mosquitto-2.0.20-bp156.2.3.1<>,g'`I%z VtԹ:ZZIS;ػ*׊\b\VIZyP]RCpaGݮ.͎%Tv7F 8Ê\/Dؼ;&U8Hp^{M~ x5)9\\%$#ufXMЖ']EmFRZb<2ot9m42ma3;+(3rU2uV6U*} A쳓0:F $`8YBV~Y_ ,1{kBZv3,fNORv[Ȱ ^=.ºڂPJa-⾦bni ( 4OZ"Q&w`&$0vE qUv]h(ɴC*Jk)T֧e] ˊ fiG.­oҤTIsX}l~jwq(\Y1"9ti-i MEě3ghEA8򖙪(>L]d?]Td   9tx    LTT DT T <T "T #,T$|T&%T((,T)|)*@-(-J8-T?9.P?:4?=CH>CP?CX@C`FChGCTHDTIF$TXFxYF\FT]HT^L"bQcQdRaeRffRilRkuRTvSwYxTxZTy\)z\\\\\\\]]]]PCmosquitto2.0.20bp156.2.3.1A MQTT v3.1/v3.1.1 BrokerMosquitto is a message broker that implements the MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors or mobile devices such as phones, embedded computers or microcontrollers like the Arduino. A good example of this is all of the work that Andy Stanford-Clark (one of the originators of MQTT) has done in home monitoring and automation with his twittering house and twittering ferry.g'`obs-power9-10lSUSE Linux Enterprise 15openSUSEEPL-1.0http://bugs.opensuse.orgProductivity/Networking/Otherhttps://mosquitto.org/linuxppc64le if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in mosquitto.service ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fi /usr/sbin/sysusers2shadow mosquitto-user.conf <<"EOF" || [ -f /.buildenv ] u mosquitto - "MQTT Broker" /var/lib/mosquitto - EOF if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in mosquitto.service ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable mosquitto.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop mosquitto.service ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ $1 -eq 0 ]; then # Package removal for service in mosquitto.service ; do sysv_service="${service%.*}" rm -f "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart mosquitto.service ) || : fi fiAIcHP]h HJ$  ~+GEu 06"WS' & 'y5c 7u!EGk -AA큤A聠A큤A큤A큤큤A큤AA큤A큤A큤A큤A큤AA큤AA큤A큤A큤A큤A큤Ag'`g'`g'`g'`g'`g*g'`g'`g'`g'`g'`g'`g'`}g*g*g'`g'`g'`g'`g'`g'`g'`g'`g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g*g'`}g'`}g'`g*g*g*g*g*g*g*g*g*g*g'`0a01a95c7b67e9e81c2c31f285cd0f81915d863fa1652c13cefcd854c69cdcdb33d648f941c0fd0fad5d874396192af21d398da0e505858564c332327cbeed66dea34f98b5b2d1eb72c566c691b7e70ab1683df5ae37230613cb6d1af52ecbed9817034f6fc16b96721b51687a010883fe6bd4f920d3e56d7d57529e6312254d107814dcfd6c79003ca7f379f25ba882c70fb719ec5a7716cc1971f9768fc925f977924d2581a8cc1244ccc2ddfdd725737cf767b56f3df7dcfff711137ddd51e24a4badba90d6cc60429da2fbf19e4b5fa17050340a5af9c66391625fc65957f8e6c377ada750e97cbd354f56410d5d0e2bbf1a14dd77403e289d9a42970c5cc6d5f6ed55ce07a25a437921f16ed0f2bfab347e61bbe3f74f046ff18eb1bc7759a9614887076604fa71f94938a3b016b3cf7b35cd9d7d818621c87ec2d5def40bbb9b5c19996563c070cf07c8694885ca25c77c2f6da77b3dc4326127781dbdccaba7db41424b7f685429999eaadb6a0678067effb94e41d32f742d0fc50f4bc217f5a6ab6018675c21e2953fa0e3cef4be8f68c8d2f48c4fd7222f23d81cee74d274190f836b39c3ff7a205b37f0a91e5ce68b90f7904dadeb03785541c7365643840b3d60ea0e50b4f29804e6b926c0063ac65457583c3f94bfe7793e5619417832c37b550afa02e9da113c775448f059fcd1a0f04af56d863ceec065d381ecb9353562824edbfd2b886c94b4a23bd3e470df1e3533edc287d3f9590d2322652dabaa24650595baf0d32418bab62e9587e25b5b6596111386fc0a1f2debcedea34f98b5b2d1eb72c566c691b7e70ab1683df5ae37230613cb6d1af52ecbed11e2deeb45c23b373d1649f11a52c5adbc96585d857a84c2a2f589b810b886d9a955d26a1b03f870f8b5501a73072db0796766cfb400da08727264a393cf9e4a74183603ef0493d8d78ad2420726cce1948ae346e1e81ca3e9157be8d775fe050eededa4939ad34cce191e5bfda14cec2b814a3ad724d43e8bbef01f43e953cad8da4e9579256c3b1e78e6e6aea885a3aa588a3000461d5daa0eb5e3d0653e2c492d4173d1bb2a71087e4cb9a04bdcd293e7465f76a9d9c2af2aaf4c4249359085bb133707b0b3b256c15d85236bf0144d3c36b63064420d9b6983aed3247d96021d5040e46dbf227d1219569effcfc4425d964404f01808f136132a11a925cf249ecb1c932662f4403e90b1bad1e8a1af29744b1e4ae422ccedd59ab74743eac440058c672fd5eb4d42c6541ddf47aeda36cbdab6145f147f8e036819bc0b7dc549f697ef7e04d387a0fc7d6c6ce713aa22d7a8afea2f4b26a52ee8def2e00bb89f155ed6356dc5c63cc199d8297ba5a3fd0e008426a1e445d1ea82ac0068549c2430662a436cadba6dd2833d8f190d68aeadeb021941c7013726f759a40d756d03d5dd7710a4fd5246741fb5dc49820bcb23d46c4afb5bb2a6f46c84f79fe0245370e7cc48bd2651d8d2b887cd77fab7075d82f09ca787942cd47dcb32a1784331f44d8fd5a9cc7a44bfc490652db5356989bbb705ad9d631b9e2425f768dedfc233ac635686f7a8b70e0a1bf118a5aaa74fd52fe9c40bc258bc2d25cd97387b53690062f7b61f2047233834f1dfbddb90545d124bf6abd4c0a7b507f64a783925b728e0275cd5abfdb2640255303781a65f54d31b31731cf3951cd1f285092406e8d4b43d6b7a5252fa5305af286d95ab4d56c636a38001abe9e5adaf499c38dcbd5d0dc1a035ef535eaf9ff0ea98276164e9d6fb6c2e7da6c784bd7cc675f95e793c2b2b74dbd3825f33e4bfb3e3ec78779d042bc9b25c32dd6e86dbec30981363eaf9c01c370f1922f8c5f0a0ab7a2ca6ccffc5427555200f669a223667f042089340c9e770e4c510eed2cf8080ded6f49f8692f05c0ff2eed49581e3999e5c3730a0c0f9ba78537cd805bf7d9cdc8c632cc91b4cb01b04633bb114d869250b683a3b22eff3c4a7126718c397a1dbc3c901edf3f0b29a7eb5a6e59c9ab336ed3c4ae29b365298578564b2512f1c55228be801b5dd949274db6b78db092c7e233f2cd6ad4355a50bf62cab6fda1ec54949a6a8bd80738e5c367ffa05e50e066e4c5e33dee0269944b9bcc0b5f421138dc65722d14c66da00c4cca57c360ef8e6c377ada750e97cbd354f56410d5d0e2bbf1a14dd77403e289d9a42970c5cc6d5f6ed55ce07a25a437921f16ed0f2bfab347e61bbe3f74f046ff18eb1bc7733d648f941c0fd0fad5d874396192af21d398da0e505858564c332327cbeed66d3c4ccace4e5d3cc89d34cf2a0bc85b8596bfc0a32b815d0d77f9b7c41b5350c86fc4a3f97cb769c04e8da557036c1066eb8bb22b2d0a5dd31464990fe84047c8c349f80764d0648e645f41ef23772a70c995a0924b5235f735f4a3d09df127ca0b2d4320e790554aadedb4df3d0876c84006819a0844b57d364177aca7fb7e92eb1f8ac20a47402108da04274c7170ba9ca3e3e3a241e57fc824449c1636b82efa781e8869ff310c44bdd41a7770806253005f2d9d5f76ebdfb069f889d61d4341ecb0d21434c7c996f719f553e9d4d6efe10435a9e3b80da37ee84d49fdfd2c9e0d0a117a61ed0da08d27f7251baaa2648d092b6a69dc9c29a917af276bf04c2af5db46c9f1bdaee2ef5225f0d3abafcbb45d235ea4d57e27b6752473e9e2d61144595d0fa7c579765672e23b3b1aafce40d267792b381869202c895d0ad2aservicerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootmosquittorootrootrootrootmosquittomosquittomosquittomosquittomosquittomosquittomosquittomosquittomosquittomosquittomosquittorootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootmosquittomosquitto-2.0.20-bp156.2.3.1.src.rpmconfig(mosquitto)group(mosquitto)mosquittomosquitto(ppc-64)user(mosquitto) @@@@@@@@@@@@@@@@@@@     /bin/sh/bin/sh/bin/sh/bin/shconfig(mosquitto)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.33)(64bit)libc.so.6(GLIBC_2.34)(64bit)libc.so.6(GLIBC_2.38)(64bit)libcjson.so.1()(64bit)libcrypto.so.3()(64bit)libcrypto.so.3(OPENSSL_3.0.0)(64bit)libm.so.6()(64bit)libm.so.6(GLIBC_2.29)(64bit)libmosquitto.so.1()(64bit)libmosquitto.so.1(MOSQ_1.0)(64bit)libmosquitto.so.1(MOSQ_1.2)(64bit)libmosquitto.so.1(MOSQ_1.4)(64bit)libmosquitto.so.1(MOSQ_1.6)(64bit)libssl.so.3()(64bit)libssl.so.3(OPENSSL_3.0.0)(64bit)libwebsockets.so.19()(64bit)libwrap.so.0()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)sysuser-shadow2.0.20-bp156.2.3.13.0.4-14.6.0-14.0-15.2-13.24.14.3g"g@f@e!@e*e@coa@@aza]a/k@`@`lM@`KW`J@`J@`J@`;`_@_1@_԰_v@_=@_2@_&_!d^^[^(9@]@]V]]'$\f\w@\j@\eX@\d\[Ѱ@[y[ZZ@Y*@Y4Y_wY\Y, @XrWrfVVwVhVhVhVetV<@UpUL@UCjUCjUCjMartin Hauke Martin Hauke Martin Hauke Dirk Stoecker Arjen de Korte Dirk Müller Dirk Müller Martin Hauke Martin Hauke Johannes Segitz Martin Hauke Martin Hauke Martin Hauke Martin Hauke Marcus Rueckert Marcus Rueckert Marcus Rueckert Martin Hauke Martin Hauke Martin Hauke Martin Hauke Martin Hauke Martin Hauke Martin Hauke Martin Hauke Martin Hauke Martin Hauke Martin Hauke Martin Hauke James Oakley Martin Hauke Martin Hauke Martin Hauke Antoine Belvire Martin Hauke Martin Hauke Martin Hauke Martin Hauke Martin Hauke mardnh@gmx.demardnh@gmx.demardnh@gmx.demardnh@gmx.demardnh@gmx.demardnh@gmx.dejengelh@inai.deantoine.belvire@opensuse.orgmardnh@gmx.demardnh@gmx.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.de- Update to latest release to address the following security issues: * CVE-2024-3935 (bsc#1232635) * CVE-2024-10525 (bsc#1232636)- Update to version 2.0.20 Broker: - Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers". - Don't allow invalid response topic values. - Fix some strict protocol compliance issues.- Update to version 2.0.19 Security: * Fix mismatched subscribe/unsubscribe with normal/shared topics. * Fix crash on bridge using remapped topic being sent a crafted packet. Broker: * Fix assert failure when loading a persistence file that contains subscriptions with no client id. * Fix local bridges being incorrectly expired when persistent_client_expiration is in use. * Fix use of CLOCK_BOOTTIME for getting time. * Fix mismatched subscribe/unsubscribe with normal/shared topics. * Fix crash on bridge using remapped topic being sent a crafted packet. Client library: * Fix some error codes being converted to string as "unknown". * Clear SSL error state to avoid spurious error reporting. * Fix "payload format invalid" not being allowed as a PUBREC reason code. * Don't allow SUBACK with missing reason codes.- Add Reload action to service- Use sysuser-tools to generate mosquitto user- update to 2.0.18 (bsc#1214918, CVE-2023-28366, bsc#1215865, CVE-2023-0809, bsc#1215864, CVE-2023-3592): * Fix crash on subscribe under certain unlikely conditions. * Fix mosquitto_rr not honouring `-R`. Closes #2893. * Fix `max_queued_messages 0` stopping clients from receiving messages. * Fix `max_inflight_messages` not being set correctly. * Fix `mosquitto_passwd -U` backup file creation. * CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2 messages with the same message ID, but then never respond to the PUBREC commands. * CVE-2023-0809: Fix excessive memory being allocated based on malicious initial packets that are not CONNECT packets. * CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a will message that contains invalid property types. * Broker will now reject Will messages that attempt to publish to $CONTROL/. * Broker now validates usernames provided in a TLS certificate or TLS-PSK identity are valid UTF-8. * Fix potential crash when loading invalid persistence file. * Library will no longer allow single level wildcard certificates, e.g. *.com * Fix $SYS messages being expired after 60 seconds and hence unchanged values disappearing. * Fix some retained topic memory not being cleared immediately after used. * Fix error handling related to the `bind_interface` option. * Fix std* files not being redirected when daemonising, when built with assertions removed. * Fix default settings incorrectly allowing TLS v1.1. * Use line buffered mode for stdout. * Fix bridges with non-matching cleansession/local_cleansession being expired on start after restoring from persistence * Fix connections being limited to 2048 on Windows. The limit is now 8192, where supported. * Broker will log warnings if sensitive files are world readable/writable, or if the owner/group is not the same as the user/group the broker is running as. In future versions the broker will refuse to open these files. * mosquitto_memcmp_const is now more constant time. * Only register with DLT if DLT logging is enabled. * Fix any possible case where a json string might be incorrectly loaded. This could have caused a crash if a textname or textdescription field of a role was not a string, when loading the dynsec config from file only. * Dynsec plugin will not allow duplicate clients/groups/roles when loading config from file, which matches the behaviour for when creating them. * Fix heap overflow when reading corrupt config with "log_dest file". * Use CLOCK_BOOTTIME when available, to keep track of time. This solves the problem of the client OS sleeping and the client hence not being able to calculate the actual time for keepalive purposes. * Fix default settings incorrectly allowing TLS v1.1. Closes * Fix high CPU use on slow TLS connect. * Fix incorrect topic-alias property value in mosquitto_sub json output. * Fix confusing message on TLS certificate verification. * mosquitto_passwd uses mkstemp() for backup files. * `mosquitto_ctrl dynsec init` will refuse to overwrite an existing file, without a race-condition.