ntp-4.2.8p15-lp152.3.12.1<>,ȉ`I/=„z05as zjKE0H,FfaOM1Jufv=8egʉTU8"Pm+Yvf.Pђ;OTlExh`4 `s Leè0#ckJ^)r5VRzjTl\`oP>&4Jf|U-=/#tOT1*9V>" &nG*4\>wVKH̪S;BAi[1>}jHCVRSoB(f#$G>ln>O?d  E 39A W & ,R-R .R /$R 0lR ?R @dRARCDRDERFHF2GX2Jj2JJJ(J8J)9K):N6)=p>x?@BFGRHRIDRXYZ [\(R]pR^bcdUeZf]l_utRvwRxRy\uz0@DNPTZCntp4.2.8p15lp152.3.12.1Network Time Protocol daemon (version 4)The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio, satellite receiver, or modem. Ntpd is an operating system daemon that sets and maintains the system time-of-day synchronized with Internet standard time servers.`Iarmbuild16#openSUSE Leap 15.2openSUSE(MIT and BSD-3-Clause and BSD-4-Clause) and GPL-2.0http://bugs.opensuse.orgProductivity/Networking/Otherhttp://www.ntp.org/linuxarmv7hl/usr/sbin/groupadd -r ntp 2> /dev/null || : /usr/sbin/useradd -r -o -g ntp -u 74 -s /bin/false -c "NTP daemon" -d /var/lib/ntp ntp 2> /dev/null || : /usr/sbin/usermod -g ntp ntp 2>/dev/null || : test -L /var/run/ntp || rm -rf /var/run/ntp && : if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in ntp.service ntpd.service ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fi if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in ntp-wait.service ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fi if [ $FIRST_ARG -ne 1 -a ! -e "/var/lib/systemd/migrated/ntpd" -a -e /var/lib/systemd/sysv-convert/database ]; then sed -i -e 's,ntp\t,ntpd\t,g' /var/lib/systemd/sysv-convert/database fi getntpconf() { # Get the value of a single-value ntp.conf directive, first match wins. awk 'NF >= 2 && $1 == option { print $2; exit } ' "option=$1" $NTPCONF } keyexists() { # Check whether a key with the given ID exists in the ntp keys file. awk '$1 == keyno {found = 1} END {exit !found}' "keyno=$1" $KEYSFILE } add_trustedkey() { # Merge the given key ID into the trustedkey directive. # Add the directive if it does not yet exist. FILE=$(mktemp -p /etc) gawk ' NF >= 2 && $1 == "trustedkey" { n = split($0, a) for (i = 1; i <= n; i++) { if (a[i] == newkey) newkey = ""; if (a[i] ~ /^#/ && newkey) { $(++j) = newkey; newkey = "" } $(++j) = a[i]; } if (newkey) { $(++j) = newkey; newkey = "" } } { print } ENDFILE { if (newkey) { print "trustedkey", newkey } } ' "newkey=$1" $NTPCONF > $FILE if ! cmp --quiet $FILE $NTPCONF; then cat $FILE > $NTPCONF fi rm $FILE } NTPCONF=/etc/ntp.conf KEYSFILE=$(getntpconf keys) if test -z "$KEYSFILE"; then KEYSFILE=/etc/ntp.keys echo "keys $KEYSFILE" >> $NTPCONF fi if [ ! -f $KEYSFILE ]; then FILE=$(mktemp -p /etc) chmod 0640 $FILE chown root:ntp $FILE mv $FILE $KEYSFILE fi CONTROLKEY=$(getntpconf controlkey) REQUESTKEY=$(getntpconf requestkey) if test -z "$CONTROLKEY"; then if test -n "$REQUESTKEY"; then CONTROLKEY=$REQUESTKEY else for (( CONTROLKEY = 1; CONTROLKEY < 65535; CONTROLKEY++ )); do keyexists $CONTROLKEY || break done fi echo "controlkey $CONTROLKEY" >> $NTPCONF fi if test -z "$REQUESTKEY"; then REQUESTKEY=$CONTROLKEY; echo "requestkey $REQUESTKEY" >> $NTPCONF fi for KEYNO in $REQUESTKEY $CONTROLKEY; do if ! keyexists $KEYNO; then KEY=$(head -c 15 /dev/urandom | base64) echo "$KEYNO SHA1 $KEY" >> $KEYSFILE fi done add_trustedkey $REQUESTKEY add_trustedkey $CONTROLKEY # update from previous permissions if [ -f /etc/ntp.conf ]; then chown root:ntp /etc/ntp.conf fi if [ -f /etc/ntp.keys ]; then chown root:ntp /etc/ntp.keys fi if [ -f /var/lib/ntp/etc/ntp.conf.iburst ]; then chown --from=ntp:root root:ntp /var/lib/ntp/etc/ntp.conf.iburst fi PNAME=ntp SUBPNAME= SYSC_TEMPLATE=/usr/share/fillup-templates/sysconfig.$PNAME$SUBPNAME # If template not in new /usr/share/fillup-templates, fallback to old TEMPLATE_DIR if [ ! -f $SYSC_TEMPLATE ] ; then TEMPLATE_DIR=/var/adm/fillup-templates SYSC_TEMPLATE=$TEMPLATE_DIR/sysconfig.$PNAME$SUBPNAME fi SD_NAME="" if [ -x /bin/fillup ] ; then if [ -f $SYSC_TEMPLATE ] ; then echo "Updating /etc/sysconfig/$SD_NAME$PNAME ..." mkdir -p /etc/sysconfig/$SD_NAME touch /etc/sysconfig/$SD_NAME$PNAME /bin/fillup -q /etc/sysconfig/$SD_NAME$PNAME $SYSC_TEMPLATE fi else echo "ERROR: fillup not found. This should not happen. Please compare" echo "/etc/sysconfig/$PNAME and $TEMPLATE_DIR/sysconfig.