dovecot23-devel-2.3.15-150200.62.1<>,2 bp9|[/>*Pi]0]S pKnodmiiY\dδ!@NzSI8-;_9 g"y6סXOQrkd>a)K 4;_/#8|?.bOimҰ׉O[Glgz%]RFB?0rQU!5o1*"J©ϙԩohF댤BX} +yeБ^hjo*gM7ڊGWg[9=̚Uyd:[Z>>? d % K$(8<Uv  l   "L h 0֠P ,0N(O8X9:F6G6H@IJXMYM\M]XP^b{c$defluv8zCdovecot23-devel2.3.15150200.62.1Development files for Dovecot pluginsDovecot is an IMAP and POP3 server for Linux and UNIX-like systems, written primarily with security in mind. Although it is written in C, it uses several coding techniques to avoid most of the common pitfalls. Dovecot can work with standard mbox and maildir formats and is fully compatible with UW-IMAP and Courier IMAP servers as well as mail clients accessing the mailboxes directly. This package holds the file needed to compile plugins outside of the dovecot tree.bibs-power9-11nSUSE Linux Enterprise 15SUSE LLC BSD-3-Clause AND LGPL-2.1-or-later AND MIThttps://www.suse.com/Development/Libraries/C and C++http://www.dovecot.orglinuxppc64leS>wyDU-8`&W tT ;: D1&R}y.%/e# K**xdHs0H 0"3 ~!  &1 %"`d}Z<_Uz);  ` \-%}U 7AD_l" b N qq'S Q"DVOq' !+&Gt > 2 ?6.c [.  I4(S5yLTR|!i}I) ,7,*  k :`n h b_}p FdAnNc*% ]c/ D= v = #Z'R %4{@r D5 (-J Z 0E'#:G 3w&${]!OVm.E^$m1XKB!g! 7t,w'U rK /1  QWG\A <V l nN nWKk$d* uZ4Mi7 &g-r| d^I hE")! (l lwf{u Z+ 9{o  3y ,vo? ^0,E!2'& ;!yOtA)l+a 1)Q!S "s$)#g) !J0k  :  5 hV %uk   7a ,D wQ3Q5 %Q PzgR.A큤A큤bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb8c3c12dd6312ba42c3a1700acb83ad0e71d190c804f34cf537e9786d76e2848eef8a0df8f67889d2a2b81f8ef7dbacd7d8fe9a2b8ac42705dce2a7d06cb15e6ca3ff1baf14c163122d3e40cca46996e9f895fd2d843771bd8f0b6c616ef1f17b5db08bd6248fd16ec67ef1c241f31b142c9cb238e9159daeac9473770c839c0d4765f28ad442ef34f1555f65202bfe917e02b4ecb5de73a2cc8d7e92e69901d46b5f2106db5afc7eb790c4f6b2f0597da01d84a1d3dc371518f2d43f744e95be502edaa8b7e117bf90c9af37ddb8ff5c1c1f7401d1b84c4ba8a37e93c23106adb3af147e0134c7a8be945f2d83b020cb5d2598091d7dd64c187628e60d0417402b1b0a6be59f41e3f19cf44b863c847cb025ab84bb727a709157275535cb04aa2c84947bdc285b5175d16cab8f7513ef3dc95b38a19bb2dd054b69ba6528650e2df682c17fba5e35a26e32042840b4557ab509cabcaf486bd896548da74a69fd328242cdb186d12c7113e10c1a0853119cc804da6cfd307ae4ab8bf39ea5a0903d94be63cd639127f2895f9c9e6c756f4b43df48eb18d7b946bddfedf2789f84dc2a29cd54a7aeba9af076a012ddab5ed518f8478ff9d08f53bf48192f12d279bebdede3b3da34c3d28c4654bcaf81966ac284ff0c96867373fa3a8265e4baaf73fef15d91782fb1959b26ff6a0dc263ae34e5104d5a5dc753e3065cb1745cdea5aadfda0d477b07877c6789746062ab17444c4570c7c09fd2ab4664a1e088384d26750863d8f7fe304b0b6a3496bda96f2f2d999b5e0a38e69d1a42c361d5af9a31c9d6be05ef693e388feb395ac176dfb9e8f82605ffb90d8db90603ce107b10106e194e3e6a51ddd28b70d18c7ff8e15c2e90da94feaae9e3e57ca4d18adb7a8809136752377f486eb63a5f3b76598c02ade1101d7c8b926b7b4091751b49b0e57643f6179fc52ac81e7b267d3dde2070af120ad9b284eff3e31c748a9f4e789db01a58dd94f1722093472647e6ae548ad05ed8095eb002c1b8543cdb4a2c8b80166aaea797575002ab90d7fde7196016d600813ad1065e5c9290cf3432410fae703b577ed1671f6850bbc073bd5f89186ec6efcbe964212378fb579d67cc5e48314ec76ffc869ffc8ee53656808c4e6c466f166536d7e1fbeebdedf11348ca02854e1393b6e6502427294f0cdf8a003128ccb86c9bf3ad5f46bbd110621c634f4380b79f1c0d205af39471aa652a224506a95335140ea8946c250a31d0cb21fe1f5cc670f65734d7e2074e568043d27658aa20e89c68f28e0ba447bc1e37de6a7401f576fc3ff5bd186807928a11b6329670f77d07a4869c465e6414fdfe99830f3537bdd4f33ab0736e5af5d7d5ed03647c9e416e6edada0778482b8a77e261f0501b9ec2a74295a3d0771f738887b47727bdae591533bb2631df1724111469d6f0fd5608d9e603b616a09553c2c3ed7207cbd744587ed099693f9a03ed2bdf7bb1d5901ca19b3654e76280c5677247546cdacfd7e6c40ac98c9a8a7a6b2ee8acda52e7b5b7010ea5d2b171f65f33c2d0b9accadbdbf69df3c513df763e7d6e9c45b9c4d8d2e73a0a7d33adc5199bc85be310492d9c0753b7baeb995921a9cad80a7ebf24930c3de6b26bd76fd15efb9c731056c9849c4bb48fb4455c5f64cd2015a02b92719efe6ff64740d77d8c72f5d92f73a4db5d3fffd5445ecd516b015b4e45d98b51699abb0e500041fcb4a2d3791f1939f2951799ee7168311eeda901a69851f07f67b935fb6abab46f5a79fed3feca27dd456618da2dd262092508d85535ac8911faf7472d92dd1405bd07f40c23b8456de726ca59456688ead56a9ec2e4e4ba08770654443f249c460849a0ffd3ea9990dca265c536b4fc43586cd823784c653071fd06f1076e8b81c1744edfc1e85acf78f1e4d9a3e20161b74d3dc58026c98a23d5679f08cf69d0af6fe80def2a7dfaeadd6b778149b3e2011732dd406880f2b6d08b5136b5278df259020bdbedf54e1d128123ff9f496a68891612ffe83262fefa61f802e708bf70c80b20afd1baa82b0cd9dbad8c9daacd8fced98e2edb58e495645253596c5dd65aae48707b47abb2eb3052be7bc4d6700f297c832c1e026eea70762a7376ded5e69de33dabca4f0f2c61354549ecf61945f2ea4452bb6be0999941a4980ffebb70a6a880383250072651fc87d7c19d1c89da3fedbf99d8321fad82bcc1cd4bae41405c66d80c1b32b3075ff55b63b213364052a276547dccfabb7e85fcba0b0dc9916ca4b1af2c0639bf05c5839d250f7ff9278c2c9d0bd52520ef2b767db44601fd260a117d305fecac9dddc60ab2dfdbcb442ba7d76352842851e04de30ecdbad4e8f4bb65b51b3551a8022bef2d91579a91056f2a91da3c1da9d773c55008d7b95000cd2a1395df7e234a4aa6fa06488336a9574862264ae88ab3d086a2e7d6805899f4eaa66d8d40b56cbc621fb9f1adffd430abe1a73ee941b915862f8dfc2e7769a0127dd776ace061b93251e2c27c8c119288a4a9ac5c9c25274edc4e01c0a176ded4b880b043b7067738753331c84ada9c0af0810edb4ff70f0a009f3c1e3990aa54d228846dde5ae6bf4135e709de6a44734262d9a1283e940624f901c9bce217ade7d806a3065359db71a7eeb45912a99b74eab9d1401ff4477ba23be17f13a04992370b1b197503354d5876c52f3fc21d70dd694fbb633c19f903c04a3729d3201903cc02b719611487f7b259bc9870a01ab38b6351db0fe219b3f61e3cfe0d859156ede84f2419010f4dfd72f550c66c685afba9879a17d67a8d3ca371e4da56f2c59ef0745def8d62efa35128aca84218ea9f07e2b8456ab8022f6650db4f644fe71d095392937dda322dee81275eddd0433e3f5450afa23bf3fd0d7f08e5c3c91f977a04710a6e7325e5c56e16a0d7697ee9a8261975d2d7e3e4c862e07d4a2d27cdd1b44a3a720b2530eb8d119b1a27d82fa77be06e8aed4b574c4d6abb61700e38aaf763a28751dc58cd0c7ad66bbb0d5a533ad06c60b8ece72d17cf666d8655aed9cf2b585aed615ced53c3ddada85fe32f7a9f3070aef08e741e811ce47ac6540f1aa9b6b53e9afd7de6a253ecbd4252a0cbcb2667bbe9cb91c04ded86c7c37c75463eca382be3d9a286a16463293e95f299784127b5dd930db78b797ac1521623dfe3ec8562ab16043497e9611a4655e4f8cc0c491abf6ec4a4c686b913da1a603bb72cda26153636a7bad4e1c3d2eae920b83f86d4c1e4238e8bb4badffa4fe8dc23051b9eb5f3cbfebcd2f27b7ecaeb7b74765a6150ac3862f7cfad944ece020e7f15f526a07518468db80d23f2b05eda6175c72f52a3de2be01ced88cd2262fa5d2ff5f97951e597523bf12c9ffd078113457985a2c5bf650fbd8a4fe5531e692c0f4444611676bd43454afa63c3d89d71c906163df5b08b3826b51c8d9a09faa84ae49cdcd1e6c4a13f0bb376a25096fed0b5f69d674a10e29516e8ef9bb6cb871d88e931e3beb86a75dbaaec7d996c28efab6fabe8acf400e7d061fe21e761fd98f7550a7e8366d1c730213d2c3d702e79f2632aa2e20c7a0bc9bff43c8de5676c4e8e289cf66a0b2536fd548a53548ca37db840082e4fc6183f8990c1fbef3caf32080705bf0344bf0ce84f8d5c7057371c1b7308199202d3a3fa3acca0becd5d427bc6d64ab841264bbf37a5fc3e5666e36fdafee8caf2e281371b3dce2878a89c1a213a32616bea18bf0712745e60ff17d1a38d2eef9507c91f7789f00fe1022fb2c6ce413a7e42ff72f7882042420391bc7baa4bb0ecf9dbd969de32845595840005808e703604ff9603b5a719cd55f3b4b3f120f52c76c3e8ab4462695fa36e9621c100826a5f0390412c7abcc88120d6bdde95cce9bbad0bb13f3795a63086a1cae321cb3c513cb92b1527480c8ee0c5a5a0d9cc48f95bb3bedd48634a3249702b85d65a78b92948a76dbdd343d541eaf0cc0c1fde6095709f44d65962bf8db792df8fd82332244aaa722205821e8bfd61b19dfd6256f0dd6bbb6971cf9b8c99ddf149d1e1510be5216b5b831e426583ab4ce61ad98f4204bb16a975d391bcc5d167ea58a52e87da90b64befaf9c732f93f74764acf116fa5a0a6e609aa66bc8b89875bc0503ccffe6125cfb2ec37d9ea605a64a31ea9d9784e18ef5182d4e176afe232cfbcb4889a7d79a4f7b2acf56bf320aa6808f120af5497f995625e82330bb5b74978f9586a236369d4a9f74876183b20a803ce9a79da92dbebb31711af45970e10214e4d74c6cc2e5d95519f74ce1d08d238fa5fd3d98a52b19f706d719b8b103082f8a16c696d500df4d58bd01213e7e11a5f49c1248046153f2fce405df311870b6ad089ac872c6cae4321d9fb07766e391ff4ee377d9c54777bd031c88cdda593f1ff22c2caef49faa05631de315e633803d07598c22cb3fa4cd66fc1c1cb8e705ad2402311103d1b501779d408b2a5daf73ec490271fc1d585437c4c1b9ec423c138fecc43ddb43656574d68168bab6b813ecd31ac0368200e95acc6fb1a63d8fff0c3a4e57af3d393549aa7fb85664d49fde75dac3ebe3c55988b549938e95170db159e03642b0a1196b4f3aea4facabd7cdda7362f23650dc436958b41a79b6a9106b366e59cde53d99b38fcd94761cee49c2bda8092b5443a3a2e47ae07fc7bda156a34e93f0073bdc360b0ee7d3ca31eadcc1c84c69cf218b5b4ac3c6484fdc1a1d9a2706c2296485f441689822f5dc74ef80933017a6c5e666c82c5e05300e55240c9d95bcfb9d4cb36779fb9b9eb682f10a12baf43d49a62decb6aa3036f5ca7c06ed034cfa1f07f6750bbb314d40c50193be8312f3096c8f77d2c3439ecee0b3908abe90313cee5c61b1766acb4b9b3a148426a4320300a4df0adc3b1b60f2eeb0d78ad694802297157528905f436f1ed011bdd3d22013eb65a02e353585c168bbec473333da5ace4e022ff39519d5820d6058390188ac9f91c4de59acec431b1d1ab894d962d0d5eed221f5da168480449139a964a93cca2f44d59a05ed1bedd9cab3e933aff6341edc36a3e4b186940c0acc4636ab8428bd6ef5d5fb1b760386a0fae2e22b836413c539e9f3ac292b00b6c82d59a38078d93067dcafc177c337b9e22253164f087d372a89a2a3e249a4a6dd2e2edf3f71a981ef0e5a6cb884eb5b7f9c6598dc261e0e43ea4b0d9f01427c1d19f2c782dcbb38c3d35f8cf3e88931851631e0cd8fc84feee6d4249222c6ef85003bcd6bce4a7d9add84317358edeeb164f1e85c09604b580c140cd5d116f2846ad37f1ade1c7f2274dff89bc587f23da7d6c978968b4f58aff8ed0835b2d6002676061d7062972a7fcec21d9f37ec5c106e93d98043c35ced043aaa612e74d3bdeb03182959f2b25f8c31b3316cd37a53b4d847cc7e1c3b208f21fd8802f2dae5830069ff8476e7571d46f91f9ea28c1aa5e51186ce8dd4c07df2fd4e6ea25ee30dde150cb27dd6e98a89eb18f4dee8ba92af2feee10f1a676d14672cd485cbc0f4cd08f9a2764e4b7b2e90e5db102ea4bf82b5519ac5dd92f62ad81185f2c4c92645ccb429b307144073a5107266847c75754c9ac7866d925f554bc8cad1397b0dc4b5a2505440280c68b88423dc9c407a92afbbba3aa102fe80eb993a3e6677b3f2ece0b2da368d16f6d9933dc4e941a64272d616ced280aaa52fed097887d392e4ce82340e8ad4074c2922932203f69298e4e07ac3bf4959490b9be1dc9ec0276835281e3b50668b84d987976cbd08e411c2b0e48eaed910225855092a67a3c119d783b52c8a0bb7501b7f21c849803992ed6a5a1191d49c1ffd735ff4ec25f96608976667c412c48e42ed952d6e7b593b06730a58204647587f67c35a41bd4798d5e96a61c097b6e137045bcae749d401da3ca2b91389541964f528746199342ac86af0052942b7f32ee3a0636c2be19343b31ec88428723452d20ea299a0ce60c8a730670df234d4842780f03081a0ff19f33110b286ccf04e8121a9b88e237732395401a087592495aefd61cfea468f75582a226dfd31219e771c4ee6ffe975f66fb224cb9ae7925ffe9809e2c45fcff9fd4c4bbbad052348264fee410b8faa3c8d38a18770c0b8994449fa46c874513dbf455b687c304ddb0e6f91765376ab8ae00cfd2b5c7bb5c557848aa4ed85fddb86c1539ee2ac10923feced7e5b20a6752c0392198cb7c09a01f250e8a7c0975b2543ed4e57eb8c3acfa3b5bb9a7ffbe2e551efdf6ed39908f74ab92f709df6f7b5cde71666c3945d38865f7268b61d05536ffa332e57c7e649dd24800b184d7b2f0acbeb378abfdfbf956e15c9e1d8637b24f8be6248ea866c1faa02ef16a0ed3dd2c95e14b2364d2d8f565ae06d6c4064b582a95fcc9c0f4b77686cfeec56526d4d72380a124bc435d8e60d75eb0d073a2c4d9020e37a5447c0ba82008373a5102caf5cad5b3659c4a418bbe1f8e276f0865dfdf39d023d2020ae0c1a50c693b8f4942193211ff528d05b3f71c050d6cf15aed95745eb8c6d89c334843fcbb8997716db7845571a8fb5c3b9683703b0f6cb243967b80dccb0fe34c61d42f2a9fee1178dd0cbf5428042f77a84dde35e8a4c4bcbc3e42828a55e7c9e6113911856cc165cc5a844f4e506f97cdec7afe16d3880739f596b7763b40f86fd1ae3ce28ea7c66e5a418319c0195d90247656a15fcfb7fa15126f6315d2b89135562466f3f679ac323675e7249203a0b0a48a54ab2d782450c50c8145701d2e71e2b629353b0be198620dd01137087f30c8cbe7d392312014c0725f91bb4d1044c390742ecbb40e4eaed6418fffd765f63c4620892301d1fa8b9c0ecf28fa93ad377a6b9a6d8a174ad627c6e133f5ca6a9e8a821dd1f8df42f3817efd93045808c4b94930af2bd3fed851fda4c89b46dc8aaee928ad47b3e04ce973df1785a83ebe1816b3117e5aba813e76e289ebaa978dbcdb337d897a2a079422068b935abd524b5e36a1b7a0d7dc436bf538748ec98822786b91f9b8236b102ae153becd39f4c36e605684e2dbcd57b64034c59de7aed9a279c3c4bd57ef56581114c5160ae1b2c589bc28ff44f42507c01482d340aa9a6248f4d33fcab694c58b302bd33e9a00711c36a6ece1812ea4486de477824d3f28b0c698cb1a624ee0363113b1e3ec655032d1382c8a64f1ea6bd834196d05b22aac7ac2c314cbd4bca46aaa149018ff3766bf772e9c081f524ae6b5bb987811e9bd257fd9f82155bee163b06ec1e38cf2968b6157294fdf214c5d0a1ef18301e608431e495b6038dcfc2f4152790328f651d250c2b41efa20c8a031148f697237521fbbb5d7a51a72fe5e1aff232037494ab1eb0bb80a96bccce307d858d8387251ebd70cbb615031dd702737a87c5982923c1110027fba143868d52031b668f3776e058013845aca5bfb7b8efb61430d90ab34add8990f5ace5419f204b3b5a6fbf61d9139af3bc8dfc3efc8f3c8c692b5658ec7b5494bbacd330e8ee6364943e288312688b524903c9e6ee6dc22e828fe8c8983c25ab10d6ac4887a1d07b0a04c3593f429aa01be87a1302e1821c89f7dcd151851d34281edae4d2a4a1a270aec9f94937d46be2b663f1bab4340d207648a761b248ca57cc33fc942d6610b290ab94b565298f1b80a67ed4ba58f97955c1000be125f1665aa4d59cd3a9d320cdae372351989d55c128f91d1742c19524a4552ba11dadc996f97e0518996c8da36627deab8543935559078241d79b8c38723009af09702e3e832d118916a9e47a321749288810ed32a66f22e60420a1233882fafcf1eda021703b3a13efae1cf5106112cf4693956727082349a85b3b139e32a697c2964e37c2ca52490580595da09a4510b3cd722ad177abc89b1723028c7a52785abdcdd3311952686480e2b34349fc5423ee671d67cbcabbfccc1138dc58f7eb49280fbe180413743cc7a3423b2bdb86a4689f8587a64b92ec67a8b0a250e6166ea148aeff7be713abfa5ee9b34312cba98e180eeec436c7ee1a9935891c7b4ecec8d927db4a89c13b5ce907155289dccca82870c33e9d64ae5c4e75344991ca6ccc5701690155d258d30f77d1435ab420af1dd83cd6029f06610cfea499fea987a2133d4a790e2113ee773ee4ad5d44bc820e91c5b102e214b37f3819fecc710cd4c6e7c988c37089bf2bab66121391a0b354301969a136c3a63b194db766a3392986448321ddd4db27bad39a3ae7c891cb8ad90ab156b7b7e7b52d1cfa45de0985177f4370d9f4e1715c67abd3751dc8bc1731c72b0756eecf394b63144af71a6c528051fa7862c3fbb5660a09d7235e80a50161e06060d374460e439ba2aa288a976f73d7eb95f87355a104c951531553eea8d06d976bd8d57d4596de032d1d1ed9a163c540752dc09c9450141c5cda09c5a05b1c08f56bbe3aed8a180215ca7d0af5e59a099eedaf0ad7f4d94fc515cffd66a465ea59cee299de8d0dfd7214df99e3c1e29cbc9f9576cd8b6999ceafc7824d8b6e667371b6d1187d858d2bc911951ce020eee34f77dd0366afd510ae9a08e23fe948098896d9ff6f5a4666cac88ae2378b4493da590537e60668d4f216d096b566235cd6fef8461eb81c8294845dd1cf993a0c3e971c8b11d8b103975ab5996063f2b1c9aa3feab16f11d44e797bd16c3a85188c853fdd2af2ac8985f25c0b159f62e09fd187c52a096cfba3bf9fb652b12f90ccfef9cbd45170e1a3ce8c01bb8a9da1b34344ce67e24d27f3232e38ce4a0cc075c618da4cbe52cc70c04a3cbb5b1135ac2db71628ae50fa6aeeff4628f5012deb4500368f282edb72465edf5fb31581ec35c0a7fa9cf38078aeedfc66bb3a1e762f7cb0084323861a52100f51796f0a8920dc1d464fcc5d9f1f28997af3db4c4b9413ef8024cd5bd806f9937773b12257ce5359842f4fbfa27c270e1c1750a8b1c8e3868fbd3c758c05ea4e38c44e6c07aea3145ba56ef34d75071135976935044a9328d54f47887ff096b0dd585d3d14e6e34503275f2c5f441e38de8bb44ed321ba6e889f72f473ec07a87bcae7ba028c1e9c7800c784e60bbfb2d032711aa13a5dd35758c7fe02e22fda0b82f29ec00bea3e49a2923da4f0c977bebeb596f90e8f6cee53a7121b6481d7d7eae27e1f7ff5bbefc156753aa21a97627b3fd98992cc4071a6cb023f2b2f14643d735849f991afce2f64a7292bec39570ec561ff701d77d6c295ebaf3afdd8cc2d90c76512ed9aa25f25a4badc3e94bd66520e13d0ebbfc8693bbb18bb5495293a200dd5f62921e26665ad9e76158662004c6694f64ab9a58bff58dce362ea98ee9047acd53c19b6b6fabe7049677cab4efffa0ed686ac3a8413f85dbde41ef2324e8f9f467aee04d94c9f6cb7318341414f3f5b0eca7a99ed32661db991cadacf4bdd3f6c2cf1ef817e837626ee889c98e87a6955ea2e4641087cd723c3254c97717523ba1f8e80e6c57431e31cc413871fe83b4cf2e4f2b1f5768d1de043b64cab63c1937d0ccd9964330c01363204b062988715a228c7ffa5546f2518f9a7fd5ef8eb12834dd5bf080cd320f8cfc1ac69d66ab168b90e8741260106603dd4ebc82b18a6beba5f3303f7fd55585426769c895509e6b7cbc1e57761373f2ce176e62d12eeba3646ae1226f05840c3f71dcd868dc2fabc2a8cfce7db6258c5ae17e6f0a71e6b7165759539b06f59e4a192b1caa616916e517c2451ab89a7957618220ab87e3eb82087dc6d03bed8650931bb94420a3edf425945b8e74f0072f9c77803213e729f4f6faca2e06565a417d0d7c150c5f7fa517d50f729262bc231023bd3779a40366b1260e21fc5569238a44301d9954029b2a96054733cecc2428ad11a6e6d715ac0cb26996df3af52001febfe9a34e55aeac6c7949cf54c1cf7c7d6379a2850e5856af8f7994e6f63e767c72a19ab1299b92567ba0ace20807c26c724dfc4413ba5760b979ed39e627b45e508018ca45a39186fafc5afbd1bb2e9dfaa7da675b616f85ef9aca46f660c12578c9bcea02b270e16bd412452d1bde17921b2413c127b78060462d7dab69ba989a03b79e7646fa7f17cf662d30b5e1551ff2b092de1fd4e48258775c7badebe975e7154232a723410dffca5afaee64ae72887155a0edcea665cbf929b9b870f67ffb878f3e4cf8d310c64fa07bf49b198ad791754771ce0959f5df7f550f169a9c74bddd077eee82641c12ad1e5df884b5cbd85bfc5cc812502b50bb0f6c4f90c2d3fe15b8288385ad9b8726412557ffd33d0ed049b5b1dee69bc80f82f758708b855194fe6387fe0b13eb4d1c4c8bdd0db0a676aa7af375f36dcc5b418ddf569a56eaa8855e0a00f2f52ec8683099b9e33731e735a6d1b2c0a9de000782a513481e29a3a95bf02b62f7cc60ad71094347b4f60b7750669919cc26a0c85d7985af3c29e0c50ab894a68860e34cac9a92489a3930042c8a647a587500c07fe4a142b696459de0bae4208323b74f0be630d72df6bf75d8dbcd5f9c1d40d0351c5c544808244e25711cee4c9a63ef08d8e4e71241508bfebf5b3b799ad29fe6ebe1ba58dfe4678c7df285516e4ad951cb4ba822c04a0dcb1c18fbe2997a6d366fab5869d8e4e55f46d3270f0f2f1245dbe7f2de71f837529066d9332a4916a2b4490fc2b189b68c57d90aa9d5cafac5a00cdecfee194f11133bb352897562deb70cce0b22adbee685143e340bf8d663b77bae7aa8817be22695967d73e20124fa21b6efbc88b0c92b63ea462c4257aaa5b011d8122f84b70b2ca1f2309d0aab949b374ffbe2694b64a8f5483c507aca8af016a8c41dd66d68b04b54a381f74b4401cc767e72da2ffe661d57d74a1b2706ac8a7f1f4bfa2d2f7bf3cfc1fd3a5430bf055e7ac069c346c6e81dd4bcbab28a521937bdddb93e2e1659b55839b30636ba6b78956954d9be18beb3840291b31d84104910310c1c3819b804049d37895b1c5d80e77824285762f8bc4455efb01a21d5513e10adfb3ec176975139f47d54d29573bea3b72cdab2c020c57b8e6eeee25564c4b13432cc56e0051533e40d92a54e61ed21f04b26433a05d93990a7be7cf987f0b63982c7f60a3f73a686639bb3302b295b6e2919b363b076583d6e76965befb37379c652152ae2bb8cc902aeb08bbbcff37b089d0681ceb9d8ec754dfe46321e0becdd5d7a9f5ca46d81ea2723de63bc603806956a37aaf3b571ee7691af58c5a3bb7193f11df890b3d73ec772715dbe4fb557be33c67b06e764f18f8f58df9dd2c9a17a962c1a31559240591019df8d1c55c2ef46098fb9d1972469ce538fa9acfca5df61c151b12317f068341e3b99d5efbb172ef3933d81659ab32ee259f5234ff668d63af204e3295ae3995828d37db7038ac46b403b6dd867b8b35bfe713084085a4b234ffb8569d5449f21e8bd730f8e00975e156a3193d28460f2dc984047382e6090b24d37acd98a01