fail2ban-0.11.2-bp153.2.3.1<>,za'X!M@eeeMo/=Sg,jhF0awz2*71*̥X:(<[$*y>ledFrR@/<;ĥI/Zj7:_S/xSN ?R+؛:9sPROG.̺YF#`o0~S؋%uQ18 X̠ٝ}~+^uF5 TQ^k:`h;)tV.^JvE`qbs>2]aKl>FaH?a8d   [ 6<Ce H## # `# # e# fX#j#p#vBvh#z{{t|(}8} 9}:&=(\>(d?(l@(tF(|G(#H-#I1#X2Y2\2#]7#^KbN~cO'dOeOfOlOuO#vTx wV8#xZ#y_Pbz````a4Cfail2ban0.11.2bp153.2.3.1Bans IP addresses that make too many authentication failuresFail2ban scans log files like /var/log/messages and bans IP addresses that makes too many password failures. It updates firewall rules to reject the IP address, can send e-mails, or set host.deny entries. These rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones.a'Xlamb62SUSE Linux Enterprise 15openSUSEGPL-2.0-or-laterhttp://bugs.opensuse.orgProductivity/Networking/Securityhttp://www.fail2ban.org/linuxnoarch if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in fail2ban.service ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fi PNAME=fail2ban SUBPNAME= SYSC_TEMPLATE=/usr/share/fillup-templates/sysconfig.$PNAME$SUBPNAME # If template not in new /usr/share/fillup-templates, fallback to old TEMPLATE_DIR if [ ! -f $SYSC_TEMPLATE ] ; then TEMPLATE_DIR=/var/adm/fillup-templates SYSC_TEMPLATE=$TEMPLATE_DIR/sysconfig.$PNAME$SUBPNAME fi SD_NAME="" if [ -x /bin/fillup ] ; then if [ -f $SYSC_TEMPLATE ] ; then echo "Updating /etc/sysconfig/$SD_NAME$PNAME ..." mkdir -p /etc/sysconfig/$SD_NAME touch /etc/sysconfig/$SD_NAME$PNAME /bin/fillup -q /etc/sysconfig/$SD_NAME$PNAME $SYSC_TEMPLATE fi else echo "ERROR: fillup not found. This should not happen. Please compare" echo "/etc/sysconfig/$PNAME and $TEMPLATE_DIR/sysconfig.$PNAME and" echo "update by hand." fi [ -z "${TRANSACTIONAL_UPDATE}" -a -x /usr/bin/systemd-tmpfiles ] && /usr/bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/fail2ban.conf || : # The next line is not workin in Leap 42.1, so keep the old way #%tmpfiles_create %{_tmpfilesdir}/%{name}.conf if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in fail2ban.service ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable fail2ban.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop fail2ban.service ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ $1 -eq 0 ]; then # Package removal for service in fail2ban.service ; do sysv_service="${service%.*}" rm "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart fail2ban.service ) || : fi fiKu-  Y * Py% ( z1 p  b   = l+  SDTj A 3 R; -$n ;B)M8{ \ i^5: sF^kz Vv}  aG  8+Y n&/m 0%Mbn ' 3L4O 5 9,# :nr "j E-LiqT c5#*V!vO (75' o  4^"*#F*q'RvZ`'*rL 0<3.V&2*@-1 XEq0! >0%. WK` O(AA큤AA큤A큤A큤AA큤A큤A큤A큤AA큤A큤A큤Aa'Oa'O_______a'a'______________________a'_a'a'a'____________________________a'Oa'N________________________________________a'Na'__________________________________________________a'a'Oa'Oa'a'Ra'Oa'La'Pa'La'La'Ma'O_a'Na'Ma'Ma'Ma'Ma'Ma'Na'M_a'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma$@_a$@a$@_a$@a$@__a$@_a$@a$@__a$@_a'Pa'Pa'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma'Ma$@a$@a$@a$@a$@__a$@a$@a$@_a$@a$@_a$@a$@__a$@_a$@a$@a$@a$@a$@__a'R=a'Oa'P_____M% a'P_______a'O2fe7e3dec1a537a036d0875c96e127c26bb0a1c4cc276d7b5b00ad54d03285d509200f27b2bec1777db2478d6cfabd394e5334f0dc74a3a3f001ac8d2bf7b5e611c2e6da2341e6ab976d95e9c27493cf2c5d36ddbc0127e298f67f1eafcfb2c368607db1e14b71cf28d4b85d6328375ebb7d185057ad4af845c87b3232165cc0824693bbefca02ebfe3ba6e2c23cfd077672b252d6a489ea2e0148f5a2c13aba5de8168730529b4ea9f5e3c742adb8788426f267dcfb99a2f8cb29ca7e9bcd283f544d77a1d7149f909dcf6d5bb98202555991458bffffff77218bbe93bc6e58eb1dda445b452f562b18cab554b48f2573828ea8dfad75cbb91bc66bf4e2b34e8308107be2c5277a873dac9428f1be71df08f6266b735cf0e4d3c61373460a8aec5e85890ddfeaba6d6830bdd09523af585b0ef946c5b15ea1f9ef0e41463764e1cf20e173ea6cba93e7a4bf939b81858d9b24355aa5bc795480b2b1af2b7162963f7c1182b6af44f4b752ada135445eeb3d19b3572bda6b0f2c5df879c3a2d32ba73ab1b792d87454843569a1c7fec12b640ef41958c24630d024e9f400ce0eb7ec78f5c7baed6e9bb6ed82c08a11cccfdf945eb2ee8200dbcae73ec69472d4b9e2736c2224224e3b2e495468f0985c51d481f27dceb1f8df07f2c4ad62e03a08cc852bb5e3beac0e9eafd5baa3b85f1c0967494e2056abaffdbb6314044131c12fb7c385cbd332cbe92352af9a698291d137c5662a46faffa6559bf3d3671ada02ed4bd0d14bf663406e852680bbe56b5eb83ddbee479dd84c87f20a30e59b5581757cffc168ce5e1f60c37b95819ec51b7d31d4aa144603f0aaf4dff2ce9d0775ca3607b86073d6605256582184270b1395b08f49e440e981d2e1fe5076ba3683b075180b94ba87225a0cce403c91ab55574b404db5588e48e9be3e7969ba35304303a30fd26a4836ca18f159a25b8a262ee6ea789658b662124c95f6074ac7cfb457f34d43a31daf84ef379362368576b2d528ae90a22f09816e5f901d86277d594c0cb282a69bdbe535d23e3791705219e1c89a7c433d850783a14b3cae35dcc34c65be46c339243a836c4fc479567f4e0eeae0e32b8de3fdc81ca213b43be1df0b9e0773acfaed0530b3c42ec4b7e861b4044e294f376290f9ed28481d25778be13ba349052de8f0d55dff84b336a4e3827a77d46c77f91a25919369c6cc565b50480e703b0bcbb144e6d0355d7f22591d415a5a7b89f896ba2c60052b17ded1efe88de4947543955cb7878fa9951e1a77332598548ea097c2a9ed30cafbe122bb8c2015773576df50ae8e33dc5e3e72ae3ce0e3c81954ace98e38e32436ae78dabe353a674806e9c41b4706630a72c7517ca6c1a44c223b00a2078c875be202b21b8393efe4d654e34fa1357c948016e3d2d656e3c41ac33de2b8bed821f5056f46d521790480f0a918d5a0b5beccdd173b15001a565e866bceb88b4227c3f5bf078bb57db3eea4a37277502f2f50182d380f4be327d112641270292c5df16fc6185defce4335e8ae50e53b0a8b46abb48edab91fcd5c97f04c97afd3b6d8c061553f6cc13e24d1a183cfbac46528cc6d339ac18491307b4d48d701ec2b8a4ff971170f223dc281cfafeae693a75d0b5ef5e84e480a268a647f7896d6953390cc97f443669ac3110a0c7c53c5ddc6245900fdaa49589c5aec04c2f2d768558b09a2c7a9d013d770ae0d09e9323c08c3fcf260718f49611ec357662ee79c552cb2fb83e42081486f898a5a3104736547c1c8432ad32cd754c6612b4c64a63722543a7cc005f1a7c323f6d9c6d5031535de4ef4dc6d24d7542c591a8d82887e0d1878ab16dc9c3763668217082035a09590aeadcf7e38920a1e415d7060673fb531b74528cdf953b55784dc58c427a96cb2c8ceb7951cd568294410307f1b29df7a9e3dcc5665a438ffc2caf162a83dd4ffbd679b16111d9b6c6387c69f9c9f6b0f64cb248adb45461d483c94900151b0e0d50737d32acff53657f690b511457eda63da10d4879cc2840f443d0628ed55f2b122eef2ad7725746b77c2d644413111da54118da418b1f84ceeb87b5c918103040e6d44e3a293318a17c7a8482fb85891578ac882be4515cf31d48a254b1d16725f8a7003876910dd5b0f6eefea612a73683b6fa4ceb9665164263bc7af67bb4e27c6d379b8e8e7478b94cd6c59ab4a2b0c1b33b69d687ca1bef998aebbcf89408ff1335599bbd8b342f6d3acf2390127697afa44bb08b41ca9deba8d0c9c842283a753367331dbf8b3d8059688818a9e49196465f9e690ec1d255269890067b22432beb2c97f612db2dc6a113aba177f692824b1cebad0709777bca9dd544bf2b8572f5b62f118d2824dfc21214d33d31e3725d30ea5eab6f1eedda714697cc1246a275ed28b380d2ff9f86ccc35650f6b83ed8587071ad0bbe3e766aec329d17fe067b0775f374caed7701a76ac2292d516dd83f5d1a7152715c6a7385a9beabb8cb0721b16b8ee26055d41b4b76d9b88027b78d043cde5fd508e1c39d7c9d47731f362e5e7d29e9e891dc19566675dc91130c7cdd6e64784c02216f32bf18362e8e3a260b16726173462fe04d6d67030901be24e5783cc3eb4ee758eac8836c1730dc8af99c3a846213101bc34c7393d3da140c33fee5822bed085eb8bc558db657857470cb8a3be5ba5866b1f13cf21b628aacfc91ac1e2db5c6d3a1391df6fd015de5da83b5949be1061186e06360985a7a12af5a6bedabe005630f7efe46c13d6dad2b3c5aeb790771c8cf00e4fbf58ef512059031720204331de6a81f2496ae45f30367ec27eb7ccbac7f6497c1432f50cd04ca64da1a55f211aadc219a4163e91cf69940d9701234fc31e96fecb720acb9d5412b0cb45c4b3258727d1b813b02a02ea108d2e7894b4be2cf0f3d139d6ddd668c1c58b5cd43742aae2f83e0df4031b0e9aefee854d9d9548dc5e7e81283ba4de38ff19770f66cd7051143980f0e40139fcf7b63ad6aeb4059d897b87619634e8af6beb4cca1c960ed16cc109ae2989e5deaf1316bdf754437d6e66255da7c43fc089380b9aaacc605adf00278fa1cdcba3c4bd082dd6231e9923b1f4ff2d3fc06ce47d49d61c1583c5cff857b4c01285a4b12e9a50df5c8c719add9b149c04293477a741c700268fddeb1540a425ff4b96fea48c4ff41a2b46d6fbe59aafb56d68f506ad6f75bb93c5a3cb9ad1c92fff3fa74ae4f496f6bd77e781eca342af9c50922b3cb10f92fb42a406e12ac32bf87b6ef19b01879ad2eec81f0beaba255c3aac6260ae101a88967da9799c90bd342b92017d472cc75b6857332e5319c66e87efda5905ef4a2449a3269bcdbec04f0eb833dd4e62e07f3f0d00540fe495f8f5a90a3187d85bc178209e741d178cbffdaeb54ff99a00dc85b5fa4f1374449784c9c7247edac4a994d13d7462cf507d38ed549db233286cd38f8a36865a06c490202ecbf60b85201cd6c0f7166ab55b7d10b4d3bf0ad9e53669cf0a06b935f03b76055ef904717e2363d7ee0cb19c45d530b093c97bcd2e9bacd42c42a38e3597b86c642f002938dc02026e20600227350a16301e018491cee0f95962e774fa8b4a9dbed7e83510f226dd3dd48e8526fd5eb18aa95231df86058802f8076301575b68d2218d739e13fd77f5f1546aaff60321381dc90a81ff585cc3dda46831d93fcf2c4bde799ddf2374156c7e60aae982245093cd6f48aaef5e060e4d176b2e87f3d6ad8eb16acb2265d471b97146b58ee438e0c92091b56bbc4f11b185e6e2178345b92cbb779fe20067a4bf9863ca0e3c9c200c3e154f19e5f2756f177b0a66597c6f67aa4dd4a79f42b659af5b74fcddd47d6310505afa1b257e0ce7c6d3f562d48b0eb239d2a8651b160dfbe7a05c4aaed1e492d97810b59eff1cb3ee8ffd30cae0262870777270c0f0633746f8f3cad91e9dfd00717444cb17ea3281a518634ad1d485cdded1124251069ea35f4ba2142bb4921a07ed2e8fe0aefd1e2e762622b610a0b3ca3a529c5272fca55088f0c655901935c78b7b845ec16c94cf56870acd3dbf65ccd018ecba608ea1a4c1766f3aae2bd94bb6ffae9b8c0d46060d78d1268a8b3bc6e28f98c723cfd4757d61fa52dee885a41278a2987331a74e52468f10daf690ddd269fb95dcb858d8e7017171de2e781142734efcfed5ddfd090585ac6dbd09580b94718506fc4ee83eb541689c87158d9c4a8b11e4c3ac6af335a7b75fa80144a3e2919247107b4f262617470192c6ff5d368fe67f44967c49259f54b3bc48154879e0d28e34a6f276d7b81546b15b7e128da16ef8738cc4ce2f15d556ad3cd0ed726e0d5e8fe87ccc10ed0e61a0fbcf10f909da5e5ed3a32ef2d67a04882e203366e72ea8b4d8dffeda784788c887a3ca69881f1f8c89b7ab23883a46f6047e777742c295b8d16087668230e70a48cd45205acaae8e7a03bbe14d5665e62b234705d1b498a2680476352a16aa18c6abf6701131bc1867595b929e611eabb683b7f9fb23311536e362ef2446e7768d0a47fe82897584c3d3ba288be5908a91bbbc5eebd5f902ed7c3140f1c7be59ed9285c2b43abb3ed49f8c85dda6bbb8df6e73dfcef28914436b92e085d7593e050f386ec039447a398a18116b382b25a5693bf00a8e9c852fd20020c6f86f91afebe2e74b98fc7fb510f34064ec3b59725c4b812b09d3d96b494cdcf95bd1644ada338af135b37bfac1e7b2086fda61a22f1be30954a8c2b239008d145e19cb0c8345077888c2139a20d9c4ad9033971bce8bbf84bfbc611173604d3b4e9c62527062adb4bdac8ce182e00acc71720040f87bcf2e0d12898b5873998fb22fc3cb0a56652c3fe2497ff8490445a2170cdf642602bdc80faf557c45ac9f2c5be9ad2a154764d52ac5767f004abf3839d795aa15f015b8880bca9111b295fa22c256bf664462187a3bcb2856c8d903e0a98b157c111f07f45c764d48546c5754028279298fb8a6caaf1f7b942a06ca569692702e9b768afcdc27a38500be7691b3e11d164d95e2e3c2982c71a4da0ce1a0d66cc6fd5c955abb56fe29fde8a192a40e92dcd9a5abc799b55218fc07602a569603f7661ef6d09b2e036168335f0898c178fd07b63c3b9460abf3dfae4d95ff2309a87b26a53edee5f6cb785240f96dc513a05bea30f94114a6ac958b3ff257313178bf878d9c26f01b1b41e3f872c3659be5dea6b119463c621961d50d4787ddffbd7315fd1231440eb75aed0aeb11d0ad5a46b144ee4f97b447ae2f09fecc60bb70cb34bf2837966d6d94ba37a3d7d2062da7e94e896108ff0d3bc8117df87c035c487a35052d30a42c16de43e7d703f2bcd07378a36ae6c197c5c7348f18ca855d5fb4a125faafe475e721b4dd1fb38c2dcd6c40c4351a1cde47d0a5dce91f278eeebf4ee96831509f5426fd10a3efd3e59cf4036f7347e3d7f6a5b353de6a210a10893b949ef264b513eee3f1f835d08084c5b173aecba038b30e9112f2cefbfdcaddd9536e01b5b3a6dc8188d1a1f168c22f0c7dcf7315171a9a8426275a5a2d62cc43e77fd6a65f13640f8493091ae4a