both UNIX "\n"
 and NT/DOS "\r\n" newlines are always accepted,
 and the option is ignored.
    
 
    
@@ -1632,7 +1638,7 @@ The use of this option for any other purpose is discouraged.
 
    ixfr-from-differences
    
 
    
 
    
-When 'yes' and the server loads a new version of a master
+When  yes and the server loads a new version of a master
 zone from its zone file or receives a new version of a slave
 file by a non-incremental zone transfer, it will compare
 the new version to the previous one and calculate a set
@@ -1655,20 +1661,20 @@ difference set.
 
    multi-master
    
 
    
 This should be set when you have multiple masters for a zone and the
-addresses refer to different machines.  If 'yes' named will not log
+addresses refer to different machines.  If yes, named will not log
 when the serial number on the master is less than what named currently
 has.  The default is no.
 
    
 
    dnssec-enable
    
 
    
-Enable DNSSEC support in named.  Unless set to yes
+Enable DNSSEC support in named.  Unless set to yes,
 named behaves as if it does not support DNSSEC.
 The default is no.
 
    
 
    querylog
    
 
    
-Specify whether query logging should be started when named start.
-If querylog is not specified then the query logging
+Specify whether query logging should be started when named starts.
+If querylog is not specified, then the query logging
 is determined by the presence of the logging category queries.
 
    
 
    check-names
    
@@ -1679,10 +1685,10 @@ certain domain names in master files and/or DNS responses received
 from the network.  The default varies according to usage area.  For
 master zones the default is fail.
 For slave zones the default is warn.
-For answer received from the network (response)
+For answers received from the network (response)
 the default is ignore.
 
    
-
    The rules for legal hostnames / mail domains are derived from RFC 952
+
    The rules for legal hostnames and mail domains are derived from RFC 952
 and RFC 821 as modified by RFC 1123.
 
    
 
    check-names applies to the owner names of A, AAA and
@@ -1696,7 +1702,7 @@ IN-ADDR.ARPA, IP6.ARPA, IP6.INT).
 
 
    
 
    
-Forwarding
    
+Forwarding
    
 
    The forwarding facility can be used to create a large site-wide
 cache on a few servers, reducing traffic over links to external
 name servers. It can also be used to allow queries by servers that
@@ -1708,8 +1714,8 @@ its cache.
    
 
    forward
    
 
    This option is only meaningful if the
 forwarders list is not empty. A value of first,
-the default, causes the server to query the forwarders first, and
-if that doesn't answer the question the server will then look for
+the default, causes the server to query the forwarders first — and
+if that doesn't answer the question, the server will then look for
 the answer itself. If only is specified, the
 server will only query the forwarders.
 
    
@@ -1728,16 +1734,16 @@ Statement Grammar”.
    
 
 
    
 
    
-Dual-stack Servers
    
+Dual-stack Servers
    
 
    Dual-stack servers are used as servers of last resort to work around
 problems in reachability due the lack of support for either IPv4 or IPv6
 on the host machine.
    
 
    
 
    dual-stack-servers
    
-
    Specifies host names / addresses of machines with access to
-both IPv4 and IPv6 transports. If a hostname is used the server must be able
+
    Specifies host names or addresses of machines with access to
+both IPv4 and IPv6 transports. If a hostname is used, the server must be able
 to resolve the name using only the transport it has.  If the machine is dual
-stacked then the dual-stack-servers have no effect unless
+stacked, then the dual-stack-servers have no effect unless
 access to a transport has been disabled on the command line
 (e.g. named -4).
    
 
    
@@ -1809,7 +1815,7 @@ from these addresses will not be responded to. The default is 
 
    
-Interfaces
    
+Interfaces
 
    The interfaces and ports that the server will answer queries
 from may be specified using the listen-on option. listen-on takes
 an optional port, and an address_match_list.
@@ -1859,17 +1865,17 @@ the server will not listen on any IPv6 address.
    
 
 
    
 
    
-Query Address
    
+Query Address
    
 
    If the server doesn't know the answer to a question, it will
 query other name servers. query-source specifies
 the address and port used for such queries. For queries sent over
 IPv6, there is a separate query-source-v6 option.
-If address is * or is omitted,
+If address is * (asterisk) or is omitted,
 a wildcard IP address (INADDR_ANY) will be used.
 If port is * or is omitted,
-a random unprivileged port will be used, avoid-v4-udp-ports
-and avoid-v6-udp-ports can be used to prevent named
-from selecting certain ports. The defaults are
    
+a random unprivileged port will be used. The avoid-v4-udp-ports
+and avoid-v6-udp-ports options can be used to prevent named
+from selecting certain ports. The defaults are:
    
 
    query-source address * port *;
 query-source-v6 address * port *;
 
    
@@ -1885,11 +1891,18 @@ unprivileged port.
    
 
    See also transfer-source and
 notify-source.
    
 
+
    
+
    Note
    
+
    
+	    Solaris 2.5.1 and earlier does not support setting the source
+	    address for TCP sockets.
+	  
    
+
    
 
 
    
 
    
 Zone Transfers
    
-
    BIND has mechanisms in place to facilitate zone transfers
+
    BIND has mechanisms in place to facilitate zone transfers
 and set limits on the amount of load that transfers place on the
 system. The following options apply to zone transfers.
    
 
    
@@ -1949,8 +1962,9 @@ resource record transferred.
 many-answers packs as many resource records as
 possible into a message. many-answers is more
 efficient, but is only supported by relatively new slave servers,
-such as BIND 9, BIND 8.x and patched
-versions of BIND 4.9.5. The default is
+such as BIND 9, BIND 8.x and patched
+versions of BIND 4.9.5. The many-answers
+format is also supported by recent Microsoft Windows nameservers. The default is
 many-answers. transfer-format
 may be overridden on a per-server basis by using the
 server statement.
@@ -2001,7 +2015,7 @@ except zone transfers are performed using IPv6.
    
 
    
 
    Note
    
 		  If you do not wish the alternate transfer source
-		  to be used you should set
+		  to be used, you should set
 		  use-alt-transfer-source
 		  appropriately and you should not depend upon
 		  getting a answer back to the first refresh
@@ -2017,15 +2031,24 @@ except zone transfers are performed using IPv6.
    
 specified this defaults to no otherwise it defaults to
 yes (for BIND 8 compatibility).
    
 
    notify-source
    
-
    notify-source determines
+
    
+
    notify-source determines
 which local source address, and optionally UDP port, will be used to
 send NOTIFY messages.
 This address must appear in the slave server's masters
 zone clause or in an allow-notify clause.
 This statement sets the notify-source for all zones,
-but can be overridden on a per-zone / per-view basis by including a
+but can be overridden on a per-zone or per-view basis by including a
 notify-source statement within the zone
-or view block in the configuration file.
    
+or view block in the configuration file.
    
+
    
+
    Note
    
+
    
+                   Solaris 2.5.1 and earlier does not support setting the
+                   source address for TCP sockets.
+                 
    
+
    
+
 
    notify-source-v6
    
 
    Like notify-source,
 but applies to notify messages sent to IPv6 addresses.
    
@@ -2033,7 +2056,7 @@ but applies to notify messages sent to IPv6 addresses.
    
 
    
 
    
 
    
-Bad UDP Port Lists
    
+Bad UDP Port Lists
    
 
    
 avoid-v4-udp-ports and avoid-v6-udp-ports
 specify a list of IPv4 and IPv6 UDP ports that will not be used as system
@@ -2046,15 +2069,15 @@ to query again.
 
 
    
 
    
-Operating System Resource Limits
    
+Operating System Resource Limits
    
 
    The server's usage of many system resources can be limited.
 Scaled values are allowed when specifying resource limits.  For
 example, 1G can be used instead of
 1073741824 to specify a limit of one
 gigabyte. unlimited requests unlimited use, or the
 maximum available amount. default uses the limit
-that was in force when the server was started. See the description of
-size_spec in the section called “Configuration File Elements”.
    
+that was in force when the server was started. See the description
+of size_spec in the section called “Configuration File Elements”.
    
 
    The following options set operating system resource limits for
 the name server process.  Some operating systems don't support some or
 any of the limits. On such systems, a warning will be issued if the
@@ -2090,7 +2113,7 @@ may use. The default is default.
    
 
 
    
 
    
-Server  Resource Limits
    
+Server  Resource Limits
    
 
    The following options set limits on the server's
 resource consumption that are enforced internally by the
 server rather than the operating system.
    
@@ -2103,12 +2126,12 @@ function in BIND 8.
 
    
 
    max-journal-size
    
 
    Sets a maximum size for each journal file
-(the section called “The journal file”).  When the journal file approaches
+(see the section called “The journal file”).  When the journal file approaches
 the specified size, some of the oldest transactions in the journal
 will be automatically removed.  The default is
 unlimited.
    
 
    host-statistics-max
    
-
    In BIND 8, specifies the maximum number of host statistic
+
    In BIND 8, specifies the maximum number of host statistics
 entries to be kept.
 Not implemented in BIND 9.
 
    
@@ -2144,13 +2167,13 @@ silently raised.
 
 
    
 
    
-Periodic Task Intervals
    
+Periodic Task Intervals
    
 
    
 
    cleaning-interval
    
 
    The server will remove expired resource records
 from the cache every cleaning-interval minutes.
 The default is 60 minutes.  The maximum value is 28 days (40320 minutes).
-If set to 0, no  periodic cleaning will occur.
    
+If set to 0, no periodic cleaning will occur.
    
 
    heartbeat-interval
    
 
    The server will perform zone maintenance tasks
 for all zones marked as dialup whenever this
@@ -2175,7 +2198,7 @@ every statistics-interval minutes.
 If set to 0, no statistics will be logged.
    
 
    
 
    Note
    
-
    Not yet implemented in BIND9.
    
+
    Not yet implemented in BIND9.
    
 
    
 
    
 
    
@@ -2210,7 +2233,7 @@ is preferred least of all.
    
 
    
 
    Note
    
 
    The topology option
-is not implemented in BIND 9.
+is not implemented in BIND 9.
 
    
 
    
 
@@ -2226,7 +2249,7 @@ statement in th
 The client resolver code should rearrange the RRs as appropriate,
 that is, using any addresses on the local net in preference to other addresses.
 However, not all resolvers can do this or are correctly configured.
-When a client is using a local server the sorting can be performed
+When a client is using a local server, the sorting can be performed
 in the server, based on the client's address. This only requires
 configuring the name servers, not all the clients.
    
 
    The sortlist statement (see below) takes
@@ -2279,7 +2302,7 @@ their directly connected networks.
    
 };
    
 
    The following example will give reasonable behavior for the
 local host and hosts on directly connected networks. It is similar
-to the behavior of the address sort in BIND 4.9.x. Responses sent
+to the behavior of the address sort in BIND 4.9.x. Responses sent
 to queries from the local host will favor any of the directly connected
 networks. Responses sent to queries from any other hosts on a directly
 connected network will prefer addresses on that same network. Responses
@@ -2306,7 +2329,7 @@ See also the sortlist statement,

    If no class is specified, the default is ANY. If no type is specified, the default is ANY. -If no name is specified, the default is "*".

    +If no name is specified, the default is "*" (asterisk).

    The legal values for ordering are:

    @@ -2344,7 +2367,7 @@ they are not combined — the last one applies.

    Note

    The rrset-order statement -is not yet fully implemented in BIND 9. +is not yet fully implemented in BIND 9. BIND 9 currently does not support "fixed" ordering.

    @@ -2357,10 +2380,10 @@ BIND 9 currently does not support "fixed" ordering.

    Sets the number of seconds to cache a lame server indication. 0 disables caching. (This is NOT recommended.) -Default is 600 (10 minutes). Maximum value is +The default is 600 (10 minutes) and the maximum value is 1800 (30 minutes).

    max-ncache-ttl
    -

    To reduce network traffic and increase performance +

    To reduce network traffic and increase performance, the server stores negative answers. max-ncache-ttl is used to set a maximum retention time for these answers in the server in seconds. The default @@ -2368,17 +2391,17 @@ in seconds. The default max-ncache-ttl cannot exceed 7 days and will be silently truncated to 7 days if set to a greater value.

    max-cache-ttl
    -

    max-cache-ttl sets +

    Sets the maximum time for which the server will cache ordinary (positive) answers. The default is one week (7 days).

    min-roots

    The minimum number of root servers that -is required for a request for the root servers to be accepted. Default +is required for a request for the root servers to be accepted. The default is 2.

    Note

    -

    Not implemented in BIND9.

    +

    Not implemented in BIND 9.

    sig-validity-interval
    @@ -2410,9 +2433,9 @@ and clamp the SOA refresh and retry times to the specified values.
    edns-udp-size

    edns-udp-size sets the advertised EDNS UDP buffer -size. Valid values are 512 to 4096 (values outside this range will be +size in bytes. Valid values are 512 to 4096 bytes (values outside this range will be silently adjusted). The default value is 4096. The usual reason for -setting edns-udp-size to a non default value it to get UDP answers to +setting edns-udp-size to a non-default value it to get UDP answers to pass through broken firewalls that block fragmented packets and/or block UDP packets that are greater than 512 bytes.

    @@ -2446,7 +2469,7 @@ disables processing of the queries.

    the name hostname.bind with type TXT, class CHAOS. This defaults to the hostname of the machine hosting the name server as -found by gethostname(). The primary purpose of such queries is to +found by the gethostname() function. The primary purpose of such queries is to identify which of a group of anycast servers is actually answering your queries. Specifying hostname none; disables processing of the queries.

    @@ -2459,7 +2482,7 @@ identify which of a group of anycast servers is actually answering your queries. Specifying server-id none; disables processing of the queries. Specifying server-id hostname; will cause named to -use the hostname as found by gethostname(). +use the hostname as found by the gethostname() function. The default server-id is none.

    @@ -2467,20 +2490,29 @@ The default server-id is

    The Statistics File

    -

    The statistics file generated by BIND 9 +

    The statistics file generated by BIND 9 is similar, but not identical, to that -generated by BIND 8. +generated by BIND 8.

    -

    The statistics dump begins with the line +++ Statistics Dump -+++ (973798949), where the number in parentheses is a standard +

    The statistics dump begins with a line, like:

    +

    + +++ Statistics Dump +++ (973798949) +

    +

    The numberr in parentheses is a standard Unix-style timestamp, measured as seconds since January 1, 1970. Following that line are a series of lines containing a counter type, the value of the counter, optionally a zone name, and optionally a view name. The lines without view and zone listed are global statistics for the entire server. Lines with a zone and view name for the given view and zone (the view name is -omitted for the default view). The statistics dump ends -with the line --- Statistics Dump --- (973798949), where the -number is identical to the number in the beginning line.

    +omitted for the default view). +

    +

    +The statistics dump ends with the line where the +number is identical to the number in the beginning line; for example: +

    +

    +--- Statistics Dump --- (973798949) +

    The following statistics counters are maintained:

    @@ -2596,8 +2628,8 @@ default is yes.

    The server supports two zone transfer methods. The first, one-answer, uses one DNS message per resource record transferred. many-answers packs as many resource records as possible into a message. many-answers is -more efficient, but is only known to be understood by BIND 9, BIND -8.x, and patched versions of BIND 4.9.5. You can specify which method +more efficient, but is only known to be understood by BIND 9, BIND +8.x, and patched versions of BIND 4.9.5. You can specify which method to use for a server with the transfer-format option. If transfer-format is not specified, the transfer-format specified by the options statement will be used.

    @@ -2623,14 +2655,14 @@ For an IPv4 remote server, only transfer-sourcetransfer-source-v6 can be specified. -Form more details, see the description of +For more details, see the description of transfer-source and transfer-source-v6 in the section called “Zone Transfers”.

    -trusted-keys Statement Grammar

    +trusted-keys Statement Grammar
    trusted-keys {
     string number number number string ;
     [ string number number number string ; [...]]
@@ -2639,19 +2671,33 @@ Form more details, see the description of
 
 
    
 
    
-trusted-keys Statement Definition
-and Usage
    
-
    The trusted-keys statement defines DNSSEC
-security roots. DNSSEC is described in the section called “DNSSEC”. A security root is defined when the public key for a non-authoritative
-zone is known, but cannot be securely obtained through DNS, either
-because it is the  DNS root zone or because its parent zone is unsigned.
-Once a key has been configured as a trusted key, it is treated as
-if it had been validated and proven secure. The resolver attempts
-DNSSEC validation on all DNS data in subdomains of a security root.
    
-
    The trusted-keys statement can contain
-multiple key entries, each consisting of the key's domain name,
-flags, protocol, algorithm, and the base-64 representation of the
-key data.
    
+trusted-keys Statement Definition
+	    and Usage
    
+
    
+	    The trusted-keys statement defines
+	    DNSSEC security roots. DNSSEC is described in the section called “DNSSEC”. A security root is defined when the
+	    public key for a non-authoritative zone is known, but
+	    cannot be securely obtained through DNS, either because
+	    it is the DNS root zone or because its parent zone is
+	    unsigned.  Once a key has been configured as a trusted
+	    key, it is treated as if it had been validated and
+	    proven secure. The resolver attempts DNSSEC validation
+	    on all DNS data in subdomains of a security root.
+  	  
    
+
    
+	    All keys (and corresponding zones) listed in
+	    trusted-keys are deemed to exist regardless
+	    of what parent zones say.  Similarly for all keys listed in
+	    trusted-keys only those keys are
+	    used to validate the DNSKEY RRset.  The parent's DS RRset
+	    will not be used.
+  	  
    
+
    
+	    The trusted-keys statement can contain
+	    multiple key entries, each consisting of the key's
+	    domain name, flags, protocol, algorithm, and the Base-64
+	    representation of the key data.
+	  
    
 
 
    
 
    
@@ -2668,9 +2714,9 @@ key data.
    
 
    
 
    
 
    
-view Statement Definition and Usage
    
+view Statement Definition and Usage
    
 
    The view statement is a powerful new feature
-of BIND 9 that lets a name server answer a DNS query differently
+of BIND 9 that lets a name server answer a DNS query differently
 depending on who is asking. It is particularly useful for implementing
 split DNS setups without having to run multiple servers.
    
 
    Each view statement defines a view of the
@@ -2714,7 +2760,7 @@ apply to the default view. If any explicit viewzone statements must
 occur inside view statements.
    
 
    Here is an example of a typical split DNS setup implemented
-using view statements.
    
+using view statements:
    
 
    view "internal" {
       // This should match our internal networks.
       match-clients { 10.0.0.0/8; };
@@ -2750,18 +2796,47 @@ view "external" {
 
    
 zone
 Statement Grammar
    
-
    zone zone_name [class] [{ 
-    type ( master | slave | hint | stub | forward | delegation-only ) ;
-    [ allow-notify { address_match_list } ; ]
+
    zone zone_name [class] { 
+    type master;
     [ allow-query { address_match_list } ; ]
     [ allow-transfer { address_match_list } ; ]
     [ allow-update { address_match_list } ; ]
     [ update-policy { update_policy_rule [...] } ; ]
+    [ also-notify { ip_addr [port ip_port] ; [ ip_addr [port ip_port] ; ... ] }; ]
+    [ check-names (warn|fail|ignore) ; ]
+    [ dialup dialup_option ; ]
+    [ file string ; ]
+    [ forward (only|first) ; ]
+    [ forwarders { [ ip_addr [port ip_port] ; ... ] }; ]
+    [ ixfr-base string ; ]
+    [ ixfr-tmp-file string ; ]
+    [ maintain-ixfr-base yes_or_no ; ]
+    [ max-ixfr-log-size number ; ]
+    [ max-transfer-idle-out number ; ]
+    [ max-transfer-time-out number ; ]
+    [ notify yes_or_no | explicit ; ]
+    [ pubkey number number number string ; ]
+    [ notify-source (ip4_addr | *) [port ip_port] ; ]
+    [ notify-source-v6 (ip6_addr | *) [port ip_port] ; ]
+    [ zone-statistics yes_or_no ; ]
+    [ sig-validity-interval number ; ]
+    [ database string ; ]
+    [ min-refresh-time number ; ]
+    [ max-refresh-time number ; ]
+    [ min-retry-time number ; ]
+    [ max-retry-time number ; ]
+    [ key-directory path_name; ]
+};
+
+zone zone_name [class] { 
+    type slave;
+    [ allow-notify { address_match_list } ; ]
+    [ allow-query { address_match_list } ; ]
+    [ allow-transfer { address_match_list } ; ]
     [ allow-update-forwarding { address_match_list } ; ]
     [ also-notify { ip_addr [port ip_port] ; [ ip_addr [port ip_port] ; ... ] }; ]
     [ check-names (warn|fail|ignore) ; ]
     [ dialup dialup_option ; ]
-    [ delegation-only yes_or_no ; ]
     [ file string ; ]
     [ forward (only|first) ; ]
     [ forwarders { [ ip_addr [port ip_port] ; ... ] }; ]
@@ -2784,6 +2859,40 @@ Statement Grammar
    
     [ notify-source (ip4_addr | *) [port ip_port] ; ]
     [ notify-source-v6 (ip6_addr | *) [port ip_port] ; ]
     [ zone-statistics yes_or_no ; ]
+    [ database string ; ]
+    [ min-refresh-time number ; ]
+    [ max-refresh-time number ; ]
+    [ min-retry-time number ; ]
+    [ max-retry-time number ; ]
+    [ multi-master yes_or_no ; ]
+};
+
+zone zone_name [class] { 
+    type hint;
+    [ file string ; ]
+    [ delegation-only yes_or_no ; ]
+    [ check-names (warn|fail|ignore) ; // Not Implemented. ]
+};
+
+zone zone_name [class] { 
+    type stub;
+    [ allow-query { address_match_list } ; ]
+    [ check-names (warn|fail|ignore) ; ]
+    [ dialup dialup_option ; ]
+    [ delegation-only yes_or_no ; ]
+    [ file string ; ]
+    [ forward (only|first) ; ]
+    [ forwarders { [ ip_addr [port ip_port] ; ... ] }; ]
+    [ masters [port ip_port] { ( masters_list | ip_addr [port ip_port] [key key] ) ; [...] } ; ]
+    [ max-transfer-idle-in number ; ]
+    [ max-transfer-time-in number ; ]
+    [ pubkey number number number string ; ]
+    [ transfer-source (ip4_addr | *) [port ip_port] ; ]
+    [ transfer-source-v6 (ip6_addr | *) [port ip_port] ; ]
+    [ alt-transfer-source (ip4_addr | *) [port ip_port] ; ]
+    [ alt-transfer-source-v6 (ip6_addr | *) [port ip_port] ; ]
+    [ use-alt-transfer-source yes_or_no; ]
+    [ zone-statistics yes_or_no ; ]
     [ sig-validity-interval number ; ]
     [ database string ; ]
     [ min-refresh-time number ; ]
@@ -2791,17 +2900,26 @@ Statement Grammar
     [ min-retry-time number ; ]
     [ max-retry-time number ; ]
     [ multi-master yes_or_no ; ]
-    [ key-directory path_name; ]
+};
 
-}];
+zone zone_name [class] { 
+    type forward;
+    [ forward (only|first) ; ]
+    [ forwarders { [ ip_addr [port ip_port] ; ... ] }; ]
+    [ delegation-only yes_or_no ; ]
+};
+
+zone zone_name [class] { 
+    type delegation-only;
+};

    -zone Statement Definition and Usage

    +zone Statement Definition and Usage

    -Zone Types

    +Zone Types
    @@ -2827,10 +2945,10 @@ Authentication to the master can also be done with per-server TSIG keys. If a file is specified, then the replica will be written to this file whenever the zone is changed, and reloaded from this file on a server restart. Use of a file is -recommended, since it often speeds server start-up and eliminates +recommended, since it often speeds server startup and eliminates a needless waste of bandwidth. Note that for large numbers (in the tens or hundreds of thousands) of zones per server, it is best to -use a two level naming scheme for zone file names. For example, +use a two-level naming scheme for zone file names. For example, a slave server for the zone example.com might place the zone contents into a file called ex/example.com where ex/ is @@ -2844,7 +2962,7 @@ a single directory.)

    A stub zone is similar to a slave zone, except that it replicates only the NS records of a master zone instead of the entire zone. Stub zones are not a standard part of the DNS; -they are a feature specific to the BIND implementation. +they are a feature specific to the BIND implementation.

    Stub zones can be used to eliminate the need for glue NS record @@ -2852,12 +2970,12 @@ in a parent zone at the expense of maintaining a stub zone entry and a set of name server addresses in named.conf. This usage is not recommended for new configurations, and BIND 9 supports it only in a limited way. -In BIND 4/8, zone transfers of a parent zone +In BIND 4/8, zone transfers of a parent zone included the NS records from stub children of that zone. This meant that, in some cases, users could get away with configuring child stubs -only in the master server for the parent zone. BIND +only in the master server for the parent zone. BIND 9 never mixes together zone data from different zones in this -way. Therefore, if a BIND 9 master serving a parent +way. Therefore, if a BIND 9 master serving a parent zone has child stub zones configured, all the slave servers for the parent zone also need to have the same child stub zones configured.

    @@ -2865,7 +2983,7 @@ configured.

    Stub zones can also be used as a way of forcing the resolution of a given domain to use a particular set of authoritative servers. For example, the caching name servers on a private network using -RFC1981 addressing may be configured with stub zones for +RFC1918 addressing may be configured with stub zones for 10.in-addr.arpa to use a set of internal name servers as the authoritative servers for that domain.

    @@ -2883,8 +3001,8 @@ an empty list for forwarders is gi forwarding will be done for the domain, canceling the effects of any forwarders in the options statement. Thus if you want to use this type of zone to change the behavior of the -global forward option (that is, "forward first -to", then "forward only", or vice versa, but want to use the same +global forward option (that is, "forward first" +to, then "forward only", or vice versa, but want to use the same servers as set globally) you need to re-specify the global forwarders.

    @@ -2900,11 +3018,11 @@ Classes other than IN have no built-in defaults hints.

     @@ -2914,7 +3032,7 @@ from forwarders.

    -Class

    +Class

    The zone's name may optionally be followed by a class. If a class is not specified, class IN (for Internet), is assumed. This is correct for the vast majority of cases.

    @@ -2929,14 +3047,14 @@ in the mid-1970s. Zone data for it can be specified with the

    -Zone Options

    +Zone Options
    allow-notify

    See the description of -allow-notify in the section called “Access Control”

    +allow-notify in the section called “Access Control”.

    allow-query

    See the description of -allow-query in the section called “Access Control”

    +allow-query in the section called “Access Control”.

    allow-transfer

    See the description of allow-transfer in the section called “Access Control”.

    @@ -2990,7 +3108,7 @@ with the distribution but none are linked in by default.

    dialup in the section called “Boolean Options”.

    delegation-only

    The flag only applies to hint and stub zones. If set -to yes then the zone will also be treated as if it +to yes, then the zone will also be treated as if it is also a delegation-only type zone.

    forward
    @@ -3001,16 +3119,16 @@ allow a normal lookup to be tried.

    forwarders

    Used to override the list of global forwarders. If it is not specified in a zone of type forward, -no forwarding is done for the zone; the global options are not used.

    +no forwarding is done for the zone and the global options are not used.

    ixfr-base
    -

    Was used in BIND 8 to specify the name +

    Was used in BIND 8 to specify the name of the transaction log (journal) file for dynamic update and IXFR. -BIND 9 ignores the option and constructs the name of the journal +BIND 9 ignores the option and constructs the name of the journal file by appending ".jnl" to the name of the zone file.

    ixfr-tmp-file
    -

    Was an undocumented option in BIND 8. -Ignored in BIND 9.

    +

    Was an undocumented option in BIND 8. +Ignored in BIND 9.

    max-transfer-time-in

    See the description of max-transfer-time-in in the section called “Zone Transfers”.

    @@ -3027,9 +3145,9 @@ Ignored in BIND 9.

    See the description of notify in the section called “Boolean Options”.

    pubkey
    -

    In BIND 8, this option was intended for specifying +

    In BIND 8, this option was intended for specifying a public zone key for verification of signatures in DNSSEC signed -zones when they are loaded from disk. BIND 9 does not verify signatures +zones when they are loaded from disk. BIND 9 does not verify signatures on load and ignores the option.

    zone-statistics

    If yes, the server will keep statistical @@ -3040,23 +3158,23 @@ information for this zone, which can be dumped to the sig-validity-interval in the section called “Tuning”.

    transfer-source

    See the description of -transfer-source in the section called “Zone Transfers” +transfer-source in the section called “Zone Transfers”.

    transfer-source-v6

    See the description of -transfer-source-v6 in the section called “Zone Transfers” +transfer-source-v6 in the section called “Zone Transfers”.

    alt-transfer-source

    See the description of -alt-transfer-source in the section called “Zone Transfers” +alt-transfer-source in the section called “Zone Transfers”.

    alt-transfer-source-v6

    See the description of -alt-transfer-source-v6 in the section called “Zone Transfers” +alt-transfer-source-v6 in the section called “Zone Transfers”.

    use-alt-transfer-source

    See the description of -use-alt-transfer-source in the section called “Zone Transfers” +use-alt-transfer-source in the section called “Zone Transfers”.

    notify-source

    See the description of @@ -3077,7 +3195,7 @@ See the description in the sect ixfr-from-differences in the section called “Boolean Options”.

    key-directory

    See the description of -key-directory in the section called “options Statement Definition and Usage”

    +key-directory in the section called “options Statement Definition and Usage”.

    multi-master

    See the description of multi-master in the section called “Boolean Options”.

    @@ -3086,14 +3204,14 @@ See the description in the sect

    Dynamic Update Policies

    -

    BIND 9 supports two alternative methods of granting clients +

    BIND 9 supports two alternative methods of granting clients the right to perform dynamic updates to a zone, configured by the allow-update and update-policy option, respectively.

    The allow-update clause works the same -way as in previous versions of BIND. It grants given clients the +way as in previous versions of BIND. It grants given clients the permission to update any record of any name in the zone.

    -

    The update-policy clause is new in BIND +

    The update-policy clause is new in BIND 9 and allows more fine-grained control over what updates are allowed. A set of rules is specified, where each rule either grants or denies permissions for one or more names to be updated by one or more identities. @@ -3177,7 +3295,7 @@ name, the rules are checked for each existing record type.

    -Zone File

    +Zone File

    Types of Resource Records and When to Use Them

    @@ -3187,7 +3305,7 @@ Since the publication of RFC 1034, several new RRs have been identified and implemented in the DNS. These are also included.

    -Resource Records

    +Resource Records

    A domain name identifies a node. Each node has a set of resource information, which may be empty. The set of resource information associated with a particular name is composed of @@ -3209,19 +3327,19 @@ and implemented in the DNS. These are also included.

     - - - @@ -3313,7 +3431,7 @@ Experimental.

     @@ -3446,7 +3564,7 @@ used as "pointers" to other data in the DNS.

    -Textual expression of RRs

    +Textual expression of RRs

    RRs are represented in binary form in the packets of the DNS protocol, and are usually represented in highly encoded form when stored in a name server or resolver. In the examples provided in @@ -3505,10 +3623,10 @@ knowledge of the typical representation for the data.

    delegation-only

    		 -

    This is used to enforce the delegation only +

    This is used to enforce the delegation-only status of infrastructure zones (e.g. COM, NET, ORG). Any answer that -is received without a explicit or implicit delegation in the authority +is received without an explicit or implicit delegation in the authority section will be treated as NXDOMAIN. This does not apply to the zone -apex. This SHOULD NOT be applied to leaf zones.

    +apex. This should not be applied to leaf zones.

    delegation-only has no effect on answers received from forwarders.

    type

    an encoded 16 bit value that specifies +

    an encoded 16-bit value that specifies the type of the resource record.

    TTL

    the time to live of the RR. This field -is a 32 bit integer in units of seconds, and is primarily used by +

    the time-to-live of the RR. This field +is a 32-bit integer in units of seconds, and is primarily used by resolvers when they cache RRs. The TTL describes how long a RR can be cached before it should be discarded.

    class

    an encoded 16 bit value that identifies +

    an encoded 16-bit value that identifies a protocol family or instance of a protocol.

    MX

    identifies a mail exchange for the domain. -a 16 bit preference value (lower is better) +A 16-bit preference value (lower is better) followed by the host name of the mail exchange. Described in RFC 974, RFC 1035.
    -

    The MX RRs have an RDATA section which consists of a 16 bit +

    The MX RRs have an RDATA section which consists of a 16-bit number followed by a domain name. The address RRs use a standard -IP address format to contain a 32 bit internet address.

    -

    This example shows six RRs, with two RRs at each of three +IP address format to contain a 32-bit internet address.

    +

    The above example shows six RRs, with two RRs at each of three domain names.

    Similarly we might see:

    @@ -3536,7 +3654,7 @@ each of a different class.

    -Discussion of MX Records

    +Discussion of MX Records

    As described above, domain servers store information as a series of resource records, each of which contains a particular piece of information about a given domain name (which is usually, @@ -3613,7 +3731,7 @@ be attempted.

    Setting TTLs

    -

    The time to live of the RR field is a 32 bit integer represented +

    The time-to-live of the RR field is a 32-bit integer represented in units of seconds, and is primarily used by resolvers when they cache RRs. The TTL describes how long a RR can be cached before it should be discarded. The following three types of TTL are currently @@ -3653,7 +3771,7 @@ can be explicitly specified, for example, 1h30m.

    -Inverse Mapping in IPv4

    +Inverse Mapping in IPv4

    Reverse name resolution (that is, translation from IP address to name) is achieved by means of the in-addr.arpa domain and PTR records. Entries in the in-addr.arpa domain are made in @@ -3691,7 +3809,7 @@ that the example is relative to the listed origin.

    -Other Zone File Directives

    +Other Zone File Directives

    The Master File Format was initially defined in RFC 1035 and has subsequently been extended. While the Master File Format itself is class independent all records in a Master File must be of the same @@ -3700,7 +3818,7 @@ class.

    and $TTL.

    -The $ORIGIN Directive

    +The $ORIGIN Directive

    Syntax: $ORIGIN domain-name [ comment]

    $ORIGIN sets the domain name that will @@ -3715,7 +3833,7 @@ WWW CNAME MAIN-SERVER

    -The $INCLUDE Directive

    +The $INCLUDE Directive

    Syntax: $INCLUDE filename [ origin ] [ comment ]

    @@ -3739,7 +3857,7 @@ This could be construed as a deviation from RFC 1035, a feature, or both.

    -The $TTL Directive

    +The $TTL Directive

    Syntax: $TTL default-ttl [ comment ]

    @@ -3750,7 +3868,7 @@ with undefined TTLs. Valid TTLs are of the range 0-2147483647 seconds.

    -BIND Master File Extension: the $GENERATE Directive

    +BIND Master File Extension: the $GENERATE Directive

    Syntax: $GENERATE range lhs [ttl] [class] type rhs [ comment ]

    $GENERATE is used to create a series of resource records that only differ from each other by an iterator. $GENERATE can @@ -3777,14 +3895,15 @@ $GENERATE 1-127 $ CNAME $.0

    -

    range

    This can be one of two forms: start-stop -or start-stop/step. If the first form is used then step is set to +or start-stop/step. If the first form is used, then step is set to 1. All of start, stop and step must be positive.

    lhs

    lhs describes the -owner name of the resource records to be created. Any single $ symbols +owner name of the resource records to be created. Any single +$ (dollar sign) symbols within the lhs side are replaced by the iterator value. To get a $ in the output you need to escape the $ @@ -3793,22 +3912,22 @@ e.g. \$. The { immediately following the $ as ${offset[,width[,base]]}. -e.g. ${-20,3,d} which subtracts 20 from the current value, -prints the result as a decimal in a zero padded field of with 3. Available +For example, ${-20,3,d} which subtracts 20 from the current value, +prints the result as a decimal in a zero-padded field of width 3. Available output forms are decimal (d), octal (o) and hexadecimal (x or X for uppercase). The default modifier is ${0,0,d}. If the lhs is not absolute, the current $ORIGIN is appended to the name.

    -

    For compatibility with earlier versions $$ is still -recognized a indicating a literal $ in the output.

    +

    For compatibility with earlier versions, $$ is still +recognized as indicating a literal $ in the output.

    ttl

    		 -

    ttl specifies the +

    Specifies the ttl of the generated records. If not specified this will be inherited using the normal ttl inheritance rules.

    class and ttl can be @@ -3818,7 +3937,7 @@ recognized a indicating a literal $ in the output.

    class

    		 -

    class specifies the +

    Specifies the class of the generated records. This must match the zone class if it is specified.

    class and ttl can be @@ -3832,12 +3951,12 @@ PTR, CNAME, DNAME, A, AAAA and NS.

    rhs

    rhs is a domain name. It is processed +

    A domain name. It is processed similarly to lhs.
    -

    The $GENERATE directive is a BIND extension +

    The $GENERATE directive is a BIND extension and not part of the standard zone file format.

    BIND 8 does not support the optional TTL and CLASS fields.

    @@ -3854,9 +3973,9 @@ and not part of the standard zone file format.
    Chapter 5. The BIND 9 Lightweight Resolver Chapter 5. The BIND 9 Lightweight Resolver  Home Chapter 7. BIND 9 Security Considerations Chapter 7. BIND 9 Security Considerations
    diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch07.html b/contrib/bind9/doc/arm/Bv9ARM.ch07.html index 86c2b6af064..f4e26f06739 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch07.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch07.html @@ -1,5 +1,5 @@ - + Chapter 7. BIND 9 Security Considerations - + @@ -28,7 +28,7 @@
    - + @@ -41,16 +41,16 @@

    -Chapter 7. BIND 9 Security Considerations

    +Chapter 7. BIND 9 Security Considerations

    Table of Contents

    Access Control Lists
    -
    chroot and setuid (for +
    chroot and setuid (for UNIX servers)
    -
    The chroot Environment
    -
    Using the setuid Function
    +
    The chroot Environment
    +
    Using the setuid Function
    Dynamic Update Security
    @@ -68,13 +68,14 @@ your name server, without cluttering up your config files with huge lists of IP addresses.

    It is a good idea to use ACLs, and to control access to your server. Limiting access to your server by -outside parties can help prevent spoofing and DoS attacks against -your server.

    +outside parties can help prevent spoofing and denial of service (DoS) +attacks against your server.

    Here is an example of how to properly apply ACLs:

     // Set up an ACL named "bogusnets" that will block RFC1918 space,
 // which is commonly used in spoofing attacks.
 acl bogusnets { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; };
+
 // Set up an ACL called our-nets. Replace this with the real IP numbers.
 acl our-nets { x.x.x.x/24; x.x.x.x/21; }; 
 options {
@@ -86,6 +87,7 @@ options {
   blackhole { bogusnets; };
   ...
 };
+
 zone "example.com" {
   type master;
   file "m/example.com";
@@ -100,28 +102,28 @@ see the AUSCERT advisory at

    -chroot and setuid (for +chroot and setuid (for UNIX servers)

    -

    On UNIX servers, it is possible to run BIND in a chrooted environment -(chroot()) by specifying the "-t" -option. This can help improve system security by placing BIND in +

    On UNIX servers, it is possible to run BIND in a chrooted environment +(using the chroot() function) by specifying the "-t" +option. This can help improve system security by placing BIND in a "sandbox", which will limit the damage done if a server is compromised.

    -

    Another useful feature in the UNIX version of BIND is the +

    Another useful feature in the UNIX version of BIND is the ability to run the daemon as an unprivileged user ( -u user ). We suggest running as an unprivileged user when using the chroot feature.

    -

    Here is an example command line to load BIND in a chroot() sandbox, +

    Here is an example command line to load BIND in a chroot sandbox, /var/named, and to run named setuid to user 202:

    /usr/local/bin/named -u 202 -t /var/named

    -The chroot Environment

    -

    In order for a chroot() environment to +The chroot Environment

    +

    In order for a chroot environment to work properly in a particular directory (for example, /var/named), you will need to set up an environment that includes everything -BIND needs to run. -From BIND's point of view, /var/named is +BIND needs to run. +From BIND's point of view, /var/named is the root of the filesystem. You will need to adjust the values of options like like directory and pid-file to account for this. @@ -134,18 +136,18 @@ However, depending on your operating system, you may need to set up things like /dev/zero, /dev/random, -/dev/log, and/or +/dev/log, and /etc/localtime.

    -Using the setuid Function

    +Using the setuid Function

    Prior to running the named daemon, use the touch utility (to change file access and modification times) or the chown utility (to set the user id and/or group id) on files -to which you want BIND +to which you want BIND to write. Note that if the named daemon is running as an unprivileged user, it will not be able to bind to new restricted ports if the server is reloaded.

    @@ -156,7 +158,7 @@ server is reloaded.

    Dynamic Update Security

    Access to the dynamic update facility should be strictly limited. In earlier versions of -BIND the only way to do this was based on the IP +BIND, the only way to do this was based on the IP address of the host requesting the update, by listing an IP address or network prefix in the allow-update zone option. This method is insecure since the source address of the update UDP packet @@ -172,7 +174,7 @@ cryptographically authenticated by means of transaction signatures list only TSIG key names, not IP addresses or network prefixes. Alternatively, the new update-policy option can be used.

    -

    Some sites choose to keep all dynamically updated DNS data +

    Some sites choose to keep all dynamically-updated DNS data in a subdomain and delegate that subdomain to a separate zone. This way, the top-level zone containing critical data such as the IP addresses of public web and mail servers need not allow dynamic update at @@ -190,7 +192,7 @@ all.

    - + diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch08.html b/contrib/bind9/doc/arm/Bv9ARM.ch08.html index 9d486e1bd5b..98dbbedea66 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch08.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch08.html @@ -1,5 +1,5 @@ - +Chapter 8. Troubleshooting - + @@ -45,18 +45,18 @@

    Table of Contents

    -
    Common Problems
    -
    It's not working; how can I figure out what's wrong?
    -
    Incrementing and Changing the Serial Number
    -
    Where Can I Get Help?
    +
    Common Problems
    +
    It's not working; how can I figure out what's wrong?
    +
    Incrementing and Changing the Serial Number
    +
    Where Can I Get Help?

    -Common Problems

    +Common Problems

    -It's not working; how can I figure out what's wrong?

    +It's not working; how can I figure out what's wrong?

    The best solution to solving installation and configuration issues is to take preventative measures by setting up logging files beforehand. The log files provide a @@ -66,7 +66,7 @@

    -Incrementing and Changing the Serial Number

    +Incrementing and Changing the Serial Number

    Zone serial numbers are just numbers-they aren't date related. A lot of people set them to a number that represents a date, usually of the form YYYYMMDDRR. A number of people have been @@ -87,19 +87,19 @@

    -Where Can I Get Help?

    -

    The Internet Software Consortium (ISC) offers a wide range - of support and service agreements for BIND and DHCP servers. Four +Where Can I Get Help?

    +

    The Internet Software Consortium (ISC) offers a wide range + of support and service agreements for BIND and DHCP servers. Four levels of premium support are available and each level includes - support for all ISC programs, significant discounts on products + support for all ISC programs, significant discounts on products and training, and a recognized priority on bug fixes and - non-funded feature requests. In addition, ISC offers a standard + non-funded feature requests. In addition, ISC offers a standard support agreement package which includes services ranging from bug fix announcements to remote support. It also includes training in - BIND and DHCP.

    + BIND and DHCP.

    To discuss arrangements for support, contact info@isc.org or visit the - ISC web page at http://www.isc.org/services/support/ + ISC web page at http://www.isc.org/services/support/ to read more.

    @@ -114,7 +114,7 @@ - + diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch09.html b/contrib/bind9/doc/arm/Bv9ARM.ch09.html index 8c7b2bf4450..ccf9ee111f0 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch09.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch09.html @@ -1,5 +1,5 @@ - +Appendix A. Appendices - + @@ -43,83 +43,86 @@

    Table of Contents

    -
    Acknowledgments
    -
    A Brief History of the DNS and BIND
    -
    General DNS Reference Information
    +
    Acknowledgments
    +
    A Brief History of the DNS and BIND
    +
    General DNS Reference Information
    IPv6 addresses (AAAA)
    Bibliography (and Suggested Reading)
    Request for Comments (RFCs)
    Internet Drafts
    -
    Other Documents About BIND
    +
    Other Documents About BIND

    -Acknowledgments

    +Acknowledgments

    -A Brief History of the DNS and BIND

    +A Brief History of the DNS and BIND

    Although the "official" beginning of the Domain Name System occurred in 1984 with the publication of RFC 920, the core of the new system was described in 1983 in RFCs 882 and 883. From 1984 to 1987, the ARPAnet (the precursor to today's Internet) became a testbed of experimentation for developing the - new naming/addressing scheme in an rapidly expanding, + new naming/addressing scheme in a rapidly expanding, operational network environment. New RFCs were written and published in 1987 that modified the original documents to incorporate improvements based on the working model. RFC 1034, "Domain Names-Concepts and Facilities", and RFC 1035, "Domain Names-Implementation and Specification" were published and - became the standards upon which all DNS implementations are + became the standards upon which all DNS implementations are built.

    The first working domain name server, called "Jeeves", was written in 1983-84 by Paul Mockapetris for operation on DEC Tops-20 machines located at the University of Southern California's Information Sciences Institute (USC-ISI) and SRI International's Network Information -Center (SRI-NIC). A DNS server for Unix machines, the Berkeley Internet -Name Domain (BIND) package, was written soon after by a group of +Center (SRI-NIC). A DNS server for Unix machines, the Berkeley Internet +Name Domain (BIND) package, was written soon after by a group of graduate students at the University of California at Berkeley under a grant from the US Defense Advanced Research Projects Administration -(DARPA). Versions of BIND through 4.8.3 were maintained by the Computer +(DARPA). +

    +

    +Versions of BIND through 4.8.3 were maintained by the Computer Systems Research Group (CSRG) at UC Berkeley. Douglas Terry, Mark -Painter, David Riggle and Songnian Zhou made up the initial BIND +Painter, David Riggle and Songnian Zhou made up the initial BIND project team. After that, additional work on the software package was done by Ralph Campbell. Kevin Dunlap, a Digital Equipment Corporation -employee on loan to the CSRG, worked on BIND for 2 years, from 1985 -to 1987. Many other people also contributed to BIND development +employee on loan to the CSRG, worked on BIND for 2 years, from 1985 +to 1987. Many other people also contributed to BIND development during that time: Doug Kingston, Craig Partridge, Smoot Carl-Mitchell, -Mike Muuss, Jim Bloom and Mike Schwartz. BIND maintenance was subsequently +Mike Muuss, Jim Bloom and Mike Schwartz. BIND maintenance was subsequently handled by Mike Karels and O. Kure.

    -

    BIND versions 4.9 and 4.9.1 were released by Digital Equipment +

    BIND versions 4.9 and 4.9.1 were released by Digital Equipment Corporation (now Compaq Computer Corporation). Paul Vixie, then -a DEC employee, became BIND's primary caretaker. Paul was assisted +a DEC employee, became BIND's primary caretaker. He was assisted by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan Beecher, Andrew Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat Baran, Anant Kumar, Art Harkin, Win Treese, Don Lewis, Christophe Wolfhugel, and others.

    -

    BIND Version 4.9.2 was sponsored by Vixie Enterprises. Paul -Vixie became BIND's principal architect/programmer.

    -

    BIND versions from 4.9.3 onward have been developed and maintained +

    BIND version 4.9.2 was sponsored by Vixie Enterprises. Paul +Vixie became BIND's principal architect/programmer.

    +

    BIND versions from 4.9.3 onward have been developed and maintained by the Internet Software Consortium with support being provided by ISC's sponsors. As co-architects/programmers, Bob Halley and -Paul Vixie released the first production-ready version of BIND version +Paul Vixie released the first production-ready version of BIND version 8 in May 1997.

    -

    BIND development work is made possible today by the sponsorship +

    BIND development work is made possible today by the sponsorship of several corporations, and by the tireless work efforts of numerous individuals.

    -General DNS Reference Information

    +General DNS Reference Information

    IPv6 addresses (AAAA)

    IPv6 addresses are 128-bit identifiers for interfaces and -sets of interfaces which were introduced in the DNS to facilitate +sets of interfaces which were introduced in the DNS to facilitate scalable Internet routing. There are three types of addresses: Unicast, an identifier for a single interface; Anycast, an identifier for a set of interfaces; and Multicast, @@ -248,7 +251,7 @@ of zeros that can fit, and can be used only once in an address.

    Request for Comments (RFCs)

    Specification documents for the Internet protocol suite, including -the DNS, are published as part of the Request for Comments (RFCs) +the DNS, are published as part of the Request for Comments (RFCs) series of technical notes. The standards themselves are defined by the Internet Engineering Task Force (IETF) and the Internet Engineering Steering Group (IESG). RFCs can be obtained online via FTP at @@ -258,23 +261,41 @@ the number of the RFC). RFCs are also available via the Web at

    -Bibliography

    +Bibliography

    Standards

    -

    [RFC974] C. Partridge. Mail Routing and the Domain System. January 1986.

    -

    [RFC1034] P.V. Mockapetris. Domain Names — Concepts and Facilities. November 1987.

    -

    [RFC1035] P. V. Mockapetris. Domain Names — Implementation and -Specification. November 1987.

    +
    +

    [RFC974] C. Partridge. Mail Routing and the Domain System. January 1986.

    +
    +
    +

    [RFC1034] P.V. Mockapetris. Domain Names — Concepts and Facilities. November 1987.

    +
    +
    +

    [RFC1035] P. V. Mockapetris. Domain Names — Implementation and +Specification. November 1987.

    +

    Proposed Standards

    -

    [RFC2181] R., R. Bush Elz. Clarifications to the DNS Specification. July 1997.

    -

    [RFC2308] M. Andrews. Negative Caching of DNS Queries. March 1998.

    -

    [RFC1995] M. Ohta. Incremental Zone Transfer in DNS. August 1996.

    -

    [RFC1996] P. Vixie. A Mechanism for Prompt Notification of Zone Changes. August 1996.

    -

    [RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic Updates in the Domain Name System. April 1997.

    -

    [RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington. Secret Key Transaction Authentication for DNS (TSIG). May 2000.

    +
    +

    [RFC2181] R., R. Bush Elz. Clarifications to the DNS Specification. July 1997.

    +
    +
    +

    [RFC2308] M. Andrews. Negative Caching of DNS Queries. March 1998.

    +
    +
    +

    [RFC1995] M. Ohta. Incremental Zone Transfer in DNS. August 1996.

    +
    +
    +

    [RFC1996] P. Vixie. A Mechanism for Prompt Notification of Zone Changes. August 1996.

    +
    +
    +

    [RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic Updates in the Domain Name System. April 1997.

    +
    +
    +

    [RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington. Secret Key Transaction Authentication for DNS (TSIG). May 2000.

    +

    Proposed Standards Still Under Development

    @@ -283,64 +304,120 @@ Specification. November 1987.

    Note: the following list of RFCs are undergoing major revision by the IETF.

    -

    [RFC1886] S. Thomson and C. Huitema. DNS Extensions to support IP version 6. December 1995.

    -

    [RFC2065] D. Eastlake, 3rd and C. Kaufman. Domain Name System Security Extensions. January 1997.

    -

    [RFC2137] D. Eastlake, 3rd. Secure Domain Name System Dynamic Update. April 1997.

    +
    +

    [RFC1886] S. Thomson and C. Huitema. DNS Extensions to support IP version 6. December 1995.

    +
    +
    +

    [RFC2065] D. Eastlake, 3rd and C. Kaufman. Domain Name System Security Extensions. January 1997.

    +
    +
    +

    [RFC2137] D. Eastlake, 3rd. Secure Domain Name System Dynamic Update. April 1997.

    +
    -

    Other Important RFCs About DNS Implementation

    -

    [RFC1535] E. Gavron. A Security Problem and Proposed Correction With Widely Deployed DNS Software.. October 1993.

    -

    [RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation Errors and Suggested Fixes. October 1993.

    -

    [RFC1982] R. Elz and R. Bush. Serial Number Arithmetic. August 1996.

    +

    Other Important RFCs About DNS Implementation

    +
    +

    [RFC1535] E. Gavron. A Security Problem and Proposed Correction With Widely Deployed DNS Software.. October 1993.

    +
    +
    +

    [RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation Errors and Suggested Fixes. October 1993.

    +
    +
    +

    [RFC1982] R. Elz and R. Bush. Serial Number Arithmetic. August 1996.

    +

    Resource Record Types

    -

    [RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris. New DNS RR Definitions. October 1990.

    -

    [RFC1706] B. Manning and R. Colella. DNS NSAP Resource Records. October 1994.

    -

    [RFC2168] R. Daniel and M. Mealling. Resolution of Uniform Resource Identifiers using -the Domain Name System. June 1997.

    -

    [RFC1876] C. Davis, P. Vixie, T., and I. Dickinson. A Means for Expressing Location Information in the Domain -Name System. January 1996.

    -

    [RFC2052] A. Gulbrandsen and P. Vixie. A DNS RR for Specifying the Location of -Services.. October 1996.

    -

    [RFC2163] A. Allocchio. Using the Internet DNS to Distribute MIXER -Conformant Global Address Mapping. January 1998.

    -

    [RFC2230] R. Atkinson. Key Exchange Delegation Record for the DNS. October 1997.

    +
    +

    [RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris. New DNS RR Definitions. October 1990.

    +
    +
    +

    [RFC1706] B. Manning and R. Colella. DNS NSAP Resource Records. October 1994.

    +
    +
    +

    [RFC2168] R. Daniel and M. Mealling. Resolution of Uniform Resource Identifiers using +the Domain Name System. June 1997.

    +
    +
    +

    [RFC1876] C. Davis, P. Vixie, T., and I. Dickinson. A Means for Expressing Location Information in the Domain +Name System. January 1996.

    +
    +
    +

    [RFC2052] A. Gulbrandsen and P. Vixie. A DNS RR for Specifying the Location of +Services.. October 1996.

    +
    +
    +

    [RFC2163] A. Allocchio. Using the Internet DNS to Distribute MIXER +Conformant Global Address Mapping. January 1998.

    +
    +
    +

    [RFC2230] R. Atkinson. Key Exchange Delegation Record for the DNS. October 1997.

    +

    -DNS and the Internet

    -

    [RFC1101] P. V. Mockapetris. DNS Encoding of Network Names and Other Types. April 1989.

    -

    [RFC1123] Braden. Requirements for Internet Hosts - Application and Support. October 1989.

    -

    [RFC1591] J. Postel. Domain Name System Structure and Delegation. March 1994.

    -

    [RFC2317] H. Eidnes, G. de Groot, and P. Vixie. Classless IN-ADDR.ARPA Delegation. March 1998.

    +DNS and the Internet +
    +

    [RFC1101] P. V. Mockapetris. DNS Encoding of Network Names and Other Types. April 1989.

    +
    +
    +

    [RFC1123] Braden. Requirements for Internet Hosts - Application and Support. October 1989.

    +
    +
    +

    [RFC1591] J. Postel. Domain Name System Structure and Delegation. March 1994.

    +
    +
    +

    [RFC2317] H. Eidnes, G. de Groot, and P. Vixie. Classless IN-ADDR.ARPA Delegation. March 1998.

    +

    -DNS Operations

    -

    [RFC1537] P. Beertema. Common DNS Data File Configuration Errors. October 1993.

    -

    [RFC1912] D. Barr. Common DNS Operational and Configuration Errors. February 1996.

    -

    [RFC2010] B. Manning and P. Vixie. Operational Criteria for Root Name Servers.. October 1996.

    -

    [RFC2219] M. Hamilton and R. Wright. Use of DNS Aliases for Network Services.. October 1997.

    +DNS Operations +
    +

    [RFC1537] P. Beertema. Common DNS Data File Configuration Errors. October 1993.

    +
    +
    +

    [RFC1912] D. Barr. Common DNS Operational and Configuration Errors. February 1996.

    +
    +
    +

    [RFC2010] B. Manning and P. Vixie. Operational Criteria for Root Name Servers.. October 1996.

    +
    +
    +

    [RFC2219] M. Hamilton and R. Wright. Use of DNS Aliases for Network Services.. October 1997.

    +
    -

    Other DNS-related RFCs

    +

    Other DNS-related RFCs

    Note

    Note: the following list of RFCs, although -DNS-related, are not concerned with implementing software.

    +DNS-related, are not concerned with implementing software.

    +
    +
    +

    [RFC1464] R. Rosenbaum. Using the Domain Name System To Store Arbitrary String Attributes. May 1993.

    +
    +
    +

    [RFC1713] A. Romao. Tools for DNS Debugging. November 1994.

    +
    +
    +

    [RFC1794] T. Brisco. DNS Support for Load Balancing. April 1995.

    +
    +
    +

    [RFC2240] O. Vaughan. A Legal Basis for Domain Name Allocation. November 1997.

    +
    +
    +

    [RFC2345] J. Klensin, T. Wolf, and G. Oglesby. Domain Names and Company Name Retrieval. May 1998.

    +
    +
    +

    [RFC2352] O. Vaughan. A Convention For Using Legal Names as Domain Names. May 1998.

    -

    [RFC1464] R. Rosenbaum. Using the Domain Name System To Store Arbitrary String Attributes. May 1993.

    -

    [RFC1713] A. Romao. Tools for DNS Debugging. November 1994.

    -

    [RFC1794] T. Brisco. DNS Support for Load Balancing. April 1995.

    -

    [RFC2240] O. Vaughan. A Legal Basis for Domain Name Allocation. November 1997.

    -

    [RFC2345] J. Klensin, T. Wolf, and G. Oglesby. Domain Names and Company Name Retrieval. May 1998.

    -

    [RFC2352] O. Vaughan. A Convention For Using Legal Names as Domain Names. May 1998.

    Obsolete and Unimplemented Experimental RRs

    -

    [RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. DNS Encoding of Geographical -Location. November 1994.

    +
    +

    [RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. DNS Encoding of Geographical +Location. November 1994.

    +
    @@ -358,12 +435,14 @@ after which they are deleted unless updated by their authors.

    -Other Documents About BIND

    +Other Documents About BIND

    -Bibliography

    -

    Paul Albitz and Cricket Liu. DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates.

    +Bibliography
    +
    +

    Paul Albitz and Cricket Liu. DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates.

    +
    diff --git a/contrib/bind9/doc/arm/Bv9ARM.html b/contrib/bind9/doc/arm/Bv9ARM.html index 71ec32992eb..6c62d12533e 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.html +++ b/contrib/bind9/doc/arm/Bv9ARM.html @@ -1,5 +1,5 @@ - +BIND 9 Administrator Reference Manual - + @@ -40,8 +40,8 @@

    -BIND 9 Administrator Reference Manual

    -

    Copyright © 2004, 2005 Internet Systems Consortium, Inc. ("ISC")

    +BIND 9 Administrator Reference Manual
    +

    Copyright © 2004-2006 Internet Systems Consortium, Inc. ("ISC")

    Copyright © 2000-2003 Internet Software Consortium.