- update to 2.0.15: * Deleting the group configured as the anonymous group in the Dynamic Security plugin, would leave a dangling pointer that could lead to a single crash. This is considered a minor issue - only administrative users should have access to dynsec, the impact on availability is one-off, and there is no associated loss of data. It is now forbidden to delete the group configured as the anonymous group. * Fix memory leak when a plugin modifies the topic of a message in MOSQ_EVT_MESSAGE. * Fix bridge `restart_timeout` not being honoured. * Fix potential memory leaks if a plugin modifies the message in the MOSQ_EVT_MESSAGE event. * Fix unused flags in CONNECT command being forced to be 0, which is not required for MQTT v3.1. Closes #2522. * Improve documentation of `persistent_client_expiration` option. Closes #2404. * Add clients to session expiry check list when restarting and reloading from persistence. Closes #2546. * Fix bridges not sending failure notification messages to the local broker if the remote bridge connection fails. Closes #2467. Closes #1488. * Fix some PUBLISH messages not being counted in $SYS stats. Closes #2448. * Fix incorrect return code being sent in DISCONNECT when a client session is taken over. Closes #2607. * Fix confusing "out of memory" error when a client is kicked in the dynamic security plugin. Closes #2525. * Fix confusing error message when dynamic security config file was a directory. Closes #2520. * Fix bridge queued messages not being persisted when local_cleansession is set to false and cleansession is set to true. Closes #2604. * Dynamic security: Fix modifyClient and modifyGroup commands to not modify the client/group if a new group/client being added is not valid. * Dynamic security: Fix the plugin being able to be loaded twice. Currently only a single plugin can interact with a unique $CONTROL topic. Using multiple instances of the plugin would produce duplicate entries in the config file. Closes #2601. Closes #2470. * Fix case where expired messages were causing queued messages not to be delivered. Closes #2609. * Fix websockets not passing on the X-Forwarded-For header. * Fix use of `MOSQ_OPT_TLS_ENGINE` being unable to be used due to the openssl ctx not being initialised until starting to connect. Closes #2537. * Fix incorrect use of SSL_connect. Closes #2594. * Don't set SIGPIPE to ignore, use MSG_NOSIGNAL instead. Closes #2564. * Add documentation of struct mosquitto_message to header. Closes #2561. * Fix documentation omission around mosquitto_reinitialise. Closes #2489. * Fix use of MOSQ_OPT_SSL_CTX when used in conjunction with MOSQ_OPT_SSL_CTX_DEFAULTS. Closes #2463. * Fix failure to close thread in some situations. Closes #2545. * Fix mosquitto_pub incorrectly reusing topic aliases when reconnecting. * Fix `-o` not working in `mosquitto_ctrl`, and typo in related documentation.- Update to version 2.0.14 Broker: * Fix bridge not respecting receive-maximum when reconnecting with MQTT v5. Client library: * Fix mosquitto_topic_matches_sub2() not using the length parameters. * Fix incorrect subscribe_callback in mosquittopp.h.- Update to version 2.0.13 Broker: * Fix `max_keepalive` option not being able to be set to 0. * Fix LWT messages not being delivered if `per_listener_settings` was set to true. * Various fixes around inflight quota management. * Fix problem parsing config files with Windows line endings. * Don't send retained messages when a shared subscription is made * Fix client id not showing in log on failed connections, where possible. * Fix broker sending duplicate CONNACK on failed MQTT v5 reauthentication. * Fix mosquitto_plugin.h not including mosquitto_broker.h. Client library: * Initialise sockpairR/W to invalid in `mosquitto_reinitialise()` to avoid closing invalid sockets in `mosquitto_destroy()` on error. Clients: - Fix date format in mosquitto_sub output.- Added hardening to systemd service(s) (bsc#1181400). Modified: * mosquitto.service- Update to version 2.0.12 * Includes security fixes for CVE-2021-34434 (bsc#1190048) and CVE-2020-13849 (bsc#1190101) Security : * An MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. This has been fixed. * Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1 connections. These clients are now rejected if their keepalive value exceeds max_keepalive. This option allows CVE-2020-13849, which is for the MQTT v3.1.1 protocol itself rather than an implementation, to be addressed. * Using certain listener related configuration options e.g. `cafile`, that apply to the default listener without defining any listener would cause a remotely accessible listener to be opened that was not confined to the local machine but did have anonymous access enabled, contrary to the documentation. This has been fixed. Closes #2283. * CVE-2021-34434: If a plugin had granted ACL subscription access to a durable/non-clean-session client, then removed that access,the client would keep its existing subscription. This has been fixed. * Incoming QoS 2 messages that had not completed the QoS flow were not being checked for ACL access when a clean session=False client was reconnecting. This has been fixed. Broker: * Fix possible out of bounds memory reads when reading a corrupt/crafted configuration file. Unless your configuration file is writable by untrusted users this is not a risk. * Fix `max_connections` option not being correctly counted. * Fix TLS certificates and TLS-PSK not being able to be configured at the same time. * Disable TLS v1.3 when using TLS-PSK, because it isn't correctly configured. * Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1 connections. These clients are now rejected if their keepalive value exceeds max_keepalive. * Fix broker not quiting if e.g. the `password_file` is specified as a directory. Closes #2241. * Fix listener mount_point not being removed on outgoing messages. * Strict protocol compliance fixes, plus test suite. * Fix $share subscriptions not being recovered for durable clients that reconnect. * Update plugin configuration documentation. Closes #2286. Client library: * If a client uses TLS-PSK then force the default cipher list to use "PSK" ciphers only. This means that a client connecting to a broker configured with x509 certificates only will now fail. Prior to this, the client would connect successfully without# verifying certificates, because they were not configured. * Disable TLS v1.3 when using TLS-PSK, because it isn't correctly configured. * Threaded mode is deconfigured when the mosquitto_loop_start() thread ends, which allows mosquitto_loop_start() to be called again. * Fix MOSQ_OPT_SSL_CTX not being able to be set to NULL. * Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in use, but none of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were set, and MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default value of true. Apps: * Fix `mosquitto_ctrl dynsec setDefaultACLAccess` command not working. Clients: * Document TLS certificate behaviour when using `-p 8883`. Build: * Fix installation using WITH_TLS=no. Closes #2281. * Fix builds with libressl 3.4.0. Closes #2198. * Remove some unnecessary code guards related to libressl. * Fix printf format build warning on MIPS. Closes #2271.- Update to version 2.0.11 Security: * If a MQTT v5 client connects with a crafted CONNECT packet a memory leak will occur. This has been fixed. Broker: * Fix possible crash having just upgraded from 1.6 if `per_listener_settings true` is set, and a SIGHUP is sent to the broker before a client has reconnected to the broker. * Fix bridge not reconnectng if the first reconnection attempt fails. * Improve QoS 0 outgoing packet queueing. * Fix QoS 0 messages not being queued when `queue_qos0_messages` was enabled. Clients: * If sending mosquitto_sub output to a pipe, mosquitto_sub will now detect that the pipe has closed and disconnect. * Fix `mosquitto_pub -l` quitting if a message publication is attempted when the broker is temporarily unavailable. - Remove not longer needed patch: * fix-undefined-symbols-in-plugins.patch (fixed upstream)- Update to version 2.0.10 Security: * CVE-2021-28166: If an authenticated client connected with MQTT v5 sent a malformed CONNACK message to the broker a NULL pointer dereference occurred, most likely resulting in a segfault. This will be updated with the CVE number when it is assigned. Affects versions 2.0.0 to 2.0.9 inclusive. Broker: * Don't over write new receive-maximum if a v5 client connects and takes over an old session. * Fix CVE-2021-28166. Closes #2163. Clients: * Set `receive-maximum` to not exceed the `-C` message count in mosquitto_sub and mosquitto_rr, to avoid potentially lost messages. * Fix TLS-PSK mode not working with port 8883. Client library: * Fix possible socket leak. This would occur if a client was using `mosquitto_loop_start()`, then if the connection failed due to the remote server being inaccessible they called `mosquitto_loop_stop(, true)` and recreated the mosquitto object. Build: * A variety of minor build related fixes, like functions not having previous declarations.- Build with support for tcp-wrapper (-DUSE_LIBWRAP=ON) - Update to version 2.0.9 Security: * If an empty or invalid CA file was provided to the client library for verifying the remote broker, then the initialx connection would fail but subsequent connections would succeed without verifying the remote broker certificate. * If an empty or invalid CA file was provided to the broker for verifying the remote broker for an outgoing bridge connection then the initial connection would fail but subsequent connections would succeed without verifying the remote broker certificate. Broker: * Fix encrypted bridge connections incorrectly connecting when `bridge_cafile` is empty or invalid. * Fix `tls_version` behaviour not matching documentation. It was setting the exact TLS version to use, not the minimium TLS version to use. * Fix messages to `$` prefixed topics being rejected. * Fix QoS 0 messages not being delivered when max_queued_bytes was configured. * Fix bridge increasing backoff calculation. * Improve handling of invalid combinations of listener address and bind interface configurations. * Fix `max_keepalive` option not applying to clients connecting with keepalive set to 0. Client library: * Fix encrypted connections incorrectly connecting when the CA file passed to `mosquitto_tls_set()` is empty or invalid. * Fix connections retrying very rapidly in some situations. Build: * Fix cmake epoll detection.- Convert some of the BuildRequires from package names to pkgconfig(): libcares, libcjson, libwebsockets- Fix linking of modules: - Add fix-undefined-symbols-in-plugins.patch - revert old workaround of settings -DCMAKE_SHARED_LINKER_FLAGS=- Update mosquitto-1.6.8-config.patch: Set a short profilename for a cleaner ps aufxZ output - Refreshed mosquitto-1.6.8-config.patch to apply cleanly again- Update to version 2.0.8 Broker: * Fix incorrect datatypes in `struct mosquitto_evt_tick`. This changes the size and offset of two of the members of this struct, and changes the size of the struct. This is an ABI break, but is considered to be acceptable because plugins should never be allocating their own instance of this struct, and currently none of the struct members are used for anything, so a plugin should not be accessing them. It would also be safe to read/write from the existing struct parameters. * Give compile time warning if libwebsockets compiled without external poll support. Client library: * Fix mosquitto_{pub|sub}_topic_check() functions not returning MOSQ_ERR_INVAL on topic == NULL. Clients: * Fix possible loss of data in `mosquitto_pub -l` when sending multiple long lines.- Update to version 2.0.7 Broker: * Fix some minor memory leaks on exit only. * Fix possible memory leak on connect. * Fix openssl engine not being able to load private key. Clients: * Fix config files truncating options after the first space. Build: - Fix man page building to not absolutely require xsltproc when using CMake. - Update to version 2.0.6 Broker: * Fix calculation of remaining length parameter for websockets clients that send fragmented packets. Broker: * Fix potential duplicate Will messages being sent when a will delay interval has been set. * Fix message expiry interval property not being honoured in `mosquitto_broker_publish` and `mosquitto_broker_publish_copy`. * Fix websockets listeners with TLS not responding. * Improve logging in obscure cases when a client disconnects. * Fix reloading of listeners where multiple listeners have been defined with the same port but different bind addresses. * Fix `message_size_limit` not applying to the Will payload. * The error topic-alias-invalid was being sent if an MQTT v5 client published a message with empty topic and topic alias set, but the topic alias hadn't already been configured on the broker. This has been fixed to send a protocol error, as per section 3.3.4 of the specification. * Note in the man pages that SIGHUP reloads TLS certificates. Apps: * Allow command line arguments to override config file options in mosquitto_ctrl. * mosquitto_ctrl: produce an error when requesting a new password if both attempts do not match.