From 6e27aa67beb758addd62d20b6965c9cb4ea79db5 Mon Sep 17 00:00:00 2001 From: Automatic Updater Date: Fri, 30 Oct 2009 23:18:51 +0000 Subject: [PATCH 01/87] auto update --- doc/private/branches | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/private/branches b/doc/private/branches index b1cfca3eeb..8fcf215183 100644 --- a/doc/private/branches +++ b/doc/private/branches @@ -275,6 +275,7 @@ rt20421 new each // 2009-10-20 19:04 +0000 rt20438 new marka // 2009-10-28 03:27 +0000 rt20453 new marka // 2009-10-23 12:52 +0000 rt20474 new each // 2009-10-27 05:30 +0000 +rt20541 new marka // 2009-10-30 02:28 +0000 shane_dbbackend open skan open explorer skan-metazones1 private explorer From 660818f4c7b6665b6e7b1dfef11d582d0f97d71d Mon Sep 17 00:00:00 2001 From: Automatic Updater Date: Sat, 31 Oct 2009 23:18:12 +0000 Subject: [PATCH 02/87] auto update --- doc/private/branches | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/private/branches b/doc/private/branches index 8fcf215183..3f7df467b7 100644 --- a/doc/private/branches +++ b/doc/private/branches @@ -273,6 +273,7 @@ rt20405 new each // 2009-10-14 05:15 +0000 rt20406 new each // 2009-10-20 00:14 +0000 rt20421 new each // 2009-10-20 19:04 +0000 rt20438 new marka // 2009-10-28 03:27 +0000 +rt20452 new marka // 2009-10-30 23:27 +0000 rt20453 new marka // 2009-10-23 12:52 +0000 rt20474 new each // 2009-10-27 05:30 +0000 rt20541 new marka // 2009-10-30 02:28 +0000 From cc11677a72613010a7b08804914d74aa63487730 Mon Sep 17 00:00:00 2001 From: Jeremy Reed Date: Mon, 2 Nov 2009 18:49:59 +0000 Subject: [PATCH 03/87] Fix misspelling. --- README.pkcs11 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.pkcs11 b/README.pkcs11 index b203a45a81..89d9be21d8 100644 --- a/README.pkcs11 +++ b/README.pkcs11 @@ -8,7 +8,7 @@ independent API for the control of hardware security modules (HSMs) and other cryptographic support devices. BIND 9 is known to work with two HSMs: The Sun SCA 6000 cryptographic -acceration board, tested under Solaris x86, and the AEP Keyper +acceleration board, tested under Solaris x86, and the AEP Keyper network-attached key storage device, tested with Debian Linux, Solaris x86 and Windows Server 2003. From af104911b781444e0b2d3da9df553897e511303a Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Mon, 2 Nov 2009 20:04:39 +0000 Subject: [PATCH 04/87] missing period in a sentence --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index 526f1df317..79851561fe 100644 --- a/README +++ b/README @@ -49,7 +49,7 @@ BIND 9.7.0 New features include: - - Fully automatic signing of zones by "named" + - Fully automatic signing of zones by "named". - Simplified configuration of DNSSEC Lookaside Validation (DLV). - Simplified configuration of Dynamic DNS, using the "ddns-confgen" command line tool or the "local" update-policy option. (As a side From 717a6020e62c369a0a220c4b59fbe24744b08260 Mon Sep 17 00:00:00 2001 From: Automatic Updater Date: Mon, 2 Nov 2009 23:18:25 +0000 Subject: [PATCH 05/87] auto update --- doc/private/branches | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/private/branches b/doc/private/branches index 3f7df467b7..f5f05b4587 100644 --- a/doc/private/branches +++ b/doc/private/branches @@ -195,6 +195,7 @@ rt18815 new fdupont // 2008-10-28 12:34 +0000 rt18828 new marka // 2008-11-04 06:17 +0000 rt18872 new marka // 2009-01-23 02:57 +0000 rt18884 new marka // 2008-11-11 02:16 +0000 +rt18884a new marka // 2009-11-02 05:55 +0000 rt18905 new jinmei // 2008-12-30 01:46 +0000 rt19027 new rt19063 new marka // 2008-12-13 01:45 +0000 From 554d22d2deb8889bb16434176b5716ab79d15c50 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 3 Nov 2009 01:07:48 +0000 Subject: [PATCH 06/87] 2743. [bug] RRSIG could be incorrectly sent in the NSEC3 record for a insecure delegation. --- CHANGES | 3 +++ lib/dns/nsec3.c | 25 ++++++++++++++++++++----- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 24836c273a..8da571c7a3 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2743. [bug] RRSIG could be incorrectly sent in the NSEC3 record + for a insecure delegation. + --- 9.7.0b2 released --- 2742. [cleanup] Clarify some DNSSEC-related log messages in diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c index 81de97f4f4..4c44194bc4 100644 --- a/lib/dns/nsec3.c +++ b/lib/dns/nsec3.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsec3.c,v 1.10 2009/10/08 23:48:10 tbox Exp $ */ +/* $Id: nsec3.c,v 1.11 2009/11/03 01:07:48 marka Exp $ */ #include @@ -88,6 +88,8 @@ dns_nsec3_buildrdata(dns_db_t *db, dns_dbversion_t *version, unsigned int i, window; int octet; isc_boolean_t found; + isc_boolean_t found_ns; + isc_boolean_t need_rrsig; unsigned char *nsec_bits, *bm; unsigned int max_type; @@ -141,7 +143,7 @@ dns_nsec3_buildrdata(dns_db_t *db, dns_dbversion_t *version, result = dns_db_allrdatasets(db, node, version, 0, &rdsiter); if (result != ISC_R_SUCCESS) return (result); - found = ISC_FALSE; + found = found_ns = need_rrsig = ISC_FALSE; for (result = dns_rdatasetiter_first(rdsiter); result == ISC_R_SUCCESS; result = dns_rdatasetiter_next(rdsiter)) @@ -153,13 +155,26 @@ dns_nsec3_buildrdata(dns_db_t *db, dns_dbversion_t *version, if (rdataset.type > max_type) max_type = rdataset.type; set_bit(bm, rdataset.type, 1); - /* Don't set RRSIG for insecure delegation. */ - if (rdataset.type != dns_rdatatype_ns) + /* + * Work out if we need to set the RRSIG bit for + * this node. We set the RRSIG bit if either of + * the following conditions are met: + * 1) We have a SOA or DS then we need to set + * the RRSIG bit as both always will be signed. + * 2) We set the RRSIG bit if we don't have + * a NS record but do have other data. + */ + if (rdataset.type == dns_rdatatype_soa || + rdataset.type == dns_rdatatype_ds) + need_rrsig = ISC_TRUE; + else if (rdataset.type == dns_rdatatype_ns) + found_ns = ISC_TRUE; + else found = ISC_TRUE; } dns_rdataset_disassociate(&rdataset); } - if (found) { + if ((found && !found_ns) || need_rrsig) { if (dns_rdatatype_rrsig > max_type) max_type = dns_rdatatype_rrsig; set_bit(bm, dns_rdatatype_rrsig, 1); From 2162c1ed3dbf02459e753f7f407bc6dfc24b0bee Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 3 Nov 2009 01:31:17 +0000 Subject: [PATCH 07/87] add missing period --- bin/dnssec/dnssec-signzone.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index da80bd2205..0303b4ebff 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -29,7 +29,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-signzone.c,v 1.251 2009/10/27 18:56:49 each Exp $ */ +/* $Id: dnssec-signzone.c,v 1.252 2009/11/03 01:31:17 marka Exp $ */ /*! \file */ @@ -1991,7 +1991,7 @@ add_ds(dns_name_t *name, dns_dbnode_t *node, isc_uint32_t nsttl) { } /*% - * Generate NSEC records for the zone and remove NSEC3/NSEC3PARAM records + * Generate NSEC records for the zone and remove NSEC3/NSEC3PARAM records. */ static void nsecify(void) { From 90065a6881d58420120ae33aac55e5ff10f65fd5 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 3 Nov 2009 02:00:14 +0000 Subject: [PATCH 08/87] s/sent/set/ --- CHANGES | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 8da571c7a3..07cb1231e0 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,4 @@ -2743. [bug] RRSIG could be incorrectly sent in the NSEC3 record +2743. [bug] RRSIG could be incorrectly set in the NSEC3 record for a insecure delegation. --- 9.7.0b2 released --- From 9d856845d63784690e347c8e8dc013f1c830c86d Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 3 Nov 2009 04:39:41 +0000 Subject: [PATCH 09/87] 2744. [func] Log if a query was over TCP. [RT #19961] --- CHANGES | 2 ++ bin/named/query.c | 6 ++++-- doc/arm/Bv9ARM-book.xml | 11 ++++++----- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 07cb1231e0..9b218c20dd 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ +2744. [func] Log if a query was over TCP. [RT #19961] + 2743. [bug] RRSIG could be incorrectly set in the NSEC3 record for a insecure delegation. diff --git a/bin/named/query.c b/bin/named/query.c index d24b2f85ed..4d08c90da3 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.330 2009/10/26 23:47:35 tbox Exp $ */ +/* $Id: query.c,v 1.331 2009/11/03 04:39:41 marka Exp $ */ /*! \file */ @@ -5073,10 +5073,12 @@ log_query(ns_client_t *client, unsigned int flags, unsigned int extflags) { isc_netaddr_format(&client->destaddr, onbuf, sizeof(onbuf)); ns_client_log(client, NS_LOGCATEGORY_QUERIES, NS_LOGMODULE_QUERY, - level, "query: %s %s %s %s%s%s%s%s (%s)", namebuf, + level, "query: %s %s %s %s%s%s%s%s%s (%s)", namebuf, classname, typename, WANTRECURSION(client) ? "+" : "-", (client->signer != NULL) ? "S": "", (client->opt != NULL) ? "E" : "", + ((client->attributes & NS_CLIENTATTR_TCP) != 0) ? + "T" : "", ((extflags & DNS_MESSAGEEXTFLAG_DO) != 0) ? "D" : "", ((flags & DNS_MESSAGEFLAG_CD) != 0) ? "C" : "", onbuf); diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index 9ea53bccd9..81665e8e7b 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + BIND 9 Administrator Reference Manual @@ -4411,10 +4411,11 @@ category notify { null; }; class and type. Next it reports whether the Recursion Desired flag was set (+ if set, - if not set), if the query was signed (S), - EDNS was in use (E), if DO (DNSSEC Ok) was - set (D), or if CD (Checking Disabled) was set - (C). After this the destination address the - query was sent to is reported. + EDNS was in use (E), if TCP was used (T), if + DO (DNSSEC Ok) was set (D), or if CD (Checking + Disabled) was set (C). After this the + destination address the query was sent to is + reported. From d937817697dba1f9fdd83ff7c507d9bd9dce1a7a Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 3 Nov 2009 14:02:20 +0000 Subject: [PATCH 10/87] remove synatx errors from example --- FAQ.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/FAQ.xml b/FAQ.xml index ea51916599..258bc8a903 100644 --- a/FAQ.xml +++ b/FAQ.xml @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - +
Frequently Asked Questions about BIND 9 @@ -448,7 +448,7 @@ Master 10.0.1.1: type master; file "internal/example.db"; allow-update { key mykey; }; - notify-also { 10.0.1.1; }; + also-notify { 10.0.1.1; }; }; }; @@ -458,7 +458,7 @@ Master 10.0.1.1: type slave; file "external/example.db"; masters { 10.0.1.1; }; - transfer-source { 10.0.1.1; }; + transfer-source 10.0.1.1; // allow-update-forwarding { any; }; // allow-notify { ... }; }; From 5ccd971c729ae2d1116e0243e689c010e45decaf Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 3 Nov 2009 19:43:54 +0000 Subject: [PATCH 11/87] UNUSED(engine) if !defined(OPENSSL) --- lib/dns/dst_api.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c index 420aaf2a06..5b12e98b5a 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c @@ -31,7 +31,7 @@ /* * Principal Author: Brian Wellington - * $Id: dst_api.c,v 1.45 2009/10/27 22:25:37 marka Exp $ + * $Id: dst_api.c,v 1.46 2009/11/03 19:43:54 marka Exp $ */ /*! \file */ @@ -162,6 +162,10 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx, #endif REQUIRE(dst_initialized == ISC_FALSE); +#ifndef OPENSSL + UNUSED(engine); +#endif + dst__memory_pool = NULL; #if defined(OPENSSL) && defined(BIND9) From f80b665135127a12ca503c8830aa465aa1ddd17d Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Tue, 3 Nov 2009 21:44:46 +0000 Subject: [PATCH 12/87] fix typo: s/pcks11/pkcs11/ --- bin/dnssec/dnssec-keyfromlabel.docbook | 4 ++-- bin/dnssec/dnssec-keygen.docbook | 4 ++-- bin/dnssec/dnssec-revoke.docbook | 4 ++-- bin/dnssec/dnssec-settime.docbook | 4 ++-- bin/dnssec/dnssec-signzone.docbook | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bin/dnssec/dnssec-keyfromlabel.docbook b/bin/dnssec/dnssec-keyfromlabel.docbook index e966362868..6516d8e37b 100644 --- a/bin/dnssec/dnssec-keyfromlabel.docbook +++ b/bin/dnssec/dnssec-keyfromlabel.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + February 8, 2008 @@ -128,7 +128,7 @@ Specifies the name of the crypto hardware (OpenSSL engine). - When compiled with PKCS#11 support it defaults to "pcks11". + When compiled with PKCS#11 support it defaults to "pkcs11". diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook index 713e3ca847..a246de2c2c 100644 --- a/bin/dnssec/dnssec-keygen.docbook +++ b/bin/dnssec/dnssec-keygen.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + June 30, 2000 @@ -218,7 +218,7 @@ Uses a crypto hardware (OpenSSL engine) for random number and, when supported, key generation. When compiled with PKCS#11 - support it defaults to pcks11, the empty name resets it to + support it defaults to pkcs11; the empty name resets it to no engine. diff --git a/bin/dnssec/dnssec-revoke.docbook b/bin/dnssec/dnssec-revoke.docbook index e010fcbb9d..0c74968694 100644 --- a/bin/dnssec/dnssec-revoke.docbook +++ b/bin/dnssec/dnssec-revoke.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + June 1, 2009 @@ -108,7 +108,7 @@ Use the given OpenSSL engine. When compiled with PKCS#11 support - it defaults to pcks11, the empty name resets it to no engine. + it defaults to pkcs11; the empty name resets it to no engine. diff --git a/bin/dnssec/dnssec-settime.docbook b/bin/dnssec/dnssec-settime.docbook index 175183c1a8..8c08137937 100644 --- a/bin/dnssec/dnssec-settime.docbook +++ b/bin/dnssec/dnssec-settime.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + July 15, 2009 @@ -134,7 +134,7 @@ Use the given OpenSSL engine. When compiled with PKCS#11 support - it defaults to pcks11, the empty name resets it to no engine. + it defaults to pkcs11; the empty name resets it to no engine. diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook index e36559a2a9..7148c7d831 100644 --- a/bin/dnssec/dnssec-signzone.docbook +++ b/bin/dnssec/dnssec-signzone.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + June 05, 2009 @@ -158,7 +158,7 @@ Uses a crypto hardware (OpenSSL engine) for the crypto operations it supports, for instance signing with private keys from a secure key store. When compiled with PKCS#11 support - it defaults to pcks11, the empty name resets it to no engine. + it defaults to pkcs11; the empty name resets it to no engine. From 64affc54f96a2c71cbd10ed71e246ce0746259aa Mon Sep 17 00:00:00 2001 From: Automatic Updater Date: Tue, 3 Nov 2009 21:59:04 +0000 Subject: [PATCH 13/87] regen --- FAQ | 4 +- bin/dnssec/dnssec-keyfromlabel.8 | 4 +- bin/dnssec/dnssec-keyfromlabel.html | 4 +- bin/dnssec/dnssec-keygen.8 | 4 +- bin/dnssec/dnssec-keygen.html | 4 +- bin/dnssec/dnssec-revoke.8 | 4 +- bin/dnssec/dnssec-revoke.html | 4 +- bin/dnssec/dnssec-settime.8 | 4 +- bin/dnssec/dnssec-settime.html | 4 +- bin/dnssec/dnssec-signzone.8 | 4 +- bin/dnssec/dnssec-signzone.html | 4 +- doc/arm/Bv9ARM.ch06.html | 11 +- doc/arm/Bv9ARM.pdf | 6670 +++++++++++++------------- doc/arm/man.dnssec-keyfromlabel.html | 4 +- doc/arm/man.dnssec-keygen.html | 4 +- doc/arm/man.dnssec-revoke.html | 4 +- doc/arm/man.dnssec-settime.html | 4 +- doc/arm/man.dnssec-signzone.html | 4 +- 18 files changed, 3357 insertions(+), 3388 deletions(-) diff --git a/FAQ b/FAQ index a2d1686c4e..b256ed8b10 100644 --- a/FAQ +++ b/FAQ @@ -244,7 +244,7 @@ A: You choose one view to be master and the second a slave and transfer type master; file "internal/example.db"; allow-update { key mykey; }; - notify-also { 10.0.1.1; }; + also-notify { 10.0.1.1; }; }; }; @@ -254,7 +254,7 @@ A: You choose one view to be master and the second a slave and transfer type slave; file "external/example.db"; masters { 10.0.1.1; }; - transfer-source { 10.0.1.1; }; + transfer-source 10.0.1.1; // allow-update-forwarding { any; }; // allow-notify { ... }; }; diff --git a/bin/dnssec/dnssec-keyfromlabel.8 b/bin/dnssec/dnssec-keyfromlabel.8 index f8452ed16b..1ea7f5cd21 100644 --- a/bin/dnssec/dnssec-keyfromlabel.8 +++ b/bin/dnssec/dnssec-keyfromlabel.8 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-keyfromlabel.8,v 1.15 2009/10/23 01:14:47 tbox Exp $ +.\" $Id: dnssec-keyfromlabel.8,v 1.16 2009/11/03 21:58:30 tbox Exp $ .\" .hy 0 .ad l @@ -67,7 +67,7 @@ Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used .PP \-E \fIengine\fR .RS 4 -Specifies the name of the crypto hardware (OpenSSL engine). When compiled with PKCS#11 support it defaults to "pcks11". +Specifies the name of the crypto hardware (OpenSSL engine). When compiled with PKCS#11 support it defaults to "pkcs11". .RE .PP \-l \fIlabel\fR diff --git a/bin/dnssec/dnssec-keyfromlabel.html b/bin/dnssec/dnssec-keyfromlabel.html index 7bb428785b..735aed445b 100644 --- a/bin/dnssec/dnssec-keyfromlabel.html +++ b/bin/dnssec/dnssec-keyfromlabel.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -79,7 +79,7 @@
-E engine

Specifies the name of the crypto hardware (OpenSSL engine). - When compiled with PKCS#11 support it defaults to "pcks11". + When compiled with PKCS#11 support it defaults to "pkcs11".

-l label

diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8 index 165d59fa17..8f5b24fbcf 100644 --- a/bin/dnssec/dnssec-keygen.8 +++ b/bin/dnssec/dnssec-keygen.8 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-keygen.8,v 1.52 2009/10/28 01:14:38 tbox Exp $ +.\" $Id: dnssec-keygen.8,v 1.53 2009/11/03 21:58:30 tbox Exp $ .\" .hy 0 .ad l @@ -100,7 +100,7 @@ Indicates that the DNS record containing the key should have the specified class .PP \-E \fIengine\fR .RS 4 -Uses a crypto hardware (OpenSSL engine) for random number and, when supported, key generation. When compiled with PKCS#11 support it defaults to pcks11, the empty name resets it to no engine. +Uses a crypto hardware (OpenSSL engine) for random number and, when supported, key generation. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine. .RE .PP \-e diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html index 452b7ecbfa..1d7242b872 100644 --- a/bin/dnssec/dnssec-keygen.html +++ b/bin/dnssec/dnssec-keygen.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -133,7 +133,7 @@

Uses a crypto hardware (OpenSSL engine) for random number and, when supported, key generation. When compiled with PKCS#11 - support it defaults to pcks11, the empty name resets it to + support it defaults to pkcs11; the empty name resets it to no engine.

-e
diff --git a/bin/dnssec/dnssec-revoke.8 b/bin/dnssec/dnssec-revoke.8 index 34e14592f3..028edf99f9 100644 --- a/bin/dnssec/dnssec-revoke.8 +++ b/bin/dnssec/dnssec-revoke.8 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-revoke.8,v 1.7 2009/10/06 01:14:41 tbox Exp $ +.\" $Id: dnssec-revoke.8,v 1.8 2009/11/03 21:58:30 tbox Exp $ .\" .hy 0 .ad l @@ -61,7 +61,7 @@ Sets the debugging level. .PP \-E \fIengine\fR .RS 4 -Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pcks11, the empty name resets it to no engine. +Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine. .RE .PP \-f diff --git a/bin/dnssec/dnssec-revoke.html b/bin/dnssec/dnssec-revoke.html index 22edeadee5..76842ba2ae 100644 --- a/bin/dnssec/dnssec-revoke.html +++ b/bin/dnssec/dnssec-revoke.html @@ -14,7 +14,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -62,7 +62,7 @@
-E engine

Use the given OpenSSL engine. When compiled with PKCS#11 support - it defaults to pcks11, the empty name resets it to no engine. + it defaults to pkcs11; the empty name resets it to no engine.

-f

diff --git a/bin/dnssec/dnssec-settime.8 b/bin/dnssec/dnssec-settime.8 index 9effbde82f..b2b33b51bc 100644 --- a/bin/dnssec/dnssec-settime.8 +++ b/bin/dnssec/dnssec-settime.8 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-settime.8,v 1.8 2009/10/17 01:14:35 tbox Exp $ +.\" $Id: dnssec-settime.8,v 1.9 2009/11/03 21:58:30 tbox Exp $ .\" .hy 0 .ad l @@ -79,7 +79,7 @@ Sets the debugging level. .PP \-E \fIengine\fR .RS 4 -Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pcks11, the empty name resets it to no engine. +Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine. .RE .SH "TIMING OPTIONS" .PP diff --git a/bin/dnssec/dnssec-settime.html b/bin/dnssec/dnssec-settime.html index 69134cca88..935ec031e7 100644 --- a/bin/dnssec/dnssec-settime.html +++ b/bin/dnssec/dnssec-settime.html @@ -14,7 +14,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -83,7 +83,7 @@

-E engine

Use the given OpenSSL engine. When compiled with PKCS#11 support - it defaults to pcks11, the empty name resets it to no engine. + it defaults to pkcs11; the empty name resets it to no engine.

diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8 index e6e38e51b7..7fcb92bbbe 100644 --- a/bin/dnssec/dnssec-signzone.8 +++ b/bin/dnssec/dnssec-signzone.8 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-signzone.8,v 1.57 2009/10/12 23:15:22 tbox Exp $ +.\" $Id: dnssec-signzone.8,v 1.58 2009/11/03 21:58:30 tbox Exp $ .\" .hy 0 .ad l @@ -74,7 +74,7 @@ files in .PP \-E \fIengine\fR .RS 4 -Uses a crypto hardware (OpenSSL engine) for the crypto operations it supports, for instance signing with private keys from a secure key store. When compiled with PKCS#11 support it defaults to pcks11, the empty name resets it to no engine. +Uses a crypto hardware (OpenSSL engine) for the crypto operations it supports, for instance signing with private keys from a secure key store. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine. .RE .PP \-g diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html index 1279515842..1df0ae1d27 100644 --- a/bin/dnssec/dnssec-signzone.html +++ b/bin/dnssec/dnssec-signzone.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -72,7 +72,7 @@ Uses a crypto hardware (OpenSSL engine) for the crypto operations it supports, for instance signing with private keys from a secure key store. When compiled with PKCS#11 support - it defaults to pcks11, the empty name resets it to no engine. + it defaults to pkcs11; the empty name resets it to no engine.

-g

diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html index eb14f33eaa..79369cc943 100644 --- a/doc/arm/Bv9ARM.ch06.html +++ b/doc/arm/Bv9ARM.ch06.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -1641,10 +1641,11 @@ category notify { null; }; class and type. Next it reports whether the Recursion Desired flag was set (+ if set, - if not set), if the query was signed (S), - EDNS was in use (E), if DO (DNSSEC Ok) was - set (D), or if CD (Checking Disabled) was set - (C). After this the destination address the - query was sent to is reported. + EDNS was in use (E), if TCP was used (T), if + DO (DNSSEC Ok) was set (D), or if CD (Checking + Disabled) was set (C). After this the + destination address the query was sent to is + reported.