d0ea62e85c1bb649d4fe85f823572e33b8d132d9320d4b2e9c80b81324713a3777df9964dd6c2ce4038c1bf7240c777dfc959cd0ca429e7656eae178cad0e5b6ab2113ad9ff5ab0650ae82d9ac6558e76170cb7bd5fc0173ec1dd431a3b07026d637ef964d60512ecb2a74f8dd274554bf89d53a19f6f97a3edcd68f4524280486ba57301237fb870d1eab8a3b01eb86ed963035c2331f2b3507f4d501695187b9ae9ca7a1ecd032edc078820534481f9222bd85cd81a8cac39fcb9e90db80ff04f8af3ab7c8d3f55202d7e4f1bd428cba30ab7406b3856a9e246184961b607aea9d24bdf40b41761c138c2cf378323584d29bdeff05ca18d88851c35f13b474fec2334763831936ae21fe1f090b575c1d9c7bede51180d2dab1067a15a2c8a2e302cb3ba63a246ebb1aaf1d060b5e4d07da5ee1ce572a3e0c024e05e927e8f99398d5856ea143b0bc94cb36b936335b1525a595dc53425124515dfa95b70a0f7fb4b0ae5ba98430bd33d4f52d4caca95d50a3cac5f9aef368726520040f54b99ef2d55c3f0cf485399b6dbee32da844da682ee462b5882f3dddc3791927fe3b0e110f87ec88539d224a46107581862f0a16479e694a8d635dcab1a76cc2dd901709df78528c2b4c864178e6cc0ce8d1518007bfd1bf5d9947b03a62cd9c73b0d23b9d7176f7fbc3041b7eb3ebacbd930dbb9f617d8c3a797e869ea92731ad573f87066b1c0c3993af7b95f30cc120b9dda8920e36823583ed457dd93343e42c845fad70f78cc880bd242328a76d88990f450f79d9758d64403d4dcd94551f7dab4139113cb0936bad622e2a685d96d95b020e9c35f2249a1e95841fdeeed95388159d65288c52b54541c96cee9e78c3cd50b80b7a92919565341151c54692e871fdf0e90b992ad42f5cabaafae112920ff57219d988412996ea3789cbb533b687308b3548632d5f8b045d567bcca4ea3e38a664994d3a9a4d2cef4d0f68d9b5f42a3897c7b58655ca2c2554d02202403619778c8a876f6f20f76ad475742b82a05184652e706b613a01d00babacd1c873b3bf5d4793450f0536841b443ac222a96e1b57bf6d64e8730477a7e296609e4f759665778f90717b19c9df5a836783b10a95dd5386319babeb5423fbccbc104cd8b43703fee9fa1b7dcea34d752650320cfee3714d5cda148c0ef89dd38e04cd70cd66953d598f23ca0c26d772fbaab590efb5aca273fb93bfe03113e79185d84a1869dfe2a4d4f7ba90c0f181079770ef79756b0f6d826d0e5091febfd0befe8de01d6c98bef568eee2007ca647d5e2f1f0db698955aa6de5ff3302a95ad9c16d155f01633909876738ba9d1f2e37eca3b605edda80f1ecc0c933f706965d2f192128c3365b9d7af10564c135536448119afa6f57bf6538830784f7756dc0706d9683e6cb96459b93ceef11352b6b496fdd92d70f37810684ce5579cd41740178193b15f83c824d6ec102339500104f6ee6c3cc17f6a0b66f5f2137bb76dc77a8cb520030da7d3a1beca8d88b99d1426474a71ff2a8ccef931d45ecb14cfb42bffc3e280d1593a319504563c2f3981240d57bf9e862942addf37abf4e79047e7dc87d38a72af752d22ad1cc7fd0c45e30424a47a8070ed4ab2c56e5134d891eeb10c5774575abf126935efb06d292c8e875d7c33e7e9e2c76d19d0efb7d7c82944d5915f4f774d14bacfc4c3ef091af7960fb027ad538ea09fd07c0caa77ea1626e0432c3c123badd24642b578244a49ba6aacb92cf8c09275f78c6b8baf2617ddea97ed33456c46da81214411d82f4b696b8a2ad8d26de21630dbc2382b95abc5ce9e65b87ddb60291b2661b28e1cc9d32976214ae1dc12689f11cd4734737bc983cbc53f320d5f034798345f565082d20e2557c3b0130f5107aa6abfabecaf086aee15d88ecaf0a5067e701cb67ecf1c915452629426e39096621d9fe2a3bb13b57babf061c94d2e5d37bf0417a6305ab6b6aa4af7b5a07b607251416faac9fc8b63d6fd39e7d037b38a0293bbae7414b0643b3cc7bfa185acb888140a5fc8e3be5790fae48004db0ebd94315c5fe3201ece37d0f5fbebf7681e508c9819de9755428467e84001d975271c614fecb1b3ebb2ed7aa540d88a78648990dd3873ca4846848e86b55a18e5aa3242851bf8266e9b438022c32e3f5f9b70bf5cd711bb1322718b6c6d0d77921cb388393ab40763de4d2e147affcf220c6a1b7022d9ba5921116dabd18530447efc54076d2ad7a1842bdb4d910a6dd8c898b22da69c05d086687b45b644e1f2edd9c07020a8dc8873c9354bb4a1d8343c9f2ea4be50cba26ece19a75135de0e78ea7e36f5b7b6f34b4ce3cfa2aff42955de5ebaa9a133477641d9845bf427fc4abd21bfd4e2ca836edab48d8ab7c4207c7b696471e40909f440cb39621d56928254233691f0996e6731ae5fb336dced2fa5ffb542db38267f3d875d5621deeb55c881d2a03d72c5e1a942537a411ee945a040a859d4fd7fc1ba9f04d250981df09efb0947339ca29333ab9fd1bcb39b2466fdff3094bde46cad7c61bbc9d44947b53359a3cbc0f84ca90a39da0446bb85e83d7690bc365ac17946afcb631e04e832a9ba2f37d2577e51ebf017ca4d3cc98a674423d321e52d7a85f0b1e7f7e487d556127387293da197b1044463763e513e99dce234d0d3d9532ce78ddb8ec26ef7153cda1018a975574b560234bd7f6242383f810316786703e3d59aa930629b7247b5197a612abac3523deaecf2cea9f637aec9a1b4084aa6805f9af686d2d030c5936e7a2761c87cef1d85b4dc41714de4651aae47027b636aed7c36ea3f5ff6d7febd9b62e84575f8cd583d02df8b5e71459020506728d13ab34ab9dabdd81bb7da35eeac180c2f88767cc814d41a9bc5d10c732d582554541e592f13191f615e10c96bcdf3433f5a2f1515832bb859c0c201a1514d8f2cfd9ee9bc3be8cd5db13b0c22eb0a8c2d6f658748464894f034999c39e3bcb5109129cb70397f47aec32aea682dfa0061aba349739fa3d5217b1f3bd55946ab8010db158eae3905905d385a3d7b3f46efc69bc1916890f76fb617c3fc1a4224ca6b241f74fd68cfa3ee7852568ba66d56bdf433758b47624931c2d5e4c687171fecf5b85ec1849c2d1bcd2e5e8a03cab0e5c291b76ce583777a8b119b26aa768e9aee8634f893bf842b8a80b1a501d893c03939a6ff2270d973c60675614bc5d691a4486411c12a259659b9efdb95f14232b7a069fdbff3def9c2e8a3db4dd8579f648c0f23836516e13c60ceae0ce6861be4a8bdf5c7d348d3a9c0d03b3d3c71ad2ba4b3aa810acd16246bcffa1dc8b0546e29a3f3c49b148d8fcc333293735bc5b87989a7f36857f2766a5ed703eca5856f87b06d113d2fc485f9c37db56000bed644015f3b49779f9478979395ed403cf99e6a03ba76bc77e73f3ddc6dacecbcdc5c5bc0b31eb73e419727d9fff016a8bf8fd1e3e03ada3c8aeca2281fa773e1a04a8dff83f89eed4b2e3896c13942af6f0888d04c2cda1465e040e99af0cc269583032c93aaac3cf6352a1acff0720b8ad849d870800fee1b1c2cdbfac0bed5e3be79e4411584ee8d802b71db08453cfbab5d1fe2dbab58d793d4838543b1881945a038e64b3f2de18f086c7f7f43ec02ea3ee30894e9a72f67dfa1d98986658b5bf5d4e5f655e49788c1e6f2dfe273ee30252ccc8aecf9632bf4456ce1394aaafae439008f7de62395056c4a6fe5a665d120e0a168c87f8112d0b07b2194cc0a73e9b97cd7d94f5eb9162c1f176bfb7598e1d57cbaceb8989f092ed6240f10885edbad4a25cbb8f23c889a81a1534b4700108bb366477c515181767384d1059b3b969eeb3ce3d4dd5c8ee1a08aa37afc315018eed25ef60036d2ac3508e7208038e9b65be641d802ebfbc544b070ab42b3d6fa32c9bf01bc031652941d6ab6b2a117bd990ce01fbb0765b1c5bf7c0c69ff572b0a84bc3539f1c8fade6426958feaa512b9956bb4e2cd3b563cff895cef664a6df05b2fffe69b4e8980ecd1064c17aab5795f6a58c68c9977babffc4a7dc8281cb020ca8f6cdff1f06b63ccd22aba13848efdf6398c3353b4595702f991a4ff32a3b08d46a1836ae1e4cd3dfaee49178c3fb205df06ed16e51dcafdd311f85fdee41c32b6ce45309cbffc365d8052e3f120ea99d177e0123041eeaf0fe68ac5f5ca2d48e05c947f8207c0f296bb353cedd815d112a7d61135ab3ad686ec34b2c6b3b35ae1edbad5b2fc8743774bd8580f78044260b352067eb75ed0eba737c3cac878417ed4202dd01d20a94e87ee6c8bc90908d2e5b82bdb346fa2420958f8d7b941ca406d2b8c59aa3f03ed9c302ccb6a20e0980de83156dc21a5111e3f7b84aa661808eafe05d69d8d5850d16583b4c28ac2b5ebeb0d1a155fdb5d1c80202517b8431a4bb7b32c4a9469430f417d78abacbdb412564fc1930bc3487c7467f70414338423af65aef652f796147743cb5658e334f6d985b6430f8ef9cf01e8b6b01c775074b6a490d80aae8b65b4426581d0f7a550ad38b592a5362a0c575e3242ae89203e0b6c1d4c413e5204e01079cc8dc0e620e4d047dbea713a14b9fa70d3641660b10bcf045c0c02fb1f9da3c1cb131889506acbc13abef9e41e183268c46c79bd25f3ad5bd70724980ac07ae31e6157dc2bdccb8045389e932ff0f374cd7df13a99ac30a867724a5ac17f3a7b5ec10303ed27281be956088172e82148ea1f516b38fdd97587fe00ac5d86e47dfb8d6b0a7eeab8e36a90dc115db25d70a07897f3416bf7ca88f169921b612f440cfa225b535bfcceedf538c9c4b78a5725dbe6f7ddc86b9d4546e2ae30719da7b8ba8d4b95d721fcf5da81742028c5d17069cbd0f9183945d294b381d7d13dc5d9bc5692fc9ab8befabe9625587b15ae121c592e8fc4b4e75f18fa24d6eb10847d6e5c5232df6c270220fa7745b3a17152150e59e243beaba30a089d2bec9337d15a1fc4461fdb0b691e9654fc3655b89cf2480236a41ae100b886a8088dba5ca68c12086ab72913d6610bf5e6b423bc90f3ddce292ab1da4078fb3ba53d028fe97a51dd3cfd3c9fd8b30181af5bd98604b87895ae515f1092b92fff8f830df647d131447a04e646db62f072cb34b74715fdcd83b3af868d168526225d0cb9dfda3ee70d4982bf38f6a1fe1e2716c5edc4d43b759fbcef99697e3ecb1eb3c306db84b766936592d21dc13f5804a91353aff835c7be42b63ee3c0f801e6001581b2451fa1e35ab18f5cb325aebdaca1a7bbaa25884ca9c106b2e6ca4934a1ee2b5ef1e85b6ab2cc3377c8277247b0ab7420ff805e41f4b1ea0ee55657025c08d1a95fa7059271534f780232a48371b487d90b186be5c5641d4528a04d859c910197074a5525f3283fe2d893874f6e0d40cb5bd4913239043c842e22bbef82db3e60234475d1e0e46a605e4be22937c00945913bef78c90403038116672025adc3fbd693587c9c718036e909d3ba86fb25f095670fc27057b2af9de389fde54c746d5a50186076d4008ed351fa80f2b5706df2fdaf5ec3f2bd5346e0d9fbd099218bf5cd69a8961985a3e521016e430c775c2669d7379b73fec50fc8758f8f080c110be1eff986a2bed25989ca6ff2d9aa9f1f72f5e53f840e94113b36ee7ba954dd1d96c2c14a60f15f09b68ad47a48a40b9bdff75e6c7066b176e059048a762a271c0895904c41c98bc2cb041e35f126fdf9284ea5158b9e9d5affe4550f101b13ec19514c0775f8b6e0f3be55d1548af474bd4242a81ecab9bb2b439fa6d71cecc1328aabe463dc41ae6837fca5ab3285f360cf9635cac77ac08e083fe4b7f780ee5dbd3a2afa3103d82214a0136a585bee79beab905c8cf431d84f38ab3781ab2dbe5ed6a36ab01a3f7c8f87d1783d2b47186e0f2faad7428f82c37cf5d18c5e9db446ff01940f73752a2280ab72557a586acc90beda2d2e57743d005ec11f151258c52bd361f0358d454371898881ce5e20d69bbf5f7243765ebc52f7db588d439a21a14628324814654244721a7cbd8c426ea65f5c49bd7576a41a85302b1023ff3aa5b5a19fb6d80882fc09c54472a8858d48ba2ee203d5e724058d88cb468d7a945423165dce4a320fb90e590b6deebe2af0c2944d84117626be108f314897eb46ecc539c9e80f75f281928cb875e5c3cdb5c1efff7560f34406700aab3ce1b1012433dd5a7a532f248e7ca02d01c0ce131874e58ccc71c0c27d1279e812900ff384bab6660adc83b729d5adad57f749c9a61091edc21086c0ef56888cccc549604ef45aba1ceeefc156d212479ac038f6f9a29accb61c35570aeaf932f5c2ea0cab555b556bea6e88d329296e221fb1f0a5d265038fe2f34ac4003f56108e5a885635dd5acd68b8e1dc8a2d2da32e382dc56643df77c31bb9bbc25f35b34a3d0476faadbc71919fa79890653fc10c16899dbd0237b7b912cb774376ebf93c8d1290394a7ddcae1b455f6f493990a3d3ab0322fd66e5fdde01f4e898edbb837772fa0e0644a89b5b4fc8c78bbd7ad829f3b09f3e73bbce004709c2d88f422120531f6d9ebfbc2439bc07b81063e1bb78dd8a4d859d2037ed93bb773c4d5a3ca64bec32598661928052886b8b117e7ba728dd5f55029dbe9d128a88f487e7badb800261982ba6cc874a41a27a0a43202c9508a682f957f82a1e1d1881fd89455f4f71bdd2ed05ec0a099abf59fa8df5c1233ae1737d7566df9be901db3a9683bb82373cd53454024f778f337823369a6233e41631cc669d3aa5ffd5ef58ae31e06d9eb05500ad4cc0f5f709afdf0d1e8b08d54af9177476b6e49f022736dc2fdfe11c64f8f45fbd680fc8c19e42e960a28ce2f5c0120a898ab7ce52f402113a17d6607270dd7e02c144403bc37b7ff06252c477cc7a0a95bed4c0589a8108c7f9dcabb9e8176c94f92b46581bb6fe42926eb6c1b8ea23c8c1a70f3ed9ff7b60cff4e7c46ddfd55f8565eb3bf2df12ffead45110aaf1b083391037eb70eac424271970bc64ef46a4edd2b2eb0fa99ddc95bfa9f562e70446bc117e03aa5ca9f35d337a1ae4cce95817d3df871237a79011f48c7b41701f2caf8ec860520f714e3d7e583d6446fdeb6271c671b480522a6fd880534a8ed01c7b2e3f3f4ba48ec51ed5cc220a8bbd3c552596863d9c2182579b482df0116060025cd1e1a0aeb3a22781f385dd92680aa90c87d6010c61b670ae4e294b6724b0565f964844633fec90d6d347f43b7be7057ab567745e898380a1a603ca3b2bd0929224541c3580ba5d44715335bd18f4a804010bca510d3dbf55d95068809ada1ab6f03f1024e05c98a5dd61b9b7828c1c2cfc72f175ed5fb22b1ff0b97780e52936c07715e38eef861de249061fd5e3716cd8412d1b0f9727f25d395fe58f742c9500f5d0e3f085d97b63c0bdb4de1fa1fd4113a6337f7c5b1a385b9374db52e767a99afb7b73d8f4dfcdfda10b8886f1aff60cb7990a1329ab8a807aa5dc33cb84833e975d1b7396dca70e2f42101ab15b91c1101b68ed51a6a2845f8af9340506e2f16e5f8e0d5b3c778f8dac5e4e6c3cae2fa653349783f88b49f92f3c7c04178cd656ff121ee9d63d64e63c7a3607715fbfe8078c1ff45db8b94b6d69bb7b1ee4d3ee8d9ba62b67de50603d03655dc6b574fe0b39bda9df4a5af2b40ab043e0d36ac69fb01570570cab68f3e8ed6db6d9bcd6c13fb99f3fbdbbed221541c5fcdb8df39790c70cbdd6ae634d56a56a043fd0488a615d00d4205104f9a99d5ab6bff637d7adf981a7262f5f2873cc588c17f43aeaa6a3a7993785c18df3b6bb09b65945bd1bb0e9e3e86918396ebac1bf75ffe3c843ee3042906589ce442ad644f9ef1a739b817427c8181950e64d779569caafc1c1540c8344f2ede078bbc3e396943111f96948c2ff39654b210cba0201f6598e201394925066e460743ba35ffb394a1daf90597d521710a56dfc967d4215600f5ee2060b49565a235a8a94d7376d447e1165513893d32a955e6cf8b2a4e1d2afe47cdefdaf1c00e3d97895a7605f8ba58033c11526dd22363bd0c3e65217fd3ed47920f4104ea68f91e36ccbf7a7d0164d23e3c71ae9370476c0985fdad028de20491599e34efcc425ed78a927bb429950f201e5efe6feba867d5b0623e9056a5a03e4a940fa89730250c4d127a1cb369d5768f0c8b4b0f46574b3c3db300187bf081474de17379de9f79352569afcddc4559d6f0a11a3b3a4502867f8bcdfc5b5ca40475341b8c9ae2fd6adefb1b77ba2d06e2fcf48e541333e7058c1e8c3b66fdfe96eeb5481fd32ce3ba948151cbd11fdafafaff4373ed9f41f09e18270fe0131756e4171bf143b92781620dc67e73194c4462991585d89afa9387177865753a1e5ec2d8c30dcf6378e72fbcd8431cedaf99ba5799aab8f63a1be4f468aa773fe361fe0a81ece420a47bf2da4c94407805b0eb187aee06d4db1cf77d68749189a880e840e18320d67f86b34912e805704507ca940d5d94b77f3150fa0d0ec9ca5c49ed714dc9df671dc5dc5f674830694a0f9bd6e583188bd93b4758ab18a7cf5a9747ec6b711fc31a62c62bb39efcd77c98fc0ad66881db8ab7865c3c54f2b34881ed2d324f03fb5c5b073e6da3b97be2feb4ff0385180e23933b94b5f5061204f26c9345974ad9a68e0bb58889024dca76ff3bebd96fb682a9f24e608a02268634e72251175ba09048c3f74ad2cd8d58faa844721eee5c67e11ad8d7fe2b992189738c5b3021d6ef2542560eaf4c9fc89912424e2c828776197a6f5208e68cd75f57f5811696e1a3300b62df549d75b622645f63d566c46563612a3354734ac3e3f657c7eda5ecbcab4c4949c8aed4641019f949ba765523b49c449c657b45f7800a87c5bd0a659c6541d6013346c04516b851848c47218620b62b8e4af2cf5c980b5ea390c3177c5d221b2c3ec405cf16ade7b5e161cd5d746f02615d8a62ab60a45df022d55b347319ea23c2daaecf0c1959752929067348361ca9f582cf41b199b330d233016dbe6932ef4fb032564f7b281af171f8cf611ec87ebca7e0780da4ea49787b907fdd17a18f4087e5c8afe3353b7c070058471c8aac01f37af5e2a5ac5a4b3ce4de9ead99674cf6b3f0264fe3e25ddf96fd301aa6624f7bbeec13851b6eb0afeb2187aed6ec6ef30db936fc92db9705a78bba84726a2d76ee83bbbed40b08222b6309cc12de7ba81cbb9b2bf7ba1f9999e06215cd59ca4c0125cdfa448c401cde53a49a7f558fe8a63de083acf5f2b768712451a4bdca00cc98a5ea5e6237f4233613017fbf11ef16828dc47e056738234de8b3609a0a1db2c02dd1acd18552f4cfba7697f573f35e2eb1e5e8660875ce2ff5e762201218f4d89d284186cc82ec5edeae4a8a061738f204af6d8014beaca411d95aa9a111753334745173c99142306d861a22012db751c0f79e01fe6a4cb4dc2a9db19e87b05b58318dcfc0ae5adb8d25779ac54ca1426ba7467ff232ee713acf8a0986d8067e277804f78d2c13ec499a3ee6326590ec219989b98e7a7d3ac98c35991e12ae65ea238b6a6b7d93bf65a568555fd68d075a320847826d93bb7a020933d88c2cdc8c0f03679631b6a373c532696011d2363a12eae024d8fd729cce208cb2643fc7b359119b28435e378835312a215486a203c827a6977d0f69f12544489763ff53ab7e74339e5c2374c5387015206c88961e7b001440d03eb59d3af20c21b224db0fb54ed0c1aacbfb3bd155628f1e591d60cb13bd071220ed7c9cae5aba934173ea34a08b464ca18513c137a6a7249346dad84eb2354c192abbafec65f653646cfa2309dc397b92cdef30358fef23c254dd96f48dfd50e6b02d88066e1dcadb420bdd62a73a668830a5e6be45f52b7a159b9ec17ffafaa22312ebc71efd51f225d758a70b7bef4f5ba9844f75c657c2f5d838498ed93fdf8d37e4edf4efe611d796077014448bc5db4bcf52b8325794bafa45007bacecf865b83181b4826e3d02e6aa0828c2538450d8da13125b1eb158e615b393bf284535452bec80ae59cc60e6fa19edb8b608e7f2fb9c656ef849a6d71625048ec9b4bc1734d3020924599bdd8ed15868a02476c54e8e80f74b8b7c5e2814309e4e6b7e0031c0b995bbdb3f78876e8782ca425d16c65bcb0e7e604fa2a65d2dd3a1641f1740505953c41cd14c84ad33ba645d1046c7bd16d72178d12e11282c5bd21de9ddb797b1b9f43b7feca5fed100c56abb41fed427f146812ea2edc0d5082e556a17ed8d6963f37feeae28c055815fa55c13eadfe374f0077355725f280936182de37b7db24adb49b7de311394ec6f3ea7ce16a3cc4e7a395e196fc3befb8b75fc74077e7d832ad18b4e8cd82e17aedd3bbfc143f1a67d315ccfed923662e6579a3a03c9e10c2986be353a9f25dfae67ea7b9beb4ea77f229e61b8d3b490bb21d96d3d96c100a378bb3c5f0f00a152eca9ced999b03c80cbc293bafc0a0205f63374ba9a3946ef6f56ea280eba5227ade5e8d64c8a36a1645a6cecff2b43ba8e4648f95a282840810e4d79e33b4376866981c8c7af8031b6f280e0434383f598b90fe644650acf9bb30d643deadf04a9c84bc73d81d66acdc4d1aa01ecb10c1aaa670ceb7b13c7be14dca7c6831b31b7c7e6f60ccc10732858f58c0fcaa68f888ec94a19eca816a56fd2f06098f3a22b25104a96be3b7bdc3336e54e417439f45d3046224230b40e01052c742963bc66156e8a55abd93ecef22f223344cdc86833a27c1eb400121e37b8e958c623b17a036fe7c3236da660a6d674fb6cd2113bf6cc34718d622d6c8ca5d812c1ee6ba2235d98575c5439358fc4abedcfaf1c73bee4dff5b11e109c9cc7006b02a0388b81e5b5be31e116d5a03bc8dc23eec0423d02c1ebd08a96f498b7d9f0ec0329f1d29f2b0d6d915363a3b7d3a52ffde5e6e01424bdeed84709eb1d854a8bbfa285a36016ce2846f4e1c1bfce639bf0eeb9f46678fb1985e908733063bb83dbb9c0b206c558a1d45e5a27e70a12ccc7c5a59652effd4e8404c80cd035a61ea45e55af4473a7753734ca77111b52d78a21a8aa77e30627e631b63ad37ca41366a7610780731b921aa7b195b02c610814873ae1882faac7ac49577b514573949fcde98c46a31734d8194a3d1626ce72041adb865a9f2bb2b1bb90d691bbabb8896f8951a3fea085c1adebd634c3f83b6fd996a44743ea2c1981cca20b93e4399f8877c3ff08f8fb8111e4536ece6b9800f58eacfe92d7c2b500ec70e84862e29294028d4bb1665b9d527c3f75b2475e578f01723c71c8f4c5f0132335a2fdfb485b00ff64494b464dbc655f949cb1cec0c5c3e8445582ca4cdf35dac6e4684ccf92450bba3752eb0d9cc7a3f904c0bd60b2bf128a17788d7d08ae8b7d415db85f2abb4b9012282bb2bd6580295e17dae3de5ba7551b99b3ea9f7f17347e23b56c2acbbe106f651e56c38c5caa69cb6af428c736aa9ae17858f4fbd67ca58d6de8451838222be09eec79a21499b288919364430f11997b91b1755be51037769fc3e4f4cae4bf00b4e161a599afede95ef5fe820265fdf728defe01a20e09eca048523f0f0cac077edc621192efec765696250211fa20ca6df4a1aecb44036e12720d710b9e451d5e8921bfadf8ec0cbd845cfebab0c13523dbd9c468e1f47b965465b78f01dac8772205dab4200314548f1358a0a47149584d178c27a347cb280413de6020f1b6265f792367ccc01df590e7a86367a00a852aea6cd3c17d6cb972414763adec7338ce786f68b53e4b112318f7ec4a4b66810f884ac4da775069203a80e09651a9809439de8cfa2bde99c580d23ecbd42eb5dfa253837bcacf12a5a4858ea4dd03f7412e1fd02321b61194d10cdc83c43dd33e179ae81d6facce643d3fab22271c31daebfa25170338fe88a270011d2e168c8aab4f11702682f0d3072f8bfd336a124741737d15d341dd5d6dbf485319b396cc3fdcb44f257227027f09a7d4f74e609dd3bfdb93daa4e6e05f90c9bf81344755699349a1d60e975ac4f3454c423ce3affc498105bb373e196e2f15530fd4327e2a207098363e64e119ec10764194b778aad04ebcfed432ad2474956d170e8262106963eb6757322a5742a16c3ba699920d1e9ad0a6618995322a5d46da3359315a23ea79cb7bc77b59e8c92dc6a119f159cf0701b893a96dec486917d46c457e994687eeb0bd4f2206859cb7247ea5a51564e461dfc2c85e291e2b5e9f7ba3757883af3936a490949f4acccfddcc4ee167115f5e1ac5a289a51ca4dde8a94a900ab142c44eefc3e654a5e7f235442fb29e289e4081c897a9387104cd1efc7fb0c305cf12dbbb4aea24a085bf9837c8d6c9627799ce04d77c0e1fd93eda83409bf01d3896145ef5b917db324cddf49904228da2d1bfc5352474e7c3d49f582fd2fa13e235cad717e