- Update to version 2.0.5 Broker: * Fix "auth_method" not being provided to the extended auth plugin event. * Fix large packets not being completely published to slow clients. * Fix bridge connection not relinquishing POLLOUT after messages are sent. * Fix apparmor incorrectly denying access to /var/lib/mosquitto/mosquitto.db.new. * Fix potential intermittent initial bridge connections when using poll(). * Fix "bind_interface" option. * Fix invalid behaviour in dynsec plugin if a group or client is deleted before a role that was attached to the group or client is deleted. * Improve logging in dynsec addGroupRole/addGroupClient commands. Client library: * Improve documentation around the "_v5()" and non-v5 functions, e.g. `mosquitto_publish()` and `mosquitto_publish_v5(). Build: * "install" Makefile target should depend on "all", not "mosquitto", to ensure that man pages are always built. Apps: * Disallow control characters in mosquitto_passwd usernames. * Fix incorrect description in mosquitto_ctrl man page. * Fix `mosquitto_ctrl dynsec getGroup` not showing roles.- Update to version 2.0.4 Broker: * Fix $SYS/broker/publish/messages/+ counters not being updated for QoS 1, 2 messages. * mosquitto_connect_bind_async() and mosquitto_connect_bind_v5() should not reset the bind address option if called with bind_address == NULL. * Add more log messages for dynsec load/save error conditions. Build: * Fix man pages not being built when using CMake. - Update to version 2.0.3 Security: * Running mosquitto_passwd with the following arguments only `mosquitto_passwd -b password_file username password` would cause the username to be used as the password. Broker: * Fix LWT not being sent on client takeover when the existing session wasn't being continued. * Fix bridges possibly not completing connections when WITH_ADNS is in use. * Fix QoS 0 messages not being delivered if max_queued_messages was set to 0. * Fix local bridges being disconnected on SIGHUP. * Fix slow initial bridge connections for WITH_ADNS=no. * Fix persistence_location not appending a '/'. Clients: * Fix mosquitto_sub being unable to terminate with Ctrl-C if a successful connection is not made. Apps: * Fix `mosquitto_passwd -b` using username as password (not if `-c` is also used). Build: * Fix `install` target when using WITH_CJSON=no.- Update to version 2.0.2 Broker: * Fix DH group not being set for TLS connections, which meant ciphers using DHE couldn't be used. * Fix websockets listeners not causing the main loop not to wake up. Client library: * Fix DH group not being set for TLS connections, which meant ciphers using DHE couldn't be used. Apps: * Fix "mosquitto_passwd -U" Build: - Fix cjson include paths. - Fix build using WITH_TLS=no when the openssl headers aren't available. - Distribute cmake/ and snap/ directories in tar. - Drop patch: * mosquitto-fix-cmake-cjson-detection.patch- Update to version 2.0.0 !!! Mosquitto 2.0 introduces a number of changes to the behaviour of the broker. See the following document for details https://mosquitto.org/documentation/migrating-to-2-0/ Noteworthy changes * Mosquitto is now more secure by default and requires users to take an active decision in how they configure security on their broker, instead of possibly relying on the older very permissive behaviour, as well as dropping privileged access more quickly * A new plugin interface has been introduced which goes beyond the existing authentication and access control plugin interface to offer more plugin capabilities * A new plugin has been introduced to provide client, group, and role based authentication and access control. * The broker performance has been improved, particularly for higher numbers of clients * A new utility, mosquitto_ctrl has been added for controlling aspects of a running broker. * Bridges now support MQTT v5. * The mosquitto command line clients have received a variety of small improvements. mosquitto_sub can now format its output in fixed column widths, for example, and filter its output randomly so you can keep an eye on the overall behaviour of a topic without having to see every message, for example. - Add patch: * mosquitto-fix-cmake-cjson-detection.patch- Update to version 1.6.12 Security: * In some circumstances, Mosquitto could leak memory when handling PUBLISH messages. This is limited to incoming QoS 2 messages, and is related to the combination of the broker having persistence enabled, a clean session=false client, which was connected prior to the broker restarting, then has reconnected and has now sent messages at a sufficiently high rate that the incoming queue at the broker has filled up and hence messages are being dropped. This is more likely to have an effect where max_queued_messages is a small value. This has now been fixed. Closes #1793. Broker: * Build warning fixes when building with WITH_BRIDGE=no and WITH_TLS=no. Clients: * All clients exit with an error exit code on CONNACK failure. * Don't busy loop with `mosquitto_pub -l` on a slow connection.- Update to version 1.6.11 Broker: * Fix usage message only mentioning v3.1.1. * Fix broker refusing to start if only websockets listeners were defined. * Change systemd unit files to create /var/log/mosquitto before starting. * Don't quit with an error if opening the log file isn't possible. * Fix bridge topic remapping when using "" as the topic. * Fix messages being queued for disconnected bridges when clean start was set to true. * Fix `autosave_interval` not being triggered by messages being delivered. * Fix websockets clients sometimes not being disconnected promptly. * Fix "slow" file based logging by switching to line based buffering. * Log protocol error message where appropriate from a bad UNSUBSCRIBE, rather than the generic "socket error". * Don't try to start DLT logging if DLT unavailable, to avoid a long delay when shutting down the broker. * Fix potential memory leaks. * Fix clients not receiving messages after a previous client with the same client ID and positive will delay interval quit. * Fix overly broad HAVE_PTHREAD_CANCEL compile guard. Client library: * Improved documentation around connect callback return codes. * Fix `mosquitto_publish*()` no longer returning `MOSQ_ERR_NO_CONN` when not connected. * `mosquitto_loop_start()` now sets a thread name on Linux- Lets always build with support for systemd and websockets and drop all the related ifdef's. - Run spec-cleaner.- Fix for the apparmor profile to properly allow reading files from /etc/mosquitto/conf.d/- Update to version 1.6.10 Broker: * Report invalid bridge prefix+pattern combinations at config parsing time rather than letting the bridge fail later. * Fix `mosquitto_passwd -b` not updating passwords for existing users correctly. Creating a new user with `-b` worked without problem. * Fix memory leak when connecting clients rejected. * Don't disconnect clients that are already disconnected. This prevents the session expiry being extended on SIGHUP. * Fix support for openssl 3.0. * Fix check when loading persistence file of a different version than the native version. * Fix possible assert crash associated with bridge reconnecting when compiled without epoll support. Client library: * Don't treat an unexpected PUBACK, PUBREL, or PUBCOMP as a fatal error. * Fix support for openssl 3.0. * Fix memory leaks from multiple calls to `mosquitto_lib_init()`/`mosquitto_lib_cleanup()`. * Fix documentation on return code of `mosquitto_lib_init()` for Windows. Clients: * Fix mosquitto_sub %j or %J not working on Windows. Build: * Various fixes for building with user not being freed on exit. * Fix trailing whitespace not being trimmed on acl users. * Fix `bind_interface` not working for the default listener. * Improve password file parsing in the broker and mosqitto_passwd. * Print OpenSSL errors in more situations, like when loading certificates fails. * Fix `mosquitto_client_protocol() returning incorrect values. Client library: * Set minimum keepalive argument to `mosquitto_connect*()` to be 5 seconds. * Fix `mosquitto_topic_matches_sub()` not returning MOSQ_ERR_INVAL if the topic contains a wildcard. Clients: * Fix `--remove-retained` not obeying the `-T` option for filtering out topics. * Default behaviour for v5 clients using `-c` is now to use infinite length sessions, as with v3 clients.- Update apparmor profile to allow open of /etc/mosquitto/conf.d - Update default config to include files under /etc/mosquitto/conf.d per the README in the directory - Add patch: * mosquitto-1.6.8-config.patch- Update to version 1.6.8 Broker: * Various fixes for `allow_zero_length_clientid` config, where this option was not being set correctly. * Fix incorrect memory tracking causing problems with memory_limit option. * Fix subscription topics being limited to 200 characters instead of 200 hierarchy levels. * Only a single CRL could be loaded at once. This has been fixed. * Fix problems with reloading config when `per_listener_settings` was true. * Fix retained messages with an expiry interval not being expired after being restored from persistence. * Fix messages with an expiry interval being sent without an expiry interval property just before they were expired. * Fix TLS Websockets clients not receiving messages after taking over a previous connection. * Fix MQTT 3.1.1 clients using clean session false, or MQTT 5.0 clients using session-expiry-interval set to infinity never expiring, even when the global `persistent_client_expiration` option was set. Client library: * Fix publish properties not being passed to on_message_v5 callback for QoS 2 messages. * Fix documentation issues in mosquitto.h. * Document `mosquitto_connect_srv()`. Clients: * Fix duplicate cfg definition in rr_client. * Fix `mosquitto_pub -l` hang when stdin stream ends. * Fix `mosquitto_pub -l` not sending the final line of stdin if it does not end with a new line. * Make documentation for `mosquitto_pub -l` match reality - blank lines are sent as empty messages. * Free memory in `mosquitto_sub` when quiting without having made a successful connection. - Drop patch: * mosquitto-fix-pkgconf-path.patch (fixed upstream)- Update to version 1.6.7 Broker: * Add workaround for working with libwebsockets 3.2.0. * Fix potential crash when reloading config. Client library: * Don't use `/` in autogenerated client ids, to avoid confusing with topics. * Fix `mosquitto_max_inflight_messages_set()` and `mosquitto_int_option(..., MOSQ_OPT_*_MAX, ...)` behaviour. * Fix regression on use of `mosquitto_connect_async()` not working. Clients: * mosquitto_sub: Fix `-E` incorrectly not working unless `-d` was also specified. * Updated documentation around automatic client ids.- Update to version 1.6.5 Fix CVE-2019-11779: * In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. Broker: * Fix v5 DISCONNECT packets with remaining length == 2 being treated as a protocol error. * Fix support for libwebsockets 3.x. * Fix slow websockets performance when sending large messages. * Fix clients authorised using `use_identity_as_username` or `use_subject_as_username` being disconnected on SIGHUP. * Improve error messages in some situations when clients disconnect. Reduces the number of "Socket error on client X, disconnecting" messages. * Fix Will for v5 clients not being sent if will delay interval was greater than the session expiry interval. * Fix CRL file not being reloaded on HUP. Client library: * Fix reconnect backoff for the situation where connections are dropped rather than refused. * Fix missing locks on `mosq->state`. - Update to version 1.6.4 Fix CVE-2019-11778: * If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations. Broker: * Fix incoming QoS 2 messages being blocked when `max_inflight_messages` was set to 1. * Fix incoming messages not being removed for a client if the topic being published to does not have any subscribers. Client library: * Fix MQTT v5 subscription options being incorrectly set for MQTT v3 subscriptions. * Make behaviour of `mosquitto_connect_async()` consistent with `mosquitto_connect()` when connecting to a non-existent server. * `mosquitto_string_option(mosq, MOSQ_OPT_TLS_KEYFORM, ...)