diff --git a/doc/arm/Bv9ARM.pdf b/doc/arm/Bv9ARM.pdf index 1a0ef68949..2391897a1f 100755 --- a/doc/arm/Bv9ARM.pdf +++ b/doc/arm/Bv9ARM.pdf @@ -1725,9 +1725,7 @@ x r`ނrUbybZ 30*5@"{[WD+B UE=hWQQCYs5PTB:Q*P. D*nPhL˱Tf 1PT(80PP(Reƃr+ ,e3 1 bx?=JF߾YEQqlo2 0pa$pAiDq*K]W; 6k꣊ɼ=7)1bSvӘHǜg 1b€TO?\:qRf{zPlj:;  n2,:6BLfU n# gR=ah\v!OOCT>s_ &{L rr 08Z ;I"{숉ڋl9\)J41Xj2 Og #sѾ&iiC|blD!J _0Q:)/mjKb"=Ɯg 1O80P'aݨc#O -ͦàa!pωa2n/2j:$K*<(yPWg 1v<80zP&NwKDswkC.9'P+I9IāqzLr©qz?Ҷ-BeNLAN*>\gA ~Xlx!'=#ŀv>A<~ VLGR*TLo.<'@wKFշ?o\UjOY /i^"h$d2`qץ8A3߫8Ow5Ve 1qPsx<;%`×ԤPB$2ޡ3bR!C (L" {@FrBS2w4zS&kRGIf9!C$'=#9 Cs>=><2`q8Iāqz0Cՠ4Ҭk)]d5 9b@ 1~q`?T$SƦ|(2`q©80NPNǹU5/V-c%Jt zr%T G;"^WoE$ $O0؀dRq`l;6#VG幗7|/w'~[~ R 0@R` $@@w (C,7!M&xQq?K\6 -aa!1N3jx ³q6֔osM0 45!1בks>>xCs"- -`Q"F꽣3bD0 ӊk(.=]Bv"&. `aCq`X;,#^- P!>}"\6㢧o* {9Cvr._~ޔy7۲2]\jdTk2& W^hO𰼩8yqV~o-@) j~MDQ6#j*{GD~XCr5.g8)ź]qv_y'l!@OD͈273 7 Fp҄f 1Bz omAwHG2!ZBq~Θ钄rvwUq;yLn6:C'80tP:+lq] f B9ލMEgAe^L!Ho)冞޴I*=wSq`;Z RPtC|3Y~e}}EBղ^ 7=+gb50fxM21Ә2"IlRZ\onW՛?ö m0fa 01Q|눰Rķ./9=>/նN8!2;Dfk3Ĝue6q\[Nj^{; B/$,U* ~@"UEzu=:RO{S=7Oy8~mwD RvЉos%OLjS/q,뛇XRr ?CM/ۃ@Iendstream +ͦàa!pωa2n/2j:$K*<(yPWg 1v<80zP&NwKDswkC.9'P+I9IāqzLr©qz?Ҷ-BeNLAN*>\gA ~Xlx!'=#ŀv>A<~ VLGR*TLo.<'@wKFշ?o\UjOY /i^"h$d2`qץ8A3߫8Ow5Ve 1qPsx<;%`×ԤPB$2ޡ3bR!C (" = #9ҩ;b)5{p}Xl~!'=#9 Cs>=><2`q8Iāqz0Cՠ4Ҭk)]d5 9b@ 1~q`?T$SƦ|(2`q©80NPNǹU5/V-c%Jt zraSq 0;tX{]͓x'o?F^6c/IŁzЎX[^zSLyrnm!DHU6Jށ *l@x6[_bE5.qXC ( E" {T8 7 XSv5GH`6ã'`* {^GBtǯM? ȃl*!FEO'@wTpFwyZq řbT(ÎXec 1,z o@wXPG eZb,~{C|mD%El.!EOTsh$5\=v)neeXךeL@TN^UED 5L?&"(`! F#i`!CUIbݮ8l;żL @HR6C'E* {fDo؊^]Wj#A8iBB !=Bq`;B#J~-!Rpgs?gLtIB9s;]ªø<&7`ovT:aL6|.ۆ}QwƋ˦à /\&\wDpELrCOoq}vR(!٤C ^û80XP-L)t(lA2[~޾"^!jY31 CLce3&iLL$6)_-7ݫ͍h a[6Gtv@L 01Q|눰Rķ./9=>/նN8!2;Dfk3Ĝue6q\[Nj^{; B/$,U* )*ux"v`s=ںhHゥ> >> endobj @@ -2055,7 +2053,7 @@ endobj 873 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [499.2773 196.5138 511.2325 205.6195] +/Rect [499.2773 196.5138 511.2325 205.4701] /Subtype /Link /A << /S /GoTo /D (subsubsection.6.2.16.9) >> >> endobj @@ -2104,7 +2102,7 @@ endobj 880 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [499.2773 112.292 511.2325 121.2483] +/Rect [499.2773 112.3917 511.2325 121.3978] /Subtype /Link /A << /S /GoTo /D (subsubsection.6.2.16.16) >> >> endobj @@ -2144,25 +2142,25 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 887 0 obj << -/Length 3478 +/Length 3476 /Filter /FlateDecode >> stream -xSG+&Ý !`%y5l$f;-4b8` )ۭ~gvgagNDQ߽b{vÛv^n}J#Ns=8e N?o9:=8:=xPQQ񷭟%Y5PœɖT()Dֿo%r$\O8'rD h ogk>͋u1k*|Zm'ᢘbg+_B)E9 q|xVZGήE:epKn-ќ.k͋cXۅ늭αkqRq`;^!H̋/|wt>bǟ/RYl8 g^%n\Tz Yfb@g$cD(`dsQe!d+`0D .j l# |Qw?S(KzCC&bBN1P3D1ƈÿ(1W+kAB - P" D v ZV.62V^^@%B՝5ZRd TV2T*k[r95zĤe# 1$(80$PF6j#eq@KP5<,3+a -Ά b0A9)꽃I 4nis]N}BҚ 0Ġa$Aw(F0=*OF[΋v)NhϋmcF0މ80QP_hKfi`O b8@A0q`8;$[|ŧ𢡡tE, ˹~@S6X?80 -P (T~9]%?!U^k9&b@0Bq`;Bq"ZBNŢQ%'d8`t a80~P?TdǏl9Y -^^FʶoV*bpmWoFK=ҋJHf6*CPAwhJGI(SOeCHrU230ttNāzt֌faŬ[qXz-a5*6C_ӊ9[P` -SoIŁ zh? -pWNX#*!jCLmoLDڨNmaNEU7D/vGSlKŁz( Urr}_^ύ7Yn4D:\JM"7xh]haMB_QOD"5,=Aa^feZ ,b7帘 ' -a`=6 KԚ -wP%D-[zahTc)˅i/U.&߃l5Y`! aT õ&ey mn˯/.%TŤiZ< V|6X * u߁SkiV<li?c}aB35\)TgS 1(U@0Pq.:۸cwlWĄf 1bf(1@0bܧB6Xslz!H G Sgo:=@of2 rN -b''>iHQk'մ]e>wӛh4_&5S= -G8޴?}Mg1'CCDcA$݇$8oa5j$ {l WpG}}Ahl! >B`PAh~wtޭ3u]qqO[)ǐ;0Xj,%XZsj̘tp_bˢ:ݵH7$MPm$ԣ1> Usf?;x(2@0tP]ьFvjz\}5,ߕtyuNnͥ"M#b!$+`@YHe (𦌼.bڬq};Շ3%l2!FԆ[AR`d*ANF4B8|{~<O} ς7ɾ5;d0O cc6&bu +xSG+&Ý !`%y5l$ f;-4b` )ۭ~gfwagNDQ߽b{vÛv^n}J#Ns=8}e Nǿl9:=8:=xPQQ_~%Y5PœɖT()Dֿo%r$\O8'rD h ogk>͋u1k*|Zm'ᢘbg+_J)E9 qٵn]Et.܊[9e]F P` [?~cxAwHCB9_|XU<?_. p2μJ##20*H"{LjPD11`dsQe!d+`XHāzX࢖ 6]xC1q7 ++?9l"&4`5ÈIāzaHJ1lp%$0`%Iāzh爐eb# aD["TY%EKjILf.*AeE,czQIŁ{Pp U.?+*wPЫGLZ6C!C!aQ`s6"q]7 Ȩ U`OYQSHw6L il?L80PLZaw? Lvclh! & 꽃F1˜!Bc6BiUƙM\z6ҝ 0`rS" &{p*`(lh! ~hq`Рޙ{✄{S/k68\CU )b@0@q`;@$N@xpMH|vN6 0pYяK" { +e=v2u b\@e"=r%.dj8)Gmq9F#z WoXRq ޝi(cѱ%ѕJ𪼨7GFcPf?IŁ1z514_+mk}Of;ntք,ab:F g 1~?80~P?TdǏl9Y +^^FʶoV1ٸC (K" {Yq9AjE}pƪlP! +ڤ@AwHMM.J{kc@PB D@!!~yxfLE荻EQի60ۋ$nh +J~EwNZJLO/!U C (B" {A)zM ‹xy%YXx5M ?F?OcP #O* {'ԿP>q]$\I)'?o eBƳqNPQ DNطg|ى P+s5,㘰\!Ê *T8RG؛^U{lT! + C% +꽫Ʒ&FTb8NBhz,#BۯZ琉l!34s"Lg{f0 u+fkY QIl_fVقCLPR+U*LP{'tD9T.pZQVbj|~Rq`j;!rvX:>J߾$[XmA]nvaJǯ(;&7꾓+$l;bk(qoy#J;ht4bs;hw+bApG%SqL~dm;M"%'r:%U۾Hg f# 1d!4_ +CuWqv$? ЍzF^Au&MFy)`g 1(X@0PX=v`kK@F#0Wh}?LhF_]U <񶗪l!F*F>CgoIqKibBN1P3D 1kSs!맀Sf˹cl{6zwQVW#u )JdaXs<%B6qʳ7LM@of2 sN +b''>iHQk'մ]f>wӛhhԏM:knOm*|{6g54ƜJ WrI +wp⼭ըnc_;Vg+^",%MGWw41MC ( +A" }~\߾ӝ{aҟR>!wb)d;%`DYJ>՘1-ŜE5.GEt4k7 nl%Fw$MPmQчjzsQZr܃?!0(L" }׃qE4WDM}9+nb:zNnV0Xb,$X@2QxSF^U1 mVTxߎjvOkK*. `aʟT JPFP%^c_àd_[d0O cc6&bu uD -2"|QNfq8:;+%p'z 1Q<ڼ2љ!DM0C@hwWaB`]yxn=j޼ -46atf@ ?8'HoV*Lg@is Jgb y Zk?6yco֏S?GN@(RK@endstream +2"|wQNfq8:;+?&p'z 1Q<ڼ2љ!DM0C@hwXaB`_yx.=j޼ +46atf@ 8O'HoR*Lg@is Jgb yZkĿ61|\kGe)XTP#r U%M qendstream endobj 886 0 obj << /Type /Page @@ -2175,7 +2173,7 @@ endobj 889 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [527.6238 758.5763 539.579 767.5824] +/Rect [527.6238 758.4766 539.579 767.4329] /Subtype /Link /A << /S /GoTo /D (subsection.6.2.18) >> >> endobj @@ -2266,7 +2264,7 @@ endobj 902 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [527.6238 601.7228 539.579 610.679] +/Rect [527.6238 601.7228 539.579 610.8285] /Subtype /Link /A << /S /GoTo /D (subsubsection.6.2.28.3) >> >> endobj @@ -2308,7 +2306,7 @@ endobj 908 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [527.6238 529.3748 539.579 538.4806] +/Rect [527.6238 529.3748 539.579 538.3311] /Subtype /Link /A << /S /GoTo /D (subsection.6.3.2) >> >> endobj @@ -2350,7 +2348,7 @@ endobj 914 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [527.6238 457.0269 539.579 465.9832] +/Rect [527.6238 457.0269 539.579 466.1326] /Subtype /Link /A << /S /GoTo /D (subsubsection.6.3.5.3) >> >> endobj @@ -2420,7 +2418,7 @@ endobj 924 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [527.6238 336.447 539.579 345.4032] +/Rect [522.6425 336.447 539.579 345.5527] /Subtype /Link /A << /S /GoTo /D (subsubsection.6.4.1.4) >> >> endobj @@ -4649,17 +4647,20 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 1281 0 obj << -/Length 3171 +/Length 2418 /Filter /FlateDecode >> stream -xZKs6Wjk# 1TުMrEf E*"e JMOwwĄÿĚqDDLs'CNno~8SvH33br:=/7W3԰Ù6| Q*//Fӛ "_^^Da>fsyWx?~O28O$֓'L$,"j)?7vZ!E\0!T" U!XUgBYɢLaHёfT^(sy܁3buda/qJ*H)՗{H,PW"VsWc#{)`޿*̤b^ɾJ2t42c-UV,>jyQ^95uk| xtVT=fXkrV Պ=]r^l99t4v+<6\=r0˄{{Zz\NJ=g?[i*-k8ea1Vgouy̤c,yb!LպJ<]v0sM$wMX3y7-..oӳM5ݼm'ޔyqĔ-KQC&{Xѷ' 3~J*UFYr6pUc,L>!r@>khb$d9ez_QƭyْR Q`z^w^5L} GE :d"<=Y(RВeEc#Zs*f܊ " >O2o"m)9ğ'|e2qg0r` 1ZdzH~ѹ2#Y-<úlpD~TŽ -8ЖF^V&,ܴ Q|, Ѐwr`}ǻu[-V2,fPfRCh9O/`q'C(Ljï+ 9̈k|j"BHmQ%s`vNG+6Ƣ_?E]c_;ǂ/fVLH7ŧ'>eؼZ,T~}:tѢvߢբkv-:Epׯ}hG%FC|Fk ةVNsխZPR%JBY2PҼXS({oUAA a q8a\JY^/1#Y3TBpULkOhw63 -E 'McGHFɰ0;\ -LK -{ h&$>+DS⅛s[Yl ݬ*hϳ@׌wV߮Nט Sgm"..zE`8@/}[XiFϫGEh)$,k pJ+*ɝ၇=vAڦ{#/WU V&}${qΪO61nPS?Ґ`ۓ}M-[gU>:0 STlzGGvJʹv<)}SBíyuPgx'o6ٶ Jǹg#E v **B²Hp+zΑO Y8~hUDmOANI$6I{6wćօ^SA53,띥0BXH:ܬWeL.WK'He"%?OukLST4 xS{ʊCO,o==Sm{ TUNf< a>R =xi;mˆwӲ[}2b02رec֐2&Ҭ* pl9(;T6aeAo1OKЛnCf@T%NX׃]ޤIabB^SK0@ VnxNF$m fI6@y˻8"$@z}v׸LmL-\$,Qs)ٲVЕ8uZC^|2}^W\kg0MZC[L={:LTKCIǎXұʂW8`ɡW 5,Km,Ǵȳ?wxnkOH܆Iۀ]ګݐ1\;PXm5;3\c}3of#ZHwPP׻|2.:Lq燅= eb\(H=Xnzu?<{endstream +xZKs6Wj+W"S3$Z%P"R8> 4(R2%ej@؀?hIADR& ̠ mFuQϓ.E8HLZ}iBfI_g_&tH*:K"Lo/>4 k,_oӒ<=4۳ϟnOr2l^/.䏓_ %"r(I uIvrwMZ'څ_@a\HhHCPg#D*B! g-@-2"Jp2-(3 Q|*"GhmIf0We#_:ezXLMi+ɮB6~Gfe fy@-@ߦFiZZjsei{EAVq^G˧ݤm5c{`L5\A h6źz'K'm"*=("ZU܋뤆fru-_"ۏ]{V<tH"|`u/[M) O` !PWtȣн1$ +FuBUxflc;DYsA:@JVOs LS"b0 +mGn;:^.#d,x6 P|Mee4v\(ʯ15O 6 +7fh4<pЖ֡lL˶AgaֹrXīgp8+ ߰5"L; 075% qef CS ͷldK {02,)M+6\*1+Gw~Y4HC|iZIBz FD ΋uԇ_L79cWBWz n?蜭u D +Mh6$va9($d#727M=Ln|}|ԅBFV8v }~Ѵ;Wg"-'n,flnoP ;zKYy} 5liliჲ);j6;OA X: qCxz"[XfLruaqt{pРŠ :A;cw;$1ξ+0@>b)tD( #8'}zO±.}.or~q˙38'pP'PA"8惄PHz=lG)$IZ.A? m;>*{l_MUn[l.U!(u慱n3mz^[-p\ +"|' L*OrX,aj4&wW_^־ٮlDHի̮+JJ^? 3j#ܺ~{2򛽴h"Dqs i9~N\Qll(k*~{Zx4 y)\ XY9`-l{GPEFyziim~Mcj*%_59u<ش 1tBx{9pTJi](`yh0T.gASi{/n>]JAKU?(x{zPW^ -Cqǩl?za@g4z oN WV{yK Ж߶JIȕ'WAo(?Ai~Ժ^u@< +{l . Rh"-&endstream endobj 1280 0 obj << /Type /Page @@ -4676,20 +4677,22 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 1286 0 obj << -/Length 2934 +/Length 2956 /Filter /FlateDecode >> stream -xڵZKs8WjKWY HzONbg=8w.( -XHF|HtdJ6GfeP*,J,e`v}N;ɫ+?Q\VY1-?{)H7o4Ǜ9%^|pq{:gqȼ7򖺔-QzYklŷ]&YiT;ң@-2D,#g{̏` ',K2f؊6damZy+.q6Kw͋rvb >w6m+^A@+(:Y8=@PȖUS%wKʱLSZuGjbv :mG?I"&K 1RRêPEU};nCHWEGF - &:/l݃|!p8ݣE",7[k_5,ڤyy>~6bj Vϣoc>p -}Fg%찮1%l.A sCZP kt̜8AA"/3PU%םZ)ڑTF ÌٗV`ubV3T9 € R bR!d2;E -LDf9IVuYFlc7:z܎- :g7tncH{P(;o}|C40|i^r+NnjcԶ:MÑ U` 5"lmՄmc,c2+Z9|򁣤%95$m6i*<0HGuX ,t#ƢݦPXH{glM7~vW7Hpn0lDjX;J!Y:f~=iq8'Ь/Pdw] KՃmژpQۋwGseil_dfGaKyP? !8x6wEOK*63 -#[a2yt`6 cV`mrԲCx3]u@;7UQU 2مt>޹Ɖ&(싚f3K[ G1e)HĴعjr$lжjwF+@ǎj '4}2=&5!H!^2U/ylP?evC^zyġwWX7z%\ -/L3y83ҏ.%KX.aQ cx.t mʻ2nԁ^;JCzM.Ӻ!1 響AiG;~acu> H0.4!bPbtS -G( 5 5A4hxw)V6ևc۔馲.V%&sB凉HNJx>4-_tRa#FsCbVěI:@AJEj&܋1/U xS0L1$?Ӟ"0 c0,JHYr_C@I%0g]Z7l@m}@ P=eZ%_`1 @tE~EJn7vNJ@.|;9̞{o肋:ȷI8)&sï: -/ͤ4]q$+៙/W#QG?aυkɁ#%endstream +xYKs8WjKWY A=9;us@ +E*"_Cwf6M*a4F?ƒjFn"N7Tȷgޞ)Q^xiGHVzI''r}$xΛw7osu퇻zk_uTI7=wE"OI7~>~2>4٧ޢc|:M_lςPaTg 9rZ{q]^ÃuU>YvUN軉'jt) +IԍRLQˢlUe +TLңI8 bX GkA^|=}iZntC*t67ü15Sf'<᱇V?}d8 ,TM`> S+9t-؂֡)[o4"^?yc}mɀ쿙Hnn+S֨8to0 9yUeVwz(Yu̞ZyEZ|_Ndy}kimYe{fҡyͪp5B&éei˦n_Rk c9nPT'G5MPpIQ[;YȆRVیb~;^tdL!ÃpuQb묬dj_okH1YŌY>mBC@h S :wwvy HBBbk6{nLdU0.fAL]GDcO(b;64)dnzɦ\1u`[S͜D?` 9T<^{ٙ/Xt?-n۲6<}ubf-67=ÄR}Y2KCL-wJZA/|\/vd qLpyfjG +v8$Nigka$C/% .6pu࿐?q]kB}mWspf r$bNެ!&dե;Ex~_|?`җɅE%ʥwQcbVYBv"+VU@8dIv6[ KNVT_ge$b#7f_?lBh5Sxw|/x"hV&+zHEIȍRi.MNޓM5むm&Sf|6L($pLWPķP}@{Vz`zȣZ㔟 *&}rLQK,҆YcnSC$CQ; IXpKCnz}s!b 1;v_–A7*S9EWɃ䣭3]zdfĂ$FYa1 /ck @Od6ۗيO$,ѻx)/t/ _o=`:t( xQ +O`WIXb;F;u,;%'srȧٲYGOy|Y`"ۻOe曐Qr0H˳}2,o=їUb#\.sc?JH~X{?]ArlXpq( ~dWȷF[Ilendstream endobj 1285 0 obj << /Type /Page @@ -4702,36 +4705,35 @@ endobj /D [1285 0 R /XYZ 56.6929 794.5015 null] >> endobj 326 0 obj << -/D [1285 0 R /XYZ 56.6929 744.4469 null] +/D [1285 0 R /XYZ 56.6929 510.1455 null] >> endobj 1288 0 obj << -/D [1285 0 R /XYZ 56.6929 716.8556 null] +/D [1285 0 R /XYZ 56.6929 482.5541 null] >> endobj 1289 0 obj << -/D [1285 0 R /XYZ 56.6929 352.0635 null] +/D [1285 0 R /XYZ 56.6929 117.762 null] >> endobj 1290 0 obj << -/D [1285 0 R /XYZ 56.6929 340.1083 null] +/D [1285 0 R /XYZ 56.6929 105.8069 null] >> endobj 1284 0 obj << /Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F41 969 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1293 0 obj << -/Length 2722 +/Length 2444 /Filter /FlateDecode >> stream -xڽZo8N,_z]?Mb%^Q(l +K%';~3R[NiPo bXOX3 2_ޝ3sL>כۓW*,d0]dEGܦ;t&}l::#JLW>^NC^~"LDJ82s꽻>}zv/ -p#_O>} g*|p&XN'WJ9JqrsV`oL;?WY -y|YZò|Li?D(ɄUk-z6ZH)1 T(wI Ϋ up,CXnWtWwٖՂ]Mv*"VeDyլf@G,}i-u6T,Ff YLgZ˶9.uV6Ի{lX5BJt,ډH0-u`Nu#$R:U}/!AxJGLAԁ,<4#9@HxDY& -DiyޯXz-sy+ͭCu`r iJ79ZMZ@&Mr"_:CnTokӎ&f eb2@rW>Cְ.[#Vf,?wCX$M#A0, ya_6)")=8P`58M!F$N1.fw%ъ>+j"S 6CsxfV&i).#6Y"IOriefn@h_ˆC"2C:BxcyU.F$'j"]*|ƻ=Qgr>GMVЄ44AӦ6-?>k#nPQVicԱ?^OS e}Y<6/TTӚ^UcDp{&Hp-Yf^ޤI#} EPxa))@ڲCH [}ˮ3IQK!0| kC%,ۇP~VU u{0'CxL7ٜL#,+FE=}=xC9:;j5jw(`sz3@p *Nsg[=oQv|6# ԴN@ yFG -&Yޏ %pRc5pzd&<6`p.\եÝCIA ,dL` bM@>5ٳ|y'ح17w6$=|iv5&>$ ->T.D(+j^nYJɠKA+8fXd{ -(gZ`$WiRlr#!/!&: n„DJy_cnΑӨ0r"eZS{C=(tl!|iD3\  O븕RgW7vRd٩KB6r^=GL` о;InYmZ&[ Ao٧E4vX -nj3_c /3'Kscqa}Uˆt}fv 5t`ZUx5eU ۤ|&L]s'q6Faue6K᎝haG-,NO<_7_{G~+EXk,ni|vOT8? +G>?pL3rW0&e ?J|(T2Rwhz8RZvF}'_h\&hniUԒzns阬fjF-oê1g&fV?>ᎇd +IqcwB^.1SZ9Y9o= hSivYEvz; 9β ;̜~+n `OgY4rj=qeDʰĚo˰bq$L'D}PgE6ކ&aWq6BW!Tp6'hOQqpΒp@Y(0R84Nʈ%i7'j_xOS%O2ثc k}4+K+z>8WiRT.Dp8DE@\@&I|)xBΟSV:gɝt^9]ʦC p\FbCM.n[?U_}g5t~V6oku_]?sj)xH8).4Z">j3JD.lhZق2mh}GC]Aas3E\{ӖHTyf=*cbA?Tk!Y$@!=$$$ޜ}p`AZ*$;B790Vw$cqK|"awgrJ?cv- #*PUʡJ 9p߶{7jUT/Dzi2|2\|JIW"=G>?%<}#¦Lp@X'ΗIq&ҝI 3|&Q: Ƚ#OdMW9mhLFzMr (h'>l|K/Ϯ@ZQ 7u-ӄσ)NJjua⚘\RĻd3>O8t4;Qq>‹ AO,a$; q jQ~.dWZQmVw[Eα +bc) d*f٦V.Nh=ӻ =mUa=yy8X K%B}:tf|bލ RqzbN{OuG/3bI_8[:[.襣 +1o#32 ]6fp۲}«士"[ҐOTX~Tyz!Q0<|W&OF~;+|/"?hO1T3k˹j$2arendstream endobj 1292 0 obj << /Type /Page @@ -4739,93 +4741,100 @@ endobj /Resources 1291 0 R /MediaBox [0 0 595.2756 841.8898] /Parent 1283 0 R -/Annots [ 1297 0 R 1298 0 R ] ->> endobj -1297 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [519.8432 255.0679 539.579 267.1276] -/Subtype /Link -/A << /S /GoTo /D (lwresd) >> ->> endobj -1298 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [84.0431 243.1128 117.8035 255.1724] -/Subtype /Link -/A << /S /GoTo /D (lwresd) >> >> endobj 1294 0 obj << /D [1292 0 R /XYZ 85.0394 794.5015 null] >> endobj 330 0 obj << -/D [1292 0 R /XYZ 85.0394 467.3023 null] +/D [1292 0 R /XYZ 85.0394 220.329 null] >> endobj 1295 0 obj << -/D [1292 0 R /XYZ 85.0394 442.1291 null] ->> endobj -334 0 obj << -/D [1292 0 R /XYZ 85.0394 305.1414 null] ->> endobj -1296 0 obj << -/D [1292 0 R /XYZ 85.0394 274.1939 null] +/D [1292 0 R /XYZ 85.0394 191.1908 null] >> endobj 1291 0 obj << /Font << /F37 827 0 R /F41 969 0 R /F23 762 0 R /F21 738 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1301 0 obj << -/Length 1218 +1298 0 obj << +/Length 2003 /Filter /FlateDecode >> stream -xڥXKs6W($GsruqZE99 D$- DjJ vA;$AN L!g݌]@wՇݵ:17pfYGWQagޏ ]|^^xvo_/MS`u|hfbz2]M.fFΖyڐO#8"γ uO` xϠ?;Bn%ej:d-{Ժ=jBP9@ u9x6Lv4(-Y"3m)L`e F,LW]vq`m'OQ'ۚ0 dK4kNg+n5l[VG0O|bEvQ{, -؊Ja". آ.gQ AeebƧ>׃Ni6L7+4YD5D[%VIMHtFּ\^FvSjOpR^DfPU6oXg>}k^6 8HjCin(^|T[@ {oꑤC|9p 9;-= ^ -ds+tPٚ'6^X3iA3S۪X-gʿ;[\r=L_@s۪۟;`>2l:N1R2o頳mV`suk˛U+S|+)Hr#tmSk[,X=$y 539qlL ' +J!yvxOMU.{捧\ wq,q=R1|yꉩgP Am~_g5XІc#բPun[V&[78!lVE~d+DsRy׬\GOaҧgPfWY*hD}, ,pB\@OZQӕ7v"w_wnʉH)~ - _Pendstream +xڥYYsF~ׯ#TυkزW'E +%k7߷{z$riu - "5iy+Xz"̲Z~>EŁ #]Q$ٍ0NA>roOC]rq>󌨯RD>g8?_|&NL^}9.bԇ-5yG}1ό2%Hi*EܛY]&0܀[#Me1U֏9a@I?:9Dnb{mK!]UVw犐Q,fO |rq,,Ppqtey +F[`/TUx˰qr[2xնH<`퐓$UwFj8 _4H`.qF7:OuvC{P;4ΌSlL\쁻I:G?kh6`tU? g^Ҕ k&)K0s˜#qPp 7wrKor +ɑM 6߫#_qy& + 'ska.uݒ]<+^g4\v)\Di]'qNH?Iڼx&`8ý4wh"gʍddLp}ǃ}k$ +_w=)K.Nme1P177fl ]a>ɜ1'!ԟ|RA{nH"$]/Sݒw۹>mjyvS{t^.ώ vu& cCi|-G7mMLs<[=yoX=ia##|&u15[>y{&m9Ӊx'wZ.Mun{6]U[?g<{-jz:_x>%v~pPQ$!l>(qNa:81endstream endobj -1300 0 obj << +1297 0 obj << /Type /Page -/Contents 1301 0 R -/Resources 1299 0 R +/Contents 1298 0 R +/Resources 1296 0 R /MediaBox [0 0 595.2756 841.8898] /Parent 1283 0 R +/Annots [ 1301 0 R 1302 0 R ] +>> endobj +1301 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [491.4967 730.5319 511.2325 742.5915] +/Subtype /Link +/A << /S /GoTo /D (lwresd) >> >> endobj 1302 0 obj << -/D [1300 0 R /XYZ 56.6929 794.5015 null] ->> endobj -338 0 obj << -/D [1300 0 R /XYZ 56.6929 769.5949 null] ->> endobj -1303 0 obj << -/D [1300 0 R /XYZ 56.6929 752.2028 null] ->> endobj -342 0 obj << -/D [1300 0 R /XYZ 56.6929 681.9672 null] ->> endobj -1304 0 obj << -/D [1300 0 R /XYZ 56.6929 651.209 null] ->> endobj -346 0 obj << -/D [1300 0 R /XYZ 56.6929 616.9944 null] ->> endobj -1305 0 obj << -/D [1300 0 R /XYZ 56.6929 589.1412 null] +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [55.6967 718.5767 89.457 730.6364] +/Subtype /Link +/A << /S /GoTo /D (lwresd) >> >> endobj 1299 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F41 969 0 R /F23 762 0 R >> +/D [1297 0 R /XYZ 56.6929 794.5015 null] +>> endobj +334 0 obj << +/D [1297 0 R /XYZ 56.6929 769.5949 null] +>> endobj +1300 0 obj << +/D [1297 0 R /XYZ 56.6929 749.3309 null] +>> endobj +338 0 obj << +/D [1297 0 R /XYZ 56.6929 523.534 null] +>> endobj +1303 0 obj << +/D [1297 0 R /XYZ 56.6929 498.8411 null] +>> endobj +342 0 obj << +/D [1297 0 R /XYZ 56.6929 429.268 null] +>> endobj +1304 0 obj << +/D [1297 0 R /XYZ 56.6929 398.8008 null] +>> endobj +346 0 obj << +/D [1297 0 R /XYZ 56.6929 365.2487 null] +>> endobj +1305 0 obj << +/D [1297 0 R /XYZ 56.6929 337.6865 null] +>> endobj +1296 0 obj << +/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F41 969 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1308 0 obj << -/Length 1136 +/Length 1157 /Filter /FlateDecode >> stream -xX]s6}1T ӧlff<Xc>lWX&HH{t%.֐a!ٮ DҞ仛.ƀ Pa2ڰ5niYˁq6 /2@'‚C@,tw㪿w׷7/y1|ǣxtw5,‰ ׷ӧaq0T:@Z 8@peA캺 Lb@bƮ'=Nmҏ$n7h⊀95][ -C7 -E A}>]>/zbi4UY/&ROInK1qp{dʅjS[zAeӲ?ogWo=,~ꮒIf =*4R> \ނQ& ρŧ`}O&gnO$M N ;%eॴg((>tB,2YM>쳐._AA3V=`_H2S)v&wB鼲 -&z[P&5$oCg ` N5"#V {DGՒZC0f3on:Eq(?YIvvDB4Z\yQ[64llwj.!3[^mmsoKD'ns2ZJ ÆctiVtptKiM:e6GukCBzT]ߐ5{ND*zAtNm[<>}(5g"LvA"*:9H h!S.?d4rU@*ӷ yiyaq'e3J>W$@vh: R r,y:A`^m8/P2ap,Fj :kH咘!X{L?xendstream +xڽX]s6}1T> >eSgnuݧ4A J‰^ad2=˵,TxtBCzQ:0'zhz?|FÑ=2I +fX4~x2g^x#/z$ԗw\}jz^OƷf<VYޮ6w&ן>]OӏkNI4bENxƳz0\ρ89lݘs@@j h 7|/#v6 +> 4b(e "㳌Ϗ%e.,z y~rIXvm/:XF D ba%s(d̞@ h "Jp&E &$I"$t@^H瘟E2`Tbe(gȘ$nDuV)st}"G*4Id;f:VzPq18E$9ӄ$I0YToߦg\N 88CszFV+DIYVAPƖHo ;TȆqbY!T~ן;I^tCY`0{€È]r(EΥ98>>2xWgpHW1﫾aPW>f|xO2z)Щj-|ոqt0ہai0wkV־LtN^\PEXKmj򨤉XҪ[~ +Ag|k8A~%GHJt15v‹^^"W=T&.tsw)guK.m vZw9!Uh(W()YhW# ֙\`AŶpNUS`r ]hYsP6 ]Wˑb7=Gl-PfYE滯!`V[5~,]۠[/A@n{ 9c``~Tzޜ]$endstream endobj 1307 0 obj << /Type /Page @@ -4842,14 +4851,18 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 1312 0 obj << -/Length 1183 +/Length 1151 /Filter /FlateDecode >> stream -xڵX[s6~W:#ݓ'6%tIKS0-]J" W `mfacIwnґ/l:koA[G$][˾TA:|j> -uC<|:Ѐ#G5?>MG/lg_Y?-~:XEth`@ U %k1 378> |EQ*-dȦtvW/r:mh[Q4)_5N, E㟺GaȊo9r}h-kvCeCu.AP!QVeK(jTTAS -]U ^*U眪BC:P5tS7RűZAS \\}h ntwMk"Wwڛ6=d-CeN6lRv $1-4 yd,ZB5KVo%ׄ|?i^s+>gkSP  XUV!{&tT>]]lRm*5\@J8k( +ΝPע㹝gm{=C jZ;.HNV7*W/W f \/JK#[Cýeh\8Oj~a+.6 /_A@9 VpH9O^KBj qL*;D'sp'^*#YK=6Cv)tK-BXq^&H@A~=c!<]IL;rly:޿]8՞%Hzq?m}f ϗSJ'Ri77M4:"gFlWzR^@ێ;azz-gNtk>01 +Y ͒XuUQOP' JY1H%YqUsN`v8p*/>-mʸ.oZ9$܅k@ +R +maԓendstream endobj 1311 0 obj << /Type /Page @@ -4866,19 +4879,20 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 1316 0 obj << -/Length 2227 +/Length 2010 /Filter /FlateDecode >> stream -xڭYs8_ٗufV,AI>%٤.{v2Mǚ%Ww@d+mo@ApNrx,I&&x(& 7' PЗ:d2lӕ3d|?g7A$4eHđ4\{{u,ή߽%ۋ E# W$ٯݜ~rr9ocǓd 儳XbrRFI"b&8䷓t -{o18g"&aρ!ϙLd6ɄdiփOZZRRAۺjz|M3,!BD#JVUQE*mu59pLYԭSք}5Ukn;;K2k})W3l9VGcT/tj& @IG$;B=pA݉xC"0\2P# ͱ,TԭzD[\czT[Wcp6-yyA`=ˇ Nyg&]Q|WYxo6Hs)h87]~ZioNI|]ױnس#x5wG"YSW#)xwϔ?Mq?#>v{Я<endstream +xڭYs6 _GnHI).-2rEǺɒ'Iݭ%GMw)@|r"࿜Ċ ? &Qp%,gbrޜIZ&nvM^8-{b.XNf.~]ޞ3Oiϙ +o/Σ`:~{C˫˛חLJyÍ.i/n~ZMwj^}Yej +jHgҎ啕'ÈOء4)о,rgYјA'$> WZ)mLlNFKR XfeY 1+wzX nxEY4zќ|cYi#Ǫb/{Y'h%K͚&?5|]LMc<䟮##v'3il>^= C}L4*k`|''y&+ <8y "}Mon7 +v! +&Ʃ{3h"cj2=&$ yZ +C}q?MSn>/_ `:7@mRwlc +1+vH- F)4[é%Fo﷕&;U2^Yxj ddž1D~ٳlEto@v ʤs"*/>f8*#*&BCHȚy 9U.< .RpnǿsOю ԁrf(w\#~%Cy^>pdu0JwIS![ܦs(H\R `ڭUYJXh`w&DoՅKmClIk^+mj۽pW黋2N#):~rQ][#M-{`'s9;AZ Z/H׎2XHB{?ͺ)'3"P]gܑ*).D0KdA`Yk+ mCڎ;i &'< En]* MWߎuI$D%,nË#< +ɶOq՘ҳ(W- +ym.[ Rlд8Fuz T|"K@(B,D@)w$h#Jj"=UEqIcDiQph\qOBftlh-ޑ \tgfp -8f sW)$2p¼%:ұs)e~I}˧%{Z0J:JD'ȺGo70< C@n@(S%1҈~K[jV|Kj[0#_U;}[pW.;ڌ0^%)lV[HhΧiwK> endobj 350 0 obj << -/D [1315 0 R /XYZ 85.0394 563.8068 null] +/D [1315 0 R /XYZ 85.0394 310.7111 null] >> endobj 1074 0 obj << -/D [1315 0 R /XYZ 85.0394 532.8706 null] +/D [1315 0 R /XYZ 85.0394 278.4988 null] >> endobj 1314 0 obj << /Font << /F37 827 0 R /F41 969 0 R /F21 738 0 R /F23 762 0 R /F53 1062 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1321 0 obj << -/Length 3992 +/Length 3418 /Filter /FlateDecode >> stream -xڥ]sܶ]Bo&MIO-J'$)GIߑ#ϲ뻋]KSҌgt  X\O\4J4Q,w :p -$4Iezʣ8jsF2 qooëL_Rۛ\S݇W?U(r- ۛo ^~w׫a/8|r"#a](DZ%^|p2jz'H&0P&"L(M`X*L)/uw8Q*?M:y*1 6),mnzPfY^2,ʲau_1h-,}693(C%H/C!"kXذ}HAD"]s_ -*>PNY})TQ ,:aӆ][Z*u71Ⱦ# GCT/zliÕԿخ}qHx -IJmn -oݤ)Su]U8oۃI< ij +RLjݏ4tK[GFNe2xZ -(v-Y9MKˆN,zooi 9};|Eo&v2P6(_&㫨qRPaaϠ}q5Spۊ6m?߅`dT&PR5Z3x*q[w+bC#, zG9Z -,# -kZGww< 9y+qߨuCc7ˈh9e%4;\qoۮg@?ot+K+LAey"OD -P'?.) Y\7PfH٠T4qh&/.0gG֎=HB8%"eί$F$JTE$N%[.ɓy'A$&Nb<Ĕe 6yuE06(x:4T:RyrPMN -~ÓJ,ҙ:Oyό[dNVE(ݎ Vl#G]q1rEm - [9'm":\?90zqf[GcM(_ԡb -Ǐׯz`Ow\ ~=6b pTsQ9oT,ea'IhgA8v{o5C[4TVyYS'Rؠ/N\qo&CvGWt>k|źn6#󳈟Z-FċHbͦ= +1Rl@SuU tdzH" Nى8vbuN8W_Q8F" hPO'f NlF}E2L&Y0U\+g2n qy@冺lT:ld>rrrA}dœuCZ X D/ڍJ*wWa2V$TgEZE B%෩M.AuϽǦă+3 &Xm]MkfB4ppP TU)iDyužk*8C1@y2󢩄l%6>OƯ3!^ɶ(.k 6-lG,u{CY M+9#YEw.Jpu@mb:+ ^nn˓ۆZy}uXl;3Y+e ǾXoyk2Ky´Meˀ#ٌ#DE͔r*[p+\=-UG`(.yrînH^V}agP5ȝ ha*ལ&:u&OmC8 vSaG]HxTP(NV'ޚg:sZkIcȇP =v|ŶzxISdr괩<*ʱ>oDVg)Kbj6փkvftE\&I\RǴNlBj*ta M ԼW_Rf+S܁,EN[nk N-f.VH< Yk ŝ1'ӳjl"7tB6`}`zઅan W:Daؽ$잓~Ǒ77=dflr28E&h+_pPF JtikĈY6 ʵ_<4eyfZ?]CU̥$#fԝFKI:͸%`.AI:87: JM}1C1$S%CNq\ƒEG%2~%ռm [zKd gKG*U` ؇y@%Zid)!sRŔ)joɑmwu8N'L)9HNb ݥbX,~P|g2bYD 7|ᇫs{GꊍwwEЏ7o>]~XxE_/~V.XT^\p2 +"K)/>]e8C,8t0FLy D xUc(LmݶŢ-md]QWYDjzʲ~!RF_yGzmʒEr }̚9Oe|4*YV6 +JP/dvY' 5Cӓq*_Ͷ/`W_Gz3vм;̪5 uU̘w嵏u_C,zJx6_uA" >:\$JP~u0ާm )iczKgD 3 -+ree\? 5<i|p |\J W_Qk tc:mְ>fϹn-ajmXaό}r#_pr&ьZeT c{Zz˾uT(N*@D5Z쬌u~Cm4ă9|m(ZhqV[6$Dځz* b6Ghݘ K41V#̳ +VsV:D&I T}Uնϖ|hCRLgŊXPXL!=#!q<=C앀:biX$xdP\uV^ !<] a{?A|,8A &-ojN + C+ڠ8@1DXĉ;Z{a4`: M`"Čp [BwGjtuLVv01JlP ZcWDJa\Ґ0$4[Z,tUSAku hqỠ煔^ RԭdҾ1ﮉňzN#/[6ӆ#P43ai=8fɫ4)`iNyEa7]G{զ@2Ғ{cz9Z%~.`!. W;oK\7^^L0 6cm-m3OF@z)Gׇ0[Ay<2DvGL;Ȏ.Dnv3Z29fgI#3{':2ADߛQ)W6ǃ^6@H@jXE[}gxYH~^㉬H)m2F:oPUD^"Ƙ 2C)+r#_g}ّ^Z5?46 ׺ﶽEEl"mg^o>}Sڧe#>uWt4a9U㻈x "a9SF&:NMTEP.Ruz|je4<1\K<&5 g[uˁ&* Z~|8-HLcj p )6?.y q$r NDn?^֘ΆJy{7WG7 uK}#])MasVTD3Ȋ>P Z[4823c"`fJPM*--q/\up8~H\؁7AȥͥMVg$onYHD]pܔ+h~&ޝdl#hlC8i?-J ls +g:>iDD[j ~tZ4ƉjR~B&Ͱ@D +^8٪=΢g2ت.1|(*>ek +"PC0nu.A)N>p9fWAegng-dy\+[&|G8 6W:,fT2 x +7),<9,ttU +Xۼ;]Brq?tuC ]( aq1R[ VQ#Ϛd{f*j4 7I?խD&,Қ97CdUJE +!B~ˤ(_!f`gJk?8怖/i?ɽ[KJQIGʕ4ٝU[)]+Y :uJ)Wou18ƪxa!+Bp3g!++[f-dr"D#Q¶X1y8Jپ2~jx*j4 .)Qn7bO@(œq\VnvC> endobj 1325 0 obj << -/Length 3685 +/Length 3572 /Filter /FlateDecode >> stream -xڵZs_3MN;_ziΗN$HYHBRsb$HQr:Xo? O\2/u*r/ 4KG{ eI\>L#._z2R" * }{O-)}}otxo?޽Z -x>|J|ts^PF2mp25*a 4]J*ҵl/.Oڡs T'K RRPԖ:HҤr$PM:4mY=/ h[L-bHsqSͰ = %TَkݕX8 -]c[4_ao'`)#먔5W, @ժ۾RY@)* lػR"j, N]Mߜ-_nMI:q\TAX( b1t)5 W%X2o$"`Xg-ӕ--*HDjx <<8ǓI$-w*m*<Ud>:aV$VaA54㔨j6pyԩ-o0mkp_V6Ö΍þ;<\+ۖ9~ɶL%aeVv 8X)sr؀Z2Tb[t"͔FW̟]0wܰp7tl I)6cw]2 QwYP똇PkZ}wU9ԊTjA>Ԃ>CC-hH(R Aa>Pi(D$2rHIH%|@$+FV`ƹb0x?\uڻ7NCwU;W/ 60Q=PZIi 2TzWHTBu20 -BT3ˎCHr.,~~㻟b^T v)4qf(36Co}@C~իzk5PAWMܧxdbܓYxµ'].++J4!eԴ֊-jI %ֵ%yb_ B9MV9>V^vre*\dl.wCU-ďo))A']a[OuYn_Ռ[`er~jf[11" -LAqJ (_>1!=GI1n!o]֔[n"wZa$?fJx0`@YKǿJNUٻQe rU{xr>U>W -L(*e{ؒc iJ8,05nT믬. hmI;ɐNS?HUI{|ɌoXemz"P6d&DbABPd->#-n2Di#HMAe{*6 8ؓr)8k9oA|zX4',(:XdFũ !ob J~mrS&'E#3نzu}uGbQ=?,Yf}ْ1˪JgxWu|h}Ľ $({9*?r$nԂ}uDh{ DqDI;li|H<!ژT3 LsrH1ꎙf )m@ֽ *!otO0jh*z'l{`X[kƌƒ'y}K(SRlyx1mӸ gUw'-DL3Oajír>oԙwDf>+ѣp2@tR/zIHPcB>p409t>-5 ?JDZDQYonPns3H_ԱF+L7XӁѲ cy3?t"!yww}>n(&anf4 -LcB!)k)^˶ &)9 ˎ-:`%{ 5|a2ͮpS` W7+r(A.H^P7u}L&U@?y|CmxdPpua)|'k -ݚBf2lۻ 55XUp@+S -GnpS;W;R.kz]6>)ōuv9 RZ)l@_PV83NQ:Ʒ<J/jgbϧ?pwU3\1~&RBKDz=Uendstream +xڽZݓ۶BoX8|cgi3$;q"HHQRL;A`,Č?1 *׳4paf =hhS}psFLfZY&f/W߽pv! 'va>ԓO߼{Ǘ?=usۅȌҭpf›w?SǗ?o?oWp3gf^8y.gm3Z)߳t`4jNOH%2g܀,QZ)K1%eOR.5P)ID>'ZE[ -@y:]?ފl+Z|Wm6ۢl|YCWԵt=UjO}K}OUS틾n]qZ"U;j}5Ѭ6u߭n܊ HfP yˍp-qLG\` A@V&S&a0I ߍzˍkYȦ-Jz&4$:u֣a%ieXoN(MՑ# =i7h|i\ᥬI%B)ܴmk? Zŀغn6%Ո :k_wd)K9]Dt< +iUՂDut$0ttӁ&ֵW{>{'zf3ɫu{?옋; ;Ѥ%Xne]5Ԫfêٵff!rq7ʹ"pU.'O"4<럏#Kvժ;iY=M nqS +kW)&DPH,ϲl:.ŠxIk + d٤6| +>tœw`N6kYt5db&g8Ɵg؜J7a0Ev`L"l01y T.ϙȘT:w|`&R1 |jjzǰM4X }%:h(Jk8`#]syvA2ys;YM.&\e A3!'I$ң'a'fv#̌-8d/_=})UOM°tnl6g5 !L}0^u/B?~E (5pvc5mSM.Zx\Ꭶ85 +z(0yAV~H2[~7] S"iMF:mP#0XyiV'm BTfݘ L3Ҷ nu. +8RLP׎q +9>֭4YmZ:FG=1ڟ ly@Sjuy\ 9&A`a 5bҭ1q5Ϊߊ6ks̸vu0+T +EO439koR;㑀"[)Y6ڵٷvx=Ϡ]Ь07(j*\fRH7@KhhWp, +R~փɄ!-K#;c(nQY4<L+r% fn_Nmt]|q6 ȗ G'>q$J舨.O;.唘_f PMp0ʉsbJ{ z V]60~_nBYMmp(I~a7: Ax=,ϣPpzTEQi:iLcл:t]:6'7]WPY30Mòzo2g +mC]կ}Vx+ݘ*7++wj]f!PM04!7󦐔7B&Ʀ8h}Y׫]xƦfAOR}1+l;^|]s0%XXXH:acr3dv v x-JF SG)8 :`Pvh<ԻaME*, 067u2OfWr'_f7^u;W1}OB﩮q2Q9[]w{'@,q:>ƎTzE-v^M+Qd>#ЪVŶ4{6PϹ7vgRA2iFה!Lo VHŲ=>> 4s,"eLu>Q@줠 H \d PMp0,hgKdȂVBZrVݝr$hᮨ B_a]̕qG:f\*-Qik2 W'C[(!#:# zT#=ӬLT #$&\ 9j橅RUVaU=A*ıBTq>-6uIE<|Yoբ[wWSR!^PO&yAiߣ1Pȶ4Xdt8Ny ƏF|e֐(f#ژA=XDt<.^' L⮘]2el2&.hRK4>` ^."T$CEИF^*g+3EEL'CNID As`""t8?b<$96͹cMv)K8&SytOk+Lq̭BcW|1T:Q`kV~,z^} ys.t4<<{? %}@2U-6cE=;)Ch;ݸEE +rCJ@6MF9:0lk4mQ7T(K8UZ6 q %0FWkFI8ڋٯ9.MUn[|Q~n^|U~xڴ- ?CWQyD +6ne\&bBށtaBоE+w_%ϥ#[\)šEbhjm7үjm O䨳|h`c<{?tih[HMWE0C%x!8箪O͕#Wܹܹ-9"0Ͻ j3 m-D+hobE:DhoNh1⟅g8G"|F2 X> >> endobj 1328 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.9497 574.3793 178.334 586.439] +/Rect [108.9497 330.8321 178.334 342.8918] /Subtype /Link /A << /S /GoTo /D (dynamic_update_policies) >> >> endobj @@ -4991,24 +4994,23 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 1332 0 obj << -/Length 3398 +/Length 3473 /Filter /FlateDecode >> stream -xڥZmo6_aKҒ%Qtm%m?(6 +K%Ǜ;P/ p8>B˙?9 lf*g=gi|G;{&JgY%a2[x@h-gw߼$s ߼y0ޛ?_Q뇛w.n}cnh(a߿G\~}uݏgWwZ"…ybex&(l/"Yg*XE)n1O''EFI80(P βxYD0 -woyas=l1 (%w Ek /KhkW?6]7񠡢gӞK"zl)'꫗\e,+ţaVPv_ .$w傚1MQ=DfhA) b)ɦnuQDr`$’43+jQ-5"E,ڤym &[zB|m+IE5V”VOr|:TUmY&sgL>mW-5.=]yʻk5~摀q@71@vB dP]^ox?gϮS=Wa u|Vv@R zP O|נYZ-zq$$ &BxTPcۺn^>?2najac5]skn^?GP&Td8Tr zR pEj UJi: !'aJI=⒤N4I53/~"4 zMU|ѻ]>NZ#؀FZI x qB.@a'MfmOx>n@z ,t`nmsFͦ,n' 0Oـꄑ9*i/c ""ӧ%&DX5$  -Ll{HpEmca C{Ǽ,y ž.DyٚmfKomU`&uσSj˱q.8Cկ~԰Ӟ؝ -h 5G#B׏ g!GlN`բ^3Eio|v3Ofcvb :;O/عbWdzG*zKjw)al74PeK]vU=+vH-u~^WӰ;!OD4HBꢕb佧LfzC)wgF&*d0m‹:1)R"S+-K_FJǷ!?c66 DH<⾿=6#PiltxԎ) 83_I=4&}м5eg2 -@\d;#1 t;u*vZ lfCɝF';i~-)OL sٔΞZk0T|'Hfl1wGdK>x 1lZ2ABu(>:^~"S ,b0( PL` \ApY ^O޺u.vʲu$HƖM[A -HCXЛP Xٗ=`YhiV9OȻfVRv dآ 2ܧ,S0`3mb*+o`V1pYلKrEWܦ0 (FbӦ*J)c2{"e@^N>LN'7L+sfB`{ϫY -jU dHk!v|~E3>jrgWđ|iѝFlA8(i̵~zwCf?"u*B -RugdiJűfC-摬K*CVS;*e"_0ʈ -8UQP:Fd0˦fz)蘡v{H!rC;8XYBLiݘci3ŘFiLQP. Ym>J -Gz)a1ϝ;SkK OU29(4`CoP>(.fjc*8tB:?:Q,Į;` kd﮾C*nIHNo鵬OvVZ?4[k ϖ.&6:8#!g?*朇xj0h[qԽ)FW*ˍ?mGKCu1:^{C{}^ `sZjBQ"QAX[L{ha -z uR`e(.jGrfAH0Ks%%9 x.?ZPڌ,cqi(?3!!te PXhpjhXٛmC68i4( !ĩxO]IAmb7.|*avu%,R-4T$$8A) apeYZQQhE\Q}l6{$&o{ -IU a58}\hJu%du^s(:,~D B̺d烻T$͠f]bܗ0=oAVBD!qd8Y'CDGpdONQM?@ G)Ym(]=WWCH\):- -W*):, Fp9*UiMvQdwl%^[d zP.:N^9mBSj|Wtqchi+hbO|ẉC?x5oXI?U^FJl̎1f;V^ Lh 1KhQ_xqNsGeΠNuOEs7 :n 2HeM[̟&*N=|da$(s8/n0YmRu/}wj蒟L8X~PtwXcG! -Z{AjfC)aW?8C= aVJu!*Mæ&k_ z-RˢO1RR_wL\##p_V~bkDSii}$n( LX(<Xs endstream +xڥ]s6ݿB'z& fXɹ;۹NZ,N(R)+.!QN;L$bi_2iG&Y0ygqi❊'j'Z$<,~/sX!~}wyznϧ2 +w?zwyssyw>I$쎆49nvvvg,@A>[0Y8 |&di*'0R~*z FQJJc`"(MIV0 Eo WDHxPׯA WYM\x|Ye1 ू˪!ޘy+9+vS^#/ޅw ~.bjMȃ3CͨQPmk2 EaMBiIa>rߔ + "L7lEPlK@Y +NA>$2%eD1MWLR}25f-ͼb'F#"&SJ;/& +yU-=E-fl 7ٶmkè%k>cMHic!4$ iTBllf1}BI<^H woF_)XIʤN!95/CJ%!T[꺄?,YMңY"(4DZ y:Z"ZV;"#b䤫lZ`zSH"d:k-23(~}YYNFfnE礘i- b:-f-j@ dlZˑEhڅzkE/C:mJTB0`KY[~2;$vOW5#jC݅y6OY^$amΰ;kHbk\Ɩ}7+w,S/bF l +4VVs\Sl/VM2G]g 3Pޛّv6 {N0Vnc 8OM]qP##Qey|3 ~Eߣ[NҴjnNv X EΣ>\^[sp ˛ ylnƙ%*4J=kԁF~Bg"~VU->x f kG} l*ǂXq5fK3&5ఙW ZyZ[$ExlpD۾$>òR{j%踺q 2d5k%O^1_ۑEVӊ5BHh +L7h\!=q#۹zx%D;nD`蘫wwwz-ϰa%!%C #KXujǗ S9r,?#)L ++5j7/نذJ8fMaUnVnYqS֨uIɔ'ʤu㛊ȻnȝSi<ݞ yabM t%2.Kv)4/4g@WR+3Tݝd"@yƓKuNJkx1(aqVB Ũ[ymCG +@1p53Gk@VҠe+ޡkYyUGzlkKBqy9 #a9` +g'fc۟υ(n++'!j2[th3!b tJmgb;?'e}~!J8'!m|I)9=`(J@ ++tA.~" vR +|s \j[olk˞T(H쩏u:{jpK2sY.`rPihFNXu +!ePqETek&U?m\goiGMQ"ES ra~OB{p;b%/TrMi )g} fS-րb]ծ6w)nͦ܎ L0:-d-JYCP1-SV?1q&Sb01 B i%8Eb%$^c2vKjڇYcCUhr Pe eF6[xk#/Rukp$r͎ -<*ҜV@-, @~_Wm+ǽn &VKfQ,*W<&#q.Fifcf"aONy;ݎe]:'yJB>f uk|Bz[y1Tz]nĈڜHgMô/m zn;qH5bukBx .Խ8d>7ԎBUJq'p9`S\ NNURFS? _ My[yNj^ JoIN'S|k.TVNKq4V[Ɔ}ʪiMdS c TD}<‡0qnbj\jDS)bFFY|y g 5\f;&ى PUI&=)KN;C=2Wkn 5 [jifAD!zzG({J_fےĔWVb&ȡᲴ. "hkhd~=DV:d%̗M%Ru yuUx5dZ* +h0%{Nh$H'arjM~y=I .DbQ<9b/@ XXB iOhE0 ~8Mmlv",PQ0Q_Wrlv%:CtEq‰z zVT/!J3:/Y?ƘFqDQ PW_mW4 ixb>yplҧPȯ C(KCیmLeOZO+y֏zk?5o)h܎eR+_$*F&U n뛩YTs0/!-{ۯ{RӖ 8|k͹ 9AVj_H>ir /IӞi?/+)uD$a0QȽHOWcǤ^/endstream endobj 1331 0 obj << /Type /Page @@ -5021,46 +5023,34 @@ endobj 1337 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [250.0538 392.1007 252.0463 404.1603] +/Rect [250.0538 148.1006 252.0463 160.1602] /Subtype/Link/A<> >> endobj 1333 0 obj << /D [1331 0 R /XYZ 56.6929 794.5015 null] >> endobj -354 0 obj << -/D [1331 0 R /XYZ 56.6929 232.1504 null] ->> endobj -1111 0 obj << -/D [1331 0 R /XYZ 56.6929 204.9701 null] ->> endobj 1330 0 obj << /Font << /F37 827 0 R /F23 762 0 R /F41 969 0 R /F21 738 0 R /F48 985 0 R /F11 1336 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1340 0 obj << -/Length 3421 +/Length 3513 /Filter /FlateDecode >> stream -x]sݿog A|$ՙig:iZ,$R)_]%Jrӛ]ĥHe2tG"/'xB0N뇋nTzY"ˇ7 #cC웿U hWADoᆬpwsW=pG7w\_<ÑnnvMЇ.qe" -Uf"B*Rnduŏ[tlX2eh"9(b`Zj&Y60Y)&;,drQfB0g#{Zv}JO q(E7Ͷz꼳BM/UKl0{_-&+*;=02"12q(%4pj -"];a쿩6J}:ꮬs@qyGPO,ͦyΪ^HHv1 >w "T^Y"tLYeA=7ӄX;۰%ͦ\VWY춖)X>CS2ea-a?fCk[2>3djoͺ$w,ɫEٮaV 4^ˢ\UG?vSDi@Ly - XmA!?8pʺ;j=@ͮ|/ +[Ʊ>q<2-u?=zϝڭmzz&, 4nPrRF B~yðu ^|.- @S^̎5W 4? x?]{@T!6EaQmٍ= ɘ` _ŸIL@e1je]-U -aJ )MBũv8Ă,qof6ٛM&.@br9>D/W<>n8|!7Gs:D NEhiߤePYD`\Pq RdMN~P8m$hSnI 4=(Uj(rP~TL-SzyQTlzCOhh,Oyr{ {NyqSֻWyY/6Uh -rG_kAi(}22YR u$p-x Z?&Vs8Zc2If*m-)[CQ.-`Eo(~g_C+1!O [?;Υ#҈c4HA6sOkH<:qosSOdnAhӞqP)׮(STmr pl vAj3ȷHT -q}Q -bЉb[,|Ӻ$ҡ:݀7z,[?AgM(2ɓX!pDZ~yHj#w}Aޖ5 -zV݊G%ylUiDmbPKo -r_`gU8:0%x ӸC7ԘH.O6pZq:$+ز/ծQ-;x{#BS} tHdGP {tJ24DFk8>J -Kɏ#yn:h !*|n)'(Ė~ AonX"E{׳-@Um #5]OaSV'%xC -ct)+@D p0Zi6צ3>XNAΥN\] &7vd=Bp(.͕v%y}ep+ -]-Mp-BkzKɱX XT63e:AH endstream +x]sݿogN._Lki3IhؓHG츿%ߥ4boBssoW>wf s>_{x͙ ,!eCnξ|yr+݀g{q~i毯~s",Ȍ峯#y|yw޿pzvs:|{E&0_#^2B߼w_rM~W_~/`ߞqroΟg"LŌV*>} S䧍gFj{)ͼRZLάSRNX(Eݶ<[mv[f6ޅw,ҝ8`ÚC dC9-rSl.lӲ/#F趌fCo +"Q7{agH o\EMcŶ\`( +0p/P.}O妍/j'#eƣ9޳I-u3 81jlo"gq!fY<d.gU5HGY +ͬXP#U@N$zg$dW.@͒[T؟9AʢYA +: &l'+&1$jZ"X>Oi8\fф.8=2*ipCXUs PVMhE9+]@AVu[=lbLRL +݅e=-iVeQGbP=wN>ӂv9XXku]foh,#p1GSܓ-UIAĹh%~z.D2+mEznVYgrk8pϯ}:>-1X>. h ҖG0Z$B &wcOcQw=dŬA#O][Vؓἱ/{dIҮڸHz1_} i eHEEٵE!3f6.:ms}"r"*P @]4/VVWń0gs);f&)Ff>:nVpw%9ɬ7Ѿ[ü4i: &s#.n~hSq:^y(M˺]+/Ǩ /P@B4+4v[Жէ&}sn?or K\Ljz/ˁSi*#PH$3N[l }dawդ +*)}>54-.WeK +E@TyT5@{kN_WU]/3YNnSǵ%iAsNk' b{8P{w.gZÚXx(sP6HyG+Of;Y><9ﲈ0uض]wSiC‘> 5M& T$w" 1tFYcYAbdnP2e jGLL*sL \Z⊻6HXCy)}UKŒ"Q#c腯E-@UoǥSXI8s<%4jd ”Qa`Jzkl =aqm..*z@` iYM}\*[H1.Uۄ*SvP;/b)竘7:y*9[6.wPɵ!Ca!CIZ"m2C$fݞ#Zrp)N^w*'?A! TT +ޘMI෬)r#yWѧ'QGXP(} 4&XAۮ|ʧ NaULnʫ.G4Ay~S!owSPčlyzA”ZѦZd3Q(8><Jt>"pP!@>pk )K+4i6= r8;pAd%"Ooc0/m"F n ]p2ذd{ꦒi5Ħ|Icjo}TW'dGY*M1q xYLZv2`uiglQ V™E_KU:(=3i9 t,I&Vt +#g0ZC;D q~*hR3L~1T<Ȧ\&[7ηM2OQ=Nݑ@!d|VjIu*ZX,* \Ohht? >pmPywPi dWa.+ȱ4A6ўre䠳]n !uq*9:gk;Z=}'\ٱ<m ~g lw|iyW|hӽ2oݧq8:%S{9̘.o`*N;pG"?kl05EQFG'wGMiόO24.z{շk >OY %L)Jd}YT-v@2s7ABH Z:۲S>+8ߣyhfIeݦ̓HCbt :?C,BҦiI+.TT 5p`.mx.;車 gdQx +/->c)J_a]D3NJOS/|uΜh7>$ M kƟY٤eܗ%s$]}996\'6,04+KY'^H^TS9vq$F/ C\/e~GIkǟX\k@|A\"~d] G"w 0Ng;ycx{wN@$HP)&ѯoc՘_߆XǿuX-P|, + M@6w&VB #ƫ_|gU\n o5E|V݊ԑDmVe8wO {^} Hd"|Bcf9NJ!UL*O#&;} d UNΗjwx-Zj`с*?Sb}jͺ1:lcZIɮTګԵl-\ItlsVm^+ Bb/O߉6?R*n`nݨnendstream endobj 1339 0 obj << /Type /Page @@ -5072,28 +5062,43 @@ endobj 1341 0 obj << /D [1339 0 R /XYZ 85.0394 794.5015 null] >> endobj +354 0 obj << +/D [1339 0 R /XYZ 85.0394 705.9314 null] +>> endobj +1111 0 obj << +/D [1339 0 R /XYZ 85.0394 681.0697 null] +>> endobj 1342 0 obj << -/D [1339 0 R /XYZ 85.0394 511.7419 null] +/D [1339 0 R /XYZ 85.0394 286.3101 null] >> endobj 1343 0 obj << -/D [1339 0 R /XYZ 85.0394 499.7867 null] +/D [1339 0 R /XYZ 85.0394 274.3549 null] >> endobj 1338 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F48 985 0 R /F39 927 0 R >> +/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F48 985 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1346 0 obj << -/Length 3776 +/Length 3653 /Filter /FlateDecode >> stream -xڥ]s]ogB>9*S˭δ!  Њ{{w@ьx[6EJ5zUn~fc~x'*Os#~+KYĤ"}XͻyUWkYooi_߾ZL__--뛟h&3Ho߾{{Wr.e_$nկKeeHMTÊ:i󗊠'Wyæ{{mLzsvLxdWhK? !i"~C3x ,iբ4dzN 鉱{Lq/Xy gsku2e2sJ|K TX9O*ISS&Mr蝚T헼QF Nhgm z$7 ?$@on^KFRfS:54!;!/u~04 I`⧛4`_t*x}*&x}]JOeϨdɡ|Gm~ NAuI?h{YPU8BU lRi2@vYJHd#g)8b<\PН4ѣk(3K:#u|~oK<\nhD=X '@3cSS@͕IX 21fU'^DTVFb$e.Êc| ^#% 97 JvO4#B)6ke2(.?0o1.`"$wS*w\4W2z(r" pu)8pkw &7$m~yL%2Ew룃zDA~ xp.$,p.E;gtjT$Qܹ/'ܫk>i'0GSt`5C τBB*RkT6eMD~9(Ȍ!K<\ 'k]P1Q>=f.Q^>fU3,- I+fۅߣ\&K0N>ZRh0X#,٣DaҸ$($}Uъ} ˶/6Bxө2RARJH.iX|L5D$Lb)Cq7aJ?v+^eP%dy\4T%I6zl I>cA qLO]NVf:ڙ1,(%U*З}꼏PþGg;C5DŽL9-Px'R>&o!b_.}?*}r{kU?h (#HixNSDEG$Ow4cwf6IQ/J)qTosF/rѺɶmX:[B3qf윪òwBC3޺~Ҙ+Ϫw4\&=ύQd[s1R_3â&#dR[eG90l<jsLg!kڏAd˹l#c^"[PWw;jJz.P65@8g{n &4O<6 靲 =2OG R(ZsWU9; վeh7h$a|?b)hb͌>$V` j+ -n>H1"f-R6!t]kUBO- e"}5T,U<gCTPK]Ac!(B9/dzxU4M)F^&O[sk | !Eu n@k^P= tU.JEEDR2#Rӆ:Z4]`ƶ%ffIBe0$FPXk?:M5IReX52s-.؟aFE1)utiZ% 1Zϛ4Q7Ƶz;#di7+>*%nGbS;Z7ǘݦLT`>MW%Ys`29$y ϝ8^9m+24$R!AJK#J\ƺެw]לFz5F{)uO,7:!&=2wwM5,EfN<#Q%Օx9F!sO~nC rDs6jq+S -1sPƦwuyz' A 3^f B-p0[:&) XPG_Sk -(-ʮi( Bk-2%yxCƛf;ɡm(A4ZXe,b$!Vo +lo7cJ&ʷaً - V;})t7f ߾-| ldK.&+wOxE^8Knf77Q,kw8kt>u'ħ@+.x8G eur=L䁴!? -3#t\b_p# N=@`Dy3 = uE$o~0YiW8sl.Ra5dƨYʩ+};<\t]%>4Ş,Xm@{͊sm!]m'P٭Lݺoʎz֍z  yn}7dzv]\ZƼ-שQ2z3 %RY1/'Z.pk4'ZDؙc= ')$.3p뢃1: VYRi\pfKt# i3Pj({_Yt ۔ M&g @ӣ-^2}qs_kfOgE昖u*t_@-Pc1ߨ?W6\Pe3kuj ,T.?w8Iendstream +xڭ]s۸ݿo'D<|>rNimw:=eqBHEq}w (io<-v7(/KDI4##,/}3H!O?eJ.Hd|X:K"] +b{{ƳOWse_ pǷwWs9{}gĢwo]_CpRhȗ_ /"yf.wsu|XkS__-,8uS'OHDM҃dd\& CxOMls%Yٵ[ޢu:~բSv!h\emWu+ƳEWmck^,pa.e܎VUGvGS-JZbA}~-al]Gbє_a.S#qQ*er4R.wi>ĢۓSp j)y̻ն_(˓<+k$44ݻ֚Xk5ksٕwZ8P~ёZmI YY}uR3o>z~|COjyED~B14A6/tYYDBOݦ{n>p9x J~-?TƊ6-/?:ooB9)fIGY"fCb.ż#R 3&8mVHY i2kdY@R,I}|Q]$F(EJPOMLNpnd*$HH-FD)sA@|5 \[-{jᛐ488NR9$2vm]儮dYdR5JnzL7ێN<Édzh-5@g\1aPOM ZO$ (HH$ En\J T_/!%)\ oPs7Ʉ,x^Q@F!4ǘZ]W67q&K0/UHv?!7z[ۮ*ɣ,CJ޴_!&=B,NxǀqLyb;jg[7gҲ, >%N17ˉ!̒™ggnR4Nzβ2P֚mSPr狀G8Xn!')dj!Ǖ!,Lq.jŎyy +EV<P~Fѓ14udݪxڀZa帀=:+*)ܧ%7U̻ulk/̫HpT&"-.u7 + N]rj[ 7)֑_&菶3 .1CxO](#'дuG#zb!۷IUbhǪrnJwJ;Vmmy I{PYX^i@`l/숐wkl*ʻpl-ב-h+W@BeȰU@ lUZdK)!WxuF=Vy,4z +!d'MuJFF,.M +8d)Ɍ6(kg:p$[ C +3"z0jE UY_ +u6>\̦+3ȰDu18$/c#W%wC Fh]38@M%G^x5$#l .L # q_!5n0.`;TQDie|…ZǾcѶ+4 +%Mh|tǁnB⍁IU :jP:Ӷ@\ZDA[C;!bC6w1D Wk͝r{UC">f9Q,aWtO|VQ ˄O$Im]WEOpQD\zTW⅒8j|-rqxVjeSDI 84Ԣ^s ՄtcCֿ'Wz_< q!ҥDNyJ9L5{Є2lB +#DcI,- 'DFk@Xur.V} +vXX`A΅o6`cs@BσʯU>$j*&0ynxe;:rYMw3h)T]a +t\h /u5D]XI 1=ኍV'C.&T=P N\k/w=Q& \8K>`M[I LjoǓ󱗈H||/ZJd@*?`xS"c~ O8lLBkp gu`.->D# +jT> >PD?|EMmˋWX][W\%zE`-R/鄲$0:a>:}}\BIu|jw%gci ˰tV\v'F"=S!OJ <ӧz3SWaQA] \uWz1JG'Cf۾'3˘ +"cU8p>m N- T6Jn@uF Nۨ۲n:4sܳ=u1VWǔO&*.Ypח+kH."@˖mr*lew?W4ϟ}p)]i>\1Qd+q~]A3~S3]2 +t;ǁykRJTz E 8݆1ϐ' 5-m/4>brŬzF29* ж%8v迱qEFۗ1YjD&QxL Qt̝HGM5l:V6͂nz (_=͵zbv1%#$:),8?q@{ dM;Od~ tM m=a l/>~h&UW)|aAG =;jKrnnmKY,Xֽi۵,Ly\}/&>ȬR.HI+ht1ZIY8V)endstream endobj 1345 0 obj << /Type /Page @@ -5101,208 +5106,212 @@ endobj /Resources 1344 0 R /MediaBox [0 0 595.2756 841.8898] /Parent 1318 0 R -/Annots [ 1348 0 R 1349 0 R 1350 0 R 1351 0 R 1352 0 R ] +/Annots [ 1348 0 R ] >> endobj 1348 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [154.2681 635.4049 203.5396 647.4645] +/Rect [154.2681 399.4396 203.5396 411.4992] /Subtype /Link /A << /S /GoTo /D (notify) >> >> endobj -1349 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [180.4479 136.7465 244.1386 146.176] -/Subtype /Link -/A << /S /GoTo /D (statsfile) >> ->> endobj -1350 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [265.4578 91.8382 326.6578 103.8979] -/Subtype /Link -/A << /S /GoTo /D (server_statement_definition_and_usage) >> ->> endobj -1351 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [367.5441 91.8382 416.2908 103.8979] -/Subtype /Link -/A << /S /GoTo /D (incremental_zone_transfers) >> ->> endobj -1352 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [280.9692 61.5153 342.1692 73.5749] -/Subtype /Link -/A << /S /GoTo /D (server_statement_definition_and_usage) >> ->> endobj 1347 0 obj << /D [1345 0 R /XYZ 56.6929 794.5015 null] >> endobj 1344 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F48 985 0 R /F62 1100 0 R /F39 927 0 R >> -/XObject << /Im2 1089 0 R >> +/Font << /F37 827 0 R /F23 762 0 R /F21 738 0 R /F48 985 0 R /F39 927 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1356 0 obj << -/Length 3915 +1351 0 obj << +/Length 3927 /Filter /FlateDecode >> stream -xڭ]s6="ޙ*"%=67^u"ӱfeɕ䤹_Rd;s<AIZ\/.3*O.z?^}|u\\^X!#^G|qG*3|đsyHtw - NF%%:L( uH)K$eRGmwʲPY$4 N==`-l&ۋDE"%;ll_vaچ:%OX&PZGF9#W)*6:78>_X.GP/EvF1Hx[[ddDg -Z8JHj7TcCga]vDZ?=9FYd:f:gd U=? {^ uQ3!NaNo'1 -\gYt]U< o{ߥLHE2=AD*f (τGX2eV~]QqhUf8@"ʵ&_<3MW}z.^C}nP<e XH0-ʪbu[lVoi=emykwH -5|}w,ƞ7I|KgB_tA.rOc ڏ?Qg_nTnݫY}hJv"dg:u0=8,lq$U,؜^@'*7{ St`nc=P(q{R~!H=X'%i[R=9(\D2=ۣ2@Ƃ'Pm6qa';H}'#Sp*攳 xK"Z(sJB  -y*REQ< `3 %ZSXyc -GӜODZ9?=Hꫮx{jmP>, !0@KKT,P_;'!(TA!C4^۷ - !'!~(E7´˜Uݷ=OmGhP#8A햳'LΕ;^``:x#c2r{N ~x -2D+}BjZ &W"v_Tu BH&䅎~$m_Եvpgj`1\/^]`/:q+5c1Ʃ -~9s8t]8đ㨦8PGVO}d(5ui(uu݇sqJXx\R`j tpXR>XdqSE)p,qK:v-`0ؐ2^-i4i [ Xt e W#0ʴCr_`gROJ(OWv^cP0cr!ZJ6me|~RKRͱ$̓U>WB'uG -jڮ7܊Q>[b`r~Ic"t%%#즡KWDs=!S!DQsGΑq}3bzCZ8Z@ qsv[T5y[}Ou!idl ŨW.BjA}r7qlry]%b,H3k1K-A PJD yO.uK X};yRmU X $;#5M %L|i ɉ0=;c/9~=ȚUM'Jč\D>3Yqz[''KWZ&Tx~}2ⓧ~vO=e$^ȏnA2pkl}8͹j$g>xߝȩݏS3X=#GKN0 x;uMM ^(/x-/$8}0Vߞ$Nx^h6r.[ҡ[6;WEHjyô/0;N";0y`]Z(aw\ܑQиjlR -GF=Iqv3{lZYMY7#Qw9 -\FJU5GN}BH ݹm֖^cbTs^ȱ\0)s5gbl-SڦkDӷ1W)ïY:[|]o0rAR!Zc# -I/{gF_gtG0D 2\l!K$VW 폏=Kgn^1wd.xũCT[rԃWӽ^-ۚkYq̻ܭxkt{/W|q}߯nƳl8RIg/G"ls*Jy7^r0FJ%ЈH*IF@",Ί#yw` w:n<֔{p& +*䳫!¦p>X?>0Xv+{Ҭ' +X&ñ`㿱1= %դyQ;k1y+rN2)s出`V {TxǪB U-+y7v<ݪIv&8#jgU-ToZ봪,\٢[,"+E-vsX| tNhF"/:IL(pF sS| qćjnkz]]Y<4-c1 )0TPű *Մ +r䖩o:X82_OŮX.(#SFC6e Y96|W mzN0U+b:3]@ZbCi ŲJojVxGTO0z7f*b<,^':u ,= +M&pOt[w4˧If~^<Gχ{s S/0XWGS5~~-He"^.vS;A-L}p_RH/UYbѸ\-;~u2VgX7DpuڗBycb=3cƊժDj5Exny گr;O aYQ2\%RM enڀYIa)PcF +%nzb{)Dح١DʣSZ9@ǂ'PMqva'{{wG3}p*Y2V Vܺ6vJ5\DSn:ﮛAEQo͆ƻaƷ4l[v>s>1Ϲ|ԾaW-yGsA9$= "-v8 _H(2eW󅂢 c&&Q2QU~ sR s.86pX~x%=D<πTL5limP;!{*#PFpu~*^``ֵ 3fLH'1ۦmK\DuSFl'[.TTlo/W̝q GdتX>0=Z%b05B Edâh` 5=ڍK=5m}pTwM1SѲL]YN9w8qc^cP%J|[H- nZ\eXm7uWDvWqnC"&ܙڴH_4 Ω⥗*d!R7/5ҫ?Σ2v?//pW*@Qh]7|xD9 +.ZUWp&#eeeAM2 +_f;; &;+W\KpWIƈgF: fIG?xt>>V!#TFgk* 6S[RE(}GJ͟Kr{:pAmp2%.5.iyj8N  `^JTx8h?N ܧrk)"& cYp0ؐ +/ˆ*t0~ [5Ǽxـ+2ݝFb"# KNu_db $l$Drvݛ1Rɑa&ldTV4ʏ{]dJ/-P +ھ#( (gIĤ!$ ;]x r%KCyL +dJTf7eD{" i_ PA)_E +=5Er`Rp"P` Pȱ4oaky=,!1O[FnH~qdݏOsJƽ߂3CLOL\ۗ"d!MnWTԹSz8Kњ 8gDUxe%ȥ**5Q_H!)e^#Lor2NP˂ vXu +B S 9T18 +ywA?^0"$}x/ 9N39SUBF&WU"|?Spn$[XCYyШGm(r_$4K돿]= +>̰9G)gV58  +* Q_w뒭fwB?{%Y[t*&k~=IwP2S(4=> endobj -1358 0 obj << +1353 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [305.9683 737.3639 367.1684 749.4235] +/Rect [208.7944 605.6481 272.4851 615.0776] +/Subtype /Link +/A << /S /GoTo /D (statsfile) >> +>> endobj +1354 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [293.8042 560.8228 355.0043 572.8825] +/Subtype /Link +/A << /S /GoTo /D (server_statement_definition_and_usage) >> +>> endobj +1355 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [395.8905 560.8228 444.6373 572.8825] +/Subtype /Link +/A << /S /GoTo /D (incremental_zone_transfers) >> +>> endobj +1356 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [309.3157 530.5829 370.5157 542.6426] /Subtype /Link /A << /S /GoTo /D (server_statement_definition_and_usage) >> >> endobj 1357 0 obj << -/D [1355 0 R /XYZ 85.0394 794.5015 null] +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [305.9683 500.343 367.1684 512.4026] +/Subtype /Link +/A << /S /GoTo /D (server_statement_definition_and_usage) >> >> endobj -1354 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F14 765 0 R /F48 985 0 R /F41 969 0 R >> +1352 0 obj << +/D [1350 0 R /XYZ 85.0394 794.5015 null] +>> endobj +1349 0 obj << +/Font << /F37 827 0 R /F23 762 0 R /F62 1100 0 R /F21 738 0 R /F39 927 0 R /F48 985 0 R /F14 765 0 R /F41 969 0 R >> +/XObject << /Im2 1089 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1362 0 obj << -/Length 3481 +/Length 3422 /Filter /FlateDecode >> stream -xڭ]s6="oĪH&tnmub˱neɵ?eI̚!7HĥHs(СЗEx -s\ƙ:i狯TriyѣaO8P'{Ǜ$<p5:F<|tx5|HS1#A !x{wxo/n+B_9lۋ0P&՗;xa\]DZ:RAʋ;YW~" GR@/mX -py[U^T@,r|&.)"+1]LL'7fD`v3Lmi^D].iRGzUѨ]B$em)r[!m72INp@IfkRȖy#lY7P7hhW%^rUiN򷼢QߖXdXE R"1ql.-I'xK`9Vu5=xG7j0i'-`vZݾqm@eY﬈^]\.@'E ¾Ń‰E[=Ѻj2}ްxehK^!"q!00ܞnK K=c`d)<dY5|ӗDƹ^=9cm4}?L"H/Acq$ҴEDx2q -,Ŧ^M*aoj7cnAD4;~b: B!Ca}}u=diH + ;6"(EQlW:!R:| -ew6dbʚ֑L&I6""BA 9 e$[$44{jsH5FKy'ca|--JJO+m('!^zRǺ鳞Rv`&Ro#M1;) mˬup6yK$3ٛ%"ѐ(LӅfe~}E̢cwvS|v$tf{ -P@n}͙E20}UѶmw^益%&Ћ7dJ$lf附/}!MtH3ٳk}iȋsQE?㝿W٪ kq -iRF` /`ISvG j0aΫ>Ddb6YLb*_՛wClW̖g+iCcL@1Zs:|яӮ*PZ"nr -0U/{ݺC/kV:FDT&`hC D){) -#x0RT/)2"ld%`5І[`|'qu6EWsl̫ʒ7NBȚࠔjjzra釒el(f|644!a^?$|2Ij*E}A*J7mYA\z(*y[6zi @xT i&Ar)uy?U݈@i踼e`d7>q utN:HX,Usv #P6՚û~w"ۖdľ:QDXk - V-{ JfNay2 Tp}>,X1 [얶={%d.ݓKCHd@=z]]dG|zlr扞6T* cr`=[BDFLulD%ƹE@T{- ! I-y+ X䉋'=N+2vbz5plA-jsÂI0'7 tN.-=yC aBc}O(G]YiZOr+wX+0ٔ/0<}YVrm5K*'n?иٮh顨|tFmN('?TlY+R#%ƐQsӰKL/N -kHaF7S%!g9q]rJYs`:X'a-+yf[IЧY<< C gJ%IǕ}[5,c[NnsIցǏ(I;T"X74l{@x$ÆȉVDREql7S4H|f˳-ﮦMk at8b 5nY36lm#>A^o4kσ|f/;W4 qS[hhRwyM5]A5j!{)}a?I]Ή9'ڌ} &g5_9dy -Jɝ( ANLI/]"4 d(}R"Rm?$.wp6o!ȑpn[톍/Nm~dӻx9ԡ$f߰B>- 'Fybؐ#TUƫ -mIN jpMt,A&d[1r`W{~eݴ8a -L( DIV$lo6RT -^yڢl7TDB=q6wpd?БͤJ]e\`LR ~oi@\}ĩÈgC1tjX>rԖvЁg#}WȦw}xw7<#H8xpHitލЅI~K) -s屇Ϗt| -w˼H/Yq8DШ.M  ue\[fċ'1q\?Lo>~| n?_iM>ȉ w_Sc_*HCפOm#x#4f -%B?;=dNo'endstream +xڥMw6_*լDtL6}i [tYr-9i @}YN: H7]]D$̮M Fz +a컫iVh5\g"Kdr͕0M R a퍉?ܬ#OU(xLJO40=.Lݧn~{xQp#_[x] +R} /L^bꧫFݧKu*d,Be)GD8qd/e-ISy٭`U^G۶o>2R(LW8㣧Z`D*)'[\q:"MEC # 1v6Ȕ4LA5@Q>!"a ms$bp(/+7!}l}WlScW2#XMv7'W<~M4zЁ4j]=!@Az(U @B4T^,+vӜ-ę g?R4{Ù.;Ӟ +k +v;\jܛ*,_gZd! +dJRBp(9Ha'ГN^D&B}4CY9 nG:s.HIZmbZTq ^~F(H!\tdq@U<l Q4ΫKU #}G(O ˄Asgl5eʁ-kgp Ia1؄#cD>`OfODJ; K? +g2a饰H9=i#=jL{KzL8T~yϵ`zL)5DzTɎ[J."zG^5fA + dD#FL܈ō/U$x + H@l8l@-cm;ΉViU %%d\f$0?vB͵?uCӔ[<ں,kVր䌤k6MEl7Hg-eyNr/gM`feXCa)Ӈ9PI>GDj$y݇KlGK&B "}}'˅8|ls7;2? )4Jl _ M,.C Q>|&ЕjN_e)Dn֜nOA؟eyK/4[(L{OVX?ZmH4]I d[x:̉UdSQk#w̲0q6\h`"*qt3Rݾ( ^{?S~o T3B\`.lendstream endobj 1361 0 obj << /Type /Page /Contents 1362 0 R /Resources 1360 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1359 0 R +/Parent 1358 0 R >> endobj 1363 0 obj << /D [1361 0 R /XYZ 56.6929 794.5015 null] >> endobj 1360 0 obj << -/Font << /F37 827 0 R /F23 762 0 R /F21 738 0 R /F48 985 0 R >> +/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F48 985 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1366 0 obj << -/Length 3344 +/Length 3521 /Filter /FlateDecode >> stream -xMw6_^_{r];u8Yݏv{%D;@P5`03;fʘ:NG{sN⑒o>-"<ˤ1~g W$Ogo'HAw7Wo~=?rrW7g 3zvسK=O.]LE8t$KEa d)+ -~:JJ -!