$PNAME and" echo "update by hand." fi PNAME=syslog SUBPNAME= SYSC_TEMPLATE=/usr/share/fillup-templates/sysconfig.$PNAME$SUBPNAME # If template not in new /usr/share/fillup-templates, fallback to old TEMPLATE_DIR if [ ! -f $SYSC_TEMPLATE ] ; then TEMPLATE_DIR=/var/adm/fillup-templates SYSC_TEMPLATE=$TEMPLATE_DIR/sysconfig.$PNAME$SUBPNAME fi SD_NAME="" if [ -x /bin/fillup ] ; then if [ -f $SYSC_TEMPLATE ] ; then echo "Updating /etc/sysconfig/$SD_NAME$PNAME ..." mkdir -p /etc/sysconfig/$SD_NAME touch /etc/sysconfig/$SD_NAME$PNAME /bin/fillup -q /etc/sysconfig/$SD_NAME$PNAME $SYSC_TEMPLATE fi else echo "ERROR: fillup not found. This should not happen. Please compare" echo "/etc/sysconfig/$PNAME and $TEMPLATE_DIR/sysconfig.$PNAME and" echo "update by hand." fi if [ ! -f /var/log/ntp ]; then touch /var/log/ntp chmod 644 /var/log/ntp fi if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in ntpd.service ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in ntp-wait.service ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi if [ ! -e "/var/lib/systemd/migrated/ntpd" ]; then touch /var/lib/systemd/migrated/ntpd fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable ntpd.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop ntpd.service ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable ntp-wait.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop ntp-wait.service ) || : fi # no update? Then remove these files that aren't owned by the package if [ ${FIRST_ARG:-0} -eq 0 ]; then test -e /var/lib/ntp/drift/ntp.drift && rm -f /var/lib/ntp/drift/ntp.drift rm -f /var/lib/ntp/etc/* 2>/dev/null test -e /var/log/ntp && rm -f /var/log/ntp fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ $1 -eq 0 ]; then # Package removal for service in ntpd.service ; do sysv_service="${service%.*}" rm "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart ntpd.service ) || : fi fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ $1 -eq 0 ]; then # Package removal for service in ntp-wait.service ; do sysv_service="${service%.*}" rm "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart ntp-wait.service ) || : fi fip 6W56 CD  x(@xFL ..\3^!1  ] +r3);":+f Z AA큤A큤A큤A큤A큤AAA큤AAAA큠AAAA큤`:`:`:`:`:`:`:`:`:`:`:`:`:`4`>`:`>`>`>`>`>`5`?`?`>`:`>`5`@^^p^^ȪJ (`J (GUJ (V%AdD<٧B4EMU*`;jh<0jF%;jl;jp;js;ju`:`:`4`8`5`6`7`8`5`6`5`7`7`:`5`5`5`5`:`:`:`:`:`:`:`:`:`:`:`:`:09943771ca00e231539d648aae4ce87c6105644214b63d6ac5c0279c07feea15b60dcf45e446f117b0218a8571e74cc2c414fde998a4986c79c83932cbf1e6d646e93111e22b194ad2f5eca880e2ca330d0da1f6b75a6ca11655550e6d5d4ce7f14ea8d878109752905cb97103adbcee73c1536625863f1a0cda1cb1baadccd7886c4187be56a62411ea3d9552cde37fc22bacb54633626413673f1573f85e884fbbe179c00f7d53669e1b52ba2cb6a25783c33b738e466007bace79e6f2b5073568f095df103e8e01c55f16b86c5cb0801297bdb4656867aa8019a4075c1eb2c8f885d1ce7e116fd8ba222f8fa4cbdd35f23ef5e07f401e66b31477df969c37eb0652afb4e40171e29f447b520058b55084da3ac380041bb3438b07c90ae3d54f763c1f774a49288decd33d06da39e68d48f270786ed8b8b364f6baf8caad53ac4569700119677b1b7450beee4cd83ba20672b774f4023b363d067bcf8c27d2fef1fd2af0ef407ef378ba92bd256e9f220919949eafee9a8a804189b9f8ea81408fe0c6bdae71d5698dc0c342bbbb259f653b6ccb9bdf34ba534e79f083acb5b042035c5b011018395db15969eb1cc25250a0048f7f95e65b06dfd753d4441cfe9d6045a1db3377aecf829a925656a35e6c117310820a88838b9bef7972d96b9e4bf825171d1d50f98b4c3944c6d7ee9329ad9a7e82ea12147a2c93acb0a4c3959bd8aade4c9f2e7f7f0e943e84d3aa44e27bc5d1687c80854d8e047807e2aff4f124be1488a2ffda1a9b7e91ed41c0e17bc1574f891784845a5fc96e219937fb8d43172cb4d83464ff130fe1f75637a832cad99ed86b008d663291d44b4406b2628d085da00e72b4e6ad1c33e9dfdd90ea8ebe1b5154ca4f08cdfd2a0344fe81674200ab788cfb1a5052e3ec9850c49693f076f544370cdd71924e03277a63727e0932d68da0a81d412333d9fb9cf929bf2ca1fb58ef5916c86c27bf37e6c3957e6a13445cc61ab1ca3dc80d8c269cf9b0a6d9eaec20f9f39639b0b3e66ee846effea3ca186255c4f3d9826fb0859e9e2f024e86920e2c42d34ad41578379ecc74842bee74b1e21634efe8140a7420564c166a134ca7755e49decd153ceafb1b7290b72470c30627c9a40dce451578c312eadd164002f6346f3517b59114bdc150cc6ea92e4a9fbb4fdfdd9f4f1db2ff77976d1aead9adf3a25695837455ef5e77dc4ea5ac29573979ab452341ed2e9853ad2f3657b44df7e9f69b37b521c365abd7b03e7f5fe96c501c0392d7464ab492a77c8b529b320ae042859aa4cd7771b49d7fca40afa71cef499d3008994af22a5b12662a64eb10b4748ddbd4d311c1525778dc694f1bdc05c02a741d07f92b474c8c3d39ad2ae2bb7da6046ced7406decdee3d8a0ee31bb4493b2eda74b9a1548b5c09b380f90fee44aee42b404cf5b2d4fdfa12dff24010887b75d97903ae022fa463366fc0a56e4adb4ce54a4d8157bbc23d1e9870ef47e46b46bc9deddcd35762dea24a922924dbb0ae726d4805018ca55abf6b5659d1dd62382e904635cf7611ce1cc08e6b922ef183b6329914e13884bda678b64bbc6590e6dae7dfdedafdc6c96fbc758d6f08f662aa193e7b0f477b03889a7bbdb06f7e573d960d8ac3564f0cf75e76de671cc5965d79414ae29808866231705d8bafcc330250afced7f380b3b1527d89788b5a6830965b983e3ca75b1a3e65ed2e203e25b379c24068431353c4522b92b0d8693eba6c601bf18f994da4051c5e2415e6105bf994f24526f9109703ae6ba97b93a1164f28bf40eeb28d5a0ea6591f21b280a5edc4a5ac97430ea4dfc95fabc6d799d4cc1fd3b41ac31039728d79e28a103595388d800b52b44b88232e8e2f6adf14070d91eca644699ba59e7ac062e95580d179cca5d787919ff70eee3f6dcf7643124f05867d685ad1672f29579198c1944fa68fc997ccd9008aff90cb478e2c774650160fffcbae20103b5412e2a223a9d3113b7f1413830f65f56eda1f8c3430bc5b03c78152ac0a8e0b949a39308a20f9d413ecb0f9274e46d931305465c6ad8dbbe088f2cfc3d24261babb5ba14a2356e19483cffc0734f8e139651d9f182cbbcecec7cb83985cbee99dc73b7eb7a65db5331e46051983390a819d022a1f3a01912816e30fdaffbd1410a7bf812511aa131f1087bddf256fd2e6177af6015353720e04adbb6f459b4193f02cd53a8bf74b88bc4dde8528021ee5a8a94f965cc8c69c507d46457a2084350404bdaa5731a5dfa023c9f61cd8efad805f38c479329146834f3f9f92f7a0c3edc30da0d94f90089501086f72e4f83c3d53f4c1fbe57c069d2fc6276a3db2479a7560274f235fdec30334be8fadfc107be84abfd7ef875c83ea73f564a0c991459c17a51243e12304a1c4b01504a9b9d94c92c39bd7fed520550182f0da83b849c04d8daaa9cb48ce3c64659ab9270babafb4296ff38995ce624674a75ff4638ce874204204312b5acf7f242e6eab1546b4424c707e47566d213f879ffc7755f2ba39b7529b4a730fd1a97c4431555c1fb5e9e4aae06596b8aeda9231ad15b36c40f800b75fa1e8ae82772f8b71811979c5f29aba4a8ca8ea8b3b9690cfe36060dfaba0358ac0c5492b4dc14ebbc30abab899d8b192fda546e93111e22b194ad2f5eca880e2ca330d0da1f6b75a6ca11655550e6d5d4ce7e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855serviceservice../..Qrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootntprootrootrootrootrootrootrootntprootrootrootrootrootntprootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootntprootntprootrootrootrootrootrootrootntp-4.2.8p15-lp152.3.12.1.src.rpmconfig(ntp)ntpntp(armv7hl-32)ntp-daemonperl(NTP::Util)xntpxntp3@ @@@@@@@@@@@@@@@@@@@@@@@@    /bin/bash/bin/logger/bin/sh/bin/sh/bin/sh/bin/sh/bin/sh/usr/bin/base64/usr/bin/chkconfig/usr/bin/diff/usr/bin/gawk/usr/bin/grep/usr/bin/perlconfig(ntp)coreutilsdiffutilsfillupgrepld-linux-armhf.so.3ld-linux-armhf.so.3(GLIBC_2.4)libc.so.6libc.so.6(GLIBC_2.11)libc.so.6(GLIBC_2.12)libc.so.6(GLIBC_2.15)libc.so.6(GLIBC_2.16)libc.so.6(GLIBC_2.17)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.7)libcap.so.2libcrypto.so.1.1libcrypto.so.1.1(OPENSSL_1_1_0)libdns_sd.so.1libevent_core-2.1.so.6libgcc_s.so.1libgcc_s.so.1(GCC_3.5)libm.so.6libm.so.6(GLIBC_2.4)libpthread.so.0libpthread.so.0(GLIBC_2.4)libreadline.so.7pwdutilsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)systemdsystemdsystemdsystemdtimezone4.2.8p15-lp152.3.12.13.0.4-14.6.0-14.0-15.2-1openntpd4.14.1`Ȗ@`O@`e@^\M[@Z@ZTZZ;@Z8@Z@X-X-Xg@X•@X+X~@X<@X2W@WWV@W)@V@Vm@VV<@V2 @UŬUU#UF@UUT9TT+@T@T}Reinhard Max Reinhard Max Reinhard Max Reinhard Max Reinhard Max max@suse.commax@suse.comsuse-beta@cboltz.demax@suse.combwiedemann@suse.commax@suse.comrbrown@suse.commax@suse.comaj@ajaissle.demax@suse.commax@suse.comkukuk@suse.demax@suse.commax@suse.commax@suse.comguillaume@opensuse.orgjosef.moellers@suse.commax@suse.commax@suse.commax@suse.comhsk@imb-jena.dewbauer@tmo.atmax@suse.commax@suse.commax@suse.commax@suse.commax@suse.comhsk@imb-jena.demax@suse.comhsk@imb-jena.decrrodriguez@opensuse.orgwbauer@tmo.atdimstar@opensuse.orgmpluskal@suse.commax@suse.comobs@botter.cc- bsc#1186431: Fix a typo in %post .