` was incorrectly returning `MOSQ_ERR_INVAL` with valid input. This has been fixed. * on_connect callback is now called with the correct v5 reason code if a v5 client connects to a v3.x broker and is sent a CONNACK with the "unacceptable protocol version" connack reason code. * Fix memory leak when setting v5 properties in mosquitto_connect_v5(). * Fix properties not being sent on QoS>0 PUBLISH messages. Clients: * mosquitto_pub: fix error codes not being returned when mosquitto_pub exits. * All clients: improve error messages when connecting to a v3.x broker when in v5 mode. Other: - Various documentation fixes. - Update to version 1.6.3 Broker: * Fix detection of incoming v3.1/v3.1.1 bridges. * Fix default max_topic_alias listener config not being copied to the in-use listener when compiled without TLS support. * Fix random number generation if compiling using `WITH_TLS=no` and on Linux with glibc >= 2.25. Without this fix, no random numbers would be generated for e.g. on broker client id generation, and so clients connecting expecting this feature would be unable to connect. * Fix compilation problem related to `getrandom()` on non-glibc systems. * Fix Will message for a persistent client incorrectly being sent when the client reconnects after a clean disconnect. - Fix Will message for a persistent client not being sent on disconnect. * Improve documentation around the upgrading of persistence files. * Add 'extern "C"' on mosquitto_broker.h and mosquitto_plugin.h for C++ plugin writing. * Fix persistent Websockets clients not receiving messages after they reconnect, having sent DISCONNECT on a previous session * Disable TLS renegotiation. Client initiated renegotiation is considered to be a potential attack vector against servers. * Fix incorrect shared subscription topic '$shared'. * Fix zero length client ids being rejected for MQTT v5 clients with clean start set to true. * Fix MQTT v5 overlapping subscription behaviour. Clients now receive message from all matching subscriptions rather than the first one encountered, which ensures the maximum QoS requirement is met. * Fix incoming/outgoing quota problems for QoS>0. * Remove obsolete `store_clean_interval` from documentation. * Fix v4 authentication plugin never calling psk_key_get. Clients: * Fix -L url parsing when `/topic` part is missing. * Stop some error messages being printed even when `--quiet` was used. * Fix mosquitto_pub exiting with error code 0 when an error occurred. * Fix mosquitto_pub not using the `-c` option. * Fix MQTT v5 clients not being able to specify a password without a username. * Fix `mosquitto_pub -l` not handling network failures. * Fix `mosquitto_pub -l` not handling zero length input. * Fix double free on exit in mosquitto_pub. - Update to version 1.6.2 Broker: * Fix memory access after free, leading to possible crash, when v5 client with Will message disconnects, where the Will message has as its first property one of `content-type`, `correlation-data`, `payload-format-indicator`, or `response-topic`. * Fix Will message not allowing user-property properties. * Fix broker originated messages (e.g. $SYS/broker/version) not being published when `check_retain_source` set to true. * Fix $SYS/broker/version being incorrectly expired after 60 seconds. Library: * Fix crash after client has been unable to connect to a broker. This occurs when the client is exiting and is part of the final library cleanup routine. Clients: - Fix -L url parsing. - Update to version 1.6.1 Broker: * Document `memory_limit` option. Clients: * Fix compilation on non glibc systems due to missing sys/time.h header. - Add patch: * mosquitto-fix-pkgconf-path.patch- Remove SuSEfirewall2 service since SuSEfirewall2 has been replaced by firewalld (which already provides a mqtt service).- Update to version 1.6.0 Broker features * Add support for MQTT v5 * Add support for OCSP stapling. * Add support for ALPN on bridge TLS connections. * Add support for Automotive DLT logging. * Add TLS Engine support. * Persistence file read/write performance improvements. * General performance improvements. * Add max_keepalive option, to allow a maximum keepalive value to be set for MQTT v5 clients only. * Add bind_interface option which allows a listener to be bound to a specific network interface, in a similar fashion to the bind_address option. Linux only. * Add improved bridge restart interval based on Decorrelated Jitter. * Add dhparamfile option, to allow DH parameters to be loaded for Ephemeral DH support * Disallow writing to $ topics where appropriate. * Add explicit support for TLS v1.3. * Drop support for TLS v1.0. * Improved general support for broker generated client ids. Removed libuuid dependency. * auto_id_prefix now defaults to 'auto-'. * QoS 1 and 2 flow control improvements. Client library features * Add support for MQTT v5 * Add mosquitto_subscribe_multiple() for sending subscriptions to multiple topics in one command. * Add TLS Engine support. * Add explicit support for TLS v1.3. * Drop support for TLS v1.0. * QoS 1 and 2 flow control improvements. Client features * Add support for MQTT v5 * Add mosquitto_rr client, which can be used for "request-response" messaging, by sending a request message and awaiting a response. * Add TLS Engine support. * Add support for ALPN on TLS connections. * Add -D option for all clients to specify MQTT v5 properties. * Add -E to mosquitto_sub, which causes it to exit immediately after having its subscriptions acknowledged. Use with -c to create a durable client session without requiring a message to be received. * Add --remove-retained to mosquitto_sub, which can be used to clear retained messages on a broker. * Add --repeat and --repeat-delay to mosquitto_pub, which can be used to repeat single message publishes at a regular interval. * -V now accepts 5, 311, 31, as well as mqttv5 etc. * Add explicit support for TLS v1.3. * Drop support for TLS v1.0. Broker fixes * Improve error reporting when creating listeners. * Fix mosquitto_passwd crashing on corrupt password file. * Fix build on SmartOS due to missing IPV6_V6ONLY. Client library fixes * Add missing mosquitto_userdata() function. Client fixes * mosquitto_pub wouldn't always publish all messages when using -l and QoS>0. This has been fixed. * mosquitto_sub was incorrectly encoding special characters when using %j output format.- Update to version 1.5.8 Broker: * Fix clients being disconnected when ACLs are in use. This only affects the case where a client connects using a username, and the anonymous ACL list is defined but specific user ACLs are not defined. * Fix delayed bridge local subscriptions causing missing messages. Library: * Use higher resolution timer for random initialisation of client id generation. * Fix some Coverity Scan reported errors that could occur when the library was already quitting.- Use HTTPS for all URLs - Verify source signature- Update to version 1.5.7 Broker: - Ensure that an error occurs if `per_listener_settings true` is given after other security options. - Fix case where old unreferenced msg_store messages were being saved to the persistence file, bloating its size unnecessarily. Library: - Fix `mosquitto_topic_matches_sub()` not returning MOSQ_ERR_INVAL for invalid subscriptions like `topic/#abc`. This only affects the return value, not the match/no match result, which was already correct.- Update to version 1.5.6 Security: * Fix CVE-2018-12551 (bsc#1125021): If Mosquitto is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability. * Fix CVE-2018-12550 (bsc#1125021): If an ACL file is empty, or has only blank lines or comments, then mosquitto treats the ACL file as not being defined, which means that no topic access is denied. Although denying access to all topics is not a useful configuration, this behaviour is unexpected and could lead to access being incorrectly granted in some circumstances. This is now fixed. * Fix CVE-2018-12546 (bsc#1125019): If a client publishes a retained message to a topic that they have access to, and then their access to that topic is revoked, the retained message will still be delivered to future subscribers. This behaviour may be undesirable in some applications, so a configuration option `check_retain_source` has been introduced to enforce checking of the retained message source on publish. Broker: * Fixed comment handling for config options that have optional arguments. * Improved documentation around bridge topic remapping. * Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 reply) properly. * Fix spaces not being allowed in the bridge remote_username option. * Allow broker to always restart on Windows when using `log_dest file`. * Fix Will not being sent for Websockets clients. * Windows: Fix possible crash when client disconnects. * Fixed durable clients being unable to receive messages when offline, when per_listener_settings was set to true. * Add log message for the case where a client is disconnected for sending a topic with invalid UTF-8. Library: * Fix TLS connections not working over SOCKS. * Don't clear SSL context when TLS connection is closed, meaning if a user provided an external SSL_CTX they have less chance of leaking references.- FIX CVE-2018-20145: mosquitto: ACL bypass (bnc#1119536) - Update to version 1.5.5 Security: * If `per_listener_settings` is set to true, then the `acl_file` setting was ignored for the "default listener" only. This has been fixed. This does not affect any listeners defined with the `listener` option. Broker: * Add `socket_domain` option to allow listeners to disable IPv6 support. This is required to work around a problem in libwebsockets that means sockets only listen on IPv6 by default if IPv6 support is compiled in. * When using ADNS, don't ask for all network protocols when connecting, because this can lead to confusing "Protocol not supported" errors if the network is down. * Fix outgoing retained messages not being sent by bridges on initial connection. * Don't reload auth_opt_ options on reload, to match the behaviour of the other plugin options. * Print message on error when installing/uninstalling as a Windows service. * All non-error connect/disconnect messages are controlled by the `connection_messages` option. Library: * Fix reconnect delay backoff behaviour. * Don't call on_disconnect() twice if keepalive tests fail. Client: * Always print leading zeros in mosquitto_sub when output format is hex. Build: * Fix building where TLS-PSK is not available. - Update to version 1.5.4 Security: * When using a TLS enabled websockets listener with "require_certificate" enabled, the mosquitto broker does not correctly verify client certificates. This is now fixed. All other security measures operate as expected, and in particular non-websockets listeners are not affected by this. Broker: * Process all pending messages even when a client has disconnected. This means a client that send a PUBLISH then DISCONNECT quickly, then disconnects will have its DISCONNECT message processed properly and so no Will will be sent. * $SYS/broker/clients/disconnected should never be negative. * Give better error message if a client sends a password without a username. * Fix bridge not honoring restart_timeout. * Don't disconnect a client if an auth plugin denies access to SUBSCRIBE. Library: * Fix memory leak that occurred if mosquitto_reconnect() was used when TLS errors were present. * Fix TLS connections when using an external event loop with mosquitto_loop_read() and mosquitto_write(). Build: * Fix clients not being compiled with threading support when using CMake. * Use _GNU_SOURCE to fix build errors in websockets and getaddrinfo usage.- Update to version 1.5.3 Security: * Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and Mosquitto will exit. Broker: * Elevate log level to warning for situation when socket limit is hit. * Fix retained messages not sent by bridges on outgoing topics at the first connection. * Fix duplicate clients being added to by_id hash before the old client was removed. - Update to version 1.5.2 Broker: * Fix incorrect call to setsockopt() for TCP_NODELAY. * Fix excessive CPU usage when the number of sockets exceeds the system limit. * Fix round_robin false behaviour. * Fix segfault on HUP when bridges and security options are configured. Library: * Fix situation where username and password is used with SOCKS5 proxy. * Fix SOCKS5 behaviour when passing IP addresses.