˓ YtRTq&e!ƹ%Z+9B.OC}] ikḧ́H6 <.&/j#7=gLik3OOU܊6F{:bׁRVLj^>/7Rw)TH5wy)׍Ê/Ql\;$w;{U@>MDSaVPv]H!?窣qIҕԈNrpf6+Rp8cӮPnm.N's0"gX7`R/gr=Q_%S-:|~!`6U3~aDIۆUg*+XEi< M$jrIw)VC34KOH$nWйSsxUۡs c |ܫG2xii)UnzGCoLU.ѓخbE7SՅb6f HdnDbrͫVp`AMՅ*B] #ÅNs}+X ʴ8ZfZ]-Y@WH_Ӝ tݺ랝g)遾 X߆OuΎptRouA,\Ap{~M -fpj |ǵ&˶ F=Rє5{xzy>(1$_z(7!&L?&2a4D,|BauVybK v=.QFݢTwn)i4UT149qh1xY6Wĉ zSll ˂9+jF3ȱ?}$Tp8'zd,b -LSbd2ßh6(HL_[  --_c`8D_9rf4 |^Ǫ ȁÞ5ZV'SdɎkͳH*F5WRp=\L;J{.Θ -cf 0 d^m,[9{ --.%p%˻<5ʈU%-&Ϭ%)`RQRy^`AR X#hGŗhZUy -@^Z@Uh,LjiR-<%jjI .t!b"ՂSmŒ9\ -dCERB*=~74W.F>Yǂ]M(?@{h9s̈y( ,G: Gdj&Mtml6ݔli?h;)2nLfud?"!7}7{L&* w si6snn bs)fw^PVOߢ[L;%2uPR+BJ ܨTC~Ivl=s1~ X#ZLKEd:W62͌fCBHd!H|VخzM÷X 3Q^ f V8iBHּ`$k{Y[2ɶpTXmӎI0G2ÏH?: }e 'i 8 - `0lf. $x!PVA06-]. -#vB ! hȒ'<ڑ[C:$|VQsTɌufa+}'ZKP9 yjZaX_nn߸˾Qޭ+*Ф6;uSk(|^.H3{Phm޿]b"\'€ b. @\/5xz/ܗ lmX5o6(DC t4kox``/{ KH,B1tޢy\ʧMMˉiXf}'60ђx`jTq', e_(H$JYRs% "U%tĜ|k2h@^So?N0OH YM"dv hׯenYuo;ɟ#Hwv -}e8/A:1RN? `ʹu%U,URM䭍՜?G;wY~jҺ)8trUlgȧW&v' z벌a|D7m[YcZMO3 8q@N~SOm"A4X{ - }q-_ǚ8GʗдNWpaݴ6la|)d@_yO"3 -IcTraRĺ< -xg0ka{'! #3u< XB6>Dq-Hg{/`ΟkL 6d~8OP0Ԅ!ܹHG$#;Jn-.uzf+`c%0*J 'a8R_ST]SkO׌vu>5aۢ> X>ydrBg]4ޑgLr~<2S&lT)<&\c (~AW!߼|AUi3e\˸|5Q>⁹rD{CCr{ -:kXVׯfc:!>L@`[oHYצ(D>]pT@Rҕplr /;@h ArH$(Gb焸 чz-P9 6D]C ->֩TJ%`t:_,d&uCuv)FF33ΗAZT+?ut7%v۵av+=5lyw:'>^y~r~y|&Kj_|p1?v-XB~;xewG*uf q$TNδQJ퀽^qNf,PZ؀fԱl,ŘjyYueE&_]8YiԤ?-׈'pidck\x gJ\)xZwelV}^RS)V/EyGoon.P{"Bp{S2_e5OZԸ +, Q +/{YˊX t,0&o/"9|zldj52o +M 6BȄ2TyyԲ]Qbwg0"b7uI셞_@ˆ`Щɏ¶u- +6߼=JűgnFld8ct(l <":vGڮ9gZm|َRmOcqzujdX"mm@j_;ȀB^^(bMfȨX;!.~c/_eۢFP+ ,&<<~-;/LV;,YU0Vj E+Fԝ!Ye `?pጋ|e`;f]zbkdlL뽘iҶ3;lE=B>du~.̓K_&JD[^ig^VԆR + T22]H|jU)btMA⴯+8B ^cUցHxe+O艖2o|yl?SF,irĠm!I'r؇wCfY2 &{U`8 S H-"sMZXKT^E`pib[C \MFɟM968ezŞ~M೐7<ࡇ_b, 0Lǜ3ۂlz4ԪڌD)&}9Ap1 } m%M +UӕW&]&}U7l^D`pkx95,Iղ RV1 c  !9#Z*;296QzP=-Eu]?҇8e)ubzW+~Cڋ7>=-ՈtޛϘ82JuqDP(f/5~yԬ?#F5/Ga5 EOhvd:rZyt1tJ5OdwIйĐ hM\3ń=gnFZgsQWJ2#D4jmj~3ځ'~\.9v RՋ3qVÔ@}K_*4E!.)[osFYp#r +̉#N b$B3pU&9>a\prmOm\# iP1 4h[/~xhRFY3| +/Աf4\jI7W;6KĠ sRc`2xnmd;m >B`诘(YՋk?1:"V<) -c',flEKKӮ,N@#йx8J@(] [nAP4mMk`%d2l:)g=KF?@m;k΀`k_- +uLyfПSzDq=!%,^򚺼o-2'Ǯκ˧^Q{AM*O ! ;C__%D+,Oiloט[;Q,i%1 ty.PM u匷 +l] 'Vaj̪U;Lf$Ucp,m~}`Xψ5k%S}520Pi׵>RZHN漠~E}|lօ1Ǔ9٧AݎhQ9yd#DsS|SjVW٬iY=?~8*@5"p/I$J E! mP@>wٶj2k'T w$ox'RO%l<D_#PnoT&Xn߿x$Nj(kw,tZGB%ߓ+""\ro1*8.F5"2b ?_li4bfxC:@G6cG۽)_Azk@Uz4Zn @R'wRDN sˬ%Ͼ_)>oCD8bBb KT?lAȋ{j|.x o/ђL"udq' + R)\u֬‡n颡s]lS@+~c螁Q(pM-8'1<kOڅi]hH>C' d0/;=V$$%K4AnYLp ])-Z-sB ?cmP{>G9}Kc eW1%og`VpM=עEAZ TNښ̡^!LJT:V }= RZK!-M7hGXu[?THë3,$"d2"$.endstream endobj 1365 0 obj << /Type /Page /Contents 1366 0 R /Resources 1364 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1359 0 R +/Parent 1358 0 R >> endobj 1367 0 obj << /D [1365 0 R /XYZ 85.0394 794.5015 null] >> endobj 1364 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F41 969 0 R >> +/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F48 985 0 R /F41 969 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1370 0 obj << -/Length 3188 +/Length 3204 /Filter /FlateDecode >> stream -xڥZKs6Wjq2:d=V-Q鈔_>$omfLh~| R."/6S"Ɍ#/h}?^IYyU_tDf]oYT.7-P$DO|r?>^'fy땊ۿPǻ?z%X.?7weY_?%w7_nn~~/~eq#^Gx -?"!L-W&"6Z{Ju ՟V(P9ƙZ^Z^æqk @^$n^.nеLn 6_Uٽ:Cm!J0Ps]GeW^MA| 9x8̖4ewȷH=7۔RdqL&p`5Ѳ*맖n:[CWD}A-*ɖQI ȫ\&ت敚CYo4;ƒv9OuÄ]R 6%c|*YuѶvkP)-p[V5ik!ɲj'jǩlDE5,y]K)+cf>xDSWo$N|fOݮU:7u?8;6^wzGM7l"]=lGy(+_?74Ř){(>^|ώ:H"E"]Xuirw DNϛiT_3 *p*Xgj:5]SSR'5ܴ ^RT[81#v|Ez;9+c539Dž>Tl2<|;-ߝ2JĨI缯GRM낯{4FSb@4w53ye.aRpoQޅ8D7JDm4Po "vhCwk9QQOCS5,xa00H>x@S] T1JiЇ]=*0u\*]vJ ?e0P$\-c" !f -v0jl c -+!͕c^._?1־PY''5 ZM'WmNs$V5@8:B$^6P~s7eS$=TŞgA']]59|^Eky3٭ip3gX!# eame}ñGrϙ=Cg1r΄<6kkdNmb _+9ʢX<p!]C1 :ݙ-\>0>ݡ H{cP % @w=wrݹ= 5%Ҩ0JS'NUrRڮ#64a&5Ӱ7;40J!џm$Ծo$SN n/@m^` x܍g edҥnkDAgxv `sUE(yGqdidDŠi1 7=!QmU۾L0_[5+0n([gP rNo?dM4khM}l2r -Gdt{9 B`/Os> BQd)(nG!PJH'"4$w7@elFzT(ie u)ĖHʙ8A@ uY&{'DPLPiM E=a,8F"QF#3Я@ -"evt:.QJw - R) @Kˋd4(ML),,nCQ+: 2=|[!XS"Tv.!Xe~  tG 6|`@{7LjRcdnş -41mד۽Z|n`GpS,xJvࢴRP*m*kgX1,V|} oܐG -G@Z7\2E@^dM,L@J5sp6N)5c]ixX\NFLr.L"7F -Mȝ}`.Fr00S*fլuN&oEte=C@<"<>vȲϟВ<7-#0%?v Z=Ӈ YBFi/'V!zq秏 7 '`@j"@`h95Xs0^NXoOA޻zt580q AόQE} >2Pb0)E|=YxHendstream +xڥ]s6ݿBo'τ,A$xon\ӜM)cJTEʊoH۹LZ,~N$IPGBOf˫hc(S}p{N0Kd0e1y(~&a^ +O}:UӇ>]}KЇb_7ni(50},z~}DAhR?\ĚG,'+eS_}_7jODa,xD)ЈPg:  Cd:MݢfWn#S櫂PaPbն,@pZ!'Uaul5% ]Wv uW5ׁ`FBja! + brNO۲AȲr8 +uYa&irF^bqhǒ9[v ͺg>{ful(_͞FTbI#: 4ʌhZ8z4iԴZך>}x ;x6lj/ 4i`lwsρ2ֺ%$kz£5X [TtѺlޗ ? 8UÈeٽ9L._5Al` -[-r^'qa*T&΄ zDPHDvD{`Bs4z2L.N8؛δώ k.DDB#wuwe0[gd S# qǦ[D:{*_uuVv4FjDY(cB`oDT v#jW!Q:`!fXq@I +82AU['б8~кfs~d0^^*mvv4i'vbڋYLT,bVeϫU h">:08 9^}XP3"rYfYCX&MYfƜ4"3(4ʦ^}p<ևyk($DpJ=Tj>uwCCvc{'̇Tp6kcBhs9·zOeq:ؔM.Nb} 4̀`8$C3ȵ:a.ιX6 cFmKo?u0lMUcW5XR5{*7 8`wcUWZawI 6'з_y(Ue^)U)iџ3 nI.m7e5A"BHYpD#, 6 pS- +~"Mj+OPZci4j9w}UxqOߢˎRT%8U]#!2v TBշE -R eC0tQMB +S)Q鎪u>#װ|EGB1֟TQ~4\O,]U4:gwșr3 6-2>b;cF[ų|ܼC<hٴ֕U^v/KxWrH]GXR½mz Xkp g쉎`~lPm")ꨂfely S@ܭPNHW OIu<]Qe#)`QG `'*Jl~=Kf3*EGke:;ƕ.o6nք+٢\S41UpyA;O|6HGrS +D[Ahd~ 6[f/2kz.`e5|[ӈMؙՕ@-H>rROo[^s9ΫMۍ8 T"*N{u@d(Ub/Q`h ˈ˄Uu8f, 2݄* Z$g"4?:G6nޜZ>pmkmVQ|QrJsbx𒲞É)|Q?8X0e$P&82.g,2 d)8Tqvxxܜo|ul\\(74x>9ɟ,9Ҵa +.'W!h|%C&*s1%0R̀+\|ѓ \qIC`(;qiB}=}ПpZb`!FTITq.HBX*G mлm^mϞI/\k'Jf~.o9j,aDƶt4B]sfkKfSD=wo35P揮WŊ-ڑ^+֛޶iPj}y5g$C +fݫ V"MBy9gLOe3A{8,SFo8< 2Ti*eQCE@8>]86v:25&g6v!74 I >'s H[Kf{s+'`m L04~QӺp +|6[ Xk _|8Yu 4P9e_wSq͹Tޟb,ՠz?Xc#GOhʾʥ}uK!ѝ +ٿwI!'=Әwn Cq`z_[K,mjN˫n`[e4v)Xnj:?#oE_ +JUi̙85"Dgp[endstream endobj 1369 0 obj << /Type /Page /Contents 1370 0 R /Resources 1368 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1359 0 R +/Parent 1358 0 R /Annots [ 1373 0 R 1376 0 R ] >> endobj 1373 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [339.2005 543.9652 400.4005 555.8654] +/Rect [339.2005 278.3354 400.4005 290.2356] /Subtype /Link /A << /S /GoTo /D (zone_statement_grammar) >> >> endobj 1376 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [455.0966 345.7585 511.2325 357.8182] +/Rect [455.0966 73.4705 511.2325 85.5301] /Subtype /Link /A << /S /GoTo /D (address_match_lists) >> >> endobj @@ -5310,70 +5319,56 @@ endobj /D [1369 0 R /XYZ 56.6929 794.5015 null] >> endobj 358 0 obj << -/D [1369 0 R /XYZ 56.6929 769.5949 null] +/D [1369 0 R /XYZ 56.6929 515.5793 null] >> endobj 1372 0 obj << -/D [1369 0 R /XYZ 56.6929 749.7875 null] +/D [1369 0 R /XYZ 56.6929 486.6636 null] >> endobj 362 0 obj << -/D [1369 0 R /XYZ 56.6929 528.8451 null] +/D [1369 0 R /XYZ 56.6929 261.7462 null] >> endobj 1374 0 obj << -/D [1369 0 R /XYZ 56.6929 505.7912 null] +/D [1369 0 R /XYZ 56.6929 237.772 null] >> endobj 366 0 obj << -/D [1369 0 R /XYZ 56.6929 390.6092 null] +/D [1369 0 R /XYZ 56.6929 119.8679 null] >> endobj 1375 0 obj << -/D [1369 0 R /XYZ 56.6929 367.7147 null] +/D [1369 0 R /XYZ 56.6929 96.0532 null] >> endobj 1368 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F41 969 0 R /F63 1103 0 R /F62 1100 0 R >> -/XObject << /Im2 1089 0 R >> +/Font << /F37 827 0 R /F23 762 0 R /F21 738 0 R /F41 969 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1380 0 obj << -/Length 3157 +/Length 2678 /Filter /FlateDecode >> stream -xڵZKs6WrD4x6hXHGxo @ Eɓqըh 6f"TX93VE-tm] B\꛻> -3jgwXEfw_~WtBi:r,|w}i o>^^|{u`bПNtx+}o/.%_/-ϋ_, J-(aB*A"r6\Z}שS fb96Qe\ ,7eڽ.ƭzD239m -gu-RvOղR^Q7Wu((aXmSML1W]:|C\`L `6 A#8Ika 2 fe]pK\#Pt704bP~j, ܪ۔IjBJ D(K+`у:rv}ƒSBt4X^][|p_ J8WwD3 -Xx0piǡ "öP#*`36.ځ2ju×kGӡ)9~H3`*-̼{ɈH(#bbj3#|lOM[nP_Oh%e sQ:a X>Z+a))>6LMfJѹ擹%6\߂(StߨS/.D}.MS -|vv2(Ϲ vC:!$# ;ŏ&6Svu$0:㌢Ԥ3 -A`HRj 8_ũ1GQA˲BVrE}pE +VcuA l 6._NOʚף:Qb 0JN -llVS` =5u W4p]њ k:0UH~~(s<AV>0b"y1 c1C$-(X \GFjULZp Q*ȷ& -7-, AqNMD ? ebq0prcNH"s'Ԙx*(eèr&|6SA Qa"ظ^gWKAɽٰ@ 7 5:cQjbSAy!7;CPBw@TOAqGAŵ۠y96WhRZI}q`QG8|Q'ύ##MʏoZ.Z-y8Rᐤp?ڑP*^Ξ&Đ4 ɇ󏲋]7n}~돕ڔzn~A..2۲@c.dwXSpl]S<*,0%tDۯ`^|ru'nKt.n0n`R!#/e!sxmuV8dH5 -(6ñm$;x\jє GhRxa!7ID0g9 Gޜ] -c+ްLF.@rr@o"IjBfPEϗulZ$3213vɌmGo@d6u۔^-W^W?g8+ 2I`N'dq!_}mׄ2s@RHi(=ߩGc;:*)7pFÍ%j9qd$;'Y&H[,K-TMy riji򍅑ߡp<' bN۝ف [ ZٯOnH#~^3r?uL$bN:&Dk96[Ԩыp4?a8ZΈJ!Q0YwkeBxj7uA !l%o(SP u߬8KݯG3:+MWlה,d,KD#8ḪHksW>U3:`p ZViOSU=wS 6<8r gȈikoM@X Z(l /DZxI$$$Rl!:`[VI\tY/aV}pi!IM(1ႪwkLUK 'E -iTݶm3p:)A m+?P粩1AMy_m:gܽ2.Vv=d9ċ#tQ~ƃ/B N)|1*X֏Myp];on8ˮI^i ^| -ML?,x%LYr:GLYr}Ȕ?eSs4P$.u -߸RA>vUt,^, lK~ڸnO3wxK'oYӷTal꞊di\HTS9)whxO%,5>('afdg1Vh$D88aPo|˄N[nr@n7TV>?m9v`BBἣJ7]TƧ8CB"ezBQ`gǚ<ه{7gaCec sŒ f13L?gY4E#>#6Hԕ6ww -Ő3 cwWN}(k{Pz<\XIJ9ŕk?Ukendstream +xZ_s6[噈ӧ4qr\{jH͉D"o @$EɾKzs\,K|tdf6Wf\ϖ36g<,"Ӣ欄YnrsnV/7 d m˫D͇wyܪ+"__zsqNsx_4z__~MKIgf+Og,ӳGx`s1ۜ)-3dz{))2--4i;me1 V[X 6%+ >eȅV.qQ7]u42W,˥C+J>sp*oݺ8fYa"9?7@-{v[ziCOVrQ cuϤ>4nǮNd!yikB0 އS0KY,Qbg]Uu}Wi +vzǝJ"י0N Ah3"f:q>t;y#SN'`-?"$)B8DЧoѿpV(5i9燹 LB#:D իbsx 6pȌ/FrQF_cV7K-vPj + ȸ[w`(9Y',b~q`XT +.4D 1oy.7[܈4o+/e)F :%R s='͟byɽh˱::p?=Z +ܐ~l@}P,@G-"ցofFŽu!,CѼ׺_ g8 1+xA(2꽁ib["ӡ`=nj܃ Ͳ -֣GmEM<#$ +!,C1Yb9.ZuvAR҆Q-S}ZcE-!RZ/#*9)CS/.֋b WӮj{ko P(ʥ ]uTlXM}V^XǗf9W~+ #n8`*pqq +buzHb +㕉a'W],ܳ47#'8ĘKfG?ΆG?L_C_~C9ɘ¿D_Kr)Ő?s'1_i k5Ndk\^D5M̴5vL0(E?ċixWvanmxo'jSoZb;LPdR7UlKS2;Z, PX%;fr۶tW8y>G6 +X$ov ImKoN38]> u 6SjA4bLƝ2׀wV%\c u0SFٵ/ 5yϸ~'DoL>%rʬx+q2(/DjN/UP\e‰GaBe9sOFk2M]Ddi-ׄ|ST=wfSIxawU ERJEH;`@ +1PTvr jtk1S'ʲ,{5ռ<㊹wN8)z59&oOư~]®ϸk넻F#9xxe6ȏLWfC40iz \pPx} e߸'GB_{ӠBQi EpƜʐ Jr =1 $?dB|$/VaH!֞O(%d/np3ON}nب@C1pl|$xR N D츔u> endobj 1382 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [213.0783 350.5232 261.825 361.3075] -/Subtype /Link -/A << /S /GoTo /D (dynamic_update_security) >> ->> endobj -1383 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [398.1622 223.3235 446.9089 235.3831] +/Rect [213.0783 74.7457 261.825 85.5301] /Subtype /Link /A << /S /GoTo /D (dynamic_update_security) >> >> endobj @@ -5381,116 +5376,113 @@ endobj /D [1379 0 R /XYZ 85.0394 794.5015 null] >> endobj 1378 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F63 1103 0 R /F62 1100 0 R /F48 985 0 R >> +/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F63 1103 0 R /F62 1100 0 R >> /XObject << /Im2 1089 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1387 0 obj << -/Length 2824 +1386 0 obj << +/Length 3193 /Filter /FlateDecode >> stream -xڭZs۸_>U|@K7/-і)<)Q3AX,~oZ8XYŒ>'"ΙIoN\(;g2ux9ƝٯIv -Wu}vjӉ4||qszx}D8#~˫Dso~:9i= -ɯ g;3z΄r:F1J?O~ivFAgRer@)4eJ@1pǗeSliQр0ࣉ̘* Kox[r3XWf74ڤeuy,6X.)QE9mNW+ʟ|[^o"n}ڼ⡅b\MQNrvD捑aInUx+ˤbN4Jg&L4ډ - @M|6uJX#+h2XɼsnX_'-IePƞ|Jkngs73gB&_igBm\ṬQ%KJʎϤD﹤a)ϲ="^=g%Qw4@ #nb*f)>-Ⲳ?(ƌD1u1 f>D8f ,?mb4OɿƄ$s֥u7Ū(C+3_? ā%=q&ҏa̽kOO $IH{"7+#;x{#C82ax 2]"VEb"u@Eo(VrW)-4W2\B8X o:3Ҫ;X'_UF1/xˋ2jm5K&(E~^&-bzF>W1#L#yZvQ'x N2G 7ASxIഓlq&S tD_TD p=Gb@BSI@IGߧTjQUUA ljEQ…Mx >ԪϋA^>'6./{Iw<QogkYƵ9g[ldcprtYca=x7w;$B'd B&}! y8ysJZWdŶgz^D #(Ƭ*jC)IqҒuJi`ٷ>ǫ\jpy0CxBk֦UUeNj+O1ӑ]pU%#Z<|G>_ƙu;@7nxkeSp4#ȃ ͛V%^D =-{cFKF`%$Ep`CMK)VÛM)% -<žhbU@{d XHjx9f#2#֔)w)CtgJ2Zx!;A -(n W-p08 <˺Y#!eYh).hY8dX(] `*)?b](}ӑ"'zhU̒HKffE1)F' -r!NuQ qf.\aQBCeձBfxr.|[% jBqVZTM QZZSCHAі`lߖ`Ӣ D+ k4'ЩaBR ( F#dç=py\DJPo GִO v%-1:U'T2_| -PE׎ ͩ* - -pG­r{@ʪ,BCh gyȤtU GJ:ԢS|@jl-ZJ0-1UOfyI4D0Yi&)>Vg)_<${{Mɐ.uֽJbvizA@(%,eƄokw f]o 6%Դf@lWk:!*q ʈmh࡬~ V&W(X(kBZڮG⒊ ưQ6=l;pv3-z~Ԫ^J(1xsρ4 -|PoC -KNh; av,ZL9$IZK5{.6/Dx HAS՚q[ -dv9AMP!&IA4;,@\~hs :~Wː`2;zyu~ˤEqey%P;\w;?C- - Ag;TE TJx$wTBm?+K Zu -(ywZJ;܀YG?^Jr-"GJVƤo2Jt ]}$oF:*#!}*1]`k0STÁjҷ\0;|Zm5vu{zX܇rY2 r'zBËri(:V} $ d -qkTwla9K\u[Q(JT7(5tNR܀5{~@=@$c} GaygFS#R^,eRF)W&>BHwz8F -w/$~UCE,$G0F8QNDl8{|0y way],״\Wul?4d?_KSѳ>,ECe-3-Hz&{Q<HHiI~'.rz'!_+ l +gMGkT"޻U6 5F'IiPhgszKG=-}Co.)2ge̮3>dIC ҡhsҍ 2+lj3:> R@v(mY*e0?KBPczJE ")Y \]fiq3e5T8}64\W`{ZօJ0ɟi qlG1`yeu(wjaơhFaGSdp{7Y!'\"2uLXm$}2X֔z +e2k^M$cisf̳laA.z[U6 ppxC =r5?2Ѻ%~Rł|F(x(l`LPഁI&m b7x#H[K_%Xk0$Z @'ԕ.-[@h80zY=3d+#A)G-D1?Q)#t;jC?qpf_X# @FP9ZF%ZLF/-|CyXX2 +ǴZkj3fUDW}*-_*!6Pԓ8Vʤlr*u+[c³Y(9|*Z0a)aecQOp5,YmW0 (j_lp8 $ܵ+笏NԎ p gԗ +#;hG>VudđG45ޫ@8}y[|PJu9-D(2΋zӃ{>@Q*)mM)h )%]𕞔gޟ%׎}H~ld +[JjTܱK~gB)/DNF%3rصc刦i/tf<8qݩB^6c'J @kuC!Y! i.mlGd;J簱vKS-׬Gqs- :xmQ?ơk ]>&AJCyUH>En4u +f}('Ȫ<"M/.(bG3PWI'Z $IsOq%icN?lO,@>2AȤ\N>6(y^R`E\ c)E38}'M.i.A:AF֯{9Ràb!ľb0U-$$~(+q k5#~4O XQcΣx@cIo7F_pUQȬ0/$ĕt P9eH,-|(5)@nOQ`ob #N]o7FdF34c}:7ȇm6g95k{HZsL%__([vI@3.#!hX6ٞI1~vnQba~W2 +$ !xx":^e:^ή&=Ipٝh<m|OQq'.zrNq!{A3bY9|{BCՙV×Z"7J]t*|BH]%xVKb-ؓ`oI1~W1 jk&:iLB\(xi W +n JzZ5z7CVX{#DʖBqroTv~:cDe:"̔Tw(̔#7endstream endobj -1386 0 obj << +1385 0 obj << /Type /Page -/Contents 1387 0 R -/Resources 1385 0 R +/Contents 1386 0 R +/Resources 1384 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1359 0 R +/Parent 1358 0 R +/Annots [ 1388 0 R ] >> endobj 1388 0 obj << -/D [1386 0 R /XYZ 56.6929 794.5015 null] +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [369.8158 666.0366 418.5625 678.0962] +/Subtype /Link +/A << /S /GoTo /D (dynamic_update_security) >> +>> endobj +1387 0 obj << +/D [1385 0 R /XYZ 56.6929 794.5015 null] >> endobj 370 0 obj << -/D [1386 0 R /XYZ 56.6929 769.5949 null] +/D [1385 0 R /XYZ 56.6929 501.733 null] >> endobj 1389 0 obj << -/D [1386 0 R /XYZ 56.6929 752.051 null] +/D [1385 0 R /XYZ 56.6929 479.2364 null] >> endobj -374 0 obj << -/D [1386 0 R /XYZ 56.6929 219.3808 null] ->> endobj -1390 0 obj << -/D [1386 0 R /XYZ 56.6929 190.7166 null] ->> endobj -1385 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F41 969 0 R >> +1384 0 obj << +/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F48 985 0 R /F41 969 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1393 0 obj << -/Length 2810 +1392 0 obj << +/Length 3228 /Filter /FlateDecode >> stream -xڵZs8_o,DIۧnlщZr (Yr_7 A+DDTqYE,g8>z}>$0_z '&\\rNWzg7^\F>'rg4=p&T3)i:Ny?{Q7uJXxZL90JQR9~üwۥ a[4@ȈE2U\XM; Fzۺ1$ӉYK 'tS:9N|dLFO~^\T0\Ɛ+/;z"YĮm.јfBw'-d7NIt/Y4IfcK01L%FiUrXLEY]~D҄ŊX%m-7Mk4Ds - p26(,& ukNJ3nW6rښNڶ}7x g*ە~Fo+8!G͝][Pf%qi8@fWn|34+zQ |e(1?X&z|LAe%4pH ;!%^֠e/0yXx - -U?O}Bz_iS#HC縷 BLËÙIReHE/˩y^_(68kiu(t-fBQea| ~9^#E*n[3p[!H+L-.mrv]>37|ʃ"\0&T1Xh6izH3ufEE/YK?.J4P5ѳqӰ^(8cV;LDwY;E%` Ay#0;[B+'j=«j:sM+E;R YSWa~bQv.b(FQN}nZ\i+b-!a} -ξywlbqSq&L<خ=$kHK}$|tW,[C^ -3xEϦ^{N @4B+[o|g AH~԰}Ћ -z?&wOYM<{E-[wJ Gto=1@TQdSӂ㾬YQQ -"\69F0q{JF8V:jYr -dS -CN#X\خv6!Y^*z|zuSWYx'1Ol.¾g52?=4{?2A3-19u9CaP]ʡE`V]NBOz'5j2mܧ̈9 xǠ8C cN 0)}G7Gaǫ\@[^.3BWS5ؼkA^C` 2ݦxP,dw+ȭ -qdoP]q$W4~pp8EshQ"ίl !7ٟ- AѥcJ%㰂be Ÿ5ZC&vu'KCZॴ9L -Q¥գwPn[({'JD4Mj dU9y˜ٓ+2T Џ ׿tg$D<8d W:>Bz3@F0c#@D)܈Pz 6yZi>{BRG=iN/5aQRL'#Q4Ħ2~i0ro>qPI7AG?; a93W_c/f J" 8 dk c@`R@0TЀv{=1^\eMuCnS`63k@1-ݣ6^Մ}1L7ġC{""$ݴE&f`}Ÿ8#g5Ser>yO!P%Vt=^ug(PW@#-Bڡ254VWL%r-8^oF4{p~,sS]+~Iw'9l1^y7^'esb;x:a*|[vaGIoN}i ]tKv8#BP< #0FQd I%tjח -jUC&t쐰^RhK^uHеK:DZxVv+tȅ/=N fD;KLǶ>EO-f?١Yd}$~H8ĻJ9G(nX"8PC]k#=/50_endstream +xڭZKsWf*e{m#W,*)%ԒM7tOA\WOO7_PNIj33Iv\#}{%,6[}p['Y9&Xi"TNL͏gʊKg։Wwߐ$?ܿw7L~'۷n￾Jx3J߾w׿=|wuЮ^)4._~%,+,G$2dseN:JWW4#Tz̀6K*4u5-j/BS잋zOu싊5~|v,Z.w2M9IM⭑=̟lЈF rBLM7Tg>GD(8w+Hms*xaSs2%Nظ˰jl fW!Tĥ&Rԁl ֖m 2imΖTuX>]&Igegc"q܄ k>0aR&^/OA}ip_74$ZߛY+?-}3txg Dnv4tQ Hq_6ORvgɶnOIkrn/jh IGR@oYzc#݈hN@t(v7P4 #!A Ab.뢩>S~9jW aM}rC` Aho%F,va@G3f@D+!4knQ,x68z:)#Ւ +ezGxJT,@~66`1.*&s i@mʨIw/m3~!%j ϚgLĤtz:Rx_TKiAWaEq+PNOѶ (̴ޔ=4 +開7c)ٱ.vcUI"\ib}X#Uұ}[9s].?f X1ᰭ 20/ L*58*"gubf~I/+vPl eHHv#Jo@O&xՒ*H[\u1MDwUjSeI6$zQvIk=O)Kǩ$WC8jatxxuaQyK%g۞nGxx1/ {k ƴ(m%RvMv;,k+lq(![ ΂G<îwD-5ءq_EՒ }we}`64d^Nh#t +VkTŴEB{ ?*B庀tDP + ,$耇Z0a2-L9 {ӬJx0܋lf+KKT9uMfqPFU"a)ؔf./[-][O!U# [э)`9}7uˊ+\uN_!z/x 3-@G [#1'Im|NW(|i/F uccnFzHA!|驜# ^ѷ7,NDaG23T∰| q? +DPx_F9o +ko !WDa|g"NݕπsQ1FQLX.B2WTBNIB`d|s 蝃v~0 +{ +i!e{95@XƛŞpOQoTS0u[pb.ୟӕG" '<- Y UBɐؐ$e{Epܰ#QW:/|O<[g_1ɉxJrE^ *|UD0ꀥ 5M/Bu\V@xխO +E>NyH52_U(@dSHw9 frn+>C5OsUoD}n,- Ui[aN0X/XI4ƒ#Zm# $ϭތPB""'x*CC-"#fMxCQ`(<rqQ"2j$sn3J/pLsɝTRG:Y 㚟eӱCl.>_Nm{@>:B F.)VI.]D͌1ன|k7 - V66GIӃ8]ZF8T ~McS(ڜKl35:}?}·p~xIѩ'x@`e(.Ùq2dzvq0eKl:IkHXi/6:a`P{JYzMGS#ZmV5|HS5>-\G2pש# endstream endobj -1392 0 obj << +1391 0 obj << /Type /Page -/Contents 1393 0 R -/Resources 1391 0 R +/Contents 1392 0 R +/Resources 1390 0 R /MediaBox [0 0 595.2756 841.8898] /Parent 1395 0 R >> endobj -1394 0 obj << -/D [1392 0 R /XYZ 85.0394 794.5015 null] +1393 0 obj << +/D [1391 0 R /XYZ 85.0394 794.5015 null] >> endobj -1391 0 obj << -/Font << /F37 827 0 R /F41 969 0 R /F23 762 0 R /F21 738 0 R /F62 1100 0 R /F63 1103 0 R >> -/XObject << /Im2 1089 0 R >> +374 0 obj << +/D [1391 0 R /XYZ 85.0394 671.9496 null] +>> endobj +1394 0 obj << +/D [1391 0 R /XYZ 85.0394 644.3125 null] +>> endobj +1390 0 obj << +/Font << /F37 827 0 R /F23 762 0 R /F41 969 0 R /F21 738 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1398 0 obj << -/Length 3308 +/Length 2464 /Filter /FlateDecode >> stream -xZ_s6ϧ[噚_|f{\t>(k֖i ,ٲ>L'3!EDŸTAIpR|}%'ݕbYK4S}{w[MN'w=^^Hns --A&ݾ_M3ݼδۛ^S~Lyx{JǷ7o%Pqo__OKJȧL+)LnRd}eӶ>\cC̬Z/qD*{!{̊TйWR"8ѿ&S$3FHlޢ#a. -hPWMMKMoU0;=nͫadRlZ&ʼ}Ʀ)ͫ-ޕϗ\4Gc4탟w_ "Ӆs_CZCO#LjRpC#JEqCJ - -wSTTlP[v42o.˼*5U]eԫUTVE$q%Bh -hbAX퇱@X.C8@zϹdY6\z@YT;3+3/ sLpSZQӾB+4-p~1Pn4}1]\ -XbjOdSowT[T/l6żD)DqX+Cdi 0Ϭi:ZpSڍhjQT,T%is0(g:-R=)Ò[ztXE,<_AV3Cz)DQIִBeW .&ZwnHLc`(-LItT*qP/"fzEd j0*Qn h %~=Vۜ3P<֭8( xy߁fǹ/8h7T1sJQ@Φx 3ΆG|QYgr]$qpF`5t^Ӂ7=_zۮPo`Wɾbݫz>I7IL#eH!v]Ǚ]Q`I.Ctv9`J'EF y{|QkŐ,6qI$HSR"ۧjIb5$ '$5FTI ]hRM -񑐤p?ruR됥:d)FR]\\ -ZJaK' BSVGu>HiJRA]Ve%ew . ;!;g?T -@*RSk%!LZ^Lj>lHk=ѐe^TZjRK*Ո.p允}RF2RTx%+(G Jآ1^I1=$+b0RAlӤ2TQ$ؖji_lg[a;A{^ViF@eR M*aF}Ц 'мE9ub2?^xq \7|$Y`_&ׁqp$}H1"4~lomUx -r=7etmtFvN"r:lsSHyx* 4M~*_`[ԣ f7NZhBes3Š%-/~"I{7 eu{AjZb#SJ}搭SB{ZE\38np(Y+-ծ<=qKkCCp-U0w|͛)u6tFxaMAdŠңTZ#t4DEt>(ڈbDKAЂSģ{9oj`3 M0H`@y~h9o[CGt?s-A>>PDcxSA>3`d D|^]&,hڢzG 0ū̵8X$=s@b,5ìGѪgĆX՜JbŚř?Z%u:p- -/)it9w]mUvwF[P -)MУȂ>Mt &s10?2șpL/F`_bPoi IjAGt0IyfӁ맺9ǭ+O^#zk\l:RUخZ`} O`B҂{:~?Z^pbFM[N`#=a\H)tƑLjS¥$:Zji{xC2.M5"I+&eY%>3ѼBO4#6gVm:&N+>_eɛ7SlXkZ|6Z9ҚcsҰ@ªe?}$s]OFN}ݰVk"5\n)WL -WT(^})꽐ʴ"%K_ׇ4KxoB$xnP] ԚҊ9u?ђ$lqSbD|U:|&@"MC11?^A8jkx1M+O=alQ!}n]bPI;~X2drNMM?M -꧆XO.َ=3K}yæuOc`veOT7W+p(Xr} ?T7  θٍ@ -vދ_''#{~dx!̈́L!ŲRgT4aGTBendstream +xYoH_ᷓzv5zi/ۤzqدŖcZrrٿH."ΈCr8?rHY8&2ʼnf 3.}g2M\O/Q+hr;'FeA\qx" >\㒨ox"ѻ4W6=$8!..^\F^;a?\pgF0L$.Qhڙ?;~1i㘑ڂ'$ǽ,X,0Z0,1/\l6d]UdMMyH}2aqG\04]5En$"k2vxxJ7,I>~>|4qYӲhYlW EJô6!Xb` +\b%S1M sB55X-Qpf=xbE42:.䱌Ga"uG_Gr$z~⻫`GަZd)+{ 1 \?@8r6ht>dulƹ6/wH(,=x )GOnƒGvY 3 Zyum+݆wU$3-a4A0;5=N;N(1<഍m7^!|^̿)W4m}U'l #2ɧw۝P6Nm V4ޖ !/{tNw;8Sm&]FHxYpaBt2CC!*+Ne#%܈gqEt_3REOgHцfU˪!ޮ{ag{ Ŧ2 tpe +` A]0࿬ Az*@2u^)BV?ӰT@N2cS+"/t@ReV EHQFN:rB8٤e=am )׊`]Ê?aCŒ8v rJtm,J藪̨?lSڊ A),(keZf˴Ucyu$V"c9~x +?L L"|7mP +EU-c tNZe˝=` B@Sd+,vvQE3Ұz +R*z9|tKg(&QFAks;CՃ}UxoIS2B?UuC?Bx{)0í8.ǁEeʈ$p䴖V,Pge`^}hH:idW?.2{׾~%ΪQF"w_!N]_D"'eW߲9q4]>d9 ;3+ceVgVέ8O +v[MhB@[»Ǽ(g_0RhyawT\2y$SBx*Z3'T=MTWhYC*?-i^_{c'~@yIe\endstream endobj 1397 0 obj << /Type /Page @@ -5503,31 +5495,35 @@ endobj /D [1397 0 R /XYZ 56.6929 794.5015 null] >> endobj 378 0 obj << -/D [1397 0 R /XYZ 56.6929 651.9185 null] +/D [1397 0 R /XYZ 56.6929 402.2543 null] >> endobj 1112 0 obj << -/D [1397 0 R /XYZ 56.6929 629.2598 null] +/D [1397 0 R /XYZ 56.6929 379.9593 null] >> endobj 1396 0 obj << -/Font << /F37 827 0 R /F23 762 0 R /F62 1100 0 R /F63 1103 0 R /F21 738 0 R >> +/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F62 1100 0 R /F63 1103 0 R >> /XObject << /Im2 1089 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1402 0 obj << -/Length 3130 +/Length 3625 /Filter /FlateDecode >> stream -xZKsFWT 3qRQI YCR__O@ Rv9[[јA9,M&ILgͅ}2,"bH7oIn ervy?\}\TmrH{;3x۫W\].dJ -'^x{+n}?7?\\gW -M_lcp!g -.)>2=oH)W+0o³t_%d uMORmL0 & xݦXh!M?F#6 ۴]EzHuGTCYnYHʼDO2uI.cP 5eAj+w -F˄x܌!bbo#cN為kxÃ͛܀岫Vth94f]y&fO̅W{ jp:fcޅLieb^Xzyk*臵>ȶux,݈$zσsvmˏ'\VOpYՒL%y(I$Z>>R*S=a{zpm\~^{F0 ͨzdBk{<}hRQ -RΙHCpw2Rfn=!J$)`DYSB7ޟfmqb-Vu>5^[k'|6I8 4ݺ}1@: X'9rpa֡s[zPdByuDŽwjy~BqЌWcab'@$z)чlOؠ`?bq -s‰42c`w#?Tc 1A EDd!DYW.&0T"2ʚC:dacWT(fB"nb423py doXS>!l4H#(\;;3HSUә//f88giZZo؃;().&G%H)l41@'DU˅W#`M \&ZgϠG&Yeިw N4*.#=8_Y#:ͅ5yUd!JDrӃ 5@|USz:h-٦ꄑagMlS>;{t.z-9"Jԑ!qB=Saͅ-_H\3tX  F= /xG:ijH5Ȩq;8;-'hS؜D\~>gY_}\چ"ҟGP.Ii23C6GMdJ@!?:syn9i9>"jk\وׄC.|xHHГ YWgWJ%̺K]QtXD?I‚p;-:.4"icn $D*o.B%Q@_ RҖ8K[ȳ#b2åϠ$[9k}E̟v=wVT2RIj5 Ta&INy+*=*EЧTrŽ9hzeDzzf&G*Ml`{,՚Q2*Qi,2] ANE QlohUyϞ'"¢ƪܖuo:V4V# |?[c8-Bt{>vŬ;J(CϹ?:wtH13oH!-I_@ *M\2R&&XSFc^^{%C`z]8l'z`40,πO$F5'48U:fa3ړa!p~)H/{Tg(R ]?LO5HY1;?YtY>R,TT&LO)1C{MJ9Z nCi~EOXNlURyR Cj_,; :ۚ@ꪻS:g`*T;wOt~s‡gw?LivVN|a_(o9E/@8鰄N}_9wB圈L6^RE>HK϶䊁{s<'_#Vr/&^r/Mr͸kcBAۄO"pf>]98g7Mf6K3* LYW -'z%}5w9Op Iendstream +xڭ]o6=ogk(>nw6AD-47ʒ,{ŏ!97f~jY!Of'JegݕCwWahهͼNg\Yf_R[9ObiS9{jy7%ۛ?Rן?^,Uf<ÙnuM>ᇷ~u}_% n䏫_~5l+)*R(lwX#lbLl^tn^o:Ef$-r4tiZMQ9B!b_bm1޷J>'(tP8*B; i?@}b`E͟햚z]Թ˛Sso5}RWk-5jk-\vw8Po1*m*9C^k`D|@!"P<4EC>:DAm򾪉h=sz +9[G$G:co:/:Ϟu(p:8?T4$]!TX=`3w`zhP(׍ؗQx&YL42NA3e D!/фmZvE\le-XBaU[W#4$S{6J"Q6rcqZQLA=dSܵr#jX7MyePjHL!Rz-CDLtK^}W=T7/^ 4]49TW!vRsx|mfSS(whd2l1N`$:1A(RpdΒC_&d`4X8% Kui`ƴAW$Ob>3!S7:DomQ5t l9?T7xh]?74U={Nw=ׄ8]/^i:*wy:5ػar.*7#~ԧ04obqJD3u& JQi9مpxl/{}G'm, Bwyjbˑha ܇bXA3=OsnЏdoA*%Jl[s\( ̅= \\Xue>E50߭s<쥅rL rZHɣ: +gb>WļMw y{{VclCgH:MTb:d=oʟa*$Jh޹g|Uj0d㔀s­,vltQzf(JcgѫЎm&[#-dYޒu`?DC 񔆣k&|cD=}df~b{ߜgJg(tL 13`uҤˑ<>쉸ۆV^B]Qtk/>yAN^'_@:}cn,^N]F] zƷ4: +TʧJ>Qĸ*VkBgĿPӦh)Ӕs0-٧N[U/5вƀ;ɪ:fC -P 2=>M9WP7D]Ȯ ˀ5apA/ : ^LL\84%k8˧辡Z80~y2~Kq @[fPEb/(K k#Oӑd#lR*qYv|Pm8oڈ\<ށ}ud>!2dʼn$Q!|ճ%WX%P2.hG ZF(aq ;+$"'n| >hS|I)b- e`Np (ݓrᛛaGaS ' O5.P +i2p!\ +)9aepDwt8D:R-^ϊB+ +=T6 prXL @B:;0zif㹿  ^uj[e:ƖOc]f&1"hE&]zhLȩPzne]17YN2[SOăRӳ1>r^2.H)HxS̛Qjȸƫ)P~ܛ^c>ĝ82ٙ +PFgFy=f5vyendstream endobj 1401 0 obj << /Type /Page @@ -5540,27 +5536,25 @@ endobj /D [1401 0 R /XYZ 85.0394 794.5015 null] >> endobj 1400 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F41 969 0 R /F62 1100 0 R /F63 1103 0 R >> +/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F41 969 0 R /F62 1100 0 R >> /XObject << /Im2 1089 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1406 0 obj << -/Length 3277 +/Length 2800 /Filter /FlateDecode >> stream -xڥZ_s8ϧ935E]mnKO{ Jmy-9}Pm9Nۙ"Aj$9/|Q[rBaÅbI"~FȽۻ djt;mA~~ï7o.3;r>ܼ77כϷW74ǏQON3Lo_\]n-*ip!\a?]HaF;xB-/3YcRſ;8u~J -m06=%\Qr gb۔cгZӌ 8X,dUE,3IV>T kڢ-ײP@Y%dS=ifV6KkũW*Wvv<ݲ3Z hȝӑ 0ͦg6.u]n.UOPlGrGSE=lW{z-l38gB2QwUP-Ȅ`k -V,O`[D2I4 E=J^'*z)vSUͣسCw䩝3H-K\Մ==4GpiG ]lUR8?]N@X"G{x#(1yn׎+[ vqGjXϨ$;1+ jy d -xr>kᄢfSdEUng^LAf^Z87Smt2|g)|S6H>͸}G}\gZD3PZR0ov&h}gzs=_9D $LBswZ@N kͤ DD4@Iq"g5:vY j_pbC0\K8^}h{?eE 0lH+vyU%Jʋ"3\oXUG`1bN\hu?UǺ'fk})Ϩ[ZN!}^ѠMy砋h0A@؅y d?T0#7mZ'wG9JXTbd`!yٖe*h]uL4?dH]99IQ<ݍ_°#!KM/it5sƽ^공I,GA"hYhșgOwq/P -v¥U,H̃7LEn2-QB=}(A,?!smd"ph3YKEqd#C -^ 0daUr(b7RJNŰgM~AmJTt&ʙ=uC~"Bo:`Ct°BhS  ЊU$Dw%s 1 Sa*L5eتV`_fݧ$DoCt2ySD8`ULRVMKJ_v}1}j"H+Ѓ+l&2КMmbm?^.<j]K?e]C*k6.2q9F[ɪtmp()l"XŦj'AHmVv pmN*J -t#/hs7\I`pF;TYkaK'L~ Ue_3qG?8{Xo]LoR6'5qG NOʜ;,Ǎ9] }ˡ}83IPM2)# |-߰/u+0ߤ&Rzį⹥&VDrxЄtBJB3ƟV`;{0 *G|3P-=Ul#c'o !߮Xs$t0'E ] -+`qqGU) "7B+ h@p,0 M>UvFV.v5 QOhVxK,C q#zfK(Uř0<'5ќJ=ڏ:u ̘v Zj eԏIe4sȋG郵5z/g]2]83 2gk5A>C3"><벽;ʐQ&T﨏џIK S5LU5<ϻb埳,ɨ!䌪c&O"(|>]pCH M7γPo7Z~4$ HcI/﮿gU3<헜JahrI@QکouC}Lﶈě#++&F -`}ҴE,bNO[Zj<Ѣ¼]@_1kL@v^wt4РP$8"3yB -ɬ=w!56Ur4c9a F-r5X\W$CX=s2NO‚~ݿ *=™3RÞt $Lendstream +xڵZs6_g".OibI<ܴ}ED~X"%v'm2cr؏D8&Sf\Of'lr kOxFie6q3L=^6euKbRxy~՛L%/OB_7WSn5Oͧ+Z2Ǐhӫ󳫳˷g]trvݝ^$/I鄥Y= KsbrL2,N>c[O i2TpmZ۲( +ŐT;'SciUg^!'NkY*2+&))0%*TőTK9R|<\OÚԁ)&ō'&637zmoʐC e[|6>Ci\~8ރm@#kГ3Pn0Cժ4@K|KM)~hj4x?ַ9ߏ=]HeS#d`1pAu'uj?T_ǐ + /^U!#+Kp8ϐ18VYCڋOb+3Ahnx*Ē2*It1*'(h&:m΃n몱z#Xם~ x'x1@z)O/SRNtGZWL\V4w uN/bw+}9tRi̪Ba4E5!lpp0Era{4j|}3T $<01EoyW K&AڏOdXZ\߆TqտKa|קrR>vd,͋H#X$P5c۽$ȫE~Q5׾ R,9]h{~Za`a^c=N%HAW*"!^|y[PX~Mˉ#g-4N-zŞ)NA4,QSL8]'E}?VBօqiߗXE52P&TpW"\eZBɢy=n֥L/Q|V}DF輁ǒ hJ5ˁGejCzd'vo'd"#̊~(Lw⨙Ƥs쮮CC,V>a ZaSuݞhi ED0$<}䏬B; яo 91w$k/jgywC R*HW&@N\ɉ+ݙc+wW:ַ 0ކEG/mݗ$nŎj ћw7>Rn_+!1OJ.L\`($ +ЇESMXOBP "M1 +{7iB~ #%ɾw<um+XﮠcC|/Ae{?)78#w{Q}U7MuMuEאtĪ  +؟@Xwo н BNH- +E?c?endstream endobj 1405 0 obj << /Type /Page @@ -5568,149 +5562,146 @@ endobj /Resources 1404 0 R /MediaBox [0 0 595.2756 841.8898] /Parent 1395 0 R -/Annots [ 1409 0 R 1411 0 R ] +/Annots [ 1409 0 R ] >> endobj 1409 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [442.7768 519.0086 511.2325 531.0682] +/Rect [442.7768 250.2874 511.2325 262.347] /Subtype /Link /A << /S /GoTo /D (query_address) >> >> endobj -1411 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [361.118 239.5449 409.8647 251.6045] -/Subtype /Link -/A << /S /GoTo /D (configuration_file_elements) >> ->> endobj 1407 0 obj << /D [1405 0 R /XYZ 56.6929 794.5015 null] >> endobj 382 0 obj << -/D [1405 0 R /XYZ 56.6929 578.6855 null] +/D [1405 0 R /XYZ 56.6929 318.8054 null] >> endobj 1408 0 obj << -/D [1405 0 R /XYZ 56.6929 554.0828 null] ->> endobj -386 0 obj << -/D [1405 0 R /XYZ 56.6929 323.1321 null] ->> endobj -1410 0 obj << -/D [1405 0 R /XYZ 56.6929 296.0587 null] +/D [1405 0 R /XYZ 56.6929 288.9425 null] >> endobj 1404 0 obj << -/Font << /F37 827 0 R /F23 762 0 R /F21 738 0 R /F62 1100 0 R /F41 969 0 R >> +/Font << /F37 827 0 R /F23 762 0 R /F62 1100 0 R /F63 1103 0 R /F21 738 0 R /F41 969 0 R >> /XObject << /Im2 1089 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1414 0 obj << -/Length 3221 +1412 0 obj << +/Length 3454 /Filter /FlateDecode >> stream -xڥ]s6ݿBoGT,sOI鹓=ǽ>@Q E" Rvn2X. R& fgj{8ˀcEZh^&e?tswKtz4K~x|:Wiw7Kn2 Ù~!軻7?n]LE~7Xõb,LxKyQJe2͔athս:?4J/̄\f)ˀk\TFD. >倅\cmᆩQ&_|qpĚ9YN̤FNo'k=li+'3Cx/s[>#`_v%_svh9 (dّݔf]k8|^(s*- \ophz[vM@L_(Xy*)^Xe/+3}5sDEU0haPnC;D OGǵnL6BvCoQ|:R /Q%w`Z[Q] 0ƒO#lM?s6[z*Ύ|H6]tOuC=]Zoڕ0Z_$;P+ K(%:Ķο-027^=%ZEJw_>lO0ܛ`gJsy/YE,$zYݸ[/a9kbae2" :͵SBkc!2 ,8KUR岪npBQ-3x@Qq MTvXM=DDECM b*yOK=F\/ hRd Wr((к:Д^6">9៣l.eڤg.R:wS5RLDNH]>Y1c>ƁA زz$ȓN -Xo_\GѓaAbܗ.ō)̧O^n\eNÒ_|:ۑZexYg"pP!jmMȤ˅k]'eۗ-8d)Sxhm-T.L^_# ^#`e~XB4=0_tEʅX3TLG 2n=Ġb=p(чĻ A;\}?C0Ck|2! Dg<5RGFOPIĪƷ9q5ZbppD˒ihn`{U,'_hg25n xa=Gf4W!Wo|rx8ƍ3+?^ۊZ.-KyV@̦@'>P14)k=gL%eka]$UڹD~5s4> -=2sD3i  Qx`}~@nΏ>U -]U.wQ6z#ɕnYS5تU_CyPKh%f.3(EAGNSOVٙ„̉pљg1VO}YK!k<ҋ&x;Y0М4VtPfPԡ;W>ahfbZar ut?-H.zyBjz\ -_<<"<}љIYUft)b\*7.A9"{3 3^rĤ/N8A" QY'$6eHPt -t,> ɩ, \_Y>kpR7|뷢P$jALIjEgɇ 8 -"޾3-P/A( ݐV^ v~ 0RGD lɦBlo-[t3]߾W%pW50EnK^x-]=y5rx6:Jud/D/}ON\CXl{Ay"dSOlIG*))B?}RWrCȁc::i6t1j%:Cc'ctdp*zįV?v]T $=WP{\n ? 0j*$17C q ~xKҏnT-O\u[u4 4sLIupGR5>Q͢Ftʣ $܁̘{ 3 -8O~[Yk9-Vs4YWHǟhjsQ)4ifD>Cendstream +xڥZs6_g*Ir)M\:mҳ}s>Pe"H%q.@Pf:A`],?1MBϲB'&fݤG{w#f17YV&+O<|Ûۅ4& c?@==^߽}훻7^]^ >x7zw_͛x"Uo~-a?ޤ*r3/i"Bv7ڨh|_ah}:Fe6RLm)rk6i?C#-Vյê]w~". A#O]u\nؕZWP&u2K?STZy˙%nX> 0"㔱p>؉:;qDR&:5^iG(D43jE8'dټZ oq*VY".FҜ@ 糡 +Ȍ.DJ!dS[ jksh#'~I9{M<VlݻZ|=o= x8Mrn!zbS–qx:߄tɇYjz(B;Ԅ/q^^uc;7cÂ;͚mDr Y3&ZT@U{BH&_&X$~6 =b J=Kz w{ɇ :D#h/{ ^D+t&:+KLu\sˇ :@5z|.Yx~":x!Kmw2Edjx/%>ù) *sF +9# 'I[96S3sMoTútpC2f~C}G6{d"UܫOk]}E4ey^ 8ѿCͼֳ Ol@sXjF僳,Ug ˴{!AKO@};zUtXE 2|0`M^(+Q8>;nռd_Jq^ò އ 9[@LꏈY<oZ.-#aI.}-0r(؎=< +-F8̵!̵0m[ߕNM|16B-2#z<_r}cRN8/AC i 2L)rT-<Kaz*y˓Bk՟cN0jݫm]5yL>8mG^tK[.@R7MμR +KyvqB&OܓoJ;. hVB/ A|Lu٬w*׍[b>.&M +EjBq)&r,PCTp}ˮV}j}jU]ޚ5?6+ +`HSǪ8f-($NqܤHT*c?ФQ(!h7.;m*96QgtkqY؅/@tLuE<եUN.AT ^2W14| +)EthB.ڷMÛD=ZiӿyG=H#2Db +nozA(2tW0Fi/ ŕR$Kq\YA-z!h;ÅgqsƟuy(\zAb|4ZK.}XX9pg~o"L/5 /̅Hv-%ɞ2}Qvuw5ȸA#"Wvb`X9jJ^ 0Œ T7;m6Q2`G$7@SBxhtX@~iŒ2M˗n,CۓX lĊWeoXbB{TWNS(g)LjB 9-S)axۗM;"{Epm?(|1 2*Io߲z*(H@T3Υ@_(=B ,LMө*{ժ2LN[>5HG| 7e}eǫ +eW |aca*`Z wۊ%Ne%[޶x)7"_※)65]_yڳbGA&QX9F^cM[ʊ*.BB0dA:?E2ͽh˜DKu#˶1\IUfW9s|<c`Ц=5p Z ׿pg4UPe٨h<ԣ)+OO+1xgYR(TB%BuLu=وۇkW\ PM0w@ep[ +qS8qp'}>nǶ)B{訃 nKpuA@vnmyկ,rXW՚h\V4~d7RIWM{|DK֚ܓ4 @#h3;m>Wؔ3EAx=H*f$|o IoiXƉ՟ EuO~hzh߽{AE=V?|+܅_F d^OaS:#B.`!W 6H V7Rl$?Ȣ[}R2r)$'a ÙS_C?qK7}O=ȜmgϞd٣:fXG)hNvon=o.x57/s`ryB9> endobj +1415 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [389.4645 694.3759 438.2112 706.4356] +/Subtype /Link +/A << /S /GoTo /D (configuration_file_elements) >> >> endobj 1417 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [375.4723 564.3095 432.5882 576.3691] +/Rect [375.4723 314.3269 432.5882 326.3865] /Subtype /Link /A << /S /GoTo /D (journal) >> >> endobj -1415 0 obj << -/D [1413 0 R /XYZ 85.0394 794.5015 null] +1413 0 obj << +/D [1411 0 R /XYZ 85.0394 794.5015 null] +>> endobj +386 0 obj << +/D [1411 0 R /XYZ 85.0394 769.5949 null] +>> endobj +1414 0 obj << +/D [1411 0 R /XYZ 85.0394 749.7681 null] >> endobj 390 0 obj << -/D [1413 0 R /XYZ 85.0394 692.8552 null] +/D [1411 0 R /XYZ 85.0394 443.842 null] >> endobj 1416 0 obj << -/D [1413 0 R /XYZ 85.0394 670.2188 null] +/D [1411 0 R /XYZ 85.0394 420.887 null] >> endobj -394 0 obj << -/D [1413 0 R /XYZ 85.0394 102.3833 null] ->> endobj -1418 0 obj << -/D [1413 0 R /XYZ 85.0394 77.0969 null] ->> endobj -1412 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F41 969 0 R /F48 985 0 R >> +1410 0 obj << +/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F41 969 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1421 0 obj << -/Length 2691 +1420 0 obj << +/Length 3290 /Filter /FlateDecode >> stream -xڭ]s6ݿtL$8yrS'鹾IP"Rv|﷋(P&X,x, -QDy4oXW<,GERd"-0y-\tns?}yK7?|p=:x@K)sۇMBMٔ+ӅY؍(X (kJ\ACґ"d:-o_,{ \6ht <.mFvQN5똙Ċüd~ݚy|{k8j} ץmZ8직7?9w{̺aJN` cL]vX(ڔɔ,syk+01k57O8M<7e37ԗ,Dp_GM`S2O$eA GN;4LIɼ1fpiaiwg?ÞSvmS>n+[7q9x!lu/~g#E# 9jʯfIFܺ9 HZ1)%!v'd l d -Hk ;pHfv>L>xbu=hcYOLe &ƞ h=DyШ_g>e7!$"w6S}ݤԖ}dB Ef V= =Xo^޾h%Q`]gHW}H\A6vt3([ #ѕ`63&V]rlAH·n˅YJfٛ% 0o9xۓYU$ -̦Lcqe94 v4vEg6 ̩9^͖*jAX -9w4'uݾxJO';Z/&T# $[T׷[ICPn -{eKgV<񄗒A/k#:,A\, Go01`Mpqd9;b$vH>^xdz㔖J`*( y> H||gAކh:nuy;eyhۼm\gl+ٛq*vlO R=ZҢH#U$@ƿЄ1 yn -i>y ZBmBpy"r-"DI+H3ŭ@nB9+N,)BE@/hK`QHB -Vփ,FD? Q -BVLV.$JFJD**&[[Z@s&f[il3h } WY@Q.(c!"1hY0gLp3CEų EcHn-D˅)vspmVa(hV6_e#)w!z0mGOc%0ua~%c-\Ih]қzE -!ka=g)rqHr+-kLJ qg`5s(0QAԷ6΃lwe3q* * (~suTLMK$-b").7 ڶL~>L*wqX8F.Fg*Sq̰k;L;|]>LU,y|[VXѬ򡦽!`jo3HUv]jco/q ::| mfYG8=y y%=I>fpa jGmUIU@3Uv#C-G䎻# YVTcVj˻`^Eu]͈J t/ŘP*w\tzY U[0ܷ 7w5zkw8Ij WTX.a;1`=&{YW\w\6=A7N޶ 9ߍ7%a gf$?Pv9{Mo*V?0;HdG}N2"d7 v!cm@DT -kZ&a`΍L "*zJDϦe7x}S9?>T|:.(k_72oNzKm?u E]0EN*-}_UN䳀VLǔ-ȳ'X,endstream +xڭr6_"Gg:Lfe-A6k(R#R(_âTeUfh4>陂?= L6K0f퍚=Cw7Zhh1fy{̲ M<[n@-׿Aw<&|Ӈۅ }xw Fzw o>|˘?>޿7n-jeq!o~]ְoT`4ef #DS|᠗NV@c ʲhDY[ \ /޵E]1 ,ڶt ͭNjezEZ&8$ZdzĤAyN/C*_O)B*_ESNM$abQM0@m((J=lm}Z7Bm͸C#7^z<_ A0VgөuXE__\s͘-4q:ȢȐ^:B%Iiܣ8lH,EQ?/cQ!gV;u_vp{Ǎm*OJ^)o3% ya M[|⎦o{ZizE06h^B侬[55^ i [y[Š%yUTu$ !2[eCتí=:fej3O*O E3?t.=ʂx'w:߇ެP;!_g) !ÇmBa2SVdf񄧇j状( +Tvws M;V^'fAVeKJV@oz[lGƯ5~pxt*a֝r0/€6 Gxov +O:Q +N4)ڂ-o>2t@2-aƓ/frn4>u%`̃͹El]E,ܱA_jU-߬3vݮ,Drt"彄fLp[P]q@mr>*!5a: P=nQM;GTԄ;GFAt$lR0̢,,Ү}pQ lJ܁l("}،m~j_a1v4 +0 +DB;Iq(Sy2&Ĩ*1s}BwqD(/1 =t)}/m^ZQW ek<\8T}Bl s0jFԠKҠ L\ k%_OI]̅)D9l" ]K:4\:M]>LMQ$8aƟg C%]@ZJ̅U DP{;8߶X- cnv\<{Ypt‮]gS$lg{ LϘ]nN^=O"[VU}b2 QORb|m\5!e(mt}ry{@Ax]jB6P:RP U_G1oG] 6GZ9j6Gqgm'DD̈́Yڮ=_3?{,La$ A 8fy`Y&~̾aEᢄbșs b:!#6J@>k$[Ց4t[WQ5Hd +PvvaGpsyA .IA?3m@jz7X802raWDc8MP]cT5:8NBFabǔ]K]7NX[boOɗqÀ}bTэ6dӵ:`9?m%r\ OX kUZ/m VaL +&l/O +{Ie>ON˫y@9CLy|^,^EI8ުo9ϽJ`9V o1`x);gvrֵۦ7:±x(!$Hh|OeήD ZqoLa/ѧY({zТE CcBÕ^gL7c#o/_r-X*ɇZTYn/gz3d,)ORnT (~ ƿ +NSuʑ.6ho95٭Me/%-"Vzo,C.[GGH@R,i)%tof/io Sd櫺>Tt + 9> endobj +1421 0 obj << +/D [1419 0 R /XYZ 56.6929 794.5015 null] +>> endobj +394 0 obj << +/D [1419 0 R /XYZ 56.6929 561.2205 null] +>> endobj 1422 0 obj << -/D [1420 0 R /XYZ 56.6929 794.5015 null] +/D [1419 0 R /XYZ 56.6929 534.995 null] >> endobj 398 0 obj << -/D [1420 0 R /XYZ 56.6929 390.3986 null] +/D [1419 0 R /XYZ 56.6929 154.3399 null] >> endobj 1423 0 obj << -/D [1420 0 R /XYZ 56.6929 360.9106 null] +/D [1419 0 R /XYZ 56.6929 129.2851 null] >> endobj -1419 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F62 1100 0 R /F41 969 0 R >> +1418 0 obj << +/Font << /F37 827 0 R /F23 762 0 R /F21 738 0 R /F48 985 0 R /F62 1100 0 R >> /XObject << /Im2 1089 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1426 0 obj << -/Length 2947 +/Length 3181 /Filter /FlateDecode >> stream -x]s6ݿBoGD4>Ip&NN봎o-Q6'TOvR;&3X,?>3:f2S4Sf\6'=: ͢$>E?\\/_|՛TE/i97~(s>\7W^tr~%/g/?l 23zv,Y&fe~f}䷞`jNɯb4ֱ\Y D.i>w I՛diSryi-PSjM'Kb(Z -b|<'Tܲc#<21SY& 'U"g1{WÅf]~/y p?0[hr[w%qp@b0liLNXٔ- =^p@>3):<R|㠶h zց|~/:5}wDFG@᪊)exsP'ͺ{;K낀οفyҽŦ>uLFXpq޸,y{ 1,a5KѾiu*}{g*X8'ǡ Ib̐Pc=!5'{4!%΄źuMwn ɫ@@[BυbЇv['ʣ|TmS^lTNѮ7{,նpIsz -O!ŪZ=֙ 1LX(!_M8eܾCB4o%2tKu6_7mt=۩-9b,]HDWrA F/Vez蜉q.7Nx,ImѠKѤ$|8Z&6yvzd?Z -.Q`)[x3+K$b7FVIB"@!lHO=%I|ՇC'!w,IU3ŏb]߻xw\ɫ)$&OY(lA Ԥ38 s 11Gr<$ydH:Iddsw&){ߑIO)&U#i  2iHp*-W-%yz%~$آ@r:!'@{YwAԕ -RSa q0&аYl4w >hQ,):fI5hvM|T] Nf}0]wm^(ԘC\¦{am.e7NbnaPHkxdϳ8I>On8BO>CZcEV2ẏ(} ea}M@A*FL""z"@+ߕ GRܸd"kIe|X SB` ѹ<۟ J!{/s/Z-RlchDXw$3Kw<$91Q'k)(b2ձH!T A4B89)_dƒȨqSn۲ddt1 c 1uB _QKϑ(J4nEgB'YuH&}{=tJbL*& r#Z# JܙyT!NO{G - +}GXZxJ'nLb!Y*`_mO_mX! I8sjq`|'yۖ-0,9bpZ_pV0EMYf7O .`* ]DSf{l5T4)9v9$u Ciϱ(J˵%B }l 5Ґ]m2@`0-)7o/o vGE2gXg EK#t洗҃g/x0h1+w/&PAZ"4>#ܗgN2ob;IJ!pY4 ^0WCW|{0e2=V7VJ{<$hU6Ur–ބ -@^DBT59|7964)py f1p#vxw:#Ҹ 1S]n/z [Kc+8qLp(dqS<&8l eq"Hto P EٽI&p,b 1O̬a\z.l=Lxy@Xݝ]U,gy**eV'o~|\|nR|w}=y}} u^ysu>/=^|Ew?]{+|[¶:L̞s9۞iJzѨ:%?,3VfjJ&g!`ѶC].JI.P<~K˪zQRk;6imTP^(CmUfUKuCm-@ :lh<Q3>fQlP<6h 62`!Y=maי`$:Mq0cH̲͘,6սjf9ggaijMtL +DQ8w@*"er5 Xsťggq犐" qy,T <)M2:u!33 ʵm+P^3/5J&ܭ̒÷n:߁&31}P2yXTi>|)hU))=i@ӵàGL}nTfJoKYP:.[ף$i7q_-LtnTpE˖&ݼm%wXf-zŠD:,Svy u}"K`kPDr0[WQ c.&98eٕs8Nv&6#=%] [c1ovHe gRߣkq4 57u">#rp.3fnۀȼzcj^B2O +CMՋ)hT Gk~ݮtt2g8ΈxءyUpTbd)FWʒ}Kw +C0_zzdC,e ꑢP.qO0ʆtG }fr1𐃀pX-u-`TC.!qϮsғ.r;1, Cux\ lj6d侤cCH1tF·i*EOG=Vt*h%: S|lPӏzJH*ΞNZcK\ؐ!uC6QpqA\:[<6p +2qaͱScѪ:cRr8GzSFb|d3fJg?2 ưjN=yL8P`/MȦ򏘤M~C&ŗ!'Rd "@9NۦΟX!ghB}^8?O^CTpNFI!'<-^6A*yuU%-% {DwxS;^y؜Ya,M]Bz#ZMJ +A4ld7$(gK©OT7Bfo-7+Ŕf2hU&]7բ&I5Ӏ VC 2Hz1) ʥOZbM)_ 2S6BkuUStXE`GK1Rh=vR1W}p%R2H AFCƢ,Dnqz||~3 eZk /ێNciJ,d[RXȲ4W7<&914Qn+vkj _b23LfLRI?ĝ؊~9뇀~dҩ5}./+`U!PfEUBw5D)7jq?.E3B}U>+C27z9Y|G/g#(-Gd H rK-)WűEЄ0C]ЌS~L4 +%} Ţc qSI̓%'v9FOg !Fm?/81a멸_>256F=k"$`<&r3垰8oYe1'ETR('S8q':IaBG"N$ֲLs9A/zc(cS= ўI$86^Uqu JsLt]*o q)&u ЌuՌ 8Hci5>$<^ZWյ_=$K(f 3/ s  bul,F7%ةaWKB~K_'@'؉mw?^vaUrdȱ?1%2 5Q;W:,zXwySfeܳo61Tendstream endobj 1425 0 obj << /Type /Page @@ -5723,14 +5714,14 @@ endobj 1429 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [242.0197 604.364 315.2448 616.4237] +/Rect [242.0197 397.9224 315.2448 409.9821] /Subtype /Link /A << /S /GoTo /D (rrset_ordering) >> >> endobj 1430 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [238.0484 525.4389 311.8142 537.4985] +/Rect [238.0484 319.7982 311.8142 331.8579] /Subtype /Link /A << /S /GoTo /D (topology) >> >> endobj @@ -5738,31 +5729,35 @@ endobj /D [1425 0 R /XYZ 85.0394 794.5015 null] >> endobj 402 0 obj << -/D [1425 0 R /XYZ 85.0394 674.157 null] +/D [1425 0 R /XYZ 85.0394 465.7379 null] >> endobj 1428 0 obj << -/D [1425 0 R /XYZ 85.0394 651.0501 null] +/D [1425 0 R /XYZ 85.0394 443.8076 null] >> endobj 1424 0 obj << -/Font << /F37 827 0 R /F23 762 0 R /F62 1100 0 R /F63 1103 0 R /F21 738 0 R /F41 969 0 R >> +/Font << /F37 827 0 R /F23 762 0 R /F41 969 0 R /F62 1100 0 R /F63 1103 0 R /F21 738 0 R >> /XObject << /Im2 1089 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1434 0 obj << -/Length 2656 +/Length 2230 /Filter /FlateDecode >> stream -x]s۸ݿ'sBIɓ/gsZŝN'ZmQ"Rqt. RTdbboEH%$\GDQFw s034 ~>yy!H$ pefpr -hNS__:qE_qv~gos8?^^3G/WoO?^|r~˨0|:FK`JT/0y:J%3wv%\$|B(I(J& -߯ ь ь1Ǘۣ-xfa JķuU_/jSoeU涧,)eݠ{T"wQ^S 5>%nh=,^zQEPoo@젒4XU7媬-N{ZԀxxoGiihmx5xKbI4⨘ͦ^7_Vې4;eq- Gݧ^ 9#(EiFxNBdmpb&%p kfz@*MBNWbi0/@x&8?LitG'8e .;Ghe S~>oW1/$͚zJ=Gg:qGuF%AcX `UN(ER%Ԑau<5yљ|&lՌTٳ0 >)$m *=9IHy_XߠծjE9 s H!Dۮr=_77V'n]S*lhOR~ tOŎ9D\#Oʦp)pL9Ŷiq퇇#}2onpBB@Dئb UiMYtmi - ,qLb>#P$wuކx¹^H WMvZnY -\*/ oBP2al0l)X)oq{` ,\`x ]؄ -QФdZ h:X:(9f(!xBD=zJ IՐp)ɲ4R˓4}JƁ,Nf,Ĉ,H7)9Tyk*]`Xp)=tӘ5Ӆ3T aQMF |:P` -`PB>.ϖXq"@R)u`6u31wBd.EN>h>M16x6p'h9,ZkPT>xȵŲ^)# cJ[_Lq XrG 9N0GoOA ^XAk2X9[S%u74\+-?L"Y,ns;nI32տ]Cg :$.sA6Ex6Җ-D.}۴Y 6yCK1{H:r͋q.( -H_&Ȗ6d Bh޴&0f.%HcXUwK?ծv, J<SݥW.[}uന& DL](ƟbBf${h*O G)up!~35ʫ#)"M33gN FĪJt>($ -| * aގDFXhG.Rz*Jdy͹B*(=GP@hJ9@*6_/Bw|w~vAS< n4 -#K=dy".S(_+K\Wo ]hHXM~Q]vz9э=opMH"(49"r|4[Cu@q!Ie|ʫ| 7bmqsК>}8@ɭ#sWv$ո9l <+%!`:rQ&UY4!S)ԃ lф;bBK+F.ät:݃\@1i2*8Q{ת24&!1Ba崗xyO5,ye)ᡑfݔڜ*F]tMZaFۢ*r̋هiP()uNI Trڷ.oY0f6Mi361^bJn]_g^Ɛ1Jt`bNѱI /B, -^rU`S۽Q)LpY K3؃'2 ̧>u,zH lwR30gw#A&3E< + :9ңBHOihԟ5DOƧ$O Ӣ\'ف?`ÈPendstream +xYs6_}S&<9;uuܤy%"v Pt2Apb? 6M&:4%Qr3fT?.&"$\O(bC '']]\$Ɍ+\\|7_~9XX-I;?^^gb|a:?8_>?x;9_4eTE>M>|vB#5JXf" J +gɿv(~.4PW&4T1т '3Mi$/ҺzetrAb1+-)9a:"K$]qKי?Or&Cq=g)]^,̓N _?_h_8 d&x]|"j4X'1H1:st&Pe0Jv+ +bhp$oSTuք(!}*$IpMQwu>9򢺳3\t$8q@B\s'%R~oo +X 6G6OVp)@pL9Ƕi C0DaVGWzN7`mdȂ F +'<)00qu:Ԇ x޺|s ާ>ɫG8nQ]T  I(}~YkAMfxfyEjgEn?kxb{Eݺ@5/>:ʹF(T81"̈́?C 2&U nRcґ^^ڣ!},ഝyzo~Gb:&"STn$>H!R!0s/\DR n^Zy:ؽͥ7vt~k0W~IB__/02:/>Hthy‡ͥ#>B٫h y(8endstream endobj 1433 0 obj << /Type /Page @@ -5775,7 +5770,7 @@ endobj 1436 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [325.3322 530.3947 398.9856 542.4544] +/Rect [325.3322 327.1569 398.9856 339.2165] /Subtype /Link /A << /S /GoTo /D (the_sortlist_statement) >> >> endobj @@ -5783,44 +5778,34 @@ endobj /D [1433 0 R /XYZ 56.6929 794.5015 null] >> endobj 406 0 obj << -/D [1433 0 R /XYZ 56.6929 600.9849 null] +/D [1433 0 R /XYZ 56.6929 397.747 null] >> endobj 1053 0 obj << -/D [1433 0 R /XYZ 56.6929 573.3935 null] +/D [1433 0 R /XYZ 56.6929 370.1557 null] >> endobj 1437 0 obj << -/D [1433 0 R /XYZ 56.6929 447.7048 null] +/D [1433 0 R /XYZ 56.6929 244.467 null] >> endobj 1438 0 obj << -/D [1433 0 R /XYZ 56.6929 435.7497 null] +/D [1433 0 R /XYZ 56.6929 232.5118 null] >> endobj 1432 0 obj << -/Font << /F37 827 0 R /F41 969 0 R /F23 762 0 R /F21 738 0 R /F53 1062 0 R /F62 1100 0 R /F63 1103 0 R >> -/XObject << /Im2 1089 0 R >> +/Font << /F37 827 0 R /F41 969 0 R /F23 762 0 R /F21 738 0 R /F53 1062 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1441 0 obj << -/Length 3283 +/Length 2982 /Filter /FlateDecode >> stream -xڽr6m骐'IOijk;[@K=קn!QrRSMn4Mu¤Q̨D3[<gp;{Qf T^y/VFy˛XhyS}uG >x/7癊>]˛15v8Ops7xvyןe|^Τ;ȗ_g3H #3eadsv{~Ѭ_:'?-D"s&I^a.XT*OSfHi.tDNiڮU"2v{`.j"BWX8N4aZˢ+ -LeNCχ2NEty T."˸r_V9oϕIā# 8Ikhic4h*|R spdPaC):ݒaK :ߦC1 7E;sq-O oc|!`{tX z5ijY -I愑',]c_, z 5H/v){WE@lqu -]Tƒ\H=uQK.~Ch+P - ."'>hgt[<3Fo2pԡ2<3\ |w:mԒcC/!Eoի-#"d[4eC!޷ h(#BLʥ}GPHDG]@QTn{rx %ABiFɩ)eߜ(췦~rS/?Sk}q2:p-ChaF?-d -YASTqllv4Z(b|Fz_6# ~;~)T(SPwϲ=:E 7~ imžuPW{)ܽ6{MQi!-Mjx2ck$zeK4Md.,X3~rz$Blz]XB; #UA.|"\ -I&jE|_LF:_ccWd?(YzkiS0Q)5^n> -|<9e4~[w>@=Svϖr.uCZ?u@IpuiPH=a5~}Liqqjs"U0+)smxpmP -*1au1>sד_@ЎzIAl <'>:op%g=v׼@l%NV PfETF&*ejQn/|]GXöHarx4aB*()D\_g8uSDJ6R Kyb4g L .qQy,7U7"f:12#|w s",Nl@GYš,#5KG5uk[ccquKUowYι$''B3Ыi~)Mf;KL[ښG{xDiOS,Ҩppؼǖғ6]S5sm8=0R0\)g<ցXYP#]GL^nr{tҫqxiܫqom \`MDvEgv;[8Y~qfsu4ۇ!Q,ʓ6TM^sL$O-0y)0cj@Tn57>4 4CށoG' :y8,Z<: DSER,I1hFmA͖/~j`Cўxm)c:I䋌 d`̒)8誥nl/#=)l`ˀEIie8edcd2MRކ0xӨ`Jevj˴޺^0gh+KFv =xW<Ī~Bl2w>"<C`f~YԞ s&t]T];[VGdIz|ٰB<{pc]I *<v4;ni4 %H}1rLNf&T/f:,KN!򯖌PӘ F)'TS,bkۜ.8xCxsjfrHEɽHՇ탋ЉȀg"'@8weQb?N„UYtUSyRj\]=yS`9&L,zX *qf2Flvj2U>hg(&db~}H!g"X계>t]'y[||.68Z'rV8\U' +Rmm#7 P Ѹv5 + Ƽ~O5#A*;`4` +u%˨KHݾSܒ8=;0qIC54>|Eݾ=ea'ڌ%l&Sbj<:d*qAsrxBFAr }>m0^(AzZAaP*i8>guz: P-1A?5d wtt6*== T?'yppHY|#H{}K;* bjG5Z Mm|9OP_8 /2}W"LkDY{P7{BoCҘuHꩂ_G$!y=SDK6gx +kxyɜ?ƬumU#i*p6DlXܹ(@g. aIek?R.FBnp NNző(~:}e1~uU˛_8$(C7X3 aH-Ҩ+uL#ww;Vl.>v]Ÿw> [`,pz:imA k?z󳪎Mӵ IC{kjfmqq#tq9r"xr`EGORaNҐw3sTPLFtmfj~jC$ 9u¢,096ܖfItTb%(YǷ|0Wo4{'0v ¹`7D$I쯸"Bjf2eD=xz0)H3oi0co +*,@˼~i0VȁIş4xۆb@ Ooe MȥToYO2)xU;􇷳*y΁-P16WgcN%,Q\!z7tj +nUҿk '쩪z. ^&*Bb'L4/V`Hc`>ŽT=nj",HOWc*ѐ)Nkջ g:|s;,$@~?L ac4~h*C+xjqzGhJ=BP~w=xq׈h}/Gx„ѧ oҡoN_O횺3I/8V` % @hRk4HQ_wv"Hp1rU7QlC>urӔG~*$`u'ӇتD`1O;Bhs*ysjendstream endobj 1440 0 obj << /Type /Page @@ -5833,7 +5818,7 @@ endobj 1444 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [315.1789 392.4739 363.5077 404.5335] +/Rect [315.1789 152.7821 363.5077 164.8417] /Subtype /Link /A << /S /GoTo /D (dynamic_update) >> >> endobj @@ -5841,35 +5826,32 @@ endobj /D [1440 0 R /XYZ 85.0394 794.5015 null] >> endobj 410 0 obj << -/D [1440 0 R /XYZ 85.0394 769.5949 null] +/D [1440 0 R /XYZ 85.0394 543.8411 null] >> endobj 1443 0 obj << -/D [1440 0 R /XYZ 85.0394 749.8269 null] +/D [1440 0 R /XYZ 85.0394 517.875 null] >> endobj 1439 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F41 969 0 R /F48 985 0 R /F62 1100 0 R >> +/Font << /F37 827 0 R /F41 969 0 R /F23 762 0 R /F21 738 0 R /F62 1100 0 R /F63 1103 0 R /F48 985 0 R >> /XObject << /Im2 1089 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1447 0 obj << -/Length 3994 +/Length 3845 /Filter /FlateDecode >> stream -xڥْ6}b5UQUc'Y{/I(HE$gI) Zd!00;QDJjnZ޾v ~X<Xkj\p  Qu.rf˿cwW!pvх((2M$WDc(<9]]tˡ<,{T"R?},R(3ZM l{dPh=Ux}La8pHxGmzwGm}iy!b%PFՃ-.8R,D`B)RSl'# )TL-"-]"OWaiahJ^*>ҊǪip`]UۦWޖYzܠz\i7P#z@mIG%`?Ɔn(jjmOJ K}lLDeU4PDy3`/i80@qMdk -4ݣ=vtJQJZhtӰ_lC}p#Xn_9=\{~t$rL'3 FX YdAAHeAn;#k7>.H YYR=sX 1 5YU˱Bx:d3ij~  p؇a?0|&S |@8>vc1fd0H}6> ·aR/\]${ai8҄%bd -9oTp.C#؇)_0"asp(M>SQOLr݇'DQ)hZOBH7F8џ-DB8̓IL$Uz"~\&R jzw QeWQ,<=(+ *p<ٯ:8uHT.AM6JY -% Co@4| nj6({9#:{4$Upt|;noit.Q$0肘 2A\ @/p - 7C'ˌo[- +{>p9֍'|*dLZcStϮ&WS9'K\<\/UtߖJ,$hg.!)?ii '玤>+ʸddjxA胮x Ɛvs:֠qgnӋ#`] 3vΫ҆ Zh5*I$>K"T$JT_Gy.ϞMu[|5úD:3/Ɗ2!Ty"buj/W` /FQihp1qXfXYQeb\}1]gz Ǒ>Y ǃnsn[F| >eK<gb_&ՕJ%uX<UDΝE=)ETwpU]N@hS~)L%qfB%!CpOxـcC =Y[`y.+ -a$WLL'/Y,MmEP﮸ n{HcW#Gf3؉+H\`2j`J,O$#tvV wZ9ق3ͬ1&׀YCIC:s?&$=Q!k|)^ǘ%HĩHA0ߪm2^Kf$*x>S,?#] !#c1<@9e+`m`O&̝gϩT:,ϓfr2Ž J$ -H,ݗ U" Ooi3\pƚޢ0('jlauCMbk2V9#iJ/^4JPM!p5Wΐf`o%A{#sN-]KF bX/狒Yyf/.w`vq7jCc}U씽g~x!"7TBsFx%0~>S -q*د$ n!cIm -HCAC;W-NrJ}i3tK.1~C)΁IQ)޹/X&]Fk;DLt9f ^G%&9:NpbR, $WL aon_v5 R*/ḎCxk,N$FWK -H]k5Rxu/︡G./c'iكV2oB:o-8耠uuE*L ,f=Ӟl-f\L!ڂz?y?@ -(TSKeX| S gJHhQY'?F9yS.c|P`0QH EONFHzT9 _VŷCUKԄ%:х%3ɪ2=e'd2J*-R- [;[6CMeUl&'T;Bǽy!W{D;}eҕ=e:U)ƪjbJk#Iת B?~Ax`XKwi82+=ǠG@z%W'Km=9yQ2w"̥0` t6eb0$\K2'-Q"6}ׁ,y*kz\Yǂl4qv>'V]#Q r9?"}oacN<*<So(2ƱStcAbyqΣ(SW4U';k`]8ϸB _!SfevM710.*vƺ*h颡xU=|Ew3*ni?>^F:ԕZM -b& -yЀƾ$fOendstream +xڽ]} )^zmsI6$-{Փ%%w3%Y(P4Fpgh5Ol,,fIfV9»o,<Ң7u2DGa[+2Ma<ݏ?|"r?]Ԫ?^żƷ>~G3=.,z㻻rs?l ˍ:KR,fcFk?S|{X}:?%Eh10Uf%6W2Y; N[nOyUeQ]q BG&_=6j ἣێ8Xu*ZfC&>fpyAcVJ]CϼgvP*6IDfm4+-M/ܲ+&E\<`)?ͱrWy&B:VR,QV$L.Ț},uYou(P,K'u }mPF 6$ӾXdJ}]w4[wK?襏z.k+bMeͳfk??XZJfC.{Sq. 㧿V)54d]lrPmVeXd*bQRNXJDq.P(L]W>e +XcgzdLEX Gph)9Qd=q.t)2sO8Og蹬*+X`4ܻUѶQXjmDڇ3a Xdܺ05 f}EzXW4c5{>JԘ:kiid퐆neICD(!