    @@ -51,39 +51,39 @@
    1. Introduction
    -
    Scope of Document
    -
    Organization of This Document
    -
    Conventions Used in This Document
    -
    The Domain Name System (DNS)
    +
    Scope of Document
    +
    Organization of This Document
    +
    Conventions Used in This Document
    +
    The Domain Name System (DNS)
    -
    DNS Fundamentals
    -
    Domains and Domain Names
    -
    Zones
    -
    Authoritative Name Servers
    -
    Caching Name Servers
    -
    Name Servers in Multiple Roles
    +
    DNS Fundamentals
    +
    Domains and Domain Names
    +
    Zones
    +
    Authoritative Name Servers
    +
    Caching Name Servers
    +
    Name Servers in Multiple Roles
    -
    2. BIND Resource Requirements
    +
    2. BIND Resource Requirements
    -
    Hardware requirements
    -
    CPU Requirements
    -
    Memory Requirements
    -
    Name Server Intensive Environment Issues
    -
    Supported Operating Systems
    +
    Hardware requirements
    +
    CPU Requirements
    +
    Memory Requirements
    +
    Name Server Intensive Environment Issues
    +
    Supported Operating Systems
    3. Name Server Configuration
    Sample Configurations
    -
    A Caching-only Name Server
    -
    An Authoritative-only Name Server
    +
    A Caching-only Name Server
    +
    An Authoritative-only Name Server
    -
    Load Balancing
    -
    Name Server Operations
    +
    Load Balancing
    +
    Name Server Operations
    -
    Tools for Use With the Name Server Daemon
    -
    Signals
    +
    Tools for Use With the Name Server Daemon
    +
    Signals
    4. Advanced DNS Features
    @@ -92,111 +92,111 @@
    Dynamic Update
    The journal file
    Incremental Zone Transfers (IXFR)
    -
    Split DNS
    +
    Split DNS
    TSIG
    -
    Generate Shared Keys for Each Pair of Hosts
    -
    Copying the Shared Secret to Both Machines
    -
    Informing the Servers of the Key's Existence
    -
    Instructing the Server to Use the Key
    -
    TSIG Key Based Access Control
    -
    Errors
    +
    Generate Shared Keys for Each Pair of Hosts
    +
    Copying the Shared Secret to Both Machines
    +
    Informing the Servers of the Key's Existence
    +
    Instructing the Server to Use the Key
    +
    TSIG Key Based Access Control
    +
    Errors
    -
    TKEY
    -
    SIG(0)
    +
    TKEY
    +
    SIG(0)
    DNSSEC
    -
    Generating Keys
    -
    Signing the Zone
    -
    Configuring Servers
    +
    Generating Keys
    +
    Signing the Zone
    +
    Configuring Servers
    -
    IPv6 Support in BIND 9
    +
    IPv6 Support in BIND 9
    -
    Address Lookups Using AAAA Records
    -
    Address to Name Lookups Using Nibble Format
    +
    Address Lookups Using AAAA Records
    +
    Address to Name Lookups Using Nibble Format
    -
    5. The BIND 9 Lightweight Resolver
    +
    5. The BIND 9 Lightweight Resolver
    -
    The Lightweight Resolver Library
    +
    The Lightweight Resolver Library
    Running a Resolver Daemon
    -
    6. BIND 9 Configuration Reference
    +
    6. BIND 9 Configuration Reference
    Configuration File Elements
    Address Match Lists
    -
    Comment Syntax
    +
    Comment Syntax
    Configuration File Grammar
    -
    acl Statement Grammar
    +
    acl Statement Grammar
    acl Statement Definition and Usage
    -
    controls Statement Grammar
    +
    controls Statement Grammar
    controls Statement Definition and Usage
    -
    include Statement Grammar
    -
    include Statement Definition and Usage
    -
    key Statement Grammar
    -
    key Statement Definition and Usage
    -
    logging Statement Grammar
    -
    logging Statement Definition and Usage
    -
    lwres Statement Grammar
    -
    lwres Statement Definition and Usage
    -
    masters Statement Grammar
    -
    masters Statement Definition and Usage
    -
    options Statement Grammar
    +
    include Statement Grammar
    +
    include Statement Definition and Usage
    +
    key Statement Grammar
    +
    key Statement Definition and Usage
    +
    logging Statement Grammar
    +
    logging Statement Definition and Usage
    +
    lwres Statement Grammar
    +
    lwres Statement Definition and Usage
    +
    masters Statement Grammar
    +
    masters Statement Definition and Usage
    +
    options Statement Grammar
    options Statement Definition and Usage
    server Statement Grammar
    server Statement Definition and Usage
    -
    trusted-keys Statement Grammar
    -
    trusted-keys Statement Definition -and Usage
    +
    trusted-keys Statement Grammar
    +
    trusted-keys Statement Definition + and Usage
    view Statement Grammar
    -
    view Statement Definition and Usage
    +
    view Statement Definition and Usage
    zone Statement Grammar
    -
    zone Statement Definition and Usage
    +
    zone Statement Definition and Usage
    -
    Zone File
    +
    Zone File
    Types of Resource Records and When to Use Them
    -
    Discussion of MX Records
    +
    Discussion of MX Records
    Setting TTLs
    -
    Inverse Mapping in IPv4
    -
    Other Zone File Directives
    -
    BIND Master File Extension: the $GENERATE Directive
    +
    Inverse Mapping in IPv4
    +
    Other Zone File Directives
    +
    BIND Master File Extension: the $GENERATE Directive
    -
    7. BIND 9 Security Considerations
    +
    7. BIND 9 Security Considerations
    Access Control Lists
    -
    chroot and setuid (for +
    chroot and setuid (for UNIX servers)
    -
    The chroot Environment
    -
    Using the setuid Function
    +
    The chroot Environment
    +
    Using the setuid Function
    Dynamic Update Security
    8. Troubleshooting
    -
    Common Problems
    -
    It's not working; how can I figure out what's wrong?
    -
    Incrementing and Changing the Serial Number
    -
    Where Can I Get Help?
    +
    Common Problems
    +
    It's not working; how can I figure out what's wrong?
    +
    Incrementing and Changing the Serial Number
    +
    Where Can I Get Help?
    A. Appendices
    -
    Acknowledgments
    -
    A Brief History of the DNS and BIND
    -
    General DNS Reference Information
    +
    Acknowledgments
    +
    A Brief History of the DNS and BIND
    +
    General DNS Reference Information
    IPv6 addresses (AAAA)
    Bibliography (and Suggested Reading)
    Request for Comments (RFCs)
    Internet Drafts
    -
    Other Documents About BIND
    +
    Other Documents About BIND
    diff --git a/contrib/bind9/doc/arm/Bv9ARM.pdf b/contrib/bind9/doc/arm/Bv9ARM.pdf index 6119ca4ce24..cf61e9c81bb 100755 --- a/contrib/bind9/doc/arm/Bv9ARM.pdf +++ b/contrib/bind9/doc/arm/Bv9ARM.pdf @@ -879,13 +879,11 @@ endobj << /S /GoTo /D [590 0 R /FitH ] >> endobj 592 0 obj << -/Length 221 +/Length 223 /Filter /FlateDecode >> stream -xÚOKA Åïû)rlÁ‰“Ý™£¥* -ö s“Öv*…îÖêçw¶[‹ É!$ùñy¾A0ôê¨hž Ömåá­Üî+:3j‚¦"eøãê$ -•ŽC@³ÿÄ~ᤊµ„μa,â>OÕõ2PL¦¶@±f/páÒæe2X.¦ŽÍOâØn6í®Û½ûæxèÇÕsÞæ>wë<ŽOM÷Ñ짫ôX,ˆ0šñÉ‚%(¸ 8 l'‡åá3·¯ù¬¥Wcgïm¨nÓå—ïðÄpˆçßÑ}ÂmR_endstream +xÚÍjÃ0„ï~Š=&PmµÚ][:6$--4‡¢[ÉÁM”ˆp~ž¿rì†B{(:hVû1ƒ†ÀæCà-*ª%…uSXøÌ»§‚FF”Q…9l F/ìÁ8ïQµt?±_8‰`Å>€Q«²yÏbqÿ(¨BG*·@°r–áÆÅÍûdö¼œOS; Ãõ°ivíîxêêÓ¡žÞÒ6u©]§a|­Ûs½Ÿ®âKŽ`  ê®YsÈÚxÁÒ;½F,—Ô|¤ÑÌù»QX[ö&Å"Þ~ó]+öý»¼/g—RÇendstream endobj 590 0 obj << /Type /Page @@ -905,12 +903,11 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 604 0 obj << -/Length 302 +/Length 308 /Filter /FlateDecode >> stream -xÚµ’ÁNÃ0 @ïýŠWiõ;N–+CãºÞ4º±ÃZÔ¡ý= ekCì‚zˆ-?ÙÉ«µÂði%¬'¯œ7 ¨E­v ªM¨Ý%ú‹1 †9$ª»)’„ÈÀ4tR?hÍÈìTæăeâˆßÉdfXyð–¬*ÖJ³ƒxŸU pËкC¿%!šqš‘` ¥‹æU[6UÙvÙâ°oËݾKòºÚ×M»}Ûì -ÒŒ5†y‚K"3_äñ©Žã“Ûâd&Šk­rF‡âåOŸt6Ä/kã|ßõ7ôŸ±÷¨ûú/Ú­×íûS“êé¨R/M/íUwëuûùÒäTŒªK‹áÒ¿ÓV[†´·ÿÞé/6¯žendstream endobj 603 0 obj << /Type /Page @@ -927,17 +924,14 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 611 0 obj << -/Length 2204 +/Length 2200 /Filter /FlateDecode >> stream -xÚÝYKã6¾ûWø¨ÆZ>ÄWn;3›Å‹Yìv9$9¨%¶-Œ,)ztÇùõ[d‘¶lË3ƒ6X4ЦJ,²XõÕWE›® üѵ)á&[+“¥‚P±.ö+²Þ»¿¯h˜“ žŠŒsxXx»\§B3µÞÌyû°úË÷[3’JÉÄúá鸗T:5<3ë‡òçäÝ.ïFÛßm˜ ½ûõáTËR¥uj¶©2D{…ÍØ·åTŒUÛ„é|mR#™Œ³肹nöÃÎÂÒZ:5Û7vħ÷í>¯Ì÷aÎýaíÇ¿AÞ¼‡ê*)Úf¨†qÀ×í~ŽqýáÐŒùïAØYg‹êép1³ý.V±ÍXJURÝѤÁ¡S‚3ºSQš!XôA8 g$qáŒ&9>î*ÛçýÕI±«Š¼Fé>op³Ê’7 àíqoú;LµÛÜ-2 ¶DùSÛã ´µÝæcÕlÃ>Ó¸kûj3(iŸm˜ëvÈ›°RØŠ‚“¼ƒÏNDý‰ª}WÛ=ø!÷qÝ00tÜå.\J$y1Ny]P¾Ï»GÑ•0ÅûD³8;Ųôž°Ã`‡ŒÐ<¨âÔ2sœV qå -,¨ç÷ì!â–ÁÇ­_«:”BôbSHúêqý"b)Nê6̽Uó4Ky&Y@qFR&9bž¦BJI³¸‚|¾o‹Éyn9˜N¥2ódÈhòÖöŸ ¨| -.ƒpŽ(£cžÀØeÄÛ߇”É1hÎ}€£¼œi5ǵÛ{˜¸™[N˜‡YÓþÑ‘?—ûì¬÷ÚfÉËŽLð*]jàŒ>˜ /£_üS‡±{®JÞƒ÷«‡Uí#ô@?¶SPļõ“†@8ŸÕ”8(0¾~b3Ó+ˆš¾æq ‚ÖOóø·áÕÓÔøúrI)uåž™vð>¯JÔEK"K 0$€qÀ7Ø°H|!Z36î¹sîqA"Úל…zî5ï’a<¡ÈÔuû§<–¢! ô{‚.8[W)W*f­wI^vPþªb‡jW® ðÛ·G6…§¼|Î!ëÊãLŸhmèX@|dæ-φR× Ÿ—²9ùºt“@¢4ÖwcêOñݱèb?’Âö£¯·î¡íÜé—ABSÍ%½f™ˆŒ`8_b©JÎØÈ  ®¶»ñźÿ&ˆH93ÙM mýŒm©«ßJ†E1Û¸¦d@¶[—Á‡%3ž]q°SKÁ‡!U‘ NeR]'ˆò°uVô} ¦?a{bøöXú`Œí( é6[bŒçk›m‹)åU¡ØM€‰ )ŒžgL“ãF,8AÆÈEÞ]{ p—eäšAU-9I¦R›X -Îzè°Ÿ-&¸Ð 3*¡ÉõÈs Ť窅p)ÀÕ|ɽd‰NµÒÑ’YZº[EèÆáî²k[Ÿˆ· ®¡ös¼ílÝ9ŒI0&uÚT©’Ƕ<àÈ;Wªà\ÌúHxòÄ$ψɩåÁšKÉgà–¬#PÿÚu¶)+WùO¡Oý²C^’*:à¦ö4Õ8¾F$z‚jà:)Ï=1ëvß8’ÞžÜ< ž+×—/•=à£D°ëmõXWí¶Ï»Ýa©îAÒ -#ˆ|ó@_4ç›Øæ¬ñv¯ñÐdÛ0ß%’›hF±ÓRHAêtKqBwÁ4‚º@…¼H#¼ã]‹ÉC‹ ù³#ܶ ýäC¼ÜUÍ·õšØ;GÝS¯é_BO ‘¾è²}á -D’­m<ìpҡèàíƵáGó¿sV­þöpüöÆHh5]S¡S"¡•+ö«ßV?ÿJÖ劬X‘”-Ö/ðÞ4@ -ûUÆaH„Ž’zu¿úש혵7-@=k…aõùR›x¦ Í$l©éñû¨ 8ó”r“J“…{ŽošÂ%Ö¼+·q&R˜§×ó-¾Íêã’_0›CØieÎÍþéñ&\†ñP_B¸ÎX -ñŠ‡È\:4W› û¿ƒãPé¡Kÿú3E›pbøÏðÓ×›|N®ÁÌmrǯÜÀÇû"ÄÑmÆáFOXm–üøï¼Á™»vg3×êX×.¾8¨H1ºa¾¿ú†Ë}c_l¿?:ÖÛˆžòÛ7Cô¥ç„ZDôÌsßW¿;Ž•@¿/U9înƒ÷Õìý7ú¹èI¾^ÊSÂY„Øx*+À*}¬yÝôüÌ6z5F¼4\·„Ÿ¹ñ3ýää‡oÛº¼ ¥W3ýÿJF¥ÄPó%$­lqú>õ%‘¦ñs šmñZº´úÍ­¾‚Ð-༚¹Ü0÷—¢Ò]!àÁ²ù/W¿2OÁ@¨0_k½ø3aüõoÃEê~L\D‡ äŒdë0ÉE_¹=þàxZ)îö+‘Xendstream +xÚÝYKã6¾ûWø¨ÆZ>ÄWn;3›Å‹Yìv9$9¨%¶-Œ,)ztÇùõ[d‘¶lË3ƒ6X4ЦJUd±ê«E›® üѵ)á&[+“¥‚P±.ö+²Þ»¿¯hÐÉOEÆ9<,¼Ý®S¡™Zo擼}XýåûŒ­I¥dbýðt\K*ž™õCùsòn—w£íï6L„Þýúðše©ÒŠ:3KˆT¢½Á‡fìÛr*ƪm‚:_›ÔH&£¶[p×i?ì,L­¥3³}cG|zßîóªÁñÇ|tîÃh÷8þ…òþã=|P'PIÑ6C5Œ¾nŸðsŒó‡fÌÂ6È:[TO‡ ÍÖ»˜Å6c5V(UIuG“‡ÎöèvEij„`1a3œ‘Äm„3šäø¸«lŸ÷wT'Å®*ò¥û¼i Ì*KÞ€€kôǽéït2Õnq7É4ØåOmƒÒÖv›U³ ëLã®í«Ü< ¤}¶A×o.¬7a¦°… ùŸíˆúUû®¶{ˆCîóºaàè¸Ë]º”Hòbœòº> |ŸwŽb(AÅÇD³<;òô‘°Ã`‡œÐ<¬¢j™9ªUCœ¹ªÆ…À={ˆ¸iðqëçj§¥½…Ü”’¾zœF?‰Xʇ“ºÅsïUÄ<ÍRžIPœ‘”IŽ˜§)€B’û¢í,ÎàÁŸïÛbr‘[.¦S©ÌY1ä­í?AR}<ÍYiX ? ñåðöÃÇ÷¡àí1cjäøQF#PiBe‘d°½‡ˆ“z\E §5ímaAÀgg}Ä6KPd‚@ùÌRûó‰ycâŸ:ÌÛsUÚð"_8¬pha‚ü±‚!Ö¬WFà\«)qP`n½b’2³<wa#÷íÓø23'É; ™¶«iÏ.ìîß…¨ƒÀåGÏ!xCƒÃÕ„]^|Ê·á#ïô"ÑÁ8/÷Uã0›mhô~*àh uÄ ÆõbÑÀ°WÏ1SÄwÑö¡òº¶)ƒ¹/ÒÏì"å_W ,TÃ?ûmÞTÓròéäò×—ÇÇ£ÄñŽ³åDaô…œkšJ–Á>“Ï#oO–ÿ…T<¨Ë $áóÄëWµ¸hÀ¦“yªr2¤R`äœΣÂvcä3ß1©™ZòŽÝôŽu¨’,:ÒØNÈax m¸b© œ#u›*éáXõ›¦Á†ç€!טä9ï«v +v¶yÆÉÚÆÏ¥ž1¹šW-_Ç3™f\_ÅÁðå80atÌÒ°0%%)!1c>|ÚÀQŽÛ_Ï'²TnŽY®ŽÆ0ã4Fdç1ìBÀg‡¡foàøò¸AëÕ<þmxõ45~ƒþ¨¤”º£ž™Pvð>¯J´EO"K 0$€qÀ7HÄ,_ÈÖÌ"¦{îÁœ{\’ˆöçÍÂY5’ažÜ¡ÈÔuûUKÙz=A—œ-$„«”+«Ö‡Ç$/;èdªb‡fPW®ðÛ·G6…§¼|ΡêÊ£¦¯@ô6t+ 12óvgCN©k„ϲ9ùºr“@¢4ÖwbPêOñÝñÌÅ^ $…íGÞº‡¶s»_f 5—ôšd"n0‚á|‰d¤*9c#ƒ‚ºÚîÆëþš "åÌdK41´õ3¶¤îüV2ô'Šùز⃠lµ.“Sf<»â`g —’Cª"œŽIu]L ÊÃÒU˜Ñw+4¸þ„í‰àÛãÑclEY(·ÙcÜ_Ûl[,)o +ÇݘšrÁèyÅ49.ÄÂG#ȹ¨»ë(\S ˜ª¥ ÉTj‚³þ9¬g‹ šÿºáoE%4¸y® ˜ô\µ.˜¢š/y¢—<Ñ©V:z2+Kw£ø#Ü[vmëëñ–ÁÀ~Ž·­;‡1IƤNB›*UòØ–ùàJ‚ ƒY Ož˜ä19ó`Ÿj÷´¡™„%5=~ugžRî!`Ri²pÏñMS¸£Ä3ï*lœ‰ôôz¾Ä·y}œò nsh3­Ì¹Û?Ý#Þ„Ë0êëM×K!^qƒKæjlÿwpbNzèÒ¿~OÑâ&œþ3üôÕ&_„“k03d›Üñk7ðqç¾qt›q¸ÑVÛ£€%?þûoPs×ãLx­ŽçÚÅ5)f7èû«o¸Ü7ö%@ÀöûóW¡c½èÙ.¿-p3D_FN¨EDÏ"÷}õ»ãX ôûR•ãî6x_Íß?xc¢_‘ ‰˜ä à¥<%œEˆ§cX¥g^7}?³…^/‡Ð-ágîü @?yùáÛ¶.oCéÕ\ÿ¿†’Q)1Ô| I„@«Kœ¾ÏpmId£iüˆfK¼†.½¾AAs¯¯ t 8¯æîŸ7Ì}Å¥¨tW¸A°lþ«ßÕ¯ÌS0êÜ×Z/þDùÛp‘ºÑá9#Ù:(¹,ð«°ÇO3ÅÕþÁ€Çendstream endobj 610 0 obj << /Type /Page @@ -1141,19 +1135,19 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 658 0 obj << -/Length 2395 +/Length 2399 /Filter /FlateDecode >> stream -xڥ˒ã¶ñ>_¡[4UM|VNcï:;.ïl¼#RŽXK‚²HÎDùút£ )q*©Jé@ Ñh4úÝX…ð«$ Ò"*VYI(’UÙÜ…«XûÛ`œCÚL±~ØÞ}ÿS­Š H£tµ=LhåA˜çbµÝÿ¾AÜ…p½ýôñ~%áú×ÏO4~zøÌÐç‚ÔÕî¬Î•îhz²íkµ×{‚ì.ômÚ®§Q{ÒgÕ?0í.]¯»?Y+:XJÒ KQ–""à YêúawËÓÒ]’$ˆ£Hð¾ï`S!×VÆsÐUïFšÙuŒØ‰i{$¼ÚH)ƒ4ò/~ Yª“ÚÕˆ›Âíô…KÚsC‡¤–4 C]Ó¬’þ -C_µ†÷“$KÝu°‚$BM§á¶×pUó§í+¢Yöµ[n¯øPClÏÕÆÞ,t7"GëA?¯ˆ—%ë­ä^¬Ï8Ši<P˜Ú£$sáD–¹[Øó`›½|-Öm©j‚2@ZÒg‚Zþ2/7õ”öDBþ{£Š‰ìôQÕæóy(óË‘ºY¿?ÆUG_౶† cµ`„yäi.Ù–XÄùCaÝZž,‚P‚_¶ñ~G'ÿ•îéË÷îNÒH‹ÇÚÍuÛ~NKÖŸáÅÝN8Àá“6ðÊu¥Mº%ã Îcˆ>" -åäÿ÷E´ýÈ4_Wóq€Â1®L©Á$ š]3ˆ»:5vG áˆáý‘©°‚‡ºïhýz‡êîèö]fǃÎÓ4Y?WÀƸqÁ´'~e=Hä²q8åÛÚ,)³§µÒ‡P„úà“ÊôU£z2|Äl¿ÓÖAbÁ6 ½^V¯öÂL¾£]8-õV¹i@:sÚE^Œ§¢D8œÙ5Þ¥ ZL‚¢Hò+Çñ×»i½64:ç3ÝÅ´æÒ´CÒB¬¯kNÙ˜NÐPjm^ú#­¾ P[ÕðªµV¼«’±ÔÌÂZûݬQ¢°ÓS¤^UF3Jeæ_²­b´Hχ?É 'äÂ8rÁ7WÝR”3èÉÔÆbC5|É$`°½O’uÕø¹Žñ¾õËvû Õ/#]»(ÕumYùñü­BâH«’G.xvPê)ÔÉ0`3ˆæUä;!&ÕW®)~jÏoê¼GÙü×úáã+™JJ±7˜!L\`L'!9[ï[랸Þö<ÐèµPmXWÀ˜+`ÂBâmsªuϳ›h™r$¡qÕC.µ#*Æ̶ OŒÓR¢A˜¥ê«Ô,ã,Êf)%€TD苘ÖÚPµ¦_…µ Jþðç ©Ì U,8š°eå„ã²ww¸Ðä@FØ9@ëŽÆÎè‘^ËÇ£>;’Îô%›¾Mi¡!KçQ•5Ùø;N+mÓ´¦¾Lmí Ï4`[í[gÃïg\…œKv1jAº -é8¡‰<b)¢«„†—¤X&Á(tÀ`Ç€ÖØABzAŒvŠO\X¿¤†Y/(UH2D&§¦›HŒc#âg Fj:”tŽ†ZaÍlñ;úêÕÐõŽŒclò¦Ð1Ý›UfL*ýÐfOV° »kÞÈ2ßåTaIt¡5Šó¸ðvD‡FØ¥´o @Vc$ꎴDF‡Î˜‹I9€GöŒFÓ—êÕïª~1‡[sM#L½ÐJ”=Íæ5/B(ÊTº*"r±·P‘ËHÑh^f6±¶ˆ³õã’P£ÔóóÖ—‰µWìHh¢ˆ 34;²ÜkM‘·Çt!c‰Ë„úâ‚ Ù,+C€ Ï0Ãì@—|¹ÛÞVúNÏî u+ˆMŽU·êxõ¤Êoºç³ú#EáåèšÐæÇ,݉…I9õDäù’Õ‚ù-жc0ÂXk—÷Œ_õ^dÊuRòÈSþìȺÝåê´Qb¦6Ì3Ñ”*@ù^9Ñ”HüÙÿþ‚¢éØŠ$!˜Ž!<µ·}1­BìiÅZ€‡ŽB®pa@ÌÂ_”"Ä*Æ:ŒêzIc{ýªëö䣱ý4ƒ+#ÆÈÞgÙÐå* ¹±1¶-à~ÍV=Š{f…w!Ž˜Û¡¾ñºÚ¿*Ó«ÆX¯LB°` -E„©/XR.Wn_=˜Iú~†Æ£:ÕŒòµ­õÿü,’…ëŸ>ÐÈõ¶“ö2sB`ÕÀAÊhª¡‡°‡ñ mÌHððiÄy&@hýCŽÂÔã{lX¬Õ«¾ÚÀùüfõ -7c®ûrún„u謘+Òi+í{Lßf÷s»x¯÷¼j>µoz,)✌{»B¸ÂNL‰ÖÑ”ŠwáÞ6Ü3.¹Ú¸­JžP4…-|×ﯛ×÷¶Šé[ÕµëöÅ'ηÔjt¼ˆˆ¨fË9'g…k¥äí „ 6BgØ ç¹vÔ Z3?p}w’‡ÎßmƒfåÁáÖ/—’’qo9“W=k£éµ€§Ï:é(%£Ù,—Ì¡D$ÝÃÜŒâÆž½ðš‘Y^d®|¶—`3„£ØÍR/+rC”¥7í=,î«s!Wüˆåy”_…zÿâAÑL‘Ÿº*µ«êª¿L A0uÀ›ò%Ê=_¼#5Œ¬!À—j'$ue¿¢nØÃçY¾:št†£™Î´{ÝñDo…¤]Œwƒt“^— -öºD‘äó‡÷ -ÈYÊ%…ÂÜÂÑÔÈhÛ=LÜ1÷t!8Žßbeì}’ €}ú'¥‡Ð7d©¸Š„µjòr—x¨î˜æ¨¯œjUºÆ¦2ˆ}¯Ë²wþ`€ô…ÿ -,üúD÷ÿù0þgÌóhü_AÎzÚ0(2é™B±¤7Œ»?)n9ÿÔ‹ö`endstream +xڥ˒ã¶ñ>_¡[4UM|VNkï8;.ïl¼#RŽXK‚²HÎDùút£ )q*©Jé@ t7úÝX…ð«$ Ò"*VYI(’UÙÜ…«XûÛà=·i3ÝõÃöîûŸÒhUE¥«ía‚+Â<«íþ÷µâà0„ëí§‡ûM”„ë_>x|¢ñÓ‡Ï }þÇóöá3ÿ&áǧgøˆûi®üôáïÛ‡¯´.åãÓöë—¿ý¸}üòtÿÇö织­çzz3JdùÏ»ßÿW{¸àÏwa ‹wxY@)'ÒW›(ŠXÄ×öˆ'òx}¾ùZwm çRW»³:Wº£éÉîh_«½Þdw¡oÓv=Ú“>«žøiwézÝØóÉZb)I',EYˆ<Š€7d©ë‡Ý-OKwI’ Ž"Á羃C…\7ZÏAT½if×1b'¦íñj#¥ ÒÐo¼øg©NjWãÞnw /\òО"’ZÔ48 uM#°Jø+ }Õ>O’,u×À +’5†Û^ÃUýÍSÛW„³ìk·Ü^ñ¡†þØž«½YènDŽÖƒ~^q_–¬;´’{±>wà(¤ñh@aj’Ì…YænaéÁ1{ø*Z¬ÛRÕ1d€´¨Ïµüe^n <ê)<{£Š‘ìôQÕæóy(óË‘ºY¿'㪣/ðX[Ã…±Z0Â< +ò4—lK,âáÜ¡°n-OA(Á/i·ñ~G”ÿʤ{úò½»ªAÉb‘¬=\·í·á´dý^Ün?i¯\WÚô [2ð0â<†è#² QNþ_DkÐLóuÕ8×(ãÊ”L¢Ù5ƒxªãPcO”ŽÞ +x¨ûŽVÐp¡w[Ýݹˌ<èj"J:GC­°V¶û;úêÕÐõclò¦À1Ý›UfL• *ýÐfNV° »kо‘e4¾Ë©ÂRèBkßqá툰K;h߀¬0ÆHÔi‰Œ:1“2Iö¼¦/Õ«CÞUýbî¶æšF˜r¡…({šÍk]„P0”©tÕCäb!¡â"—£Ñ¼ÌlbMgë¼—„Â;Jm 1?oí€q™X{ÅN„&Š˜0C³#˽Öy{L2¹L¨/@ð(.˜Á²2˜ð 3ÌtÉ7»íi¥ïðì¹ÁP—‚»Éñ¡ÚV¯žTùM÷L«?Rô^Ž iÛœÌÒX‘”SA@Dž/Y-ð‘ßm#ŒµvyÏû«ËL¹CL~ó…§Y·»\Q%†`j¿<A©ò“ï•M‰ÄÓ†ø÷HÇ$ Át íS{ÛÓºÑ(ÄžV¬xè(ä +Ä,ÜøŃVýà}Up„°§¬?‰ÔO ãCaB¬b¬Ã¨®—4¶×¯ºnO>ÛO3¸2bŒà}– }e BnhŒm¸O³UâÇ„Y!Ä݇CæN¨o¼®ö¯ÊôêÅÓë•É,P¡ˆ0õKÊåÊík3IßÏÐpT§š·|mký??‡dáú‡Ç§4r=í¤­ÌÜ…X5@HM•1ôßö0~á¢Mƒ >‚8ϨF­ÃÿoÈQ˜z|o ‹µzÕW8Ÿßœ0‹ªšë¾œ¾a:+¦ÆŠtÚBûÞÒ·×ýÜ.Þë9¯šƒOí›KŠ8'ãž®à^J@m0%ZXGSëE°Îoîù—H38Bn«’'Máßõûë¦õ½£búFu-Ǻ}ñ‰3Çc'u†/""ªÙrÎÉYáZ(y;!ˆÐ6Æ9Dn†uC£ÖÌ)Ð^§\a·I¬(lËÃÙë—KIɸ7œÉkžµÑôZÀÓçœt”‚Ñl–KæP"’îAn†qci/¼b$A–™+Ÿí%Ø »Yêe…@nˆ²ô¦­‡Å}Õa.äŠwAyåW¡Þ¿tPôSä'®Jíªºê/$SBCE"¦Îw“@¾D¹GãKnãH #kð¥Ú Q]Ù/€¬_¦gýùŠ4é G3-h÷º/*â‰Þ +I)ºì4é"&½.ì t‰"Éç ï)6gi(— +4¸ÒÔÈhÛ=LÜ1÷t! Ço°°eì}p%ûôOJ¡oÈRq 9jÕäå.ñPÝ1ÍQ;^9ÕªtMe:û, ^—eïü±é ÿ Xø ô‰îÿþÓaüï%ΙçÑø‚œõ´aPdÒ3…bIowNÜrþ±—ó¬endstream endobj 657 0 obj << /Type /Page @@ -1424,24 +1418,20 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 707 0 obj << -/Length 3116 +/Length 3210 /Filter /FlateDecode >> stream -xÚåZK“Û6¾Ï¯Ð-œªŒA‚{ó&vÖ©Z;±'û(ÇŽHiS¤"R3–+?~h$Ň¼Éa·²¥ƒ°Ù 4_?¶¢ðc+‘(áÉ*NB")“«Íþ†®vðìÛfiÖŽhݧúËÝͳ—_%$‰x´ºÛöx)B•b«»ì} ˆ ·À¯ŸÿíÅíšK¼{ñöVÊàïðgúo¾ñöùmw¯Þ¼~w»Ži_ÿõù÷wŽâ:¯ß¼~ùêÛ;>·î¾»yqçWÑ_)£B/á—›÷è*ƒwC‰H”\=A‡–$|µ¿ ¥ 2”7ïn~ð {OÍ«Sš %%R†rµ!Q ŠŠE$‘„ö‹æ͇†LH$¸ðÊ—qOùŠ™$rå©´ò«tŸgëÍC¾ùø¹®òÛuDið~ýüËã7\o£5õìeÜçÆbØ7=#ÍeS¦MƒD‘M0…]Ò{ÊâÕš1’HÉ+÷W§ü•´ØUõ1GRöHCFT(ן'˜qGqh žÒc5Á… ’hSÿB.Û´(aVln«Õå"«?à"{öNÅC?àù¯òû˜Oùu¦„RÑ;ƒM½ß§U6ÞŠp–87wÕ ,02þÒ’B>LãµP!}Ì4”D%ñ˜éàDƒkœ»U FÓ&X4-þ#ÂAO]QíFçÎYiDa'T̯˜r -MYM™²£2¦œ—uš]Še°ÎL~Y®§ ¨ƒÂ…a%¿EÉFpD~¢”ïN‘aP”VCZϦ¡ãƒ†Ì©IÆ!x# ççÕÔ§šW“§ª Ì,™·zÑ‹š‹ôÞOp1Æ:•¨Ù6ËÆÙüc‘?MÍex¤Gqà,Y/ëÒS•9ôm Ÿ$´u ÍþÖûC°+óªÛäù=Ssy{T {ì¨p·Ç¼y˜ÚäA¨¸´É>Ò½º=ÿå]9ì lÕ¢6=ÕX» °Ëh¨Ïw#g'w‚?{øÛ§EÕBT^m<ü«-°0Éå[èQ-Ø‚£B[€³j¶ÎË6 ‚¨ZúLþa…è&fË -õTcÍ”PUú¶Séâf[›ÀP~A»O!°ÁøŒM„à¬á°FË6ѧš· Oebãcžvõž?$JLÀ„6,YVª§kuh'Rð¡ZßšC®Ý»ap:di›7ØÑ™þOñ/;CRVl°ƒ°°–7ù˜ªêî¶ -ËlŠµÍ{$䢢K¹ÍI)ϵGJml¶R“`AÃDv ógì48÷<ƒ©„2†$»hü«˜ÉB¢ÄSj9åYÑÚa“¸Âÿ}îȲ|ø$í¤c«ª{àlbkÐý ŸEÕi=‚}ÞŸõ?Ó:»…œÕ}$Ò³XðªEâ´ljlmÒSc´¯ÛiµÃ䜚ƒ¨?קc¥¥;.RÓ”­euo ›3à¼à~m©lnN‡Û`÷šsòqWà=™ºã£Ch}å½í»Ç£Ù-ùyi_óF¤;¨ |7mÛ|0{OlnÍéÏ-èÇNëé¡('áÁªC3—XTûœWóðE!+ 9»_=ªørT8­ôi¼†€ò»âØÿìr!ê¢F»@v¤Òé@v ÓUzoŒ0”t鎱HøOñ¯ÛwÝzV-” ª°´CUÝ=–± xseB‘PÑxʨtP-„2 §B¥‡6Mã¡ :¹Yš>?<‘Øà}–=6lAküGf6Ї=±]•}'½¬h>þ šL6­¾Õ‚ò•^Ã/§üx.ëypZ”ÜÓHô48 dßÝ&<¨w;“à°碛p:`àBç¡Œ?Œà }õ¨Í³`È$GúÐaeíËù§CYlŠ¶<ãxVàÝ´–¥réÓè;Åš˜×]áÌNL¾ó—.«õç2ê*ÎÒ©ÏšŠDaâ(5¨Uy99žJé §¨:㚀±˜„Iä¼¾ÓßϘˆ(é>„m:@@ºü¾r÷uÕÜÝ!ÚÑM°– èÄÅ/³FÎTH’«FÞ§š7rOenÄœö‡ìÞ}cƒ€ý×õ&Ý<ä¿®5~}˜ÏÝ @!"ö‹4‘!&„L„FW.>ª¿GÓ+ õTã•÷‹ÆàwØÅR¿¥‚%DZ-(ÄÊã€ÕW >3«·m}ý Ë·é©lñþ€~ÇDúé3ü«Ö%QpI"d³.it™™ÐåW§qhfÒ/ŸaÁ€Vv£³7F1{ë…÷¸ýüôzêRÃÇŽyl'¶ °P -áòcìQ-££BwUüçã‘0ÒE«eùžj¡è Ùwµ#Ô ëêÈ4+ä(Žx¢¸Òd‡ aë :}X^®€qw Ó? -øÚbüîΘ˜¾ÍóNgÈ —øÙcˆÈÖ³)[·DÆÔ«m[”§k‚'°\â⢞èlÕ‘&@`'ñhÙ7´¬Ù:øÏ/œËõÑ#6LâÌÖê5l˜EtlNA:•Œ+~EC!Õ¼Š<ÕXG`ƒùlVä8Ù\>øn‚‹±ä©"›u¿Y6Î!ëêiJ–±¿ŸeGRA0û¾¬KOu®Ìqìýä9·#m†GïÍ]?VÍpÈóg ,“ òÅËgP]8cGEgüp¨ºÍÔ!ÊK‡ìaáêñüO9–p.pTµé©ÎÕyrÊ)Ȥ“±>ßB%]òÀ·+ꦇܽYyà;üY[€`¢T_±…€ê‚-8*²HA›îÁ…àÑ$bœ¯÷ÿæp–ËT\V¨§:×èØ@A9Ïâ±Jß *½xØÖ&(ÕßÐî +¨l²>cqRfÓ½£Á&Bªy›ðT&w>TÕ'×úK¢ÄLdÀFä—•ê©Îµ:¶ Hšs­äX­oݾÂð®T÷eÑW]`å‡ÿý•ÏP´Õ+º XXêDšz §šv¸E£Ú2‚VõÒÖEjU5‹ÒÖ¬\Vå—`d¹Bk3U²Æzij³sT`ÓEGÂW%È‹2F“çÁC©«Áj›ca9UeÝÛiªlut_Ñ­]QVá³s¼´n£¦=쀳ɼAù£‚—t‡Š½ÆJ»…¢ô×D„Ò&"zÝq±íZ­ŠcgÔãMѬéŠÒ†&'âà×öxhpSxáR5¤ì-«{KØ=Ð[©ø[Ke‹w>>ëßK)]Î']§@kâ…Oalô”÷öÚõ@ÍÁàÊ/¶ö1oExAÚ g‹¾¯v{s6pÇß’Ÿð|ýX±ž6õvr­8sÙ¿…µOU3_#gR¨+øP]À/GEbOóè5F”ÏJdÿ_ÀËå¨5:d²g*ÎdG:}Ù÷Æ“lÀ.™äd‘0YÐåpî4=X!Ü´X¦’„zOp¿i‡[4S[ƈeÊTÆJOÚïu€e©Ç²ÔaY:–®=¶¥!¶ÁŸÙ›A6°v‡l™Ç|À6ñRׯ É–‰™MõCb‡giæá²î>|9m + ˜¶,—$B“A\‚!€ÀEñ`ÀD9 Á9G›Â2€~¿­z³U-uôÂ=&Mè?R€¶¶¬Ñ™Œ’UŒ˜²œÂwÄš¶¡=¶ÀÈ3üo[@Z›Ý[Èðf+ ¹b Ï®ÔB!ÕÓ|Y“ƒ®zË2s¹ô LCÊ[;ó©ÖþEýh÷)¾Yá®Nu¦PLµÃ3–Ĺo‡P5Õv +r YÑÚANÝ Æ5c)‹óÄeˆN> stream -xÚ­ZmÛ6þ¾¿Âè—óµÂwQ—OIšä¶‡K{Iš¢o8hm­-D–¶–œíÞáþûÍpH½Ø´½@‹…(rć3Ï Íg þøÌê„ÉLÍÒL%šq=[n¯Øl co¯¸§Y¢Å˜êåÇ«goŒ˜eIf„™}¼Íef-Ÿ}\ý2õ·ß|ýþz!4›Ëäz¡ ›¿{ñ×Ôó†´ž -¯¾{÷ææíï_\§jþñæ»w׋”e -¾¼üíwß¿¾ûpýÛÇo¯^ìW1^)g—ðûÕ/¿±Ù -üíKdfõì^X³L̶WJËD+)COuõáêŸý„£Q÷iLs0œng  †Ë(g -t¨RЯâ‰PLôúÕv¤_Π­Ì¬§Býv»|Y®•Ë,±Rf³ñ„Ç|Õ1_%Ç|•J,×bÊø¦^Û¢îhºMA¶Ø})v-½¬ŠÛýz]Ökz­Š/EEÍÛGz6u‘-!(%å,±ÙEÍ Tgç‰&z{ö&ÍF´R'Öh ó# {(Zª“¡)-‰6Õ­e‰±ÌNdûPtmT£pÔü/õÚ5ôÌkzÜWå²ô»ô%¯ögô Ò€YƒþÎ+|LvZã=.«nâƪy’ÚŒ_਎9OªM’¦LMYÿ¿4ÊÎèM£—°æ’ÞFdgô¨Pø»jßnNñó|û#~Ä7~Ä'Œß ãâ Š[æËÍ9“â …æê’jFdgT¨zÕÔù6v’Á„µ™?Éh"`‹7~AÀ@u,àT‡™N¸0Æu¸.¿þp:Á\ëÎùÓfû§õ­maZ‰ ú“ÖwO…«i»¼Û·GŒ8M°à<ã@uÌøà³$Í„rþ¦l陼T,ˆáÚÍvl @-¡Õh^G^e×EX(‘àæ5ψ¨Y’J+§’üç“ŽpÔ…7ÊSŒîOý,_ÓÞ>lÊåÆ7'Ç3¯Úæà€úí討‰ª!L¥FתIt–Iú°³Éë:@¢m³*¼Õ æ¡ÖØì^€Ï´c7weSc'ŸcÏ5€E¯hìHK«û}_z—P\ÎÁΗQ8 ÃOаöu¹ì'í”݆Zä°*„Nì Lò= ×~ŠzB2÷%®„MwjU®Ë.ÇõJR¬kˆ:$*DJ`”w4JÝîˆB?Š„½9½¶›Ü¯ÈOUøÔ©Ã=–Æû|7á°Å@è¼<놆òGêè|Ç=yß/åÊ$’#&4Ò¸¹ƒØõt½„HƒB*\ožÚm^[¿ Rmw”¡7)÷]Õ,ûÔü®ÙQ÷åØ A¸Ddê‚Û‰e&ø¦ˆ\ÊËEí²¥9t:®O¤‰Ô= |VtËgÈ-Ùî",-¤îÖˆþ4Ò‰À ™ÚÉí×­²>áÊ+v`÷H¼ÕÔ}Þ}±,Qzg0à÷AeƒÆ& Ò•`Á%-¢'X%J±à‘š{ä{ÆÙüæn˜ü T1a´W'´§H:îš}½ŠÅÔ>$ÐìÐç &*AȇÒnƽkÃVÕ4Ÿ©œÙD©J´áæhK?±`ÉRë©eš¡eâäpl -tÇ, Xp©‚Õ´-šËªÜEæ7ü·æa9yK“¯ -Ôeí¼ã…Ð[䧠áâ ³/xKŒ†09˜·û²BÛ@_•»`zŒ¯`96X1áåñB8hÛ šÚ =¥¦½ž¼!xOÌ×E]ìÈb·+äÀswmçûºö€ë0ð(ÍÒÿêrí2!øz‘Gd\…SH‹G•¶Ë]y[¬¼ÖR™dBYÌö › q*AÍ€çhp·žQãýúÅøƒ<š—ŠËáÔC2š¨X%IÆ'òDKIŽê’G³¹¬€Td@ù\ñ¢É®œ÷–ƹè-i$åCFyë4‘(€TÁ*À…Vx¶å¶¬òÿ¼!BŠHØÓÜÅ|™†#¬8¥é«SYgx¾ì€`!ä|qú -¸SHqojŒÉ´ÄýÎ[ øFÉM6=c˜SºZf‹AÙ¤'¢@ýŒñ‰[m#¢JdÁDZãlCI´Ca†¥éS'ñ`'" ƒøšéKVe}¸ðùol.M…-t†¡¬ ªEWšÆð El`ð` -´ò¶m–%†J‚’°h+ÏON²OÌÔØ×ÒˆCDø$ÒtTƒ†^Q±åá´uüHƒlð²-òÚO&½ ì{ ‡ž–gþeãúWa!e:fª #\rˆ3üÓ!À]Ò“ úcÔ&aótfôe£„ìTö›Ü˼39ß8ßšá¥5ôº¬ò}[´zô4¬ÁCÀÅIC4€Øyƒ†ØÇæ;¤D¢!é9€£qã†À3,;ÌŠ‰RlZ•¤V’˜|Óã0›÷,™HLŠ÷=ãí=©þ,3½tùg—W@Æ“ÓcÓ¸r´|‘‹¹ÃÒH²ZùT$|ã^×{¿£Øã² -hὧ÷ÖÈ¥?+˜aù< ø z aëÖÓ_îò%…}xuu#”®‰8öEXÝÄË.ÚX5cvb¿x ”žzœç¬h„(t±*”¨·*ý•ÒQIïáRñ4 ÷ʬ8Ø­OÝ×nµ¯çP⯟gÁw¿€²óߎ·ÉçLÙ#¦Vã¾Lõ=⫃ZðÌc–‰Uˆ>`œ*Y"UzäbÊR¸´O<7i¢… ¼‡”Ư‚T ÷9u5ô$Ù+or.Õ£Àj{¾›f_yM±Ö€ÀèÅ™*<ÉTá¤J ÁU$r^¸QýmT¨Hn”6õÇœÅyº]_}ñUÓ˜ªB»yBèæ¦÷ìÓÝÂ` àX  î|ˆài_Û;iœ©XxÐCÓŽ¯y0ôpCÆ}RËç3Vý-oDžà0V*/eý™ÉÂæRâ„“j8} 4qŽ¬È$Ìp5Æ—qEg™4½Û(æ7áÒ°}¿÷‡·Ì"-ži®ÖŠäÂDV“K}ªòay’âç6«÷r0”aS·šØ ¨$7Bz`0éƒÇ&ÞGOŠæâ•0ü¼wð¦ÛÞï?­/& FVç¯ÑG©ã(ÂûKÍÛ¼-ÆOZÔËfâ-)\°aZWQb!ï-í¥/°)uĸ%’ã–¼NNÝtá}Œ ¡ïo%;pÜOÒþ¶ìÄq³‰Í´ŒKäéA–Ém;dYáF€]=˜üã±8¬ÂœDBàL_*vQHðqT†Ä'F!Á|ú„„Ó±å -¾H2¤Oø+2c³XHŸÔl:ÀÐQ˜fÎF±á|6Î&Õ€hYŸ t‰–©ó%…ŦiáÆ÷œg#e,?¡0X3 ò“ EŠ~:Z,,ŒÄ%×tè~_‘†B#4ü6¥¾9 I(R_ØK)%Åw™Øãëê©_âypƒt9è¦ôEX#,ÚÆ“u ü:ò{ŒHΕ‰êó©ê%Y–èc¸ Bÿã;Ü~sæTv÷x|Œ8M¬Ç@°±ú °ZåLtäs¦‘G‰ÏøÌS"’Bö']ý}rìˆóí}å?Ü–u¹Í«S·NÐÙ_6Œ=´Òa‡fRl`ˆ/1±½U. cNÿêßþ㤶6=¸+ €£ü*D¢¯žÇb™õDº”ïo…®oÞ~ÚßÊOuþêåöVÞ¬úð²ûéGµþ©þÄnÞòÍÏoXÿ¼ÍoÞ¾^¯D†c÷Ó/¢2ý÷y a†òÞéñX5ΑcÁŽÁ~ê×ÑR'ø“æÈ5ü{)þô/§‡”#ʲöÄÁ$3ä{½P¸*.%×Ék+Òˆèÿíµ´Wendstream +xÚ­ZmÛ6þ¾¿Âè—óµÂwQ—OI›æ¶‡K{É6EßpÐÚZ[ˆ,m-9Û½Ãý÷›áz±i{ Qäˆ3gžšÏüñ™Õ “™š¥™J4ãz¶Ü^±ÙÆÞ^qO³D‹1ÕëÛ«ß1Ë’Ì3»½Íef-ŸÝ®~™õ·Wßß¾y½šÍer½Ð†Íß½úÇêùCZÏ?Š¯¾{÷ÍÍÛÞ¿ºNÕüöæ»w׋”e +¾¼üíwß¿¾ûpýÛí·WonûUŒWÊ™Ä%ü~õËol¶‚{Å™Y={„–ð,³í•Ò2ÑJÊÐS]}¸úg?áhÔ}Ó '†ÛÙh…á2JÄ™ªô«x"½~µé—3h+3ë©P¿Ý._‡kå2K¬”Ùl<á1ß@uÌWÉ1_¥˵˜2¾©—»knçŶ¨;Ú€nSP£-vŸ‹]K/«ân¿^—õš^«âsQQóM]$GKJI9KlvQsÕÅy¢‰Þ^|“f#Z©k´†ù‘Š„=-Õ‰ÉДΉˆŽD›êÖ²ÄXf'²}(º6ªQ8 jþ—‹zízæ5=‹?ªrYú]úœWû3úiÀ¬Aç>&;­ñž +—U7qcÕnÊåÆ7'ç3¯Úæà„úí討‰ª!b¥FתIt–Iú´Éë: £m³*¼Õ æQ×Øì^]/¤»¼+›;ù{®9`-zEcGZZÝïûÒ» Ѐârv¾,ˆÂY~‚†µ¯Ëe?)h§ì6Ôrö…T!Šbg`’ïa¸îðSÔ’¹/q%lºS«r]v9®WB„)×5  "e-0JÝîˆB?Š„½9½¶›Ü¯ÈOUø,ªÃ=–Æ;}7á°Å@è¼<놆],„ŽÎw<÷ý\®üA"9bB#›;ˆ]O×KQˆ4(¤"ÁÕñæ ©ÝæU°õ É ëvGzC”rßUͲÿ@Íï›5p_Ž „K b_p;"±Ìß‘Ky¹¨]¶4‡NÇ¥Š4‘ºÇ†/Šnù¹%0Û}„¥…,ÞÑŸF:ÑÂ.4S;¹ÛãºUÖGȼrHÁ!è©ÃḚºïÖ{(–%Jïìü>@«×Ød!bº,¸¤Eô«D)‘'ZUrT—¤8šÍ¥¤"Ê犇Mvå¼·4ÎEo1pHC öuað8„U° +$p¡žm¹-«|ç?oˆ"ö4÷1_¦á+ÎGûê”GÖž/;à#X9_œ¾îÒGÜ›c2-q¿óÖ¾Qr“MϦ—®¬ÙbP6é‰hP?c|âVÛˆ¨Yðqì8ÛFÒmãÇ@˜aiúÜI<؉È ¾fú€UY.|›ËÀASa ah+ƒjÑU€æ‡1|HÑ|$˜­¼m›e‰¡’ $,Ú +Àó““ì356Eŵ4â>‰4•£¡×GTly8mÝ?Qç ¼l‹¼öÓ‡IïûÈ¡§å™‡?@Ù¸þ•CX@H™Ž™*È—âÌ¿ÆtH0B—ô¤¨¾Ú$lžÎŒ¾l”Ê~“{Ù°`"çç[3<°´Æ‚^—U¾o‹ö¯QžB‚&‚5x¸8iˆ;oÐûøÁ|'‚”H4$Ý#gp4nÜx†e‡Y1QŠM«’Ôª Bó€oz<fóž%‰Iñêg¼½'õ!ÀŸe& —.ÿäò +ÈxrzlW.€–¯r1wXIV+ŸŠ„oÜëzïw{\V "|ðôÞy¨ža†åó$dà3è%<†­;O~¹Ë—öáÕŽPº&âØau/»hO`ՌىýâPxêqž³¢¢ÐĪPj Þªô·KG%¼’KÅó, Ü+³â`{´ +óܤ‰2ðR¿ +R4ÜçÔÕГ ¹QÚÔ[sçév}õ…’Á¨ªB»yFèæ¦÷ìÓÝÂ` àX  î|ˆP™¹dU$:XÙ[aK¯9=ÈÌ¡AÒ; +xBÄp©@{H–*´}ÆÖf<Ø¥MŽùPÁ¡ +¨•} çȆ҄‰þHP5ªæ,ë×eQÙü¦ó‹mŸÀëý2 T¤:H4ÿ¢·Z‘X˜Åj2p©O•=,ORœàÜ–`í^V2l‰ãV›2ƒàFHê&}ôÀÄ;èIÅÜB°†Ÿ—€'ÊôÇ+,ô¾©ªæÑamM.I’ïó\Á¾ i­N2Ë‚AÀbÂη{ꄯŠ@ONÏyU®¨¹j¶¹;T@Esû’W³_o¨Û]Ji]þ#ÂV8ß²Û畫иlJÈcŠ–ܹ—TÍê6{—Häh»|\•ŸŠŽûUQ´Â¥Ë[?¼ÖU ºF†ãgüNEÀ¬ÖÆ¥²èg\Œ§ŒÜš(ÈJØeOvÆ?¤I&{°çÖ:)åô6LÑ&ùšSÜ+eè„/z%†éê±W„YÑ'?6Ôs­ÂTFõñ<¯ÖͼÆ6VñO!{ëÍ““Ô}Š‡‰I­éЫƒkAmü¸)CiÍ;‡Ö¦ÉÿNL*Rš3ó‡|×:¸¦LiÐʗÚõ5z³Uš… +)’2‡Qù, +G‚rð¨ôè +H(³žÌç™E*ËÏ9›m¾\lW:¾Vô‰ƒ7=Øö~ÿi½x+ÉÈ0²:>ÊGá=÷¿IÊÛbaü¤E½lVá +…–n×°-ŽK(±øŽ—–öRxØ”:bÜ’ ™qK^'§nŠ¹ð>†Ð¿÷×’8î§ +iUvâ¸ÙÄfZÆ%òYô ËäÖR¬pÀ.„ÌüñX–`N p¦¯»($ø8 + ªAâ£`>wÂéØrÕ^$r'ü}¡™1Y,F¤Ï@i60è(L3g£Øp> +g3jÀ<¬O…NºDËÔùzÎBbÓ4oã{γ‘‹2–ŸÐ¬ ùIÐ"E?-FⲂkºþC«Æ>ª2BÃoSê Ç™®§¡Ž;ÿ ÁLìñEõToñ<¸AºtSú + ¬mã™:~ù5F$áJáDõÉÔ õ„’,Ëô1Ü¡ÿñ6~{æTvÿtyŒ8Ma5«/Þ¤Ï9J˜èÈ'L#Ž²žñ™§,$…ÔOºâûäö×çۇʸ-ër›W§®œ ³¿i{hÿ¤ÃͤÒÀ_bV+z«\ÆœþÕ¿ýÇI lmzpQ0@GùEˆD_¼ŒÅ2ê‰t)ß?Ý ]ß¼ý¸¿“ëü«×Û;y³þéÃëî§Õú§ú#»yË7?¿ýaýó6{ºyûf½ŽýÝO¿ˆÊôß—1„j{§WÄc¥8GŽÕ:üå©_IKàO›#wðï¥øÓ¿ ~XŽ(ËÚ?“ÌïõB᪸<”\C¯­H#¢ÿþ;¶Æendstream endobj 713 0 obj << /Type /Page @@ -1538,22 +1536,22 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 728 0 obj << -/Length 2277 +/Length 2282 /Filter /FlateDecode >> stream -xÚXK“Ü6¾ûWô-š*·V"%JÚ[Öɤ¼o•=[[©x‰=­X-õêáÉä× @êÑ{K$’x|"øâCž†‘,’CV$aÅ顼¼‰O0öË›˜y’T†i"%;£ÇTæaš‹ìp\ -ùÇÛ¿Ý'â ¢P)‘N~-•Á„Lf‡‡ê·àÝY_GÓßEÉÝþIÓ’0˳§E°„ -ãTXþ«¯º-ME~úð‰÷FSo/ NB™(ÁTÆBÄV4ïŽqEÁ‡n¬O/×MC­òlÊ/ëÍÆíÞš[õȧFíÕŸˆJ:Æ*ƒÝ‚ß²²Èî´.øjZhuüû¡rêIiíH³| t[½å‰'úƒ…]O[µYŽÞ®4öºN¤‡Ð›2ÄÏì”QÜw=5.턨º=uýEv/Ø¡»iܳb -GIö=+Ê"”‘Ìö–„ZMcÃ*•ʾ¾ÎëZ'eŽ=ŠÂ,ŽÝêík)MzêòëÙßüü0ÃU‡ ÐÈU˜ç©D8¢Áþé@ üòüÇ寕ßÈŽ|2弊0¬ÚnÉCär…oé·7âp4É’°y+øxN’²oBMqÞ؇ÖX1±Ç%‰SêŽTæI’°òu3tÇW Þ¤ -éÜäÖ8`pÔ„Ûü·ãùË ·:¹•»2•“Ýl)ÇT±ÚÐi˜ç{›ØHÂ-XˆÍƒ‡]÷‡,§²,ù?4K"ÅlWBб+»†Nfa L8\MYŽ"éÑ›T)h%Wë,P3<}¼G¸(TøJ愵“Lpâœ8ziõ¥.iö¿¯âØ÷²¨Ÿ¢ -7Ŷíæá¯éw1ã¹CW΢à„ØfǪªnŸ9 æ®.¡Æ_e3ú^b, +^Æ~±œË<ÐæÌcÛ/´H„qÐV$èz\çU>Ò„Õ¿nˆ@ü¥VwÚ+3 26úFYßðSôès‡c†ÂÂ.¿ñ;˜µ°u†Zºç›ÑE,Õnfq†’R -ÛTòÈuú±A±HX䃿¦ÂÉññåH°‚=z¨L©´Jµ’Ú²™H§vîêHpÃ8U3ê@uœ^s5%Crù¡ßM5¡Ê… "’t¼vM]îáØQQ˜¨H®C§lôäï4ºŸÙÒ 5ê¶oõq» -Ä”nOÃ[º@)Af9æoÈ8²°<6rØ%¹„Ä` áì´].¢>Gi„=LNƒŸùéçw0ÓЩãrÉS WFQöw´`|üøéý/4L -Ã@uÝ ëR'@bF¥MMj#-ÉÙ"ÚŸ‰iì°”)Á ˜™†ŸLkz=Z‡N'‰“[>4ŠçS£¼–þ]ÛÔ-³º<˜_ÌË]ǧ‡*Úȹëë?µË”Û³¸è§wqçjA[Ði—Ž0Bë§ï,Tso‚^3“ùã -Z3&øó@›=—vê¡ÛíÅ‚¯ÄúXd˜í Í/ ó±\fójÅ«U×Ï÷Ñyo.P‹ÙÊ«ºÔÆQ€2²î ++ßheæœÉëV÷/ßÈÊù›šÊ_êx–S[UNÅÝNÖ›|¤nò-í\e‹ò#s÷[•Ùr›Z]Yj´û&rõõÈ“ã? ‘TÓåŠÆtÅW3l”Ýå -呧Z°­½+º¥­˜É7+"Xç*'BOí&ºÄ¶$oœîÙ‚¢ ÿ¤2hT$‡.à–x#¶§+bHT™Á˜Ñå™ù}®:±wQ(4LɹFøæ­g¶|tƒ]G’sQÜbûnBqÔ0=¡Q8}.^á?« zâ0ÿ›@¿ÍœL`ï[¨6µ} dB@ª£­åA!«_œ<¥vú[#À?Né©Û 2§•*©R¢pT9Öiö¬4ç\ JœEœc‰–>ËeÈH_‚^p„šWðuDøç¤Q÷¬emŠwR¦ˆo8OcÕ=³ÀŽË^g{&[uÛ1 õ—€a]¦‹œ„t¡Xk)Ÿ]íz‚^ÛACÊUr{¯f.üÖŠ;;xÏú²PO:ù÷MnÆí“zÁ@¼s‰v½kwj˜^<¬Y<ƒp÷  ±cuéþíc“«B|ñ…áÏŒ¬ÍöFá.?õ¥Æ8±Ä³þàÁuÀm@°ê¦;Î2Ô™w þR·Œ¸p°™ð0Œ¿r¿‚‚úÎ ÝK €n°O^œZ:HÁÓ¤A9£!q½hLµÕ‡p ã²³F®\-é•P,Ë |!…Ä‘&@9°”y_@@ÉÊ`@«åój Ç_æÆH²Â³skŸ–@šŸ– Y?Û‰…GÑe:u÷Sö‰jùNpûŒjm<•­7˜ÔßA¹´wM ¸ÀèÛŠWƒêñº÷”"B)£Â-Û· ÷´&¡à•û¯tŽå8óì¼E*ÌE‘9A¸ÀõkÏ‚·Ëýi~­Tendstream +xÚXK“Ü6¾ûWô-š*·V"%JÚ[Öɤ¼o•=[[©x‰=­X-õêáÉä× @êÑ{Kñ‚ @Ƈ¾ø§a$‹äI˜Fqz(/o¢ÃÌýò&fš$•ašH Ùc*ó0ÍEv8.™üãáÍßîqQ¨”H'¿—Ê`A&³ÃCõ[ð£éïŽ"‚äî¿ÿ¤eI˜åYŒË"ØB…q*,ýÕWÝ–¦¢?}øD{£Ç©7ƒg'¡L”`* c!bËšwÇ8Š¢àC7Ö§^"EX(¡x…(B¦·{H©‚ÿzxÿ+µëÿY ©{1åY·õp¡îxÖ#Ï7M÷<0‘ìI±=˜þ«éyb숸%y˜…©m£¿š›eYÐh·~2^…‰ã°HYyv­ù…LƒJ:Ú( Þ·4ÔßÅy`†k׆Fþµ×묤X¨PÆY› oÖέ2“8T X›ÈNv“îâøÚŸÓ ¶éˆwY¼Å5Á3¤l>×MC­òlÊ/ka㤷fÀV=ò©Q{uÇ碒Ž±Ê@Zð[VÙößB­Q ­Ž?UN=)­i`æÝVoyá‰þ`a7ÒÖc­G棷;½n‡é!ô¦ÌCñ3;e”÷]OKG’P¯nO]Ñ£•ôc7{VLáÈ"ɾgEY„2‚ÉÞS«ilX…`£2CÙ××y_ë¤L±çCQ˜Å±Û½}- %IïCÝ‚Ý"ù›Ÿf¸Êâ"¹ +ó<•G4Ù?¨ñq_žþ¸\@øµòã¾(Ë'SΨP„1`ÕV$‘˾¤ßÄáh’%a!#òVð5ðœ$eß„šâ.¼5p ­±"bK§Ô©"Ì“$aåëf莯 +¼Iҹɭq0Àਠ'ü·ãéË·:¹å»2•“݈”cªX tc¦ùžN(‚…Øw8b(,ìö V¿ƒY3[g¨¥+p¾Ù]ÄRífg()E0±¡°M%€\§d‹‹|ð×ôC89>¾ VpäQõ€é"•V©–S[6éÔ®ÝC n§jF¨£ŽÓk®¦d¨à@.?ô»©&T¹pADœŽ×®©Ë=;Ê" +Éu蔞œâF÷3[š¡FøV·»@üGYádF饙å˜C¾p ãÈÂÒØÈao”äƒB„³?öívq0Pïs”F8ÂÝiðëÁ#?ýüæcš:u\®â$y +ŒÊ(ÊþŽÌ‚?½ÿ…¦ÉAaú° ¡Û€ƒi}ÂÞ ˜QiS“ÚHKr¶È@íOƒiì°”)Á ˜˜¦ŸLkz=Z‡Alj“[>4²çS#¿–þ]ÛÔ-“º<˜_ÌË]ǧ‡*äÜõõŸÚeÊíY\ôÓ»¸sµ -è´KG¡õS‹wª¹7A¯™Èüq­üy ÍžK’zèv²Xð•XŸç…Ãníñxó{7õ­Ã+‹æ5O}ø oHt‹[t.º2Ô²÷økú1äÞí°YyˆÉå 1¸È—°ÐF®h+êc¼ÙÎfæý à‚: +*8m=,‡™Ù°g¿O+I†­—û^ö|6íÆ q×~i‘?ùìñL®¿8ßÇÌfV©a·¨„óþè;yÉØg Ç$ãœÓE_¯Æ%¹åõÆü1švðeaš-ñÊP™{€o›=„,2Ìö†æ7€ùX.³yµâÕªëçûè,› Ôb¶ò*‡.µq Œ,‡{ÃÊÊ7ZY€9gòǺÕýË7²òpò—:^åÔVÕ£SñE·“õ&©›|K’«lQ~dî~«2[nS«+K¶`ßDª¾y1büg!’jº\ñϘ®øj†²»\¡<ò½lk¯ÅŠni+bòÍŠ:¬s•“a¤v ]bÛF’7N÷l +AQP R4*bSpK¼ÛÓ1$ªÌ`ÎèòÌô>€ +WØ»(¦äÜ 3|ó‡Ö3Û >ºÉ®£ÆÉŽ©(n ±}7¡8j˜ž(œ>¯ðŸÕzâ0ÿ›@¿ÍœL@Æ÷-T›Ú> +H2! U‚ÑÖü Õ/ŽŸR» ý­à§ô¿Ôí™Ór•T)Q¸ªœGë4{Všs.¥ N€"Î1„DKŸå2ä?¤/A/8BÍÎ+ø:"üsÒ¨{V²6Å;)÷ˆn8OcÕ=3ÃŽ'Ë^g{&[uÛ9 ˜õ—€ša]¦‹œéB±ÖR,>»þÚõ½v€¦”«äö^Í\ø3&¬wvðžõe¡:^tòï›Ü=ŒÛ'ô‚=€xçíz/ÖîÔpñ°fñ Â݃&ôˆ«K—ðo›\â‹/ìþÌÈÚloîòS_jŒÛyÖß<¸8Ûi aºã,Ci/uˈ+G› SÁø+ø+(x`ìÌн +‹ðâÅ©¥ƒt•­7°ÔßAÅ´wSif*vïÐ}[ñnP@^÷^SD(eT¸ºeûä^×$Ô¼rÿ¡Î‘gšÇ H…9èÕ1Âͱ_{¼Ýî/3l®pendstream endobj 727 0 obj << /Type /Page @@ -1609,22 +1607,28 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 740 0 obj << -/Length 3604 +/Length 3597 /Filter /FlateDecode >> stream -xÚ¥ZYsÛF~ׯÐ[¨*‹¹päM±åR‰ã•´»©™XƒM€¢å_¿} Šr”J…9zzzzº¿î™¡:áO»(ˆRžÇ© \¨Üy¾9 Ï?@ß?Ï”Ð,=ÑrLõÍÝÙ?ÞFú< ÒHGçw#^I&‰:¿[ý²° .€C¸¸~÷úæꇫww±]\~±Ô.\üüã»+.ÝÝ\¾»}{usËÕ_C^ÿôö¾êbib«¯¿½|wuÃýV¸^¾ùÏ…RjqùîõÕîzóNx¼½ºÄ¹îþ}su{ñÛÝwgWwý¢Æ W¡Á}:ûå·ð|ëÿî, Lš¸óTÂ@¥©>ßœYggñ-ÕÙíÙ¿z†£^:«HÚ€ÒN5iÍœ&]DFÒäõ¬*‰OÍž ëì±ÀR²ènÙd .åë¬þP´\ñÝS¯žêlSæÜö¥© ?¸ÞgUõDê|mi´èÖ2ÃCSUÍ¡¬?0ívw¡’E“«=•„Å¡¬*)5»_þ%nñ¦l³ûªÀ -,• -Rç4-©—Ä„éb¿]eŠlTH"c# €–»ö-ŠÜ@icóS(7I˜yïê•0~ØÅ—‚GÄéXÍ`œÊ(@30Ûñ^h¤h LVgAwë²eæ¼d”+«ZšU²i‹ñ"€§øªåI\<–EIUìgù_]͉`wVˆ~ C]É Y½"ý.­Jƒ$ÌTϬZ uZ„q -ö»íŠ72/X\¤ìâjUvG´¢ý)¥[Üìë™ÐÊ.Õfº0v_?»Qض"¬Ò~ƒÉD€+k»j²Ë*BkñÕñ -z]ÁŽÆëuÅ€Åì–EMFK828 TÄLƒ~á -¶Î‚Oƒ€`Þ6ÄšóØw±TaØWç»bSÔ]V î±Û!î‘¿í²º}(ví øê¦ÑI+Ñ4wì¤á¢„YØôüLIØ;8(F&áö)Àb‹8u×äŒ-[™qõ=qá¡&m%Åb÷È À©nœNÙÔ•0è·‰AŸÙ«9x(k°PÜVíÜ¢Aøs¢Ã´Ñ4Ð6š[IÐ Z({x‚TX®Ñ±è ÚP\:Z>Œ§åCO»-ò Ÿ$ÆŽš;n޾戎8G‹Û¢8Ž5`1`·"«ƒØ¦„úܹûpÎ…›Q˜èé—ã§aâ”/jí—÷¼mÓ¢Ž§ê½íÀ2"^µ¿ ­BØÐÄç‘ Wf6¢õTË1Ù©¨§ÜMY¼Œ9L€[ ÒÅ–úþ».@ËÆÚE–w´ãTnåËÁ0ò°L”,¾¹~÷†»Rþ´ûí¶Ùu2ŒwKdÂXèÖ '.¢}áa]xËa")ÔE^´m¶{ª;æ. ]³† Óm²®lpI±=@³Ç¬¬h0› š% ƒ$u^íWRé±Z RÂðMV‚£—5tÝ?ñwˆ«@Ôƒ?t öQAû™ßŒÔÖŒÖ!¹(—¸Z«EsïgÆfœ¿¨à€‹o $ Ð'RdF>~iØG¢`ê~D¢bãƒçãÁÆÉ1Yc9Ieìb[ìp7Œ#<ƒæ‡=¥+Æz„®”@;‚䥀ä+nÀ0¼‰8DLŒÍ‚rHð < l°kK&p2<­™åç²¾åîÙ,WÀ* TQçE;Rt —úÑ­¸•«C=ÝÕ¶è8Èxr"’ŒC¬ƒlG;áô4;z)`hŸñd&H¬ÓÞ‡Ý؇S=øpªØ‡±?´­ \ °,î ­)ÓJz…Ô]Wl¶W(öÃwOÞtâØØTWà¡\¦<zK©Ÿ·U™—nÖWœš®ÀbcØ'²Xlß4âü/ù² Èî›}ÇEæÇf&hóŠ{Ú¢àÛÒm¾+· -pB1“TÖ‡IêwfW|Úm·$K9Ý"˜KýåUFŠzy: }Æ!}†=`¸RÎ[kÛ¾`Ê1›Að‹ˆlês#+¹‘•Üèö¤Nn/¦;·E'¶(±ßòwðÚ¸ºãæDz8   VÓæR[[Þ—0gÒ1¢ìe¤‡"±Ðn³\ÚÈì4Æ€¬3,ã‘ -“Šâsw¡}O,¹dÛTœÑPùî[ÆÄ ãQ°. ZÎu´Y0þbdïÆY4œÖ²/^±@<¯Xkƒ$îói†ý“˜Paê'œk¨ ƒÕPv =Ü‘µMÝŠx5w°}Èêò‹÷h=4ûjÅ„‡¬î¦+cd‚ÜTü–0ñQM*Hž&úêÖ¥ä͘ âž½ZG Åñ±YäÍfCÅcù¹ƒ t´ÞÊ°•Š)ëÀ*_0 ÑÄ® 7Š±‘49–] ××åJDø–çËÜ/|ÍÆ@‡ƒf3g.8,oÄËÄpø©Jð‚–+ ˜eÍE¶o(\ÓôE‡G¹Øw{KÙ6iY÷œFÄ‚à±À0|![êÖ”Ÿàdò­›Ž©Y3c® $#À`Dâ`.€_Ž9qI(Ló)h¨ŠìcËEc&â/¤O\‚"ŒëeÆ•R™a Ç pUÄ„ÔçˆHñ9Ûl«B]™7­L×fOÏí¯,ÿœe³ÁVsò:ì…šrŒÉk9N-€{ž¸T…PóMÖ?7d0GÀáø²ödìz/0ÑÔ  ½:/0Ž½ÀgOQ/F6†èÁ!7\õ9Ô3¼Dâ¦B±vˆ7F-“uëLÀÍ÷ź¬W³*ÆK‰Ž1vd¥Ø<ÓÐUª±kõX“-Pc¼[‰{¼bvêÞìWM¾Çxçigçñ—ƒ—Œ¢7°=£À#ç|Ö ÈUñé(`N­‰o¡°t_x+ñöÒ5ž†·ÁQ6.7=Ä°=í»–Ñ -9íz³œrÙk¿d¢´³FøíYœÜ0 HÂX““9£û1;ÄθŸb‘×™_›ÆXÉ›œD¦¨-ù>5õ.Å#ÉüRÌ[8¨bjéRMn´£qï \9”ÝšKS¿Áo«X‹ï§w*1#ïõ{¹tŠwD,ò‰ -üõQk«bƒY[¶+¿øÉäØ!Û7?üÌç´„hŶ(n‹|Ú#£“…¿òöžuG†ëOðÏ8Ævo)ë:²×Áºà0ø¬u© Š­7L¡(L9U2:™¤¦é( € -g¯)’²Ôãž)BÉ°ؽ†`‡¾"ü$ïõѺ¿V‚20/õôvŒÈD1œÎry,s@%MÁÞ,ÌR"Í×vØŒ.,q=ö7ïPòbÙF9ÄiJñó~Å3ažó2JúÞ¼ØáEÃ>û–rôwÃÅÄf²1òQz4cA=qUÍ@±·Î¿¼×5‡ÎÌW”®…²yø|‘£N«²]ûG‹’ò í†G˜Aë0@ŽæÐL‰;=ÍleìA˜B¼“Ðù -ZÐ~ü(º0¦•”³ó ³áeå^ºYÁI˜ì¯‹YOI8Æ«”À"Wâ…cèJ)äÓM6BÒp-.°”C}E·Þwú§/‰»tÛÍ=÷Y+èèBtÃ…odë2_ËÃ+c”\F~"”š±9btl`}ÐeÕÇ) Ý7„Ùˆv ¤vjM¥g5E»²>26@ØYÓb·t_ƒZÿ$`\â·šï…8ojLÜ>ìûs.¶ò³NŒ9èA.§™AæÇÚ»’î Mbt -ºzzs±_š¢ÈC(†HôbŸ"nb‚(‰ü‘úÕ Ç¥u*Ýñí:rÖs¨X™‰¤¿Ÿ-¨V%iÏsiãÐ?x1×IÆ6ÖƒþCܘãvYobµ6Ýj~(õFƒ°èÀÄ.šµ\€«tŒlXëÙb…m KŒÙX"ô*ºÂ“wB‹6ÎìF'*l˜·ðØÀª$ú;Z?åŠýFÏêZ´‘@fÃ#zf>ºM~g:Ø4Œþª‰KB>k460f¢œ?aâ²T­t ŒµGr‘â=à|Ô¿ÄAZÆ ýeåDHµmÅx™Q›>wš_Ÿ‚¢rxyÄÑkcÕàÓÇÌÐÇÌÉ]!Ô|ø‹Fà•Í¾•¥Þ¢%‰£G±‘{œB¦–ü ¿xý,G;LÏ( A¡GÅžÖ|ü¸“zÁ¹2:RŠ÷Ä…Q*.‰ E1cäŠ/ ´’&…=?àwBÇQª™xíP6ÜGJJZû[*¨PBßÎ3é'ÅŠ—’8pôA!‰>:éSYšÿˆ9ÅeJçåš ÚPHyÒ99r<È[ø¬ñüª¤S2Þ¹‹vD©²/Ùl‡êO9xŽÖã_[PZùa‹N4臯jaýS$/öZhÚ='0|#èK]kºÃ&Öo.i§Œð%ärGvÎjfC~X`ÂçNÔÔ•îïp8¼ çŠÒ—ôª\êaö¡Û¾À3}ˆL2:ªË‹!'¦¿l1á褤¢Eýð“dœ&œÑØó+Woú—Ã,Ø|ö/rÐ×9;µÊ® )°V½¤H¯ü„÷8á ÊvAdÕèNDÏýϸB7óKø—Uüí_ê ¿g´ &‰žÿÉ‚Ž“À&ÀD„BáUt"¹ÿIß©èÿ‚bàòendstream +xÚ¥ZYsÛF~ׯÐ[¨*‹¹päM±åR‰ã•´»©™XƒM€¢å_¿} Šr”J…¹Ð3Óóõ×= ªóþÔ¹‹‚(ÕéyœÚÀ…Ê盳ðüôýóLɘ¥´úæîìo#}ži¤£ó»‡‘¬$“Dß­~YØÀ !\\¿{}sõÃÕ»»‹Ø..¿¿Xj.~þñÝ—în.ßݾ½º¹åꯡ ¯z{Ou±4±Õ‹×ß^¾¿»ºá~+R/ßüçB)µ¸|÷úê w½y'2Þ^]â\wÿ¾¹º½øí«»~Sã«ÐàŽ>ýò[x¾‚ýw&MÜù*a ÒTŸoά3³Æø–êìöì_½ÀQ/½:«HÚ€ÒN5iÍœ&]DFÒäõì*‰OÍž ëì±ÀR²ènÙd .åë¬þP´\ñÝ^=Õ٦̹íKSþåzŸUÕ©ó´¥Ñ¢[Ë MU5‡²þÀc·» •,š¼Xí©$"eUI©Ù}üÎ-q‹7e›ÝWha©T:§iKýJL˜.öÛUÖá’ +iÉØH À¯»ö-.¤ÒÆðS(7I˜eïê•~ØÅ—‚߈ӱšœÊ(yf`±ã³Ð&H <PgAwë²eá¼e\WVµ²hVɦy,Æ›€!8ÅW-OââñÚq)©Šý,ÿ««¹¥DàÎÊ _ÃPW2CV¯H¿K«Ò I#3Õ3«NFk9R(l²¶+v\fY + W«²;+(™ŽT‹›}=s:„ƒHãhr,.;̃—„ñ ÇJ+¸„hÈš®šlu´`Æÿêxõ¨§Ñ‹Ë¢î¡¹Ô± Â0T^uj +Q$hÐoZÁ±Y°gX @Û†Xsž÷.– +ä-®ë|WlŠºË*á<^rÙÚ.«Û‡b×Îß©`±rMsÇ.J˜…açgJÂÞ¸Õ¢“I¸}J®Ø"Ý5y#ï–-¿™qõ=qá¡!m%üÅb÷ÈÀ©nœNÙÔ•Žƒ>³WsÔPÖ€N:Vç RŸ‹ñ˜‚ ¦¶Ñ4ØJú€fÐBÙSt *µ:Aª€KGÛ‡÷iûÐÓn‹¼DÐÓŠ±£æŽ›·¯¹|#ÉÑâ¶(Žý ༜VduÛ”Ÿ;wιp3rýøåø…Sq*µöË{Þȶi ÏažFÇSõÞv` + ^µ¿/Z…6°¡‰Ï#àªÌ¬7ëG-ÇÃN—z*™”—˜Ã¤Å°ºØRß×hÙX»ÈòŽNœÊ­<ù!üœ•‰’Å7×ïÞpWÊv¿Ý6»N^ãÓÆA ÝôÄEć <¬ $…ºÈ‹¶ÍvOXu‚cîwÐ5Ð1 d˜n“ueƒ[R–e”[dYY!ý`$„%-‡Ôyµ_IÅó4–ý*áõMV‚¡—5â»îŸø9øTä‰;ˆû° †‹ý,ofÕÖŒÖ!™(—xZ«EsïgÆfœŸ¨à€‹o‰$ ÐRÖŒrÄ\ÕbØv$4íÉFdã­c²&nZ•±‹m±Ã`Þ0Žø šöªëIºFTíH’—B’¯¸IÃð!â+1Ú4 ËထIdƒ][‚À©»4ø<´>Â(??ú–»f³\¨À¢Š:/Ú‡¢¹Ô¿ÝŠYÙ(°:ÔÓSm‹Ž '!ÉØÅ:ˆt´IO³³¡•‡öÑOf‚Ä:ímØm8Õƒ §ŠmÛøAÇ +ʵ@Ëb¾ÐšòX ­pt×›mÇ + á¹'kqbØØTW`¡\.;î-¥^|ÞVe^vx@X_qXºÄÆpN„Xlß4bü/Ù²Èî›}ÇE–Ç0¶yÅ=mQp±€c‹6ß•ÛA981PׇIêOfW|Úm·$¤œ‘ss©?¢¼ÊHQ/Ïââ"7]²KŸ®”óhm;à 9fc"p>€ˆÈ¦>6²Y‰náLºáÖöb¸s[t‚%`‰ý–ŸƒÐÁÕ7?–Å ¹š—ÚÚò¾„9û[Ž½`/3=艅v›åÒF°Óèÿ²jŒ°Œg* *ŠÏÝ…Zô=±D˜mSqdD¯Êsß2'Î Œß‚­phÐJ¸kÌ¿èÙz£‘¦"¸8­å\¼bað¼b­ ’X'ýiwû­õwƒû£¹†Šq°Š.¡‡;²¶©[Y^ÍlA²ºüâmZ;ZñÀCVwÓ13A*>ËN„ÊòQM*H€ž&úêÖ¥Ä͠♽ZGÅDñ±YäÍfC ŠÇëç>v6ÐÑz”a+-(¦¨«œ\ÀAOà»6Ü(«ˆ„ɱ8ìj¸¾.W²„_a{DXæ~‘kŽ8zØ4›9¸àû€¼‘,Ãå§*Á +Z®4Ëš‹Œo(\Óôí2ŠÝøı·”7Ûf#-«âžÃˆX<†'DKÝšâœLžuÓñhÖÌX*x‰°Üž8˜sà׃¡ENL +Óx +ª"ûØr‘ȘñÂ'.ÁÁÈ ôëeÆ•B™a × 0Uä„ÔLj8âs¶ÙV…ä¡ M…7­L×fOÏ8¯,ÿ’å°«9Y +]öBM±úäµÜ +§àž'.ÕE!£9 BņõÅMÌ‘°;¾¬ý0pv½˜hjÐÇVƒÇVࣧ¨§#CãÁ 7\õÔ3L qÓ@¡Xb¶¨åaÝ:Áñ@ó}±.ëÕ¬Š1!Ñ1ÇŽX +æ隆HT©J×Bê±&,Q£¿[‰y¼ Äè$Ô=ìWM¾GçÇÎÎã“–ƒ•Œ¼70žqÁ#ã|Ö +ÈT1ƒtä0§hâ –î —®ñcøEã’‘è)†ñ´ïZf+”Øõ°œJáµ?N‚(ç,¿<‹“ .I‹¥É"¤“í̾Éi}=7Ï÷E÷…}€ÊŒâ½˜#Ρ¿”2/@.K|8r§ÊÀ!Ä©Ob]ñÚ Æ`J'˜ñ©‘ œÒs.œÉô™À¨ØGr²ã gv?ç‚Ø7ÈS¼äuæ÷æ½1Vòf7¦iÔ–œKM½Iñ›¿ãIzÁ$.µÑt£{åÊ¡ìÖ\šÚ ¶x¬b-Z¼ŸæTbfÞë÷’tŠ7D,ò +üô^k«bƒQ[¶+¿øÉäÚ¡Ø7?üÌ÷´†h„‘Û·E>íèdã¯<Þ³î¸þÿŒal÷p!ðH™ ë¯ºà2ø,ºTÅÖÃC( +'S•ŒN&¡i:Š ÂÑkJÄ€CyÕãž)CÁá°{ ÎmEäIÜë_ÇÑ}>Z‰Z`~ÕÓìÈD1ÜÎ2y,³C%LÁ>,ŒR"Íi;lF¿û¬;”¼F Xö…Q q’GüiŸb(0Ïù%}o^ì0Ñ0ÇÏ~†¥\ýÝ ˜`&3…G3êWÕ {tþâ½®Ù}pd¾¢p-”ÃÃO9ê´*Ûµÿ`QR¤ÝðfÐ:¼ Wsh¦À>Ëlå݃…ùFB÷+hAüø·(aL_SRŽÎ'†¯*÷ÒÕÈNÜdŸ.f=%ᘯR"ò\‰WŽ©+%—O™l¤¤!-.´”¯ú(Š²ÞwúÏ^âw)ÛÍ=÷Y+ìhB”áÂïcë2_ËÃ4æ(IF~"–šÁ :XtYõqJH÷ q6²(©¢©ô¢¦lWÖG`†…›¥›ØÔúOÆ%þ8¡ù^çMÛ‡}ÏÅVÂ#éœ\9ä[ø,x~UÒ“)w.Ñ®ƒ(Uö%ÌFq¨þ‘ƒåèþG$«bZùQ‹N4è‡Sµ°ƒþS$oÎZÆ´{`8#è7K]kJŒaë7—°SÞò%ÖåŽpÎjf ?,0ás7jpêJ÷Œw8^Ð@ŠsEéKzU.õ4ûÐm_™À9D&]Õå‹!¦O¶˜ptSÒFѦ~øI"NÎhìù+‡‚þËal>û/rØ×9;Eå é +¬U/éÂ+?á=Nø‚²]Y5ʉ¨à¹_âàÏçf~iÿ²‹¿ý+½á·ŒbÁ$Ñó?YÐqØ„È¢pñ*:Y¹ÿ9ßéÒÿyÞþendstream endobj 739 0 obj << /Type /Page @@ -1668,7 +1672,7 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 749 0 obj << -/Length 2227 +/Length 2237 /Filter /FlateDecode >> stream @@ -1677,9 +1681,9 @@ x ó6Jgoåý°‘ëJmD‘à†ƒµ1í\Éìð£1>hÄjµÝÖi4êË3>Ñ‚=ŽFoÕlrª7Xþu§Ld•m F™Ð«¡·:Ëúý®(?šÆ²9ä÷Á“#G·Í©.êïr*›#Ø œlV¯h(ƒ:ÖZ³Ô¤µ†Z|bZ+h5×S@´¨ä2;Š¸ëf -ëJ6½aeœÂ›¡{í&µ`?CªD‡çÙtÓÔ—'\À‡“MÛÔϾù''"UC!v¥9h¬˜´(ŽÅ~h_”ð&ô–Kíè¡+OXz÷¨»IYÊæ#RÚÔxª +®–e_=Jå›Ô5ƒ'Lwõ‡ßì_,° ['LÑY…ìÛI“‘N³qÞ÷?K2ÂãÌNµW¸%™üº)}S’?ì0j÷ÝqŸÙ¥Ï¸Ááx´s`qg·è¾ýòÐé"I``fâøQÉ!ÒG;*ç -¾ã¤ÿ@Y6•¨í<³£"¢=™“¡à8ÉüfF4FjGM:ê”Ú»ôðFxBàtÆOF"Â3‘=Œ@mñ$‹ÿäiŒKÝÓ9;ÐBó=<‡êHô,Õéð“êÄo*Ö@Wìÿ3‚ÄmhÓÃlJX–Š„’By’¥-ýE ÓUs$,@¤'éP ¤¥:ÈcR@NÅúéŠ}y ÷:õµö©ìú*ÎSBcq¢c¹T‡}5PôÕQ©;_í‰õúj$öêS¹,šÏÁ±_úºÿåÍk{sÑ+Ùª®bî@š¦ãÓÍÛÝT|Ðë‡æ´m%qªî^8‡êHd,ÕéÈ“êDf*ÖWìßoC‰cèÆäËñ:TG"h©NGð˜T'‚S±þºbO×D<ò¢(&‰.{QÓ?½—üÅ(ÎBsšç“b7ç>°(‹ñŠžúþž»ûxêS˜àqŒÏìeb¦.üz] n ê?›®Gh!»r]ÝéY]‰ºkŸ¤ø nÚ^ZVEo!«”}êóÉX£Ðw±1è¨CZ>jÄÅäðá|7½¥“í±rrºBäs»1Œ~DŸ3¤½ì뤜¦tÌ1@²ðXïøqý0Cà“Ü}è.ØOî}¾ÊïÕÈZÅ ÛÓ&…¾“•Ù«/KtB[ü\ý›óßõhcšÊǾ=pÛC\)EnEYã-žÝï:|ýÝÜñe _Jà?=â ƒÌRæ"ÿ¸°icoùFìí¾9foî -ÂjÕ…m¸”ky€níJ‘<Ü‹ÊÑ™âKâh¼Y WU¾+C¥ÜÆpç爱QiîÚoîå½µk¤Š×!8]øÈÿðjZÔu» ûuÑt÷*%‡7PV;êØ1 3ýIÁ>ê·‘¦µn’ú7;q)Þ¸²‡ »˜¤„£O}Ö²ë×UÙã›ÃPÝ -wÝaÙkYnÖ®Ò#ò•¼L”·câqñ‰ 'Y9–["Øé”ÄWxfr6¥W»TãÑH=BÊØi^J†;¾œ~^ÖøÓ¼²Œ_=žï+tq¤€ÜÒ2L¸]´6 a“°4)ôµ’®ŠLMBŒ82÷·»ŒÜñìGu8¤ghxæ¾*ùKiz0ñ¼5çÉ»“ Œ¬ê—bÏŽA‡ˆþÏ?H;#eF¸‘ïá4%"‚ÁÆ(¥ŒÜ'‡_®÷Uÿ/“Õendstream +¾ã¤ÿ@Y6•¨í<³£"¢=™“¡à8ÉüfF4FjGM:ê”Ú»ôðFxBàtÆOF"Â3‘=Œ@mñ$‹ÿäiŒKÝÓ9;ÐBó=<‡êHô,Õéð“êÄo*Ö@Wìÿ3‚ÄmhÓÃlJX–Š„’By’¥-ýE ÓUs$,@¤'éP ¤¥:ÈcR@NÅúéŠ}y ÷:õµö©ìú*ÎSBcq¢c¹T‡}5PôÕQ©;_í‰õúj$öêS¹,šÏÁ±7'½»ÖBã}àòæµ=Ž¹è•lU17 MÓñ9çín>>èÿCÛ‹6•8U·0‘Cu$F–êtŒŽIub4ë‘+öï·µÄ1ôå òåxª#´T§#xLªÁ©X]±§« " +yQ“ˆÀl—½(ŠéŸÞUþbg!‰9ÍóI±› X”ÅxÙO}“ÏÝM¼ Ç u–)ÌÑ ð8ÐgöZ1SW½®·õŸM×#´]¹®îôÔ®DݵORþ‚7m/-«¢·UÊ>õIe¬Qè»âtÔ!-5âbr q>›ÞÒNÌö€99g!ò¹ÝF¿ ¢OÒ^ûuRNS:f‚ˆ˜ Yx¬wü¸~˜!ðÎIî>tì'÷>_åˆ÷ê4d­â„íi“BßÉÇÊìÕ—%:¥Á”—RÀf  $IÄd»¹íZ“³ûØñ.c:¥xè,Ê/ûìfØáëïæ*0µRÿéy_d®‚0ùÇ…Í){8bo7Õ1{s¥V«.|hÃ¥\ËìpçhWŠ|àáÞgŽŽÒ„_†@ãµÉ¹ªj¹ðݼ*}.7&€#8?GĈª×n|sïø­]#U¼ÁÑÃGþ‡WÓ¢®Ûmد‹¦»W)á8¼šÛyVÅŽi^ +öñP?¡4­u“Ô?¥x܉KñÅ•=dØÅ$%…xêè³–]¿®Ê߆êò¸ëË^Ër³ît ‘¯äeâ ¼‹O$X8ÉÊi´ÜÁ6¨$¾Â£•³c½Ú¥DêRÆFHóR2¬Øñöój´ÆŸæ•eüêñ|_¡‹#ä–ÆaÂ袵i;ˆm< I¡oŸtUdj,b,À‰¹æÝeäŽg?ªÃ!=CÃ3÷UÉ_JÓƒ‰ç­9OÞažU?({¶:DôþÝÚ™73Â…ˆü§)ì9F)eäþ¬9üÀ½¯ú9Èúendstream endobj 748 0 obj << /Type /Page @@ -1728,19 +1732,21 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 758 0 obj << -/Length 2227 +/Length 2220 /Filter /FlateDecode >> stream -xÚ¥X[wÛ6~÷¯Ð#u1Á ˜ž>¨¶“¸mÒl¬Ý—¦IILxQx±«ýõ;ƒR¤L7Û]ës0ƒ™o. X8ð åÛŽŒ¼Ey¶ïWÎbïÞ^ –YõB«±ÔO›«WowÙQà‹Ín´–²¥Äb“ün]¿[ÜÜ~Z®\ß±<{¹òÇZßük)„°Ö®ooèÕ͇{"ÞÜ®—¡gmþùé9ÂpžÏ37÷wo—l~¾ºÝ úÏ ‰Ê}»úýg‘ÀQ~¾rl)ñÇQä.Š+Ï—¶ïIÙsò«û« ŽÞš©s6ñ¥²}å†3FñäœQddû¾£Ü•tÖöâa^½ñÃÑ7´#ßS°ÊÖiSåv\•;’,(Ûõ<Á²Ÿß©jZ;ýÖe:O˸‚xÕh_CluÓf=÷P5(ë48áõŒb«(s©h±’.œÊóͦMªëø°\ŽcÙ¶ó@•p -ß5"¥.Ò&­ÒšÄDèÚ"°á¿û÷ÄåT\|GÜc‹¹ áÙÒ´Â)`¶c#ifƒó–+á8gl]˜䥰•_£üæ5`¯ °ú§¦Gs¨êIßÚwY’·­ømÚ¶Y¹§Aw¤çf à®uÙè˜ÝLТÔmW/…²RÞÝbÔ{˜à¼4á].iÒ¸«³öÄš2÷§»76‘wíœå“´‰ël‹ÛJá[ñA—û~€'1Oy[•ŸÇÝwµ¦‘‰œœ4Ï|Lóü‚sÐíÌšM¢ÅD$ÄÝ!¾‘H²òw)½.y½]z¶ÝË9´deœw ¹b -G3©ŠÓ¦á`ÙÑ3¦Õt{ž3±60¾¦'ž¤Ë„ˆ®y^¼ÉöSï1kD‘“Xs×±H0Fs|"¡ºf…®³üDæ;{¸RŒ ßØÊpt m†p"vÎ,Š®ÌbãJÀˆT~õ0`£]a‰WeÊ‹áÑб_K¹VYµÙîdÒûË9ˆ‘…”Ãþ˜6ÙCJ¬o]ZŸˆ„n4Tña}2Y0­zÛC_qNƒg™>š³‰rp -–5~TNo> =ºß7ÏŠ¬¥…±&†‚ÆhÅ¡™gÝÄö—Ò*²ý¡%r›2 r,Q]“hrÉ ’Y³Ä1ÑmŠ¾pÏJN¶ÕÓLcŸës/fê­9ƒè˳-¸@¿MË´Fcš5îºN9Ûþ2$à]ßÿÜê˜êGÕÓ”þ¢°™/õ.ô®‘G¥bNJbFŸKŽS. Xr$ƒø{VÅL½„'†>Š].³MÛÇ4-ÙöÁ¸t¡?‘ŽË–žLÌhë‚ýè‰'+a¨ÑBîÜBÂöCÕ¯d:mi­KRS×Û Ò<æB©#»®éùcX?-_\èá] à³ëzæ8+£‹cLpÂáè¦bJí€TÑ™¬‰ kzQ¶›A¨¯®Ûª¯¤¸Çc?{…É€±eë®­ -(ƒ1- Ãâý]ÀÐBÌÆy^=RºCl˜wvCHíÏx)qƒ¬pÁìD`ó'fžÚ”;@}÷~}½zãÓ;2®Ôгïæ’ÖÛêÁ”“0²~­ ëªçÒ#÷2¡:wc8´¶£:ïsŠ‡7¦ï¥6B=7;ÕMÖ‹P¢¸þë5‚’ñ¡jY¸5Í!QÌ*ôŸYÑÃDÀåfo| 4u*‘å —ÎÚæ¬F.)5sÔœŒÀ€ÒÃåH·}Of<5‚]’AKÒöYçܳ‘pr5é&“.晚ä]\1kÏpÇf‰qê« x™Î‚®*IÙ@îYÁ @ÝuVšž‡BÇ«"ñ™»å›îf,þî·û OEá3À÷4ÆQœ@{G‚®Q@ðàiE‰$”„¡¢ü2Và…ðÃþÙÐà<Ì×KWi(€âœ¦<)6Š³ÝÃMe›³šÐã4½‚½Ê¤áK¬¢Ã8îâ í‹Èb»˜UàñݺŒ«¤GAÓÖC«?Ž{bz›«­>˜"”}é‡âõz.+K;ÂÏÎ9ù>Òµeú'äçx@厠W\$ÊþbvqKégéf‚Óq±2ã¡æÍ~ah %£)^ÍÁ Ú~Õ¯nýë/o£ß^TøòÍÑî—dýãÿ-ò.ÌüŒ]}h”ì-ö7öž´ñëÀwMýÔ^çBô¬Åæ*ÐJD¾z¾œ«D.W¢÷ºìtþ¿–!Nu’Á¤sÁ÷&"ŸG1ÀÓô€‹]b0d¦ÁŬŒyQÓD,Öo’?6€GŒMmë{¾ø„ÖúþúîŽ6>mxã¡`ÀàAçY2—³Ïq(Õt>–IÝ4]A0‘}ù€WC¡\(úsBeéò6;擳)‹×§8A~IæQ¬˜aÆ`]Œ;s)•jzD -j¶PSMTRc×Ìœrâ¨9 9wJCçyq!¥0\çM…j„‚>U…Öײz,‰ -hÚ³ <륲:æµÊ+Ýþ0wíQ®-ƒ¨ï4‹‚ 1ƒUR/‚ÔtëAØ+@ÌrͼɕȨPÑsÔ7á0è‘H™\z¶‚"qñK·Ú~î²ômüð;óÅ×î(ÿ÷÷åóu/´¥Rîü§cé¶r£°W -•Ñ¥æÇ觪ÿ¿ü+#endstream +xÚ¥X[—Û6~Ÿ_áGù$VDQ*=}pg&É´MšÍx÷¥é-ɶ]]fêýõ ,y4Ív7sNB .´X8ð'Ê·y‹0òlßþ".®œÅ¾½½,³ê…Vc©Ÿ6W¯Þî"²£À ›Ýh/e;J‰Å&ùݺ~·þ¸¹ý´\¹¾cyör厵¾ù×Ra­?\ßÞЧ›÷D¼¹]/CÏÚüóÓ-r„á:ŸWnîïÞ.ÿØü|u»ôßA8•ûvõûÎ"«ü|åØ2Rþâ&Ž-¢È]Wž/mß“²çäW÷Wÿ6}5KçlâKeûÊ gŒâÉ9£ÈÈö}72F¹+é®í!Å˼z㇣%nhG¾§à”­Ó¦Êì¸*w$;Ù>P¶ëy‚e?;¾SÕ´wú­Ëtž–-pñªÑ¹†Øê¦Ízî¡jPÖipÁëÅVQæRÑb%]¸•ç›C›T×ña¹ +Dzm×:+!à¾kDJ]¤MZ?¤5‰‰ÐµE`Ãÿîß—Sqñq-æ.„gKÐ +·€Õ~Ž¤Y Î[®„㜱uab—ÂV|ò›CÖ€½‚ÀêGMCs¨êIßÚwY’·­økÚ¶Y¹§Iw¤q³p׺ltÌn&hQ궫—BY)n1ê ‹½ Lp^šð)—›4iÜÕY{bM™ûÓ݇›È»vÎòIÚÄu¶Åc¥ð­ø Ë}?Á›˜Ác¾VågÇq÷]­é`d"'gÍ+Ó<¿àt;s„¦KÓ„h@1 qwˆo$’l‡ü]JŸKÞo—žm÷r-Yç]B®‡ÂÑ,ªâ´i8Xv4Æ´›nÏk&ÖÆ×ôÄ‹t™Ñ5Ï‹7Ù~êaà=fí(rkî:¶ ÆhŽ@$ôA׬Ðu–ŸhÚtÇ#`w +‚±á[Ž¤ ÃÀðNÄÀ™EÑ•Yl\ ‘Êï¡l4£+lñïªLy3¼º2öK`)×*«6ÛLz91²rØ¿Ó&{H‰õ­Kë‘Ò`€*ž#¬O& ¦uC_{è+Îi0–飹 (·`YãGåôæJÑpÐý¹yVd-m(Œ5Á0Ì0G+ÎàÍ<ë&¶¿”V‘í-‘Û”Yc‰êšt×åD“£€HN̲˜%Ž‰nSô…ãYkâ‘çO4Ü:ÞBÏìÄÃ%‡ªË“A^ÔÏ\B¼¥¸@M£GyO?² ‚ ò¬m×’ÜÝÇÕà+¿?ÈÐOv0Xƒ%YÙt&´1•ÄD6b@@K`B—Ö§c[ík}<˜þÅÎ3ä@€9Åñ­í‰FòR¨ Z}§kb(Ò:« ÐQÐ7êôåå\-DGy®äŠ w1†™©+t* +Xµ‚KÉÔSÕ2MºÍ7ƒ¢)·]}9Š!4=!‹`@Îì¤34«Ów·ÁÂ[- d#Û…Îjjù<+9ÙVGL3}®Ï½˜©·æ¢/϶àý6-Óiö¸?è:ålûË€w}ÿs«cN¨uVOSú;ˆÂf¾Ô»Ð»F•zˆ9)=ˆ}.A8O¹$`É‘ àïY=3õF }»Üf›¶iZ²íƒqèB"—-‹}™˜ÑÖû;Ñ/NvÂþ6P£Ü¹„퇪ßÉtÚÒZ—¤¦®·¤yÌ98…RGv]ÓûÇ°Z¾&¸Ð+:»@Àg×õÌuVFç˜à„ÃÑMÅ”:©¢3YÖô¢l7ƒP_]·U_IñŒÆ&~ö +“cÊÖ][PcÚ„A‡Åû»€¡; 0Ï«Gî÷¢!6Ìä1Ãn©ýÏ0Ó4W­Àâ4Á¾ODoOmÚ7‘õîýúzõþƧÙ 7ihì9>So«SI‚Ðúµ‚†«žËŒÜÆ„ê܈á€ÚŽJ¼ÏÙ¾˜–—:õÜêT7Y/B½‡âүԪŇªeáÖô…D1«ÐfEW gïš½q3ÐÔ¤D–/\V8k›°¹¤ÔÌUs2cIï"Ýöí˜qÒqIÝHÛ'œs»F>ÀÅÕ¤‘Lº˜WjÎŽec‹ÄèôÕ¨L?A”¤l ã¬`à…^8+Mã¡ÐñªH|ænùýã*f°ø»ßî7¼`{ÏÀyÜÉD}HaL zPD}ÁmÿÓ:I(Cùe¬À á‡/ügC[ó0_%< ¡ì‰srò¤@Ä(º"ô ·’mÎjBgÓô +ö*“†/±v:Œàhx/7¶/"w +ì]VÇ/ê2®’M[ þ8ÚaŠIm®¢ú`ŠPöJÖë¹\,íÄp†|ɯ£=Ó?!+Ç w„ºâ"=öϱ‹·I¿J7ˆŽK”™•nö熶P2šâÕ\Ì íWýêÖ¿þò6úíEÕˆ/ßí~IÖ?þøß"ïÂÌÏØÕ‡fAÉÞbãLáIø®©ŸÚë\~žµØ\ÝY‰È·CÏ—sõÇåúó^—Îÿ×â#éN2˜ô+øÝDò³âh"xšxÎ%Cf<Çʘ75­p1·bðÆñ ù'㈱©Y}ÏÏÐZß_ßÝñÆƧ <Ô +˜<è> endobj 777 0 obj << -/Length 3193 +/Length 3192 /Filter /FlateDecode >> stream -xÚ¥ZÝ“Û¶¿¿BoÕÍX üw:s¶Ï‰Ó‰“ÚJ;$”„;±¡H… î|ýë»_à×Ñvf:z°‹Åb÷· Â•‚_¸ÊL ¢<^¥yšÕþt¥V÷Ð÷íU(c6~Ðf<êÕöê›·‰^åAžèdµ½ñÊ•eáj{øeýú»›Ÿ¶·®7Ú¨u\oL¢Ö7oþy†áúæýëÛ7ÜõæýG®¼½½¹Nãõöç·HQ9Œ‹ƒDfnÿ~ûïë߶ß_Ýn{ùÆ{U„ÂýqõËoju€­|¥‚(ÏÌê*ó\¯NW±‰G‘§TW¯þÑ3õÒÔ%˜( L¦Ó¥Äz†AnŒžhÅäA鈴3‚äz*¥Ö·mÛ´7S£‘>Õj£“@ç&¡9Û£½ÞDQ¼>·×a¶nöÖ¹²¾gZs‡¥Yo?¾û–)®¼¯íë'ZÜ[Ç­}Qs…øXw©:n—53qöÁ¶EÅDÛòr­£#ÐëwwÜQÈàçë7YÎÙZøw O)p³¸½^M°½º©7,½Î’uñX°tÜt¶‘Ð.^!GDûã‡n?|àÆcYU\ÛÉ4fÑ]ZP&‚ÊöÒÛ§ÜgLê¦ãÊ¥>ØÖuE}˜Ícöû†ÊC°´«íÕ £líË‚‹±î±ˆå©tû¦þU)}®ï/mÑ•M²Ça/; c ÒË¥ëÓÅ ·ôÚOçªÜ—]õÄma |iùƒ0k<¯ú0Rλø”';ä ÞŸ9^^âeÁ…;Û}‰ î¥Ýã ¬,ÈLœ+²,M«c!¶¬Ó±5`‡ß3Öå lù@æíg§#[ÔÙ`¤Pß=ɸšËKý{Ý<Ö<ëwûDž 4Å¢f¤Ëq›Ú K6bh=£%-±<–Ý?–PñWUÁ)u y¾Dápḹo–‡9Û ‹†ËW7oТ¼Søn†|7U¿D8Ñ 4{ B}¦ÁHñìp|›ÃÑŠ%+ÀÝ¥_Cá5)P^•® qVr§ôPTå¡è,êY+QŠz¦gå/$öí„Ò뙨"˜J&²m 4 ô±f¡S4 ¨Ù…C#=Çõ nŠã„”÷jcÇfP1Ôg*f*††ì$6Ü *OÒÕ\:W|ãŽKÞ/¯ªæ‘6 “Ú¢¾'µ&9XØ×TÉ:2ÞëEâ:Gn{Q0ì·czÏ0V1ÒG*Æ&«‡‘ñ"‰ )uûî‡ÛÜÍÎ52~¿y$­\¬[tÁ‹ÃÀ ’4™^;\+‹Ä‘"¾[Ïu -‹8z'wÙcŒ½»Tä>JîÌ‚³ßÄ`8ïjî(ê'žKnœ×ø:ë(ú„Ãòrðq#iDYÀ¥tKÇÆ*yÙ÷?nÑ—Þü¼ý.üÐ#À ´ˆ8‚VjtxÈáQM˜ŽHZ‰xühÔ–è<ˆLœÃhDaMÐ:‚}íE]ºSïÈ€^\ºæ±l_°2¡ïÞÖÃBÂdw,†àdg÷ƹg»Gkkîì¦×!@‰Tˆ@©Ç(ÙЈzhƒêÝøL´ü+Ì9ÁI8¬à©åx¨Ï•eâ@©05|FW ÎPe± 3ŽqlQpñ‚HÁ(DÒ.”¢+Ò -Ôò„Âñ5Ek4éúÕ»÷ox@.ÓOçÊž9ßÔ•0nj;Þ`|ÄÎy:s€bÅ0ŽT‚n%ÔÞÑh/ïP·t%6ßÙª:Ñò;À!öĽ%³õ«†\ íÚy±†:×ÿ¸”½j™U<ÈÚ–EÀr"s1mŒn~UFUwl.÷äèÐs–€¿7–¦x8Ç(1Z’{ ­< ;‹ß!LŒÓs×á`@š0àµe>3½(Lƒ8Ò/ÛX7¤%™ % 4,æ닳Ï@†’ ¥M Â'äµ£!Hè|m!H…úŽ®x5[,–@@e«~ç5Ø7Äú3×NÇ&H•¿ºwpÏfâ£rö0ùÌÃd3“ûk -5 ¸!T%Û¥ƒd)Þ$5x…’e±Ç–Hjš ûƒdRÅIüÕí%aæÏŸ¥DÔ]9‰ ;Áã"ï(fle;é(‚à¹W„ˆ+š€Z)å±±bÈesqäT€Ö{)F÷›PGA’À½”?ä± çªm Óýš;M•‰—L:2ì-©¬Ë®do‰Mü ÃZhî«’3R#ŽÊ¬ùáD«œ_s‡2?…ë¢ÔŸ’ßÇŒ?.¶•µðN@rW]dE !¤à›h²À$É,LgÙþ¹Å­¢cNÑå9¼YÜ"ø -eÁÉ”ëõf TÃt’”mLÊCÃÐCõ/[ÈôBrü;îEó T¶qœ0`%ƒÉÒЮ ×o‰L²èÏ^ƒê¢Îg^Ze+¨1@CÊ\oØ Ñ -ÁƒÎ“õÍ]G^LaòGŽCe}C·ôä ÏE ˜¦<bq((ì³µ„ –5 ¡åò=ô Ñ'¡É¹ÜÐöTúÝÂÉ}Åv__b #í§b/Pcêø‰û,Ûy€eæ3…¹UgyeæO`ã!N8ò¯£4pᇪÑf²iàKk®f1ÇõçâÅ:ñb|M¼ÌdÑH¼ˆÝ“Ï!¸hX32A²·‚ƒ0 ãÂÆC0||@ÔEX -ÛäVf“¿"Yé!¥žªalj_Fû± ýTÐþ8æ.?32êg÷, 24"ÁÚiaí@u—ó¹iÉÜ¡óÍûo_sÏdêí u`‰%™Yh¦Ï¢pÒç‹È¼¡£”IÞ¾f‚6‘aßk AŸÎ£pñím*Oé„CǵóeW•ûoÀ <°÷š{.,PBÖ6Ü‘KcŠç`â) ›½DŸ<$§Æw­bBéײ-Þ~:oð¿ä÷|.ˆWœsY°Çš|†v7À®¡´/},.ÊÊö(£ÜÃ9t>Ê7­Guéi»¢ -Míc¿íâJ rÎÞíØdä¢Gü, ž~f “ç„Ñ+1v0ŽŽÇO$ôT‹»›æü±Ï_€Æx:eäÂînòŒ‹ô£…䱤­E"8·líß ûÓÀe1Ǹør¦§þ%–p‰ŒJk9]gOçY_5lZ4 >|ãÏÆ?-¿ö-œÂLé((/žë—'À×%¤…›ÉÃíöõO2‡mØ'1¦ÒÍ6"Àßp·^V9+ÚlSyÀYžÏÞÐ,,.jùwzH)B,ïÑsœbíÒ-¥NQè,ô8­†ÍžŸ»E.ÊôyƢǷ°œ¿³dâyÅ;~Õç¾nŸÎ]·ô|,÷ŒCF®‡½'Ðès#ßÊòd+˜à¸<7Ε»Êr«Ìvd×Ĉ$÷/yy20ûh÷—¶ìž¸…jfÁ”ô—'°ã>õà nvåÒ÷+xH½}ô]ÀúÚdSoGïˆvâ(¼„³x±ù7MÙm¦äñy­0­j$ZûÔ௠â¤A÷‚o_Ý,qjì‘Ìß¾Æb@’åò‰E„pÏGr¬Û·åÎJŸ`„d-ˆ ð#S#NÄ‘B/¼é]‰ù(9“0PIœMݾ¸E×ð®æçÁÆ„é?Å"™?,árfBÁÍ~y³½îZlx¼÷ã |cé¿ÐæÖÙ³ÁìLåg $î„ß]ÃÏÛˆ*SÿÈ…òEß .Æsí¿ 4UJîÈM?Q$S¡9kƱeí–2e§eû½ðé” ~{ƒ$‡Y%=«S3P¿(ûï°OÌÐh§™œZŠÏûK;íß•‡‡~¸¬éØ…ÅŽsŸmŽ  ÞÌä±GÇÍY\IbTpR“pX‡_¹V•ôx”ð‡g^´ o¡WXcÖï -_‰ñÞ<ñQ9,‹ˆ|X½¡ñ -ý$D·×Q¾nvÆ9[ß3­9à7]o?¾û)ÎÞ×fÏíL-ïãÞ®¬y2ñ1îRu<`kYjL[VÜ1-o×:¸‚¸È×ïCœ¬ËÇ’eä®3-†Öñ 1ú›Ÿ?ütûáw>…:<4í©ì¸ßË“mUqëN8ó.Ý¥…£oÐíNF»ãT€“º‘­.õÞ´®+ëý°ná|¼Ù®¡ï´ªÂn—ôëµÿ–cÑä’€L7 ß“u»¦þ†ñý¥-;ÛÔ(¸ +Áµ\‡…'¬îdÔ|>Wvg»ê‰û_Ú{/ÌÏ«Þ$Ô|_“sòÓï-^õ`Ð!Nð-ùãÎfgqÃôûkz¶yë$#¶h*Îq5~ØZTœ­ü™±-*7öA¿zd±´BÆöÝ“Ì«ù{©ÿ¨›ÇšWýažÈÆU’³š‘.wunj',ÙJˆ¡ñŒd›Ëx´Ýf©HXBCŽ÷j>w y’è½Ysw×ì Os¦ _Þ¼F§‰òL! ·ä~‹h¢Aèö„öLƒ*äÕÑHƒÐP~É"ÊîÒï¦pP|¨*ÌÖû†8’ÊÊîËΠžãP”>Ó3,=ÃØPz=U£ …‰H#͆ÙD³0(š 3ÒìÂ¥‘žzŽwHÅIJJJ´ß Zc'ÃÃÄöLÅÃêAÅБ“$šGá@ö$CÍ¥svï;þòyqzU5tHXÔ–õ=©5-¾î¦¼’c¥½ËS){ ôO\yÁp”ÝŽòÇFÒ b¤TŒ]V1N#ãE¹EJݾûéö³gUÞ±)x$­\(ÂÍ]°Ãrÿp‚$M¯î•+1E¤0{hÌtž0ûNî²ÃH|¸Tä>JîÌ oOÀpÞÕl“#…oèüt¢Õ{ +N£µÃ ™‹ŸÁs ÿ$¿^L+{ᛀ°ºÈŽ@BØÁ/QçNÓY˜*Ïrüs‹GEÇœ¡Ësœ0+IÜ'îø!™Šx½ƒYª ‰ÛFG?Èѵ{Ln`F•¬íGÑ<è *CLâ„£,™,hkMÝ•èùX¼E$2©-|ñDÐu>óÒa.ÐÀƒ8¤Ìõ†£­¸N’®oy±DrÐòAì×Fî8ˆÁÂsÙ¦±ç’B,Nå…c¦–pT[sqòýzè“ÐäƒÜ^h{²>D÷°`ò^±ß¿×ï1ÕRÃLó¹Ü Ô˜:~â~Ëvpy¨[~”yä¹þ GûIˆŽüëh \¤ä5&Ÿn±ô¸á,æø þ\¼$"|ß/×¹‰÷ñ}ú%äïÍ[z@&HöV°d\8Àx¦/ˆú£È‚­°ÝC®ñ`d5ù ’U‘2„±Ž§j›Ú×Ñ~"h?´?Ž¹ËKFýìžDFš@$X;m,°¨îr>7m'eÂ×ï?~¼}Å#“}h´ƒ„Õ%Z2³HOK ¢t2æ J\—L¥°©×Þ¼bB¬•f¿k ÁX\¨(XÊ©¦ò(HÑ :n/w•Ý}Nà½'ÐäÚ )ÂÀwœf1Ňs0ñ ÐÍN¢O‘Sã·V1Áú½L‹¯Ÿîü/ù=Ÿ/bÕ§Å|ì±&_„¡Ý °[(í÷>Û[™eô€ÀÀ{¸‡ÎGù¦õH ¶žvWö@¡©}ì7ýFܨAÎYmMFºâÚ"xú™%LJɨª¨¤nª’q…j¹±»i] ñù‹’"(P†¬]Ø&¥†D¤m$A’¶‰àÞòµ¯- ÷§Ëb²Žqñû™žúj-á<•Ö§ì]gNçY–_5lZ4¡–ønzO¾œ¶p-\\¸‘Ù tpì„‘õA껀µ-¤ˆ›I¡wûêYÃölÊ“–u³C‰3ðˆoVóÝzYåÞèàMåÁ§=Ÿ½Ñ ¸XÜ´Š9õðR„X>ã¬t=¾F©,ˆóÈc¶Cz~î"!ЄºÏ9½/¸ð"PÀr^sÉÅ ‹§ü¦ÿ}Õ>»^ìùhwŒIFnˆ=)Ðè + -¿Àéb0Áñ÷Ü8gï*ýðÛ‘Ý£“ÂWþŠt`öÑì.­íž¸‡jfÁ ôW¤pâ> ánîìÒ¯bZȼ}$]iÀý±Î§žêŽNB‰fž€¯ÂGΗ›ÉO^ðåÈ¥ëÔ'S½„'ð›â™@Õ{\ùÙ&Cˆë£töÆíZ{gdŒÕ âå0³ç˹s–ù:ÊÌSôáqf˜æ»Å—û®æÌ_`,Áï+«Hæß €p93¡ä®ßˆçìFÅzM› µøñH9®é 'pcÖ—ô©´Îœ…ôVyd*Wx'ü W«f¾…ŠE7 +Àsí ýý¯˜X»Goᦿ8¤S¡9ÁŹ¶ö­,!_9~/|6å‚?¥A>¬ҞթOT^Úþç +8'&StÒ\n-ÃjýÒIû2ñP·‡·”=LÄIáS™Íqá ³ÑEâlskL5ÆÎ?RŽÀðÁÂ6·*Kuž4a—ÓË"9¤T0Õzý¾¡è’jïlS@ÓÁ²ˆÈ÷ÍY¹‹wè!81 _ne¸ê½\6O”~ž÷ ?¶ÉUÆ£_è›öNŒº—-w]Cé3Œ7ílÁ³9ù^âÿ[áò…ĹtRè¯Þˆâ('7B?.ŠƒÀ]ÄnÇÂy«F¡$rú†A–fÙÒ¯‹³ÐÄÁçj0e[Ù.ö·2ŽÖ»æt'Ʊ`u{Tžƒ—ÖÝ⨖þw*þÃÅÂZ„ý?Süßÿ×1ü#K’*Ïãá_6¦y^äq‘y¡Pwq4—¼ÿç¢ÿÝÕ;endstream endobj 776 0 obj << /Type /Page @@ -1879,7 +1886,7 @@ endobj /D [776 0 R /XYZ 85.0394 751.9762 null] >> endobj 190 0 obj << -/D [776 0 R /XYZ 85.0394 588.2109 null] +/D [776 0 R /XYZ 85.0394 586.2284 null] >> endobj 780 0 obj << /D [776 0 R /XYZ 85.0394 552.101 null] @@ -1897,135 +1904,185 @@ endobj /D [776 0 R /XYZ 85.0394 174.5031 null] >> endobj 775 0 obj << -/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F56 618 0 R /F11 785 0 R /F57 624 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -788 0 obj << -/Length 2920 -/Filter /FlateDecode ->> -stream -xÚ­ZYsãÆ~ׯÐCª*‹ã9p:OòJk¯È‰$§*>@”PK4J¡}º§{†9ZÙ•”Ðì¹zzúøzFê\Ÿ:OR‘º8ÏŠX$R%ç‹õ™<„¶oÎ÷™¹N³q¯¯ξüêóB©NÏ–£¹r!ó\?T?G±ÈÅÌ £ëÛûû›÷3U$‰‰Þ{õ‡›»‹™N$t¢.W×ÿºPJEW·ïo®© Fñáæê"‹£‡ïnî/~}øîìæÁK8Þ…’Åûíìç_åy›ùîL -SäÉù üB…>_ŸÅ‰IlŒã¬ÎîÏþé'µÚ¡A­()´ œª%6!µ$…H6V-OõöBåQ›K£õ®J¢rÕwÄ›sÛ¢[¯wm³(‡¦k©ÓK3×Gôåš©ÖSA)vHxxnÜP †ý†)ØÅ©U¦¹(dž±ýôÃíMÀu!Œ.\8¼¤é ùÁ»jÎ+ízιK-ØÒ·'bÌx2>òHkϹñç»^×mUóÃSÉÝøp€beÚŘU’zÒ0ÇäàÛýf@ÿÙ<5 ì®Á¼;ȬOkúYÕhy|†¹"•ÿ­ã5ìqÁžXÖÕàÛ¬7«°±æ® DW{V@¼yøðW"Áj\ -^¹ž®[×:n2`¼Îçïî¯î¿½RÂ÷9ôƒ }Ënµê^|àBÒ%ÞÙN‚EIŸ,͉˜7ÃdÅ£X½ôÓõJTZÀÆr $]o<è¯xÒ|Ô "5o.Ó鶧Ñt–B¸™•ôõ²[朾v‹–Á½­á[j"§û‰Æ/ -Ð(fjSb6;›le„)tU÷Ô@*G -}¿Ò«Ý¢®¾ -¨O¥R¸)äû©\_H™|¡´‰ç@0Y*2#5dz@!@àqúÚäN&É Bè©)Vßl›g4 €2ÆÐâRØ/2‘/ÔnŒŒì DZ@a0ïã Û‰ebøµô±ˆÄP>¬ -‹ŸD‘éOÚéˆÆ€ÈkøLfç²örOâ*Tçv#!sWBó†¬=dE¹ižêƒrâ¶l–LœÙÕ -L +ÄzuIE jÈÑÔÿ~ð<ÉIº7ÖÃBŒ×l+êMÚ€î¤C䔬ÀĹŠã©! x|Œ‡Lì"re_ó!@€ŠœÝØîR€‹ÓÑꕨ¢òLd±ŒYqŸ±¿D‚“& £- $,iOK3€Âõ:úŽb"ü¢¤ÀɾÇÔ§3N}ÚoÜÎn¾‚ÄBh߀ˆi’ž”y-ý_œ1 Å$q; û7àÍXªÐæ‚èÐÇêÉ~ˆGƒ3¸Äl7‘%"IÒ“PÉ eùXKY1‚ëÛr¹Ìé X n€ÅñoSo‡=[Q5ó¤Îáx‚’U³ÄQËzTÈŽWäˆ`JÂ`bS—<K‘û2xg¡d‹Ùòõ kréŽÜÒ„F À†þ©Ûá=rçܳbuký²u]®ØÛr‡ˆ‘ò! ‡ïÝ€ÅjWÙTîFÂ6ÂÈļa5™H‹<˜MO«ìz\á ÆHúñ—·ïÿöãu$žƒŒ•É|ªH,.-Hêÿhñ¥¹øºSõÆ×t?1:ú¿•`过'Í2À$¾ã怨pzö«"Q‹£2¬Ý‡²³ü¤]@«‡€ ¾<)Š“3•|;†›ý¦k«Ë‘¤`‡ßq!ƒñ¹ßÍmñ­Θ%³T£˜1|ê/4±KÒ€½hÊAé#«½x8Ýî O¬Ì-ÞCÃ_fÒä³è4œÆ%€»»ûß„Ô§E¦b¼ê±%@|(a«ÇîžEC<,¹—”@•}HÒÈ"yãÖ)ƒË]xÕØ­jü# À 7ËÀrx‘{˜êݬz÷ª]Y×ð|ý¦^Ø|PWxÀJEC+¤ ”YòÏ®`} Ž!yiyŒ°:®6Fxßgºæûœ»;ð…>P†Ðãê<‘‡«Yéõd[ûíÜÕAUåš ììÅ^«&é¸âŸ¾âÂè=‘ô‹ÌÙPlІúÝÚĪË~{êh¡*ü.éãS.²ÕU0Ä€êGå”x«S2Iá -?$ø5Ãâ.D÷£B ª—ån5\²â\]9¹Ùc}¿@åÍ×¹|ë‘Þ·ßç²Yñ¥½æuèp\p–ãC}ëæk -ÜD –”ÁÒ§ª»@UH¬?¤Ó£5~ÀyŒ®PDÚ(Òxæø}³:„óM2ï৲‚«`”)Dlüý·½¦r×ñÇ⸀ôœy¤QÁµkå0g"Î<,Á*ŠaÕ,ÖJÄyjŽ.jºvùÜ-û#‡oZ«LB×$}82øD| f<ÿg "ˆ’¤p—g|­’gî -¨Ñ9r}8›‹.Ò0ßxžO㣠eDètQ?š¬Z= ÄÀ­mfîݺÞwòœ|‡`>ï`úxƒÂo„Ï°›ª&©ÇIºp.e:?¥ÙLOiF:,o^+z4¨>3‰³èëÛûïoþºl!µ.#±d°Ç̃¨üëü8p;5O¨õ4欬c•…×\vñ’5áTM×'¹±:„MÊu¯¦*Pçv?z@šF¸Wì8§ § Ãé÷þUǃê{~mzNÿØ®šO¶b2Ñ×oñm9‹£ü’j(Ç1QA UGá¤,,2—{bNC3ñì³ô[ueÅÓZÊü¥/4r2ÉÜ­rF·Êx_µë3÷r9Z«ŽX(Fà²üup‚ANÞ–d£G?ç}¯ÞÌbá‹.•Ž£Ú5w[Êø•8£·_`“3v\òò¥;ðç“‚Úsj°"Šï, r–³Èïú@T41š’ÐÖ¬«Ù§ðXR-µ+C|ÕwÉÁ°E‘ÆEà9ƾö‹m3wº^ÁØí±Ú¯Ä‹Ýºæ§ÕÐ?1˜Dàþå@zOùŸÿÁáð?àLžëðÿ.€‚!ÇÁ$,nZëÉÝBœŠþ_2ç;endstream -endobj -787 0 obj << -/Type /Page -/Contents 788 0 R -/Resources 786 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 764 0 R ->> endobj -789 0 obj << -/D [787 0 R /XYZ 56.6929 794.5015 null] ->> endobj -202 0 obj << -/D [787 0 R /XYZ 56.6929 684.186 null] ->> endobj -790 0 obj << -/D [787 0 R /XYZ 56.6929 655.2772 null] ->> endobj -206 0 obj << -/D [787 0 R /XYZ 56.6929 387.8252 null] ->> endobj -791 0 obj << -/D [787 0 R /XYZ 56.6929 356.2664 null] ->> endobj -210 0 obj << -/D [787 0 R /XYZ 56.6929 153.01 null] ->> endobj -792 0 obj << -/D [787 0 R /XYZ 56.6929 124.1011 null] ->> endobj -786 0 obj << -/Font << /F62 634 0 R /F43 600 0 R /F57 624 0 R /F42 597 0 R /F58 627 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -795 0 obj << -/Length 2016 -/Filter /FlateDecode ->> -stream -xÚ¥X_w£¶÷§ðÃ}ÀçĪ„@@ÞÜÝl›ž{²iÖÛûÐöØrLƒ 8îöÓwF3`Àlúp“¤Ñh4YÍ%ü«y -©“`%¥ -ç›ÃLÎ_`퇙bžeË´ìs}¿ž}÷ÁøóD$Æ7óõ®'+2ŽÕ|½ýÕ{÷ãêq}÷´Xú¡ô±X†Fz«÷¿,”RÞêáÝÝ{Zzÿð‰îV‹(ðÖŸŸî€¢”‘ö%¼óþñC|Ÿ>?>~|ZèÈ[áþ¾ßß?°Ìdñûú§Ùݺ³¤o­’Íøsöëïr¾£šI¡“8œŸa"…J~˜¡a uKÉgŸf?w{«në”÷B‹0ö£ ÷þ\Bàƾÿ„†¡ó˜^MmM?eÕÐ$+&Íáº9_ú±0Q¢Tf–0»Ïî”ç_qh¼š¤×´æ9 6§ªZ¨Ø³ECœ‘·µ¿IévË2ÊêP“ŒrG$ÖFEz°4jJ–¼Ý’Àš7¥Åvrå²å"$/Ë/§c-ÐT4N)‘„¡ïŒ»gÏœ3§;ŒÒ¼.itª-gKçÍÞi¶&RÃ܇ô ³ÿy²UÖ.Ÿ÷–^-bïTYñBó’éi1>e“Ó眥Õ_ëÆ.ÊG"Ñ~ì”ÿPVÀê€7Ï©S ½¢:“o`æma9¡O/lÀ\.H@_ÁÑÈÊMIBÁwK iµÞ[Z&×À’ V†æ£}DÌø ­=òzÚ¸D€ñ3ýôáÝ0> Z}ƒ‡Gò$ô§ ê.·ƒ> êÐ@`g›+ ²O`”Ð'cÒðP¾ZÞžnZs tà)#ðGïÇòl_m…Ô*yjöe•5i“½Ú©„ãs}Š|8OaTÛ -„ÕÛŠ˜.YìÇìÜkÑ­Ü›)S)`˜á›=r¡± X8·sÇÁŒN@æ1ßÀ:˜¯L[O£THÔ«£Úâ2í6t´¥¥^­ÝÆÇHXîÕ -)÷€ Úo³&+‹4§•ß ÒŠìêGÄ„(—6´%³%ªKA±·„¾¡é¡¯Ž•ý8SЂìhDZÓ œÖ!0úÌ·-à$ŠÃ2ÈP£x€ :4ÞÙbfáˆ(Y…„2ß^Ò9Ö㊽ÖVF4=m³¢™RÖÝzz -T‘ñv9ŸÐÝf+%œqÐ{]ÑÍÏY‘VÌ—§Ï6'ß»ep€Ãrçë8¢Ë—¢> endobj -798 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [377.8384 566.941 436.8266 577.7254] -/Subtype /Link -/A << /S /GoTo /D (ipv6addresses) >> ->> endobj -796 0 obj << -/D [794 0 R /XYZ 85.0394 794.5015 null] ->> endobj -214 0 obj << -/D [794 0 R /XYZ 85.0394 769.5949 null] ->> endobj -797 0 obj << -/D [794 0 R /XYZ 85.0394 745.0977 null] ->> endobj -218 0 obj << -/D [794 0 R /XYZ 85.0394 552.7519 null] ->> endobj -799 0 obj << -/D [794 0 R /XYZ 85.0394 524.1722 null] ->> endobj -222 0 obj << -/D [794 0 R /XYZ 85.0394 397.0585 null] ->> endobj -800 0 obj << -/D [794 0 R /XYZ 85.0394 368.4788 null] ->> endobj -793 0 obj << /Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F56 618 0 R /F57 624 0 R >> /ProcSet [ /PDF /Text ] >> endobj -804 0 obj << -/Length 69 +785 0 obj << +/Length 2942 /Filter /FlateDecode >> stream -xÚ3T0BCS3=3K#KsK=SCS…ä\.…t œ;—!T‰©±ž©‰±1ƒEV.­knj©g`fA‚!ÂVŒendstream +xÚ­]sãÆíÝ¿Â9yrÚì¿Ò'çìK.i/­ít¦—äi›‰TDÊ®òë ,°+RZŸ“iG±ØÀâc)u.á§Î“T¤….γŠDªä|¹>“ç0öÍ™bš¹'š©¾¾;ûò}ªÏ Q¤:=¿»­• ™çêü®úifE..`9»úx{{ýîb®Š$1³wß^þãîúæb® DDryõ¯ ¥Ôìòã»ë+‚Y¼¿¾¼ÈììîÇ›ëÛ‹_î¾;»¾ Žw¡¤Añ~;ûéy^Áf¾;“Âyrþ /R¨¢Ðçë3›‘XcÉFþ¤³BØ4ÏAd”ôê–h&>§¬°6ñ$ÄsÙ¹gÅ+G’Uõª~>’vM;§Ôœ(”MAG…ÚnÙ÷(º±zÖ èÍ*0÷4Û½Ç=ƒ2‘uHø¦%ÌàT‰´è[ÓÛÓðš§êYÝxNz¶¸PxzD¯ÇY­öô¾ìÚŸ¥Ô;ÚxEËСqòLø§Fà÷`Ì_QŽ±¥‚Êb4Þp-+eJW.º§à#ÞoÂhÓ1Áo Ô‚m­Ïƒ¬÷(¹ÉE–šœê p€8ÈN1”NÃÚ«\³M‘®‹Ïçàf¤tZ‰ŒôܬV,KóÀLJò®àô(ºÉjæ¥ÆÞƼ²Ä*=×nm€<†æÀÒ©ÄK§8 q»'`¢0xçÃïlÁkà¶uQÌ>EÖc­ôX>ÕGôåš¡6@Q)vHõðÜø© û C°‹S¯LsQÈï ‰œ"ç'ʾ(@™˜¤MÅÊ°Ù¹<+g˜=WuO¤m„ðxà“£yµ[ÖÕWõ©TŠ™B¾ŸÊõ…”ÉJ›´G¤xÉR‘éµfTAP|Ûô%t’L’õÔ Ü7Ûæ }'"´hŸ½~–‰|>ìÆÈ™[@WKLùø„¢„ýÄ!1òºAz8D`(`U…}O¢Èë'ãd‚12ÄÜãYnÃAîIH¥Xjlî6sw%”Ž{{Ì‹r#Ò<Õå(,Ù²ID26sÜ 1¦z+ƒbõò-a!h GWÿûUÂë$'cx x°–b̳­ˆš´ä¤CÄ”¬(‡seíÔP<6ã! ûâ1˲¯ÙH£ü¯fÞo9…Àâr´†z!ª¨<™•–÷ÿK$Òä aô”„%í‰5×Nȯ£ç(ÂåÎó=f=qÖÓ>nãvv‹ä*ô ˆ˜&éI‡GÑ2ìñÅÈi!Ä%‰ßaü|C©i¥Šm.Z†X=Ù¡ ×hpŸ“Ý&²D$Izê /Á¤,k)+F•zƾƒXî°Ez×5€âø·©·Cƒ'GQ5‹dÍáx’Us³îëQ;æÈÁ' ×›ºäåXŠ||÷·¯bõ!”r±2™O‰}¥«ú?Úwiî»nÁUCíÚ¹O\ýߺ/<¿ÇÍ2¨Iþ|÷ÅÝË¡˜Âåù\©€ŒZu`í>–µ€òÉÇt±zˆ êË“¢8±©„àÛq¥Ùoº¶jà`9'’ìð9îa0>÷»…ë[xÔ;³dg–jtù2`ùžúÄ CìÆ’4àî¤ò¥ ‘ÕÝ9œnwŽÕG æ#^AEÃ_fÒä³Õ h8-ŒO77·¾‰©O‹LY½åqÕ¿=t/\¦[Å¢!–LÄÝ$@eÆ€4²H^¹pÊ Å2 sµž« ·‹,3nî#ìð÷°Ô›yõæE%úŽ®áõúM½tù ®ÐÀJÍ>Ä8¤ tXòÏrpgÀZH^ZWXw#Þ†ÃÏêŠïrnnà0ô‘>„Vwæ‰<\ËÊ 8Ûúøà.|TU~òÀÎ]Šá•úgB‘Ž»-| ݾàè ¤¨_dÞ‰¬A'êwë0Û.÷ì‰ÐÕªð^Ò#äd²ÕU4Xa@÷£~J¼Ö‚A_%’"œ*°~¥à×\[¨p!¼uU}_îVªô=åäVõý ]7_åòGB¿{>•ÍŠ/ ܯ/Çg96êk·^ÓÊMDšIm"C> ±‹´…„úC:=âñ®« cô"ÂÞ £Íñùj{öM²pÂOe.WÑ0S Îs0³.üUü±8> ¼`i4Ô`ËÚÇ’˜²™°Y¨K°âºjnµ6OÍÑ%M×Þ¿Vï–ýÑoZ§L*¯Iúxd™ø¨2˜óúŸuˆh$…¿8ã+•<ó Ù‘‡èÁéœPt‰† 'àBdP.c‰N—ô£ÅªÕÓÑDŒÜÚ¥æÞó g'ÏéìPÏ;˜~¸AáMpÂ'ÈØMUŽT‰ƒãIºðGûtþŒæR=}H3Òó楮Gƒê3“x¾úxûýõ¿círÛá"{gf^Då·£êÇW·S÷„fßHc^IËÚª,^!pÓ嘗¬ ¯jº?ɵ°ê6)Ù½˜ª@ÛýèãÑ4½àDZzºõ´ázú]ø¢ªê[þÒôz=í[?m@D§#­‚Y.|ÜQ\Fh¥¼ù^td)j­Ëï· Ätçñ@Gôš¿ê„‰¿íêÞÕ€¹§yë@H_1a¤|>œx]®ìKÞF¶b”†:ÝÚi«0Ù¹9¾–4©5S+¯ÃÇÏE0÷‘E÷œš"׊¤p+?£p8 6äëÏ(Ü„žoà5ŸÊUSQ®´˜…ûg÷Å_Fú³‡ï.£ï’‘Æ*“"ËÂÅkêJSÌ]fT½;V}·~a—yî-1lA§u5ÿ5þ.fèpëÉú·Nÿ”sT%ŽINrÎÑ·NJ*ôYû(dÀVµ +Ÿ…)¡½´’µR„DûÂ?.L"ðo‘ÿGÈp´ÿçcþ€Ù乎ÿÑBg9$eX„…BÁµ>‘ÜÿmãTôÿù endstream endobj -803 0 obj << +784 0 obj << /Type /Page -/Contents 804 0 R -/Resources 802 0 R +/Contents 785 0 R +/Resources 783 0 R /MediaBox [0 0 595.2756 841.8898] /Parent 764 0 R >> endobj -805 0 obj << -/D [803 0 R /XYZ 56.6929 794.5015 null] +786 0 obj << +/D [784 0 R /XYZ 56.6929 794.5015 null] >> endobj -802 0 obj << +202 0 obj << +/D [784 0 R /XYZ 56.6929 684.186 null] +>> endobj +787 0 obj << +/D [784 0 R /XYZ 56.6929 655.2772 null] +>> endobj +206 0 obj << +/D [784 0 R /XYZ 56.6929 387.8252 null] +>> endobj +788 0 obj << +/D [784 0 R /XYZ 56.6929 356.2664 null] +>> endobj +210 0 obj << +/D [784 0 R /XYZ 56.6929 153.01 null] +>> endobj +789 0 obj << +/D [784 0 R /XYZ 56.6929 124.1011 null] +>> endobj +783 0 obj << +/Font << /F62 634 0 R /F43 600 0 R /F57 624 0 R /F42 597 0 R /F58 627 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +793 0 obj << +/Length 2675 +/Filter /FlateDecode +>> +stream +xÚµXY“£8~¯_áè—umMa$qFÇ>ø*ß7øš™ °9lÀÞØÿ¾®öìôÄĆ#L’J¥2S_&J‹ $ñ ‹d®$Êó€/éÞ [²ðXëd2ï¹Ð{Qª¦¼T>X’Y€BIÙtI +I ¤¿–ëíêXiN_ß!Ï–9æõØrµ1”«Ãz³A‡Ã%>šÕW‘++ê´‰9@æy„çIÙL,6kÖ_Wº/MånaÑ À"bÞñå×ßÙ’é¾° ’%¾tÁ/,d–¼ŽG Ï!”sÜ—ÙËä®°0šN}I /AñIX¸§aáeF@¥a‰ÃS›ÆûÞL"â žƒ +sx‰áX²|*¬…¯@*›$bYŽZ*[ÊÃQé5W”žN#JlƒJÝßÌx±­Å”zÐyŠLƒÊÆÁ}²—OÉ„~cYF1•sOÙŽÿEN“CX¡v°ø†C•¹óƒ7¦^é¶FæB¤~g¾Jؘo6~¹êº”ŸF)¥\‡„Òx6\1Ú€CŒ$IYäþ,Ì2ƒ g¿±<«ù™r=i„¢CàŽoQvK,èë=ŠäÅ0M/·Ä‘<Í«CB–ÊæªßMh\ ‹9ù10i$I*ÜÅtL]œ4,˜Údrtû•.‹ŸgÍu í>ù®1 +¡1PÌ8×î”™PêÓ5ü²M_yq[/á7ág‘-CIøŠl²ˆaFzèlr£Spà§< +Åš“ùïbÃGáØv²0~òL?fîL×ÍlåÒåUßuöD±ˆÊµÎ”"\z¤_ÈS¾sPY¦F@òˆ0ü ¦¬³:Û„2#Çòµø”Á†òŸÊ¹fdj£€(ÑÁlo1/ÍYBh§ØB'ÖbçœIeiLF€²ˆÄ;ö@¾ù9R¢ƒ©;$‘¿ùŽ=ðɸu +ñÒA6J8®ÉÜ×*lwuK÷ +ymNiËŒ#J™Q¬m0’m3 ‰@pÁxåäàèšKß‹Ó´33àcÊ ‚=¥¢À3ñž§éIèvbŠ:I%sÝà‚%˜g¡ê¤É)”m-¢„FtoÒg…¸ÆNØxì•N_óú$d(çëc‚fNÖ4N*+ d%bWNûÑÅ sY²eœâÈ1Ì/Z©5–æ;·#Ç3a‚0.¦~ÂY܇ŸlÓ!óÔÏJrš÷YáåÅÇ‹X\ÕðÁã‡Âû.°lùß©z 22‚þÚ F&§#"\I‡xFE/ψ¢ZþIçdö¦©yDmϤŸ/|FÂG=ôdzªW(Φë½Ë<#p€{tøó*†¼H ôðøV®¸K¸¿¾í¾Õ—ΗÉÊ 6±5›ÛÒÝ馥)—Y÷¶ö×î"XŸ„Ž8¾uOteNd$ÈŠ 7eëÊ©upkUÛî²g4¹Ûªs˜ÚZ­çŸõ:Teomï õ`€yTÚUc74¥¾7pýÛ +=Câ-Ë„Û»‹Qµ¡Œo³³ljÞNšiÜníj}m¯ÎûŠëóëêa·²ìí›°mº¡×ßÚí8ªûÕúTbルÕ4QV6f£xg¡,3GXzA·¿iÉ3ý¨‹®ÈöG÷¼œ¢Á3WUçÓÍÞ´@gÜ9†×Cë¤îº6·œõ6;³Âñ³ÞIo[þEåwævÁêÆd÷6xæµS… ºUç¦x’åÅMéãèÝkþ®&È~LdqöÖï©Êa¢¡8« +ªÌy{:¹ÎôÎ3‡Ç‹~ãv«ãº·únô†RwU¶>­Žc&ýÁð¶l¡oß)®îÛû~ãÙ)äÒêFˆà”ág¹úGt—ºh¡A_ÒÏ9Ñ ‘Lš¿”P@ Ð|šWÍ;àï®N^O3„Ï2¤ziV«Úu<Чðʶ7“9·0×5!h6–o!;|oc+»pÖZuêíæzMÍàæE—F+ÙÙZÍÓQ<¯+·ÖZ5š­á"yë®o§ˆuÕC|±v­‹­ÎÏKí ×í©›M挌Oà¢üˆ‘‘¢¤Ãeéîئ³DAãcîíÚ#Žã¬þ¾6¢~¨=u[ñêbû¼½¬Ú•š a˯?ÕJÍtCÇïu`dqÉå6’–;Ø‹»Ív¥öÎN¨´CÈ·úâL™¨·Ú†W£ëÓ3“äZ~¢¨íĨ{©¯x»·êÇ«W¯Çu,Ź:~ôõÐZVzƒf˨lžfÃéüÁ»õÄ89fû´?­P›[ªúôíêhzêwÔñÙ«Éb*Õ{aÜFgÿ™a³ºb»í-º:+×llâJFÊ„•«ì¿rô‹PüÁ’3ùç@§g)¼õ DðWDÜsÁô£Sp2¤ ‡Lgø^m4¦ã*3l*†ùÉÈŸqW¿Ò±Fê¡6î¢M`Ý.úud µ++‚>&ǵ?™LªÔ\00mØ‹KÏçá›Ó·[Š?lP;XLújçÖ »ó5ºYV‚—¡"ì× ³™ @fðf‹ÛG·ÕqŸuÛ³&u©~ë»AeG´*¦–Ŷ¥¢ÈÑFÆŒ}¶Ùɨ#Ô¬qty[­›»hnkË 8# zûf¬“ ܬ&á.™<›Ïõk¬[µ‘ ’U¯Ý^™Ó3]y|Ýu&KÏ8Z£nëøvÆçº+Њõ,ao‹7pµV][ë­ïA½uí[ð¼T•©ß_¾5‚ÔþÿÈP±Ý]µ»vuÝàû¼h"I‚Ådøb| •ÅÂßED¿Ã}ìýÞ8“*˜þ_þ]Aendstream +endobj +792 0 obj << +/Type /Page +/Contents 793 0 R +/Resources 791 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 764 0 R +>> endobj +790 0 obj << +/Type /XObject +/Subtype /Form +/FormType 1 +/PTEX.FileName (/usr/local/share/db2latex/xsl/figures/note.pdf) +/PTEX.PageNumber 1 +/PTEX.InfoDict 798 0 R +/Matrix [1.00000000 0.00000000 0.00000000 1.00000000 0.00000000 0.00000000] +/BBox [0.00000000 0.00000000 27.00000000 27.00000000] +/Resources << /ProcSet [ /PDF ] +/ExtGState << +/R4 799 0 R +>>>> +/Length 800 0 R +/Filter /FlateDecode +>> +stream +xœeU9²,GôûeË@@Q ‡!é¡%bd(dèúʤ—÷ÿ(žÑ¯ +’$¡T¬)ÿ®ïë¯ãïãÇ_¢ýþÏaíÏc‹®½Ú¿G—=ûÌöÓ1ÄF¬lÖ]töö×ãqu‰Ý¦‹÷5š”<8Ç—ý:\;âúãñ‰üéÆ&ÞЇ h—õ:ÀÀX=&02²oÒCó eD3PMtð1CrZûbœ7³}t€mA£d«·íä'ÐWŠ!è®»½KO(°ƒÔ¤‡tÙKb•^¦Ìì »å*’ÎÕBêFåmY¸™`Uõ´™Õ -¿nÜž í½³`*TûÞ£jg“¾=Ås–A½R?Ô =}³Ú§l +¤Ï’ÃigÙ¥—ÇáC6uéíÛ&”\Ê GTœ„Méêö–KòlÜ’Fyu|?é%åiÈ¥K”êNÊq{vˆ*êèJE¢]8hÍò¤p0R±ˆ$Á(+Á nÖN¬ +qª„Ñ«ò^ÿï>‹«>÷— .13×…Óƒ!¶3¢SËAÕ”ih¥Å¨Š^…(€<Îm䦽ªšÛÆlLÊâ³ò7ÙaÆ´Ëdô 6(WðÚºK +г2"ïE9~  +n*Œ1½÷¨¾x¥Æˆpîâ‹&XîÃœ§³±è\íD¤ßä0}#XŒûž˜‹¸À>#^V°¡|2Îi‰9ÊÎr)`˜¢Xh¡Ò& „hb—H°Œe"Ãêʱ„£~Ï“a³tŒºìZDß!#Z¶ÚÂk! e'jÝ=§ _tsÙ¬ûÍ&­Nå@‚i¬ˆ3t%kÐE„\H–YZxÿ/U¥Ç™åë—Φ@±¯iW H +þrÓGçX5¾ûû8‡´ÕªOª«t–Ô³$Ây°‰—BÒ›ÀÄ5©/¨vp÷o`kA“ôr ±ñœÓ4N.4Žæ&F°ÑTÆG%V½ Î'ÌØR5¬BÔ‹`qUžv-UÍ=ëÆåQv2ë_ ”¿­qq‚~èr¯Ú5ÌJ¼ð˜°h»P¡õ‹kÜàéÚýªå>Ò¸D °o»Îi¸CrT]¿MJ¥ ÆÖ¹’°;¿ö‹ûóZ¼¬ å[Ç-œÁ¤ŸBx¿ýpü|üÈÂendstream +endobj +798 0 obj +<< +/Producer (AFPL Ghostscript 6.50) +>> +endobj +799 0 obj +<< +/Type /ExtGState +/Name /R4 +/TR /Identity +/OPM 1 +/SM 0.02 +/SA true +>> +endobj +800 0 obj +1049 +endobj +794 0 obj << +/D [792 0 R /XYZ 85.0394 794.5015 null] +>> endobj +791 0 obj << +/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F57 624 0 R /F84 797 0 R >> +/XObject << /Im1 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +803 0 obj << +/Length 2020 +/Filter /FlateDecode +>> +stream +xÚ¥XOwã6¿ûSø°ù½˜%E‰’rsg2múö¥iâéÚ›ŽÕ‘%W’ãÎ~úH–dMzØä Aüý´šKøWóГøÉ><ñénµˆoýùéîyñÇú§Ùݺ³¤o­’ÍøköÛr¾£šI¡“8œŸa …J~˜¡a u;“Ïžg¿t{«në¤÷”¾O]»/ðç*:€Å¾ÿ„†aë?p…”迷֧㱬dŵïÀl®{±‘ó¥ %ÚIef¡£ñ³;åùW$W“ôšÒ<'bsªª…Š=[4Äy[û»”~a·,£¬5É(w4Å:U¤KTS²äí–Ö¼)-¶“+—-!yY~9k¦¢qJ‰$ }gÜ={æœ9ÝJóº$êT[N¹Î›½ÓlMS sÒ/Ìþ×ÉVY»|Þ[vzµˆ½SQdÅ+KžO‹ñ)›ô˜¾ä,­þZ7öpQ>‰öc§ü§²P¼yNbèÕ™|#?h#Ë }zaæ²pA‚ùüÑY¹)I(øn©!­Ö{KËäXrÁƒ‰•¡ñhMf|ÐÖy=m\"ýÂG?}ú0ŒA‚ÖFßàá‡< ½ÆiDÝåvbÐ4;tL°3ˆÍ•L²O€Jè“1ix(ß,oO7­9:ð‚ ø#Œ÷cy¶o¶B i•<5û²Êš´ÉÞìTÂñ¹>Å>œ§@Õ¶a5ÊH ó2Ýõß²`^,¦Ü2ï¦,š4ãÌ‚± † ÆB!Q<|(Ï’ËsÓ°=˜(Zƒ‹ë³­hó%‹ý˜;!šã|3e* 3|³±G.46 §‚ãvî8Ñ È<æXã•iëi”¢ƒ +‰zbT[\¦Ý†Ž¶´Ô«£Ûøw­àr¯V`’r¦AûmÖde‘æ´ò;TZ‘½@Ý"ELˆriCëP2[šu)ˆ"ö–Ð74=ôÕ±¡÷ƒtdG#Òê˜Nà´Ñg¾my'Q–ø@†2ÅlСñÎ3 )ð5H´³ ‰2ß^R:Ö㪽ÖXF4=³¢™RØÝ|z 1T’ñv;ŸÐ]g+&qЃ:Œ.º¢«_²"­˜/O_lNþwËà‡çÎ+*2"Öq2D˜/Ey†€h’ƒàKR›º© épr-QD±µÁ!Îv@„„DüvzíôÂÓZyû!jÀLƃ*DlÊÃ1·Íyÿ”œª›åTÉõ += Ýíä¾ä1ímöiñjk`&êÐwàë&n1"*ñVÅWšKÇ<ƒØC®¶¹ZhùHƒ„>[>°("N¤SÝ80hÒ‡;›0ç@æXO’ÅÛÛÚoÓœª‚Æ)-!Á€ûŽ¾¯€Ê…»Ì|ïžYiÕd›Sž¶¡£XÞÏÝT‹àtsÀ§Eð¼¯ÙŸ€±5M¸FÁ Î'®º+à#ŒŸÁ6¹¦äz§Cè5AÕ[fÏ<Ú1ïm‡ÂX¡¼À7Ô¶.ð²³i¸÷ÍÑ ïµvÜXëPŠ Ž}èaD*À—«×9O½ž¸ã_ö7PO<„ñ\ôÀ3 k[­•ð…ëÈöéd ÏUgÞqýƒ×ÒP Áh=|›Þ;²,Jœ‰B)Ðö¤¸_G©±åÿݵ10ø\_îCjÚ€zÂÛ.ùé–¬õqð¦â½zÜðá÷m°–Ò +:|›ÓÈ¥³f,F! }“"]Õ…ÔpO}´› 3ÜÖ#9ðhȺDÓã&Üý "X-ôDn¿y¤qE0.öïAö†o´hä®DÄq”8Îýütÿ¾; Ä„· €èÉž¬ÁÄÈV ü W éÕŠÃÖã8,êvûßÞªo„¬§ƒó[d(&‘é,=,,,ÂÎ8e6 Æ2+–\0s'>sõŒ)‡×(ãÅÒö+èÀ8öîw´”Ò +Y訔w;xác™÷rBôøf˜ì9§º:FRîÒ¢oÚ‡[³Ÿˆ Ò@Ë@q¯q{»ƒ¿[•@ý›X #—+e„4AÄ›Òz„Ž=›¦ ÚCÇ×íOUtût|  äp%ÿhAýEþ÷òÔR»—:œŽôMyqP^8‘ñBÁg"M÷v+ªí¾¦¶bÛ×WÑð8mëuuó•è^¾uR÷ç ³JC[•^™z±CŠ±"xC]‡>€¶X%zÔ?‹ ‡… q›"Y«3” Uêâú'©/6³Á§¼aîþÇa$é¾E¶\†Û•y^ž»XœËSÎQ]¾e[Ëݪ dŒ6 Ã× –F—;ôŽ™~Mqɶõ2Îæ©Jbá«®ÞÇ*Š(ÔóŠ qø¶ÂÒPï «ÃÿX¼ˆ-|•ùbÊqZ(!ßû‡ò‹áïI§uˆü¸~r¿n—Äߧ~„êÆò&úÙáÁÿý{áå§Ô ›É†Ã0‹A+å¢\iÞþ°x­úÿ”H„·endstream +endobj +802 0 obj << +/Type /Page +/Contents 803 0 R +/Resources 801 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 764 0 R +/Annots [ 806 0 R ] +>> endobj +806 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [349.4919 566.941 408.4801 577.7254] +/Subtype /Link +/A << /S /GoTo /D (ipv6addresses) >> +>> endobj +804 0 obj << +/D [802 0 R /XYZ 56.6929 794.5015 null] +>> endobj +214 0 obj << +/D [802 0 R /XYZ 56.6929 769.5949 null] +>> endobj +805 0 obj << +/D [802 0 R /XYZ 56.6929 745.0977 null] +>> endobj +218 0 obj << +/D [802 0 R /XYZ 56.6929 552.7519 null] +>> endobj +807 0 obj << +/D [802 0 R /XYZ 56.6929 524.1722 null] +>> endobj +222 0 obj << +/D [802 0 R /XYZ 56.6929 397.0585 null] >> endobj 808 0 obj << +/D [802 0 R /XYZ 56.6929 368.4788 null] +>> endobj +801 0 obj << +/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F56 618 0 R /F57 624 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +812 0 obj << /Length 1920 /Filter /FlateDecode >> @@ -2037,249 +2094,234 @@ A ÕVµ2,Û è_ç³î:ù¯ke—U)¯Å5¡.Þf2g)¯ò2*j£Â‡u(碚Û)/òYrÔFý¸$ج—x¬ÆÉ 6ó§éiøkÝÆÃ@]´£v›yo‘!ëBWéG!¥?È{˜m&kk-öf"C3wÑ®(¡oÕíDÍï ] ½¶+hwÑš jSlïíùn°+¼²±œ Ç9hÉÞY¢Zy’þ–hJ“60;Kƒ(±šßŽúÔ|žVü¶¨å8XcpQó‰‰Ø‡Û­5kW wR­Æ|ªîæZRÿhð †–Ç°0TÝ€†€ÉÎÃ+!@íüM˜­ÕHišñ+VÈj‘æ‚GÃÒèîå®Ä­§‰æÕÇÌÞ>1‘ÓcIç¼Z/­=«rþïÐÎf±ºëLÀ"Æk‡¬›8H!®ð&ùHÌ0 F }Àû ¥ÆYdad‘³2'lõúþZ„#¤×åLÖÜ^_¼‡2Üÿ¶a‹š¤F^LXnä+eUâf¼ø®™”Ý¥Ó­üm’ ªr:ßÿXE“VUQÏg•w?>M?ÆE‘âÏ‹k?.F•íU‡~Y\œŒ p;ÂñâökÓï”o?÷øh˜‡endstream endobj -807 0 obj << +811 0 obj << /Type /Page -/Contents 808 0 R -/Resources 806 0 R +/Contents 812 0 R +/Resources 810 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 813 0 R +/Parent 817 0 R >> endobj -809 0 obj << -/D [807 0 R /XYZ 85.0394 794.5015 null] +813 0 obj << +/D [811 0 R /XYZ 85.0394 794.5015 null] >> endobj 226 0 obj << -/D [807 0 R /XYZ 85.0394 769.5949 null] +/D [811 0 R /XYZ 85.0394 769.5949 null] >> endobj -810 0 obj << -/D [807 0 R /XYZ 85.0394 576.7004 null] +814 0 obj << +/D [811 0 R /XYZ 85.0394 576.7004 null] >> endobj 230 0 obj << -/D [807 0 R /XYZ 85.0394 576.7004 null] +/D [811 0 R /XYZ 85.0394 576.7004 null] >> endobj -811 0 obj << -/D [807 0 R /XYZ 85.0394 544.8207 null] +815 0 obj << +/D [811 0 R /XYZ 85.0394 544.8207 null] >> endobj 234 0 obj << -/D [807 0 R /XYZ 85.0394 403.9445 null] +/D [811 0 R /XYZ 85.0394 403.9445 null] >> endobj -812 0 obj << -/D [807 0 R /XYZ 85.0394 368.2811 null] +816 0 obj << +/D [811 0 R /XYZ 85.0394 368.2811 null] >> endobj -806 0 obj << +810 0 obj << /Font << /F42 597 0 R /F43 600 0 R /F57 624 0 R >> /ProcSet [ /PDF /Text ] >> endobj -816 0 obj << +820 0 obj << /Length 69 /Filter /FlateDecode >> stream xÚ3T0BCS3=3K#KsK=SCS…ä\.…t œ;—!T‰©±ž©‰±1ƒEV.­knj©g`fA‚!ÂVŒendstream endobj -815 0 obj << -/Type /Page -/Contents 816 0 R -/Resources 814 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 813 0 R ->> endobj -817 0 obj << -/D [815 0 R /XYZ 56.6929 794.5015 null] ->> endobj -814 0 obj << -/ProcSet [ /PDF ] ->> endobj -820 0 obj << -/Length 3052 -/Filter /FlateDecode ->> -stream -xÚÍË’ã¶ñ>_¡‹+ÚÔÆ›àæä×&냓Ø{³]ŠâŒXK‘²HíxòõéF)Q£MF©rél6ºý†Ä‚ÃO,œa\ez‘fš.Ì¢ØÞñÅ#¼ûë0Ú(f´Rð0ó61Ê1ãdºHÆH¾þp÷å;-’3k¥Y|xö²©c™ÒÙâÃúçå7›|×—û7‰4|ißüúá{úL³Ô¥?ã°…aiÆÿàë÷?|KÐ ß´Í/œËÇÃ>﫶¡Åˇr_6E0ªEÆ2+m@hªÔÈ1Be=BŠ Â7bÙÐzÕѸڿnÙæëú™ºj[ÕùžúG3Bëþ£ËMûT~VS½¼Ç7nÙoJ«$À|ò@ÃCùDøš Py ¦}˜£º¹GÆ‘U!Xf«Ý¡Ø´3Kÿ5ŒŸªò©co-l¤Vc”  G,{˜Œá5¾«Ë€¨Û´‡zMó§vÿ1̪~CÀÄî\Ãq{×UCãqû Å“i¬ö â™a¬h·»ºü-?•ncÅ‘@€X•4B”A¹&(zˆcSiZ=„W›ò9¼Ì›1q$ͯ–ø€$UÙôuøªB·°÷:tUó8åFxn`'Òb:s˜<”y =º°Òš5M« ó#Ë`ÚLMN-G.5* - -Îtl þ?³ ôT/´ÌòL¢óÿíîç_ùb ±âû;ÎTæÌâ 8lï´ÌXÊSW껟îþù?~é@!*– ®.S@ßqÀ¦ñ‹)ª$ò”(ç’¹lˆhå„/™RÊ,4×LjžúãË‹úTFB -æ¬ÊŽ€Ÿ!$É2çÜ<³É€1£œ!©3à&$¢MÌ™Š,(˜ÁÔÅ3÷3T9%@›[M%sN»ðu¾^ïË®;…²š T—[I""¼"eS&ì© À?›3³”YínIcÄx…HÍ!/Q á"½ÅŸŸ–%ÍxÅÝÑ ­K4Ý}>®žéÀÐî£SL•‹n/(îÉ6àK…'©¸ïvØ©ø &!ç[Œçuöˆ–¯8ˆ÷ÿaâSMg¯˜¸r°‡âê%ÝòÔ¤7¿ÚÌ#ÆdŒr†L gd•˜’9«Ý]jØñvDFŒ×ˆt’I•Ú)‘´ÛZf©æWo p!öá ‘›2Lö4Ž³ÄÓýA¥ã1—¨vg†Ì:qÃó0^J Ä.ÎÕlÎð½FëÀÆý §Ž¹c6sΧ†¢,3ÜÞŽÏã>5ÒŽ5à„Ïݾ|¨~ŸáTrC<ºÈ© -!A?eÕÛ7PœÞŽÕˆñ«|¯Å‰ç¨Ösq7øÕÈfb¡Þk÷3ìb.¶¦§Îx&åïTŠfnLŒ|5ãÆdŒòœq™j‹fÁ^H9 VèÁ"c"{OygW–gjR&1èI —ûÇM~õ&øsšOí/ÒóSY3bHô!Õ?U/8#R1¡ç¬C2@]¡âÛPÌØQèºm€Õ· °P.¹ÔÉkÖ€*Çëv›WÍYàRþg6¯[_rD8Y%ÈØLè»”>sË8¦˜CÌ’Ú.;@}ÝR¹ Ô¯¾²Ófù´©|?–Ÿ*_ -â/³a%Ôq:ôj4u„`øö‡Ÿhɸ§µ 8)Ï·É\‡d«¹_¤Ô3žê ¡xtµÛgÖ—]ÏŽ'q«S×l4\Äù‚šŽàœ -˜A ~MM•d†giPÔö¢¢FتêåKÊ:¡²,ªm^_×Ø¿c2¥Dê{: l2íi¥júò±Üw´þ)¯¾Â€7<|rl6Œ4†Þtå.ßç=ÁÛP‘¤(»nNQá†ÿ‹ý ãu-±ÒÍ1J%gb5죚eZeÓDb‚0O#ÙØ\´(nm€Šz‚G`]nbræ2†Eõ%|F‚:d½`A#ÝüãZÌã&½ZIqÇLz]ÕN_l– €·k–ŒQ¾Ð,™x! ?i–|i,‰åû|Òaê¿ô=Û.¬P?¦=uá{ÃþYšŸÛyþ±škµœØ̼«`J»pDVkñú0bLÆ(gR@¨ü‡,b{Ùiª‹½¦¥Vãe{kÚ­ìahï~>Îá“K!ö}(›zÁ"¤ÓM³`ö¢AD¸ÛÙÃã æ0¦ïó­A+Æ`qfƶn]»èÖý»9·ŽDf@BÀ(9o×+÷ö-l¥çšéÔ‰Á—&Àáhÿ®hw‚ª<^gAvõL­)ŠW Ú`lÃk œmòO%ÎÜ2ß®ªÇCÕ?Ó ¬´¬ö4õ;ð¿±M!–=m]@·š½ÌZWa§ ©÷Aªì»Ò¸ÛQ¸Ýí«/åJZ÷ùÙûoéKò8:´ý«]:àdænŸŠ „ëÂßÉj¡(áã1-`:Šãº¬«mÕÓ…&Ê›óåûžÞU²]OfóX?Ó -ɶh·àãÖÄž¿Cš‘dÀ*ÈlÈ™¡Šâ*¦¿-Bz7©~«¡Õæ°-÷UAËÕØ­°7 -Y h Ò™¿8C@jͦÍk5íµ.Œ>=‡‘øZù£Äçüeze{îúr{z‰¯Wpˆ|,éâÕ-ÿÖ>%s'1º-V(Ì -ï³!†ññÅ1>VMKc×çÍšî‰×´²!rNÕ‚‡ó&è¿ ÂäØÛ_ÏIb,@ôY —¥Ëâ°'ŠÂ…g–Á©ãÌÓÙãþ!Ô7붮šö™=ŠáôÂåðpåšh»]‹w’H GÒ¶Tg(¨LÒ·‰×„„/WeÿT–Íœü²ý–$?Ajýáò¼ó¥Wæ:ÞðÞÆŽIÝyPŒR‚sŸ'!·ÆEŸ÷P:þn¶)!'"BõR©!SW©b…¥¼ïóbã“phO'4㉭eƨ؟jJ>2jE„{Úca‚Î[y/D+Û¶ëCiâí´£‡ñQáóè¨JªT’¸ÕDKòú)—¯&­Ç@!€®PÒäñî¾)‡ÛÚ–ÆU¼uGË©Ð8ÅxeÚ2Ê…‚ðÿ œá‹‹™„È™kM $ÈT¸ k! %ÓG¸W§Bc2F9C¡pÌaGnBáÅdæ©Çdhæ2Â⟡ҡG¯Ï³w¨…3·ãuÀx…WPLã=ûçð:iàÎö¬§ñL~«´b’ky;NŒW8UÚÂ÷ŸÉh( ®ÕêcMñíQ§ÌÉ—î¡ÏPÆ/.Ùc -ï­6×ÌQ¤PïY{Õ#Ü Íq„ò%sSˆ)Àg™#D ¬Mh<~5ÙÂH–ò¡­¹äªÜ_½¢b3ˆ2¼t4WñdlØ̧s@å×kz ­|¿ 'ý6X"”¹u ¨º³i ƃÐF™ÍWeÝ⶙àRÓbÿ¼« úLC„4¼ FvèâG>K÷ˆp¨LŠcÜ> endobj -826 0 obj << +821 0 obj << +/D [819 0 R /XYZ 56.6929 794.5015 null] +>> endobj +818 0 obj << +/ProcSet [ /PDF ] +>> endobj +824 0 obj << +/Length 3061 +/Filter /FlateDecode +>> +stream +xÚÍË’ã¶ñ>_¡K*ÚÔÆ›àæä×&냓Ø{³]ŠÂŒX+‘²HíxòõéF)Q£uF©rél6ºý†ÄŒÃOÌœa\åz–åš.̬ÜÞñÙ#¼ûÛˆ0Ú(f´Rð0ñva”cÆÉl¶"ùêÃÝï´œIά•föá¡ßËfŽåJ糫Ÿæ_¯‹]ç÷oÒð¹}óˇïè3Í2— üŒÃ†e9wჯÞÿ Aç4|ÝÔ?s.û¢«ššð~ïëÒGŒj–³ÜJZ *3rˆPÙ€†r„ð˜×´^µ4.÷o„›7ÅjóL mµ­6ÅžºG3@ëþ +£óuóä?«™žßã7ïÖ>àòXŒhxðO„¯¦IUDjš‡)ªë{dY‚å&²ÚÊ5@;3_Ãø©òO-{³ÐÂ&ŠaÕá0D Bzļƒ É^㻈ÚusجhþÔì?ÆYÕ­ ˜øÀ7pÜÄøeUÓxÜ>GñäAëcÄ°m¢x&+›ínã@ËO%ÛXq$ –žFBˆ2ð+‚ +§‡8Ö¾üHÓê!¾Zûçø²¨‡xÄ‘´°êðI(+_w›øU…$na!íuh«úqÌÜÀN¤Åtæ0yðEw =Ú¸ÒêM«¨óË`=Ú LMŽ-GÎ5* +Îth ®(žx˜¡Ê)ºXOØj&™sÚů‹ÕjïÛöTÊj&P]n%‰„ðŠ ”Í˜°§‚ÿT®ÏHÌ3fµ»% ã"5‡¼D†ˆ ~Z”4çywK'´òhº5ú|\>Ó¡Ý'§681˜*—Ü^TÜ“mÀ8– 'NR pÁí°Sñ LBÎ7Ïëì-_qïÿÃÄ-¦šÎ^1qå`ÅÕKº-4ä©H¯~µ™'Œ‹!Ê 25œ‘UbLæ¤v 8t©aÇÛ™0^#ÒI&UfÇD^Ðnk™`¤š_¾ÀÅ؇3tDa¬}œìif‰§ûƒþJÇS.QíÎ <˜uâ†ç×c¼"•ˆÿ\œ«Ù”áÖ‘û NsÇlæœO EYn¸½Ÿ=Æ+|j¤kÀŸ»½¨~›àTr}<ºÈ©Š!A?eÕÛ7PœÞŽÕ„ñ«9|¯Å‰ç¨VSq7úÕÄæÂB½×ì'ØÅ\mMñDÊ!!Þ© ÍÜ:˜ùjÆ{Œ‹!ÊsÆe¨-šy{!å€X¡{‹L‰ì=å­÷gj2&1è I —ûÇM~ô&zøsšOí/Òó£/1$ú꟪œ‚™ÑsÖ!é¡®PqŽ­¯F¦ì tÝ6Àê[X(—\æäµk@ˆãU³-ªú,p)Hÿs›%ÈW‡­„oqD8Y%È،軔>sË8¦˜}Ì’ÚÎ=@}ÝP¹ -Ô¯¡²Ófþ´®B?–ŸªP +Ãb(³a%Öq:öj4u„`øæûiɸ§µ 8ñ¿ÛÅT‡d—ª¹Ÿ¥Ôžê ¡xrµÛgÖù¶cÇ“8áÕ)ˆk6.â|AM +ðÎÌ ¿¦¦J2Ãó,*j‡{QQì Uu€ò%eQéËj[l®kì?0™R" =6™ö´RÕôû–Ö?›C¨0à Ÿ› #¡7­ßû¢#x+’ e×N)êÏÜð³?à R ®%¶@Ú‰"Æ@©äLªƒ †bT³\«|œHŒ°æi 1›ŠVÅ­P)Bð¬ËMJÎ\ΰ¨¾„ÏHP瞬,h ›\ ’¹bÜdW+)î˜Éc¯«Úé‹Í’ðvÍ’!Êš%#/dá'Í’/!M€%1ÿÏO:NסgÛÆê‡Ã”£§.Co8¼ K Óc;/ßÑ»*Â@¶Ȭ7Ï´B²-›-ø¸±î&ä0¤ +2ïsf¨¢#‡¸ŠéoK‹^àMjX†Ãªiµ>lý¾*i¹Z»öF!‹ T:gH-£É´y®¦]¼Ö…1¤ç0_Ëp”ø\b^ãcÕÒX74¶]Q¯èžxE+[Ð’!çT-¸`‚áË(LŽ½ýÕ”$†$ÀY +9/{¢(^xæ9œ:Î}=îŠDýp³–`7Uý1ÂÂ>“GÑŸ^¼î¯\sÍa·kðN©áèQÚÖê,•YtÍ"hB÷ÂÀ—Kß=y_OÉ¿';lI’ ¤6(Ï»Pzå! ã ï}dì¹Ø4e±‰()Á¹Ï“¿[ã’Ï{ðŽƒ¿›lÊ'È‘ˆP½TfÈÔUf“Xa©èº¢\‡$šÀã Mxbk™1*õ§jϧ@N­ˆxO[DJ–»ƒàÎ/R0éóÉ!ƒIŒÙŠrøÓôÎKQgŽŽß€û*îT˜ óVÁ Ñʶi»Xš;méaxTø<8*O•Ê"m5Ò’bóT<ÇËWŠ£‹Öc @W,iŠtw_ûþ¶¶¡q™n]‡Qàr*4L1^™¶ r¡(üß3~q1’P9s­ $€™ w¡q-„a dú÷êT(a\ QNP(sØ‘Qx1‚y¦Ä1š¸Œ°øg¨¬ïÑëóìêFáÌíxí1^áÓxÏþ9¼Ž¸“=ëqE<‘ß*­˜äZÞŽÓãN•¶ðýg2 ˆkµúPÓ_gŽúm°D(së +Puçã0ÿŒ¡27š/ý¦Á?l2Á¥¦ÅîyWA ™<Æ8ixIìØ#ÄB–EàX™”Ǹy’VíßÀWuÓQÿºRjüÃe‡¹UææïkzÓ6ô‰EK)§ B‰ßCîRµ "Ô+‰õ +¾Ô3ᱨ§²Ë¨@IFmwœ²Lh»ããnÙѺلŠÂ`ç7¾ìF°{ˆïÍ–æëêq½ˆÇŽRœL®Q/»”±¾ÎüA'˜”¯ð8TËVO^W¥ÿéù ÿö;}cÆ-s2ÇÛ˜jô쌅ôßà#ª´ÝIÎa¾endstream +endobj +823 0 obj << +/Type /Page +/Contents 824 0 R +/Resources 822 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 817 0 R +/Annots [ 830 0 R ] +>> endobj +830 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] /Rect [356.2946 363.7923 412.5133 376.6291] /Subtype /Link /A << /S /GoTo /D (address_match_lists) >> >> endobj -821 0 obj << -/D [819 0 R /XYZ 85.0394 794.5015 null] +825 0 obj << +/D [823 0 R /XYZ 85.0394 794.5015 null] >> endobj 238 0 obj << -/D [819 0 R /XYZ 85.0394 769.5949 null] +/D [823 0 R /XYZ 85.0394 769.5949 null] >> endobj -822 0 obj << -/D [819 0 R /XYZ 85.0394 576.7004 null] +826 0 obj << +/D [823 0 R /XYZ 85.0394 576.7004 null] >> endobj 242 0 obj << -/D [819 0 R /XYZ 85.0394 479.565 null] +/D [823 0 R /XYZ 85.0394 479.565 null] >> endobj -823 0 obj << -/D [819 0 R /XYZ 85.0394 441.8891 null] +827 0 obj << +/D [823 0 R /XYZ 85.0394 441.8891 null] >> endobj -824 0 obj << -/D [819 0 R /XYZ 85.0394 424.9629 null] +828 0 obj << +/D [823 0 R /XYZ 85.0394 424.9629 null] >> endobj -825 0 obj << -/D [819 0 R /XYZ 85.0394 413.0077 null] +829 0 obj << +/D [823 0 R /XYZ 85.0394 413.0077 null] >> endobj -818 0 obj << +822 0 obj << /Font << /F42 597 0 R /F43 600 0 R /F57 624 0 R >> /ProcSet [ /PDF /Text ] >> endobj -830 0 obj << -/Length 3528 +834 0 obj << +/Length 3530 /Filter /FlateDecode >> stream -xÚÍÛr·õ]_Á>…ʘî—dúà$rê4qRG™>$gE®ä“KywiYiûï=¸rw ®”J™éxl€XàààÜÏLfþ™HjfÊp$0³åæÏ®áÛ×'$ÌYÄI‹þ¬/.NÎ^H:3ÈH*gW=Xa­Éìbõó\"‚Nžùý«/¿þéõóSÅç/¿uº Ï_¼üöÜ÷ο=ÿîüÕÅð 33ÿòoϸ8í¿Éä‹—¯¾ò#Æ7G ¾>qþúü՗秿^|sr~‘Ó?0ÁÌžäýÉÏ¿âÙ -ÎýÍ FÌh1»…cèlsÂC‚3GÖ'?žü#ì}uKsäœ I›-´DTIq|[¿†mCW¤”У]R#I°å ÖˆÒ=K„ê±Dqd´š)"eŽ#Õ͘&Z!ÁŒÙO{Q(Ö:O’E¸èC<ÄÎ`$è½›¦¼ª>ZÏ^pÖ›M(ô³›ØyÏëÓcxþòh©™×ew»mÞùÁö¦\V¿`LË•ÿZ´þCQ{È<ÓHs.äC1E¶ç|2 -%ˆ÷ˆµÕ¥ŠÕªÉPˆ2d¬Lûc<ƒƒ&\m×ëí)™ß:R .ï)jÞá® d–µßaû'³1Ì4L›0ó¶êÞZ;ž$[R°‹$r˜ -1 ;‚¶Â›!A ÿ QDCøŒæHÄ)(¤2=<‘FxFÕPtˆ‚Ƈûæøbú›FòàiòÃe<é/Ïí |PQ>ÐX_¸…²¬ì¹›Ç90PÄ LŠ³õpqÅ1Ÿ(5GŒp5饢 -ÉÝß•wã#ðëD‰ý¼ÇZˆpч˜ñŠ ƒVçøU«¬G:€ˆE˜smqE£`¯¶›¢ªl!ðž3¥žî¤ â=G¥ -УR ÏZ›2o›ÀF]qž ¼ñM[Öõ -æÐ9Ûqp Ç'²#…oÚ·…_·ò¿-ó !ÖcRÎlë‡/ƒÕSÀ¡ÈÐèíZ·Ú9ØÆwº¦¨ÛbÙUÛÚ´år×T~\¥úÒú8ëJ’À+ÌÙ´N)Àê{u*Î{:êAœÐ©>~ëªí¢U-q?Ùõ¬01&æÛº o7[/U5´¬Æ,Zã a“ऄy:Ê$ˆ÷†Y÷¦H›¼½ ÍŸ¢u¦)¿)š¢óá%á¥ÞTËíz[·~<8^Ð"FO3ðe½ò - j³woEÔ£jB‡zÒùT:ñ™–⸺¸â¨QÈŸÀžÔ!AfðÅÙBOgxÁH>7=)j^oëE]^]õ¡ô#Œú‚pߩꮼ¶!ºýacû -•È²R;ûè „ Þ­ƒà®´a¾ý}Y‰‡&(ÇTÔ ŽKØj¹Þµ€ŠÍlYýK› 0 -@–Ëò¦+.×Q*çŠõ®ôŸ6ÕõÛÎ^í°çy”¬+ˆ†£1¶Òçl±sÐYná¼;ÿ£ -†ùömµ "VÅO­o­]Ÿ³'jøƒ1’TO×$‘ˆ(ìixStol5ÄÄX›&>ÚV€‹>ÄCü¦ˆkØ -ÑÝÓ©çïw[oŽ ßv3,LªÈv;|[­×¾wYúÖ;tÛsµÛúÆÒÆîn…Ú¨y»‹0`Þ¡¥éÄïà%Ú3ˆÑ»²9ÛÜ¡®l;´ÃƧ‘` W÷Fá}?•¹³vœä‘í´ä˜$r i'%Ó¸0ãá¶ú½<&‰iâ“Ibâ„$1¼)—‘D—ŸyK -!賑]ºõÁBp³õ‚‚¤InvWGw¸§`HÝ+øXÈ)}ÀV›Q¦bL½*¯ŠÝ:q‚4O¥7´¯X<°Æϳ6 He…ý‰\Ð,ÇE€üu&40sýøp(B\ôAfÂ!°ðŒkºßy‚çT#NÈ0%y¿oýÑF'sê² ™c“LŬ©Qá`S|¬6» ÌÅ}(ªµw™îçf»«;p¬J˜|öÇ Â›­ƒÈ’ÝÖ©5#b&@ƒ8óG“=A\ôA’sŽ4ó”¦M‘]!mxR¶lƒ@BäD Õ/“8^DÝ(Bï¶h‡±Á•×–eTWãèS[6Êf´¼íŠ¦ ¡ÃØ dYâHS’q4Ìc¶0•$lY¸@ÌÌ·76Ë,Öë;ÿÛ91h]±×WzíhøêÂ:p…Ëbí}¡ ‰ê¶ù,c(áÖþDKö÷ Và Äå¸Èµm2àC‹x‚whúãdÄ\6Í4Ÿ¿«ÖÛË;ð—Ï2@%åiÍwG€Ê(ø@ló`Ä6_Äœ˜}EqlÄ©Ðú×O€áõƒ1¼®R-’!ˆ)FlÚ£ÏKA‘N@Jßu¢-¸@î&R×ý4ýfþ Îù4ý“S€P¥m¶‰ÉºWóVÉÞ§ÐÝì\ê•s9(þ„4>¹àͶ~…ä ŸùÀЮn«ëÚ)–)Ê a³"›ê`êjA ¬5ÑœKÅ9VLa{.I\–CÄA–óæ?µá -c\ðÂÊLò!¾]"M°Ü×™=G¥­©Q>™¦Ë²Mv-fBÛ` Š+Kù`ÁºA‚í é͉³”¾>v]Ž£˜ãi?Ò{dôøgV±8¤Í”é*—)ÁÚ$¹› “µ)FŒÍ3Å:†Á]S-}Á‡ËFøÖ®‹¥rµëv—¾çʈ¦¯gTžª,½Îvïû8X£°½ûßV¥;i8‘Vàø $ ñ¼ÿ®îà}UÚê¨}We9¡ö=N“¶÷ž(2NDò&=Q$ ÎãùóÕ -D%8ÄïŠ.^|[Ù¢Îá3 l«Sº•€ýx™ÉÇ|‘¸¿ªð›¾ÙØýÞø›F[¢ù«o?¿)×åÒÿýsçé£]Hþñ¥Ÿûµ¡øök°œÜ³Èí.ì— -Xða{S6…=!˜«=6ä½Ëåð=$i4mowJæEêkh*Õ4G4×(̽=Y/²A·ázŠè>Ù*¹­vÛtGîóG”é¬íŠÎI°?¯ð!¾E:Hv Q¼"TÄRµíªn×ÅÇSCîÒÀ]¯NZ bS¡ÑUeLÏ]%ÏgìQ´BîíÞªôp_Ó«êëÏŽ½e& h¡%Ÿ~¼ÝŸåL#áýÈ’(&{°|!„¨ñ¦ -àM§7“7zt>|å`ÓHû°×Qf@fá­ÌË>ðáuŒÈ¨ìY"Ašˆ)&÷©7k‚HqÖ½DšÚtO¤ñ¦y"õ7)Ô¬Áú¸§R¬iÿvöIHæ¶SöIBÙ[/ÁÔ=„êÍš Tœu/¡¦6Ýj¼ižPýMC…ËyG°¯FYïÊ[ùÜ‚ŒÑqE >äg¬WªÊ&ƒsŒÞÖj­Ø4¹{“ŽS;NºØS;&ZwÌ’º¿ã¾bàßÝõlY”ÖUÞì#¬½mqdÿ(ÏJ9xÜTX!Ç[ æ¡<‘1z©ØÏ9Α0ç>†Ll—ø1Ú.ËŽÞvE| ܦ·1£~Y/×Ûô¸1Z˦XBS8-ý0üqŠ¾ýmö”‡iMó´H¹@@Ê=Ö˜ Q¤Ôÿ ½¬Vâendstream +xÚÍ[[sÛ6~÷¯Ð>UîD0î—vö!mnºmÚMÝÙ‡¶“Òíp"QIÅqw÷¿ïÁU$ÑîÚÙÉ$„@ð8—ï\€†?d&$’†š™2 LÄl¹9Á³kx÷õ cqТ?ê‹‹“³’Î 2’ÊÙÅU–FXk2»Xý<—ˆ S €ç_~ÿêÅ˯zýüTñùÅËï_.¨Àó/¿=÷­óoÏ¿;uñ#üÂÌÌ¿üÛó.Î_ûw2ùâ嫯|ñ#T_Ÿ¿8}þêËóÓ_/¾99¿H›éo˜`fwòþäç_ñlûþæ#f´˜ÝÂŒˆ1t¶9á‚!Á‹=ë“Oþ‘öÞºOs äœ I›-´DTIq|Z?†iCS¤”УYR#I°• ÖˆÒ½H„ê‰Dqd´š) "eN"Õ͘'Z!ÁŒÙ{S(Ö:Ï’E$¸èS<\ÁHÐñònšòªúh—xö‚³ÞhB¡­˜ÄŽ{^Ÿ.Ãó—?À“šy]v·ÛæïloÊeõ Æ´\ù·Eë_µ§ÉC‰R RÒâ°)‰*$±ŒÝw~ÇÛMÕuå +Ø&›¿Ø6¾»üXlnÖå³@ˆŽŒ‡p€O‰Pu¦sóI$Ž&VF[q9¡\"bñ-ïpV:KŒÚOŠ°ý“™F¦My[uo-Ž'ÉЖp‘D S!¦iGÒVy3ì1ì?-QÄ>£9q +©LEa‹È#2£j¨ºGDAãÃysr1ýI#{ð4{„á²Çžô—çf +^¨¨hl/Ü€AYQöÜÍã˜?b&Çl=œdüâ˜O”š#F¸štŠÒS…änÃïÊ»ñ– øu¢Ä~Üc"\ô)f¼"Ø µùÁúªUÖ#@Å¢G̹6Œ¸¢Q±WÛMQÕX²çL©§Ûi¢xÏV©‚åQ)†{­‹M™Ç&p€ÑVœ'(oü£-ëÎúŒ8tÎÅ6hqç‰lOáíÛ·ò¿­ð !ÖcRÎlë»/ê)ˆPdz»Ö}ílã]SÔm±ìªmí;Úr¹kªÎ?nR}m}œŒmŠ?¥MIælÚ¦”@€:ä^›ŠãžÎ¦z'lª¿¾uÕv±*ˆ–¸ìZV™óm]†ŽÆ?7[¯U3´¢Æ,¢q†1ŒIpRÂ<gÅ{Xì{èò&7Á¡ù]´.À å7ESt>¼ä!¼´Ý›j¹]oëÖ÷Ç VÄbàiþ±¬WÞ€Álöî­ˆvHMØPO;ŸÊ† >ÓRüW¿8jCòg´'mHP„¼qXèãéŒ,¸Í禧¥6 ÙÖ‹º¼.ºêƒUNH˜]@üíßVuW^Ûèܾ°a}…Jd¥¨•ËÄ>~·#.!®+m„o_`ߥˆ‡hLãF*j„%Ç%Lµ\ïZX…Mlî ýK›0 +s-—åMW\®í©œ(Ö»Ò¿ÚT×o;ß{µkÊß°x”¬+„#[Ås0ìðË-ì÷cçT“oßVË ]U|Õú§…ô ëÉîqêð§F>#Iõt9@‰ˆÂž‡7E÷ö¦!6 Ú4ðÑ0.ú×G0E\C¬>Xá‘x€0Ñ=zþ~·õHí¶k¦0©¢Øm÷mµ^ûÖeéŸÞ—Û–+اXÞØÙ­R5ow‘Œ;ù‘Mü¢=ƒð¼+›³ÍêʶCûl¼ ¨h¸º7ïKø©ÎB2øÇ?¢Ûé“cšÈ%dœ”LÇàÂPÈIŒÏÛê÷ò˜&¦O¦‰}Šš8\áM¹|ˆ&ºÔÌ#)DŸÏF¸tëã„àa!3êÅ I“<쮎w8§`HÝ«õXÊ)}ÀT–Q¦b8½*¯ŠÝ:q‚4OU7´/øx€Æϳµ5`H…ýŽ\ЬÄC€Ôu&4sýøH(R\ôIf"!@xÆ5ÝÏx]MyÕ”þÞÆA€*,Ì8NÈc#÷Wp¨[ܸ° oÍÿéò#!y( ÙVz +ÿ°5°Ü^ˆMŸiºØðÜðH#ˆ0D»ã|îÉâ!QÇÀ|´Iz7Á&‹)FŒá™bÃன–¾`Ã9#¼k×ŇÒw¹ÀÚõu»KßreÄ èëÊS•¥÷7Ùî½ß(¬FWãþ·¯Òq4ìH+pü PÐxÞ¿RwpµŽ*m uÔ^©²’Pû‚§ÉÚ{·§"y“n'PgŒñüùjªâwE ¾­lQçð†¶U»Rº'•ˆýx™ÉÇ|‘¸ÿUá'}³±ó½ñ‡Œ¶DóWÿ8|ý¦\—H{üûϧ¸8ÐüãŸ~î¿EÅk_ƒÏÉ=Ÿ§ +Ï¿„§;NºySD&Ú1gë²¾¶gyöÇ¿/Õž‡º1ÐxS­âxÏåú?Èïuþëw|ÿüÃÝX;”Û~¿\þ/æÅGƒø¾*íåÁºÚŸå{Ë„ÆOmq3þ‘`­6y›oým‚MÐ(h®FA“ö@úošjS4•KÅàg¸b`¯4„ «²+›MU—áãå2‘·‡]þvÜÚwøk Ðø$·»0_*`Á‹íMÙv‡/ÖzlÈ{—Ëá{‹¤!д­Ý)™‡%R_CS©¦9â¹ÖÀé÷vÿe½È ܆ë)¢?z[K¨ä¶ÚmÓ9ÊgQ¦#±¶+:§Á~¿Â‡øvÑA³â¡"–«mWu».n>ì²J—ézsÒ› +Ž*czî*y>cªrowM¥€ûš^U_vì3aÀ -ùô½íþ(„÷#OH¢˜ìÑò…¢Æ“* G4ž4:œtèÑ øTð•ƒI#gì^Ç™›…G™—?|àÃãè‘ÑسL‚4SLîaRoÔ“â¨{™45éžIãIóLêO:fR¨…YÀú¸çR¬iÿvöIHæ¶3öIFÙS/ÁÔ=Œêš`Tu/£¦&Ý3j> endobj -831 0 obj << -/D [829 0 R /XYZ 56.6929 794.5015 null] +835 0 obj << +/D [833 0 R /XYZ 56.6929 794.5015 null] >> endobj 246 0 obj << -/D [829 0 R /XYZ 56.6929 363.2968 null] +/D [833 0 R /XYZ 56.6929 363.2968 null] >> endobj -827 0 obj << -/D [829 0 R /XYZ 56.6929 335.217 null] +831 0 obj << +/D [833 0 R /XYZ 56.6929 335.217 null] >> endobj 250 0 obj << -/D [829 0 R /XYZ 56.6929 335.217 null] +/D [833 0 R /XYZ 56.6929 335.217 null] >> endobj -832 0 obj << -/D [829 0 R /XYZ 56.6929 306.9099 null] +836 0 obj << +/D [833 0 R /XYZ 56.6929 306.9099 null] >> endobj 254 0 obj << -/D [829 0 R /XYZ 56.6929 226.5017 null] +/D [833 0 R /XYZ 56.6929 226.5017 null] >> endobj -833 0 obj << -/D [829 0 R /XYZ 56.6929 197.9796 null] +837 0 obj << +/D [833 0 R /XYZ 56.6929 197.9796 null] >> endobj -828 0 obj << +832 0 obj << /Font << /F62 634 0 R /F57 624 0 R /F43 600 0 R /F42 597 0 R /F58 627 0 R /F14 608 0 R >> /ProcSet [ /PDF /Text ] >> endobj -836 0 obj << +840 0 obj << /Length 2750 /Filter /FlateDecode >> stream -xÚ­]sÛ6òÝ¿Â{(G4Hð³}j\»u§u{‰2w3Mg&!‰cŠTI*Žþýíb %ÓIgÚÑ]`±‹ý†‚s¿à<‹}!óè<Í#?A|^lÏÄùp?œ¼fa-¦«Þ,Ï®n“ð<÷ó$LΗ« ­ÌYœ/Ëß½ë¿ûmyóöbÆÂKü‹EœïÍÝý÷ÉésýëýíÝïß~w‘FÞòî×{¿½¹½y{s}S û¦ð†ۻŸohtóóÍ/7÷Ëw,:»Y:a¦B¢$žýþ‡8/AîŸÎ„/ó,>‚‰ðƒ<Ï·gQ,ý8’ÒBê³wgÿv'X³uîc™ùq¦37ɹŒs?‘¡47xSë­n†ä’Ò+TCƒßÐkôZ º$àS5lh¤èSkUVÍš&úSQ«­ª¶¡½[Õ=ꃈÅÿ¾ú>Ák„$žj˜æ°Ñ4€S¯«~ Q£¶º'jÂ0RÍ?†Fj MÛh&à:AàçqÙQ·…ª7m?ðÆ(äÃeŒ =ô8!°ê.‚ÌÓ4ÙѤÔ„]‚‰¤ÀÙ/í¸HxU³j;+;î²ßŽfB, Í5ãàq«voyªÜN='S©û¢«v|Ë`ŠíŠ¾t‘0PEMƒ~Õ¡r}G(óÓ< ¡%­‡Û(ËÊ’K˜\lÉ%Þ£>д»ï¸U¥>Y‡âMI$€ªzõ‡fPÅP´G“Í1®ÝjXi¬h²YÑÒmÕ7° CGDµÇ™×WM1{5½.ö]5 »©D¾ñtØGF²QÃÄ( 5´ù¨êª„Û"¨* -Ý÷„A›o÷MHåk²Š>hj„1°­§Öx’.K"Ò÷`H2Þ=X0\b #¦çô:ènK#ã -#!Zÿ!úY3ΪޚCU³eð«1TÚýš¥œZRÙ{T”±ëY#úÏF£¹JâË0÷ÖÕG ¹û@Gœ"/ìYèWŸƒ¬"¦h·;vÂ’0xˆ˜=îˆ( X|Ä¡ø`+2ÊI £…s1tê£îÌEpã˜CÝ‚ÅÍXؾ;„»ÉÃH˜Om9Oˆ š¢„= ÀUºci a¯±õœlÝî&L©wº){‚ÛåO4”Ž€¤$€r°ÄcxýÃEàir(˜±®a!jÎÀœµƒÆ‹¶È ê×l÷Ø?é"u³°Ñg×vCÏKÁ£Á1N±ÝÁV‰6lz£8S››ÄX¢˜/NCŸ³AÐ6‰Š#Üg¾Œ±2Êc iíÝ“ U.ó!ÀZ’ªëö©?!kŽ²g3 ·tN„—º© ÌXQÃ$N½»Ú£É.Ñ@$ë…¼ÜÚFæc9rãÖI:­dšË S¡Pn˜€aZe…‰ôEœk†#”uÑ´Cµ:ðâiA'~¥)/~=C.ñ…p ˆÚŸ{ÝÍ‹} {¿@+9¢>Üô+òÕr `Y–|†Þ"Š&ÇZ0”÷;“fèB!Èø3tc? -epÄ'Q[€>©ÎTLÏ A %c9Ê೑±ª-ÁR)­–jU&˜èj›¤ß“"'°ãлmíêOj»«õlñEÒžx.Õ?ôåU}‹A8÷¾‚Pf'ývÆ'¡“inC•(¡t[pŽ—Ž(ª‹Ì=§ƒç3‹À’j®€°ºeÓBŒ£êL„¦än¸Â¦$\ÓÈ{óÔóàXµuÛ>îwh ÒT0ˆ&¼"Øxf`•Hw'Ö5Þ=5" ÌÌ{ß!ð(¬PÂȆÀ¯hõx•ÆÆí盦~$6曺ÒØ:²ÈNqÕÙ>Àýêá@ˆúHUN0Ñ5h«ÃHäÇó㣭£ ‘i0éß5i¶¶V¶oÇÚ‡{Eì¸èY¹Å“*Ýw÷æxY¡ÕÊ Ò£$Îð!#¼XBïºÝŽõÔ;ìÃ>ÍÜ?D«žô†©{JIè)%E œ´nDÎ lY„p2“q5ƒ™àÒÝN«ŽÛ¼æð4V8ˆeMBðÀÀ~§ -n÷£#™ôYTâÊã·"A~´Šõ¾³ºI2c'µÆn býò"½–怚vRòI­õ¬;’u=)½d¬\¾Oà˜ƒf`ÅìpŽJ½ë×ü½¼4¤B¯mJzhë«î\Û@qž»Z QPdŒVâl'SÓˆÓ—MãÊ°ûyšbá䧑Œ â•AØëŸ –æ ÔÞáWчô‚#gUkW7ô½&Â5EÌœÉÌLàWì·"Æãè8_]Ý¿Í×åå\†ÿ×?C‘-ßßßý—FF×–680ªÿ‹ê¶aá{nëÆåú²÷½Zë/Ljë‰o ë•bâ•â™s çÜ‚œÛ¹õ N:Éña÷¹#ã³;òŒR®Æ+¸ûqœc‡ÔªAï›Ò¾J"hxâF«Ø¨NƒñyD\½"8>möµêm†äð“VQSˆ£4˜žñêŠ †ìâ'.C "Ó¸e®jœÂb@¤“WK‘W -0/u u;õ£0e.„yGèí'âk." o;òôf)(zá—»mAÁ‘åš&mcÏVôÁ§z2 7Ñj(ÍŸ(u̬ìí¾ª]íêíŸ]>§ùðHóС¡DTÄf|ïî©D”Br‰PW"ÂÌ>yxÕbÒãp깑®#j^-}[÷Ë`$¼TÎ=Fþæî„ŸƒÐsè~Zlpß@“WWß̇ñ£ ø„qs¼‰JäB8D½N‚ äÏIôœ ¿Pš˜öŒ¢;íˆæ"Hý\†'ýæŒtñKÒÅ/%©Æä¢í:Óƒ0dìíÎMè‹VcÌà%Ñ¥ˆü,N²f¦Ùkª›… „ŸÉ(úÒ­áS~ë¶YcI9Í"¦~ÆM(¤B ò×séI*€B<õƒ( Ká§ø†b|íòÒy[”O½ fl$8d ¶ï³f€qÖlšÄYœc¶Æï4Îr6DÒ”²—9|ªÙ[²íÉ9Ú®35Û³ÛúÅœV…2-Sb¢ Fd™a…|  "86¡aÌDISUPÕHZ2‰]8ÃÏè±—L"~ôN°3áµmú]{Ƹ "gĘ ˜ü"«ÕøÇ ¼Û½ 'üŸÏ$Ú•àÛ¯ªLÒš»·6tsìü楿Jeìãÿ›3l -×âüí¿QÇ?™£Ô—YÎÿC - ÑÏÂ<µL¡ a~ʹû¿õ9ëÿ×kendstream +xÚ­]sÛ6òÝ¿B{(G4Hð³}j\¹u§u{‰2w3Mg"!‰cŠTI*Šþýíb$%ÓIgÚÑ]`±‹ý†¼™€Ÿ7KBWÈ4˜Åià†Â gÙîJÌ6€ûáÊã5s»h>^õfyu{ù³ÔM#?š-×#Z‰+’Ä›-óß»¿ûm¹x{=÷CáDîõ<Œ„óæáñ{‚¤ô¹ûõñþá‡÷o¿»Žgùðë#ß.îow ˜iØï1…6Ü?ü¼ ÑâçÅ/‹Çå»ë?–?]-–½0c=!Q’?¯~ÿCÌrû§+áÊ4 gG˜×KS¶» +B醔R^½»úwOp„5[§.0”‰&~ø~ ª~ Ø@ªºÒMÀuÌ=ÏMÃÐ7²!¢¬3Unë¶ãχËÔTºkqB`Õ\{‰£i²§I®?áW:‰³_êa‘pŠj]7VvÜe¿Í„XškÆÁŠqëú`y*úzJ¦\·YSìù–Áë5}é"a ²’mªCåº=¡ÄÓ84„–´n#Ï K.br¡%9OúDÐî¡eàNåúbŠ7&ªhiÔžªNe]‘ÑM6Ǹz§a¥±¢ÑfEKwE[Á‚Õ&N[TÙäÕ´:;4E‡ìÆùÆÓauÌF _#'TWä£*‹n‹ *ËtÛm¾>t4!•oÈ>.H(ú © Ä@À¶Žµñ$çD¤mÁd"œG°`¸Ä FL!®×k§›Œ+ „hý†è?dÍ8+ZkEÉ–Á`¬ÆP©–rlIyPQÆ®'è?[æ*Š/ýÔÙ-äá7qŠ¼D°g¡_}" ²Š˜¬ÞíÙ sÂà-bö¸3¢€`ñ‡âƒ­È %Q,ŒÌEרº1aÀUÏê,nÂÂÜ!ÜMFütlËiDLhÔlDìa.*ÐKÛÙ {­§dëv7ar½×UÞÜ.?nÑP’’ÊÁáõ«kÏÑäP0c]ÃBÔ”õÖÏêª#ƒ(_³ PÜcÿ¤‹ÔÕÜFŸ}Ýt-/5Ç8ÅvKX%Z±é âŒmn`‰b¾8 }ÎAÛ$*ŽpŸù2ÆÊ(Ïe$¤µtO‚@V™÷™ÖºTYÖÇö‚¬9ÊžÍ4úýƒs"<×Uy`ºˆ– aì<¬ÑM~ì dA²^ÈË5¡ ad>”7ý:I§åLs¹e*Ê P#Œ«,?’®S`Íp„²Î«º+Ö'^<.(ÂÈ ‚8æů'ÈE®ý¢öçA7“ÄBWÂÞ/ЊÎhWíš|õ‚\X’DŸ¡7Bd…ɹ åÃÞ¤ƒ ºPˆy2ü ÝÐ |éñIÔæà€GÕ˜Šé9aÏ ¡dŒƒž2øl`¬jBK°TJ«¥U©²§m]N±Än…ÉÀ MB‡yÇQÄØ 8ô †b*ǨæÅλbW”ª)OמçY6m±Î*Ý(ñyˆŠ#[¾@©}¤¤aQD\EG´ºùhBDD)a`Ž4@{ßó­ª0¥"¬´ç@¹È®Ïè¢?fPrè¯[^8Ü‚fÐq[˜{€a^Oy+±qžxû(†O«7ÚŠé¥Ä–o·CmÓvsKpªÝ묭÷8«d¹©¡âÙîP ~HIÉQ³ZñÈÖ°-ï&h{Xµº;çHt›8PóMpŸ¸ â( l6‚Q E‰¡>‘˜Ï¿Òë¾pÆy¿qE!YåæTØ绬¼J6WI Ãö!™ÀDÃØ$EøV˜9‰€ûÎ}mWR»}©'‹/’öÂûpç٨湾+oýà[ ©ó„Z?!(8é·> }˜ŒSê¨Dñe¿gþp鈢ºÈÜ#pÚip>³,©ä +«[6-ÄôT{¡)¹®°) ×T'òÞ4výÔ;WmY×O‡=Z‚4 ‚¯6žéYez²¿ëïžPfâ¼o‡xÖR•ãtAA Új?éùŬ s|²u´!2Ž&ý÷MÚÊÖÖÊ–àõPûÐa¯h‚ý=ë~ñ¨Jwû{ëyY£ÕÊÒ£$Îð!ÿž{Bç®Þ õÔ;ìÃ>MÜð#×G«õ†qÿ”ÑSJŒ8j݈œAزád&Ãj3Á¥û½V ·yÕé8T8ˆeMBpÇÀv¯2î÷£™øYTâÊãw/D„üTh›Ccu%ÆNJÝÄúåuê;5!Ì%í¤ä[ëÙ4 +$kZRzIX¹x* xÇÈ›œs"4õ¡€6}(|à˜f`ÁìpŽŠ»×ü½¹1¤|§žlJZhËÛ½nú¶ÿ„⎰;O¨ænn|ƒ{ žì“ÚN5!è•SÚ·IuGn·²­jTÖÏGÄí+‚ãg[ªÖ¶bH_;iµ†øDJƒñ¯n b(À.~è2D R1í[Ò׎ÓDXˆxôv)âózæ¹.¡z§®¦Ì…0¯ ­ÝÓ‹øšK ÈÞ=yz¹ÃðË=· ɇr哺²g+úàƒ½’ + +œ„›ˆk%èç ”@ŒÁ°²w‡²+öe_uWøøò9Íûgš‡> %¢R0ëwK…¢’ E€ö…"ÌìÃ'€×5¦>~§ÎéöDÍÛ¢¥o«é €—¢w’¿©;áG!ôz‹—Ü=ÐäÕí7ÓÁü,þÁÜob¹Q¯£Ç¹S='Èï”&²=£ØŸvFsîÅn*ý‹®sBºð%é—RUeÃrV7éÄ òönßOè‹VcÌà%Ñ¥Ü$Œ’ fÆ9l¬›¹ô„›È øÒ­áƒ~˺Ú`a9Î%¦~Æ/¤ëC#ò×3êEB€r> endobj -837 0 obj << -/D [835 0 R /XYZ 85.0394 794.5015 null] +841 0 obj << +/D [839 0 R /XYZ 85.0394 794.5015 null] >> endobj 258 0 obj << -/D [835 0 R /XYZ 85.0394 497.0473 null] +/D [839 0 R /XYZ 85.0394 497.0473 null] >> endobj -838 0 obj << -/D [835 0 R /XYZ 85.0394 468.4726 null] +842 0 obj << +/D [839 0 R /XYZ 85.0394 468.4726 null] >> endobj 262 0 obj << -/D [835 0 R /XYZ 85.0394 408.9221 null] +/D [839 0 R /XYZ 85.0394 408.9221 null] >> endobj -839 0 obj << -/D [835 0 R /XYZ 85.0394 382.8699 null] +843 0 obj << +/D [839 0 R /XYZ 85.0394 382.8699 null] >> endobj 266 0 obj << -/D [835 0 R /XYZ 85.0394 310.3501 null] +/D [839 0 R /XYZ 85.0394 310.3501 null] >> endobj -840 0 obj << -/D [835 0 R /XYZ 85.0394 283.0525 null] +844 0 obj << +/D [839 0 R /XYZ 85.0394 283.0525 null] >> endobj -834 0 obj << +838 0 obj << /Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F57 624 0 R >> /ProcSet [ /PDF /Text ] >> endobj -844 0 obj << -/Length 2301 +848 0 obj << +/Length 2299 /Filter /FlateDecode >> stream -xÚÍZmoã6þž_! j£k._DRì}J³I.E7í%.‡¶À)2 •%W’“fý ßd9Vì¤ñÁ+¾ ‡ä gž‡tH„ቸ@BQI#Ž ²ÅŽî ïüˆx™Išô¥¾›}<4RH *¢émOW‚p’h:ûe$EcЀG'?^ž]œÿ|u<–ñhzñãåxB9]üpêJçWÇŸ?_'$ádtòÏ㟦§W®Kxß]\~r-Ê}žQzuzvzuzyr:þmúýÑé´ÛK¿3³‘?Ž~ù G3Øö÷G1•ðè*¥h´8Š9CäíÜ ³Ë¶²ó´N³V×n¥.g”¢X°–lVúÕÀf€ãÌÊËÕâF×~æü®ô«‚)Ór–W¶y¹rž0†‘‚æMƒ·UPÐv4w†ßèYÎã9W3G惟°qß¼ôáøÍ7®ìƒ:WK¤•væ³`{ýgºXúÛÃtCo˜¿7HÖ¿-¾zC e9®0Jlæ%iŽP¤‡Ó,4¡H*?¯ËàËÈMUk8á€BƲˆpî;sÜF‚"&‰ˆ¸”&bk¢÷"„‹˜AÃ%"Ç`:º²ÿ2ºèÊttþÔV0 –p09cN›µUôXA‘f1Bý²ÝýÚ*¶áãÅ‚DŸ*ØcÔÛfP<ék¶ÛLâÞA°)˜ŸÄ0së?cƒ÷!ÅXŒ²´,«Ö•Wv{$L¡Ñ‹<«ŠªtU“!þû¯]Rˆ%¶égLàôÚäÆV~(ÄŒ)¼òÔÏ玕—YesßÛ¸ïã˜Úµ à3Qµ* ‘0Û´À83zMõ˘ðQ¡fk¿bL!!C“wI\`šžÞŽÌ輜AÈ´ºq½m³ùʘ(1 ~H~F÷ÝÊm»Íƒ"Øn«'C>E±Pˆ&*‰úçômGßWÎþš.¼-0ûÑ$‘À2ºh¢‰‹í“ ³+Ì• -ì ²"†TrÒÍÌr³¼ðp^§‹EZ?ƒµ L¬Xˆ> -a扔”ûd[ú3MÞX ;ðµn -è -u‡jVG• ‹åèú‰œrƒÍP¯1¨þÈÉÐî@0åXÍŽ ¸ŠÇxsª!£Û’.tOº§­×’–^Ár©ÓÚ•ÍJ«••0ç9+ª&/ï\ß m÷ŠÕèsZzý=ë düi@ãÔ}nŠ*û}Ù›ÕÍd­ÈƒùÃ<ÏŽ !£.\[çmæ~êAz@2Ž8gÉ2®ÁŽæ´W3½×ƒ^®ÙH—Ží°Yo=‡2Zˆ‹Ãå*˜RÄŒï1•ˆ$>ü®÷¬Yê,7²6Ø«Á½„¤³èhv9ÈôXrlZrß“®à˜ÃU8ëH -tÂuVƒt°Î¿ôXЪéjz}q¾Ã]=K*KÜ] -’1ºÇ]˜!*c-pg½3&x˘FaÙ”Qb 0„úÞæ|h½–{ÄáåÂÑú¯ÇYY§`(“ÞÁ½aÔ¸†À€¦¤õÁ]}KÖ]d@“QBéž”DaOLÄUŠ‡Zþ-ÉÂÊ6@ÆV< Xàh¶ZfÀ€/e€‡¨Ä“F[ÊZ_hü×|À£ùÝÜ÷<èuÙ/§*ì11-³T/ íSVb^²˜Üt³¹ò,lCdx8³F\>hL:À3×æ'¦çŒ÷àOŠÐ=ù˜rŽbû[OÚµo^Å%wü1îø#´E¶bX¢“p$š, -6îBn«®¿iW7^eé55Ez?ø&÷Å> ˜dÜMféO‘î¦}³¼ßh' -t琉˜ß\r®–©^ï0“A\ÝÕ}Óߥehß¾ªƒ@˜ÆJ¸l­L6·w6èŸéÛtU<½”ºãuÞ{{|}çÛᲞ5Þ-ë§8F¸ÿ†9è1ó6Øð¨dm½Mu¸gº^_곡‡šµwLeóú¿t€:é\l.i“ï2üzOï–«PÙŒDq$dâ¸z[¯ cÌ&À$_•ëìu©'#;ÜÕ?]^_Ÿž¸²Ñ÷¼1û }¿Ö`%Lˆ=ÖL’”¹¨¾ÏõÃk­è¤ªèŽÛb=‡5ÚCŸØjBö -‘I‘ôÐë¯Í Ýa°ÞZe°—¿Qÿ?ÞÕˆ"(–‚E ýÂ…ðÛúÖoìT&(NH+HµDÄý•¶b1JºWÉ¡‡˜SªÀŸ½1 Ä[–i€qPã’y™ç› ”`Òåÿ'¯¢‹ô1ä÷"”²l µÌô:ß!ų¿2`‚Œ ýåŽö&š—þÄúw -¸U°$¡ÃþéÜèe ÁðÖÊÃTl/ýòÿ-Îendstream +xÚÍZmoã6þž_! j£k.ß%ö>¥Ù$—¢›ö‡C[àY±…Ê’+ÉI³¿þ†o2+qÒøŠ`_†CòÎÌC:$ÂðDB"©¨ŠbÅ‘ÀDDÙòGsè;?"Nfâ…&¡ÔwÓ£g’F +)Ie4½ t%' ‰¦³_FQ4 xtòãåÙÅùÏWÇ㘦?^Ž'TàÑÙŧ¶t~uüùóñÕxBAF'ÿ<þizze»¤ÓñÝÅå'Û¢ìç ¥W§g§W§—'§ãߦßNû½„û%˜éüqôËo8šÁ¶¿?ˆ©DD÷PÁˆ(E£å Θo)®þÕ+ zÍÐAüF”V»Šx@¡d”?~O$Æ£é¢hmÉ»En m—6-Ö·ö›ÚOV/—yÕz„nD•ÿé”E•k`¥B‚nMë'KýÀû-Íl-¿Ë+¿¨z=_¸±Ý¶Ž²žYZ–ÏM¸ÚÙK¿ÏU“ßõº}´7PöñŒ³HPMJ’XÕ׋¼,'m÷P‚"ÊÕèW,pÝØ£²Ê×÷Áv·öûP¯D3&É(¿ÍGl§›¼µ5g]¼/º…f–mdi“f]ÞØ•n™œQŠ¸d–¬WúÕÀf€côÊ«õò&oÜÌżr«‚)Ójæ—WuEµ¶–0†‘‚æmÀ»:\'r3ZXà·zV‹‡V[ÎÖô‘ùà&lí·¨œ;~ó-x|Poê)Fc3ó™Ç>ÿ3]®ÊüÛ`ú!‰æïuÎú·ùÀWop¡('F‰„ͼ$ÌŠ”|8ÌÁBŠb…ùÓºì8 º\ÑØVµI'C¢ˆyÜGC8÷=·‘¤ˆÅDF"Žµ pÑ¿’-cD ÇƺÈ1`CGWæH’Œ.ú2?Æ +fÁ1LÁ‚Óf°Šþá0‹ +Ëf÷TLÃÇ‹%>Õ°Ç(ئW< 5›m&<8è,A +æ1ÌlÄúϘp°> Žå(K«ªîlyÝæ¶`Ž„.´ù²Èê²®lUGˆÿþãkxŒMø8½&Ù±µ +>£K#§»BÝf5£Ã'• ãñèú‘\îå\ÖCF Â‘“¡Ü'uá“©ØÊõÐlÙ€­¸¯O5DtSÊË<îiç´¤•S°ZåicËz¥õÚHèóœ•u[TsÛw¤!7{Åjô9­œþƒ¬ê³qj?7eý¾ÙÛõÍd£È%óûE‘9î²Ù¤®”­§ +y³,*æˆÂ†ì¸© ·ò¾MâSÏ'n벬ïíNÞ6øãÙÛõjU70å·ý3‰Æqį1‘/1¾DÀÖ[¾ô×F©‘2èUj´#Øcgv[‚h¥ åqúr2`à #‹ˆ ëÊiVx'ÐE rÙÔ8˵V&’Jeâ%$ˆ*]jƒê–‹ŸlS:›Y´Nt™vÙÂLw—à´ph˜R`ÊÆ)Ë2+­SœB3¾.‡œ,í‰&ø£‚×ÚÝC’§ làñ6„µ-‘ñÆm^®Òïá)£ñ.wjÍ Íc%dï­M]¶/0\V:¯h=ÁÞ@lÀòÒu{r“÷ð:Ìo6äÞN.“c„ûˆçRM5Ë—%™_ܺ+Ê¢{BFϘpƒÎÛà~lAz@ 2„`É2¦Á–´×³|¯\».-z³`=‡ÍûÅábL)9{@£1"‰ ¿ç{kWyVh€ f›A€\Ð+:ËžF`ƒt!Ǻ¥p=éŽ9\…³žÔ(O'lg=H›âKÀ‚ÖmŸ©¦×çϘ+@âPQêàæ¢Pˆ£{Ì…¢1·©î¬s ÁëLÆb`†ý@É%–ChîL̇FÐk¸÷/fHÞgÿÍ8#k,!ˤs¸7ŒZÛàÙÂ@¢ii½7WˆÄaÍu@&4%”î IöÄ$·Y¥¼oòý)%¼%™´²› ¸BRJÿôdi®ZÆý3'¤óŽa†3*‘u®i›u”Å|ÑMîsý±n!uiˆn™¥Ž¥O¸È0Å‘uï¡úÎ;°~*PÂáʃ7° nî÷ ^ØÈ3g&0ÇûuqHPŠÐ=™ +¸àÊ´rß¾ŠAÆÂÚ’÷ Z¼"SÑ<ÑJXšM&¶öJnª¶¿íÖ7Neå4µez7ø*÷ŽÝ¢4 ï¬ÜÿIÅîÒÿP.endstream endobj -843 0 obj << +847 0 obj << /Type /Page -/Contents 844 0 R -/Resources 842 0 R +/Contents 848 0 R +/Resources 846 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 813 0 R +/Parent 817 0 R >> endobj -841 0 obj << +845 0 obj << /Type /XObject /Subtype /Form /FormType 1 @@ -2299,190 +2341,189 @@ x 6\>RgÈbÏWÖ¹j[†› WŒÏ¢®{6;»²þFÃÇñ÷ø]š¨)Õ/Ô¬Mu;pk;Ì©Ëdh<åE–ñ¬AÏw³ð¬±±Nê¦ó¡Ä½t•‹ùD„™Â²]°Ä(‡;„ ·åŽ°Š­r²ÂÙÄLûˆ T¥Í¡誋ŠŽt’¹w_ =Î]ˆ‹=¦uSä÷—ä"ï±yl±‡µÃ-ËkHsŠöreOÚ³êvg›<7ºt,‡Ýe—;ãÒèЭ/I…B÷&ê(ýê³ö󻉨YÙ¹Ç,çkRÔšÚ'^ m" ^˜h±ÎW9AVªy­Â©/fýÆ"•œãûFy-Sng \Çdª¼˜©Æ¥†Í}B©•µŒÎ$âw1.¶&Øíþ²C¶O–ÃVç X×9g¹E{îÇ< •ãóP)!ÍZÜÅŸLÞª~ÑÔ'¯UâXLµüc“ÅXsЖõÚ¯½˜Ó’~òBL–§èªÆ¹O¦ºNZ_[Èü.øšŠû*]3QôçÇñ!Ö-žendstream endobj -845 0 obj << -/D [843 0 R /XYZ 56.6929 794.5015 null] +849 0 obj << +/D [847 0 R /XYZ 56.6929 794.5015 null] >> endobj 270 0 obj << -/D [843 0 R /XYZ 56.6929 486.3415 null] ->> endobj -849 0 obj << -/D [843 0 R /XYZ 56.6929 454.4975 null] +/D [847 0 R /XYZ 56.6929 486.3415 null] >> endobj 850 0 obj << -/D [843 0 R /XYZ 56.6929 395.7282 null] +/D [847 0 R /XYZ 56.6929 454.4975 null] >> endobj 851 0 obj << -/D [843 0 R /XYZ 56.6929 383.773 null] +/D [847 0 R /XYZ 56.6929 395.7282 null] >> endobj -842 0 obj << -/Font << /F62 634 0 R /F57 624 0 R /F43 600 0 R /F84 848 0 R /F42 597 0 R >> -/XObject << /Im1 841 0 R >> +852 0 obj << +/D [847 0 R /XYZ 56.6929 383.773 null] +>> endobj +846 0 obj << +/Font << /F62 634 0 R /F57 624 0 R /F43 600 0 R /F84 797 0 R /F42 597 0 R >> +/XObject << /Im2 845 0 R >> /ProcSet [ /PDF /Text ] >> endobj -854 0 obj << -/Length 3138 +855 0 obj << +/Length 3170 /Filter /FlateDecode >> stream -xÚÅZKsãƾëWð*µÏƒÝ“,k¹ÖëÍ®|²].ˆ„$dI@! ••Äÿ=ÝÓ3x %[J¥xÀ¼ÐÓÓϯ3?1s†q•éYšif¸0³ÅúˆÏ®aîÛ#Ö$qQ2\õõÅÑWo­œe,³ÒÎ.®´ãΉÙÅò§ùéßN>\œ}ð SÆ­qÝä#ú¦ø™sY•mYW4’WKjüØä×EØFí?éÅMÑñÒ/Âe°8Jc—0LX×4Æ´™çMS^WMèУyX_Ö«rA=’*¶Ú:,«ÂDy,ÜĉvîeJs(X°mÅÝüæÆ}n€Ed®0Pí}½ùL²j‹ÍU¾(ŽÅ<¾Pu‘gËÚyš‡RèÕ dò<9÷ªÀá$ØÜÓIÆ7öªN[+Õ£æÎSfuW]…‰üɪ™ö‘Ê= !¢)š!¥ú™ =I§8×é ‡¯âüýM‰ÉxÕà©fJ{79*W(B/Böz˜"37ÿT{,+ˆHCË–5 VuK[‚ -_À\Êex#§Ç}þ@&Ã{˶Y—%z¦ÄÀ¤¤D}ªÿFVED®Û›†úÞˆq5@Í`ôн‡]b~^Ñ\sçñ$.a`‘7Å«) cMRuÒ­ƒ°jõ0@]1âuŽy‡fà}ŒØŠæýÃà ÂlŸ§p/6X·SC^÷DÍDÛˆŒö{íОçb½×öEÔÿYˆL2n¤ApƲ,Ãjn§ªSÜÂi2¨ê´JY -J}¤ªSYÆ´tº+‚T(‚ˆ§ëUó'J;ËT -žžJ_ÑE 8²:ð­–!X§Vyû«·+ßù½Ë˜,ÔJ‰`©V”ŠþJSÚ`ñ>GÂë·õ¦í¨RÇ{”¹ C»Å%MüJÃœÁŽøÿ\<4c202zù ½JŒ#HxÆØ›ÉRV.e –”²Ó¢~Šÿd=ëÕkÔ³˜1© ÎÚ±0éÕ’«ÝšVÙ BîbŠ,°Òp–Xáá’ÅM^UÅ*Lca‹£¾âg¨x`æòFB^ñcùÂ9hg“·õ¦¡ùHa¼QJ±Ï+Årf,·[ó¶*$C›RŒ·.Lõ1 5Åæ M©žcx·åׄ¹Ñ¦øZ:œîë!˜¢£a 7ÛUFÉuð¦Z.&”†&T Ê»¶\•íQ÷wžï*ì·¨Áï«e`ª e£‚ФtŸHD¨DFåb»)‹/E„ÏUòÍûOÃéænËõÁ5Údx…¤ˆÈm ŘŽ±p¶t5uRM]±€ÏÇáÞß&Jkh:¡†vÛ)Dvæ†7/Ì©{qúúM½øŒÎŒmôþ¢¢âÖäa8àëm±(ÑA›S™Ü2Ãu¼ò)o·“( üL;ð7ÃRxé J ›Î4IG0PÜ•Êe­l·/²çCê„q Æ3Ïà]äé€PÉÐ{ dFÂ~/%€ŽàahHžF@ -Àgªi¨ˆ[)0¯÷ ó ä­dèoo¤¤Û)é. -û¡h‚ÄÏaĆ5=óàQîó¼íÍÒ½R•:ƒ*OXpEwÏkG1’Ü•«4 ~ ñª[vH°ŠI¬€x¼9ÜÅ" RΕÜÅ -[¤`í†À¼ÛPy`}ëc. -:L+¶VÌü¾\-ýUÙX+oHûWªbù¢ ™^pàÓȱ ) 5Ž.ñ™/Å-q=ïKΛ†˜?„±+zgРŒ‡7”Ø |:»Sj@ìž_gÒ×;΄È5Þ¨#LÎÙí㎠£±gtãݵƭRj×3À©˜Y„ÍuqólcŒ“!Å][ÄÏE>û}›bf»2fŸ)ÚLÇPöúõTö rˆ%N¢5T‡W$ŇúŽÁ, ê´¬»Tß>z"}4ùkÑA0¯ê,Z64b­E9f¯0®à]2å´ñÊúö2_|¦Þø<¨ß‹€¢mtb!S®ÀÄ£Æl6SÖS¥ -Œ ë¶àÙë×SôbÂ…‚‹²‚„;€}Še¼­ÞÄÊø·r}·Žxdq·AÌ$„$ékœ29¿_R2Üu_m¯ÉŒ/FÈèCÈÏRê)«ƒ„nœ!ê½а,À>Xå)úm ѵ ^ÄýÖ½H&lO0áºÐ¼*u. å°¨}>t‰“Å è’J¼73ݾ  hΉL¯¨¾6&UcÅúÏ*»¿ èY:õå –Msæ{øŒ½a,-½éŒJÓƒNO‰n7±Ü @õ¢¥:ÇP“š}Åx„©î3£/|'"B†ª‹H1üdÅjT¯/}'i–Zo¡˜»ó¹†`@m#ÅÖ‡ÚÓAfãRTïžÔ&Ç“òÁ7#5¿Å »–Ò%t/ó`²’¢œQ{Ä$SpÕîvì‚«Vªpî°zzì)&C’ìïkÒ~cä’¾Hn£cˆ¦6õbÿ¼êr.¬Øý“Àè+rgxÉÄå -°]÷å³é›x ò0…›5`}+²Þèw3`nS̼ÂIý¸9L§`3‡XfL·¯¹Ëiˆá2QH±ò×-A8ñÛû´W@x…"_<âì#}At @¥`ovK“>û³Lfêå8Œs¨9Ø¥pbÄá>‡°8mD:£ïàåu¾ö/c>RP)i3•¤Íÿ½€N~×ÞÔ›ò_Ý]U6_@ËfM÷9tuësæóUèt±:Þ/ÃÒ‰\ƒ~˜uÁÂY4ø½T P€(üêùÁ)L'4ÈLJÐD\õäЄ€,í>XÅ+»¼¬‚$rzЕ/¶b!0Ú?Qx­cµ§¾ .™ÔÚͬß{¾€:zIOpâ‹!7 Feã®{c ¤!Þý Å×ÚÍÏòÅÔ[”œÅ„NŽ.,¼ÔY#½Ãg…¸iD?zV!ñ^Ìv·‡XÓØ}øÁAEuÀðÁøÐÕKµ£wð¨R &E*‡GÝgõ)¬0ÝUiC‡ÁÃ'P<|MÏâ7¨~Ú‚:ƒÛaè¼’‚Fº…ßð Š)Á|>žÿF¢ )5õOF>{ô_$Oýßdÿ§R Bpnðǵu­î?²¦PNJì|“Œ°Üeý¿ª9€endstream +xÚÅZKsãƾëWð*µÏƒÝ“,k¹ÖëÍ®|²].ˆ„$dI@! ••Äÿ=ÝÓ3x %[J¥xÀ`==ýüz@1ãð3gW™ž¥™f† 3[¬øìƾ=aN'%ÃY__}õÖÊYÆ2+íìâj@Ë1],šŸþíäÃÅÙÇãD>·ì81–Ï¿>ÿ õdô8ýáýÛóoüxrœêùÅùï©ûãÙÛ³gïOÏŽጀõ2Pسàíù»3j}ûñäûïO>ÿrñÝÑÙEw–áyWxýô Ÿ-áØßq¦2gf÷ð™È29[i£˜ÑJÅžÕѧ£¿w£~é”üŒrÌ8™NPË™,3FŽ$h2f•T^‚xhàœÏóÅŠŽ÷©ÍÛb]Tm8í&_¯ó žö«·&(…Ï©Y¦…öÄ<K”’*_ôöo\9“Še(”¤c W,—›¢i~]çíâæ×UÙ´~n²5™´ýûba|,àA§Œ[ãºÉGôMñ3ç²*Û²®¨'¯–Ôø±É¯‹°ÚÒ‹›¢ã¥Ÿ$2&„Ë`r”Æ.!a˜°*ÎiŒi3Ï›¦¼®šðBæa}Y¯Ê½‘T±ÕÖaZž Êcáæ Nì°s/SCÁ‚m+îæça«ë¢ û”±ÑÓ¾ò”êõˆ‘ÛM Vð@/wMAšRšI'ÝX­õUëˆ'èˆæÆ…>7À$2W訊ö¾Þ|¦—²j‹ÍU¾(ŽÅ<.¨ºÈ3ˆemŒ<ÍC)ô€ê2yžœ{Õàplîé$㊽ªÓÖÁLõ¨¹ó”YdàUWa"²êD¦}d†òFO]ˆƒhˆFH©~dCOÒ)ŽuúÂî«8~Sb2Å ^5ØGª™ÒÞMŽÊŠÐ‹½Þ¦ÈÌÍ?Õ‹À "ÒдeMUÝRã– Â0—rVäô¸Ï¨ÑÂ`X·,`›uIQ¢gJ LJê@Ô§úߨgUT@亽ièÝ1ö£¨ŒZ#£÷°KÌÏ+kî<þ‘Ä%t,ò¦x5…!Àb, É ÀCªNº¹cV­¨+F¼Îq"ïÐ ¼[Ѽ¢¾xD˜íóîÃëvjÈ랈¢9€h‘Ñ~¯ºÃó\¬÷Ú¾ˆú ‘IÆ4ÎX–ebXÍíTuŠ[8MUV)KA©Tu*˘–NwE +EÐñt½jþDig™JCÁÓSé+ºGV¾ÕÒ$ëÔ*oõvå_þCk¹“…Z),ÕŠRÑ_i(P Þ‡ãHX~[oÚŽ*½ø~R#w¡k·¸¤ßCéb˜³ ØÿŸ‹‡fLzF‹ßÐêøSbAúÃ3ÆÞL–²òp)kÀ°¤”õS´ø'ëY¯^s ž•ÀŒImpÖŽ…I¯–\íÖ´Êfr«P`•†³Ä +§,nòª*Va [ìõWÉ7ï? ‡›»U,××h“a I‘Û@Š1cáléjꤚºbŸŽÃ!½¿M”ÖÐtB í¶SˆìÌ _ܼl¨3§×‹ÓôÞÔ‹ÏèÌØFï/**naNº^±Þ‹]´9•É-3\Ç+Ÿòv;éÒÀÏ´3,…EOÈPNèÜt¦I:‚É€â.¨T(ke»}‘=R'ŒK0žÙxï"O—„Jî„Þ+í$3ö{)t @Cò4‚øP>SM @EÜ‚ÀH©€y½çh%o%C{#ó±LºlßCÑ=ˆŸC¥Ö‚AtÑÒìñˆaꣽR•¯3D +Š îž-ÖŽb2$¹+Wi¼™4ëw>$XÈ\ËhYWXDj—»Xa‹”cê£-àÀspÞMÙ|&ö>²÷EGû­Ä(þ†ždÛ0+êÊÍïËÕrÑ_ ¡>{]Åt¨Èpµ•Z UÅs‹OrIùœ¤)ÍAO¾X·-¥:ã= G}­æ;®èéÙÂ%Ai™êÀ¤§³U}X§çÇ™ÄÇ)˜Ñ*Úe@”¬00ØŸu¢Xló +/q¥¿ÜŠàc:€»¥{­UXˆ’25ÐÈ–qólkí(&C’µ5ŒI§›vÈZâ k±Ö¼6Lyýz*AÓˆUP¢ ØىÃ8‹6]TÊa+Ü»o!ƒx¯Rù(>ÐÆ™AG‚dæ°[(±k·N©>ímͬo/óÅç íÁµ:y€AµØ­jÔW»ÂÂ[Š4òáŒqø‰ î ×}[©7Ó‚<¯;ÁO‘¡š%⇋”Íà :¨T,ãåö&Ò¿•ë»u„/‹» B,!D@0‰ƒ"Œk;2çWã»FªZ†»Òç«í9™QãÉ}7é®ßcŒ ŸI¤Ôò”õ©Ò!Žê½qÔ°,Ø?˜å)zÚÒèò¯ó‹ž£^Ræ)˜pÝç‰ü/ “6ƒ|¡–ÆÏÏÿ‘`2 8‘ÿ¥c«ÒnßêD&‡3„þ€ +œëû"FÓü2`pŒµmˆ¿eÓÜ…ñ„û`˜¦ÞtFŒé¡«§Dw¤Ø Ð|ѥˇ>¸O”ZC»ÿXéË牠‘¡ê¢¿`%0Y&BÉÕë èÉÀ™Z=JÂ;Ÿž<`7Rl}î=æLiU1FÆ,µ…ì±£Cö0mðåIÍoñÚ¯¥$¯—y0YIXÖ¨=b‚üÁ²„…ŸY¦•ƒZž;¬Á^ÁGŠÉä„÷·>i¿1rIß5w|,e6(öbæ.§QˆËº|Y¬ü¥MNü‚?í””ÌÄ#^aÁ>Ò@Gð°T +öf·0é°?Ëd¦^ŽÃHð0‡šƒ] +'Fîs  ÆÆ;¸Ñ×ôòº +ÿXÆ|>ÕFMä#H‡ƒpÀK~×ÞÔ›ò_ÝW6_@ËfM·Bt«|ŸæóUxéb-¼x¿ S'r úaÖÿ gÑà÷R@Ó”Ið«ç§H0PœÐàA)AqÖ“Câ´´ûì/þò² +’ÈéAÇØŠµÂhÿDáåÕvœú&$$¸dRk7³|ïùêè%=Á‰ÚˆRP͆I{c‰Ç½±ºó÷ÚÍÏòÅÔßc”œÅ„NŽ.,¼ÔY#½Ãg…¸iD?zV!ñvÍvwXÙ}øÁ1-¾DŠŸÎ^訽ƒG•J0) `uŸÕCi 9¶¡ÃÆàá(¾¦gñEmA/ƒ;fx#x%t ¿á +Š)Á|>žX¢ )5õH>{ô¿(Oý÷eÿ×T Bpnð÷µu9ï?Õ¦PNJì|ÙŒÓÜeý¿@{Lþendstream endobj -853 0 obj << +854 0 obj << /Type /Page -/Contents 854 0 R -/Resources 852 0 R +/Contents 855 0 R +/Resources 853 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 861 0 R ->> endobj -855 0 obj << -/D [853 0 R /XYZ 85.0394 794.5015 null] ->> endobj -274 0 obj << -/D [853 0 R /XYZ 85.0394 769.5949 null] +/Parent 862 0 R >> endobj 856 0 obj << -/D [853 0 R /XYZ 85.0394 752.4085 null] +/D [854 0 R /XYZ 85.0394 794.5015 null] >> endobj -278 0 obj << -/D [853 0 R /XYZ 85.0394 683.64 null] +274 0 obj << +/D [854 0 R /XYZ 85.0394 769.5949 null] >> endobj 857 0 obj << -/D [853 0 R /XYZ 85.0394 653.5261 null] +/D [854 0 R /XYZ 85.0394 752.4085 null] +>> endobj +278 0 obj << +/D [854 0 R /XYZ 85.0394 683.64 null] >> endobj 858 0 obj << -/D [853 0 R /XYZ 85.0394 576.1881 null] +/D [854 0 R /XYZ 85.0394 653.5261 null] >> endobj 859 0 obj << -/D [853 0 R /XYZ 85.0394 564.2329 null] ->> endobj -282 0 obj << -/D [853 0 R /XYZ 85.0394 420.3273 null] +/D [854 0 R /XYZ 85.0394 576.1881 null] >> endobj 860 0 obj << -/D [853 0 R /XYZ 85.0394 391.7481 null] +/D [854 0 R /XYZ 85.0394 564.2329 null] +>> endobj +282 0 obj << +/D [854 0 R /XYZ 85.0394 420.3273 null] +>> endobj +861 0 obj << +/D [854 0 R /XYZ 85.0394 391.7481 null] >> endobj 286 0 obj << -/D [853 0 R /XYZ 85.0394 295.8129 null] +/D [854 0 R /XYZ 85.0394 295.8129 null] >> endobj 718 0 obj << -/D [853 0 R /XYZ 85.0394 264.2689 null] +/D [854 0 R /XYZ 85.0394 264.2689 null] >> endobj -852 0 obj << +853 0 obj << /Font << /F62 634 0 R /F42 597 0 R /F57 624 0 R /F43 600 0 R >> /ProcSet [ /PDF /Text ] >> endobj -864 0 obj << -/Length 3271 +865 0 obj << +/Length 3251 /Filter /FlateDecode >> stream -xÚµZÝ“Û¶¿¿Bº‹Á7ÀøÉqÎ“ž/3í8™O¤$Ž%R)Ÿ¯þïÝÅ)ò>ÚLGåb±Øßâ3?>Ó&1©Hg6U‰f\Ï–» 6[ÃØû h‘hѧúîöâ›wFÌÒ$5ÂÌnW=^.aÎñÙmþin‘\6ûó‡w×ï½ysiÕüöúç— ¡ÙüÝõWÔzó槟ÞÜ\.¸Ó|þöOo~¹½º¡!x|wýá{êIéñÓ›«wW7WÞ^]þ~ûÃÅÕm·–þz9“¸\|úÍrXö,‘©Ó³{xa OS1Û](-­¤Œ=Û‹éöFý§SúëhR%æG*=¬gÔ¸™Ô·N#…ìô­ä”¾#êûÓM±«ÛÔ`ÅüC¶ó-9ÿ>ƒîŠzßÖU{¸än^oi0Ûï·å2k˺úý\aBëD:-g}YF+쨞Yhjg|(sYf5i¢¹àƒYŸÐXGÿÜü#¾8ÿÇb‰k'íÈD&<çIÉ%Õ3z訞‘cÌ åøiNB¬êmMYAs—ÄËîêcKc˺ú1±>ÊjM£Ÿ‹‡%X•XÅÕlÁy’j-zšaú~ ÜÙV€$‡*_¢æX¢¬ 4 Í‹0†r—8Ë»^(\Ï«zb*!À‡¬ l–hˆõ¶™˜N:`­y lÚ¬-vEÕ벡çÞ[qÑÀÀ«‰ÉRžXm¢ÌøB>5l·„8FT÷åvKÌ›"ÌvÜÓ3£G^¬²ã6Œ-®„›¬ªŠð²-›¶¨hsàÕo!<ÛMÆëz—-?“6!ê¼úlDz<«„EK§æ\Ø„Áã+øn•SÙ‚ë_¾[ÖǪ-ûìÐÒзßr¤–óùuE$í¦ Ÿ-³¦xu¹PÜžxfÛ¦&ºûMQQJ?Öµ;æF¿`gJ¥Ìxgý"‚õÊý”uº \ÒÛoP Pó»chäu6!ÐìB×&ûRP+›²yÁ—ÊhôÑoÎ^&Â(µÍŽ¨£‰Õ Hx/04!: -††âµ }º­iÛ:ËCÏ&,cYïv~güKggðÒÓW+²ÅÝéKŠœ×¸thY;¶a/µíëÆ@,w¼œa¼"Íp“t Œ±eÈ‹¯¨ÀoŠv2´@ÃœÀbdýXXÇ—â0ÁX£töÖ<4`r«¼¨x½X–¥Î\*/×e›WJ—ëª[Yf} -À1 -ÖÐÑ95övN/;ˆøÙ:~ØÑ´›cèòÒa——ò<ùTR61JñgBžJXzŠã>ä©+È×-1ßeŸI,\Gˆ×r-í³x]7My·Å ’†öNÚù± YEÏâ+äIÊ’06ú=N0'   -ÁË”OüÒúâ:Žjt]主2%%âLç£/Æ=W€) = ŠDâ„_>‡¥ÆÈ ,áÊ9{C°\½e“+“hÃãLO ¾Æ¬éOí}xzuÀ3¨Cë†pÑ”»ýöúøZ,AûðJîh˜ãØ" ƒsHáÿ]pIù)×”­— ÅLa×Bî·IÊ!° ‘kCk(+€ Ûm‘S|bøô±¬–ÞÄ § B”À²‹w½!ÆìÜòÑZ~Æq8¶jU— -ž€÷iÊcAAñ„F5 ¾g ùØ^fUè\.©¼Ã0ÒâÆéëhÉ¢=ÂH^4å)ñùºG‡¸*&!—— A)Ì€a¨¢†µ‚®À€ž? | Uðn°mq¬c ™šg%ÙFª®:ô¹%ÎÐÁm¿TlTEÄäícÐz²ØP°÷en¨\W—.°ÑͱU¶ô$%×þ À"àöR䡬¢'ÚDiq–µ2JZ}.šEˆÖÉYY5±¿ FÔ¿Æb¤É;„#l‡˜¬ã¶LæÂ[Ï͘ù¯®ÿJ­áq…±ˆtÁ8B% ïíÃ>|ä½Êt Êƒ‡Ï@Jq:šã~_¢›€Æ¦˜w,jîX˜‹â+Ôb¿çð¼+h¦,ÏÉãN) ;ÍòXfuìe1x§ö‹„Æg”N¥”£}U–D€÷á‘žÙ¾ÎÂ7ýÓ(œýTSÀ[Fˆj¬WtŒQ,tžŠ¹N4׉åCMÒM.ž´‰& %;„£&DIÁz¶õzýTê -W ËË&Xtß -OšÅÚäUg aòŠžx‚1e.vµ÷S~d¹çÇBßNÁc<4é$O®å¹ -¾8y¾Û…§×S,Q)3ýÒسè6 -{©EbSÊšñþC_.8cˆ]—Ûc4÷±gExùqÈ@ÛS' ·±IƒÑ&µWå¶À„ôzJ"6–ļ@’ï 4Ë*–Ò~“ƒüêÁéX;g"ÞNbÅrª¨¢–`°LUG¿R#ü/EÈx -áQ`§òPϳöŒz_—‘Ý=&ÂÍ#g›àŒ²:Œó¿J„.ªp,K®ÒO̸¡?ªH-_"ŽE׳â8;_eKÄ Ð瘉Р-Ãí®¬ "ï• ÙÀÙ‰(梲¢ðu%<=ÂkCaÙgSh7R(‚×Y.=C"÷‡² ¸Å„‚¶»öˆŸ™e©×cg8Ñ„s<еvþÎWÐ[|Í  .<ì2íD3L•þ™>9 öïåBð!1 -Q–,|››šˆÚgBwàV3R]?Seã“qÀcP«¦cÏ„§Ûàét6üâg`ˆÓßñÈ ÛÿòkT—â%ê0/m×5lÚfG”`G°E¯§*8,ÁöŸ“-&ùþû±ˆ€Ú+.Ü=³ðÿWxP)Ñ»P˜¾DÓVN™:À÷^0´–z f“E@ï]ÝJïT%BÃ_bÃçfl„êZ·¯ßS +Ÿ¦(F·›Pãk@µ "Óî¹ûÖŽ~Ñÿ`âžsÄwpߊ)HgÒ(aÍ´H3¾UTÏÈ0ævºkE¢Þ(¤®ô…+…šÊá¡1ž®_ÀlÑ)–VB‚s†—ÞP—<­ÓŽ~Ñÿ`¼ž1ßá¶ÿ»à•‘<+£òŒ´ÚQ='ň[Ôj¼8à,±F>vq0Ìh.±ÀçIߣºk~6cŠJilÔË%¤`3 cN!Ž·õžz¶Å¿wH¿©‰ œÀ/{@"eú&Û™N Œ‹úR÷ÓÇíPµêóU%x¡çÆ3z?C^„? z{SãÊÀ -çáx—¸_ÐR'Î4l"Á1žÓxªØHã q'•C×ið„¸3@ã©uàâ©SqMž,ž˜"1ýåø ×1¥]añ€Êªý“À鉄óyV¬õ01=âÐÜÊ@10µxΛ#ñâD=v¢3Ž/ôc 2§ÏNœÇ^ižœþœSï?(0ùîØ„”yPHÌP±ðlÏð -9–huÉcÿ½’:Á?CMÈͺÔþ‡ÿ—uú•²x-ùCu‰rÀ$…*£?ÿh0‹þo'àßendstream +xÚµ]ã¶ñ}…½À™á§(%O—ËÞuÛæ’îm€IPh-ÙΖ\K>g[ô¿w†CÒ’¥ýhƒÂ¢†£áp8ß´˜qø‰™IX’Élf3Í f¶Ü]ñÙæ>\ ³H‹>Ö·÷W_½Oä,cY"“ÙýªG+e¾»¹þõþW7÷q/ýý +®p#ÿ¸úùW>+`Û¼âLe©™à…3‘er¶»ÒF1£• +íÕ§«¿D‚½Y÷é”ü"ÎBi–ÂúˆE³‡õŒw“ò6K”TQÞZMÉ;`¡¼¾+wMW‚¬œÌwn¤æßå® ú®©»ÃµHçÍ–&óý~[-ó®jê_/&a*5jÖçe´ÃˆõËÒ¤ v.†~áF«æ@GSÕ0Üågöò‡æØÑܲ©á\®‡ª^Óìçò±EÎA"V3«…ž-„`™1²'i`¦o·€ R›ÁåPK4gÚ*Ãh ØD’pÐS‘²ÔŠÔÍÝ®€aæu3±””`C6õd–¨ˆÍ¶XN¥@ÚØvyWîʺ#ÒUKϽÓâ²…‰7‹e‚Y“žk°…bj%8n~Œ°NÕvKÄÛÒ¯vÜÓ3§GQ®òãÖÏ-¦„€M^×¥ÙVmWÖt8ðꎞݦôóM³È—ŸIšàõ€_sqbyQø]¦UªçBZÆá'ðl·.^uáöÇ/ Í-›cÝ•‡}~èhêë¯8R+Äü¶&”nSùÏ–y[¾¹^haÏ4ómÛÞiSÖCîDzV Ç"1¯8Y ŽRëd|²n^{U†vÊ£,(–ôÎ(õüáèES¢NHT;Úä_JåS:/K3”>ØÍ¥Ò+&mæ¶ùe4±{ ïŠ&e4!¯hÈ^Ø{®»†¶±mòÂC6~Ëf·s'ã^¢žÁ pO_­Hwç/É0Þ$͆š…¾cëÏÒؾlðå©èù†+Œwd8’ñˆÁ· i  øUÙMºˆcxp‚œ¼­íøR&T¨oíc *·*ªÃýDÂîMиSÞñv_.+BY L®ãȧ “ÇjÛ¡£CRð~ÉyCsKÒÏœÂ/Š7àN&ÀŠáakÜÈz¾È'J!%Ê}¼°@Š'fèäï7“Šgb¸}•â$™>w;’è`[iê…f=4ãÌ&JpV² ƒC^·•”€Ò¬ªöå ö ¦üñÂ(Ef}u-À¸»¨ü²äT✊“‹åLj}aREµ®º¬RqX¸Z×qcèd¹u!çÈY 5B£QãË<~¾Fœnsô Ç‚w8 —çЧœ”¶,ÑZ¼àò4ãÙÙ;—ª®!ÜvD|—&¶pÞ_[ˆµà´/üuÓ¶ÕÃH%tvÊέä5=Ëß NR”„i(OéqNsBXÞy9„ÊÓ _ZWàX£D×e§«2"NÀrÎûj8ÑKaAò $ ç“"ÉRiƒÂŸšÃg¿Õày!cB§ÆÞRZ®AßòljÅuÂL"ÂL/ ¶ÆmÒ_ÚÙÐt‧‡öÚ î¢­vûí#Á «ü­\½ôá•Ì A1ǾEBÂÿ;ç’Aæ§eØS¾‚¼dÈf§æc¿e™Ç2Ì\[ÚCUCÊ°Ý–ù'>ôKŸªzéL@žó”‹ÒHFÏ󼋂£ÕS. +©»¬ žMU\cëeáWoè ¬6§3CS¾Sî¨ ¹ÝôÚY bÑè=í=IBøeJö‚d•)fS‘Œ{ßZ2o--ªæ>çCøÐóÀçQ*¸<•…< +͇f6Õzã±Ë5}\ÒŒs¹*ë[ìCµ­ºÇk)'LžÌÿææÑc‚ã…ÐÍ·•ÓN„;»¥q0&>t.”ôãò-¹´Á„mõÏ0µLiHï}péœqØ9fºˆñèxCŒMsÜD—G£©˜Ê Þ/æ´N«Ð"¦Ô +r+s«SÕm⪞ùæTÓ n°Z 83ðY»!»ÆÛ OÀÈ ›‰RtoÚ8soñ8 e|"’ |ª×å€P=‰Avâ%µ "ݸxŽ;éü`_v‡¦öª¶pptÑ× Í=ŒŒlp² ¥ò0y´¦—Ø‚8 ùK2Ç……îÑÆ£ƒ—&®8vÇ g™Œqó™ôÞˆ˜ê’»R>Có5 ,‘·¾È‡¹¥ €\.]y‡Àªs#¨Ž€?uÖÖVÑVá«uLŽ„ûVK½É9 `ʹ!Ï„š7°w¿eܼ¯¹2Í4z蕹 ¥Å‰X…=€,}!N* 3|ZÐ)îÈ¥Û°m5³óºtÁ,KãúƒÔù™¬[ ÿ´^ž1C›}©µH¸ö+{“nªŽ $ðÆõàÕsTäá[SséC¡QÝëS1›I6ISè'i®ˆÓõd»,Q{ÿfÊE1ñ¤_û:QæP¹+#™Í\?eÒx1ㇹ^Î19]n…—ܧžáíÆ!iOµ28ö¯±ÚÈ|ÅÁ\zUmKŒ8ßLqÄÇœ$¯àä»Õ²µ²;d¯?¹ìs, ï'{€X’œK¦ÀÁ„&$X‡ê‰Þ®2˜ß——&¨Òa0ìÕ@…u®ÿ Ñè.°÷MÈ0Ò…ü6y¢y õˬL~'çžé²ö}W2íÐ+‡@)S‘ÍøIAõv,šž`'¯•/1˜ë}$¡Sbçy±«j(¹££‚Iê–Ø /–a·„á‚<] +×ùʱO>ÄÅ8ÓHx_•fj˜`œÑÀÚ€*8îfW„rU‚ºn/}ÃÃP"ƒ™¬¶vþÓ„–¿åPç¢×… e—´š9¶\Å™h,ߪ/.ÍÀÌyż ¼äþÛÜëÔ„c¾È +À¦BöÊIt}JˆèåûœVOûž K·ÞÒ}™ð¿ûG !JÇžŽÿåöy[†·¤Ã‰íºCÛìôŽè›© k,Ìë/Ñ“tÿý”ƒCr7ž¾°ñÿ—{“Œ_ön ¦oÉŒUBAZXc®wæ²D÷h7yLÜ{,LéÝmîN.6ã€ÊGݺý@#,mÚ²]_ZHªl¢¹I_ºPø‹þ™#ºƒ UäHCx¼àFKË ‡ü»O||m°^àaLí|™Š ¹‘'ÀbâÜÛÂr– +iÆ¥3%à6OÈTÅ$äž3ÁñVªåçeñýÆûÓ^R»ÿC@¾2â'±å$zÀÏHªë%.FÔ‚TÃÍ€àPD©§n†-eè ʇËЙˆù +–¨uì©?W)ÃðßN|óÚ÷¯Îÿ’Òï«åÿø±)Ó)ñL¡Ôèß=ÔDâ¿@Ƭÿ——Õendstream endobj -863 0 obj << +864 0 obj << /Type /Page -/Contents 864 0 R -/Resources 862 0 R +/Contents 865 0 R +/Resources 863 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 861 0 R -/Annots [ 866 0 R 867 0 R 872 0 R 873 0 R 874 0 R ] +/Parent 862 0 R +/Annots [ 867 0 R 868 0 R 873 0 R 874 0 R 875 0 R ] >> endobj -866 0 obj << +867 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] /Rect [55.6967 755.8266 256.3816 767.8862] /Subtype /Link /A << /S /GoTo /D (rndc) >> >> endobj -867 0 obj << +868 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] /Rect [268.5158 755.8266 332.4306 767.8862] /Subtype /Link /A << /S /GoTo /D (admin_tools) >> >> endobj -872 0 obj << +873 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] /Rect [378.2799 116.2526 428.5017 128.3123] /Subtype /Link /A << /S /GoTo /D (tsig) >> >> endobj -873 0 obj << +874 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] /Rect [112.234 104.965 168.4527 116.3571] /Subtype /Link /A << /S /GoTo /D (controls_statement_definition_and_usage) >> >> endobj -874 0 obj << +875 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] /Rect [75.273 61.5153 131.4917 73.5749] /Subtype /Link /A << /S /GoTo /D (controls_statement_definition_and_usage) >> >> endobj -865 0 obj << -/D [863 0 R /XYZ 56.6929 794.5015 null] +866 0 obj << +/D [864 0 R /XYZ 56.6929 794.5015 null] >> endobj 290 0 obj << -/D [863 0 R /XYZ 56.6929 441.8384 null] ->> endobj -868 0 obj << -/D [863 0 R /XYZ 56.6929 416.1193 null] ->> endobj -294 0 obj << -/D [863 0 R /XYZ 56.6929 378.9792 null] +/D [864 0 R /XYZ 56.6929 441.8384 null] >> endobj 869 0 obj << -/D [863 0 R /XYZ 56.6929 348.5817 null] +/D [864 0 R /XYZ 56.6929 416.1193 null] >> endobj -298 0 obj << -/D [863 0 R /XYZ 56.6929 276.8275 null] +294 0 obj << +/D [864 0 R /XYZ 56.6929 378.9792 null] >> endobj 870 0 obj << -/D [863 0 R /XYZ 56.6929 248.1435 null] +/D [864 0 R /XYZ 56.6929 348.5817 null] >> endobj -302 0 obj << -/D [863 0 R /XYZ 56.6929 167.2435 null] +298 0 obj << +/D [864 0 R /XYZ 56.6929 276.8275 null] >> endobj 871 0 obj << -/D [863 0 R /XYZ 56.6929 135.7502 null] +/D [864 0 R /XYZ 56.6929 248.1435 null] >> endobj -862 0 obj << +302 0 obj << +/D [864 0 R /XYZ 56.6929 167.2435 null] +>> endobj +872 0 obj << +/D [864 0 R /XYZ 56.6929 135.7502 null] +>> endobj +863 0 obj << /Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F57 624 0 R /F58 627 0 R /F14 608 0 R >> /ProcSet [ /PDF /Text ] >> endobj -878 0 obj << +879 0 obj << /Length 2414 /Filter /FlateDecode >> @@ -2499,84 +2540,81 @@ F L2.­_èÁÀ:÷¦é‘uèÍóùõš€ ÀãÍ…øl‘Ç‘LUª½i§re2×OHZ$§yvRb‘ë Ì1ZíKLý®š´?LTw‹DDq}Ù¨wœ¨ñ$4ŽyvÒN‡ùce×fWõþÔö™Š™!Ðex†QÔ>͈á»Æ5Ïh£+°¸ ‘,&‰òÂI¬VПĒî»Æ+-øùGˆÚŽ…8ÆM˜œ‰®³€nadAwUÙ9Ò°wÁG^lò¼m=Š!o¸7|{˜ˆ;fÛ9 ƦÕq*sÝkŽœá›VO+{ÃtH-6ÀÜ,wíÐ3d: I´^lùžÜb©&r\±÷wlüN‚æâµoÄ[ û,‰´'Îèt‚Q½Ùöœöô|÷€2H°¯¢ÆYQ£^½6$VæîÐôæO[êðÛ-Áw*üçDª&” «ƒRa¼iùDœÔƒsM9 G9î‘lœz|L5·’žLnG×'Q壔z"TàÓLZä^_‹Í7ß[""êa’|›{|YEfåŽÒãªÂGm•J·Hpñvë©:MœüJéñ›ÅÙK]Ûå(õåŒ7­ÏŠ^˜mcC)×-;-É+ Þ§ð @,Â"¨›òƒ*Ÿý^âC»c¾ Ë­6_løNÀ™n”ËA‡u¸gÀƒ Í×Íy‰$AпBli6ešú$ë+`X®w]Oke³¬vXf"Øøýx˜9n‡¢ƒžŽSÿ‡ÐÎ:‚A0ty•p‹Üä* ®¾"€«MqÀ‘ç4æ)ÏçLøßó¿{ŠMÙßÜÛª×\°fuW™-Í}CŽã¡÷/Ò£ãä;x ô6¸nìmn¿úÔŒÂ/«˜¬ÊnÉX\ìÓÝ@ˆñÈG'0$üR4ñ‰(\ó»?H¿Öiˆóy.§¿5©8rYdž(TR§”_®ÎIÿ?í ;«endstream endobj -877 0 obj << +878 0 obj << /Type /Page -/Contents 878 0 R -/Resources 876 0 R +/Contents 879 0 R +/Resources 877 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 861 0 R ->> endobj -879 0 obj << -/D [877 0 R /XYZ 85.0394 794.5015 null] ->> endobj -306 0 obj << -/D [877 0 R /XYZ 85.0394 662.5434 null] +/Parent 862 0 R >> endobj 880 0 obj << -/D [877 0 R /XYZ 85.0394 634.6304 null] +/D [878 0 R /XYZ 85.0394 794.5015 null] >> endobj -310 0 obj << -/D [877 0 R /XYZ 85.0394 376.1585 null] +306 0 obj << +/D [878 0 R /XYZ 85.0394 662.5434 null] >> endobj 881 0 obj << -/D [877 0 R /XYZ 85.0394 345.4362 null] +/D [878 0 R /XYZ 85.0394 634.6304 null] >> endobj -314 0 obj << -/D [877 0 R /XYZ 85.0394 136.7105 null] +310 0 obj << +/D [878 0 R /XYZ 85.0394 376.1585 null] >> endobj 882 0 obj << -/D [877 0 R /XYZ 85.0394 113.7908 null] +/D [878 0 R /XYZ 85.0394 345.4362 null] >> endobj -876 0 obj << +314 0 obj << +/D [878 0 R /XYZ 85.0394 136.7105 null] +>> endobj +883 0 obj << +/D [878 0 R /XYZ 85.0394 113.7908 null] +>> endobj +877 0 obj << /Font << /F62 634 0 R /F43 600 0 R /F77 703 0 R /F42 597 0 R /F57 624 0 R /F56 618 0 R >> /ProcSet [ /PDF /Text ] >> endobj -885 0 obj << -/Length 4116 +886 0 obj << +/Length 4109 /Filter /FlateDecode >> stream -xÚ­]sã¶ñݿ“—È3C|‘`ïéšÞ¥×6—öê>tÒN†–(™=‰TEÊŠÛéï.v’dûÚŒ.@`±»ØOH\§ð×&K²B×y¡“ -s½Ø^¥×kèûîJð˜¹4úõÝÕ7ï3y]$E&³ë»Õh.›¤ÖŠë»å³,‘É ÌξýáãûßýåÓÛ›\Ïî>üðñf.M:{ÿáï¨õݧ·ßÿöÓÍ\X#fßþöíïÞ}¢®Œçøõ‡¿!HA “~z÷þݧw¿}wó÷»ß]½» {ïW¤ -7òÏ«ÿž^/aÛ¿»JUXs}„—4E!¯·WÚ¨Äh¥ú…«rñÀß:= 3ym/nÂ¥ ”É2*'0kOíjFÇ''Ýr.9™J”Õ^rÂþÎeGƒ:^ÃnÚ5Mp…•Hæ‘ŠÖ‰zYΉ6æEÕ©’|PçLIXD²/ÝÑ„ùhB³`÷åâóaGл¿Õ@×h³œ€I™':'ê’táhÂøÔñ|‹­mHC0d HP[¨Ù{wê\ý -~ãÄK€ZY””¢.h[Ç£”žŸ«jG½Š§Þ,é}´¥”%0õŠ%“£oò1I  i–{Êo€òû.A>ž“OˆàX:wföC×Së¾BåFê ßk†ãqÃ'Ijz?TÖ€O""å(Ê[?yà -+ômd¥,Mr)# ÉØB`”à±·‘ÙÀË<Ÿ,ýŸ°&’9•MÏxt/0@ëWmº8–¤ÜΧ•:)´Ê_#™LŒ2z´'™çSN Î •¤Ff¯$Þ{8Rª³¿ÞrFŠ-'c‚®|Š)6øÞæêT±¹/³9QÝ3WYž€°'Â'Skö‘´ Ž´ö -`Ía{Þ$Ýј_9!ÇÁégèŽú•9ðA^`ºú_1#¶~*Ò¹4¥c¬Xv]»¨ÉÕDø±FsŠ=Œ¨fý Ò·¡»¡Ö‰¾ “öš kJQ˜$Íì‰ã³lçªf¬±Å^m.:©÷•›Á¬$\»úyQUËîäúYÖ ïòQKÀ£©ŽÔ€ -šV‘_Ø•. •óz‡•%‹*|ßÆ$ã—ÜšWÐ[$²bBp”B™ãÌn…m;^wYö%G\Ô<=±Æ䃪”¼y|¢\õNñߦRŽ°A§ ‡¦¯ùË®Ýro{èçíj~OTÀ¶Â¨ªî¶ôJ˜mº°çù÷7¦DUØ]ZÑãBÂLcÊfªÞ‚CÇAgùs½=l½sÊU¯zçLÒ÷ÕCùXû˜öbòÀÈqÜëšk9ó8îòcDS¾#šÆ8Uu2ǹ´ø}™|Ù˜Ú -ÞÑ©JVæÜ“ˆžrPdS©ë~q„æ"Ï€ ÚN÷"ë,ÅtËO8ü4ÿÛQH*ˆÆR5åçªF"á ¯øSô®¾"Р22 -+ðAüÀ–L·ob2²Û×M?§(Ç=U]ÔTÒ¸!m5;¢ûŸ7´ßÀ>k$ np÷ÔÅ}U†¥rKr”[’Ót8o$Çy#Éy£Q/¬Ý»@ÚèÉÞ =š}ð³pbâ°å¼)8×¾'oÆU¹¨75¨K—|@IÁ?áüQqšÁt±.\¶ -Ÿñ³›$Ó…~‘`2‘&óqÀ¶ä9wpâ0““f³ß7í‘¡„n_;MïÞ‚DØ¥MR¨p‚>Wû&žLOC¯©GŸH!1ËäÈÂ×XÄDÓ»ŽoÀKwØíÚ=0ðJÆ5|œbp¿/9ÃáÎ`vÎPªÙo)¯ZÍseŠÁu{ξÛô$M k€Å^n½q}H„úgZñùÀ)vð”s0³ÙI É{w½bgW¯7ôŒ_,ŠÜ¨Év’EÛ¬"{2 ¥˜˜`œ™M0Ö¥\>Ô®Ô½\= Ax¢.J/¨#ɸ„yDËÌ&¶È§ -þ9É&”¬ƒbÉ2檣­ eÇ„T¾vaRŸs-Þgq’êÙ‚~õºá’ó=ƒ3MñʼÊë™PÚÔ&FxÃ0`efÇvÿ™ÅsSŽz<‰¿ÒQøº£éÿ&¥‹×î"À·[êÀ¼Ï®§¶ç¯Ë°<Œò´(t @÷Œ2%¤°ÏUEÂB­ÇEÑ!‡CyÇL'EnÕiÂg_Öë\]$-ðDAW£<€@¹Š¿öàpƒÖ¡ãùÏ\W››¡så27jöý {` e1NØøÀ¡üÜTeÇMá*%`t;äÛÐ\×ïeȹ03+tLÁ»@žå¸Ú@àC¬x¦ZýÆW¨Ã®F1ø¿Úûù’˜@$y4ëèÑÚþæÈÅb¦I6áðå¡Ò¶¤+Ðî_êÏ5UsZ ®k@"l6œÔçµ¹IT,Ôp|h~¢†Û—;ÚÝ?è«ý¶nxGw °Tlú]éÁ÷]Ù¡â$EìUZŸÕë(wX?¸:¼ ’¤Êõ¨$©Skâi(Ÿ+*æëq¡_ì ¾Qâ -†Žî  8vG¥"©•/EK:Åàóy×b!S¤CD¸Æš4\s¸?ô„™Ä86g£_hp¦R3µfë¸TA ‘ÛPž¡$Çrß ÃÇhXØÔ!oTÇSȉ‘J¿N˜ô8>óIE÷b°)Gg;ðl"ôÄšLõ›€LçÏ_¯‚Ðܪ ò½R¼¾—zS/ªø¥(pÙ1Çö°aÓà’|¬·½"ŸšŸñålZU?³B¼ÝÆmË—UÈÀ§ -Ûé—Õ~!’Ò2&ÿL1òœŠ“ä_°+Æ÷´Ø©0ÅÐÛU{Wý|Í_v=œ¾IFƒ;Üøž¿éi­r‹N‚²°Ir'‹Yx6½«rN[*OT;Ùh+ùv¨v¾…b}nÒÊ€¶ÝÜ+ X? UpWÞ²”Ž„‡¿ÌÁ5Àƒ» -Ÿíè}¼¾¥°.`P…äü §›×Ã:ô͆¦f}Ø—óXùsQ8‚ãMäYr êÜðKµ@½®~äñc<àÜ~’ÀáövqdHZÿïd÷vY¹è• -£Cž Gɦ¯7í}‰âd3¶^Ð w7JŒÊ¸ -[•=q0÷¾*tý‹´[ë8ªö6ŸÒ¯¹ä)Ø°psg›ãt™šá¥*åUë¯ Ž·UÒcׂù©¹8Ž§¨½4³23_–÷_ŽŽa$–àÀ(=D8t6öÍr×W€€û2j\µN¬åQwgF1gá«ÀÙ<œÍ‡ÞÐä5€&Õl±éøêmé9–>ëoKæv"|ðʇWû¦âA`‘šî[C÷ÄÝí¡g¨¡ - \ U5$B¨ûÚdg±Íâ(•oå@-Íì-ŠbztìبYKšÀzÅoíH³>ûb-é8;œŽÏÜ1µL(è‘Rd,/¸&õÐP¥&oˆ÷pRêËzãÍl{èw‡žë·ß’ùò)”|évÕ¢^ùK*#*ç…/ùjãxN1»=‰YÿÇÊœé3åMB¡^üäÖù‰¥ðõÎUÛ~-D Žã]¸’ç›KÿëP&Á?cDþ…‘^ûåÿïÿ| ˆÑy­ŒÿCb’œmnIé3ÌýŸCÎQÿ/›iendstream +xÚ­]sã¶ñݿ“—È3ƒ/’`îé’Þ¥×6—öz}è´™ -Q2{©Š”·ÓÿÞ]ì$eÈÖµ7Á,û½¼ð'¯Ó,É +U\ç…IR!ÓëÅöJ\¯¡ï‡+Écæ~Ð|<ê»Wß¼ÍÔu‘™Ê®?®FsÙDX+¯?.ÿ6Ë•ÜÀ böýOïß¾ûá/^ßäföñÝOïoæ*³·ïþð†Z?|xýã¯?ÜÌ¥Måìûß¾þãÇ7¨+ã9¾{÷þ7)èqfÒoÞ¾ùðæý÷on~þø»«7Ã^Æû•BãFþyõ·ŸÅõ¶ý»+‘è¦×Gx‰, +u½½2©NR£µ‡l®þ|õ§0á¨×}¥Ÿ‰Ò@«§4:FÀ´H2­´#`»ëë¶)7›GØšÎgå¦k±eg›z[÷ìï+‚m«®+×A»ê¡Ú×ý#‡·^ö<Ö†ÝñGåbQíújIýw' ,î˦ñóü]¤"ô,«UyØ0Bu‡”‡ýÄ(›2¢àÆêfÕò 1¤M¬2Ó XAÞâ¨ë¹1y’ë¨(eR¤ÐÀe˜j™ÏŽ÷ ²§—¾¥gÝ,6‡eE/e%)ÓÄš”WkÊ-lü)NZ$E¡=âóuÕTûÒÑÈ-Voy…®/·»[hkCCàF®Ûý#½áŒN³ü¦e|‡“Â7>)lz +; +H“%VÛlJîÀø@w÷lZ %\‡§¾”Í#6qÓ +˜VØÜM÷‘V;¥r¤(<À5Oɤd’gšÇ,«®¯›™-²ÙbS:D @š@³#xé8€Ì» '¸Û@ˆÓðëÀƒm èøÞ—u·(÷7rù +¨¨pó~†²÷t”°³Ö± ±˜!ÖÅ”¾$€Lמ˜£ë=Ór@ ëæžmU6u³ÞÀ¶>ƒÒJ$Ff6ð¿P›*.&R¥YŒØ:O±uŽ!¬}GÄš8ÊãŽÃœÌ°¤Ðñu 3›ÍÞõüiÙPï bu*©dz!à¨KãÊ9Y–¡=ç„ý=å`ó,Ër¸i×4«G—"¦G É*k"ë +¦Ñê%Ýi“k¯9ˆ”¸ñd_¢lj'P(›ØCg„­»rñé°£þá¼°§] ”p݃ \ƒJ%ò=‰¦LçŠtA6 “l©uĺž @®ÏóÙ[§¨\ý +~ƒü¤žÕ+‚Ò Acq߶$vŠåIÍ>UÕίCkó€v³¤Æhk^¬°¡': ÍG¤§²³…‰<ϧÇ.Ež§ž9ð`MN ÒÎþqèzjÝU¨ãH‹á{Íp”:|ÃF°‘pÒY.Œg«€M"#øäLjîyÐOÎÆÙVômd¥ œ¨<²ŽŠ­6IË°í§“¥@@©§“ykßí§‹ ‰Ÿ+hÁmH'ç7$„TRnº# “vŠîé´*M2D[¼Ì™JÀéþÂØ‹—°é2`SþzSÛhM2,ÐèÊLjҙkP;0ï”÷GÚìü¡q†(ªl‘SxAð¾ùKÐðNu‘z:Û;ô,±í <ý‚¸¤w Žú˜L:D¼dWÿ+fÐÁîgiÒ¿4gí¥®k5ùˆß±FÛ:òŒ2ÒåØ Áž³*D'n É>¸' +Q¥){‘h³]Ô­eÛTÔw ß± ” Vºï*ž%óšÂ«_UµìN>¬›e½à Á ¤L‚ ÏÞ·4Â[l-Ú©8^Ÿ €¡– _àÉ>ò«àþR£úµF¿iMoD¼Á–Lꮽϟ•;ØÙòŒÕ>ë?Û`Ïs€ÍÒSÀ(`Eq‚eÌ:nø nÁ’º}ØÃLìšÎº£Kå(Ôû{Œ¥¥"÷Bæ>P±ƒý Æ#Üò'çðA natbÞÎÀËÈóìe÷@¦aÓÎ= 嫳$çcÊ´]ß"3h`C—èäàÅI±¹NÚ  À§6ÅËà„– ˆÊ+*C£ÔŽÈ•ÊNE§‹ª¢ +(Ö=r¸HIc@Wàph´Nx^§o‡XœäZèDgö$"ñˆæÐR’ ·› ± tò ˆûú.€ïÚþ‚£kå‚x4Õ‘°QIÓ*ùõ¡A=X¤ÌTÎyVV̪ð}ãŒer›^个BÉ ÁoIa4-­°mÇë.˾äh “‹lª6ØäÙãùªw^‘  Â=ï¹—¤ ‡¦¯ùË®Ýro{èçíj~GTÀ¶Â«î¶ôJ˜mº°çù÷7¦DUØ[ÑãBÌLcÊfª ƒfç´üµÞ¶^‘r•Â©¨±Zd]YÝ—µoÏ&¼ÇÀN¡¹–3ã.C” ´=¿p ñËþoG!¥“Ó’“ó\ÕH$ôŠÞÕWT¾izÐy`K‰í«ìöuÓÏ)bÅqU÷*fWiÜšŒGÑýÏ« z!è ÏÉÔ†ÔG÷ØÅ}U †¥gòLj”gRÓÔØSRã’b/pÔ k÷b=Ù´G³w~NR¶œ£Rì£9=Éß³+¦g«rQojP—. €’<0‰ʭ<Íæ ºâ[ŸøspðMa^$˜JÀò±Ö¶ä9w qߊlöû¦=2”ÐíëŠ#moA"Çe vÒA‚>Uû&ž§Ø4m‘()=rprûX¶ d5ËÕ¥³lËz× +& {vÏËTulGÎ3QöRdÊØþsÈ\¼¥³‡«lL”_:Ïf¥¯NžÝÐܳ +ôu&Úܘµâ9”ÒDJãùöpXìb³¨$³Æ¾4‹wûèaç*½<+Py±S/Ð÷0—δêwçè,䥓lÚE¹‰EÑ +X0ê³æ‘ÿû<éxõ…ðÑ_hó…ö•~!|²Ø<D9!euÖ1YHߺ©ò Pš«Lc~ÛEl: Ìõ™³Ìéë-r¢é]Gˆ7à¥;ìvížs rFÆ5|Œ b,Q†ÃÁtÙ­g¿¥ÿieÌUZ ®Ûsö݆ròÖ‹½Ü0zãZ‘ µ".àóžÓíà)ç`f³“@’÷îzÍή_nè7¾X:”yª'ÛIm³Š¥_A%*91Á83›`¬Q¹xpp¹dìo¼"PI€à”@ûx_»²ôr% €<ᑺ\†™A9HðÒ®b^f6±E>Uðϑʃ6äºúîO’x´À?¶ãê¹MÝ4ª8Câ çÁîcB ÐÁš(–/c®:ÚºP‚\AHÅ!"¯Ñø–o‚³8IõlA¿zÝpHÉùŒÁá0Óâ¼’Úë™PæÔ&©ô†aÀ*Ûý'fÏMý)êZð$BT|¡£ðuGÓÿ])¯Ý;E€o·CÆŽÒhi8_—ay$Ø‚xØø .÷GOJHa_½"3µç醷3“¹Õ§ Ÿ}Y¯ïquU·À]òteäªÿnؽà Z‡ŽçâºÚDÚü3+—¹Ñ³ÝKxITÅ8aãg„òsS•7]„«}” €ÑM 7’nj@s]?T¼—!7æÂ̬01ïyæãjÅ3•ëW¾Zv5ŠÁïøÕÞÏÄ<"É£YGÖö·HÎ6äÂ&6áðå¡Ò™cN× Ý?×%žªì6´@\×GØlÔçµyšè5>ãËÙ´ª~f…Îv·-ŸW!Ÿ*l§_Vûý™Hʨ<šüK‹‘çTœ$ÿ²€]1¾³ÅNEZ ½]µwÕ/8¯ùË®éà[e4±Ãïù›žÖ*·è$h ›$w²˜…gÓ»ª!ià´ u¢ÚÉF[E7}¨v®¶ZŸ›´* ‡m7·ÅÊÖHÕ#Ü•·,¥#ááotp ðà®EÁg;z_ÀYßRX0¨Br~‚…ÓÍëaz€fCS³>ìËy,‹Œçs–8‚ãMäYr êÜðKµ@½®~àñc<àÜ~’ÀÂcŒ]R†Öß<™ø½]V.zU\Ë÷wÁFÈCD²éëM{W";ÙŒ­4Ã=N„ÒAe\…­ÊžN0÷¾*tý‹´[{n44dBóÌaJGÌ*;µ|ÿºKyÜV@u}¡7Ša6`˜?¹žÆþwÕ“j­êáv­»I0Š=ëH® Ç”¡‚N_Tõq¦wPé¡Ný´æ’ °a©÷Bæ±¹1NW"nTê’Q^µþ +áx[%=v-˜Ÿú‹ã(½@íõ ™u:óeyÿåH #¶F›!Â!ÙØ7Ë+ }5®Æ$pÄ(Ñ™¯áÃÉ¢Æã“M‡ÛÞiá#µ‚sK‡:V}cÖ˸ê‹ÇœØóðÃÞ¯v¸`IyKš’n\Ï“,bŒðÊÞ‘€«þ:¹xšº:C'«F׉T:{M"QLÇŽMšµ¤¬WûÖŽôjás/Ö’†³ƒÌptæ„Ô2¥ ?ÄI‘±¼àš”—-†5ùB¼‡“2P_ÖodÛC¿;ô\½ýžŒ—O „ÔK·«õÊ_QÁP5/|Á—dÍI)g·'1"kÿoÏ\:> endobj -886 0 obj << -/D [884 0 R /XYZ 56.6929 794.5015 null] +887 0 obj << +/D [885 0 R /XYZ 56.6929 794.5015 null] >> endobj -883 0 obj << +884 0 obj << /Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F57 624 0 R >> /ProcSet [ /PDF /Text ] >> endobj -889 0 obj << -/Length 2466 +890 0 obj << +/Length 2474 /Filter /FlateDecode >> stream @@ -2586,34 +2624,32 @@ x (Øw]´m^âB¡dÂ6Ê÷ÖåàWe³ö{ΰDVLˆé·n·[»f1jˆ1©Öú]yœ>“þÑ®ª_9— ¸SŠÊRf2ÎM²Œ“C È1ý±Â#„(ÁTšþØŠL…¥‹ä~ïTkœ'Iƒí˺>ð±þÈWp¯¯š•!2ÃR9²ú•„”uß^'Æžž$Ðë @¤3¡ Áá”RqË)g*ó™vV€gÛvÇ=YÆòL$àÄŸ¦pÃåÜ'(~ü¾·ý`×(<#‚¥At!ªsŒ¯¹/ yø;n{¢KÞð|ï·Éðhí¬~¶Æ(£L–\WÓ€ˆãHI“ƒJ%3˜f¦rãHD)Ë…™ÈˆoüŽM ‹“…ˆK!§¡ ¾B¸¥ ýBœNŽrÀŸF`uï!Á—i‘%w1›“ª`JféŒÇo²€„[i‡ªmzODyœ? ÁuM+—ODÈCXµ»{>Þ~éC'½ÒÅ™—:[U:(We`ç‡òØÔ)`Ž\ëâcøKV»›¶®ÛƒK4o)gÙî5ЕsT2's &°Q CËáYòÞ’ýú=5eCïÙ—»ÇÚo&g‘úzž …×9Šª—Êô³šù²8× f”r¤kˆæ5Ýž-PÝ€þ±:œ&i–×ö~ ™–_.3Ρ_sýZ?dŠ [ÛØ®¬A–øxÒ´Cµ²á«Û7 Ê=ZúLº›H)S‚3 êÛw~$ðÚbœ§LÐÕX,àé²ë‰ò¶ˆ+ŸžØ¿d²àA|PJÀùHÈň¨2êEO(×vSîë@g#[Cúð(š`æ“šä}{ 0˜è‘nb½/(&Mªç¾àYðeþ®m¿êªûÜœ×É"OY&eºÐêLˆyX±Òf·]ÐâvRâŽç—Ó ®Ä‰á)^$ð'»B£ M‚„HÁä9Iš™âÂÌHzRk§ž!ä)6$„Å \h )“gî‡lÙëñŸ>ã:ØJ¤bf€™B¦Ç֥ݵͷ`÷ ÿÕ+÷®°ºsw -çtž:5 Ϧ\UµÏ6ÀÀü¨<+lñBÕlÚ'Ô´M}<§ âI;¿£FΨ)Ãå‡j‹ŽKD)L êŒê{œ»;¦Ÿ—º/­?+tB¸©0²â¡oœ“2ˆ1ß §P­œ8=Kv.øñtàôy>]qèÚî_Χ½U†îK óN'\ýЬÈ5Õë|™è€ -¨\ǒ¨¶Í†¿ôtµ9£>´4Sú¡ì»þ×vÍ1½Xn^xš\~aQ{{ôÝÙE„Q;Bõ‹þy5­ö]g›!XÓhET1ESFóK!a¢Ä/…w ¹ÌŸ˜ccDïÿožüÕÂjöu=‘È!&ãÀdŠ!?Å”Ÿ¡íû@Ñqx}­õê[l)9Ïâž7=š@×”¡4ÆÐçF2i¨K¢“èhB’ÿyêUºˆw"WL¤Ð~~ÅJ²Â`ãQ-GŒË)Jʉó¶M° ïLjLô‹HE#™VÜÌ»Yšñ¸ ÊsßgÄ5٥ߦj¬}´kQ\Û†^Œ7ª d§“ÓëýÊö~/ ³àüÁµ~*´~î­Ù ÆéÑ€‹“îå„1WsøiZ"5mó*-[,¾On†°ÓíBk~òÐé ¦¤,6k))Ð3•‰iÍèÌS)cíaL¨.+_#ù期A!å¸B¯¢òÒ5"dÙ9¸˜Ôóšæ€PËZ."à¡({h ^RCRÇ=¢¿BUaU¤Š™BV—ûA)tÄ!r(¡×ÛQ5Á -í3A¶àÓ¢£º·n¦:6Cψ<—EðR¯ÄÙk+/ê‘$´VšåÐy>3Ú 6Ú<à|ÀÈçzÅ´6b6~Ó¹s9šRà¸Æp¼e˜¤±‚ü|óýKZùù¡nÚÍv‚ ˜Ñ©L­q§ÑǪ:Í@Ú,5Eþ—Èó-WGx;5ÉþÑ‹¯”P›Ï£46Þ~TƒF ·¨Itß4¦ñÆÚ¶ÈI®ü %?èW~äìæÊH]¹½c»§Ec­ÇI~Wåã°»Á\ù<[$/7™á'»}?Léóèh씎îŠë0œŽŽ¼]øˆ{ÄiŠ–Û¯u(ÍOž£y0î½û(|`à€—A°æ@Ñv_ˆu>¸€ÆeªÅ<¸|Ä™¥ó¼Rd§”0r-Œ-ºófÊ_ÁÙÖ¯Ýð¦ÿJoà˜*Å1ÕÞã"­Ì.ãê{‘tôåÃàÜWõ°tñ/œ&pè$›qæÑ›Ÿàc€Åªô²Þµëjs< ݧÞ_óIï÷þ¨›úŽP?bªB² ÿ ˜Ð:}ü¡ü4>4 -è3ÿ ƒÂÿ…é§ùhKÿóÊNÿFLs¦Œ‘ñÆÒ 3‚Š' -E«ô9åã¿Ôž’þ' µ[Bendstream +¨\ǒ¨¶Í†¿ôtµ9£>´4Sú¡ì»þ×vÍ1½Xn^xš\~aQ{{ôÝÙE„Q;Bõ‹þy5­ö]g›!XÓhET1ESFóK!a¢Ä/…w ¹ÌŸ˜ccDïÿožüÕÂjöu=‘È!&ãÀdŠ!?Å”Ÿ¡íû@Ñqx}­õê[l)9Ïâž7=š@×”¡4ÆÐçF2i¨K¢“èhB’ÿyêUºˆw"WL¤Ð~~ÅJ²Â`ãQ-GŒË)Jʉó¶M° ïLjLô‹HE#™VÜÌ»Yšñ¸ ÊsßgÄ5٥ߦj¬}´kQ\Û†^Œ7ª d§“ÓëýÊö~/ ³àüÁµ~*´~î­Ù ÆéÑ€‹“îå„1WsøiZ"5mó*-[,¾On†°ÓíBk~òÐé ¦¤,6k_<¯àF( gål2èùòiýè’ÍS‰cbL¨4+_/ùFŸ q!ý¸¢¯¢R‘R5%4çàÐhçy6/p®q…=à…8éÂ~Ž²‡á%õ4¤Ü#R`ñ+”x^Eª˜)D˜9-÷&ƒ†èˆCäPBã·£¦>jš‰Ú§‚:ÕÁ/æHGµr:Ü€u쌞‘y.‹à²£F'¯­¼D¨D’ÐtI°9ôBž6ƒv8,0ò¹FB1­˜ÍâtîüF8»ñóo&iì ?ß|ÿ’V~˜c¨µvƒžàfô0SŸFÜit8¬£"³®YjŠü/‘†]®¨ð†j’ý£_(¡PŸ‡l"Œ¼üÜnQÇè¾ifãµm‘“\ùJ +ŽÐ¯üüÙ 7”‘8Çr{ÇvO‹ÆZÿŽ“&ü®ÊÇa?¶†¹òI·H^nLÃO(vû~˜ÒçÑÑ *ý×aR»X÷(HjÒ!$,·_ëPšŸâÓy ^)²Sþ@¹–NÆ~Ýy3%„¯àlë×n’S„ÿ+Œ7pf•âÌjïq‘Vf—q¨žH:úòá pî«zXº‹Nc8t’Í8ŒèÍsƒ1¸àe½k×Õæx»OƒÍ'ƒø¸÷GÝx„úyS2OøÇÀ„Öéãå§ñ¡Q@Ÿù×T1øÿ¬HsÍG[úŸÿmvúŸbš3eŒŒw阙Œ„ â‰BÑ*}Nùøÿµ§¤ÿ ²¼^÷endstream endobj -888 0 obj << +889 0 obj << /Type /Page -/Contents 889 0 R -/Resources 887 0 R +/Contents 890 0 R +/Resources 888 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 861 0 R -/Annots [ 891 0 R ] +/Parent 862 0 R +/Annots [ 892 0 R ] >> endobj -891 0 obj << +892 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] /Rect [173.6261 554.783 242.2981 564.1926] /Subtype /Link /A << /S /GoTo /D (the_category_phrase) >> >> endobj -890 0 obj << -/D [888 0 R /XYZ 85.0394 794.5015 null] +891 0 obj << +/D [889 0 R /XYZ 85.0394 794.5015 null] >> endobj -887 0 obj << +888 0 obj << /Font << /F62 634 0 R /F57 624 0 R /F43 600 0 R /F42 597 0 R >> /ProcSet [ /PDF /Text ] >> endobj -895 0 obj << +896 0 obj << /Length 2361 /Filter /FlateDecode >> @@ -2632,307 +2668,316 @@ G2 wT. Ò­‹Ì}™!ü ®Ñ!¾¹›W&ˆÐ·ˆC™ º3&Ó¤¹¦<ä <&±ˆÕþ—¼5Å+v¨aFó܆/*±»2‡î"…nÏBH(^ð«R§% ¹Æ(™mªV$9} ìæ§f劕׾ÅoüÀî».æ¶ÿ«^ã±Mk׸e©øÜ«Þîßö©/óÓ¯I™N¡¡£'")‹a±ö‘´4õcµútÒñoŸ¡Pðº&åH´lïåN> ö«…LO@¦ᜅh¹œ‚cœî66óIs“„sŽÁÕÚÇ· —T/a¿Çá’)áZ‹\ïu¿´ñy¼}†/ÃERèG bF¨)áRÇ}?õ ƒ“ŠxîKv¿º‘1IÒª7»¡?=€ú^ B?ùÙKó ”ÀÕÚúÿ5‰¨Dendstream endobj -894 0 obj << +895 0 obj << /Type /Page -/Contents 895 0 R -/Resources 893 0 R +/Contents 896 0 R +/Resources 894 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 861 0 R ->> endobj -896 0 obj << -/D [894 0 R /XYZ 56.6929 794.5015 null] ->> endobj -318 0 obj << -/D [894 0 R /XYZ 56.6929 769.5949 null] ->> endobj -892 0 obj << -/D [894 0 R /XYZ 56.6929 749.9737 null] +/Parent 862 0 R >> endobj 897 0 obj << -/D [894 0 R /XYZ 56.6929 433.0023 null] +/D [895 0 R /XYZ 56.6929 794.5015 null] >> endobj -898 0 obj << -/D [894 0 R /XYZ 56.6929 421.0471 null] +318 0 obj << +/D [895 0 R /XYZ 56.6929 769.5949 null] >> endobj 893 0 obj << +/D [895 0 R /XYZ 56.6929 749.9737 null] +>> endobj +898 0 obj << +/D [895 0 R /XYZ 56.6929 433.0023 null] +>> endobj +899 0 obj << +/D [895 0 R /XYZ 56.6929 421.0471 null] +>> endobj +894 0 obj << /Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F57 624 0 R >> /ProcSet [ /PDF /Text ] >> endobj -901 0 obj << -/Length 2759 +902 0 obj << +/Length 2754 /Filter /FlateDecode >> stream -xÚ¥koã6ò{~…ûp -zæŠ/‰Ú~J7Ù½»Ù^’´E¡ØŒ#T–\KNš;Ü¿)K¶7M()r83œçáðI ÿøÄhËLMÒL1s=™-OâÉö>p3 @Ó>Ôw·'ï>&b’±,Éäö¾‡Ë°Ø>¹ÿ}øçÙ·קS¡ã(a§SÄÑw—Wç´’ÑðáëÕÇËO?^Ÿ¦*º½üzEË×/®/®>\œN¹ÑÎ áÀ—Ÿ/höéúìË—³ëÓ_n¿?¹¸íîÒ¿/%^ä÷“Ÿ~‰'s¸ö÷'1“™Ñ“'øˆÏ21Yž(-™VR†•òäæä_ÂÞ®;:&?sÆ…–¸gOÍaºD#º~ʵfŠ§»t§\¦Lé´’pÁ´‘i§Õ× -W’)õ$ÕK¤N-¿o캰 Šàe“j•„»YÙYqÿL2}z°ëSn"KŸ‡ûhêM9§ù(ëÅÂúµ¶fH ÐN9È@ká🵰mDÔ´ùºÝ¬þ_YÔ ÕŸãXT Ún¥áÑ,oí¢^?{ÆÕ1Ó™0žóÃ7” ÓÚ¸§¢,‰H^65Q±ÕÔ1 úJ×<2ß•ÀŽ’$‚gšâe ä?6Ui›fŒI!XÊEÚcòNŽp©4š{¸zÕuE¸ò†&wÖVžÍ$…s`žMr½NŠv>*û['ÔÔ„[àyq[µat¾ª×mC m88+ €û»_¾üƼ5šÏ½©ð¨qûY”Wó16ñéTŠ8ª6Ë;°0ðhôrXpâŽçÐåK f"%’Ï7®"n7iŸWÖæÑ¥Gëô: LòÜKÂì»E‡”.‰«×v¶Y7Nüøyn›‚NÎ $,ó…Ç{Tmiòs¬ãoÆ®]܃T²!ñ:qMi6LTÕmX¸‡º8¿º¡uG̨èĦ±´€D/ð }Öë>f5<@baŽP£[‹*¸0b½A¬ŒÌU§=sÝ‘-YÆé4‰ãÌÅðÿ-G0yæ!b¯Ó÷£ÔŸž˜ý#_®JËfõ’°\^ÑxÿÑì››‹±Ó}ÒïßÑô%¢|heÛCD§D´S•4P؈ßøºKe˜„ :™ - #V¯ÀI'äá€KR)Œ$VLp/žyѬòvöp4bœ{@÷ -)¢úžÆ¢]úU­òÙoÖ=(°ÕÖ~t† “Æ®Ñq¾¬ç›’ò=C$8î#U>X®‡aiå6ë¼ÐþeÕf_Jo“üV™Áà^a þº‡•™&QŒ8¢Lm€H¬ )³‚«ÏŽ«òêææ⃗hå_Û›ËO9¶õ¬.÷$ Š~A´=žß&‡­h¥f&Ñú(ÉâU13ZK¬t<¨,q2+!\ãwGê:¨•öE|íÓ†LXšàÆÍc—Å÷ òëL& 豚Cj\ÝÐHI@1X”öýF¬t7Ø•€êQ -ÓãÜ¥ºÿu†.2fLš ͼ,šÖ¢wH7«_s¬ûÜ•u~yûñ­OÄÿ$,Œ1èߎ=…}"HœýŠÂùv<üåkH`ûÏëe^TîȽ±—y!ÁTóºõâ£j– ¦;R$†Å®ÕÇè ݳwqÔÞÏ­ë—ÛM¾°ÆÆ [Ä ;WGÌŒ?bß®1'Ùf,h•Êk˜T;9Î e˜þ¸žŒ›Í<¾ÜcÈi(‹ÅCûdñÿýò ¬C Akhï¹µ»³†‹|l„NXSG›ëÅ„&×½G¬ƒŸöÐ#ÖÍ>^×V³3ßaR˜£ Í«ø„(µË'gMe µ†R,Q:ŽÔ´¶ÏÝ>6dL\ñ ¢+£€™eŽÅ•I©Ž‚Óh A¾€²y´Ý%!hqüYLÈhÇ~¢³5 Êä@é3Tºp:ù&À?í-Ï‹û®·ÕZ¢ÕNºãïüÊ—4+»n!‘ÚöÑÜ“™¾ì81ÏÂÅ»÷r¤Ñ'Y*G\òm¯ée(Ú¡óIѽOŠB¿ -»†–°]Cm1€s].ê᥂¸Ñºð‡kEÔ«™ÝA(ö½L{Q&õ·óÚ„¼tžCMRÑ<4ŠqžÏfvåe¡ €„µ¡v0…Ât:º¼§…ª¦Ñw aVxÐ^«]\$=˜Lp¢€7®ì`öR@L= ±ôtY´­#µ-`ç®QN=å^Ïn:iá‰î:c1í~ü¶Æ3†õg¼ ‡#>¦ÿd$÷02º+ªyCSζ_.ÿ1§ â”G}'”{N(;Å;ÄõEm¢({RÔᄠƆ&<” -¬ÝNü*Ÿa3XH¹Þ½3h4máŒÜÒÄóµ‚rÙ(¸/éã΃Á;Ó´ëSmf¤)ç«j\¸ÂÙ2¯*êQQù#È[p¨êõ2÷Øé2°ºìîè¶Aæ]p$—pÊ„k†ÇÜÛªêlU mUFaykRÆ¡ º°÷¹+dž¤³p -½ÂùNæ›é¸×‘ì"AŸù£êc–מ|^Œ]ÓCºî¨ŽøU».‹Ð‘رó²ýs•uy5åy#?üpqnä­ÊPö¯œ#yÙ­;³UÙ¡¼p&‰o#]¤ç.taámgïÖγeý™†øÍCeô[ÁeK¼û öXÌ­¿eNœÕ÷äf2D©ØÉ÷)¯ÛCiô^Ÿ5_­l5ßþà×K(‰=œóêaÍãû¯S¹àAì”uæ™ÉøX½¥|¹§‡ -‡ub\¿ ð,UÉ›(зÑÞ¿¤q!Iãß­y¿•6þNTÒÂËSÀ»~Ý”ø‹p›¡®‹åf ÈT~ƒ9õopê\q]E9‰JwôL h4´ë³|Þgœu™€¶‹p/œË=ûåÿ°äOZ-ëú·ÍŠ–ï¬ïTÙCµŸkcyÃ]å­ŸÙ²Ë54;ôW»+ú`7»ŠîÍa°ýó …݃~§ð„®Šg -o-Ó½2G¦HGXÿ? º€_endstream +xÚ¥koÛFò»…€ûp4zb¸O.“Onâä\$NÏvÚ¢ ¥•D”"U‘²ë;Ü¿™åK¢¬¸n€îr3³óž‘Ù$‚lbT‰DNâD†*bj2[ŸE“%ì}:cþÌ´94íŸúþîìÍGÍ'I˜h®'w‹,FÆ°ÉÝüçàý?/~¼»¼9Ÿr:<Ÿ*ß_] •„†÷_¯?^}úéæâ<–ÁÝÕ×kZ¾¹üxysyýþò|ÊŒbpŸ{G.|¼ú|I³O7_¾\Üœÿz÷ÃÙå]û–þ{Y$ð!œýük4™Ã³8‹B‘5y„(dIÂ'ë3©D¨¤ÍJ~v{ö¯`o×]㟌Xȸx ›ãx Gxý”)Jïã2‡RÅ Íx¨Œˆ[©È¾T˜¡BMb•„ZpáÄòÇÎn3[!{à¼èÆÄJÆ€ÏÝnì,[<OWv{ÎL`é³á>ªU¹Ëç4¿÷òr¹´~­.CD`§ x wð/êó)p/¨êt[ï6ÿ€/ÀkV,i·^YšÌÒÚ.Ë퓧{ðN-C®™ð„ íŒ÷ç³<'Øi^•ŽÄ)x(WCRm‘Þçø²8Aèç,Ø>ѾÓÑŠ»"·U5F C.¹éø7G(‰Å’ùså¦ÎÊ‚`¯Rävl€Ã¶ ZY…‰¦¡•¬Î1ð—(âv>Êö»•%@Ž +š"-nb‹ºY#qoÊmí×ÍÅYžÁ¹¿û嫉Àt>§+•ßH‹ù~„x>:ŠÝú´ +¬d/ín¸‡ +'žF¡uP¤këÏÍò‘àîÊÓÆ‚ƒÐšWõ/ñÅÉxÊ™Ú{,€rרß “;Ûm+|~°UF7ç´<éÒCH=¨ÊÖcþ%RÑwt"[à¨ñ$<‡sLi6TP”u{î1êòÃõíÜð¤í*K ˆæïÐz¹BöOÓž­#th´élY4ö‹PojH +«âžÂîq™täEj}ÿØß4x@ý<9Èw<½ÅþøÚ?Óõ&·á¬\”«k/à?š}w{9v»úí[B?‡” -l} é”öŠ„ˆkˆƒ}/üJ×.¤ DPðDÂE$_“nˆãÑBêXˆÑBGàN™gÏ<«6i=[ üAò†‚å‚ƬYúUlÒÙïÖlÕ¥b¤²Ûgˆ0_—ó]Nnü@Q†Ñ®û0•–ËaLÚ¸ÍrÊûÆQiö¹ô:ÎwÂlî +âŸ{\˜±cfø a*H"iH˜<}vZ”×··—ï=G ïîn¯> øX—³2?à,úÖöh~:Ö +­Ô @67Ž³VF¡QüTV¥4Ð íx–Cxš’úžN­>Ãa[*ñ +_aä1ÆæÊo´šŒ묚•õån›bRàÂ_ä" Ã벶cæâ‘`†Å5Zô¬|°m, îŸh¤ìg `iÍ 1pFìæ%#q„¼F½*+ou OÜÇ|·%OsŸ-”ùôŒÒô¤ñ: wJ#ãÐðè% ›G•F&ê‹“æ(x(ô¾ÕævéÄ9-‹üé´]¶çA’6¹KŒ±Ô'1<ø\.+Úiósü¨WiM³Uú`÷gm>¹§4‹Ò h†*"yìdŽãõ¿?|ýr• ó·ëÒt˜x©îòš¾1 +à˜ÒÐ{òR÷¢©:øOYXša¬‡‰5X ŒD“WŸæg¬BžÈæ¼³ÀÒ¡«&T„2°zwß#‡²n¥NŒ*üÜBRJ¦y\“{*ò:­ë¹+=OÕ²x'Žâ½Zö¯Ýja: E uå”ëPq²Ñ¦>¨…E¤á5I ¶¢uÈXdúÆÒªA×MŠg)Çal0HlYÙXþ¸mªÏÛ +õËü\ñ¿M×kpž‡²Uã2L$“¾Ê<„f¤,&KÃ}¸4ÆïŽTv 4PIå5Šè:Ä ™°0WCŠ]ßG0ȯcP™¸5ÐRãb1‚Cs(‚usƒEnߎ@œrl5Ø’ˆÃDpӣܥºÿuŠÎ“И8ªyžUµEëjNº!Ûüæª?÷Aõ_î>ÞùDüÏ↡¿ô¿wcÎâ!³tg¿!sÞ‡¿t lŸây¹N³Â]’7¶ñ<-Ęb^Öž}TÖ¾óý„!‰ ±¯õÚDõôŸÔ÷%]d¾SÐÏØ~ªÒ¥ýCUl ¼ëDÕkF B‡Š-8 º”…b­Rmâ±àQ›õ»í’F*×Ýlæá¥BJCž-Wõ£ÅÿÓB›Px`-`ˆrØ;ä‚JYk÷=´âb ÇáJ‡:¢JŽ6·Ë Mnzž¬=?í_ OÖgÏ!\×X³3 +~S‰‰ÊP7HŽÂ˜BÕ>èmb ñ€Kjy¤çØžšöRw ©^5£ÍB uúD“{;×í³Í9ˆdT“(×â´*Å*IöU©".Q +Kyû*`̾ +ÀJ›~âÇcV¯|OœGÞëóͳXøg76æË›ÝÖTu]5ç>ãgŒÄ±æIïoû‰+‚\¤ëçU½lE9p>AZø©ëÀÑYåôZdpÎu¼Hº¸Gi!nÔ.âZVöbf÷7û܆}ÂæuYcçrÏѵ‚€užB}Rмéã<Í첦$€äµrr‡]L§0µ®´P”4ú6"Ì2´×øÄ>!×½3 g„¡9¼s-€dÏ„Ô“!KU×Y];T]1ÓPî:æ®»Üï?ÐK›®Zã®Û.™‡DD»H8{®ÃÆZ4êBãˆI¤,1"¸ÏŠyESbÎ:…À/— Á˜Ò°o¸6´@\iï—Á OƒÙ£¢n'L0LT¿”l±x¯¡œÎ°1Ì»ë'i¯Ú\4-OÑ4}« ”Ζ€ÐeÑǽ?~¦ª·ç&ØÍHRÎ(¨þPå"ÎÖiQP¿ŠJ!NÖ‚CQnש‡NŦçî®vÍ2o‚#y…ãPÂ]üŠ˜×UÙêªêªšåN;…ð™-nÏí"u¥ž!î㬹…Vál'ñuÜkQvÁ ‡ˆìQîAÆzÂ=iA;vK¾tÛ"1­z›-—MƒbÏÌó&ÀdÒª7¥}#¿±"ž±i¨Ζ³‡4o×æÊäX0µìu¨‹‘l‡62¼±õìÍÖ×±" QÉÛ_Â@kD”à"ŽvDz¹õ¯Li X‚³rA–&4Šù^úOÙqãàVfÕm×t³±Å¼ûñ¯ï s¨ü9gØÃÈ·-^&rÞþ GIøhõ•˜„•_ÒWj(pX'ÂÕ3Ob©¿ 3?‚ùˆ¼jáþ%‰Cææ$®ÐuÍ3üá´òo¢ +œàf÷ªÖÑÞïˆÙz·`R7¿ÓÁœÚ9¸F宸&Š¤´DÆ{r¦£¨4´ës~Ù¸hœµÉ€vp¯¹—z$öOª`ÉùOZÍËò÷݆–ï­o\Ùc¥ ëjyÅݤµŸÙ¼I7*txì/ + ‹—ô{Á~.µÞ«ÿÚ ûS ‰©k¿ñ?ð0M“Å…¯ñAÁ#L¨ GHÿ?¤Àƒžendstream endobj -900 0 obj << +901 0 obj << /Type /Page -/Contents 901 0 R -/Resources 899 0 R +/Contents 902 0 R +/Resources 900 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 907 0 R -/Annots [ 905 0 R 906 0 R ] +/Parent 908 0 R +/Annots [ 906 0 R 907 0 R ] >> endobj -905 0 obj << +906 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] /Rect [519.8432 252.798 539.579 264.8576] /Subtype /Link /A << /S /GoTo /D (lwresd) >> >> endobj -906 0 obj << +907 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [84.0431 240.8428 118.7265 252.9024] +/Rect [84.0431 240.8428 119.7369 252.9024] /Subtype /Link /A << /S /GoTo /D (lwresd) >> >> endobj -902 0 obj << -/D [900 0 R /XYZ 85.0394 794.5015 null] +903 0 obj << +/D [901 0 R /XYZ 85.0394 794.5015 null] >> endobj 322 0 obj << -/D [900 0 R /XYZ 85.0394 451.0558 null] ->> endobj -903 0 obj << -/D [900 0 R /XYZ 85.0394 423.9067 null] ->> endobj -326 0 obj << -/D [900 0 R /XYZ 85.0394 301.4703 null] +/D [901 0 R /XYZ 85.0394 451.0558 null] >> endobj 904 0 obj << -/D [900 0 R /XYZ 85.0394 271.3564 null] +/D [901 0 R /XYZ 85.0394 423.9067 null] >> endobj -899 0 obj << +326 0 obj << +/D [901 0 R /XYZ 85.0394 301.4703 null] +>> endobj +905 0 obj << +/D [901 0 R /XYZ 85.0394 271.3564 null] +>> endobj +900 0 obj << /Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F57 624 0 R >> /ProcSet [ /PDF /Text ] >> endobj -910 0 obj << -/Length 1238 +911 0 obj << +/Length 1236 /Filter /FlateDecode >> stream -xÚ¥Xßs›8~÷_Ácò Uü†»§4uré\Ó;×}j;„­ ŠDbß]ÿ÷“,aƒC<™LFBì~ÚýV»¬l[HþÙ–À vb+Œ=è#Û·’b‚¬•|w;± h…@Wêý|òî&p¬ÆXó¬ƒAE¶5O¿]З]\¾¿¹»ý:»º ½‹ùÝçûKàøèâæîÏ©žÝή>}ºš];òí‹ë?®þšOgúU`0ÞßÝÐ+±^Mo¦³éýõôòÇüãd:ßûÒõ×F®räçäÛd¥ÒíÝ8ò­'ù€ ÇŽUL<ß…¾çºíJ>ù2ù{Øy»SäÏFÐq%WÏ ô˶aìûNA?†ë¸{mW²‚º(0¤æÚË/ RRþj\¸V.¿»ñÃNdÜPš‰ââ$ˆ%.ˆžU¬zF«Åáá_=|G>Ò3£¾È)7"ÿíÕpšÖ'ÑÈöh"m=û]B=ùÕ.ï<êS%]ò"è»N| ÉAÒò!§¤‚²R¯à2Õ“¯¯È~¯{ŽýHRÚeO ºAɱëÅTPrŠcÎsö¤§«ÍšV­%œ#Y¦Çž#‚éqIôH0§ùVÏNŒK³R4¹ Und¹h–GÞò?š·ÿ°’p8Ä2h]ný0Œdû†lV)*GœÈU{Nƒâ|M B;Šµ1ne0zĨ·ÏeÛô|Ï7h-T#d‡FŽ÷¦åѽT -]ˆB/6ª*yR˜°2Ø%p ­5êØåä·HàÄúq(Y–¸¡íõÌ7I(õ,'†QÊB¼‘”{”'dw˜•œyXpQÓrµËŵ–×y͸8$}û4¬¡wख¸€¦ZE?.hzJ'¥5I«M’WX¬jŸA“d-#œï`“‘zŒ´Øá³SÃ’ž¿hŽ–_wKÕâÀ˜zø¯›¢Íɳ -R¨£'ËMø-m\EÓÑ;œ¯UT-=­²%|ÁêEÉ-ÂXƒrÓ%ø%ÃQ1‘YX ȆŠQZçMe¸›/tŠ •áèφ´ê4xFD²«¼!£¤ó†¯Á®l*øº){*ǵÆR%OA’SYqø˜ÝTŠŽÉ  -(ðÆ|í›bIêAË -ZÒç &¼’u‡ŒÚ¨ýÌ€D¨Q*%4;J¯ ›*§ ƒfÊ*Ñt -Þé½ê,q\±­ˆ=FA~Hecù˜hª/ä? ›¬KÌGŸ´äœ$€”x™Ÿ£3ö ?ú)éV1=u##ŽËdÍêîÛA« \¡T–2Û£˜¯ä«Ÿp7‡¬Ì·½`f´nÛDÕéÂÚ÷¤²å´‘ e·iÜ)ýö¹‘G[fDòô÷‹Ÿ×ôjb¯vËg´Â'ßA–’5‘Öwòì¸%ïY`ú»ÎJ›Ø‡Ý’þ²6Ló¾G«’Õä•@î]ÐÍpC¤"ƒp¾(°¬³›Ãp°4L§xŸ‰Ò5FÔ¸äûFá @G…ç Ž5Uª¾}æÔËêͶ=€oKÙ±rÊϺ»>T×Ù{,Úß Þ|k>ü¤àÉ F9‡ q·ƒvBÙÐGÄ¥v£g–·×ëç¦ÿÀÄ Ïendstream +xÚ¥XÝs›8÷_Á£ó U|ÃÝSš:½t®éë>µ Âhˆ"Ñ8w×ÿý$KØà‡L&“Ñ"vW»¿ý`eÛBò϶ü±[aìAÙ¾•”3dmå»÷3Ûð€Ž ô¹Þ®fo®ÇŠa8µÊzº"ˆ¢È¶Vé×yx!5 ùÕ§Ûë›÷_–—¡7_Ý|º½Žæ×7.4õ~yùñãåòØ‘oϯþ¸ükµXêWÑñöæöÞ‰õò„Òåâz±\Ü^-.¾¯>Ì«ƒ/}mä*G~̾~GV*Ýþ0CÐ#ߺ—ÚqìXåÌó]è{®Ûí³Ï³¿ +{o÷¢£øÙ:®Äê1€žcÙ6Œ}ß èÇ0p÷€ íJTBósA®½ü,° %©„Á¯Áe‰åò›k?ìEYÀ ¥™(Þk<( ¤Æ +—DS5k„¦h½>>ü«—oÈGš2âë‚rÃòßA §isVÛy8!¤b[S¿ëB¨‰_ÝöÞ£!TÒ%/‚¾ëÄG¼ ½#ßr**(«ô®RM|áxKg Ðs|èGÒ>zšÑí1JŒ]/¤€âSðpQ°{Mf¬1{zIXYv–pbŒd™^Ž¦× Ñ+Áœšn91NlÌNÙ‚Ö…áå¢ÝœxË üÓ¼ý‡U„Ã1”Açpè‡atÛ7`³ZA9!#P0 öW95ºUäƸ­Ñ1F½}(ÛŽ ç{¾ @gÙH !;4||h4­NΔRèBz±Uœ„UÙÈ) è¬QiWßFT'FÐC‰²tÀ mo`¾)B)g91Œ¢P6âCˆ$ßO™!ûdV|æaÍEC«í¾rÖš_wäœqq,úîi\BŸÀI#õšjý¸¦é9™”6$¬1E^c‘¯Õ9£&É^& +8GÜÁ.#Ín±×ÏJL Jš~ÒÍŸ÷[Õúˆ˜zxÜë'9-ȻҶ¬'0k£JRªD•M…&|ò5M'ó¾H½6Jup”Ó"„¯Y³®Øè)¸9¨výpœH‰jŸ‰¬QÀ*@vTœ—²Mþ᢭M¸÷ôZÔè¾#€þhI—~çMʈHr°-Z2Å”¬hyöMVyÀóV¤ì~’ï9–"E +’‚Êþ4 _UГCb‰€ïÌlЖÒŒSÒŠ–¸ áµìRd’mÝG $*£&ÙV1A³Ó  ¦²« šP1z¢ì)m¯=ž7¯ÉÇE5±§'?»²+‚š±b’û2ã…üt—5`ƒ9™”ÿç$¤Â›bR¾‚±;9"¤¤ßó4-šVFWIΚþÛsç—Jd#«]!:¢ó™ŠaÍ=nÒÓQ’UÅà ˜mº¡RÍ…ãõ¤u&X9 ÚÎÄñ³?bî…~=Ñ™ejËŠHî€þÚñ—Șõ³³õ ç3còø§('Òú^ð Ì4ØÛé +ûxúQ„¿† ÓbèѶb y&û±ô+Ü©À œ¯K,ûlïž1î©VÓkÞ¯Ð"\ñÃXñBE}¯NÏ+LjëT}ûLÖËyëÇ®¾®Õ}u䢊£ÿ«¯ÅÇß > endobj -911 0 obj << -/D [909 0 R /XYZ 56.6929 794.5015 null] ->> endobj -330 0 obj << -/D [909 0 R /XYZ 56.6929 769.5949 null] +/Parent 908 0 R >> endobj 912 0 obj << -/D [909 0 R /XYZ 56.6929 752.2028 null] +/D [910 0 R /XYZ 56.6929 794.5015 null] >> endobj -334 0 obj << -/D [909 0 R /XYZ 56.6929 693.9224 null] +330 0 obj << +/D [910 0 R /XYZ 56.6929 769.5949 null] >> endobj 913 0 obj << -/D [909 0 R /XYZ 56.6929 663.1642 null] +/D [910 0 R /XYZ 56.6929 752.2028 null] >> endobj -338 0 obj << -/D [909 0 R /XYZ 56.6929 628.9495 null] +334 0 obj << +/D [910 0 R /XYZ 56.6929 693.9224 null] >> endobj 914 0 obj << -/D [909 0 R /XYZ 56.6929 601.0964 null] +/D [910 0 R /XYZ 56.6929 663.1642 null] >> endobj -908 0 obj << +338 0 obj << +/D [910 0 R /XYZ 56.6929 628.9495 null] +>> endobj +915 0 obj << +/D [910 0 R /XYZ 56.6929 601.0964 null] +>> endobj +909 0 obj << /Font << /F62 634 0 R /F42 597 0 R /F57 624 0 R /F43 600 0 R >> /ProcSet [ /PDF /Text ] >> endobj -917 0 obj << -/Length 1160 +918 0 obj << +/Length 1174 /Filter /FlateDecode >> stream -xÚµX[sâ6~çWø1tFª.–/Ó§lJÒìt³-¥OÛF±EPklVìÒvÿ{eËÆ6<8Èçûtî:vùÃNÀ ¢¡ëø¡ Ẩ优w\É€Z4¥ÞLßß{Ä aèÏ™Ì\DA€Iüáæî§Û_&£ñ†n<8ÌC7oŸ~´+¡}ܽº|ø}|;ôÝ›Éãû'»<ÝÆ£§»Ñà€aƒ'à ÀýãÏ#ûßÃøöÝ»Ûñðãäí`4ÙÚÒ´#Zòiðá#rbcöÛ‚4 ˜óÙü@‡!q—QÈ\Jë•dðÛà×-aãm mó£dñ[Èü†1vaH|êø,„%´ôàs£¿æY"†ÀCèæûàq¬DžO\Gói"sm׿þP˜löÃ1Rrðu&c°vÁ*^‚e¦t¾GV¬ôåð®ã°ÙP¼)ÈRPR¬¼\Nírý*#·äFÉÿƒÿÓJ¨ ȳ•ŠDÅSXÔˆ¡ífÅûãß’‹ - õCC }—º%ãwå«ÚA† -9¿gÂÿnÙòc #!=ÉOŽù ´µPF çûl?\M‹wN½Àh‚!ö‘W)ÅN)žÍhr ÓhA#²æÿ´âi> -h¹@¦–®ÏBµæÆ1([é>FÉ8¹|«Ô½•Eéh ¢DŠ´.Ûµ”ˆV*—kÑaÙs¡$O€Íŵ¸!Åy• -õ«ú6Õyþ­‡f™2å}˜LY*€ø,¶ùZ><ÝTë»üÆäeÌÊÂèÒ+Ý+X[饱 Íû[[w§ÚZ¹tª{>¤>q[ZƒaÑZ;EK/mÔö)¤n¶›Ýì!;Õ¼cÕÌùLÍŽ-]ªæµ×óÕB Iyüîg‰—¹mGóšºùxˆžÕí¬ë -!ÁìdT½k¢jÍÐC÷ƒºÊMíœòÞFäÓLMÓ¬5OÓLËÙ¦Ÿ»ƒ.öÉëºÛÃfLsƒ­Îçè.Ó_ÏÑØ!%‡ç/Oò Xíöf­½£ö$±mJ=e‹„°}=yòÈ/3’ìäòoÑë¬úÓ¸55­~(þ›æKµ¶Ê(3ÓűlÓ]»Ä\óË3™Ô‡N·¸U)×f¿l‡(<•é‹9´PkžœõÕ\p¥Ÿ×} V¯RpÆ#ÑcŠ6稌òþ-3òÍU •M®íd®¿•Ê…™Šë3»b)WöÂas¸e}—äÁé¯n†7­“^Ã[ñh~N|W -ý¥sùLhd,õ¦5PÙº)PYÖcl+:yQЭ»#­—*[˸ub”4ãZ®{È׃LQ‘<ù’*ª•f‹™É¨y9÷õ–‰ËE°ænÚŒ»—€Ê½zƒ¬‚G=»ýë<6©"³¢ÑÎT¶|¥çý}wˆ.µ¼Š2OcƒŠÅZÖ[r=Ÿ¦¼¶òLIt÷Ö¶ j¦JÛ®[ÐöÛï›/wv7_®™ƒ€lïm\Ú¸·¡Èƒ ýZ©Â6j¾½:Vý?ßÏF#endstream +xÚ­XÝsâ6ç¯ðcèŒTK²ü1÷”KIš›^®¥ôézÃ(¶jÍI‚mï¯ü…m°Á! òþv»ÚÕ.B–m>Èò)´IàX^à@j#j…«‘m=™ww#TÊ€J4¥ÞÏF?ÞºØ +`àbך-º|hû>²fÑç«›Ÿ¯M¦c€©}åÂ1 ®}õþþá§b%(7Ÿnïïþ˜^=çjvÿé¡XžNn'ÓÉÃÍd O‘ÁãRCàöþ—Iñínzýñãõtüeöa4™í}iú‹l’9òuôù‹mEÆí#’À§Ö³ùaCØZJ u©VâÑï£ßö +oshWü(ñ!õ±×@ê5ˆìË£t &yY§Ï`ëµKô’+¡ÆÀµí«‹‹"É•š¯˜—óX(]¬—ùn„`@)Ε=Æ,ü{™Æü:Ø6Ø:`­Á:•ºM([9¡5u¸—é(xdïyÒÄd.A…¼XÏ‹ùúENî•’o«¿À× —; Ò y©§TP þ´©½7–½)~ü—ëÂ6˜xQ =‡Ð\ãù«ÊFã…Q…²j¹ÐÒ_/ú¦â€ôêÇÇú3tá) C×óh;¢Më ¾ÀiŒ òl÷%¤.p_ê´gCÙ¸íôŠ}Z²D-¸Z¬8IK6«G.;sã”nô T‡)ÅgLõN›*êp ÂXð¤*Û$7R‰-ŒP\ +ƒ"_$Óü,ŸBðó2úe}ȆŸTZ¤Ò”÷a2¥ Fà™ïó5¬X²+×ëüFÝ- ¨|ÏòÂ@G Ê‹Zzm%þáƒÚâ_&¬‰9êk@öm®Ö<ì´¦fº8–m†ë1͆" +^ WMgˆ¥Íþ2NaÌY"’'Ó4—[ŸÕ’3©9ÓC …‘\pÁB>b\ѦŠP g¦Óuj¶|÷Š? ÊäZ-s‘ +)× •QÕ³K-ùJk;ŠîX¯“Üïòcf†7­ãAsX²p9\|ˆt9‰'`¶FDBï:7êDê­DdšÛ²“<+胣ûDá¬eºQ'ªg”4ãšÒƒåµÌ + ”€) Ö쨫œ –»Í&£–ù>4Zf_.åÖ´wPÃÖ`PaéèÌîþ‡™TivÐ.dºl£—ÃcwˆÎu¼Üe–Dñ­¨vlÍôrž°ÊËw}·:ÄtyBºî`ìý¸WßøÔ×aŽ}}ï/sÒ¸Ì!¶ }x©Ì52ß_ SÿëìMendstream endobj -916 0 obj << +917 0 obj << /Type /Page -/Contents 917 0 R -/Resources 915 0 R +/Contents 918 0 R +/Resources 916 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 907 0 R +/Parent 908 0 R >> endobj -918 0 obj << -/D [916 0 R /XYZ 85.0394 794.5015 null] +919 0 obj << +/D [917 0 R /XYZ 85.0394 794.5015 null] >> endobj -915 0 obj << +916 0 obj << /Font << /F62 634 0 R /F57 624 0 R /F43 600 0 R >> /ProcSet [ /PDF /Text ] >> endobj -921 0 obj << -/Length 3325 +922 0 obj << +/Length 3234 /Filter /FlateDecode >> stream -xÚ¥]“ã4ò}~EÞÈDkI–-O ; Ç.· uuçÄJâZDZ³³ÃÿýºÕ’?'Å̃äVKÝjõ§>‹àŸÏTÂ#Ì,51SW³Õî&šm`ì«îqi1ÄúâáæÅëDÌ 3‰HfëÁZšEZóÙCþÓÁQ ˜e?®Êcî—ø¯_)ÛÙ²hZúúÃcNòñÛÑžÊzs"úœœ‘M¶,í"+7õ¡h·;/ϼÞeE5â£CùܳpøƒH,„aZ§f¼k|ñ:³Ž5²k–$io#<å"X®Þ£xÒãÚ¬µ;[µôùÊþE¢*ƒ Y•SçÇ&ÛXOKt -H Å’8N©‡­íꑸfƘ'pp¾˜ë‘Ry¼fÀœ”óƶ õŽ{j7e½ÌJê÷Û‚¶Æ6ž/­ŸÐØœzË'jÑÐu¶…ŸvBp—yd´ìàé8µ¢ÞÊÒÉ(…ló±à9Ë$™gؤóU]¡l7ÇCFÒÅ1„”øH”™ß¯ Øníá–ë¹¥‰È‚Aá&›h¦áÏK6….˜þ‰d?ƒµ‚S&Z‘ಬWï©ûúH6[m F¸Ô‡£¡a<Š¶ñJ%L+cNìî³cé•î±(Kê¹ã‚‹yVÎRΓ™ç%9ìjÚÒbˆåa<I:,2Úƒ]µõá锲IA¿µ¾N9 MPžèJ$ƤÑjR¨ùc}x_Tú†œ¬Ú[>G¾´^SÛ†9=|ø„A ´þeåQ+pƒÙ²©Ëcëq÷Y»EχG,bÒÑáZçZ -@ÒRžœE2JÆÇI'(c28ƒfïmE ¬¡–öRºRM#­3@ìõ;ÆírÎÝ– ÷BŒ 9¸(h`†Öõ:»ºi©çDÂóõ±Ýýmª *²lÃÈpF1óij£ðrv8V6‘Rám ì)²à¨Ûg¤¦÷à :Íã«ê–ÍÞ® -ÜÍÑšN3jÓMZž„é™rÇí&¤ ÑÏ$‘ñ{c»_ÄT[A3 -PŸ SvSB›S>„‰æk©w„ð¸-ÐÇàM‚Ž×qGrÀ6;´è)€´!ApG¾§1“lëc™Ó’K?ý kƒÑLe=`BS¬9ãBÉëÎiˆuÙ9uXHõ½}Z\tPœ§L¥ñuêi‚úÈAÁ)*£#òÿÚ:sæÑ|o`h;¯VpœO`ÅŠû '€½ J!ñ Zϳ &ž°û>'çŸd äé‚IÈòåÜ°²ï1yr5 «PbJ—¶ÊZ+¯‘*(,žO¡ë\»J¡T- Ðl3òZ~2lУnleQ‡ršá -‰su’t¤‰BøðíÝ¿'I¤t—‚¸õ}`ÂйK²4Rãs_•ùc“ú<júÆ%>ÆÏ<á(MY ÉÜu†$$ÃZ³´W6¬(û*ZZÝU‘HØ¥§Ðz€ö)@z$pÎmSôR…ï. G©® § o>œ¤J`é¤ÞS%JL9Û„0b¬2‰Öw®UýÐèa€"ª«`Éhièg!â‰,‹AeÒà5©à5‰ ÀµñO;!pÈG˜F†É8Ÿ^§+™€àg˜ß ‰D±Tu®d>Å€Ò‡'q:å[¬Ö‹O]ª(øw)}"$»¡h,H@}%Êõ½,%sl/퉃,“NH…0FámíGÝTl|!~V…rˆÚŒåÄ>%..Ñxÿ9Æ#9BmÌ1îø” 6 Nª*ÝÐA¯²Æ¥‰Â õÜD¡$ ö@Œ8©O0#˜H’ w]æ?H™¨ÒèÃ"Ã'þ’,øIì#‹C˜˜I_¤Ëñ" õrÞ¢¹MgP× wHç”åyþ4&íkªtþŠò_—v.¾¶e¹£RI“@Ç ¥‡´avW½Š+  C“äÎêÑÕâ»h5—S 3ùR°È€EŒ ô皃®å®$h¡)Žs±þk1 &©Áº}ÕÊC–P§rÁbê9™ÀHYg¹‡„%Bµã&¸»X†Â¡^TÐëÊhrýR¡.é±uÕ*sPêNù»ZÅ©ýT­‚U×½ŸvÙX]ä[Ñæ¶ÝÚ×- -?¥ÏX\tÅâ<’ó%ÇÝ~ÑßzMŽ3Åãë”;¤sÒc/œ°3ã!mÊÎd2*|4–I"áê˜j ¼ uE%âà>š“yP gK8.®©}¤4 -zEÕ´‡[=?®(i åµ'&M's°i¦MŸ<ÏTùÊëp•//xi•ˆA‚‡Ê¶öjP{}ßwôht­\4Ì7é°n9=b!>çî Â(nþÌ#ž`P{êé'¼E·âb¸äùûœä°LlLO9h#›XÌ¡Ò•|x)7e$°_,ž)d†X—ͤÃrÑÚîð%¡hÚbÕ\2™0‰‰ÀU.:¬ 6F&[†â5óán4°üB›Á¶ ÃÁf@>pÒàÿEëœ#ôasty¨ñA¿\·ß°_§öÄ*jíÇ¢ÅɈ“êjR]z'‚rLž&ãOŸ#‰ï?CufþT¦ò> 1^,ì’Â(ÅâD>“È ±®(LÀr…G‘_P›Z^'&H®nÀÿ$&“~˜¾x!¿šö÷2½_\ÖôN5ítÄÝý´þ:Èßj¬lã÷¯Âí¦½© ›} ¢O¦§÷öIÔ“ë9è²êüÜcð(Rwï~/B‰ânàO.=>d‡‡cõ‚´Žàù‚}¯ˆ¼])9<7÷MW0qÈù”WEÌþzÇã´Û¬¥±Ç¬ò=º­Á']z^ŽçM±©²²{CÀ·#HU…©‰/k=»go3hqéøI,†ü@¶_à,Ó3,I»çéÑf5žX5YS ‘ -“ü‹CS¼sqI1vï‹R|ØÁæ{Ôì A‘”’4k8êŸI¡· ÐÄÖV~ápÎSÕɪ'zêÿÞËåxð…[£G¿º –’¿]ýÁ¿°¤ó7uëÇÜ™N/MMÒ¹£iÁa ŸÊ‚*Á’54BŠ¤74Æþ£—‰¡çséócÓ¿ ¯ëð„€à"¼Ic‚’ö˜þn0$¶Z•un×CŽœ×GÊסÿÛ$Ñ\tŸiÊD -ÕæUï9@ºì<Rx³¿i±‚S:½J¿C:g`\ j–@ q@.4Š‡.¾jÿfÙ†áÎ…Fqì\(¾nî÷`øþ!sPÝŒšZŸ’â“çIJ:@Ê}Ûø·K* 'rR™²(>½¤œT&ÄÄTÀŒc¦”¸ÅDqÿCð‹³Ç®Üˆpi6|¯Nä…'üóq ¿ÄOn?MC§Ÿ˜t·wò´Â±ñ{Trá·åº3õk6Èšñ'h -u?;úÛ¿tëˆ Z‹iÕ©f±†Eìs7mBð:dÔ´vt¬XQocèf”ÂmóñÍà=Ë(Z¦ØÄËMU"ow§:%îâB +ûˆT²¼ß°Ý›ú–륡‰¸9ƒÀÍ06ÒL' ž³1tÁdL8û¬(¸e¢Õ1 ®‹jóžº „aÀÂŒp©WCÃÈxämã„6ˆ˜VI2ѳMO…ºÇ¼(¨g¯ Z¼.vf‘9‹9*Œ™TqxÁ‚Òjˆe h8ç:,RÚÚlÚª~šRNbo­¯SöH3”‡÷À²ˆ1iÔš•jùXÕïórG°!+›ö–/q_Zm©mýœÆÔAbÀ¯¡ó©Y:ÔÌ`ºnªâÔ:ÜcÚîÑòá‹dt¸Ö¹”¤ÔÝ'g ¢±¨Ó ÊN† €é{S(m¨¥³°îGTÑHk{ý‰ñ¸œs{¤„;!†—\Ôo†¶UMCÕ´Ô³¬æ¹êÔOnˆÕø¶c¤8#_;±ìȼŒÕ§rFÇÀÃCH#œŽ¡[ƒÕEtç Ôü9C¸Ak!¥c¼ÑbeÕÝ{Ž§1j3 ÓmCi:£IË3ݦìu@ûÏ.H´3Q¸³±™Ó¯B¢­ ðÉÆg¸)p;vSB'Ó}ˆ$Xn-¤:Âã>Gƒ4 :NÆi%ÊÛ´nÑRé„DÁ¸øžÆ€M°¯NEFK®ÝT´ƒ¶õJ3õ€ +]4Na”0üºqb]6NR}ožV ç1CSr•ºGš¡>2Pp‹J)9&ÿ÷½Ug,¦E;8±‚ë|•È74x:f©55зv +³9uþ à¿W¥i¾ ûC’ʃ3áÐãÀ Â2êñ´.<=ŒN¬Y +¼ =Oó´` uzźX;Ìmu*­*…É2ß^ØËÖm #Dm÷Ös +¿=èÀaÇ8“®/¸0ö`ª3±åXÁ[NM;öŸ©Þ:Û_×—‡HÈçw€uEp=Vg0WŸsS© 4,‹b{v‡uN\EC¹å¨ƒQ§ØNJ݇+Ò…TCþ˜ÖÌ™³$a²0gðî[šam.A%‚¬…–RNÓ°öZ{aÛ'´÷ HÞqÛÙðY„ +òÂ..³tj†e ×ÀKÍ‘Lì®N I«±B¢»TY/zqŒ4íwcŽi¶³=F/RñÿfG +RÙDy×1ØQ±Á7´¥1™É¾Ä-?ZèöTnðâÒ"oŸ†@_O9…x­Û³c žpúiLN GeMTBF0²ñ«*1ĺ¬ƜRÁ3K„Ïï°f¨l9OX Ñ÷˜<™à•ÏF±)¸KSfV¬•“HåïDžе¦]Ūhö)Y-7èPw¦4(CÍ°‰Ä¹8Ip:2 |‚øð—»Ì’ˆº AìúÎ1á èÞ¥ŽY¨ñ½oŠœìq»8rúÆ>‰›9ÙQ³‚¹ë’ kåÕÒ|Ú€;ØТô+oiu›E"ažBëÚ…pé-|Ãa83MÞsFœ¹€…º‰¿€ {sî$VãHË ´ž*Rbêí²O½#Æ,“h`~gÓQÕ.È£ÚìÐʦŒ††~"œ‰"1TIì­†¿[©²,ÈqmüÃÓÎ0œ Å”H¤±‘Œ%üùuº’ úËœ¨ß„D¤X¬:S‹ 2b@êã0ÛÕ·˜­?æ ÞºT·ïÜ3Rº@HvCÁ˜‘€úS”'ê;^JræØ^:^F+j…0€FæíÍ'WnÊw.?ËB9ØŒùÄ>§]\¢)°îþ >†#>®€kèw\ÈÉ¤Ô ô&ml˜(SÏURpúþ ´Ëõ™Í&¢ÈË]ùB&Ê4zÇ°Ïð™+’y;‰}$pÑc-XùÄu1ĺì1:¬žÕ{Ô¸ù êÚÖ qyDM¨»Ì*^¾¢(ØŸ«oMQ(aÒd ÅUÚ´vÖÏîr¸„¼ ¼{ èP1µ†zT€B2§f#k‘ ¿,H@/Frua皃Äe61¨§3Ž5 ¡þsž &®Áº}îÊ}¬P+xÁ:1õ,O`¤¨ÒÌAü>ç±lE>½A¨côºdš€T(O“̨ËP¤½hw*Ðe,Vøç2̽îÝ´Ë*k;°±AÔõ'5oß­}]ï˜ÅŸÓ»Ö½óXÖCÙ÷”¾þ5ª +B‚0š0[tH3ÄÇö8„l@#ê®0WäZë÷-Ó zé®È–¤7óªr<«Ú®žz‘w<‰1F”×y7ĺ̻ËäÓáxuè~Ÿ!ÞaÍP3/b!&#òåÊh”h¹¨FFÞû<ådXgõù™—FÄÁ£4“yYÚ¦kx®¨}¤pzyÙ´õ­^ž6ü²Ê‘ð“æƒâ•ÀD6 +'Ï\e¶qš »ÊÖ¼ŠÄ PFuÝN„b\7iâ¨<Ÿ73‘€5+Àïaþ7½e >‡ëÖŠiI§çQƒ^Ï?¡®ºWÃ%ÏßG%‡eÂ$é){d³ 9Ó¡äÃâ欪(ÅÂH>óò0ĺ¢*ËF=æ€/29èô¦¹¤32bª«»è°f¶1Ò8²”ÌŽöá\V0ÐüBÁ¶õÃ^g@>psàAê¼µîúp8*Âj4Døˆh»ýÝ:•#VRk>å-VvN¢«Ité½ ÒZÙ'5gu±ÿAž‰ïhCqfîVæâg a’hØ%p +8=#0¬+ã±l—gÄDã#±–×I{¤Ò£ØŸ(‰Æ¤æ XdWã¾¾ÕÛÕAÑ«7ªq'#¶†Öº²š«mLã÷¯|• Ó‡XÐ Pò,ãéûGôäúÇ"*úß{Eêîýô…OõìKƤ„ö1­_Ô§òI\Áó‰Ú^8½Rrxoö›üzè£fåÞ§³/“9œvŸ¶4ö˜–®GU/|§gúpÙä»2-šñ°S|ƒ‡T–9¸ò€Ûî\•LÇã§ÅNò#U*Üg±r¢¸{æV㕳¹l!P~’ûåDCSœq±iv"g‹b| Ãæ”ì A²{’4k8êž›¡·öÄÖ”naÿ¤Àc΄ž–NÒò‰žŒÀ>ù ¾ðhô8åVwoJÐRø|¨>º—ªxù¦jݘ½ÓFÚ°1êÌÑ<ã°Kï‚­(Á’)5vC¤­5Lçø{Œž' Ý8_:L—a$ý/¶•ŠApîßö1@‰ûÇ`Wð÷†)7EÕøW +ŸedÕ‰2è8'vé·Wcà¦f,XÐýØåÿþ]Vÿ£5,ik}¡”*bÍB ‹¸MáIÃàÜð»poý?4ħendstream endobj -920 0 obj << +921 0 obj << /Type /Page -/Contents 921 0 R -/Resources 919 0 R +/Contents 922 0 R +/Resources 920 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 907 0 R ->> endobj -922 0 obj << -/D [920 0 R /XYZ 56.6929 794.5015 null] ->> endobj -342 0 obj << -/D [920 0 R /XYZ 56.6929 659.6382 null] +/Parent 908 0 R >> endobj 923 0 obj << -/D [920 0 R /XYZ 56.6929 628.8211 null] +/D [921 0 R /XYZ 56.6929 794.5015 null] >> endobj -919 0 obj << +342 0 obj << +/D [921 0 R /XYZ 56.6929 647.683 null] +>> endobj +924 0 obj << +/D [921 0 R /XYZ 56.6929 616.8659 null] +>> endobj +920 0 obj << /Font << /F62 634 0 R /F57 624 0 R /F42 597 0 R /F43 600 0 R /F56 618 0 R >> /ProcSet [ /PDF /Text ] >> endobj -926 0 obj << -/Length 3376 +927 0 obj << +/Length 3384 /Filter /FlateDecode >> stream -xÚ¥ZÝsÛ6÷_¡é“<1¿NžÜØé¥×Ø=[¹iû@‘Ä Eª"iǽ¹ÿýv± Š¤(å:—̘ °‹ß~BbæÂ1S¡ãúq0“qà„®géîÊm`ì‡+Á4 K´èS}¿¼zû!òf±G^4[®{s)ÇUJÌ–Ù/ó÷¹ùyy÷x½ðBw9׋0rçß¼¿¥ž˜ïî?