- jsc#SLE-15482, ntp-clarify-interface.patch: Adjust the documentation to clarify that "interface ignore all" does not cover the wildcard and localhost addresses.- bsc#1185171: Use /run instead of /var/run for PIDFile in ntpd.service.- Update to 4.2.8p15 - Fixed security issues: * bsc#1169740, CVE-2020-11868: DoS on client ntpd using server mode packet * bsc#1171355, CVE-2018-8956: remote attackers may prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets. * bsc#1172651, CVE-2020-13817: vulnerable to off-path attack * bsc#1173334, CVE-2020-15025: Remote DoS when CMAC key is used - Bugfixes in 4.2.8p15 and 4.2.8p14 include: * [Bug 3667] decodenetnum fails with numeric port * [Bug 3666] avoid unlimited receive buffer allocation * [Bug 3660] Manycast orphan mode startup discovery problem. * [Bug 3655] ntpdc memstats hash counts * [Bug 3653] Refclock jitter RMS calculation * [Bug 3646] Avoid sync with unsync orphan * [Bug 3644] Unsynchronized server [...] selected as candidate * [Bug 3636] NMEA: combine time/date from multiple sentences * [Bug 3635] Make leapsecond file hash check optional * [Bug 3628] raw DCF decoding - improve robustness * [Bug 3620] memory leak in ntpq sysinfo * [Bug 3619] Honour drefid setting in cooked mode and sysinfo * [Bug 3617] Add support for ACE III and Copernicus II receivers * [Bug 3615] accelerate refclock startup * [Bug 3613] Propagate noselect to mobilized pool servers * [Bug 3612] Use-of-uninitialized-value in receive function * [Bug 3611] NMEA time interpreted incorrectly * [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter * [Bug 3604] Wrong param byte order passing into record_raw_stats() in ntp_io.c * [Bug 3594] ntpd discards messages coming through nmead * [Bug 3593] ntpd discards silently nmea messages after the 5th string * [Bug 3590] Update refclock_oncore.c to the new GPS date API * [Bug 3583] synchronization error - set clock to base date if system time is before that limit * [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled * [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) * [Bug 3577] Update refclock_zyfer.c to the new GPS date API * [Bug 3576] New GPS date function API * [Bug 3573] nptdate: missleading error message * [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()' * [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH * [Bug 3542] ntpdc monlist parameters cannot be set * [Bug 3533] ntpdc peer_info ipv6 issues * [Bug 3531] make check: test-decodenetnum fails * [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code * [Bug 3491] Signed values of LFP datatypes should always display a sign * [Bug 3490] Patch to support Trimble Resolution Receivers * [Bug 3473] RefID of refclocks should always be text format * [Bug 3094] ntpd trying to listen for broadcasts on a completely ipv6 network * [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user is specified with -u * [Bug 1433] runtime check whether the kernel really supports capabilities * Provide more detail on unrecognized config file parser tokens. * Startup log improvements. - Obsoleted patches: * ntp-4.2.6p2-ntpq-speedup-782060.patch * ntp-daemonize.patch * ntp-reproducible.patch - Silence an OpenSSL version warning (bsc#992038,bsc#1125401 ntp-openssl-version.patch).- Update to 4.2.8p13 * CVE-2019-8936, bsc#1128525: Crafted null dereference attack in authenticated mode 6 packet. * Fix several bugs in the BANCOMM reclock driver. * Fix ntp_loopfilter.c snprintf compilation warnings. * Fix spurious initgroups() error message. * Fix STA_NANO struct timex units. * Fix GPS week rollover in libparse. * Fix incorrect poll interval in packet. * Add a missing check for ENABLE_CMAC.- Update to 4.2.8p12 (bsc#1111853): * CVE-2018-12327, bsc#1098531: fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. * Add further tweaks to improve the fix for CVE-2018-7170, bsc#1083424. * ntp-usrgrp-resolver.patch was integrated upstream. - Don't run autoreconf anymore and remove all related hacks and BuildRequires.- Refactor the key handling in %post so that it does not overwrite user settings (bsc#1036505) and is more robust against ignored SIGPIPE (bsc#1090564).