Ҕ O%c|@,~E Q# w; HCW{!b,>b nu-lTtlze"M!KcgH +)ep3ep3xZtŪ#la9cC+: w-b٩,9zא>eS +aǢ"m9'X,5D>eX>p1C7 "/~r| -~5q^86jpج29o+4X5uGn h!YC CKVLy.t)s'ex`7ߓ|NvVBRX^pxMzmor pwv]ZF۪)me6VG&"SE:`M?K"K|*:d9k0w w? 01 !9tpcLuL2b%[@.8}G&<"ac] CJ 6K&,>CcO1 W1a8å>>'"@:p hE] {0ǰHHAtGc~ˡtao|/o25_a l*mh!=Ⱥ؃CoA*R| DJ*uDK)2041B2Y%A43bs0j >Mrlʶ8oAi4=`9cJ[x1΄Icù5A琓FҎ>J|(}'Qr'ѕI2T쾕Wp|+=< H<Eۭni  +0|7/l@bOիMW?N(`"Z _=xeUqbh +6Iʟ^[bgމk׫{w`%5&U臗bo~t:SbNa;7zwhK!iS KJPp_t lx}_;)l ]*)ťC5?0P~?k:M/QGE(dM"} 3*endstream endobj 1446 0 obj << /Type /Page @@ -5877,94 +5859,88 @@ endobj /Resources 1445 0 R /MediaBox [0 0 595.2756 841.8898] /Parent 1431 0 R -/Annots [ 1449 0 R 1451 0 R ] +/Annots [ 1449 0 R ] >> endobj 1449 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [324.9335 485.9484 381.8296 498.008] +/Rect [324.9335 224.9786 381.8296 237.0382] /Subtype /Link /A << /S /GoTo /D (zonefile_format) >> >> endobj -1451 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [55.6967 73.4705 116.59 85.5301] -/Subtype /Link -/A << /S /GoTo /D (view_statement_grammar) >> ->> endobj 1448 0 obj << /D [1446 0 R /XYZ 56.6929 794.5015 null] >> endobj -414 0 obj << -/D [1446 0 R /XYZ 56.6929 144.3392 null] ->> endobj -1450 0 obj << -/D [1446 0 R /XYZ 56.6929 119.1174 null] ->> endobj 1445 0 obj << /Font << /F37 827 0 R /F23 762 0 R /F21 738 0 R /F41 969 0 R /F11 1336 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1456 0 obj << -/Length 2828 +1453 0 obj << +/Length 3438 /Filter /FlateDecode >> stream -xڽ]s۸ݿBog"hعqR[rDǜФN⸿Xet:X3?bUgq֏g|~:f!ٟ߫x4lu0$b:O4|0)}}~7籞 }sB$Fzv8WtsoϮV.+T_ g*M 43m3Z))nmڥC3*a&2IY` - ʛ7 %}}p@mjp`wyY?rny#C9^w/vQThBRHYD;~udZ0nQ}+'319UQ}!|V7-uȯ302k22,NR3[Rcx-*'^Y~deI,m؋p$Dr,"#ZT]1]Oep1_!pwTC[r=+' vzl`;<ֻ֭.2}{&]۳sE\,Q%f17hm>70RW*$-[mR&2HH&^Md -rպM~˖ECϒٳFpPS,ΏP&a6_Ϙ/Qܰ4\@% -+7Mdwϴ^Mc+lx "?QY$"=!,Pևi}lPL 5 0ŘL3%aD֣,Dg!^e!@kpSY(uJC7d8 *lJӫ֚8K%W?xR$|5okAͰôePT-y!_}'b*M0e}ֱ=PU_֋(T.`vW -E ~KCYΚddbvGo@6[=`\wuec!ө%ibסNO,_׬TT;eRr3^BծB\ b&YgQ =Τ'fϗm=+wrC/™u^|#K*59`ץ alM=svy0T<X}dJ4l.A)P=+Ra]-RjDXBdW7AcXF7>$UYd{cF*[P!!s WY;SG텭\R4ȕ&moFf}1AW{(FD#R1BPt4Qx?i %>]4d?Qڃ8 -cMƁRJԝB":$h -q+.l˒3 A!݇ZR} HH$kYCXw"YS=kXs߼y8rd@ ުPOb&`F -eĉ\J(:rh?H\.4ZCFro=3P64vm=PF7;io$oE7~ |VͮoN~7A]9U$0#zg>7z/R)n\TֻGם@qӗ -~C^{2C#7Oi\i\mjA#K]e*o*7p tkT XGT*˔dU4$/6[n١*㇋5hUC tT)AM"fX//3{ų;V鄎 !PGtaDсlq'#?;ZgYXo\)*^xvdeSҢZM>IJ$yO"B$dabB)RLļ,c{ڧJ\Ҟ8.b.[uor=avn?ת~^d ."$rGBYb ?nrHG{aԶaV Ui6τȿ *Nډ[.eCҙ0>Q, 1]gkpC:;DBmiJS W[wĢrKʢiw#^./>"EHe*p - -B?s8HH\;l}8XG}-7_Ԝ`&5F4TӚq 4?f;yV@Z%ZMRֽ}Aluﱕ(}a]H5k1aCРT#{iǸ?d+ ~_m1O!l,?E66 Fl橦m651alf"RB,:mjf\6{vf==:ݣbRjDwO5@cúlv#tRjD{O5@cڇl^&LǓT#{iǸ>d{c%F =մc\k}{R{t.0WՄ&xm YfTFEތʙ> -zWlǃW@V|CsWܪG{::P Tȱe~΋7_?mpp&N4H" űڿendstream +xڭ]sݿBogN,>IyrξTƗn'$4I[HES~}wEJ}v7 b_X3#&%VEq=l c?\pH!$l,`-1c!eW?=].f8\Ϳ_^Oywu-n>~\p9~3>-~C~򷇿]<{3,mE={bPZFZI ?n46"rmmX +aU%_jWP]5*y+c:WjzOwŶ,Jz5kPYR#sR:=FVЕܥ_ +n k,8[8N J.'%ۭ-m[N5+]g@=P|a0Pо`Яa|dHCZ9Uͷi"Н-Š(m@5Ě0XռvN8 ePUX>y$*m=snuZ֤ ǪUZ?yԏkEꙍOVEݵ 1@'΀/HԼ-zI2,A4XpZ ~^UKTsqz;Sd`0J;HTHF70W֛!~{:yrY:Vs"灈0$b%'b D4"nXnhn䄠fffiMzӴxO#=v[taLTY$iԱ2LGbQѿ"o֕OE^T8WxzVMǚ ?:P#+X<|HC:8s#)%IA(cZPZrrfô7Mr'!8nzJwUG%Dc't0R "bh?pIϨq7u[ɪ{HaIuj,ې$31bgmxw8] Ap;|'QZL1"UhYJ-Ku`'5l\tza93ԗSF~&uB_tDSsVHx 7F%HRfs&|^HRiFK+xKxأyIO?8擠%){"S. "_7U\za&sjc8ڽ 94.٧] +YeJMx`o&Sa$E1ó§F5vʖ]%#N@YV($~SdaN')I3A#P弥\/W8B]$;Y!Øk16葐dA1G6)MH$\%}xP>?#ǽA x93pJb=0t]al~Hd ;2ZM)0l%8hhL7~XC,Ve=`7D G2-.B%. +r>]aW Fٖԩvv[, 2zJ(TTA j}hHi+"e:0Kێ:$$Ǩ.0nyW B֡R){ tKtATN=%VF z?'t 1MG7:zAz2?wpaFMǚ?y . 4|yM.zw̑3zҏdEB6T?-,. +cR hCkoG&3},д2aSN +R[8qхjqyn겢l>H>|&6 *yeq;8!NGH\;!'DҎ!n*{dbw3Aׄ=5|S h48#-gD3.9#lqFlvN0VCN]{&MX.G[Td +:4*=2V 8Ӗ>"Vm`2ĺI(vէ!GHi&8qcUp' ))'gs!u(3,柬˸.'SVuZә)hP\^A#J(SOBorO=W,X_ק Wz?F%4%(y7){R5Y@ !wv;mQ[psԢB5xb[ݟ:ީcR\: +cE`9HͤyxPP/AMݤY'ݶ۟?xոk54q)Z6  e|rRwu3_*=I4 ܣ{=h|" ]w#Mpfwڇ1=" )=Z64jg GK>Ɖc/z TmAEB\9z+yU_Z)qJw!#f1{iF "ɳ_ZKݼ'3'_۽Bdh]:N`Lkwnb记eKUB P|-[mw(¿#2D?t3 Aai@NV@6"mCq"=:DW\﷬Gt4 +T1)pznK$j?*n|M:lr 2K@*4_t ߏ$Jޢր ',_m#)ۻ=߭ywo;n9\+uRGs #ƈHG)K9w[}endstream endobj -1455 0 obj << +1452 0 obj << /Type /Page -/Contents 1456 0 R -/Resources 1454 0 R +/Contents 1453 0 R +/Resources 1451 0 R /MediaBox [0 0 595.2756 841.8898] /Parent 1431 0 R +/Annots [ 1456 0 R ] >> endobj -1457 0 obj << -/D [1455 0 R /XYZ 85.0394 794.5015 null] ->> endobj -418 0 obj << -/D [1455 0 R /XYZ 85.0394 502.1235 null] ->> endobj -1458 0 obj << -/D [1455 0 R /XYZ 85.0394 472.2328 null] +1456 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [84.0431 522.6877 144.9365 534.7473] +/Subtype /Link +/A << /S /GoTo /D (view_statement_grammar) >> >> endobj 1454 0 obj << +/D [1452 0 R /XYZ 85.0394 794.5015 null] +>> endobj +414 0 obj << +/D [1452 0 R /XYZ 85.0394 593.6649 null] +>> endobj +1455 0 obj << +/D [1452 0 R /XYZ 85.0394 568.3785 null] +>> endobj +418 0 obj << +/D [1452 0 R /XYZ 85.0394 252.9097 null] +>> endobj +1457 0 obj << +/D [1452 0 R /XYZ 85.0394 225.1724 null] +>> endobj +1451 0 obj << /Font << /F37 827 0 R /F23 762 0 R /F21 738 0 R /F41 969 0 R /F14 765 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1461 0 obj << -/Length 3267 +/Length 2675 /Filter /FlateDecode >> stream -xڥZs6_Q3JI=Ӻ:wo(s]2LXoɅEl#H&f#p%fVc}6fW*4oA,"o~eUd/[djdou}GS1;saӻw׷_/2TxOW.pퟮBlj 6Z쯴Qhտ Gnd("G3r$@BG -Ӊ$.aW=b0F|O޷#5dH(851n 2 -tK4eHvzMTMCǬz,Oͮi`7˕ -f[w;vDO8`mć^t|ք?6v%D#nq2xF@qF,o˼^-yIv8ّ;mMURYíRkU'j}mCn@b|yy'z=.Ӡۮޫ8Ԩ}ceEuࡳh@*QǚƉ H/ϸd= v3L<cX;=Caî>9ZD7fUUxp˴(5wuK6zao .؄DF; -} -"h]{qӯn58dh' -zoq$T"E:ߎ[8wVdpgDX%-"*"]oo] 7Z.7^wv97.@,bvZ2{I McQ4 -^)xZF&`Mr`&iR. /^F}Lvpޙzuq+9MxmJn;Qoz $D;uq 꺝} _[ - ]rmG7Ќ W5#pV_-4{ Fk8xA pjo:"Jm[3NtƂH\J ZEJ$. Hp~'S  _x.!S8}_S&G -P8b\#;%kj/fh0oSy~y҅PljcADAPWʊT+X 5 bFY\ ~b#_/# CFA)FT("VD~|O5sT+Hc5=W -tAo {BoI062`|/kVy>`re]Q7*Z@i@*3;2*z=0Pf +7RJ %S՗, t!$o2֯EX-&v/q@AȪ*m0QSZCp2\ -#lj"Aj// S-$x$[>KQ+IR&]΋ UtJYőbNhe0T`=UZO,!WaEAkQ}F,jM_Cԣ4ć+r~ 7 5ٜN<4-nnNSQ_,'y0j-c i24mK])%yoк -Sh<:[xYtDO]oqJ&aA>nOɓ=08Ű7?!݁$C0@etm;79o*ߑVZ$biom `t쾔5=kjN>֋(HNHY,cfjx&_tJأX< -e .; 4cRVN Љ׬f𩬻:O`٣T:R_"F(bo*SW[}b%]bfޕ{ z5_JJq] @D:aCjC#zqJ&)n:"wyGy|_ ,B_aZ0VF_XL5Wa=\zG{ew"٧NgıСVz)tW2S2ǑC4C_N}bThI;|Ws=lBK>~0Q!3Ha/NNn7Xj*,J`;QNR%L:O 9 z2 C]+IUC~}FU K39&lU 1 7wF΀ +)7ޖf4aMcI1 U,[nd~ 1@O. fJ5w}G>3ְh)Jhd 0C6a$zY?:z=endstream +xڽ]s6ݿӗR3Bι:9ٝ{h@SPTDʮo DQes%/^q/NXf{"އ npib{x{#R/cY&ʡ%Y % (w7~_\x7qzMЇo].fs.c姇m%ƻۻ+Zχ_.:]\}y PxKPL |gYm.X8®//tv1u8s1 X9X"BYGS h`ʟ=.C%w"3g*9,2 caۻՂ].>Ͳп˽n'{޾AD5ǾzTP2wq}VA<}ғ>"KU+MA3KYjg2І~R٨Z Uc[Q*X@+?H,zP#NJޑI?!am݆ z܆Ă@Φu8Џ-sC7fTyo:y݋)7w6Q@W͋2#ne#.5$><%tF6Gi7+lmfc t0y4S7KQ"VvFNY@0]I{Û "zKm"͜s]G-/k=eN&OCGz^sBmۃEZf%L0OƁ_.蜋^hQܷaAH㎙4PHۈ.FؗByծ_gs po ۖ~ĸE HA c~|Daw#$1B!O +Ǣଔendstream endobj 1460 0 obj << /Type /Page @@ -5977,323 +5953,332 @@ endobj /D [1460 0 R /XYZ 56.6929 794.5015 null] >> endobj 422 0 obj << -/D [1460 0 R /XYZ 56.6929 398.7344 null] +/D [1460 0 R /XYZ 56.6929 172.192 null] >> endobj 1030 0 obj << -/D [1460 0 R /XYZ 56.6929 373.8645 null] +/D [1460 0 R /XYZ 56.6929 146.9642 null] >> endobj 1459 0 obj << -/Font << /F37 827 0 R /F41 969 0 R /F23 762 0 R /F62 1100 0 R /F21 738 0 R >> +/Font << /F37 827 0 R /F14 765 0 R /F23 762 0 R /F41 969 0 R /F62 1100 0 R /F21 738 0 R >> /XObject << /Im2 1089 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1465 0 obj << -/Length 3447 +/Length 3874 /Filter /FlateDecode >> stream -xڭZ[w6~ٗD@ 席u7I(TEʲg@J&.ef03f 5&i,$Ɍ'ՙoϔ3fᨯnΞ$f -jri/~>EZq>~uɸ7/<1ӛp7__T+NLxyk^_~}q}wg7=/!Jjd׳~ݙ:KR,&3k}OuW:&?"`pd\R6K֪rƤGy>/fEV!ʤ&2 mߏ_+u@w= 5OE V3"3:ucEٕMWn967ʖKf|ʡܽ(WۢvLmdH-u3FP3n8.wDmsFU YYw;:,FH $t -R28C*mU:-V̓V5-nS-ۼ-ܕk6ewzOf S"c&ڞF[('#D)?sUۮhA,sBQ6P=Bۡmw wHKdP.6e(<ʼ+jzo}I1dxZgQuEgNm۱w(F(@= NEKכ B Ίx2Xn[ٸ/~ o /,NlO4CE!\]εcWg\gvGV#7 u2 ZmuwͶ--nO'JI$w -:yQ,#7ӫs.tF@gwϽ+0rMZe#wc*2_ M9"6<'! qv>Ϣ{/!5(JHEΣ(z$"Q^=FJpڊ8͘BMv%%@|[yYV98'il: 4x5iAP.mN"w 9<$2ID?Dd Uv#6"&FY)9(j'¤*TvVa\~ -+V\* 컎5:Id[pW - LinH:v{vea(ĢnaRmitAtѝbGΎIJF6e=0!*.6mN(@,QZ -6QD$qRC*f'38N@ ]tw_x##1a - GUKN,^QG.L*'ĦٝSYaG@Lu C75dpJ߯8 <6a4w~'"3oEUo)gR8DVC28~f&takE2'fzeGLf thzef vbS) d [UO *6&>%gsC~IԨ=fi+~HD -P+ZC1 ɵr[.gL #z5xW<Y -e3MR O3,\rR%!Doe[V*|˻eݜIMsp#K)GEDc~aK]J׸*6k5=:O@oCS{-v 'q[ J-PnqЇ$<&rtvF>.O`#:0LJQaBVG:~˳s* -oNkQtfzzG}#c -/=yzuImyI?1 -=r~_*BV|^ƹp`󖿡csQweW@m<6Q'!䍣ɑJ:!pjpG=,;49.S+iEdM +qJH ep. CJ?hlVp Fڒ6vC=8WyKqPNc:;uPcDG`0 +8! |$hAxrۑ wxkX[tb75h,|#f_̳.^l-U U&iԃk%YT/ے +rTȓVCe˺+6Hyr>\ϋPrH-IY c"fq)خB5Nh`!( nzΩ7ЏKXoZPBCK}2.lR"ReENU|E`#^5,*Y-{ڜXĦc"ELEJk>kEt"J@)"HAo:K#МUmC-mK׺ϴ.ss#SGڽ]#ūUyܺ{:l mΘ(\Z$ͶP&yMIt*8.'r"VQ*Ss!B)=L d0r2=ܓvEU[hBd(k߯I'J$J&d6]h % +otۆ䆂=IwA0`ȑ48;>ܴa0OKUo`L0hbelDI)O{/I}?jbqd%cn>*r4'o~(e`N^H>V,_OYI]GsM_Gz{*5<uQ{^Va8؋+OHl5AH1-e"PfC j¨.FhHySz/t[U4y0&<<(HRJ~E" +}!Z$ZY]D4?b +x=l@PDh&GZ94)m[.۝Y0Wdv032FF!c + +Ft @9P&ORyʩ'M ,:=ܶ/T)*%Q&CHz, `=-K¢^]勊npx"M+M>bUlujV<#0eCn}f39ЩCZWf=ΛT-*/:3hR9bS~ H8WLpI⸏^qHG]z +($B񿔛E<( @4fWf4iU 4p2/, AI=RH-yVAt/2h +b . l +WÓc `h+Lb#iӼ_q>\}Fiv&wQ\3"28@B}="ÊC96"*n* q"& /|Q'ɋz?g!eMbv`p,l|ך‚D'*$9p/ }KF/I0* TSF*E!ZƇI! j+-ō-|[FjH#Q">1;?:Hڿ6'IaQC & KS~CV}|N:B%ML̳ V8Z*/ w7+z䤧$aC|XÀN&fcչ,NA߯8.RmmtsڥA zl'2L@I-ϘQ/Ia +U\eSp/bŽp੝ЦEɛ0~cveb+ +#Kfb}/Z1: +7%덃)TI3-G p@GXㄪeHfOŮlKS l5xŃ>G?r@""{¤X O=ـ`9 BS[u=͌s@!͊}Ê#\} +h9=㼠yNеy2~v;|DcX|~~D%ֻq­g܈k>-194,Hpm v,odӸQ9'rW|i1a0뇝D*IbHcX5"S!6c"OH4 4ș5* LFqh9 I8V_e & ]!s$>Z:>XS TM@F|4DzSܗS_vf(Zh!cǾrE mM09Sb[85bBKAa-,8.9g`agK.K{ٖoPs-) i^y9w D 9^z;J *U :B ԡWa54bf/t<(e%ge?l7闞]>> endobj -1468 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [91.7919 268.4593 93.7844 278.099] -/Subtype/Link/A<> +/Parent 1468 0 R >> endobj 1466 0 obj << /D [1464 0 R /XYZ 85.0394 794.5015 null] >> endobj 426 0 obj << -/D [1464 0 R /XYZ 85.0394 601.2567 null] +/D [1464 0 R /XYZ 85.0394 364.9053 null] >> endobj 1467 0 obj << -/D [1464 0 R /XYZ 85.0394 572.3004 null] +/D [1464 0 R /XYZ 85.0394 335.1548 null] >> endobj 1463 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F41 969 0 R /F11 1336 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1472 0 obj << -/Length 2620 -/Filter /FlateDecode ->> -stream -xڵ]s6=ME}>mw^:l/>e3;Dۚ%Wvrw,;J7N"AA3~r"Ld%\̲͙;[Ogqi>ͥfHB/.GbƱwN(q | -LǫI ћˋ?]啮BA~?wg9+T=L\!ěm@WBʳOgVIIWx*&),D/ʒF M49<-5}V醁=nLֺ=rĩE*G̗Ma -n7~@a\RDgs)E2P<IdnFEK0HUwhe,i!v]}q]Y2L'lFjpJ%]qif2|h: Zpo0j35ӵj:Tiic%iqo]a;uՈV<'ۖuCyI`Y fdВBw)6j& cpg ]n]KR"4/ -phouJr>[3_Vh0p޵L'0<®ŏ$`x0(bq.G!duC:⓮1 - 05nbQj4eFLq~Z]nbu7_kcS` ۑA+ʍ ƿ`})p(A[Q ]-*sؙfD-6plS'tt0(7XfBV"ת@: VYdiWH F}Ka$CaL+Mж;g]ndNi`yD"]z#8YLJ0֑)_s1E&cNw ^7dȬU9zp@$ Fϝ}xΏ`>޾? Z2a۴銬6H!8`OM0 X[&dqP̖i9~4ЁcEߛؼ>FvO(Ȕ0[>xC}x}7iŘ'^KZztQ U=ٝp6^ؼFާ&>XvT -p6b8?P-Aa5^rQ&%[-/ vI϶OIP%p(Aiẘ5;}k5Hn 8MA -^޽6zY<!<%yƢ^- un` [O7oCòy 9{vqćΫ{|;ohUfaU 6ë 5i.u~9 FU~vFu瀰g[&WZ3:"p}KS郤7J$di P,"Zu -'a@(>pj$^zI3B[,_0*|2x/*4RB<uyֽ ty= |Y*󓴃d3Ry!Y,}XUM].S`[ D/$.XkSZ^"(,ڈ79.RifӶP0d.W-M۶ΊZ.BM7nt=\ -3 :rG;5<=^[ Z~ 7&*9Է:+pαPr9 _v!떏G_К@1IIX -c:Todae˓6K};Zpk50h+ 89 1OA'LboJ?JF$r$Y҇Y3L` ˴/6QP -hΨs ql:];vtMp"KQsa`u,:L8pO$,,P8Ɩ_?nmeF䕊EC> endobj -1473 0 obj << -/D [1471 0 R /XYZ 56.6929 794.5015 null] ->> endobj -430 0 obj << -/D [1471 0 R /XYZ 56.6929 554.5721 null] ->> endobj -1474 0 obj << -/D [1471 0 R /XYZ 56.6929 527.6165 null] ->> endobj -434 0 obj << -/D [1471 0 R /XYZ 56.6929 225.7428 null] ->> endobj -1353 0 obj << -/D [1471 0 R /XYZ 56.6929 193.0129 null] ->> endobj -1470 0 obj << /Font << /F37 827 0 R /F23 762 0 R /F21 738 0 R /F41 969 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1477 0 obj << -/Length 4028 +1471 0 obj << +/Length 2649 /Filter /FlateDecode >> stream -xr_G95bpXyLN63U-Zmf$R+R8ǿQ>6F7`y.O;6O#9_m-}8!"s3%);@h$Ѕ +q0T*),'ݾzCόMqhˋb]v~[]E]z+rO†[lU!X[bJ(V]URgmvArPmxBE`Ѧ^Uwjr*k)e IޖuM]Ru{i7R3VxFa/P]KUZ h:^95Dbm,?>,&y^yq"*y3AYlWV-K<"//k*Ì]ӶL qcC<Sڂ\Zߘ#-6{WҲ"zMjޤ%1Iy"UI WgavG 4ҙ!nVC5&$3:s몦&UݯBTMsa~jKנ_ @Y*0ς~Mq؀Cm[aL2ORٓܶI^&eRN͒r7Kɼ,!l*AeV.Pi֬"7c R6˱YܐmC`>f[TLff,~ff -MOÌeLv/>6#iT'b2 -/eaQ#04+y&)}^=F!:qP6Co飻+:^s7qvfϽ=b%]ҹy2uк. 5Pȑ~HW{EOrv~8s -9HO}7kꎚͻCkkHG7ݯ ]xOgHcS'29l <-Ԝ,v=; -̹S y<`ڬ4iT5N*'Ir.٣q=HL"u4ԅӃFC$C4[8hal|dHI_iKbh"2ظ鉟Q^p{ȖfӲ]َԪ/c]tl{xbL \Ke庞&6zFSK;術ba`!60rxZC]gAq6Vv{yK~g&n}dLt#/߽D$*1x}M+l:H2̓!aJ!-ݲQ,$ǘ>g -iG!Z"UKb *q\8 Tu-3tjN0NGb F$CC7MFLJiM~|$~" ׏w0b9t-f*C`v@rDH6D~õ2["ᱦ?JMa$7 }lx;JE- 3nQ\_o4:-8.Efld$go$ov,Ǜ(,®9PfC Q"!)!m}&Vd[|}R3o"!E-}C*Xٱlg*볰QY=U^(2z0rNMSxJ*H(BXE8TQ*$fE ҈!"t'JчULBPJg1 R7SQ{DbJǙ4TT=w"sYS뎕ʾ` AFKnNKnAѬAɖ6l{޴C@  w X%*R-i"=+H+\V|cceeb>qGar(8aySsH4fla9=$i'?3(G^f7gn Kk0@{")ඉZ*HkbU6H!#>t4&AQ{=jbM@O}E>>kk5 η qWQwE E1H60_zD1_‰-$2hLhw媺yN} !†w(IKrwAxgx[K3 u5>Sv:V*N遰[Bc(&ڗu9ʃ୏׳4;MG~~NMtvE狈m\{SH1}1G^JMW/?YH -:4 wxe Y戚$R1GasLq1$Ή] u6FUbgFd#3IM'WS E?Yk!'k05 ubҟa۲. k< 0 )t |a -f3Ba2vv2궪.ZہyAqdc;~u~ dL -n ;B( -&b s.OlfglI%'(aCk -'HHfp/sI)H#3zDDTJ'/g匋|Жߗ \_~2ƛI\c̸UGFvglJ1w`|I->CԷ)rS*[|LM=-e 4ʼZ4H` H}NvԹ;uզ}g91]P}3bzWB\&kԚY%5VJ 0(Uτ@qr088: -蹤#z22EAq3TLq xB^jw:0m3S൬zlqmdbE[慶ַѵ6q"5Ӝ#Zl,QQi|6+)CJkIۓHIIKkMdC։Ux؉6 $Sc$Ō^?Νɛd{B$|37tW٭,Z:* =NФ1s"<;WڤCƗ3DXOn ѩ)mCڤ -v\A{Or­ۣSgcGendstream +xڵYYs8~P[L'{'cg>Hɑ ?9 +#%^2@ G-`=ci٥D^4xM;Ή'Nyw}y_7q^>{\^Foot,'t|↖"ODI ӛˋ7\v~rwf/'I82I$}o)ɇv {+eNn@]XJgԄ'p}ⲘjF +kV5FM˶8;M f+QIgYަm^""}zA(3gRt "dRoU3Ngt\=&3UySN|3w!n/9z0݉{5`,iMY8+TN`Jip֜aJL8@Gz_B &4_NF1Z!VjȔу"9~QFqXn1gZĠ )I̽_YqJ>_Yl8"eq@ءVIu2q>evufiMmP~sC@37Sh %*mW K $kyQhʔ|Qr杉9ߡSp9KH}xYm/0p3])= + G{ΙPCrK#ķi퐿K$ehnGR6D+Ӣ3Qǒ~d[Р/0OA'ֻ02ޅ',uk$VӼ= fc֚ \$N; cJlB,P3gW~ &ёD/.1uXRV:j6=GwxHh0e3l *ZGݾz|%CZ{*2S +J \"^@J`T)Vر;*)'$2۽L7L*:ہ0[VyffZt@sia+[t/>Xo A}xҦͳ5(-d `MM2 \kfd8X1 -J>:p,,ML0sh5JTM^5 |keX~KyEr(5*;#0{L&6'f#2E2lO4}L^4Au^Q!wģV)sVkhz0}1;Њ~n^ y`7QQPJxHaO{G;b͟#jD\_x~ |2Fc/6R~y?o̝g)YoK^ڇi/I(n4`dkA+[D~ q;2P"aOUoΣ_n,?3WIX[{OXЋq]UAv_Za@&B=HrnH{endstream +endobj +1470 0 obj << +/Type /Page +/Contents 1471 0 R +/Resources 1469 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1468 0 R +/Annots [ 1473 0 R ] +>> endobj +1473 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [63.4454 734.3362 65.4379 743.9759] +/Subtype/Link/A<> +>> endobj +1472 0 obj << +/D [1470 0 R /XYZ 56.6929 794.5015 null] +>> endobj +430 0 obj << +/D [1470 0 R /XYZ 56.6929 322.6771 null] +>> endobj +1474 0 obj << +/D [1470 0 R /XYZ 56.6929 298.2745 null] +>> endobj +1469 0 obj << +/Font << /F37 827 0 R /F23 762 0 R /F11 1336 0 R /F41 969 0 R /F21 738 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1477 0 obj << +/Length 3930 +/Filter /FlateDecode +>> +stream +xڥ:r㸱 +?U#@dwfSl2=ɩ>%3#HTO7lRzFAqO\;fkuj2aׇzc?^ VY{e}s_mG\9'6$?߽x&Kfe,>ooNn@޿nV%cQǏoo~ջ,LAy˯,Uޙ'd^^QJE_zѰtF8iň"s^[\I8*ϲ|lN4Zχu~ö+!Ro +ce%UKd^I7%\[Zئ<ѽ|ꊮ{LLM; +7"dF_ma±0?VӒrT(3֓t_RΧ.zz͗@^rX͐x^z$M,AT~U: ;jN"hEn9&5^SQpWFE}nv! +;oQ,,msj0(xΟX2)ب _.FکN.mR?Dp;I͒tb0K8ȼ,!lf S9J&p.+t> +cUZת3o\#$m>clIGZWލOza|BzlmMt40_r W/bkRޛ:U?kCs#⹥Ssx>)=)H/s'SfsA"rmP+gI>WC9ȅ;=z?HAgfRx{2^U!s-u߄h64p5>93h.PEn/t/}P*L$vX1XAt};O/k7ɻ>|g ,g^p4TfV#n!Lɦ9b%rfRf y 20٫$^9_Kua fSc))-~< цk[`UWQKMܸqeq)E2Z1 In%2 C\642 FH" ɷOl9wT!b0WBh"b<􏁈?`6YKV䎰lJ%ٞc0`)ñt6`K0n-{~@:E|ޑGhđtIZC3< "{/̍L,!KE8Խfll1Jpz{Q(DȡU槳~g>b]p>P'Ҍ6:?4@xFxe>SSP%Bm\,6 +Fqp]*8G]Z +_إ_5} ƔbUmfe]4. + zJ ubFDJQ/ +4[뉟_|%=GϾEm\ *nf,m1K"K:4L%X'm_@\`ceG74iGV9htb%TL+٤:d\6%RI>ʄUˏ`da+Q*sc>Mǧg%u4ɽϔ˂%!*<=ͫ#YJ+^TTD^jFF~}./LyACڳQ Yl©T&$~h!JBH-߿;疿~[WcӶY, ZvʲP GX:v0R\Sfƀ93Mnn6X؇_ @|n/!胾䙟} ϼd0@tl947.99Xmf+b,yj6}W<qb4?#<821J W4vԾ&lP왋wr2dr srٜ`B(<}a_:endstream endobj 1476 0 obj << /Type /Page /Contents 1477 0 R /Resources 1475 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1469 0 R -/Annots [ 1479 0 R 1480 0 R ] +/Parent 1468 0 R +/Annots [ 1479 0 R ] >> endobj 1479 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [116.0003 337.0934 166.1092 349.153] +/Rect [116.0003 115.3513 166.1092 127.411] /Subtype /Link /A << /S /GoTo /D (tsig) >> >> endobj -1480 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [399.2874 229.4213 467.9594 241.481] -/Subtype /Link -/A << /S /GoTo /D (zone_transfers) >> ->> endobj 1478 0 obj << /D [1476 0 R /XYZ 85.0394 794.5015 null] >> endobj -438 0 obj << -/D [1476 0 R /XYZ 85.0394 131.3818 null] +434 0 obj << +/D [1476 0 R /XYZ 85.0394 708.4928 null] >> endobj -1481 0 obj << -/D [1476 0 R /XYZ 85.0394 106.9867 null] +1359 0 obj << +/D [1476 0 R /XYZ 85.0394 678.3234 null] >> endobj 1475 0 obj << -/Font << /F37 827 0 R /F23 762 0 R /F21 738 0 R /F41 969 0 R >> +/Font << /F37 827 0 R /F41 969 0 R /F21 738 0 R /F23 762 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1484 0 obj << -/Length 3190 +1482 0 obj << +/Length 3110 /Filter /FlateDecode >> stream -xڵr8m- C ga"#,6g,3Nk~bod<3D" pihg v߽zXo~wa0sK^ C>ˋ*"/޽H/\^_{uy׳ێ!YƈLJJ?SݜC8xNʏLHLPc"Ƴ84,B:~8_DA0ˬE1OقH̄pܾnY!3:MڼiY,Aal-_g@yW%$ -?dѹr+4ӡܱ#_ 5(TLQsXG,U4CJ.,-yLZm2O]r>Y - &[#4 p%Y' ._E[$I>2IӬ9xs㼼mҋ Fɖ&sYK=y4e+z౓]|YdcU5a6%RS;w U[US N۷{ p ߤ8, ;ʶq8Jr{N$x=+ߗ})]n!@|8AU;z BEs[0YX8XQ:֯؅L(BEc΋v#^dYIKMYN=˄YNscӄt.)q54. 3zs@jԳr;`"$*f h.hQZ-d ߄hL&8}M~vvpכy5 M`ein,\1BEE 'aAn(%Ӂ('AcܢC`tkD vL̻s-yKKTp읛vcث<ɿ -!*;__1QOV)<ݐ0PA=un9m~|^ 辟r8_րS"zAFPIm|7iJp{.u.]ouwtdY\D:<=IUHC}nļp2@ZH8o@gWݏ5>K1dߏjkq1Dy\'][CȂVb= -O$H\( T&.ǒMJlI^x-s -fX -&\2E#U'ʙ8fU#RTD2"X g\tpc&aG)?\bq"huq# -`JF|Tdz,|s}r$KnbLFS!dt]!\  TB<)HQ)rJ.RY@ -!j #e⃔d-s72%Z*c ݙmӁb$0^&DϽjmxWCV94lB CeXdG]C]`I{\[}P -~ ' =?\VqB03G/qg'z$E`?r?s8x|['mRO$ 1&)/[p0Y}1.+eV>Ցp'jM^B?vwUe#2&r:p}WHkW7YGhUހVG֤ubZ=0tM(Dŗz߭_ 7`wZVo:g($"Qs[ G|tMyE{E` Q/o;ysA]K9 SA!zeU.}༄ L*3D\V.HrɮxI[8 N}ŽmMdohBY/s;݇9Kꦽ"#dB4:³K|p?ix]DExiM>Hv -;\IߚD.a[빳h[1Ɂ–݅,in M@ -$}RQ Z >w -`:㝤j-rUmAqo71bd<'kK97 ]U~4Գ1mhG>" 6q[⮟WI}e[Va<ĥkj a$rC)a[om^$%-z IGE'{ 7 5=\0: Y<{ _>U WX.M~/ҟNfԗ@v57Gv4zP#$([g$4Ðo ֢M/Pq rL=OpᓦbmfƊ DH/h5q;ѓy fM,"wbwZ*&bEPGޅjܺ(1t|]B—f3Xr4PqlB#qki w EbcmC] N/ADÂ8& WQ#ZIIҁ<{z2}WtNԺiH>n7e微̮ rlGr3enf$V#:ɉQR$Lx /2ыL1%\9hEŖk$YR,PdL{Fr'~ g'$֗r*KLj㞪fPHOe0(h:&$endstream +xZK6ϯm5[x`|rqړJq$eEn~@)RXgkk³htY?>)K3LN-7g?a".ZW}{y2"]^hYXgw v +ϯ^7΍_Bd/g?[x MƷ/_}G# śW/_xvqݥ_HwOg'Ydf : Y&f3%J8>{{`ooOSK%/o +w ,彥|i8.ΈR3 \qdBތCvpOsn|d<+6U!"/OhO>ʘM13vN DL47}U.sbpS~=xBFgP;_m +LExD[ }0Ee\Rԛ<ܜe䃄`2Tf1S%!KG}InYE +sn?cj]Ac%p~ݖ۸Hnhnen⩁N޷ +ϰoifI)U&T./_S3e [>bӾTǭnoZNVF?^PŭǮQZZfcW(nw_˫[Z^(4`rv> 2ybGz6eY5=[.}}E +,Ңj,ǫc%1a0oGoh;?PTea$㞊TtזQƭ2$"i G"NW#E$ƒL2';=V*8K,.V DQGJ Ecih%_nM O9Z٩2ģSȔFRjWL5=2ޓu!d +޴jv=cB7\w%UTNE" &ɱr!pڪ ݣB裾fCA&#LK^ +Qg\ٌ'kl2\Jv|8vbFޯB[Kq*M{T uHCNJqƭ᧝1LbDX2W@pѧ8Z,('=|wŋ[B(%g-RF[A?DC e %A!\.~ +=uaz҃f2(Ìg*1'>Fc?jଏҶ2wkԒ:b)[a)',4jOT'fDB`o3vwOrf][uQ)TyLvaR!2a,L1$4# 'T@@I)x\iT4 Xb9j꿮UqcAP?Xte|*JegIT4F ݙm^qŦt`9q2BGp8K)?侫JCQ"Ju%G)u$>A%oCc+NwEq\ʻ42fJ[;szVŔ*$&4b8v%7 \TYHȊqYPlw{D*CBKx!睜[V7WvөhxR]1>{'yxWM`eDbË+גo*+gԄAt' EoԇGT0Y"t q= ӊ~*, +sqWHt坤%$M=yP>L_nVDd:bо +[xܤM}rM8L;| {֊.J r7Q{endstream endobj -1483 0 obj << +1481 0 obj << /Type /Page -/Contents 1484 0 R -/Resources 1482 0 R +/Contents 1482 0 R +/Resources 1480 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1469 0 R -/Annots [ 1489 0 R ] +/Parent 1468 0 R +/Annots [ 1484 0 R 1489 0 R ] +>> endobj +1484 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [370.941 719.9611 439.613 732.0207] +/Subtype /Link +/A << /S /GoTo /D (zone_transfers) >> >> endobj 1489 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [432.8521 242.8671 481.8988 254.9267] +/Rect [432.8521 73.4705 481.8988 85.5301] /Subtype /Link /A << /S /GoTo /D (DNSSEC) >> >> endobj +1483 0 obj << +/D [1481 0 R /XYZ 56.6929 794.5015 null] +>> endobj +438 0 obj << +/D [1481 0 R /XYZ 56.6929 621.1286 null] +>> endobj 1485 0 obj << -/D [1483 0 R /XYZ 56.6929 794.5015 null] +/D [1481 0 R /XYZ 56.6929 596.4653 null] >> endobj 442 0 obj << -/D [1483 0 R /XYZ 56.6929 714.2819 null] +/D [1481 0 R /XYZ 56.6929 503.0496 null] >> endobj 1486 0 obj << -/D [1483 0 R /XYZ 56.6929 680.2498 null] +/D [1481 0 R /XYZ 56.6929 472.6121 null] >> endobj 446 0 obj << -/D [1483 0 R /XYZ 56.6929 416.0284 null] +/D [1481 0 R /XYZ 56.6929 228.8106 null] >> endobj 1487 0 obj << -/D [1483 0 R /XYZ 56.6929 384.8057 null] +/D [1481 0 R /XYZ 56.6929 201.1825 null] >> endobj 450 0 obj << -/D [1483 0 R /XYZ 56.6929 298.1249 null] +/D [1481 0 R /XYZ 56.6929 122.6867 null] >> endobj 1488 0 obj << -/D [1483 0 R /XYZ 56.6929 264.0928 null] +/D [1481 0 R /XYZ 56.6929 92.2492 null] >> endobj -1482 0 obj << -/Font << /F37 827 0 R /F41 969 0 R /F21 738 0 R /F23 762 0 R >> +1480 0 obj << +/Font << /F37 827 0 R /F23 762 0 R /F21 738 0 R /F41 969 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1492 0 obj << -/Length 3795 +/Length 3512 /Filter /FlateDecode >> stream -xڭZKsWQL$'y-9ru"I{DCʩt|]y1M<~|ݠ<'m"""drZEw#}r룯uz3_ߎ"V_or˓J'Do.}KG?;ӓ4^\_ȗgggޞ,M$W< /~8w?xzy~/HF~;z!:aEB;O$sx}'Z$ցR]p_HJg䱔%H0qhqJ(Z:+CF+Ezmq_rt>݆]CGu֕N^b_v͎ǗuWlz% y{v6#*5RMͺfN"2NoAvMz%[07U {yzFߛ8?l˻ڛϸ˪Yo-rk8;gf_}5SG@ElpdyVhЋM - d)RՁ\SOT0o5s0k:E+ f)p0᜜JfWg7rWB|>fUIh"bC+Q5]eeGİ84|;.@+I9jQ[^pD֙ ޱOzsQ$acSsf؂mpZ4BRq -&?j|%Z7be -(>FlҿliF5眚J#EjEN뗁%|ᕍ+/_(Y9Շ_a:_IvƖ)ņA5I}`amՇ . Rh?Na-5!cO0"1N'B/Bp4e,Ul=5i,1ZDڪC˩~u4J `roI ٞŎA0C<4}bzu!\74DC@h8cs;t&vr,"9p2@!6)V,<'׻8\㨦OXhO"WM&Irldc -LfFc7J)%eXh2 {qvNcM%SRn<›@CuyI$ZgXȩ3Jڪh[1m=JЀ4,Sbv|22A0 GE$Y|ٹƯAfY"YIGRuJ1AddbK5@ ̬)kn65YH19HŌ- -g/y(,)J)`XCuKH 2Rjw]XK$ׅо9q]TmKV1ȟB%'̱bV|Eeto=_LmMP@XvIv0\#3*71P +Rp^D"HJl|mMG XCQU@PkL$x7[gwX0#TU"1CC\L]|R3 կ(Hi,m#l0 CŰr()W0p#yǖe#G6~fFθpj$ XQtlk9xڗUEbtCԍ7XA RKl~yN( -SǮ@dJ@ͤ5_m@}df -18;Bx湰J ꁬ+NzIM )vmd=ϳ&+/\jD"lwM -t*HLGJ -𴒃GS8*]קlinfADь.hc`X2eXx\g9q5(7P|Uh115@pN3z8ga@P"k|ZQV*?&quMY ϓ}NJ:N$Q>Tb>:8(/tùS'H2=4 \QUJKtUhlˮۃ?jemU !$P2^׺^95_yb&B-CGZ DdkF%fRrA<1\ MӶMcљin&KR: W*c;S$3Svk L!%zzl^S?3It3VN0{sਓ16q1 7 -楻o"Tٰ_o(ҙ0JݢX 1n6Zeg>(bȯP wt §g ÆTЁWH[ ]'6kS8nBɪ}iu%!oSY#?wpNH7TЗJZNdEK_ D_qY5\Bt#X `=v/LPZԽX{5*C0'~,2x3HB!Hj.DJQ:7{>|x_kze5slסkriߌ8.P,lei%ŮB}OqAQS!m~/XH>҆#Lƽ%Ǚ#@I/| ?6>sSQGS40!'Y/B4endstream +xڭZKsWJCAޓ%:T{ ) k9˩t|ʎH6A4ucy<~Lxׁ,8oߝ rV^<}usHF#^$8>z|뻋ԁ+7C?~8n@w7w__D7_?\]|zC~Ep#}g2>?K cyujP)Rݟg8j.O׉(Ւ#PͺK:.VJD^_kO[j%Qym=|ڜ^+Z#A<~kj,c>ԎWL-`>b%ovc?gCxzߦ-󼦦MS@Sfa@ymJgᄄ2ݗ/ :> X@zY:1x[,sSt{: ;xUXh_rQhK8PHknH5v'X8nZx\ߢ K:Zӥ&"RmדxJ%SSku(bWf=0j_% +'#ɟKm}mX.n=]vdš U,M_vsd{>V_4]%;fi;#o[/Skwexع:5Rx4r_VI#*I +Zqa5pneOlWVz<H ^mΖOÍn-JV -!yR&f0#&4ˊxοF<9 a&Xd҉L:Adrʹx즥~aF%w]Ӓ>tD1=K ~5"=r짭d[}NY?p* @Ue4AORTLҲ9BD`U W2cN݉TjaWnE +kP5F[G?}rpaw~1hH'tz ߒ6"<O-:;;7#fupFXYDH|^ }Rĉ!9C͌!`b3fG6NzTۢ21O9MN +fiWN/ pz_Ҙ9rpAsQu:@]_:CǢ|Ƞ$j^ .lW+I?v!a0h M+}L^Sz،Qxl„њ7qL˦Tx:fL>p-WCyvk#[@0C 4 9qub+l31b@$-b̤)%m, +B?C}?tjnuN"d:]#QJX%mf@J"ʦ~PjhtQw=.qZxux-Oi2̪zh%4 x.tso(@>6N8 xm{bQɃmU b35GRz@BcD| J5=TD࣊NAxv2͆ kecGrCeחeT$dq"f!\g ҳԍ +ɐ@l,͞Sb|axJ0^l"Ⱥ횡煉<,Pp#l<Na &|rj(r) _$&#&|$gzGO!Am{k}/H9D?Cn;j͙m3ۦ[r?_(xL<].a3n4$ۛ6TpHF$Rfg\F_%x3LBWki-Gi+yHRDĻAвmj/ +]64VlH5U:p5B+Ip)d'{|z3f1+><9˨Uǜm[ʖ rE17WU0] i<[Jlm$$M?⇢]H!rq1pe-c\ :,82 O?FxAـuz%>lN] a@Ig!Xڧ^ +"rsN%ZF+ +YzYIF [y ^N~ 9D| ^=_qj&DRɓI8.O-Tzdढ़Kl7] $;c*hᓝr ԍXIYќ bh?B^Z'ZJsCT#lgb_/֩DKi4-/Oi;{jhbI$R~Ya:9KR_%F%ZKFlwTk\:X54D C@h8ㄢ+,:u2R&f̜ OE1ѬVzxKr n5 CVo/e&A/6٤g5҈xqV +vRsM,Y4)q;>k k&8~nWB@^tyRU +H6y0XV4 uQ! 0{^/&a>z V?KV_ dJ*"A Q$" zIήkvk~r=W$٘#mg6z=RL:3ZŔ?P%>3kɦF? 3fԶt%%=aKbOt#VQ)V>)R.qJg7YC*P\ "R}4뺰H }As⺨ +Rd JMC9ŬCTNM8)r5rzm_ +-ߣabŒ +1o+1_pV7KD;-x55LKzB;/x ^rMvVCy]LiM[Ww ? }/1\ݞ +"?&vBy|_/? 1endstream endobj 1491 0 obj << /Type /Page /Contents 1492 0 R /Resources 1490 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1469 0 R +/Parent 1468 0 R >> endobj 1493 0 obj << /D [1491 0 R /XYZ 85.0394 794.5015 null] >> endobj 454 0 obj << -/D [1491 0 R /XYZ 85.0394 769.5949 null] +/D [1491 0 R /XYZ 85.0394 589.5994 null] >> endobj 1494 0 obj << -/D [1491 0 R /XYZ 85.0394 749.4437 null] +/D [1491 0 R /XYZ 85.0394 558.2024 null] >> endobj 458 0 obj << -/D [1491 0 R /XYZ 85.0394 672.0805 null] +/D [1491 0 R /XYZ 85.0394 477.1589 null] >> endobj 1495 0 obj << -/D [1491 0 R /XYZ 85.0394 641.9666 null] +/D [1491 0 R /XYZ 85.0394 445.6025 null] >> endobj 1490 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F41 969 0 R /F23 762 0 R /F39 927 0 R /F48 985 0 R >> +/Font << /F37 827 0 R /F23 762 0 R /F21 738 0 R /F41 969 0 R /F39 927 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1498 0 obj << -/Length 2919 +/Length 3745 /Filter /FlateDecode >> stream -xڭZYsF~ׯ`e*׬DNVrAB=8ͦ===__ʙYefITt؜'L򜹟4Ll2nV#^E,Bn,V9p?^wy\x}>W\pIԷ.޾xw>E* e㫫owo.]^}y˛~/Jq# fKg"֦Hg4F6gI4~>[p4^ OXLLؤh05q5RЊ"m+oWn6M"G"f0!N"wCƼ>K3Ey/L~Xm[ -$i<(˝mۏnuvS>rgiۮˮj?l,.^?G~lv놚ߏlQ¿~l3*?O8(=S*+zzI/mB84nl/0IX)`J( -Ԏ%ˢgIm`w[yew.\fE3gdYݕsm)Wdvkwvǃug"~#j˯bNL6XRy-˪DMux>5Dmól?$`誛n]W-r[Kzxfvkyюv-3~f߅~WFsw+3n6uWz"uqϩuJ\`&=4V4O:({ H!>pArXkmMdv 11itA/ri&.+N& jEcUǓچ 7e@ږޜN?B,NXB#3!4*K 1QY{("{1K&ir*Ɇ{DĹٟ(xJF\d*?Lgq>ݬq/m^@y&U! μ H8!1ԁXsSXÎk85Hb-fDٟ58 a rRf_[9O idǠ"2y82qX?j\id7LS]LZGunBn/'Mۦ %&r"qgg&"j4r<5jiW%DE L|:>I)8QZMX]cVe1hEWu?֧mC9P|B[PGʢVPvBEW?@š)Є=C-(e*iNoXGF˲+ 2"')zO4.P%ַ/*.H\f`pW,xIBſR9TӾ-kw)B{ゎ-_LaUdUNX<$gq -ݡhBuB5!s-M D,8/ru }N'v['$Bvu6hFҀ E y {AF }y >.\-3wrtp8ݛ9_Ŀp9T5 4.#'=8}'*H֊SpN>+5Vy$qS Nvp-x2uwOJ8n==8d٨]-'vi5|\NJ.Q2L!$ u!1H&^i<.Qn -ʖsh s+~z*``K{tq&nz_]R@&Rm],Hvm5y> G\]{M{@.%fv9'8 G:xgd9>feIbB"%I;P'j!NxS3r.%Kr4qU?]-P EUTKCbK#)`uLEӒW@eA]i~%&>ojpsDkÀ<${w|imdd,}:yzP԰`wDѝ)3KPY?2W̳"0&qxs ww^sǑT2dQ3;L ֥{c@v>ޭ>C} ސeGf߆iu9B[qM -7tXʸYٱ*zIR=nOd=C[.:!ck^vcQ$Oߠ_DsSW4R]_/z IϛZQxgl)b{U>~6v7@ȀTD. qI㒖PH\w<Ȍᅐ(~ JOi>vzbuIrC`4㥅EXUs/W}N`:K$2S'c?P(y^ a숤fi +dIf=ͭNL*j{w',t7'}SLfכ "IB^?,D&g!]w?;?򇫳4?.ߟ;[ˆśx}2շ4b.^zsq'a/TF~=1=]ö~&DX+O'ڨhHsdֽ=?&Re2rR$S0x}W2hz[u1y=S +ĽזjͫDBڟCr3T{& !t⦪ZB"&bQm82q-o.7&:5-Z/?W}}V!{PնjWH:n'nOl.Rd"Hz}׵뺽wb{V=MC L v1&0u97e_!H޾!$KDa[(0@`Uєvd"M:ivޱЦZwH-)@A/kNRT=4=nG{8򦢡p`8A^ã@m_zAf!RI ԟc:L^OW*0Nrˋ_E\(N$"J<y@HO'6W_hHv,j SUH 7I|EHێI?]2;s_WgV.:f,Ny1*ہ0Ru"< ؞Xx:BfGգK0m<sƳZ6t}l9OUrS1H2Qxx +{hEg82p+רyJyB8H(FvdO" LHGЛzF)!$.8Kn*:J;ے_C9iiDh`p'6Ӗlu0>2#Gm}(dms;u.'7UaT;~d}}aH~ v|QL=ҟNxTGBҸce&{[/({GX4W@=fl*]xUg8NL"d_ jë;\pFa58UޮQ\Up{&J+=WᡣHK2)vmWʇΏ@C#vsH&5 +|,84eɘ9Kae1#Tԁ@-"9m +'wݡYCL<ΡNpKn1"QQPd%G-X*J#bhTL:ڇuۃ".\P/ <$$;-D8REbffIyE݋ruYN +iI;,ϩ'4C]6/1H*!R4o"fO}RƒrFbFōaׄ7 Ԓt[׈߮xfG~šnmg"(jg~F@+2?J1\ܸzPCD 4^;{K3+DQ6X{'y!)ExiHSs}in}B.smpG#\8) BP .`\Nqǔ{8VY`0;Z`NȥW{vax74W\epB\-9ꐕ=)Є q}q[V/& )s_јuk.S\Fw?ᱰOc|G eLI":%y.wQ8@K^/Y:XäLqj2D+OAq\0@`KknTp >mѺңKp,o8|# }T+?-efn)(ȓ=+wFK%1A."Qm^ \11>-qHL g~qz&F[pBASM:aVgJ *YڥxWI!yrѡО׷u1ch 5’kfUtL[{Gn}W:N Ț9k%&E&ļ&OvșBLǎ5N17JzY#&sb)Y#qsjSt55=ui_`WB!M$< >13ڝ4)K)gw/N Ȧ"ثe73 n1yIG\iÍ\JpflKco>jg(Fu/MBJQUKFq#ByRܩF[g0:2FQ>Dw.UNl X<8/U܀ +HXn}^Tzp. aOvW Qi o06 |I +^ vŃesޫIx]k<#_t/7z7"\-%i5ݎ[ +/VTF%rZN?+ +zp[嵳|qƷ4 +WEi{񓅹Xfv9vT}vw(_ex&$nZ`_g`E3k8nj 5zBO/`u ޫn`>e\8bҿ~?2= ܗB1`' ~},l='|D+id`mwuS^2xO_5'\ſ++<6/^b;SCғ=3ٕ ×(21D~rv#4(r;'V|nυ%^ 8typF/SH Oo wzOp?1 ɓE"aϭ,{ $ϫJ' +*yb:~۫12U 0SxysSbendstream endobj 1497 0 obj << /Type /Page /Contents 1498 0 R /Resources 1496 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1469 0 R +/Parent 1468 0 R >> endobj 1499 0 obj << /D [1497 0 R /XYZ 56.6929 794.5015 null] >> endobj 462 0 obj << -/D [1497 0 R /XYZ 56.6929 769.5949 null] +/D [1497 0 R /XYZ 56.6929 556.3829 null] >> endobj -1453 0 obj << -/D [1497 0 R /XYZ 56.6929 752.2115 null] +1458 0 obj << +/D [1497 0 R /XYZ 56.6929 531.854 null] >> endobj 466 0 obj << -/D [1497 0 R /XYZ 56.6929 622.2614 null] +/D [1497 0 R /XYZ 56.6929 403.2414 null] >> endobj 1500 0 obj << -/D [1497 0 R /XYZ 56.6929 591.5303 null] +/D [1497 0 R /XYZ 56.6929 373.0976 null] >> endobj 1496 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F41 969 0 R /F23 762 0 R >> +/Font << /F37 827 0 R /F23 762 0 R /F21 738 0 R /F39 927 0 R /F41 969 0 R /F48 985 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1503 0 obj << -/Length 1241 +/Length 1343 /Filter /FlateDecode >> stream -xڵX[S8}ϯ;#K|(X: '8 ږ+) ie%vbd2d|wɖae.4phq>0j`s>Lo0lϘ A`ϓخyzHn/[5<]ƣۋ Tj|~ss>>|&YZ#67Dq`B' \c):&6u;t= 6VK:tPRBϱJ?Ϥ  -sX.0Z4G#QMw\xk˂*[)7U32Ո3 -T \5r9%3['DB[%E L5$ -WР폚S:S]ٝFcRm9exQw NS+%p'Z/L'f81׺ڋ[-ִIZ^GCXde,ñEqó^H؞1G 6-C~W%Ҏ„rϺHq%`2;Rk}vmTn>EF2cؾHF2;|G,hUx&wΎdkZDyݽjWiIKcw$KmI"܋MfMT~@`}XN3yk%R+6#N >jT͝ҹ;!aӶ%q9Ԙ%|3.;Gzgwzq}D-uteDul -BZ?gI::Iz\p@1_*Q6/)) MLcJ+r9H ,iwMA̷5`.O^)+QG .72ZN1e )jD'n1SJ,bo3i:$ NEzEE߶`x^_-\<<d3*<4\3]>zH$Qt8.O/,ۑY~G/k}+E55lr=W[eJ{0aFó8n~E}5=~ݺc"裼L6u]XWT Cǭ`~^0}ho3k^Dw㾤A,&Mo9bfhAfvUıWpZ~(ÉU ]Sޞ(q_^jA)kg5!wyss/*( ncz0C_.'}@Kendstream +xڭX]S8}ϯB'Jn>L +hXdҥ}%Kv`؄esϽGP0t; z^edCfy n*Nɢ{hT]4%!Ӵ4.ؽ(bU(iЗ[QK:/vA¨w%-|0ڪ{p &wG)lBncH=Ay\GHm|(Ug441*%׍6QCJA󔊢QKUi6XQ&32OryP gLJ6eq},Wս}i٫FzEos#CS#IB}ւqMd y>h-͝7GˬY;$ksx00j6Ry{}߅_/ C G!| 6o0endstream endobj 1502 0 obj << /Type /Page @@ -6306,25 +6291,27 @@ endobj /D [1502 0 R /XYZ 85.0394 794.5015 null] >> endobj 470 0 obj << -/D [1502 0 R /XYZ 85.0394 540.8995 null] +/D [1502 0 R /XYZ 85.0394 325.6109 null] >> endobj 1377 0 obj << -/D [1502 0 R /XYZ 85.0394 513.5566 null] +/D [1502 0 R /XYZ 85.0394 298.3249 null] >> endobj 1501 0 obj << -/Font << /F37 827 0 R /F41 969 0 R /F21 738 0 R /F23 762 0 R >> +/Font << /F37 827 0 R /F23 762 0 R /F21 738 0 R /F41 969 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1508 0 obj << -/Length 1201 +/Length 1144 /Filter /FlateDecode >> stream -xڽXr6}WQ P 'ǕSg'U'WIfM Ŗ{(HYh8b.4ӂTMڃ{?@74z7zMlBjaK ,ꎃ7 #>^߼{r9`S^1.Z'?^NF9&^~y:]VBBx2f񴶥i/IfȗL|e uLYQ0 4 B*I4kg ͇ 8@ ::teZ܁w#`P@=q?JY!{ƋE7LV 5M]޻,$Wh/pp& 5@[ I -HzDG_-S -!gL|u]+Q<nK=\It{e<qD)Bbby0ƶe/9LĥVn_zE[>v"ry%sD-:|_/\=ΣPBs/K߄`$>X<2U .k%ȼ'$vKjEF(5V3ZPxU_+Tk.RuƆ4 Ba\lE}%ώxPu8P^}E -zE?Q*xfݷ5z{iBxDŽI,Uٹ#N@{ٝ{oS{.J|8aKWNa|&d)OHF,*@=TBj,CQqTX4w -,rWuNb_T6jc۟ڦ{zAJp2LF\)$6 b@]&mi XǒnE/DŽD juÎTWQDmz`$A/62J!V `OףAdVwz6u:Bà jR0pGNLlHll6&哮<ؐgP"lAJUCO{.و]pICŕn h8 -T*34nUoendstream +xX[s6~W:#ݓ9ӓR2bˉcH"߻6pЙvF7ۋvW"?v|\¶Nl-t֮zUWƽ/MW6jX=h`A_|ct>p޿eXF_x6_|x8*OŌ_4b8?,uyn|Nt-?tl=@ mֳlۖiV3qozk 1h=;:@0 + GQ*{є<0\ +btV4SN}V AY1"mE$J%xrH3(b%+X29M4Iae(q(Oў<.: - +8G@|v[(dE HP +aP:WmWGF-\LΨT@:Mek R(d1-7II(;2TdJ[Yl~Ȗjz5'ӹJSuY5w]bGia~X/w]Giw&6-Kɩ32>g CRQť;"=z1Z"Lo-OBPU~uj.Cנ2cGRE3E :($iD |t \*eɨz&tZp@DB,'8}^U**J )i8Rބ Dv%졤Q-糹nv-_UALTILvk2O-J@kLŤΨ +1D Omć0+pO?1<P~n|(> endobj 1512 0 obj << -/Length 983 +/Length 1089 /Filter /FlateDecode >> stream -xX[s8~W:#E˲4KteeD⩱%ҒcSSnI'||:2rDT6d3k2o 5p <O4n)qBL͛: 5A_EdwuA]/3;~wi2lIO'߾F7Πȥ/F4IKc8BԤ . Xb6ٔn,AƇ4Ǩ Kx6. -ř%4UpB͹ rK?5\eel`T@ЀxuDT\XsOJqhe0*a@(ɒWОۛ= -̒86'("xCݮb#J~? 䃧(QUn('A CO^g0ru]{"sj9:ZKu;:+x^DORƫ jfN+sOOǁ򼞏PiVX,/*<GG8*+#:"q(6n^Itd҇pp UeY1N -!-XfT !jGˢMVup3mN u|y_vhRM쉽݁tj&cOMI[Yf'U`/-XG-ܮKΖ H g rU:ŠܱJ˜cxN3U!qozBCRM9p9r8?aA|58Ik($ߣ5A&ބ`9rNۥqr6S/{%/czA<?QnNSO{:sJ;K3{|G|nFl/^踴ó}KរҺ.>o9K39o9%LJxy ~endstream +xX]o8}W䱬dqO.2avYA(%&$Lleu>BkJFZck;3p.\fh@Νii7`~8Pxsz +cϮ6ãMYQ4 \#IٞLc9!ꌭ:ꌟ58Nי+Բ,UR$УalVL3#ⷘW<' +ٴZܑ#{[rNX8͌e|ԋ,x8Hb 7(Uq)[pdZT/AB,j?6fnubp.d^&` +Vcw*,Xѯ8=> endobj 1516 0 obj << -/Length 3535 +/Length 1906 /Filter /FlateDecode >> stream -xڥ]s6ݿB 9}J$5%˵}%"u"G_(x\,b?酂?|KS.ҥbRG{6Nz2-WЋ/OMz Tu?\ߚL%_׷tw)yǷ~|z{2ݯV7߫_~Sl+ڲOR]frM3gmWNziJfFF/N,3g[cMRQJ%][4Vc?UtcnCX hyŭqi鴛̓jqR%]=\ -Щ^ڤ>/_yٹ0Aa zT7rSu?=P'8wpwc=Cݷ.E";lHV}Qϰ|F" UMUdh=+-vL[ mWӸ3PR nS= -[0/L5(ln`/`6NlzBmNzڥIk FgXH1X5+lP3mAe[Ƃ']r!M[Q -);&IeتoN%zL<]|!Rpd:-nBs3ل/,+L:ȳjYQK^aT2&PdGtcgVLrտ y -^ ӦعnKXЈUs E'pO=5( |MbPf=;C`aNMP#CC?7knA -X;J1̧%ރ28K Ȫ70TaLs+&6;<Ðj Uy_1J`p>KRcy3!6gZ|PQ(>rdoD%(ލL!L8',qC6eEkԒNrɆ>C=(m:V?fT1q8|9^j1u6^Bk>SHU6+*8R@|7ud܄{d0j9+>DS1X k'ӹ$AdHIkrʉ0` -$zl†O]Pd9JC t /ˮO M꠱\BY6D9γYN+?zw-z -\T>-Ff+Hz3(RH-?}W!a-J[_C*>TT,er} iQr³ )b6#-pO}|awB*3^2%*a/u;w|ꃣ1Ͳ=p5v?`9)D1&CJW}pU3ku[Wd9Ӕj#~+SW0 _vc-m&D7")CyWfՁ|5w%?`3kpS'/ -&=1 c;p%J/72\קe : -E#Λ`V -p]A1p1Dv3,Ӏ3A@1QًON&6ϕV.pT8LrM.uχ9<[)tOƑez3}@c=e*)SgQ1:B#rIU8}B\q -D|HtE4h_ɨ}]<6у80pARB՝c)64}M1 ҈~i0ge% ߖIF] G~ӰW!}YR RC?ìf'߽ѥ.cvӀ#wґyL+}q<7-."j&6JPҁY_J|wUT"R? jxXVo9k[鮆u嗝i=5ҩPVgʗ )^,2U_zA)lanS_=i -+_q9qR.8ɋ%Zc y`&t%}'P*B{2TJ,>};*٧es|̊}Y!Lѣ{䒌Xɪgr. d艡_r|%>_Eg`Gv Xe -5'DFQnA奻xJAgVwL˝{vW9'r+Jbœjt{{Bu3r͑KTwr}tၱ-Jį6!@@&Ӱs8,C3I񕩉ß^l~Ižwk2dy4]hr{۸Pz(V}@?Qu3ʶ۫T8c6ϲz=p~t(fj{U.Q۶3;g0z3Nе~Tj9n{"OEZР<̀l QFotcsT,iTScα1#Ä[a,4GqrϮO8rqjw4b"g' x/JbPMbQPsHO5[1^wXP^+)偢'W@R[. +eM1i}U$-XeܴnȂCU3붫|jP T=KE,Kdz/;0Dȓ0 b܌0 ØI<塀]E X +K> endobj 474 0 obj << -/D [1515 0 R /XYZ 56.6929 769.5949 null] +/D [1515 0 R /XYZ 56.6929 541.2091 null] >> endobj 1518 0 obj << -/D [1515 0 R /XYZ 56.6929 749.4437 null] +/D [1515 0 R /XYZ 56.6929 511.0952 null] >> endobj 478 0 obj << -/D [1515 0 R /XYZ 56.6929 749.4437 null] +/D [1515 0 R /XYZ 56.6929 511.0952 null] >> endobj 1519 0 obj << -/D [1515 0 R /XYZ 56.6929 725.0323 null] +/D [1515 0 R /XYZ 56.6929 486.6838 null] >> endobj 1520 0 obj << -/D [1515 0 R /XYZ 56.6929 725.0323 null] +/D [1515 0 R /XYZ 56.6929 486.6838 null] >> endobj 1521 0 obj << -/D [1515 0 R /XYZ 56.6929 713.0771 null] +/D [1515 0 R /XYZ 56.6929 474.7286 null] >> endobj 1514 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F41 969 0 R /F23 762 0 R >> +/Font << /F37 827 0 R /F41 969 0 R /F21 738 0 R /F23 762 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1524 0 obj << -/Length 3218 +/Length 3494 /Filter /FlateDecode >> stream -xڵZYs6~[$gTƞx#-QTHʎo7xd"4ׇF3|IfQf\ϖ 6{,<ѢMd43 E8{XƊ|y < .:donnCwntu-U_}{}_Ntxw5_}pu.m}9?f+P H `7FvJ@+)}ŏ̀Vu~Jā 2B4[b+F<$1]pe8[q-pe5} B)&k4HArGM -|Y%[Q55~ż(\mROX>epj._*U?@ "_)kcHf5jWW|ؿvUZ51F/ -ڏHĎ'kP;fWT52m[١S1:Cəff zIfFH|b.JjYnܾݼPv&ZY6]-*V:9lqj2$0j%!XWơ(]Z WIzTuj:}k/Ihɻ0:aDt`,EO 26!Ą(0a>%uV"߾xrӄ '- XQN*9" |Di%hs0<_IU4yƜ0Ǿ , #j~Eb@j_:ɫ tfUSmF7{Vc|MqEŦm%l׮=ŵ$Sf+W vKՏX IF[Wo݇ۀɳXZ#qr>= elaEJ4X{mW4XxL\Ե|&k*Y_ B-AH+}5l Vtr'8# PbYS@Q'7 - ϱ㚗Ēlt1֧f -񑊢Y;JCb,d - -0:Dj,fTo%/ Ѷp\q[")H< h jD'u+ ~Yh=Fc&x6>nf?ubAC"ѶЦ f AbE<[5k%@hRL!0>L)oFquL+ UEe_K^P/v~?:u/ֵ& *>&*f+,Nvlz<$F%F@*Ҏñ8"CuZX^"p7'Kt a0YYӾ,J\dƅrm7bCM($B#*CioMZejDaif"PVt"^VTBcH /Pbم%?]+7Gj8T\Ro` W jcpL[4h ]2+lf|tWQ*G44`SBQQ4%q{}!ȴ>UA"n5//}*PJ SEA@PZD].hÂ9mrMRT0pBCPWoOfee;#DJ*v -E0@8vMЂ."bR(vM6-tYPYqf޴os0a{T8a;=Bd;K؝ ѝL-z !͢Mtzilrփԁ+qħ7T#컸 =MbՄUZ-l1áuM0|kcBg7eYU6VaGщ?p\RyyTA5 |*9c F6PIH.,[ThTG?qHA:s5ͼ\ -l}A>!c k0]XȓXsg4XH9 -MPd04`#g֢ 6FiuvC5"@n!AHeppszG"PFhap i08OFḟ8 ~CuFhצ:詺Ljg${O4¾7a.om-7aF$ބ 8ju›?pϏpFQ:'`i)߉۫#ZTxTGO CALsoFwM*wEm"hymqB+ ,Ӷo 2mmB F[jm -9b-G8^MoFw&8 -ux G -Ti9r߇s 9_[)Xy3 GX&mPd8$x8g`զ: ?I^[ ӂ4T#LjYO>yhMIWQz ~~ʆm 9AM [T T䳪8ua 5wXa4,Ö~gcx{>?yёiˆ 89{v4|3^`TdҝY -㞥@Lrm휸vRJα9mTO䝳 b{z{p_cq1]ZUG3H?bwEuTʬ\aO_*h{+,S{6{[:Nx%Fخ=Ⱦv `@w/w ).,khՀϵT*V+{z/Oƞ!& :<ƴbUh~+ʚJ iO's ]ӱ-Z7䍈@FBZ>ҶlD앃ujr54B )ƌzfqHCBˇTyI;/-$sWŎʊ{-`a`K1yPEeׅk@m N}WjZTB/E}q8%^5,>jcJXXŏS/wU.yB3rbܡc_/endstream +xڥr]_@U"vN'y-jRIE$@קA-j=WOwO_C=Q'$]BMÅ10h:Ż[N8OL2y\ bez81z7SUėS蛻os݇=\_.zt臛ۛ7Sy Ƅۻ0˟y2Lrqh&I>k,vOțw8 N8uAJXM]2jZWb]BVKyx`_fݲxRgQYU+e^V +N"[gl3P`R &Pa#e 30QDhY FHTp.?6*V+AYgaGB#*{tbU3y՟ɫ3wTYdQJI?}2o;|HpE0mV; +ui\ApޠC8#.!nб/#jɇ$e0hx)me?-0@|a +:%aPA4laf[HhSv:.I=ܾ׹cve{$A{×A*q:w'DA_S$".bć6ŇShd,0 ~o-2.Vq9L:KWb;cƩQ}\d) u; }8x3 n2r&i5 ѦjX+0GOE[Yr!Cօc>?qz QGo@ ~SbkeYYkN΂|}A.br &NszQ0rβLX]0GYe4mۮ$ZV3?-zY͆d4 ~ە۪^kl膣%#4xw>[ƥWNʐ$BP .=r@YڋxY독v#]:LDCr V-F Bp& W yI;0%6?>e.H|CNٌQ^|Lx8x1<,&;K:Z9)B@{J9,6kJp6'q|1.lׂ͎2F<%>|^'p#7hrTʨ[o\Lg Js;ܹ^"۶cσ[QTZol"&n!#RJBq5IO*,7lD"M"q;A}F HYy׌!@@*Om8zA*-g$Ygo; +#Cjp% o: +A_ iJa8Pu>*ÂhJPvRGPHBL5["e*])wr㹚 Oˆ[$:gjOGKO&.TgJMInڎ!)6I*בp$^97đ?}=1-@lU2>N 'XXlX8YoU9ļ\(EiI5H +N{q*s XӚ{E OjMz{*B!U|ȯC_Y1xnZeo 6˓2S`U>Sex~N,':-hk(g6QYj Js!1baz-n{ Aì]t?S>^q#\^qG1]mn_C5BY=\(f׍f_y +2p_z[> +>3Pg}b9nǔT׹!'sOcFd7 ù (e#*8B׼ژ Xro$wNĀ|C*?p+RAbo\ACdA!(3N:N_ÎQrV,CqZ 2#8sy?N qTmbOGx[m +~a=ï 0 פ@Pgbe!'9E2*I7$~$-dP.Gnw<}bJ[0/QN01'hV敍7IQv1X]\aC6s)x +;Hx@g. !zN\|GUr,(wXGSaAԁW=,dp0czOYԝUŐ_ģ 3ezu<"P4G 5˲R܆B$,s!5TN{  _&K5Ě;&Sy~E2CPG' ۪rv||]az^HrM̹҃-l#Sg${ܿ~ }`%4GyM_B/, [aW\[:r6%X@2gfL:FP endstream endobj 1523 0 obj << /Type /Page @@ -6445,1031 +6425,1031 @@ endobj /Resources 1522 0 R /MediaBox [0 0 595.2756 841.8898] /Parent 1505 0 R -/Annots [ 1526 0 R 1529 0 R 1530 0 R 1531 0 R 1532 0 R 1533 0 R 1534 0 R 1535 0 R ] +/Annots [ 1526 0 R ] >> endobj 1526 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [280.2146 599.6322 375.7455 612.3694] +/Rect [280.2146 205.1117 375.7455 217.8489] /Subtype /Link /A << /S /GoTo /D (root_delegation_only) >> >> endobj -1529 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [312.6233 360.3945 381.2953 372.4541] -/Subtype /Link -/A << /S /GoTo /D (access_control) >> ->> endobj -1530 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [310.4119 330.5066 379.0839 342.5662] -/Subtype /Link -/A << /S /GoTo /D (access_control) >> ->> endobj -1531 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [340.2996 300.6187 408.9716 312.6783] -/Subtype /Link -/A << /S /GoTo /D (access_control) >> ->> endobj -1532 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [328.1051 270.7307 396.7771 282.7904] -/Subtype /Link -/A << /S /GoTo /D (access_control) >> ->> endobj -1533 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [320.3548 240.8428 389.0268 252.9024] -/Subtype /Link -/A << /S /GoTo /D (access_control) >> ->> endobj -1534 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [359.1386 210.9549 427.8106 223.0145] -/Subtype /Link -/A << /S /GoTo /D (dynamic_update_policies) >> ->> endobj -1535 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [429.9426 181.067 498.6146 193.1266] -/Subtype /Link -/A << /S /GoTo /D (access_control) >> ->> endobj 1525 0 obj << /D [1523 0 R /XYZ 85.0394 794.5015 null] >> endobj 482 0 obj << -/D [1523 0 R /XYZ 85.0394 560.3013 null] +/D [1523 0 R /XYZ 85.0394 162.5022 null] >> endobj 1527 0 obj << -/D [1523 0 R /XYZ 85.0394 535.1807 null] ->> endobj -486 0 obj << -/D [1523 0 R /XYZ 85.0394 416.2201 null] ->> endobj -1528 0 obj << -/D [1523 0 R /XYZ 85.0394 391.5178 null] +/D [1523 0 R /XYZ 85.0394 137.1661 null] >> endobj 1522 0 obj << /Font << /F37 827 0 R /F41 969 0 R /F23 762 0 R /F21 738 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1539 0 obj << -/Length 3159 +1531 0 obj << +/Length 2802 /Filter /FlateDecode >> stream -xڭ[[o6~ϯ0R|v3ۙn&.AD,4{xu35Ebs\(R@B!b#}{=& \i]o,R~Z atoݵdۏ߸o}+7wK1Oעݟ ݼ/]w)5v/j fw"_aj8EQZʫOWWgPAf&*|%FB?*NL!yBGc{K$ YCt/H.;k-Qɐ~]V30GLN$`m|f@"&9AFFߞ5() a8'b(}^֑r7hYTT> MxX$bD 2:y^rɎ۱x 8.>fFaC)h{L )yoT ,/=&bw%E&ƭ_i}Tou^)h_m?$JСoIcaHvHq)$)VSc A4>jIhqƁ/y*¸:/US|\ w%E&9'@#|\\@6kyB: -I tc1tx:gɸdBQHzuJCH FOFlʱ4ECt8(K\\@۪y_%uUN9.+Сf4r -qmf_qs3S9ƑTZl1.nNw%E&9Bu/Π<ȈkI9$|w̛i\*<ށQ2V@۰mƊqPH*P,T[</$qPo0ށb.qQ֡G!kɹ@R@3nqPC)v eပj{횀`o]Gsi4m}4uCo`xo4*]M{~eWe2a3$lc* [ hO;5>lOnOv)QwfOY4{s͛Cɓm^¿*AJc,f[ ?)9qFl-w=8һx8/mڔںzu;!kێdu\`Vax>u - 2%{u!W%Y%Unڥ ?*xў$4D/s)%CvOZ0\em_T>W6y(3HK[3h-Cfa%XP&X9,Qf0m'inp=+O gCݘCu;ךmYG|y^nVIZb&?ן,ǚ| B϶t |)ڧ1 -Nh.n2d0-.R)_;}ӡ,`c -GЌnt'7J;'Y,"@@~鸟 o`sޡMk(pȮ3(B.˓cfL/׈̋ĥwaECαka$3_[Mlkv8%>ZrӃ{dv{sTB5o澟K: acT^`K,e5ڧZ2?.flzUo>jvA=fF7ԳSZMҞI)3u& %Ԝ5dtKԌC0-%W㔳.o787WM1.bBf*taSB?ZP< ߝJwGqU R5ef>M`6ўٽ>s݄H"$lZ_)ÑjMeթX3w:1D/ۙ+: 1WX!-Ӊq|۶{]cV5/.1(#k@ܘ{)K}*̔a^'RǽLSk[ڂ+"T 6, mʷyJ,0?z7;*gjg!9eb|A5Щ ~ԿZPo8+smG%|T"xU K!逆BLhLEHͥf|Qw2e~teI6Lr_*<z5,$Þ9Yz\ڽf$\FrQm.&>Y~fMB9:$-_'Hüq~3ci:'W98f◚G l"rJ]∹IShtSeIendstream +xڵ[[s6~У0s"H= @ (Йj'1~<7|88l2D2MLj&b^x8̢-ni3͖=Y +al}!.Aե +<ڶ><\(Ayʜn~=8!˟.ޗ3ȟgkp Vbl{C3l.>^ m? +2LvUT/%.MŷbSŮo|Whs՝n$j^5ժWțb$,ڎm^-q ڹ7-rΞU3,AZzTU cjy-|wI/6Œ hQAEL(Xj`-H,-F sJb@q'tojWGd"HͲL!SoA>ʎ={2MC0D8i58B"?qHƺWG«%”+7 +C'WH3 2!* /_f'i5?.YhGmsco a>nPy@(z["tXyP*u bMbL+ y1)C"iIZq V&&>4aq4 6W{A$S4 :7kym+߽cPEm E =)F";n 10 +vXsʙWμK2sl8 Oɭn1&TZAYgm/FVCSu[;pi5gG$[9wLP1.>ڷ'j 0BB$vFkfsr<-CH6Tb}jfLfԦ:==*V_fvq*0pBGhT LbKj8W60&\=}͡\5<[a)۟̄Fkۖ>Sm5;|$DkY67s~]^\6jWw^_۞G{%O?h:|m/ޔ> +xJojUrʪ+ ?]v׽YβLoȼzQC >pDt,W>e:S힩0ED=jXZrLpJpC + +cIhD) +g{_rdb%O8};`G%c{Ԕ!4ߘ0N\Q uHA-&,iEZ#2pNn G\(Q +\M^r8ױ`QQSDҌ6pq=Tq8Tuy3v*h~SVQ#Ê! 8bscxZ'9&9~X{0$%_L:7j`ԋM3E 6F,'0 a܈#C)2q^r#a$3)C"iiqs'V>*ջZ9k5"gz1! gpu̓z>`k;x #oed=jŽXZrP`&:Ѹ_W3D\?Dc`&i> endobj +1534 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [284.2769 664.9538 352.9489 677.0134] +/Subtype /Link +/A << /S /GoTo /D (access_control) >> +>> endobj +1535 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [282.0654 633.2165 350.7374 645.2761] +/Subtype /Link +/A << /S /GoTo /D (access_control) >> +>> endobj +1536 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [311.9531 601.4792 380.6251 613.5388] +/Subtype /Link +/A << /S /GoTo /D (access_control) >> +>> endobj +1537 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [299.7586 569.7418 368.4306 581.8015] +/Subtype /Link +/A << /S /GoTo /D (access_control) >> +>> endobj +1538 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [292.0084 538.0045 360.6804 550.0642] +/Subtype /Link +/A << /S /GoTo /D (access_control) >> +>> endobj +1539 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [330.7921 506.2672 399.4641 518.3268] +/Subtype /Link +/A << /S /GoTo /D (dynamic_update_policies) >> +>> endobj +1540 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [401.5962 474.5299 470.2682 486.5895] +/Subtype /Link +/A << /S /GoTo /D (access_control) >> >> endobj 1541 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [257.6971 713.6209 326.3691 725.6806] +/Rect [257.6971 295.6317 326.3691 307.6914] /Subtype /Link /A << /S /GoTo /D (boolean_options) >> >> endobj 1542 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [310.7975 683.3704 379.4695 695.4301] +/Rect [310.7975 263.8944 379.4695 275.954] /Subtype /Link /A << /S /GoTo /D (boolean_options) >> >> endobj 1543 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [308.6055 653.1199 377.2775 665.1795] +/Rect [308.6055 232.1571 377.2775 244.2167] /Subtype /Link /A << /S /GoTo /D (boolean_options) >> >> endobj 1544 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [294.1999 622.8694 362.8719 634.929] +/Rect [294.1999 200.4198 362.8719 212.4794] /Subtype /Link /A << /S /GoTo /D (boolean_options) >> >> endobj 1545 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [303.0862 592.6189 371.7582 604.6785] +/Rect [303.0862 168.6824 371.7582 180.7421] /Subtype /Link /A << /S /GoTo /D (boolean_options) >> >> endobj 1546 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [332.9347 562.3684 401.6067 574.428] +/Rect [332.9347 136.9451 401.6067 149.0047] /Subtype /Link /A << /S /GoTo /D (boolean_options) >> >> endobj 1547 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [325.2234 532.1179 393.8954 544.1775] +/Rect [325.2234 105.2078 393.8954 117.2674] /Subtype /Link /A << /S /GoTo /D (boolean_options) >> >> endobj 1548 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [301.97 501.8674 370.642 513.927] +/Rect [301.97 73.4705 370.642 85.5301] /Subtype /Link /A << /S /GoTo /D (boolean_options) >> >> endobj -1549 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [231.137 344.9998 299.809 357.0595] -/Subtype /Link -/A << /S /GoTo /D (boolean_options) >> +1532 0 obj << +/D [1530 0 R /XYZ 56.6929 794.5015 null] >> endobj -1550 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [143.8055 284.6583 239.3365 296.4589] -/Subtype /Link -/A << /S /GoTo /D (root_delegation_only) >> +486 0 obj << +/D [1530 0 R /XYZ 56.6929 725.3455 null] >> endobj -1540 0 obj << -/D [1538 0 R /XYZ 56.6929 794.5015 null] +1533 0 obj << +/D [1530 0 R /XYZ 56.6929 697.9265 null] >> endobj -1537 0 obj << -/Font << /F37 827 0 R /F23 762 0 R /F21 738 0 R /F48 985 0 R /F41 969 0 R >> +1529 0 obj << +/Font << /F37 827 0 R /F23 762 0 R /F41 969 0 R /F21 738 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1553 0 obj << -/Length 2564 +1551 0 obj << +/Length 2994 /Filter /FlateDecode >> stream -xڵ]s6+tiτX|\ug:ޫn/TN%$'uD<'E- (ΪwB sΤDI!