|üáóã͵ æË÷Ôýx÷áîñîþýÝõB¨PÀ÷Ïp惺£Ö7Ÿ>Ý<^ÿ¶üñênÙí¥¿_áú¸‘߯~ùÍe°í¯\ÇU8{×qìÍvWAè;aàû¶§¸zºú[7aoÔ|:%¿ÐWN¨<9!ÀÀï P¸Ð¢™ c'ò=ßp]vIC›ªÖôl¶š¿º®Wp;¯é™é:=ä+qw9– -'vE|\¸¡ÁÃfFÇûý¢ÿÁ)û§ó"ÿO:mòª´ð9BŽyj'Œ@Dý%Né@å‚„¾ë¾'¦áê:nð[H/v<БÝI¸Z*äv_š1o€G…*šõç;Yµ£šXvxÈÊQ~×]â‰ú®š¾ýùíòýÏôb¸–œ—ín¥ÔÛXÚZžmg[ëšH0Ôu¸j®S?ç冺’2³Ÿ–Y×{{ÿDŸîÍ'US¥UÁk’5ö!ÐRн@†WÑL€E¸s8ö0¤}dz´…«dDª9¨Ìæ{ð%uÉyµ· PsÛ·Kò²xå¾² ü%lØ#I£ë¶ðÞ"1ON ÚÚì»y”ä‰c‘çl¶Iiù4ûrí–È‚½äEAè-+Öë\²²Ê×TôL«Ý®-ó4ixà%o¶#¥ÝÕ*á)AôΉbüF2DIuä}ªó ï¨pG€Aµ[dú9Oõ Úá´„ð£ËËwTëЂ/ˆƒxÈ€A»ˆÝy]µr)¿£Ã§.‚âþ•:P¾ø\1!À=ãKÑÍI¿¨ó ãn<ŸûC¾KyÁÝ¥Ö™Õ p@Owï .üŽTë|Sj&þ£*uêƬT†rÏò½NóÅÐÄ1ê²1"`[ ´} ]cD Ÿ< ôz_“(wôö²ÍÍfá#gFì3±,à²(Qß퉸¿Äïm~ 6Zç¼K8Ø$çÖËV£ÞKÁš){îÚ[<=]]‹¹¶¤úë6iëFghÑ$m©É4H»‘pö{B;»èÙF {NŠ–W‚­Ëo?„²§8~  -×là-œÏ[Ò["hY¤œ¼¢ËÇkN+Bˆ(‚p¬2£sõ‚ØJZä4xˆæ õŒb£ØQËØÏ—¼Ö(7¶>ad}<}g9;±;£mH× Ã€‰;«5É,6µqGk*è=k †Œ*–ã«(n;/ó&·†7­J<¥MKȢ΢J8j²×ÑŸ@»IM»gkžï¬(³azZ‘ yÀN_·«d‚¥w"ÂEë³N T.;>Õy'ÐQ™Hç ×úpÐÙbƒH<ñ.ÆrêòúÕC/:JùbÈÑ0=•Ápp¤ÈQÕ¸óuϽðjš¸oàczYÛ¡ÅŸè]ÞðL1t®ù|ˆÈÆ0´!¥Œ1¡žŽ—$ËØœ‚ÕubPþ¡‰AYpÕý˜×í =àü¯ýó¯÷`ØŒ —<#Eñ] uDV€ØpƒuÒ<Ë´Ã$/ÁR3©BèÞ?Üß¡˜Î£-ðí2ÚzTÐf©ŒêWUŠ_èQ·E…‘ÞsÒ$ !ÂE.:ª 6˜S+„±ò±¼Æàá`ìJHŠ ÷`D¤zGÚ‰ƒksmsþrùÓmM=l$Ù;UÏb<559’Ä®¿gÔXI߉„? -¨õ×´h3>CÔ§óo`ôeªûÊÆ›ueí³†hèÐ/÷K‹0»/k¥Š×#T´³aHþêyÁíþ}ÃÃÐüé:öæu~~¿#«ˆ]Ÿ>?Ý}þ„­}#wçSº£ñö#ˆdþMÙ†¥óÔP:“°2ur£Ìã»L÷Ž›Ås×l뮹ƒ¸²ÝÙ×ÿ¼£ƒ-M,Òà”¡Ó®û “ݧ:¯D•I®ò3ŽERlª€iWŸªë(W^fÁM°0P :¬ö‡[â“.Ž½È™pá°Ù öØ5cÆ·âÓ@Và_¾5#DÇÆH†bþ £µÅx–Àó‡°ØSÑ‚Xp|1-Ì‘ ”r 1ôùc ¦ô*)`‚Òx3rµÝŠ%I ö×fVjór"ásR…^7ÔÅsó/š÷Ñb.‰å£†r¸ ©—&A²xXæRž¯”X<¿,ßýùê燛»ËUûËÄ»\ʼn¿üîýí5õ¤ôx÷ñöû÷?|º»º”ÑòáýÇ[ê¾»ùþæîæöÝÍåJ¨XÀ÷ÏpâƒïßÿtC­î®>|¸º»üíáÇ‹›·—á~…âF~¿øå7QÀ¶¼ð½0Uñâ^|O¤i°Ø^DqèÅQÚžêâþâ¯nÂÁ¨ùtN~Q¬¼8ˆ’Å +ˆÃ„6+eßócÚJFÂq:)G³R¶T(å®Ïú²ë˼[ýêûA¥§ûQàù~,†“±à¨fx<ˆ(ñR•Äc&6úrúÑr—õ›:Ûò[³Æg¼ìí0shÚ®³Óí³n‰2Ûít]t<à¶Æ_4ô|ÙèšÈ˺ëÛKµÜç½.ÆD?»†H÷]Y?¡l&B]…Òó#?/cÂn[9|—7Dú€ì™F߯铺éùÛÎKܳ.¾…ž4àMÃP¡×Ù¾2tá²äb9‘´ð…â5Pª…wŠ›$õB)C¦-kZ„W ˆAcþÔÑX¾oÛK¡–ºff‹’Þó¾i_/…v[x¸°âb$>PXQf±uÓn³žTŸfalØÇ6ìÒ< Ýåmùˆfºë)bƒ¦÷EºBzAd4‹ÆÚ§5îÐuä«ý1rfEæïa»eS[x„.§ …hzÈ!CGäˆÎ³q4hj¬Ø"$*ñ”ÒófcHuÚl8*\q×´ý‘¥ðCOÅ*9¿ª£šYvd)|å©0MÇë²¥PËO×?¿yx÷3½n %—õ~ûHÆ@Y ¡T½Ó‘ð¨‹q«ËgTqÓ•Õ…ý´.\ïõí=}º3Ÿ4}“7¯ÕfkìCÀæüHEø`èüd‚z§¿A,Ùj 6f ø’ºä²ÙY|©¥íÛfe]½r_݇¤ ¼%lØ#I¯ÁÖOoá-Ë였L›éæQ’'Ž5 Dž³ßdµåÓìËÛ¼—²ªHŒÃÆ#«nöh•Í+>óf»Ý×ežõ<ðRö›‰ò?UÍcÆS‚èOƒ< ¼HúñW@> :rKe¬8À Ù® +ý\æÇ~NKˆ09¿¼£šY„vpô~¥c ÚEêƒÚÈåüŽ†Ÿ`} Š»Wê@ùâó‘ î÷X +7'Al: .€Ž›éd8|îÚr›µeÅÝµÖ…Õ p@÷7ïÈÐGÊ‘JLjovºÍÌú2,»}¾Aåxtô|øËÍ?©êTw™±­ú4µ æÿ\Y™ÓË~Wa›¢ØWùTk&þWSëÕ1NY© åŽ'6äèdWs€6ž©„u…¯´C ˆ}cD„ M GÐûšD¹¥·—Mi6 ™ºÈêd½ ’}'„˘åKfÄ>3Ë.‹ ýˆ‡Kü¾/[2a“uF[†:,á`³’[.R°fÊ[†öOG/ÅR[Rýe“í;ˆªÐ¢IÚR“iþ$¶ dlgÛtÏYµç•fÃœ0’^„á3….oà|ÞÞÎ…9Ê‹"uñébEì¥Q¥¢ƒõAft®A”Zi@‹œ€ÑK=£Ø¨vÔ2öó¥ì4ÊÁO­O˜XŸ @_XÎŽìÎdÒ÷â8bbç!`µ>ûŒ€Å¦6îh ñ ½{!sY +qŸJ’1î˺ìKkxó¦ÆSzÚ²¨³j2Ž¾lävð'>†¼m¿ß±5/·Ö ÔÅ8=mH†<`§ïöÈÞ„–øND¸hwÒ Ä€(Ÿ³N`HuÚ 8*é´z­ÛV«'Dâ‘ð1*Tç×wT3 Œ½@ì)Š1FwT0U™Ô*¤ +—UÙ™ Éúצ"üŠL`]WðÁ ½¬îÐÿÈémÙ»™õšˆ'á`†žH+¡“³¬å%+ +¶§`v½´¬U#‹®n?Ûè?£ } Ûe3Š$|r”¸Hê-Øxƒ•um1šÕ<5KËä±ûñöÅsfhŒ’'’`³!Õi˜9*£óMÓƒÆWúÉèÙªÁo +6©¼XJuž G5ÃÆl +2‰8c>.1jh1T¤‘¡s¶½f0äzKIôŸ«ðÆŒ›Î’'yøéº#rqß쨻ÒϺâÏŒi;öžŠm~AΪé O2ôNðd|ü4ˆÌ,¦vC¸é/yµ/ø¼Qg<çÁ3È„rŒÛÆ¥]cíÁÌì4bˆ³ƒ¬)«^°ÒÞÃö× ˆ®oðï·< ÍŸ.!µÿÛ¤óÓ=þ˜NìúðéþæÓl9¤N|"ì'ô½( ÄÀCû „;ÿ¦”D‚bj,ÈYšœÜhóø¦Ðß¼åfõìšûÎ5·|î·öõ?oé 'K‹48§p¡ <)¯÷CªÓ +ç¨LVv˜–¬²ê©i7ÛîXÝ|Oùò< –h†…‘²ÉØ“`ÚÇ<\˜™qˆ`µå`çi„ck38`׌ŒO xGùòµ±„ˆŒÅòOk¯p?QŽa±«æB,tD©à d^˜(åAöh‹LXŠ2–dN¯² +6AÁ#(ÍG§L.7Ü6<ìÞrklê²ÏÝ®*q²Seàë+6}Hub–ÊH¥îÀÁ­ª¦ùœueq<$!LÄg9pT3,Œ Ñ­ÊdÌÃß)^M°”qêñAF‰Å¡;È–§Çè{ Öè}Œ…~ÚŽÖaÔ) ÝKHÏLè¯lœEÆŸU¯ÛšJIºÜê~Ó‹o06\¥œLL¥Äªàà+rpÔ*ãL +†yzYåBp-z§»~æè’Äó…HþøÑAdà ðrôÉZb›µ V¬±$[Q'ÍJm>PN7BNý` Ò랺xŽhùYó>ö5•Ø1@å]þ!¢Èó5)ž[úUVç’©dµ&é²hM­ßžäèhZÞù6AÚ +ŸI²¼&·K}cÀœZe«yt¿.€z1QÉ`*yVÏ3 SÏ0΀Hqºf¿ÂuâæíNÀVšˆ¤+·e•µ&TÃ雉j¼d\ çæ›hß^eéêmCu`yFö¹ß  L™@ÐBTǾŒ’tzëÐMj +Ãý¸Š›5¦ˆ¬[üµÊô;ÃøÌÍ„- ÄþÊkæ|§ƒÿ÷É¿´‹¤*œøõˆŸÀÁ§Ò2…r‰Ä”ó8Ó©9Ãú\#ñUendstream endobj -925 0 obj << +926 0 obj << /Type /Page -/Contents 926 0 R -/Resources 924 0 R +/Contents 927 0 R +/Resources 925 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 907 0 R -/Annots [ 928 0 R ] +/Parent 908 0 R +/Annots [ 929 0 R ] >> endobj -928 0 obj << +929 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [250.9056 758.4766 324.559 767.8862] +/Rect [250.9056 716.0894 324.559 725.499] /Subtype /Link /A << /S /GoTo /D (statsfile) >> >> endobj -927 0 obj << -/D [925 0 R /XYZ 85.0394 794.5015 null] +928 0 obj << +/D [926 0 R /XYZ 85.0394 794.5015 null] >> endobj 346 0 obj << -/D [925 0 R /XYZ 85.0394 227.5287 null] +/D [926 0 R /XYZ 85.0394 185.1414 null] >> endobj 736 0 obj << -/D [925 0 R /XYZ 85.0394 201.8676 null] +/D [926 0 R /XYZ 85.0394 159.4803 null] >> endobj -924 0 obj << -/Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F57 624 0 R /F58 627 0 R >> +925 0 obj << +/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F57 624 0 R /F58 627 0 R >> /ProcSet [ /PDF /Text ] >> endobj -932 0 obj << -/Length 3418 +933 0 obj << +/Length 3394 /Filter /FlateDecode >> stream -xÚÍ]sã¶ñÝ¿Bo•gŽñE‚—Äwu¦¹4Ž34É-Q‰TEÊ>ç×w» H‰’œô:½ñx¸„–Àb¿°“þäÄ&"ÉT6I3#l,íd¶¾Š'ðÛû+É8Q@ŠúX_Þ_}ñ.Q“Ld‰J&÷‹Þ\NÄÎÉÉýüçi"”¸†âéWß}xwûþÇ»·×©™Þß~÷á:R6ž¾»ýÛ AïïÞ~ûíÛ»ëH:+§_ýõíßïoî规çøòöÃ×4’ÑãĤw7ïnîn>|usýëý7W7÷Ý^úû•±Æüûêç_ãɶýÍU,tæìä^b!³LMÖWÆjaÖaduõÃÕ÷Ý„½_ý§£ü“±PxuÌ@£{ tRØ,³“Ôf"ÑJ{‹k馋bÖ6ב–fšÏfõÇæeõHCmMÏßëªà‘— Cy5GÀNgu5+ªv›·ÏÔ.‹ÃïÖyYµE•* 4uÀÍ[‚J~æ«Ë|³)*ž³¬hµ9Û¤™µÊï¥YÖÛ%¤¦¸Ìö)_½¡×Ú/ˆPñTl_ðc`N_»¤4Â(•Âœ8ղȷíC‘·Q˜‰¿0T gMŸxNàËzS,v«Õ ½Îw[ÏI„=Kˆ f°O{J¦·L{¾B®(PÒf·ÙxYM\Å-GÔ_¥©>Øz½.H7ë=y©xZÕÛ5ïáßyÝx( ¿Í½*üÇjæ)Š§÷aŽy±Èw«–^ʆxa]*Ñ"Mó¢ªGØè%AÛQ©©Ö ¼2™à¸ðˆŒ@oËx‚y™¯v›‘u´΀žZ½iË´Fe62ɲÀbz(èÙlŠY‰{/æ4PV„ÚŽ“b0‰‹<•Åó%Ê‚p¶§ £›rÚiÆñ™ì:‰ƒr6-ÙŒ­yCr -´>/ËÙ’ÈŸå ï -Ÿ5h> -8bÆ»v™¡mË9šï@WõC§ÿ}ÒS˜!5é+ä¡7”K_Æ(«Céß‚ -›˜)@€Ô!Ð=ÿÌé±Î°ÎC$ø® -еœòhfpŸKô.4Šf‹P½ksøîþöÝO“þ{W4Œƒ.Ñã†y:Z›UþĶzàž~‰m̆ K ÚîIÛ Ý×n…Þ4Ak,‘Zÿâi¶ˆl¦D£F¸Ú­êlYÌ~£é¼«ìí)#I!ÏR?•ìèaØû^Ä¿®ttÄÜip ~f×S^ÌÕôî— 4@“íñö ”wU̇JG0¹ZÆžŠC/ÕíÐ’È›ŽŒÁv(€&c÷ï/êÁsÎr¦áaO[K,\­¼ÓÀßF–L -ƪó-²aÄN H’‹ÞBÛÔpcÑÉùL&”íÌ3øÛ V1΋sÅ©$œO°Xòœ€gŽÙÉF LðϦÝ=ì¿Â7±lƒƒ9ƒ"Lè'ìqÐðãn•óW¿(eö”³!üšžsðŠˆÁ¸ â4A4¦Æ ^sÉšœ¤S0ïmé½¼Ði@]ùƒ M±]ÀYJ/@$CϼÓôÄQ¡¤^þPdaDM(>nJ¦–Ö)y½|>/Ù6põšžèÑÐYÜ F„j¨ô}MﹶFtœêéÆ»²òÞEe}•ç4 -Ð(´FÃ\–bÍyô…ž»† :dš -•˜Ë–‘Κ\°ÉâÄ$„p× aw¯A«òÇʱÕ!¨v]üF«óé¨]"ÒL'C¾mò¦¿3fkBp+(4qG—‘{º`8ÐE¿PmâÀÏÿHþÛì9$¤N‰ xl¯ð°¶;„·ð)~v¼‘£«þŽdvL#ŽÒ>" ù°™Á7þ¬À1¿k?#ñèäÇaâ ™Bãæ¦Öuáß«Ì-ê>lºgxoøÜ NyÀ\k…sYˆKÏ(‰Zët¨$8í¿v Ÿ2ó²ÉV!ë‡îGœÁÁ![Åa:šAòh“dbAúJËWå£:…€TÚl˜þ¹¯=ß{’ú.†¹ _ §ŠÂž"«à|K9žìfÅ“³„KQ)ªçhWÎØólÖ±Ô¤EªÑ ,™êôkïÏúB1©áLÿ'` 2ßÈÔüO¸ GV=&«1&«XdqšœÉýŒ2hþA q³rvú‚ZïbH€a†s"žj”y{²>cÞÅ2pç™;˜FÏš—¢á^fDºä:öì9ÆŸrªGħe•ü„¬2 îYVA%²,Õ磅!·FÔê ·út|¾ŠeœÆZ{[ΊØ(yáÄ¿¨\§­°OÇgÌ­$ƒ˜ª±g¸•j»$»p†ŸàÖ+\VŸŒÏ˜Y6ÖØ ß$RH-Ó~àüçyvÎ{ä|*¦íKéÿXHfpr9¬¿ ¦WÏ?ªëcª8 -M ÐÙº¾‰aLÅœâÕmWLÙÇ#û8§Ÿçý—Cß®Qp¶Ø¡ 7}±(ÁÛ׋"W+E*e2ñRK>Ñø ¤¨u¬´¡)Óaùü?ÿ­ˆJÌ,Ž4 |tJëó‹wX#«ëƒÆ‚‹M2\þ“vz¸ãäÌÔaŠ‘a'ij~ë*×ðkQaZ0§šr½[å-ÉÊY.˜VýÐÔ«Â †¿þð´KA¼ýþÇ›»kˆZº–R‚ôØiƉ°*>È‹ª‚ê8˜¯Ô!WéÍG•3&’k½£ÂÕ)¸\i.·‡uF¸Ë ·hgËèqµ+Že«D¢À Ÿ]»ÃY| Û8IÜß 5/¨fæöÄ¢Mcañ2Ѥ0ÌŒÈÖ* Ç4®Ë{Œ’8>6B&¯­­…Y¾k¼Á\bK{59Ç$7ÍÛ¶XoÚ~UÉÑŠ\SJRát6Ô ¢û œÕ;Ì£¡µØ [ór^ý…á%ÕâÂ63êªi·×nº›±Öga„2˜wm8[ÞæÜÔéjÇØÿXpïg@æ¦.ÄXe˜Å8ð…Ï]é·)çÔN Þ0g§˜ó;üžï‹8j/RÙž4å”HUvÁö±NL‡EY¬wÍ2ÂâjÕUÔ,wí¼~®ŽìÎe—%æ<)Ö-ú þçO1ÿðrGãàÖ„ -ùºªŠïÅÇÒ÷«œï‡5¬(Ÿ¸Ÿ¡§?ܾ¿¿¹ûö ½ñ&éå þºæêvˆä5Ò •:5Ôô¼zác“ ­‡}ŒmÙÍ«:¨ÃÒ>Ceg®gEr褡öꨯ뾎ª˜F« >¹uFÅ–/Äå°‹Õ<š­Jì\)–Ò"ÑàAÏÐaP0Ø,L‰„@u@·ÚÒ¤sÌ?ç ¶2„ÁQèˇãoE±aŸ+¹Í+§½=x¤…ïLâ§Oøˆ›æC²wE&§Û3rìùŒÛà„‰XAÊ;ì‹”í’]ý‡) ü…¨ŽÎÿÓÒ6‰;}Áÿö±ÎH;`!¥þÂüGåGª[GxEäPèà/™^ £Ã:&Ä&vk3w@I¬Ì>>˜Æô>‡‰g°iœuGX¤•ä[S†Ü8åZÃ|7ß!É¢5èF‚C$¼.éä6p‚Jlé%§G»Í«”ΆŽÔUÍÝUiRtp‹(1”ÕGÑ‘Fp[Íè8@ýð+ þ“b¼ r=0Xqd¤ÆïŽÞ fôÂä…rzZ‰P@B=€¡4Çšð¶©!Ñ›âÙocáïK½ AjÐãp‘ƒ›T|×b×>Öû²ÁÑþ±QË{ ý´]3Ú1O µNº~ïf‹—T -RÜ‘î„Mý.îŸ}\ÖuÉN›^é´å$oxeU®óU´ådãØÑ¢q$-Ÿ[¿C:&`x´€˜4Pp»aü.]òŠ#ÝõŽt›†‹Ö†ü  GЮm(HØd[5„¾Öö<¬ ·@à ¾ecÍpœ1©`oº|ÇûÌÀ‘ØÁm—5Dã8³Vœ‡i9Lµ - £–!alhœ7¨ýI&!²h8Ü(÷™ ¦›'…xôÖ…>fU<ú:ˆWzmÁ ðÝg¹Z yE÷ÂÎ&£t‡‘Ž¾ÁuxkŠ/ªìïvÝ e!°‡ùƒ7=„Ô±ÕÿÁ…¢x·yDßãÉÅÒök¯Pïï—¬¼:5n9èa…E¢p£Ž]ßµ>&ý? n}ÿendstream +xÚÍ]sãÆíÝ¿Âo•gŽÌ~‘\>^ûêLã4Ž34É-R{©Š”}î¯/°ÀR$EINz3½ñx-Á],¾Xy)àO^Fq§*½LRFBF—óõ…¸|‚w.$ã)èc}ýpñÕM¬.Ó0U|ù°èÍeCa­¼|ÈÅ¡ +¯`1û懻›Û?ß¿¿JÌìáö‡»«@Ebvsû·k‚>Ü¿ÿþû÷÷W´‘œ}ó×÷¸¾§W1ÏñõíÝ·4’ÒãȤ÷×7×÷×wß\_ýþðÝÅõC·—þ~¥Ð¸‘_üú»¸ÌaÛß]ˆP§6º|"”iª.×&Òad´ö#«‹Ÿ.~ì&ì½uŸNñÏD6Œ”‰“*´BM3Y†‰”€“ 4¦{&›I&{,dr^f«Ýf¼W‡Q"’Ëþ„Ëz¤‰euoÙT†Q¤äpÙÛ.ùÕMd{˜6Œãµhe0™LÂT«„qÞȤ˜µË¢ѧ)B0$Ĭ)¶ÏÅ–·WÒΊ¬mè]¶ZÑ‹ÿÔUáÇ*ô&z¥‘Œ¾¦á¼.«§ýÇŒ»ÍªfQlyŠl?5 #£ƒº +òbU9ní2ÐÀA“€uH¦À¤¾DE³UY}„Mj«f/Ër¾¤ÑyVðXà3ž=ÒŠ»§eK/ü÷¯ôˆò›jNßÔÛò©¬²Ömq4Éš¿X– AÌJ0°$Ãì¡{µÌš,/ÝôÀǬªuû~cdÏãÌQZàÔ¼väD µ5=‰»näuò Ø]ÍamÖ<““ûð»uVVmQe€JMíq³– ’ŸN!Xf›MQñœeE«eýše½mÑa¨.³}ÎVïègíD¨¶½²÷íPJÕ)ñ²È¶í#¨gàgšÐ{«CoŽ¸Ä²Þ‹ÝjõJ?óÝÖqa2GsØgˆ{Šg·L{¶B®(ð™Ín³!á5 Yl¼±J=Úz½.ÈUÖ zòRbVÕÛ5ï`¶€’pø}mt P*~™‹l·jéGÙL¸ ë0I,󢪧ÜÓK(!mG%Q˜h­`;ìEð%.é ̘ä òбʃ¥/Êj,}ˆCà]#v °È99‹öïë¬i1¢x$à‡‘)ÇžÁ>ö üR:ßâFû¨Þµƒ™ï~x¸½ù…`2ÁqœCD\?Ï~™UöÌ–:rN¿‰H°(Ñmѹí×n…ÄÄh‹åÓ“£6f9 À\ˆ] -Ѥ®vëG:_ó4s”ý¯e")äWêç’Ý< ;Ï‹˜àuÀ‘Nî‚Ø‚ ÝÔ/ìÞz*˹±šžÀýrægÒ=ÞÞꮊÑ,R*Ld¾äxhQ{.Æ>ª)Ú¡$‘7ÑÏ x÷j0h)Óð¸§R˜zµr.ßMHµt"Tç[dÄ•@:Çg}…ŽãqÀ‰Gç3i¨¢Î8½·Mac­·7ÛÙ›Š}t€Åã<3|ÈN®0I‚{6íîqÿÆÛ8bÌé a2@7a/Â> á§Ý*ã¯~SÊì)ÃlÊá×ôÌÁ'"ã‚ŠÓÁ”/xÍ%krœÌÀ¼·¥ó}ðƒb9uåÂ8@›b»€HJ?€H†^x§É‘@¡¤ + üøCy… …ðšP|Ú”L-­SòzYž—l¸zMOôhh,îÏwj¨ô}Mﹶ&ì8ÕÓ›²rÞE¥}•ç—òàR^†¹,!ÁÊyô•ž»† ¥ 2IB›ó–‘‚ΟZø”&&á „»nì7ÀkЪ쩀09µ:œðl—½Ñê5œ¢’TÇC¾m²¦¿3ekQ¨t$GÑÑeäž.ötÑJ¡§{î%ùo³Oãp:%&V੽Â7pÜëBð>ÅÏ7r°sÕß‘LiÄ1OÂ¤á ›9|ÃG5A»v3Ž~Ü&þxáS¥8bnÚÀÑÜvÉß›Ì-è>lºgxï8îx§<`n…Ö¦>+=¡$&ÔZ'C%Áiÿµk8Êäe“=®|ÖOÜ8ƒƒC¶†ãzAªAèq ‘†µê-Å@:*£tXùs_y:z1÷(ô€¹ô’Nø=Æ&¡ÑZ)o¤”M¾B¦Éà ïŽ?uî26f³R“¨FG°d¢“¬½?ë Å$*L!„÷éÿßX‚Ì72é%òŸ‘Ëp:3I’N×®:."6щ£Ÿ ¥ôª?Ê„!eW9ci)°ο0C€G"žj’{=º¾`îÁ™8šÂiîÅ œS}¢À–š0Ùçrö,ãÏ&YÕ#âó²ê³š3œˆ¢8‰Ï° +|­ŒŒ:/ ¹5¡W§¸Õ£ã V,H‰b©ÌnÓ ùguë„öÈø‚™¥’0Žu†YZ†Êh{&ˆáÖ[\VŒ/ØeÂaUžaD•µI?sþó<;eŽ=r>ÓöÿG2É$cX~ SZG½<­C.SZ®‘!“ÙŽŸ…= ‘ÄFÅỺíê)û”dŸêôOãü¼_ñröÛu +NÖ;†àÀ{¶*¨€Kû‚ñAòêÛg1‡:²út­u¼ÇÖa¹@ö±J<\ähC«´>½x‡5±ºu¬0ñpù[<·CÚÃPkfO©á&¾ëJ×ð¶¨ðdÓ‹¦\ïVÜ%R¾üˆXõcS¯ +'xþöî'h—ƒ:78xûãÏ×÷W¸þr%¥Ä>RŸžh–òYX‡JŒŽFUA¥<²Ôþ¸Ò›ŠgL${§„ ÛE+8-ÛÒqÑz$'Ù¢/ƒ§Õ®8¬ +c%ôÉ…;¤Ã•bàÏEoÔ· ‚™ÝË+6~Œ¥ƒ•ËX“ +À0³ ;Y¨€¤ÇØîàØÛ] q$cDißU˜g»Æé¬Áõµ¤W³\=²³¬m‹õ¦í—”,­È%ô0zÔ%Z°ÅÀ'¢zç€ù`Ôw›aW"/óê/ /©¸WÕ°QWM»½²³Ýœõ=õ{À×ÀœSÃÙ²6ã~NW8ÆÖÇ‚Û>270uN•…YŒ/øÒÕ}›2ç–*ûÁŒÝaÆ¿á}¶¯8àà¢Ã¤ •íqS1ܪ=g+=¬Æâ±è4&ô®Y®ïŽ½ðf¹kóú¥:0ˆÉ6ÍiR:¬ Zô¨øçüÿ€˜PãFk®{iH?³uÑ5oàEñ TGÎú•ï +XÉŠò™úðåO·®ï¿G¼OzUódyÍ‹`ëc9mOãP%V µ=«^9hr¥uÜÈØ–mѼ©:¬íc5Tv&{R,c!-¶WH}[óuJÍ°» ±êÌ•–>Öq5ë°\%.ƒ]¬ò`¾*±qy \J‡±–æ4ÖƒÍBv“dH÷Ú’¸sοdUuç*tÂw?ß¦Ø ´vöp•‚^’â™$RË¡Sââú¾úé×ÅÏ ®¥îosÐïz1¥iÀcº mB2#ýŠ-8}iþà ¡¨©¾x‘ܾԾò»Éð¾Óê„2iK¬Ò+o¶k—Aõ)¯ñù\e(Ò‘ÝN“­Àù(mÞÐuó†¹]Ì•6ÀDJN1 ü_Ç«cÅ0c"_0.!¾Y~Ü" ê¼µg,²‡uÂ"=–“{Ý´^%(›¶œZ$:¦§ è°&(Z$¼÷6$Áe@‘ìEG—GÒ'ÁQâËòcQlØçJîóÊYoiáZ“øé3¥½âf‡§!Ù»!“Ñå¹Ï‰vƒlÎ}ðÀ¨¢É¨1R¶Kvõwþœ4ðn :ÈŽK[ÈPÚ8:#íÖ i{,¤ÔÝ÷ÿ üD…ëàoˆŒ…Á8–É::¬CB¢xd·QjG”øäÊìsd€iLïO09­Å«i­$_š2äÆàL72ÌwÓñŽX´]I0”AÂë’"·Á¤TbK?2z¸k„ :RW5·We¤¢ÑU,¢ÄHPV—ID ÀmE÷~¸¤ÿI¹Þ¹Â&]\ä»} +oPSzxaòB=<­D( ¡ÀtšóMøµ©á˜6ųӭÏq‡üµÞùDÕ뱿ÉÁ]*¾l±kŸê}Ñà`ƒÜ¨»”É µ]3Ù2á`w ßÍo©¤¸í7H›úmÜ?‘ûøò@„™)—gË’o½_¼¿|m’®+wè/!ïÄCŸöD!áFz * éÍ!éÿÉêEendstream endobj -931 0 obj << +932 0 obj << /Type /Page -/Contents 932 0 R -/Resources 930 0 R +/Contents 933 0 R +/Resources 931 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 907 0 R ->> endobj -933 0 obj << -/D [931 0 R /XYZ 56.6929 794.5015 null] +/Parent 908 0 R >> endobj 934 0 obj << -/D [931 0 R /XYZ 56.6929 553.585 null] +/D [932 0 R /XYZ 56.6929 794.5015 null] >> endobj 935 0 obj << -/D [931 0 R /XYZ 56.6929 541.6298 null] +/D [932 0 R /XYZ 56.6929 511.7419 null] >> endobj -930 0 obj << -/Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F58 627 0 R /F56 618 0 R >> +936 0 obj << +/D [932 0 R /XYZ 56.6929 499.7867 null] +>> endobj +931 0 obj << +/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F58 627 0 R /F56 618 0 R >> /ProcSet [ /PDF /Text ] >> endobj 939 0 obj << -/Length 3586 +/Length 3651 /Filter /FlateDecode >> stream -xÚ­]sÛ6òÝ¿Bo•g"Ÿ8÷”&NÏ‹sç¸3½iû@S´Í E*"Ç÷ëo Pü’”»v4#‚Àb±Xì7È ~|auÄd¢&Q‘f\/²Í[<ÂØOÜìЪõãÝÅë÷±X$Q‹xq÷ÐÃe#f-_Ü­[¾ýû›Þ]Ý^®„fË8º\é˜-¼¾yG= =Þ~¼yýÓ/·o.ZÞ]¼¡îÛ«÷W·W7o¯.WÜjó…ÇpdÂûë\Që§Û7>¼¹½üãîç‹«»n/ýýr&q#_.~ûƒ-Ö°íŸ/X$«ÏðÂ"ž$b±¹PZFZIzÊ‹OÿêöFÝÔ9þ)m#-T¼XpK5Ïe1 \[Å"+¡¸¬f¹ Ë›}ÙÛ2_eUºÉ›ñ®yÌ:¡}Ô:¨ -dÇ‘4ÒI¸{*`}¢—õ¶-êŠÚϩ댗û&_SWᇼ@ËH[ÓkZ–õ³oÒc]oRš/qƒÔàŸÒ¯¾'° ßÞ¼ùp…¬¾Ç‘ÆÂy”h-Å»Kn—yV»çè”R:ê¤˯E]¦´ì®èÙ>åÔxwó‰›6­Ö©ÇÒ©¿5M"Aðiùœ¾ø5švWdmùB yõ@$dy3Z„vàš»K»Ü—t´p\~#Äúûº}"©wL‚ç&mÚ|Gíß8ѽ­ÔX¿#‹Œ^öÛuÚæ@ýX[¼HÆ6Ž¸9"ÝÜö¡ŽËm…”Wu[<¼LÄ•‹Èp-O¯ÛAÍ,<Wn¢8‰ãáÊ׸êë÷ÚöAY$´I?‚¼·Gè4‡Yó;ÓŒŽ ŒÒ:HA¡¿‚k¼”€DÜ|¼»~ÿomÒGwØ0B¢ã14yÕRëù)¯<uü§®<­#M¾ûŠ§ŒE@·oŸê]Ñ‚ì‚V8á— Z9~”¹•dr™=¥ƒs (óÉiX0Zœ%‹Ø¨HéŒ& îÔ¸íŸK€_õ'ÌœË/Òõ)ϼÖm`£ÇÔ 6Ç&v@ÍD6:¨34L±!  Å*¶`Ñr"£w`Lô †üA ­·OÝžNC/e -¹&ˆÂﮃģýÁcwÃäÄ8¹“ä‚E‰’v¨þ(ƒù·,ß"%Ró¡:+€íNV ]¬êí‚# {ªÑÔOßPãC0AÊ’¼\ñÖš¬‰›WÓ3­^úË5ôÒm~´)WßH°¡¦eS¯6btxšGFiå5‘¼Näí½aŒÀÕóã*Ÿ€Ë3A›óo۲Ȋvf1e"+˜ñ€°ag¾Wкy a” ì®+´õØr.Ëô؃aÕØ…í}ST3ŒJD6QžÓŒRà…t¡ibG  Žb#µ‡¬êdá|FŒ r{ !Ócâ(AÛ;<ÖŽMšL^ÔyµÞqÝÍJh@,¸ê(<²eÉŒñlÀ¾!*ؤ/Ô@žQë>§g³Í³ƒZøPæ…•Ç:àü"Î@Ïø ipó¢…6ßÀ–qJŠn…ç§"{¢f–6žž¢¥g ²²¥mNQ³1ù€×´u”4›gWl@_Æ$¢ñòº¥ÉÏõ¾\SÓ ´µŽusž¡‘ܽЫ“sn÷»ÊOyÀ3ðÃ+bwˆ¸ð£…_0K}ÐcM A^Ó!wÂEDv›íÒæéh£,IN‡1}¨ãaLå"É<ÛïÜÈØw -ˆ=TrféjfíêIÅ’?bÖ´eñÉ@¢D -{PdçÜ\|˜Š¼90øþeŸ»Ã…&i/t4mCPÞY^u~°"xçT°|Ny.ÊÒ¯Ô‚¸¡ïÂnŠéDü~ øÉs½ûì<&dóAý—}A Ü #ÿ$À«¦Uóì(`Þ×aƒ¶Æ9GÓ(…uƒm'·0tg¦<Ó‚GÇžn§Ð^×Np™³Ž~BI¨Óõ |®\Æӧʓ -Îm,—KrKãØßóQXO­×8xOûÝ`AÒ`³³GtX.ÔÁ1ÂÒKÑ̹ˆÄDR›ÿA´"ŠhnêÖ/Ò>¥n|jÛyg9ª£ô(v½S³Ž ’lcL0ùžëØogKÿŠ~™¼“Özd1³²ç›õòÁÍ©7ôöèÉ…—x )S:D'ht'p„?44'K³§üoÞܵ¢Ý'Ð/_åϧ»Ï==šp¯ <å‰Þï"û¤ip ‘6¾Ç.¹Å~Ú9õ}Ù_òe¾+0+„ãƒlÐÓZéœ(6š–ä±dpFÔë’~|V44\0°Æ,’ès!f­œ¬J¬%ä;—†£HHyöà&gÔ õùmȳ\®»^{Q÷ƒe]Þo݆8ƒLÃG .˜sï»XÜâCÞfO«Çr?çä•òžÞƒÃ>ꄶʞvB}¨ãN¨ƒr:òA:cWíË6Ÿ¤M\éHÆÂœ^¾ƒšY ß`z¥­ÿ)(‡dÆ{xתgŒH¬"3}:ц\B\Cvº° ¬’“pvÙ -èžX®©E9•™)ø0 ë@ôsu”bãó Î é¸ae’™ÌåªÊ) ÷•´çAøÈàjÖ3¸š1¸:‰ Oø÷åÙƒXòÆx¡NYOÙSZWŵóeOP?!6‹Oà¢y pù&ÍÐ#T«@ä…IdÍ øé‹{„äD@ø!ŸñܾéqCǘ:¸2Ž–â~¼\Å|yÿby5-5Ä à·Ô -|¸øâ˼JIP½¶Ûì ®ãõõF,ÞÕ°¥EWóªÚí˪ÁñÂ- -bAJAå©ç´Œ]¾\ -^^ŠÍ¶t¡9ÙyKõ>xúZ*´’Éá+pرŒå¢ÇÞ?w`ÒbEÉÅêPôþsâaW„ƒÄ€çæ„q„å9®Ó¶±ƒBv‚ÅXëÕ¶®Ë‰Hhe²è£ZÆ5]Ô©wš—3 ²9XÞ×ÆAû|‡´úÌÛ9¿LS:îR|æö$Ô–©]Ösé5„íм~çûzN ²æ¨ÏV‚&gê¿}¨ãçÒA…œy… gD6½·Àʳâ4Ô C¯zhat@‘ô)æB~GŒkúéS²ÝKut—ê¨eV—%A¶íb¼å oPªî&„ȧ†p`µo_•Ô šP´<.Ä›HÂuKÈTœÇ…6TsX"ðõÈ”qጕ/8CÏ}Ú¾Žyÿâ‹›¸êÃË|ìŽ&MAÑ+ŒôÙ!˜ucô[Ƀ§ë×Ig -A6‚àŸ)¾(4`ɸ²%LWäMÐ7¡`;"ƒ\Ç5añúHËÑ­‹óàf™fXúpìÖñÑ‚h xƒ .»jÑl\tN¼”ŒTÒù0Œ~µ U"œç… -V\ï7[êFm|«¦1’Gè K êìê‹ÐOFÇjJ‚Ð,Þç1håñÍda4Ǻo±djÇ]¨=œ¢Y¢ÎÝ.„`¡>£ê#œƒ›º‰àl#n¦·ÎçÙ>9S‹€ÎP1Æ5œuF, -Õ挑íA0²ªs~ßÀêObpº äØ'Wî ¦K=èDñpmò|@R¯«–]ßqÏ—Ìzrd”p…œ÷Rï©QåTªõ7ð\Mz_æôrýëûÛápJmº1Þ—éŽÞ»ü‰ô5áÅ£ôŠ‚‚ˆA ¼ÌݤA ÏyÃó2IЯí®þZ¬‡5V-PF«âQMÛ_ûŽ¯É8 –`†Zr‰'Ôªƒ_õ'Ì\˜MðΫ–„A0ƒó죟ÈZ:CÄW/8šdõ"’ÂÌØ~/W:øsMðN¸¢"9 ÌÁÆcÆr’%è \'M 7à§MM긩é æ$xhƒ!‘Rž^½ƒšY~`["m¬ß~{ȯ›lWôt¥~˜ÑCH‘éÿG§ºbA“ 6zJÊü™-Oñ~¯îÅóþYÍÞ™Û$R1ÎK•È3Ògv暤ƒ¢*®»48"6âÜGïŒtx¨™å‡Ò!#®øpù¿F8Æ› ‡¦Ž -ÃI ÷yJ8ü™Oñ~·p`$øiÆc̹ú^ÙàŽýñÙPHi»ËÓv•Qê‘6«f›fÓOQ@õ,Ö¯ú L…$@ÍÐ1üŽMD6†ì`@ˆÏÕ?xXhÓwlÐðW’Êk=>‡–¥‡ ¾á¹I?ç¾Ç œb‡´;ýPK¯YºÛ食1¸ÌwÌú~B‘Äñ~IBà%ë®Äg$XE‰íîÌç¤NÞèïâ:˜!yºžÒ]š­ü ˆ3£ïOZÿ%CH7 d5ô‘t=»›º’pC)½Òùº¦«—ÂH›Þû[·d{¸ý²áˉxùfE‰Ÿ7ùÉe®ýˆ¡‹ è¤Ô[‡ßp¸ò¤Ðã—›ë_=¹/mæ®LüU•‚äÝW ðö˜Wx1A²àvèNýó掞nkð|÷ñ56î…®ÝìòÚƒŠ—É+zúOúTG%´Ž?G”Øsç/GƒûÿˆY#z綳ûyí· ‘a ð0]ªx–ŠÝÜNP -Õ_»'¶J@t¤õ(V¯ò粨º/#û¥ *j~Z•¯_¾ ì¼È\M¯x¬jûYêHͿƺº÷Ÿþ>ùðñ¶‚´ÌZqÜ}X‘˜@òGM"V îW[afHÿ/¢Lendstream +xÚ­]sÛ6òÝ¿Bo•g*Ÿ$8÷”&vÏ‹sç¸3½iû@S”Í E*"W÷ëo Pü•^nb¡…šàAvxàQ˜Xñ>w¤úí6Ð8Ü„€!ŽÄØ[K J0ßãùEËæ%+q¤—¯íè9+³}Òäå3>‡Ëý57ËvÇ^£Aí¿d{‡!/ +z£*‹#Í%ë5 IZÙßuMpM5@—VÈùbzÃâXƒ¬@TZ ËsóRíó1K±LJÄ,9’È›¼*“‚ÖI“ÐJ¥¸PÓ¼Û Ì9„Ø¢i>ä4XÈïL³,xƒL-×Y‘='+JPêeiŸ¿dÝ“¼Ê»ÖßÈãK^“ýl“# òíξ[YL0ád–»l¿©öÛ¤LÝDµ@¸CE.9ünem’CÑ8õ„â°É´rjQVSšãX'`dì΢"¦‚8‚WæÍ®5cvÊšl!ßÙ*-“í„Ñ…œ‚Ðó ´Pô6†Œ¤é³àN,ÖËj‡§Oã×ÄN†ËCmÕ¦r·ä|/Œ X]‡Ç¤(ªW7¤ŸuµMèµp‰¤Yÿ’|q3^ ùöþÍû2JDÆëE„‘ÁI)-wÔôK^ í§Q£ð×jÞÝ$Àº;K +:v[ÃUð:Ÿ¯ÉÑѨ›}ž6è$+7ÄBšÕ"´;Ü_›å¡ £ËSÕ¼8.½ÑÔ 9æÉD‘9k"Ÿ€zAæ)=và²ú¬Þ†L€Ëyµí×ZD–Ôä›ãHW¹"®å,ÑhLµo–QÆaØ#;8 ÀÙdzáAð@síÃz=:¨°õ"èÎÀéI9ý]¸ÿðxwûoÓ¬“g{Ì°ÒºV\ª³²¡ya @ÿ©JDô`ÅœÌ=ºyòµVíeŒá^öµµ <µ\¦/I Ì ÃãT6: +#ƒ³xJH öR¦Åýó‚ÝSñð«î Ç2‹|}¤XD¼AR4äFH›7#Íh¡.ð0ÆFž{¥BCÑÙèëÄB\r#ôC¸Ü¼´Kx:5=9˜âš r·»ö;‡Ý* “#·dO’ ÄJ<˜¼¦Ù9‘Ê;ÕÚ?Ž[]q¾®sô–%œ)¯~üð†ï½óQÖ…dÅÚ«7¦!¥{ßn~“òØ%WÓC»ù%2®®ƒ¸´¤¨«ÕÉA ’†Hµ™âMà<½[e "Ì gBGÞš³?wEžæÍ1F°¨“F±õ]V*èW#ÙI“"åT§]š‘’КNzªÈ‹ LJÓ˱ „˜òz~æ¥ þèsÃÎ8@„‘Ô_Ÿä´‚ v;!×™yŒ®·¬­˜4¹¼Sò×9®ÇI  ?¥ag¶,9€1ÞÓ Ø7ä6“ÄÊŒFOýÖ»,=™…KRpaZYy¨ñDZz"^è@C€w@'4Ù¶ ‚SR´^_òô…†iR;~ò†~!×ÝïÁhë9nVà⦠îÉš¶Žšfâóâ +#°—!‹èE¸¼kèå×êP¬ièÚ+:‹9KÑIîôhõ–›Ã¾t¯lðÌ7n™²DœöY"çn5wÓÄ¥‹°VÞÕ-r«\Äto·é>©_Î&0ã»Rj>ƒéBOaZ(›Cféa_ãF†±S@ê¡â ¤[¨ Ú=Ó“Ê[6 ~Æ­iÃþbkƒ›Í cA97§Ÿ?2{¸±h뿬nj‚rÁŠdð}K‚§ú m ¯¸")5 n»pš²y(NÝoBPü„äµÚrN; §t^tÒù^qÊ(> ˆªIY¿Z˜‹u8 ­qÎÑ5ŠX¡DíBo[„Àê-,Ô™)'4Ñq¦Ý)–•U\f½£{¡ ÔÉúH+ŸJ[ët¹r¬B°@Ëå’ÂÒ)D’—trÆqë,ž“îôµPÖF6)”3fÕwÙ¨lâJ2Ñ<ùj‚~Ͼ±Vú½qH¹oGÕ„ U…LÏÚPë@Šë`ÈÏ!B›x*)g[ÝAû ‰åšFTSE­†i`å™~ͱƒÒA¹:ˆ…ƒw}9\EñDezÕéxÚž úóú¯w¹¶BæßÐy„*êÆp!#MiñWÜ3Hc¯MÌô=˜_)6 Ãó¸è=¸ÜÞÐT+Ï6ŽÆ¥î*]+YÜ$ru ¨h MÙÍÞwÄ¡C¬lGËÖr?\¯B¾|„ÿby3n4Ê ¸„ÚChl@|ñyáGű$¨ÎØîö$;ñÃÝ–/ÞU°§Ew[óª‹Úî˨Þù  T Sº·!+2Ëãµ`Óé!ßî +›˜“—7Ôçƒ_×C…Q<:zá:”¡\t…ûmç% öÓ˜\¬N—LߦMu¸5 ÄpÍøÆî30xÅ5ë[(”'8ŒU¾^íªª¿Œ­Œ]´cÇè¡ÆÔuØ=K(Ë™uí‘?]c´å;Í=ÕU‘5Sa„¦tØÍ£øÄm¥o*Ó¸¨RìâÒ£ÏÚax÷ÎÍu|Á]ž€hΆ,áÅʦÐÌ©8 _/¯°ØÌ!‰HÇ·ص`FÌRoÆäûñJÜĺGÿLÝr!¿"¹ºuSèË“ÎE_Ü^ôAE‘VEAÙ‚ø=Û$/6(¹ÃK“²½ü  +©&Øæ;”e3ˆÆw+Í ñ2²ÃâKªÀ”#c÷„¾ÍšÐ¤ZøÆÊušaæ)©s×À|:º®&Rݧ“vte +¼s§#Ò=a‹`2~A¶o$÷!®Û 虲>~¡ë¢ÐuÅÖÝ4®Tc®}§vÀ"f·VjÂà‘–ý\ÓölwííôÖ*wcü☤{šl‹0OwDçšI‚E`W¼+?ÐÊá›(¿ [u×WÉ6ÇÛ{*+\PŸéK÷ +>MèÂOØúkïV>û‡Ì-ßtØ€gz}Ž‡ºÄÈÛì­0‚C.yácŒ.Ôy7ÛBµÁïOðú£Ì‚n %ö,åjLºùÀâL‡}Úù€¥N V-Û¹ó‘/X t´)RÂöeð½cu A™Q§Ö]@Àï:¯“§"£‡»_oúË ýì’=(ó¡HöôÜ–ÈTo®ö¥3ÔFL‚Ô ÿ˜—ö„“®ùßi3ÃóŠboe»}õ%_Ÿkh``’F…ƒ–¶»ïÞ’Åp +,ÚË¿ ¦Õ‚¯:ð·eC¬Ó¦e†ÜH¿ ³ƒ|¤gfžƒ!¦NZ4*ç{Ä!$˜¡ùJy´à¸bÉCr”ƒƒÇ2eNfžüÓ¼{‘ØSÑ÷Òšq/jJkûÉ58 Yð,õj‚|Ï¡*P?Уߞ{s*©ëtŸwì£ÚLØÔE ÒÁÿÅöÆö +@þ÷6:§`þ–Çx¿ÖäP'x÷¬&ÎC]bc„m^×dÙB_(ºP3ºæ¡¨ loÎèš ¸Æ4G½…š ß×5pÅûäÿ?ª6ÜÄPÕ4}qVÕ&Zª¿Ï9Uóðv<ÆûÕª†¹”¸pì-Ô%6FØ濥ÌB~áSºÐÌ—tÈ~@¹Ï’f•R9”Ô«z—¤ãïbÀ)@IÎòЙèL'B½Òåµ ?{Ó·t0p—£Ê}ï3®3#C?¶€ßmò)s3Vs;Õ©8én£zL“ý>OžÝ½k%xÆ2ôw!©.ïv²$䀒±ör~ÂT›öö~Jý%d‘ÚàHK6Ç×K²OR÷á«„ÒŒ ¿åkÜ7¾þ‰ Ì¢aêÕÞYÐåˆ]Jè‘×mçVšäÉÝ×X’ÍéÎøo8Âå&Ió?´r/U²v—1]©À$ÕÒ8:}€‡Ë¥c…~~¹¿ûÕ±{„m{î3q©ƒ3*Ö6J¿ùòÓ÷õ* +¤1⼿0"Ž> endobj -936 0 obj << -/Type /XObject -/Subtype /Form -/FormType 1 -/PTEX.FileName (/usr/local/share/db2latex/xsl/figures/note.pdf) -/PTEX.PageNumber 1 -/PTEX.InfoDict 948 0 R -/Matrix [1.00000000 0.00000000 0.00000000 1.00000000 0.00000000 0.00000000] -/BBox [0.00000000 0.00000000 27.00000000 27.00000000] -/Resources << -/ProcSet [ /PDF ] -/ExtGState << -/R4 949 0 R ->>>> -/Length 950 0 R -/Filter /FlateDecode ->> -stream -xœeU9²,GôûeË@@Q ‡!é¡%bd(dèúʤ—÷ÿ(žÑ¯ -’$¡T¬)ÿ®ïë¯ãïãÇ_¢ýþÏaíÏc‹®½Ú¿G—=ûÌöÓ1ÄF¬lÖ]töö×ãqu‰Ý¦‹÷5š”<8Ç—ý:\;âúãñ‰üéÆ&ÞЇ h—õ:ÀÀX=&02²oÒCó eD3PMtð1CrZûbœ7³}t€mA£d«·íä'ÐWŠ!è®»½KO(°ƒÔ¤‡tÙKb•^¦Ìì »å*’ÎÕBêFåmY¸™`Uõ´™Õ -¿nÜž í½³`*TûÞ£jg“¾=Ås–A½R?Ô =}³Ú§l -¤Ï’ÃigÙ¥—ÇáC6uéíÛ&”\Ê GTœ„Méêö–KòlÜ’Fyu|?é%åiÈ¥K”êNÊq{vˆ*êèJE¢]8hÍò¤p0R±ˆ$Á(+Á nÖN¬ -qª„Ñ«ò^ÿï>‹«>÷— .13×…Óƒ!¶3¢SËAÕ”ih¥Å¨Š^…(€<Îm䦽ªšÛÆlLÊâ³ò7ÙaÆ´Ëdô 6(WðÚºK -г2"ïE9~  -n*Œ1½÷¨¾x¥Æˆpîâ‹&XîÃœ§³±è\íD¤ßä0}#XŒûž˜‹¸À>#^V°¡|2Îi‰9ÊÎr)`˜¢Xh¡Ò& „hb—H°Œe"Ãêʱ„£~Ï“a³tŒºìZDß!#Z¶ÚÂk! e'jÝ=§ _tsÙ¬ûÍ&­Nå@‚i¬ˆ3t%kÐE„\H–YZxÿ/U¥Ç™åë—Φ@±¯iW H -þrÓGçX5¾ûû8‡´ÕªOª«t–Ô³$Ây°‰—BÒ›ÀÄ5©/¨vp÷o`kA“ôr ±ñœÓ4N.4Žæ&F°ÑTÆG%V½ Î'ÌØR5¬BÔ‹`qUžv-UÍ=ëÆåQv2ë_ ”¿­qq‚~èr¯Ú5ÌJ¼ð˜°h»P¡õ‹kÜàéÚýªå>Ò¸D °o»Îi¸CrT]¿MJ¥ ÆÖ¹’°;¿ö‹ûóZ¼¬ å[Ç-œÁ¤ŸBx¿ýpü|üÈÂendstream -endobj -948 0 obj -<< -/Producer (AFPL Ghostscript 6.50) ->> -endobj -949 0 obj -<< -/Type /ExtGState -/Name /R4 -/TR /Identity -/OPM 1 -/SM 0.02 -/SA true ->> -endobj -950 0 obj -1049 -endobj 941 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [182.6146 670.4177 231.8861 682.4773] +/Rect [182.6146 634.5522 231.8861 646.6118] /Subtype /Link /A << /S /GoTo /D (notify) >> >> endobj 942 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.9497 246.9384 182.6031 256.1538] +/Rect [108.9497 211.0729 182.6031 220.2883] /Subtype /Link /A << /S /GoTo /D (statsfile) >> >> endobj 943 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [293.8042 201.5839 355.0043 213.6435] +/Rect [293.8042 165.7184 355.0043 177.778] /Subtype /Link /A << /S /GoTo /D (server_statement_definition_and_usage) >> >> endobj 944 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [395.8905 201.5839 444.6373 213.6435] +/Rect [395.8905 165.7184 444.6373 177.778] /Subtype /Link /A << /S /GoTo /D (incremental_zone_transfers) >> >> endobj 945 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [309.3157 170.8346 370.5157 182.8942] +/Rect [309.3157 134.9691 370.5157 147.0287] /Subtype /Link /A << /S /GoTo /D (server_statement_definition_and_usage) >> >> endobj 946 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [305.9683 140.0853 367.1684 152.1449] +/Rect [305.9683 104.2198 367.1684 116.2794] /Subtype /Link /A << /S /GoTo /D (server_statement_definition_and_usage) >> >> endobj @@ -3033,1728 +3033,1782 @@ endobj /D [938 0 R /XYZ 85.0394 794.5015 null] >> endobj 937 0 obj << -/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F58 627 0 R /F84 848 0 R /F56 618 0 R /F14 608 0 R >> -/XObject << /Im2 936 0 R >> +/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F58 627 0 R /F84 797 0 R /F56 618 0 R /F14 608 0 R >> +/XObject << /Im1 790 0 R >> /ProcSet [ /PDF /Text ] >> endobj -954 0 obj << -/Length 3752 +951 0 obj << +/Length 3814 /Filter /FlateDecode >> stream -xÚ¥Ërã6òî¯ð-rUÄŸGÇcg'µ3™µ=µ[•ä@KÅ5E*"ióõÛ/€¤D;µû@ Ñ~Cê<„u'A’ëü<Í£ U|¾Ú…ç0öÓ™œ¥CZŽ±~¼?ûá&Ñçy':9¿ßŒÖÊ‚0ËÔùýú×EèàVW¿|¾ùøÓ×ÛË‹4ZÜüåóÅRÇáâæã?¯¹õÓíå§O—·K•ÅjqõË/÷×·<”È?~üü!9ÞXôöúæúöúóÕõÅï÷?Ÿ]ßû³ŒÏ«Bƒùãì×ßÃó5ûç³00yŸ¿@' TžëóÝY› ŽŒqêìîì_~ÁÑ(Mã_gA¬£ä|i¢ ƒý繬‚T)@JãµÜÚðÔŒÜ>ý‡¿"×ÄÙ¸}¶MÛ‰]OÇFÛ˜ ÍòT¬ö¦i¡(XºŸZù üvŽžñ…l[Ü…xûžÒ‚„÷O À"€â¤hza¿iÍÐy¦œÂC'a¸P!wEYyÒkÛÍ®Œ‚5q´ã.D¿^ÔÍaWT±:t‡  ™i0=•Ñ‹\Ê>_¸¸„?övØ:f½— -q39€p":”ô”;ó‡ƒÅÂá^DUÄò ß#ù™Tø¾ØªB>@‚⇠§ºy©fŸÉâÑì‡b´Cœ”ž¥¾kÀc›ð/jÀ#¤·KÀ‰‹nµ]îŠýÞ®—˜Ò œ(iP5›,~—tJÅÄs§i` œñq3WVĪbònY¢€ÜèQÂi2J+È©rlâtññËs$‡ä$<4Iã ºgÌÁBá¡Ñ‰cÈW³,ŸŠ]U¶hB…fŽ¥-žÁnh²- Gu(R `Á#2°Â–D‹ë,‹Çä41›=,,iØe0ê®Ü9r@g6}5gëHDSÚ;YZÜ„D ÿ,ëþ7ÛWÐý]KŤ„ /Íá‰[¬1œáSŸ?OöPÛŠÛ¨8‚-^Z¤Ì­' âÖýÕnêšË(³¥gXg³ðu™ìq7º‘œH‹-RRÐ «•Ýs z¬¦Jâ%ÒƒóÚfõD9@]m5Æ;eQ£IÃUYâPÌçäÉ]ÎÂÉG’’,µÜĸî±&q†§`Iê$Zä]p¨(+.÷9-ˆ®Ìô=ûÏTr7h°N!d/â3ÞˆGgOûþ°oÜ:ÇU\å’éUÓ aX¿ièt&†Æ»–nŒõ¶©óX¸yù½;ûÂu¹ÁÈ€ëjòb„)›wÉñX3ôLìTœâ S2%Hže ³øÌÛwÜä×ȽgEfYD&PtŠŸÚ¾p£1¾¨ˆ‹Ö#¤] -zà6+¶FÁ,]ví,ZQ| ÐÂeŸÏy{âJ_"ê–G -`â ?P"Î!Å®Ž#ãÅ^&X»ƒŸæ­v`L)zƒq9 8¥Æ<é{6ÏBÃXu@‡`ÏÅóµlËÁ·žIç ]·…”ªoyHÈ‘z=BVEµê«¢sp†ò›ô™ùbHŽŠWT©ÓXÔtEÖê39;ÀS‰ü#¿YI .r5¸(&6~×2ð¿ £\~‚Ž»l‹Ibg¤‡"|€¬­,±*dƒYŸ.gWv£€l.|×´ü”k‹ìƒ"ÑòÄ¢ç\¡ýH$¦°±HÌf?bTˆ²è^±wºª4=´Vº dŒéš[þ¡"€ô®_!‰)WèŒûB…[‹íVX³@”–s\x)×”ÿ…fÁñ„3Ðð/#&”WðÐ +ˆF]}ù*+ÔÙÙ]Cy´ÁǶýι€Ó}"g[¸6%9=ö!½6¡à{…T)V‘ßÒ:t†¤uØðZ‡®h.@i½Z*”Áí+Ûq>›AO ørL=VÆzØwªÆ´'¥á$.'zz̼:"™›™ûâø"—r>>†þi9aëÄI"Ž¸$IhÈᡬ9¸&+ -"þ,Bp¤Ž—;ÞïÙÞ¶IÒæ1ýnC¥'óLµuÉŽ·»}s(¥+¡r­ÈþqÉÅknö"2kƒ•dŠ'ªÂœ¥*wotºùT1â ‹žì~]K} üÒ‡Ïww×Wî·"{°HP…0äº.V¯"H%¿Ö|±„lqöÇNZë 9~ÿçN!\AæpDpI*¿[Ù¨h… |ŵ®+#(Ïò^“½GÇ?QsÇByáóÜùD - K”%Éß)WY‚|ÁÌÞjè—øÛ?~W¥É²7 §N38,"D!áQtª TdÒ3¤ÿÆ Hïendstream +xÚ¥]sÛ6òÝ¿Âo§ÌD,ðóÑMœž;MšKœigÚ>ÐdñB‘ªHZqýí@R¢Ü»9ûÀb,û ©ëþÕuœI®óë4‚8Tñõjw^?ÂØWJp–i9Æúþþê»w‰¾Îƒ<ÑÉõýf´V„Y¦®ï׿-’@¯`…pñæçïî~øòéæU-îï~þðj©ãpñîî§[nýðéæýû›O¯–*‹ÕâÍ?o>Þß~â¡DÖøþîÃ[†äü¹°è§Ûw·Ÿn?¼¹}õÇýW·÷þ,ãóªÐàAþ¼úíðz Çþñ* LžÅ×Gè„Ês}½»ŠbÄ‘1R]}¾ú—_p4JSgù§Â@àÕ9#3b`¦‚8Ïãë4΃ÄhC ì¶E‡Š’ÅÑ^©la¹÷hk{(:»Æn¼hjòýpÏßæÀß·?æÆ®XmËÚCM˜-î] ­ü5šnË­/î~åÖïZGÈÑïÞ©hD·Qi ³<ƒÓ"Å5£DcÙˆ‚<ƒ9S„ñÙ™T í#ÇY»ó|'Gˆ/‘‘ÆIUþwTA8Ì$ÈÒ8úoW¸x=>à\/#m‚$†¥—Jyk^À+¸‹–…¶ð׋êX<»ÕÊîá¦_K—xn+È;+I ]ʤò±nxÁup¦*H•J®S•€8êKRËHË1 í¬Ö;,Y¾u•é Œãxzë­=<*ƒL„‹ãÖÖØR°L +^Ö<ðg” Æ*W[nV&xFòȺè +àq”RúñêábÓTUsô«¿ùpóþÖí»&bCG$Ûí·Œ7¶ÚeÝ+´Ê#Âú…60J‹¹Àñ¾ðW©îÅ;­í»aeŠ³ÑÅ© §(Ó3pã\ß´ +B“;¥ÿ=ŒC¾.Xrm7E_uS²3*5˜,äñ3CJ!îÁ»uW¦mX,v2Þ/å–sètzÇcQ›•Óí0;‘Æ‚5µh0Ýïa¨{¿!Ž—5°e¤êbáÁ3½>ËÈŽ4g5ؼzãÁ;î«g†ËJx°SÁÐÂâPWQ˜#…øÍ}K|Cì À_A©Ç©ªÐ(²¢•ÑZÏÏ„`“ÅÿÅ1û/€µÍNFÛ²ë 7žFim罯׶-ÅCe_£O4‹¶GeÓ9\1Í4¢G¡3ˆ•†^Zãõ­ìApš'>§q$ãø§­:8¦¬J7Ák +Lˆhd‰Rå{è*f.¨­ÈDèd`j’Ûf؃Œ¸Ð%&ŽáÛ5ëï×Jÿá™z´ˆxÉ®²Â¾8t`­0¨H’ÅMÕ6(’OM¹fÑHÜ&(‘lˆÑÐß4‡¹£ÈÝez*Ü™rB#"¯k÷–È`¿ç¯3µ8Üì1^ÁÀ%;þ2Q€°oÚ¶1`°ý¶·u+CtUgdho¥gäÊi._TÛTO¢oGè°Õô•¸rRŽcÙZ¯zôݳ<•|WèÖëߪö¢ì'æš]Þ;”*bápÅnO¯CPŒ B34‹8(f›EûµåÖ†§fäîðþWþŠ\7NgãöÙ6m'v=mc‚4ËS±Ú›¦ „¢`ê~nå3ˆãL!›Äw!^à¾ç´ á½Ã°„Ð:€¸=š^ØUNhD|xè$ *äï®(+Ozm»Ò•¨>L²QHHôëÄg»¢ªˆÕ¡;]¨ÈLˀ驈^äF&ðùÂÅ ü±·ÃžèÔ)ë5¸Tˆë„œÉ„;ÑA¢OCÕ¹ÃÁbáp/¢Š*bù…ï‰ü„L*|¶ª ø!èkÝkÙ'²¸OÑ?¢™PdOŸeo…¡S77J?GFÆRE´ˆ;†Ï¶ëÐ2Ñ¡ÝANÌE0:ÑC±¤U&qpª“ù`¥næD! +tÉ£¬ËNˈ©ƒÕ‡(áb› ÜÔ××2Ì›7¤°&NбqÕ¬8010 F4!/ClÈ ˜×”c›–!\);—Š`Œ$‡s׳‘¢‹¶EƒÐ¢Aƒdt¶&QÁѾõãø†Ú¯@X–|x?‰^4f/ŠPžh¦‡ŸeO¥=Ž"Ü‘ ÜtÝí;<¢ŽÙ¨ë„ÃVlíÎ … +£ 5æe©À¤ÓçÆÇ^V/À‘ʆ{»*7Ï"¯3»@Ó™Óƒ]õ‡–>XdvSÈœR¸ø©âòª fã–|íóR6bÀ]z>ˆ"eȼô$Ôgœ¿VÍ£@ćšcèìÀþvV˜>¿Ä( 2•¸Œ`>Ý„HW_¸ •*ñö±XA4Yql¬Ç*95„³,Ò[F&»u‚T»åX1#QLdÖMN*’8ÈÓƒÄ +kd]óµß£Å¦¡¼ ”å[±â brN`Œ‹È9Râ‹g`“ƒžR*”p!qûV8€@?‘‚fŸ!Crœp˜ÂëÏÅFsjȱ‹H…Iv\ñFè<”vIÍ ¿ž$B£ÚHák%mog#%NlÉÓ°ë©‹øO¤’øŸ A zc‡¢âªïVGYZZÓȶ>—ÁIÌw:ºá)¿›1Ï’Tðf>ps/^¥î¸O«8lj —ùC/e?JŸKÈâN0ÊiiÍüH0Çóc^0Â+ƒ£ÚAb¼¹<9O“X(ˆ†Ûl¨3'&Rj!  Ì[Ä}øŽ‚/L)Ž¦ ˆ ǹQ5JYí­ª¹dU—~þD$· Æ‚Ô Ì9:ÎA1›4˜âCÚYPñ3Qyd¾Lávß°[É$óÊ]_Lã™TØ„O·ï¾|¾}0œ-MܺÄ,=ŒsñŒ3—ƪ7$kp;±3- 6'¼òBÏû³°lìÿìsKÁVs81y>Ñì‡b´Cy± !P©6/ÇX—‹À‹s‹nµ]îŠýÞ®—˜Õœ+ÉP8›,~™5CÈÄ}§i` œRr·™+.ң̋ÅEˆr£Gi§É(¹ ×Ê©°‰ÓÅÝǧHÎÉHxh’Ì!@48Θ=‚…"D+ž¢3GµfY>¾ªlÑ„ +˸ µø»] É%U£Hi88€q<#ŒÈÀ:[-nk°/““Älö¶°¼a—Ál®»rçÈÍÙôÕ¬ýFAMiïdiqp€üTÖý7n¶Ï`v-•”Vo€›ÃWn±ÞpžO}þ|µ‡ÚVÜFõlñµÐ"•n=·îß|”᦮¹˜2[àqæEqN _—Áp¦ÉŒ´X$%eåt¸Çʪ$*Q"=8¯mV_)Ó¨«°Æx§,j4i¸*KŠù\‚<¹Ë¹ pò‘¤$K-71º{¬Iœ¡Ç‰X’: ù*ÊŠ‹~B ¢Cc}Ï^4• ì‰S'A‘·«ÉF¬8êü{ºØ÷‡}ãÖ)gñùªé6\~óÒQh­²—ÍÝë²¹óX¸yù}<{Äu¹ÁÈ€pnõb„)›ÉñX3ôLìTœâ;S2%èïÊ'vOçè‰õß½ªD¹KIùÙ$NÅ€€™ò! «¦ p"¦ú!Bj{ä>†q|·±Üü€´+@§e ÖEI/;Y˜Ä&Ai=ó&a9\à”?qU3 ÁxË#0yÐÈ(‘çbWDÇ‘ñâÏ , ûÁÅóV;°ÀøÁ¸œPœ%Àëµ;‰+tˆ]È:[J&¾CÜ.¤çcÒ9ÞA Gc¯o!ë[r¤ÔUQ­úªèœ¡ü}fG¾Ęêùã4ÝžG‘5‡ÒNÎ^sFe«æñ‘Ÿ»¤|¹ò]ÿÑ2ðß Ø\¹‚Ž»l‹ŽbÿS ¿B„o—õ£•%V…lð ëÓåìÊ®s¡†ïR‰–_m±“}P$ZžX´ó‘ «ÑŸˆÄ´x6‰ÙòÆ÷P¢,ú7[ì¯êM­•nÃß ¼æGŽ¨ ½ëgÈÊÐsúãŸÍP¡Ü P-„0ûDi9Ç…c¹¦Ô14 BÜ :4ü£Š å=4ÃÁ +¢Ao>~‘jì쮡” Úà˜Û~çüÆù>‘³.\Öˆ’œÞ ƒªPð½Bª З´=(i6¼Öa‡KškWÚ_¯–"%ûÊv\ +ˆÍ '1 é)ŽŒÞ9c=ì;UcÚ“2ø W"==f^ÌÍÌ}qP’Ë9ßQÿ²œ±uâüG\~%4äˆðPÖ‘ ‡Q!8RÌo‡§poÛ$ßó˜~·¡H”_îEÛÕ2W)OsǽÌåýÕËÊÂMèwüÞJj•ˆ.äÂ6¿«ÃÂ\B¥õ¤V ¬HeN™2<[;RQúƒã‘Ó«mA R!G¤&üC_ƒÉÅ3|βßI„F .ý²ÓÄþsF¾C¿Äÿý«Ïá'±p›,Ó~x–fA”Á"BEç–A~zNú> endobj -955 0 obj << -/D [953 0 R /XYZ 56.6929 794.5015 null] ->> endobj 952 0 obj << -/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F58 627 0 R /F57 624 0 R >> +/D [950 0 R /XYZ 56.6929 794.5015 null] +>> endobj +949 0 obj << +/Font << /F62 634 0 R /F43 600 0 R /F14 608 0 R /F42 597 0 R /F58 627 0 R /F57 624 0 R >> /ProcSet [ /PDF /Text ] >> endobj -958 0 obj << -/Length 3405 +955 0 obj << +/Length 3474 /Filter /FlateDecode >> stream -xÚ­Ërã6òî¯Ð-rÕƒ_GgY§6άí­Ú­$Z¢dÖP¤#RV¼_¿ÝèDR”|Ø­ÔD`£n4ú «™„ÿÔ,„4™%™‘TÑl¹½’³ Ìýt¥gá‘}¬¯>~õ,Y¬ãÙ㺷W*dšªÙãê·ù§¿Ý|{ür½Ð‘œÇâzÅrþãíÝg‚dôóé×»¯·?ýóþæ:±óÇÛ_ï|ÿåë—û/wŸ¾\/T)X¯y‡3 ¾Þþý ~º¿ùå—›ûë?¾úòÎÒ?¯’òçÕoÈÙ -Žýó•&K£Ù>¤PY¦gÛ+Yc<¤ºz¸úGØ°7ë–NÉÏF©ˆ´g cEÓR–BF µEe"6Ú)ÛI){,”òŸûb÷V5›ñq•Ž…”Q{ŠrÀš mz¤•‘"KãdHûá¥X–ë7»™ž‹î¹Øч㊆ÀÛ¦¬7ôÑ>7ûjEã§í¼íò]W¬Â.5ê|ë®ß¨l~»Æ“Ž$c”©Ñ j,“ÑA¬6Mç»|Ù¡ ¼-®ÕœqòzE8í[ÝåïÖ­+v]^2åU³¥1LPˆ¡šõ2‰¶v¨–Û¼%ª&v*Z¹Uðd?6<ñùî|‚—¦n=–EùêŽ µ5[ú¢# .ºC³ûî¼q -²cðªXçûª£×Üi1°\6n§•ÓY·WãN"ý(^ìÛ|ƒžfóœ¸ÉˆÕñü+lpªÞ‰V[¯Ý,€Iå6ÊXFûOS#cH„ì uü(Û Ri*²$ó¤ÖyYMR‘°™J‚ëÉÖ5St¢„ÚVùk1±!øf¥eôäüïê)BFh«'8‡}SРö@’EŸ¨!ÀƒÐÊ7ÔôJGÝx.Öúø]Fr‚c¥µˆ¢4cnv¬¦S¾Ü^ï¶`;5"wÙó)±8‚‹ÊQnêf7y™0&Kúr›&t¤Y€Eš(bg‚Ä-T:ß;3%¯4\›¼¢ásÓvlßøù‘0·¨]@~€gÙ$x<9É·>ʦî¿~¢Ai^Y3b˜Jµâ)ænÛ¬Jläëõ1ŠÖÃ@)И iÊ¡(Fn}$SN‰ ‘8y©œËЊ­–^ÏÐj—YÈàtM ›ô}ssC:1Ìüò/°‚²jAÃuÏo;F¯Z&x™ öËîò=÷Ayg-“¹óßÒ»Mܦ„ÿwCsÎùÃÔÝÃ<üzCŠÁ àô6Éܺ;⇠ØÅ+ü%âSæ!ž{¼Ÿ¤4娘æ±2¦ÞÜRn `( –õªÄeå‘óŽ':‚¸Ì¾sú¤_‹]ËÛWMó}ÿÂÖËéÓÑŸ\楨Ç¢{+9‹»½[Ü|þ|/nî¿]gšô -Áßâ)ÐíÝ#úœ)C£™„t·H¥¡<kÈ;À,•”,øcO­8$÷½ -ÞÓÚ-ê…SAK¦o„Ç$˜§Â8ZñrW>àà™ùø\«’Í -ñ ¶BNT´-:e+Àmç,:#øè§}G‡²}î/IœiÐ qœŒJ—ïÔû#¤X¿ò·k¥Æ÷ÈjV¿ž&V³\îw¼¢©«7Ú´©§¼@Ö×+zÈmbèw‘‡çrù<ŠÈ$ÈaIÄÅÜÂöÜ•]ÞApcPÍ Åª)ÆèNØÃí9U¡í٨ˮõ•(ðÙâÆƉ€„ûrmÓC:_Úx$—*’ŸçJD‰Ê.R H§di'ø‰’˜].iÀc…’&Só£«ȶÈk¸ýõ¾¢™rMpRFôü Àª²í†’ Ø¾tAË paà¯yµç.à£dPªâY}η.w@a2 KÓ€õòTdÕ…d+S!«G¦G9 SŒNlOm&(¥6ôËu|oBCW̺íc_ã±ÝZòÚ)pýx=°$[wW„ãZt4 Ô‚C¨*‚r#Fäp–ì&i¬fÁ*Šjy„²¡§2¸ õL¢ƒ´ÎLÖ(‰m¿Ÿ‚\b…J ˜™y螺8)@ͼ{;òNɶÕÂ&@zàƒ†7rÞ¶%dk™Nß1îÖëöX=óFm[8öûàò.’öH¤‡Í7Ð{ƒÞ§ýdŒB÷6«ÁÂn¿ _­¸ÐoNC(®÷ß -qDêBƒ^\@ 1–«Xx,©Øü”ÉüŒœŽ0/«™îšòJî°‘=›¡ª÷ˆ‡ôÊ'Tñ°À‡0­#Šû8à¬^S"䦚åµÙsfBÐÆãÓÏ å¶ ß„qäm‰Y6œ*j$5í ›ªyrÍžðGþ¸åUÍd½…[ÅÆeC»rµr¶[ŠhÏéÇ5Yœ¸aÎeÆ„ ™ö‹þ k³'8‰Û¢#ÈK¾ëÊå“>÷}¬6Ëé ÷-ó²*]æ¶æÌ¿îoh€("ð‚N&0yš ‘ÕæÒO¶M ùDï,œMø¼¤ª>øô¥º‰S|Ð3ÈÕ„ÂþØ0Mî63Ü÷l>à/ú Nþt_gôBºpNo*Zh3fb"Ê,0tú0á±Þaãt·Ð×<ÌD¢”ñEé=†‹žÏû¼Z´]¾ä&ÐgÖ* "Ù_ˆ=DG0Rø6£/IñÃgø‘ëpt¨è`•»D ì'›]:”Nݪãþ;æîè Òv §ªØ2Wõ‡f*ä›ù“¯Ì`³Õ¾8öR'ì¾ -Rñ-ÿvÿòâx$ÖEéZ°}µC}Hì-d”c½L£-ðVÖç³am•ˆµz'îc˜Ë¥cáíñê‘ÒX›dÑeփؙ@ÞËtÈÅ všD±dpäk&~Ä} £pãIêtX’¼äWC£Pâ%uñ÷©ñ³tmnw§PŠ¹·¤E¤l:Êw¾¡2 {O Ö¼u©ºuE8$XÇ^~Qbn½!ø A!ÛàvO™<=ƹÝ@›yACoÕk1ØÉøÜ‘¡€¾¶°ç´<3‚„Ú@Y -ÁÂuµ"í†3œU$^Ä„G9Gâ‰FN›(I}&œ…º`Üy¤0˜KÉ ê8%‘°Rû><—@’DZ%i_WxõÔ0_ùJ:Š€¬š_•\”áÏžx\‘ËhO…k\•-ÞÒꌑ/›í6”ÍÉ»í…ØLynfø*æ[±ááUÎvªí®D’Õk»O‡ƒŸO!vOõÀ,‡ƒ›ž >5u·kª÷›aa×k`Ú||„úÆ”ôÀìOö_î¨}®1¹£¡"Yú’ .“¶ƒLš&œƒ>br((¨„s©²òÖvÅVP_õá4u°©lÆ=r¦üö~!uø‹þ‚‰˜}²ï0uÖ@šBù‰ ¤©NüœxÞ€õÞý+£Dš$Úgpá"‡'ÏÖ -ÿÎàêk‚üðÙ,&NGô‡ V¡á¦µ‹ =>ÜñL•ƒðËGpk!” ‰fl!†{­d3ÀÅ·Iš…”§Þx†¨~r´ È€E¤õèýÚE›ÔwAa@[âˆ^vÛ)'“¹×Mÿ„4ºÓ÷&£Lž‹ßhwnÃè‰éõšpYó6ñ^i´ÖƽgÚ©> Ä( AÄÏ%ëaé@o‡Ë¼åÖ‡™`æ=|³è8¡"ѧ%$)“lB”Ä™?~¨B] -rYp dÇɘuðkqQ¿6)}^DñFƒÞbÂG~èÙÛ Qh~¿5°,sÇW‰™‰õ0‚Ž:L—^}…þ¼¦9F ü˜4ßí±ÀœzÍæ@<ÿÐútÚýñØŠ8÷ggñoÅ&Üüã{ýŸÿ$íø÷zP8ƒé3µ¥ŒE -™Šg -j£³áà”õÿÃA'endstream +xÚ­]sã¶ñÝ¿Bo•gN8âƒùèÜÙ©3sµ™v’<Ð%qŽ"‘²ãþúîb)QöC;7s ìb±ßœEðOÎÒXD:33›G2žÛ‹h¶†¹/$ã,<ÒbˆõÃãÅç›DÍ2‘%*™=®{¥"JS9{\þ6ÿò÷«o×÷— GóD\.â$šÿp{÷• ýùòËÝÍí¿Þ_]Z3¼ýåŽÀ÷×7×÷×w_®/2%¬W¼Ã™7·ÿ¸¦Ñ÷W?ÿ|uùÇãO×á,ÃóÊHãAþ¼øíh¶„cÿt ¥ñì>"!³LͶ&Ö"6Z{H}ñpñÏ°á`Ö-’Ÿ‰S+“ÌÚˆ4=&¥‰(©-lœ‰D+¤l&¥ì±PÊ˦ëÊbQ6ùS]ŸYšL(™–L‘Xôõ€¾Œ ÊÁŽ¸&Ê •¦ó¯w×_pœÍ»ýós»ëi¢jØäÛr iT<ÿµ©Ë®£ù®ì ¡oñ Ÿoât@X) B~‘à[ÙΘ9+2­RÆù»e)‘# +Oå&);¢’3ÙjEß³¹l=FÓöHdZ(mc“Y+·ÿáp ptjA›’Ër•ïkF©º‰cIc„I“„ynÚ©c1QB'JÍšcáø6“Ôk€õŽzy,¤øç¾Ü½ÕíúD³T"¢(6ïSX¤G§Ô‘ÈÒÄŽi?<—Eµz 3Ý”ý¦Üá‡&®¼­«fMݦÝ×K?•„Ûõù®/—a—†F^5pbtp:Jç·+¾…¡h´ÙHé¯a(”£“ ÎÀø+­:&ÖöLê¹¼”óbAº¥m&ŒI‚n‘߬~"U.?‘æôÄ1hàOÃÃéIÉXóúr·­w>ø~z;Úàyw)ÓyÙ•MÁvu„2Ú¸ÈûrÝÍ É$±Hµ6ÉT“ö©µ°±þP‘ƒgïëñé¼{$$WlÊâû¯¼;u‘Z$iö>å€tJz¤Æ&‰Æ´7x/Údóö¹¯Z¸LÍw…°}‡·„ð|ÂwÓ甆缜*6ù./z´„w¨KŒ“7KÂéÞš>ÿ‹€x«n]¹ëóŠ)/Û- ¹ãŽjX'SaASÇîn›wDU'sÔÎÚ­‚ û¹å pƒ4à<·MçñT”Õ‹;.@VÔné‹Žƒ¦ì_ÛÝwëSr¦Î?^r§cÄ@Q´n§¥ÓV·—ó£pq#«ÚwùuÛ‚¬ˆ›-Þªù lpªØ6‚|'ñz͘Tk© $ÚÚÆë-ÉÊA°‡80ÖØT(ÂÛ*¯ê©@ “É4Ø°.Ï°®ÀÔ2ë}PWCÜ›ØP¡Š&Ùÿ‘ó×|×L‚j”=åÜÉ›îµÜu¬| ¤KY¬ÇÚ7VtHå9-Vúø=Š£ –¥R"Žý±w¬¦SžÜ¥uÞaÁnòˆÚd€Ñß|cµnÚÝäMdBëÌ]#ä±Ç¡(0³I4;$ž(I:ß;3T‰ž¯œ4\—ë¼&ئíz¶oœqá[Ô/"OÀ[°Qð xq6| „ x÷7_œÅŠW6ŒÈSzž*ÉDyóm»¬c«T,V uã0EÛÀ®bÆ29rîGÂM"aµõv“??×Îw(IWEß(Ú×ÆeQðŒº"ÐÕ'ú¾ºº¢f~þXQÙ!aF¡²d~Û3zÝ1Á÷¹`í´Às?reÞkGÖåÕ:òþ÷_©.Âÿ®hÎE˜º{øD€‡_®BA xœÀØÌÀ¡» ~UÙü¢Ÿg]ü¿ÄJrÊŠeV’ù·ÇûI‚S*òŠY«fêÍ/•á²†!`Õ,+ÌV–9ïy¢'ˆË‘à;§OÚùo_·í÷ý3SX,§OoPD÷ò>/e3} Šó¹Û»ÅÕׯ÷âêþÛe¦H½ü-™ÝÞ=¢š²È,E%XdºhDyVÌþƒ«Š¢.øg%O$¢=L’¼ ÞÓÊ-„×(†øTTuÕ¿F‘7~â%œÐ¤ge)8ÜöePœ®iã5C»ª/¯Õ²¤Ù"/<-SÈ™§ò•W”;¼8TjéÓ¦å¾`FÁ&vù +ècŠ©‹h_\NcàÖ«æ{GCǵÎæå_ðt¦¥[ÅSÅÅ›†‰X Æ9ŽžxÁÞ¥iËÁî­n_ièSfZôFÔ™ +/rZŒ£%/wõ6Û³eÅ–…xÊbšäjm;Tʆ +€ÛZö(I“ÌŸö=!¼VÝf¸Ä:ë Úâ81U.¨÷LH±y{Íß.¥”òc£XÊXmQìw¼¢mê7Ú´m¦®«T@ä@1pÁ¯›ªØiä¸>¢j “æ=칫ú¼‡hÇ †£·†èNØãí){áíÙ®«¾óeèðÙJÇhHD Ô¼ï–:C¬óµNÀr $YúiÅ.Eleö>á€5Ay”ŽBeCr3&͵¸®Pëdr`tÁÙ–y:°Ú×4ƒ}„“J`àxÈ VW]?ÞÌåö¹ºfuìâ À_òzÏ;¶\×ÇvT½âi}2¸ªv]?Ÿ¥iÀú„Ý+ +s.D›(‘…k %‡èÀš°ï(ã3â ¨&[úëKû!Þ±,†> ™¥¥,8“ÔØr›äŒ„úÜü­÷x¬¶C:@»ÃKû4m|.ªÅ®S¢® Ê] +‘‹ÀY²Kš¤A ³`%e½Â CšÐt]Ž‚’Ǫ w§=—“kBFá=Æ>K1è£dú£nâÄþz÷vàòq£„±æ¨4ßÍY[× p™féû¶>Ä:oëk`ë\@ÌÎÀ廤=Òéq{.Ã&Ó~2F¡{ëU`k·ß/—Ü èNK(®;ß”.àˆÔ%“GIjˆ6\ødjPu±#Q&Gà`ä.p„©ZÃtW”jrŽ,ûèNÄCÆ5ȱ†¥ÇqHS*¦Tœï+ÊÜTÛ ¼Ö{NVÚz|úóLéîÂ÷iÜyWa¢£4§IMy#ƒÁºnŸ\ H³'ü‘gîxU;eìŽ_(Û0AÚUË¥³mpcŽ¬øèëÃ8qÃœK–AßµR!þýsØvOp R« Ïù®¯Š=æî{PŽvˆÚeO4[¹dnÅÅ@ÓÞØ»…ŒqG“ç²£œCüÉ–§¹µ±ÂÆ‘w/>´RÏ\ÆgïˆOSªDb2ß?pϘ'A1ÄY½O[B~18 g>O©ëO>9yãq=ˆÂ3-•ÈRgÂ4·[Ïhp?0ù€¾àŸšüÉ®Îâ!ŸtQ^ô”Pú˜(0;äæôUÌ#½ÏÃÉ^¡=r\ipÎVJMÖ?šëŸ¯û¼^t}^p{è3ì‹¡áBl/ºøÂw }uŠ\ý@’wt©þ`»T ìÝ[7/œúX‡ýÛ}ÃS,» ôT—[¦âú¡Ï +ygþä‹4Øl¹/mÖ {¨ƒTü;Àè}+$ØeÅO0®&}1c=Hâ-ã(MÆÒ™F[à­jÎgÅJj%æƒH9Ä:)–KÈÂ5.ºÃÕ"fb!Âgñû<¬ &Æï‘/$Q:æb3µ‰Y2XvùÚ €®œ‚¿Gñ±¨¥{9ò‚W¸š…žá º–fc¾4·5½$tkÔk‚D^šô(ïÛAÒ†ª€N=Án2`SWC|hŠ Ð%æ–^50O–>¥·iÈ»p~»w§¶)UÉ¡7d„8®mxië?±a\Oé€âËùš¾¸¾°Ù9=‡ÁÜNqOHA˜p®ÈºÃ!„“EåÅÌøýEU‘{[,¾sŠžêxýD_>Ž u-åi<Ž"±P1x4ZÂhŠ¥ý-9„|–==ªS7]'B¦ÙÑÓµ×ÅoN.Àðç@>®Þe´§Ò¿A.«ojyÆ΋v» tM‚ãV|)ÖS®[¥>™ùæ·•…E 3Õ”—j9hÊOǃaû4ŽW1|i›~×ÖÇ‚°È(’ñ¹'BacÊv`ö‰'‡¯zôî¬0«£¡$IuØÌ¥Ðf”BÓ„óÐLŽ%oô¬¼u}¹Ôc}8ÍLj„Ñ™žI™ ©ÔGICÀ_ LDì“}Çi°*)ä1?±†l#UvÄωë Xpáý¿Œ,ܸM|ê^ÇóªîƼÁnÜÐ"ºðÛÙØLF—áT¼ëÏW}Ö +eùÁo2Hïü$ƒ‘œýbþ¿€¤Ù;y̖¤ö}Òé”öø1Œ%IÇÄÇ5Ÿ’¡ç¦”  =<&Ü1LÅ×ð—ùw½ë!”Mˆsdì"†{Ãd3ÀÅKš…l§Y{†¨dRxW•Ó:~X±Ræ(`¤I}`m‰#zïí¦œK–Š,4%Ž/ãôñIK‡Gä7Ú›Ä)‡?üýÓ¡_A—Ð1o˜Z‰È„Ÿ™8¾'_xM Ò€O€*Ç5°T À7ˆÃ"ïÊs?›Ó°™žüýX~¤ô?ÿ¤îð{C¨»€#u¦8‰‘â«;3…Ç3ñY§rÊúdG¡endstream endobj -957 0 obj << +954 0 obj << /Type /Page -/Contents 958 0 R -/Resources 956 0 R +/Contents 955 0 R +/Resources 953 0 R /MediaBox [0 0 595.2756 841.8898] /Parent 947 0 R -/Annots [ 961 0 R 964 0 R ] +/Annots [ 958 0 R 961 0 R ] +>> endobj +958 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [367.5469 309.3417 428.747 321.2419] +/Subtype /Link +/A << /S /GoTo /D (zone_statement_grammar) >> >> endobj 961 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [367.5469 342.5455 428.747 354.4457] -/Subtype /Link -/A << /S /GoTo /D (zone_statement_grammar) >> ->> endobj -964 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [483.4431 140.0267 539.579 152.0863] +/Rect [483.4431 115.3171 539.579 127.3767] /Subtype /Link /A << /S /GoTo /D (address_match_lists) >> >> endobj -959 0 obj << -/D [957 0 R /XYZ 85.0394 794.5015 null] +956 0 obj << +/D [954 0 R /XYZ 85.0394 794.5015 null] >> endobj 350 0 obj << -/D [957 0 R /XYZ 85.0394 576.6195 null] +/D [954 0 R /XYZ 85.0394 539.0447 null] >> endobj -960 0 obj << -/D [957 0 R /XYZ 85.0394 549.9907 null] +957 0 obj << +/D [954 0 R /XYZ 85.0394 513.59 null] >> endobj 354 0 obj << -/D [957 0 R /XYZ 85.0394 326.4739 null] +/D [954 0 R /XYZ 85.0394 295.1443 null] >> endobj -962 0 obj << -/D [957 0 R /XYZ 85.0394 302.824 null] +959 0 obj << +/D [954 0 R /XYZ 85.0394 272.6685 null] >> endobj 358 0 obj << -/D [957 0 R /XYZ 85.0394 185.8791 null] +/D [954 0 R /XYZ 85.0394 159.1962 null] >> endobj -963 0 obj << -/D [957 0 R /XYZ 85.0394 162.3886 null] +960 0 obj << +/D [954 0 R /XYZ 85.0394 136.8798 null] >> endobj -956 0 obj << -/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F57 624 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -968 0 obj << -/Length 3222 -/Filter /FlateDecode ->> -stream -xÚµ]“Û¶ñý~…úTÝŒ…_8yrœsr™ÚqÎ×éC’J¢,Ž%R©»¨þ÷.° ˆ¤(3IÏãáX.‹ý†ø$|¢S–f"›˜L1p=Ylo’É'˜ûî†Î, ͺXß<Þ|õ6“Œe©H'«-Ëkùäqùó4e‚Ý…dúæÇ÷oï¿ûçÃë[£¦÷?¾¿ LßÞÿã¡ï^¿{÷úávÆ­æÓ7ß¿þðx÷€S)Ñøæþý·8’áãч»·wwïßÜÝþúøÃÍÝcÜKw¿<‘n#¿Ýüük2Y¶¸I˜Ì¬ž<ÃKÂx–‰ÉöFiÉ´’2Œln>Þü vfý§còSÚ2-T -’”ÌÊÌŒK™3Ã9 •°4å6JYJ9`9)ç›Mý<ûíPìÃs.X"U烱Å#ÖÈê²³:ç†%<•ýå?îŠEùK’ˆ¢ù[;}^—‹µ³éºnZÍ÷·ÜN ÷,Kœikl>ã@íQ—e•ÃŽüÔ·ï?âì²i˺j˜Ûê@:"ÓL¤VÀ®Fä2Ø ‹à)'Üm~$67Mí°'3i-ËîåÃ2­…Gœ»€º5q×K(+|¶ëb„5+€HWûw]#, Å$qš6o‹mQµ¯cI¤¤ à"oˆ›²uO9­ŸŠý¾\ú“¸È · 3VÆ…ê(~q]f _CY˜d‰¶2 }Àý -­²ª[:’{…#ŽM,‹U~Ø^ÙÐlOÏ‚Ž¿² ù•×–z±ðªÇÎ\ÙYj5³Bg×±‹uÙ#ÖIéöÅâ°o@¬g)À=¥¯3±F8è¤t×ú©Ò¨2ƒðdJw f¼Äá¹Í?!ªßÓ ÎÀ}±ÆC8|Z#½v]ÒTSìA)‡7.“ &œBx½q+ʾ ´ÄjÒc:Zb,j‰!'blÔÀ2ml‡ixé(`£âÀ0)ÎLfrú¾néËvӊ˲ñ‹”Õ'è¯ã¶”ôM ®*µœ®À»y LJ[¡ep¼­8`‡´ŸÀÈpÀ ¡ÿÙiî ?ha½'Ï 'œ·yø<§¯JZ*ßàùòHÕ`%:@ˆ Ó¿7ýíáQ-òź¸liÑãªã3òµôÌÀ¢Èà–%ø¦=™07ÓÇ0ÓqØ^¥|ÈжÓD -9C 6ÿ¹¥‰ Uñ5‚ÿ‹Í’A¾y…äƒLCEî–cíÒ >QB8»ÂTb†²&c– ݷΰ}´ge¦Ï¥wÊ¢`dWìÒ¶X’ {¼ÍÄ´Fœ¢Êç‹KÜ,P~…ÈÞ«­ŽcrÊ8ãZôs—Qå†} îÀc’hóê$ûõ‹¢u™5¤Û‘-t2™>囃÷E× {AÖÕë\‚)aÿØW&„íÂ1Ðd*Ó'ÛÙÞU ORú¤¤-šÈóˆ/‹úP6£g­—‡)‡ä éòô®P[pé¯Ü¡ƒ‘•ÕÂm,t ºÙAþTÎËMÙÁ;y‡5óÅ¢h„ði‹Llp¬YׇÍa"Ü"•ç²]V&›Äcˆ%V1×"ô‘€äý&G~ -]“h?…[ˆAÅQ9@±10ÀpØ›ƒûÚNcEÞ‚Ësu…Ï ¡×ò#!Æ8اâ~ÙßwuS„AÜî y4ájÔd—º%}2Y5.Bÿ #÷(a\.IØ”OÎ!«^Ò\81íô¦êW7/mÛ|ñ¹ùš²Û¢F içv&²: .²àÜþÓ‡N( -è³.þy$:£êQ±pÉ<²b˜²¢ ‚ÓiÚçå¼d X/° Dégšõy@݇õ·uWÞË¢ÍËÍåŒ\e†©Ä¼Pw±.ç ëäJŸÒYs¬@w S½A -%Â\ç!b0ÑKTʬU}&16šÊ-„Ÿs?˜‚z¶ÑaA©IŽ&&¾zÚlëÚ;7¸‡XRi/™ÕÓ×ðGx5¤øÌ«åàïýR¨œ­R}7ñ‹ª*çÞà“M>/6Åw¤m¦óP©G'¡lÿ2œ“göäDsN{I‰·4ð6Fáç"j”[~]T¡" Dy ê…Ï@‰s »“‰àø²±©ƒžviù„œÅ &­B%Z~ªHËÉe«vž Þa•}=ÒKXܺâ Þ<],œ³Yªú¶‹ÍNÎù””ê§ËÝE—?gycÀ¥Â±«sÂ> -Ë)ÚšÖ{¼¤¡ç%‘sP& 5QuÙèÝýF¨ñÎÍ” …€oœ:¤LÛLÄûï· .PaÝ»Bi•C<²ÄW(íUªC‚ã çSâG¾PÁ »zï!RÑž‰PÏð¨&9ú›ç0zêÝÁKçX|1tÄá9UG}_ -‡°_|Ì)(ÿ¸óG(4§ØE5««‘Ï"nOÐç†Hm¿€´’,µÁÙµùg,Â9ÈŸ¸F¾ÁRÖIÔU|š£” ÕÆô*t¨ðôébT×Õ5Ã:ê@m!TË$aÆ@ýd‚eÖÚñë±Y¤8ë’ôN§ÇŸàœÜlDÃXÙBT2©…«9ä_Èd ø“$ -N½Ç¤÷€/›à ´mÄRt2(»ƒP1è +ŽçúKRu¶ÇÙS:Ö‘…\–KÕ« ¨¾ òà€í6E©v¨„VG\‡z¤ëëdФˆ#!ÃP´axBes˧xûÙ¡eéŠj÷wd £+lIOfôטA½WV‹zKúÞutãïêÐÏEŒûOé¨.ýËõ0ÎýÌÀ1~Qï{@Ù‹71ƒT(±Óœ&bÔ[Ù¨|ã.d -þ Rȉ͘\þé Î:ÏC073`÷qÝ‹i‚à ªã¿ŠÃHð:‡€ÂD³‡—r §•†´=j÷\ú9$ÀSµÿ²ÑAlzFçÜ OÉœ^•À›g7Š†æ·.•*>Ùå{×òÇb*͘|paÒÔ‹ÏÞÑJº“—îr» ÖÛBÑšñµïá%i©4Ô…ˆ,JK‚BbŠˆ­hÁ5‘«w0Šæ¯ÍĵEx¢¢Ÿ+üúÃ=avÞ{Ž\šPÈËÂ&l2ý%ÑI´¯Þ19 Ï{¶ˆ·¨+wØà(þÞ)™>¼}ƒRe²{sZ X†û$Àž+ØIŽ?‰ áªCƒŸblÌBdîò ®n¹ kšK?Ž“š©ñ{øOý§8wúU¡2Lº{ÀÑf„0–) Dˆ)w *=o½€iÊTŒ°þ?1øEýendstream -endobj -967 0 obj << -/Type /Page -/Contents 968 0 R -/Resources 966 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 947 0 R -/Annots [ 970 0 R ] ->> endobj -970 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [369.8158 524.5277 418.5625 536.5873] -/Subtype /Link -/A << /S /GoTo /D (dynamic_update_security) >> ->> endobj -969 0 obj << -/D [967 0 R /XYZ 56.6929 794.5015 null] ->> endobj -362 0 obj << -/D [967 0 R /XYZ 56.6929 355.3526 null] ->> endobj -971 0 obj << -/D [967 0 R /XYZ 56.6929 331.517 null] ->> endobj -966 0 obj << +953 0 obj << /Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F58 627 0 R /F57 624 0 R >> /ProcSet [ /PDF /Text ] >> endobj -975 0 obj << -/Length 2574 -/Filter /FlateDecode ->> -stream -xÚ­YOwÛ8¿çSxO#ï«Xþ—Øž2mÚͼmÚI=‡Ù™9(¶ëU–\ËN&³o¿û%K¶’v·}9ˆAXL8ü‰IjWNO§™áÂLæë3>¹…¹·g"ðÄ-SÜçúqvöü•Çœ•v2[öd¥Œ§©˜Ì¿E¯þqþavq=¥á‘eÓØXýxyõš(Ž>¯Þ_½¹|ûËõù4ÑÑìòý‘¯/Þ\\_\½º˜Æ"5ÖË á‘o.ÿyA£·×çïÞ_Oÿ˜ýtv1ëÎÒ?¯à -òùì·?ødÇþéŒ3åR3¹‡8ÎÉÉúLÅŒVª¥”gÏ~îöfýÒ1û•2“ÊdÄ€ZÐ8f•TÞ€Ùb±Š4Ê›ήœ‹.—pÄÄE»Uƒ”GÍC³Ë×D¬«ò¨«¬!RQÍëõ¦ÌwýüÃ%M4ûͦÞ¬·D½üpgŸ!-‰Võ}~—oÑÆÒíy“¯²»©ˆ -¿ EC_â@éÙ:ð‚"p `‹X挑þ`»U¶£»¢­a[kÖñ&Ì)™zÞs8¹QY4;‰¨^e“mwÅ|_f[ú•'ŽžÝò†&çYEƒ¬ljâºÉ‰Òlòyñ;ç2_ÀI•LÀj4s¿*æ«v}“Ó2H¿.ߢ:íòª -¶[µ| i700…HSÏ?åǦÈ3ÜG=ÕˆÐ;Ù3¢Ð¿·™ÿ.J˜ :Z ¿÷«4’é‚`°È›‚VÁä&Ü%nMÒÎß<I ǽ±wûrW€Óá¸y'4g0r°Éjq]ÅpsÄÜ cY":æz³+ê*hç¯ÓëÔÙ7ùcDtvü3CßF¢MÒ»„)­ÒVñäTŸØrý›>Yõð’Fÿy9æϧ )¸p$¤Òa“œ‹‹›ôÅ‹çJ¾ßáÈ°Ÿt,Mç÷»/ÊËM”WÙM‰ÉuðL V>üÔù(P½[TCŠQDñž‡Ђ!–`î8–`òwnø}±["6EuÛ*ê-æÁ#ì÷sX(0Ä€žU‹N«ƒ’ŽÂ™`>á´÷h¤n8:Ò ™Yp²”ªn }½™pfC‹1¾þ¤©ÁÍépX\ÒŲŸ£S…}¼‘Já‹£u¶›¯ ‚F¿íh–±8šMŒjòåuö)?ŽÀp·8ö‡Äyb€€ðõ·0Ö>†#@#q¿2@ªºÊ¿Æé`—ËV눒¥ðþßqcpÔ~PßhI6rxö™ÜMàa DГaº1“ý¼Ï·Að9ˆC 7¡fN ÝÙPµÇQ½ã(H–uÞT?ìhâSUßñfUsO¼@¬iMFÿ~Þç šã4  Bâ*‹KjzY §ÓcÔà0%M{_^RÜÔûí<9pܱ áp£GÖ†SÙÐ ä¾D#ЃA³÷ôm3îû 8QêÔÀ÷1CV}cäéµÌÈŽ?{ÔÏ aå[ÑŒHïšD–¿éÆÀ€jh%l!Ç×ÅnG¹–VÞ20yôdH„ybÞª$DÓÊ&§6ìzyuþúõI  à ×`”Y.õ×T¸ˆ\£5@ÜIŒû")Á˜?IY* hêØ|r{õëˆù­ÓI8‰Z#•d”Ê&c (¢(*ÎÓ&C\»‚2̘´ÅX#J¨’¤|ÊÓÜÊ'üà™Û¾Héšá{ðxâѸ…˜­×4ÞW›mqW”ù­ÏBJÀ†‘Ï‘»AY#ï‰VLÝ9þ]],â;ï›åÅ@êX"uk „‘sLh— ĆKœNìáR·îì“[Z0·á­1GóÛð~…Œ d/wd€àÀ³ôsÞŽ‘Ë|¾ƒü,äÎùv—A¾W'$γCu°Ì ‡Ohm$‹n•¤-X§äö6! áP,X¢•>øΤuáÞD뛓=œ.2Ì%‰é¯¡ TRâ;÷4®žê ;™õä¤71T/q#«¼~¶¿èåc •f¬ýºÎ„TrF£<&©bV+÷¸,ZÇAV¶+Ž®ëÉ.YöñMu6A0à‹¥À%eJQžsÕstcµ¯‡ Žþn@@¦[]Djš)¡™7ƒ'ŸÁ”®UOoìOz°€'<¿\ËÉëÎ3é©•÷û&ö\&Œ'óJ)àRTzù Ñá]òo’–jX¨ã,Æ~19ñ6€‡©'ZiÈ -]?ÂT0"ÏœJ Ò°¬¯¼p•ú(ÝõÛ=&²œ*î!ÿ¹©±€ÁÑ/¯?g5¸V.Xj´ÆÉìÕlàèV7x¾!‚oÙè•Üûþ‘i;C¾´é€QDÏ6›Ò'N8×v§ !XtAÂñˆGV=¢I.ï‘1ÃC>„ Bs\JâÃ’¤Ø'Á¼—ø’yxa€Ü€¤²PkÒƒo - bã ~‰Äo|ÀW¨«Åw‘€d­ø_NÚ®x DÄž1É—@Dê“.ó=QDrŽn¾?Œô%?#šr‚‘yNçû‘§¡á)@¥óí -j–èÁ¹G‡§a2R¥­=Î^†ä˜JÛäjÞbù%ìWáð‚ÑŠÇ££Áßæ3ß?:†n(LêÆsõ–MË8°õkö$Ôìÿª«-ͦBˆÈßÔ½_®Üé,}›ë|¾Êª¢Y‡ÿ}ëÖ2›ç¡ÊÅ2Ý&Ñ2›S•Åη¡ô—WÅ3uZ ëß&ßÑ , é³u5¨Ÿ}]ï«Àè›ì¸ Î´‹ï¬õò{ú„’TîwMNzÆÃlsY—e}ߥ§ƒ>/¾ ü÷¯ÎðÝÎ'Þ˜rÆ ÀäñR 5þËVà‰{L»BËä# -B6¦˜9Þv 7ýäÎÓéÖj$Àlb†{¿öíÊÊw#dJÕsÝ–õMV)üP#‡0K•tzÒÊí±„ö PBû†ÈÔMõk»®†LÛßP€!tC€võ~vùæW¯a‡ì6oB‚P#}Ðõ¼æ~•Wyh pjˆP¶äÍŠ¨ózó@#òÆö·Ë;—ç¡Ã"¼£RS!MCüøľ $ ÿ£êI9œÕ†~ß‚8Úõƒý~;]}kè’êóšZXRiOÒÊW»ŽG«¼Ü„¡÷døæU³oÍ*hsþä”ê¸ðCŽk£ØP—0ª`‡]¹bþɇŠ_^ÝQê6B*Z GÌJÌ‘Øu꼪Ô)­K Ã_9G\™wo÷7ÿ˜zÀfÀÓ”Êñ PܲTBÙ”BÓëäXóîW×SÕÿ ’úžçendstream -endobj -974 0 obj << -/Type /Page -/Contents 975 0 R -/Resources 973 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 947 0 R ->> endobj -976 0 obj << -/D [974 0 R /XYZ 85.0394 794.5015 null] ->> endobj -366 0 obj << -/D [974 0 R /XYZ 85.0394 532.5775 null] ->> endobj -977 0 obj << -/D [974 0 R /XYZ 85.0394 507.7956 null] ->> endobj -370 0 obj << -/D [974 0 R /XYZ 85.0394 170.1477 null] ->> endobj -737 0 obj << -/D [974 0 R /XYZ 85.0394 148.8279 null] ->> endobj -973 0 obj << -/Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F57 624 0 R /F84 848 0 R /F86 980 0 R >> -/XObject << /Im2 936 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -983 0 obj << -/Length 3570 -/Filter /FlateDecode ->> -stream -xÚÝZÝoã6Ï_‘·:ÀšÇQ"·Ûl/Åuwo›âp×öA±åX¨-¹–½iÎP_–wÀ…L‘#r8󛥮%üÔµME굿Î|"¬Töz±½’×0öí•bšy$š÷©¾¾¿úËûT_{áS^߯zs9!S×÷ËŸf©Ðâf³w?¼¿ûöÇÏoo²dv÷ñÃÍ\[9{÷·[j}ûùí÷ß¿ý|3WΪٻ¿¾ýtû™†Ržãë»ßP§¿3“~¾}ûùöûۛ_î¿»º½o÷Ò߯’7òÛÕO¿Èë%lû»+)Œwöú ¤PÞëëíUb°‰1±gsõÃÕßÛ {£áÕIù))´Y -01=:%¬÷ö:³^¤F› À¼Â=e_ÔÊã2\ lšz^Õ‡rõÌ´ýY­.…ɈvS6QªgeƒÿjöX~)*îâÿ|bÉL‰,ISžæßuUL¬¥Aª>µLÔòC±-ªÃœÖÎÊ­øTn6´Pý¥ØïËeAO‡u1¹WpJñ†–Ëýr³¢i -^9(Ü÷h7õC¾™Ô‚*iwòä´P™µCÈÁì¬xk!ga@¤-<dÇ É -Z>Þß½ÿ'µ·°ƒü1ìžVõž‡uÎĨðFÉÙýš§Z«ü¸a‚²‰¯ðh±Ýž©ÉìBëgi%È;´Y0¡ûþYJ½ÈŠÝ[@¯Ä‰Ç»Q*½Î¤ZfÙADó>9ˆI©PVÛü÷ùaŸWͪêÊm1/«1#ÊJaÝe>˜f‚ÜÕ6UfÈÇ]õP«%ˆÝ%lØŠ¬5øhfû7;VUY=Òð¦®o"]ƒ³ãVÙPk›WÏô涬Ž‡‚» IØzˆëûm9'PexUÙSØÞòU¨PZ2Ðâ’ ššëú¸oHÛÃé@åö¸¥‡/ùæX gÖŽ—ÍŸ{³&ÒŒV¼ˆ¤4Õ"‰\FRŸê<’ZªI$•ËÍ$’’L8%íeNZª V†h‚Q¯Ü—MªE“¢I!:~%$A-ÿw÷ú1ú:êEO& d©YÊ¢ÐoÔŒÁÏ .ÅàR#p)ˆqº ê‚+=‡-Õaëÿ- ™Jê_@VGtXLtÞCÕÇé‹J…R^]ä£%:ed«ô$¤=N> +ÌC8~C«+|ì;)|Þ<ØOê২³(BShµŠí¥:ŠB¾Ò‡’‡lPú?©Ÿ²Y†íÓËhêS‡SKuÞOMâ òäÄ¿ÀJK5ÁËÐQ9aŒ1ÓAÊÈ)#åÀSIÕy*hOÿž -^ žJFlÑ»ÁSIÂÖ bˆGØSI‚Wx‹EÂKÁ£ªd0˜äÏá­¬±¨ýÀzT©Bž^ìË|3ÿíXìŸç{Ö ° Êó2L3±þT&Þ@.5`à‡Mþ%f4òò…“iÝ tï€ÅzY.òÍæ™Æ·4¸Í›CpVÐÝ{_ã#ücö¼  Ý„ÎrEìií2ç«ãöç ¸²È+„ìA \ÏÎÏà ÂÎnóÅšú›clEf¡y¤Ó´rú#Õs×l ùs`(+꣤§Û´+Ò.oæY2ûŠg«ŠÃS½ÿ•òjùT.k:üÉ¡EÜßx8‹%„úM¹ çTÈh!èk¹€vàSƒ8#ÑÂ.–xÌÕ*)€Æ÷¦lFsXÑì¼ÜÓºÛ^ð„(¡2HIÈEÐCΰpŒrlo@M&6±µÀ®–&Q?‚+x>Ýžïé(Ž»VjB¢Ä¡ÀH šà‘`óÁ¡DÒ9qE‘ÙnïRÅ3  ˜]‹ºZ -:»ÞÓÎ`ÛÒg­¢rÒ­AJpΩ$༷Ée§Ò§:ïTZª‘xqoc¢œH_Xi&xmDš€G¬~‡êÑ>‚S»™Cõs©…c9X¸<ÃûhÑ4:I’0hA*nÀz¤~èéÔ½­úa ¨ú@¹‹ãž t¦aWDïp|SŒ÷üP,àyÒ¸FÆ€'Ùlê§bI#èñ?DMøØÀ )D#õ(òBƒ«d8†Ù+Ö#3ËÒÄqOËšÖs¡ÂÈÙ¡„e×¼^Ü5ŽÃ®§ì¶ÏY= àÄ7GŽGœÇªæT¢ó5•ªõmAé5ªUR§Õ²û¹« Îää÷4•÷î.–€—±»KÐݯ jÔ‰‡3U6²Ü¶8Óm:W8¨åMÌbBlCEãã±!r­gB™DòÇ|`–dn$3îÄx)Re_(ûô©Î»“–*H§Ÿ¯êý6?Mµ…¹ÌDK5ÁÅ0SÑ,I‡lü+$ ÊÛ~‹ ØxàqÒ¶X)ᥧšKÈ>`'¼¡–”6Ö¼™Š]&Î'1zs`à &˜(H& dÛÖËÁb¦ìB8é5Ó`ÎÍóM……PÓW”!ÙÁé(·˜†Ù2tF—cÜ)aSwâc­ã°–…$„zâÛëRB ‹ÉR ¨éY„ƒiÅädœšù¡…øt¹lÄT\¡R\O',éêv(›³ú‚¤Xãõ MC¢ ÛB -L}óáêáZ0õ†{Ù Âዢ߻ '¹¤W¢èil9µ' öü'¯D†‰jkß»|ñ+óž7´b8ÍQí;Õd“Q)é”w­²ï uæü¿«›¦|Ø0)d`5ÓËHLâP çÔkQï„TíõGÉ«oë.;ÍfE°ãP/ùêG›ÙC8d süR]…s ´šãnWïá@ʱ •€ «F1=Gnò„ã ÷UÅ5ây›tê «'ñÜ¡K̵9:n¦ézœø‰)²:Ðâa±.øçå(ÜÇjD J´ Jþº-㙶z&„ädB8LLÙ7!$=cBüÝ‚PY:Š”†Fïžh -8Î4‡&‚o¼_„’sÐÿj¬.‚A“KŽÐŠ—ò4ç -“Í‹5äaÙ÷Ô‚5pmsW™ð*¯D’¥ö2 -ûTçQØR Q#ZuZºÑN$‰Q—¹h©&Ø0£Ï]8 ùàB_¿°]팋'Jv«×ᑾ•ŒEìz`Êì Þß³Ó buppâpEWÈŸ—!ÿ„¿ø…‘ØÙÖ¡ÏU¾å‡tðСlìy˾*ßÊŸ•†Ì ¬#ºo=峅ϲ´Œ|UTiù“¨0„Å8‡J È9×a«!:°1ããÊGˆŠ+¦F鉘¡¨ZŠƒ1f(ÕÅ qÌÀúëè(:`Å)¥GÑ¡·¤âè€D!µësÓW"+=%žÊp”¿Vˆb­O!Öiþîà QÇÜ:Q>IDñUND±É—ÄDÔ­”'Õ›ö«ÎœNN°þê#ån½'á"o+ZíL®kà|•%£3òÿ,ÕUÊH¤_¸ŽíS]ð‘‘êä<çÖÅé}™†ó ÝE&Zª¸PÚ#$^ÅÅL ´ÌŬ±-z„ë1ÙV=L—ÕÿnŽÉøŽ}&þ³ËjºbòéKB­ûwŸ¨V\ ú|‘²8±Ü¸Q «âÄâ̪8P5Æ‘…óè°tÁšÖý[O§æ~hàdl˜ :1stC™ ÞíW$à™7Ëôôfê¸Kçh›rÍŠ¯,mçÎf?~ó‰z°ðfXÌÊâ~-}S^uM½2qÚ­ /?QÍxç[>ƒÇ*4~Ü-Ár”‡†M­ˆ$~Ÿ(ÇÆH ®„iƒSCOAa:8ü£Ü™Ú üÇÍ&0}1˜A3B›/h›# K“à k¬¹1Ä¥Ö|‚îåF…rŒ6á:n¿ÊüÎÏZ'‹MÝ̇»#àM8âáw¨H‡m^;^Špg5ÞBwªÍ%$ÚãœùnWä{ê Ÿ8hçE€¹¿j&Ë‹©°*õíW¨›ú©ûd¢2’‰DêqÉW@Lù6ÜXtOx(Ùæ£ÿõwãÝGõI& G8óy€Î ktXÂ'¦p‰;uñüù)ëÿÉ%#endstream -endobj -982 0 obj << -/Type /Page -/Contents 983 0 R -/Resources 981 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 947 0 R ->> endobj -984 0 obj << -/D [982 0 R /XYZ 56.6929 794.5015 null] ->> endobj -981 0 obj << -/Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F57 624 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -987 0 obj << -/Length 3209 -/Filter /FlateDecode ->> -stream -xÚ­Z[sÛ¶~÷¯Ð[å™ÅàcÚ:9î´IŽã>œiû@K´Í‰Dª¢dÅùõÝÅ)A²;=ã —%°Xì~{!ù„ÁŸ83Y¨‰-T®דÙò‚M`îý4Y$ʆT?Ü^|ÿΈI‘F˜Éíý`-—3çøävþûôÇÿ¼ýt{us™ ͦ&¿Ì´aÓ®?üD#ýüøñûë÷¿Ý¼½´jz{ýñ ß\½»º¹úðãÕeÆæð¼+œxàÝõ/WÔzóö×_ßÞ\þyûóÅÕm–áy9“x¿.~ÿ“MæpìŸ/X. §';è°œ…˜,/”–¹VRÆ‘ÅÅç‹ÿö fý£)ùiérí„MPÉ9ƒ¶2«‹ÜH!½7œHÊé·ö’O›Ð¹«êæ›bºY—Mw_­×—ÜM«ù5Óúž[zBL뎺U5«ÿ`LTs¥d ¾Ç~nSnªeÕlè‘®Ú„ d$ ü/\2‘¡ážÑÀ²‘uív=‹Ï ÏhY.á™ûvM”‹íù îÞàƒ“LZ‘;:–qžZ ÿÌÝØ“\Ogeƒ  ö ¤PÏçUúa¾¤î*ðöTW»@°&‚8óÍK gîÊ…â›ÏDT7³ÅvîÅŽÃeJ ®WüS‰ðœ £Â3û+ €Âj励võæ±nHÑÓW£ln5‹bö'>ÞY(¸>¹a¯»:£#s^>Éu˜-L º[´³/ÄÛGߘµ ªÞÃv]nê6ÌâÈ¢ÊL•åLŠX¦rÅAe’Ј²!YVš"Õ‰ëÉžÌ!ܘÜñ=U‚‘‘‰Ãm[%8¹òéÊeh•]â6´É¹(ø?R/csç” Ï¼¡Õ«¯³jµ¡6)½¿¦°`X D¡˜벚SwÛþ@óúÓ“9yyÆJÀY¦Ï_ÞêôåõTxr±ÉN`|{p|íÎó‰|ŒïàHrÌÈ[k‘¡jÝ€ñb×ì/ÇO"sÈ嬢>¢3þzÃ@rYÔÝ…ì©š„nsc¬û§cd|侬]`º™§À`½PÑè·]•¡´ s…Ôc@z5öKÛƒIÔ ¼Ì‘úDOh„Ë•,Š×øié|ØáÒ~šºÉÜÀb§×¢ç¬šñ‰ñRYä.ÓJå|u饂ة_Áô 4:<ö‡`´Qœ®¥ˆ‚ùx™>½…ÿbzu$XK -PV~Ãj¯«“¿&ÐQ覧´ýa÷Bðß_/Å䧎4ž*®œ —öçrjhŽèpP€ýZKfp-Øôùþµ[ìðé¼¥Á¦ÝÐÀ®îiˆ4†¼Ý &Lƒñà$(à¨Ô¥°ZeÐ+¢+ß…U@Iç ºÇv» g$zg§acEŽÊN -\Àîð°WjlDÅ‹„‹\hA¶\­Öí -¸†0¡†C- ‚P‚¬ xäÅù-MD6±íe…yµªš0¸]µ Ù_¿U`›¢ì‡j³!@¶ÃÿÓt(½]8„»+gxˆ/ÔC!ú_ï~ žxÝm¨³®î×^vþÚú[@ñòM V€JÒÈÉÀ$þ‘I+¢gûÈúßA@&Š'A×r)%?ã“Àx‘3 xÖ%*yÎ%¥b -x BêOz¥@” ©^É™ÜX+Ǽ W– ½v÷^ {C¯$,§œÁÆp @#z%l§½s9ç}\Z Ü;Œ‚”{&ÏxÚ3PZfž‰¬B"C‚¥ÆÆ|&F8d4‚yÄ|É3ŘEY zî^l†T§µ¨§:F óÁ ^=#ç™é©ÜŒ©}SŽ#v~ëP\ WŒT -Ç÷*“{•êhº k9b™öžg0)éÂ’}¤ フf7”ŸÂÔ¼º/·‹Mx -àëXC2° ùÔXš6qé¬qu©…ó­Á=…p·Áñ`GÍÒ;r&s+Š˜F=W]j/ qŒŠ40Í(õÕÃbˆ‹IÒréÑ]½¨7Ï@ÊO+¡8˜”p@uF #ÉkSß?ŸR;Ö‚yÿÙí{ªöç\ApzžÃ¬FæR›˜ Í+PÉeÝ ÒaEc÷XÏ0Î`z -Éh¹ ÑQSå|Nz×uo0§wä ‘´]azZ.Ðscÿ·Ÿ>Ñ3«v½ Ä»z¾«‚oFMв8 -)pUCþ;ï×¥±Óo¯ßýF—ÀGùPu`&ÆÈP•Á‰Ÿr‹>ÚO­VU¹¦6&Û¸&EV¸Í¢|ŠÍjý„&jÕô»Tb)M™e.K€ûuJ±’%¤8¨ ƒ·VúÀìf‹rKUÀ/ÕÀæSn²he{ù·»ŒT!Á‹'lˆi/,iIKZ°Í°¤…]*iéâDÝ„K;ô¦ìuj(rQÆÕ,<›¯fA#T³2½¯[á ¯[a#ê „þ¹€]Ç1Ý°š% –õåÞJêŽkV8ñýx‚Ê\8ŠYHƒÅ,³°›*f -( xµ(´è€¡Ø}Ü -VâTÁª¹ÒœŸ/4y5c -’ß‘š½¢rõª -Øÿ»r%µÌ{©r5¤: Ï=ÕÑ]¤âK0 Š³ôT F¾Ë€£tÜyø¥þR%˹uîµ:Ð/$צ‚0·E]í]¯ÿ hàÛ1c´ÖlÆ´X™ -Kí!66pÃ!¯Âº†´„Ⱦpà&Ç Y¸ê2”¿¼?ÀÆ'ðÔúBd˜˜R -PSÉ¡ØS[ϳ'•mç« ýG -W!•–²/§ƒ_ˆï­áQ¶aYóŠe£~ûÈÊ ¯àF -Šìi ½§š -$è¦Â¡!:84hG?»y,ÃäqÌg±81 # ›òÂùz'üBÆþ ®gǺú¡! ->ÎV`6rS¼.Þ‹'ž}¨Ç“q¬¯RËýy»°©Äé Ì5å2²sïçÚ%MÌÛ6<¬Öûûž âá¹P‹1Ïš¤F3%ý삈\— 8¢‚« à†Ég\ÑødÝŸ`þ&§·>¸Þ/i{xpÌCLÛmh *Ód·=Ž3.BÜ3:-¼žÒ¾Z³«BH»£rF°WjÚÚzX›”᳤ÁÁà?‚3-7}©ûsTN|7YÅzYÿ²NZàP¥_Fd~h‹`FMo‹¢€@¬yôqkh(¥Z0Lq4îÂ* d*¼æ“ÓÏ{m‚™§r±í“/ì`ÈET„Ѿr¤N”EJéXÂ-1àИé;ÿ¶ ¬±úZ.W‹êM2ü’9×}ÊߧR)ƒÁR 4è% ìuö á6´êDV†H4•º‰\Ú"怜YiwB¥¢M|Éb´éCyX¶‡T씃SÓQñýîMàî¡~(ïž7UÒA.A4;xß¹mÂ=&˜Â×|¼¯‡Ð%€ÖÄI=x–º]å_‡´FÂÛe šöµ^n—Ô)ŸÊzQÞ-Â\¹l·Í&Å2ĵeõymÈ–SyƒÊ çô¾pÓì„FcehíÊ@V‡ê§T*×FDÊÿ=V1TÛÃème 6å:˜Û®ªƒ‡æU7[׫}¸—Ô!˜€´µ!»úÛQÂŒq“³NøÒ¹Ó¾¦–)P`§*™ýŠÙpÉãèrd¸»ß8†©X"p,}†Xst -&”avt -š\?„— 7ƒð²§Oð8R£uqÿÏÕl/x“ó£‚3 ¶àªqsâöT/ðp¼ò¥Óç˜eI­õÉ¥íCÌ ŸcÈP:ðz«ü;‡0ºw$ø¡EDshC'>IÐwXï?Ãðà ýA³a”šB>íøÜFº= ô&v°ºàÄtÞ6ß!|aµ]Q€‚ã_ [Èá×;'¤ó0çD(=¸ð[¦§›°€2|‹ö,R\yØ„Á]¹nèë -ìPqÅqÂu‡ß¯t[ìØì—8ζ ŒÇ·Õ\0±ëâ l´üSŸ€6@¨ýÂ{¢3"ïªÚu•‚9“ö_œÙ¶':Þwä…ÁÏ‘Æ÷ŸìAáY‰¸FARLu‡/þçÛå*@äí ç£D=˜h;ŽobÌ‹ŽA½©>ÌO}¯%uŽY%$ÃúW®ÿú[®ý‡nàW¥s'òaÉTD )d\‡œ÷}³þ7XKĺendstream -endobj -986 0 obj << -/Type /Page -/Contents 987 0 R -/Resources 985 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 992 0 R -/Annots [ 991 0 R ] ->> endobj -991 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [389.4645 148.047 438.2112 160.1067] -/Subtype /Link -/A << /S /GoTo /D (configuration_file_elements) >> ->> endobj -988 0 obj << -/D [986 0 R /XYZ 85.0394 794.5015 null] ->> endobj -374 0 obj << -/D [986 0 R /XYZ 85.0394 332.07 null] ->> endobj -989 0 obj << -/D [986 0 R /XYZ 85.0394 307.6688 null] ->> endobj -378 0 obj << -/D [986 0 R /XYZ 85.0394 231.2958 null] ->> endobj -990 0 obj << -/D [986 0 R /XYZ 85.0394 204.4238 null] ->> endobj -985 0 obj << -/Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F84 848 0 R /F86 980 0 R /F57 624 0 R >> -/XObject << /Im2 936 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -995 0 obj << -/Length 3216 -/Filter /FlateDecode ->> -stream -xÚ¥]sã¶ñÝ¿Bo•g" œ>].¾Ô™ä’úÔö!ÉDQ{©ˆ”}ê¯ï.vÁ‰’{Óñx¸À.ö É™€?9Óq§a:KÒ(ÐBêY¶»³gûáN2ÎÂ#-†Xß-ï¾ý‡³4Hã0ž-7ƒµL Œ‘³åú·y„Á=¬ æïùøáñ‡<½»O¢ùòñ—÷‹P‹ù‡ÇŸúáéÝÏ?¿{º_H£åüýßÞýº|x¢¡˜×øîñã÷Ô“ÒçÊ¢Ož>¾¸ÿcùãÝòãeȯ -ùóî·?Äl lÿx'•={…†dš†³Ý]¤U #¥|Oy÷éîïÝ‚ƒQ7uêü"mFñl¡¢ÀÀþÓ§,ƒDJ@JtÄ*TÝ)G“§ì±ð”׶µMñŸüœÝTI¬’ÙpÉ‹=ÒÄÆj°1H5‰´o¼Üæpâ©œïì—bwÜQÃîêcÕ\oð+‰ŒšïêÉàÖÏoòÃK~ðkñè±ÉAð‘ -û}ÖùÆK^»háo?èd@§RÀOšh`Î Opˆ#†"˜HIÆs)Ø,2Kà 1 é )ƒTëС;^ô|k÷ÒÌ×Ô*‹]ÑXWôíùŠŒk`Í>;æ"=ÜPÆp’žÛ¶Íwû{8ª†±j(Ë:³-O®]ðÞù—,oxVÝíÁ|‰1?ŽôoîJ$žŽØoQ3ñüµ(K‚6¶(¶™¿n‹lK½,¸˜)ˆçíñÀP™Û^µ[¾g3ž+»*=BMß}~ØÔ‡5¾ÿø©ŸUdpv#.¤WG'æ¹/ÒÊç¸^¨8œ×{baßw !æå‰Ú v›c‰°š[ƱôyµŒƒç‰_wnEõL-ÇšCg ¢zñkÚ`¢=ˆ³'DÃǸ U:_QÉÚ}ãyf+p±œ@Ú!wœ€}°Eÿ†#¶D>b4§”†Ø^rŽÅ{ýÆE·–!g/ -õ²füuj‚ôœhŒ0@‰Qß'Ø<ÕG@)hYƒúªå(‡¿/v9å¾ÎÇ@§SnèëŒú˜è]ΦŽT&ˆÛ££º\°Ý Q©÷àê™Í¶ù»Ü3Ç’@¤P2et[­'Ö”&H#˜E8‡<;šâ%_°Ï1*0R«±vge‘Wm3±£ -¥MÄ«‘Ž7 -‹ -dj×ÁE$äpë$ˆô[1iˆu=&uXHÅïB„eÞœï›hH! zÜÜ×#Mì;dÛˆ 2*ïK¡B%ƒê¸[9_°Søz -]£õÓ:¯ä–p -lÀÏ¿ð0˜LEPVW 5rU ÎCJ9w*®{"úxéx•¨ ÂøKÂ;VNÛóõ„˜5F6£ºˆuM¤a™¼%ÒÖ ‘z,ç‰Z›}žÌ3’ †˜y{g4±óI) –B·¦}î¥ -Î ì¤ -_G$ãz Ëǽ|ÝbÇš¼% ¤U £¢¾Ö¯àüè_x"ÐqÈÁã‚­4ǽnË{pð¥MòŠ#wæâ# U›*ˆ('jƒ7Ÿ“҅жõ0ìW)Â0øáLü®•Á%§ Ä›F5ĺnT–'Å—ãzQÖÏ‹)“ÔF*Šn“ÑaMÐ121e‚H‚⎡ÔW¥ªO’RN’°oÕÔeÞæ…œ5Ž\ê1¶Y–ï['4lUk~®8ã¯è*‡8†:²z·q¬Š²h;_š€ï]rZ„÷P#Ïq¦õÒ¤” ”‡Aûß`/ IWö Œîü0'ŸE-ëØCiY¥6Ç*ãÜØÅYúöWTsU—"#ƒ(Õém]b]×¥ë—çj$ôx¤ ΕH@ðSð)wþ‚¥Oç¯U—Jb7é¹ÅÛBL85(6Ӭ߅眠ïMD"G¬ÐàáyFÀÓ€©ÿ ®.×%®XÒHZ„Nù‚£16ß>Yô çkQ:Šq¿Ð‰˜ÿk›3)䋯ŸHaïSJ+#ëÙ;ã¬1›E±éˆ— ÙçYK9ÓÕÚ ïSì Þ1–»Ü §Õå:oZšÑlÕØÌGE+¡÷„Cƒî—­rZÁÛz^!s`âÆGÎeW¿äë¯àR@Þ¦ö¿f^á[™W)‹Œ”~ðX7 ÛcáŽÛºiÙ´E‡Ñ,Àª.l;ÍMbs›ˆk‚Š‘uG˜49&ã±¢J;9ðÚæJx{mi…oùÑ°2¤ú4<¸$9Þb!y(2êÄúPtKÖô]å´Øgˆ8®„Î?Ö-©y Z®Ïµ¼ØíË|k¹+ᤳN¯ÊT¸ýA‚~[¦C¬ë2í°Æ—¾ÁÅnì­!„™PÞ&¡Ãš aì¯ã@Å*1•WË^Lü†ËÖVy}l‹l™ ¤²®?÷Í(Ó’£¤ŒkHõå@¡a1ÒŒ|•om‰d®'‚ â3Cù Ål˜¡Ñ›+õA©RÈy¤¿,c^=að¥RDƒâ çß噥Z,N ¡Á9¸d²£Ž†aFC¥Á-Ô±*Ú!W]m³¬MÓŒŒ!UÒLä½ -]8Õ!ñ”•¤+.v‡‚ÚŸ‹²^Ú¼AsUÚÏKæ/¶<ú%6Ô5]‘sF_T,®W%’ª0U%h+wï½è^]hÜسâö:Ïè\-•Ê)>Š0†{Q¬ÎŒÝHãu¬Ý²>²G^)µ¼fíp‹”1oXû놵{,'©lÕÎD‰íÍÍ;¬‰ÝÇ÷gÄ&Ñãí—¾è:pÇñÀÇìŽãs;‡žN™^¾ÿ•;ëªÊ}h§²®mGÞdTàíkÇtUX– ¾%ù<m"ÝÛò„Ê$HánùVì“8˜ Ü”üëºä;¬ézáHø!zcH£oîßaM0â5Lƒ$4ñ˜ºôGfŒG}œí#‚¯Qø³ÈÈPuÊÙ#_€žót9NÑË$Š²=èsž|h ‰'¯¼ŠÓÈÒ†F,¾´ÃtürMK÷}IÕpÛÈnƒRÚ0–\ý}µk¬û©–b}Ÿ´Ô-Hž¾[0cËK¹d¾ù—}á+ØÞsFjÛc÷ª0‘·68= ½Õ„þ),$"ñ½‡ZŽtøV5ãá«N¾¦tWJÉB÷@ÇŒ«¾¸&{B€À¨qÑb_ò6/EþŠá “ñÞ¼ÝïKJ½Ü²{{°­{"qÄväO>Y°401tš_¾ç„ßýƒjÂ¥Rìï¬Ó¡²•F__*E}”ø>`+ªx í+P]È;û²4ö$Ëg‰ MÕšzçWb4b›üxa™ª³ZEUr½ñÕY'I§FËåOÀz¥ºê®dš@"oÞ¨! ±®»«Ëª²ð¼ZüyÌ5˜|îM -:¬ ÆY©¦êˆvXX€DB&jàZˆaßnC1=n¯?èÜ\ -€]Q±Ë£â:Ï}ÜŒZ -WŠC•—7Çý¾>¸r'³>C ÅÅs°‹ix9æëwë21l…a„~‹½Òú„4į’ÙýBV[R®’Ƕõ+;[rA˜±û LKZ¦‚ïÒ†3*È$Ýù­©¯¨¦œ’ç>„ ©Ù[W[ðÕò'6\p®€»eÂVþá•FVy7ooz‘“ì=àë3—,ü}f£ –ôvèT»H1Aä¥Ý†LLQÒÌ„3rïžëɪ;DÕTÄÉtÑ]rÑý×üPÔkw#E#uù£mø‰áËÓD7×ìÔ¤A¨ä·ÇÒu+õHôH®lQðþ—V -á® ·öï. Pg7&‰ïC -œÙEŠÞãñÙù@M’ B}iÛzàÔÖC|ÅðOˆváµw¸‘¿½Dîá;ÛúÕ!†Ÿ¦ÊÀA"äëÀÝÁù‡ÖÈä¬^08ÔóÚ\Š¿ò '8—#§6 WžT2È[±ál¾± ï•9}j +L ¯mO®Gº²(Ü}ÃñºT'ä_®­#ô×ùœójgŒðßзª»ëù@íý¹_âë îø”\û©8xü}Ô„þÁ?úÿý3¬þ7jQ€³»ò¶&_Œ•' -䲶¬¥=ÇûØéÿDʬendstream -endobj -994 0 obj << -/Type /Page -/Contents 995 0 R -/Resources 993 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 992 0 R -/Annots [ 998 0 R ] ->> endobj -998 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [329.7108 477.6902 386.7943 489.7498] -/Subtype /Link -/A << /S /GoTo /D (journal) >> ->> endobj -996 0 obj << -/D [994 0 R /XYZ 56.6929 794.5015 null] ->> endobj -382 0 obj << -/D [994 0 R /XYZ 56.6929 607.7231 null] ->> endobj -997 0 obj << -/D [994 0 R /XYZ 56.6929 584.5979 null] ->> endobj -386 0 obj << -/D [994 0 R /XYZ 56.6929 145.2693 null] ->> endobj -999 0 obj << -/D [994 0 R /XYZ 56.6929 119.4941 null] ->> endobj -993 0 obj << -/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F57 624 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1002 0 obj << -/Length 2505 -/Filter /FlateDecode ->> -stream -xÚ­Y_sÛ8ϧð½)3•Ê¿’8}ÊvÓ^vnÓ»\îiw›Ž5•¥ÔRšfwî»@2eËioÚé¤"AÈ@€æ ÿø¢Ô“F- -£2͸^,·glqcïϸçISsýt{öú].&3¹È·ëHV™±²ä‹ÛÕoÉÛ¿_üóöòæ<š%yvžêœ%?]]ÿLCŸ·®ß]½ÿÏÍÅy¡’Û«×D¾¹|wysyýöò<å¥æ0_x '&¼»úÇ%µÞß\üúëÅÍù·¿œ]ÞŽ¶Äör&ÑOg¿ýÁ+0û—3–ISêÅtXÆ‹í™Ò2ÓJÊ@iÎþ}ö¯Q`4ê¦ÎíŸÒe¦…Ê©V™Ê >¿Ë,cv--´¤Rã.«Ù]\¸Ë[í†;[ iÝv÷¹j çyžÉR–‹Xú‘#׌2R‚<“¹æS-n7öÚ‘« >Ø*)‹L©€m¨Þª®šÇÏ[“OVèÒÀðÌh-ÿÓƶÖÙ!‹26u-“Œ[ìèöËC½;çÐ蛹Ѵ 8´²ë걨fçŒúÛº}Æ97¶ê»¶ºküTÿh{jW$ž¦ƒ¤NG_NäUõŒ†¥Þò¾ß¸«R°¤(tXˆ–•eAªº¡êK½}Üb'§Å‰ŽZ#I”Ô‡u<E+&Å Ùyrµ&ÆÞÄ‚*#½‚o)’¶#:AGb(L¬¡qh@ç6¶·ÔôxÀ&! [Ýrù¸ÃÈù¿w²¼YεyÙc®Óž8r¡Žëji_ðD ìêeÓŒ -?Ì!²-§:Щj3ú¡È÷»ÔeÕRkŒ­žºÝGâM ±¦îj¡3<Ïø™ b É½ŸÍoÁæ%ϸž¹÷)K§>ž>‚ªÎÜrô*nr‡Oü¢Wáw/IAáÈÞÜÞñt„7~ ÞØŠàÉõðFÙoqðÆÂÅ;xCxªÏy²ßIÁoëö~ÎSýñ”&éÚæ—0vDŒEÔ¢3ƒÆ²kgLÜ?îZš‚”Æ38ß…oÓU+»µ•(“‹õ`w’P/PZ2ÑtpñQ·;{_û•¶MçüM„“Ôä°Øøôhwµ‹gR%¨+«ö™­}j|sU÷Ëƈ·"Úˆ§žúx4Ž£û\¯ˆK¡æ^Æ>^b§iº§ éÎs „°Ãë¢,3¡à'PzAÛ¹#ðN ?8DË+ŠHU»: RýÐ=P‹Vr»æ¢WKßØnŠzÕ@­MõÙ‡¿{Š¸Â\œóÓ1O : ñrÌ‹¹NǼ‘ Íî0·êeÿbÐc2ÿŠ#׌‡añâ@ëj‹‡å®=*‡ýàÈçnºû{‡hŸ -qÜhÈïDX',>Žq,—ú(È©Rú$í“ŠxlQþä3Œœ…Ï¢k:áÚFèøîÚ†¯¿¶5›\Û(`zmƒlwm#<­›»¶áË<”Û.àw¿±Sdßy-hcðÈldÃZ•˜ž}SŽþ5E9Ÿ„Cü„4g¹>-‹æ1å›aÆTT´KU‘g…„# 8ž - ‚ë,ªXh©¡” ›÷:BÎwŒp9J¡< ->@¾Ç“[ø_$—G;2¥€kQ–™B¹[ñi8R6ÊqEmgì~áõÕV,~îÀ¤ElUœÆ¢Y¥Šq80%C ÐÅŒ÷¬Î¥peò|.Xb}§Þ>4vkÿ+Ohé‹å9:veŠ,—¹\Äû}g)l–(ãÒ}õõ}Hš?¸£|9*™CE—»]Âê”çpÛ3¸Ko]8î:ðƒç™ð¨P ”UO®ÄÁp=aÙÃí}Oä;ën$ÛOU&¦Ì€˜-qŽå—›®ë­QѧuG÷œÜù9Òð®~&ÒšnÙm4[ø|Ð)º&Š“7“ôS Ó !@=]Ýv #H¤7Ž¸»Œ(•g®mc½„ûü™†– 6„qÏ?ô¶YcQ¥ÆDòðšgmŒwÈáô)‡E|v¿$wÕG뵫ڙu›P뿯V”*¥JÈ| 9MÿV;Û÷sRám npç}S¤à¿/¢ÛILc‘Çðæ\dŠƒÃlåæHIŲ¼dâ*$~MI5RnøTIÏã³äÆN£uaA9–GäÐ{ÚÆð›#î±Û?Øeíª~èì“­T<¹¬`cÜÀ)m ‹hh.9 Ø&ÀEû¥ª¾¯ï[ë•ñ A<` œ`0弜ºÖuצ­½¯\컂x” !úc4’+ê‘D¼«ú0ÍåâÂåýõŽH]_SAn€JN*(YE–®(SmÁ 'ÏÜ <®Y÷sѹ°,ý *ï¢a¤A’+G-rñoº+n&R"Ó¥…‘˜û OÖ¶ÄRûU<*¢e||t/ pÐ:¹ ú~ë;XtŸ\J¬”檼è¼Å¸L”Æ!5>+…àÉŒ©bë0móû31Þ^JÚ°ïtÅSA«ÕÊ¿`yno y Âf¤™|ÚÔ¸qþ¹~ÜÑeæë—6TCÏ!—Œ`J!jy@ÖO[§ƼŸØ¾ ¯GöK…™Ë+Šº˜^É27S”Ó»!Íá>ÿË-dfðåxb:g¯Ë7s{ò7I|-Ô›98üE‚ç5ÏßPG¢$×ú/ÍIgW¤ÁãŒ"V?Ôí<ºs©ïofz‡sõ&÷@ÐጾþA@$ÛÎy¾¬»PT#ÕøÝËa' È¤–!0º­ú4Eháp`12·—„¥"±J&•RŒ64L*CÃ~YÚÿ6œDUôC‘Då•Ôœª ŒAM§j¨ïqu}˜S{Ùû=¯365¶ -€ï|áN6²F§9}ãUg¢ÞïŽA½ÇÏ ÐvŸ¦ƒü -·çMÔûû "ç~Oá -öLˆoûA’ c´z±–üÿ­åpÆA&±ÿáŠec§J9¨ˆ -^B*#LÆ ÿ!¥ÈTX>• -–)~\!䦑à™2 - V`¶$ð¡„r6•ùäe#3ãÅ4žˆ„d¸”<0vÁ¯ü/øm»o) ©õByÕ÷>âL|>þöêð«Ø”° ¹™}¾b‹Û¿ûWÅ=rVˆå‰w0Éò¬ -,:f -žñÖjYfº{¶Hùÿ#v`endstream -endobj -1001 0 obj << -/Type /Page -/Contents 1002 0 R -/Resources 1000 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 992 0 R ->> endobj -1003 0 obj << -/D [1001 0 R /XYZ 85.0394 794.5015 null] ->> endobj -390 0 obj << -/D [1001 0 R /XYZ 85.0394 452.263 null] ->> endobj -1004 0 obj << -/D [1001 0 R /XYZ 85.0394 426.0265 null] ->> endobj -1000 0 obj << -/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F84 848 0 R /F57 624 0 R /F86 980 0 R >> -/XObject << /Im2 936 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1007 0 obj << -/Length 3047 -/Filter /FlateDecode ->> -stream -xÚµ]sã6î=¿Âo§Ì¬µü%jú´ÝfÛtÚ´ÍææÚ>(¶œhjK©%ov§sÿý”(YÞäšíd2IA_²\ø“ “Æi®òE–'±Ò,V»3±¸ƒ¹oÏ$ã,=Ò2Äúúæìõ»T-ò8OUº¸Ù´l,¬•‹›õ¯Q«ø(ˆèíOWï.¿ý÷õ›ó,‰n.º:_*#¢w—?\ôíõ›|s}¾”ÖÈèíwo~¾¹¸¦©”i|}yõ äÔœ z}ñîâúâêíÅùï7ߟ]Üôg Ï+…ƃüyöëïb±†c&b[³x„Žˆež«Åî,1:6‰Ö~d{öþì—ž`0ë–ÎÊOŠXiÕ±“Yš–Íž OTÆ€ÆJ©·í•Ë‘¾'ÏJÉ$NÓÜ,2ª*d‚ -N“û»×Á‹èñ—áz!Çt‘÷媫šš˜ñï#9âÉš8JŽx:z›=ÖSœQcñ£©ÍpŸè\Êœ—Úëƽ²T9<ö¸‚E :¤àêEfžô¸Œ¿ ÌyÜ)ݱÇƼÇUÇz­àæ º ·˜ñ¸Œõ'GÔ«“$º(@m隶p¹[ÚDšÕgoL& G¹4Ï2R'qwh=ý®-·ÒšD5‘¤c'†¦\gÊE{aùña[­ªn†4‰@ý¼‘.›æ‹TêX•¼ø…ö—!Éã*!?1™É†Oši³Øj0ˆ_ŽIOñ)&s[eõ˜ÉSf2Ö¬w·Ó]5uI—…t åÖ)ºÌ43ý!"=*E€ägŒx¼¯VLÚåQÜòJÒ ]þLZ$‚<™D{ƒ³ª!pËLŽË\ËVùø8Ayóö(ÑAÈ Ú ]ÛAØp¬‘J‰Øhó„cÓRÅ©VS!c•ƒ¿Üi0ÅeHrÎi˜8Í’aãÓŽ Œn®3ûyôŸâ1Iã\¥é˜ÉS™Ä:39Ë›"wajKgürÆ6~ÄTÒi!t0˜Ãvu_®þ Û¦dV"O'êuWTµ/)tC¥!H¸1T”\ö®ðõuWqdWPC×âÀŠ lšC½ž ô~r©„N8A äF'jÌ "8…+˜D¾/é¶tQ@Žro%…œ|¼X±x“Þ·8‚ˆºw(7ÞÞÅ̸­ÇLÌV7TÂk ÒYuÌ´Ä|ªÚU]õ¡¤î`G¤à”‡™sêôtFò‘r")IñÐökjÁ…£÷Ûœ\_Ïåht÷*ŸV•TNY ´»æÃd¤_t[ÞUuMI„"-͇DÑý ]NqB¯Hí±-¨áRYHü‘¹ð¶üÕ“:J÷˜ôl7îDgë±,YuœÏw$àÌ ÓF-Y^€ -;@ ž%B?•H€ƒ|ca´ŠÁ~›/H0ÅeHr.‘б̀Lö™LÂÅD™/ÇdOñ &Ñ)H-õ˜ÉÓ™„I”ec¸èniΊXH¥ŸÞH¦á=Ö²¥_v8»‘‰!û¬1ƲɬéÀ“'„žEÛVwµËöS2²Ð¬á”Õap°^á/Œl8R«©e 9}Ç0EqÑiWÕÕî°›Û³bÂøêýîÍiËaÄÈÌy•±9 ¢t‰·f-?76ÍòwGQÛ Bîb÷°ÅÚX¢4U¿ ýCåòú¾Ð±*+ǵ#BuµõúUÎÍ„›MŠhHìç¾q^ NL%f„îÊnÎâ„'o©,<”ܸö‚…äI«Ç}ùl¨í Ò®LµåY0l5¸waXñ.ÁHîÿp…!ȸ®ÊáíÜ9%àƒŠf„0”Ú°³^Î]ü˜Ya#_ÓåÚ§dŽ©¦åk•Ðs„¦Z¦¬×€Xl:ª°Z_òܲⲣ°C9Õ“TLÒRu0˜Ñý oF§ý3wS£óÔó5Poï›ÇšÀ[ Gq‡VÈQË(”UhÊÛýÒ+&àO°Å„^A k˜¦ -®£î”(Œ¤9w\m2¯“s}.æ"8UyCw¨]™Ó…)&“u¡†¯‚"0¾GÔùV3½ÊO¼|fÔi–ɧÒ2£g<$<,- ¬kaÆò~÷„w÷ÉÒ Š™2HÓ^„ÖÇ„CzÆÂÌY˜3—1}ËhëÞ V{×Õ¸†-F/ë«¡Ä^¿ƒ¤}ü]pµ‡ï‰©Ñ_Ž'™ ~&qöa8»òû -ß"~š|ýšf.ßá7\Á–»Ç%ÐI| œ¦ ¬·_!¥4 }óÝÅA›jï™ÝT  „RÞx†Ò“ð }ãé;ž—ãÈÄÜõ0£¡ö~5ÒÃÐ[*e±ËóYÊžË\ÍIØxµ-Б#øv²~NØòs;¥vVÞ‡–/3–¯XÚ{P“¾~Ryþy¹©ÊM=[nê¹rSS¹É¿-7ùÉM¿PnúÙrÓÏ•›~Jnê%rS/“Ûdƒäx3Þ ‹åw„dr$Ãg~Ø“¯ «Vt½Ušó€žßYIÐäÌOCÆŸÕ POC#ˆ]Ž›©Ã¿‡èÎ(â|·mêâÖãÝ–÷ŇÊWŽ"ßü0Bœ¨ÐPK }wH§¾F_w:šqߘ•.;ú*ë¿×¶Õ®Ú{tõã™3#æñûñf2=©€¥Îyò÷àšFüO•Ò(‰óø#sqñ¸Œ?#ô¹ÒêC–SYd‰^Žúد=4„=Å·À ¥.š‹ˆ:hŒE‹#AÝ00ÍÒð8KÇpj‡” -:aœJ\Ì\—ÿ‰€ÕýÝ[Åß®é@ÐLTÂp†ˆ:¬©€F]ŽÜ$¸‚!ÚIùôF¨VPÅ,HŒïÐ꣤v|.†V>†cžÂ/ß·ÁºÊõß ÔRgF'OjÓà*°rbÖXŸ@^ÎnH“s¿·Ó&ÆÉÍ|„¦ðâßâ ?TÄÏyÖª30Óˆ0Sȹ9ú˜Ùÿhï˜õÿ·>%endstream -endobj -1006 0 obj << -/Type /Page -/Contents 1007 0 R -/Resources 1005 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 992 0 R -/Annots [ 1010 0 R 1011 0 R ] ->> endobj -1010 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [213.6732 702.2957 286.8984 714.3554] -/Subtype /Link -/A << /S /GoTo /D (rrset_ordering) >> ->> endobj -1011 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [209.702 621.4019 283.4678 633.4615] -/Subtype /Link -/A << /S /GoTo /D (topology) >> ->> endobj -1008 0 obj << -/D [1006 0 R /XYZ 56.6929 794.5015 null] ->> endobj -394 0 obj << -/D [1006 0 R /XYZ 56.6929 769.5949 null] ->> endobj -1009 0 obj << -/D [1006 0 R /XYZ 56.6929 750.9506 null] ->> endobj -1005 0 obj << -/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F57 624 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1014 0 obj << -/Length 2676 -/Filter /FlateDecode ->> -stream -xÚÅZmoÇþ®_AøY„›}I>)¶ì*häVfQIPœÉ“tÈñŽá-«Eÿ{gwvwä‘’›…ßr_fgfgfŸ™›PøÇ&V*œœ'‰¢LM–ë :¹‡±w,Ι§Ióþ¬ï_¿Õ|âˆÓ\Ow=Z–PkÙd±úqúú—^\ÝÎæ\Ñ©&³¹ÒtúÝõÍìqøyýþæíõ»¿Þ^ÎŒœ.®ßß`÷íÕÛ«Û«›×W³9³ŠÁz)œXðöúOWØzw{ù×·³Ÿß_\-:Yúò2*¼ ¿^üø3¬@ìï/(ΪÉ#ü „9Ç'ë ©QRˆÔS^|¸øKG°7–ŽéO K”åfDrTÊ-¸ -ô23M˜P -:¹mòe|¿]åÛ¢º÷B)Ñ#E's.‰“L"{È+X£Õt½+ÛbSæþ—žngÌNóe¾«§dØÛŸÑî¶U¾Âá¢Â‘,R̪æ1ßƱÇÖÙv|ŒdvM~·+±¯­ñ»¬«Ÿ(å÷»þ~íCŽ£‘'¤¬§õ]\üp‚uЗš1â”âAêM™-×R×a[)#èB -ͦ®šÌJP;]À*³.L0•¶@ß“ÝnáæµWþˆæ%Êpç6mÖæë¼jqËM¾]mƒŒìåÏÚ¢®pF¾—üA‡uGSÆTÈåÎ$• ;†ÃÓÉðÓ³ø5¤ÓïÛ+‰Ñé‡<ÎÏʦÆV;®7kÀ7¤Jº¨·mY4íˆÒ„$”óC}uè½BI¢šF‰±4¸Žmï'ظíù]š>ïÏG·l~HÕ3ñ!_ÆC q }P2$¹&B(;àèÈÿ»YÏ0rLÍsBð<…#t¢03Ä ˆ&~ð²Ó»öqÄDuv†Úgœq?üD;N¬4ö%‘g­ƒóŽâ¼Oò8È1îà¬å~ãpä›|9bœIUò»¢ÁÓXåÞm0y+ŒÝwuYÖÍ7HG™¹¦D2n“îpÓe™5°VCP ÍTÙ,›qèhŸ69ùV›~äÕª^gE_…CѬ5nèr¨ÿ°¢>°ÁX‰Õ -Œ5ñk¯ÁÕ…rÓªö_›Xö]ÅŒMcÓk¯ð:ÉW_AQÔ/Xåwøx\ÒŒ \NÚ$%_Þü}ü ´“É¢’CældΦ€¥MÞíOòæú¼Ù¼A$ïÈ9ÞôyÞðÔö¾!8 Ëôðʲ›B[4»È®ÿ‘lñ'ÎåãÔÂ!¾@¦þ0¶É„Œ<™èçŒ "¨0C[]$.Êü>+±ù)+wygüÛ6¬ -JôÁ¸õAl1®»´"øæ(hC¤2r¢€0åì%1CHK 5èé¿[•øðàFǨ<Í®£@+6q…8 -[I&€• Õ'–ÄBpž(àLqÄUÞR>C :Ö¨VP£·Œ%icIvˆ±`8\Ó2Lé£!ì:"4ŒŒ°è€ -þ³®ò1 äW•99ºÝ ¿¯šß¦n°´ì~ÿ—“L+NŸ ‚kZ)ùÜ *K¢äÛ¬‚(þ…ç§újï0Rw~Šv0«©×inÚûÄäåŒÖQõÛUôûj]R£xNëÐ0V㽶|Z–ÅòwS{Ö›PïªÕ[ÓøK 'Ùÿêöiâÿ#r2íˆ0YB¶Cƒ½‡Wp« :¦Š:"­aã¸5å­ÒÌ2J‡³{[oQÙùçl )Æ.óaÐ cê(± -xé_!X%¼;Y=ðv}³GjغÄOª=ÔMK"'dY¯_õ6ÑA¿†Ç#‡†ûm¼ªÇû÷·ãé8(Üi¨ý±(KÌb—dÆ)Ÿ~êg¶˜r…”Ü„ëÓã £o]žÌàu—¢G%ù¦W’§Ô>d1GÈ>ER{38]–àá -GÄtŠhÙ-dQ´ÈD†Ÿfwç¹ —§GY†ùš@De€, •@V>fO1||ÖûÏ„Ú¿^–@Õp1nÇRß/‹61˜ˆ,‡Fî‘é õ>†mÒA¶)_\nÐÞ÷Rç$Áf“g—=š}®ª#®…s…(™$„4(,*NõX"mRyCNÕÚ|æ -ˆÖ½¨ØÆ Étp…Ÿ~Æ­õ—?\q„Dº¢&×Th9yçÐ`ÓŠ3Ë&€Ä ÄU<Ä›ÞI8bˆù‰<Ä{ˆlº€ÿùôêP3>N2’, $áÂÖ“_'ŒPéœÀI½vu¯ƒÐñõõšOÞÔ Ñ¤'T"<ïSBY9ÈÁ È6džNáº#ˆeu? -ø˜Þ3ÆSS4ȧÓÎ(ôÜùv¤&ÇľÁä|ãÉÓÉÃ1½Û•åSœè_ç­1tTøÅê±o9_ ¦¦ßƒŸån;Ç€b$ZØaŒÞU¿ 7à«u²ÆF'€F³Ûl|ÀõÐ{|( áj&€×UŒl0¯æË¢÷ÇHÂíÁö“¾ý6³õ¢À¨/@çjè ýôtqšsE$©ƒâ´ŠÅéÅŒq7ÝU1ËDJ¨?òEA*(iˆ“æýY§yéfy^J¸íçm[—ºÀ‚%hòìÎݬ‘­ÅÀu$îF÷þcQ—ÕnýÓ5+¶üfYW˜ -,ƒCç2[âîG)nÁÛO‰HQ­Še¨Çb5ÅþUÑdËÎú‰*ºx("{£ea¡ÍºÐuó~1V ’T‘`&OŠ÷æu•¯ìÆð–}sP.9Æ ð“6m ðj¬ºCu†ÑxծͿc¼ØÈ>ëݺW9·»qdG™Ùñí5‘”õvc»Ÿ2u陬xÆÔ{³Î˜zšåYgŸçU°›Qƒ–$wîüþݬ¯@Þß,fÌÚÛ”6°Ú-sü]åíc½ýÅÿ¼¹Í:°·Äq€gØ(ª%®Íš¸t“oꮳ*ÑŠîdzžñ¹­#FNÞƒ_|Êyÿ…pä@™s ²h%†6|¬ÍäÔÍ:K ®Ä…ÒZa+x2|ñaÞ¹ô„£=òôHÓÂÍƒÏ -~]üZˆïyxÓib_”U7žöŠúè%†pýUk‰‰ñ˜Ž¥DÓ4õ÷7Ûǃ—èÇ©îùfÔÛѶ«ƒ:›à‚]÷\ÔKà5¸6êÝvïw‡î7•üË8Oþ½Ìª„ d­Ëa°™š¨¯˜ƒ˜`Á˜®ø§¯ØAÅô®—¬4E™ ‡ÓÛ™…K‚yÚm|G‹h{Õe;E̺7ß43–8)‘ aïdDPw×3wooÒ™7ê8)©ùt4 -q–Û³{w“ÎoÎ ÛˆÍÎï~xÆœçlgU˜±}J³wSß[¤Šú$t=>ˇAÄöîé¸Yw•«®`[TÙ6žº7áMÝ>R…kk|;u1,Ük‹³O]ö˜ç¿ì·ê™Òø%•²3À3bôŠ “g«…/ý+‰=Æ”þÕÅò/±©à™òªPG®ÝŸS³þ‹åL’endstream -endobj -1013 0 obj << -/Type /Page -/Contents 1014 0 R -/Resources 1012 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 992 0 R -/Annots [ 1016 0 R ] ->> endobj -1016 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [353.6787 706.9749 427.332 719.0345] -/Subtype /Link -/A << /S /GoTo /D (the_sortlist_statement) >> ->> endobj -1015 0 obj << -/D [1013 0 R /XYZ 85.0394 794.5015 null] ->> endobj -398 0 obj << -/D [1013 0 R /XYZ 85.0394 769.5949 null] ->> endobj -696 0 obj << -/D [1013 0 R /XYZ 85.0394 749.9737 null] ->> endobj -1017 0 obj << -/D [1013 0 R /XYZ 85.0394 600.3746 null] ->> endobj -1018 0 obj << -/D [1013 0 R /XYZ 85.0394 588.4195 null] ->> endobj -402 0 obj << -/D [1013 0 R /XYZ 85.0394 240.5427 null] ->> endobj -1019 0 obj << -/D [1013 0 R /XYZ 85.0394 215.3468 null] ->> endobj -1012 0 obj << -/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F57 624 0 R /F84 848 0 R /F86 980 0 R >> -/XObject << /Im2 936 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1022 0 obj << -/Length 3569 -/Filter /FlateDecode ->> -stream -xÚ¥Z[sÛ¶~÷¯ÐÛ‘g*†¸Ó§4qRwN“Ç휙¶”DY<•(U$íª¿þìbŠ¤(¹N áÐ d{N@ÚÓtºÍþ C+8Mh/*z²”žÇ<;„&Üd¡5tpç¼*\0. (V;pÏ;Ø%ž„´;P­‹í@YS.v%Ä1ˆÅòÚ¯$+ Ú@g/8e™Sa½kTšçxŠ“^¬‡£<.šµ—áü¥)øRôî^¨¨@J\!nŠmAÐŒmÛ]G!~Ãov‹ß¨Xý–¿Ü:~~8G¤SB'Êju»R—á°•j¹\¾:äÕz†ËûŠ&û<Úì¥ëÃñ\66žEò–jy} ­ÔÈz¤±8aoàEl s`\ï1UÀ=jâcjð[‹âe·À@§ÿª³Îâ!›çëì¹ð[+ŽKz’[¬â­‹ò‰Ú3züI^&$!›c<ƒ” žr_>¿¥Âb•OyEHຊêöeû¬Øx¯‚r}ÈÊjüÉbª¦?V (£X@E¸Ü‘X µŒ>€+*Ó¤\d²ÐV¥¬ ¨4U¾üŠ°hÞÔÔVÓ Çì¼g}`úÖù±}‰ -Û¬‚csª0îSñLë…Îj“=¹¸i~è嬿4ݹ¨À,õŽH7†a]ob@wýÁ‡"GA_NRòQ²/Æ»®&´8¹šÐ2¶Ó¹ŒmËÎtBߎžÞ^†êm2ãÛÊehmÑVŸùÜ@´uj‘8´O^ÀìpRL÷¹i†ûŒ¡,eÛô\ùfEÞ(ùôi³›{ïb°IÞçl4Ø+§½‡Š'\T$?ƒBÜX”-—¤ ª›95ᤪ >tC˜l²í~Ý#d“kCáÌZ…Ëe·×[+âzÕövĪåiá]rð‹H-9ð #Øu¤îJ]FêVÊoݲ¬fÍr?«Š?ÏP–qàn†¹ëê[©Wô#ƒ°%½26k™—‹‰(x¸Gãöq áV•·$ÔbIO|ÿ5Í›nÍŠÂ\MQRð‚Ÿnbœw%xë5ª 5jªªwô”©Ó„ò้0B÷Ãa:Ž&R6Ý5uU,sªÔë"4¥‰†Uƒ™l¨2’@sY¹.ÿ×°-[º#"Ýé²8x½åQl5ᄇï4U“…´Ø¬‚óh$|ˆ ¥qj¤B™Áöù~FЕQµôT ê4;X_Mõ8A)B½ª!% ~ ±Ž¤åÑհϪز&nžÖÔ5§úoy9Xy´Ú@ÜlÁâõî84®ÙS› C}Ÿ-~#>òßЙʺïßAGø4<ëxTž‚Õkïœ1"+©‹Ç>Ö!…—=.ÕàwBà}nï+™†¿[¼K§ß4Ŧžù<^HŠ¿ú)aW!Uót<@ŽD!Ø¢7å¦ËÜíi0aÁ4dògpñ*ôî¶Anoö«fC‚Ë"{*wUí³7;˜6ôwÞȨ½Ía¡ÉçÐ6o‡5š¿hÊ%ÈŽl>¤ܧʛånVïö³MþœofKH[‹r,ù<ÑÊØ€Bó ÿÜHo‹˜B~J %Ð¥ÁÎq—p“©wß¾ýüed@c£œSr2exK`ü¸daOŽåW—j*yS ݈ՎŠæeßpUåù¥ëfÈ £ˆB_ɜۋö®ü9å>µ—7sæ¼svv$AŽ©œ°½éœIQê•YœvJq>©‚§7ýÈ. -°oõ+ÛR–µ—ƒ/ëb±¦aý51C - -›5)9ÿ–ú蜃B îX¡]k§ÈÓ‹Sä©M$ønÐ~ÿi,o¼0’‘¯[Åî„<yG$>’ñ6:…² œè¦i'jm;4Y{ãMà ÞöœÏ™¥,±ÜÆpó,xæ³±{h›cŒ²Ëi(ý}&²ýÞ'.ÎDÊ`O‰…¥èÁ3Q‰éýŠÚŽ»† -«<ßôÒ3-sâáޞˢÊæ›ÞÈÄ tš0aœ 2P¡-ærN?H”Ã|’ ç¥Á/±i¼.|$2h9îÇŽL©!\D©Çÿ>Ž!Eñ«pùÈ ÉA^„K‰= ÑM¢y{0cÎêx EP8Ñp¨xî Ï:ö¾·¡Z»eXiù ”}ù÷âaD…lÐeÿÊ_âŒMøÓšÁV=xs¾*%`0b“àB–·È«ŠnS:wmz‹®S\Ig™¸Á2W°+u9[)œëheôÍ‘oȯhn¥FT|Cè¦0Ôú4 _«cs‡XŽq¸Þ‹Cè£8„BxÄ8„¢7twÌKqhY"ŽYsœÐ¥@´iÒÆlCT2†@®!ž ‘\æÿ•x»^>€>³ÔýíÐÃ!}`)Ä^¨áíŸtC+;[ƒ54g¯{›-ÖEÙ‘õ.Þ9½÷Ë™W¨ InÈ“™$1H„»±äo)•Â7NiwHæ—ñ— -­Øf‡ ¿oû]z(ÜTdQP -ñF•"<éÒIN.”5àµFúÙ' s -I×~Ð[YUeR§ß!hºdÀg¶¨›pYŒ5Ÿ·R@õHßG4;A„§ W¡ŒÃéo-o¦q˾?\ Ó--‹]›»„¬™s{aêB´X76}àÚ(×ú¶Ï~ð³_æK.¸ øUoGM¡/|Pêê þ¬ -_ýIæ›ü¡M£‡åºÒÿ(ÇŒ|ßG: ñ¹Oœi£í ã†Y DRêbàcáæÍD4èžË9à«´—~ºÖ^Ma®%Æ 4m#ö{yº/“&”¸ô;ð-ia0)œ¸’ç‡Pšp˜‘©ÿc5Èhendstream -endobj -1021 0 obj << -/Type /Page -/Contents 1022 0 R -/Resources 1020 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 992 0 R -/Annots [ 1024 0 R 1026 0 R ] ->> endobj -1024 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [297.8955 586.6375 347.2449 598.6972] -/Subtype /Link -/A << /S /GoTo /D (dynamic_update) >> ->> endobj -1026 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [55.6967 306.9508 116.59 319.0104] -/Subtype /Link -/A << /S /GoTo /D (view_statement_grammar) >> ->> endobj -1023 0 obj << -/D [1021 0 R /XYZ 56.6929 794.5015 null] ->> endobj -406 0 obj << -/D [1021 0 R /XYZ 56.6929 374.8758 null] ->> endobj -1025 0 obj << -/D [1021 0 R /XYZ 56.6929 352.4787 null] ->> endobj -1020 0 obj << -/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F58 627 0 R /F84 848 0 R /F57 624 0 R >> -/XObject << /Im2 936 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1030 0 obj << -/Length 2589 -/Filter /FlateDecode ->> -stream -xÚÍZëoÛFÿî¿BåKÅã¾—×Onâä4Îã4A@‹”MœDª$åG¯ýßofg—¤dÊV›®0 îsvçõÛÙY±I lbU‹DNL"#35™¯ŽâÉ5ô½9b~Ì, š Gýpyô×ךO’(Ñ\O.Z6Š­e“Ëì§éË¿ŸüãòôâxÆU<ÕÑñLéxúÃÙù+jIèóòýùë³7/NŽœ^ž½?§æ‹Óק§ç/OgÌ*󹧰gÂë³O©ôæâäÝ»“‹ãÏ—oN/;^†ü²X #?ýô9ždÀöÛ£8‰U“;¨ÄK>YI%"%…-Ë£GÿìzÝÔ1ù)a#e¹  J"-¸pDž™Ž˜Äq<½¼É‰ÃmÚM[ÌÏ{±Ì‘] *DãÉŒË(‘L:rÝôfgú§8æKßw—y¶yFÕ«ú>R[áç6ŪX¦5êâ;?eÓR¡¬|¡ÈòVK—~D[ùïMÚ¸ª?䈙(Üö ¾ÍÖ³ÍjM¥«üº(}ë]ÑÞP© —E$7T³<ÒÆZX×yñâ ÿ°³Î«nnȧXʼnà ‰L ÂFÃL™˜KOÄ"„ÞÝäõ1³Ó|gåfu=®\”N3¶',ã %J‘Ç­S"PÂÜ&G ¯)LSª‚¨ÊŒÆeÔò±,îgMûàL¶Å*‡Q«5ªË¨é*O› Î<)OºÉçU™…JQÎ=…·i¹Iëjgž K€kàú_WËeuW”×RÜ1á­BrR”Ø4 ‚Áæ”Úš¼.ÐT-ú uÃÎÚ´(q‘á¬yµ)[”&¶µëw'IÛnÓåƯ¨v}a²7v˜V­Û¢*ÓåòÁo”þR•~J™®`‰6A 0"I¶I$Ö‘€æÛ"¿£’ÁI¥½ àÀ(t£UWÎç³lOßïJK0]§Bìî$ -×Ëê*]Ry `ࢪ©ƒ¤tf?{‹/²APË-‰ñZèé´UÁU瀙ÄÚ–Üv±‡8À&ä›JnXð>¡§×Åm^R[?¡£Ñ“Eoô“ú‘z@ºð[«VE넃ݸިe:ûVÓ,_¤›eK¤êüœ!ÇB)¯%èÚ’¥––°''·ÑA&Xòäå>PâŠG‚ÉÄ£Æ'Î MÜ: þÊ/#c‚%X€Ç1ëa‰ë-X -»t$c8Ðà<ÛQÀªáÑÁÿ.úû#gkN¹ÓéðÛ{±"¼Þ9 -Ìöá¶è°eô¬ó.ìk½@ep‘gÛ˜0‘TFN42+ØAуPÞìDlVØp-Mdylöï€æÅ@ËÃŒmR³Ž)« $b±M˜‘BMt öo6óyÞ4#fŽQÒx+¢3à ;Æ ŒÈ*àLðD›%µÿ¼ñ Ž•Ušù©h2îK´T™uhe õ4¹žPËp-¬ãZTt– -ß,ÇP¨tiý17™@qSÌoÆ` ©ÝÔlpaŒÃçüýéÅÅ{ ‚ -iP³®Ê&§nïý8¾¥ïN[_$àƾ²¹g÷â"ÚµU ±¤Ñžµúu–‚6) ®‡xRDÉ“Áó#’aÆ~ã“1¢ŽxÆø”¶$q]狼®P2>Éxg|XFã“LôƆ¤XWôZ€GCÀD¥¾Ç¯íhPËlô tjnžÐÏ€ñ¯æÿV?páÉsÚ -Œ ¡¼¯ë&o„k{h€²ƒïtÖí`q[;Ø‚ÚÁÁÕFÜdèxú½ç¹{ -}³´MŸÐV'†o«+ù-u%Lò«NNå}VáÑw˜º8Ä7ý­(F†o§.¬xuaq[]bØ¥’ŠçÿzõþÝÉÙù³*Û¯–!Çb'’ÚFR'Ïœ´2ŠáÇ"-–›:?Ћ”pjÙ:G‚ªs$5€9¡:˜ÃöGRsØ“R•6n¤ê°#?ªÚ›ÎÁ]® èªÐŸ^U·ùˆêÏìjÂ_eŸF©`nÍ7u·½}M³Þ×´¿åB[ïkP ¾ÅyºièŠ…PÉ•]è kŠègc~wŸé‰Ôv¼žW”?èÔ\õ‰¤2Û‰à]cþ}$ãn‡{ ` Ùoe}Šîÿµ3Hq;ŠÁ|¶R…R†"Ö„%f‚U²711’2„ÿHKC~xš:÷†k›Z1Ýâ™Ã9£Î«úR@ C‚•`ã]±\RÉ ÈïÓy»ôÓèz­Ýa=rO5  î yÿ5AˆˆY%ºËæcBe<ó%£Ÿ%²mû£ˆa&KÜѧTpK4jßKì”’ -;gÅ0±“ÉÛþ‚ƒpuoð¼«<8蜴½‚;wž}¼. W\ŸYM³¬¤ðbLº®;¢VvÖñô”÷yAŽ}Æm€{öuëv´@ààLCÉFÖ€ÿtÙñïPÎgÇ=ÿP§«Uêe¯ÌN~\G*‘f˜¹ši W¬¿€ˆ|å?'yYk’m´¼ª®7 zÈ›/Uý£I¬~?®ëºº-²|VÜ/êCfù»eÎÜ´Ï¢µò¬ü;kk€æ…KŒà˜pììÝS?Ãóï®8“LT„˜y¬wõ_é³JËßÞtSXXÆ}>íîßùCtá>M[»ŸÈøã6üDQD…ß`}ÖT›SØ•b-Vð«›Ë´A(‡€ÁuTPý×>oŒž Ú{æÖUÝv–ÕWh?3ˆ)ÔÓ®f·z¸1ýxcpXÏoLíÙ˜ú]ãœÅz[`¿}?æ¦ UCУ;÷´Ï»ç+ʹ84ÚA«Mz½ï]kà·—£pÅ’t’¥}ÂhNáÀÖ: Z³½· -¹Ã›´†S‚¯ABqÑÒ¦©æEÿ–Õß3ÓaXµªÚþt¹h—«¤Î)Å -aƒhkI++žfÎy»"1l„]#à(©PÍÜ©˜ú> -ç\.nM-Ëü6_úñ‹­A_Pr×›:õz…Æî™gxòEÙ™§œŽ°%œ%J„‡8—ÁÌœLVÙG\a:Þ$Ó³Å~ú˜8ˆlŒýÐÂ÷¯cb.ƌń'g>DÂfÇ)4¬ªþÍäÑe!Æcíåqˆ w—oÜ)ŸÀ’t–Ûþ²e¦ézݵVÔä#s‹p¹¾=øAÕzF&„JTdY² Q=ìĢϣ‹XN‹ëÒóšaÖÄNn ¸Å€{ŠJ/6gÔˆ|ŒÁ×Xu€|tbù˜|3Ä.²ÅÛîZLFÜJþGב]Ê\s3x½U Û6:ÿªô8ÙÑEú*ŸŒüÎ î€ø«ÕÐÿäCÂIg-¿}t·¿)d@©Ýw?x¼õÿŠÕ“™endstream -endobj -1029 0 obj << -/Type /Page -/Contents 1030 0 R -/Resources 1028 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 1035 0 R ->> endobj -1031 0 obj << -/D [1029 0 R /XYZ 85.0394 794.5015 null] ->> endobj -410 0 obj << -/D [1029 0 R /XYZ 85.0394 769.5949 null] ->> endobj -929 0 obj << -/D [1029 0 R /XYZ 85.0394 752.4444 null] ->> endobj -1032 0 obj << -/D [1029 0 R /XYZ 85.0394 624.285 null] ->> endobj -1033 0 obj << -/D [1029 0 R /XYZ 85.0394 612.3298 null] ->> endobj -414 0 obj << -/D [1029 0 R /XYZ 85.0394 362.0579 null] ->> endobj -1034 0 obj << -/D [1029 0 R /XYZ 85.0394 336.0649 null] ->> endobj -418 0 obj << -/D [1029 0 R /XYZ 85.0394 167.8903 null] ->> endobj -951 0 obj << -/D [1029 0 R /XYZ 85.0394 136.123 null] ->> endobj -1028 0 obj << -/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F57 624 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1038 0 obj << -/Length 3695 -/Filter /FlateDecode ->> -stream -xÚ­]sã¶ñÝ¿ÂòÌ %¾H`òäÜùÒË´—ôìLÛIò@I´Í9‰TDÊŽÛéï.vÁ/Ñg_Óу€°Ø]ì'@yžÀOžÛT¤^ùóÌaiÏ×»³äüƾ;“]þõ¯—Ÿ.–ÒY¹xûçËo®>ÑPÊ8¾ýðñA<ý=ƒôÓÕû«OWß^]üzóýÙÕMÇË_™hdä·³ŸMÎ7Àö÷g‰ÐÞÙóGè$Bz¯ÎwgÆjaÖ²=»>û[‡p0–ÎÊO&BiÕ©ž õ"ÕJ~¸½XjcOõ‘›²Y×Åzí}Þb+]ä8\H·(vu[P¿)Ý䲡ÿ»ò¡¬î¨]yý*ßðy›¿fê»üð¹›Y¶ôŸ3–U}wäæc¹ÝRkOû?£½=Ú{ ¤±”RxkU`í·cq(‹†Ž¬­é¿lᬵL7÷A6Åm~ܶÔyÈ·G†×·ˆd8TBiœ°.É`/Ü‚h¤iCQk8Ì4³ÊfœÔŽgTõ àZš§ˆÀâtDx—Yh9á¥É 2sº…J„1 4„`¨ÊM±,¿=Ììf±ÔÆÝÖÛüØàgÔ‚€åbWV(M=ÞAê¡ÓÞ‡‰n±­×ù–`¬`5pÔį[:i ' ówyÓ&ÉxÎ0…Ž¹ÙöuµáMËöžT$ŒÌ‹…8:ö²Z³’‚’z’tñ¯º*¨Õòª¹ ´'©~Ï@{#l¤ìÐq¥¥FðmþP H%¼t¯i *g²Œl- iyÏzæÔ´KD–y>ˆ§bN¿¤Þè8‡wž2D¤½™BïJ2"·Ù AešÅ®2µX!3 ú²á9 ¨â!®Ø×MS®¶… ƒDÆC<³Œ)wJÌëuþ bs‹œÈÓÙ wkþ¦ ÛÏ‹è9˜f˜×{T´L—²e¦¬­aeûf(‹Ú -£õmOÃŒg4ª Z/›K퉶ö’Ý·‘Z€tõÄ7ÅÀÌ:Œ¡ø@ÿ#¬ÓaèDÆÏ  Ã¤¥¯×Öÿx)¡67f@ÞFHö u(?Âá “¤qÞq¿¯<Ú#fUX~lë]Þ– Û'¼%W­Uì{ (5oPÉ‘¾ÛšþñHu0êÏ¥CA0ڣ߅·¨Š €Ð˜ŽUÇH Dó2¨¸Æh_®ï©9`Þ 9ô‡74>XW“Bk·¯Ûo e¢û†¡îxa¸ÏÊpõ\*f4d,ÞÛ/Êe7k$‹æ¾>n‘JHBóícþÔPû±>|FËISζ? Üq'HêŸsçN HÖí«Ý¹ÉTLQj³ŽÒšÎˆ^¶¸Ìû‘Ÿd¾Jþ'ïÏ!²îÀ%GôneÒ -°™ll¡P"ä4ÕÅÓƒFç•)äu:­‚™Óœoá¬UÙÂØi…6é4‚÷¥™ÀI¹ãÍjí4:%Å_¹¸­Kñ{¾ÃÔ1ÒX2E䀱qÛ?c*½–Êêxw÷Äž¤bײ>äÍ},1¢—ZׇÅ[÷-`ÅC-fZ,œ‰Ãúºꌌ¾¸ØTsꯌÈL§]R/Ý(tj™ 2z¤\ 1£XWèA›ót˜·m±Û·¼¬¦Þ$[\½ûxÍ+(ÏغÞíŽ8½x)@Õ꬟eû¡t‹a¡ßGÁ/Öt³å—L3‘(i¾"ÍŽ˜*Ó@îä âö9§îÕEì V<ÖæbÄéa1‚†GPo`&‹Ì ø—$Q‡”|&¥Îðn]‰x—€ð±˜õJØLÙ>µ62dz íÒÑDgÈišüŽ¡{®±¡Ò€Œ0“ãÃâr­>†Æ:xÉÐ5Ũàm“Žc#…Ÿ²j3&‚Ò35wD©¦ó·3Ú:Ä|ØW‰ù2‰“ÅCŸˆ‰yO ÄMò™cÊt-2kÇ~óeVÀ÷öw!8î8ÂcOAÀÇ*ĺ„týž\ïXp2-\… ÏUýX0Po¸üþ±Úm]oþDp¾ˆgü=ĉßF.¦ïóv}Ëfa¤èI)SÃR=/þNl :UÆ⟨?ÒÀ:¯¨Ñì‹uyûDN*ÂýA°jß“Eß °‘3’h—ˆƒoÜs‰®dT<‹ÎJAöKÀ IÛ\ªÑ­±Oy*.Ê3‰ Ö7É×m–)‘8¥Ê¢O¹': 1T“b.Ì3Œ:ž÷ì<؈H@-B -æ÷Ë4X¶1£š`öþ,ÚwòoÚ¼ åm¢_n$B§™›Ùª˜Ô “ðÚc§tð™Z¹¡Mf]i‘I¾H WÞ…D*‹Ñ -Õq·¢ËÉu¦ÕúȾ¯âeµªÁš kD9®“Q8Ød$\6Ž‰0ƒT‚,³2RÎj²L93ÑŠgÄ£u⦕ù ©+â(šG™ g È×Ñ%Su>¸ÀW,¥’AîÛѼܳ:ÏjYf„2áEC%ͲR$ÞËW^³J«¢¼>OÏdb6IÕ43›o@HF Aò9KÕÂô´Â&Ó§•À¹z°#ÁBñ9àJxçÜüÓòø¢¤w…1ÿàÂ]šö;cÙÌ%TJ¸þ˜6r]×aØu˜çj+-NÛ‰¦BNÐ7¸ t|]öaÁ“c‹bnŠƒwBxU€¦{-¡”hŸøBÌÂ^M.Ä~Ilrsýá»7ÓSqN¤6‘ç&AÒ¤D ÒØáO9qúr8ÿô%ç+Òp]Dº]AÕNI‘:YšÚ-'IݬH8ÅÆrD'ü.]´ù–yð‚²æJn³ñ»KÇþ+SÉâïŒ( ¼[Á7pšo-iiÕ~y|Mh4¼B 'ë€L§“›N˜lýdO4å]•·Ç˜›iÛE– þ8€n¨{lH 6>™À"ÔcB8 -¤è®rB/¤[¡±ßÕ&Nj‘£Jߧ¥ËTg‹Ë¹úv|‰J×ò®¬ò¶ó¶ƒpóŠ -läÄéÌö/!%çúc?£4J2Ž­žâ~ÊGJ¹˜-Œ/·ÿï •%$"±qwÈw»ü@Œ¼qt.ÔyÐb›¾à»­HäÉ4bÍ·Ûú±¡vp"ØØAåYî·<qb±¥¦åp^OE£N ¦R£²|±Me,H …¢ÞÉIš9H+¶,E®>¿öVA*¥æ2B,ÖÅ\…È¢¼{éKK™=wùΠ†Œ -õìäJ žcQ L¼3è‡ ¸@  ”— ‹?œ²ÙpUÈ8©DJ¹D²ƒwé!TjiÆ™&ÅÄtÏ‹vô¼hb¡pz^4“7E;}StÝÓ'ºó‡bõi „½¯ùÝ2”F€øEȯ9Ŋ¹ZÇB0qéWù²[5VÂ@–¢wDüx5üÄBe‹kÈú¶ùÙBÒ ›ΧõšÏ !#¶Ôä×>ÖJS‘ô–ý5çûŒÿ Á‘ìbΘ@¾ä&©Á €Sm^n›7Ñ}»)šõ¡Œo%Ï~…`-Ô=Ö|µ™fÝšçÍÔfúš’:¢¦çaê¡}& - -6«’ô…4¨›¿.8MBNñŽ!ú´G Ù”$“jHE¥‘t’ u³^ ä[wa$Ü)¾H$@tæ<¤äVw2I±” «Ã±¿½ ñ(°qÝ—Àá[&q¿ÍÆÅ­J…vÚñ1¥€ûßAY•†HL®\›öœ«×/µ‡ó¿ h­ðY–þ?±†?!¸,S^8( Æ^ø?ßÌÉö6i;ùªäµò}G•IÙëQwåÿS¸=µNðþ…wo¼¯HNgæÂÖ ¥ºÛ™Á%ˆrIW;5Ô}÷ñúúê-µ©fiŸ¨G‰\Ýâµ2æÙe‘¡×Y…4 Á'l4è·q¬…4ò%îæ/‡ fìæïØ€#Ü 5ªûDÙ5§¶g½Dà 6²Ýt]F‘.ã- -¸ºÄ§c ìä­e'oêÑ£«–ºJwï@0ÀŸr±?®¶åšÚ!Ľhiºr†?üd%?BÖ û嘘otÒíî}ë°åëaB4«"a+^”%( -£ÓR¡^AÀ¢]bžEì…¤ Mo¨U”ñýó§u|iJé»>É_Êø¡­¥F/2ìq.­zãÙçý=Úx]ÜéXQq!æû¡Z‡‚)¡OÆR,Y܇ïÓ,Ê(”žáI¯Âó»;v¥Œæ p^NÝ6¼ú5mŽµK¸~`9p„«Z•·ctIx­Ä qÁ}ør2Ðå‘$ñ«r3X\ñ¤øéVQ¹–ü²{údßG¶]AÇo{ì!;¿A_IâÞ}’ävÛMž>}–U¬JV›z:Õt ÎðëŒó²½óÏ}h«->¸ÏÙÒƒ?ünÿ…²ÉÀÃ;5ïHTæð«&‰ByÛô„òøµî)éÿÊ[¨-endstream -endobj -1037 0 obj << -/Type /Page -/Contents 1038 0 R -/Resources 1036 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 1035 0 R -/Annots [ 1040 0 R 1041 0 R 1044 0 R ] ->> endobj -1040 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [87.6538 396.2754 137.7628 408.335] -/Subtype /Link -/A << /S /GoTo /D (tsig) >> ->> endobj -1041 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [396.1961 286.7149 464.8681 298.7746] -/Subtype /Link -/A << /S /GoTo /D (zone_transfers) >> ->> endobj -1044 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [432.8521 109.336 481.8988 121.3956] -/Subtype /Link -/A << /S /GoTo /D (DNSSEC) >> ->> endobj -1039 0 obj << -/D [1037 0 R /XYZ 56.6929 794.5015 null] ->> endobj -422 0 obj << -/D [1037 0 R /XYZ 56.6929 270.2232 null] ->> endobj -1042 0 obj << -/D [1037 0 R /XYZ 56.6929 241.4762 null] ->> endobj -426 0 obj << -/D [1037 0 R /XYZ 56.6929 160.4328 null] ->> endobj -1043 0 obj << -/D [1037 0 R /XYZ 56.6929 128.8764 null] ->> endobj -1036 0 obj << -/Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F57 624 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1047 0 obj << -/Length 3050 -/Filter /FlateDecode ->> -stream -xÚ­Z[oë6~ϯ0úR8Ö‘x‘Hô)msÚÛ´{šîÛŠLÇ‘%×’“fýï;ÃÊ’#×)ZøAˆÃá77ÊÉ,†_23:Š¥U³ÌªHljž›‹xöc_]$¿»xû.3ÙT¤³»Õ€—‰bc’ÙÝò§ù__}wýþr!tmiî²ÙôËÔùƽA‰A5Yd2¡g‹$‰¬ÖÂËúsËüÁ¯gºÝ]&fÞtMÑTÜ•WÍ®ì֛Ю—DÐÊ@Üç­[¤Šž#>®…Ýä]ÙÔ4æe¾I»b™wyÔB/ß -ºi$V^Z„§H«qÏK÷D¯ÿ0P8"s—o6ùŽøélpNÀNhÄmž8¤ÌëêÊ«JêȤúHSE•·-ÍþŸŸ‡q²ÃMÞëEQ• G?Ï?òårçÚöƒŸñ¡‚c¤þßéñÙ˜›p[:ºESWÏ4ýÙµšÝ‡º¾­#›eéx^MÍåùŒæFQ4µÖ›Ú}èíàhîB%‘Q2¿òûg' L$U¬çð¥X‹º<@¯Gímþà&,ø'}Bš%›¹_þ%'`“ÈD½ô2Næe‹O‡šÛæÉíVûŠ:kÜv¯\ÞíÉ„h-È­c¥Žn3çÊucÞ;£u»G·£Þ¼nŸˆî'~yûµÝ»Ý3ŸŠL||BËr…2­‰Vwˆ™ªùÒm]½ô¾ ›¨t|>­$4í:òö#L‚“j1¿éƃÛ|וžÊwí¾u¤ WÍŽˆrNÚ/×n«’yÑV°Ïuûm;e¦OàËš=e?’GE¯Ôfæ{†ÍÀIë Çöxf"­g{žú%b„‚ ¥Ï|½L"@µÊ•”$þÈ —”GF’OÅRABçßnó‚û)@=•UESîy¬u®&êþy´N»¿MŽWb§¨¬ž_1^0ž¦öØc–d’&#烻ÀFŽ3¼ƒð& rEceÇ“Ú†L7€í›ïùep}]Zzsĺ †;òûBgQ"d0JöžÇ©‹4*Jc™ÎT¦ ¿’â5É‹ˆ¬1f:uYôC–>/É'Mi+ÔaåÞa ©uq¹ßß&dÏñŒJ$QœÂ!„ô±gÔi”eI@~³:œŽ'ÀŸ¶‰Y–ƆߣÅ"‚„ÌLal*'“r½4HÑÜ "ØP0@Âc ‰Aœ¥›Ÿ:vô`ÃÆ ° F÷+Ÿ›ŒdJT©l‚úÿ:ؘãbÈr -lQ¥ƒ…ÿk)ê,ûûdì9ž‘üadðôFBžÂZøµÉkápr¬¶ ŽùLmâo‰Ìkµ'#%cñ‡Ú`*¥õŸÑžÁWDï‰ò°ÑªåÍuùÇ©ts!-  l”Áœ¨Aa«©V~OëKGŸXQQ÷X.Ñ R9Ï9?Û¸b×e»¥X’-zBGÚŸ3 ¶®rEè }>bÅܧv $~*g)È(,I{Fêž…XBH§Tvw¾¢™@/T &„,c³4èGd ¨!Çê -IJ’D·/Ž°ÆK » ]n;~qE:Þ0Ç` žU_â%_ý¤Á²ÞnXÔÑ.Ê•±ö¥ ”özÞø5—˜Íû択ÝdébMd`ôL&ª"ôÍG‰hK|K~¶åCí µ£®Ÿ…ÈR>³ƒŽ>óz ,ê`uï†SÚ¦zDøÅêÃf‡3ˆé2 ‰N#‘óÏCé ‰›±*«ŒJ4aý=uxø û8Ôúú»êžò°£Ë7A ‚¿ƒ0ö¢Æ¥)a믪¨9÷<ô‚»|Ø‚ç$;ÔûfêêÄ»aÄ—û-ÇZ—ïÝÀÆT 6°«ó -é£{ ìû8>¸Äm¸ áj–Êf_‚5#U¸P6Õ·ÆKõm^û»:É·x2˜tlù~ -A@–õaâÀU%Z L&òxÈ¥˜À8òæ`*û`*é4à Ù×’¨`k~Þ”(Ú@–‰óî@÷‰X/‡?Âï¶9P -é„8ºDÉ·[Y¬ 1¨§µWPWHP‡.¼–)}}‹3a/H™à o ”Îæÿî™á…^˜°èmÁyµwD–ÌÜÞ›Á…Âñ¼z -°'Î -@•ÚóÇ câ²LXÅb©p’Öçô¤'¢¸o%æW7#Ù\aÊœ–Ó$Öù£± †ß*Ïå%^~wz» -¡îIíËûÒ³‘exMÊ×ã-G°—‡—å$2[µÏ—÷®pKWÜ×ø‹?âÚ®ÁLï|/TuJ¼Ê0ãäEºÀñPš35ˆÿºÔï|Px8§<\rbƒ/Ø‘.8a×2ŠÒãøxø"ýIHö?~sžü2ýö-M¹óƇT»nöÕ’h®ÙÄ/*ž¼©U»î©Ù}l£?÷Y;‰#ÿ{køûîïýggØ›w8’îû_Aacw¸PIù eYp£k¦„I€asRZæ‹.?l¿^¦œj;ü1€×\±xkbF^û`G0¸c¡Âjö«=}&|Ãwí˜ÿxÛµuíÉOì •$C´Lý-„ÿ¥™øMÜvÿËÙ9üŸIe‘4FLÿGÆA -ð—,îJgÇ’÷ÿíy)úÿÓ±µendstream -endobj -1046 0 obj << -/Type /Page -/Contents 1047 0 R -/Resources 1045 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 1035 0 R ->> endobj -1048 0 obj << -/D [1046 0 R /XYZ 85.0394 794.5015 null] ->> endobj -430 0 obj << -/D [1046 0 R /XYZ 85.0394 728.7887 null] ->> endobj -1027 0 obj << -/D [1046 0 R /XYZ 85.0394 703.8893 null] ->> endobj -434 0 obj << -/D [1046 0 R /XYZ 85.0394 574.0702 null] ->> endobj -1049 0 obj << -/D [1046 0 R /XYZ 85.0394 543.3965 null] ->> endobj -1045 0 obj << -/Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F57 624 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1052 0 obj << -/Length 1252 -/Filter /FlateDecode ->> -stream -xÚ­XKoÛ8¾ûW9Ù ˆ)Qô”flŠMÚu½§naÈ’œÕÃ)'nœÿ¾”H=-%jø`’ÎÌ÷qfø€ŠÆPÁ&0ä(–c¬A¬xÑDSnù·Ë ”2j)¤6¥>.'§&Rà˜ÈT–›†.h¶ •¥ÿmjf\ƒ6=ÿ|squùïâlfÓåÕç›™Š°6½¸ú{.Z—‹³ëë³ÅL…6†Óó¿Î¾,ç ñÉ”:>^Ýü)Fñ7 t1¿˜/æ7çóÙ÷å§É|Yaiâ…šžù9ùö]S|ûÓDºccåžw4)ÑÄÀ:À†®—#áäëäŸJaãk1µ—?¨¤s®Ž ÄVƒ@ˆl` {‡`êH/dûm0SMM›F.eAú!ÇÄ«cTmH(…N‚7Ú†Jb.»!ð×'bŽªc`›·§>õ„ÍÜÒ5£ݑྲ&¬œˆþc!Þ«êôTˆ\»Ì»M7 Eà I3*:qÂJ¼\2ðEg½ÿìNݦÁŽ$™œ”»ú˜)”¨-Òz¼ÿ Z]”zËáE°É¨4š^–R²“]¤;âÉKÄII Z¯oR[—ÀŸõãKšìˆ/¹¥?”¥Äc%KõÊ$›_2.€—DbàW}^•ö¼$f.‰I|+5Æ¡\ƒm¶‰Wö\Ï (%ë2ï:€·°ØŠÒÜ›Vè ضå´Cçµ)P®D#:úG§Àé…”jÎ&7nX<—-½*sHç¥K+‰-êÐWæ² âë/+\êF‘› -}­ÔÏ—¨c½CTÞZÅn”ÑäRÚâKJ OÍ×֚̉öAFoè–,GîHÌÚ",[·6Izï¦~kÌÂàÖe<ŽÕ:F¸e(Z‚\ Ë2ÛÔòüOîUžïd³o§¦ïóȦ«"yW!¡Ò«§¦ÆÎú e?³ }/],ucº)I{•º&Îlëóhx³oBºMx -¶‘Š/+ñe•fe>ÆB–Êå*W©ÿ&ì4é[b²]åêdAIRV ×^ž!/[a-&=õÂäŠ÷CÍŠÖ±ƇK¹“4èÆnG‡OÜ0ÛÊØ/Ú«d˪2ÞKCoŽìºJÒUœa{qƒß•É£ -×÷®Áo0ùcDÏ+„VÝ^ÞüæQ?ñ+nÛ¨zÎ0ôÆY60l®D:•ãÃö‘çåãȱëÿQví}endstream -endobj -1051 0 obj << -/Type /Page -/Contents 1052 0 R -/Resources 1050 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 1035 0 R ->> endobj -1053 0 obj << -/D [1051 0 R /XYZ 56.6929 794.5015 null] ->> endobj -438 0 obj << -/D [1051 0 R /XYZ 56.6929 516.9892 null] ->> endobj 965 0 obj << -/D [1051 0 R /XYZ 56.6929 489.6463 null] ->> endobj -1050 0 obj << -/Font << /F62 634 0 R /F57 624 0 R /F42 597 0 R /F43 600 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1056 0 obj << -/Length 2937 +/Length 3270 /Filter /FlateDecode >> stream -xÚ¥ÙrÛ8òÝ_¡GºjÅ€Á£ò”ÃÎzj㙵=/;3•‚EÊâEjEÊŠ§jÿ}ûEÉtŽM¥\h6º@£O(ÑLÁ¿h–ÙP™<ž¥yZÙÙb}¦f0÷á,š¹'š©ÞÞ½ºLô,óD'³»åHVª,‹fwÅoÁ»¿¿ùåîâæ|®­ -’ð|n¼½º~Ϙœ‡w?__^}øõæÍywW?_3úæâòâæâúÝÅù<ÊlüZ$¼Àpyõ †>ܼùøñÍÍùw?]Ü gŸ7RòŸ³ßþP³ŽýÓ™ -MžÙÙ>T幞­ÏbkBã1õÙíÙ?£YbÒŸ5Yh3N(Ц#FQæ:5³Ôæab´! ®w÷®+Ïç‰RA×o«æá×x:XbEan­&òuÕÌ·år[v«y_­…­Ù­ïËí—ØÜçïc‹F«õÛ§ï_ë{™vu_Í×®ë=ÙSÙ}j·Ÿšö ûû³|šÕ¶\ôíö‰é6®_}jܺd†¹ÎÃ,KsL˜G*&¾ÿÒä«ËXφM,Qxœ†*±¡9êlSØ¿Ú¦dÓ»í]_®Ë¦çÏ÷åïJé¦ê«¶aŒk -~íÜC9,t0XGƒ)ÄQ¢¥é8 V®c¤ãÁ[!‹vóÄTí’1½žËSËv{2'æ‚2É€h_Õ5£îýÔ}]NùBßòýo¶çQ´U!ávýªÝV`€Õ£G5ݾÜvüÁû êÃS›±* u}¬Ý»1´ ©Œ ²@ù]F /1*Ì’ì«F`Ò0ɵ%Åuµ{,¿joÎçFY!0‘ÛBdÕñèx  (7uµpL‰F0š÷–â…@úŠÓ„¬ì¹ÛëHCâÔ² fí&v 'Ê•J„®®º^6¼)D€)¦£˜È–‘ƒŒÆuËÇÀ¯(¸ú…±®(Ýue' Kaðö0ûIǼýÊõŒfCÇyÖ"‚‹¶éÝ¢a`Ħ½Û€× }–‘v ˆe)ï0,¯TqWçQ°.V BeMñØKs ®îZ†Èá@<¦…nj[´n -ëÃÂxð4î‡ð¸Vû0¹Þ>1AQ.$­¿¡è8è·à‰ËÁ *'QäÀ€^²G¯¿i·=ã­‘õ›©,GÚ0CÐê^ãF  ÉZ!´Ð‘DB¬\óPŒ¤¨€€Ã„Óåϓ Ѽ–OT~†8Ð&'Tæ3º‰ ,»lÌD±l&Äx"ÇÍIŽÌthtNK´ ŽI7%QÎ}Ȧ]G‡Gª¥þga”Õ¦xÍøÈä±ÎÌTð*X¸7§o¤ÂèK£gœ`Ñ´ãBè^È -"í«~5uÏ’EÁÝíÕ† –Ám¥JWKF9Ðçë’a:5ìü -Ð^ÌJo˜†wÀqøç ä¿ŸÌ<{H.=ŠÑÅ( ¥Vì 1~#ïa¹’S(ҒæCâ”g[$?Ñ’Í{«[ð‚Y瘼Kå‡=hE†‚8ÇŸCN”\tï¶=ú­ÂjÌs-¸€¢EÇÜ‹v q¥à½kp¿ªYˆŒªg†v‰êš¸k¸Ÿ²@i&9ì aÜÑ|·á/Öe]A­ ¡QX ©Á\ñË{Š€4Ag€ñ$ì«¢_…SZ»nûÒ3Fn„$¨ æõ ìÏü®¬ªš?€“Ê´±Ú5âQ…ŸYz¦v×ÁÞ:½qMœ“½ /–;ìd¹×´~`@m#Ç»Œ· ;k캒'ø½LÔ`£5ã úKpƒ%«r-,¨‘‰K†ô1XÀ”B(#Ùà’2,& Ïn½©K4“<£»¤ÏŒzÈr©ÑNs—G%Ž¶6Ì èâ2@–%óËÜ‘Jì:'Õ„Æ"ÙøÚg]=¬Pu dŸÚ¡5›$—+N2_ -“9çTÄW ):aý&• ¼€¼>¶§Òy -…³Ò“ ò™¨Jƒî ¼}ÝñÇ}¹’j5 À”ž„¤n÷µÀՒǧvÇÀf×3=t•ŒQàÛÑr·¹)G… ÷PK³­6Fj·£( -Bïß“­Æ¸†ÿ±¾`Ôj$&T‘I¿G¦gy±ÙHÀm¥×0Z‡qžK¯Ñïî¿¥ÕÐPº-@ÆÀqª9üŠéƒR®6œšâ!„ˆŒ”†r0éE¹é™P*rÍ1ÇQÎçl¸¶A+aúɼ}‹éÄ yFN_±äÞ|ÝŽPÕÖÇâ5ÖP _È]Í-ëF,uðîÓ°Ü´ý±ŽzH3L_ðÄÆmE´í÷ÀûëÛ×¢éU)*9”ê¡ËÒõ»1~(·Ç5H¦7Ï ÍVï°;¡ -s2K³Lo ZoŠ0®ÄøãwH&ìˆ8…u(ÊÁ4Ij£’b`‰ËC¥U¤ÉóS¾ÎNOÛ]dàãž:»MÂØ Ý7 -+BH†Ë _·y˜¦6R¬Ýµ†ÞŸKônÌ=ÈN*Y—S¦F•ÄÇG:);±Ä”öMGx¯{ÆÀvÐv[2ªŽâB$Å$ÌËû;°äŒèvlã:Fríj}T@ÌK¯“(@+ëi3ð±w÷ÙŠ®Fˊů2ÜNûظqoœhöÊ$òòdž…ß>(·ë]Q/7wP“A›øyèÂÉC¿_bg@¼XUµØCÃsœÅ­/”Mìc”…£ÈÂôºtäB‰õ©µÏô'™³]KpX8nr1zƒ“"Ýîê‚ãÉCé£j˜PÔE -¿oòBáÉEâ|õ…‡虇–àq[½ô-x.ì‰}ž>ÓgoüCã®3ò]g -uà|2/úVTûß#𤮈l5Ê$CâóÅÁRÐÙ›mõÈoµÚ4?Û?yf× ¢n.ßEy6Ùá2.‘Ç_BŸÀ+ÃñÔË¡!öXºªŽ‘Ò°Ÿv›¾›ät©°j渉ºMIrÛ›j©sD]¦Iä2MêŸgøò¤DÔ7å¶q5cEÏfôàJÌòÆ#ÕñpåàAí›áÖeó²Ÿ# ?÷H€™àË?þŒlžbmB­èÈ tEšƒ<ým\ ?¯þð/ñ‡ÿ¦C‹•ezhÖŽÂÜ·7œpfiÖÅúêñæ‹7ZL2–i¡'«-ËkùäqùóT3ÁnB2ýúÇwoî¿ýÇÃë[£¦÷?¾»‰4™¾¹ÿá¡o^¿}ûúávÆmʧ_÷úýãÝNi¢ñÕý»op$ÃÇ¢woîîÞ}}wûëã÷7wñ,ÝóòDºƒüvóó¯Éd Çþþ&a2³éä^ƳLL¶7*•,UR†‘Í͇›Ÿ"Áά_:*?ž0!AVçT²#@ËYšeéĤÓRH/À²½I#¦õS±ß—Ë¢Á×v]¸³…îÁŒÎ4lë–Ö»¶¬+Zo6õó¬ªÛru¤•Ý½áθÖaeÓæm±-ªä®M:½'&J"VW›#BÛ"¯Êêãê°qï|ºª÷´>šMþT ø¯º*½;Ž—ÉŒ›„e^Dœ³,M²±+å/I"Šå+¼Xwl,‹U~Ø´øâØò³5>wû[n§õ¢hh‚Žíá-Œæ šÁ“8h…‹¶ø–ãÃñüwBÝæM[좱3µâÌp®'†&S•]PDšu±P FÍ(`9Iàíýv(öÇáÞœ –H•]ßçû¥;òÐâ g6tî*#k„“žÅÍŒíëÜâ´Œ§e´8Oç^¢ÅÁ‹×^x6‡ùÖûr€¿9Vù¶\Ћ€ày›Á2ŸHycr.ÚŠAÐrñÆ{KZ’ +Œc¨ŽÏÈ×Ò3Sˆ"ƒ[–½äf&¹™>†™ŽÃö*åCFj»1MhÈb°ù7äx‰ Uñ%‚ÿ‹Í’A¡Ö¼BòA¦Ž!H,bíÒ >QB8»ÂTb†²&c–‹´/œp|´ge¦Ï¥wÊ¢`dWìÒ¶X’ {¼Í ÏEœ¢Êç‹[Ü,P~…ÈÞ«…»/§Œ3žŠ~î2ªÜpÄ•}/C¢Í«cì—/ŠÖ•NPO}@¶ÐaÈdú”oÞ\ƒìYW#¬s™A´ö]±qu`8.\Ó]Á´V¦O¶s¼1ª ž„J¥¤#šÈóˆ/‹úP6S°<,H9$É8ƒî)G .ý•»t0²²Z¸»Í‚e€ A7;ÈŸÊy¹)Û#"x'ï¢FÀ`¾ ¢à¤|Ú"kÖõa³D˜·Hå¹l׃É&qa ±Ä*æZ„>â±½¿ÀäÈOY&µñ3ð¤ +O GݽƸÃáhî+;y{Ï Ô>s$ª?gbì3q¿íﻺ) žö„<‰p· *2Vp”KV ÐÁýÂÈý{Ê—K’5¥“sHª—4·8U‰paÛꦥm›/>5_Rr[Ã$¡|¯3IͬԾ¾Ç¹ýÇ HÐg]üó@tFÕÇ¡bárydJ´!+ +ê¶Të>/g±0b½À‚ dŸ:ëó€ªïJâº+ïeÑæåærB® °¦¢þÕ4¡‹u9MˆX'Oú¤gͱÝm0Jõ2*”s‡ˆ5ÂD/CP «úLק0\ÿñe‰Q#­go—ÿ‡ÞRGŸÓW’Ú²Deüºõv±.[oÄò}Ç dëzs–^ð„»8óÂÖkdïžáB(WY:ؼg¸R`›Ò7!ªW4qJ§.%’BPê@Ì÷„ jËAØõpD ïÚ|êÀK§Õáö$ +Ÿ% +¬mÝqPožŠÀ.ÖMŠÙL«¾òa¯“s>%¥úérsÑåÅYÞp©nìê㜰OuÂ2DŠ¶¦ý/ièyE$Á”IBIT]6z÷ý*”xçæ +ÑYƒ[6NKMbã÷8YË-¨ X÷®NZålñ||j2E Ž¯KœO‰‹|‚A&võÞ÷A¤š=¡œáQ#Lrô‹›ç0zjÝÁKçZ|-tÄá9G}_ +‡°ß|Ì)¨þ¸K|PhN±‹jVW#'ŸEÜž¡Ï '&©ý ÒJ2mƒ³kóOXƒs>q|ƒ•¬“¨+øRŽR<Ó+Ð-ðyú.ªëêšae`j¹@¢Æ2‹ß+_ú*¦ÿü9‹g]’Þéôø“‚;%Ô§1V¶•†L¦ÂÕò/d2P|‰IH +·ÞcÒ{À—MpZ‚6â.)º?”ÝA¨tÑ^±‹:8]¥‡­«ž±…0Ìü8ˆ€g¥.J؃nóAP¥¯œNˆÙïÅh{BNåÐ)_îz9Özx ¾¯ÜmF­3aeŸcA‚YÓ­˜/ùt+RúM([‹ßó-pñjÄŽfpó©³db›Øñm)êSAÉ ³½VÜ°(¬Dá9’;Õ£ö7®Y2Eäàí ®¯µù`' ¦ õ8ñ ßíJšI0Xå[Š~F±¶”áRaÄ_ª í-úÀèßN™¾Ž¹%(§& %Þm<³ÿˆ¹¢o‘ÕšuÿSëP¬Û|±.«"t~Hi RL]°‹ü’b“´Ç´ô”rŽ}€íËÔVÓ°ÿ•ì5ÞKϤ‚Ë趺ÎM0ÌÄöä6X,ÿq?âéêõãx¦Ÿ±D«³3ΞôX;2Y.U¯* ê‚Šƒ6Û%Ú¡ò¿ÇPáü*é{:)bÀHÈ/žP×Üò)~úìЊ²t¥õú;²„Ñö£'3êkŒzÝE½}ï[tã?Ô¡—‹÷ïŸô˜*ýÓ50νLÒ¿†Ïê{Öxé&f%všÓDL‚z;eoü‘Â…4ÁƒüÑa £ùŸÀ‘à¬Cñ<þr“1V÷½˜#÷“*¥ñ_Åa$xC@a"áYÃK B +…¹9!úÓî½ôH§Rÿe›ƒØôlÎy®Éœ^ •À¯ÎnÝ Ío]T&,Ùå{×ïÇJJgL‰SgmêÅ'ïf%}—îÃ2¶¬7„¢1ãkß¿KÒRi¨Y”–…Ä[цk"Wï +`­^›#ˆk‹ð:':EE?Uøõû{Â<ì¼ó¼ð³@™2÷[¾‘êþ“{øÓ?<ýžR&ݲÑ2]Ë”"Ä”“¾ÒçM úmá9ëÿòp‰endstream endobj -1055 0 obj << +964 0 obj << /Type /Page -/Contents 1056 0 R -/Resources 1054 0 R +/Contents 965 0 R +/Resources 963 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1035 0 R +/Parent 947 0 R +/Annots [ 967 0 R ] >> endobj -1057 0 obj << -/D [1055 0 R /XYZ 85.0394 794.5015 null] ->> endobj -442 0 obj << -/D [1055 0 R /XYZ 85.0394 636.8504 null] ->> endobj -1058 0 obj << -/D [1055 0 R /XYZ 85.0394 606.7365 null] ->> endobj -446 0 obj << -/D [1055 0 R /XYZ 85.0394 606.7365 null] ->> endobj -1059 0 obj << -/D [1055 0 R /XYZ 85.0394 582.3251 null] ->> endobj -1060 0 obj << -/D [1055 0 R /XYZ 85.0394 582.3251 null] ->> endobj -1061 0 obj << -/D [1055 0 R /XYZ 85.0394 570.37 null] ->> endobj -1054 0 obj << -/Font << /F62 634 0 R /F57 624 0 R /F42 597 0 R /F43 600 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1064 0 obj << -/Length 3269 -/Filter /FlateDecode ->> -stream -xÚ­ZKsã6¾ûWèºj„àE¨=93ž§2vÖvj·6É–(‹Y‰TDÊŽòë· R|IrvR.ÁFh4¾~bf¬´“ÈjrNfë >y†¾OÂóLk¦i›ë»Ç‹o?9±Ìi&‹Ö\1ãq,&óŸÃ$»„xðþîöãͧŸî¯.#<ÞÜÝ^Neȃ7?\SëÓýÕ—/W÷—S‡"xÿùêÇÇë{ê2~Žïnn?ÅÒãȤ÷ׯï¯oß__þúøýÅõc³—ö~W¸‘ß/~þ•Oæ°íï/8S6'¯ð™°VNÖ:T,ÔJÕ”ÕÅÃÅ?› [½nè˜þ´TÌÈPM¦BÆCyb]ZƒÃº¾)„ea(¢ÞºÓv"8ŠÑ1Ó8ëC £Ö¡XÉlM¢Ð2£`a<“E±}M¶sÔÍ·µjqGS -Η;¾+Pfă_¤Ô4äRÄÁœˆyŠô–•ôLèñšì©Qôœù/œËç›"%bkÎ,&Z‘w&Ú¤®:/ÖI–£À ÚTfÃP:Ÿ’2+Ö*—vÔ%(£ ÚoÒ‘âck•W­Lº“E¶Y’Óä ˜ -wæVHF¦7ãÚÚ³ÓO%rZ!ºêIòù·Åvd^z‰bÕ7Ý–#S‡š)!e_;ïÀ$¹ ^—Ùl ò‡ÐÌV+l‰ ÙlV{""ðùû.Ýf—"HËš¹Zú#Z¢ó°¡j–;Ô'à8[ÐjûbG„×Ä3 -PeW¦µD™圉£ ¢zý0§wv¡£«öÙ2ÉŸQYJz­)'°L^2§t ;•ÕwËàyU<%«10¨c!Î:eY fÝÑMý yµL*Z1+ñxC5„# a04=…qaë06]8Ñ©ã@F °¹"_íîˆl -x_²YJ”ÀGâ{Ÿv~:è7 -¢ÐéÔŽ)%¸1`•éç¤#ñÏ2­¨AZ™x(ˆâ!Áƒž…?Ulx_]É&ýg³qk¶‡Ïw?ýðaLÛ»G -àO>¨ã*Y? X¥É‚Zîœa´ƒìžÊσÚjàVu¹¶D„œÐiàóaÓ;ªŸÏ\»tC¨ !—¶¦~oS_¾ù»õÁ[²––M—88žÃ=̹‹ñ¨w±óÿªPÊÆ&íÒb!ÚBƒ‹!AÒ£æ´QLðX7ÞMݬi(^´nîÕ°¼œ -e®‹$#`àx1À¸ê) Kpû¦¤6Åcl­ñÞ”âc6KïOžaQ¬VÅ+bÂQ}oBk™)Æò~5³zU4?l´‚7º0^í¡)(:lÑCãpÃ*Õ.]fSGwæ³\ÖuôM^¥Û<K5uÄbɣÄâ¡ -" w¯ÖÏšò Ü­Ó9£¢Õ{Œ7ý³bë¬jý^ð’”¾oüV{Hx+¼Ë˜%¥wÎIÄ€ï$ëÊ·»ehò°VÍ2-³âH±Ç­ª drJjJá‰x™S“ -}h$¹çÁø¸öî ˜û¸ŠÌ±7Nß¾Ü<~ã§ü‘:~sÚ@ ÞúB–}Su °Œ-Jv!Ä.“V†1³ÖêÞÉ´Es牢Ä™—d›®¢G@îK¨õKê™'Uò„ŠÆ”œCž¾ÃÛ.7Üs€4[ê…Êö±ÛÔì›m†Ðò3»tÇ”=‹Üe‚‚ )ÿM÷¯Å¡j> hKŸÆ,@ƒãöµOHªX­îó"߯{#,0_¦ûñD]åuzªÜÁa‚iú’®Š ݃a[ žï?_Ý=€=¡A«Ø-Ô®ni]ˆU1+VÔ5k…uš)'V² ¬³9¸‹ˆ£‡QIý‡"3ôà3mGWDÀ{Ö±Kcoaݺ˜ò¬p¨ðý!¯Uë69f@’©(6mb#—/S!CÇÆ@ôÂ;äXµ»òŽÝo$º;\Uu¾h@".À'J-!–@ý‚㙦m®ãq¦ár)ºü)œ?^Tôàn…ïxrõ†kdùrqxÑÜYþ!M{~qž–³mæ/¡¼Cª×FŒK]ŸUý«Rpªù@×Òí}Ê8dëö¨sû<¡Æ};°×ügv<œ—¶<;lñ Ó}‘Tˆ€–gœ É5˜ éƒ× t€‘@:bΠ£æ:(/÷GÀ!!¹Ó­ãàð\#«wÁ*Œê.ÿw¢£ÙD®‡Â +êìó$8<ÿ™ç};8´e‘ò´ê%~¨•Ö¼"LÄôñò8:®ƒb«-‹t;ˆäà¡þnÏ<HÍ5"@ èNM_‚¿ í}ô7¦ó­e€´Ã(Ô¶³ÕiøÏlz8ïÛ1b ˜P0ÛIí7\ç̆‚°cÑJ„œA!y&Zµ¹N ®æ:œÔnIA:tHp¨ÜèÓ«7\#Ëwñ&ðÎ)ê®ÿФ˜ -ñ¸þ> -%D°,ÊÊS“æC8¾ÔE2¹« –»§µKc ýa9w6#†·D¥M–D¥Ô¨k¨Rßö— -`覮  nª6ŽeÿZ¡¾Ü4¶ùšïD÷yšûïù‡%|ÈæÝ{wSd·KwIeƒÛ¢J‰ê±x¥þ@?Ì]˜hω^ÿ€Ì¤0ðÑe…[tðuóãèMÐ|î?»ö*¯,/Ó™¿qûGý gˆˆÌ‘ŒÑIÌ°è> endobj -1068 0 obj << +967 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [284.2769 238.6772 352.9489 250.7369] -/Subtype /Link -/A << /S /GoTo /D (access_control) >> ->> endobj -1069 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [282.0654 208.0269 350.7374 220.0865] -/Subtype /Link -/A << /S /GoTo /D (access_control) >> ->> endobj -1070 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [299.7586 177.3766 368.4306 189.4362] -/Subtype /Link -/A << /S /GoTo /D (access_control) >> ->> endobj -1071 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [184.7318 124.0912 233.4785 134.8756] +/Rect [369.8158 503.0308 418.5625 515.0904] /Subtype /Link /A << /S /GoTo /D (dynamic_update_security) >> >> endobj -1072 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [330.7921 92.1656 399.4641 104.2252] -/Subtype /Link -/A << /S /GoTo /D (dynamic_update_policies) >> +966 0 obj << +/D [964 0 R /XYZ 56.6929 794.5015 null] >> endobj -1073 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [401.5962 61.5153 470.2682 73.5749] -/Subtype /Link -/A << /S /GoTo /D (access_control) >> +362 0 obj << +/D [964 0 R /XYZ 56.6929 337.0807 null] >> endobj -1065 0 obj << -/D [1063 0 R /XYZ 56.6929 794.5015 null] +968 0 obj << +/D [964 0 R /XYZ 56.6929 314.1315 null] >> endobj -450 0 obj << -/D [1063 0 R /XYZ 56.6929 446.1352 null] ->> endobj -1066 0 obj << -/D [1063 0 R /XYZ 56.6929 419.8946 null] ->> endobj -454 0 obj << -/D [1063 0 R /XYZ 56.6929 296.3851 null] ->> endobj -1067 0 obj << -/D [1063 0 R /XYZ 56.6929 270.5629 null] ->> endobj -1062 0 obj << -/Font << /F62 634 0 R /F57 624 0 R /F43 600 0 R /F42 597 0 R >> +963 0 obj << +/Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F58 627 0 R /F57 624 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1076 0 obj << -/Length 3397 +972 0 obj << +/Length 2358 /Filter /FlateDecode >> stream -xÚµ]oã6ò=¿"èË9@ÍŠ%R¸§ínÒKqÍö’w‡¶Š-'jdɵäÍú~ýÍpHZ_–Z´E˜93ä|Kü2€?~©#„‰¼T‰dQÀ£ËÕö"¸|†¹o.¸ÅY:¤eëëÇ‹¯nbq™°$ñå㦵—fÖüòqýãâý?Þ}ÿx}µQ°ˆÙÕ2ŠƒÅ×·w’ÐÏûw7·ßüpÿîJÉÅãíÇ;ß_ß\ß_ß½¿¾ZrqX/ìgÜÜþóšFßÜ¿ûî»w÷W??~{qýèeiË˃ùõâÇŸƒË5ˆýíEÀÂDG—oð0ž$âr{!£E2 ¤¸x¸ø—ß°5k–ŽŸŒ4‹„Œ/—€,%ÆO9`A§¶T’3‘ÈП²=e‡…§œuµ,«&ßûóP"¿lo; î±F¨‡-ê–Mú™€Fƒp]¶oÒÜR^W[KrYµe¨ôþG )»öFþÃxZ˜Uðd¿ªìºk3°쪲vx-÷¿&ÈÆ€ª-=‘ˆ0(³æ­Ú¿š¬D“Š!ødðð)ÝçžÕª2;­Así^•‘$èZ9H£™Ç]fUøÖM+ŽYÀ¹sVö‘8#XnÑ¢Ëè©~ß0F"·b\œÝc“æÅ!Q1á-wzžu<éОºH!ÜŽ$S!¦Xçoé¾#é™'ÎÏ™~AOÅɌ鷰&Lßa!ÅuÚ¤Oi ì^H¦!­ž¦ì±FHwî+sÑ¥ý€ÑÌDéL8LŒòˆŒ38ñHóAŸ,–õÒzcD©›jOÊî7–K`7417pöƒkNK6UQToF ‡1D״ϳóÁåË^³ã›µK "ù;ü-Á˜vä(s%ídJ?&hdÎÞ^òJºÊ–ë¬È·¹]ªŽ -¥r ’&ÐMíÝ>=^ÖYÙäK›[Z¾;ÎÂ$Dh‰²6ƒÓE0\ä— ïE˜I¸pPžêìסgÏ¥Å#ùéa—ÖæŽÍDáù°…Õ4;vú)s~ƒSäñÍoJ?o©Ò> [Y§Põɲw§Ž¨fa¨mÜCÉ[¾œ/‰tÛáBÆç&¾Ø?5_Œ—/ZûòåKÜ/t•/ìœü ¢aMã2µ5 R,—Ûl[íôH‡°^>)d =:N­`¦ÞQ6r‹Ž´*st u2Z”¨eu/koÒW{Fûì–"oñÑæ…¡„ðV(¼…'MÁ‰]U×ùS‘ÑT¾!($¬9æiAð¶?‘‹õ>·¥L½`80à§,+ Väå+Åd‰jRÔú+iKl -˜ÌÕvTÅêt»+œ‚8¢'Ù3§s«â°vHi|W·rtUOÊ”c—§–ÙÈ–N€¶J?;aìlà‘ªšÏž6ÖùÀ㱌£Ìáwƒ°Ã%8U%¦éz¬°.Zc‹¤Cù!˱¼^íóÝéD«±B¢X ¤³®ÿä'Œ}«’ƶˆ" „OTGDšÜ?_Òà¾%¬ÇŸv¸/ »:‰…Í,3Þg \>ãQ2sêk†‘án“©„š+ µžÑ°Ö„†9,sCY‘=§(ý²ÂnQ_Õ¢2Ádš¾C¡ßQ´f±®é0ðèÚ*ÂôÙvJLãÊT¾»]AYzøú%/›VÌD<ª-äjK©ÕâÖv\L§Éî0Œàša,]ÒqÌê±°ÁY$.M«è·_\HÛv•aêhÙ€ -9wÈ’D÷šP6~¤>¨¦Öë¡w6¿½²˜6n…Ýþ=ú˜z*¸Ï+W°8 ¢åjaM(—Ã2…Hµ‡Œ~=L›9‹¨ü$a5B¹›6Ç,Š  é¦ÖgFv„‰N‚ÛØù”WB`« ”ÒñoR.ü¤m>@ “FuGj§»Œ¾ä¬jXÒh®\Ýcb5Ñ\¥[îÊ‹EU½š."ò]Ѥ«òÀù%œq,¢º=œ©µ…=ØMž.·þ\áp’RP˜|ΚÆ/)+¦eýFA³&c>]Œg±Ö®2t9ôÈ)˜î¼¯þªCaé§X[XžRVû-æ&rÇad«æ L(Á ,ÏÖg Œ 4Ös…cë¼x¬–àùŽ´ÿ507IÚ!î7ÿ5âÚ?P9ÀmR]Ȧö9v¥ ôŨN‘éÃc†YTOæ¬ÖU†åAbü*Næv¡qK\Û :ý`ƒQFJ¶âiR!4¢Ja”0uj´˜3ÇYzS‚ T¢Ö öà¬R›Õ!nQ=Ó ¾Gù¥:ì¡Ð¡!Äf$ašûFàúò•ev‘u10«0R=wk\'T6·ÿ¹¹g4y ˜ü@ ýäÏee;› Šß×E ßmŠÙ^VMÉ cD§)¾°ž“'LIƒv»¬´j? !GÞ¤I!X%¼ÝyC«²ÐŽUýRŽ6¤zÂ¥V†Ìx7À -cÛÍ{£IrÖp8‹ ~& §uÞpŽm- «P`òË?e{zaŸžHšb°ëü¹Lí·øbQ†º[þ7‡SWCPK?Ü=<\¿§1îaxÒ-Ã7ó.G`bGºf{7éÚ­;}ï…Oë¼~5oÙ¹;C&v®r¨ë&HÀÍñÄLzbúÌ÷èaÄð#ò‘‹‡ÛýùÃߪŸ>ä—ŠA-&ÎXJ3-å˜ÂSÖ…šEZ¨Öÿ¶Nœ¯endstream +xÚÍY_sÛÈ ÷§`Ÿ*u¢Íþ'7~òÙNª›Æñ9º‡ÎÝ=Ðq,‘Š(Ùçéô»X,)R¦ì¤Ng:ž1—X,À?`)qøQbWNG±ÓÌpa¢éê„G_`îÉ<£šiÔæúiròö½•‘cÎJMæ-Y ãI"¢Éì·ÁùßÏ®'—7Ñ4|`Ùpd,ü4¾º Š£Çù§«÷ã¿Þœ c=˜Œ?]ùæòýåÍåÕùåp$#`½ Ž,x?þÇ%>Üœ}üxv3ücòóÉ失¥m¯à + ùzòÛ<šÙ?Ÿp¦\b¢xáL8'£Õ‰6Š­TMYž|>ù¥ØšõKûügTÂL"ãjÕç@ã˜URyÎË X»ÁøúÞÂ(áƒß¹áÕ:›æ¿s.§érùHù<<·Ä7- X½ªˆº-‰zó~(ç4VÚ)šM‹Y=}Ne´„x,Œ‹j›¥³7ÈÓÀ´ÌZT´´,ÂN‹ìPå‡|9›¦›¡H3<pÌH挑ÞÊt6ó“YUùý`í¼- DT°ÕŠˆeámê" æåÅ´\­—Ù6°Ÿ]i¢Ú­×å&¸¤ãÍ`Ë¢|Èî³ FR 4{Þf‹ôÜ•ûe@ȃ©‰Uº +¼ HaÛEº¥ˆ¤­a[kÖð&LhKG}– é}Š#1(çDY§›m>Ý-ÁþüŠ-¿eMNÓ‚é²*‰ë6#J4ž£’pŽ÷a‘Oõú*£eÞH¿.Û ƒíü‰{ë­j>Ð4…èqDUNï²CWd)–jDhYö†(ôú%DÑ&ˆŽ^ÂçÃ"ƒd: ̲*§•A0† g‰[S€Ôó·(ðzOìãn¹Í!èp’¹†š39XŒäµQYŒà䈹ùƲX4Ìåz›—EÐΧ×+¨³«²戸küøgŠ±ÿ†D›¸%zäb¦´JºŠwôYÎÿ¢GZ<žÒèߧ}Çøt!%Ž„Tº#ì/’sñnv›¼{÷VÉÓþ\û)@ZIÜ€c Ær3ÈŠôv‰ÉuˆL >ýÔÄ(P}XTCŠQDñ‘‡Ђ!—`î0—`‘ö!ß.«¼øR+ÒÁ5šõqŽÀ‰)t¬A«ŽC©@’ŽÂ™à>á´h¤n8:Ð ™Yp2”¢¬ =½›pfM‹1¿þ¤©ÎÉio,.irÙÏ‘UaïD¤Rúâh•n§‹ìEhG·ôåÑdèä ¤X^¥wÙa†³Å±7‰ÂÓŸjÀX{ G zò„c‚e‘}GüŽçµÚ=!%K Þÿ×q€ct?ê@ʨWº’õXÝ ³‚;p€b‰’äìÙ„eÇ|öË.ÛÁg A¼×‡Ò0Y§úPÕ樖9 +zÂY™UÅ_·4qW”¼iQ=/÷-®Iéõë.«Ð˜¨±ñ=jPY\RRiAjÀœF^g@ÇÀõyyI£ªÜm¦YÁ£†½[3›E<²6Xe;x@3„20˜O- û*ßn)GÉ]8Ù-$È6¾¦™ÎQ#wéná‚bjsÆWgOî?†;¸ŠˆØß[œMâo¹Iæ’$é¿ÿŒ‰£¶HºÜ´Õ3B2s³ßÙ·¼Wÿìq*à¢u:Þ{•ŠìÀ™”&éVЯJSŸ«TÝ"+úã#Vм>VŸ1½J-ãç¢Cp¦µµÏ†G¬m¸RÓg +¨¹eŒÏ n “Ë1îŠõ&¿Ï—ÙŸÉ0²[éÆj¬Öm«'‹¾¼“GŽÇ5&¥÷e>ÝëÑn¶‘ƒUâ YÔ¦› ¸i_þH‹uNÔâŠYŸ‹ ƒ¤QÝ-­ßò˜X1ø¤†[uÂ0ð0< àü…­¤gèsî=pÉÄz¬·5VÁ&-ÉJC3éÚývŠË¡„‹q½¬­Ü¢ôA—ì· zh e>TÜc2¾Ü–xñÁѯ×Ä \ÀKŒVÝ,™œcNt­t@Ð8Áã AÏ-*¹ó8dê/JþJ +Ò¡%zº^/}¿…sõW-ð,è‚„Ã=°ûV _’¼|@Æ| „›Ï“~ÊJðû +¶Ë¾úà;V’Ù” $7°ÃXÔ.fÔŠÚYðºÄÂ6®=£ý÷ÕW§=¢«ø¶ÖçEY±`Ö +õ–Ò +}B„L–±{B¤¸4‰û‘ "b8@©ÝG‘¶äg`D$€î±£õ9Ë(âü‡Ì§¡¨êîk S5ÇÎ<<<Ð ©}çÖ´.]‚^(©û?¸+çó—Àb…«º­<ží~]Ðüÿ§Üüci¿ÇÒ°âXz´Ä +âÿùìRC=âúGfGÂ!Ô~lr´?“N2.$]y>—þ·nÝ @0ACúà×uâ +³! +~,¡‘ÿöƒúú]×$OɶÔ«úçO ½ªß¡.ìøÒ”Q|Á‚Ôó‘³*§˜5wø?#ú +v,=Z'üº˜ùßd‡ÆÒfû~èãM$¾úgÅ}¼ëP(‘ý¿bÛ•HGÊ0”…¾Öñ“Kýûcàj©þÎ?=endstream endobj -1075 0 obj << +971 0 obj << /Type /Page -/Contents 1076 0 R -/Resources 1074 0 R +/Contents 972 0 R +/Resources 970 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1084 0 R -/Annots [ 1078 0 R 1079 0 R 1080 0 R 1081 0 R 1082 0 R 1083 0 R ] +/Parent 947 0 R +>> endobj +973 0 obj << +/D [971 0 R /XYZ 85.0394 794.5015 null] +>> endobj +366 0 obj << +/D [971 0 R /XYZ 85.0394 518.4711 null] +>> endobj +974 0 obj << +/D [971 0 R /XYZ 85.0394 493.3754 null] +>> endobj +970 0 obj << +/Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F57 624 0 R /F84 797 0 R /F86 977 0 R >> +/XObject << /Im1 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +980 0 obj << +/Length 3477 +/Filter /FlateDecode +>> +stream +xÚÝZKsã6¾ûWø¹*ÂâE8NOÖ©';ã­Ôæq %ÊbD*"5Žóë·Ý HŠ’'»‡­Jé lÆ×4 ®%üÔu’ŠÔky+©’ëÅöJ^?Á·o¯ÓÌ#ѼOõÕÃÕßÞ¦úÚ ŸêôúaÕË éœº~Xþzº¼=z©±£[«ü°a‚²9Çb»kÙÕ1»PúE&²bÇí;–qÝè9Y¶Ø èÕyo(•HéeoØ£ºà #Êj›ÿ>ηwÞ–Ûb^V'®1‘"q—ù`š 6pT'©2C>îªGˆ`Ð|;½”úQ‘3`¤ÝìPU!àÀÏ›ºz +>I! ‹¥àT ´Í«ê¹-«C[p3! Kqžb¿-çªÌ¯*jvº·ü,T(-hqʈMÅu}Ø7´ÛÃá`/ÊíaK•OùæP GÖŽ§Í_z£ZiF3^DR±¶Ê\FRŸê<’:ªI$•ËÍ$’l&ÄP—9é¨&X¢I‹Ì+7äåˆ&Õ¡I Ѥ IPFMÅÿ]à½~Š¶ŽZC<¡:d©Y*A¡CPÏà‚:ƒK1¸Ô\ +|œÖÿ-¸ÒsØRGlýÿ g,¯}Z=ª ЊTçT}hO­T*”òê2+Õ/l¥°Y‘ÚgæÝ¡epa4Â^£ÒÞa +ª}S…õ €„­U ÖŠJ1–"L…R·½½€G‘cÃ.}@y8 KÿµV6³"qR}ªóê¨Î[«IHA°lý+¬tT¼ Í•ÆÈ3GH!e¤Ø+©Žö +ÊÁ^Áÿ„½‚ŽÁ^Ɉ-êì•$lÝ †ø Û+Ið +½X$ °Td`ņƒAþ6Ë-Œ„͹ °Õ€Eª­û2ßÌ;û—ù>c`”çe˜fbþ¨ ˜'®oÀÀ‡Mþ %fôñœ¬MgN y,ÖËr‘oÂÁ¾néã6oÚ`¬ ¹×_ÓéþCcI¨7¡±\Q›Eš»ÌyÂê°}ä<úuÐpÜ\­‰gçg˜U{ +³:Ýæ‹5µ7‡XŠÌBñ@g(åôG[ÏMœÓŽR*ØF¡;·éf¤UÞÌ3;û‚G«Šö¹Þ¤Êc^-ŸËe»Sí‡'R ‡RuXLx"h븀rà„8"ÑÂ*0¢µŠIZ ñ½!›Ñ˜V4:O÷¼Æ ã‚D QIºTTšp’…Ôc}jR±‰¥v并NEâU<£N¡~×,º;åÓW­Ô,¸D‰™„¶@O ;Á_‚ÎKNý ÉÑ8Ȉ+¢ˆÌ×.U< Ê€ùØ´¨«¥ ì­ s{F8%‡¨œ4kZž5*&±Bé×Nk}ªóF¥£‰·¤ôÜÀ¢('ÒWfgš‰ÉE‘b0=˜ý·GûNíf·Ç˜3ÈH8œƒ†Ë3¼&M-ðÖ€ARŠæ£í‡–ãöcò3n?|Ûm°¹‹Ãž ö> æˆú°S’ŸØ¡0ž1î#cÀ’`¶;äáKÈFÂðšð6°iA¡ÉE#uKÈóBseø X¼É’x§ß=ý-kšÏ…ÇÁÖú.­ô9[«Ð/õ·–ÍÏ]…9M²{š’|sÓKÀËØÜY4w`ë(Km=œ¬²Q*¨KÑ—‹W)d‰ò&F1”£_RõÐtg¤‘9‘€Hþœ ÌlæF9cN´Ë„—ê²5é7&‘¨ùB½U½ß槱/Þ}yc.rв0 R¤H3›x ›8å“~¨‹Õº,<òwÚ%,ñv„NÏ5–wÀ2x5)­ªùrÊk™L8o£ß>æÀÀ3 0‘´°½I$E]™Òá¤×LƒÑ67© 8™N8£ aæHGQÅ4à0ÕÑ1tf#LjS"I݉uM;´,„Ô¿°ö¸c0˜d]˜jú_áHZ19©e f~h"þ‡½\ÒÅß8A®pS\oOX4Ò!Ê“¡>»_k¼˜¦a(64aYh:©oî?P ç‚©5„ØÊ°¦Ëp‹ÛµÆ "êEOß–SkÒ {À¿ýLdxaU—ûÞå‹Ì{¸n†Ã9Žrß©÷jõÔ5VŸw­²ñå5æü¿«›¦|Ü0)Ä^5§?–‘˜Ä¡ΩÏE½Ru×%Ͼ­qi6+‚‡ôxÉW?ÚÌÃñ™ãNuN,Pj»]½Ç‹?ò©%jt!ˆãnòñ†Ûªâ™ +ñ$ º;Ô0»'åXb®‹ÎÁe3ͱʼnߙ˜|ªƒ]lë‚+8.ß@©Œý­ð"tŠŸVþÑþëBwï°Ð;mô¬ö>^cé(ËP Ró>‚‡/žÜìûrAI‡¦^qÓ7IÈYÖÏ<(ÞG÷®'ËÇ nYÀ …âé°e‘ÃÁŽ•ÍÜ$(GwoùY66éÛØñ¤ðÞ¸?gDµÐ>ñ!°ãÄ ƒéBrIQÝÚb{N;>ZÐÐ5oBŠ¨y4vpXžÞ['¾ ½ÇÍ®‡'(v½kflè?y¨Ü6;’iÆbxL4”úTžŸy8>_š»#:|/² €ÕŸ=èŽU½³7V¢îXM/]°­îÒÙX#åÁROyœ”?åÁÂ#Sö•IÏ(¿Ä*KÕpÏ:yiF5ŽfMÛD(ðþï‹>;¿ï<'ô’îÉ”â3s…áóÅ|ø0…}ª»&1p¨î¢©ÏRÞ3øÃÊä"þzDÞQ2ÑÑ“U§9(턵F]d¡#:åÁŒÞîX8è ˜àteÿz*Ç §€”<šp¬pBZ .UB•Þ}HF!6=2å êý÷l(ƒD¶£œ!½…«·ôT+§¿øZÊGÔlë–_xÑ ¾ã³.L~†ä·¡SNþ'N%€Ð¢ÉÖSvZø,K{ž¢Ïñ -â †˜N›s}–<™÷Å&ø(x@²Óƒÿùíñña¶Ípx&!ª3@¬3&2…«°îTýø‘ò)ëÿ/i± endstream +endobj +979 0 obj << +/Type /Page +/Contents 980 0 R +/Resources 978 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 947 0 R +>> endobj +981 0 obj << +/D [979 0 R /XYZ 56.6929 794.5015 null] +>> endobj +370 0 obj << +/D [979 0 R /XYZ 56.6929 769.5949 null] +>> endobj +737 0 obj << +/D [979 0 R /XYZ 56.6929 752.2241 null] +>> endobj +978 0 obj << +/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F57 624 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +984 0 obj << +/Length 3053 +/Filter /FlateDecode +>> +stream +xÚµ]sÛ6òÝ¿BoGÏ„,¾?ÓÄé¹Ó&¹Ôy¸iú@K”͉$ª"eŸûëo ФDËî$Ϙ `,û ñƒ?>sº`Ò«™õªÐŒëÙ|}Æf70öÓ8yBʇX?^ýðΈ™/¼fvµ¬å +æŸ]-~ÏÞüûõÇ«‹Oç¹Ð,3Åy® Ë~¼|ÿ–z<}Þ|xÿîò§ÏŸ^Ÿ[•]]~xOÝŸ.Þ]|ºxÿæâ<çNs˜/â +OLxwùËA?}zý믯?ÿqõóÙÅU–áy9“x?Ï~ÿƒÍpìŸÏX!½Ó³{h°‚{/fë3¥e¡•”©guöÛÙú£aêÿ´t…vÂN0PÉ9X™™Õ¾0RÈÀÀýö<—œgÝm…€ÈæÍæ®Ús—ÝT›yE£Í’ÛUy»þj6Uû +`a³ë}GuGxåªm¨g]>PW½™‡U«²­F[òlÕ” Bj6ÔДuÓEÔM¹Ž#mµC:á~ +¼8ëPXØ,ç¼ðZ‹pÊnWnÚeµkó--ß´qÖCVZÃõ±0‰Hw"»Æ-ÌØpW/Õ†ú›ø-i8-)£©e[·| ´}[on¨ yL»P¾ÐÒÈHFOûÁJFù„¹½Ýs‘¶%í6½E.+¬Òc.E·‘ ›Æè¸MÛ•]µ®6]q$þ¬`4Ó2«z?­î)b‘´Nª{Âò‚øÜìwóê®Eá…z†ˆë*¸¶…gúedJpÍ:¹¶¨ºj·®AiÀ‚H–ÝßÖó[Wͼ\!ȳr± ‘oZ½Z„R¾Í~³ 쮡®ËwŠ «7 5ÞTó®nHÐñ¢]ÁA2ÆW¾o+\K;Z ¾Ëª tT<ŽÆqqJ½I´hÄ;`¢ê"0TÐ\J•]v4@Æ¡OFs§¸Ó<¶ãa›ƒ^…ƒõšN¡$zLÖlñðåjõ@í¸¶Í>¿ýH=Ûf×½¢¾Ä›-›ÝßD´Œ»ÞRçŸûjWÙæqO˜|_ÄEZoñ&«žÓø~»Õi‘µ$”MÓO’´1PˆhU…°è²Ü¯º–ZáÂD°>øiZÐJ‚áò»@F³ZB ï®\í+“è!HâоÝGf ²xaÛŒåR}ìË9ÏI‚<Àu.ËyœóE5_5m>uºªEW 4ˆ‡pÜ;GfªÍ=3ðâê6ØSÀ‘„Hë}Z³Ün«rG½õ&îsׯ-qíµ6RrShn|Ô_`NsŸ÷š¬îÆŠ‰d‹Iüh”© ƒ` Ͻ‹,1YJÐ7`æ&6®«à&„‡Ê‡R!MV/ ±¡pÒ–:Úm5¯¿0&*dšd*2-Œ%ÛMS@ÆâÀ´ŸLFèOô¬ÙŒ‹8‡ô 6(ÉŽ‰8C¬(œ0F)†:›—!0ä¡cä±ÇKj&|WW÷aGiä¯À-IžÁB‚eµ_w†îrR( —#¼`¨C÷™d‚åü˜÷uw‹’‹±æôÕ([X͛Éw +®Ï&j›ÝÄ:°«3:ø3¹³ÞD¤kpX_‰¶!Óƒ¢w³ß•¤Ø‰=«êÉpA{šÆíépaˆõt¸Ðc=q=ù9ŠŒ)¬ÏÐÑcM2Š²á¶­’”\%þ´!€E¨œ2:Ú\xþ·Ä sÊÆ9¯hõêójÛLB®©%‰²(Ôe]“ãb)LE¼¯yúò ›°Ê?wy¬——°ÈàvùKâ=<¾v§éHHtŒïÌ‘„xzDÈk42Ö"AÕnS¿aÍãå„ÁaÄ‚m´Îø%·èdx gUƒ£^D¬ÍTüÏmaŒu×Æ™¦,ËzÕF¢!6™0`Ö½JJÑOŽÜŽ ’H神ΠžµýÒöƤŽb^æH|R2ª¹­}Iª,]ÈüÝtª †ÃtHú§×¢y ÖŠ`š1^*OÔåJ<0v /=[Ðxõt,1x«Â¹ß8£ $!ù†œN$Î|8Ï Ï®à¿È.ŽX‹Jˆz!ùw…°`J`óÙŸ3ð"ʇdàpÚG.„Ž.×|ö¶3͆ÇJ+çåùœe=pDÇ€kMS©ãUÉXöp.XÖ쩱À<ŸñĆŽûcd„HôŠƒ¢EíÁA$™:‡l%h¬‹0ú^Ç6ÆèXo`fLA{ÛìW‹WñÞ™©b‰;‰4’ÛÂA¬H¢=æ …Ð:™Y1wÍȆ@¡†Saä¬éH#÷t{Hd"˜…À¢ÚV›Ø¹ß6›”ªÅ­FxSu™dëBÐÈî0IŒ‡}×åñ•Z!K°)µ}ñelì ¯¡œ˜Ó ‘tàå‘Ê‚=U5r6TŠoÓ3é`IÏä,¬o}›È…/p0‡Å:¥N¸%Ðf +º~Ú+õX'¼ÒTXáÀ$CÌ4ÜäØ1E¤ RFŽÉ™ÂX+Ç´ c– 6¶F©´å”6ر@ÁÉ1!<혘+8ïCû§Ùp@½S…âJŒS |Ú9©´Ìœ©…£ìØØ‘ZœÉãÇúbÙ)ç”Âi îõò™Øfˆõ´õXÇ&èt|ƒWoàêOÓcMP3$ò¦À:ŽÈùŒUCá’•p~$RÎ E +Eª¥á&€]+ИiªmÀæ%m\²6¡£ÒhG)ªsÃ*ö7SåKÐ )ÕX6ÍÄ¥C¾†1xL€à|;pP1â­c|<ØQ³é9“…>eRÕT5â6üΦY¬& Ÿ$\Ê“Ö[È®ëUÝ=*Z‡ Êèg„p€uBñ««—O‰mÁÔÿäö=Ö3ûs –\Ç8MÀab# © Ÿ( bQ#V±$Ó©€Š½£8†FõBHëyhDV± +ƒ8'™êc8z]E猒 ¥Ÿª£JC¿mpìÒØìý‡«Ëwÿ¥Þ5ÐQÞ„ 12U³``\ÍBLªfáPªfGÕ,“Ò +Ü&¾È˜¾àš[•M´Œ‡äR<>o€¹Ÿ|UÀ÷$!ÅAI 0xk¥Í8œš¯Ê}xuŠÊ-ð dbÑgÊÊp3ª«‘(LЂ‰˜•I§h¯ðHÇó`»AU+4CU ¡éÒ W>û¾ ó1“é†-\;´è_´Š¥+蜗1˜6`,-J\1´B+€£o\¹ +8»ñU»${±¦¢ÀújZ´è„[·`#µ2/góìè1ˆÖïëV1õzz’S(ÍÇ yQá鬾W+¥‰Jzÿ]rX‹‘ýòØ:Íx*‡åàê-ÖŸÉa…€ðÎ8û]sXÁ“Êþ9ìpé9,÷¦`Œ‘Ëù­Y•1i vÖg¢Ð'<UÄYÕ!#‚žESE|Jth÷Û-ª¢á‰=)CÃF´Ðþ1§5ôz-¼ÏBæŸ^GèÏâCXLæàZ5 êé¼,^´þvÙùÇó2}2/ãÒ㯞 fz¬#«5•#(õ'ž…#Ö £H8 ©›ÓðKýuò=‚ÕÞ}õ‹(© üÓ„Ò±Þ}ó¯¥J¦löHLk¯Ä"Šð6…|WþòþgUǤÿq‘‡endstream +endobj +983 0 obj << +/Type /Page +/Contents 984 0 R +/Resources 982 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 987 0 R +>> endobj +985 0 obj << +/D [983 0 R /XYZ 85.0394 794.5015 null] +>> endobj +374 0 obj << +/D [983 0 R /XYZ 85.0394 119.499 null] +>> endobj +986 0 obj << +/D [983 0 R /XYZ 85.0394 95.9037 null] +>> endobj +982 0 obj << +/Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F84 797 0 R /F86 977 0 R >> +/XObject << /Im1 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +990 0 obj << +/Length 3129 +/Filter /FlateDecode +>> +stream +xÚ­ZÝsÛ6÷_¡·Ê3Žø$8÷”¦N.6éÙ¾¹‡^(‰¶y‘HU¤âøþúÛÅ.ø!QrÛ»Éd´–Ø°øí,g ü“3ë„ËT6K3#l"ílµ½Jf0öþJ2Ï"2-†\ßÝ_ýåS³LdN¹ÙýÃ`./ïåì~ýËÜ %®a†dþöÓÇwÞÿãöÍujæ÷>}¼^(›Ìß}øñ†¨÷·o~úéÍíõBz+çoÿöæçû›[r<Çw>~O=ýœ™ôöæÝÍíÍÇ·7׿Þÿpusß­e¸^™h\ÈoW¿üšÌְ쮡3ogÏÐH„Ì25Û^«…5ZÇžÍÕÝÕß» £áÓÉý“‰PöêtžÚ@› §•¸Ï«u½Åe©ySö×ÒÏW¶å|Wï[Éé§ïhŸò–˜Ê†z–›zõ¹Xsã…_pÆÐó¯$Qaòâ9ßl`¿µ´ó£é;{þð¹¨XR}`â¹lŸh°9¬žFŽ'=¿Å³ ZH)2kUXmûTÐ æUó\ì‰~®›5‘UÝñX0A+Iú/Ç ‰³­¸ª|ËTSì¿LHzÊ¿0C[Óo·z˜ï1/+ €#ÞXŽNE¦µê¬_:Æ*“$™Úû¼-«Gšåî¥i‹-[l{´b‘?–Û²mx~=ž_¥"±.LV£|·¸ß4ÔuhòG­ñU6ßæÕ óGÉ@Ó^õ'Ä߯òŠˆ%ϲAŠ5ZF¢çw«|Œ F¾ä›Cü,§é¸±ÙÔÏÄ•ÍŸŸ +ž±Ù«òá÷aÂŽõAyŠ¤7 Ü87Wï±W΋¯ùv·)¾8 ©µV˜g•ï'vŽFùT3KX1ÊZ²ÌCƒº#UV°_97`;'Ä%Jè4sQ\’êÔH¯Ì„X«„WIƬh^8-ï +5òÁªi©xˆAzÅÚ=–ùò¥-¦ÌŒp&Qã­=T|ˆJ™T¤ 5+E‡ß´x°Ú¾¥f»Xמzèj±Í¿–ÛÖù—¼ÜäË åÛúPµS*+'…wƲëâ!?lÚ Eµ™÷‘ôhŽäó¦Q_ÎÔsÎleŒn¡ @±ÓiÜ!rWõ§’h³CàÁE˜;Û|ÏwC½.Š£ÖE³Ú—»¶¬yºI‚au—Ö”ÿ)Žý—VXd:sÆyÿ¦pÃü´ÿZt3.†S’s*§•V%¶—t£8#¥„Il´pÚòÑ2ࢄO†2ipÿ8#âvàA;þ %G¶q2/Ê¿+VýÎ;!µ1‰Óóf¤Í‰ï¸^Ñát6ÔA°ÕÁÝ—©µ`uàûxÂq­Áü1ÉA@³ ׀ᵱ·÷"Ðì°èSìÄ/ ;£„=m”Éž0H`Ó†Þ]˜¡wÐÄ7ó»:òõ +LÀ7©Ò´Wóu]}ƒøå1&ØQt‚ýM˜ ©€äð\òœóŠôC¢Cþ4±óOO"Œ@‘<##MÀMè|Î÷UØ Ð(1 À¹—„U/6õãbêra=Ñhc.«ÑqMè1º`Ú #ÁnGŠPÌ«3ÝGGGGØ·lêMÑÅ"¨ 1Çp8_­Š]HSC«ZóðcÅ!„ +ô˜‚<ž:VõvDZ,7eÛh + {Ïñ¾yy³®§7JK¡5ôÖÿ†ë–tÖ_{ámÀu6£l²û°ÉÙ¤Õ ²SòoÿHäÏÛ’5èöÝ+¶4àº`K‘ëÜ*͑࢑iBc#JÀk5¸+^˜°eøÓÁ56(†DŠìˆ"µ XqjSŽ´Mšâ´i¼›Vs©Œù_YØé¼£2jd–O yZ(cíåÝí¸^Ñât6Š¦À<®Ö'ó†ê0jCˆ|f)TR8c³£äuÇu6ŒbÑÐÓÿpŽ?cœÊ^s ;ƒÏ~VoÖEÓrç>¯š|£Pè —dÈÞiŒ Î+Zòp~hë-€Â*àÿD¶@ز­¿tåï?à¾e’" fÿ¿Kf™Hç/_ì!×ù‹Ýq¡Ä§ºiØ´e»Ñ,àVÜm“ˆ4þ‹Jt\ZŒn·±"µ^ŽÕø€çç|9—Î=šDªæÒ 1}¼æñ·ãt ~qm4Ú/F žÞ—4aJY ãAøý þFPÆü±nÉÎàÖìØFJ|¤ÛÂ\±ˆz +ÕÙù…ã0ʼâö‡\N4rs½A>7Æjp``è¢ +ׄc´v¶ÊŒ•˜ +ªeHà†7m^õ¡!.ºz¼®N×õçîÅYrüfUÆGñ¾ª,5?‹Ô¥Nûñù-‹§|ƒjp}^øñžaå,Ѽ ?¼óþLYPêLøLv³TO½ i‘ÉÄ j‚‰šW¬r*Àää¶ìC%;íh˜ŸÊið!/÷Ô±,Û᪺’(Æ>i}·1ÒiÈ4¤Ÿˆzµ ¯ X~Ä]Ö’P»UBíÏå¦ÆÇZ|§Ðñ±ÂÛ9Oñ@]Óµé1bLÜI¡â|1"…dܪlTŒ Q!éBY”NcWx†–ü:,eEûšS… Å[¡$ENÛñV ˆ4ÑÆè/A’yÿfÜç‚Xž¹í>JËW^KLçïzd +Ç´Ú½äàå]ÕEÉÓ©èqÚì…ó©ɾUÖAeÞõ7h* »ã=}ÿögªè|zÖ•ûŠn:ªèöÅbJø)SRïOʶ¿×u;%¬ïžëåä%–˜G+ÖgóIi+ð/¨&6þ³vÿójõÅfRÀk¥ä ÆÃ$¬*n“Skå¿è:Uý¿ jÏrendstream +endobj +989 0 obj << +/Type /Page +/Contents 990 0 R +/Resources 988 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 987 0 R +/Annots [ 993 0 R 995 0 R ] +>> endobj +993 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [361.118 643.0167 409.8647 655.0763] +/Subtype /Link +/A << /S /GoTo /D (configuration_file_elements) >> +>> endobj +995 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [347.1258 251.1389 404.2417 263.1986] +/Subtype /Link +/A << /S /GoTo /D (journal) >> +>> endobj +991 0 obj << +/D [989 0 R /XYZ 56.6929 794.5015 null] +>> endobj +378 0 obj << +/D [989 0 R /XYZ 56.6929 726.3067 null] +>> endobj +992 0 obj << +/D [989 0 R /XYZ 56.6929 699.4102 null] +>> endobj +382 0 obj << +/D [989 0 R /XYZ 56.6929 385.1287 null] +>> endobj +994 0 obj << +/D [989 0 R /XYZ 56.6929 360.7028 null] +>> endobj +988 0 obj << +/Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F57 624 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +998 0 obj << +/Length 3097 +/Filter /FlateDecode +>> +stream +xÚ­]sã6î=¿Â÷tÎÌZËO‰š}J·Ù^:mº—ËÝ=ôú Ør¢YYòZr²i§ÿýÔ‡-»½Ù?A  ,g~ræl$tjfIj"+¤-7böcß]H¦Y¢Åê›û‹·b5K£4Vñì~=àå"᜜ݯ~ž¿ÿÛÕÇûë»Ë…²bG— ‹ù77·ß&¥æýO·n¾ûçÝÕebæ÷7?ÝúîúÃõÝõíûëË…tVÂ|ÅNLøpóÃ5AßÝ]ýøãÕÝå/÷ß_\ßwº õ•B£"Ÿ/~þEÌV ö÷"Ò©³³èˆH¦©šm.ŒÕ‘5ZLyñ‹¿w £~êÔþë"«L<[h¹xL„…][$6b­t·Ëfr—îò&û²Xf˧|Ñ¿æ‡JKQ¤:™ 9­ßQM HÐF$VŽ%¸Ê/A=‡¢›ý;é<ÛÔûª¥zÍù¦Þ½Òx[nßðìu½ã‘À¯ÉwÏ9 áœÿÚÊkúàDÏ‹Šp¯mÞ€qÄÂÎÿý”W=Ø 8I•¢–2J­U^æ Š•—ÛUÖf!gl½$øe Ü]J7챧 BQÑÐPYlŠö ¶Ÿ”@ø¥(ËÀÐëÝ3\Ö¾]1+Üló/Û‚¨¿¥Î&k÷•¯^K1V¯Áé +ÈPI%Y…B^Ê9ÈI=/:´UÍtù—ež¯òì§b~SÑxFWæï¨ûR´Omö% Ûb[ò2ÏEþÒà^¨d¸6/,çÙv[yØn³]Ö¢2$l'~>ÖŽ Ÿ††óö–-A¸ðeªæ €I,'àWù:Û—-u@màûöƒMFÖmÀ‘MËá*ûÊ‹›¯ˆtäà/ê4S¢=ʬ;«Šê‘V Gèè|™…CÅΖÎò–òýµïÖ›À‰ÉHmoÓJ€Q§z|èuå÷"à‹÷„`r±#ðþþ‡† Þ¨¢£ É‘(v2rÊV¢ÓÁ*¡„ír»(‹¦Í«Åç}¾ŸˆVi$‘ž]¾#:^«bóBÔPU霤 ˜DYhØ™U¾mŸ|(q=mo9Öª›¢â`󊆚çÞ¬G¡,ÊwU^Üì·Ûz×64µ‹S`}JÄgš-— Pºdþ!TÙb,ñ=¥ F,ŽG«WDÐE$„²#B˺jɬJ{ª_ØdÕ+A÷ï?vÔU¾l‹ºjËŒ¥ †Ðêæíߊp9'6h¯¤œ7Ûl™ø’­wìøðï ê s@– +–Z×]„‘‡¼›·ÍšWGØÇ hi×à,TšÌÿ…Ñ +÷>ØÀ`™7 RAš¢øìdaŠ2¯Úé »ËŠ%…‡¡í/”‰Rã­¯#£9ÂFÆ‘”Òˆ­ó]Q¯Š%»ç¥DÉ›OÔ½©à¤ŸáüNy¨Mld\bλèê´vT>º–Ç‹p䥱‚T¢ßY:ª Æ~šÀh…ðÎgtìo¸YÐê±K'„_„õ³'´ƒ ¶45×%“Ec$í.’´am¾gú…4–T^ŽÜ‚îPŸìâPp9•ÄÁåïSn@¡ËaŸ\1—›â“w%1{xï„÷.§È»O¦€#CS˜Ð†n]JC|A ÛÃÿê‰ÆÚ(1FŸ÷Ä!ÕiO쨺x¹†¬áŒ'ê(–æ¼hB„ñ}{jõX:U›ʹ~w»ô™„åŒ*o_êÝ'¢ìT 1Ì> :u¯(-"kàVg¶à@rÈs¡@?º;´¦\–‚v""mã·ì¼J¦±·OlÑ«°í9)H¤üFxt0o 9›÷p:š7¶dÞ Ì{À—Íy£yãˆ7oм‘½7oOXºö;‰#¸ñþ☰m>—†Ê( fì‘\$¹pf@Ú‹IöãŠQÈ}iŠO»™Àû.´eQl”›_­}R>â„r½¡ºÇÓÁÅ;ÙòÇ‚WâÒhJª+!¡W ëÞùZk3GYI™<UþR2¸*še sn„¸ÎžêãÑÐÓBý\¬ˆÊ äÌ£—Ø)Ëú%pz` +.c¯ ç"e\HhXÁºš¼1í¸Ö Z g¾©¦­·ÑJ]FQs9<Ô›¢^ÆyÊSöÌáï‘b'®ðWfå'cžN’(5BžyCªÓ1¯£ò8-¨Û´Å²9ô„Žÿ@ˆŽjBŠÃ°'dr Æm¶ñ}þááN8ìw%!Œ<0uY?òk†;âdj#ª°Nh|ã F>NÓᩧO(âiY•æàl±À)EðƒL;áÚæ[mÛ)#4¼¶­8¼¶÷ŸNŠ‡;¶ì–‚6öÈ¥€-2ñ •±ðüÛèoÂ97ý¸ ñRàeOó¢yx1fŒY-‚tp‚1Š± v§!m+(—4¤À:‰é¨nf`c#=%ÜŽZ6ƒŸ á“P@/b5¿>Ú`ªÜ‹`_”Ÿ}ž!™4ÕD5€½¶ý.xÄÛ›œ}[ƒN³¡ZóbÈÚëåÌè]Tt$p&RöÇ«å_\!Ý|½Tbžs§ØlË|“W­Ò@DE-~7IÎݤIëXφ;ûu‡9l§êöþ³Æ×™Òðü¬)ãóP)ˆ@NÞL¿™Ð+I½­Á^'☭6N¦~ú•¯qpÜOX÷H|T†k¡!4¿#!:ÿ¼ÏJðGc%§DœeWrùT×MÎ,2j*)q´§¤)ÄáeýJ¨Á[C˜­8!ô‚® ãùM½ì{îø²®S9Ç×tÝXÃ"4?<âÇ*˜Œ‰‹@CÛX,áB¥¡e‰ŠµaœéÛ&/×XU™.“<¼çMSvÈöô‡<ùÞØy=Èî²O9K—Uë€mš8 ~Ÿ­øÅà[„MôAV»Ã—¾‰Hið:‰‹ÒT$ƾØãYë6tÁ X›·”*2®#£ÏwíòéHH#¢Ø õ2pü#! Iq*ÇBzó<>K™D „êpþe\'”d±EúWnĵa Ûí»Í6_¾ì‡NŸm-l"ç×ôIÀœ%¤%Í%gÁ¼ 惬y©¬iŠÇ*gax!H‚[¬ùí*‰#ȉÜصnëjQ噽¿…{ä !úc4¢3ê–„|Èš0Í'ãªûö‚¨mÝTQà€ß„ðM¨z´öUI—k+H$yæîIÆãAú¢uøðî]X;žìAä]K8ÿéL‡o€RÄb@ÿTïè“ÃË@uÍÏ0“¿ö%÷U€¤àUØ*Ëp|ôO ø6<¿"|¿õ@4> endobj +999 0 obj << +/D [997 0 R /XYZ 85.0394 794.5015 null] +>> endobj +386 0 obj << +/D [997 0 R /XYZ 85.0394 630.3935 null] +>> endobj +1000 0 obj << +/D [997 0 R /XYZ 85.0394 605.2917 null] +>> endobj +390 0 obj << +/D [997 0 R /XYZ 85.0394 242.2106 null] +>> endobj +1001 0 obj << +/D [997 0 R /XYZ 85.0394 218.2795 null] +>> endobj +996 0 obj << +/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F57 624 0 R /F84 797 0 R >> +/XObject << /Im1 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1004 0 obj << +/Length 3112 +/Filter /FlateDecode +>> +stream +xÚµ]sÛ6òÝ¿BoGÏD ñE‚“§4qRwZ§u|smh‰²9‘HG¤âx:ýï·‹]P EÙ¹s: `±X,ûE‰YÿÄ̤qšË|–å:6‰0³Åæ$™ÝÀÜûÁ8s4±~¸:yù.•³<ÎS™Î®V-'ÖŠÙÕò÷(e| +’è͇‹wçïÿ}ùú4ÓÑÕù‡‹Ó¹4Iôîüç3‚Þ_¾þå—×—§saˆÞüøú׫³KšJ™Æçoi$§æÑ˳wg—goÎNÿ¼úéäìª?Kx^‘(<Èç“ßÿLfK8öO'I¬rkf÷ÐIb‘çr¶9ÑFÅF+åGÖ'O~ë ³né¤üDK²: VS4yœ*©œï«õeEt·=6*Wå–úm¹ýRn[ìȨ©i°.»ûfû‰:"¡¶»- kÓ´Ý óhÕ¬×Í}¹$ŒëjoáQŠpIÌdÿHL³›¢ýDK¤11þÌ >H`.Dœ#ÝqŠwÔ: «U¤)mà°Ý-MË”_å]W9n³YÑ°g@?PÔŽQEàM@ôl:V‘Q¿ûmµàí+¦½—9Ë©3­Ë¢íHñ{ÐëuÜ£ÚX ›9Ô+w,@X–«b·æU]s׬››êÁÞ°òå;“º!Uœ‹D©í×¥IýEͺYkÏ« ço¹ÿ÷«c"yˆ4ɾéUç¹ÑÓ¯N‰8•¤éÓ´h]´ô+†¤öÖÇXxj +ƒÇÓ_Ãj–Â…g"¥ÆTB¯ç‚Déž™D„×h”ÎÆŠˆ®à˜  ™d2›™<‹³ùÜD@߯ìn«á¬ŽÜîú¹¢¦…Õ)ø¿eÙ•xr¸Nås;ƒƒQÀƒç¹Þ!½$®K:ÿf‡ê%ðU{K´ÝófË„ÇÁÄBHÆm{åräïÑ3”BÇiš›™“š$G§Éí [§Ë Féñçá‚Ãå.²ó±\°füûÐáÙq¦¨§8P6¶0e”-ÈuÊ>I%åL+gßh@˜a­=fôç!ÉÃ8CZK4e ¹Ü¤##XVmµý~<öŸàQÁ5êL¥C&ܤÈb•*áåI^N±ä–MSÇVut‡`ojÙ4Þ*`¯½+ªóÂyz2¼΢•ª0˜V|S©8ânQ ÀYLÆÈÁ±LùZ ½lÜ3ƒt5òÐï&2ZÐ!—¡ÀþQ¿ËøópÁ”ßÓú]`Ìû]y¨×n.,ÜbÂï2ÖSœP ü®‚œù¬pY4^CsGÀ.wMBI³zôÆÄÝ*ﳕÇM‡PÚ#nv­§ßµåzEZa~¬]Úr•IóA•_ïÖÕ¢ê&ØIu¬õq+" i0²ÜÎ$B>û…öç!ÉÃ* $¹™Éö;5#`°! Ä0î»1é)>ÅdžÄVZ5dò˜±&÷ªCxWM]ÒeaÝ}C@I+úÌ43""-*E€ägL•œsÙ×¼’ôBFç¿’ #!×£˜oï­Áƒ*ˆÜ2“ã2ײÕC>¾ŽP^¿ù™Jwr炶ÀRò²í¨ö4v‹æ Ǧ N-° +÷xÏ÷LpPœräfºßö¸W‹›«Ì~?=Á'ÔiœË4pxLu¬2“³¤)öpWµ¢¶tf!gö`³ç@L%þAã8l·åâ×Á×Af•äéH±nŠªö%…n_inŒÒöê7¬Cö+|½À]ÝUÔÔÐøâ£kWÍ®^NÆx\.¡4'"„ì(-‡ì ‚“Q¸‚ÙAäÛ‚‘®Käø)—øLRHʇ‹%ËW÷nű‹Ð…¸CÁñö.^Æ¥h8&‚_6¸¡äð] Ï¢Ûa &TÕ¦êª/%u÷&D$œÓá0sNžÎ@>BŒä#) îÚ~mC-x/ðñ~›£ëë©$._æã²’Ì) „vÓ|ô‹®Ë›ª®)¤æƒù¨KËTt>Æ ½$½Ç¶ †ke!ñ{æ›ñTPê(ßcғ٠ܸ ¯Æ²dmÔqBß‘€3/LÈ÷ÈèTxÜéXbôL'ê©Ü¤3%s6Òô;äLq’œÊ!Tl3 Ó£=’D@¤¨¥ù~LöŸ`=‚PB ™<žD-- #EwKSn0‰!’PßÙÈÆ‘=~^>ruÚáL ìF&† ´ÂðÊêIÓÑ&[Oˆ:‹¶­nj—é§de¡YÂ) *Äà û–úrN:6âH­¦–1ÄøÃ0 ‘6U]mv›©=+&Œ¯ÞïÞ·&)·24oa¥s¼5kù¹@ßEe3ˆ¶ üÊðKŠÊ_ˆ…þ¡r)}_äX”•ãÚ¡ÂÚ†zý*çfÂÍFU4$v€ƒŸÊâ\ÁÁTcFè¦ì¦Dž¼¥ºpð±$†•äQËÇ}‘ùVÔöiW§Zó,¶\€»°¼ÿnêŠBl]”_;ÂÛ¸s ÊáGK‡°¯µag9Ÿ²£Cfù¢.?m$rÌ2m,^JMSÌšj‘²^b±ê¨Äj}Ípˊ뎉Ý×S=IÉ$¹<̨~fÿ‘7±¤ý§¨Ñyªé"(Ž··Í}Mà5У¸CIä¨eJ(”åmŒŠ~ëðGŠ ØbB¯ †5LQ ×QwÊÒœª³úã*“y(ü)ö¹š‹àXå Ý!Nq˜b²!YjïÍø>Qç[ÍøB(5ñò™¸ˆ½´L>––<ã}®ÃÒÂȺ¦f,ïw×¼»Ï“&P̘Ašö"´>&Ügf,Ìœ…9õÛ…Ñ[FƒX÷±Úò—ýjPÄÆŠið‚±¶Jlô™kï¿(Ò~dŠ~  †¬M|û—îãäË—4sþW“°éîq t"ßÓÖCüëðw¦í«Ï.ZU[ÏìªbE”òÆGùßÒ7ž¾ã9ð8ŽLLÝ3ªï«áÚý}ØR‘(‹-˜žIŒ¹Ì唄ýë=9‚oF맄-Û)µ“òÞµ|™1þ†ÅI{ËrÔWO*Ï?/7ùL¹Éo–›üV¹É±ÜÄÿ-7ñÉM=SnêØ/~”‰ñ·kåà¤ÿiͳ"·ÿ±Vs­•GêÊ> D˜)”ƒ9¨e÷¿¥;dý¿H¶ý÷endstream +endobj +1003 0 obj << +/Type /Page +/Contents 1004 0 R +/Resources 1002 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 987 0 R +/Annots [ 1007 0 R 1008 0 R ] +>> endobj +1007 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [213.6732 493.8452 286.8984 505.9049] +/Subtype /Link +/A << /S /GoTo /D (rrset_ordering) >> +>> endobj +1008 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [209.702 415.6507 283.4678 427.7103] +/Subtype /Link +/A << /S /GoTo /D (topology) >> +>> endobj +1005 0 obj << +/D [1003 0 R /XYZ 56.6929 794.5015 null] +>> endobj +394 0 obj << +/D [1003 0 R /XYZ 56.6929 561.8344 null] +>> endobj +1006 0 obj << +/D [1003 0 R /XYZ 56.6929 539.8007 null] +>> endobj +1002 0 obj << +/Font << /F62 634 0 R /F43 600 0 R /F57 624 0 R /F84 797 0 R /F86 977 0 R /F42 597 0 R >> +/XObject << /Im1 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1011 0 obj << +/Length 2396 +/Filter /FlateDecode +>> +stream +xÚÅYmo#·þî_±¸Oë"¢ùNîå“s±/_«sQIPìI+[ˆ¤Õi¥ó©Eÿ{‡rÅ]­l_¯AaÀœåËpÞ8|†b…?–YE¨(df +Ie*›,ÏhvcoÏX˜3Š“Fé¬ïîÎ.®5Ï +Rh®³»YÂËj-Ëäo~¸üóÝÕø|ÄÍ59)Móïnn¿Çž›7ïn¯oÞþu|ynd~wóî»ÇW×Wã«Û7Wç#fƒõv¡…Xü•R~¿K÷ ùNåA¦*äAŸSÜ⇢¸d½('^j)@j¿­”t…öÁéò ĪËèÇa‚H6ø;¶› x`T;ãX^Q¢ /ÂÜf[n«%¦-Ør]m–sXAƒþåvîÏÌðzBÛJÙÚ¯Xw4eÈœ\ÃEïÆtK}‚€&‰øêòIûFb4_…ù墩‘ÚÛÍÀHRE[Äsxl4! å¼o³oú(N(I´Q™¤)„,œÂ±Í}†Ä8Á_qú(ïáWwó>W'Ä{È’è_ñ Š¾@’kX¢lG¢#ØÎzFcnN‚þ‚°Ð²›Û.WCv×ìš`Î6PSÁws (¤¥D:Û¿sRXk‡ñð¨å8JY¢’áx¾–‡½Ë×Õd ,8‡)*ž»y¸¦•;6˜\†naÍë 21‘ LÖ±ÝdQ:<â²´'ÿ±ò7ã<î×O;*AÒ¼šÖËr¾òƒ¯SÄZSônjoÿ€WO&lV¨kdâÖÞ8ä¡O8œ lÙuÍÏYHg½¹³I5,lÈ¢nÁ´š•pÆÃ’f0Xsk|yû÷aGèBƈ"È…³A83{i]µ{ùÁ“²©lö„lFÉÛò”lúiÙÐk‡ÀÞœ„eºë¬®¸1µ…° ⺋¿r.‡§œ5 +õ§±%hx'x6È*Z6[“æw Y8ýŒ "¨01‚MR€ÀªEu_œô©\ìªöHl„³8(‘¦‡á˜„ŒcŠö* °àõQ*†Hed&Œ‚«O½¨¸Ò§›Lþ»UQz(åNJ€ë(ð +d\ÑÏfQ)ˆF´V'’™ÄBÊ΄6„Snqñ󫬞Ez´‰w—¤ ò’¬¼`Ø_Þ2†$LI1öïuó%,êq¡ù?ëU5„ÉݪEEŽî< PVkž%–ù:c;·ú²‡£ør–qÅiÿ‰b¦°Ï9½z„u5–‘_à?•š½EN­ÿmÁWS/ãÜÈÓg™?aõDŸ¯³Ñkvn à´üŒÙZ²Áä;ÙOóÉfö2™PïVÓRâøK€š™ÿ¥ˆÿÄÉtA„áò'€\È-¢Ø#4+¨……  ØÉa0_\¡æ'\‡:ôºE~x"{ý|õžV[I¯ÁNÆJÝÍí¾!uøÍÕø$HB&õòU‚ÒÄó9Xï'³0nC¡ßìé×Äë +'¥ÍÅ"{Ÿ–»‡—m’7B¯££.O–õº­Ûƒ‘éŒä8…G÷ŽXÆ7ʲéx‡b…EôÐ7ယ…"Z¶ Òqª!JlšÝÌIëïN½ ‹OEÕ,¡P_tmZ.Ë}Ó}:}øŸÈ´¾¨½ŒïLÉKÔ±_žlB.;‘XAnZœß©ÇQ›,àhÊ¿AhwözõtÔ`½®J/Ëâî”k_ÜÀ¯$£†àAÓƒÆQaªƒq“żjÈ©b˜°PÛÉå<¸HQ(yö@D ì‹+z¹ýÅ +F#,OS[{Ò0ʬ«¢aFb<Þ&ŽPñX%xtÄ;H,¿ƒÿ<¿ê¦p%*Hf¡’2·sö1sE!pNB{Mð7K–}_ƒ>Y¢Rä;J{•¬ìTå†P§I! Õà–X^x¬N304I ž3•c0žsš·Ùa¯àº·obBp¬¡õá戽ãSù‘Ïv |c‡‰.ɸuøÊÎýYs-þvà¨Â=¸S“ö`3ÙmF˜LŒ$B ÛÍ%àêŸÈ œÓÚ'Xcâ٭×.Ù:ÔŒ=.ùTu.@ÖiÈj0®æÞIïADqÛg_ìë#Ö UèâK0ijçÉ=S­‡³hö,X|éO¨‡Ó&])Þ=mÉó\ÄBÅÕÑK\û[k˜•ˆþÌoendstream +endobj +1010 0 obj << +/Type /Page +/Contents 1011 0 R +/Resources 1009 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 987 0 R +/Annots [ 1013 0 R ] +>> endobj +1013 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [353.6787 494.5292 427.332 506.5889] +/Subtype /Link +/A << /S /GoTo /D (the_sortlist_statement) >> +>> endobj +1012 0 obj << +/D [1010 0 R /XYZ 85.0394 794.5015 null] +>> endobj +398 0 obj << +/D [1010 0 R /XYZ 85.0394 565.1194 null] +>> endobj +696 0 obj << +/D [1010 0 R /XYZ 85.0394 537.528 null] +>> endobj +1014 0 obj << +/D [1010 0 R /XYZ 85.0394 387.929 null] +>> endobj +1015 0 obj << +/D [1010 0 R /XYZ 85.0394 375.9738 null] +>> endobj +1009 0 obj << +/Font << /F62 634 0 R /F57 624 0 R /F43 600 0 R /F42 597 0 R /F84 797 0 R /F86 977 0 R >> +/XObject << /Im1 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1018 0 obj << +/Length 3333 +/Filter /FlateDecode +>> +stream +xÚ¥Z_sã6ϧðÛ)3•*þ‘DÎ=mw³Ût®Ù^’ÞKÛÙ¢cÝÚ’kIɦŸþ‚”%Kvv®ã‘ H‚ ð#@š-bø±E’F©æz‘i%1K«ÝU¼x‚¶OWÌñ„ž)rýðxõýÇ”/t¤Sž.׃±T+ÅÅoAñèFˆƒ÷Ÿï>Þ~úõþÝu&ƒÇÛÏw×!Oâàãí¿n¨ôéþÝÏ?¿»¿™JXðþÇw¿<ÞÜSSêÆøáöîQ4}Î zóñæþæîýÍõ?]Ý<ök®—ÅòçÕoÄ‹–ýÓU ­’Å TâˆiÍ»+™ˆ(‘BxÊöêáêßý€ƒVÛuV,Ž¸]M(g˜è(\ô +diÄÐKÇÁã5ã:課zš,ŽEcé"ãq¤t¢ÏCLáë‚,ž eÙæ;¶íötbÍ£XkuybÏ43±L¬30ÆÆ?˜¶•OÎ}ZkôÎãDpö§oàÑ€ëy.¯éópZÒ:—§ï¹fæè:ËÒ±îdNR¤Ãà ñŽdr4(¼lÊÕfÔg€1Øî¶1ín(ìe•^‰‚¦¹¯›²-á0~6þxJ( +®¬ÛY›‘¡eêÄdNOû­+g>/Æ|¡N60’‹‡O’f°Sš]Þì!×ùÍî¹ìf—Ux¨ë¶™ltCOØ‹S÷\3s6-³l<¹ƒ/…RøíÕÇ( l_»S59´v;ÛPS»É[*‘®µÃæ?»ÒeÔêlE‘»¹LÓž08 Ò£YÕɬ5±,%p yj ùjeö Ñ7…Wj¤¯4RI¦šñ¼KÈsˆab8ŠE‰üM 0à9}KV"”M²Ô|VC” ƒf´ÅócQ¿ÆrEêq:Tè¥ %ØnÊu6´š^ƒp@T—)¾HbXwsØXw Œ$•Œô%‚û3ýó5àD5aʃIº¦šj9DJJ›7-þ\°(–Z b”íZ:°„ïowlñ¡†-†‹r‡Ã‘í¢”až€L ¤—TÊ(»³V–ïö[‘9'H¨èëòT(éÉnËTG\A"4ÔçßÛ"¡ÐQ! Yèß3 ëH© r~ž@úÉÕe0“­Çi\³žË†åS‡fY”íkX‚ +P››Ì 4aÙb8ÁØ<׌#`K8æ8c9öfUbŒŒ!­ˆ]œ‡mXFlÃ/E"ÆtaeÔaݵ!Õ_6¦¢Ò‡»‡‡›÷T†…W¹gtsæ][ïò6$|Ê óå˜ ñ rÓ-2NO¦2ŠbcAÞ9§ªÙ‚’­ì@/^«|W®ˆØí  ¡<ÝNUϵ‚ü›™2 Q©à¨Sj<<9÷ºÿ44Ç;L7a:.…+ +ÎQ6ñSi¤\ªt$ÍÄz®7d˜Žæ’L—[S‚š1_÷îd‚sAjFç‚Õ¦?°Ã|ž ®“²ÔGßb.ôf À—ò¡7ZW䣕$LŠ™Bă„+.áÆbÙÐswü¾šüàH6”OSÌ¢µD1ñqà‘uº1+<iw JÝp2©!c(‘ÅÙhL‘3®$›±£û Ó +´¯k?ïèvaÕˆ^ù`Ü•ƒ°|»­_¨èBƒ>Tß–»²øó]ÝùQj㯶õÊ…yÍó‚ùõÙØN$ ƒ¿È¹ÎÃaÏÕÇvf}0Í&Äå}×_¬Ì’-w{xòzâăR8mâT^^BÏ5³†‘¥i”(ˆG‹x¤šiP®µ˜†*`-Åg["Ø­Å‚û3ü£qÑ™ÂÛªÓðli6ùsi·VWô%³X;ijs–žÓç/²2! áXäáÕqIg)À÷ðùV›¼z꯺p¢Ãp¢¶ï `ŸCnYP¹=@αv9Gœ¿6LF¾€µ.9ñšœÑ:pCeJûÈ(nPÊ{÷€ +^‚|GX´ìZ¢ù;Œ“1ý”Kiº|í;Qa—7˜ÏÂ^¸qŸÊgZ/46ÛüÙñõÉ]„ã¥õ©JÙ€ZÚúÐx7„ Õ;ôЬ+>û<„)G.py‡ˆ8Ž˜rºs¦&Rq45‘JH§siÅ@×VÓ×*ÃòP½On, ¯Ë,µGÛtbs'¬½¡Ý{âéÖ›¤;ЕòÞØN!î3º²”=é¹$<²ä„¬Qòài[/­u1ÖßC;…à€½B°rÜ{¨Ø€‹ŠdgPð‹¼ö~ïÅÛnI$ªqÓ»fp“m¾ÛÏm{ÙdÚP˜hkt<ЖÇõf ìýˆM§ƒ—æ,RÃùhÅøe¤rGêžËn]Q5aWìæüËLo€!v˘¾<}ÏõÆüA(È•Þàôr ÒQ-Ug/h2™qðp·¶¤KTh¸ð”Z~ýð ‘–½;^[…;•m¡8^[cñ.Ë‚ÿ :ÓÊÄzp®Þü !aœ0ì6bRÉ™ØF’±N©d'¡""øÓxPwmS†*-=À@é€NEw„Ã8Êà:.þÛà> ©Ëú¡í˜õCÅ?hhøiPDÛ'ë/˜N\¡kºÜžvià¯ÚñÔºu=,ÀÞ´`™NN¶Õ¶£Bð›Ó§ª«° N0,–ŽÔÂÁãz=G³»jÇñ÷ÚÃÁ÷yã)åîi3‡YKjýb“žØ‡ZÚ €QCDºáÁÒ’Â*,®ù“O“±¾ÏW_¬Y +ûhP|oayÜÇ +=a>ßVF×±Ž¯š[Z ›d¾3¢v°ìHÄ™½Â¦îö‡®Ü¶¡õ…$Ü^b´lßQÜS,‚θ)Hyh†oÇÐ^Š{Rù3zãZëãÛ˜í~Ým‰±(ó§ªnZ›Þ©)0Ü[Û#'zŸäÉ&Š@[ö‹ÃÉoºªÞ¹¨Þ +ΰoLWÔa[ïíy6Û°€¼¶¬f%y”oÍ–%ÝíŸf‹x©ÄüS¡ fqñÔÉÎqqá³­÷?¾ûü03 Œ1¸ô\p5b •(`|¿d¡f†«Ë-•¬ª„½ŸÄê@cP³§¶mFÐjŒ9÷/H=YúFjÝÿÿbÈ?É'£ŽkδµbΦÏI”h¡FâÌ<8®7¤˜ŽvÌ­Q›uÁת~î±\ã5}úÆ6—bý¢Q€a-@3ŒQa³ðyrB2þµÑA…#ÊC…v­‘ÇgEä±Â·LoD·ws‰=àEÖ?ˆý³ŸØÅC.ѵO­ˆË¯Ä@{ãJT” ¼Õ+ÇØ[ â< ë;«áuÐTf³HqåÝ͆ɡM‡æ®« _Ï[Ô4½ÑA!ßïé Í|î Ž™‡"ïÁÃ1Áíšh¯uG…µ1ÛQ~“=øiwQ¯•ÿËÅpd +Ò8b"KÇàãCT‘*LŠ  ¥C$(³ˆ`—³ +¨EšÙ€éIŒúõ.=³ÿpDÀΨ· †Eq’y+q €#¿Ò¤…ÁÔþ‘ÇÒóŠ¾æë~[®ð@Çšï—æåœYÂq’Ày¢O./ !cÚC«™Ák„vµñaxî_TWÛ²ÏÅæ L$þ j9âþ‘àoÿÙꈄÎf¥Î]1fàŸ +qBÙƒ_N÷¯¬©èÿ3°®gendstream +endobj +1017 0 obj << +/Type /Page +/Contents 1018 0 R +/Resources 1016 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 987 0 R +/Annots [ 1021 0 R 1023 0 R ] +>> endobj +1021 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [297.8955 410.3076 347.2449 422.3672] +/Subtype /Link +/A << /S /GoTo /D (dynamic_update) >> +>> endobj +1023 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [55.6967 109.336 116.59 121.3956] +/Subtype /Link +/A << /S /GoTo /D (view_statement_grammar) >> +>> endobj +1019 0 obj << +/D [1017 0 R /XYZ 56.6929 794.5015 null] +>> endobj +402 0 obj << +/D [1017 0 R /XYZ 56.6929 769.5949 null] +>> endobj +1020 0 obj << +/D [1017 0 R /XYZ 56.6929 749.3863 null] +>> endobj +406 0 obj << +/D [1017 0 R /XYZ 56.6929 180.2089 null] +>> endobj +1022 0 obj << +/D [1017 0 R /XYZ 56.6929 156.0579 null] +>> endobj +1016 0 obj << +/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F57 624 0 R /F58 627 0 R /F84 797 0 R >> +/XObject << /Im1 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1027 0 obj << +/Length 2858 +/Filter /FlateDecode +>> +stream +xÚÍZÝsÛ6÷_¡Gy¡ >°}J;çLëÜ9îMgÚ>ÐmsŽ"U‘Šëþõ·‹ R¢$·ÍÍu<ËÅØvA%ÉÄjÆe¦&&SLóDOæË3>y€wïÏÏ3 L³>×··g_]¦b’±,éäö¾'Ë2nm2¹]ü4}û7ÿ¼½¸9Ÿ ͧ);Ÿé”O¿½º~G”Œo?^_^½ÿáæ͹QÓÛ«×D¾¹¸¼¸¹¸~{q>K¬N`¼ð ¸¼úî‚ZïoÞ|ÿý››ó_n?œ]Üƽô÷›p‰ùõì§_ødÛþpƙ̬žP»ÒLÊ,ñì·?ÞŽˆL )ƒÄ×ȶ)KÐôIÂ2­…{7¯ò¶™D(–j#¼ŸF¦‘†¥Â†mB@ÈL°±(îóMÕQ§léÙ…·¤ö¼¢^4vêÍò-…mT9 ¼!Ú`B#Óé§U1/ïŸËúad#’k–Y³c +?OS#»šÉÔ2’‡ªZ”m~W-EõÊ­¿™m‹;šsx’{@]§,Z¶û>À ,ÎJu"·LGbÐ3áB›¶ Ž9ˆA‘1™È£³žýYîè!25œ–Â/M·ó»^È1þ°â/5ÃøƒwÐðÐt +îË<6aʤ™7zXСUƒ±ᇓŒ‡ßLZˆ#«åÐ;^‡0V 9ÉY&à ø£!"o)8lb®%z×ø§ :Û7 ’]lm_ëé2Ÿ?–u×¹ö€%ŒÞÚ©yKc-SVÍй{ßlj4µ2Ó;´£ +ø „‡¢ Kú™kÿ qÜoêy‡˜ òyæ} ¬Öå2wî€ÍzÕ´p¾Äv3$Š>"—þ‰*Á—墨;@ ¢>=–aÈÁ­ð¡yÑaõ›uÝœðÌëçyÞvÔ!½àtÜÒ´È1ï6yU=þö ÖæpºÏÍfM­3‘6ð-a…Þñq’ƒÈöÍØQç&‚ +"š³Ì$ãŠï ÞÁ9ðX–}èú\‡‘.ráê¼ +gåbï4ÚŠãÓG®‘ù‡˜Ç™™.Àƒž™^½ëC”ƒ=Óƒ½töÌì™}Ø3§a/Qi€«wìÓÅÍ¿/nFA§ òEõRЃœ#IxúGr·âCX7S\0#­:Û‹AO„€Xfd»ªhÌ<ß WHÉ]ôxIg|Gç\oêå-½ög’ð,s"ýP–Íh߉’,ÝË!w:€ÎþA—pïÔ@Éó¾zÀŸL+;ªŸ}…(4ž…¸,Ç¢ôÈ ï@R,%NÊÆbZÀ¬©@¾ìÆJ9ŒÉ@åÌyo‡Ÿº¼+!ŘûŒú²¬Æ&†ƒŠ‘L%}ÀövgøÏœ‹Ê¿{(êbwhe캴Cû¥ۖ˲Ê]MñÚÙtԨߠ„ažWžÃ†;óî…³ZS X)Ìñ-6Ë•U<”µ§z¬†VN +2¶×¡ùŸâëÓÄ­›ñÕ«Wã&xgŒ,è­P&³™ÊœÛŽšhoCR_Ç­©SbÑ¥ít•ÓÉWCà´,î¥æôMÔ â[Шêò·YÛ=:W‘ºrYãråòj5]y»!Ù /ÍKm‹yS/B§¬ç^‡¼ÞàÁ1’ï%(4ÓÓ$<<ŸA-<½lªªy¢Œ8ÕÞîÎÌŠRf<ºizbȉÖúGúƒ<Œh‰ VÖåeíŦaÔ€¦sÙ5N‡²_¡ VIyµñ©ñ]ìÜydsÍ +Ç8Z’#©éïùŽ€0õšˆ¹ËÝ¡1:HBÚR<ƒ«°`"Ƹ Å&úmCQ¥â(¹•¿½—¤ ’["ËCÕÜåÕpG2ƒÐmß7kjø›…þVFYÐÜ"H+§ß•à[´Z£ã-Œ¢[ ¸<4bâ&ŒòEÑøÄåç¢Þe±ÚZä8G,ç'êAW³,»94{?3w0ØA©‡ab KxéaßD@#õ œH> +€ôôXÄ8èsÄkAuÒ"ªzÞ†È]XÌ` h Ó2Ö>ØÕ.é›Í¿bT/AÉŸ…0§`rËógq’‘eìðáì{½ˆàP°—>ŠÅ×{ÕdœJ5‘2à À¾ä†Y* ¼fç†ùÏ + ]+Ã,d¤‡W@ã8ÈòÍ0b(j7…I8³6KÆ‹E̾¬„j24&UBþe¦®cY£‚ºX…”“Bã:x´ÊBœz!÷›Šè±¢ÀÎ2_ø¡Î“¸q8cpŒ®i3‡F +Üú Qúsa?Ô„ÐtñÏE‰Oíºy;ä̸/bF@“©Û¬]j!Ýé‹ë77ñC‰ ej»jjWTÉûŽ¿£gUPÍM‚3Š˜±íÞÜìÝ((îMšŠIߪÍSÐ'%ÇS@EpôËžÈ0â°ó¥ÆÆÚÎ'¬dZ@Ùì´]ÜC.DÇ×iï—Þ‡mô>•È­·!Ñ—§Øôf¨GO@ +æ[Û7~n'ƒ(³1ÛÛ#êíü¯iók ¥O­>e ü|”p¶þ¶^·E÷Bt°½³ÉZ•šõÐÀÚ`l탗ÈmÔÛd7û¯}ý±È»üˆ½zŠø²öR_Ô^8ñð„½¤Æ«ÌÛkÑàù÷2ƒ ­£Á°Mw˜ºw!pßÍ¡Á„NCúÍëß}üþÍÕõX ŒvÄ0½ÿ)É ~Wæ$ÒŒÍéîó²Ú¬‹–`P®‹%èºXÒ=¬“:bÒwbI _[J*…_@HAõ ÏçÒÝcè¼­&¼ÏïšÏÅa“öuõw6©LBFr¤‰5x›ãº˜oâwý[šlƒ-õ×£iÿö:!ØR9· Þ.Ø^œÓ=¾\ù›®1KBŠ¿$;‘¹ÃŠ©\òφ.¢™›íåQ½Ø©Mg{Êg\½xÐzšýR°ý1Çÿ#wOÒŒI#äd–*&aýO({ŸR$O!Ëð’›ãuwbÇ?¥ÄÖ† “ÒYw‘»ðNãï-dšCPB/襻uMC˜fÛ¯@ô·½Ð +·½Àß¼«ü°†njÂW¾ÝKsÖ¿y8\,àí&~ÿíýºbG~\‰ G?dÒ“‚Â]üክâýÉ99•†úÔô¿Xgƒfì ŠI¤ØùÚ{ü¥å¦A½!òîÂ}F='k/ (v¯CÔ-B¡ëoSóÅ¢ì_Dñ`ëº#fųÄ=ƒ2üÌÅyÐc¼ƒë#Åõ²C?ï‚ŒEA:öéþ½âþòo¿¶?Œƒr²K1x1@êp›Zï®]KË´flñÿ2…Ô±endstream +endobj +1026 0 obj << +/Type /Page +/Contents 1027 0 R +/Resources 1025 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1031 0 R +>> endobj +1028 0 obj << +/D [1026 0 R /XYZ 85.0394 794.5015 null] +>> endobj +410 0 obj << +/D [1026 0 R /XYZ 85.0394 562.9775 null] +>> endobj +930 0 obj << +/D [1026 0 R /XYZ 85.0394 539.9988 null] +>> endobj +1029 0 obj << +/D [1026 0 R /XYZ 85.0394 352.0635 null] +>> endobj +1030 0 obj << +/D [1026 0 R /XYZ 85.0394 340.1083 null] +>> endobj +1025 0 obj << +/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F57 624 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1034 0 obj << +/Length 3403 +/Filter /FlateDecode +>> +stream +xÚ­ÙrãÆñ]_ÁG*e˜ 3(?ɶv#W¼v´r%)Ûå‚HˆB- Ð(Y‰ýïéžîÁEh¥S|ÀLÏÕÝÓ÷P,bø‰…I¢$•é¦:2±0‹õþ,^laìí™à9«0i5œõåÍÙço¹H£4‘Éâæn°—‹bçÄâfóã2‰dt;Ä˯¾{÷æêí×çV/o®¾{w¾’&^¾¹úÛ%µÞ^_|ûíÅõùJ8#–_ýõâû›ËkJx/¯Þ}M”>Ïlz}ùæòúòÝW—ç?ß|svyÓÑ2¤WÄ + ùõìÇŸãÅÈþæ,ŽTêÌâ:q$ÒT.ögÚ¨Èh¥dwöþìï݆ƒQ¿t–"Ž¤^2PË…QjŒqФQ¢¤ê8(,p%Žãe“×yMD¾o³6ßçeË쫳ý>«‘âÏß;¸˜x±’:JµÐ~ðGû‡_²Í†;ÿÁµ ™FÎY¸í1Xs[m ÍzÊ›_ªú—²¢î~Q¦Ó­êê¡Øä«â·»ú5«è:ÿõ˜7í'®Ê7å'`ÖÖYÙÜå5/)ûÛÀ‹ÙÝÃüÕ]Uï³–fþ›˜ZU™¯`ÂcØãwúì³ò‰áM·D„cüçç¹Ó>äOM¸ ÿiÚº(·ÝB!Oaø‰¢ˆ¼‚ôUSëuÞ“Rô@ +~÷kEb#e¥†-"«•ñ;üÅ™(µ6Y à=q‡ªn;Éê;„ÏJXÁ’yV«‡dˆXrŠ˜3‘‚óþ¯ˆI)@ÇâdŒÚ_2•¸ªAOmÜ8á^VϯóŸâX–E[T%A²rCšl›óQêy½½¹Ï;|úI"à®R˜<ÐíÓ½X¯$1aÚ· á–7Ô]ßgu¶nóºhÚbÍÀ¶¢ïmÎØ7Mµ.`&â±hïy„>õ¹pË|_µ¼ ÌöÜb$ÁbGÄ~FJi”5¥JÚ“ vV¿‚\•Z1C®UËuVR£Z¯553kïI@­­ÙåùŽçß&ÁNU‰œÛëŒï€Ùñ„Š·/Êì!íœÍ¥„‰„QŽ~(òǪ@œq'Tî+›.¯îžß¥˜õØ걄?ŽÁýÌ‹EšÛ¬(½X84€ö”`_ÑÅÏÝŽ#gÍk.Ojqr|óžÂ‘»':«½¯>>;:hE º%x*i©œƒÆOª+ºa²P©‰œ˜8¿Êk†ŠAJ˜6èèe±-™Ö Ü€¶±¿?&<çb‰Gc§gÎ5ÃkÁ®8ó +þ$©“süQÂmxȈ¶éYBGÒiù¿ž5Ãcƒ¶Àƒâ¦2hïS1öC›ü.;îÚ&꜔×zç= µY>UGjlŠf]y£Š½öUéÄóC+ƒý`±]4ôÝÞab»:òúÛlÃdm†œKRpÛõ‡nfÑÒ7ã]8Âæc±ÛQë@ç?xíÀmïŽ5È]=çÜ!¸©‹|bN ¯½"ö掱gu²Ý‘á`|æTÊEôšï‡p|Îú‡YE3³Dœ¢³?xª‘ÈDÐ +j…  Ô¯±Ý2Ž´îÄ{#žžf€°Ä„Óֻ숪Žvn“ƒkÍÚ¤—z¼Ï=×}Çë½²n¹«ÖÙŽ`½Ë«ÖÀnðotÓ0èoæﳦLáža +]ss€c+´!þPïñü%1æQŒL]{Q®YHAH<>q²ü··›Ø +ñö R2üž'€ôØHØ¡?¢J‰” ÀwÙCŽ Ü°¬õ"§­es…Û´|æœUR.Žl`@Œ='¦¨0‡OžN& ¬•2MÉYÛ¥•l„ÔÌˈç£ò‡°âP5Mq»Ë#ºÈ+öÓž0Üg–0©,$c±~½Ì£‚í³ÇƒdÂw«Qx Ç!ǧ~˜©˜H ”+G! ôõc‚„—(Ñê,¬n©D#ž)‹‚‚fÅÓÛùèʚȓ¾REÁ]ô¹:p»e +a@.Øqœßí®ºEmð0¿´¡Î-¨íÞ†AÞ³g”K–N˜¬EžlA'þå…¨R;¼Ü(!òŒ^&‚e’N’eb³$èÍ2/D0K)°L{³„ó˜†Cž1*E» _·,sÏ €Ð Ž•Ç€ xó‹¸Bo_¬ï©9 Þ )L; +Súa|°ŽBzlmÂñUû´t0ß0Ô]/ ÷Q®ž Å´‚ˆ%MÍG媛5òÍ}uÜ!–„f»Ç «@Ø~¬ê¨9IÂñ!ÀÇú@iO’’‚$ésæÜÉH+e^mε•!HD®ÍJ£;%zYãlšŽì$ÓUð×ß´¼?x‚œº=•ìÑ»y=@š :3qŒ"d4Õ…ÛƒFg•Éåu2­œ ™Soá¬ÛÊ×/ÆFË·Iv á­/ÍJŠ=Vñh'yÐ)ÈÿŠå]Å»ä¿e{ ŽcDØ©E¾Æ©ªôR>0(·ÇíöiRIZ×YsRŒ`¥ÖU]Ÿ»åñÐòf<\´!ò¡ÅÌ™¬Os¡N‹`‹}Qv¾° ;yì‚záF®“Ø>¢Žca€†ˆ`]¢mŽÓ1÷m!?=´¼¬¢/b——_¿{Ï+(ÎXÎØï%=ïxÉhÈ©ÌÄ ôõ­Î!L+\úÖGrºÙô ë­±úÂì9À2ñèN. RÛ¬[—â ªã3ÖAFÆJÓ‡ÖZøH¯¡S:œèÎ<:/”úÎslÈ4 "´bò’@éZuôµ·"‚¡kòQÞÚÆÅ]!gæj¤¯83¢£Òþ)U‰‹tgoÁg6t´÷ù = ‘ù8Š“ÅC›ˆYOá Ü›ø3G¤é*²f¾L +ØÞ¾fàcWÞƒž‡ˆuá&Ú= ±ÖXp2-’¡beõXÐc¯9ýþ±ÜmUmþDp~óHÊû÷ýÆ020ýµëû.0 #_‹–”"5LÑòâ—öÄèXdð9%Õ˧€ý‘|ÙÍ!_wOÔá Â×¼¾PÛÛl4¼3ÀFÆ›½Ä=¸’àž tX$-Ã]tZ +¼ïR3¡F·j\Ìôq*&Î'Ê3 æ7ñ§fe»®bì oqJ±'BÏ1“|ã‹úB]Š–÷Oœ<8ˆP@)B æÏÃ÷¨XëQN0[?³‘J;þ +âx„÷>\܈#•ØI(¼˜tu‚ÄĽöÉØ)l&VJ:i»Ô +®@Ä+ï} eƒ·²ýS'Σ¼ +Cƒr}dÛWò‚¢¼­Ž^› rD1ÎãQŽ88dÄ\6ö‰T#''ˤŒX5_Ó%»'ŸØ£T즙ù ¨ âÈ›ž gç ÈÖÁ$Sv>(àÎ –”ñ öíp^Xœg¥ÌêHêNñ‚¢r%]Dqê+é¯)³ +#¿ü“òl$fâDN#1 ±ùDxÔdîAÉ©H÷¸Â!ÓZÈî5] +P· d¯ø¯…ŒRçÜü?-VÝŽ«á–áoCúÁ„»$éOöʲ™ ¨däúk +Ï "Û›ý\n®Å)3aÀ”É1Ú¦³&Ë…þf<¿Ÿ@‹|‚ƒ5!,U  ÉA_ñY©}ₘ3R9)ˆáãùÍû«·ŸMoŹ(1±X|6Àcà ÕÛ5®ÿ\ ÓWÃùÄñ!'»"ïó€·³àTÍ¡’Èâ“ôpï“ÿÎt³^@át·þýà€ß%Ë6Ûñ#(+þRpkÇ%v—Œí—•ñò¼‘õŽ¼[Á8ÅUKZZ¶?_Z Khþf\¬U“¿$à™&œ €¦Ø–Y{ìžãL—0ønó2¯éŻdžØ`“ ,B9¦ GŽ])Ç÷|¸å‡C^n¤)m™öaé*Qvy1÷Ï”qÓ§®Å¶(³¶³¶wóŠ ldÄ©fú—‚cýùÿ5 'ÃØíS8/l†üB,gß./vÿ·Ê阑ÄÆ–ÿ˜å;èyÃ蜫KAŠMò‚í6Q,N +иk¶ÛU µ½ÁÆ2Ïâ°ã)¸'&[ +ßîwp_O÷I£L ¦R½2±]ð#¯H ©¼™Ó•Šs‘³O‚æþ•§ –«æì@ÜýçOÿc¯ÿ;£†¨Î¹g Š´ßT@ +‰2É æá¯}§¨ÿU ¾Ñendstream +endobj +1033 0 obj << +/Type /Page +/Contents 1034 0 R +/Resources 1032 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1031 0 R +/Annots [ 1037 0 R ] +>> endobj +1037 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [87.6538 115.3135 137.7628 127.3732] +/Subtype /Link +/A << /S /GoTo /D (tsig) >> +>> endobj +1035 0 obj << +/D [1033 0 R /XYZ 56.6929 794.5015 null] +>> endobj +414 0 obj << +/D [1033 0 R /XYZ 56.6929 769.5949 null] +>> endobj +1036 0 obj << +/D [1033 0 R /XYZ 56.6929 752.4085 null] +>> endobj +418 0 obj << +/D [1033 0 R /XYZ 56.6929 588.3944 null] +>> endobj +948 0 obj << +/D [1033 0 R /XYZ 56.6929 558.2805 null] +>> endobj +1032 0 obj << +/Font << /F62 634 0 R /F42 597 0 R /F57 624 0 R /F43 600 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1040 0 obj << +/Length 2900 +/Filter /FlateDecode +>> +stream +xÚµËrã6òî¯Ð-tÕKÄ«rš‡gÖÙÍLÖã¶2)%Ñk$R);Þ­üûv£Š”èѼ¶|P£Ùh4ýÌ')üñ‰U,•.›—1•r5™¯ÏÒÉ|{sÆÍ4MûT/®ÏþöZ‹‰cN =¹¾íñ²,µ–O®¿%/ÿþü—ë‹«ó©Pi¢ÙùTé4yqùöaý¼|÷öõå›_¯žŸ›,¹¾|÷–ÐW¯/®.Þ¾¼8Ÿr«8ÌÃ^_þó‚ 7WÏþùùÕùï×?]\w{éï—§7òÇÙo¿§“lû§³”IgÕä)ãΉÉú,S’©LʈY½?ûWÇ°÷ÕOÓŸ’–)+̈39¦@嘖Bz^/ ÜöuÍãBà4í6¯šÛb{Îm2mêÝvçôÙQ8æäÕbœ¯ä\?Íwz¯GX[Ц6‘õ|•ïš¢ƒÈTÒlŠyyûˆ´°½üå>#ÊQ:L•pÉyH ?.šÀ³­éÃ,pƒÕüf&Sîs’ƒ­rÎœR t[oϧ2Í’ÿÔUÚoÍãÊvðË‚P´âºnĦØÞ9˜Û3@À· l¯-ï‹Õã9ç<óÌŒL^Ó‚ +vGÜh¿ˆòÍŽùÖð:> Ö¡•Õ_täÓnÖ@sKˆ @øõ‡ô!ME±`(–HÞ—ër•oö@4!9ééi¾‰g˜þ¶<Çþ¶pîÛ*¹„úb‹“Ì™¨ŒÏØÏkÝ$ëšD%{‘àšN€ßýPÐZm^®šgJš¢ €¬€EÑÌ·å¦-ëŠõí˜/Iˆd¾ÔIÊN:©2ò+œTpY—ÕalÌÒ” +ÍÄɌ֣}ÜÞM¸ê…µŽ~ÚŸpÖŽùâúïÑo¢þ0°sÍÌ‘HZ)"Å×Žê” GÜPÖi¸sï80Òd˜1ÚyZ/'ä,ž¦`Û]Ó‹éÇⱡm¼oó¶XUrÐ6_¯ó-ñW¦'I:™ + Æ!D8Â>' ¼ÿëÍÄth@çmÚmYÝYµ[Ï0†} +îÓÿèÙ*p£¿'WÿÃ#§ŽYkÜЧþúqLÏ ˆÌ1#E§^‘~®z_èáU¹7#Ê%üÚäwcÞÕéýDnÍöÉl Æ1GHÕãG´¸—ÐbœðúTÃWoß¿¿xIpSÌwÛ²}¤‘wÞºnÌ)P–Md†AgV,úØ5gf'*³˜ŽÝ)ÿôÓþ„1·9ä;ô_&cöP•‚f27æ¸2 +D'$8âE~‹(yõ9%ãË„¹Ôf¼¨lÈDQÙ4òê…ßxV¨^™&Ë¢¢õØìf«rN0XC?%ÓOUWÓ|×.kX/Ç€ÐTx ã¸ÞǪ~¨|nTÉl„DVEÁfaª·Ÿ²(¢÷·VÏ Yy¹%Ç +‹¶·»[LéA9¾àá˜(çX£Ñ lñWyшGÑÍ%`¯2…* + zœ]à³ÉIîêh^\iW5å]…Iz°1Šï*,%ú5þ¥ãx™7„™xJˆš×žß]PÕ"L t9 Ûí¹M¼;Ó†òFš EG„³Zâ•·Cv@pKqÂ2_DyÎyB"ñä>_•‹Þä*mH›÷E5vœûãÆÊ…§>Hù  +Îz……Å»¢Í¦ á± ‡µ÷JŒ«UGj™¼Í *M³›-ê5ØTÓ747–C3©}äÚŸ e» ÜËs¿š4Iˆá}HUJaóz«èºZø|‚h´“9 W%ÂõŽ¶bf_ žŠØ  s&VX¡ôÜï°’ï1à·ø–'HïhÊbEíགà÷a™ÊžåSF„*W9sÉý>©“iò®©ëUßþ+센B +¨ÓÀãÚ1ÐŽ ûÙʱֺ@ìköиÕMq¸ô^w0ð=цî,Úÿ õóAåÿz‘P‘q}P*\]5E{hý{•þí=X°''ð¡ŒöMa€Y˜ò©ût*å>_k\ë‘"@ºÐœH‹! +#5a×»U[nVB:q¸½mYøÎ#ƒH’Ï—ÝÜ:¸ˆ &çbrò¼^€–œ—ÐU¾.ž‘®aÖ54Aˆ™2¿‹NˆLm=¯WÏbÀ¸ÃT¶\?;(±ºfèE¹Wgýµ ^ »ÉMÒp&í:Ä öDyHå·Ýׇ<Ô‡÷eñðµe7•ÄA^7¨+¯*©˜Õê 'œ¯òfPœÄíuÞΗÓùª9::ÿƒ×+n<ÅÍʇÄÿÕ¯ÉG¹AÉGîUø-,yå£wuÉ”œÉ‹æ¦ÞÞTõ©&Á«©ö}ïAÍŸG¶›ÎûƒŒ3›Iþ•ý8uþÿǾ@‡_þ˜“PŒãýÓQ()Õš2¥z†›ú¡ØÞîV„¬p;ˆ¾…ŠcC+~AÇÁtmŠGˆÖ'„VE;äíÙ#ÂMŒÇæUó@pGH5ŒÿØÛÇp@Pϧû"å/ ê™ÂMì ÍGê ²æ¦Ù‡¨tü}XÖ„²yóˆ ®k%’ËvøÂ{[Îw!é!6é`ºÀ \CÌD…vË5›UxÑVW´»M3æxÑWï‚¡,ó{ +¨”êÀ B fÓ‹Ñ*ê±Í!¨G.·2&:i0ê݈ÁpÑo %§2°dùyËàÃÊBæë—a£W€ÜÙl`jøL©\r‰2IIݽ‡ ¼tPY2«Ûåèã!-ù´¹k|€Û7µ£Ïƪ!Ç[s8¥KN‹â6‡”H;Á„‰¿ž¦QzOÑŠe›aOáÖÁõªÀ"¥N.«î[W²¹¡{Zó!K;ʇ|ƶ +™×Øîéå¤ö$Ëd*N=ºd™R_¢=‹Sº§-êQøU6×æÇ +Í©t`ÙîðUê‰æ¶ªUÍïaYbÏèKªpÏT.Ð!´¤ÇHø°.æ˼*›õ ¸’ÁsS7ÂþœácS¬ŠyÄEB_‰8‘ø¢Žã],’†úÅ%iÏÍ‚0=Oˆåá˜*âîFº£ƒVfÄz¡_°1™`ÿjtÔ0Ôû+. iaÒxåaÂ5q\¢‚B¹iÃÄ[Òñ:pŒ¾àYu½ ~ +7‘¨·¬÷› êQ·”‹Çt"UB˜  ˆÃ[úmG›g™…¯'jÐŒad>(Aâ[†_¼©õ‡ÚꃡŒn¿Õ¾æ“ª¯,Bà}wÑ'ñ7š‹°XµßŒgŒ—&ÅŸm·UzåìÒôÀ?º{rÛeŒÁ#:¨Yv‘ÿimhaºi2 ¼ ¿¡`Oýo‰„(åØ{GÚµ¶ßü'ûÊÉ “ÖŠñ—™BÖ‚P¸#uôÌÚýƒÊ±èÿßi9€endstream +endobj +1039 0 obj << +/Type /Page +/Contents 1040 0 R +/Resources 1038 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1031 0 R +/Annots [ 1042 0 R 1045 0 R ] +>> endobj +1042 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [399.2874 719.9611 467.9594 732.0207] +/Subtype /Link +/A << /S /GoTo /D (zone_transfers) >> +>> endobj +1045 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [461.1985 544.3622 510.2452 556.4218] +/Subtype /Link +/A << /S /GoTo /D (DNSSEC) >> +>> endobj +1041 0 obj << +/D [1039 0 R /XYZ 85.0394 794.5015 null] +>> endobj +422 0 obj << +/D [1039 0 R /XYZ 85.0394 703.9029 null] +>> endobj +1043 0 obj << +/D [1039 0 R /XYZ 85.0394 675.4275 null] +>> endobj +426 0 obj << +/D [1039 0 R /XYZ 85.0394 595.0025 null] +>> endobj +1044 0 obj << +/D [1039 0 R /XYZ 85.0394 563.7177 null] +>> endobj +430 0 obj << +/D [1039 0 R /XYZ 85.0394 407.1582 null] +>> endobj +1024 0 obj << +/D [1039 0 R /XYZ 85.0394 381.6476 null] +>> endobj +434 0 obj << +/D [1039 0 R /XYZ 85.0394 250.4371 null] +>> endobj +1046 0 obj << +/D [1039 0 R /XYZ 85.0394 219.1523 null] +>> endobj +1038 0 obj << +/Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F57 624 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1049 0 obj << +/Length 2026 +/Filter /FlateDecode +>> +stream +xÚ­Y[sÛÆ~ׯÐäIš‰6Üåmyüä¤NêN㶎O;sšŽ‡&W6'©’”·Í/°ÀJ¤Ì+MÇÄb!,.€%-§üÉi‰(QÉ4Nz2œf«‰7½…½7É2 '´èK½¼š¼x©i"’HEÓ«eO—žÖrz•ÿ:‹„sÐàÍ^ýpñúüÍ/Oçq0»:ÿáb¾P¡7{}þýQo.Oß¾=½œ/¤åìÕ·§?^]ÒVÄ:^ž_|Cœ„ŸQzyöúìòìâÕÙü·«ï&gW;_úþJÏGG~Ÿüú›7ÍÁíï&žðNïaá ™$jºš¡/ÂÀ÷§œ¼›ü´SØÛµ?Ÿô„ò!Vøc ùÊ·ü_]™v¾ð!$¹yïyª29-ï‹î®¨ˆNÑQP×χô´ð/#PѶ0÷,Õ?T…p–¯X¨íÒάLÕ¹#Ê’¨CϺ*†œ4ËLÛ7%¯»ŸÞ,+ Ðæww)«\¥]vç˜fÄlÇBI/|Âl%¤ixDÒŸ½|@Ééò!|åb¥I*+Äá+ª[‰Ò3x$³? ÀĨ—ôD»ìV›®x«ÚQqÜ[mÊ®X—ÌE+Ûç@ûþ,/–s©gKÓàÃÆEÜ9É,O»”xYZqÃ[·ÅÖ0 ãˆÏQu‰ ïsë±7ôtY7TæcºŸÓê½RAQu¦©Òiâ¦U¾ß6·wiÄ…uCv]‘ß\¼cžé6k±³J‹È‹"kÕÛ´z@Ÿ O +42Ö]QW--\ €,ª½àÀƒHÈ0ˆNÉc°ø‘оÁ8ꦑ–mMÔ ›µiMN”«5+7fJ¨E¬cõh…ZÚaÓ¸DXo+²E"ð•t饞š®×X„*I¸‘º¿³AŠpÒÖå– ¬ß7¦)°XIð)ÍU‰Âµ)ƒ‹ÓÈ€K+ä6‰‡àËfz¯2w½u· ϶¨‘¸Á̤ôŸ` ¼8‰>s077lMY¶iÜÀ@|Œè{"ùtsÕM +8¼2 :Ö·¦Â…¥\ÙÐåà^Û=¬±ÚŸ¸ä²^Ô‚¶¾FoZ¼v¼×Àk1Ü­þ™Ÿÿ!Yøy,ðŠ/ÚÁÛÔì"@Þ3wÙFë?m°üPè( ‡eùâ‰\ÙâCª½«7eN4¿³!YcB‘pºiU™î¾n>ôFG¾öç‹Ý‹™bðblÿ^èb|:q +À·ÚáÀº›z‹(²‹Æ¸ÚbËËÖ4Û"ãÖèc#àص–õbËC¹ÓoSÊÕŠŽ™û„ ̬yw¼Å ðb¸‚;4Êc¿Üäö^oÏËó^¾M;Ô?tnmÝabÔ¾¼ *=KžF Ô‡qÈhᨓ1“—Ey |áìùͳ®Ü1ýŸŽØÜ¥Ã?D½{‡=õo÷ø¶7·G`©ê®W †Ëâæá ëÆl‹zÓîóþ…õ3â¨B¸4ËMûuàB2píôWõƒÙ5EÖ¹(ý›ðçÛòÿt÷µ¡ßÜÀPu«þ7©¯.•­ãäß)—‰^ Œê?¢ì|Ù±—xx_ÂíÁ}yU>\Ï<X;žÞõ¿~x³7MºZÁUáñxÁ”‡"ñ¥(¤®éƒ¡ÉÞn{ñⲄb<^ ?Ž£¡sPõý¿X< kƒzݵ­žë²h¹$?Ñãd,»¤«kÒªÅïgÿ\ì©Û¬óÔõö¯°Ô,Ö5àvè)í\ÓÎu³q Bãr[/ _Ë¡Òb}VrµÔM·cïÐ{¤:^vg“ýѧÑA·Ì>,-Œ‘÷^èݧMõ×2-Ê¿ŠÛªn ðdÏ¥±öPø•}äóº·«¯þ˜¿ÿOG _k5þ^Åp“Ó „B?CýÈr÷Õÿ±é[–´¼endstream +endobj +1048 0 obj << +/Type /Page +/Contents 1049 0 R +/Resources 1047 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1031 0 R +>> endobj +1050 0 obj << +/D [1048 0 R /XYZ 56.6929 794.5015 null] +>> endobj +438 0 obj << +/D [1048 0 R /XYZ 56.6929 195.5375 null] +>> endobj +962 0 obj << +/D [1048 0 R /XYZ 56.6929 167.3986 null] +>> endobj +1047 0 obj << +/Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F57 624 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1053 0 obj << +/Length 1020 +/Filter /FlateDecode +>> +stream +xÚÝXÝrÚ8¾ç)|vFZK²lkz•fI6mÚeÙ«n‡q° šÛ•Dúî+,cLbÀ¶³ÓaýXßùÓ‘ôIÈqÍ9!….až0RQg4í¸ÎÄ|»ê r X õQo_/}ì0È|ì;ƒqMVÝ0DÎ þtvñûùÇA¯ß˜ºg>ìê»go¯o~³=Ìn.¯¯þîŸwïlpýáÆv÷{—½~ïæ¢×(¤Èàq)a àòúž­]õÏß¿?ïw?ÞuzƒÊ—º¿È%KG¾v>}vظý®ãBÂBê<˜† cØ™v–\Ý9z@n«kÓr~¨ÐÕd 4‰b!ùHg²\y¤ï†i4åå¤aÃ0`›ÊÖÛ&-OžÕLZ!ËZ!Ä6GI¤ª]u \¡6„êy¾š$º/õ—Ù¶10J’ìÔÿ“-–YÌ•N#=º&&¡lÿ÷!°Â¾Î¸ú–Ù¢Ö›’ñ5]Œ#‘,Ä$Í$ßzxãW° +ô#XþïYú¬Á*V» Ò•ÿ[\}Z‡ÖÖJP-£í“´:Ï«J}–ÖAÝ·OLJDú:ÔšJá-Tª…Z| CÿKVž&+oZñ0?€$À¤¤;ÞºãHw*U‹Ö3»ö31sÇ#Fãi™CW¸ÍóFƒÃ¶sJÛˆýçä Á¶½¡Ã.ƒQ盧jš‹3ٜԙâ`kôª5±ãóSÝNµ|6o èµ·…Ÿ…ñ7=ü“„4=Ó˜©àèG¡õ‹™g¶É0ÄÕ{Gjï=ÄõaˆY°2jéeÏ-¯^^šþ/,÷CÐendstream +endobj +1052 0 obj << +/Type /Page +/Contents 1053 0 R +/Resources 1051 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1031 0 R +>> endobj +1054 0 obj << +/D [1052 0 R /XYZ 85.0394 794.5015 null] +>> endobj +1051 0 obj << +/Font << /F62 634 0 R /F57 624 0 R /F43 600 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1057 0 obj << +/Length 1196 +/Filter /FlateDecode +>> +stream +xÚÍX_s›8÷§àѾ)’š{JS§—Î5½sÝ—ëu<Ø`[S ᤾&ßý$˜œ8IïÏøeÙ]íþ´Ú];Hÿ°Ã<è ".(d3g± g¥¿½àJÔB -õj:89÷ˆ# ðˆçL—-[>D¾iøièAGÚž½¿<¿xóqr:ât8½x9„¡áùůcK½™œ¾{w:ì3<<ûåô·éxb?y•W—¯-GØÇ£“ñùx2¾<>OßÆÓ&–v¼¹&¯ƒOŸ‘ê°ßt…Ïœký‚ ‚8›e.dÔukN<ø0ø½1ØúZªöâ‡$®Æê>€Œ·ô=È|ä;œ è¹Ä-Üß@ùr€‡Ð0ÙnæQnéŸMˆz€1Œ«´ 6*j±]¤fi>KÒ¶ ú>w•o“ą d¸¥Iµº¡fIP;³ˆ¥,ù½T¬µî-vY%¿–IaW`PpîÕr6_–2®äT‘Ëdõ@aG« iÒ$Þ=gGq±Ž_€‰ òûOÄÐu'7Ë@Æ7r•¤y¤y¸¶Q>NNìó2-,q±Éâh%EÂ^8q/œôep✪ØÎûà´¡qœ^ƒ¯Û(ßÕ6ËG†y¤Ôl‹õ,–ªŠéöGÂvdžõ;”A¼Í¬€¥gif¶ðŸØç£r©J»4ב„û¸ÌJ7K™«â`D¤­åͦLôSf3²efi^¬Ùû—*³ „•Òmÿi.ϱzÐÔ÷½ë–ª”Z{{Ó¨=êØ—h×!î‡ÒéÃ)ƒ›âUäA¢–QdG@&Ç–°¶ª)}Ç«fÛyãw[øýhv4~¨t›/¢=Ô2£-0oJ]ìqèrBµ È©ËJ ?íO(sZü=¬S¤¬,˜»Ð¥¢S©;~+¯íšwß5ŸAW¯xÈ5ïY® ‰Ox·ðài°íÍèßè}ãxÝâÙãÛ£Ð$ ÁŒþPè´A=St:åVEà zMÙëM|ÓJ€*t­T…\¨c*¥EDɸ +bÊb§Ï™.úíÈÓE0Ô±]{#=Ï,u÷Y7ÑàÖôµöjOžž6ráÿýÈUõ¨ÃcÂsÚþ·Úßñýÿ?·ã^íIßÔf=99§Äil-c”Cä1¿¹1ªA•oöJóAërÚ´¯¯õ¤…H"íìd8AZ⣠+VQ³Ðþza PPL[ë@\­ôG³Òt$4¾™žò:—'}?ñ0Ž®ÔÜ£ü˜Ë“+\Èï\žž§U»ÑÚȃX=¤mUd­qרCºiûŒÒþ‹™ PøÜñunÍdÊnK–ëîïê*Ŧk*eC¥Kª) „zÃu ,3°ºhz‘f;+•.-§¨M˜Bk?éC×ùV剱Y¦º–qlYóúÓ<ŽzÇ›Ôn|–°?L¯dXeB°-Öi.MC¹ªY‰º.»y±~hB°›,”kLtÿuZȾl¯¨æâùp ¤Ó¾Ë6jNÖ‹¯öûÿ=ôñt}Ÿ4Éqgà ÷!õ]⸠[åÙB÷þx¨ÿ¨¤Z®ÿ GôÐendstream +endobj +1056 0 obj << +/Type /Page +/Contents 1057 0 R +/Resources 1055 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1031 0 R +>> endobj +1058 0 obj << +/D [1056 0 R /XYZ 56.6929 794.5015 null] +>> endobj +442 0 obj << +/D [1056 0 R /XYZ 56.6929 158.6437 null] +>> endobj +1059 0 obj << +/D [1056 0 R /XYZ 56.6929 128.5298 null] +>> endobj +446 0 obj << +/D [1056 0 R /XYZ 56.6929 128.5298 null] +>> endobj +1060 0 obj << +/D [1056 0 R /XYZ 56.6929 104.1184 null] +>> endobj +1061 0 obj << +/D [1056 0 R /XYZ 56.6929 104.1184 null] +>> endobj +1062 0 obj << +/D [1056 0 R /XYZ 56.6929 92.1632 null] +>> endobj +1055 0 obj << +/Font << /F62 634 0 R /F57 624 0 R /F42 597 0 R /F43 600 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1065 0 obj << +/Length 3602 +/Filter /FlateDecode +>> +stream +xÚ¥Ërã6òî¯Ð‘®Š8x|TN“‰gÖ©'ëqjI´HYÜP¤V¤¬x¿~û’’©™IM¹\  Ñè7¤ +þô"u¡²Y´H²(tJ»Åj{¥O0öáJ ÎÒ#-§X?<\½y›Ef±‰ëÉZi¨ÒT/Šß‚wÿxûËÃÍýõÒ8ÄáõÒÅ*øáöîG†düy÷óÝûÛ¿Þ¿½N¢àáöç;ßß¼¿¹¿¹{ws½Ô©Ó0ßÈ +&¼¿ýç ·>Ü¿ýøñíýõ?]Ý< g™žW+‹ùïÕo¨EÇþéJ…6KÝâê,3‹íUälè"k=¤¾útõ¯aÁÉ(Mã_dlgKé0Îlry_ÞCÁ¾Ò4ÚAÞm»Ô: +3—À¥8gÂT%ép).™\Š6:´ÖºEâ²0¶ÆÒ­tuþ\"oÞ¼ì;IîWÖÛë¥UN¡ÿk›’UÇßœ?ûkå®®V9c¶ë“ñmÞõå~\®1Jâàa㩘 +’ÑÈ<µ›¡Ö&a¦T,xuÕõBð®\U¿+eJš…l‡I)L¶ל¡ t“© ÝówÛò1°§ƒÛ_šƒ»Öã k™ §ÂvWLšÛoòžÁýF6.bsÕ6}¾êe±¾%"Õ)q‡]‘÷ˆŸ¦AE¨ÐXµ»l%L@xyhx¦š(øˆT]ë`/³˜1Ø*ër[6ÃjyüîZn=–¼|“o…wY¬Î´oûÃÆxð$î‡à¸WtØÌ?¼0BQ®óC݇KGA¿Ï›n=LÈ–ÓREÉà5Û-Ãwí¾g¸³²3Ç4↜¿Œï‘ `’Ö(æ##Âc)€MÞ<•×(ØÈ뚇‡K¥9/DñZ¿TÍ“`󇈜!ª9lIôµ…m׃ŒY Á0  -Rø¢ø!ʉø­ÉH` ·áoΨ»’0—Lµì˜wtxÄZ£°Î\ª°MñžÑ‰È£½MUðöHMêÝW´kD‚Ë_?}Prh §•¶­`#­cÕoæXöê ©>Ý~àÖŸå ’•(Ü®”óu¾.¹M§ÊGcP÷"fzÃ8L94NÍŽ‰@JTÏPxÜW}Ë°bÈ“8‘3„xB°}„íÊgÖ–XÙ”"ÈOY$=1AÞ fÚêt£à©ƒrÌÞ%-§³‘£HP–s×óArÑ}¾ïQo• +~íü¬õɬaAÑ&ãÙ«v v¥`Ú ¨_Õ¬dªç íÙ5ÃI¸Ÿ² Ø‘.l#E‡w„øPm«,£ÌÈùÓÀ5H+öLp$Hl¯P šâXý&œ£á®íK/Ëh¸±%Æ@5›¨'Á`uî¸ó»rªjÎÔ*Ã~‰Í¡…*üÈÚOjÐÖÁJú’Áµú ¸à\mv¤vA„v%©g ’}@x,ɪ@‹tFx·È~lÁS,kК!`úٲ᫠8 ž‰ü˜aˆ1øŽA< MþƒÜ‘ Þ“{EïóW¾ÝÕ%ÊH–ÒÍлElúÛO3æþ+Ç1ÀI|cœƒèÇdÈ¡ø}?xBòŠ5ç,˜€8)VÖ‡>Ûêiƒ¬‹ÁùÔ9 +³3¹â8õq€Ð—³KExÕ£cÒ )F[× Â3gÐØÆq2œáÍÙ1 ÐIÁÜJÆÅc˜Ìøc7¥¸›×»Z&'›~q5+›ÿ9XA‹bùœûzl¹Q—=‡Ø!I¶©Ÿ“x&Z7ÐÑ€î¢F}l;ö¤ËĆ ‡ÉYÜ +nˆ„T%A÷Ú¾í¸óXn$XM¦A©Ûc-íjÍß—öÀÝ¡g|­C”oðíÉÒr·ÐÊgíDâºRTbûHÐZ¡×ïi2âTŠ÷nÓþÛÒwB8K +BÛPé¿—jø)s PÍR'ý…\ÃEQAÈŒé_“j] ZÖÛ€±«1°üh‹©C.×°ýÇ1±"Ðĉä†2éU¹ëQ"r\O¾ŸÏî`mƒbÂø³~ÿî [;ø=ú’û²;ËDAwÈìphU @óât[9`Œ5DÄ2/ä¬æóF€l5ª÷¹çhÚþ”G=øÆ/x`—ï…D‡ñt@ãÇ»Oß §7¥°d ÕÇE×eÞ¦ð!ÜZ^Ô°2åþ3œ­ÐàavB欛fØhà€"hZ /#tqC8@Æ AÀÁĨAâì£à©>Þ4BNošÇªfŽá9[þð©éÏ}…£ßû×Â铉„ï6cÿlãFoÂê€qQ؇Ì c”4Ã6 +iÁ–¸=xRÚE’R¶‘·QŽ"w +ÃÛ2'L P{Å?ñíVŒÃ*ç$­7è11Áí¡.Øž<•Þª!‡ DY¤àùû&Í!`t.²àhççotÈˇ”VÙ ¶×>ïA…=ò‰æëÁxGY&÷ŽÀŒ?’ÒÕ_°H)YzßÂ7åg‚mÔú"ïÅÜLnL@á t×åÔeƒ½„&¥+d„* Z'¢ +ñ Öäx²/UàÝAÀ^­'¶h8ÌÏæHœd'È8¾èäü9ædPÈn7yÇ uÉžn›S+Jœopü• דÚçÒ¨lR³S>åPbž „'4*ot±%3h±¡iÙ ËËB°YZlÁ™à®k™âC£¹{î8”l±†D’Vu ”œý<Ýôé$»c­ÂªY"ŸM7óý.ŸË)uÕ²]¦å2-_¦åò$ DÄ7å¾Ék† +Ÿí¤àJ“;Jt<\9hÐpëv¸u!^è9á0«¶óåJÑHË)Ù4ÓùÆôiÌÉ´ÎB‡ùì×/:L¹˜“éD…&2Ñr2“ê02Îy†ó}ñUiY¢‚ßÁ}òŸ=å ¸ÇELÅæ]±!Á×F_Ù1NÖÿ ¥Êq!_ +“1£>Tá•Ï2 ô¾~MŠâ0±ÚKûXF:c¥‘ AªÔS.‚¯T0G ˜ª—ÝÜsUêÂ8Î| |™µS¬3.NAUÃ;ä3ËÇI¨ „øâò ú€™i}¦·MñÆ›“u-ð%Iíéºóm. +ƒæœ;`;2ÁqS­Ð +9#eóë‹»†XDÀï%é.Y'B†„¯t™i ]¹ÙçœÑ_`[Ü>ÄðƒL2âI| ¥X)~#@P;ÃÅaœféWqÁ‚iH’×2‚«WÓ§F—œd'žC ÌÁÄ5ù'¸r»ë_ΟëÖ³÷¦M|Å&Œ“ÌNÊw¸,qª°‰¼…PÉVüð™NÒ¡t‡iÛSÉ’7-/;AÊËŽöÕsí«â4W×HoXô·‚ÄœâŠOAØÉ,½âD~ƒÐ¼ k{ +½Ù?¯%à™œöàùór:ã¼Bµ;J çž—áÐ:~eB~l{Ø(D3ãnTQDÀ‘R#ew„°?$Š*™EÆ„`ä"á%O#¾Ç w‘±gåkz&ÂÔÊøäÎrݳ"¦[#9š¯tà©nÁÙÎuªõ‹ÍÂÔú„g¼4l}.é=QBxî2XŽÀÆ.>³PR;_á{Jg”zéÐk%”ÅáÀwÒÝ3îsEOÁ° —ÑG,óâ°ÜN$¡gä£oHBû\¦:„'BäòåàÌe  k½‘P>Mpâ9[Êc²OÊéJÜ>÷ËË4øÆàbŒXÎóo,).F+Y:è}!Xѱ†Ô¦Ätpý#•/êUSõò¥æ5h„<ô¶­@¥­ñ¡ßÊÓ1ǧc@<FŒLôrQ@"‘æú¨(œKþÍ/ÏÆ¿<3HOžÃ;T$›ñ› ¸g¼Ò›“Ã@ið-ƒv¬u!,Ÿ›Ó|VÎ1½—‡hlPéR¿´Á¶í$E%)8ÿ{)b ¼q