- change example statsdir in ntp.conf to /var/log/ntpstats/ to match the AppArmor profile (boo#1076247)- Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182, bsc#1083426: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. * CVE-2018-7170, bsc#1083424: Multiple authenticated ephemeral associations. * CVE-2018-7184, bsc#1083422: Interleaved symmetric mode cannot recover from bad state. * CVE-2018-7185, bsc#1083420: Unauthenticated packet can reset authenticated interleaved association. * CVE-2018-7183, bsc#1083417: ntpq:decodearr() can write beyond its buffer limit. * Obsoletes these patches: ntp-sntp-a.patch, ntp-warnings.patch - Remove dead code from conf.start-ntpd (bsc#1082063). - Don't use libevent's cached time stamps in sntp. (bsc#1077445, ntp-sntp-libevent.patch)- Add ntp-reproducible.patch to make build reproducible (boo#1047218)- Restart nptd if failed or aborted (FATE#315133). - Do not try to set the HW clock when adding a server at runtime to avoid blocking systemd.- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Enable experimental leap smearing (fate#321003). See /usr/share/doc/packages/ntp/README.leapsmear for details.- Fix spelling and default values in conf.sysconfig.ntp- Update to 4.2.8p10 (bsc#1030050): * Sec 3389 / CVE-2017-6464 / VU#325339: NTP-01-016 NTP: Denial of Service via Malformed Config * Sec 3388 / CVE-2017-6462 / VU#325339: NTP-01-014 NTP: Buffer Overflow in DPTS Clock * Sec 3387 / CVE-2017-6463 / VU#325339: NTP-01-012 NTP: Authenticated DoS via Malicious Config Option * Sec 3386: NTP-01-011 NTP: ntpq_stripquotes() returns incorrect Value * Sec 3385: NTP-01-010 NTP: ereallocarray()/eallocarray() underused * Sec 3381: NTP-01-006 NTP: Copious amounts of Unused Code * Sec 3380: NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver * Sec 3379 / CVE-2017-6458 / VU#325339: NTP-01-004 NTP: Potential Overflows in ctl_put() functions * Sec 3378 / CVE-2017-6451 / VU#325339: NTP-01-003 Improper use of snprintf() in mx4200_send() * Sec 3377 / CVE-2017-6460 / VU#325339: NTP-01-002 Buffer Overflow in ntpq when fetching reslist * Sec 3376: NTP-01-001 Makefile does not enforce Security Flags * Sec 3361 / CVE-2016-9042 / VU#325339: 0rigin (zero origin) DoS. * [Bug 3393] clang scan-build findings * [Bug 3363] Support for openssl-1.1.0 without compatibility modes * [Bug 3356] Bugfix 3072 breaks multicastclient * [Bug 3173] forking async worker: interrupted pipe I/O * [Bug 3139] (...) time_pps_create: Exec format error * [Bug 3107] Incorrect Logic for Peer Event Limiting * [Bug 3062] Change the process name of forked DNS worker * [Bug 2923] Trap Configuration Fail * [Bug 2896] Nothing happens if minsane < maxclock < minclock * [Bug 2851] allow -4/-6 on restrict line with mask * [Bug 2645] out-of-bound pointers in ctl_putsys and decode_bitflags - Removed patches: * ntp-openssl-version.patch: fixed upstream * ntp-processname.patch: accepted upstream * ntp-trap.patch: accepted upstream * ntp-unbreak-multicast.patch: fixed upstream - Remove spurious log messages (bsc#1014172, ntp-warnings.patch).- Fix a problem with multicast clients. (bsc#1018940, ntp-unbreak-multicast.patch)- Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates (ntp-move-kod-file.patch)- Remove 50-ntp.list (bsc#1011919). - Use system-wide libevent instead of local copy.- Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365, ntp-pathfind.patch).- Update to 4.2.8p9: * CVE-2016-9311: Trap crash. * CVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS vector. * CVE-2016-7427: Broadcast Mode Replay Prevention DoS. * CVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS. * CVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp Bypass. * CVE-2016-7434: Null pointer dereference in _IO_str_init_static_internal(). * CVE-2016-7429: Interface selection attack. * CVE-2016-7426: Client rate limiting and server responses. * CVE-2016-7433: Reboot sync calculation problem. * Fix a spurious error message (obsoletes ntp-sigchld.patch). * Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in "trap" (bsc#981252, ntp-trap.patch). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606, ntp-netlink.patch). - Fix segfault in "sntp -a" (bnc#1009434, ntp-sntp-a.patch). - Silence an OpenSSL version warning (bsc#992038, ntp-openssl-version.patch).- Depend on pps-tools-devel only for openSUSE > 13.2- Make the resolver task change user and group IDs to the same values as the main task. (bnc#988028, ntp-usrgrp-resolver.patch)- Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns (ntp-daemonize.patch). - Update to 4.2.8p8 (bsc#982056): * CVE-2016-4953, bsc#982065: Bad authentication demobilizes ephemeral associations. * CVE-2016-4954, bsc#982066: Processing spoofed server packets. * CVE-2016-4955, bsc#982067: Autokey association reset. * CVE-2016-4956, bsc#982068: Broadcast interleave. * CVE-2016-4957, bsc#982064: CRYPTO_NAK crash. - Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. (bsc#979302, ntp-processname.patch). - Don't ignore SIGCHILD because it breaks wait() (boo#981422, ntp-sigchld.patch). - ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service (boo#979981). - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by "rcntp addserver". - Fix the TZ offset output of sntp during DST. (bsc#951559, ntp-sntp-dst.patch) - Add /var/db/ntp-kod (bsc#916617). - Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems (bsc#956773). - Don't wait for 11 minutes to restart ntpd when it has died (boo#894031).- Update to 4.2.8p7 (bsc#977446): * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP security against buffer comparison timing attacks. * CVE-2016-1551, bsc#977450: Refclock impersonation vulnerability * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd. * CVE-2016-2517, bsc#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated. * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. * CVE-2016-2519, bsc#977458: ctl_getitem() return value not always checked. * integrate ntp-fork.patch * Improve the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974 - Restrict the parser in the startup script to the first occurrance of "keys" and "controlkey" in ntp.conf (boo#957226). - Depend on pps-tools-devel to provide timepps.h header to enable Linux PPSAPI support to make GPS devices usefull. (boo#977563)- CVE-2015-8158, bsc#962966: potential infinite loop in ntpq - CVE-2015-8138, bsc#963002: Zero Origin Timestamp Bypass - CVE-2015-7978, bsc#963000: Stack exhaustion in recursive traversal of restriction list. - CVE-2015-7979, bsc#962784: off-path denial of service on authenticated broadcast mode - CVE-2015-7977, bsc#962970: restriction list NULL pointer dereference - CVE-2015-7976, bsc#962802: 'ntpq saveconfig' command allows dangerous characters in filenames - CVE-2015-7975, bsc#962988: nextvar() missing length check in ntpq - CVE-2015-7974, bsc#962960: Missing key check allows impersonation between authenticated peers - CVE-2015-7973, bsc#962995: replay attack on authenticated broadcast mode - CVE-2015-5300, bsc#951629: MITM attacker can force ntpd to make a step larger than the panic threshold- update to 4.2.8p6 * fixes low- and medium-severity vulnerabilities 4.2.8p6: CVE-2015-8158 CVE-2015-8138 CVE-2015-7978 CVE-2015-7979 CVE-2015-7977 CVE-2015-7976 CVE-2015-7975 CVE-2015-7974 CVE-2015-7973 4.2.8p5: CVE-2015-5300 * bug fixes- Explicitely run /usr/sbin/sntp to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. (boo#962318)- Fix ntp-4.2.6p2-ntpq-speedup-782060.patch to not pick arbitraty port numbers (bsc#782060).- Update to 4.2.8p4 to fix several security issues (bsc#951608): * CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK * CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values * CVE-2015-7854: Password Length Memory Corruption Vulnerability * CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability * CVE-2015-7851 saveconfig Directory Traversal Vulnerability * CVE-2015-7850 remote config logfile-keyfile * CVE-2015-7849 trusted key use-after-free * CVE-2015-7848 mode 7 loop counter underrun * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC * CVE-2015-7703 configuration directives "pidfile" and "driftfile" should only be allowed locally * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks * obsoletes ntp-memlock.patch. - Add a controlkey line to /etc/ntp.conf if one does not already exist, to allow runtime configuration via ntpq. - Use SHA1 instead of MD5 for symmetric keys (bsc#905885). - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - Fix legacy action scripts to pass on command line arguments. - Remove ntp.1.gz, it wasn't installed anymore. - Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz. The rest is partially irrelevant, partially redundant and potentially outdated (bsc#942587). - Remove "kod" from the restrict line in ntp.conf (bsc#944300).