- Update to version 1.5.1 Broker: * Fix plugin cleanup function not being called on exit of the broker. * Print more OpenSSL errors when loading certificates/keys fail. * Use AF_UNSPEC etc. instead of PF_UNSPEC to comply with POSIX. * Remove use of AI_ADDRCONFIG, which means the broker can be used on systems where only the loopback interface is defined. * Fix IPv6 addresses not being able to be used as bridge addresses. * All clients now time out if they exceed their keepalive*1.5, rather than just reach it. This was inconsistent in two places. * Fix segfault on startup if bridge CA certificates could not be read. * Fix problem opening listeners on Pi caused by unsigned char being default. * ACL patterns that do not contain either %c or %u now produce a warning in the log. * Fix bridge publishing failing when per_listener_settings was true. * Fix `use_identity_as_username true` not working. * Fix UNSUBACK messages not being logged. * Fix possible endian issue when reading the `memory_limit` option. * Fix building for libwebsockets < 1.6. * Fix accessor functions for username and client id when used in plugin auth check. Library: * Fix some places where return codes were incorrect, including to the on_disconnect() callback. This has resulted in two new error codes, MOSQ_ERR_KEEPALIVE and MOSQ_ERR_LOOKUP. * Fix connection problems when mosquitto_loop_start() was called before mosquitto_connect_async(). Clients: * When compiled using WITH_TLS=no, the default port was incorrectly being set to -1. This has been fixed. * Fix compiling on Mac OS X <10.12. Build: * Fixes for building on NetBSD. * Fixes for building on FreeBSD. * Add support for compiling with static libwebsockets library.- Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. * Add systemd startup notification and services. Closes #471053. * Reduce unnecessary malloc and memcpy when receiving a message and storing it. Closes #470258. * Support for Windows XP has been dropped. * Bridge connections now default to using MQTT v3.1.1. * mosquitto_db_dump tool can now output some stats on clients. * Perform utf-8 validation on incoming will, subscription and unsubscription topics. * new $SYS/broker/store/messages/count (deprecates $SYS/broker/messages/stored) * new $SYS/broker/store/messages/bytes * max_queued_bytes feature to limit queues by real size rather than than just message count. Closes Eclipse #452919 or Github #100 * Add support for bridges to be configured to only send notifications to the local broker. * Add set_tcp_nodelay option to allow Nagle's algorithm to be disabled on client sockets. Closes #433. * The behaviour of allow_anonymous has changed. In the old behaviour, the default if not set was to allow anonymous access. The new behaviour is to default is to allow anonymous access unless another security option is set. For example, if password_file is set and allow_anonymous is not set, then anonymous access will be denied. It is still possible to allow anonymous access by setting it explicitly. Broker fixes: * Fix UNSUBSCRIBE with no topic is accepted on MQTT 3.1.1. Closes #665. * Produce an error if two bridges share the same local_clientid. * Miscellaneous fixes on Windows. * queue_qos0_messages was not observing max_queued_** limits * When using the include_dir configuration option sort the files alphabetically before loading them. Closes #17. * IPv6 is no longer disabled for websockets listeners. * Remove all build timestamp information including $SYS/broker/timestamp. Close #651. * Correctly handle incoming strings that contain a NULL byte. Closes #693. * Use constant time memcmp for password comparisons. * Fix incorrect PSK key being used if it had leading zeroes. * Fix memory leak if a client provided a username/password for a listener with use_identity_as_username configured. * Fix use_identity_as_username not working on websockets clients. * Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on a websockets client. Closes #490. * Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507. * Lines in the config file are no longer limited to 1024 characters long. Closes #652. * Fix $SYS counters of messages and bytes sent when message is sent over a Websockets. Closes #250. * Fix upgrade_outgoing_qos for retained message. Closes #534. * Fix CONNACK message not being sent for unauthorised connect on websockets. Closes #8. * Maximum connections on Windows increased to 2048. * When a client with an in-use client-id connects, if the old client has a will, send the will message. Closes #26. * Fix parsing of configuration options that end with a space. Closes #804. Client library features: * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. * DNS-SRV support is now disabled by default. * Add mosquitto_subscribe_simple() This is a helper function to make retrieving messages from a broker very straightforward. Examples of its use are in examples/subscribe_simple. * Add mosquitto_subscribe_callback() This is a helper function to make processing messages from a broker very straightforward. An example of its use is in examples/subscribe_simple. * Connections now default to using MQTT v3.1.1. * Add mosquitto_validate_utf8() to check whether a string is valid UTF-8 according to the UTF-8 spec and to the additional restrictions imposed by the MQTT spec. * Topic inputs are checked for UTF-8 validity. * Add mosquitto_userdata function to allow retrieving the client userdata member variable. Closes #111. * Add mosquitto_pub_topic_check2(), mosquitto_sub_topic_check2(), and mosquitto_topic_matches_sub2() which are identical to the similarly named functions but also take length arguments. * Add mosquitto_connect_with_flags_callback_set(), which allows a second connect callback to be used which also exposes the connect flags parameter. Closes #738 and #128. * Add MOSQ_OPT_SSL_CTX option to allow a user specified SSL_CTX to be used instead of the one generated by libmosquitto. This allows greater control over what options can be set. Closes #715. * Add MOSQ_OPT_SSL_CTX_WITH_DEFAULTS to work with MOSQ_OPT_SSL_CTX and have the default libmosquitto SSL_CTX configuration applied to the user provided SSL_CTX. Closes #567. Client library fixes: * Fix incorrect PSK key being used if it had leading zeroes. * Initialise "result" variable as soon as possible in mosquitto_topic_matches_sub. Closes #654. * No need to close socket again if setting non-blocking failed. Closes #649. * Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against foo/+/#. Closes #670. * SNI host support added. Client features: * Add -F to mosquitto_sub to allow the user to choose the output format. * Add -U to mosquitto_sub for unsubscribing from topics. * Add -c (clean session) to mosquitto_pub. * Add --retained-only to mosquitto_sub to exit after receiving all retained messages. * Add -W to allow mosquitto_sub to stop processing incoming messages after a timeout. * Connections now default to using MQTT v3.1.1. * Default to using port 8883 when using TLS. * mosquitto_sub doesn't continue to keep connecting if CONNACK tells it the connection was refused. Client fixes: * Correctly handle empty files with "mosquitto_pub -l". Closes #676. Build: * Add WITH_STRIP option (defaulting to "no") that when set to "yes" will strip executables and shared libraries when installing. * Add WITH_STATIC_LIBRARIES (defaulting to "no") that when set to "yes" will build and install static versions of the client libraries. * Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636. * Support for openssl versions 1.0.0 and 1.0.1 has been removed as these are no longer supported by openssl. Documentation: * Replace mentions of deprecated 'c_rehash' with 'openssl rehash'. - Remove patch: * mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch (not longer needed) - Support for tcp-wrapper is broken atm, disable for now- Update to version 1.4.15 Security: * Fix CVE-2017-7652. If a SIGHUP is sent to the broker when there are no more file descriptors, then opening the configuration file will fail and security settings will be set back to their default values. * Fix CVE-2017-7651. Unauthenticated clients can cause excessive memory use by setting "remaining length" to be a large value. This is now mitigated by limiting the size of remaining length to valid values. A "memory_limit" configuration option has also been added to allow the overall memory used by the broker to be limited. Broker: * Use constant time memcmp for password comparisons. * Fix incorrect PSK key being used if it had leading zeroes. * Fix memory leak if a client provided a username/password for a listener with use_identity_as_username configured. * Fix use_identity_as_username not working on websockets clients. * Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on a websockets client. Closes #490. * Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507. * Lines in the config file are no longer limited to 1024 characters long. Closes #652. * Fix $SYS counters of messages and bytes sent when message is sent over a Websockets. Closes #250. * Fix upgrade_outgoing_qos for retained message. Closes #534. * Fix CONNACK message not being sent for unauthorised connect on websockets. Closes #8. Client library: * Fix incorrect PSK key being used if it had leading zeroes. * Initialise "result" variable as soon as possible in mosquitto_topic_matches_sub. Closes #654. * No need to close socket again if setting non-blocking failed. Closes #649. * Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against foo/+/#. Closes #670. Clients: * Correctly handle empty files with "mosquitto_pub -l". Closes #676. Build: * Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636.- Update to 1.4.14 * Broker: - Fix regression from 1.4.13 where persistence data was not being saved.- Fix incorrect RPM groups. - Remove repeated license declaration from description. Trim package descriptions for size. - Errors from user creation must not be ignored.- Add mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch: Determine build timestamp from latest revision of .changes file in order to make the build reproducible and avoid useless republishing.- Update to 1.4.13 * Security: - Fix CVE-2017-9868. The persistence file was readable by all local users, potentially allowing sensitive information to be leaked. This can also be fixed administratively, by restricting access to the directory in which the persistence file is stored. * Broker: - Fix for poor websockets performance. - Fix lazy bridges not timing out for idle_timeout. - Fix problems with large retained messages over websockets. - Set persistence file to only be readable by owner, except on Windows. - Fix CONNECT check for reserved=0, as per MQTT v3.1.1 check MQTT-3.1.2-3. - When the broker stop, wills for any connected clients are now "sent". - Auth plugins can be configured to disable the check for +# in usernames/client ids with the auth_plugin_deny_special_chars option. Partially closes #462. - Restrictions for CVE-2017-7650 have been relaxed - '/' is allowed in usernames/client ids. Remainder of fix for #462. Clients: - Don't use / in auto-generated client ids.- Update to 1.4.12 * Security: - Fix CVE-2017-7650, which allows clients with username or client id set to '#' or '+' to bypass pattern based ACLs or third party plugins. The fix denies message sending or receiving of messages for clients with a '#' or '+' in their username or client id and if the message is subject to a pattern ACL check or plugin check. * Broker: - Fix mosquitto.db from becoming corrupted due to client messages being persisted with no stored message. Closes #424. - Fix bridge not restarting properly. Closes #428. - Fix unitialized memory in gets_quiet on Windows. Closes #426. - Fix building with WITH_ADNS=no for systems that don't use glibc. Closes #415. - Fixes to readme.md. - Fix deprecation warning for OpenSSL 1.1. PR #416. - Don't segfault on duplicate bridge names. Closes #446. - Fix CVE-2017-7650.