    ¶“œ-Å»ì¦å¯¿û ÏŽp®ª;+<“¢ÁýÐXÕ9½ CóörôÈl3‹‡ê¶Á'¶]U—Å’ +ä§,~jñ'2ÙôÀØ›ü<ÈòUa– +ÉÍ;¤ŽXd†ŸÕdRX¢ð:·w<.µ…Œ„ßÇCU÷L_6Ð7ëeÓKæc¢˜ß¤êøc7cb°˜%i4÷“8øʾùxã¯#0ijÓrêÀxsˆxÖ…¸r$~ý"g ©°&¤ÿô¥Àendstream +endobj +1064 0 obj << +/Type /Page +/Contents 1065 0 R +/Resources 1063 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1067 0 R +>> endobj +1066 0 obj << +/D [1064 0 R /XYZ 85.0394 794.5015 null] +>> endobj +1063 0 obj << +/Font << /F62 634 0 R /F57 624 0 R /F43 600 0 R /F42 597 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1070 0 obj << +/Length 3274 +/Filter /FlateDecode +>> +stream +xÚ­Ûrë6î=_á·*35Ë›Dqö)íINÓéIºI:³»m[ŽÕÚ’kÉÉÉ~ý%ëfù̶ãñˆA q#(1ãð³0b‘•vf¬f!ál±½à³èûx!<μFš·±¾}ºøæ&’3Ël$£ÙÓª5WÌx‹ÙÓò— b’] <øîþîæöãÏW—FO·÷w—sòàæöÇkj}|¸úôéêár.âPß}õÓÓõuE~Žooï>ÄÒãĤ×7××wß]_þöôÃÅõS#K[^Á +òçÅ/¿ñÙÄþá‚3eãpö/œ kål{¡CÅB­T Ù\<^ü³™°Õ놎­Ÿ–ŠE2T³¹0Iŧé t}3†±qÔ';AÁaO¢X3%´iö$4­=±’ÙØÌLhY¤¤r[²L7éKReE>/òÍ;.Ñ77ZµFÔ‚mæÿi•—s-T@OÊtIª gš¯Šý¥ˆƒEê;Ö)áö©¹Þ²JªƒŸ´Xb–¯öIYí/ãà°¨n¶™6`ᘠCéøùo‘§0VŠ(ø•‡ÛyC&‡8\^kÇ°ÇG…èQF‡¡€ ·™¼/§ŒC&9©sÿ2£ÆC;´×øg$ÎK"/ŽÂ¡>ˆˆé>K*D…–g6¾Á:ÃÈp6d„T6CTTꌲµ°&”­Æ:îÓŸ‡t?¢k’q¥í4ñk„zW×@?D¤ºäÿNek„èë$ªÉ<ÆtM1 Ó‘sR×<þ‰‡ó~¹®iË ]§—¾Á:ÃÈp¶I]_ÊBËi]kcÖµë¸MÕ?«t?P7ÉÁ;‹pš~ƒ5Â@GÝÐ×G}þNukËÑ#ôƪ“™ 3¡¶Q'4®Á?#ôpÞ/׸È0­`¶ÉÕo°Î12˜mZãtÌ$ži§5®…5¡q5Öq§;ÈXÒ¡{ƒMå‘ž¦Þ`ïê›Àz˜éÒlòÌÓx¼­3—Îr¬‹²òÐ:—¦—úćH®tÀòð¼u9´?¼Ã [‡»G‚’%A)/èŽ4©oû¢d½Q}`AÏÁTË~Ùc•6H.²”b_E÷eêÊ\9’ðñ¨]‰+&ØI‰$´ïŠ*%¨/Šbñ–å/?Î]x +XÜi¯©Í´`àñË +E5:øʺýi,M–KRöŽ…Y^¦ _ü‡ORÓ¡®@Ú`d f‚™¢–ñƒmðçí#Z3˜w`°2Ó~À‚„Wƒïp3¬vÔXgx€ôYƒ–Óæ¡9ª,Ó*É6åIÛ•V3šxÚvÛX§m·ÁBHæ»b“-Fri&´Óä¬ú]ãÕà7ê2Ð5Þã‘îW)õ#V^}ylˆÞvŒ#½{ „¯N<5L)XªÒÀ6§S!¡Æ?#ÚpÞÑ 0 6fâØô7XçÌ6d¤`ë¤9£V-¬ µª±ú!aZþ–ì—èú +f‹9WÓŒ4X#œtÌD° m±þz6b;ÙȨ@#)xhcq2/Ñ\‚ ;BO(aƒFüá¼_œ—èÈÂMØé}h°Î12˜mZ •j¢3JØšP‹ö¬,NðyȬ†Db’xƒ5B½»åœ ¨ß»Û2)m°M“teuØÐ{6¦n£Zgõ“Gz ÍÐØv fL`_SjSL‘þënÌI\}IùŠÀÊ´¢†«»"—ÉbÑÍœlrhù++iÛ7(žìH-IF!Ó&®ïj0s¢ÖÈpÝMîîŸnoþ=VlŠaá›’øŠä«­Üˇ ’Oùœ‹`Aa–rØÑÅT”øÕÃ=Æ&+]}Ûti€-¬ðº +'‚»¯ÒPWnO²ÛgÛ„Æà­=÷B-%‰Xi‡Zz9 AshU‹ Ý«¶ØJ0 Äd\8æXîÖÆuê}ˆãê}C“„ 0:°:æÑ7b°áP×çy,YÇ&¸òìûŠZîjÏi—KøMÆ‚…Bô®¨(‰«›‚æ°«#¦Œ ¿ˆÛP2%£šÛNŠ\AÝmj¾ôÚ¸¸¶4ÒҳΠWæu;LBs¬ðzMˆ‡šÓz‡º¢ÞPÖJ!ZGxßÖÍ¢§%‡¨CÝ«ƒ7W³_Ó.†—Õá¹s-ëopš˜XFZi{1Óí®¾¦Ak9éÊEÂA<ÿ¤+ocvå –+7¯ÓÅs´Îr˜¤†˜PŸ!Þ`Pï&©pT“ªGÞߎkë¯¡í— aþâÆß#Äk_µÏÜÍO½”صX'{p×NÜ1¨"¸»DÁFùžWÉgêuꃃÒ=œ<Ùe±¥¶&UznòÆù©{Ž¶>¡*…]p¹q£~±ü¦ð Ïþ®È˯{{ŽÖ­—Š¼|ÐÈÓê­Øÿá>ø‰I¿|´ +xÁ{©†ÅÂ_ ¹ó©›«8õÙˆWË÷]êõ÷¦¾í¨P1iX=HöÑ >Ñ£ÕŸ¥t3Å®UŒ„m,Áˆ:Ù[Á!n,%„hEË—žf]â?ª|å&yMDz8Ð*¥þFÎ!ŸÍÇ)8´È#ç§ìž ü.*> endobj +1074 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [284.2769 435.3027 352.9489 447.3624] +/Subtype /Link +/A << /S /GoTo /D (access_control) >> +>> endobj +1075 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [282.0654 405.0176 350.7374 417.0773] +/Subtype /Link +/A << /S /GoTo /D (access_control) >> +>> endobj +1076 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [299.7586 374.7326 368.4306 386.7922] +/Subtype /Link +/A << /S /GoTo /D (access_control) >> +>> endobj +1077 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [184.7318 321.8124 233.4785 332.5968] +/Subtype /Link +/A << /S /GoTo /D (dynamic_update_security) >> >> endobj 1078 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [259.4835 478.4263 328.1555 490.4859] +/Rect [330.7921 290.2521 399.4641 302.3117] /Subtype /Link -/A << /S /GoTo /D (boolean_options) >> +/A << /S /GoTo /D (dynamic_update_policies) >> >> endobj 1079 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [387.5019 224.9363 456.1739 236.9959] +/Rect [401.5962 259.967 470.2682 272.0267] /Subtype /Link -/A << /S /GoTo /D (zone_transfers) >> +/A << /S /GoTo /D (access_control) >> >> endobj -1080 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [381.9629 194.6431 450.6349 206.7028] -/Subtype /Link -/A << /S /GoTo /D (zone_transfers) >> +1071 0 obj << +/D [1069 0 R /XYZ 56.6929 794.5015 null] >> endobj -1081 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [398.5803 164.35 467.2523 176.4096] -/Subtype /Link -/A << /S /GoTo /D (zone_transfers) >> +450 0 obj << +/D [1069 0 R /XYZ 56.6929 639.3701 null] >> endobj -1082 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [393.0412 134.0568 461.7132 146.1164] -/Subtype /Link -/A << /S /GoTo /D (zone_transfers) >> +1072 0 obj << +/D [1069 0 R /XYZ 56.6929 613.6661 null] >> endobj -1083 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [255.0796 103.7636 323.7516 115.8233] -/Subtype /Link -/A << /S /GoTo /D (boolean_options) >> +454 0 obj << +/D [1069 0 R /XYZ 56.6929 492.1088 null] >> endobj -1077 0 obj << -/D [1075 0 R /XYZ 85.0394 794.5015 null] +1073 0 obj << +/D [1069 0 R /XYZ 56.6929 466.8231 null] >> endobj -1074 0 obj << -/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F57 624 0 R /F58 627 0 R >> +1068 0 obj << +/Font << /F62 634 0 R /F57 624 0 R /F43 600 0 R /F42 597 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1087 0 obj << -/Length 2798 +1082 0 obj << +/Length 3028 /Filter /FlateDecode >> stream -xÚµZK“Û6¾Ï¯ÐQS"x`öä8cï¤6N2žÔ’ Ò°,‘ -IÍX©ýñÛ`ƒ)¾”ʸ\c’à§F?>4Ø‚Â?¶P! #-t$‰¢L-VûºØ»÷7Ìc‚´Qß>Þ|ý.䋈D!›–,C¨1lñ¸þuNnA]¾ýñûû÷¿<¼¹Õrùxÿã‡Û€+º|wÿŸ;¼{ÿðæ‡Þ<ÜÌ(¶|ûï7?=Þ=à«ÐËøöþÃwØáeDèÃÝ»»‡»oïnüþæî±±¥m/£Âòçͯ¿ÓÅÌþþ†µxJXñÅþF*A”¢nÙÝ|¼ù¹Øz[ýtÐŒ.ÀW}JÑr aDE‘Zh‘PpQ90KѤ]¯ñ.NýM²M³ü–™¥-°¡|²x“Ê$KIÏzF4cáBsC”alD[m*;íå”ý+KmP”q™e²*.ûgœ2=­@ƒРí.Æ1ÐÒÑà~ã:ýú2-$¸“ Òâd „t…i ^c¾º ÕÞŸQ¸,lþls¼Iv;¼ûdíÁ¿¯MŽý«$Ýdù>vQÀxÄ›ò))ðÎ9«êÈ,_ž’Õ¶®bÿ‹?|ßëãþ`×Nep#†Rç#F"¥x¥l™£†µãÄ5‘&TÞ°sl‚ß(å;;à -`ŸTÍ/ÖÖS[s.½ Z㚆vÅ(ïB£ˆÒÒLó®ç]ƒªÌJ¶Ás¼KÖIy -’´ —ì“à - ¼šT£A èÑ!ŒâDÂíèñÑÚ ÷¬m±Ê“ƒ'‚óÑf H‘&”˨Ò˜5*DÒJ$ý¯ 2 ÈMFKÚ–àË|»À›‡–é ~Æô¾\´}u¶Ò¥}¦.u’0h•˜¡B šÑ£'Ë©1N>¹Òð ùZ¨ òÕ¨jüåqZll•‰ƒ";æ+ÛO|€×zF‰5 E7ñED© -þõêÄ7bË…&;­&ˆG qÄ:æN¯ÆÏÞ—;F<ÝSIKb8dµÉÀ¤KƒF¨b|†,—šË²Ô¨Ïa/ÂÉT¸h÷ÐçKP¤Ã) 8Ñ]E¾_¼9—µ$œ‰ ʘ̹`‹§(Sãglï˽š2’r(Ö¸š‚P”èˆ6”™)ªTä¦ &¦)Ó œ²ñ® ®É1²ƒÚ²ÝÅg:´M˜ GƒŸ±¹/÷úö\Ä´ïÕàTvmv‘¡Â.œY/5¨žk‹_J ¬.Ú¢ê (Сˆ+ÿ`½ÚÕà PdxÒ`¿bã,œŠLÇÖ©$RãgÌî˽ž%FÃÔ‰i÷7¨9EzÒ&×èRhPJÉεPœ«Q®Ç}’¹Ýä¶x -Êdï¾»9'ìãσͺÌO}lÝد&¤ÕPN›Ð lèÖ!^w¨hË"O[wÓ¡­kèSLB—,d¦£ØÅüŒŠ}¹Š9eF?)¨s¸›™§ã]£f4éK›æ Ý_Ìp¬…šàXª†÷ç ›<Ûëdã Ð°éÊö?…Àjøå¤: j@ŸnÑ ™I©°«ÐëÔM³f]ÖÝš˜É²[@]N»†O–Ý?ゾÜÑ’ýo’Læ.[NÅ¢AÍ(Ò—6IGWïÑPÌ”amÔ8”ëñ“=A´rp@–Ÿ†Ê0¥åtï5h ÷nƉR0ÇvºòõŒ¸,Ã`½ ™™(àŒŒ¶ “e˜ÇÏØÜ—;¶¡oòBj1íyAažêÚ"LH õ2›Yâ5¨jB<îÊ$ØÇE +¡9èÈå¢-w€5Ð}—°áP*wúz\ZqÉæRg‡‰H¨CÕ1tŠ5~Æä¾Ü«s‘€hÁß´ëkÐŒ=YM"ºp*ÐvdÚJ£óÞ=—DÂlN)]~wJã}²Bý9¬ãÒGî§l—¬’ÁÉ€‚lWSܪôû÷2¬öïáR‡,/ÝŽ¨TËò%ÃfX§Û<ËäÙbÃÞ–OÙºÀ FuÝÂJ¾LnÙ2ÝbÃj—Ø´ô($ÜäÉö©ômvt°¹ÛŸÅÆuc<+»Š6Ô©v_i½ízÞëö¥á*KÝ&éöˆ»ñ~«ôÓÔ¾,s³CHMóik—½ØûÈr“ÊzVu'$FmÈ,þsG%*8¸Ø fN·gÖ,`qçÖ›ãÏ_ŸíîtËCÞ@4ÝÞ_ÔƒÞh„åüã°°ÚêJóª4^ï¬vñ±°¸ÿ’埊Ön¼»)â}ý6>áMì1n{ZÐpy@ž“ìèß<Û¼p›Óøä(䮎oïK¼V¬ò°-ØŸâmÍ­Ê jªŒïìÃ×™ صOŠ¢ëõý±5fâôÔvö -r¬›Ì×¥•Åƒû¤áçlPŒûb¯爤<º bYa€kj_|ƒÓKðz„CK„<­ânüÏöþÜ ->ჟà9hƒ!UV˜l‡‚3[ûÆ6¢pw“ã‹V€ 5ˤ-Áw’Iwʦ‚! qΡMˆ@1mQâKP¬ˆ·þmâ•,’-F–.Ä»0‚IáSTRÖÃaµ;®ëóOgOÃØÁËãÇû÷~PùÐຠð‚®ý«‹AæpêÏó§¾çw\úoêšÒ5uÄëÓOµP7®Z|s !°PÍ&L@5yþÖ=?°µduaô†„Ÿ§ÍüÈí*“oº;aóÞÆi’n7Ç>#UÝ ¬Ç*¸“íX#B¶üï“Mqx2m`>SQ?˜õƒ¦êzË"¡ÚÇìbç¨zºézv(à…³5Rȧ"ÆÇóÄ^å‚F›cbÊñÍ6c‘á’’¦ŸÝ'²AÝqkG«Ê…Â@ ïŽû–aÎçZLÊNÙß(t¤£½4¯ù ÅÒ~ŽÍ lÇÁÍÍàpà ¶ÅøèsÁ¿ÚÉÄý"ÃBje¯×Þ®‰ï#ÍJÏ'.`^‹x—Oø£}Ž;†¦ÈÄ'Žúú”½t²G+Óú$\r.âwYö©øÆ8Ôݲ·^¸¹Ž\¾¹ B¨¡«ü·ÿà d–ÞaBrwçtãž\2/O{~ºug$!ÿ@c1vÂUÀÜ-¿dÀŸwÒ?>ýz>,5Æð‘õ wi@ˆWªZ\ðþL¶¯úÿà Žendstream +xÚµ[[“Û¶~ß_¡éKµ3BÜGÇY§›iìv½™v&ÉW¢vS¤*RÞl~}n¯ ÝØ“É,|À¹àÃÁ ãUÿá•â(¡š­¤fˆ'˜¯¶‡«dõmß_aÙЦ‹úöþê›7‚¬4Ò‚ˆÕý¾3–B‰Rxu¿ûyýúï¯þysw½!„µ&«ÃãqFi¨)®Þ_ý«°Ój»NùS…¸"rÂŒvˆ(3±’\#A µ¼ÊÀ"†×»lŸž‹Æ}äµ±ì›7\uú ‚(N$5ÿrzhþâP=)D#¥¤ö¨¿™ñh˜Yÿõ¯kW.Ó&ÿèÅçåæªÓ‹û<]cµÎv›‡"Ý~Ø4î3hš6éCZg0W4‘`AnÇKÚ«² §jŒ¢«&àc%VŒ‘æœX›ôCæ&5µbχ¬ljd»$€Uˆhî¼õ®yÊN –²õÇ´8”Rß1s Ǫ®ó‡"sMùÞÕ¦»]ÞäU™®þ¢«iÝÀ'?ÚSúÑW?dYéꊼüí\m^6•«mž<°ÎNÐßÕ¯ßW‡¬5 clŽ…7·z±Ý·äå¶8ïŒ<óõœ7O®dåÙ®yÝœò‡³±ÈÕ@ÙʪÌ&† ¸á}Ÿ?š£­¦%ºPa)ðtôð MåÈ?=Z”ñÆ.‡I<ÅbÌÆ’Ä嶨 Á½U‡aA˜¥Û“ü>ˆ.Íêí)?^A„qÀ´Ü¹ªº9?¸Ò°¾!8n“ëÛ½oÍ<Fï„j„ž/Y=ÁX,‘¦D]¶ Úaq”^µ`Æ.¼€¬ç¼(¼Eí5pA:k”h¥‘Þ¤´ (õÁÏiû×Ç°<E7°)…EÚŸN·„_Ž~ åæ9C¿À±*±€2fí«ÓszÚ¸E0⊠nQ’{óCâ‘žèwÖ ”òõ!K˼|ÜŸ ¿Ií]½ß¢¸Ÿ8Óô”Ö®*uœþfjv~d°]ÔÝʘeð8‚»‘LDÈFÂâÆ#Š–؃ì–ídnÓsyY­ŠEU}€pêô®\ã>Í Ç)¢1Âã>§Ò}c2"§ð€)cÏW¨gݪ‚ÆǬiÚ.eå*Ó²~v{¹Iž¤X??åÅ´ 0JQo,prª›)/Øä1xá¹:^~ZÕ³×ÉÕ”Õé`RSÜam«\]X`DH ÎÀ~åÙnv@b Ò Ûx5¿ZTgÿ×eHÁLEEЄèÞ +€0¦ ëêËþ©¶ÁKç"˜ç +’ªS¾Ë|í“/F»RµwÀÇ¢z°¾†º>M‰fÚ…WhÌ}G–bòY[Q³mnæ=è`3+@¤îÓËV¦t±jL% +GIต #Êp_…(@‰hô%ƒØ€™¬ŒÒ‡ÎŽiŽë»k“E@ ¢?.‰d¹´µ®3y’Í™¦ÒXç'(ÀZÐ|Ê)[ e¡e@Ù´ë÷½ÕfcóüQt†0 +[r\|‹šßÎp¤ƒH×WàßךØ=Ãvy¶DÅšY’˜w(3%å ƒÍ§¥ÕþÅ}XŸ›Ö2=d®Ê©Ó…­Ô'y[T®å—„'¿Uçœ{ ˆCeB +?ªwS¹{ùÖ+{„ó‘5?KÊå ìZJÀAçö?oî+‚=p¶üÎ}h÷'„ˆf)Q» +G!hã*ÛѶ@$ÈÔú¼m†œý¦Ê.¦K^{ .Xgì Ç8³ÒÓ>!„ùDIvf‘‚„ ,É%[5«Ë×öBíoe±˜EY1náTƒäqÇŒ¹uç,™]8L08N“…¤¹‹š_8-ª·pšÃqãÝ9\>Ì\—%ZÔ„=·1‡:P£]>.ùPR½!IdÕ9³…“íåJ™[ +œ¬o["îæ zÞÓ”" ~‹;úŠøÙƒŒ}‡ô÷]¹ûÌ»;?d›ñaKç Á¢j´ ±=O+hL¤ê)òçÃí1sZh¨”röxL•BL+Òµ8r:náqÛG£ÎåPÆ ?AáØ ´ ¸£±¢c–P$ôÜÅmK½*½€šœ­|WL“r .t\“5¡JŸ~&‡7SÐÕåË\ÆÄ,ò„'ŠDøG ÒkÒ3:J@_0<î§S™Kc%âóТe!•1¶ppè€æ9@ó£:7#*†˜à"ªG +Òg †F`jW“¯DÀ®=£·È%°ÐóÔq)x×æ»—bo³_\érFÌLº ýÜéº:¸¯]^°Oé8ø*µo«‚w—Fœû—‹2éEéÞ{3ö÷òþùÄ.óúW3Ý°à¦kžÄD!N”\ q!q@e?7u3W7ùv|™ I+1i{T5¡AÍœ!lHÜSáv?ñ€¹2¡êÿz> ïsöç¶|y6ûeÇðºçmN}S^îÍC€§0T8~Û‡¸¼¾¼ÄYAʼPlŸ\í6-Û§8ûww>³#½ÄH%Éàž¸{75ñÈ!S"¼d_&§s/4p‡›·=v™–Ã[—–k­k.7ɳÄ3É“ùÝL”wÐ<íÈÚ”?n>¦E¾Ë›— J'øƒ9’ +XÓ¡•èç€|`^W‹/³9ÏÚ2>ªyôL$HCο7|4êìvÍÇ70ö£þoAq5FcE·llS ²°ewQÚ”{¬ë¤êuu>mÇ·¬R +”hQZô#©„Ôø2Ä›1f Läþ‘SˆiÊ{öÆxð –ÇýôSGBÍÕt|hAÑXqâŽY¸tî€"´ó ™‰Ú|#âÁ] +W¢µèoIFûj|5Öyc:(†¦â™w’/–ÄxàqËG£~:ëà0¥˜Žº?`â: GŠRNsó[”…P×ÍS.€ì[aÑl>%Ø ‰”É»"JÌX‰>ãRTÓž_†q[†”ãˆ&šF(›À´ko”r7}4êgPŽ¢„%2êÿ×b4ÖÂÿ`^úqi‹‰ýðÏb"Ó4éÜÅ]L‰)1q±G»Z|UÊM:w¯G—îõhÇÞå[=7}8ægÞè s~‹‰ª0išoáŽ#ó‹þ ið¿?ýé8pùWL"jÓ¾K„e-ƒRFqA‡š·ÿÂ`¬úÿ[Á—fendstream endobj -1086 0 obj << +1081 0 obj << /Type /Page -/Contents 1087 0 R -/Resources 1085 0 R +/Contents 1082 0 R +/Resources 1080 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1084 0 R -/Annots [ 1089 0 R 1090 0 R 1091 0 R 1092 0 R 1093 0 R 1094 0 R 1095 0 R 1096 0 R 1097 0 R 1098 0 R 1099 0 R 1100 0 R ] +/Parent 1067 0 R +/Annots [ 1084 0 R 1085 0 R 1086 0 R 1087 0 R 1088 0 R 1089 0 R 1090 0 R 1091 0 R 1092 0 R 1093 0 R 1094 0 R ] +>> endobj +1084 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [259.4835 683.3704 328.1555 695.4301] +/Subtype /Link +/A << /S /GoTo /D (boolean_options) >> +>> endobj +1085 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [387.5019 430.1364 456.1739 442.196] +/Subtype /Link +/A << /S /GoTo /D (zone_transfers) >> +>> endobj +1086 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [381.9629 399.8859 450.6349 411.9455] +/Subtype /Link +/A << /S /GoTo /D (zone_transfers) >> +>> endobj +1087 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [398.5803 369.6354 467.2523 381.695] +/Subtype /Link +/A << /S /GoTo /D (zone_transfers) >> +>> endobj +1088 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [393.0412 339.3849 461.7132 351.4445] +/Subtype /Link +/A << /S /GoTo /D (zone_transfers) >> >> endobj 1089 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [352.879 681.7691 426.5323 693.8287] +/Rect [255.0796 309.1343 323.7516 321.194] /Subtype /Link -/A << /S /GoTo /D (tuning) >> +/A << /S /GoTo /D (boolean_options) >> >> endobj 1090 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [307.1508 650.7179 375.8228 662.7776] +/Rect [381.2254 182.5173 454.8788 194.5769] /Subtype /Link -/A << /S /GoTo /D (zone_transfers) >> +/A << /S /GoTo /D (tuning) >> >> endobj 1091 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [334.8268 619.6668 403.4988 631.7264] +/Rect [335.4973 152.2668 404.1693 164.3264] /Subtype /Link /A << /S /GoTo /D (zone_transfers) >> >> endobj 1092 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [337.0185 588.6156 405.6905 600.6752] +/Rect [363.1733 122.0163 431.8453 134.0759] /Subtype /Link /A << /S /GoTo /D (zone_transfers) >> >> endobj 1093 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [364.6945 557.5644 433.3665 569.6241] +/Rect [365.365 91.7658 434.037 103.8254] /Subtype /Link /A << /S /GoTo /D (zone_transfers) >> >> endobj 1094 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [374.6372 526.5133 443.3092 538.5729] +/Rect [393.041 61.5153 461.713 73.5749] /Subtype /Link /A << /S /GoTo /D (zone_transfers) >> >> endobj -1095 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [292.0276 495.4621 360.6996 507.5217] -/Subtype /Link -/A << /S /GoTo /D (zone_transfers) >> +1083 0 obj << +/D [1081 0 R /XYZ 85.0394 794.5015 null] >> endobj -1096 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [319.7036 464.4109 388.3756 476.4706] -/Subtype /Link -/A << /S /GoTo /D (zone_transfers) >> +1080 0 obj << +/Font << /F62 634 0 R /F43 600 0 R /F58 627 0 R /F42 597 0 R /F57 624 0 R >> +/ProcSet [ /PDF /Text ] >> endobj 1097 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [460.1655 433.3598 533.2211 445.4194] -/Subtype /Link -/A << /S /GoTo /D (tuning) >> ->> endobj -1098 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [362.144 402.3086 430.816 414.3682] -/Subtype /Link -/A << /S /GoTo /D (boolean_options) >> +/Length 3167 +/Filter /FlateDecode +>> +stream +xÚµZ[“Û¶~ß_¡GíŒÅâFlŸœdíºmœt½™N'ÉMQ»¬%j#R»V¦?¾çààUÔ¶vÇã%œËw. Å þñEœDI*Ò…NU3/òÝ[ÜÃÚÛ+îhVžhÕ¥úæîêo±H£4ÉânÓáe"f _Ü­^&‘ˆ®[~ûÃû7ïÞþtûúZ«åÝ»Þ_¯DÌ–oÞýí†Foo_ÿýëÛë71_~ûç×?ÞÝÜÒRâx|óîýw4“Òå ÓÛ›77·7�¹þõî/W7wA—®¾œITä·«Ÿe‹5¨ý—+ÉÔÄ‹g¸aOS±Ø]©XF±’ÒÏl¯>\ý=0ì¬ÚG§ì§bÅB%`I&¦Ì#Í9ÐhÅAÆ´5²š4²§B#ëb•m›UsȪzS®¹Y®êýñCpE +fÝmFª idGžÈH2!úâ|( +rCóàë¢ÎåcSî+šØoP°n©Ž˜PDxRCI8”›Ä=\VCÅ¥Ž£Dʸ§8-î4¸í˜ Ð_0Á˜/™ o•ÅàI¤‡")%"Éå¼+<Ñ1F¼PŠh2øÌ#±C5ƒDO…;Vû¦ÜœÎaƒƒ/íî‰&vïù[ð(MµìoÿeÈKxFJ öN Š¹Ôg¡&R ì¤é):µ@Aç1ßCMÆi¤™”ó¶—LƒQ¹F‘"ct:Ä€bjdÚÕS2‚ˆd‘‰Õ¢Ëz G4!@"2ŽŒŒe_‚ÿDœƒí5èóó(üŠ‘jzºÎ%$OAí1ß—£ÄèHêTΛ?P]dÄm6'%P™ŒÍÌu¨f0ç©pÇ]Y­ÅæPÔ«¦Ü¯È»ìóä´¥n§1­Ÿ™-œË5¯B šÐ¡g¶$‰b£u_ [ž:Øâ [œCLÁ–<á¦'Ø ÄýÇ|{CaÄxQe5ÆQY 2&â0 +½ìƒo]ÄËQ¢˜H~R.Ëš®Uñì&P0)|ŒÃLJD+ î±éë˜aôTÅ +,_V…£† j,Í~KŒ÷àAZz~ȵáŠüKò$.ÆxßCV‚brù /ë™ÅÊY]GÌò¸µ\aÙ* +³% +Z¬mœ$ äž"è´E–?ôx¸é¼u .»áÖ×EUn®ÅŽ›Øx*ðsÿ±`É섀A&&ôµüXÐ=Ùlí&O4IÌqp …Žƒ`¶›²)ÁvÍ—ï6DF0Š6‹†-ˆ‚Øüv,ê†A°:»w«¥².ïÉó0þ…ŬA÷ô¢šTÖ.I•‡|{\“õXÇÒÏ\ˆ~ =MƒN­x½8¥ÃÅ­ÃZ¢‚íMp8‘P„%ú\Aá2‚”d^ÙZqßýNþæm%ÐÜ…n_0¨¿ÕöDÓ»"«Êê~sÜÒ=a¨³äÈa#¾üÇCQQ|rm ¤Åé8…N¨}«fñË5Keì©ëˆwà<ÄVâð¦}}¨auMcT‡"£Û¶¶g®uƒÉâ@™é@·¤¶9ç¡XúÏË…'É´ìÈqeM( øЈ~€tC›k}¦Ä&ŒÿÝ‚Nu:!—Z.‹Ï⼦yŠ˜ÑÄšËèÖ%ƒ?u³ >±§^*/ˆ,[¯^5”njß8< …-}<ÑCÛâ)CsLÉÒ¥}Ø?÷òG'“c(ÛRU¶]üv¿ÿTÿ‘LëAë‹ïà)È1á\¯h£m á¿é©åD#ÊH8jó Þa6oNE{=¹€!Nžë»ÝÜý†êc«M’´µƒÚEn¨E 6QåS¹-î)|c³ü¡ÊÝ£]Ú\>dî¹ú˜ç°iÐeMþàóXÖŦŸJQ¨€>Ô€iYO•·r·+Ö% Ðn`RR… +ˆË”tYÓ˜R ª=]7ǃ«ðD§ä#m[úRil”HlÓ³­á†R†éh “ϘêìÈÕÈÔÇÁDY£'í±Cû“‹é˜¶¥`k›X D®5TºË$¬ë°n<š¶Å&³Ü—½Œœ kÏPE'¸;œœ(î82ôQ(Žî9ûÞKØ-žbª£½š7Õî¶Ìœg{ß‘ Ó®Lg/g²ŒˆZƒYÁLF·Ïåvg¡Ow¶ÇÐàlùΓÙÖ–^Ñs %£ï•Þ&›Á’kX:û÷– K*ì)(Å/îka­@±rn†NOihÎpÜiÎ߀a[¡íZF—»¿Þü“FÅçü!«îÝ£6Úq (GÐWt3®9í¶tlë‡,œ–­ …#„z|LRu#ÞÙcœbír­ê²u×î9†GR†·U6ÕwÂ~ ÀED¯&ب(5ာµÊè"t§F\bå÷rˆ\O…ŠŽŒ`:proaÖ,¸EOZÛÍE%G¯ö9¿ÀŸ—<Ò2Õ/ù9›T&ÒL~Îö¿=åÁ~щzVzŽ/7ôOôY­‚R0Bs¦*¼î?(0 vîRs>Í00½‡o>gy³²Íq ;|œcx'†¹®WBÒÀ›Ð~à õgR»SNù͇ÅçcQÚWÌáÞºd D‘gÛþë¾Ð³`"p/¦/¦rD{Œ?­_¾ÌÓŠ±H‹À(RfòlðßYí‹ØÛþ겺4æ܇: ƒ‹ýò¥ÆaY$d"> endobj 1099 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [293.1435 371.2574 354.3435 383.3171] +/Rect [374.6372 737.8938 443.3092 749.9535] /Subtype /Link -/A << /S /GoTo /D (options) >> +/A << /S /GoTo /D (zone_transfers) >> >> endobj 1100 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [288.6803 340.2063 357.3523 352.2659] +/Rect [292.0276 708.0059 360.6996 720.0656] +/Subtype /Link +/A << /S /GoTo /D (zone_transfers) >> +>> endobj +1101 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [319.7036 678.118 388.3756 690.1776] +/Subtype /Link +/A << /S /GoTo /D (zone_transfers) >> +>> endobj +1102 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [460.1655 648.2301 533.2211 660.2897] +/Subtype /Link +/A << /S /GoTo /D (tuning) >> +>> endobj +1103 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [362.144 618.3422 430.816 630.4018] /Subtype /Link /A << /S /GoTo /D (boolean_options) >> >> endobj -1088 0 obj << -/D [1086 0 R /XYZ 56.6929 794.5015 null] +1104 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [293.1435 588.4542 354.3435 600.5139] +/Subtype /Link +/A << /S /GoTo /D (options) >> +>> endobj +1105 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [288.6803 558.5663 357.3523 570.626] +/Subtype /Link +/A << /S /GoTo /D (boolean_options) >> +>> endobj +1098 0 obj << +/D [1096 0 R /XYZ 56.6929 794.5015 null] >> endobj 458 0 obj << -/D [1086 0 R /XYZ 56.6929 323.2894 null] +/D [1096 0 R /XYZ 56.6929 544.3772 null] >> endobj 774 0 obj << -/D [1086 0 R /XYZ 56.6929 296.7987 null] +/D [1096 0 R /XYZ 56.6929 519.5953 null] >> endobj -1085 0 obj << -/Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F58 627 0 R /F57 624 0 R >> +1106 0 obj << +/D [1096 0 R /XYZ 56.6929 144.0934 null] +>> endobj +1107 0 obj << +/D [1096 0 R /XYZ 56.6929 132.1382 null] +>> endobj +1095 0 obj << +/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F57 624 0 R /F77 703 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1103 0 obj << -/Length 3157 +1110 0 obj << +/Length 3017 /Filter /FlateDecode >> stream -xÚÅÙr#·ñ]_ÁG*%ŽqÎá·õZ»V’Ò&]‰¯‡á'&9\ÎpåÍקݘƒ.×^W¥T¥ÐhôI9ð''©„ÎÌ$ÉLd…´“bs%&Ï0ööJ2Î, ÍúXß̯¾z«Ie±Š'ó§­4i*'óåOÓ×ß½úÇüöáz¦¬˜ÆÑõÌÆbúÍÝý·ÉèóúÝý›»·ß?¼ºNÌt~÷îžÀ·onnï_ß^Ϥ6VÍ$~|wKHoîþ~{ýËü¯W·óvËýcI¡q¿ï¯~úEL–pº¿^‰Hg©¼@GD2ËÔdse¬Ž¬Ñ:@ÖWWÿl öFýÔ16YF6UÉŸŒã“Í¢X+íùt›+8OO÷×éô°vÔyÞçÛ¦¦vµÇo2]ºmé¶Û—ʵ{v5ðEÛtún[ðÔœ>W×ù³£©«œçÕ‡¢€§Ãzý‘ñò¦X¹å`.oåz‰˜6+¦\íÜ>oÊjKDËÙ<˜IeÖ* r³qË2oœ_ Íè(~4¥³ÐŸeIí|ËmEߧÃÖÜÓ ÞK͸ûk™NuÜoù¦Üº%°À¨xúŠ ¡SÖD¥;%_VnK-:4êòy +Žœ‡f"“0¾I§% )›þYåÖËk‘¶ùÆBH;ž´ãi @àrKÀ¼(*ÜeN— c/e³¡Ò|Ü )ñVµƒ3Ñ㤹ð†x´ºZ1gX½sEé©/ à·yŒL-ÞDÔ®D™V©_{>Ƭϴ·³,'¤Ža^Ž’S÷¥\/ ’eÇ{|RLï«ý&Gy—RNoh^³*™t9¼•Á"OGCóÇ»·Ãõð³°BÀ?9&=¿:8ŸÙôP#ß°ÕT´-9† }´[Âá6 úûƒ«”oáy±Å±œ>ó¿Ýþ@-÷[±Ê·Ï<Õ¿v\bá®åÔO‚ÎÑà[Ðí’L¶^ñ+[òF#67g…IÑ»Pì!óðÛÈš>Yž^óØs;Ç߶òúˆÜ…Õˆñ¦=6ŽULêX0· ƒ÷gyŽŽ\cà/Ü„ÊÂM(©ýLÀÿêM’ô4}&ÁZT¼F ;õˆ“` iˈÝÊÃ7 u€‰:  À¢X+9-B*yN}XüÇ Äóã÷ÛûG=&¥áœ»|[ƒ†§›žI'Ñ*r£FB± -†AöM—Bªkjå»Yå/•gmë¦ÜlfNI†ÌX¯N9 -›‹2¥“Ë,µ"2*•',õ+× m¸¨¶Mîn“>­MTÓ÷Ø.€åt NëÁвÚàDÏ›H[™ßiž3šïôd2‹dœd¼ßV™LK©Oú–Ì;4 }>äkÐ_Û_-•‘ÖFõVYI¯Ñ{"¤›2&ÊR䄬ãÊñ¦un¡ºD*¬Å¹{*I”*‘´”üAÙ¾‘Tp-: ¨µ[?],)f€‘Ÿ•2¯îÀ„ N†dA:².3ž‰ö|ØæßPïeUúêN†Ò„÷•Á=¸˜•ÝSo1jÆÙîcR9¢œì}Õ¸¹ÎNzSHäÓüœ o·Ù5ÃÄö&_r>Û¿‹/k×0ŒdRÎ7‡ŠCÍëº*J¨|ž=”ò.ÍÞ¦Ô] ÔVlLW±QêÀÖâ× ÓO!àrTóiY7mx?Ü`WrˆøÑ)°Üàðƒ.ƒW+W±¦X"$ð›„Ó½ÝóõÃríº©û~*¸°q"³05’<¹“ćüàêê°/\èÁ—u— ò N÷Rß×<¬ÕfDq`âÇD™‘¦çWj›ÛòS4a¤ñtM<~vôv³é¢Ú{Hõ⣛NŸ¨¿¡ñ‡7¯ Q a"KWûrA–kˆ .ex¾TA`N]:8R.û¡wAˆ/éáÁWGhâxA -•h4_¶h½ÌG{Y@XÉc˜ÎÇzøÀ¥/‹!”v v‡Åû>ŠÁ¿cøÒ‘¡Ž¬ ²ƒ§¸ÇÀá[÷B$x©UþÉ/\Ø9 ¬^F^n{ßåf·v·mÎ–Ë „ŒZ²ÐÕ7½)ª«0–[v²> "*¹ðî嵕ØqѼ(l¯P뤭Á6»j"é󠦱œQª¥óµ*Íeí¤9‚zí+?@Ðß‘*h R-·OXÀ ò®TP«8èÕ?6Œú*}ÑØýÌWìõÒâРʑ[«LÝâìO÷4"öI#úúìò}S|“¾âpÙ¸Šj³«ê@ ¬_;˜É)‰Bˆpr>îó+Ã*9ÚbaÆ ²W*ô5¼†á<¾­€eH™`¡Dv‘\(¶è ®î˜_nÿ!Ô \ê ’‚š -F÷õ …sÃë¬ -û÷ÿ‘ Cv¢.\Ž åRð Ðw é€j0½–ÔÕžMGof¯ôPÏ+Å æaWXób-&þ"a‡?œ9IÐûg­yçöõÅÇ»w.ß/™ØIíE(ºïË að÷¾ZŒ·ñèÜqœAÄ5[H%¢D_Q Áýó„}w:àÏúNýéSºxÞGW4m2)Žþ“ØEjpÙ•ìéıo±.ìÄÀ ¦åp'ltËj &^ØÏeE‹i'tϲÂïÉŠ$ÒO|’-Ö…œRkë\p¥"p?Óa¨0ïRÚ ¡¶§Ií¼ïï5Ù–ž_Æfìë³Uµ4‰b™Æ<¬ìø¡"ƒ¯Lm<Æ3Ѻw_ü{°î7qØ›¦êÌ‹(ˆÒò†ùDöÛŽ1Voëÿißendstream +xÚÍÛvÛ6òÝ_¡GzâNpßÜÄIÝÓãteõì¥í%Á·’¨ŠTÜì×ï  )Y²ÒMzºÉI ·¹Ï@bÄá¯9ø*ô(/43\˜ÑluÁGïaìí…ˆ8× ézˆõõäâ«7VŽ +VXiG“ÇÁZŽqçÄh2ÿ1{õÍÍ÷“Ûñåµ4<³ìòÚXž}}wÿš }^½»s÷ö‡ñÍe®³ÉÝ»{oßÜŽoï_Ý^^ ¥„T\â_ïîo éÍÝw·—?O¾½¸tG^Kp…çýõâÇŸùh·ûö‚3U83z‚g¢(ähu¡bF+• Ë‹‡‹¿u FÃÔcdÒ\0!][É”ڜܖ¶à°ml*Ãœ5æ`W¸uδɑôJ2¡ŒêHoòé…VÌ)eF¹)˜URÚ?UËù¬ÜΑ:_½Ñj0!ç¬ +€ˆ“…'œ|¸¨„ój‘Gœu¹òG’93¹‰8?q.ýr~y­¬Ëª†¾Ínúo?k±“gmMÀ×÷Ôˆg¼.‹óüo›rÝTõú +úEž•ëp oÎ +as Š`…12lÙ.Â>ZfÛK—í–;*[•íláãÈÓ¯©Õ.<5ÂmæÔWë÷Ümæeëçû’.˜e8ßßÿC¹¬æ$ˆÝÁ©[?Ò7ì‰áUÙ¡ÄjÙefÈèÏ¥S ˆ ÀŠYgÅïX’fÈÓòhaq­ yN¥Âk¹@«Æ/?A‘Þß1T¶g(ŽC±ˆ‹ãÄ.E†"°c(Â÷VhIâ¹9«×­_·Èp©ñÛU[0):õ¨æ0¯j?¹ŸŒëBíëš1%OhHºvZÕ<¡Šgšç­âù«÷ë:ˆ›Ÿ_‘ + °‡WÞ»õt´ÓdÍ¢Þ‘ú #~uT$…€VÙÐ÷8]„æÌg>‰0ÏpHktO˜=¹Ò˜ó<]ú„<]K†XØtKÑ‘±ý¸ J-²d5VuÓd×øÇÝrßbˆ¬\.ë§h!§3õ:®ô‹ÿHß“©hHœ&ãçTK0o`]q+âQÄYÄ- Ø‹@îáPäŒõk‘NB*›µ—"«©9 Ý`AS€øŠÛR)„¿ÎÝ'0¬ˆMšñD26„}âžÍÆϪÀò0„ê9¿ Ë·ÈH–k¥Ãz9Êrð{Üh0L‚“Z†#®“ FvckV6þ´íµÏ3”½íí†sÎÉy~üo³ÒAX)F(’`/‘˳xÏœ,ÀÅZQ°\‚ÝNæ}Ü)¼²ñ@ˆEúu‰ ÓÓº¹êàêÀKyÆÎY‘Õ¡ÃEW;Ô]lizü@Pæe„üº/Ý æõªLÂÛ22…aàˆ$„J’׺C/`D¶Fí…mHC ²Ó\è€û_V³ªÅMo áÉä6Å*€ÛÇ*€ØÇ*Fõ°Ñm#aå™ß´~¸{{E­û‡+~xwA*ÑØ?&I3B˜\< ËíYbÛªD"B°?ÐLˆH(܈ƒõ\Ï–»y°…8ò“”úæþŸø‰n8¨ÓÝ;$Ј÷Ãfº¶ãɯ¨÷´¨f jÎJäW|ðü%’0ô¦GÍ]tüp LZ‘Ý×-ÞOÀ…÷Ò.Zyl…µa¬l[¿ÚÄá`3à»*çžZhÀmî—¾0º4HfäqçM\°iêYEAHزjq}"Qé`>­¤#-…ìX¸²ð³_’L?ÖÛ‡–f!"­š–¸½ýF½.°¨t\7Dü`Ì@ë8æ3LZEJ‰NœCâ_H¼ª¥ï§¦c…©Š3›‹n*qr/‰{!òØ7õn;ó©gœG” ÒØø;1 Ï\Ó÷‡&Nwµ:b88F Ì“–Ê7€üÌÚ˜b8›-‰Æï=én‘Mëm€ÔO!0.{¤þŠÆÇo^’K™ûf¶­¦¤´.zkÀ…˜2©¯£€%uéâ¸ò,b B Ô¤ñ9NŒÙÐ$ ñ‹†{‹.|*ʪ8aºy Að¨±'(&lvS°beÒ '†/]éÊR;PÅm¹$øÚ?ÑãqÜjQ~ˆËO}:E Ѽ1G¿«ÕféW€œä»wæ‘íC²N’,t&™\QS§Éh°ü¼—õ=9Q ¢"V,‚¼v{\4Ï +Û Z×ùlÇXçC44VF”zî‘7ÙÝã"Z öèoiÁÀ#žLОH´ZƒiX•IÞ¥LfƒùÇÆ4b£ýûx)„ÈØ1A›,bØK›C#l®Å±Í5nêEÄ>YÄ0BŸM¹m«Ùu2ôS"žbvpõjS7i´ãafÙF\BL±€’“ãqÔ2¿%ÿ@$,¢ðBƒØFš*x¢uA‡€ïºŽ€Ò¬ÀLðPD~‘¼Ÿ ‹léå·Ž Gp£¤ ¥‚ÑmsEù\¢ðr«ÓùÛÅaúAâŒäD[ÊÉøHž wIƒô X:X5¹^ÈKšz]Ç`æj·l«Í2N´’‘&€ hUµ¤±Ð%„‡Û´ÕªúO”‚€¹Û" ›¸Y‡é+Q﯎q,Ùý½`/zó>ìŠOï|¹Fd"'µ§Q¥Ûm•, 2qÛ´Œ¸ñàýa¢Y$6\€A4íB‘†·ïGÔãé„=œð<ž~¾.Þ÷ÁÏÚ®šd¢@Æÿ,y +bv©÷Îô¼6™°ÎœDÃ`¦ÅþI¢ÓÙÛVpñÜ|*):üsx¶îIRèÃ3ž3…ùÄ‹¤è°Îœäùjx’˜)h€AøéöS…IrMÁB­©’4 tÊa¼“ÌdçXqYtc=¼bW€“®À\åOK,ºùéÉršq²ª(óœÁ¿骊Òqæ,$³Á?­“NÇ*‡K…Ác©^¬ÅöU—½˜b_*R½à±Þ­_(ÖÏûy4è R±âÅ7‹gK¦§ÉjS6?GUHÇ î¨tB•2«±Ü·&W!„ÍÄ2£°×Ó +½šTXßùT--#°Ï$›¾Fb®«±ª4”œÜuP3§Èí¹CÕÙOk^àUO„Ï£kÏ*ƒQå¿gÉ4ã4«¸aFÛ³ !Ø,\Ìl&ßaÑ´ˆr¬8ÄóÕÊ_·õõ² +!8aO‘>lj$&FÐê«È"L#d/"PHwŽ„>pUœdAj!šöÔ¤À뵓 +ôÃÆ …Ãî¢~ÂÏ–u„lˆQi‘´îšÇËaÛyŠ7ë¡É©Ré*Ö܇1ɼjÒC‘I¢²òyò÷‡ZH¬˜UöŒD‹"g"ÏÉúÌ–&€L+­Éü(He×Éö¨íQ½íQ*Ù@8ȱ” +r Š»ë¶žÕKB},W(o'…8ÕU ½nËu2;.}¸ìiŽ Hñ¥l!è/Ê0“³\š³Ë“6'4~Mo÷øß –ÒÓ‘æöHj¨¹Á‡T1Ï©"Â(Y¤YHaü¶‹Á¡µCÁ` ë$©6rÂm¬ï¦šszT„M™3ZËÏùè,e?õG[ý× ìQÎÉÕ—d×@‚p­P6ÏŠ Ê1ãd‡58ú¹ÁcLendstream endobj -1102 0 obj << -/Type /Page -/Contents 1103 0 R -/Resources 1101 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 1084 0 R -/Annots [ 1109 0 R 1110 0 R ] ->> endobj 1109 0 obj << +/Type /Page +/Contents 1110 0 R +/Resources 1108 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1067 0 R +/Annots [ 1114 0 R 1115 0 R ] +>> endobj +1114 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [341.1654 116.9088 414.8187 128.9684] +/Rect [341.1654 318.5226 414.8187 330.5822] /Subtype /Link /A << /S /GoTo /D (the_sortlist_statement) >> >> endobj -1110 0 obj << +1115 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [434.6742 116.9088 508.3275 128.9684] +/Rect [434.6742 318.5226 508.3275 330.5822] /Subtype /Link /A << /S /GoTo /D (rrset_ordering) >> >> endobj -1104 0 obj << -/D [1102 0 R /XYZ 85.0394 794.5015 null] ->> endobj -1105 0 obj << -/D [1102 0 R /XYZ 85.0394 626.5613 null] ->> endobj -1106 0 obj << -/D [1102 0 R /XYZ 85.0394 614.6062 null] +1111 0 obj << +/D [1109 0 R /XYZ 85.0394 794.5015 null] >> endobj 462 0 obj << -/D [1102 0 R /XYZ 85.0394 327.2191 null] ->> endobj -1107 0 obj << -/D [1102 0 R /XYZ 85.0394 295.1135 null] ->> endobj -466 0 obj << -/D [1102 0 R /XYZ 85.0394 295.1135 null] ->> endobj -643 0 obj << -/D [1102 0 R /XYZ 85.0394 265.2577 null] ->> endobj -470 0 obj << -/D [1102 0 R /XYZ 85.0394 208.5998 null] ->> endobj -1108 0 obj << -/D [1102 0 R /XYZ 85.0394 186.2886 null] ->> endobj -1111 0 obj << -/D [1102 0 R /XYZ 85.0394 99.9723 null] +/D [1109 0 R /XYZ 85.0394 528.8329 null] >> endobj 1112 0 obj << -/D [1102 0 R /XYZ 85.0394 88.0171 null] +/D [1109 0 R /XYZ 85.0394 496.7273 null] >> endobj -1101 0 obj << -/Font << /F62 634 0 R /F43 600 0 R /F77 703 0 R /F57 624 0 R /F42 597 0 R >> +466 0 obj << +/D [1109 0 R /XYZ 85.0394 496.7273 null] +>> endobj +643 0 obj << +/D [1109 0 R /XYZ 85.0394 466.8716 null] +>> endobj +470 0 obj << +/D [1109 0 R /XYZ 85.0394 410.2137 null] +>> endobj +1113 0 obj << +/D [1109 0 R /XYZ 85.0394 387.9025 null] +>> endobj +1116 0 obj << +/D [1109 0 R /XYZ 85.0394 301.5861 null] +>> endobj +1117 0 obj << +/D [1109 0 R /XYZ 85.0394 289.631 null] +>> endobj +1118 0 obj << +/D [1109 0 R /XYZ 85.0394 109.5064 null] +>> endobj +1119 0 obj << +/D [1109 0 R /XYZ 85.0394 97.5513 null] +>> endobj +1108 0 obj << +/Font << /F62 634 0 R /F57 624 0 R /F43 600 0 R /F77 703 0 R /F42 597 0 R /F56 618 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1115 0 obj << -/Length 3081 +1122 0 obj << +/Length 2987 /Filter /FlateDecode >> stream -xÚÍ[_sÛ6÷§Ð#=S±øðÞ\ÇNݦŽOVgr×öé˜YÔ‰´Ü§¿],HQ¶I&µ2çvZ v»¿]À|Âà_>Ñ&6‰H&6Q±f\O·lòúÞð0fÚ švGý4?øñÔˆI'F˜Éüº3—‹™s|2ÏþˆL,ãC˜Eÿ~~r8šE§gï Æ¥Ò":þùèb~2£†þtvþ†( ÇïÏOÏÞþ>;:´*šŸ½?'òìäôdvr~|rø×ü—ƒ“y»äî¶8“¸Þÿüñ›d°»_X,§'Ð`1O1¹=PZÆZIÙP–—ÿl'ìôúOŸc“b<æBËÉTªØÁïÍÏJåbËlÏϲɔó8Ñz`.úŽÁ\¡Ú|±;Õ”³$æð?£²±±–·bT²#FÎu¬œXÍca¤õb,Vù†˜¾Jos¨¹ÄFõMN´¬¼M‹ÕN?Ônàî¢ÐlGÏ‚¸‹ŠÊëòn•Åe¨´O`!後Èl ª9™ -'ƒŠñdÊæ‹~®ÂkŒáªLp Úsµþ²–et”÷¤PQ¾Z”YžaCGÜñª¨©rŸ.ïrê«oÒ@¬Öù¢ø“1‘WDðŒöcüüH*¯u‘`¦Èô‰“Ä­V×pmUyçÇ,‚ÐèƒEéË!iuØð2Ön¥ -à³ß0eóE¯´ŒÕq¢ÌØ€~ƒ82Ÿ¿aé$h2,-ª‹[_K¢º$ʲ¸}žåØÓ žÍbªÌoPó±ÏKm™™ˆ.J©O -j’ð±Uçñb/œ¶^ÑÝ­Š–´~XV ¹UVý-Å@Ù2"aØzSܦ›bù…šwU\ -I¿*—÷ù&|§›ÖÐ)²ø°_üÈðh‘.ü‘‡êlVá敀͒g'V²¼ZlŠ+Ô^lÞ”XaѲ\}$RÚLÒÌ»¢ÊU¾»Ú¾ÿÙŒ´ö*¿.»6y‰euSÞ-Û1ÁˆÕ"%õμ«9/ÓÆïjŽŒ1“zÄccm-™£Å2­@F*EöHÊŽ=’ŠìI%¡ÒØ#‰–åUS£ÈòU½µI02¥bíù[Öå¢\ÒÐëôõ®W™ËàvŠUU§«Æy½†2¥¢;í€ä:,Ù—i¢j¯’q„‘œ’1H˜4{CÈÿwt8U‰ ¦^1Ӟݭ=WLGYZ§p$­ut$‘gåEˆ_!‡±¬o: ­†ïòîk2ÍШ x“Ûeðø^Óà#NcãÁÂëpe_ÂÛ‚¹¿Ó^î¸(î”ÈÆÌî¢Ê'èRXr—ÀWÃXl”ëÑúj'bp_†\W½®Ëå²|(¼aÅãl#0ýÇS»Æá’¬¼*Úù1à°Ü„QÍ¡«Pd Ô«þñX¤­¦k4>fú? €}—ã«ñ`*!†¯Ö0dˆ|ƒk¬2ÞF‚‡¼)+4£ -Œf–…ËÞS;­h -rvN¢À½KƒGÖC  RIÖ -)¦dº¡ëìâ™ßÀókÕ3ç÷MðÑYcŒƒxO©Ñýg·Ë’}Ýrì1.Ò’ÇÆÅEv*lˆ‹Žà0Š#CïM8U;b“œ³Ï93À¾ÎºöÁ&œÑú¦l¾èeŸJ`Zƒaöd%ÐpÌPý~æñ—½ÛHW]ÈÆ[÷Ÿnê"]>™€yçÍÝ5v¡«ù¼u?‡qºUÿ (VYb º(ñjA¨_7Ç*üb­üJ˜ºÖVSË Ý vV\=ö>ƒ´ õäÝÝ+‰IPñL‚2„×>l8ù¼Îë:K—ÔÕM]„¯I7¡"ð£W7»B™"}WL¥,ðó£ ÿÅJKRÍÓË7?ÁÑ#‘EJBN“›sG‘ÑUZåD®ò IÀ]Åíc†#iËðe{l 8Àª~!tv÷Ší«Ÿ—豘[Lµ‰`_/ HÔ`k¶£ýDYU îc=ïØ`SúÌ°äbˆËåïË ‡ìž‚ɃÚ0—5µ ßñÉì"ú¹eVíÄWYñ±¨»È7ÛÁ¡ÈG0»a®ÐÒ 0·³êWœäSBÅ,a#>NÉ$6R!9>?úí™JÅÅéCRÔ&h¶ËU±ðL†fÈ¢BÍ›éÍ:´\§Þ5&f‡í6!¶C‰ -Ýk[†¡Zwƒ¯8}'­‰…IÆ”J+‚ bÐNE³|½L^˜Å%õR€z›È†zÔ¶ÖŒE}C5Z}ãSã;_0èúe™ð*å'ŸYIdt·þÁûš(÷åAÆ}Žù8éEîƒ6ßZÑ7¨J-ÄzuwUS;§\$.ží^™lVÎ0›œú$ 7iØÃlB†¦a¬gÙ ÜÉ SZQýBHG ažò™´]=¶×áàPSe H cE¿rwµf_©»ï`ÁÁTDVvX¹%DÏ ãddÞ^¼0¢àµËîuÀC?.˫ƈ¯Ëª@Hì÷åÝã¦Ê³6uú…Êwï8ÚYê+6ÛR±X15’R“:dv‘£?ŸŸ¾GÀæÄc³-œBDÇ¿S…‚¨  pHH¢Ås‡Pñ½ÇÞ»ê =^¡ì±ßü+ìww§ûÍqîW ÜÄ*Q#PPÊ°Å}Ÿ]¾9,Èts`… / sn< ¤áFtcŽŽS$Oâ $í–w7ùŠóÍ"嘹a>ÿJ€ñד!,Q×á~ÅK€ÑE뻫e± ú'•´ªÊE 1£vð¢ÚÑW_RÝQL÷G,B‘î~_ñÆÅÆÊ›%œŠ¦áׇSÃ!Xzd° Ù(HPÉ?/À£ûëDl^—¡B¹C¬‘0Œh…¡vñ¦Í%ä³fj+ !Ù€0:»ÜoèºW—,´‰-¸‚aø ¦È^ß„3¢Í5wXxXÚÜûÛ‹ËÄ\—_'´¦á‚ËnX/‡;KÅÙC!Xì´±B—Aªçðo î:áüÉu#§ëFÀ]R­Ñwjy‰`…ònR0ûdCó5]wòæºS4)‡kÊìMû•?÷•˜‹onHõ™¼eùàoð Ý¢!ù*¯ë|Cù;¤Ó  …ØGÑBnLm |Þ3€ºÅ}Ĭ5\øJuK¬úá›ý]!î+ø=N3ø2—X=¢k\@©H¢çGó^vÊî §ô®¾#]i@5¾ÑØà-ì7äE®§<àjg¹ûM<í5½ÇðYŒ9,Æb-bêåÑðÔ:Ó$šVyýPn>s™oî‹æÆ?],¶©?äs‡³O¬¦e·+Ýeï7„Ù+JãVq@ܹX[éw ˜&Çd’V]ÓÚ¿RBR“gòÜÞÝ{D`Yƒ’í×­‰”0çNæ‰õ ±‹†mGgƒûM<™}&žÞâ#JÎ!,6FX>ÿ0÷@@†Pû·\TȺ<9¦:^&i–à[-zªáó?4:+0ÙJýôòOûeUIcçÐVxÄ© 8%±«s"%¥“»)ÑD;Šû·g›{L =+Ã,eM•üsQÕç{Æ%ý·\ù{.Cá2V¶{ÃÖ½j„>öÂ’ž@Õ¶¯<½ý|ºŸšJ¿¨és™¯ƒ5Ðö+|ápLÑU‹ý> -Û¯a&‰º9„­N 2"Þëi#Šu4>ŽPIIe›EÓ€·±Dö È-xÙ¦WqX_,¥A £Ž|Ú¯À/yƒÐÙú+ú¬…Ù†ø5‘‚ÞŽ\`ȺÙ<»,Œ^ÒY€}ë5hzhÌ|Ès…éÏ€ê„ -¥¯€ò!VŒÚnâ¤íŽn²$-¿bÁh ¬gcoò’˜ âß /áÃ;|VG*Å¢¦„ø­*W5£×@(®|^]5>X5)\Å:>˜5wËçåÙûÏÞã3˜Ëêìÿe,íŠ-Dý°R3eåsKÁ&£øôkÿrcû×+`p¥ë áÃó:‰ñÌþxE=ùÃÎb!h‡uÿ?³Y¦tendstream +xÚÍ[_sÛ8ϧð£2ÓpÅÿä½eÓ¤›Ým’³½w½ÛÝÅVM]Ëg)I{Ÿþ‚²e'–²w&Ó™„(™@àáƒþñ6ÌxáÖ+¦S®“/éàž}8àqÌQ3è¨=êÇñÁgF <óF˜Áø¦õ-ÇRçø`<ý=1L²CøBšüûòâôðHè49;ÿ(.•ÉÉOÇWãÓ!=0qèçï‰ã©9¹¼8;ÿðÛðøЪd|~yAìáéÙéðôâäôðÏñϧãÕ”ÛËâ©Äùþçà÷?ÓÁV÷óAʤwzð”qïÅàËÒ’i%eÙŒþ¾ú`ëixõ91©”3.´Á¤ÙìüYú‰~6’R3g´ÞúÕ#žzÆá?½ŒK-W¢W²%zÎ5SάöÌH!ƒèÍ!ÌD™äüêÁÀ²étyÈ]’WˆZržŒïŠŠžM²9×9¶<ɨ»È–u‘Íž|€ý‘ê4¬îoðÑi*¾›Ç7æÓø¹9ji`óZ X'§Z̧}wR%ÌC‚iÔelïr"æÙ—H=Þå4»|="έ¦^y³õÙ#gOqbéæ”4²½% ˆ $hoÊûùe™úäôë"__òyÍ"ë}^M–Åu>¥ÑE|{xvB„p mëUÚ2Å=¨³¥ô×’TŽIØ”ƒ#!™ïÜO>Ù¼±Û6SÇ„Ð=¦ Ÿ±Æ82ͳÑû”pi2+')]8t&œÁĘfuvU9±«|ù/Ñx·ÛGÖZàƽGPœ;Ù¡„õê^'°µšÙ¼ü“Í;u`¼aÂx×­ã=sÚ(RÂÕ¯ànµäÛ»:Ý0~âÌŠª.#}bæÀj¤~È“)"dÉE‡ÛÓH¶¥Ì÷*e§˜äÊöHÙYæSN^ø‚›´ÉÌÓCh»+gÓ(äè6§ÅmQ7þu’ƒ³E±ÃžÈ·„»-Yv#\ˆ:®C¸­YïK¸dãjŸnĘ”©Tõ„8c5óʺ8¹8þPBå“b +d—£€­#¿/¬G¯]΋I2t)Ž ¼ Œ ^úÙ¬ÈBdôfCìð¨ˆCРwºXŸîÐCkûr%Ê2'Ró>IoØ=pÁ´“}F®ƒÕ’?õ J†ùb–M‚¼Mj°Ò  §å—,ˆè¨ ªE>!µM‰ñXÔwDÚjŒô[o0Ø©ŒËÒ ˆ*ågü ô2¹_¼ ±&É@¹AñϾÑÈ ób~{szmi1€_Ý_×ÔÏi@žÀÅ3ðaµÖT63O¬$CÌe—ìú.‹C³8æ3k.*C;¥çYEÏèT´t`L0RnL‡6J0tp45i,8’!#b—£YycE‡u·Ìæu¦ø}eš2#\Z1©b‚Gá}¸º0¢àµÑÊX«-ÞÎÊëÆ‹/ʪ@Høè~‘qYåÓF¶×ߨýõò¤C¢­©î×oïþik˜åNtKT{Á„ö>Hô§ó‹³KlNlûmá¼^ýF%@ "pÈ}•GN$¡æ®$œ’nš3< æ í+x{¥ûràß!Âb˜KmÔ¦˜$¬û|ôrjjýMD€¢¼ˆÎ]7- 0¢sŒœÂ?ɃµXÞ^ä~u±ßÍ!sÞö¸­SM‚ ~9ýâru]Fá¢D,!F—,î¯gÅ„èÏù7"²ª*' Æ)õcÅ'ôòû‹õ1ᑪ[-üyµÖìÚ"­õ¾eµ€÷Îöù,‘2Xù¬_>4‚liËaò=Ð.€È¿N ¢ß†ðÝ›25[€"e±R†Úœ&ø«{e­ !Óe´Vù†sWå%@É]€§b†;rW6a‹(sA¶šöJ@qØùp5j0ÌMÙ“F­Ü³¦áBÄ^ù°]nÍ|_º)àì±vˆÓåÆôø À7ÌIµ`ìÚómc—©Fc—©IÞΈj¬zA!8ŽªnÀ!(Œõk“câqst]ÔDÇPsC%½£ÝVŸÏ <Ûä!›ÝGKx³ò‘ ´Mƒö:¯ë| wп)g8jŸ~£6âf`Q XÁ.zR“Ðr¼ÐмUï¶m¯v´õ·¯2à÷ØÆJfæ=ù»‚)Xoɧ^_‡`©LÁcaä¾¾ƒÍ\kÐt1]béÿ/TD<ׇG<éjkºû-9íWªRn6¼GªÒ0§„%©ŽŽ¯p·9ÓÔ˜æyýX.?GO™/ŠI#ëÉd]õCAï1ˆö‰Ã´©éokÞo8yQ@I¥{°²Š9ˆQ¼LS_2~e°ÖˆÕÔ˜‚¸AxÁAA7‚¿~{å%|s£ê”¾ ôxÖ +÷[u²û¬:IÃké>;‡”Ø[K¸ø4(@ÆtP§.øl`NOˆÆƒ$zÐÄäžb Ö~hô´ÀJ+=¯ï²šøÃaE¡h|Øu|U>ÎQ½ +SÒ»Šù&r2j°²›O¬FA|E×ö€…äOËø•²&"ÿZTõö÷ž Fÿ-çáŒËPªŒÄzmØ{ kCj8¤¶þ¶!óŠõaÚ*cæG ŠèáÓÔ†I=WõZ°Ö¾ vçm³ØWUé;¸)- SÕãF¤–Œkä(«ù´‘> *cWq.tÂá§i•@Ñ9àQ,±CõÑDƒDSoÄañœÔXª7‚ ¦ùÑî,¯w:˜öÚßpÊ'¹d6U=(X +Ï„2dÎW˜ò}Æ=Q>ÆXé, ¿Å¬=öm>æy8ÂtQlÀuB‡ÊWÀùÄÀEÞfád§oéÝ>ÜtTIÚ‹~Ã+ȱªçY“Rt^݈â-¿4E*•&M 9\UÎ+êDY/€Q\‡Òºjb±jª¸@¬cqÚ/w$$ÏžîÜD嬶ö¥¨ïJÂf`^8Ó­(á8SþHQñøÓàa?í£û:?ªï"}‹e*ðZ×°Bü0MZ&fU˜C4åIMÏ0Zb¢eœü +Ьˆ8 ‚ón ®¯@pWü;œ¨1z«€¶jžÎ>¹Šà¬[9Ü­ù*+i‰ÿ _Á¢T + é±HÀ¢ŒÎ?@,tÞ‡tþ!TUÜγ:Â5dP*o`[NÊ9"© +{.Ü! +Q8+&T5 bö7k¸;t|éX'tiKá ÇEYO{‹œå)¿]#î–úÉ™»nÎÜMRÕ¬ NÙ)…†°êƃUÂÏ9I¾Û:W§¬yÍñMk¥o8r'`¤íq±0‚Yé©Z7jüá¤Q›Q‚˜³kð¸HBÏfÄüHù‡3À€ë‚9:?†¯Lf*˜Æmü¦éô‘n\oŠ6QÆkjÜ[6nÓ¦æ®]Þ/©;¯gñÔá!›[&²ºëño»þäܲ’’?÷é ÷JêKÿaý7Ê2év]¾‰Ú’«Y…?É0OæÎ!\H#ž›üÿ?ÚpÌendstream endobj -1114 0 obj << +1121 0 obj << /Type /Page -/Contents 1115 0 R -/Resources 1113 0 R +/Contents 1122 0 R +/Resources 1120 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1084 0 R +/Parent 1067 0 R >> endobj -1116 0 obj << -/D [1114 0 R /XYZ 56.6929 794.5015 null] +1123 0 obj << +/D [1121 0 R /XYZ 56.6929 794.5015 null] >> endobj -1117 0 obj << -/D [1114 0 R /XYZ 56.6929 579.9063 null] +1124 0 obj << +/D [1121 0 R /XYZ 56.6929 75.7394 null] >> endobj -1118 0 obj << -/D [1114 0 R /XYZ 56.6929 567.9511 null] ->> endobj -1113 0 obj << +1120 0 obj << /Font << /F62 634 0 R /F43 600 0 R /F56 618 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1121 0 obj << -/Length 3408 +1127 0 obj << +/Length 3270 /Filter /FlateDecode >> stream -xÚÍZYsã6~÷¯Ð[èªCݧɌqOÖÖnR›ä"a‰ŠTDÊç×o7ºAQ2eÍî8µ)W™@ãjöù5(1 àOLí* 'qú:z’¯Î‚Éƾ>ÕQà}uuý–()=Þ¼¿¾¼úúŸ7¯ÏãЛ]½¿&òÍÅåÅÍÅõ›‹ó©P¡–°â-þýþú‚&]^}wqþë웳‹YÏòðµD ßßÏ~þ5˜ðvßœ¾J=y€Nà‹4•“ÕY¨•¯C¥¥:»=ûG¿á`Ô.S_H­&ÓHú*Ù=–ŽàXn*í'‘Ö§Â[Ç~¨c½’¾PZõ¢Õ@ô"T~¢”žÄ:õ#%••ý͹Š½Ù9°“Þæ\$^³íÌ´[r{± F‰7/뢬Ô¹k6ÔX6m×b3õºå¹ð²Ž:ECãuÓñÄìÞP«[šrC³š‡•2‰C?Õ_E`CZÆŠÒr`rØ!T©÷P†Z dÐ ¯6ÝC³ùÀCEAƒmkZ°‚$Ž½‹k³)W¦î²Ê’ï­™Úƒƒý#Û|SÎMA&SÖl_—o¨!D†u`D!XQŒjÊþóô©ÂÄWà“©T~ú¬e>ÙÒ­8n"AâK©OYìo•X©Ü^} ©÷K ƒ_¤ ÛrQgÝ–$`BAìå ˆ¹¬[ì%^‘uµ²-è½îÊ<ëPÀHBã¨Ñšœ÷¡®(MýDG!©ëýkPW¨´ÿ%¤A5‰ZÆ‘×vÙ¦#ZsG¤Œ4µ9Õ5›²{<Bx }•D{Ò‡9VúðDéèŽÂ<¼ê3¾ë˪$|Q•Dá©ÅÚOÈ^üöæ\kï_˜”¢dás•ueBS èl!›‘÷`ªŠˆjŒŽ–ØG8¤·fs_æ¨PB$—YWR:ÎßÞ¢—~ªóĉ|FU¼”ªœ¡|ú–î펫 -6ÃTžR•–4»ÙO3T“^g>v$ ÎC}˜V”8-ÂÖ>àíóÞ÷ϵv `NÁæ'D€æ‚ÈYˆPÆjßÒµRÎÒ±ù°,ó%7­Ñc‹›½ÑcÇý«ãöÝnq;|ÖÒóöûÙçB¦Þ+êwËŒšÑ£hV™S[»]¯›Mç”û®l;ˆy9"†£*È毜C‚Àpw*åG"òE(üIjLù:fÛ_3¨B EÚ ehD(µ÷“Ó‘²Ãb@~‚ÅTx€ÅŽgyó9PløÆ/¥˜¤?U#àš8ˆj„ÿm•cDD©¯”Ä~ï×Oj D~"Óx2Õ±ò…Gtï - ­µ/ES´d|×TUó€äü奎+#¨˜Ò$„ãpI^e¨bš·w‚L}©€šgEOÛ†À^nF£,{*ãAÛtHݺ«‰tŸUå‘tî*þíÐFz·Ð±´Žÿ_T/˜ñ´L ” NùºVÂ’˜ÀÉÔÑ‘ÒÑNóWug6àÊÇ=lxÎKe¯0£ þøçVG˜¾ŒÓSÙK‹Ô•Hù."_š(¼”x R€ì¡……Ça$½ï^_cCy›®É›Š(9—¥¶ÀA¦\óýÕŒh¢ø´&ŠUYLGA‘ÆMH°Ç {‚5ü(ö¶­ ŽÐâZ<öJªÄcoÙ'/꯷›uÓLƒ±ôæÛŽÈ´áþF{E1ÙÞÃ|aá&®-«nZZ\JYÙlhäÔJ[G@¾ž†òŒ¿ð_q‰‡áA@xŠSG`³ÖS^˜öƒ{2Ákˆ±@ÃЇ6:n¸C‹ø<+Û®+ã_ð"' C?'‹Œ0ÉA’y¨ ’xì½3 ŵ„^f ³d_?H`HEÂÜ›ªYS5—xóGz‚á~ÑRó2÷ßð:æ¨Á¾Æ?ÃË7™xWXÒH° ´©Øb‘Ò5Di—}x·÷LHöhÇî³MÙly§ö±ŽYjgVœ6ðÞažµÖ Ý‚CàfãF|Õµv„õ¦ÄèrPͦmèÉ&:n`ͽÔ5Ð_{H “Ÿ†=B”q¢Òç±pã';à¡d€·‚6ª@³ÎVL$+‚Á»ÎÔLZ­«2/1@+•x› ¬×ÔçIhRöÚ;ŽˆÚ]l0s•Õc‰Ä7úÅH´¤DÛs7uVÙ ƒÈµ:rCólDê2k—DiaBâmswéÖöðú%/œ¼ÎróSÅ& Ä|I̼¹áMà­aË;êÔMaÁ:Ø°ÕȈ›X:Ñ}p(`/|J+Ê–H;äbxõц˜½4Y£tkËp¨Rr{6ûŽîq—¸¼ä“ò¦n!ã*¤> &dXV{n/²GS0®dóÊŒ)‘ì™»yKßðßkæg¯¨ÄWëÚ Zã ¬C¿ýØ8 ž’*F1Wù={±Ÿ¢Kíü¸Y™Œ4¡øÒ‰dÂ@éÅÞVu¬;áÕÏ.W<½*WeGDÊä`…Í5t -e¤ Þ±Ÿg¿‚L8:w“tïX•KVƒðÖ †&ÇûdEF»¤¡e dƒ]Îô–²ªÐ‡[¼v·ÌÕr’†»=²â¸„A«RŽ¸tï j=`¬äÜ»ÛF9¹ º(k@³­eMz?.ËqGiAøè‰@®[jY“ÀÆÜГfBjÃ'2¼*ÿ0nAŽò³¸%u‹»M 5…/Ë9¡ß'ûp`¬)(»ÒðLë‘ðtõΘ®ÍÆ¢’:g”Òn Ó2,!淪iyšPË“—ͶbÔ3çaB7Ò%éqÅK¹Kr’ ‰GÞ…ô8\‘’à=vðœÅ\‘wÅk3z@´¯£*#‡•)s…òîÀ`×X¼`n wXÊ–'‹H¦Å6'd—"p"^Syƒm˜™Á`:°ì•uÊóG"Û goRåØ«Ø}_`5D¢î^Àf­»OšgùžÆ®t‘•ms].lŸ\†ìÇp:üx|–QÀ.…-›z#—°—TˆÔÂ&qÎÀy6WG°g›MI…cÚˆ®5q¬YÍÑqyÑï‚ÔÍ#Ó¡`ÝšwêoDa"‰Öó‰þ¢`xj§\Úplü};¸µÙöšpp?"®BÝØÞ×NCÈÎ!ûã÷=>—†Ã_óJù È\ð×—çSH¿i™ÝÖËÞzcÚ–„7HÛ¨‚§u'l.ÉŠHÓÇt«§TD'w¨öíSJM8¡WL*&L%:kI]åLÇ'X¾R¹…קùÛ ôåÀÁžTìóµm·ŒE3iÙñºe¹XÒ]Dê»j,¨ÃüCn| ^GP¨ ~ÉôŒŒYã ¿Q°?ৃIŽ€ŸØ ‘‚6-a_J2ç_#°îËâðPºDŽíšðÕ˜}cô xw•á&D©*ÛPǯ þKmH³`ž« ¢ÏGàeùÂÎCÆ Ì6‡ë†¹ ?J`yp‡2Kø¡´Ä»Ù¤O0@ïQdåC ÊvLTkcØ”Ú[5˜Ñ$M,Ò¥Àϯ©iýBîp¢HeˆT•µÃÐHˆŒ~;ÈkYo]H‚e8µ¥æà P[®7¯øØmK2wõ‹‰¶}.âªþë64)ö)g&ÊžŒ-é-,¶£\{Ž®´Å 6®x$£}ÜŽ -òâÂþôÛe·LƒÁ*«? x@9œŽœ\ò€ø¶ˆFÇ c㪅ƒ Ø’/ Bë®ByR°·ßÓÕ -E9þ@ürKM§«ÃÈÎ¥8çØj[¸ NX_ádE6/«Ýïö4Gµÿå.½¢o“‘Cƒ„Nq,ÅÏãD¯J‹À†S¥¼b•‘8ßÆ=¤Ùz’÷¼;XIE>4Þì&õ q3jm[s°pU›US—ù¨ý¾îsô¼¹·Î¹h9}ZÏ8÷Ú -2Ôñ]ÓË}ˆˆ7lqm‡ï - -˜÷wÁÄNoˆœÝ7¥ã -Âb‹ªÙÃ'àl-Ch4Qõ·»ßw†±¯’äÈ*úë?fÊ".}ȹV‰¯°þœ|Sendstream +xÚÍZ_sÛ6÷§ÐÛÉ3Jü‡»'7±[wZ'ç¸wkû‰´Ä†"U‘´ê|úîb%SqrÉÍu/_ß\]óãíÅyNï®_ßùöòêòöòæååùLê0RÀ@3‹ÿ¼¾¹¤NW×ß_žÿz÷ÝÙå]/òpY2Ð(ïïg?ÿL2XÝwgÐ&&;¨B£&ë³0Ò" +µö”òìíÙ?{†ƒV7tLMa …T‘žÌt(Òx|Ä´:LE$GÓþw£¼$Ád&¥0Qô h\¼¸èG²½'"Œ4~˜ˆ8IdoüPŒ/C-R­£II¡b8ë_ƒ!cÅÓ»UNÖº®Ú|[å­86Y6Kbp¨á<Ÿ';jIƒ'‚i‘ª ù–~ÄIuÄƈ4ŠÃçÔ¡ Êñfç5©Æ]ñú-háÔe<µç³0VÓï/n° §›í¹L§u[/ê’( GÉm›gD°-ùáúŽEEß5…u‘ÍPÉ PÔŽÜ;Š"M4°—4ð¸µÄ½|ÅÉ´kp,Ý×[*mC…UÑ´õ¶XØ’ê›n»©›¢5w-‘‰á!#”¥wMŠþœµ[”í —¡=mòíC¾¥–¢‚ákÛuE„÷u•70eèi.–âòþê*JPR û¦Ä™€YãÛMf}ãNæE•§[*-Œ <£ÓŽ;ôˆÏó²½ãê"I}K?â´ãÆ°˜g76R„i’ºEûö±;~›ƒ3´vNm…VOíƒ4^±È©’åyYoœ'@uþH_p\´<ß»ÿ–/Ú1‡%W¹Ç®,F•N¯ÁÍ´Ï@ßQš=)mM”fÅNÍ\Úí¼î˜ÉƒÝuÇœšÇfvè©äm¾n(‚e¶µsÛ8ÄzÓ-VT²Ü¤ÙúÖ%­­ÛxÂf[`䮶ʘKM_vÑqXîó¼aï`û|öÿÈT2†è˜(H™*Ar˜XŸ$XÄ°]L>¬cI}‡}öe*¢T’]Ò +4¼«\`be×L$G‚Æû6¯˜´Þ”Å¢À­u:ÝZp@×®,wB¯*ª%U< ¼Üb„ÄÚÆn[ÏÜçYoo®jæœÿaaÚœç\ÛêqÌInÜ‚&Ñ™ÒÈÍ»­léâ84¢pTji/äÔÏu ®l³"JÒi·h;êØô xüŠ‡fÞØ… ûF³q±²À±çí-3UË{ªTu–cÚ eè,2²8’` ŒœbU(~•SeC¤~wc…ăÂ/A þp‘z¯r›¡Å¨! +ÚÇ8„tZÚ¦áòÝÝ÷Ð*©ßnU¸ÝRlAÒ¢®HzyÕR”@Ñ^<Ï‹âQ -v^æc¹ü÷< +wûŠ°/þ»`y"çi}§@µ§2šªòbÑF…Ï{·î§¡ñU1'ü„FÉ–²eÑ9÷t;¾þÈ3¶¶M¾uÀ¤Z0Piºå2o™Ðî§RÞpt¡†;¯ê®dà3çf8Ê'…Ñ^" +Ûrõž¾™}d.dÇሔ„𱲪›ÖÁ®xzÍc-} ÚWËÑØFV– +õÝ‚Ãnðü‚¹-Lýd†= +O‘N³nAàÎ v"Y ã¼fÐh€µ¢êCùâ‘HY·åìM¦±ñ}q׌R ¸²íÉ1ÆÚÅ;îƨ®ð‘ír”lÙåž\–õ®Ì} §Éâs²Ï*xKaÉ¥ÞاC $"5² §Çœ3°ŸËÕ1,$,ìv[ÐÙa-~¹­^Ïqã2ÙsAêö‘§iQ±~`Åœ²zm½ˆ$1¦ñþ® ïTó˜¹Oý¨9ªüÞA~v¸‡ðwvˆÈQ*ÜÔ¼±|hš÷Þ®G¶xuóVðépxëÂk8LJ¾ïÂ*)ÔùLAš—R¨k;w^Žàm¶yÓòiMðôè ̆-9æd'£*€ +•7œ$@nõ†Rvè c”Ç„Fq«÷ƒèjñ.oy'—QûVX>õ^Nà^<ì1òP®®é‹žÒ‰1â«b¹¢ë3…í +¨1£ +˹qG[hx#A¡‚êÓ-}³&A©€Ôš¿&•ØûÄ݉$´iï%ã‘yC5VÂC‘Oz{õ’FÊ@‡/Æ‚#FÏ‚wûXæ\„(UÚ-U\ð +úàøÔ†46໶Ÿ?/'Vv– 9[?æ‚~*‰ydç'e‘ T"äen.iÀÁ{;ýЀ¢3 ·1lªhº®1£)˜šÇÆÆAŸÖ-ç^wAAî€6¾¯{½ÑɆ%>Ûá:BI¡óþ>˜¸î5‘íC]x©),;4Í>ÍÖ0„FÅiF"-C‡^¹XÜ«ÄU÷þ•¬h~Ãluê +ǽxéîÀ®“ý$´j,Ъ“a-""·rç3–A0„Æ:98@?|òØK}r]à¾dŸÙ5œ`Û~PöY{HÑg¦1ÜâP%¹öè®dÜžØ8 3»Lª‡ž!gÓð)â ‡ˆ3ä¨çÕné»_7T0tò£¡ø®ªwež-ó¬úSË^àÞ ì0ž©Ž4†ËUǕﺿ¦ÃÚŽÇ­´p,¤ŒzÀ•R_4×s1êÛØebÿ~|,µabÒ‰RJD±ù¨‹Û8q¬¢O¼¸õä‰Q~‰'F^db˜sx­{ð¢ƒOi™‰’¡PA@oj×o¯Åå«ñÎG§Áô‡ŸÎg ¾É(Áÿuysy{!únÇ—ëFŠ$Ô ÐÁÜŸùìšü¢°^CÒ¤"ŽÒd\C*4B…ôT  i§¡§*¹ø©WÈI} gú ë#Eèè‘D0¥ÎCpOP«Ä ŽT*Œ‘ÔiÍ æü¢šù¢{I&!ˆ›†ÏxŠLRÏ}î‰ÍëæDPÁ€ù_Ø9b%ÞÏ9G ‡vàœc¸7ä ]$µ¨ä´Zþ…Õ"iŸqŒ(¡ +ãCÏð»CŸÖÁžûRÁ'p]‘>ÁYîåÚã,¬ð;våKOfE׿š®péŒgs÷Z¤ª[Ïé–Xó…$Ý»òk€¤û{9lÂË•ßâÙ,cÖ!wä€8WWAFG×oNð ë…Ãk<¼°GxJ+Z_„ñþ˜å^~0PÇGòãÑêöí!KÓôKó˜Îç(Þ®>Z·<·þ—û£óþ¡vìTœú¡›Žþ:mägiÁäÙò±?‚Ûÿ0L„NS5îÛý`¡Üµè“ i|œWɈèižùéendstream endobj -1120 0 obj << +1126 0 obj << /Type /Page -/Contents 1121 0 R -/Resources 1119 0 R +/Contents 1127 0 R +/Resources 1125 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1084 0 R ->> endobj -1122 0 obj << -/D [1120 0 R /XYZ 85.0394 794.5015 null] ->> endobj -1123 0 obj << -/D [1120 0 R /XYZ 85.0394 552.4093 null] ->> endobj -1124 0 obj << -/D [1120 0 R /XYZ 85.0394 540.4542 null] ->> endobj -474 0 obj << -/D [1120 0 R /XYZ 85.0394 225.1659 null] ->> endobj -1125 0 obj << -/D [1120 0 R /XYZ 85.0394 200.3885 null] ->> endobj -1119 0 obj << -/Font << /F62 634 0 R /F43 600 0 R /F56 618 0 R /F57 624 0 R /F42 597 0 R >> -/ProcSet [ /PDF /Text ] +/Parent 1133 0 R >> endobj 1128 0 obj << -/Length 2798 +/D [1126 0 R /XYZ 85.0394 794.5015 null] +>> endobj +1129 0 obj << +/D [1126 0 R /XYZ 85.0394 769.5949 null] +>> endobj +474 0 obj << +/D [1126 0 R /XYZ 85.0394 445.1692 null] +>> endobj +1130 0 obj << +/D [1126 0 R /XYZ 85.0394 420.4669 null] +>> endobj +1131 0 obj << +/D [1126 0 R /XYZ 85.0394 234.9227 null] +>> endobj +1132 0 obj << +/D [1126 0 R /XYZ 85.0394 222.9676 null] +>> endobj +1125 0 obj << +/Font << /F62 634 0 R /F43 600 0 R /F57 624 0 R /F42 597 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1136 0 obj << +/Length 2988 /Filter /FlateDecode >> stream -xÚÍZ[sÛ¶~÷¯Ð£<ãà~é››8­:“ã¸g2§éMÑ6§©CRqüï»À%Q¶“8s2ž1@\‹o‹€Ø„›(M´ãnbœ$Š25É—Gtru¿±Øæ$5:¶úùòè_¯5Ÿ8â4דËë,K¨µlr9ÿsª‰ Ç Nÿûöüìø„+:}=ûrLHŧ/=}wyv:6ýyvþ -K&/ßž¿žýòÇÅ鱑ÓËÙÛs,¾8{}vqvþòìø¯ËߎÎ.{•‡ÓbTx}ÿwôç_t2‡ÙývD‰pVMîàƒæŸ,¤DI!RÉâèýÑ¿{ƒÚÐu&F É>NRŒá¤Ñ‚‹€ÓåmsÒrÚ3;-Úz2y,g]†¹ºÁôâ‚áÿbQ[ä]YW±Ý5¦]|qi†#àÇMù©ˆÖmYÝ`ö諭[ó›â€¨î~UæÙb¨ð*ê]T]”‹,'Œ§s¼ºƒÝPdü´HßÔ'¸ M_§¦Åçl¹Z/ðë.ö[–7·fÛÛúnGêÅE‹™â1Úr"(—m€µfÀo Zç1â–8*ñÃÈ Æü=Ekb4ÕyŠA¤ÁX؃ƒê Ò` ”$–*ù˜w( ƒ [kㆦCT8 ÂÍaTãýÀkFrb‡…*1ͪXµÍµ|QϵüÇÝm™ßb6¯«¶l»(Ê3'Ÿf(iü¼*;ÌTëåUÑ`þº^,ê;ÏVB“ûAOàõ2+ãhU¶,È¿ºL(›Ï#kwѺ-¶XPÛeÕa¤I³wd{[f‘tuu$X5нbá<¤a’H¼º¢©ŠnOîó3qe»Eý64/–·åç~V‰–ÝmÔì®Þ™rÒ¹ÈòØ&ðÙ@Q“DF#Æ>ï1nG™éûrY.²fq˜‘Å›„#‘BN”D*mŸ¶ÀÜW-0÷0™ä‚8F¿$pb±3ÒœÂÁGI}0ö+B©Sŵ?¢¯~ø@~ùž¼™]ö\q×gç¡”1„‚ã°V¡ŒùÂÿI¹# ÄVˆ”û¶ùzdŸw£è”SŽ‰ÇâÌŒÁ}âå¯p†¦Æ¨Ÿö`êÉ%§Qø­;‡ûòãù›GìWìÒ0˜|dçðÇf™zb„êƒÐ Ø›0ê­²kb–0YØ~K1+ˆ¶šÇæ/E¸’çåµ×âº@eª¨òEƒ0HßÄCµ"–9o_øûL—9Ü{¸×«²Í×m‹÷ ƒ!ývâo‘×ͼÑÝÇ IœdxF8õ{¥æÓyÑæMy6@ {ïUýÉû…ÛDf_Þͧ¢‰}Ú®N·¾®¬p“Âê³Ø.ëû–E, -[3”íß·øZ,ÍQú¼ z°ð°7îü#Á+îŒÞè‚;@²Êš®Ì×°}Äï²< ðAº5…Ðõª^{{ š¤¤;Èö[äý–…¹TÑHI‚Ȩĺ]g Ø·ÄMï1BM¯P4t®c&[Üe÷0ß­)áUž‘‰émÝv0ƒ0#‰< -ÊÛÒ¯…Ö3ˆE ‹=UðÝmYýE<Æ“@1å?½žþ;Kiìx¿ ->%«¬l°EˆpäÃmjÞû -Ô"$>ˆæ (›FIHp”ë¡ùŧ,¬.àÖKšT@ çXØ»_üŽ4Ä×ÔÁƒPzk†ë2)Ât°fÛÔPX¤·ÅbÅÜ·]±l£ -ð¨eYÅîw·Eê3™ÄE¼UMÑj8©Qê˜0øÀŽócam(‚+“@.˜W  -êVÌ‹øis_Á^`œ…¿åU"zŽo.7}®]‰Š¼üH)O#cú‘Rómõb£¤%&«¦¬›²‹ƒ{aíL½ÃH©uØ>Q;(È’z8Ïë»Ô0*ø<|¢LÝ (̳x|ÛÛf˜{ÕsïÓ†%7ŽâÏ°ÈF&’\Ø©°iÁÌ'@¦³\\Ü— :Î)Cÿ½¹†¼G…æ­_>+dŒa6Æ_lPÆî9Ä IvÚÚõ2†™­ñ-D™(8Åð0vSLúèæ6È£^cÛÇðU]ÍËêÆëëxœ†•SÝ·ë@9hÕtø™ÝàVhýÊ]Ä6×æà–åÇ~uL“Ȫøe,P‘›ø|U¯tœ¿dtú®w!ßíÔbóy=jÊŽ!¨áY”sN|EÙU[/Ö]_Ë"«ðÞÚ|äÜ`1hšš÷@Aƒ¸Õuµˆ ˆþ`› ÷­@^ƒÙ°¿÷¢AÂWâ ?˜ÚÅå56ɸØ8‹M ιJ¦è­úW -Ÿ +EÅ·ŸYžbb(­1Mkn»aX{*Ûç®Ò°¸1–Gf]äizÀ]„“„ú;<$^ËuÛ0 7À×ulï`˜ qŸ°„úSà¶K·m—Y—,N‡a{î|Y4´;?}s¶çÑy<#]ÚçcA^{AøÒ¢qýéÍúƒ,Ã/'»ó5OHH…ôª[Ÿ6INRLÛýøѪ>ƒið«½Æqðøòt¨ÕP ¼þ»h0P7þÚ&aØ‘h—?PMï>-oªzãyVÁ^œ…ÈLÓc“u)º8:"dË­°C‰‹ýÝÄSŸ_ ö¾ E{¥ÑÂü݈S@Ùªö7-›qF–ÜÕýÎSY°ÒÞK†s©±vÂÂÕº'½ŸrG”aæËuã½¾ÇÓWšÓ ³p¨³ÂŒŸµ µ•ôS÷×Ïgã9äõ2<~çš{ÖI]¼>¤6<ù Ùê²{ -wp - ‡š|Ûä<ŒÌþìx,$1ܪwØòVI8ÁZ"X\O»è¸„Žèð'ÀÃÜd8òóâÞ͉1B>††Ó³rî>|ˆñÔc½"usó:ƒq`ïQ”Xfù#«MI"©Äiýyß,9®àmð©pùÇC4ü†HXbµx!ɉ”N÷í¬!ØÝ€ˆ†h3øs!ôô‹Àï±gøg©Tþ‹` O¹ v„I¦¾tŠ¼nô7*?Ñ«7H8œø8g‰,@y ög?üÄ |÷šP1¨–‰~*ìLôgWª#ÔèLþˆPÿÀi¹M,Øß7¦âgQÅ ö§aWô"žE"ûòg[ð:Æ·ÙI¯«¢Œç­Çš:½]µë›|Û•‹Ü¡_¸!6=ûà»w¿ôºÙ¡¼XnËOEŒŒÁv¯®Üp"ŒP"ví.¯àÚà7Qc”I® 5,nB#¯îò{8ïÞ‘(@@& +•¬š¶ƒ¸¥` ÁÛm¡í°'ÀBà®!@·*ë?ä™'dDxyI]¤ûyü†…÷¯Ùäå–€„B%˼ËQ8ÒÅé½®À(±[ÀÑ +£þ]Ù­â.Ò#ñWŧÜÛŠÖ¸Ñn\Ó&Éë%{õ }ÂêG/ h (Qšy…}åC#û¢² +¿«¢Ú4÷mW¬Û@BÑÛuY‡åw«"®ƒ“Mâ2ÄjÑ[5Ü·)Ë”Lý4]:p üÌ{CóªäE-/^ÐMÔw?£©h`YT §Û{êyyÁ·áT;4§‚©Õn@DÅ¢üȹŒ;xaâNqú>yaR¤’>›mÙlË.lîåE£lêF§^aÂõIÔl„KÛñ9[ïâÄ@P±¥.á´ÁEx?=5GìÁ¹-ÍÍ;÷¦+–¨Ó©ˆj:Þ¥jîÐÈ&ì³Þ­¯ ïY\‚ ܶ æ¹â69÷Î% ÷ ‡3ygˆý^¸Øñ[áô͇|…>ÌÿKÊ°|>\’K¶ÀífÜÌÞþ¼L@}¸ß» _úôÞ-8?!µb×ûðMS/ËúéÍd8†Ó 1çu@ÌÚvÔÍoé*th¹U˜s“SK'×ùâ°® ߈².>rëõD‡ókÁ“_zÂ%$§–¦/›©Ó‘;§¶Ê?á–2%¾'P~Ý6Õ®+¨·.òÎLs>J™(Ó{FÁ„¿ÃM]…‰‘‰Å¢+ã¦þà8 ðm©éï÷ÕÈIà 7a/V˜ÌkJ_ƒ±IŒÍèÁ¡¼7´‚N`Ó[ŠÑÁ Jw±ò>ÑCúF›ÛŸèmÏDacë:nKÖH¾<ÐtÞ…8ÍŽbù"×i ¼Ö»¶›ˆp ¼x݆I$CÜ&'>€N@Þm¬;Pé¶meÞùÛüõ‹±ÛÜ‚ 1ß¾xñölßÏ“ò`Dºóaú‚EYãƒ?Åöft÷y*ê°*îæÏŸM(À6MYw£}&üÊu(Z¾¨>ì0M´¦.iÌxZUFf̤"ýº¤nzÕ¨Xñl¹v<ò˜ÔY1k§jíàèœI£ç±E³Fç  æ:¿À¨““D áÁO!Ž†í-9ÌÂ3ÈÂÈfcR¾ítÈG‘bBÕúæ4Kõ~  Ö3åƒ@ÒÆÊÍw²Èå¹#ŸÈžaãçåγªdî©3îKìI!yN¥>Â9fÃÈc·aÍööæŒöýsÇræ |ÜØ”ÕL‹”|ÔCóØ}°8‡÷¢r^¥|íOgÑhó¿±yiÇ\jÌXd$ÓVŠžE6·Û#<’Çy4Úý¹xôôJà_qi É9®Í×V•=ÝÇ+Š+ƒIG±ÓPü~2«¦AÊQÎ'¥ˆáÀ}¸ß>û£.]ᇅB#˜àVÇôÀX&‚Q/iƒÑbÍ€Sv„S~©68¸Ã¬8ùXOQ‡öù0V‹¾ ÙHˆ¿0»eÎ +¹Ÿ”¡ˆXeÈ8F•Å³ÌÙ.…Ï’}ysà«áGØfAe”ÈÆl¼ì×$”ˆãCB;¬¬FY©ŸZZý°~ªBýô}Ñu”¸¶««7O¨”^QÔf“®\ó®™W”¨„x”ÆÀΆâõÁQ-©C…èÐUr~]vaBÇ[⸠Ñå&d„Eˆ*ý,B°«Ë®ïl!Ž]@úÝz‘Äð¾ßÒbZ¼Î·%½š¥T@: Žª²U¨øR+å%*&·ÐZä Ê °ŠØâM¡]`€€«Ôˆ¥å€iÕÜQ£j¼¬¢¤…J‘„7lu]Œ6ZFØM3¤@*ñ,ÄêòªÙUýœ©4cY¶‹E¬÷Þþlê° +ÕŒýðšpàõÏf"… ÚHý¤×L±”§ê+_w&W nLò¯y°Š+î©x¦¹ÐRâÈÓ8€ ®ga-ãNQ®üþÜ«üH”šNªÜ~ rYš +ŒÖÑ-•¡€€.b¨‹Ûv5ï†Nþâëwo_œ_ K'èP{Ã'® ¥¿!jפh÷Ínò­·7ƒuþ¹\ïÂlttóY¸vñ1»†ˆ¢˜ã¶êm¸ZÑ«Åa$”‚ÌE’©Ã·iê²âÎŧvõíoσÒrû¥Ð+­p ¼ñÿÞOh¬ßÕáeq“ïªîÀëõQ w|òÀº9=› ή/®,µE÷ˆVŒøý8Ð +ýŒZA¬âQÈ4ƒÂí½ ù°BàT%gôv, Jî@hÄ´ñœ„qû-}É—I‚jþ:e}0óòÒG„ýóÂbDlö^“Žª]ãpŒèãøàãøØÇñp–à/ŠƒXùˆøÆ>—ð¿âoÁE:—x0‡ÙËÒLOý=ŠÏ¾˜ä>õÏXÃÒÀU*çä´ŠöIË€+üÍ=ø¯XüÛVœ6"þ¿XB]endstream endobj -1127 0 obj << +1135 0 obj << /Type /Page -/Contents 1128 0 R -/Resources 1126 0 R +/Contents 1136 0 R +/Resources 1134 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1084 0 R +/Parent 1133 0 R >> endobj -1129 0 obj << -/D [1127 0 R /XYZ 56.6929 794.5015 null] +1137 0 obj << +/D [1135 0 R /XYZ 56.6929 794.5015 null] >> endobj -1130 0 obj << -/D [1127 0 R /XYZ 56.6929 726.9349 null] +1138 0 obj << +/D [1135 0 R /XYZ 56.6929 756.8229 null] >> endobj -1131 0 obj << -/D [1127 0 R /XYZ 56.6929 714.9798 null] ->> endobj -1132 0 obj << -/D [1127 0 R /XYZ 56.6929 546.8104 null] ->> endobj -1133 0 obj << -/D [1127 0 R /XYZ 56.6929 534.8553 null] +1139 0 obj << +/D [1135 0 R /XYZ 56.6929 744.8677 null] >> endobj 478 0 obj << -/D [1127 0 R /XYZ 56.6929 435.1867 null] +/D [1135 0 R /XYZ 56.6929 645.1992 null] +>> endobj +1140 0 obj << +/D [1135 0 R /XYZ 56.6929 620.8596 null] +>> endobj +1141 0 obj << +/D [1135 0 R /XYZ 56.6929 421.005 null] +>> endobj +1142 0 obj << +/D [1135 0 R /XYZ 56.6929 409.0498 null] +>> endobj +482 0 obj << +/D [1135 0 R /XYZ 56.6929 255.583 null] +>> endobj +1143 0 obj << +/D [1135 0 R /XYZ 56.6929 228.2785 null] +>> endobj +1144 0 obj << +/D [1135 0 R /XYZ 56.6929 186.806 null] +>> endobj +1145 0 obj << +/D [1135 0 R /XYZ 56.6929 174.8508 null] >> endobj 1134 0 obj << -/D [1127 0 R /XYZ 56.6929 410.8471 null] ->> endobj -1135 0 obj << -/D [1127 0 R /XYZ 56.6929 210.9925 null] ->> endobj -1136 0 obj << -/D [1127 0 R /XYZ 56.6929 199.0374 null] ->> endobj -1126 0 obj << /Font << /F62 634 0 R /F43 600 0 R /F57 624 0 R /F42 597 0 R /F56 618 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1139 0 obj << -/Length 2707 +1148 0 obj << +/Length 2593 /Filter /FlateDecode >> stream -xÚÍY_sÛ6÷§ÐÃ=P3! - ö-Mìœ:­SÔ¹›æò@‹°ÅŠTD*Žûéo P¤LÅé%7½ñŒ- `±~ Š‡?1ÓŠq™Å³4‹™âBÍÖÛ >»‡±7Âñ„ž)rý´ºøá*‰fË’(™­î²4ãZ‹Ùªx¼úûË·«Ëå<Œ6UƒŸׯ‰’Qóêæújñæ·åËy«ÅÍ5‘——W—ËËëW—óPÈXE @:¿ß\_ÓÕâ—Ëù‡ÕÏ—«~ËÃc .q¿/Þà³N÷óg2Ójö?8YͶ±’LÅRzJuñîâ½ÀÁ¨:¥&%5S:J'ôG3!X¦T4R”ÊX"#i…G“pNÎyðÎt]YßÓùV«_Z<H‘móYÅ,‹El§¯6Ø“4èÊ­ï5ÔVå'Giî܈g^.©ý7ç‘© -úQ¶Øê §Ÿ2¢ö¶ìÜxÝ™{³§û¹ÐÙQÓòRjjuÙµãå[³nê¢}¿RäuAë•s¸¥wûr›ïËêÑÉhA*¨Ýë}kÇ¥ÛDÛTŸÌ¾%ÒÃÆÔÔƒÃ:¶u¾¦ƒK8x †$cí'QÏÔ)L»Þ—·ÆIÚ4Ô©{%Ð˽/×-uk žv×Ðþè7iQí¦9T=Ïøtä:EÙ®s;µ0îVp·[°Š»¦ªš‡ÞHº ­áF»ÇÝ>t­ÒÉŒ¨“÷»ëÞ~ÖU6¬²mÏ^!Πæ¦v³Ð\*ÃN½N0H•Æ³$S,©ú¿“™d)OOüî¿›å7ŠŒS¦#žžßÍã ËuýŒ±¨°?T˜Gš%úèÕC‘`RJ5KtÊ¢Xgößݼœ‡<„¿¹8¨òM@É×ÁRvì|v*R¬?*éGâ 6÷yGN­ÈØœX#fÄ´Úøyàl½ä¦ji M .Qdm#§rf®TÐÀŠ{ê¶fï|K%ÁCYUDöݺ ÛÃzÍ6§³(8 â×ÿz}óëËÅ5ôQ·îšº5í”áßÑn·dlÍM9ï -Ûüs¹=8nþ¬‡ì©3Tª‹;Õò@R.¹o½‰+.7¸é'f®¸fQ©ohßfdhÎr&Ätɲ/f¬'"ýŒóv Z'ê9»•‹#MÊý› ðS’že¤MF)D&ºÃ5©óŽÚŽ¸1û숂ȼŠ#Ø£8Bèða¬ _ ûAê=,ÚºUÏ›qaîòCÕ¿Þ( ˜³ xK‡NÊ  żvgÖ%ns}"¨5Ý c ño»ÅSÈ¿§a¨ Ì MÄs†!S"¥€æ•eQ äïT—àQÐ FÊ%DèlrëvÐË©!ýáï–Z -j‘r €úÇÀ?Êú„s¹DäAÚ”~e’píc´;o”Óá>Øñc°ãÃ`ÇÝY\àðéÕwÊ/ÁP»ßËŽèó¯H«"L§€WáÞOÇ0ø –ïªr]Zl„ô>˜ÂJJ( àùœow•yAP]¥c¨>4>±‘|;è£ ‚¸·\ÌqŒ*‡Ðó„R1!xÒ—±+5š®3Ï_óÝî˜ëœ/Þ~ŠŸ¯'–ÆÉ‘dГªÔÙiº²©i#w·± 8JÒ1øë>¯Û*w|0rLë8kñ–¨yQ8¡- ØK„\ÔýŒ2µe‡ì [+ˆŠR·Ö"]8ù(]Erþ*Ê:´ëCÕÉòý.ŸÐ ~"S‘»n¤N©p‘: Þ®–ÔqY‘rXFñàRi3–¦²Y)µYÂÉìðh>%ÂÀ6/ÌXReP†]n–òB¿çªjËûšRY^c’Ó஺°«cP“§Åò‚8*sgy%U“@Ù—÷ˆzaÌS1J­Ç¨(z·kÚ²3D>.d½,Ç ÕZþH´ -lVaœècÝã‡öW¶bÁÙû² § bgjfQ ìô€v)9ev4‹Q\F©ŸÈ6Ú;óŒNÍ3rö…B$‹°d·\1.çeýJ`GÈ[?¢E?¹øÈY}¿ÐÄ‘$¬),~: Dõ°_{I*=–š@u»jNk¼øÛ»öÁvÖ††Ç&Mœ›¦uÃEÞåD3ÚájÿÐ0Ú Õ£Úûç)ö\‹µO2LÉÑ¢0”Ø[BU[þå®rè0Ð9ñD"–wÔÒ® cƒâ×ÛäŽs{,Ù-?YìÁsâyдd\YH9ÌvcàžSé‘Ã{ÇÍÖÍö‘Èç<[UK¬ª%þªÚåë!Ÿq„JkfYF©³¡«ê µ­Nn–‹7‹ëy¨„äÁØ!ú8> ʆ«}Û Ž ì¡”T°TÅésJI“± DˆD:u ^ˆsÖ°s×4l`mç«[UOåü¿ V ãB|±F ×4ãȱÉä«ÞEIJLÅg},N'úÏ”~ƉRûgx(s×r„§ 1ã,0=‚xøC[ë¸@•ÄÂÚgJF±ƒ67`-®áÎãì%1 úö¬GX‹m4{ÝÀ‰fƒCyÁáP²=”ŽG&€á(Å%qÒ?Ùcé!ƃ[Øèåcñ eÆ1Ó - 4ñUu„,ë#„´3¿"r,ùÞ ÝáÕ<Ø훹PÁ§’²<’°¥éÝÞžná–¬<'Ž¦®Cœ€òÑT? µuÓ¹ŽYLœÂ&ìã9R¡0HÃ>ž [»¸\w¤¨hó{ƒûGÜ*«ÝãjöÄØÁø §Ïò”áÆ,—jzЖ€{Öy究X ž# ”àf´Ôî –ŸæPPœÈìçVeK_ ß¸Ãß—õ“8g)Kd"gCÿù6—DçWY’ý™8÷å€1ôò˜%:Nžùˆ$ ö±T®¼9>hüÞ¿Ü_••ë½.÷ô~wîãR ¾Uƒ§V­¡ Uï©ïDf´µ7 -Ô ¡4^yÙ•£#öG€XÛ{²£4uyõŠ‚KE=ú¤µCcÀÔn[óñà¿QÀЭ±_w g>ȧï#Xtþsƒ»š°ÉxõGi£?‚}ÔiMu7~ ^WyÛú:º0;\³öO…ôÎ'@çÓ(ÓËo­vkÆŸmú}·¹ض{9>‰k(Úej9-üõðµ¶ßÕº:¦cDZ ¦ŽÏVásd#>#ȨÄ÷bB -¤´¸~õËo¯/§Jì-ø(‰ôU"Á'$@A/Ó~î°13J ™e±G‚MúèL8è¿ôøqäÏûÁ»ÇºË?ÿ8±/‰O¤ÉdÎIÓ'JKF¯ ¡-Žž.ž,‹cï'¤ȯlÄÐn‹69qS‚bé}8÷±ÎKŠŠ§ÐˆÏ¼/}ó—ôc€‹S&µŽ¦_û×C¿+{éì꿹Olþ?8¥àÑendstream +xÚÅYÝoÛ8Ï_¡‡{Šå‡¨Åalêô¼h“^ê½.¶ÛÅ–c²äZrÒì_3R–l¥iw÷p(P1äp83œßÐÂãðOx‰f\¥¡§!Ó\ho±9ãÞ¬½>–&pDAŸê§ùÙËËHz)K#yóUWÂx’o¾üè_üëüÝ|z3 ¤æ~Ä&Ž¸ÿÓìêͤô¹¸¾ºœ½þåæ|‡þ|v}EÓ7ÓËéÍôêb: „ +µʲøíújJD—³7ÓɧùÏgÓy'r_-ÁÊûùìã'î-A»ŸÏ8Si¢½øƒ3‘¦ÒÛœ…Z1*åfʳ÷gÿîöVÍÖ13I%X¬•¨%°è+±D¦1U§,RRuF Õ˜QCÁ¢4Õƨçe9 T*üz…_é·ë¼Éij>ÓÐä2Ÿ•íËÖÕD±¯ŠÖ’Ð~á7ù¢®–Í‹IʸÕû»õ±ðYE»níQù—mY,Š¶|¤ùf›/Šß9—ùÒpŠüU½£¥üK¶Ù–ù ¼¨——:îiȽ@–j-nb­ø†È†)K’8r¤b–BzÝÞÜ€¥ ”fBðȢτà@œsVÝç;´:ÎÛl»-ª;ú£¨è;{wŽœBÊ¥¡ Ï›ÜòQ)÷«lƒ£$õw‘øyS—û¶¨+ZýkÞ®³–( +²±öÛ]V5efé`ee6×Ú5{G³Ùri™6´`.ðP`-h¶h,ùb]€hKš½}¤ÙMgÑ]8G‡±W=}E˜ó!&Y¶Ûf#v°)Ó­,ëMV}b?«PŠ$òßÍoh@Š,jó]6ȱäþ´jwEÞÐ&ÚñìÄ‘fyp±¥…M¶Ì‡œÊÑÅüÇ•^HË:=HÈC~K­W©b1jýŸÛåéÝÔ“Ð>¼ìÐ)?dtJ:æ, •èÀÁ t +)˜RJ{@ËBDhÅ\ßÌ^ÏBi¡¸? ˆ.÷m¨yÂdX®Ú_Óm¥î÷ï4ŠN¨Î?c”H²0 2A&Jb0Ú%‚%¥½*vù,KN7Ò j¹!îâ Ði %˜zGcË +0+  ¹Q˜}0*Á+/ÚÂatÄþ+sOf•¶Þ\^ЄàJÓÈ´U8 4DÍþ¶É?ïóªuÜnó¼¢Qþ@þ2_2j:?¬Qª¯¯N…5:°Qn›¼\ÙqCßE™5룗ùϬ,}†o88½¶;ûÚñ›}c™ÝÚ™Ú +ÐÉÝXmea’ ¸‘¢‡€qæpÓ$ݶ•jQî—y÷ÆÐË´ +\=ŽÄXúø¦O)´¥{1 +ÐL"”c4»ºxóË«éX‹ AË'²Wµa)C@>IìxÎçoÈ„º SŽØCAxñôL؈˜;[vøqÏÇÁûǪ;ü0"—ÒLcF1ZŸ-¼&¦9:=<‚À†ªhi?Žp%bg7€vôÉ‘›„y‰îÓˆø@ÊØùSüÜåÇdbÙä­ñ+áÜUtRË®ù.óÃè¡ ¨Öã©Na$[Êš¾YõHƒ}õ*•}|£§Ï-J(H¹=7£Øì'l4 Ó«îÜc‰Se.z¯ "¤†¯É¨¶/Ä醾¦;„“‹ ½ŽE”ÈÔ阃Ñ7lBHwWÿyMŒá¢º@Ýzþ3`¥¶‹.þ~‘jÀŠE& uê„¡ð}{û Q© +ќć}Ú…Œ¦–¬3åÁ ÐÞugw²°õ*soJé£W®Ã í0ÿvïa£”A‰žœDH'-=EÝí7] (\½h‡uÃ`3“ÎnÍ£iÎFnˆÔŠd<úLwÜÀ×·>˜ç-î_\¿ÅŸ¿=Ÿ]ï§7ÿ™ÞŒg·þyNf(µÅ}VvºÁ-Œ¿i÷öÂñlúëùÛwo¦ìâú-#¡­(ÑP’!áéð±.Or¸«'ÿ³$>(Xƒ¼«{EÊyà +*í)\] |6…×;®#|@²$ÒºËàô„4ÂÜYêøÏTúu‡ŸÔ€Ê‚Ê3C›còô&ª‡^™¸‹ØQJý“‰¤K™=ÁÄmâ þ~8$b\%4cÅ+*“7Fä2ËYë Ë|[ì<òg«1Ô!ã‰TÏ^ª´ŸÓ€}?%QÅáØy¦ñµ¶—Gz&w‰Í¼YU¸EÕ¥ªoMiP»h·ùÒáaÈûÜ¢²KàCá~`êdþzI1Ü>vïß'“SûLöÔ ø«åÈÏ•Ü{öeî[íue aBo°§?ev?yZ¡LúJOÞÛTÂt"ãÑÿ …£sÞendstream endobj -1138 0 obj << +1147 0 obj << /Type /Page -/Contents 1139 0 R -/Resources 1137 0 R +/Contents 1148 0 R +/Resources 1146 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1149 0 R +/Parent 1133 0 R >> endobj -1140 0 obj << -/D [1138 0 R /XYZ 85.0394 794.5015 null] ->> endobj -482 0 obj << -/D [1138 0 R /XYZ 85.0394 769.5949 null] ->> endobj -1141 0 obj << -/D [1138 0 R /XYZ 85.0394 749.4437 null] ->> endobj -1142 0 obj << -/D [1138 0 R /XYZ 85.0394 707.9711 null] ->> endobj -1143 0 obj << -/D [1138 0 R /XYZ 85.0394 696.016 null] +1149 0 obj << +/D [1147 0 R /XYZ 85.0394 794.5015 null] >> endobj 486 0 obj << -/D [1138 0 R /XYZ 85.0394 527.3014 null] ->> endobj -1144 0 obj << -/D [1138 0 R /XYZ 85.0394 497.312 null] ->> endobj -1145 0 obj << -/D [1138 0 R /XYZ 85.0394 408.0188 null] ->> endobj -1146 0 obj << -/D [1138 0 R /XYZ 85.0394 396.0636 null] ->> endobj -490 0 obj << -/D [1138 0 R /XYZ 85.0394 202.1472 null] ->> endobj -1147 0 obj << -/D [1138 0 R /XYZ 85.0394 177.8748 null] ->> endobj -494 0 obj << -/D [1138 0 R /XYZ 85.0394 109.157 null] ->> endobj -1148 0 obj << -/D [1138 0 R /XYZ 85.0394 83.1291 null] ->> endobj -1137 0 obj << -/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F57 624 0 R /F56 618 0 R /F84 848 0 R /F86 980 0 R /F77 703 0 R >> -/XObject << /Im2 936 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1152 0 obj << -/Length 2290 -/Filter /FlateDecode ->> -stream -xÚµYÝoÛ8Ï_á‡<ÈÀš¿ô±XàMÜž‰Ós¼ÛÅuû Øt,À¶Knšýëo†CÊR¬¦)z‹å˜ g†3?Î0¼Â?ÞÓ‹R‘öâT1rÝ›oÎÂÞ=¬½;ãŽgà™M®_ggoÞF¢—²4Qo¶lÈJX˜$¼7[| "&Y$„Áo&£þ@è0x;¾ŠK¥EpñïáûÙhJ ‘cýu<¹¤™”†‹›ÉÛñ»ß§Ã~¬‚ÙøfBÓÓÑÛÑt4¹õ?Í~;Íj•›fñP¢¾g?…½X÷ÛYÈdšèÞ#üOSÑÛœ)-™VRú™õÙíÙjUûi§›xÈ„—œúIuúI§,’BZ?ßLÇïÆ4Øeƒ]ÅL -ÃÈWšªDãyP­ ‹b“å[¤E°Í6Æ/gQùzMÔ!®l·3Û…Y8΂ÆlûDÄaûpÈÖù_a(ˆGû>O3/ì¸(áœ$—Á‡•qûfôåßÅÖmŸ;-QȾ¬Ð®ÞÀ›2àœ¥Z k‰Îp#®kŒ`-¸é’ÆÌ.Ë ßìÖù<¯œ¿šîå\3'©sX˱œ7‚;¾_ˆCÇ Ž˜Å*ñžGÛÖ¿§¢ : ê¥ãüW‡V-Q¬ã˜5S:õÊÌVÎîùaOnØv™ªKâZê !d-ulµ+A€þ.j¿“‡]TÙs“ðH·®Ü™y#HB:;QÆ©²QÊxœFßV‚„ ¯mfÍ¿?lдËÒþwIã¶pÙ]Y¬•a' -DL¥< -P*Òª¥Í -ÃÀ|É º ›+4iÙýáÃÿ8/&ÃkD²èëáx2¸Mÿ0;5*lïçu6‡üs¶®mƒS8Õ¹þVûíÙèÏáõû«»¸¹f¤´S%jkÒf<=“Ï–éHÔX­™ƒÐ8ŠAPê|<¹¸úýÒ÷e¾7ó*ÿlº­šq¦Ý>m«ìËÏûJÍ4”¿eŒ›¶k †K Ë\Ug`;}˜9÷ø±C”†X;†bŸßSt?“š%èibûD6w‰ƒhÚ§„Ê昢­hæ,Q’×òl> ÉY¨DÜŠ) Lå,;ýÅÜ”%­Pzy·6ÑÂ!TµRÉ«\Æ“=2·ƒM/ØÚ¦ü~<â0®nçëòl-ltèe—³Ê/æNø®€Oðò£`¼ì @¨„üæ1…à@™6! Ä7‰.œP±D§ÏnœÊGv­lF.÷¸ö˜W«Î‹NQÖHõZDƒ¼Nv—™›(8˜Ÿˆ.ð|ÌKsÄTK¼|#ðN?Vß«“7þ63‡ùq ÕLø ( TâOÆÒ®ÊGJ[JÚ•ºFÚÕ(@Ïg³w\Ö#G9 9¤$™0ùD³«Ìí·ÛçP‘œ|Ú7gqüm¼içàR>®ŠíÜ´ÄBDÁý‘@ØŽ¨f ­2çÌ;cÜ…èKöµ:Uó”)®õ« -U.XšÂytªÁ©dBDé×eÑw!Èr¤ÿ¢-êX÷+!TDÇzVöjóáfPpñÙœKšA§#Åmt†LCè¼{×fð¿N*xÆ€J'L¤2Á­{=ÄÍ4•ÄÔ ­­G؉7ãè]`Q¯a”j_'5Mj4¾”Ò@`átܳqU¼¼šVÇÐŽ\`ß¾®³Òâ¾}2Ë}y1úR™m xò3¾Á4 -Ãów£Éh:D—ÎFÿ\F´v9 æê÷Pú+¾q6ëUÙUo –„âµÉÑa¿{äxì@è“iM¯°èðòrʆÓ÷èÌ¡—ç7`/½ru¼ÈA³å„` ¹ÃΧ9w‚3÷Æ  arK#=Ž×¯cmQ¼[1‘ç'/nç,|éÍOÿÀ›ypê‚.£øWŒ/Èa]‚Ä‹‚øK‚ž!¾ož¹\¼R¨xPÒ”±nDüZçWöëjçáÊÄ¿uü‘(¬‹þ“T£˜Ž™LÑìÎ÷Yœ0¨ˆ¤WÊÖɉæþoW§ªÿÛ°ËDendstream -endobj -1151 0 obj << -/Type /Page -/Contents 1152 0 R -/Resources 1150 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 1149 0 R ->> endobj -1153 0 obj << -/D [1151 0 R /XYZ 56.6929 794.5015 null] ->> endobj -498 0 obj << -/D [1151 0 R /XYZ 56.6929 653.8847 null] ->> endobj -1154 0 obj << -/D [1151 0 R /XYZ 56.6929 627.8019 null] ->> endobj -502 0 obj << -/D [1151 0 R /XYZ 56.6929 405.3123 null] ->> endobj -1155 0 obj << -/D [1151 0 R /XYZ 56.6929 382.8411 null] ->> endobj -506 0 obj << -/D [1151 0 R /XYZ 56.6929 301.1931 null] ->> endobj -1156 0 obj << -/D [1151 0 R /XYZ 56.6929 273.8371 null] +/D [1147 0 R /XYZ 85.0394 714.4345 null] >> endobj 1150 0 obj << -/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F11 785 0 R /F57 624 0 R /F77 703 0 R /F84 848 0 R /F86 980 0 R >> -/XObject << /Im2 936 0 R >> -/ProcSet [ /PDF /Text ] +/D [1147 0 R /XYZ 85.0394 684.4451 null] +>> endobj +1151 0 obj << +/D [1147 0 R /XYZ 85.0394 595.1519 null] +>> endobj +1152 0 obj << +/D [1147 0 R /XYZ 85.0394 583.1967 null] +>> endobj +490 0 obj << +/D [1147 0 R /XYZ 85.0394 394.0393 null] +>> endobj +1153 0 obj << +/D [1147 0 R /XYZ 85.0394 370.8687 null] +>> endobj +494 0 obj << +/D [1147 0 R /XYZ 85.0394 305.4099 null] +>> endobj +1154 0 obj << +/D [1147 0 R /XYZ 85.0394 280.4837 null] +>> endobj +498 0 obj << +/D [1147 0 R /XYZ 85.0394 138.799 null] >> endobj -1159 0 obj << -/Length 2375 -/Filter /FlateDecode ->> -stream -xÚÕYKsÛȾëWð X%bçAnZ/íhË+od¦*ÇET@€!@Ëò¯ßîé¤@ÉíV*ÒÁLÏt÷ׯ!1øç#«c&S5JRkÆõh±¾`£{øöî‚û9“0iÒŸõãì⇷FŒÒ85ÂŒfË/3kùh–ŠÞüõú×Ùôn<šE&O´aÑ7·?ÑHJ7nßÞ¼ûûÝõ8QÑìæÃ- ßMßN醴o¦ã —J ` =‹~¸Ò¤·7ï§ãϳŸ/¦³ý‘ûbq&ñ¼ÿ¹øô™rîç ËÔêѼ°˜§©­/”–±VR†‘êâãÅßö {_ÝÒ!5)!c#´M¤Š­ß±­Leœ°ädÛÿnU8 ƒh8ÖçO@ëðòdXqÌj¹ŠS ñA¼Ä»7¾êŸ K)õ(Ñ<F&ÎúÛ¬¾/Ð80[öf'ÈTã&8k¶*[°¥±Ñ"«‰˜ôljG$Q³¤î¡!bÙl×í_Æ kµ]¶í&m×lüª-=ã?´]±èH#£›Àjå7ùcbÛvxNÔçx8ᎆ»À*.#<">wm‘#¥p}McÈüxV[tDt =9▱躪h¢µpÆ+ E‘8šÕ~“ëõ®õ<çÅñQÉÓ6M[vå—">uÍ,X\µoÁסñ'ÁÇáZÇŠ'âwðÜ/9 5ml,Uj^‚׸ YªZê —ÆQO!— -`iS¹¼hÛr^ ¹´‡ÍC]l‰¬³uDSéä0k;æ6*ÚfçˆÅÑè¢qÏÀG€Óˆ4}æØ­FÀ=gQ»›wÛlѵô*={H‡7ou0Œ…X!NM´Øm £5ø‰HEhôf¢Í0ÛÒ8•\©tWùYKã½æÅ¢\gaüvsèõ劆7Yž;?zïs8­Yù¦>lD„„>ט@¾de•Í«‚>…ü€´+3‘ì%6?œP£³k6äÐ}@¬—XÅ@§”„È løql1ç˜CeÆq´à­c-SÞãMü\i‰{¬Š¯ˆR’â±Â&ï(%‘ˆJ;…€ -LìñùuÐïŠþ˜Û!5ñز½$ÿÌ,{wwÕ=i·ÙàÌ(Z”Y( xäp¦HËŒ@/‡ðï®X8MÀþj§ ØvYõç/Euˆ4(œk^”:‡%‹S¦Ógë6W|`ù}lé–ºéºéˆÈæmSíºâŠ^Ésèûú-1{ïãÌ击›w7·C²AÕËE@~Ø=“Öäϸgs²7–ä¡j6+˜°Çîý–:¿$Z4ëMÖ•ó²*»Gò®T‘m«²ð3¿ † |mêa4`Û`‚F/‡2Ðöó´/ -ðm»[=$Ccp_—ßœl0–Ñ£¬ór‘u¡ðµ`rcí@]è´CÊ•½\ÒÃÅȾª(†ïû-Ö+û¶C3ø'Ü:h¬­â/´‚Z§è,N_]º1ZhG dÂà¿Ií"¹‹ -h8®@>H¸»‡þ—û¢Æ‚ÏÙRŒ _$á>¾Ó•£²n±"ûbÒ `NJŽot凙&œŒ¾ôOŸœB¾è¹Ô«¡lþŸ ÜÇÈe!ãôÙËò',ÊóP†ô™0+_€²² ¹{ܼ|a|í.Bh-¨p}‡ä¡#‡/Mý+µP&6ÛŽ.mÇ¿¥/ûzÇÝ]Ñð›Ûë_¦W4úÓž†Fájè‚øþ|v®½Yo?>c·žB^§äÞ¬?ÎïÈä~Åy»'Z¾”u•Q@¤þ®°Ú<6œÓøª=vb_ÖäÍ: A…žk=oN\žlÞ,Š¶ ~Ô–kh߶îÆ¢W6BùûŒ!z¾NkC~ú_üêÃS裼òilm’ö¤zòctæ±`º‰‚¦A“l-~ÔSÜ4ØÚÿ`S ‡Hn’}©ünz;½sÝõl:Ôùʘ±ýýu^úT‚¿` Âãð›añµ+j,ØOünߺl²­§šåIyÔB”“ãûU‡|ƒy¤ò4¶ýYç{ ‹ý—îª>…çN|8 ø-N{({NKs“Io³Ùû9Þ¼¿þøñp¤¢ÊŸâ8˜‚º’„âS³Ñ‹á{ý<üŒm›íÇsyÔ}zL…S¡žLúÄ¥µÉÐá©Fëendstream -endobj 1158 0 obj << -/Type /Page -/Contents 1159 0 R -/Resources 1157 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 1149 0 R +/D [1147 0 R /XYZ 85.0394 112.5279 null] >> endobj -1160 0 obj << -/D [1158 0 R /XYZ 85.0394 794.5015 null] +1146 0 obj << +/Font << /F62 634 0 R /F43 600 0 R /F57 624 0 R /F42 597 0 R /F56 618 0 R /F84 797 0 R /F86 977 0 R /F77 703 0 R /F11 1157 0 R >> +/XObject << /Im1 790 0 R >> +/ProcSet [ /PDF /Text ] >> endobj 1161 0 obj << -/D [1158 0 R /XYZ 85.0394 769.5949 null] +/Length 3047 +/Filter /FlateDecode +>> +stream +xÚµ]sÛ6òÝ¿B~ g,ŸÑ77Qrî$NÎQ;Kó@I´Å9ŠTD*‰ûëo H”E¹îe:ž1– °À~PbÄáOŒLÊR'ÝÈ:Í f4_ñÑ=¼{s&šq\4î¯úyzöâu*GŽ¹T¦£é]WÆx–‰Ñtñ)I™b€'ÿy3¹KÓ××oJ™¼ü×Õ‡éä–^¤aéÏ×7¯hÆÑðòýÍëë7¿Þ^]XL¯ßßÐôíäõävrórrñyúËÙdº»rŸ,ÁÞ÷ËÙ§Ï|´ê~9ãL¹ÌŒ¾ÁgÂ99Zi£˜ÑJÅ™êìãÙ¿w{oýÖA6 Τ–óI«!>ÇR%•çÓtYM:KšMy_Öçõ‚€ŽÞºd¾Ýl.D–uGoÍ*Ëë|К¯Å&¬êš¸w¢Ú[T*©=Дùw£T2Œ,ÇešLê¦Ç]ã'ïF zFI¸ûþbœŠd +ÿerd€“[iG)HD"G¾ŒˆÇ9E‹z°§uÏ?ñâz%F¯ hÔ#*"÷1{¢2ÝSððη þAÊ·¯_^Œµu «(ãI».æ%JÕ_u˼‹PAkм%à,*¬0 YN´Ëf[-h嬠¹MÑvͦ³ù]WlèE^W³´¯ÝJµÜk÷˜tu÷â@W{ª@±ÒL ±\ÂÚ$³ É“-Þ]§IÙÑdÙÒØ–ÑpSÓšoËßÐ$±€= à!:\NÎÀ#‹|8¯Ú&œÌ.^.PB*Ùþ8U&øce úc.8¼oirÖtK‚š;áz«°wº,ò9]Ãï(âTÝv$·m± ÜyXžÓ°(.O¾–9±ž²¼+‘=ÒfÉݦYä• T¦Kó°qy·Ýpfxé]ŒHÇ‘#Ñ©c2sÙ¨oª?fýègŒƒùñ>šü˜oê;É,¹(ò'CÚdÓ–ë]„6L8ç!g=ŸNßôªÜó®üZ xu‡ÔÌiA¸>>Ô]þý§¡@a˜©‰–„Èý"pûE"€v1˜,Š»|[u㮫NN3&µŽk? `S Ø6ž8oV+´“cDZÀ¡*"úLV!®AæsJfD^ñÔñGw¤‡é…^ñÉɤ!ø-rÏCpÃxMÜyí ÝÎÚâË–"»‹¡mÞøqÑÒä·M ¡m½(Ð=Öh7þ¼éÛlNƒ†ÿ†GçUÙ{ƒHrBJÓh¬‘˜Ó +> ¯ïƒ.ð±ÚêL¥ÚÒL «-4?äÙ^Ô\?u{Ÿ$x,C”'‹@*žíÏìÊqÄ7E‚§;ÕNƒbïsÊwyëݾOE˘\L¾wEÝ‚;ù üŽˆ"FCx3¹™@æ ,Nþ9‹88åX™SÅ8W1À÷dS-Û¡lK²ŒËçÇ°…E)FÃðÇ árLHc£¡Uy;t#éX–Y×7³Gh \9‹wîÖÀÍ ä öÿ˜ÿ#Aw†¹¨×ö”Àýøa“ª¾‚Kˆr­×m€|^-ÓdRØ® ùœ†¶Ø”EØä FZÙ6[øû Äî“%¿¹®Z”w¸äÎë><ßù>jš"Ÿ/ÃJ3œ…­yMc †“CäÇ2lÈöÇ‘êƒ ý—¬‚"-Qs'WG|—4ùe[ppŽ—¼^7XCyŒÛ/¤îo†*« ¹T$ä€úEQ÷9&*;'×Î7åì ''lpB/јª¢ ;!ÿ¼zõê–]Ý~@f^E|ñ€ c‡ÜqPÛ÷·×o®¡~NÁ'r†Ù„d=¼Wl(Í +Dÿ‡ûÄX4Ü|¤ñãäö·Éí9›ü~õîÃÛÉóP i <§áåÍÕ»ðòœñaÛ§(Æ”"”µ?á„ø7(8!ŽY0D”8A”xB$ŸäŽx +Q3´î™Ò“ÏD*Ÿ‡”Hfl˜iŸKBXyâ¼~žAÞ*¸Ik[ÏH˜$ß–ÛGýœÿoW¯Q;ƒúöoqÇ£Œ=Ò©UÊ„¡Åqʬq™I ™Œªý Ãj’%oiFô¨86µ,E˜è¾5@6ºjÑù@Ùvù¦C¡·»64îç_@"µfè UrQ-Ã!˜ÉmÚnHwðÌ=/Œèã/Ñç D€×uxP±>\ÖRî(zÂ(0ã5irUU4AI­£KŒjþuD½Ú¶ç¬RèuÓ–˜ê†8/Ȧ'ÀÓ Ô>Èp3¸1L +ÿÎÝ–SŠ–rf•UOë·ÌfÆyÒ1µ§B¥'’LØ£´ÛUkÕ0°š 4ßjÌ&¤–„ŸÄ˜lì~Õqj³Ÿí‡lC IgaÑ>¢. ÷ðÀÉìPŽW5æ2D_Ö÷ÕP/Ós³,Òs>d`̤&&ÄXÉ-šªÊ7ï}ʺ +¤‡Õ¬©Zz…U›ó)?ÑGhß)¸‡ù z¦!ÓkÚrQú}U—Ʋq]åsJ0&qž-RdŒËìÐIÒíS;x +ýaìƃˆ…,®ºGÄ9=Ÿ‡Í5Íî°5Ûn½í~h¶ô¶.|‚%É|qÉ×Å~ï@•Ä!Ô‰,}B*ãÝšoQЀû|4Ìòù[Ȩ–„Dô{tXžÛõèê¡B D¨^O¨¤`÷l™ÌXfÕcdò²óS§ÅòaCoæVN)û®ŒÙ4‹ Vùq£YcʘWUxöö”aC¢ªšo^R™Ø)Tªàíø#£Z5 êÑnÐ85hú²Ä2Bi°Ë%©J‡Ž- • Þãó¾QñóN÷ë tâVùpRøþ!S.|ËQ;ïÒBÌ,oQ5É»þ%eÖï‚d˜~wt‡Å–,†ˆöïòÙ +p£ä.wƒnÂB+?(<%x§* %þzÝijNøÉ™VÜ>éŒà”è òv¨“.eÖió( ê@ïþJa÷RütéEñéùýùóf'À±íº÷eXès¸I^{G$LR|ÏW몸¸R +z-vß<~œª±ä—êr1dÏPÿ«'(Ș.š{4¸<”ŒÝ&ŸûJ%Ž{´êq€ê•ã*DF¿øÁ„wÍعV¿ÓÕˆý`Gˆ¥Ô–„gÿÕ ‚xN‹b^®òŠ|TÂ54üYÐ%Æë|±( kg‡>%¼£<2Ø#N)Ÿbq +Qãk^Vù¬Šig +¸Ã'š4Ý _ýÛùÒð!§RÆ•Œ¶j)0žY¹Ô·ú!ŒÍ;BnO!‡ÔL»½¦õÖ˜Q®;Xµ‚|?j‚,A“÷Äñ“Ä{q*‰À÷AÃçÚEÃ;ð‚i-c&óûpH»Öµ áJÛõš`ÖŒ”1ÌŒMø( öínxØ;|¶˜¤\%uø=Âþ°•F;ç—|ØF!P»&Òsü xG¬ZHfygYúÈ$Oøfˆ„Ú¹§S5X“ö{B'uÓÏÚ¦ÚvÞˆ¥† ó}SªOšE¡ÅFÎ`kÔ™]öOÏA¶õÂG8xòõŽñlÌÍcú QÃ(áíž<²Äov«uÞ•³²*;L¤_%ðe‘oªÒçû01l{ 9oa-ËœÛyï¡'ÀŽvšã¿"bc´+±ÖCü±<¸¯Ë?)³4ôõ;•õ¢Gz@5\ªe;| 6>?ô­tŸvT¡íØÛ} 'vºìUY?X¸ié?‚NJe¡–C¿:á£(¤þËþ#¢¶X É៯H›1)_Ä.ÒË~€ —õ.ÿ?zÌ—endstream +endobj +1160 0 obj << +/Type /Page +/Contents 1161 0 R +/Resources 1159 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1133 0 R >> endobj 1162 0 obj << -/D [1158 0 R /XYZ 85.0394 769.5949 null] +/D [1160 0 R /XYZ 56.6929 794.5015 null] >> endobj -1157 0 obj << -/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F14 608 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1165 0 obj << -/Length 69 -/Filter /FlateDecode ->> -stream -xÚ3T0BCS3=3K#KsK=SCS…ä\.…t œ;—!T‰©±ž©‰±1ƒEV.­knj©g`fA‚!ÂVŒendstream -endobj -1164 0 obj << -/Type /Page -/Contents 1165 0 R -/Resources 1163 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 1149 0 R ->> endobj -1166 0 obj << -/D [1164 0 R /XYZ 56.6929 794.5015 null] +502 0 obj << +/D [1160 0 R /XYZ 56.6929 602.6023 null] >> endobj 1163 0 obj << -/ProcSet [ /PDF ] +/D [1160 0 R /XYZ 56.6929 580.3261 null] +>> endobj +506 0 obj << +/D [1160 0 R /XYZ 56.6929 499.3874 null] +>> endobj +1164 0 obj << +/D [1160 0 R /XYZ 56.6929 472.2263 null] +>> endobj +1165 0 obj << +/D [1160 0 R /XYZ 56.6929 264.3736 null] +>> endobj +1166 0 obj << +/D [1160 0 R /XYZ 56.6929 252.4185 null] +>> endobj +1159 0 obj << +/Font << /F62 634 0 R /F43 600 0 R /F42 597 0 R /F84 797 0 R /F86 977 0 R /F77 703 0 R /F57 624 0 R /F14 608 0 R >> +/XObject << /Im1 790 0 R >> +/ProcSet [ /PDF /Text ] >> endobj 1169 0 obj << -/Length 1537 +/Length 1031 /Filter /FlateDecode >> stream -xÚ•XÝoÛ6÷_!äÉ*Z¤¾Ûa@š¶[»bØšô©íƒ,Ó¶YÔô7ö¿ïŽGʲ­¶ ‚@Gòøãñ¾iîxðÇ$džŸNœ,ôxèäû™çlaí—7ëò­•G˜n—u´þ¨zšÊ³ŠˆVš¥¾6˜ÕšˆªÈï«loŽÚ¨†ø6}×eè[Cՠ“{sÎÒ0úâYYªƒ[©®ØÏÕ‚ÏÇ^ sêV½ùagv“ÏáÖýé Ãg| ¨V6¸;ôM"~(ºê;Sö¤”/wæaäÆ.P¹ªPÚ-,¥ ]Ä%j×o%QCÜxsµ¡ïÛ?è; -7Ù2{:©”û-Èè‡þ¼h雑­Âhd+‘2-ÈV[¥ÖfÏZfS®ÂY’ÆÖÑȬ£ ´hÉSŠ\BÔ2åãÔ¢Å1ŠGš˜£(œ9ª- ¦‰öE§}/7û—›5½z$·ƒ€áQpj0#&]Rh5]aaRØB–ƈ5©ûAVM´µRÚõŒ5M²òæ¯Ô­™é:;™m³¢j»s_ôĈ¿Êc~ó´)é(U_³}]ÊSÙ©:RÉU-›ÒT›¬®-‰6{n<#>+! yk9–K0ƒ‡U«#}¿( -~‡ 5‘W+µíÛJvíMPòGêP”%Q«Rå÷D~xsÃSžÐ ­³\>› -++ËaW`Aƒß\í÷ªÂ»i[+IQYP¥6Ú‹´ìd6uH–[ùìhø}<¦ÿ–É ó³±8_Oqþ—"°,Ð,“o™.PcÈ•‘žâb„Ä£„ùï‹Ó;ð'-‡Tku®éâ}™1Š¬¡xHk@«iJW4g™a’Ò¾ÐïW²ù‚íy'úýÊôßQ[ÃÿÆ•MH×Ô@,ä°9Q c“B}cz\ÜÇRZÑ¿k…óbþ€ï -u¬écÄÁ]¿+“…tÏ”CÈÓbü­*sÔ•É; Âíꇪîk³oŸµP,'Á7…½ÇÕ~9†ñ{dÕãéµÝI‰hq¢+Ö úë;íé>÷‡.iJÆÚ’Ø}àJ¡ë0û< ˜À‰¡½¡<¼§ÑÀ2T!ôUI…íô0tœÚefm%eEGÙºT`ãÓ·˜ûpz]´î¤êVè“ýÂêªù|¯Ž5G@ê„v{¯ß%´L_aë 7uFØî›Û¦h‰ÛÔɼ£[ùYƒK­4'£†.[_@õÛŽ^¼½yýa=ÿÝTóÞ+¶u]?­jé`(EzçãFTƒ ІŸcöúnx5‚{°(ððŒ™ˆ#N/KZ½w,õÛè•i7¸£ú‘yRm/puLtõsòâú´^²gÙXÖ·¹l:¦š-Ð˺_-ÍÔÒ^wyýÞ]¸!–Ž4Eݱ5=1Ç7 DÄ’0ž*B‹ù×ìÓÏYÃßÍ<æ§Iè`à1ÀÎ~&àY$v\Îng/>à¹GÀË{ãÅ’ú2Ä÷Z«KáÀŽqœò‘pïùçüÀûž#á?Ÿg_üð÷ƒ©Ó,‹{ä¡ŸÆÞç{ ‘ÆH¿Ûù…OÙ".ûí¨BLendstream +xÚåWKsÛ6¾ëWðÐ5c¡x¯£âЮ2®œJì¥iŒYœ¡H•¤›¤¿¾xQb(ZÊÔ¹U:`µX,ß~X¬Põ‚Hdp + 6û žôÜýy›Yg4ë[½I&?ß1H fA²íù +‚$ûÞþ2ŸÄ«é S20QÃ7‹å[§‘n¸}\Þ-î_ͧ< +“ÅãÒ©Wñ]¼Š—·ñt†HD±v@¼‹?—±3º[<ÄÓÉ»IœCî Abâýkòá# 2}ºwˆ4ø¬@€¤ÄÁ~QhDH§)&ëÉoG‡½Y»t ¦À0%ÁŒa@˜ÆæÅmÝPoëEB`”v!I¹ž`€%Gè£>ô#@¡§0‚‰Å¾m Œ¶%=[n\R³…±YÔ&ÿB¬šéŒ ¶;elW[Mµõ +7CÂ'Uª:mUæôõ‰Pm*;fNP$E¸Ø:ã²jYsÜ)ëvÊ7õ9/ü^Ÿ”‰XǦnÂÄ6ȼܩ:·šŒ?7yùäD“ʪާ…W¶^ðëÒrã­ê©Ÿ ¥ct¸ô1ì¹)Ò¦GRÉ<|i™¸Bʉ·O Šö6›´t~ò‘ª²Uج;‹ŸÈõ™k'{ÈõO}mÀðP(64ìsçu|$’¢ï¶–¼Á¤8“LÇ+Å5ŠëkÆã³tä˜âŽ6į·:Cóoæz47úsšÄÃĒؘÖYîÓv³sJï ‡ÿTå€Ú¨w—á­[?z}ïâü¿xÛ'Äâ­&¼ø"œ¹ìV¼Ì[®Ë=•ô +o™à@BäKó׃ºJÛyë8vp€6[£]%æaU_ªy>ªÚ×dný7n&u«þ}²ºqêÛåü×øÆißeÎoÆ*ð\\î s¬°\_È\’×Á|Ê\Î÷»ìV¼œ9A£k*c:6 ¥E¢Þ]¯7ª¬Ú§ýËt¯lÉ€ábp¿]z«jšîÒ4ù>/ÒÚ$×>h•‹]sóÞa^Ð óS·s­}2k8äƒöé¿­êA¡Ë½¾µÁe¿í:k¿d@`ÉuZ‰v‡œ¹K+iS™®dHx~';5^Ó~\Vº—±nQ%“x„š%’È[g¹0ÚüoõmÂS7œº`õ¥Ue“WåàŠÙÞÉR$­½TmO£Û›ÌÝq¿Ê>5V2Fáå­iZKÝÑë£s]ŠfH×$‚…øèø«šA ¾Ì b¨­¾k¿’äapŽÛ‡ùz} +IÙ9»´è +núì‘WKÀ÷¶ó§¿4D> endobj -1173 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [513.6761 73.4705 539.579 85.5301] -/Subtype/Link/A<> ->> endobj -1174 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [84.0431 62.7606 448.7754 72.9224] -/Subtype/Link/A<> +/Parent 1133 0 R >> endobj 1170 0 obj << /D [1168 0 R /XYZ 85.0394 794.5015 null] >> endobj -510 0 obj << -/D [1168 0 R /XYZ 85.0394 769.5949 null] ->> endobj -1171 0 obj << -/D [1168 0 R /XYZ 85.0394 565.4467 null] ->> endobj -514 0 obj << -/D [1168 0 R /XYZ 85.0394 565.4467 null] ->> endobj -1172 0 obj << -/D [1168 0 R /XYZ 85.0394 528.8591 null] ->> endobj 1167 0 obj << -/Font << /F42 597 0 R /F43 600 0 R /F56 618 0 R /F57 624 0 R /F11 785 0 R >> +/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1177 0 obj << -/Length 3185 -/Filter /FlateDecode ->> -stream -xڥ˒Û6ò>_¡ÛJU‡$@Ü›“ÉÁN<ò #qM‘ -£(_¿ÝèEJœ²«Ö>h4èF¿5Á‡ÿÁ"Š½8 ÓE’J/òƒh‘îüÅÖ~¸ gíÖc¬ï6w÷ïãp‘ziÆ‹Íóˆ–ò|¥‚Å&ÿm™x¡·úcóÓýûÔᆾ…È#Î÷?~úøqCXŠRy2P!£½ýðnŽRì…"Œóô°ùüønŽThcýîGþûŸVë0ò—Ÿ?<þ‡FOŸVQ´ü×ç'ÀV°AÂåÞþ¼y`ÜÄ[4üåwp IÝÖï?zÜüJ³ï?~xz|÷ðéí*‘ËÍ#ÌðFw›A¦c¹¾@þy÷Ûþ"ñÿtç{"UÑâß Ò4\îd$¼H -á åÝÓÝ/ÁѪÝ:ûŽB±Ü>¤ ô„„ÅñKF©ª$t/¹Z¾ï/³}S×±ª«œ­éú‚Ç(ß纹–okšÓ´V¶ö…¤½¿X‡Ê‹“TØã>V¸)¶nûš[úë¶-¶¥¡YWÓ·Y©eϔܣÁ†hºFõ)ž’0&U^WZ¿&Ÿ¹´í‹dÀȦz)½:˜Š/ˆÂàc…ŒC°€(¸G ê+Ò˜B¬. -õí™…s4Yñ|.ª `Ï’ø= %³™Œè)åEñ`ZënæÈ ðÒ(r(ŽÎb-%î-r¸\»¢®ÐÍ=€r±ž C@v`HÄl—|–…pj «a•µ°9kÅ°TäÜ €%Ë"À8Ê2Y>‡‹s‘ó@˜®øp®JFøPÌ7EgÐyùÑòCÝQ幈ÿ©›¤t' %íð—„Ê4Må×-„šu¢hL½¥ïD­CAµ%À5ã]Õ–i/®7L©¡`j0ªlÊ´¶†iQ y©é õB>…¯‡M$Ú®)²ÎU9à;a)˜JêX7];íoŒ¬þ¶ÃA„±xäöÆuû|€ô½0Š=‹`¿òî ò-2î sÝñ1O®íóÕ¶à[6)Ûº©©›C‰rG'=ÓÇñ³Î@ÓW˜'pŸi_÷eNã-#‘¨Êó¨E„ ®#ˆËÜjœ\œa¢2îO%—{Õ%&×’““©àtR.óšç{JbA¬h«[J>™T*]+–?@ç9¿:o¢\W8L¹Ü×”­:õøUŽæc4’Ö"æoù’e1 ²Z¿rôL §ô‹˜Ž*¶0‚‚`ð5Ð9üE@êͪW¬¢•'“ÔuH•êÓš_z¶.P*vNþonã©K³R€O¡f%‚¦Û×9_ƒa¡nºŽ @ 6færG‹ÝÖ„â¦'º2 ñ=C¶xå«x_?Ø„Z~~‡¢¨[³/”'©áZF·…MaüL•øÎ*«bù¶lkwÝ WÕŽÄóäò =áôÒ†±ò¥^˜âVók/#Rt‘C,þÊˬô™zýWìªTšÐea0•,¬Šã}ÚR¿0êà»ÂK cD­3 íІ'J©9ñQ< -Nˆû„.W:hÈ›9­Ï¨±È<‹ÅÀi?€u×áÛæ´¸eh;dà‘³q€^Tƒ}}äì–ë74v¬Â:‡Žx¤%úùd†sÃûmТkç&'&à³Nù׆u”îg’ËË¡þ¥¾<Ž~'°ñ‡k¼UÝó„óLŸý½måøV}Z[œ'ìpt ~ý[ô !ÿ§žÉÎÆ€»¨Ã,Q²]Кl™zÖœ]½kôqïê;\Ö=Ü Â’¯3LhËgŒ®æ]&ª` ù+Ô$­ÎØ0blù瑱UÜ&o›§Ç¸ Žh²xX,¬ÊƯe@A{òò‹××}j f>,ãb*Ž±‚ 6öÑ…à~ûbÎ4¨VØi^Ë%]3rú]+xËPN•nF· k—ëBŒÂŒÏAŠ1¦åßÞ– p ÆâÅÀý‚ p•Ø “˜HͤÙ2õüX¸ -‹Ä´>Öe‘çËÆ(ñµ´¬!ð`k†æqîÿLÅPýO['OõÁ8 èèá±[×-ƒ­åÀ÷‹1GZÕÖþÄ~Œ]èâ9¡½ûðÄhºÓ4²a8¦_ºðÄ~ u±.X©˜åÜ@BK~ /À*Çøë9—ÁD„â¤>µGìfuC¤`†ÁÚ#Ká ˜˜/¹§~×Ø;®K/yÙK£¬®:8Î!ÉD)Ð6æÏî© Q”¶ ×;€Õ6qÅÐÛ»bðØoK—ãžÌöêgr`¿œüî”ÍýâT ¿¬£òã¼¹åÍú‚ë½ö'ø˱sàmÿûÏ.#"!ÝW*¼üeÁ´žVžT@„/e˃ðææîïn¯þ?ºgendstream -endobj -1176 0 obj << -/Type /Page -/Contents 1177 0 R -/Resources 1175 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 1149 0 R ->> endobj -1178 0 obj << -/D [1176 0 R /XYZ 56.6929 794.5015 null] ->> endobj -518 0 obj << -/D [1176 0 R /XYZ 56.6929 769.5949 null] ->> endobj -1182 0 obj << -/D [1176 0 R /XYZ 56.6929 747.0488 null] ->> endobj -522 0 obj << -/D [1176 0 R /XYZ 56.6929 613.0366 null] ->> endobj -1183 0 obj << -/D [1176 0 R /XYZ 56.6929 586.6546 null] ->> endobj -526 0 obj << -/D [1176 0 R /XYZ 56.6929 473.2336 null] ->> endobj -1184 0 obj << -/D [1176 0 R /XYZ 56.6929 445.9291 null] ->> endobj -530 0 obj << -/D [1176 0 R /XYZ 56.6929 376.148 null] ->> endobj -972 0 obj << -/D [1176 0 R /XYZ 56.6929 340.4845 null] ->> endobj -1175 0 obj << -/Font << /F62 634 0 R /F90 1181 0 R /F42 597 0 R /F43 600 0 R /F56 618 0 R /F57 624 0 R /F77 703 0 R /F58 627 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1187 0 obj << -/Length 1975 -/Filter /FlateDecode ->> -stream -xÚ¥Û’«Æñý|…ÞÌVY,Ã'ÇÞÛ—].Ÿ­J99yÁH" Œ ƒ”õק{ºĉS•Ý5}Ÿ¾MƒØð/6yâQo²"ö“@$›²}l@ûö`ž8‰ü$Ž"xX¡n“(÷“<Ì6Û¥’¯_Þ=~‡›0ðÓ4L6/ûÉVšå~ÅÅæ¥ú‡÷t”'£ú‡m˜^þðÏ—¿’Xìgy&P,‰ŸAn^„^¯Ç]£†£Ö¦î“˜ˆý(NCK#?K²“ûâa+‚ ðžtÛêŽ þÔkPÓ³áIâDà|&r§`Rñl>{Ho %6\tÿ -ÞüžŽúB@)ÙÚ3ý| ‚ð0öŠžôè¤òJí¥×ÝáKö,Ú~‘†);á)bS@Ž )Š…·Sƒ!hÐÍhj<$>=aÏ,ûPwÀ,<Ù4ræ”]E@©;örA­‡aTƒƒ¯uùÊ^œú‘{ê¬:²gƶJ#QXr÷†GÃÃL1‡Ã ÊØ„nÃ,óÆþ¦^£‡ ‰~5¨);µ×¤õ¾û ¹( ,w'“±ƒú\WÌ& ?hr°d´ÞþXw†ÍÙø ®îÀn˱AŠä‰² ÀN]PØŽƒª(¿ºE9ØS¬”CNWÖ}x$—–å¶ÔûoFY3ŸkÞÿDÓĦ‘«ùÐU|Wöª'ê;ÃÐÁÝaBO¦>¨¾– Á?Žíz|½”sè±"²öþ®;¬—(„: é(^g¥"H(¤ük´hæÙ‚ù7¢1c÷sTÒ° îVL÷±4Ú¦'¥O KAeL´„²Å>-}X«j®ŽÐÙæUVhU üÁ -e„æ|#¼­Å0äèËP¿Àß?¼ÿóÏ>‘¾"<{s%î΃¸£<+Âî”êg`‚P&ÉÖ ÖN3å#Lt„€_Âï (u{j`´Ô²³­”ºZ€dÉ €ÉáÔÕp1ß”dRå¸`²ª˜©Þó¯!éKÝ4„ÁÉŒÓ!¶Óám²Ü­µ¨é‘!ÈÈür¶Œžš4ÈÙ5 ê¦"ÀÕ,Â|˜,ö0+E -fqd"‰½ -pTÀ4 pјéß©ù^5+“³K™›-“ç9Ì©ª.±ð?]”00%ýüf»¡£àÒh½S}žÔQ|gÖd -Ç '\ÞÝ0 ™YhíŸ#:GqÚNªçÉ5…q¸ŽíÿOºùEºX€BÁÝ Ðe[f€¡ßt¢Èª"B(â,Σ4Έð1H‚ðc(‚Hl<ˆ[Šs¿Ûñ¹KFËꆓ»L¸mB`†^™8Ì{2Øø!ƒ:¬…›j»Ňˆû?vC*ò:u! ›hž)Ñû"¢ÙhÙÜUeXó‘ŧš[˜ã} 7=é";FÕæšy§ØÅa2ec¶:¯éçî<Ⱥûß™ˆ™¿•Û¼ŸnöòoWéwª9}ùûÛÊ‹»ž;h°Ž"”yôÞ\®æò“îÝ›zlé‹êù×^!{äÞóTÏm‡Û›¢b =¬Xjâ¥+a<@)_Ý|ë’Yå¼°‹_t_ƒ¯Ÿ|¿fzRïýwO?!”ð,pöÃ^û îÉ–£-¿¶+ðòjÓÚÃ"aòæí βnäw‡q¶•, ¤ºîÊf¬Ô°¢Oµr“SÅ¡ÑF r÷ì¡—í€åCÔ‡®Æe¹¤RöªJ=RÌàÑΑY¸KG¡¸`z¨D嬓ñ‘Í$éØ¥K¿©Êi«á亯Í!È ìcãvƒ_ï{Þ¨ -­Ýv?v•ÕšÁ>¦ð­ÎÌspÿ -/o“¥9”,‰Ãà«qP¢ßÐý'À_U$ò‘¦Á€aJ"۟˹–G¨“,_å¹kÈëÊq©‰+b~êÝë>ì)-=ÙH!Àï:Ê®ƒÔ•®æe÷tÔD¥©í‹Ú!ßñ%ÊëÙ°‚f`þk¯\Šm­àlS]¿Ù6aáÝÜXîkFõ…œ‰­ºq°×vJ‰„¶wÍ›¤Ü¼Éä¹]g2|[7²4DÂWÓ?ƒ&Ÿ¶Uþ6"ÄbŽ*?IÒ œAþˆ,ïþò2}Ò‰âiœoDúY’Óg¢¾nôýü hØ.$ì $[ؽӋÖ[F±pûpëÌt¿yqíÏÍg¨‰é·«³ßéBþ´2ì\…(8F.ðçz¨9Ð|¥¶i0µÛ(Ï}‘‰øº¶/jÇËõÝ*W²’$~’‰OåDÄp‡%aàçAøûI™$¶K‘û¬Ük¶‹…1§//—‹ÏYytmùÈÕ÷xW7iu†7>Þ$jâº÷ë*÷Úþ[ªðÃ"…Îm’Ôí’Û°å—7ÿÖi÷U2J|üƹæ±cÙÎ<ôysé\C~™S„®dÑ­µécé½¹ÿq ‹endstream -endobj -1186 0 obj << -/Type /Page -/Contents 1187 0 R -/Resources 1185 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 1196 0 R -/Annots [ 1194 0 R 1195 0 R ] ->> endobj -1194 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [348.3486 128.9523 463.9152 141.0119] -/Subtype/Link/A<> ->> endobj -1195 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [147.3629 116.9971 364.5484 129.0567] -/Subtype/Link/A<> ->> endobj -1188 0 obj << -/D [1186 0 R /XYZ 85.0394 794.5015 null] ->> endobj -534 0 obj << -/D [1186 0 R /XYZ 85.0394 769.5949 null] ->> endobj -1189 0 obj << -/D [1186 0 R /XYZ 85.0394 576.7004 null] ->> endobj -538 0 obj << -/D [1186 0 R /XYZ 85.0394 576.7004 null] ->> endobj -1190 0 obj << -/D [1186 0 R /XYZ 85.0394 548.3785 null] ->> endobj -542 0 obj << -/D [1186 0 R /XYZ 85.0394 548.3785 null] ->> endobj -1191 0 obj << -/D [1186 0 R /XYZ 85.0394 518.5228 null] ->> endobj -546 0 obj << -/D [1186 0 R /XYZ 85.0394 460.6968 null] ->> endobj -1192 0 obj << -/D [1186 0 R /XYZ 85.0394 425.0333 null] ->> endobj -550 0 obj << -/D [1186 0 R /XYZ 85.0394 260.2468 null] ->> endobj -1193 0 obj << -/D [1186 0 R /XYZ 85.0394 224.698 null] ->> endobj -1185 0 obj << -/Font << /F42 597 0 R /F43 600 0 R /F11 785 0 R /F57 624 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1199 0 obj << +1173 0 obj << /Length 69 /Filter /FlateDecode >> stream xÚ3T0BCS3=3K#KsK=SCS…ä\.…t œ;—!T‰©±ž©‰±1ƒEV.­knj©g`fA‚!ÂVŒendstream endobj -1198 0 obj << +1172 0 obj << /Type /Page -/Contents 1199 0 R -/Resources 1197 0 R +/Contents 1173 0 R +/Resources 1171 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1196 0 R +/Parent 1133 0 R >> endobj -1200 0 obj << -/D [1198 0 R /XYZ 56.6929 794.5015 null] +1174 0 obj << +/D [1172 0 R /XYZ 56.6929 794.5015 null] >> endobj -1197 0 obj << +1171 0 obj << /ProcSet [ /PDF ] >> endobj -1203 0 obj << -/Length 2607 +1177 0 obj << +/Length 1550 /Filter /FlateDecode >> stream -xÚ}ÉrÛ8öž¯ð­éªH! R¤æfËYœ´=.Ë™®šé9@$,aB‘ AÚQý¼ ”ì°S:x ððv@ÑY¿è,Oç¡Z&gÙ2™§a”žû7áÙpßDB“¤jž&JÁd;KU>Oó8;›.rùðæ݇$>‹Ãùb§gã^‹l1Oãì¡üOpѶ¦.íóYœ†ÁÅù>3_2Ïò,B¾öÈçÑ"KN9 -ãFâ(™«d ñb1T–2ñ<:ŸEaKßêæ¹2åvoêþ„7š/ÓÔóª6R‘ç=r³|—5<üd]ßtž4ìw†W·kèºÖëÛ+ÙT-çËE¼=ã|ž(ÐíYõ»fØî€G-e9üÇ ìåÁŸaVWaÜæ< -ÌÖÖµ­· !iNÙ¯š½¶5oõ^ ëƒëÍ^XŠbè:ÜÀ ¼*<}´Ìe£gÛ¿–«6•-to›zÜΈ§õ -§ºÿ°B%$Á2ßòH4•EÃÛâL‰"G´ -jóÌç¥à³v ,+:»!™N2dVúÍJódª¦%G¡%X°”´7Ý7¡®Ÿ,¡ÆC€]‹(¸E'@4™qBÐg3:Q’Ïí{Só„Í òU·32µ‚G›ò¨ßéžGû¦´hž–½Mg!ÒPò8Ƀ²)â¯w !G¡ÅÁ­Û*Œv϶ožÌ˜~^ûÎF;ÜP-aŸš¿´1PC¬ûeŽâ™ -T“¥‡RD¡J@ʼnJ([øG†¼›­šº0-JŠ0R >èÂV¶·Æ!›¬ ØüÅòéÛ)Õ¿ØL-d³ë}[™7T*•EdÝš‚ôË™ƒS"ŽfDúƒ!rd÷±€4¬ ºðšØKÇ ¡…§œeg‹dçªz•¯í ÁSTl[cÊÂPßT¸äÊôÀI+£$ݹž'£épRúL ãš31ŒœéžàèYPvYÆI-#6¹Þ@H ðÔ×Sñé”|ZÍ8yeÁæÀß;=Ðaóà¦)¾éÖô×u Ã1á“c´2¡ ¼_1à³]Ó:ÐöºØÙÚ8¦«01$(ºR_=ðµ¶plgûƒ¬þÈëfšNö\éÊ‚tµÕ¿‰¬×5Ì÷£XÀPØÙ”¥M]$Éx\oû¡#bZþº^Í®×לd‘FR¬wÍdœˆAð( Œõ›8Ä­ÏY¼ô©8Xd;nËÍn¯W¸Ñœ).ø3z8ÀÄ(w«ˆ”õƒG^ÅoOCà—¦ûf*sà™¯!<㪣1V©™HCìKXi5¸ÆÖÈÒäe½ '®id¤éœ*Z’—hÊ‹¶œû†i2²3~· ÖN—eI¸~();ÒL÷ü•.^øËé:G9e\¼PH uÉÂfÐm;] éãXùOvÌ‚¯kþ^™Iÿz4µC‡ -Á¢å“oC -!mg8iP¦üoð?SP­ (®ÐDŽñ04È•ï!¼¿Àzÿ:"èòà윓BiòàK}%õ;QóVöLæù\ñð¤@ =`ò@= |ÞÙHTö>«­š};ˆcgÒ=JD¾:/ ?MÎ1 Wëûlc6K&…'Å~LÅà«Ã¶ò™ŽRé:¦Ø«¥¬$MÛ@mm†*6×üV–vOô…¼°*tš·"Àõw»Ç{WUYÂÆXçú]S•Œ¾Óôªó¦Ü û‡² áxÚ/zQS¯‚à/XÂË+^t‚ø¤ñ¦! ÔŒ‘BñW¨ÔÂwÕöwólÝdÑ\í:|æjý³Öt´êq7lMõöUÜQÂt¿ˆ6¹á´“AHJñ3’³À\Ý\3¾G!Ž - FÏæé{*úú§3/Å‘÷‚Ÿ¨Ï(ˆòÞpà® Ûjáò­Ìô­¢‡ÂþNŠ<´û½¿O3¹:M30;V¤¶G(F4µÔó’ç;ýd˜hc(„&EÄ ”m}'*C87,08Þ p¶~Ñ< êù;ßîz;`þ3ó3 Jáê8´„zo ¿O¤cý(ÉxxŸZ¯Håxåa£ÉÐ:\¸hf£öQÑ©2aIm6¼ô'¼*&k³wLó Oݧ¯3øÉîÉ~y¡wyõ®/†[Ñ<Ó¸’γõš–D,˜ï³6ßÑYy$Óî²–ÎUG[yVÐHsÔ ÍjM@UäwU¶7¬6ª&¼M×vCºÆEÕ[ðDmÎY†äÁ¬,Õƒ[©¶Øo¼¹ÚÐ÷ú/úÒM6Ìr'“RÁ¹ýП }3òüè+‘2/ÈW[¥ÖæÎZfS¡ÂY’Æ6ŒÑˆ¬³ôXÉSÊ\RÔ"åÃÒ¢Å1†G˜c(Ü9š-܈§P‰öE«cÇ—ýñe ¯)ì axXÿp­¸k.ôÕmaaJøB–Ɖ2÷½¬ZÚhJéÐ3Þ4ÅÊ›¯eUdå©ÛP¤"—Öï¡÷JÝ`%5WÛòÓðζYQ5íyè -2áíßå±zÚç$“I¿¯ÙþPÊS™vêR½Šê ëÒt¥ìp° :÷¹ ¡xÔL„ïQ[Z.Á_v·–Lü¢(ø:`Ž­ ¼X©m×T²m.hƒºBEY´*U~Gàû7W<å -šC–ËgSùgeyØ؉DÃà7Wû½ªP7-cc%)*KT©7-;ù‡M1Ér+ŸÕ–ÿÒÇcúo™¼ 5?[‹óówà)‹C!ùiD5†¢é-.”x”Ðfd6ÿ{ÑÏR&žè´j²µ„¦‹ú2ãy€.#­­¥©®Ñž9¬efl†ÕLÇB·_Éú¶üNìû•é¿£µú >Rù$÷4hZˆaO¸36)Ôh›¦€¡”Vôoˆ$&»þ“ |C¨cóRìÃõ§Hº“Æ™Ž¦TeX]˜ºÃ Ý.~hêöñ`îí³ºê¤ß6…Õãb¿’ÿŽIÇþȪÇSµ¿§ßäôܼ[é>÷ûqa*ÆÚ“8¦àJ¡ .°û< œÀ¾g¼¡:¼§UÒ·+\tUI𔆠ní2s¶’²"V¶8!u Ö>Ü^;iº$úY«¡Yí ß|¾WÇž# tÂ\¾×ï:¦¯°}†›>#ì˜Îí¨[tÄm jeÞÒm€ülƒ£FÎh¡ñlã ¨¢^`çÖË7W¯ß/àqp;5ÙÄ,…vlgÜõ}Ѩú‘C+Ò8Nô`ª8HÌ…_cöú¶\†ðp‹bïÓ qz€Òéc¡?Q{ÁÜÐoÑ“n;¢«s¢=<§(` ‹àÁ{’2Ë% °¬krY·LÕ[€—‡nµ4[K«îòò»pCliŠ¶ckzŠ5 DÄ’0Þ4B‹ùeöñ³ç¬AÁ·3ùi:°ðÐÎ~&àý$v]Înfïé¹G‚c½Q±$€Î ¡^k5üÇ)7zö÷8ç Oü{N þzÎÎþ0à‡ f˜âfQÜ#ýÂ0Œ>߈4¶„ôûÞÅ”ý½bÌîåÌMendstream endobj -1202 0 obj << +1176 0 obj << /Type /Page -/Contents 1203 0 R -/Resources 1201 0 R +/Contents 1177 0 R +/Resources 1175 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1196 0 R +/Parent 1183 0 R +/Annots [ 1181 0 R 1182 0 R ] +>> endobj +1181 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [513.6761 73.4705 539.579 85.5301] +/Subtype/Link/A<> +>> endobj +1182 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [84.0431 62.7606 448.7754 72.9224] +/Subtype/Link/A<> +>> endobj +1178 0 obj << +/D [1176 0 R /XYZ 85.0394 794.5015 null] +>> endobj +510 0 obj << +/D [1176 0 R /XYZ 85.0394 769.5949 null] +>> endobj +1179 0 obj << +/D [1176 0 R /XYZ 85.0394 570.0146 null] +>> endobj +514 0 obj << +/D [1176 0 R /XYZ 85.0394 570.0146 null] +>> endobj +1180 0 obj << +/D [1176 0 R /XYZ 85.0394 536.782 null] +>> endobj +1175 0 obj << +/Font << /F42 597 0 R /F43 600 0 R /F56 618 0 R /F57 624 0 R /F11 1157 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1186 0 obj << +/Length 3204 +/Filter /FlateDecode +>> +stream +xÚ¥ZKsã6¾ûWè¶t•EøÚÛ$ãIœÃÌd¬ÙÝT’DÁw(RáÊòë·Ý H‰.§jgÍÐèÇ×-‹EÿÅ"Šý8 ³E’)? +D´È÷7Áb s?ÜæY:¦å˜ë»ÕÍý‡8\d~‡ñbõ<’•úAšŠÅjó«—ø¡ûûê§ûY0â ? +%ˆGžïüòéÓŠ¸&Uê+‘†Ìöîãû9I±J¡˜çéaõõñýœ(lsýDÁ‡O_n—ax_?>þ‡FO_n£Èû××'à·ð‚ͽû¼z`ÞÄ¿mÞw°KÉܧßýò¸ú…Þ¾ÿôñéñý×w·‰òVð†;ºyX :ë]úÇͯ¿‹ ¨ÿ§›À—Y-Žðø"ËÂÅþFEÒ””ŽRÞ<Ýü<ÍÚOgïQ PËõEªp!”/LŽo2Êü0MBw“·K—î診ÚР5]_ðõû\7—úmMóbšÖêÖÞ’£ +Ë0õã$“v¹O|”Fîó4vŸßÁ[¦¼¢#jÑß¡nÛb]¢v5Q›ÛÔë+¢ñ¥µ`Ùš¶Åc{‰ŸÎæ਷"õà¸f3³gûQ–8fS½Ä^íMÕѨ‹¾-ª-olgXÎØ:Eû©‚Œ_¾¢+™úadÌþÜWyWÔ•e¶‹®OøÑb)³ÌWA¨K!ü,Šè&ۃɋç“Ý“”Òî ¡÷[*VI2Z- ü4Lb^mÙÍlˆÄ ç_(ÇŠ®¸1ôš(õV;¼,\(×ÍïLy Q±?î^ ÚSÛ™=ñ·&;ÑÌšŸ‡Rç|ˆo×JbÙú|¨Ìt]ÿ‰Ã;ÒLú Ê)†‚ÕqWä;²ÕcQ–4*‹}ÁÆn…ƒÞë­×Šgö‰±¹óTKϼvÇÜ­ÙØЈ–F—É0¥8WÕ°~¨¯oÍs;QÂ{6ºëí׆&­ÃíK ¾$\Yx-(ŸÞëgâ`'ŠÝ’r‡‚^¥Õ±¥Öôh¼ÌF›½¬YŒæ÷¾:4ÅKQš-yŒ=ÝÈøà@Í9JÌX[F&.T/{bIÆ,ª”Šœù[‰×& ‰AâñX¡÷ïÛ,ôøÆÚ~»5-ß.µ"WÅkl]ˆ£çädDÎrÜÇÕæ}=L"?KE:ñõ9‡Œ•„.±îÞgß9R¦±3žÄòýhœH‘Ù;Ƨu7xš?õþPò$ØâÞ†o|)‹ŠÉxó–Rkžc×±ËÑsç’d %ÿƹ²(s÷Ëžy7#PI?'ïþE7÷•ÞÏÆa¸\ÈSŽõ?ö†³¹±-_¯ù.JS÷ù°Èb©Â²j–\ÄOJu3G u¨„åXšXI„ÿd‹OGŸ-Ýw“›¼ïÛ澬s]Þ¯‹Š¾Œ!ÿ‚OØ'ˆcBGÏ+…‹aß6ÁÊÈ"Hd&8£¯\`§öLgœÊæÓµò3Ð ¥=‚e¨0ñjk~<± +cÏ¢¤ÏYLœ@^âMƒ;Cn¼J²(UËëæQ8ÊLSžh®¨ÜNˆA7]‘÷¥ænHªÉ»º9Ëcð…]çn&bI°’t€ öœùH?Ž"5Í2¯q˜ùišd£ˆ…†œ„Þ©† —*处£Ê 1àÈ7<Á(iÐcBU ù<¼_)Ì~µÓ<*ª¼ì7¦efȧnGYÞÙõA®ØN—$òÑö”÷ÓÜeâ7(ìT³ àZa÷ÆgS^ +sÄØ<§bÀ1Iš‰¿ bÈìQââfÁëÆ 0Êž#²[›R ~ ‚°4„=àd +`Ë/¸)¼œç+Atöãšžzóß¾í.Ö{ÑeoÚa5«cX‰£©z+µu|3£Ñµó$pÌ0vëe˽VÄQ…‹'FÅšùò¬´C±Y’"æÜ1òã4¾ˆq:Ïë¾âÀ1@0¤–³•H D‹‹dõµâcn8ÝŽ„ÑMYþ±8¦e­(6 ¢%ÝÑÐ:Î1bCœr:6ËÓ¼W°ýL¸ýW³GO2¤¾hÌ Q\Q¾r+Q¥—™ä:¢Él€ïm§;Þ¯]¥ªï` +Eé¢%@ûø"í4…-Üa‚i|Ý覰—"d±‘gÈÂS´Û#Qœ' .ÊRïÇúˆÞ%+ª6M ŠLµ!8üñÐ8ËÄð +{§Ú&`Ä~G…Ý P÷úDܬÇÔ‚Ë 2.­rÂ< æSmÛK/˜–&B„K¸÷órÿ—iê9„ ý$Z s!F!*ScQ ø +´ËAˆ‘ê-ar,¬¬·s¾‰)0HÎÀÅÕÔ3¸XÜc™¦Ë tÅ~ÎMS‰nêìÏ°)é‹$N¯+õ¿NÑìU¥ÿKÏ·Â禨›±…SÀÍõŵKe©0þ;.•9Ç£ÅF‰ø‹Ö›—Ÿ@1†ç€ÖC 8“œá¢âÀѾJ%aa‚;R¾ÓÕÖ8º –ñÑ´-WL¶eÄ}½))×ÝP§ámÐ`¦&U4õ«H½Z`@îUÙ«êãÜõH,€×9HFçɘ’ײ†³@²F@@ûÞmiKQź0LnJÀ”="Ð8ŲX^Ç•Þ@¢È4]ñâ\µJnìåØÁÈDÞǺ3¤®8ðcø7‘„u ô§žózƒ<™e™zÛÐB¨O'†ÆÒ[zNÌ:”TG]3ßE‰”öwÃŒZ[@挣Êâµ6,‹:]x–šžP#l¦ +ôðeˆ¶kŠ¼s• N˜SMê¦k§½Œ‘×_w3H0ŠÜʸl$B PÆ2åÈ"9®¼?~‹œ;„‡îx™'×éy³AøŽ]J +Éžëd‰ÐÛ8ùHíY>ŽŸuΖŽoí®îË ×ü)é©dÛýÁÓ-¸ÇŠ¨DÁΧ¢à“!ÊhW0W&¹ì‰mŠÌ$#Iåmj~ß~[°V¤µn wJr¨L9ð*½ÇÏDЛ ß9D0W:NåíjªÎ8þŒÊ‰|ÌFšÃcÂ_ó&Ëb`e£~eé™OÈë—Žjµ0‚ZàVð604üIDÛÛŠÒW¦‰¯’Ì¥7@IõqÉ÷<[¤iìBü_Ü°KÏÝI …º“HÞ›nWoxL,†–éšo@̘›ó-w[‹›˜^®è*€$ðe @ñ"Rñwýà©÷õ=ª6Š5ÿF)¶et[XÜãgª½·ÖZ±ú®lkVwÝ [ÕNÄódó ]átÓ†—±ú¥®WJvðêÍÈ ä‰ß¸™åÀ>S +aôŠ]J/´YL5 kâ8A¶Ô/Ì:D®ðœf°VgPÚ¾% „¦óŽ¤ñ_è4ö‡)Î[Úk€¿ÍœÕçÔBäðÇb`ÄdÝux·š\3µÀwä|<’#ÓàH9‚=õ‡f¶šÙj|Fš¢ÖöŒ(> ok³uiçB Êئ‚KG€J÷3Ðò¼hp.-£löé\‹Ü´ç +`èÌ3õvd`ͧµuyÂG·¸1¾… Ï$j—lmx±_jlOÑJ² ”`°zY³ô¼9ºzÛèÃΕv8­{ØA…Õ^gXК×Ø]͇L4ÁÐ+”#­ÎÙ1blîo«¡)ÜB·ÕÓãÜïF¶y0€d9$ÅC~aþå\´`!2e4ŸÙ%$ö0º!Qð†yÚ''áÜ œ•Ü- ?^IìÁ–¥K<K£¼®:Xb ¾ºDÐg|Z\»§ú#%¼.]ÇÖÐäub”CGï ~]:p{4ë‹_Êáøåäqggîg¥jøq]eæ~˜õ™×í¯  ºÇ? ˜ù›€`èüßpþ38?MÃóL éÔW)áMÙº@]íÜý©ÂõÖÿH|½endstream +endobj +1185 0 obj << +/Type /Page +/Contents 1186 0 R +/Resources 1184 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1183 0 R +>> endobj +1187 0 obj << +/D [1185 0 R /XYZ 56.6929 794.5015 null] +>> endobj +518 0 obj << +/D [1185 0 R /XYZ 56.6929 769.5949 null] +>> endobj +1191 0 obj << +/D [1185 0 R /XYZ 56.6929 747.0488 null] +>> endobj +522 0 obj << +/D [1185 0 R /XYZ 56.6929 613.0366 null] +>> endobj +1192 0 obj << +/D [1185 0 R /XYZ 56.6929 586.6546 null] +>> endobj +526 0 obj << +/D [1185 0 R /XYZ 56.6929 473.2336 null] +>> endobj +1193 0 obj << +/D [1185 0 R /XYZ 56.6929 445.9291 null] +>> endobj +530 0 obj << +/D [1185 0 R /XYZ 56.6929 376.148 null] +>> endobj +969 0 obj << +/D [1185 0 R /XYZ 56.6929 340.4845 null] +>> endobj +1184 0 obj << +/Font << /F62 634 0 R /F90 1190 0 R /F42 597 0 R /F43 600 0 R /F56 618 0 R /F57 624 0 R /F77 703 0 R /F58 627 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1196 0 obj << +/Length 1975 +/Filter /FlateDecode +>> +stream +xÚ¥Û’«Æñý|…ÞÌVY, 'ÇÞÛ—].Ÿ­J99y@0’È#à eýõéžî$qâTe÷AMߧoÓ 6ü‹M&ý ÊãMšÇ¾ „Ü”í»`sÚ·ïóÄ2òeEð°BÝÊ(óe¦›íRÉ×/￉ÃMøIÊÍË~²•¤™ŸGq¾y©þá=‹“QýÃ6”—=üóå¯$ûi– + À„ôÓ<ȬÀ˃Âëõ¸kÔpÔÚÔÝa±ÅIÈbIä§I@v2_Wj/½î_²gÑ&÷ó$LØ1O‹˜rMQ,¼ AƒnFSã!ñÉè {Æ`Ù‡ºfáMSÌœEWPꎽ\PëaÕààkݦxe/NýƒÈ °UQ~1t‹r°§X) † œ®,¬û6ðH.-Ëm©÷ߌ:²f>;Ö¼ÿ‰¦‰?L"Wó¡«ø®ìU NÔw†¡ƒ»Ã„žL}P}]4ÿ8¶;èñõRΠÇòÈÚû»î°^¢ꀤ£Hx•ˆP¸@!å_£­x@3ÏÌ¿»Ï˜£* Kê^aÅH踯ˆ¥Ñ†80õˆ8)}jX +*“`¢%”-~ôiéÃZUsu„Î6÷È ¨²B«ÉèäçfP(#4çám-†!GX~„úþ~øáýûŸö‰ôáÙ›+qwÄ‹³"ìN©Žp&e’l jí4S>Â$@Gø%üž€R·§FK]t¶•W+°Q€l8 #09œ¸Îgâ›*˜B9.˜¬*fª÷ükHúR7 ap2ãtˆítx›,wk-jzdR2¿œ-£§& 2v ¨º©p5‹0&=ÌJž€Y™Hb¯0 \4æ@úwjA¾WÍÊŠÙ¥ÔÍ–Éó æTU—XøŸ.J˜ýüf»¡c1À¥Ðxª¸aâÆF:sùɃÙÁ|‘H€5‹ÏŒ •Éœ_Í}q(ðïNøÞÊÊÁÜå>¢¶ %ãóŠóF.¼ÁK)Â)gŒjOæz²R,® _×¥>½ñøÞßXÁÀú“§),?°-¡§¦Û.K˜€é”™œc‰ š~ úq¡pæ’tú¥:>½S}žÔQ|gV9…ã†.ïn˜„Ì,´vÏ£8mH'ÕóäšÂ8\ÇöÿŠ'Ýü"Y,@¡ànè²-3ÀÐo2QŠª"B(â4΢$N‰ð1Aø1A$¶Ä­FEˆ¹ßíøŽÜ%£‹ê†“»L¸mB`†^™8Ì{2Øø!ƒ:¬…›j»Ňˆû?vC*ò:u! ›hž)Ñû"¢ÙhÙÜUeXó‘ŧš[˜ã} 7=éRtŒªÍ5óN±-ŠÃdÊÆlu^-ÒÏÝy(êî[d"^dþvTnó~ºÙË¿U\¥ß©æôåïo+/îxî Á:ŠPê}Ð{s¹šËOºtoê±¥g,ªçO\Nx…ì‘{ÏS=³noŠŠ5ô°b©‰—®„ñt¥| tót®Kf-ä…]Üø ûl|ýüãûµ0Ó;@xï¿{ú !ɳ`ÀÙ{í7¸'[Ž¶üf Ø®LÀË«Mk‹„ÉO|˜·7|8uSìpWpg[åqaƒT×]ÙŒ•Vôâ©Vnrj 8ô ÚDîž=ôE;`ùÅÐõ¡«qY.©T½ª‡R3x´sd®ÆÒQ(î˜*F9ëd|d3 d:v©ÁÒoªrÚj8¹îkóF2ûØx „Ýà×ûž7ªFk·Ý]eµ¦°)|«3óÁ¿ÂË›Á$FI%Kâ0øj”è7t?Å ðW‰|¤i0`˜’Èöç2D®eÁêT”¯Å¹kÈëÊq©Ò1?õîõö”‚–žl¤àw‹®ƒÔ•®æe÷tÔD¥©í‹Ú!ßñ%ÊëÙ°‚f`þk¯\Šm­àlS]¿Ù6aîÝÜXîkFõ…œÒVÝ8Øë;¥ÇDBÛ»æ• 7¯œ<·ëLŠoë¦( ‘ðÕôϠɧm•¿±˜c Ê—2IÁôáÈòî//Ó'(ÎaÆÙFD¡ŸÊŒ>ûõuã ïçO@“Àv!a¿Éta÷N/ZoaýÅÂíí?0Óý\dùµ?7Ÿ¡&¦;®Î~§ }øÓÊ°p}ä"ç¹ÀŸë¡æ@ó}”ئÁÔn£,óE*âëÚ¾¨/?Ôv«\ÉŠ”¾Lŧr"b¸Ãd@øYþ~R&‰íRä>+÷šíbaÌé‹ÇÇËåâsV][>rõ=ÞÕMA]…á7‰š¸îýºŠÇ½¶ÿ–*ü°H¡s›$u{ÁmØòË›ë´û*I¿q®yìX¶3}Þ\:ן…yê¡+©¼µ6},½7÷qj endstream +endobj +1195 0 obj << +/Type /Page +/Contents 1196 0 R +/Resources 1194 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1183 0 R +/Annots [ 1203 0 R 1204 0 R ] +>> endobj +1203 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [348.3486 128.9523 463.9152 141.0119] +/Subtype/Link/A<> >> endobj 1204 0 obj << -/D [1202 0 R /XYZ 85.0394 794.5015 null] +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [147.3629 116.9971 364.5484 129.0567] +/Subtype/Link/A<> >> endobj -554 0 obj << -/D [1202 0 R /XYZ 85.0394 769.5949 null] +1197 0 obj << +/D [1195 0 R /XYZ 85.0394 794.5015 null] >> endobj -1205 0 obj << -/D [1202 0 R /XYZ 85.0394 572.1453 null] +534 0 obj << +/D [1195 0 R /XYZ 85.0394 769.5949 null] >> endobj -558 0 obj << -/D [1202 0 R /XYZ 85.0394 572.1453 null] +1198 0 obj << +/D [1195 0 R /XYZ 85.0394 576.7004 null] >> endobj -1206 0 obj << -/D [1202 0 R /XYZ 85.0394 536.5761 null] +538 0 obj << +/D [1195 0 R /XYZ 85.0394 576.7004 null] >> endobj -562 0 obj << -/D [1202 0 R /XYZ 85.0394 536.5761 null] +1199 0 obj << +/D [1195 0 R /XYZ 85.0394 548.3785 null] >> endobj -1207 0 obj << -/D [1202 0 R /XYZ 85.0394 506.7869 null] +542 0 obj << +/D [1195 0 R /XYZ 85.0394 548.3785 null] +>> endobj +1200 0 obj << +/D [1195 0 R /XYZ 85.0394 518.5228 null] +>> endobj +546 0 obj << +/D [1195 0 R /XYZ 85.0394 460.6968 null] >> endobj 1201 0 obj << +/D [1195 0 R /XYZ 85.0394 425.0333 null] +>> endobj +550 0 obj << +/D [1195 0 R /XYZ 85.0394 260.2468 null] +>> endobj +1202 0 obj << +/D [1195 0 R /XYZ 85.0394 224.698 null] +>> endobj +1194 0 obj << +/Font << /F42 597 0 R /F43 600 0 R /F11 1157 0 R /F57 624 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1207 0 obj << +/Length 69 +/Filter /FlateDecode +>> +stream +xÚ3T0BCS3=3K#KsK=SCS…ä\.…t œ;—!T‰©±ž©‰±1ƒEV.­knj©g`fA‚!ÂVŒendstream +endobj +1206 0 obj << +/Type /Page +/Contents 1207 0 R +/Resources 1205 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1183 0 R +>> endobj +1208 0 obj << +/D [1206 0 R /XYZ 56.6929 794.5015 null] +>> endobj +1205 0 obj << +/ProcSet [ /PDF ] +>> endobj +1211 0 obj << +/Length 2583 +/Filter /FlateDecode +>> +stream +xÚ}YÝsÛ8ï_‘·*3kWŸ–to‰Ó´›\&Nogîöh‰±y‘DU”âzÿúPV¼ÚNÇ$>H•à‡ÁE–,ý(/Ò<^&~\õ;ÿb¼Ïï–‰“h™ÄQ“î"‰²e’…éÅbºÈõÓ»Ÿâð"ô—«U˜\<={­Òt&ÙÅSùïªmeSªŸ—‹0ñ½«Ëÿ>}%µx™fi€j>l‘.ãUºšjÒŒÂA¼ŒâUÈ«dGiJÂËàrø>,]¼4úPÉrW˦ŸèËõJ] '$¨‰¬ÈêVÃA%ïVSèõ«ÅSo+ l1ãw{›rwÏ`€"×ÃÌ“¸&NR¾Y@ ü(Gà„†ñÆçtãÍb­›B¶vk ‘[`ðIªR½’Õx…‘;]>±ÌpºüŒé´ÙmÝVr’…QÈ[â`ÓÊÂú—€ƒ cPa–MöFÝ][áÀôÀV½4DZ·óa¯Š=¯RUs)3µzc¸a ?!”ïmUAbºEòåÊÏ©0=f¥£;ÓÓäºó…ÃㆀFFv¯pô4ö,¸ä^f¦¥ÖÝ_%\\ `L'¹ž¤ž[áoAØIv¤ß1`Ò&™w§‹ÑÊÞ&³!BÄ\"ºÛJRô õäãšOvº5‹Ð'B-Š½j¤!¹JCˆé ™goWâ’ßÇ6ª?òêÏ$°ÑÈt¼çZT +¬k”x϶Þ60¯G³@¡P‹9ëeSXKâtL¯ú¡ç "*߬·›[ÂX”¡¬‡Áæñ–ćÁðÀ³ˆõžâ~Ä,»ôÔ ¬%ª6‚å÷·kÜhIWô3f'ÀLbZèŽ묟4r.Æë%|€~-»YÉ#Í\ ¡}9`ˆl/‘øØ– Ò +Hä¥m–!yÌ2œ­y$ží9#€õ-o+æâ°#ìZ8­Pœáw׉r ˆôC¸ÁCÉÐ<›,ðKɃ7É2.NÒã­âÉ8šÒFĸyâϧªÿfÇ )ÜÈgÙ˜ùj_¾ +È1î𥑈6Hy •ÿ'‹ž3窄Š +ãéVQŽÜ¸Æ²d]þu2£ —RîóÒŒZKKé÷ìjÛA+^fˈx'tEfAÿ­ñ)ét| ¬uÝ”Ç@¦^‘÷=;(P>O"œRb­7Ÿùn„e&»¿#Œ¬V§`á±[A ‡¨,Ì€ÅÙu$ ˜Þ°WØx˜‚ïF¼ª’˜j·«ðP«”¯87ºÙAÎ44û7ôÜ$P‹RÍž(äv P&máªëæÏ3¢=Eœ`·—¢ÆEÛg†…Ôö åÐ\©±âzA#Ý8aW'ôs˜£ÔÝWÂű(”º‘oÁÿQT힆kQ·[YUlÔ7ù:_Èo†¦­52°—_5j§z2Ô÷>þT‹¥’DÖÜñŒi-¡”ê£dÄ%j%A0ŸšêàôfÂŒáý¬z‹ÀÔ-ɉ‹‹H +i~„„DœCÐÓí†VJc‚£„¶'JŠÍTœBB5Gbj,@Äo¥nmúYT†µ +Ý@ýÜTÝrný@„M +7Ûì!`•CÇ=ÜØl¢ЭÿöG¤”Ÿ Å7PƒÇfƒ°œäuBÁ2Q‚‰ß%!vy›ZëžXkÑU‹;ÕCŸ^U¬y§^$qï†ÁVúªj"^WZóº-U6Å’¯ÿœµ +³¿¼Xdƒ¸Hâ´„*7lü1€?*~6ïa›ÊÁç–‰´#Ž¾q®Wæì-ýÏ% $0 ˜.Yrïõ„š0‹—9ßÞ‹ ˜š¡è鉼•¶háÐ}ÃP¥HÚÈáCi³¶.G”§øbÈV$/“ ½½Ž6gž¶Å(…ë«·´ô|çâ4&¤{ÒúÓtÀé9nO>ÌNÞæãÊ¡@˜]š(¹©<ýÂëªÊ;ãÏ<½¼Fçéß%Põ Qì:@`)C¿Ü•¯Õ€·[ÛÝ~4¤¡Í‰È}8‚‹Ã^µÄ¡¯ÂÀ€ý:[º`Rœª F Œ\|¶äÜuQÎ͆ë³k]¡÷#Ôƒ$2oÝ× µä·‚q.+dÔ½•uÔ»OãŸÜ "ü¢ÍþñÁ‰,N2ô—‡éGöÈ_-³0OÝBh~šžï6þãÏÛýåsÏendstream +endobj +1210 0 obj << +/Type /Page +/Contents 1211 0 R +/Resources 1209 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1183 0 R +>> endobj +1212 0 obj << +/D [1210 0 R /XYZ 85.0394 794.5015 null] +>> endobj +554 0 obj << +/D [1210 0 R /XYZ 85.0394 769.5949 null] +>> endobj +1213 0 obj << +/D [1210 0 R /XYZ 85.0394 573.5449 null] +>> endobj +558 0 obj << +/D [1210 0 R /XYZ 85.0394 573.5449 null] +>> endobj +1214 0 obj << +/D [1210 0 R /XYZ 85.0394 539.0037 null] +>> endobj +562 0 obj << +/D [1210 0 R /XYZ 85.0394 539.0037 null] +>> endobj +1215 0 obj << +/D [1210 0 R /XYZ 85.0394 510.2426 null] +>> endobj +1209 0 obj << /Font << /F42 597 0 R /F43 600 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1210 0 obj << +1218 0 obj << /Length 3135 /Filter /FlateDecode >> @@ -4775,73 +4829,73 @@ BPC,L Iz¼mkV òl¿P]RÕ‹Ø L‘ÇMê»sÖØEŸœ5O¯kpÚ°¸Ÿö"맪ÔVÙVÇ…çyž9o’Üå{…4„yý|zÖ?ÿ¼ÛH\–4»O]‹ÃÃelÑø> ÃaV/ÜÉy}½{–Bõ¯<Ó4/t›-.}z·ó”õuR/ü}³^$nÝe2[dEZ>F·W 6);‰^ÑW.ÖgÉ*™âûÉ–êv7íß dO {‹‚–Nj ™>f”4ÚsE¥úUu„Æ`v0âf妩ïY¯³t¾ë1¨ÜÔ}•ÐcÊM1O`^õÎé "1º y»1(sŸlû¹ë“<©ª¼Is[ã<-—‰§vCIí=éäòô•ôµ :Z`QÏ¡²ði*,76Õ¥©›²)²ß7n¼•ÚÀPj .âÃ]Š¶âŠÐ±€p$â(“Ð0ÀÚN+ª6·ËX€RVíÒ‚'bz=Á!+¢'ïØSöFÄö­q]5óÚ7¨N·µ5{ DÔ™· —ºùCûb'zï(¥ä˜“Qçççgøk›Ò(žð™'¯±÷X؆¢Þ.ÇCAgЕ—)½§ÀfÈî «Ø5u“%CÁ®ïY2¶¥lÐX”›|N­NDìw“får•ƒ§M—`jé< g¯ãÞ!ԓʽ$za¤ÔÇuV×H+¸CP)èÛ¦y9ûTQ¹JW V]عö Ä 5ÌÀ%öŽQ¸€}yšÌívÂÿ!'X:‚öѦ¡v-jY¢Ûõ£å[ê¼y+}¢°ô1HÒ£æ¾÷žÞ=<Á‹ò£ùT ø5G cPºEÞnnSÍÄTŠÝÏòÝÝïŽTóôùÌpðÜéÌé“Ê k, †äÙ§4ßR‡ÝE•ZÔtáòÐ a€èH[óÆMDbúÊÑ ³jV?RCtä&/’{×›³|C±"´'»\ãáomн­bi…»ÝÒ1 °âÒÚ_è7ÎË 9o-ƒšñDý÷ÑÑ_(nÄ4:lÉnÊHøMAÒÓv‚ÖUYUÎ!AÁA= hëØ‘Iê]"ͼƒEÝÔÞs.yÑôNÛ¤ÅÜû£|ëK³´ïü¬ÞÙÐ|(Ò~‹¼(5ûOvÜg"@¶¬¼['«Å¶õ< [ãÍBáY¹¡=ÕùtäÙç(p¥ÑÊ4ùÏQnRð8þÉ·ÉÔœ”KmIí,Sö¾áÀš»„Ô%Ø µT°ÙwxgÎNé ‰MKãôjüŽÈ¶GËTµ°§~Ïáx€£«¦ÑîC€§Ï’a Vˆs(´a­‘m©R L¨l5ø…]·À'öœªEYÛ¯ Bév‰W'ÔX?ã¦ãfªÒüÞ“k¥ƒÊÜfq +T§Ûý²°ÌP;+î ¢Lië`4kóIõ‰ºÏ)œ¹¹(ãåÙäÜÉÈŒ;Ó™Wg/Ò‡†qÝ­]¸[ãªK|A¡•%‡îrYvWJp¬7À@g ~ÏI‹ƒ|ò¬p÷YB…ó >,s5Ä -nëÕÑû÷(wUYÎ7ï³bdUó?®°ö—…Î5“É ÷oj;6…ÿƒÆõc½ëÅ(YûTÕ˳0Z¢0pá£|õ~øÒÝ4Š›0êÌ°)‰°+À3º¸zEþo9$Þgå®oðØàÕl×ç~ñ×¾úÁÕQê}™Â& ã˜BIâèçþÓÀç¬ÿ”÷xendstream +nëÕÑû÷(wUYÎ7ï³bdUó?®°ö—…Î5“É ÷oj;6…ÿƒÆõc½ëÅ(YûTÕ˳0Z¢0pá£|õ~øÒÝ4Š›0êÌ°)‰°+À3º¸zEþo9$Þgå®oðØàÕl×ç~ñ×¾úÁÕQê}™Â& ã˜BIbýŒsÿiàsÖÿ ì÷zendstream endobj -1209 0 obj << +1217 0 obj << /Type /Page -/Contents 1210 0 R -/Resources 1208 0 R +/Contents 1218 0 R +/Resources 1216 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1196 0 R -/Annots [ 1218 0 R 1219 0 R ] +/Parent 1183 0 R +/Annots [ 1226 0 R 1227 0 R ] >> endobj -1218 0 obj << +1226 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] /Rect [401.6435 61.5153 511.2325 73.5749] /Subtype/Link/A<> >> endobj -1219 0 obj << +1227 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] /Rect [55.6967 30.8502 511.2325 44.7979] /Subtype/Link/A<> >> endobj -1211 0 obj << -/D [1209 0 R /XYZ 56.6929 794.5015 null] +1219 0 obj << +/D [1217 0 R /XYZ 56.6929 794.5015 null] >> endobj 566 0 obj << -/D [1209 0 R /XYZ 56.6929 769.5949 null] +/D [1217 0 R /XYZ 56.6929 769.5949 null] >> endobj -1212 0 obj << -/D [1209 0 R /XYZ 56.6929 748.2826 null] +1220 0 obj << +/D [1217 0 R /XYZ 56.6929 748.2826 null] >> endobj 570 0 obj << -/D [1209 0 R /XYZ 56.6929 748.2826 null] +/D [1217 0 R /XYZ 56.6929 748.2826 null] >> endobj -801 0 obj << -/D [1209 0 R /XYZ 56.6929 720.3635 null] +809 0 obj << +/D [1217 0 R /XYZ 56.6929 720.3635 null] >> endobj -1213 0 obj << -/D [1209 0 R /XYZ 56.6929 647.0664 null] ->> endobj -1214 0 obj << -/D [1209 0 R /XYZ 56.6929 635.1112 null] ->> endobj -1215 0 obj << -/D [1209 0 R /XYZ 56.6929 529.3677 null] ->> endobj -1216 0 obj << -/D [1209 0 R /XYZ 56.6929 517.4125 null] ->> endobj -574 0 obj << -/D [1209 0 R /XYZ 56.6929 180.3481 null] ->> endobj -1217 0 obj << -/D [1209 0 R /XYZ 56.6929 143.7717 null] ->> endobj -578 0 obj << -/D [1209 0 R /XYZ 56.6929 143.7717 null] ->> endobj -644 0 obj << -/D [1209 0 R /XYZ 56.6929 116.6563 null] ->> endobj -1208 0 obj << -/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F56 618 0 R /F11 785 0 R /F77 703 0 R /F57 624 0 R >> -/ProcSet [ /PDF /Text ] +1221 0 obj << +/D [1217 0 R /XYZ 56.6929 647.0664 null] >> endobj 1222 0 obj << -/Length 2590 +/D [1217 0 R /XYZ 56.6929 635.1112 null] +>> endobj +1223 0 obj << +/D [1217 0 R /XYZ 56.6929 529.3677 null] +>> endobj +1224 0 obj << +/D [1217 0 R /XYZ 56.6929 517.4125 null] +>> endobj +574 0 obj << +/D [1217 0 R /XYZ 56.6929 180.3481 null] +>> endobj +1225 0 obj << +/D [1217 0 R /XYZ 56.6929 143.7717 null] +>> endobj +578 0 obj << +/D [1217 0 R /XYZ 56.6929 143.7717 null] +>> endobj +644 0 obj << +/D [1217 0 R /XYZ 56.6929 116.6563 null] +>> endobj +1216 0 obj << +/Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F56 618 0 R /F11 1157 0 R /F77 703 0 R /F57 624 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1230 0 obj << +/Length 2591 /Filter /FlateDecode >> stream @@ -4851,192 +4905,192 @@ xÚ­Z[s U ùÿæ”ïdk¾ÿS¶ÓþýG0æ0¤,Hh© êø$lª $Úº{0•/£g0é‹ÎjáfW± ô*~>EYí†í9&é.E“d+ ß«æq÷rÿ»ÙUv÷ûíDÂeÀRìv7¤,v×R•Ý}×B¬ª »·u÷ØÝT¾ŽyŸ²áÇè]6jnT¢”Š¤ˆ«¢’²‚AC qÚñ¸^TçKg•‰"ÇgØ@ ^ªK<@:t‡ñUu¢Áð³º;m¿r™ õ‡352ób,_¥¢‘øöáw]ëhùÕ: VÄõF¹Š<ßØïÁ ©§ôŸÄqœnÖ Û>ŸºøÇX§zŒ÷*I¶šqÍ¢—hŸCëóGêäòK$É”ê÷ÇJª"I¾o)ÂVÕµ?žéîödžò*ÈçoE”äçI9?i¦XÊâAþ‰²¼"I^WbœðÖ–o­ÐVE¶å zòÓ)†²®Iì,Ú4¶~ëÍÔ¥( —h’)eAHKUöb„lª „Úº{2•kîãGq—`Í}Ê^È)§,.Þåˆd.¾ƒ¸Ï fäz´ èòUhˆYHQ9âê°•zJ¤Dcªä?†§§C˜¨YôFQ2!­¨‘¬…–bŠ\ £à3¤,ði)ƒår |6Õ|mÝ=ð™ÊKpÔ¡o{‡.á4öêRBóâ2G•¼¸“ãbä’€5#l¦bH!Ù}»8èù~"˜xðÔú¹ØéP\D^•äw9ý·ôT´(Dë©Ç@Q_8^3¥ú= ’ªR,³¯YU×p¦»ÛÊaʈkD©xR»Ïo{ºè(ƒËQLôLÓLz"¢ï—Äa\ì̧m´W³Ï¢ã>}×ï—(”KHŸŠWu:|Šz qêC, Ã¹ÚÜT£¾ _ä‚uÕþ¼)R3_ÓÞ€'8s¹—à6¤,pk)nKEµª6ànëîÛT>MIÕ°fh'¨08—¨¦Y.ed!„õéù9‚|°•ý·ñ[÷&°I¾©[Þ]ŠI>ž¡Þ« -²öÉÙR˜y¯:§ªsÊ<.¹œž·sã$c&ÆÏm2§Ëû=0¬jŸü×\û‚ õ—0¥ú]¢’ªO¢|ÒïVÕµKœéîv‰†ò5ìŸôÁßòT³™ äƒÝ!zßy¡ÉsÏw¶Õ6¶e}s«k;`:Ëô˜{ˆr¯ut»Šòô”mT}ZE›4ÛêËÀ¾£Þc\ØŠKÛ ÖB•P… ö©A‹^À–âü ÍËè¾SÎÐX­TG$'’¸è£[Ž‹<1MaIŸnÅvÉ9æ/òšzfE)€‡ŸÔÐDý¿%+Ks%°R_ö{ˆÛDÍ+]ºëX/›·)’›éU5¼¤NoŠ›fâÛá­eúÑU2¸Ü±dl‹ÒÛ–Önh µ?Y®'ÚÓ…ß—§ ßï„—À.'à­‹½§½dίjt˜NÓ=ìwÞ éöŸsD¸‡/ü¦ê7¿ª÷ Üb›Þ€¶ânLÍ┞ðá}–;Oâ©ó 蛿%WÉsiGü”VG! ±H@øPuxò愨“cѨè6 *º ½½'ÇÔÁˆCã¨Ë2)& _ä•$ôÕ1F§É’*éiT„ÉO}%µ«æB×Ôxó=NòŠGµîÝ,×”!ñ{Ÿdœ*ÑÿÏ?+2Ûú=×oÔñ º®%¾›ó³£èß/ý¿‚¨¦endstream +²öÉÙR˜y¯:§ªsÊ<.¹œž·sã$c&ÆÏm2§Ëû=0¬jŸü×\û‚ õ—0¥ú]¢’ªO¢|ÒïVÕµKœéîv‰†ò5ìŸôÁßòT³™ äƒÝ!zßy¡ÉsÏw¶Õ6¶e}s«k;`:Ëô˜{ˆr¯ut»Šòô”mT}ZE›4ÛêËÀ¾£Þc\ØŠKÛ ÖB•P… ö©A‹^À–âü ÍËè¾SÎÐX­TG$'’¸è£[Ž‹<1MaIŸnÅvÉ9æ/òšzfE)€‡ŸÔÐDý¿%+Ks%°R_ö{ˆÛDÍ+]ºëX/›·)’›éU5¼¤NoŠ›fâÛá­eúÑU2¸Ü±dl‹ÒÛ–Önh µ?Y®'ÚÓ…ß—§ ßï„—À.'à­‹½§½dίjt˜NÓ=ìwÞ éöŸsD¸‡/ü¦ê7¿ª÷ Üb›Þ€¶ânLÍ┞ðá}–;Oâ©ó 蛿%WÉsiGü”VG! ±H@øPuxò愨“cѨè6 *º ½½'ÇÔÁˆCã¨Ë2)& _ä•$ôÕ1F§É’*éiT„ÉO}%µ«æB×Ôxó=NòŠGµîÝ,×”!ñ{Ÿdœ*ÑÿÏ?+2Ûú=×oÔñ º®%¾›g?FÑ¿?:_úƒ¦endstream endobj -1221 0 obj << +1229 0 obj << /Type /Page -/Contents 1222 0 R -/Resources 1220 0 R +/Contents 1230 0 R +/Resources 1228 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1196 0 R -/Annots [ 1223 0 R 1225 0 R 1226 0 R 1227 0 R ] +/Parent 1283 0 R +/Annots [ 1231 0 R 1233 0 R 1234 0 R 1235 0 R ] >> endobj -1223 0 obj << +1231 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] /Rect [84.0431 793.5053 539.579 807.4529] /Subtype/Link/A<> >> endobj -1225 0 obj << +1233 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] /Rect [84.0431 756.4942 140.332 767.8862] /Subtype/Link/A<> >> endobj -1226 0 obj << +1234 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] /Rect [507.6985 756.4942 539.579 767.8862] /Subtype/Link/A<> >> endobj -1227 0 obj << +1235 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] /Rect [84.0431 745.1168 199.6097 755.2785] /Subtype/Link/A<> >> endobj -1224 0 obj << -/D [1221 0 R /XYZ 85.0394 794.5015 null] ->> endobj -1228 0 obj << -/D [1221 0 R /XYZ 85.0394 694.0474 null] ->> endobj -1229 0 obj << -/D [1221 0 R /XYZ 85.0394 694.0474 null] ->> endobj -1230 0 obj << -/D [1221 0 R /XYZ 85.0394 660.6469 null] ->> endobj -1231 0 obj << -/D [1221 0 R /XYZ 85.0394 660.6469 null] ->> endobj 1232 0 obj << -/D [1221 0 R /XYZ 85.0394 660.6469 null] ->> endobj -1233 0 obj << -/D [1221 0 R /XYZ 85.0394 654.2654 null] ->> endobj -1234 0 obj << -/D [1221 0 R /XYZ 85.0394 639.5008 null] ->> endobj -1235 0 obj << -/D [1221 0 R /XYZ 85.0394 635.7135 null] +/D [1229 0 R /XYZ 85.0394 794.5015 null] >> endobj 1236 0 obj << -/D [1221 0 R /XYZ 85.0394 620.9489 null] +/D [1229 0 R /XYZ 85.0394 694.0474 null] >> endobj 1237 0 obj << -/D [1221 0 R /XYZ 85.0394 617.1617 null] +/D [1229 0 R /XYZ 85.0394 694.0474 null] >> endobj 1238 0 obj << -/D [1221 0 R /XYZ 85.0394 557.6417 null] ->> endobj -746 0 obj << -/D [1221 0 R /XYZ 85.0394 557.6417 null] +/D [1229 0 R /XYZ 85.0394 660.6469 null] >> endobj 1239 0 obj << -/D [1221 0 R /XYZ 85.0394 557.6417 null] +/D [1229 0 R /XYZ 85.0394 660.6469 null] >> endobj 1240 0 obj << -/D [1221 0 R /XYZ 85.0394 554.1294 null] +/D [1229 0 R /XYZ 85.0394 660.6469 null] >> endobj 1241 0 obj << -/D [1221 0 R /XYZ 85.0394 539.3648 null] +/D [1229 0 R /XYZ 85.0394 654.2654 null] >> endobj 1242 0 obj << -/D [1221 0 R /XYZ 85.0394 535.5776 null] +/D [1229 0 R /XYZ 85.0394 639.5008 null] >> endobj 1243 0 obj << -/D [1221 0 R /XYZ 85.0394 520.813 null] +/D [1229 0 R /XYZ 85.0394 635.7135 null] >> endobj 1244 0 obj << -/D [1221 0 R /XYZ 85.0394 517.0257 null] +/D [1229 0 R /XYZ 85.0394 620.9489 null] >> endobj 1245 0 obj << -/D [1221 0 R /XYZ 85.0394 490.306 null] +/D [1229 0 R /XYZ 85.0394 617.1617 null] >> endobj 1246 0 obj << -/D [1221 0 R /XYZ 85.0394 486.5187 null] +/D [1229 0 R /XYZ 85.0394 557.6417 null] +>> endobj +746 0 obj << +/D [1229 0 R /XYZ 85.0394 557.6417 null] >> endobj 1247 0 obj << -/D [1221 0 R /XYZ 85.0394 471.7541 null] +/D [1229 0 R /XYZ 85.0394 557.6417 null] >> endobj 1248 0 obj << -/D [1221 0 R /XYZ 85.0394 467.9669 null] +/D [1229 0 R /XYZ 85.0394 554.1294 null] >> endobj 1249 0 obj << -/D [1221 0 R /XYZ 85.0394 453.2621 null] +/D [1229 0 R /XYZ 85.0394 539.3648 null] >> endobj 1250 0 obj << -/D [1221 0 R /XYZ 85.0394 449.415 null] +/D [1229 0 R /XYZ 85.0394 535.5776 null] >> endobj 1251 0 obj << -/D [1221 0 R /XYZ 85.0394 377.9399 null] +/D [1229 0 R /XYZ 85.0394 520.813 null] >> endobj 1252 0 obj << -/D [1221 0 R /XYZ 85.0394 377.9399 null] +/D [1229 0 R /XYZ 85.0394 517.0257 null] >> endobj 1253 0 obj << -/D [1221 0 R /XYZ 85.0394 377.9399 null] +/D [1229 0 R /XYZ 85.0394 490.306 null] >> endobj 1254 0 obj << -/D [1221 0 R /XYZ 85.0394 374.4276 null] +/D [1229 0 R /XYZ 85.0394 486.5187 null] >> endobj 1255 0 obj << -/D [1221 0 R /XYZ 85.0394 359.7228 null] +/D [1229 0 R /XYZ 85.0394 471.7541 null] >> endobj 1256 0 obj << -/D [1221 0 R /XYZ 85.0394 355.8757 null] +/D [1229 0 R /XYZ 85.0394 467.9669 null] >> endobj 1257 0 obj << -/D [1221 0 R /XYZ 85.0394 331.806 null] +/D [1229 0 R /XYZ 85.0394 453.2621 null] >> endobj 1258 0 obj << -/D [1221 0 R /XYZ 85.0394 325.3687 null] +/D [1229 0 R /XYZ 85.0394 449.415 null] >> endobj 1259 0 obj << -/D [1221 0 R /XYZ 85.0394 265.8487 null] +/D [1229 0 R /XYZ 85.0394 377.9399 null] >> endobj 1260 0 obj << -/D [1221 0 R /XYZ 85.0394 265.8487 null] +/D [1229 0 R /XYZ 85.0394 377.9399 null] >> endobj 1261 0 obj << -/D [1221 0 R /XYZ 85.0394 265.8487 null] +/D [1229 0 R /XYZ 85.0394 377.9399 null] >> endobj 1262 0 obj << -/D [1221 0 R /XYZ 85.0394 262.3364 null] +/D [1229 0 R /XYZ 85.0394 374.4276 null] >> endobj 1263 0 obj << -/D [1221 0 R /XYZ 85.0394 236.8919 null] +/D [1229 0 R /XYZ 85.0394 359.7228 null] >> endobj 1264 0 obj << -/D [1221 0 R /XYZ 85.0394 231.8294 null] +/D [1229 0 R /XYZ 85.0394 355.8757 null] >> endobj 1265 0 obj << -/D [1221 0 R /XYZ 85.0394 205.1097 null] +/D [1229 0 R /XYZ 85.0394 331.806 null] >> endobj 1266 0 obj << -/D [1221 0 R /XYZ 85.0394 201.3224 null] +/D [1229 0 R /XYZ 85.0394 325.3687 null] >> endobj 1267 0 obj << -/D [1221 0 R /XYZ 85.0394 141.7069 null] +/D [1229 0 R /XYZ 85.0394 265.8487 null] >> endobj 1268 0 obj << -/D [1221 0 R /XYZ 85.0394 141.7069 null] +/D [1229 0 R /XYZ 85.0394 265.8487 null] >> endobj 1269 0 obj << -/D [1221 0 R /XYZ 85.0394 141.7069 null] +/D [1229 0 R /XYZ 85.0394 265.8487 null] >> endobj 1270 0 obj << -/D [1221 0 R /XYZ 85.0394 138.2901 null] +/D [1229 0 R /XYZ 85.0394 262.3364 null] >> endobj 1271 0 obj << -/D [1221 0 R /XYZ 85.0394 114.2204 null] +/D [1229 0 R /XYZ 85.0394 236.8919 null] >> endobj 1272 0 obj << -/D [1221 0 R /XYZ 85.0394 107.7831 null] +/D [1229 0 R /XYZ 85.0394 231.8294 null] >> endobj 1273 0 obj << -/D [1221 0 R /XYZ 85.0394 93.0186 null] +/D [1229 0 R /XYZ 85.0394 205.1097 null] >> endobj 1274 0 obj << -/D [1221 0 R /XYZ 85.0394 89.2313 null] +/D [1229 0 R /XYZ 85.0394 201.3224 null] >> endobj -1220 0 obj << -/Font << /F62 634 0 R /F57 624 0 R /F11 785 0 R /F43 600 0 R /F77 703 0 R /F42 597 0 R /F56 618 0 R >> -/ProcSet [ /PDF /Text ] +1275 0 obj << +/D [1229 0 R /XYZ 85.0394 141.7069 null] +>> endobj +1276 0 obj << +/D [1229 0 R /XYZ 85.0394 141.7069 null] >> endobj 1277 0 obj << +/D [1229 0 R /XYZ 85.0394 141.7069 null] +>> endobj +1278 0 obj << +/D [1229 0 R /XYZ 85.0394 138.2901 null] +>> endobj +1279 0 obj << +/D [1229 0 R /XYZ 85.0394 114.2204 null] +>> endobj +1280 0 obj << +/D [1229 0 R /XYZ 85.0394 107.7831 null] +>> endobj +1281 0 obj << +/D [1229 0 R /XYZ 85.0394 93.0186 null] +>> endobj +1282 0 obj << +/D [1229 0 R /XYZ 85.0394 89.2313 null] +>> endobj +1228 0 obj << +/Font << /F62 634 0 R /F57 624 0 R /F11 1157 0 R /F43 600 0 R /F77 703 0 R /F42 597 0 R /F56 618 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1286 0 obj << /Length 2680 /Filter /FlateDecode >> @@ -5053,215 +5107,214 @@ Y ­ÑØÇ6Ó¨c Bʼo §„®Û­9Ï÷mPbß8gŽtÉ{"Óˆ÷å+Ýë–7ÎM`ñI|AÏš”EÏRê¤çÄf.6hMÏ}l³žul¥Ny5íjûSI62ÈI‘¨Ûó!vèç“ž™““ñC•ÕiiÊ-ÀÕkPá®ë øRVO—²(\J$ß7X¡5…÷±Í ×±Åé\r©Ù:;ÛåÆËî,ÏåSäàA9èr𠢂Éq»#ÅÐÆήâ±·E6¾.5̃’:Ýcý`˜+ô‰‡3l#lu&„¾Ì´±"㸤x; ðÒŠ%Éè+pgJ#`ÇãHóø‰×¦ØÈ?rZÀÙÔ¶be¬ç/FN™¿ˆj KÑÿ°…ûöú­õˆb¸:.fÿ¼~‚ä@Àx!ÎÓ¥,tJ©¶—˜VhÎ>¶™N{¦î=¯ì=‡Œ¼n¤A‰° gzzŠµ6[žñd‡3Æý®­1¶.ä<ö&«t#»u]æ´é'³>Ùþ·¹Iç-~Á}$c-òÙV«ÁÀűƒ.ùUMh˜)¤… úm¸'öûÀFòu`~†áPOªcñb þ—´ÜVä°ËÒV5ÐòÉâECìÄAè/´ÐøÚáo¿BÓ<=mÀ!*LwÇü¿T´> ùÇœfMAÕÕº8‰Ð72p°nÊ"{'ìYâwìy J9ÛEìK¯ŸÀbkàɹn?u=¯ÈKcÚà.³A'öSk£â@Ž‚²ß~ìq;¯ù¬“¨ì+Txº,aºacx#»^qŽ`ü¦L2ÅóOØ?Iý]äEñ¥•ðw ¤þÎ…oJñÆ4ë#èÝQî%Ý®6ÅßÇí!Eìõ5-RÞšð{´‡ªŸß& p[ Ûg¿@cÝm{†@¹ýFnè+ÍË{>XQ˜ ñ­4[–ƒie”¾ØÀ”´ïu™M³jÁ2-tÙ} îòøÈ-Ÿm*ØdÀ/´î,òÆ2÷™Á‘Åv`,ÝHÔÞÞ¸T½+¹hmQYaMùÿcÉÝ ¶îÚÒL4ù­~ZÄBLÖ~(óF_¨ ‘9fòiZî§&~ìµ1›¹ãõÿç; $sž®’¤Q"Bø´ ¡ò"=¶çj^m— ÿœEð âÓ‡Éñ.®D(ìÈ«˜„ð¿<{¡5,×ÚÝ -ÿuö‹öeÑìÄXØïr‰?ÁõìL*Vè+nÓÝÌç Ç®TÆʇÍéf¿~S/T3á`ûìJ‘W2Ôþb2¸_W¹‘ÿûƒ*-U9^> endobj -1278 0 obj << -/D [1276 0 R /XYZ 56.6929 794.5015 null] ->> endobj -1279 0 obj << -/D [1276 0 R /XYZ 56.6929 769.5949 null] ->> endobj -1280 0 obj << -/D [1276 0 R /XYZ 56.6929 771.5874 null] ->> endobj -1281 0 obj << -/D [1276 0 R /XYZ 56.6929 747.5177 null] ->> endobj -1282 0 obj << -/D [1276 0 R /XYZ 56.6929 741.0838 null] ->> endobj -1283 0 obj << -/D [1276 0 R /XYZ 56.6929 714.364 null] ->> endobj -1284 0 obj << -/D [1276 0 R /XYZ 56.6929 710.5801 null] ->> endobj 1285 0 obj << -/D [1276 0 R /XYZ 56.6929 683.8604 null] ->> endobj -1286 0 obj << -/D [1276 0 R /XYZ 56.6929 680.0765 null] +/Type /Page +/Contents 1286 0 R +/Resources 1284 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1283 0 R >> endobj 1287 0 obj << -/D [1276 0 R /XYZ 56.6929 623.4385 null] +/D [1285 0 R /XYZ 56.6929 794.5015 null] >> endobj 1288 0 obj << -/D [1276 0 R /XYZ 56.6929 623.4385 null] +/D [1285 0 R /XYZ 56.6929 769.5949 null] >> endobj 1289 0 obj << -/D [1276 0 R /XYZ 56.6929 623.4385 null] +/D [1285 0 R /XYZ 56.6929 771.5874 null] >> endobj 1290 0 obj << -/D [1276 0 R /XYZ 56.6929 617.0603 null] +/D [1285 0 R /XYZ 56.6929 747.5177 null] >> endobj 1291 0 obj << -/D [1276 0 R /XYZ 56.6929 602.2957 null] +/D [1285 0 R /XYZ 56.6929 741.0838 null] >> endobj 1292 0 obj << -/D [1276 0 R /XYZ 56.6929 598.5118 null] +/D [1285 0 R /XYZ 56.6929 714.364 null] >> endobj 1293 0 obj << -/D [1276 0 R /XYZ 56.6929 583.8071 null] +/D [1285 0 R /XYZ 56.6929 710.5801 null] >> endobj 1294 0 obj << -/D [1276 0 R /XYZ 56.6929 579.9633 null] +/D [1285 0 R /XYZ 56.6929 683.8604 null] >> endobj 1295 0 obj << -/D [1276 0 R /XYZ 56.6929 565.2586 null] +/D [1285 0 R /XYZ 56.6929 680.0765 null] >> endobj 1296 0 obj << -/D [1276 0 R /XYZ 56.6929 561.4149 null] +/D [1285 0 R /XYZ 56.6929 623.4385 null] >> endobj 1297 0 obj << -/D [1276 0 R /XYZ 56.6929 501.9076 null] +/D [1285 0 R /XYZ 56.6929 623.4385 null] >> endobj 1298 0 obj << -/D [1276 0 R /XYZ 56.6929 501.9076 null] +/D [1285 0 R /XYZ 56.6929 623.4385 null] >> endobj 1299 0 obj << -/D [1276 0 R /XYZ 56.6929 501.9076 null] +/D [1285 0 R /XYZ 56.6929 617.0603 null] >> endobj 1300 0 obj << -/D [1276 0 R /XYZ 56.6929 498.3987 null] +/D [1285 0 R /XYZ 56.6929 602.2957 null] >> endobj 1301 0 obj << -/D [1276 0 R /XYZ 56.6929 483.694 null] +/D [1285 0 R /XYZ 56.6929 598.5118 null] >> endobj 1302 0 obj << -/D [1276 0 R /XYZ 56.6929 479.8502 null] +/D [1285 0 R /XYZ 56.6929 583.8071 null] >> endobj 1303 0 obj << -/D [1276 0 R /XYZ 56.6929 465.0856 null] +/D [1285 0 R /XYZ 56.6929 579.9633 null] >> endobj 1304 0 obj << -/D [1276 0 R /XYZ 56.6929 461.3017 null] +/D [1285 0 R /XYZ 56.6929 565.2586 null] >> endobj 1305 0 obj << -/D [1276 0 R /XYZ 56.6929 446.5371 null] +/D [1285 0 R /XYZ 56.6929 561.4149 null] >> endobj 1306 0 obj << -/D [1276 0 R /XYZ 56.6929 442.7532 null] +/D [1285 0 R /XYZ 56.6929 501.9076 null] >> endobj 1307 0 obj << -/D [1276 0 R /XYZ 56.6929 386.1153 null] +/D [1285 0 R /XYZ 56.6929 501.9076 null] >> endobj 1308 0 obj << -/D [1276 0 R /XYZ 56.6929 386.1153 null] +/D [1285 0 R /XYZ 56.6929 501.9076 null] >> endobj 1309 0 obj << -/D [1276 0 R /XYZ 56.6929 386.1153 null] +/D [1285 0 R /XYZ 56.6929 498.3987 null] >> endobj 1310 0 obj << -/D [1276 0 R /XYZ 56.6929 379.7371 null] +/D [1285 0 R /XYZ 56.6929 483.694 null] >> endobj 1311 0 obj << -/D [1276 0 R /XYZ 56.6929 355.6674 null] +/D [1285 0 R /XYZ 56.6929 479.8502 null] >> endobj 1312 0 obj << -/D [1276 0 R /XYZ 56.6929 349.2334 null] +/D [1285 0 R /XYZ 56.6929 465.0856 null] >> endobj 1313 0 obj << -/D [1276 0 R /XYZ 56.6929 334.5287 null] +/D [1285 0 R /XYZ 56.6929 461.3017 null] >> endobj 1314 0 obj << -/D [1276 0 R /XYZ 56.6929 330.6849 null] +/D [1285 0 R /XYZ 56.6929 446.5371 null] >> endobj 1315 0 obj << -/D [1276 0 R /XYZ 56.6929 315.9203 null] +/D [1285 0 R /XYZ 56.6929 442.7532 null] >> endobj 1316 0 obj << -/D [1276 0 R /XYZ 56.6929 312.1364 null] +/D [1285 0 R /XYZ 56.6929 386.1153 null] >> endobj 1317 0 obj << -/D [1276 0 R /XYZ 56.6929 297.3719 null] +/D [1285 0 R /XYZ 56.6929 386.1153 null] >> endobj 1318 0 obj << -/D [1276 0 R /XYZ 56.6929 293.5879 null] +/D [1285 0 R /XYZ 56.6929 386.1153 null] >> endobj 1319 0 obj << -/D [1276 0 R /XYZ 56.6929 269.5182 null] +/D [1285 0 R /XYZ 56.6929 379.7371 null] >> endobj 1320 0 obj << -/D [1276 0 R /XYZ 56.6929 263.0843 null] +/D [1285 0 R /XYZ 56.6929 355.6674 null] >> endobj 1321 0 obj << -/D [1276 0 R /XYZ 56.6929 203.5771 null] +/D [1285 0 R /XYZ 56.6929 349.2334 null] >> endobj 1322 0 obj << -/D [1276 0 R /XYZ 56.6929 203.5771 null] +/D [1285 0 R /XYZ 56.6929 334.5287 null] >> endobj 1323 0 obj << -/D [1276 0 R /XYZ 56.6929 203.5771 null] +/D [1285 0 R /XYZ 56.6929 330.6849 null] >> endobj 1324 0 obj << -/D [1276 0 R /XYZ 56.6929 200.0681 null] ->> endobj -582 0 obj << -/D [1276 0 R /XYZ 56.6929 159.3692 null] +/D [1285 0 R /XYZ 56.6929 315.9203 null] >> endobj 1325 0 obj << -/D [1276 0 R /XYZ 56.6929 131.475 null] +/D [1285 0 R /XYZ 56.6929 312.1364 null] >> endobj -1275 0 obj << +1326 0 obj << +/D [1285 0 R /XYZ 56.6929 297.3719 null] +>> endobj +1327 0 obj << +/D [1285 0 R /XYZ 56.6929 293.5879 null] +>> endobj +1328 0 obj << +/D [1285 0 R /XYZ 56.6929 269.5182 null] +>> endobj +1329 0 obj << +/D [1285 0 R /XYZ 56.6929 263.0843 null] +>> endobj +1330 0 obj << +/D [1285 0 R /XYZ 56.6929 203.5771 null] +>> endobj +1331 0 obj << +/D [1285 0 R /XYZ 56.6929 203.5771 null] +>> endobj +1332 0 obj << +/D [1285 0 R /XYZ 56.6929 203.5771 null] +>> endobj +1333 0 obj << +/D [1285 0 R /XYZ 56.6929 200.0681 null] +>> endobj +582 0 obj << +/D [1285 0 R /XYZ 56.6929 159.3692 null] +>> endobj +1334 0 obj << +/D [1285 0 R /XYZ 56.6929 131.475 null] +>> endobj +1284 0 obj << /Font << /F62 634 0 R /F43 600 0 R /F56 618 0 R /F42 597 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1328 0 obj << +1337 0 obj << /Length 550 /Filter /FlateDecode >> stream -xÚ¥S]oÚ0}ϯðÛ‚´xן±÷ cT0ȤM”i-4 šº_?;†4´t{˜òbû~œsÏ=!ÌG˜æ(Ô ¥;ЉIŠ4Ö’J”Üvz) J”l—~4›Å“áø[/ ü÷pzÄ‹^Jm̆$øýqÿz<Í£Ùçï®èD“¡»,¾ŽFñ"‰×y Ç“‘I!½UråÅIK»;f9ÿô–+@[3ᕘi%Ð/sL´¦hçqÁ°àŒ^ -oá}iv¢Mé%©SX(^ЊSDÖBÐ3±„Æ’QæÄ2*°^@ÀH4­ï³½rX¦‡]öPWG7å¡vÇþØèbævÝ9f\6Ý °&ºi;Ïn³}öfÕ›˜ÿÇöŸ“Ü@¬³|Â4¦¡Pm+ ¼$«—ˆDVš’¿B¶I¯0…ìb -UÈÄæpb®(*6yýû¬“ðû<ý‘Õ.ã:?Ø*ÂýAùø´Ïïîk‹‚Hh,À¹²6p‹M>áü€bc}ã”NÞ1̪„b¥\5•ã³È6ëª.Ë¢abF]dúnžåEñÔ02V±Xª5 i㦲~ªª2Í×uVá·üÁ¶Æ¿°+hMýßÿ׳Óxˆ™Rô²ÓH¬¨îHÊÎê—ÌÛñ5õ?Zo¢endstream +xÚ¥S]oÚ0}ϯðÛ‚´x×_‰½·£ª€‘LÚDy€¶ÑéHPÕýúÙ1¤aÐíaÊ‹ûqÎ=÷˜ ÐAR``Š£@q,€”n@:6rÈ1Ç;%yݬ~â|øäS¤°ò©’ûN/‰AJ‚’Í g³h2ëyT€âž'NQÜó_™3!Üþ¸;žŽæáìów[tÂÉÐ^⯣Q'Ññ:Âáx2Ò)¤·Lnœ(iiwG#À çŸÎb h£'¼q3%zÖÀD)Š¶ ÎØéOáÄΗ¶a'Ú”^“J0‰…¤Á­8E„`%=K(ì3ʬXZÖóh‰¦õc¶·CËô°Ívuuq]j{ìµ.znÛcÆý¦; VD5mçÙ}¶ÏviV½©€>ðlÿ5ÉÄ:Ë'LaÙ¶2À ²ü‘ÀRQòWÈ6éSø]L!° ˜8ÃN´§(wµÛ˜ƒß©ËØçXI½Ì¦ê½­™­…- +‹u^ÿ:ë$ÜÁ>OdµÍ¸Í¦ŠpwP>½ìó‡ÇÚ  h p.MìbS‹OxߣX[_;¥“w§ s…*¡@ª#WmMiùÄÙzUÕåSY4L4Áð£Lßͳ¼(^FÚ*KCµÔmìTÆOUU¦ùªÎ*ü–?˜ÀÆøWv­©ÿû}½:˜II¯;%ÕÂI™YäÅëoâ%õßY<›endstream endobj -1327 0 obj << +1336 0 obj << /Type /Page -/Contents 1328 0 R -/Resources 1326 0 R +/Contents 1337 0 R +/Resources 1335 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1335 0 R +/Parent 1283 0 R >> endobj -1329 0 obj << -/D [1327 0 R /XYZ 85.0394 794.5015 null] +1338 0 obj << +/D [1336 0 R /XYZ 85.0394 794.5015 null] >> endobj 586 0 obj << -/D [1327 0 R /XYZ 85.0394 769.5949 null] +/D [1336 0 R /XYZ 85.0394 769.5949 null] >> endobj -1330 0 obj << -/D [1327 0 R /XYZ 85.0394 752.4085 null] +1339 0 obj << +/D [1336 0 R /XYZ 85.0394 752.4085 null] >> endobj -1331 0 obj << -/D [1327 0 R /XYZ 85.0394 717.7086 null] +1340 0 obj << +/D [1336 0 R /XYZ 85.0394 717.7086 null] >> endobj -1332 0 obj << -/D [1327 0 R /XYZ 85.0394 717.7086 null] +1341 0 obj << +/D [1336 0 R /XYZ 85.0394 717.7086 null] >> endobj -1333 0 obj << -/D [1327 0 R /XYZ 85.0394 717.7086 null] +1342 0 obj << +/D [1336 0 R /XYZ 85.0394 717.7086 null] >> endobj -1334 0 obj << -/D [1327 0 R /XYZ 85.0394 717.7086 null] +1343 0 obj << +/D [1336 0 R /XYZ 85.0394 717.7086 null] >> endobj -1326 0 obj << +1335 0 obj << /Font << /F62 634 0 R /F42 597 0 R /F43 600 0 R /F56 618 0 R /F14 608 0 R >> /ProcSet [ /PDF /Text ] >> endobj -875 0 obj +876 0 obj [590 0 R /Fit] endobj -1336 0 obj << +1344 0 obj << /Type /Encoding /Differences [ 0 /.notdef 1/dotaccent/fi/fl/fraction/hungarumlaut/Lslash/lslash/ogonek/ring 10/.notdef 11/breve/minus 13/.notdef 14/Zcaron/zcaron/caron/dotlessi/dotlessj/ff/ffi/ffl/notequal/infinity/lessequal/greaterequal/partialdiff/summation/product/pi/grave/quotesingle/space/exclam/quotedbl/numbersign/dollar/percent/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/asciicircum/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde 127/.notdef 128/Euro/integral/quotesinglbase/florin/quotedblbase/ellipsis/dagger/daggerdbl/circumflex/perthousand/Scaron/guilsinglleft/OE/Omega/radical/approxequal 144/.notdef 147/quotedblleft/quotedblright/bullet/endash/emdash/tilde/trademark/scaron/guilsinglright/oe/Delta/lozenge/Ydieresis 160/.notdef 161/exclamdown/cent/sterling/currency/yen/brokenbar/section/dieresis/copyright/ordfeminine/guillemotleft/logicalnot/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior/ordmasculine/guillemotright/onequarter/onehalf/threequarters/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis] >> endobj -1180 0 obj << +1189 0 obj << /Length1 1628 /Length2 8040 /Length3 532 @@ -5271,7 +5324,7 @@ endobj stream xÚíte\Ôí¶6Ò ˆtÃÐÝÝÝÝ¡Ä0 00Ì ÝÝÝÝ’‚R"‚´t ÒÈ‹>ïÞûüž³?³?½¿w¾Ìÿ^×Z׺î7¶‡Œ5Ü ¬‡¹rðpr‹ t´P(ÐWç…C­fL9g0ЇÉ]Á¢#°5@ ðòxDDD0rp'/gˆ­+€ù‘ƒ…ý_–ß.+¯ ‘.[€ññà …;9‚a®ÿã@=0àjØ@ `€œ–¶‰Š¦€YIÓ †P€¶›¨C@`˜ ˜`w@ÿ:@p˜5ä÷Õ\8¹d\@€‹y {‚ÀN¿!v€ØÙââòø €¸l0×ǸÂêfý[À£ÝþG“3üÑÃñ{$Ó†»¸º€œ!N®€Ç¬ÚòŠétµºþÎíy„p›GOk8Èí÷•þ`4¨+s¸‚=]粬!.NP ×cîG2'gÈn.˜í¿°œÁ¶@gk(ØÅå‘æ‘ûwuþuOÀ¹=ÐÉ êõ'þÇëŸ ®.`¨ '&ïcNëcn[ “ë÷¨¨Àlàî¿ìÖnNÿÀÜÁÎ -Äü{fXE­á0¨ÀlƒÉ¥ w}L `þŸu™ó?×äÿ@‹ÿ# þ´÷×Ü¿÷è¿,ñÿvŸÿN­è…jÁ‚ÿxcê€ßÌs:B ^ÿÎýïžFà¿4þ;Wàc!d`¶Íàáäæù €¸(B<ÁÖÚWÀ}¬Ô»Ìì …ÀÀýSL7÷ß0};Èö»ôA`˜õßå?6éx.=me#¶ÿöªrèA§Ë‚GPè¯íÇ9pÕ÷rþo:# ¸õ?¿ùdeáž^7Ïãú=*áðû7¹ÿñüë¬tu†x^psr?Fr~ÿsÿÎýOÀìo4 +Äü{fXE­á0¨ÀlƒÉ¥ w}L `þŸu™ó?×äÿ@‹ÿ# þ´÷×Ü¿÷è¿,ñÿvŸÿN­è…jÁ‚ÿxcê€ßÌs:B ^ÿÎýïžFà¿4þ;Wàc!d`¶Íàáäæù €¸(B<ÁÖÚWÀ}¬Ô»Ìì …ÀÀýSL7÷ß0};Èö»ôA`˜õßå?6éx.] e-E¶ÿöªrèA§Ë‚GPè¯íÇ9pÕ÷rþo:# ¸õ?¿ùdeáž^7Ïãú=*áðû7¹ÿñüë¬tu†x^psr?Fr~ÿsÿÎýOÀìo4 0Üú÷äè¹aÖÃöOÃoäæìüØã?ûÿxýœÿŒ=ì a.ÌÁAb¡ö™9Y® Ä£ò/z{xÂœ*Þè—ÖÁ»2#×Dj,ïêÃ8›ÇEµyÍî;Ýoª²n öA™ºÓÁß‹(üèX>ã.3v±ms™W`gÅúϨ¯"› rn­êèš—ß¡RŽwð9£_²Ò¹Ð_8=óe4%v>oFÀk(Ù?`LÙ½¼`êú4ð±ûåÃ&9[~ƒ˜;26cLà«|r)Sƒj…×Íl(ßÛ b¬Å7ÎßÊçÏVð™h9Žù,¢I‚°RÊ• e®äß·RÆ%=²ìÙ êt›œ(†Ì%³LÇî)®Ž>1Ù¥‘„µ…^Ñ2¼éˆO£Ý %õ‰>•pjÕr{2–ÂwÍ<–g¬™-j—!3cäáakIè,AŒ$ÁLˆÇÆ‹J¯³nöùU»Ïm›Þ‰D3 @@ -5294,35 +5347,78 @@ $O t‡Í=žÝbóÆÃwî6ß"£“˵?”JËOP2RÐ oQo+†â1)©w†¦ÜèådîI½ÈZ¿VÍ­(e÷åû È"QÔüFØs(úF$'‘qL ®/¶!õÔ ¤HvkÖ‰Œh¼È‰¬ê؉á¶o?Ùa:Šÿ±qêcŒ° gã!_QÇ~ÏWê¡1üaœ¯UÝGmã§Yñmn%ìRãr9÷¬ß0qˆ5†/‚E…(êÚ“†,W‚˜$Ù½ï¶åçLxËÎÔ|ú奕£w†Z|ÂV€ãž÷,éOd ÞyŠGÝ ŽÎ¨Ý3lÍ4©¿Î\×T2Zª½Ag—.7Ù#ÏPæï™v¼eŦQLÞ»±Oþ¼Ô\’ ¬ÿĵJÅñ¾(š3Ç].Å*,MÎ>ÛBx(ÃSÃó|D³uû‚Þ¡ï†{:Ò‘Á¨2G9¡Cê{É•<|?ÒK áéá@F)Ø,êw÷ó?È ¸¢Ëa„Çh%Ù±o^Œñ{‹6™Ý @¥-«ä%Å~jÉwXjz1îi´·î¬%uÕ3^¿±g¸`d+ÎK[ŽDe—„]âò†YèÖýÇ?Ï>£³HjË,èkѸÍhÔ8Š” ™v_Å [ªJÖ®²9m=·âú?\‹k>¼à¬‡¤*³Ñ³ž,Y ê<‹ý¹uÓ Z/ZV$S·é#ƒmNOš¨5M@¿§rãÝ0Hõ7¬&7[àçŽAØñêOõƧÈêÚ5±pE6~d»Ž^.x¨T1¬µ¤$£Í7¿ÿ4òÆêüj§‹G1¬èípoóÌ3³QýÐZ:œNÍÆéç,0½‹Š‡Zg‹ðâ£à)‹Q©¯³‹X""œÛÆ0ÏÁ¾äBvFA‚)Y9(ÎYÖý…ì¬S…|¸Ôü¾“qbæÇN.LÔX§…_ï‚¿œ%%½¥åŒìé|°D>W²7}C–Í#—ZR¸­$º`bÛGο…a¿9gÝS%\”Á/œîñhC|?s§ Ø…šg¯ÎÙÈ)ª¬m}ÐvÖËk†Ÿ.bÉ&O üõí+uqfº`Îa‡„°£â,I§ã¯½/‘˜÷ÇÝ›Á¤'P6ߢH‚Ú?÷›½šÙ¹˜Žà9¦ŠmHr7:pMRYŸ#£ 'æW¥¿ðKCß|-¡mWÝ躖nᲶË0–«ÞÐ3äÛÙ=j’¸Ë-,n–³e±€¢üb½iÙ;‘˜Hâ°l<)žL.ßÐYÖÿ°Ú·)wL=(‚Œ£± L|)=å'ÀÆ-Å@²öò¾µ<ÃNrä³6îµEôʃ3±d¶kÓ»¬ÿ‹%ôµøü·(kD~ô(¬_yñ‡Í; ¯åä²fùOî{&*‰äyÒ¯9ÛB±T¨d>è.òY[a-³ZyÏ•px9ÝØÜ>穾„»*|,4°ç Žð=Ï añŽ©{ZwLVqžCÅo, H;ç_7Gg[åGx d½DŽ…*~ÂJSÛ/ *ûÎÔF‹µëújQ‹jw Ý]_-Òq;Œ,1t³õ2ߥÆíËòê{:Ö§Ùo$<×ð¬žôôJ©Àëóüλì„b›F=ÍçåcT”u;ÐuË›÷#³»Z1q“ÒYÖgHŠ^fiyv|‰¢,PkŠA±¢FH£s^…EËRôƇnQWEÛt%Ú·y3™{æÈŒõFbKã<%Æ)â"-L+{墒zS'“#é²ÊòZÃ+•÷U­Á׎#Ç©ÃCcæHŸ,êä;÷=íÏô .óYäg:¯jÔn¹¶Æô×êS:c¤¬UºW¹Þ/Ëf¹ŠšcO¥ÛøŒM¯lD‰Á¦9²ú:­ÈùÈßÛ˜ìÑËr6½õx§ç±2ú]úS¹‘ p7O¼,j1îöÐËÚ{ž$ªS7O–xYŽróæs÷â»ì(è˜Ýš‹ÏD‚@§­Y#žC²L%¯íáž›1A•Ã¸©3¾~M+ÖAîDí>¤¶¯cãµã-Nˆ¥”ûÚÔß ÄÖtzâ"¹tãØ'>(˜“”hSðÕœM]ˆÎÛ…0ìŽ ñâSPÓKD³—dOj nÌó®|KHtÞ‘Ñ+㢟S'÷@6„iõ“¨C,÷ág3B½žpÖáΡÄêφÖÑn‰Ü;ɦc“ _7T,Q1çTiHøBÕWL8­¡¾  ,œ²£.±ß u2†)¶=–Oš ¹ÿêÚ´­Ùê², Aq¨¿râ^T!1í¢ëç2)áN\§‹¬‚)æÄËR…Ëbž÷ž6Cb5ü´çêÞ›Ô;ð¶¹mH“üÅL¸^Ȭü¤Ý¸Ê {>«m@Ë›ðzéN‹›´×»ÔÌÃBÿ]¬—š@)õp[jÊâá…6붡²BSHQøר.öØ«N÷Ž`ðG¿§zŽ^n)?ìû±«892ÉÿxÈÌÄ÷Ù%¼­Ø3ÕÎZJðô]\ÿ^¸Äé„SXA㣅¸r}[(â0Ò@¥elöÉmi¶ö­EWÕ9úQѲ´ˆC¶Û¯µAñ=°g>MF{Q’= †*Ëk¨+™×Øõµk¤i@ïħÕW:x<›ó"Í}<=<²šC½Q¤4Æð÷i©UµSöA-ÒiMÛk×qnñÔÆèO“¦R<)D¾€÷/ÇT#î¡ÍM© Æ$ÖžåÔ3³Ð¿Á¢\ç{Uª÷Þ<UW=ˆ$®&<ƒªZ€0óØÒgÒR*¹ÉÒO¦1‘'£ùŽŠj*5wË-·‰ûùT j4ÝióÍu``òh߯µ“K…ݻʔÑk‡‡A›”ôÈÔDôìtk¯ö2ÅÛö÷ú—¨§$ÌöZ¥ï@Î^ùÝêõ^E~§”Üúí¨u4߉<*ôŽ±§¸KJßùy/žn•C*}…ÃåLgI£J·8jŽ[“Þ³ ”ØT7%JÈOïä,Á!ØžÈ+ÌÁ¯f—ÉȘs‡h`Úq¢O”1£<ƒ3(©dØOfBOŸ º'"p=Q£B¿âäpJ}ÝØü™ŸZ®¤!p{òëÈa}÷qÑ¥³äƒ£DKXôžòxÇ(žÏÑã ©¨“{ÏçÉšj¿dqX·ã·ŸP¦Üv£ä£Ï€³i¬¾AÕ;³@øyŠ*œoLœOœÕøë…ú¾›ºxOÛÝËc -@YšUʳªø;žBiäMÖð.•\rž;ùU´¾Rø'î…ç)眄š˜ …@ƒi/_ A®ÉéÙêr«0áFx<×Er;¾zÇ´UÏšøSÂö²Ù„.¥mô÷Œhâæ¨É2Ø’ç/{I;õŠjÑm÷¬ -*s"}Y ;Ò‰¢ú{YÌÝÇí]p¶Òݯ€Ž¶Xo³êÙ}U¹ôZø: hÁ‚)8f÷EµÔëÛDäµsüð¢ qTMŠ:ù‘ɸX!±l®ûÔ”Ëû ΄,ñº17ýbŸgûŸ&fܽ×Y'jeAt ]ôÛïwV^þ%ÑåµÛR¼”tμ‡Ël¥¿é˜¦j¹„‚øϸ3èm>YjŸÖCƒÕ¸ÄžÄÈÊjbÆn“ªŒUý©?ô‹ïðu«ÈÃWøìý#ë,M€¾ߥJBQlŽ‰âXè-ebtxÃ]€s<—ÿ¢:XÝQ…¸w¶²-N;N¾?Vl¤‘vG‰…,Å%ë9êçöË'bìη9|1.…±!]¹¶DšÏó=RԌݬ¤Iˆg‰=Åh_ìŸ5rÿ/˜ÿŸàÿ  tv…;0ÿAõ¨endstream +*s"}Y ;Ò‰¢ú{YÌÝÇí]p¶Òݯ€Ž¶Xo³êÙ}U¹ôZø: hÁ‚)8f÷EµÔëÛDäµsüð¢ qTMŠ:ù‘ɸX!±l®ûÔ”Ëû ΄,ñº17ýbŸgûŸ&fܽ×Y'jeAt ]ôÛïwV^þ%ÑåµÛR¼”tμ‡Ël¥¿é˜¦j¹„‚øϸ3èm>YjŸÖCƒÕ¸ÄžÄÈÊjbÆn“ªŒUý©?ô‹ïðu«ÈÃWøìý#ë,M€¾ߥJBQlŽ‰âXè-ebtxÃ]€s<—ÿ¢:XÝQ…¸w¶²-N;N¾?Vl¤‘vG‰…,Å%ë9êçöË'bìη9|1.…±!]¹¶DšÏó=RԌݬ¤Iˆg‰=Åh_ìŸ5rÿ/˜ÿŸàÿ  tv…;0ÿdõ©endstream endobj -1181 0 obj << +1190 0 obj << /Type /Font /Subtype /Type1 -/Encoding 1336 0 R +/Encoding 1344 0 R /FirstChar 67 /LastChar 85 -/Widths 1337 0 R -/BaseFont /SPHEIW+URWPalladioL-Bold-Slant_167 -/FontDescriptor 1179 0 R +/Widths 1345 0 R +/BaseFont /RMHUOF+URWPalladioL-Bold-Slant_167 +/FontDescriptor 1188 0 R >> endobj -1179 0 obj << +1188 0 obj << /Ascent 708 /CapHeight 672 /Descent -266 -/FontName /SPHEIW+URWPalladioL-Bold-Slant_167 +/FontName /RMHUOF+URWPalladioL-Bold-Slant_167 /ItalicAngle -9 /StemV 123 /XHeight 471 /FontBBox [-152 -301 1000 935] /Flags 4 /CharSet (/C/D/E/H/I/O/R/S/T/U) -/FontFile 1180 0 R +/FontFile 1189 0 R >> endobj -1337 0 obj +1345 0 obj [722 833 611 0 0 833 389 0 0 0 0 0 833 0 0 722 611 667 778 ] endobj -979 0 obj << +1156 0 obj << +/Length1 771 +/Length2 1151 +/Length3 532 +/Length 1711 +/Filter /FlateDecode +>> +stream +xÚíRkTבª¡¬òRIÕzX¹yL4„„0åý”˜™)É &4€ˆ*©Ê²ˆE—o‡kDÓ‘È¿Úoµÿ=fW2öVðúé§DÙF}{k¯½ÑÖɽr_ĬòáÄä—ÊÛÛÞSØ~×´ØœÞäñàGקw2ÏYׯ¾ñ«è#…3koÞxù87mcg¿ÉæKØu¨„–T~zõ$ú¿wŠ®LÜÆ«qSÍ¥ù‰ûž:¾2ÑÛn÷¤Ý²-Ê¥V×K}^Ìá¸k4hÚbSl™ 4B8{¡çµèŠR`ñ¾Ki¬oKs˜ô—ÙƒÝî‚A—Òw{$ù9%!1’¨ÑG+äµ T>Á5tK¤¡-¾Uí‹](07¬ÍwHkèâúCéM{ëRÆ_2~]²c擤çÏûž½6Ð[Èõ.ÎÇgÄxxí÷ËtóvïàЭ¯~ft‰“)¿¸KŠüBúlVÚÕÿöÈn“‚XÁõ<§G>s5qi÷„ãê½ÿ’Æ{|ÝlÜ(ÖZâ.bT=üùb«a?79( ¡/åLäMKuç«ë +f&›ƒ‚ª—4ÏÆ{ýç»ø:.ôžk'J4GåNÓ…mÑ}åÙlÞÄø¢cBÏ=/¼‡~(‰26ö\”k=´yAÚNÖýÈåz¯_¬Î…ե躼êN¿Ÿ·l/™Í\»7íXmXí6µî‘`Ξ£‚†‡UEöÙ'¢æïåD¨w Ûøt¹{;cýåºG¤]Qøóªçw¦µ #0óñq}&÷ÌGëyÞ‰©¯z|¯;X£ßµñÁ£›+m_OÚ ô +èéâOKr_oí ÖØØ‹›;LØÝ£¥·¿ïGƒ›Ï´×¸úÄ~µÔ·•^þ?c«Ö2¹öŠH=GçQh90Á€[ªÔuN ØÉ|É_–êfr6J¿•> endobj +1155 0 obj << +/Ascent 694 +/CapHeight 683 +/Descent -194 +/FontName /ZZWIVJ+CMMI10 +/ItalicAngle -14.04 +/StemV 72 +/XHeight 431 +/FontBBox [-32 -250 1048 750] +/Flags 4 +/CharSet (/less/greater) +/FontFile 1156 0 R +>> endobj +1347 0 obj +[778 0 778 ] +endobj +1346 0 obj << +/Type /Encoding +/Differences [ 0 /.notdef 60/less 61/.notdef 62/greater 63/.notdef] +>> endobj +976 0 obj << /Length1 1608 /Length2 6751 /Length3 532 @@ -5335,7 +5431,7 @@ x  €RRRD줓; fgp™™róòòýËó;`ãþÈÍI4Ìà¸ùp‘NŽPæâ|…0öP€- ¨è<ÖÒÓpiè™4 (Ê0p¶ÃÀŠ@C¹¶Hþ—#ØïÖÐ7XJh€5íÃnŽAÝÀP§ß!>€åC£o¾04ÀeÀÜ̃À`¸3ä7¿-ò!'ò&Ãñ&vf€DcÐ`Ì ¸©j ªþOŒ½5æwm4ì& @ÚÞdB`çß-ý‰ÝÀÜD1Ö0€ºa~ײ 0´ÜÚý¦ö ˜ ö‡†3†°û> -jg‚À¡hô Ì öïéü«OÀëÞÚÉ îþç4òOÖ?9À0h(ÜV€(|SŒ¹©mC þ^-„-úËqvúGÌŠú3 ®ß;Ã}C‚DÀݨ-‘ sSÀõ?SYà?'ò@âÿˆÀÿyÿwâþ]£ÿv‰ÿ·÷ùïÐêÎp¸žµãÍüõÀn^4@ðûù¿r­ap÷“ý÷DSè_ ÿˆÆúf J»)„„þrÂÐê07(ĆÛl­á73úã7A@ (8 ½ÑòÏü@1±¿ÅŒíaàçˆßC—ú‚" g~#ÏÞ‚jJ:ZÚ¼MÿdܨŽ1vwº!ö_}è"!ÿ4~c(+#Ýžü@ ¿ˆÄÍeH‰Jyý›z€€ÿ²u­1(˜àÉMÓBÀ?­ÿ×ÿ_–åß`Ô`$ä÷ž€0ÖÈÍjýÓñ; vF¡nýsÛoZþ‡ýgÉ¡P7(˜hf – tHLI”ѾëP}ÒÞ +jg‚À¡hô Ì öïéü«OÀëÞÚÉ îþç4òOÖ?9À0h(ÜV€(|SŒ¹©mC þ^-„-úËqvúGÌŠú3 ®ß;Ã}C‚DÀݨ-‘ sSÀõ?SYà?'ò@âÿˆÀÿyÿwâþ]£ÿv‰ÿ·÷ùïÐêÎp¸žµãÍüõÀn^4@ðûù¿r­ap÷“ý÷DSè_ ÿˆÆúf J»)„„þrÂÐê07(ĆÛl­á73úã7A@ (8 ½ÑòÏü@1±¿ÅŒíaàçˆßC—ú‚" g~#ÏÞ‚fº:†Æª¼MÿdܨŽ1vwº!ö_}è"!ÿ4~c(+#Ýžü@ ¿ˆÄÍeH‰Jyý›z€€ÿ²u­1(˜àÉMÓBÀ?­ÿ×ÿ_–åß`Ô`$ä÷ž€0ÖÈÍjýÓñ; vF¡nýsÛoZþ‡ýgÉ¡P7(˜hf – tHLI”ѾëP}ÒÞ Äé rÊ­4~Ÿå[‚lñI ]’*|vQ$P5(}Uï>±åt¹ªÍ³ÖÓJçlI€îf2x±q·eÝçø(Á»æ/h•Kš´mé¹7®³ˆk..ôhí뀡‘UÎãàGÁÞOn_6—,_ª'Nw¼Áo+¢©É«°(ʲ·¶9b¿ý<áììíîúÔrp»m•ž7=š]Æ—”#Â÷E:½‚¹I¡ç+›`lgI\kp› —ÈüôMõ¢À|ƒ°²<ë¹]­Aùù{jž[}ùŽù¡ÕMÿ“—hÈì‡x@Ã,ýÊùÛxÛ¤ «?l?G)xGµkiïú.Ï{hæÓ×ïh .—‰&nõ}~ž*Õ•w¸’Ž÷±ÌzH Ã7[àl¸öõÛ‡Õr¥„1TÐ6® ¢~ œ…›±Ø§Ï«Fc³}m½}ä®V‡6Gr\> "KªYIó½1Ÿ·²Ÿ÷9Qg††1„K¬”(æ33óÞ5±§Kí9uæêMæŶ¯’–÷O÷‘™÷Å㣛RðsZ1ÆŒ^&}ÐùQ íívRæXnúv†e ^êÛ¤J³T×_+'wßsšßÚ&ŽŸjUH§¹ÿ0Ä~QzNÂí#(êyžJéêAB¢]±\ꞚǼû¼Å‰#¢»WwÀnãa`a%th¶0R2Äüýsh{ŒV-ý"þ¬¶ø£1Ffz÷¾î.;M|Jþ­å´òÿ·ÊÆoNz5˜zó£À¤hÝ¢û(fbaUáž©ŒZC5…°ŸXÙžQÀ]ùþ錬˜IÙ‹0b®“øtî"Ý/n9¡21¨AÑ Š<ž…Öš¥•8"•pÂÈ¡–O·Uëõ‹.Ó<–’‡ÁêSFA× Gß÷mŒvÓù pÊžUÅ]¦a%2]½·¾Ú›ZMo„âF½cÈÙ—Gµ¤î>|>dšŒCýIP6³±=˜¬-£þ<\¢D°„l\—åi{)ÚgX$ŸÔx‚M¡ˆÏ`k¹JKzv_OòQйRÖ´Yh9Uz² ¼êˆ°j¹!+òàt€†®K|$îÊçìÐy¨š¨rõî¢ý„ÑŸ3LIÏÊa´ÍÒrÖðG¶šl<ïÓü’v)9²†NÊôÖ0ˆ ³Z¾|ˆØ£Ð w)ƒÄ¡ÓnAzy—_;ÛtYûLlã|î×?£Åë~¸–6|(HÏàþõÄ?ÚèÊŠs4ø‚_¿”ÑR鱢ápÖD|’Xnó.}­ŒdŽÎõ”fF5¤÷%"62;0}ÛfPËOÏM¤€)%j‚éý±Á:*3_¦ÆŒßœ=9y°ÿ“–¦eÍø!Fdtz(dtC•2۳ܜUاuÔøÙÞ•F}¸â\bù°z[`”ÉàcY쯧‚ÚW.‘ª‘vé_§;6Csg>ª"žƒ×p걞̖3Ôu™ä²Ûر~"Ÿ\VþJÀj0ºÚ@_"PºV‘.p¤`G´”Â#pñú”e+üjmË]'ïà|ë¢~bĵ4ª<3¯ñœŒ|ˉeï2g÷s#ZNe*bÝpÈÖ[*B‰Ç.yXì¼qH8›­¸<Ò™Áà[иXYV†kàŒOëÒ{Êð¥=0=yÐl2¬>Õð °€–çõ[âr(33Rθ-W|hµš½˜úÃM @@ -5358,145 +5454,111 @@ Z ãFaàÁHœ1a™ŒƒÍ°.Ç®üØí*¹Ô0y‰FÝ Ï6Ý_Uô]#ó±ä ŠŽt39‡nßh˜ã ÀÑ0½1¢| =FL§d’æsÙ_Ù£“-"¦‹Ï*³8/©h…—¨ÃçäLrÏ¢·rb¥{›±\&®¼ jÌ I_¾l‰Ï¯ÔB² 2Ýݪ'Þô\E–j“Ðò͈?Kåd—¡·–Î#·È÷!t%)G¬”–Ò¼çF–ß?ϸˆ¼'ùY3{Ä&v(£ÑÅòÌïPA¨¦,‹vä@)!~®RìõôÉ7ЙF®è”{¸ûäº2™ vFéä9"¹nqx§Ä 4þ5;G\tHê!2ìM)­Ä‚E,vµæ-ô¿üý€ÿ'Àp¨5 -ƒt´F='ú?ö-žKendstream +ƒt´F='ú?=Œžyendstream endobj -980 0 obj << +977 0 obj << /Type /Font /Subtype /Type1 -/Encoding 1336 0 R +/Encoding 1344 0 R /FirstChar 36 /LastChar 121 -/Widths 1338 0 R -/BaseFont /GEALIJ+NimbusSanL-Bold -/FontDescriptor 978 0 R +/Widths 1348 0 R +/BaseFont /XMLQTD+NimbusSanL-Bold +/FontDescriptor 975 0 R >> endobj -978 0 obj << +975 0 obj << /Ascent 722 /CapHeight 722 /Descent -217 -/FontName /GEALIJ+NimbusSanL-Bold +/FontName /XMLQTD+NimbusSanL-Bold /ItalicAngle 0 /StemV 141 /XHeight 532 /FontBBox [-173 -307 1003 949] /Flags 4 /CharSet (/dollar/hyphen/C/D/E/G/I/L/N/O/R/U/a/c/d/e/f/g/i/l/n/o/p/q/r/s/t/u/y) -/FontFile 979 0 R +/FontFile 976 0 R >> endobj -1338 0 obj +1348 0 obj [556 0 0 0 0 0 0 0 0 333 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 722 722 667 0 778 0 278 0 0 611 0 722 778 0 0 722 0 0 722 0 0 0 0 0 0 0 0 0 0 0 556 0 556 611 556 333 611 0 278 0 0 278 0 611 611 611 611 389 556 333 611 0 0 0 556 ] endobj -847 0 obj << +796 0 obj << /Length1 1166 -/Length2 7568 +/Length2 7700 /Length3 544 -/Length 8381 +/Length 8516 /Filter /FlateDecode >> stream -xÚízU\›Ûömq§Å‚+(îZ(ÅŠ $8Å -îÖâîRÜÝŠ(ZŠC ”â.åÒ½ÿûì{ö9÷é¾ÝßM¾µæ˜ß˜sŽ5ÖÛÇʨ©Ã- v´„ PDLï~ |úW¢#B  ‰€:8z4!. -¿‡­\ pW''Ö† ]V¤Àú¾³ÿ¬ -wtòD@ml]ìzÚ\\OþŽð‰ŠŠ,=ÿB -$Ôx|¿pƒÀ~Wº§P‚À!ˆû¦Á¿s5­AŠ`¨Ëïqì¶..Nb¼¼NÖ È}Œi͇¸ðrÜ7ªË;:ü&@âþÖLŠ€XÝåÉûOÝìáŽîpïÿ[Cáà?F»:ñêÁ¡Î®ç -ÿ“|Âý;fqù¢@~Äñ°²åý]R×Ó òÈ÷; ‚ƒ}¼Ö ⵆÜ?p½‘ 7Àá -ññþßßáòñÀP+€%Äæþþf¿C¬ÿÜ«\PÀK Èþþÿkez `G8ÌóïtuÀ«¯*§¢®ÅõÏÙÿ•%'çxOÉÍ',àæ¼wÊ=£¨àÓ2þK‹¿tø#ª ‚þOŸÀ¿)ŸÃ­¢Žs¯ã_#¹AÈ{oØÿ°1àßùÕ] VûßÖ1 -ï]sÿàû¯–ú7ü¿ëŸ5ž¹Â`¨Âþ§€{=UÀoE` Ĥƒ 0ÏÿòÂ? ºÿÿÀó܃ZÉÂm`ÿ’ Š|õ€€5¡.V¶Úå/•ÁÜCˆ¦#úû&¸ùùþéÚB­ìá$òþ,þ€ pð?J*­ÁP¸ @ÇåÞ• ø_ß°•+q/Ïtÿî_{kè}ƒˆÄ -w~ÆÑJüµÝ‡×­U²4îÜ›cO{„ôÎî\p#a(ë<¨Ýê”öÅ4Ù§"‰é -šÃ¶R/ÑÔÐPBbh#…ÝíEåÚx°ˆI‚‰Q•C©wyj$ÔÅð°ÙÇ=Ô±”É™ÛòžýÊûŒ¥gF¬Rò£Ä:!Žd~tÆß·œ50ièKsËq4¶f8Dɯ÷4”a¾Zb˜SCí -@»À7Éx*õ—l*Æxõ»ç$åmÄÓ3½r‚~S!J¸.,iŒŠ…ÅÚG;ø¯lKZ¬¯ª†œrUžš:-<éË„×ÏÚ~¯‹˜oå²÷%ÂŒï+Š´ÅCÄ,S%­7 VH0“"ü/:æúñdõ´l¨2ÔÚ”OOkžÑ÷¨¸‘>_©QÓë ×F™3LÀÉ›l´¨WuÎõÚŽ dc×{¾j‡Cëš}Ú$<<® åß5‰r:x °¶ ø'Ç|î†Ô0ˆ“jj?sSª\ Ow“®ØhF §‰èÙî½ì0Ôíö8\Q2±Ø’úüTñqø&/_]4ç –@”·¯ÎÔ[Þúxù¶’-_å³-ËÜ.CYK.$çɨ›ž8úó|,—„±„NãCž8ï”e.¡^´‰+úÌ×¢ÇIjCïðK׆°€ É%oÚÈ ®3R \2dßÜD}'ä{Ÿ&x¡¢ôWiW Þz7òL -Ÿw?P®œÓ3ñbO©µtª•‰•R"½ …zK¶Mç”|²²z”®¢æbÓÀ^:*ÌÑ)ª!v×¥^x4ÆðÔ\ý¯ ³[¹i½ZJ¬ïÐÄð ©žñVóàãœëÇ  =£›çf¶=Vtg@ù4I,Ô¬}®.ôéEkÚBÎ>¨<>§I®8Ô›jßhC&˜¶)#tðÍåm†ßÛSõ—]sÔæ­NÐ@M?Û¬ëK*¼ò@Ö‚ã•ü—­J{¢ÖþôOæéá+k›¿|Yß^JJ©ó§}cšP«xµ¦_dâåËÅ~{sR˜ƒýÑ| ?SÔÅåŽøëÔu‚9¼ç?žºø»i÷äŽl¨ÝŠt9U’Ížö¢õç¹2úŠOBZ\$jIw¼šŽ|M’gVy˜ çŽõ¸›Gõé¥B†ÃÌEæ„EÇß‹ÝîWd^JøÏ_ã=Åîþæ…¨g!ÚyÍÛg8è>u¥ühO²/áz8hËïb.ï®Â&f‚‚1¼OŒx‘³¨r|T@æqîP$‰‘*-Ú ^Æ¡1ç]Åûо$£$"…‹íÇÆ›‹ÙJ»‚òEXé×>=û5à.*省iV¯¨É•ªëÛmrÐ3{¡µ’Ü׺œ0™ÏúúÔ¼·.t!îu›¹ -%;³}«Õ!ù˜R"ÑãMä“´Þ¥O,7-32ŠGbG#á–ôüΖX‚C]´ŒÖ#iý?uŒ£ž -Ìxª1”)‘>Æc¢ˆ2¤ ¯ Qž¸õ ©4mO¸6u˜¸9[ØŸTq®@۪РMMØi#r™±§žÉ!ÐrtèõGÓŧvsíõ>8­¡ gGÅP0Ynˆb쟣z]¢xÍ"ÍH´äX<öLfòú"Uγ",,Dø¶ÊúUåÉδæÎt š˜¼:Þuß½‘°¸[®]汎  çÒ0@ˆFÚ<‹ëŒœ^PéxѼ¹²±k°0íî|È–&, &£$ô'ÙfÒ§m2WHéfÜßùVGºH8Ci¦cZW‹/)R#ĵ¤1ôíA›ì:žþ\4wmIεGcØh‚çôÖ8(ôòã|¿DÍp)B:[™LjÔ¡pkTÀFÕUNšÍéü†Î –kP‘U '#Ëz9b„œ/E7[èÛ‹(VÚÅ%ÑH‘R'Gj½ÞXsÇ=io"I&ñ£”8`ÅFјúÏ‹Ö±(Aé3úè:È‚ýÖä†9kévˆØ8Í+{U˜NEsS9¬)ÓUâ•/´›vU`c¦jVb¬+64¡…#ò†å®m§gôXj0F§ÎNÑvÚï«Jí8?|ü Ñl[]טf~@Í­RÐdíyS²øÂç€êÍòc©‡Î¬K“ë(œ¾¶´¯§ôI{ˆ¶w5¼[§ù±å6þ«(Û¿õ—¹Zӹ̂ÝDîmrýÀrÚ¸’¥ÒêbÅħÚT?ÒÁٓǶKJõ¡,´¶øýd'$Þ~ f7Ϫôs¿>æ¿FaßjÃ~ÔU8xži†êzkùØicçÓ„—æk'RkŽ^©=Jæ„kyGmЃ—ó„;Ìà£T/ÕˆÞmàÚÐÁÂ"»­lÍÍ„g$²m«ù4£_ 8 !Ê„c²{_bÉk·j8u»Ö¢UÇ[léÁŸ`¢ÝÀ‚â›,aüJ;Ó€¶0´I–œ(¬PÝ‚4Ù››“+û`°ªùBÎÇòEBm¬`WòÒ;ó¤#j.‡8;PÌbòÚvQC^Må·ðÆC‘îSâÒù2¤ì4:,i;‚¢Çïô59«‡÷|öu\íÆV9‰•/ËKaÓÖ/™N4KŸlæÔ¬zÇ-Œ¤ê´¥”ÂÞÈt꺠ÎÃÈZ?¢Ýó“¸Rr±öäÐ6™§­g¸Š2·UÛ,Õ´’ƒñaz™/¾LÉ"túsŒ]bŒÛìRöœ?(ö‚>1dÑ=›òNóòŒh.* —™uÖ~åÈ“zu“F»åiM·rÞ1úŽ˜~†ÙH ×LYÖ,ù½èJqw.m€f²ÅÞýÙ†o®ÌÐ:#¨ñ×®£eHÍÅä‰Èß™µâ{ï–íHé ¡´èkµ…}ú#4ÍŠfi›š¤V‰«?DÆÙ4kãÏ8aÏ“°¼Ÿ$%¹Z`˜“NtµóŽ}¥/ýJ’{cZ#ÖjÕp¸CEY{ÆÄVd ¿NŠ´Ýß½±U×ë_R'$óÝ™På‚WËL»j¤…Nœ¥PFÍkìGËÜr° öÆØΩäså•3r;é«Çqi¤Ú^¨‹ò]êÓ2s8ÄjÒ0£•/&ßr=&e.û‚¤æ±cwä,4Ÿí>ÆÍ[-çaÝ~¬\yüð ŠV”ì#QÒ›ˆߺ!b’¥µ|‚uf -•0ž²Ü™÷.U:„{&û¤?xJ›ZTHHô\¼2Q¼y¹EÆPÔ‰ãÓþʘ¥éµX²›æ(m -7sïTîT Ò­_2æ%~Ä©kÖÜ3Œ: ZGíÞ•–sœ ±óéš(cœe¬2X.3¹qo"â}-ÂßȃϬò…¸`%v—ºþB’´ªL0Õ†çöõ7¼ /Áó²ª0–ÜçŸiq.ítðÅ…º1w¢s:ÜÍLË »D\h1qYÇÑ‹ ÚÞ4€k¾—!7_S ϘV?“¼#p}í>ãß)BO&´ƒrƒË7Ÿ)¡&Ô&²Ëõåuv/ÑÅÅkéWŒeoG2¤(RôºlÛ¿²Ø2Kn¥*ƒ9Õ Bžõ¼×¶©x¤ŸßUû=œ•p#úŸN&“p÷Iƒ;ï»Dk Cá!aºÝÍ$ŠÞó5Í(BIÉñÏ8¾·ä¨¶Ëy}'œúÊi"º¬Z>‡+Øv®Ç¯‚ÊEM­Ñ±¹EEª¬%ÅŠ†Q¢ UÊÒÒ‹èÓ…^%T‹ç¾Ð¨fýf¨³Œ1ùVGA«@`ÇJ–‹ßÓE T²‡äzR…¨ro-nùŸwódËÍ æ“•¼“Õ-ˆ–÷Œ¼F“TåŒ{*éöFA×r GœWçÐÛ2 ¹xiaq :Oê.« .ì©Ç'2_ÖE,œpRGTÉ%]‹1Ÿ™ä ‘zÏ/Yaz -ʉŸ¸Ã¾ÌܳBÑ'ŒVÞ¥‚½ þ¾øECÉunŠ”|Q!RsÍÅ~bP˜œ¢ÊÁ]UQÿî Ãý^-“@E ÐÉËwÆ%R£1ù³*õͨ”²u)ˉ}šˆÐ"îž²u0”iJ%JÓqc^GÝrTâÅ£YTìo­N½æBµ'¦Àүʶ­®4ïü˜ÔД’Ÿ¡_(ó¥ƒIòœÖüŸú¾[ ‹O³(Áûc3‚á(&™a—`.qÓm·]ðS\ÞÁãlòX'Æ0eSË« ¿µÜúŒE¤›UU˪£¨ãvÇ”AVÍ÷¦ÈS´3ðÕÃAÃYuhƒ^/ÞùÁü˜T—·J5#eÄî†Sfÿº‡LNc#ˆÈ‹öÉ”#§)-ÞcU¬í(†ãd{¿ÿ}Q?L6£jn?4"Уªü•AìioˆÏPˆŒŸQþ[„ÿS~çoqYåÁ«{¦åôxßeoØ[)]i òÑË:qCQ&§%²CRäæa:òpoÞo˜Ù,,¼<]Kœä>§:F´pë¨ •’¤!_{G®U'þ­‡£–£ØÞ3î8ƒbzØÌÚ†Çe²Gf¥ã5vEƒ?{XT±´0l9kE8eqê¯ð^,6ÌmK|ÇfSKyiéqÚšƒ@-zJWó…e^ V‘Ì“ÚÇ™|Ðwè­€Ñ]­Ñ;;=DZ•Ew¥àòv¶|°¡}luô1øQÚ—=¥•jì0÷Ž¯8Ÿ=I2r(IVžÖòDt-r6¹? ¦FsU‡•°¿à! }1óÍ~s÷EÆ·igZxHeÝÕ˜h=šQíì lìÅ£UÌc —ø_Y‘œ,2õ†à¡{]Åé;BÕfX¥­IŠjiªd}ê¹ ‹3A°¼ìLy])qc&#<ýÏ?ªŽ4Û§{i QìœåêøvN~¦ ×EöE6·¤CZLËö6X§xiOt`~炇’˜ hHvqÝ]'t¸+giC… w¤:XËù4˜•y«„}äA›éûäû{m¤äM!èû•»sZk¢6I™œc¬yÈU‚9ÉdÞ«G“y$h³íÔþ–z<2øìJ.‘è}.›vQ‰RÙ<Êc¯Æ#f+-Z%žºFÓ]±ä ®¡nìMçÐŽ–·íÂÓû²Õ$=‚›ètz8 8c"©AöÄJÌ- )Ù±·’^Tr¶«Äb*?†%£Þ¤þ Ó ŽçºûÆ{:ù¶˜¼GxÁ2îêPJõy82ñu¥ýâfÏŧy•t.p«L6lšÝíOUÛ´cÅ”|¢1yïšgÎÌrwÌF£|ÊÕ7çÑ·1¿m7˜M>ßa[Çʼ¢f)ÑU*aþ©‹Nw22ã_xYÞ.Íì¡[ò̓ö}ø>I‹V^úerèó-!‚°Æ.±è«cÞ£¸Í÷(J¹„Y ÀªÏ­m’=Q÷°òöƒ#Ë'Ž~¥¦žÌ†‰tu<§ ÂBȃºr)Šo<¬ÆЬò•¬¨ü³IúÑ*/õþ.µÞ.s{±\%ÆLg__¦n£Š.¼§z˜{sê>»”.µnපÖL›5e Õ!jóÑ\°€ïëØ2´W—¢9dKuÜr×áá!­Ÿm˜iüû™3áîÕò¡ -'ÞÁÝ%·TœnKMõòw-Vקª¯ß‰”s[¶Û½åÕµý9ÜŠÆ2v‡z¸iˆŠ?²úÎQ^îAÿ±Ž»Ç°'îK6.W±¿~ –VöyÚõÓžW vÏ\ÐŒT+obÿ‹õãükžï»ïk“¯áM¡$–^WÑòB`·µñ¼a°ˆ‰Ù鮇/›„·®wʼn§”Üìˤ÷ãe¢kÛÁN¯hc~i5ŸO%àɨ¶žP§¥ -ØF”oýBtM®',ql|J -S&WÑ-‹Qc”É°¯ˆ"㱨¬:¹ïÁ2ØV·l°!r!¼Ô™ÖG§¡d7çâ"Ù1$–õDÇ\[ÓjøQxg]õ^áˆZ=fÑJ¹£ Qð${÷­û"Ýз+ü„VpHÒ‚ûìbäÿÊCÔVpÒz~)oôã\<£vö¥›ŒKwB;€æôöF]®×mHVíà7H°?–ŠÒÿU–ãk¨ -ü•èÚz0B_­,èPÏ?þL@Ê -шèA*aÑaö蹋¢£”<±àOUv;Œxé9¯Ûû¬EïÑè%¢®h”ƒ­gÞ|‡aV 28„Za”äJœŸÞÜ-bëÝÝžAvþ”|#ï³eVCØŒƒ´:dâŸÊZ Ö@©WvŸVnS›ègÍlÙÐ0p»¦^iÍ^¦¢ •]äœïC@¶/œýiì•zZ§>¦8ÑxÔåb*“³íh-ö0Bcåipù¸Nœæ¾ tLç&D•¿iÀ¿‘ª‡[øBttj°t’>®µJy7$áò\+KÒÕn0úƒ$E˜ÏEÿ)V!€¿,¬íÔž?Œ]­×_ëÔ£2Ôëúp—±‰<M0–XÎ ‹ ‘ÿFƒ3®Y“t#%e(Î~¹Ùÿ%xÈ^/^2ª|ŽjƒåZiA¸ªðLÍÝf®”è5ÅÁïj“ö—daEx¦Ò8è5˜ñ^aà÷5DÁ¯TK—EÓ†˜3öíµQ×ÝÒ‹7»Ã¤À7/¿¡ÌdÄ(°mjõvk0× -kEtº›‹bÈ“¥ ·Ä‰O­©c“°JT’Ò× -r“ƒá?ÄwÍÏŠo>ò¯”))A¢t¢åÜõã#k¿Ê銃¿ ¼*ëðÖæëtï sÇ4nÕ•Dê„ÐõoÑ+%¹WZ4^mÔ/¡„IÑo¡¾DwÕ­Ã2Üþ:6[lÎÒcžªÁ¨œ"|Wt—Á7µ¢î”šÂÀaMjL‰"SfB9áY­ %Ï?®æІ3?eÖ&ïøàîìH cá«m‰Œ:2äz阜yñ%‘Á˜àPÀ˜‰;V,L¨×¯~¶B×4ÄõÒ©uÖ.°’úÃѧ™ÖäúYâ‹ï³Ê+r~sÁ€WŽfÛ…â%9:ã™gîÔîG…d~X×b—PåKÚiJ’£«GX>Þ`qN×>Wpœ¶Ô‡=¨k ›EF|1J6S†Z<é¢áÖõ¥ -]ª>úÀ”¤þÛE1Ûyô½Iåjë$aÐDx!}2ŠÍrÇ`úZL’F—­àí¯–0±—t?{G ˆ¦õ^ðª¢Þ¡ P|1; p]cÔ£_¼þ~ÌKÞ~å¹’%^§Èüq„ñ3¸Ä´³Æ…Ï­VÅo£õ‰Áƒ—8H˜-ߥ5ZÛ‘ÎÙš#žü]“n4˜t=‹ “ôÁ[Jï((ñ˜|Õî~úÔ&¶µ=Oèå wx°üOßTû>zÚƘÆñTņÊí‡Ç ÏÎ_„ŒleÏlbqì3ÚXó6ƒ¥p€„f)M_gú"/:'ÃÏguû…Ò™ÂNߟn¡cMrj‘ÉYtœì|1Z:[ÞY[&/@ÞŽ×Q.I|Ûdt#ôÌ ðÇ×ëŒj~}ÿƒÓª1Î^¥Æø@)­++Ãî37hk€¨W¾!2ñçšuuå¢ðœ¶ŠN )±Ï¾^U ¾öyÅË•%€¢~‚À#[‰ÎÍëŠ]D¾ÅÛõg}o+­°ÉEIRÞä=äŒÐF+± Éí£Ï1¾mOiÄBx°¤]gyŸ^E7!¤¤öV*¨,ÇýSÁ†ÌuOw7Ìèë‚;ý6÷2ƒRDza$E%‰¢…9Cv;b¿®çMO=€ï‡wˇíGE¬?´¾&‚°DIPR­oY¹Õÿ)^™6¤eøˆ²Wq„‰Urò-©õ~aAEh³~2ŒNre6b.ã„r*Ÿ¥Ï²ÓL[CÊ®(µô\¾G[†ŒÌ.•t»Ù$e¢X¿&Vì”­ÑZ07ÐgfËvçë脱rºÖ&üÂ\8J/ßô>,N¯aAnÍkØSÇlÔ@1éÛxw{%IÔE³¦/—½LŽàuþE'¡!FÖË0“>Û?Ãì¶/ŽlÆÁsr7Ù8YH•N™ìÒ>ÞðÊ0?©dÂq«ltVª­:ŒÙ¡2o~…/ŒÌû,bÂf6fÝÒK݃T›7Cê7¿½szRÀŸ·cç:àµÞnE"m{ÀŸ76b˜èlŸ— b¿^KÎǃáÐYwïLš¾ ®¢¯Å¬›Ñ«9í&Š¢ƒJ[Îd»—úvIè~ žŽôÏm—m]ŸÔç»~¡ø$¬ØPHËúàjP'­ÅzyoA´º”ìÐX̯è°šÔ¬zQ57BAsk]´¦hk$žÃe|¤¡ÉœWüÒ>š ›.?`ñ¹\'Šó>ºƒ¼zÏd.k³+áµÄt~+ÄÓðêÃqªæ;-ãœø UÒ6¬è¢ŽVE†ìPªÊ³"&=>Æ£l©5QAƳ¬¬4—•ºéT³þå?´3Ø[íÅÌ'Ì>åÚ¨É*OYdSm=~êẖÀ ñ¬€ó²Yj w½ÉxÏ€ÿ`ËË#盬|Lü¿üáþ‚ÿ'¬`ÂÅÑ„°ÇõF@.Žˆß_àþ/>’¤endstream +xÚízUX\[Ö-A‚Cp‡Â*<¸Kî +(¤€ÂÝ!œàÜ î‚kÐ .Á\ƒ\Îéÿtß>Ý÷é¾Ýïîý°×šcî1çkì‡ú¾b¤U×┲r²Ë;AÝ8¹¹@ÂUˆ£…»«–9T™Slãx +ò›c02jCÜÀÿ?20°¹Ä *kîö„kÛºTÌa€$ z)ÌÏý´ñþ•è¨Ã ŽN>u°æ>A²N–îŽ`¨›–»³³l¥ vur‡Y‚]…ÖOýgU€Œ“³7 bcë`ÑÑÔcegçøW„[HH`áý»Bl ¦§…ØÁÉùJO +`(öÔ´Õ¹êÖærV·?ưغ¹9 ÎÖæৗ«5ìd}jTj%ãäø+ÆšÉB``˧¡¼×Íêä õý°5jõçHVîÎ@(ÄÅüJö’ŸBÿŠÙ€Ýü ˆv€½,m”Ôövÿ rÿ6‡Zùû:;9¬Í\ÁþkðÓÃ×ÕÜ pƒ¹ƒý}ÿwàßwÜÜ+ˆ¥Àlót ÿb +ƒ­ÿ±W1wƒA¼o@\ 7ôÇýÏ•ñÓZ9A¼ÿ•®jî µ däåÙÿ>û?³¤¥ž(9¹ùœ]×HQxrþçíй|t§áÈux¶É…Ø£Jj_FÁ—wñ2僬ú[ñª7H*HÏ"(äb=í…¤;¸Pñ Âñ£È¹êEU…±ŽÑX&O@½ä‰1¤i9{2ÞŠG´—Œâ2cøZNDT׆;».jÏ)¨+ +*ÑÕvgY…ˆoC~©):h?Ÿþ, ² ‰LÃTêlšºaV2Äl:¼"¨ìÀ7›™í“Æ朎PÀp«;¶ 0(þ<ÖÉsk[Þn}[3ì\À¯Äkì¼ÈÑ_x×4g»Ó³ð‰Ý>ïyri¬-&,aŸ,u³y¨J”žtÝ9?€)¥£éŒ{¼¥L§×`S93£~IÝ«äAÈ›¼V¯¢ÓõΪ!Δf +JÜj£A¾®Í×|¥Óqª'•¸Ù»¤ùÒØæ¿Ø!êåu ©ÜQÇËï:ê¡î:óL1%ë×ÓˆœªkÊ{(T¯¿ûà!QµÕû©cûëM§¾v×É樂‘ß®ø7^9¦w?€èÜñ ®ïØz|q¾ZÓoMÉ2廊—»†ùCšíàtŽ1äWEè¨nû0i|Q­\®$ßôUv>¤©[êœ0¡³T•áëL¬ +ÃaTÐ{³ã´òÈ"°ûì ø"»dѶ'ŸPÀ”LJï{Äg5—š5ü÷¾-\_&¯z«ç…u“Œ|XÒ,œ$Åï£ ¾â3ùåÖ Fo½Šõb~Ä4 +(ÈGK)›>>ÝQ9Âîw…&…!4£Cw‰fn·Þ§¡À˜9ˆ$Œ¥OÆQ +¬åB?C¿ÒM@'^ष=“ó¤y6ñ_ MóJU`âõ{Føbþ•yer~«tY”=ÙW,ƒ-ÉpÊÖ쨡È;‹ûìÀ·ªoºõæÉM?9CÒýÌsîoÈŒ0+C‹Ïö׊ŠÝv«íñ> |˜0mùðnmãÇCãÛ }qU tF. ¡±¨1ó:³H:q;ò¼$mÄt+G$EZ›ë»¨§ØØýÝÇ5EíÒHþ¥žl@W6¢cüžØAÍI";Oß B<¶ö-A¶/is¡ŠëḠã?dº²Ö÷¥÷Ó[FFÑïú¾˜NËKÿ*FÄ»õÿ„7ñA§+` Ü- ®Š£~”óó°À°6ÖÆZH"ˆÀ¥6|1­ýæø»4¼lȲ‰U +-\»¸/³|Ô› 1œüEÛwLOÌJq ½3ðtª­â­jë96)[Gý ŒæC¡»çœ ³Cˆ±Rô +@ZÊøv7•±¦ŸHóþõ_í·®%ª¸ñéÞÛ„øÄ©)WÓ;k¯ásï¢U⸶¯&+©t,^¼(0+©×´MÀ7r—[˜ÉÑ`>®LU*v<\ +…«á#!]x€6+H*?¶ðU„5´[J‡™¿m gY+Ù×i?·ê=ظ¼2Ô;{çLâOž]V‰â„µIÞÈŸ¼:àu òÐì-ÝR¹Ù]ê\M4rчÔ_VèN ²“êjv¢!Ñ™:FPhR{ò^Ç•©K™÷F6Ûqö:çÌ äÃb÷[˜þîçÃd¯^™gi âe„faÛÞ%:²cÅ5GÞ Ti5+8áæñ6zj64Å÷¢Ùè:‡(ÍM¢ŸäŒr%ðÀS¦DBafŸr³=VeEõ§¤áÉ^ï1!L¶•1Wt‡½d¤Þ˜ô’ñÑT7i’SgÏÐHì1Ž8îO˜û­±ïÿ´š2ZÈ]â5íkŒZLª#ï0U"e¡·ÿdyBe:® +KñŠŒå€÷­L08ÞµÏnIÊ +ŸŽÆ¼³ Îæq±@å즤µ…üÔ2Œ{5Ä·P쫯BóQ “Ž$NŸ„ºŠ@qê>0¢Úøóû߆€ÐN#3ûó¶5HG ¤µ >zëÔ\@6ýÊ@ÚU"ýB‹Zwô¾"L;}X`¯Sç¼,˜—@BgY²%„rt…èsóÌgÎÕ„†€FCš†Áë—Ñìqa?¿s¬ÒUn L”!›ËVQ·¦2Í…ÒÔ…ªYýý OgfÏc¤¨ÙãjãØf<—uR05»šL(ÖF>©+vfQ©óuÛµ­C½£àO—†h¸ X¼)NÁ.e«©lzíÑþv#áQÎ,©‰–qc–ØËzöµám„©MLÝùxΆòüß^-ÑcÍ0®‹{ÃШ›‘…Ñú/0‰=˜ª´^I.ÚMܧ5 ®Â',Žï䪦&2 ‡Š¥Î™lWš¢(m±ˆÎÕB|›C°Mî^á* p~ ;ãùýŒe·ÍÊá ±ÊÑûR=Jçjâ­“óÖ~¤ó>˜H±Ôåª1O-èª9FäŒañH®×‹™ÏÁ­7"ÞG6ª@¡s²1\Ç_Rjc·{@CW¿S/O Õ±^D1¶¤Ç +‰PÄ—úõ=‘¸a·žM»çxó4^y²ÛVŽÚjÂA¨T\v—+ˆUmgÜô•!?5J»î%uwwl4²vde¥lº˜?R¹Œ£‰îN\ñhšzJÎî˜dgž°œ¶À"¤ÔSWõx×rò²çÿŽpá£«Ô ²Cê^ IoàE1£—ï5t.,©—rk·À2€á ñà§sÉf6$Y ÿ<úŒÜˆ&k¤Jj-|åîYI_l32ù>Uh×IlC ?ÞáÕyR1ðç´¨IÞO—r’÷^5{ µ”bCÉÑ:9ØoN¿OKÁ´òi Ý ?§€XÄíÙH~…NÐäRÉOûÂ}¼§ÚJ‹I¬>št5,qñŠûÝ!QnÆy[S­]µÇŒeâSÿrxÞ‚­ÓFú±Ml§ôVîp>HñµÝ>Y~+ @rdÚrÀ^Ç~º +n¤¸þzîaäÂXµÓ·+`;Z1„#!¦²xÄJýz”¢MÎÄ Ž6ctÿ;¬Âm@ÌÞ¼2Átòɨñ3(¾æó*ðÚ—÷ +—ë}f²JrÀ—.Ñ ÃM-ÚšóÙ(ÁÄá_9ƘÉÑ» <]ô!s+7TcSˆ9”µµXÙ1"QŽÁÎgÁœÉwn"ï“éNNJ?.(9®DåôQ›'¿¬ÂûðöÜ@fµ–€›Œ¥ñWj„r™‘û±øùüÉwÕZ3¬LŽ*„¡ Ó}¸?ÍЛ÷J|^NòýŽØ +?9«°fˆVQ/¹‚¾‚4÷vø‹¢¤¸| ௿õ!WµwúyÙ[BC—hÍ p-ubu†:7ÎÉ~<ïüÑ[Ì” ÆÉ 5<>bz¶ëŒ×g:{ºáó j èËñQæt¦u"yöƒuÅŠÂ}å†×ÁŽÂ‹AouLr6<ƒð•äß +­Âµ»+í"·}=ƒ1 iË>˜>1òÐ8AžÑ%£³­™ü!±u‚>i„Ake“Ù+”¤¦‘˜µ‚{Ð…àˆ +`*¡ µo‹™ËRÎ.AÝ7ŵ©¹m„º—·¿~Ñû²z³ö@âdTÏœ©Y³0ñ7",)xÑåºû«#ɤf· wKUé.@8ìw⺲NbH Žô;ï¥ Þø5 “‰ÏZ³QÅÏö×GOÛ,lÛÐ|‹†³©jç°3™^ JçU$hZ#TïÚY;.j>ˆnÔÖÎw²e¡ir˜Ð6ˆÂq +5mh»nÓùÑmÐ÷ú?Ÿn:41]T]k,Rìa˜RŸ,«Ò3Sï¿:¨|Í?ñgÞ‡õ73->!]7Òõuí͆N½›k‰Á¼ÝôÙ+ès…Î{™3~¢a(’:Œä£ip]–Ì kÍ%ÁZ½äöѲ!æ&ßB~ +T¬ôUU6. þúc€”«1Ö²E):ÅDµTòv%×õÀáƳ6nå+"úë^Aìõ‰Ïå¬Ry2Mþ@½•äjì·Sc‘˜=Êï?q°ë ÆS$•½·‹e]Œ\²Â«¯y¸ ɼ±;ÊúÌ%G7§ûg×O>¹Ø©L­÷̶VE^»‰f6ëê¹ûˆ VYRŒcJÎ@Åôº%*fI²=ïz äÉ&²ïáá;Ï›yú Ge ò‚z¶s”¢Âá_¬Kª¸»N’Ð)¸VW{Ú3÷>“ HuvGÂ'Ö1{uæõÉ¿nIÍü ˜Éøj_<Ñ,DÉ™öýRÀ°éU Î^²ø‰_¢ˤ¯ïç€âœULˆ2¶‰_™ªá@ø|fè3E¿ Îâlç"å¶B~§ZÐ:ŠòñÛ-EÅ×Èœ‚±{h +B Íç9ƒ|£ºŸÎ¢ÕC4ó©5û>âã)mgÃo<50¦7ºe«lûåˆ(‡?ãË“XòõÚº†@ö Héù¤(¤?ßáó::²×Åì¥á•;Ç}Fó|‘ã¢W¬»*èy«eCkäRÂóèj³q ¸”b™NéW§Žl‘¥ ÓìÉŠƒ'[Îf¯úõs¼5Œõä5S\°vwØŒp6¨mÕV(xXQ"ª:8»µ)9HÖù¢­bÜÇøIÍÞ¾¨3ˆ¤w’öηÔ|W´NšðÀM¢7âì¬ ÖVú¾ëóÐsÕL Iœ.œ!?ì¯w¾¶GÙPiŒ‹“Æ-Û®so$Ó²'Ôftä΃"¿Õ¯Fd~0G£ÒìÄpÒî³ÌÔ‰ëA3dª½0Pœ‘å~ÄâRÙèFÜKÿÚL8k¢&7•˜îK-ºfûHûà8ZWbxׯ‹Wpu xÜqN”—~2'ö‹þÊ¡”n`Õ3DEnˆõL,XJ 3ýÙ_}¿)àÚJÔ˜aÝ®–Ñ4ÒÛ›µ+ófî÷>à|¢É}†jÎ.¡1Ûü üÅØrPqñe猨ñÇñ˜"õs§@ê¤q_j;ATºä«Oc~<Ñ­ËîqÇBÝÓê°xÉ0U9Ž” ”~þÍã5)†¤/r5?ŽEK«ñë·D|7Ñ‘a`P)ú¾Ò—­ª,GLõÑ…÷‘€Ñ1¦M»o;y$EuQê‹R¬K-"Ë(`5™è  li%2lS"m"s·®©¢ÔA¯–Ó¹^4ªsÞa4Û-aD¿ÉSׯٖi»($y%Ýêô˜’B"+lKñ+ÕÛ_ÖD:?ËÛMR*ؼÀ­.?äËÅV¹Â><°y÷u„ËuOG›ùëgÛmg i®_ö,f4ªOÛ£HWšê  ½µ_I=¿ì.~_؇£v»Ë @vR¿ôã¤Ù.8n½Ýb˜ïÎp,1:èhˆÌµ%R%¬xª›¬ýÖ·¨>N ÐÎ{ÖR~ xÑÙßûÞw˜îAsð¦ ^l`|ÊçƒXE›åÂÇüsU¸e&âb÷½U[§¨ +Õòјâbžtk[nyN㦰H“òN,úŽÚ&z‰ê +Ká-5’fÁw#9¦­^üÁe8$V•"@ŠÃµ;~'ÂôJ–B°7ÍÞ#Ýr-„+íÝÑå› Ä‰’ñ'1ßN”,÷T|ÂD°eW‘Š‡ ëЧ +7„éô +BRC˜Sþ0–YÊ>Î2‘ÒËM)Xvþá•Tè+€Ä×g$ž>ï …^ƒc ™F +ŒD(©©³ÆBcýXÿ°‡C‹–¦Jcm̆äbp¥ú°¾¥j—*ãš—cô +«¡ÏDùs·òY„3+Pµ~ËÍñD lnóU?µÚx„4iÚÄtŽ¦=ÌkhE_îP[åh]{ ˆR›³Ñô»º®Ù‰®¡²îLà‰JÇ3»°h1‡¸{ð äI„ÆãÍ +ã;œû›±W2³1Ñjà|Ë4Ñ‹)èîZú£bìWyä鵇€~å%{“ÞÈýAyÏ {T$¡ž7J¬R½Í†Ú0ÒÏï>öêaÈ–÷Þ KL϶=‡ŸXò6ðÞz¿2þÔ³Ã~ÞK[[mxŒšVöÖ5'C,³;÷ÓdàPå¥æ"›  +dugç,gÿ¶ùgÛ'îpRH¯Ö[>궥¼˜+¯p~ktþ’3ø@mÚ³•bzo·V‚Hµêæ&W‰Ò­¢jkÂȸáÍQéÆ|ü7½œ?ëî£ÖÇqDégXEÚlßC#?œ|*JºýÜ}K˜vÅPi­‚SÝÎ=VÞ|òþ±ÙéeŒY3")¤²Î>Œt¸ö¼²A@—i·ó¾åØx倛l jÂ(µé +æ1Í‹êpÊ-oyÙØñòuuØ|˜E¦–Æ.›Îg7 ò0$§#Ðï«,((©)!ònà6nêdJ)aÓ)‚w^Å¿À_Šb±{zBÔíI&ºÏ,$c»¾HI²Wýîq†OrÊV\²/ɬ›"n;Iq¼¯Vøþ¸žÓEKýdu­Ï€C1ôF߯éjE¥o!íkõÅ2M2¾7²Ï·œÏM \ n•Rzå: ôÛ˜ò +Ç–fU7ó|rFyØz0£³¾²ÂÞ;VêÓ(:³>¢ŒoþàÐ# ~Êç¥ßÏ—Œ9zcH·ñÚ#kEçFy& Ô±|æ[B€ÖtÐJóåa”Ñ‹µgS™U+}(iP”€·µ&-´ç;’c4§¡ìÀó—>_ÏF~_ëh×8– ‘˜ÆS®E¡!•¸ h8°%hÛìõhÞ>| —Ü;º­Í€ ìÌÇ‚ÄÈF‡îç"N—K¤ìhÜå6à "Ðp†ÑhON’×±t’#ð§/&eÀàíÍÐ[u€ »™Ñ´æ–¦èJ—Ðö¡ÿMQLí¯vm¾ 7ÕyŒáH¤®Û‚G‚e6”úq\k—+ž•}¸Cz ÷L‚"}l¦Ý¡"an–øu†™Ò9Bƒ¥¨"ݪ@²&ëœÔЃ4 ùñ¶ÎçÄï[!œwpHvfCOmŽ»ÚÜÉ¢Ÿle‚(*÷–7šGy¡wª42Îœ¢$£íÚáÃHRp9¾åŽJ!á/lú¡^z×ÙÅ;ª.™Có¹ƒr{)²µÁñnqßÑ=÷é»cdÆ-‡è„˜’5—&Èì-…滇fk^`ØTØLj×]íy7«¡$áÓ|i)>Å—9í®g3Óß—?qkïz¡†sý,ÿ+¤åmÝ‚Hslgât: ˆ¬À^Öˆ]ÜÑæ>"^‰'ø¸Û®Ñʘ`‚IБ¸ïoá6föœíƒUcì¯u|'¡f3uá`ö»ï­ŒÎáb¡ŒŠòû†Ã +â/~ç&¾Zæ3Ð?ø2â­;ßÚ5B2Tâ]Øn0ïÏom01#Úsø£¹€UÙWÐAJ)ѣǗÏú¨¶¦äv ›|N)ˆ2Â{ØQ« »-%VÞ˜§Ä¯í39ˆ(n‹ª8½îgÉ”ñTU¯„°nîs<맊o”ºîƒ¹s ò8©Ù§ft­ª¸¢Ä–ŽØ¡.n¤7,þ8‹™¿.è˜Ào€ßèÃ˦^*,bá+£b£‰  é\»<¤Ø/øh+gn”NO«5ˆ=R5¹UÃ'Ûµd¼Öº§EÊœ÷±È/xÎØŒÅrâû½žY +íZ®}Ãeú ùT­+ǔŷ˜HRB! ÍbbgN\º]N)ývC¢1³*û¦hÄBÇúó2Iß‚ðþžé'RÜf¼šœÛÊ|)G̸~ 9Ô•ÙPÆdäÐ÷Ϊ‡­ƒªmµuçIÚà %­zû‹WœnלG’’eËŸŒÀ3x)Çm=ÅRûv|Ü•ò?ŽPŸ£'b:é¬D_›Îþ:éoš#ÅbžÃ¡|^†ôóuýt’²$yÔ¿­ì¾Zú—„©”Õ+cµ±j÷‰uQŠ¯O. «Ñì{ýivÁ±ÆØË'‰Rh<˜w¿4ו©r=fǽåŽx«~LýŠW·Õ¬[F_Ñ—¬ày0Wòïá ®>ußQÔŽCtžUuGö¢í¡µ%ª«±š1Þ˜¸>ú!È7[/ß½$i =J*–`œN6w³h·F¡Z_çeÚë¸sjhÙ-›Ÿ™|bZ8©_„ë¬l´g¸x•ÕU`•¶ž$ýΠeÛI˜P>¼JG q(â…³Ò¿@/fÎWEÖ+ êbòÞ$‡Å}ω]G5¨—È‚Û7ñ*ÒïÐ0cÐÎJ:/Þ²PÙduZ”3„M¿0sÒ0! ÅOŽ™  Žã¡Ý>ëÅ[ d`àd¿åe2´Ì ™&F¤íÿÆšj×®ï¥k—Ûë ?@,Å‘â8ÌzÞ6<Î|¤_Rö¦RM³šë·ioïOÝ i„î7}œï¾¥÷¶Ú³öK߉mŠýè"¢ÄYO=óÇY“Lï´Yƿ݇×R;uÚó.¬£e¼¥k„¡€¡•LԔˡÓõwžì™ÈGÚšž×¯“KÖ ªëÒïB™;„è]H*_?›ÎÞHº÷Y‰ÀÇÈépY›’Jñ¯yÑL€à¸×«¼3y cUêª<Ú ¹Ô×ÈÚ¹œ-Õ2#ØÏö€}ºþuÌÞ¢×5r`܇^¢ñøø += +?Hb~Š rö¬ò{íÁ'8wÑ–î³dÄû´þÇo' QÈž†jOpöKGˆmú?—9&CÒäý=Œåì’dF¥})‰L^ M¿JÀ6\r¡ÁœÎÍíÌ‹—n–ÿÑ‹QÉaZÏ9A^:®ëž›àö +ï| îCg/}_··í–sÐTvF¨ù³êÖßH9ìr3"ü$h +÷&WI 9) €±*‰êÁZ1žÔxïÙú‡I¢,áY†å½¥ÔúÅGäu¬/Ñ ½+©T.Ô†?kÂڞǜs¶>û¼ßoeˆÐýK‡P6[mÌqû9,Ÿ‹€-ÐṆEѪAW*/à/Ùâ2 ÅGËD/¡ù}•§9-æýx†–rnÖb7²Ò ‡jz¤±T'ŸVŠ‚XbÔß’ nüô«oá‡ûk®Ç‡,줇ƒÝb3BèNæ^ÒæpîÏûùìb‚h™Ól3Ðÿå…ñÿ þŸ °t›ÃÜœÍaö¾0°«›ì±`ü/¼Äê‡endstream endobj -848 0 obj << +797 0 obj << /Type /Font /Subtype /Type1 -/Encoding 1336 0 R +/Encoding 1344 0 R /FirstChar 2 /LastChar 148 -/Widths 1339 0 R -/BaseFont /VLBJNQ+NimbusSanL-Regu -/FontDescriptor 846 0 R +/Widths 1349 0 R +/BaseFont /ZTYCFF+NimbusSanL-Regu +/FontDescriptor 795 0 R >> endobj -846 0 obj << +795 0 obj << /Ascent 712 /CapHeight 712 /Descent -213 -/FontName /VLBJNQ+NimbusSanL-Regu +/FontName /ZTYCFF+NimbusSanL-Regu /ItalicAngle 0 /StemV 85 /XHeight 523 /FontBBox [-174 -285 1001 953] /Flags 4 -/CharSet (/fi/quoteright/parenleft/parenright/comma/hyphen/period/zero/one/three/five/nine/semicolon/B/C/D/F/I/N/P/R/S/T/U/Y/quoteleft/a/b/c/d/e/f/g/h/i/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/quotedblright) -/FontFile 847 0 R +/CharSet (/fi/quoteright/parenleft/parenright/comma/hyphen/period/zero/one/two/three/five/nine/semicolon/B/C/D/F/I/N/P/R/S/T/U/Y/quoteleft/a/b/c/d/e/f/g/h/i/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/quotedblright) +/FontFile 796 0 R >> endobj -1339 0 obj -[500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 222 333 333 0 0 278 333 278 0 556 556 0 556 0 556 0 0 0 556 0 278 0 0 0 0 0 0 667 722 722 0 611 0 0 278 0 0 0 0 722 0 667 0 722 667 611 722 0 0 0 667 0 0 0 0 0 0 222 556 556 500 556 556 278 556 556 222 0 500 222 833 556 556 556 556 333 500 278 556 500 722 500 500 500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 333 ] +1349 0 obj +[500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 222 333 333 0 0 278 333 278 0 556 556 556 556 0 556 0 0 0 556 0 278 0 0 0 0 0 0 667 722 722 0 611 0 0 278 0 0 0 0 722 0 667 0 722 667 611 722 0 0 0 667 0 0 0 0 0 0 222 556 556 500 556 556 278 556 556 222 0 500 222 833 556 556 556 556 333 500 278 556 500 722 500 500 500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 333 ] endobj -784 0 obj << -/Length1 771 -/Length2 1151 -/Length3 532 -/Length 1712 -/Filter /FlateDecode ->> -stream -xÚíRkTSW‘ª¡¬òRIÕzX%2yj   b,Þ/‰¹7ä–ä^z¹¤D|PIU–EltÉST” -«Š@} Ô«0|‘V†°©Z_sÁººJÎüš5çü9ûÛßÙû;ßÙ4HCaáP %&G‚¥R ‡ È3›M¡Ñ‚qXN "'`!à>`µV ¸+›/ä­òøÆ2ô8’¦"€W0}’Ä" Œ# -9 -¤rBkÈ -¹È0z&©Õ`ýäL°΄ñ,bR8! -l„Ó”šÔ$A•à¿…!mÆ»TŒg’¢€×”L: EBªÖVRXk1²LjùoÈš^?—ëxÓOQðG¿9osþ9îT:ñ Ròú©§E9fƒŒµ­×ÙìèF¯Ü/›õP1œ”2ãry{Ûšƒ;îY[3š¼þìùìnÖyûú5÷9ü*êHÑÌÚ[7_=ÉKßÔÙoqøò*¥$—ŸY³ŽùçÝâ«°jÌRsy~Òþg®¯-Ô¶;=é·Mc¹Ôî†Éÿå6]§è¤p¤/¶Ä• VË„³ú\©0›ý=Lq-ÍÒ_gvÓƒ¦÷{$¹¥á±’èÑÇ*]µ Ôþa5T[¸¡-¡U€^,´6¬+pIoèâú—p2šöÒÖ§Ž¿¢ý¶dç̧É/^ô=c¤¶>T{^ú ýTmn9â³(Ï~hË‚ô]ÌQË ¾¿Ú¨KÕwùÖ4ÿ8oÙ>(*‡±n_úñÚˆÚíýcÁœ½Ç 8v9瞊šP–ãÅ Þ+bÓ³åôvÚ†+u §âÈU©L<>ðlkŠ£Öã†,îÙO6ðü’Ò^÷Y¨Æ°{ÓÃÇ·V.Ú±"tèP3ÄŸ—æ½Ù:Ú¦up7w$ZÐ{ÇLw~ìGƒ[ÎrÖzúÇ}³4 •Zác«Ö1¸ÎÊ([ï]d;0AƒZª4un4ÈÍz9Hžæeq7K]¿—Äš±*!*[*9­^n3ãÎ̱'¥îÖgøæƒ×Âù» ÀÛ•‘ £•þw»'´ù®WFŠ:9³Bª”¾I”íM¯ÌÖëºæe7w—-pªÐ3¼¶žùÄð%÷«ÓƦÍ6óðµ’Hè;[UÇöë®WÃc5œ-±÷ùѸλ÷s‹VS©Ÿ¡Æ¥õcºýõáeÖþ£;/eGXh¾ëã^&.}mS?Ôa[žt˜+tiR45÷\¬*qü8FŒ—E(Úo§lY=,­o<±Ûaç*§¤{naˬ…;7ÿìöxY–¬òë„€óü‚¬˜s¡¼þÀ9ß{..VPJîÉ¡bqÍÁ´{âÞðœç?|½g2ºäIìYSQá «ªïŒoE‰døJ—èVÛZ]·º¹¦¬ptn­Ë†÷Âœw\^sòßÝQÒÁû¬}œºŒxù:ñÔr·oõ©Åœ㣰Ö5Ùz¤ q\Û×äÒÈÌÏ•ußØ5¢Jiì¼^žÿ -k¤N´WïŸÃ‰Îg´Ï ìfÝÿèjüçߥÖðÇ.ˆ[“¯õ~9ºn'ÿ¥%™EO.fȉU=¼y–O³#TSëØÿá¢ü¿ÀÿD…–㦑ã锚ŒÉendstream -endobj -785 0 obj << -/Type /Font -/Subtype /Type1 -/Encoding 1340 0 R -/FirstChar 60 -/LastChar 62 -/Widths 1341 0 R -/BaseFont /XEZXWS+CMMI10 -/FontDescriptor 783 0 R ->> endobj -783 0 obj << -/Ascent 694 -/CapHeight 683 -/Descent -194 -/FontName /XEZXWS+CMMI10 -/ItalicAngle -14.04 -/StemV 72 -/XHeight 431 -/FontBBox [-32 -250 1048 750] -/Flags 4 -/CharSet (/less/greater) -/FontFile 784 0 R ->> endobj -1341 0 obj -[778 0 778 ] -endobj -1340 0 obj << -/Type /Encoding -/Differences [ 0 /.notdef 60/less 61/.notdef 62/greater 63/.notdef] ->> endobj 710 0 obj << /Length1 1624 /Length2 5655 @@ -5510,7 +5572,7 @@ x Ä@df0@ˆŠDdddˆ¹*¤ êàˆÜ114ãåç¿û×Í/€×ŸÖ u€¸±îéc°ÿkG#€q„ì¡0@EOÿ‘–®àŽ†® @‡ €0€¾¶à!£!¼{ ûã!à`è¯ÒЂX.%4@#! (Ö â ‚ AwHÊŠFcŸP4À„c°=À P8æþ•öÞñ;!$ -µpÁbX2}ƒ¡ H U_Uý<1Ž@̯Øh( ì±–`ÈíWI¿1, Å¡p4ñÄüŠe€¡h$ è…%C¢ ¿ÓpCCáep€‚8Q`ÆÒ`¹uç¯:ÿT=‰„yýöFü¶úGP ³$ÅÆa°± pb¡_â·GD„ÿ¸»!ÿÄÜ!¨ß ºókfx±IÁ8Ì †Ø é"0Ø€;ÿ;•ÿs"ÿ$þü‘÷ß÷ïýÓKüï¾Ï§VwƒÁt.ØøcÉ°[xøµg¿«äø] 0¯áõwC3È™þ"û;¦…bÛ¡wÀJ" "*(üÇ5­õ„€õ¡#ÀÃvë÷½  AÁ pVÕß Å: ÿ 3v„‚œá¿Ú/ñƒÿž;V¨ß™ )««+i=äÿW»õ·¥>v0Æ^Hà¿Ã˜é Àÿ8üâQVFx|$E¢RÒiqa€´”ˆß¿ˆø›F䯳ƒ‚z,………EØß?¿ÿF B€ÍŒcÇì¿` +µpÁbX2}ƒ¡ H U_Uý<1Ž@̯Øh( ì±–`ÈíWI¿1, Å¡p4ñÄüŠe€¡h$ è…%C¢ ¿ÓpCCáep€‚8Q`ÆÒ`¹uç¯:ÿT=‰„yýöFü¶úGP ³$ÅÆa°± pb¡_â·GD„ÿ¸»!ÿÄÜ!¨ß ºókfx±IÁ8Ì †Ø é"0Ø€;ÿ;•ÿs"ÿ$þü‘÷ß÷ïýÓKüï¾Ï§VwƒÁt.ØøcÉ°[xøµg¿«äø] 0¯áõwC3È™þ"û;¦…bÛ¡wÀJ" "*(üÇ5­õ„€õ¡#ÀÃvë÷½  AÁ pVÕß Å: ÿ 3v„‚œá¿Ú/ñƒÿž;V¨ß™ =2Ó6ÐTáÿW»õ·¥>v0Æ^Hà¿Ã˜é Àÿ8üâQVFx|$E¢RÒiqa€´”ˆß¿ˆø›F䯳ƒ‚z,………EØß?¿ÿF B€ÍŒcÇì¿` …U÷÷›-úÏóï‡@§÷ªeg»~o(²°Öøe~@¢Í?=bQ¦Ôö¢2T°nXöò­×Äòç—|«ýít0ž¶TÈN‹ßmÞŽ|Êyî&)þÕ !ëB²Œm³ŸÝ®YH ›®.½30´.¸¸~k¸I uc÷„7à¶{~ ç1’ü (­æ)m3EUÕ‹­mcžî¾Þž¶}‚Ž/ÌüÏŸqɹ_#ãŽp}άhaRêÉ© 60DIb•¤4Ì1ëCö$Ò]—mVÜ ÷ˆr´˜V‘šµHM¨@a5¨w§µ_“ù‡s‘h0á«1î¶ ¼üòeï>÷©¦ýýØèùÚâÝç¼þ©Pëd¼dâÍO>v<*YTòÓv zE}qZÇ ä÷wvÇ«éRèJV¡e’ìr¼9ùâ‚œô0˜"Än%Ÿ•MsÒºYìÎUBu¨9‡çͪ¸qæÍì}ÍlÓ} |e±ŸrºE©?G‚ü¯’ÍóEK0&•’O®&œ¾TÒ3©¢—]™7F=«Æo¬ÌS†åZ‘<%jÏâ¥g¾à§¿UÅiyÜ*.ìTÏh-ž‘2(’Tä¸ñW­BÌišùþp[MSÛ-²èu3»XwQÏGA¶4 ³ë´ÊöaVqªºUCKFXŠ£µ:¿[?pÈÞ©“’ªk,› .32.½ÑöL‚eýu-Õ +ˤ¹i0ªøØ>ÿgWcrBlñ§buSx‡p':Í=r÷ÌÔ×À09øóì[ˆê÷"çǵ¬Cú• ³ã¶Þ£ @@ -5532,23 +5594,23 @@ o> yîoÜlŒà㹶_ µ'Õ ÍO.׸µ6}¾Â£×˜^N!Ý´’»ÒvµA±çþð kOg Ówí2ëƒ'Î`p+p ¬ã™CÏ?dÃÉ!¸äëõé)§»Å8Ë÷Ó»nübçG®ú•u™€ùw¾jaŸKè\¨§*A䦢3$ÚˆåúŸád‡9ðÖB¶€Á5 ³m({ôTá{~·sF'[‹»zèêæ±Hží:¼“þ"2ÉaÊøàý´ƒ¸KðÒ‹,—‚aQú²¤þ+¿9PáÝÄúÈMU:‰b2Ù œÂ áÆ–€œÉ§mle,sm&,Võ£r—“Gf—nÇßí ¥ú2ÑÅu´SEÈŒÀKG9é ìT\?µì/8—ù —Ä:ê÷ðÝ åë„ a ø«}V+ -IÃ%¢§¸ÁMÏ­W[öÉ%ä¢*¿gš]T›®æÅÖX=„~íuÊÌ»Ñi©Xp ÓYÂaE´=pÃõ{ó­›óŽ¾™É"ö÷¥ F84ÒL”ÆÙžÌ[;ôé‹åŽ~ ¼ãl¸jä!@šjUâŸs5ÌÃO ‘Å7o­\)ÄÈ’±0øzi*‘ƒu[ä Ùxm3È!5œˆ £ x‚ɤ‚ówzç ‡®ÛjñE÷0URRïHOn!XU¸|ð¯øjiì¾ òŒrÙ—ã¥|ÁÆÝmÜ iV+O´Û–‡1îvaº—òⸯTÉöàŘëÃô§þ.0Íg ËÆ JæÂ]µZIbQ*g61·É5{áóCüÿÿ'@0…A¸QÎÄÿûß„Wendstream +IÃ%¢§¸ÁMÏ­W[öÉ%ä¢*¿gš]T›®æÅÖX=„~íuÊÌ»Ñi©Xp ÓYÂaE´=pÃõ{ó­›óŽ¾™É"ö÷¥ F84ÒL”ÆÙžÌ[;ôé‹åŽ~ ¼ãl¸jä!@šjUâŸs5ÌÃO ‘Å7o­\)ÄÈ’±0øzi*‘ƒu[ä Ùxm3È!5œˆ £ x‚ɤ‚ówzç ‡®ÛjñE÷0URRïHOn!XU¸|ð¯øjiì¾ òŒrÙ—ã¥|ÁÆÝmÜ iV+O´Û–‡1îvaº—òⸯTÉöàŘëÃô§þ.0Íg ËÆ JæÂ]µZIbQ*g61·É5{áóCüÿÿ'@0…A¸QÎÄÿü>„Šendstream endobj 711 0 obj << /Type /Font /Subtype /Type1 -/Encoding 1336 0 R +/Encoding 1344 0 R /FirstChar 46 /LastChar 122 -/Widths 1342 0 R -/BaseFont /BFFAIL+NimbusMonL-BoldObli +/Widths 1350 0 R +/BaseFont /YWKQHC+NimbusMonL-BoldObli /FontDescriptor 709 0 R >> endobj 709 0 obj << /Ascent 624 /CapHeight 552 /Descent -126 -/FontName /BFFAIL+NimbusMonL-BoldObli +/FontName /YWKQHC+NimbusMonL-BoldObli /ItalicAngle -12 /StemV 103 /XHeight 439 @@ -5557,7 +5619,7 @@ endobj /CharSet (/period/a/c/e/i/l/m/n/o/s/v/w/z) /FontFile 710 0 R >> endobj -1342 0 obj +1350 0 obj [600 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 600 0 600 0 600 0 0 0 600 0 0 600 600 600 600 0 0 0 600 0 0 600 600 0 0 600 ] endobj 702 0 obj << @@ -5569,7 +5631,7 @@ endobj >> stream xÚíwePœí²-î®Á Npww‡à>ÀÀƒw×à$¸;$¸w×à„@\.ÉwöÞ§¾»³ݺS5SïÓ«{u÷³úíª¡¥TÓd·t4Ê8:¸²°³² T@öæn.ÊŽJ,@k7Us0ðp£ÐÒJ:Í\AŽRf®@À[ %@ -hàà°óóó£Ð$!žÎ kW½¶Æ[&&æY~»Ì=ÿ¼Dº€¬¯_Ü`Gˆ=ÐÁõ…⨠\m€+TUÓ“W‘Ð˪hd@g30@Íí¥ €ÈèàdX9:ÀŽ– ß­¹°¾p‰»Ì. è% èa„ü†˜ ³=ÈÅåårX;›9¸¾Ü«#ä`v³ü]À‹ÝÊñOAgÇûì…LÍÑÅÕÅÂq¼dU“’ù«NW3×ß¹]@/0ÀÑêÅÓÒÑÂíwK°šÔÕ äàpz¸þÎeX‚\ `3Ï—Ü/dgП2Ü\@Öÿª€à ´6s¶]\^h^¸ßοúü·îÍ °çŸhÇ?^ÿ¬äê[±¢°s¼ä´p}Ém r@yó{Xä¬ìlÙ-Ý ÿÀÜÎ.ˆþ÷Ì0¼aféèöX­PÞ¨8º¾¤ÐÿÏTfýωüø?"ðDÞÿ¸×追ÄÿÛ÷ùïÔ2n`°Š™ýËüµd/[Æ ø½gÀf΀߻ÆÉ ø…™ÙƒÀžÿ&ðïŽoû_|‡å]Í^.EÜÁúEvV¶¿Ì ÐR äja°2¿ÜÙ»¶ƒ%Ð r¾hûçZ_‚ØØþ†iÙ€,ì~‹Àýt°ü{ù/rý)þ†¢–®œÓ¿Û°<Õ^&ÁUËüWš·ÊŽ–ÿ<üæ‘pôx³ð°X88y¼¼\>vvß“ñ û¿ÎÊf®Î €+;àå÷ߌþF#í`áhù{r4]Í,_†íŸ†ß°…›³ó‹ÆÞÿ—¦ÿqþ3ö@ ÐeyÁÑB0Ä6=+õ–0w`LÊ ·›v RÒ U˜PíØ埱É_aúPÊÚ8!ðÔâ9yÜU`Üê&Óu¥?’úR3ôäc}ÝÆË´ôƸ=ãÇÛï“9¥ 8}6½­1u ãⲉ6Ng¤“k†j÷ü<š+†ŸEZ}<~;V#NmÁá×I߯¯è¾ ôwÁ÷ì’0åÄ#Ó +hàà°óóó£Ð$!žÎ kW½¶Æ[&&æY~»Ì=ÿ¼Dº€¬¯_Ü`Gˆ=ÐÁõ…⨠\m€+TUÓ“W‘Ð˪hd@g30@Íí¥ €ÈèàdX9:ÀŽ– ß­¹°¾p‰»Ì. è% èa„ü†˜ ³=ÈÅåårX;›9¸¾Ü«#ä`v³ü]À‹ÝÊñOAgÇûì…LÍÑÅÕÅÂq¼dU“’ù«NW3×ß¹]@/0ÀÑêÅÓÒÑÂíwK°šÔÕ äàpz¸þÎeX‚\ `3Ï—Ü/dgП2Ü\@Öÿª€à ´6s¶]\^h^¸ßοúü·îÍ °çŸhÇ?^ÿ¬äê[±¢°s¼ä´p}Ém r@yó{Xä¬ìlÙ-Ý ÿÀÜÎ.ˆþ÷Ì0¼aféèöX­PÞ¨8º¾¤ÐÿÏTfýωüø?"ðDÞÿ¸×追ÄÿÛ÷ùïÔ2n`°Š™ýËüµd/[Æ ø½gÀf΀߻ÆÉ ø…™ÙƒÀžÿ&ðïŽoû_|‡å]Í^.EÜÁúEvV¶¿Ì ÐR äja°2¿ÜÙ»¶ƒ%Ð r¾hûçZ_‚ØØþ†iÙ€,ì~‹Àýt°ü{ù/rý)þª†œ¬¦Ó¿Û°<Õ^&ÁUËüWš·ÊŽ–ÿ<üæ‘pôx³ð°X88y¼¼\>vvß“ñ û¿ÎÊf®Î €+;àå÷ߌþF#í`áhù{r4]Í,_†íŸ†ß°…›³ó‹ÆÞÿ—¦ÿqþ3ö@ ÐeyÁÑB0Ä6=+õ–0w`LÊ ·›v RÒ U˜PíØ埱É_aúPÊÚ8!ðÔâ9yÜU`Üê&Óu¥?’úR3ôäc}ÝÆË´ôƸ=ãÇÛï“9¥ 8}6½­1u ãⲉ6Ng¤“k†j÷ü<š+†ŸEZ}<~;V#NmÁá×I߯¯è¾ ôwÁ÷ì’0åÄ#Ó ºÃ¡¿ŽpÊ!Õ×®ðŽdÚ©Û£ˆëIÌå1ñ:–¹M !LŸ+ÏS·×Ö:çñkÏñù È [œÒ¡±Tlü+Û¿-ë•øET×—mÚjËl ò>õ _Ô‹vý,8èáÏ D›[©ºœÛ[3zoÃC±)·úˆyH cpeØhS‹GéZuk€ÉaëCkú–J†H‚O—ÕVf.~†÷þ䄺¥u5\càÞ91f&ê~ºLØéÂÌe_|Ÿr“7K5¸S¿iÊl–œiýæ£q­]%Ã['ßê‹t{YÎ(”o¢E @@ -5604,23 +5666,23 @@ B GŽ—z¥YƹQëкtšI–X˜‡1·Ee#§r}›áŸz±g˜$>ÈÕ­&)׬H1ì¶SdrvëOËx0P(îée¬-ÒM`¢!03ðÜW‰M^®#YâX$››ú4 ºÂûgG/lPŠêÛΣ›îXßl’ìr„”Úå¨è$IãÔÒÅóJÔ¿ýä  {Ø蟉©U³ ´¨©O²Q×FÞ2ÐÒ{ïÛ#ÔQÍÁ@W®Zædˆ}óº-ÅÉæiW²…k¬6$ØÌ<ÝòÔá·º7_´UsÁÕˆ=·¯(!Ä ‚¥mÊ3ýÅÿ4Çà§í†+é–nævÎi©ÿdˆÍTOwˆ .„²5ÚþÈÖñ^ž/|†Saï½ ô»ØIvê Ý»ê}­€‘D=Tÿéâö·½‡žëÑG]#ÂâuöñçP2ÀÂ,NÈËpߣ¶ÓñuþE+ë¼íà0 Hû"C«™»‘ïìºúŒÛ[rzaD%ƽ¯ÅSØ×¹Òøç7 Á‡;"ó%O,Gaes:εç2g‘ÇÞtR%>”¥I æ7iÚµ;Øù,Î’`kõK%hDЈßXˆ“maîÝÇì’ …¥âœa ųáb•Ž-%ÎhÈà¨ñÔÀI• °{‘ÓÌÕ7g[{H"Ó·°G×(RJÖĤ®PgŒHºX­ó~ø6hv÷bÄ„)Nà‘o\jr¼ki´Û¥Z²ŽâÃ‹Ö -ï:/ÿ©Aàéžµ@vô®ž å—þA·žÈFàQ=á'ê²_Z»ÔÙÄη+YS1¹Êƒ”ÞTRcÖì`Qœú}V› v1g1ÒŒŠ$| OIq @Ýsêç?ú¾óã°!¾,»Ö.qðŠ×þeËŠ”l~a;$gõ…<¾9K„‹DüÆ©8®À¶IÁI3ýSȱ$FïßûBßP5åqÏ' KÇ|µˆ€€‰¥ÿî`Ëf_>´« Í@MãSì7nDAðùg·u{<úzoáiC&‘RÊVçÇTA¿Wb-ΟØ]2PÉ™Ð.8ÙËÍÙ.ò¯j|ƒz]÷ÞkZlü!½989Ÿðd¶aw¨É¾ ŽµQ 1ŸŒ¸9ŸTv2@&* •šíùAùÿÿOX€fήŽöfÎv(ÿgbjendstream +ï:/ÿ©Aàéžµ@vô®ž å—þA·žÈFàQ=á'ê²_Z»ÔÙÄη+YS1¹Êƒ”ÞTRcÖì`Qœú}V› v1g1ÒŒŠ$| OIq @Ýsêç?ú¾óã°!¾,»Ö.qðŠ×þeËŠ”l~a;$gõ…<¾9K„‹DüÆ©8®À¶IÁI3ýSȱ$FïßûBßP5åqÏ' KÇ|µˆ€€‰¥ÿî`Ëf_>´« Í@MãSì7nDAðùg·u{<úzoáiC&‘RÊVçÇTA¿Wb-ΟØ]2PÉ™Ð.8ÙËÍÙ.ò¯j|ƒz]÷ÞkZlü!½989Ÿðd¶aw¨É¾ ŽµQ 1ŸŒ¸9ŸTv2@&* •šíùAùÿÿOX€fήŽöfÎv(ÿã,bZendstream endobj 703 0 obj << /Type /Font /Subtype /Type1 -/Encoding 1336 0 R +/Encoding 1344 0 R /FirstChar 40 /LastChar 122 -/Widths 1343 0 R -/BaseFont /RKTXHV+NimbusMonL-ReguObli +/Widths 1351 0 R +/BaseFont /ORHGST+NimbusMonL-ReguObli /FontDescriptor 701 0 R >> endobj 701 0 obj << /Ascent 625 /CapHeight 557 /Descent -147 -/FontName /RKTXHV+NimbusMonL-ReguObli +/FontName /ORHGST+NimbusMonL-ReguObli /ItalicAngle -12 /StemV 43 /XHeight 426 @@ -5629,7 +5691,7 @@ endobj /CharSet (/parenleft/parenright/hyphen/a/c/d/e/f/g/h/i/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z) /FontFile 702 0 R >> endobj -1343 0 obj +1351 0 obj [600 600 0 0 0 600 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 600 0 600 600 600 600 600 600 600 0 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 ] endobj 633 0 obj << @@ -5642,7 +5704,7 @@ endobj stream xÚí¹UT¤]“%Œ»kቻ;îîîNâZ¸»»;…»»»;…»Z¸ÃÔûõt÷¬ž¹šé«ýy“ω±#Nì8çY¹’œXQ…^ÈÔÞØLÜÞÎ…ž™‰ ¦¬¡hdccd ´—¥W¶·5ü5³Ã‘“‹8™¹ííD\Ìxf¦Q3 €™››Ž bïàá´°tPýå ¦¥¥ûOË?.cGþF:-ì~˜ÙØ;ØšÙ¹ü¥ø¿T13¸XšÌ6fE-)y •„¼@ÂÌÎÌÉÈ èjl4ÈMÌìœÍ¨æöN›[LìíLÿlÍ™á/—3Ààì`füfænbæðDp0s²:;ÿ}NFv.{àbڙظšþSÀ_»¹ý¿ -rp²ÿëaûûK¦hïìâlâtpüͪ(*þouºX¹ü“ÛøØ›ÿõ4µ7qýgKÿÂþÒüE]Œ€vÎ3w—r›LÎ6Fsÿ%spþ« Wg ÅV@p2³0r2µ1svþKó—ûŸîüç>ÿËîl<þmÿ/¯ÿ¨èâlfcÎÇÌò7§‰ËßÜ@;8ÆFEÊÎÜÀÌôovSW‡Ç~˜9ý«ATÿÌ õß"ŒLííl<¦fæpŒòö.S¨þïTføïù¿Aâÿÿ[äý÷¿jô¿âÿ×óü_©Å]mlälÍþø÷; øç’±ûß¼l6ÿ'ÿÿê©aöoEþi¤\Œþ¶BÈÎâ¯ôÜ l\LÜÿÅîf¦Š@K€¹‘Íß^ýË®fgjæd´3û«é¿Ú  gfbú/˜ª%ÐÄÚîŸæ³ÿdfgú_ëÿ+Ó¿ªgÔTURÕ¢ýßîUz›¿óeÀÌÁùoŠ'ÁEÕÃÁ ð?ÓiÈÙ›þÇâ>aa{w€=3€ž…‹õïdap³±úürÿ‹ˆù?×rF.N@w€ó_Ò¾™þÉý€Þ¡³3±7ýgvT\ŒìLÿŽÛþM\œþªü¯àïöÿ}ý¯Á73s73[ûeoÂl•ž•áR‡72%ª3ÐÇ >âPÚ¨ZTè_cßë—¾Ë]iø^ÂÐ4ÃóÙî±|æðq(Ms4Ö‡eCÙ›jvU€ïCJÝ_ˆºEÑÉI{Ȩ_Š˜q®íu½$»¡ÍÁ¤~´7¥¤¬_òE0ÓÉêsýDíOú£ÐƒìÑÉ×$­!³ ¥ ­îçÙ9EÒéÓ#åÐøèÈpï dÿ!mn,9ïDŠ(Ç\<mµ +rp²ÿëaûûK¦hïìâlâtpüͪ(*þouºX¹ü“ÛøØ›ÿõ4µ7qýgKÿÂþÒüE]Œ€vÎ3w—r›LÎ6Fsÿ%spþ« Wg ÅV@p2³0r2µ1svþKó—ûŸîüç>ÿËîl<þmÿ/¯ÿ¨èâlfcÎÇÌò7§‰ËßÜ@;8ÆFEÊÎÜÀÌôovSW‡Ç~˜9ý«ATÿÌ õß"ŒLííl<¦fæpŒòö.S¨þïTføïù¿Aâÿÿ[äý÷¿jô¿âÿ×óü_©Å]mlälÍþø÷; øç’±ûß¼l6ÿ'ÿÿê©aöoEþi¤\Œþ¶BÈÎâ¯ôÜ l\LÜÿÅîf¦Š@K€¹‘Íß^ýË®fgjæd´3û«é¿Ú  gfbú/˜ª%ÐÄÚîŸæ³ÿdfgú_ëÿ+Ó¿ªgT“W¤ýßîUz›¿óeÀÌÁùoŠ'ÁEÕÃÁ ð?ÓiÈÙ›þÇâ>aa{w€=3€ž…‹õïdap³±úürÿ‹ˆù?×rF.N@w€ó_Ò¾™þÉý€Þ¡³3±7ýgvT\ŒìLÿŽÛþM\œþªü¯àïöÿ}ý¯Á73s73[ûeoÂl•ž•áR‡72%ª3ÐÇ >âPÚ¨ZTè_cßë—¾Ë]iø^ÂÐ4ÃóÙî±|æðq(Ms4Ö‡eCÙ›jvU€ïCJÝ_ˆºEÑÉI{Ȩ_Š˜q®íu½$»¡ÍÁ¤~´7¥¤¬_òE0ÓÉêsýDíOú£ÐƒìÑÉ×$­!³ ¥ ­îçÙ9EÒéÓ#åÐøèÈpï dÿ!mn,9ïDŠ(Ç\<mµ ±ªVõ¶ý^Nc_ñõiܬ槕Q¿ÑŠÔ+«ñïPYŸÌôZ#Ûõ½¼6SºßS7Cç0ÂþD¶X>ªO¯Æ¶aÕl¾JüÁøÒŠuwßùöüh¨ÁŽ7n- ª}»›ËÏì¯ò[ùwµ gïèÕËä‡× †¸ºŽïÛ­IZR » ˜Yâu#1¯› t,’‹¤×CMMW•M¬îÓ–$IÁ]•Ð}}™ß×(+X{—üÓHï=s]Ô½í<›Øáb57U‘Ct¸¹# ¹@ ²KCúFúØì¸5Ö0ë#‚OXíg½FC'ØÐÀ"¤¹ú,ï6çš#±VEÿú4Í ÙTÙ ƒ˜êççX}×¹F; yh ȱ½ýx˜!:Á<œ?-p©yó>sd³aEG2 ‰iħØä¢_,Ì:ý¡ÒI“ È ú€èç“.ª¡Ü^ó!Ozü(~”@½ð¤Ê¨JïŽ ÷(ù)I¡É’!Ë[í¿7O’0 ™(Öê/Êó#?ŸòtssÕï“wÏgWWÂù;í @@ -5714,23 +5776,23 @@ PпÜ  ªjDÒG@œ=ù¢0Vþ23qð8@R‚¢Sx†€ÀˆQšk>Ö˜IÛ»åÆnÕ@ Šœ+7ƒ¥ #xA&¶#A×÷“š k‘ìÚIÍ!]i¿ƒ–A!’ª5•JN¾w¢O’ ˆvš·Ò‘*âô*,¥×¤Q*Þ=£•^¯ÄìP«Üé툘Ífó®U‰{™™®ºû¶®á·Rû™ÁØ aûp"ë¼[÷—– ®k=¡_„ ë¾´6÷g]Þs±ã¢V×/h_ëìË4J#gBó³Ä…¨Ýûí:½ôy­ã~ó•é«©W-ªuuàúàÒã£^N[pa*'õÖÀ+Z“XÁàæකÈ}†J~NZ_?ÿ}þiæxA‚ÂðòÎZÊ6š§Œ u£a£ÊýDAEËÿŒåkd'‡Œ®2Õ؇¯ V°î2»“u=œÕÏ"¨¡ ¥}ŨRpÔG0Ò|Ëÿ°Á÷v¯×ã#Ði¹j3ÍTâè(3Z÷†]ö‰6$áHý.ù2rä"Šñ.Q}Œ[ô(~áa¼ô|·g7LÜëèi GÕzBƒ¤ìò°ôÉy,£–¢€%ÝÞû.îcäG3*Ùºr¢ê.ûÝS²Z°¶¯Üi𥰛‰àò"ë8׊Ê[¬oœæiªÈtB!N²Ma3_#”Ö‘3?z25Q«û%Tb÷‹ºðƒS‰\ ”Ë`DðÌø¹Õ"†Ò»K$šù‘ W»P-$Ô"taâ5í.§œi"2a îÎEg|鞢³‹O-,Œ'²Æ¤ùp|’Ì”‹Ò7rž´­‘€µ‘‹Üä!ðvƒŸÖß0ÕBöy\åqýXkÊ€XƒÆ;my»”(~aŸ›{á|±ob’ØÏÖ­Ùxœ=†¤…` Ö罦(h ö˜85]‰„C¬…ù×UÎu×ÞÃ4]}+7ÄÝ Ú‰-¬ú‹O ›ë}KHE®r¹ çbÛŸÉwO0t©„oµÆuZ¶Rèt•qø’.ùã8M“ƽ7·ôº8m [lC)¤ŸÙ¾X<‡ø¢ø¨7¢rLÚIQº¹RоR>„OôºˆzMЃ·:¨ “Päkæ ŽwS´RnBßÆÆ<9Ų|<ø{_À+¾>¡zZL¼³S©6v˜I  ?0 -tâï¯tãq·˜þ?pÿ?Áÿ'LlÌŒœ\ìmœ¬áþ”Þendstream +tâï¯tãq·˜þ?pÿ?Áÿ'LlÌŒœ\ìmœ¬áþô_ªendstream endobj 634 0 obj << /Type /Font /Subtype /Type1 -/Encoding 1336 0 R +/Encoding 1344 0 R /FirstChar 40 /LastChar 90 -/Widths 1344 0 R -/BaseFont /XTDQTY+URWPalladioL-Roma-Slant_167 +/Widths 1352 0 R +/BaseFont /UIDBFP+URWPalladioL-Roma-Slant_167 /FontDescriptor 632 0 R >> endobj 632 0 obj << /Ascent 715 /CapHeight 680 /Descent -282 -/FontName /XTDQTY+URWPalladioL-Roma-Slant_167 +/FontName /UIDBFP+URWPalladioL-Roma-Slant_167 /ItalicAngle -9 /StemV 84 /XHeight 469 @@ -5739,7 +5801,7 @@ endobj /CharSet (/parenleft/parenright/period/one/two/three/four/five/six/seven/eight/nine/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/Q/R/S/T/U/V/X/Y/Z) /FontFile 633 0 R >> endobj -1344 0 obj +1352 0 obj [333 333 0 0 0 0 250 0 0 500 500 500 500 500 500 500 500 500 0 0 0 0 0 0 0 778 611 709 774 611 556 763 832 337 0 726 611 946 831 786 604 786 668 525 613 778 722 0 667 667 667 ] endobj 626 0 obj << @@ -5755,7 +5817,7 @@ x øk䀣 u9ƒìlÅŒœ¼  )@ h`e°ðððÀQDíì=AæÎj5e ::úÿ´ü0öøÏßN s[åßW µ½ ÐÖù/ÄÿñF àl˜¬QÅïZÒ ’jI5€$Ðèhd øîbl 2ÈL€¶N@€™#Àúß €‰­)èŸÒœÿb ;ŒNö@Ðßm@w ý?.z€=ÐÑääô÷r˜;Ù:ÿí³dkbíbú¿v3»²w´ûaó×÷컓³“‰#ÈÞð7ëw1‰ót¶0rþ'·è¯`gö7ÒÔÎÄ埒þåû ó×ël²u8ÝÿÉe ˜‚œì­<þæþ fïú '­ù2 8ÍM­NNaþbÿÓÿ¬ð¿Todooíñ¯ÝvÿŠúŸ@ÎN@k3F8Ö¿9Mœÿæ6ÙÂ1ý3(Ò¶fvæÛM]ìÿÃç tüWƒ¨ÿ™š¿$ŒLíl­=¦@38&;ç¿)Ôÿg*3þ÷‰üß ñ‹Àÿ-òþ߉û_5ú_ñÿíyþ¯Ð.ÖÖ -F6àß àï cüsÇü¿bl@Öÿ›èÿ¨ü7Ãÿˆ´³Ñß6Ûšÿ•‚™‘ùßF“Èhúälb03²þÛ£ÙÕlMŽÖ [à_-ÿÕF 3óñ©Z€L¬lÿi:Ç¿]@[ÓÿÊü¯<ÿâÍ$.)¡,£B÷_oÓE}ÿ«º³ª‡ý_bÿ£y;Óÿ¹øCDÄÎàÅÀÎ``åâpr³¸¹X|þ7ÙþÃòŸky#gG;@çoÉÌ,ÿ*ü¼ÿ¹Òû/0â¶&v¦ÿL‰Š³‘­éßÁúŸ†Ü&.ŽŽõü×Yÿ[ð¬ÿ5â@ ;ÐneÑ΄/Ø2=+ù;ohBL§¯‡b(ľì‡jq¡­]·_zø6O•á[]cÓ$ïÇ/…?öïû2´#=XÖTÝ©À‹2šÞBÔ Êv.ºƒ@&ý2ÄŒSh¯Ëy¹-HmNfõƒ %eýÒ7(ÂÉv6G˜ËG2×B ò{$_“´Æ8Ì”&0´ú¢?§”IÇT£ÃCƒÝ×_{÷ñérã`)ø\!)£ürñµÕª¼"h3Ç&¬±„N™Í»‡¤¹ï°8×ÂYÂù6ª†Ü|.°oŽ Uà‡í”†H\ά={“fzüñÛwšÌ(;InjÚß1$“.]dþ¬²¡ó»ç§c!˜-ÖÅH»FÄäôæÇ€;Ãõ=Ä|Û.ÛE‘e ë ¼ŒPxÏNV?±W£¶Æx›5VB¹®u%GñèêÍà©Ne„/GçÈƬ÷v^8 %1ÿƒš1KPè½qݤA‰?ÇèñQÚ!©æ6ø$Þqs/ª A{øƒOÅзëðÉx~X¹vÿØïîYÍaWtM=#à„‚&æ¦Çå@ÀЫ®2 å‚+°ƒ~YqWRcŽÏ67H­ŽÓüÛÚá7ªù« Õ0–† ¶_¼Œ¸F?‡ÚŠ‰½Ž ?B¡‰65Ôó½ø® +F6àß àï cüsÇü¿bl@Öÿ›èÿ¨ü7Ãÿˆ´³Ñß6Ûšÿ•‚™‘ùßF“Èhúälb03²þÛ£ÙÕlMŽÖ [à_-ÿÕF 3óñ©Z€L¬lÿi:Ç¿]@[ÓÿÊü¯<ÿâͤ¥)®¬&L÷_oÓE}ÿ«º³ª‡ý_bÿ£y;Óÿ¹øCDÄÎàÅÀÎ``åâpr³¸¹X|þ7ÙþÃòŸky#gG;@çoÉÌ,ÿ*ü¼ÿ¹Òû/0â¶&v¦ÿL‰Š³‘­éßÁúŸ†Ü&.ŽŽõü×Yÿ[ð¬ÿ5â@ ;ÐneÑ΄/Ø2=+ù;ohBL§¯‡b(ľì‡jq¡­]·_zø6O•á[]cÓ$ïÇ/…?öïû2´#=XÖTÝ©À‹2šÞBÔ Êv.ºƒ@&ý2ÄŒSh¯Ëy¹-HmNfõƒ %eýÒ7(ÂÉv6G˜ËG2×B ò{$_“´Æ8Ì”&0´ú¢?§”IÇT£ÃCƒÝ×_{÷ñérã`)ø\!)£ürñµÕª¼"h3Ç&¬±„N™Í»‡¤¹ï°8×ÂYÂù6ª†Ü|.°oŽ Uà‡í”†H\ά={“fzüñÛwšÌ(;InjÚß1$“.]dþ¬²¡ó»ç§c!˜-ÖÅH»FÄäôæÇ€;Ãõ=Ä|Û.ÛE‘e ë ¼ŒPxÏNV?±W£¶Æx›5VB¹®u%GñèêÍà©Ne„/GçÈƬ÷v^8 %1ÿƒš1KPè½qݤA‰?ÇèñQÚ!©æ6ø$Þqs/ª A{øƒOÅзëðÉx~X¹vÿØïîYÍaWtM=#à„‚&æ¦Çå@ÀЫ®2 å‚+°ƒ~YqWRcŽÏ67H­ŽÓüÛÚá7ªù« Õ0–† ¶_¼Œ¸F?‡ÚŠ‰½Ž ?B¡‰65Ôó½ø® ñ½¿Ý¡$ý6;›˜ ½S‘F‡‡9Lq®÷#7ùºÞAæOy«Æk™¬0\™òã)àÚŠ¯Põýè_°ÏÈ𸯪+WX½À4qW%¸3A pÇ‚yçNјŠhÙFƒ´¼òàH«Qûv¡;±0p•]ßt’~xd,Š‹÷xÂÍ6m$ˆ¤bŽè›a»èýa–Qº ÅZCE{˜Í¸V>$zytgC¿ Ëûž~^üZ΢ë—'¿4vÌ¢€œQ(߈¼ÚóE$9>RÛòvJr —Ž!V•Qê-¦  ç]kˆ«#L¹)N[ Y'L Ml%£:Tid„‡Í!³ÿ²|Ø=ðÐû})ñËHzÕøQ£ð·)k{U“›âí÷T£Â•¼hð-· ÚyX3ïIIìŸÐð¼íˆBÚþ# @@ -5800,23 +5862,23 @@ S --˜TÎÁ?åשּׁ~Ig.äs#IR³1Þdà0säÐl„ë¤)wÜÔC‚5ZêD¡˜A|aK]¾öQŒ)ŠÑßÛ¥fÜ-6wâœÌn¿Ô‘ëZ¬×ñÂe²€KQÊÉ!qäl†ä Ã;¼Â` ¯ˆ«Ýjƒ"àFd’(ñ¹%Ð¥å Ÿ¤­:ìKÐÙÖ»ûúj?ã0GLÝå/—‡ÕsÉmtèŠ7@F.°vš\õ`òƒ_¨à@ó+ß­'9/þ´îQöñ;*œî~¿ˆ\Ý‚°¥ù"@Ãw¥>£âÎ9sÄK’èe—©p¦ÑÌuqzžî-/”íÞÇyCO’V¶u˜n¼ø‘LȘãmí]…’aÛþ­FP´¶Õ…ØÚ7æwźôˆ%=³ÁÆ’m±UŧØÌýÔ†Çæ™Yne[BcÚ£´ºê« €šAB¶N —ýRÖµ`0¨¾Ö¬§Üx±±Õ\e äêò&½£Êixá>*ñ>:¡»_ /P-Báé57# Ck¨ym¯”KO=áÒ[-9o${ ÅÊQ™Uß›³ôQßü³¿iyÜÇ Ê `è“ÚP’ž{EÔ¦+çéÛo}ÙCC=ÑÒqÉu¯b¬Çæî¼@T``¥Ùݼ¼8Ô•z—Ó“Ênº¥OJðËOÔ5¨)!?ax}qç“,Šc¬éHbè¨éÇ­î7?ß ƒ[~Ãõ…žQf¬dÜ;i |›PjPJ­ô±n9øwÅ÷÷|·Õ+ÑíÔ˜Kdž˜„KŒÍ ^§s|ÔS°@Ã?åÝŠãeÙùÖ™õC©¢70c5ò¥Ò5Ÿ¼irù:ÂçXJ&d8݉²ý:ͨƒ]À„¯W"é&Õ3Kß/ͽìü1˜5Î#bŸfÌØ7ñ$ú#ב¾_öfÌfÍÅ›-”í=ò{Óqó/ êsTDõùù¢ïÆÖ_ÍÏPHŸÍVÜÓ ûŨãú{Úë ì†4Ó Ç}K«bÙ“¾ 'Ï+Ó¬;=A÷ßéZq<ª_6§VsL{Óë£?$£\ëY 1XHB« Å8Ç÷ÏD¥)Å„ëù¨àAb ’¦„ê7­È‚F8Âhï[ž±wœèßsÃ|H{ÒÊ6kô¡gKE÷ÂU‚?ÍâÍÁì«o¹mHl8‰bÆ©Dú£ð8p]áâzÒ#y\²JØÃ÷@yÊŃeŽYIi1ù°Íù×û=°ÕØÁN0Vn#ΦŠ{qšpX²dãûÁÐuƒû®§tD‰ëš½¤&â4Nü8ë»&\uþf«ÑOì_õbÊ8Ûb0pÏòkÃÀwÈJ±£ßÀ·¹$±ñk'o gà©È½£ÿ™Nù|:ŽÕ€¨Ö2ß,ßÆX@§¶ò‹@¯‘“<; aQ§*¢êŒmš' Ò «ñh²°þ;f&õÏý tYPXÉ(ÄÑ—îÿ*ìRâ͋MI.riAÛ³eBapX,&L˜”FÄqOÕi/zÌ-JîÙŽX!|½ôÔ{/¥Êl“”2êL¦›$ôéy¶r×òèt A3È׸„–MT•˹#“Ÿ_«ê±C˜Ä%3(ØBN®fMݱd[ï0i®§¬Þe˜nùÃ,2†•³>Q~Eó“l¤Ñ‡d¥K È ¿X¤ô á€S¥M†kh_v.ÊZ°XY–×~dŠZ£þq z3„=pÔÍ*SÈá£.rYÎ8xz¡ªm:è«íƒÂfkl®õ3V°yÇݪ"|pA´q+K¯ìñÄ5ÄÆòX”ñ3³S“K¸8”Xgúy6VœOÉÒÀn‹|@aµ»§Õÿþ\1-óò$jô½·Yâ6IÞåQˆÿ¨Û.†î†!ÿ" Žíë½#kÒŸ@nüšÂ.MV5âÒžpɾT “L$*jsK€kU3P"¢÷ÇÇ‚“\e,Ѷ™ßUeÅATIˆ¼Š#DRÏãþfž‡ïDŒ4ùä;¬«"_u´©+E¸8å´•È.a«MçeÉ™¸m»ÝbîBß_S¨—,ò5žL(Áœ½¼«lè„OÞÐë³,­ÜV"éˆeÛæÅ—¶‡~,¡¸ŸÆü€¾µ¦gq8¿¯Z‹—Å}á/Å'laÿ†SÙq³t‡º¶^H·âœNwÌútaES«¬¾lfœêð~,¯±Ni`—…Ïg Cž@2|§ãÓ>ú6.ûW˜ï>µ½Ø“M¿+Ÿ $g;µÆñGïÞ—ÆøE×®Ú§qkERãÒÆc{…ŽZ²ÊZd;_Pº· t‡Èû/QOûIàÏg»–%E:)‰7‰‹zz÷Ÿt¸ZúŠ -É9û×ÖN¨Ó©Þ¶Gn‚‰å”÷,Œó¹ñ:Ÿ5Å=©x¹=Z©¥…»Qò‚Gc]qŒð_¿³—«º'í(åDZþ´î€J®­‚Iç'«_ßÂ:ŸÇHjDõlÝå„,©qØ` G¾¬†\È@éø¦‚œ—éܪðX¢ÈQ<Ñi8ºÄ|#ñ°Åò­õ›O(m£mŸ8½7¸r¯já—"Tày¨ Zì|AúßPqéí [ÈÃù3Vìlî¾ ™VÉlb¼¤.ÛžF ûoŸJ¶ôËñdË&æfƒicÕÆð+wŸzH_e«ï?ž†éw¿*¦‡½þbž_’‰OÁiÏ‘+nRÛLžy‹TÏ}ƒö¿‡§#k=|œµÉ?£òønž:¯ž;]ÚâõPÐ2™¬ ÓxØêì4ÕLGõFöŽv2ÄШó$œ²í«!¿¯û[¦9Ó}ÝhHç8E7õÙÖË];#tø³;ÚçQ¤ÉTà¹BKÈhHËœ¦}3è¨.F˜Q8)IO ‡ùÿòûÿþ?`b 4rt¶³1r´‚ûÃdzendstream +É9û×ÖN¨Ó©Þ¶Gn‚‰å”÷,Œó¹ñ:Ÿ5Å=©x¹=Z©¥…»Qò‚Gc]qŒð_¿³—«º'í(åDZþ´î€J®­‚Iç'«_ßÂ:ŸÇHjDõlÝå„,©qØ` G¾¬†\È@éø¦‚œ—éܪðX¢ÈQ<Ñi8ºÄ|#ñ°Åò­õ›O(m£mŸ8½7¸r¯já—"Tày¨ Zì|AúßPqéí [ÈÃù3Vìlî¾ ™VÉlb¼¤.ÛžF ûoŸJ¶ôËñdË&æfƒicÕÆð+wŸzH_e«ï?ž†éw¿*¦‡½þbž_’‰OÁiÏ‘+nRÛLžy‹TÏ}ƒö¿‡§#k=|œµÉ?£òønž:¯ž;]ÚâõPÐ2™¬ ÓxØêì4ÕLGõFöŽv2ÄШó$œ²í«!¿¯û[¦9Ó}ÝhHç8E7õÙÖË];#tø³;ÚçQ¤ÉTà¹BKÈhHËœ¦}3è¨.F˜Q8)IO ‡ùÿòûÿþ?`b 4rt¶³1r´‚û×Kd—endstream endobj 627 0 obj << /Type /Font /Subtype /Type1 -/Encoding 1336 0 R +/Encoding 1344 0 R /FirstChar 34 /LastChar 125 -/Widths 1345 0 R -/BaseFont /EGFRJS+NimbusMonL-Bold +/Widths 1353 0 R +/BaseFont /YXERUA+NimbusMonL-Bold /FontDescriptor 625 0 R >> endobj 625 0 obj << /Ascent 624 /CapHeight 552 /Descent -126 -/FontName /EGFRJS+NimbusMonL-Bold +/FontName /YXERUA+NimbusMonL-Bold /ItalicAngle 0 /StemV 101 /XHeight 439 @@ -5825,122 +5887,119 @@ endobj /CharSet (/quotedbl/hyphen/period/slash/zero/one/two/five/six/seven/eight/semicolon/A/B/E/F/G/H/K/M/N/O/R/S/T/W/Z/bracketleft/bracketright/a/b/c/d/e/f/g/h/i/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright) /FontFile 626 0 R >> endobj -1345 0 obj +1353 0 obj [600 0 0 0 0 0 0 0 0 0 0 600 600 600 600 600 600 0 0 600 600 600 600 0 0 600 0 0 0 0 0 600 600 0 0 600 600 600 600 0 0 600 0 600 600 600 0 0 600 600 600 0 0 600 0 0 600 600 0 600 0 0 0 600 600 600 600 600 600 600 600 600 0 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 ] endobj 623 0 obj << /Length1 1612 -/Length2 18185 +/Length2 18545 /Length3 532 -/Length 19104 +/Length 19457 /Filter /FlateDecode >> stream -xÚ¬·eT^ÝÒ%Š» øƒ»www÷÷w‚»»w‚»»w‚ww½yÏéî¯Ç¹}ÿôý~ì1öªª5kVÍZkìMA¢¤Ê læ`”p°wa`adæ(XÙ™¸‚äìåT€®€¿Fv - -Qg ±‹•ƒ½˜±   4ˆM¬¬nnn -€¨ƒ£§³•…¥ €Z]E“†ŽŽþ¿,ÿ„L<ÿ§çïN•…=€òï‹ÐÖÁÑhïòâÿz£*p±Ì­lQE%miIµ¤‚:@ht6¶(¹šØZ™ä¬Lö ÀÜÁ`ûïÀÔÁÞÌêŸÒ@Œ±„AcÈhjõwÐÃèø‹àt¶³þ¾¬@ gc{—¿=pqXÙ›ÚºšýCà¯ÝÜá_„þFØýõýSr¹€L­]³*‰Iü›§‹¥±Ë?