™Og/-՟T(.ڕk#a 䡖9+rPZ~wYv6ӌHWDUX`ZC¦>mW/nz՝Xyc!P S7Xu,WdԲT'v?n>ϺAQ_I;ۥ}{H45$K^AT6HFzahj TsAZjwf|h9ZN`%a -⨱ӱ7Ȇ;Akt'Ic }%<&CP63QU1GC)pc8C4QUlL!ܖ -^IT­'/B7E 1h -.))ǓQ -{}%<JG4x;DUH t28BaPM]Djq+QUb舔ꡙWpeAOQF$m ĠT@xak DY,BBW( -j(Rȼϊ*xI)D32JC0qo`cB fT5 -a}fv, -QUF/q-3sJFU8f<:-4ُ0P^jMRDJyeGF˔f,(XD -,M[7r>> mwzvW?H}.?捯$w@ScPs=爭wȽǏ>]}g߿hܯpCm~%,!toP܉݁O`f~0!n%_|w4_pkb w* -8Y_v--oy R[f -R W}cO[\q4s4o|sB>߶h;ڶ!yr@?D77d#0(A>4>@&C4&/+GW,Z/njZvjd4M$3alCh"tD0yg[2#,RSmB jdh^U#ɞb$L /3^_I>{<~ Tb#NYYy1T!/q~k!VYG|q;9 }H:c!G I3+q_5x+DUH %Y+ "J=`#hrw DbU+wݻn\@TϢm&"E gOc T}AK|ڶͱ=FzDUxթlTֽ0mtsI╕^_<$Uacf$֕- -1OV'0^i⣪P~֕8iY|vR8u IXGߐYf$1NT6iڂ(kp33(/?c&^0Xbim񜳨wn ʢ5E,)t:} /vUi6e7]zyεd~kB[|d#'$C\?H ' -&CipԨq̄&ocrNLKXo 5q2KaKWl/!?b-,rg)o%,Qendstream +xڵZ[6~_acNSl@ٖ'jdɵL'~֕jA`<;7j +?)‰b+J1IW ^=w7l<ѦK?^'b┯$R7|ǻ MM7eyw?>lx~{}p曻 )a^ë_{ t%8ъv/x(Q2]=FD):ް4A)K?S޼Oذj^K%J)MǤ1)Xm#RxB`eJ쩴Ym&K(0XuqTkBOhS+/^s$jݾr;UoѮvv.MC}$M[ꩻ1 >ՕBo ѳm+,`97$0 H0s`pi3KZKOźhoY[-f,֎})}^½*֞K5fi ?cL~,jV@_A(\LA~aΪ˪;h.&lsY)k;x18nykNc:sb>S5=p` Ss>?d&;% / i7tT_3ag-Y7v\emѱ/1?hllaG/ Aa멬[ #E! +JއQ}pF褵ނyǬhI\Nu2Kf}uvPzCnﳏnz畝+&v,n3ӉI1d>0fmLt|.Cp:Vm/Z#;c;Lmbz젇F%NA3Oj>*) 8(QU8@5w?R'wy>4ijQ㈯”y?`r]`H9FL(S.VvQ6/(;* 1T-X=P-2M 2Tqequ ei7uUrD{@]q-IӵfSY$]zMOJ֎t 8cb}py& +FCKL 1AqM:sTN44,e$wU'| .d!f. m~] +|P_8Cn#-d؞MC<(tLV)d/}Tn7 #.I4hxRESiP?g (D 4McUP.;z%Ac2c7ժ+)Mgǹ 澀=<I"#2Uˠqe] d!+JTDBnZ]DQs~1-Ĺ# DmxdV5϶)M@8t鈽Kg-s2ٙ>uU9n1 +_Cg XT:;IEY{ =/PvRCp5ԡgh{7-S>0A:(`p/H$0o2b(2Ki{ (%Br ҉(R@Byl@xFMG5NNڇ5jOڻւtii̩)W󰄀RPw"TR` b}H࿷@aub$zz$F~l=~06׫UvSg gZ5mY?ٕq/ghaH$՜ܿb=AKB P~>Ўk)*{bB3a ++ V=eDNCK ) Nrǟ)e좈Qx|F޻lϻ~ӰPql&@PK588qwtA@5!El,EPUcc %վޙK_wם6_\ե!x}#Uf {΁&beKc ;.2c,͈g?$%Rh:L_zCzߑsU'#}G{@k`,Mb~]pDIl_s< )SVzu,aCAzq4ŧq1LY\@5!BZJ? = '6d^H(T1{ dͺZD:@xٛ0<LtD-1+pST1ץ\'eJCTq7S RK&DaOBBe|؛h "A)Sa/?wbTw9zjAnqBˤPءSMY/Qnr$PMGЕ|i4Da84BHsʼM~AL<~jAnqb Mn*BO59K;dE Ta/îJC90Ԇy *RӞ1 z@".'ZcWseK5@59&QHW|A@5!K. +1oJ]P,BFiO(}#"~hA^q2v" T³շfpi&? Lywx)GXb_PvLGVbKAʙL݈D%qjFLQ?'ήZ X% +GRhĂ_Py,q.> endobj +1553 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [259.4835 624.1678 328.1555 636.2275] +/Subtype /Link +/A << /S /GoTo /D (boolean_options) >> +>> endobj +1554 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [172.152 560.4651 267.6829 572.2657] +/Subtype /Link +/A << /S /GoTo /D (root_delegation_only) >> >> endobj 1555 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [352.4539 737.309 426.1073 749.3686] +/Rect [352.4539 296.9881 426.1073 309.0477] /Subtype /Link /A << /S /GoTo /D (server_resource_limits) >> >> endobj 1556 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [387.5019 706.8362 456.1739 718.8959] +/Rect [387.5019 265.057 456.1739 277.1166] /Subtype /Link /A << /S /GoTo /D (zone_transfers) >> >> endobj 1557 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [381.9629 676.3634 450.6349 688.4231] +/Rect [381.9629 233.1259 450.6349 245.1855] /Subtype /Link /A << /S /GoTo /D (zone_transfers) >> >> endobj 1558 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [398.5803 645.8907 467.2523 657.9503] +/Rect [398.5803 201.1948 467.2523 213.2544] /Subtype /Link /A << /S /GoTo /D (zone_transfers) >> >> endobj 1559 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [393.0412 615.4179 461.7132 627.4775] +/Rect [393.0412 169.2637 461.7132 181.3234] /Subtype /Link /A << /S /GoTo /D (zone_transfers) >> >> endobj 1560 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [255.0796 584.9451 323.7516 597.0048] +/Rect [255.0796 137.3326 323.7516 149.3923] /Subtype /Link /A << /S /GoTo /D (boolean_options) >> >> endobj 1561 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [311.5276 554.4724 385.1809 566.532] +/Rect [311.5276 105.4015 385.1809 117.4612] /Subtype /Link /A << /S /GoTo /D (tuning) >> >> endobj 1562 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [315.9507 523.9996 384.6227 536.0592] +/Rect [315.9507 73.4705 384.6227 85.5301] /Subtype /Link /A << /S /GoTo /D (boolean_options) >> >> endobj -1563 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [381.2254 396.7158 454.8788 408.7754] -/Subtype /Link -/A << /S /GoTo /D (tuning) >> +1552 0 obj << +/D [1550 0 R /XYZ 85.0394 794.5015 null] >> endobj -1564 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [362.4163 366.243 436.0696 378.3026] -/Subtype /Link -/A << /S /GoTo /D (tuning) >> ->> endobj -1565 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [402.2465 335.7702 475.8998 347.8299] -/Subtype /Link -/A << /S /GoTo /D (tuning) >> +1549 0 obj << +/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F48 985 0 R /F41 969 0 R >> +/ProcSet [ /PDF /Text ] >> endobj 1566 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [348.0303 305.2975 421.6837 317.3571] -/Subtype /Link -/A << /S /GoTo /D (tuning) >> ->> endobj -1567 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [335.4973 274.8247 404.1693 286.8843] -/Subtype /Link -/A << /S /GoTo /D (zone_transfers) >> +/Length 3122 +/Filter /FlateDecode +>> +stream +xڵ[Ms6W*DIi2d'qv=&9pDDzE3_ S!э~htK=d?)JULq$0 +ُWbJƨﯾyDzB*~;%_)$_n߽_wo3uB^{3?NdooqsgVo03 ۛlK0ӆˆ))VFD)_qՇGOW *aIX~ P&Je.S2wSy)]Z̢lJ_} n#5d=ViϹꮬПztTnvƌԥyKO ?7&?/l }&wa4HTUG3qٞ$1&7g>2ְc}vV@Tbx(5МͶzBakµ 1Rn̹՛U=$*tO8lVEP3zxqP)vs\{q\9']fLqxfb0Lf%aew#\clNH +@Z#ոL>!r|#T|ܥ#8\uIeP,qԌ8C*_?<9b^`d} gWgXiJߞL\f`Jgq`{(0C-2€Z$e(JT3p5Xwz*4Qs;DIux}9K&gDdllEv`v(c"Ʊ;`@-iHӎC%ڍP9Tݖ}Փ G9YĀ¯4C LD$AJ8JOשs#L'ÊFrlp|7=yE0Z⼃wgPw\QEPKOzO)}Fؗ +ز sԗAakȊl}gP};eȧ)CE4@*~ ,Puykwk4RU[w-MWmOF K;L_bTƼ_'LN)eEqLk  +AHb]@q-YqL,Qlp̡I +8Ќ(L0_jE,5Rҳuk_0;r .A? 9^Ub1P9^q_ɡ1骽-Ro>2;ݣ)ĺ0/A;qԌ ~>"!7-QzVOzS"=" *r=ie.~S' Ѣ:Cۡ4 918[CiHfV7sT@P3D&!R_/Z|OfoKf,RAVqY-!,~aB!aAV djAPc + |tcxfnvЙk]/p + 5>o;C1tGbFQɜs]&׳MAsCg-[T.nF|*O`Ss8e"ѥ&\ό)گSL3c3"#1Tf rR/$*sg,(C +zPڟ~A~YP܎]uۖ]A+pi_D4 d6M[l^af.=(Nu-@@D9|6fE0=r l^59?J-qwMaL<޹:FKcjnuP˺]q z3zjڶR[vh~;st D42> P*þZhoG}5mrOE]jZtzMadJPe>KTնGۘ8<6~?\v@,Hbɡ.s"3`Uh"$X .XgJU~orL6cazU5>6}Ocgb#XQ:n'FcrHv^]r~tns䛍|-L1 [s~.N@2_ wb$B,>0Tnhٻ,Zk$nt{DӅN&@-h±Doۓc/܊@ w}pٗB`@ŀZP%U>YRIכC aB#$> endobj 1568 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [363.1733 244.3519 431.8453 256.4115] +/Rect [352.879 659.5291 426.5323 671.5888] /Subtype /Link -/A << /S /GoTo /D (zone_transfers) >> +/A << /S /GoTo /D (tuning) >> >> endobj 1569 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [365.365 213.8792 434.037 225.9388] +/Rect [334.0699 629.3132 407.7232 641.3728] /Subtype /Link -/A << /S /GoTo /D (zone_transfers) >> +/A << /S /GoTo /D (tuning) >> >> endobj 1570 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [393.041 183.4064 461.713 195.466] +/Rect [373.9 599.0972 447.5533 611.1568] /Subtype /Link -/A << /S /GoTo /D (zone_transfers) >> +/A << /S /GoTo /D (tuning) >> >> endobj 1571 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [402.9837 152.9336 471.6557 164.9932] +/Rect [319.6839 568.8812 393.3372 580.9409] /Subtype /Link -/A << /S /GoTo /D (zone_transfers) >> +/A << /S /GoTo /D (tuning) >> >> endobj 1572 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [320.374 122.4608 389.046 134.5205] +/Rect [307.1508 538.6652 375.8228 550.7249] /Subtype /Link /A << /S /GoTo /D (zone_transfers) >> >> endobj 1573 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [348.05 91.9881 416.722 104.0477] +/Rect [334.8268 508.4493 403.4988 520.5089] /Subtype /Link /A << /S /GoTo /D (zone_transfers) >> >> endobj 1574 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [488.512 61.5153 561.5676 73.5749] +/Rect [337.0185 478.2333 405.6905 490.2929] /Subtype /Link -/A << /S /GoTo /D (tuning) >> +/A << /S /GoTo /D (zone_transfers) >> >> endobj -1554 0 obj << -/D [1552 0 R /XYZ 85.0394 794.5015 null] +1575 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [364.6945 448.0173 433.3665 460.077] +/Subtype /Link +/A << /S /GoTo /D (zone_transfers) >> >> endobj -1551 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F48 985 0 R >> -/ProcSet [ /PDF /Text ] +1576 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [374.6372 417.8013 443.3092 429.861] +/Subtype /Link +/A << /S /GoTo /D (zone_transfers) >> +>> endobj +1577 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [292.0276 387.5854 360.6996 399.645] +/Subtype /Link +/A << /S /GoTo /D (zone_transfers) >> >> endobj 1578 0 obj << -/Length 3528 -/Filter /FlateDecode ->> -stream -xڭ]s6ݿogL LIӹ&=۝ټP+Rv}7o @\'~B?~*8/TY, ;oOP4͇Tq'jKL)~zS$> l>|uq&ͧ/ϢDŇOǫ:|n.Snq|w4SҫW_v?xO~VpNXJ> yQ$L4''G_2bd9p2 .0y,9 X,\Nx -\ڜqVnU -_Vzۥy -&ax9*@O: 3!)AZEi.ýdJM0]K_w:I :-E3`ONN7w4ÿ9^rwZ|,Bz96$'W&n) h.(MKx -y\V$'~ЛRvl&^tQ0%q*Un]tP5`g˺)o;_i8wQugBt"G{tغ~Fo@̘̎n`[O 9Ib!D:;ƉYcm 4mGփ? h)μ4Q{4pү@=+ꈆ9(cqۡr`rCv(p$nO10Բke,ےV464r]/8WilF^`-܂{cy;؜{O 4ȝKym9 U4@{`]^vgrcw4MNoF]7zmiܾ<d+%=ͺzZr ۇP6uku0c]&TQ_ߵ^ٍրT[ -%nozcńP9i++$$ F - !g"\OasAu;_ӘﲓeLlt{8@_Iv\@_~FI #zz&5/I^WƑR.feL!nebPc굇[u) ^OMYDT@WON -e2ظr4>X ݣ" -Zs"y>5d\Qq8*`] -Q -\%.ʅK9efeИw٘§|cD 0EhB|(gaӒcg>I$nvi6$pK#9<ق? ]R Xg:N j,$)aE.XHr3mWlJV5v!H(}CxۇncL, 5M@sU=nݦl/L*˦Bn`Sv.G'E/Tcp 'FaEx -& ><ԙ^3MB ;9wHeX%ڔLQC]9'AiB~^,1HL+g:.a\6%\ v.^JWd@̾s{z$z}ʠy ӽњmnL0(?3ˀ穱φ|~YZ{ʀBmQFG]+QQ ^ЙZe ۈSLJe]tb@۾0{(ɲ~mT?Piњ/ j}JIy_9p4HH%QZf|csu(M|}F=^wqt|76JV$@XQ:,r4ݲlB]]BR6RĴO { 3# uWa7<#BclJG~oIW-4MmhS0yu0xhʥ{OsI)Wi nS<.@E=kCAw#M䢔&h~LӶzn18h"ƮMDB=ݛrfm̉ݚqLw^d)ޞ^3M,)7d_AWEUFy8Ğ6`kzu}tE"rْ,S2lڮя?^ k!⽗FAH3r2 (   ?Q p[M R(v}Y0qKa%ѶD '"\ g5&Gt Z| =ljNl20Fr;&o=mcjGY@9Ȍ3یAg& &l&@Md\?MC[;㽝`4py_wv*&= ߮ ?bsr0ZF Ld*W70ʡT=LF-n-MOȎ~XiۏQAP+ yaT>9}箍P* mN+Q {Sb+7C LdrzE!jGWS~]B4J?k/w?d*u jLK]>4O #endstream -endobj -1577 0 obj << -/Type /Page -/Contents 1578 0 R -/Resources 1576 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 1575 0 R -/Annots [ 1580 0 R 1581 0 R 1582 0 R 1583 0 R 1584 0 R 1585 0 R 1586 0 R ] +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [319.7036 357.3694 388.3756 369.429] +/Subtype /Link +/A << /S /GoTo /D (zone_transfers) >> +>> endobj +1579 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [460.1655 327.1534 533.2211 339.2131] +/Subtype /Link +/A << /S /GoTo /D (tuning) >> >> endobj 1580 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [368.9978 737.7787 438.8121 749.8383] +/Rect [368.9978 296.9374 438.8121 308.9971] /Subtype /Link /A << /S /GoTo /D (boolean_options) >> >> endobj 1581 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [293.1435 695.8204 354.3435 707.88] +/Rect [293.1435 254.7663 354.3435 266.8259] /Subtype /Link /A << /S /GoTo /D (options) >> >> endobj 1582 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [329.3035 593.8559 407.7186 605.9155] +/Rect [329.3035 152.1632 407.7186 164.2228] /Subtype /Link /A << /S /GoTo /D (man.dnssec-keygen) >> >> endobj 1583 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [427.0093 593.8559 505.4243 605.9155] +/Rect [427.0093 152.1632 505.4243 164.2228] /Subtype /Link /A << /S /GoTo /D (man.dnssec-settime) >> >> endobj 1584 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [288.6803 503.8466 357.3523 515.9062] +/Rect [288.6803 61.5153 357.3523 73.5749] /Subtype /Link /A << /S /GoTo /D (boolean_options) >> >> endobj -1585 0 obj << +1567 0 obj << +/D [1565 0 R /XYZ 56.6929 794.5015 null] +>> endobj +1564 0 obj << +/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F48 985 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1589 0 obj << +/Length 3516 +/Filter /FlateDecode +>> +stream +xڥ]sݿB3 Թ8KvI@E*"ei߻]Ddn|bwߔǑ +B3Ɓ +-7glk,bٛAD~1bv4WH$8_$W4ݧ_x幎>}뫯>:_É ___~/ߞ]z^P"#K8ˁo@F% DFYdb)LuvspjN/V&PQ* +LM 9 BB[XIBĔ +y]9 X7M2.$4!#"<r@HL*qS$n̓hrەMM=vS0 3Z SևJ[hp=`܁Vb{3**@C( z< cCJ#ugBF@=y +Ol~W,fQ4>V<|5AHtIhT9KYy9Ի8HeO]2b9b9s/0~iH x95@  cRBpD@2#0TgrI,ͳ*eN\B8[Dp-F'qb 4)ub]Vw幘+XVeQw E]ZwO$rf8@ l $veT=-N_E"f+g[㎟Cv 祛>/x-l<no>g&S&x_3ev/Fm^[\D5_НDBvSAH0XL!tw@u-l8$ i]=^+z']8j?EM&̱?`- 8JT.(!}39.H^Hq:Ŏ<ӎ^msf0M_DieAwIQBM4o(v0ikIu:AJh9/~P[g {A{[~GCѲ ,ϙJ>n:VH)#MU8nt"/(HMQiZё>P l y^c-[ë0Hpl2kKsPЧ4 KeV`I2k%)6 R*RJVb0V`GC; i"ƽ|6iȹCk8uURl#8s0s` `[eKGw7I?6.8z*:j,M¦xOQ؃"gB +iO4پME=4GEDCE " oݛݾ~ce iJ1"{r,R\U +Ktժ"h + #ɪUsЫ7\F*-Jw5 j_UT +&xni*V ocA@A$Ɍc i ;qbnd- /6\?UE;FjĞ-Q\gjKfpҴVuٶ ]ܨ^my|V@۠(Il) Wwc"b? {bf;zQޞkA`/t*Xck7a#`QM$TFy0(qnimg{|}k4Dj,O\Y\N` &kW3E'֊U<UPmS17Ti[O$~#`NvE݂$p$}K-| >UPVŊ*e%oWذuv\kT\2~/b @wHȶP9{8t+j)%^rny߱RwgSWf`'~Id:D G,@ԕ&Nw]#6VL~y f"گl\mF kr01)U7W¡9.[u":=2&bA4 g*}GWvFvOqEP)tM|". r<H/ulvdu\d~sX!!4ܾwljb v:TM3P匀zM3BB/,Qp6?VqXG22:`ބYS$o90 +"YrAD6Z9wWQˤͺa<b) nی*h^+] Ck iLTk77 /.]{P-h1¡IDдTͿ+vwԉjZH_/mV+}PІ5Mg78:HR `v7deTIB%&N*91^N'Fo-T&c-큣1'ۺ(Ceچ&x3*-fu-NѮi%;ʭ~RPIB-߄}F* G ĖXæ_Y5$}y= Mt(];4LߙzŁT` |p1 cب;-*c9L_:5FŊ6ոu`"3V`Rvý +2S'sDN.cӞB>]70P$z->$lZ=M. &1d&|m|M@Vcđ&2}o> endobj +1591 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [328.5503 473.8434 402.2036 485.9031] +/Rect [356.8967 737.8938 430.5501 749.9535] /Subtype /Link /A << /S /GoTo /D (tuning) >> >> endobj -1586 0 obj << +1592 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [336.2616 443.8403 404.9336 455.9] +/Rect [364.6081 708.0059 433.2801 720.0656] /Subtype /Link /A << /S /GoTo /D (boolean_options) >> >> endobj -1579 0 obj << -/D [1577 0 R /XYZ 56.6929 794.5015 null] +1590 0 obj << +/D [1588 0 R /XYZ 85.0394 794.5015 null] >> endobj 490 0 obj << -/D [1577 0 R /XYZ 56.6929 429.3811 null] +/D [1588 0 R /XYZ 85.0394 693.8168 null] >> endobj 1075 0 obj << -/D [1577 0 R /XYZ 56.6929 404.43 null] ->> endobj -1576 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F48 985 0 R /F41 969 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1591 0 obj << -/Length 3315 -/Filter /FlateDecode ->> -stream -xڵZs6_|c1&xO&N9ܴ}%Uo PL}v3&X0AD3<@ۻ3BQ٫2dIf#^6ax/?nGBIGڰ7ou{y o^^ݼ:q9ÞoqEw?ty{qxIȧ_~c)l3#TX³L gJD+)e~-è 퓟6V=TO*MLe cÇul?LW*A/NMx2_UA_D*֡c:4^2ZDXfnaWd6f>ͼ[eMjYZyPԠJrYu?4tqf2|˛ɬv\@- Ί%hkPˇ%سlT+ɿ2&N1iӶD.D'mwrlf=\'mgOth&RiBͺVIOۙJ~I;wdRX7MAPNKH#~ڔTR}ssĹNhiHS߱HlCTj/4hz,>&8[7 v4}EZj}EB}q &RrUޤZ"':MD:QJ#a;i#x,idwSO',¡@@aq·4u=.Iwu|LzϱI 7R촚EriQ7hx xo*_&|:3S|Aeg픞m=˷ZS.U6wت^vzݑH6Uz m<$ڣ _(/IZy] 1\US Oc̪)iUXJw?_T}tMO:Ir_nm<]_D~9)W(O#&&1wψd(c֛`*ZYC  yjQU8w\ ܡ_jTdgKUihh54E *D?Ť~ME77Y@*_u`݇wxGD+O^igYlM -]dJtz`1-n}<*\ 4O۽4:ipq&wn| Ɍ;u -wMCK>eܯ\qy FF \s>cWN(!ZO20N=l0ڐaр/¶YyM&VE{+5-\`{}Um枿wz/vT#D>3푢Fv[ʓpOQBC2#iOLZ-M>pN8`M9) MRبػǀ/]VvS#Ѧ?,/ [ʒL/A"Gg 3ƂPR ۜ>nEKp8{o\\g [0%ԋ"(KA(\( #BHBPtAȈDt~ e@X ĺ\spOЧCbP[(]zJbv -0@&e[pnQEݘie~VQZŞElx1M"Vռ9$636Ţ6GѢsIk =xWV&;Ҍ_ۼ#ybc9KJEbPh尫M9w4%t7T~)>U~:BeO3QUQڽ8Ƭl Yjꢦ0u?{BKn/IF\[ jۭDբl1,֘IXeߘi8L:bdj1vYUmzyR{,'~۔4@KI`@JYf#+Ĥ%JȷSoD0*K՚K%Eĭzx =>[!z. -VqAOZ3ҏQ Ǵ:ݫ`[}. B㵅$O$Dz3Pt ->,<=!Wo5R9xteezKaY[܁N՘LJo΃є7\DkOB -hL7v<'HD0j`4U.ͼk0ϫGo Ok+;WVoG"gK +N~u}f@l77yMX;X)HRHrOCT*~ @PXHTRHcMG;d/V,KbRrPKyi֫ɳsA|?+\leNTp9v6sXsGv)oYrO]/FN=xptnOt5ʥKoBߛ7L_gW`&v^LH[2ҞfUp.bn>0!Q!5Q[’0b%2"kQ -k g"Zp#gŦVOm`i@y='1ë'a%Ewn?nRpW 1xSQ ,GdIҌ+*!C}KX,3օK+9ĦUUݹ`CHA^Ud{^޸TVjaC[s7-%AJAgjpŬmo>" 8*|k_p*ƒTJ{Zp> 6Z-Tx> endobj -1592 0 obj << -/D [1590 0 R /XYZ 85.0394 794.5015 null] +/D [1588 0 R /XYZ 85.0394 669.0349 null] >> endobj 1593 0 obj << -/D [1590 0 R /XYZ 85.0394 530.92 null] +/D [1588 0 R /XYZ 85.0394 84.3175 null] >> endobj 1594 0 obj << -/D [1590 0 R /XYZ 85.0394 518.9648 null] +/D [1588 0 R /XYZ 85.0394 72.3624 null] >> endobj -1589 0 obj << -/Font << /F37 827 0 R /F41 969 0 R /F23 762 0 R /F53 1062 0 R /F48 985 0 R /F21 738 0 R /F62 1100 0 R >> -/XObject << /Im2 1089 0 R >> +1587 0 obj << +/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F41 969 0 R /F53 1062 0 R /F48 985 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1597 0 obj << -/Length 2778 +/Length 2810 /Filter /FlateDecode >> stream -xZKs6WHU0x 7gƞ8JmmJGP"R8~EY-W`4~8(Li$,"3}gLt"Ì:ߎs˟b HooOafqHrrEltqn"6 Ťy͒*:#(3070#$-Dg_#$x(oQ2a*\O$q9;`NP䦩#':NϠ+&Bp E5 >8KJk{"Hpl.< [hu=]V^zvE]Q~Pٮʋ+:FS2Ha>Dƌއni?l,\.$M]- ߝ8(_`&t1<~+{Hq/K<\}xC߸x>.F#IS~<err䆒0F;ԁ*琽! >v~|x" Nv -~/°S gSIͩv+`R9  @JLiDs;%%0s_WEO+맠{v C[a: #P?|o׵ -eKVW0yPD[뷮n-zِ~ ~#a*.srKy(ǡƯ~Yv?ttaLgbʄQ#A@"f,]]c4rjSNW ]W=y,RFB6}~(p- K~2Plqe- Lb8W! ]7>>@c*.!% VԹwQ=OKyq7_qAPG2)K2} Q^#zXk}(O9=1<-A=?I-$GYI9 %DJ&0yJ.858Ÿ r)g];= 49 -0_qt#iƴTOX$\SJ-p7)`"яZ%PKMrՅbzה c" 1u -_H̳wGSOa/41L d=c,[T4i,tQqW;KMaBWqS#qل.VsE:b,FxVJ2K5w[aēs#_L|%|=)5C>uVk;,)i]yutuFE E W%W؟!_vM⟢X)]O±ȕgluܥ -:rPsN -+4򠊶ԤP% wQuE7<[WiW$aކ[ um;9UZ"X*5òPÏ|~>C1VWPm.ۚ(v"ٱ&DG|<3 -CT8=L9kFwpN(fRd~mRj4LHFVi tG\Eqh+d *)\k_-:0mQb1L9*:uΜT;V:OzHzd|>cM´p^g[DE)\`VȄ)zX>&h!-$ `:A 5ͦMPp27:|Ҽ):y+Yb4ټ1XZdF bZ+??e&>>bQ|~{aN2|USY}T= Ted*.a .ǀӯB+y4dX#_iD]lwO{"cp OvþdeC]4ɪCYP0N}U '6|5`l8+hʰ]^!,ӇUb]`<\.C2Sl]ՆV*)%0 `"l4_8i3Hv=ytj,DouM(g2CEd}w`LtvuEFfOp Z0Le]xl W&78ɤqN1h-1 ƛϲfz0\-s<ftTlm o:Zq <>B0HZ^߯eÕscEl)\'=1ud-{'ʷZ[ Q< &egvk51J<Z=]x0",=ڐj!,/~qv\O׀1m!,t5gXb4jbb7قlqx apNlj QCI;zM] r ?da*}ɀݴX&:!CBknQUzX*-*jpK^z2R@B2nð@"q2SC'Y;>lRTv oo&7q{, RӪoDv<,'xo(űz&׊IЁ iG[>acO O_\G$6H%t]^&E.H'Y yo.3atM@ ΢O#E'1NV Żn-T*ʟ>oCsr:ƗH\b6?6h!?P:x+S+%G T e Td Ojw[,e.(h6mN˜TlA(@e3{gx؇ ς D˼+ooeM`UjzofZfat/g>v)4%b4=}xEbxƁ#w!> endobj -1601 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [312.8189 298.8688 386.4723 310.9284] -/Subtype /Link -/A << /S /GoTo /D (the_sortlist_statement) >> ->> endobj -1602 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [406.3277 298.8688 479.981 310.9284] -/Subtype /Link -/A << /S /GoTo /D (rrset_ordering) >> +/Parent 1563 0 R >> endobj 1598 0 obj << /D [1596 0 R /XYZ 56.6929 794.5015 null] >> endobj -494 0 obj << -/D [1596 0 R /XYZ 56.6929 509.1791 null] ->> endobj -1599 0 obj << -/D [1596 0 R /XYZ 56.6929 477.0735 null] ->> endobj -498 0 obj << -/D [1596 0 R /XYZ 56.6929 477.0735 null] ->> endobj -999 0 obj << -/D [1596 0 R /XYZ 56.6929 447.2177 null] ->> endobj -502 0 obj << -/D [1596 0 R /XYZ 56.6929 390.5598 null] ->> endobj -1600 0 obj << -/D [1596 0 R /XYZ 56.6929 368.2486 null] ->> endobj -1603 0 obj << -/D [1596 0 R /XYZ 56.6929 281.9323 null] ->> endobj -1604 0 obj << -/D [1596 0 R /XYZ 56.6929 269.9771 null] ->> endobj -1605 0 obj << -/D [1596 0 R /XYZ 56.6929 89.8526 null] ->> endobj -1606 0 obj << -/D [1596 0 R /XYZ 56.6929 77.8974 null] ->> endobj 1595 0 obj << -/Font << /F37 827 0 R /F41 969 0 R /F23 762 0 R /F62 1100 0 R /F53 1062 0 R /F21 738 0 R /F39 927 0 R >> +/Font << /F37 827 0 R /F41 969 0 R /F23 762 0 R /F53 1062 0 R /F21 738 0 R /F62 1100 0 R >> /XObject << /Im2 1089 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1609 0 obj << -/Length 2893 +1601 0 obj << +/Length 3035 /Filter /FlateDecode >> stream -x[SJW(QH^bX U;ȶUdoHlAa8l8՚G= *ѽ8paz޻gDhӯۭ>^TŽ%Vuk,Ǹsw5#:rt~urqؗGi O_: I}qrzrq2<>9 Tgjt:zro'W͔ۯ%xoog*q7$m3ZZ3= NtzL`bئhpZk:Ѥ -@=;!n;Q벝2Ja_k!{KhM ލsv~eWI5C=g].T~cdVoGODWޡ8 ȍ2 -l*O @䆇ɹ jz&a5&9;"DͪW AwAzͨ9ފU0f -=>ʼnԲ6% r6A,yg.U4 Лٶ8;4Ce7akྂtH&My?}9IE~)Zu UmtnHpoI!IOshz$t̫vj~&[1lʾA Yne K}UtQO0]g΁R.jLgZ7$j[넞%=_(Hu֦C/!Vb}/ ]-!#p߼4Gə+6eyMOV ."pd7\4#{ sApU2xïlq}#qcwІadìp]|Ʉ!]U5K$6-oIuהZFD78t0b4FD((5kòM^ٮvhAb}>?A?]6y܈]7bTyQ ^.縇Xqxc-g1l-v/`*d"p|AKXJJx-D1u$ -x_S] yiwY% '_"cs{Z4˪"ĕ@!@P He -W—B+*ɚ]j D΀$ӱ&`}M6$]PHSSV,p;(ύ׽";_u_yڴcƭckf`Š?OKQi?kq4 -agu|GVM>)Ɓwф4>R34x(#\4ZVOm.*3H[t9iNQ6VsUvfۆoyy+^ń]RYl@O Bt W\M?ǰw9(X:Z/ A]|IwX*-+*JƎ;6X^S.&Jc$m>.Zxo.` -b7 -JI$ $g$l"T{;ݑׇء)z2#aCnCޑK2ܦŃ_tGY'u1V4YF - ?nG@gXx|ےo!E]Wv51Ezfͩ3~w| y|KwzN@k 'Ǿ6jZ=d0gKJ$;Lr< nӊ5 @I0CkY '.xN6D#=ϙa"!xOd%,&⑋%ƎB VsSB"F]-)t?u@Dd;mA씭/Yu.,efLI +;ֲaT熋T!L -M(^a0I,d]H蔾gV#V^4oqq7_RI*z7ϳY `Q]EU$0.LgL0կ |,x{}sEo]REHK?o&ُgYeXI~pX(4= yLE2Rݞ'͚4R#Bb1`T"Ma N=ZYi<aE% ㄧniyƂnBmڽfaQzAF]Cϟ[`vWv#ғ8C0S\}K)4huѕM89O;]=t̛4zA K%m)~ׄ[4uAN mN_YĦSB`ON?\Q@=J;mTTeIp[‚v^E̡cxґa,zW#NK~݆ʅWƄ;c/r +8[_܆"$K6nqQmxr%:˓ve fq\+K|4[fQ6 &$8 }>DouG@g@zlVwQ:sWsmfEqq?Nhy6EczMW[In#@hVu[ +.#NZƯ̲0 Y*gmucmyWaymAF ֋=ts-7Oj +MkĦzWq2(d':RFG.Y=x:  mb+W۪+. jx%,O֛Uّ7ͺ+WV v"lzL9GsHbk]' ;=|Z盹E&vxnM۔à7m4nޏR<E TI ^ +xN{K1e&r'ajg:7͇;AgYA|gї?gtB)bI(!ܼ̊NSÝS+!BAz3IA,9GܢP5x,'&bþD.PE H[0IK2G0a^rlhZvV IC#G$B ")B3rpclH!EB7GD)(Ͷa '1~mPBً%3nq2HM*Xb|8 +.}Y躀\54eGy4vIM9Cq]S$1TR}áx^ǂcNR*ʒ?Aҭ8*) ?e*(1yT1 \1K $e Bu0W)TB^~gC򢠽K%eګ&+WhM7%b52Hd +<( 4b qqz<UcRdDѭi0?e.\Ʊl|Sĥob,ʶmVu*M*ˆ#JZ*eP;s@,iRk"2_:ƕmEu "xZԫa뇥DE/䈦W?bSq<"r0FHvT0ؔe) F'EaG:Yit6J_WByly-:vE", H\yȒaY,Y Π)Gue p>LMU5T]z=U#[Na}Jr8ArV >\=I{ҿ0W]&/*Bl*NTlzWBBk;勅^SYp] % oiL `:R%f@Ny%hz8DǍgk7( SuP+a Wq}] =Ky{jџ!V>*p,Ǚ]#tzO#@H&ne(mc01KZ+][Got/nj[XILa$hyeAnt0)nzB:=dn8 cZ-6]%byNW!5?8vA=}V(r~Jqf.>A57.O|yaΏ:bp/k9of<)6K&ʖ}93S>}S2+;c KO8`7B+l0 p)V c(x. dۮibu1CU( wPPOɁgP8% WXc5pd\Pe'S(!H|QQ/ +K̿d5 EJ?.;+n_%'O+kCTRtan`lFt#09sb37ə\!g2خߘT!&\b@?kLcF[MkPvѻ&fqgeAM -jn`?C4i>oi +LtdtףF)1vuXYEr[tsɿA2cmg(e~ +j88a5{ +& _!M7~1BeuȫsnS+dl]-V"gFx/iVϜ0 ddhQCY^8F@_#<+q=0?!$ ([Ե{RqUe-s?Nٮ|@_/YK8?~Tlcc~lt_o|4=r!DZ4{CCXm~PVcendstream endobj -1608 0 obj << +1600 0 obj << /Type /Page -/Contents 1609 0 R -/Resources 1607 0 R +/Contents 1601 0 R +/Resources 1599 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1575 0 R +/Parent 1563 0 R +/Annots [ 1605 0 R 1606 0 R ] >> endobj -1610 0 obj << -/D [1608 0 R /XYZ 85.0394 794.5015 null] +1605 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [341.1654 570.0778 414.8187 582.1375] +/Subtype /Link +/A << /S /GoTo /D (the_sortlist_statement) >> +>> endobj +1606 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [434.6742 570.0778 508.3275 582.1375] +/Subtype /Link +/A << /S /GoTo /D (rrset_ordering) >> +>> endobj +1602 0 obj << +/D [1600 0 R /XYZ 85.0394 794.5015 null] +>> endobj +494 0 obj << +/D [1600 0 R /XYZ 85.0394 769.5949 null] +>> endobj +1603 0 obj << +/D [1600 0 R /XYZ 85.0394 748.2826 null] +>> endobj +498 0 obj << +/D [1600 0 R /XYZ 85.0394 748.2826 null] +>> endobj +999 0 obj << +/D [1600 0 R /XYZ 85.0394 718.4268 null] +>> endobj +502 0 obj << +/D [1600 0 R /XYZ 85.0394 661.7689 null] +>> endobj +1604 0 obj << +/D [1600 0 R /XYZ 85.0394 639.4577 null] >> endobj 1607 0 obj << -/Font << /F37 827 0 R /F23 762 0 R >> +/D [1600 0 R /XYZ 85.0394 553.1414 null] +>> endobj +1608 0 obj << +/D [1600 0 R /XYZ 85.0394 541.1862 null] +>> endobj +1609 0 obj << +/D [1600 0 R /XYZ 85.0394 361.0617 null] +>> endobj +1610 0 obj << +/D [1600 0 R /XYZ 85.0394 349.1065 null] +>> endobj +1599 0 obj << +/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F39 927 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1613 0 obj << -/Length 3252 +/Length 2815 /Filter /FlateDecode >> stream -xksFUYy㵳N6^\.$Ƃ[:랞skWT%zz{`~F~'&7N3pQ?Nq/G]g-J(Ë|awy &dȽg7!uDvWO FW =^\_|r1ZZ,xW~> |gI{ -?B8Lyr{Ղ^3ud|Cqߖ`[ ǡug\t(XKbX&Ѕ4jJ&R%^QSyoo/ ld3эΊIj;.O[Æ J+dA/~^0μ*jIcmJ8`TiI-KѴ9|+XP3#`nz0pHqc/%~NFWv]pKjy ҅&Ҽ <^(EXԠe:qƏ6-3.V{ɢe@ިPV0%K@m-؊ހ ?9Ot3L/L$ -#it3wtқF0wyh \3#L#́}h`ސu",_RaQ*7ӻ1P**W7Ks1AD6K'8A`qYfջэߢeGDLքAT,]U`gi[H{9׋jXRQKMHcNy,HCZv+/N1㜖ϴtCZ-q?T☥ -tOyu8uv^SL]:,mS. K^e <@˼T(;K0)~9}7BQ Ճ6'+B E101qyݴ !>M8dF ҅ -~NduQ.٠3xzvmZɁrzV<o W;]_W4d!?aGIdb1TIQƘ@-MDD)DC,$;2] -nE={@g/[дEYҘ%hXa?05:2%<8M/%4 -,  B)0q7PiMj=SBYFDzAh>c3.wºpp}7Ue" 9bCHa%jj @VWIbH2kdYtC(DA ݟ1L{mFCTW9![f\gG/E¡a? aUDkc"=hc\o5?bыbbBױ~[kGsX R#FOB7@ƴ{H);"6[3_ˢɩ;%zfcg]CX4ՁcEQ8] -#aB<0#!RdèpOi6"3{n^u @BB6}\Jő3@EL7VCg|ȋI`d"Bpep_EYr&a>wJm"Yu}_4-LrC7zH^11hco;e}"V>7`He_'c68' o;)b~o^< p jmL$5&@eY?`tR$S* I"i<8ί,iSO*A 5xK@ݧe%${H-#+hCr4xw' >悙!uЊWx|@:ۼzzAYDIJ 1خ<:3p^BLnI]fbRYՈF>A @PEvC&t+H08򕻢|׍WBM XokvFˢl+/ ~X/u+佱VS[1p YX>Vw`v~ Wd>7EÏb8*b ?5)C*i.uo?^%y.9H]F$MTֽBx"[a=/ʻ|/1N"c!isMZ%w.ziWjVϬ78mV4܃,\Ԗa*55=AWq/%_o%|fH$X>RJhRA 3Vyʢf*okmnw;H`!Z@l;pnw}.k¶9K],йQ VKs8ZM㌭lR= Pr -j;?S;;M)}a7)Q!}8xkXU0\2i8Ud.!eCuL&]=`ϼ/@;ש' 5+xf)(^hK4Φ8Mig-&T@ ZD i>!h]RaTH4Ppwl$vm`VZ8Յ1Xaі_OAb& tJ}aL̨a4*6E'3e1+ZBc ϼ~}5B1#hOR;vlviNr$jcЮ;-M12_Nx>GBq' DaxӲK!%2B :ź!ޱۘxxgY[60o%r2$ _ˑ*ToS\f`@ sXS76"!+^F8^NQ S7@`iIleyxYU ^gHQ[!Fy1:62)BۑF#鲙]6 T4T768!'H7vPcvSÝMg}qSG -;,%v_WvnJ0tm#=һcrM*Yb%'ْn]5^g{Ngґlʔ:pbѺ[ƣ.pWEt],72e.i|Rشᴹ#^U&v}s&w}Ԟ; թzIq]Lendstream +xZS#[UgET8 6\rw=53>j=1[@BIK?$zDXfS\Ʒw>f4[}yz)KXqEr[bb}'!ꑾdTU i|ȫjsj8<9Bf1V"B ֘6dZ+}L!MT= +:)ҰӋO9e$UԉH W:i9!u$e1E?طY/lF5F)e + KY-)k*˦I=x!,)k%|TWDY] ##eR^c&ز+!O,@+w>ѭ!ڭJ_K!`ޚoqȦnX\nXX8 "HRmX]͊1[UbBn ba1ɧiߩ&Ǜb&iPeFJ(୮WE}ruW_[fQ@@z~ៀu(;|" +6+CdJtWKo/7 VYSǺdy_+)q3L +xo%UCFQk)~CӰV.X/-I-'e|_(^6 MKE ᝍM7N2Yi 53Ծ@*,ynRQ̈jljd@xΉCPqaWEMtAHNMcۋ>E۬|.!Uľk<~]ΰ$~}&  (ß<0JF{Ck<8 {ۊ|lތaw+qù,G.b EK$Rⷐ=Nl,@OF SmrH˜CL*_F1Җ$  6]O`hμnt:Jрeʭ}d J;&)F*cp(FlXz& 8Z{-ːMZЩlRcT}uX(WuI%h=6&l7j5ʺ5eyhp2ɨ:#\IlxNanj5{bOw9EKXڠ@kj8~\3X +[Yb lNB( MĶ !ܲ~l!( ʬUze +4-X k re`J+U9)q|YtJM$y\+ XWn&1<<"8^qy4T6 6/y[rR`'a9 iRWg 808 JQ`'Ov0X^o&OWfO"^sR:\Sdamlv31 VzaZYQ!p)+Tܓ]bNόݪn Is&!P4ܝV1n-~ ="oL<(ўZ71THPG^Z˨dMU; u.*[\aG?i04-k|m|9t{F8w0VxUZBHajlY0Y@4))ɨ?LE/GեUڭ! +<f<,wmXU^?*$5 D-2!#olbzb5{J1K߳H282A529CT8R:4lyDQ/QLY&d+g%̱_۬70Rxn8㰐=҆ ӏAKyMK{~ˤ*nY}lȚdu|3_]o.(vKyǷ_ .`V}KtWRƻY%&(l-$!, +2Jb]|IAz#R&9Q :ӭ|n7n; +K-׺x 0n<פƧij#NGzx"$]L8+ {k p_b@V@3bR"& +A|mˀ'L R  <)|AcԉY=ʌЙhL% յVg=GH8F'ĪĚ(OarV>Y XN V +gvϣ5|zNv~Cs-c0-3f ܌}cM, +0ʀ}dq3gZqڭ4aܭCH 99 ŀ7/`n:CH(fZ yՔ>g[Asb'|X~}dWf%NZԢcR㼷-sߧkvlT (ʔzbXٴjM?+Tendstream endobj 1612 0 obj << /Type /Page /Contents 1613 0 R /Resources 1611 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1575 0 R +/Parent 1563 0 R >> endobj 1614 0 obj << /D [1612 0 R /XYZ 56.6929 794.5015 null] >> endobj -1615 0 obj << -/D [1612 0 R /XYZ 56.6929 337.2163 null] ->> endobj -1616 0 obj << -/D [1612 0 R /XYZ 56.6929 325.2611 null] ->> endobj 1611 0 obj << -/Font << /F37 827 0 R /F23 762 0 R /F39 927 0 R /F41 969 0 R >> +/Font << /F37 827 0 R /F23 762 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1619 0 obj << -/Length 2932 -/Filter /FlateDecode ->> -stream -x]s=L`߲䚛6dKՕ%%_eڑۻL  (P=JPD,=Bgi&hSy8ˍJF&0GsWi*F㫿]?($ۻ1zwws/?ܾ#D(I`?]O=xvЋ/K -Q, Ia 噎Ti:pk)Ri2ГTCzL+B==, -X,,ϺƯw-]-f]hLwȲ%,["FHe,e9.e)oΖE@!E[Yl "3͜ov۴VE'))Xkۀ<%)3be"+.Gx -`E 4/_MVj]-)/bDdbK-eNv2S4^ѧ=AK0ϛ uU6\t< }/,ikfMuq>QbC߁\V]^Ҋ1qaf\Գ&'g4N$oEMk/Ӕ胮CCbd- ؆,QSa*NƷ5 R|ɖ X Oe~<0/F.$H -eYl~Y`FNev -Ci6ca8S^L%ٺIYY&;ހ_p@ЏcPCD;exٴ S y -|p@/{ T.,C=Ϊnlԁƅ$-D`޴i7ȝ;~\JdG\segFH'I70> {28x,kf-GUVFq:3"kKR'Pb:p'COɍfuT?8qjzN8uCC'p1u8 -,Wl t: TGe Ƒ/qKHZ8҉zO=sq In=!D4LR~MEa2:QNO'%q!bЍ8d55& -(]i ib"Tlmr6~ lXD%/@ -ˠ';R6"HJGn57~R]$"V&NÛU!^U ܵDUIt.·: ĪĠdD5{J{ |wtqu@wDai;I )E&Mo*k`+$=t ?i%x_I  ,H3Pa1YQ$g8D˗z*5ͷT6h+)i@"{.Lma]}-.mi?7i/)ɴUoS[xn/MTӝ7H9˅,9kr!{Z9傜 ݾ?* <dG)>߈oW>ciK46Gvlq|{&N@/ -C iQ?>pR ;t96!IZ?1O6>  -U)#6 AH2>BB,ixӽRV$'< #7 Ql^>`01Ǣ}9A k>VHd 8i,T㸛sb^j_spkRbj %N4*{{My[ 6fzGID.e89΋v.є]ӳc3e(* b -vU!Xh:J|ڔVP֕}]vJ.6 -W?p/+} -˒pO@X`ؔX] ``o&, mi _|>k6EfDY b ('3偻 rMHblu#SG -J:qtfX**2Sm5qo]${k hM[ ʕ4>25 lEQͮe"/-'wMEw{E~*Q}qB9?!R#@ּ=*Vԑ)t*vo` -)$KhV7`\<&rRg.%dޡsplOp/ls{4gܧ'SҶDu`UWӉpnςdN XpG#2|*A7Cl{UU /Q-<|1BR:^e)Dfb/}f -FiWMSFX1):{!4G:Sܹ3>󸆿e]|a hvB{!df')CPxGl6զ+,@Iʄ #%q\[1S"^[ݤvH?О=+/H`'֬@O|Tr~c?’P()! 0XwBE76.endstream -endobj -1618 0 obj << -/Type /Page -/Contents 1619 0 R -/Resources 1617 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 1627 0 R ->> endobj -1620 0 obj << -/D [1618 0 R /XYZ 85.0394 794.5015 null] ->> endobj -506 0 obj << -/D [1618 0 R /XYZ 85.0394 729.6823 null] ->> endobj -1621 0 obj << -/D [1618 0 R /XYZ 85.0394 704.98 null] ->> endobj -1622 0 obj << -/D [1618 0 R /XYZ 85.0394 519.4358 null] ->> endobj -1623 0 obj << -/D [1618 0 R /XYZ 85.0394 507.4807 null] ->> endobj -1624 0 obj << -/D [1618 0 R /XYZ 85.0394 339.3113 null] ->> endobj -1625 0 obj << -/D [1618 0 R /XYZ 85.0394 327.3562 null] ->> endobj -510 0 obj << -/D [1618 0 R /XYZ 85.0394 227.5589 null] ->> endobj -1626 0 obj << -/D [1618 0 R /XYZ 85.0394 200.4217 null] ->> endobj 1617 0 obj << -/Font << /F37 827 0 R /F23 762 0 R /F21 738 0 R /F41 969 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1630 0 obj << -/Length 2720 +/Length 3338 /Filter /FlateDecode >> stream -xZKs8W0jŃ y2ά&vVVMm&Z-JVdv$%NqjW`jk@j"OMl"Lg4N39_Lto/M:DdtNMQ"8d2z9jVG/~zq9Y]BW/gs~qbv}EՋw.ݒRzs`wIa2g'!2=ٞ(7gbRRh9i3&'@ʩʷ>:ZqyYQ۩vW/X6T6_ˊ?ښu\?`,7Znv-60\Xf-<l6ej>na{hhd0:2OuLMS/˼-VtjE+j"ײ%3)*}yA5c#VuKp)^E -P LEf |gH\SǂU:#QyKD=->Pki', U]W1.%JVc?m?%nRILT1ԣ+~jq<4i -Tٴujc"Hu,'^LG3FK:(Hi*U.'⍳T8 /}P*5,IDd\` #ǰ+JT)j -xzb#P P1!?1(iP2bTOpoHGKrMMK>^W"j-J- R7EeQx@hPV>"*;1i,BBh{8+U c@(%.o4$Jo-;mY`H4XžZ嶘MQ\TzY%Mr;x€rǹI@sl @e]$wS&n_n}4(416D_S*bp̶԰|` H Uf/o -i]SeSZ T7`U}c"/B(u}t {X;Wpft -HؘTҭ(w=tG ouLiaӞN!>C}h\]w<)'b ;o?xi$ );ަ&>UkKr -]ob- ʹe@#GYp&&iۡ{ܹQm/'{/'^N^c'^0si>" w -*򅩏>&to3E#WDUq"qTL$Q5wDn}¬謱 OU|me7~ 6qH -qTȱNҐh<0σ `Vzw>ȱ^?1 d2Gׇ+jEݮd ϫf3{^%663 -ў6,mETH0FќEYMi|Gb jRTK׋9U1H.!>\9zU@Vkp|4Oa6 I5=8MaGѰ)*cy>O4Y"Mqy 8h_ޭ[|ːi@2Sz-OX Z(X\!,{v: ۢ.~rà қvBZȉzj/lP"Ƥ 4p˺@z"{2Y뻉F\s=81u] R.*.i|eYPw._%os"]p.rPǢ77#QЕSWJD[pnh3P9D";,TdB|9}I+` ߧc{0ըFvpK/X&0: 3gJTN3UJ;C?\gEUFFQ@6o +?! <ԥ -IVn釰N0%B8PJ)>,9|?3`u9=; P³ta`endstream +xZs6_314q#95sm(PJvܿv sL,bw[r?9bjR8l= gkL ?b<^tfIT2ߌxe"29~ ^~Ba8 ϯ޼$ϋo߼i̯}CWחo^\_H +hfo\ҤWW__<> 5ُ?˳Phų;Bf۳("?QtJMQ(T]LDqޖa[nJ)L +NSBsP#HLxF$PwsTܨБsŲqߕj/ lEIe6xX+:MIfc>:ʄ](-G_qZZ 15FHҔ\ނUiyW65R _4}GͻM`3 "u5{a\vCE[fݹT&xFnAsmfݮi;oץ횶\GL8ͧ؄ѓ0̄Rc>pAYŎudžԙ8[V44]і[CJJf#6L`D\QHVyAdbk"LC郐Ddʤ$ EeV4&2sᛦ^!g" , LvPF( r<} Mb2%*u}KݺtW呋t/߼ !P+2hw'Lw < ftr%{_]=>}FQZ3g t%`HKI|!VY6QyBuY9(A-WҤH^꠷Tp?["fVAS.#ėkwO勾!IB.ZF 55&h.Z<ɱS+ + r(D IH乧}rlO?)H4IOF(QƝ5D.@O+m9;͎ IYE윩/gߑ'R,^|αPYp~ +J_Hı8nlzdŔuŖ*En{@֏lvm'Sm Nxڿ{*NDCXf"Bzج-ɍ`+j&mwU,1jm$)D'hu{8P~>YћPzTDP^մRp[7=:Fww_܄(U-u\ +Ԇ46!|^N.(@x8 [I#w~S B%B^|'-('kv>qm{؃y +|p^H@ +"UeMHF*@dzC(kY>$2j9[Tmo)@u1ڏE\ #h}ڻv;cKkhkɕsԐ11˻ی`Q=`N'v. [G㫅 h.BByPmr:\sT N%{k'-j^nC^Jy$*#q{Hs$9ZIE>4^' z[-Ŷ˥\ +ͭƉI8s{ w@4dvxHRhļ&nzC)T=e Eq c+{_*/⑭|p< +v7ScN= {1Uw9cChÈß2RO!<>r`PzH1d)P%dlO\tzq6"h8#z^ݸsCC'/1|U VCղɠ1<։8;^±2WJ}\Ũ@CP(5L*%(6 E>Ns~:CP], L~;|{%._~>: oޝ_:U_o.aۺ"4hmDP DlZ?*2BE2TB +ynPIm6j#KDf#bP~| +1P2aNe_W-i$RHA8I Mv8?lǏOI/iG"J=̓n 'D'u2NH(ri멿T g:߆F__ӆt,*cu:詆Y#mendstream endobj -1629 0 obj << +1616 0 obj << /Type /Page -/Contents 1630 0 R -/Resources 1628 0 R +/Contents 1617 0 R +/Resources 1615 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1627 0 R +/Parent 1624 0 R >> endobj -1631 0 obj << -/D [1629 0 R /XYZ 56.6929 794.5015 null] +1618 0 obj << +/D [1616 0 R /XYZ 85.0394 794.5015 null] >> endobj -1632 0 obj << -/D [1629 0 R /XYZ 56.6929 703.0246 null] +1619 0 obj << +/D [1616 0 R /XYZ 85.0394 660.0058 null] >> endobj -1633 0 obj << -/D [1629 0 R /XYZ 56.6929 691.0694 null] +1620 0 obj << +/D [1616 0 R /XYZ 85.0394 648.0507 null] >> endobj -514 0 obj << -/D [1629 0 R /XYZ 56.6929 555.5354 null] +506 0 obj << +/D [1616 0 R /XYZ 85.0394 345.1443 null] >> endobj -1634 0 obj << -/D [1629 0 R /XYZ 56.6929 528.2309 null] +1621 0 obj << +/D [1616 0 R /XYZ 85.0394 320.442 null] >> endobj -1635 0 obj << -/D [1629 0 R /XYZ 56.6929 486.7584 null] +1622 0 obj << +/D [1616 0 R /XYZ 85.0394 134.8978 null] >> endobj -1636 0 obj << -/D [1629 0 R /XYZ 56.6929 474.8032 null] +1623 0 obj << +/D [1616 0 R /XYZ 85.0394 122.9426 null] >> endobj -518 0 obj << -/D [1629 0 R /XYZ 56.6929 306.0886 null] ->> endobj -1637 0 obj << -/D [1629 0 R /XYZ 56.6929 276.0992 null] ->> endobj -1638 0 obj << -/D [1629 0 R /XYZ 56.6929 186.806 null] ->> endobj -1639 0 obj << -/D [1629 0 R /XYZ 56.6929 174.8508 null] ->> endobj -1628 0 obj << +1615 0 obj << /Font << /F37 827 0 R /F23 762 0 R /F39 927 0 R /F41 969 0 R /F21 738 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1642 0 obj << -/Length 2430 +1627 0 obj << +/Length 2980 /Filter /FlateDecode >> stream -xڵYo8_1:Z}Zaql:e&{m'1Sۓ4%JzC()QfF*9Ӊ$25[o^1ϳL!ׯN%$y<[]dBa}tW+dP1~=;# ~N.O^qy<2Z]tyYNK5}! Қ`28jT, -YA!LcaC\]gs𛖏HOPR6b/[_V" 1|x2u"SFu)NFg7`8n:r(uN8V#rQXmb"X -xK}6F rM&:'QBAKTJ%ZpqEG5Bգ E0ARi -O I ќq a; Qi.[ܽ2@,5CPꌾmB/iljbfd9!‹Vact2f g"X ݻwp7OΏtz:O68/u[ ۓ忏zIN.Tګ53~y)  -H%XU5`]d6‚kBhfbdlƕ_B۵zpD@%t5de; -8KH waJJMGL`l ~s'W//DL6L^]K,8:zZ0A@5Q8@(hO ~I<6%3Sv##InQ4F5rG?&[ ZƄa+Tl~A_rQ " Ce N={kb㱝"=W=HvW^Muv"y]># }O=n$g ְ$P1S?ZoEex6P91endstream +x]s6ݿBL&N9L>mqJ>]L9N4 @`],R3 jfp^YaD`0C}}7&yv^Yf׫_Nq +;].7?AO~> Ǡ_\Oͫwo.~4M.i߯ur~ݓ<>ɯ +N)>P$FĘ8R?wh6,bS"S@|2H͎%rW)=ĺڅ2v‘dbӞ^k)2,^8M)XJg n84nH6N +bXKvnUCVeTtʞ\N2+벁 WX|.N&󫫖GkzM"T[,a].ll;ުhRMP[6U<+y-2UK&7@q,*pT|ڞl^-kwvmz\|df;w p.5h:˺+u=r?#wOv<05m?w{(5;^K[ kQDFc}Hi(}_n*Voʻ5#j⟇* աEpI*e +g6#i: +v)i>9Ό \Ax{q-_D/C8)QǜU`$yjS`Gz2{icN Ff&! yj>0 +Guq}#|S2R/?wH~Sofl7>}Yb0x+ +j|#,3eN1wnjUyTDL6hYliaw_0lVd ++ii$H]6x1Ftfj'HEB|^h&7gùl.c5mЉh˅~mYPp0BgY,.iUPj޹QϷ]܁c@ vaM22rW~,xwFGgDߤl-]+H +, +7ɫλw$LT4mXħ!x[*Q]h#e )7O 0r[- ɻ/Gg%`8 +( ,G믊yP$AD r-h?gp Pm~pٿjA뢺mۮشLBҦyú +&D3hƇ B 2p 4D)0zz zhbUT G +mSa&h K%R;ZI#p)@Jje-;Ff'$9xOF{%n|Ζp>iOׇ0NO{%ؼt` +J6q1W&#-\H7ų[i>S0_.~TޢH؆el K dlц2F=YozUwH|,jg~G0Cͭ6dX^pOGEÇS=|DϽWQ,SkBHCMTMpfM딆3 +L7uŀFm{H$6?\+zM++֬l6&zCeASl`v`hCmԹ}{6^6n"ZFLEGD$qfv78Jɉ ֥"ݶͲ̻bu$>4|8#-g4L`K 9uD4˲x({08RU7*tPRp4>Rho%][w "B6--nF&PM`[ : E n;F\h5|4D^Nl'4DVz/Ӌ TԼ*9,c ^TGyb$A Q8zRp٦Y:3ifڿPJ,1^>׍gQ$f:[O-7FYI8Oblܰa`2+yH%[+0[Ƥ|鐏*Ť7ziyՑ~fF$Β9d1=ec'C AgVI{?z^4ۻg3m-MFyeϫNXKe +)sY(gABPgXʸϰȥݳ@H@db8|=QC!GY*F 0h>mVJ$z0K1\pWLp=g6Lg`BN:U.UXI2bhn!1B?]Lī]kk&ë'="q0v_x(=5Xm3@|z==hJ]O WTXm^d!#U(?3嗸 ZxQ1/D`8Hd^0!H 9hhtq˹"cIX +OR@s((jΒ }C}2Z6tfv^m0^{{vqvT %j7$f.lOfhW5v ]CPʸm*YӫaAW>+XkӭwS8φ/}/ d>{!!N5"> endobj -1643 0 obj << -/D [1641 0 R /XYZ 85.0394 794.5015 null] +1628 0 obj << +/D [1626 0 R /XYZ 56.6929 794.5015 null] >> endobj -522 0 obj << -/D [1641 0 R /XYZ 85.0394 665.3048 null] +1629 0 obj << +/D [1626 0 R /XYZ 56.6929 660.0058 null] >> endobj -1644 0 obj << -/D [1641 0 R /XYZ 85.0394 642.5175 null] +1630 0 obj << +/D [1626 0 R /XYZ 56.6929 648.0507 null] >> endobj -526 0 obj << -/D [1641 0 R /XYZ 85.0394 578.7341 null] +510 0 obj << +/D [1626 0 R /XYZ 56.6929 560.3373 null] >> endobj -1645 0 obj << -/D [1641 0 R /XYZ 85.0394 552.6769 null] +1631 0 obj << +/D [1626 0 R /XYZ 56.6929 535.9977 null] >> endobj -530 0 obj << -/D [1641 0 R /XYZ 85.0394 507.9859 null] +1632 0 obj << +/D [1626 0 R /XYZ 56.6929 336.1431 null] >> endobj -1646 0 obj << -/D [1641 0 R /XYZ 85.0394 484.7183 null] +1633 0 obj << +/D [1626 0 R /XYZ 56.6929 324.188 null] >> endobj -534 0 obj << -/D [1641 0 R /XYZ 85.0394 297.8603 null] +514 0 obj << +/D [1626 0 R /XYZ 56.6929 188.6539 null] >> endobj -1647 0 obj << -/D [1641 0 R /XYZ 85.0394 271.7833 null] +1634 0 obj << +/D [1626 0 R /XYZ 56.6929 161.3494 null] +>> endobj +1635 0 obj << +/D [1626 0 R /XYZ 56.6929 119.8769 null] +>> endobj +1636 0 obj << +/D [1626 0 R /XYZ 56.6929 107.9217 null] +>> endobj +1625 0 obj << +/Font << /F37 827 0 R /F41 969 0 R /F23 762 0 R /F21 738 0 R /F39 927 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1639 0 obj << +/Length 2795 +/Filter /FlateDecode +>> +stream +x]oFݿB@f?\8&vEj恖(E*"7K4P*b?1K4*f&Bϖ3>gф(S8{~,ei,b0$bX^<1:OW_o^M,.}s~q~s~| +i c9]\9X|vD%By?g+3T=HS9۞EZ1)1ٻu {v딙"X,Hӧ Nu LQᡡKAG)?Z^L)gF,VbfR%*XlydpJ`U" e[|rYKߖM;k|+,\|]w/`]mܩxyXꌀuv([g+9|T+f~8Uvt$lDdJ6;cοpA@d)Ǡ>z IR#z뻃**8S@_AQxNIX'`3BXſ}h,iyDyڌǚ hBO'>>Wֻ䘊Ga*. +]62"Ś$0(!M(]J D}еT\ؖ_`S;-BQ0n(~M S[d96=Q *g׃jn`z1 '7/aB`]z}ǖ`(E +`eDRS<%,g#u]W~/ +jU v5)Gj #x}/$KSS(~ȨC2wӽ1A"X56:Gi%#\@k '$@4eǣgg(M`r+gjhS3R}y#`O4A h<ъ +ѕPs\YT"ȑd{%xsOxD0J^s{mp`ޭ"ٖ,tUMߪn/g) +q +*UTxYpqBWErT\ĭ8 +vh)hX`ƒg[@ZAճwA$vt&XAs]^|y#'W`)#hy.oPRH T  o郯Yl_6픤U~n;*({۠;:ʿs:kv@Y- ,V#=/4ڝH7sh3nyp^sz,ǓˋvmoO]'g>ԽшI.}E0uowi:#h,T@:;a\lx2hǪ_RN]Nx,{q^)YQvo}E`A8g<9nTCf8_" G3a^Ѿ0>EHcpe>LO0 2#!#MnP +{Zv$·E6r meQͪGh35x0 9NEϊ^A^jcI{AAtC_-%-Oa"5 Aib%)K$Pl0a7' 0qЯE)9OdF)⤚l2NR}L!0>!Aɘ<á_0~!x?*{+ }{2̰P$kOK8?|wv^iv:ڟIrv@&0WJ?u?9PT=z+R Ӊ4K$endstream +endobj +1638 0 obj << +/Type /Page +/Contents 1639 0 R +/Resources 1637 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1624 0 R >> endobj 1640 0 obj << -/Font << /F37 827 0 R /F23 762 0 R /F62 1100 0 R /F63 1103 0 R /F21 738 0 R /F11 1336 0 R /F41 969 0 R /F53 1062 0 R >> +/D [1638 0 R /XYZ 85.0394 794.5015 null] +>> endobj +518 0 obj << +/D [1638 0 R /XYZ 85.0394 647.5054 null] +>> endobj +1641 0 obj << +/D [1638 0 R /XYZ 85.0394 617.516 null] +>> endobj +1642 0 obj << +/D [1638 0 R /XYZ 85.0394 528.2228 null] +>> endobj +1643 0 obj << +/D [1638 0 R /XYZ 85.0394 516.2676 null] +>> endobj +522 0 obj << +/D [1638 0 R /XYZ 85.0394 321.585 null] +>> endobj +1644 0 obj << +/D [1638 0 R /XYZ 85.0394 297.1352 null] +>> endobj +526 0 obj << +/D [1638 0 R /XYZ 85.0394 227.8928 null] +>> endobj +1645 0 obj << +/D [1638 0 R /XYZ 85.0394 200.1731 null] +>> endobj +530 0 obj << +/D [1638 0 R /XYZ 85.0394 151.1547 null] +>> endobj +1646 0 obj << +/D [1638 0 R /XYZ 85.0394 126.2246 null] +>> endobj +1637 0 obj << +/Font << /F37 827 0 R /F23 762 0 R /F41 969 0 R /F21 738 0 R /F39 927 0 R /F62 1100 0 R /F63 1103 0 R /F11 1336 0 R /F53 1062 0 R >> /XObject << /Im2 1089 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1650 0 obj << -/Length 1593 +1649 0 obj << +/Length 2008 /Filter /FlateDecode >> stream -xڵXoH篰HH~ػv&$JH>8 4]0A\g~=y~̋$ O<$,&eY1miP^Bɥ޷bBy/ @oFӀGԿ^Dq]C: iYG縓rv3^3O7#.lp5}n1*_7(IyO@ K-za$H -vF3L.$g]q"8E$PJtÓ4B[렮eLx:hrE2P*W HEctOu% F/{JDDЈ0ܸ_HTJ?syb_O:p)gHB)/K*PPQC1?CP^o1NC.#IaY`k* T`X1}1ۦBضK.ΐ[h-7p rS֥8^ʗś@0bB~_Gh/f)"ܭgU'16Gw,hua%HFgUEj+\ 5 }S|H,J@[;+8Y 0ylzPQ)K(Rwڬ옘UgUn2.MZ]BDϼڋy= -Fj,kC5tY #;O\?d5L͐&e~w`1eЙipǤ?`wxNMI9mތC0)1pd,ɠFpz;OS8(' ;;LeswΞar3i|8 qF -3Sv -f0/qޙ?nn6wU/O:$Ҭ(աA !n wXWX%a+݂GU<8E0l0 r?PvYӾp9f4X" Bsu gWrv(zeI' 8&QƬI<+"Fa -1Κ1~X.P8a~Z"7Ee>pB3zR%pY[)?tP3˪*,o{Xw滊cnb."@4_2s߇ l9A#-uq6b]Y;Ue^M -"HM+V! DĺR//TD1P$Ec2qI½?]eRendstream +xڵXOs۸S:/:3f6QȂXT_=Y,}%$UiWp3{o,б&!n뱨HSy"9` r=T;~y/H`l +l ٧[&o[mg0EPiOcʘ2kG:>=2_6H +u <-Љ79HlK-d$3QDZ!wnB?s mQ(ddG% p&:{YΣ+qF[աP(?Q!d{}a̜csJBD 1+L?OzI ȔJtKf jC  }@T +-xgh;&O6sq{)UqK} lWљ6܇\CΤ 6ꅫO3f/ou쒚.1X@fF}2S[>\þ}8p5“OV9Nf ;ojYuu[8+A$Oza[UEd2{~#hsv:(aJ?(Seٳ>ް6>qb_m5,E~n &B/JV8MެD>ckTc26Ñwajoޫjn!ɿJY܂[LhM6!fb6 {q6Y_ w +)ߓQ 2 +$Z䇇]lNKVzHEە]j-r:sŴ7 +|p<9C7ICi\ixcCoNcRŸAnmz'\txža)j^}J[6L]7z^CD%qn$L Eendstream endobj -1649 0 obj << +1648 0 obj << /Type /Page -/Contents 1650 0 R -/Resources 1648 0 R +/Contents 1649 0 R +/Resources 1647 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1627 0 R +/Parent 1624 0 R +>> endobj +1650 0 obj << +/D [1648 0 R /XYZ 56.6929 794.5015 null] +>> endobj +534 0 obj << +/D [1648 0 R /XYZ 56.6929 645.1438 null] >> endobj 1651 0 obj << -/D [1649 0 R /XYZ 56.6929 794.5015 null] +/D [1648 0 R /XYZ 56.6929 617.8288 null] >> endobj 538 0 obj << -/D [1649 0 R /XYZ 56.6929 769.5949 null] +/D [1648 0 R /XYZ 56.6929 390.8337 null] >> endobj 1652 0 obj << -/D [1649 0 R /XYZ 56.6929 751.488 null] +/D [1648 0 R /XYZ 56.6929 367.3195 null] >> endobj 542 0 obj << -/D [1649 0 R /XYZ 56.6929 670.5492 null] +/D [1648 0 R /XYZ 56.6929 281.8762 null] >> endobj 1653 0 obj << -/D [1649 0 R /XYZ 56.6929 643.3882 null] +/D [1648 0 R /XYZ 56.6929 253.4771 null] >> endobj -1654 0 obj << -/D [1649 0 R /XYZ 56.6929 208.3873 null] ->> endobj -1655 0 obj << -/D [1649 0 R /XYZ 56.6929 196.4321 null] ->> endobj -1648 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F53 1062 0 R /F41 969 0 R >> +1647 0 obj << +/Font << /F37 827 0 R /F41 969 0 R /F23 762 0 R /F21 738 0 R /F53 1062 0 R /F62 1100 0 R /F63 1103 0 R >> +/XObject << /Im2 1089 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1658 0 obj << -/Length 3641 -/Filter /FlateDecode ->> -stream -xZYo~ׯЃ ~:F -ΐ!!g_j^$;} -}wuu_U<'ϓ0ښؚ 2<_;[p1(D*Klk6/!`_.*c;w) lU Hw7&:RwQ@`}O~̜&37"a3dž,҈Uܔi "jfqDj..YLEA,U2YLN3h7[&㋊+yV`l٥'FoJ˒Ni~\뉄GF1r,<:+~B准-[,n.fRm(Xno; d2: M6EnVٜ6 B.z:m}YQM7h3YKۗ IQH'OeTK%.e6gl3'@s\X[%7IJw9(gAR= -N7 )HbTqͨלHZ,sV*c#/5ޞܧEʜG;A6aPS]QG{b@:f6f3UC Tru [ ֋Q=cڎw\. =u1g%ˬ ҦS`ЍW-;=C':|A S{502 M믊g8(9\ө7fέ&[v5:2QGv: 'iܤNF5aD?lgK1o$1R~M ehE_B*Q0>%.m4̔AXжw1o W*5$Nj+2Z!Ew`%ƧTcp]M?g SSCQ Yqgۇ. 1t-#v>4 LЈ,,@ԇ&ԚAAWV9/.} -7y d3fR=@8P)uyf"y+†.źӶXe:k93OeQhFn0 1571rܡi鎕b׻J:$·>@>Ff̫5>S̑Wu P`< % -'[g