- update to 1.4.11 - Broker: - Fix crash when "lazy" type bridge attempts to reconnect. Closes #259. - maximum_connections now applies to websockets listeners. Closes #271. - Allow bridges to use TLS with IPv6. - Don't error on zero length persistence files. Closes #316. - For http only websockets clients, close files served over http in all cases when the client disconnects. Closes #354. - Fix error message when websockets http_dir directory does not exist. - Improve password utility error message. Closes #379. - Clients: - Use of --ciphers no longer requires you to also pass - -tls-version. Closes #380. - Client library: - Clients can now use TLS with IPv6. - Fix potential socket leakage when reconnecting. Closes #304. - Fix potential negative timeout being passed to pselect. Closes #329. - update 1.4.10 - Broker: - Fix TLS operation with websockets listeners and libwebsockts 2.x. Closes #186. - Don't disconnect client on HUP before reading the pending data. Closes #7. - Fix some $SYS messages being incorrectly persisted. Closes [#191]. - Support OpenSSL 1.1.0. - Call fsync after persisting data to ensure it is correctly written. Closes #189. - Fix persistence saving of subscription QoS on big-endian machines. - Fix will retained flag handling on Windows. Closes #222. - Broker now displays an error if it is unable to open the log file. Closes #234. - Client library: - Support OpenSSL 1.1.0. - Fixed the C++ library not allowing SOCKS support to be used. Closes #198. - Fix memory leak when verifying a server certificate with a subjectAltName section. Closes #237. - Build: - Don't attempt to install docs when WITH_DOCS=no. Closes #184.- update to 1.4.9 - Broker: - Ensure websockets clients that previously connected with clean session set to false have their queued messages delivered immediately on reconnecting. Closes #476314. - Reconnecting client with clean session set to false doesn't start with mid=1 again. - Will topic isn't truncated by one byte when using a mount_point any more. - Network errors are printed correctly on Windows. - Fix incorrect $SYS heap memory reporting when using ACLs. - Bridge config parameters couldn't contain a space, this has been fixed. Closes #150. - Fix saving of persistence messages that start with a '/'. Closes #151. - Fix reconnecting for bridges that use TLS on Windows. Closes [#154]. - Broker and bridges can now cope with unknown incoming PUBACK, PUBREC, PUBREL, PUBCOMP without disconnecting. Closes #57. - Fix websockets listeners not being able to bind to an IP address. Closes #170. - mosquitto_passwd utility now correctly deals with unknown command line arguments in all cases. Closes #169. - Fix publishing of $SYS/broker/clients/maximum - Fix order of #includes in lib/send_mosq.c to ensure struct mosquitto doesn't differ between source files when websockets is being used. Closes #180. - Fix possible rare crash when writing out persistence file and a client has incomplete messages inflight that it has been denied the right to publish. - Client library: - Fix the case where a message received just before the keepalive timer expired would cause the client to miss the keepalive timer. - Return value of pthread_create is now checked. - _mosquitto_destroy should not cancel threads that weren't created by libmosquitto. Closes #166. - Clients can now cope with unknown incoming PUBACK, PUBREC, PUBREL, PUBCOMP without disconnecting. Closes #57. - Fix mosquitto_topic_matches_sub() reporting matches on some invalid subscriptions. - Clients: - Handle some unchecked malloc() calls. Closes #1. - Build: - Fix string quoting in CMakeLists.txt. Closes #4. - Fix building on Visual Studio 2015. Closes #136.- update to 1.4.8 - Broker: - Wills published by clients connected to a listener with mount_point defined now correctly obey the mount point. This was a potential security risk because it allowed clients to publish messages outside of their restricted mount point. This is only affects brokers where the mount_point option is in use. Closes #487178. - Fix detection of broken connections on Windows. Closes #485143. - Close stdin etc. when daemonised. Closes #485589. - Fix incorrect detection of FreeBSD and OpenBSD. Closes #485131. - Client library: - mosq->want_write should be cleared immediately before a call to SSL_write, to allow clients using mosquitto_want_write() to get accurate results.- update to 1.4.7 - Broker: - Fix support for libwebsockets 1.22. - changes from 1.4.6 - Broker: - Add support for libwebsockets 1.6. - Client library: - Fix _mosquitto_socketpair() on Windows, reducing the chance of delays when publishing. Closes #483979. - Clients: - Fix "mosquitto_pub -l" stripping the final character on a line. Closes #483981.- enable websocket supports- enabled tcp wrapper support- pass the config file in the service file. it does not load it otherwise.- update to 1.4.5 - Broker - Fix possible memory leak if bridge using SSL attempts to connect to a host that is not up. - Free unused topic tree elements (fix in 1.4.3 was incomplete). Closes #468987. - Clients - “mosquitto_pub -l” now no longer limited to 1024 byte lines. Closes #478917.- update to 1.4.4 - Broker: - Don't leak sockets when outgoing bridge with multiple addresses cannot connect. Closes #477571. - Fix cross compiling of websockets. Closes #475807. - Fix memory free related crashes on openwrt. Closes #475707. - Fix excessive calls to message retry check.- update to 1.4.3 - Broker - Fix incorrect bridge notification on initial connection. Closes #467096. - Build fixes for OpenBSD. - Fix incorrect behaviour for autosave_interval, most noticable for autosave_interval=1. Closes #465438. - Fix handling of outgoing QoS>0 messages for bridges that could not be sent because the bridge connection was down. - Free unused topic tree elements. Closes #468987. - Fix some potential memory leaks. Closes #470253. - Fix potential crash on libwebsockets error. - Client library - Add missing error strings to mosquitto_strerror. - Handle fragmented TLS packets without a delay. Closes [#470660]. - Fix incorrect loop timeout being chosen when using threaded - interface and keepalive = 0. Closes #471334. - Increment inflight messages count correctly. Closes #474935. - Clients - Report error string on connection failure rather than error code.- update to 1.4.2 Broker: - Fix bridge prefixes only working for the first outgoing message. Closes #464437. - Fix incorrect bridge connection notifications on local broker. - Fix persistent db writing on Windows. Closes #464779. - ACLs are now checked before sending a will message. - Fix possible crash when using bridges on Windows. Closes [#465384]. - Fix parsing of auth_opt_ arguments with extra spaces/tabs. - Broker will return CONNACK rc=5 when a username/password is not authorised. This was being incorrectly set as rc=4. - Fix handling of payload lengths>4096 with websockets. Client library: - Inflight message count wasn't being decreased for outgoing messages using QoS 2, meaning that only up to 20 QoS 2 messages could be sent. This has been fixed. Closes #464436. - Fix CMake dependencies for C++ wrapper building. Closes [#463884]. - Fix possibility of select() being called with a socket that is >FD_SETSIZE. This is a fix for #464632 that will be followed >up by removing the select() call in a future version. - Fix calls to mosquitto_connect*_async() not completing.- added mosquitto-1.4.1_apparmor.patch to make the profile work in newer apparmor- merge a few things from the other packages - create dir structure in the config dir + readmes - splitout the client - provide the splitted devel package names - install the apparmor profile - install firewall config- initial package/bin/sh/bin/sh/bin/sh/bin/shobs-power9-10 1730633862  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRST2.0.20-bp156.2.3.12.0.20-bp156.2.3.12.0.20-bp156.2.3.1     !apparmor.dlocalusr.sbin.mosquittousr.sbin.mosquittomosquittoaclfile.exampleca_certificatesREADMEcertsREADMEconf.dREADMEmosquitto.confpskfile.examplepwfile.examplemosquitto_ctrlmosquitto_passwdmosquitto.servicemosquitto-user.confmosquitto_dynamic_security.somosquittorcmosquittomosquittoCONTRIBUTING.mdChangeLog.txtabout.htmlaclfile.exampleexamplesmysql_logMakefilemysql_log.cpublishbasic-1.csubscribebasic-1.csubscribe_simpleMakefilecallback.cmultiple.csingle.ctemperature_conversionMakefilemain.cppreadme.txttemperature_conversion.cpptemperature_conversion.hlogolegacymosquitto-14x14.pngmosquitto-16x16.pngmosquitto.svgmosquitto-logo-min.svgmosquitto-logo-only.svgmosquitto-text-below.svgmosquitto-text-side.svgmosquitto.icomisccurrentcostcc128_log_mysql.plcc128_parse.plcc128_read.plcc128_read.pygnome-panelCurrentCostMQTT.pyCurrentCostMQTT.servercurrentcost.pngletsencryptmosquitto-copy.shpskfile.examplepwfile.examplesecuritymosquitto.apparmormosquittoLICENSE.txtedl-v10epl-v20mosquitto_ctrl.1.gzmosquitto_ctrl_dynsec.1.gzmosquitto_passwd.1.gzmosquitto.conf.5.gzmosquitto-tls.7.gzmqtt.7.gzmosquitto.8.gzmosquitto/etc//etc/apparmor.d//etc/apparmor.d/local//etc/mosquitto//etc/mosquitto/ca_certificates//etc/mosquitto/certs//etc/mosquitto/conf.d//usr/bin//usr/lib/systemd/system//usr/lib/sysusers.d//usr/lib64//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/mosquitto//usr/share/doc/packages/mosquitto/examples//usr/share/doc/packages/mosquitto/examples/mysql_log//usr/share/doc/packages/mosquitto/examples/publish//usr/share/doc/packages/mosquitto/examples/subscribe//usr/share/doc/packages/mosquitto/examples/subscribe_simple//usr/share/doc/packages/mosquitto/examples/temperature_conversion//usr/share/doc/packages/mosquitto/logo//usr/share/doc/packages/mosquitto/logo/legacy//usr/share/doc/packages/mosquitto/misc//usr/share/doc/packages/mosquitto/misc/currentcost//usr/share/doc/packages/mosquitto/misc/currentcost/gnome-panel//usr/share/doc/packages/mosquitto/misc/letsencrypt//usr/share/doc/packages/mosquitto/security//usr/share/licenses//usr/share/licenses/mosquitto//usr/share/man/man1//usr/share/man/man5//usr/share/man/man7//usr/share/man/man8//var/lib/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:18637/openSUSE_Backports_SLE-15-SP6_Update/15a50bcb4809ee874df5d61de9a46ef2-mosquitto.openSUSE_Backports_SLE-15-SP6_Updatedrpmxz5ppc64le-suse-linux   directoryASCII textC source, ASCII textELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, BuildID[sha1]=8bd40398d215923b0425e5dbd413bff661a6b2c5, for GNU/Linux 3.10.0, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, BuildID[sha1]=67a054dceb5d0558fd3c7a22c11662911fcac455, for GNU/Linux 3.10.0, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=1e1c42b63e373a54d24cfc702b2d5f2f4f92923a, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, BuildID[sha1]=1c674e6666c5b61e6e51d49c9ee57cfc8a19c316, for GNU/Linux 3.10.0, strippedHTML document, ASCII textmakefile script, ASCII textC++ source, ASCII textPNG image data, 14 x 14, 8-bit/color RGB, non-interlacedPNG image data, 16 x 16, 8-bit/color RGB, non-interlacedSVG Scalable Vector Graphics imagePerl script text executablePython script, ASCII text executablePNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedPOSIX shell script, ASCII text executabletroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)   R RRRRR RRRRR R RR R RRRR RPPR RRR R RRR RRRR RRRR R RRgš \}systemdsystemdsystemd-sysvcompatutf-8c549a448d8fd33f0557de133e514cce24fc9806012f2c315d7918ae261eeb3b2?@7zXZ !t/X]"k%wTAYe#s,lkv'-Gn(X%M/M+^ >F~ʡGu!n焷/.ebj) \<"o$:EV؋trD#NO Ճ]`F nh;z =Ϯ1]{xC-n2t7錵_qq\Yhقj䟒 IZ&3[->A ss:"h nI^Pzv{Wq}ޞ@Fv)+% V X6pRgF[bxMiqqw*l?,xt/3aL=u~{k-IfttDӣ >,mJ#^Z=9yKy$Cr1)[\49\ I>%eo S֜MdSgLVkRDU; ʛRTf`R=4+ӽg{@|[$#|Y䇤ײD&(qOZ ~F`p4&t$*1H=[Ls`f91 b O(X4/ЩQ\K5ƒ~Z̧ 28bM]d%lv6EsL~62H;+M3$}$JB|yZhHe&|1f9j\U(}ھU*+9f4[ LU\]X:Gg9=7[ӝP,foYxݪ8fq=ܿa0~LţMy^8V6>=PV!iDFz鮁C3`䏻ԶV  ė*C,ލU Eh$.B p&uۂ)LOHQvJ2OS>녅sFx9;עC$mǑ(X¿{7sb^\۲YuɭQ)BNŦ@Uґau:x!co.*`\͠V7 /:I)]lwm8n _=g|U gK", 4乪)<~'AUmuLW5<9r JymڮΈ T"]'CQ;AjA``cQp \(m7xo9%N&c$,{̮< -VQnm'LQN2yy YfY(Ȍkn{sڐe5On Ѻ('I~~uxjgBy=Gr3B|?EJT+m%w.ʘج[s<Pp=R~FN9NaVxS03ҚJlTƉꨞCqvu]W OXa4<hϏpj 0w!'斉/TZx"Iq 0G"Biy>y#([(:`M \H1bowpϞNܭ_UJ4 ,SX9}F@H\!Ƀ{s=`;0 pfjN|>|Tb095~uX&CPp5śd3 UTVHcZ'ey0>Y$?EI`ArԹ%mp 뵗.ɼݕ/3O(a͌{f} Pѧ0y@Znʲ ^`ˣ^[A(?kΌ&6tK- WrF]`r=GWg)Hx0XFc{8iMٚyC݄pIEۮMkQbAHҎ:ieȔ wM/DP2w'LqyD(zL]*1s G@O_"FuA{!fHq[x_='s,A4 0Dq! hh&]1nvRnqDkvWȻTRd&/M(si{l7Sqg$֡pI|02m6LT/Op!u&j3d%=zLb10.m9ZX@e k_9#tlP?I> Xm =5Z5~Г`RReS4.m"E$Օ"BZ-@d,* QiCD?a7h2 b[~JOo?=3Ǘ?%7[ 9<%B+4˨6ȉ[ehy%L1dE&jKK0t挔vv$7ɴHEʉ!sҞqC]|s|:-enT*ŽMwc8OQ)qPwSE>=Yuw1iNfdJa qAtW;sE3K! Wl="LWfx4ZC &^pqL+9=ŏyl?j^/O(-#P ld.