64a70686c5a2caab80ab1889f93f77c9b1d3ee871691b355d8a4a1489de65d0f9f6270b918d5de8ee7a6025d41507e46efae6e060ff033d5730704984ca160ff0072cfa24add83834bd9ec6c1a694b660434d1da027c84373735322a6aad3184fc00ba51fa73593c4113e3741dc7ccc2279d3c5fb8d466167e0952a95a3c8722e4f574ad2a0efcceaa8f0296fc13534845aab2376f7f3ced975c525af39ba7ac8cd8c5787ded4720b9c131f4b361ba21a8b0ab07b79fb148edd03b65beab709b5f81d625caa29ed42452c8e7d2eb6f28c87f6d04be6a47510469eac8f03cac76562a0c46e366404d5ac1340dffb631c86bcabbbfb430014d1167639336d4b8cd8ac9f355103cd4c4b6f2a9337834abfb221c094126bf8e51c7c61499930006c5a6dc943869becb98f77f8860e907ba6c986f9c1b5674d4d810a61975b081b7efa4c8634b4c48a2eee63f7e8b8cd60c5bbb648e91712f1838bfb586ae14e0316491ac871cd0570484dff901c0db48d021bf382bccbf9b7675a91bf85dc53ac3e10a36237e8ca7126b51667f224e8e450d5b8e246e73c7afbdda92192e52d0617e75271982cd11a91529603909924a68b981ec8e8db1a05032e92a212ab3f485b19ac1560eaaea0bca68890c0e0e58235106e09c92b99a2d335e0f1ebdc03f6289da1c0ded144bffead748939aeab17dbbefeba3eebf66dd785f85f0b41cacca426b3511e662cc4a2fa670a1f321f23cf33174ad80702fb9a5effbe0cf7ba44a44203cd1f76221fae77bed86ff42b15e74a51d09e0c2dad8e8de30c2eebe49b4884610c32303de24fc0b4711d3e9483fdb589b2894db8d9b5e2ca933770f345f827c6fe4d374fc7ffe737417954ccc8b389756ff7ee4f899f6b2368350fa54878f1993d3c378b613d3cff152c29b35a2105dee6bf1e2faf14599f4a5429a6dbd153e47e7d771008f501ae7a442789ee245fc0553984c8f5527c9de5b0a0fd78890b2e2b7f59b9ae7d2250b99a6581b171d051f9317ef8252e250ff7ba1ab68a7135ca8918655bf13b2d13f8d9beaf9f909fec7ff0161100f6b907ad4be55a92277c746cd6e3da099b9ca06af59f3111fb0ed776c175b1f4f9c1e35ef2e099bf70454e847a9c74c3c44474e0882d03e402bdcf0ab749e5368e2c2f67c4ba6542f03d8eabc996a0ce839559b5bdaaaf08b3c70e5017b08096ec60152418458d4c8ac8667a9e87952e437d32da2ba739b1f0c84d67774a4fc7303d7ba3128d3b83ea1cc351f5a2cc9f45990ebbaf94bef3b9081a4366607effa03c1911e46a05e1668346ed04d8b3e9912fe86d6858d4acbde37669062b774f78b70a14bb7a27130979ead1e44b3cf52348b4928ba2f53e3105195d07bb0c98fb9b07f937f229141dc22c6694be86f2459e123a2c5a6c4f49b96bcec05193e3218a5f7d67886bcd1803a56415361fe3d642b704695b81e4eaddbb3b2b78833f1ceb040d60a29c212894f218706edc9584a809e001b585a232ef261a610b57be938f7fb2c22d4127156c365bd7c2a1cadacea5a6c3375d6a453cce5a0c8394863941826dcf74f44d79807d93b3638a0f51483661b4a1b9bb5df52f7905a5b81c2e3238af94ddedac948ae0d41eab3276ff2f323fd5061fa1434d35b8cc01f80cc19076b036e8a60a048908632d1eae4898a2002fa32f7045f81d183789c5ac934c5f2fd79e25e7ee7d0fe9c44be5d2ac463ecfc45c18f4926b3eba0da7f062599d4e6e6b5c3b7560e5bc88c255b447ef5d6024138fb41f6b9ee502cc3598119b9bba30817689cdf979099de941f910cb5e053a92d24944bbd84c54dc9d64d1547b6e8951cfbe585eee483e52f3285ebac6d92023222044dcbaf81bfca087e39c76dac61966aebff3074cd38aa3ed4f9942ec3028f63ef089af25f44c01e393b86ad584c3ae0fc796d8f4b0ed6c1e3f5008f313d34ea7c42e94db50ef10d7d1555927a5941ef8129faa1baff54f92e8993dd70d769322b914fc33170f67982c4ee93085dd9351ac642be382f0f4ce92a8792f0ac373cc8480d1fb0eafbddc4759daf2a5596f8680476cf5985ab1e0bfa3418aaa1316bdc8e6e8a4205c0609d57de2b25e5810ea6bb43bbea4cf8a1515de7541e48cd36c2ec77fde3a8f27dce7028dc25e1f642c47fcf33be358c1b7c4ebd3ccfb87cab2a7880c4fc0d72a0757b4f1b809f3d4da508a1395d7ba26e2fa3afb38bf3554e4b56cdf8ad681b53d45743a186df3d01e341daff55acc144842a6c734554a7c593d205d54f732969b98649f767d279aa1528f779253a9a40b30a9bd0a2c58d0432bf3d9907ad92fb0acedfbeddf2d51dcd6840f419cc62e3b67d6c2b44ed7fb709113790161a41d10d7482cbcc4e9058c400b77cc59fd457d5f78c8a8183b5adc91cccbec289cad3dd20b7e4634430c090e82cd3cfc74c4fd287203a311bf45db9a40f14bd2ebec7ce7e17caf80e602bc0b819926e19bc435cbfa70b4a3a98a1b656abb9196cbb2b3b970cc48e3501660551cb3968713620596ce65a25356a28ae24b840f76579fde4e4ac463188c6773deaaea2d4eed0e09b09714d3ce7e94fcafb5dfa543112303dce3f94d585f87fcb381ba14096fc744cc675674028c1c8c5a506bc00719a4334c3ce3e2b7978330f1456c7e0629958ba47746869ba8d40b0b2f83d7a6a1b759553366354bfe27cc443c91e7b115a3197ff42c2e7310ea2d5ae69c1cd4107302e5020264b06bfa159c0131a2d20c1f93dad76fc18afec886d0b336d72d54d3ef75fa3432c7d19ec9c8d8b53876d1d77be16012e8fc8b603f1e089d9a15fb875aeabab64970686c225e9afdc694288c701ca5e6940c85192cd213c02706ef085d310e7cf950b9b2eee2a4340dc1fbada9a452f93b6080c1361f15e1b25b6f77635a8c3410710fbf69447fc1e1cbb34c1eac4bb9766e2dadedcdcd5f7e5869752e59176a7b01a8d07cceae3eb45e65d1658a301f23ca1837102dcc781ae128f50d832d1c9ea523e8bd95b126c02a23c0060ef466237200f9a8df2148b06768cf1c8930805da10743ff6c489665c00abf942d6d6046f6bd1f6901814774834d3db27d6274e726b566d0076a9e9ae1814de7b46623f4879de4a8a6ea1fecfa258dd998d40dae6cfff054aca594c7868fe6e37634f37b0867a513983f5e8de65dd54bc588d913e1a4c4cf978edebf1bf5b07eb4856653adea84e8a85317c78b797ae400f9917c95b0020dd8483f96dac26c62849e5579e83b9b17d0effe8fbc601ce45306b6bf7ccbee017cc798f1d0ad635f275568c28c30c70a2739f3474699e8d663517f1f8cf37a1a86a0d3d13deefc2cf3775fc4eff3e16ae03fcecf2f3341f558729fdb9e0c5f2d7329109923d599251ed4700868961f523359da1ea1937ea2ab2034bb6783beaa30512917df7edb61787df2ebe351bbd5487431693f6987adc6bd1ccbe03183a9b7c307331ca7e0ea62926dbb72d08481195f6d7ad58f1a90a8c8ee5c1e251ce84c634d4a97791b92bbb92a57deb803c702144d95ff217157ac7e66b0b6ca0e3b03ce011aaca0871f552903cdc70bdb55f05d7a9d0c9782941a3e919bc063fd3417cad758821dcd9e239bcc9b4a9c820703e5e4196f5b1c26ad3b154edab171fbffb41d216bdee445c7628acb98e3e5e7f543acc593e521e6e65254f44a16ac4229a120a6826c59495f970d8b5cd88acee36f9e52a46b012047ceb89f68790d8ec9f358d454443c920f2ee8cf7fdf8472204800c74d999d8ec1aa4ea5f383bafe686dfa54e4c1050b37060caa2d04cfa7f20651065f53d8b80cd650fed4f49210d9c70ef435ce6f10d2e82c7bea5f061319623d1fd46f0d104abd81c4ee5583d8359407ea15c7ca27dc01a58b55c525af989294720c72f1a4f1dbe7047fb7d8ecd2c6c6fa085c69ee1295edea405ebb4654c416ebb1ecb80561d1e860ea59768b04a2384bd06bee656f27462f6c45a29521efab7278df19e8a0c489f2a138a939bda379ad764ade9c7a212b8f584c3f25c9f1fc9335cdef41588f68b43cb54eff2f6894a7b83312997d3be5166259696c1f360237c1fb495beb585a5cbce88edf23d2e65dd1aa852bc649fa5da096f4b27bae83d0cb049f5fd6c0d96436312fa61bcd26e5bb46e950b620dd7f7fe3dd1f8ee0063e9961959b305d1bfa8b45c50cee9ff728c391ce8b4d88b3e2101a27ed20f8ee9d9912f8dae9cccb4a2ee5d8b1e9bbc4b33f231333650c362501d08eb31c7830094628b03d1993b3767a8e6e202227cb5d1328a3a64100f848cd688ba7c6105e56ecead1f035bdc6953cbe94888b686c7833b97a9fe61095139a40531e5de02b2b98d312e58bfdd69e6bb33c6895f1fffee3bc1b175e4d991eb4676e38a66c98dc6cb6b3226b030f7ff5959a9da9cddcf3539840d1a07fe3e9997be6972f388d5defc766cc96e1cf0cc5eca686c67f89944b735eb11e303c4d1c6957d4edbb1f86a81728ffc0a929a5c525857a8331df514d0b15e69a47a09ab03f44657134a6fb4cf6633af4a5146474a637789d0a280b94ed59f82cff692758806c036a0dcf4ffbfd7b91e3ba24772e6ce8c7dd838de3e47b0d47166f244f60225b42591deb56ae5ca743f664805fe39b905813319930360ed116a757bf591153c368f673a3f395f36ca049e62d2cb5e84381b197bcd45d07cb3a79be3c40ae94f51717e05216710e4457e9be08551d0cb33fbecae2d4b7579468631fbfd3de35178be9e858530dd56a939cdd974bffd4488b74800278ab82202861880845fd6e6c14bf44a9c2565fdde4b98914e0f8e15c38cadfac65ec0f4fc19da205b698a3a89b651f437a176d1c64959dc9408043dd1b6dfe56ae8c6e0b64172b104c2a9b613835754156c40fcc3f57ac6b259157416b4c2de22f14a419adfcb4d3040f41a57c7e3e35547adafdb2de2f89a8febd180c30f9c4955267b329059705b36d9806ed2c2061365c2e4e5679efb54aabc330b7fa0b9669e94a4ec6ab94003ac56c14663b24bca6b326ee51c4a2b70d74ba4b8a95a4d806f73505f386a81494673b765fa8daa1f10ecd558caac18b67d83a01840ace9a17c4f2937cde0d5ea0175385f3e266a65f6df5b2cc56064e9fd8c5ec1734dd7fe5792a80f5792c2eb54876688f9ba4952f95582ef7547c664b645a9e887b7dca5355fe122d5f9d6f183275848bf5c911d4249a6644b74e7faed3fb681951a55749f8e63e4edae0e7da498409adaf1c3053682ca07a72daaae6d597a501085a2e5da491fca2660032328bc9ce96572c989450d95777d992397a02f266f148324b55763535a5de2e272b13d91467a85f47aaf51ea134d7c4869ebb6a555e0863b17e2fe58f5ff201349213956326e96691005a5eaa4e54b23fb0d2e5c0736fa15617fb5762c6a84887d8cd8b4a62a3bb9f2b86d40c736fc5a47aa591514ac504a181fcd2814347029501f478ce9947a5b1af6cf535cb9ecc7c024558d59d14b8579d729fb0ab4e95586411618e41192d3d7644a90libdovecot-compression.so.0.0.0libdovecot-dsync.so.0.0.0libdovecot-fts.so.0.0.0libdovecot-lda.so.0.0.0libdovecot-ldap.so.0.0.0libdovecot-login.so.0.0.0libdovecot-lua.so.0.0.0libdovecot-sieve.so.0.0.0libdovecot-sql.so.0.0.0libdovecot-storage-lua.so.0.0.0libdovecot-storage.so.0.0.0libdovecot.so.0.0.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootdovecot23-2.3.15-150200.62.1.src.rpmdovecot-develdovecot23-develdovecot23-devel(ppc-64)    dovecot23rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.3.153.0.4-14.6.0-14.0-15.2-1otherproviders(dovecot-devel)4.14.1b``9@_`@^@]V]@[ @[ @[H@[E@[7p[ [@Z̧@ZZ2@Z@Z@Z@ZZZZ@@Z@@Z?Z:Pvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.commrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.dekbabioch@suse.comvarkoly@suse.commrueckert@suse.demrueckert@suse.dedimstar@opensuse.orgmrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.dejengelh@inai.demrueckert@suse.demrueckert@suse.demrueckert@suse.de- VUL-0: CVE-2022-30550: dovecot22,dovecot23: Privilege escalation possible in dovecot when similar master and non-master passdbs are used (bsc#1201267). o Apply upstream patch: CVE-2022-30550.patch- Update to version 2.3.15 - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. Local attacker can login as any user and access their emails - CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. Attacker can potentially steal user credentials and mails * Disconnection log messages are now more standardized across services. They also always now start with "Disconnected" prefix. * Dovecot now depends on libsystemd for systemd integration. * Removed support for Lua 5.2. Use version 5.1 or 5.3 instead. * config: Some settings are now marked as "hidden". It's discouraged to change these settings. They will no longer be visible in doveconf output, except if they have been changed or if doveconf -s parameter is used. See https://doc.dovecot.org/settings/advanced/ for details. * imap-compress: Compression level is now algorithm specific. See https://doc.dovecot.org/settings/plugin/compress-plugin/ * indexer-worker: Convert "Indexed" info logs to an event named "indexer_worker_indexing_finished". See https://doc.dovecot.org/admin_manual/list_of_events/#indexer-worker-indexing-finished + Add TSLv1.3 support to min_protocols. + Allow configuring ssl_cipher_suites. (for TLSv1.3+) + acl: Add acl_ignore_namespace setting which allows to entirely ignore ACLs for the listed namespaces. + imap: Support official RFC8970 preview/snippet syntax. Old methods of retrieving preview information via IMAP commands ("SNIPPET and PREVIEW with explicit algorithm selection") have been deprecated. + imapc: Support INDEXPVT for imapc storage to enable private message flags for cluster wide shared mailboxes. + lib-storage: Add new events: mail_opened, mail_expunge_requested, mail_expunged, mail_cache_lookup_finished. See https://doc.dovecot.org/admin_manual/list_of_events/#mail + zlib, imap-compression, fs-compress: Support compression levels that the algorithm supports. Before, we would allow hardcoded value between 1 to 9 and would default to 6. Now we allow using per-algorithm value range and default to whatever default the algorithm specifies. - *-login: Commands pipelined together with and just after the authenticate command cause these commands to be executed twice. This applies to all protocols that involve user login, which currently comprises of imap, pop3, submisision and managesieve. - *-login: Processes are supposed to disconnect the oldest non-logged in connection when process_limit was reached. This didn't actually happen with the default "high-security mode" (with service_count=1) where each connection is handled by a separate process. - *-login: When login process reaches client/process limits, oldest client connections are disconnected. If one of these was still doing anvil lookup, this caused a crash. This could happen only if the login process limits were very low or if the server was overloaded. - Fixed building with link time optimizations (-flto). - auth: Userdb iteration with passwd driver does not always return all users with some nss drivers. - dsync: Shared INBOX not synced when "mail_shared_explicit_inbox" was disabled. If a user has a shared mailbox which is another user's INBOX, dsync didn't include the mailbox in syncing unless explicit naming is enabled with "mail_shared_explicit_inbox" set to "yes". - dsync: Shared namespaces were not synced with "-n" flag. - dsync: Syncing shared INBOX failed if mail_attribute_dict was not set. If a user has a shared mailbox that is another user's INBOX, dsync failed to export the mailbox if mail attributes are disabled. - fts-solr, fts-tika: Using both Solr FTS and Tika may have caused HTTP requests to assert-crash: Panic: file http-client-request.c: line 1232 (http_client_request_send_more): assertion failed: (req->payload_input != NULL) - fts-tika: 5xx errors returned by Tika server as indexing failures. However, Tika can return 5xx for some attachments every time. So the 5xx error should be retried once, but treated as success if it happens on the retry as well. v2.3 regression. - fts-tika: v2.3.11 regression: Indexing messages with fts-tika may have resulted in Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts): assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input)) - imap: SETMETADATA could not be used to unset metadata values. Instead NIL was handled as a "NIL" string. v2.3.14 regression. - imap: IMAP BINARY FETCH crashes at least on empty base64 body: Panic: file index-mail-binary.c: line 358 (blocks_count_lines): assertion failed: (block_count == 0 || block_idx+1 == block_count) - imap: If IMAP client using the NOTIFY command was disconnected while sending FETCH notifications to the client, imap could crash with Panic: Trying to close mailbox INBOX with open transactions. - imap: Using IMAP COMPRESS extension can cause IMAP connection to hang when IMAP commands are >8 kB long. - imapc: If remote server sent BYE but didn't immediately disconnect, it could cause infinite busy-loop. - lib-index: Corrupted cache record size in dovecot.index.cache file could have caused a crash (segfault) when accessing it. - lib-oauth2: JWT token time validation now works correctly with 32-bit systems. - lib-ssl-iostream: Checking hostnames against an SSL certificate was case-sensitive. - lib-storage: Corrupted mime.parts in dovecot.index.cache may have resulted in Panic: file imap-bodystructure.c: line 206 (part_write_body): assertion failed: (text == ((part->flags & MESSAGE_PART_FLAG_TEXT) != 0)) - lib-storage: Index rebuilding (e.g. via doveadm force-resync) didn't preserve the "hdr-pop3-uidl" header. Because of this, the next pop3 session could have accessed all of the emails' metadata to read their POP3 UIDL (opening dbox files). - listescape: When using the listescape plugin and a shared namespace the plugin didn't work properly anymore resulting in errors like: "Invalid mailbox name: Name must not have '/' character." - lmtp: Connection crashes if connection gets disconnected due to multiple bad commands and the last bad command is BDAT. - lmtp: The Dovecot-specific LMTP parameter XRCPTFORWARD was blindly forwarded by LMTP proxy without checking that the backend has support. This caused a command parameter error from the backend if it was running an older Dovecot release. This could only occur in more complex setups where the message was proxied twice; when the proxy generated the XRCPTFORWARD parameter itself the problem did not occur, so this only happened when it was forwarded. - lmtp: The LMTP proxy crashes with a panic when the remote server replies with an error while the mail is still being forwarded through a DATA/BDAT command. - lmtp: Username may have been missing from lmtp log line prefixes when it was performing autoexpunging. - master: Dovecot would incorrectly fail with haproxy 2.0.14 service checks. - master: Systemd service: Dovecot announces readiness for accepting connections earlier than it should. The following environment variables are now imported automatically and can be omitted from import_environment setting: NOTIFY_SOCKET LISTEN_FDS LISTEN_PID. - master: service { process_min_avail } was launching processes too slowly when master was forking a lot of processes. - util: Make the health-check.sh example script POSIX shell compatible. * Added new aliases for some variables. Usage of the old ones is possible, but discouraged. (These were partially added already to v2.3.13.) See https://doc.dovecot.org/configuration_manual/config_file/config_variables/ for more information. * Optimize imap/pop3/submission/managesieve proxies to use less CPU at the cost of extra memory usage. * Remove autocreate, expire, snarf and mail-filter plugins. * Remove cydir storage driver. * Remove XZ/LZMA write support. Read support will be removed in future release. * doveadm -D: Add timestamps to debug output even when LOG_STDERR_TIMESTAMP environment variable is not set. Timestamp format is taken from log_timestamp setting. * If BROKENCHAR or listescape plugin is used, the escaped folder names may be slightly different from before in some situations. This is unlikely to cause issues, although caching clients may redownload the folders. * imapc: It now enables BROKENCHAR=~ by default to escape remote folder names if necessary. This also means that if there are any '~' characters in the remote folder names, they will be visible as "~7e". * imapc: When using local index files folder names were escaped on filesystem a bit differently. This affects only if there are folder names that actually require escaping, which isn't so common. The old style folders will be automatically deleted from filesystem. * stats: Update exported metrics to be compliant with OpenMetrics standard. + doveadm: Add an optional '-p' parameter to metadata list command. If enabled, "/private", and "/shared" metadata prefixes will be prepended to the keys in the list output. + doveconf: Support environment variables in config files. See https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax/#environment-variables for more details. + indexer-worker: Change indexer to disconnect from indexer-worker after each request. This allows service indexer-worker's service_count & idle_kill settings to work. These can be used to restart indexer-worker processes once in a while to reduce their memory usage. - auth: "nodelay" with various authentication mechanisms such as apop and digest-md5 crashed AUTH process if authentication failed. - auth: Auth lua script generating an error triggered an assertion failure: Panic: file db-lua.c: line 630 (auth_lua_call_password_verify): assertion failed: (lua_gettop(script->L) == 0). - configure: Fix libunwind detection to work on other than x86_64 systems. - doveadm-server: Process could crash if logging was done outside command handling. For example http-client could have done debug logging afterwards, resulting in either segfault or Panic: file http-client.c: line 642 (http_client_context_close): assertion failed: (cctx->clients_list == NULL). - dsync: Folder name escaping with BROKENCHAR didn't work completely correctly. This especially caused problems with dsync-migrations using imapc where some of the remote folder names may not have been accessible. - dsync: doveadm sync + imapc doesn't always sync all mails when doing an incremental sync (-1), which could lead to mail loss when it's used for migration. This happens only when GUIDs aren't used (i.e. imapc without imapc_features=guid-forced). - fts-tika: When tika server returns error, some mails cause Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts): assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input)) - lib-imap: imapc parsing illegal BODYSTRUCTUREs with NILs could have resulted in crashes. This exposed that Dovecot was wrongly accepting atoms in "nstring" handling. Changed the IMAP parsing to be more strict about this now. - lib-index: If dovecot.index.cache has corrupted message size, fetching BODY/BODYSTRUCTURE may cause assert-crash: Panic: file index-mail.c: line 1140 (index_mail_parse_body_finish): assertion failed: (mail->data.parts != NULL). - lib-index: Minor error handling and race condition fixes related to rotating dovecot.index.log. These didn't usually cause problems, unless the log files were rotated rapidly. - lib-lua: Lua scripts using coroutines or lua libraries using coroutines (e.g., cqueues) panicked. - Message PREVIEW handled whitespace wrong so first space would get eaten from between words. - FTS and message PREVIEW (snippet) parsed HTML &entities case-sensitively. - lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE was written in a way that may have caused confusion for IMAP clients and also Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type. - lib-oauth2: HS512 and HS384 JWT token algorithms crash when you try to use them: Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= MAC_MAX_CONTEXT_SIZE). - event filters: NOT keyword did not have the correct associativity. - Ignore ECONNRESET when closing socket. This avoids logging useless errors on systems like FreeBSD. - event filters: event filter syntax error may lead to Panic: file event-filter.c: line 137 (event_filter_parse): assertion failed: (state.output == NULL) - lib: timeval_cmp_margin() was broken on 32-bit systems. This could potentially have caused HTTP timeouts to be handled incorrectly. - log: instance_name wasn't used as syslog ident by the log process. - master: After a service reached process_limit and client_limit, it could have taken up to 1 second to realize that more client connections became available. During this time client connections could have been unnecessarily rejected and a warning logged: Warning: service(...): process_limit (...) reached, client connections are being dropped - stats: Crash would occur when generating openmetrics data for metrics using aggregating functions. - stats: Event filters comparing against empty strings crash the stats process. * CVE-2020-24386: Specially crafted command can cause IMAP hibernate to allow logged in user to access other people's emails and filesystem information. * Metric filter and global event filter variable syntax changed to a SQL-like format. See https://doc.dovecot.org/configuration_manual/event_filter/ * auth: Added new aliases for %{variables}. Usage of the old ones is possible, but discouraged. * auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth mechanism and related password schemes. * auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail. * auth: Removed postfix postmap socket + auth: Added new fields for auth server events. These fields are now also available for all auth events. See https://doc.dovecot.org/admin_manual/list_of_events/#authentication-server for details. + imap-hibernate: Added imap_client_hibernated, imap_client_unhibernated and imap_client_unhibernate_retried events. See https://doc.dovecot.org/admin_manual/list_of_events/ for details. + lib-index: Added new mail_index_recreated event. See https://doc.dovecot.org/admin_manual/list_of_events/#mail-index-recreated + lib-sql: Support TLS options for cassandra driver. This requires cpp-driver v2.15 (or later) to work reliably. + lib-storage: Missing $HasAttachment / $HasNoAttachment flags are now added to existing mails if mail_attachment_detection_option=add-flags and it can be done inexpensively. + login proxy: Added login_proxy_max_reconnects setting (default 3) to control how many reconnections are attempted. + login proxy: imap/pop3/submission/managesieve proxying now supports reconnection retrying on more than just connect() failure. Any error except a non-temporary authentication failure will result in reconnect attempts. - auth: Lua passdb/userdb leaks stack elements per call, eventually causing the stack to become too deep and crashing the auth or auth-worker process. - auth: SASL authentication PLAIN mechanism could be used to trigger read buffer overflow. However, this doesn't seem to be exploitable in any way. - auth: v2.3.11 regression: GSSAPI authentication fails because dovecot disallows NUL bytes for it. - dict: Process used too much CPU when iterating keys, because each key used a separate write() syscall. - doveadm-server: Crash could occur if logging was done outside command handling. For example http-client could have done debug logging afterwards, resulting in either segfault or Panic: file http-client.c: line 642 (http_client_context_close): assertion failed: (cctx->clients_list == NULL). - doveadm-server: v2.3.11 regression: Trying to connect to doveadm server process via starttls assert-crashed if there were no ssl=yes listeners: Panic: file master-service-ssl.c: line 22 (master_service_ssl_init): assertion failed: (service->ssl_ctx_initialized). - fts-solr: HTTP requests may have assert-crashed: Panic: file http-client-request.c: line 1232 (http_client_request_send_more): assertion failed: (req->payload_input != NULL) - imap: IMAP NOTIFY could crash with a segmentation fault due to a bad configuration that causes errors. Sending the error responses to the client can cause the segmentation fault. This can for example happen when several namespaces use the same mail storage location. - imap: IMAP NOTIFY used on a shared namespace that doesn't actually exist (e.g. public namespace for a nonexistent user) can crash with a panic: Panic: Leaked view for index /tmp/home/asdf/mdbox/dovecot.list.index: Opened in (null):0 - imap: IMAP session can crash with QRESYNC extension if many changes are done before asking for expunged mails since last sync. - imap: Process might hang indefinitely if client disconnects after sending some long-running commands pipelined, for example FETCH+LOGOUT. - lib-compress: Mitigate crashes when configuring a not compiled in compression. Errors with compression configuration now distinguish between not supported and unknown. - lib-compression: Using xz/lzma compression in v2.3.11 could have written truncated output in some situations. This would result in "Broken pipe" read errors when trying to read it back. - lib-compression: zstd compression could have crashed in some situations: Panic: file ostream.c: line 287 (o_stream_sendv_int): assertion failed: (!stream->blocking) - lib-dict: dict client could have crashed in some rare situations when iterating keys. - lib-http: Fix several assert-crashes in HTTP client. - lib-index: v2.3.11 regression: When mails were expunged at the same time as lots of new content was being saved to the cache (e.g. cache file was lost and is being re-filled) a deadlock could occur with dovecot.index.cache / dovecot.index.log. - lib-index: v2.3.11 regression: dovecot.index.cache file was being purged (rewritten) too often when it had a field that hadn't been accessed for over 1 month, but less than 2 months. Every cache file change caused a purging in this situation. - lib-mail: MIME parts were not returned correctly by Dovecot MIME parser. Regression caused by fixing CVE-2020-12100. - lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE was written in a way that may have caused confusion for both IMAP clients and Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type. - lib-mail: v2.3.11 regression: Mail delivery / parsing crashed when the 10000th MIME part was message/rfc822 (or if parent was multipart/digest): Panic: file message-parser.c: line 167 (message_part_append): assertion failed: (ctx->total_parts_count <= ctx->max_total_mime_parts). - lib-oauth2: Dovecot incorrectly required oauth2 server introspection reply to contain username with invalid token. - lib-ssl-iostream, lib-dcrypt: Fix building with OpenSSL that has deprecated APIs disabled. - lib-storage: When mail's size is different from the cached one (in dovecot.index.cache or Maildir S=size in the filename), this is handled by logging "Cached message size smaller/larger than expected" error. However, in some situations this also ended up crashing with: Panic: file istream.c: line 315 (i_stream_read_memarea): assertion failed: (old_size <= _stream->pos - _stream->skip). - lib-storage: v2.3 regression: Copying/moving mails was taking much more memory than before. This was mainly visible when copying/moving thousands of mails in a single transaction. - lib-storage: v2.3.11 regression: Searching messages assert-crashed (without FTS): Panic: file message-parser.c: line 174 (message_part_finish): assertion failed: (ctx->nested_parts_count > 0). - lib: Dovecot v2.3 moved signal handlers around in ioloops, causing more CPU usage than in v2.2. - lib: Fixed JSON parsing: '\' escape sequence may have wrongly resulted in error if it happened to be at read boundary. Any NUL characters and '\u0000' will now result in parsing error instead of silently truncating the data. - lmtp, submission: Server may hang if SSL client connection disconnects during the delivery. If this happened repeated, it could have ended up reaching process_limit and preventing any further lmtp/submission deliveries. - lmtp: Proxy does not always properly log TLS connection problems as errors; in some cases, only a debug message is logged if enabled. - lmtp: The LMTP service can hang when commands are pipelined. This can particularly occur when one command in the middle of the pipeline fails. One example of this occurs for proxied LMTP transactions in which the final DATA or BDAT command is pipelined after a failing RCPT command. - login-proxy: The login_source_ips setting has no effect, and therefore the proxy source IPs are not cycled through as they should be. - master: Process was using 100% CPU in some situations when a broken service was being throttled. - pop3-login: POP3 login would fail with "Input buffer full" if the initial response for SASL was too long. - stats: Crash would occur when generating openmetrics data for metrics using aggregating functions. - Update pigeonhole to version 0.5.15 * CVE-2020-28200: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Fixed by limiting the user CPU time per single script execution and cumulatively over several script runs within a configurable timeout period. Sufficiently large CPU time usage is summed in the Sieve script binary and execution is blocked when the sum exceeds the limit within that time. The block is lifted when the script is updated after the resource usage times out. (bsc#1187420) Attacker can DoS the mail delivery system (jsc#PM-2746) ECO: Dovecot 2.3.15 version upgrade * Disconnection log messages are now more standardized across services. They also always now start with "Disconnected" prefix. * managesieve: Commands pipelined together with and just after the authenticate command cause these commands to be executed twice. * duplicate: The test was handled badly in a multiscript (sieve_before, sieve_after) scenario in which an earlier script in the sequence with a duplicate test succeeded, while a later script caused a runtime failure. In that case, the message is recorded for duplicate tracking, while the message may not actually have been delivered in the end. * editheader: Sieve interpreter entered infinite loop at startup when the "editheader" configuration listed an invalid header name. This problem can only be triggered by the administrator. * relational: The Sieve relational extension can cause a segfault at compile time. This is triggered by invalid script syntax. The segfault happens when this match type is the last argument of the test command. This situation is not possible in a valid script; positional arguments are normally present after that, which would prevent the segfault. * sieve: For some Sieve commands the provided mailbox name is not properly checked for UTF-8 validity, which can cause assert crashes at runtime when an invalid mailbox name is encountered. This can be caused by the user by writing a bad Sieve script involving the affected commands ("mailboxexists", "specialuse_exists"). This can be triggered by the remote sender only when the user has written a Sieve script that passes message content to one of the affected commands. * sieve: Large sequences of 8-bit octets passed to certain Sieve commands that create or modify message headers that allow UTF-8 text (vacation, notify and addheader) can cause the delivery or IMAP process (when IMAPSieve is used) to enter a memory-consuming semi-infinite loop that ends when the process exceeds its memory limits. Logged in users can cause these hangs only for their own processes. - Remove upstream applied pathces: 0001-imap-Escape-tag-when-sending-it-to-imap-hibernate-pr.patch 0001-lib-mail-message-parser-Fix-assert-crash-when-enforc.patch 0002-imap-Add-unit-test-for-imap-client-hibernate.patch 0002-lib-imap-Don-t-generate-invalid-BODYSTRUCTURE-when-r.patch CVE-2021-29157.patch CVE-2021-33515.patch- CVE-2021-29157: Local attacker can login as any user and access their emails (bsc#1187418) - CVE-2021-33515: Attacker can potentially steal user credentials and mails (bsc#1187419) Add upstream patches: CVE-2021-29157.patch CVE-2021-33515.patch- Update pigeonhole to version 0.5.11 * managesieve: managesieve_max_line_length setting is now a "size" type instead of just number of bytes. This allows using e.g. "64k" as the value. - lib-sieve: When folding white space is used in the Message-ID header, it is not stripped away correctly before the message ID value is used, causing e.g. garbled log lines at delivery. - Update to version 2.3.11.3 - pop3-login: Login didn't handle commands in multiple IP packets properly. This mainly affected large XCLIENT commands or a large SASL initial response parameter in the AUTH command. - pop3: pop3_deleted_flag setting was broken, causing: Panic: file seq-range-array.c: line 472 (seq_range_array_invert): assertion failed: (range[count-1].seq2 <= max_seq) - auth: Lua passdb/userdb leaks stack elements per call, eventually causing the stack to become too deep and crashing the auth or auth-worker process. - lib-mail: v2.3.11 regression: MIME parts not returned correctly by Dovecot MIME parser. - pop3-login: Login would fail with "Input buffer full" if the initial response for SASL was too long. * CVE-2020-12100: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory. nested MIME parts leads to resource exhaustion (bsc#1174920) * CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. (bsc#1174922) * CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an address that has the empty quoted string as local-part causes the lmtp service to crash. * CVE-2020-12674: Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on. (bsc#1174923) * Events: Fix inconsistency in events. See event documentation in https://doc.dovecot.org. * imap_command_finished event's cmd_name field now contains "unknown" for unknown commands. A new "cmd_input_name" field contains the command name exactly as it was sent. * lib-index: Renamed mail_cache_compress_* settings to mail_cache_purge_*. Note that these settings are mainly intended for testing and usually shouldn't be changed. * events: Renamed "index" event category to "mail-index". * events: service: category is now using the name from configuration file. * dns-client: service dns_client was renamed to dns-client. * log: Prefixes generally use the service name from configuration file. For example dict-async service will now use "dict-async(pid): " log prefix instead of "dict(pid): " * *-login: Changed logging done by proxying to use a