04bd3ebc0d702f476d9a73f098217531b4a9a67da67152ffa0913125421bcf455ed65a0ca9dbc27ad6aae69853c9b0d4ec9d1641c4484d327075a84ea809bef4fcbf62e721cbd1ed489eea67017d135995241f759eb39734a19672c777c62463df90f20a2daeeed9fe64cb16f6b83a3aab871f4729341a6854de19cf71169b33d4ac22080ed7881b6cd600ea5237a423a48153ecb7fa9d3393fdabb7571cf7dbd633bc41a512fa2aa1575fd90363dc8bec3967f35e852a424702f462c3666b74ba40612d111672806b7aaecf295eb9feec04dae32bc72d7bbcaeffa8349d841b51e9bdb1930a02f1d2686d2597eb01ed8bde247fa9f91640e2c5a4fd3cd0af17833297b7dc0152baa3d1c703a7c2d1b34b68d038f7d99148af9eb18990a5b8ef3ac715174566f5d3019d2bcda4b2c06f79056ec216ce4034d2efa8a2b81e09518f3491b32fe3f27462080d55ccd6e9932f3434f83c42585c155aecdb069d57b0414b059b4c747d8dca600d2b303bdb717c9ef0ffe42c299d4f65f0923f00baa1949c2dc9d0910b8e398976d3a466707d44006b8a25d77e42c8fd06514230b6117ae8f41d9577f8e3ebc84912ca3fa0bc4273bc9d97c7136153de1dd7f150b533214846ad18512f61ff35c55817721c2bc9296263314289c255092ea7d5477ea944268de750e3d43df0e41d10ad35eb70fccbcf476b1de9c1f6d9b39c78305a03231307c18d2d86df4ebdcdc96656bd3bc86e97323a8248b0053d3615f73a840ccca37d5f347a529b226a72146f66075936b746fe182411c2315ebcf80d637f26378a551ed03e6d052909a2bd025d305b81432baeaac35251b6d642da031237f594363c08a1bb740fd463db87ce74933a034abe3b886814148406df2a94cd1de520c81dd062ab75cace1adb219deb55faf68a55db9d3c2dfb0d322c58dceba554b19ceff366af194dda2da88f0f98daa83b3ec4817904ec4df3ef2d9c361904cc3d374ebdb3dda52dda8ee830e4b94ef21c7848256edb80b01c66a4596e4bd65e2e92c3f8bb5adf2c3edf0b19e2ff9fd2bd0dd4f65d46c6457854f345c783de64def9bbbb976e3b8c3e06f78efb1131fd70431af8d9446acd0d01b08f8cc1163825aac8d3b30a2432c6b92a74e504685914189a5ef274a84514d6466d047211b65359e2bb14cd9a841ea8aa6e00e4114fe00572ded4d7347295428dea72e1c6ce1ae6fb90eab3e298f853e1145c6c21c159ea54d65f315ce3c29a6861ba75cbae453f9acd2690e531b309e7e261ef790d154c64691b4358a7aa6246b130e1d099f37bc95adbb2f1f3ed3619b0b1e553a6c5aa3cfde3811fc94fce4ca537d9f5b7522daf81d844d0c978a541c7608358cd63153235269c6d3e6e4c0738a1aafc11371badcde9f3bae3e85a0305f80e3aad6262afe87ba3e09de54cddbb785989d1f737a31132f1b76dea5d1fd6d0e83005d090c1f934fbf8d5e9c2926e8b8d4e217953c39b7d86c42d04158e29843b3cea10c7a446c6da203d843b640d35adf295dcd066cc8ea32047301ceeed5f322c90b5c1c9a5e1ce2a6532121c33a3d338a0ec2a6093897e7b136e13e1ff6dce7938835d50155aa7e88b3c2e5a790032dd8ddf98da5a25ed7002ad3a4d48f32a0649be9dd581ba72ffe663f92be7bbf5a1cf9657fca54dd25c5db1da5594261188ada8e425da345f58cc3f68022f0ec1a16f006a8d921e563d4576dd15cbefe1d7f05bae2867ff3c8ae51d1b1f7dffd10423df477c648bebf918852a874b3fe2def49c39d138242987349c0c19b28694fbbdd9063ee35c5dec22a7e0260334f88e7da6b2b66149097c3d8eda46228ed52daef47b349876bd3b0dc358ce1e2fe86f78189f1f3a461799915b8bbdcbd3ac16ee30a55df91c4dcfdbe18ec8050e8b70c4b81f6ecb130944115956255b17e91a582d5c643479bc3733496e0657b2f91ab774f2f9a5de4c8a9ade51c688fd6b83753c3a040e682cca18970b5e1439532528bd883654a29478003fec1653fa62cddde44e32c94fd587c0092f89e38f166fee438269528f8a38a352ebf6400ea75bd363594d7eb2f7db177dabc0c11408603ccad327811e56435eb36e153d94aa92b73815cf660c1fdb363a0571a7703e7c142e4343bf37eac10e1c5bc08601f4a94e12a4d46536ebe1ff30b417dc0bc33039a91f493bbbcc98a17fea428d81793ee8ecbf17b6c1a86861854c702d6f24d6fc7a1c9e14308269a9ea606e614212aedb5e9251861bb5b08a53a2be662bad92982f4127cfa0f325e18533494f84a9a24b7077dae3d26e7047df82b708701fd45c153f76a90f1921ef325976efa85e446d0885cc8a1184da6b0c55fd520cee8bfba7a6c3e6ff4a4ddf5635375ca33be64555350335e5d8cbc977c63b89393f8bc2a8e75f1a8f1e45780112db8cfa3c21e27434a9caddf27a5452f9716c25f76eb09a29717ea021df47b4f722cd8622473c683e4080207aac1968efea54b8d13698862c76ae6d3f304760f7f0119572f2c8dc468b3a005596f141c761093e8ca6964c66c1a1a94da33601884472e3020404b2c30be5ae763b077eca464a8b860eac882c74d4a8e4914354d75b2dfc6364e8868f757ecca1bf7c3f9a9e8aa9216ab8de8243ed520b034b6740bf2d0f3dc39afcdcd4b9fa3a53389ff563ff766914e2d693ef5a2fb60cfa6677adac9bca0db5cdd1dc52e0a5c5d2c843e9e0ece1233a075dcbde4001f13c3d0ed7d70f750261221d0f35305284de79051308b277ea0b2158a45671f48892fe4efe6b8474dc558bb047aa7c6e7aed4471df3420d29bf26a11067a8827111f4886e51d2005d3df55354acd53a894a8d8b15c69154a888643fa4b256342b2589dca14ec0b3d7dfa4ef449d4c4177a5b11e494dd92723cff008abe60e2b3a8f1be92b033a211af12d1a44f4d51223d3bf8471d4b40dd7932d26e0f0d1b0d6e32ea0e27d4057d19d424c9fb29c19a64b7925c95493a8c55b23c85c3bd135da7f7cb0d5cb334b7b879bb8a31e8b0e214f08fac46df3f47a98f68b0a45291849217bf911005f04ae599ba5cebc7a3f1da0cca54b5bcc42189d3bab60aadc0ce80e70ed38cd9d649c838f5690e03ae406a9a63601e0522e2d14616a09aedff1da7786c0c5798aea529d936da746cf6edf654726a5a932710e16654ea7d98f7c4c06ee66ada288925bd8f8af3f56eee1ddc8156afa4354869e38849713cce9081627e43365998b56da3bff7a0276f4e733ca23e420313b62558da97c3b033aad4505f9e432933a3ed15d88ba1c58f9e8968797aa7db6922715146f2255db1d533b590e42e568890653f4a79198c51dc268985201306b1e1f3b69124fff665e19c26392c0a1a16507523cd3106394959b780d331a1591da20e0923ed93fc217851ea001c301a26c874715a89f1eca2b35e44016b2846f6c5c2f17709f522a3f413532d555ce2e08ff83b004e2cfe82164ed8010095dbee62c8f792bee4cb47e4878915e1c8b58589909577b7ff526e4c5e975172af20e97b0163f3d56d9a979ee9f9195cfed78690972f1597812404b3b2bd616b95017d5b6178c5e41ca3f6ee1ec8306ece3a16c43247b4d051b22b616f3485d2a2f8db3ed44c3aacf7cc5bdf3b1c930a8a94990d634c4fbbe6966289b9fe9b594200a38a8cbe6b93c2ef5210da91a3aa8f3500e84957eb436efd060718f60899d182ad6caaf85b94ec8a6f684f38bea03eb1f0dee4c93bf0f0814e858fe3b92b1cdf7c813ec1998a35b63b3ac09a07358a70fb18aec16c6444efa840a9aef2e01bdbac1072832ee94dc3213dcab97ed17438aa6efcfbe061d3ba9bc936a25d50d6890edd23b608f0be1f307718594424716b4f5a4f32305a39a03df8460f33b9681d87e5e5b804d9541f48a09918ab28d942e2ea0d50fcd743e71ff2ca0ab3f373fd4ca07f6ad8b691990ed118fef60595348143878c9f165503d5a3970f7dc86089fdc6727a41d3e407721093d535b9036b37d896461383814dd083cd1230b10dd9ad6edc0d9a07befaa33465fc86da2664e3239740bdf68b5e3d91b3e186781972622fb258e741687ce3bf7c6ce6df394c3d8da6829d8338934eda57d0fb72e8d0193ab9e6b9f9155a533cda29641f1f082bb4b1e3d34cc7e616d5032ad301809955aab743f125dd9cb9ae7e9fdfb26890bce7603dc73d16e637c609408c01351eb1e908cf9eaff6c69a7f476f1e428ac64c27702705a1c657173b97da71b7e2083b766d5f9aa5ea5e8f4c807aabc610110a36d63e03db30cbf2ba4fba21033265f7f8c7fd1565f2aa292a9f3f17973deb6aaa600fc3e7f545619da63eeda61c4bd34d2f10e8a088014be8c390909ddae58c98c189f4b24e873d6101d463160ce7e85991d45ba76ec0d2b5b24cf6f562569b0fe3d8dcebaf5d06facfff7d22062a03a7f959c56ef5aaf0c10b19c70e5ac49d1ff3fa43061ed5ff3930accfe12f55e83053f0779b44dcdc5b7aafa22ce3d6d2312441168c84c83f71d424042a0094614ccd8ec4953fca20f16e1163e1b682e3012e220925b8827edf00f0c4831e88ccae3ee8650a5ad5f583e1cf6539a7238ef13fddd5573b956f5ec59d96cd613863ac91d9d65dbb09f5fe12e89f4f06feaf4ca5dc24fafe4d8861ef7d5a7816859603f7cfeeb48bbe1a560da5e3dbbb2af98b9d890299b7dbed540c07510c6ae3740ff79cc6b251e11f505514f9241f0953350dfbc411dfc9dac9a8448b25a8625d9fadf7de88f28954938ec6bfe5989e1e279f479d145265e7129144c59b9d0109154dde47d552390fca50974ca0c27ae15bbd4e47cf4dbed2b9e997ecc651c9c86199e866b527ca14ba8912f5b0d3043a59800c42384c85986aa03cc5af3331817d2efc1bb82aedcad4014807b7e3348f8dc152458a78778ace8b8fabc12a30b26e84a028e57c2f70d3a047f01c48d03407e4bd98b6e8479f26872d1a5e32b3d7d5fc2fd4d7c5cf8001f6d6e34ba92e6b1d16d9ecb9fadb30c278d5636825595acadd1a91c4d305a6c43e8e4b7486af38a8e085626068c7d59aaa27ddf3dab94c5d6c4cdfb841e87a2218095fc69d4946e181006db3e0aae4c1bc07684a28379f2087e1b7229f46a5c55530e0580b1ebff894aa281d1e07c91cf6ee7d3b1f04049e0c50e9786c840b3fc0c6c4a012694c31eafefeb5de40d142f9844915db739b6e0869788618c9e4b3bce320c42d47df5c372101bb39ba872c60b8e39d531c38e61af39e3514e6e5e61e68d24eee670ec1a43adc30fc9e3107ba1b41e8b56dd05a80fe81547ec95a284db44ee5ad18c8e7451af8922a18f670a23c2af1e4e0087dd75a3811571745e1ce2245332679fdb9289e0770f7669f10c59120319394d0e0918d33aef7ab72129d117a3fb08690b06ea7fa14c95413f34be40625b1d881354a15216efb4fbb11b0ffccc7e10c599a1f4ca65c082fc831313df5abf2f8ee7d4447ea1e0432bbc8138ad54cc6359beeef14bf56197fa426e3dff74afc24c3f1d4320d76741022b1614980993653fafac519fc84f1c21e5d638a0b0abc7eb426aab68e51c49f340cc5d9e74c64edc135c76855fb6e38e10c554ae8b7ea3d9e72b185782046aa6603b4ca809e9fe813ece8032dbfff216184662314b26e8a0471168b27f29cc9c0c42e05e72a583e3aa96ddfae06edba444afa3524dce48684e98cce0e4a8111cb3596e85ca22fb66da55d303724520f91dd6cd69166aa3adb30496e4de726e90df7033ccd7e9f1b0aa8a24e6bd2fb3131986879348e9ac7191dbb4b51144bfb19f31cca117fbe5500e42b27dd646529a3ccab1d687e8c49a1de74418377af2f23062a7249d05cfe4f99b59dbe0e4b774e8fbaa239df83aa64f9e1687852736a4f00ccf508a4aa5307ac298b592d136e0b950ab734327dfea1ce7fc4f5b97c283d6417fa899b0bb217aaee3cd476afb924090b84791f54759d2a88be322e1751ee2cbf1fa414b99aa1fa17558af1ad871721d1c5229e8de5e826f64af77b450bae85a42a42ba58d5e0d0b811fa3a247868c2bffe220302676e3acc28307dc04e0036d95fd19f8b9ed1ec992da4fdc75fe5085e35c4dc84165c7b100700d67de5770ece6778b1c4fa6a7b8d229660d77e301d0b03949d34de33966f7bc03dfee2c7933a4b2b08adfcb124505e0628d2d119bf79b758467393c04f2875fedd4534afc7913ec5647f36fd76396c00246cbe67d63642af559a792e4146ec1d6373bf2fda40e8e20a90e87b96d167fa99f894e0e951ba088481d56fe0a9cbe21a66145153f5244d290185d2eacf4907894a372701201092b67def4eddd1dcfe64d5e5d11053f1d36c831a75fec0260742fe6275d63ff6a5d97b924b28766558306b3fa4069763096929bb511388c3866583a99b1c32db010874f872a3eba9af3b53c9ea5c44b4bd1290e5adf55da3efd55b66cccb865530efb45898d8d23b3e24ac92bbc482792a5ea174ddcd07c0977d586dc60326249623ee62784ed1793b32eef76087138842849e4f85419143813779373752a8496a53ab02cd9523a60772a74c3443c797159b96b14766df08a90ad4c07410fc959e2f6fc67ca3491decb7ceba9e6107359561d51b8b1d59bf9acb88e2a60ea7e7047e178db2dce3fb4d3335cb4bc33e9c2482485python3../client/__init__.pyservice@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootfail2ban-0.11.2-bp153.2.3.1.src.rpmconfig(fail2ban)fail2ban @@@     /bin/sh/bin/sh/bin/sh/bin/sh/usr/bin/fail2ban-python/usr/bin/python3config(fail2ban)cronediptableslogrotatepython(abi)python3python3-pyinotifypython3-systemdrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)systemdsystemdsystemdsystemdsystemdwhois0.11.2-bp153.2.3.13.63.20.8.33.0.4-14.6.0-14.0-15.2-12044.14.1a$@_v@_Í@_=@^m@^]QT\\g@Z'Z Z@Y6YP@Y@XXW@VaVaV=@V@U|@U|@U'UuUL@U-@TTto@TAJohannes Weberhofer Johannes Weberhofer Johannes Weberhofer Dominique Leuenberger Paolo Stivanin Dominique Leuenberger Johannes Weberhofer Dominique Leuenberger chris@computersalat.dejweberhofer@weberhofer.atjweberhofer@weberhofer.atrbrown@suse.comjweberhofer@weberhofer.atjweberhofer@weberhofer.atjweberhofer@weberhofer.atwagner-thomas@gmx.atchris@computersalat.dejweberhofer@weberhofer.atjweberhofer@weberhofer.atjweberhofer@weberhofer.atjweberhofer@weberhofer.atjweberhofer@weberhofer.atjweberhofer@weberhofer.atjweberhofer@weberhofer.atjweberhofer@weberhofer.atjweberhofer@weberhofer.atjweberhofer@weberhofer.atmpluskal@suse.comjweberhofer@weberhofer.atjweberhofer@weberhofer.atjengelh@inai.de- Added fail2ban-0.11.2-upstream-patch-for-CVE-2021-32749.patch to fix CVE-2021-32749 - bnc#1188610 prevent a command injection via mail command- Integrate change to resolve bnc#1146856 and bnc#1180738- Update to 0.11.2 increased stability, filter and action updates - New Features and Enhancements * fail2ban-regex: - speedup formatted output (bypass unneeded stats creation) - extended with prefregex statistic - more informative output for `datepattern` (e. g. set from filter) - pattern : description * parsing of action in jail-configs considers space between action-names as separator also (previously only new-line was allowed), for example `action = a b` would specify 2 actions `a` and `b` * new filter and jail for GitLab recognizing failed application logins (gh#fail2ban/fail2ban#2689) * new filter and jail for Grafana recognizing failed application logins (gh#fail2ban/fail2ban#2855) * new filter and jail for SoftEtherVPN recognizing failed application logins (gh#fail2ban/fail2ban#2723) * `filter.d/guacamole.conf` extended with `logging` parameter to follow webapp-logging if it's configured (gh#fail2ban/fail2ban#2631) * `filter.d/bitwarden.conf` enhanced to support syslog (gh#fail2ban/fail2ban#2778) * introduced new prefix `{UNB}` for `datepattern` to disable word boundaries in regex; * datetemplate: improved anchor detection for capturing groups `(^...)