¹AVÝó¿‘f¦®ÿ”ô/ß_˜¿^c+{ÀèáòO. ÀÌ -ähkìù7÷_0Gg«ÑpYÙ[üz€3ÐÂØÙÌý…ù‹ýOwþ«NÀÿV½±££­ç¿v;ü+êq°rmÍXXÿæ4uù›ÛÂÊéŸA‘¶7w°0ÿÛnæêø?}n@ç5ˆúŸ™¡ùKÂØÌÁÞÖ`4G`Rppù›@ý§2ãŸÈÿ ÿ·üß"ïÿ?qÿS£ÿíÿÿ=Ïÿ -ájk«`l÷wþ}ÁþÞ09À?wŒ­±óÿ+ÜØÎÊÖóÿ°á?5ÿ&ùÿ#íbü·Âöafdþ·Ñ -$aå4S²r1µ˜ÛþíÔ¿ìêöf@g[+{à_EÿÕL 3óøÔ,­Lmìÿi=û¿]@{³ÿ$ÿW¤Qg’PPW—¥ûÏ;õ_QJµwQótüKì”"ï`ö¿ÿ`ˆˆ8x¼þž@ÖoœŽ¿ ¹XX|ÿÙþÃò_kycg+€îß’™YþUøÿxþk¥ÿ0âö¦fÿÌŠª‹±½Ùßñú_†ܦ®ÎÎUý׉ÿ[ðÿ\ÿkÐ@ )Âê’ƒ)o°uzV†K-ÎáI1Ýþ^ÈáÇÒµ¢‚€Ÿ=þéáÛÜ•Fo5!ŒS<mž‹'Žï{2´û£½Ø¶T=©À‹|_2š¾ô ÊNºýïL¥È§šÑÞ— r[P:Ìû&•U JÞ`§:¾9Ã]>Ò¹|!pDñ3M«ÃêDkè-<9¥L:z| 깆îÛç˃§àuƒB¦Œ -pÊÅÔQ¯ôŽ ÉhB¿n¿ü Öìö6È£ Ç#´“{Q²È_³o—{K†ÎhäK’w–jÝ«Ò¾š›ŠâNšâžýñ¹îJ!Âák"øÔ3cC4[O4|qEÝ -÷®µûIûÒ‡òc~dZ¹³´Þ½f‚™a$µ -E´ÕD᥷,"k |+Ë ·K|XÐ4áï赩9•3û¡ï\›õU‰ñ¤9ì븉£Ð¸ñZlà—ÜpPÓ•ŽÂ„Yñ©²g‡ßE”[?>yB¹ÜK”–.buúSc©zg‹Ü¼Úcòhwqj›%þbpŽ8¹wR8y< -¶É|öx˜îçÉÀa¦Ç¦=Fzåq ×q¨ë 6)ÂÌ|!0à‚‰§"ŸÜVØN«hˆ©ƒ²â¶ùQë[M,Oy*ILM±ÓëÈø*ÊTv8_ v´AhÇ *‚^ƒ=;ÃÞxÞÓ<©¿ó´Í«î¸Íó0 -¤Š˜B _g&î­çxL¢±rd´« Þ’ÄÅ\I¡?YÔLÆ$ëhø0¸á´ðæ(#©Í/’ëII*É/%Ž`åÍÞMJ͘]£í…ø½Í,ŽJáñã*ds÷wtð¤¦%? 5fÎçÈB*²?³†´OWl¤Ó5ëN‘¿ˆ÷·§³šãæpï>?¸-¶«­cúR?éuº¤ŸÅÑ' :­E7™À2BWæ¿¡/õj -jýÊDAD›oʺ´ÆdüË”zj.ÃZ8^KïJ9xí–j-`Ûcõ1ÎzÉÀ¨cw]Û ¶mžÇ£HB²‘¼{™™Û -Ç¡¢ßÇ -Ÿ¯‚T¾ÒK©M^ o…Å+e‡»kñ'æj BÔÌ[ÒôÁÓùGv¬Åië'fMçÜÔ­µ¦4/íûOÂeu ÷yIýC‹F~Œ—hYÇiJÚ«ÞtB$HÎDÈ89ÆÞ¾J»Æ1.rÑ©¾j‡~Žïb -@ì œËîÙ‘SÊÞW4^vF­ñ Å›`ã¢Q–wëÙdæÍ_DqWÕFv´±.ä ¦xû˜e5eËl!•ð_Ü)_öSNðâ +¿CUFøØ‘P²I'£X}Õƒ›žR1^T{o£Ù5O§ÁX?—2ïL @Ë­²&µ”UD­¿|ïÊD 2z3ôx!ìn\Ó„ó>4¥ž;Txé)7xr>om&äØœq$#z“T·²ŽË &QQ2_`ôÍbo~kh̾Õòœù -B1â+$ê .7f˜Ïv󎋸ì\¦ÞòÖÌ&†±Ê½€‚q9ÝS…ÆyðX¤¨«•IÝÜûz®üa=‘-Éc'µ6ðx(\¹ËÕÆŠè"†L`ªP®‘Åí“/Ä‘ ‡1ÍÌ *Ç@_ªD)´(f'yÜ_L{qŸ›v‘ø‚ß ÜÏ/5>EÃ.5“Ü ûà4™­t6?#(ºÖN!  ÿ„È,pLÊ^¬ù@|7=›âïFUCñ“£2^^ƒ ãwضrë¡—9ÔÿÞ$ɾ٩ÅRqÐ Ui -þSÙR÷ex±$z¹„Äg\Ïpuã÷[áÅYUEã ÓœGÆÝ}À¼;LÅ•\tUÇ’Óâ3íAà’àÙ:Æ‚¸©ØÞàµ#.ùz]^¡¯¦ÔT¼½ OB¥Ì%KoÉÍd1Ø»[Mq 7u¨£<“KRÀ1¥j-²Ÿ”LxÔ;Î'Š¬ŽºbîU^¤óÛ§Uq72 q€yОô‡r2-î@˜­<š=Ñ×¹îåIÁ/³íõ3é SúÔ»&ŒvÊô«Òî¯ÓkQÓðêF¬6}» Š„üíÞÈÕ¼û£í>d ;ˆ›¶j¨š)æñ1š}16§¢rzsµ™i\—áˆ(6½iLÚö¼«ÜˆK,ÓCƒåP"ÓjŸŽ@S½þìÚ‰°øߤ3i¿¤ å:‹û0$ý`U1¡…í-µ.„S |èUD)ÿ ›fOxëÑ¡[§¤aE{z)¹ŠJf^–ánÎðD¬sŸs4…zÀl òŸ\Ì¢&<ÔêÙGkÙ+^®Ÿ~§í‹Ú‘žÄªd =ˆ[÷ê옧€‰Éf‰®ºùH«Ûq†¼÷€¹–Ws³—Üéu»Oç’Æ —`,*öóN B“#ýbƒ…E͆þ¶+ÝÒåÏUûZ·"zŠþõÚÈ-w5XV²¬`.o‡D”a­ n°D¿ÙXrcr†¾†ïíuMmŒ OM§QŽõ©T,Î:¼“ôéÇ*¨|Ó'~Â줪ÓØ`Ú,&£»Gs] odˆ¿|-5Ë -ðóOÈÌ€ºö3ÊòsFdÐàÏêþÀ öïÎtº[ëqõŒQ v$yÖÙbw -_Õ'ÙW/t¥)³Bkl@ÒuoY‘$žÆybP¤ÉˆÑinµdè—ô{Uþ6ÕËôÁ½¸ðLǼ«‰ð¯™ÄmÐFZ¯Ôçt5ìÁÉjqTWeec±²¯nB=´ŽÚÍkV7pê¬IÄu=ø€}~ µ}–ò%UUz&á꬯ræ^…+"£‹8ízƶ õìù4Þ‡ºq’ÎŽqÈêA1jäáŠU  Ai<)釭“ïÓÉ3ëÂSU#ìœdÅçsÄò17ÛbÉøÙ÷ 5°®;ºì’L•z]õ»ð…)}—Ä4FÛ 8bV”a0cÃËŸVB–_]Ýh…ÓT?Øžl V‰\ hHЯ™õÜ¡½17kOËb"É×[“À‹øY]¹5¸·ã#„ ÁßÃüû ?ô='9«Ê³4$Sƒ¨ØáNr4r[b’BœÍû–ÇÈ-2R5u*¢÷ý^¨Âu¼%=MùP.J2:Uò…bíÎùg°CÏ&Î!SkÈ..ï%Ë~/»ð×>A -3_^ ‡¶š. ’‚…)Éç Šá£ùbK§„pNšÿ ˜®Øø±md»›0 Ñ¥Fîa¦ÿOVèsÜ/$ùT~©I–ß¿@:À»R(¸¯“µ ð=Kì Å]A0Àµ‹µùµë­†+â#ëàîIFQŒÃêBúBO—ï" %Òe׈Ub©¯œcªm½yFš ¤åJòm -9’þ!î8IÑ›C r-ÿs[{œP–óe›&~b«I¨/÷­cG@X«â}Q%´ÚkV{=¼{°Ð$á#ú®gìÖ艇䅻Õµs8_0.ÃÕuáDœ>üfœ#RêEu`5¿)Q‡Ù1D{›pcª¶ÄÌÙâÎ#ö°Ô?§9lS£j|+/ŽTa*ŸláB™%奱û©67×"ãÑŽ[,èà¹*q5UáAa‰«1Ÿl;`8]‘iñ1vlð &›\)Gü-æ~)G c€é§Ç²éä$béeà C‰5Ô!Wõüs>l-Ã7&“OA&ü¯p§ßï M¦ú3¢9/I<˳!XÑo¿Žo¬}£qysàuŠ‹â¥UD |(’*ø“zÖÖdÃ14õòc‰‰»íúMSÞ—ä•4`­ÌãQ¸fšºƒ³Ql‹9þˆƒZ›Ož°¾[c—œ·G.&"Ñ„ÿ´beM*Då¤ïýJf\f‹`ˆp·•>ƒìñ…Û]®»ÐˆSÀ{H÷0ü "ahâx‘[Z0EvøæzÍÀ¯ qi#Q&û¬i$€?Á^,rP-j&b’ŠÊ‚q Ø•¡1à03œÏÞ7ñbäzI¬|â·Öß­G÷?ï=´÷B`Øm€ŸDÇ6}0i:ÆeÃùUpgŒ-}-§¼~`[ ç=BbW;’«š)FâuÆ,D9ýÂ4ZÅæÈúü±ËêŠ_5¾ó¥£74ª™ö4M¯w#íçNW51ª-?îÅò†Ÿ£+ߎ!±iëêxÐIUñôvdBYB½‰”× -,°ãzy—øg;Šy¹}ÂÿÌø±UûF¥’­k'Ú¤#È3¾^*üLçÐ9$¬¬=Tð›6‹|Ö|üÓe$}ær€~øá«’Ê]=ï¼þ‚ÙÙðÇiߧ_‰´@€+Ê~Ž ±sè3Ú¤5yÖ^í8ÅÏ,ˆßVω;ú IK1ÿÉÍ+:0Ç6-˜úv[6©Oì{)®+vÕ,¿ûi4 ‘¼[”aýÁ—+QÏ8yç3ÓZ¨Í]Îñ0!8¡bÓ) ©uqc™fT& ‡ë²,•kçâÛ‹¡„»e~]Xß¡c঻äÛ§ÂÈŠ_­òYÁ;Ï6ÔÜ]Qb›g{Cæb0äxc{vFy×T"ïÌÉS -•W½Š1W\ÁMÞ7ì’)Ò”Èã=ß›¥Ùµ ·`º¬e  ŠAÿú‡g¬µ¥ê˜'(¯Æ¨¼H¿ V€zà´a€|³É*g¥)Lè÷`{º3ZYhâ 㛠0ÛB嗊᧠ÉYŠÓ÷k;ÜÔjÜ“E×n,KËÔ.¤E͘Þç»)©…Hå´ç8v¶\~ä/É2Yˆ"Ým/™üËGøé’™]8¼)²;<#…}âbW–lüݥМINì¬IÔ²yDV’Ô±UqVV/Ü2åvÏÞŒ‡CGG²EúèR7!'ƒ…¯-mÝ~¶_[OëýŽ$¥§X^¾‹DHžkÈãL/K… ù>Õ£áKyBýñâÌÉÚY„iÿå SÉ”› þ§X »¨ÿµò&É7 ¸†oÓ™þºŽƒE5î<× ÷‹¶ÖÄô'ÑíÀgå\¹<2Yü’˜Oü»dO®õç¹xØAychIx?ó°¥h༲„Ý6šEÕìÞ¢ªµ ÏOej{C%„=|à~ì°®ÂW⢎t>jœîµï -R*F/qY ¶Ã÷¼ ö"A±yjat_ȧÅfTEJ}Œ;íUýÊe„s—Dà¾Átµ -Lþ#ú%L4VWm.„½dlŒ‡`uÜ~¬;K|ìWwºˆ¿B¢ýàqŸÉL,Õà¹ê2âÛDOä¤Ï…ŠªÜï?FôÅ6ɘª$37T:΄M”Ü|û*FÄ‹#b Î-Âç{ýÛ…#CˆÂmbË:V÷Ê`ÏMFSNó|N2y]"cPiY -w.LKuûzrsàv YõLkôÊx¼Í! ðgÞzW 7)QâM¦°Ü8i¥ÔaëJn ’ÓóÌ -<à°ƒ>LUÆ4  ¤fpÚZ6½M®'{6üÝühÎv¾sñ–7`ô>â'Ec©ËçÔ8Œ)ŒvND–·;Ó1µ¬Ðô«€1 lœiL‡?FßÞìj`ŒÓ/DX*›úMH•|ª¶xíK:"ñœœ†ýúH™J$¾‘ËV­d|¼’{‡äZ©¬ÐðSÿ;Ü®Ý9îÒc)»âÁ|Qžn^KLæBuîû¬£Òî–“0ü,¤Ðï‚›¹ŸòJÍ^½¬} ÁÅL"wEV+*…–:óohåZ—àøÛ;Òl„Éñ£½zŸY åŒ¼«}Ñ¡ç–‰¨O†xBùQŽºÏÅ*‡Ö+µ÷—¯žX"þ›B©Oi¬a -«UìúªAŒßDÌü(Ç€5QR«ÒÛ™^ý-5vò×Ëb„º`§[î¢JÎêKÛm-o“%Saã¿sáÐÿÞZÃö¡|œ^ŠþÊã9ŒR´k%¨X³i‰ºpó›åö WÌXÈô‘›¦£5~ôHá(•VnWïç½~ÎÙ…Cî_Fh6“ŠüУD;0OW~½ ¥0^wyr÷Oü­U>?ò»ÌICÔ„üôjC{p“tÿÐôDIåö­Q‚—ê!J¹iBÒ”„–—0)òÊ4w}QjL!=;Îi5”§Ìô>%÷³|jÊ)ÍY%Úß}Vñvï‰ !sfƒÁñ½ýÐùDÒ-(œOw™ ÆöúèÞ]m(ïâ<଩ªeÝ_ ~k§~¤ùLÇGxø_w™£×B‹'ØÁT“ íY2%‚ÏÔG@ßçRÏ;üݶ²“¥4ÔŠ/he_q -.6Š¯AýoÆ%ßð‘+‘©gœˆÀÛ²ØÅ4%f­æËP1÷m¥[5êÊžŠÕÍ5ik’VÔ©°¼G^jpo]äZ, -½ÉA=Å‚¤Ë‰x4EkêÐ36_ÃÊš½¬CH¹¼ ÆÑÞû1•öÎ4+W@Êå`Š0\Ñ’¯7GŸ”À0Äô×òä&$‚zT½j¨ÂsùsYX‘ý†FÿçRsØ|Ië•)Û¨æ¨þ²À–·º1‹çƒUÇÛžÏtqêÄs;ä%S´‰NRÅàèŒ>vÂ)Áàw× Ž>ïöH¨ˆ®&¼è?Ä©ÈÇðæmß#Dåp NW½Z^ΕCrÐB©„(JµîLÑ3¤š4á¦}¼™™NÜt-÷s꧋ - sE]©‰`ò6™=>î8é%ÂÐs>N´žô08òî~ÿµûcUð¤¾Á.5ÆÄ*¬ó8/¤zWt÷Æœ~×>uöRméÞ¨£a?±U~"rNÄzë`~³†¸}Òþ–9Ys0d}H v?’bœž¤±Îc¶3$,c÷Ž±6ù9CÀÉ”‡—;k˜Ú‹Á²Ë¢\¥ÓEÓ.ƒmPè¶wµ~Ž”­ðþböõÃË}rû.“¸#jdFTèS(<†þQz_´%„àË#˜fô¹bÂõ‘”^Ó?œÐå‡ÍÇ0›JÆŠÉEÀ&I™¶{)Ó8]#ÃLìÁ£qÔDƒÈ„Ì™úØ™8Ö0ê!7ûy•y4wZl}»›p‚ÃËf·ê -}r/öewÿ¬É¶וqk鿾ä**'âqùypaˆ'-K?¯ÙÀ–ƒÁØwMA»+²ÒA)u…uô1¬Ÿn…0ĉ»)¾TZ• §^ÐõbØJVíbsÑ`®¢•óäµ>–`$I(qÌø÷Ï¥CÍÝbÊ¥§Å.öBŽð¶/Ø×™Õ¢ß(²-aþ -¹—¥Ž²*?ŒO,âî N¿$Ý#ˆ&9ôôù³–”–ÄmûIÿ¼¥×W©3L%‡ù’Pa+Ò²ÛÑd-†{=*?4`\‡öÞó\1‘q¤¡lkø³`³IƒG×øõ‡Λgºe)¨˜xÎï>PFS¯y’¢>l„" QÅQIåáÕT{5û³&ì™wá/yÙšŸ|ž~S`ëð+á“>òθf53·P 3ĭʺ¥uOJÌre¯0ßÆ-pÑVvÑ8hs )§Zõ­1ß{d˜Ü àÁ˜^=ƒ«zu âhV¼Ýh|{õr‚‡€}$6'2Œ;K§¯;¡ÂoµeÕ¶í\ô4ŸŸ1Ãxæ£ÇóXT»V4Ê›ªiÔÑ‚“æ®›'Áº73þ*onœͪRÏ\ET/¸ OkÒ]0EJ[JD%()gŸ¾“’<$úíGˆù¶—gûGõ9N­¤Ë,©ˆBú媧§ÂBÙCÛ¢1‘#)ÌpäæÙªÕžP+ -Û{Í6˜«¾·í'ÍÇ°8ÿšŠèKOå¬eŠ3«Ñ[s …¡Áà<‰–Ï´œt`Húýëu¯ÜØÊ_kŠ Ñaöç{­ ²\óJ$¢ÀmáþùKÒÁ†×~×ïâ¬H,ã§d.ý‘Þê÷ÉË%ú¤™s Öµû+uJõšÐÓ@×^#;¸r„ TÔ…šÝ¸?†sˆ«2ã`ñIÏIŠêܯ^va‚¸pMEçÙîܺýCÖ& -J½Èðo˜Ðæy‰‚áˆÛ¡9dõváïv¸ü:²Ã¾ ÊISc…öQ1}¤u¢Ш¤×©õ©º¾Ô,#mõp<>ÞGìaF™c›ßß* ‚¿ØÁVÙh4gÅçÃj·¥FÂtšöÞ‰á¿+ÑÚ0§Ï~Ì»ž&±k²àæ‘éoÌø–Öæ(?ÝãäjÍÞè)Üæ!,^š -ÎjªN§Ì‚¡êZ/(âiÓiÍmáú‡E´r•¿Þ`]© «Ô†-UuܼMøIA ÔæDr)|ò¥9Zvw¢¾2lÕÈ¥⨡gÍfs2ëéÅV|gÐØìÓo³’›ÌŠÎ}Žk:åwéf—FÞ´{çªÙÂ@Vžf#ÙUÞúµ¬Šˆj+·[i!ÊÁG1-¶5\{”ôã0Ò­…ü¦ôÝÖæêëùd”­Hæ Ò ·)Õjëy#ñj5¸ôŸ’LÒèÎQÚA£ug㞥iE7^å‰òæØo¡Hã…B€úÙÚë¥éëуk’)Iï>Á2CeN£©e¾hwLñ‹WI$5>íU£n2úé+çLR'CßF¾] ¬¼ÍªŽ”ùÀø¸ -ÓÇr„>›jì‚é‰é‡f´¸ñ°ëí –Í„Z‰uk&0¯NRÒXÃã'c¤­û~­?…ÖÛ½2q´ûº 7E)‡þ¸ÖjƒéÞ$YêƒkÕ” —äJAŸM)9€ÅíñÍ jd.ÇöÓ>±8‘~« kÏP¬ío­ÎP‚»+læY"áñ·8pó -”±v“²Žk@9â¡i"›¾8üäs5q|±µ¸ ,´£êú5X_Ǹò õA²‹‘ŠâðpøQÛ+é[¢ëù³ªüÈqêõBo> ‘îðŽ„©u§¼^ F¹èó«z[( ]Ú&øK<ä„æpðW+xO*c.SÒa”}“œ‘þþF)J~)m‚P^1Þk Tù1¿{_ ];‰‘5¨Sù‹Üâããjð[â™cûMË·têÌ! ªpÓz Sª3y<0âß-iÔ|ò–œ%_oU°~7¥XíÎ,ÊÇÂÚvS_}Ü]LçŽ °½¿zÈ=®ûêšmjæj³'ø‰²•ždZí|ø.²$Õ@=‰ùå–ˆÌwÁr8 3<ëUu)‘VkŒ4Š®]7¤JS‹ - ØÚÝ®-ñX¿?¾‘}ÑEµÞÄ)¦…‡!Ö †Žü™³&Âù-èo.‰ånUbÒHV›rjúx¥ÒP´^1,´àõd%%3ƽ.|<ÔçgÓI˜Û+<§0ƒ 5ÛVЗu™¨¡t?ÿ2ö‡Qü!‰@ú,cq!e¸èX:¿6°^ŠÌ¹¾e%eG&Ù&4.³Ž{[Š8u^Þ¼ÿcÉöI¬1¾‰Sã+&wTwe®Fa…ÿJC`‡üjtË ¦zÄétø·^â¹ ãX­.mP®ÆÏ°àòÑ×IÓÎ$þq[M¥%;fH)Þ&•Ž7¥fjúV½Iо2K0^AloH€k9Ùõ.œZÀȻ褴{¤?\„*&¥¢Ñ¡cò#{ÄuÈsuÑ`©Ïœø‰3£¼iÉÓ®™CÁÀ¥³o[ ;Š,mÍ1é?)r·ä£_0žžž~M¦ÔDþòŒoP"XúI‚ø<ªŽÄš¶•4Qr±Ñ—YW7¯ Zä*Ÿ?5T†¸EÉ¥+ÓÙV%Ù@ØdÅeÑ-M7êë®D¾¾$ÁÿE_h/Sìžul<8E¢]'0JüzzÌj:йf\ÖÐøpu”V!ùäT?î—ûò!Öî)êaäùÁîÇát3{íüÐþI»äÙ3¥eµ{^l&vãIÊ>Á«£v“ÖýÃ^–¾M_.@«˜*Æ€áM*DJwˆ}¯8þ”I»A¼¥Aî;­Ü(áT¢#¾¥. ª\bÌJ±¬ô‰d"7NÅ8뿹÷³…ìE$m_8Tâoݨ±ZvQÆ&MŸˆ6cqlê›NU°¸}™µ¥+H§ýðŒxHÄ„GJ¤JT…Ýξ©Ml}@=ÁV&rP‰’Ë™bäN_Ê-€}xŠñYpèŸÔEWÇ8í]eE³-dmÏh C†ýÛj=ÿè(3®–>é¦K #NJ¾Oy½‰s)¼àèÉL¦!JÂ|?$°Ë h‘`G0oä´ÖÈ9Èý•í¢o†yI€û¥œ^i0+V+z¾'0óT*) )ôòzßyׄfË£R>• -ßìàÝ'­³ÝBû¢ÉEyc;8ÂVl®?'Å|T¼GÒp´˜´e ååD×Ò÷4îˆ-JG‚…L†ëAù¦ÌáUe~­æŸwƉÙ”4Ønf‡ª×& ‚êÚ‰„ÑÌ Ó4m!Dbô£û ¡šX𰚴߃¨E¼½Çü²ƒ1PVQycáÿü`J¼°i¾"ïSZ¢î`ƒ|LðBú•Q¥f°ZæØ2o¿;øéžK•½x8ÊÙ_v6^¥5R{C0ã&¨Sæ§,YHt=­z!§­:|aÿ°JüÅá’ès]¬ä¾rcÒH²axGFW;Äîðþ{á -¤òøïlÑ×ù>Tq­@»È:…~Öõ2Ry”ά­Ù÷A”µs¿oÍ8¿™Õ)w€C pÜÓ t“ûηwÉÜQáÄè-Äl)áŒyO7¥væÏö±0âª2/‰O–ßù†ô¥¢–¿¹dÕ…*\Vȉ\‰H*´Ëœ‡Ã‰D²¿ ™9\Qš‘ƒÖ碴›ö¶MÚ [éÓumMU[ú©î²Þ~ p:LDË~bŒãŽ¦²§OäYC餤2¼ ¡böC„í¡Ñ ÐçYT9´Å3Wx«Žbhø“79 ˆˆ"x|:ø€ØàO7—_Ö ×´ -/9mö'z´H¤ò «xMö+­qÊ×C15{‡)äxŽ!£/ñókÅPºÜ_RáÖÝÁÉMYTA?¢-=?ƉPßó{¥¸DZÕmëM9Ä+1¾´Æêõw0û,š£D›BhL‡T)ó˜Öº’wMŠ»pê/æp…;ÙuË×q(*È¡âµÁ àÙòyÃEË# Càž4°Bíø"pèT^Óèœt¤©§²«TãÃI;†ö–à“5ö … •8?¨Puãgs¶yXOt7ï€Þ’tÙåñÅ&%l‹Ç{õÅOІ”óù²”®'Ø9ðùW#Rã¥V+SlF¡zEi¡8š¨é¦vF"qIø|ÒpÜ7:O•ZöN›Wö¤R1O´±ÂA—Š˜òÃr»U>µvXW^Ë9·ô"d‚õe›Ö‚´®–ÎWO+©ÃU1{´–à/íw¶[¯ìKô¤Ú”ªÛ&¤ñnœ7úv_˜n rŠæ+¦”Þæb"éÆg6Ï “öÝñ¬Kà-'Fšá£K·šès§ñ¥7x\,S¥¦1ERÍçŠ}-j9V®ùu©‰I÷ÝßDó¦!=dt·PìKÆg(ÿ€þF‚%'ɤ^»WñŽI÷´¢ÂÓV" áÁu»¦T ­ ný‚kpqƒOr“\é*9Õé=–ø»}ô”ÔÈ…jÝâ3Ö×»"›`~Ÿ®u àÙÇ俶ICNè1ÌÂT8¡'Ž–¯½Ú–äæŒ`ê§ùNj“[–ÁÉ0Ããgá÷IJ6†RÒ-;8sµ±x‘?¶Jœ Lü¾°ß -`ž·»IÃ^6ìì F!Z§éý&Ø­Ï:6 ’—(ü²6ÙŠ¯pÖól’²^Zgié^íèéÓ_ÉfñýI lnŒ´«ˆ7T^®O¦–ÝX7Bˆ|ý.k¯cò®õ -5, u\âuºS˜©G -¦3\磈[°élµ(GÏã©Sø#Bgñyn©>³}?źæ9gœ©¬‹Ýªµ;Vö¦PìöîxÀÓŒw.éWÕØrÅEYÞS&¶p;N~銤€4·§jòN -|ÓØÍ Q Þl£ªŠQ]gó+Ò•‹9ñí÷øÊïŽ7æ Ÿ¼ˆRYoîɧ|ÓVéiñy³ÛnÙx=§|“3/Ôm=ÿ¢S«ÊRVj¨_«WØàÙRÛÒ‚E9[DÚI’ù¤Žq­ø0išŽÅ/ ròoK’'câÛKáïÍ•mTdl]M+OšSu·àŽ›Ì¬‰Ó·^ñ‚J”uÚ³ˆªÁå!žôÚ[í¤DÚ=#% ©OÔ8À̼Âì$HÕeÝgÐ)¨ÆÎv¤¥ºL!Ý A^zV7¨E¯L§"KÙGç‰.ìvpÃW´Ç Ùn[Âð|¿€Ž%Ë[ßN€T2".É+®U hu%äë›ç¡’ÎJʳâúB½Ö- ûJp‡Z÷6Þ´æT† Ëû<G×Ã~ñŸÁιf²â8œò犊šâÄâ鈦èŒXk.VIŠ åE¹.„µÐX¾ôp§Šæ AÁ¥“2TOkÓ‘˜?Կ¹y3˜R‹ke,Ìl.­jaˆXáÜÐÝ`ü|D#id“ê¹J×@ýÈ0ðÏÔ”½ÇrUêMK‘µ6%(¸•—²2ÇÜ/¯Q`³~¼—•¢ëPYì”LJ±››¦—ñ@?9óñ‡YxÀ›CÔÊ^Œáb©o\"è„ææÓ¡‰-:(_NUù&Ç^ ñ‰'gD8]¤“¿™c782‡ƒr¡û ¥3 ÈßyàÜØôõ¨c76)áypRæ“\óJÁAØÀÔºîȾŠõâå0’R†›Ð$Öþ94Ý׊¤jxÈc®¤,÷X„~]ðöÂ_ÞI$¤h)M ‚ûê;¸WN¹È¨½v ™äGizøÂÙóÄÖŒ"ï¹¢ «,=Ónù{MQÇ19"oÉð¹åLâÐ%2 NŽ¢ Ígšw%CÿŸ,¦iôè•´«Í«ÇC¾Ù¡b™8‘¸'?D¥&äg½Q_™ŸÎ•!b¨ Y×ÈÓ;6i¢škfQ7œ¯á÷£Fáç6ÂEççž®gx^­bq´ýŽÐA˜I &±Äþö¢±”–Ù<ÿ«Çåt=äÊi]Hf+ô£ÖkGA¬Ð ÷û»J1’“´¦lB0ÅHRÊ•ê["—£O"ÙYs[g&-Âs´è“Û,;Ì6¸îÙV»,ŒŸPÜþ&Fâ¼e½Dt-É ”o1½GæÖL[]I¶±®¹Ñ…v•]ƒ4ÓgV²AQG¿KÎÞ”Øì¿Í¸ÀÍu}…Jfûê s²(X6:É¿y•®Õ€œm -çK±le‡MD¥ú¦—ƒG!úÇu5Wå’,:µöùÒÉk6ßx %LÑ·'ëœt/ÄCç䜿râ!•Ò-Á—:–ío£3mg±F8E<>pÂkÜâHn[yÖ€‚Œ=«zÅÙ©êg=:$bÛ&°§Œ.•·{ÌsL7 è;MKæ\°Ç”l’9yÝÆL†/:’ -3•˜pÑܲWö‡0ÃüÂÌì£VäZÏ^„Ì΄|¸œÅ¡§` ô/_ò,fwµ«¿]îÄ·ú…àüû0 ¶pc9쮶|Ú[5ðX*Œ‘tUJ¯¶ÍkÖć¾ob–3ÎYEÎ{Çç¼ ‹†ã„7ÉtíX¥0ÕŽmÐÂxÕ†ö÷Ó Ü¢Â[Ö7`ÌC¬³i¯Ù‰Úµ·õ¢ÎRœÌd×X­­ßuMké°êäQzF–·\h…õmŒ_¸N©ßUÞôæÃl ~kçË]Í¢ù¾ -ÏY‹}ÿà¯ÈCÚ5¢8¥>$Þ uh©@[ÿ8­•®êLíjûÐþîbømWò,_ÁÿöÜ×·•&#û%k_º¥êÏ©–$¶6Ôcä®Ä“ÊQ†)w€aÐ)üÖ–èóŃ5:•°Hf(NÙva‚ð/byÒóé|ýï'§°˜ýæLyk¦ÅÌßô4M(2™Ë:ó"÷–D&› ©š‘½Ù}~e&œòU•[Ö4É‚92åôBG(¬2ÁÙ;°4¸‚Jp¶6 6Óž¹X¨Ã€Un[кCaÐNdÆ4£ËüÇI”¬~fä½\¤†øö×æxò¥ÞÓñb,Šó7:ܘ‚Î/ó„¤ÉÁ:_¸|hfp”ëÞO³ÿ~î:··Gû_<–âé䧷—Rr”¿œ 'æ+Ð8ÿ Z"ÖÕ+À¾Fz‘@\æCȃyèȹì ïŠd[…=ßõCÓb ®™Ø@<¸ºñ;*Í’Ug ›.h"+DÜýJ -¿®îÁùª]=þð>+û§ tEŒ%üQ8v$3 ;øüñÍ¡0 Ÿ(%ã¨ÑóGßõ#~ˆ?ef ò½Óù=EoGKñ=™ÆQ\ëFöA¸w¨Ÿåаӈßü-3ªBò‹°çl¸yV–ˆŒ…_èˇ¹Þ6i=íÓqŒt¦pTD1C…ƒõF—ë ôl™Áak•Ÿs»å¿ð]z5g§]?T^ë#žoa>›‡‰á²y °ob£p"dŠ^‰Å­ëô›6“±ŽÂÍó]hX-nõš^¼Ë‚ ²g6«iím?w`?Œû[Ae¥´¦0C-QÌRÈp\ëŽòž½fÜÊîJGõØ›h¿½r•§£ªh(£ˆìøÝßEÏhÜ×»4Íb¹ã.Õñ 5wÚÌ_ížD°½Eß-Èuà £hÚY˜d¦on-¨£q{5Gíg!AÔžÊü©ú×(ÓN½%°U„ üö‘‰³°)¸7ÈÑ!/Þ¨rF¶8»)¡ØdétlR Œ›× F¾1Î*K$vº²•»¬;2mæÎæßK~×  Õ¢Ûœœ#=¦o(þ¼‘rŽ´‹{K™ÅK¹)`áuqç]M,P¦È,½*a¡øÍÂ1¾4ø{ɱ¾¢µ©¹K: ÀùÆ–˜pHv3Ó{NË3)€]âì¥jÇÊêMs\É”u²žÇ½m9‚!h)㪩!R¤Äç’«êAu/ ¬„oÁûl’&§AðdÙÞ.Ðè¢Ç.QèBÊáÁcƒ²$‡ÜS§DP¦(½ö¼Û×C@/¼.Œ|Òfɵ\’£¾µd€‹¡Ât²Îí ’ˆ†"}ÑJôb­"j'‘Ú“æ‚0f»‡Ì8¢ŒgÇZǬoÙ†U.BV½|Z¯èœ… x2`’ãÍȧäe™!OñÑ}Õ`VmÐ9ïŽònxètIçÓ€ÂÄiz¬‚¥Múù)³y¡ñ(7w÷’«<ß5îƒ=c6.Re™íõœï˜XÖ€]ƒ£˜rœ«ýfôxëh)ÉR"A1¼÷iÎœ‹•´ÈNS¬ -¥Bõ&ä"ÝûipÈ[9l{6¨C˜•*ݳ¸wõÙ?hÜææUç Tê#²ðZˆŒlŒÉAÙ_í`GBþ‚+7MyEÜ…Ò"J?éÝ%Fiß{AËÖ“WÁs¯ 6 –¢Gl9—×k—ÖàEùËÆèîѤ’G«[‚Ì£K™Á°ýˆ8·XIíÚöá-õjU"ð*{€»ÛOÓ¼ÕÅÂPÂ\ µj¦8ëîVæ÷Œ<¥ûïwç— -é&»ÜÂoø0]þS*(:‚‰Îüí'mn¡ÝòÕWnÉ |Ur²30£à¼Ä¡tI•ßö›m0l×o§©QLÔR,óècʳ‰/Õ>‡QÉcöYUÛã w‰à;•žöz µ½Ží›'çð¿}©Ÿa8Œò’ŠPQß‘·Ïý4‡Bឧ5nD'­7ÜmݹJÅ«¬Ä¦9cìa„à^”T P)¯ÍNÊê!¶k*H{RwÃ!- -“jÿQ$6]ÂÎ׻،õU…ÙI´Ú ÑLÌÎQEÒýwu’å OËôiwïèc¨ä<^_®•XÌx÷ñoù 6âZiÿMmþ†Ÿùå”áƒ_³ÇšÐ~8¬ëÊ eSœbDƒüÄ¡ð»<¦Ý„¡´ï‹ö|·Û"#ŠR:¨¸ŠŠ´`•HÞ:ë×(¤ =ô!üˆ ímpéçö+ÂzL!â<èÚ¬bÐJÑ8¸NŽPÝ8û‚aðŽ -5{V¼ƒëÁ¤}bªyñEg(+TÍúïA/ö1å Œrâ-ôeÅø<¨YÄ&ú²:¶j´Õ@ß$Å[?z® ²ÇáÅ9í)DÖ a{t:7¾"eÑÜØ¥¬î|<ü‚,þ$²©î»ÜÏv,’"?Ç1èÀ3J."Ì |ý‰ÖO>ü4?m$¨¾™Òêb ‘­åàV¥— ž¯v_¶ÞQÞºÙ,‹y›Lñ2™¶b‰‘´}•VõÆÞÁFBv•¹ý&ò!‡U„Y&ÿV#ŽØ_ €Ús. -ZËNêj̹ØÂF‚ÍÍSxG\â½»¥]!(Qq#–î \zË÷šéB4ŸDö3zëCY»lÁ­«z›b%J }?LDªEÊOÇŽÌ0ÀÙjöDöí¶Dx×›ïí­|moÇÇüAjy˜/QÚ0ÊEÔÓùv›¶ß¼É…¨G|×個ÔÙÓ̘’sø{M,®^.škÓöèuœuʽ¤q”’3ˆ=>¯–«˜“Z$œ®9Û¾êNQÓÃì"ô³}œ?ÔÒˆ½ XV'ëæ/¾9;kEséjãLÌ|ßã÷;&Ô[û á®ÂÒ_6B¥E¿Ê®¢wÀ—Õ¼v)£™µWåw‡XO;zpAn…‰Šþ»Ö41ŒO>$,_?¿2’›mÀ4e\Ú¶ÀÝýšSÏa ãåPWbeGWý=‚Ûsõ8ülÁ½]x†V’²“5!Ù1S€‚7+ý‚œ´X¼RUûôˆz¦Þ¶¤8;-½Ç0"ôv »§ïp.‰Ä×»B¨õNåyÞÃï§óE^É«»ìÅ%çÞèÙ êÊÕŒâ›çRææ”òïi ¬ML÷É87â诺9ýèî¤NbÝ2t‹WÝsT{´$8˜ë§òüŸ-ÈRÃtGÓh¥ìÈJUSÉU°Kˆ+.´By`Ö-ŠQ3gföÄêüQCp -c21Þ×G0G¬%C iÈ‘Ãmr-}o2·©lÆË`Ûù?ègâÝØäû¬¶ÊšKÐ…g=ÃEÚa‚"8ß)ݸ”.ßØ´Õp¬w&>ëŽÞ#û÷ £üàäfᓦ÷HìgüÌïÊLˆHEç3ÏcÎ×/q&^+zÀÚÒ¼ Ö«ïmA,¸5m­  -øJGT˜âÿ§:ÿgÂa8nr®¯YÈMî(ÇHr4)WÈ}¤œsÌ5·±„fî#Ç\sŸ™HjµÜzr$Gî›æ˜„,+Öêyþ‡ç·çõ|þ€÷ŸYGR•Á7í?[ɶ؂À…‰‡`è=†„AÑ+pìßv«ÚeA L¡Í,&&v‚»Ac«; kðð;Ù-ìmø88y%õX½‰Æ€W‡s†)ün¯w±ƒœå'…H‡üƒâ~MW¢¤¿’ŠÔA¼–¦A¿"ßÍÞþz$CžB9;Ž‡í‹jtÙw΃ ¹é“.ÒñíŠÁã9Õ:(ÐO¯âŽ…¢º!cÏÍ÷A­ÖÝW&©!JT fþ’ã”ú±á1G}¡2Pi´¼:ÙÙ«xZÑÔb§§žçè`¬·Ê=Zˆí…‡;·›&Ä^΄2S$vÞ`­ÜœÒ´dñnbïóUdùzô%„ - œÝ£Àá²&<"ê¶v| `PÐr‡•þÉï(*È?$ºÁt÷ùG¦Ò=“®ÿŒ·õ:Ã,]9Π,2wAÛÍýGu¤Vä{ÿɉÝ…NÂRWÒF­¯;ÙߣˆiϤUqÕyymõtÐЌ͘‘F¿}ÑFÀÛÁ‡J¹º’|µÖ¿¸ðZ»l݇\šµr­ü!NTã“LW -wZéðÑwuɾ{Á÷Ü< Ëb¼ÖÅÇ'Iª0÷&´;’~ô|<àú+Y„;Z/§<œ1µüµn¬úUÞc£LyÏ^ý7=¨}ŠV§÷wH>9¼¡ù¾ÚŦ4Û;Xó©HcÀvKä4Ò*ª…ã¹c -?å¶ ÷Ð9ì,ó -Žµa‚BØÇ)“VÝíµl -Cp?zõ ú+¾¬P\þE8v¿DœÇ<ѪñqNš`wÍÑüûkàC¡QP]š°_œ'ðaÛA<è£ykÕ¦ sûÿŒ–Á¿ˆöꮪ={mÃÅyÁc~ÿ¶`ÙséÉø9´œßçÀ©2™uIžµ7ˆ á¶Êu‘ôÜ/c"çí~_OIïk8{µ¢¤:¸Ýô‡²(š÷\QßZå5(²îÿr¿óÒÆÈÄf4¢yÜòNºŽðåjŠãu -Q´Oè!Yè…¸‰ý©‹øžÌzA4`(õm —R¾_üÞãW6µÇA:1<à#EY’‚vª­ÿŠ“ÆlâÁ[–n&ñÇm̱ QO·K7ÿðÖ&0ËázH»/s»éZÄ -„ 0`I™4#pvXY…ĈA/\ÚKŽpFqfBô†[çN¿ö‰2Ê_Ô¦jÁ†Á/,ÓÄŽÔkŽi›5?=ÜuôK8$¬tæ³·\íû¡Ü “ü!»Ï ÐMUI‹ñ‚~þ•º |î"’Œ£QÜ3 …éµ/³S°ñLTßàò¡.Vê²­1ä-Ûž-ýy¢¤„ÐE¿T#ûiU¯D£ùq¬!¹|á†Ô¢w¹;”½öº…û‚frÕÒðµ®ÆStÁ¬Ë=‚ÊK|j€Þd«‹˜oX+j2üÜØ¢ê[8!qÑ%RøV<‹üLjH/Úx÷ì§HÕ§šJ,ýzÉ›´þ«¦ÜË\õ#v¸ÜTÇv¸Is.+áݨ4q•_9!ÏÕ‚8;¢Ëhe ]52g‡ö—•jOs»E #ToÈÖÐgÁë>““ØÓ‰Šö÷-Õó[¦n´èìOÌY½¯>âS©I9Hpƒ‘Ä æßx#8%ÃGðÛ¹<ˆ€\~tNæ»d/Ò}# RûœùJàcAÃ÷Ö«5yšÊÁa ÞÖv š­)R<þÌn¥ -Eàf›ù*f®[u÷z‰¾!9ü6ÌÙ -CÒ3ÉwÙ_&'€›ÏìA¿.﫸E ®wð“3e©g±T×ÎŒ!Ý­ÛçC4uº¹už×Å›ý 4Þ7’Õœ±¸2¹¿3½¾„c¶"!4¦ZŸY•›S>Ó¢<€$Lc'occ”÷ÑçgØGwtm†ÉEAË9Ë?,râÃyç…ÁË@ã/€7-PÕYòÄ»¼×HVìçÙ4aý̯ø¼!9²R‡KHàP'áX|Àú[ÅGp!»ù;Ô28ISå\zðA1O©ÄŒ} ד7«ât•ì–Û&3Á"Â7´ -]Aîú26ûZSQûuR‡èᲘ¦)95¹¥#²B=S\Ƽõ v·CW×¢)&wÉíâÙY]>Fª¤º0F (Sûu’gD¶GåÍ)ÃÈûïöK– -üòãVaï‚-Â}‘#Ô–oÞ>ã·8'…SJ6¨î£’s¹5Bùè,͈®x®*·‘|â¶\T˲PÝ0 œB}±n{ïËPò#í½·/¬o‰.4Vz´cš×ÌÐû_t§ô–¼’ßÉspãMüƒîýlA—Kç?Rˆ¾ß¼zji›©®¬ÙÒ.‰¶ÎQORÇ» V.¨ -Âý,š«»omž§t~®»MzEåQÒZEƒ5tUàÓógó´iN5u}3ïÌì±ONâiZù -or)vúm˜„Æf|!¥œ*¹Ö~Â’Y]µ|þF¡œV -îêõ´ì“&©jåN[N/¸†³ˆ=õÞ~¸kÆ~?Í¢ðH1{Ì)ê++?<rnþ›ò˧{Yb€œ¤ 'é0@¨u–-ä¿ øàðDxÃÂ"‚aaÀæíÀiendstream +xÚ¬·c”fÝÒ%š¶Yé'UiVÚ¶m?iÛ¶]i³Ò¶mÛ¨´Ué¼õžÓÝ_sûþéûýØcìkÆŒ˜±ÖØ›œXA™NÐÄÎ(fgëLÇDÏȳ°1rq’µ³•¡Sš¹þYáÈÉ…†Îv¶"†Î@.€:Ð 403˜899áÈÂvöŽfæÎJU%u*Úÿ²ü0òøŸž¿;,Ìlßÿ¾¸­íìm€¶Î!þ¯7*gs ÀÔ–WД”PŠË©Ķ@GCk€‚‹‘µ…1@ÆÂh뤘Ú9¬ÿ½ÛÙšXüSšý_,A'€!ÀÉhlñwÐÝhÿ‹`t´±prúû°p˜9Ú:ÿí³ÀÂÖØÚÅäí¦vÿ"dïh÷7Âæ¯ï/˜‚“³“±£…½3àoV±ót67tþ'·“Å_7ÀÎôo¤‰±Ë?%ýË÷æ¯×ÙÐÂÖ à twþ'—`bádomèñ7÷_0{G‹Ñpq²°5û/´G ™¡£‰5ÐÉé/Ì_ìºó_uþ·ê íí­=þµÛî_Qÿ‹ƒ…³ÐÚ”Ž‰ùoNc翹Í,láþI[S;ã¿í&.öÿÓç +tüWƒ(ÿ™ª¿$ Mìl­=&@S89;ç¿)”ÿw*Óÿ÷‰üß ñ‹Àÿ-òþÿ÷?5úßñÿßóüŸÐb.ÖÖr†6àß àï cüsÇX:þ¿Â m,¬=þþ3Pøo’ÿ8’Ά›!hköWFzÆ-œÄ,Ü& +ÎÆæSCë¿ú—]ÕÖèhma ü«è¿š  cbdüŸŠ¹…±•í?­gý· hkòŸäÿŠô/ê ² +âª*B4ÿy§þ+Já¯öÎ*ö‰ýRdíLþ×â !!;w€ÝßHÇüƒÀö7!“Ïÿ!Û¿`˜þk-kèìháÐþ[2#Ó¿ +ÿÏ­tÿFÔÖØÎäŸYQv6´5ù;^ÿËðÛØÅÑñ¯ªÿ:ñ þŸë :è4†[[¶3æ¶LËLw®ÅΞÑîïe±/mP)*ð¯¶ëñK ßå¬0x¯ ¡oœæúlóX:³ÿ8”¢þ=Ú‹eMÑ“ +¼ÊÇ÷!¥ê+@ÝúÞÁNó;A¯1ý\=ÚëzQfB‹Qí÷Þ¤¢’^É;ÁtÇG˜ë?Tþ¤®þdOöH¾Æ?ëã0;QAÐj Ïο'üy¢ê¹…ì;ģɉƒ%çv…@üåïƒÇ¯¥ZáA•Þ„€wÛ~ýI¤Þí¥—GN†Ki#óª`–¿nÛ.óž ™ÞÎÏ“$ë(ÑzX©u3?Å#˜4Í9—ûµáB.ê„ÍÓ„?Ô7kE4“ ]O8üvCÙïîUkSMýÚ‡”»02£ØYZïÖuHÎH7áR‰$ÜjïD"$m|/Ë·K|ZT7âí質9—1ÉÕu¬Íü¦@ÖvŠyÚÄVhØx+20%3Ôt£%7!AZ|®èÑá{åÚG–PîóÄ¥¡ _•öÀÐXªÚÙ"³ ò'y´»¸ ¹Ío)8[”Ì—3 !œ,ž Ëh!k +Â}î‹)X¥á˯½éÀÌÏ)诪¼vQlšg~BY¾”2îO Aʬ1ñ'µ”ýŠÚx ìÊ€#4x×÷ã{%èn\W‡ñ:6¦ž?üòÔQlð`ÙÙNȶº`K ƒ÷:%®je;•áO¢øÎx…Ö7‡µý£¡1ë^Ãcö›ò¬O!aQ¹!ÝB–«W\Äuç +5ðž»f.1ŒYæ´„Ãá‘"4ÎcŸË,EU¥LrèîÑÇcÕÙéOé²,VRËËŸRÜàÕž\a±ežË`˜4úY)îðw™™“r‘Spfµ8#Û'O#æCw>ñÆí͸ø!«ßçùÅÏí#æ“n.g|·@úDúðé~[Ò$i>Õs+ã_ƉyÈÑD ŠhÇL +}_'ûM¶G<@Æ84;ϯy­%×"Ÿ•äþx5ãÉyiÜqBìú0‚Dü¸°Tû»VOr…<îƒQg´ÐÚþŠ ïZ?/€Ü ‘Zd›”¾Z ò 4¾˜æíFVAò•¡0\Y‡Ž áµÛµpí¡•:VlgÝîÔ`úuÔ Qa Z­h®ý:<_½RBì=®£¿¶õ€ó£ðꢲ<Š~„‰aÞ=ýáÑÁ ê×LteÇ4‚ÃÒ õQÀ2ÿÅÚ¢¨±Èáà­€=ÙF]n¡ºÄt¼­WB…Ô5SoÉ;Õd1ȇKÍO¢NÊP{Yç$ÿ+¢ïʵˆ¾RáØ_HžÐZªò97yEàŽï_Å݈P`DIÆAoX’\Ådjœ03jY[ÂoóÝ+“üîsíõ\7ÓÚøÍÁbuæ,ŸMÀê~o«Ñ²…†åÜ "éÂsŒº9ŸcÖ˜,A½½0ê SøÒ¹%ˆvÈð­Ôì¯ÓiQQó솯2~¿ ŠßtkähŽ >ìiº ™Câü\Ó× +Íqÿͺ›WR:„ºYO7¬K·‡™ùnHë´ëñP±—X¦ƒͦ@ªÑ>¢|ûÕµa6ߤ5i»¬ á2‡ó4$ùdñkB ËKbC»@ðسˆ:(]öñú§-Á½{‡v‚šõùµø2©iYº›)Ý3‘Öy|öÉò£!È;|v5‡œðT«c­a«àôzËÿ¼ùó·° ÉY¬R¦À“¨e¯Ö¾ži +ˆˆt¦ðZ¡«·äJ}GðGw¨[PW[ñý^×Ç4.I<§`Á´%ù~ÞÂéAH2„)hhä,È˱’-MQ~µou«Âç¨ßn \sÖ‚¥ÅË +&ap÷‰…I`–ê zË´ÛU!wF¨ëx^žg”†˜²Ô4*ÅXï +ù⬡ãqï~Ì2€ˆ.©à3z'EšØÃv1)Í#ŠË"m#]<èõ[©>H¦¿÷˜_BF:˜À­Ç˜A¦‡ˆƒ <çÀxP;o0دC0Ãáa½sÄÅ#FŽÈžøEk‡Õe(|M—ø·j¡ U™Jë`‚¶[˪81ä NÌ3­<“.\e‚ÎIf<Î0{L!S“¦ôê¾)䀺îè²kRadÊ eä@ÁrcZ±´¶YPøÌ(ý`ú†#¦½V¦©®n”Š\8–g+½5zB:g=*bÔÛ%F7H/ôíÚó²˜H²Ö$Ð"^fN5Îùø}Ðð ¿þ‚ãO]IöÊrùLu1ÿÔ'®É*LÒ\‚|P¯á°ä¤Î,—5E”]ˆñþ)šØuoü."8;»Û p¾_[BœIö®Ë 2ðsy?òè9ECF*§Ï…”`Å€J§;’3ߟʅ‰G§K0ÈY«ƒíš¸¶±·B˜Cp¸¯™~÷b² +~ëã'‡3ñáF³k«é*È™½"éÿ±2]j©óÌþé7@¢-2~jÙãæ*HLx­–ó`£ŸáWÍ y‰ƒAÌ–OáKžšdˆnëB.ç¶JBDÚ2Àó"v8wFÓ.ÒæÛ®³^,‡¨…s(Eù9­ qîk0 +9S~€ÀoH“U#R©ºz‰®²óîiÂ÷3GœgK_Àžd¨ã,EgV)È¥|ï¾ö +1¡Ä KƇe˜ø…¥"¦ºÒ·f©J€‹¡L`qجòvüðçìçþ–S­â ƒ³ö|T6‘‰†ˆïÂØnpe…1c1Ä\k¾|oI_¤7t˜V/|åbªeU"óVu<Áƒ¢±“ZQ ´›_;AR±B©µé-;¸àÈw™~` $seã'_™ Üøm>{ò¸E ©X–°Žù¥™^–W`‰/–,0¢%ýkèOšÏ£Â¯&Yñ}¸x+°†–RÊä€}ž§w˜rQ"ˆ•Q h=­m„²û3éÜf çÔ–kç¯À¶ Þ¥™GTÑ'z01$lÙ—ü\¨"j¨ð”ôl··Ð"¨ãy0GñÜÄÀ53h7iô1‡ºzé>Ô8eê1ç†3\ûòsŠáÎB!ʉ lÌ›Âý—ÝLIü§NÁÓGíæ˜_½)!"ìKÊÔjë-< –9ú˜ãˆy+¨1ÔF•Ó˜s2õì ÊÈläY™C­ › ŒÚ¿œv˽eºÌf6;cA®¹±äC£®‚w‹›‡ËôYòÅÓ¨¡®®©}ï7­cp Ä?yzšMŠ¥m}’‡’ Â쪟˜¨’ðà}6ÒjtDÃFòÂ] ëÚÙG‰®èV`꺰#.ŽŸö éç :F‘í˜MïJT¡öõQÞ'\ªÌѳw8óˆÜ­'u/©ŽÛT(ßË‹#•Ê@'[8æH¸©¬AEªUæç[¤ÜûAqŠùí<ÖÄn† ~¹“›ã¨-$[èÏFÿÊ0û;Õ{‘N®!úõ¸œ-„€…Œ6ÀPí¾b<9 _zðDLWbÉ%qÌÑA¹°Î˜]K÷ƒAÊè‹ŸïÌyAà¸ÑtFB4û5±Gy3ê}À·ñ­õTÎïvl¡qQÜÔòðOE{I¡mMVlCÓ¯OPæè8».?ÔÕü`¹<“,¹Ü דý`¬ä[ÆbN?ã Ö’',V@XÅl‹ ‰Õa¿,˜é„F“ +‘Ùi{¿‘–YÃéÃ=ìd„Æ ºcpêc£Êôï°óy‡Nã³FÖ]§™RÙw`Itqî©j‘›|0ñ~%ðÆèg2!­Ž:¾~¤;P¶fãÝ*g}èG‡ðî>(´`á+Ñ ñ øøjÂ…©=çV©†À{‹ªßÃɾ,˜ÐPhFò³2Š7‘Ò®7¬Â|ÜK1ÊJ‡Y•å‡J]؈Ÿ½­uÓ¸‰F +bJ¤pòg“îjä"Ó—Fvø)=VÄ=Ÿß£eݶݱéÍIƒÿw[áXNY×òܪygÑvYÏ –?,О³,%{çלPÈ‚bššŽ€è-õÆ+ÔãŠ-ãwÍ,‘[½¾iÒl¯´Ò}‹’þ¢rñáÍÀ÷ô¿ë%B?¾@žØú"ÌŠ¾6 qœIú6áË]—E´"?GgÈ,h®éÙé“À` 8ü΂Ö;o(dF„ùæà…Œô3¨.ôb»êT1þ.C^.ßb¸á׶xÝ>8n;ÃéŒè¥$Éî]/‡h²HåWÀöæªía÷"²Œ“hFu×G<£¢90hˆF±ºæQÒðxeû²,“óšòã¨ñ•;3Œ¹¤ÐrÌDøð\;ÿ¹çRub6DtM™p`?Ò¡ÎŒ¿Æ¡wy+Ê€ÜÛ- o‚P’(^èžDž¶€±^=à[BÜÏ‘Ž(£ßÌ?‰{ÁžL2-*F"âòŠüq GX¡1 P³ì/h^w[ñé"d:IÌ<¢÷–‰£¿¿=N4 Xm€ê#5ÂS«>¨ŸZ†eÃù•0îô-}-çܾ ;‹—="7ûâkê)¢u†L„Ùý‚GTŦˆºä¼O¿ÒcWTå¿©ò¤¡64]ªÕo"m€751Ê-¹"yÃ/ÑŽ¹Á÷c,„šÚZ^Ÿ4â„•‰§IR"[ }î–çÖ¯¼]ƒiV1WÔ€JzýŸ±–æÈ‹cNy5åEºÝ(Ð|¬çpdÛMÙ+HMa›ƒíi2Œ(e¡‰‹wôïü‚,‹¿†ŸÓÅçÈÏ?nmpR«ØpÎB–\ºù0ÍÍS»–Ôc z_¦%#¾Ä±²äð"b$Ke u·½fð®œà¥‰gtas§HïsMŒö‰ŠÜ˜³ðv—Bv²'9°v0'QJç¡ Z€‹SÆVÆYX¼rJ•Û¼xÑôííI—h£K]ô¿µ´ùws1Ü©P—­pö`©ÑñGk¡í ðÕìmHSÈBPmôŠ÷. ‚nœni׈Ž³ ¨ÅØY^Ô¿´ˆòNW 2D +­r±Ü™ª}mòW÷Ê™~ Zøv +·"×`9í¨hM«v1 |"=±n4ý™'¶‘µ1eÒqü"-¢èR™9 ½Ùì.‚Ÿ ›7“5T\2£9Ó’FZ “Ò£3žšÏ Yé!\'¼}­¿mZÎèlF’Ð’¯¬…x^lBQ¤Ð×I¿ß^Ùß©XF0Mê£LS+Çà7¢[Â@eqÓæLÐKÊB RÇé˼¿ÌÃúçæèA~ +?$ÚçÅìÈÈ\5×E›×Ð*z";m>TXõèñ÷Ÿˆ¾Ø&)c¥dƆ +ûÙ°‰’‡‚ßD¹±…,A9…x|Âco7ÙÒÈ]'v,!cµoôQ¤4ÑeÔ§`³“ÉêéƒBHÊR8s ZªŠX7’›vƒøMªf[ $WÇ#`­Ž‰qÕy]%œ$h„‰whÀrä ¦R»™pvTR«°€ãÚ0e)ãdLpX€‚.Š-ÜykÙPXô.™®ôÅp èÉ*ŒõB?úÒ=·ÿècØ1WŠÚB—÷¹!p ]å’4ï`¶czE®iª€Þ¿lœaD‹7F×Öäf`ŒÝ7DP"‹ò]@™lº¶x# žèKFFÍvc¤L)ÏÀy§V<>^Á­C|½TZ`ø¹ÿæ@ˆf‡ gùO)« +üþBQ%®v^KLÆbUÎÇœ½ÂÁŽƒ ì¸ÀfŠ³þÝ|u€¬B³g/s_Bp1ƒPúC‘ŪR¡¹Ö»J¹Æ5(Þî¾$ Arüh¯šÎW¦ÓJzÞÍoá¡—–‰¨/ºxÙQ¶º¯'ù\¥cK.×›!æF#ø=¡×*aÔõ]° ðâû>|'3Z‹:óÄZFþºDSºùšÔZIîÓ¦[ÓäÝdU +?Š¬üX’q–hL¢8ÁßÁ¬X±,=é~¿iƒ¹¥ÑûCœÊþt ßÒ‚ÑÈüPó½Ü•÷^­}D»~óÀòKïÜÞ ¥<§²„*¬R²iè«jt¢ÿ!dâû}ì˜n¸U%±&¹û”áÙßRc#;p;°"B  r¾ã&¼WrQ_Únm~Ÿ,ž +ÿÛ¦øtsgË› +üÏÌrô7.a¤¢ ~ùšmsäÅ»@,¦'êCã?œT­ñ£'r'©Ô2:ïœØS´ºÙWv9¹S(V“vò¼£O„ûPÏ7¾½ ¥Pžy2ϼ­•Þ¹ù]¦$!*‚òG¾:µ¡=8IÚ{TýþQ9}ëßAKuà%\ÕÁi ++Ëèäyeê>H5Æ`Ç—ÔjŠÓ&:_â¿3½kÊ¿›2‹µ¿/y¯á<éýÏž ÅóòBæŠIþiAb~ÈH0´ÕEõêjC~åeæKU.ëÆ€ØÔL üôž‰p÷»í2-F­…M°ª":4gHÔ­Ž8¹Χ^vø¹îd%K¨ó©_QK¿a\mß:Eô¿”üÀC¬F¦^°oÁïËb—~+0j¬Ê1F˜‡Š8ï+\«ît”,înIZ“(0£ÎeÝóRƒ{Ch"×c‘hŽêÉàÄÏD³!É[S‡^°xV×m¥íBÊeÐNXO)4×±g˜9üS®SaŠ–}¼Øú$ø†Áf¾•'7!à×#séTA^Ê^JC+ ýnh”ò{)5…ÎW›´\¶ŽÚjŽ:ã- hÙ¯3{9Z³¿/áúJ¥L¼´A\6F™è$‘ŽNïc%˜æþp™`»ãñjOчˆèjÂÞ+ JE<…5m+Œ–9ÂÁ?_=öZly½„W ɶC ¥ /Õ”{0FM—XlæS‡™^òöb„g8sÕ6ÿS­›&, Èu£"„ÎÝdòçϾƒN"-ûŸ‰Ö³:{îƒÀͨƒÜ5þS'Õ-V‰1Þx¬$fA­? ÊEç!qO Œù¨í Q¯UænZj¶ó;ågB—„Ì÷Žþ¦wëð»gí?¡“ÕC6† ¡G’‚Ò²;©mp™ì JÙ| ­O~AQù³3äáæÌé§ö¢1­B3)VjuQµKaéºÞl\"dÉ}|81úøâæ<»ÄJ%îÇX†z +Ž¡~–>–íÀùpñÿ4øÚÍ1âøÌJ®ëOhóBçc ˜L'cÆäÀa§Ìؼ–©Io€¢'v‡ áRÙk ¢€e€‰g/}îOœªôUßdœÌŸ[>Þ$œas³Ø¬¹@ž=Š¼FÙ<¾¨³¬Æu¥?B›ûm¹Ë¹‚]]éãJJÓ.¨7°$Æ Ñ÷Ý’S­v|—¸A ˆ:ùÖM³€bÇÙ]*­‹J†Ñ-èzÕowJVîbqVc¬¤–ñà¶<c$‰)Ž±ÍúõϧAÌߣˤýŒ]êán_´­3©E)~g9YFŸ +y”¦Œ²(?ŽO,âì N»&9Ä'Ùôô]ø1—”–ÄíúJVßÓê*Õé§Ca$ü²j9èhH ²Á¹•Zð×K®Cùïyù5 –~"¦hmØÛò·Ú¦Â¥iü–+†ýî‘f^êTL4û ¥®Ó’:á_È$·©õ©Ú>”L#mõ0îW\Þ^'¬aþcÛøïzaÁ6ЕVjÍ™ñùÐêÅm©‘Pƽ"x +ÔVŒisß .çI¬êL8y¤º[³>¥µÙŠÏØ9swÚCr£ypK×Æüsš£ªƒ“Ã)s ÈÚ–+þò¸š4ó;8~ac­åowè'7*‚JµaËAwï¾µÙ‘r_†lCVeöîè]ª(ƒP3~ôg[ÓΤ3¾2ò9¯µó'o>R 1 x  È‚BK¢Š¢¢¥¢oDh÷AÏ ¡c-«º–bæö¨”—VöŽ²óAZuž e“ìY †‡¢Ö•þBèfL=…w>u¤[!âv Ø<{á 5,ù²‰ÅŠ$ӸʒãA%áìPáÀ# Ö%;£Ån-ÁÂz…@“˜œ! +h¨ß6üO¨¸ +{OubÏÍzTÖl`#¬l}XµÇ ÄwŒÐ×П:’„[?¬sUTϤvðݶS;ã¢H¾VkÝ»süm¬‘æY¿@D5ÎoðZì¾=°÷¸e³÷|à·8µ©  7OÖ hõ[¸†7‚ÚVrØ?„/Ç,ʧ Y˜‹úfØÇEprã´c2¡)† ™9D 0~ü2m/A¤ k;©oGâ” p¸âlK ó™ ’ÓÒ=%*8|K¾ÈÉóÑèöõð›Àö§@æ†å¸¬Š©‚}bFMu.ZEˆÝÄ¢ÚÙ¢ÝL­Àýb +ÖÄ«fRÁT„Ýiæsž‡»ä‰â:-`r .—¢CôD½ø2 &BY* Ï%¾«4´Ÿj°{'Û«Sˆ’wsÑ*I +YHØËÌ¡[x +t~«ÖZß9ë1“¾Å¬•%ÚsýiPK댑c—æXšE·±R¹[Ñø3 þZ8ð ¿>e1D+v~ÄÖL,è²<‚˜JžoEˆ3F–#{G8F.‰Ÿ]Ct)À¼0fÄ×ì+ü;hΨçjë3Ò—æ þÂH‰Pð‹Ú)=!êD8€×Á=-…áL[ÆÕ. ‚èbŽ |,Wî¸Ic( ñJ&—ñ~°êpšQÉa- éß Jvn ºØ¥b›R»iO –¸sçä!˜8‡Ã½&—Þ;ùlíÄtOž§z +zÞªgX-*ÍÞ§=ªïOèæ„)Ì´Mí& +ó¦ e£÷¼_½ì¯Þ'«ë‰¦ªÚ®À‘ÐMæL/ÁspÞ·ýƒ°¼ltª¶æDÛ1³E@hÆ=œ¼‹âa’“‡É‚j›ÂEtbrBwÛÁÓKÌÝg¼¬ož&‘¼2]7±Ý㎳l¨iHTÕ$’ÇaúÉKŽÝÏ‘è’ÄÏ•á%%Dû¥yƒùªâµ­µ;‚»Yƒ‹”ïcºçp*–VqBªzX‡ô|‰ª ¢úŸ-»%Ä@Z•ÃùÊL¯Ž%û†=ƒ•9v7"=9ü¦ÕápuoÚø ÊGl÷tû곊îSŸÜד.J‚­4s”ƒá´Kè·zt&x³g£•Ú›@õµ1Ðg™=ÛõIÚ5óÌʸ´ÕÒb-NZœÖ²?U¦½NhûF)d_0lû ª¬\3lqe ‰wöXçJQü +Àxc늈'z¬¬ÊÝõ:“ìèÙ×L_î%ʲfÌb®Déò~ûºœ•¹{¼'ço;Šûx¡ø, n‹2–¾k˜\ø:"ËßMÑúsË ºü˜4ÙqSæ½MŽT Cs¹´.çºY'wímÁ`§„e{lÖ°–GÚjQ;¢ª'r×3f8K_"ÈÛ.×ÇçåÚ–Ýòä‰\×z[µê뽊½«%6Ê$ü‡ÝA”Pî©âL¸X#¿Ù5[º_ýOêÎZpJëyq DÅëK¸A8»!Üü/!zd©OÏôåá°5³ÖxkRöÞjQ\xun(5rӻˮN^µ+>ïïx¤(üWKöFÂ8>óf.q1”åêtdɹÞ`¢øÞºq~7]ÕH8âi¨w ëL£N€‹C*CÈE#ckCÆ–öª(ØÞsu0”¿{ÌëÖl%ë'OŸ3óE‰žW'+ÑžUNüHA10]„]ï¹)´´«Ð±Œf¾RóŽ&$0(5 “#´]aª4™HÕÕpGq®’ü·x=.&Ø·íL<ÊZ=ÓòöÀÈï~³+‹o€‘ô\œÕ ÌÈf’ø‡y7lš¸€¹RÌÚ“ÐUD¥@ÆØæïð1ûûì6¨–’ªP|ÅÒ¡z¸³©Â 1A-ˆ%©¸[×¾O»'/¶FY£†ÊlˆÉ:ݺ"t­YÙ2Ÿo~T™íÍÅE*>vïßë¬ /së@¤m±,h{Âóåz( ŸdìÞlÃ+ðaç:‰ŠL$#¾Óyx_ -µu ’¨?€ä ÷ߘjSɘ,Þ¤ýTÉÉ{mµ&g„J4zâÅò¡õ؈9:„N¼hYÿhÏOb}µÍÔ&÷b|ì#þmÆÎÐÈÖœ{ù Î¸Ñv–BÕ౶8Ç’€§ˆ9¤¯aé²»k›Â.­%·¶G×E²T9„Óaã¹NH…k†|/е¬'7`‹ðøÙXž€\‡ÜUÕÈ ž UþØmUUW¯Rmcnw¨Îê¯Y±Q“ö¹­p˜â Ÿ.<Åb©Q Ï"I›ÌÇmÜ&¥#Oa§bù¢úxâÁ HV'3ú)V7€Œ(ªa™Ü€CÜÁ©ŸÒÓÍÝÏmî&RÂRg¹¸ &|œú½ì*9 ¬ïk·Ä|¹ˆ•+z]˜\ITýíZ"Iö\+VÓW⧷8m™–"ìßðïKîâmDpu忧˩y!™ðÞÒÿRqQže 25«rºÊzÂC“WU–ùyÖárÄÐÃØ.õ0c?JÝÅ0ð™çNñ ;»ÕYl¬¼cÓìÿÞ.Ó3;Š +'ÿmƒ4¦Õc¹R¬_}õ“Ù&ÒNÁÙÝxüÓ¢g]DÄ_S¸bèþûW3}l(iIÙn¤ö aT $&êó£ˆT'ÊÎ*Ýñ‡B“ÆS³;tŽ•HñŒ'KÇÚ<äKœ“Î š’ÕÒ} Ä= õm’ÑÃÂËÂìU/¹õ¹Od5j9´1$êÏJa©MûH¡M|°;ƘìŠñ + ÅpB @ómkÇDœFÔ5FS{÷ÑJaÔØG¿Aø÷UPƒ¼yhbù®‘ˆ¿˜ýºÅa +¨èdc dˆäá8b”Ê%xüQÌ8K¤N>"ã-ø/¢xÍûÇú’\ÌŽG\–Þ! +¹óŠÚÙ‰/‹mŽõšl(£!¹ÚåNžJ¦÷­IG®Ä¡Õ’á9ªÀC¤gœÛD+3‚ ââû^m#wN]ŠÂþ´ÆF£´¡”Cûu¦‰3®˜¢ô¼v¾ +»VËñEpÕô&£÷Ö{áo®ÎéèƒÀ¿ŸFýžM©&'jªÙIne%ª1œ5-«ƒêlÐÃÛ–‘9ù%Ôpv±H*•¡1¬{ž›V¢°Ê­Ó†U¹…f»šY‹ô#TRÈ(¿BKŸÆlݧßdÌøKÀ%ÓÚHG»P%£‰ F…ü-‘ÙÙ=µmÓ>&îðcQQû(\›ü{¸S]¬® Gà/¾!Ôdå!Á¥žgý>×ePka¹ødí»®u3žYDÅy©Ìàé'E=rbM`/-ó7*¿Å"(ýƒÑ¨ iÀ)‹}úÖ/Äo³4ÀÞD–-Pˆµ$‰/O#]¹ßh*³7ã\Š=ÜÿD÷¬ŸþcÓ^ÉYK4æXªL —‡ƒfô…BÛ÷)H–—ñ-잯EØZ—ZQÂ$o¯¬û÷–ZG9ÁܺªlÆb$ëyV\ÑËüOûØÓCËYŠE;§³°jàü¨ ×üzHøØä/vOn%Sú] q#ëйêO7Å' Âm¦hh8j•)~9äOôæù!q,;¡íåL9®Ù”Þ{ ~«ß`̦Z*Ç<Ò{éaÚÍŠ¹qf£Ø}P\Ôtq"¼øˆ±¬´µ…™;ÔÉmv<–®kàଧ«j’Ò±w$£–#Á³M¬\ õ`Ú¼sUßšç\”+zs¬¦Üô˜±D–m6¾9¨C }äD‘îŽð‚Û‡ò"ý@lÆtnZJ¯“.‘x¬h4Ê_¾Ù™t.ùË+Ó£#Ú\&<ŠÁuo^zw'¨·Ð!ÆK´ðX¸CîQIÔeÒWœñ.~©@¢¼¢s²€ªDâH§-J¿êUµa¿ýÁŠ +"ƒÒdjGFpŽ@ì +úv®\mÌúìºò¨Öw’ ý¾ÙÊvX%Œ3uE4/ +BæéU§Xû'íl4^lÄù~ç¶#+p±<ð½Þ‡*Lhme ÌË(¸Èº§¦‡¹×¨ÊF)é_Ñ#+¤µŠc ãI³úSæ²®7 ¨–²G.§)H²ÿRZ~7«òû­+}hÀÔé×ÉêÄiåŠóðZ·öŠùmÿg0ͯbÔ†¨>+Ñn^ˆ´—±iB(L»áŒD¼q>ʶ&m™Î $ýx‚ÅÕ¨K+ÿgÿ£ëÚãi Ñ›`8sŠÉ#(þÜϵÁ/ܯÃKÆ“Söæä; Øy#~äê°Ëfö¥ñßkDN:¬Šò1~ÐzÊ7!ºÇœ“º®D>Ô +郙^Y)§ÐûA&¯l˺„è,$.ó¡ú[7ñ*“FÙC† ‚ç!;e£0 Û Œ¥ŽAÉ¿?Êi èP$…m¡ß_W X_ý’æ7Äd1‹ Û~ô¸ýtQ^Ï­Zýà~¹_ªœ±ÏwøP+–ÒV&!EúµRÐDL:åB°HÊ>uç—4yÓš¡×ý÷#Ñk6/Ï3o½±ØÏÇæ!½Ù5D'DÌŸÄcÛŽ{îÈö:¯îºS WÒž»pzõЈÃu}Kù‚ë—7gÀ‚zE „=¯jx$ ˜Ä§˜ƒ§”áyWáéŸú¾¹ª½ÞvInGNíü ç`HŸ×‹ø‡+u!¬¥‘}¤ùH DßRç/ mBœutá|f Ø(/Êéz¹Îlbmè »hp-MzÂÉB·ÇîÊ(ïnŸ7ÿfò½ðžºŠ$ÌmH½¬ËTb%½þ®ªSåÃïvAê˜ÿßü_Æ/ Ϲe~¡®pâ?Ë\ó7„;˜;¨_òx³ösÅ™}©Ö{÷øw¤|ŽÚVí[,A˱I\ ‹-¨kûgøBc2 +Ï5ØRo™ Þõe·-ËÉy}´§FªwžSÒ=Å|FUÄRˆZ® 2š HÚð¿Ú¥¶®›a©UæÑ(|ƒe‡-äg.–”ráîAEˆ²¯ëšîÅëÝ,›êÐmÑ_#’"HZSÛ]€¬ã >Gæ´’{íabI©¬4¦7?AùœK£Í®ê ¿ß¬ëO¬r ©õ=¨^ *z«d,PÆ¥7¸Z±LF¦·zˆ¶–Þ0­Ýqj´? ‰¹)MÒ|]´ØVöìÙ¾sO õÌH48-ºÎ¿dH‹"Ì::È¢C±^üºášŽÕe®’ÅUÔ¥l‘‹êµL"Bù¶™N=w0…8®ª»Ex ¹GVWÖë!úNLzï"ÕÃ.ž“È +䛣1ש°Ð¨ïpÒ`°uÖ7D¾jؾÛnÕA.J>àhp´Ç'©|öŠWwѳ½uððëÒ0j8/V™AøSAøŒ¹1Œ{ µöï–žpÚ߇¿>8àOÖEKõ+FT +pÉQFÂ^7`wîö˜`Æ“Ïbun²+M ~®-è7:ªÒtqBvÿî^åõàVÉšåš +ÉBäL!ëlcCŸ*ÀáéEn‘Tw¯q–ÜâšùÒŸ¬ß°1°M†Y³’›šï™ +Â_žÔ8 Y¤8ÐD/ ZƒL–WîT¾¤ÍŸdÙ‡ÌßÔ 7Dˆ1õ“­$ï$àˆ^âëHõû†è!jJ³ÁöùµèÇëý;>‰s.ÖÃ6óZé>Å™r«ÁU­(mËN‘)ÿݹ”‘Ÿû…ŠÜ%r:±ùzÞbߢ›ƒ_¼#–,©É¼DFM›‡’кàá"®9sŽqkb)Ó™ Ÿ¿˜£õ¨ÎËï¸í)†8¶`H¤í ‡8O¨)î °·æ^«Ÿ/[yzO¯.cG¼ÄxžlC6Ú¼õ‡Ž@ì’ÆìÑ/sS¤R§ˆªøËüá`õáf ;aUð¥dý€"×ÃP­“›>ä™k"Á+ ŒË—Mˆ±ôþ_›Æ"sd6â×÷¦î[*?yâ À×â-ñµ? é™?/§†ÒGÒ0ŸGÃi ãÞ(E×Ü«drp/âF*`ì?3ª7=CÍÄ“.vIi7yØEà hUWš •x‰Ñ·ÜYI¿7XÆ`¶¡–“±#úãN÷$îÿ"Mö´Ôö £âW$Ho%ê¦òa£Ð“Š¤Ò¹ÿ鉿„'$²é¬JÕð£R}TàJ"á¹–µnÿ˜e@ûä蛨Õ)w +r~ Á™–ÝÄZ+äÇä#SÎÍŽ£!2#謼¤õàá_eÿØÑ•ˆ ·¼Í¿å…õ˜ÛŽžÖñ»¬™­Ö7‚ç~4pÂCº—˜æåéÃ0–#[ñGãµÇK”Ì(,•Ñá]§ŽºY ³~ìŽÏ'WJ‡íEYà³_ÉÃod&HåZí饨xa£°)`›Cz‘0G´­S‡gŸËX£.½ïfgÞƼn8çDßÁØŠœjgCf°9Jd9DÏìz•?Ã(5â‘òå{ÍÖü‚vŽnÌ|gÝXdcnxó7¡ê”¾öU3ú¡,Áìy"6ݲÀèëC¥¾Ñ·N—…&G(h"dF2¿ EÝgúí¤ª:’íÞþ«I*P‡;¨È·Ëí7çiêÒ¨z¦õ€mTvñÃx)}©L¢ŠýÄUWãb<®„¶´xõ;£Ç‘Áq‘‡JRÃ’X*›ÈÑh`Ûvìh¬|ëj&i1èÖ@ Xe(‘/fxÑ·Åt‚ìDZëç"‡©1%­ÙÍ?¹C¸ù-n\)xíNø‡6`Õ2{ð/"ÝûB“Òe‘æñÇ[ÏDù^[ñkk?ÂLôe}‡.Zê†#¥A­•”#0ož¬ãJŽ1-¢À‰¼Òµn”™ \"ÉóÞ ãº)ó,*T- ™>ô–ËXHp~%ÇReíY°ß„ÜÖºxr%³ØDcâdòú‰o¤ &߇ .'Õ\9ßw¦Ÿ;„A¦Bi»h—ÒÛMüÕŽs¼ðqK÷4¸ /¶àë+j{Ø«Ë4^Uãgš¬~`‘d;Ú ¿×ð2p<2:eå÷/–vîigSÝ~O_¥ÙÒ¦yøH òrøÔ#ta"&ö™iÚ•ÛËB½§Á?X‡r-½U‹G0Ô4x UAW÷`±™DxÒF–_—¸(%)°IxÆúr‘Øþ /Úec”Ll×k*t@çìÚ Ï›+Š8øl>ž|©Mx +3àկǸâ{<ˆ¿ü–—7úë˜ãæŒÚ†Çf¾GÖ3wúRýêg¬áàW8² [åŽUP ‰’*3ŽÞ'V,é·Æo¿J +¥P‰7'໺ÜÆú3×ìkË•6bÜíx~Ö6äV¬O²yž¶ïØá¤L+XØ,³T#ØÑØÃ<¹qÝ%oÊÈÜ5X +ɳaÒÓ~`Fs:—Ïl•*šÄ‹§SÌYµt3âØvàÞ\;(¿‚—`xÆ¿À»G»¦†ü!Sê1ïì°côÜ¥zVõE¤‚7_ÕW½ÿQÜœÿª'÷üèÄ‘6nès}áì©pƒÞJqy•ïTí·”FÛOÙšÑ.’Ë OSòÊ›¥OcŠ Ø š¯wRI:!g=õ‡›íd”hˆª¥]C&m@Þge¹¼bó 9Kñw-À” +U4"´Æúaæµì§ÿHý؇ƒ—£g$ø·8f£,a¬$O›Ä}ß1ôwí_TÚiƒ£é\HÔºn´ К׮>ÕÀ>O Ðá³Áô"ŸŸ7è•P~èÌ»Çà–.Ãj¨Â”Ý|±›$D(óԇ­®Â%b3¨$.µøÁدŒÚ.Ý@ò®z†¹œ RMli—²žO#QwEƺäê˜åŠ(íEÿ?ìEão^Ñ•îm³ãÒš”µïY!:m\.µÝ‘þÌŸàAˆ*] sÍõé¢bø1 mÔˆ©qp¡\ÈøiQäèË‹J GקÉ]…ÚáDòuË ƒb(M±êÚ–ÅçŒW¸h’¥nÆ!_K¡%(yý­ã¹ß¾Ü˘¾Þ‘ZÕã\9¹ÎvÉÌP-*L¾t ƒß!š› ø)¢Ä¶Èùð#¢eYÂlgçÚ›ã¦h08Çïx.–^÷^¢ ‘,©Úø‘%É[ŒIÜ!_ñ©ò´y¼PßéÕœí[þŸvæ» +€p¶ÈÞ$—‘³‹³W"ã¸$çÈ:3³3"Y!!Göv‘=J¹8\dÓ gËž‰âýïïï}>Àc%$d¢5%Ërï§âÖ|T„Æsú¼ã86Þ)ÀaŒ#—&ϺD&ι¤ ÙÚ,`ìÏ„ þ™ÀeQSytåWXßg‰°–k*;óE^¶ÑXÕT3”ª +Ýà™cSœNyÏÜçïÒa2•v£<#Ç Âu€i⌺ðCÿ¶Vó¼Ò E}bëWcçúíló|Á¦ÌêÉÅZÛ\ÿ*h´ËJrBÐì¹òÞ+0)˜J„?˜¿Òê°äÒaöq_m2ÉŠk)°—hîÓdͼR)'":,U¥¨Ä¸£•çÖ¢«^Õ.Ähé}c§·XkýIw5ÖèeñëJòsz?¢õ@ýÄîñØöÀ?Y÷ÛK£T©À-/\/öZŽÓBf]¦»¿ŸþäqÜÔA"qµx3ÒC¿1xIbÅÔ³¯>=èCëÇöLÃâ`:Ä¡2ÜN:!“ÿݦF¡EQaP‹­Ä~ '—Ö+Øt¹æ±|”gVSÑÂûÕßþQ襉ebœÐ<»½ÆXÃj¹‘àU¼ÝÒrÛÍ¢6é2HmÍk—Ó¤ëq/ú5{÷íÿÄeé{ÔukÏ`MCGåÉêƒpºò/)¥Ù>+lŸï¢:H…¸>°(Uåþ+TP”Ç©$]±_·y„ó½yXˆ|è_mÖ*v mÛdêOõ›€ðU¡‹f{ߊȚæ ¹+ <¸0(fap¶ý èp8Çÿ \<\Þ+…0 °š\dº]Zê*ÇÒH©÷áÌéœð°¶íWí~RkG3Ÿ«™ùðõ¦¿u‘(Ytzñ‰Pò©9(†3À{ü5d0i"dÑbTÇ`Þ€~Ž}.¨ {2~v¼èëO`i›l³ö.Ì,Ž^±jÑørä´ÍƒƒßUªgµ$j˜¥Ÿ¼S¸à˜ÿÅ:z¹Ì ]Ž~2CKŒ+*ƒ‰˜Üi¿¬j#·éž¿š)a›(}«ê:Ý «B÷¤ãÒ[Ê‹5b&ØOÚpr#Çe2[÷G2³´W2[d‹m¼3¤\Õ~äÛ:¡Ðˆ­Ü®µ"º®°”½œŸñã9÷çN¡¹‘Ù¿iU‡Ðâ5êÚ?é8¡ÑXïµgµøå ŒeùÒXIP.[øU(`Ùä0~ƒÞxÉëNâ¿<}O>JŽBÓظ«pf“ùk]Úfh¾'+«ôû¸Ñ×Nž.†.·×J,*Ë¥ÔàÚù9¹¯yZ~ðq3ì0}úaÿÆ.îåU‚Õk #Éoå-,ä(}Û:u ì×$ø+*a(ÎÂÜ ‚bûÅ—„@ b y%Ø™éþ^lgø)ÍRkޔ믜â:FöWÔvW©;êðo¦“_5‰K/`¿Í42Œê±‹5¥¬Î¶W)r5í—+2<Ù¢ 9Zý›± Œa|,Qµl©¡ûH À±„EQ!õ¹‡#@Í0C£B­ƒ‚²tÞ"-tµ[²pÕÑž¬z€ˆé„klé #ßÜ÷Óè}­©JíƒÅM¤•«ŠòƒÝ¯%!*ÎÙ»0­B"bù•ïDE:o¤Rn¬ž}þÅqî_0-LP1´ñÕ‘kó™þ¾>¼qwý YaÇI99Ù3º,$bÁuUØ{Ó…~{.jòåÈ °^ðãú©—˜‡Òv˜Y.3ðâDP°Ô­"Z¹ç¸Ö9–m°[R‚˜E{9.ðzwàäüQ>²oã4IÄÖÀèmFí9ý ð£“û2·Ñ/ªüÎõŒ=Ú`¡¦%¯Y…¿”è^CÞ‚xÚåÄ~J]B+M8i0—ÇÈY²¯6?²’Uº°Þï[ðÅÔd¹-ÎÚ6nÆúߪ‹A,é„Hön@¦ÏzòäŸt~ÐáM²‚÷Ê}µâûÜÏú>>µÖ;öЉdþ Â}t û¬{Ǿ:WÅ: Ç«ÂŽMð“ûOãN…¸ +è8º—Ó¶í ˆ|óž òòV­ôd"Q<<Ý+gÿRÌÉRˆó‹ó¢®Ëƒm2Ûš·;$~PsFzííy1v½‹·"ð†TÔÂò~꥕üÓó„lc^žÑèCÊônÊpÝ´|ˆªìRÅ¢ó2 øI"¬ùs='!eŽ€e#Lͧ¸ûÜ5\¢š/ñ&Z Mm×$\Ñ·7Pð®ùÀ2„±øÆÕ§‡\Eî³lõÊ¡E¡Ñ¬. ›VäÐãÇ1{9‚<ÛLvÓ?Ð~‰[¹£tøDÕˆÙJŠ>’ÞÑ(C”`42C“0ÛÿK_$|~äöðª¥n§|ĦÚP¨‚ @6³ñz±Õ˜oEXw‰ÊÃJ&šÙÞÜЩ +€Mòb¾¨¢¡Ò@oæ1–%Hy.¢yœ?.µÜrn’¦ýTþËp¨Z[Ñù4£ùÉøHáy#I‹H³Ñìµgƒ1ÜrwõeB„?–ɾjŒ¨o­[½Vµ«”3PTcÈ=,r“?s0•Š)¡:Kô+®b¬Jå'(g³c?8Ⱦ<χôÇųÜÌÑæ°…SvU'µN—œô­ÜÛmiG˜DÇîÅQ’  øV|Q´iåÈ-(ýP¬1W”¸s+âAÎrlÜxHÔ†Dû# ù®„ZÁ· åVÆ çâ .uþ&̺©Eµ V­Ø|„èèKo¼¸N69]ô?%µð¬§Ðå:ˆGI ÿöm‚‡i”yÖYú^\ðÅå㿾²Þ«Ù`QÀ|§ªiÏð<{ºDsäÔÓÑ©¾6è&`£ØWJÜ“ á+¼W|S#3L¦+uÛ­é`D²ûdh·¢Vd‹Á+Ð{³"oËÿ ¦xôÿâ$þŒì”ÕîÜ\D`ˆ}‡Ècƒ‰Í†\¨Z.©[Û†î©]DåD1Á˜DSM ¬·¾Cå:-¾éÙ¦£™hj9 +[èJˆG)õÈDâU˜¯QG^D:óçä!5çÞ«Ç´«‡ëAˆXþH'†õ_œg9ÁÔìM2bÄ+ih'ØCgØP8ý¹¡F +eæ'ì7ªdícîèhÌ0ØÝ”}tw¾Ö²ÿü—6qj%¬y?xš`*OôzŒ–•‚mDÓàìÜg¥¹ª|[w¢ÃP0 ¹æý3ij ¾naTû‹¨rļžË[àDù· ‹Ž¿Ã +bi}j2ùs Ðÿýo»”¿Haâ)yòcþHóÖiš¥6aÚ1Ÿ‘œ°Rm8 ß8§%óùäN ¯Â øÿà"@û¸9c‚ü}1ÞÀÿMG§¥endstream endobj 624 0 obj << /Type /Font /Subtype /Type1 -/Encoding 1336 0 R +/Encoding 1344 0 R /FirstChar 33 /LastChar 125 -/Widths 1346 0 R -/BaseFont /FNUUJC+NimbusMonL-Regu +/Widths 1354 0 R +/BaseFont /MPGUTB+NimbusMonL-Regu /FontDescriptor 622 0 R >> endobj 622 0 obj << /Ascent 625 /CapHeight 557 /Descent -147 -/FontName /FNUUJC+NimbusMonL-Regu +/FontName /MPGUTB+NimbusMonL-Regu /ItalicAngle 0 /StemV 41 /XHeight 426 /FontBBox [-12 -237 650 811] /Flags 4 -/CharSet (/exclam/quotedbl/numbersign/dollar/percent/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/equal/at/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/underscore/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright) +/CharSet (/exclam/quotedbl/numbersign/dollar/percent/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/equal/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/underscore/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright) /FontFile 623 0 R >> endobj -1346 0 obj -[600 600 600 600 600 0 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 0 600 0 0 600 600 600 600 600 600 600 600 600 600 0 600 600 600 600 600 600 0 600 600 600 600 600 600 600 600 600 600 600 600 0 600 0 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 ] +1354 0 obj +[600 600 600 600 600 0 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 0 600 0 0 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 0 600 0 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 ] endobj 617 0 obj << /Length1 1620 @@ -5952,7 +6011,7 @@ endobj stream xÚ¬zSx¥]·eœTlcÇv%©Ø¶íìضmÛ¨Šm£b£bÛ6»¾ÿïÓ§ŸÓ}Õ}.ö~Þ5Çœcb¬µö¾xɉ”éM쌀bv¶ÎôÌ L\U%uCkkC ;zIgCkÀ_3,9¹°#ÐÐÙÂÎVÄÐÈPšD€Æ3''',9@ØÎÞÃÑÂÌÜ@õ—ƒš––î?-ÿ¸Œ<þùédaf  øûà ´¶³·Ú:ÿ¥øTÎæ@€©…5 ,¯ ))' —SˆmŽ›Pp1²¶0ÈXm€ÔS;G€õ¿c;[‹ZsbøË%è08Ù-þ†Ýöÿ@t{ £…“Óßg€…ÀÌÑÐÖùï œí¶ÆÖ.&ÿð×nj÷¯‚ìíþzØüÅþ’)Ø99;;ZØ;þfUûwÎæ†Îÿäv²ø ìLÿzšØ»üÓÒ¿°¿4QgC ['€3ÐÝùŸ\F@€‰…“½µ¡ÇßÜÉì-þU†‹“…­ÙV@pš:šXœþÒüåþg:ÿÙ'àëÞÐÞÞÚã_Ñvÿòú_5X8;­M`™Yþæ4vþ›ÛÌ–ñŸ­"ikj`fú·ÝÄÅþ?0W ã¿DõÏž¡þ[„¡‰­µÀh -Ë(gçü7%€êÿMe†ÿ>‘ÿ$þoø¿EÞÿ?qÿ«FÿÛ!þÿ=Ïÿ•ZÌÅÚZÎÐø¯ ÀÜ1À?—Œ…ñÿánhcaíñ ø¯žêÀW©4s±6tü¯ð¿émÍþ*BÏÉÀöo«…“˜…;ÐDÁÂÙØ`jhýwVÿ²«Úš­-l5ý×8ôÌLLÿS1·0¶²ýgølÿ†€¶&ÿµü¿2ý«xF5q5%IÚÿó^ý—ŸÂ_ýU<ì€ÿ™D]ÖÎä-þa²sxÑ3s0èY™Øþ»¿ó;³Ïÿ%㿈˜ÿs-kèìháÐfb`bbüýþÏ®tÿ ¨­±É?;FÙÙÐÖäï&û_†`cGÇ¿ÚþëÜÿmú?ÖÿÚî@ ;ÐveÑΘ;Ø2=+ù+ohBD»¿—|(ÄþWƒJq¡µ]_zø6g…Á{MCã×g›ÇŸSû})šƒ‘^LkÊžTàe¾)u_!ÊEíA £Þ/„Œ3õh¯«™--v&µƒ E%½ŸïPS¬Ž0WOÔþ¤®…þèdöˆ¾ÆiõqÈ ¨µE§gIÇO”¿G‡‡{n ûöñhs㾑s»B PDù;äâñk©–‹V6½8mN¨Œ Ávìòø›½ ä´“[¬{[Ëû^ ¬jÄî Öæð¡'¦E½à3õ%­µK$cÿŒæ^55`wzý´æ]ŠÛê{ÌFx9].òn1[Em™QBÏ•[ï¹öضé3MºÔí¡v»ùV¹\¢ ³*2m jVöˆ¨pz/’]6r w™ÇR‚I%Poýpc75ÈÔ'¶ÈhÀƒ W7JUϳ`K¡$¥ÀsÎ<Ä7:^ƒÉXÖë}†¿?Gæ;¦D»Ëc|y´—GðCK”Ï?eñ!AÊ¥c£VÖnPW±6HãÊQ9+–hh8©SfŠŸ0gÒËÑÍÁýh7F(Í¡7öؽŽa¸Z®/„y®I­1‚ÐÖÊ®kZºíRø»ÓÐð±‰ÌN²NNÆnôâT7%ÿÑ'ϳ7i"Å +Ë(gçü7%€êÿMe†ÿ>‘ÿ$þoø¿EÞÿ?qÿ«FÿÛ!þÿ=Ïÿ•ZÌÅÚZÎÐø¯ ÀÜ1À?—Œ…ñÿánhcaíñ ø¯žêÀW©4s±6tü¯ð¿émÍþ*BÏÉÀöo«…“˜…;ÐDÁÂÙØ`jhýwVÿ²«Úš­-l5ý×8ôÌLLÿS1·0¶²ýgølÿ†€¶&ÿµü¿2ý«xF%%-IqÚÿó^ý—ŸÂ_ýU<ì€ÿ™D]ÖÎä-þa²sxÑ3s0èY™Øþ»¿ó;³Ïÿ%㿈˜ÿs-kèìháÐfb`bbüýþÏ®tÿ ¨­±É?;FÙÙÐÖäï&û_†`cGÇ¿ÚþëÜÿmú?ÖÿÚî@ ;ÐveÑΘ;Ø2=+ù+ohBD»¿—|(ÄþWƒJq¡µ]_zø6g…Á{MCã×g›ÇŸSû})šƒ‘^LkÊžTàe¾)u_!ÊEíA £Þ/„Œ3õh¯«™--v&µƒ E%½ŸïPS¬Ž0WOÔþ¤®…þèdöˆ¾ÆiõqÈ ¨µE§gIÇO”¿G‡‡{n ûöñhs㾑s»B PDù;äâñk©–‹V6½8mN¨Œ Ávìòø›½ ä´“[¬{[Ëû^ ¬jÄî Öæð¡'¦E½à3õ%­µK$cÿŒæ^55`wzý´æ]ŠÛê{ÌFx9].òn1[Em™QBÏ•[ï¹öضé3MºÔí¡v»ùV¹\¢ ³*2m jVöˆ¨pz/’]6r w™ÇR‚I%Poýpc75ÈÔ'¶ÈhÀƒ W7JUϳ`K¡$¥ÀsÎ<Ä7:^ƒÉXÖë}†¿?Gæ;¦D»Ëc|y´—GðCK”Ï?eñ!AÊ¥c£VÖnPW±6HãÊQ9+–hh8©SfŠŸ0gÒËÑÍÁýh7F(Í¡7öؽŽa¸Z®/„y®I­1‚ÐÖÊ®kZºíRø»ÓÐð±‰ÌN²NNÆnôâT7%ÿÑ'ϳ7i"Å HkÑò¶ xÀΙsTºÜºí F¥$_2à¤ÝéØæú¢úÆÒ†êéÓ÷j%ôÜvk†Êœæ%¢d` ;ÝSêdù/áÉ]‘¶S¡¼ÀËÒKa÷Ï ëö³‘#&[K^˜µ+»UTƒdak¦“Ÿ–fUX©u¢¸5ÐJçCL8KÔR®<‚öwm.¦LË‚&ØwLCœ¾a!~6]íeîkZ77º?ž†,˜ˆÁóñ0a£%Æà \P3ÏØ©®â%ª«Q¶°sy1*õŸƒð3›Wž®õ;7 K³y²mÇZÉh\HÐçãîäÑ|Àÿ´_˜D®á!)?¬oöër$q0>°±ÏO„…£b{m㔿/£HŽç,Û»MEr2ï©Åèg(ãw„†Ó¤,DûJ.pW£?W؃ð›'HÂMcÕ‹~[5 j´iÝ "£õëÈbýN¿”òà–`˜ä§×ÛÉ™ÍeÒÔ“Ç먄lŸyú¿ýw¬ª±›ä»~¤J!“A=ÐÃé8êâ N1&ƒ¨8#vŠ:ÚQ™¡ù 0 RÛ¤T(þ×ût„Í$þbwF˜ß® 7)ÒZ¥ëî±´X¾;dãQ¡ÅC…sNÏÚ‘!jCù‚#XÎäüÃ_Ä÷ €mK1”£»ãß:¹Õ˜z_#å *’Ðs,b½“o&‰ð]ÎÎì†Ò¬¦{˜±ãxÂZ©–\å.ÉÉq™5í—]Í_ãÓ~w X~˜½UÖ"bg¬%Ì—ÊÉbÙ¶Õ¾VÂ3a¾$þ—ì!íL;ENLãÖ[µô(ÁzŠþÐÞ :\¦oŽìÿÞÉðdþÌn¤j’Pïn‰“Ì{:}*PDvŸw*[ð@9‚»pR¸ÿÍ‹°E²(oh~÷ƒ¸hkå……DÛ–‡[ÒÆ¥oÖ™ziUèɉ±-Ïòk^Mï•ôÌ,öêf¬”ñx” ŸGS6 »æÐ>²+5XÛ•½åfìÔm·ë×®þv*¦Øp ëÔ,ÆêWàÅ{+"‹ÜV¦Å—iÂÿÆ6ë,Y¶ÍSßl£ÐãìÖH”þœÙ¶‚;»£:Jb†öÿcÂ2üâ' í½dn”»†õ¥ÂJz]è°^kSâ…v‡Æ¤>fÊýQÌ’Ñ飺˜N•½º%ÞAäÙiÁO…Ûoñ­¢/ÝvÙŸHMpÿdÓ.š8yиæâ<·ûÌTêüÈÏöé]øÝYØzÔ0óYJöÊVêôøÿ¦/=¢W"ýÓ:Cè¡Êà^+ósZ…íôqÜvOø$ÕiÚøVýq${zìxŽÊ«Q‘c²ârÞQ¨Uz™F`Ô4ùjþ1gæ\xEŠ „ûɘÄEÕ¬«‰~*U;³Ù ¿É› Ô0a¸­¦û[ßÅräÛ%Ó\qŸž]£÷Àëð|O-FêkÞ‹³€'‰Qö.ÊÂTqëÚĵ¦Îš)RžcÀ¾ôßØDã“V¶¢Ååž5yÔL ùR„wOƒùͳ¬¯ãƲ¹ûx¥óuj2a™ dêMèaÁxö³]&e9õ};ªÄqÜm–íʳì $j´’V¢_yŸ¹6€W 3‚èíRõѹc§EsšN1}œÇ‹”Çžácž!\°­1£,,ᄬ¨\XMÔ›ÖÁ€DÊŸ&ë«~9F=Þ'KJk®©YGŽ¿¸éí s¬zÖÃÔcü„Xnú°à¬KNT‡E}Í®¶ˆjYMr5†Ò™NgeƒËÝ Ë ªòÒ •õ¼š3÷1¨vypæËj6µ}åI_ói­EÅÎq¸'½ šþñ+„žb2ä÷R…‚¶~UÞci„eù‹Pz©k!ïÊ×2oˆáûv)³!> ­ZJ®‰ÙGj]ÙîWðH:‘”·Y«äMŽ˜‚Ïéì©qîmuëO#/3K®ÈíöiEpë×3ä‡ÔO@â0¡á‹5!³ÑŒ¯ Ü8ßï;*UbÊS”ßÖq—2,Â#h=ÕM x'üÁROª…ÙB!É<Áq ݘ87¥3üB$ò:ÿÕzÆOE:óP¶%õŠkÄ´{@æÿíÿ€ÿ -ÀÝÏói<ÐÿiŒö? ͪ¾endstream +ÀÝÏói<ÐÿiŒö?›ª¶endstream endobj 618 0 obj << /Type /Font /Subtype /Type1 -/Encoding 1336 0 R +/Encoding 1344 0 R /FirstChar 2 /LastChar 151 -/Widths 1347 0 R -/BaseFont /VGVTRI+URWPalladioL-Ital +/Widths 1355 0 R +/BaseFont /RRZLIG+URWPalladioL-Ital /FontDescriptor 616 0 R >> endobj 616 0 obj << /Ascent 722 /CapHeight 693 /Descent -261 -/FontName /VGVTRI+URWPalladioL-Ital +/FontName /RRZLIG+URWPalladioL-Ital /ItalicAngle -9.5 /StemV 78 /XHeight 482 @@ -6060,44 +6119,41 @@ endobj /CharSet (/fi/parenleft/parenright/comma/hyphen/period/one/two/three/four/five/six/seven/eight/colon/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/Q/R/S/T/U/W/X/Z/a/b/c/d/e/f/g/h/i/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/emdash) /FontFile 617 0 R >> endobj -1347 0 obj +1355 0 obj [528 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 333 333 0 0 250 333 250 0 0 500 500 500 500 500 500 500 500 0 250 0 0 0 0 0 0 722 611 667 778 611 556 722 778 333 0 667 556 944 778 778 611 778 667 556 611 778 0 944 722 0 667 0 0 0 0 0 0 444 463 407 500 389 278 500 500 278 0 444 278 778 556 444 500 463 389 389 333 556 500 722 500 500 444 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1000 ] endobj 607 0 obj << /Length1 862 /Length2 1251 /Length3 532 -/Length 1862 +/Length 1861 /Filter /FlateDecode >> stream -xÚíUkTgnõJÀ+Å€€¸T -æ2M°hZ 䢘ÊLÈ@’I¢ TpE *TEJ+¥õ‚.R.+ -ž -rÓ(˜€`E.º¢î€zìÚŸ»¿öìÌŸyŸçùÞï™çýÎùœxA$–„}Q™‚’A&àã´¤ ™JpròÁ`H ²õf §'°”QH¨ &ʤ3N€«Æ(±pöùdFÄXRC ð‡bXŠ÷@  °BMX 8³BÂrÛ É„ˆ@DÂQˆŒ@™qÄ‘‰P€ñ -*cßP;`LŽ›œq“Ÿ¸E!*“¨!,"PP|/wòß0õns_¥DIgÚϦô’"õk*U*` ðG…0&{W -¿2ç ¥ô]–£€$ˆ€%‹’À t'SÝè¯D`!QÄ€’ÈáY– ßµ‚Ç7k„ -憆¸¾žë,Ƀ™b³:¨oÕ³5ø¶ÆSÂN%S© .Äß7_üw6ûL&@…ˆ, - Ñ=à 5?AxE@‘ a«pDz UàK<š]€Å3cÝŠÁX035Å ûŠ ”H+Í”« ›V=O¹±dz®ë±]½^4uâw•gã‚‘P]J‚§E`TÁåC‹?ÝhX÷B\ôpIBºvà(›˜² ü–aŽÁxÀ.–yK˯&×É<ñkÀÚ#úô´éËŠú/ÕU¬ )ä45ÞaìY4Yÿ,ÅÙðMNÏq®}I÷óc•{Å@‰±¸÷ŠbUY¯œ5iˆ)ýôhrmk¯wª]™_[œ =O͹_Š–„5¹[”K:NË;ÁñvÍçjù×ÿžá½³}ÁÄ›pÆ…#ša?ÃœÓnËm¾eC–MÏÏ ×5^òŽîg]4SFJšMz®ÙZÏI[C ³L'Ü¥ ùYü‘ŽâUÖ¶ òì6PD’pblý4ñ>ýÎäòM}#󘬢úm©î~TÂq‡¾Žßn Ÿ7ôsw£µ¡¦fû¶ö´ÐD?Ç©UúAýãÅkZ:H{×æqïqöuÎö;hÒ3¥5››Zž(l¾àŽ%mQvîÊ 4éÒˆ‹çGtTˆÞ³ þ‡áÿ þ'àW7„)P)„ÅþE¥þ}endstream +xÚíUkTgnõJÀ+Å€€¸ +æ2@ Š,š–K© ÉäI& ¨ÀŠ T¨\*­”Ö °@¹¬(xjD(ÈM£`‚•«® ;€»ôçî¯=;ógÞçy¾÷{æy¿s> 3¦/Á…ÃnˆHB‰ põð=’HÆYX¸¢0$á#¢]¦ £#¸H¹HÈ4 +™FuÀY®HX$Êçò$€•ë' "ÀE£|$< b=XðEX|XI\Àga…ðÅ0³‰8Ø|–†¹|Ž´àˆ!â €ÃÌ–†½¥"`TŒ™¬0“Ÿ˜E6"Dl˜ƒ#y"Ø^0æä¿ajys7©@à Ú/¦ôò‘oˆ0L*QÀaèh¹Ô^2ç³ùRár–!|–‹ˆ+€hG$ÛR—¾Ø/ƒÙL¾„Å8@ /â°ˆ½Ü +ߢÝõÀ^¦Í›¹.’Lˆ/’ì ƒò;õb ¾«±”P¾  ÉdbïÛ¯Àe›}&b!l¾ˆ P¨ö„¢P$;AXE¢A€/bÃ2–aŽID"Á–X4G‚âÆ +Ú$e `ÖÂÔ$ ìAHÁXæðŸ 2ÃPˆ `ΟaÛ7ðÒÐßáö¡ï, `…Š˜·ÿ58:‘E(ŽÁÑû´¨GÿMÈ’¢(,’,žM,þ·5‡ †e0 ×Ó…°œCr«’Êc>;wûûH:/Z+4=ÚMþ51y|öQ_êYo3®¤d¤Hu帪4üœåtR½l”î™öåT±þ…+©…eþ™qÔFb·/>2!U¾ê•åC¾ÿTþ×*cZ#úðÌ7[¶öLm‰mÕ;ËVÓžk˜èÒ]oísÂÚ|£CÏyíþ÷7à#ûwlž¨‰Í½¾5~ëž;ƒ‰»¥Z*9κÁSÐÌ#\ 'B©´ñvi¾«V1dÏ­õJk =1M1O¶xÖâ[&›N1Žþýf˜6þNÊhzÑôW^:¸FSúµþÛŠÄë*RFÜîSw“Ö‡¶¼—<åqɶ+.×µ…<Ú÷s%˜üZ­½±4æyš_cºëITøwuÛg÷áÓ¿¨:uàiIB·«ÎÔßq·Ç5ãEŽg»V*ÅCzeF^Ã;>JÂÙµwÝÞ]ò0NøžžÑ·_yVãÒ½ ·WZéÍCÇ®…QtÌå&–_îÉXY¶Z\lµA\|1n4Öw¬¼ÑÑ ÞW¥ÊŽaL0R r¸Wãa9αҺi½¼Ö »úŒ\Ñ«gªÝ§ÊŒ2PšÉ+$A|ÎiÝ™Œ´tf §·ÿZ±‡šr½Ÿi4½ÏËŸ–"g¶nŠõÓ$1Ž·¼·™ùêÒ.v–ø'Âëí¦óµ]ÊάU3”HvÛ ºÿ…½¼‚¤,^ÔdÊÙßÌ_Äü1ñÝúÂÂÑÖƒãZÈÍ=YÓ±ÃF'JyÏT^µNU¥¦fÄÇ1‡Äîœ3*OlS­z‚¿aÔqpÏ}ŠixlæáðQ3¦–¾W™ü²“n|¼PÃsßD™Ïè +Íþg…rJÔbBý˜™®êÙ¼m×ćº—ò}†OnûQC±–¶|[½—tªj߆×ûŸµÓ s> +ý‡þŒ¿æexîÜá!Í1µ—¼Wq ÷~^ƒì{á,™_›wõ¦âª‚èFhoé»YhOUy0¡ºVq}TZÃÉRNRÝ¢ì‹?É(Éõ»ðƒÆ+’uYmõ¨²±¡»v.9h@<ÝUV~L›C9OÝÆÊ&*JhŸúîù5–*áœpyþËIÒë„®çZµ-2“R?zeòäT±NËëÍÌ̶A¯ù¬5RµJº§‰¤:îì3Þ¶‹3{þw™cóš1?eB´£ž·Ágý¡Þ“Ÿî4í|ÅË{zL+:Y1THÇ'¬ ¸§^¡Öœ2 £ÝS–k RÏÿê¹£@•œ4±)oðZCùŽý¹Œ&ßæÇÖÍ4¾L°R“QÉ4_iZÔ;_\з iòû? I¶–ö{„Fh¬ñO ãëÛÙý³ÒìúœølOÅå(rÆã¤È¿ÅN¯ _Ô}IܵŽ2i­®¼ý÷ç#k¦ïÜ…Sê +ä£îêÑÚ½Fúw:ÜJGô[ækØ;›o8‡ º\Õ‘ Zµš—l  ýrÓ´§íÖ% fÙic]ù[ ×d™ì&qø°Æ9ücꃙÍÞöc“Y4—¼ÆC ¡ò17úœÙ_GV¬ù¹·ÙP][{øTGg’_Œ»ùl›,ù´jrýö¶.ÂñY^'z?§»ŸÖê›Uè¬L,‹a·‡ÔÙ¡±¤ÝG³|´zä¼üÕA=9åœ÷ôÈÿáƒûƒÿ‰ØÕ ¡D¡¡¸œïþiendstream endobj 608 0 obj << /Type /Font /Subtype /Type1 -/Encoding 1348 0 R +/Encoding 1356 0 R /FirstChar 13 /LastChar 110 -/Widths 1349 0 R -/BaseFont /VAUOWV+CMSY10 +/Widths 1357 0 R +/BaseFont /BCYTRP+CMSY10 /FontDescriptor 606 0 R >> endobj 606 0 obj << /Ascent 750 /CapHeight 683 /Descent -194 -/FontName /VAUOWV+CMSY10 +/FontName /BCYTRP+CMSY10 /ItalicAngle -14.035 /StemV 85 /XHeight 431 @@ -6106,10 +6162,10 @@ endobj /CharSet (/circlecopyrt/bullet/braceleft/braceright/bar/backslash) /FontFile 607 0 R >> endobj -1349 0 obj +1357 0 obj [1000 0 500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 500 500 0 0 278 0 0 0 500 ] endobj -1348 0 obj << +1356 0 obj << /Type /Encoding /Differences [ 0 /.notdef 13/circlecopyrt 14/.notdef 15/bullet 16/.notdef 102/braceleft/braceright 104/.notdef 106/bar 107/.notdef 110/backslash 111/.notdef] >> endobj @@ -6122,8 +6178,7 @@ endobj >> stream xÚ¬ºSek´&š•¶Í•¶mÛ¶mÛvf¥mÛf¥mVªÒ¶}kïÓ§OÇé~êÛ3bþßÀ7þ±VLRBeZA{#S1{;ZF:.€ª’º‚¡¡‰¥½ ­’½­!௘š”TØÉÔÐÅÒÞNÄÐÅ”  nj1501999¡IÂöžN–æ.Š¿”ÔÔ4ÿ%ùÇ`äùŸš¿žÎ–æv²¿/n¦6ö¶¦v.!þ¯•MM.¦3KS€°¼‚¦¤œ8€B\N njgêdhPp5²±4ÈX›Ú9›RÌì6ÿqÛÛ™XþSš3Ý_,Ag€!ÀÙÁÔØò¯›©‡±©Ã?*€ƒ©“­¥³óßw€¥3ÀÜÉÐÎåo\ì–vÆ6®&ÿ$ðWnfÿoBNö-lÿêþ‚)Ø;»8;Y:¸þFUû<], ]þ‰ílùW °7ûkiboìúOIÿêþÂüÕºZÚ9\L=\þ‰ed -0±tv°1ôüû/˜ƒ“å¿i¸:[Ú™ÿW4'SsC'Sgç¿0±ÿéÎÕ ø_ª7tp°ñü×Ûþ_«ÿ™ƒ¥‹³©4#ÓߘÆ.c›[ÚAÓÿ3*’vföF†ÿ›¸:ü§ÎÍÔéßQü33”“04±·³ñ˜˜šAÓËÙ»ü  ø¿c™îÿÉÿ(þBðÿzÿÿ‘ûß9ú_.ñÿßûüß¡Å\mlä mMÿuüçŽÈþY2vÿ›µ¡­¥çÿÉþ¿[ª›þG’ÿGIÿ­´3ÿKÃ-Å,=LM,]Œ-f†6ûô¯\ÕÎÄÔÉÆÒÎô/Ÿÿ¶@ËÈÀðßt*–ÆÖvÿ4žõ?T¦v&ÿ=÷¿ý›9½–²ˆ¼° -õÿ¾SÿµSø˽‹Š§ÃßÔþG)²ö&ÿóðŠ½À›–‘ @ËÄÁü÷Ê118Y˜}ÿÿbü¯³¬¡‹“¥@ûoÙ Œÿÿ?žÿ:éþ7Q;c{“¦EÙÅÐÎäï€ýOÁ?jcW'§¿¼þ{çÿýŸçGÝÔÔÃÔz}ÅÞ˜;Ä*=+Ã¥#odJD{ Ÿd$Ô¡¬I¥¸0 Ö¾Ï?=âg•ÁG](]ó ×W‡çò™ÃçÕáX?º y_ªéU®/1å¯B¤-².vêà z½2¸Œsõïë%™P-6µÃÝ)E%½Òp¼™.f'ÈëgÊb·ÂT’'x?ã´Æx´nÄf äú¢³s²¤“ç'ò¡ñÑ‘á¾[°_8Ô¹ñP¤Ün pdÑŽ¹8üZª•¢Õmjí{}ÚìF~b¿?¥ä]°C³ZžWGýG+S¯¬ÆyÀ'‚²¿÷i5G¶ú¸m¦txS7ÃæPÃo¢Z-žÔ¦×âÚÑk·ðßÄoP¿5ã<Æ=v0_ž ÔYqÆ­%~hÝýÉåc P>U:­`ï½züôTSÓö{¿4NKªeu„0Š¿m$æõü‹â êóT•EÖQaQe®ÿ²%Jg‡õPÁ÷ø½Ìçƒm˜•@¨õ‡ôÍPç#ó·ˆkûy6¯e§‹ÕÜT%hÁÁ:Ø¿Ä%Ð*âwâ§Ç­±ÆYHa\üëu*¡‰ËäWGy‘ýÆ÷:â|“J*”•Cö8 +0±tv°1ôüû/˜ƒ“å¿i¸:[Ú™ÿW4'SsC'Sgç¿0±ÿéÎÕ ø_ª7tp°ñü×Ûþ_«ÿ™ƒ¥‹³©4#ÓߘÆ.c›[ÚAÓÿ3*’vföF†ÿ›¸:ü§ÎÍÔéßQü33”“04±·³ñ˜˜šAÓËÙ»ü  ø¿c™îÿÉÿ(þBðÿzÿÿ‘ûß9ú_.ñÿßûüß¡Å\mlä mMÿuüçŽÈþY2vÿ›µ¡­¥çÿÉþ¿[ª›þG’ÿGIÿ­´3ÿKÃ-Å,=LM,]Œ-f†6ûô¯\ÕÎÄÔÉÆÒÎô/Ÿÿ¶@ËÈÀðßt*–ÆÖvÿ4žõ?T¦v&ÿ=÷¿ý›9½š¸œº¸õÿ¾SÿµSø˽‹Š§ÃßÔþG)²ö&ÿóðŠ½À›–‘ @ËÄÁü÷Ê118Y˜}ÿÿbü¯³¬¡‹“¥@ûoÙ Œÿÿ?žÿ:éþ7Q;c{“¦EÙÅÐÎäï€ýOÁ?jcW'§¿¼þ{çÿýŸçGÝÔÔÃÔz}ÅÞ˜;Ä*=+Ã¥#odJD{ Ÿd$Ô¡¬I¥¸0 Ö¾Ï?=âg•ÁG](]ó ×W‡çò™ÃçÕáX?º y_ªéU®/1å¯B¤-².vêà z½2¸Œsõïë%™P-6µÃÝ)E%½Òp¼™.f'ÈëgÊb·ÂT’'x?ã´Æx´nÄf äú¢³s²¤“ç'ò¡ñÑ‘á¾[°_8Ô¹ñP¤Ün pdÑŽ¹8üZª•¢Õmjí{}ÚìF~b¿?¥ä]°C³ZžWGýG+S¯¬ÆyÀ'‚²¿÷i5G¶ú¸m¦txS7ÃæPÃo¢Z-žÔ¦×âÚÑk·ðßÄoP¿5ã<Æ=v0_ž ÔYqÆ­%~hÝýÉåc P>U:­`ï½züôTSÓö{¿4NKªeu„0Š¿m$æõü‹â êóT•EÖQaQe®ÿ²%Jg‡õPÁ÷ø½Ìçƒm˜•@¨õ‡ôÍPç#ó·ˆkûy6¯e§‹ÕÜT%hÁÁ:Ø¿Ä%Ð*âwâ§Ç­±ÆYHa\üëu*¡‰ËäWGy‘ýÆ÷:â|“J*”•Cö8 å< (&.ÕÃè25)hTbp§bâßVv*—èTï/o;eÚ0&±º¥Œ¤8FOX5Éávדñ9Ä– ªA àÊü·Sog´ mY²mÄl?dEŠL0ç…ÿœæ¿Ô¸Å¤ÍÙl\Õ–lfñm³lvÑ+bžþTê¢Jd‚þâ•*®%ß^÷%Mzú,yGºð¢È¨Nï‰ð,-’ Ó`Êá® Ø'J˜Kn árËÏÅ%?ÙÜ\óÿâÞõý#„-îÌC½Jœn)„¦Á‚…`ªXS“.ôR°ßµPË,Ñ?Ž™·w©&|!Ž|Õfœ9p-¡BÝÕŸ—þBÐ9’ÐÇ1#ÄÙ€‹ —i&®¼Úß= Ň’—cú²LcDvØ·÷GüS >*²)œ&ü9?·»b“Ä);âxˆðpÆò÷F L€-²¥ø»¼Jîýý ¡YÆS4{Ú0…b3ð?°äVf‹±Ò‚"©†¾£:iHß^Áa1`IÊRŠOÊGë½qPÌŽ3†aµæÁ¶ìêÒZ (¾QûÈ´µ*½TÌ~4Wl?tnt49$ºÚÉ-zs^"ΉTŽ ¿ÚLi‹¨'}ãN~)™ØËžIS–+×XC” œï€tsai9£–Óv4êø&O¶ê¾ùš\CV昃ÉZLÞRÈÇHýI½…àV8’ãÚ«#w}Ýá¸û"--xõôLd:ÞÂ9cœBŒÂÙ*ï#»Ã¡áÕô„u ‰¨Ù³)ŸáB¤É®…uÏÎÛoU†LÁÄÙWsÞ×£ö>ÅÉÚéH\"ü…ô›šu0a& † ¸V•Úð¥;T§’›î:¾Ð×'—LÕ=¸‡ Bí;`51&®séUÐœ`¤‘ øŽºT¸‹¥{1ƒA'’‡É{²&šðS›çaÁ¤õ÷r7ÿ>‚Gª4:9êi*§ö‚–îÛ0¡ëõõû¼§{m-O:ÁO­Â\Q·„+›Á+ÝÛöbwDù­ f ³N$™½€’祼¡‡Ä\Ä?D%Ç”æD/ú°èÅFqàx·0‚ŒuùÁÿšgCp=R“±‡‰D•M¤³¾Çƒ:ûÆ“Q{J6_GR'ÀÓCÇvæŸØÔÞöI¼ax9³•ðDaDÖòÔü$«GóÅ ç:SÌáI1«^žÀõpFbJ³v*Æý™“`ú=þ÷…ÄߤÒÔj–†´k“Èû­[=*¤Q+ÔCµ‹âüdŒ?Ö é¤7Ýò±FÌ(¶¼+h6bslhïIÀÁ#ËšnjGôqH‰²‹9VjLÅÉ£pñSŠRñ¢Ô†„Ñî”su0LÄø”M¬õ ^oÙ±§9‡ÆcL$:? ðˆKIÐâÉ.û¼…˜Ýhöª“-ëªx? é¼±ÙœJ–Ë]©\ß1ÖB LqOcZ8pWMt×÷S«åKJ DSõ¡™üM®R}»çc;”uÂ:¬~×gkwlš]òVÆ/}Å¢K”ƒXƒaïŸyÇ‚yårÞ¸›5Jš ±urç;@…¿¸£Î  ­.ïƒüvZ›@W}˹RÙ†4˜½wU±ÉžÒn$N4NŸ3©{Wç&cMû%”¨>Ö#.µûQœ1sò1‚ÌTäêy“¥d4'l Ð]ŸXêy‘ß²oÓ€$ð ;ñ^¯ $bМǒƒeR¨õJQ°~ð’½¢h•ƒöjtÁð’£ Aš–ÝHFþŒßæ¦>ù~~ÛŽÂÒ“]Ž3 Îk¥@\-`y-Œì|Šòg.3÷–ÑÇhEw²ê0þö•¹¦4ȹœÅVL_呧 ‰=ÙÒ­µ,¾ø‘ø°ÁLn$c‘_½ŒGÙ<üJ âcÌ”Mi/Ó¥¯œ7ƽ -o<Ã;…‘ÇØÙLGAPýª‡”W&ÙŽÂù¡›Ù"—¾(9Û¿ºµw¾óÞ¦˜‘Šl ]uÁDRpñuwAU.—Õg±ç=ÙŽj‚’ÄMkAAÄ´ì* â™"æg×äjwr:Ó-*å<çéZ<·ïuŸXD,’%E±È—VÍN¬JoÙ˜U®ã ,¥#ˆk„å9„ÕÄܼ'ºàv}é%©@Ûµ;¯1/ò5¶T_/B£uÄEŽÛK,: -8¨™€¢íuÉu( {¤”ðßÁá*¬Ï‡pr^!Þ¢ë0SQPVÆ;”M°(ÎE0’A æÛ£Ÿq E©¸›sFÍ5Ñ¥·¬XÌÖX;q¡{{ïHäP'Iðmå¨u葅ʲz­~Ì|™Á¦­¤Ê×춻r­ŠŸ2µÕГ(ÚÆDÕ Š·Ž¾Lb`Ån\a#ð-7ÊaÐ@ß™HÙ¶-dØä.`séBÈ‹Å(Óâ‚4æ/gËÏÂ1‹´ˆ¶êC-u’E'ÛS«ßñ£»ýàœVqóô‚à׉’§NŒÆ€ÓL\”b¶Ààhö‡6T‰ Ëÿâÿÿ'3{ 7G;Äÿ\tÀendstream +8¨™€¢íuÉu( {¤”ðßÁá*¬Ï‡pr^!Þ¢ë0SQPVÆ;”M°(ÎE0’A æÛ£Ÿq E©¸›sFÍ5Ñ¥·¬XÌÖX;q¡{{ïHäP'Iðmå¨u葅ʲz­~Ì|™Á¦­¤Ê×춻r­ŠŸ2µÕГ(ÚÆDÕ Š·Ž¾Lb`Ån\a#ð-7ÊaÐ@ß™HÙ¶-dØä.`séBÈ‹Å(Óâ‚4æ/gËÏÂ1‹´ˆ¶êC-u’E'ÛS«ßñ£»ýàœVqóô‚à׉’§NŒÆ€ÓL\”b¶Ààhö‡6T‰ Ëÿâÿÿ'3{ 7G;ÄÿÀ#endstream endobj 600 0 obj << /Type /Font /Subtype /Type1 -/Encoding 1336 0 R +/Encoding 1344 0 R /FirstChar 2 /LastChar 151 -/Widths 1350 0 R -/BaseFont /ZSDOCT+URWPalladioL-Roma +/Widths 1358 0 R +/BaseFont /VGNWGZ+URWPalladioL-Roma /FontDescriptor 598 0 R >> endobj 598 0 obj << /Ascent 715 /CapHeight 680 /Descent -282 -/FontName /ZSDOCT+URWPalladioL-Roma +/FontName /VGNWGZ+URWPalladioL-Roma /ItalicAngle 0 /StemV 84 /XHeight 469 @@ -6250,7 +6305,7 @@ endobj /CharSet (/fi/fl/exclam/dollar/percent/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/equal/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/bracketright/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/circumflex/quotedblright/emdash) /FontFile 599 0 R >> endobj -1350 0 obj +1358 0 obj [605 608 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 278 0 0 500 840 0 278 333 333 389 606 250 333 250 606 500 500 500 500 500 500 500 500 500 500 250 250 0 606 0 0 747 778 611 709 774 611 556 763 832 337 333 726 611 946 831 786 604 786 668 525 613 778 722 1000 667 667 667 333 0 333 0 0 278 500 553 444 611 479 333 556 582 291 234 556 291 883 582 546 601 560 395 424 326 603 565 834 516 556 500 0 0 0 0 0 0 0 0 0 0 0 0 0 333 0 0 0 0 0 0 0 0 0 0 0 500 0 0 1000 ] endobj 596 0 obj << @@ -6262,7 +6317,7 @@ endobj >> stream xÚ¬zceß³eÙ¶ë–m£Ë¶mÛ¶mWuÙ¶mÛ6»Œ®.×ôïÿ4ñf>ͼ'âìÌÜ+WæʽãÞˆCF¤ L'hbod*foçBÇDÏÈ PURW0´±14±´—¡²·1ü5³Á‘ ;™ºXÚÛ‰º˜rÔMM"¦Æff @ØÞÁÓÉÒÜÂ@ùƒŠ††ö¿,ÿ„Œ<ÿÃów§³¥¹€üï‹›©½ƒ­©Ë_ˆÿçʦ¦ S€™¥)@X^ASRN@).§ -7µ3u2´(¸ÙXd,MíœM©föN›[ŒííL,ÿ)Í™þ/– 3Ààì`jlùw›©‡±©Ã?.Z€ƒ©“­¥³óßw€¥3ÀÜÉÐÎåo\ì–vÆ6®&ÿøk7³ÿ!'û¿¶}Áì]œ,\³*ˆˆýO C—r;[þuìÍþFšØ»þSÒ¿|aþz] -íœ.¦.ÿä22˜X:;ØzþÍýÌÁÉò_4\-íÌÿ‹-ÀÉÔÜÐÉÄÆÔÙù/Ì_ìºó_uþ·ê l<ÿµÛþ_QÿÉÁÒÅÙÔÆŒ†‰ùoNc—¿¹Í-í`þI;3{ã¿ÙM\þÃçfêô¯Qþ33TIšØÛÙxLLÍ`äì]þ¦Pþ¿©Lÿ?'òÿ€Äÿ#ÿÈûÿ'î×è;Äÿ¿çù¿C‹¹ÚØÈÚšþkà?î€ àŸKæÿ6´µ´ñü¿…ÿ÷HuÓãøC‘t1üÛA;ó¿b0Ò3þ›ÑÒYÌÒÃÔDÁÒÅØ`fhó·Kÿ²«Ú™˜:ÙXÚ™þUó_Ð112þ7ŸŠ…¥±µÝ?mgû7—©É§þW g—•¤ù?oÔÅ)üUÞEÅÓá/µ¯DÖÞä?ÿ  Ù{¼é˜Ø˜t,ŒLÜ_>\,l¾ÿ—Œÿbú¯µ¬¡‹“¥@ûoÙwþSü¿?ÿµÒýo0¢vÆö&ÿÌŠ²‹¡ÉßñúOÃ?ncW'§¿ªþëÄÿ-ú?ÖÿtSSSc˜U{cž«ŒŸ™.õ˜y£Ó"ÚƒýL £¡eM*Å…µö}þû\Uu¡ôͳÜ_ž+¿>¥¨OÆû1l(úÒLo +7µ3u2´(¸ÙXd,MíœM©föN›[ŒííL,ÿ)Í™þ/– 3Ààì`jlùw›©‡±©Ã?.Z€ƒ©“­¥³óßw€¥3ÀÜÉÐÎåo\ì–vÆ6®&ÿøk7³ÿ!'û¿¶}Áì]œ,\³*ˆˆýO C—r;[þuìÍþFšØ»þSÒ¿|aþz] -íœ.¦.ÿä22˜X:;ØzþÍýÌÁÉò_4\-íÌÿ‹-ÀÉÔÜÐÉÄÆÔÙù/Ì_ìºó_uþ·ê l<ÿµÛþ_QÿÉÁÒÅÙÔÆŒ†‰ùoNc—¿¹Í-í`þI;3{ã¿ÙM\þÃçfêô¯Qþ33TIšØÛÙxLLÍ`äì]þ¦Pþ¿©Lÿ?'òÿ€Äÿ#ÿÈûÿ'î×è;Äÿ¿çù¿C‹¹ÚØÈÚšþkà?î€ àŸKæÿ6´µ´ñü¿…ÿ÷HuÓãøC‘t1üÛA;ó¿b0Ò3þ›ÑÒYÌÒÃÔDÁÒÅØ`fhó·Kÿ²«Ú™˜:ÙXÚ™þUó_Ð112þ7ŸŠ…¥±µÝ?mgû7—©É§þW gÔQT“§ù?oÔÅ)üUÞEÅÓá/µ¯DÖÞä?ÿ  Ù{¼é˜Ø˜t,ŒLÜ_>\,l¾ÿ—Œÿbú¯µ¬¡‹“¥@ûoÙwþSü¿?ÿµÒýo0¢vÆö&ÿÌŠ²‹¡ÉßñúOÃ?ncW'§¿ªþëÄÿ-ú?ÖÿtSSSc˜U{cž«ŒŸ™.õ˜y£Ó"ÚƒýL £¡eM*Å…µö}þû\Uu¡ôͳÜ_ž+¿>¥¨OÆû1l(úÒLo ð|I¨ ‘wÈ»8hN‚ôÊà3/Õc¼o—eöÀ´ØÕN¦•ôJ? ðg»Xœ nÿP¸ ‘>; ø§7Æ£w#5¡Ôýº$O>ÿóL1<16:Òw>pŒK“MÆãOà˜‹Ë¯¥Z)ZÝL~Ó‘mÂ{ôÔ*’»RÆ¢)ï0=ã½Ég —\"nsYâ‚{s’?ËçžiE«vY«Ôè€9¡ÇΗ©5{ý‰÷r=Fa‘ŠÚòBLÖÔ—J|‚íuÿáq™ßx&™å2‹r&G-H.‹Û"]pYÝÝÝÜÝé&èJtfRÅÝEÇN ¦÷å»Íਠx'YÓŸ6töà‡­ã•c7éË#ÖñJÝ5ÛÁ+cÃú:v{y)ŽË4øö¢·—ÇØé½V,ã³Î3ê "+0TjêkÉ™”“Œ†yF¶6mœæ ¹{¯ òÙ¼¾žÐbâB¥} ÁŒn’Eötµ•tqx‰xͤ¡"„³úï¯È÷ñ#£Àó©hÆ<‚Ê&1¥útö¦I0ÕˆT¦YR0ÐC²åôÉz‘g‘Ú¢ö!¯9dÌnžîƒƒ³úëg0.›™c˜ Šöh‘ïZd¡{yz©J‰™™I‡\®\ñù¿¹ @@ -6369,23 +6424,23 @@ L 6_mŠq'2~‹Ò=aFŠ†þÐœ²?Ç ¯Z¡._|;l[×OX˜àJÁ+QGýiÜZÉP&Yyf2—<²è•rŒG Ü75·ïá3òŽÃ#z‡FF⨾ãúF4þN¸ü5àcíÚ6P·¡“eä è‡Ék¢œu_KŸ¥°L‹*·éñ0MH¼CrœT>Ü㇟x FÿàRÂB_!äµi¨NÙ%$hâ]tÞ ‰¢èÛîûs¶¼ª=nù<ü¨òÁËY©ÞØîƒQKñ™ÆýgF==ˆ3šöùsCì¶G’Ð!YŠ WaðŠ +·Yà¾]ˆh‘!{â#iŽ»¤"”¯ùù4bwËZ¨X à2&£‘.¿l=b, ¢,ÙlÔúAœ¦Gôì©5W0!ÒãBîV\Êå6ÔÔëߥåíýŽá;RЭ$øžv(Ó@ÃICM«Çv¹Ì_§/# È ÙÌÑ‚§õ±Á¿2å 6ôw’ä{0ëó¬+/6A3C¿X ¬Ÿ?ö¹¤Ñ<ÛˆUëœ"¸¢R2ìú6ÉOôi¦Æ·:+tÝ•;¯–fnÎÇ -¥0©j T™¶„qÚ]¡ÁÂ'DY¸ ö.g¬Âñ¨û ;AJÒ´á¿ÔÍ­[ßÇHûaA@Ôñ ?ÍJµAì»tI•%[Ø­$ Òð³"ɾs™ÿ?÷€ÿS;sc7G{c[¸ÿ£kendstream +¥0©j T™¶„qÚ]¡ÁÂ'DY¸ ö.g¬Âñ¨û ;AJÒ´á¿ÔÍ­[ßÇHûaA@Ôñ ?ÍJµAì»tI•%[Ø­$ Òð³"ɾs™ÿ?÷€ÿS;sc7G{c[¸ÿúð˜endstream endobj 597 0 obj << /Type /Font /Subtype /Type1 -/Encoding 1336 0 R +/Encoding 1344 0 R /FirstChar 2 /LastChar 151 -/Widths 1351 0 R -/BaseFont /NEGMHA+URWPalladioL-Bold +/Widths 1359 0 R +/BaseFont /IZDQVO+URWPalladioL-Bold /FontDescriptor 595 0 R >> endobj 595 0 obj << /Ascent 708 /CapHeight 672 /Descent -266 -/FontName /NEGMHA+URWPalladioL-Bold +/FontName /IZDQVO+URWPalladioL-Bold /ItalicAngle 0 /StemV 123 /XHeight 471 @@ -6394,117 +6449,117 @@ endobj /CharSet (/fi/fl/exclam/dollar/percent/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/question/at/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/Q/R/S/T/U/W/X/Y/Z/bracketleft/bracketright/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/emdash) /FontFile 596 0 R >> endobj -1351 0 obj +1359 0 obj [611 611 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 278 0 0 500 889 0 278 333 333 444 606 250 333 250 296 500 500 500 500 500 500 500 500 500 500 250 250 0 0 0 444 747 778 667 722 833 611 556 833 833 389 0 778 611 1000 833 833 611 833 722 611 667 778 0 1000 667 667 667 333 0 333 0 0 0 500 611 444 611 500 389 556 611 333 333 611 333 889 611 556 611 611 389 444 333 611 556 833 500 556 500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1000 ] endobj 601 0 obj << /Type /Pages /Count 6 -/Parent 1352 0 R +/Parent 1360 0 R /Kids [590 0 R 603 0 R 610 0 R 629 0 R 646 0 R 657 0 R] >> endobj 672 0 obj << /Type /Pages /Count 6 -/Parent 1352 0 R +/Parent 1360 0 R /Kids [664 0 R 674 0 R 679 0 R 687 0 R 698 0 R 706 0 R] >> endobj 717 0 obj << /Type /Pages /Count 6 -/Parent 1352 0 R +/Parent 1360 0 R /Kids [713 0 R 720 0 R 727 0 R 739 0 R 748 0 R 753 0 R] >> endobj 764 0 obj << /Type /Pages /Count 6 -/Parent 1352 0 R -/Kids [757 0 R 766 0 R 776 0 R 787 0 R 794 0 R 803 0 R] +/Parent 1360 0 R +/Kids [757 0 R 766 0 R 776 0 R 784 0 R 792 0 R 802 0 R] >> endobj -813 0 obj << +817 0 obj << /Type /Pages /Count 6 -/Parent 1352 0 R -/Kids [807 0 R 815 0 R 819 0 R 829 0 R 835 0 R 843 0 R] +/Parent 1360 0 R +/Kids [811 0 R 819 0 R 823 0 R 833 0 R 839 0 R 847 0 R] >> endobj -861 0 obj << +862 0 obj << /Type /Pages /Count 6 -/Parent 1352 0 R -/Kids [853 0 R 863 0 R 877 0 R 884 0 R 888 0 R 894 0 R] +/Parent 1360 0 R +/Kids [854 0 R 864 0 R 878 0 R 885 0 R 889 0 R 895 0 R] >> endobj -907 0 obj << +908 0 obj << /Type /Pages /Count 6 -/Parent 1353 0 R -/Kids [900 0 R 909 0 R 916 0 R 920 0 R 925 0 R 931 0 R] +/Parent 1361 0 R +/Kids [901 0 R 910 0 R 917 0 R 921 0 R 926 0 R 932 0 R] >> endobj 947 0 obj << /Type /Pages /Count 6 -/Parent 1353 0 R -/Kids [938 0 R 953 0 R 957 0 R 967 0 R 974 0 R 982 0 R] +/Parent 1361 0 R +/Kids [938 0 R 950 0 R 954 0 R 964 0 R 971 0 R 979 0 R] >> endobj -992 0 obj << +987 0 obj << /Type /Pages /Count 6 -/Parent 1353 0 R -/Kids [986 0 R 994 0 R 1001 0 R 1006 0 R 1013 0 R 1021 0 R] +/Parent 1361 0 R +/Kids [983 0 R 989 0 R 997 0 R 1003 0 R 1010 0 R 1017 0 R] >> endobj -1035 0 obj << +1031 0 obj << /Type /Pages /Count 6 -/Parent 1353 0 R -/Kids [1029 0 R 1037 0 R 1046 0 R 1051 0 R 1055 0 R 1063 0 R] +/Parent 1361 0 R +/Kids [1026 0 R 1033 0 R 1039 0 R 1048 0 R 1052 0 R 1056 0 R] >> endobj -1084 0 obj << +1067 0 obj << /Type /Pages /Count 6 -/Parent 1353 0 R -/Kids [1075 0 R 1086 0 R 1102 0 R 1114 0 R 1120 0 R 1127 0 R] +/Parent 1361 0 R +/Kids [1064 0 R 1069 0 R 1081 0 R 1096 0 R 1109 0 R 1121 0 R] >> endobj -1149 0 obj << +1133 0 obj << /Type /Pages /Count 6 -/Parent 1353 0 R -/Kids [1138 0 R 1151 0 R 1158 0 R 1164 0 R 1168 0 R 1176 0 R] +/Parent 1361 0 R +/Kids [1126 0 R 1135 0 R 1147 0 R 1160 0 R 1168 0 R 1172 0 R] >> endobj -1196 0 obj << +1183 0 obj << /Type /Pages /Count 6 -/Parent 1354 0 R -/Kids [1186 0 R 1198 0 R 1202 0 R 1209 0 R 1221 0 R 1276 0 R] +/Parent 1362 0 R +/Kids [1176 0 R 1185 0 R 1195 0 R 1206 0 R 1210 0 R 1217 0 R] >> endobj -1335 0 obj << +1283 0 obj << /Type /Pages -/Count 1 -/Parent 1354 0 R -/Kids [1327 0 R] +/Count 3 +/Parent 1362 0 R +/Kids [1229 0 R 1285 0 R 1336 0 R] >> endobj -1352 0 obj << +1360 0 obj << /Type /Pages /Count 36 -/Parent 1355 0 R -/Kids [601 0 R 672 0 R 717 0 R 764 0 R 813 0 R 861 0 R] +/Parent 1363 0 R +/Kids [601 0 R 672 0 R 717 0 R 764 0 R 817 0 R 862 0 R] >> endobj -1353 0 obj << +1361 0 obj << /Type /Pages /Count 36 -/Parent 1355 0 R -/Kids [907 0 R 947 0 R 992 0 R 1035 0 R 1084 0 R 1149 0 R] +/Parent 1363 0 R +/Kids [908 0 R 947 0 R 987 0 R 1031 0 R 1067 0 R 1133 0 R] >> endobj -1354 0 obj << +1362 0 obj << /Type /Pages -/Count 7 -/Parent 1355 0 R -/Kids [1196 0 R 1335 0 R] +/Count 9 +/Parent 1363 0 R +/Kids [1183 0 R 1283 0 R] >> endobj -1355 0 obj << +1363 0 obj << /Type /Pages -/Count 79 -/Kids [1352 0 R 1353 0 R 1354 0 R] +/Count 81 +/Kids [1360 0 R 1361 0 R 1362 0 R] >> endobj -1356 0 obj << +1364 0 obj << /Type /Outlines /First 7 0 R /Last 555 0 R @@ -6570,7 +6625,7 @@ endobj 555 0 obj << /Title 556 0 R /A 553 0 R -/Parent 1356 0 R +/Parent 1364 0 R /Prev 535 0 R /First 559 0 R /Last 575 0 R @@ -6606,7 +6661,7 @@ endobj 535 0 obj << /Title 536 0 R /A 533 0 R -/Parent 1356 0 R +/Parent 1364 0 R /Prev 511 0 R /Next 555 0 R /First 539 0 R @@ -6650,7 +6705,7 @@ endobj 511 0 obj << /Title 512 0 R /A 509 0 R -/Parent 1356 0 R +/Parent 1364 0 R /Prev 239 0 R /Next 535 0 R /First 515 0 R @@ -7137,7 +7192,7 @@ endobj 239 0 obj << /Title 240 0 R /A 237 0 R -/Parent 1356 0 R +/Parent 1364 0 R /Prev 227 0 R /Next 511 0 R /First 243 0 R @@ -7159,7 +7214,7 @@ endobj 227 0 obj << /Title 228 0 R /A 225 0 R -/Parent 1356 0 R +/Parent 1364 0 R /Prev 131 0 R /Next 239 0 R /First 231 0 R @@ -7333,7 +7388,7 @@ endobj 131 0 obj << /Title 132 0 R /A 129 0 R -/Parent 1356 0 R +/Parent 1364 0 R /Prev 91 0 R /Next 227 0 R /First 135 0 R @@ -7407,7 +7462,7 @@ endobj 91 0 obj << /Title 92 0 R /A 89 0 R -/Parent 1356 0 R +/Parent 1364 0 R /Prev 67 0 R /Next 131 0 R /First 95 0 R @@ -7450,7 +7505,7 @@ endobj 67 0 obj << /Title 68 0 R /A 65 0 R -/Parent 1356 0 R +/Parent 1364 0 R /Prev 7 0 R /Next 91 0 R /First 71 0 R @@ -7559,1406 +7614,1414 @@ endobj 7 0 obj << /Title 8 0 R /A 5 0 R -/Parent 1356 0 R +/Parent 1364 0 R /Next 67 0 R /First 11 0 R /Last 23 0 R /Count -4 >> endobj -1357 0 obj << -/Names [(Access_Control_Lists) 1172 0 R (Bv9ARM.ch01) 613 0 R (Bv9ARM.ch02) 667 0 R (Bv9ARM.ch03) 682 0 R (Bv9ARM.ch04) 730 0 R (Bv9ARM.ch05) 810 0 R (Bv9ARM.ch06) 822 0 R (Bv9ARM.ch07) 1171 0 R (Bv9ARM.ch08) 1189 0 R (Bv9ARM.ch09) 1205 0 R (Configuration_File_Grammar) 849 0 R (DNSSEC) 782 0 R (Doc-Start) 594 0 R (Setting_TTLs) 1141 0 R (access_control) 963 0 R (acl) 857 0 R (address_match_lists) 827 0 R (admin_tools) 704 0 R (appendix.A) 554 0 R (bibliography) 1217 0 R (boolean_options) 736 0 R (builtin) 1025 0 R (chapter.1) 6 0 R (chapter.2) 66 0 R (chapter.3) 90 0 R (chapter.4) 130 0 R (chapter.5) 226 0 R (chapter.6) 238 0 R (chapter.7) 510 0 R (chapter.8) 534 0 R (cite.RFC1034) 1233 0 R (cite.RFC1035) 1235 0 R (cite.RFC1101) 1290 0 R (cite.RFC1123) 1292 0 R (cite.RFC1183) 1270 0 R (cite.RFC1464) 1310 0 R (cite.RFC1535) 1262 0 R (cite.RFC1536) 1264 0 R (cite.RFC1537) 1300 0 R (cite.RFC1591) 1294 0 R (cite.RFC1706) 1272 0 R (cite.RFC1712) 1324 0 R (cite.RFC1713) 1312 0 R (cite.RFC1794) 1314 0 R (cite.RFC1876) 1274 0 R (cite.RFC1886) 1254 0 R (cite.RFC1912) 1302 0 R (cite.RFC1982) 1266 0 R (cite.RFC1995) 1240 0 R (cite.RFC1996) 1242 0 R (cite.RFC2010) 1304 0 R (cite.RFC2052) 1280 0 R (cite.RFC2065) 1256 0 R (cite.RFC2136) 1244 0 R (cite.RFC2137) 1258 0 R (cite.RFC2163) 1282 0 R (cite.RFC2168) 1284 0 R (cite.RFC2181) 1246 0 R (cite.RFC2219) 1306 0 R (cite.RFC2230) 1286 0 R (cite.RFC2240) 1316 0 R (cite.RFC2308) 1248 0 R (cite.RFC2317) 1296 0 R (cite.RFC2345) 1318 0 R (cite.RFC2352) 1320 0 R (cite.RFC2845) 1250 0 R (cite.RFC974) 1237 0 R (cite.id2492354) 1333 0 R (configuration_file_elements) 823 0 R (controls_statement_definition_and_usage) 718 0 R (diagnostic_tools) 655 0 R (dynamic_update) 734 0 R (dynamic_update_policies) 774 0 R (dynamic_update_security) 972 0 R (historical_dns_information) 1212 0 R (id2465864) 614 0 R (id2466744) 615 0 R (id2466798) 619 0 R (id2466807) 620 0 R (id2467648) 690 0 R (id2467665) 691 0 R (id2468484) 635 0 R (id2468627) 637 0 R (id2468647) 638 0 R (id2468664) 999 0 R (id2468955) 639 0 R (id2469040) 642 0 R (id2469114) 649 0 R (id2469205) 652 0 R (id2469226) 653 0 R (id2469245) 654 0 R (id2469274) 660 0 R (id2469306) 661 0 R (id2469332) 662 0 R (id2469364) 668 0 R (id2469388) 669 0 R (id2469399) 670 0 R (id2469481) 671 0 R (id2469490) 677 0 R (id2469521) 684 0 R (id2469537) 685 0 R (id2470116) 694 0 R (id2470121) 695 0 R (id2471306) 723 0 R (id2471318) 724 0 R (id2471731) 745 0 R (id2472292) 761 0 R (id2472308) 762 0 R (id2472342) 763 0 R (id2472358) 769 0 R (id2472366) 770 0 R (id2472406) 771 0 R (id2472458) 772 0 R (id2472502) 779 0 R (id2472516) 780 0 R (id2472633) 781 0 R (id2472699) 790 0 R (id2472766) 791 0 R (id2472909) 792 0 R (id2472933) 797 0 R (id2472992) 799 0 R (id2473012) 800 0 R (id2473180) 811 0 R (id2473387) 824 0 R (id2474020) 832 0 R (id2474046) 833 0 R (id2474140) 838 0 R (id2474155) 839 0 R (id2474184) 840 0 R (id2474329) 850 0 R (id2474694) 856 0 R (id2474736) 858 0 R (id2474862) 860 0 R (id2475131) 868 0 R (id2475146) 869 0 R (id2475169) 870 0 R (id2475190) 871 0 R (id2475261) 880 0 R (id2475456) 881 0 R (id2475508) 882 0 R (id2476201) 897 0 R (id2476729) 903 0 R (id2476870) 904 0 R (id2476933) 912 0 R (id2476977) 913 0 R (id2476992) 914 0 R (id2478674) 934 0 R (id2479741) 960 0 R (id2479792) 962 0 R (id2479971) 971 0 R (id2480128) 977 0 R (id2480722) 989 0 R (id2480738) 990 0 R (id2480976) 997 0 R (id2483475) 1017 0 R (id2483930) 1032 0 R (id2484556) 1042 0 R (id2484673) 1043 0 R (id2484741) 1049 0 R (id2485414) 1058 0 R (id2485420) 1059 0 R (id2485425) 1060 0 R (id2485658) 1066 0 R (id2485689) 1067 0 R (id2486790) 1105 0 R (id2486949) 1107 0 R (id2486967) 1108 0 R (id2486988) 1111 0 R (id2487128) 1117 0 R (id2487779) 1123 0 R (id2487888) 1125 0 R (id2487909) 1130 0 R (id2488198) 1132 0 R (id2488313) 1134 0 R (id2488331) 1135 0 R (id2488705) 1142 0 R (id2488878) 1144 0 R (id2488892) 1145 0 R (id2488984) 1147 0 R (id2489003) 1148 0 R (id2489059) 1154 0 R (id2489122) 1155 0 R (id2489153) 1156 0 R (id2489213) 1161 0 R (id2489545) 1182 0 R (id2489621) 1183 0 R (id2489678) 1184 0 R (id2489885) 1190 0 R (id2489891) 1191 0 R (id2489902) 1192 0 R (id2489920) 1193 0 R (id2490050) 1206 0 R (id2490055) 1207 0 R (id2490243) 1213 0 R (id2490554) 1215 0 R (id2490899) 1229 0 R (id2490901) 1231 0 R (id2490909) 1236 0 R (id2491001) 1232 0 R (id2491025) 1234 0 R (id2491062) 1245 0 R (id2491088) 1247 0 R (id2491113) 1239 0 R (id2491138) 1241 0 R (id2491161) 1243 0 R (id2491217) 1249 0 R (id2491277) 1252 0 R (id2491292) 1253 0 R (id2491331) 1255 0 R (id2491370) 1257 0 R (id2491398) 1260 0 R (id2491406) 1261 0 R (id2491432) 1263 0 R (id2491499) 1265 0 R (id2491536) 1268 0 R (id2491541) 1269 0 R (id2491598) 1271 0 R (id2491636) 1283 0 R (id2491671) 1273 0 R (id2491725) 1279 0 R (id2491765) 1281 0 R (id2491792) 1285 0 R (id2491818) 1288 0 R (id2491826) 1289 0 R (id2491851) 1291 0 R (id2491875) 1293 0 R (id2491896) 1295 0 R (id2491943) 1298 0 R (id2491950) 1299 0 R (id2491976) 1301 0 R (id2492003) 1303 0 R (id2492039) 1305 0 R (id2492078) 1308 0 R (id2492099) 1309 0 R (id2492121) 1311 0 R (id2492146) 1313 0 R (id2492170) 1315 0 R (id2492193) 1317 0 R (id2492238) 1319 0 R (id2492263) 1322 0 R (id2492269) 1323 0 R (id2492342) 1330 0 R (id2492352) 1332 0 R (id2492354) 1334 0 R (incremental_zone_transfers) 742 0 R (internet_drafts) 1325 0 R (ipv6addresses) 801 0 R (journal) 735 0 R (lwresd) 812 0 R (notify) 731 0 R (options) 923 0 R (page.1) 593 0 R (page.10) 689 0 R (page.11) 700 0 R (page.12) 708 0 R (page.13) 715 0 R (page.14) 722 0 R (page.15) 729 0 R (page.16) 741 0 R (page.17) 750 0 R (page.18) 755 0 R (page.19) 759 0 R (page.2) 605 0 R (page.20) 768 0 R (page.21) 778 0 R (page.22) 789 0 R (page.23) 796 0 R (page.24) 805 0 R (page.25) 809 0 R (page.26) 817 0 R (page.27) 821 0 R (page.28) 831 0 R (page.29) 837 0 R (page.3) 612 0 R (page.30) 845 0 R (page.31) 855 0 R (page.32) 865 0 R (page.33) 879 0 R (page.34) 886 0 R (page.35) 890 0 R (page.36) 896 0 R (page.37) 902 0 R (page.38) 911 0 R (page.39) 918 0 R (page.4) 631 0 R (page.40) 922 0 R (page.41) 927 0 R (page.42) 933 0 R (page.43) 940 0 R (page.44) 955 0 R (page.45) 959 0 R (page.46) 969 0 R (page.47) 976 0 R (page.48) 984 0 R (page.49) 988 0 R (page.5) 648 0 R (page.50) 996 0 R (page.51) 1003 0 R (page.52) 1008 0 R (page.53) 1015 0 R (page.54) 1023 0 R (page.55) 1031 0 R (page.56) 1039 0 R (page.57) 1048 0 R (page.58) 1053 0 R (page.59) 1057 0 R (page.6) 659 0 R (page.60) 1065 0 R (page.61) 1077 0 R (page.62) 1088 0 R (page.63) 1104 0 R (page.64) 1116 0 R (page.65) 1122 0 R (page.66) 1129 0 R (page.67) 1140 0 R (page.68) 1153 0 R (page.69) 1160 0 R (page.7) 666 0 R (page.70) 1166 0 R (page.71) 1170 0 R (page.72) 1178 0 R (page.73) 1188 0 R (page.74) 1200 0 R (page.75) 1204 0 R (page.76) 1211 0 R (page.77) 1224 0 R (page.78) 1278 0 R (page.79) 1329 0 R (page.8) 676 0 R (page.9) 681 0 R (proposed_standards) 746 0 R (rfcs) 644 0 R (rndc) 875 0 R (rrset_ordering) 696 0 R (sample_configuration) 683 0 R (section*.1) 1228 0 R (section*.10) 1321 0 R (section*.11) 1331 0 R (section*.2) 1230 0 R (section*.3) 1238 0 R (section*.4) 1251 0 R (section*.5) 1259 0 R (section*.6) 1267 0 R (section*.7) 1287 0 R (section*.8) 1297 0 R (section*.9) 1307 0 R (section.1.1) 10 0 R (section.1.2) 14 0 R (section.1.3) 18 0 R (section.1.4) 22 0 R (section.2.1) 70 0 R (section.2.2) 74 0 R (section.2.3) 78 0 R (section.2.4) 82 0 R (section.2.5) 86 0 R (section.3.1) 94 0 R (section.3.2) 106 0 R (section.3.3) 110 0 R (section.4.1) 134 0 R (section.4.2) 138 0 R (section.4.3) 146 0 R (section.4.4) 150 0 R (section.4.5) 154 0 R (section.4.6) 190 0 R (section.4.7) 194 0 R (section.4.8) 198 0 R (section.4.9) 214 0 R (section.5.1) 230 0 R (section.5.2) 234 0 R (section.6.1) 242 0 R (section.6.2) 270 0 R (section.6.3) 462 0 R (section.7.1) 514 0 R (section.7.2) 518 0 R (section.7.3) 530 0 R (section.8.1) 538 0 R (section.8.2) 546 0 R (section.8.3) 550 0 R (section.A.1) 558 0 R (section.A.2) 566 0 R (section.A.3) 574 0 R (server_statement_definition_and_usage) 951 0 R (server_statement_grammar) 1034 0 R (statsfile) 929 0 R (subsection.1.4.1) 26 0 R (subsection.1.4.2) 30 0 R (subsection.1.4.3) 34 0 R (subsection.1.4.4) 38 0 R (subsection.1.4.5) 54 0 R (subsection.1.4.6) 62 0 R (subsection.3.1.1) 98 0 R (subsection.3.1.2) 102 0 R (subsection.3.3.1) 114 0 R (subsection.3.3.2) 126 0 R (subsection.4.2.1) 142 0 R (subsection.4.5.1) 158 0 R (subsection.4.5.2) 170 0 R (subsection.4.5.3) 174 0 R (subsection.4.5.4) 178 0 R (subsection.4.5.5) 182 0 R (subsection.4.5.6) 186 0 R (subsection.4.8.1) 202 0 R (subsection.4.8.2) 206 0 R (subsection.4.8.3) 210 0 R (subsection.4.9.1) 218 0 R (subsection.4.9.2) 222 0 R (subsection.6.1.1) 246 0 R (subsection.6.1.2) 258 0 R (subsection.6.2.1) 274 0 R (subsection.6.2.10) 310 0 R (subsection.6.2.11) 322 0 R (subsection.6.2.12) 326 0 R (subsection.6.2.13) 330 0 R (subsection.6.2.14) 334 0 R (subsection.6.2.15) 338 0 R (subsection.6.2.16) 342 0 R (subsection.6.2.17) 414 0 R (subsection.6.2.18) 418 0 R (subsection.6.2.19) 422 0 R (subsection.6.2.2) 278 0 R (subsection.6.2.20) 426 0 R (subsection.6.2.21) 430 0 R (subsection.6.2.22) 434 0 R (subsection.6.2.23) 438 0 R (subsection.6.2.24) 442 0 R (subsection.6.2.3) 282 0 R (subsection.6.2.4) 286 0 R (subsection.6.2.5) 290 0 R (subsection.6.2.6) 294 0 R (subsection.6.2.7) 298 0 R (subsection.6.2.8) 302 0 R (subsection.6.2.9) 306 0 R (subsection.6.3.1) 466 0 R (subsection.6.3.2) 478 0 R (subsection.6.3.3) 482 0 R (subsection.6.3.4) 486 0 R (subsection.6.3.5) 490 0 R (subsection.6.3.6) 506 0 R (subsection.7.2.1) 522 0 R (subsection.7.2.2) 526 0 R (subsection.8.1.1) 542 0 R (subsection.A.1.1) 562 0 R (subsection.A.2.1) 570 0 R (subsection.A.3.1) 578 0 R (subsection.A.3.2) 582 0 R (subsection.A.3.3) 586 0 R (subsubsection.1.4.4.1) 42 0 R (subsubsection.1.4.4.2) 46 0 R (subsubsection.1.4.4.3) 50 0 R (subsubsection.1.4.5.1) 58 0 R (subsubsection.3.3.1.1) 118 0 R (subsubsection.3.3.1.2) 122 0 R (subsubsection.4.5.1.1) 162 0 R (subsubsection.4.5.1.2) 166 0 R (subsubsection.6.1.1.1) 250 0 R (subsubsection.6.1.1.2) 254 0 R (subsubsection.6.1.2.1) 262 0 R (subsubsection.6.1.2.2) 266 0 R (subsubsection.6.2.10.1) 314 0 R (subsubsection.6.2.10.2) 318 0 R (subsubsection.6.2.16.1) 346 0 R (subsubsection.6.2.16.10) 382 0 R (subsubsection.6.2.16.11) 386 0 R (subsubsection.6.2.16.12) 390 0 R (subsubsection.6.2.16.13) 394 0 R (subsubsection.6.2.16.14) 398 0 R (subsubsection.6.2.16.15) 402 0 R (subsubsection.6.2.16.16) 406 0 R (subsubsection.6.2.16.17) 410 0 R (subsubsection.6.2.16.2) 350 0 R (subsubsection.6.2.16.3) 354 0 R (subsubsection.6.2.16.4) 358 0 R (subsubsection.6.2.16.5) 362 0 R (subsubsection.6.2.16.6) 366 0 R (subsubsection.6.2.16.7) 370 0 R (subsubsection.6.2.16.8) 374 0 R (subsubsection.6.2.16.9) 378 0 R (subsubsection.6.2.24.1) 446 0 R (subsubsection.6.2.24.2) 450 0 R (subsubsection.6.2.24.3) 454 0 R (subsubsection.6.2.24.4) 458 0 R (subsubsection.6.3.1.1) 470 0 R (subsubsection.6.3.1.2) 474 0 R (subsubsection.6.3.5.1) 494 0 R (subsubsection.6.3.5.2) 498 0 R (subsubsection.6.3.5.3) 502 0 R (table.1.1) 621 0 R (table.1.2) 636 0 R (table.3.1) 692 0 R (table.3.2) 725 0 R (table.6.1) 825 0 R (table.6.10) 1112 0 R (table.6.11) 1118 0 R (table.6.12) 1124 0 R (table.6.13) 1131 0 R (table.6.14) 1133 0 R (table.6.15) 1136 0 R (table.6.16) 1143 0 R (table.6.17) 1146 0 R (table.6.18) 1162 0 R (table.6.2) 851 0 R (table.6.3) 859 0 R (table.6.4) 898 0 R (table.6.5) 935 0 R (table.6.6) 1018 0 R (table.6.7) 1033 0 R (table.6.8) 1061 0 R (table.6.9) 1106 0 R (table.A.1) 1214 0 R (table.A.2) 1216 0 R (the_category_phrase) 892 0 R (the_sortlist_statement) 1009 0 R (topology) 1004 0 R (tsig) 760 0 R (tuning) 1019 0 R (types_of_resource_records_and_when_to_use_them) 643 0 R (view_statement_grammar) 1027 0 R (zone_statement_grammar) 965 0 R (zone_transfers) 737 0 R] +1365 0 obj << +/Names [(Access_Control_Lists) 1180 0 R (Bv9ARM.ch01) 613 0 R (Bv9ARM.ch02) 667 0 R (Bv9ARM.ch03) 682 0 R (Bv9ARM.ch04) 730 0 R (Bv9ARM.ch05) 814 0 R (Bv9ARM.ch06) 826 0 R (Bv9ARM.ch07) 1179 0 R (Bv9ARM.ch08) 1198 0 R (Bv9ARM.ch09) 1213 0 R (Configuration_File_Grammar) 850 0 R (DNSSEC) 782 0 R (Doc-Start) 594 0 R (Setting_TTLs) 1143 0 R (access_control) 960 0 R (acl) 858 0 R (address_match_lists) 831 0 R (admin_tools) 704 0 R (appendix.A) 554 0 R (bibliography) 1225 0 R (boolean_options) 736 0 R (builtin) 1022 0 R (chapter.1) 6 0 R (chapter.2) 66 0 R (chapter.3) 90 0 R (chapter.4) 130 0 R (chapter.5) 226 0 R (chapter.6) 238 0 R (chapter.7) 510 0 R (chapter.8) 534 0 R (cite.RFC1034) 1241 0 R (cite.RFC1035) 1243 0 R (cite.RFC1101) 1299 0 R (cite.RFC1123) 1301 0 R (cite.RFC1183) 1278 0 R (cite.RFC1464) 1319 0 R (cite.RFC1535) 1270 0 R (cite.RFC1536) 1272 0 R (cite.RFC1537) 1309 0 R (cite.RFC1591) 1303 0 R (cite.RFC1706) 1280 0 R (cite.RFC1712) 1333 0 R (cite.RFC1713) 1321 0 R (cite.RFC1794) 1323 0 R (cite.RFC1876) 1282 0 R (cite.RFC1886) 1262 0 R (cite.RFC1912) 1311 0 R (cite.RFC1982) 1274 0 R (cite.RFC1995) 1248 0 R (cite.RFC1996) 1250 0 R (cite.RFC2010) 1313 0 R (cite.RFC2052) 1289 0 R (cite.RFC2065) 1264 0 R (cite.RFC2136) 1252 0 R (cite.RFC2137) 1266 0 R (cite.RFC2163) 1291 0 R (cite.RFC2168) 1293 0 R (cite.RFC2181) 1254 0 R (cite.RFC2219) 1315 0 R (cite.RFC2230) 1295 0 R (cite.RFC2240) 1325 0 R (cite.RFC2308) 1256 0 R (cite.RFC2317) 1305 0 R (cite.RFC2345) 1327 0 R (cite.RFC2352) 1329 0 R (cite.RFC2845) 1258 0 R (cite.RFC974) 1245 0 R (cite.id2492168) 1342 0 R (configuration_file_elements) 827 0 R (controls_statement_definition_and_usage) 718 0 R (diagnostic_tools) 655 0 R (dynamic_update) 734 0 R (dynamic_update_policies) 774 0 R (dynamic_update_security) 969 0 R (historical_dns_information) 1220 0 R (id2465089) 615 0 R (id2465144) 614 0 R (id2466440) 619 0 R (id2466449) 620 0 R (id2467046) 684 0 R (id2467062) 685 0 R (id2467084) 690 0 R (id2467101) 691 0 R (id2467443) 635 0 R (id2467586) 637 0 R (id2467606) 638 0 R (id2467728) 994 0 R (id2467914) 639 0 R (id2467998) 642 0 R (id2468073) 649 0 R (id2468096) 652 0 R (id2468117) 653 0 R (id2468136) 654 0 R (id2468165) 660 0 R (id2468333) 661 0 R (id2468359) 662 0 R (id2468459) 668 0 R (id2468484) 669 0 R (id2468494) 670 0 R (id2468508) 671 0 R (id2468517) 677 0 R (id2469143) 694 0 R (id2469148) 695 0 R (id2470313) 723 0 R (id2470325) 724 0 R (id2470669) 745 0 R (id2471232) 761 0 R (id2471248) 762 0 R (id2471282) 763 0 R (id2471298) 769 0 R (id2471306) 770 0 R (id2471414) 771 0 R (id2471466) 772 0 R (id2471510) 779 0 R (id2471524) 780 0 R (id2471573) 781 0 R (id2471776) 787 0 R (id2471843) 788 0 R (id2471986) 789 0 R (id2472123) 805 0 R (id2472250) 807 0 R (id2472270) 808 0 R (id2472371) 815 0 R (id2472509) 828 0 R (id2473074) 836 0 R (id2473100) 837 0 R (id2473262) 842 0 R (id2473277) 843 0 R (id2473306) 844 0 R (id2473520) 851 0 R (id2473816) 857 0 R (id2473858) 859 0 R (id2474053) 861 0 R (id2474330) 869 0 R (id2474345) 870 0 R (id2474368) 871 0 R (id2474389) 872 0 R (id2474460) 881 0 R (id2474586) 882 0 R (id2474707) 883 0 R (id2475401) 898 0 R (id2475861) 904 0 R (id2476002) 905 0 R (id2476133) 913 0 R (id2476177) 914 0 R (id2476192) 915 0 R (id2477760) 935 0 R (id2478765) 957 0 R (id2478816) 959 0 R (id2479131) 968 0 R (id2479288) 974 0 R (id2479898) 986 0 R (id2479914) 992 0 R (id2482177) 1000 0 R (id2482583) 1014 0 R (id2483049) 1029 0 R (id2483880) 1043 0 R (id2483928) 1044 0 R (id2484078) 1046 0 R (id2485225) 1059 0 R (id2485232) 1060 0 R (id2485236) 1061 0 R (id2485538) 1072 0 R (id2485569) 1073 0 R (id2486536) 1106 0 R (id2486695) 1112 0 R (id2486713) 1113 0 R (id2486734) 1116 0 R (id2486874) 1118 0 R (id2487525) 1124 0 R (id2487634) 1130 0 R (id2487792) 1131 0 R (id2488012) 1138 0 R (id2488128) 1140 0 R (id2488146) 1141 0 R (id2488519) 1144 0 R (id2488625) 1150 0 R (id2488638) 1151 0 R (id2488798) 1153 0 R (id2488818) 1154 0 R (id2488873) 1158 0 R (id2488936) 1163 0 R (id2488967) 1164 0 R (id2489028) 1165 0 R (id2489356) 1191 0 R (id2489500) 1192 0 R (id2489694) 1193 0 R (id2489765) 1199 0 R (id2489770) 1200 0 R (id2489782) 1201 0 R (id2489799) 1202 0 R (id2489929) 1214 0 R (id2489934) 1215 0 R (id2490057) 1221 0 R (id2490369) 1223 0 R (id2490713) 1237 0 R (id2490715) 1239 0 R (id2490724) 1244 0 R (id2490747) 1240 0 R (id2490771) 1242 0 R (id2490808) 1253 0 R (id2490834) 1255 0 R (id2490859) 1247 0 R (id2490884) 1249 0 R (id2490907) 1251 0 R (id2490963) 1257 0 R (id2491024) 1260 0 R (id2491038) 1261 0 R (id2491077) 1263 0 R (id2491116) 1265 0 R (id2491144) 1268 0 R (id2491153) 1269 0 R (id2491178) 1271 0 R (id2491245) 1273 0 R (id2491282) 1276 0 R (id2491287) 1277 0 R (id2491345) 1279 0 R (id2491382) 1292 0 R (id2491417) 1281 0 R (id2491472) 1288 0 R (id2491511) 1290 0 R (id2491538) 1294 0 R (id2491564) 1297 0 R (id2491572) 1298 0 R (id2491597) 1300 0 R (id2491621) 1302 0 R (id2491642) 1304 0 R (id2491689) 1307 0 R (id2491697) 1308 0 R (id2491722) 1310 0 R (id2491749) 1312 0 R (id2491785) 1314 0 R (id2491825) 1317 0 R (id2491845) 1318 0 R (id2491867) 1320 0 R (id2491960) 1322 0 R (id2491985) 1324 0 R (id2492007) 1326 0 R (id2492053) 1328 0 R (id2492077) 1331 0 R (id2492084) 1332 0 R (id2492156) 1339 0 R (id2492166) 1341 0 R (id2492168) 1343 0 R (incremental_zone_transfers) 742 0 R (internet_drafts) 1334 0 R (ipv6addresses) 809 0 R (journal) 735 0 R (lwresd) 816 0 R (notify) 731 0 R (options) 924 0 R (page.1) 593 0 R (page.10) 689 0 R (page.11) 700 0 R (page.12) 708 0 R (page.13) 715 0 R (page.14) 722 0 R (page.15) 729 0 R (page.16) 741 0 R (page.17) 750 0 R (page.18) 755 0 R (page.19) 759 0 R (page.2) 605 0 R (page.20) 768 0 R (page.21) 778 0 R (page.22) 786 0 R (page.23) 794 0 R (page.24) 804 0 R (page.25) 813 0 R (page.26) 821 0 R (page.27) 825 0 R (page.28) 835 0 R (page.29) 841 0 R (page.3) 612 0 R (page.30) 849 0 R (page.31) 856 0 R (page.32) 866 0 R (page.33) 880 0 R (page.34) 887 0 R (page.35) 891 0 R (page.36) 897 0 R (page.37) 903 0 R (page.38) 912 0 R (page.39) 919 0 R (page.4) 631 0 R (page.40) 923 0 R (page.41) 928 0 R (page.42) 934 0 R (page.43) 940 0 R (page.44) 952 0 R (page.45) 956 0 R (page.46) 966 0 R (page.47) 973 0 R (page.48) 981 0 R (page.49) 985 0 R (page.5) 648 0 R (page.50) 991 0 R (page.51) 999 0 R (page.52) 1005 0 R (page.53) 1012 0 R (page.54) 1019 0 R (page.55) 1028 0 R (page.56) 1035 0 R (page.57) 1041 0 R (page.58) 1050 0 R (page.59) 1054 0 R (page.6) 659 0 R (page.60) 1058 0 R (page.61) 1066 0 R (page.62) 1071 0 R (page.63) 1083 0 R (page.64) 1098 0 R (page.65) 1111 0 R (page.66) 1123 0 R (page.67) 1128 0 R (page.68) 1137 0 R (page.69) 1149 0 R (page.7) 666 0 R (page.70) 1162 0 R (page.71) 1170 0 R (page.72) 1174 0 R (page.73) 1178 0 R (page.74) 1187 0 R (page.75) 1197 0 R (page.76) 1208 0 R (page.77) 1212 0 R (page.78) 1219 0 R (page.79) 1232 0 R (page.8) 676 0 R (page.80) 1287 0 R (page.81) 1338 0 R (page.9) 681 0 R (proposed_standards) 746 0 R (rfcs) 644 0 R (rndc) 876 0 R (rrset_ordering) 696 0 R (sample_configuration) 683 0 R (section*.1) 1236 0 R (section*.10) 1330 0 R (section*.11) 1340 0 R (section*.2) 1238 0 R (section*.3) 1246 0 R (section*.4) 1259 0 R (section*.5) 1267 0 R (section*.6) 1275 0 R (section*.7) 1296 0 R (section*.8) 1306 0 R (section*.9) 1316 0 R (section.1.1) 10 0 R (section.1.2) 14 0 R (section.1.3) 18 0 R (section.1.4) 22 0 R (section.2.1) 70 0 R (section.2.2) 74 0 R (section.2.3) 78 0 R (section.2.4) 82 0 R (section.2.5) 86 0 R (section.3.1) 94 0 R (section.3.2) 106 0 R (section.3.3) 110 0 R (section.4.1) 134 0 R (section.4.2) 138 0 R (section.4.3) 146 0 R (section.4.4) 150 0 R (section.4.5) 154 0 R (section.4.6) 190 0 R (section.4.7) 194 0 R (section.4.8) 198 0 R (section.4.9) 214 0 R (section.5.1) 230 0 R (section.5.2) 234 0 R (section.6.1) 242 0 R (section.6.2) 270 0 R (section.6.3) 462 0 R (section.7.1) 514 0 R (section.7.2) 518 0 R (section.7.3) 530 0 R (section.8.1) 538 0 R (section.8.2) 546 0 R (section.8.3) 550 0 R (section.A.1) 558 0 R (section.A.2) 566 0 R (section.A.3) 574 0 R (server_statement_definition_and_usage) 948 0 R (server_statement_grammar) 1036 0 R (statsfile) 930 0 R (subsection.1.4.1) 26 0 R (subsection.1.4.2) 30 0 R (subsection.1.4.3) 34 0 R (subsection.1.4.4) 38 0 R (subsection.1.4.5) 54 0 R (subsection.1.4.6) 62 0 R (subsection.3.1.1) 98 0 R (subsection.3.1.2) 102 0 R (subsection.3.3.1) 114 0 R (subsection.3.3.2) 126 0 R (subsection.4.2.1) 142 0 R (subsection.4.5.1) 158 0 R (subsection.4.5.2) 170 0 R (subsection.4.5.3) 174 0 R (subsection.4.5.4) 178 0 R (subsection.4.5.5) 182 0 R (subsection.4.5.6) 186 0 R (subsection.4.8.1) 202 0 R (subsection.4.8.2) 206 0 R (subsection.4.8.3) 210 0 R (subsection.4.9.1) 218 0 R (subsection.4.9.2) 222 0 R (subsection.6.1.1) 246 0 R (subsection.6.1.2) 258 0 R (subsection.6.2.1) 274 0 R (subsection.6.2.10) 310 0 R (subsection.6.2.11) 322 0 R (subsection.6.2.12) 326 0 R (subsection.6.2.13) 330 0 R (subsection.6.2.14) 334 0 R (subsection.6.2.15) 338 0 R (subsection.6.2.16) 342 0 R (subsection.6.2.17) 414 0 R (subsection.6.2.18) 418 0 R (subsection.6.2.19) 422 0 R (subsection.6.2.2) 278 0 R (subsection.6.2.20) 426 0 R (subsection.6.2.21) 430 0 R (subsection.6.2.22) 434 0 R (subsection.6.2.23) 438 0 R (subsection.6.2.24) 442 0 R (subsection.6.2.3) 282 0 R (subsection.6.2.4) 286 0 R (subsection.6.2.5) 290 0 R (subsection.6.2.6) 294 0 R (subsection.6.2.7) 298 0 R (subsection.6.2.8) 302 0 R (subsection.6.2.9) 306 0 R (subsection.6.3.1) 466 0 R (subsection.6.3.2) 478 0 R (subsection.6.3.3) 482 0 R (subsection.6.3.4) 486 0 R (subsection.6.3.5) 490 0 R (subsection.6.3.6) 506 0 R (subsection.7.2.1) 522 0 R (subsection.7.2.2) 526 0 R (subsection.8.1.1) 542 0 R (subsection.A.1.1) 562 0 R (subsection.A.2.1) 570 0 R (subsection.A.3.1) 578 0 R (subsection.A.3.2) 582 0 R (subsection.A.3.3) 586 0 R (subsubsection.1.4.4.1) 42 0 R (subsubsection.1.4.4.2) 46 0 R (subsubsection.1.4.4.3) 50 0 R (subsubsection.1.4.5.1) 58 0 R (subsubsection.3.3.1.1) 118 0 R (subsubsection.3.3.1.2) 122 0 R (subsubsection.4.5.1.1) 162 0 R (subsubsection.4.5.1.2) 166 0 R (subsubsection.6.1.1.1) 250 0 R (subsubsection.6.1.1.2) 254 0 R (subsubsection.6.1.2.1) 262 0 R (subsubsection.6.1.2.2) 266 0 R (subsubsection.6.2.10.1) 314 0 R (subsubsection.6.2.10.2) 318 0 R (subsubsection.6.2.16.1) 346 0 R (subsubsection.6.2.16.10) 382 0 R (subsubsection.6.2.16.11) 386 0 R (subsubsection.6.2.16.12) 390 0 R (subsubsection.6.2.16.13) 394 0 R (subsubsection.6.2.16.14) 398 0 R (subsubsection.6.2.16.15) 402 0 R (subsubsection.6.2.16.16) 406 0 R (subsubsection.6.2.16.17) 410 0 R (subsubsection.6.2.16.2) 350 0 R (subsubsection.6.2.16.3) 354 0 R (subsubsection.6.2.16.4) 358 0 R (subsubsection.6.2.16.5) 362 0 R (subsubsection.6.2.16.6) 366 0 R (subsubsection.6.2.16.7) 370 0 R (subsubsection.6.2.16.8) 374 0 R (subsubsection.6.2.16.9) 378 0 R (subsubsection.6.2.24.1) 446 0 R (subsubsection.6.2.24.2) 450 0 R (subsubsection.6.2.24.3) 454 0 R (subsubsection.6.2.24.4) 458 0 R (subsubsection.6.3.1.1) 470 0 R (subsubsection.6.3.1.2) 474 0 R (subsubsection.6.3.5.1) 494 0 R (subsubsection.6.3.5.2) 498 0 R (subsubsection.6.3.5.3) 502 0 R (table.1.1) 621 0 R (table.1.2) 636 0 R (table.3.1) 692 0 R (table.3.2) 725 0 R (table.6.1) 829 0 R (table.6.10) 1117 0 R (table.6.11) 1119 0 R (table.6.12) 1129 0 R (table.6.13) 1132 0 R (table.6.14) 1139 0 R (table.6.15) 1142 0 R (table.6.16) 1145 0 R (table.6.17) 1152 0 R (table.6.18) 1166 0 R (table.6.2) 852 0 R (table.6.3) 860 0 R (table.6.4) 899 0 R (table.6.5) 936 0 R (table.6.6) 1015 0 R (table.6.7) 1030 0 R (table.6.8) 1062 0 R (table.6.9) 1107 0 R (table.A.1) 1222 0 R (table.A.2) 1224 0 R (the_category_phrase) 893 0 R (the_sortlist_statement) 1006 0 R (topology) 1001 0 R (tsig) 760 0 R (tuning) 1020 0 R (types_of_resource_records_and_when_to_use_them) 643 0 R (view_statement_grammar) 1024 0 R (zone_statement_grammar) 962 0 R (zone_transfers) 737 0 R] /Limits [(Access_Control_Lists) (zone_transfers)] >> endobj -1358 0 obj << -/Kids [1357 0 R] +1366 0 obj << +/Kids [1365 0 R] >> endobj -1359 0 obj << -/Dests 1358 0 R +1367 0 obj << +/Dests 1366 0 R >> endobj -1360 0 obj << +1368 0 obj << /Type /Catalog -/Pages 1355 0 R -/Outlines 1356 0 R -/Names 1359 0 R +/Pages 1363 0 R +/Outlines 1364 0 R +/Names 1367 0 R /PageMode /UseOutlines /OpenAction 589 0 R >> endobj -1361 0 obj << +1369 0 obj << /Author()/Title()/Subject()/Creator(LaTeX with hyperref package)/Producer(pdfeTeX-1.21a)/Keywords() -/CreationDate (D:20051104123603+11'00') +/CreationDate (D:20061128121044+11'00') /PTEX.Fullbanner (This is pdfeTeX, Version 3.141592-1.21a-2.2 (Web2C 7.5.4) kpathsea version 3.5.4) >> endobj xref -0 1362 +0 1370 0000000001 65535 f 0000000002 00000 f 0000000003 00000 f 0000000004 00000 f 0000000000 00000 f 0000000009 00000 n -0000018859 00000 n -0000483529 00000 n +0000018863 00000 n +0000490048 00000 n 0000000054 00000 n 0000000086 00000 n -0000018983 00000 n -0000483457 00000 n +0000018987 00000 n +0000489976 00000 n 0000000133 00000 n 0000000173 00000 n -0000019108 00000 n -0000483371 00000 n +0000019112 00000 n +0000489890 00000 n 0000000221 00000 n 0000000273 00000 n -0000019233 00000 n -0000483285 00000 n +0000019237 00000 n +0000489804 00000 n 0000000321 00000 n 0000000377 00000 n -0000023668 00000 n -0000483175 00000 n +0000023672 00000 n +0000489694 00000 n 0000000425 00000 n 0000000478 00000 n -0000023792 00000 n -0000483101 00000 n +0000023796 00000 n +0000489620 00000 n 0000000531 00000 n 0000000572 00000 n -0000023917 00000 n -0000483014 00000 n +0000023921 00000 n +0000489533 00000 n 0000000625 00000 n 0000000674 00000 n -0000024042 00000 n -0000482927 00000 n +0000024046 00000 n +0000489446 00000 n 0000000727 00000 n 0000000757 00000 n -0000028190 00000 n -0000482803 00000 n +0000028194 00000 n +0000489322 00000 n 0000000810 00000 n 0000000861 00000 n -0000028315 00000 n -0000482729 00000 n +0000028319 00000 n +0000489248 00000 n 0000000919 00000 n 0000000964 00000 n -0000028440 00000 n -0000482642 00000 n +0000028444 00000 n +0000489161 00000 n 0000001022 00000 n 0000001062 00000 n -0000028565 00000 n -0000482568 00000 n +0000028569 00000 n +0000489087 00000 n 0000001120 00000 n 0000001162 00000 n -0000031474 00000 n -0000482444 00000 n +0000031482 00000 n +0000488963 00000 n 0000001215 00000 n 0000001260 00000 n -0000031599 00000 n -0000482383 00000 n +0000031607 00000 n +0000488902 00000 n 0000001318 00000 n 0000001355 00000 n -0000031724 00000 n -0000482309 00000 n +0000031732 00000 n +0000488828 00000 n 0000001408 00000 n 0000001463 00000 n -0000034112 00000 n -0000482184 00000 n +0000034120 00000 n +0000488703 00000 n 0000001509 00000 n 0000001556 00000 n -0000034237 00000 n -0000482110 00000 n +0000034245 00000 n +0000488629 00000 n 0000001604 00000 n 0000001648 00000 n -0000034362 00000 n -0000482023 00000 n +0000034370 00000 n +0000488542 00000 n 0000001696 00000 n 0000001735 00000 n -0000034485 00000 n -0000481936 00000 n +0000034493 00000 n +0000488455 00000 n 0000001783 00000 n 0000001825 00000 n -0000034609 00000 n -0000481849 00000 n +0000034617 00000 n +0000488368 00000 n 0000001873 00000 n 0000001936 00000 n -0000035645 00000 n -0000481775 00000 n +0000035653 00000 n +0000488294 00000 n 0000001984 00000 n 0000002034 00000 n -0000037323 00000 n -0000481647 00000 n +0000037331 00000 n +0000488166 00000 n 0000002080 00000 n 0000002126 00000 n -0000037447 00000 n -0000481534 00000 n +0000037455 00000 n +0000488053 00000 n 0000002174 00000 n 0000002218 00000 n -0000037572 00000 n -0000481458 00000 n +0000037580 00000 n +0000487977 00000 n 0000002271 00000 n 0000002323 00000 n -0000037697 00000 n -0000481381 00000 n +0000037705 00000 n +0000487900 00000 n 0000002377 00000 n 0000002436 00000 n -0000040313 00000 n -0000481290 00000 n +0000040321 00000 n +0000487809 00000 n 0000002485 00000 n 0000002523 00000 n -0000040564 00000 n -0000481173 00000 n +0000040572 00000 n +0000487692 00000 n 0000002572 00000 n 0000002618 00000 n -0000040690 00000 n -0000481055 00000 n +0000040698 00000 n +0000487574 00000 n 0000002672 00000 n 0000002739 00000 n -0000043869 00000 n -0000480976 00000 n +0000043877 00000 n +0000487495 00000 n 0000002798 00000 n 0000002842 00000 n -0000043995 00000 n -0000480897 00000 n +0000044003 00000 n +0000487416 00000 n 0000002901 00000 n 0000002949 00000 n -0000053818 00000 n -0000480818 00000 n +0000053920 00000 n +0000487337 00000 n 0000003003 00000 n 0000003036 00000 n -0000057084 00000 n -0000480686 00000 n +0000057191 00000 n +0000487205 00000 n 0000003083 00000 n 0000003126 00000 n -0000057210 00000 n -0000480607 00000 n +0000057317 00000 n +0000487126 00000 n 0000003175 00000 n 0000003205 00000 n -0000057336 00000 n -0000480475 00000 n +0000057443 00000 n +0000486994 00000 n 0000003254 00000 n 0000003292 00000 n -0000057461 00000 n -0000480410 00000 n +0000057568 00000 n +0000486929 00000 n 0000003346 00000 n 0000003388 00000 n -0000061908 00000 n -0000480317 00000 n +0000062008 00000 n +0000486836 00000 n 0000003437 00000 n 0000003496 00000 n -0000062034 00000 n -0000480224 00000 n +0000062134 00000 n +0000486743 00000 n 0000003545 00000 n 0000003578 00000 n -0000068735 00000 n -0000480092 00000 n +0000068838 00000 n +0000486611 00000 n 0000003627 00000 n 0000003655 00000 n -0000068861 00000 n -0000479974 00000 n +0000068964 00000 n +0000486493 00000 n 0000003709 00000 n 0000003778 00000 n -0000068987 00000 n -0000479895 00000 n +0000069090 00000 n +0000486414 00000 n 0000003837 00000 n 0000003885 00000 n -0000069113 00000 n -0000479816 00000 n +0000069216 00000 n +0000486335 00000 n 0000003944 00000 n 0000003989 00000 n -0000072115 00000 n -0000479723 00000 n +0000072218 00000 n +0000486242 00000 n 0000004043 00000 n 0000004111 00000 n -0000072241 00000 n -0000479630 00000 n +0000072344 00000 n +0000486149 00000 n 0000004165 00000 n 0000004235 00000 n -0000072367 00000 n -0000479537 00000 n +0000072470 00000 n +0000486056 00000 n 0000004289 00000 n 0000004352 00000 n -0000072493 00000 n -0000479444 00000 n +0000072596 00000 n +0000485963 00000 n 0000004406 00000 n 0000004461 00000 n -0000076214 00000 n -0000479365 00000 n +0000076316 00000 n +0000485884 00000 n 0000004515 00000 n 0000004547 00000 n -0000076340 00000 n -0000479272 00000 n +0000076442 00000 n +0000485791 00000 n 0000004596 00000 n 0000004624 00000 n -0000076465 00000 n -0000479179 00000 n +0000076567 00000 n +0000485698 00000 n 0000004673 00000 n 0000004705 00000 n -0000076591 00000 n -0000479047 00000 n +0000076693 00000 n +0000485566 00000 n 0000004754 00000 n 0000004784 00000 n -0000080038 00000 n -0000478968 00000 n +0000080149 00000 n +0000485487 00000 n 0000004838 00000 n 0000004879 00000 n -0000080163 00000 n -0000478875 00000 n +0000080274 00000 n +0000485394 00000 n 0000004933 00000 n 0000004975 00000 n -0000080289 00000 n -0000478796 00000 n +0000080400 00000 n +0000485315 00000 n 0000005029 00000 n 0000005074 00000 n -0000082997 00000 n -0000478678 00000 n +0000087840 00000 n +0000485197 00000 n 0000005123 00000 n 0000005169 00000 n -0000083123 00000 n -0000478599 00000 n +0000087966 00000 n +0000485118 00000 n 0000005223 00000 n 0000005283 00000 n -0000083249 00000 n -0000478520 00000 n +0000088092 00000 n +0000485039 00000 n 0000005337 00000 n 0000005406 00000 n -0000086059 00000 n -0000478387 00000 n +0000090527 00000 n +0000484906 00000 n 0000005453 00000 n 0000005506 00000 n -0000086185 00000 n -0000478308 00000 n +0000090653 00000 n +0000484827 00000 n 0000005555 00000 n 0000005611 00000 n -0000086311 00000 n -0000478229 00000 n +0000090779 00000 n +0000484748 00000 n 0000005660 00000 n 0000005709 00000 n -0000090413 00000 n -0000478096 00000 n +0000094890 00000 n +0000484615 00000 n 0000005756 00000 n 0000005808 00000 n -0000090539 00000 n -0000477978 00000 n +0000095016 00000 n +0000484497 00000 n 0000005857 00000 n 0000005908 00000 n -0000094681 00000 n -0000477860 00000 n +0000099160 00000 n +0000484379 00000 n 0000005962 00000 n 0000006007 00000 n -0000094806 00000 n -0000477781 00000 n +0000099285 00000 n +0000484300 00000 n 0000006066 00000 n 0000006100 00000 n -0000094931 00000 n -0000477702 00000 n +0000099410 00000 n +0000484221 00000 n 0000006159 00000 n 0000006207 00000 n -0000098209 00000 n -0000477584 00000 n +0000102688 00000 n +0000484103 00000 n 0000006261 00000 n 0000006301 00000 n -0000098335 00000 n -0000477505 00000 n +0000102814 00000 n +0000484024 00000 n 0000006360 00000 n 0000006394 00000 n -0000098461 00000 n -0000477426 00000 n +0000102940 00000 n +0000483945 00000 n 0000006453 00000 n 0000006501 00000 n -0000102189 00000 n -0000477293 00000 n +0000106666 00000 n +0000483812 00000 n 0000006550 00000 n 0000006600 00000 n -0000105995 00000 n -0000477214 00000 n +0000110504 00000 n +0000483733 00000 n 0000006654 00000 n 0000006701 00000 n -0000106121 00000 n -0000477121 00000 n +0000110630 00000 n +0000483640 00000 n 0000006755 00000 n 0000006815 00000 n -0000106371 00000 n -0000477028 00000 n +0000110880 00000 n +0000483547 00000 n 0000006869 00000 n 0000006921 00000 n -0000106497 00000 n -0000476935 00000 n +0000111006 00000 n +0000483454 00000 n 0000006975 00000 n 0000007040 00000 n -0000111147 00000 n -0000476842 00000 n +0000115636 00000 n +0000483361 00000 n 0000007094 00000 n 0000007145 00000 n -0000111273 00000 n -0000476749 00000 n +0000115762 00000 n +0000483268 00000 n 0000007199 00000 n 0000007263 00000 n -0000111399 00000 n -0000476656 00000 n +0000115888 00000 n +0000483175 00000 n 0000007317 00000 n 0000007364 00000 n -0000111525 00000 n -0000476563 00000 n +0000116014 00000 n +0000483082 00000 n 0000007418 00000 n 0000007478 00000 n -0000114467 00000 n -0000476470 00000 n +0000118956 00000 n +0000482989 00000 n 0000007532 00000 n 0000007583 00000 n -0000114593 00000 n -0000476338 00000 n +0000119082 00000 n +0000482857 00000 n 0000007638 00000 n 0000007703 00000 n -0000114719 00000 n -0000476259 00000 n +0000119208 00000 n +0000482778 00000 n 0000007763 00000 n 0000007810 00000 n -0000125127 00000 n -0000476180 00000 n +0000129617 00000 n +0000482699 00000 n 0000007870 00000 n 0000007918 00000 n -0000128845 00000 n -0000476087 00000 n +0000133330 00000 n +0000482606 00000 n 0000007973 00000 n 0000008023 00000 n -0000128971 00000 n -0000475994 00000 n +0000133456 00000 n +0000482513 00000 n 0000008078 00000 n 0000008141 00000 n -0000130711 00000 n -0000475901 00000 n +0000135194 00000 n +0000482420 00000 n 0000008196 00000 n 0000008248 00000 n -0000130837 00000 n -0000475808 00000 n +0000135320 00000 n +0000482327 00000 n 0000008303 00000 n 0000008368 00000 n -0000130963 00000 n -0000475715 00000 n +0000135446 00000 n +0000482234 00000 n 0000008423 00000 n 0000008475 00000 n -0000136313 00000 n -0000475582 00000 n +0000140719 00000 n +0000482101 00000 n 0000008530 00000 n 0000008595 00000 n -0000140379 00000 n -0000475503 00000 n +0000144791 00000 n +0000482022 00000 n 0000008655 00000 n 0000008699 00000 n -0000159492 00000 n -0000475410 00000 n +0000162452 00000 n +0000481929 00000 n 0000008759 00000 n 0000008798 00000 n -0000159618 00000 n -0000475317 00000 n +0000162576 00000 n +0000481836 00000 n 0000008858 00000 n 0000008905 00000 n -0000159743 00000 n -0000475224 00000 n +0000162702 00000 n +0000481743 00000 n 0000008965 00000 n 0000009008 00000 n -0000163657 00000 n -0000475131 00000 n +0000166677 00000 n +0000481650 00000 n 0000009068 00000 n 0000009107 00000 n -0000166745 00000 n -0000475038 00000 n +0000169550 00000 n +0000481557 00000 n 0000009167 00000 n 0000009209 00000 n -0000166871 00000 n -0000474945 00000 n +0000173583 00000 n +0000481464 00000 n 0000009269 00000 n 0000009312 00000 n -0000174775 00000 n -0000474852 00000 n +0000177138 00000 n +0000481371 00000 n 0000009372 00000 n 0000009419 00000 n -0000174899 00000 n -0000474759 00000 n +0000181163 00000 n +0000481278 00000 n 0000009479 00000 n 0000009540 00000 n -0000178845 00000 n -0000474666 00000 n +0000181289 00000 n +0000481185 00000 n 0000009601 00000 n 0000009653 00000 n -0000178971 00000 n -0000474573 00000 n +0000184888 00000 n +0000481092 00000 n 0000009714 00000 n 0000009767 00000 n -0000181984 00000 n -0000474480 00000 n +0000185015 00000 n +0000480999 00000 n 0000009828 00000 n 0000009866 00000 n -0000185943 00000 n -0000474387 00000 n +0000189024 00000 n +0000480906 00000 n 0000009927 00000 n 0000009979 00000 n -0000189321 00000 n -0000474294 00000 n +0000192176 00000 n +0000480813 00000 n 0000010040 00000 n 0000010084 00000 n -0000189579 00000 n -0000474201 00000 n +0000196560 00000 n +0000480720 00000 n 0000010145 00000 n 0000010181 00000 n -0000194073 00000 n -0000474108 00000 n +0000196689 00000 n +0000480627 00000 n 0000010242 00000 n 0000010305 00000 n -0000197229 00000 n -0000474029 00000 n +0000200114 00000 n +0000480548 00000 n 0000010366 00000 n 0000010415 00000 n -0000197486 00000 n -0000473936 00000 n +0000204331 00000 n +0000480455 00000 n 0000010470 00000 n 0000010521 00000 n -0000197615 00000 n -0000473843 00000 n +0000204460 00000 n +0000480362 00000 n 0000010576 00000 n 0000010640 00000 n -0000202325 00000 n -0000473750 00000 n +0000208218 00000 n +0000480269 00000 n 0000010695 00000 n 0000010752 00000 n -0000202454 00000 n -0000473657 00000 n +0000208347 00000 n +0000480176 00000 n 0000010807 00000 n 0000010877 00000 n -0000206017 00000 n -0000473564 00000 n +0000208476 00000 n +0000480083 00000 n 0000010932 00000 n 0000010981 00000 n -0000206146 00000 n -0000473471 00000 n +0000208605 00000 n +0000479990 00000 n 0000011036 00000 n 0000011098 00000 n -0000207911 00000 n -0000473378 00000 n +0000211144 00000 n +0000479897 00000 n 0000011153 00000 n 0000011202 00000 n -0000211360 00000 n -0000473260 00000 n +0000214243 00000 n +0000479779 00000 n 0000011257 00000 n 0000011319 00000 n -0000211489 00000 n -0000473181 00000 n +0000214372 00000 n +0000479700 00000 n 0000011379 00000 n 0000011418 00000 n -0000216452 00000 n -0000473088 00000 n +0000223329 00000 n +0000479607 00000 n 0000011478 00000 n 0000011512 00000 n -0000216581 00000 n -0000472995 00000 n +0000223458 00000 n +0000479514 00000 n 0000011572 00000 n 0000011613 00000 n -0000226764 00000 n -0000472916 00000 n +0000233632 00000 n +0000479435 00000 n 0000011673 00000 n 0000011725 00000 n -0000230938 00000 n -0000472798 00000 n +0000237666 00000 n +0000479317 00000 n 0000011774 00000 n 0000011807 00000 n -0000231067 00000 n -0000472680 00000 n +0000237795 00000 n +0000479199 00000 n 0000011861 00000 n 0000011933 00000 n -0000231195 00000 n -0000472601 00000 n +0000237923 00000 n +0000479120 00000 n 0000011992 00000 n 0000012036 00000 n -0000238969 00000 n -0000472522 00000 n +0000245477 00000 n +0000479041 00000 n 0000012095 00000 n 0000012148 00000 n -0000242553 00000 n -0000472429 00000 n +0000249238 00000 n +0000478948 00000 n 0000012202 00000 n 0000012252 00000 n -0000245916 00000 n -0000472336 00000 n +0000249496 00000 n +0000478855 00000 n 0000012306 00000 n 0000012344 00000 n -0000246174 00000 n -0000472243 00000 n +0000252743 00000 n +0000478762 00000 n 0000012398 00000 n 0000012447 00000 n -0000246432 00000 n -0000472111 00000 n +0000253002 00000 n +0000478630 00000 n 0000012501 00000 n 0000012553 00000 n -0000246561 00000 n -0000472032 00000 n +0000253131 00000 n +0000478551 00000 n 0000012612 00000 n 0000012664 00000 n -0000249442 00000 n -0000471939 00000 n +0000253260 00000 n +0000478458 00000 n 0000012723 00000 n 0000012776 00000 n -0000249571 00000 n -0000471860 00000 n +0000256913 00000 n +0000478379 00000 n 0000012835 00000 n 0000012884 00000 n -0000249700 00000 n -0000471781 00000 n +0000257042 00000 n +0000478300 00000 n 0000012938 00000 n 0000013018 00000 n -0000255562 00000 n -0000471648 00000 n +0000261560 00000 n +0000478167 00000 n 0000013065 00000 n 0000013117 00000 n -0000255691 00000 n -0000471569 00000 n +0000261689 00000 n +0000478088 00000 n 0000013166 00000 n 0000013210 00000 n -0000259402 00000 n -0000471437 00000 n +0000265419 00000 n +0000477956 00000 n 0000013259 00000 n 0000013321 00000 n -0000259531 00000 n -0000471358 00000 n +0000265548 00000 n +0000477877 00000 n 0000013375 00000 n 0000013423 00000 n -0000259660 00000 n -0000471279 00000 n +0000265677 00000 n +0000477798 00000 n 0000013477 00000 n 0000013528 00000 n -0000259789 00000 n -0000471200 00000 n +0000265806 00000 n +0000477719 00000 n 0000013577 00000 n 0000013624 00000 n -0000262719 00000 n -0000471067 00000 n +0000268736 00000 n +0000477586 00000 n 0000013671 00000 n 0000013708 00000 n -0000262848 00000 n -0000470949 00000 n +0000268865 00000 n +0000477468 00000 n 0000013757 00000 n 0000013796 00000 n -0000262977 00000 n -0000470884 00000 n +0000268994 00000 n +0000477403 00000 n 0000013850 00000 n 0000013928 00000 n -0000263106 00000 n -0000470791 00000 n +0000269123 00000 n +0000477310 00000 n 0000013977 00000 n 0000014044 00000 n -0000263235 00000 n -0000470712 00000 n +0000269252 00000 n +0000477231 00000 n 0000014093 00000 n 0000014138 00000 n -0000266737 00000 n -0000470593 00000 n +0000272731 00000 n +0000477112 00000 n 0000014186 00000 n 0000014218 00000 n -0000266866 00000 n -0000470475 00000 n +0000272860 00000 n +0000476994 00000 n 0000014267 00000 n 0000014306 00000 n -0000266995 00000 n -0000470410 00000 n +0000272989 00000 n +0000476929 00000 n 0000014360 00000 n 0000014421 00000 n -0000271002 00000 n -0000470278 00000 n +0000276996 00000 n +0000476797 00000 n 0000014470 00000 n 0000014527 00000 n -0000271131 00000 n -0000470213 00000 n +0000277125 00000 n +0000476732 00000 n 0000014581 00000 n 0000014630 00000 n -0000271519 00000 n -0000470095 00000 n +0000277513 00000 n +0000476614 00000 n 0000014679 00000 n 0000014741 00000 n -0000271648 00000 n -0000470016 00000 n +0000277642 00000 n +0000476535 00000 n 0000014795 00000 n 0000014850 00000 n -0000284749 00000 n -0000469923 00000 n +0000290746 00000 n +0000476442 00000 n 0000014904 00000 n 0000014945 00000 n -0000285811 00000 n -0000469844 00000 n +0000291808 00000 n +0000476363 00000 n 0000014999 00000 n 0000015051 00000 n -0000015405 00000 n -0000015653 00000 n +0000015407 00000 n +0000015655 00000 n 0000015104 00000 n -0000015527 00000 n -0000015590 00000 n -0000466703 00000 n -0000441039 00000 n -0000466529 00000 n -0000439990 00000 n -0000414055 00000 n -0000439816 00000 n -0000467708 00000 n -0000016305 00000 n -0000016120 00000 n -0000015738 00000 n -0000016242 00000 n -0000413370 00000 n -0000411224 00000 n -0000413206 00000 n -0000019484 00000 n -0000018674 00000 n -0000016390 00000 n -0000018796 00000 n -0000018920 00000 n -0000019045 00000 n -0000019170 00000 n -0000410370 00000 n -0000390012 00000 n -0000410196 00000 n -0000019295 00000 n -0000019358 00000 n -0000019421 00000 n -0000389071 00000 n -0000369672 00000 n -0000388898 00000 n -0000368945 00000 n -0000352561 00000 n -0000368772 00000 n -0000024167 00000 n -0000022985 00000 n -0000019608 00000 n -0000023479 00000 n -0000352026 00000 n -0000335109 00000 n -0000351842 00000 n -0000023542 00000 n -0000023605 00000 n -0000023729 00000 n -0000023854 00000 n -0000023979 00000 n -0000023135 00000 n -0000023328 00000 n -0000024104 00000 n -0000231131 00000 n -0000271712 00000 n -0000028690 00000 n -0000027655 00000 n -0000024291 00000 n -0000028127 00000 n -0000028252 00000 n -0000027805 00000 n -0000027967 00000 n -0000028377 00000 n -0000028502 00000 n -0000028627 00000 n -0000043932 00000 n -0000031848 00000 n -0000031289 00000 n -0000028814 00000 n -0000031411 00000 n -0000031536 00000 n -0000031661 00000 n -0000031785 00000 n -0000034734 00000 n -0000033927 00000 n -0000031959 00000 n -0000034049 00000 n -0000034174 00000 n -0000034299 00000 n -0000034424 00000 n -0000034546 00000 n -0000034671 00000 n -0000467826 00000 n -0000035770 00000 n -0000035460 00000 n -0000034819 00000 n -0000035582 00000 n -0000035707 00000 n -0000037823 00000 n -0000037138 00000 n -0000035868 00000 n -0000037260 00000 n -0000037385 00000 n -0000037509 00000 n -0000037634 00000 n -0000037760 00000 n -0000040816 00000 n -0000039949 00000 n -0000037921 00000 n -0000040250 00000 n -0000040376 00000 n -0000040439 00000 n -0000040501 00000 n -0000040091 00000 n -0000040627 00000 n -0000040753 00000 n -0000189385 00000 n -0000044121 00000 n -0000043684 00000 n -0000040927 00000 n -0000043806 00000 n -0000334582 00000 n -0000325273 00000 n -0000334405 00000 n -0000044058 00000 n -0000047626 00000 n -0000047441 00000 n -0000044245 00000 n -0000047563 00000 n -0000324830 00000 n -0000318031 00000 n -0000324653 00000 n -0000051895 00000 n -0000051505 00000 n -0000047789 00000 n -0000051832 00000 n -0000051647 00000 n -0000467944 00000 n -0000106560 00000 n -0000054068 00000 n -0000053633 00000 n -0000052032 00000 n -0000053755 00000 n -0000053881 00000 n -0000053942 00000 n -0000054005 00000 n -0000057587 00000 n -0000056549 00000 n -0000054192 00000 n -0000057021 00000 n -0000057147 00000 n -0000057273 00000 n -0000056699 00000 n -0000056860 00000 n -0000057398 00000 n -0000057524 00000 n -0000140442 00000 n -0000166934 00000 n -0000062160 00000 n -0000061369 00000 n -0000057685 00000 n -0000061845 00000 n -0000061971 00000 n -0000061519 00000 n -0000061684 00000 n -0000062097 00000 n -0000276260 00000 n -0000064989 00000 n -0000064617 00000 n -0000062310 00000 n -0000064926 00000 n -0000064759 00000 n -0000066145 00000 n -0000065960 00000 n -0000065113 00000 n -0000066082 00000 n -0000069239 00000 n -0000068550 00000 n -0000066243 00000 n -0000068672 00000 n -0000068798 00000 n -0000068924 00000 n -0000069050 00000 n -0000069176 00000 n -0000468062 00000 n -0000072619 00000 n -0000071742 00000 n -0000069376 00000 n -0000072052 00000 n -0000072178 00000 n -0000072304 00000 n -0000072430 00000 n -0000072556 00000 n -0000071884 00000 n -0000226828 00000 n -0000076716 00000 n -0000076029 00000 n -0000072756 00000 n -0000076151 00000 n -0000076277 00000 n -0000076403 00000 n -0000076528 00000 n -0000076653 00000 n -0000317678 00000 n -0000315683 00000 n -0000317515 00000 n -0000080413 00000 n -0000079853 00000 n -0000076853 00000 n -0000079975 00000 n -0000080100 00000 n -0000080226 00000 n -0000080350 00000 n -0000083375 00000 n -0000082633 00000 n -0000080537 00000 n -0000082934 00000 n -0000083060 00000 n -0000082775 00000 n -0000083186 00000 n -0000083312 00000 n -0000271195 00000 n -0000083833 00000 n -0000083648 00000 n -0000083499 00000 n -0000083770 00000 n -0000086437 00000 n -0000085874 00000 n -0000083874 00000 n -0000085996 00000 n -0000086122 00000 n -0000086248 00000 n -0000086374 00000 n -0000468180 00000 n -0000086869 00000 n -0000086684 00000 n -0000086535 00000 n -0000086806 00000 n -0000090790 00000 n -0000090042 00000 n -0000086910 00000 n -0000090350 00000 n -0000090476 00000 n -0000090601 00000 n -0000090664 00000 n -0000090727 00000 n -0000090184 00000 n -0000094744 00000 n -0000095057 00000 n -0000094496 00000 n -0000090888 00000 n -0000094618 00000 n -0000094868 00000 n -0000094994 00000 n -0000098587 00000 n -0000098024 00000 n -0000095194 00000 n -0000098146 00000 n -0000098272 00000 n -0000098398 00000 n -0000098524 00000 n -0000101201 00000 n -0000102440 00000 n -0000101079 00000 n -0000098698 00000 n -0000102126 00000 n -0000314870 00000 n -0000306196 00000 n -0000314698 00000 n -0000102252 00000 n -0000102315 00000 n -0000102378 00000 n -0000106623 00000 n -0000105810 00000 n -0000102592 00000 n -0000105932 00000 n -0000106058 00000 n -0000106182 00000 n -0000106245 00000 n -0000106308 00000 n -0000106434 00000 n -0000468298 00000 n -0000111651 00000 n -0000110085 00000 n -0000106734 00000 n -0000111084 00000 n -0000110259 00000 n -0000110409 00000 n -0000111210 00000 n -0000111336 00000 n -0000111462 00000 n -0000111588 00000 n +0000015529 00000 n +0000015592 00000 n +0000473205 00000 n +0000447541 00000 n +0000473031 00000 n +0000446492 00000 n +0000420557 00000 n +0000446318 00000 n +0000474210 00000 n +0000016313 00000 n +0000016128 00000 n +0000015740 00000 n +0000016250 00000 n +0000419872 00000 n +0000417727 00000 n +0000419708 00000 n +0000019488 00000 n +0000018678 00000 n +0000016398 00000 n +0000018800 00000 n +0000018924 00000 n +0000019049 00000 n +0000019174 00000 n +0000416873 00000 n +0000396515 00000 n +0000416699 00000 n +0000019299 00000 n +0000019362 00000 n +0000019425 00000 n +0000395566 00000 n +0000375814 00000 n +0000395393 00000 n +0000375087 00000 n +0000358703 00000 n +0000374914 00000 n +0000024171 00000 n +0000022989 00000 n +0000019612 00000 n +0000023483 00000 n +0000358168 00000 n +0000341251 00000 n +0000357984 00000 n +0000023546 00000 n +0000023609 00000 n +0000023733 00000 n +0000023858 00000 n +0000023983 00000 n +0000023139 00000 n +0000023332 00000 n +0000024108 00000 n +0000237859 00000 n +0000277706 00000 n +0000028694 00000 n +0000027659 00000 n +0000024295 00000 n +0000028131 00000 n +0000028256 00000 n +0000027809 00000 n +0000027971 00000 n +0000028381 00000 n +0000028506 00000 n +0000028631 00000 n +0000043940 00000 n +0000031856 00000 n +0000031297 00000 n +0000028818 00000 n +0000031419 00000 n +0000031544 00000 n +0000031669 00000 n +0000031793 00000 n +0000034742 00000 n +0000033935 00000 n +0000031967 00000 n +0000034057 00000 n +0000034182 00000 n +0000034307 00000 n +0000034432 00000 n +0000034554 00000 n +0000034679 00000 n +0000474328 00000 n +0000035778 00000 n +0000035468 00000 n +0000034827 00000 n +0000035590 00000 n +0000035715 00000 n +0000037831 00000 n +0000037146 00000 n +0000035876 00000 n +0000037268 00000 n +0000037393 00000 n +0000037517 00000 n +0000037642 00000 n +0000037768 00000 n +0000040824 00000 n +0000039957 00000 n +0000037929 00000 n +0000040258 00000 n +0000040384 00000 n +0000040447 00000 n +0000040509 00000 n +0000040099 00000 n +0000040635 00000 n +0000040761 00000 n +0000192240 00000 n +0000044129 00000 n +0000043692 00000 n +0000040935 00000 n +0000043814 00000 n +0000340724 00000 n +0000331415 00000 n +0000340547 00000 n +0000044066 00000 n +0000047728 00000 n +0000047543 00000 n +0000044253 00000 n +0000047665 00000 n +0000330972 00000 n +0000324173 00000 n +0000330795 00000 n +0000051997 00000 n +0000051607 00000 n +0000047891 00000 n +0000051934 00000 n +0000051749 00000 n +0000474446 00000 n +0000111069 00000 n +0000054170 00000 n +0000053735 00000 n +0000052134 00000 n +0000053857 00000 n +0000053983 00000 n +0000054044 00000 n +0000054107 00000 n +0000057694 00000 n +0000056656 00000 n +0000054294 00000 n +0000057128 00000 n +0000057254 00000 n +0000057380 00000 n +0000056806 00000 n +0000056967 00000 n +0000057505 00000 n +0000057631 00000 n +0000144854 00000 n +0000173646 00000 n +0000062260 00000 n +0000061469 00000 n +0000057792 00000 n +0000061945 00000 n +0000062071 00000 n +0000061619 00000 n +0000061784 00000 n +0000062197 00000 n +0000282256 00000 n +0000065099 00000 n +0000064727 00000 n +0000062410 00000 n +0000065036 00000 n +0000064869 00000 n +0000066255 00000 n +0000066070 00000 n +0000065223 00000 n +0000066192 00000 n +0000069342 00000 n +0000068653 00000 n +0000066353 00000 n +0000068775 00000 n +0000068901 00000 n +0000069027 00000 n +0000069153 00000 n +0000069279 00000 n +0000474564 00000 n +0000072722 00000 n +0000071845 00000 n +0000069479 00000 n +0000072155 00000 n +0000072281 00000 n +0000072407 00000 n +0000072533 00000 n +0000072659 00000 n +0000071987 00000 n +0000233696 00000 n +0000076818 00000 n +0000076131 00000 n +0000072859 00000 n +0000076253 00000 n +0000076379 00000 n +0000076505 00000 n +0000076630 00000 n +0000076755 00000 n +0000080524 00000 n +0000079964 00000 n +0000076942 00000 n +0000080086 00000 n +0000080211 00000 n +0000080337 00000 n +0000080461 00000 n +0000083525 00000 n +0000085224 00000 n +0000083403 00000 n +0000080648 00000 n +0000085161 00000 n +0000323354 00000 n +0000314545 00000 n +0000323182 00000 n +0000084993 00000 n +0000085050 00000 n +0000085139 00000 n +0000088218 00000 n +0000087476 00000 n +0000085376 00000 n +0000087777 00000 n +0000087903 00000 n +0000087618 00000 n +0000088029 00000 n +0000088155 00000 n +0000277189 00000 n +0000090905 00000 n +0000090342 00000 n +0000088342 00000 n +0000090464 00000 n +0000090590 00000 n +0000090716 00000 n +0000090842 00000 n +0000474682 00000 n +0000091337 00000 n +0000091152 00000 n +0000091003 00000 n +0000091274 00000 n +0000095267 00000 n +0000094519 00000 n +0000091378 00000 n +0000094827 00000 n +0000094953 00000 n +0000095078 00000 n +0000095141 00000 n +0000095204 00000 n +0000094661 00000 n +0000099223 00000 n +0000099536 00000 n +0000098975 00000 n +0000095365 00000 n +0000099097 00000 n +0000099347 00000 n +0000099473 00000 n +0000103066 00000 n +0000102503 00000 n +0000099673 00000 n +0000102625 00000 n +0000102751 00000 n +0000102877 00000 n +0000103003 00000 n +0000105678 00000 n +0000106917 00000 n +0000105556 00000 n +0000103177 00000 n +0000106603 00000 n +0000106729 00000 n +0000106792 00000 n +0000106855 00000 n +0000111132 00000 n +0000110319 00000 n +0000107069 00000 n +0000110441 00000 n 0000110567 00000 n -0000110718 00000 n -0000110902 00000 n -0000286325 00000 n -0000114845 00000 n -0000114282 00000 n -0000111788 00000 n -0000114404 00000 n -0000114530 00000 n -0000114656 00000 n -0000114782 00000 n -0000119363 00000 n -0000119178 00000 n -0000114982 00000 n -0000119300 00000 n -0000122390 00000 n -0000122020 00000 n -0000119474 00000 n -0000122327 00000 n -0000122162 00000 n -0000125190 00000 n -0000125379 00000 n -0000124942 00000 n -0000122501 00000 n -0000125064 00000 n -0000125253 00000 n -0000125316 00000 n -0000129097 00000 n -0000128329 00000 n -0000125490 00000 n -0000128782 00000 n -0000128908 00000 n -0000129034 00000 n -0000128479 00000 n -0000128630 00000 n -0000468416 00000 n -0000131089 00000 n -0000130526 00000 n -0000129208 00000 n -0000130648 00000 n -0000130774 00000 n -0000130900 00000 n -0000131026 00000 n -0000132625 00000 n -0000132440 00000 n -0000131200 00000 n -0000132562 00000 n -0000136439 00000 n -0000136128 00000 n -0000132723 00000 n -0000136250 00000 n -0000136376 00000 n -0000140505 00000 n -0000140019 00000 n -0000136563 00000 n -0000140316 00000 n -0000140161 00000 n -0000197293 00000 n -0000144437 00000 n -0000144127 00000 n -0000140629 00000 n -0000144249 00000 n -0000144312 00000 n -0000144374 00000 n -0000148409 00000 n -0000151142 00000 n -0000148227 00000 n -0000144561 00000 n -0000151079 00000 n -0000150045 00000 n -0000150198 00000 n -0000150354 00000 n -0000150538 00000 n -0000150711 00000 n -0000150895 00000 n -0000468534 00000 n -0000149877 00000 n -0000149934 00000 n -0000150023 00000 n -0000197679 00000 n -0000155337 00000 n -0000155152 00000 n -0000151320 00000 n -0000155274 00000 n -0000159869 00000 n -0000158946 00000 n -0000155461 00000 n -0000159429 00000 n -0000159555 00000 n -0000159096 00000 n -0000159681 00000 n -0000159806 00000 n -0000159264 00000 n -0000207975 00000 n -0000163782 00000 n -0000163282 00000 n -0000159980 00000 n -0000163594 00000 n -0000163424 00000 n -0000163720 00000 n -0000259852 00000 n -0000166997 00000 n -0000166560 00000 n -0000163906 00000 n -0000166682 00000 n -0000166808 00000 n -0000305670 00000 n -0000297780 00000 n -0000305497 00000 n -0000170997 00000 n -0000170812 00000 n -0000167162 00000 n -0000170934 00000 n -0000175025 00000 n -0000174397 00000 n -0000171108 00000 n -0000174712 00000 n -0000174836 00000 n -0000174962 00000 n -0000174539 00000 n -0000468652 00000 n -0000179097 00000 n -0000178486 00000 n -0000175190 00000 n -0000178782 00000 n -0000178908 00000 n -0000178628 00000 n -0000179034 00000 n -0000182112 00000 n -0000181794 00000 n -0000179208 00000 n -0000181919 00000 n -0000182047 00000 n -0000186072 00000 n -0000185406 00000 n -0000182278 00000 n -0000185878 00000 n -0000186007 00000 n -0000185561 00000 n -0000185723 00000 n -0000189708 00000 n -0000188941 00000 n -0000186184 00000 n -0000189256 00000 n -0000189087 00000 n -0000189449 00000 n -0000189514 00000 n -0000189643 00000 n -0000194202 00000 n -0000193524 00000 n -0000189874 00000 n -0000194008 00000 n -0000193679 00000 n -0000194137 00000 n -0000193841 00000 n -0000206081 00000 n -0000197742 00000 n -0000197038 00000 n -0000194368 00000 n -0000197164 00000 n -0000197357 00000 n -0000197421 00000 n -0000197550 00000 n -0000468774 00000 n -0000202583 00000 n -0000201630 00000 n -0000197854 00000 n -0000202260 00000 n -0000201795 00000 n -0000201945 00000 n -0000202389 00000 n -0000202518 00000 n -0000202107 00000 n -0000206275 00000 n -0000205826 00000 n -0000202695 00000 n -0000205952 00000 n -0000206210 00000 n -0000208039 00000 n -0000207720 00000 n -0000206387 00000 n -0000207846 00000 n -0000211746 00000 n -0000211169 00000 n -0000208151 00000 n -0000211295 00000 n -0000211424 00000 n -0000211553 00000 n -0000211618 00000 n -0000211683 00000 n -0000216710 00000 n -0000215208 00000 n -0000211858 00000 n -0000216387 00000 n -0000216516 00000 n -0000216645 00000 n -0000215400 00000 n -0000215562 00000 n -0000215724 00000 n -0000215886 00000 n -0000216057 00000 n -0000216227 00000 n -0000221529 00000 n -0000220300 00000 n -0000216822 00000 n -0000221464 00000 n -0000220492 00000 n -0000220655 00000 n -0000220817 00000 n -0000220979 00000 n -0000221139 00000 n -0000221301 00000 n -0000468899 00000 n -0000226892 00000 n -0000224533 00000 n -0000221654 00000 n -0000226699 00000 n -0000224779 00000 n -0000224932 00000 n -0000225094 00000 n -0000225256 00000 n -0000225418 00000 n -0000225580 00000 n -0000225742 00000 n -0000225904 00000 n -0000226066 00000 n -0000226220 00000 n -0000226381 00000 n -0000226536 00000 n -0000231452 00000 n -0000230255 00000 n -0000227017 00000 n -0000230743 00000 n -0000230808 00000 n -0000230873 00000 n -0000231002 00000 n -0000231259 00000 n -0000230411 00000 n -0000230581 00000 n -0000231324 00000 n -0000231388 00000 n -0000235060 00000 n -0000234739 00000 n -0000231577 00000 n -0000234865 00000 n -0000234930 00000 n -0000234995 00000 n -0000239098 00000 n -0000238648 00000 n -0000235159 00000 n -0000238774 00000 n -0000238839 00000 n -0000238904 00000 n -0000239033 00000 n -0000242812 00000 n -0000242102 00000 n -0000239223 00000 n -0000242228 00000 n -0000242293 00000 n -0000242358 00000 n -0000242423 00000 n -0000242488 00000 n -0000242617 00000 n -0000242682 00000 n -0000242747 00000 n -0000246688 00000 n -0000245725 00000 n -0000242937 00000 n -0000245851 00000 n -0000245980 00000 n -0000246045 00000 n -0000246110 00000 n -0000246238 00000 n -0000246302 00000 n -0000246367 00000 n -0000246496 00000 n -0000246624 00000 n -0000469024 00000 n -0000249829 00000 n -0000249251 00000 n -0000246880 00000 n -0000249377 00000 n -0000249506 00000 n -0000249635 00000 n -0000249764 00000 n -0000252798 00000 n -0000252477 00000 n -0000250021 00000 n -0000252603 00000 n -0000252668 00000 n -0000252733 00000 n -0000253251 00000 n -0000253060 00000 n -0000252910 00000 n -0000253186 00000 n -0000255820 00000 n -0000254911 00000 n -0000253293 00000 n -0000255497 00000 n -0000255626 00000 n -0000255755 00000 n -0000255067 00000 n -0000255282 00000 n -0000259916 00000 n -0000259211 00000 n -0000255945 00000 n -0000259337 00000 n -0000297459 00000 n -0000288246 00000 n -0000297273 00000 n -0000259466 00000 n -0000259595 00000 n -0000259724 00000 n -0000263363 00000 n -0000262137 00000 n -0000260081 00000 n -0000262654 00000 n -0000262783 00000 n -0000262912 00000 n -0000263041 00000 n -0000263170 00000 n -0000263299 00000 n -0000262293 00000 n -0000262465 00000 n -0000469149 00000 n -0000263816 00000 n -0000263625 00000 n -0000263475 00000 n -0000263751 00000 n -0000267124 00000 n -0000266546 00000 n -0000263858 00000 n -0000266672 00000 n -0000266801 00000 n -0000266930 00000 n -0000267059 00000 n -0000271776 00000 n -0000270426 00000 n -0000267210 00000 n -0000270937 00000 n -0000271066 00000 n -0000271259 00000 n -0000271324 00000 n -0000271389 00000 n -0000271454 00000 n -0000271583 00000 n -0000270582 00000 n -0000270760 00000 n -0000278658 00000 n -0000274598 00000 n -0000271927 00000 n -0000274772 00000 n -0000275480 00000 n -0000274950 00000 n -0000275128 00000 n -0000275304 00000 n -0000275545 00000 n -0000275610 00000 n -0000275675 00000 n -0000275740 00000 n -0000275805 00000 n -0000275870 00000 n -0000275935 00000 n -0000276000 00000 n -0000276065 00000 n -0000276130 00000 n -0000276195 00000 n -0000276324 00000 n -0000276389 00000 n -0000276454 00000 n -0000276519 00000 n -0000276584 00000 n -0000276648 00000 n -0000276713 00000 n -0000276777 00000 n -0000276842 00000 n -0000276907 00000 n -0000276972 00000 n -0000277037 00000 n -0000277101 00000 n -0000277166 00000 n -0000277231 00000 n -0000277296 00000 n -0000277361 00000 n -0000277426 00000 n -0000277491 00000 n -0000277555 00000 n -0000277620 00000 n -0000277685 00000 n -0000277750 00000 n -0000277815 00000 n -0000277880 00000 n -0000277945 00000 n -0000278010 00000 n -0000278075 00000 n -0000278140 00000 n -0000278205 00000 n -0000278270 00000 n -0000278335 00000 n -0000278400 00000 n -0000278465 00000 n -0000278530 00000 n -0000278594 00000 n -0000284877 00000 n -0000281570 00000 n -0000278809 00000 n -0000281696 00000 n -0000281761 00000 n -0000281826 00000 n -0000281891 00000 n -0000281956 00000 n -0000282021 00000 n -0000282085 00000 n -0000282150 00000 n -0000282215 00000 n -0000282280 00000 n -0000282345 00000 n -0000282410 00000 n -0000282475 00000 n -0000282540 00000 n -0000282605 00000 n -0000282670 00000 n -0000282735 00000 n -0000282800 00000 n -0000282865 00000 n -0000282930 00000 n -0000282995 00000 n -0000283060 00000 n -0000283125 00000 n -0000283190 00000 n -0000283254 00000 n -0000283319 00000 n -0000283384 00000 n -0000283449 00000 n -0000283514 00000 n -0000283579 00000 n -0000283644 00000 n -0000283709 00000 n -0000283774 00000 n -0000283839 00000 n -0000283904 00000 n -0000283969 00000 n -0000284034 00000 n -0000284099 00000 n -0000284164 00000 n -0000284229 00000 n -0000284294 00000 n -0000284359 00000 n -0000284424 00000 n -0000284489 00000 n -0000284554 00000 n -0000284619 00000 n -0000284684 00000 n -0000284813 00000 n -0000286200 00000 n -0000285620 00000 n -0000284989 00000 n -0000285746 00000 n -0000285875 00000 n -0000285940 00000 n -0000286005 00000 n -0000286070 00000 n -0000286135 00000 n -0000469274 00000 n -0000286357 00000 n -0000297701 00000 n -0000305945 00000 n -0000315264 00000 n -0000317923 00000 n -0000317892 00000 n -0000325072 00000 n -0000334868 00000 n -0000352366 00000 n -0000369353 00000 n -0000389635 00000 n -0000410774 00000 n -0000413857 00000 n -0000413627 00000 n -0000440544 00000 n -0000467222 00000 n -0000469354 00000 n -0000469474 00000 n -0000469597 00000 n -0000469686 00000 n -0000469768 00000 n -0000483639 00000 n -0000495601 00000 n -0000495642 00000 n -0000495682 00000 n -0000495816 00000 n +0000110691 00000 n +0000110754 00000 n +0000110817 00000 n +0000110943 00000 n +0000474800 00000 n +0000116140 00000 n +0000114574 00000 n +0000111243 00000 n +0000115573 00000 n +0000114748 00000 n +0000114898 00000 n +0000115699 00000 n +0000115825 00000 n +0000115951 00000 n +0000116077 00000 n +0000115056 00000 n +0000115207 00000 n +0000115391 00000 n +0000292322 00000 n +0000119334 00000 n +0000118771 00000 n +0000116277 00000 n +0000118893 00000 n +0000119019 00000 n +0000119145 00000 n +0000119271 00000 n +0000123845 00000 n +0000123660 00000 n +0000119471 00000 n +0000123782 00000 n +0000126880 00000 n +0000126510 00000 n +0000123956 00000 n +0000126817 00000 n +0000126652 00000 n +0000129680 00000 n +0000129869 00000 n +0000129432 00000 n +0000126991 00000 n +0000129554 00000 n +0000129743 00000 n +0000129806 00000 n +0000133582 00000 n +0000132814 00000 n +0000129980 00000 n +0000133267 00000 n +0000133393 00000 n +0000133519 00000 n +0000132964 00000 n +0000133115 00000 n +0000474918 00000 n +0000135572 00000 n +0000135009 00000 n +0000133693 00000 n +0000135131 00000 n +0000135257 00000 n +0000135383 00000 n +0000135509 00000 n +0000137122 00000 n +0000136937 00000 n +0000135683 00000 n +0000137059 00000 n +0000140844 00000 n +0000140534 00000 n +0000137220 00000 n +0000140656 00000 n +0000140781 00000 n +0000144917 00000 n +0000144432 00000 n +0000140968 00000 n +0000144728 00000 n +0000144574 00000 n +0000200178 00000 n +0000148826 00000 n +0000148515 00000 n +0000145041 00000 n +0000148637 00000 n +0000148700 00000 n +0000148763 00000 n +0000153958 00000 n +0000152681 00000 n +0000148950 00000 n +0000153895 00000 n +0000152863 00000 n +0000153016 00000 n +0000153172 00000 n +0000153355 00000 n +0000153527 00000 n +0000153711 00000 n +0000475036 00000 n +0000204524 00000 n +0000158215 00000 n +0000158030 00000 n +0000154136 00000 n +0000158152 00000 n +0000162828 00000 n +0000161906 00000 n +0000158352 00000 n +0000162389 00000 n +0000162515 00000 n +0000162056 00000 n +0000162639 00000 n +0000162765 00000 n +0000162224 00000 n +0000211208 00000 n +0000166803 00000 n +0000166302 00000 n +0000162952 00000 n +0000166614 00000 n +0000166444 00000 n +0000166740 00000 n +0000265869 00000 n +0000169676 00000 n +0000169365 00000 n +0000166927 00000 n +0000169487 00000 n +0000169613 00000 n +0000314019 00000 n +0000306129 00000 n +0000313846 00000 n +0000173709 00000 n +0000173398 00000 n +0000169841 00000 n +0000173520 00000 n +0000177262 00000 n +0000176953 00000 n +0000173820 00000 n +0000177075 00000 n +0000177200 00000 n +0000475154 00000 n +0000181415 00000 n +0000180623 00000 n +0000177414 00000 n +0000181100 00000 n +0000181226 00000 n +0000180773 00000 n +0000181352 00000 n +0000180946 00000 n +0000185142 00000 n +0000184703 00000 n +0000181526 00000 n +0000184825 00000 n +0000184951 00000 n +0000185078 00000 n +0000189153 00000 n +0000188487 00000 n +0000185294 00000 n +0000188959 00000 n +0000189088 00000 n +0000188642 00000 n +0000188804 00000 n +0000192432 00000 n +0000191796 00000 n +0000189319 00000 n +0000192111 00000 n +0000191942 00000 n +0000192303 00000 n +0000192367 00000 n +0000196818 00000 n +0000196012 00000 n +0000192598 00000 n +0000196495 00000 n +0000196624 00000 n +0000196167 00000 n +0000196753 00000 n +0000196329 00000 n +0000208540 00000 n +0000200372 00000 n +0000199923 00000 n +0000196984 00000 n +0000200049 00000 n +0000200242 00000 n +0000200307 00000 n +0000475275 00000 n +0000204588 00000 n +0000203968 00000 n +0000200484 00000 n +0000204266 00000 n +0000204395 00000 n +0000204115 00000 n +0000208734 00000 n +0000207681 00000 n +0000204700 00000 n +0000208153 00000 n +0000207837 00000 n +0000208282 00000 n +0000208411 00000 n +0000207999 00000 n +0000208669 00000 n +0000211272 00000 n +0000210953 00000 n +0000208846 00000 n +0000211079 00000 n +0000212676 00000 n +0000212485 00000 n +0000211384 00000 n +0000212611 00000 n +0000214630 00000 n +0000214052 00000 n +0000212775 00000 n +0000214178 00000 n +0000214307 00000 n +0000214436 00000 n +0000214501 00000 n +0000214566 00000 n +0000218616 00000 n +0000218425 00000 n +0000214742 00000 n +0000218551 00000 n +0000475400 00000 n +0000223587 00000 n +0000222083 00000 n +0000218728 00000 n +0000223264 00000 n +0000223393 00000 n +0000223522 00000 n +0000222275 00000 n +0000222437 00000 n +0000222599 00000 n +0000222761 00000 n +0000222932 00000 n +0000223103 00000 n +0000228876 00000 n +0000226808 00000 n +0000223699 00000 n +0000228811 00000 n +0000227045 00000 n +0000227208 00000 n +0000227369 00000 n +0000227531 00000 n +0000227692 00000 n +0000227854 00000 n +0000228016 00000 n +0000228170 00000 n +0000228332 00000 n +0000228494 00000 n +0000228653 00000 n +0000233890 00000 n +0000232249 00000 n +0000229001 00000 n +0000233567 00000 n +0000232450 00000 n +0000232612 00000 n +0000232774 00000 n +0000232935 00000 n +0000233089 00000 n +0000233250 00000 n +0000233405 00000 n +0000233760 00000 n +0000233825 00000 n +0000238310 00000 n +0000237113 00000 n +0000234015 00000 n +0000237601 00000 n +0000237730 00000 n +0000237987 00000 n +0000237269 00000 n +0000237439 00000 n +0000238052 00000 n +0000238117 00000 n +0000238181 00000 n +0000238246 00000 n +0000241771 00000 n +0000241516 00000 n +0000238448 00000 n +0000241642 00000 n +0000241707 00000 n +0000245736 00000 n +0000245221 00000 n +0000241870 00000 n +0000245347 00000 n +0000245412 00000 n +0000245541 00000 n +0000245606 00000 n +0000245671 00000 n +0000475525 00000 n +0000249753 00000 n +0000248917 00000 n +0000245848 00000 n +0000249043 00000 n +0000249108 00000 n +0000249173 00000 n +0000249302 00000 n +0000249367 00000 n +0000249431 00000 n +0000249559 00000 n +0000249624 00000 n +0000249688 00000 n +0000253388 00000 n +0000252552 00000 n +0000249878 00000 n +0000252678 00000 n +0000252807 00000 n +0000252872 00000 n +0000252937 00000 n +0000253066 00000 n +0000253195 00000 n +0000305774 00000 n +0000303777 00000 n +0000305609 00000 n +0000253323 00000 n +0000257301 00000 n +0000256722 00000 n +0000253594 00000 n +0000256848 00000 n +0000256977 00000 n +0000257106 00000 n +0000257171 00000 n +0000257236 00000 n +0000258796 00000 n +0000258605 00000 n +0000257493 00000 n +0000258731 00000 n +0000259236 00000 n +0000259045 00000 n +0000258895 00000 n +0000259171 00000 n +0000261817 00000 n +0000260909 00000 n +0000259278 00000 n +0000261495 00000 n +0000261624 00000 n +0000261753 00000 n +0000261065 00000 n +0000261280 00000 n +0000475650 00000 n +0000265933 00000 n +0000265228 00000 n +0000261943 00000 n +0000265354 00000 n +0000303456 00000 n +0000294243 00000 n +0000303270 00000 n +0000265483 00000 n +0000265612 00000 n +0000265741 00000 n +0000269380 00000 n +0000268154 00000 n +0000266098 00000 n +0000268671 00000 n +0000268800 00000 n +0000268929 00000 n +0000269058 00000 n +0000269187 00000 n +0000269316 00000 n +0000268310 00000 n +0000268482 00000 n +0000269834 00000 n +0000269643 00000 n +0000269493 00000 n +0000269769 00000 n +0000273118 00000 n +0000272540 00000 n +0000269876 00000 n +0000272666 00000 n +0000272795 00000 n +0000272924 00000 n +0000273053 00000 n +0000277770 00000 n +0000276420 00000 n +0000273204 00000 n +0000276931 00000 n +0000277060 00000 n +0000277253 00000 n +0000277318 00000 n +0000277383 00000 n +0000277448 00000 n +0000277577 00000 n +0000276576 00000 n +0000276754 00000 n +0000284654 00000 n +0000280594 00000 n +0000277922 00000 n +0000280768 00000 n +0000281476 00000 n +0000280946 00000 n +0000281124 00000 n +0000281300 00000 n +0000281541 00000 n +0000281606 00000 n +0000281671 00000 n +0000281736 00000 n +0000281801 00000 n +0000281866 00000 n +0000281931 00000 n +0000281996 00000 n +0000282061 00000 n +0000282126 00000 n +0000282191 00000 n +0000282320 00000 n +0000282385 00000 n +0000282450 00000 n +0000282515 00000 n +0000282580 00000 n +0000282644 00000 n +0000282709 00000 n +0000282773 00000 n +0000282838 00000 n +0000282903 00000 n +0000282968 00000 n +0000283033 00000 n +0000283097 00000 n +0000283162 00000 n +0000283227 00000 n +0000283292 00000 n +0000283357 00000 n +0000283422 00000 n +0000283487 00000 n +0000283551 00000 n +0000283616 00000 n +0000283681 00000 n +0000283746 00000 n +0000283811 00000 n +0000283876 00000 n +0000283941 00000 n +0000284006 00000 n +0000284071 00000 n +0000284136 00000 n +0000284201 00000 n +0000284266 00000 n +0000284331 00000 n +0000284396 00000 n +0000284461 00000 n +0000284526 00000 n +0000284590 00000 n +0000475775 00000 n +0000290874 00000 n +0000287567 00000 n +0000284806 00000 n +0000287693 00000 n +0000287758 00000 n +0000287823 00000 n +0000287888 00000 n +0000287953 00000 n +0000288018 00000 n +0000288082 00000 n +0000288147 00000 n +0000288212 00000 n +0000288277 00000 n +0000288342 00000 n +0000288407 00000 n +0000288472 00000 n +0000288537 00000 n +0000288602 00000 n +0000288667 00000 n +0000288732 00000 n +0000288797 00000 n +0000288862 00000 n +0000288927 00000 n +0000288992 00000 n +0000289057 00000 n +0000289122 00000 n +0000289187 00000 n +0000289251 00000 n +0000289316 00000 n +0000289381 00000 n +0000289446 00000 n +0000289511 00000 n +0000289576 00000 n +0000289641 00000 n +0000289706 00000 n +0000289771 00000 n +0000289836 00000 n +0000289901 00000 n +0000289966 00000 n +0000290031 00000 n +0000290096 00000 n +0000290161 00000 n +0000290226 00000 n +0000290291 00000 n +0000290356 00000 n +0000290421 00000 n +0000290486 00000 n +0000290551 00000 n +0000290616 00000 n +0000290681 00000 n +0000290810 00000 n +0000292197 00000 n +0000291617 00000 n +0000290986 00000 n +0000291743 00000 n +0000291872 00000 n +0000291937 00000 n +0000292002 00000 n +0000292067 00000 n +0000292132 00000 n +0000292354 00000 n +0000303698 00000 n +0000306021 00000 n +0000305990 00000 n +0000314294 00000 n +0000323752 00000 n +0000331214 00000 n +0000341010 00000 n +0000358508 00000 n +0000375495 00000 n +0000396134 00000 n +0000417277 00000 n +0000420359 00000 n +0000420129 00000 n +0000447046 00000 n +0000473724 00000 n +0000475873 00000 n +0000475993 00000 n +0000476116 00000 n +0000476205 00000 n +0000476287 00000 n +0000490158 00000 n +0000502158 00000 n +0000502199 00000 n +0000502239 00000 n +0000502373 00000 n trailer << -/Size 1362 -/Root 1360 0 R -/Info 1361 0 R -/ID [<398C74303A70323E9600C964366A931D> <398C74303A70323E9600C964366A931D>] +/Size 1370 +/Root 1368 0 R +/Info 1369 0 R +/ID [<52936C5C32902731CDA6B6FA6B2205C2> <52936C5C32902731CDA6B6FA6B2205C2>] >> startxref -496080 +502637 %%EOF diff --git a/contrib/bind9/lib/bind/Makefile.in b/contrib/bind9/lib/bind/Makefile.in index 5c34c1a1842..61424e7df40 100644 --- a/contrib/bind9/lib/bind/Makefile.in +++ b/contrib/bind9/lib/bind/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2001-2003 Internet Software Consortium. # # Permission to use, copy, modify, and distribute this software for any @@ -13,15 +13,12 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.12.2.5.2.9 2005/07/29 00:13:08 marka Exp $ +# $Id: Makefile.in,v 1.12.2.5.2.11 2006/06/24 00:25:38 marka Exp $ srcdir = @srcdir@ VPATH = @srcdir@ top_srcdir = @top_srcdir@ -# Attempt to disable parallel processing. -.NOTPARALLEL: -.NO_PARALLEL: @LIBBIND_API@ @@ -99,6 +96,10 @@ OBJS= ${BSDOBJS} ${DSTOBJS} ${INETOBJS} ${IRSOBJS} ${ISCOBJS} \ @BIND9_MAKE_RULES@ +# Attempt to disable parallel processing. +.NOTPARALLEL: +.NO_PARALLEL: + libbind.@SA@: ${OBJS} ${AR} ${ARFLAGS} $@ ${OBJS} ${RANLIB} $@ diff --git a/contrib/bind9/lib/bind/api b/contrib/bind9/lib/bind/api index dcc846ea527..8632b1256a7 100644 --- a/contrib/bind9/lib/bind/api +++ b/contrib/bind9/lib/bind/api @@ -1,3 +1,3 @@ LIBINTERFACE = 4 -LIBREVISION = 2 +LIBREVISION = 7 LIBAGE = 0 diff --git a/contrib/bind9/lib/bind/config.h.in b/contrib/bind9/lib/bind/config.h.in index 82a1560d1fd..c4d88d347ee 100644 --- a/contrib/bind9/lib/bind/config.h.in +++ b/contrib/bind9/lib/bind/config.h.in @@ -4,6 +4,7 @@ #undef HAVE_INTTYPES_H #undef HAVE_STROPTS_H #undef HAVE_SYS_TIMERS_H +#undef HAVE_SYS_SELECT_H #undef SYS_CDEFS_H #undef _POSIX_PTHREAD_SEMANTICS #undef POSIX_GETPWUID_R diff --git a/contrib/bind9/lib/bind/configure b/contrib/bind9/lib/bind/configure index 8f12621650b..1fba6166748 100755 --- a/contrib/bind9/lib/bind/configure +++ b/contrib/bind9/lib/bind/configure @@ -1,5 +1,5 @@ #! /bin/sh -# From configure.in Revision: 1.83.2.5.2.22 . +# From configure.in Revision: 1.83.2.5.2.31 . # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.59. # @@ -464,7 +464,7 @@ ac_includes_default="\ # include #endif" -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os SET_MAKE RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA STD_CINCLUDES STD_CDEFINES STD_CWARNINGS CCOPT AR ARFLAGS LN ETAGS PERL CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP EGREP ISC_PLATFORM_NEEDSYSSELECTH WANT_IRS_GR WANT_IRS_GR_OBJS WANT_IRS_PW WANT_IRS_PW_OBJS WANT_IRS_NIS WANT_IRS_NIS_OBJS WANT_IRS_NISGR_OBJS WANT_IRS_NISPW_OBJS WANT_IRS_DBPW_OBJS ALWAYS_DEFINES DO_PTHREADS WANT_IRS_THREADSGR_OBJS WANT_IRS_THREADSPW_OBJS WANT_IRS_THREADS_OBJS WANT_THREADS_OBJS USE_IFNAMELINKID ISC_THREAD_DIR DAEMON_OBJS NEED_DAEMON STRSEP_OBJS NEED_STRSEP NEED_STRERROR MKDEPCC MKDEPCFLAGS MKDEPPROG IRIX_DNSSEC_WARNINGS_HACK purify_path PURIFY LN_S ECHO ac_ct_AR STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL O A SA LIBTOOL_MKDEP_SED LIBTOOL_MODE_COMPILE LIBTOOL_MODE_INSTALL LIBTOOL_MODE_LINK HAS_INET6_STRUCTS ISC_PLATFORM_NEEDNETINETIN6H ISC_PLATFORM_NEEDNETINET6IN6H HAS_IN_ADDR6 NEED_IN6ADDR_ANY ISC_PLATFORM_HAVEIN6PKTINFO ISC_PLATFORM_FIXIN6ISADDR ISC_IPV6_H ISC_IPV6_O ISC_ISCIPV6_O ISC_IPV6_C HAVE_SIN6_SCOPE_ID HAVE_SOCKADDR_STORAGE ISC_PLATFORM_NEEDNTOP ISC_PLATFORM_NEEDPTON ISC_PLATFORM_NEEDATON HAVE_SA_LEN HAVE_MINIMUM_IFREQ BSD_COMP SOLARIS_BITTYPES USE_FIONBIO_IOCTL PORT_NONBLOCK PORT_DIR USE_POLL HAVE_MD5 SOLARIS2 PORT_INCLUDE ISC_PLATFORM_MSGHDRFLAVOR ISC_PLATFORM_NEEDPORTT ISC_LWRES_ENDHOSTENTINT ISC_LWRES_SETNETENTINT ISC_LWRES_ENDNETENTINT ISC_LWRES_GETHOSTBYADDRVOID ISC_LWRES_NEEDHERRNO ISC_LWRES_GETIPNODEPROTO ISC_LWRES_GETADDRINFOPROTO ISC_LWRES_GETNAMEINFOPROTO NEED_PSELECT NEED_GETTIMEOFDAY HAVE_STRNDUP ISC_PLATFORM_NEEDSTRSEP ISC_PLATFORM_NEEDVSNPRINTF ISC_EXTRA_OBJS ISC_EXTRA_SRCS USE_SYSERROR_LIST ISC_PLATFORM_QUADFORMAT ISC_SOCKLEN_T GETGROUPLIST_ARGS NET_R_ARGS NET_R_BAD NET_R_COPY NET_R_COPY_ARGS NET_R_OK NET_R_SETANSWER NET_R_RETURN GETNETBYADDR_ADDR_T NETENT_DATA NET_R_ENT_ARGS NET_R_SET_RESULT NET_R_SET_RETURN NET_R_END_RESULT NET_R_END_RETURN GROUP_R_ARGS GROUP_R_BAD GROUP_R_OK GROUP_R_RETURN GROUP_R_END_RESULT GROUP_R_END_RETURN GROUP_R_ENT_ARGS GROUP_R_SET_RESULT GROUP_R_SET_RETURN HOST_R_ARGS HOST_R_BAD HOST_R_COPY HOST_R_COPY_ARGS HOST_R_ERRNO HOST_R_OK HOST_R_RETURN HOST_R_SETANSWER HOSTENT_DATA HOST_R_END_RESULT HOST_R_END_RETURN HOST_R_ENT_ARGS HOST_R_SET_RESULT HOST_R_SET_RETURN SETPWENT_VOID SETGRENT_VOID NGR_R_ARGS NGR_R_BAD NGR_R_COPY NGR_R_COPY_ARGS NGR_R_OK NGR_R_RETURN NGR_R_PRIVATE NGR_R_END_RESULT NGR_R_END_RETURN NGR_R_ENT_ARGS NGR_R_SET_RESULT NGR_R_SET_RETURN PROTO_R_ARGS PROTO_R_BAD PROTO_R_COPY PROTO_R_COPY_ARGS PROTO_R_OK PROTO_R_SETANSWER PROTO_R_RETURN PROTO_R_END_RESULT PROTO_R_END_RETURN PROTO_R_ENT_ARGS PROTO_R_SET_RESULT PROTO_R_SET_RETURN PASS_R_ARGS PASS_R_BAD PASS_R_COPY PASS_R_COPY_ARGS PASS_R_OK PASS_R_RETURN PASS_R_END_RESULT PASS_R_END_RETURN PASS_R_ENT_ARGS PASS_R_SET_RESULT PASS_R_SET_RETURN SERV_R_ARGS SERV_R_BAD SERV_R_COPY SERV_R_COPY_ARGS SERV_R_OK SERV_R_SETANSWER SERV_R_RETURN SERV_R_END_RESULT SERV_R_END_RETURN SERV_R_ENT_ARGS SERV_R_SET_RESULT SERV_R_SET_RETURN SETNETGRENT_ARGS INNETGR_ARGS BIND9_TOP_BUILDDIR BIND9_VERSION LIBOBJS LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os SET_MAKE RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA STD_CINCLUDES STD_CDEFINES STD_CWARNINGS CCOPT AR ARFLAGS LN ETAGS PERL CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP EGREP ISC_PLATFORM_NEEDSYSSELECTH WANT_IRS_GR WANT_IRS_GR_OBJS WANT_IRS_PW WANT_IRS_PW_OBJS WANT_IRS_NIS WANT_IRS_NIS_OBJS WANT_IRS_NISGR_OBJS WANT_IRS_NISPW_OBJS WANT_IRS_DBPW_OBJS ALWAYS_DEFINES DO_PTHREADS WANT_IRS_THREADSGR_OBJS WANT_IRS_THREADSPW_OBJS WANT_IRS_THREADS_OBJS WANT_THREADS_OBJS USE_IFNAMELINKID ISC_THREAD_DIR DAEMON_OBJS NEED_DAEMON STRSEP_OBJS NEED_STRSEP NEED_STRERROR MKDEPCC MKDEPCFLAGS MKDEPPROG IRIX_DNSSEC_WARNINGS_HACK purify_path PURIFY LN_S ECHO ac_ct_AR STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL O A SA LIBTOOL_MKDEP_SED LIBTOOL_MODE_COMPILE LIBTOOL_MODE_INSTALL LIBTOOL_MODE_LINK HAS_INET6_STRUCTS ISC_PLATFORM_NEEDNETINETIN6H ISC_PLATFORM_NEEDNETINET6IN6H HAS_IN_ADDR6 NEED_IN6ADDR_ANY ISC_PLATFORM_HAVEIN6PKTINFO ISC_PLATFORM_FIXIN6ISADDR ISC_IPV6_H ISC_IPV6_O ISC_ISCIPV6_O ISC_IPV6_C HAVE_SIN6_SCOPE_ID HAVE_SOCKADDR_STORAGE ISC_PLATFORM_NEEDNTOP ISC_PLATFORM_NEEDPTON ISC_PLATFORM_NEEDATON HAVE_SA_LEN HAVE_MINIMUM_IFREQ BSD_COMP SOLARIS_BITTYPES USE_FIONBIO_IOCTL PORT_NONBLOCK PORT_DIR USE_POLL HAVE_MD5 SOLARIS2 PORT_INCLUDE ISC_PLATFORM_MSGHDRFLAVOR ISC_PLATFORM_NEEDPORTT ISC_LWRES_ENDHOSTENTINT ISC_LWRES_SETNETENTINT ISC_LWRES_ENDNETENTINT ISC_LWRES_GETHOSTBYADDRVOID ISC_LWRES_NEEDHERRNO ISC_LWRES_GETIPNODEPROTO ISC_LWRES_GETADDRINFOPROTO ISC_LWRES_GETNAMEINFOPROTO NEED_PSELECT NEED_GETTIMEOFDAY HAVE_STRNDUP ISC_PLATFORM_NEEDSTRSEP ISC_PLATFORM_NEEDVSNPRINTF ISC_EXTRA_OBJS ISC_EXTRA_SRCS USE_SYSERROR_LIST ISC_PLATFORM_QUADFORMAT ISC_SOCKLEN_T GETGROUPLIST_ARGS NET_R_ARGS NET_R_BAD NET_R_COPY NET_R_COPY_ARGS NET_R_OK NET_R_SETANSWER NET_R_RETURN GETNETBYADDR_ADDR_T NETENT_DATA NET_R_ENT_ARGS NET_R_SET_RESULT NET_R_SET_RETURN NET_R_END_RESULT NET_R_END_RETURN GROUP_R_ARGS GROUP_R_BAD GROUP_R_OK GROUP_R_RETURN GROUP_R_END_RESULT GROUP_R_END_RETURN GROUP_R_ENT_ARGS GROUP_R_SET_RESULT GROUP_R_SET_RETURN HOST_R_ARGS HOST_R_BAD HOST_R_COPY HOST_R_COPY_ARGS HOST_R_ERRNO HOST_R_OK HOST_R_RETURN HOST_R_SETANSWER HOSTENT_DATA HOST_R_END_RESULT HOST_R_END_RETURN HOST_R_ENT_ARGS HOST_R_SET_RESULT HOST_R_SET_RETURN SETPWENT_VOID SETGRENT_VOID NGR_R_ARGS NGR_R_BAD NGR_R_COPY NGR_R_COPY_ARGS NGR_R_OK NGR_R_RETURN NGR_R_PRIVATE NGR_R_END_RESULT NGR_R_END_RETURN NGR_R_ENT_ARGS NGR_R_SET_RESULT NGR_R_SET_RETURN PROTO_R_ARGS PROTO_R_BAD PROTO_R_COPY PROTO_R_COPY_ARGS PROTO_R_OK PROTO_R_SETANSWER PROTO_R_RETURN PROTOENT_DATA PROTO_R_END_RESULT PROTO_R_END_RETURN PROTO_R_ENT_ARGS PROTO_R_ENT_UNUSED PROTO_R_SET_RESULT PROTO_R_SET_RETURN PASS_R_ARGS PASS_R_BAD PASS_R_COPY PASS_R_COPY_ARGS PASS_R_OK PASS_R_RETURN PASS_R_END_RESULT PASS_R_END_RETURN PASS_R_ENT_ARGS PASS_R_SET_RESULT PASS_R_SET_RETURN SERV_R_ARGS SERV_R_BAD SERV_R_COPY SERV_R_COPY_ARGS SERV_R_OK SERV_R_SETANSWER SERV_R_RETURN SERVENT_DATA SERV_R_END_RESULT SERV_R_END_RETURN SERV_R_ENT_ARGS SERV_R_ENT_UNUSED SERV_R_SET_RESULT SERV_R_SET_RETURN SETNETGRENT_ARGS INNETGR_ARGS BIND9_TOP_BUILDDIR BIND9_VERSION LIBOBJS LTLIBOBJS' ac_subst_files='BIND9_INCLUDES BIND9_MAKE_RULES LIBBIND_API' # Initialize some variables set by options. @@ -4658,6 +4658,374 @@ echo "${ECHO_T}mit-pthreads/unproven-pthreads" >&6 fi fi ;; + *-freebsd*) + # We don't want to set -lpthread as that break + # the ability to choose threads library at final + # link time and is not valid for all architectures. + + PTHREAD= + if test "X$GCC" = "Xyes"; then + saved_cc="$CC" + CC="$CC -pthread" + echo "$as_me:$LINENO: checking for gcc -pthread support" >&5 +echo $ECHO_N "checking for gcc -pthread support... $ECHO_C" >&6; + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +int +main () +{ +printf("%x\n", pthread_create); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + PTHREAD="yes" + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CC="$saved_cc" + fi + if test "X$PTHREAD" != "Xyes"; then + +echo "$as_me:$LINENO: checking for pthread_create in -lpthread" >&5 +echo $ECHO_N "checking for pthread_create in -lpthread... $ECHO_C" >&6 +if test "${ac_cv_lib_pthread_pthread_create+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lpthread $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char pthread_create (); +int +main () +{ +pthread_create (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_pthread_pthread_create=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_pthread_pthread_create=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_pthread_pthread_create" >&5 +echo "${ECHO_T}$ac_cv_lib_pthread_pthread_create" >&6 +if test $ac_cv_lib_pthread_pthread_create = yes; then + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBPTHREAD 1 +_ACEOF + + LIBS="-lpthread $LIBS" + +else + +echo "$as_me:$LINENO: checking for thread_create in -lthr" >&5 +echo $ECHO_N "checking for thread_create in -lthr... $ECHO_C" >&6 +if test "${ac_cv_lib_thr_thread_create+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lthr $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char thread_create (); +int +main () +{ +thread_create (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_thr_thread_create=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_thr_thread_create=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_thr_thread_create" >&5 +echo "${ECHO_T}$ac_cv_lib_thr_thread_create" >&6 +if test $ac_cv_lib_thr_thread_create = yes; then + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBTHR 1 +_ACEOF + + LIBS="-lthr $LIBS" + +else + +echo "$as_me:$LINENO: checking for pthread_create in -lc_r" >&5 +echo $ECHO_N "checking for pthread_create in -lc_r... $ECHO_C" >&6 +if test "${ac_cv_lib_c_r_pthread_create+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lc_r $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char pthread_create (); +int +main () +{ +pthread_create (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_c_r_pthread_create=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_c_r_pthread_create=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_c_r_pthread_create" >&5 +echo "${ECHO_T}$ac_cv_lib_c_r_pthread_create" >&6 +if test $ac_cv_lib_c_r_pthread_create = yes; then + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBC_R 1 +_ACEOF + + LIBS="-lc_r $LIBS" + +else + +echo "$as_me:$LINENO: checking for pthread_create in -lc" >&5 +echo $ECHO_N "checking for pthread_create in -lc... $ECHO_C" >&6 +if test "${ac_cv_lib_c_pthread_create+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lc $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char pthread_create (); +int +main () +{ +pthread_create (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_c_pthread_create=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_c_pthread_create=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_c_pthread_create" >&5 +echo "${ECHO_T}$ac_cv_lib_c_pthread_create" >&6 +if test $ac_cv_lib_c_pthread_create = yes; then + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBC 1 +_ACEOF + + LIBS="-lc $LIBS" + +else + { { echo "$as_me:$LINENO: error: \"could not find thread libraries\"" >&5 +echo "$as_me: error: \"could not find thread libraries\"" >&2;} + { (exit 1); exit 1; }; } +fi + +fi + +fi + +fi + + fi + ;; *) echo "$as_me:$LINENO: checking for pthread_create in -lpthread" >&5 @@ -5043,10 +5411,160 @@ fi if $use_threads then + if test "X$GCC" = "Xyes"; then + case "$host" in + *-freebsd*) + CC="$CC -pthread" + CCOPT="$CCOPT -pthread" + STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" + ;; + *-openbsd*) + CC="$CC -pthread" + CCOPT="$CCOPT -pthread" + ;; + *-solaris*) + LIBS="$LIBS -lthread" + ;; + *-ibm-aix*) + STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" + ;; + esac + else + case $host in + *-dec-osf*) + CC="$CC -pthread" + CCOPT="$CCOPT -pthread" + ;; + *-solaris*) + CC="$CC -mt" + CCOPT="$CCOPT -mt" + ;; + *-ibm-aix*) + STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" + ;; + *-UnixWare*) + CC="$CC -Kthread" + CCOPT="$CCOPT -Kthread" + ;; + esac + fi + cat >>confdefs.h <<\_ACEOF +#define _REENTRANT 1 +_ACEOF + + ALWAYS_DEFINES="-D_REENTRANT" + DO_PTHREADS="#define DO_PTHREADS 1" + WANT_IRS_THREADSGR_OBJS="\${WANT_IRS_THREADSGR_OBJS}" + WANT_IRS_THREADSPW_OBJS="\${WANT_IRS_THREADSPW_OBJS}" + case $host in + ia64-hp-hpux11.*) + WANT_IRS_THREADS_OBJS="";; + *) + WANT_IRS_THREADS_OBJS="\${WANT_IRS_THREADS_OBJS}";; + esac + WANT_THREADS_OBJS="\${WANT_THREADS_OBJS}" + thread_dir=pthreads + # # We'd like to use sigwait() too # - echo "$as_me:$LINENO: checking for sigwait in -lc" >&5 + echo "$as_me:$LINENO: checking for sigwait" >&5 +echo $ECHO_N "checking for sigwait... $ECHO_C" >&6 +if test "${ac_cv_func_sigwait+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define sigwait to an innocuous variant, in case declares sigwait. + For example, HP-UX 11i declares gettimeofday. */ +#define sigwait innocuous_sigwait + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char sigwait (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef sigwait + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char sigwait (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_sigwait) || defined (__stub___sigwait) +choke me +#else +char (*f) () = sigwait; +#endif +#ifdef __cplusplus +} +#endif + +int +main () +{ +return f != sigwait; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_sigwait=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_func_sigwait=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_func_sigwait" >&5 +echo "${ECHO_T}$ac_cv_func_sigwait" >&6 +if test $ac_cv_func_sigwait = yes; then + cat >>confdefs.h <<\_ACEOF +#define HAVE_SIGWAIT 1 +_ACEOF + +else + echo "$as_me:$LINENO: checking for sigwait in -lc" >&5 echo $ECHO_N "checking for sigwait in -lc... $ECHO_C" >&6 if test "${ac_cv_lib_c_sigwait+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -5259,6 +5777,7 @@ fi fi +fi fi @@ -5707,59 +6226,6 @@ _ACEOF fi - if test "X$GCC" = "Xyes"; then - case "$host" in - *-freebsd*) - CC="$CC -pthread" - CCOPT="$CCOPT -pthread" - STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" - ;; - *-openbsd*) - CC="$CC -pthread" - CCOPT="$CCOPT -pthread" - ;; - *-solaris*) - LIBS="$LIBS -lthread" - ;; - *-ibm-aix*) - STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" - ;; - esac - else - case $host in - *-dec-osf*) - CC="$CC -pthread" - CCOPT="$CCOPT -pthread" - ;; - *-solaris*) - CC="$CC -mt" - CCOPT="$CCOPT -mt" - ;; - *-ibm-aix*) - STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" - ;; - *-UnixWare*) - CC="$CC -Kthread" - CCOPT="$CCOPT -Kthread" - ;; - esac - fi - cat >>confdefs.h <<\_ACEOF -#define _REENTRANT 1 -_ACEOF - - ALWAYS_DEFINES="-D_REENTRANT" - DO_PTHREADS="#define DO_PTHREADS 1" - WANT_IRS_THREADSGR_OBJS="\${WANT_IRS_THREADSGR_OBJS}" - WANT_IRS_THREADSPW_OBJS="\${WANT_IRS_THREADSPW_OBJS}" - case $host in - ia64-hp-hpux11.