consistent prefix containing the IP address and port. * *-login: Changed disconnection log messages to be slightly clearer. + dict: Add events for dictionaries. + lib-index: Finish logging with events. + oauth2: Support local validation of JWT tokens. + stats: Add support for dynamic histograms and grouping. See https://doc.dovecot.org/configuration_manual/stats/. + imap: Implement RFC 8514: IMAP SAVEDATE + lib-index: If a long-running transaction (e.g. SORT/FETCH on a huge folder) adds a lot of data to dovecot.index.cache file, commit those changes periodically to make them visible to other concurrent sessions as well. + stats: Add OpenMetrics exporter for statistics. See https://doc.dovecot.org/configuration_manual/stats/openmetrics/. + stats: Support disabling stats-writer socket by setting stats_writer_socket_path="". - auth-worker: Process keeps slowly increasing its memory usage and eventually dies with "out of memory" due to reaching vsz_limit. - auth: Prevent potential timing attacks in authentication secret comparisons: OAUTH2 JWT-token HMAC, imap-urlauth token, crypt() result. - auth: Several auth-mechanisms allowed input to be truncated by NUL which can potentially lead to unintentional issues or even successful logins which should have failed. - auth: When auth policy returned a delay, auth_request_finished event had policy_result=ok field instead of policy_result=delayed. - auth: auth process crash when auth_policy_server_url is set to an invalid URL. - dict-ldap: Crash occurs if var_expand template expansion fails. - dict: If dict client disconnected while iteration was still running, dict process could have started using 100% CPU, although it was still handling clients. - doveadm: Running doveadm commands via proxying may hang, especially when doveadm is printing a lot of output. - imap: "MOVE * destfolder" goes to a loop copying the last mail to the destination until the imap process dies due to running out of memory. - imap: Running "UID MOVE 1:* Trash" on an empty folder goes to infinite loop. - imap: SEARCH doesn't support $. - lib-compress: Buffer over-read in zlib stream read. - lib-dns: If DNS lookup times out, lib-dns can cause crash in calling process. - lib-index: Fixed several bugs in dovecot.index.cache handling that could have caused cached data to be lost. - lib-index: Writing to >=1 GB dovecot.index.cache files may cause assert-crashes: Panic: file mail-index-util.c: line 37 (mail_index_uint32_to_offset): assertion failed: (offset < 0x40000000) - lib-ssl-iostream: Fix buggy OpenSSL error handling without assert-crashing. If there is no error available, log it as an error  instead of crashing: Panic: file iostream-openssl.c: line 599 (openssl_iostream_handle_error): assertion failed: (errno != 0) - lib-ssl-iostream: ssl_key_password setting did not work. - submission: A segfault crash may occur when the client or server disconnects while a non-transaction command like NOOP or VRFY is still being processed. - virtual: Copying/moving mails with IMAP into a virtual folder assert-crashes: Panic: file cmd-copy.c: line 152 (fetch_and_copy): assertion failed: (copy_ctx->copy_count == seq_range_count(©_ctx->saved_uids)) - VUL-1: CVE-2020-25275: dovecot22,dovecot23: Mail delivery / parsing crashed when the 10 000th MIME part was message/rfc822 (bsc#1180406) - apply upstream patches: - CVE-2020-24386: dovecot: IMAP hibernation allows users to access other users' emails (bsc#1180405) - apply upstream patches: 0002-imap-Add-unit-test-for-imap-client-hibernate.patch 0001-imap-Escape-tag-when-sending-it-to-imap-hibernate-pr.patch 0001-lib-mail-message-parser-Fix-assert-crash-when-enforc.patch 0002-lib-imap-Don-t-generate-invalid-BODYSTRUCTURE-when-r.patch - remove paches containing by update: 0001-auth-mech-rpa-Fail-on-zero-len-buffer.patch 0001-lib-smtp-smtp-server-cmd-vrfy-Restructure-parameter-.patch 0002-lib-ntlm-Check-buffer-length-on-responses.patch 0002-lib-smtp-smtp-syntax-Do-not-allow-NULL-return-parame.patch 0003-lib-smtp-smtp-syntax-Do-not-allow-NULL-return-parame.patch 0004-lib-smtp-smtp-syntax-Do-not-allow-NULL-return-parame.patch 0005-lib-smtp-smtp-syntax-Return-0-for-smtp_string_parse-.patch 0006-lib-smtp-Add-tests-for-smtp_string_parse-and-smtp_st.patch 0007-lib-smtp-test-smtp-server-errors-Add-tests-for-VRFY-.patch 0008-lib-smtp-smtp-server-command-Guarantee-that-non-dest.patch 0009-lib-smtp-smtp-server-command-Assign-cmd-reg-immediat.patch 0010-lib-smtp-smtp-server-command-Perform-initial-command.patch 0011-lib-smtp-smtp-server-connection-Hold-a-command-refer.patch 0012-lib-smtp-test-smtp-server-errors-Add-tests-for-large.patch 0013-lib-smtp-smtp-address-Don-t-return-NULL-from-smtp_ad.patch 0014-lib-smtp-smtp-address-Don-t-recognize-an-address-wit.patch- update pigeonhole to 0.5.10 * imap_sieve_filter: Change result action logging to include IMAP UID - vacation: Addresses were compared case-sensitively. + Added events for Sieve and ManageSieve, see https://doc.dovecot.org/admin_manual/list_of_events/#pigeonhole + Pigeonhole: Implement the Sieve "special-use" extension described in RFC 8579. - duplicate: Test only compared the handles which would cause different values to be cached as the same duplicate test. Fix to also compare the actual hashes. - imap_sieve_filter: IMAP FILTER Command had various bugs in error handling. Errors may have been duplicated for each email, errors may have been missing entirely, command tag and ERRORS/WARNINGS parameters were swapped. - Sieve may leak resources in rare cases when a redirect, vacation or report action fails to send the message. This mainly applies when Sieve is executed in IMAP context; i.e., for the IMAPSIEVE or FILTER=SIEVE capabilities. - dsync: Sieve script syncing failed if mailbox attributes weren't enabled. + vacation: Made the subject for the automatic response message produced by the Sieve vacation action configurable. Both the default subject (if the script defines none) and the subject template (e.g. used to add a subject prefix) can be configured. - dsync: dsync-replication does not synchronize Sieve scripts. - imap_sieve_filter: Reduce FILTER=SIEVE verbosity over IMAP connection. - testsuite: Pigeonhole testsuite segfaulted if it was compiled with GCC 9 + sieve: Redirect loop prevention is sometimes ineffective. Improve existing loop detection by also recognizing the X-Sieve-Redirected-From header in incoming messages and dropping redirect actions when it points to the sending account. This header is already added by the redirect action, so this improvement only adds an additional use of this header. - sieve: Prevent execution of implicit keep upon temporary failure occurring at runtime. + IMAPSieve: Add new plugin/imapsieve_expunge_discarded setting which causes messages discarded by an IMAPSieve script to be expunged immediately, rather than only being marked as "\Deleted" (which is still the default behavior). - IMAPSieve: Fix panic crash occurring when a COPY command copies messages from a virtual mailbox where the source messages originate from more than a single real mailbox. - imap4flags extension: Fix deleting all keywords. When the action resulted in all keywords being removed, no changes were actually applied. - variables extension: Fix truncation of UTF-8 variable content. The maximum size of Sieve variables was enforced by truncating the variable string content bluntly at the limit, but this does not consider UTF-8 code point boundaries. This resulted in broken UTF-8 strings. This problem also surfaced for variable modifiers, such as the ":encodeurl" modifier provided by the Sieve "enotify" extension. In that case, the resulting URI escaping could also be truncated inappropriately. - IMAPSieve, IMAP FILTER=SIEVE: Fix replacing a modified message. Sieve scripts running in IMAPSIEVE or IMAP FILTER=SIEVE context that modify the message, stored the message a second time, rather than replacing the originally stored unmodified message. - Fix segmentation fault occurring when both the sieve_extprograms plugin (for the Sieve interpreter) and the imap_filter_sieve plugin (for IMAP) are loaded at the same time. A symbol was defined by both plugins, causing a clash when both were loaded. * Adjustments to several changes in Dovecot v2.3.4 make this Pigeonhole release dependent on that Dovecot release; it will not compile against older Dovecot versions. And, conversely, you need to upgrade Pigeonhole when upgrading Dovecot to v2.3.4. * The changes regarding the default postmaster_address in Dovecot v2.3.4 mainly apply to Pigeonhole. The new default should work for all existing installations, thereby fixing several reported v2.3/v0.5 migration problems. - IMAP FILTER=SIEVE capability: Fix assert crash occurring when running UID FILTER on a Sieve script with errors. - update to 2.3.10 * Disable retpoline migitations by default. These can cause severe performance regressions, so they should be only enabled when applicable. * IMAP MOVE now commits transactions in batches of 1000 mails. This helps especially with lazy_expunge when moving a lot of mails. It mainly avoids situations where multiple IMAP sessions are running the same MOVE command and duplicating the mails in the lazy_expunge folder. With this change there can still be some duplication, but the MOVE always progresses forward. Also if the MOVE fails at some point, the changes up to the last 1000 mails are still committed instead of rolled back. Note that the COPY command behavior hasn't changed, because it is required by IMAP standard to be an atomic operation. * IMAP EXPUNGE and CLOSE now expunges mails in batches of 1000 mails. This helps especially with lazy_expunge when expunging a lot of mails (e.g. millions) to make sure that the progress always moves forward even if the process is killed. * Autoexpunging now expunges mails in batches of 1000 mails. This helps especially with lazy_expunge when expunging a lot of mails (e.g. millions) to make sure that the progress always moves forward even if the process is killed. + Add tool for generating sysreport called dovecot-sysreport. This generates a bundle of information usually needed for support requests. + Add support for the new IMAP \Important SPECIAL-USE flag (RFC 8457). + Add metric { group_by } setting. This allows automatically creating new metrics based on the fields you want to group statistics by. NOTE: This feature is considered experimental and syntax is subject to change in future release. + auth: Support SCRAM-SHA-256 authentication mechanism. + imap: Support the new IMAP STATUS=SIZE extension. + Use TCP_QUICKACK to reduce latency for some TCP connections. + quota-status: Made the service more robust against erroneous use with Postfix ACL policies other than smtpd_recipient_restrictions. + Add "revision" field support to imap_id_send setting. Using "revision *" will send in IMAP ID command response the short commit hash of the Dovecot git source tree HEAD (same as in dovecot --version). + IMAP ENVELOPE includes now all addresses when there are multiple headers (From, To, Cc, etc.) The standard way of having multiple addresses is to just list them all in a single header. It's non-standard to have multiple headers. However, since MTAs allow these mails to pass through and different software may handle them in different ways, it's better from security point of view to show all the addresses. + Event filters now support using "field_name=" to match a field that doesn't exist or has an empty value. For example use "error=" to match only events that didn't fail. - acl: INBOX ACLs shouldn't apply for IMAP GETMETADATA/SETMETADATA commands. - cassandra: CASS_ERROR_SERVER_WRITE_FAILURE error should also be treated as "uncertain write failure". - dict-redis: Using quota_clone configured with dict-redis could have crashed when Redis responded slowly. - imap-hibernate: Communication trouble with imap-master leads to segfault. - imap-hibernate: Unhibernation retrying wasn't working. - imap: Fixed auth lookup privilege problem when imap process was reused and user was being un-hibernated. - Fix potential crash when copying/moving mails within the same folder. This happened only when there were a lot of fields in dovecot.index.cache. - lib-index: Recreating dovecot.index.cache file could have crashed when merging bitmask fields. - lib-index: Using public/shared folders with INDEXPVT configured to use private \Seen flags, trying to search seen/unseen in an empty folder crashes with segfault. - lib-mail: Large base64-encoded mails weren't decoded properly. This could have affected searching/indexing mails and message snippet generation. - lib-mail: Message with only quoted text could have caused message snippet to ignore its 200 character limit and return the entire message. This was added also to dovecot.index.cache file, which increased disk space and memory usage unnecessarily. v2.3.9.2 regression (previous versions cached the quoted snippet as empty). In a large mail quoted text could have become wrongly added to the snippet, possibly mixed together with non-quoted text. - lib-smtp: client could have assert-crashed if STARTTLS handshake finished earlier than usually. - lib-ssl-iostream: remove -static flag for lib-ssl-iostream linking to prevent a compile issue. - lib-storage: Mailbox synchronization may have assert-crashed in some rare situations. - lib-storage: mdbox didn't preserve date.saved with dsync. - lib: Don't require EAI_{ADDRFAMILY,NODATA}, breaks FreeBSD - master: Some services could respawn unthrottled if they crash during startup. - push-notification: Do not send push_notification_finished event if nothing was done. This happens when mail transaction is started and ended with no changes. - quota-status: Addresses with special characters in the local part caused problems in the interaction between Postfix and Dovecot. Postfix sent its own internal representation in the recipient field, while Dovecot expected a valid RFC5321 mailbox address. - submission-login: SESSION was not correctly encoded field for the XCLIENT command. Particularly, a '+' character introduced by the session ID's Base64 encoding causes problems. - submission: Fix submission_max_mail_size to work correctly on 32-bit systems. - submission: Trusted connections crashed in second connection's EHLO if submission-login { service_count } is something else than 1 (which is the default). - submission: XCLIENT command was never used in the protocol exchange with the relay MTA when submission_backend_capabilities is configured, even when the relay MTA was properly configured to accept the XCLIENT command. * CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes. * CVE-2020-7957: Specially crafted mail can crash snippet generation. - Mails with empty From/To headers can also cause crash in push notification drivers. * CVE-2019-19722: Mails with group addresses in From or To fields caused crash in push notification drivers. * Changed several event field names for consistency and to avoid conflicts in parent-child event relationships: * SMTP server command events: Renamed "name" to "cmd_name" * Events inheriting from a mailbox: Renamed "name" to "mailbox" * Server connection events have only "remote_ip", "remote_port", "local_ip" and "local_port". * Removed duplicate "client_ip", "ip" and "port". * Mail storage events: Removed "service" field. Use "service:" category instead. * HTTP client connection events: Renamed "host" to "dest_host" and "port" to "dest_port" * auth: Drop Postfix socketmap support. It hasn't been working with recent Postfix versions for a while now. * push-notification-lua: The "subject" field is now decoded to UTF8 instead of kept as MIME-encoded. + push-notification-lua: Added new "from_address", "from_display_name", "to_address" and "to_display_name" fields. The display names are decoded to UTF8. + Added various new fields to existing events. See http://doc.dovecot.net/admin_manual/list_of_events.html + Add lmtp_add_received_header setting. It can be used to prevent LMTP from adding "Received:" headers. + doveadm: Support SSL/STARTTLS for proxied doveadm connections based on doveadm_ssl setting and proxy ssl/tls settings. + Log filters support now "service:", which matches all events for the given service. It can also be used as a category. + lib: Use libunwind to get abort backtraces with function names where available. + lmtp: When the LMTP proxy changes the username (from passdb lookup) add an appropriate ORCPT parameter. - lmtp: Add lmtp_client_workarounds setting to implement workarounds for clients that send MAIL and RCPT commands with additional spaces before the path and for clients that omit <> brackets around the path. See example-config/conf.d/20-lmtp.conf. - lda/lmtp: Invalid MAIL FROM addresses were rejcted too aggressively. Now mails from addresses with unicode characters are delivered, but their Return-Path header will be <> instead of the given MAIL FROM address. - lmtp: The lmtp_hdr_delivery_address setting is ignored. - imap: imap_command_finished event's "args" and "human_args" parameters were always empty. - mbox: Seeking in zlib and bzip2 compressed input streams didn't work correctly. - imap-hibernate: Process crashed when client got destroyed while it was attempted to be unhibernated, and the unhibernation fails. - *-login: Proxying may have crashed if SSL handshake to the backend failed immediately. This was unlikely to happen in normal operation. - *-login: If TLS handshake to upstream server failed during proxying, login process could crash due to invalid memory access. - *-login: v2.3 regression: Using SASL authentication without initial response