`; * datepattern: improved handling with wrong recognized timestamps (timezones, no datepattern, etc) as well as some warnings signaling user about invalid pattern or zone (gh#fail2ban/fail2ban#2814): - filter gets mode in-operation, which gets activated if filter starts processing of new messages; in this mode a timestamp read from log-line that appeared recently (not an old line), deviating too much from now (up too 24h), will be considered as now (assuming a timezone issue), so could avoid unexpected bypass of failure (previously exceeding `findtime`); - better interaction with non-matching optional datepattern or invalid timestamps; - implements special datepattern `{NONE}` - allow to find failures totally without date-time in log messages, whereas filter will use now as timestamp (gh#fail2ban/fail2ban#2802) * performance optimization of `datepattern` (better search algorithm in datedetector, especially for single template); * fail2ban-client: extended to unban IP range(s) by subnet (CIDR/mask) or hostname (DNS), gh#fail2ban/fail2ban#2791; * extended capturing of alternate tags in filter, allowing combine of multiple groups to single tuple token with new tag prefix `` with all value of `` tags (gh#fail2ban/fail2ban#2755) - Fixes * [stability] prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh#fail2ban/fail2ban#2660) * pyinotify-backend sporadically avoided initial scanning of log-file by start * python 3.9 compatibility (and Travis CI support) * restoring a large number (500+ depending on files ulimit) of current bans when using PyPy fixed * manual ban is written to database, so can be restored by restart (gh#fail2ban/fail2ban#2647) * `jail.conf`: don't specify `action` directly in jails (use `action_` or `banaction` instead) * no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh#fail2ban/fail2ban#2357 * ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh#fail2ban/fail2ban#2686) * don't use `%(banaction)s` interpolation because it can be complex value (containing `[...]` and/or quotes), so would bother the action interpolation * fixed type conversion in config readers (take place after all interpolations get ready), that allows to specify typed parameters variable (as substitutions) as well as to supply it in other sections or as init parameters. * `action.d/*-ipset*.conf`: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only, gh#fail2ban/fail2ban#2703) * `action.d/cloudflare.conf`: fixed `actionunban` (considering new-line chars and optionally real json-parsing with `jq`, gh#fail2ban/fail2ban#2140, gh#fail2ban/fail2ban#2656) * `action.d/nftables.conf` (type=multiport only): fixed port range selector, replacing `:` with `-` (gh#fail2ban/fail2ban#2763) * `action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-` (gh#fail2ban/fail2ban#2821) * `action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num` (gh#fail2ban/fail2ban#2836) * `filter.d/common.conf`: avoid substitute of default values in related `lt_*` section, `__prefix_line` should be interpolated in definition section (inside the filter-config, gh#fail2ban/fail2ban#2650) * `filter.d/dovecot.conf`: - add managesieve and submission support (gh#fail2ban/fail2ban#2795); - accept messages with more verbose logging (gh#fail2ban/fail2ban#2573); * `filter.d/courier-smtp.conf`: prefregex extended to consider port in log-message (gh#fail2ban/fail2ban#2697) * `filter.d/traefik-auth.conf`: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently (gh#fail2ban/fail2ban#2693): - `normal`: matches 401 with supplied username only - `ddos`: matches 401 without supplied username only - `aggressive`: matches 401 and any variant (with and without username) * `filter.d/sshd.conf`: normalizing of user pattern in all RE's, allowing empty user (gh#fail2ban/fail2ban#2749) - Rebased patches - Removed upstream patch fail2ban-0.10.4-upstream-pid-file-location.patch- Use %{_tmpfilesdir} consistently throughout the .spec.- Update to 0.11.1: * Increment ban time (+ observer) functionality introduced. * Database functionality extended with bad ips. * New tags (usable in actions): - `` - ban count of this offender if known as bad (started by 1 for unknown) - `` - current ban-time of the ticket (prolongation can be retarded up to 10 sec.) * Introduced new action command `actionprolong` to prolong ban-time (e. g. set new timeout if expected); * algorithm of restore current bans after restart changed: update the restored ban-time (and therefore end of ban) of the ticket with ban-time of jail (as maximum), for all tickets with ban-time greater (or persistent) * added new setup-option `--without-tests` to skip building and installing of tests files (gh-2287). * added new command `fail2ban-client get banip ?sep-char|--with-time?` to get the banned ip addresses (gh-1916). * purge database will be executed now (within observer). restoring currently banned ip after service restart fixed (now < timeofban + bantime), ignore old log failures (already banned) * upgrade database: update new created table `bips` with entries from table `bans` (allows restore current bans after upgrade from version <= 0.10)- Switch to use python3 (upstream supported): + BuildRequire python3-tools instead of python-devel (for the 2to3 tool). + Drop the python-gamin dependency. + Replace all python-FOO deps for their python3-FOO counterpart.- Added fail2ban-0.10.4-env-script-interpreter.patch to define interpretor - removal of SuSEfirewall2-fail2ban for factory versions since SuSEfirewall2 will be removed from Factory (see sr#713247): * fail2ban-opensuse-service.patch: removed references to SuSEfirewall2 service * fail2ban-opensuse-service-sfw.patch: use references to SuSEfirewall2 only for older distributions * Removed installation recommendation of the fail2ban-SuSEfirewall2 package for all distributions as it is deprecated. - fail2ban-0.10.4-upstream-pid-file-location.patch changed fail2ban unit file location (boo#1145181, gh#fail2ban/fail2ban#2474)- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini- ver. 0.10.4 (2018/10/04) - ten-four-on-due-date-ten-four * https://github.com/fail2ban/fail2ban/blob/0.10.4/ChangeLog - Fixes * `filter.d/dovecot.conf`: - failregex enhancement to catch sql password mismatch errors (gh-2153); - disconnected with "proxy dest auth failed" (gh-2184); * `filter.d/freeswitch.conf`: - provide compatibility for log-format from gh-2193: * extended with new default date-pattern `^(?:%%Y-)?%%m-%%d[ T]%%H:%%M:%%S(?:\.%%f)?` to cover `YYYY-mm-dd HH:MM::SS.ms` as well as `mm-dd HH:MM::SS.ms` (so year is optional); * more optional arguments in log-line (so accept [WARN] as well as [WARNING] and optional [SOFIA] hereafter); - extended with mode parameter, allows to avoid matching of messages like `auth challenge (REGISTER)` (see gh-2163) (currently `extra` as default to be backwards-compatible), see comments in filter how to set it to mode `normal`. * `filter.d/domino-smtp.conf`: - recognizes failures logged using another format (something like session-id, IP enclosed in square brackets); - failregex extended to catch connections rejected for policy reasons (gh-2228); * `action.d/hostsdeny.conf`: fix parameter in config (dynamic parameters stating with '_' are protected and don't allowed in command-actions), see gh-2114; * decoding stability fix by wrong encoded characters like utf-8 surrogate pairs, etc (gh-2171): - fail2ban running in the preferred encoding now (as default encoding also within python 2.x), mostly `UTF-8` in opposite to `ascii` previously, so minimizes influence of implicit conversions errors; - actions: avoid possible conversion errors on wrong-chars by replace tags; - database: improve adapter/converter handlers working on invalid characters in sense of json and/or sqlite-database; additionally both are exception-safe now, so avoid possible locking of database (closes gh-2137); - logging in fail2ban is process-wide exception-safe now. * repaired start-time of initial seek to time (as well as other log-parsing related data), if parameter `logpath` specified before `findtime`, `backend`, `datepattern`, etc (gh-2173) * systemd: fixed type error on option `journalflags`: an integer is required (gh-2125); - New Features * new option `ignorecache` to improve performance of ignore failure check (using caching of `ignoreip`, `ignoreself` and `ignorecommand`), see `man jail.conf` for syntax-example; * `ignorecommand` extended to use actions-similar replacement (capable to interpolate all possible tags like ``, ``, ``, `F-USER` etc.) - Enhancements * `filter.d/dovecot.conf`: extended with tags F-USER (and alternatives) to collect user-logins (gh-2168) * since v.0.10.4, fail2ban-client, fail2ban-server and fail2ban-regex will return version without logo info, additionally option `-V` can be used to get version in normalized machine-readable short format. - rebase patches * fail2ban-opensuse-locations.patch * fail2ban-opensuse-service.patch - add signature file- Updated to version 0.10.3.1. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10.3.1/ChangeLog * fixed JSON serialization for the set-object within dump into database (gh-2103). - Updated to version 0.10.3. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10.3/ChangeLog - Fixes * `filter.d/asterisk.conf`: fixed failregex prefix by log over remote syslog server (gh-2060); * `filter.d/exim.conf`: failregex extended - SMTP call dropped: too many syntax or protocol errors (gh-2048); * `filter.d/recidive.conf`: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069; * `filter.d/sendmail-auth.conf`, `filter.d/sendmail-reject.conf` : - fixed failregex, sendmail uses prefix 'IPv6:' logging of IPv6 addresses (gh-2064); * `filter.d/sshd.conf`: - failregex got an optional space in order to match new log-format (see gh-2061); - fixed ddos-mode regex to match refactored message (some versions can contain port now, see gh-2062); - fixed root login refused regex (optional port before preauth, gh-2080); - avoid banning of legitimate users when pam_unix used in combination with other password method, so bypass pam_unix failures if accepted available for this user gh-2070; - amend to gh-1263 with better handling of multiple attempts (failures for different user-names recognized immediatelly); - mode `ddos` (and `aggressive`) extended to catch `Connection closed by ... [preauth]`, so in DDOS mode it counts failure on closing connection within preauth-stage (gh-2085); * `action.d/abuseipdb.conf`: fixed curl cypher errors and comment quote-issue (gh-2044, gh-2101); * `action.d/badips.py`: implicit convert IPAddr to str, solves an issue "expected string, IPAddr found" (gh-2059); * `action.d/hostsdeny.conf`: fixed IPv6 syntax (enclosed in square brackets, gh-2066); * (Free)BSD ipfw actionban fixed to allow same rule added several times (gh-2054); - New Features * several stability and performance optimizations, more effective filter parsing, etc; * stable runnable within python versions 3.6 (as well as within 3.7-dev); - Enhancements * `filter.d/apache-auth.conf`: detection of Apache SNI errors resp. misredirect attempts (gh-2017, gh-2097); * `filter.d/apache-noscript.conf`: extend failregex to match "Primary script unknown", e. g. from php-fpm (gh-2073); * date-detector extended with long epoch (`LEPOCH`) to parse milliseconds/microseconds posix-dates (gh-2029); * possibility to specify own regex-pattern to match epoch date-time, e. g. `^\[{EPOCH}\]` or `^\[{LEPOCH}\]` (gh-2038); the epoch-pattern similar to `{DATE}` patterns does the capture and cuts out the match of whole pattern from the log-line, e. g. date-pattern `^\[{LEPOCH}\]\s+:` will match and cut out `[1516469849551000] :` from begin of the log-line. * badips.py now uses https instead of plain http when requesting badips.com (gh-2057); * add support for "any" badips.py bancategory, to be able to retrieve IPs from all categories with a desired score (gh-2056); * Introduced new parameter `padding` for logging within fail2ban-server (default on, excepting SYSLOG): Usage `logtarget = target[padding=on|off]`- Updated to version 0.10.2. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10.2/ChangeLog - rebased patch - Incompatibility list (compared to v.0.9): * Filter (or `failregex`) internal capture-groups: - If you've your own `failregex` or custom filters using conditional match `(?P=host)`, you should rewrite the regex like in example below resp. using `(?:(?P=ip4)|(?P=ip6)` instead of `(?P=host)` (or `(?:(?P=ip4)|(?P=ip6)|(?P=dns))` corresponding your `usedns` and `raw` settings). Of course you can always define your own capture-group (like below `_cond_ip_`) to do this. testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1" fail2ban-regex "$testln" "^\s*failure from (?P<_cond_ip_>): bad host (?P=_cond_ip_)$" - New internal groups (currently reserved for internal usage): `ip4`, `ip6`, `dns`, `fid`, `fport`, additionally `user` and another captures in lower case if mapping from tag `` used in failregex (e. g. `user` by ``). * v.0.10 uses more precise date template handling, that can be theoretically incompatible to some user configurations resp. `datepattern`. * Since v0.10 fail2ban supports the matching of the IPv6 addresses, but not all ban actions are IPv6-capable now. - Incompatibility: * The configuration for jails using banaction `pf` can be incompatible after upgrade, because pf-action uses anchors now (see `action.d/pf.conf` for more information). If you want use obsolete handling without anchors, just rewrite it in the `jail.local` by overwrite of `pfctl` parameter, e. g. like `banaction = pf[pfctl="pfctl"]`. - Fixes * Fixed logging to systemd-journal: new logtarget value SYSOUT can be used instead of STDOUT, to avoid write of the time-stamp, if logging to systemd-journal from foreground mode (gh-1876) * Fixed recognition of the new date-format on mysqld-auth filter (gh-1639) * jail.conf: port `imap3` replaced with `imap` everywhere, since imap3 is not a standard port and old rarely (if ever) used and can missing on some systems (e. g. debian stretch), see gh-1942. * config/paths-common.conf: added missing initial values (and small normalization in config/paths-*.conf) in order to avoid errors while interpolating (e. g. starting with systemd-backend), see gh-1955. * `action.d/pf.conf`: - fixed syntax error in achnor definition (documentation, see gh-1919); - enclose ports in braces for multiport jails (see gh-1925); * `action.d/firewallcmd-ipset.conf`: fixed create of set for ipv6 (missing `family inet6`, gh-1990) * `filter.d/sshd.conf`: - extended failregex for modes "extra"/"aggressive": now finds all possible (also future) forms of "no matching (cipher|mac|MAC|compression method|key exchange method|host key type) found", see "ssherr.c" for all possible SSH_ERR_..._ALG_MATCH errors (gh-1943, gh-1944); - fixed failregex in order to avoid banning of legitimate users with multiple public keys (gh-2014, gh-1263); - New Features * datedetector: extended default date-patterns (allows extra space between the date and time stamps); introduces 2 new format directives (with corresponding %Ex prefix for more precise parsing): - %k - one- or two-digit number giving the hour of the day (0-23) on a 24-hour clock, (corresponds %H, but allows space if not zero-padded). - %l - one- or two-digit number giving the hour of the day (12-11) on a 12-hour clock, (corresponds %I, but allows space if not zero-padded). * `filter.d/exim.conf`: added mode `aggressive` to ban flood resp. DDOS-similar failures (gh-1983); - New Actions: * `action.d/nginx-block-map.conf` - in order to ban not IP-related tickets via nginx (session blacklisting in nginx-location with map-file); - Enhancements * jail.conf: extended with new parameter `mode` for the filters supporting it (gh-1988); * action.d/pf.conf: extended with bulk-unban, command `actionflush` in order to flush all bans at once. * Introduced new parameters for logging within fail2ban-server (gh-1980). Usage `logtarget = target[facility=..., datetime=on|off, format="..."]`: - `facility` - specify syslog facility (default `daemon`, see https://docs.python.org/2/library/logging.handlers.html#sysloghandler for the list of facilities); - `datetime` - add date-time to the message (default on, ignored if `format` specified); - `format` - specify own format how it will be logged, for example for short-log into STDOUT: `fail2ban-server -f --logtarget 'stdout[format="%(relativeCreated)5d | %(message)s"]' start`; * Automatically recover or recreate corrupt persistent database (e. g. if failed to open with 'database disk image is malformed'). Fail2ban will create a backup, try to repair the database, if repair fails - recreate new database (gh-1465, gh-2004).- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Updated to version 0.10.1. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10/ChangeLog - Removed 607568f.patch and 1783.patch - New features: * IPv6 support - IP addresses are now handled as objects rather than strings capable for handling both address types IPv4 and IPv6 - iptables related actions have been amended to support IPv6 specific actions additionally - hostsdeny and route actions have been tested to be aware of v4 and v6 already - pf action for *BSD systems has been improved and supports now also v4 and v6 - name resolution is now working for either address type - new conditional section functionality used in config resp. includes: - [Init?family=inet4] - IPv4 qualified hosts only - [Init?family=inet6] - IPv6 qualified hosts only * Reporting via abuseipdb.com - Bans can now be reported to abuseipdb - Catagories must be set in the config - Relevant log lines included in report * Several commands extended and new commands introduced * Implemented execution of `actionstart` on demand * nftables actions are IPv6-capable now * Introduced new filter option `prefregex` for pre-filtering using single regular expression * Many times faster because of several optimizations * Several filters optimized * Introduced new jail option "ignoreself" - Lots of fixes and internal improvements - Incompatibitilities: * Filter (or `failregex`) internal capture-groups: - If you've your own `failregex` or custom filters using conditional match `(?P=host)`, you should rewrite the regex like in example below resp. using `(?:(?P=ip4)|(?P=ip6)` instead of `(?P=host)` (or `(?:(?P=ip4)|(?P=ip6)|(?P=dns))` corresponding your `usedns` and `raw` settings). Of course you can always your own capture-group (like below `_cond_ip_`) to do this. ``` testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1" fail2ban-regex "$testln" "^\s*failure from (?P<_cond_ip_>): bad host (?P=_cond_ip_)$" ``` - New internal groups (currently reserved for internal usage): `ip4`, `ip6`, `dns`, `fid`, `fport`, additionally `user` and another captures in lower case if mapping from tag `` used in failregex (e. g. `user` by ``). * v.0.10 uses more precise date template handling, that can be theoretically incompatible to some user configurations resp. `datepattern`. * Since v0.10 fail2ban supports the matching of the IPv6 addresses, but not all ban actions are IPv6-capable now.- added 1783.patch from upstream: "Updated roundcube authentication filter" - use tmpfiles_create macro- added 607568f.patch from upstream: "Postfix RBL: 554 & SMTP" this fixes bnc#1036928 " fail2ban-rbl regex incorrect, takes no action as a result" - Update to 0.9.7 * Fixed a systemd-journal handling in fail2ban-regex (gh#fail2ban/fail2ban#1657) * filter.d/sshd.conf - Fixed non-anchored part of failregex (misleading match of colon inside IPv6 address instead of `: ` in the reason-part by missing space, gh#fail2ban/fail2ban#1658) (0.10th resp. IPv6 relevant only, amend for gh#fail2ban/fail2ban#1479) * config/pathes-freebsd.conf - Fixed filenames for apache and nginx log files (gh#fail2ban/fail2ban#1667) * filter.d/exim.conf - optional part `(...)