- Add "addserver" as a new legacy action. - Fix the comment regarding addserver in ntp.conf (bnc#910063).- Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327). - Add a controlkey to ntp.conf to make the above work. - Don't let "keysdir" lines in ntp.conf trigger the "keys" parser. - Disable mode 7 (ntpdc) again, now that we don't use it anymore.- Update to version 4.2.8p3 which incorporates all security fixes and most other patches we have so far (fate#319040). More information on: http://archive.ntp.org/ntp4/ChangeLog-stable - Disable chroot by default (bnc#926510). - Enable ntpdc for backwards compatibility (bnc#920238).- update to 4.2.8p2 * fixes CVE-2015-1798, CVE-2015-1799 (medium-severity vulnerabilities involving private key authentication) * bug fixes and enhancements * New script: update-leap- /bin/logger is needed for runtime configuration (bnc#924451).- update to 4.2.8p1 * fixes CVE-2014-9297, CVE-2014-9298 * over 30 bugfixes and improvements - update to 4.2.8 * fixes CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296 * changed Internal NTP Era counters * ntpdc responses disabled by default * over 1100 issues resolved between the 4.2.6 branch and 4.2.8 - adjusted patches to fit 4.2.8p1: ntp-segfault_on_invalid_device.patch bnc#506908.diff MOD_NANO.diff - removed obsolete / now-in-upstream patches: ntpd-maxmonmen.patch ntp-code-cleanup.patch ntp-sntp-recverr.patch bnc#817893.patch ntp-CVE-2014-9295.patch ntp-CVE-2014-9296.patch - changes to spec file: * added --datadir (for private perl module needed by ntp scripts) and --html-dir (html docs now get installed by "make install") to configure options * script ntp-wait has moved in source tree- *.service: Do not start ntpd when running on containers or when CAP_SYS_TIME was dropped from the default capability set ( see SYSTEMD-SYSTEM.CONF(5) for details)- Explicitely run /usr/sbin/sntp to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. (boo#901751)- Add ntp.NetworkManager: install NetworkManager dipatcher hook: if the DHCP Server delivers NTP Servers, accept those and configure NTP using the information (boo#900982).- Enable avahi support- bnc#910764: VU#852879 ntp security fixes * A potential remote code execution problem was found inside ntpd. The functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure() where updated to avoid buffer overflows that could be exploited. (CVE-2014-9295) * Furthermore a problem inside the ntpd error handling was found that is missing a return statement. This could also lead to a potentially attack vector. (CVE-2014-9296) - ntp-CVE-2014-9295.patch and ntp-CVE-2014-9296.patch will be obsoleted by the upcoming update to version 4.2.8.- fix typo in version check regarding /usr/lib/initscripts/legacy-actions to fix build for <= 13.1/bin/sh/bin/sh/bin/sh/bin/shxntpxntp3armbuild16 1625228361  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGIKNPSUWY[]`4.2.8p15-lp152.3.12.14.2.8p15-lp152.3.12.14.2.8p15-lp152.3.12.14.2.8p154.2.8p154.2.8p154.2.8p15 