g8 -._,8+ R0 Jy"<ДnJ᱆|_6?7Rߎ$/՚G.ư̋({ YWcc<1[uZ Л/%߾&(yAlMb 0lOEu [d`3 \E6D/q,G$'H$•fB>]#>'qǺs$a(Q >^zL9'),O,5P#̣-"ni4DY~GHui!, txFatƹ*F~Ab)YV 7y[u3XN"D@/E54 u]p?GJx>4Bl!zJtB)}1bϻ b(@;x G?yA;-7B.p+b^ڧ@L*qVmp -3^0-1ţiV\keјZn\f2%;Ś*Hʖf:8]d`=,]?`L] *^Cٷ`lpm~]ZH=a6UtC^aXJ$~yUÆ|]6{*p6E" .YI2}ăzi}TVf-ۧ,SԠ~qv| &LPv˝B*aޘ+2IxCq 3f{@: -(J5^a^4罞'E9Ȏ45%jb`:oTnjf[)/\9lsuNH%>X DNN|Pqw̘[O9ԁ5B}''ǜdK*I:벅a -W'Kiۧ<6GK -U>ԇTYZnwW/(Ek[o6\2[C;(pT0RI&x&wSRfj;:G~]MSHȌ,1@@!ְ5o{l|OQG?Rp$5'_WMs۾͊uXY¯ ĸRjbH ޠað}B`/JL$#EMv|DKol|MOk"Yz^ Wɂv3W FmqqP3j`މ|eT`Nqe872 -l t?0j-kG#^Fխڋ.pʊ=d7'/iE}}'I'#ſJ9 -}[@;uhfԺ>V?[U[o.w/s$@|Ϟ]Vޛc9}I_YU9M'`n4.+l<],omŹ'ٸ> endobj -1659 0 obj << -/D [1657 0 R /XYZ 85.0394 794.5015 null] ->> endobj -546 0 obj << -/D [1657 0 R /XYZ 85.0394 380.2277 null] ->> endobj -1452 0 obj << -/D [1657 0 R /XYZ 85.0394 354.9387 null] ->> endobj -550 0 obj << -/D [1657 0 R /XYZ 85.0394 140.6073 null] ->> endobj -1660 0 obj << -/D [1657 0 R /XYZ 85.0394 107.5522 null] ->> endobj 1656 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F14 765 0 R /F41 969 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1663 0 obj << -/Length 2608 +/Length 2813 /Filter /FlateDecode >> stream -xZ_s6нɓ@ 93g;ssM( -8HU8vEJ6zd<2X,~2ZQ3 =@'ܵFnw'?]j-wx%K>>A6~yANDƷw*wwg1>_ot$~v}uqo7o/oίOxr~N;IBϓ` Bģ'xaZ'QqRܞ2ڮJ,ZbPkwsCs&jzjZU:7pķ?t ,xE4ax,|7 _t"P&*WuP&qDnqؓ0b!N(bbC8!BZR6e%5ZsCdfUUbAbGt?)tK١𘛧S-LXqxLG SJD t !7Si~2%<i0aR!{rAЇ6N!|~OrJuIthnHhNئA'~ Mcւz\7~FUh!H*uIi IDiCw%+RELO,f8ѺBJ'n#b1 &! -k#.x.RwVnO XS1sY=}EwAG -|3L3-j&x;j]`h*߰9% f68Ӈ}l :_!\˟_C+<,~wVmT4O5pK)RߡsG&}Q$+X _BvDJ( C^@0`u+w0& 9Zυe{͸߂݂c{u{fUQ0tB=aqyJ䧡4qw];S7N[yʛ!<͍@TQ 1{m2)]s's%Jfqi'}r6OTi%r*@3;*pl51 8vv(Vo-BVʡ;ڃv9y1.C!$kÈ -7Ctm+% 2mKù`g' ^b6]I CsBGI! gh/o\E>p.:H @"m@S'hVestW1ve/wE.*lkYB:kgtb-Nd`DS_-D%Zc9Q,G̽pJیC7\Rr Se޴|jr=W9^ X^rV3ÕQ?M6k\R;W ;A{P9Y1xrD πlCBi"Ӈ&UgS&Gm۶,1!x.>{a1llx:+w *n],ֺ v6דF[X.Kw7aR4j)5ݦ56+ia+!| L^=SQ1E6 YsLBF3WJ#|"LҺبlUAcs dhs8l*"$:i isEbHcB0&9W>}PVw9zu*WeRf[W0ΓRO ++q\"B`p~n's[L$YN,'a8P9dhm] )>|Ql_e<&-G4ˌlylIꦮAw˗(yi&fgzNQ4Yc9D򃹲+<AuPŎ,^F!BRQ1"P!P{PHN }a_.Hmxl):;5.[j R[<ueFz*hHG갹U$ ;y7k@z/q]b<2bϣl2,_ƎnR. ĉP?g#F(OÚ,{FPh*Xuj<@[TJ:or޸ JWC6ON "m]#&x^y! Vߙ_ +c]p":~ߚZa}1i`{H]p8b(^~xhx/D;/yԁ{p7tE0+6K-|bWKK1]nC:h(YP5S +cCog`Qoi[̋hM:9a0OweaQʃ` LJΙ?SL5ޡiy宫u*gQe *,@iZ}jSݑ<]~p(X)/W@@$mGn>l4M>nqY|=&r#HY+#W JBT]3+ 0F}d(u+Zl;tT'9\foj>F\&r.FC]@<7\Le㣁8~ \a(; +eOdpx9Y5Q%_U pG}:!twv3Ha30Qa&mkxM=`3vig8_­IqDF}`IB_0LV §Ehzx?WcRP1ABD\ 4!;T) >>B{U +=OZ8on!hLL>(u;3`_Erak >! . +[OzNƇ?_ۼұw=xD V< +&2,UKřQ `ULB_Ybrb-vBNo&xEiQ~w` +M!2?endstream endobj -1662 0 obj << +1655 0 obj << /Type /Page -/Contents 1663 0 R -/Resources 1661 0 R +/Contents 1656 0 R +/Resources 1654 0 R /MediaBox [0 0 595.2756 841.8898] -/Parent 1627 0 R -/Annots [ 1667 0 R ] +/Parent 1624 0 R >> endobj -1667 0 obj << +1657 0 obj << +/D [1655 0 R /XYZ 85.0394 794.5015 null] +>> endobj +1658 0 obj << +/D [1655 0 R /XYZ 85.0394 520.5289 null] +>> endobj +1659 0 obj << +/D [1655 0 R /XYZ 85.0394 508.5737 null] +>> endobj +1654 0 obj << +/Font << /F37 827 0 R /F41 969 0 R /F23 762 0 R /F21 738 0 R /F14 765 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1662 0 obj << +/Length 3175 +/Filter /FlateDecode +>> +stream +xZKs6WhO+WE ^<h$%Z05 4^ݍ0P:$JT2N 6y.3sfZo.~ I$ZêW8擇oSz`ӷ7˙2R7,Ib1}7<\Q-kH͇sg;!ՇwW?|q əDw6Y?_@&q8y xB2R\_;앚J,R >pN1|%BEFGG$x|,ea:}^rVU[.2ۥxEِ@oLj}`f.1^DQ$TL7r6[p/fcya-E@0 c٢BgwY37&]rL -!Q*Vo +4/e@C3Vj +Yt66o֐vz-r԰kZKX$GV5 uzXŮMELry##i4TYZLȡ2$Of2e,;0{ x$Ucf/t>X.-땣WkFm6 ꪴ[p3Y}`-U0C&r1.vwĴBHY) H%t4SHQ2. dv]m3֥# +BeWˏb?z'"~m&1Ƕ 0=,&]Av-~DBMN YGFBJѬE A7d Hp)6dv9dNHw SBjpI4/ 3AB<רxڢE'x듇Yne/Etu4RkQ% *. }h&;8ְmѯ Z$2[?1sۃxxJł,%H@kv#`O̽T0gDp掃Q14@?\cPC}&wtZ='A$DS 4+m044BҘ1'~#ƌA:3ʟaZҍ aa:bZx1OkSb4^E*٧E8$J?6+v'1lj<~Ix`YR:l6݁g5H:ibTOIs E깴+"3=t/ u`SM awwWDc|ž|{8|_p,jcfE?ҹ"{dNjrҏ,UE +*ɣ58ų m`QӧG8ȣbbP0=>a)$|%t's0mw;p8(^wQf {^ɭ=;MC=n`4 N84muǏ#=HƬ>u q5] aP69EtX?.pE3;EUgCXv. ʛ5AEs"7!0Uݾ* +$Omucy 1 ;M'+PwVi[4#KWr{\Rt÷Fx k)տҕ[ٻ +[2JLoK[׮;k-RqGE}60ț;ou>Ÿ2#{crAendstream +endobj +1661 0 obj << +/Type /Page +/Contents 1662 0 R +/Resources 1660 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1624 0 R +>> endobj +1663 0 obj << +/D [1661 0 R /XYZ 56.6929 794.5015 null] +>> endobj +546 0 obj << +/D [1661 0 R /XYZ 56.6929 769.5949 null] +>> endobj +1450 0 obj << +/D [1661 0 R /XYZ 56.6929 752.4085 null] +>> endobj +550 0 obj << +/D [1661 0 R /XYZ 56.6929 542.1781 null] +>> endobj +1664 0 obj << +/D [1661 0 R /XYZ 56.6929 510.0725 null] +>> endobj +1665 0 obj << +/D [1661 0 R /XYZ 56.6929 447.7453 null] +>> endobj +1666 0 obj << +/D [1661 0 R /XYZ 56.6929 435.7902 null] +>> endobj +1660 0 obj << +/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F41 969 0 R /F48 985 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1669 0 obj << +/Length 2603 +/Filter /FlateDecode +>> +stream +xZw6БzP @{J;un"+ݾmz$fW"UwR-ݧ`0fa@K8^W6E6d ݛOx>3mUԳiz떭8wGg@jhÃHbqǯw( F^xxv~6<<=%[ث#FW?GNFڋ\'MaN8S6ֽ;xLX+{P+CjKcMXF;Pjj2 Qt +3qPAur"d( m(`2њLh"a4ӔUReeMʁ7JC9l=bRyZ"!2`Dnڠ\EJgL&iYfc70Mo ZK7:K@;{Ȗ$&yΨ6Ifso)ӼyЭX`GN9tzۄq4}2!LMÝ'j-\U:*!z#-wck$Ď %to“ l@p}"3ϳ!BfC:c*^QX.ŭJqz^zUJ1mw󎵁"bVgo޼ٽ͌ +捍0 m :|YQcܨƌU< mRLK =|JzS5Ͼ~-W<iRȰxe +[cZd[dyOMF༘͊,PB߭|j +τTk܊.(d9ľ  b 0M> L|4-'l8XwQ6-jI"d^otv<#@{OQUoG-A+TI]^x%z,U6AJė"ڎ3+,t];A q#P@]c;Z +,Ilg^ŻUژr}U}!D DNF}mNI^{LHZw9c |Ї$FgkT[%ć=)m]Qa{(zhHRl +ܓM0hN qU;5ge3m2jѥ4N;^&eE#7~B9uv)%qwB53E| qQVU;Y@(e b Í*QHIªzIGѥռ( Vz\^B8nv 3`0%yy?3Rby#DFt7 XQhbZzu2RچΥy6t̛ʚtS w2}&ɖ%,2֣\f8&[tI)+ !tЌ| ɬ,HR3W涩EbS/GrSN + uâpw{) (gˮSWO|PV;M Lq6ǝawi&е{М' $&=[iJOO%?N#yOwqvjM55wJCsۓ4AEht8֬"i64\" +;:ٝ>t]v"~X'ub1ScϲD ="joNd9qOI0 +*YjZX=9?`7ۦ.b+惏miAmDOF1UW\MhY-WXA Vq{C*k j܀IH[f~zdqj+v5G|+C8Q"/;rvnϤzqJgK&)l)Px\D:dzD1hm’9!x¸gdO ː#aKƂV̏%f ;#&VgӼ61پU}Š:h'm9ZTꀆ #dfpydp(>U^bYQ1K`S ۲q -3ɻVY ٍ7..P1uR +H/<hzY VGxrX (1|̲&S0m7MT[:V +ޏp;m33a__;<,~$ۮ+1X2AĚوw~8*& +ΰuI\,ʲt I֊6#B; SWP REkHgգSps#azA5KP ~>_E^Ksuq)zDvѲChd5ʆiRF*$~ϓy6UBt[mުivTBLhQW)?) ]^4XySG p۵cF4k$o1ʿAtaW W&@8~*耲&AHrdMnx3xM`?-ذ+AU)nL>~7.Dv9SB u|.7?i #cd,zJµc0/3VBGiendstream +endobj +1668 0 obj << +/Type /Page +/Contents 1669 0 R +/Resources 1667 0 R +/MediaBox [0 0 595.2756 841.8898] +/Parent 1676 0 R +/Annots [ 1671 0 R ] +>> endobj +1671 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [55.6967 323.7477 116.8967 335.1398] +/Rect [84.0431 732.5838 145.2431 743.9759] /Subtype /Link /A << /S /GoTo /D (statschannels) >> >> endobj -1664 0 obj << -/D [1662 0 R /XYZ 56.6929 794.5015 null] ->> endobj -1665 0 obj << -/D [1662 0 R /XYZ 56.6929 756.8229 null] ->> endobj -1666 0 obj << -/D [1662 0 R /XYZ 56.6929 744.8677 null] +1670 0 obj << +/D [1668 0 R /XYZ 85.0394 794.5015 null] >> endobj 554 0 obj << -/D [1662 0 R /XYZ 56.6929 301.7233 null] +/D [1668 0 R /XYZ 85.0394 718.3947 null] >> endobj 1329 0 obj << -/D [1662 0 R /XYZ 56.6929 273.8361 null] ->> endobj -1661 0 obj << -/Font << /F37 827 0 R /F23 762 0 R /F21 738 0 R /F48 985 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -1670 0 obj << -/Length 2863 -/Filter /FlateDecode ->> -stream -x[s6_Gj&Ľ9ݺ:2TIʮﯿ(Y2-[h^]\e|: e0xpdLġp}'y=p=c@w -+_'A J^(aD*ANO> ;6Дx5_M6;R61Jau\gUM+V봬0言F\#t\&wp$nِ!˿!ofie,y\flvk- aQYYVVOJEMxz[$֍(;;6;' a4̊7[s*|,on,S Az8L\<{Nƚ1ŏHf1|sdR/w|]Ј7KTћe>;]36)y^EQU+;T3˶!΋$z%`>XIk;FWF&e#|Lp$ϰe^nAq?b@L)<Ζg8 s6SgIPa;il9 yHSW-o_?ݎEfkV#1Դ,jQspJu8:dBH|5˼Z.EYc*Xc Bmy^p${fRar}Av#њ-$/RMxޯsYO PFy0 -Cګg3njC'?!%KtY}.韰 -_^^EU}|#`-!ݧ+IYg:3]IEu4IĴ]*$ףhd=)@m -~,[ƺz}v -y yO+V" UsݳSD!ɼ^~,?70q˙s3[Q!̓=ܷ4ư+ڬy^Xx>K{ֳYcr./=u0$N汝'օ!:8 *vjaԶ\;\ * f ٌ$HX)} -< LlY,4 ĖUsoJiDHn0)qo\FF ]%k@EêA8: P9,y;vv||Tי@^Ds?[h>ii@wmdKtu'=Ec&)2'=@j޶{jV[vDZivwl;&q L˦vhaj]g0W-צݗ%x-uSl+S}n5z{~Z 7oJ2mѐ-9lrmg$r^rwe!Mpyh_]?.R>8ʷpendstream -endobj -1669 0 obj << -/Type /Page -/Contents 1670 0 R -/Resources 1668 0 R -/MediaBox [0 0 595.2756 841.8898] -/Parent 1676 0 R ->> endobj -1671 0 obj << -/D [1669 0 R /XYZ 85.0394 794.5015 null] +/D [1668 0 R /XYZ 85.0394 695.4159 null] >> endobj 558 0 obj << -/D [1669 0 R /XYZ 85.0394 769.5949 null] +/D [1668 0 R /XYZ 85.0394 492.5344 null] >> endobj 1672 0 obj << -/D [1669 0 R /XYZ 85.0394 752.4085 null] +/D [1668 0 R /XYZ 85.0394 467.9557 null] >> endobj 562 0 obj << -/D [1669 0 R /XYZ 85.0394 644.9651 null] +/D [1668 0 R /XYZ 85.0394 360.5123 null] >> endobj 1673 0 obj << -/D [1669 0 R /XYZ 85.0394 622.6539 null] +/D [1668 0 R /XYZ 85.0394 338.2011 null] >> endobj 1674 0 obj << -/D [1669 0 R /XYZ 85.0394 622.6539 null] +/D [1668 0 R /XYZ 85.0394 338.2011 null] >> endobj 1675 0 obj << -/D [1669 0 R /XYZ 85.0394 610.6987 null] +/D [1668 0 R /XYZ 85.0394 326.2459 null] >> endobj -1668 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F39 927 0 R >> +1667 0 obj << +/Font << /F37 827 0 R /F23 762 0 R /F21 738 0 R /F39 927 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1679 0 obj << -/Length 2511 +/Length 2927 /Filter /FlateDecode >> stream -x͛Ys8+HW }s|xjc'g*5-1g%R);_ dQd;UTE 4h2DP3R#MGx|D2a](K}=S#rt{ﵥ֚nqt -ՙ984FOcWJz]NUUW.{|~q>>:=?ףf fVoGGSG1 0" gΙ}nޖUq p[nHr^JcТT1ayěaF0H2y|>[fEGnvkf#tە"ne9ʳԽ/fQ6매xhk85Hc2K`yp,B+sZM51->(AYu1vC0GiU5[I[nT8c;2Y%Dz}l#Ew٪xiSPa`)d0){:rg_asnHA3aRT7[ J"[@l,_d,u9%t9{[M'2Aj Viav߅1V;]ym -%e&mVdbK4$,CcEV˸\YS*E42/ &t[}٭ `$V¦4d]V{WU`s@B-tpaXʛ]f:r1{L=߼&}ʲSjQ%˪'mJ۔sX%#( SrfU gOaLӸI(U:wOz.A(Ԋt*@? -v{[DAZH  svы)[J'$Ij9 -Fלxx<{_2qVZc$:`$NL'c<KOMHAPL:ZT@'6>nmsV$ң!~Z[:{O$D#q*vZ Q3j"Z!f^&&[G7 7pt ~ܸP󶇷l0a[*iZ 0+U;,x}J5YbOɵ-@yb PzJg==*zN,5tz`8碇]oR#N;-DO!C0Qp0ߢ{B2DMIDNXyg/y/ݶst{=ߗ#yWT¶`dМW>9ԓ@h+`CVC‘(wJ~?O!I1ܓ/q u6q;'׀/5)z2, c</׀Ϟߔ=jj/m+|]ϓk`1qTAڨ5|h\" nR斠eX0" b -2rwȌ(X /dƪ8γc=F,0]A?2̈D4Yj& 7Cd]Yn,0GsYIRl\)|w-BOP熒PC<<'܀ âJ+mpwV8*ŽkѠ'ꀁb,p % V]4@a@[zF4qǓ+:qWJ6֥"c7_ \~iy0ֆzPu?NO~+|9,萗xq\cl*O(8-X ;/yڿm ->fܧFoషL6<Zpxendstream +x[[sH~Q +}۳ٚڙyAN4 HŽD!)WV_O~I?ICMO&7g鄄9fR?L 2CFXkһH)쀓WONnNOwWwWnOh|ǻ%',ps}yo͵\\^ .?\u]{3Kד?½Ѣ/chorC3OnO>Fnihk ++%[G`864Bbrj_;R1m@IF0H2>Ϸ0*` + j8γ2Ϫ>3&)ONj>icS?G}CzJ:W~$A{>'!;Y+O_ۤz^j7`p3/Y1fOy%̯NgiUB%4@=e2 o`[â\3 +up nAj#@נa1֖$+Ń<y1|cVVy1Es"XP’/߲YQJ]4!yl[eX+ʼN1 ]oDxAah|OJ#,AZH |]>41!_XSV?eb#"&Z!IkCVx +ضYv$lz010j +z0*ĵrePLØ1x!3L >[6+6 EFaV[e'U =N=iCkZ(S%,^Y,ie=;e Nv!Y%\%d>5f/W ۂ wu w + *Zp $qLR#~3c:>wjCB&J-{ +&`7ciaRb-؛ g6r{>aZ[fS&t#^hZ4Y̻;υ57Fy_1_ }˫:~otJgPrFNBch4 +[YQ8*5չD6 ,U%;:Ut3Gmz-]۪Q6H.S_2RJ9jߡfJ^voP-.a= Z򽊲͊MnjxG5Y#lS݂wA5̿m}xCuZR &t7+o8F|r6aı-4ξE/"0iFU +)l4 IimMZ{ +7oi=~Ws;hW'5Om47m{svv6h_ Zw0pY'ʬ5:XdeհgMM%R땨EWż^5 K0?X~ F ֕w}߭/!|ARbm7K@ (xd К_Nv3Dq `qC0p]펀yǔ-l#YS*E0)3B61[``pCq`$oFh 9ea# a~ `{@Z亨µ74QpB5'qw6?oާ>>#Cb2K>wyro]~sMʚ[ڄ SL9ICae\YglRͥ+V]N#I#HۘK[`+P&D IX(w B)6"y*cqU: XԀgGbs%kAj[ )-U9-j߸EA8C$9$nӴ:tNY;Ylŋlɱ,,2lxx9 zn CWuRN/juv6ۄgLۭ#85AdAl u\ώ#XnrAM@Z<* +%(+\|̈7jM yxɗ}9/zۊhDFBh؎ /`a)=eo7+akSƐZq^(~ao>޻7%R>},2z\ [%H'Wyk .D;#RX%] 5dP"m8s<&U҈kWbCD>]ޟ 8Os +GM0tڟdU~hR(!2ដa|DMj/'[NQz ` +A| bDށHQmW&5poOnXqM?!v/k!2IYkrbendstream endobj 1678 0 obj << /Type /Page @@ -7482,7 +7462,7 @@ endobj 1681 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[1 0 0] -/Rect [305.1296 684.0956 384.9596 696.1552] +/Rect [305.1296 409.1267 384.9596 421.1864] /Subtype /Link /A << /S /GoTo /D (clients-per-query) >> >> endobj @@ -7490,115 +7470,113 @@ endobj /D [1678 0 R /XYZ 56.6929 794.5015 null] >> endobj 566 0 obj << -/D [1678 0 R /XYZ 56.6929 447.7394 null] +/D [1678 0 R /XYZ 56.6929 172.7706 null] >> endobj 1682 0 obj << -/D [1678 0 R /XYZ 56.6929 422.6188 null] +/D [1678 0 R /XYZ 56.6929 147.65 null] >> endobj 1683 0 obj << -/D [1678 0 R /XYZ 56.6929 422.6188 null] +/D [1678 0 R /XYZ 56.6929 147.65 null] >> endobj 1684 0 obj << -/D [1678 0 R /XYZ 56.6929 410.6637 null] ->> endobj -570 0 obj << -/D [1678 0 R /XYZ 56.6929 197.6003 null] ->> endobj -1685 0 obj << -/D [1678 0 R /XYZ 56.6929 172.4796 null] ->> endobj -1686 0 obj << -/D [1678 0 R /XYZ 56.6929 172.4796 null] ->> endobj -1687 0 obj << -/D [1678 0 R /XYZ 56.6929 160.5245 null] +/D [1678 0 R /XYZ 56.6929 135.6948 null] >> endobj 1677 0 obj << /Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F39 927 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1691 0 obj << -/Length 3511 +1688 0 obj << +/Length 3081 /Filter /FlateDecode >> stream -x\mo8_o,)t^&AF-fDJJj7%r Y6ĊPaXIej0'}uaѻsaX`tЊ c6MNx49*M/.O]u?'W~htqu隯Ϯ.OΎˀ{3A~ѯGgIFxac5xJ|0;J%[G7GjhhRƀ7T*>´1bڜuh) -RPPL#)XIi60-pOgE8J X L0XYlam9SXzKiN&J¤Pp. Ta`pJINi6) =Oi?O(*]|sw@c,wP(v"GtcI}J)1 -d,YA%2j~h;հyfM -ã}꾁0ܸӟ[<^ǜIh4*PQO7vXMjbtO"ݘWv:ن7>&{Hұuα $HcUꛉpŢk򊺥$R|e7׌:60N`O1 Z\b̊M"}VfZ1&l eR*eDN+o~ɸEVyt6_nߍu~MӆlMF+jt/,V8-߇c{-[h=E)DR)zPՂXK-.zՍ@&4 - `EII!p}\K7*>Cu"r.l'"߬J - -ލT66%8瓕WeQ5ŲEtt-V/ -؂K<3<&+ق{S??/8<?Os<.#a9]BPFWylV^>ˡa¬ }J%qA׎?4 :{wKu.U<^q,[&zLX|  -$* -L+k[+eX-_dnUǡ1q* t*=O!t~ |+>.>ĮPOoH6YP|PſU$FiVo_>,,=* H*b', -؍D -7٨Zlbkz%8tUL߻$˛C2&N%YdlgR9%]~B7NN -A s'$J Eϧ1QF5/O/HA(U.,1PB>)F,Dk!iݥ}4\,5DY"R"0HÉsP߮1D)TDJ0O]U>= Ou r|qKOO9x^v3 w)8ü%`ա`RE{8O~jV -.r7U,,3`hҍ9AN,J -ѧ,ksʌ8Ú0T{2^01u@,a6V 5a9dce\`ik<~a&-E;+9m(+"\ vgBYgmіviD -bXP@1A|Ȩ F -hHp -&GjvumV}:(S=4cRm|LӼA$K.A90$!XnBٰƏu*Wa!rAE'OW%Ky,M4-)nq Dc85aHxV3o@E4c<>Y6fe:gܕi똬%JᘒϨjU0Yl^x" nc 4q߭5!B1\vm~88YTi= C +s0ukP#(160&F&h8@`Bo -EƋcFB_ݕfra QtQv44gnB'e@5-imkwou.<<#Q^oِNGxbأkuIb3ZYaUKVFl{tҽ*#2}{ډCgYTϳ]TAStB\i1K2 ʂQkx~X]ȌʍI|1MܪϫeMR&=FqfQѬU؃AU͕=x?c]45n}8 iԲ]z'NtNjCVqy&/ z=Nv3W[}lZs vDG:wi0rypE(FӖu,,ӧ'mL" &Uy@`Fx/U4䐑 n[-Z@B 8h8obifhpn$-!ޟύ[,ɂK[Ti{gٙ[<:3T`,MkX`|,Vis4(ƍuC3O]d>fî4c\8$/=HC(Ws6 -嵟l8Z_Z1<*>jKb]i jmo@ac{9 څNPi~}PuT]xWO߀|%:b|7'qdLZfG~Oe -c'9WWY>mNmXVXaEv]$ mLr}UR"t|8޲Ը&:6y7ZQj;riĄ0+봥#r*C`7[AwH -J{?L;viJ(T |\̚q#nTee3YEP,r!:.DgQux ڻ%4V`kQ}rj}^'\ɍ<䷫t+iUhV>s/B*EZ@GKl WѩyLV_uhKtBww2<u6hu3û/Xf4\|{#LZPk`2-🫟'ף!W4r4k|K#]\>\_ˀBwd6JɢLf{sǏCKKy~\XvcTx?j Xƴo|1ziµ=iUZnw _ic'J"(x5&E ,8+_^H^Y% 'B"Nj@zpy*00/.>janf0YƳoZA5/ W|Gݚ:ƒWӀ<#r(>)K32.ӢLD|WY,p(A<; +N  3T"Maʅ )ye8Yǣ_&*#5uGbL4϶TBXVz>a5ъhK.sm} bǕ:߼>u +DAS=0wZp{T|h̝JFL/~R{>gE%6htzIa4I_:|Tfق 2m{$rM}hfXL)F~x !U4p/lՑBPIbD}GͥR폠h#{C?荛@fP ^w-!JoG?]ÚJo~ם/d\׳8ρ=A,|JYDMd,`×,+Q1dlS4 ﺯ?ލaKN6\վg-PA2g:vhzQUJjF EX )W76z95<%̅wUea),gS4lm~SrvUM9_4˓'rlv#6_5.|!9^de#T9/6A.=TL/;͒)Y2ß,zQT?clUV6 (RP׈4&OiZ`3"f4Vlx=6ٯj4>[>yZY}exޓY4yZZXA\2 U6AWJQ}Ata5dn'#۷lr/6K8.I#=HCռJtcp3|j}l7c\3yY5ٓ \=t[אاYU[7M^65J'p~*t4RC]c?JjT8Χ_ o3NjD`b0'}uf|뮞^\mo?s7P.- zbe8K^oϪDukg.2vĸc~r=N\LB.! 3*[@HUy,}}hmՄ7 +|$6㦩0BF}*c@5m:uC}L^0 +\CL.z +"(e['8d\5K !ʡIHx}A.| F Mb}V%/M3Lf+@05r% 1}JkHNfrǝ5]!t$1Yku8dZ6JETU҄yZEYAዸk< >@*J}ktet18\Uf[ u9![uvqVeqT>6}jkcH?[`Lmj$ni4XgwȆkÐ[f!Ypo:ԄY)whFPBvڔ) !]2P rF{Bq{ĕ\.w!fS\XFcڧoVbp&iC!Fo8my#£lxCmv֭/קHq?5I.&MZ\W5A4' ~pkÐdp4C?e%Y :l7ūTt|U@Tgv. 4DKv[3@QbNjpÀb1PVhVOAx z|n +*|߭JO "/I +*^gs>e$̦6zPe&XoÐd9ڑCiT+-gbe},FflS:OVDSϰ,==+4qR7N|aݵN _-!d0Ǎ95aH _[#W]ru@ D2v0 dYm]&;+8uԇ6k_+,zX'~v.N Q6DK`v)Bh!B1\v]N$\l]Pb3giÿ;9'i~ x;:xQgnwͻ4DU)? bso'=YPendstream endobj -1690 0 obj << +1687 0 obj << /Type /Page -/Contents 1691 0 R -/Resources 1689 0 R +/Contents 1688 0 R +/Resources 1686 0 R /MediaBox [0 0 595.2756 841.8898] /Parent 1676 0 R >> endobj -1692 0 obj << -/D [1690 0 R /XYZ 85.0394 794.5015 null] ->> endobj -574 0 obj << -/D [1690 0 R /XYZ 85.0394 328.1878 null] ->> endobj -1693 0 obj << -/D [1690 0 R /XYZ 85.0394 303.0671 null] ->> endobj -1694 0 obj << -/D [1690 0 R /XYZ 85.0394 246.6387 null] ->> endobj -1695 0 obj << -/D [1690 0 R /XYZ 85.0394 234.6836 null] ->> endobj 1689 0 obj << -/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F11 1336 0 R /F39 927 0 R >> +/D [1687 0 R /XYZ 85.0394 794.5015 null] +>> endobj +570 0 obj << +/D [1687 0 R /XYZ 85.0394 627.067 null] +>> endobj +1690 0 obj << +/D [1687 0 R /XYZ 85.0394 601.9463 null] +>> endobj +1691 0 obj << +/D [1687 0 R /XYZ 85.0394 601.9463 null] +>> endobj +1692 0 obj << +/D [1687 0 R /XYZ 85.0394 589.9912 null] +>> endobj +1686 0 obj << +/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F39 927 0 R >> /ProcSet [ /PDF /Text ] >> endobj -1698 0 obj << -/Length 1351 +1695 0 obj << +/Length 2375 /Filter /FlateDecode >> stream -xڽXmo6_60| i]iI9k1w)rd{Y!MJwϽ8$G"!TGJs$0Q8={7"8DY^]2i%. $$Z,%hꭞTbXnIuB__/sAtu9{e|r|zu1|[|MK̬G_h w0ˆDD;`D g}݌>w!qL04`ꗔ!m+ ֈās5@@/Sgrrm6iE /r0+Em6tV:&j]q.n᮴ Es{P -};Vhy7$T!&I Bp2 Z54ϱ1HSX H ?ADb>sTLdM枦|.ߙN -vo}++d/oXXe1POҷ?}.>^Ug>J #sds_dUm{FauPݩ"5b -SWgUhd˔%^=NIBuTU$&G\櫼c .l U^$H0U CLF,ǔ# o~,+[)dB UuBLI[ +~H=ng\8TveKHS-R. BI>V\SJov.7M~UJ03+]i^0M`hHޖMĖ F}&' - Nokx@O}MjYvڤP^pSt8Jv'\yуu< :TS/w/7P7Ӛd@oD xθ =pOCNd2C >G,xV1N`վmCva:9^]qQ I ֺ]Yଭ!i5t[pEӎ'h<6.vmZTö׿_>wOkmAZëj`> 2yS$w"+mmQ`6d3syNxE5}>ԩl43cb)lS6qnoMUCGraΑ#CqGvƑuu5/ڂ(qe5g'M"!%@zM0|3?BYl@wS#U=`X4jGmb& Uze}sJbD [+endstream +xZoH;кɮ$M\AF8ZvGl'[3)GzB"i)ÑD +~:!f)szIeo|kMzo}8:qtɜxt3 oNhj|vd2? Ç磟\/'gf" fvM``Č'C{'\0$8cs0yv*`DZKk (kF?A]Ub9zt̖e,:(Z͖Ţ,{ʑ;1v>]8%_I;tVLX yQa/6?T @#sw Dc5yW[fĚ| [S7 !:vO[!ŔJi+D'\Kgq2+ +H:UPyjX?M:l RJDPUA]u9)7` #>ԍC5YM ;a%hf_HQUiTξ4K" +<|8Lcp6Y*u( â-sS3ug.:\XEԿ\;8|+/˲YtrއwSL'h3l=>+3j#ߨ8qx8j,j 2z5)< pzR  +"O7491vZƏj^a[XUl,hdTd!uL%Ħ煬@٭'۬f$f;6~ v0s}S.,Q.KT]]َߖv]+2oᴪ-nnL$YW0Z{o,j[c9|[X"x,#GpΐX?f4X,|wv2%@&ARP6;haJsp)j{,xbvZ,űL%_dثTHЇܞ"c1q~fzhssfp>>>9a>p]MpWwԧ*V׌_V߄"P4Uwevj䓶Ho{^6N>n}SxI,?D@e@ªݾjRیڎk48d&Vsm9-:O2lu2m5ViFc9DCRnZ6:S3J}S{:j?r/YT M#d20%XvYKԴTWypS(~ 4(f{Tq6ڿm+V'6lؚE^m +- +-b`ݻ aV5 [zcBF@GA62|Ƿ hRqHݍʃPI:䶚K n 3.S(T\7{yU,jۭIr}oS=TNϛ2]Y 2#QTB\%zg*d$PQdr/MD/5uHmAOKU6F\;aw؃Ih^ LܪMykLvQHS+-CwQ!io'fbt)ŸEI{> endobj +1696 0 obj << +/D [1694 0 R /XYZ 56.6929 794.5015 null] +>> endobj +574 0 obj << +/D [1694 0 R /XYZ 56.6929 769.5949 null] +>> endobj +1697 0 obj << +/D [1694 0 R /XYZ 56.6929 752.4444 null] +>> endobj +1698 0 obj << +/D [1694 0 R /XYZ 56.6929 696.016 null] +>> endobj 1699 0 obj << -/D [1697 0 R /XYZ 56.6929 794.5015 null] +/D [1694 0 R /XYZ 56.6929 684.0608 null] >> endobj 578 0 obj << -/D [1697 0 R /XYZ 56.6929 665.5626 null] +/D [1694 0 R /XYZ 56.6929 401.8966 null] >> endobj 1703 0 obj << -/D [1697 0 R /XYZ 56.6929 637.9713 null] +/D [1694 0 R /XYZ 56.6929 374.3052 null] >> endobj -1696 0 obj << -/Font << /F37 827 0 R /F11 1336 0 R /F21 738 0 R /F23 762 0 R /F67 1702 0 R /F39 927 0 R >> +1693 0 obj << +/Font << /F37 827 0 R /F21 738 0 R /F23 762 0 R /F11 1336 0 R /F39 927 0 R /F67 1702 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1706 0 obj << @@ -7694,7 +7672,7 @@ endobj 602 0 obj << /D [1711 0 R /XYZ 56.6929 184.6919 null] >> endobj -1384 0 obj << +1383 0 obj << /D [1711 0 R /XYZ 56.6929 151.8489 null] >> endobj 1710 0 obj << @@ -9030,19 +9008,20 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 2036 0 obj << -/Length 2531 +/Length 2526 /Filter /FlateDecode >> stream -xڵMsۺ_*τ >͉/ZʴiMB6T\w(t:otX.{):!drI:#pF-琼._}>pzq{;ǹ#p闋q\Ň⏳٢{J_gI\b /ħR,n8%5GGBxF4>`!}G̩.NYY*rS^~W8p^꼣obB;4XaEAj4yU{SUY:i$e<;(fCzZjrZ -t":}|ZN_oTT1 :UyRK%e=܉hHqIMTiUwaAALA[='lN|@ rzN+ԯѴ6hXHsr6wwunO(E`nޯl@1q~PM}YzegH5 -*5l7[tn*=K m^d; Ffjj Uul9e -ߒ,Jkn{K -'l-m#h Buq8RP)NX>NFAgAhXk|kaݑhVdp8 ֍&}D@(Mg?Ui!mc@@⾑l!ʭ!U^>z$ݘxVm[@$OQ4 ]¤kB2QF7$xXe(U'a -$cV`=l5XZٌPfWRl-X-Y4Z=@iBg ;厏y/\W C62xchz9kx4K; d"WFOw˂2=Q Ve4Q#T.ƻ][R+3jUyYq4\{FSvtgM sLy*i*6V"%>EF& djlږFkiFJGL W*V3gMB#lj-o[ 7 P׺[Cͣ@Q /WG)Уm7rd>wկ8ђ~Iٶ5IckL5՚dG|*}r -^Vk)"o^Q]5dw'ުQh9V>XZ'#:'Е&1 AmuVl`(Fj>Y B(fH c^Kp}- -U񶩠iRVWi{ “PuaWhb1-/,!qieoX0+3ft/M}yIjEf[kɘ)ҩ.<4¤cPM[YeE{rh[݆ZU{]it@ƙ},n^ubhd%Moi2aaUtx23kR(4MM@<>.Z5"[/ ^Oyc6\,BlZGx_ 4endstream +xڵKsۼ_*τ IJ/Zʴi-B6T\w%F.bK %H TL32ygxb]~ϣebա$d~(|>{}}{ws8˫{L8~zn%^|.8-ku'p?Έe,&B|*%}pV]stT!lD#Nh6*gqĜJnUޓzYmuܫ\x\A +@w XLA(P]b4:F?B3 ԗB0˒~,elX_rSe(QIҎ(E5аQN. \5TD;) 7Fp{ġ"^2B|[$(Y 2B!!Mj\*U CjW4YIUPxHϑwv*B4XCqu*OA! t5BM:x\ +Km{O O'/ͶjYۗ1 :UqRKe3܉hHqImY2}QF$DAș{NXjd ]~_im,hXHsr6wwunN(E`nޯl@1q~PuuYzegHՏ +*4l7[eS?&#}Ƨ%),O[ Bfrj rr %>SY*̖NaO`/ Z.Fq̥Sĝ1 }:r5ςжU6j +#tY(:DzWJ#b6獜Bi:[) i˘ (#5g Qf q#~jۚ"o|Vw=5MZ@&Xҕ2 +)$B5(Cz8 jr(XZ'#:'Е&1 AgM֪`(Fj>Y B(H c^Kp}- +U.e$ϭ*%)5'"C:\c/,!qieoX0+3ftol՞241<]Ͷ$mɘ)ҩ.<4¤cPM[YeE{rh[݆ZU{gˬ#3{,n^ubut4؇*s{:XGa5)&^B e Gi'ܼ`*5tkrsFg\.`練j/\KawP̓B~fSndu.͇`(A'eN8A4X 'h+@$!w/q4:5` &a<ÑMm2Ci{ 8A&^8\ P׉%}oymlQ)CZ?f9Ǽg4)_LI̤OFyY U74c.s08f#n氌'sM V/X?QKP4(.zXr+_[BaGP6#h$wD@r̄2Fz+:a/k9#H͒[ΦKvi?%Mk@ΘC `}/Ͱzq ~nRU2 '147mEhy{_;}Yֽ9r  א:L(?poZhE a0n62hڙB6|xvC2n]ƒ>Ģq&̮TߵHl.ԫv;j$hrW#>[f bCZ.@,3Q״)XT-__+\[?Jjg<<8nVpl{@@~YraWqoTb^(z|Ki>z㘍;[)cc1ޗ <endstream endobj 2035 0 obj << /Type /Page @@ -9147,7 +9126,7 @@ endobj 682 0 obj << /D [2049 0 R /XYZ 56.6929 400.8314 null] >> endobj -1587 0 obj << +1585 0 obj << /D [2049 0 R /XYZ 56.6929 362.2079 null] >> endobj 2055 0 obj << @@ -9164,26 +9143,20 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 2060 0 obj << -/Length 3183 +/Length 3184 /Filter /FlateDecode >> stream -xڥr8p<>fON=ّ9PlF"&ۍnP$E)-l4ЍF?!s<5YtdQh4͙8gi&hҥz7;{Nγ0U|>{앆"Ml{p/&ʈ]x11B/?_BO -.?\O/&2KMDb\O'w_>\_1z֊] -2?N5v"Y7gѡ톝YtLFIU2 %ϥ 3cTO& cSç$"(f*QD.geg[؀76y1Tb}(/){!1ǵ -h%;yCnx2mA}"fdvO:2 5nmׯDSƯD4e(:D)TT넖ʹ|N! kT P%I48s&M[6H>y0 F`921L&Q&03bU i݂U?:L}#ǰR -(*sفy.o7P"J £̌qOcT) FL7Y>.[g(=SHr|n 7z$BHY(3Lcч$罄!9Ib##AٖR)dGJ%"@.ќw2 !GwuQ>T$0S4/yTqqJ`h\x*XA%e.7I`:9^7v=li.q j> Zr,m>_n*"D&" >q+U6XɶV.M8AW<ܗŔ``>vE"9"㆒ |by'hkY1̇Qg.o̶֫ۇA&w;nLw2Vz*glׄ&ʲ,=^"4Z>':jio$rR7k۾J ڪ]㗸]ѰM̛/Td;f־QU Esk/j$[ANA,i -ֻn cp 2 -0KrMxuS%}St,0]i-}m2+,G }s/:闈|k_6My?!"pEBMfF865X/#'+H"lk;|[hA@v_WXW?U*a h_]azݒjh@dcDxh_=b AIL(M)-B ٗ\e9-i0ԆjݸEU6yAdoQWLʿe#j",~RP혔;F⯒OB!T ˠ -S8iZ 6=>;/BPMOZQ]N%$=J.5xpYm}h.c2EioRGr_BGZn&M`f0ؘā-f,|ڼw.u}. T.$˶?d9VX>@\ ؖ} jDf!546 E04es\١:NO94`%>k}ZjD+ A>Mݏ("^:IWAuP.!kʄQq*/=֗;p8Obݦs˿M#ܯ:>]5؄i 8cp{qbI(ue];~3pmtb+Ck. -F|QEOO -NUO\IhDa%N# ֙BR+ԡaendstream +xڥr6pBW8x|$'3vg#&( XHŤq~ (aK4'(y.'S +EIFHs؜'x&g&]wtrYcg4i*g߂ϟns1QF‹"ty'|b"dd-tz~rwg?]ZK?~]/?Pn/2u9MYMnؙuKDatT%#P\03Fa0J;a<|>ON"Ba@^a5~ 4by#౐$Go?"LYmopbDMojvԠE +ϯۦzzηbAs- pISZԊ|mGF $cpR1fW7t>DXW[TkTyz Bagzs)]OW7tI7ǠIeb;l +s3EFĦ#̦.tBC;nDW70x)B1]7y ȷ tP+NExx-Up^7"zjO aAʳ-MqTJzRI( ,a8s4C#(y_Jx4-yXqqHѠh<tla@;M4w\n|-us0=nz<>]:Sdž},5QE0O̻""2Eϙ4fO mޏ$Q}k2nJeu-Af+boD. XNw MeIz0$DhT}O)T~O/,^?%إIVn^׶}ϕFѵU/qBa|79^ȂwL}=<eYv1ZH( /YҀ[wKK. c +9,4:/O޽+ow% *tbQM;ВEꤟ"B}4ṅA$71,drl6 5Z|i=rRXϺ÷5P8ˁdui~ǺTg3djyl:|u=vK%[:>^]>r/ƿAkVP4=Y5ZORZ2mDrr-j@hC@]*R(j+k^_mO 2%Rr_`z ]h"{;&:yU2iEbW)7[>A>|Ta +G;Z5[_0¼g%Zʩ3tHC+˗6(-ӟh qϯSM]VBj O%$׮j14깱~Un< Sm g_I4|~)iQvORhXcQKuXn. +Ax,m#%$zX'c9$X#yد;q9`~2o)lP&|QH@-Xf% qz̡e+\O6.^|X#l\ipQl>SzW 8(tD.b'w5/t/]CsʄQq*ݗSY犿J8Zƃ'nQpչ~SP+_wGU&6?0{8NY>^$ybkt}lk׎ jex5w|QEO ͏"'74 Iy4"0\Q4=bXiIJ2!_y bendstream endobj 2059 0 obj << /Type /Page @@ -9284,9 +9257,10 @@ endobj /Filter /FlateDecode >> stream -xڭX[o6~Y^D[8]6bwAi[-y,~GȒM;6I9߹P$G".PTEJDŽGG xn@fA.d憥BJPMYa)I4}".@qŐ($!8xy}ph|n4:e0fuM'569G3/l$^YTOUHJ@y#)8wYӺܾd ɡѫBu ؇n+rZ6w|=_=>LnU'(Y@3%u6YXF H6 tl&,t 6ƅ.#qt#3;݂Ǜ+BVg̤obhɳy9uu˫B?&˷.4k6Mˢ"/i\ϝeBb8񸊻lc?/ AP>9׍ ʾ]-uk]'@$$::3|x!W ޭ@pq*]M昞7EU=(h3olsx` ;kyyOpXgVÖ>>J$;XZns8' -C~,]i[a)P49#+]6\aqЇG# (Z \ysTgln7oo.S7[C7Z wsmTL?f.["fT J˛Aby%4ioL'S*WЧB5/i[g 2)OTqr7򸌹*Ƕ ^endstream +xڭX[o6~9^DܞK6jӶP[r-9Yx%v6lssHD\ R ̀8Ѓ]ԫ,Rh2ȒKIS + tp|};ލ.D$/G7^ )(ۏ E7ŗhҚ5`} fS:[ҽ{]7?66~omOh5X2~.MWQ֦R')JTH`OtD'$-ˏF?|;]IP>l$^YTOUHJ@wy#)8wYӺ>d ɡыBu ؇n+rZ6w|=_=OnnU'(Y@3%u6YXF H63tl&,t 6ƅ.#qt#3;݂W4ΊIۡВgr6S몗W~Mo]iflέEE^,Ҹ(:i? $qqw$7~6#; _r҃>!Vy}sM)A8}}/p*[8ֺO?+I6 5I" ttPg(C[*T0 1=o\ +X׫zP0gV7v&(w2.ά -}V3}Iv?x(0DUzP@eI()髼CSu }+hG}p"dO2LY (c(ҡ %irxv S)47̃S}BA%ưӔq )} ee()4KWp{MkQ)0ڞq+\%4^䏺6ۉTL=Ҋw5m6^I^[Lϳݪq_ڧoӊ_ md[Tnݫכڕ鳻 rT_S@8: ea~DUٖcS4L0lRUt NQ">P_ ߠhC8L]I'Xk`M5|nљڒgʷn=8Y=]6IoBJ1Peh~׮wmpA>㻗/hHYTgln7nn.S7[C7Z wsmTL?d.["fT J˛Aby%4ioL'S*WЧB5/i[g 2)OTqr7򸌹*Ƕ u_endstream endobj 2077 0 obj << /Type /Page @@ -9330,27 +9304,21 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 2090 0 obj << -/Length 2558 +/Length 2560 /Filter /FlateDecode >> stream -xڵ]s6ݿB3`zb@Enwodrpwyݤ˕F\ ŧhG""2`H3uDGk$Ene־Rzuqh80sa;$ j\7l-9.8OD c+F$ZKBk?W|J g;z'ỉ2hm1뚭I5='Q*MDY,@.DG!C62!1M(-ҿ>b~~7YU3#7{M1+P>Toh2 /;$Ah|܈zr{WCf6!I PZ)FIZ B"4*\q7 `֬J-ҪL$ Yd -J`ȩu\ogɦZHc!@, q`aW63h}Y{z/Ji,3~4:sU*`2[݄` -0pzM^n-꿌5ț<ߔzA3] Ő2Z $RVH%T,9:S/9$)dpHEr Vsel~Ce3AjQi{C[O¦v-u!@̒W-*; -BGI{9ř @ۉ iyIGŲ~KegYZ$Kׯ2I<4`LJR^&f`F5W:p}@uǚYڻ#\U߯2Vް3'rGfShJ) *pc#a -]WAݏ*l -n`9bϞtȏp狃JjCFOKLșzJ'sDT˺Oe^ DR5C8h%ty`, t9=sx*RX~"Z/)F:(p O`SѵVt! eT[DL$-ܔ͉ -F#,9ZA~ܯ|S`)&!VZ:mK`"OBVWXZ$AH^p,ֶaݵ/Va[B݋~+:QviN3:XZ'_}~I %?Rg%< ܒS P4_r7Z:c@,I+:sbiufz1Pg$9/Zm4Id --@f>PP -aS8A* - mѦTP3LQv4'eb*e4ͿAf;>4B - -&Թ}ֵɻoԺaFͯ= py??Nyxvnb;f+ ^DaIgC% cB{:\55j>C6ͥ^*OQRCձؚcux*9zB7룳ZuD7զw-zVƣ\r-_4U4ѯ_B(TT&j7mkX-:bqpnpȃ}?3҂uG1Ԩb PUmE5BPrBWk|Ni7oq2ϟ[bNUX|#L$ ޺!:A=;Ծ(X$ -ߎA}s^ZHsUIs@*U1 %DOz&Ꞅ: -dx9HErrϔ0#nPI$LϬQ^١ Ma'=(Kߩ!?+{&YP]1Y,:ިu6B\;ozkзHƏ2̍y,Y|)SuӝzPv"IN}7V5S>|<7ISwńZ(ˎE>qqendstream +xڵ]s6ݿB3`zb@ܓEn֏~r,ahJIt4 +no}2?PDQpͯ{Xpn|, FKq<{&ϓ_.&\}iĵP9\Dgael'"Aʋſ:Uէ S"R&=`tDc !2RɌ6hp40FFmVh@?11G8=-K<3XGtF`LhZ+E=[H.%תylQoq`hv KI&BqA8(7M[,s]qQ)^WH$> z\*3| +=LMcNA#PlլV"& bvDdW談nr JU,#i*cw^E'C&EjYTCzxBKtQy`Xx4mfK›m^f' ʼni{E@*0Ne_4`rE@g=.!ilԬФ8}>{Нe` ЃS#k_v IFSox{t43jms@CjPhijtugq016=slWzY*M-1Y} Yeg]yU,\벧xl^U<<$I:t^=VU۵]3ݛjWP6NnZJͯ; +(d+{w|4$}V,iΈkB(h%X3H+V @;4fExaujm@^1ZFN9UH<9SMޔ M6(Z@0YMD6)/]zfl30^=XfӘU\glWKt΃)80pĆot;`(lD&jaT;zLJ@h._S=aKÎz[@F@(AC9  ub# kx: Z`:p0L(@w0%JHg"ulOٜn}`gIrVhT/X>=3ȏU1[O.Ckb~,$Y N26Xȓr'3˻kXwMUsߊNh8,>ǒN[E ijuXn)w(/t\v KzXgt氌:K3tvx(3B6T$2 ozB3[(TeUW( Qx+NPFK'}C[)J]* &"m6I"\-]f|5;>4B +6T{uɻkaF; p5ɱ4|{t +ȸGꛫ4x%5ҕT\=<⊹?0\RܭI] +Ɨo.]ݶTyڅjk⩄yZ2t _>zaPV +ܵPLƣXr-_eY41_Bh(`TT!k7ckX-0:bqpqȃ}7w3uGԪb PUm*ZuUSD![ƨ3iJopd雤[UD `#WcߓD1cuQVAv@i:iNo +30F*3FKD]7џl6U UwC. +&u'Z!_{|}7԰$}Et +H$g~挒f s-]h;Aa^5N-Yq1ςɲfњFl瘚}d!Xz/E5+w/et\@SϝNW$ɩ ^"foʇ1&ipQ'eٱ痲vрendstream endobj 2089 0 obj << /Type /Page @@ -9365,7 +9333,7 @@ endobj 690 0 obj << /D [2089 0 R /XYZ 85.0394 769.5949 null] >> endobj -1588 0 obj << +1586 0 obj << /D [2089 0 R /XYZ 85.0394 748.2524 null] >> endobj 2092 0 obj << @@ -9444,25 +9412,26 @@ endobj /Filter /FlateDecode >> stream -xڭZ]۶}_s=P|@nڍ6i$\D"eg;!QTzZ` w.e3 -L+BH(SΞ:4j}p翊lfIy:{x ՚_ozM%sEiǛw(xmxrnq=g:c(i~{5_y}w׿=|u64Qa/Yka}0cls% J +xڭZ]۶}_s=P|@n]ڍ6i$\D"eg;!QTzZ` w.e3 +L+BH(SΞ:4j}p翈lfIy:{x ՚_ozM#sEiǛw(xmxrnq=g:c(i~{5_y}w׿=|u64Qa/Yka}0cls% J $1g(<g3ƈQGP ۻū||xޮƽs yJ)uۖy[=nҿ /d\fշ-85In"/bɛEe]`E?G\6YQQ$['n~宭;'p{BtVK&(3 8bkxAw_a(st -`w?AogWh;W8ƒ/^ܡNYuq0Eisau7.{>릃Z|eW6 _C]_e</ #`!|incwR~Oa2_MA`6" !qD * TP~|bz-;] ~ؖbzoxL5I$~mv59WA[9 \ -9Ԫ[ak># ]~j.7Γp +9Ԫ[ak># l.7Γp yp9v0Tퟸ]bڨ48Z.GKm S)KeGSNt>OrBg7vA3Bp`axz+ f4ɕI.s%0:dĕό0`UKYkc.Oq/oeq52ͳ iP6me-ky^8(,g H-(bɛ'm(,c Ɠ +7Lֽ4>6me-ky^8(,g H-(bɛ'm(, Ɠ oǛءA[lkQLK &P >]= =6+,Vw<,0 YBcdb :xC!âʿ晪'%+ d)KVzbtYy@^qfV+|b<+dq0'-|op*v7GayJ>\}-:Wۖl( 8Bj@jv% { -O{]dQnEAؗ{I8eFUXdp[b,XVmgGϹ{l߭z{T1xm&pX_X&6h9}dZnv͟)B -(TLk' -z,6ХI}p>K"h, -]Y 1څßX{ESpigl7^0F& +2~[?T-{[W/{Oг:)iBTJ99YP9,*g"&PUhM{9sqÒ@xԱߔ|KdzۧC8%?%odF>W~2,e gө?}endstream +(*4m_~=Q<-C|]P2*BTs}Y.ǶY7XCD]F堋-gARTאR5 8<1V҈ۿ~8?OR*J +%>HM {xmG*V:.r1 j^脑?D{hC'_ݻ T.Qr4ue?E{hħ '0Q݌^QTh; +C$(Kq`Y\lFMUu7X5{_Sr1|9G-җ@OOv"e)y 0.|:!Z t͗ -QZ7_3dq8ԀK@ +&(E*ɜ܊;/qʌ$RHX %p[ϺsaBپ[c> /ProcSet [ /PDF /Text ] >> endobj -1688 0 obj +1685 0 obj [730 0 R /Fit] endobj -1536 0 obj +1528 0 obj [730 0 R /Fit] endobj 1249 0 obj @@ -10333,7 +10302,7 @@ endobj stream xte\6 tݡ0 00 R"t ȋ>??w^Z׺75 rpr tP(W琅CfL9g0]#5@ xDDD0rp'/g+_.+ .[ ;9a@=0j@`YIPC@` `w@:@p5\8d\@y {N!v l0f[G3{$ӆ!NǬtypGOk8`4+s=]!.NPcG2'gn.@gk(wuuO= ' .` '&cNcn[ lnN -{fXE0lɥ w}L `u?@# ܿ,vNjxcߏs:B^F4;Wc!d` (B<W} SL70};A`?6x.mUe=rA˂GP9pro:# ?de^7=*7tux^psr?Fr~sOo4 +{fXE0lɥ w}L `u?@# ܿ,vNjxcߏs:B^F4;Wc!d` (B<W} SL70};A`?6x.CmrA˂GP9pro:# ?de^7=*7tux^psr?Fr~sOo4 0a֏Oo?x= a.Ab9Y /z{xœ*2#Dj,8Ey;on Aߋ(X>.3vmsW`gϨ" rn蚗ߡRw9_ҹ_8=e4%v>oFk(?`Lٽ`4&9[~;26cL|r)Sjl( b7Vh9,IRe߷R%= t(%LǏ)>1٥^2O %>pjÕr{2wBx(S|Duޡ{:ґ2G9C{ɕ<|?K@F),w? ah%ٱo^{6 @-%~jwXjz1i%u3^g`d+K[De]Y?>Hj,kѸh8 v_ [J֮9m=?\k>ଇ*ѳ,Y W7}C#ZR$`bGοa9gS%\/hC|?s ؅g)m}vk.b&O +uqf`a,I㯽/ݛ'P6ߢH?ٹ9mHr7:pMRY# 'WKC|-mW躖nᲶ03=j-,nebi;Hl<)L.Yڷ)wL=(L|)='-@.Y[a-Zypx9>穾*|,4 = a{ZwLVqCo,H;_7Gg[Gx dD*~JS/ *FjQjw ]_-q;,1t2ߥƐ{:֧o$c-Nߍ tz"t'>(hSM]ۅ0 SPKDdOj n|KHtޑ+㢟S'@6iC,g3BpΡφn;ɦc _7T,Q1TiHBWL8 ,. u2)=Oڴ, Aqr^T!12)N\)Rb6Cb5ޛ;mHL^Ȭݸ {>m@zN׻B]@)p[j6덶BSHQר.ثN`Gz^n)?892x%3ZJ]\^SXAr}[(0@elmiEW9QѲCۯA=g>MF{Q=*k+ki@ħW:x<"}<=ѥ䃏DKXx( {jdqXPvπiA;@y*oLOxOc -@YUʳ;BiM.\r;UR')眄 @i/_ Ar0FxYjCĞjbnU?uW#,MߥJBQlX-ebtx]s<:XQw-N;N?VlvG,%9'bη9|1.!]D=RԌݬIg=h_5r/  tv;0endstream +*s"}Y ;҉{Y]pݯXo}UZ: h)8fEDsqTM:ùɸX!l ΄,17bg&fܽY'jeAt ]wV^%RtΏl阦jϸ3m>YjCĞjbnU?uW#,MߥJBQlX-ebtx]s<:XQw-N;N?VlvG,%9'bη9|1.!]D=RԌݬIg=h_5r/  tv;0Տendstream endobj 1716 0 obj << /Type /Font @@ -10365,14 +10334,14 @@ endobj /FirstChar 67 /LastChar 85 /Widths 2267 0 R -/BaseFont /PJEIHS+URWPalladioL-Bold-Slant_167 +/BaseFont /VEQPAA+URWPalladioL-Bold-Slant_167 /FontDescriptor 1714 0 R >> endobj 1714 0 obj << /Ascent 708 /CapHeight 672 /Descent -266 -/FontName /PJEIHS+URWPalladioL-Bold-Slant_167 +/FontName /VEQPAA+URWPalladioL-Bold-Slant_167 /ItalicAngle -9 /StemV 123 /XHeight 471 @@ -10396,25 +10365,29 @@ x yaha pJH( @B0Y $DB@ #H CXnxX9rYzD"0̓;!o(ׁZi@! u %5Hf@ 0dw9qYa_!n b xZAA gyA [W H8 -rt%n-~tݐiH+ ɪ!+NWnmn"o"ΪHW'Ȉth`Vp_{Y߬? `+7Wכ ~o -{!O`zn%l"5\\:߿(Rf~QU;(z5|̶Aܞ ˣg}O4N}-lZU/{LeP[wm_i=;>WSVz|Rg_"*ʔyzUJW8bL.ٔO uJߪݎ;Bbubï<_^˿`iKyyc@'\;$Q;S-s/, 9D#,9ƦKvS꿻%-]3ݓ][ClL5ؽr3ܰDSj)W8*ܟ螓3@'}~+ϝ6\p<zu>AbPبLbZa3YEV= {^2<}5aq_5>$C}XjiG/d-!j;6#܊.Oc$zI(/ Wj"K{LHhԻ:iFRF<g] 39}F8|0"G$ I΃ .􋵟ECqQmoi\7ymJ0:nƁ Xe`_j셔rOD6xͷolP*5$8d#iWtuG= koH]:3Ng}?& -bayKܣ%tTca֍F˨?B: 3ZP Ɗ} fφTUJj:ϋN)/ E^g^/k&67%"-ήQ͓ Ƒr'#LwDEЙ}`?$-`C5Շ 93XʺUFC:ׇT<ez&Ċ @!- ڽcEҼο2hY#SjzaT x^9%5Fy ױl2$g$?{v,nDfGSH4S"N^t!+nX#guW }ceScZBF%# S=bFp%& @{§ F$ -HvoVy糳j՟,_h^p/#ӄH焻[ʻB8Ҭ%P #&}7uo(u95?c8,:f.41h3):;c,Y:N5uQE r!&.Y ;$`yme~b@{3* g`iD՘|)1I\jΙ+&jw{-G3*Um֭, !Oly?MǾ팼sx!X>IٻX,EA;%]"N?v6n$W0OW4ƗNQI>qz#Q3] -pBkj0ĵj]ZٟB dU -I9䂷߽n^(h7C2K~V')^}zTu?F-!z_/Uog4.NEhÔL^ѽfCPI^Lʸ/\S ή0ڷO%p1A?P(.g> -l^)e3Pp[dbVҳ4+΍&VBԠeCuO邿# U9fiCl\rzW6b1~iE5 AќN=< lyIj%i(xW|nڸ '#5C&g=O(mb6̶˲G8Uc]ͼ7A]u 0L2+m>us*6ωl]"N9vN{iūHv!Y %=]8¶7R8v4wts`h j-"TB XBN -d%JWܽT$$H~@&jMI.ywBۊFgp7s&RD(p3gL)\beu19a0i l]dNww T甼T31&"q {tjIO#uU/qAS[7o4^ԙQLz9QT1q}caK"Qv[,P.d¡:FR=Y@A -L900#}>)fb7sӿ}׊g?FІIPk22|֧[WBMt<:28;Xf1SE&00d5Ť4|yl@rl@}}\"Sd5kp 3ʇ -+^h&9I3\qa)&JNBb0N`.'394^g(}*v -d :w.5%Ss?g:S &t|E4sFCAgd'geߺhghj34>\=JYQ$]ܕ~D7_ko6=:sNra?{>J^(%ZR`W[s|-:Q`qX d= ҷeQ;)1*7عn`.{_Ι$6c $Gy2@~HDXv tƟ|fOcQ?U?N|bk t)MA稴NJ%*N3z 90´~܊Og`.%kK2j/z};ZтtZzD NZVBE -LT{iG3ȥ"y+3[cͽ<Q@+}0D%fL7SD neF cφ=jхfA^HèPP@S5D7˃o64ҎY]l_o%аSAhUyvSD=OxaI;։doLd<~gpzձ5*212B`G8n^{bhރ1KVZg"2eFA4TxzrA?]K>/oA,ߚ72%AjL#!elqϝpja"pȮp_۰~Y$/]>7W*CGž0#,4)j-o-|?-&IBhE,T͌d+pY[[r#.NkLK z?|ì"*#; /ufxAxL1-YaKᰬ%= \\ɨ*)s,]!;ypQ40QoyAyuUCC؇o+鼡 !Wcq-s:f4#Wz]!{ׄwET yLF׆ab-d&נ -bǍ 9+&읏[8Y)+TD> B٘cE,L0+;nrHN[=dWNPtic "`{(f.Xtrih8pK\Ǭ(oύO5wʙ)w\d? $ ?(r>9u '8YҧhZ؃wl"Wi8_7WlِLE /u&}\GuA+Ŏ/E`yʽJ;z o8˨zjI*C,M3noW0-56ڞMnrUq - xJ60>y$7An_Z+i5Ň) {iR`FFSa%eu*9 ||,Hn_%iÍ'+c% ݍ@;zu@ f#[2aPSI1tbMg+k:SRc;EKZjUziRR2 ~9hKI<ORd*AYp0j<8KgQ$`d4|ȥ*S妽.R+Մu4Z]5í9p"GA۲x]}㴄Is ӚUE|5 Yf?Nl srOXfP~XW轢I!q;['@9Bi}&ŋ7<$QjA\}Nmr2~/^=1m"$RB"haH&ۀ;&K<v|oϬAF/ܟwF< vJ\~ntG9%Mx5ܶ?óۙ]_~l? 7`NK)a;]%س^Sx5OuyKEߏ -(Z`~VpEaAzyUwJs?|: }Hag)o}=rrM3v-@ 'pXҖ -B\h~8$7!g;ɥ\cf>}7Zس֖^-U&( -ӻIFSOV_hn- -X{$@rlZɞˊ1o(mI]_- 'zTn76Gت& IĆ7ԉfu3;)EO4,Źk&l#ٶ hiF] x'fb\{?=3XTW*\Eex@Dz:!XK G>c{BC0Uռݕ5xfUNhZ$8훎Б;߾2~%~Q*|6ο.H&l][%κƬ!rOx!.BzuW,r9TCH֑_e:5r3.4vW][)݈HS+fS4Hzy*/%͠8m'7\K)8@b\ʂ[g5֡'̥g<8Tq_U =#f*6*\oi`lj[W*2(tp{6]}>{?'C5zE&v dYcL8uGݚtVe&KჃoS*.m8WQ3Dj OpHYf>׼_Ƥ|E=PzXD%+C1_=AY:&Aa;U*XJ=1<,|# O'CM]fS4AMjҷkxG,92¬ ߸gp0o9)M&ChVF=VvŞTv(ʴ7jz䭠6]EڟeIGOI&+Z Sl -`cGLs:Jθ OX9B,\p' W~yendstream +rt%n-~tݐiH+ ɪ!+NWnmn5# YE/k'ĹFu/5|Q2vPk|rUm̑=GC>hZ ش?^ R3Ӣ{w| 'V)o_=h!E\U)a􄹫cOwٯp1"])ʕUwĂ_)x :7D/P'ƀ,? NvIn+\}Z(^XrLGXrMߗdcwK +e[ă4f)ƻ'c*2uMׁE;k"{!6ga1.Զ3S?pU!?='g$NV;;l"=+jy4&}ʡ QĴf'8{@|[n.\ex~jS jrk}6KiIs=Z9;/7[;_N[BrwmF][hy;I|P_(\{Er},4JШw5Z!tҦ(2x<κgr>0.;2qaZ.EL_GHx5tՍ;T1\,k?nҸnT +at̋]%2{ )>#l6o;^LUjIp(FӮ~}=z8>ߐ0?u>gv[? 3Mĺ??6GK让Qtȡf8 ?; {=tvWuR^.ȋzYt+@^V^MloJfE([]'#|'OF֡3~.IZH)Ljrg=utq,x3-pL܉'AC0[&{C iNJy)>eLc%/FTU¨5 +sJk "C 3cU4eHH~0+EOY^݈F͎TUhDǝ8I{BDWRFVfʦqǴLJGЧzTł뗍JM ;2N6OH vzygg)Ղ?YѼN-f_6G w8IwpY%K:-@2GrM 4oP-*ksj#}Ǫq.!ŝpY2 t( ]C;hbЀ16gRtVw>o;#mY0zuk +> >-eCL\7wI:HR*gTrI(J҈1!Rb>`13W@M335,G 'V? 9ZfjW]U۬[Y@CLAj*+5~j}y]缁cvˋ Bxi9]'|w/2X8w^+KD~$l݂IJ5`Vipw/6 +} Fgtsng]|`ks8;ϻ?&@!*54[*/so?87S){=ܼP+holMe$NR3(c4.~FZBY5_hd%\N+2Ûˇ){s9͆ߡ q 'N_c%}#0~?3fSw2]ao1J(c~P ʽ]HϨ}KU0Q[Svg"hY/giWeMAGr,ԇnV]mb&jLsN97{x4():J Qɉ4Qx6w|:T$ܽʷ +ц19^DqfEKƢb+o-.4u˱A֎\߷$&H=~v^f-pYSD=A5bX GzV| qFOxFkdMV{Pz`%lmeYqXty_o*`8dWLUe|l Ult|Dl3֣=͝sh./xK,,AaӬ)WtBJ*={!fRqmo5phrd0&y[P-qΓ `B!aa`Wf +pRL\(hGMuf}ZEV".J<{kIIdL2:H]z))|'µotMQg^ +V1-S`_3%6Bb rta*غ0ɼu)y@[gbL)?D*ԒꟲGI_R>noߢi!L<35$2MIwsb< V–DT"Y\FCu9TcIzҳ*ls$a`F  (X | |S +5 oȯg.%~2 ͓603eieO3KGl:gyud6pD+vbN fMha>.`.kIi"S0җbjD䧠jgV0MrfJ-.%.SL2 `47\N>friPT,9@^'Mu\ kJj^ 12tLV>i猆#ZVO8ʾuѶfh=}m{Ip-+ZCKon?mzt9e/Օ*}6QK&Z]u`zߥo~wRbUoxsaKk ]̝3I/m,KgwǖI=fev>&6\/A#$?)֣͞~~$:|!S@Qi7KAU f1As`i[Ĺzҍ]Kd8^w:* c V녊4B'4\fKEVg$Oƚ{y %W8nya%?:K͘ro\؉>Ǎ_ { ؃k b91-k2n_ߜ7lh6ؾJaI5R?wڧXz&ev3&)xb'.\ ,P'8ckUPecne&Vp ʽ> +c$S50Edʌ0h(Iڻ :2!<|^ނX2/5obdKw՘MG0C&j;+=EXr#]Cg "}Y.aYI/^Y}$oί8 lU=O'aFX9hRԤ[[~[rM~jeUλGw^} 2$ +cZיb[D۳>&՗aY K{@QeUSX6Cvǣha1((-ԱVyCC..& + +7/[\ctFqhF4zB E #Ś[ +MA)ŎArjgWL;'p +RV |r1PY1abWw:N$j{ɮ,V;CQDd'RG/*8V_<"{[w (FVqQ߼qQ vՒTw͇\Ydf>O9aZjm=!>Q3ٹԫ^ 9@"F/h>l`|\Ih=nL'kf9VjtS~Ҥ&T'$3!5vJ# UO+8sXh[ݾKn1gyOjWJu%,#vlFd /A=3&c6 ^$oφWִuݧ4vLATIժBU! Z<1dAZ}483r:Amіx3ȢU +ƃ>;'u`:?+x`qvIr= +ȘiK1 cɅ9UM{]\fW O7hk[s*(DطeQyУnX>9B?&X^`ڭT}组i R(5c3魋j>] )&R̤0[W>{EOC6Q vnO0%rT嫅҄(.M!UoH!yHJ{'ERmS5D)*e^lzbE$IإEP7LwMx#'Y"_?揄jy@ +]N5yn rJpHz/DWk-4m^gq3л((y|@n (/&|SvJKg߽v9j:#"n &>PD"]6‚Z3~h{5?t@vu}Rf{jfZO'-|UpRIyyo1oBvK \|n6=gǃ-Z/l4nlU-oMٓ o:|y7MT{ =i3RVHA9jQr3a3X_dhE/O\KɬO_ &$ubsAytN.`.bʥ܆6l}g|wRhXsL84G} 1Ymgzӌ$9Nh͔ŸXsm{g"'HRU\O<>lS" + t.CB|(z?п)|8csa4y=~U+j*8ӓ&w?,Ip7o#qw}eJUl]RmLغ=kKJ;uY8:B.C\0&Xs;2`#"tkg\i.(TR-ɳ/%|qWru?̦hΑ7U^K:%į vA7p1tOn4 ++`Rp36FŊݹ%:b0&Swj VC%#N^ۙKuy,Eq&8{D LG8UTm5leU?666!-+T(wu9eQ:Jm4 _}~NOkڋֻM}ɲưq`+5׭d[%˦[M#ߦT\*wqg$d]|y9?)#Iiw%z:3KzWFcm={8uLwY|U&n{ebL=Xy*wSY"FNj'> endobj 1700 0 obj << /Ascent 728 /CapHeight 669 /Descent -256 -/FontName /HPLSVP+URWPalladioL-BoldItal +/FontName /JCKXBI+URWPalladioL-BoldItal /ItalicAngle -9.9 /StemV 114 /XHeight 469 @@ -10450,16 +10423,14 @@ endobj /Filter /FlateDecode >> stream -xRkTSWRIzX<50Lx?$ސ[{A%UY%OQQ**RKEZE`9R*uu5kswinR6!J I$b6 gBᰜ@04XNAV 8'py28"GGrH -֐5r5b -& T`= Y0ĠB!(9I*1{ Cڌw,$Ei aZ XIan0!kfZN*?_r 4ZƁ`Iߊ̊ Q45 8`(!*3iFJHu0% (߿v:)GPBπt#&MHd1X,6I$Sf"TA8\o qBq u֑ #+t&(12,TÙS[iSG7i@_tlZx\V --(1=>Ab%Bz -:XA[?wz{m똭gbӑ緝22F|M?~s)rܡt4&SO s)s[ųrtCHRʬmhgY:ggw֯UQGf޺I^~אp)%ڽp?_|Uc ?s~mImo%67L~/zɎ @ !4ֱP#т;fc?r/ _E8*e:ޫz`Ti\h@y,q^5dïNV0zלv#֎W PriJYwf?)uzo>x-X -]0V9w{R|e3$JɛDԅlkAvsw" -]cO _r:mll_'Vul|5,^q,y?(J 5.+?Rv1e1I9&ESqŪcAx@~;eKnC-sYʯ -b΅p}ᄡXE@)'E5zrmز'gME/T}g|*J#W5e{$k6pg׉V|O-f͆#X&F~,ƮQUJc_hi#uzӿ}o3GW?.78~AԚ|˱dgr1]N.l|yZ7' -(԰'0O Xendstream +xRkTRIzXyL4  OyHLȔd$ J,b%OQQ**RK-p kU*og|g3\"dLo@pdB,HR ԙá1"'Q @'P + y+<>4H>I!PR9B4T \ dEH jvF:X#D&h`TA H +ؓ$706(6%P"aS(i8 PW5姜K^Aպ&-D aSc7fhg%\*DXLh% Z@I +(td +G0xʿ)pI4(JFQԥ!{*)T 9,~{JL)pR !Ѩ!"C`D -p(gr'hl5>29{{_k\V^ #Ƈ2mD)OD(h{{OmWwvO_XzxKǹ'KY}׈"~j1z̮d$+6Oz{kɽrlpBҌKmilkZlNkx;A*Hڛ7^>Mov*%߃DNѕx5n4?aSW&z[Czϋ9wrO]l-ʄz^(4I=.t)}GS#]pAQ@\CDֵj| 5 ]\b(icmKƯKv|y߳z~nό.qrwI_H*C~-cR+tg&.p\_u_7w'؇UjM + +K>yR]@Ǻ栠%ͳA. ډ̑@tG[t_u6ہ71@ JM#=Zm^u?rsauɺ.- Gf3M=VVM{$稠!dU};e9Q6>]XiW*Eim||\=zwBʫkwm|Eӄ6zӒ[F{3l&gg~Է^?c0H=GQh90[4uN |_fr6Jw'2/vtzT)}/ۓ<_vj.[`W `m9s M,%7mDj1-ّ|ws +CO012s/0qv.,O8:4) /T~ "6KTew-hpǦ-˔U~??3loηT$sbH\s 宸7$wX.ysYwګX2|Ktm7[\SV[:a;v:. (}>N_Fxr׺"(05< ⁶Xyy2;GTI~¢d}s> endobj 1334 0 obj << /Ascent 694 /CapHeight 683 /Descent -194 -/FontName /MJBZTQ+CMMI10 +/FontName /LIJMFU+CMMI10 /ItalicAngle -14.04 /StemV 72 /XHeight 431 @@ -10499,21 +10470,19 @@ endobj /Filter /FlateDecode >> stream -xWi@#QF=%i{4d- O @WRr.h, - '_6`gZ(2B頠5J#a`A @B i,;0J{A& L#UvfƠ}YyO  I!eh R+ -k2‰+XޒHa |Y@#M@lH& IYP4=` _Ca0͵4ChkB$ -LA[ FY.J e2 %jv - WAO#F#)$Ù``1`dhH! Ov ,%D!Q(4ZyAKӨa? Z47Ch}@C@@> uew-VXc~daz`wQ 'QZ{Ni{._z9BtAWJBrY:nlJՉ2Tx%#E->SIJQlPpUQ|>湡fK٢>~/Bsp|Rn۾;ҏ3P=~ÞW]/JU%ynL:!}Tx䩝7͂0q{޸H/z"XiW&S,{%[;Nۅ(f;~nm!aPͥJEd˘Ya1弱i\G8V`J҇$DPFFջ/,GSrodtH>Yն"ivdΤs] f{UD׮iNsAȮw|o5S%ǣs|*&Yȅ`6U]b,SyZ-9ʱ~xVF._qZvƙSȑ&Zigߥ(? [̇q> s{kiρ(Rht́:R?q;~:\-Pq-fq5)>&4ه%ɉMu_uSS91x 'T,>}#;8XF6iwZfy(Df$(pY;7-jT(5Y\*_㭏qs v}oz!sHyVk7Sxe/c盂bf׻89Y9 !>M;e˓gPWKKǹ諸u仞Ft[ J#9|r]Dk?=}HK=&b$L,z}zXi?W;E+'^{r&VGZd:eb<*2"ߜNg_Eћ0H6q! -roc 6J'~zo-$c]5f⦮ޛGXOT8㧼';sI\tUFDuVF]CM|_:R?y&4)BFxp\,٩Fѿ@tZ(rʃMdTSJIѡc1g3KF:a4v*c1fd(NI{Z,S6zu~{|x_}-u +,&Dczh C$1li<'.@ N2%] О tGB>A< Ecmݑ6= \͠3!"BA& cAV  P + س¢tZ@xliXXXr4& -"@+l1D2A6T8eї@%9PŶDE¨$!9T$tb{V"PcѨ4 a"1KBT:= +/ @' F m6p"SG_A̢Ĥń*Tc8y`\̿1B's@Ov RI\6= +C#h ^|AKa1?]H {y쭷T?_fx~k+57֊'O.Q/F .@~(3e*ԣ5QyHvSYk{?/Z We#kr[{:?V1|$j`%/ѻXCi|a_JOL${ٚs44DoΗ`sܧ:ip/Y' jƆ52ϱL'ˤUSyќ֝1ʲ1ҼD JV"T|aU1I$άрӋߌ%Wݻy@&+OUrY'@u߬pbD=#jEl@H]Py.ˌ|?L]_fI4PZ"Fjn˭fȣ\%򂕄r@}ʺ6Ց61mKgMr7i((>cR(;6}BezatTo -F))c mW^Iw)hC^X.z xts9tM,* W*-m䫽tb/?[tOu/\gHlfq&Q3@JE:±Cef52Ԥ\zFEx/ jj~s<މ{=ZPHP({Q _O2^?jTlzd! +|un̿-Et/kg'[_$hŢ%ij`{~SLs7дU,[-#?+X"āD4h69Ѯ)Fvܸ}MՌJtH5˱ D1ZV +Tw +BcۏkɻM*zbTap,P"Ck잲c-r3AJ{ym(k3-w!:YBwEP٬nw"\!HMwO {v|V+\yFzM;Fu&֌ S +{a.cYGS-?a?:kKz b_X*$|_ 41ܒ{>f+`);گ1U)b>^O]JOUwioYk{BVE`^ (g{8=zZ%KaMrRT*=|41a˺GҊ]%Еo 3e2"hFQ5 ݌>yd'hɧ>9{X`Y/o0UzYr"Q't^'GV]36PIOvMH /tnKu(c)nJ鿿{]d/,١Л> endobj 1177 0 obj << /Ascent 712 /CapHeight 712 /Descent -213 -/FontName /PIJTKN+NimbusSanL-ReguItal +/FontName /FWVKMX+NimbusSanL-ReguItal /ItalicAngle -12 /StemV 88 /XHeight 523 @@ -10552,7 +10521,7 @@ stream xvgPTݶ-HPPə&ə&K(HQH s 9#$sn}zvծkιsVmVF-]^Yp@4`(]EXYP0pPOP@jXGw$ 1w۝( G8Cз㍺P(m XP1HCP:@`8@(('ZP|X(rZnAݬ]<G(B~`( 쀾9X! ڭ9"[0- Bр۬Z -JDۂѿs`n6r]-̭ 9hw.K(C9o?4Q01 6`$Enanw_u[`GG݈?QCpk>mN+mnA9X#@g\? =3$Zk з)3s"$'5o{ ko p{àjw M 1w 4 6R e`nP me o{Ǯ"0譖ͧg sb\Pߙ7"o?QZoW?1nO^WH@ ĄżM?@h$ ho0V9E Oo3y~[? +JDۂѿs`n6r]-̭ 9hw.K(C9o?4Q01 6`$Enanw_u[`GG݈?QCpk>mN+mnA9X#@g\? =3$Zk з)3s"$'5o{ ko p{àjw M 1w 4 6R e`nP me o{Ǯ"0譖ͧg sb\Pߙ7o?QZoW?1nO^WH@ ĄżM?@h$ ho0V9E Oo3y~[? uZ|BXLLIBQdt ( ?V1x+w^9eІڥu7N/.')0Pke R ]8s&s߱|*#>cկ EymeAƀ>8m 14jrXd8V>M7&N\*JO8^J%q .&;XB0cVK0-S۷ߌG?E((˚=+y\J6.޻^eނV(b*$=AmEa9oR3S!89rţC™\-ղk͝8 @@ -10584,7 +10553,7 @@ QH; {__b.}ttQRD!$DrG1A Y .#_#wŹ|S?Z::fגʵhXafڜ3BuቇϾʉltp)&T+pe ZM31ILcG"HxS$_*[n~OYgC LI8GUB\{S7M;䃵h0GQ& <"_AzeN2PJ"u]Ls.}QiH5qLUj[ =1YHOoq!Rү%~u 0׷6;>nE=ma\{\cQq&T/b^}m A陈O/I>cb%& mJ;7b{6eC_<@bW+Q'Uݧ/+˰a*/5 JԆ'l 0Kf/^OM [IfC `b1}U*i g#H+"2X|F#Lq؏٪r#g 4>TGG$ 7LIu`UJ2΃79~flΚW 5?|':U.rJo l5AxE3ǕT#Kt.iKW@/ɛ j&Q Șth-ؤ1b?eF Xr/&jzrAMre.2e%ͣ6"5[(H4 :\mdb[i:P20JѻphQQQ_7;mA^;  v*Hߐ,QtT}bWgx$ӬGי'}uiD;xԡư~. %4O ޻B\ -vm$tLd?+햫I&VZ"-35MG74>auAWr`HW{w1ۮE^["W%B>M#nNCuyH %T,T0]4.dk0Pa5Y F?U'?Ջf֤qCra1j,2ӓ=D4eI vvbd)x)\+"oܴD1[|)h$eGUe?auAWr`HW{w1ۮE^["W%B>M#nNCuyH %T,T0]4.dk0Pa5Y F?U'?Ջf֤qCra1j,2ӓ=D4eI vvbd)x)\+"oܴD1[|)h$eGUe?> endobj 1101 0 obj << /Ascent 722 /CapHeight 722 /Descent -217 -/FontName /MVEUCE+NimbusSanL-Bold +/FontName /WQKHFR+NimbusSanL-Bold /ItalicAngle 0 /StemV 141 /XHeight 532 @@ -10620,39 +10589,43 @@ endobj /Filter /FlateDecode >> stream -xzUX\[mܡpww.+pp58NO}{1sαh)յX%-ArNlBUTQUdxyPhi_i(ck۸T .'/˚@'@vp\A{ %drtrsv,5AP'7*z? `kW#33˿NAAA_ @[;^ {'?2HȃA-U2.Y AA/:ZJ;9!E30dҔ}stp -hgKn:`7[ ~PY\\\ iaGJm/gП$3 -[^(>P3w߉ߡpr,s1KYcb -{ 9888\׿U@vie i2{gӋ$+'?KeR^yO/OT ?urK򭣕@WK e6 1#U\ ÿFLjej^urn;/~@ʀ?7G뿼@=?l!hmOP9'Rjaqe?CǗ `msA/g'r[JYG 'K5@e* - {#b6ulr}7* 1 -~~fK {5n<"+ͅ6_*߸R"mr)Yf;$)4m숁lߪߵ:S$}nDF側EEvX}Y6~<цߊ닩;5Vk*J]! CNd[b}}[Β-`b2YsawElMzb427#]יy/u443e`r<#7(uRuۊ5Ӂկv}oPF`<0ߕvrʷ۳%FIm/q}FD-V;'ʎ* jߠ _ͥ FKR˳S~sU :e}#^M/'FM =6?R9f;QqCF|BZM8l#7 d"3`{e&P`'Ƌ.tj]RiɰQ|a;_zz{8q=okfwȶʣJ=pn~{Pӛ$ 񎌠`_:tHlܷ2s79 oۧԨOzaB5 Z}nXrou3>>ENh$⠞`c)½@dzȈM6H6’9{5RJ_=PǸSI:s_|qYo}FfHoǤw= 5m Z-~$yEd8<|ۖ=:eNb;j$0b -Wy\:T*} -GJ{ iVnnFtj̧-7!پCxw\z ]}?U GEu=Ӌ jaFANQ(E~0FHds D7j6/ǓAdl;WyOA"Ԟ r*ٌA֊UIhYT}:(k왚%}"Lջamt>ufP:&&2،sRԮ Z!6{dog۟TկFGWHn8"8MXDŽeǙH`Lؤ]K攟#FѻI -WD`9$7+1n -e3:=GU. Liubbj&䩢H[.=XUÑe\JEu$,5:zFD@:^*O1N] 3!egN,!u*ՙގIivޒ.\6tc/nAdCk`zJ$T;b&MqP-:/y4tb빍PAڕr χ5%~kc~|FPN\3$}Wfox3RlmfG0^CPz.S@΍-UįeZ77!sJ&Psp'Kٶv<ŷ/0V 5UFٶԕkMБ?j3JķVu+0nҌmfer&u 2j = EؐWշ5p uΰ?ۺvt}͓h&:6UVi28Ow;b.)y" Ӕ]/닿;3ߑn_4 -W쭉6B"|[܂'0{aLm\a5BӀJJ,"KG459çzg UQPJy)wUiO }78p -OԨPV]s<#fWX,KРG[Qذ,aTGEHo BtK*5s¬: -TCBzEj' cM&BrK0 !t_"jDECدx)Y ]) \{. -s6alqlDŽzu؉j r4ir/𖛚i}=ڱVR4|hwFT+ijch;4*B6$O^ͷ0~Sy ' ӵٌLMg[Ac̓[iM~yE'I9\>KͧX尷w#GT$5\u;-18XKkH(sx-Tۋv"1=2'1,BKǘO=ĞB[⟎c@ne['(uyo߯-m=W 8;<ڱzs,l9u?\(^҉ȉ|- -sˆ PbAGЕ=tb??y(QZRs d\=*$3SfYs;96;e\k(u}5M !eQ'-{F{ P&=|ُ&ΒV*]!uFwhI)HY -afh+*CiYez^gÈb.V+>@h3+ y]HgUfRfw`:Cdݍa$z'9?!!MVT?7[o]4ͭrQtb,AjJ6}dݟ?pGؽ~w߲:[jRN~V=0LD!$*ٵ+.OiR}Rn<)תNUw~WK9-ʓ)Y%CQY޷AȦAڗwlu +FgFL|̮,295mLLWJ93a67ٷIb;}'vT5{sg)VbY\5(&I -1~*]ۗƃGf{9V0`%n''~{,`l&S-o"u 3YG\6_=2[6ϟ* -ќȖiH x_~>3ne\\Hf9(Zhs:1?