` after host-name before `[IP]` (gh#fail2ban/fail2ban#1751) - new reason "Unrouteable address" for "rejected RCPT" regex (gh#fail2ban/fail2ban#1762) - match of complex time like `D=2m42s` in regex "no MAIL in SMTP connection" (gh#fail2ban/fail2ban#1766) * filter.d/sshd.conf - new aggressive rules (gh#fail2ban/fail2ban#864): - Connection reset by peer (multi-line rule during authorization process) - No supported authentication methods available - single line and multi-line expression optimized, added optional prefixes and suffix (logged from several ssh versions), according to gh#fail2ban/fail2ban#1206; - fixed expression received disconnect auth fail (optional space after port part, gh#fail2ban/fail2ban#1652) and suffix (logged from several ssh versions), according to gh#fail2ban/fail2ban#1206; * filter.d/suhosin.conf - greedy catch-all before `` fixed (potential vulnerability) * filter.d/cyrus-imap.conf - accept entries without login-info resp. hostname before IP address (#fail2ban/fail2ban#707) * Filter tests extended with check of all config-regexp, that contains greedy catch-all before ``, that is hard-anchored at end or precise sub expression after `` * New Actions: - action.d/netscaler: Block IPs on a Citrix Netscaler ADC (gh#fail2ban/fail2ban#1663) * New Filters: - filter.d/domino-smtp: IBM Domino SMTP task (gh#fail2ban/fail2ban#1603) * Introduced new log-level `MSG` (as INFO-2, equivalent to 18)- rename nagios-plugins-fail2ban to monitoring-plugins-fail2ban- Update to 0.9.6 (2016/12/10) [#]## Fixes * Misleading add resp. enable of (already available) jail in database, that induced a subsequent error: last position of log file will be never retrieved (gh-795) * Fixed a distribution related bug within testReadStockJailConfForceEnabled (e.g. test-cases faults on Fedora, see gh-1353) * Fixed pythonic filters and test scripts (running via wrong python version, uses "fail2ban-python" now); * Fixed test case "testSetupInstallRoot" for not default python version (also using direct call, out of virtualenv); * Fixed ambiguous wrong recognized date pattern resp. its optional parts (see gh-1512); * FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540) * Monit config: scripting is not supported in path (gh-1556) * `filter.d/apache-modsecurity.conf` - Fixed for newer version (one space, gh-1626), optimized: non-greedy catch-all replaced for safer match, unneeded catch-all anchoring removed, non-capturing * `filter.d/asterisk.conf` - Fixed to match different asterisk log prefix (source file: method:) * `filter.d/dovecot.conf` - Fixed failregex ignores failures through some not relevant info (gh-1623) * `filter.d/ignorecommands/apache-fakegooglebot` - Fixed error within apache-fakegooglebot, that will be called with wrong python version (gh-1506) * `filter.d/assp.conf` - Extended failregex and test cases to handle ASSP V1 and V2 (gh-1494) * `filter.d/postfix-sasl.conf` - Allow for having no trailing space after 'failed:' (gh-1497) * `filter.d/vsftpd.conf` - Optional reason part in message after FAIL LOGIN (gh-1543) * `filter.d/sendmail-reject.conf` - removed mandatory double space (if dns-host available, gh-1579) * filter.d/sshd.conf - recognized "Failed publickey for" (gh-1477); - optimized failregex to match all of "Failed any-method for ... from " (gh-1479) - eliminated possible complex injections (on user-name resp. auth-info, see gh-1479) - optional port part after host (see gh-1533, gh-1581) [#]## New Features * New Actions: - `action.d/npf.conf` for NPF, the latest packet filter for NetBSD * New Filters: - `filter.d/mongodb-auth.conf` for MongoDB (document-oriented NoSQL database engine) (gh-1586, gh-1606 and gh-1607) [#]## Enhancements * DateTemplate regexp extended with the word-end boundary, additionally to word-start boundary * Introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located): - allows to use the same version, fail2ban currently running, e.g. in external scripts just via replace python with fail2ban-python: ```diff - #!/usr/bin/env python +#!/usr/bin/env fail2ban-python ``` - always the same pickle protocol - the same (and also guaranteed available) fail2ban modules - simplified stand-alone install, resp. stand-alone installation possibility via setup (like gh-1487) is getting closer * Several test cases rewritten using new methods assertIn, assertNotIn * New forward compatibility method assertRaisesRegexp (normally python >= 2.7). Methods assertIn, assertNotIn, assertRaisesRegexp, assertLogged, assertNotLogged are test covered now * Jail configuration extended with new syntax to pass options to the backend (see gh-1408), examples: - `backend = systemd[journalpath=/run/log/journal/machine-1]` - `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]` - `backend = systemd[journalflags=2]` - rebase fail2ban-opensuse-locations.patch, fail2ban-opensuse-service.patch- Update to version 0.9.5 New Features * New Actions: action.d/firewallcmd-rich-rules and action.d/firewallcmd-rich-logging (gh#fail2ban/fail2ban#1367) * New filter: slapd - ban hosts, that were failed to connect with invalid credentials: error code 49 (gh#fail2ban/fail2ban#1478) Enhancements * Extreme speedup of all sqlite database operations (gh#fail2ban/fail2ban#1436), by using of following sqlite options: - (synchronous = OFF) write data through OS without syncing - (journal_mode = MEMORY) use memory for the transaction logging - (temp_store = MEMORY) temporary tables and indices are kept in memory * journald journalmatch for pure-ftpd (gh#fail2ban/fail2ban#1362) * Added additional regex filter for dovecot ldap authentication failures (gh#fail2ban/fail2ban#1370) * filter.d/exim*conf - Added additional regexes (gh#fail2ban/fail2ban#1371) - Made port entry optional Fixes * filter.d/monit.conf - Extended failregex with new monit "access denied" version (gh#fail2ban/fail2ban#1355) - failregex of previous monit version merged as single expression * filter.d/postfix.conf, filter.d/postfix-sasl.conf - Extended failregex daemon part, matching also postfix/smtps/smtpd now (gh#fail2ban/fail2ban#1391) * Fixed a grave bug within tags substitutions because of incorrect detection of recursion in case of multiple inline substitutions of the same tag (affected actions: bsd-ipfw, etc). Now tracks the actual list of the already substituted tags (per tag instead of single list) * filter.d/common.conf - Unexpected extra regex-space in generic __prefix_line (gh#fail2ban/fail2ban#1405) - All optional spaces normalized in common.conf, test covered now - Generic __prefix_line extended with optional brackets for the date ambit (gh#fail2ban/fail2ban#1421), added new parameter __date_ambit * gentoo-initd fixed --pidfile bug: --pidfile is option of start-stop-daemon, not argument of fail2ban (see gh#fail2ban/fail2ban#1434) * filter.d/asterisk.conf - Fixed security log support for PJSIP and Asterisk 13+ (gh#fail2ban/fail2ban#1456) - Improved log support for PJSIP and Asterisk 13+ with different callID (gh#fail2ban/fail2ban#1458)- Mark /etc/fail2ban/fail2ban.conf as noreplace.- Removed patch: fail2ban-exclude-dev-log-tests.patch - Removed patch: fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch - rebased other patches - Defined services which per default uses systemd logger - Provide /usr/sbin/rcfail2ban also on systemd based distros - All files in /etc/fail2ban/ except jail.local are now automatically replaced upon installation of fail2ban - The update to this versions allow to close boo#917818, as the logger-backends for several services are now centrally set in /etc/fail2ban/paths-opensuse.conf - Update to version 0.9.4 New Features: * New interpolation feature for definition config readers - `` (means last known init definition of filters or actions with name `parameter`). This interpolation makes possible to extend a parameters of stock filter or action directly in jail inside jail.local file, without creating a separately filter.d/*.local file. As extension to interpolation `%(known/parameter)s`, that does not works for filter and action init parameters * New actions: - nftables-multiport and nftables-allports - filtering using nftables framework. Note: it requires a pre-existing chain for the filtering rule. * New filters: - openhab - domotic software authentication failure with the rest api and web interface (gh-1223) - nginx-limit-req - ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module) - murmur - ban hosts that repeatedly attempt to connect to murmur/mumble-server with an invalid server password or certificate. - haproxy-http-auth - filter to match failed HTTP Authentications against a HAProxy server * New jails: - murmur - bans TCP and UDP from the bad host on the default murmur port. * sshd filter got new failregex to match "maximum authentication attempts exceeded" (introduced in openssh 6.8) * Added filter for Mac OS screen sharing (VNC) daemon Enhancements: * Do not rotate empty log files * Added new date pattern with year after day (e.g. Sun Jan 23 2005 21:59:59) http://bugs.debian.org/798923 * Added openSUSE path configuration (Thanks Johannes Weberhofer) * Allow to split ignoreip entries by ',' as well as by ' ' (gh-1197) * Added a timeout (3 sec) to urlopen within badips.py action (Thanks M. Maraun) * Added check against atacker's Googlebot PTR fake records (Thanks Pablo Rodriguez Fernandez) * Enhance filter against atacker's Googlebot PTR fake records (gh-1226) * Nginx log paths extended (prefixed with "*" wildcard) (gh-1237) * Added filter for openhab domotic software authentication failure with the rest api and web interface (gh-1223) * Add *_backend options for services to allow distros to set the default backend per service, set default to systemd for Fedora as appropriate * Performance improvements while monitoring large number of files (gh-1265). Use associative array (dict) for monitored log files to speed up lookup operations. Thanks @kshetragia * Specified that fail2ban is PartOf iptables.service firewalld.service in .service file -- would reload fail2ban if those services are restarted * Provides new default `fail2ban_version` and interpolation variable `fail2ban_agent` in jail.conf * Enhance filter 'postfix' to ban incoming SMTP client with no fqdn hostname, and to support multiple instances of postfix having varying suffix (gh-1331) (Thanks Tom Hendrikx) * files/gentoo-initd to use start-stop-daemon to robustify restarting the service Fixes: * roundcube-auth jail typo for logpath * Fix dnsToIp resolver for fqdn with large list of IPs (gh-1164) * filter.d/apache-badbots.conf - Updated useragent string regex adding escape for `+` * filter.d/mysqld-auth.conf gg - Updated "Access denied ..." regex for MySQL 5.6 and later (gh-1211, gh-1332) * filter.d/sshd.conf - Updated "Auth fail" regex for OpenSSH 5.9 and later * Treat failed and killed execution of commands identically (only different log messages), which addresses different behavior on different exit codes of dash and bash (gh-1155) * Fix jail.conf.5 man's section (gh-1226) * Fixed default banaction for allports jails like pam-generic, recidive, etc with new default variable `banaction_allports` (gh-1216) * Fixed `fail2ban-regex` stops working on invalid (wrong encoded) character for python version < 3.x (gh-1248) * Use postfix_log logpath for postfix-rbl jail * filters.d/postfix.conf - add 'Sender address rejected: Domain not found' failregex * use `fail2ban_agent` as user-agent in actions badips, blocklist_de, etc (gh-1271) * Fix ignoring the sender option by action_mw, action_mwl and action_c_mwl * Changed filter.d/asterisk regex for "Call from ..." (few vulnerable now) * Removed compression and rotation count from logrotate (inherit them from the global logrotate config)- Require python-systemd for openSUSE 12.3+ - Cleaned up the spec file - Added /run/fail2ban for openSUSE 13.2+ - Don't fail on test-errors- Added fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch to fix the former failing test and removed fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch - Do not longer create test-package. Developers should not use the packaged version of fail2ban.