*) - WANT_IRS_THREADS_OBJS="";; - *) - WANT_IRS_THREADS_OBJS="\${WANT_IRS_THREADS_OBJS}";; - esac - WANT_THREADS_OBJS="\${WANT_THREADS_OBJS}" - thread_dir=pthreads else ALWAYS_DEFINES="" DO_PTHREADS="#undef DO_PTHREADS" @@ -6403,7 +6869,65 @@ MKDEPCFLAGS="-M" IRIX_DNSSEC_WARNINGS_HACK="" if test "X$GCC" = "Xyes"; then - STD_CWARNINGS="$STD_CWARNINGS -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings" + echo "$as_me:$LINENO: checking if \"$CC\" supports -fno-strict-aliasing" >&5 +echo $ECHO_N "checking if \"$CC\" supports -fno-strict-aliasing... $ECHO_C" >&6 + SAVE_CFLAGS=$CFLAGS + CFLAGS=-fno-strict-aliasing + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + FNOSTRICTALIASING=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +FNOSTRICTALIASING=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$SAVE_CFLAGS + if test "$FNOSTRICTALIASING" = "yes"; then + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + STD_CWARNINGS="$STD_CWARNINGS -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith -fno-strict-aliasing" + else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + STD_CWARNINGS="$STD_CWARNINGS -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith" + fi else case $host in *-dec-osf*) @@ -7602,7 +8126,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 7605 "configure"' > conftest.$ac_ext + echo '#line 8129 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -8599,7 +9123,7 @@ fi # Provide some information about the compiler. -echo "$as_me:8602:" \ +echo "$as_me:9126:" \ "checking for Fortran 77 compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5 @@ -9660,11 +10184,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9663: $lt_compile\"" >&5) + (eval echo "\"\$as_me:10187: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:9667: \$? = $ac_status" >&5 + echo "$as_me:10191: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -9903,11 +10427,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9906: $lt_compile\"" >&5) + (eval echo "\"\$as_me:10430: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:9910: \$? = $ac_status" >&5 + echo "$as_me:10434: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -9963,11 +10487,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9966: $lt_compile\"" >&5) + (eval echo "\"\$as_me:10490: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:9970: \$? = $ac_status" >&5 + echo "$as_me:10494: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -12148,7 +12672,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&6 fi -# Report which librarie types wil actually be built +# Report which libraries types will actually be built echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5 echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6 echo "$as_me:$LINENO: result: $can_build_shared" >&5 @@ -14443,11 +14967,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:14446: $lt_compile\"" >&5) + (eval echo "\"\$as_me:14970: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:14450: \$? = $ac_status" >&5 + echo "$as_me:14974: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -14503,11 +15027,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:14506: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15030: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:14510: \$? = $ac_status" >&5 + echo "$as_me:15034: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -15864,7 +16388,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5) + (eval echo "\"\$as_me:17326: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:16806: \$? = $ac_status" >&5 + echo "$as_me:17330: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -16859,11 +17383,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16862: $lt_compile\"" >&5) + (eval echo "\"\$as_me:17386: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:16866: \$? = $ac_status" >&5 + echo "$as_me:17390: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -18898,11 +19422,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:18901: $lt_compile\"" >&5) + (eval echo "\"\$as_me:19425: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:18905: \$? = $ac_status" >&5 + echo "$as_me:19429: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -19141,11 +19665,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:19144: $lt_compile\"" >&5) + (eval echo "\"\$as_me:19668: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:19148: \$? = $ac_status" >&5 + echo "$as_me:19672: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -19201,11 +19725,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:19204: $lt_compile\"" >&5) + (eval echo "\"\$as_me:19728: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:19208: \$? = $ac_status" >&5 + echo "$as_me:19732: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -21386,7 +21910,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5 sed 's/^/| /' conftest.$ac_ext >&5 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#undef __USE_MISC +#define __USE_MISC +#include +int getnetbyaddr_r (in_addr_t, int, struct netent *, struct netent_data *); + +int +main () +{ +return (0) + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + +NET_R_ARGS="#define NET_R_ARGS struct netent_data *ndptr" +NET_R_BAD="#define NET_R_BAD (-1)" +NET_R_COPY="#define NET_R_COPY ndptr" +NET_R_COPY_ARGS="#define NET_R_COPY_ARGS struct netent_data *ndptr" +NET_R_OK="#define NET_R_OK 0" +NET_R_SETANSWER="#undef NET_R_SETANSWER" +NET_R_RETURN="#define NET_R_RETURN int" +GETNETBYADDR_ADDR_T="#define GETNETBYADDR_ADDR_T long" +NETENT_DATA="#define NETENT_DATA 1" + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF @@ -25922,6 +26502,9 @@ rm -f conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + else NET_R_ARGS="#define NET_R_ARGS char *buf, int buflen" NET_R_BAD="#define NET_R_BAD NULL" @@ -28397,10 +28980,69 @@ fi echo "$as_me:$LINENO: result: $ac_cv_func_endnetgrent_r" >&5 echo "${ECHO_T}$ac_cv_func_endnetgrent_r" >&6 if test $ac_cv_func_endnetgrent_r = yes; then - NGR_R_END_RESULT="#define NGR_R_END_RESULT(x) return (x)" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +#undef __USE_MISC +#define __USE_MISC +#include +void endnetgrent_r(void **ptr); + + +int +main () +{ +return (0); + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + +NGR_R_END_RESULT="#define NGR_R_END_RESULT(x) /* empty */" +NGR_R_END_RETURN="#define NGR_R_END_RETURN void" +NGR_R_ENT_ARGS="#define NGR_R_ENT_ARGS NGR_R_ARGS" + + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +NGR_R_END_RESULT="#define NGR_R_END_RESULT(x) return (x)" NGR_R_END_RETURN="#define NGR_R_END_RETURN int" NGR_R_ENT_ARGS="#define NGR_R_ENT_ARGS NGR_R_ARGS" + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + else NGR_R_END_RESULT="#define NGR_R_END_RESULT(x) /*empty*/" NGR_R_END_RETURN="#define NGR_R_END_RETURN void" @@ -28777,6 +29419,7 @@ PROTO_R_COPY_ARGS="#define PROTO_R_COPY_ARGS PROTO_R_ARGS" PROTO_R_OK="#define PROTO_R_OK pptr" PROTO_R_SETANSWER="#undef PROTO_R_SETANSWER" PROTO_R_RETURN="#define PROTO_R_RETURN struct protoent *" +PROTOENT_DATA="#undef PROTOENT_DATA" else @@ -28836,12 +29479,76 @@ PROTO_R_COPY_ARGS="#define PROTO_R_COPY_ARGS char *buf, size_t buflen" PROTO_R_OK="#define PROTO_R_OK 0" PROTO_R_SETANSWER="#define PROTO_R_SETANSWER 1" PROTO_R_RETURN="#define PROTO_R_RETURN int" +PROTOENT_DATA="#undef PROTOENT_DATA" else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +#undef __USE_MISC +#define __USE_MISC +#include +int getprotoent_r (struct protoent *, struct protoent_data *prot_data); + + + +int +main () +{ +return (0); + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + +PROTO_R_ARGS="#define PROTO_R_ARGS struct protoent_data *prot_data" +PROTO_R_BAD="#define PROTO_R_BAD (-1)" +PROTO_R_COPY="#define PROTO_R_COPY prot_data" +PROTO_R_COPY_ARGS="#define PROTO_R_COPY_ARGS struct protoent_data *pdptr" +PROTO_R_OK="#define PROTO_R_OK 0" +PROTO_R_SETANSWER="#undef PROTO_R_SETANSWER" +PROTO_R_RETURN="#define PROTO_R_RETURN int" +PROTOENT_DATA="#define PROTOENT_DATA 1" + + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext @@ -28856,9 +29563,11 @@ PROTO_R_COPY_ARGS="#define PROTO_R_COPY_ARGS PROTO_R_ARGS" PROTO_R_OK="#define PROTO_R_OK pptr" PROTO_R_SETANSWER="#undef PROTO_R_SETANSWER" PROTO_R_RETURN="#define PROTO_R_RETURN struct protoent *" +PROTOENT_DATA="#undef PROTOENT_DATA" fi +;; esac @@ -28868,6 +29577,7 @@ esac + case $host in ia64-hp-hpux11.*) ;; @@ -29012,6 +29722,119 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 PROTO_R_END_RESULT="#define PROTO_R_END_RESULT(x) /*empty*/" PROTO_R_END_RETURN="#define PROTO_R_END_RETURN void" PROTO_R_ENT_ARGS="#undef PROTO_R_ENT_ARGS" +PROTO_R_ENT_UNUSED="#undef PROTO_R_ENT_UNUSED" + + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +#undef _REENTRANT +#define _REENTRANT +#undef __USE_MISC +#define __USE_MISC +#include +void endprotoent_r(struct protoent_data *); + + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + +PROTO_R_END_RESULT="#define PROTO_R_END_RESULT(x) /*empty*/" +PROTO_R_END_RETURN="#define PROTO_R_END_RETURN void" +PROTO_R_ENT_ARGS="#define PROTO_R_ENT_ARGS struct protoent_data *proto_data" +PROTO_R_ENT_UNUSED="#define PROTO_R_ENT_UNUSED UNUSED(proto_data)" + + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +#undef _REENTRANT +#define _REENTRANT +#undef __USE_MISC +#define __USE_MISC +#include +int endprotoent_r(struct protoent_data *); + + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + +PROTO_R_END_RESULT="#define PROTO_R_END_RESULT(x) return(0)" +PROTO_R_END_RETURN="#define PROTO_R_END_RETURN int" +PROTO_R_ENT_ARGS="#define PROTO_R_ENT_ARGS struct protoent_data *proto_data" +PROTO_R_ENT_UNUSED="#define PROTO_R_ENT_UNUSED UNUSED(proto_data)" else @@ -29021,10 +29844,17 @@ sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + else PROTO_R_END_RESULT="#define PROTO_R_END_RESULT(x) /*empty*/" PROTO_R_END_RETURN="#define PROTO_R_END_RETURN void" PROTO_R_ENT_ARGS="#undef PROTO_R_ENT_ARGS /*empty*/" +PROTO_R_ENT_UNUSED="#undef PROTO_R_ENT_UNUSED" fi @@ -29033,6 +29863,7 @@ esac + case $host in ia64-hp-hpux11.*) ;; @@ -29179,6 +30010,60 @@ else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +#undef _REENTRANT +#define _REENTRANT +#undef __USE_MISC +#define __USE_MISC +#include +int setprotoent_r (int, struct protoent_data *); + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + PROTO_R_SET_RESULT="#define PROTO_R_SET_RESULT (0)" +PROTO_R_SET_RETURN="#define PROTO_R_SET_RETURN int" + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext @@ -30329,6 +31214,67 @@ else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +#undef __USE_MISC +#define __USE_MISC +#include +int +getservent_r (struct servent *, struct servent_data *serv_data); + +int +main () +{ +return (0); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + +SERV_R_ARGS="#define SERV_R_ARGS struct servent_data *serv_data" +SERV_R_BAD="#define SERV_R_BAD (-1)" +SERV_R_COPY="#define SERV_R_COPY serv_data" +SERV_R_COPY_ARGS="#define SERV_R_COPY_ARGS struct servent_data *sdptr" +SERV_R_OK="#define SERV_R_OK (0)" +SERV_R_SETANSWER="#undef SERV_R_SETANSWER" +SERV_R_RETURN="#define SERV_R_RETURN int" +SERVENT_DATA="#define SERVENT_DATA 1" + + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext @@ -30355,6 +31301,7 @@ esac + case $host in ia64-hp-hpux11.*) ;; @@ -30499,6 +31446,119 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 SERV_R_END_RESULT="#define SERV_R_END_RESULT(x) /*empty*/" SERV_R_END_RETURN="#define SERV_R_END_RETURN void " SERV_R_ENT_ARGS="#undef SERV_R_ENT_ARGS /*empty*/" +SERV_R_ENT_UNUSED="#undef SERV_R_ENT_UNUSED /*empty*/" + + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +#undef _REENTRANT +#define _REENTRANT +#undef __USE_MISC +#define __USE_MISC +#include +void endservent_r(struct servent_data *serv_data); + + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + +SERV_R_END_RESULT="#define SERV_R_END_RESULT(x) /*empty*/" +SERV_R_END_RETURN="#define SERV_R_END_RETURN void " +SERV_R_ENT_ARGS="#define SERV_R_ENT_ARGS struct servent_data *serv_data" +SERV_R_ENT_UNUSED="#define SERV_R_ENT_UNUSED UNUSED(serv_data)" + + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +#undef _REENTRANT +#define _REENTRANT +#undef __USE_MISC +#define __USE_MISC +#include +int endservent_r(struct servent_data *serv_data); + + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + +SERV_R_END_RESULT="#define SERV_R_END_RESULT(x) return(x)" +SERV_R_END_RETURN="#define SERV_R_END_RETURN int " +SERV_R_ENT_ARGS="#define SERV_R_ENT_ARGS struct servent_data *serv_data" +SERV_R_ENT_UNUSED="#define SERV_R_ENT_UNUSED UNUSED(serv_data)" else @@ -30508,10 +31568,17 @@ sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + else SERV_R_END_RESULT="#define SERV_R_END_RESULT(x) /*empty*/" SERV_R_END_RETURN="#define SERV_R_END_RETURN void " SERV_R_ENT_ARGS="#undef SERV_R_ENT_ARGS /*empty*/" +SERV_R_ENT_UNUSED="#undef SERV_R_ENT_UNUSED /*empty*/" fi @@ -30520,6 +31587,7 @@ esac + case $host in ia64-hp-hpux11.*) ;; @@ -30627,7 +31695,7 @@ cat >>conftest.$ac_ext <<_ACEOF #undef __USE_MISC #define __USE_MISC #include -void setservent_r(int); +void setservent_r(int); int @@ -30669,6 +31737,63 @@ else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +#undef _REENTRANT +#define _REENTRANT +#undef __USE_MISC +#define __USE_MISC +#include +int setservent_r(int, struct servent_data *); + + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + +SERV_R_SET_RESULT="#define SERV_R_SET_RESULT (0)" +SERV_R_SET_RETURN="#define SERV_R_SET_RETURN int" + + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext @@ -30921,6 +32046,9 @@ case "$host" in hack_shutup_pthreadmutexinit=yes hack_shutup_in6addr_init_macros=yes ;; + *-aix5.[23].*) + hack_shutup_in6addr_init_macros=yes + ;; *-bsdi3.1*) hack_shutup_sputaux=yes ;; @@ -30944,6 +32072,9 @@ case "$host" in *-solaris2.9) hack_shutup_in6addr_init_macros=yes ;; + *-solaris2.10) + hack_shutup_in6addr_init_macros=yes + ;; esac case "$hack_shutup_pthreadmutexinit" in @@ -30997,7 +32128,8 @@ esac case "$hack_shutup_in6addr_init_macros" in yes) - cat >>confdefs.h <<\_ACEOF + +cat >>confdefs.h <<\_ACEOF #define BROKEN_IN6ADDR_INIT_MACROS 1 _ACEOF @@ -31838,9 +32970,11 @@ s,@PROTO_R_COPY_ARGS@,$PROTO_R_COPY_ARGS,;t t s,@PROTO_R_OK@,$PROTO_R_OK,;t t s,@PROTO_R_SETANSWER@,$PROTO_R_SETANSWER,;t t s,@PROTO_R_RETURN@,$PROTO_R_RETURN,;t t +s,@PROTOENT_DATA@,$PROTOENT_DATA,;t t s,@PROTO_R_END_RESULT@,$PROTO_R_END_RESULT,;t t s,@PROTO_R_END_RETURN@,$PROTO_R_END_RETURN,;t t s,@PROTO_R_ENT_ARGS@,$PROTO_R_ENT_ARGS,;t t +s,@PROTO_R_ENT_UNUSED@,$PROTO_R_ENT_UNUSED,;t t s,@PROTO_R_SET_RESULT@,$PROTO_R_SET_RESULT,;t t s,@PROTO_R_SET_RETURN@,$PROTO_R_SET_RETURN,;t t s,@PASS_R_ARGS@,$PASS_R_ARGS,;t t @@ -31861,9 +32995,11 @@ s,@SERV_R_COPY_ARGS@,$SERV_R_COPY_ARGS,;t t s,@SERV_R_OK@,$SERV_R_OK,;t t s,@SERV_R_SETANSWER@,$SERV_R_SETANSWER,;t t s,@SERV_R_RETURN@,$SERV_R_RETURN,;t t +s,@SERVENT_DATA@,$SERVENT_DATA,;t t s,@SERV_R_END_RESULT@,$SERV_R_END_RESULT,;t t s,@SERV_R_END_RETURN@,$SERV_R_END_RETURN,;t t s,@SERV_R_ENT_ARGS@,$SERV_R_ENT_ARGS,;t t +s,@SERV_R_ENT_UNUSED@,$SERV_R_ENT_UNUSED,;t t s,@SERV_R_SET_RESULT@,$SERV_R_SET_RESULT,;t t s,@SERV_R_SET_RETURN@,$SERV_R_SET_RETURN,;t t s,@SETNETGRENT_ARGS@,$SETNETGRENT_ARGS,;t t diff --git a/contrib/bind9/lib/bind/configure.in b/contrib/bind9/lib/bind/configure.in index 50ffe82ab18..9c2877cdffb 100644 --- a/contrib/bind9/lib/bind/configure.in +++ b/contrib/bind9/lib/bind/configure.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2001 Internet Software Consortium. # # Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -AC_REVISION($Revision: 1.83.2.5.2.22 $) +AC_REVISION($Revision: 1.83.2.5.2.31 $) AC_INIT(resolv/herror.c) AC_PREREQ(2.13) @@ -319,16 +319,68 @@ sinclude(../../config.threads.in)dnl if $use_threads then + if test "X$GCC" = "Xyes"; then + case "$host" in + *-freebsd*) + CC="$CC -pthread" + CCOPT="$CCOPT -pthread" + STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" + ;; + *-openbsd*) + CC="$CC -pthread" + CCOPT="$CCOPT -pthread" + ;; + *-solaris*) + LIBS="$LIBS -lthread" + ;; + *-ibm-aix*) + STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" + ;; + esac + else + case $host in + *-dec-osf*) + CC="$CC -pthread" + CCOPT="$CCOPT -pthread" + ;; + *-solaris*) + CC="$CC -mt" + CCOPT="$CCOPT -mt" + ;; + *-ibm-aix*) + STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" + ;; + *-UnixWare*) + CC="$CC -Kthread" + CCOPT="$CCOPT -Kthread" + ;; + esac + fi + AC_DEFINE(_REENTRANT) + ALWAYS_DEFINES="-D_REENTRANT" + DO_PTHREADS="#define DO_PTHREADS 1" + WANT_IRS_THREADSGR_OBJS="\${WANT_IRS_THREADSGR_OBJS}" + WANT_IRS_THREADSPW_OBJS="\${WANT_IRS_THREADSPW_OBJS}" + case $host in + ia64-hp-hpux11.*) + WANT_IRS_THREADS_OBJS="";; + *) + WANT_IRS_THREADS_OBJS="\${WANT_IRS_THREADS_OBJS}";; + esac + WANT_THREADS_OBJS="\${WANT_THREADS_OBJS}" + thread_dir=pthreads + # # We'd like to use sigwait() too # - AC_CHECK_LIB(c, sigwait, - AC_DEFINE(HAVE_SIGWAIT), - AC_CHECK_LIB(pthread, sigwait, - AC_DEFINE(HAVE_SIGWAIT), - AC_CHECK_LIB(pthread, _Psigwait, - AC_DEFINE(HAVE_SIGWAIT),)) - ) + AC_CHECK_FUNC(sigwait, + AC_DEFINE(HAVE_SIGWAIT), + AC_CHECK_LIB(c, sigwait, + AC_DEFINE(HAVE_SIGWAIT), + AC_CHECK_LIB(pthread, sigwait, + AC_DEFINE(HAVE_SIGWAIT), + AC_CHECK_LIB(pthread, _Psigwait, + AC_DEFINE(HAVE_SIGWAIT),)))) AC_CHECK_FUNC(pthread_attr_getstacksize, AC_DEFINE(HAVE_PTHREAD_ATTR_GETSTACKSIZE),) @@ -388,56 +440,6 @@ then # AC_CHECK_FUNC(sysconf, AC_DEFINE(HAVE_SYSCONF),) - if test "X$GCC" = "Xyes"; then - case "$host" in - *-freebsd*) - CC="$CC -pthread" - CCOPT="$CCOPT -pthread" - STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" - ;; - *-openbsd*) - CC="$CC -pthread" - CCOPT="$CCOPT -pthread" - ;; - *-solaris*) - LIBS="$LIBS -lthread" - ;; - *-ibm-aix*) - STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" - ;; - esac - else - case $host in - *-dec-osf*) - CC="$CC -pthread" - CCOPT="$CCOPT -pthread" - ;; - *-solaris*) - CC="$CC -mt" - CCOPT="$CCOPT -mt" - ;; - *-ibm-aix*) - STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE" - ;; - *-UnixWare*) - CC="$CC -Kthread" - CCOPT="$CCOPT -Kthread" - ;; - esac - fi - AC_DEFINE(_REENTRANT) - ALWAYS_DEFINES="-D_REENTRANT" - DO_PTHREADS="#define DO_PTHREADS 1" - WANT_IRS_THREADSGR_OBJS="\${WANT_IRS_THREADSGR_OBJS}" - WANT_IRS_THREADSPW_OBJS="\${WANT_IRS_THREADSPW_OBJS}" - case $host in - ia64-hp-hpux11.*) - WANT_IRS_THREADS_OBJS="";; - *) - WANT_IRS_THREADS_OBJS="\${WANT_IRS_THREADS_OBJS}";; - esac - WANT_THREADS_OBJS="\${WANT_THREADS_OBJS}" - thread_dir=pthreads else ALWAYS_DEFINES="" DO_PTHREADS="#undef DO_PTHREADS" @@ -513,7 +515,18 @@ MKDEPCFLAGS="-M" IRIX_DNSSEC_WARNINGS_HACK="" if test "X$GCC" = "Xyes"; then - STD_CWARNINGS="$STD_CWARNINGS -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings" + AC_MSG_CHECKING(if "$CC" supports -fno-strict-aliasing) + SAVE_CFLAGS=$CFLAGS + CFLAGS=-fno-strict-aliasing + AC_TRY_COMPILE(,, [FNOSTRICTALIASING=yes],[FNOSTRICTALIASING=no]) + CFLAGS=$SAVE_CFLAGS + if test "$FNOSTRICTALIASING" = "yes"; then + AC_MSG_RESULT(yes) + STD_CWARNINGS="$STD_CWARNINGS -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith -fno-strict-aliasing" + else + AC_MSG_RESULT(no) + STD_CWARNINGS="$STD_CWARNINGS -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith" + fi else case $host in *-dec-osf*) @@ -1397,6 +1410,24 @@ AC_TRY_COMPILE( #undef __USE_MISC #define __USE_MISC [#include +int getnetbyaddr_r (in_addr_t, int, struct netent *, struct netent_data *); +], +[return (0)], +[ +NET_R_ARGS="#define NET_R_ARGS struct netent_data *ndptr" +NET_R_BAD="#define NET_R_BAD (-1)" +NET_R_COPY="#define NET_R_COPY ndptr" +NET_R_COPY_ARGS="#define NET_R_COPY_ARGS struct netent_data *ndptr" +NET_R_OK="#define NET_R_OK 0" +NET_R_SETANSWER="#undef NET_R_SETANSWER" +NET_R_RETURN="#define NET_R_RETURN int" +GETNETBYADDR_ADDR_T="#define GETNETBYADDR_ADDR_T long" +NETENT_DATA="#define NETENT_DATA 1" +], +AC_TRY_COMPILE( +#undef __USE_MISC +#define __USE_MISC +[#include int getnetbyaddr_r (long, int, struct netent *, struct netent_data *); ], [return (0)], @@ -1435,6 +1466,7 @@ NETENT_DATA="#undef NETENT_DATA" ) ) ) +) , NET_R_ARGS="#define NET_R_ARGS char *buf, int buflen" NET_R_BAD="#define NET_R_BAD NULL" @@ -1901,9 +1933,28 @@ AC_SUBST(NGR_R_RETURN) AC_SUBST(NGR_R_PRIVATE) AC_CHECK_FUNC(endnetgrent_r, +AC_TRY_COMPILE( +[ +#undef __USE_MISC +#define __USE_MISC +#include +void endnetgrent_r(void **ptr); +] +, +[return (0);] +, +[ +NGR_R_END_RESULT="#define NGR_R_END_RESULT(x) /* empty */" +NGR_R_END_RETURN="#define NGR_R_END_RETURN void" +NGR_R_ENT_ARGS="#define NGR_R_ENT_ARGS NGR_R_ARGS" +] +, +[ NGR_R_END_RESULT="#define NGR_R_END_RESULT(x) return (x)" NGR_R_END_RETURN="#define NGR_R_END_RETURN int" NGR_R_ENT_ARGS="#define NGR_R_ENT_ARGS NGR_R_ARGS" +] +) , NGR_R_END_RESULT="#define NGR_R_END_RESULT(x) /*empty*/" NGR_R_END_RETURN="#define NGR_R_END_RETURN void" @@ -1960,6 +2011,7 @@ PROTO_R_COPY_ARGS="#define PROTO_R_COPY_ARGS PROTO_R_ARGS" PROTO_R_OK="#define PROTO_R_OK pptr" PROTO_R_SETANSWER="#undef PROTO_R_SETANSWER" PROTO_R_RETURN="#define PROTO_R_RETURN struct protoent *" +PROTOENT_DATA="#undef PROTOENT_DATA" ] , AC_TRY_COMPILE( @@ -1981,8 +2033,32 @@ PROTO_R_COPY_ARGS="#define PROTO_R_COPY_ARGS char *buf, size_t buflen" PROTO_R_OK="#define PROTO_R_OK 0" PROTO_R_SETANSWER="#define PROTO_R_SETANSWER 1" PROTO_R_RETURN="#define PROTO_R_RETURN int" +PROTOENT_DATA="#undef PROTOENT_DATA" ] , +AC_TRY_COMPILE( +[ +#undef __USE_MISC +#define __USE_MISC +#include +int getprotoent_r (struct protoent *, struct protoent_data *prot_data); + +] +, +[return (0);] +, +[ +PROTO_R_ARGS="#define PROTO_R_ARGS struct protoent_data *prot_data" +PROTO_R_BAD="#define PROTO_R_BAD (-1)" +PROTO_R_COPY="#define PROTO_R_COPY prot_data" +PROTO_R_COPY_ARGS="#define PROTO_R_COPY_ARGS struct protoent_data *pdptr" +PROTO_R_OK="#define PROTO_R_OK 0" +PROTO_R_SETANSWER="#undef PROTO_R_SETANSWER" +PROTO_R_RETURN="#define PROTO_R_RETURN int" +PROTOENT_DATA="#define PROTOENT_DATA 1" +] +, +) ) ) , @@ -1993,7 +2069,9 @@ PROTO_R_COPY_ARGS="#define PROTO_R_COPY_ARGS PROTO_R_ARGS" PROTO_R_OK="#define PROTO_R_OK pptr" PROTO_R_SETANSWER="#undef PROTO_R_SETANSWER" PROTO_R_RETURN="#define PROTO_R_RETURN struct protoent *" +PROTOENT_DATA="#undef PROTOENT_DATA" ) +;; esac AC_SUBST(PROTO_R_ARGS) AC_SUBST(PROTO_R_BAD) @@ -2002,6 +2080,7 @@ AC_SUBST(PROTO_R_COPY_ARGS) AC_SUBST(PROTO_R_OK) AC_SUBST(PROTO_R_SETANSWER) AC_SUBST(PROTO_R_RETURN) +AC_SUBST(PROTOENT_DATA) case $host in ia64-hp-hpux11.*) @@ -2022,18 +2101,57 @@ void endprotoent_r(void); PROTO_R_END_RESULT="#define PROTO_R_END_RESULT(x) /*empty*/" PROTO_R_END_RETURN="#define PROTO_R_END_RETURN void" PROTO_R_ENT_ARGS="#undef PROTO_R_ENT_ARGS" +PROTO_R_ENT_UNUSED="#undef PROTO_R_ENT_UNUSED" ] , +AC_TRY_COMPILE( +[ +#undef _REENTRANT +#define _REENTRANT +#undef __USE_MISC +#define __USE_MISC +#include +void endprotoent_r(struct protoent_data *); +] +,, +[ +PROTO_R_END_RESULT="#define PROTO_R_END_RESULT(x) /*empty*/" +PROTO_R_END_RETURN="#define PROTO_R_END_RETURN void" +PROTO_R_ENT_ARGS="#define PROTO_R_ENT_ARGS struct protoent_data *proto_data" +PROTO_R_ENT_UNUSED="#define PROTO_R_ENT_UNUSED UNUSED(proto_data)" +] +, +AC_TRY_COMPILE( +[ +#undef _REENTRANT +#define _REENTRANT +#undef __USE_MISC +#define __USE_MISC +#include +int endprotoent_r(struct protoent_data *); +] +,, +[ +PROTO_R_END_RESULT="#define PROTO_R_END_RESULT(x) return(0)" +PROTO_R_END_RETURN="#define PROTO_R_END_RETURN int" +PROTO_R_ENT_ARGS="#define PROTO_R_ENT_ARGS struct protoent_data *proto_data" +PROTO_R_ENT_UNUSED="#define PROTO_R_ENT_UNUSED UNUSED(proto_data)" +] +, +) +) ) , PROTO_R_END_RESULT="#define PROTO_R_END_RESULT(x) /*empty*/" PROTO_R_END_RETURN="#define PROTO_R_END_RETURN void" PROTO_R_ENT_ARGS="#undef PROTO_R_ENT_ARGS /*empty*/" +PROTO_R_ENT_UNUSED="#undef PROTO_R_ENT_UNUSED" ) esac AC_SUBST(PROTO_R_END_RESULT) AC_SUBST(PROTO_R_END_RETURN) AC_SUBST(PROTO_R_ENT_ARGS) +AC_SUBST(PROTO_R_ENT_UNUSED) case $host in ia64-hp-hpux11.*) @@ -2052,6 +2170,19 @@ void setprotoent_r __P((int)); PROTO_R_SET_RESULT="#undef PROTO_R_SET_RESULT" PROTO_R_SET_RETURN="#define PROTO_R_SET_RETURN void" , +AC_TRY_COMPILE( +[ +#undef _REENTRANT +#define _REENTRANT +#undef __USE_MISC +#define __USE_MISC +#include +int setprotoent_r (int, struct protoent_data *); +],[], +PROTO_R_SET_RESULT="#define PROTO_R_SET_RESULT (0)" +PROTO_R_SET_RETURN="#define PROTO_R_SET_RETURN int" +, +) ) , PROTO_R_SET_RESULT="#undef PROTO_R_SET_RESULT" @@ -2186,6 +2317,25 @@ SERV_R_SETANSWER="#define SERV_R_SETANSWER 1" SERV_R_RETURN="#define SERV_R_RETURN int" ] , +AC_TRY_COMPILE([ +#undef __USE_MISC +#define __USE_MISC +#include +int +getservent_r (struct servent *, struct servent_data *serv_data); +],[return (0);], +[ +SERV_R_ARGS="#define SERV_R_ARGS struct servent_data *serv_data" +SERV_R_BAD="#define SERV_R_BAD (-1)" +SERV_R_COPY="#define SERV_R_COPY serv_data" +SERV_R_COPY_ARGS="#define SERV_R_COPY_ARGS struct servent_data *sdptr" +SERV_R_OK="#define SERV_R_OK (0)" +SERV_R_SETANSWER="#undef SERV_R_SETANSWER" +SERV_R_RETURN="#define SERV_R_RETURN int" +SERVENT_DATA="#define SERVENT_DATA 1" +] +, +) ) ) , @@ -2205,6 +2355,7 @@ AC_SUBST(SERV_R_COPY_ARGS) AC_SUBST(SERV_R_OK) AC_SUBST(SERV_R_SETANSWER) AC_SUBST(SERV_R_RETURN) +AC_SUBST(SERVENT_DATA) case $host in ia64-hp-hpux11.*) @@ -2226,18 +2377,59 @@ void endservent_r(void); SERV_R_END_RESULT="#define SERV_R_END_RESULT(x) /*empty*/" SERV_R_END_RETURN="#define SERV_R_END_RETURN void " SERV_R_ENT_ARGS="#undef SERV_R_ENT_ARGS /*empty*/" +SERV_R_ENT_UNUSED="#undef SERV_R_ENT_UNUSED /*empty*/" ] , +AC_TRY_COMPILE( +[ +#undef _REENTRANT +#define _REENTRANT +#undef __USE_MISC +#define __USE_MISC +#include +void endservent_r(struct servent_data *serv_data); +] +, +, +[ +SERV_R_END_RESULT="#define SERV_R_END_RESULT(x) /*empty*/" +SERV_R_END_RETURN="#define SERV_R_END_RETURN void " +SERV_R_ENT_ARGS="#define SERV_R_ENT_ARGS struct servent_data *serv_data" +SERV_R_ENT_UNUSED="#define SERV_R_ENT_UNUSED UNUSED(serv_data)" +] +, +AC_TRY_COMPILE( +[ +#undef _REENTRANT +#define _REENTRANT +#undef __USE_MISC +#define __USE_MISC +#include +int endservent_r(struct servent_data *serv_data); +] +, +, +[ +SERV_R_END_RESULT="#define SERV_R_END_RESULT(x) return(x)" +SERV_R_END_RETURN="#define SERV_R_END_RETURN int " +SERV_R_ENT_ARGS="#define SERV_R_ENT_ARGS struct servent_data *serv_data" +SERV_R_ENT_UNUSED="#define SERV_R_ENT_UNUSED UNUSED(serv_data)" +] +, +) +) ) , SERV_R_END_RESULT="#define SERV_R_END_RESULT(x) /*empty*/" SERV_R_END_RETURN="#define SERV_R_END_RETURN void " SERV_R_ENT_ARGS="#undef SERV_R_ENT_ARGS /*empty*/" +SERV_R_ENT_UNUSED="#undef SERV_R_ENT_UNUSED /*empty*/" ) esac AC_SUBST(SERV_R_END_RESULT) AC_SUBST(SERV_R_END_RETURN) AC_SUBST(SERV_R_ENT_ARGS) +AC_SUBST(SERV_R_ENT_UNUSED) case $host in ia64-hp-hpux11.*) @@ -2251,7 +2443,7 @@ AC_TRY_COMPILE( #undef __USE_MISC #define __USE_MISC #include -void setservent_r(int); +void setservent_r(int); ] ,, [ @@ -2259,6 +2451,22 @@ SERV_R_SET_RESULT="#undef SERV_R_SET_RESULT" SERV_R_SET_RETURN="#define SERV_R_SET_RETURN void" ] , +AC_TRY_COMPILE( +[ +#undef _REENTRANT +#define _REENTRANT +#undef __USE_MISC +#define __USE_MISC +#include +int setservent_r(int, struct servent_data *); +] +,, +[ +SERV_R_SET_RESULT="#define SERV_R_SET_RESULT (0)" +SERV_R_SET_RETURN="#define SERV_R_SET_RETURN int" +] +, +) ) , SERV_R_SET_RESULT="#undef SERV_R_SET_RESULT" @@ -2345,6 +2553,9 @@ case "$host" in hack_shutup_pthreadmutexinit=yes hack_shutup_in6addr_init_macros=yes ;; + *-aix5.[[23]].*) + hack_shutup_in6addr_init_macros=yes + ;; *-bsdi3.1*) hack_shutup_sputaux=yes ;; @@ -2368,6 +2579,9 @@ case "$host" in *-solaris2.9) hack_shutup_in6addr_init_macros=yes ;; + *-solaris2.10) + hack_shutup_in6addr_init_macros=yes + ;; esac case "$hack_shutup_pthreadmutexinit" in @@ -2409,7 +2623,7 @@ esac case "$hack_shutup_in6addr_init_macros" in yes) - AC_DEFINE(BROKEN_IN6ADDR_INIT_MACROS) + AC_DEFINE(BROKEN_IN6ADDR_INIT_MACROS, 1, [Defined if IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT need to be redefined.] ) ;; esac diff --git a/contrib/bind9/lib/bind/dst/dst_api.c b/contrib/bind9/lib/bind/dst/dst_api.c index 51dfd0b8910..417c31f8cfb 100644 --- a/contrib/bind9/lib/bind/dst/dst_api.c +++ b/contrib/bind9/lib/bind/dst/dst_api.c @@ -1,5 +1,5 @@ #ifndef LINT -static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/dst_api.c,v 1.4.2.6.8.3 2005/10/11 00:48:14 marka Exp $"; +static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/dst_api.c,v 1.4.2.6.8.4 2006/03/10 00:17:21 marka Exp $"; #endif /* @@ -170,6 +170,10 @@ dst_s_get_key_struct(const char *name, const int alg, const int flags, memset(new_key, 0, sizeof(*new_key)); new_key->dk_key_name = strdup(name); + if (new_key->dk_key_name == NULL) { + free(new_key); + return (NULL); + } new_key->dk_alg = alg; new_key->dk_flags = flags; new_key->dk_proto = protocol; @@ -655,11 +659,13 @@ dst_dnskey_to_key(const char *in_name, const u_char *rdata, const int len) alg)); return (NULL); } - if ((key_st = dst_s_get_key_struct(in_name, alg, 0, 0, 0)) == NULL) - return (NULL); if (in_name == NULL) return (NULL); + + if ((key_st = dst_s_get_key_struct(in_name, alg, 0, 0, 0)) == NULL) + return (NULL); + key_st->dk_id = dst_s_dns_key_id(rdata, len); key_st->dk_flags = dst_s_get_int16(rdata); key_st->dk_proto = (u_int16_t) rdata[DST_KEY_PROT]; @@ -772,13 +778,11 @@ dst_buffer_to_key(const char *key_name, /* name of the key */ return (NULL); } - dkey = dst_s_get_key_struct(key_name, alg, flags, - protocol, -1); + dkey = dst_s_get_key_struct(key_name, alg, flags, protocol, -1); - if (dkey == NULL) - return (NULL); - if (dkey->dk_func == NULL || dkey->dk_func->from_dns_key == NULL) - return NULL; + if (dkey == NULL || dkey->dk_func == NULL || + dkey->dk_func->from_dns_key == NULL) + return (dst_free_key(dkey)); if (dkey->dk_func->from_dns_key(dkey, key_buf, key_len) < 0) { EREPORT(("dst_buffer_to_key(): dst_buffer_to_hmac failed\n")); @@ -1013,7 +1017,6 @@ dst_free_key(DST_KEY *f_key) else { EREPORT(("dst_free_key(): Unknown key alg %d\n", f_key->dk_alg)); - free(f_key->dk_KEY_struct); /* SHOULD NOT happen */ } if (f_key->dk_KEY_struct) { free(f_key->dk_KEY_struct); diff --git a/contrib/bind9/lib/bind/dst/hmac_link.c b/contrib/bind9/lib/bind/dst/hmac_link.c index aa66c80ec0d..028f02e96a5 100644 --- a/contrib/bind9/lib/bind/dst/hmac_link.c +++ b/contrib/bind9/lib/bind/dst/hmac_link.c @@ -1,6 +1,6 @@ #ifdef HMAC_MD5 #ifndef LINT -static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/hmac_link.c,v 1.2.2.1.4.1 2005/07/28 07:43:16 marka Exp $"; +static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/hmac_link.c,v 1.2.2.1.4.2 2006/03/10 00:17:21 marka Exp $"; #endif /* * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc. @@ -93,6 +93,9 @@ dst_hmac_md5_sign(const int mode, DST_KEY *d_key, void **context, int sign_len = 0; MD5_CTX *ctx = NULL; + if (d_key == NULL || d_key->dk_KEY_struct == NULL) + return (-1); + if (mode & SIG_MODE_INIT) ctx = (MD5_CTX *) malloc(sizeof(*ctx)); else if (context) @@ -100,8 +103,6 @@ dst_hmac_md5_sign(const int mode, DST_KEY *d_key, void **context, if (ctx == NULL) return (-1); - if (d_key == NULL || d_key->dk_KEY_struct == NULL) - return (-1); key = (HMAC_Key *) d_key->dk_KEY_struct; if (mode & SIG_MODE_INIT) { @@ -160,6 +161,9 @@ dst_hmac_md5_verify(const int mode, DST_KEY *d_key, void **context, HMAC_Key *key; MD5_CTX *ctx = NULL; + if (d_key == NULL || d_key->dk_KEY_struct == NULL) + return (-1); + if (mode & SIG_MODE_INIT) ctx = (MD5_CTX *) malloc(sizeof(*ctx)); else if (context) @@ -167,9 +171,6 @@ dst_hmac_md5_verify(const int mode, DST_KEY *d_key, void **context, if (ctx == NULL) return (-1); - if (d_key == NULL || d_key->dk_KEY_struct == NULL) - return (-1); - key = (HMAC_Key *) d_key->dk_KEY_struct; if (mode & SIG_MODE_INIT) { MD5Init(ctx); @@ -272,7 +273,7 @@ dst_buffer_to_hmac_md5(DST_KEY *dkey, const u_char *key, const int keylen) static int dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff, - const int buff_len) + const int buff_len) { char *bp; int len, b_len, i, key_len; @@ -289,7 +290,7 @@ dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff, /* write file header */ sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_HMAC_MD5, "HMAC"); - bp = (char *) strchr(buff, '\0'); + bp = buff + strlen(buff); b_len = buff_len - (bp - buff); memset(key, 0, HMAC_LEN); @@ -334,9 +335,9 @@ dst_hmac_md5_key_from_file_format(DST_KEY *dkey, const char *buff, { const char *p = buff, *eol; u_char key[HMAC_LEN+1]; /* b64_pton needs more than 64 bytes do decode - * it should probably be fixed rather than doing - * this - */ + * it should probably be fixed rather than doing + * this + */ u_char *tmp; int key_len, len; @@ -355,6 +356,8 @@ dst_hmac_md5_key_from_file_format(DST_KEY *dkey, const char *buff, return (-4); len = eol - p; tmp = malloc(len + 2); + if (tmp == NULL) + return (-5); memcpy(tmp, p, len); *(tmp + len) = 0x0; key_len = b64_pton((char *)tmp, key, HMAC_LEN+1); /* see above */ diff --git a/contrib/bind9/lib/bind/include/arpa/nameser_compat.h b/contrib/bind9/lib/bind/include/arpa/nameser_compat.h index 464f12e13aa..4460261b7b3 100644 --- a/contrib/bind9/lib/bind/include/arpa/nameser_compat.h +++ b/contrib/bind9/lib/bind/include/arpa/nameser_compat.h @@ -32,7 +32,7 @@ /* * from nameser.h 8.1 (Berkeley) 6/2/93 - * $Id: nameser_compat.h,v 1.1.2.3.4.2 2004/07/01 04:43:41 marka Exp $ + * $Id: nameser_compat.h,v 1.1.2.3.4.3 2006/05/19 02:38:15 marka Exp $ */ #ifndef _ARPA_NAMESER_COMPAT_ @@ -52,8 +52,9 @@ #define PDP_ENDIAN 3412 /* LSB first in word, MSW first in long (pdp)*/ #if defined(vax) || defined(ns32000) || defined(sun386) || defined(i386) || \ - defined(MIPSEL) || defined(_MIPSEL) || defined(BIT_ZERO_ON_RIGHT) || \ - defined(__alpha__) || defined(__alpha) || \ + defined(__i386__) || defined(__i386) || defined(__amd64__) || \ + defined(__x86_64__) || defined(MIPSEL) || defined(_MIPSEL) || \ + defined(BIT_ZERO_ON_RIGHT) || defined(__alpha__) || defined(__alpha) || \ (defined(__Lynx__) && defined(__x86__)) #define BYTE_ORDER LITTLE_ENDIAN #endif diff --git a/contrib/bind9/lib/bind/include/isc/list.h b/contrib/bind9/lib/bind/include/isc/list.h index ad574ac2b58..4e27eb19bae 100644 --- a/contrib/bind9/lib/bind/include/isc/list.h +++ b/contrib/bind9/lib/bind/include/isc/list.h @@ -66,12 +66,16 @@ INSIST(LINKED(elt, link));\ if ((elt)->link.next != NULL) \ (elt)->link.next->link.prev = (elt)->link.prev; \ - else \ + else { \ + INSIST((list).tail == (elt)); \ (list).tail = (elt)->link.prev; \ + } \ if ((elt)->link.prev != NULL) \ (elt)->link.prev->link.next = (elt)->link.next; \ - else \ + else { \ + INSIST((list).head == (elt)); \ (list).head = (elt)->link.next; \ + } \ INIT_LINK_TYPE(elt, link, type); \ } while (0) #define UNLINK(list, elt, link) \ diff --git a/contrib/bind9/lib/bind/include/netdb.h b/contrib/bind9/lib/bind/include/netdb.h index 48a382941c7..11ee8a548bc 100644 --- a/contrib/bind9/lib/bind/include/netdb.h +++ b/contrib/bind9/lib/bind/include/netdb.h @@ -86,7 +86,7 @@ /* * @(#)netdb.h 8.1 (Berkeley) 6/2/93 - * $Id: netdb.h,v 1.12.2.1.4.5 2004/11/30 01:15:42 marka Exp $ + * $Id: netdb.h,v 1.12.2.1.4.9 2006/10/02 01:20:30 marka Exp $ */ #ifndef _NETDB_H_ @@ -175,7 +175,7 @@ struct addrinfo { int ai_socktype; /* SOCK_xxx */ int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ #if defined(sun) && defined(_SOCKLEN_T) -#ifdef __sparc9 +#ifdef __sparcv9 int _ai_pad; #endif socklen_t ai_addrlen; @@ -291,7 +291,7 @@ struct hostent_data { struct netent_data { FILE *net_fp; -#ifdef __osf__ +#if defined(__osf__) || defined(_AIX) char line[_MAXLINELEN]; #endif #ifdef __hpux @@ -308,10 +308,21 @@ struct netent_data { char *current; int currentlen; #endif +#ifdef _AIX + int _net_stayopen; + char *current; + int currentlen; + void *_net_reserv1; /* reserved for future use */ + void *_net_reserv2; /* reserved for future use */ +#endif }; struct protoent_data { FILE *proto_fp; +#ifdef _AIX + int _proto_stayopen; + char line[_MAXLINELEN]; +#endif #ifdef __osf__ char line[1024]; #endif @@ -329,11 +340,17 @@ struct protoent_data { char *current; int currentlen; #endif +#ifdef _AIX + int currentlen; + char *current; + void *_proto_reserv1; /* reserved for future use */ + void *_proto_reserv2; /* reserved for future use */ +#endif }; struct servent_data { FILE *serv_fp; -#ifdef __osf__ +#if defined(__osf__) || defined(_AIX) char line[_MAXLINELEN]; #endif #ifdef __hpux @@ -350,6 +367,13 @@ struct servent_data { char *current; int currentlen; #endif +#ifdef _AIX + int _serv_stayopen; + char *current; + int currentlen; + void *_serv_reserv1; /* reserved for future use */ + void *_serv_reserv2; /* reserved for future use */ +#endif }; #endif #endif @@ -457,9 +481,19 @@ int endservent_r __P((struct servent_data *)); #else void endservent_r __P((struct servent_data *)); #endif +#ifdef _AIX +int setnetgrent_r __P((const char *, void **)); +void endnetgrent_r __P((void **)); +/* + * Note: AIX's netdb.h declares innetgr_r() as: + * int innetgr_r(char *, char *, char *, char *, struct innetgr_data *); + */ +int innetgr_r __P((const char *, const char *, const char *, + const char *)); +#endif #else /* defined(sun) || defined(bsdi) */ -#ifdef __GLIBC__ +#if defined(__GLIBC__) || defined(__FreeBSD__) && (__FreeBSD_version + 0 >= 601103) int gethostbyaddr_r __P((const char *, int, int, struct hostent *, char *, size_t, struct hostent **, int *)); int gethostbyname_r __P((const char *, struct hostent *, @@ -476,7 +510,7 @@ struct hostent *gethostent_r __P((struct hostent *, char *, int, int *)); void sethostent_r __P((int)); void endhostent_r __P((void)); -#ifdef __GLIBC__ +#if defined(__GLIBC__) || defined(__FreeBSD__) && (__FreeBSD_version + 0 >= 601103) int getnetbyname_r __P((const char *, struct netent *, char *, size_t, struct netent **, int*)); int getnetbyaddr_r __P((unsigned long int, int, struct netent *, @@ -492,7 +526,7 @@ struct netent *getnetent_r __P((struct netent *, char *, int)); void setnetent_r __P((int)); void endnetent_r __P((void)); -#ifdef __GLIBC__ +#if defined(__GLIBC__) || defined(__FreeBSD__) && (__FreeBSD_version + 0 >= 601103) int getprotobyname_r __P((const char *, struct protoent *, char *, size_t, struct protoent **)); int getprotobynumber_r __P((int, struct protoent *, char *, size_t, @@ -508,7 +542,7 @@ struct protoent *getprotoent_r __P((struct protoent *, char *, int)); void setprotoent_r __P((int)); void endprotoent_r __P((void)); -#ifdef __GLIBC__ +#if defined(__GLIBC__) || defined(__FreeBSD__) && (__FreeBSD_version + 0 >= 601103) int getservbyname_r __P((const char *name, const char *, struct servent *, char *, size_t, struct servent **)); int getservbyport_r __P((int port, const char *, @@ -527,9 +561,6 @@ void endservent_r __P((void)); #ifdef __GLIBC__ int getnetgrent_r __P((char **, char **, char **, char *, size_t)); #endif -#ifdef _AIX -int setnetgrent_r __P((char *, void **)); -#endif #endif #endif diff --git a/contrib/bind9/lib/bind/inet/inet_cidr_ntop.c b/contrib/bind9/lib/bind/inet/inet_cidr_ntop.c index 192cf1e752e..b25dc8256f6 100644 --- a/contrib/bind9/lib/bind/inet/inet_cidr_ntop.c +++ b/contrib/bind9/lib/bind/inet/inet_cidr_ntop.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: inet_cidr_ntop.c,v 1.1.2.1.8.3 2005/11/03 23:08:40 marka Exp $"; +static const char rcsid[] = "$Id: inet_cidr_ntop.c,v 1.1.2.1.8.4 2006/10/11 02:32:50 marka Exp $"; #endif #include "port_before.h" @@ -40,10 +40,10 @@ static const char rcsid[] = "$Id: inet_cidr_ntop.c,v 1.1.2.1.8.3 2005/11/03 23:0 # define SPRINTF(x) ((size_t)sprintf x) #endif -static char * inet_cidr_ntop_ipv4 __P((const u_char *src, int bits, - char *dst, size_t size)); -static char * inet_cidr_ntop_ipv6 __P((const u_char *src, int bits, - char *dst, size_t size)); +static char * +inet_cidr_ntop_ipv4(const u_char *src, int bits, char *dst, size_t size); +static char * +inet_cidr_ntop_ipv6(const u_char *src, int bits, char *dst, size_t size); /* * char * diff --git a/contrib/bind9/lib/bind/inet/inet_net_ntop.c b/contrib/bind9/lib/bind/inet/inet_net_ntop.c index f508629d617..47af6284ede 100644 --- a/contrib/bind9/lib/bind/inet/inet_net_ntop.c +++ b/contrib/bind9/lib/bind/inet/inet_net_ntop.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: inet_net_ntop.c,v 1.1.2.1.8.1 2004/03/09 08:33:32 marka Exp $"; +static const char rcsid[] = "$Id: inet_net_ntop.c,v 1.1.2.1.8.2 2006/06/20 02:53:07 marka Exp $"; #endif #include "port_before.h" @@ -264,7 +264,7 @@ inet_net_ntop_ipv6(const u_char *src, int bits, char *dst, size_t size) { } } /* Format CIDR /width. */ - SPRINTF((cp, "/%u", bits)); + sprintf(cp, "/%u", bits); if (strlen(outbuf) + 1 > size) goto emsgsize; strcpy(dst, outbuf); diff --git a/contrib/bind9/lib/bind/irs/dns.c b/contrib/bind9/lib/bind/irs/dns.c index ab83b3e4a49..27529b56506 100644 --- a/contrib/bind9/lib/bind/irs/dns.c +++ b/contrib/bind9/lib/bind/irs/dns.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: dns.c,v 1.1.206.2 2004/03/17 00:29:47 marka Exp $"; +static const char rcsid[] = "$Id: dns.c,v 1.1.206.3 2006/03/10 00:17:21 marka Exp $"; #endif /* @@ -114,7 +114,7 @@ dns_res_get(struct irs_acc *this) { res = (struct __res_state *)malloc(sizeof *res); if (res == NULL) return (NULL); - memset(dns->res, 0, sizeof *dns->res); + memset(res, 0, sizeof *res); dns_res_set(this, res, free); } diff --git a/contrib/bind9/lib/bind/irs/dns_ho.c b/contrib/bind9/lib/bind/irs/dns_ho.c index e8da61a0c1a..192be042e0b 100644 --- a/contrib/bind9/lib/bind/irs/dns_ho.c +++ b/contrib/bind9/lib/bind/irs/dns_ho.c @@ -52,7 +52,7 @@ /* BIND Id: gethnamaddr.c,v 8.15 1996/05/22 04:56:30 vixie Exp $ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: dns_ho.c,v 1.5.2.7.4.6 2005/10/11 00:48:14 marka Exp $"; +static const char rcsid[] = "$Id: dns_ho.c,v 1.5.2.7.4.8 2006/03/10 00:17:21 marka Exp $"; #endif /* LIBC_SCCS and not lint */ /* Imports. */ @@ -218,8 +218,7 @@ ho_close(struct irs_ho *this) { ho_minimize(this); if (pvt->res && pvt->free_res) (*pvt->free_res)(pvt->res); - if (pvt) - memput(pvt, sizeof *pvt); + memput(pvt, sizeof *pvt); memput(this, sizeof *this); } @@ -260,7 +259,7 @@ ho_byname2(struct irs_ho *this, const char *name, int af) errno = ENOMEM; goto cleanup; } - memset(q, 0, sizeof(q)); + memset(q, 0, sizeof(*q)); switch (af) { case AF_INET: @@ -352,8 +351,8 @@ ho_byaddr(struct irs_ho *this, const void *addr, int len, int af) errno = ENOMEM; goto cleanup; } - memset(q, 0, sizeof(q)); - memset(q2, 0, sizeof(q2)); + memset(q, 0, sizeof(*q)); + memset(q2, 0, sizeof(*q2)); if (af == AF_INET6 && len == IN6ADDRSZ && (!memcmp(uaddr, mapped, sizeof mapped) || @@ -578,8 +577,8 @@ ho_addrinfo(struct irs_ho *this, const char *name, const struct addrinfo *pai) errno = ENOMEM; goto cleanup; } - memset(q, 0, sizeof(q2)); - memset(q2, 0, sizeof(q2)); + memset(q, 0, sizeof(*q2)); + memset(q2, 0, sizeof(*q2)); switch (pai->ai_family) { case AF_UNSPEC: @@ -649,10 +648,9 @@ ho_addrinfo(struct irs_ho *this, const char *name, const struct addrinfo *pai) if (ai) { querystate = RESQRY_SUCCESS; cur->ai_next = ai; - while (cur && cur->ai_next) + while (cur->ai_next) cur = cur->ai_next; - } - else + } else querystate = RESQRY_FAIL; } @@ -948,7 +946,7 @@ gethostans(struct irs_ho *this, continue; } if (ret_aip) { /* need addrinfo. keep it. */ - while (cur && cur->ai_next) + while (cur->ai_next) cur = cur->ai_next; } else if (cur->ai_next) { /* need hostent */ struct addrinfo *aip = cur->ai_next; diff --git a/contrib/bind9/lib/bind/irs/gai_strerror.c b/contrib/bind9/lib/bind/irs/gai_strerror.c index 6aeaaa1910b..0492f8f49aa 100644 --- a/contrib/bind9/lib/bind/irs/gai_strerror.c +++ b/contrib/bind9/lib/bind/irs/gai_strerror.c @@ -66,18 +66,26 @@ gai_strerror(int ecode) { #ifdef DO_PTHREADS if (!once) { - pthread_mutex_lock(&lock); - if (!once++) - pthread_key_create(&key, free); - pthread_mutex_unlock(&lock); + if (pthread_mutex_lock(&lock) != 0) + goto unknown; + if (!once) { + if (pthread_key_create(&key, free) != 0) + goto unknown; + once = 1; + } + if (pthread_mutex_unlock(&lock) != 0) + goto unknown; } buf = pthread_getspecific(key); if (buf == NULL) { buf = malloc(EAI_BUFSIZE); if (buf == NULL) - return ("unknown error"); - pthread_setspecific(key, buf); + goto unknown; + if (pthread_setspecific(key, buf) != 0) { + free(buf); + goto unknown; + } } #endif /* @@ -86,4 +94,9 @@ gai_strerror(int ecode) { */ sprintf(buf, "%s: %d", gai_errlist[gai_nerr - 1], ecode); return (buf); + +#ifdef DO_PTHREADS + unknown: + return ("unknown error"); +#endif } diff --git a/contrib/bind9/lib/bind/irs/gen_ho.c b/contrib/bind9/lib/bind/irs/gen_ho.c index e9e2c890976..f17aa2238fc 100644 --- a/contrib/bind9/lib/bind/irs/gen_ho.c +++ b/contrib/bind9/lib/bind/irs/gen_ho.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: gen_ho.c,v 1.1.206.2 2004/03/17 01:49:39 marka Exp $"; +static const char rcsid[] = "$Id: gen_ho.c,v 1.1.206.3 2006/03/10 00:17:21 marka Exp $"; #endif /* LIBC_SCCS and not lint */ /* Imports */ @@ -371,8 +371,6 @@ ho_addrinfo(struct irs_ho *this, const char *name, const struct addrinfo *pai) } if (softerror != 0 && pvt->res->res_h_errno == HOST_NOT_FOUND) RES_SET_H_ERRNO(pvt->res, therrno); - if (rval) - freeaddrinfo(rval); return (NULL); } diff --git a/contrib/bind9/lib/bind/irs/getaddrinfo.c b/contrib/bind9/lib/bind/irs/getaddrinfo.c index d80f298bf26..c8d1ab3b792 100644 --- a/contrib/bind9/lib/bind/irs/getaddrinfo.c +++ b/contrib/bind9/lib/bind/irs/getaddrinfo.c @@ -245,7 +245,7 @@ do { \ } while (/*CONSTCOND*/0) #ifndef SOLARIS2 -#define ERR(err) \ +#define SETERROR(err) \ do { \ /* external reference: error, and label bad */ \ error = (err); \ @@ -253,7 +253,7 @@ do { \ /*NOTREACHED*/ \ } while (/*CONSTCOND*/0) #else -#define ERR(err) \ +#define SETERROR(err) \ do { \ /* external reference: error, and label bad */ \ error = (err); \ @@ -352,16 +352,16 @@ getaddrinfo(hostname, servname, hints, res) /* error check for hints */ if (hints->ai_addrlen || hints->ai_canonname || hints->ai_addr || hints->ai_next) - ERR(EAI_BADHINTS); /* xxx */ + SETERROR(EAI_BADHINTS); /* xxx */ if (hints->ai_flags & ~AI_MASK) - ERR(EAI_BADFLAGS); + SETERROR(EAI_BADFLAGS); switch (hints->ai_family) { case PF_UNSPEC: case PF_INET: case PF_INET6: break; default: - ERR(EAI_FAMILY); + SETERROR(EAI_FAMILY); } memcpy(pai, hints, sizeof(*pai)); @@ -386,7 +386,7 @@ getaddrinfo(hostname, servname, hints, res) continue; if (pai->ai_socktype == ex->e_socktype && pai->ai_protocol != ex->e_protocol) { - ERR(EAI_BADHINTS); + SETERROR(EAI_BADHINTS); } } } @@ -406,7 +406,7 @@ getaddrinfo(hostname, servname, hints, res) case AI_ALL: #if 1 /* illegal */ - ERR(EAI_BADFLAGS); + SETERROR(EAI_BADFLAGS); #else pai->ai_flags &= ~(AI_ALL | AI_V4MAPPED); break; @@ -434,7 +434,7 @@ getaddrinfo(hostname, servname, hints, res) } error = get_portmatch(pai, servname); if (error) - ERR(error); + SETERROR(error); *pai = ai0; } @@ -493,9 +493,9 @@ getaddrinfo(hostname, servname, hints, res) goto good; if (pai->ai_flags & AI_NUMERICHOST) - ERR(EAI_NONAME); + SETERROR(EAI_NONAME); if (hostname == NULL) - ERR(EAI_NONAME); + SETERROR(EAI_NONAME); /* * hostname as alphabetical name. @@ -576,10 +576,6 @@ getaddrinfo(hostname, servname, hints, res) freeaddrinfo(afai); /* afai must not be NULL at this point. */ - /* we must not have got any errors. */ - if (error != 0) /* just for diagnosis */ - abort(); - if (sentinel.ai_next) { good: *res = sentinel.ai_next; @@ -804,10 +800,10 @@ explore_numeric(pai, hostname, servname, res) pai->ai_family == PF_UNSPEC /*?*/) { GET_AI(cur->ai_next, afd, pton); GET_PORT(cur->ai_next, servname); - while (cur && cur->ai_next) + while (cur->ai_next) cur = cur->ai_next; } else - ERR(EAI_FAMILY); /*xxx*/ + SETERROR(EAI_FAMILY); /*xxx*/ } break; #endif @@ -817,10 +813,10 @@ explore_numeric(pai, hostname, servname, res) pai->ai_family == PF_UNSPEC /*?*/) { GET_AI(cur->ai_next, afd, pton); GET_PORT(cur->ai_next, servname); - while (cur && cur->ai_next) + while (cur->ai_next) cur = cur->ai_next; } else - ERR(EAI_FAMILY); /*xxx*/ + SETERROR(EAI_FAMILY); /*xxx*/ } break; } @@ -1202,7 +1198,7 @@ hostent2addrinfo(hp, pai) */ GET_CANONNAME(cur->ai_next, hp->h_name); } - while (cur && cur->ai_next) /* no need to loop, actually. */ + while (cur->ai_next) /* no need to loop, actually. */ cur = cur->ai_next; continue; diff --git a/contrib/bind9/lib/bind/irs/gethostent.c b/contrib/bind9/lib/bind/irs/gethostent.c index b471c529e01..cfea501fd88 100644 --- a/contrib/bind9/lib/bind/irs/gethostent.c +++ b/contrib/bind9/lib/bind/irs/gethostent.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: gethostent.c,v 1.1.2.2.4.2 2004/03/17 01:49:40 marka Exp $"; +static const char rcsid[] = "$Id: gethostent.c,v 1.1.2.2.4.3 2006/01/10 05:09:16 marka Exp $"; #endif /* Imports */ @@ -608,7 +608,7 @@ scan_interfaces6(int *have_v4, int *have_v6) { } #endif -#ifdef __linux +#if ( defined(__linux__) || defined(__linux) || defined(LINUX) ) #ifndef IF_NAMESIZE # ifdef IFNAMSIZ # define IF_NAMESIZE IFNAMSIZ diff --git a/contrib/bind9/lib/bind/irs/getnameinfo.c b/contrib/bind9/lib/bind/irs/getnameinfo.c index 5947c038984..d6d89f3efe9 100644 --- a/contrib/bind9/lib/bind/irs/getnameinfo.c +++ b/contrib/bind9/lib/bind/irs/getnameinfo.c @@ -3,6 +3,16 @@ * - Thread safe-ness must be checked */ +#if ( defined(__linux__) || defined(__linux) || defined(LINUX) ) +#ifndef IF_NAMESIZE +# ifdef IFNAMSIZ +# define IF_NAMESIZE IFNAMSIZ +# else +# define IF_NAMESIZE 16 +# endif +#endif +#endif + /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. diff --git a/contrib/bind9/lib/bind/irs/getprotoent_r.c b/contrib/bind9/lib/bind/irs/getprotoent_r.c index 96bb4e323df..58d0ec9e22f 100644 --- a/contrib/bind9/lib/bind/irs/getprotoent_r.c +++ b/contrib/bind9/lib/bind/irs/getprotoent_r.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: getprotoent_r.c,v 1.3.206.1 2004/03/09 08:33:36 marka Exp $"; +static const char rcsid[] = "$Id: getprotoent_r.c,v 1.3.206.2 2006/08/01 01:19:28 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -109,6 +109,9 @@ setprotoent_r(int stay_open, PROTO_R_ENT_ARGS) setprotoent_r(int stay_open) #endif { +#ifdef PROTO_R_ENT_UNUSED + PROTO_R_ENT_UNUSED; +#endif setprotoent(stay_open); #ifdef PROTO_R_SET_RESULT return (PROTO_R_SET_RESULT); @@ -122,6 +125,9 @@ endprotoent_r(PROTO_R_ENT_ARGS) endprotoent_r() #endif { +#ifdef PROTO_R_ENT_UNUSED + PROTO_R_ENT_UNUSED; +#endif endprotoent(); PROTO_R_END_RESULT(PROTO_R_OK); } diff --git a/contrib/bind9/lib/bind/irs/getservent_r.c b/contrib/bind9/lib/bind/irs/getservent_r.c index b24f468ab48..6dd70344805 100644 --- a/contrib/bind9/lib/bind/irs/getservent_r.c +++ b/contrib/bind9/lib/bind/irs/getservent_r.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: getservent_r.c,v 1.3.206.1 2004/03/09 08:33:36 marka Exp $"; +static const char rcsid[] = "$Id: getservent_r.c,v 1.3.206.2 2006/08/01 01:19:28 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -112,7 +112,9 @@ setservent_r(int stay_open, SERV_R_ENT_ARGS) setservent_r(int stay_open) #endif { - +#ifdef SERV_R_ENT_UNUSED + SERV_R_ENT_UNUSED; +#endif setservent(stay_open); #ifdef SERV_R_SET_RESULT return (SERV_R_SET_RESULT); @@ -126,7 +128,9 @@ endservent_r(SERV_R_ENT_ARGS) endservent_r() #endif { - +#ifdef SERV_R_ENT_UNUSED + SERV_R_ENT_UNUSED; +#endif endservent(); SERV_R_END_RESULT(SERV_R_OK); } @@ -194,8 +198,8 @@ copy_servent(struct servent *se, struct servent *sptr, SERV_R_COPY_ARGS) { sptr->s_port = se->s_port; /* copy official name */ - cp = ndptr->line; - eob = ndptr->line + sizeof(ndptr->line); + cp = sdptr->line; + eob = sdptr->line + sizeof(sdptr->line); if ((n = strlen(se->s_name) + 1) < (eob - cp)) { strcpy(cp, se->s_name); sptr->s_name = cp; @@ -206,7 +210,7 @@ copy_servent(struct servent *se, struct servent *sptr, SERV_R_COPY_ARGS) { /* copy aliases */ i = 0; - sptr->s_aliases = ndptr->serv_aliases; + sptr->s_aliases = sdptr->serv_aliases; while (se->s_aliases[i] && i < (_MAXALIASES-1)) { if ((n = strlen(se->s_aliases[i]) + 1) < (eob - cp)) { strcpy(cp, se->s_aliases[i]); diff --git a/contrib/bind9/lib/bind/irs/irp.c b/contrib/bind9/lib/bind/irs/irp.c index e5620db3e23..649079c31f1 100644 --- a/contrib/bind9/lib/bind/irs/irp.c +++ b/contrib/bind9/lib/bind/irs/irp.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: irp.c,v 1.3.2.1.10.2 2004/03/17 01:49:41 marka Exp $"; +static const char rcsid[] = "$Id: irp.c,v 1.3.2.1.10.4 2006/03/10 00:17:21 marka Exp $"; #endif /* Imports */ @@ -425,6 +425,9 @@ irs_irp_read_body(struct irp_p *pvt, size_t *size) { char *buffer = memget(len); int idx = 0; + if (buffer == NULL) + return (NULL); + for (;;) { if (irs_irp_read_line(pvt, line, sizeof line) <= 0 || strchr(line, '\n') == NULL) @@ -517,7 +520,7 @@ irs_irp_get_full_response(struct irp_p *pvt, int *code, char *text, * int irs_irp_send_command(struct irp_p *pvt, const char *fmt, ...); * * Sends command to remote connected via the PVT - * struture. FMT and args after it are fprintf-like + * structure. FMT and args after it are fprintf-like * arguments for formatting. * * Returns: diff --git a/contrib/bind9/lib/bind/irs/irp_nw.c b/contrib/bind9/lib/bind/irs/irp_nw.c index 346e5a4d800..ea686124198 100644 --- a/contrib/bind9/lib/bind/irs/irp_nw.c +++ b/contrib/bind9/lib/bind/irs/irp_nw.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: irp_nw.c,v 1.1.206.1 2004/03/09 08:33:37 marka Exp $"; +static const char rcsid[] = "$Id: irp_nw.c,v 1.1.206.2 2006/03/10 00:17:21 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #if 0 @@ -319,6 +319,8 @@ nw_next(struct irs_nw *this) { nw = NULL; } + if (body != NULL) + memput(body, bodylen); return (nw); } diff --git a/contrib/bind9/lib/bind/irs/irpmarshall.c b/contrib/bind9/lib/bind/irs/irpmarshall.c index 6d2ebd48433..198e349d539 100644 --- a/contrib/bind9/lib/bind/irs/irpmarshall.c +++ b/contrib/bind9/lib/bind/irs/irpmarshall.c @@ -49,7 +49,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: irpmarshall.c,v 1.3.206.3 2004/03/17 01:13:34 marka Exp $"; +static const char rcsid[] = "$Id: irpmarshall.c,v 1.3.206.4 2006/03/10 00:17:21 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #if 0 @@ -1020,7 +1020,7 @@ irp_unmarshall_ho(struct hostent *ho, char *buffer) { int hoaddrtype; int holength; long t; - char *name = NULL; + char *name; char **aliases = NULL; char **hohaddrlist = NULL; size_t hoaddrsize; @@ -1143,6 +1143,7 @@ irp_unmarshall_ho(struct hostent *ho, char *buffer) { errno = myerrno; if (name != NULL) free(name); + free_array(hohaddrlist, 0); free_array(aliases, 0); return (-1); @@ -1313,7 +1314,6 @@ irp_unmarshall_ng(const char **hostp, const char **userp, const char **domainp, if (host != NULL) free(host); if (user != NULL) free(user); - if (domain != NULL) free(domain); return (-1); } diff --git a/contrib/bind9/lib/bind/irs/irs_data.c b/contrib/bind9/lib/bind/irs/irs_data.c index f8e65adfe6f..7904286db87 100644 --- a/contrib/bind9/lib/bind/irs/irs_data.c +++ b/contrib/bind9/lib/bind/irs/irs_data.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: irs_data.c,v 1.3.2.2.4.3 2004/11/30 01:15:43 marka Exp $"; +static const char rcsid[] = "$Id: irs_data.c,v 1.3.2.2.4.4 2006/03/10 00:17:21 marka Exp $"; #endif #include "port_before.h" @@ -128,10 +128,15 @@ net_data_init(const char *conf_file) { struct net_data *net_data; if (!once) { - pthread_mutex_lock(&keylock); - if (!once++) - pthread_key_create(&key, net_data_destroy); - pthread_mutex_unlock(&keylock); + if (pthread_mutex_lock(&keylock) != 0) + return (NULL); + if (!once) { + if (pthread_key_create(&key, net_data_destroy) != 0) + return (NULL); + once = 1; + } + if (pthread_mutex_unlock(&keylock) != 0) + return (NULL); } net_data = pthread_getspecific(key); #endif @@ -141,7 +146,10 @@ net_data_init(const char *conf_file) { if (net_data == NULL) return (NULL); #ifdef DO_PTHREADS - pthread_setspecific(key, net_data); + if (pthread_setspecific(key, net_data) != 0) { + net_data_destroy(net_data); + return (NULL); + } #endif } diff --git a/contrib/bind9/lib/bind/irs/lcl_ho.c b/contrib/bind9/lib/bind/irs/lcl_ho.c index 45d26778202..b59a10468f6 100644 --- a/contrib/bind9/lib/bind/irs/lcl_ho.c +++ b/contrib/bind9/lib/bind/irs/lcl_ho.c @@ -52,7 +52,7 @@ /* BIND Id: gethnamaddr.c,v 8.15 1996/05/22 04:56:30 vixie Exp $ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: lcl_ho.c,v 1.1.206.2 2004/03/17 00:29:50 marka Exp $"; +static const char rcsid[] = "$Id: lcl_ho.c,v 1.1.206.3 2006/03/10 00:17:21 marka Exp $"; #endif /* LIBC_SCCS and not lint */ /* Imports. */ @@ -541,7 +541,7 @@ ho_addrinfo(struct irs_ho *this, const char *name, const struct addrinfo *pai) ai = hostent2addrinfo(hp, pai); if (ai) { cur->ai_next = ai; - while (cur && cur->ai_next) + while (cur->ai_next) cur = cur->ai_next; } } diff --git a/contrib/bind9/lib/bind/irs/lcl_pr.c b/contrib/bind9/lib/bind/irs/lcl_pr.c index d8f909e89f9..ddc92c89bd6 100644 --- a/contrib/bind9/lib/bind/irs/lcl_pr.c +++ b/contrib/bind9/lib/bind/irs/lcl_pr.c @@ -49,7 +49,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: lcl_pr.c,v 1.1.206.1 2004/03/09 08:33:38 marka Exp $"; +static const char rcsid[] = "$Id: lcl_pr.c,v 1.1.206.2 2006/03/10 00:17:21 marka Exp $"; #endif /* LIBC_SCCS and not lint */ /* extern */ @@ -85,6 +85,7 @@ static const char rcsid[] = "$Id: lcl_pr.c,v 1.1.206.1 2004/03/09 08:33:38 marka struct pvt { FILE * fp; char line[BUFSIZ+1]; + char * dbuf; struct protoent proto; char * proto_aliases[MAXALIASES]; }; @@ -141,6 +142,8 @@ pr_close(struct irs_pr *this) { if (pvt->fp) (void) fclose(pvt->fp); + if (pvt->dbuf) + free(pvt->dbuf); memput(pvt, sizeof *pvt); memput(this, sizeof *this); } @@ -202,6 +205,10 @@ pr_next(struct irs_pr *this) { pr_rewind(this); if (!pvt->fp) return (NULL); + if (pvt->dbuf) { + free(pvt->dbuf); + pvt->dbuf = NULL; + } bufp = pvt->line; bufsiz = BUFSIZ; offset = 0; @@ -270,6 +277,7 @@ pr_next(struct irs_pr *this) { } } *q = NULL; + pvt->dbuf = dbuf; return (&pvt->proto); } diff --git a/contrib/bind9/lib/bind/isc/ev_connects.c b/contrib/bind9/lib/bind/isc/ev_connects.c index 4b0dd2222a0..b3873b72e83 100644 --- a/contrib/bind9/lib/bind/isc/ev_connects.c +++ b/contrib/bind9/lib/bind/isc/ev_connects.c @@ -20,7 +20,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: ev_connects.c,v 1.4.206.2 2005/07/08 04:52:54 marka Exp $"; +static const char rcsid[] = "$Id: ev_connects.c,v 1.4.206.3 2006/03/10 00:17:21 marka Exp $"; #endif /* Import. */ @@ -69,7 +69,7 @@ evListen(evContext opaqueCtx, int fd, int maxconn, OKNEW(new); new->flags = EV_CONN_LISTEN; - OK(mode = fcntl(fd, F_GETFL, NULL)); /* side effect: validate fd. */ + OKFREE(mode = fcntl(fd, F_GETFL, NULL), new); /* side effect: validate fd. */ /* * Remember the nonblocking status. We assume that either evSelectFD * has not been done to this fd, or that if it has then the caller @@ -80,13 +80,13 @@ evListen(evContext opaqueCtx, int fd, int maxconn, if ((mode & PORT_NONBLOCK) == 0) { #ifdef USE_FIONBIO_IOCTL int on = 1; - OK(ioctl(fd, FIONBIO, (char *)&on)); + OKFREE(ioctl(fd, FIONBIO, (char *)&on), new); #else - OK(fcntl(fd, F_SETFL, mode | PORT_NONBLOCK)); + OKFREE(fcntl(fd, F_SETFL, mode | PORT_NONBLOCK), new); #endif new->flags |= EV_CONN_BLOCK; } - OK(listen(fd, maxconn)); + OKFREE(listen(fd, maxconn), new); if (evSelectFD(opaqueCtx, fd, EV_READ, listener, new, &new->file) < 0){ int save = errno; diff --git a/contrib/bind9/lib/bind/isc/eventlib.c b/contrib/bind9/lib/bind/isc/eventlib.c index 77b14144b97..11120ecadd5 100644 --- a/contrib/bind9/lib/bind/isc/eventlib.c +++ b/contrib/bind9/lib/bind/isc/eventlib.c @@ -20,7 +20,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: eventlib.c,v 1.2.2.1.4.5 2005/07/28 07:43:20 marka Exp $"; +static const char rcsid[] = "$Id: eventlib.c,v 1.2.2.1.4.6 2006/03/10 00:17:21 marka Exp $"; #endif #include "port_before.h" @@ -784,13 +784,10 @@ pselect(int nfds, void *rfds, void *wfds, void *efds, pnfds = 0; } n = poll(fds, pnfds, polltimeout); - /* - * pselect() should return the total number of events on the file - * desriptors, not just the count of fd:s with activity. Hence, - * traverse the pollfds array and count the events. - */ if (n > 0) { int i, e; + + INSIST(ctx != NULL); for (e = 0, i = ctx->firstfd; i <= ctx->fdMax; i++) { if (ctx->pollfds[i].fd < 0) continue; diff --git a/contrib/bind9/lib/bind/isc/eventlib_p.h b/contrib/bind9/lib/bind/isc/eventlib_p.h index b95741d7aff..5c45ab83f60 100644 --- a/contrib/bind9/lib/bind/isc/eventlib_p.h +++ b/contrib/bind9/lib/bind/isc/eventlib_p.h @@ -18,7 +18,7 @@ /* eventlib_p.h - private interfaces for eventlib * vix 09sep95 [initial] * - * $Id: eventlib_p.h,v 1.3.2.1.4.3 2005/07/28 07:43:20 marka Exp $ + * $Id: eventlib_p.h,v 1.3.2.1.4.4 2006/03/10 00:17:21 marka Exp $ */ #ifndef _EVENTLIB_P_H @@ -45,6 +45,8 @@ #define EV_MASK_ALL (EV_READ | EV_WRITE | EV_EXCEPT) #define EV_ERR(e) return (errno = (e), -1) #define OK(x) if ((x) < 0) EV_ERR(errno); else (void)NULL +#define OKFREE(x, y) if ((x) < 0) { FREE((y)); EV_ERR(errno); } \ + else (void)NULL #define NEW(p) if (((p) = memget(sizeof *(p))) != NULL) \ FILL(p); \ diff --git a/contrib/bind9/lib/bind/isc/heap.c b/contrib/bind9/lib/bind/isc/heap.c index f63619f5688..2faf6f5767f 100644 --- a/contrib/bind9/lib/bind/isc/heap.c +++ b/contrib/bind9/lib/bind/isc/heap.c @@ -26,7 +26,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: heap.c,v 1.1.206.1 2004/03/09 08:33:43 marka Exp $"; +static const char rcsid[] = "$Id: heap.c,v 1.1.206.2 2006/03/10 00:17:21 marka Exp $"; #endif /* not lint */ #include "port_before.h" @@ -54,9 +54,13 @@ heap_new(heap_higher_priority_func higher_priority, heap_index_func index, int array_size_increment) { heap_context ctx; - ctx = (heap_context)malloc(sizeof (struct heap_context)); - if (ctx == NULL || higher_priority == NULL) + if (higher_priority == NULL) return (NULL); + + ctx = (heap_context)malloc(sizeof (struct heap_context)); + if (ctx == NULL) + return (NULL); + ctx->array_size = 0; if (array_size_increment == 0) ctx->array_size_increment = ARRAY_SIZE_INCREMENT; diff --git a/contrib/bind9/lib/bind/isc/hex.c b/contrib/bind9/lib/bind/isc/hex.c index c177ca0fa32..70312597c90 100644 --- a/contrib/bind9/lib/bind/isc/hex.c +++ b/contrib/bind9/lib/bind/isc/hex.c @@ -45,8 +45,9 @@ isc_gethexstring(unsigned char *buf, size_t len, int count, FILE *fp, goto formerr; /* comment */ if (c == ';') { - while ((c = fgetc(fp)) != EOF && c != '\n') - /* empty */ + do { + c = fgetc(fp); + } while (c != EOF && c != '\n'); if (c == '\n' && *multiline) continue; goto formerr; diff --git a/contrib/bind9/lib/bind/isc/memcluster.c b/contrib/bind9/lib/bind/isc/memcluster.c index c5b7202817c..886f51601e2 100644 --- a/contrib/bind9/lib/bind/isc/memcluster.c +++ b/contrib/bind9/lib/bind/isc/memcluster.c @@ -24,7 +24,7 @@ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: memcluster.c,v 1.3.206.7 2005/10/11 00:48:15 marka Exp $"; +static const char rcsid[] = "$Id: memcluster.c,v 1.3.206.8 2006/08/30 23:35:06 marka Exp $"; #endif /* not lint */ #include "port_before.h" @@ -399,7 +399,7 @@ __memput_record(void *mem, size_t size, const char *file, int line) { p = (char *)e + sizeof *e + size; memcpy(&fp, p, sizeof fp); INSIST(fp == BACK_FENCEPOST); - INSIST(((int)mem % 4) == 0); + INSIST(((u_long)mem % 4) == 0); #ifdef MEMCLUSTER_RECORD prev = NULL; if (size == max_size || new_size >= max_size) @@ -523,10 +523,11 @@ memstats(FILE *out) { for (i = 1; i <= max_size; i++) { if ((e = activelists[i]) != NULL) while (e != NULL) { - fprintf(out, "%s:%d %p:%d\n", + fprintf(out, "%s:%d %p:%lu\n", e->file != NULL ? e->file : "", e->line, - (char *)e + sizeof *e, e->size); + (char *)e + sizeof *e, + (u_long)e->size); e = e->next; } } diff --git a/contrib/bind9/lib/bind/nameser/ns_sign.c b/contrib/bind9/lib/bind/nameser/ns_sign.c index 56248a59a80..7b742f1f5f1 100644 --- a/contrib/bind9/lib/bind/nameser/ns_sign.c +++ b/contrib/bind9/lib/bind/nameser/ns_sign.c @@ -16,7 +16,7 @@ */ #ifndef lint -static const char rcsid[] = "$Id: ns_sign.c,v 1.1.2.2.4.1 2004/03/09 08:33:45 marka Exp $"; +static const char rcsid[] = "$Id: ns_sign.c,v 1.1.2.2.4.2 2006/03/10 00:17:21 marka Exp $"; #endif /* Import. */ @@ -89,7 +89,7 @@ ns_sign2(u_char *msg, int *msglen, int msgsize, int error, void *k, { HEADER *hp = (HEADER *)msg; DST_KEY *key = (DST_KEY *)k; - u_char *cp = msg + *msglen, *eob = msg + msgsize; + u_char *cp, *eob; u_char *lenp; u_char *alg; int n; @@ -100,6 +100,9 @@ ns_sign2(u_char *msg, int *msglen, int msgsize, int error, void *k, if (msg == NULL || msglen == NULL || sig == NULL || siglen == NULL) return (-1); + cp = msg + *msglen; + eob = msg + msgsize; + /* Name. */ if (key != NULL && error != ns_r_badsig && error != ns_r_badkey) { n = ns_name_pton(key->dk_key_name, name, sizeof name); diff --git a/contrib/bind9/lib/bind/nameser/ns_verify.c b/contrib/bind9/lib/bind/nameser/ns_verify.c index adda249bb4c..c74a0a38b24 100644 --- a/contrib/bind9/lib/bind/nameser/ns_verify.c +++ b/contrib/bind9/lib/bind/nameser/ns_verify.c @@ -16,7 +16,7 @@ */ #ifndef lint -static const char rcsid[] = "$Id: ns_verify.c,v 1.1.206.2 2005/10/11 00:48:16 marka Exp $"; +static const char rcsid[] = "$Id: ns_verify.c,v 1.1.206.3 2006/03/10 00:17:21 marka Exp $"; #endif /* Import. */ @@ -343,7 +343,7 @@ ns_verify_tcp(u_char *msg, int *msglen, ns_tcp_tsig_state *state, HEADER *hp = (HEADER *)msg; u_char *recstart, *sigstart; unsigned int sigfieldlen, otherfieldlen; - u_char *cp, *eom = msg + *msglen, *cp2; + u_char *cp, *eom, *cp2; char name[MAXDNAME], alg[MAXDNAME]; u_char buf[MAXDNAME]; int n, type, length, fudge, error; @@ -352,6 +352,8 @@ ns_verify_tcp(u_char *msg, int *msglen, ns_tcp_tsig_state *state, if (msg == NULL || msglen == NULL || state == NULL) return (-1); + eom = msg + *msglen; + state->counter++; if (state->counter == 0) return (ns_verify(msg, msglen, state->key, diff --git a/contrib/bind9/lib/bind/port_after.h.in b/contrib/bind9/lib/bind/port_after.h.in index 0c956b71ed0..f248d23f561 100644 --- a/contrib/bind9/lib/bind/port_after.h.in +++ b/contrib/bind9/lib/bind/port_after.h.in @@ -5,12 +5,16 @@ #include #include #include +#include #if (!defined(BSD)) || (BSD < 199306) #include #endif #ifdef HAVE_INTTYPES_H #include #endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif /* HAVE_SYS_SELECT_H */ @NEED_PSELECT@ @HAVE_SA_LEN@ diff --git a/contrib/bind9/lib/bind/port_before.h.in b/contrib/bind9/lib/bind/port_before.h.in index c754efd2b03..320fff1905a 100644 --- a/contrib/bind9/lib/bind/port_before.h.in +++ b/contrib/bind9/lib/bind/port_before.h.in @@ -87,11 +87,13 @@ struct timezone; /* silence warning */ @PROTO_R_END_RESULT@ @PROTO_R_END_RETURN@ @PROTO_R_ENT_ARGS@ +@PROTO_R_ENT_UNUSED@ @PROTO_R_OK@ @PROTO_R_SETANSWER@ @PROTO_R_RETURN@ @PROTO_R_SET_RESULT@ @PROTO_R_SET_RETURN@ +@PROTOENT_DATA@ @PASS_R_ARGS@ @PASS_R_BAD@ @@ -112,11 +114,13 @@ struct timezone; /* silence warning */ @SERV_R_END_RESULT@ @SERV_R_END_RETURN@ @SERV_R_ENT_ARGS@ +@SERV_R_ENT_UNUSED@ @SERV_R_OK@ @SERV_R_SETANSWER@ @SERV_R_RETURN@ @SERV_R_SET_RESULT@ @SERV_R_SET_RETURN@ +@SERVENT_DATA@ #define DE_CONST(konst, var) \ diff --git a/contrib/bind9/lib/bind/resolv/mtctxres.c b/contrib/bind9/lib/bind/resolv/mtctxres.c index f33cf11e3f4..635bbd4400f 100644 --- a/contrib/bind9/lib/bind/resolv/mtctxres.c +++ b/contrib/bind9/lib/bind/resolv/mtctxres.c @@ -106,9 +106,10 @@ ___mtctxres(void) { */ if (!mt_key_initialized) { static pthread_mutex_t keylock = PTHREAD_MUTEX_INITIALIZER; - pthread_mutex_lock(&keylock); - _mtctxres_init(); - pthread_mutex_unlock(&keylock); + if (pthread_mutex_lock(&keylock) == 0) { + _mtctxres_init(); + (void) pthread_mutex_unlock(&keylock); + } } /* diff --git a/contrib/bind9/lib/bind/resolv/res_init.c b/contrib/bind9/lib/bind/resolv/res_init.c index 28a3ebd088e..fd82e87203c 100644 --- a/contrib/bind9/lib/bind/resolv/res_init.c +++ b/contrib/bind9/lib/bind/resolv/res_init.c @@ -70,7 +70,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)res_init.c 8.1 (Berkeley) 6/7/93"; -static const char rcsid[] = "$Id: res_init.c,v 1.9.2.5.4.5 2005/11/03 00:00:52 marka Exp $"; +static const char rcsid[] = "$Id: res_init.c,v 1.9.2.5.4.6 2006/08/30 23:23:01 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -237,17 +237,10 @@ __res_vinit(res_state statp, int preinit) { if (buf[0] == '+') buf[0] = '.'; cp = strchr(buf, '.'); - if (cp == NULL) { - if (strlcpy(statp->defdname, buf, - sizeof(statp->defdname)) - >= sizeof(statp->defdname)) - goto freedata; - } else { - if (strlcpy(statp->defdname, cp+1, - sizeof(statp->defdname)) - >= sizeof(statp->defdname)) - goto freedata; - } + cp = (cp == NULL) ? buf : (cp + 1); + if (strlen(cp) >= sizeof(statp->defdname)) + goto freedata; + strcpy(statp->defdname, cp); } } #endif /* SOLARIS2 */ diff --git a/contrib/bind9/lib/bind/resolv/res_send.c b/contrib/bind9/lib/bind/resolv/res_send.c index 5be24893259..c47dd49bc6e 100644 --- a/contrib/bind9/lib/bind/resolv/res_send.c +++ b/contrib/bind9/lib/bind/resolv/res_send.c @@ -70,7 +70,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)res_send.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: res_send.c,v 1.5.2.2.4.7 2005/08/15 02:04:41 marka Exp $"; +static const char rcsid[] = "$Id: res_send.c,v 1.5.2.2.4.9 2006/10/16 23:00:50 marka Exp $"; #endif /* LIBC_SCCS and not lint */ /* @@ -130,7 +130,7 @@ static struct sockaddr * get_nsaddr __P((res_state, size_t)); static int send_vc(res_state, const u_char *, int, u_char *, int, int *, int); static int send_dg(res_state, const u_char *, int, - u_char *, int, int *, int, + u_char *, int, int *, int, int, int *, int *); static void Aerror(const res_state, FILE *, const char *, int, const struct sockaddr *, int); @@ -295,7 +295,8 @@ res_nsend(res_state statp, highestFD = sysconf(_SC_OPEN_MAX) - 1; #endif - if (statp->nscount == 0) { + /* No name servers or res_init() failure */ + if (statp->nscount == 0 || EXT(statp).ext == NULL) { errno = ESRCH; return (-1); } @@ -458,7 +459,7 @@ res_nsend(res_state statp, } else { /* Use datagrams. */ n = send_dg(statp, buf, buflen, ans, anssiz, &terrno, - ns, &v_circuit, &gotsomewhere); + ns, try, &v_circuit, &gotsomewhere); if (n < 0) goto fail; if (n == 0) @@ -766,9 +767,9 @@ send_vc(res_state statp, } static int -send_dg(res_state statp, - const u_char *buf, int buflen, u_char *ans, int anssiz, - int *terrno, int ns, int *v_circuit, int *gotsomewhere) +send_dg(res_state statp, const u_char *buf, int buflen, u_char *ans, + int anssiz, int *terrno, int ns, int try, int *v_circuit, + int *gotsomewhere) { const HEADER *hp = (const HEADER *) buf; HEADER *anhp = (HEADER *) ans; @@ -849,7 +850,7 @@ send_dg(res_state statp, /* * Wait for reply. */ - seconds = (statp->retrans << ns); + seconds = (statp->retrans << try); if (ns > 0) seconds /= statp->nscount; if (seconds <= 0) diff --git a/contrib/bind9/lib/bind/resolv/res_sendsigned.c b/contrib/bind9/lib/bind/resolv/res_sendsigned.c index d1d22745756..93ad5c97957 100644 --- a/contrib/bind9/lib/bind/resolv/res_sendsigned.c +++ b/contrib/bind9/lib/bind/resolv/res_sendsigned.c @@ -52,6 +52,7 @@ res_nsendsigned(res_state statp, const u_char *msg, int msglen, bufsize = msglen + 1024; newmsg = (u_char *) malloc(bufsize); if (newmsg == NULL) { + free(nstatp); errno = ENOMEM; return (-1); } @@ -102,11 +103,11 @@ res_nsendsigned(res_state statp, const u_char *msg, int msglen, retry: len = res_nsend(nstatp, newmsg, newmsglen, answer, anslen); - if (ret < 0) { + if (len < 0) { free (nstatp); free (newmsg); dst_free_key(dstkey); - return (ret); + return (len); } ret = ns_verify(answer, &len, dstkey, sig, siglen, diff --git a/contrib/bind9/lib/bind9/api b/contrib/bind9/lib/bind9/api index 0a12b5e852c..be7faa6948e 100644 --- a/contrib/bind9/lib/bind9/api +++ b/contrib/bind9/lib/bind9/api @@ -1,3 +1,3 @@ LIBINTERFACE = 0 -LIBREVISION = 7 +LIBREVISION = 8 LIBAGE = 0 diff --git a/contrib/bind9/lib/bind9/check.c b/contrib/bind9/lib/bind9/check.c index e6e86fd14df..2079a8477ac 100644 --- a/contrib/bind9/lib/bind9/check.c +++ b/contrib/bind9/lib/bind9/check.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: check.c,v 1.37.6.32 2005/11/03 23:08:41 marka Exp $ */ +/* $Id: check.c,v 1.37.6.34 2006/03/02 00:37:20 marka Exp $ */ #include @@ -50,12 +50,12 @@ freekey(char *key, unsigned int type, isc_symvalue_t value, void *userarg) { } static isc_result_t -check_orderent(cfg_obj_t *ent, isc_log_t *logctx) { +check_orderent(const cfg_obj_t *ent, isc_log_t *logctx) { isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; isc_textregion_t r; dns_fixedname_t fixed; - cfg_obj_t *obj; + const cfg_obj_t *obj; dns_rdataclass_t rdclass; dns_rdatatype_t rdtype; isc_buffer_t b; @@ -132,11 +132,11 @@ check_orderent(cfg_obj_t *ent, isc_log_t *logctx) { } static isc_result_t -check_order(cfg_obj_t *options, isc_log_t *logctx) { +check_order(const cfg_obj_t *options, isc_log_t *logctx) { isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; - cfg_listelt_t *element; - cfg_obj_t *obj = NULL; + const cfg_listelt_t *element; + const cfg_obj_t *obj = NULL; if (cfg_map_get(options, "rrset-order", &obj) != ISC_R_SUCCESS) return (result); @@ -153,12 +153,12 @@ check_order(cfg_obj_t *options, isc_log_t *logctx) { } static isc_result_t -check_dual_stack(cfg_obj_t *options, isc_log_t *logctx) { - cfg_listelt_t *element; - cfg_obj_t *alternates = NULL; - cfg_obj_t *value; - cfg_obj_t *obj; - char *str; +check_dual_stack(const cfg_obj_t *options, isc_log_t *logctx) { + const cfg_listelt_t *element; + const cfg_obj_t *alternates = NULL; + const cfg_obj_t *value; + const cfg_obj_t *obj; + const char *str; dns_fixedname_t fixed; dns_name_t *name; isc_buffer_t buffer; @@ -213,9 +213,9 @@ check_dual_stack(cfg_obj_t *options, isc_log_t *logctx) { } static isc_result_t -check_forward(cfg_obj_t *options, isc_log_t *logctx) { - cfg_obj_t *forward = NULL; - cfg_obj_t *forwarders = NULL; +check_forward(const cfg_obj_t *options, isc_log_t *logctx) { + const cfg_obj_t *forward = NULL; + const cfg_obj_t *forwarders = NULL; (void)cfg_map_get(options, "forward", &forward); (void)cfg_map_get(options, "forwarders", &forwarders); @@ -229,15 +229,15 @@ check_forward(cfg_obj_t *options, isc_log_t *logctx) { } static isc_result_t -disabled_algorithms(cfg_obj_t *disabled, isc_log_t *logctx) { +disabled_algorithms(const cfg_obj_t *disabled, isc_log_t *logctx) { isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; - cfg_listelt_t *element; + const cfg_listelt_t *element; const char *str; isc_buffer_t b; dns_fixedname_t fixed; dns_name_t *name; - cfg_obj_t *obj; + const cfg_obj_t *obj; dns_fixedname_init(&fixed); name = dns_fixedname_name(&fixed); @@ -262,7 +262,7 @@ disabled_algorithms(cfg_obj_t *disabled, isc_log_t *logctx) { dns_secalg_t alg; isc_result_t tresult; - r.base = cfg_obj_asstring(cfg_listelt_value(element)); + DE_CONST(cfg_obj_asstring(cfg_listelt_value(element)), r.base); r.length = strlen(r.base); tresult = dns_secalg_fromtext(&alg, &r); @@ -280,8 +280,9 @@ disabled_algorithms(cfg_obj_t *disabled, isc_log_t *logctx) { } static isc_result_t -nameexist(cfg_obj_t *obj, const char *name, int value, isc_symtab_t *symtab, - const char *fmt, isc_log_t *logctx, isc_mem_t *mctx) +nameexist(const cfg_obj_t *obj, const char *name, int value, + isc_symtab_t *symtab, const char *fmt, isc_log_t *logctx, + isc_mem_t *mctx) { char *key; const char *file; @@ -292,14 +293,14 @@ nameexist(cfg_obj_t *obj, const char *name, int value, isc_symtab_t *symtab, key = isc_mem_strdup(mctx, name); if (key == NULL) return (ISC_R_NOMEMORY); - symvalue.as_pointer = obj; + symvalue.as_cpointer = obj; result = isc_symtab_define(symtab, key, value, symvalue, isc_symexists_reject); if (result == ISC_R_EXISTS) { RUNTIME_CHECK(isc_symtab_lookup(symtab, key, value, &symvalue) == ISC_R_SUCCESS); - file = cfg_obj_file(symvalue.as_pointer); - line = cfg_obj_line(symvalue.as_pointer); + file = cfg_obj_file(symvalue.as_cpointer); + line = cfg_obj_line(symvalue.as_cpointer); if (file == NULL) file = ""; @@ -313,10 +314,10 @@ nameexist(cfg_obj_t *obj, const char *name, int value, isc_symtab_t *symtab, } static isc_result_t -mustbesecure(cfg_obj_t *secure, isc_symtab_t *symtab, isc_log_t *logctx, +mustbesecure(const cfg_obj_t *secure, isc_symtab_t *symtab, isc_log_t *logctx, isc_mem_t *mctx) { - cfg_obj_t *obj; + const cfg_obj_t *obj; char namebuf[DNS_NAME_FORMATSIZE]; const char *str; dns_fixedname_t fixed; @@ -351,12 +352,12 @@ typedef struct { } intervaltable; static isc_result_t -check_options(cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { +check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; unsigned int i; - cfg_obj_t *obj = NULL; - cfg_listelt_t *element; + const cfg_obj_t *obj = NULL; + const cfg_listelt_t *element; isc_symtab_t *symtab = NULL; static intervaltable intervals[] = { @@ -411,9 +412,9 @@ check_options(cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { (void)cfg_map_get(options, "root-delegation-only", &obj); if (obj != NULL) { if (!cfg_obj_isvoid(obj)) { - cfg_listelt_t *element; - cfg_obj_t *exclude; - char *str; + const cfg_listelt_t *element; + const cfg_obj_t *exclude; + const char *str; dns_fixedname_t fixed; dns_name_t *name; isc_buffer_t b; @@ -557,10 +558,10 @@ check_options(cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { } static isc_result_t -get_masters_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) { +get_masters_def(const cfg_obj_t *cctx, const char *name, const cfg_obj_t **ret) { isc_result_t result; - cfg_obj_t *masters = NULL; - cfg_listelt_t *elt; + const cfg_obj_t *masters = NULL; + const cfg_listelt_t *elt; result = cfg_map_get(cctx, "masters", &masters); if (result != ISC_R_SUCCESS) @@ -568,7 +569,7 @@ get_masters_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) { for (elt = cfg_list_first(masters); elt != NULL; elt = cfg_list_next(elt)) { - cfg_obj_t *list; + const cfg_obj_t *list; const char *listname; list = cfg_listelt_value(elt); @@ -583,18 +584,18 @@ get_masters_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) { } static isc_result_t -validate_masters(cfg_obj_t *obj, cfg_obj_t *config, isc_uint32_t *countp, - isc_log_t *logctx, isc_mem_t *mctx) +validate_masters(const cfg_obj_t *obj, const cfg_obj_t *config, + isc_uint32_t *countp, isc_log_t *logctx, isc_mem_t *mctx) { isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; isc_uint32_t count = 0; isc_symtab_t *symtab = NULL; isc_symvalue_t symvalue; - cfg_listelt_t *element; - cfg_listelt_t **stack = NULL; + const cfg_listelt_t *element; + const cfg_listelt_t **stack = NULL; isc_uint32_t stackcount = 0, pushed = 0; - cfg_obj_t *list; + const cfg_obj_t *list; REQUIRE(countp != NULL); result = isc_symtab_create(mctx, 100, NULL, NULL, ISC_FALSE, &symtab); @@ -611,9 +612,9 @@ validate_masters(cfg_obj_t *obj, cfg_obj_t *config, isc_uint32_t *countp, element != NULL; element = cfg_list_next(element)) { - char *listname; - cfg_obj_t *addr; - cfg_obj_t *key; + const char *listname; + const cfg_obj_t *addr; + const cfg_obj_t *key; addr = cfg_tuple_get(cfg_listelt_value(element), "masterselement"); @@ -631,7 +632,7 @@ validate_masters(cfg_obj_t *obj, cfg_obj_t *config, isc_uint32_t *countp, result = ISC_R_FAILURE; } listname = cfg_obj_asstring(addr); - symvalue.as_pointer = addr; + symvalue.as_cpointer = addr; tresult = isc_symtab_define(symtab, listname, 1, symvalue, isc_symexists_reject); if (tresult == ISC_R_EXISTS) @@ -691,14 +692,15 @@ typedef struct { } optionstable; static isc_result_t -check_zoneconf(cfg_obj_t *zconfig, cfg_obj_t *config, isc_symtab_t *symtab, - dns_rdataclass_t defclass, isc_log_t *logctx, isc_mem_t *mctx) +check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *config, + isc_symtab_t *symtab, dns_rdataclass_t defclass, + isc_log_t *logctx, isc_mem_t *mctx) { const char *zname; const char *typestr; unsigned int ztype; - cfg_obj_t *zoptions; - cfg_obj_t *obj = NULL; + const cfg_obj_t *zoptions; + const cfg_obj_t *obj = NULL; isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; unsigned int i; @@ -902,10 +904,10 @@ check_zoneconf(cfg_obj_t *zconfig, cfg_obj_t *config, isc_symtab_t *symtab, * Check the excessively complicated "dialup" option. */ if (ztype == MASTERZONE || ztype == SLAVEZONE || ztype == STUBZONE) { - cfg_obj_t *dialup = NULL; + const cfg_obj_t *dialup = NULL; (void)cfg_map_get(zoptions, "dialup", &dialup); if (dialup != NULL && cfg_obj_isstring(dialup)) { - char *str = cfg_obj_asstring(dialup); + const char *str = cfg_obj_asstring(dialup); for (i = 0; i < sizeof(dialups) / sizeof(dialups[0]); i++) @@ -970,9 +972,9 @@ check_zoneconf(cfg_obj_t *zconfig, cfg_obj_t *config, isc_symtab_t *symtab, } isc_result_t -bind9_check_key(cfg_obj_t *key, isc_log_t *logctx) { - cfg_obj_t *algobj = NULL; - cfg_obj_t *secretobj = NULL; +bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) { + const cfg_obj_t *algobj = NULL; + const cfg_obj_t *secretobj = NULL; const char *keyname = cfg_obj_asstring(cfg_map_getname(key)); (void)cfg_map_get(key, "algorithm", &algobj); @@ -988,20 +990,20 @@ bind9_check_key(cfg_obj_t *key, isc_log_t *logctx) { } static isc_result_t -check_keylist(cfg_obj_t *keys, isc_symtab_t *symtab, isc_log_t *logctx) { +check_keylist(const cfg_obj_t *keys, isc_symtab_t *symtab, isc_log_t *logctx) { isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; - cfg_listelt_t *element; + const cfg_listelt_t *element; for (element = cfg_list_first(keys); element != NULL; element = cfg_list_next(element)) { - cfg_obj_t *key = cfg_listelt_value(element); + const cfg_obj_t *key = cfg_listelt_value(element); const char *keyname = cfg_obj_asstring(cfg_map_getname(key)); isc_symvalue_t symvalue; - symvalue.as_pointer = key; + symvalue.as_cpointer = key; tresult = isc_symtab_define(symtab, keyname, 1, symvalue, isc_symexists_reject); if (tresult == ISC_R_EXISTS) { @@ -1010,8 +1012,8 @@ check_keylist(cfg_obj_t *keys, isc_symtab_t *symtab, isc_log_t *logctx) { RUNTIME_CHECK(isc_symtab_lookup(symtab, keyname, 1, &symvalue) == ISC_R_SUCCESS); - file = cfg_obj_file(symvalue.as_pointer); - line = cfg_obj_line(symvalue.as_pointer); + file = cfg_obj_file(symvalue.as_cpointer); + line = cfg_obj_line(symvalue.as_cpointer); if (file == NULL) file = ""; @@ -1031,13 +1033,16 @@ check_keylist(cfg_obj_t *keys, isc_symtab_t *symtab, isc_log_t *logctx) { } static isc_result_t -check_servers(cfg_obj_t *servers, isc_log_t *logctx) { +check_servers(const cfg_obj_t *servers, isc_log_t *logctx) { isc_result_t result = ISC_R_SUCCESS; - cfg_listelt_t *e1, *e2; - cfg_obj_t *v1, *v2; - isc_sockaddr_t *s1, *s2; + const cfg_listelt_t *e1; + const cfg_listelt_t *e2; + const cfg_obj_t *v1; + const cfg_obj_t *v2; + const isc_sockaddr_t *s1; + const isc_sockaddr_t *s2; isc_netaddr_t na; - cfg_obj_t *ts; + const cfg_obj_t *ts; char buf[128]; const char *xfr; isc_buffer_t target; @@ -1090,13 +1095,13 @@ check_servers(cfg_obj_t *servers, isc_log_t *logctx) { } static isc_result_t -check_viewconf(cfg_obj_t *config, cfg_obj_t *vconfig, dns_rdataclass_t vclass, - isc_log_t *logctx, isc_mem_t *mctx) +check_viewconf(const cfg_obj_t *config, const cfg_obj_t *vconfig, + dns_rdataclass_t vclass, isc_log_t *logctx, isc_mem_t *mctx) { - cfg_obj_t *servers = NULL; - cfg_obj_t *zones = NULL; - cfg_obj_t *keys = NULL; - cfg_listelt_t *element; + const cfg_obj_t *servers = NULL; + const cfg_obj_t *zones = NULL; + const cfg_obj_t *keys = NULL; + const cfg_listelt_t *element; isc_symtab_t *symtab = NULL; isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult = ISC_R_SUCCESS; @@ -1120,7 +1125,7 @@ check_viewconf(cfg_obj_t *config, cfg_obj_t *vconfig, dns_rdataclass_t vclass, element = cfg_list_next(element)) { isc_result_t tresult; - cfg_obj_t *zone = cfg_listelt_value(element); + const cfg_obj_t *zone = cfg_listelt_value(element); tresult = check_zoneconf(zone, config, symtab, vclass, logctx, mctx); @@ -1165,7 +1170,7 @@ check_viewconf(cfg_obj_t *config, cfg_obj_t *vconfig, dns_rdataclass_t vclass, * Check that forwarding is reasonable. */ if (vconfig == NULL) { - cfg_obj_t *options = NULL; + const cfg_obj_t *options = NULL; (void)cfg_map_get(config, "options", &options); if (options != NULL) if (check_forward(options, logctx) != ISC_R_SUCCESS) @@ -1178,7 +1183,7 @@ check_viewconf(cfg_obj_t *config, cfg_obj_t *vconfig, dns_rdataclass_t vclass, * Check that dual-stack-servers is reasonable. */ if (vconfig == NULL) { - cfg_obj_t *options = NULL; + const cfg_obj_t *options = NULL; (void)cfg_map_get(config, "options", &options); if (options != NULL) if (check_dual_stack(options, logctx) != ISC_R_SUCCESS) @@ -1215,14 +1220,16 @@ check_viewconf(cfg_obj_t *config, cfg_obj_t *vconfig, dns_rdataclass_t vclass, isc_result_t -bind9_check_namedconf(cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) { - cfg_obj_t *options = NULL; - cfg_obj_t *servers = NULL; - cfg_obj_t *views = NULL; - cfg_obj_t *acls = NULL; - cfg_obj_t *kals = NULL; - cfg_obj_t *obj; - cfg_listelt_t *velement; +bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, + isc_mem_t *mctx) +{ + const cfg_obj_t *options = NULL; + const cfg_obj_t *servers = NULL; + const cfg_obj_t *views = NULL; + const cfg_obj_t *acls = NULL; + const cfg_obj_t *kals = NULL; + const cfg_obj_t *obj; + const cfg_listelt_t *velement; isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; isc_symtab_t *symtab = NULL; @@ -1256,7 +1263,7 @@ bind9_check_namedconf(cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) { logctx, mctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; } else { - cfg_obj_t *zones = NULL; + const cfg_obj_t *zones = NULL; (void)cfg_map_get(config, "zone", &zones); if (zones != NULL) { @@ -1274,10 +1281,10 @@ bind9_check_namedconf(cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) { velement != NULL; velement = cfg_list_next(velement)) { - cfg_obj_t *view = cfg_listelt_value(velement); - cfg_obj_t *vname = cfg_tuple_get(view, "name"); - cfg_obj_t *voptions = cfg_tuple_get(view, "options"); - cfg_obj_t *vclassobj = cfg_tuple_get(view, "class"); + const cfg_obj_t *view = cfg_listelt_value(velement); + const cfg_obj_t *vname = cfg_tuple_get(view, "name"); + const cfg_obj_t *voptions = cfg_tuple_get(view, "options"); + const cfg_obj_t *vclassobj = cfg_tuple_get(view, "class"); dns_rdataclass_t vclass = dns_rdataclass_in; isc_result_t tresult = ISC_R_SUCCESS; const char *key = cfg_obj_asstring(vname); @@ -1295,7 +1302,7 @@ bind9_check_namedconf(cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) { cfg_obj_asstring(vname), r.base); } if (tresult == ISC_R_SUCCESS && symtab != NULL) { - symvalue.as_pointer = view; + symvalue.as_cpointer = view; tresult = isc_symtab_define(symtab, key, vclass, symvalue, isc_symexists_reject); @@ -1304,8 +1311,8 @@ bind9_check_namedconf(cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) { unsigned int line; RUNTIME_CHECK(isc_symtab_lookup(symtab, key, vclass, &symvalue) == ISC_R_SUCCESS); - file = cfg_obj_file(symvalue.as_pointer); - line = cfg_obj_line(symvalue.as_pointer); + file = cfg_obj_file(symvalue.as_cpointer); + line = cfg_obj_line(symvalue.as_cpointer); cfg_obj_log(view, logctx, ISC_LOG_ERROR, "view '%s': already exists " "previous definition: %s:%u", @@ -1345,14 +1352,14 @@ bind9_check_namedconf(cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) { tresult = cfg_map_get(config, "acl", &acls); if (tresult == ISC_R_SUCCESS) { - cfg_listelt_t *elt; - cfg_listelt_t *elt2; + const cfg_listelt_t *elt; + const cfg_listelt_t *elt2; const char *aclname; for (elt = cfg_list_first(acls); elt != NULL; elt = cfg_list_next(elt)) { - cfg_obj_t *acl = cfg_listelt_value(elt); + const cfg_obj_t *acl = cfg_listelt_value(elt); unsigned int i; aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name")); @@ -1371,7 +1378,7 @@ bind9_check_namedconf(cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) { for (elt2 = cfg_list_next(elt); elt2 != NULL; elt2 = cfg_list_next(elt2)) { - cfg_obj_t *acl2 = cfg_listelt_value(elt2); + const cfg_obj_t *acl2 = cfg_listelt_value(elt2); const char *name; name = cfg_obj_asstring(cfg_tuple_get(acl2, "name")); @@ -1395,21 +1402,21 @@ bind9_check_namedconf(cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) { tresult = cfg_map_get(config, "kal", &kals); if (tresult == ISC_R_SUCCESS) { - cfg_listelt_t *elt; - cfg_listelt_t *elt2; + const cfg_listelt_t *elt; + const cfg_listelt_t *elt2; const char *aclname; for (elt = cfg_list_first(kals); elt != NULL; elt = cfg_list_next(elt)) { - cfg_obj_t *acl = cfg_listelt_value(elt); + const cfg_obj_t *acl = cfg_listelt_value(elt); aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name")); for (elt2 = cfg_list_next(elt); elt2 != NULL; elt2 = cfg_list_next(elt2)) { - cfg_obj_t *acl2 = cfg_listelt_value(elt2); + const cfg_obj_t *acl2 = cfg_listelt_value(elt2); const char *name; name = cfg_obj_asstring(cfg_tuple_get(acl2, "name")); diff --git a/contrib/bind9/lib/bind9/include/bind9/check.h b/contrib/bind9/lib/bind9/include/bind9/check.h index dcda517bb43..09e8b2e1be7 100644 --- a/contrib/bind9/lib/bind9/include/bind9/check.h +++ b/contrib/bind9/lib/bind9/include/bind9/check.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: check.h,v 1.1.200.4 2004/03/08 09:04:28 marka Exp $ */ +/* $Id: check.h,v 1.1.200.6 2006/03/02 00:37:20 marka Exp $ */ #ifndef BIND9_CHECK_H #define BIND9_CHECK_H 1 @@ -28,7 +28,8 @@ ISC_LANG_BEGINDECLS isc_result_t -bind9_check_namedconf(cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx); +bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, + isc_mem_t *mctx); /* * Check the syntactic validity of a configuration parse tree generated from * a named.conf file. @@ -44,7 +45,7 @@ bind9_check_namedconf(cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx); */ isc_result_t -bind9_check_key(cfg_obj_t *config, isc_log_t *logctx); +bind9_check_key(const cfg_obj_t *config, isc_log_t *logctx); /* * As above, but for a single 'key' statement. */ diff --git a/contrib/bind9/lib/dns/Makefile.in b/contrib/bind9/lib/dns/Makefile.in index fbbec2eba8e..9c368d19e66 100644 --- a/contrib/bind9/lib/dns/Makefile.in +++ b/contrib/bind9/lib/dns/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2003 Internet Software Consortium. # # Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.126.2.3.2.17 2004/12/09 04:07:15 marka Exp $ +# $Id: Makefile.in,v 1.126.2.3.2.19 2006/01/06 00:01:42 marka Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -156,7 +156,8 @@ code.h: gen ./gen -s ${srcdir} > code.h gen: gen.c - ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o $@ ${srcdir}/gen.c ${LIBS} + ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \ + ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS} rbtdb64.@O@: rbtdb.c diff --git a/contrib/bind9/lib/dns/acl.c b/contrib/bind9/lib/dns/acl.c index d2814405a72..e81d5ef3381 100644 --- a/contrib/bind9/lib/dns/acl.c +++ b/contrib/bind9/lib/dns/acl.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: acl.c,v 1.23.52.4 2004/03/09 05:21:08 marka Exp $ */ +/* $Id: acl.c,v 1.23.52.6 2006/03/02 00:37:20 marka Exp $ */ #include @@ -68,7 +68,7 @@ dns_acl_create(isc_mem_t *mctx, int n, dns_acl_t **target) { } isc_result_t -dns_acl_appendelement(dns_acl_t *acl, dns_aclelement_t *elt) { +dns_acl_appendelement(dns_acl_t *acl, const dns_aclelement_t *elt) { if (acl->length + 1 > acl->alloc) { /* * Resize the ACL. @@ -123,12 +123,12 @@ dns_acl_none(isc_mem_t *mctx, dns_acl_t **target) { } isc_result_t -dns_acl_match(isc_netaddr_t *reqaddr, - dns_name_t *reqsigner, - dns_acl_t *acl, - dns_aclenv_t *env, +dns_acl_match(const isc_netaddr_t *reqaddr, + const dns_name_t *reqsigner, + const dns_acl_t *acl, + const dns_aclenv_t *env, int *match, - dns_aclelement_t **matchelt) + dns_aclelement_t const**matchelt) { unsigned int i; @@ -150,9 +150,9 @@ dns_acl_match(isc_netaddr_t *reqaddr, } isc_result_t -dns_acl_elementmatch(dns_acl_t *acl, - dns_aclelement_t *elt, - dns_aclelement_t **matchelt) +dns_acl_elementmatch(const dns_acl_t *acl, + const dns_aclelement_t *elt, + const dns_aclelement_t **matchelt) { unsigned int i; @@ -173,14 +173,14 @@ dns_acl_elementmatch(dns_acl_t *acl, } isc_boolean_t -dns_aclelement_match(isc_netaddr_t *reqaddr, - dns_name_t *reqsigner, - dns_aclelement_t *e, - dns_aclenv_t *env, - dns_aclelement_t **matchelt) +dns_aclelement_match(const isc_netaddr_t *reqaddr, + const dns_name_t *reqsigner, + const dns_aclelement_t *e, + const dns_aclenv_t *env, + const dns_aclelement_t **matchelt) { dns_acl_t *inner = NULL; - isc_netaddr_t *addr; + const isc_netaddr_t *addr; isc_netaddr_t v4addr; int indirectmatch; isc_result_t result; @@ -312,7 +312,7 @@ dns_acl_detach(dns_acl_t **aclp) { } isc_boolean_t -dns_aclelement_equal(dns_aclelement_t *ea, dns_aclelement_t *eb) { +dns_aclelement_equal(const dns_aclelement_t *ea, const dns_aclelement_t *eb) { if (ea->type != eb->type) return (ISC_FALSE); switch (ea->type) { @@ -338,7 +338,7 @@ dns_aclelement_equal(dns_aclelement_t *ea, dns_aclelement_t *eb) { } isc_boolean_t -dns_acl_equal(dns_acl_t *a, dns_acl_t *b) { +dns_acl_equal(const dns_acl_t *a, const dns_acl_t *b) { unsigned int i; if (a == b) return (ISC_TRUE); @@ -353,7 +353,7 @@ dns_acl_equal(dns_acl_t *a, dns_acl_t *b) { } static isc_boolean_t -is_loopback(dns_aclipprefix_t *p) { +is_loopback(const dns_aclipprefix_t *p) { switch (p->address.family) { case AF_INET: if (p->prefixlen == 32 && @@ -372,7 +372,7 @@ is_loopback(dns_aclipprefix_t *p) { } isc_boolean_t -dns_acl_isinsecure(dns_acl_t *a) { +dns_acl_isinsecure(const dns_acl_t *a) { unsigned int i; for (i = 0; i < a->length; i++) { dns_aclelement_t *e = &a->elements[i]; diff --git a/contrib/bind9/lib/dns/adb.c b/contrib/bind9/lib/dns/adb.c index c0b31db1129..3fe436a2bbb 100644 --- a/contrib/bind9/lib/dns/adb.c +++ b/contrib/bind9/lib/dns/adb.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: adb.c,v 1.181.2.11.2.24 2005/10/14 05:19:00 marka Exp $ */ +/* $Id: adb.c,v 1.181.2.11.2.26 2006/01/04 23:50:20 marka Exp $ */ /* * Implementation notes @@ -2587,8 +2587,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, } } - if (bucket != DNS_ADB_INVALIDBUCKET) - UNLOCK(&adb->namelocks[bucket]); + UNLOCK(&adb->namelocks[bucket]); return (result); } diff --git a/contrib/bind9/lib/dns/api b/contrib/bind9/lib/dns/api index 7df81573fd7..1bc2b11a91b 100644 --- a/contrib/bind9/lib/dns/api +++ b/contrib/bind9/lib/dns/api @@ -1,3 +1,3 @@ -LIBINTERFACE = 21 -LIBREVISION = 1 +LIBINTERFACE = 22 +LIBREVISION = 7 LIBAGE = 0 diff --git a/contrib/bind9/lib/dns/cache.c b/contrib/bind9/lib/dns/cache.c index 0e17a957d17..f45af90d08d 100644 --- a/contrib/bind9/lib/dns/cache.c +++ b/contrib/bind9/lib/dns/cache.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cache.c,v 1.45.2.4.8.9 2005/03/17 03:58:30 marka Exp $ */ +/* $Id: cache.c,v 1.45.2.4.8.15 2006/08/01 01:07:05 marka Exp $ */ #include @@ -68,7 +68,6 @@ typedef enum { * Convenience macros for comprehensive assertion checking. */ #define CLEANER_IDLE(c) ((c)->state == cleaner_s_idle && \ - (c)->iterator == NULL && \ (c)->resched_event != NULL) #define CLEANER_BUSY(c) ((c)->state == cleaner_s_busy && \ (c)->iterator != NULL && \ @@ -101,6 +100,7 @@ struct cache_cleaner { clean in one increment */ cleaner_state_t state; /* Idle/Busy. */ isc_boolean_t overmem; /* The cache is in an overmem state. */ + isc_boolean_t replaceiterator; }; /* @@ -387,7 +387,7 @@ dns_cache_attachdb(dns_cache_t *cache, dns_db_t **dbp) { } isc_result_t -dns_cache_setfilename(dns_cache_t *cache, char *filename) { +dns_cache_setfilename(dns_cache_t *cache, const char *filename) { char *newname; REQUIRE(VALID_CACHE(cache)); @@ -501,12 +501,18 @@ cache_cleaner_init(dns_cache_t *cache, isc_taskmgr_t *taskmgr, cleaner->cache = cache; cleaner->iterator = NULL; cleaner->overmem = ISC_FALSE; + cleaner->replaceiterator = ISC_FALSE; cleaner->task = NULL; cleaner->cleaning_timer = NULL; cleaner->resched_event = NULL; cleaner->overmem_event = NULL; + result = dns_db_createiterator(cleaner->cache->db, ISC_FALSE, + &cleaner->iterator); + if (result != ISC_R_SUCCESS) + goto cleanup; + if (taskmgr != NULL && timermgr != NULL) { result = isc_task_create(taskmgr, 1, &cleaner->task); if (result != ISC_R_SUCCESS) { @@ -575,6 +581,8 @@ cache_cleaner_init(dns_cache_t *cache, isc_taskmgr_t *taskmgr, isc_timer_detach(&cleaner->cleaning_timer); if (cleaner->task != NULL) isc_task_detach(&cleaner->task); + if (cleaner->iterator != NULL) + dns_dbiterator_destroy(&cleaner->iterator); DESTROYLOCK(&cleaner->lock); fail: return (result); @@ -582,15 +590,17 @@ cache_cleaner_init(dns_cache_t *cache, isc_taskmgr_t *taskmgr, static void begin_cleaning(cache_cleaner_t *cleaner) { - isc_result_t result; + isc_result_t result = ISC_R_SUCCESS; REQUIRE(CLEANER_IDLE(cleaner)); /* - * Create an iterator and position it at the beginning of the cache. + * Create an iterator, if it does not already exist, and + * position it at the beginning of the cache. */ - result = dns_db_createiterator(cleaner->cache->db, ISC_FALSE, - &cleaner->iterator); + if (cleaner->iterator == NULL) + result = dns_db_createiterator(cleaner->cache->db, ISC_FALSE, + &cleaner->iterator); if (result != ISC_R_SUCCESS) isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_CACHE, ISC_LOG_WARNING, @@ -600,20 +610,21 @@ begin_cleaning(cache_cleaner_t *cleaner) { dns_dbiterator_setcleanmode(cleaner->iterator, ISC_TRUE); result = dns_dbiterator_first(cleaner->iterator); } - if (result != ISC_R_SUCCESS) { /* * If the result is ISC_R_NOMORE, the database is empty, * so there is nothing to be cleaned. */ - if (result != ISC_R_NOMORE) + if (result != ISC_R_NOMORE && cleaner->iterator != NULL) { UNEXPECTED_ERROR(__FILE__, __LINE__, "cache cleaner: " "dns_dbiterator_first() failed: %s", dns_result_totext(result)); - - if (cleaner->iterator != NULL) dns_dbiterator_destroy(&cleaner->iterator); + } else if (cleaner->iterator != NULL) { + result = dns_dbiterator_pause(cleaner->iterator); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + } } else { /* * Pause the iterator to free its lock. @@ -634,10 +645,14 @@ begin_cleaning(cache_cleaner_t *cleaner) { static void end_cleaning(cache_cleaner_t *cleaner, isc_event_t *event) { + isc_result_t result; + REQUIRE(CLEANER_BUSY(cleaner)); REQUIRE(event != NULL); - dns_dbiterator_destroy(&cleaner->iterator); + result = dns_dbiterator_pause(cleaner->iterator); + if (result != ISC_R_SUCCESS) + dns_dbiterator_destroy(&cleaner->iterator); dns_cache_setcleaninginterval(cleaner->cache, cleaner->cleaning_interval); @@ -735,6 +750,17 @@ incremental_cleaning_action(isc_task_t *task, isc_event_t *event) { if (cleaner->state == cleaner_s_done) { cleaner->state = cleaner_s_busy; end_cleaning(cleaner, event); + LOCK(&cleaner->cache->lock); + LOCK(&cleaner->lock); + if (cleaner->replaceiterator) { + dns_dbiterator_destroy(&cleaner->iterator); + (void) dns_db_createiterator(cleaner->cache->db, + ISC_FALSE, + &cleaner->iterator); + cleaner->replaceiterator = ISC_FALSE; + } + UNLOCK(&cleaner->lock); + UNLOCK(&cleaner->cache->lock); return; } @@ -774,7 +800,7 @@ incremental_cleaning_action(isc_task_t *task, isc_event_t *event) { * Either the end was reached (ISC_R_NOMORE) or * some error was signaled. If the cache is still * overmem and no error was encountered, - * keep trying to clean it, otherwise stop cleanng. + * keep trying to clean it, otherwise stop cleaning. */ if (result != ISC_R_NOMORE) UNEXPECTED_ERROR(__FILE__, __LINE__, @@ -982,8 +1008,23 @@ dns_cache_flush(dns_cache_t *cache) { if (result != ISC_R_SUCCESS) return (result); + LOCK(&cache->lock); + LOCK(&cache->cleaner.lock); + if (cache->cleaner.state == cleaner_s_idle) { + if (cache->cleaner.iterator != NULL) + dns_dbiterator_destroy(&cache->cleaner.iterator); + (void) dns_db_createiterator(db, ISC_FALSE, + &cache->cleaner.iterator); + } else { + if (cache->cleaner.state == cleaner_s_busy) + cache->cleaner.state = cleaner_s_done; + cache->cleaner.replaceiterator = ISC_TRUE; + } dns_db_detach(&cache->db); cache->db = db; + UNLOCK(&cache->cleaner.lock); + UNLOCK(&cache->lock); + return (ISC_R_SUCCESS); } diff --git a/contrib/bind9/lib/dns/compress.c b/contrib/bind9/lib/dns/compress.c index e0fe8c276a1..21224368653 100644 --- a/contrib/bind9/lib/dns/compress.c +++ b/contrib/bind9/lib/dns/compress.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: compress.c,v 1.50.206.2 2004/03/06 08:13:37 marka Exp $ */ +/* $Id: compress.c,v 1.50.206.4 2006/03/02 00:37:20 marka Exp $ */ #define DNS_NAME_USEINLINE 1 @@ -111,7 +111,7 @@ do { \ * If no match is found return ISC_FALSE. */ isc_boolean_t -dns_compress_findglobal(dns_compress_t *cctx, dns_name_t *name, +dns_compress_findglobal(dns_compress_t *cctx, const dns_name_t *name, dns_name_t *prefix, isc_uint16_t *offset) { dns_name_t tname, nname; @@ -161,15 +161,15 @@ dns_compress_findglobal(dns_compress_t *cctx, dns_name_t *name, } static inline unsigned int -name_length(dns_name_t *name) { +name_length(const dns_name_t *name) { isc_region_t r; dns_name_toregion(name, &r); return (r.length); } void -dns_compress_add(dns_compress_t *cctx, dns_name_t *name, dns_name_t *prefix, - isc_uint16_t offset) +dns_compress_add(dns_compress_t *cctx, const dns_name_t *name, + const dns_name_t *prefix, isc_uint16_t offset) { dns_name_t tname; unsigned int start; diff --git a/contrib/bind9/lib/dns/dispatch.c b/contrib/bind9/lib/dns/dispatch.c index 8534fe15ad1..91ef2c5ee0a 100644 --- a/contrib/bind9/lib/dns/dispatch.c +++ b/contrib/bind9/lib/dns/dispatch.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dispatch.c,v 1.101.2.6.2.10 2004/09/01 04:27:41 marka Exp $ */ +/* $Id: dispatch.c,v 1.101.2.6.2.13 2006/07/19 00:44:04 marka Exp $ */ #include @@ -641,6 +641,50 @@ udp_recv(isc_task_t *task, isc_event_t *ev_in) { free_buffer(disp, ev->region.base, ev->region.length); goto unlock; } + + /* + * Now that we have the original dispatch the query was sent + * from check that the address and port the response was + * sent to make sense. + */ + if (disp != resp->disp) { + isc_sockaddr_t a1; + isc_sockaddr_t a2; + + /* + * Check that the socket types and ports match. + */ + if (disp->socktype != resp->disp->socktype || + isc_sockaddr_getport(&disp->local) != + isc_sockaddr_getport(&resp->disp->local)) { + free_buffer(disp, ev->region.base, ev->region.length); + goto unlock; + } + + /* + * If both dispatches are bound to an address then fail as + * the addresses can't be equal (enforced by the IP stack). + * + * Note under Linux a packet can be sent out via IPv4 socket + * and the response be received via a IPv6 socket. + * + * Requests sent out via IPv6 should always come back in + * via IPv6. + */ + if (isc_sockaddr_pf(&resp->disp->local) == PF_INET6 && + isc_sockaddr_pf(&disp->local) != PF_INET6) { + free_buffer(disp, ev->region.base, ev->region.length); + goto unlock; + } + isc_sockaddr_anyofpf(&a1, isc_sockaddr_pf(&resp->disp->local)); + isc_sockaddr_anyofpf(&a2, isc_sockaddr_pf(&disp->local)); + if (!isc_sockaddr_eqaddr(&a1, &resp->disp->local) && + !isc_sockaddr_eqaddr(&a2, &disp->local)) { + free_buffer(disp, ev->region.base, ev->region.length); + goto unlock; + } + } + queue_response = resp->item_out; rev = allocate_event(resp->disp); if (rev == NULL) { @@ -1687,6 +1731,11 @@ dns_dispatch_getudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, /* * mgr should be locked. */ + +#ifndef DNS_DISPATCH_HELD +#define DNS_DISPATCH_HELD 20U +#endif + static isc_result_t dispatch_createudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, isc_taskmgr_t *taskmgr, @@ -1697,7 +1746,9 @@ dispatch_createudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, { isc_result_t result; dns_dispatch_t *disp; - isc_socket_t *sock; + isc_socket_t *sock = NULL; + isc_socket_t *held[DNS_DISPATCH_HELD]; + unsigned int i = 0, j = 0; /* * dispatch_allocate() checks mgr for us. @@ -1708,17 +1759,30 @@ dispatch_createudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, return (result); /* - * This assumes that the IP stack will *not* quickly reallocate - * the same port. If it does continually reallocate the same port - * then we need a mechanism to hold all the blacklisted sockets - * until we find a usable socket. + * Try to allocate a socket that is not on the blacklist. + * Hold up to DNS_DISPATCH_HELD sockets to prevent the OS + * from returning the same port to us too quickly. */ + memset(held, 0, sizeof(held)); getsocket: result = create_socket(sockmgr, localaddr, &sock); if (result != ISC_R_SUCCESS) goto deallocate_dispatch; if (isc_sockaddr_getport(localaddr) == 0 && blacklisted(mgr, sock)) { - isc_socket_detach(&sock); + if (held[i] != NULL) + isc_socket_detach(&held[i]); + held[i++] = sock; + sock = NULL; + if (i == DNS_DISPATCH_HELD) + i = 0; + if (j++ == 0xffffU) { + mgr_log(mgr, ISC_LOG_ERROR, "avoid-v%s-udp-ports: " + "unable to allocate a non-blacklisted port", + isc_sockaddr_pf(localaddr) == AF_INET ? + "4" : "6"); + result = ISC_R_FAILURE; + goto deallocate_dispatch; + } goto getsocket; } @@ -1755,7 +1819,7 @@ dispatch_createudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, *dispp = disp; - return (ISC_R_SUCCESS); + goto cleanheld; /* * Error returns. @@ -1766,7 +1830,10 @@ dispatch_createudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, isc_socket_detach(&disp->socket); deallocate_dispatch: dispatch_free(&disp); - + cleanheld: + for (i = 0; i < DNS_DISPATCH_HELD; i++) + if (held[i] != NULL) + isc_socket_detach(&held[i]); return (result); } diff --git a/contrib/bind9/lib/dns/dnssec.c b/contrib/bind9/lib/dns/dnssec.c index 34ff3d3aceb..91f7a99fe98 100644 --- a/contrib/bind9/lib/dns/dnssec.c +++ b/contrib/bind9/lib/dns/dnssec.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -16,7 +16,7 @@ */ /* - * $Id: dnssec.c,v 1.69.2.5.2.7 2004/06/11 00:30:54 marka Exp $ + * $Id: dnssec.c,v 1.69.2.5.2.9 2006/01/04 23:50:20 marka Exp $ */ @@ -330,8 +330,7 @@ cleanup_array: cleanup_context: dst_context_destroy(&ctx); cleanup_databuf: - if (databuf != NULL) - isc_buffer_free(&databuf); + isc_buffer_free(&databuf); cleanup_signature: isc_mem_put(mctx, sig.signature, sig.siglen); diff --git a/contrib/bind9/lib/dns/dst_api.c b/contrib/bind9/lib/dns/dst_api.c index 19f60a27e80..b7b03e6ef2d 100644 --- a/contrib/bind9/lib/dns/dst_api.c +++ b/contrib/bind9/lib/dns/dst_api.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2003 Internet Software Consortium. * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * @@ -18,7 +18,7 @@ /* * Principal Author: Brian Wellington - * $Id: dst_api.c,v 1.1.4.1 2004/12/09 04:07:16 marka Exp $ + * $Id: dst_api.c,v 1.1.4.3 2006/01/04 23:50:20 marka Exp $ */ #include @@ -1027,8 +1027,10 @@ write_public_key(const dst_key_t *key, int type, const char *directory) { } ret = dns_name_print(key->key_name, fp); - if (ret != ISC_R_SUCCESS) + if (ret != ISC_R_SUCCESS) { + fclose(fp); return (ret); + } fprintf(fp, " "); diff --git a/contrib/bind9/lib/dns/gen.c b/contrib/bind9/lib/dns/gen.c index 4a6cc0d796d..1d83023259b 100644 --- a/contrib/bind9/lib/dns/gen.c +++ b/contrib/bind9/lib/dns/gen.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,9 +15,14 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: gen.c,v 1.65.2.5.2.6 2004/03/15 01:02:54 marka Exp $ */ +/* $Id: gen.c,v 1.65.2.5.2.9 2006/10/02 06:31:26 marka Exp $ */ -#include +#ifdef WIN32 +/* + * Silence compiler warnings about using strcpy and friends. + */ +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif #include diff --git a/contrib/bind9/lib/dns/include/dns/acl.h b/contrib/bind9/lib/dns/include/dns/acl.h index bc723f43bf9..ce4c8b6a867 100644 --- a/contrib/bind9/lib/dns/include/dns/acl.h +++ b/contrib/bind9/lib/dns/include/dns/acl.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: acl.h,v 1.20.52.3 2004/03/08 09:04:34 marka Exp $ */ +/* $Id: acl.h,v 1.20.52.5 2006/03/02 00:37:20 marka Exp $ */ #ifndef DNS_ACL_H #define DNS_ACL_H 1 @@ -104,7 +104,7 @@ dns_acl_create(isc_mem_t *mctx, int n, dns_acl_t **target); */ isc_result_t -dns_acl_appendelement(dns_acl_t *acl, dns_aclelement_t *elt); +dns_acl_appendelement(dns_acl_t *acl, const dns_aclelement_t *elt); /* * Append an element to an existing ACL. */ @@ -128,13 +128,13 @@ void dns_acl_detach(dns_acl_t **aclp); isc_boolean_t -dns_aclelement_equal(dns_aclelement_t *ea, dns_aclelement_t *eb); +dns_aclelement_equal(const dns_aclelement_t *ea, const dns_aclelement_t *eb); isc_boolean_t -dns_acl_equal(dns_acl_t *a, dns_acl_t *b); +dns_acl_equal(const dns_acl_t *a, const dns_acl_t *b); isc_boolean_t -dns_acl_isinsecure(dns_acl_t *a); +dns_acl_isinsecure(const dns_acl_t *a); /* * Return ISC_TRUE iff the acl 'a' is considered insecure, that is, * if it contains IP addresses other than those of the local host. @@ -154,12 +154,12 @@ void dns_aclenv_destroy(dns_aclenv_t *env); isc_result_t -dns_acl_match(isc_netaddr_t *reqaddr, - dns_name_t *reqsigner, - dns_acl_t *acl, - dns_aclenv_t *env, +dns_acl_match(const isc_netaddr_t *reqaddr, + const dns_name_t *reqsigner, + const dns_acl_t *acl, + const dns_aclenv_t *env, int *match, - dns_aclelement_t **matchelt); + const dns_aclelement_t **matchelt); /* * General, low-level ACL matching. This is expected to * be useful even for weird stuff like the topology and sortlist statements. @@ -185,11 +185,11 @@ dns_acl_match(isc_netaddr_t *reqaddr, */ isc_boolean_t -dns_aclelement_match(isc_netaddr_t *reqaddr, - dns_name_t *reqsigner, - dns_aclelement_t *e, - dns_aclenv_t *env, - dns_aclelement_t **matchelt); +dns_aclelement_match(const isc_netaddr_t *reqaddr, + const dns_name_t *reqsigner, + const dns_aclelement_t *e, + const dns_aclenv_t *env, + const dns_aclelement_t **matchelt); /* * Like dns_acl_match, but matches against the single ACL element 'e' * rather than a complete list and returns ISC_TRUE iff it matched. @@ -200,9 +200,9 @@ dns_aclelement_match(isc_netaddr_t *reqaddr, */ isc_result_t -dns_acl_elementmatch(dns_acl_t *acl, - dns_aclelement_t *elt, - dns_aclelement_t **matchelt); +dns_acl_elementmatch(const dns_acl_t *acl, + const dns_aclelement_t *elt, + const dns_aclelement_t **matchelt); /* * Search for an ACL element in 'acl' which is exactly the same as 'elt'. * If there is one, and 'matchelt' is non NULL, then '*matchelt' will point diff --git a/contrib/bind9/lib/dns/include/dns/cache.h b/contrib/bind9/lib/dns/include/dns/cache.h index 79c53de8f01..4b775c9c14c 100644 --- a/contrib/bind9/lib/dns/include/dns/cache.h +++ b/contrib/bind9/lib/dns/include/dns/cache.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cache.h,v 1.17.12.3 2004/03/08 09:04:34 marka Exp $ */ +/* $Id: cache.h,v 1.17.12.5 2006/03/02 00:37:20 marka Exp $ */ #ifndef DNS_CACHE_H #define DNS_CACHE_H 1 @@ -151,7 +151,7 @@ dns_cache_attachdb(dns_cache_t *cache, dns_db_t **dbp); isc_result_t -dns_cache_setfilename(dns_cache_t *cahce, char *filename); +dns_cache_setfilename(dns_cache_t *cahce, const char *filename); /* * If 'filename' is non-NULL, make the cache persistent. * The cache's data will be stored in the given file. diff --git a/contrib/bind9/lib/dns/include/dns/compress.h b/contrib/bind9/lib/dns/include/dns/compress.h index 0f6451cc6bf..042a4ea51a9 100644 --- a/contrib/bind9/lib/dns/include/dns/compress.h +++ b/contrib/bind9/lib/dns/include/dns/compress.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: compress.h,v 1.29.2.2.8.1 2004/03/06 08:13:51 marka Exp $ */ +/* $Id: compress.h,v 1.29.2.2.8.3 2006/03/02 00:37:20 marka Exp $ */ #ifndef DNS_COMPRESS_H #define DNS_COMPRESS_H 1 @@ -136,7 +136,7 @@ dns_compress_getedns(dns_compress_t *cctx); */ isc_boolean_t -dns_compress_findglobal(dns_compress_t *cctx, dns_name_t *name, +dns_compress_findglobal(dns_compress_t *cctx, const dns_name_t *name, dns_name_t *prefix, isc_uint16_t *offset); /* * Finds longest possible match of 'name' in the global compression table. @@ -155,8 +155,8 @@ dns_compress_findglobal(dns_compress_t *cctx, dns_name_t *name, */ void -dns_compress_add(dns_compress_t *cctx, dns_name_t *name, dns_name_t *prefix, - isc_uint16_t offset); +dns_compress_add(dns_compress_t *cctx, const dns_name_t *name, + const dns_name_t *prefix, isc_uint16_t offset); /* * Add compression pointers for 'name' to the compression table, * not replacing existing pointers. diff --git a/contrib/bind9/lib/dns/include/dns/keytable.h b/contrib/bind9/lib/dns/include/dns/keytable.h index a07c05201e3..f3a21a68b38 100644 --- a/contrib/bind9/lib/dns/include/dns/keytable.h +++ b/contrib/bind9/lib/dns/include/dns/keytable.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: keytable.h,v 1.10.206.1 2004/03/06 08:13:56 marka Exp $ */ +/* $Id: keytable.h,v 1.10.206.3 2006/01/06 00:01:42 marka Exp $ */ #ifndef DNS_KEYTABLE_H #define DNS_KEYTABLE_H 1 @@ -137,7 +137,8 @@ dns_keytable_findkeynode(dns_keytable_t *keytable, dns_name_t *name, dns_keynode_t **keynodep); /* * Search for a key named 'name', matching 'algorithm' and 'tag' in - * 'keytable'. + * 'keytable'. This finds the first instance which matches. Use + * dns_keytable_findnextkeynode() to find other instances. * * Requires: * @@ -150,6 +151,7 @@ dns_keytable_findkeynode(dns_keytable_t *keytable, dns_name_t *name, * Returns: * * ISC_R_SUCCESS + * DNS_R_PARTIALMATCH the name existed in the keytable. * ISC_R_NOTFOUND * * Any other result indicates an error. @@ -160,7 +162,7 @@ dns_keytable_findnextkeynode(dns_keytable_t *keytable, dns_keynode_t *keynode, dns_keynode_t **nextnodep); /* * Search for the next key with the same properties as 'keynode' in - * 'keytable'. + * 'keytable' as found by dns_keytable_findkeynode(). * * Requires: * diff --git a/contrib/bind9/lib/dns/include/dns/message.h b/contrib/bind9/lib/dns/include/dns/message.h index c8273221460..960c11aa12b 100644 --- a/contrib/bind9/lib/dns/include/dns/message.h +++ b/contrib/bind9/lib/dns/include/dns/message.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: message.h,v 1.100.2.3.8.7 2004/03/08 02:08:00 marka Exp $ */ +/* $Id: message.h,v 1.100.2.3.8.10 2006/02/28 06:32:54 marka Exp $ */ #ifndef DNS_MESSAGE_H #define DNS_MESSAGE_H 1 @@ -236,7 +236,7 @@ struct dns_message { isc_region_t saved; dns_rdatasetorderfunc_t order; - void * order_arg; + const void * order_arg; }; /*** @@ -710,6 +710,27 @@ dns_message_findtype(dns_name_t *name, dns_rdatatype_t type, * ISC_R_NOTFOUND -- the desired type does not exist. */ +isc_result_t +dns_message_find(dns_name_t *name, dns_rdataclass_t rdclass, + dns_rdatatype_t type, dns_rdatatype_t covers, + dns_rdataset_t **rdataset); +/*%< + * Search the name for the specified rdclass and type. If it is found, + * *rdataset is filled in with a pointer to that rdataset. + * + * Requires: + *\li if '**rdataset' is non-NULL, *rdataset needs to be NULL. + * + *\li 'type' be a valid type, and NOT dns_rdatatype_any. + * + *\li If 'type' is dns_rdatatype_rrsig, 'covers' must be a valid type. + * Otherwise it should be 0. + * + * Returns: + *\li #ISC_R_SUCCESS -- all is well. + *\li #ISC_R_NOTFOUND -- the desired type does not exist. + */ + void dns_message_movename(dns_message_t *msg, dns_name_t *name, dns_section_t fromsection, @@ -1260,7 +1281,7 @@ dns_message_getrawmessage(dns_message_t *msg); void dns_message_setsortorder(dns_message_t *msg, dns_rdatasetorderfunc_t order, - void *order_arg); + const void *order_arg); /* * Define the order in which RR sets get rendered by * dns_message_rendersection() to be the ascending order diff --git a/contrib/bind9/lib/dns/include/dns/name.h b/contrib/bind9/lib/dns/include/dns/name.h index 5f6a3db9c19..ce9e1f15316 100644 --- a/contrib/bind9/lib/dns/include/dns/name.h +++ b/contrib/bind9/lib/dns/include/dns/name.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: name.h,v 1.95.2.3.2.12 2004/09/08 00:29:34 marka Exp $ */ +/* $Id: name.h,v 1.95.2.3.2.14 2006/03/02 00:37:20 marka Exp $ */ #ifndef DNS_NAME_H #define DNS_NAME_H 1 @@ -589,7 +589,7 @@ dns_name_getlabelsequence(const dns_name_t *source, unsigned int first, void -dns_name_clone(dns_name_t *source, dns_name_t *target); +dns_name_clone(const dns_name_t *source, dns_name_t *target); /* * Make 'target' refer to the same name as 'source'. * @@ -703,7 +703,8 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source, */ isc_result_t -dns_name_towire(dns_name_t *name, dns_compress_t *cctx, isc_buffer_t *target); +dns_name_towire(const dns_name_t *name, dns_compress_t *cctx, + isc_buffer_t *target); /* * Convert 'name' into wire format, compressing it as specified by the * compression context 'cctx', and storing the result in 'target'. @@ -983,7 +984,7 @@ dns_name_split(dns_name_t *name, unsigned int suffixlabels, */ isc_result_t -dns_name_dup(dns_name_t *source, isc_mem_t *mctx, dns_name_t *target); +dns_name_dup(const dns_name_t *source, isc_mem_t *mctx, dns_name_t *target); /* * Make 'target' a dynamically allocated copy of 'source'. * diff --git a/contrib/bind9/lib/dns/include/dns/peer.h b/contrib/bind9/lib/dns/include/dns/peer.h index 03f720af354..90329646c7a 100644 --- a/contrib/bind9/lib/dns/include/dns/peer.h +++ b/contrib/bind9/lib/dns/include/dns/peer.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: peer.h,v 1.16.2.1.10.3 2004/03/06 08:13:58 marka Exp $ */ +/* $Id: peer.h,v 1.16.2.1.10.5 2006/03/02 00:37:20 marka Exp $ */ #ifndef DNS_PEER_H #define DNS_PEER_H 1 @@ -167,7 +167,8 @@ isc_result_t dns_peer_setkey(dns_peer_t *peer, dns_name_t **keyval); isc_result_t -dns_peer_settransfersource(dns_peer_t *peer, isc_sockaddr_t *transfer_source); +dns_peer_settransfersource(dns_peer_t *peer, + const isc_sockaddr_t *transfer_source); isc_result_t dns_peer_gettransfersource(dns_peer_t *peer, isc_sockaddr_t *transfer_source); diff --git a/contrib/bind9/lib/dns/include/dns/rdataset.h b/contrib/bind9/lib/dns/include/dns/rdataset.h index d856784c3e8..12cfbdeacc7 100644 --- a/contrib/bind9/lib/dns/include/dns/rdataset.h +++ b/contrib/bind9/lib/dns/include/dns/rdataset.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataset.h,v 1.41.2.5.2.8 2005/03/17 03:58:31 marka Exp $ */ +/* $Id: rdataset.h,v 1.41.2.5.2.10 2006/03/02 00:37:20 marka Exp $ */ #ifndef DNS_RDATASET_H #define DNS_RDATASET_H 1 @@ -365,11 +365,11 @@ dns_rdataset_towire(dns_rdataset_t *rdataset, isc_result_t dns_rdataset_towiresorted(dns_rdataset_t *rdataset, - dns_name_t *owner_name, + const dns_name_t *owner_name, dns_compress_t *cctx, isc_buffer_t *target, dns_rdatasetorderfunc_t order, - void *order_arg, + const void *order_arg, unsigned int options, unsigned int *countp); /* @@ -384,11 +384,11 @@ dns_rdataset_towiresorted(dns_rdataset_t *rdataset, isc_result_t dns_rdataset_towirepartial(dns_rdataset_t *rdataset, - dns_name_t *owner_name, + const dns_name_t *owner_name, dns_compress_t *cctx, isc_buffer_t *target, dns_rdatasetorderfunc_t order, - void *order_arg, + const void *order_arg, unsigned int options, unsigned int *countp, void **state); diff --git a/contrib/bind9/lib/dns/include/dns/resolver.h b/contrib/bind9/lib/dns/include/dns/resolver.h index 0a6080d27a5..8e3e63232bf 100644 --- a/contrib/bind9/lib/dns/include/dns/resolver.h +++ b/contrib/bind9/lib/dns/include/dns/resolver.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resolver.h,v 1.34.12.7 2004/04/15 23:56:31 marka Exp $ */ +/* $Id: resolver.h,v 1.34.12.9 2006/02/01 23:48:51 marka Exp $ */ #ifndef DNS_RESOLVER_H #define DNS_RESOLVER_H 1 @@ -136,7 +136,7 @@ dns_resolver_create(dns_view_t *view, * * 'dispatchv6' is a valid dispatcher with an IPv6 UDP socket, or is NULL. * - * *resp != NULL && *resp == NULL. + * resp != NULL && *resp == NULL. * * Returns: * diff --git a/contrib/bind9/lib/dns/include/dns/types.h b/contrib/bind9/lib/dns/include/dns/types.h index 2bad7ea02cc..27995deb279 100644 --- a/contrib/bind9/lib/dns/include/dns/types.h +++ b/contrib/bind9/lib/dns/include/dns/types.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: types.h,v 1.103.12.7 2004/03/08 09:04:39 marka Exp $ */ +/* $Id: types.h,v 1.103.12.9 2006/03/02 00:37:20 marka Exp $ */ #ifndef DNS_TYPES_H #define DNS_TYPES_H 1 @@ -294,6 +294,6 @@ typedef void (*dns_updatecallback_t)(void *, isc_result_t, dns_message_t *); typedef int -(*dns_rdatasetorderfunc_t)(dns_rdata_t *rdata, void *arg); +(*dns_rdatasetorderfunc_t)(const dns_rdata_t *rdata, const void *arg); #endif /* DNS_TYPES_H */ diff --git a/contrib/bind9/lib/dns/include/dns/validator.h b/contrib/bind9/lib/dns/include/dns/validator.h index 24769f3c88a..00e9ee32b75 100644 --- a/contrib/bind9/lib/dns/include/dns/validator.h +++ b/contrib/bind9/lib/dns/include/dns/validator.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.h,v 1.18.12.9 2005/09/06 02:12:41 marka Exp $ */ +/* $Id: validator.h,v 1.18.12.11 2006/01/06 00:01:42 marka Exp $ */ #ifndef DNS_VALIDATOR_H #define DNS_VALIDATOR_H 1 @@ -24,27 +24,35 @@ ***** Module Info *****/ -/* - * DNS Validator +/*! \file * - * XXX XXX + * \brief + * DNS Validator + * This is the BIND 9 validator, the module responsible for validating the + * rdatasets and negative responses (messages). It makes use of zones in + * the view and may fetch RRset to complete trust chains. It implements + * DNSSEC as specified in RFC 4033, 4034 and 4035. + * + * It can also optionally implement ISC's DNSSEC look-aside validation. + * + * Correct operation is critical to preventing spoofed answers from secure + * zones being accepted. * * MP: - * The module ensures appropriate synchronization of data structures it + *\li The module ensures appropriate synchronization of data structures it * creates and manipulates. * * Reliability: - * No anticipated impact. + *\li No anticipated impact. * * Resources: - * + *\li TBS * * Security: - * No anticipated impact. + *\li No anticipated impact. * * Standards: - * RFCs: 1034, 1035, 2181, 2535, - * Drafts: + *\li RFCs: 1034, 1035, 2181, 4033, 4034, 4035. */ #include @@ -58,12 +66,16 @@ #include -/* +/*% * A dns_validatorevent_t is sent when a 'validation' completes. - * + * \brief * 'name', 'rdataset', 'sigrdataset', and 'message' are the values that were * supplied when dns_validator_create() was called. They are returned to the * caller so that they may be freed. + * + * If the RESULT is ISC_R_SUCCESS and the answer is secure then + * proofs[] will contain the the names of the NSEC records that hold the + * various proofs. Note the same name may appear multiple times. */ typedef struct dns_validatorevent { ISC_EVENT_COMMON(struct dns_validatorevent); @@ -81,9 +93,9 @@ typedef struct dns_validatorevent { #define DNS_VALIDATOR_NODATAPROOF 1 #define DNS_VALIDATOR_NOWILDCARDPROOF 2 -/* - * A validator object represents a validation in procgress. - * +/*% + * A validator object represents a validation in progress. + * \brief * Clients are strongly discouraged from using this type directly, with * the exception of the 'link' field, which may be used directly for * whatever purpose the client desires. @@ -128,7 +140,10 @@ struct dns_validator { unsigned int depth; }; -#define DNS_VALIDATOR_DLV 1 +/*% + * dns_validator_create() options. + */ +#define DNS_VALIDATOR_DLV 1U ISC_LANG_BEGINDECLS @@ -138,7 +153,7 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, dns_message_t *message, unsigned int options, isc_task_t *task, isc_taskaction_t action, void *arg, dns_validator_t **validatorp); -/* +/*%< * Start a DNSSEC validation. * * This validates a response to the question given by @@ -163,41 +178,45 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, * arguments must be provided. * * The validation is performed in the context of 'view'. - * 'options' must be zero. * * When the validation finishes, a dns_validatorevent_t with * the given 'action' and 'arg' are sent to 'task'. * Its 'result' field will be ISC_R_SUCCESS iff the * response was successfully proven to be either secure or * part of a known insecure domain. + * + * options: + * If DNS_VALIDATOR_DLV is set the caller knows there is not a + * trusted key and the validator should immediately attempt to validate + * the answer by looking for a appopriate DLV RRset. */ void dns_validator_cancel(dns_validator_t *validator); -/* +/*%< * Cancel a DNSSEC validation in progress. * * Requires: - * 'validator' points to a valid DNSSEC validator, which + *\li 'validator' points to a valid DNSSEC validator, which * may or may not already have completed. * * Ensures: - * It the validator has not already sent its completion + *\li It the validator has not already sent its completion * event, it will send it with result code ISC_R_CANCELED. */ void dns_validator_destroy(dns_validator_t **validatorp); -/* +/*%< * Destroy a DNSSEC validator. * * Requires: - * '*validatorp' points to a valid DNSSEC validator. - * The validator must have completed and sent its completion + *\li '*validatorp' points to a valid DNSSEC validator. + * \li The validator must have completed and sent its completion * event. * * Ensures: - * All resources used by the validator are freed. + *\li All resources used by the validator are freed. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind9/lib/dns/include/dns/xfrin.h b/contrib/bind9/lib/dns/include/dns/xfrin.h index 0050238f94a..0f5e086b210 100644 --- a/contrib/bind9/lib/dns/include/dns/xfrin.h +++ b/contrib/bind9/lib/dns/include/dns/xfrin.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: xfrin.h,v 1.18.136.2 2004/03/06 08:14:01 marka Exp $ */ +/* $Id: xfrin.h,v 1.18.136.4 2006/07/20 01:10:29 marka Exp $ */ #ifndef DNS_XFRIN_H #define DNS_XFRIN_H 1 @@ -75,10 +75,12 @@ dns_xfrin_create2(dns_zone_t *zone, dns_rdatatype_t xfrtype, * code as arguments when the transfer finishes. * * Requires: - * 'xfrtype' is dns_rdatatype_axfr or dns_rdatatype_ixfr. + * 'xfrtype' is dns_rdatatype_axfr, dns_rdatatype_ixfr + * or dns_rdatatype_soa (soa query followed by axfr if + * serial is greater than current serial). * - * If 'xfrtype' is dns_rdatatype_ixfr, the zone has a - * database. + * If 'xfrtype' is dns_rdatatype_ixfr or dns_rdatatype_soa, + * the zone has a database. */ void diff --git a/contrib/bind9/lib/dns/include/dns/zone.h b/contrib/bind9/lib/dns/include/dns/zone.h index b7680fa2774..4baf36ab360 100644 --- a/contrib/bind9/lib/dns/include/dns/zone.h +++ b/contrib/bind9/lib/dns/include/dns/zone.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.h,v 1.106.2.7.4.15 2004/10/26 02:08:43 marka Exp $ */ +/* $Id: zone.h,v 1.106.2.7.4.18 2006/08/01 03:44:00 marka Exp $ */ #ifndef DNS_ZONE_H #define DNS_ZONE_H 1 @@ -163,7 +163,7 @@ dns_zone_getview(dns_zone_t *zone); */ isc_result_t -dns_zone_setorigin(dns_zone_t *zone, dns_name_t *origin); +dns_zone_setorigin(dns_zone_t *zone, const dns_name_t *origin); /* * Sets the zones origin to 'origin'. * @@ -414,11 +414,13 @@ dns_zone_maintenance(dns_zone_t *zone); */ isc_result_t -dns_zone_setmasters(dns_zone_t *zone, isc_sockaddr_t *masters, +dns_zone_setmasters(dns_zone_t *zone, const isc_sockaddr_t *masters, isc_uint32_t count); isc_result_t -dns_zone_setmasterswithkeys(dns_zone_t *zone, isc_sockaddr_t *masters, - dns_name_t **keynames, isc_uint32_t count); +dns_zone_setmasterswithkeys(dns_zone_t *zone, + const isc_sockaddr_t *masters, + dns_name_t **keynames, + isc_uint32_t count); /* * Set the list of master servers for the zone. * @@ -440,7 +442,7 @@ dns_zone_setmasterswithkeys(dns_zone_t *zone, isc_sockaddr_t *masters, */ isc_result_t -dns_zone_setalsonotify(dns_zone_t *zone, isc_sockaddr_t *notify, +dns_zone_setalsonotify(dns_zone_t *zone, const isc_sockaddr_t *notify, isc_uint32_t count); /* * Set the list of additional servers to be notified when @@ -525,9 +527,10 @@ dns_zone_setmaxretrytime(dns_zone_t *zone, isc_uint32_t val); */ isc_result_t -dns_zone_setxfrsource4(dns_zone_t *zone, isc_sockaddr_t *xfrsource); +dns_zone_setxfrsource4(dns_zone_t *zone, const isc_sockaddr_t *xfrsource); isc_result_t -dns_zone_setaltxfrsource4(dns_zone_t *zone, isc_sockaddr_t *xfrsource); +dns_zone_setaltxfrsource4(dns_zone_t *zone, + const isc_sockaddr_t *xfrsource); /* * Set the source address to be used in IPv4 zone transfers. * @@ -552,9 +555,10 @@ dns_zone_getaltxfrsource4(dns_zone_t *zone); */ isc_result_t -dns_zone_setxfrsource6(dns_zone_t *zone, isc_sockaddr_t *xfrsource); +dns_zone_setxfrsource6(dns_zone_t *zone, const isc_sockaddr_t *xfrsource); isc_result_t -dns_zone_setaltxfrsource6(dns_zone_t *zone, isc_sockaddr_t *xfrsource); +dns_zone_setaltxfrsource6(dns_zone_t *zone, + const isc_sockaddr_t *xfrsource); /* * Set the source address to be used in IPv6 zone transfers. * @@ -579,7 +583,7 @@ dns_zone_getaltxfrsource6(dns_zone_t *zone); */ isc_result_t -dns_zone_setnotifysrc4(dns_zone_t *zone, isc_sockaddr_t *notifysrc); +dns_zone_setnotifysrc4(dns_zone_t *zone, const isc_sockaddr_t *notifysrc); /* * Set the source address to be used with IPv4 NOTIFY messages. * @@ -602,7 +606,7 @@ dns_zone_getnotifysrc4(dns_zone_t *zone); */ isc_result_t -dns_zone_setnotifysrc6(dns_zone_t *zone, isc_sockaddr_t *notifysrc); +dns_zone_setnotifysrc6(dns_zone_t *zone, const isc_sockaddr_t *notifysrc); /* * Set the source address to be used with IPv6 NOTIFY messages. * @@ -1252,7 +1256,7 @@ dns_zonemgr_releasezone(dns_zonemgr_t *zmgr, dns_zone_t *zone); void dns_zonemgr_settransfersin(dns_zonemgr_t *zmgr, isc_uint32_t value); /* - * Set the maximum number of simultanious transfers in allowed by + * Set the maximum number of simultaneous transfers in allowed by * the zone manager. * * Requires: @@ -1262,7 +1266,7 @@ dns_zonemgr_settransfersin(dns_zonemgr_t *zmgr, isc_uint32_t value); isc_uint32_t dns_zonemgr_getttransfersin(dns_zonemgr_t *zmgr); /* - * Return the the maximum number of simultanious transfers in allowed. + * Return the the maximum number of simultaneous transfers in allowed. * * Requires: * 'zmgr' to be a valid zone manager. diff --git a/contrib/bind9/lib/dns/keytable.c b/contrib/bind9/lib/dns/keytable.c index 922c09af118..7f3e3cff2bc 100644 --- a/contrib/bind9/lib/dns/keytable.c +++ b/contrib/bind9/lib/dns/keytable.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: keytable.c,v 1.26.12.3 2004/03/08 09:04:30 marka Exp $ */ +/* $Id: keytable.c,v 1.26.12.5 2006/01/06 00:01:42 marka Exp $ */ #include @@ -244,6 +244,13 @@ dns_keytable_findkeynode(dns_keytable_t *keytable, dns_name_t *name, RWLOCK(&keytable->rwlock, isc_rwlocktype_read); + /* + * Note we don't want the DNS_R_PARTIALMATCH from dns_rbt_findname() + * as that indicates that 'name' was not found. + * + * DNS_R_PARTIALMATCH indicates that the name was found but we + * didn't get a match on algorithm and key id arguments. + */ knode = NULL; data = NULL; result = dns_rbt_findname(keytable->table, name, 0, NULL, &data); @@ -261,7 +268,7 @@ dns_keytable_findkeynode(dns_keytable_t *keytable, dns_name_t *name, UNLOCK(&keytable->lock); *keynodep = knode; } else - result = ISC_R_NOTFOUND; + result = DNS_R_PARTIALMATCH; } else if (result == DNS_R_PARTIALMATCH) result = ISC_R_NOTFOUND; diff --git a/contrib/bind9/lib/dns/lookup.c b/contrib/bind9/lib/dns/lookup.c index e593c7be7fe..1cf572145db 100644 --- a/contrib/bind9/lib/dns/lookup.c +++ b/contrib/bind9/lib/dns/lookup.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lookup.c,v 1.9.12.5 2004/04/15 02:10:40 marka Exp $ */ +/* $Id: lookup.c,v 1.9.12.7 2006/01/04 23:50:20 marka Exp $ */ #include @@ -154,11 +154,6 @@ build_event(dns_lookup_t *lookup) { dns_rdataset_disassociate(rdataset); isc_mem_put(lookup->mctx, rdataset, sizeof(dns_rdataset_t)); } - if (sigrdataset != NULL) { - if (dns_rdataset_isassociated(sigrdataset)) - dns_rdataset_disassociate(sigrdataset); - isc_mem_put(lookup->mctx, sigrdataset, sizeof(dns_rdataset_t)); - } return (result); } @@ -229,13 +224,14 @@ lookup_find(dns_lookup_t *lookup, dns_fetchevent_t *event) { send_event = ISC_TRUE; goto done; } - } else { + } else if (event != NULL) { result = event->result; fname = dns_fixedname_name(&event->foundname); dns_resolver_destroyfetch(&lookup->fetch); INSIST(event->rdataset == &lookup->rdataset); INSIST(event->sigrdataset == &lookup->sigrdataset); - } + } else + fname = NULL; /* Silence compiler warning. */ /* * If we've been canceled, forget about the result. diff --git a/contrib/bind9/lib/dns/masterdump.c b/contrib/bind9/lib/dns/masterdump.c index 0225d7243f8..0f4716d583d 100644 --- a/contrib/bind9/lib/dns/masterdump.c +++ b/contrib/bind9/lib/dns/masterdump.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: masterdump.c,v 1.56.2.5.2.12 2004/08/28 06:25:19 marka Exp $ */ +/* $Id: masterdump.c,v 1.56.2.5.2.15 2006/03/10 00:17:21 marka Exp $ */ #include @@ -1160,7 +1160,8 @@ dumptostreaminc(dns_dumpctx_t *dctx) { } if (dctx->nodes != 0 && result == ISC_R_SUCCESS) { - dns_dbiterator_pause(dctx->dbiter); + result = dns_dbiterator_pause(dctx->dbiter); + RUNTIME_CHECK(result == ISC_R_SUCCESS); result = DNS_R_CONTINUE; } else if (result == ISC_R_NOMORE) result = ISC_R_SUCCESS; @@ -1197,9 +1198,8 @@ dns_master_dumptostreaminc(isc_mem_t *mctx, dns_db_t *db, dns_dumpctx_attach(dctx, dctxp); return (DNS_R_CONTINUE); } - if (dctx != NULL) - dns_dumpctx_detach(&dctx); + dns_dumpctx_detach(&dctx); return (result); } diff --git a/contrib/bind9/lib/dns/message.c b/contrib/bind9/lib/dns/message.c index d4b2e1962f9..33875433f6a 100644 --- a/contrib/bind9/lib/dns/message.c +++ b/contrib/bind9/lib/dns/message.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: message.c,v 1.194.2.10.2.20 2005/06/07 01:42:23 marka Exp $ */ +/* $Id: message.c,v 1.194.2.10.2.24 2006/02/28 06:32:54 marka Exp $ */ /*** *** Imports @@ -800,12 +800,38 @@ findname(dns_name_t **foundname, dns_name_t *target, return (ISC_R_NOTFOUND); } +isc_result_t +dns_message_find(dns_name_t *name, dns_rdataclass_t rdclass, + dns_rdatatype_t type, dns_rdatatype_t covers, + dns_rdataset_t **rdataset) +{ + dns_rdataset_t *curr; + + if (rdataset != NULL) { + REQUIRE(*rdataset == NULL); + } + + for (curr = ISC_LIST_TAIL(name->list); + curr != NULL; + curr = ISC_LIST_PREV(curr, link)) { + if (curr->rdclass == rdclass && + curr->type == type && curr->covers == covers) { + if (rdataset != NULL) + *rdataset = curr; + return (ISC_R_SUCCESS); + } + } + + return (ISC_R_NOTFOUND); +} + isc_result_t dns_message_findtype(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers, dns_rdataset_t **rdataset) { dns_rdataset_t *curr; + REQUIRE(name != NULL); if (rdataset != NULL) { REQUIRE(*rdataset == NULL); } @@ -1030,7 +1056,7 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, /* * Can't ask the same question twice. */ - result = dns_message_findtype(name, rdtype, 0, NULL); + result = dns_message_find(name, rdclass, rdtype, 0, NULL); if (result == ISC_R_SUCCESS) DO_FORMERR; @@ -1190,6 +1216,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, && rdtype != dns_rdatatype_dnskey /* in a TKEY query */ && rdtype != dns_rdatatype_sig /* SIG(0) */ && rdtype != dns_rdatatype_tkey /* Win2000 TKEY */ + && msg->rdclass != dns_rdataclass_any && msg->rdclass != rdclass) DO_FORMERR; @@ -1279,12 +1306,9 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, rdata->type = rdtype; rdata->flags = DNS_RDATA_UPDATE; result = ISC_R_SUCCESS; - } else if (rdtype == dns_rdatatype_tsig) + } else result = getrdata(source, msg, dctx, rdclass, rdtype, rdatalen, rdata); - else - result = getrdata(source, msg, dctx, msg->rdclass, - rdtype, rdatalen, rdata); if (result != ISC_R_SUCCESS) goto cleanup; rdata->rdclass = rdclass; @@ -1360,8 +1384,8 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, DO_FORMERR; rdataset = NULL; - result = dns_message_findtype(name, rdtype, covers, - &rdataset); + result = dns_message_find(name, rdclass, rdtype, + covers, &rdataset); } /* @@ -1799,7 +1823,7 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid, if (rdataset != NULL && (rdataset->attributes & DNS_RDATASETATTR_REQUIREDGLUE) != 0 && (rdataset->attributes & DNS_RDATASETATTR_RENDERED) == 0) { - void *order_arg = msg->order_arg; + const void *order_arg = msg->order_arg; st = *(msg->buffer); count = 0; if (partial) @@ -3187,7 +3211,7 @@ dns_message_getrawmessage(dns_message_t *msg) { void dns_message_setsortorder(dns_message_t *msg, dns_rdatasetorderfunc_t order, - void *order_arg) + const void *order_arg) { REQUIRE(DNS_MESSAGE_VALID(msg)); msg->order = order; diff --git a/contrib/bind9/lib/dns/name.c b/contrib/bind9/lib/dns/name.c index 116a56a8186..1a257de8e13 100644 --- a/contrib/bind9/lib/dns/name.c +++ b/contrib/bind9/lib/dns/name.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: name.c,v 1.127.2.7.2.14 2005/10/14 01:38:48 marka Exp $ */ +/* $Id: name.c,v 1.127.2.7.2.16 2006/03/02 00:37:20 marka Exp $ */ #include @@ -856,7 +856,7 @@ dns_name_getlabelsequence(const dns_name_t *source, } void -dns_name_clone(dns_name_t *source, dns_name_t *target) { +dns_name_clone(const dns_name_t *source, dns_name_t *target) { /* * Make 'target' refer to the same name as 'source'. @@ -1748,7 +1748,9 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source, } isc_result_t -dns_name_towire(dns_name_t *name, dns_compress_t *cctx, isc_buffer_t *target) { +dns_name_towire(const dns_name_t *name, dns_compress_t *cctx, + isc_buffer_t *target) +{ unsigned int methods; isc_uint16_t offset; dns_name_t gp; /* Global compression prefix */ @@ -1962,7 +1964,9 @@ dns_name_split(dns_name_t *name, unsigned int suffixlabels, } isc_result_t -dns_name_dup(dns_name_t *source, isc_mem_t *mctx, dns_name_t *target) { +dns_name_dup(const dns_name_t *source, isc_mem_t *mctx, + dns_name_t *target) +{ /* * Make 'target' a dynamically allocated copy of 'source'. */ diff --git a/contrib/bind9/lib/dns/openssl_link.c b/contrib/bind9/lib/dns/openssl_link.c index 62eac05f30a..525905c1882 100644 --- a/contrib/bind9/lib/dns/openssl_link.c +++ b/contrib/bind9/lib/dns/openssl_link.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2003 Internet Software Consortium. * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * @@ -18,7 +18,7 @@ /* * Principal Author: Brian Wellington - * $Id: openssl_link.c,v 1.1.4.1 2004/12/09 04:07:18 marka Exp $ + * $Id: openssl_link.c,v 1.1.4.3 2006/05/23 23:51:03 marka Exp $ */ #ifdef OPENSSL @@ -39,7 +39,7 @@ #include #include -#if defined(CRYPTO_LOCK_ENGINE) && (OPENSSL_VERSION_NUMBER < 0x00907000L) +#if defined(CRYPTO_LOCK_ENGINE) && (OPENSSL_VERSION_NUMBER != 0x00907000L) #define USE_ENGINE 1 #endif @@ -160,7 +160,7 @@ dst__openssl_init() { goto cleanup_rm; } ENGINE_set_RAND(e, rm); - RAND_set_rand_method(e); + RAND_set_rand_method(rm); #else RAND_set_rand_method(rm); #endif diff --git a/contrib/bind9/lib/dns/openssldh_link.c b/contrib/bind9/lib/dns/openssldh_link.c index 24255834d78..74ba39af361 100644 --- a/contrib/bind9/lib/dns/openssldh_link.c +++ b/contrib/bind9/lib/dns/openssldh_link.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2002 Internet Software Consortium. * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * @@ -18,7 +18,7 @@ /* * Principal Author: Brian Wellington - * $Id: openssldh_link.c,v 1.1.4.1 2004/12/09 04:07:18 marka Exp $ + * $Id: openssldh_link.c,v 1.1.4.3 2006/03/02 00:37:20 marka Exp $ */ #ifdef OPENSSL @@ -138,6 +138,79 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) { return (ISC_TRUE); } +#ifndef HAVE_DH_GENERATE_PARAMETERS +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +static DH * +DH_generate_parameters(int prime_len, int generator, + void (*callback)(int,int,void *), void *cb_arg) +{ + BN_GENCB cb; + DH *dh = NULL; + + dh = DH_new(); + if (dh != NULL) { + BN_GENCB_set_old(&cb, callback, cb_arg); + + if (DH_generate_parameters_ex(dh, prime_len, generator, &cb)) + return (dh); + DH_free(dh); + } + return (NULL); +} +#endif + static isc_result_t openssldh_generate(dst_key_t *key, int generator) { DH *dh = NULL; diff --git a/contrib/bind9/lib/dns/openssldsa_link.c b/contrib/bind9/lib/dns/openssldsa_link.c index ac84a6565be..267bfe8d139 100644 --- a/contrib/bind9/lib/dns/openssldsa_link.c +++ b/contrib/bind9/lib/dns/openssldsa_link.