NetworkManagerdispatcher.dntpntpntp.confslp.reg.dntp.regntpntpdaddserverntptimesetntp-wait.servicentpd.servicecalc_tickadjntp-keygenntp-waitntpdntpdatentpdcntpqntptimentptracercntp-waitrcntpdsntpstart-ntpdtickadjupdate-leapntpCOPYRIGHTChangeLogNEWSREADMEREADME.SUSEREADME.bkREADME.hackersREADME.leapsmearREADME.patchesREADME.pullrequestsREADME.refclocksREADME.versionsTODOWHERE-TO-STARTconfREADMEbaldwin.confbeauregard.confgrundoon.confmalarky.confpogo.confrackety.confsysconfig.ntpsysconfig.syslog-ntpcalc_tickadj.1.gzntp-keygen.1.gzntp-wait.1.gzntpd.1.gzntpdc.1.gzntpq.1.gzntptrace.1.gzsntp.1.gzupdate-leap.1.gzntp.conf.5.gzntp.keys.5.gzntptime.8.gzntplibNTPUtil.pmntp.xmlntpdevdriftetcntp.conf.iburstkodvarlibntprunntpntp/etc//etc/NetworkManager//etc/NetworkManager/dispatcher.d//etc/logrotate.d//etc/slp.reg.d//etc/sysconfig/SuSEfirewall2.d/services//usr/lib/initscripts/legacy-actions//usr/lib/initscripts/legacy-actions/ntpd//usr/lib/systemd/system//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/ntp//usr/share/doc/packages/ntp/conf//usr/share/fillup-templates//usr/share/man/man1//usr/share/man/man5//usr/share/man/man8//usr/share//usr/share/ntp//usr/share/ntp/lib//usr/share/ntp/lib/NTP//usr/share/omc/svcinfo.d//var/lib//var/lib/ntp//var/lib/ntp/etc//var/lib/ntp/var//var/lib/ntp/var/lib//var/lib/ntp/var/run//var/log/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:16648/openSUSE_Leap_15.2_Update_ports/69b67d169e6649c5365946449c14d48f-ntp.openSUSE_Leap_15.2_Updatedrpmxz5armv7hl-suse-linux    directoryPOSIX shell script, ASCII text executableASCII textBourne-Again shell script, ASCII text executablePerl script text executableELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, BuildID[sha1]=dadaf752793f3198c797acbd0db82d65bb0ab7a6, for GNU/Linux 3.2.0, strippedELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, BuildID[sha1]=f83d45824be888a4680902d45facab4f60775e4d, for GNU/Linux 3.2.0, strippedELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, BuildID[sha1]=0e9b5042df05770b2b153aa9dc41ab4c20171eb9, for GNU/Linux 3.2.0, strippedELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, BuildID[sha1]=ec407dfffb7904168941a4b9230bb002e939d019, for GNU/Linux 3.2.0, strippedELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, BuildID[sha1]=5696b68425ca84ff638092aad87075f001325e27, for GNU/Linux 3.2.0, strippedELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, BuildID[sha1]=829f2c19af3b05c60b0f41d44b2d36f08861d7e1, for GNU/Linux 3.2.0, strippedELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, BuildID[sha1]=ffdd08cba57866da3514a4ec9176fa984b1f2ed2, for GNU/Linux 3.2.0, strippedELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, BuildID[sha1]=8d1fa293c7ca92cd6998f62ec56f4e499db7f886, for GNU/Linux 3.2.0, strippedISO-8859 textUTF-8 Unicode texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)Perl5 module source textXML 1.0 document, ASCII textempty#1BS]^mnst  RRRR R"R&RRRRRR#R!R%RRR R"RR&R$RRRRRRRR#RRR!R%RRR"R$RR&RRRRR#RR!R%RRR"R$R&RRRRRRRR#R'RR!R%RRR"R$R&RRRRRRRR#R'RR!R%RRRRRR&R"R#R!R%RRR R"R$RR&RRRRR R#RR!R%RRRRR"R!R%RR PzVy\27@logrotateutf-8f9202c9a7d492f7fdedd7e20578b3383147ab4e3442c46e14ae693b7819b191c?7zXZ !t/8w]"k%ng =Cgq)o0zC`͊ TwS*Ǥ&=y!@)]-G{8Rl8rXW >3Æ6ՏrA.ilۥiR%?*A!pQ}y?vS8kC ZgO1@^&F/>ں5odsk Lm8Ѳm{A?|CN`szz*|6n.)ܵ}>-^7,Vl3T*--<Q?-THukC%@2˕{/<SMn2 N[WD!煇C@jB,:2h(_c1VAFM2bjjD l@|%?EVo.a!ґ߂I95 XODJ40Mu]Y8K@*КNSJy]6 Xv=Eahh'ėn,P0R'ʡXMy|"\"\$7c!<OA'̃᮷Z D/وz[M.lk(:dp྅@\fIa2>fQ Pr`z5wM9 (\d^b1Ls+ZUx1vCQ^T7vf`@ 0fbϚ.X#IiJ͞؎- jSIEr8ցufeÝ3.Saǫ菊Xq) ?!;|PphwxDX&BMޏT1f2H)?bKJh9 yE"{5( cTQiоT{M{k?(r\ר[gkwinRޞ$w0ձ?*v"6-F,! h3܏70l?g}}pqCޞTh7=YA3kzPkaB*5hke&%ά9z}3=kQ ?:Hl'lN{}YҽΌ޴kAUk\"Iu$.Jr]|K.[9X)kGgT2MЋ^ eҝQS4ͽ,dAj+/Moh 5ݽab&lQ05+ fɈDeq-0+r9)9jmh`A7%/My`ޭ[ɯ)fo<*oZ&ZkU '4w0"(|9^"2mQkdGQrP* U3_mi~ԮlsF,$ BG=A:/-1?'_x}Tob dyEȹ ;C5@w'KKU%?]M*Nl>|q2{5M]nCȕMŜe ,[O9SZ~- f|boe}D9wܞf8&ff'FE$+Bi頺eXpâLrǀQ0ht˃ eJ(")c1}d:c,O* bAo9+ګm+L"QYNة P{0kBP?c!-~4ntѲ {JNH e.Tjr2/ 5DVMB*Q#_(wXXKRW`d(uN u&~]{w)=Gc %'<ؔs>A$wfJx",D:Toy,[WEbVəM؏q@UpbJDD󻿵ZbHT̥ϊX.~K#{m̏3Ȯ4;/5rO'#CV$"Rd=08B ̇8?'4M}f vmoaYkr7 ܂J8]|Ah^K9ڮ, Wg5jNuvrnA1NM[4rϯ!I/>4wk7hZOzAl U?wL,4yEas>W7eK`a9kS:}xb|9=Fxb"wiju]5d+-(1D܂F4 =#7٨1!_oVh,B5=MVy %Lu6b< }5}U z ?jr(++].AiAy#u*a}T0U6vy`vJLOKpYCT7")v,*\Z#^L>5a9aNbXIAлfBhaG}+.VQy_Ը7W+q'ԵN"i I~aØ#؄w[^9-e#̖(p>:ãMc̞zrUP"|<l# f5~JJ#Dja4w1bRM  RnyỦ@\3hVwb4:&m{].Jr$#`RߤH=k p`Ũ9>QGVW+ukHOxO6uпY?"KI4apǓ3(ONKoaRSFBr1N'F{]B5Z:6B)G;k3IT4a^gʿAts_OSc+5qyUhby8P!q0d"C.3ʘLV{X`Kty(Cv Pĸ<.6 ?*<B=̷mK>{e@rDpu0X1v3kn5[ĖϺkEj RhGhrkϊ8#\Ew9O`8A3"nYTK8vէs&"p>zxc! (f*Qͪ e IS}&g(UȞ@𪽳TW_"RM,yj/UYZek"yB05` mDL_{dꯊBwc06#4Q/"FH}L'];*kwL&bhvj\aSv=y1_@/ez)̼ 4څ+ԑZ*>g&"enY