- patches are no longer included conditionally- fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch excludes the ExecuteTimeoutWithNastyChildren test, as it doesn't run correctly on openSUSE. - fail2ban-disable-iptables-w-option.patch disables iptables "-w" option for older releases. - Update to version 0.9.3 - IMPORTANT incompatible changes: * filter.d/roundcube-auth.conf - Changed logpath to 'errors' log (was 'userlogins') * action.d/iptables-common.conf - All calls to iptables command now use -w switch introduced in iptables 1.4.20 (some distribution could have patched their earlier base version as well) to provide this locking mechanism useful under heavy load to avoid contesting on iptables calls. If you need to disable, define 'action.d/iptables-common.local' with empty value for 'lockingopt' in `[Init]` section. * mail-whois-lines, sendmail-geoip-lines and sendmail-whois-lines actions now include by default only the first 1000 log lines in the emails. Adjust to augment the behavior. - Fixes: * reload in interactive mode appends all the jails twice (gh-825) * reload server/jail failed if database used (but was not changed) and some jail active (gh-1072) * filter.d/dovecot.conf - also match unknown user in passwd-file. Thanks Anton Shestakov * Fix fail2ban-regex not parsing journalmatch correctly from filter config * filter.d/asterisk.conf - fix security log support for Asterisk 12+ * filter.d/roundcube-auth.conf - Updated regex to work with 'errors' log (1.0.5 and 1.1.1) - Added regex to work with 'userlogins' log * action.d/sendmail*.conf - use LC_ALL (superseeding LC_TIME) to override locale on systems with customized LC_ALL * performance fix: minimizes connection overhead, close socket only at communication end (gh-1099) * unbanip always deletes ip from database (independent of bantime, also if currently not banned or persistent) * guarantee order of dbfile to be before dbpurgeage (gh-1048) * always set 'dbfile' before other database options (gh-1050) * kill the entire process group of the child process upon timeout (gh-1129). Otherwise could lead to resource exhaustion due to hanging whois processes. * resolve /var/run/fail2ban path in setup.py to help installation on platforms with /var/run -> /run symlink (gh-1142) - New Features: * RETURN iptables target is now a variable: * New type of operation: pass2allow, use fail2ban for "knocking", opening a closed port by swapping blocktype and returntype * New filters: - froxlor-auth - Thanks Joern Muehlencord - apache-pass - filter Apache access log for successful authentication * New actions: - shorewall-ipset-proto6 - using proto feature of the Shorewall. Still requires manual pre-configuration of the shorewall. See the action file for detail. * New jails: - pass2allow-ftp - allows FTP traffic after successful HTTP authentication - Enhancements: * action.d/cloudflare.conf - improved documentation on how to allow multiple CF accounts, and jail.conf got new compound action definition action_cf_mwl to submit cloudflare report. * Check access to socket for more detailed logging on error (gh-595) * fail2ban-testcases man page * filter.d/apache-badbots.conf, filter.d/nginx-botsearch.conf - add HEAD method verb * Revamp of Travis and coverage automated testing * Added a space between IP address and the following colon in notification emails for easier text selection * Character detection heuristics for whois output via optional setting in mail-whois*.conf. Thanks Thomas Mayer. Not enabled by default, if _whois_command is set to be %(_whois_convert_charset)s (e.g. in action.d/mail-whois-common.local), it - detects character set of whois output (which is undefined by RFC 3912) via heuristics of the file command - converts whois data to UTF-8 character set with iconv - sends the whois output in UTF-8 character set to mail program - avoids that heirloom mailx creates binary attachment for input with unknown character set- Note: fail2ban-issue_906-strptime.patch has been removed as it is already integrated in the current version.- Removed "backend" setting from paths-opensuse.conf- Update to version 0.9.2 (requested in boo#917818) Read the full changelog in /usr/share/doc/packages/fail2ban/ChangeLog Here are some notes to be read when updating existing installations: The default log-backend for openssue 13.2+ is now systemd * jail.conf was heavily refactored and now is similar to how it looked on Debian systems: - default action could be configured once for all jails - jails definitions only provide customizations (port, logpath) - no need to specify 'filter' if name matches jail name * Added fail2ban persistent database - default location at /var/lib/fail2ban/fail2ban.sqlite3 - allows active bans to be reinstated on restart - log files read from last position after restart * Added systemd journal backend - Dependency on python-systemd - New "journalmatch" option added to filter configs files - New "systemd-journal" option added to fail2ban-regex * Support %z (Timezone offset) and %f (sub-seconds) support for datedetector. Enhanced existing date/time have been updated patterns to support these. ISO8601 now defaults to localtime unless specified otherwise. Some filters have been change as required to capture these elements in the right timezone correctly. * Log levels are now set by Syslog style strings e.g. DEBUG, ERROR. * Optionally can read log files starting from "head" or "tail". See "logpath" option in jail.conf(5) man page. * Can now set log encoding for files per jail.Default uses systemd locale. * iptables-common.conf replaced iptables-blocktype.conf (iptables-blocktype.local should still be read) and now also provides defaults for the chain, port, protocol and name tags - Require whois - Whereever possible, path-definitions have been moved paths-opensuse.conf which has been submittet upstream - Use default fail2ban.service including fail2ban-opensuse-service.patch - Use default suse-initd from upstream - Run test-cases during build - run fdupes - Tests have been moved to a seperate page - Added rpmlintrc file to ignore some hidden files in the test package - Must build arch-depended packages for SLES 11 - Removed two tests which can't run on the build server with openSUSE before 13.3: fail2ban-exclude-dev-log-tests.patch- Add missing dependency on ed (boo#926943)- Fixed strptime thread safety issue. fail2ban-issue_906-strptime.patch (bnc#914075 gh#fail2ban/fail2ban#906)- Added syslog to requirements, as this version of fail2ban does not work with systemd-logging: bnc#905733- Recommend installation of the ordering package when all constituing parts are installed/bin/sh/bin/sh/bin/sh/bin/shlamb62 1629993816  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~     0.11.2-bp153.2.3.10.11.2-bp153.2.3.1  fail2banaction.dabuseipdb.confapf.confbadips.confbadips.pyblocklist_de.confbsd-ipfw.confcloudflare.confcomplain.confdshield.confdummy.conffirewallcmd-allports.conffirewallcmd-common.conffirewallcmd-ipset.conffirewallcmd-multiport.conffirewallcmd-new.conffirewallcmd-rich-logging.conffirewallcmd-rich-rules.confhelpers-common.confhostsdeny.confipfilter.confipfw.confiptables-allports.confiptables-common.confiptables-ipset-proto4.confiptables-ipset-proto6-allports.confiptables-ipset-proto6.confiptables-multiport-log.confiptables-multiport.confiptables-new.confiptables-xt_recent-echo.confiptables.confmail-buffered.confmail-whois-common.confmail-whois-lines.confmail-whois.confmail.confmynetwatchman.confnetscaler.confnftables-allports.confnftables-multiport.confnftables.confnginx-block-map.confnpf.confnsupdate.confosx-afctl.confosx-ipfw.confpf.confroute.confsendmail-buffered.confsendmail-common.confsendmail-geoip-lines.confsendmail-whois-ipjailmatches.confsendmail-whois-ipmatches.confsendmail-whois-lines.confsendmail-whois-matches.confsendmail-whois.confsendmail.confshorewall-ipset-proto6.confshorewall.confsmtp.pysymbiosis-blacklist-allports.confufw.confxarf-login-attack.conffail2ban.conffail2ban.dfilter.d3proxy.confapache-auth.confapache-badbots.confapache-botsearch.confapache-common.confapache-fakegooglebot.confapache-modsecurity.confapache-nohome.confapache-noscript.confapache-overflows.confapache-pass.confapache-shellshock.confassp.confasterisk.confbitwarden.confbotsearch-common.confcentreon.confcommon.confcounter-strike.confcourier-auth.confcourier-smtp.confcyrus-imap.confdirectadmin.confdomino-smtp.confdovecot.confdropbear.confdrupal-auth.confejabberd-auth.confexim-common.confexim-spam.confexim.conffreeswitch.conffroxlor-auth.confgitlab.confgrafana.confgroupoffice.confgssftpd.confguacamole.confhaproxy-http-auth.confhorde.confignorecommandsapache-fakegooglebotkerio.conflighttpd-auth.confmongodb-auth.confmonit.confmurmur.confmysqld-auth.confnagios.confnamed-refused.confnginx-botsearch.confnginx-http-auth.confnginx-limit-req.confnsd.confopenhab.confopenwebmail.conforacleims.confpam-generic.confperdition.confphp-url-fopen.confphpmyadmin-syslog.confportsentry.confpostfix.confproftpd.confpure-ftpd.confqmail.confrecidive.confroundcube-auth.confscreensharingd.confselinux-common.confselinux-ssh.confsendmail-auth.confsendmail-reject.confsieve.confslapd.confsoftethervpn.confsogo-auth.confsolid-pop3d.confsquid.confsquirrelmail.confsshd.confstunnel.confsuhosin.conftine20.conftraefik-auth.confuwimap-auth.confvsftpd.confwebmin-auth.confwuftpd.confxinetd-fail.confznc-adminlog.confzoneminder.confjail.confjail.djail.localpaths-common.confpaths-opensuse.conffail2banfail2banfail2ban-clientfail2ban-pythonfail2ban-regexfail2ban-serverfail2banfail2ban-0.11.2-py3.6.egg-info__init__.py__pycache____init__.cpython-36.pycexceptions.cpython-36.pychelpers.cpython-36.pycprotocol.cpython-36.pycsetup.cpython-36.pycversion.cpython-36.pycclient__init__.py__pycache____init__.cpython-36.pycactionreader.cpython-36.pycbeautifier.cpython-36.pycconfigparserinc.cpython-36.pycconfigreader.cpython-36.pycconfigurator.cpython-36.pyccsocket.cpython-36.pycfail2banclient.cpython-36.pycfail2bancmdline.cpython-36.pycfail2banreader.cpython-36.pycfail2banregex.cpython-36.pycfail2banserver.cpython-36.pycfilterreader.cpython-36.pycjailreader.cpython-36.pycjailsreader.cpython-36.pycactionreader.pybeautifier.pyconfigparserinc.pyconfigreader.pyconfigurator.pycsocket.pyfail2banclient.pyfail2bancmdline.pyfail2banreader.pyfail2banregex.pyfail2banserver.pyfilterreader.pyjailreader.pyjailsreader.pyexceptions.pyhelpers.pyprotocol.pyserver__init__.py__pycache____init__.cpython-36.pycaction.cpython-36.pycactions.cpython-36.pycasyncserver.cpython-36.pycbanmanager.cpython-36.pycdatabase.cpython-36.pycdatedetector.cpython-36.pycdatetemplate.cpython-36.pycfailmanager.cpython-36.pycfailregex.cpython-36.pycfilter.cpython-36.pycfiltergamin.cpython-36.pycfilterpoll.cpython-36.pycfilterpyinotify.cpython-36.pycfiltersystemd.cpython-36.pycipdns.cpython-36.pycjail.cpython-36.pycjails.cpython-36.pycjailthread.cpython-36.pycmytime.cpython-36.pycobserver.cpython-36.pycserver.cpython-36.pycstrptime.cpython-36.pycticket.cpython-36.pyctransmitter.cpython-36.pycutils.cpython-36.pycaction.pyactions.pyasyncserver.pybanmanager.pydatabase.pydatedetector.pydatetemplate.pyfailmanager.pyfailregex.pyfilter.pyfiltergamin.pyfilterpoll.pyfilterpyinotify.pyfiltersystemd.pyipdns.pyjail.pyjails.pyjailthread.pymytime.pyobserver.pyserver.pystrptime.pyticket.pytransmitter.pyutils.pysetup.pyversion.pyfail2ban.servicefail2ban.confrcfail2banfail2banChangeLogREADME.mdTODOrequirements.txtrun-rootless.txtsysconfig.fail2banfail2banCOPYINGfail2ban-client.1.gzfail2ban-python.1.gzfail2ban-regex.1.gzfail2ban-server.1.gzfail2ban-testcases.1.gzjail.conf.5.gzfail2ban/etc//etc/fail2ban//etc/fail2ban/action.d//etc/fail2ban/filter.d//etc/fail2ban/filter.d/ignorecommands//etc/logrotate.d//run//usr/bin//usr/lib/python3.6/site-packages//usr/lib/python3.6/site-packages/fail2ban//usr/lib/python3.6/site-packages/fail2ban/__pycache__//usr/lib/python3.6/site-packages/fail2ban/client//usr/lib/python3.6/site-packages/fail2ban/client/__pycache__//usr/lib/python3.6/site-packages/fail2ban/server//usr/lib/python3.6/site-packages/fail2ban/server/__pycache__//usr/lib/systemd/system//usr/lib/tmpfiles.d//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/fail2ban//usr/share/fillup-templates//usr/share/licenses//usr/share/licenses/fail2ban//usr/share/man/man1//usr/share/man/man5//var/lib/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:16869/openSUSE_Backports_SLE-15-SP3_Update/0579d84e725f6603c18109e580cb2874-fail2ban.openSUSE_Backports_SLE-15-SP3_Updatedrpmxz5noarch-suse-linux  