*ZYԳ w^d8qr]\8~ҡ/5ڏM pr4q Oҭ")z!4̸?Z`]{=z],b߮<~RhvX!W GV(%r&J@Dp7,My=w~pg^d, %1OUFh@h--hYorcyKi:(S*wn>7uUv\2mvyhFO 6&cT#h4b$c SbVN4( CIj&F7 j=E#1MC<` qMI]ZvVuS)TI%dX^|x\$޲xq|KN~4K]u{eL~M8[O.,8i铺(ue>*Κ&s1kaశBzr'qbHwA8HRimѤv%XXMﲪW"-1kUf˻iSNwdsx):O zry{(4!~~(?/-oT9p uXFUkX=E;Qj2;cHtuæ2sT8<  q,[KP@ґ!>4vYCΤ7/ շ *Қl+h5:>#C3 н.])}Y_xR?@{{D#, f5U21/|'o0OmaL. 0\_Rf8g5[ .EloxDЮ)CE DWV7zqx9vE]@l~,U*\mȳ9) '`& /\P[~nt%pYAb6\Jt̶@OfZ2kl[GY!r0Dҁc& y8Hcug'bCiXSb\^EJIBqHBejisbT NZ4W(R0c&n=D2e3YGN`*rp`494Cֽh4K0؇~AiGtZ_:͊X~HP$oz)@)&5f[)Ǭ7X\*tE2/3OPɚV1o{ĀKwHcp 4 ڒO!iJYo&VDa_^, E@373$u5eT%6'2(KduYIk:g: E%vʧ3=@zrVv8`ep?,.o})8_Lo~} How%YU| }ߝ-=+2QxGe {9_ڦn1{qL*Nի.l3"X#5sHTW'|a-<_ 8=i6qfAӝ4>i.sN8L%>4pbaz*[qDVP!439^ca ɟOMw<<Rcr x}Ic .&WJ5xl4\x>MwW.*&9F7RLEqVTܯ~MTǕJkA2ê w5RD>7Zi+4-)&l/K4cB i܇&[!\?ɩ#2#v'hՆIPM̮>doßWkH*p0|@Y44dUTS;?d&[هWl\>`,_ _ Zpy<"$(DtũG~4~7 `]f_Wxȃ 7H{PM11}?;{*8,CDr&XtOQ8$Th1PNoQ.] hoT53<}eC"ד(>g&(t,BT\!4ȝXH#$ :`I+HMwҤ8K4/>,:L`Z⮊l-uͻOXyΛ>;)/A2EΖ%vbe!1C8j!rIYg(>+(1+Eqfq"#ILo +/=_gTə'ȅ3,I`s}^Ż/U&phJv10m,n+t˃VVS}ڀk)YTDbB7hGKVwycE>XO oĜA[+Amxc7ٍB~waSi9ƒ{lJtie[P철BG]' sgㆡoczͽ欩f%ϵ ƗX~m"3,F48.}L`v*K9/s8" kQ9Rݽ\Z^Kid~־ܝ&5pxi~A? N2B3˝y>ENIP]u60ȲY%EV0N[__aqr,8e! ^Vۄ},B ]l:^t-C]L1Lo'Mryſ4X~cGo}\XbYPd)UWbVjJ`͗.vFY7¶S} FE }V`]Gl|;@Ev)F$ P U8T!S9Q4A\BaK_?ܝ*Y"C7??1܀ڞ@~W_Sp#i +\~䣰5>3QwTeO@!cGaX8dFM1ϕ4~^A@Q,޳ nҝX\ʄ>ԬI=9l]#v۲8]H i tnI5.ҙ2nVI6RZ+_>c :z1g%RIIPn-_]1XervXr\QU,mvk,TMdkׇDihwDT4sY,~ NtJU <<֩nލ,KGP@.[mq X+9E/kr&,U{îiXX& 虊;+Zj%we7f+(AP+$U@$-Ԃɣk4-q9NЏy%Ir1|0[E~!8#-w߫.[Jz6`VFѭH@b`ELj6=!F \e6.Q;ziteVl F?vCLH^^ۃکߝxBp̾fHw}ק$D9v^ļ/<9caa5尺@pц4aEJMրFf򌰘;BS E1rWE (:p%}Tm6yѯ &g/E7&;W (]f'2OU?U#VN \Τn6uI7d@{:`JrvZ/U>xQ g)ԧSQȃn)IkwmRzfeCډާBT7F_#[= d&,ZS듺ђ2aXZޕCě'`~EPMuUOxC0[N^͑bcQbNrBQv̍mT.7<_,Ie a"uEPY[U8%L#hE;ZlyYy8gYh?8j<MZCˑ6X kKIc6zw~?ޱ*)al~>W{=h(IM]|ܚFq"N7ZWt۸=lһ8^UvAv̬%eX zPb'?K͡ih6Dt D[\g1},;,sr2Z>B/qulǠ#L1p<΀G͊5~Ku/xwl m$d!g-diHlK[in?,ٹe֖qïX( ;5 tvq\ϰ<TT;YܣG(oZH|+=‹w͈6؍r2fo$ eF- q԰b2[gځgz[7ⷿ"t$sN,˿y8^<9x/9rC-@(&X-]z@ac ?&[Q ɯDgwe/3Qz(OX/vR $(׶$}/]NƲR2.`nϘ/85ͳxNr//cAh=@õ4| 676Jρu# guɄvKO'eNPlN8+# 7gQoKHv kP N^͠ioeߪ٢q1ڋ%}cdVqdŚm`C{65!pQnRHg 8cA^nW`X慠pyN,5^߈'cÆ{ J;T69L51dX=W܎ EEN]8w2p.󶔃<Կ4r8O)P@O]v)]Q/cmU% A(}_HpMN*lw_iJz%za!paR?FB:`*ߖGhnNE $m)[V[^];'QĹ팊|ldHD$ӆV,`~6a$NP!*߈Hj_u4+gE/pbU؛mNd@OiԐc'P:1څp[] 3(W?Oz^#~: ^ؒ>K:DvB]P1EUN}΃e$ۍq()T; }.ys 哞"bP/J)zRcf{ӿy\LqSWi.T[]}KF Ssv?!b_eX>κ ]EsQIfsiڵwյ'a@hѯn~il+uކ&bDJ[/ƠC\ ->z]f={?TyDSx@6A;"eOUJ)0?.2ELm /Pt+zl.fZa# kNGȉwi )eW|wӏ# iԽLIT|HM:.Ĝc ~;L❺mLGKmjRF ҏ<'ӗ׹5O6,9tS/𵤲cpJ 5_z }274|0ͪ 0{2Y ELcKu;dVkl{8}$TyLB d/&x'c=AG?H5"þ Ѯff5xdjE53f4}2, NɌA9p  ~ZlX@3ԴsĸrtX` ǒ -yx!NQ;D]ݺM}c*go>/ʘz ̪}:pl1NLmx\5pnveLQ&eez4$مz7$ŖҡX Rp^ݛ)r9 CIxCԥ n nbzZi45?({m+ IA ׄ˙g|!8Ʒ ֹp.6&L(d OvᠯUzx xGƦL ֛\I/eqm )sTEŌ)t5A cՈpgoAs_r_& M?JcjQ32rv]JY` $,Վ.ƥ  8ީ,q0(2TQe]& 9}Lj'.Nɭ︯G[6!߳)`{Mō&%ȡ蘆BMOg~w 7ŋg(;IZs0n;S|R]ċqw5oy0h/AR9y/_B$LR8 ss~c+7gRH,u]c VS3kY qԽZ?VSS\Z"ra}m{>ꗏ⏛$ ӣ Y5x;ȶsTwU =<"%=7<* ~C*NKm RLC N _R13z[rݍ8MnHQR5;cvɹ FvC{o,BU`jtm>&ïJ(EY_Hk+᮪w{d@3(N1ՙ:GɅ4f'ëG: u6$r5" e"B:^@DІN@"oBԘZ~DsBp!!2 &`~IGDz0DHch]bem4$;VGZ$21W ld$[;Kr-` I1HĞCF,;;Woy=eICNH,ݑUabSN Am!zg (ʆ~`&]uU@Z;/C2R+ƊZŚMXrZP `~rR^~ k,גZp{f #5fM5۾x||&#,+M,JG;j$lٖ,Ȫ)CW,n}c*}FUH0j&iBI29HveOej~EEEc; lm6㣷&]Z5<6z:obߏ/)? WsБDYu6vo1۽1I+vŀY\Q,\ {D-"Z8I5C[=]l`C+#;KG}JjE5Zݷ\Q W i7(^}e}u3ƥc R%Y;L c)yӷAP>6(Yg1LK;$%l*PbftIx*fYӸm˯6cK> /B__ ܙ'䣲˹(})aЌSȂzPL:4Pᗮ0#5u!5̂l^uk'>*(1I80rmΐPFehJHLmtvK?*'h.U\(!g}%fIT9/\ٶPGoDHϸkm1 t.{@TZo?VĽ!|ȗ_R-!t %w͹Yn'y}jg&a*XVjkᵐU8$W[@Ls+aO꿈_ C$l2΅i3*a.ꊯMpʺwHL56 b՘ Y?0:U5>HNG`18^1H0_ǰKth vVu[ssJmd5O4h3@m7hPA >,)&voDK`EȀAՑ%ΦhUy|ѧiK(U~/c6-tt.&^UM`H5jܪ4^U[ͦTֺC`?2 'dkU+}5fvWP!i 4P%A;r {^q!2c@eU O[UR|'MYz3:Iui8n:KE] 3s('pX>j_K|ǽ2#$=.FeY)3nL֌|: l81,ADfW$E# ^TXR$uR"ș;ЮsASdH8sr|h=Bo`\gG4iel^^(֌]Gt=H]ؤ3c|&Êp 'EkBA{ Աx CexKJlp/$+W_B;!*('y n: 9r!N&^Oh }5Onw<3H_ :ɑDʌYBq4h貔D=cI4hHd!$ZD.Z[SVy=' vKH~yϿO IjU5;2' 'SokAJCih~q:l$MVV]<r6T![BZOv#VdwغxTA vCIC!ec &مAwLȢ(Hk^O$ls`V.dmhqŎqBpbbt.AUovs?>x!\?XjL%Zq<\T,Woƀ%U+ף/M3\j?Й;g@qZI^J]h鏢w񴞿/Wsrc&a,^˯HD߱N* Q$Qo @LP&z((TYWP$7.em*Sǿ>#MNdFB4%W,ԔX=o^-YM/-FGsc"gjIk8Eakwgo*է.[^6_׍v]0}qp$-n'.|C}rnNVgpkIڣhEJ4pVR(-r,b}jB_xUŹ۝%ƆN_6z4}!X5O !HƳL$-+g 182Vj!GN}+Mܹ-UɻO~|3t=M㼠r@4 ٤Zp E?\,,V7pXAS-?&=0NЋa( Ƨ?\*Hff5}dMJ/c 72GѨӝh<"GE7^k Psf6]Ɏwp#$X]d¢Jͭ~,'O="$rIBwM4l NB&/PM8Da>N0 voTT"~xOOɸ 6Xf"f}p#=u!uON:խ΁: yIk{\}ܚX;bw6H'sEӰMvT1 Z?˥5}}m,:g[{zLQJ_W}f!NP|`G13qBYFP} AxnY5|'45 +wc+fwJ։JQҪRlefeU)4%56oO8 3;T"*V>̞[_$ !hR*"^jJ6$V@ظҔ3"7;65b!+Ui1DZG ::@m?E8H%M@v7!`SK96(NSM8jY=Rҍ:s]3T[wH N%qEҌrӒIH@ARbL]H4$L7oK}[iI_cnb[)8K\Eu2ͬQG\|+7.>_3ja[` LWzajEr9mՓռYHFvd&Q:'. ~iԏ6Ffrfœ-*0)]]63ng_Mپ9 X7NFATiz:Vv/s$ _>x?n]Y<\,!^i9G;{.(QLEƺY^'|㩁*vJ.iēwMﳩuTbŕ,&@J`D!9"՚THt.7d )ѡ)?r-cg LH4.uS*.TU3Eֱ6U<~Vz gA5 [\gQRfY׭$~:i `X\ >Te1'Q3$_*?[6iX`f7R1@}w]rz;QK(LJ[ʦ(- tVf8kGX.ڛxZwF~A ]ˁccVA(K!HɇuM׵YGzz$= tKo+꺢1Sڥ4m?bl>Bʝw-LMKGnΊpD2 WG &GjD ?te2|&#H?bBcGPm wG< 4?T>LbP^yJŅoדtb,9OZPG>Kpl~[.9,>L^$5?D:AVZ]&3;Oyg1Y:]By#Sm EF4Cѡ۝uYx}atl{P /P gf@<&2z {SMXJ©(2ABso)|邍+ٸCQ5u/*[Myݯ*Hvg&ڠy*g$crXCrtWhR<;fm\i8չc!u:%CWE;F|J@^@$ oCCPḢ{ m%V'=+s]_XYlr+ j9M GͶ[jt(PprӿU|ꖗSdӀM bmQu(~VjLfboJTl{nwR\3E.h(eƛoܬiSz@7/z+²(,W?68T'Ny7j8! ؔ'=g EN|09p1.?/W޹ÒYE+dE] vQڻRp\tZa`t֧33 {`+f9jV@ lHnX6[Ì蹰i5T 3ıASI,i1T[;H- rWJ#TQ/xX7W3N6a[i ttV^=e70ԛ}#׫S!u۵:(h(%]ý0 z2LL+iI T9 #N?| aiӆ>[*CcO1،Ͽ.U1lJiO!TO?i&-`f>-ǘ]"&虾:Z7e= ;nܲ"r#8{ƙw@m^3A[`l?G$/**u^cQrc\㲶se)%k@A7琁Oj8ǷdR5 u **yf@yOHڻSYf*Rm_XO`IрG>8jRvSh1xrۉuDJwCe$`]y.UiA oMȩbO 詳"PC}>bgIwҶayVy K]BBN+UIi=4axVo$-^dzf65Ur._<YkqY*ss `!q3}5j͹ Jhܹfqg"B3{]PS+WVfC^zu :%4=XL1dYŁ qD`_Z:0oiUT6W"LZ\c/|'UxϢm\vsrX6ag_O l_)tQ[l"}(0E)8Κ`L,}y e;8&u^(:7~83jy}6IF7%)CGO!>6"tWnC]EI)*:rbM=n>) :!6.X  K;V vvK}mma,N0v*`Es:bczz{fG`Vy]˽8dP"{59jP/OIpkx6S+2yxsZhx#Ȇ\!a{th$pF<ňGjvAe߰i3$^o=xbt$+cOU&J%2$uL0MS+"];hIuU@ @2 -W.0RTUV V;Llw1e>3%L)Cեp6z]궕Њr,[6@~OmC_MK% &aV"ӊ7I8U}ⵏ&+I-y3}i͘Ac?mKS{VctFn1s7!ۍZ!:*cS@,6n ؁_e9O(cPd'45b0BAÍT"P3[l*n6t bF$wVv%2!F$g*E\sԖw5fbE=R sB\UL*b8;~jO:) g/R@v̽ `W|OX@u=cٝxPڽFbңP.xP8kyŶ9΢_~*kDՂЗ=_?\5 &"?:T6$~^XQ%.DA[QJX*T]h '%꿀=q5tAū#ҘQ#}ԖMM9@p? ;_m\bŹ6= +$Q ԧ'&gP_U5_a+jI~nffYL*YR"qKml71O~5X9"t\"(һ5vOA~^zHh{.]S_n_ 0j$=D&)tJ\nWymy{eJ~p O eCįGypezב oGܕ7?'o\xMu?JDnFxm.> D(',1F Ygoq@3_kτ+ǫJ2vQiXm5⣘ Gp;i_ ~5?-P4j548LI=8O\g/Mz rvy"R9[0mp"ͅ[21\c<0\EQѴY# il9'L0 ]ה%騬_JXJXG;ڣϙ"CG;Lv~;+"\Z#x5,lP$Ѫ_6(;yu9 ZLBR{WdT6AE]cwZNXYFhd`#2/SL>-d0%Mx ؏7Vv~KtdW`p<(V.ObY4 F7.Cz 1l?NCע+=o43Y$wֈ|ا-Mtwf̗c@(r1f2!%&Cg~Q&iH=bʩX)G\Pe1fNQ/Ccv=U\VHUmj)n겄Z.w k- FӞ˝Ggbr#<]"U&(1te!QY$6Jސ X-cH".f.L=RHuXKLFNڍ2 |R0fc\R Ķ`J?鈽NrTQvQ=՘)^.Ѩ2p)8x I5ЧNγlCech nMow:uCo&@f7TiGbkOmZAYi&I"轾+gu^վJ4 rx")7żgn9xlP{Id\[_@KuU}= 7k1s:~ri&p9!>tfij` t~\vBP|EH\T@q-ȤVVs0"_vyk2"E*֖sT{D5|"R?r&hSM0mOXye5FL:EO҂3OA ř4F1E6 o%УT0tLE55p83ުL bCp1)D<|ƐD ơ"DqB&&-QOֱX+$J9"Zn>G6l~>߆'.8ίVaA{lF 0gs `ʰ:UGrugI&6bvj>Ap0P^ d %\f_+{&9c 5B6@[<D=枏y[9jok#U2E4(W!ٰdt*PD6IWk F/[5Bt`0MWD3q-P~Xv24c]n#Tɺc뛴˯Yd8Lbh3_hi9)ܧJ$ O̥Y^`& 픪f 2acsjf>wjewk=K  6q!7d%BE5^DD 9r55TMyl9N:#g\rwqKy(ǟ-z{B5zD}2b.@t˻Ф"  ›Vn6x vE!͞}!WYx>4hxE~2~_N#{J(e  H;쟧g w4S4Tje #>1/O2Äp$uIѺcV;oóU ^4b/FOrIXBc2,AF󭄌ňn26ڧP>Zwe}w| )b1"yF1:r9e{ئ/(oEԎ+'#@WRwy(:}ƪ( |'J0k4\H. _u1 jc(J4d#@~dUCVu6  A->uhtp Ƒ]YV+ X㷘w+p2(E]],YQiNJtAY- 흱eUvBb%}.X^+Jv %Q Ƶv%V`v1K, p'OH M:}wYZYvpI#_J*S9Hf{2B,;qמ䉦]_`R5889nP6ZM-xҸ'k-:ZMblO1]~|0ha|l h mJpaX*m~_6<.^cRgc\A`C@ڼN_f%8#@cP͝}_<}UՒ' s'>ª(q-="T)E=Wי4;k/oT&+./sF>󽜮.w(_~Vo0[/?8+S<_˲ 6%dÖ<~fIi2)43+z⇹:U`f zƳv.&qxkAK}ْ Q^Q;Q`fN0OZ`x" /a"v oa 0A1*2UO]"< VCB'*Sy'w P$ Z/ 0 r龊Ԭz[dy+.43gԫxU%%` k JtG0cdeBtJnC3[`ȑԏ@pd q ^[R@N] ;i}♑`V UKhxCBy~F#Rx!d`N0iIT)|YNW аkQfŠ[jp f! F(M(y\y5^06uwMLM 's KY1 B-%P[^‡HDFw_y!c377)nOªtmcjɰWJԾmܑ]{}Lvl>-2"2eP@;K&v^1׎&Keh @v;*`M+D帼|~j,EUΊBKތkhԠD2Raă]4j&o/tf̋BV=T}VqM7BɵkZNWK`c|`pnŗiȂ`&6GNGQi@]@z;dRnh=l,̚^pa^+"072L:Yf ga R:& ҿ®l 1ymD]\ KYmG+9|"lBE<>&XK Хm8bK环۹1V#涻E5:yulT{4%˂&+ +f 9 ~\CKHatCeLޯxd4}Q/w^ZwMϭ+^w=vyl17-&;Hi'\Z$ a# ?I'!Ѵ~ T~ɕQ\H36Rw6Q[?{`JY%4Lfk6 } H-Wt|rr>, yQ>!cJNy$(q(-xo3_xRk&2 >nIK:r}2La^W.ٽg 6{ĝ5q`X뱫 7A0^L(]5OԐ9;175꧘S3Ei53AW֝,BEϢΕ9ԡ"*H[tmjcwFg^ s@Q*.ɉ6+<u諡'޳^PjɅ_X CXn-wI-r3cqTq)e 6jM>٬{a=A&G^rkl1BòVAc67ӽp;nq=g0IM/ m/l]:% Q^P{coL.ͤ(*v׊stY _QǦzhACqmh̢t(?OeLO2]lH^ۜb'[dF:7[|]"G7rF5$;$ EʔN+71/8qY86xaOG &)+Xoa nc^7 v^ hR6C|Hܑ4m*f6 U2fܓZ{[t5чfxl+=Z$}@Y.缸dY:-@Tt.M|izwkcEQB櫓CA 2Pt:rx3;į̌hK(&?X38~_';&w,rɎ*j/ҩ\Oxqvx0X" P;P\$Fzuf0![+,Nj :^2$ L,v&]+EF2Ӷ4O;MN'8d-{TBo˒A!:zPt^u*{q"qݯi܌ bluv`M_^駽 MΕILa3[{ߴ'ZeLX>{nz'|lR$7N1/y/gܖ۶isƭ#ԍ<7;aq7ƒ*XJ{@WrUu+41֦B;C~hDvBp ~]hCj2BYzS3jT.F?g'"yLXSD8fX DCJ,fXZw1cWLͱ{-L1śihoC)6K͇x[YPC!"r.=ǯy]{l`'l Ѧ CYw&1VfY@lC\ON`;F2 k417|y౳SVVp nկ&zmMz|q0EК7ʖĀ8![!9 #qP0h(Dnh`7^e$\R'fV 3<A1ޟOt?/}apgwё^?`8v=Pbv_XXd51OJJI5Un͜țvH2sE]}s%0էGM$ȹ`: ɉ7xA7 F g[aUa@ <{;Ohke3W2ߤGAz[~ڣxj~Ah/xnX F7 و.PŪ'L8++OGaQhRA%u^)Z|M,S:ޝV T8/x⢟9MfCR k .O zo,{2*cFq7dSm^q%$۽ܷr7/InAQSDԹ@x#Ֆ j}u1|H>t}_i7sYmMA%걾:O?=WT&޾ ?MϋcOm n@9韆_w5\;rZ r"Oijz9 vt`E`D9H[P2="}(D8eXZ\Pb;n9ɜqIFvCP3ObYpGvW.E7 'c*[I-/ !/ܮ9(Mf_t똤cFl<'ŜfO nT qnzpM86apSJGxFla(]͹}wY>|=e˄uk8okc^ Ts*H(yv8wGxdQJ 1!\|ΓZugpiif&_Q0hSVަE`W+M!ݴ3el0@YK#:fR՗3.0?utqaml6Wk_Dʲq>}3Ɖ_4 rQ}go. H A"\ _)góZS+IH>OXor;|fjכqDٶj}NA"*4 *Bʑ ѡ!}ШO7#Q۶űӼN>I;o[fXn?t \۝D& M6rYTZMOR{UuT4< \<+̸9JUFPY1#}dq1Q9Y)"g`%ݧ? {D+}=rNQ)zeA;Oq$3sFk۫ɍX.ԥ'R80'X {Q{Mò˃Ȁiޱg<eN#gk4 lϠfK tlݴ8c1L*!lZ81H ] %+F^ȡ({"i9/{YOD6.7#E#ǪJ"(7n<0So* xdR7_$xŗkK>-KBdoVC `ȋEs3;Вͦ !# LO^PDr )9GEH=ٯlPaEZЛQ9lhO|2kae8b[D ?jGĤ?lH:yVTR^+/4&5JT a 2;tզB${ << W,աYr16L]Kqe.d5ܬ=}=]QZ\TC=kE]VZJﳩ8!J|y RseJ9S{$(# 8m{ bb `Cz}G&zeh({ɟ.ӣ:8fGܞ^Vbx؄W]a{~0sp zwW#L< .7?01g^x*\:W1`+|H5H ︑F6&З<YV\z/ / jF q>䳚P;x9 ~XDG @<@ [7ЃīKڱkޗ/+2Zg!hD9\nouFfLWhwvP^xZݔ/Sҕә;-ݥ_0-hcE28W2'[5T:bU^MQNnJIJ 7]E9gn*q?uNMrɷP|Ll;fx܎Z$1. i|#/bW>4\ehfdkgf_^Vv0+gZ:c)Vfvmϒ䡩V'엖K?f# ^fTZմT QyΎb"TY }&Th6Lg}rC8.Ai z1|U espx Gw|9"tV c o^Witv$*$7T%8Kϖ| Jȴfhd8= RPХGWϟM<{/-;y~= #Jx8za>$9BHʠ$;|,&S<|{UYh`ޓc_ot3?JLV]YR!ɕ#O~Z枕Ome\i*aקűvCĸ4{Y)/( Wyä=Rܱ+:_'r?TNpn:NN].*Y@64 ]/&M/JDtnaM UN)VuG@xm%[7/ %l5fcauߪ7|@G}1|Lo.|*1䘔/+؍az R,o( ERt'ފc5IT <{(ٍ[~r>d# =Bb X2ja1=NSQs!=U:yHtd3I;XxUǁe&rT-3*|l .˪X0/s7#G/)7Rj$DL߽!}c/|.NJ6rjX skjxv,bk5a1C=@Baw7:@! ܧsU$}FZ(=NhB &LixQ_g.@iիwin4|_+ƅe#V$lR~8&Z;̃e+|[x/](tf&3[8??,@G 5N.cQQQ ! [2Ko GN 5k鉻z*?!:+YדkILϥ{C:)?Qv/ (3B<ȵmbAQR溳6J3~4p?=/C?YQZfyљpd~ܕ<#ɭMm’DCSuآ-૚J!H46PoL64!FE`Q@p_ROc1?4lQ&gW*xt@mM2nü$*CTᎳ톋ؗVwx:C_Hgtk14n(Q N |PvOUjRة1Y?>g}kzM&k<҃AB j S gE)~%)RfwSgzc yÕU?dtpguf 8B@yb R`X CUtxff cC*8bsoMV /n$_UƂG@f1۹;LpŏkXQR_>] N=Zp WsjM!op(%x tֹP FfHn.KQ:dd뮮Pywwm<,Ҩ z|B6<%`,o&@3jO$%Ξp`i DXރg'4tHGmv'xJ~y~^{e 2.ѱ:xm İ\rO ͉ ŃVQjPl)3?jYdZ=9(h??%639ϊ -CL_0̖\Bp,NɈ& hlo0pԟ[R@DO.i6f׉% ?d9]SLF|`V|֗9m' "]*)}Ԇl6-';u$M,pb-*᧰Il H047`irSgчLkH`,ip6!j^V3 dY*,şKt+34z层 tXWzR > < @5=O"9a;U!\ed] {:zB;UBvXL3=Y*N v _~2=>ŋrz=pFM2ᙱ(s+ХsY4aP/,V,5DZr V S Ё}Z,}ҝyHpH{̻7ntўAu+zβolʝy[9ku4 x\R5g)rhh_2.2^u% 57!.)mIQJ *G0df` P AUst닔vO6Sβb6ԨLS-P\vq.)7KifT'̀l|| #Z6TNB6s=>Z;]a?w/_FONDܠ`8j{z &4xr]Z2>v=ڴXM3}62%h95d5Ӈ]k z1 뢱BHS+Zݶw^qͻ;쁅 R}Â")¯5|G7Di%9G×U^1xZ;Tdt5)% B@P&d$!*B`~=II217`s^z%ܯEG)Px6pp`8pjЇ8E3k{hUbT-".K/P$9s;מ@ \ΣEk5Ga̒3I+EQ(A۰JbQ%zOFg G@cw/3 <e0+&$8FBQD;}[,)fbgev;ќY7fUnȜ~~w չ!?YU)WH ]W?Oߍݻj1VvvFG:*tC]}r5͂2Tc 19CG+%C]}_^ɜf֦}6'q۲]kkkI>AX$;:oQ>[` w)=J(wS,{g`;=ʈU,hܒQ=g-:V\ƪeCQIl$~)L9d ^YQFCo!< ~H@OD"6Ig=҆dX{LI#/d%Q9a5-@AOg$+mO^BW`*MW1 $7`"WĈwK4/o LV-QZpr .r0iMcMrnmQ]zC:{=.;,8FH^!,LZl6RVa)NtX y+2CbMظ /iJ@PC=. W5  ){VF|ەF9T^bB`O#}ּo ֢؁gjW#Vu$!ܰKC:hkSb&JtBk' S mK;33}[=7ѶE=h2}oTry#s"9e4f'=% ` ]18~3/Qi SzBqN,6Wk%޿+cd]~lFpɎkZ.ۢJ V@bN:J;/2+B>vx4ӎIqMѾ w`{{τYPbv#s~ܿS*VC|-kyo'ErL(?= ! WDbM*Zg P-N?2ɹ?m,㧩u4`&eċm ՙ ۙeۏwv:/^ohӠ4U|1? l2H ebw}?K):RcE+xNtjd5y޹}gv(4}4$up^(EEe\k;y:g~lG_Mg7NmAPf-_QsF-!PBx(L$Kd]>m|g-Q2)SYF"tG37]#+"(YH((#]Nt<9 !Lk\tsW\wb8xSS$v;*jhUJނu/1Y]{a/{|(XgiS?5UadZ0 *1>f"Y of|G Dlv_sG,KE7b>*phȾ-!úa $F$q˰pѠj_\ν>'EkޫTZ]S=7y8#/1p`GYJ]户' [HKa6d v}sN)}iCbp&n\JwLN׺GS+u k5;ܝ҉Pr{߸"bf[֏5`J"ޒDHk0ir-^9o gvChA;2-> @R2~m8zxR>ZQYQ=m17\xN2[$÷*.Jt98{6͔<gׅ!?K5R!)tۘ 0,9l>̟͝.~_Qbu,mJM']㴚BkVLwV店|e좞 jA#y"mI2C}A9mkH7GWA?QV=n_㯙LxbeZK/e=w+5C ! aZiIGQbȕL# KOTdPH8]:v:Pi ՅI}nEk#yVBj׶gJ0<96itQ*9C}m%sHyT+$k$~HBna|* [C;P FV)Aih2G#0ޣ%<˾Iųb3j:X"i`ގo0:DLKx#zAͅ_y{a(?KU ڙH=3 &}((,zGdIu8.-v *ZR݋zͭ(|ىLLQ,_Jz-Q644D5J eh1"y} 1 ͊L?ODBDӐ0(XM ZYR$ aܝ4tDrxLM*n$k`-= doꬵ^8AMbR8WL_KZ,22E$(0TۮX$n6]۸V~Cr 0 8 Q z(+ U-SF0J= cAD2mFJ&EJ(la,Dlحҟ>dڴOp&Lz8s;E-DαllfOr+Q6FRҧ_9p]$g48(SlÓOtWT.Uվ8%}LAfox 7܇t6$:aD?5hB߶%.+p5[v&PA 9>2KuaDB~j |Nw~tF_Fem7Jۨ^o]5.~VXN\ݢa}Vj'VV=yוD ֘7ұ bж*|{[3R\us+JErF>r#\axv1XݮwwNx\!S`OnSGd?xF_&-2$iz1%NĉE+WDk\u?˱\L9ʪQTmؕ9_\ʿLy%W˓3d$|| OכIS` Ôy r,9wF9ύ-H{GF=mC2ѐYwas̀,qEf?=mxl! ӈr64ocϐ~ ,aTXJ2('R`ZHR5VyW܉K*.JǾNu>fl?k] -hޥ o.2 4U<JWpZ:<*D0!̅銖/յ(U7.1amhc idF ʳgRSTԳ."D(|+ /Z e  9iqcH53JjNN&UNœ0ܒaiZlʚ!> n2CDy^Sz\3h= 1dBD|Mpl=W!NW9M yl^#͙ȣ~ I B~<:^UG` =BIKERHI ',`chNNôpJ~fa(v L]Jm"MSϾkB5VӍ-/g*l +4Ⱥ75E GާrJwՎԲԅJ u-bnz%ڧo`"zޛ],ֆF%[q E:tu$nɉ~ʮ"aRb䇂OvŻ:F "틽kO57NDHFSK"B% 2zw`ߜǰD@>lE4 |¤ smd*-⚘h{ spJikyK[.7MAosKU\d uM8lxfBq3fLZ1!x/l|$s#Ҹ4*,TD "-nyI"TWM x00W8nxŢyFM=8? GP-W:(fP~L_Ce( \g01YY)~=<6 ~1>Q=JJ hHU ;ȷĹ}D @9ι YZػ l" 7sЪ\?