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2002 Internet Software Consortium. * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * @@ -16,7 +16,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: openssldsa_link.c,v 1.1.4.1 2004/12/09 04:07:18 marka Exp $ */ +/* $Id: openssldsa_link.c,v 1.1.4.3 2006/03/02 00:37:20 marka Exp $ */ #ifdef OPENSSL @@ -169,6 +169,83 @@ openssldsa_compare(const dst_key_t *key1, const dst_key_t *key2) { return (ISC_TRUE); } +#ifndef HAVE_DSA_GENERATE_PARAMETERS +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +static DSA * +DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, + void (*callback)(int, int, void *), + void *cb_arg) +{ + BN_GENCB cb; + DSA *dsa; + + dsa = DSA_new(); + if (dsa != NULL) { + + BN_GENCB_set_old(&cb, callback, cb_arg); + + if (DSA_generate_parameters_ex(dsa, bits, seed_in, seed_len, + counter_ret, h_ret, &cb)) + return (dsa); + DSA_free(dsa); + } + return (NULL); +} +#endif + static isc_result_t openssldsa_generate(dst_key_t *key, int unused) { DSA *dsa; diff --git a/contrib/bind9/lib/dns/opensslrsa_link.c b/contrib/bind9/lib/dns/opensslrsa_link.c index f5530971dff..c33913ce3d0 100644 --- a/contrib/bind9/lib/dns/opensslrsa_link.c +++ b/contrib/bind9/lib/dns/opensslrsa_link.c @@ -17,7 +17,7 @@ /* * Principal Author: Brian Wellington - * $Id: opensslrsa_link.c,v 1.1.4.1.10.5 2006/10/11 03:58:50 marka Exp $ + * $Id: opensslrsa_link.c,v 1.1.4.9 2006/11/07 21:28:40 marka Exp $ */ #ifdef OPENSSL @@ -49,7 +49,7 @@ */ #ifdef WIN32 #if !((OPENSSL_VERSION_NUMBER >= 0x009070cfL && \ - OPENSSL_VERSION_NUMBER < 0x009080000L) || \ + OPENSSL_VERSION_NUMBER < 0x00908000L) || \ OPENSSL_VERSION_NUMBER >= 0x0090804fL) #error Please upgrade OpenSSL to 0.9.8d/0.9.7l or greater. #endif @@ -84,6 +84,12 @@ (rsa)->flags &= ~(RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE); \ (rsa)->flags &= ~RSA_FLAG_BLINDING; \ } while (0) +#elif defined(RSA_FLAG_NO_BLINDING) +#define SET_FLAGS(rsa) \ + do { \ + (rsa)->flags &= ~RSA_FLAG_BLINDING; \ + (rsa)->flags |= RSA_FLAG_NO_BLINDING; \ + } while (0) #else #define SET_FLAGS(rsa) \ do { \ @@ -103,12 +109,16 @@ opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) { isc_md5_t *md5ctx; md5ctx = isc_mem_get(dctx->mctx, sizeof(isc_md5_t)); + if (md5ctx == NULL) + return (ISC_R_NOMEMORY); isc_md5_init(md5ctx); dctx->opaque = md5ctx; } else { isc_sha1_t *sha1ctx; sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t)); + if (sha1ctx == NULL) + return (ISC_R_NOMEMORY); isc_sha1_init(sha1ctx); dctx->opaque = sha1ctx; } @@ -288,7 +298,7 @@ opensslrsa_generate(dst_key_t *key, int exp) { /* RSA_F4 0x10001 */ BN_set_bit(e, 0); BN_set_bit(e, 16); - } else { + } else { /* F5 0x100000001 */ BN_set_bit(e, 0); BN_set_bit(e, 32); @@ -303,7 +313,7 @@ opensslrsa_generate(dst_key_t *key, int exp) { return (ISC_R_SUCCESS); } - err: +err: if (e != NULL) BN_free(e); if (rsa != NULL) @@ -314,12 +324,12 @@ opensslrsa_generate(dst_key_t *key, int exp) { unsigned long e; if (exp == 0) - e = RSA_F4; + e = RSA_F4; else - e = 0x40000003; + e = 0x40000003; rsa = RSA_generate_key(key->key_size, e, NULL, NULL); if (rsa == NULL) - return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); + return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); SET_FLAGS(rsa); key->opaque = rsa; diff --git a/contrib/bind9/lib/dns/peer.c b/contrib/bind9/lib/dns/peer.c index a50ff0c9abe..8b6ccdb2beb 100644 --- a/contrib/bind9/lib/dns/peer.c +++ b/contrib/bind9/lib/dns/peer.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: peer.c,v 1.14.2.1.10.4 2004/03/06 08:13:41 marka Exp $ */ +/* $Id: peer.c,v 1.14.2.1.10.6 2006/03/02 00:37:20 marka Exp $ */ #include @@ -491,7 +491,9 @@ dns_peer_setkeybycharp(dns_peer_t *peer, const char *keyval) { } isc_result_t -dns_peer_settransfersource(dns_peer_t *peer, isc_sockaddr_t *transfer_source) { +dns_peer_settransfersource(dns_peer_t *peer, + const isc_sockaddr_t *transfer_source) +{ REQUIRE(DNS_PEER_VALID(peer)); if (peer->transfer_source != NULL) { diff --git a/contrib/bind9/lib/dns/portlist.c b/contrib/bind9/lib/dns/portlist.c index 64546e374b1..f65910bbea6 100644 --- a/contrib/bind9/lib/dns/portlist.c +++ b/contrib/bind9/lib/dns/portlist.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: portlist.c,v 1.3.72.4 2004/03/16 05:50:21 marka Exp $ */ +/* $Id: portlist.c,v 1.3.72.6 2006/08/25 05:25:50 marka Exp $ */ + +#include #include diff --git a/contrib/bind9/lib/dns/rbtdb.c b/contrib/bind9/lib/dns/rbtdb.c index f399dd17bce..8930d355fd0 100644 --- a/contrib/bind9/lib/dns/rbtdb.c +++ b/contrib/bind9/lib/dns/rbtdb.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb.c,v 1.168.2.11.2.22 2005/10/14 01:38:48 marka Exp $ */ +/* $Id: rbtdb.c,v 1.168.2.11.2.26 2006/03/02 23:18:20 marka Exp $ */ /* * Principal Author: Bob Halley @@ -1011,6 +1011,47 @@ cleanup_nondirty(rbtdb_version_t *version, rbtdb_changedlist_t *cleanup_list) { } } +static isc_boolean_t +iszonesecure(dns_db_t *db, dns_dbnode_t *origin) { + dns_rdataset_t keyset; + dns_rdataset_t nsecset, signsecset; + isc_boolean_t haszonekey = ISC_FALSE; + isc_boolean_t hasnsec = ISC_FALSE; + isc_result_t result; + + dns_rdataset_init(&keyset); + result = dns_db_findrdataset(db, origin, NULL, dns_rdatatype_dnskey, 0, + 0, &keyset, NULL); + if (result == ISC_R_SUCCESS) { + dns_rdata_t keyrdata = DNS_RDATA_INIT; + result = dns_rdataset_first(&keyset); + while (result == ISC_R_SUCCESS) { + dns_rdataset_current(&keyset, &keyrdata); + if (dns_zonekey_iszonekey(&keyrdata)) { + haszonekey = ISC_TRUE; + break; + } + result = dns_rdataset_next(&keyset); + } + dns_rdataset_disassociate(&keyset); + } + if (!haszonekey) + return (ISC_FALSE); + + dns_rdataset_init(&nsecset); + dns_rdataset_init(&signsecset); + result = dns_db_findrdataset(db, origin, NULL, dns_rdatatype_nsec, 0, + 0, &nsecset, &signsecset); + if (result == ISC_R_SUCCESS) { + if (dns_rdataset_isassociated(&signsecset)) { + hasnsec = ISC_TRUE; + dns_rdataset_disassociate(&signsecset); + } + dns_rdataset_disassociate(&nsecset); + } + return (hasnsec); +} + static void closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit) { dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db; @@ -1136,6 +1177,12 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit) { least_serial = rbtdb->least_serial; UNLOCK(&rbtdb->lock); + /* + * Update the zone's secure status. + */ + if (version->writer && commit && !IS_CACHE(rbtdb)) + rbtdb->secure = iszonesecure(db, rbtdb->origin_node); + if (cleanup_version != NULL) { INSIST(EMPTY(cleanup_version->changed_list)); isc_mem_put(rbtdb->common.mctx, cleanup_version, @@ -2184,12 +2231,12 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, /* * Certain DNSSEC types are not subject to CNAME matching - * (RFC 2535, section 2.3.5). + * (RFC4035, section 2.5 and RFC3007). * * We don't check for RRSIG, because we don't store RRSIG records * directly. */ - if (type == dns_rdatatype_dnskey || type == dns_rdatatype_nsec) + if (type == dns_rdatatype_key || type == dns_rdatatype_nsec) cname_ok = ISC_FALSE; /* @@ -2247,9 +2294,15 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, search.need_cleanup = ISC_TRUE; maybe_zonecut = ISC_FALSE; at_zonecut = ISC_TRUE; + /* + * It is not clear if KEY should still be + * allowed at the parent side of the zone + * cut or not. It is needed for RFC3007 + * validated updates. + */ if ((search.options & DNS_DBFIND_GLUEOK) == 0 && type != dns_rdatatype_nsec - && type != dns_rdatatype_dnskey) { + && type != dns_rdatatype_key) { /* * Glue is not OK, but any answer we * could return would be glue. Return @@ -2430,8 +2483,14 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, * and the type is NSEC or KEY. */ if (search.zonecut == node) { + /* + * It is not clear if KEY should still be + * allowed at the parent side of the zone + * cut or not. It is needed for RFC3007 + * validated updates. + */ if (type == dns_rdatatype_nsec || - type == dns_rdatatype_dnskey) + type == dns_rdatatype_key) result = ISC_R_SUCCESS; else if (type == dns_rdatatype_any) result = DNS_R_ZONECUT; @@ -2860,7 +2919,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, rdatasetheader_t *header, *header_prev, *header_next; rdatasetheader_t *found, *nsheader; rdatasetheader_t *foundsig, *nssig, *cnamesig; - rbtdb_rdatatype_t sigtype, nsectype; + rbtdb_rdatatype_t sigtype, negtype; UNUSED(version); @@ -2918,12 +2977,12 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, /* * Certain DNSSEC types are not subject to CNAME matching - * (RFC 2535, section 2.3.5). + * (RFC4035, section 2.5 and RFC3007). * * We don't check for RRSIG, because we don't store RRSIG records * directly. */ - if (type == dns_rdatatype_dnskey || type == dns_rdatatype_nsec) + if (type == dns_rdatatype_key || type == dns_rdatatype_nsec) cname_ok = ISC_FALSE; /* @@ -2935,7 +2994,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, found = NULL; foundsig = NULL; sigtype = RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, type); - nsectype = RBTDB_RDATATYPE_VALUE(0, type); + negtype = RBTDB_RDATATYPE_VALUE(0, type); nsheader = NULL; nssig = NULL; cnamesig = NULL; @@ -3007,7 +3066,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, */ foundsig = header; } else if (header->type == RBTDB_RDATATYPE_NCACHEANY || - header->type == nsectype) { + header->type == negtype) { /* * We've found a negative cache entry. */ @@ -3618,7 +3677,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db; dns_rbtnode_t *rbtnode = (dns_rbtnode_t *)node; rdatasetheader_t *header, *header_next, *found, *foundsig; - rbtdb_rdatatype_t matchtype, sigmatchtype, nsectype; + rbtdb_rdatatype_t matchtype, sigmatchtype, negtype; isc_result_t result; REQUIRE(VALID_RBTDB(rbtdb)); @@ -3636,7 +3695,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, found = NULL; foundsig = NULL; matchtype = RBTDB_RDATATYPE_VALUE(type, covers); - nsectype = RBTDB_RDATATYPE_VALUE(0, type); + negtype = RBTDB_RDATATYPE_VALUE(0, type); if (covers == 0) sigmatchtype = RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, type); else @@ -3659,7 +3718,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, if (header->type == matchtype) found = header; else if (header->type == RBTDB_RDATATYPE_NCACHEANY || - header->type == nsectype) + header->type == negtype) found = header; else if (header->type == sigmatchtype) foundsig = header; @@ -3785,16 +3844,13 @@ cname_and_other_data(dns_rbtnode_t *node, rbtdb_serial_t serial) { * Look for active extant "other data". * * "Other data" is any rdataset whose type is not - * DNSKEY, RRSIG DNSKEY, NSEC, RRSIG NSEC, - * or RRSIG CNAME. + * KEY, RRSIG KEY, NSEC, RRSIG NSEC or RRSIG CNAME. */ rdtype = RBTDB_RDATATYPE_BASE(header->type); if (rdtype == dns_rdatatype_rrsig || rdtype == dns_rdatatype_sig) rdtype = RBTDB_RDATATYPE_EXT(header->type); if (rdtype != dns_rdatatype_nsec && - rdtype != dns_rdatatype_dnskey && - rdtype != dns_rdatatype_nxt && rdtype != dns_rdatatype_key && rdtype != dns_rdatatype_cname) { /* @@ -3839,7 +3895,8 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, isc_boolean_t header_nx; isc_boolean_t newheader_nx; isc_boolean_t merge; - dns_rdatatype_t nsectype, rdtype, covers; + dns_rdatatype_t rdtype, covers; + rbtdb_rdatatype_t negtype; dns_trust_t trust; /* @@ -3877,7 +3934,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, newheader_nx = NONEXISTENT(newheader) ? ISC_TRUE : ISC_FALSE; topheader_prev = NULL; - nsectype = 0; + negtype = 0; if (rbtversion == NULL && !newheader_nx) { rdtype = RBTDB_RDATATYPE_BASE(newheader->type); if (rdtype == 0) { @@ -3887,12 +3944,13 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, covers = RBTDB_RDATATYPE_EXT(newheader->type); if (covers == dns_rdatatype_any) { /* - * We're adding an NXDOMAIN negative cache - * entry. + * We're adding an negative cache entry + * which covers all types (NXDOMAIN, + * NODATA(QTYPE=ANY)). * * We make all other data stale so that the * only rdataset that can be found at this - * node is the NXDOMAIN negative cache entry. + * node is the negative cache entry. */ for (topheader = rbtnode->data; topheader != NULL; @@ -3904,17 +3962,19 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, rbtnode->dirty = 1; goto find_header; } - nsectype = RBTDB_RDATATYPE_VALUE(covers, 0); + negtype = RBTDB_RDATATYPE_VALUE(covers, 0); } else { /* * We're adding something that isn't a * negative cache entry. Look for an extant - * non-stale NXDOMAIN negative cache entry. + * non-stale NXDOMAIN/NODATA(QTYPE=ANY) negative + * cache entry. */ for (topheader = rbtnode->data; topheader != NULL; topheader = topheader->next) { - if (NXDOMAIN(topheader)) + if (topheader->type == + RBTDB_RDATATYPE_NCACHEANY) break; } if (topheader != NULL && EXISTS(topheader) && @@ -3924,7 +3984,8 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, */ if (trust < topheader->trust) { /* - * The NXDOMAIN is more trusted. + * The NXDOMAIN/NODATA(QTYPE=ANY) + * is more trusted. */ free_rdataset(rbtdb->common.mctx, newheader); @@ -3936,7 +3997,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, } /* * The new rdataset is better. Expire the - * NXDOMAIN. + * NXDOMAIN/NODATA(QTYPE=ANY). */ topheader->ttl = 0; topheader->attributes |= RDATASET_ATTR_STALE; @@ -3944,7 +4005,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, topheader = NULL; goto find_header; } - nsectype = RBTDB_RDATATYPE_VALUE(0, rdtype); + negtype = RBTDB_RDATATYPE_VALUE(0, rdtype); } } @@ -3952,7 +4013,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, topheader != NULL; topheader = topheader->next) { if (topheader->type == newheader->type || - topheader->type == nsectype) + topheader->type == negtype) break; topheader_prev = topheader; } @@ -4118,6 +4179,10 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, rbtnode->dirty = 1; if (changed != NULL) changed->dirty = ISC_TRUE; + if (rbtversion == NULL) { + header->ttl = 0; + header->attributes |= RDATASET_ATTR_STALE; + } } } else { /* @@ -4318,6 +4383,13 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, if (delegating) RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write); + /* + * Update the zone's secure status. If version is non-NULL + * this is defered until closeversion() is called. + */ + if (result == ISC_R_SUCCESS && version == NULL && !IS_CACHE(rbtdb)) + rbtdb->secure = iszonesecure(db, rbtdb->origin_node); + return (result); } @@ -4460,6 +4532,13 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, unlock: UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + /* + * Update the zone's secure status. If version is non-NULL + * this is defered until closeversion() is called. + */ + if (result == ISC_R_SUCCESS && version == NULL && !IS_CACHE(rbtdb)) + rbtdb->secure = iszonesecure(db, rbtdb->origin_node); + return (result); } @@ -4501,6 +4580,13 @@ deleterdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + /* + * Update the zone's secure status. If version is non-NULL + * this is defered until closeversion() is called. + */ + if (result == ISC_R_SUCCESS && version == NULL && !IS_CACHE(rbtdb)) + rbtdb->secure = iszonesecure(db, rbtdb->origin_node); + return (result); } @@ -4615,48 +4701,6 @@ beginload(dns_db_t *db, dns_addrdatasetfunc_t *addp, dns_dbload_t **dbloadp) { return (ISC_R_SUCCESS); } -static isc_boolean_t -iszonesecure(dns_db_t *db, dns_dbnode_t *origin) { - dns_rdataset_t keyset; - dns_rdataset_t nsecset, signsecset; - isc_boolean_t haszonekey = ISC_FALSE; - isc_boolean_t hasnsec = ISC_FALSE; - isc_result_t result; - - dns_rdataset_init(&keyset); - result = dns_db_findrdataset(db, origin, NULL, dns_rdatatype_dnskey, 0, - 0, &keyset, NULL); - if (result == ISC_R_SUCCESS) { - dns_rdata_t keyrdata = DNS_RDATA_INIT; - result = dns_rdataset_first(&keyset); - while (result == ISC_R_SUCCESS) { - dns_rdataset_current(&keyset, &keyrdata); - if (dns_zonekey_iszonekey(&keyrdata)) { - haszonekey = ISC_TRUE; - break; - } - result = dns_rdataset_next(&keyset); - } - dns_rdataset_disassociate(&keyset); - } - if (!haszonekey) - return (ISC_FALSE); - - dns_rdataset_init(&nsecset); - dns_rdataset_init(&signsecset); - result = dns_db_findrdataset(db, origin, NULL, dns_rdatatype_nsec, 0, - 0, &nsecset, &signsecset); - if (result == ISC_R_SUCCESS) { - if (dns_rdataset_isassociated(&signsecset)) { - hasnsec = ISC_TRUE; - dns_rdataset_disassociate(&signsecset); - } - dns_rdataset_disassociate(&nsecset); - } - return (hasnsec); - -} - static isc_result_t endload(dns_db_t *db, dns_dbload_t **dbloadp) { rbtdb_load_t *loadctx; @@ -5235,7 +5279,8 @@ rdatasetiter_next(dns_rdatasetiter_t *iterator) { rdatasetheader_t *header, *top_next; rbtdb_serial_t serial; isc_stdtime_t now; - rbtdb_rdatatype_t type; + rbtdb_rdatatype_t type, negtype; + dns_rdatatype_t rdtype, covers; header = rbtiterator->current; if (header == NULL) @@ -5252,9 +5297,18 @@ rdatasetiter_next(dns_rdatasetiter_t *iterator) { LOCK(&rbtdb->node_locks[rbtnode->locknum].lock); type = header->type; + rdtype = RBTDB_RDATATYPE_BASE(header->type); + if (rdtype == 0) { + covers = RBTDB_RDATATYPE_EXT(header->type); + negtype = RBTDB_RDATATYPE_VALUE(covers, 0); + } else + negtype = RBTDB_RDATATYPE_VALUE(0, rdtype); for (header = header->next; header != NULL; header = top_next) { top_next = header->next; - if (header->type != type) { + /* + * If not walking back up the down list. + */ + if (header->type != type && header->type != negtype) { do { if (header->serial <= serial && !IGNORE(header)) { diff --git a/contrib/bind9/lib/dns/rdata.c b/contrib/bind9/lib/dns/rdata.c index 1b3f2a51c13..bcd0e150052 100644 --- a/contrib/bind9/lib/dns/rdata.c +++ b/contrib/bind9/lib/dns/rdata.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdata.c,v 1.147.2.11.2.20 2005/07/22 05:27:52 marka Exp $ */ +/* $Id: rdata.c,v 1.147.2.11.2.22 2006/07/21 02:05:56 marka Exp $ */ #include #include @@ -1266,7 +1266,7 @@ hexvalue(char value) { return (-1); if (isupper(c)) c = tolower(c); - if ((s = strchr(hexdigits, value)) == NULL) + if ((s = strchr(hexdigits, c)) == NULL) return (-1); return (s - hexdigits); } diff --git a/contrib/bind9/lib/dns/rdata/generic/dlv_32769.c b/contrib/bind9/lib/dns/rdata/generic/dlv_32769.c new file mode 100644 index 00000000000..b28435c8bd5 --- /dev/null +++ b/contrib/bind9/lib/dns/rdata/generic/dlv_32769.c @@ -0,0 +1,281 @@ +/* + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: dlv_32769.c,v 1.2.4.2 2006/02/19 06:50:46 marka Exp $ */ + +/* draft-ietf-dnsext-delegation-signer-05.txt */ + +#ifndef RDATA_GENERIC_DLV_32769_C +#define RDATA_GENERIC_DLV_32769_C + +#define RRTYPE_DLV_ATTRIBUTES 0 + +static inline isc_result_t +fromtext_dlv(ARGS_FROMTEXT) { + isc_token_t token; + + REQUIRE(type == 32769); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(origin); + UNUSED(options); + UNUSED(callbacks); + + /* + * Key tag. + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + ISC_FALSE)); + if (token.value.as_ulong > 0xffffU) + RETTOK(ISC_R_RANGE); + RETERR(uint16_tobuffer(token.value.as_ulong, target)); + + /* + * Algorithm. + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + ISC_FALSE)); + if (token.value.as_ulong > 0xffU) + RETTOK(ISC_R_RANGE); + RETERR(uint8_tobuffer(token.value.as_ulong, target)); + + /* + * Digest type. + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + ISC_FALSE)); + if (token.value.as_ulong > 0xffU) + RETTOK(ISC_R_RANGE); + RETERR(uint8_tobuffer(token.value.as_ulong, target)); + type = (isc_uint16_t) token.value.as_ulong; + + /* + * Digest. + */ + return (isc_hex_tobuffer(lexer, target, -1)); +} + +static inline isc_result_t +totext_dlv(ARGS_TOTEXT) { + isc_region_t sr; + char buf[sizeof("64000 ")]; + unsigned int n; + + REQUIRE(rdata->type == 32769); + REQUIRE(rdata->length != 0); + + UNUSED(tctx); + + dns_rdata_toregion(rdata, &sr); + + /* + * Key tag. + */ + n = uint16_fromregion(&sr); + isc_region_consume(&sr, 2); + sprintf(buf, "%u ", n); + RETERR(str_totext(buf, target)); + + /* + * Algorithm. + */ + n = uint8_fromregion(&sr); + isc_region_consume(&sr, 1); + sprintf(buf, "%u ", n); + RETERR(str_totext(buf, target)); + + /* + * Digest type. + */ + n = uint8_fromregion(&sr); + isc_region_consume(&sr, 1); + sprintf(buf, "%u", n); + RETERR(str_totext(buf, target)); + + /* + * Digest. + */ + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) + RETERR(str_totext(" (", target)); + RETERR(str_totext(tctx->linebreak, target)); + RETERR(isc_hex_totext(&sr, tctx->width - 2, tctx->linebreak, target)); + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) + RETERR(str_totext(" )", target)); + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +fromwire_dlv(ARGS_FROMWIRE) { + isc_region_t sr; + + REQUIRE(type == 32769); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(dctx); + UNUSED(options); + + isc_buffer_activeregion(source, &sr); + if (sr.length < 4) + return (ISC_R_UNEXPECTEDEND); + + isc_buffer_forward(source, sr.length); + return (mem_tobuffer(target, sr.base, sr.length)); +} + +static inline isc_result_t +towire_dlv(ARGS_TOWIRE) { + isc_region_t sr; + + REQUIRE(rdata->type == 32769); + REQUIRE(rdata->length != 0); + + UNUSED(cctx); + + dns_rdata_toregion(rdata, &sr); + return (mem_tobuffer(target, sr.base, sr.length)); +} + +static inline int +compare_dlv(ARGS_COMPARE) { + isc_region_t r1; + isc_region_t r2; + + REQUIRE(rdata1->type == rdata2->type); + REQUIRE(rdata1->rdclass == rdata2->rdclass); + REQUIRE(rdata1->type == 32769); + REQUIRE(rdata1->length != 0); + REQUIRE(rdata2->length != 0); + + dns_rdata_toregion(rdata1, &r1); + dns_rdata_toregion(rdata2, &r2); + return (isc_region_compare(&r1, &r2)); +} + +static inline isc_result_t +fromstruct_dlv(ARGS_FROMSTRUCT) { + dns_rdata_dlv_t *dlv = source; + + REQUIRE(type == 32769); + REQUIRE(source != NULL); + REQUIRE(dlv->common.rdtype == type); + REQUIRE(dlv->common.rdclass == rdclass); + + UNUSED(type); + UNUSED(rdclass); + + RETERR(uint16_tobuffer(dlv->key_tag, target)); + RETERR(uint8_tobuffer(dlv->algorithm, target)); + RETERR(uint8_tobuffer(dlv->digest_type, target)); + + return (mem_tobuffer(target, dlv->digest, dlv->length)); +} + +static inline isc_result_t +tostruct_dlv(ARGS_TOSTRUCT) { + dns_rdata_dlv_t *dlv = target; + isc_region_t region; + + REQUIRE(rdata->type == 32769); + REQUIRE(target != NULL); + REQUIRE(rdata->length != 0); + + dlv->common.rdclass = rdata->rdclass; + dlv->common.rdtype = rdata->type; + ISC_LINK_INIT(&dlv->common, link); + + dns_rdata_toregion(rdata, ®ion); + + dlv->key_tag = uint16_fromregion(®ion); + isc_region_consume(®ion, 2); + dlv->algorithm = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + dlv->digest_type = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + dlv->length = region.length; + + dlv->digest = mem_maybedup(mctx, region.base, region.length); + if (dlv->digest == NULL) + return (ISC_R_NOMEMORY); + + dlv->mctx = mctx; + return (ISC_R_SUCCESS); +} + +static inline void +freestruct_dlv(ARGS_FREESTRUCT) { + dns_rdata_dlv_t *dlv = source; + + REQUIRE(dlv != NULL); + REQUIRE(dlv->common.rdtype == 32769); + + if (dlv->mctx == NULL) + return; + + if (dlv->digest != NULL) + isc_mem_free(dlv->mctx, dlv->digest); + dlv->mctx = NULL; +} + +static inline isc_result_t +additionaldata_dlv(ARGS_ADDLDATA) { + REQUIRE(rdata->type == 32769); + + UNUSED(rdata); + UNUSED(add); + UNUSED(arg); + + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +digest_dlv(ARGS_DIGEST) { + isc_region_t r; + + REQUIRE(rdata->type == 32769); + + dns_rdata_toregion(rdata, &r); + + return ((digest)(arg, &r)); +} + +static inline isc_boolean_t +checkowner_dlv(ARGS_CHECKOWNER) { + + REQUIRE(type == 32769); + + UNUSED(name); + UNUSED(type); + UNUSED(rdclass); + UNUSED(wildcard); + + return (ISC_TRUE); +} + +static inline isc_boolean_t +checknames_dlv(ARGS_CHECKNAMES) { + + REQUIRE(rdata->type == 32769); + + UNUSED(rdata); + UNUSED(owner); + UNUSED(bad); + + return (ISC_TRUE); +} + +#endif /* RDATA_GENERIC_DLV_32769_C */ diff --git a/contrib/bind9/lib/dns/rdata/generic/dlv_32769.h b/contrib/bind9/lib/dns/rdata/generic/dlv_32769.h new file mode 100644 index 00000000000..08a9b1d4aab --- /dev/null +++ b/contrib/bind9/lib/dns/rdata/generic/dlv_32769.h @@ -0,0 +1,33 @@ +/* + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: dlv_32769.h,v 1.2.4.2 2006/02/19 06:50:46 marka Exp $ */ + +/* draft-ietf-dnsext-delegation-signer-05.txt */ +#ifndef GENERIC_DLV_32769_H +#define GENERIC_DLV_32769_H 1 + +typedef struct dns_rdata_dlv { + dns_rdatacommon_t common; + isc_mem_t *mctx; + isc_uint16_t key_tag; + isc_uint8_t algorithm; + isc_uint8_t digest_type; + isc_uint16_t length; + unsigned char *digest; +} dns_rdata_dlv_t; + +#endif /* GENERIC_DLV_32769_H */ diff --git a/contrib/bind9/lib/dns/rdataset.c b/contrib/bind9/lib/dns/rdataset.c index 672777b02f5..8af71c3f8dd 100644 --- a/contrib/bind9/lib/dns/rdataset.c +++ b/contrib/bind9/lib/dns/rdataset.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataset.c,v 1.58.2.2.2.10 2004/03/08 09:04:31 marka Exp $ */ +/* $Id: rdataset.c,v 1.58.2.2.2.12 2006/03/02 00:37:20 marka Exp $ */ #include @@ -280,9 +280,9 @@ towire_compare(const void *av, const void *bv) { } static isc_result_t -towiresorted(dns_rdataset_t *rdataset, dns_name_t *owner_name, +towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, dns_compress_t *cctx, isc_buffer_t *target, - dns_rdatasetorderfunc_t order, void *order_arg, + dns_rdatasetorderfunc_t order, const void *order_arg, isc_boolean_t partial, unsigned int options, unsigned int *countp, void **state) { @@ -528,11 +528,11 @@ towiresorted(dns_rdataset_t *rdataset, dns_name_t *owner_name, isc_result_t dns_rdataset_towiresorted(dns_rdataset_t *rdataset, - dns_name_t *owner_name, + const dns_name_t *owner_name, dns_compress_t *cctx, isc_buffer_t *target, dns_rdatasetorderfunc_t order, - void *order_arg, + const void *order_arg, unsigned int options, unsigned int *countp) { @@ -543,11 +543,11 @@ dns_rdataset_towiresorted(dns_rdataset_t *rdataset, isc_result_t dns_rdataset_towirepartial(dns_rdataset_t *rdataset, - dns_name_t *owner_name, + const dns_name_t *owner_name, dns_compress_t *cctx, isc_buffer_t *target, dns_rdatasetorderfunc_t order, - void *order_arg, + const void *order_arg, unsigned int options, unsigned int *countp, void **state) diff --git a/contrib/bind9/lib/dns/request.c b/contrib/bind9/lib/dns/request.c index 3ec845f80d8..c325fd4c280 100644 --- a/contrib/bind9/lib/dns/request.c +++ b/contrib/bind9/lib/dns/request.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: request.c,v 1.64.2.1.10.6 2004/03/08 09:04:31 marka Exp $ */ +/* $Id: request.c,v 1.64.2.1.10.9 2006/08/21 00:50:48 marka Exp $ */ #include @@ -512,6 +512,7 @@ create_tcp_dispatch(dns_requestmgr_t *requestmgr, isc_sockaddr_t *srcaddr, isc_sockettype_tcp, &socket); if (result != ISC_R_SUCCESS) return (result); +#ifndef BROKEN_TCP_BIND_BEFORE_CONNECT if (srcaddr == NULL) { isc_sockaddr_anyofpf(&bind_any, isc_sockaddr_pf(destaddr)); @@ -523,6 +524,7 @@ create_tcp_dispatch(dns_requestmgr_t *requestmgr, isc_sockaddr_t *srcaddr, } if (result != ISC_R_SUCCESS) goto cleanup; +#endif attrs = 0; attrs |= DNS_DISPATCHATTR_TCP; attrs |= DNS_DISPATCHATTR_PRIVATE; @@ -701,6 +703,7 @@ dns_request_createraw3(dns_requestmgr_t *requestmgr, isc_buffer_t *msgbuf, if (udptimeout == 0) udptimeout = 1; } + request->udpcount = udpretries; /* * Create timer now. We will set it below once. @@ -898,6 +901,7 @@ dns_request_createvia3(dns_requestmgr_t *requestmgr, dns_message_t *message, if (udptimeout == 0) udptimeout = 1; } + request->udpcount = udpretries; /* * Create timer now. We will set it below once. diff --git a/contrib/bind9/lib/dns/resolver.c b/contrib/bind9/lib/dns/resolver.c index a5474f1ae02..b9e69c8c873 100644 --- a/contrib/bind9/lib/dns/resolver.c +++ b/contrib/bind9/lib/dns/resolver.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resolver.c,v 1.218.2.18.4.56.4.2 2006/10/04 07:06:02 marka Exp $ */ +/* $Id: resolver.c,v 1.218.2.18.4.64 2006/08/31 03:57:11 marka Exp $ */ #include @@ -27,8 +27,10 @@ #include #include +#include #include #include +#include #include #include #include @@ -47,6 +49,7 @@ #include #include #include +#include #include #include @@ -461,8 +464,7 @@ fctx_starttimer(fetchctx_t *fctx) { * no further idle events are delivered. */ return (isc_timer_reset(fctx->timer, isc_timertype_once, - &fctx->expires, NULL, - ISC_TRUE)); + &fctx->expires, NULL, ISC_TRUE)); } static inline void @@ -1028,9 +1030,11 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, if (result != ISC_R_SUCCESS) goto cleanup_query; +#ifndef BROKEN_TCP_BIND_BEFORE_CONNECT result = isc_socket_bind(query->tcpsocket, &addr); if (result != ISC_R_SUCCESS) goto cleanup_socket; +#endif /* * A dispatch will be created once the connect succeeds. @@ -1287,6 +1291,12 @@ resquery_send(resquery_t *query) { goto cleanup_message; } + /* + * Clear CD if EDNS is not in use. + */ + if ((query->options & DNS_FETCHOPT_NOEDNS0) != 0) + fctx->qmessage->flags &= ~DNS_MESSAGEFLAG_CD; + /* * Add TSIG record tailored to the current recipient. */ @@ -3156,10 +3166,12 @@ validated(isc_task_t *task, isc_event_t *event) { * so, destroy the fctx. */ if (SHUTTINGDOWN(fctx) && !sentresponse) { - maybe_destroy(fctx); + maybe_destroy(fctx); /* Locks bucket. */ goto cleanup_event; } + LOCK(&fctx->res->buckets[fctx->bucketnum].lock); + /* * If chaining, we need to make sure that the right result code is * returned, and that the rdatasets are bound. @@ -3219,10 +3231,11 @@ validated(isc_task_t *task, isc_event_t *event) { result = vevent->result; add_bad(fctx, &addrinfo->sockaddr, result); isc_event_free(&event); + UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock); if (sentresponse) - fctx_done(fctx, result); + fctx_done(fctx, result); /* Locks bucket. */ else - fctx_try(fctx); + fctx_try(fctx); /* Locks bucket. */ return; } @@ -3267,6 +3280,7 @@ validated(isc_task_t *task, isc_event_t *event) { result = dns_rdataset_addnoqname(vevent->rdataset, vevent->proofs[DNS_VALIDATOR_NOQNAMEPROOF]); RUNTIME_CHECK(result == ISC_R_SUCCESS); + INSIST(vevent->sigrdataset != NULL); vevent->sigrdataset->ttl = vevent->rdataset->ttl; } @@ -3299,9 +3313,9 @@ validated(isc_task_t *task, isc_event_t *event) { * If we only deferred the destroy because we wanted to cache * the data, destroy now. */ + UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock); if (SHUTTINGDOWN(fctx)) - maybe_destroy(fctx); - + maybe_destroy(fctx); /* Locks bucket. */ goto cleanup_event; } @@ -3315,6 +3329,7 @@ validated(isc_task_t *task, isc_event_t *event) { * more rdatasets that still need to * be validated. */ + UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock); goto cleanup_event; } @@ -3387,7 +3402,9 @@ validated(isc_task_t *task, isc_event_t *event) { if (node != NULL) dns_db_detachnode(fctx->cache, &node); - fctx_done(fctx, result); + UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock); + + fctx_done(fctx, result); /* Locks bucket. */ cleanup_event: isc_event_free(&event); @@ -4921,6 +4938,7 @@ resume_dslookup(isc_task_t *task, isc_event_t *event) { fctx_try(fctx); } else { unsigned int n; + dns_rdataset_t *nsrdataset = NULL; /* * Retrieve state from fctx->nsfetch before we destroy it. @@ -4928,13 +4946,20 @@ resume_dslookup(isc_task_t *task, isc_event_t *event) { dns_fixedname_init(&fixed); domain = dns_fixedname_name(&fixed); dns_name_copy(&fctx->nsfetch->private->domain, domain, NULL); - dns_rdataset_clone(&fctx->nsfetch->private->nameservers, - &nameservers); - dns_resolver_destroyfetch(&fctx->nsfetch); if (dns_name_equal(&fctx->nsname, domain)) { fctx_done(fctx, DNS_R_SERVFAIL); + dns_resolver_destroyfetch(&fctx->nsfetch); goto cleanup; } + if (dns_rdataset_isassociated( + &fctx->nsfetch->private->nameservers)) { + dns_rdataset_clone( + &fctx->nsfetch->private->nameservers, + &nameservers); + nsrdataset = &nameservers; + } else + domain = NULL; + dns_resolver_destroyfetch(&fctx->nsfetch); n = dns_name_countlabels(&fctx->nsname); dns_name_getlabelsequence(&fctx->nsname, 1, n - 1, &fctx->nsname); @@ -4944,7 +4969,7 @@ resume_dslookup(isc_task_t *task, isc_event_t *event) { FCTXTRACE("continuing to look for parent's NS records"); result = dns_resolver_createfetch(fctx->res, &fctx->nsname, dns_rdatatype_ns, domain, - &nameservers, NULL, 0, task, + nsrdataset, NULL, 0, task, resume_dslookup, fctx, &fctx->nsrrset, NULL, &fctx->nsfetch); diff --git a/contrib/bind9/lib/dns/tcpmsg.c b/contrib/bind9/lib/dns/tcpmsg.c index 4400a3a58f7..a0fddcde12a 100644 --- a/contrib/bind9/lib/dns/tcpmsg.c +++ b/contrib/bind9/lib/dns/tcpmsg.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tcpmsg.c,v 1.24.206.1 2004/03/06 08:13:46 marka Exp $ */ +/* $Id: tcpmsg.c,v 1.24.206.3 2006/08/10 23:59:28 marka Exp $ */ #include @@ -52,6 +52,7 @@ recv_length(isc_task_t *task, isc_event_t *ev_in) { INSIST(VALID_TCPMSG(tcpmsg)); dev = &tcpmsg->event; + tcpmsg->address = ev->address; if (ev->result != ISC_R_SUCCESS) { tcpmsg->result = ev->result; @@ -108,6 +109,7 @@ recv_message(isc_task_t *task, isc_event_t *ev_in) { INSIST(VALID_TCPMSG(tcpmsg)); dev = &tcpmsg->event; + tcpmsg->address = ev->address; if (ev->result != ISC_R_SUCCESS) { tcpmsg->result = ev->result; @@ -116,7 +118,6 @@ recv_message(isc_task_t *task, isc_event_t *ev_in) { tcpmsg->result = ISC_R_SUCCESS; isc_buffer_add(&tcpmsg->buffer, ev->n); - tcpmsg->address = ev->address; XDEBUG(("Received %d bytes (of %d)\n", ev->n, tcpmsg->size)); diff --git a/contrib/bind9/lib/dns/tkey.c b/contrib/bind9/lib/dns/tkey.c index 43c8db0e57c..ca793d2b942 100644 --- a/contrib/bind9/lib/dns/tkey.c +++ b/contrib/bind9/lib/dns/tkey.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -16,7 +16,7 @@ */ /* - * $Id: tkey.c,v 1.71.2.1.10.7 2005/06/12 00:02:26 marka Exp $ + * $Id: tkey.c,v 1.71.2.1.10.9 2006/01/04 23:50:20 marka Exp $ */ #include @@ -441,15 +441,17 @@ process_gsstkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name, dstkey, ISC_TRUE, signer, tkeyin->inception, tkeyin->expire, msg->mctx, ring, NULL); +#if 1 if (result != ISC_R_SUCCESS) goto failure; - +#else if (result == ISC_R_NOTFOUND) { tkeyout->error = dns_tsigerror_badalg; return (ISC_R_SUCCESS); } if (result != ISC_R_SUCCESS) goto failure; +#endif /* This key is good for a long time */ isc_stdtime_get(&now); diff --git a/contrib/bind9/lib/dns/tsig.c b/contrib/bind9/lib/dns/tsig.c index 6a8d774a270..9bdde06eb15 100644 --- a/contrib/bind9/lib/dns/tsig.c +++ b/contrib/bind9/lib/dns/tsig.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -16,7 +16,7 @@ */ /* - * $Id: tsig.c,v 1.112.2.3.8.6 2005/03/17 03:58:31 marka Exp $ + * $Id: tsig.c,v 1.112.2.3.8.10 2006/05/02 04:21:42 marka Exp $ */ #include @@ -363,7 +363,7 @@ dns_tsig_sign(dns_message_t *msg) { isc_buffer_t databuf, sigbuf; isc_buffer_t *dynbuf; dns_name_t *owner; - dns_rdata_t *rdata; + dns_rdata_t *rdata = NULL; dns_rdatalist_t *datalist; dns_rdataset_t *dataset; isc_region_t r; @@ -555,13 +555,12 @@ dns_tsig_sign(dns_message_t *msg) { tsig.signature = NULL; } - rdata = NULL; ret = dns_message_gettemprdata(msg, &rdata); if (ret != ISC_R_SUCCESS) goto cleanup_signature; ret = isc_buffer_allocate(msg->mctx, &dynbuf, 512); if (ret != ISC_R_SUCCESS) - goto cleanup_signature; + goto cleanup_rdata; ret = dns_rdata_fromstruct(rdata, dns_rdataclass_any, dns_rdatatype_tsig, &tsig, dynbuf); if (ret != ISC_R_SUCCESS) @@ -577,7 +576,7 @@ dns_tsig_sign(dns_message_t *msg) { owner = NULL; ret = dns_message_gettempname(msg, &owner); if (ret != ISC_R_SUCCESS) - goto cleanup_dynbuf; + goto cleanup_rdata; dns_name_init(owner, NULL); ret = dns_name_dup(&key->name, msg->mctx, owner); if (ret != ISC_R_SUCCESS) @@ -587,16 +586,16 @@ dns_tsig_sign(dns_message_t *msg) { ret = dns_message_gettemprdatalist(msg, &datalist); if (ret != ISC_R_SUCCESS) goto cleanup_owner; + dataset = NULL; + ret = dns_message_gettemprdataset(msg, &dataset); + if (ret != ISC_R_SUCCESS) + goto cleanup_rdatalist; datalist->rdclass = dns_rdataclass_any; datalist->type = dns_rdatatype_tsig; datalist->covers = 0; datalist->ttl = 0; ISC_LIST_INIT(datalist->rdata); ISC_LIST_APPEND(datalist->rdata, rdata, link); - dataset = NULL; - ret = dns_message_gettemprdataset(msg, &dataset); - if (ret != ISC_R_SUCCESS) - goto cleanup_owner; dns_rdataset_init(dataset); RUNTIME_CHECK(dns_rdatalist_tordataset(datalist, dataset) == ISC_R_SUCCESS); @@ -605,16 +604,19 @@ dns_tsig_sign(dns_message_t *msg) { return (ISC_R_SUCCESS); -cleanup_owner: - if (owner != NULL) - dns_message_puttempname(msg, &owner); -cleanup_dynbuf: - if (dynbuf != NULL) - isc_buffer_free(&dynbuf); -cleanup_signature: + cleanup_rdatalist: + dns_message_puttemprdatalist(msg, &datalist); + cleanup_owner: + dns_message_puttempname(msg, &owner); + goto cleanup_rdata; + cleanup_dynbuf: + isc_buffer_free(&dynbuf); + cleanup_rdata: + dns_message_puttemprdata(msg, &rdata); + cleanup_signature: if (tsig.signature != NULL) isc_mem_put(mctx, tsig.signature, sigsize); -cleanup_context: + cleanup_context: if (ctx != NULL) dst_context_destroy(&ctx); return (ret); @@ -646,8 +648,11 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, msg->verify_attempted = 1; - if (msg->tcp_continuation) + if (msg->tcp_continuation) { + if (tsigkey == NULL || msg->querytsig == NULL) + return (DNS_R_UNEXPECTEDTSIG); return (tsig_verify_tcp(source, msg)); + } /* * There should be a TSIG record... diff --git a/contrib/bind9/lib/dns/validator.c b/contrib/bind9/lib/dns/validator.c index a62db341376..ec727b71255 100644 --- a/contrib/bind9/lib/dns/validator.c +++ b/contrib/bind9/lib/dns/validator.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.c,v 1.91.2.5.8.21 2005/11/02 02:07:47 marka Exp $ */ +/* $Id: validator.c,v 1.91.2.5.8.27 2006/02/26 23:03:52 marka Exp $ */ #include @@ -43,20 +43,65 @@ #include #include +/*! \file + * \brief + * Basic processing sequences. + * + * \li When called with rdataset and sigrdataset: + * validator_start -> validate -> proveunsecure -> startfinddlvsep -> + * dlv_validator_start -> validator_start -> validate -> proveunsecure + * + * validator_start -> validate -> nsecvalidate (secure wildcard answer) + * + * \li When called with rdataset, sigrdataset and with DNS_VALIDATOR_DLV: + * validator_start -> startfinddlvsep -> dlv_validator_start -> + * validator_start -> validate -> proveunsecure + * + * \li When called with rdataset: + * validator_start -> proveunsecure -> startfinddlvsep -> + * dlv_validator_start -> validator_start -> proveunsecure + * + * \li When called with rdataset and with DNS_VALIDATOR_DLV: + * validator_start -> startfinddlvsep -> dlv_validator_start -> + * validator_start -> proveunsecure + * + * \li When called without a rdataset: + * validator_start -> nsecvalidate -> proveunsecure -> startfinddlvsep -> + * dlv_validator_start -> validator_start -> nsecvalidate -> proveunsecure + * + * \li When called without a rdataset and with DNS_VALIDATOR_DLV: + * validator_start -> startfinddlvsep -> dlv_validator_start -> + * validator_start -> nsecvalidate -> proveunsecure + * + * validator_start: determines what type of validation to do. + * validate: attempts to perform a positive validation. + * proveunsecure: attempts to prove the answer comes from a unsecure zone. + * nsecvalidate: attempts to prove a negative response. + * startfinddlvsep: starts the DLV record lookup. + * dlv_validator_start: resets state and restarts the lookup using the + * DLV RRset found by startfinddlvsep. + */ + #define VALIDATOR_MAGIC ISC_MAGIC('V', 'a', 'l', '?') #define VALID_VALIDATOR(v) ISC_MAGIC_VALID(v, VALIDATOR_MAGIC) -#define VALATTR_SHUTDOWN 0x0001 -#define VALATTR_FOUNDNONEXISTENCE 0x0002 -#define VALATTR_TRIEDVERIFY 0x0004 -#define VALATTR_NEGATIVE 0x0008 -#define VALATTR_INSECURITY 0x0010 -#define VALATTR_DLVTRIED 0x0020 +#define VALATTR_SHUTDOWN 0x0001 /*%< Shutting down. */ +#define VALATTR_TRIEDVERIFY 0x0004 /*%< We have found a key and + * have attempted a verify. */ +#define VALATTR_INSECURITY 0x0010 /*%< Attempting proveunsecure. */ +#define VALATTR_DLVTRIED 0x0020 /*%< Looked for a DLV record. */ +#define VALATTR_AUTHNONPENDING 0x0040 /*%< Tidy up pending auth. */ +/*! + * NSEC proofs to be looked for. + */ #define VALATTR_NEEDNOQNAME 0x0100 #define VALATTR_NEEDNOWILDCARD 0x0200 #define VALATTR_NEEDNODATA 0x0400 +/*! + * NSEC proofs that have been found. + */ #define VALATTR_FOUNDNOQNAME 0x1000 #define VALATTR_FOUNDNOWILDCARD 0x2000 #define VALATTR_FOUNDNODATA 0x4000 @@ -104,19 +149,35 @@ validator_logcreate(dns_validator_t *val, static isc_result_t dlv_validatezonekey(dns_validator_t *val); -static isc_result_t +static void dlv_validator_start(dns_validator_t *val); static isc_result_t finddlvsep(dns_validator_t *val, isc_boolean_t resume); +static void +auth_nonpending(dns_message_t *message); + +static isc_result_t +startfinddlvsep(dns_validator_t *val, dns_name_t *unsecure); + +/*% + * Mark the RRsets as a answer. + * + * If VALATTR_AUTHNONPENDING is set then this is a negative answer + * in a insecure zone. We need to mark any pending RRsets as + * dns_trust_authauthority answers (this is deferred from resolver.c). + */ static inline void markanswer(dns_validator_t *val) { validator_log(val, ISC_LOG_DEBUG(3), "marking as answer"); - if (val->event->rdataset) + if (val->event->rdataset != NULL) val->event->rdataset->trust = dns_trust_answer; - if (val->event->sigrdataset) + if (val->event->sigrdataset != NULL) val->event->sigrdataset->trust = dns_trust_answer; + if (val->event->message != NULL && + (val->attributes & VALATTR_AUTHNONPENDING) != 0) + auth_nonpending(val->event->message); } static void @@ -155,6 +216,9 @@ exit_check(dns_validator_t *val) { return (ISC_TRUE); } +/*% + * Mark pending answers in the authority section as dns_trust_authauthority. + */ static void auth_nonpending(dns_message_t *message) { isc_result_t result; @@ -177,6 +241,10 @@ auth_nonpending(dns_message_t *message) { } } +/*% + * Look in the NSEC record returned from a DS query to see if there is + * a NS RRset at this name. If it is found we are at a delegation point. + */ static isc_boolean_t isdelegation(dns_name_t *name, dns_rdataset_t *rdataset, isc_result_t dbresult) @@ -210,6 +278,11 @@ isdelegation(dns_name_t *name, dns_rdataset_t *rdataset, return (found); } +/*% + * We have been asked to to look for a key. + * If found resume the validation process. + * If not found fail the validation process. + */ static void fetch_callback_validator(isc_task_t *task, isc_event_t *event) { dns_fetchevent_t *devent; @@ -269,6 +342,11 @@ fetch_callback_validator(isc_task_t *task, isc_event_t *event) { destroy(val); } +/*% + * We were asked to look for a DS record as part of following a key chain + * upwards. If found resume the validation process. If not found fail the + * validation process. + */ static void dsfetched(isc_task_t *task, isc_event_t *event) { dns_fetchevent_t *devent; @@ -330,8 +408,16 @@ dsfetched(isc_task_t *task, isc_event_t *event) { destroy(val); } -/* - * XXX there's too much duplicated code here. +/*% + * We were asked to look for the DS record as part of proving that a + * name is unsecure. + * + * If the DS record doesn't exist and the query name corresponds to + * a delegation point we are transitioning from a secure zone to a + * unsecure zone. + * + * If the DS record exists it will be secure. We can continue looking + * for the break point in the chain of trust. */ static void dsfetched2(isc_task_t *task, isc_event_t *event) { @@ -359,7 +445,8 @@ dsfetched2(isc_task_t *task, isc_event_t *event) { INSIST(val->event != NULL); - validator_log(val, ISC_LOG_DEBUG(3), "in dsfetched2"); + validator_log(val, ISC_LOG_DEBUG(3), "in dsfetched2: %s", + dns_result_totext(eresult)); LOCK(&val->lock); if (eresult == DNS_R_NXRRSET || eresult == DNS_R_NCACHENXRRSET) { /* @@ -371,9 +458,13 @@ dsfetched2(isc_task_t *task, isc_event_t *event) { validator_log(val, ISC_LOG_WARNING, "must be secure failure"); validator_done(val, DNS_R_MUSTBESECURE); - } else { + } else if (val->view->dlv == NULL || DLVTRIED(val)) { markanswer(val); validator_done(val, ISC_R_SUCCESS); + } else { + result = startfinddlvsep(val, tname); + if (result != DNS_R_WAIT) + validator_done(val, result); } } else { result = proveunsecure(val, ISC_TRUE); @@ -385,7 +476,9 @@ dsfetched2(isc_task_t *task, isc_event_t *event) { eresult == DNS_R_NCACHENXDOMAIN) { /* - * Either there is a DS or this is not a zone cut. Continue. + * There is a DS which may or may not be a zone cut. + * In either case we are still in a secure zone resume + * validation. */ result = proveunsecure(val, ISC_TRUE); if (result != DNS_R_WAIT) @@ -403,6 +496,11 @@ dsfetched2(isc_task_t *task, isc_event_t *event) { destroy(val); } +/*% + * Callback from when a DNSKEY RRset has been validated. + * + * Resumes the stalled validation process. + */ static void keyvalidated(isc_task_t *task, isc_event_t *event) { dns_validatorevent_t *devent; @@ -448,6 +546,11 @@ keyvalidated(isc_task_t *task, isc_event_t *event) { destroy(val); } +/*% + * Callback when the DS record has been validated. + * + * Resumes validation of the zone key or the unsecure zone proof. + */ static void dsvalidated(isc_task_t *task, isc_event_t *event) { dns_validatorevent_t *devent; @@ -491,10 +594,12 @@ dsvalidated(isc_task_t *task, isc_event_t *event) { destroy(val); } -/* +/*% * Return ISC_R_SUCCESS if we can determine that the name doesn't exist * or we can determine whether there is data or not at the name. * If the name does not exist return the wildcard name. + * + * Return ISC_R_IGNORE when the NSEC is not the appropriate one. */ static isc_result_t nsecnoexistnodata(dns_validator_t *val, dns_name_t* name, dns_name_t *nsecname, @@ -627,7 +732,7 @@ nsecnoexistnodata(dns_validator_t *val, dns_name_t* name, dns_name_t *nsecname, wild, NULL); if (result != ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), - "failure generating wilcard name"); + "failure generating wildcard name"); return (result); } } @@ -637,6 +742,13 @@ nsecnoexistnodata(dns_validator_t *val, dns_name_t* name, dns_name_t *nsecname, return (ISC_R_SUCCESS); } +/*% + * Callback for when NSEC records have been validated. + * + * Looks for NOQNAME and NODATA proofs. + * + * Resumes nsecvalidate. + */ static void authvalidated(isc_task_t *task, isc_event_t *event) { dns_validatorevent_t *devent; @@ -715,44 +827,20 @@ authvalidated(isc_task_t *task, isc_event_t *event) { isc_event_free(&event); } -static void -negauthvalidated(isc_task_t *task, isc_event_t *event) { - dns_validatorevent_t *devent; - dns_validator_t *val; - isc_boolean_t want_destroy; - isc_result_t eresult; - - UNUSED(task); - INSIST(event->ev_type == DNS_EVENT_VALIDATORDONE); - - devent = (dns_validatorevent_t *)event; - val = devent->ev_arg; - eresult = devent->result; - isc_event_free(&event); - dns_validator_destroy(&val->subvalidator); - - INSIST(val->event != NULL); - - validator_log(val, ISC_LOG_DEBUG(3), "in negauthvalidated"); - LOCK(&val->lock); - if (eresult == ISC_R_SUCCESS) { - val->attributes |= VALATTR_FOUNDNONEXISTENCE; - validator_log(val, ISC_LOG_DEBUG(3), - "nonexistence proof found"); - auth_nonpending(val->event->message); - validator_done(val, ISC_R_SUCCESS); - } else { - validator_log(val, ISC_LOG_DEBUG(3), - "negauthvalidated: got %s", - isc_result_totext(eresult)); - validator_done(val, eresult); - } - want_destroy = exit_check(val); - UNLOCK(&val->lock); - if (want_destroy) - destroy(val); -} - +/*% + * Looks for the requested name and type in the view (zones and cache). + * + * When looking for a DLV record also checks to make sure the NSEC record + * returns covers the query name as part of aggressive negative caching. + * + * Returns: + * \li ISC_R_SUCCESS + * \li ISC_R_NOTFOUND + * \li DNS_R_NCACHENXDOMAIN + * \li DNS_R_NCACHENXRRSET + * \li DNS_R_NXRRSET + * \li DNS_R_NXDOMAIN + */ static inline isc_result_t view_find(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type) { dns_fixedname_t fixedname; @@ -855,12 +943,9 @@ view_find(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type) { dns_rdata_freestruct(&nsec); result = DNS_R_NCACHENXDOMAIN; } else if (result != ISC_R_SUCCESS && - result != DNS_R_GLUE && - result != DNS_R_HINT && result != DNS_R_NCACHENXDOMAIN && result != DNS_R_NCACHENXRRSET && result != DNS_R_NXRRSET && - result != DNS_R_HINTNXRRSET && result != ISC_R_NOTFOUND) { goto notfound; } @@ -874,11 +959,15 @@ view_find(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type) { return (ISC_R_NOTFOUND); } +/*% + * Checks to make sure we are not going to loop. As we use a SHARED fetch + * the validation process will stall if looping was to occur. + */ static inline isc_boolean_t check_deadlock(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type) { dns_validator_t *parent; - for (parent = val->parent; parent != NULL; parent = parent->parent) { + for (parent = val; parent != NULL; parent = parent->parent) { if (parent->event != NULL && parent->event->type == type && dns_name_equal(parent->event->name, name)) @@ -892,6 +981,9 @@ check_deadlock(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type) { return (ISC_FALSE); } +/*% + * Start a fetch for the requested name and type. + */ static inline isc_result_t create_fetch(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type, isc_taskaction_t callback, const char *caller) @@ -914,6 +1006,9 @@ create_fetch(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type, &val->fetch)); } +/*% + * Start a subvalidation process. + */ static inline isc_result_t create_validator(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset, @@ -936,7 +1031,7 @@ create_validator(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type, return (result); } -/* +/*% * Try to find a key that could have signed 'siginfo' among those * in 'rdataset'. If found, build a dst_key_t for it and point * val->key at it. @@ -1004,6 +1099,9 @@ get_dst_key(dns_validator_t *val, dns_rdata_rrsig_t *siginfo, return (result); } +/*% + * Get the key that genertated this signature. + */ static isc_result_t get_key(dns_validator_t *val, dns_rdata_rrsig_t *siginfo) { isc_result_t result; @@ -1130,7 +1228,7 @@ compute_keytag(dns_rdata_t *rdata, dns_rdata_dnskey_t *key) { return (dst_region_computeid(&r, key->algorithm)); } -/* +/*% * Is this keyset self-signed? */ static isc_boolean_t @@ -1172,8 +1270,19 @@ isselfsigned(dns_validator_t *val) { return (ISC_FALSE); } +/*% + * Attempt to verify the rdataset using the given key and rdata (RRSIG). + * The signature was good and from a wildcard record and the QNAME does + * not match the wildcard we need to look for a NOQNAME proof. + * + * Returns: + * \li ISC_R_SUCCESS if the verification succeeds. + * \li Others if the verification fails. + */ static isc_result_t -verify(dns_validator_t *val, dst_key_t *key, dns_rdata_t *rdata) { +verify(dns_validator_t *val, dst_key_t *key, dns_rdata_t *rdata, + isc_uint16_t keyid) +{ isc_result_t result; dns_fixedname_t fixed; @@ -1183,8 +1292,8 @@ verify(dns_validator_t *val, dst_key_t *key, dns_rdata_t *rdata) { key, ISC_FALSE, val->view->mctx, rdata, dns_fixedname_name(&fixed)); validator_log(val, ISC_LOG_DEBUG(3), - "verify rdataset: %s", - isc_result_totext(result)); + "verify rdataset (keyid=%u): %s", + keyid, isc_result_totext(result)); if (result == DNS_R_FROMWILDCARD) { if (!dns_name_equal(val->event->name, dns_fixedname_name(&fixed))) @@ -1194,14 +1303,14 @@ verify(dns_validator_t *val, dst_key_t *key, dns_rdata_t *rdata) { return (result); } -/* +/*% * Attempts positive response validation of a normal RRset. * * Returns: - * ISC_R_SUCCESS Validation completed successfully - * DNS_R_WAIT Validation has started but is waiting + * \li ISC_R_SUCCESS Validation completed successfully + * \li DNS_R_WAIT Validation has started but is waiting * for an event. - * Other return codes are possible and all indicate failure. + * \li Other return codes are possible and all indicate failure. */ static isc_result_t validate(dns_validator_t *val, isc_boolean_t resume) { @@ -1272,7 +1381,8 @@ validate(dns_validator_t *val, isc_boolean_t resume) { } do { - result = verify(val, val->key, &rdata); + result = verify(val, val->key, &rdata, + val->siginfo->keyid); if (result == ISC_R_SUCCESS) break; if (val->keynode != NULL) { @@ -1356,6 +1466,10 @@ validate(dns_validator_t *val, isc_boolean_t resume) { return (DNS_R_NOVALIDSIG); } +/*% + * Validate the DNSKEY RRset by looking for a DNSKEY that matches a + * DLV record and that also verifies the DNSKEY RRset. + */ static isc_result_t dlv_validatezonekey(dns_validator_t *val) { dns_keytag_t keytag; @@ -1373,12 +1487,12 @@ dlv_validatezonekey(dns_validator_t *val) { unsigned char dsbuf[DNS_DS_BUFFERSIZE]; validator_log(val, ISC_LOG_DEBUG(3), "dlv_validatezonekey"); + /* * Look through the DLV record and find the keys that can sign the * key set and the matching signature. For each such key, attempt * verification. */ - supported_algorithm = ISC_FALSE; for (result = dns_rdataset_first(&val->dlv); @@ -1456,7 +1570,7 @@ dlv_validatezonekey(dns_validator_t *val) { */ continue; - result = verify(val, dstkey, &sigrdata); + result = verify(val, dstkey, &sigrdata, sig.keyid); dst_key_free(&dstkey); if (result == ISC_R_SUCCESS) break; @@ -1486,14 +1600,14 @@ dlv_validatezonekey(dns_validator_t *val) { return (DNS_R_NOVALIDSIG); } -/* +/*% * Attempts positive response validation of an RRset containing zone keys. * * Returns: - * ISC_R_SUCCESS Validation completed successfully - * DNS_R_WAIT Validation has started but is waiting + * \li ISC_R_SUCCESS Validation completed successfully + * \li DNS_R_WAIT Validation has started but is waiting * for an event. - * Other return codes are possible and all indicate failure. + * \li Other return codes are possible and all indicate failure. */ static isc_result_t validatezonekey(dns_validator_t *val) { @@ -1505,12 +1619,14 @@ validatezonekey(dns_validator_t *val) { dns_rdata_t keyrdata = DNS_RDATA_INIT; dns_rdata_t sigrdata = DNS_RDATA_INIT; unsigned char dsbuf[DNS_DS_BUFFERSIZE]; + char namebuf[DNS_NAME_FORMATSIZE]; dns_keytag_t keytag; dns_rdata_ds_t ds; dns_rdata_dnskey_t key; dns_rdata_rrsig_t sig; dst_key_t *dstkey; isc_boolean_t supported_algorithm; + isc_boolean_t atsep = ISC_FALSE; /* * Caller must be holding the validator lock. @@ -1541,9 +1657,13 @@ validatezonekey(dns_validator_t *val) { sig.algorithm, sig.keyid, &keynode); + if (result == DNS_R_PARTIALMATCH || + result == ISC_R_SUCCESS) + atsep = ISC_TRUE; while (result == ISC_R_SUCCESS) { dstkey = dns_keynode_key(keynode); - result = verify(val, dstkey, &sigrdata); + result = verify(val, dstkey, &sigrdata, + sig.keyid); if (result == ISC_R_SUCCESS) { dns_keytable_detachkeynode(val->keytable, &keynode); @@ -1578,6 +1698,22 @@ validatezonekey(dns_validator_t *val) { return (DNS_R_NOVALIDDS); } + if (atsep) { + /* + * We have not found a key to verify this DNSKEY + * RRset. As this is a SEP we have to assume that + * the RRset is invalid. + */ + dns_name_format(val->event->name, namebuf, + sizeof(namebuf)); + validator_log(val, ISC_LOG_DEBUG(2), + "unable to find a DNSKEY which verifies " + "the DNSKEY RRset and also matches one " + "of specified trusted-keys for '%s'", + namebuf); + return (DNS_R_NOVALIDKEY); + } + /* * Otherwise, try to find the DS record. */ @@ -1680,6 +1816,9 @@ validatezonekey(dns_validator_t *val) { dns_rdataset_init(&trdataset); dns_rdataset_clone(val->event->rdataset, &trdataset); + /* + * Look for the KEY that matches the DS record. + */ for (result = dns_rdataset_first(&trdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(&trdataset)) @@ -1714,7 +1853,7 @@ validatezonekey(dns_validator_t *val) { dns_rdataset_current(val->event->sigrdataset, &sigrdata); (void)dns_rdata_tostruct(&sigrdata, &sig, NULL); - if (ds.key_tag != sig.keyid && + if (ds.key_tag != sig.keyid || ds.algorithm != sig.algorithm) continue; @@ -1728,8 +1867,7 @@ validatezonekey(dns_validator_t *val) { * This really shouldn't happen, but... */ continue; - - result = verify(val, dstkey, &sigrdata); + result = verify(val, dstkey, &sigrdata, sig.keyid); dst_key_free(&dstkey); if (result == ISC_R_SUCCESS) break; @@ -1759,14 +1897,14 @@ validatezonekey(dns_validator_t *val) { return (DNS_R_NOVALIDSIG); } -/* +/*% * Starts a positive response validation. * * Returns: - * ISC_R_SUCCESS Validation completed successfully - * DNS_R_WAIT Validation has started but is waiting + * \li ISC_R_SUCCESS Validation completed successfully + * \li DNS_R_WAIT Validation has started but is waiting * for an event. - * Other return codes are possible and all indicate failure. + * \li Other return codes are possible and all indicate failure. */ static isc_result_t start_positive_validation(dns_validator_t *val) { @@ -1779,6 +1917,14 @@ start_positive_validation(dns_validator_t *val) { return (validatezonekey(val)); } +/*% + * Look for NODATA at the wildcard and NOWILDCARD proofs in the + * previously validated NSEC records. As these proofs are mutually + * exclusive we stop when one is found. + * + * Returns + * \li ISC_R_SUCCESS + */ static isc_result_t checkwildcard(dns_validator_t *val) { dns_name_t *name, *wild; @@ -1851,6 +1997,18 @@ checkwildcard(dns_validator_t *val) { return (result); } +/*% + * Prove a negative answer is good or that there is a NOQNAME when the + * answer is from a wildcard. + * + * Loop through the authority section looking for NODATA, NOWILDCARD + * and NOQNAME proofs in the NSEC records by calling authvalidated(). + * + * If the required proofs are found we are done. + * + * If the proofs are not found attempt to prove this is a unsecure + * response. + */ static isc_result_t nsecvalidate(dns_validator_t *val, isc_boolean_t resume) { dns_name_t *name; @@ -1946,7 +2104,8 @@ nsecvalidate(dns_validator_t *val, isc_boolean_t resume) { return (result); /* - * Do we only need to check for NOQNAME? + * Do we only need to check for NOQNAME? To get here we must have + * had a secure wildcard answer. */ if ((val->attributes & VALATTR_NEEDNODATA) == 0 && (val->attributes & VALATTR_NEEDNOWILDCARD) == 0 && @@ -1982,28 +2141,17 @@ nsecvalidate(dns_validator_t *val, isc_boolean_t resume) { ((val->attributes & VALATTR_NEEDNOQNAME) != 0 && (val->attributes & VALATTR_FOUNDNOQNAME) != 0 && (val->attributes & VALATTR_NEEDNOWILDCARD) != 0 && - (val->attributes & VALATTR_FOUNDNOWILDCARD) != 0)) - val->attributes |= VALATTR_FOUNDNONEXISTENCE; - - if ((val->attributes & VALATTR_FOUNDNONEXISTENCE) == 0) { - if (!val->seensig && val->soaset != NULL) { - result = create_validator(val, val->soaname, - dns_rdatatype_soa, - val->soaset, NULL, - negauthvalidated, - "nsecvalidate"); - if (result != ISC_R_SUCCESS) - return (result); - return (DNS_R_WAIT); - } + (val->attributes & VALATTR_FOUNDNOWILDCARD) != 0)) { validator_log(val, ISC_LOG_DEBUG(3), - "nonexistence proof not found"); - return (DNS_R_NOVALIDNSEC); - } else { - validator_log(val, ISC_LOG_DEBUG(3), - "nonexistence proof found"); + "nonexistence proof(s) found"); return (ISC_R_SUCCESS); } + + validator_log(val, ISC_LOG_DEBUG(3), + "nonexistence proof(s) not found"); + val->attributes |= VALATTR_AUTHNONPENDING; + val->attributes |= VALATTR_INSECURITY; + return (proveunsecure(val, ISC_FALSE)); } static isc_boolean_t @@ -2029,6 +2177,11 @@ check_ds(dns_validator_t *val, dns_name_t *name, dns_rdataset_t *rdataset) { return (ISC_FALSE); } +/*% + * Callback from fetching a DLV record. + * + * Resumes the DLV lookup process. + */ static void dlvfetched(isc_task_t *task, isc_event_t *event) { char namebuf[DNS_NAME_FORMATSIZE]; @@ -2065,9 +2218,7 @@ dlvfetched(isc_task_t *task, isc_event_t *event) { dns_rdataset_clone(&val->frdataset, &val->dlv); val->havedlvsep = ISC_TRUE; validator_log(val, ISC_LOG_DEBUG(3), "DLV %s found", namebuf); - result = dlv_validator_start(val); - if (result != DNS_R_WAIT) - validator_done(val, result); + dlv_validator_start(val); } else if (eresult == DNS_R_NXRRSET || eresult == DNS_R_NXDOMAIN || eresult == DNS_R_NCACHENXRRSET || @@ -2078,9 +2229,7 @@ dlvfetched(isc_task_t *task, isc_event_t *event) { namebuf, sizeof(namebuf)); validator_log(val, ISC_LOG_DEBUG(3), "DLV %s found", namebuf); - result = dlv_validator_start(val); - if (result != DNS_R_WAIT) - validator_done(val, result); + dlv_validator_start(val); } else if (result == ISC_R_NOTFOUND) { validator_log(val, ISC_LOG_DEBUG(3), "DLV not found"); markanswer(val); @@ -2094,6 +2243,7 @@ dlvfetched(isc_task_t *task, isc_event_t *event) { } else { validator_log(val, ISC_LOG_DEBUG(3), "DLV lookup: %s", dns_result_totext(eresult)); + validator_done(val, eresult); } want_destroy = exit_check(val); UNLOCK(&val->lock); @@ -2101,6 +2251,14 @@ dlvfetched(isc_task_t *task, isc_event_t *event) { destroy(val); } +/*% + * Start the DLV lookup proccess. + * + * Returns + * \li ISC_R_SUCCESS + * \li DNS_R_WAIT + * \li Others on validation failures. + */ static isc_result_t startfinddlvsep(dns_validator_t *val, dns_name_t *unsecure) { char namebuf[DNS_NAME_FORMATSIZE]; @@ -2135,9 +2293,19 @@ startfinddlvsep(dns_validator_t *val, dns_name_t *unsecure) { dns_name_format(dns_fixedname_name(&val->dlvsep), namebuf, sizeof(namebuf)); validator_log(val, ISC_LOG_DEBUG(3), "DLV %s found", namebuf); - return (dlv_validator_start(val)); + dlv_validator_start(val); + return (DNS_R_WAIT); } +/*% + * Continue the DLV lookup process. + * + * Returns + * \li ISC_R_SUCCESS + * \li ISC_R_NOTFOUND + * \li DNS_R_WAIT + * \li Others on validation failure. + */ static isc_result_t finddlvsep(dns_validator_t *val, isc_boolean_t resume) { char namebuf[DNS_NAME_FORMATSIZE]; @@ -2147,7 +2315,7 @@ finddlvsep(dns_validator_t *val, isc_boolean_t resume) { dns_name_t noroot; isc_result_t result; unsigned int labels; - + INSIST(val->view->dlv != NULL); if (!resume) { @@ -2231,11 +2399,24 @@ finddlvsep(dns_validator_t *val, isc_boolean_t resume) { return (ISC_R_NOTFOUND); } -/* +/*% * proveunsecure walks down from the SEP looking for a break in the - * chain of trust. That occurs when we can prove the DS record does + * chain of trust. That occurs when we can prove the DS record does * not exist at a delegation point or the DS exists at a delegation * but we don't support the algorithm/digest. + * + * If DLV is active and we look for a DLV record at or below the + * point we go insecure. If found we restart the validation process. + * If not found or DLV isn't active we mark the response as a answer. + * + * Returns: + * \li ISC_R_SUCCESS val->event->name is in a unsecure zone + * \li DNS_R_WAIT validation is in progress. + * \li DNS_R_MUSTBESECURE val->event->name is supposed to be secure + * (policy) but we proved that it is unsecure. + * \li DNS_R_NOVALIDSIG + * \li DNS_R_NOVALIDNSEC + * \li DNS_R_NOTINSECURE */ static isc_result_t proveunsecure(dns_validator_t *val, isc_boolean_t resume) { @@ -2253,7 +2434,7 @@ proveunsecure(dns_validator_t *val, isc_boolean_t resume) { result = dns_keytable_finddeepestmatch(val->keytable, val->event->name, secroot); - + if (result == ISC_R_NOTFOUND) { validator_log(val, ISC_LOG_DEBUG(3), "not beneath secure root"); @@ -2395,8 +2576,7 @@ proveunsecure(dns_validator_t *val, isc_boolean_t resume) { goto out; return (DNS_R_WAIT); } else if (result == DNS_R_NXDOMAIN || - result == DNS_R_NCACHENXDOMAIN) - { + result == DNS_R_NCACHENXDOMAIN) { /* * This is not a zone cut. Assuming things are * as expected, continue. @@ -2441,7 +2621,10 @@ proveunsecure(dns_validator_t *val, isc_boolean_t resume) { return (result); } -static isc_result_t +/*% + * Reset state and revalidate the answer using DLV. + */ +static void dlv_validator_start(dns_validator_t *val) { isc_event_t *event; @@ -2455,9 +2638,20 @@ dlv_validator_start(dns_validator_t *val) { event = (isc_event_t *)val->event; isc_task_send(val->task, &event); - return (DNS_R_WAIT); } +/*% + * Start the validation process. + * + * Attempt to valididate the answer based on the category it appears to + * fall in. + * \li 1. secure positive answer. + * \li 2. unsecure positive answer. + * \li 3. a negative answer (secure or unsecure). + * + * Note a answer that appears to be a secure positive answer may actually + * be a unsecure positive answer. + */ static void validator_start(isc_task_t *task, isc_event_t *event) { dns_validator_t *val; @@ -2529,7 +2723,6 @@ validator_start(isc_task_t *task, isc_event_t *event) { validator_log(val, ISC_LOG_DEBUG(3), "attempting negative response validation"); - val->attributes |= VALATTR_NEGATIVE; if (val->event->message->rcode == dns_rcode_nxdomain) { val->attributes |= VALATTR_NEEDNOQNAME; val->attributes |= VALATTR_NEEDNOWILDCARD; @@ -2640,7 +2833,7 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, cleanup_event: isc_task_detach(&tclone); - isc_event_free((isc_event_t **)&val->event); + isc_event_free(ISC_EVENT_PTR(&event)); cleanup_val: dns_view_weakdetach(&val->view); diff --git a/contrib/bind9/lib/dns/xfrin.c b/contrib/bind9/lib/dns/xfrin.c index 8a824a73ef5..fdeed14bd6e 100644 --- a/contrib/bind9/lib/dns/xfrin.c +++ b/contrib/bind9/lib/dns/xfrin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: xfrin.c,v 1.124.2.4.2.12 2005/11/03 23:08:41 marka Exp $ */ +/* $Id: xfrin.c,v 1.124.2.4.2.16 2006/07/19 01:04:24 marka Exp $ */ #include @@ -73,6 +73,8 @@ * when the first two (2) response RRs have already been received. */ typedef enum { + XFRST_SOAQUERY, + XFRST_GOTSOA, XFRST_INITIALSOA, XFRST_FIRSTDATA, XFRST_IXFR_DELSOA, @@ -424,6 +426,30 @@ xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name, isc_uint32_t ttl, redo: switch (xfr->state) { + case XFRST_SOAQUERY: + if (rdata->type != dns_rdatatype_soa) { + xfrin_log(xfr, ISC_LOG_ERROR, + "non-SOA response to SOA query"); + FAIL(DNS_R_FORMERR); + } + xfr->end_serial = dns_soa_getserial(rdata); + if (!DNS_SERIAL_GT(xfr->end_serial, xfr->ixfr.request_serial) && + !dns_zone_isforced(xfr->zone)) { + xfrin_log(xfr, ISC_LOG_DEBUG(3), + "requested serial %u, " + "master has %u, not updating", + xfr->ixfr.request_serial, xfr->end_serial); + FAIL(DNS_R_UPTODATE); + } + xfr->state = XFRST_GOTSOA; + break; + + case XFRST_GOTSOA: + /* + * Skip other records in the answer section. + */ + break; + case XFRST_INITIALSOA: if (rdata->type != dns_rdatatype_soa) { xfrin_log(xfr, ISC_LOG_ERROR, @@ -589,6 +615,9 @@ dns_xfrin_create2(dns_zone_t *zone, dns_rdatatype_t xfrtype, (void)dns_zone_getdb(zone, &db); + if (xfrtype == dns_rdatatype_soa || xfrtype == dns_rdatatype_ixfr) + REQUIRE(db != NULL); + CHECK(xfrin_create(mctx, zone, db, task, timermgr, socketmgr, zonename, dns_zone_getclass(zone), xfrtype, masteraddr, sourceaddr, tsigkey, &xfr)); @@ -754,7 +783,10 @@ xfrin_create(isc_mem_t *mctx, dns_diff_init(xfr->mctx, &xfr->diff); xfr->difflen = 0; - xfr->state = XFRST_INITIALSOA; + if (reqtype == dns_rdatatype_soa) + xfr->state = XFRST_SOAQUERY; + else + xfr->state = XFRST_INITIALSOA; /* end_serial */ xfr->nmsg = 0; @@ -797,7 +829,18 @@ xfrin_create(isc_mem_t *mctx, return (ISC_R_SUCCESS); failure: - xfrin_fail(xfr, result, "failed creating transfer context"); + if (xfr->timer != NULL) + isc_timer_detach(&xfr->timer); + if (dns_name_dynamic(&xfr->name)) + dns_name_free(&xfr->name, xfr->mctx); + if (xfr->tsigkey != NULL) + dns_tsigkey_detach(&xfr->tsigkey); + if (xfr->db != NULL) + dns_db_detach(&xfr->db); + isc_task_detach(&xfr->task); + dns_zone_idetach(&xfr->zone); + isc_mem_put(mctx, xfr, sizeof(*xfr)); + return (result); } @@ -808,7 +851,9 @@ xfrin_start(dns_xfrin_ctx_t *xfr) { isc_sockaddr_pf(&xfr->sourceaddr), isc_sockettype_tcp, &xfr->socket)); +#ifndef BROKEN_TCP_BIND_BEFORE_CONNECT CHECK(isc_socket_bind(xfr->socket, &xfr->sourceaddr)); +#endif CHECK(isc_socket_connect(xfr->socket, &xfr->masteraddr, xfr->task, xfrin_connect_done, xfr)); xfr->connects++; @@ -987,7 +1032,9 @@ xfrin_send_request(dns_xfrin_ctx_t *xfr) { CHECK(tuple2msgname(soatuple, msg, &msgsoaname)); dns_message_addname(msg, msgsoaname, DNS_SECTION_AUTHORITY); - } + } else if (xfr->reqtype == dns_rdatatype_soa) + CHECK(dns_db_getsoaserial(xfr->db, NULL, + &xfr->ixfr.request_serial)); xfr->checkid = ISC_TRUE; xfr->id++; @@ -1148,8 +1195,8 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { try_axfr: dns_message_destroy(&msg); xfrin_reset(xfr); - xfr->reqtype = dns_rdatatype_axfr; - xfr->state = XFRST_INITIALSOA; + xfr->reqtype = dns_rdatatype_soa; + xfr->state = XFRST_SOAQUERY; (void)xfrin_start(xfr); return; } @@ -1246,7 +1293,11 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { dns_message_destroy(&msg); - if (xfr->state == XFRST_END) { + if (xfr->state == XFRST_GOTSOA) { + xfr->reqtype = dns_rdatatype_axfr; + xfr->state = XFRST_INITIALSOA; + CHECK(xfrin_send_request(xfr)); + } else if (xfr->state == XFRST_END) { /* * Inform the caller we succeeded. */ diff --git a/contrib/bind9/lib/dns/zone.c b/contrib/bind9/lib/dns/zone.c index a993877e91a..d2a47b072b2 100644 --- a/contrib/bind9/lib/dns/zone.c +++ b/contrib/bind9/lib/dns/zone.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.c,v 1.333.2.23.2.59 2005/07/29 00:38:33 marka Exp $ */ +/* $Id: zone.c,v 1.333.2.23.2.65 2006/07/19 01:04:24 marka Exp $ */ #include @@ -264,6 +264,7 @@ struct dns_zone { #define DNS_ZONEFLG_FLUSH 0x00200000U #define DNS_ZONEFLG_NOEDNS 0x00400000U #define DNS_ZONEFLG_USEALTXFRSRC 0x00800000U +#define DNS_ZONEFLG_SOABEFOREAXFR 0x01000000U #define DNS_ZONE_OPTION(z,o) (((z)->options & (o)) != 0) @@ -772,12 +773,10 @@ dns_zone_setdbtype(dns_zone_t *zone, nomem: if (new != NULL) { - for (i = 0; i < dbargc; i++) { - if (zone->db_argv[i] != NULL) + for (i = 0; i < dbargc; i++) + if (new[i] != NULL) isc_mem_free(zone->mctx, new[i]); - isc_mem_put(zone->mctx, new, - dbargc * sizeof(*new)); - } + isc_mem_put(zone->mctx, new, dbargc * sizeof(*new)); } result = ISC_R_NOMEMORY; @@ -807,7 +806,7 @@ dns_zone_getview(dns_zone_t *zone) { isc_result_t -dns_zone_setorigin(dns_zone_t *zone, dns_name_t *origin) { +dns_zone_setorigin(dns_zone_t *zone, const dns_name_t *origin) { isc_result_t result; REQUIRE(DNS_ZONE_VALID(zone)); @@ -998,7 +997,7 @@ zone_load(dns_zone_t *zone, unsigned int flags) { result = isc_file_getmodtime(zone->masterfile, &filetime); if (result == ISC_R_SUCCESS && - isc_time_compare(&filetime, &zone->loadtime) < 0) { + isc_time_compare(&filetime, &zone->loadtime) <= 0) { dns_zone_log(zone, ISC_LOG_DEBUG(1), "skipping load: master file older " "than last load"); @@ -1010,6 +1009,16 @@ zone_load(dns_zone_t *zone, unsigned int flags) { INSIST(zone->db_argc >= 1); + /* + * Built in zones don't need to be reloaded. + */ + if (zone->type == dns_zone_master && + strcmp(zone->db_argv[0], "_builtin") == 0 && + DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) { + result = ISC_R_SUCCESS; + goto cleanup; + } + if ((zone->type == dns_zone_slave || zone->type == dns_zone_stub) && (strcmp(zone->db_argv[0], "rbt") == 0 || strcmp(zone->db_argv[0], "rbt64") == 0)) { @@ -1210,10 +1219,12 @@ zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) { zone_gotreadhandle, load, &zone->readio); if (result != ISC_R_SUCCESS) { - tresult = dns_db_endload(load->db, - &load->callbacks.add_private); - if (result == ISC_R_SUCCESS) - result = tresult; + /* + * We can't report multiple errors so ignore + * the result of dns_db_endload(). + */ + (void)dns_db_endload(load->db, + &load->callbacks.add_private); goto cleanup; } else result = DNS_R_CONTINUE; @@ -1284,14 +1295,12 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, dns_zone_log(zone, ISC_LOG_DEBUG(2), "number of nodes in database: %u", dns_db_nodecount(db)); - zone->loadtime = loadtime; - - dns_zone_log(zone, ISC_LOG_DEBUG(1), "loaded"); if (result == DNS_R_SEENINCLUDE) DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_HASINCLUDE); else DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_HASINCLUDE); + /* * Apply update log, if any, on initial load. */ @@ -1323,6 +1332,10 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, needdump = ISC_TRUE; } + zone->loadtime = loadtime; + + dns_zone_log(zone, ISC_LOG_DEBUG(1), "loaded"); + /* * Obtain ns and soa counts for top of zone. */ @@ -1821,7 +1834,7 @@ dns_zone_getoptions(dns_zone_t *zone) { } isc_result_t -dns_zone_setxfrsource4(dns_zone_t *zone, isc_sockaddr_t *xfrsource) { +dns_zone_setxfrsource4(dns_zone_t *zone, const isc_sockaddr_t *xfrsource) { REQUIRE(DNS_ZONE_VALID(zone)); LOCK_ZONE(zone); @@ -1838,7 +1851,7 @@ dns_zone_getxfrsource4(dns_zone_t *zone) { } isc_result_t -dns_zone_setxfrsource6(dns_zone_t *zone, isc_sockaddr_t *xfrsource) { +dns_zone_setxfrsource6(dns_zone_t *zone, const isc_sockaddr_t *xfrsource) { REQUIRE(DNS_ZONE_VALID(zone)); LOCK_ZONE(zone); @@ -1855,7 +1868,9 @@ dns_zone_getxfrsource6(dns_zone_t *zone) { } isc_result_t -dns_zone_setaltxfrsource4(dns_zone_t *zone, isc_sockaddr_t *altxfrsource) { +dns_zone_setaltxfrsource4(dns_zone_t *zone, + const isc_sockaddr_t *altxfrsource) +{ REQUIRE(DNS_ZONE_VALID(zone)); LOCK_ZONE(zone); @@ -1872,7 +1887,9 @@ dns_zone_getaltxfrsource4(dns_zone_t *zone) { } isc_result_t -dns_zone_setaltxfrsource6(dns_zone_t *zone, isc_sockaddr_t *altxfrsource) { +dns_zone_setaltxfrsource6(dns_zone_t *zone, + const isc_sockaddr_t *altxfrsource) +{ REQUIRE(DNS_ZONE_VALID(zone)); LOCK_ZONE(zone); @@ -1889,7 +1906,7 @@ dns_zone_getaltxfrsource6(dns_zone_t *zone) { } isc_result_t -dns_zone_setnotifysrc4(dns_zone_t *zone, isc_sockaddr_t *notifysrc) { +dns_zone_setnotifysrc4(dns_zone_t *zone, const isc_sockaddr_t *notifysrc) { REQUIRE(DNS_ZONE_VALID(zone)); LOCK_ZONE(zone); @@ -1906,7 +1923,7 @@ dns_zone_getnotifysrc4(dns_zone_t *zone) { } isc_result_t -dns_zone_setnotifysrc6(dns_zone_t *zone, isc_sockaddr_t *notifysrc) { +dns_zone_setnotifysrc6(dns_zone_t *zone, const isc_sockaddr_t *notifysrc) { REQUIRE(DNS_ZONE_VALID(zone)); LOCK_ZONE(zone); @@ -1923,7 +1940,7 @@ dns_zone_getnotifysrc6(dns_zone_t *zone) { } isc_result_t -dns_zone_setalsonotify(dns_zone_t *zone, isc_sockaddr_t *notify, +dns_zone_setalsonotify(dns_zone_t *zone, const isc_sockaddr_t *notify, isc_uint32_t count) { isc_sockaddr_t *new; @@ -1953,7 +1970,7 @@ dns_zone_setalsonotify(dns_zone_t *zone, isc_sockaddr_t *notify, } isc_result_t -dns_zone_setmasters(dns_zone_t *zone, isc_sockaddr_t *masters, +dns_zone_setmasters(dns_zone_t *zone, const isc_sockaddr_t *masters, isc_uint32_t count) { isc_result_t result; @@ -1963,8 +1980,10 @@ dns_zone_setmasters(dns_zone_t *zone, isc_sockaddr_t *masters, } isc_result_t -dns_zone_setmasterswithkeys(dns_zone_t *zone, isc_sockaddr_t *masters, - dns_name_t **keynames, isc_uint32_t count) +dns_zone_setmasterswithkeys(dns_zone_t *zone, + const isc_sockaddr_t *masters, + dns_name_t **keynames, + isc_uint32_t count) { isc_sockaddr_t *new; isc_result_t result = ISC_R_SUCCESS; @@ -2274,6 +2293,7 @@ dns_zone_refresh(dns_zone_t *zone) { isc_interval_t i; isc_uint32_t oldflags; unsigned int j; + isc_result_t result; REQUIRE(DNS_ZONE_VALID(zone)); @@ -2307,7 +2327,11 @@ dns_zone_refresh(dns_zone_t *zone) { */ isc_interval_set(&i, isc_random_jitter(zone->retry, zone->retry / 4), 0); - isc_time_nowplusinterval(&zone->refreshtime, &i); + result = isc_time_nowplusinterval(&zone->refreshtime, &i); + if (result |= ISC_R_SUCCESS) + dns_zone_log(zone, ISC_LOG_WARNING, + "isc_time_nowplusinterval() failed: %s", + dns_result_totext(result)); /* * When lacking user-specified timer values from the SOA, @@ -3535,8 +3559,13 @@ refresh_callback(isc_task_t *task, isc_event_t *event) { "master %s exceeded (source %s)", master, source); /* Try with slave with TCP. */ - if (zone->type == dns_zone_slave) + if (zone->type == dns_zone_slave) { + LOCK_ZONE(zone); + DNS_ZONE_SETFLAG(zone, + DNS_ZONEFLG_SOABEFOREAXFR); + UNLOCK_ZONE(zone); goto tcp_transfer; + } } else dns_zone_log(zone, ISC_LOG_INFO, "refresh: failure trying master " @@ -3603,6 +3632,9 @@ refresh_callback(isc_task_t *task, isc_event_t *event) { "initiating TCP zone xfer " "for master %s (source %s)", master, source); + LOCK_ZONE(zone); + DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR); + UNLOCK_ZONE(zone); goto tcp_transfer; } else { INSIST(zone->type == dns_zone_stub); @@ -5515,6 +5547,7 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) { LOCK_ZONE(zone); INSIST((zone->flags & DNS_ZONEFLG_REFRESH) != 0); DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH); + DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR); TIME_NOW(&now); switch (result) { @@ -5868,7 +5901,10 @@ got_transfer_quota(isc_task_t *task, isc_event_t *event) { "IXFR disabled, " "requesting AXFR from %s", mastertext); - xfrtype = dns_rdatatype_axfr; + if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR)) + xfrtype = dns_rdatatype_soa; + else + xfrtype = dns_rdatatype_axfr; } else { dns_zone_log(zone, ISC_LOG_DEBUG(1), "requesting IXFR from %s", diff --git a/contrib/bind9/lib/isc/api b/contrib/bind9/lib/isc/api index ddeff334f03..b4d017358ad 100644 --- a/contrib/bind9/lib/isc/api +++ b/contrib/bind9/lib/isc/api @@ -1,3 +1,3 @@ -LIBINTERFACE = 11 +LIBINTERFACE = 12 LIBREVISION = 1 -LIBAGE = 0 +LIBAGE = 1 diff --git a/contrib/bind9/lib/isc/hash.c b/contrib/bind9/lib/isc/hash.c index 22f370064af..10942066633 100644 --- a/contrib/bind9/lib/isc/hash.c +++ b/contrib/bind9/lib/isc/hash.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hash.c,v 1.2.2.4.2.1 2004/03/06 08:14:29 marka Exp $ */ +/* $Id: hash.c,v 1.2.2.4.2.3 2006/01/04 00:37:22 marka Exp $ */ /* * Some portion of this code was derived from universal hash function @@ -68,7 +68,6 @@ if advised of the possibility of such damage. #include #include #include -#include #include #include @@ -99,7 +98,7 @@ struct isc_hash { hash_random_t *rndvector; /* random vector for universal hashing */ }; -static isc_rwlock_t createlock; +static isc_mutex_t createlock; static isc_once_t once = ISC_ONCE_INIT; static isc_hash_t *hash = NULL; @@ -209,7 +208,7 @@ isc_hash_ctxcreate(isc_mem_t *mctx, isc_entropy_t *entropy, static void initialize_lock(void) { - RUNTIME_CHECK(isc_rwlock_init(&createlock, 0, 0) == ISC_R_SUCCESS); + RUNTIME_CHECK(isc_mutex_init(&createlock) == ISC_R_SUCCESS); } isc_result_t @@ -221,12 +220,12 @@ isc_hash_create(isc_mem_t *mctx, isc_entropy_t *entropy, size_t limit) { RUNTIME_CHECK(isc_once_do(&once, initialize_lock) == ISC_R_SUCCESS); - RWLOCK(&createlock, isc_rwlocktype_write); + LOCK(&createlock); if (hash == NULL) result = isc_hash_ctxcreate(mctx, entropy, limit, &hash); - RWUNLOCK(&createlock, isc_rwlocktype_write); + UNLOCK(&createlock); return (result); } diff --git a/contrib/bind9/lib/isc/heap.c b/contrib/bind9/lib/isc/heap.c index 78b192548a9..fd67d7bd789 100644 --- a/contrib/bind9/lib/isc/heap.c +++ b/contrib/bind9/lib/isc/heap.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1997-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,15 +15,15 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: heap.c,v 1.28.12.3 2004/03/08 09:04:48 marka Exp $ */ +/* $Id: heap.c,v 1.28.12.4 2006/04/17 18:27:20 explorer Exp $ */ -/* +/*! \file * Heap implementation of priority queues adapted from the following: * - * _Introduction to Algorithms_, Cormen, Leiserson, and Rivest, + * \li "Introduction to Algorithms," Cormen, Leiserson, and Rivest, * MIT Press / McGraw Hill, 1990, ISBN 0-262-03141-8, chapter 7. * - * _Algorithms_, Second Edition, Sedgewick, Addison-Wesley, 1988, + * \li "Algorithms," Second Edition, Sedgewick, Addison-Wesley, 1988, * ISBN 0-201-06673-4, chapter 11. */ @@ -35,20 +35,23 @@ #include /* Required for memcpy. */ #include -/* +/*@{*/ +/*% * Note: to make heap_parent and heap_left easy to compute, the first * element of the heap array is not used; i.e. heap subscripts are 1-based, - * not 0-based. + * not 0-based. The parent is index/2, and the left-child is index*2. + * The right child is index*2+1. */ #define heap_parent(i) ((i) >> 1) #define heap_left(i) ((i) << 1) +/*@}*/ #define SIZE_INCREMENT 1024 #define HEAP_MAGIC ISC_MAGIC('H', 'E', 'A', 'P') #define VALID_HEAP(h) ISC_MAGIC_VALID(h, HEAP_MAGIC) -/* +/*% * When the heap is in a consistent state, the following invariant * holds true: for every element i > 1, heap_parent(i) has a priority * higher than or equal to that of i. @@ -57,6 +60,7 @@ ! heap->compare(heap->array[(i)], \ heap->array[heap_parent(i)])) +/*% ISC heap structure. */ struct isc_heap { unsigned int magic; isc_mem_t * mctx; @@ -141,8 +145,8 @@ static void float_up(isc_heap_t *heap, unsigned int i, void *elt) { unsigned int p; - for (p = heap_parent(i); - i > 1 && heap->compare(elt, heap->array[p]); + for (p = heap_parent(i) ; + i > 1 && heap->compare(elt, heap->array[p]) ; i = p, p = heap_parent(i)) { heap->array[i] = heap->array[p]; if (heap->index != NULL) @@ -196,48 +200,48 @@ isc_heap_insert(isc_heap_t *heap, void *elt) { } void -isc_heap_delete(isc_heap_t *heap, unsigned int i) { +isc_heap_delete(isc_heap_t *heap, unsigned int index) { void *elt; isc_boolean_t less; REQUIRE(VALID_HEAP(heap)); - REQUIRE(i >= 1 && i <= heap->last); + REQUIRE(index >= 1 && index <= heap->last); - if (i == heap->last) { + if (index == heap->last) { heap->last--; } else { elt = heap->array[heap->last--]; - less = heap->compare(elt, heap->array[i]); - heap->array[i] = elt; + less = heap->compare(elt, heap->array[index]); + heap->array[index] = elt; if (less) - float_up(heap, i, heap->array[i]); + float_up(heap, index, heap->array[index]); else - sink_down(heap, i, heap->array[i]); + sink_down(heap, index, heap->array[index]); } } void -isc_heap_increased(isc_heap_t *heap, unsigned int i) { +isc_heap_increased(isc_heap_t *heap, unsigned int index) { REQUIRE(VALID_HEAP(heap)); - REQUIRE(i >= 1 && i <= heap->last); + REQUIRE(index >= 1 && index <= heap->last); - float_up(heap, i, heap->array[i]); + float_up(heap, index, heap->array[index]); } void -isc_heap_decreased(isc_heap_t *heap, unsigned int i) { +isc_heap_decreased(isc_heap_t *heap, unsigned int index) { REQUIRE(VALID_HEAP(heap)); - REQUIRE(i >= 1 && i <= heap->last); + REQUIRE(index >= 1 && index <= heap->last); - sink_down(heap, i, heap->array[i]); + sink_down(heap, index, heap->array[index]); } void * -isc_heap_element(isc_heap_t *heap, unsigned int i) { +isc_heap_element(isc_heap_t *heap, unsigned int index) { REQUIRE(VALID_HEAP(heap)); - REQUIRE(i >= 1 && i <= heap->last); + REQUIRE(index >= 1 && index <= heap->last); - return (heap->array[i]); + return (heap->array[index]); } void @@ -247,6 +251,6 @@ isc_heap_foreach(isc_heap_t *heap, isc_heapaction_t action, void *uap) { REQUIRE(VALID_HEAP(heap)); REQUIRE(action != NULL); - for (i = 1; i <= heap->last; i++) + for (i = 1 ; i <= heap->last ; i++) (action)(heap->array[i], uap); } diff --git a/contrib/bind9/lib/isc/hmacmd5.c b/contrib/bind9/lib/isc/hmacmd5.c index 04dc8c5e057..5166a98cf6e 100644 --- a/contrib/bind9/lib/isc/hmacmd5.c +++ b/contrib/bind9/lib/isc/hmacmd5.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hmacmd5.c,v 1.5.12.3 2004/03/08 09:04:48 marka Exp $ */ +/* $Id: hmacmd5.c,v 1.5.12.5 2006/02/26 23:49:48 marka Exp $ */ /* * This code implements the HMAC-MD5 keyed hash algorithm @@ -65,7 +65,6 @@ void isc_hmacmd5_invalidate(isc_hmacmd5_t *ctx) { isc_md5_invalidate(&ctx->md5ctx); memset(ctx->key, 0, sizeof(ctx->key)); - memset(ctx, 0, sizeof(ctx)); } /* diff --git a/contrib/bind9/lib/isc/include/isc/heap.h b/contrib/bind9/lib/isc/include/isc/heap.h index 5ebf40471e2..7c7f3c2916a 100644 --- a/contrib/bind9/lib/isc/include/isc/heap.h +++ b/contrib/bind9/lib/isc/include/isc/heap.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1997-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,36 +15,155 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: heap.h,v 1.16.206.1 2004/03/06 08:14:41 marka Exp $ */ +/* $Id: heap.h,v 1.16.206.2 2006/04/17 18:27:20 explorer Exp $ */ #ifndef ISC_HEAP_H #define ISC_HEAP_H 1 +/*! \file */ + #include #include ISC_LANG_BEGINDECLS -/* +/*% * The comparision function returns ISC_TRUE if the first argument has * higher priority than the second argument, and ISC_FALSE otherwise. */ typedef isc_boolean_t (*isc_heapcompare_t)(void *, void *); +/*% + * The index function allows the client of the heap to receive a callback + * when an item's index number changes. This allows it to maintain + * sync with its external state, but still delete itself, since deletions + * from the heap require the index be provided. + */ typedef void (*isc_heapindex_t)(void *, unsigned int); + +/*% + * The heapaction function is used when iterating over the heap. + * + * NOTE: The heap structure CANNOT BE MODIFIED during the call to + * isc_heap_foreach(). + */ typedef void (*isc_heapaction_t)(void *, void *); typedef struct isc_heap isc_heap_t; -isc_result_t isc_heap_create(isc_mem_t *, isc_heapcompare_t, - isc_heapindex_t, unsigned int, isc_heap_t **); -void isc_heap_destroy(isc_heap_t **); -isc_result_t isc_heap_insert(isc_heap_t *, void *); -void isc_heap_delete(isc_heap_t *, unsigned int); -void isc_heap_increased(isc_heap_t *, unsigned int); -void isc_heap_decreased(isc_heap_t *, unsigned int); -void * isc_heap_element(isc_heap_t *, unsigned int); -void isc_heap_foreach(isc_heap_t *, isc_heapaction_t, void *); +isc_result_t +isc_heap_create(isc_mem_t *mctx, isc_heapcompare_t compare, + isc_heapindex_t index, unsigned int size_increment, + isc_heap_t **heapp); +/*!< + * \brief Create a new heap. The heap is implemented using a space-efficient + * storage method. When the heap elements are deleted space is not freed + * but will be reused when new elements are inserted. + * + * Requires: + *\li "mctx" is valid. + *\li "compare" is a function which takes two void * arguments and + * returns ISC_TRUE if the first argument has a higher priority than + * the second, and ISC_FALSE otherwise. + *\li "index" is a function which takes a void *, and an unsigned int + * argument. This function will be called whenever an element's + * index value changes, so it may continue to delete itself from the + * heap. This option may be NULL if this functionality is unneeded. + *\li "size_increment" is a hint about how large the heap should grow + * when resizing is needed. If this is 0, a default size will be + * used, which is currently 1024, allowing space for an additional 1024 + * heap elements to be inserted before adding more space. + *\li "heapp" is not NULL, and "*heap" is NULL. + * + * Returns: + *\li ISC_R_SUCCESS - success + *\li ISC_R_NOMEMORY - insufficient memory + */ + +void +isc_heap_destroy(isc_heap_t **heapp); +/*!< + * \brief Destroys a heap. + * + * Requires: + *\li "heapp" is not NULL and "*heap" points to a valid isc_heap_t. + */ + +isc_result_t +isc_heap_insert(isc_heap_t *heap, void *elt); +/*!< + * \brief Inserts a new element into a heap. + * + * Requires: + *\li "heapp" is not NULL and "*heap" points to a valid isc_heap_t. + */ + +void +isc_heap_delete(isc_heap_t *heap, unsigned int index); +/*!< + * \brief Deletes an element from a heap, by element index. + * + * Requires: + *\li "heapp" is not NULL and "*heap" points to a valid isc_heap_t. + *\li "index" is a valid element index, as provided by the "index" callback + * provided during heap creation. + */ + +void +isc_heap_increased(isc_heap_t *heap, unsigned int index); +/*!< + * \brief Indicates to the heap that an element's priority has increased. + * This function MUST be called whenever an element has increased in priority. + * + * Requires: + *\li "heapp" is not NULL and "*heap" points to a valid isc_heap_t. + *\li "index" is a valid element index, as provided by the "index" callback + * provided during heap creation. + */ + +void +isc_heap_decreased(isc_heap_t *heap, unsigned int index); +/*!< + * \brief Indicates to the heap that an element's priority has decreased. + * This function MUST be called whenever an element has decreased in priority. + * + * Requires: + *\li "heapp" is not NULL and "*heap" points to a valid isc_heap_t. + *\li "index" is a valid element index, as provided by the "index" callback + * provided during heap creation. + */ + +void * +isc_heap_element(isc_heap_t *heap, unsigned int index); +/*!< + * \brief Returns the element for a specific element index. + * + * Requires: + *\li "heapp" is not NULL and "*heap" points to a valid isc_heap_t. + *\li "index" is a valid element index, as provided by the "index" callback + * provided during heap creation. + * + * Returns: + *\li A pointer to the element for the element index. + */ + +void +isc_heap_foreach(isc_heap_t *heap, isc_heapaction_t action, void *uap); +/*!< + * \brief Iterate over the heap, calling an action for each element. The + * order of iteration is not sorted. + * + * Requires: + *\li "heapp" is not NULL and "*heap" points to a valid isc_heap_t. + *\li "action" is not NULL, and is a function which takes two arguments. + * The first is a void *, representing the element, and the second is + * "uap" as provided to isc_heap_foreach. + *\li "uap" is a caller-provided argument, and may be NULL. + * + * Note: + *\li The heap structure CANNOT be modified during this iteration. The only + * safe function to call while iterating the heap is isc_heap_element(). + */ ISC_LANG_ENDDECLS diff --git a/contrib/bind9/lib/isc/include/isc/list.h b/contrib/bind9/lib/isc/include/isc/list.h index 962336ada8a..5fe82e3fe51 100644 --- a/contrib/bind9/lib/isc/include/isc/list.h +++ b/contrib/bind9/lib/isc/include/isc/list.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1997-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: list.h,v 1.18.2.2.8.1 2004/03/06 08:14:43 marka Exp $ */ +/* $Id: list.h,v 1.18.2.2.8.3 2006/06/06 00:11:40 marka Exp $ */ #ifndef ISC_LIST_H #define ISC_LIST_H 1 @@ -90,12 +90,16 @@ do { \ if ((elt)->link.next != NULL) \ (elt)->link.next->link.prev = (elt)->link.prev; \ - else \ + else { \ + ISC_INSIST((list).tail == (elt)); \ (list).tail = (elt)->link.prev; \ + } \ if ((elt)->link.prev != NULL) \ (elt)->link.prev->link.next = (elt)->link.next; \ - else \ + else { \ + ISC_INSIST((list).head == (elt)); \ (list).head = (elt)->link.next; \ + } \ (elt)->link.prev = (type *)(-1); \ (elt)->link.next = (type *)(-1); \ } while (0) diff --git a/contrib/bind9/lib/isc/include/isc/sockaddr.h b/contrib/bind9/lib/isc/include/isc/sockaddr.h index 1ffbca640fc..88e45940ca0 100644 --- a/contrib/bind9/lib/isc/include/isc/sockaddr.h +++ b/contrib/bind9/lib/isc/include/isc/sockaddr.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sockaddr.h,v 1.35.12.8 2005/07/29 00:13:10 marka Exp $ */ +/* $Id: sockaddr.h,v 1.35.12.10 2006/03/02 00:37:20 marka Exp $ */ #ifndef ISC_SOCKADDR_H #define ISC_SOCKADDR_H 1 @@ -141,7 +141,7 @@ isc_sockaddr_setport(isc_sockaddr_t *sockaddr, in_port_t port); */ in_port_t -isc_sockaddr_getport(isc_sockaddr_t *sockaddr); +isc_sockaddr_getport(const isc_sockaddr_t *sockaddr); /* * Get the port stored in 'sockaddr'. */ @@ -168,25 +168,25 @@ isc_sockaddr_format(const isc_sockaddr_t *sa, char *array, unsigned int size); */ isc_boolean_t -isc_sockaddr_ismulticast(isc_sockaddr_t *sa); +isc_sockaddr_ismulticast(const isc_sockaddr_t *sa); /* * Returns ISC_TRUE if the address is a multicast address. */ isc_boolean_t -isc_sockaddr_isexperimental(isc_sockaddr_t *sa); +isc_sockaddr_isexperimental(const isc_sockaddr_t *sa); /* * Returns ISC_TRUE if the address is a experimental (CLASS E) address. */ isc_boolean_t -isc_sockaddr_islinklocal(isc_sockaddr_t *sa); +isc_sockaddr_islinklocal(const isc_sockaddr_t *sa); /* * Returns ISC_TRUE if the address is a link local addresss. */ isc_boolean_t -isc_sockaddr_issitelocal(isc_sockaddr_t *sa); +isc_sockaddr_issitelocal(const isc_sockaddr_t *sa); /* * Returns ISC_TRUE if the address is a sitelocal address. */ diff --git a/contrib/bind9/lib/isc/include/isc/symtab.h b/contrib/bind9/lib/isc/include/isc/symtab.h index d8dbd2107ec..b22fe815966 100644 --- a/contrib/bind9/lib/isc/include/isc/symtab.h +++ b/contrib/bind9/lib/isc/include/isc/symtab.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1996-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: symtab.h,v 1.16.206.1 2004/03/06 08:14:49 marka Exp $ */ +/* $Id: symtab.h,v 1.16.206.3 2006/03/02 00:37:20 marka Exp $ */ #ifndef ISC_SYMTAB_H #define ISC_SYMTAB_H 1 @@ -88,6 +88,7 @@ typedef union isc_symvalue { void * as_pointer; + const void * as_cpointer; int as_integer; unsigned int as_uinteger; } isc_symvalue_t; diff --git a/contrib/bind9/lib/isc/lex.c b/contrib/bind9/lib/isc/lex.c index bb832dd0b41..3511d6bd0e7 100644 --- a/contrib/bind9/lib/isc/lex.c +++ b/contrib/bind9/lib/isc/lex.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lex.c,v 1.66.2.6.2.8 2004/08/28 06:25:21 marka Exp $ */ +/* $Id: lex.c,v 1.66.2.6.2.10 2006/01/04 23:50:21 marka Exp $ */ #include @@ -372,9 +372,6 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) { source = HEAD(lex->sources); REQUIRE(tokenp != NULL); - lex->saved_paren_count = lex->paren_count; - source->saved_line = source->line; - if (source == NULL) { if ((options & ISC_LEXOPT_NOMORE) != 0) { tokenp->type = isc_tokentype_nomore; @@ -386,6 +383,9 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) { if (source->result != ISC_R_SUCCESS) return (source->result); + lex->saved_paren_count = lex->paren_count; + source->saved_line = source->line; + if (isc_buffer_remaininglength(source->pushback) == 0 && source->at_eof) { @@ -633,9 +633,13 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) { remaining--; break; case lexstate_string: - if ((!escaped && - (c == ' ' || c == '\t' || lex->specials[c])) || - c == '\r' || c == '\n' || c == EOF) { + /* + * EOF needs to be checked before lex->specials[c] + * as lex->specials[EOF] is not a good idea. + */ + if (c == '\r' || c == '\n' || c == EOF || + (!escaped && + (c == ' ' || c == '\t' || lex->specials[c]))) { pushback(source, c); if (source->result != ISC_R_SUCCESS) { result = source->result; diff --git a/contrib/bind9/lib/isc/log.c b/contrib/bind9/lib/isc/log.c index 247b25339d2..511573bcc30 100644 --- a/contrib/bind9/lib/isc/log.c +++ b/contrib/bind9/lib/isc/log.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: log.c,v 1.70.2.8.2.12 2004/06/11 00:35:38 marka Exp $ */ +/* $Id: log.c,v 1.70.2.8.2.14 2006/03/02 00:37:20 marka Exp $ */ /* Principal Authors: DCL */ @@ -1728,8 +1728,9 @@ isc_log_doit(isc_log_t *lctx, isc_logcategory_t *category, syslog_level = syslog_map[-level]; (void)syslog(FACILITY(channel) | syslog_level, - "%s%s%s%s%s%s%s%s%s", + "%s%s%s%s%s%s%s%s%s%s", printtime ? time_string : "", + printtime ? " " : "", printtag ? lcfg->tag : "", printtag ? ": " : "", printcategory ? category->name : "", diff --git a/contrib/bind9/lib/isc/netscope.c b/contrib/bind9/lib/isc/netscope.c index 843c46df9e2..8df448399c5 100644 --- a/contrib/bind9/lib/isc/netscope.c +++ b/contrib/bind9/lib/isc/netscope.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -17,9 +17,11 @@ #if defined(LIBC_SCCS) && !defined(lint) static char rcsid[] = - "$Id: netscope.c,v 1.5.142.7 2004/03/12 10:31:26 marka Exp $"; + "$Id: netscope.c,v 1.5.142.9 2006/08/25 05:25:50 marka Exp $"; #endif /* LIBC_SCCS and not lint */ +#include + #include #include #include diff --git a/contrib/bind9/lib/isc/nothreads/condition.c b/contrib/bind9/lib/isc/nothreads/condition.c index 0bc6196a1a7..395d52f7d30 100644 --- a/contrib/bind9/lib/isc/nothreads/condition.c +++ b/contrib/bind9/lib/isc/nothreads/condition.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: condition.c,v 1.4.12.3 2004/03/08 09:04:54 marka Exp $ */ +/* $Id: condition.c,v 1.4.12.5 2006/08/25 05:25:50 marka Exp $ */ + +#include #include diff --git a/contrib/bind9/lib/isc/nothreads/mutex.c b/contrib/bind9/lib/isc/nothreads/mutex.c index cc7572a6973..a707947fe9b 100644 --- a/contrib/bind9/lib/isc/nothreads/mutex.c +++ b/contrib/bind9/lib/isc/nothreads/mutex.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: mutex.c,v 1.4.12.3 2004/03/08 09:04:54 marka Exp $ */ +/* $Id: mutex.c,v 1.4.12.5 2006/08/25 05:25:50 marka Exp $ */ + +#include #include diff --git a/contrib/bind9/lib/isc/print.c b/contrib/bind9/lib/isc/print.c index 6542fe4f190..ee50b29e5d6 100644 --- a/contrib/bind9/lib/isc/print.c +++ b/contrib/bind9/lib/isc/print.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,12 +15,15 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: print.c,v 1.22.2.3.2.3 2004/03/06 08:14:33 marka Exp $ */ +/* $Id: print.c,v 1.22.2.3.2.4 2006/04/17 18:27:20 explorer Exp $ */ + +/*! \file */ #include #include -#include /* for sprintf */ +#include /* for sprintf() */ +#include /* for strlen() */ #define ISC__PRINT_SOURCE /* Used to get the isc_print_* prototypes. */ @@ -41,7 +44,7 @@ isc_print_sprintf(char *str, const char *format, ...) { return (strlen(str)); } -/* +/*! * Return length of string that would have been written if not truncated. */ @@ -57,7 +60,7 @@ isc_print_snprintf(char *str, size_t size, const char *format, ...) { } -/* +/*! * Return length of string that would have been written if not truncated. */ diff --git a/contrib/bind9/lib/isc/sockaddr.c b/contrib/bind9/lib/isc/sockaddr.c index 4c47e4e06bc..a40f0c9ccf9 100644 --- a/contrib/bind9/lib/isc/sockaddr.c +++ b/contrib/bind9/lib/isc/sockaddr.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sockaddr.c,v 1.48.2.1.2.10 2004/05/15 03:46:12 jinmei Exp $ */ +/* $Id: sockaddr.c,v 1.48.2.1.2.12 2006/03/02 00:37:20 marka Exp $ */ #include @@ -400,7 +400,7 @@ isc_sockaddr_setport(isc_sockaddr_t *sockaddr, in_port_t port) { } in_port_t -isc_sockaddr_getport(isc_sockaddr_t *sockaddr) { +isc_sockaddr_getport(const isc_sockaddr_t *sockaddr) { in_port_t port = 0; switch (sockaddr->type.sa.sa_family) { @@ -422,7 +422,7 @@ isc_sockaddr_getport(isc_sockaddr_t *sockaddr) { } isc_boolean_t -isc_sockaddr_ismulticast(isc_sockaddr_t *sockaddr) { +isc_sockaddr_ismulticast(const isc_sockaddr_t *sockaddr) { isc_netaddr_t netaddr; isc_netaddr_fromsockaddr(&netaddr, sockaddr); @@ -430,7 +430,7 @@ isc_sockaddr_ismulticast(isc_sockaddr_t *sockaddr) { } isc_boolean_t -isc_sockaddr_isexperimental(isc_sockaddr_t *sockaddr) { +isc_sockaddr_isexperimental(const isc_sockaddr_t *sockaddr) { isc_netaddr_t netaddr; if (sockaddr->type.sa.sa_family == AF_INET) { @@ -441,7 +441,7 @@ isc_sockaddr_isexperimental(isc_sockaddr_t *sockaddr) { } isc_boolean_t -isc_sockaddr_issitelocal(isc_sockaddr_t *sockaddr) { +isc_sockaddr_issitelocal(const isc_sockaddr_t *sockaddr) { isc_netaddr_t netaddr; if (sockaddr->type.sa.sa_family == AF_INET6) { @@ -452,7 +452,7 @@ isc_sockaddr_issitelocal(isc_sockaddr_t *sockaddr) { } isc_boolean_t -isc_sockaddr_islinklocal(isc_sockaddr_t *sockaddr) { +isc_sockaddr_islinklocal(const isc_sockaddr_t *sockaddr) { isc_netaddr_t netaddr; if (sockaddr->type.sa.sa_family == AF_INET6) { diff --git a/contrib/bind9/lib/isc/taskpool.c b/contrib/bind9/lib/isc/taskpool.c index 0b400bf722f..a3931a9fb90 100644 --- a/contrib/bind9/lib/isc/taskpool.c +++ b/contrib/bind9/lib/isc/taskpool.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: taskpool.c,v 1.10.12.3 2004/03/08 09:04:50 marka Exp $ */ +/* $Id: taskpool.c,v 1.10.12.5 2006/01/04 23:50:21 marka Exp $ */ #include @@ -52,6 +52,10 @@ isc_taskpool_create(isc_taskmgr_t *tmgr, isc_mem_t *mctx, pool->mctx = mctx; pool->ntasks = ntasks; pool->tasks = isc_mem_get(mctx, ntasks * sizeof(isc_task_t *)); + if (pool->tasks == NULL) { + isc_mem_put(mctx, pool, sizeof(*pool)); + return (ISC_R_NOMEMORY); + } for (i = 0; i < ntasks; i++) pool->tasks[i] = NULL; for (i = 0; i < ntasks; i++) { diff --git a/contrib/bind9/lib/isc/timer.c b/contrib/bind9/lib/isc/timer.c index 5426079397e..6a6acf6bb08 100644 --- a/contrib/bind9/lib/isc/timer.c +++ b/contrib/bind9/lib/isc/timer.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: timer.c,v 1.64.12.11 2005/10/27 00:27:29 marka Exp $ */ +/* $Id: timer.c,v 1.64.12.13 2006/01/04 23:50:21 marka Exp $ */ #include @@ -212,9 +212,10 @@ schedule(isc_timer_t *timer, isc_time_t *now, isc_boolean_t signal_ok) { isc_time_t then; isc_interval_set(&fifteen, 15, 0); - isc_time_add(&manager->due, &fifteen, &then); + result = isc_time_add(&manager->due, &fifteen, &then); - if (isc_time_compare(&then, now) < 0) { + if (result == ISC_R_SUCCESS && + isc_time_compare(&then, now) < 0) { SIGNAL(&manager->wakeup); signal_ok = ISC_FALSE; isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, @@ -347,8 +348,10 @@ isc_timer_create(isc_timermgr_t *manager, isc_timertype_t type, if (type == isc_timertype_once && !isc_interval_iszero(interval)) { result = isc_time_add(&now, interval, &timer->idle); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { + isc_mem_put(manager->mctx, timer, sizeof(*timer)); return (result); + } } else isc_time_settoepoch(&timer->idle); diff --git a/contrib/bind9/lib/isc/unix/entropy.c b/contrib/bind9/lib/isc/unix/entropy.c index 50506634e4c..d52849aa35b 100644 --- a/contrib/bind9/lib/isc/unix/entropy.c +++ b/contrib/bind9/lib/isc/unix/entropy.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: entropy.c,v 1.60.2.3.8.11 2005/07/12 05:47:43 marka Exp $ */ +/* $Id: entropy.c,v 1.60.2.3.8.14 2006/03/02 23:29:17 marka Exp $ */ /* * This is the system depenedent part of the ISC entropy API. @@ -127,7 +127,7 @@ get_from_usocketsource(isc_entropysource_t *source, isc_uint32_t desired) { switch ( source->sources.usocket.status ) { case isc_usocketsource_ndesired: buf[0] = ndesired; - if ((n = send(fd, buf, 1, 0)) < 0) { + if ((n = sendto(fd, buf, 1, 0, NULL, 0)) < 0) { if (errno == EWOULDBLOCK || errno == EINTR || errno == ECONNRESET) goto out; @@ -142,7 +142,7 @@ get_from_usocketsource(isc_entropysource_t *source, isc_uint32_t desired) { case isc_usocketsource_connected: buf[0] = 1; buf[1] = ndesired; - if ((n = send(fd, buf, 2, 0)) < 0) { + if ((n = sendto(fd, buf, 2, 0, NULL, 0)) < 0) { if (errno == EWOULDBLOCK || errno == EINTR || errno == ECONNRESET) goto out; @@ -159,12 +159,12 @@ get_from_usocketsource(isc_entropysource_t *source, isc_uint32_t desired) { /*FALLTHROUGH*/ case isc_usocketsource_wrote: - if (recv(fd, buf, 1, 0) != 1) { + if (recvfrom(fd, buf, 1, 0, NULL, NULL) != 1) { if (errno == EAGAIN) { /* * The problem of EAGAIN (try again * later) is a major issue on HP-UX. - * Solaris actually tries the recv + * Solaris actually tries the recvfrom * call again, while HP-UX just dies. * This code is an attempt to let the * entropy pool fill back up (at least @@ -503,7 +503,7 @@ isc_entropy_createfilesource(isc_entropy_t *ent, const char *fname) { if (S_ISSOCK(_stat.st_mode)) is_usocket = ISC_TRUE; #endif -#if defined(S_ISFIFO) +#if defined(S_ISFIFO) && defined(sun) if (S_ISFIFO(_stat.st_mode)) is_usocket = ISC_TRUE; #endif diff --git a/contrib/bind9/lib/isc/unix/fsaccess.c b/contrib/bind9/lib/isc/unix/fsaccess.c index 5fa4fb47495..3745ca227f2 100644 --- a/contrib/bind9/lib/isc/unix/fsaccess.c +++ b/contrib/bind9/lib/isc/unix/fsaccess.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: fsaccess.c,v 1.6.206.1 2004/03/06 08:14:59 marka Exp $ */ +/* $Id: fsaccess.c,v 1.6.206.3 2006/08/25 05:25:50 marka Exp $ */ + +#include #include #include diff --git a/contrib/bind9/lib/isc/unix/ifiter_ioctl.c b/contrib/bind9/lib/isc/unix/ifiter_ioctl.c index 0b01b96f942..68a13651bc8 100644 --- a/contrib/bind9/lib/isc/unix/ifiter_ioctl.c +++ b/contrib/bind9/lib/isc/unix/ifiter_ioctl.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ifiter_ioctl.c,v 1.19.2.5.2.17 2005/10/14 02:13:07 marka Exp $ */ +/* $Id: ifiter_ioctl.c,v 1.19.2.5.2.19 2006/02/03 23:51:37 marka Exp $ */ /* * Obtain the list of network interfaces using the SIOCGLIFCONF ioctl. @@ -529,7 +529,8 @@ internal_current4(isc_interfaceiter_t *iter) { #endif REQUIRE(VALID_IFITER(iter)); - REQUIRE (iter->pos < (unsigned int) iter->ifc.ifc_len); + REQUIRE(iter->ifc.ifc_len == 0 || + iter->pos < (unsigned int) iter->ifc.ifc_len); #ifdef __linux result = linux_if_inet6_current(iter); @@ -538,6 +539,9 @@ internal_current4(isc_interfaceiter_t *iter) { iter->first = ISC_TRUE; #endif + if (iter->ifc.ifc_len == 0) + return (ISC_R_NOMORE); + ifrp = (struct ifreq *)((char *) iter->ifc.ifc_req + iter->pos); memset(&ifreq, 0, sizeof(ifreq)); diff --git a/contrib/bind9/lib/isc/unix/ipv6.c b/contrib/bind9/lib/isc/unix/ipv6.c index 25e0c57b09f..f11262f5992 100644 --- a/contrib/bind9/lib/isc/unix/ipv6.c +++ b/contrib/bind9/lib/isc/unix/ipv6.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ipv6.c,v 1.7.206.1 2004/03/06 08:15:00 marka Exp $ */ +/* $Id: ipv6.c,v 1.7.206.3 2006/08/25 05:25:50 marka Exp $ */ + +#include #include diff --git a/contrib/bind9/lib/isc/unix/socket.c b/contrib/bind9/lib/isc/unix/socket.c index 595990f995c..f95e3c8f75d 100644 --- a/contrib/bind9/lib/isc/unix/socket.c +++ b/contrib/bind9/lib/isc/unix/socket.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: socket.c,v 1.207.2.19.2.22 2005/11/03 23:08:42 marka Exp $ */ +/* $Id: socket.c,v 1.207.2.19.2.26 2006/05/19 02:53:36 marka Exp $ */ #include @@ -109,7 +109,7 @@ typedef isc_event_t intev_t; * to collect the destination address and interface so the client can * set them on outgoing packets. */ -#ifdef ISC_PLATFORM_HAVEIPV6 +#ifdef ISC_PLATFORM_HAVEIN6PKTINFO #ifndef USE_CMSG #define USE_CMSG 1 #endif @@ -747,8 +747,26 @@ build_msghdr_recv(isc_socket_t *sock, isc_socketevent_t *dev, if (sock->type == isc_sockettype_udp) { memset(&dev->address, 0, sizeof(dev->address)); +#ifdef BROKEN_RECVMSG + if (sock->pf == AF_INET) { + msg->msg_name = (void *)&dev->address.type.sin; + msg->msg_namelen = sizeof(dev->address.type.sin6); + } else if (sock->pf == AF_INET6) { + msg->msg_name = (void *)&dev->address.type.sin6; + msg->msg_namelen = sizeof(dev->address.type.sin6); +#ifdef ISC_PLATFORM_HAVESYSUNH + } else if (sock->pf == AF_UNIX) { + msg->msg_name = (void *)&dev->address.type.sunix; + msg->msg_namelen = sizeof(dev->address.type.sunix); +#endif + } else { + msg->msg_name = (void *)&dev->address.type.sa; + msg->msg_namelen = sizeof(dev->address.type); + } +#else msg->msg_name = (void *)&dev->address.type.sa; msg->msg_namelen = sizeof(dev->address.type); +#endif #ifdef ISC_NET_RECVOVERFLOW /* If needed, steal one iovec for overflow detection. */ maxiov--; @@ -921,6 +939,10 @@ doio_recv(isc_socket_t *sock, isc_socketevent_t *dev) { cc = recvmsg(sock->fd, &msghdr, 0); recv_errno = errno; +#if defined(ISC_SOCKET_DEBUG) + dump_msg(&msghdr); +#endif + if (cc < 0) { if (SOFT_ERROR(recv_errno)) return (DOIO_SOFT); @@ -2681,8 +2703,8 @@ socket_send(isc_socket_t *sock, isc_socketevent_t *dev, isc_task_t *task, dev->attributes |= ISC_SOCKEVENTATTR_PKTINFO; dev->pktinfo = *pktinfo; - if (!isc_sockaddr_issitelocal(address) && - !isc_sockaddr_islinklocal(address)) { + if (!isc_sockaddr_issitelocal(&dev->address) && + !isc_sockaddr_islinklocal(&dev->address)) { socket_log(sock, NULL, TRACE, isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_PKTINFOPROVIDED, "pktinfo structure provided, ifindex %u " diff --git a/contrib/bind9/lib/isccc/api b/contrib/bind9/lib/isccc/api index 4f115e73f2d..8c77091b90c 100644 --- a/contrib/bind9/lib/isccc/api +++ b/contrib/bind9/lib/isccc/api @@ -1,3 +1,3 @@ LIBINTERFACE = 2 -LIBREVISION = 1 +LIBREVISION = 2 LIBAGE = 2 diff --git a/contrib/bind9/lib/isccfg/include/isccfg/cfg.h b/contrib/bind9/lib/isccfg/include/isccfg/cfg.h index b4081cd7b38..c4867199b97 100644 --- a/contrib/bind9/lib/isccfg/include/isccfg/cfg.h +++ b/contrib/bind9/lib/isccfg/include/isccfg/cfg.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cfg.h,v 1.30.12.4 2004/03/08 09:05:07 marka Exp $ */ +/* $Id: cfg.h,v 1.30.12.6 2006/03/02 00:37:20 marka Exp $ */ #ifndef ISCCFG_CFG_H #define ISCCFG_CFG_H 1 @@ -74,7 +74,7 @@ typedef struct cfg_listelt cfg_listelt_t; * "directory". */ typedef isc_result_t -(*cfg_parsecallback_t)(const char *clausename, cfg_obj_t *obj, void *arg); +(*cfg_parsecallback_t)(const char *clausename, const cfg_obj_t *obj, void *arg); /*** *** Functions @@ -143,20 +143,20 @@ cfg_parser_destroy(cfg_parser_t **pctxp); */ isc_boolean_t -cfg_obj_isvoid(cfg_obj_t *obj); +cfg_obj_isvoid(const cfg_obj_t *obj); /* * Return true iff 'obj' is of void type (e.g., an optional * value not specified). */ isc_boolean_t -cfg_obj_ismap(cfg_obj_t *obj); +cfg_obj_ismap(const cfg_obj_t *obj); /* * Return true iff 'obj' is of a map type. */ isc_result_t -cfg_map_get(cfg_obj_t *mapobj, const char* name, cfg_obj_t **obj); +cfg_map_get(const cfg_obj_t *mapobj, const char* name, const cfg_obj_t **obj); /* * Extract an element from a configuration object, which * must be of a map type. @@ -171,8 +171,8 @@ cfg_map_get(cfg_obj_t *mapobj, const char* name, cfg_obj_t **obj); * ISC_R_NOTFOUND - name not found in map */ -cfg_obj_t * -cfg_map_getname(cfg_obj_t *mapobj); +const cfg_obj_t * +cfg_map_getname(const cfg_obj_t *mapobj); /* * Get the name of a named map object, like a server "key" clause. * @@ -185,13 +185,13 @@ cfg_map_getname(cfg_obj_t *mapobj); */ isc_boolean_t -cfg_obj_istuple(cfg_obj_t *obj); +cfg_obj_istuple(const cfg_obj_t *obj); /* * Return true iff 'obj' is of a map type. */ -cfg_obj_t * -cfg_tuple_get(cfg_obj_t *tupleobj, const char *name); +const cfg_obj_t * +cfg_tuple_get(const cfg_obj_t *tupleobj, const char *name); /* * Extract an element from a configuration object, which * must be of a tuple type. @@ -203,13 +203,13 @@ cfg_tuple_get(cfg_obj_t *tupleobj, const char *name); */ isc_boolean_t -cfg_obj_isuint32(cfg_obj_t *obj); +cfg_obj_isuint32(const cfg_obj_t *obj); /* * Return true iff 'obj' is of integer type. */ isc_uint32_t -cfg_obj_asuint32(cfg_obj_t *obj); +cfg_obj_asuint32(const cfg_obj_t *obj); /* * Returns the value of a configuration object of 32-bit integer type. * @@ -221,13 +221,13 @@ cfg_obj_asuint32(cfg_obj_t *obj); */ isc_boolean_t -cfg_obj_isuint64(cfg_obj_t *obj); +cfg_obj_isuint64(const cfg_obj_t *obj); /* * Return true iff 'obj' is of integer type. */ isc_uint64_t -cfg_obj_asuint64(cfg_obj_t *obj); +cfg_obj_asuint64(const cfg_obj_t *obj); /* * Returns the value of a configuration object of 64-bit integer type. * @@ -239,13 +239,13 @@ cfg_obj_asuint64(cfg_obj_t *obj); */ isc_boolean_t -cfg_obj_isstring(cfg_obj_t *obj); +cfg_obj_isstring(const cfg_obj_t *obj); /* * Return true iff 'obj' is of string type. */ -char * -cfg_obj_asstring(cfg_obj_t *obj); +const char * +cfg_obj_asstring(const cfg_obj_t *obj); /* * Returns the value of a configuration object of a string type * as a null-terminated string. @@ -258,13 +258,13 @@ cfg_obj_asstring(cfg_obj_t *obj); */ isc_boolean_t -cfg_obj_isboolean(cfg_obj_t *obj); +cfg_obj_isboolean(const cfg_obj_t *obj); /* * Return true iff 'obj' is of a boolean type. */ isc_boolean_t -cfg_obj_asboolean(cfg_obj_t *obj); +cfg_obj_asboolean(const cfg_obj_t *obj); /* * Returns the value of a configuration object of a boolean type. * @@ -276,13 +276,13 @@ cfg_obj_asboolean(cfg_obj_t *obj); */ isc_boolean_t -cfg_obj_issockaddr(cfg_obj_t *obj); +cfg_obj_issockaddr(const cfg_obj_t *obj); /* * Return true iff 'obj' is a socket address. */ -isc_sockaddr_t * -cfg_obj_assockaddr(cfg_obj_t *obj); +const isc_sockaddr_t * +cfg_obj_assockaddr(const cfg_obj_t *obj); /* * Returns the value of a configuration object representing a socket address. * @@ -295,13 +295,13 @@ cfg_obj_assockaddr(cfg_obj_t *obj); */ isc_boolean_t -cfg_obj_isnetprefix(cfg_obj_t *obj); +cfg_obj_isnetprefix(const cfg_obj_t *obj); /* * Return true iff 'obj' is a network prefix. */ void -cfg_obj_asnetprefix(cfg_obj_t *obj, isc_netaddr_t *netaddr, +cfg_obj_asnetprefix(const cfg_obj_t *obj, isc_netaddr_t *netaddr, unsigned int *prefixlen); /* * Gets the value of a configuration object representing a network @@ -314,13 +314,13 @@ cfg_obj_asnetprefix(cfg_obj_t *obj, isc_netaddr_t *netaddr, */ isc_boolean_t -cfg_obj_islist(cfg_obj_t *obj); +cfg_obj_islist(const cfg_obj_t *obj); /* * Return true iff 'obj' is of list type. */ -cfg_listelt_t * -cfg_list_first(cfg_obj_t *obj); +const cfg_listelt_t * +cfg_list_first(const cfg_obj_t *obj); /* * Returns the first list element in a configuration object of a list type. * @@ -332,8 +332,8 @@ cfg_list_first(cfg_obj_t *obj); * or NULL if the list is empty or nonexistent. */ -cfg_listelt_t * -cfg_list_next(cfg_listelt_t *elt); +const cfg_listelt_t * +cfg_list_next(const cfg_listelt_t *elt); /* * Returns the next element of a list of configuration objects. * @@ -346,8 +346,8 @@ cfg_list_next(cfg_listelt_t *elt); * or NULL if there are no more elements. */ -cfg_obj_t * -cfg_listelt_value(cfg_listelt_t *elt); +const cfg_obj_t * +cfg_listelt_value(const cfg_listelt_t *elt); /* * Returns the configuration object associated with cfg_listelt_t. * @@ -360,7 +360,7 @@ cfg_listelt_value(cfg_listelt_t *elt); */ void -cfg_print(cfg_obj_t *obj, +cfg_print(const cfg_obj_t *obj, void (*f)(void *closure, const char *text, int textlen), void *closure); /* @@ -378,7 +378,7 @@ cfg_print_grammar(const cfg_type_t *type, */ isc_boolean_t -cfg_obj_istype(cfg_obj_t *obj, const cfg_type_t *type); +cfg_obj_istype(const cfg_obj_t *obj, const cfg_type_t *type); /* * Return true iff 'obj' is of type 'type'. */ @@ -389,7 +389,8 @@ void cfg_obj_destroy(cfg_parser_t *pctx, cfg_obj_t **obj); */ void -cfg_obj_log(cfg_obj_t *obj, isc_log_t *lctx, int level, const char *fmt, ...) +cfg_obj_log(const cfg_obj_t *obj, isc_log_t *lctx, int level, + const char *fmt, ...) ISC_FORMAT_PRINTF(4, 5); /* * Log a message concerning configuration object 'obj' to the logging @@ -398,13 +399,13 @@ cfg_obj_log(cfg_obj_t *obj, isc_log_t *lctx, int level, const char *fmt, ...) */ const char * -cfg_obj_file(cfg_obj_t *obj); +cfg_obj_file(const cfg_obj_t *obj); /* * Return the file that defined this object. */ unsigned int -cfg_obj_line(cfg_obj_t *obj); +cfg_obj_line(const cfg_obj_t *obj); /* * Return the line in file where this object was defined. */ diff --git a/contrib/bind9/lib/isccfg/include/isccfg/grammar.h b/contrib/bind9/lib/isccfg/include/isccfg/grammar.h index 92b142b7ac7..4aaeb4ff477 100644 --- a/contrib/bind9/lib/isccfg/include/isccfg/grammar.h +++ b/contrib/bind9/lib/isccfg/include/isccfg/grammar.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: grammar.h,v 1.3.50.4 2004/11/30 01:15:44 marka Exp $ */ +/* $Id: grammar.h,v 1.3.50.6 2006/03/02 00:37:20 marka Exp $ */ #ifndef ISCCFG_GRAMMAR_H #define ISCCFG_GRAMMAR_H 1 @@ -63,7 +63,7 @@ typedef struct cfg_rep cfg_rep_t; typedef isc_result_t (*cfg_parsefunc_t)(cfg_parser_t *, const cfg_type_t *type, cfg_obj_t **); -typedef void (*cfg_printfunc_t)(cfg_printer_t *, cfg_obj_t *); +typedef void (*cfg_printfunc_t)(cfg_printer_t *, const cfg_obj_t *); typedef void (*cfg_docfunc_t)(cfg_printer_t *, const cfg_type_t *); typedef void (*cfg_freefunc_t)(cfg_parser_t *, cfg_obj_t *); @@ -156,7 +156,7 @@ struct cfg_obj { isc_sockaddr_t sockaddr; cfg_netprefix_t netprefix; } value; - char * file; + const char * file; unsigned int line; }; @@ -274,16 +274,16 @@ isc_result_t cfg_parse_uint32(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); void -cfg_print_uint32(cfg_printer_t *pctx, cfg_obj_t *obj); +cfg_print_uint32(cfg_printer_t *pctx, const cfg_obj_t *obj); void -cfg_print_uint64(cfg_printer_t *pctx, cfg_obj_t *obj); +cfg_print_uint64(cfg_printer_t *pctx, const cfg_obj_t *obj); isc_result_t cfg_parse_qstring(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); void -cfg_print_ustring(cfg_printer_t *pctx, cfg_obj_t *obj); +cfg_print_ustring(cfg_printer_t *pctx, const cfg_obj_t *obj); isc_result_t cfg_parse_astring(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); @@ -292,7 +292,7 @@ isc_result_t cfg_parse_rawaddr(cfg_parser_t *pctx, unsigned int flags, isc_netaddr_t *na); void -cfg_print_rawaddr(cfg_printer_t *pctx, isc_netaddr_t *na); +cfg_print_rawaddr(cfg_printer_t *pctx, const isc_netaddr_t *na); isc_boolean_t cfg_lookingat_netaddr(cfg_parser_t *pctx, unsigned int flags); @@ -304,7 +304,7 @@ isc_result_t cfg_parse_sockaddr(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); void -cfg_print_sockaddr(cfg_printer_t *pctx, cfg_obj_t *obj); +cfg_print_sockaddr(cfg_printer_t *pctx, const cfg_obj_t *obj); void cfg_doc_sockaddr(cfg_printer_t *pctx, const cfg_type_t *type); @@ -323,7 +323,7 @@ isc_result_t cfg_parse_tuple(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); void -cfg_print_tuple(cfg_printer_t *pctx, cfg_obj_t *obj); +cfg_print_tuple(cfg_printer_t *pctx, const cfg_obj_t *obj); void cfg_doc_tuple(cfg_printer_t *pctx, const cfg_type_t *type); @@ -339,7 +339,7 @@ isc_result_t cfg_parse_bracketed_list(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); void -cfg_print_bracketed_list(cfg_printer_t *pctx, cfg_obj_t *obj); +cfg_print_bracketed_list(cfg_printer_t *pctx, const cfg_obj_t *obj); void cfg_doc_bracketed_list(cfg_printer_t *pctx, const cfg_type_t *type); @@ -348,7 +348,7 @@ isc_result_t cfg_parse_spacelist(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); void -cfg_print_spacelist(cfg_printer_t *pctx, cfg_obj_t *obj); +cfg_print_spacelist(cfg_printer_t *pctx, const cfg_obj_t *obj); isc_result_t cfg_parse_enum(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); @@ -374,7 +374,7 @@ isc_result_t cfg_parse_addressed_map(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); void -cfg_print_map(cfg_printer_t *pctx, cfg_obj_t *obj); +cfg_print_map(cfg_printer_t *pctx, const cfg_obj_t *obj); void cfg_doc_map(cfg_printer_t *pctx, const cfg_type_t *type); @@ -383,7 +383,7 @@ isc_result_t cfg_parse_mapbody(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); void -cfg_print_mapbody(cfg_printer_t *pctx, cfg_obj_t *obj); +cfg_print_mapbody(cfg_printer_t *pctx, const cfg_obj_t *obj); void cfg_doc_mapbody(cfg_printer_t *pctx, const cfg_type_t *type); @@ -392,7 +392,7 @@ isc_result_t cfg_parse_void(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); void -cfg_print_void(cfg_printer_t *pctx, cfg_obj_t *obj); +cfg_print_void(cfg_printer_t *pctx, const cfg_obj_t *obj); void cfg_doc_void(cfg_printer_t *pctx, const cfg_type_t *type); @@ -401,7 +401,7 @@ isc_result_t cfg_parse_obj(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); void -cfg_print_obj(cfg_printer_t *pctx, cfg_obj_t *obj); +cfg_print_obj(cfg_printer_t *pctx, const cfg_obj_t *obj); void cfg_doc_obj(cfg_printer_t *pctx, const cfg_type_t *type); diff --git a/contrib/bind9/lib/isccfg/namedconf.c b/contrib/bind9/lib/isccfg/namedconf.c index bfc5dda425e..d54bbe23c47 100644 --- a/contrib/bind9/lib/isccfg/namedconf.c +++ b/contrib/bind9/lib/isccfg/namedconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: namedconf.c,v 1.21.44.32 2005/10/26 05:06:40 marka Exp $ */ +/* $Id: namedconf.c,v 1.21.44.34 2006/03/02 00:37:20 marka Exp $ */ #include @@ -58,7 +58,7 @@ static isc_result_t parse_optional_keyvalue(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); static void -print_keyvalue(cfg_printer_t *pctx, cfg_obj_t *obj); +print_keyvalue(cfg_printer_t *pctx, const cfg_obj_t *obj); static void doc_keyvalue(cfg_printer_t *pctx, const cfg_type_t *type); @@ -428,7 +428,7 @@ static cfg_type_t cfg_type_transferformat = { */ static void -print_none(cfg_printer_t *pctx, cfg_obj_t *obj) { +print_none(cfg_printer_t *pctx, const cfg_obj_t *obj) { UNUSED(obj); cfg_print_chars(pctx, "none", 4); } @@ -469,7 +469,7 @@ static cfg_type_t cfg_type_qstringornone = { */ static void -print_hostname(cfg_printer_t *pctx, cfg_obj_t *obj) { +print_hostname(cfg_printer_t *pctx, const cfg_obj_t *obj) { UNUSED(obj); cfg_print_chars(pctx, "hostname", 4); } @@ -1127,7 +1127,7 @@ parse_optional_keyvalue(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t ** } static void -print_keyvalue(cfg_printer_t *pctx, cfg_obj_t *obj) { +print_keyvalue(cfg_printer_t *pctx, const cfg_obj_t *obj) { const keyword_type_t *kw = obj->type->of; cfg_print_cstr(pctx, kw->name); cfg_print_chars(pctx, " ", 1); @@ -1332,7 +1332,7 @@ parse_querysource6(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) } static void -print_querysource(cfg_printer_t *pctx, cfg_obj_t *obj) { +print_querysource(cfg_printer_t *pctx, const cfg_obj_t *obj) { isc_netaddr_t na; isc_netaddr_fromsockaddr(&na, &obj->value.sockaddr); cfg_print_chars(pctx, "address ", 8); @@ -1408,7 +1408,7 @@ static cfg_tuplefielddef_t negated_fields[] = { }; static void -print_negated(cfg_printer_t *pctx, cfg_obj_t *obj) { +print_negated(cfg_printer_t *pctx, const cfg_obj_t *obj) { cfg_print_chars(pctx, "!", 1); cfg_print_tuple(pctx, obj); } @@ -1625,7 +1625,7 @@ parse_logfile(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { } static void -print_logfile(cfg_printer_t *pctx, cfg_obj_t *obj) { +print_logfile(cfg_printer_t *pctx, const cfg_obj_t *obj) { cfg_print_obj(pctx, obj->value.tuple[0]); /* file */ if (obj->value.tuple[1]->type->print != cfg_print_void) { cfg_print_chars(pctx, " versions ", 10); diff --git a/contrib/bind9/lib/isccfg/parser.c b/contrib/bind9/lib/isccfg/parser.c index f72c3c2b926..42ce9f0c03a 100644 --- a/contrib/bind9/lib/isccfg/parser.c +++ b/contrib/bind9/lib/isccfg/parser.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: parser.c,v 1.70.2.20.2.18 2004/05/15 03:46:13 jinmei Exp $ */ +/* $Id: parser.c,v 1.70.2.20.2.21 2006/02/28 06:32:54 marka Exp $ */ #include @@ -68,7 +68,7 @@ static isc_result_t parse_list(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); static void -print_list(cfg_printer_t *pctx, cfg_obj_t *obj); +print_list(cfg_printer_t *pctx, const cfg_obj_t *obj); static void free_list(cfg_parser_t *pctx, cfg_obj_t *obj); @@ -134,7 +134,7 @@ static cfg_type_t cfg_type_implicitlist = { /* Functions. */ void -cfg_print_obj(cfg_printer_t *pctx, cfg_obj_t *obj) { +cfg_print_obj(cfg_printer_t *pctx, const cfg_obj_t *obj) { obj->type->print(pctx, obj); } @@ -177,7 +177,7 @@ cfg_parse_obj(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { } void -cfg_print(cfg_obj_t *obj, +cfg_print(const cfg_obj_t *obj, void (*f)(void *closure, const char *text, int textlen), void *closure) { @@ -243,14 +243,14 @@ cfg_parse_tuple(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) } void -cfg_print_tuple(cfg_printer_t *pctx, cfg_obj_t *obj) { +cfg_print_tuple(cfg_printer_t *pctx, const cfg_obj_t *obj) { unsigned int i; const cfg_tuplefielddef_t *fields = obj->type->of; const cfg_tuplefielddef_t *f; isc_boolean_t need_space = ISC_FALSE; for (f = fields, i = 0; f->name != NULL; f++, i++) { - cfg_obj_t *fieldobj = obj->value.tuple[i]; + const cfg_obj_t *fieldobj = obj->value.tuple[i]; if (need_space) cfg_print_chars(pctx, " ", 1); cfg_print_obj(pctx, fieldobj); @@ -291,13 +291,13 @@ free_tuple(cfg_parser_t *pctx, cfg_obj_t *obj) { } isc_boolean_t -cfg_obj_istuple(cfg_obj_t *obj) { +cfg_obj_istuple(const cfg_obj_t *obj) { REQUIRE(obj != NULL); return (ISC_TF(obj->type->rep == &cfg_rep_tuple)); } -cfg_obj_t * -cfg_tuple_get(cfg_obj_t *tupleobj, const char* name) { +const cfg_obj_t * +cfg_tuple_get(const cfg_obj_t *tupleobj, const char* name) { unsigned int i; const cfg_tuplefielddef_t *fields; const cfg_tuplefielddef_t *f; @@ -548,7 +548,7 @@ cfg_parse_void(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { } void -cfg_print_void(cfg_printer_t *pctx, cfg_obj_t *obj) { +cfg_print_void(cfg_printer_t *pctx, const cfg_obj_t *obj) { UNUSED(pctx); UNUSED(obj); } @@ -560,7 +560,7 @@ cfg_doc_void(cfg_printer_t *pctx, const cfg_type_t *type) { } isc_boolean_t -cfg_obj_isvoid(cfg_obj_t *obj) { +cfg_obj_isvoid(const cfg_obj_t *obj) { REQUIRE(obj != NULL); return (ISC_TF(obj->type->rep == &cfg_rep_void)); } @@ -606,18 +606,18 @@ cfg_print_rawuint(cfg_printer_t *pctx, unsigned int u) { } void -cfg_print_uint32(cfg_printer_t *pctx, cfg_obj_t *obj) { +cfg_print_uint32(cfg_printer_t *pctx, const cfg_obj_t *obj) { cfg_print_rawuint(pctx, obj->value.uint32); } isc_boolean_t -cfg_obj_isuint32(cfg_obj_t *obj) { +cfg_obj_isuint32(const cfg_obj_t *obj) { REQUIRE(obj != NULL); return (ISC_TF(obj->type->rep == &cfg_rep_uint32)); } isc_uint32_t -cfg_obj_asuint32(cfg_obj_t *obj) { +cfg_obj_asuint32(const cfg_obj_t *obj) { REQUIRE(obj != NULL && obj->type->rep == &cfg_rep_uint32); return (obj->value.uint32); } @@ -632,19 +632,19 @@ cfg_type_t cfg_type_uint32 = { * uint64 */ isc_boolean_t -cfg_obj_isuint64(cfg_obj_t *obj) { +cfg_obj_isuint64(const cfg_obj_t *obj) { REQUIRE(obj != NULL); return (ISC_TF(obj->type->rep == &cfg_rep_uint64)); } isc_uint64_t -cfg_obj_asuint64(cfg_obj_t *obj) { +cfg_obj_asuint64(const cfg_obj_t *obj) { REQUIRE(obj != NULL && obj->type->rep == &cfg_rep_uint64); return (obj->value.uint64); } void -cfg_print_uint64(cfg_printer_t *pctx, cfg_obj_t *obj) { +cfg_print_uint64(cfg_printer_t *pctx, const cfg_obj_t *obj) { char buf[32]; snprintf(buf, sizeof(buf), "%" ISC_PRINT_QUADFORMAT "u", obj->value.uint64); @@ -723,7 +723,9 @@ parse_ustring(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { } isc_result_t -cfg_parse_astring(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { +cfg_parse_astring(cfg_parser_t *pctx, const cfg_type_t *type, + cfg_obj_t **ret) +{ isc_result_t result; UNUSED(type); @@ -781,12 +783,12 @@ cfg_doc_enum(cfg_printer_t *pctx, const cfg_type_t *type) { } void -cfg_print_ustring(cfg_printer_t *pctx, cfg_obj_t *obj) { +cfg_print_ustring(cfg_printer_t *pctx, const cfg_obj_t *obj) { cfg_print_chars(pctx, obj->value.string.base, obj->value.string.length); } static void -print_qstring(cfg_printer_t *pctx, cfg_obj_t *obj) { +print_qstring(cfg_printer_t *pctx, const cfg_obj_t *obj) { cfg_print_chars(pctx, "\"", 1); cfg_print_ustring(pctx, obj); cfg_print_chars(pctx, "\"", 1); @@ -799,13 +801,13 @@ free_string(cfg_parser_t *pctx, cfg_obj_t *obj) { } isc_boolean_t -cfg_obj_isstring(cfg_obj_t *obj) { +cfg_obj_isstring(const cfg_obj_t *obj) { REQUIRE(obj != NULL); return (ISC_TF(obj->type->rep == &cfg_rep_string)); } -char * -cfg_obj_asstring(cfg_obj_t *obj) { +const char * +cfg_obj_asstring(const cfg_obj_t *obj) { REQUIRE(obj != NULL && obj->type->rep == &cfg_rep_string); return (obj->value.string.base); } @@ -833,13 +835,13 @@ cfg_type_t cfg_type_astring = { */ isc_boolean_t -cfg_obj_isboolean(cfg_obj_t *obj) { +cfg_obj_isboolean(const cfg_obj_t *obj) { REQUIRE(obj != NULL); return (ISC_TF(obj->type->rep == &cfg_rep_boolean)); } isc_boolean_t -cfg_obj_asboolean(cfg_obj_t *obj) { +cfg_obj_asboolean(const cfg_obj_t *obj) { REQUIRE(obj != NULL && obj->type->rep == &cfg_rep_boolean); return (obj->value.boolean); } @@ -885,7 +887,7 @@ parse_boolean(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) } static void -print_boolean(cfg_printer_t *pctx, cfg_obj_t *obj) { +print_boolean(cfg_printer_t *pctx, const cfg_obj_t *obj) { if (obj->value.boolean) cfg_print_chars(pctx, "yes", 3); else @@ -999,9 +1001,9 @@ parse_list(cfg_parser_t *pctx, const cfg_type_t *listtype, cfg_obj_t **ret) } static void -print_list(cfg_printer_t *pctx, cfg_obj_t *obj) { - cfg_list_t *list = &obj->value.list; - cfg_listelt_t *elt; +print_list(cfg_printer_t *pctx, const cfg_obj_t *obj) { + const cfg_list_t *list = &obj->value.list; + const cfg_listelt_t *elt; for (elt = ISC_LIST_HEAD(*list); elt != NULL; @@ -1025,7 +1027,7 @@ cfg_parse_bracketed_list(cfg_parser_t *pctx, const cfg_type_t *type, } void -cfg_print_bracketed_list(cfg_printer_t *pctx, cfg_obj_t *obj) { +cfg_print_bracketed_list(cfg_printer_t *pctx, const cfg_obj_t *obj) { print_open(pctx); print_list(pctx, obj); print_close(pctx); @@ -1072,9 +1074,9 @@ cfg_parse_spacelist(cfg_parser_t *pctx, const cfg_type_t *listtype, } void -cfg_print_spacelist(cfg_printer_t *pctx, cfg_obj_t *obj) { - cfg_list_t *list = &obj->value.list; - cfg_listelt_t *elt; +cfg_print_spacelist(cfg_printer_t *pctx, const cfg_obj_t *obj) { + const cfg_list_t *list = &obj->value.list; + const cfg_listelt_t *elt; for (elt = ISC_LIST_HEAD(*list); elt != NULL; @@ -1087,27 +1089,27 @@ cfg_print_spacelist(cfg_printer_t *pctx, cfg_obj_t *obj) { isc_boolean_t -cfg_obj_islist(cfg_obj_t *obj) { +cfg_obj_islist(const cfg_obj_t *obj) { REQUIRE(obj != NULL); return (ISC_TF(obj->type->rep == &cfg_rep_list)); } -cfg_listelt_t * -cfg_list_first(cfg_obj_t *obj) { +const cfg_listelt_t * +cfg_list_first(const cfg_obj_t *obj) { REQUIRE(obj == NULL || obj->type->rep == &cfg_rep_list); if (obj == NULL) return (NULL); return (ISC_LIST_HEAD(obj->value.list)); } -cfg_listelt_t * -cfg_list_next(cfg_listelt_t *elt) { +const cfg_listelt_t * +cfg_list_next(const cfg_listelt_t *elt) { REQUIRE(elt != NULL); return (ISC_LIST_NEXT(elt, link)); } -cfg_obj_t * -cfg_listelt_value(cfg_listelt_t *elt) { +const cfg_obj_t * +cfg_listelt_value(const cfg_listelt_t *elt) { REQUIRE(elt != NULL); return (elt->obj); } @@ -1366,7 +1368,7 @@ cfg_parse_addressed_map(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t ** } void -cfg_print_mapbody(cfg_printer_t *pctx, cfg_obj_t *obj) { +cfg_print_mapbody(cfg_printer_t *pctx, const cfg_obj_t *obj) { isc_result_t result = ISC_R_SUCCESS; const cfg_clausedef_t * const *clauseset; @@ -1446,7 +1448,7 @@ static struct flagtext { }; void -cfg_print_map(cfg_printer_t *pctx, cfg_obj_t *obj) { +cfg_print_map(cfg_printer_t *pctx, const cfg_obj_t *obj) { if (obj->value.map.id != NULL) { cfg_print_obj(pctx, obj->value.map.id); cfg_print_chars(pctx, " ", 1); @@ -1505,16 +1507,16 @@ cfg_doc_map(cfg_printer_t *pctx, const cfg_type_t *type) { } isc_boolean_t -cfg_obj_ismap(cfg_obj_t *obj) { +cfg_obj_ismap(const cfg_obj_t *obj) { REQUIRE(obj != NULL); return (ISC_TF(obj->type->rep == &cfg_rep_map)); } isc_result_t -cfg_map_get(cfg_obj_t *mapobj, const char* name, cfg_obj_t **obj) { +cfg_map_get(const cfg_obj_t *mapobj, const char* name, const cfg_obj_t **obj) { isc_result_t result; isc_symvalue_t val; - cfg_map_t *map; + const cfg_map_t *map; REQUIRE(mapobj != NULL && mapobj->type->rep == &cfg_rep_map); REQUIRE(name != NULL); @@ -1529,8 +1531,8 @@ cfg_map_get(cfg_obj_t *mapobj, const char* name, cfg_obj_t **obj) { return (ISC_R_SUCCESS); } -cfg_obj_t * -cfg_map_getname(cfg_obj_t *mapobj) { +const cfg_obj_t * +cfg_map_getname(const cfg_obj_t *mapobj) { REQUIRE(mapobj != NULL && mapobj->type->rep == &cfg_rep_map); return (mapobj->value.map.id); } @@ -1556,12 +1558,19 @@ parse_token(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { isc_lex_getlasttokentext(pctx->lexer, &pctx->token, &r); obj->value.string.base = isc_mem_get(pctx->mctx, r.length + 1); + if (obj->value.string.base == NULL) { + result = ISC_R_NOMEMORY; + goto cleanup; + } obj->value.string.length = r.length; memcpy(obj->value.string.base, r.base, r.length); obj->value.string.base[r.length] = '\0'; *ret = obj; + return (result); cleanup: + if (obj != NULL) + isc_mem_put(pctx->mctx, obj, sizeof(*obj)); return (result); } @@ -1753,7 +1762,7 @@ cfg_parse_rawport(cfg_parser_t *pctx, unsigned int flags, in_port_t *port) { } void -cfg_print_rawaddr(cfg_printer_t *pctx, isc_netaddr_t *na) { +cfg_print_rawaddr(cfg_printer_t *pctx, const isc_netaddr_t *na) { isc_result_t result; char text[128]; isc_buffer_t buf; @@ -1843,21 +1852,22 @@ cfg_parse_netprefix(cfg_parser_t *pctx, const cfg_type_t *type, } static void -print_netprefix(cfg_printer_t *pctx, cfg_obj_t *obj) { - cfg_netprefix_t *p = &obj->value.netprefix; +print_netprefix(cfg_printer_t *pctx, const cfg_obj_t *obj) { + const cfg_netprefix_t *p = &obj->value.netprefix; + cfg_print_rawaddr(pctx, &p->address); cfg_print_chars(pctx, "/", 1); cfg_print_rawuint(pctx, p->prefixlen); } isc_boolean_t -cfg_obj_isnetprefix(cfg_obj_t *obj) { +cfg_obj_isnetprefix(const cfg_obj_t *obj) { REQUIRE(obj != NULL); return (ISC_TF(obj->type->rep == &cfg_rep_netprefix)); } void -cfg_obj_asnetprefix(cfg_obj_t *obj, isc_netaddr_t *netaddr, +cfg_obj_asnetprefix(const cfg_obj_t *obj, isc_netaddr_t *netaddr, unsigned int *prefixlen) { REQUIRE(obj != NULL && obj->type->rep == &cfg_rep_netprefix); *netaddr = obj->value.netprefix.address; @@ -1908,7 +1918,7 @@ cfg_parse_sockaddr(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) } void -cfg_print_sockaddr(cfg_printer_t *pctx, cfg_obj_t *obj) { +cfg_print_sockaddr(cfg_printer_t *pctx, const cfg_obj_t *obj) { isc_netaddr_t netaddr; in_port_t port; char buf[ISC_NETADDR_FORMATSIZE]; @@ -1929,8 +1939,6 @@ cfg_doc_sockaddr(cfg_printer_t *pctx, const cfg_type_t *type) { int n = 0; cfg_print_chars(pctx, "( ", 2); if (*flagp & CFG_ADDR_V4OK) { - if (n != 0) - cfg_print_chars(pctx, " | ", 3); cfg_print_cstr(pctx, ""); n++; } @@ -1955,13 +1963,13 @@ cfg_doc_sockaddr(cfg_printer_t *pctx, const cfg_type_t *type) { } isc_boolean_t -cfg_obj_issockaddr(cfg_obj_t *obj) { +cfg_obj_issockaddr(const cfg_obj_t *obj) { REQUIRE(obj != NULL); return (ISC_TF(obj->type->rep == &cfg_rep_sockaddr)); } -isc_sockaddr_t * -cfg_obj_assockaddr(cfg_obj_t *obj) { +const isc_sockaddr_t * +cfg_obj_assockaddr(const cfg_obj_t *obj) { REQUIRE(obj != NULL && obj->type->rep == &cfg_rep_sockaddr); return (&obj->value.sockaddr); } @@ -2158,7 +2166,8 @@ parser_complain(cfg_parser_t *pctx, isc_boolean_t is_warning, } void -cfg_obj_log(cfg_obj_t *obj, isc_log_t *lctx, int level, const char *fmt, ...) { +cfg_obj_log(const cfg_obj_t *obj, isc_log_t *lctx, int level, + const char *fmt, ...) { va_list ap; char msgbuf[2048]; @@ -2176,12 +2185,12 @@ cfg_obj_log(cfg_obj_t *obj, isc_log_t *lctx, int level, const char *fmt, ...) { } const char * -cfg_obj_file(cfg_obj_t *obj) { +cfg_obj_file(const cfg_obj_t *obj) { return (obj->file); } unsigned int -cfg_obj_line(cfg_obj_t *obj) { +cfg_obj_line(const cfg_obj_t *obj) { return (obj->line); } @@ -2223,7 +2232,6 @@ create_map(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { CHECK(isc_symtab_create(pctx->mctx, 5, /* XXX */ map_symtabitem_destroy, pctx, ISC_FALSE, &symtab)); - obj->value.map.symtab = symtab; obj->value.map.id = NULL; @@ -2243,7 +2251,7 @@ free_map(cfg_parser_t *pctx, cfg_obj_t *obj) { } isc_boolean_t -cfg_obj_istype(cfg_obj_t *obj, const cfg_type_t *type) { +cfg_obj_istype(const cfg_obj_t *obj, const cfg_type_t *type) { return (ISC_TF(obj->type == type)); } diff --git a/contrib/bind9/lib/lwres/api b/contrib/bind9/lib/lwres/api index 0ab1e92dc29..63704dd62ad 100644 --- a/contrib/bind9/lib/lwres/api +++ b/contrib/bind9/lib/lwres/api @@ -1,3 +1,3 @@ LIBINTERFACE = 10 -LIBREVISION = 1 +LIBREVISION = 5 LIBAGE = 1 diff --git a/contrib/bind9/lib/lwres/gai_strerror.c b/contrib/bind9/lib/lwres/gai_strerror.c index ae819dda4b4..06b7fbe1efd 100644 --- a/contrib/bind9/lib/lwres/gai_strerror.c +++ b/contrib/bind9/lib/lwres/gai_strerror.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: gai_strerror.c,v 1.14.2.1.10.1 2004/03/06 08:15:30 marka Exp $ */ +/* $Id: gai_strerror.c,v 1.14.2.1.10.3 2006/08/25 05:25:50 marka Exp $ */ + +#include #include diff --git a/contrib/bind9/lib/lwres/getaddrinfo.c b/contrib/bind9/lib/lwres/getaddrinfo.c index c06327446b3..9ad10dfd7eb 100644 --- a/contrib/bind9/lib/lwres/getaddrinfo.c +++ b/contrib/bind9/lib/lwres/getaddrinfo.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * This code is derived from software contributed to ISC by @@ -18,7 +18,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: getaddrinfo.c,v 1.41.206.3 2005/06/09 23:54:33 marka Exp $ */ +/* $Id: getaddrinfo.c,v 1.41.206.6 2006/11/13 11:57:41 marka Exp $ */ #include @@ -325,8 +325,10 @@ lwres_getaddrinfo(const char *hostname, const char *servname, NULL, 0, NI_NUMERICHOST) == 0) { ai->ai_canonname = strdup(nbuf); - if (ai->ai_canonname == NULL) + if (ai->ai_canonname == NULL) { + lwres_freeaddrinfo(ai_list); return (EAI_MEMORY); + } } else { /* XXX raise error? */ ai->ai_canonname = NULL; @@ -435,7 +437,7 @@ static char v4_loop[4] = { 127, 0, 0, 1 }; * The test against 0 is there to keep the Solaris compiler * from complaining about "end-of-loop code not reached". */ -#define ERR(code) \ +#define SETERROR(code) \ do { result = (code); \ if (result != 0) goto cleanup; \ } while (0) @@ -453,13 +455,13 @@ add_ipv4(const char *hostname, int flags, struct addrinfo **aip, lwres = lwres_context_create(&lwrctx, NULL, NULL, NULL, 0); if (lwres != LWRES_R_SUCCESS) - ERR(EAI_FAIL); + SETERROR(EAI_FAIL); (void) lwres_conf_parse(lwrctx, lwres_resolv_conf); if (hostname == NULL && (flags & AI_PASSIVE) == 0) { ai = ai_clone(*aip, AF_INET); if (ai == NULL) { lwres_freeaddrinfo(*aip); - ERR(EAI_MEMORY); + SETERROR(EAI_MEMORY); } *aip = ai; @@ -473,14 +475,14 @@ add_ipv4(const char *hostname, int flags, struct addrinfo **aip, if (lwres == LWRES_R_NOTFOUND) goto cleanup; else - ERR(EAI_FAIL); + SETERROR(EAI_FAIL); } addr = LWRES_LIST_HEAD(by->addrs); while (addr != NULL) { ai = ai_clone(*aip, AF_INET); if (ai == NULL) { lwres_freeaddrinfo(*aip); - ERR(EAI_MEMORY); + SETERROR(EAI_MEMORY); } *aip = ai; ai->ai_socktype = socktype; @@ -490,7 +492,7 @@ add_ipv4(const char *hostname, int flags, struct addrinfo **aip, if (flags & AI_CANONNAME) { ai->ai_canonname = strdup(by->realname); if (ai->ai_canonname == NULL) - ERR(EAI_MEMORY); + SETERROR(EAI_MEMORY); } addr = LWRES_LIST_NEXT(addr, link); } @@ -520,14 +522,14 @@ add_ipv6(const char *hostname, int flags, struct addrinfo **aip, lwres = lwres_context_create(&lwrctx, NULL, NULL, NULL, 0); if (lwres != LWRES_R_SUCCESS) - ERR(EAI_FAIL); + SETERROR(EAI_FAIL); (void) lwres_conf_parse(lwrctx, lwres_resolv_conf); if (hostname == NULL && (flags & AI_PASSIVE) == 0) { ai = ai_clone(*aip, AF_INET6); if (ai == NULL) { lwres_freeaddrinfo(*aip); - ERR(EAI_MEMORY); + SETERROR(EAI_MEMORY); } *aip = ai; @@ -541,14 +543,14 @@ add_ipv6(const char *hostname, int flags, struct addrinfo **aip, if (lwres == LWRES_R_NOTFOUND) goto cleanup; else - ERR(EAI_FAIL); + SETERROR(EAI_FAIL); } addr = LWRES_LIST_HEAD(by->addrs); while (addr != NULL) { ai = ai_clone(*aip, AF_INET6); if (ai == NULL) { lwres_freeaddrinfo(*aip); - ERR(EAI_MEMORY); + SETERROR(EAI_MEMORY); } *aip = ai; ai->ai_socktype = socktype; @@ -558,7 +560,7 @@ add_ipv6(const char *hostname, int flags, struct addrinfo **aip, if (flags & AI_CANONNAME) { ai->ai_canonname = strdup(by->realname); if (ai->ai_canonname == NULL) - ERR(EAI_MEMORY); + SETERROR(EAI_MEMORY); } addr = LWRES_LIST_NEXT(addr, link); } diff --git a/contrib/bind9/lib/lwres/lwconfig.c b/contrib/bind9/lib/lwres/lwconfig.c index 7fc2c5d0efd..4b4886bf0ea 100644 --- a/contrib/bind9/lib/lwres/lwconfig.c +++ b/contrib/bind9/lib/lwres/lwconfig.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwconfig.c,v 1.33.2.1.2.8 2005/06/08 02:35:21 marka Exp $ */ +/* $Id: lwconfig.c,v 1.33.2.1.2.10 2006/10/03 23:50:50 marka Exp $ */ /*** *** Module for parsing resolv.conf files. @@ -559,7 +559,7 @@ lwres_conf_parse(lwres_context_t *ctx, const char *filename) { errno = 0; if ((fp = fopen(filename, "r")) == NULL) - return (LWRES_R_FAILURE); + return (LWRES_R_NOTFOUND); ret = LWRES_R_SUCCESS; do { diff --git a/contrib/bind9/lib/lwres/man/lwres.3 b/contrib/bind9/lib/lwres/man/lwres.3 index 3411eac92b8..886f1f1b1a8 100644 --- a/contrib/bind9/lib/lwres/man/lwres.3 +++ b/contrib/bind9/lib/lwres/man/lwres.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres.3,v 1.15.206.5 2005/10/13 02:33:58 marka Exp $ +.\" $Id: lwres.3,v 1.15.206.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -155,3 +158,5 @@ bit should be set. \fBlwres_config\fR(3), \fBresolver\fR(5), \fBlwresd\fR(8). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres.html b/contrib/bind9/lib/lwres/man/lwres.html index 1d5e57bfd24..02af1f7d98c 100644 --- a/contrib/bind9/lib/lwres/man/lwres.html +++ b/contrib/bind9/lib/lwres/man/lwres.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres - +

    -
    +

    Name

    lwres — introduction to the lightweight resolver library

    @@ -32,7 +32,7 @@ 
    #include <lwres/lwres.h>
    -

    DESCRIPTION

    +

    DESCRIPTION

    The BIND 9 lightweight resolver library is a simple, name service independent stub resolver library. It provides hostname-to-address @@ -47,7 +47,7 @@ UDP-based protocol.

    -

    OVERVIEW

    +

    OVERVIEW

    The lwresd library implements multiple name service APIs. The standard @@ -101,7 +101,7 @@ and servers is outlined in the following sections.

    -

    CLIENT-SIDE LOW-LEVEL API CALL FLOW

    +

    CLIENT-SIDE LOW-LEVEL API CALL FLOW

    When a client program wishes to make an lwres request using the native low-level API, it typically performs the following @@ -147,7 +147,7 @@ packet specific information contained in the body.

    -

    SERVER-SIDE LOW-LEVEL API CALL FLOW

    +

    SERVER-SIDE LOW-LEVEL API CALL FLOW

    When implementing the server side of the lightweight resolver protocol using the lwres library, a sequence of actions like the @@ -188,7 +188,7 @@ set.

    -

    SEE ALSO

    +

    SEE ALSO

    lwres_gethostent(3), diff --git a/contrib/bind9/lib/lwres/man/lwres_buffer.3 b/contrib/bind9/lib/lwres/man/lwres_buffer.3 index 93e888b0c38..62312379c1b 100644 --- a/contrib/bind9/lib/lwres/man/lwres_buffer.3 +++ b/contrib/bind9/lib/lwres/man/lwres_buffer.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_buffer.3,v 1.12.2.1.8.5 2005/10/13 02:33:58 marka Exp $ +.\" $Id: lwres_buffer.3,v 1.12.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_buffer +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_BUFFER" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,37 +36,37 @@ lwres_buffer_init, lwres_buffer_invalidate, lwres_buffer_add, lwres_buffer_subtr #include .fi .HP 23 -\fBvoid\ \fBlwres_buffer_init\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBvoid\ *base\fR\fB, \fR\fBunsigned\ int\ length\fR\fB);\fR +.BI "void lwres_buffer_init(lwres_buffer_t\ *b, void\ *base, unsigned\ int\ length);" .HP 29 -\fBvoid\ \fBlwres_buffer_invalidate\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB);\fR +.BI "void lwres_buffer_invalidate(lwres_buffer_t\ *b);" .HP 22 -\fBvoid\ \fBlwres_buffer_add\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBunsigned\ int\ n\fR\fB);\fR +.BI "void lwres_buffer_add(lwres_buffer_t\ *b, unsigned\ int\ n);" .HP 27 -\fBvoid\ \fBlwres_buffer_subtract\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBunsigned\ int\ n\fR\fB);\fR +.BI "void lwres_buffer_subtract(lwres_buffer_t\ *b, unsigned\ int\ n);" .HP 24 -\fBvoid\ \fBlwres_buffer_clear\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB);\fR +.BI "void lwres_buffer_clear(lwres_buffer_t\ *b);" .HP 24 -\fBvoid\ \fBlwres_buffer_first\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB);\fR +.BI "void lwres_buffer_first(lwres_buffer_t\ *b);" .HP 26 -\fBvoid\ \fBlwres_buffer_forward\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBunsigned\ int\ n\fR\fB);\fR +.BI "void lwres_buffer_forward(lwres_buffer_t\ *b, unsigned\ int\ n);" .HP 23 -\fBvoid\ \fBlwres_buffer_back\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBunsigned\ int\ n\fR\fB);\fR +.BI "void lwres_buffer_back(lwres_buffer_t\ *b, unsigned\ int\ n);" .HP 36 -\fBlwres_uint8_t\ \fBlwres_buffer_getuint8\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB);\fR +.BI "lwres_uint8_t lwres_buffer_getuint8(lwres_buffer_t\ *b);" .HP 27 -\fBvoid\ \fBlwres_buffer_putuint8\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_uint8_t\ val\fR\fB);\fR +.BI "void lwres_buffer_putuint8(lwres_buffer_t\ *b, lwres_uint8_t\ val);" .HP 38 -\fBlwres_uint16_t\ \fBlwres_buffer_getuint16\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB);\fR +.BI "lwres_uint16_t lwres_buffer_getuint16(lwres_buffer_t\ *b);" .HP 28 -\fBvoid\ \fBlwres_buffer_putuint16\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_uint16_t\ val\fR\fB);\fR +.BI "void lwres_buffer_putuint16(lwres_buffer_t\ *b, lwres_uint16_t\ val);" .HP 38 -\fBlwres_uint32_t\ \fBlwres_buffer_getuint32\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB);\fR +.BI "lwres_uint32_t lwres_buffer_getuint32(lwres_buffer_t\ *b);" .HP 28 -\fBvoid\ \fBlwres_buffer_putuint32\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_uint32_t\ val\fR\fB);\fR +.BI "void lwres_buffer_putuint32(lwres_buffer_t\ *b, lwres_uint32_t\ val);" .HP 25 -\fBvoid\ \fBlwres_buffer_putmem\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBconst\ unsigned\ char\ *base\fR\fB, \fR\fBunsigned\ int\ length\fR\fB);\fR +.BI "void lwres_buffer_putmem(lwres_buffer_t\ *b, const\ unsigned\ char\ *base, unsigned\ int\ length);" .HP 25 -\fBvoid\ \fBlwres_buffer_getmem\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBunsigned\ char\ *base\fR\fB, \fR\fBunsigned\ int\ length\fR\fB);\fR +.BI "void lwres_buffer_getmem(lwres_buffer_t\ *b, unsigned\ char\ *base, unsigned\ int\ length);" .SH "DESCRIPTION" .PP These functions provide bounds checked access to a region of memory where data is being read or written. They are based on, and similar to, the @@ -89,6 +92,8 @@ The \fIactive region\fR is an (optional) subregion of the remaining region. It extends from the current offset to an offset in the remaining region. Initially, the active region is empty. If the current offset advances beyond the chosen offset, the active region will also be empty. .PP +.sp +.RS 3n .nf /\-\-\-\-\-\-\-\-\-\-\-\-entire length\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\\\\ /\-\-\-\-\- used region \-\-\-\-\-\\\\/\-\- available \-\-\\\\ @@ -107,11 +112,13 @@ is an (optional) subregion of the remaining region. It extends from the current b\-d == remaining region. b\-c == optional active region. .fi +.RE .sp .PP \fBlwres_buffer_init()\fR initializes the -\fBlwres_buffer_t\fR\fI*b\fR +\fBlwres_buffer_t\fR +\fI*b\fR and assocates it with the memory region of size \fIlength\fR bytes starting at location @@ -209,3 +216,5 @@ bytes of memory from \fIb\fR to \fIbase\fR. +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_buffer.html b/contrib/bind9/lib/lwres/man/lwres_buffer.html index 5a203f1a15a..9443fbda1e4 100644 --- a/contrib/bind9/lib/lwres/man/lwres_buffer.html +++ b/contrib/bind9/lib/lwres/man/lwres_buffer.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_buffer - +

    -
    +

    Name

    lwres_buffer_init, lwres_buffer_invalidate, lwres_buffer_add, lwres_buffer_subtract, lwres_buffer_clear, lwres_buffer_first, lwres_buffer_forward, lwres_buffer_back, lwres_buffer_getuint8, lwres_buffer_putuint8, lwres_buffer_getuint16, lwres_buffer_putuint16, lwres_buffer_getuint32, lwres_buffer_putuint32, lwres_buffer_putmem, lwres_buffer_getmem — lightweight resolver buffer management

    @@ -49,18 +49,31 @@ void
    + + + + +
    Chapter 7. BIND 9 Security Considerations
    Chapter 7. BIND 9 Security Considerations
    Prev 
    Chapter 6. BIND 9 Configuration Reference Chapter 6. BIND 9 Configuration Reference  Home  Chapter 8. Troubleshooting
    Chapter 7. BIND 9 Security Considerations Chapter 7. BIND 9 Security Considerations  Home  Appendix A. Appendices
       ,
       );
    - +
    + -
    void lwres_buffer_invalidate(   );
    + + +  +  + +); + + + + + + + @@ -87,26 +105,47 @@ void + + + + +
    @@ -72,6 +85,11 @@ void
       ,
       );
       ,
       );
    - +
    + -
    void lwres_buffer_clear(   );
    - + + + + + + +
       +);
    + + -
    void lwres_buffer_first(   );
    + + +  +  + +); + + + + + + + @@ -133,18 +177,31 @@ void + + + + +
    @@ -118,6 +157,11 @@ void
       ,
       );
       ,
       );
    - +
    + -
    lwres_uint8_t lwres_buffer_getuint8(   );
    + + +  +  + +); + + + + + + +
    @@ -156,18 +213,31 @@ void
       ,
       );
    - +
    + -
    lwres_uint16_t lwres_buffer_getuint16(   );
    + + +  +  + +); + + + + + + +
    @@ -179,18 +249,31 @@ void
       ,
       );
    - +
    + -
    lwres_uint32_t lwres_buffer_getuint32(   );
    + + +  +  + +); + + + + + + + @@ -222,6 +310,11 @@ void + + + + + @@ -242,6 +335,11 @@ void + + + + + @@ -249,7 +347,7 @@ void
    -

    DESCRIPTION

    +

    DESCRIPTION

    These functions provide bounds checked access to a region of memory where data is being read or written. diff --git a/contrib/bind9/lib/lwres/man/lwres_config.3 b/contrib/bind9/lib/lwres/man/lwres_config.3 index 94302837518..0a239235144 100644 --- a/contrib/bind9/lib/lwres/man/lwres_config.3 +++ b/contrib/bind9/lib/lwres/man/lwres_config.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_config.3,v 1.12.2.1.8.5 2005/10/13 02:33:58 marka Exp $ +.\" $Id: lwres_config.3,v 1.12.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_config +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_CONFIG" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,15 +36,15 @@ lwres_conf_init, lwres_conf_clear, lwres_conf_parse, lwres_conf_print, lwres_con #include .fi .HP 21 -\fBvoid\ \fBlwres_conf_init\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB);\fR +.BI "void lwres_conf_init(lwres_context_t\ *ctx);" .HP 22 -\fBvoid\ \fBlwres_conf_clear\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB);\fR +.BI "void lwres_conf_clear(lwres_context_t\ *ctx);" .HP 32 -\fBlwres_result_t\ \fBlwres_conf_parse\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBconst\ char\ *filename\fR\fB);\fR +.BI "lwres_result_t lwres_conf_parse(lwres_context_t\ *ctx, const\ char\ *filename);" .HP 32 -\fBlwres_result_t\ \fBlwres_conf_print\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBFILE\ *fp\fR\fB);\fR +.BI "lwres_result_t lwres_conf_print(lwres_context_t\ *ctx, FILE\ *fp);" .HP 30 -\fBlwres_conf_t\ *\ \fBlwres_conf_get\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB);\fR +.BI "lwres_conf_t * lwres_conf_get(lwres_context_t\ *ctx);" .SH "DESCRIPTION" .PP \fBlwres_conf_init()\fR @@ -70,7 +73,8 @@ prints the structure for resolver context \fIctx\fR to the -\fBFILE\fR\fIfp\fR. +\fBFILE\fR +\fIfp\fR. .SH "RETURN VALUES" .PP \fBlwres_conf_parse()\fR @@ -95,3 +99,5 @@ unless an error occurred when converting the network addresses to a numeric host .SH "FILES" .PP \fI/etc/resolv.conf\fR +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_config.html b/contrib/bind9/lib/lwres/man/lwres_config.html index 7ea416b62b6..339a4878433 100644 --- a/contrib/bind9/lib/lwres/man/lwres_config.html +++ b/contrib/bind9/lib/lwres/man/lwres_config.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_config - +

    -
    +

    Name

    lwres_conf_init, lwres_conf_clear, lwres_conf_parse, lwres_conf_print, lwres_conf_get — lightweight resolver configuration

    @@ -31,22 +31,38 @@

    Synopsis

    #include <lwres/lwres.h>
    -
    @@ -202,6 +285,11 @@ void
       ,
       );
       ,
       );
       ,
       );
    +
    + -
    void lwres_conf_init(   );
    - + + + + + + +
       +);
    + + -
    void lwres_conf_clear(   );
    + + +  +  + +); + + + + + + + @@ -73,22 +94,35 @@ lwres_result_t + + + + +
    @@ -58,6 +74,11 @@ lwres_result_t
       ,
       );
       ,
       );
    - +
    + -
    lwres_conf_t * lwres_conf_get(   );
    + + +  +  + +); + +
    -

    DESCRIPTION

    +

    DESCRIPTION

    lwres_conf_init() creates an empty @@ -125,7 +159,7 @@ to the

    -

    RETURN VALUES

    +

    RETURN VALUES

    lwres_conf_parse() returns @@ -150,14 +184,14 @@ If this happens, the function returns

    -

    SEE ALSO

    +

    SEE ALSO

    stdio(3), resolver(5).

    -

    FILES

    +

    FILES

    /etc/resolv.conf

    diff --git a/contrib/bind9/lib/lwres/man/lwres_context.3 b/contrib/bind9/lib/lwres/man/lwres_context.3 index be8cd387089..ba68e408cce 100644 --- a/contrib/bind9/lib/lwres/man/lwres_context.3 +++ b/contrib/bind9/lib/lwres/man/lwres_context.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_context.3,v 1.13.2.2.2.6 2005/10/13 02:33:52 marka Exp $ +.\" $Id: lwres_context.3,v 1.13.2.2.2.7 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_context +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_CONTEXT" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,19 +36,19 @@ lwres_context_create, lwres_context_destroy, lwres_context_nextserial, lwres_con #include .fi .HP 36 -\fBlwres_result_t\ \fBlwres_context_create\fR\fR\fB(\fR\fBlwres_context_t\ **contextp\fR\fB, \fR\fBvoid\ *arg\fR\fB, \fR\fBlwres_malloc_t\ malloc_function\fR\fB, \fR\fBlwres_free_t\ free_function\fR\fB);\fR +.BI "lwres_result_t lwres_context_create(lwres_context_t\ **contextp, void\ *arg, lwres_malloc_t\ malloc_function, lwres_free_t\ free_function);" .HP 37 -\fBlwres_result_t\ \fBlwres_context_destroy\fR\fR\fB(\fR\fBlwres_context_t\ **contextp\fR\fB);\fR +.BI "lwres_result_t lwres_context_destroy(lwres_context_t\ **contextp);" .HP 30 -\fBvoid\ \fBlwres_context_initserial\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_uint32_t\ serial\fR\fB);\fR +.BI "void lwres_context_initserial(lwres_context_t\ *ctx, lwres_uint32_t\ serial);" .HP 40 -\fBlwres_uint32_t\ \fBlwres_context_nextserial\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB);\fR +.BI "lwres_uint32_t lwres_context_nextserial(lwres_context_t\ *ctx);" .HP 27 -\fBvoid\ \fBlwres_context_freemem\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBvoid\ *mem\fR\fB, \fR\fBsize_t\ len\fR\fB);\fR +.BI "void lwres_context_freemem(lwres_context_t\ *ctx, void\ *mem, size_t\ len);" .HP 28 -\fBvoid\ \fBlwres_context_allocmem\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBsize_t\ len\fR\fB);\fR +.BI "void lwres_context_allocmem(lwres_context_t\ *ctx, size_t\ len);" .HP 30 -\fBvoid\ *\ \fBlwres_context_sendrecv\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBvoid\ *sendbase\fR\fB, \fR\fBint\ sendlen\fR\fB, \fR\fBvoid\ *recvbase\fR\fB, \fR\fBint\ recvlen\fR\fB, \fR\fBint\ *recvd_len\fR\fB);\fR +.BI "void * lwres_context_sendrecv(lwres_context_t\ *ctx, void\ *sendbase, int\ sendlen, void\ *recvbase, int\ recvlen, int\ *recvd_len);" .SH "DESCRIPTION" .PP \fBlwres_context_create()\fR @@ -159,3 +162,5 @@ times out waiting for a response. \fBlwres_conf_init\fR(3), \fBmalloc\fR(3), \fBfree\fR(3 ). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_context.html b/contrib/bind9/lib/lwres/man/lwres_context.html index 8988c5dc102..6f7fbecec2b 100644 --- a/contrib/bind9/lib/lwres/man/lwres_context.html +++ b/contrib/bind9/lib/lwres/man/lwres_context.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_context - +
    -
    +

    Name

    lwres_context_create, lwres_context_destroy, lwres_context_nextserial, lwres_context_initserial, lwres_context_freemem, lwres_context_allocmem, lwres_context_sendrecv — lightweight resolver context management

    @@ -52,18 +52,31 @@ lwres_result_t     +, + + +  +  ); - +
    + -
    lwres_result_t lwres_context_destroy(   );
    + + +  +  + +); + + + + + + +
    @@ -75,18 +88,31 @@ void
       ,
       );
    - +
    + -
    lwres_uint32_t lwres_context_nextserial(   );
    + + +  +  + +); + + + + + + + @@ -118,6 +149,11 @@ void + + + + + @@ -153,6 +189,11 @@ void * + + + + + @@ -160,7 +201,7 @@ void *
    -

    DESCRIPTION

    +

    DESCRIPTION

    lwres_context_create() creates a @@ -290,7 +331,7 @@ returned in

    -

    RETURN VALUES

    +

    RETURN VALUES

    lwres_context_create() returns @@ -321,7 +362,7 @@ times out waiting for a response.

    -

    SEE ALSO

    +

    SEE ALSO

    lwres_conf_init(3), diff --git a/contrib/bind9/lib/lwres/man/lwres_gabn.3 b/contrib/bind9/lib/lwres/man/lwres_gabn.3 index 60a56fe46b3..593ebc5cb3c 100644 --- a/contrib/bind9/lib/lwres/man/lwres_gabn.3 +++ b/contrib/bind9/lib/lwres/man/lwres_gabn.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_gabn.3,v 1.13.2.1.8.5 2005/10/13 02:33:52 marka Exp $ +.\" $Id: lwres_gabn.3,v 1.13.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_gabn +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_GABN" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,17 +36,17 @@ lwres_gabnrequest_render, lwres_gabnresponse_render, lwres_gabnrequest_parse, lw #include .fi .HP 40 -\fBlwres_result_t\ \fBlwres_gabnrequest_render\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_gabnrequest_t\ *req\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB);\fR +.BI "lwres_result_t lwres_gabnrequest_render(lwres_context_t\ *ctx, lwres_gabnrequest_t\ *req, lwres_lwpacket_t\ *pkt, lwres_buffer_t\ *b);" .HP 41 -\fBlwres_result_t\ \fBlwres_gabnresponse_render\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_gabnresponse_t\ *req\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB);\fR +.BI "lwres_result_t lwres_gabnresponse_render(lwres_context_t\ *ctx, lwres_gabnresponse_t\ *req, lwres_lwpacket_t\ *pkt, lwres_buffer_t\ *b);" .HP 39 -\fBlwres_result_t\ \fBlwres_gabnrequest_parse\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_gabnrequest_t\ **structp\fR\fB);\fR +.BI "lwres_result_t lwres_gabnrequest_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_gabnrequest_t\ **structp);" .HP 40 -\fBlwres_result_t\ \fBlwres_gabnresponse_parse\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_gabnresponse_t\ **structp\fR\fB);\fR +.BI "lwres_result_t lwres_gabnresponse_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_gabnresponse_t\ **structp);" .HP 29 -\fBvoid\ \fBlwres_gabnresponse_free\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_gabnresponse_t\ **structp\fR\fB);\fR +.BI "void lwres_gabnresponse_free(lwres_context_t\ *ctx, lwres_gabnresponse_t\ **structp);" .HP 28 -\fBvoid\ \fBlwres_gabnrequest_free\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_gabnrequest_t\ **structp\fR\fB);\fR +.BI "void lwres_gabnrequest_free(lwres_context_t\ *ctx, lwres_gabnrequest_t\ **structp);" .SH "DESCRIPTION" .PP These are low\-level routines for creating and parsing lightweight resolver name\-to\-address lookup request and response messages. @@ -57,6 +60,7 @@ There are four main functions for the getaddrbyname opcode. One render function These structures are defined in \fI\fR. They are shown below. .sp +.RS 3n .nf #define LWRES_OPCODE_GETADDRSBYNAME 0x00010001U typedef struct lwres_addr lwres_addr_t; @@ -80,6 +84,7 @@ typedef struct { size_t baselen; } lwres_gabnresponse_t; .fi +.RE .sp .PP \fBlwres_gabnrequest_render()\fR @@ -133,7 +138,8 @@ structures referenced via .PP The getaddrbyname opcode functions \fBlwres_gabnrequest_render()\fR, -\fBlwres_gabnresponse_render()\fR\fBlwres_gabnrequest_parse()\fR +\fBlwres_gabnresponse_render()\fR +\fBlwres_gabnrequest_parse()\fR and \fBlwres_gabnresponse_parse()\fR all return @@ -164,3 +170,5 @@ indicate that the packet is not a response to an earlier query. .SH "SEE ALSO" .PP \fBlwres_packet\fR(3 ) +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_gabn.html b/contrib/bind9/lib/lwres/man/lwres_gabn.html index 771394508a2..fce25c51703 100644 --- a/contrib/bind9/lib/lwres/man/lwres_gabn.html +++ b/contrib/bind9/lib/lwres/man/lwres_gabn.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_gabn - +

    -
    +

    Name

    lwres_gabnrequest_render, lwres_gabnresponse_render, lwres_gabnrequest_parse, lwres_gabnresponse_parse, lwres_gabnresponse_free, lwres_gabnrequest_free — lightweight resolver getaddrbyname message handling

    @@ -52,6 +52,11 @@ lwres_result_t
    + + + + + @@ -77,6 +82,11 @@ lwres_result_t + + + + + @@ -102,6 +112,11 @@ lwres_result_t + + + + + @@ -127,6 +142,11 @@ lwres_result_t + + + + + @@ -142,6 +162,11 @@ void + + + + + @@ -157,6 +182,11 @@ void + + + + + @@ -164,7 +194,7 @@ void
    -

    DESCRIPTION

    +

    DESCRIPTION

    These are low-level routines for creating and parsing lightweight resolver name-to-address lookup request and @@ -279,7 +309,7 @@ structures is also discarded.

    -

    RETURN VALUES

    +

    RETURN VALUES

    The getaddrbyname opcode functions lwres_gabnrequest_render(), @@ -317,7 +347,7 @@ indicate that the packet is not a response to an earlier query.

    -

    SEE ALSO

    +

    SEE ALSO

    lwres_packet(3 ) diff --git a/contrib/bind9/lib/lwres/man/lwres_gai_strerror.3 b/contrib/bind9/lib/lwres/man/lwres_gai_strerror.3 index 388c59e0f1e..e6efcd09a81 100644 --- a/contrib/bind9/lib/lwres/man/lwres_gai_strerror.3 +++ b/contrib/bind9/lib/lwres/man/lwres_gai_strerror.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_gai_strerror.3,v 1.13.2.1.8.5 2005/10/13 02:33:52 marka Exp $ +.\" $Id: lwres_gai_strerror.3,v 1.13.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_gai_strerror +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_GAI_STRERROR" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,48 +36,48 @@ gai_strerror \- print suitable error string #include .fi .HP 20 -\fBchar\ *\ \fBgai_strerror\fR\fR\fB(\fR\fBint\ ecode\fR\fB);\fR +.BI "char * gai_strerror(int\ ecode);" .SH "DESCRIPTION" .PP \fBlwres_gai_strerror()\fR returns an error message corresponding to an error code returned by \fBgetaddrinfo()\fR. The following error codes and their meaning are defined in \fIinclude/lwres/netdb.h\fR. -.TP +.TP 3n \fBEAI_ADDRFAMILY\fR address family for hostname not supported -.TP +.TP 3n \fBEAI_AGAIN\fR temporary failure in name resolution -.TP +.TP 3n \fBEAI_BADFLAGS\fR invalid value for \fBai_flags\fR -.TP +.TP 3n \fBEAI_FAIL\fR non\-recoverable failure in name resolution -.TP +.TP 3n \fBEAI_FAMILY\fR \fBai_family\fR not supported -.TP +.TP 3n \fBEAI_MEMORY\fR memory allocation failure -.TP +.TP 3n \fBEAI_NODATA\fR no address associated with hostname -.TP +.TP 3n \fBEAI_NONAME\fR hostname or servname not provided, or not known -.TP +.TP 3n \fBEAI_SERVICE\fR servname not supported for \fBai_socktype\fR -.TP +.TP 3n \fBEAI_SOCKTYPE\fR \fBai_socktype\fR not supported -.TP +.TP 3n \fBEAI_SYSTEM\fR system error returned in errno The message @@ -97,3 +100,5 @@ used by \fBlwres_getaddrinfo\fR(3), \fBgetaddrinfo\fR(3), \fBRFC2133\fR(). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_gai_strerror.html b/contrib/bind9/lib/lwres/man/lwres_gai_strerror.html index 5506564197e..4b244e3c8c0 100644 --- a/contrib/bind9/lib/lwres/man/lwres_gai_strerror.html +++ b/contrib/bind9/lib/lwres/man/lwres_gai_strerror.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_gai_strerror - +

    -
    +

    Name

    gai_strerror — print suitable error string

    @@ -37,7 +37,7 @@ char *
    -

    DESCRIPTION

    +

    DESCRIPTION

    lwres_gai_strerror() returns an error message corresponding to an error code returned by @@ -109,7 +109,7 @@ used by

    -

    SEE ALSO

    +

    SEE ALSO

    strerror(3), diff --git a/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3 b/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3 index df1390a95eb..fe52cd52cf2 100644 --- a/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3 +++ b/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_getaddrinfo.3,v 1.16.2.1.8.6 2005/10/13 02:33:53 marka Exp $ +.\" $Id: lwres_getaddrinfo.3,v 1.16.2.1.8.7 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_getaddrinfo +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_GETADDRINFO" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,13 +36,14 @@ lwres_getaddrinfo, lwres_freeaddrinfo \- socket address structure to host and se #include .fi .HP 22 -\fBint\ \fBlwres_getaddrinfo\fR\fR\fB(\fR\fBconst\ char\ *hostname\fR\fB, \fR\fBconst\ char\ *servname\fR\fB, \fR\fBconst\ struct\ addrinfo\ *hints\fR\fB, \fR\fBstruct\ addrinfo\ **res\fR\fB);\fR +.BI "int lwres_getaddrinfo(const\ char\ *hostname, const\ char\ *servname, const\ struct\ addrinfo\ *hints, struct\ addrinfo\ **res);" .HP 24 -\fBvoid\ \fBlwres_freeaddrinfo\fR\fR\fB(\fR\fBstruct\ addrinfo\ *ai\fR\fB);\fR +.BI "void lwres_freeaddrinfo(struct\ addrinfo\ *ai);" .PP If the operating system does not provide a \fBstruct addrinfo\fR, the following structure is used: .sp +.RS 3n .nf struct addrinfo { int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ @@ -52,6 +56,7 @@ struct addrinfo { struct addrinfo *ai_next; /* next structure in linked list */ }; .fi +.RE .sp .SH "DESCRIPTION" .PP @@ -77,13 +82,13 @@ is either a decimal port number or a service name as listed in is an optional pointer to a \fBstruct addrinfo\fR. This structure can be used to provide hints concerning the type of socket that the caller supports or wishes to use. The caller can supply the following structure elements in \fI*hints\fR: -.TP +.TP 3n \fBai_family\fR The protocol family that should be used. When \fBai_family\fR is set to \fBPF_UNSPEC\fR, it means the caller will accept any protocol family supported by the operating system. -.TP +.TP 3n \fBai_socktype\fR denotes the type of socket \(em \fBSOCK_STREAM\fR, @@ -93,12 +98,12 @@ or \(em that is wanted. When \fBai_socktype\fR is zero the caller will accept any socket type. -.TP +.TP 3n \fBai_protocol\fR indicates which transport protocol is wanted: IPPROTO_UDP or IPPROTO_TCP. If \fBai_protocol\fR is zero the caller will accept any protocol. -.TP +.TP 3n \fBai_flags\fR Flag bits. If the \fBAI_CANONNAME\fR @@ -209,7 +214,8 @@ if an error occurs. If both and \fIservname\fR are -\fBNULL\fR\fBlwres_getaddrinfo()\fR +\fBNULL\fR +\fBlwres_getaddrinfo()\fR returns \fBEAI_NONAME\fR. .SH "SEE ALSO" @@ -225,3 +231,5 @@ returns \fBsendto\fR(2), \fBsendmsg\fR(2), \fBsocket\fR(2). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html b/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html index bc84e74f5c3..375c319c9c6 100644 --- a/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html +++ b/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_getaddrinfo - +

    -
    +

    Name

    lwres_getaddrinfo, lwres_freeaddrinfo — socket address structure to host and service name

    @@ -52,18 +52,31 @@ int
    + + + + +
    @@ -103,6 +129,11 @@ void
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
    - +
    + -
    void lwres_freeaddrinfo(   );
    + + +  +  + +); + +

    If the operating system does not provide a @@ -87,7 +100,7 @@ struct addrinfo {

    -

    DESCRIPTION

    +

    DESCRIPTION

    lwres_getaddrinfo() is used to get a list of IP addresses and port numbers for host @@ -284,7 +297,7 @@ created by a call to

    -

    RETURN VALUES

    +

    RETURN VALUES

    lwres_getaddrinfo() returns zero on success or one of the error codes listed in @@ -304,7 +317,7 @@ returns

    -

    SEE ALSO

    +

    SEE ALSO

    lwres(3), diff --git a/contrib/bind9/lib/lwres/man/lwres_gethostent.3 b/contrib/bind9/lib/lwres/man/lwres_gethostent.3 index 99dc5338e58..6fe933d753b 100644 --- a/contrib/bind9/lib/lwres/man/lwres_gethostent.3 +++ b/contrib/bind9/lib/lwres/man/lwres_gethostent.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_gethostent.3,v 1.16.2.1.8.5 2005/10/13 02:33:53 marka Exp $ +.\" $Id: lwres_gethostent.3,v 1.16.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_gethostent +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_GETHOSTENT" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,27 +36,27 @@ lwres_gethostbyname, lwres_gethostbyname2, lwres_gethostbyaddr, lwres_gethostent #include .fi .HP 37 -\fBstruct\ hostent\ *\ \fBlwres_gethostbyname\fR\fR\fB(\fR\fBconst\ char\ *name\fR\fB);\fR +.BI "struct hostent * lwres_gethostbyname(const\ char\ *name);" .HP 38 -\fBstruct\ hostent\ *\ \fBlwres_gethostbyname2\fR\fR\fB(\fR\fBconst\ char\ *name\fR\fB, \fR\fBint\ af\fR\fB);\fR +.BI "struct hostent * lwres_gethostbyname2(const\ char\ *name, int\ af);" .HP 37 -\fBstruct\ hostent\ *\ \fBlwres_gethostbyaddr\fR\fR\fB(\fR\fBconst\ char\ *addr\fR\fB, \fR\fBint\ len\fR\fB, \fR\fBint\ type\fR\fB);\fR +.BI "struct hostent * lwres_gethostbyaddr(const\ char\ *addr, int\ len, int\ type);" .HP 34 -\fBstruct\ hostent\ *\ \fBlwres_gethostent\fR\fR\fB(\fR\fBvoid\fR\fB);\fR +.BI "struct hostent * lwres_gethostent(void);" .HP 22 -\fBvoid\ \fBlwres_sethostent\fR\fR\fB(\fR\fBint\ stayopen\fR\fB);\fR +.BI "void lwres_sethostent(int\ stayopen);" .HP 22 -\fBvoid\ \fBlwres_endhostent\fR\fR\fB(\fR\fBvoid\fR\fB);\fR +.BI "void lwres_endhostent(void);" .HP 39 -\fBstruct\ hostent\ *\ \fBlwres_gethostbyname_r\fR\fR\fB(\fR\fBconst\ char\ *name\fR\fB, \fR\fBstruct\ hostent\ *resbuf\fR\fB, \fR\fBchar\ *buf\fR\fB, \fR\fBint\ buflen\fR\fB, \fR\fBint\ *error\fR\fB);\fR +.BI "struct hostent * lwres_gethostbyname_r(const\ char\ *name, struct\ hostent\ *resbuf, char\ *buf, int\ buflen, int\ *error);" .HP 39 -\fBstruct\ hostent\ *\ \fBlwres_gethostbyaddr_r\fR\fR\fB(\fR\fBconst\ char\ *addr\fR\fB, \fR\fBint\ len\fR\fB, \fR\fBint\ type\fR\fB, \fR\fBstruct\ hostent\ *resbuf\fR\fB, \fR\fBchar\ *buf\fR\fB, \fR\fBint\ buflen\fR\fB, \fR\fBint\ *error\fR\fB);\fR +.BI "struct hostent * lwres_gethostbyaddr_r(const\ char\ *addr, int\ len, int\ type, struct\ hostent\ *resbuf, char\ *buf, int\ buflen, int\ *error);" .HP 36 -\fBstruct\ hostent\ *\ \fBlwres_gethostent_r\fR\fR\fB(\fR\fBstruct\ hostent\ *resbuf\fR\fB, \fR\fBchar\ *buf\fR\fB, \fR\fBint\ buflen\fR\fB, \fR\fBint\ *error\fR\fB);\fR +.BI "struct hostent * lwres_gethostent_r(struct\ hostent\ *resbuf, char\ *buf, int\ buflen, int\ *error);" .HP 24 -\fBvoid\ \fBlwres_sethostent_r\fR\fR\fB(\fR\fBint\ stayopen\fR\fB);\fR +.BI "void lwres_sethostent_r(int\ stayopen);" .HP 24 -\fBvoid\ \fBlwres_endhostent_r\fR\fR\fB(\fR\fBvoid\fR\fB);\fR +.BI "void lwres_endhostent_r(void);" .SH "DESCRIPTION" .PP These functions provide hostname\-to\-address and address\-to\-hostname lookups by means of the lightweight resolver. They are similar to the standard @@ -63,6 +66,7 @@ functions provided by most operating systems. They use a which is usually defined in \fI\fR. .sp +.RS 3n .nf struct hostent { char *h_name; /* official name of host */ @@ -73,25 +77,26 @@ struct hostent { }; #define h_addr h_addr_list[0] /* address, for backward compatibility */ .fi +.RE .sp .PP The members of this structure are: -.TP +.TP 3n \fBh_name\fR The official (canonical) name of the host. -.TP +.TP 3n \fBh_aliases\fR A NULL\-terminated array of alternate names (nicknames) for the host. -.TP +.TP 3n \fBh_addrtype\fR The type of address being returned \(em \fBPF_INET\fR or \fBPF_INET6\fR. -.TP +.TP 3n \fBh_length\fR The length of the address in bytes. -.TP +.TP 3n \fBh_addr_list\fR A \fBNULL\fR @@ -217,16 +222,16 @@ return NULL to indicate an error. In this case the global variable \fBlwres_h_errno\fR will contain one of the following error codes defined in \fI\fR: -.TP +.TP 3n \fBHOST_NOT_FOUND\fR The host or address was not found. -.TP +.TP 3n \fBTRY_AGAIN\fR A recoverable error occurred, e.g., a timeout. Retrying the lookup may succeed. -.TP +.TP 3n \fBNO_RECOVERY\fR A non\-recoverable error occurred. -.TP +.TP 3n \fBNO_DATA\fR The name exists, but has no address information associated with it (or vice versa in the case of a reverse lookup). The code NO_ADDRESS is accepted as a synonym for NO_DATA for backwards compatibility. .PP @@ -286,3 +291,5 @@ The resolver daemon does not currently support any non\-DNS name services such a \fI/etc/hosts\fR or \fBNIS\fR, consequently the above functions don't, either. +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_gethostent.html b/contrib/bind9/lib/lwres/man/lwres_gethostent.html index 263f9932362..fefc67b8863 100644 --- a/contrib/bind9/lib/lwres/man/lwres_gethostent.html +++ b/contrib/bind9/lib/lwres/man/lwres_gethostent.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_gethostent - +

    -
    +

    Name

    lwres_gethostbyname, lwres_gethostbyname2, lwres_gethostbyaddr, lwres_gethostent, lwres_sethostent, lwres_endhostent, lwres_gethostbyname_r, lwres_gethostbyaddr_r, lwres_gethostent_r, lwres_sethostent_r, lwres_endhostent_r — lightweight resolver get network host entry

    @@ -31,14 +31,22 @@

    Synopsis

    #include <lwres/netdb.h>
    - +
    + -
    struct hostent * lwres_gethostbyname(   );
    + + +  +  + +); + + + + + + + @@ -70,6 +83,11 @@ struct hostent * + + + + + @@ -109,6 +127,11 @@ struct hostent * + + + + + @@ -149,6 +172,11 @@ struct hostent * + + + + + @@ -174,6 +202,11 @@ struct hostent * + + + + + @@ -187,7 +220,7 @@ void
    -

    DESCRIPTION

    +

    DESCRIPTION

    These functions provide hostname-to-address and address-to-hostname lookups by means of the lightweight resolver. @@ -324,7 +357,7 @@ calls to lwres_gethostbyaddr_r() return

    -

    RETURN VALUES

    +

    RETURN VALUES

    The functions lwres_gethostbyname(), @@ -391,7 +424,7 @@ hostent. If buf was too small, b

    -

    SEE ALSO

    +

    SEE ALSO

    gethostent(3), @@ -402,7 +435,7 @@ hostent. If buf was too small, b

    -

    BUGS

    +

    BUGS

    lwres_gethostbyname(), lwres_gethostbyname2(), diff --git a/contrib/bind9/lib/lwres/man/lwres_getipnode.3 b/contrib/bind9/lib/lwres/man/lwres_getipnode.3 index d83758c5acf..f7ab62b581b 100644 --- a/contrib/bind9/lib/lwres/man/lwres_getipnode.3 +++ b/contrib/bind9/lib/lwres/man/lwres_getipnode.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_getipnode.3,v 1.13.2.2.4.6 2005/10/13 02:33:53 marka Exp $ +.\" $Id: lwres_getipnode.3,v 1.13.2.2.4.7 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_getipnode +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_GETIPNODE" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,11 +36,11 @@ lwres_getipnodebyname, lwres_getipnodebyaddr, lwres_freehostent \- lightweight r #include .fi .HP 39 -\fBstruct\ hostent\ *\ \fBlwres_getipnodebyname\fR\fR\fB(\fR\fBconst\ char\ *name\fR\fB, \fR\fBint\ af\fR\fB, \fR\fBint\ flags\fR\fB, \fR\fBint\ *error_num\fR\fB);\fR +.BI "struct hostent * lwres_getipnodebyname(const\ char\ *name, int\ af, int\ flags, int\ *error_num);" .HP 39 -\fBstruct\ hostent\ *\ \fBlwres_getipnodebyaddr\fR\fR\fB(\fR\fBconst\ void\ *src\fR\fB, \fR\fBsize_t\ len\fR\fB, \fR\fBint\ af\fR\fB, \fR\fBint\ *error_num\fR\fB);\fR +.BI "struct hostent * lwres_getipnodebyaddr(const\ void\ *src, size_t\ len, int\ af, int\ *error_num);" .HP 23 -\fBvoid\ \fBlwres_freehostent\fR\fR\fB(\fR\fBstruct\ hostent\ *he\fR\fB);\fR +.BI "void lwres_freehostent(struct\ hostent\ *he);" .SH "DESCRIPTION" .PP These functions perform thread safe, protocol independent nodename\-to\-address and address\-to\-nodename translation as defined in RFC2553. @@ -47,6 +50,7 @@ They use a which is defined in \fInamedb.h\fR: .sp +.RS 3n .nf struct hostent { char *h_name; /* official name of host */ @@ -57,25 +61,26 @@ struct hostent { }; #define h_addr h_addr_list[0] /* address, for backward compatibility */ .fi +.RE .sp .PP The members of this structure are: -.TP +.TP 3n \fBh_name\fR The official (canonical) name of the host. -.TP +.TP 3n \fBh_aliases\fR A NULL\-terminated array of alternate names (nicknames) for the host. -.TP +.TP 3n \fBh_addrtype\fR The type of address being returned \- usually \fBPF_INET\fR or \fBPF_INET6\fR. -.TP +.TP 3n \fBh_length\fR The length of the address in bytes. -.TP +.TP 3n \fBh_addr_list\fR A \fBNULL\fR @@ -88,20 +93,20 @@ for the hostname \fIname\fR. The \fIflags\fR parameter contains ORed flag bits to specify the types of addresses that are searched for, and the types of addresses that are returned. The flag bits are: -.TP +.TP 3n \fBAI_V4MAPPED\fR This is used with an \fIaf\fR of AF_INET6, and causes IPv4 addresses to be returned as IPv4\-mapped IPv6 addresses. -.TP +.TP 3n \fBAI_ALL\fR This is used with an \fIaf\fR of AF_INET6, and causes all known addresses (IPv6 and IPv4) to be returned. If AI_V4MAPPED is also set, the IPv4 addresses are return as mapped IPv6 addresses. -.TP +.TP 3n \fBAI_ADDRCONFIG\fR Only return an IPv6 or IPv4 address if here is an active network interface of that type. This is not currently implemented in the BIND 9 lightweight resolver, and the flag is ignored. -.TP +.TP 3n \fBAI_DEFAULT\fR This default sets the \fBAI_V4MAPPED\fR @@ -145,16 +150,16 @@ to an appropriate error code and the function returns a \fBNULL\fR pointer. The error codes and their meanings are defined in \fI\fR: -.TP +.TP 3n \fBHOST_NOT_FOUND\fR No such host is known. -.TP +.TP 3n \fBNO_ADDRESS\fR The server recognised the request and the name but no address is available. Another type of request to the name server for the domain might return an answer. -.TP +.TP 3n \fBTRY_AGAIN\fR A temporary and possibly transient error occurred, such as a failure of a server to respond. The request may succeed if retried. -.TP +.TP 3n \fBNO_RECOVERY\fR An unexpected failure occurred, and retrying the request is pointless. .PP @@ -168,3 +173,5 @@ translates these error codes to suitable error messages. \fBlwres_getaddrinfo\fR(3), \fBlwres_getnameinfo\fR(3), \fBlwres_hstrerror\fR(3). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_getipnode.html b/contrib/bind9/lib/lwres/man/lwres_getipnode.html index c5038b4f5a5..779da906738 100644 --- a/contrib/bind9/lib/lwres/man/lwres_getipnode.html +++ b/contrib/bind9/lib/lwres/man/lwres_getipnode.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_getipnode - +

    -
    +

    Name

    lwres_getipnodebyname, lwres_getipnodebyaddr, lwres_freehostent — lightweight resolver nodename / address translation API

    @@ -52,6 +52,11 @@ struct hostent *
    + + + + + @@ -77,22 +82,35 @@ struct hostent * + + + + +
    @@ -50,6 +58,11 @@ struct hostent *
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
       ,
       );
    - +
    + -
    void lwres_freehostent(   );
    + + +  +  + +); + +
    -

    DESCRIPTION

    +

    DESCRIPTION

    These functions perform thread safe, protocol independent nodename-to-address and address-to-nodename @@ -233,7 +251,7 @@ structure itself.

    -

    RETURN VALUES

    +

    RETURN VALUES

    If an error occurs, lwres_getipnodebyname() @@ -279,7 +297,7 @@ translates these error codes to suitable error messages.

    -

    SEE ALSO

    +

    SEE ALSO

    RFC2553, diff --git a/contrib/bind9/lib/lwres/man/lwres_getnameinfo.3 b/contrib/bind9/lib/lwres/man/lwres_getnameinfo.3 index 853c2b9bb94..a9af04be544 100644 --- a/contrib/bind9/lib/lwres/man/lwres_getnameinfo.3 +++ b/contrib/bind9/lib/lwres/man/lwres_getnameinfo.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_getnameinfo.3,v 1.15.2.1.8.5 2005/10/13 02:33:53 marka Exp $ +.\" $Id: lwres_getnameinfo.3,v 1.15.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_getnameinfo +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_GETNAMEINFO" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,7 +36,7 @@ lwres_getnameinfo \- lightweight resolver socket address structure to hostname a #include .fi .HP 22 -\fBint\ \fBlwres_getnameinfo\fR\fR\fB(\fR\fBconst\ struct\ sockaddr\ *sa\fR\fB, \fR\fBsize_t\ salen\fR\fB, \fR\fBchar\ *host\fR\fB, \fR\fBsize_t\ hostlen\fR\fB, \fR\fBchar\ *serv\fR\fB, \fR\fBsize_t\ servlen\fR\fB, \fR\fBint\ flags\fR\fB);\fR +.BI "int lwres_getnameinfo(const\ struct\ sockaddr\ *sa, size_t\ salen, char\ *host, size_t\ hostlen, char\ *serv, size_t\ servlen, int\ flags);" .SH "DESCRIPTION" .PP This function is equivalent to the @@ -41,7 +44,8 @@ This function is equivalent to the function defined in RFC2133. \fBlwres_getnameinfo()\fR returns the hostname for the -\fBstruct sockaddr\fR\fIsa\fR +\fBstruct sockaddr\fR +\fIsa\fR which is \fIsalen\fR bytes long. The hostname is of length @@ -64,19 +68,19 @@ bytes long. The maximum length of the service name is The \fIflags\fR argument sets the following bits: -.TP +.TP 3n \fBNI_NOFQDN\fR A fully qualified domain name is not required for local hosts. The local part of the fully qualified domain name is returned instead. -.TP +.TP 3n \fBNI_NUMERICHOST\fR Return the address in numeric form, as if calling inet_ntop(), instead of a host name. -.TP +.TP 3n \fBNI_NAMEREQD\fR A name is required. If the hostname cannot be found in the DNS and this flag is set, a non\-zero error code is returned. If the hostname is not found and the flag is not set, the address is returned in numeric form. -.TP +.TP 3n \fBNI_NUMERICSERV\fR The service name is returned as a digit string representing the port number. -.TP +.TP 3n \fBNI_DGRAM\fR Specifies that the service being looked up is a datagram service, and causes getservbyport() to be called with a second argument of "udp" instead of its default of "tcp". This is required for the few ports (512\-514) that have different services for UDP and TCP. .SH "RETURN VALUES" @@ -96,3 +100,5 @@ returns 0 on success or a non\-zero error code if an error occurs. RFC2133 fails to define what the nonzero return values of \fBgetnameinfo\fR(3) are. +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_getnameinfo.html b/contrib/bind9/lib/lwres/man/lwres_getnameinfo.html index 6e7a7b16658..31117301257 100644 --- a/contrib/bind9/lib/lwres/man/lwres_getnameinfo.html +++ b/contrib/bind9/lib/lwres/man/lwres_getnameinfo.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_getnameinfo - +

    -
    +

    Name

    lwres_getnameinfo — lightweight resolver socket address structure to hostname and service name

    @@ -67,6 +67,11 @@ int     +, + + +  +  ); @@ -74,7 +79,7 @@ int
    -

    DESCRIPTION

    +

    DESCRIPTION

    This function is equivalent to the getnameinfo(3) function defined in RFC2133. lwres_getnameinfo() returns the hostname for the struct sockaddr sa which is @@ -125,14 +130,14 @@ TCP.

    -

    RETURN VALUES

    +

    RETURN VALUES

    lwres_getnameinfo() returns 0 on success or a non-zero error code if an error occurs.

    -

    SEE ALSO

    +

    SEE ALSO

    RFC2133, getservbyport(3), @@ -143,7 +148,7 @@ returns 0 on success or a non-zero error code if an error occurs.

    -

    BUGS

    +

    BUGS

    RFC2133 fails to define what the nonzero return values of getnameinfo(3) diff --git a/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.3 b/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.3 index 6d900f864ff..1aeca283cd7 100644 --- a/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.3 +++ b/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_getrrsetbyname.3,v 1.11.2.1.8.5 2005/10/13 02:33:53 marka Exp $ +.\" $Id: lwres_getrrsetbyname.3,v 1.11.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_getrrsetbyname +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Oct 18, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_GETRRSETBYNAME" "3" "Oct 18, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,12 +36,13 @@ lwres_getrrsetbyname, lwres_freerrset \- retrieve DNS records #include .fi .HP 25 -\fBint\ \fBlwres_getrrsetbyname\fR\fR\fB(\fR\fBconst\ char\ *hostname\fR\fB, \fR\fBunsigned\ int\ rdclass\fR\fB, \fR\fBunsigned\ int\ rdtype\fR\fB, \fR\fBunsigned\ int\ flags\fR\fB, \fR\fBstruct\ rrsetinfo\ **res\fR\fB);\fR +.BI "int lwres_getrrsetbyname(const\ char\ *hostname, unsigned\ int\ rdclass, unsigned\ int\ rdtype, unsigned\ int\ flags, struct\ rrsetinfo\ **res);" .HP 21 -\fBvoid\ \fBlwres_freerrset\fR\fR\fB(\fR\fBstruct\ rrsetinfo\ *rrset\fR\fB);\fR +.BI "void lwres_freerrset(struct\ rrsetinfo\ *rrset);" .PP The following structures are used: .sp +.RS 3n .nf struct rdatainfo { unsigned int rdi_length; /* length of data */ @@ -56,6 +60,7 @@ struct rrsetinfo { struct rdatainfo *rri_sigs; /* individual signatures */ }; .fi +.RE .sp .SH "DESCRIPTION" .PP @@ -115,22 +120,24 @@ created by a call to .PP \fBlwres_getrrsetbyname()\fR returns zero on success, and one of the following error codes if an error occurred: -.TP +.TP 3n \fBERRSET_NONAME\fR the name does not exist -.TP +.TP 3n \fBERRSET_NODATA\fR the name exists, but does not have data of the desired type -.TP +.TP 3n \fBERRSET_NOMEMORY\fR memory could not be allocated -.TP +.TP 3n \fBERRSET_INVAL\fR a parameter is invalid -.TP +.TP 3n \fBERRSET_FAIL\fR other failure -.TP +.TP 3n .SH "SEE ALSO" .PP \fBlwres\fR(3). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html b/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html index f36a1d21d99..6cbed6fafe1 100644 --- a/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html +++ b/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_getrrsetbyname - +

    -
    +

    Name

    lwres_getrrsetbyname, lwres_freerrset — retrieve DNS records

    @@ -57,18 +57,31 @@ int     +, + + +  +  ); - +
    + -
    void lwres_freerrset(   );
    + + +  +  + +); + +

    The following structures are used: @@ -95,7 +108,7 @@ struct rrsetinfo {

    -

    DESCRIPTION

    +

    DESCRIPTION

    lwres_getrrsetbyname() gets a set of resource records associated with a @@ -172,7 +185,7 @@ created by a call to

    -

    RETURN VALUES

    +

    RETURN VALUES

    lwres_getrrsetbyname() returns zero on success, and one of the following error @@ -208,7 +221,7 @@ other failure

    -

    SEE ALSO

    +

    SEE ALSO

    lwres(3).

    diff --git a/contrib/bind9/lib/lwres/man/lwres_gnba.3 b/contrib/bind9/lib/lwres/man/lwres_gnba.3 index 58047ce6b5d..dc546d2ab2e 100644 --- a/contrib/bind9/lib/lwres/man/lwres_gnba.3 +++ b/contrib/bind9/lib/lwres/man/lwres_gnba.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_gnba.3,v 1.13.2.1.8.5 2005/10/13 02:33:53 marka Exp $ +.\" $Id: lwres_gnba.3,v 1.13.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_gnba +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_GNBA" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,17 +36,17 @@ lwres_gnbarequest_render, lwres_gnbaresponse_render, lwres_gnbarequest_parse, lw #include .fi .HP 40 -\fBlwres_result_t\ \fBlwres_gnbarequest_render\fR\fR\fB(\fR\fBlwres_context_t\ *\fR\fB\fIctx\fR\fR\fB, \fR\fBlwres_gnbarequest_t\ *\fR\fB\fIreq\fR\fR\fB, \fR\fBlwres_lwpacket_t\ *\fR\fB\fIpkt\fR\fR\fB, \fR\fBlwres_buffer_t\ *\fR\fB\fIb\fR\fR\fB);\fR +.BI "lwres_result_t lwres_gnbarequest_render(lwres_context_t\ *" "ctx" ", lwres_gnbarequest_t\ *" "req" ", lwres_lwpacket_t\ *" "pkt" ", lwres_buffer_t\ *" "b" ");" .HP 41 -\fBlwres_result_t\ \fBlwres_gnbaresponse_render\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_gnbaresponse_t\ *req\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB);\fR +.BI "lwres_result_t lwres_gnbaresponse_render(lwres_context_t\ *ctx, lwres_gnbaresponse_t\ *req, lwres_lwpacket_t\ *pkt, lwres_buffer_t\ *b);" .HP 39 -\fBlwres_result_t\ \fBlwres_gnbarequest_parse\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_gnbarequest_t\ **structp\fR\fB);\fR +.BI "lwres_result_t lwres_gnbarequest_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_gnbarequest_t\ **structp);" .HP 40 -\fBlwres_result_t\ \fBlwres_gnbaresponse_parse\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_gnbaresponse_t\ **structp\fR\fB);\fR +.BI "lwres_result_t lwres_gnbaresponse_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_gnbaresponse_t\ **structp);" .HP 29 -\fBvoid\ \fBlwres_gnbaresponse_free\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_gnbaresponse_t\ **structp\fR\fB);\fR +.BI "void lwres_gnbaresponse_free(lwres_context_t\ *ctx, lwres_gnbaresponse_t\ **structp);" .HP 28 -\fBvoid\ \fBlwres_gnbarequest_free\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_gnbarequest_t\ **structp\fR\fB);\fR +.BI "void lwres_gnbarequest_free(lwres_context_t\ *ctx, lwres_gnbarequest_t\ **structp);" .SH "DESCRIPTION" .PP These are low\-level routines for creating and parsing lightweight resolver address\-to\-name lookup request and response messages. @@ -57,6 +60,7 @@ to the canonical format. This is complemented by a parse function which converts These structures are defined in \fIlwres/lwres.h\fR. They are shown below. .sp +.RS 3n .nf #define LWRES_OPCODE_GETNAMEBYADDR 0x00010002U typedef struct { @@ -74,6 +78,7 @@ typedef struct { size_t baselen; } lwres_gnbaresponse_t; .fi +.RE .sp .PP \fBlwres_gnbarequest_render()\fR @@ -127,7 +132,8 @@ structures referenced via .PP The getnamebyaddr opcode functions \fBlwres_gnbarequest_render()\fR, -\fBlwres_gnbaresponse_render()\fR\fBlwres_gnbarequest_parse()\fR +\fBlwres_gnbaresponse_render()\fR +\fBlwres_gnbarequest_parse()\fR and \fBlwres_gnbaresponse_parse()\fR all return @@ -158,3 +164,5 @@ indicate that the packet is not a response to an earlier query. .SH "SEE ALSO" .PP \fBlwres_packet\fR(3). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_gnba.html b/contrib/bind9/lib/lwres/man/lwres_gnba.html index 89cf35e02c3..4d07580fd0e 100644 --- a/contrib/bind9/lib/lwres/man/lwres_gnba.html +++ b/contrib/bind9/lib/lwres/man/lwres_gnba.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_gnba - +
    -
    +

    Name

    lwres_gnbarequest_render, lwres_gnbaresponse_render, lwres_gnbarequest_parse, lwres_gnbaresponse_parse, lwres_gnbaresponse_free, lwres_gnbarequest_free — lightweight resolver getnamebyaddress message handling

    @@ -39,25 +39,31 @@ lwres_result_t lwres_gnbarequest_render ( -lwres_context_t *  +  ctx,   -lwres_gnbarequest_t *  +  + +ctx, + + +  +  req,   -lwres_lwpacket_t *  +  pkt,   -lwres_buffer_t *  +  b); @@ -84,6 +90,11 @@ lwres_result_t     +, + + +  +  ); @@ -109,6 +120,11 @@ lwres_result_t     +, + + +  +  ); @@ -134,6 +150,11 @@ lwres_result_t     +, + + +  +  ); @@ -150,6 +171,11 @@ void     +, + + +  +  ); @@ -165,6 +191,11 @@ void     +, + + +  +  ); @@ -172,7 +203,7 @@ void
    -

    DESCRIPTION

    +

    DESCRIPTION

    These are low-level routines for creating and parsing lightweight resolver address-to-name lookup request and @@ -277,7 +308,7 @@ structures is also discarded.

    -

    RETURN VALUES

    +

    RETURN VALUES

    The getnamebyaddr opcode functions lwres_gnbarequest_render(), @@ -315,7 +346,7 @@ indicate that the packet is not a response to an earlier query.

    -

    SEE ALSO

    +

    SEE ALSO

    lwres_packet(3).

    diff --git a/contrib/bind9/lib/lwres/man/lwres_hstrerror.3 b/contrib/bind9/lib/lwres/man/lwres_hstrerror.3 index a1ecf7c2071..d6fc8f5feb7 100644 --- a/contrib/bind9/lib/lwres/man/lwres_hstrerror.3 +++ b/contrib/bind9/lib/lwres/man/lwres_hstrerror.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_hstrerror.3,v 1.13.2.1.8.5 2005/10/13 02:33:53 marka Exp $ +.\" $Id: lwres_hstrerror.3,v 1.13.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_hstrerror +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_HSTRERROR" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,9 +36,9 @@ lwres_herror, lwres_hstrerror \- lightweight resolver error message generation #include .fi .HP 18 -\fBvoid\ \fBlwres_herror\fR\fR\fB(\fR\fBconst\ char\ *s\fR\fB);\fR +.BI "void lwres_herror(const\ char\ *s);" .HP 29 -\fBconst\ char\ *\ \fBlwres_hstrerror\fR\fR\fB(\fR\fBint\ err\fR\fB);\fR +.BI "const char * lwres_hstrerror(int\ err);" .SH "DESCRIPTION" .PP \fBlwres_herror()\fR @@ -51,19 +54,19 @@ for the error code stored in the global variable \fBlwres_hstrerror()\fR returns an appropriate string for the error code gievn by \fIerr\fR. The values of the error codes and messages are as follows: -.TP +.TP 3n \fBNETDB_SUCCESS\fR Resolver Error 0 (no error) -.TP +.TP 3n \fBHOST_NOT_FOUND\fR Unknown host -.TP +.TP 3n \fBTRY_AGAIN\fR Host name lookup failure -.TP +.TP 3n \fBNO_RECOVERY\fR Unknown server error -.TP +.TP 3n \fBNO_DATA\fR No address associated with name .SH "RETURN VALUES" @@ -79,3 +82,5 @@ is not a valid error code. .PP \fBherror\fR(3), \fBlwres_hstrerror\fR(3). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_hstrerror.html b/contrib/bind9/lib/lwres/man/lwres_hstrerror.html index 4204a3365bd..d2f1e4aa706 100644 --- a/contrib/bind9/lib/lwres/man/lwres_hstrerror.html +++ b/contrib/bind9/lib/lwres/man/lwres_hstrerror.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_hstrerror - +
    -
    +

    Name

    lwres_herror, lwres_hstrerror — lightweight resolver error message generation

    @@ -40,7 +40,7 @@ const char *
    -

    DESCRIPTION

    +

    DESCRIPTION

    lwres_herror() prints the string s on stderr followed by the string @@ -79,7 +79,7 @@ the error codes and messages are as follows:

    -

    RETURN VALUES

    +

    RETURN VALUES

    The string Unknown resolver error is returned by lwres_hstrerror() @@ -89,7 +89,7 @@ is not a valid error code.

    -

    SEE ALSO

    +

    SEE ALSO

    herror(3), diff --git a/contrib/bind9/lib/lwres/man/lwres_inetntop.3 b/contrib/bind9/lib/lwres/man/lwres_inetntop.3 index 782cbafd228..6395e60099a 100644 --- a/contrib/bind9/lib/lwres/man/lwres_inetntop.3 +++ b/contrib/bind9/lib/lwres/man/lwres_inetntop.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_inetntop.3,v 1.12.2.1.8.5 2005/10/13 02:33:53 marka Exp $ +.\" $Id: lwres_inetntop.3,v 1.12.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_inetntop +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_INETNTOP" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,7 +36,7 @@ lwres_net_ntop \- lightweight resolver IP address presentation #include .fi .HP 28 -\fBconst\ char\ *\ \fBlwres_net_ntop\fR\fR\fB(\fR\fBint\ af\fR\fB, \fR\fBconst\ void\ *src\fR\fB, \fR\fBchar\ *dst\fR\fB, \fR\fBsize_t\ size\fR\fB);\fR +.BI "const char * lwres_net_ntop(int\ af, const\ void\ *src, char\ *dst, size_t\ size);" .SH "DESCRIPTION" .PP \fBlwres_net_ntop()\fR @@ -67,3 +70,5 @@ is not supported. \fBRFC1884\fR(), \fBinet_ntop\fR(3), \fBerrno\fR(3). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_inetntop.html b/contrib/bind9/lib/lwres/man/lwres_inetntop.html index 3c794a53b45..ca5c0bd693a 100644 --- a/contrib/bind9/lib/lwres/man/lwres_inetntop.html +++ b/contrib/bind9/lib/lwres/man/lwres_inetntop.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_inetntop - +

    -
    +

    Name

    lwres_net_ntop — lightweight resolver IP address presentation

    @@ -52,6 +52,11 @@ const char *     +, + + +  +  ); @@ -59,7 +64,7 @@ const char *
    -

    DESCRIPTION

    +

    DESCRIPTION

    lwres_net_ntop() converts an IP address of protocol family af — IPv4 or IPv6 — @@ -75,7 +80,7 @@ ASCII representation of the address.

    -

    RETURN VALUES

    +

    RETURN VALUES

    If successful, the function returns dst: a pointer to a string containing the presentation format of the @@ -87,7 +92,7 @@ supported.

    -

    SEE ALSO

    +

    SEE ALSO

    RFC1884, inet_ntop(3), diff --git a/contrib/bind9/lib/lwres/man/lwres_noop.3 b/contrib/bind9/lib/lwres/man/lwres_noop.3 index d2eba576591..e32c2f8020f 100644 --- a/contrib/bind9/lib/lwres/man/lwres_noop.3 +++ b/contrib/bind9/lib/lwres/man/lwres_noop.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_noop.3,v 1.14.2.1.8.5 2005/10/13 02:33:54 marka Exp $ +.\" $Id: lwres_noop.3,v 1.14.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_noop +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_NOOP" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,17 +36,17 @@ lwres_nooprequest_render, lwres_noopresponse_render, lwres_nooprequest_parse, lw #include .fi .HP 40 -\fBlwres_result_t\ \fBlwres_nooprequest_render\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_nooprequest_t\ *req\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB);\fR +.BI "lwres_result_t lwres_nooprequest_render(lwres_context_t\ *ctx, lwres_nooprequest_t\ *req, lwres_lwpacket_t\ *pkt, lwres_buffer_t\ *b);" .HP 41 -\fBlwres_result_t\ \fBlwres_noopresponse_render\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_noopresponse_t\ *req\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB);\fR +.BI "lwres_result_t lwres_noopresponse_render(lwres_context_t\ *ctx, lwres_noopresponse_t\ *req, lwres_lwpacket_t\ *pkt, lwres_buffer_t\ *b);" .HP 39 -\fBlwres_result_t\ \fBlwres_nooprequest_parse\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_nooprequest_t\ **structp\fR\fB);\fR +.BI "lwres_result_t lwres_nooprequest_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_nooprequest_t\ **structp);" .HP 40 -\fBlwres_result_t\ \fBlwres_noopresponse_parse\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB, \fR\fBlwres_noopresponse_t\ **structp\fR\fB);\fR +.BI "lwres_result_t lwres_noopresponse_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_noopresponse_t\ **structp);" .HP 29 -\fBvoid\ \fBlwres_noopresponse_free\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_noopresponse_t\ **structp\fR\fB);\fR +.BI "void lwres_noopresponse_free(lwres_context_t\ *ctx, lwres_noopresponse_t\ **structp);" .HP 28 -\fBvoid\ \fBlwres_nooprequest_free\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_nooprequest_t\ **structp\fR\fB);\fR +.BI "void lwres_nooprequest_free(lwres_context_t\ *ctx, lwres_nooprequest_t\ **structp);" .SH "DESCRIPTION" .PP These are low\-level routines for creating and parsing lightweight resolver no\-op request and response messages. @@ -61,6 +64,7 @@ to the canonical format. This is complemented by a parse function which converts These structures are defined in \fIlwres/lwres.h\fR. They are shown below. .sp +.RS 3n .nf #define LWRES_OPCODE_NOOP 0x00000000U typedef struct { @@ -72,6 +76,7 @@ typedef struct { unsigned char *data; } lwres_noopresponse_t; .fi +.RE .sp Although the structures have different types, they are identical. This is because the no\-op opcode simply echos whatever data was sent: the response is therefore identical to the request. .PP @@ -126,7 +131,8 @@ structures referenced via .PP The no\-op opcode functions \fBlwres_nooprequest_render()\fR, -\fBlwres_noopresponse_render()\fR\fBlwres_nooprequest_parse()\fR +\fBlwres_noopresponse_render()\fR +\fBlwres_nooprequest_parse()\fR and \fBlwres_noopresponse_parse()\fR all return @@ -157,3 +163,5 @@ indicate that the packet is not a response to an earlier query. .SH "SEE ALSO" .PP \fBlwres_packet\fR(3 ) +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_noop.html b/contrib/bind9/lib/lwres/man/lwres_noop.html index 261bac802f6..145bcac0844 100644 --- a/contrib/bind9/lib/lwres/man/lwres_noop.html +++ b/contrib/bind9/lib/lwres/man/lwres_noop.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_noop - +

    -
    +

    Name

    lwres_nooprequest_render, lwres_noopresponse_render, lwres_nooprequest_parse, lwres_noopresponse_parse, lwres_noopresponse_free, lwres_nooprequest_free — lightweight resolver no-op message handling

    @@ -53,6 +53,11 @@ lwres_result_t     +, + + +  +  ); @@ -78,6 +83,11 @@ lwres_result_t     +, + + +  +  ); @@ -103,6 +113,11 @@ lwres_result_t     +, + + +  +  ); @@ -128,6 +143,11 @@ lwres_result_t     +, + + +  +  ); @@ -143,6 +163,11 @@ void     +, + + +  +  ); @@ -158,6 +183,11 @@ void     +, + + +  +  ); @@ -165,7 +195,7 @@ void
    -

    DESCRIPTION

    +

    DESCRIPTION

    These are low-level routines for creating and parsing lightweight resolver no-op request and response messages. @@ -246,7 +276,7 @@ structures referenced via structp.

    -

    RETURN VALUES

    +

    RETURN VALUES

    The no-op opcode functions lwres_nooprequest_render(), @@ -285,7 +315,7 @@ indicate that the packet is not a response to an earlier query.

    -

    SEE ALSO

    +

    SEE ALSO

    lwres_packet(3 ) diff --git a/contrib/bind9/lib/lwres/man/lwres_packet.3 b/contrib/bind9/lib/lwres/man/lwres_packet.3 index 777e0c76eed..35a8f10ca88 100644 --- a/contrib/bind9/lib/lwres/man/lwres_packet.3 +++ b/contrib/bind9/lib/lwres/man/lwres_packet.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_packet.3,v 1.15.2.1.8.5 2005/10/13 02:33:54 marka Exp $ +.\" $Id: lwres_packet.3,v 1.15.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_packet +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_PACKET" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,9 +36,9 @@ lwres_lwpacket_renderheader, lwres_lwpacket_parseheader \- lightweight resolver #include .fi .HP 43 -\fBlwres_result_t\ \fBlwres_lwpacket_renderheader\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB);\fR +.BI "lwres_result_t lwres_lwpacket_renderheader(lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt);" .HP 42 -\fBlwres_result_t\ \fBlwres_lwpacket_parseheader\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_lwpacket_t\ *pkt\fR\fB);\fR +.BI "lwres_result_t lwres_lwpacket_parseheader(lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt);" .SH "DESCRIPTION" .PP These functions rely on a @@ -43,6 +46,7 @@ These functions rely on a which is defined in \fIlwres/lwpacket.h\fR. .sp +.RS 3n .nf typedef struct lwres_lwpacket lwres_lwpacket_t; struct lwres_lwpacket { @@ -57,52 +61,54 @@ struct lwres_lwpacket { lwres_uint16_t authlength; }; .fi +.RE .sp .PP The elements of this structure are: -.TP +.TP 3n \fBlength\fR the overall packet length, including the entire packet header. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls. -.TP +.TP 3n \fBversion\fR the header format. There is currently only one format, \fBLWRES_LWPACKETVERSION_0\fR. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls. -.TP +.TP 3n \fBpktflags\fR library\-defined flags for this packet: for instance whether the packet is a request or a reply. Flag values can be set, but not defined by the caller. This field is filled in by the application wit the exception of the LWRES_LWPACKETFLAG_RESPONSE bit, which is set by the library in the lwres_gabn_*() and lwres_gnba_*() calls. -.TP +.TP 3n \fBserial\fR is set by the requestor and is returned in all replies. If two or more packets from the same source have the same serial number and are from the same source, they are assumed to be duplicates and the latter ones may be dropped. This field must be set by the application. -.TP +.TP 3n \fBopcode\fR indicates the operation. Opcodes between 0x00000000 and 0x03ffffff are reserved for use by the lightweight resolver library. Opcodes between 0x04000000 and 0xffffffff are application defined. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls. -.TP +.TP 3n \fBresult\fR is only valid for replies. Results between 0x04000000 and 0xffffffff are application defined. Results between 0x00000000 and 0x03ffffff are reserved for library use. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls. -.TP +.TP 3n \fBrecvlength\fR is the maximum buffer size that the receiver can handle on requests and the size of the buffer needed to satisfy a request when the buffer is too large for replies. This field is supplied by the application. -.TP +.TP 3n \fBauthtype\fR defines the packet level authentication that is used. Authorisation types between 0x1000 and 0xffff are application defined and types between 0x0000 and 0x0fff are reserved for library use. Currently these are not used and must be zero. -.TP +.TP 3n \fBauthlen\fR gives the length of the authentication data. Since packet authentication is currently not used, this must be zero. .PP The following opcodes are currently defined: -.TP +.TP 3n \fBNOOP\fR Success is always returned and the packet contents are echoed. The lwres_noop_*() functions should be used for this type. -.TP +.TP 3n \fBGETADDRSBYNAME\fR returns all known addresses for a given name. The lwres_gabn_*() functions should be used for this type. -.TP +.TP 3n \fBGETNAMEBYADDR\fR return the hostname for the given address. The lwres_gnba_*() functions should be used for this type. .PP \fBlwres_lwpacket_renderheader()\fR transfers the contents of lightweight resolver packet structure -\fBlwres_lwpacket_t\fR\fI*pkt\fR +\fBlwres_lwpacket_t\fR +\fI*pkt\fR in network byte order to the lightweight resolver buffer, \fI*b\fR. .PP @@ -127,3 +133,5 @@ and lightweight resolver packet \fI*pkt\fR both functions return \fBLWRES_R_UNEXPECTEDEND\fR. +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_packet.html b/contrib/bind9/lib/lwres/man/lwres_packet.html index b83fbcbf1b5..32bb81ee94b 100644 --- a/contrib/bind9/lib/lwres/man/lwres_packet.html +++ b/contrib/bind9/lib/lwres/man/lwres_packet.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_packet - +

    -
    +

    Name

    lwres_lwpacket_renderheader, lwres_lwpacket_parseheader — lightweight resolver packet handling functions

    @@ -42,6 +42,11 @@ lwres_result_t     +, + + +  +  ); @@ -57,6 +62,11 @@ lwres_result_t     +, + + +  +  ); @@ -64,7 +74,7 @@ lwres_result_t
    -

    DESCRIPTION

    +

    DESCRIPTION

    These functions rely on a struct lwres_lwpacket @@ -202,7 +212,7 @@ buffer *b to resolver packet

    -

    RETURN VALUES

    +

    RETURN VALUES

    Successful calls to lwres_lwpacket_renderheader() and lwres_lwpacket_parseheader() return diff --git a/contrib/bind9/lib/lwres/man/lwres_resutil.3 b/contrib/bind9/lib/lwres/man/lwres_resutil.3 index 5d4cfc050c9..907706c424e 100644 --- a/contrib/bind9/lib/lwres/man/lwres_resutil.3 +++ b/contrib/bind9/lib/lwres/man/lwres_resutil.3 @@ -13,14 +13,17 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_resutil.3,v 1.14.2.1.8.5 2005/10/13 02:33:54 marka Exp $ +.\" $Id: lwres_resutil.3,v 1.14.2.1.8.6 2006/06/29 13:02:31 marka Exp $ .\" .hy 0 .ad l -.\" ** You probably do not want to edit this file directly ** -.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). -.\" Instead of manually editing it, you probably should edit the DocBook XML -.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.\" Title: lwres_resutil +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Date: Jun 30, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" .TH "LWRES_RESUTIL" "3" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh @@ -33,13 +36,13 @@ lwres_string_parse, lwres_addr_parse, lwres_getaddrsbyname, lwres_getnamebyaddr #include .fi .HP 34 -\fBlwres_result_t\ \fBlwres_string_parse\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBchar\ **c\fR\fB, \fR\fBlwres_uint16_t\ *len\fR\fB);\fR +.BI "lwres_result_t lwres_string_parse(lwres_buffer_t\ *b, char\ **c, lwres_uint16_t\ *len);" .HP 32 -\fBlwres_result_t\ \fBlwres_addr_parse\fR\fR\fB(\fR\fBlwres_buffer_t\ *b\fR\fB, \fR\fBlwres_addr_t\ *addr\fR\fB);\fR +.BI "lwres_result_t lwres_addr_parse(lwres_buffer_t\ *b, lwres_addr_t\ *addr);" .HP 36 -\fBlwres_result_t\ \fBlwres_getaddrsbyname\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBconst\ char\ *name\fR\fB, \fR\fBlwres_uint32_t\ addrtypes\fR\fB, \fR\fBlwres_gabnresponse_t\ **structp\fR\fB);\fR +.BI "lwres_result_t lwres_getaddrsbyname(lwres_context_t\ *ctx, const\ char\ *name, lwres_uint32_t\ addrtypes, lwres_gabnresponse_t\ **structp);" .HP 35 -\fBlwres_result_t\ \fBlwres_getnamebyaddr\fR\fR\fB(\fR\fBlwres_context_t\ *ctx\fR\fB, \fR\fBlwres_uint32_t\ addrtype\fR\fB, \fR\fBlwres_uint16_t\ addrlen\fR\fB, \fR\fBconst\ unsigned\ char\ *addr\fR\fB, \fR\fBlwres_gnbaresponse_t\ **structp\fR\fB);\fR +.BI "lwres_result_t lwres_getnamebyaddr(lwres_context_t\ *ctx, lwres_uint32_t\ addrtype, lwres_uint16_t\ addrlen, const\ unsigned\ char\ *addr, lwres_gnbaresponse_t\ **structp);" .SH "DESCRIPTION" .PP \fBlwres_string_parse()\fR @@ -71,6 +74,7 @@ use the \fBlwres_gnbaresponse_t\fR structure defined below: .sp +.RS 3n .nf typedef struct { lwres_uint32_t flags; @@ -85,6 +89,7 @@ typedef struct { size_t baselen; } lwres_gabnresponse_t; .fi +.RE .sp The contents of this structure are not manipulated directly but they are controlled through the \fBlwres_gabn\fR(3 ) @@ -158,3 +163,5 @@ if the buffers used for sending queries and receiving replies are too small. .PP \fBlwres_buffer\fR(3), \fBlwres_gabn\fR(3). +.SH "COPYRIGHT" +Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind9/lib/lwres/man/lwres_resutil.html b/contrib/bind9/lib/lwres/man/lwres_resutil.html index 4cee0c7804d..a9bc1eea103 100644 --- a/contrib/bind9/lib/lwres/man/lwres_resutil.html +++ b/contrib/bind9/lib/lwres/man/lwres_resutil.html @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + lwres_resutil - +

    -
    +

    Name

    lwres_string_parse, lwres_addr_parse, lwres_getaddrsbyname, lwres_getnamebyaddr — lightweight resolver utility functions

    @@ -47,6 +47,11 @@ lwres_result_t     +, + + +  +  ); @@ -62,6 +67,11 @@ lwres_result_t     +, + + +  +  ); @@ -87,6 +97,11 @@ lwres_result_t     +, + + +  +  ); @@ -117,6 +132,11 @@ lwres_result_t     +, + + +  +  ); @@ -124,7 +144,7 @@ lwres_result_t
    -

    DESCRIPTION

    +

    DESCRIPTION

    lwres_string_parse() retrieves a DNS-encoded string starting the current pointer of lightweight resolver buffer @@ -200,7 +220,7 @@ is made available through *structp.

    -

    RETURN VALUES

    +

    RETURN VALUES

    Successful calls to lwres_string_parse() @@ -244,7 +264,7 @@ small.

    -

    SEE ALSO

    +

    SEE ALSO

    lwres_buffer(3), diff --git a/contrib/bind9/libtool.m4 b/contrib/bind9/libtool.m4 index c3b71e89326..551ffd0d83e 100644 --- a/contrib/bind9/libtool.m4 +++ b/contrib/bind9/libtool.m4 @@ -2557,7 +2557,7 @@ AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1) AC_LIBTOOL_SYS_LIB_STRIP AC_LIBTOOL_DLOPEN_SELF($1) -# Report which librarie types wil actually be built +# Report which libraries types will actually be built AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) diff --git a/contrib/bind9/ltmain.sh b/contrib/bind9/ltmain.sh index a6453bbad4a..e032aff9675 100644 --- a/contrib/bind9/ltmain.sh +++ b/contrib/bind9/ltmain.sh @@ -1488,9 +1488,17 @@ EOF ;; -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe) - case "$archive_cmds" in - *"\$LD"*) ;; - *) deplibs="$deplibs $arg";; + case $host in + *-*-freebsd*) + compile_command="$compile_command $arg" + finalize_command="$finalize_command $arg" + ;; + *) + case "$archive_cmds" in + *"\$LD"*) ;; + *) deplibs="$deplibs $arg";; + esac + ;; esac continue ;; diff --git a/contrib/bind9/make/rules.in b/contrib/bind9/make/rules.in index 6b83bce434e..39e82ce4273 100644 --- a/contrib/bind9/make/rules.in +++ b/contrib/bind9/make/rules.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2003 Internet Software Consortium. # # Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: rules.in,v 1.40.2.5.4.8 2005/10/28 01:53:44 marka Exp $ +# $Id: rules.in,v 1.40.2.5.4.10 2006/01/06 00:01:42 marka Exp $ ### ### Common Makefile rules for BIND 9. @@ -101,6 +101,12 @@ STD_CINCLUDES = @STD_CINCLUDES@ STD_CDEFINES = @STD_CDEFINES@ STD_CWARNINGS = @STD_CWARNINGS@ +BUILD_CC = @BUILD_CC@ +BUILD_CFLAGS = @BUILD_CFLAGS@ +BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ +BUILD_LDFAGS = @BUILD_LDFAGS@ +BUILD_LIBS = @BUILD_LIBS@ + .SUFFIXES: .SUFFIXES: .c .@O@ diff --git a/contrib/bind9/version b/contrib/bind9/version index a9b6ee53561..a183b00d5bf 100644 --- a/contrib/bind9/version +++ b/contrib/bind9/version @@ -1,10 +1,10 @@ -# $Id: version,v 1.26.2.17.2.21.4.2 2006/10/04 07:00:13 marka Exp $ +# $Id: version,v 1.26.2.17.2.26 2006/11/28 00:52:38 marka Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. # MAJORVER=9 MINORVER=3 -PATCHVER=2 -RELEASETYPE=-P -RELEASEVER=2 +PATCHVER=3 +RELEASETYPE= +RELEASEVER=