directoryASCII textPython script, ASCII text executableHTML document, ASCII textASCII text, with very long linesUTF-8 Unicode textUTF-8 Unicode text, with very long linespython 3.6 byte-compiledASCII text, with CRLF line terminatorstroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`aRRRRR R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R PT-ab\utf-8b78fd9aae7e83d6eebe3f15a05dc65e1dfb1e8b2f3d2661a48b19aa3d3472b99?7zXZ !t/]"k%w Z+DrC ZuhSrհ N1Q#Z痰)lZ^ 0H?RQl}Y&(`sQRۅ/};(I*Gw@|r-U{Qz_$$'+sp_"ALJ^})W0،EzmK s|Mc&3?J Q0w7fo =eȪkqJ$P+J">i jѬEeOdfdٍHvWR(Z}SQ m1{7R2`MDRޏG [?%ҵ&ȿ6Eg'"{\g> 5-br+&ooY/6p72#*MU &JQ[KZ5`^zľq5_-v&&҄>D9L3CTQdxɮSHW/0AFuKM3L.shë"yj-eƣ-]#b |'L[[ Q_nM w4žd7(R*s̜XF?pPf7*L9޴XyWʔ2*^\~6V`I:;B3") R 9yS!nE{ck=Ip>&׿O/9EɎ'jo ? I>I=5\x I;Xfj5?cRyÖz=M̌i 8H(=Z庥Q7Y$,dxx0jhtH4JYf 8#֯Z߫5j-֐%ucS̛xRn%j@?̉Ik7߅+?,Js EZVr *d;ٹE9 nBϹ3<<;L"tԼωPjEheDHz L;`T+.R\3 ep2l ba(.NG mqn|<evZ<ש1M<:w#O볦y6[(.o*IcA;lFծ?1q!`BްUGy=Pryo(Z2<`}aq #S7eUвח`I(ՀL=c"E[1rxek_B]XuӦ)9%{վCP#6_U%o}F9vdճC#Z@ZhjQC0A^-#E(j3fH#|?>SNڌxzR-(NJ?SXaU8\>Y6ڂ Ab{'/ lC;T*GLN zN0xlOP=ޛE ԛ2oUc()Uq)3F V}=ڌ5$:GjɁdKr wf_I= ptأ|+$xU Hm]h`:Лd_z+yvR`1'xgz|q " jo&T_GzKE=K u/ FJNă7;\1<34Ó:!W5#ga" #ؿ2)T<8ll? (10eLvxşx͉9c(xAgD^&/hE܅B TNb8 SP7z= &%dͬd1LPs w)Ao/XG:e֚]ǔF[A㢞gB /շF[ I9 fXsX,~@T=~Eڭz^$V_=NG Fy }XŇ xܿUǶf?c鞴K#A@J˅@bw~6c$8ASi>Ĵ wvW*J/BɈ2QsȖc\"^a9ڗ]E@gЅ=IXy&R y0^bgZ; g45%NAB&D$v}pem(sO;1&A4FFwF(/.$*p{qs8i]su=aEƃgB|%V(;╒Rhd!_S-g;|%*޷J7,z?BH29'* ~6D@vE;77I%)hW04X!_IsH@=2XNB L%!lPjx`}drk[lfVFy &vz8G7)**0ø=GWw#1<E=n4._9{>mI4]LmsQyˀٗB/M{A^O9]򛘳+VG㗕;Hy]T8J@yR19wiuJFV6/ҥr#UnN(o87i|urQH'{. I³ՓgbpO{cIYR0;kR>!sѡ,OW˫PLP+01}Ι.꺳z{$:4ky?b23$g6.Μb(:%<A(F$ehkҢeUD!UQ W\e&إ-}4LZ}(پIe5{8}ԭ?d#Uors t8gGRrf]GTGBġS˝ vJdF5>vuj ]0'̻U1isM7*нئ!?|2P Bw(E)-ZyrOS'S\ ƻ dP@enG?. FxUYcӪ`F}IcbZ 'u!?Ux 1X 熼S=m`geKV ^„ ĭx!zR׼ zrsiqDv,J1~nphAfJF퓥A~yioraoYsrbHо0Pɖ/A}sE0XS?onohSשK^Q J$y75s^۬Waa옄$Q<:!X| m {i&1J2|UaN bV"`Ob.\V&V<%l|k4nHGᎨ2rĄ1ϪrM% lwoZlvVݑ ڏ֙|+BR< lJٴ{#֮Q],dza`">fJS}0Hɗ4i* M2h`jPrq ;EpUK?kFM ;6!…݂&^S:W1㙛C@z`}c0Qv`XA {حj*GØ"S!)=+->P^M_o#>d}K@a>&ԴW8R>8A1 dd1q`(i@)p0: MޥAbE:#|bܿ0I(L%Uu0FP5$[Qލ⯤J,p9te5T+us&I־MqOsK>;c{G)KAn$2VUT0ޠ[߆1H&HOց_=dXYh'Lrzhpc; yS'O^8Bhøx*zf:bLvjy΅aaoLjg(>ѰiɉFMdjq;H/4kLyԈ(l8`5{W xs$P ofzw0D&k;TVqЊJh\&a?<e++,w(udLHʯP#]AkCՓn?2^cDb^g0)oAZev SoQ6UpxvF-ڪwSiUX X&pz"뾈3&Day߈>aZVJafXÈv UVoY4H  ~uO& OJDspXjZg*a$;wۃXfRs('6sPR1nmow4,>4csfWs11q{沺&36B0A!PܯZfp$M S |F Ų1A~N옪QϤ`pCksӍZɄ 򨾰DP厣5W*P=8U#I}O1J-xЗ|Rږ00HRsZ+K_Qj` #vjkENદ, 7L5Z%..:1ѠfV#oyib{f\\lf_eLh@t׾B+.ǹ'B Q>r/EhM62d,,xG(NݮL&ib>TH,ܑe+Í ƘRD u1/zBWͮHő{>hx4ҕs"WsbqeBlxlY[B G^UsrU}j{i_>WG;.^=]< YsȊ3Drd%-0CLŭ)U 8EVMFee>kJlql[yɛQvWV` |%ΰ|0jS 3 tLv юW2֢ט0N#uLްNEZܸ-T)ןӖ +uK-''ęuLuGԎ~r!Psl@ _oN]o# nKّ~!R]ox QswHC^tK>H I>VkTa_g:NBͭǣH?t=xAre@V`[뎓XI+iYf#-k6c,:O$6{-xXJA.И}75dgB|@o;!!Rqh+?&tLV-Vjjb*@!V//fG@LUh8Jlr=6T=W"K uR<`ŵ$=tT`goss7(rU81|qsV CƨuaCs^HutaVsԽ:CrGuJ!ȲPČ t_D!s(ԭ6Q>Gsԗ.Vn~iojlS=*JgO~F ~4^UhV]g 0*ť6]ä7L߈DGGXў7yBFTjm!]e:Z"CZ3_ƣ bէ<9go!7cT a4]4 [+Vf0IM[?W@Rh?4ALdO ^ |oX|yϒs>B :~я!̅ L\ X 3B\dʂtaL>޵UcHQAy 1&z3 z~ҠOFo=X:+MBȩ)&*Pang͘1Z0[}<6؜}x"00lmjViKV,1EiROtzMzA9Ar\KvQ oT+ڧiԫChQ Qq˜М N:$BnU\8I ^9۵>mBt r &`;NjVUgKF `#n ?qWuL@࿢AǔȀįeeWBj!@ r_EGp@%4x|xe1Y,QAjE^ rgh1I cCfʡ"݆}^nmmw9ZX#-ce_#X?dIٹVf2 BT֞d'3+NR^cԢyy`{Sxtzdx>Z|#gE'U8aCۼ<dc,:[4p$*6VԹP4QȔt1QnӘZRɫ>hk=RPStþ_&>H}$H?,;5(ٗt!|0 W\U̯ =Az aWt׋pYkȱufk6^Ͻ3.Wj4ZV 2 _6sI'+s/:9C5HCqbGQ^|>~$7\!c߄]'FMB׫P,v,u[Bhw3+Uv̔uO-&T]We.<]zn$-&-?3W`,iĜ l@YUL^{b.%lu|V ~ <$U'= Ʌ )Gz2gDP3 ׬ z3sr:UpuN<a`s\BZpZGA2$6&Ͻ*B]NEi@"6=XFG{$! hDݢ$*t\'SG@?It`lG> ntj73BpJ{Jԗľb?#J({ξSB\?-r1N{M,/]o=k9}KVMĴKԟLQԡuIn? kt^@~wUnZnQe>n% l)|6{0eqIq|A]S`n/w>֤D'4].ܖGzL|/x{Doո&Z G9v8'`̃t2؃O=H}YE.et /s?8hhSi='X"ze6bj4[gј"'opIxptaˊb:ݞ6F'ݘA3F<<)M{ tvtmmKPGa)1[:'zD#YD%HYhInna'&HcԪϏ0̓wIGïeQq7W=9ޚ4"zအ$ I[!U4@>y]sǾS%[U*T爝)ZW(` m6@Mp%R %o-lruHCfAaw.FLA egLZw2 %

dj/yZJ T|»t'}bDb;E? q%" ¬?J_wm~7osrWt+/Ca"'tYsC syn֐TcO|N8uԙ8]vutߐ8wj/??RzDIkL +uGX:~=wkGp6Ф(#ួEn9xɟGh(RZHdTT6X6Ʀ*Ee*Us 2ku9$7ۧ3ǂ󵀛b[V?Ɩi|i<58aUs.<ݛ鵴zʫ&ZCPOMKx`K?6VMDi2Bs\pzջojHau CK4Au_e2UL!GvcH\}~n*M2Sǒ@ [Xu> 8fU6_=̘byCYFw%AqFڹfc1PmIkQn9tL5ye7&Fs/.JĶ kǔόq#C'L,ҿ*C LU ||zOQ`_ p;/[a0D q:$%CW|QxvS}46dcn\Zkl6qotП's3,++?#۰vPYj\z2]F'9j {~v|5#],hM .=%sX'sJn6H_VOe{(JEbC%dxzֆ]AD}7'Լc#A,]~8+W?b{ X*MTQk}9lșσ-Fs"sZaT:\F}s U7jD~ 5k,i';Ni'E,[G~۹>ZR \LjXm5ԮKֲ.yrNE5CYY\v#sKezZ|-3j;GmO{3͋x蔾P6d}КbGTjlN1;H[ z/t? ^VtK&V");ͫ +N]2ܽ SndAM6'}O1z,A/4;I9ri-ӊqUo\\Pk%]/OӜ.zz+Կ$XZr>gH&\ ڭbyJE}~^mcr)F˜k+XgP3{ξŹ=f6`5o45q_VW_m8BGB.[< ytA~oX;q% 6ʂ(:t EEI)^ȸQ l',7I}N s.9f[ s) %'#֚!:[WÔkقIJ\I_L-\v$gk$Z?뀛zk_]ɰ=㊠hu #[ U#[h[|Kp!2DF j^_ ~pj|:6 QTkL7 zyah~ɿ+[-'lHW.Q9xh>]~g)s OFCp_1 ÛtN"2l l Z7z1L]@4*Ϙ р9)l8HiJ/ȌqyzIRo-6^x}A $py Ϊ5[0eo.#gD ibHa5c_zw]0q{ރOLkxQ,,5”&˒تT{-Wag%i?,e}H-BqK%ugGS8Il;Nk-$`Qjj/e yH\> rHJuz^T/>{=Uechg&97jk;/2uztG+;"DGu`CV~Tl#d}M!QP,d(v/T`3ܧK%L"9yh57ފ9'(AuVsr(*b$AŸ=ڦp,s:răZ8{F|]GmB3I)iV;UpT&'=ai`:IvSӋ ~$$5 3p_Q/7qZ(vrP9ǣj)Z踄]. H@/Ң$){yBluA/mv$׻7m]ije7%{a wպDi ^R!7 [EQt?(bJ0zȚW|r{PkHVZtqq]3j]~/i_T /O&šW8vHcޓ?Xz +~T_bq= '&VD˱ qw(f*lo\[v2Lu9ՕM#іYId۟x]|Ha,H̨QYQoqf+a(FG8mڸAlW|$7Ϋ INfD|LL ]E6W7'sRD6_K}nMgN' UmK(tnl<)B]9qs HGȽb =Da4i>ڨ(#s_(63 9lŊ!7es\3B^ǏvFnLTq,֫V`xTV[ABZ/0wk9QSk˥<7*|f^xfrʢSlx%#rs,bIRB};ͳ}ݹQץveXYh#Q=W>:Ju^d#0oKroچ_:T#[vSmԅU9B(PHVǟd^=*4L&y{=fVo~@%3#Ӆ! M׮3F[b:EyŚzMAbdkƐe#[7lv[Vg'UY.o՚)(nNnărF0f08aqkݴS KT&z(Lu)];% R+\rDcrJnڡ˔ 뻕sft֮{7LMU=kTE81JDzk3'ͷtSوHl8hm;F]imмam AI4'c k*GE4y֠A.}PKT-H+:D Hz lv(}jf g6}^Hbwҳ˪Y_eicãC%BFhe8`v DsfA/RZxM w)0KFP3=xBtzKcӐũ2.%ǂZAWCdcq_ ;S8Z6cqFb,F}VchE#!=:6T>ב" bL t>d{-(C88 2 )*RGzv2%/Y2U:YRPKϭu ҩfE@{lz㆘Tng[Wͻ-#9#>H'blb^D[;Rk{ b6 My'RwyR䞾ngq0Fz %YC$yeʼAV7- 4 l]7O3Y0.oCq&oYr)x`$X&:)^/Q7oV']n57C4xC@mqx]E{sy FTD&%B-z<6-5LZ)WkjS\/irDHH#-p{W;pA!hy, buҡ(OvYra2#&fiYީ[?]h&R+Ў9K67bM}"mM}TX8VpPExUh5rR5_2_n| zxK.L\7"0%:Qp9tτ¬Qɦ[aKLZ9ۃa} rm[՜ հ|XݩXQ7XSXQ(/0LCkzDׁL2r@5;`0Pc :Rvm_ ztBa%Y/1AUNL&XXԾ,Gl"kY}EόX `u*wlpGu K{~d8}ΚlbB@ٙS"$` Nct</^)мQ{HۅI:3.%eCTG'`98%~(MMZ7' A8i"DyI[r!ԏN{\[j9&(zZy_ֈYT_g+ٯ9qI A7=/;9uó Z ?IfmG2C"j !QZḮb*\D ^FVXMe8>3@.$'z xB] })/tSVD}sk:}RBصUĪVm s?:?zL] O)/ӫ@bN* @m%_=vɂ=ohM֗ɉ倆7X^:EZ*|agK%?"٩bQBA6JXqX0Pv:|nUFvs:xLCsBۖ?}V.tRz0-0 "?V^dG"m@~06IQ:jkt' ~k/1{V9CV-Su#{+T1]̈́I]2邳y65R>oGI^H]JoMi3Aa-~"@]jEn3`}6G1j#oKڅ#8TsWa/2I\`NNv,M}ؓ*jTC}N﬏M)mH?4[0}Nܷڒ߇vSrQ3 b9|K/ M>HFv)WKV W6uH1֋(B<@4vBo Moj*jкfrT% 7δRF .S@dxARs $XZ*HxYg|瀾h!Ǝ`B܃/@AoHSz8K)oؓipmA$K%(ySO%Cyw,DvZjnKĠqѡ k$QpIF3.vlƍ+24. ,twRzAD+EH"%bԹHr9qf-|:(jX9= $JiᡟV ^qC=oڦR7IHm;zI"QaSlx x;(:XշW5GN'd?>ޓ$ oXFE*vJӊM!ۏvIΤYV+4tH16hbv>m&Nk.ݸ)0EymG[V!ׁhBxOvaEpK+(Ztwp{˼f 2dɍ1v\(jxmD@yk  ;j7&x(a뚩!tb@Gi&ه{q;(WW}5աTW_#O0fCymuQ^!.T8ds6)nr;H(Ĩ흩 jx]⧖96wVk;#{'-.n凔C?$;U_9[qL)C]J՘R$6]r@A~x-%wWChY0 e bKk ].;54CY.\@wXPBs/+*-ˢ39O/ *nj#2p\LAHJS m#͇aēʿ# U.7)AVxFV=ي5^4pVipPSqUCs1,`fJPA'r5l %+{jܒnVW&t&Cs> m17k|3%^׆ gM㐖7n DȪ%B޳[SR^B:r"T& 5܄gwWQ_1lי8WQzbH*Ƽ0e35K @36_ENP {xV :BD8X]rGWVO֮-!JMP?`BxGVӏ;(Ub.'Kє< w2Di.v Ec8C/&S#h/XZR󢤺Ѓri [[|wMP{ǻb谴FH%ڝ ݡ@ .yQ:9e{ep#ɧ@^a 83$M96e"?/j%oFk>b@4ٹZͪ,$ys0,ڢ`[JyеN|9$qO`}$.CV싟. AP43Ίp0"!`fw: :mZx-a8|C-GݰVN*^NF-kI aa-Fd-C/Ϸsr䞻djqh*o{dZQw5bcy_hj!_9Ŷh0!\H[oVctHźuiy.m/?|xi^$߽)?+J;(%B'ɳȈPPʦZgް٤y[d c u20c 󲉓Hs՗Ç~%I&v -{)ZƦk6F [b.D,k][Q %9(=tW-Y^%SZ5y=-gezAҤThLk1# rH5ڽ/|FDqRfy]lg%KUMW;X#s1ܶx -&%"cl7ֱq,ٽ`DA<7Ҝ˘{j%(m)W( G{ ]!Wt޾ғ(. v}er}BqQ\&_r#LOwL+Z&g$5؟_.MKӖˉuK*M[*|Z:")n7:˕54$~7uT19 !fKbw΋uc8gH79Px5yȰٷ_wu'GofdH-XK:L8E^)$WGd跥d`>tNJLV DZI,>F{|E}bU^F]/5^?* EÒzi+{b+]@6 LH{g0 $5C%B8%`3T XH #WCZp~> ;6̣o4X ڻŽR\"$vqTof~ɳI EΙLXZT)idg`dm>8^y_9^"t@MzHeDDYjh/wÕHFV'&Fg1u\Xa㔟gzBx- Nh7{"'q—<f8{?XC;咄(wl)q3 'sm߭D}Y%f{f~+>A{0h8wqNY3mV xm&d IQ֯OUPfҥ)R򯼭h(^:՞x`eB$%S]^X1M>c[Ǵ/ӂieBI,PpG{5؟$Kn%b &QmSG*iuuB֎ڧ!=P/dt)JSEGžQbr$oP1oBKNnb+X;c k).K%޼g=W]9oÏO  p"FƐLS `g4*7t7 O\ Tqf"8=iHᄒǼ`R͇p MFI5p5Rh˙E'[VUܒǖhȞ)E -$ͦALSYdw\g5m梮d-N9&  `Wk1,2d-dtZMC>B*ZLژ`+ay., l#)-~3/jQUV}`V*!aڕnsN莥ŧ[>KW"#ĝ%+FwaYqtƝaM2aOS KVlZ h`[T}6i`QTzc GeiO߫CNTE wlc[.V H G2=y|r7\a!G1wos0Vg"Oϙ}1G}s3} go6ܑN=[y(_[&΁_T8@]F`u2%ml۹Tw0AER@ e~v'T楬1rE;8^0"=)%Gpu5aC})/cKfwG9)BW[9Dk3=PA8iдe3lJ0^nQkIZ sgGF4z)]j:>)9gm:ϘpD RUԶqjH1 >' >b5ħU;'`|Ҹc7)JU<$8LiR<'5lUE{A !D-k}\R#2I! #z.+Q34 oq.;Es0sk% yz5ԩB$b0tVflRJ4 eZgR1 zdw-J>TmMӄ&Mٻ DbV0'DysζrP1䗩ggnx6,5KnFFs(*DcYtl 3X&<>s{2P6fDw)v[:E:?1:ZӫdeGO tVl"A[ QUx)|u5"?l Hu~GPdU>kj(j`=xs{]HԐ sgJ$!=9e/8Ýfɻ-˨ҡN6UX'1MQt͝?btN.$,Y`0cMXg~}hAk!Yh,2z9o 0Tɷ8sgww=b&\o;X yF]tJZk"y3l@F-9qW3Em.+VHZ7K3Űe+w@U-8w3>*Wy50~n-{Z6HMh1c' :FO9FAg^Xgխ"v IGhZmNZpc q:N~51_k\ en7~ZںYẌ́9ÞQ0Įa~D+Ҧe yS.[iC `BƓu?g~Kd}ZiU4Y\VN(G3`I:G4zc!@__zj,9il}$F! |7PW&l̡wJTfpʨM'ZjI,NCك"Uݤby4E~Q9_i"Y=]Qb)MZ$H7+5NaV@oZPv| 5[Ľm$s zv{vMXl#]Gl1~QE^ޠn&¶1~x /p!!n-_`]p:BCPr21L2yڠh~v߉=Zb3ŢGz1ۗ@*תaprBiZ&a%A0XI+~'?8#"$etc,*#֠YgMYTRVQvGRqT 0mFsZۿ[idyd9*rJd%I|Z!VQ.4U( hWB _hguNhNa [*_xd{_DP5xnokLaE9nd/~Mf \(4(`h3d(o~E]?[UaV-C)_HbylOeӨ8י1O1CPذtuI~ymŢ&$$AZN؁Q3^PC^)=W{}J:7vqSh" ^UDpn~FZY0 <\c?e)\nѝ31 Oj[_3`ʼnõ"V`>fͭf"9/j%g,u$^ZGޓ:fH_a:. }Kswy}L5.+Zv.:S*؄mX{v@,n_Tr`pG"5vZ)xb% 1YJ̫9ٱMq8LlN a= 6H!]GV]OseJg&]chP xR0[!;;Uhe2_DRJP2Ógv tG^g*`,J'T 1,6U&m=,t!u[vY%ѹV {K~.8ӏ6*gMk%?σ\ߞuVjɎt ]fߟOmrVnh%9pq"HO`%NimpIuz#)\0IO/,:GwQ{دL{=/gm\06EBAA;%nF] i>[+'Y,2+M.+Q blW#jЦŋf el z5E.ix'#=11hk/2yOhC$.zN תuin6UǑ:.V+5RO"Vq,n[T0ExNiמ̶'Gnq'{4؄IU43xཅr̢Y@h\b"96Q1%E\X^>+VC)xiJAObw(,pQ=6 Z#~ͯ~ sz^MC?Þ"$Zf](R&^٫_ߙEŞ.˛\I,X;[B]X$rwP`/wO.Czu~nZE}ZbcPf xHܹ̮hXc7'SA`UN(uB1 ׬EIAжېƩG UB?Hwe*>,F'v>Ԣ5,wd%.`_\[Jk.ȩ0͚c181OQ՞+"FpAo*>tse=XuaV{ݧ/d2wEHwޕoms zu#츨9"\2o&̚T*۟#t?f}y3YogC B16 8,cG~~Zuc#DzġN4r0o'񑯉=)S1KwG8F [E hZf-;βjC)v0rkȭ:U 0Uayz^QXoSMiF:[=-FW3MG8y*-Hݸ@ټQ2Ie=aH"V!al{!ʛ e:!SUŁ)hp>?6Ex:&53/ %v{]C!`u~ˋJ-/"vHjI~k1'hػ(8$Bh/1<'7`qjaw:N(N֌_X H &QG1v\71q$l!'0\ h@}ŋ*RHC1Ш^2J7qQ f;V u(ndRvEep׬s=q ڑWVӣyKp݁ ToCnVe˰7u UcܨHeHvʽ #"!~ y~ _5$+F%/oc1fɑ0nzSbOW ð' dVmurf<x)wr[b/8ocdsDN3杸ߗF a#)PY&񉱫=ܰG})a]a^U7pVG 0C0,=VWD$UǵP0(se0:ej A3 vjNt$MZ&F,'Rќz٦TOr5%IJy0e]KEdENJ:XMh\CA}ڃEKڅo'`JE٧>w5UmM8O{7YM<]{-mO>O@8oX*Bl'%bXSʥVDKhC!