%p)"^@s # ɅN:R О|LDyZgmmWPQg!.ljzF5@,z = '=J z]0fnJŝEjCQ#X'ՇN@$ί&v G^gah߫ҵP|{v18XOpbF}SQ r11~ʲ5NIp[z·WA|R2U\:y޳mKXXPq`Ua=@2,(=(pH)*d9z,(+hԖr~;z'vmQOQ,dTقEVp4f"; sئcjt_E^7 x y7~c :/͇Ed#hfzC錈 |*M8h\*⵳T[%́ٴ@uKKxק<9.2 ̶ӧRCOgypC+!ɈUw`Ӱ!Q|+9K?d[251k6ʳa2!ܙ4b+` AoЦҞ_|l>PfijϤ\ݗe o&4)zlIkUT=Qv+0ӛZo硥$ 7&pa!~*-4 a|X6c?>uXLJ`3sp[FuE-HfOvP-}  }?'@T!7Wsmͭ'Vxm0A0ræр6њ|J"WpҸJ+ϒvA]pA5t(5g(41Y~BdP}כ{iוsTej0Ox_b\%x˱ԭ\ rYg7UJQm4k}[kPR nlxV:%gGa !EeA_wDQ|eN5>ɪɷծ:0uz z9Y %uv[YK#: l P|Nv߬jkVk:| "Ưآӡp!<ƌ4 T3R5k!H};'u2s2~\;tk .[4D;+wCǬ<7=- 'e~ȵ#Mt-& Jco4HQǒB%*cg0[@pR??HD摸 8$#Gg T%{"q6āՀ?P=2!pOnqV6ޒ}<.(/V#{^>RX2( v~?ƻ6\CSւ\l4 O @2=yh͞IԿ ռT)|: f{'>x)ּ6IS4Je]'sݤYhV"aIƱ}˭Gng5-7\ ˽ǣD4$J\sQZV/- V*%-IL!roO- eo6>R@ֻFtg@$IT=u^zdW jZfN+3{Xh0d"˗;2 ŝU@( Ҋ p]apbT wc &$͔ₜ*Q8K"D!ңF/nawip,f9P>ʒg>>;\+oyc8D鸄UO5H^db͎Y./پ۲(l/rK'~/}CwRH?mfcoWaZrdBwz$0S?uq 4R9a߀L -4p@f{CZ qѸQ֟մ1UZ[zQeJIg~:9WnA^}X) \Z8Єc"D8=Y wξ,w=:aV yb+N{%A+%3)-ztU.x/0;O/٫yWW%& $Xt{i-A>lU+A+n0s'<)Ɩ͜-Iy ?f:G"rkwgQ >g Bڝ|/wv锲 QKBKl i:l|*W{ p,n\P7q,`I);q\ok$6a= +RhʝZo($T5^ >$&`e"'n˕S.ΗLu¸pXt%cjrPV7gp PH#+9v3]G}cG : MCŹ^cG$bm*Pzt}"LVTbkM퐍ߐWhϳorsp*S$#g=T(\ggF]PӜd 4ʙ'zwderd=KT~ i.Ass3/Uv*xO.&8(dyhs*R6~G}au?joɾ>"E12^ ~P]KO-]nFQ00ցo). x>4Q}NV>ԦH6+o[3E9j3&(G{ ~P9ck_Hp4unrf&o!,#91E ڿ;ZI7 2g~3y1.MCkIOS5<$~r Qٞ~CuIV^QT6]xfVwFrf⫰sN DE[r* rz9HPjfC)H?L|;XselِLn7}c52#=nud584&b3|Y0 Hx3l_veE ?:jjsVDt)Tn9L9 u~ Z[68l>wP~I"pWse8  ହMhtS>`98򖡮v7)4vژKyzGE{MD|7|(A"zaF 0NqIۼqdϷiX޿( ,W-={nD7tՑҁ~t+w9G5e Qʘ[v42"|z>R{{@g"7-9Ydz"a}%VYTU}_wbXndz~rQ8lM*MG>g̣zB0qoj3Qs)fsnb}\,Qa/i<ԇ\WoXIxg6 wӈX,\rs"ܖYBNѩTzMoK*0K3؍gTB7!i& a4- 9PY"5R(ȈDchݢRo/D艼>@Iˀ*{Yl tbS,V7)(<юO'\#|+/u<:xo|VBK{5֟b*Q lQ~JS!4Z'9bGNH2h/B&-J=-KdZ!vW@[aR"?g2LQ,CvaN澭&G:H*C` J gfI& }OBQGLp bӌŚʵcI B\e(^ئ#9o|)6mN̜#@^ɔ](AΏOM)r3%[c@LOe,W&[U}xۺ/yWhO݊fr!1{[=Qd,C&_$3=DeLCb+{V}դ9}$Xe< 'a)[U/q)1z%dQ21]+]X&gB7=LgWa+|kKX"J LtO˯qc)W&@Z/9ulhpħ6s8{lPQP~Y0e^Kē\oK 8u%߃v`:"qkC@"˺cͷm$`Tc^%q٩{v%^k47tF;*:+-~O>ZXG Ǣ3vI uha{ Q'"L`2Ww4k)KZm}bEBGQ(}̥IZ_xf,~of,L[Rsjy͠H)moYjҾ]%6?+?fK~Ywx z ֟g"ОLxHUNІCfP^0^"%TakU I9Gp{Zdo !bŗ,m |y dطꉇx4hƯFD_چQ㛷‚X/ PBk}KH1CMd^eZ t||M+_ae~˶fF-y* DHG^ : F[ &Aw!'Oy4]C]>ubh`[Ut+5L9ߚueШ,PWY?b<[7EınU |Fz&EE+FR\ _ykձ-]GvDrFFQp)X">,o6G(FІɤq \6\_d(rѫcw^9B@cJyGue~g -#}8LF>g'᪺n)3AňhJ1OviUffqƈ{zOG vv{J5エ ;MKvr>EBn|Mkz4#%mNM! m̏]al( :d#-itC_a (~n_," (?މ4,HUе3E'TI^|'"g3x6f8X_Bv.Np\i?K 2iU,BPW00lI:(*SQiz:y}~Z'􂮤|!x﨩"$;æ0n-Brܜ&N|KQ}@s @R3fZV&9 Ε'nXٱ%2bˇ_VcQIW/^X\;`>C+~!IqK>tH[d>A8:h&] XjD6shCႆ`LH; G@b'?[-(+@|i2ܛfr:c`#ә}2^!]/jAu?ھ !5 v*4пcT(ޠc}Ǫ@5 b](!vIvO<.FFD+bfqٹ'gH{3xGPEK@Q8L"hȉ:3hh$`;#do䠡э|D3d$wJuԵyG#i4 8 B"PC%-қR,Ȝx#.M.5)Bp8SVej|f:@Im]-}5*ECPп^}Bڥfm8X!n$,i C&F,?GodZ̐fNc4đufNzbppP)}gճjs_-'351wO3VN(&F`!0CnQ"5'("kJ#U Fmt`n;'ډTN )I,U).+]$9skmàcg]6/zȘSYS>) TtHrzq}ʠ"wm7b:R_19 HȮ42)HQ1H'ظwU ]fVW`4f`=@xPa 9h[ :JB4ӌ s ^4b&Y*'fKfO_grx1Ԓk.@P<S7ݱ1+m4Fʼnnp`BlY1We:CVj-"79θ7u`Iv '1<`cxrRjdyN0I!Z+k9YE{ 4t$mZG;-tX.hDYϚ4P!sc4 GXdmuMcV1ڪhdnvC/JS'FȤsrMx4 %U6; Q>NE@Wa#ַ)FWl ޓ0(['d:fx SnTaqNRʺAD䷮h*͠~v`hˎ2h6Zwup ߀ o-O[!PBˀ{#e҃GL\pqH5DCڇK0`'L8!B+ CGbcqĊl.!BHblCZDo0# $A% ,VZQ4낕9{FAFvzG܆,BDV w(/`4dPh`t4;)Z#{p{D'4[Hɱ]C.wo(bYw|G{=#4[P&F8ʚp0| H-#!Y1ϻA{!:DznCOdOņZ|FT,0$_ts. ZƵjnZbG` *KʵmX4BmHT9 6]48eS\2PW9̺.MƳpu|)"3Llg#wV"tPs~\ chnt>.knJzYgmlKyYa$]bHw@2f(%Z/frM54mb ځMIyԙw9>\~#=L3[{QL&VYl.$P3S:h8?6./ `\"]eQmP{gBYĵDˆl(E ~¢td&̃_T'4~:UIeŶA]׌lyq ̃[)6b >n )V^A]r/8Qz\^Z5~b/Yٕ1M*$j{_Iu9=զ>Lmr+*2] l >>We>|I~pTN|"x xq}sP'XںCǗ?D+Q_KU@N5'';,/ITϗ>S8aª~YVj1QwnMG7[(fkqYxMAM"v]C8c >}2q &\T!nNY鍏mɯc爁nJkdz"ZngN=p8c n&U8Yw̦\#)-~/o]s6nܑġԝO6(P֩CmQ oJ="Sz;hMM {qߎ:V|y?5Yڟv8yDlu4[aG1ulm4wW>{Nd7 2u)nw 10e&ޔjb]Ɗ]n:l~36ob̼nO(14#Xک?Qnhm7ss [M N1T:ΣM" / '\#NNK?,s% sݠDv-u\6xjݤw2``.dP("l@XKUD?, ægm/kPUVїrvnU6VtW $F{TJZhT }aUMDwȁM6ޑ́)2J#"sڻRAUc dګG$%B]zmm,Nwmꈼ7 2ڞ1EXɱM &zk4ٓ9,k\:8V!2 C@^Gx?c.;bxNhʑ'auz\3wZԿyDJUGn 0@N_7ʉ#m -ƽlO:뙴'lM%JޝmBV%ʑUEgNHG\>z(v2} C!8O#f[M-G[@ޘ< S rk%Fpٞ^+_=F[Sr0"l+"̔b=xe.$9M\ã(s_BmgXǍCE}=\s\w08(=JYQmy!툈Px @M ? 繻%B/!`"\ 7R}43Pu&?4:2L28$iIϓ:Ҡ&0V4Qu'G"S ޥk O*v~@svnaZ]h9_7W4ĭŰHa;i͜x8_mCG/ci[c%M>C'fi0Z),I$;A^E{lwwmޑVݢzP-8sjk`y{\lL޵ƩxxHR_qhyV$J})m]e.,LqD(_1{D!&h0'IXphrUPFc:=7O?MR,B0xsWaև^k4-z%#z[AG~B;|YCxs7$3Y>suH== )eZc1>nZ}w YVޠl`a:=be;Yh48zХ۳z@_ i[91ocG@Oq0jTbK—{OV$4>,U@DDœ<<9TfJoi6z.x4\nsc+PuG`‰+2>˕GvNˉnst0d稶rXJb/TV94CF^H Gr^m\uP@xz&X!N#.+tW]X#Ok$橎:gAұϑ: XCG.8k)11V;1@FwT?mQOc^v+s4,bfR'~L49e[~cПAE㠤bĬJ"@2CLX{ebjeT~_ZaO'+hIP%IPӉhq/fdlǝu}!߱-TB2|:K:;x4_ UOĆ|9~[tڑƩő|Db!a@?" E7 Êt 4 8ߕrW rȫ"q"7! r\p=~Em[DreXzJ_k:*)=c`fiLGAXT/P(Lگ"uǤNJXDۏB~H^Xи'*i:Yyfݸ7.s|Z%hINn7_Uz#h[V|'sfp}0[>i0inQ>=~u /Aw1,fDҤe#I\3޸-mՓ^k4l6qd܆| )p"/t9pTՋ a}';UVn:z$7(P&[Ӥѓ0dss>`'8̀Ϸs{!tU]e8)Ҍ muHwjN^#9kUy[Jh)1e $¥ 4kM; #h"qڧcރMB)bry:H|lg !;bRM ?.}y}5a>F|LJ{ < ^z~u$6]Kf=ׅkY},ɧc<*=I@~&7 X_zF(_L9F X~"(kEmr U= "ܰ\=jKZy!Mt.GEg1sr- 5*@ .ҫsNH Q('t<" ԓ4.Kkmԋ mi5&Jbĥ0M`]y_ O3A,`ӟ( }c=ܠuD 6zz{qHD/$ks*!5_:JqPA Ii?Rth=I/';q(d {E[ HWC*FxӅgT(InjF{b0h.i}^m'# d#HWgAPvIX$H.(,;r%rtD4hWmjoՓm$n(PvWce]b7X$ 1SJD\,[;57Og>~}&^J)kA)ȎqV 7NEP/{S0N&bPn2'LA:ϯ9mSj-˚9[f[laNX,v]L|7.D!'w'G’QmrgT;\`;uV@V=wӁ=( n H,(ALbiq/ P>p/0,)0YLXLhgu+qIOٴ5Nv@@W7JGQ-#=<5}βꤿ`}ț‘-M;FRL[oY>%dZ?sr J,DԔФAK/.F@\͟uW +Q9&dUˠE E]bhw<]= rj80f^VЩ,o x̺\&k(W@mftVh&]NUL]C ua *ׇPJ2G.gHo}2g/;I 1tH cC7CL!k $JZhA`)vlz7qa7 T.WfZ!K9K2qm|,l^=imܸ:Y'f+xCs,U^E$(Pm Qu8-~W|s-{grC@j8pH0"i\+"7[/RWF#-CK}m#6vz~ȭecഡ k ,-\$,< VA{C]RW潢h2ԁs9ʘg01 n|~,\Ns5ژ=?Ur]%nTU &pzx`t>9#[];+`d$,FvG 鿲^Ukז?;Z1! £]ɞ|T,?l%ͱdzN0ksHb(`0ȂPuHגxtKmф9 GjXB(+G,JMqGnADwA T*FZikk1`+RǕh޿&Ťr; . 3ΦlZ6> g@][=~'F+njjK^=`w|<lIqC@;3dd=BVӣݗ-L},?誚OdՏ鋶ǜ!sJpfP1bHtUYpZ&ոAgh.0 ^蛢|$rCt0?V+M%>w'|vn;Xqo'  S^E~$+nef^!:J^Fѹ!-DB593og43$I<yb.*yq\$!2 Wӭ ^mdhT.AL˧e,nASN~DI=;?cnwC1 s,&؜v!' M]ysklg۳ 1բ19;9w*8Up]2D]vD]Jy 23)/FV7--/(S625v Kwb!I=-OiV 5 gR je+Vc0ܩYSg|AFlHryjb˭kµL0IlhX֤`ӳ`mRcۍ$ңu2Y͹!$*`Vz`qޫ;KWc=v ڣ›7Oo.T֊VRLNَr71b€ 0IKems @jk!TJij$CO(F§nuNM,ߪhLGYI61LF6? Wܓ\ 0h\;>]3URa_lE3MEmT{9:_6F/ʼ uFkW+F8I~ N^ؼ:8.--w `}ҥw71#6^)oep<֏5 R9O\Ɲw!鰯P{:@Uop|I5UCKMu gFq}p>w5=kTr$~"PTNAcNgt fk̟vA&T|e8v/#鑊w64!Ci~YYONc&rCf nkl3J}$)=N<> jZC] \K!Qi~UY.ʊ0Jː*Maƙ>2j-K|6{T mbs@3GI4gUZSLF{[qr<˜~ɀf[-mw og"umzN2/\ Y@F$zW,hyLH'%1bvݨƑ]J:)ఏ"u5:ZԜFfh^AfklDgz8^.Sl8/rҭZhr=IC U!&I#M*:B| rSTOꍤ E(6(ެİW;Pia޹ĸ02 ނm C4J.odƧ-MN; 0꒪pZ 脂 5D4pۜ[He縤&WE[9zw.%kgI+kF| &Jf͇R߼X܃HD|zsM q̪=I >̍h|ur{XU9V"Hى0&@Jc2BYG\X8dž+BۥƤ*&2lG?uoa l-Řnm |H֩ j]`' ¦o9RXRZz.YQ}  9g05۰ʹ0lYkpnsYP{'3\nNؓwLWr> K6^ u-mƂ_ oMQM@4S8QѱRhxvIES禳-څL;O^5I0+#'gAS,afnBQSѬ)xj86S FLjvnDA9|gN稛x͎ӜNض5ǸĨ=t SόjF kC$(gExq;N٪b+؁+- ,u>*vA^$.~/E[+ms_]+[&h'&ٻE1AT\Cc'+k%SCuh55 &WՍ:Wʪ${ۋ|rΨprNCxp*/{e$Mƭ ਐBú!>[FRUkSDEf :A )G?zr$'s95=4> @ 3md %AzbTp O8%\4AW]3Q4*م%"0{)6Ѯհ1qi&R_WdivW8'iH-<4ywHԱ Ek(vNJ AZ}}1_±Rf-,kPY6'ÛW7ᴌip}5{cIGcԍx ڼUz>?m$[{f]I9AD+T]q 3ia7Əqth!_kʃ? ga{ Ѡ 0(PoTY^uy0i~prPSh\ЇbF.#/mxk1%{+%DOW%'/z~,U9OStSUUi1isuoPᯄ7 { z2_{!㣉IoM~. rŋave pf{zdO &Ym][dR 1#><ۻ d0 /(S3`a`ft)7,oJ6-\_?~ժxח8T?!a`[c]8 B3R*/,^UOoȈ("m?orYJ'Q|7"K) WG])ZWE7'|#a!E|Ό!R}iƑ %J.mK/w-|P'yt8pOg 2_`^>P{7%J0Wo7@d"e0d5 3f pF RA'$SgSdQ3n4f``^3[g4g]'Io7' /B3Tuw  ZdF[4zt @ 7oRK0{}bS?)بKU 40~bX)qQpN?EG"\nxP5Pq\:(O> #)AG x~ߕ0 {Zsqp`^}K>޼)ؽ6\" ~fʵ4P{LXʯBgıŧ`GL+~`^j*{LȓtMn낃B֓^~^mVFv?sPU(qXEHUM I0ԾRV~Gټiu60|:x vDvE43&ֆ;i)- /pU̮? [MAp)YhIOU[EMWڌ n$Q.1B ü.Tͫ{=C/6Ƀ ZIzV7aχP/_Qc5@2+,Fۑun}rwa 4ޠQj+4 "GaQ H*d[ٙ>b $4Z"d 9^ﭣOnp9)Tqov>|d`mFIoWW]MZrաUc/TtG=Ɉ.O s7]ΠW~H(ʀ(< р^@8@,74?@ϴDM;SeD X0mx,A9ZB2+zߴl?=_2PCKǹ_'t/ǼuD1çX{ \zOjpb唗s7cLQ!g1wnPa`V VK։ȫzM.jR  ֑avg_2"\p1 :}bB~¿)t^w%En:RZmQ)|Р  k,A\Ɠb yh4<iA:kAU Rcb"f_?l`?3XuӬBad`8')/Akgg&?4WwN_a:<`/=<@tYAA45uo/I̛rRU N7aڂ]AxwF4|W}}|7o;cRܶ=@O ƼFB;fiQ*余va0FҙhFtqV@KFUY;6ֆe̢6 1)q2[\d)vVa \x^QMkqm{~(&UOQvBq?Pyu-M s vn{+<~d}bqM¹&;ˀR^]kTprdm(q(é|Gͷ8Uqt DFǏ(dï ^cV}{9mV29$Ap!F0|[ ݀5"FtЬUaG:tt +70 $hu)QzkּsPng182M2GapFG5Kcps: K6ǫr"K\ =m~ .S9QB/ɫ$)l)" ޴x|~Cc2 ZLڎ6oJE!Tg6^&*H1k~[`SύHiI Q!x4/Ftf>f7B 59mt!(As}f6¯n"V t6N}6iвgl.,^H1dW}qj_Ix_w>&_>uR&sߙ?ǒGR8n&JrvW5QsrxI@6i!I9r3@~VzAJ,+Ϛk] ( `œ ZJ6Z=/`{&G>K{^8rUEXsPsC H]+DE}Z"&q?NaE2`$KOBiB!X $6pl|q"_Nޗ5!ؑӂ}<3RKPEٝ/VгX6Ifl)& u Y>Pm<n7$7׭pݎ3Lqa82bau}h0)=D d|޻+3m֧Z4@()KӛZi(Kh*<,+9ȑ!9\]":,Cmc/Bnάnt:FۈB[/?c{dJ #OܶuPNb hb=?tY  Q᩽0ԉb-v=s ,R*솇E,Sp;+T Ĭ5f6TPtP(&ƒ!_ ~0%} >Ã-3#GDm8BR^8hzdϢA 4/ y= 9IQtn7-`m--0bՖ$>ZD} Q#H r:]0۶&?FSE]̿__yLwjy凊']TU{B9T [ !5ּVayc/}Uެoґ~'qw^S@ 4.%) X lqJTJ]coT-,=ɰ7?ؚn+BvDRdhoV MZꖷ;-7>L1PКhwe'?E=1L+nLpƑvT`2Jvlքo Tg8ۦwavkF.c&MqJ{9}Uє@CUW*gӞa(*.;M]ӥې0dܓ'P㝶A,XtSzn׊a%sJ6:T<$| B}'R@xǫVP ZK&|p+ XS5X%Pu!n5t vsԣ!ǽYf0 *Z8 '؏ 3l!VM#aX+UR+zy`\f798M0c{s_u/.OF]r\su-TQ^*T~\RQqd'o5[ZByom)clC$7ڿVPw[FYpqsqP 2>+NJRM\r2ߒd{u6"HT|zù ,T{։TY Arq "hN"&latEiMIMnU%eg0 ,7VszJ1C&^1 3cp|N7 θ|lud)  jfOMOkAvn F~).ZNi?d,XTK}/yXM T'Kdsed'#k)9ry/gwk00C`|@v6N趒&"c%5_iypy`kS5[A]h_k;,HK`TOT<}!в|I(bINOI:!m ,Y)8UGS{4t'1>l1sVPgwg5DQ$ tˌX%,3'Var 4 _t%NDn6](*\#d^#S⻗Z o *CTc#8q^$1$U9hXai2h7-Nz՝e][nN`Ǵh_<5S ak*inE1^P|f5 _Y(=)02߳ijMTѫG4>:eyp+ E$"*Je+/,%E?FUAi:=DOpzHoxE{'wӢMN7hZ.c%p܄B݅7n (/HU%ӾhO @so\{"prmUB΂_,mC xڃqߏA4dBbɽQ-[R 寓Db`ŏ)7ԀI)&5Pr(1oB|X&ItCyفe۽^N [CfVbo6I&:ܩ\~\zٓ悚һ].yr @*^#O)x<¹e8޼VsR4/4%둻49T^s IϚP ,^0ЫtjI1a?@}+FL.,|nk Z[וP`#lD >드,'z%zp a3Oݲ9P >Bb:<c4oEkhNrp4D KsVS߫' (>?Wl+QFXtO3R({_rZ rFs1m$Y5P1b:#Ê(9ڐK9;-)ep)MhJ4nqa߇n!:13DVSq>A"`*73fsC|8ep}Ć1¥?LTNO35?'_+|\%$:cH]}[t$Ju'Xcǚ/psSK8i%(ܦ񿌏4ch%L[ebEЊ]r lhIbSahk3OTa\p Q;\T9~,S!&Xmhs^OԝXlzM.}OSߠV=/.Rp~!?2Z˫7sM}È/ݝ=\m%j~?ǯ9 .{Qf8KJjR5v9276seղsuPddY#ƀ h ۫6of2huѳt0"OsX~*,I: "QӞhXW4kTʿ].ۂvX_pg* dYtVv}̐ L%WTWM\yzBnf|R}ʒؼ&q&Oc~|}-bK]D/H4ӕ34x5z.OZV,[p, \j0NK$R "l&rn؊&Gbx}hV_soy aXMDyERѷEyKb?g0!HHp%/]zg}ڳt6VrxNJ̡t 1mTʝfz:0K׈x`# m% !`| `,GaRڕ mްrG)o&Ӗb[MvaߊƖ]VL?l83* .+M:.^D,_ $F5T>0'"briW{mbI!i6u0cE"k'\[]d?z/R_΀Y{(n,4dV.F8/"RF#z].af$lX_N|/D{HxJ陬gb/d%V!sŠճ;O[d'1ZBr{GtTq<#z,+ ~@KSd 9%LuB)@w~ygWjaC >m1 e~1 51v{}k'v#H~Tq:|<{je|S/%epW %iNssrK!C_1~BPVVpzB"=c/ BڎXY ![N9NhJb>b.>p,mh*LD[]j7t&V+M8CV;/wvH xZ @(Ӧ1m,BߌZU")ϰ*6M M`[kheEcD!w&{)iI3cCiQ@b&Ft_w$R0^˜>[g=kk( 6rNZBQy;vRtʕa2 ݏʩqĕYqBnq؇K}}qfڜd5 [?݀]q%Z\\j ȣшm1Q_yS8b%bzj+j%a{MQ5eŏѥ3d; LWz0.wؾ{hI<cTnrt163g% ?cf3ŀ3iyj7_FlS -1vH-3=H ծum}ӌp8M;PpSxI-"*2ռtMUeabUoo,{.V+*kKO63=6_qʴ"Z୳ }0Y) 1 Ꭷ 7گ]1F;O +JPtcDD'[_>@hS%^9Hw\IG-k`ór֣FDʽq5XMqt= T%\꫊e4 pmNTJi5~4VXi8{v<N"F9&/CyR[h2,tLni_OYYXy~5ĂJ&$ҵ>P9ޔ_]g)wT~Ž`s-Lp[6m *k?fN%xD&?ޅU&.xiH:dpr 1U^R`o\ju]erO&0ox ָuБۇ)kR.0蹢B:M3~s) zAE޹Ȣ懢Df[7:KSy$ bBwaNQ5v6"tϯm"! |T Gv/ 4yG},;&aȒJT\^ LKb]͖cP5_>)E/^ Hw?q!U8X!vƦKxwt9rD[e^-^)5ydܟQlrڕꌳ^Hθ >"Afyz+Q##+;J%$$@^)bUi 1Js $EvOpce1TH@rmnm(rۿ]8 1~r ˜OIg~+Wza&&y'xB0@m9Ό֨TG@ ~W$"I}zV3^pQ>炷Capk(1X=~bRR-C[ iّ ʗ?d,ץFQ#iO 1>^C"i ۇ%lj#q9'*E9Vbc ir+~u.q6F{Ui+fq,X>EޝuC-RQgdw]ɐV;hPfJH3RN: gIdQ^C<<q hv}&`T'u׭6OUyDzd?ÆB +jllN^'34 ;w̮ ~ho^FӶ!@W]?1KIO/}j/ZC ౤p:Ĕw4lZ=)!ϓ6iM^;ڷpE *Pr>=DX8]SǢZC)#SvhZr}FG7Dsza"Yw*fmP 9L>2261SdGK+!Sdl GtWRK9=kn u [ 6rI)N*:ko'.^K_s_~Ƣ7[l'EB2+[.bvb0$m,ʐT*06xb-aeR? Ow/A[F`7EK3{ݒ45Up ەm"[oZUY 4:ɑf!x~)꼶KBsz.GMiI(Yntr+[fqk] \qܘD0I=y+)6z u(dTWfjf3IJ˞S Ӣ_n&%WmL7 ׿tk$@ϐBy).RWG{.6z8YAesW+'!ÿmw[@˫h$Au 4¸m0QOnx#C`F(9b 06˧6 rm\M kҶGK0y:rsHgӢ hs߱ E[S[' W4&9{0?YFEA$-lūO{lQ}CxiÊ ?/z0j/tGa t<$~R\-@#{xڙlhMΓrOndO eqS:_ҞYeB EHTsbF p'εX#?M` |[Jqtvr!fJ~*{{uVRF{ Jjb0qhZN@0?f'zY8OodTxl -EgL1VA>hOX5u;gzhYR*"/q^eb} W0UQNez `auHv2ȵA'Ԑū]-ȇ!BD`5f=>ܧѐJ;a(.6$pDOKHr' Aԣ;W?9A(#9&k>:WEӜǚޫ9|Y0ug ARJnV\lXXR3(-; ^\GܪUw]aB.@DAG"l_=4k;D5}BKy֤4+lsFJxt(3E= TVL,0f$BRĕsqRRCy׾|ȭ%;R?dlr<6uR ~PH FA 0Uq;=S[Mx18~f/UQ# pg㵌wNu\ 'z,rq*PL+Rdo*r$>8Aa c.I|&bGw|MǦ_b`G֍pȫl"o *Qa($䉪fEyr^\Ȁ`tR𤪱1 $ 59E`Xr.ӜX/=OGQl\ԟ꡷כo~<[D}мt~:4UȢ<f)B-Fb썘J*#R+G㐚"r#ȁj75g;dh 0D%(59A;lZK^$\"-cIYSځb)*0W-1~бkk!Ӽ e uӧV?1ܔ!P ybbk3a+d [WIwkpy$-8jH_K9l0^M^oL)Z7_nJyRD6ozocb -:KxUꍅ9bN#mf3%'Ψq7Qg+ݖ,8uÇ*тzZ$٬6*Z͆JY'q p'4Ko4 N / qR5MVx  6Iv@.tC}Q'8b4?2yd&(bg%ߢ snԓ@]]%PZqXJ8Jp[NuϠTUNDYIuDU1\BUamVx Hz UyC]^C)<K,/[hK%ǚ埖3M˭uKco)@hu:Z*{]Ɣç=I[G!W;^kG`36vqq)U[W̓ k/9nkpmG2 9=viZAҰaٍF4>Mgф`f \tPxP{٫7^ʀ*Ӳr׎mpwBiQ.N;ڱ6R z} - 5o~sf:X JUQANV,_U a4γٕz!l;P">nnFKozZrmw-ʃ[`j Z_HZKraN}CB )TP<[hh8o/kh hJ,xypHm`-<ӌ:\83о`8 rs-F~N(,; ^cssާ̕W܁ } +sF7q-(IT2`R&QϽ~T(JZSWsm>?s+ĸ-|tu=T0)WWdjkxDz^Kh4USID󋤹 ZFX]BbÌtE~+; ޅBqfb01j(Mϫt1^TNVɯW-2& >'"Mu|?~B5- /amKEV^"q1e%Fv>')GcY`Ys wCІg.e$IPW42(0LPc˖ON֞`{k" l5u>oq ׂ}둾80_[q7.Y kU-U':8"ٟ( )2M ȓiqaP5~vKi!mS㮮y M45wEn3m#[yNP |d)},͇6`!!nQrlߚepډ) rb+6= (buVo+\h 3x.sѭZ6w2M V$%і秠SZ4}nN$$xM&3\@N@A.k:@<Ԉ2\*H&BFCfXK{>RX;g-/Q ;ZU]Cvd!Om4_&}ᵾF\:);0p  T3qVG|"?@_m becka ظzsbӫLp{݉T4L C(e$ZH;E*.1AG^yT~Tj+Ϡ3W礓P@}_i *}^3cDbZ)tfQ 3%`U\mSzŒws1udG 3aseth; Xϰ<`ߺGE 'gYBB* ]hSd\ +@Ѓr2=e2zL4XBM@JfmYt0s-գNZXWխfCk)__0C8M%Ye~_.T|g` y:a{to [8½ߑFHsTS]JG˛K>@KG-y#\QV)D+WFD.֌zNH$iL35@ |4^Q^착|b \;cQ dpH 0+DRғ2im2s)Ep-KXoc|eջ7aγCu_ela8&i%rh>K&n+Ⱥa5Xګ!9H~WKg۞qDt#{hӆ{xVsm2\5#rTAYt@~2ЈI;Moz98I-Õz[}9:40W# ,r_Fg( y+sa-qpT>磈]wop"Dm$?;]*4R0RDD ݎhǕVp^*q[3b3cV MH=l\̆>Dz@=%gP5LdFQ14t8B'zA%bGyv͂,Elᆪ>8vP9L)`tINX_GaD"Ŝ.?̱ \G#@!DV۾C̿+$lG#7at}.h_\ĖabO21xOl9<-8z* ?D 6({g>"9!N&"$Sz$b誊Nٷ1b1@|6'6YDmr5FJhb^*, 1$?M9 8B$ɺ|UCQ˥vvјȵ@&>'-m);rxooqB]Ԅq+R;pԹ㖆Jopy")Mh98tgih=io!.TxSLEHCZ 3exAkz"^/(Qtn~о=䖩ҌODP}‡xzuRfoHE,#cv^S2A& p"tCZNP@$0Q9[g&~rknOBVWJ&TTkEXS'A}jQ |͐x!?2E:< BW#(y9=Z)}wQMQt YZ