}5)vy$kdlZw贓(); /CZ&hQDjQoc *eHbNlW[vqlCcf{m% TTqQt0e^o!SR,ڑ0YQ/uM"úSsb=0@z'kJ<΄OnP/4%0;^aBBC-EK7urG.#K/ bu?є#ŗ* 9(6c}iQ[0[*|]@N} UktnOc=.+ Gs Q -ivT,3qZ\e<fg(mdgZ1n&uX#7N+Sql΂u 8ʛ|u;wmݰdh!\ -F WB'u6їNڃtۇí%=h#,b,jظn墷cvǯL.C;"&VWj] c%'_+zOIϩ[:2}r9=*niچ{;Syw$zxk[шcF1R0Z;'i+ GD~!5sCX6 k^o_+ٕ_0>xڼHVMJeG ?XeuΤe^2ySnY'\!V*^5z#2mXoSzq/h8ZDape!ᒘ>;V5D~_c؇$'"qL0R,ubn -P++dt]ҽoj);[SzO<43H68)#[}FJ7jFA1~| to WTd`^Wѧp|gy$bh#ƫ+o0&hM|y:bID>f}uZ_$3ģ"Fɜ;2̠>j:ٗUԌA'd>W4_UXoyp.bT~~=eHY2J)>B$Q*F ;=&{%ZO9HbwUp[-6?cnZDS{>e:ZuEb+ !ْd__9Y{;ϮlL9L5hBr*]'{ۭ{rأsp֨Wt!@TQq;yH%LP8.7ۄMК6\|M$F~p4זH*Y 2\qYZ:"0HY"旖EcSF&=0E7`wH9ߢ;YL#̳քgc -ֹº?׮,L'#j247cAIyocp߹*yT==l5D1s2ʴ8h4uBS71 XyyJtb`1<]=.`7HueWOH:(kх.oa^ܦ6WIF-͖ks=2Kʛ`).`(/ )yt,L*7A[hDp/.EԓV!Pjs4_}РE*qʼniP|-SG`K/Kyӡ~xGp;>k#t-;پwSxE c\h}U;Q ) 5whى嬭q·g2qĢGihq?Ŭة;__,G(F7Vw6"c,MD%\Kq:?uK޷$I{ʬ=PT&U0vi|J#ECKwJ our'SN~8ncqWjiY#Wӓ!믬f}Xncw|q\nZEx!?PEl$խ.L[ά&dcL .--3ETk*kh=RП`ɑ.~˥1A;7q[GLf40a6 96ژmRsA8x4AxD Y@Bi8R}WJ,|k]%0riZn Gt A ,Xa+ЊAHT+&Y=LL-0͢125c{wc |XۦJ!{$ 6ԩq ԆO#A,lxG. '*P(b հ_~RlY?XXB߀z'o?kCPbF ̒2[Q]q֑(gТFt -䦶"oucZ^}$4Wt}bZ0%/ `#){3}᠁+(&c! Sb4ka; uh^314jT+2O7N+3{(lzy@AW'} [A//d+ 0`pqserN^ +W5sإ5j3FII9HrXx_&EQ/DS'ǿ$:Z9΋@_f3]_l0kt8x9^_G:X!fo+  {39 c:o] {,6\;;A|VN^οq6` ;GrR G˿up;Z\_ bO yzy@d0d!d[rS)I=ŧsFe۩JhWB“[ 1SF}FN&$D6NP 'V!FDUa8arW eV? pwE 4 YmoQ.XMOCazM6 4U~^ZtS֊m:3-?"Z}jNbP/6ug]s"KO ~fB (TH6QfC5.M|/32^ǔy;.HwM< :zq]˚fߥVO;pٮ:Vn)S!]ǩNP |FdxV3d(C@ذ]_lsXȜgOl[.r.m]O'Ok:t=?=ŷydwaȈ)lFLx5fn; $4RD䯡x >%fA noX+JGFIW +BF )εqb`1߭3_Ǭ8hJ7 +yaH9cRClKQI_Qt)25iX٫ؐ/uc䈄Xm.d=(`&5UƔh3rO>6I!MlI6e>?fV57O!饟s3$2B- -8X/(tݫj{טsɏ6V\_LqF/ ]cF)@*n'(i(Zp<'ۢ0ߒv\o; oژ 3Ogs7.-~@`mڎ}~aIiBX;ѐLv4ޯ~,5ìm|h?⸄3ߞ.Je[3J"kv}]<3'j>QTzTNZ~?p5v66JZ4滫h//y _ƷIrNl|8jʥױ907ڈ +~h b.dkП%):+2X:͖$4^t+hܕ vӘ5]Y%e6xsٯ]?kv o< +(v SF'5IoO +7:K@k@bS澕r>h}f}O4ޥW]Uf~2o] Kέ2Z终> ءsRDPw,eRWYg@N$$#,}W%? h=yJ{k˪3jugigrL-|Y~]_MNڮݨ| $34%{u얄Hs,.sDށVoy +}U(ҡRD(LV/<Br[5$nƑ]F@-ʄX&H;R%FU4:/N̞mHw-y\D,GKG)H0QWI8*0zB׉",g?ud;ܓMGq+QY|H|b,].h?8eY+f|vX|d3#Ғm?%imr%lnR :L׸ԤHvŠ Fog~ңO4)F +d VIӱj.^۬SrV }r.,1JT0>_3$Pbkx3RlmbC0^EP|.S?M[}%Z77!esrP-KPgfKdvy0KDzJt C;BBIQaΙM%ec +"pA+'˶`1'tB`%}4TT!m~-MX&Gc7QY;t & C_e#AMhg} _X?+f}DޑR1ЏkȱW2z(7gǭ˦kovDZn.& G*oڣ +9 +K[XJE<6gDO<-[?BHB%n mdk%||c!bмߜ|0˞MȤQԋz+ݶ<9qA1yk:Wt\oﳾ|hQ}{=uH.JRU+M{BGc\=2*ы7׋LUj/͛%s-8Vβ.(xM)?%($V}ZXf6ҬG(x5oSͣ0`e07x4A˷9ʥEX7Q@?,8}}5>NXJjzdb>+df,+s.9E<מ*+_"l=LmvZd?v6n6LKTl<:|7Vj%‡ vgq%=/x=k_錠 +UluSTlΆ1 ^+&''$̇*Tqqr] KV;ߑlH,3A'ηᬦaC% wA݋w-kjjꘕN&_ie}ä +=A{R3]B$J*ug28'H%\ف_M?f}a}l}yWRbyĥyO"SZGehOu}*+3h~}h-[wlGU󐐴;2kxcn Ebb+Мy ž}hMQ0m8AongW;qyQz&Jv|_wB1?fvfA8yPvYi@>C[w4 +@R(0N$(R@ F3M);Z\RQMfyłkeI5Jz mT"y[Sre(u!Zh + +:n-"#,8`G ,X@2jChAj|3B҈fzCk-؆Q[ n +I d<.&Bۘ,_l~KB k!Đ\V V*ZqZI5vKա8*#*NjSyuؒ 2l_>a]?Zv!,6-Si +K ia$&Ų#׈veiyig2P~.,QE޶:A<A!ȴiO*kEK +ML['/BV~wy@z +.s^G3o6ԙ&!9G\K-:PX|tHh$fkƎQ 2ѮW[zsi="Ifei,3X}1T +2ي16ü\u_&R3wsm( RI%i5A07J]KU^׀I0QܜiY4?o@ +u?L?Y3ndyLvQ::7Q_X%Z]P3q#$_~BMCf40Q?7q4;W%/W`zBFa.FfG,͠WnaHrf.B,R#7)W] #,˹goe.VTJ Ie--(K|4F~c7ѨAtq{g]bI~$Y᥶!%/ʐ Pv>h+S ae[z*Wlw1t%8G:F2G5@B +AtαvkpwHSvzzȩ|׍Wi}牟Z[M ţGj&sti!Jx0sń˔-kW8OY!3ؾ8>5tCI9yVsB,kt䪻!z}u` `48N6ξ:kMk0/4Jh'lMc]#6!k)&LҴ43{^vԎT4]NTn h^<϶Я-\.Y4!8%Xzʇ$=,8K#me/P_A1T+QykG͞ԃkm%׹Qg["NtQ?12wD qٗQ #o;#HK7W y‚JڹHOQaJnK|$` 3$Y޸#M*C3q'&߇EuE[gC@>n$"5LYЧ7c?UGrV#zX}j1Mawft7nK\s{|RQ1QDGx,uXP 3:A|endstream endobj 1100 0 obj << /Type /Font @@ -10661,14 +10634,14 @@ endobj /FirstChar 2 /LastChar 151 /Widths 2273 0 R -/BaseFont /CLQCZL+NimbusSanL-Regu +/BaseFont /CQIVNT+NimbusSanL-Regu /FontDescriptor 1098 0 R >> endobj 1098 0 obj << /Ascent 712 /CapHeight 712 /Descent -213 -/FontName /CLQCZL+NimbusSanL-Regu +/FontName /CQIVNT+NimbusSanL-Regu /ItalicAngle 0 /StemV 85 /XHeight 523 @@ -10684,48 +10657,53 @@ endobj /Length1 1624 /Length2 9819 /Length3 532 -/Length 10685 +/Length 10682 /Filter /FlateDecode >> stream -xweP\.-84N@5Ҹ ] X,AgԹkujww=k=KUԵXA,@r'(;0@hqRf8XY8/*+CdP0@dY\BBBti+ -`cbaa -ȋ @r8;/cC- +*e^2-(El`_@G_1(ol^Z&YkK8Y\NU#NmN7r_W:oUdY @AFOb?f -( §r LO nxxD}002e w%/N}lKNo4(qʛ e_h!Xe^KeiI1xH_ߒ^n` f#ݏO;;oe %cWNL3r!J!Ex@@{i~Ti~[aۅoM;yjM={{f/(ZZ8_]թx۩!$qr!=x˪o)F%0>]JLgv|/[*嗠F+[cH*9AYMgebߺG eaNFuF&|},V﷩Mq@c{JhvrgD;6^s5ټnku&c#qjR|\.86#NOC35tmWR{Q̚is0ffsU vg_?ܞpQdXec\FJquˢN -/sEXXHeLXsxt 6|0t3DL%'2nvW\}BA ƑPu|uhNCP[JƩ*o}̄ɡKNbNՇFL a*u!1;jkB^ÅljL+z䃹ȼ O)탣U%}GMKŚQz~sq4^q10!t{)Wm\q]Ԫdٓ.n\ 'YRWm3yJzTp0L_˙Wu^uÊ7u$j JߊnFþu҉8EO C;(@KAP#ͬlr?\аpU[_!iX -(kꄙ܆{XX,! kV, }(?HItıҒ ϪcNoT3ylM,]l{G኉/ԥHT&eJSO}^&ɯ0~jPj[vi-. 5w-o=z ԛY|Ī{`{cw* -F[ ΁ 5 kϻLoaM9 ފMlH+g.C(#tƟͧ~=j.fŇ֓)Xg];QF`[v ~mt˞Ks(كe - yXl8`@y[}tĖ(<^ktӲ6އu w A`y `& Pf%ҥg+i'[:#;j1%7(!wڲ -4Vճ1wZ~'2[GFRK;cLLb Bf[u-CCM*)e"_)_KݬUhLk4&<6.Yإߚl_"EÇ}+Aي2LPB~?{ -f$m~N+u˶lؼ7gVD~1}־ŽھbCWh6f VfqU~`'hM`Yrt萣?q 1*o7z3Ж9ө*`^^EO`&Kff3FW.U|G#װC:)avүG[(9 y>|)qP2Yݞڜ0P4.'Q$m%M T1G6~Ө^QկR95Y> ]\D@ Ӕ1fhD;ɽ1X\]@AB4~v +GrAl){a%$Hjί}W6#_0><7ξwpzf+|)LqX&,`7WMّL/%k<"|j s tͳVz*^z]3TD5%X-s"['M#"QG;>!,IhdR5arȇߗXqh+wm'Ĺw~N-jᇠ샍hg,qRђ?ww^ s%J:b9(}# xM52Blp\!AI,*&M¬CcguPqd!XY.y>] xY}LgsK"$r >l|d%v^䡾1Vz:i~q?3Z%o􄢕s,nbos6 zT㰊4ܐTh%a5ۡVM,Bdu_MQ\/ Z- ò0DG~cXiaP6#B0͔NN(vw̎;|BLu]pmj. R%t&@+jFaJr w4`-n6Zihe1^y!U8,QrItcdXX3+,HW?3q4qK6ѯ1 [>\tTF.xP$M* B2CC o85|3.pXQT!<ƾKW{l)* R -TYSs4b@|Ou,l.Kytg^7zǘo689ɕ~ldž?\$%%3Ǡv >مOÅoVxYWpN*/}R0Ũh}=h{J_U8ْgܽ 5f Ӣ WNl -3@`JPmOY"C!)_0t H]3lQcY,("y7:z@#R_EtCnʀB3hBc{(Ir@MCD(XT IInj9i=x?kJix~%bLnB`қ_M1ڢD), ; -GR)[joAb:2!E-[Pe&Imzfnt2Rnd`fk^ e6EFsoz.-\ns<0Ux/w{NZ ZO='X.!aP^ݍD߽ ތ|UivzҵMiX-4pgǚh.! s)3>b_X_4[*_phX3%y G"L%P - -ml.^`^k<>6_{'F&Y>KGjF -(+;e~\Xyn Dzz_'ooMafTSeQv@(n<xHT#(d#8n+k4zk)d`oGhTG%Ҥxڬ)-K9 S7e̞0'aͷ! Fi_.u%Yjd)+&2l Wͷag7hHE[w~R:DB.ζD5|t~K%lT(|˓? ,ގ*ԩhp.WVDysB}EK0$݂ j?Dָz$Ԃ .`;);TO D]2pSw|8J\'qNQ)]$-HLÇoh^A{Ku9H2'F(rMѡkҲzJi5S})mKTzfZG\5dZȼ!Eo.>Eo} (˸z?ǪCұzXȒX¨%^}kө ꫷>C;kfEq韨i\i6<#7O\o>XM]q^hjr=n)^4=%N - f/_@C='ګg`+><3qZo TF.Yf 3)_pP9J*kCYv1~n}tYerY'FGo<(׽<2O_v1hB2Y=Rj#2{¨6{ Ʊ),-5ru7W=їceD~72'l7?#у VYlaNeŽ"u~gL.x 0w"mEJNUyg=Ӭ^3[.ot3sJ2oʤBiز$~Cqh^U&ϴv4ϫb`'f]`;߳ߘKڥ&9Z^e1Q=BG -fVV0*_Em1T "r1Fd4 h4m[LȚެ婏ъQov*zbR",)LN-i$qj-U:+ҟR٭"/^,1t\0˦Ȟ0Χv{X -'86ge4XPd/P񉌞<a=c\@pވMRy!].ԙ/֭7D9E|E6fgEϝdxjAG⟃ - SE~ȑ ,i%yU=mקIMhSor.h·,~a,G~wI(SWs|EQj2vHK[6$lbJ/';?0)^{l\ &D|g[\A{)#g=]2\c?scq KhMn*7aU0;CGRT?[|&B}4Q3qQԤû?qh>P8f1~NkᶎAt$9Wi z5r'yXrp?Pɼ>jlΚ>=?`[0jwUI'93]dP ʦ|UN6`cC]DL6nd$Hl>_kF\2٤CQ knC"[[Iuxk_) ĮAc$X$r @5.oUiIuX4}*\0"UwjCuWQ]\~G -ܜ0h8 n8):ھQ(Je]eo}=͖P72̙4߇rW -:b.+Fm?2jƥfsjAd鹿5#nH*j_noT2g*| pª,1:aGWXB"Qv@7ρ=醼ϲ,nUb~O#}灇|vtxvc'XW597_%#w=e}4EXI}5rq[$sGi˥ee)T3[g]5`1qSWJUsy4[JEz)|p>b0֝]jZky`xkV@?WakPLDP i3+1LE٭-ړ*:ql $AMI'9α/):W,f|>zofo1/12쥒=Buūb&a${ N6 y݀&^/}QY^~%軴OaCFZnx]:̻AB\eXF!i}-YZc/b%GO5ޔGrӡsC#F"ܠՠn#оZN;E;+J9_1SX\ t?~F270<7buC1|j,=F1Qz"W`=qj+L8|j4s6&z>./!؃SװA4̄o@J8XF;ZaN_tT%m"+Nޗb:' wFНwc9ߝzh$D. nk6QG|a+J]_9O19:>jzRLUsޚt.xX Ɣ zLa8#hArbDB?~XsIi`b7ujNDD7UUzdZ/3VjQr(O),vjZm)D'1ύ&ug,TTDy #7mT,xFT0=[oӪh -Ou&&׬-[rA^.lm1P}̲Q*.thqqۯlpEUuM|;&NŴ[anB;~p:zgxIccóB։Mj_jH$?Ni.Af6+HT?Lt߫~FuTȖ^_xġ:\BYVGٓa}:e_H"ںu`CN:egaEJUf2-: ϋK8fl.*srF DײG lK83W,-/ cL7vjh 4^qf">3u9nݮ]]ZwUm +U w3 ] 7ssQ8(H@,TWFtC A 2pr8iG/g+^K]?*3 .`+;hrp}j@WklH)e 39@lrp1,!sOj.\\@#j49 g{;r:;۹Y Un + Ggȫ+J +qqu1w;^J5o+ XjZ@J.W_f Wn.`F pY-@..4<%{_֐3 Βէo+2۟as8[9s9U ?3`Y")C\_]g]f5K-5_{_.>+2u^2-(El`;_u@G_19Wk99Xo1E P[,vK`r;^WA_Ӵ:)?_cm_I)KJH1w/Mpr%HH@<>,N>~?7; ?J@Wg''v0X Wlݿnk85 'yib.jZih\ʠv(̱^KA`; =rS:aRkiWqo]w*$ďki/͸-X'tVq>/ָq#QԢңcX(&)W|W򮰾U&Fo b~UyO| E 󕌈q;>޽Y/=eH#1qwm)<5lmf`ES$x1>?^`_0I ӥĨ`0C<>}>דrIQTpKngV5˜n5>˶S}f-l[u(0<%' +xTZn&{2n` %7h*.%bpnR}8\wNO=`Sܖ}< KpRʳRaeS$1r}rN*VC*44;3Y1IohHtC{-3`SJKeA''1iQھj)!cvB~ՓYfT̘z71AlkRҏ؜o||xwA)ŗm)Sw!~.ۑ&2+}ߣ[c8>}q3I!eg@LM|`VajYRl~O.BF̶fl`[c/ˌr4*%3eɓB|Ȗ{D}Tܼ&1a>Qʨ%^=o7@x,V^{%8j9` 1Aɫqr~mbiEjK +o9~vFTVBr!-ZKQ9 n|տ~/#f<!:u\Dľh&Vڤ5s73[FtΖQZ!XxBj^Z‘ MmSXiL) Պ%ŗCwCp'v/8:L- =L{_vDJSR,%)QohoypeWW C?DsQ[t,-4ul>y5ԙX|ƨ}d>`vȏGZ¥Ά7 +.8M~lfN4}9ÿڂIO-c,E5+'t].%}=n*bu#Q1:}5uF)J薾P>jW㌾\~L#\1d%W^&h"[=BVyu'bPm6(/ެ^̏ +4+ 7SY3H46"3ˎ.v :f,Rnf~c>j1%0@R5$$2 Xv]uBGuHL/ϓyG5iX1Q|f |m r.ݗkV_j6ZNObf ?%Hc$XV9t T +iY!Xc[!;8,5r #*̮By0,Ք^`'l- KL(" +x"u#9bt谈~uǛM("1Ģw3]S}C͂^)gxY>( tpVr=a8|./`;y:Um(M +ҎccXl;^ے>@y>c̻~W)/nB|"Fnn Ajn䢘u4~\FcL +b$<,#@RvP9眴SnDyKϤ`@#OawKTQR !J|fۗVIG{)̪qK3[ !~ŌѮ^4Ң~=L*Ɯ!óyw .h \hܙ= +T ? $X xd6?M,W_3'}ex#[&ɋzv +pJvu|v|:͎Rpˤ)M;)qD%1-[{?Bq} +>7B\$%`Q"ͤP}kZE+< +  }Vڔbv<]'*~ͦoz7݄`"s4Iʢ+찗\@A7%XV kICx_ST#OG~ޫbVV 42 z YJLMt1?#1It'-ܘnš'29s^XfM%^C9(k+{Phit| huKeugq%@ӭ>MLMl ~0 KGBxpmIWzVtRD/K Ɖ\' I Ѩ]ϵ630a[^!)S +@G +޲+kt~ j:F<*I7UV\<$iB vڇg5~0B ܑRÕ[&x} gхy^iV|qG\ ;py#Ŗ_&EE E* O;)`L둩'>^pA({/rqĉ) k#4bq"(ى>LV; tvfQO|,Y(L~q{ȫΉ/WxWs((5R & Ҭx<+1LV$%5[-_Qau[g&^h& JK@H&@p?\s>xRv}7j]/q}_Ac d9}6%A,zS(ZFM,G>$%s/n +=[DSh\+{/^HwZoǍ^*aW,*Dj U7IB)QNɱ ب5leXߺRz9pMufrxgE~Ҷj& eu?GQbgr7uZV#r ^"bXW[K6rV@ߏ[-w6tF8D?jm}RfLΞZsL0S1ѵ98tbQ<I JQdV>xD0㋪ -} bX&nLJ =%杜$DA(ι7e"pwZhqn!PNPA&e!=[\$N3`WDySIe zh nL VIyy<ċjRafDP*ڽ~tPs-i Bo G gOdoI3LI_2'_s+E? &hA7?.]|Ty~Ie}?j{hr@0˗4%Qڱ<|USrRG-g$noދzmNIƦ}pjut":uBDo.igE%jRƛ1HZ-L&Ltʶ] +O-Z! %|'K_0Rt9;yFgTJC!z=%[ wW)ḻ(wp16"K iz\Hk7\)uRl|['CyC ^fެ&P^| Lr:mV3<5~i L <ڌmωt/c@fhFS襱Ɯ\?۲'Paz;r# $[+ƟwWFTedh؃$M4UvevXwgtMZYA!9N 4HfXګV/on@ mRr`dc,L .YC3  ]Y8!ib2*O [ +[H"*Rqéқw,&oWYrUǩE)aw|:=0;fI; ι̝H;{󄘛d>4ݏ 4_+4){L+z:zA;_wƪDW1'>eI !Ut+5 qc8O-|mb%%? +( FY# -+?uu&Dt2'4mDGP:&;jNv8Xқtߔ,pTk@mU,\PAiԩ +_kd0 'zyֹ;$&y4)BGm9q~el{93j(#ĿvI/z྽` Zć.1%Z ElAQa!Xa{TuA}wXm@Ma +IyD& )頳![P@_$ <#?{62Sͽh_bRf&2 &c%4(ƛZ/uD^pܻʨI`rߜܸtxG(P7$}MM&vo)f4m>4 +Fտӓ3m U+o],_[ːQւpslX%8KkjxFP܂F [vZcX:emOD/Cs 8~xh#%ޮ'_vLpQqChTb7 ŢX8C5-: {皧DO>y8ްVw38' +b|V#ވF/aK1ybO#M]pQ_Ky3r2/HxB H>z|'ۀӥ|\Srriᰦ*l[V'KRcqMc^Z\J|GĺYZf 5 KgFE}>5M-IEB>Kfj3eܣeW'5Fή(F(k٥s8Xa#B'Wk/x˦-#&Yys{`8Ϫ7W Z/LFSG$`7Vek2Z5i<V/W{GVhcR8nB"#,ţ" y]|N?d +WF +v7w-m} ml'%bAHWnV'iT8X$>?%NaPS%(q$BQ Uާ j^Gy폚8rgB]È赃&OnQQ jGƐ*jz +ii?7X b̠>—iu]TtyrhfX[ɾյdiOr7џUgYdy3X׋'VF/-I8q>V6-~7~vQwJ*zWd1UoTf& += +׌lZ1$Kiu(s?H{$3T?7L]شӸg=VY5EP.L{i{ %'rj"[X?bMHDa8Ob @lJ4U??U*'lt)a +G,*yќ>]-GOF܎S #SAW嶯 N!H@ㄾe78гq⅊ɠⳓB P;QsUmWv€&x:_m(w tf/f 9jGwjiglР's\}-J9H!︻f8#:@UX̲7-utHt>Eqzk%[h]xuA:ڙGczݱj~d|pk䂠֕/|IA{5ҳ'˻e 7(ϛkE‡'Ulڪ4-fҝ_{Ծ[H$1 ?SLX'fR7d#*NzwGɩʷzdP7n]сgZ~B SCDil +x*9,RZaaS-ӉA !!ZvLyuXr;7:6ut&7$#|SB"AP.i8 Z#;p{ԺR/a3x =6gK%Fϡ]ؐL'e!9{'qonhX:΁4 +7(M:5O^U/*[A}_/LNHN͝+P۞fX0Why)h낵B`N+x\%.a<+=o. E GB@`wHbZt`A4G4sY ㇠iZ>Vm6J)!Gk|y/jy(.JfS&N+OZ^HR^s*1y(&)`z~}šf Vwr^NI%i " +$36׀L)[wr)L{:+qC +$[ 73yҹI +5UNVl?($bN~o 0챤^ck4)SmA祒G7 =9^l ([6ԫNLTiD㖯.qm%EFD}?l5KG9ΘK|ˑK#c =f<̠Šv#=J#n%D7R$w&XGުEˋ+ߜ}P0s_XTutaPB"ƙ>U\0R;"d?]7j 팓ʔY~^? +tqqs:*of667>ĝ]׈^ ׃O9jXJ;J+Q&V_Ttu3VPnOwp賚̭My:(x.< !v[a'\k +m;M1A>]89l|TBk=X"x۾r-}|. tFsJր,G |"vMg|tF'dEAF..'#]X&l_=ԈGyX_pEshF8@U/(A` ,5r:>ی.G%"eg>j%J8 \<_ȥ YZ\TYQ䲃Ѹ7>ߖ +L_LyiZ)) r@pMGo[k47m)p Z(bz>-VR}|oםw L(!^S':p{Ts5 D+Y_+ +SP]B/N}e}S%A/$g0(%>y ]}Wyc.C;*Wu+*CUxvDr}Ir/up2wsºus!Bk[]-Q0FSK9dDi-EvxZ?.pG3ֆڋV0Jy+:Ցo(XӶ3)~HkjfQ--{gl0iL[5X-P{ٔXn1k47IS#|]]U=`[nڧ"Iɽ kNاBAV5 ^8]UPv=pLb[Bb&m%"$O2b\AYՊxiuvr#Bd̎f]T')Ec?^Yyΰ/ s;btEendstream endobj 1070 0 obj << /Type /Font @@ -10734,14 +10712,14 @@ endobj /FirstChar 35 /LastChar 122 /Widths 2274 0 R -/BaseFont /UHMCKE+NimbusMonL-BoldObli +/BaseFont /DNCEWD+NimbusMonL-BoldObli /FontDescriptor 1068 0 R >> endobj 1068 0 obj << /Ascent 624 /CapHeight 552 /Descent -126 -/FontName /UHMCKE+NimbusMonL-BoldObli +/FontName /DNCEWD+NimbusMonL-BoldObli /ItalicAngle -12 /StemV 103 /XHeight 439 @@ -10766,7 +10744,7 @@ x www4XpNpysu7^ko͵撹GC"n` q Tv.J, KWUS[0 Ft!`{) $@f;???2 @likk2011 ߑH= dhQ5A ۂjUd*Y=h Ps}k 6ٻfZsa}w. 3[  p9ہ]\`36lofjWov rtvx{\ .f`G-?X!v7Os3׿Z{yC!@ 08=r9:.lo - K-Ohw^Q`Efxiym Gײ[8a7wuw "s[JOe=$_ER˸ڪ q(gl΀'Wz G<6q{7aX9XaȀ=@j`h6 g[=Mۿ//7.u -OG*;/ 7 ;cg/2Mϳ2 ӿHۛ99۲/M㿿ڃ@ 3_f!ٙoyR=]0ZE&5 sG/; + K-Ohw^Q`Efxiym Gײ[8a7wuw "s[JOe=$_ER˸ڪ q(gl΀'Wz G<6q{7aX9XaȀ=@j`h6 g[=Mۿ//7. u -OG*;/ 7 ;cg/2Mϳ2 ӿHۛ99۲/M㿿ڃ@ 3_f!ٙoyR=]0ZE&5 sG/; C]tiR ݅XmLAJ2ucfaytv7G5J8޻R:c66oxp{)7F 6:)DT_;iv";)mq*?15_N[ǯ="/LI}klB-|oRk&[&reDQn?[K797//_!mџ ʓH]yA8\ٟ.hBj{ȣt= !DږbOt8&#-L.Ii\hR xNL Vμ0':n]k+QbP2,鼕8S>mLp]_1,bMz\#m-$ӓS4cW"?^aǢ;P<֋2&<Adޡ*1)n>,Ua4U/ CԽ!L0Bk؟fRkSGD:,aX}K+ɥa5b=LA!. ;EF`;[a9\@~3ű RIPEPʕ!.lbl!3Ԫʝ=:5ħ"/pg7<_ ¤(LFR.31s[\('t;w&YM?cmbU*X/2I y^TAHAmf ɏ9ۑa_ˮar;zp=@[>`SWNta7&%XΒ{ w1 $tL+Qz4m_aBkzKH-M_p:4 1NYIzW۝y 3TÁu&6Ӧ0mBwQIRSj>ŧҗQFbp5S7ulI*(>$i wi!Q4…vU|Y wuNWdt[Km8~=i5]SMj. qyѿZ6kşZzI :N=qo+BdAYgOtN.Emv]4}Ұ'~Rfv5cى)8js;CL~%P"U^6P'% ' Nurp~Q }:|lLǎH|wA nT:z( !ɯ_vE|E#uU9x.dv!:8ـ;pJ#WT ª^'HmAFr4,=gK3M(R @@ -10798,7 +10776,7 @@ L u{1Tt+jNpC4@f:)0tuw`J_fp@ cCrjRPQ[C2J~?.p޻VXz%^ε'RxE#ET`T*4d ;Qͷeɍŵ-~jͶŏ`k(va ឆ*lNfrNJ1|/04jȿ>VE" OZz,q!]3*؜>ŭ{+$vfx[VaXݸ#O fegsBgtD1?Bmbv9'2S☟/]`k$:DK$r[[/oᇦ~fwHCn E6Kzv $g8qx!]`b6#2P֊>)ЦʈQІ)C(Ճ}R~_>{u9;ƃn'\ =i{,eb=Źۈ6߮܀AŃlϺΛv6 5Rj8ph. 1,Sd^5 O iᔚ8ᧈCMIrd#588ꯦc9f-mD{nʢ,BdK*FΑt028!ۙh"}8B"f]M<"$[nwYŗu6G=G(fjwf_YmP'MWuKj\EE}SycPc UW΅{gV)qBPg jJ!O^=F~Hץ[ ɻy<]REx{r.SzNrcOd6F ZŻpLllӞhs,"Tq^Or,şE/*f#J8\TH6Vq_(7QNQK7Vӯv!YԫΓQڗ>mНNYJ5I^T3Ey+fۥ԰ H7۳k 9?b& =eG"kM孕XaI\mh]T8NKmp?Q㷰U[y|Z&AL(^X&*H̷lg"o aT'z^u?%tc VuA|ה6>1'2ogo KT3r bBWnPZ)dBTʹA5S5TU:ꋰzBnm`L !H+ISqS&bF gVYb(X]>)FV`/#߾!Ȏb>"*2007T} fTMEf>5qրm)~tL({C^m'y؈~ EqTCy+vFZpZU1촂D4Bg9{PSv$ \xll5i$TlFڗ}Gf< Ƞ-%2bh{agCW{e1F'G)a.BG=(CjHk_iPtk7zet9)U1M6 4*k?<ꮢN|P.n||U+3FMhƜ 9?hHnr -0ŇUPA7Fw'@P)BFp=(LN-Y.F1N4.{H/B0N%@&ZѻBhٜ큄W$K[it9;*FPkxOy/OwpB"6l:UeP -^; Xޟbk*G/O3(|hɛ%Y6M~O }%K|9W+[XP˸bh~АT:JM,Ԛf4nh~1}ޮ[/0,1 4E]MIw1x}؀`dt.]^بH(kOGɯQ"gϟuAh{f{iv٦=9)ԕ#KT+"dXkS.]l't8m?Eendstream +^; Xޟbk*G/O3(|hɛ%Y6M~O }%K|9W+[XP˸bh~АT:JM,Ԛf4nh~1}ޮ[/0,1 4E]MIw1x}؀`dt.]^بH(kOGɯQ"gϟuAh{f{iv٦=9)ԕ#KT+"dXkS.]l't8mkendstream endobj 1062 0 obj << /Type /Font @@ -10807,14 +10785,14 @@ endobj /FirstChar 34 /LastChar 122 /Widths 2275 0 R -/BaseFont /PPECDT+NimbusMonL-ReguObli +/BaseFont /TGVXWF+NimbusMonL-ReguObli /FontDescriptor 1060 0 R >> endobj 1060 0 obj << /Ascent 625 /CapHeight 557 /Descent -147 -/FontName /PPECDT+NimbusMonL-ReguObli +/FontName /TGVXWF+NimbusMonL-ReguObli /ItalicAngle -12 /StemV 43 /XHeight 426 @@ -10838,7 +10816,7 @@ xڬ .F #['*#Ҝb 9 N&Fc؛8X89X8 l`akdbOvJ__0;'g'#G {gߨ bN;ӿvF./_Vg ['? MNcwW.Nf-/__u =u_^+ g'kSz&16agP$mMLODPM`lb g7$e>(o!7rs3;^0 g| l,=f O  dk -Fz+-,M,{/_.F#ؔ-li:ۿM&_z7,ny)eYobY;%!,lce1sp9L>ha/YdF?t懭?Sl`kw_>u?ڲOe :ܑIQ>&БF^]JivsC)꣱> kT|<-N@R hE0MvFգIş%ӝ,P7/T$hFi q]HM@(uI/CGG{qirx\ɣrp4U*"3'1/zG$917™y*G|1O`GG\.=q;Lɻ;ēn\YN1LFb$]#bbaOcxwK%&Bo"侲UU(d? j\InQ9~5\Ys 4;>ꪅc`r *1I>T +Fz+-,M,{/_.F#ؔ-li:ۿM&_z78ny)eYobY;%!,lce1sp9L>ha/YdF?t懭?Sl`kw_>u?ڲOe :ܑIQ>&БF^]JivsC)꣱> kT|<-N@R hE0MvFգIş%ӝ,P7/T$hFi q]HM@(uI/CGG{qirx\ɣrp4U*"3'1/zG$917™y*G|1O`GG\.=q;Lɻ;ēn\YN1LFb$]#bbaOcxwK%&Bo"侲UU(d? j\InQ9~5\Ys 4;>ꪅc`r *1I>T -KC]@e Re78X ^bfiW6h("?$VS̓-}DJ2$~TD:Nq#5" 󧈼QჶLȵc؉/WX2x-[F7sW{4B pǀLVE`KV֞\ͪk:K?>1y9d5 @P2Ͱ]6(9`~ ̢ +9yƢ]J* gK]?eC(m D\NԴ|ǦUf @@ -10907,7 +10885,7 @@ F /KnEK(xww\3k!lQe8nh8tr|BUwQ)gϣW@P񄥾LZ7(fl9 bf rᷚP}p *yB/1;A23SswoVv{Xc9'*:҈V)BSz)X_ӊpm{zu)c)+H2Qi'ڱ׉b@akEvBakR:F~Ȓ̍mg4v~\I ^<[7-%q5mʞtBdc;|W7xSy4v Q2Rwr\CVD -`5y@k"5)1R-DH »DdMo3w5Gv`L2uobr[v^^P]QS^?_ 'C2T5y [<;}hL4mMméҎ/}"B0%VE~b(e峕UiNi܄{X#=d[娽 OHV vGJMGLX^9ymiZPpB5#sW+*)OD_*y81sY/NI8w֦.v.r͞Ṉ;7{EVY|WN`WپshI(x^m+O':QGr[XFR;jI5A0 {Ab8ATQmO@ iVlӸCX;$aPgakq*{ngl2G Y.ߓSl-%-eppW8בfš=ΆKb/$',Aendstream +`5y@k"5)1R-DH »DdMo3w5Gv`L2uobr[v^^P]QS^?_ 'C2T5y [<;}hL4mMméҎ/}"B0%VE~b(e峕UiNi܄{X#=d[娽 OHV vGJMGLX^9ymiZPpB5#sW+*)OD_*y81sY/NI8w֦.v.r͞Ṉ;7{EVY|WN`WپshI(x^m+O':QGr[XFR;jI5A0 {Ab8ATQmO@ iVlӸCX;$aPgakq*{ngl2G Y.ߓSl-%-eppW8בfš=ΆKb/$',endstream endobj 985 0 obj << /Type /Font @@ -10916,14 +10894,14 @@ endobj /FirstChar 34 /LastChar 125 /Widths 2276 0 R -/BaseFont /VFOFBM+NimbusMonL-Bold +/BaseFont /OZWMVG+NimbusMonL-Bold /FontDescriptor 983 0 R >> endobj 983 0 obj << /Ascent 624 /CapHeight 552 /Descent -126 -/FontName /VFOFBM+NimbusMonL-Bold +/FontName /OZWMVG+NimbusMonL-Bold /ItalicAngle 0 /StemV 101 /XHeight 439 @@ -10944,7 +10922,7 @@ endobj >> stream xڬct&۶mWTc۶mb۶]*[sqn/}{ߚx33c) 813rͭ:;)Mlpdd"@C's[QC' 7@h L\\\pd[;wsS3' Y t6.@+[;k_D d[" -RJ y5`hPtien578&F6HK`pMq掎SC3pY9C_lFXSutr4r0s(*oNfNv4ؚ45r:8nN ;Y_4mL-hj`ltt W{C;;+e+q0wrZ11i ?"ecb `b\?;C;h o$Ne>$oEF%{ZJ}al+CW!?5&#dwB6agQ hhdd01;lV6k:&F𩚙Y3z6IH # Io꿢jnhEuxt,9_g9C's7ߖI?`ll'C yעn@#߶F$oEF%{ZJ}al+CW!?5&#dwB6agQ hhdd01;lV6k:&F𩚙Y3z6IHΠ,$*'Io꿢jnhEuxt,9_g9C's7ߖI?`ll'C yעn@#߶FF{1(zR$T}4 z%gQWZJzPߧ;X`H\ I|Rc1:QA'?=R @’@ G hUxSA7!ݴ_}jt{呑FX˾*ٴ˾'A &9HWJZw&smŸ 쿝$ Ʉ'~w 󬵮~C]Q,wm'c wDis$Y1f&>.j蝳95uV?m=8ib/4ll֒$):Srt#/syd _vX"4]Ԇf-FÕFGs!kt> @@ -11025,7 +11003,7 @@ i ^h hZ/_7+P&&$+Nȶp ~I(cڟYg%p%>HiL\(_8CR{ r0{Q2Za*7cJI]1=SMXGMP:*OT9D*z*ڞ_hg 9j"J7ޮ(hT(ʙċVq -o] }9B7 H{i`T&Vs"VMoi׈{C^;_g`,2 n R ɫǶ]juibV!Q>aO$y"--ŵ q ֈ"[ mcA"t8Q+PKєh_ $+S$ؙezv~7EhZނӪHݝmݑ("wnꛝՔ^y$33i=+iWum<Ⱥ][QgShSݻSXw@`z>ېB"Ʈ.(AN|w3n1eq޸XL%1;M*^OUyoRѩ lպRyQ̷XY2P+$o7SDEGGv.գPH^ ujzZ+3ƴNcpendstream +o] }9B7 H{i`T&Vs"VMoi׈{C^;_g`,2 n R ɫǶ]juibV!Q>aO$y"--ŵ q ֈ"[ mcA"t8Q+PKєh_ $+S$ؙezv~7EhZނӪHݝmݑ("wnꛝՔ^y$33i=+iWum<Ⱥ][QgShSݻSXw@`z>ېB"Ʈ.(AN|w3n1eq޸XL%1;M*^OUyoRѩ lպRyQ̷XY2P+$o7SDEGGv.գPH^ ujzZ+3ƴNc"endstream endobj 969 0 obj << /Type /Font @@ -11034,14 +11012,14 @@ endobj /FirstChar 33 /LastChar 125 /Widths 2277 0 R -/BaseFont /KDOOEY+NimbusMonL-Regu +/BaseFont /RAJTMH+NimbusMonL-Regu /FontDescriptor 967 0 R >> endobj 967 0 obj << /Ascent 625 /CapHeight 557 /Descent -147 -/FontName /KDOOEY+NimbusMonL-Regu +/FontName /RAJTMH+NimbusMonL-Regu /ItalicAngle 0 /StemV 41 /XHeight 426 @@ -11061,76 +11039,66 @@ endobj /Filter /FlateDecode >> stream -xڬct].v*Icul'FNFǶm۶͎cw>cjk^s^Z5FQ)0%@ ,<5e E##SK{Y) ௙R h3y@S jdinP堡/?.c@F:[}p;@)U@0D%ԒjIo.6&YK3`f`bogjOkΌFg0 ttv t;فd3q1v3d/Lldͪ(&:AFr;[f=MM\i__(e Z:;y_e8[ڙW' /__}l<m/ 1cD`7 onsK;=vS\N?{oFv6S=oJʌs"H?"owCz;-_Ac.K=5Rhbc ۙUVKg Kw%`fdwVٙl,58 , S4gv2x&5QmQ )^_A@DC?ػX8 ߃/"Z,:̌,37gǨLn489_ov݁&+&Vi:ܑ)1>ȑE5~iaܕ?fx~{,;|JP|(h зvr2"_hDy,@is0M))|t::2{ HH O -51PP[By{Ju glC(rFjfpC`VBj+s^"򜒣\pkHNZlo{O}qM g@ -v\si 'o0=Kwn)i8dƐu͈L8{8y'!H`9'z6V Dp.h4ǐ8v]BKϣ_%=%N[ Zߗ8OvA -ų:]Nj?1ܡ}߬Eߙㅰ]x9hTr7r x'z줔(I6R*n5`xZie]ntM@֟ :WHg :gqQ5*<8Բiir:d*$njM ,tE2g0ACNjIybLŢ|cd&Г}7ZVJf!`/aiCB2l⸡ůۉ )/h0XZ=p|K 3Obc\2%׹߰% -@dJ'T @Zl,P*07oRȁQ Sarmx ZHn -z jNE'M _Hq z9WO\Y`G^aQ^mRDyYľwfkV_dqUMn<%D}^9ڙ/˜z.)/0םΟ r:;:of\sGysxQ!X[EsAmNB(^WoɅqeQoP'۱vTԛ`ޣ>G}xeV#Eb@:4O,ۓ֘ w@) eGJ (P [v޲z< J YC^Rk eM]@KBtF &e *V ` -`K>E9%eKb6$OwsjN'uYvuC0=OSGQ{Mqʿw^4)pD^Wi 22QBe8+(#x2d~r%:98%5.݋I9n )6(7 :T $ÓjI,n݃0C5r {4uJS·1QI[qB㧐ThB$*3ldoHI#A<;(m0w[bv /&f5 h:ߐ܀>ȴ!^$!k' ?y3}Q(+pR_jy -j)Ԉ9P͸\{'hvʌ=N(ԙއR--UաA^1!>k;oI &ZA`H=&;4v ]ˠZNnb1[^Mᬯij _Tȧl`S .XGe(p. CFJ)z9'-Gܶ [|T l5 BZ"䬩9ȵT*qq4dG.i>֪tѱI rvWLa%AXeXo^KE-Bޮ1^ހ8U446 -`YzY,lstψS钏ZQ8 !@`nB`NNw!$%( κC$Q -=Ry:S΍G~.l1߫g ?o!==xQWP8?~|xtW /UkdYiHxl?bqyx@cϷP(&.!Gт=Wc71W28';2[.x׵w,E h@3>WY}aNy59O -#=X6/j5ՉXNxUlŕA2fNy BK@z1ſf͍nҩ4mmmy;-u/A^O3U3@ݱX#`BZ -y؜X6$XbL֯6SGk%Pjd\c_MM7IJ1Ҍ Co) -} xܲtV675)Ǔ\bq!̸glnëN4 -/ @e2bƆwUUq`F⊂n{5P x0 -\T^7–4N$$T-L3Κ-hT8@Ok#M[/xO:"4xLZ9r; {#'Sv{ <@nTfɶm|ŬH){6mpWsʏS8Bn/ߜrXQ~F+AioR_-v0JHq'z0:P-v\n8Uwtwt?lwP2<8;ɥJ:]7ƊYăŮ<"Lh/OQ烛Tʑ2Ud7G 2oQIB6!⏌'B,>ngld:E'(̲gX 0LZO2X臄2&e :VNKXjvt6%_־l+,zp%g.#C4#,jsd~.RE?ZH1 -v3 *JC -+N5Nj4x]ݵm+Zf;?ePoÝI뼓F<{*-5 )c -#o ͘sA6?\$ h O@?G/17@OW-6q޷l؅"2OcPp‡T51 &uS,͉p˟{%ie~ - -8#D=ږ'ƀ7a^MXsnjh1Bt\=/t2K(HX ̨W2lǠWy|`ȅkY: |Dw E)*jsV]Sl|f&E5LV V Z܊2M%V`߿1T@@jLPȘ֨s* -IƖT-Q5߇[@njoTsa;?IB,$qGqPIJ ƻ(S`RHRp/i6vȻvoU;]W魍ysQ$Z koÀOΣ2U>sUtO?p'@d۹KuCeorE3#$YjyIOu )8} |84G'.2c2GdL6(1&grP$A+d_8\'wT`S^Jk_HΡ K.:vc"Am.lȤ4) -4=_ACynlTSIlBDgelȢsy|RJs%ogDT+g& - -RL26W0*b"Q 8Ҝ3,~~yܵ!k}IU? -^.;<\jB:kotaA=('HN!z^kwKˎ̴ߪ&ZS_!9mx,by5,{Դ9ss_=B37MgRS aL4Ɓ͜d䒶Zԧq 6A3vbwq]o%+DX2Pv7?ͮ=D"EL} #WY"C(a ,`}TaRL΋W9o֔c/9*pOj `= ^SVn@&24.0h-5zPz.x)+!FVqA#:F=Ca祐1d1x29)C$V" 1FrnO$9ޝZ >qXIQ!y|(wh"nKB -/591)MY\5 yLU!?䡳i}nf^;Qb RBr ϿI-9:5ŷ2>3dFc,17>< -2hdw,}ps9KuN4ݜTףbK؆Fi$'p}tɨ"3Utx&x4D KZgVxC]9ytxH# h ->_@[cQY]%! -Ψwt ?oAZdv6I)RU (@ڔiУ ۚ/&%ACFa;ZjQBρYIN{y|hTtRMLWK&qaMPj́_2mYLݧΌrgs7Nڋ+Aׇ`No%~aݖo~F.#3{9D9; QmgsH;0C[8ZԀ>შYe{MA\\biOA3 -'qqiCz(J=]8׆3`b^0 uDA"e57 "jLLX'N-ZnhK$%Jrrۭyewylv-тvL|N*ed>#<v¹ΪWՉd sFL">nfhxq~K~ZW -D9Nc("~]@pmMSy|XJgѠbd̔qs/}Q,"ǧLsJnJ8~ٓ?zNlI m󯔫͗d.N~mY kDhՑm/} #I&}XQ3UZ*蜷,@>xY62Hـ!<'k4iӉrרּ(f9lC1xxVjŌDA=pzvIk@zfOokN6emWQ ]YunȈqB$[:ЋϿme+(ބjLl3b>1Un,wGD<1)gZy}+R &.*aD>s,6'?0MR4K6 91@+= Ne?ZÂfRcPeQ"I8 -4gL?l_؈$-:DpBuCb#13; -*K򷶇;-"+ܦ˳-eR3]u7a.R8zA~nTLpYT[7U=|*_A/*C?Ch67 Wx,V[?R^oH;Ǩ=kku3ẇNbnNY)ct-yJHd`m}K49W YM3 |ЧD N"dYD@ѥ*1E.Mr -45+}#.筤R -S׸oւfx{?]{jA}{v$FBh/oF"UPSkwU08l9|2l,R,;?Yy$䯠+aB5EÇ婳In$JHbNH^ْaVhޚW>#žraWvdyEC /c7>+΄6,,V>'$ҵe P'3f3[l64dDZXbT<0o|ٗG $:sי[ -|f؋ kog侖rs%Z8$-.T/f=(.EFRd3x 3k!Gռ6L[-)%g?!W<דxxmA*ŸOLw0VEZcJv=o#HP"Ώ QؿfLؒ4e6yH3g1x1D^~H'3Pf !PfZ !d!%;hGE[Y5;mJQ6"Rbª9UhDy}|#ړ'!["Ղ'ˎȾ:3kV_(JRa+$H-VdoԳH\[d,5N#Gޥsb{ig` ?"q͌FD^ԏ^Gw]v3)&). -J̺6I> $H(;LABKqrm˵+؂۾&dN0Ir!7%tj[ ezpZvi3l*.p.&ѷ Kd -ÎN *匶lIUQ8( J 8a 5X~+am:ʜjP^JsFmA@[r@ ['O24-ԉQy"빟z2\C ]tQ;G@(^|B(8گsHbM,)Ԡ%3Jɽ@ gJm)l l$ށ_W? (bSn !Y!~Qߠ{{Q$K[ N([bکHQ3f6 -mR $ 6K8} bS5۠UXs^=$Bށ`X&=w3ԁ]^NʻAc0ڍ5ut) ؆F|ZEVjC炡ˀyrqBU K%BIhsrc\uL}dl#s -xP1S'Ĕ/m*5blZhE5ڰZʂ?7/ ʼ؇]Ϗ|;B'rUS,?F̒$mkk"Va+S%VE4:T?hxUD%( -Dj&$>g5d( -xOS.eNűn5w֋I(8nhkͬP#Q'aT$Ry&S(v8m`iʽ]rJQ5x9–Bga}x2D1I4r17!C,oGv;Td{+W ;3S4q_nwh!^vC2x,#F/VKOiXJ6Ck - L.Ի4,˅)]*Vi}I& 1sgY1R}}$˶|>Oى@)`Lyowk5VSm ͇)"q%U #}VȷGlxR{hY%k# -_7ֈƯeeT\q֮pswfidG#C!3´e.V~4'N'-cX."Wxy0^a-K%FƲ ᴔn4t{y \I; -$( WgxeQ:pКaB 7'ΐ [H{ _*!NT[D_l (b/})mR~pLPK M5?Ʈ*QF2g#>~;H-95G 9K[c~@H"ΖE(M@4/0{oNcKCun̗*Ոh1+(d04D`IRN45H3-]5`EJd>3 BgRn"K`~[J:4q7v`=R}E:s͘4nQr,ɢk^I-L1#iճq{#&#0pk+;R,oU_nJR -683 AehD~ioԍQbFypR<f&a(z -YT_C} _zA-nuZgvXP5t O]UhN'u6V3n[}Mm9.Q(Ƃl3EȽF7Cǡ ҆ԷX>rV87^#ą*[Á00Ά\-z0Cx:MVNcICOgUۼ*@Uae+b̥QP/AnueM"zpJ"U +?f%%lkLO^Fi,Tg1 -l"\\o8b{IPwv QH$ɴL`eѲJTΕ^jr:׻n d@ +?Ju㭿μ|P4p:TuqkZw<㸺 Zw~3Ҹ{ KKu+*X|,^fNi)r)[v/#E"|7ԄD 2_9VIPq7VFlH#x/,&-{){]?gy+Ю<`Ks,lky"3nKuu2%/nqh#L8.o3> -"heFI:N"|ZL{ݛj+]p7j1=7"; p9\EkT9)5zHaHC4BGE̫yD^K%V^DJyLE'0=2cѕ9~'Ŗ CyGZf \n&xIn\ӗa$ΨBBb"2h=:fjR9c>z LXeruu64 "x%J#àgMYq,n@fiyܯX'ikZ|d%0 ,cY]o5ӈP|TZBxM~`ԍP -o-` Yα۰Ca7v^ -%CUMaϹu:؃C(|c& ɼ8'x被 p<]B[+˳8Wb[T|#NQCWG|SmFyl^efCy JL;L]eAbPAI#܋Bk:FH`絬 yPn#Z\72L]ˊ-*#ںᗵg摃> f7i0/:n3ew g8Qq]Q׷Ԥ5FK( RMblJn>+c~1rjM U;hG˒DWRIԮH$@2AD&IU"9~De R(n..k n`3suF(w+aڨF~zy{ >gS(9&IdX2)Fb8pPX,G(x2sP% fajUh.,wѫ -cL2 a_Hh 2/Zj@Ҧ7nS}@N: 3ZFkwyR?]|DuV=+d,󴵋t}B 9QP֕g$W70ds`/]NCh5$Ylv6Z:3~|Q_6tsWFg`} |5* -3 0.aÒ AJ&0C|R*([ \eZ Z s%_,sEj]]Qox{T >Du:eC5jQjC̆Y{G $7wA_sPsS=xEJI7zLY>'.?436LPif]YIuSnYWjRdAMwN`&'"cx?d[hxB{X}689V3*V,NIĒ]]&kϗʭ!E>BGD D`zD9D^PC`p޸qS/@j_;),HNeʄcwL^M\/QrΫDFCzmb$cW%—\ْ.rU+ֽU+A5J);z_{ J !u3e|Y*c);.#DhGFy;u=2_\?c~5V? -~z_)Rf4Vfk+{cSxpB6U\AM{o1 GKedf&- LHTLq> 3u3.Dkr%[V! =?(FV>DT'L޻tD0jiJW:?ktDt,eC8~^WhᲛ &psKvy}Yh/q\1ά.5HLUc|{8^4`P߽Q5z=`A$=7<ZLLSXN}Db6,v;=#c(FrEUA7񰤑  0 -Vh/MD:N:#>PLwQ5Gb @` f(iVO6 `.#'U-AnGG7WāFR$\x}\XhGvD=+A},A,[߶UJMO=A -Y:AXqQ,'-EqO) GV4f,RX=" Vp" 4^dw3{T )1fI>E >W;AjGB.L)y{k^ ,K@[ dOŲ_t Nm,bܑnI7(*ݛ6Rr.ɹHF&廚,6鰦Nᮣ7/R+dKƿnWL|Q>i"Qgd>D𸋞Sn.y=(!-h^< ]+,Aؠ;zES< -ɴ C.J{ҦsyZ;k3ѤFZFmp:%d -)lk2' "|syu\Z'YMI_~)bft=bS#Uk.` -SD( (%U)7%g:F {k1Sʻ ] -G7n}{ef@ƃZt'Dub k,ۚ( ĐnGw3pH4 I.%H{><@J>Nx/^nvQU =[#C]6ъh& # yk6q +xڬct].v*Icul'[bb۶m۶cw>cjk^s^Z5FQ)0%lA ,<5e ECkkC ;Y)5௙Rh3y@ jghafP堡/?.#@F:Y}pZmA)U@0D%ԒjI-oFY c`j`lgkbOkN'{01`tpr p9ڂd5v6vSdh/L dhaͪ(&:A憠r;Yv=M쌝i__( eX8[_e8;YؚWG5/__} m/6eD`71on3 [vg\?{o&v)oJʌs"H?"owCz; _Ac. =5Rhlm ۚUV ' 7`jhwVٚ-l58 , S50g&2x&q)9-^_A@DC?ع<X8 ߃/"Z-̌,53gǨ mMn4;;:_ov݀+vƼAi:ܑ)1>ȑ`Fբ^ߴ]J`ƦҴGc}8T)|"o +tGLzQ7K;P?8ՏJ>`g:Yni(\ +<٣6bw5a_|M<}~?$ˉuBC(CBi{Ju glC(bZjfpC@VBj+s^"pjmHNZ;o{O}qM g@ +v_sK`z6$AܪU ԼqTɌ!N딛/4#pp>MBrM5G:M{εKJC@/)qpg g]^1ܠ߬Dߙᅰ]x9hNT:~r7Ar x'줔(IRf*5`xZieV]讍tߍ@֟ :WHg ;gqQ6*<8Բnir{:^2@cL&aSINɤe[}H}A4Og +7N{P3/[]pCfeB8|* %Q0dhy9H75'i}={LXwa6A5o7FAb#O[?ny= 7_MS?gЀkM!,s-@m.@ultڎ{/a?8AKjBQMrJF7ETtV''3n3=ܽ(!a5&' n612"8F _;٦kOjwX FVfz1iRQKz$+ ,o@r*An,,}e)ywG~(JYGy T0}O7&w֟D@=I~s#"Jk6t`bB}FscƁ_K3B|=iL*Y/ d@O9FԕΏk&;/ޯ/]H}gYnqC#!kB<./ǤXd\i-z+ɥKHQhF wյ̖ $^?Bu):p uShϩUbM(&gP \`{$ɦc%_ 攼:iϿJ#H)o=A|iHo5x8լ?[8V=M.S`ǿ%%juJs=kVHCV"ˆKxfxkv7`Jm,i싗M|X2<.h0dn g-KkenI`s\Q +Hq<)Xe.vU6j(O"A@ _ޞX$#alxUeh[fd._l8-()Z՟-UL u!lI$)I@A54YˌQ!I +z2#J_NaYC>\zgĈsjd!X w2m8p!osC?yT@[QcqҎ=5(Ρm I/a1VGKj]ؠw}o8A#\SM,ZkyH( ԊS]MC~TܤPg}p J' fؑV"bdsݝ~vz-t~Un5\յISU >KHm[nKYݼ|(s@w >sϽV +X9UWK8? `(zܛIo_e>&p$oLJ/R-O,FӐu.ͭXݏF:L@߸+CVD$2ܘT:‡4O?7C *VB6Vj۾ f1d |@OBG T 1=u1&\Tĉ(64ϛ쥗6n4~c[zFbƒRJ.kD+GzԹm_C|0/X-`_1+R˸M*&`*|TF-\z#㉸Pb7K"*t[qX2?ٮ>cQ +$"d" <-ד !!၌Io魕0V;qkAƱ!͹iɗ?E\6qVw8_3D Rpd~.RE?K1 +v1 (JC ++N5NjYݵi+Zf;?evWkŝI봓F4{*-5 )2xi#5.sV ^`VŢURp41$F88 lV{vw~&꾃~EKy Dj-v'H=~ܦ!UMƂqzKs"NIZ&s/}QE1EA8!Z%u47)-x i#},V{ 3Lk0d1N@Xzdi𻆢YٹՂm.)6>NS"jHLnEKh_\RC* 5 T(eLj9ӅerWtAltcKLӚCm c7:HAѝ$k!8#[;mW$Q]TPpʩj0)p)8H4d9YV]mze;.+Ƽ9+C7a%B{PG>\8ӏ>\ +07tRP{myZ2<ijzx '2D,9tޱvRSpC%OheUfLH)Ѧ"2TVޤVx/>^$pEڟ <|+jlJKiM ٗ~!Q{Ǵ"HПc!v+25lqJMW3hs:T11Q?naA fRTq۷>*QՊgš¾p߰LʫHvN4'F _?jw`Dz?ɤ}? ]{jqLtsN!CP5÷|~0Ƞ iOjhJb =Ɍ;efUoՊ-gٯςhCּX 0Kv5mA\AW*P~_rqE +.F5|EK_kU&"d΅#5K"20.FJ(2\z~"*Xה-=!2 ZK 3~`J&qmvp;ռ}tЈDNQ/p@y)diDDL"Y ^/;>jcP;)>DqLhF\:zPK b{:b_Dx4wBNFX4ri:'NXQlC#4w>OLZxdTH*:P=@[CQim! +ΨWt ?oAZdv6I)RU(@ڔaУ ۚ/&%ACFa;ZjQBǁYIN{y|hXtRMLWK&qaEPj́_2mYLݧΌrgsӯNڋ+A׃7gNk%~aݖo~F.#3{9D1; QZ8w&_ajq r>}~9QQRߏ +n_;WZ(d >͢*q#rwQ;j^kNyz tjYrCD[")Q#n]c((C=g}F`k940ܧke:#_tRY LNAKZ' KLHtvHSe6S<]k>2GN#u0UQK/<'\`y5LZ nzL)vX[M5oHLgQz<56c.UvM{bUWLپ,mx*+ikX{u[D|.qlAMSK3r,Z<ˍm)+hza~^؋YxM67 +}Q@_! n q^c7Nh?Dbk]zZ[X=mśP :WGtC#<אV 'yލ1\򈿃9&Tް;oQ +d[Eܭ`ndiBFt m<{ tJD|;&Gico-aA3W(2MY(m F{gz&V__a6palĺuwnc"8n:!1w͑ݝg %[Inٖ~gd/~ugp`PTiH2\)Й0zx)Eq;7,s,izխ*i\~]m  K!!ou4w<^UG/)cy$ˋ> tCԞ6rеj); C'17'IŬ1:ϖpV% +2ѦyWjΌU@,&JS"oZ,tpbc"i}Z~KX`i~l`I%>ÑHVEōU Kַw+JS=˟.=|>=ی + Ca47C݃~Zé*s @qp![~_:[8&Np0t"4q%iFhH81ѐ=2LlK:isB/]P6[x _#6}f T%*Fǝ}ّ8?ϛP Ҭ<7gVq_fKlFk(w(:WyxCIBۨ[Nbcpq4j"#s7hНag^c Q'?Aʅh(LMa.(< ⹮%kT)ƽGb8ؗt,D*Қ.S:Y|'Fzyv~lЅ5fA--sEZEQ=яMTs?8t2eVe&1B\q(ɽA"_8vTD=eU֮e#"E-axSe;F$Y7=Hޯ~p՝) +PXY-x"yQC=&oҿ$BbQ80jU9Ðr5CA<զ1Rg[X- ?ebk^6* J (І71)PNа/rt X& ឵fH.J9P>e'tl1M#,1#ܭĚ#[N).E/6~ĕT1Y#:aI]g=㟗26HZ+k +z|~X!F`[mݻ}SqM]&ԛꚥ@H n +cXAҜ.; 'C^zn塳zIf.[bO\o2@cRvQ5_nu+0p%(p,\qGJzpFzB+> ibcЗޜ:3\0/4cTm q\c b{OhD~#H&쿁jdTC cBe({f9z+2H{YtCX45=v $VlYT PND 44k[|yRKOsOsN< $ O8,xMSc1#Х[VD:1l z,$λ᷵C}c +R%W糖;O،IL%ǒ,ۼF>|aײ4m?3V=_L=Rx;`ihܗVGuIl?_aEX]Vb\0&Bs:k~`8gk[ޖC*q%b,ͦY=Sܛ)kT}3wZY+̿Z m@}],jIJǙsm!=1P1@\5dբ+ 3[9Dݴ;As-lFQRav[A(䕨:>a$/)MU_qX9(9N3+wQugGed@LkZ@Qvۘ!-+dO%\&)ˣzݻv10 䘰T7̛ eNOwOC{gWu3u*/[7,GܰZR ύǂ*5tQ,O^HO^!VnY2?K0eXkzy*"\jgFiC.Ne딖"a4TϹ)P~CMH scň$i~}c5mD64G¢sҜsGʝ 49Ɇ21膞P1n`\_RbΑ6d.N:<2Q.jia(Ť{+E +xz#JyEFRD11t@CtY$Gj%?X+?L͔ۘ_#(?\@nw"YloV_ٹ};*uxC,(|zw)`zg\MJɆ'j9WMt5WEv[rǺ4ܒ`h=BjI~ [ak +f69]Tɰb1K/&9eעhj4.[)Z +dCREm468N6<,i:x(t8n`! 86FK5JB׽VYg,&1:'D=l&菩IQ WƺRҊHws&٭kmyoltxebmHfo&H*jξkrX0 =^,./Z[X~?4x'q ^J[KOHW|@ywI: U-ML ֜ZZBX6|6˃Zų%Gc0Cs[}#\ae4R{{a4#b7…z@ FC̳cN4.~4\jtx;![EOB wkL1-M㤶@f$&U"*u A +0堮Zܪc~[Q74Hq7= du?+r^9kæq槜a^Nb:ޓC=>JЕddg]z@eaCs5z Q/FD8ȫXDO@% UMd>kZ|d%?,cYMw5ÐP|TZBxM~`ԕP +o- Yα۰Ca7מ +%CAUVMaϹu:؃C(|#& ɼ8Gx被 p<B[+˳8b׈[T|#NQߧCW;G|SmFil^efCy JL;L]eAbPAIdIPxxvZVSsh<(myh-Eʼnq!fmSڇZAlxJ|qT 4HUUmnCW][;Ztnh38 .([_~{hRt%kj)U12xg_nqWŘh95릆˪eI]"+$jW M v ZTb"}¤TS O{h?"ʲ|kz*uqtRc7J5 ZR +׷A]:#I@Pp9Ex9"F12cVrO>K>uһjr#$Qo < #_~LQxꜝ-9t@i_9ur +۱prkBCza3"!2]3v{YG s OnRC2&`NE\9&B. nRV'BV%h:.lCy%4KTf4T:4_'ULjXi 甴c=`qeCܥlmfw #tx%;$h n7pP0OIf2Tvaf4Q ,XLܧz_VMOdvDeQܪ#ةmcPQhȳ%w"?/]]i-7. V|KbƔ`FbѢ-1y4T,}ue' N0mT#?[<=C)C$h,#OPe8E(,# szM)0݂0DU4;1~0W/MY$gA-57nS}@N:3ZFkwy2L"EKPA"I1'{ cN_lb mnĜɫZo|t0>>S™RzaI %A"> N~- 2-QVh- pܹ/"5vfGWnT668^u4+kO5Q]N٠ -l_MkA=&;4hgVC5M\ƻ8\&fO;^Rҍ.,S`3yf?s&†; W,K#ٯbj[_VM2*BWM3@1(XUDr t7Ցl g h/w˼r'cUqF܊%i8YX+~rkH>OѤv1#^:?Q7Q8Tnnt#6nl q + o)S2cFKa\*@萞XsIXhe8%W6ܲyՊuoUJP'mͧs?Ǝמ+ܿeB*HH:`rL]H.~}η>H8D.Q_]̗%ت3W$@2?d`߳׆>x:9Y^:?'eI-~˦M7W_Mxq)w}+ȠGu.Y6D}KCWçRPn"8U+SyvL33Q\ɖ>UHC{ѼQ!.?;L9ZEv}03|69,wh-˟;?zp̈́y89˥HH-q\1ά.5HLUc|{8Z`P߽Q5z=W0zU r cRDCh-&)u#>"1k ÁNvD#A窠`_xXwgބ K+CܦA" +cx~XJo(c;#1}SUx f=4+䎧ZHK0 +_*ݖ 7'-o#ӝD/&sg k7/;^DKCH-oSyU}2&@:;T +݂Ư9Sftt7,-hV< ]+,Aؠ;zE]<ɤ C6R{ҺsyZ+kѤFZ!FmP:%d +)lk2' "|sye\J;YMI_~1bfd=|S=Uk +SD0 (%U17%g:FZ?{s1Sʫ ] +G7nu{ef@ƝJt'Deb k,ۚ( ĐnGw3pH4 I.%H{><@J>Nx/^nvQU =[#C]6ъh& # yk6q GkX:gׂ exu\CqK1g l 7[ٲ4[PFԴI#p"WwxN&YGƄoK?\at@=D#U&m΃:K#f`Nڬ5}=fy$VId-%#{z5Fo!IMH}Rx`/]Ҫ^37^ (FLH~@6Jx0V?KJ}gy,/$́~p\!#/- 3Uv+lEMD_Ou!:) G 91d~@q&џ<ˊ)jpp O`6àʠb*LnhbyZ-$b;* #6^*jj}5ʭtg =)G;RVwV*M\hn`Pٺz'I~V;&븙iw c3:Sa40Z: Mo~#YcVIF^v&Bozҽ<@ !VoC鷳s~A)4jsYɉ cxg4Hc=|(3qr1~tәsV;ˁ}I=*!8 {JhJ$2tKcZ=P)w,cm#dxu!^ 9i7JcԌ]+ jƻ_[hIY0*껪ݳj`?8sGx9g3èt:n:SluHxPoJAh߾W'B qJ`ka殴bg>MOB8uk7)ܿ5GVQ(Pm-FG*TAWK2z) ?3̏QOl sx5W˖zG?yD86<,yʜ%ɾajr L.!e&Ay!q`ۮ8 &CᰈPKMZQR!Vx3'l{x|#,9r&t| a3saw uݙv&R;Ƴo5$r%iav4 E;E6'h;7\oqk*u+NcO -%j\endstream +%jendstream endobj 927 0 obj << /Type /Font @@ -11154,14 +11122,14 @@ endobj /FirstChar 2 /LastChar 151 /Widths 2278 0 R -/BaseFont /UCZCWI+URWPalladioL-Ital +/BaseFont /OEBIMY+URWPalladioL-Ital /FontDescriptor 925 0 R >> endobj 925 0 obj << /Ascent 722 /CapHeight 693 /Descent -261 -/FontName /UCZCWI+URWPalladioL-Ital +/FontName /OEBIMY+URWPalladioL-Ital /ItalicAngle -9.5 /StemV 78 /XHeight 482 @@ -11184,7 +11152,7 @@ stream xڬcx]-vfǶm$+6:ضm;cul}\_ۿ=kTYZj"@I{WFV&^9AQ̉@I) 4q9؋yZ@s8 `+%@di AKO_\^tY>m)Հ@`Ĕud4R)=fj 2ȃ̀.@Z3 9蟭0q\fa@O3?lrq ,M]7u3v /L UY\uZ8X4w0sgKE]M@.W?LsA*do_0&@4_@.@[ &V9\#03*2Vs:A4 "Lm@ fE׿)4o*3ω? #kSK*; 璱?M@^7wWW+W&@. O2 -`abWk؛mAFV[li>!LYZZN]WWlΗ+#N#i)8>QQO7#+dc|`L\A=&ֿ? F#ao`쨹؛49;U_7_zV9[ge O B868o4~ ajhZ:q|ߗ;ñM^?d6,E8Պ\߂b<ؙTQ5,y!dw| w/ xpD3KkBkèqrJt@=462>7 +`abWk؛mAFV[li>!LY\WDALWlΗ+#N#i)8>QQO7#+dc|`L\A=&ֿ? F#ao`쨹؛49;U_7_zV9[ge O B868o4~ ajhZ:q|ߗ;ñM^?d6,E8Պ\߂b<ؙTQ5,y!dw| w/ xpD3KkBkèqrJt@=462>7 **)PHWBUmWOr]Vɕ $qy"zf<0f}/>bF,VUdՃJlNo+OX1-c-N1ipݛ\A?{G.'޽$5^oDҒj8R/y࣑<`^ `uvd,RH$kK>&Y ۔O&okƜmW /[B`tNGfĈHmVDϓY_k+1pҨjDj @@ -11246,7 +11214,7 @@ MI n$r XDt Ӆ2nsmOƄ;shuU9֏&;y-sP~K*z4rnp})RB+>cIw hz\mmMH<|&ws+\?V˴<=yHM'67Co+A5x5x'_ c!v~4bIpP]H^nkLYل,)tCr iϱm$hn.OW[{OFCh'W*6L1g^H]ua3g@TL_1@d7:XF.fb1\S٣֮TISҎ{9.vP_$ Ù.TjR.ziX^;-kw0HMKySc-tkk'a.*b ۶4d&*qɟX"c4 *+93 cELg%K=g~Q)ue7@`cs2e/5I*[rHD4;"hntRɴc݄u { }hx;lqf d79R2)iG&ިCeV]~T}Yd`X~T={cW 6͆Ij˂{Al s 蹔L q=*YKT&92sʛ=Ix=7v[Chw(l*q bfY YR |)U-*[rᇻw8me-PsQWNv{e=Ee>*xQu_R I?dYa/KzcgZ6q3p0, HIM,*M,fendstream +41{QlPg;($@QQ~:4 /e't>~T={cW 6͆Ij˂{Al s 蹔L q=*YKT&92sʛ=Ix=7v[Chw(l*q bfY YR |)U-*[rᇻw8me-PsQWNv{e=Ee>*xQu_R I?dYa/KzcgZ6q3p0, HIM,*M,i@fendstream endobj 827 0 obj << /Type /Font @@ -11255,14 +11223,14 @@ endobj /FirstChar 40 /LastChar 90 /Widths 2279 0 R -/BaseFont /HHKTZL+URWPalladioL-Roma-Slant_167 +/BaseFont /DZAMCL+URWPalladioL-Roma-Slant_167 /FontDescriptor 825 0 R >> endobj 825 0 obj << /Ascent 715 /CapHeight 680 /Descent -282 -/FontName /HHKTZL+URWPalladioL-Roma-Slant_167 +/FontName /DZAMCL+URWPalladioL-Roma-Slant_167 /ItalicAngle -9 /StemV 84 /XHeight 469 @@ -11283,18 +11251,18 @@ endobj >> stream xUkTgnJ+ŀ -2%X4-wT2$H20I0@,PAEJi F4 +2@ ,;"(R $$@,PAEJi F4 & X -Kڳ3}{g;33&8  Nއ@2833'6O PP$;AXEA'dRbID!"ƖX41Aqc0kqjEv ,sOa(Ă0ϰxyp[ wBE|H]H ;`g45߄, B[sx`X -p>)$:"sRݫ[cxSzKGW -Y'un_N^VTOm"x#dk^Y2O|47|m{6l\`FKi5߄xܹu6.Nĭ{.L9\qf8 -c]>{~{zqiٳVrLZa74wR2gr53 ܖ']W26=f&(#ECOKzN/ -:4(+Z1~xܦ҇t 39hc~eVDV)qNkfgxy~w9/)=Zirfؖ1u2x )Ѹ6bWoy$|f@ӱzS`^-LFMEm, -!m94ܗ=7jpL^g_]flB%DPYRr N})qYGL<4tejBfwDh?+V#ޭ;L~}kKI5فlzyYC?_VSp7JWoʯʉ΄։ETk$ 7e$-ʁYl< ?#YU{SE a]Eyy~ԟ_b 翜$N~Q*5*aTLMh>>'dPH54;p.kY7H -ntY~;ͻ_qӈN1Vԧcĺ´*T$GlX`ٻ؆٦o2;e -FBjIm?-@O^͆D$'=``l$4L}0sv|*t)P<>gQGT#kGkW9ٕb:.M9ڸp|W#找.5Zc!6h!IOLF[67?|po?!T 4/ylendstream +Kڳ3}{g;33!8` n>A2833gD\D4'qRBQpf3.E!`ɢp( 7HāX&|&Ix/ްF#apW#-:b` oHb 'fxRq$w Ɯ7Ll"!bC|.OF" +VJesn0+d"e: Bx0@mdk2p%0˓+br6K8,`ŷdgfK'KaNTj,%+D2Ą+pf +(T[BQHNVQh +X%cQ%M FPXAkL\h]&)D` +1a3l^;!e0!rG#h b?5߄L1[`X3q!)4:"sRݫ_ePzJGWa +ϙ'u_N^VTOm"ॉi5G +VҚЇgٶwz[\Y~\`FKzk /xܹu6.Nĭ{ O%\vfّ +׈S]>k~GzSqiٳVrLZa75wR2g5ӯ ܖ']W26=f.(kU>׉5Z%Fe~[=ڇ<dsVtJffp%-:!8uty+Nc)":>q]=*Q8aƜ(#s`KӐ.E|\{/ 7QFm5 xk̝pj}lU*Z@NK٨nB-kw˭Q!Z`^O CM _^͆D$'=p`l$6/4L}0kv|*tW<>gQGT#k#FkW9ٕj:.I9ڸp|W#Ɖ鮧5ZcY6hAqOLFS67?|po?!T!4 /Vendstream endobj 765 0 obj << /Type /Font @@ -11303,14 +11271,14 @@ endobj /FirstChar 13 /LastChar 110 /Widths 2281 0 R -/BaseFont /RMZCBY+CMSY10 +/BaseFont /URCRWW+CMSY10 /FontDescriptor 763 0 R >> endobj 763 0 obj << /Ascent 750 /CapHeight 683 /Descent -194 -/FontName /RMZCBY+CMSY10 +/FontName /URCRWW+CMSY10 /ItalicAngle -14.035 /StemV 85 /XHeight 431 @@ -11334,7 +11302,7 @@ endobj /Filter /FlateDecode >> stream -xڬc]%\],۶mvuٶm۶mU]Ν;o~ZωcGsb'3Ih MDlhh9*jv4v6f(!' ;[a'N1@`"ٻ;X;bPPQQzt0}p11u Qdn06kHȊdUb&&ygCk # ` ?9pM,n3q32E 7qpt p9:큓vwaL 7t27p'_7o?% d`ap2qs' o`pv5/3ckGǿ0 _7vwݿQ)-ߜFNsYBsT$lM a7vOÿ "P%a`lgk061s@2;HD'k\C:[[ؘ 3 go6f$0N[!`kWzZ0Z8Z[8L __=m%-li<Ll;˜NJ@IAAI/Q\"(ha`e03r f&Ck-c`[6=ÿt?EFu-?u7#vF\AiNu#SZ} #E~5via8*?jif8ݗ?$)ЬzSLq( H;٨tKaբqg: )\ +xڬc]%\],۶mvuٶm۶mU]Ν;o~ZωcGsb'3Ih MDlhh9*jv4v6f(!' ;[a'N1@`"ٻ;X;bPPQQzt0}p11u Qdn06kHȊdUb&&ygCk # ` ?9pM,n3q32E 7qpt p9:큓vwaL 7t27p'_7o?% d`ap2qs' o`pv5/3ckGǿ0 _7vwݿQ)-ߜFNsYBsT$lM a7vOÿ "P%a`lgk061s@2;HD'k\C:[[ؘ 3 go6f$0N[!`kWzZ0Z8Z[8L __=m%-li<Ll;˜NUSLXTI/Q\"(ha`e03r f&Ck-c`[6=ÿt?EFu-?u7#vF\AiNu#SZ} #E~5via8*?jif8ݗ?$)ЬzSLq( H;٨tKaբqg: )\ P|RbQ IOȆGG{orbp’FTjUmb3]s l~^Hbاٮ岞NH C h1R^iC{AֈqwxyWcy'OT񴚟wusPMTUN(5 Mc,]EI[Y ˆ0^ Mm} 3@ 0Gƺ>KyETh6Jw_[c B8xվVkԂIgk+(}Ő+dP9,UD&w("ZUD|y)Ղ0)` 6l¬N&W W[.N5ZS @@ -11428,7 +11396,7 @@ A u|8t^/Mp_<{*>Jn 6sRaƋrׁ]9:(`\lA7ĦK9z8nb64jE$1V|ZBX#YͪföWqYlf/8Fj_X1n (N1C9(AEޖɀf}_J:J$<BSUMYr`Q?ٱVݎhكXԇ7Ӷ,!FE^F xB*vR&N<`+N gʾ2f~mm}ixuƜx\t{C  ȷ'5' zqvipdkj@:w?bVs,%IPSÅAD`,{rfYAEϡ+LN^,YB9dbTC4JLWl0k ^T򫾦t^/3S蚇dQv(C쇵%#j075pEZ,O(CZb4PΓ{5k`JpfAvs,p̈.goP9:,'c|1ehM~fQd9LN0"/|8׃ҿ]/ z$[<~q#2 'P4Iץ?`bFH. R}#] iA7F5q6O /WbFq- ]xk%Ötdμr?qEGlq_O1L$Hlӂ|ś:v ؛<2g87%j L/ARWm )C&(q14ED;jdW q8't{r`z$~ЗV-r#Qcɹ=HECIՌaYuz8UGݡHJP+dGR]IؘNd'DN'[qIĵF,;ŗd7W_FktΘ ~ yTjnUN6\e>:3t{^p*k!13/t|eWQ#`Ib$PXSKU` AŞm%NY ʡK_`sYG,4HC'89c[ 2?N #0g,. j?xG# +.ă-c-YoUV15һc@@A LUɅԿZςSUn9mbf[T8D14#hqךE9{ЬubM'?/Gε%G3 ?hayӀ^`׏z\vP{ѕIh~`50fM -&oH[A9f˕+J'1yC \<yʇfiX. oA#3ї;_;rwĽzi+Yxhz5xu5)spy}M~ ؚ9v3rGendstream +&oH[A9f˕+J'1yC \<yʇfiX. oA#3ї;_;rwĽzi+Yxhz5xu5)spy}M~ ؚ9v3r߳;endstream endobj 762 0 obj << /Type /Font @@ -11437,14 +11405,14 @@ endobj /FirstChar 2 /LastChar 216 /Widths 2282 0 R -/BaseFont /KASQQS+URWPalladioL-Roma +/BaseFont /VZGDFG+URWPalladioL-Roma /FontDescriptor 760 0 R >> endobj 760 0 obj << /Ascent 715 /CapHeight 680 /Descent -282 -/FontName /KASQQS+URWPalladioL-Roma +/FontName /VZGDFG+URWPalladioL-Roma /ItalicAngle 0 /StemV 84 /XHeight 469 @@ -11464,7 +11432,7 @@ endobj /Filter /FlateDecode >> stream -xڬzSm]eٶ]uʶm۶m)۶m):nS}Xkf92G{G,RBy%c;CQ;[gZzNE5ykkc ;iA;kc3 ) '1##)3Y !0N' 3[Wk;{[J&&&&Brbb*b&&.FF&N&v 054',''{#m&F& Mm,~ , lzlG`akdbݿ;D~휜- ~ Ogsr;Y L"\)_? M- <~r;Z1&p413p46qr;U'Vǿv+?9X8;XB104rmfa EϨHؚ0?|&j?3CCڃN'%ʴs"H?"wC{;ɿ6C M%XX{{ɿqH84BG zZ3Z8Z[8Xt_v[cGk [5HzS60,25q:!E1aI!FW?;\"(hNEH@Ds~p0_2 2ΎZ?ek`Dl%g[O?n#GUuj}Έ+2wszȔ@H}irQ]_zGGmm W#I>4_&8>dlTǁtj^7Kһ S +xڬzSm]eٶ]uʶm۶m)۶m):nS}Xkf92G{G,RBy%c;CQ;[gZzNE5ykkc ;iA;kc3 ) '1##)3Y !0N' 3[Wk;{[J&&&&Brbb*b&&.FF&N&v 054',''{#m&F& Mm,~ , lzlG`akdbݿ;D~휜- ~ Ogsr;Y L"\)_? M- <~r;Z1&p413p46qr;U'Vǿv+?9X8;XB104rmfa EϨHؚ0?|&j?3CCڃN'%ʴs"H?"wC{;ɿ6C M%XX{{ɿqH84BG zZ3Z8Z[8Xt_v[cGk [5HzS60,25q:95) QAFW?;\"(hNEH@Ds~p0_2 2ΎZ?ek`Dl%g[O?n#GUuj}Έ+2wszȔ@H}irQ]_zGGmm W#I>4_&8>dlTǁtj^7Kһ S %`3L7)] QH|P \%}54>:2{MI KͧR!RDzݞe}"\ʤ!g?5 kT $f}Q}}7aIzQ`{1ʛ9sr5<#=364+Ǿap:"|:[5P6#\2߻O 6.'p$i2;LۖO Fy)~ C뭄a ѫGhg [&<1X{i_bf)T GAe!gFUa!