}tKF vJ5\-HESUBCVAIךֺ-!Od0U!3IUG)-)}a'ߋlxHq.s4D EZ i~irXϾhPR[ #!<<7[r P,0k+B6f8xt6Wow*Un^IaqbUrlJha{&'0#vZq@bKP"hPRwtAx\pL:af5kP-aTYm6O| vhcc%,AZߒÁ)+~r_[RZD3%YB͗~h>*xU rŦ`*yk~3/%Kcc ]17Ítt~TyVݔJf'plyf`JOc(AeK ?jene<к*tt$$ (gOy&E ([e@O8}g%8]%+HT`]FxŜ#szY|qSL))itˆ´:cvNvzLM!GԜgmYA':nO1Z֬!SBDmY:qI{U}RW윺bv)%V_8_ּ͠ Nsj])/v񌘶y{xW5J) `!jDˊI'EVڹ0Rm~(K}xBQw9g^ʥ풔xPPIq2yvEj#d֤Mtwk-XUh(czw0e&Ĕ|u:js1? ed~,wDR-dϓ/Ϣ2[P ;gteF VHda7ꮘ._Gh),kÎṯcҋMZPT;hư@iSu`NT̠+aM 45 L@p^XήI@fݧJ#T>& t$>V4ފTb_|%==7 ?TA:3 0b hK%[ sB]bfc\3TbҀ38˶ܹ==`!q SRCZ6fQ-Qm}e'+øe[ _KwG?EܕI^w w\.KA^U7t-(Ru&;'G_Zwo#VAUp3_i=ƽ(cawx.,Crmz7+ T Cgwh~$Ѕ]"N8±UJ`.'304&~nO\qq>z:jJ,˽0]~=ؤ˟  8쫇@;6?BsQ}U4D툩(CETTpUa}nb.ar!W`e}d s2$3 eUMsN$4pk$ mm$$1V+&ojt ~M,K^ue-؛^IDR3uۧ!:"iVgضOtXvi]zNU+a=2[_9,e)hYѾb{Ji,"*vj1[ PLq% "vR"+`mR6\Uʿ\o^EA.kۼ3:P,,O}I ;hn0*m0z:,(O'uop[ \RZo3([nYZLMn?m8k]|&Utr5-(>dvmHi#'\Nַ~8 ʺvF}B*4`kى'd;A+_獊ܻ Lw١]lUq A 4 W_ vf.N|tyH H+.QgM\Wˬjj_!i :}}c?ZY ßp:F4z)@bnxRm|0afV*'q1z3}a#:Wref"ݲ,gj/U 9}D_xК1Ĕ?jlA3mVбx?<2mN2%mOrkEru4J䐦QsKȩ HIO_5CɊ3ҳ׫_U XVzq9Kz-+$~z"S 1lk |_PX ThhYv\))"T:6PbwҺbG} &(9Ѻ8D^Kp(b`Q-*r; e!^Q㨶PUe5 stA=Q0 vrJ|(N?LX`٣oQbBsB$.:79 [70#em|sG/DƇ3(ikRg7{żFB2oy2iY՚ZB.opմjE`1f ǝ*L-Z\)  n9B@A!pJC''q]>jzw=8B&u:ToƵi#R= hEhZQ0~<AZ5a:2&jJC{~]a$CznQ4'ZNSO%<{w51BJG y}5WXBHsоuN i"@/ĥXҘ8.% i9j) uBW Rs-eu>/* >`!UBD%^UId%|5=S = {Cd{"rF.Ι?b HpcZ LkR9en 0RIZ4K/c,{\aAngմnI6a<\PĐL=*`qabHdZVOpZsYi H)=˷FHAFYB 'u]w<]'EOгI L?u.}t\Nxoa#[U >V%ҙ ! ҧ[$*=W@wf zˢ 90u6"2o9V@A=C|pJ쨹b0ecPff9LF% "H Sos-{k(3~ ՛|ږNCwˑSE}tꏤj0q?2Ze/6z]ܞHk8a|$tR@9%BW d;zMƃTTq.&`s=8E%CT | Rd90wR&,M2 $KWbɑK w7OK>/4VމCb\o=ZEŲ 1sj36^|+џ$ Iv=ai!b=5֬D׾*4[P>:mdC7(@+ŕTȃӼ[9kF=eHn1Yށ,^z=ir7>q*Ό?|ؕ;L:ZIJe_N:L3 w'IHR~Wl4mͼaƒ6X&9GHnWx в{<꾮+$Q $ʒHۺ 2J|DCt0X aZ(yNeNA38앵#3B$Z t0ʜJ2Ÿ=:ŚITth] v`Y$]s 8G$#HyRBM{ դҴP%ԥOtdo0] Dʽߖf&y7'yZ&I4 B Uk"zӸpʲ%dYQ'ފW JT>b,\:oH۫r$D-Yty$?j]ڎ1!pKu0n ~'me-`- - lR4 &bCBp$ӾtWG!{?;[G}ɩf1Ўv:}j@A"+0y|ˤNi'I!YZ)rK<(IBql^^Y< ɺ}yrós|;.a]e|RFݦ%M`TKI_ 0tO6l~1 , 8a+)(j}KIPigz Ӎ㚠8zD}L-;n&D*3lۇjIJ8j|bmչjXx8"{&C;Fgf7U6}XjzX(pQig$v3ð_Hm-Z{(>Q^':FΫ]z2+nnO,e3,{U.Iu|q<"×cAAZ3ڼp>_cXJؾQ48 $iIo?lD$' 3BO1'Ũdc g_& KI_84BPc柔*t3XJ7dB  Uv!n% uFUBXI,'~y'./pqq&9O=1[Tb99, ;~nJp}o܃Gڪ߿0LZTqL6f)gO aB!>LC!P6J>c75.oX.yi!iȗYglLGjy?Tdր00GwRPoe╄1xڋN9t"mtePq-gUqc̀J9(&"U;فy|n%CSm+ND"]/'sϛNo(4ü4aL[C]@%:x+cuн|#6`E{!j1\GC'i+ųH77 &;]^JHRp|F>=b||NZ&ܜāVtFgc; Y@ O%S ѿI J lE\f?/8B;vR30T̼U8soXVK?f`t+`d:w[(!Lvaf.(ŀ8-ʊ(1Q`[?c"paxZgiUv% 3[J.m1V? /&8CJ(=wjtn )݌`3t#U s2C/_ɯ]t[B#3KVxC=+’@ɈIsv-Џ }7 9ݖ˄BU;6)אTƸH-bp)5Bf56󁩘ïǖpѣ1SОPb\T&t9Uۤ6=znoՁś/VF(K PFw힘j9`\^)}n Co(+$^!8]Rl;z }wҡfBrg;[,Rӌޒof{?>U90:?ka:mnAצ%)W eb\ ۶92B(*,vx~ 0qibk~VaJq*8omB;W$e둲 5Pol(v`N.k{M]93ʔPgfڙۮTP^ҦDfpPW7FOr?]0 cg|$*в$:k 622Vx`eo3B(O+I. 8:<'~$(ey} u#JEۻ=58$en-M|D J:/}5q}Uڷ9NSբ:D:4nr D@__!$pJm"SŗTH FuC cn(+?[Kv qGz zKӗanI[SoἘJ ;yy&"]lӛf޿5Jrn Ǫbۙݼ28ĩ R:|3|z(H+OfU]-%"t'PhhC.F]oeA3{[Cv֮i-W Xp `^=jJѨC 1DfaV=!xT*H%掲Q(XћVJXDf!=׸vf.<|N'E{^dJFז^g, ;8'tbTqW9x6c~coq9oIzmn4q4J!p ?Ǧn  ?!8S\&}\эiSuע|"*0w$݀/[Z} OfT=lYkL!{R"Mw:61~RivV ,T ,E0/+R4/z4kb.6G:stv//º5o*;#K&,iX,h,^ A qՃ`g*`‚Dӭݡ;_MC~^qSh)`5dj]ʅg}e/ͼoX h0Gtת^OX` eX7@v|+V[gOhsqnKfŽ.g<`T&^_O؂#dܺMUo 瞥7 z=l,3Q," g*:;R*mk j<BJ%8F^tkƉ,SKl)n.Ju!T͒j0THE 4)hVZM eaY6YRqtO#K LR5CRZ2U@ޝhԫp>Mi%9W˰ṉm[>BS9m;)j嚊1RYb^ PY8,⛸[Sm!;Ԟ{W 8g ,id%5aLTg*|:r -DZ`vT7u 8q ;I%}޸ɯl-i#c[i#JwgWV>B(P2:hp]¹5 q%&SqGF! g_'(`:Ureg-&!D|mkpe],s*Sί]:L18:E ]jܿbHEQt%Ёބv6 WQ'}&Y>Zp';z\?#`g(yzD$[#6vHR!{eh7kM;(yVZ6Mj;z *Le֟Xtq9]b (V>Kd@ʆUS{7E)ʾYOY٠2}V7h.`z׀MMlgKq?r_=?{%Ԉŕ Zf&Xk_XemKfq'\VH H$^=#?OtVowo{'d"5EÞg a 1IH ]k|y` hӛB \*UY$Ew4K㔅!8<7+A]!DNng_\9b 1DvGaVJ>JZ2Ey.wDsB]ܓIJ=kLۏ;]} +V ="C;YbdܬJ@CEP,+ooD~S /?hw3`6<:׹\ziB`&Č%(R $K8ч7ExՓ7%s:^N %hE&\3pJS65bd)r7t),ȝMv&StSndXоU_}Fd3Kp}eRU9p܍WB["xHjhK5;yx,QFJY9fɰ{uRԹ [z>řENȭW^A~jlkF>MJ^Q[3:|.>'0w^1Ú0VdbhtLc=ZD"8I/L=c?^IeBa qdỲ)7Ȣl̰`!ٵ2nU:rn&h UIPRt\×`5gO _)MDu/s..TDht\k孞,UBDlO:Q(xn)'nbr(`C6붟f?6S4w#_ !~geYw4Jÿ,VOAkӕ= Qݭyƶ. dԀyiN`c8> J>،al 71/HgSEdʟ~ 'SYƔw p;>k*y.YݥK"5B@|lk>7,˕AĮ*zm}+]+6͑EZRêc`dNS}n q*%UUqn/EVIXBT~P"0llF$4t33U@TDi ˌ1vOS_˥=\ `La4*jC=8R9jo"lFa/C [3ڛ-WcÐU~ZǤ#] ^m՟]Dt7c"n#LLxΌA(ik[x(@N4H8Dw,tr}#5,WZ2Q{jO' e1|)x–N݌r6jdx_$/e;zT?oRXф}+Gf|#hB\㚾%8;t+Ly%SM4{tyN&ȎZחĚ$2bF<9 o \yNYȘF YM'Kȶzf\mzb1ʂ`&q'7TZ9Z&4F\*"3@5>ߠ{Hz,U pb .^H2N=}W5ٕgl\8ch@J'Zr%ϏZ̷gO+>(M ^_E>%{[`SxlzECk5~7)Hh<{N .y"_mZtӃgyD8_F+rKGDU\ڕl.7-!Oa@Ҟo􉳒~C`L](Ԑ8wAKCVh'={9AĒ~VZ1Zq;I5-b|w\n&R) me% x":OEGn{jӏI$e"DdE :b/U_uZsE׉6 j,U[ 5Hn$4;ۿ)18>\&8O]L#Wyǵ&r)ZS [~R(~n`|G$M.d\WfZf+ҙqvXp@Y$+[@!raokTuI$A߭x۩c<Rc*//3\T狟#:2x;`:A_Ai;i8 3D#;ҧ5J<ܠn_ܯ+_?WJG6(Nz2iW*xÎ%~5}`B$ b<J&D^ ؋hyj/Tr sX ϟNc9U1wlew+{Mc}B:3b-&_̓V,n7׌um!Oy 5ocװZ+L2 DUwCōJ;IiQ^[28IƧa=O=#L-"#( Hplv.^ė wl7Ia'}ȟj2rȧd4;5('}Xf qd,Y.Vh{%`6V%Е:$wvWbaavGnpKV-yRDo#B+Z\$j'"ٱ/5AAW6x$[ edo/BC=+|?c7 78 wxޢ3ZL>>9l,xiAO봕?c%%.Tj[ZKmB@DBIƶ'4֖$\aY80>nu}åf=nYݏk/oOO0VӉuVg eM 8jMo_{)Q0 YЖ\8 t $&u}҆h+u ˜)I^liz2hP dV%\)4qNڦl$!$jRh{Y7q``ʈ\J+f0ki Ɨ/6k:83\OƂ#]8҇O" :"f >2*8}kШor.8>KK]@\Yط;Ҧپ:QuܵΙdoy3 G#%Pt@]8tdbB"{)g+{sRf,8Ƅy5pvḙύt@kG;5h)Si^wp~EZI#ܙ(_ß29t1nxh!_Ug8b E"22j&7'C-UuWGzABP|hK`qwrx]6²ʃozkósR|!>^F@tmqqB8TbR8X }w$#3z&B)ߌp d ,ĤqWrVD^Tx[" „^㟎[B♏_;0Q!67\1$C,x<(I93"VI3:*$f>"Jz}ն"ۂx|jq$g{3*ճ{IߑU/Tq"mv/φ_@Ar/'V t&8@esO[ S|\G(?y\=;>(gRJJX AV?IK)_E^c]k@W}DCm\#Ÿ̍l#a$KL?ϩvH_3o}.%l ʆNчq'H?\ &Ӟ\<^J}(ahQe(ޅ@)~Fz5_ Wn4^.FG0Tj?ΞG$#?Ǟٺ8(rzdVj *u2I08=vɼ0c]{!?;m_˵`9;ZYgdpӀaݡ+l§G_L7? UR[*[ @$m~!/1K.^Pz ePݙUo>;$iзꎼFww.x?48O9o(mnbXg/7/u t?7Ԓ|!REʽ$G 1 a4?]@\tn^qF ?!Ses.`wwՍaG4ĬV*z嶫xn (m(ɅT>W b!4~EeD >npO+kM fi1Wd{u] ^4cܕD穵)--IhiCW)),NR@YԆ!z;S2 P#Bc6\'CC~DSIEt1Vodr O$ #vR)⧶cDe2Kg\Tn1y ǸjyʷibWۀRQÄ@Pʪ-CؕcA܁ʸb{E)=P,ѵ$b ]ܦIYx&kzoj "`>Xq^ۈbb]hf81*VQ,A^'~XUB+WP03;.7NNU~IoH0=F\ RbUմƺ[q9/ 3FNbxWGeH Mں4: X"!+2.Áv,y$-& &# 6(\$|o 2p ]%X;!pΐ8 $Gs~x7x:i#= >MR):pQkCQx/, $&/r1щϬu5 _&vM@HI,WzX4dB1-IƱ.6pbꔒwp$!-V ZLO;[kYau}c1jz>~rCVrFȩuOةU{CKst Rv=v=Ͷ ٤Qr+sΈ:>Ոff[cڳRǮ4pG.s(̫}Y?+Pj4);p S-V}'𝖫I"Uou7Q=3 M082kTί#T){1,:bHKQVkcv+۱@hUY/ٚI5n؍wt,΅CH uvQn.W9X~Ha5![fK,b p15{4e)]=͌Jt7Tó.cſ– ,Lq(jFjoJĢM먵uoIy뀴4'EA!3N]V.'myY{  m3|߯<6̧PB*jiLadăy}kАUyF6jdnhGGW"U:w[]rAetN}_ FcξY{kcoCnWE-(*WfZY{MNcLnH7oBlp.M72\ ju+ (B3nZY?dŃ#fqD<ʤ*#B&VؤDJ ]8hsNzptH4f XA ye# !:\ Zѕ"tk;w UN#"RC2-ZC,&)sf$fK;!F.6|qJ=바 U f dalj~曉f`Ǡbld%R`PXïK_Gw)eJ_. iA(C^8_y<34XW0*Cv p91<V|ҨEc }UxhPfc\b)(e(+|_49d3k8F(5t%6Sx,̹+."rK;Ȣ K긘m6uETZ o ~2&"so qM9{zpKD\ $ȤBL*/:z&. P/ Os*eȃXh՟7?b'w٣B~џA` -F:<Mą.mʫ(t`tS^!Gll,C |2 y/팁VKb:y1ra\w>G(7Sx 7+YѲ:NɒLc\>+cεZt^ H-}=&|EA cN28֍xNL4eju'd#Fd ![ ƩN%Bd,JQh87-c Ñu299h SKN)4o\VMds8y=o7Ґ~&0 5 gʜ>Yw}Yv@Yɫ.8_d xCH[[np*OI}gLP?5v~ Xu2ŏ)9+֎quU?%VHDt7,Iy*zBܪ2Xzݞ(gTz_@wjr}(E>r,BfV  r;mä# !ܦY`vx˱LyzB5)E.q+n[2 !Y6WJ"QBй6Hdz2')}ۭKqV)1rEu2HxӳV gd67YQ꾌E:\fU7Twy7yΘ#pj3fH-1ŷB,GКnk) f(Ҏ&#5 tBh٠FzJht*˚k\"K\7g=׹Sz"L}!ʍdY$]LSO*-l;)()7ܝ(k}TΜ'.;xL\zzL:u/軺#SMNr67vgxh BH޼0E[V+2:@}Yl+̏%Bd5ߴٛP0T̢?z' 8OH'83^O dhυq.0;|o®tq2}qYd]< W.꿪~B&iG|냭Y.ws+]V2\aQA_?TIFW탃6xktBbqЏa -U+ H(83C>27 uaҩ1=YKn\c5G܂ `I c;NOqL2J̱r\>p,]"P[]#iO6aچ<͠/5a"óz#a֗k%)F8O<ѨPm7.2'-"t(N7ԁȣnrH8CaL8 } W' Rn7ПFoB]^(gy~4($EnnN6L+DN=EgP]G5RgĨV{?jBT瞪:+qop7+nGNfyŷj/rA*?U5!lUWŦ;c_? h16O2PB5ب5AFBz^g#ComnP޼~P" )\;FEemÏ:4m;k?B.FQA,awaDzB5׼\jџzT\cZ[30DӱM ,ɷPeon2p}k9z- *+g^vN4WnD>k<ւ5J.QX * 1OT7jjG ;OJgZ[`R|H(("h/{NJ&6L?}ηS ~Hi{ճ_8*1-5[ѰkRf!%31vj<8vl|cr%穃"N|od@KnFoΥ%4˲^@k^*Ytl;32eI(nw;j5k=gx lU݄qۙXdG[1c+]1HTu5ӘىʕIWe 1OH{eh'dٟNܹ1aM,íQc /neQc29ub *D7uf@Gj,5eY'A ™_cܝ)BV 9`HNK'rDzŁK/)@a2y@ Bj>tp034wzԋ=6ްp^wk)8]j7֩W1edƭ`Я+8xp.=*OGtjwy}fހVPv lY ΏcSmF(k -st|^^D",!EOɸ_2aZr#ʁ&qIRY<ƨqY,87̃ UاJM Q^ɩ{N?`vI$.k!)lQMUi8",k3~fv/&QIlk4Wju{|2w(2yXᆕq  {B\TO5B>^a["!y]=4ۤtcܺ!w̾LZj9[֠~ "H<1оTWđУm+zgy_rD`( =#?9{ j?O& DJBn_g NJyl`X[ \X7`MzC9#jғJ'Z&ѫޣeL%ʡ\QFuؤ/hF9$yDBÁttD$g]'ɎC߻}%DfEiSl7nh2D#/x0ͫ8m-с[!v[>!"!}NJ3 yykiU|wZg x?_4.7N$p<Ѽ&1h#bW͡VӪځ5t}, 9ţlX25EMv`R@#co,3BKIYq<+ht<5W1΢ f{Č~Av@gy/S20A_dE{T ~I\XD.łcvDV_q>f=:OV G RSq瘼nwv`afoCɪ#n] FJyO$}4;C @ϓ7ݯ B #msnm*FTH܊#Abbh"uE>xK K IVӥKRU9%ފO~ˌY}*-g(ySti]CQYϥ_!JH Q{,w OWfZD$d( Ks-:1q"-5&sZ(^Ԓ;GqXܭ:b 3S ju}= +S ɴt*Sp B壞 P؃d:bJ6K"%j2&Nt)8VI탸zRi+@7g6|iUoT`Y-S'&Ipu\D]V R _f1 ZP`c FeIﴉǸ 3FOY$ځI2{=,i?BK~Bb}H1xwՕSk -l YHID]pɭK/&  .RB "8WFN,ׂn`)Q×q 3CYcGMP᰻r ?|PєN宪DK “<^xRle3 ӓS3qCn:4T!7Q${HNC6>#֤qt܍n'eJ"%~m|wJo_fKvϕR!>rMCJ%_,?.p >~b3R cIaÁvp\ SE"^ /|sݮi rRGF}44ʿ ͉Kjg6\80y8F&m5n7n dҠIju˕=;onIW|~FEJ\\4gpm4T %F{߲XrZ7dvsC#$LkQg'6j~Zq. n (,ʢ%+$ҡ`@Ù QD IO d[;c]3!GrUl~A]%cE6!XPt+j8ffGAa}^`L_z[8N fi=#iFZ!LzuJЕ *x0p~0b+BU+aJ!eH76g~/9;iM+3:hk`Nn6h[[oHp5ީ8l.φ f{xdy2.r27_kE8NcYg6p2JSwkXj^b Ds, HPrb$ ԍ.C ueu h#"ՠ*9-#  ~-Bhnb1Z &Η"10mFy+O`)g^[⭑ !~ת42wbP.Q>,bM \kyT#!HL%FCI!v.[ŋʔeSpRT R'j;"FzvwoS*y;72= ΀P5-L#[ћGE/iz(wNRl gNsK2gqν ;~+^hB$\%RVM*]8Ƃ(zaY.Z{!"lK9Z8(B#F^F <|KRv4aoc1;رn$P rt33f ߼s:ȳH\Yb 6:./.iԊ9Im ^7_~qmr.|銷gEPe;lRH GW󮅌é:*ާgZ 6 vte ) I`X4R3"-t6+s_XP|b.5gOHv&F&+PĠ'0ynvPXEAK㣤*?S 䡉t&2dmD,7ĠIlf4F8Oit%oOXڰcF17kf>DǾW|H$Ky3@ ɮXLKVvkCw(kYgTHqepx$$1Dx8҆:h.ag9n@}?iؖ(b$ul;絝VW_%@1 Z]9q2n\I 3OVw#jM}ÑeFj,u;-'BzQ UAZHQx\-\R0]艷>[ʤ+ck۝g;u#/EbX\Te\x4c'Liz |_Tvnhj :F^ˆӴź\~p h1{T'1ZN,7ޡo38CtDCo#k #*NXG}9$Dj{D _U \f9tgGiQx5 LRmIՑ]<7!# s{ĉ{jS2Z*,Y[[|)+ɀ4D9PL1S ~Cf pcUU¡{&eXnɢЊf@91J@nJlYO|0Veɝq9Sl}>bи'\yn #g?;Bcy矘4cdXkOg"yVĔod5`Hz,CP#o'yJ5X^Vy_Q #8 HiZ{eVNnRǡmoZw~ڿ)n?<#p!<+>&;";P0c{:P3R[U)d|˾!~yI/rwY@]bӻIƎ\ϴaCZ~ P/%v'W/o8D&Q3$-1qϓ㬟I\/_QMå~dhzoMԻ5Lh.=#.7 ݈9jypH|燜&l7TFIGEj-]@}+2fw1P>!&9M. >/.@+CF+ џaCtKI(ߩuѼ@zLC ^ڂ^$''?ie5^Iogd _EPdW A _qׅ)"Za/ugi#fR@sDt}2}B8}1vG)04K0%S0!]QeL G,2}TNEdP E=ƭ;k `-`)x٣j! %+{: 6h.O) 1-DQ+@#ziL^,={.MN@|i O!Gǃ1CIWSyt[^Ze=ae%RƝ@H8Rg:?$Vk {R7‹E!<˟)Kv5ET>|J#gBiv3HB: j`Ydiܒ`P`rQDX0&ڃab#(#d 'y{WS̟hc z5>ƝgUԆZKiT^b\j3ꊪȲcT64O!rSmƪ(d-L+q [s]yʳ{?&`XURq~iPѕsr)"pʠMGJ uGܓV)D[jl W lՀrc<`z|WBedhڣ2!0_CH\N׌A#k4;81I{p DkU z ט|+xxa/q̰d9>uAjq |pqN!>iTDu,sLR;yvZ]g LU$C>#[WQyNl\@8N)/rɌ\ng#z|h4@sic )&3O2R쥪rh8ŵX 6V ?2 9C8;Jm8Hr럖=#*쫪g ʠpNŰE}~!NݎinT< ŪC+|.A/Dx*-ںNVQ֙3դeFsWX-bwu*xjLC9N}̧42ՇWװm,OCѢL aHSdS@LL" <,>6޽$ԣayG0.Bp;tU!F-^bp&u%{2-'L,U)!ڌ1ԋ TC IpKE<}W {0׉iSGK5gm]ߍ20Qy [Y(.}->b .6=0~" /&2Y>CLcH^{,mN'6d)KAeyB& j$H{\5+=ddl ښgߩ襙myb)}͈6gt 4@pNBR;1J Q;Mx=rEhi.vQέ LY/iԻgA>0hc|d5/'ro5(nF+)?C#H4M@CAl#v9~Z@QM(Vqj.EsHL3b !_%-"敉KCt>U,Ȋ .CԎTƎ(;DZ@&LFiߑl0zZ\ 6E:eMwԒP( !.۱ts$!C (\FTteL4 lⲨd -^i]4O8䏐0f5ؒn@3_otR^7:n࢛Pz9b9/e!K/@ JybxhxPDke~sa&K y;)wR6d)[kÖJUy"rF˹Lݬ:TLiyXo%e DsaH-X6-;50lG) 8& +Ɏ%kzLɢ8wg;Ɩ\q񦵻\ ^T`/j[೐s{97fC 1¿?C?;j0#T뷬PXz0LOHӤ%r2^-8QuTL^i)̽x9tE5-ԛťH 4ejZMr焐 FFi xƘ3j n'KZ /1p6kV6PZ: H.;tzg<SizR R0TexB=1h:νSkQblQ9 2@"ZFXH̎** (-oL;r_iO6H cʝӃX;j؅̹FY@91`: Vޮ܇EM?Wy|娈oSV粝j2Rٝ6Q(0bL(v ZWdpSMoc~rÚX K*k*_ fK'5p0q&2΀G):i\6>M=F+P`*V^dԃ0fXh(<,*eZ9]2H+lu3ǡ/ǷhA_Ua5MWu:R?[ϥ-nr*I>[٪AɈ8j.fe>W(?㯻.E]ayn5b$hݵ@|+.f0*Z|T!E&s^/:5sDyj4lUЈ6*-6\N ޳p!PKNܫM"E_#'쾳MtFaC3+SMJ/L#.=);1*9Fu>X beͳY,n᝿(;NrX38Pe*te97= qvf,Z)cƶ1|wi[7R-"*[G7D)Nn酪ۧgڶg Q h-m;L&<8***jXܞ232H66܉CKoۣEPsZxtFMg%ihNIK4i$o!=Wmΐ7N'-VbsH4SBޓax;50TZlySS"Z+ZJ@Xtk椡,2BR6xE? q~BA?090lCHd&h@51U̔O?J7*-72Ɩ&c@t8 Cwݾ͸ gr #I >EYH u ][KB]8En)Fŕ6~Dpv!]F|~|" H]ݸkj7/Ya>ha}o !]cCV\yUN2 G w&@B⪸;ᢌT*K,YPߋV)n }8(o2! vdN-7=zbg;L 5&-DyؠE-RI[ߧ㘒ƻφ1Tq[$LC OcaA~_!E2|$g|?(P.2Z ԥ;Ꙉ|}L?ye0 73MmFKǙJaz(k[ǹ$N;^=CNpö+yP'sO%6Ho/˞q8Nj|PeC3DaM~ށr&ʞ.gEeXJ3lH{j0o(^Ԁ?!BysVzخ>uǾa]f^AJbBfAْ'q>ɠKPOHΈAr#O]!wj팀6ld0ц7^w"z7%r1G(o9v1W 7)^RUauJxNrvs [}p-Wo|a..,g.v%Tt +=E.Ee~cm{r$RX^$+)S,zEu=C6xͩv)F/ 胓9,FbɡzOgxMñtR:ߍ6v\K?NdWI NS,*JRSs~޶ CW U&3=3.Wx'Rx6}Ь h~6 2R5:LI`z э9Wh_ޢ/O!-ɃWD锦a C\\sJVϴOy6`r`A3d_淪q׍`!` 2?! %8Crǐc+'%6[ShPE}8R ?q1'X ӎ=f+6;.ؙs!,]l/7At$H>emYHsP: Ɲ fƕxFI8~0w@ídd&5.wEKHc%6@Bw*%$"ɐv1ڍ^ Y{ͺT|l=!dQ sdڤưPO'a֘ĩb YZ