may have caused SSL connections to hang. This happened often at least with PHP's IMAP library. - *-login: When login processes are flooded with authentication attempts it starts logging errors about "Authentication server sent unknown id". This is still expected. However, it also caused the login process to disconnect from auth server and potentially log some user's password in the error message. - dict-sql: SQL prepared statements were not shared between sessions. This resulted in creating a lot of prepared statements, which was especially inefficient when using Cassandra backend with a lot of Cassandra nodes. - auth: auth_request_finished event didn't have success=yes parameter set for successful authentications. - auth: userdb dict - Trying to list users crashed. - submission: Service could be configured to allow anonymous authentication mechanism and anonymous user access. - LAYOUT=index: Corrupted dovecot.list.index caused folder creation to panic. - doveadm: HTTP server crashes if request target starts with double "/". - dsync: Remote dsync started hanging if the initial doveadm "dsync-server" command was sent in the same TCP packet as the following dsync handshake. v2.3.8 regression. - lib: Several "input streams" had a bug that in some rare situations might cause it to access freed memory. This could lead to crashes or corruption. The only currently known effect of this is that using zlib plugin with external mail attachments (mail_attachment_dir) could cause fetching the mail to return a few bytes of garbage data at the beginning of the header. Note that the mail wasn't saved corrupted, but fetching it caused corrupted mail to be sent to the client. - lib-storage: If a mail only has quoted content, use the quoted text for generating message snippet (IMAP PREVIEW) instead of returning empty snippet. - lib-storage: When vsize header was rebuilt, newly calculated message sizes were added to dovecot.index.cache instead of being directly saved into vsize records in dovecot.index. - lib: JSON generator was escaping UTF-8 characters unnecessarily. + Added mail_delivery_started and mail_delivery_finished events, see https://doc.dovecot.org/admin_manual/list_of_events/ for details. + dsync-replication: Don't replicate users who have "noreplicate" extra field in userdb. + doveadm service status: Show total number of processes created. + When logging to syslog, use instance_name setting's value for the ident. This commonly is added as a log prefix. + Base64 encoding/decoding code was rewritten with additional features. It shouldn't cause any user visible changes. - v2.3.7 regression: If a folder only receives new mails without any other mail access, dovecot.index.log keeps growing forever and dovecot.index keeps being rewritten for every mail delivery. - dsync-replication may lose keywords after syncing mails restored from another replica. This only happened if the mail only had keywords and no system flags. - event filters: Non-textual event fields could not be filtered using wildcards. - auth: Scope parameter was missing from OAuth password grant request. - doveadm client-server communication may hang in some situations. It is also using unnecessarily small TCP/IP packet sizes. - doveadm who and kick did not flush protocol output correctly. - imap: SETMETADATA with literal value would delete the metadata value instead of updating it. - imap: When client issues FETCH PREVIEW (LAZY=FUZZY) command, the caching decisions should be updated so that newly saved mails will have the preview cached. - With mail_nfs_index=yes and/or mail_nfs_storage=yes setuid/setgid permission bits in some files may have become dropped with some NFS servers. Changed NFS flushing to now use chmod() instead of chown(). - quota: warnings did not work if quota root was noenforcing - acl: Global ACL file ignored the last line if it didn't end with LF. - doveadm stats dump: With JSON formatter output numbers using the number type instead of as strings - lmtp_proxy: Ensure that real_* variables are correctly set when using lmtp_proxy. - event exporter: http-post driver had hardcoded timeout and did not support DNS lookups or TLS connections. - auth: Fix user iteration to work with userdb passwd with glibc v2.28. - auth: auth service can crash if auth-policy JSON response is invalid or returned too fast. - In some rare situations "ps" output could have shown a lot of "?" characters after Dovecot process titles. - When dovecot.index.pvt is empty, an unnecessary error is logged: Error: .../dovecot.index.pvt reset, view is now inconsistent - SMTP address encoder duplicated initial double quote character when the localpart of an address ended in '..'. For example "user+..@example.com" became ""user+.."@example.com in a sieve redirect. - Fix TCP_NODELAY errors being logged on non-Linux OSes - lmtp proxy: Fix assert-crash when client uses BODY=8BITMIME - Remove wrongly added checks in namespace prefix checking * fts-solr: Removed break-imap-search parameter + Added more events for the new statistics, see https://doc.dovecot.org/admin_manual/list_of_events/ + mail-lua: Add IMAP metadata accessors, see https://doc.dovecot.org/admin_manual/lua/ + Add event exporters that allow exporting raw events to log files and external systems, see https://doc.dovecot.org/configuration_manual/event_export/ + SNIPPET is now PREVIEW and size has been increased to 200 characters. + Add body option to fts_enforced. This triggers building FTS index only on body search, and an error using FTS index fails the search rather than reads through all the mails. - Submission/LMTP: Fixed crash when domain argument is invalid in a second EHLO/LHLO command. - Copying/moving mails using Maildir format loses IMAP keywords in the destination if the mail also has no system flags. - mail_attachment_detection_options=add-flags-on-save caused email body to be unnecessarily opened when FETCHing mail headers that were already cached. - mail attachment detection keywords not saved with maildir. - dovecot.index.cache may have grown excessively large in some situations. This happened especially when using autoexpunging with lazy_expunge folders. Also with mdbox format in general the cache file wasn't recreated as often as it should have. - Autoexpunged mails weren't immediately deleted from the disk. Instead, the deletion from disk happened the next time the folder was opened. This could have caused unnecessary delays if the opening was done by an interactive IMAP session. - Dovecot's TCP connections sometimes add extra 40ms latency due to not enabling TCP_NODELAY. HTTP and SMTP/LMTP connections weren't affected, but everything else was. This delay wasn't always visible - only in some situations with some message/packet sizes. - imapc: Fix various crash conditions - Dovecot builds were not always reproducible. - login-proxy: With shutdown_clients=no after config reload the existing connections could no longer be listed or kicked with doveadm. - "doveadm proxy kick" with -f parameter caused a crash in some situations. - Auth policy can cause segmentation fault crash during auth process shutdown if all auth requests have not been finished. - Fix various minor bugs leading into incorrect behaviour in mailbox list index handling. These rarely caused noticeable problems. - LDAP auth: Iteration accesses freed memory, possibly crashing auth-worker - local_name { .. } filter in dovecot.conf does not correctly support multiple names and wildcards were matched incorrectly. - replicator: dsync assert-crashes if it can't connect to remote TCP server. - config: Memory leak in config process when ssl_dh setting wasn't set and there was no ssl-parameters.dat file. This caused config process to die once in a while with "out of memory". * auth: Support password grant with passdb oauth2. + Use system default CAs for outbound TLS connections. + Simplify array handling with new helper macros. + fts_solr: Enable configuring batch_size and soft_commit features. - lmtp/submission: Fixed various bugs in XCLIENT handling, including a hang when XCLIENT commands were sent infinitely to the remote server. - lmtp/submission: Forwarded multi-line replies were erroneously sent as two replies to the client. - lib-smtp: client: Message was not guaranteed to contain CRLF consistently when CHUNKING was used. - fts_solr: Plugin was no longer compatible with Solr 7. - Make it possible to disable certificate checking without setting ssl_client_ca_* settings. - pop3c: SSL support was broken. - mysql: Closing connection twice lead to crash on some systems. - auth: Multiple oauth2 passdbs crashed auth process on deinit. - HTTP client connection errors infrequently triggered a segmentation fault when the connection was idle and not used for a particular client instance. + Lua push notification driver: mail keywords and flags are provided in MessageNew and MessageAppend events. + submission: Implement support for plugins. + auth: When auth_policy_log_only=yes, only log what the policy server response would do without actually doing it. + auth: Always log policy server decisions with auth_verbose=yes - v2.3.[34]: doveadm log errors: Output was missing user/session - lda: Debug log lines could have shown slightly corrupted - login proxy: Login processes may have crashed in various ways when login_proxy_max_disconnect_delay was set. - imap: Fix crash with Maildir+zlib if client disconnects during APPEND - lmtp proxy: Fix potential assert-crash - lmtp/submission: Fix crash when SMTP client transaction times out - submission: Split large XCLIENT commands to 512 bytes per command, so Postfix accepts them. - submission: Fix crash when client sends invalid BURL command - submission: relay backend: VRFY command: Avoid forwarding 500 and 502 replies back to client. - lib-http: Fix potential assert-crash when DNS lookup fails - lib-fts: Fix search query generation when one language ignores a token (e.g. via stopwords). * The default postmaster_address is now "postmaster@". If username contains the @domain part, that's used. If not, then the server's hostname is used. * "doveadm stats dump" now returns two decimals for the "avg" field. + Added push notification driver that uses a Lua script + Added new SQL, DNS and connection events. See https://wiki2.dovecot.org/Events + Added "doveadm mailbox cache purge" command. + Added events API support for Lua scripts + doveadm force-resync -f parameter performs "index fsck" while opening the index. This may be useful to fix some types of broken index files. This may become the default behavior in a later version. - director: Kicking a user crashes if login process is very slow - pop3_no_flag_updates=no: Don't expunge DELEted and RETRed messages unless QUIT is sent. - auth: Fix crypt() segfault with glibc-2.28+ - imap: Running UID FILTER script with errors assert-crashes - dsync, pop3-migration: POP3 UIDLs weren't added to dovecot.index.cache while mails were saved. - dict clients may have been using 100% CPU while waiting for dict server to finish commands. - doveadm user: Fixed user listing via HTTP API - All levels of Cassandra log messages were logged as Dovecot errors. - http/smtp client may have crashed after SSL handshake - Lua auth converted strings that looked like numbers into numbers. - CVE-2020-10967: dovecot23: Sending mail with empty quoted localpart causes submission or lmtp componentto crash. (bsc#1171456) - CVE-2020-10957: dovecot23: Sending malformed NOOP command causesi crash in submission, submission-login orlmtp service. (bsc#1171457) - CVE-2020-10958: dovecot23: use-after-free with too many newlines (bsc#1171458) applyed upstream patches: 0001-lib-smtp-smtp-server-cmd-vrfy-Restructure-parameter-.patch 0002-lib-smtp-smtp-syntax-Do-not-allow-NULL-return-parame.patch 0003-lib-smtp-smtp-syntax-Do-not-allow-NULL-return-parame.patch 0004-lib-smtp-smtp-syntax-Do-not-allow-NULL-return-parame.patch 0005-lib-smtp-smtp-syntax-Return-0-for-smtp_string_parse-.patch 0006-lib-smtp-Add-tests-for-smtp_string_parse-and-smtp_st.patch 0007-lib-smtp-test-smtp-server-errors-Add-tests-for-VRFY-.patch 0008-lib-smtp-smtp-server-command-Guarantee-that-non-dest.patch 0009-lib-smtp-smtp-server-command-Assign-cmd-reg-immediat.patch 0010-lib-smtp-smtp-server-command-Perform-initial-command.patch 0011-lib-smtp-smtp-server-connection-Hold-a-command-refer.patch 0012-lib-smtp-test-smtp-server-errors-Add-tests-for-large.patch 0013-lib-smtp-smtp-address-Don-t-return-NULL-from-smtp_ad.patch 0014-lib-smtp-smtp-address-Don-t-recognize-an-address-wit.patch 0015-lib-smtp-smtp-address-Only-produce-a-address-in-smtp.patch 0016-lmtp-lmtp-commands-Explicity-prohibit-empty-RCPT-pat.patch - Removed patches containing by the updates: 0001-lib-managesieve-Don-t-accept-strings-with-NULs.patch 0002-lib-managesieve-Make-sure-str_unescape-won-t-be-writ.patch 0001-lib-imap-Don-t-accept-strings-with-NULs.patch 0002-lib-imap-Make-sure-str_unescape-won-t-be-writing-pas.patch dovecot-CVE-2019-11494-fix-disconnects.patch dovecot-CVE-2019-11494-fix-error-handling.patch dovecot-CVE-2019-11499-fix-pending-starttls.patch- bsc#1133625 - (CVE-2019-11499) VUL-0: CVE-2019-11499: dovecot23: Submission-login crashes over TLS authentication - bsc#1133624 VUL-0: CVE-2019-11494: dovecot23: Submission-login crashes over aborted/disconected authentication applyed upstream patches: dovecot-CVE-2019-11499-fix-pending-starttls.patch dovecot-CVE-2019-11494-fix-disconnects.patch dovecot-CVE-2019-11494-fix-error-handling.patch- bsc#1145559 VUL-0: CVE-2019-11500: dovecot22, dovecot23: IMAP and ManageSieve protocol parsers do not properly handle NUL byte applyed upstream patches: 0001-lib-managesieve-Don-t-accept-strings-with-NULs.patch 0002-lib-managesieve-Make-sure-str_unescape-won-t-be-writ.patch 0001-lib-imap-Don-t-accept-strings-with-NULs.patch 0002-lib-imap-Make-sure-str_unescape-won-t-be-writing-pas.patch- update pigeonhole to 0.5.3 - Fix assertion panic occurring when managesieve service fails to open INBOX while saving a Sieve script. This was caused by a lack of cleanup after failure. - Fix specific messages causing an assert panic with actions that compose a reply (e.g. vacation). With some rather weird input from the original message, the header folding algorithm (as used for composing the References header for the reply) got confused, causing the panic. - IMAP FILTER=SIEVE capability: Fix FILTER SIEVE SCRIPT command parsing. After finishing reading the Sieve script, the command parsing sometimes didn't continue with the search arguments. This is a time- critical bug that likely only occurs when the Sieve script is sent in the next TCP frame.- update to 2.3.3 * doveconf hides more secrets now in the default output. * ssl_dh setting is no longer enforced at startup. If it's not set and non-ECC DH key exchange happens, error is logged and client is disconnected. + Added log_debug= setting. + Added log_core_filter= setting. + quota-clone: Write to dict asynchronously + --enable-hardening attempts to use retpoline Spectre 2 mitigations + lmtp proxy: Support source_ip passdb extra field. + doveadm stats dump: Support more fields and output stddev by default. + push-notification: Add SSL support for OX backend. - NUL bytes in mail headers can cause truncated replies when fetched. - director: Conflicting host up/down state changes may in some rare situations ended up in a loop of two directors constantly overwriting each others' changes. - director: Fix hang/crash when multiple doveadm commands are being handled concurrently. - director: Fix assert-crash if doveadm disconnects too early - virtual plugin: Some searches used 100% CPU for many seconds - dsync assert-crashed with acl plugin in some situations. - mail_attachment_detection_options=add-flags-on-save assert-crashed with some specific Sieve scripts. - Mail snippet generation crashed with mails containing invalid Content-Type:multipart header. - Log prefix ordering was different for some log lines. - quota: With noenforcing option current quota usage wasn't updated. - auth: Kerberos authentication against Samba assert-crashed. - stats clients were unnecessarily chatty with the stats server. - imapc: Fixed various assert-crashes when reconnecting to server. - lmtp, submission: Fix potential crash if client disconnects while handling a command. - quota: Fixed compiling with glibc-2.26 / support libtirpc. - fts-solr: Empty search values resulted in 400 Bad Request errors - fts-solr: default_ns parameter couldn't be used - submission server crashed if relay server returned over 7 lines in a reply (e.g. to EHLO) - dropped 4ff4bd024a9b6e7973b76b186ce085c2ca669d3e.patch: included in update- added https://github.com/dovecot/core/commit/4ff4bd024a9b6e7973b76b186ce085c2ca669d3e.patch- update to 2.3.2.1 - SSL/TLS servers may have crashed during client disconnection - lmtp: With lmtp_rcpt_check_quota=yes mail deliveries may have sometimes assert-crashed. - v2.3.2: "make check" may have crashed with 32bit systems- update to 2.3.2 * old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while opening /proc/self/io. This may still cause security problems if the process is ptrace()d at the same time. Instead, open it while still running as root. + doveadm: Added mailbox cache decision&remove commands. See doveadm-mailbox(1) man page for details. + doveadm: Added rebuild attachments command for rebuilding $HasAttachment or $HasNoAttachment flags for matching mails. See doveadm-rebuild(1) man page for details. + cassandra: Use fallback_consistency on more types of errors + lmtp proxy: Support outgoing SSL/TLS connections + lmtp: Add lmtp_rawlog_dir and lmtp_proxy_rawlog_dir settings. + submission: Add support for rawlog_dir + submission: Add submission_client_workarounds setting. + lua auth: Add password_verify() function and additional fields in auth request. - doveadm-server: TCP connections are hanging when there is a lot of network output. This especially caused hangs in dsync-replication. - Using multiple type=shared mdbox namespaces crashed - mail_fsync setting was ignored. It was always set to "optimized". - lua auth: Fix potential crash at deinit - SSL/TLS servers may have crashed if client disconnected during handshake. - SSL/TLS servers: Don't send extraneous certificates to client when alt certs are used. - lda, lmtp: Return-Path header without '<' may have assert-crashed. - lda, lmtp: Unencoded UTF-8 in email address headers may assert-crash - lda: -f parameter didn't allow empty/null/domainless address - lmtp, submission: Message size limit was hardcoded to 40 MB. Exceeding it caused the connection to get dropped during transfer. - lmtp: Fix potential crash when delivery fails at DATA stage - lmtp: login_greeting setting was ignored - Fix to work with OpenSSL v1.0.2f - systemd unit restrictions were too strict by default - Fix potential crashes when a lot of log output was produced - SMTP client may have assert-crashed when sending mail - IMAP COMPRESS: Send "end of compression" marker when disconnecting. - cassandra: Fix consistency=quorum to work - dsync: Lock file generation failed if home directory didn't exist - Snippet generation for HTML mails didn't ignore &entities inside blockquotes, producing strange looking snippets. - imapc: Fix assert-crash if getting disconnected and after reconnection all mails in the selected mailbox are gone. - pop3c: Handle unexpected server disconnections without assert-crash - fts: Fixes to indexing mails via virtual mailboxes. - fts: If mails contained NUL characters, the text around it wasn't indexed. - Obsolete dovecot.index.cache offsets were sometimes used. Trying to fetch a field that was just added to cache file may not have always found it. - update pigeonhole to 0.5.2 + Implement plugin for the a vendor-defined IMAP capability called "FILTER=SIEVE". It adds the ability to manually invoke Sieve filtering in IMAP. More information can be found in doc/plugins/imap_filter_sieve.txt. - The Sieve addess test caused an assertion panic for invalid addresses with UTF-8 codepoints in the localpart. Fixed by properly detecting invalid addresses with UTF-8 codepoints in the localpart and skipping these like other invalid addresses while iterating addresses for the address test. - Make the length of the subject header for the vacation response configurable and enforce the limit in UTF-8 codepoints rather than bytes. The subject header for a vacation response was statically truncated to 256 bytes, which is too limited for multi-byte UTF-8 characters. - Sieve editheader extension: Fix assertion panic occurring when it is used to manipulate a message header with a very large header field. - Properly abort execution of the sieve_discard script upon error. Before, the LDA Sieve plugin attempted to execute the sieve_discard script when an error occurs. This can lead to the message being lost. - Fix the interaction between quota and the sieve_discard script. When quota was used together with a sieve_discard script, the message delivery did not bounce when the quota was exceeded. - refreshed to apply cleanly again dovecot-2.3.0-better_ssl_defaults.patch - dropped patches: - 35497604d80090a02619024aeec069b32568e4b4.diff - 5522b8b3d3ed1a99c3b63bb120216af0bd427403.diff - 847790d5aab84df38256a6f9b4849af0eb408419.patch- added 847790d5aab84df38256a6f9b4849af0eb408419.patch: Fix crash for over quota users- Use OpenPGP signatures provided upstream - Added dovecot23.keyring, which contains the keys from the upstream projects- bnc#1088911 - dovecot23 can not build ond s390 add: 35497604d80090a02619024aeec069b32568e4b4.diff add: 5522b8b3d3ed1a99c3b63bb120216af0bd427403.diff- update pigeonhole to 0.5.1 - Explicitly disallow UTF-8 in localpart in addresses parsed from Sieve script. - editheader extension: Corrected the stream position calculations performed while making the modified message available as a stream. Pigeonhole Sieve crashed in LMTP with an assertion panic when the Sieve editheader extension was used before the message was redirected. Experiments indicate that the problem occurred only with LMTP and that LDA is not affected. - fileinto extension: Fix assert panic occurring when fileinto is used without being listed in the require line, while the copy extension is listed there. This is a very old bug. - imapsieve plugin: Do not assert crash or log an error for messages that disappear concurrently while applying Sieve scripts. This event is now logged as a debug message. - Sieve extprograms plugin: Large output from "execute" command crashed delivery. Fixed buffering issue in code that handles output from the external program.- update to 2.3.1 * Submission server support improvements and bug fixes - Lots of bug fixes to submission server * API CHANGE: array_idx_modifiable will no longer allocate space - Particularly affects how you should check MODULE_CONTEXT result, or use REQUIRE_MODULE_CONTEXT. + mail_attachment_detection_options setting controls when $HasAttachment and $HasNoAttachment keywords are set for mails. + imap: Support fetching body snippets using FETCH (SNIPPET) or (SNIPPET (LAZY=FUZZY)) + fs-compress: Automatically detect whether input is compressed or not. Prefix the compression algorithm with "maybe-" to enable the detection, for example: "compress:maybe-gz:6:..." + Added settings to change dovecot.index* files' optimization behavior. See https://wiki2.dovecot.org/IndexFiles#Settings + Auth cache can now utilize auth workers to do password hash verification by setting auth_cache_verify_password_with_worker=yes. + Added charset_alias plugin. See https://wiki2.dovecot.org/Plugins/CharsetAlias + imap_logout_format and pop3_logout_format settings now support all of the generic variables (e.g. %{rip}, %{session}, etc.) + Added auth_policy_check_before_auth, auth_policy_check_after_auth and auth_policy_report_after_auth settings. + master: Support HAProxy PP2_TYPE_SSL command and set "secured" variable appropriately - Invalid UCS4 escape in HTML can cause crashes - imap: IMAP COMPRESS -enabled client crashes on disconnect - lmtp: Fix crash when user is over quota - lib-lda: Parsing Return-Path header address fails when it contains CFWS - auth: SASL with Exim fails for AUTH commands without an initial response - imap: SPECIAL-USE capability isn't automatically added - auth: LDAP subqueries do not support standard auth variables in var-expand - auth: SHA256-CRYPT and SHA512-CRYPT schemes do not work - lib-index: mail_always/never_cache_fields are not used for existing cache files - imap: Fetching headers leaks memory if search doesn't find any mails - lmtp: ORCPT support in RCPT TO - imap-login: Process sometimes ends up in infinite loop - sdbox: Rolled back save/copy transaction doesn't delete temp files - mail: lock_method=dotlock causes crashes - drop patches which are included in the update 23da0fa1b30cc11bcc1d467674a0950c527e9ff1.patch dovecot-2.3.0.1-over-quota-lmtp-crash.patch- Fix License tag.- added 23da0fa1b30cc11bcc1d467674a0950c527e9ff1.patch- update license to SPDX-3- update pigeonhole to 0.5.0.1 - imap4flags extension: Fix binary corruption occurring when setflag/addflag/removeflag flag-list is a variable. - sieve-extprograms plugin: Fix segfault occurring when used in IMAPSieve context. - drop 321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch- pull backport patch dovecot-2.3.0.1-over-quota-lmtp-crash.patch- update to 2.3.0.1 * CVE-2017-15130: TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted. This happens only if Dovecot config has local_name { } or local { } configuration blocks and attacker uses randomly generated SNI servernames. (boo#1082828) * CVE-2017-14461: Parsing invalid email addresses may cause a crash or leak memory contents to attacker. For example, these memory contents might contain parts of an email from another user if the same imap process is reused for multiple users. First discovered by Aleksandar Nikolic of Cisco Talos. Independently also discovered by "flxflndy" via HackerOne. (boo#1082826) * CVE-2017-15132: Aborted SASL authentication leaks memory in login process. (boo#1075608) * Linux: Core dumping is no longer enabled by default via PR_SET_DUMPABLE, because this may allow attackers to bypass chroot/group restrictions. Found by cPanel Security Team. Nowadays core dumps can be safely enabled by using "sysctl -w fs.suid_dumpable=2". If the old behaviour is wanted, it can still be enabled by setting: import_environment=$import_environment PR_SET_DUMPABLE=1 - imap-login with SSL/TLS connections may end up in infinite loop- Replace %__-type macro indirections. Replace xargs rm by built in -delete of find(1). - Run ldconfig directly via %post -p. - Check for users in %pre before creating them, and do not suppress errors about it.- backport 321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch fixes crash with imap sieve- Move the example-config + mkcert.sh to /usr/share/dovecot This makes the files no longer documentation and they actually exist on e.g. our docker image, where rpms are installed without documentation. (boo#1070871)- starting 2.3 package based on the latest 2.2 branch There are several new and exciting features in v2.3.0. I'm especially happy about the new logging and statistics code, which will allow us to generate statistics for just about everything. We didn't have time to implement everything we wanted for them yet, and there especially aren't all that many logging events yet that can be used for statistics. We'll implement those to v2.3.1, which might also mean that some of the APIs might still change in v2.3.1 if that's required. We also have new lib-smtp server code, which was used to implement SMTP submission server and do a partial rewrite for LMTP server. Some of the larger changes: * Various setting changes, see https://wiki2.dovecot.org/Upgrading/2.3 If you upgrade from 2.2: Config file changes: - Removed: /etc/dovecot/conf.d/11-object-storage.conf - Added: /etc/dovecot/conf.d/20-submission.conf * Logging rewrite started: Logging is now based on hierarchical events. This makes it possible to do various things, like: 1) giving consistent log prefixes, 2) enabling debug logging with finer granularity, 3) provide logs in more machine readable formats (e.g. json). Everything isn't finished yet, especially a lot of the old logging code still needs to be translated to the new way. * Statistics rewrite started: Stats are now based on (log) events. It's possible to gather statistics about any event that is logged. See http://wiki2.dovecot.org/Statistics for details * ssl_dh setting replaces the old generated ssl-parameters.dat * IMAP: When BINARY FETCH finds a broken mails, send [PARSE] error instead of [UNKNOWNCTE] * Linux: core dumping via PR_SET_DUMPABLE is no longer enabled by default due to potential security reasons (found by cPanel Security Team). + Added support for SMTP submission proxy server, which includes support for BURL and CHUNKING extension. + LMTP rewrite. Supports now CHUNKING extension and mixing of local/proxy recipients. + auth: Support libsodium to add support for ARGON2I and ARGON2ID password schemes. + auth: Support BLF-CRYPT password scheme in all platforms + auth: Added LUA scripting support for passdb/userdb. See https://wiki2.dovecot.org/AuthDatabase/Lua - Input streams are more reliable now when there are errors or when the maximum buffer size is reached. Previously in some situations this could have caused Dovecot to try to read already freed memory. - Output streams weren't previously handling failures when writing a trailer at the end of the stream. This mainly affected encrypt and zlib compress ostreams, which could have silently written truncated files if the last write happened to fail (which shouldn't normally have ever happened). - virtual plugin: Fixed panic when fetching mails from virtual mailboxes with IMAP BINARY extension. - doveadm-server: Fix potential hangs with SSL connections - doveadm proxy: Reading commands' output from v2.2.33+ servers could have caused the output to be corrupted or caused a crash. - Many other smaller fixes - patches: - dovecot-2.3.0-better_ssl_defaults.patch - dovecot-2.3.0-dont_use_etc_ssl_certs.patchibs-power9-11 1657267152  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~2.3.15-150200.62.12.3.15-150200.62.12.3.15-150200.62.1dovecotaccess-lookup.hacl-api-private.hacl-api.hacl-cache.hacl-global-file.hacl-lookup-dict.hacl-plugin.hacl-storage.hanvil-client.haqueue.harray-decl.harray.haskpass.hauth-cache.hauth-client-connection.hauth-client-interface.hauth-client-private.hauth-client.hauth-common.hauth-fields.hauth-master-connection.hauth-master.hauth-penalty.hauth-policy.hauth-request-handler-private.hauth-request-handler.hauth-request-stats.hauth-request-var-expand.hauth-request.hauth-settings.hauth-stats.hauth-token.hauth-worker-client.hauth-worker-server.hauth.hbacktrace-string.hbase32.hbase64.hbits.hbsearch-insert-pos.hbuffer.hbyteorder.hcharset-utf8-private.hcharset-utf8.hchild-wait.hclient-common.hcompat.hcompression.hconfig-filter.hconfig-parser-private.hconfig-parser.hconfig-request.hconfig.hconnection.hcpu-limit.hcrc32.hdata-stack.hdb-checkpassword.hdb-dict.hdb-ldap.hdb-oauth2.hdb-passwd-file.hdb-sql.hdbox-attachment.hdbox-file.hdbox-mail.hdbox-save.hdbox-storage.hdcrypt-iostream.hdcrypt-private.hdcrypt.hdict-client.hdict-lua-private.hdict-lua.hdict-private.hdict-transaction-memory.hdict.hdlua-compat.hdlua-script-private.hdlua-script.hdlua-wrapper.hdns-lookup.hdns-util.hdoveadm-cmd.hdoveadm-dsync.hdoveadm-dump.hdoveadm-mail-iter.hdoveadm-mail.hdoveadm-mailbox-list-iter.hdoveadm-print-private.hdoveadm-print.hdoveadm-settings.hdoveadm-util.hdoveadm.hdovecot-version.hdsasl-client-private.hdsasl-client.hdsync-brain.hdsync-ibc.heacces-error.henv-util.hevent-filter-parser.hevent-filter-private.hevent-filter.hevent-log.hexecv-const.hfail-mail-storage.hfailures-private.hfailures.hfd-util.hfdatasync-path.hfdpass.hfile-cache.hfile-copy.hfile-create-locked.hfile-dotlock.hfile-lock.hfile-set-size.hfs-api-private.hfs-api.hfs-sis-common.hfs-test.hfs-wrapper.hfsync-mode.hfts-api-private.hfts-api.hfts-common.hfts-expunge-log.hfts-filter-common.hfts-filter-private.hfts-filter.hfts-icu.hfts-indexer.hfts-language.hfts-library.hfts-parser.hfts-storage.hfts-tokenizer-common.hfts-tokenizer-generic-private.hfts-tokenizer-private.hfts-tokenizer.hfts-user.hfuzzer.hguid.hhash-decl.hhash-format.hhash-method.hhash.hhash2.hhex-binary.hhex-dec.hhmac-cram-md5.hhmac.hhome-expand.hhook-build.hhostpid.hhttp-auth.hhttp-client-private.hhttp-client.hhttp-common.hhttp-date.hhttp-header-parser.hhttp-header.hhttp-message-parser.hhttp-parser.hhttp-request-parser.hhttp-request.hhttp-response-parser.hhttp-response.hhttp-server-private.hhttp-server.hhttp-transfer.hhttp-url.himap-arg.himap-base-subject.himap-bodystructure.himap-client.himap-commands-util.himap-commands.himap-common.himap-date.himap-envelope.himap-expunge.himap-feature.himap-fetch.himap-id.himap-keepalive.himap-list.himap-login-client.himap-login-commands.himap-login-settings.himap-master-client.himap-match.himap-metadata.himap-msgpart-url.himap-msgpart.himap-notify.himap-parser.himap-quote.himap-resp-code.himap-search-args.himap-search.himap-seqset.himap-settings.himap-state.himap-status.himap-sync-private.himap-sync.himap-url.himap-urlauth-backend.himap-urlauth-connection.himap-urlauth-fetch.himap-urlauth-private.himap-urlauth.himap-utf7.himap-util.himapc-client-private.himapc-client.himapc-connection.himapc-list.himapc-mail.himapc-msgmap.himapc-search.himapc-settings.himapc-storage.himapc-sync.himem.hindex-attachment.hindex-mail.hindex-mailbox-size.hindex-pop3-uidl.hindex-rebuild.hindex-search-private.hindex-search-result.hindex-sort-private.hindex-sort.hindex-storage.hindex-sync-changes.hindex-sync-private.hindex-thread-private.hioloop-iolist.hioloop-notify-fd.hioloop-private.hioloop.hiostream-lz4.hiostream-openssl.hiostream-private.hiostream-proxy.hiostream-pump.hiostream-rawlog-private.hiostream-rawlog.hiostream-ssl-private.hiostream-ssl-test.hiostream-ssl.hiostream-temp.hiostream.hipc-client.hipc-server.hipwd.hiso8601-date.histream-attachment-connector.histream-attachment-extractor.histream-base64.histream-binary-converter.histream-callback.histream-chain.histream-concat.histream-crlf.histream-decrypt.histream-dot.histream-failure-at.histream-file-private.histream-fs-file.histream-fs-stats.histream-hash.histream-header-filter.histream-jsonstr.histream-mail.histream-metawrap.histream-multiplex.histream-nonuls.histream-private.histream-qp.histream-raw-mbox.histream-rawlog.histream-seekable.histream-sized.histream-tee.histream-timeout.histream-try.histream-unix.histream-zlib.histream.hjson-parser.hjson-tree.hlda-settings.hldap-client.hlib-event-private.hlib-event.hlib-signals.hlib.hllist.hlmtp-client.hlmtp-commands.hlmtp-common.hlmtp-recipient.hlmtp-settings.hlog-throttle.hlogin-common.hlogin-proxy-state.hlogin-proxy.hlogin-settings.hmacros.hmail-autoexpunge.hmail-cache-private.hmail-cache.hmail-copy.hmail-deliver.hmail-duplicate.hmail-error.hmail-html2text.hmail-index-alloc-cache.hmail-index-modseq.hmail-index-private.hmail-index-strmap.hmail-index-sync-private.hmail-index-transaction-private.hmail-index-util.hmail-index-view-private.hmail-index.hmail-lua-plugin.hmail-namespace.hmail-search-build.hmail-search-mime-build.hmail-search-mime-register.hmail-search-mime.hmail-search-parser-private.hmail-search-parser.hmail-search-register.hmail-search.hmail-send.hmail-storage-hooks.hmail-storage-lua-private.hmail-storage-lua.hmail-storage-private.hmail-storage-service.hmail-storage-settings.hmail-storage.hmail-thread.hmail-transaction-log-private.hmail-transaction-log-view-private.hmail-transaction-log.hmail-types.hmail-user-hash.hmail-user.hmailbox-attribute-internal.hmailbox-attribute-private.hmailbox-attribute.hmailbox-guid-cache.hmailbox-list-delete.hmailbox-list-fs.hmailbox-list-index-storage.hmailbox-list-index-sync.hmailbox-list-index.hmailbox-list-iter-private.hmailbox-list-iter.hmailbox-list-maildir.hmailbox-list-notify-tree.hmailbox-list-notify.hmailbox-list-private.hmailbox-list-subscriptions.hmailbox-list.hmailbox-log.hmailbox-recent-flags.hmailbox-search-result-private.hmailbox-tree.hmailbox-uidvalidity.hmailbox-watch.hmaildir-filename-flags.hmaildir-filename.hmaildir-keywords.hmaildir-settings.hmaildir-storage.hmaildir-sync.hmaildir-uidlist.hmalloc-overflow.hmaster-auth.hmaster-instance.hmaster-interface.hmaster-login-auth.hmaster-login.hmaster-service-private.hmaster-service-settings-cache.hmaster-service-settings.hmaster-service-ssl-settings.hmaster-service-ssl.hmaster-service.hmbox-file.hmbox-from.hmbox-lock.hmbox-md5.hmbox-settings.hmbox-storage.hmbox-sync-private.hmd4.hmd5.hmdbox-file.hmdbox-map-private.hmdbox-map.hmdbox-settings.hmdbox-storage-rebuild.hmdbox-storage.hmdbox-sync.hmech-digest-md5-private.hmech-otp-common.hmech-plain-common.hmech-scram.hmech.hmemarea.hmempool.hmessage-address.hmessage-binary-part.hmessage-date.hmessage-decoder.hmessage-header-decode.hmessage-header-encode.hmessage-header-hash.hmessage-header-parser.hmessage-id.hmessage-parser.hmessage-part-data.hmessage-part-serialize.hmessage-part.hmessage-search.hmessage-size.hmessage-snippet.hmkdir-parents.hmmap-util.hmodule-context.hmodule-dir.hmountpoint.hmycrypt.hnet.hnfs-workarounds.hnotify-plugin-private.hnotify-plugin.hnumpack.hoauth2.hostream-cmp.hostream-dot.hostream-encrypt.hostream-failure-at.hostream-file-private.hostream-hash.hostream-metawrap.hostream-multiplex.hostream-null.hostream-private.hostream-rawlog.hostream-unix.hostream-wrapper.hostream-zlib.hostream.hpassdb-blocking.hpassdb-cache.hpassdb-template.hpassdb.hpassword-scheme.hpath-util.hpkcs5.hpop3-capability.hpop3-client.hpop3-commands.hpop3-common.hpop3-settings.hpop3c-client.hpop3c-settings.hpop3c-storage.hpop3c-sync.hprimes.hprintf-format-fix.hpriorityq.hprocess-title.hprogram-client.hpush-notification-drivers.hpush-notification-event-flagsclear.hpush-notification-event-flagsset.hpush-notification-event-mailboxcreate.hpush-notification-event-mailboxdelete.hpush-notification-event-mailboxrename.hpush-notification-event-mailboxsubscribe.hpush-notification-event-mailboxunsubscribe.hpush-notification-event-message-common.hpush-notification-event-messageappend.hpush-notification-event-messageexpunge.hpush-notification-event-messagenew.hpush-notification-event-messageread.hpush-notification-event-messagetrash.hpush-notification-events-rfc5423.hpush-notification-events.hpush-notification-plugin.hpush-notification-triggers.hpush-notification-txn-mbox.hpush-notification-txn-msg.hqp-decoder.hqp-encoder.hquota-fs.hquota-plugin.hquota-private.hquota.hquoted-printable.hrandgen.hraw-storage.hraw-sync.hread-full.hrestrict-access.hrestrict-process-size.hrfc2231-parser.hrfc822-parser.hsafe-memset.hsafe-mkdir.hsafe-mkstemp.hsasl-server.hsdbox-file.hsdbox-storage.hsdbox-sync.hsendfile-util.hseq-range-array.hservice-settings.hsettings-parser.hsettings.hsha-common.hsha1.hsha2.hsha3.hshared-storage.hsieveedit-mail.hmail-raw.hpigeonhole-config.hpigeonhole-version.hrfc2822.hsieve-actions.hsieve-address-parts.hsieve-address-source.hsieve-address.hsieve-ast.hsieve-binary-dumper.hsieve-binary-private.hsieve-binary.hsieve-code-dumper.hsieve-code.hsieve-commands.hsieve-common.hsieve-comparators.hsieve-config.hsieve-dump.hsieve-error-private.hsieve-error.hsieve-execute.hsieve-ext-copy.hsieve-ext-enotify.hsieve-ext-environment.hsieve-ext-imap4flags.hsieve-ext-mailbox.hsieve-ext-variables.hsieve-extensions.hsieve-generator.hsieve-interpreter.hsieve-lexer.hsieve-limits.hsieve-match-types.hsieve-match.hsieve-message.hsieve-objects.hsieve-parser.hsieve-plugins.hsieve-result.hsieve-runtime-trace.hsieve-runtime.hsieve-script-private.hsieve-script.hsieve-settings.hsieve-smtp.hsieve-storage-private.hsieve-storage.hsieve-stringlist.hsieve-types.hsieve-validator.hsieve.hsleep.hsmtp-address.hsmtp-client-command.hsmtp-client-connection.hsmtp-client-private.hsmtp-client-transaction.hsmtp-client.hsmtp-command-parser.hsmtp-command.hsmtp-common.hsmtp-params.hsmtp-parser.hsmtp-reply-parser.hsmtp-reply.hsmtp-server-private.hsmtp-server.hsmtp-submit-settings.hsmtp-submit.hsmtp-syntax.hsort.hsql-api-private.hsql-api.hsql-db-cache.hstats-client.hstats-connection.hstats-dist.hstats-parser.hstats.hstr-find.hstr-sanitize.hstr-table.hstr.hstrescape.hstrfuncs.hstrnum.hsubmission-backend-relay.hsubmission-backend.hsubmission-client.hsubmission-commands.hsubmission-common.hsubmission-recipient.hsubmission-settings.hsubscription-file.hsyslog-util.htest-common.htest-mail-storage-common.htest-subprocess.htime-util.hunichar.hunix-socket-create.hunlink-directory.hunlink-old-files.huri-util.huserdb-blocking.huserdb-template.huserdb.hutc-mktime.hutc-offset.hvar-expand-private.hvar-expand.hwildcard-match.hwrite-full.hdovecot-configlibdovecot-compression.solibdovecot-dsync.solibdovecot-fts.solibdovecot-lda.solibdovecot-ldap.solibdovecot-login.solibdovecot-lua.solibdovecot-sieve.solibdovecot-sql.solibdovecot-storage-lua.solibdovecot-storage.solibdovecot.sodovecot-pigeonhole.m4dovecot.m4/usr/include//usr/include/dovecot//usr/include/dovecot/sieve//usr/lib64/dovecot//usr/share/aclocal/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:24956/SUSE_SLE-15-SP2_Update/a607d9493864c82436310edd08632663-dovecot23.SUSE_SLE-15-SP2_Updatedrpmxz5ppc64le-suse-linuxdirectoryC source, ASCII textASCII text, with very long linesASCII textM4 macro processor script, ASCII textSXwv;[utf-8c2900393435fefe65d2de67e5e88b31176aabdca2e6b2cdbbfade5fed400a5f4? 7zXZ !t/]"k%{D2s͗`=%%h`cZ>>&wDc(|dM16(}<_Rn7;Ta, ֍iGGoܯod ILk)3xUi,Jp'.i2ɰ{J3M.z Īr5 2JV|,!Up=s&E7N  Hukm,HQ}/v381׆)L DJr1:=_u>̯pn:/5"8wIX~oۛe:{)m b;z\aқ~/ϋ1g" k|nOm {%rU{UV=6̌Mefr_p͋ao/=3Gse=bŝ*gDAVAvuF+P#%k{Rjv4{:?"'hyCKnQ_c*@.5PglKsUPGV (_>Q?y(C8&;Xr>DTǻ~L~ N#7 !4\8t%7<;A"$"%{Zпh+jAF=lAYEp!2Xy~3l҇;XЁXZL:=]$T!L#XiwY@y1f&Mku`G yn@^QYKx3?6}wnq}SG'A^y6I)܁OɹFQnع NI:9)0ܐA9J ddev w'-0>A8vE4[@,AKpTm +^O1y_@LLhњf.ÊfCQG׼ `Nd)i]5ƾr(kO~בh_sc͔5P 8u &2ouhԛ+ aKD/ ٠A6=)EFX|.1ӄd\L !7ccOhc& UPj#ἙlR0mt%506sțuFj +N&<Zx me0S n&ny1;y=Bܐ-W,濪ٖ6δBR6=mR-v8~5nj"Q9@DUNsЅuQ\kFgHm ASMۨK;׭0B4bu/!Hbӄn ZT&}Vb}TUXqwMKh)@l-,: 2 xIwA4dfѐں9Z7Q(pYiEUmv·a; y(?n LiǘamQ&ďVN|?8>x1yjɆ6Nr}!x(<_ԍ~I 35֏ͯmKeqi(e5=7Yh)WW*#9exnJtUeL|1ҟ$tnEȡG)Q#Fw8z9{7ž|>}V:A(A ny઱_ / EK)C#kKW> 2|{S{P a?Uʆy\?8 !\Ǧ>Ϥ3z/8\:8$J-اV6}&&綻NV(k1r,t>0v9@978ߝj}S!dSibgDr/}F@ޭi\#|![gTxKz2x7[K{* .Ǹ6V J­)~|:D<>2 5qTcTק`,1Vp~`"k9puZWypPG%_KCފB$F_FR\ynԔntmg}a21'(a,a?Թ }9}<<מ?bII{_[b/"Xvv|D]ʜ C>6pqQVM41 =dZ xdLjP͉[o*Z3QY.L֨$C ['qw0cX4 ,d,V[h)]icn8 #kQxQÉdk|k?Dbds6#VŷDt{?WE0 dʂ%.cdX}0͕Q#fG10 +x" hŸGcv_l5A۹7"(mOcZBQ=Ӏ}HICq#B bwbk ۝ ]a%c` jg rж>^WZE^m6 (0-0n!5( ҡ (fC$,Hߪ{@L+Kr >E!rN((GZ.ݎzP#TO_QhnHS*韯磠wpa+ֶ(/Vf+)a^C't& M-XC25~ F+[&UM2V^j Կ\՞RVB*.dE1EO>LJTPjB\oZ*le0n:Oʕ5Y 这`0y[ "x\ۻS)WR?QlBŭ;vGygm3;A :/JL34e2P_,9~`OXt{JE75ԱQϥbIN{)(~Zܼ,]x-PiR&Dt^n*PaDŽVȆم<=,pE'剆< 3ApsoE#?VZ@XQ}DIIR `JmHf?(:ƒmWX=[ҕgM$B{)bg)4QwBoIBߞwx?듕P\5ۭVQ)r,Y*Z~e#|2uAݽk]dթCD'WTZ}7SjF6a7&n?-G*P -`7d-l\$*_Sf/شi|7~3*AqrM&mQ5/Y#Nv)U1p2SYL@DHF-4G;Jfc\Io*T c:@22[%Cf REJdz+Q bMmG}su&t:(|æ#q{~"ij` )Ob"8IM޴TY1[S@]A52hk3n't.>zr4"?ՄxԽZs賞*?^ lqy+}1oN$.hY,U!b]hg+Əww[dH#v6p["dZTTN3(A۠m\~U-Ɖ͡u>bg@`mk f@TydPDd:hAL 7;82|˶?VԻG"EoD~|8yvX UwgzigˮasO.N ㍂+tpj$D6 INA~w/]I5Nklq)hEaC%[tnbKQ!]E,zg|D!FL\XUBV AmKle4Dp!mkE?}kn{lO̱^7iXWD%[!1EB%#ڶɵWddHutS_S{P$NN^L^\)bֈ39Ai w.MR+[H]3A Ҝ V(=/fS 63 _ixNG$gGYy" ?\Ao *؜Γء9EE֞]_?y-ib1ѢM2+(/BDzdHz/=b.ttUP2}]"5ݍ5e<@J\{`uOY sU8ɟrR\xjDB4^JS׌e9V% 6I*T<jhӼbbV1AXuЙc-٠vh i  mGDWMH^wQ.㹚E0HAli$fuW3+Mꤞ!evo2<~e)r4duw~ȋZv 6n~֤ o/</"C&Ӝ'j꒝u1CL?f/䶱&TEcCW`^a-Ixi$ ̇Nj`*0Y~0}GB|}zq|h`GCˉT)C 5*]33L RZNw&?3)=T3N؅|;l 5xbhޱ4%,(i1H!U%&T5@&MMRԣ*!޳ kg[Lw>>]5r?9]c[ÿ/I㿕IL#Ewb=5¹dž\}^u>tm01WBw~YvQmʹ.?KK2_47ԢENm*";xgzPD5p K%TGhj|i`[E9ʆ1As6NwSPSgut U~c5R! L[v8lw\5{{ꜢK/)ؒsm3b2[ϕxwuMs/(; c7QQa 5+_R֕Os&;'iM8 Șr.޹ H&iV.jUU;_Ue z LFu 0Ud:p3)WA8teUW$Ϧ/漷Nx D coߟ#.տ}!=kܔWF..YVɝFpcW):`#dOv+V5?G4h+B@W,,,UhuY>3AvA<ÿŜ@Ȱm] 5hV!N4$f}mlk4^u^ W`j\y*%iQ{onwd>J? Sdb"h?SM{V*ĉGKmA0@ fvDu}IGJչqE7_;1Bdc|_zɵ 8sMg$4{ƉN"OF'ūyoA$B="L(Z]e ݵŝ5fiq}u u^EK2qKO$$y%gfT>uo"=n5&ɼ/ :!]60Q&]aK^uS@k8|#li$6&*3}Y{J³ApQِ4""QUlw 6E~T_UY(vъ,H6[Ï]MEg!E=/lD2O@c݋P2`l'+5fkjn J'b!Lq댁6>SX4ZT"') x;Ux^ud=ő˱/Ipvy51^3BDT~0삯tCaIқBjx-sjOl=@$N>4HG1Ĩ[ܬ[F*±lcGvlwtRDx:dre+/#<ԅܺBG sP8CRۜ(nܾ}Pؿ?B]O؋F"ܝiݸ~\]Y^ uSoN7 Y9HEsK$=㓖;/$؃{ȘlBZZR^xF2?uk^<-SߝmYf@Tj:bKvsjßDHKNE "^Z~P1]՗Yj- 2b,/ 9NpsNguYoIcQ[}"TdJS8Aj잘7OSlŧiK((\TBMm@ 8g2e}Im!I 60ښO}sЇ02h׳+TRZ)}&;@5_Gc49y[ S[N6i[%/;Fh}?XKh)f YڹfR2\y!6H,PpۧUI\45qԬ;ҠͥnA)@f=iLKT+yHn%b[Ոnm,@֦CcT`=("OZdh]*|um}.m"Jv8a@J%VB\̎{ĥ$wA(ʟtOjW,PzѾnUͤN4FZR(}.8sxJu7| CyеT`OQj`r k #%sлgyi8d),ՂI(N1%-w\`R{826g\Epξ ٝpX3ӡel̉{mr] j鳼 ޠEeƙ_RBXЩA2ܬN'`|Ns#>mdfWR$+)`l9%?cs1bD}HUVءoĜs8TwU|_ˁ?~A$B;M]>n[Jiɷ<#B'RS|;_Q||q BxE?}j L).հP ψ0>egVo5Rm%xr 4(X0n} ꤤP` xp|vrgҐ_Ke;XUZ%`'}5B=*3-giR 6^ffdn#q|`ylO=̅n,&($ eM:i@3vR/R]f&+*;a?"ٚP"H<?SZvJj56w056kgA6q!ƀw^^FVȖؗE/) w {{1J|z$~ 4՘TP0==j鴚2^n.[􋗢o*ǻm?ʾnF-79@hՐm7H2d4jBTI,gE%n\uHw 1) 4 6iJG*k\-fd0rNwV/@; ZyFm͠,P$mFJ,ig)>Fn?X>`af$S<eH1n{{!UM?`3V^1pZB" v2g|aEae,Q B~|JQ0m@6l{جDF{"(<xSq,mANd^Vp"+jCDjkb+#=r /773ErnNWhNAk@5 mSu9sr(6M8 'dKk])ʑëNiM{;ubN)6S_9B$,nXeZl Ek h#W&<'Fw}u!nv̷OǑSd#?8 ëe(n WoD8IpHeM88V;#Ȇ Jƽhh`Lmt1huw!7+WIwA}Kr-A~J)'ևn껿1J2/-| m<,Mv7Q& t!+^[d[nB p4sKzOҟ Ec{3)vFMș*KEGݲ A-ac,`ӿ(g^S7#L-pMu /f7p"`=J/Y)|FuExJi!*ᆱݫ/R"L}IUP4|a1NVxol48*i t:TWYFdY$|OWRKm:SSe>i[d`_ԃ^e}lE%kz+[^)6>뇴ͺ4Ud$ ;TvKf4h¤GM=ֿ耏ĶrX5̀S!—"(rEJ|8Ӯ) i sh%pl<3|G|NӁ\+ͱ g2v "^6}&jzf%rK+Måyʱ{?˥] G/8)ri撬W.3xI_?l8oĈx-u毨 iIc4تjxkw4`"iM)@%iyOӋeJ'Y%|ᬾ񖩟!"W}%>^9{\T}L92E,x~P )=$qS&;=̇,/~$Ok{3nD*d9/3`OK{ 3x閧>^&9T/oqÙCmb3#}|`m=310tRRuV<ں~:4m~H!.cNg<1jyHcq,C@4;|/n {XtxZU a lzIGn-kXט9AK>"[ϹV&cn5\vm r7Zz9=h9D_q)=yY;<^(Y62r4*6%jh;ȼR֤uE>R5TEgPjCQQBU VDhLZk<96dU=8oϣΞMo0rM;[(Gf%.%zKYKC\7(Hɻqvv;7MY|aV*032_uau/ݐ}ɡz}2-3N7C yF<0>/p ef &"-F\ ^'jYU&$m,:zFݢÛKiJo&`$5-8-@-DԋhL71v);t * x?Bx_rU".e!lJթXFXIǔ=T⣗))ooS,rC"a;}Ϛ+ fW=b) +[Z-x^q|ZxnH#ܜgekdtԂl#6 :Хt|)jj޾ O22`q0wdVא/ SV7bS`nHREfS=1scc>P^'H斐mםDI!O$ei@Ijж!w4Ǡ.hwT(m)=y"cY۷3pfEqd,ȹ'3I,{ %sfg;rH b%YWݰnUkYR[^d:θ;+z8 .j&g$mζ|"o>D="?pk< SrL$:{k4Ȼk &-<ӰGb+5W6JmʛԲ}3ZuWOsIeӼW 28P<4çu UGd`rfړtJ˜f88b:( (Pz|ו/c`ki^'vRm550`6K˩EMV` ?a`,J[(W[P^, IU 燣hpoZrG­sL÷S-GC x U}rIO ,$mrMc*,kUOYNH (2HSi? |S?$qHK2=pjX}hDvwvߧ[g&r"TsĚReOg$&jƊѝ6(d^ۊ:iغ?A_rs[erlq G8 I-ld9_B^)6xsZe۫t; '֡<;/=2e/-*Gؚj%1Y{Pe- 3m-28TQ4KEHT3֢z'$zJHg,jZΏn ⠴22 l&H T.əj(UT rz"B)իpF:ТƵJoU^`ycy g E$.iXs7wyK0$ ק};FN"^sd>FC#2v`Q*?mAg:mp 7;5޸nܔ?`mE}^'&/l,<#_pk6,BRc`5]&~#TQBa(,7FS&"q[Ϲ͓X8^ЏkR6n ~phs5HC@%dJ,BWy%m CGB @){8>v ~pf-j/+J'h J~btL$w wt]Hj?8EʏHicqU]+f ށƜ&Na7iTc $UyusNNWvi<г$wF1Jfdآ[+I}9Zv2|sg'cYHI.$m'+J/)KxVPuz|3F],a 7pd6e: R(4DmqΓH`ؿ^pW\V zR+ɣF:C`?ܲ8:TM&Zv:?;t8 JTb;n\AH>l 4)s2XM6 ew}9 f#0>}-, _H1FJ2MH96mE'9g3_.47b)1 << O5+*$b qPM{r)D웁?l$kC^V#\G(q<'ͫ[Y{DrSdQdQ#s5YsI;| P& dT 0IpP&/7f]49q ֵŴ_9]n讴I8$ۧ ʫ9J8 .O.jP Z uS 5U=FD pp\C[1!8* fF7ʓvɓD\wL gL}+J3 # T-cwpV$y%2zPA&Ӆ}yAGϜA<.Iy{(hhveiލ^;-w41XN$WIL(& IJ}7jRbG={8*p?Ylʨz $o:TȰvtj fG.?l.'OdjJwwXM? rxNbBWEydC zD8VYC ~v*h^ӽN%Xh(o܆4m wT-qE~<u7Spe7/^*1&U8danzVѐ5 '[A48Y:)ɇ+mW%M\. Ƃ+췆?Iv!%U k7zxYK[ |.Y.ˉr:oa ܘ$$KgY;?}9t@m#DTB?ޗA3?bj^>2zh.@q̡g 9ʋ`ev,_d8g:]:ș&.3'8gS-.wLެg[(׉2z Sȍ4?\%6]Tq=yYo]rG}#qks9XR ]85إBMи+2{T98KHݩ@U+AX2 &"Z`{ 4墨m 6ɰ= _3"`R>T!(S{2j^?Җ7ڱޫH+;0u_inK38&f>: A.#Li/^>I@dղg/xeNk~ O2H, yRR O񑓟m #R^.9Xxf4մx;E+~g˓W(n0y}(5ϋB:Y~ )հ򺍖nNoINN] l pe8 .}: k3XFWޓF4OFt.-~gS5_h#G{4'Y:{ 1A&2 $"D(^Uh$n̸W>+sL<(/ϯW"m Kҁ%m=ZXL_>~Ort]XaU7p>LQ&C:7z$Mf0_{+φ3\ sѶΉ5lSW-uId%&.ZQ}1Ipn;$foZorgh!^Q[+ƿP^Ƨy#x"CW_Lln9vvEB-2!#! #yxszMwt.){) c =r?#R73x'P$18Ǭ!uىNEjATHiEt"# d8so 7t\[3:{Tg/q]e!6/:9B/y̺|+Tq-7cRNc1gt&*T%@{/TũC Ѫ7W96s;|Z<`nRak{pM1H ^S8/GY6C c9۹NZ^OPQ0vgEBa8se{N2F,E?͍ .uScG!w|X:v+A6$y; L5/w06I'3]N?]7΋:J]_0)F([ñf99SAvf~ T~oV9Jxd(^-ԁDM\1Z~(? BK =Ia"(SLgE6+E|xb8(t6p=#,^B"DaJt%mʶ:*^Dcmo_=z)f-qQEde~0"ĻM3MWS(PAؠwc}8i݄`}B*V$m 5=kQd0lTS߿;! aP&m};+cXy/oIeM:PΠ Wy~,Ǻt^FD?$Ab8Jl̞`*bs@IE%wNr`$G1Q?haFB+RGu|cρk1VmYmU5c:}r |`G5Gw0_ݫ{eEt|Gmֻ<_cyq.<Ś< l (clXZBE5$5+w]rs>B^H8OPLSȹ%Ob%nZV$-I4TBmm2wpeÝk!tbWSmCqҲ֭yE+`v*Zbǵu@Tl8&ʶB2B(fw2:E}!@grpҶEE:IJU%&^VW)G&$PsyC0&ESd=VLeLBM " ŀT-;O(QXS\T𤺆UVlZ޷mMv:">:'({>d$\6K"5K|7V.H-#&:Jek4ڡũ @jv[o [9"\WTߋ[5GZg{U͌')@4A}C3_i9ʀMWP{I46$?a"j)i)6*9af7];}QStxAB}|GPۧ#ӕI`KwwC50`zfE7P-7Yrp.NW1J0%/Hԉ] rUHt據鉗8B,J^^%F֠2/Lo[QcUI.8īVP,ʼN|}+AX$H-xk%Sȣüƀª- V?0wtGt.1wUVa mBlHYx qV%* A1wS=ɀxpӏGN1Mq5CҠΰ3֊dB,k tJFoK\_ B3xy52SJʥg=1pȚ߃^fKZ=l=b# & Kig͹SRIӴ<*P2qɻz]Pu$Ta&xb|7>y?T+2h0r(5MjΆt*OٖsYIwi$KQPKzBD.|hG/lpOUG`DT=W˫rԳڞ$o{j_*3k J 92 vJx:- C] !恥Ii_[Y`p2(}GNS(H|,\rn" luA٫[0do+F쁏"ϡpHY ɝR)Hcb-[ sy$6kov8?E.|HeW~ӝ/luP=?DߓEiWab |ІX&PM44Ͷ?,ҋaՈ%rsW\&ʉv#z0@,Jg). 1sPs\AC!`p&ot >rR.hXB;{WÉ k Y̓*1'FaF:u_@ >6F(O]G|IV)NLXG<.-YJl0|{. jw:ĮBQJƂ苙w0EAb5A;OYWnXåSl8$ !Ȓ=3 iIB!}=q&v-p\!Eqy9,{"ˣl[SB)4U!LMEpPdMN=.2鈃ٚ601>phҙ ZX eMzšX;5QnhcE%x#l|eQKW"L麠T(.\_)2um0Xu'1do#e!kAu2@'-r\5hMIPJzkQڑZ )[{}43Z*)hN2[16젺B'{wسA!y%Fp> <ù Ԉ*gW@.74^B$~Z!hMMQas„^q fub(M,+e@94ȼ^Q]R+'fZ7֚e ,.C诅D sryD..;F_.V+-&ȭn?ӱ>וh!)o!b!Hf^ VvqP@!59;\Y;5MO;KW=N@jr4ǬVN8H5C!Iq~ʌ N/"8wѮ`Ec4:a1:P6?:fsuc%, RYuPPeoPId8!jp=G=ch0j8ngK!*߬`ng]@Fc-| Ťջxi־w+ o=Y0#ms-ܣPV%ޡC UJMhqBۣy,ں_9!)"?IᡴVz]cQkJצ1ɔhd˛Zd.ղ3YzDcR\]lSC*cz%>3mɰ_yx\GO[LT`S! V%1q7~ w,4"7(N dM{ش`![޶?BZiCؔrmR'Nji@Slj3CDRL-bd@_p:*$4A8Q65IuAM`N,H[μGc݅${2y+z_&P'?jc"P 9ȕ$^αhx . "YAYoBHUN5v}wEܫ/%MP_iwt?p,+b.Q|BvF7)bH#Zb28Wk*nz" Ņwoבva`[KufD,MN﾿A>4C~qCLaWD4Bbעg!|UzX7zs$Sp^CuR3Z*HC=HsG~jBZǝYF oΑ{5IEZnXfu⮔JV@ o82r+g/nQnj10k..?kҕ3{kP3mBtFN-*BllGxv‰ٺ7Kp̵ YtU-LNwTS%J,eEZOFAGPijUvtC/cZh.t:[stA%YUp]6,nצjFWώuUx NRwyKnlvsJ?"/?EI4(? :g[rSa=0gO+3(AOHG:o<9҆nMKN9䘪"|rӔ*9]ZA)A]bv.>9M) \pTQg4y0)΃dA>fsFU%{0 .3XTGu*h3]ã} =b[**"dU+P2s_e³5Xآ-(pMg\TݿilY0C%)g6UrkG8N«i7֡~\u[1}u3T&l˃{?^-"i;@?nû. y9 :**ҟOܤ~ݵφD8WLbQ;>HJ@uhjR;m&KQ h g7rFM t=kByks?&|kyJ`#_5{imD> n}ATɓ“CrL~Z)iǗ8mLL/̴KlWht#%u:K`UO_?(~Wr  dI}ip vՈ>Q$w"-LJ%\+p-S%֬ɷTx2^d?(Rf F %3RN{ty5+xOD&zp];꾶DLr^ZW՟Cd]g*Q2̻̘ {8~e{ؚ4ݛ{9LĠ)57n odPy'诮;Mlazt5Д9 15QЁ\3v؁C+pK뱚b0KXƤu  Ck/ZV<bD #w?x $J,kKcaY%cv8g8"Z lHc:bnZкjo!e 萸y5b"e47!>/!I[b&>wh?Cq .2=kZ͜x7#?2AO+&3Y,\y3It$rx.@)R#\l"[#{|c}FtI2uavRd7g#c ո{$J=8Ԁtdql3T&KUZfk\MBHүC̳X]3>h 5O xVhANHC[x67LM~5(,7׿:w"eFL¬@!-[pQ!byb>tq=*MleT9dIwel"dNP=rdha}NƢQ9]% 7Ӌ颷+ΓsKgXϣs("VӯZqOK]ܠ'7'_akc}ٟ'ǃZ!D_z͡.;[BoD;@ER8֣!HlK1|~~xH46OsTBd\_:2/sͅ|wA:6Sm|PHK9uԥT>MTm|u>m#hAy]$UgoFvؒaqʊj^qpƜwO}SVr ly;{aCxOofMI{8=v i iņ.2Sd,&[w3AL69B3% $ZxnD|gDdBdז$330;tY*D fxji,6i To٩#ZLB$01hg[t>;As$vį~z~vK\_60csjr8@\rTaĤ!DE)0- |@>D /[Ta'#u}`ۍ^ LH@r?]zEYkJ3X.H`;C۔'mhlUa(8"6ޞv>^(oT"Dl(UFY0AH?<v{Zo}s(V͸,NG#]2?:WeP *dp/󋤍k;,I㯅B\eԊ|{,( Ƃ5D)5'D(u3y p/.IIsG4 #â_D] N"Liv<>&֚s}ݎ&M;V16o?!af|A.RN/-P  aW^ReV T{^g[dvAOh77F; A<58wCyB;%4隓YWfƮs @8Stl8b*OZ #P>w gbpG9vBN70~#̹ !/td@152a|.ΙUtwG Nz:=Re#c{ʝm!xJ3z"R@ DolӆzSa1#Lj=ay~E' Θ kMu?v|:Zӿ$DŽ G6 :8$("QzH [.0⻠o?'6lٺ N S>rNvMl0Ĥ浞dR@nK|;11?8OvEmOԸ"mq?txQ}xJdr#Änl!⃮ @y#k!6K1V9Hf J騌9`96*)5r4Eǥy;ؔD[ KO؟ԜkmmrZ@ * GUx) Sk Fglh.Mn%CFuφyHʃrE3W>4G뮗~3Ai2_Sw.ߕHS+6dhRf91x H_ȴ wL~svKk/Zp_͆VH9V`z_y(FI; vg6A&eGdzmR vle`I_"\2%Gn*{KԒD蟝I2&Cw?F3ק **g2Mo?@E*L`kZ 5v,4.k]Q@>4sqSw[.zmZsJFZRp&ֈ%$ nݗ%3V^~IҎZ,,'q+"1dJDVD[ʐ [;b}we +p[zoNdKd`ϋN)i >uᩈm&z+\#JZi GIlJ \d;4ݝoM[5Ixf0(K|zid :Pďsͩꖏy%O$X/G'J|)/Wu * A^WSJq`h"?Oqpwd^bs ^S{p U0a>M0/t3ut2.H<)Qw PZGV|ҡUD7-U}i YrŘb^J2v&`po37Щv#;txGvmtKDcEqw>\5$0Ux-q#FcfY815' B"=6]j2moN$'tudn>9͞c ,薽C({0kQ[A & a(/Nz@;/S);'\+ x߉2bmO.R&vt5XrX΂vJ] 5I]"1i ڥA֖~1?*~-GݚwGqC**:׻3^qolUq]ݴBqIv8͊INC# nCZ7zٴ!X{tƐ$LyĆabG3fd qåج ޴PLޡGF 6),r{^7ڤiU u,G$,%&qk╧5m1|3dh2݋'} WR#|[bf`$b#I o)Qڂ׀C5fcl`oT}m?ߘeS%j\_ oˊdoVvA\kn' ~;ci;9vEgS9^ZX8: P~.Iff0MZ $qI̔-\_~ Ó{&%gx`XY7uk(Dh(7^YgTG]Ӣ 3W8i[CN13ijV2eZϐ:-ahz5][`qw^O`G}XAD΂_:'PZy>.L<⥗+[]JмϔkQ7hZV8}JNbFobԐ8*'wȁpiO*"5Xz5p$צ,$7ۏM+VYoڭfa==q{x_&m*@K󙠷F3,dJsB <EWE@$'yL.h=|uyxS#gfR< 6rd6z;bzXw͑V4v7$d_-n\&qH ܢ)])7ZR<{(˸+:2"3 R9-Upmh9n tyạs! #||K-.O~ޟrD񡼞wU7C N~@P ~ 0yPm!""ǷԄ%0  eYڢo>ÙVYE[%L%a2K7$oA0e9Uٟ  'qJF<-5i=?3m5RpL8/eS1qRYq찇0[H{^a *QAf$3%Zb/C_-ٔo 4~oyvk@@Ƿ 9[AWhz^Å40 &³0_lq4+nv$`^\H!1i{8 O҄o:+fzrʧWD%̕aln0!s4%M hws+)7 P>#LcǮDOzi t S4Ty\zy}d's\B3M#ФX笊\2;YgⰌLK=!C-琚#w ff!H.Q+7R?%5HswbH[u܌{#miXmB{&h8ӮNC_r-E.մìQuz>uW ̣&nPB0a )fߩ'- -WA_Ia視 )]e2 *XM.g? i_=pHR;C{91n>7VRhibkv?olX{0Tw0P ?o*p;aAEj`}Xk$:6Jxxa]UGbaN kF|jJ}E׻=KL~1_#SھD .C|}Uގwk\T*q|W \F:A+˜m`6F>?dARV S&]gf\'mkNyE$=9YlKp:5[E ?z5%QKFRu1>s[CWn+#%Z{\μ{f2>“ bRu@YUq9 Q^¬鲮 6Y`IxqfzaNݧ2`~,IhTk&Wj 7drMX1.G?0H#*NBRk#\@ѷvBr LM cgN%fMFk?UcV)i҃,}׏;4GXoXH9k k2lFmLx@%Sfp_SwJdk$]O \Э9̎V^s,5,64DjCF-l  #|u u}Nj l^iei{GkZRSNte(^v2;D=4rŨ k8-#R #тe?!17z(xM-NszgiRt;5wPy#RU5qt3ҍzŜ J5]Yx1DF4190I/U< 21>lNָ7s]+r=.cD~ɋFz0YvGRjz躂hizzM!8^n+K+I|@o~K…@Dxenu= 9ӓx=x >OO=5aYC 4d)f}+ؗoPO%TgW7Jԁ.$۠ {z}YsS)k&ԃiӋmƼ2LyG `e:GmE(]9-2℺TS2X0ˤ%\Ckl߂bl{ŒjP Pm<%ZhM7-՟Ir=ڎgs"*RPd/I0FNO" Z{vB)Ocpx~8|cniOuO EԓN%YȈ #h2чA ߷~g{*s:ķ**$kOQTN? 8.=眣"@g9IҽnH2r8BDCKzy E\y^pL0?.5:6Qcܵ$f#n .b@cϷf5OD F1pk[V?wHRfJ! 0$\ĉ-K6LLRB;RGH/`3Nż3Y³ c~Fҭ0߆,:!:LJ2X?U "riIE)uOTǺ0Y*7e`Aߚ6r&AQjШ&sՂ%]{.{[)[W>q)/MrOUZ\4UhAH > 52=%[3mN.IРo,`w$% U^}0γMY5(K g~ƣvk&/eA8x!q>In*:&W7RFZy:\u%Ćaa͋_ktp9q%oG-Ӕi5bz[G[sfb]( h .@IcڪsVɌ]ʋF:(r;:&Lu Ĵ )(+#Lh%pkiVǦྴ CvQ깬 D{g+9 ,L{nnON:8gFSv,tCrV3DIøI +x`Up:{Zr{Ouznij0uaqgF1דi4C(ELڔy |?(`x.b/v^i]~%5 (#%3EISnHX71&㲉2.NIi"c4jg}=8l>u o6m@bֻ"=18 ]b+\a'Xp `mC5KYқj։~cw\:FAZoBY*V'јk,#~"eFw,"^mo Qk.\(ǎDF=s/],91k ؙOe d>NXWcz UA[`W85)N?Lؑ:#Cf `L*`̪{Ŧ?1Ï]$'(WDֆ4i0Hc|3 &-H(+`48̮z> c~P3o<2sQ+/tJWͨev>i U1\D |\%ߺMG̣oz83s\: .4fgW#t }HLKHM.-Q7Ed'8ֲ< ƹsYWҡ}ׯkN̸%y,~evN] f C|4Ψ tvxG]F@uw Xr Aciߣ(o,7B q$="Q^ &o`(tCFEuEj%,z5_$ Cӥڍ~B( ` ,GKj85ɐ- !_#~ >`uCFUHHdT Q/y,_5