*Z0/ a0~wo fJxw aL0 ^ `8 4 ϩ4V"]B3p෽_)I\H$sX{b^Z,6 R2CNJt(O79`e @y%0jAR~x4w5ֱm}=tRX[>͔ҞR "Hl/_r> endobj 736 0 obj << /Ascent 708 /CapHeight 672 /Descent -266 -/FontName /CRGDJC+URWPalladioL-Bold +/FontName /OWKYFB+URWPalladioL-Bold /ItalicAngle 0 /StemV 123 /XHeight 471 @@ -11637,7 +11605,7 @@ endobj /Type /Pages /Count 6 /Parent 2285 0 R -/Kids [1280 0 R 1285 0 R 1292 0 R 1300 0 R 1307 0 R 1311 0 R] +/Kids [1280 0 R 1285 0 R 1292 0 R 1297 0 R 1307 0 R 1311 0 R] >> endobj 1318 0 obj << /Type /Pages @@ -11645,53 +11613,53 @@ endobj /Parent 2285 0 R /Kids [1315 0 R 1320 0 R 1324 0 R 1331 0 R 1339 0 R 1345 0 R] >> endobj -1359 0 obj << +1358 0 obj << /Type /Pages /Count 6 /Parent 2285 0 R -/Kids [1355 0 R 1361 0 R 1365 0 R 1369 0 R 1379 0 R 1386 0 R] +/Kids [1350 0 R 1361 0 R 1365 0 R 1369 0 R 1379 0 R 1385 0 R] >> endobj 1395 0 obj << /Type /Pages /Count 6 /Parent 2285 0 R -/Kids [1392 0 R 1397 0 R 1401 0 R 1405 0 R 1413 0 R 1420 0 R] +/Kids [1391 0 R 1397 0 R 1401 0 R 1405 0 R 1411 0 R 1419 0 R] >> endobj 1431 0 obj << /Type /Pages /Count 6 /Parent 2285 0 R -/Kids [1425 0 R 1433 0 R 1440 0 R 1446 0 R 1455 0 R 1460 0 R] +/Kids [1425 0 R 1433 0 R 1440 0 R 1446 0 R 1452 0 R 1460 0 R] >> endobj -1469 0 obj << +1468 0 obj << /Type /Pages /Count 6 /Parent 2286 0 R -/Kids [1464 0 R 1471 0 R 1476 0 R 1483 0 R 1491 0 R 1497 0 R] +/Kids [1464 0 R 1470 0 R 1476 0 R 1481 0 R 1491 0 R 1497 0 R] >> endobj 1505 0 obj << /Type /Pages /Count 6 /Parent 2286 0 R -/Kids [1502 0 R 1507 0 R 1511 0 R 1515 0 R 1523 0 R 1538 0 R] +/Kids [1502 0 R 1507 0 R 1511 0 R 1515 0 R 1523 0 R 1530 0 R] >> endobj -1575 0 obj << +1563 0 obj << /Type /Pages /Count 6 /Parent 2286 0 R -/Kids [1552 0 R 1577 0 R 1590 0 R 1596 0 R 1608 0 R 1612 0 R] +/Kids [1550 0 R 1565 0 R 1588 0 R 1596 0 R 1600 0 R 1612 0 R] >> endobj -1627 0 obj << +1624 0 obj << /Type /Pages /Count 6 /Parent 2286 0 R -/Kids [1618 0 R 1629 0 R 1641 0 R 1649 0 R 1657 0 R 1662 0 R] +/Kids [1616 0 R 1626 0 R 1638 0 R 1648 0 R 1655 0 R 1661 0 R] >> endobj 1676 0 obj << /Type /Pages /Count 6 /Parent 2286 0 R -/Kids [1669 0 R 1678 0 R 1690 0 R 1697 0 R 1705 0 R 1711 0 R] +/Kids [1668 0 R 1678 0 R 1687 0 R 1694 0 R 1705 0 R 1711 0 R] >> endobj 1725 0 obj << /Type /Pages @@ -11757,13 +11725,13 @@ endobj /Type /Pages /Count 36 /Parent 2289 0 R -/Kids [1241 0 R 1283 0 R 1318 0 R 1359 0 R 1395 0 R 1431 0 R] +/Kids [1241 0 R 1283 0 R 1318 0 R 1358 0 R 1395 0 R 1431 0 R] >> endobj 2286 0 obj << /Type /Pages /Count 36 /Parent 2289 0 R -/Kids [1469 0 R 1505 0 R 1575 0 R 1627 0 R 1676 0 R 1725 0 R] +/Kids [1468 0 R 1505 0 R 1563 0 R 1624 0 R 1676 0 R 1725 0 R] >> endobj 2287 0 obj << /Type /Pages @@ -13093,7 +13061,7 @@ endobj /Count -4 >> endobj 2291 0 obj << -/Names [(Access_Control_Lists) 1709 0 R (Bv9ARM.ch01) 977 0 R (Bv9ARM.ch02) 1023 0 R (Bv9ARM.ch03) 1040 0 R (Bv9ARM.ch04) 1094 0 R (Bv9ARM.ch05) 1193 0 R (Bv9ARM.ch06) 1205 0 R (Bv9ARM.ch07) 1708 0 R (Bv9ARM.ch08) 1734 0 R (Bv9ARM.ch09) 1749 0 R (Bv9ARM.ch10) 1970 0 R (Configuration_File_Grammar) 1229 0 R (DNSSEC) 1161 0 R (Doc-Start) 735 0 R (Setting_TTLs) 1634 0 R (acache) 1030 0 R (access_control) 1375 0 R (acl) 1237 0 R (address_match_lists) 1210 0 R (admin_tools) 1063 0 R (appendix.A) 626 0 R (appendix.B) 662 0 R (bibliography) 1757 0 R (boolean_options) 1111 0 R (builtin) 1450 0 R (chapter*.1) 770 0 R (chapter.1) 6 0 R (chapter.2) 66 0 R (chapter.3) 90 0 R (chapter.4) 130 0 R (chapter.5) 230 0 R (chapter.6) 242 0 R (chapter.7) 582 0 R (chapter.8) 606 0 R (cite.RFC1033) 1885 0 R (cite.RFC1034) 1769 0 R (cite.RFC1035) 1771 0 R (cite.RFC1101) 1867 0 R (cite.RFC1123) 1869 0 R (cite.RFC1183) 1829 0 R (cite.RFC1464) 1907 0 R (cite.RFC1535) 1814 0 R (cite.RFC1536) 1816 0 R (cite.RFC1537) 1887 0 R (cite.RFC1591) 1871 0 R (cite.RFC1706) 1831 0 R (cite.RFC1712) 1927 0 R (cite.RFC1713) 1909 0 R (cite.RFC1794) 1911 0 R (cite.RFC1876) 1833 0 R (cite.RFC1912) 1889 0 R (cite.RFC1982) 1818 0 R (cite.RFC1995) 1776 0 R (cite.RFC1996) 1778 0 R (cite.RFC2010) 1891 0 R (cite.RFC2052) 1835 0 R (cite.RFC2065) 1939 0 R (cite.RFC2136) 1780 0 R (cite.RFC2137) 1941 0 R (cite.RFC2163) 1837 0 R (cite.RFC2168) 1839 0 R (cite.RFC2181) 1782 0 R (cite.RFC2219) 1893 0 R (cite.RFC2230) 1841 0 R (cite.RFC2240) 1913 0 R (cite.RFC2308) 1784 0 R (cite.RFC2317) 1873 0 R (cite.RFC2345) 1915 0 R (cite.RFC2352) 1917 0 R (cite.RFC2535) 1943 0 R (cite.RFC2536) 1843 0 R (cite.RFC2537) 1845 0 R (cite.RFC2538) 1847 0 R (cite.RFC2539) 1849 0 R (cite.RFC2540) 1851 0 R (cite.RFC2671) 1786 0 R (cite.RFC2672) 1788 0 R (cite.RFC2673) 1929 0 R (cite.RFC2782) 1853 0 R (cite.RFC2825) 1897 0 R (cite.RFC2826) 1875 0 R (cite.RFC2845) 1790 0 R (cite.RFC2874) 1931 0 R (cite.RFC2915) 1855 0 R (cite.RFC2929) 1877 0 R (cite.RFC2930) 1792 0 R (cite.RFC2931) 1794 0 R (cite.RFC3007) 1796 0 R (cite.RFC3008) 1945 0 R (cite.RFC3071) 1919 0 R (cite.RFC3090) 1947 0 R (cite.RFC3110) 1857 0 R (cite.RFC3123) 1859 0 R (cite.RFC3225) 1802 0 R (cite.RFC3258) 1921 0 R (cite.RFC3445) 1949 0 R (cite.RFC3490) 1899 0 R (cite.RFC3491) 1901 0 R (cite.RFC3492) 1903 0 R (cite.RFC3596) 1861 0 R (cite.RFC3597) 1863 0 R (cite.RFC3645) 1798 0 R (cite.RFC3655) 1951 0 R (cite.RFC3658) 1953 0 R (cite.RFC3755) 1955 0 R (cite.RFC3757) 1957 0 R (cite.RFC3833) 1804 0 R (cite.RFC3845) 1959 0 R (cite.RFC3901) 1923 0 R (cite.RFC4033) 1806 0 R (cite.RFC4034) 1808 0 R (cite.RFC4035) 1810 0 R (cite.RFC4074) 1820 0 R (cite.RFC974) 1773 0 R (cite.id2507769) 1964 0 R (clients-per-query) 1688 0 R (configuration_file_elements) 1206 0 R (controls_statement_definition_and_usage) 1081 0 R (diagnostic_tools) 1011 0 R (dynamic_update) 1104 0 R (dynamic_update_policies) 1075 0 R (dynamic_update_security) 1384 0 R (empty) 1458 0 R (historical_dns_information) 1751 0 R (id2466552) 978 0 R (id2466576) 979 0 R (id2467534) 980 0 R (id2467544) 981 0 R (id2467716) 993 0 R (id2467737) 994 0 R (id2467771) 995 0 R (id2467856) 998 0 R (id2467948) 991 0 R (id2470253) 1005 0 R (id2470277) 1008 0 R (id2470375) 1009 0 R (id2470396) 1010 0 R (id2470426) 1016 0 R (id2470530) 1017 0 R (id2470556) 1018 0 R (id2470590) 1024 0 R (id2470617) 1025 0 R (id2470630) 1026 0 R (id2470724) 1029 0 R (id2470734) 1035 0 R (id2470766) 1042 0 R (id2470782) 1043 0 R (id2470805) 1049 0 R (id2470822) 1050 0 R (id2471227) 1058 0 R (id2471233) 1059 0 R (id2473198) 1086 0 R (id2473210) 1087 0 R (id2473636) 1120 0 R (id2473654) 1121 0 R (id2474087) 1141 0 R (id2474104) 1142 0 R (id2474142) 1143 0 R (id2474161) 1144 0 R (id2474171) 1145 0 R (id2474276) 1146 0 R (id2474333) 1151 0 R (id2474382) 1153 0 R (id2474533) 1154 0 R (id2474582) 1160 0 R (id2474718) 1162 0 R (id2474797) 1167 0 R (id2475015) 1168 0 R (id2475197) 1180 0 R (id2475328) 1182 0 R (id2475349) 1183 0 R (id2475382) 1194 0 R (id2475597) 1207 0 R (id2476558) 1215 0 R (id2476586) 1220 0 R (id2476792) 1221 0 R (id2476807) 1222 0 R (id2476837) 1228 0 R (id2477048) 1230 0 R (id2477514) 1236 0 R (id2477557) 1238 0 R (id2477704) 1240 0 R (id2478064) 1248 0 R (id2478149) 1254 0 R (id2478172) 1255 0 R (id2478196) 1256 0 R (id2478286) 1260 0 R (id2478412) 1265 0 R (id2478465) 1266 0 R (id2479158) 1277 0 R (id2479824) 1288 0 R (id2479954) 1289 0 R (id2480343) 1295 0 R (id2480417) 1296 0 R (id2480549) 1303 0 R (id2480593) 1304 0 R (id2480608) 1305 0 R (id2483505) 1342 0 R (id2485548) 1372 0 R (id2485607) 1374 0 R (id2486317) 1389 0 R (id2487452) 1408 0 R (id2487512) 1410 0 R (id2487866) 1418 0 R (id2488437) 1437 0 R (id2489946) 1467 0 R (id2490835) 1486 0 R (id2490989) 1487 0 R (id2491041) 1488 0 R (id2491088) 1494 0 R (id2491139) 1495 0 R (id2491511) 1500 0 R (id2493016) 1518 0 R (id2493024) 1519 0 R (id2493029) 1520 0 R (id2493588) 1527 0 R (id2493621) 1528 0 R (id2495532) 1593 0 R (id2495955) 1599 0 R (id2495973) 1600 0 R (id2495993) 1603 0 R (id2496162) 1605 0 R (id2497332) 1615 0 R (id2497460) 1621 0 R (id2497618) 1622 0 R (id2497912) 1624 0 R (id2498117) 1626 0 R (id2498135) 1632 0 R (id2498608) 1635 0 R (id2498732) 1637 0 R (id2498747) 1638 0 R (id2498859) 1644 0 R (id2498882) 1645 0 R (id2498898) 1646 0 R (id2498958) 1647 0 R (id2499028) 1652 0 R (id2499132) 1653 0 R (id2499208) 1654 0 R (id2499719) 1665 0 R (id2500086) 1673 0 R (id2500091) 1674 0 R (id2501696) 1682 0 R (id2501702) 1683 0 R (id2502078) 1685 0 R (id2502084) 1686 0 R (id2503100) 1693 0 R (id2503132) 1694 0 R (id2503474) 1703 0 R (id2503716) 1718 0 R (id2503865) 1719 0 R (id2503993) 1720 0 R (id2504073) 1735 0 R (id2504078) 1736 0 R (id2504158) 1737 0 R (id2504176) 1738 0 R (id2504306) 1750 0 R (id2504477) 1756 0 R (id2504733) 1761 0 R (id2504736) 1767 0 R (id2504744) 1772 0 R (id2504768) 1768 0 R (id2504791) 1770 0 R (id2504827) 1781 0 R (id2504854) 1783 0 R (id2504880) 1775 0 R (id2504904) 1777 0 R (id2504928) 1779 0 R (id2504983) 1785 0 R (id2505010) 1787 0 R (id2505036) 1789 0 R (id2505098) 1791 0 R (id2505128) 1793 0 R (id2505158) 1795 0 R (id2505185) 1797 0 R (id2505259) 1800 0 R (id2505267) 1801 0 R (id2505293) 1803 0 R (id2505330) 1805 0 R (id2505395) 1807 0 R (id2505460) 1809 0 R (id2505525) 1812 0 R (id2505533) 1813 0 R (id2505559) 1815 0 R (id2505627) 1817 0 R (id2505662) 1819 0 R (id2505703) 1827 0 R (id2505708) 1828 0 R (id2505766) 1830 0 R (id2505803) 1838 0 R (id2505838) 1832 0 R (id2505893) 1834 0 R (id2505931) 1836 0 R (id2505957) 1840 0 R (id2505982) 1842 0 R (id2506009) 1844 0 R (id2506036) 1846 0 R (id2506075) 1848 0 R (id2506105) 1850 0 R (id2506135) 1852 0 R (id2506178) 1854 0 R (id2506211) 1856 0 R (id2506237) 1858 0 R (id2506261) 1860 0 R (id2506318) 1862 0 R (id2506343) 1865 0 R (id2506350) 1866 0 R (id2506376) 1868 0 R (id2506398) 1870 0 R (id2506422) 1872 0 R (id2506468) 1874 0 R (id2506491) 1876 0 R (id2506541) 1883 0 R (id2506549) 1884 0 R (id2506572) 1886 0 R (id2506599) 1888 0 R (id2506626) 1890 0 R (id2506662) 1892 0 R (id2506702) 1895 0 R (id2506708) 1896 0 R (id2506740) 1898 0 R (id2506786) 1900 0 R (id2506889) 1902 0 R (id2506916) 1905 0 R (id2506934) 1906 0 R (id2507025) 1908 0 R (id2507050) 1910 0 R (id2507076) 1912 0 R (id2507099) 1914 0 R (id2507145) 1916 0 R (id2507169) 1918 0 R (id2507195) 1920 0 R (id2507221) 1922 0 R (id2507258) 1925 0 R (id2507265) 1926 0 R (id2507322) 1928 0 R (id2507349) 1930 0 R (id2507385) 1937 0 R (id2507397) 1938 0 R (id2507436) 1940 0 R (id2507463) 1942 0 R (id2507493) 1944 0 R (id2507518) 1946 0 R (id2507545) 1948 0 R (id2507581) 1950 0 R (id2507618) 1952 0 R (id2507644) 1954 0 R (id2507671) 1956 0 R (id2507716) 1958 0 R (id2507757) 1961 0 R (id2507767) 1963 0 R (id2507769) 1965 0 R (incremental_zone_transfers) 1117 0 R (internet_drafts) 1960 0 R (ipv6addresses) 1184 0 R (journal) 1106 0 R (lwresd) 1195 0 R (man.ddns-confgen) 2254 0 R (man.dig) 1971 0 R (man.dnssec-dsfromkey) 2019 0 R (man.dnssec-keyfromlabel) 2038 0 R (man.dnssec-keygen) 1587 0 R (man.dnssec-revoke) 2081 0 R (man.dnssec-settime) 1588 0 R (man.dnssec-signzone) 2104 0 R (man.host) 2004 0 R (man.named) 2161 0 R (man.named-checkconf) 2129 0 R (man.named-checkzone) 2141 0 R (man.nsupdate) 2184 0 R (man.rndc) 2209 0 R (man.rndc-confgen) 2238 0 R (man.rndc.conf) 2222 0 R (notify) 1095 0 R (options) 1074 0 R (page.1) 734 0 R (page.10) 1015 0 R (page.100) 1699 0 R (page.101) 1707 0 R (page.102) 1713 0 R (page.103) 1724 0 R (page.104) 1729 0 R (page.105) 1733 0 R (page.106) 1744 0 R (page.107) 1748 0 R (page.108) 1755 0 R (page.109) 1765 0 R (page.11) 1022 0 R (page.110) 1825 0 R (page.111) 1881 0 R (page.112) 1935 0 R (page.113) 1969 0 R (page.114) 1978 0 R (page.115) 1984 0 R (page.116) 1990 0 R (page.117) 1994 0 R (page.118) 1999 0 R (page.119) 2010 0 R (page.12) 1034 0 R (page.120) 2015 0 R (page.121) 2027 0 R (page.122) 2037 0 R (page.123) 2046 0 R (page.124) 2051 0 R (page.125) 2061 0 R (page.126) 2066 0 R (page.127) 2071 0 R (page.128) 2079 0 R (page.129) 2091 0 R (page.13) 1039 0 R (page.130) 2100 0 R (page.131) 2110 0 R (page.132) 2116 0 R (page.133) 2120 0 R (page.134) 2125 0 R (page.135) 2135 0 R (page.136) 2147 0 R (page.137) 2153 0 R (page.138) 2159 0 R (page.139) 2169 0 R (page.14) 1048 0 R (page.140) 2174 0 R (page.141) 2181 0 R (page.142) 2191 0 R (page.143) 2196 0 R (page.144) 2200 0 R (page.145) 2208 0 R (page.146) 2218 0 R (page.147) 2229 0 R (page.148) 2234 0 R (page.149) 2246 0 R (page.15) 1057 0 R (page.150) 2252 0 R (page.151) 2262 0 R (page.16) 1067 0 R (page.17) 1079 0 R (page.18) 1085 0 R (page.19) 1093 0 R (page.2) 759 0 R (page.20) 1116 0 R (page.21) 1126 0 R (page.22) 1131 0 R (page.23) 1135 0 R (page.24) 1140 0 R (page.25) 1150 0 R (page.26) 1159 0 R (page.27) 1166 0 R (page.28) 1172 0 R (page.29) 1176 0 R (page.3) 769 0 R (page.30) 1188 0 R (page.31) 1192 0 R (page.32) 1200 0 R (page.33) 1204 0 R (page.34) 1214 0 R (page.35) 1219 0 R (page.36) 1227 0 R (page.37) 1235 0 R (page.38) 1245 0 R (page.39) 1253 0 R (page.4) 824 0 R (page.40) 1264 0 R (page.41) 1270 0 R (page.42) 1276 0 R (page.43) 1282 0 R (page.44) 1287 0 R (page.45) 1294 0 R (page.46) 1302 0 R (page.47) 1309 0 R (page.48) 1313 0 R (page.49) 1317 0 R (page.5) 888 0 R (page.50) 1322 0 R (page.51) 1326 0 R (page.52) 1333 0 R (page.53) 1341 0 R (page.54) 1347 0 R (page.55) 1357 0 R (page.56) 1363 0 R (page.57) 1367 0 R (page.58) 1371 0 R (page.59) 1381 0 R (page.6) 951 0 R (page.60) 1388 0 R (page.61) 1394 0 R (page.62) 1399 0 R (page.63) 1403 0 R (page.64) 1407 0 R (page.65) 1415 0 R (page.66) 1422 0 R (page.67) 1427 0 R (page.68) 1435 0 R (page.69) 1442 0 R (page.7) 976 0 R (page.70) 1448 0 R (page.71) 1457 0 R (page.72) 1462 0 R (page.73) 1466 0 R (page.74) 1473 0 R (page.75) 1478 0 R (page.76) 1485 0 R (page.77) 1493 0 R (page.78) 1499 0 R (page.79) 1504 0 R (page.8) 990 0 R (page.80) 1509 0 R (page.81) 1513 0 R (page.82) 1517 0 R (page.83) 1525 0 R (page.84) 1540 0 R (page.85) 1554 0 R (page.86) 1579 0 R (page.87) 1592 0 R (page.88) 1598 0 R (page.89) 1610 0 R (page.9) 1004 0 R (page.90) 1614 0 R (page.91) 1620 0 R (page.92) 1631 0 R (page.93) 1643 0 R (page.94) 1651 0 R (page.95) 1659 0 R (page.96) 1664 0 R (page.97) 1671 0 R (page.98) 1680 0 R (page.99) 1692 0 R (proposed_standards) 1122 0 R (query_address) 1390 0 R (rfcs) 1000 0 R (rndc) 1249 0 R (root_delegation_only) 1536 0 R (rrset_ordering) 1053 0 R (sample_configuration) 1041 0 R (section*.10) 1894 0 R (section*.100) 2182 0 R (section*.101) 2183 0 R (section*.102) 2185 0 R (section*.103) 2186 0 R (section*.104) 2187 0 R (section*.105) 2192 0 R (section*.106) 2201 0 R (section*.107) 2202 0 R (section*.108) 2203 0 R (section*.109) 2204 0 R (section*.11) 1904 0 R (section*.110) 2210 0 R (section*.111) 2211 0 R (section*.112) 2212 0 R (section*.113) 2213 0 R (section*.114) 2219 0 R (section*.115) 2220 0 R (section*.116) 2221 0 R (section*.117) 2223 0 R (section*.118) 2224 0 R (section*.119) 2225 0 R (section*.12) 1924 0 R (section*.120) 2230 0 R (section*.121) 2235 0 R (section*.122) 2236 0 R (section*.123) 2237 0 R (section*.124) 2239 0 R (section*.125) 2240 0 R (section*.126) 2241 0 R (section*.127) 2242 0 R (section*.128) 2247 0 R (section*.129) 2248 0 R (section*.13) 1936 0 R (section*.130) 2253 0 R (section*.131) 2255 0 R (section*.132) 2256 0 R (section*.133) 2257 0 R (section*.134) 2258 0 R (section*.135) 2263 0 R (section*.136) 2264 0 R (section*.14) 1962 0 R (section*.15) 1972 0 R (section*.16) 1973 0 R (section*.17) 1974 0 R (section*.18) 1979 0 R (section*.19) 1980 0 R (section*.2) 1760 0 R (section*.20) 1985 0 R (section*.21) 1995 0 R (section*.22) 2000 0 R (section*.23) 2001 0 R (section*.24) 2002 0 R (section*.25) 2003 0 R (section*.26) 2005 0 R (section*.27) 2006 0 R (section*.28) 2011 0 R (section*.29) 2016 0 R (section*.3) 1766 0 R (section*.30) 2017 0 R (section*.31) 2018 0 R (section*.32) 2020 0 R (section*.33) 2021 0 R (section*.34) 2022 0 R (section*.35) 2023 0 R (section*.36) 2028 0 R (section*.37) 2029 0 R (section*.38) 2030 0 R (section*.39) 2031 0 R (section*.4) 1774 0 R (section*.40) 2032 0 R (section*.41) 2039 0 R (section*.42) 2040 0 R (section*.43) 2041 0 R (section*.44) 2042 0 R (section*.45) 2047 0 R (section*.46) 2052 0 R (section*.47) 2053 0 R (section*.48) 2054 0 R (section*.49) 2055 0 R (section*.5) 1799 0 R (section*.50) 2056 0 R (section*.51) 2057 0 R (section*.52) 2062 0 R (section*.53) 2067 0 R (section*.54) 2072 0 R (section*.55) 2073 0 R (section*.56) 2074 0 R (section*.57) 2080 0 R (section*.58) 2082 0 R (section*.59) 2083 0 R (section*.6) 1811 0 R (section*.60) 2084 0 R (section*.61) 2085 0 R (section*.62) 2086 0 R (section*.63) 2087 0 R (section*.64) 2092 0 R (section*.65) 2093 0 R (section*.66) 2094 0 R (section*.67) 2095 0 R (section*.68) 2096 0 R (section*.69) 2101 0 R (section*.7) 1826 0 R (section*.70) 2102 0 R (section*.71) 2103 0 R (section*.72) 2105 0 R (section*.73) 2106 0 R (section*.74) 2111 0 R (section*.75) 2112 0 R (section*.76) 2126 0 R (section*.77) 2127 0 R (section*.78) 2128 0 R (section*.79) 2130 0 R (section*.8) 1864 0 R (section*.80) 2131 0 R (section*.81) 2136 0 R (section*.82) 2137 0 R (section*.83) 2138 0 R (section*.84) 2139 0 R (section*.85) 2140 0 R (section*.86) 2142 0 R (section*.87) 2143 0 R (section*.88) 2148 0 R (section*.89) 2149 0 R (section*.9) 1882 0 R (section*.90) 2154 0 R (section*.91) 2155 0 R (section*.92) 2160 0 R (section*.93) 2162 0 R (section*.94) 2163 0 R (section*.95) 2164 0 R (section*.96) 2165 0 R (section*.97) 2175 0 R (section*.98) 2176 0 R (section*.99) 2177 0 R (section.1.1) 10 0 R (section.1.2) 14 0 R (section.1.3) 18 0 R (section.1.4) 22 0 R (section.2.1) 70 0 R (section.2.2) 74 0 R (section.2.3) 78 0 R (section.2.4) 82 0 R (section.2.5) 86 0 R (section.3.1) 94 0 R (section.3.2) 106 0 R (section.3.3) 110 0 R (section.4.1) 134 0 R (section.4.2) 138 0 R (section.4.3) 146 0 R (section.4.4) 150 0 R (section.4.5) 158 0 R (section.4.6) 194 0 R (section.4.7) 198 0 R (section.4.8) 202 0 R (section.4.9) 218 0 R (section.5.1) 234 0 R (section.5.2) 238 0 R (section.6.1) 246 0 R (section.6.2) 274 0 R (section.6.3) 494 0 R (section.6.4) 550 0 R (section.7.1) 586 0 R (section.7.2) 590 0 R (section.7.3) 602 0 R (section.8.1) 610 0 R (section.8.2) 618 0 R (section.8.3) 622 0 R (section.A.1) 630 0 R (section.A.2) 638 0 R (section.A.3) 646 0 R (section.B.1) 666 0 R (section.B.10) 702 0 R (section.B.11) 706 0 R (section.B.12) 710 0 R (section.B.13) 714 0 R (section.B.14) 718 0 R (section.B.15) 722 0 R (section.B.16) 726 0 R (section.B.2) 670 0 R (section.B.3) 674 0 R (section.B.4) 678 0 R (section.B.5) 682 0 R (section.B.6) 686 0 R (section.B.7) 690 0 R (section.B.8) 694 0 R (section.B.9) 698 0 R (server_resource_limits) 1416 0 R (server_statement_definition_and_usage) 1353 0 R (server_statement_grammar) 1474 0 R (statistics) 1660 0 R (statistics_counters) 1672 0 R (statschannels) 1481 0 R (statsfile) 1329 0 R (subsection.1.4.1) 26 0 R (subsection.1.4.2) 30 0 R (subsection.1.4.3) 34 0 R (subsection.1.4.4) 38 0 R (subsection.1.4.5) 54 0 R (subsection.1.4.6) 62 0 R (subsection.3.1.1) 98 0 R (subsection.3.1.2) 102 0 R (subsection.3.3.1) 114 0 R (subsection.3.3.2) 126 0 R (subsection.4.2.1) 142 0 R (subsection.4.4.1) 154 0 R (subsection.4.5.1) 162 0 R (subsection.4.5.2) 174 0 R (subsection.4.5.3) 178 0 R (subsection.4.5.4) 182 0 R (subsection.4.5.5) 186 0 R (subsection.4.5.6) 190 0 R (subsection.4.8.1) 206 0 R (subsection.4.8.2) 210 0 R (subsection.4.8.3) 214 0 R (subsection.4.9.1) 222 0 R (subsection.4.9.2) 226 0 R (subsection.6.1.1) 250 0 R (subsection.6.1.2) 262 0 R (subsection.6.2.1) 278 0 R (subsection.6.2.10) 314 0 R (subsection.6.2.11) 330 0 R (subsection.6.2.12) 334 0 R (subsection.6.2.13) 338 0 R (subsection.6.2.14) 342 0 R (subsection.6.2.15) 346 0 R (subsection.6.2.16) 350 0 R (subsection.6.2.17) 430 0 R (subsection.6.2.18) 434 0 R (subsection.6.2.19) 438 0 R (subsection.6.2.2) 282 0 R (subsection.6.2.20) 442 0 R (subsection.6.2.21) 446 0 R (subsection.6.2.22) 450 0 R (subsection.6.2.23) 454 0 R (subsection.6.2.24) 458 0 R (subsection.6.2.25) 462 0 R (subsection.6.2.26) 466 0 R (subsection.6.2.27) 470 0 R (subsection.6.2.28) 474 0 R (subsection.6.2.3) 286 0 R (subsection.6.2.4) 290 0 R (subsection.6.2.5) 294 0 R (subsection.6.2.6) 298 0 R (subsection.6.2.7) 302 0 R (subsection.6.2.8) 306 0 R (subsection.6.2.9) 310 0 R (subsection.6.3.1) 498 0 R (subsection.6.3.2) 510 0 R (subsection.6.3.3) 514 0 R (subsection.6.3.4) 518 0 R (subsection.6.3.5) 522 0 R (subsection.6.3.6) 542 0 R (subsection.6.3.7) 546 0 R (subsection.6.4.1) 558 0 R (subsection.7.2.1) 594 0 R (subsection.7.2.2) 598 0 R (subsection.8.1.1) 614 0 R (subsection.A.1.1) 634 0 R (subsection.A.2.1) 642 0 R (subsection.A.3.1) 650 0 R (subsection.A.3.2) 654 0 R (subsection.A.3.3) 658 0 R (subsubsection.1.4.4.1) 42 0 R (subsubsection.1.4.4.2) 46 0 R (subsubsection.1.4.4.3) 50 0 R (subsubsection.1.4.5.1) 58 0 R (subsubsection.3.3.1.1) 118 0 R (subsubsection.3.3.1.2) 122 0 R (subsubsection.4.5.1.1) 166 0 R (subsubsection.4.5.1.2) 170 0 R (subsubsection.6.1.1.1) 254 0 R (subsubsection.6.1.1.2) 258 0 R (subsubsection.6.1.2.1) 266 0 R (subsubsection.6.1.2.2) 270 0 R (subsubsection.6.2.10.1) 318 0 R (subsubsection.6.2.10.2) 322 0 R (subsubsection.6.2.10.3) 326 0 R (subsubsection.6.2.16.1) 354 0 R (subsubsection.6.2.16.10) 390 0 R (subsubsection.6.2.16.11) 394 0 R (subsubsection.6.2.16.12) 398 0 R (subsubsection.6.2.16.13) 402 0 R (subsubsection.6.2.16.14) 406 0 R (subsubsection.6.2.16.15) 410 0 R (subsubsection.6.2.16.16) 414 0 R (subsubsection.6.2.16.17) 418 0 R (subsubsection.6.2.16.18) 422 0 R (subsubsection.6.2.16.19) 426 0 R (subsubsection.6.2.16.2) 358 0 R (subsubsection.6.2.16.3) 362 0 R (subsubsection.6.2.16.4) 366 0 R (subsubsection.6.2.16.5) 370 0 R (subsubsection.6.2.16.6) 374 0 R (subsubsection.6.2.16.7) 378 0 R (subsubsection.6.2.16.8) 382 0 R (subsubsection.6.2.16.9) 386 0 R (subsubsection.6.2.28.1) 478 0 R (subsubsection.6.2.28.2) 482 0 R (subsubsection.6.2.28.3) 486 0 R (subsubsection.6.2.28.4) 490 0 R (subsubsection.6.3.1.1) 502 0 R (subsubsection.6.3.1.2) 506 0 R (subsubsection.6.3.5.1) 526 0 R (subsubsection.6.3.5.2) 530 0 R (subsubsection.6.3.5.3) 534 0 R (subsubsection.6.3.5.4) 538 0 R (subsubsection.6.4.0.1) 554 0 R (subsubsection.6.4.1.1) 562 0 R (subsubsection.6.4.1.2) 566 0 R (subsubsection.6.4.1.3) 570 0 R (subsubsection.6.4.1.4) 574 0 R (subsubsection.6.4.1.5) 578 0 R (table.1.1) 982 0 R (table.1.2) 992 0 R (table.3.1) 1051 0 R (table.3.2) 1088 0 R (table.6.1) 1208 0 R (table.6.10) 1604 0 R (table.6.11) 1606 0 R (table.6.12) 1616 0 R (table.6.13) 1623 0 R (table.6.14) 1625 0 R (table.6.15) 1633 0 R (table.6.16) 1636 0 R (table.6.17) 1639 0 R (table.6.18) 1655 0 R (table.6.19) 1666 0 R (table.6.2) 1231 0 R (table.6.20) 1675 0 R (table.6.21) 1684 0 R (table.6.22) 1687 0 R (table.6.23) 1695 0 R (table.6.3) 1239 0 R (table.6.4) 1278 0 R (table.6.5) 1290 0 R (table.6.6) 1343 0 R (table.6.7) 1438 0 R (table.6.8) 1521 0 R (table.6.9) 1594 0 R (the_category_phrase) 1272 0 R (the_sortlist_statement) 1428 0 R (topology) 1423 0 R (tsig) 1136 0 R (tuning) 1443 0 R (types_of_resource_records_and_when_to_use_them) 999 0 R (view_statement_grammar) 1453 0 R (zone_statement_grammar) 1377 0 R (zone_transfers) 1112 0 R (zonefile_format) 1452 0 R] +/Names [(Access_Control_Lists) 1709 0 R (Bv9ARM.ch01) 977 0 R (Bv9ARM.ch02) 1023 0 R (Bv9ARM.ch03) 1040 0 R (Bv9ARM.ch04) 1094 0 R (Bv9ARM.ch05) 1193 0 R (Bv9ARM.ch06) 1205 0 R (Bv9ARM.ch07) 1708 0 R (Bv9ARM.ch08) 1734 0 R (Bv9ARM.ch09) 1749 0 R (Bv9ARM.ch10) 1970 0 R (Configuration_File_Grammar) 1229 0 R (DNSSEC) 1161 0 R (Doc-Start) 735 0 R (Setting_TTLs) 1634 0 R (acache) 1030 0 R (access_control) 1375 0 R (acl) 1237 0 R (address_match_lists) 1210 0 R (admin_tools) 1063 0 R (appendix.A) 626 0 R (appendix.B) 662 0 R (bibliography) 1757 0 R (boolean_options) 1111 0 R (builtin) 1455 0 R (chapter*.1) 770 0 R (chapter.1) 6 0 R (chapter.2) 66 0 R (chapter.3) 90 0 R (chapter.4) 130 0 R (chapter.5) 230 0 R (chapter.6) 242 0 R (chapter.7) 582 0 R (chapter.8) 606 0 R (cite.RFC1033) 1885 0 R (cite.RFC1034) 1769 0 R (cite.RFC1035) 1771 0 R (cite.RFC1101) 1867 0 R (cite.RFC1123) 1869 0 R (cite.RFC1183) 1829 0 R (cite.RFC1464) 1907 0 R (cite.RFC1535) 1814 0 R (cite.RFC1536) 1816 0 R (cite.RFC1537) 1887 0 R (cite.RFC1591) 1871 0 R (cite.RFC1706) 1831 0 R (cite.RFC1712) 1927 0 R (cite.RFC1713) 1909 0 R (cite.RFC1794) 1911 0 R (cite.RFC1876) 1833 0 R (cite.RFC1912) 1889 0 R (cite.RFC1982) 1818 0 R (cite.RFC1995) 1776 0 R (cite.RFC1996) 1778 0 R (cite.RFC2010) 1891 0 R (cite.RFC2052) 1835 0 R (cite.RFC2065) 1939 0 R (cite.RFC2136) 1780 0 R (cite.RFC2137) 1941 0 R (cite.RFC2163) 1837 0 R (cite.RFC2168) 1839 0 R (cite.RFC2181) 1782 0 R (cite.RFC2219) 1893 0 R (cite.RFC2230) 1841 0 R (cite.RFC2240) 1913 0 R (cite.RFC2308) 1784 0 R (cite.RFC2317) 1873 0 R (cite.RFC2345) 1915 0 R (cite.RFC2352) 1917 0 R (cite.RFC2535) 1943 0 R (cite.RFC2536) 1843 0 R (cite.RFC2537) 1845 0 R (cite.RFC2538) 1847 0 R (cite.RFC2539) 1849 0 R (cite.RFC2540) 1851 0 R (cite.RFC2671) 1786 0 R (cite.RFC2672) 1788 0 R (cite.RFC2673) 1929 0 R (cite.RFC2782) 1853 0 R (cite.RFC2825) 1897 0 R (cite.RFC2826) 1875 0 R (cite.RFC2845) 1790 0 R (cite.RFC2874) 1931 0 R (cite.RFC2915) 1855 0 R (cite.RFC2929) 1877 0 R (cite.RFC2930) 1792 0 R (cite.RFC2931) 1794 0 R (cite.RFC3007) 1796 0 R (cite.RFC3008) 1945 0 R (cite.RFC3071) 1919 0 R (cite.RFC3090) 1947 0 R (cite.RFC3110) 1857 0 R (cite.RFC3123) 1859 0 R (cite.RFC3225) 1802 0 R (cite.RFC3258) 1921 0 R (cite.RFC3445) 1949 0 R (cite.RFC3490) 1899 0 R (cite.RFC3491) 1901 0 R (cite.RFC3492) 1903 0 R (cite.RFC3596) 1861 0 R (cite.RFC3597) 1863 0 R (cite.RFC3645) 1798 0 R (cite.RFC3655) 1951 0 R (cite.RFC3658) 1953 0 R (cite.RFC3755) 1955 0 R (cite.RFC3757) 1957 0 R (cite.RFC3833) 1804 0 R (cite.RFC3845) 1959 0 R (cite.RFC3901) 1923 0 R (cite.RFC4033) 1806 0 R (cite.RFC4034) 1808 0 R (cite.RFC4035) 1810 0 R (cite.RFC4074) 1820 0 R (cite.RFC974) 1773 0 R (cite.id2507701) 1964 0 R (clients-per-query) 1685 0 R (configuration_file_elements) 1206 0 R (controls_statement_definition_and_usage) 1081 0 R (diagnostic_tools) 1011 0 R (dynamic_update) 1104 0 R (dynamic_update_policies) 1075 0 R (dynamic_update_security) 1383 0 R (empty) 1457 0 R (historical_dns_information) 1751 0 R (id2466552) 978 0 R (id2466576) 979 0 R (id2467534) 980 0 R (id2467544) 981 0 R (id2467716) 993 0 R (id2467737) 994 0 R (id2467771) 995 0 R (id2467856) 998 0 R (id2467948) 991 0 R (id2470253) 1005 0 R (id2470277) 1008 0 R (id2470375) 1009 0 R (id2470396) 1010 0 R (id2470426) 1016 0 R (id2470530) 1017 0 R (id2470556) 1018 0 R (id2470590) 1024 0 R (id2470617) 1025 0 R (id2470630) 1026 0 R (id2470724) 1029 0 R (id2470734) 1035 0 R (id2470766) 1042 0 R (id2470782) 1043 0 R (id2470805) 1049 0 R (id2470822) 1050 0 R (id2471227) 1058 0 R (id2471233) 1059 0 R (id2473198) 1086 0 R (id2473210) 1087 0 R (id2473636) 1120 0 R (id2473654) 1121 0 R (id2474087) 1141 0 R (id2474104) 1142 0 R (id2474142) 1143 0 R (id2474161) 1144 0 R (id2474171) 1145 0 R (id2474276) 1146 0 R (id2474333) 1151 0 R (id2474382) 1153 0 R (id2474533) 1154 0 R (id2474582) 1160 0 R (id2474718) 1162 0 R (id2474797) 1167 0 R (id2475015) 1168 0 R (id2475197) 1180 0 R (id2475328) 1182 0 R (id2475349) 1183 0 R (id2475382) 1194 0 R (id2475597) 1207 0 R (id2476558) 1215 0 R (id2476586) 1220 0 R (id2476792) 1221 0 R (id2476807) 1222 0 R (id2476837) 1228 0 R (id2477048) 1230 0 R (id2477514) 1236 0 R (id2477557) 1238 0 R (id2477704) 1240 0 R (id2478064) 1248 0 R (id2478149) 1254 0 R (id2478172) 1255 0 R (id2478196) 1256 0 R (id2478286) 1260 0 R (id2478412) 1265 0 R (id2478465) 1266 0 R (id2479158) 1277 0 R (id2479824) 1288 0 R (id2479954) 1289 0 R (id2480343) 1295 0 R (id2480417) 1300 0 R (id2480549) 1303 0 R (id2480593) 1304 0 R (id2480608) 1305 0 R (id2483505) 1342 0 R (id2485548) 1372 0 R (id2485607) 1374 0 R (id2486317) 1389 0 R (id2487452) 1408 0 R (id2487512) 1414 0 R (id2487866) 1422 0 R (id2488437) 1437 0 R (id2489946) 1467 0 R (id2490766) 1486 0 R (id2490921) 1487 0 R (id2490972) 1488 0 R (id2491019) 1494 0 R (id2491070) 1495 0 R (id2491443) 1500 0 R (id2493016) 1518 0 R (id2493024) 1519 0 R (id2493029) 1520 0 R (id2493588) 1527 0 R (id2493621) 1533 0 R (id2495464) 1593 0 R (id2495886) 1603 0 R (id2495905) 1604 0 R (id2495925) 1607 0 R (id2496230) 1609 0 R (id2497400) 1619 0 R (id2497528) 1621 0 R (id2497549) 1622 0 R (id2497912) 1629 0 R (id2498117) 1631 0 R (id2498135) 1632 0 R (id2498539) 1635 0 R (id2498664) 1641 0 R (id2498679) 1642 0 R (id2498791) 1644 0 R (id2498813) 1645 0 R (id2498829) 1646 0 R (id2498958) 1651 0 R (id2499028) 1652 0 R (id2499064) 1653 0 R (id2499140) 1658 0 R (id2499651) 1665 0 R (id2500086) 1673 0 R (id2500091) 1674 0 R (id2501696) 1682 0 R (id2501702) 1683 0 R (id2502078) 1690 0 R (id2502084) 1691 0 R (id2503100) 1697 0 R (id2503132) 1698 0 R (id2503474) 1703 0 R (id2503716) 1718 0 R (id2503865) 1719 0 R (id2503993) 1720 0 R (id2504073) 1735 0 R (id2504078) 1736 0 R (id2504158) 1737 0 R (id2504176) 1738 0 R (id2504237) 1750 0 R (id2504409) 1756 0 R (id2504665) 1761 0 R (id2504667) 1767 0 R (id2504676) 1772 0 R (id2504699) 1768 0 R (id2504723) 1770 0 R (id2504759) 1781 0 R (id2504786) 1783 0 R (id2504811) 1775 0 R (id2504836) 1777 0 R (id2504859) 1779 0 R (id2504915) 1785 0 R (id2504941) 1787 0 R (id2504968) 1789 0 R (id2505030) 1791 0 R (id2505060) 1793 0 R (id2505090) 1795 0 R (id2505116) 1797 0 R (id2505191) 1800 0 R (id2505198) 1801 0 R (id2505225) 1803 0 R (id2505261) 1805 0 R (id2505326) 1807 0 R (id2505392) 1809 0 R (id2505457) 1812 0 R (id2505465) 1813 0 R (id2505491) 1815 0 R (id2505559) 1817 0 R (id2505594) 1819 0 R (id2505635) 1827 0 R (id2505640) 1828 0 R (id2505698) 1830 0 R (id2505735) 1838 0 R (id2505770) 1832 0 R (id2505825) 1834 0 R (id2505863) 1836 0 R (id2505889) 1840 0 R (id2505914) 1842 0 R (id2505941) 1844 0 R (id2505968) 1846 0 R (id2506007) 1848 0 R (id2506037) 1850 0 R (id2506067) 1852 0 R (id2506109) 1854 0 R (id2506142) 1856 0 R (id2506169) 1858 0 R (id2506193) 1860 0 R (id2506250) 1862 0 R (id2506275) 1865 0 R (id2506282) 1866 0 R (id2506308) 1868 0 R (id2506330) 1870 0 R (id2506354) 1872 0 R (id2506400) 1874 0 R (id2506423) 1876 0 R (id2506473) 1883 0 R (id2506481) 1884 0 R (id2506504) 1886 0 R (id2506531) 1888 0 R (id2506557) 1890 0 R (id2506594) 1892 0 R (id2506634) 1895 0 R (id2506640) 1896 0 R (id2506672) 1898 0 R (id2506717) 1900 0 R (id2506821) 1902 0 R (id2506848) 1905 0 R (id2506866) 1906 0 R (id2506956) 1908 0 R (id2506982) 1910 0 R (id2507008) 1912 0 R (id2507031) 1914 0 R (id2507077) 1916 0 R (id2507100) 1918 0 R (id2507127) 1920 0 R (id2507153) 1922 0 R (id2507190) 1925 0 R (id2507196) 1926 0 R (id2507254) 1928 0 R (id2507281) 1930 0 R (id2507317) 1937 0 R (id2507329) 1938 0 R (id2507368) 1940 0 R (id2507395) 1942 0 R (id2507425) 1944 0 R (id2507450) 1946 0 R (id2507477) 1948 0 R (id2507513) 1950 0 R (id2507549) 1952 0 R (id2507576) 1954 0 R (id2507603) 1956 0 R (id2507648) 1958 0 R (id2507689) 1961 0 R (id2507699) 1963 0 R (id2507701) 1965 0 R (incremental_zone_transfers) 1117 0 R (internet_drafts) 1960 0 R (ipv6addresses) 1184 0 R (journal) 1106 0 R (lwresd) 1195 0 R (man.ddns-confgen) 2254 0 R (man.dig) 1971 0 R (man.dnssec-dsfromkey) 2019 0 R (man.dnssec-keyfromlabel) 2038 0 R (man.dnssec-keygen) 1585 0 R (man.dnssec-revoke) 2081 0 R (man.dnssec-settime) 1586 0 R (man.dnssec-signzone) 2104 0 R (man.host) 2004 0 R (man.named) 2161 0 R (man.named-checkconf) 2129 0 R (man.named-checkzone) 2141 0 R (man.nsupdate) 2184 0 R (man.rndc) 2209 0 R (man.rndc-confgen) 2238 0 R (man.rndc.conf) 2222 0 R (notify) 1095 0 R (options) 1074 0 R (page.1) 734 0 R (page.10) 1015 0 R (page.100) 1696 0 R (page.101) 1707 0 R (page.102) 1713 0 R (page.103) 1724 0 R (page.104) 1729 0 R (page.105) 1733 0 R (page.106) 1744 0 R (page.107) 1748 0 R (page.108) 1755 0 R (page.109) 1765 0 R (page.11) 1022 0 R (page.110) 1825 0 R (page.111) 1881 0 R (page.112) 1935 0 R (page.113) 1969 0 R (page.114) 1978 0 R (page.115) 1984 0 R (page.116) 1990 0 R (page.117) 1994 0 R (page.118) 1999 0 R (page.119) 2010 0 R (page.12) 1034 0 R (page.120) 2015 0 R (page.121) 2027 0 R (page.122) 2037 0 R (page.123) 2046 0 R (page.124) 2051 0 R (page.125) 2061 0 R (page.126) 2066 0 R (page.127) 2071 0 R (page.128) 2079 0 R (page.129) 2091 0 R (page.13) 1039 0 R (page.130) 2100 0 R (page.131) 2110 0 R (page.132) 2116 0 R (page.133) 2120 0 R (page.134) 2125 0 R (page.135) 2135 0 R (page.136) 2147 0 R (page.137) 2153 0 R (page.138) 2159 0 R (page.139) 2169 0 R (page.14) 1048 0 R (page.140) 2174 0 R (page.141) 2181 0 R (page.142) 2191 0 R (page.143) 2196 0 R (page.144) 2200 0 R (page.145) 2208 0 R (page.146) 2218 0 R (page.147) 2229 0 R (page.148) 2234 0 R (page.149) 2246 0 R (page.15) 1057 0 R (page.150) 2252 0 R (page.151) 2262 0 R (page.16) 1067 0 R (page.17) 1079 0 R (page.18) 1085 0 R (page.19) 1093 0 R (page.2) 759 0 R (page.20) 1116 0 R (page.21) 1126 0 R (page.22) 1131 0 R (page.23) 1135 0 R (page.24) 1140 0 R (page.25) 1150 0 R (page.26) 1159 0 R (page.27) 1166 0 R (page.28) 1172 0 R (page.29) 1176 0 R (page.3) 769 0 R (page.30) 1188 0 R (page.31) 1192 0 R (page.32) 1200 0 R (page.33) 1204 0 R (page.34) 1214 0 R (page.35) 1219 0 R (page.36) 1227 0 R (page.37) 1235 0 R (page.38) 1245 0 R (page.39) 1253 0 R (page.4) 824 0 R (page.40) 1264 0 R (page.41) 1270 0 R (page.42) 1276 0 R (page.43) 1282 0 R (page.44) 1287 0 R (page.45) 1294 0 R (page.46) 1299 0 R (page.47) 1309 0 R (page.48) 1313 0 R (page.49) 1317 0 R (page.5) 888 0 R (page.50) 1322 0 R (page.51) 1326 0 R (page.52) 1333 0 R (page.53) 1341 0 R (page.54) 1347 0 R (page.55) 1352 0 R (page.56) 1363 0 R (page.57) 1367 0 R (page.58) 1371 0 R (page.59) 1381 0 R (page.6) 951 0 R (page.60) 1387 0 R (page.61) 1393 0 R (page.62) 1399 0 R (page.63) 1403 0 R (page.64) 1407 0 R (page.65) 1413 0 R (page.66) 1421 0 R (page.67) 1427 0 R (page.68) 1435 0 R (page.69) 1442 0 R (page.7) 976 0 R (page.70) 1448 0 R (page.71) 1454 0 R (page.72) 1462 0 R (page.73) 1466 0 R (page.74) 1472 0 R (page.75) 1478 0 R (page.76) 1483 0 R (page.77) 1493 0 R (page.78) 1499 0 R (page.79) 1504 0 R (page.8) 990 0 R (page.80) 1509 0 R (page.81) 1513 0 R (page.82) 1517 0 R (page.83) 1525 0 R (page.84) 1532 0 R (page.85) 1552 0 R (page.86) 1567 0 R (page.87) 1590 0 R (page.88) 1598 0 R (page.89) 1602 0 R (page.9) 1004 0 R (page.90) 1614 0 R (page.91) 1618 0 R (page.92) 1628 0 R (page.93) 1640 0 R (page.94) 1650 0 R (page.95) 1657 0 R (page.96) 1663 0 R (page.97) 1670 0 R (page.98) 1680 0 R (page.99) 1689 0 R (proposed_standards) 1122 0 R (query_address) 1394 0 R (rfcs) 1000 0 R (rndc) 1249 0 R (root_delegation_only) 1528 0 R (rrset_ordering) 1053 0 R (sample_configuration) 1041 0 R (section*.10) 1894 0 R (section*.100) 2182 0 R (section*.101) 2183 0 R (section*.102) 2185 0 R (section*.103) 2186 0 R (section*.104) 2187 0 R (section*.105) 2192 0 R (section*.106) 2201 0 R (section*.107) 2202 0 R (section*.108) 2203 0 R (section*.109) 2204 0 R (section*.11) 1904 0 R (section*.110) 2210 0 R (section*.111) 2211 0 R (section*.112) 2212 0 R (section*.113) 2213 0 R (section*.114) 2219 0 R (section*.115) 2220 0 R (section*.116) 2221 0 R (section*.117) 2223 0 R (section*.118) 2224 0 R (section*.119) 2225 0 R (section*.12) 1924 0 R (section*.120) 2230 0 R (section*.121) 2235 0 R (section*.122) 2236 0 R (section*.123) 2237 0 R (section*.124) 2239 0 R (section*.125) 2240 0 R (section*.126) 2241 0 R (section*.127) 2242 0 R (section*.128) 2247 0 R (section*.129) 2248 0 R (section*.13) 1936 0 R (section*.130) 2253 0 R (section*.131) 2255 0 R (section*.132) 2256 0 R (section*.133) 2257 0 R (section*.134) 2258 0 R (section*.135) 2263 0 R (section*.136) 2264 0 R (section*.14) 1962 0 R (section*.15) 1972 0 R (section*.16) 1973 0 R (section*.17) 1974 0 R (section*.18) 1979 0 R (section*.19) 1980 0 R (section*.2) 1760 0 R (section*.20) 1985 0 R (section*.21) 1995 0 R (section*.22) 2000 0 R (section*.23) 2001 0 R (section*.24) 2002 0 R (section*.25) 2003 0 R (section*.26) 2005 0 R (section*.27) 2006 0 R (section*.28) 2011 0 R (section*.29) 2016 0 R (section*.3) 1766 0 R (section*.30) 2017 0 R (section*.31) 2018 0 R (section*.32) 2020 0 R (section*.33) 2021 0 R (section*.34) 2022 0 R (section*.35) 2023 0 R (section*.36) 2028 0 R (section*.37) 2029 0 R (section*.38) 2030 0 R (section*.39) 2031 0 R (section*.4) 1774 0 R (section*.40) 2032 0 R (section*.41) 2039 0 R (section*.42) 2040 0 R (section*.43) 2041 0 R (section*.44) 2042 0 R (section*.45) 2047 0 R (section*.46) 2052 0 R (section*.47) 2053 0 R (section*.48) 2054 0 R (section*.49) 2055 0 R (section*.5) 1799 0 R (section*.50) 2056 0 R (section*.51) 2057 0 R (section*.52) 2062 0 R (section*.53) 2067 0 R (section*.54) 2072 0 R (section*.55) 2073 0 R (section*.56) 2074 0 R (section*.57) 2080 0 R (section*.58) 2082 0 R (section*.59) 2083 0 R (section*.6) 1811 0 R (section*.60) 2084 0 R (section*.61) 2085 0 R (section*.62) 2086 0 R (section*.63) 2087 0 R (section*.64) 2092 0 R (section*.65) 2093 0 R (section*.66) 2094 0 R (section*.67) 2095 0 R (section*.68) 2096 0 R (section*.69) 2101 0 R (section*.7) 1826 0 R (section*.70) 2102 0 R (section*.71) 2103 0 R (section*.72) 2105 0 R (section*.73) 2106 0 R (section*.74) 2111 0 R (section*.75) 2112 0 R (section*.76) 2126 0 R (section*.77) 2127 0 R (section*.78) 2128 0 R (section*.79) 2130 0 R (section*.8) 1864 0 R (section*.80) 2131 0 R (section*.81) 2136 0 R (section*.82) 2137 0 R (section*.83) 2138 0 R (section*.84) 2139 0 R (section*.85) 2140 0 R (section*.86) 2142 0 R (section*.87) 2143 0 R (section*.88) 2148 0 R (section*.89) 2149 0 R (section*.9) 1882 0 R (section*.90) 2154 0 R (section*.91) 2155 0 R (section*.92) 2160 0 R (section*.93) 2162 0 R (section*.94) 2163 0 R (section*.95) 2164 0 R (section*.96) 2165 0 R (section*.97) 2175 0 R (section*.98) 2176 0 R (section*.99) 2177 0 R (section.1.1) 10 0 R (section.1.2) 14 0 R (section.1.3) 18 0 R (section.1.4) 22 0 R (section.2.1) 70 0 R (section.2.2) 74 0 R (section.2.3) 78 0 R (section.2.4) 82 0 R (section.2.5) 86 0 R (section.3.1) 94 0 R (section.3.2) 106 0 R (section.3.3) 110 0 R (section.4.1) 134 0 R (section.4.2) 138 0 R (section.4.3) 146 0 R (section.4.4) 150 0 R (section.4.5) 158 0 R (section.4.6) 194 0 R (section.4.7) 198 0 R (section.4.8) 202 0 R (section.4.9) 218 0 R (section.5.1) 234 0 R (section.5.2) 238 0 R (section.6.1) 246 0 R (section.6.2) 274 0 R (section.6.3) 494 0 R (section.6.4) 550 0 R (section.7.1) 586 0 R (section.7.2) 590 0 R (section.7.3) 602 0 R (section.8.1) 610 0 R (section.8.2) 618 0 R (section.8.3) 622 0 R (section.A.1) 630 0 R (section.A.2) 638 0 R (section.A.3) 646 0 R (section.B.1) 666 0 R (section.B.10) 702 0 R (section.B.11) 706 0 R (section.B.12) 710 0 R (section.B.13) 714 0 R (section.B.14) 718 0 R (section.B.15) 722 0 R (section.B.16) 726 0 R (section.B.2) 670 0 R (section.B.3) 674 0 R (section.B.4) 678 0 R (section.B.5) 682 0 R (section.B.6) 686 0 R (section.B.7) 690 0 R (section.B.8) 694 0 R (section.B.9) 698 0 R (server_resource_limits) 1416 0 R (server_statement_definition_and_usage) 1359 0 R (server_statement_grammar) 1474 0 R (statistics) 1664 0 R (statistics_counters) 1672 0 R (statschannels) 1485 0 R (statsfile) 1329 0 R (subsection.1.4.1) 26 0 R (subsection.1.4.2) 30 0 R (subsection.1.4.3) 34 0 R (subsection.1.4.4) 38 0 R (subsection.1.4.5) 54 0 R (subsection.1.4.6) 62 0 R (subsection.3.1.1) 98 0 R (subsection.3.1.2) 102 0 R (subsection.3.3.1) 114 0 R (subsection.3.3.2) 126 0 R (subsection.4.2.1) 142 0 R (subsection.4.4.1) 154 0 R (subsection.4.5.1) 162 0 R (subsection.4.5.2) 174 0 R (subsection.4.5.3) 178 0 R (subsection.4.5.4) 182 0 R (subsection.4.5.5) 186 0 R (subsection.4.5.6) 190 0 R (subsection.4.8.1) 206 0 R (subsection.4.8.2) 210 0 R (subsection.4.8.3) 214 0 R (subsection.4.9.1) 222 0 R (subsection.4.9.2) 226 0 R (subsection.6.1.1) 250 0 R (subsection.6.1.2) 262 0 R (subsection.6.2.1) 278 0 R (subsection.6.2.10) 314 0 R (subsection.6.2.11) 330 0 R (subsection.6.2.12) 334 0 R (subsection.6.2.13) 338 0 R (subsection.6.2.14) 342 0 R (subsection.6.2.15) 346 0 R (subsection.6.2.16) 350 0 R (subsection.6.2.17) 430 0 R (subsection.6.2.18) 434 0 R (subsection.6.2.19) 438 0 R (subsection.6.2.2) 282 0 R (subsection.6.2.20) 442 0 R (subsection.6.2.21) 446 0 R (subsection.6.2.22) 450 0 R (subsection.6.2.23) 454 0 R (subsection.6.2.24) 458 0 R (subsection.6.2.25) 462 0 R (subsection.6.2.26) 466 0 R (subsection.6.2.27) 470 0 R (subsection.6.2.28) 474 0 R (subsection.6.2.3) 286 0 R (subsection.6.2.4) 290 0 R (subsection.6.2.5) 294 0 R (subsection.6.2.6) 298 0 R (subsection.6.2.7) 302 0 R (subsection.6.2.8) 306 0 R (subsection.6.2.9) 310 0 R (subsection.6.3.1) 498 0 R (subsection.6.3.2) 510 0 R (subsection.6.3.3) 514 0 R (subsection.6.3.4) 518 0 R (subsection.6.3.5) 522 0 R (subsection.6.3.6) 542 0 R (subsection.6.3.7) 546 0 R (subsection.6.4.1) 558 0 R (subsection.7.2.1) 594 0 R (subsection.7.2.2) 598 0 R (subsection.8.1.1) 614 0 R (subsection.A.1.1) 634 0 R (subsection.A.2.1) 642 0 R (subsection.A.3.1) 650 0 R (subsection.A.3.2) 654 0 R (subsection.A.3.3) 658 0 R (subsubsection.1.4.4.1) 42 0 R (subsubsection.1.4.4.2) 46 0 R (subsubsection.1.4.4.3) 50 0 R (subsubsection.1.4.5.1) 58 0 R (subsubsection.3.3.1.1) 118 0 R (subsubsection.3.3.1.2) 122 0 R (subsubsection.4.5.1.1) 166 0 R (subsubsection.4.5.1.2) 170 0 R (subsubsection.6.1.1.1) 254 0 R (subsubsection.6.1.1.2) 258 0 R (subsubsection.6.1.2.1) 266 0 R (subsubsection.6.1.2.2) 270 0 R (subsubsection.6.2.10.1) 318 0 R (subsubsection.6.2.10.2) 322 0 R (subsubsection.6.2.10.3) 326 0 R (subsubsection.6.2.16.1) 354 0 R (subsubsection.6.2.16.10) 390 0 R (subsubsection.6.2.16.11) 394 0 R (subsubsection.6.2.16.12) 398 0 R (subsubsection.6.2.16.13) 402 0 R (subsubsection.6.2.16.14) 406 0 R (subsubsection.6.2.16.15) 410 0 R (subsubsection.6.2.16.16) 414 0 R (subsubsection.6.2.16.17) 418 0 R (subsubsection.6.2.16.18) 422 0 R (subsubsection.6.2.16.19) 426 0 R (subsubsection.6.2.16.2) 358 0 R (subsubsection.6.2.16.3) 362 0 R (subsubsection.6.2.16.4) 366 0 R (subsubsection.6.2.16.5) 370 0 R (subsubsection.6.2.16.6) 374 0 R (subsubsection.6.2.16.7) 378 0 R (subsubsection.6.2.16.8) 382 0 R (subsubsection.6.2.16.9) 386 0 R (subsubsection.6.2.28.1) 478 0 R (subsubsection.6.2.28.2) 482 0 R (subsubsection.6.2.28.3) 486 0 R (subsubsection.6.2.28.4) 490 0 R (subsubsection.6.3.1.1) 502 0 R (subsubsection.6.3.1.2) 506 0 R (subsubsection.6.3.5.1) 526 0 R (subsubsection.6.3.5.2) 530 0 R (subsubsection.6.3.5.3) 534 0 R (subsubsection.6.3.5.4) 538 0 R (subsubsection.6.4.0.1) 554 0 R (subsubsection.6.4.1.1) 562 0 R (subsubsection.6.4.1.2) 566 0 R (subsubsection.6.4.1.3) 570 0 R (subsubsection.6.4.1.4) 574 0 R (subsubsection.6.4.1.5) 578 0 R (table.1.1) 982 0 R (table.1.2) 992 0 R (table.3.1) 1051 0 R (table.3.2) 1088 0 R (table.6.1) 1208 0 R (table.6.10) 1608 0 R (table.6.11) 1610 0 R (table.6.12) 1620 0 R (table.6.13) 1623 0 R (table.6.14) 1630 0 R (table.6.15) 1633 0 R (table.6.16) 1636 0 R (table.6.17) 1643 0 R (table.6.18) 1659 0 R (table.6.19) 1666 0 R (table.6.2) 1231 0 R (table.6.20) 1675 0 R (table.6.21) 1684 0 R (table.6.22) 1692 0 R (table.6.23) 1699 0 R (table.6.3) 1239 0 R (table.6.4) 1278 0 R (table.6.5) 1290 0 R (table.6.6) 1343 0 R (table.6.7) 1438 0 R (table.6.8) 1521 0 R (table.6.9) 1594 0 R (the_category_phrase) 1272 0 R (the_sortlist_statement) 1428 0 R (topology) 1423 0 R (tsig) 1136 0 R (tuning) 1443 0 R (types_of_resource_records_and_when_to_use_them) 999 0 R (view_statement_grammar) 1458 0 R (zone_statement_grammar) 1377 0 R (zone_transfers) 1112 0 R (zonefile_format) 1450 0 R] /Limits [(Access_Control_Lists) (zonefile_format)] >> endobj 2292 0 obj << @@ -13112,7 +13080,7 @@ endobj >> endobj 2295 0 obj << /Author()/Title()/Subject()/Creator(LaTeX with hyperref package)/Producer(pdfeTeX-1.21a)/Keywords() -/CreationDate (D:20091028181854Z) +/CreationDate (D:20091103215715Z) /PTEX.Fullbanner (This is pdfeTeX, Version 3.141592-1.21a-2.2 (Web2C 7.5.4) kpathsea version 3.5.4) >> endobj xref @@ -13124,727 +13092,727 @@ xref 0000000000 00000 f 0000000009 00000 n 0000073714 00000 n -0000809363 00000 n +0000809178 00000 n 0000000054 00000 n 0000000086 00000 n 0000073838 00000 n -0000809291 00000 n +0000809106 00000 n 0000000133 00000 n 0000000173 00000 n 0000073963 00000 n -0000809205 00000 n +0000809020 00000 n 0000000221 00000 n 0000000273 00000 n 0000074088 00000 n -0000809119 00000 n +0000808934 00000 n 0000000321 00000 n 0000000377 00000 n 0000078413 00000 n -0000809009 00000 n +0000808824 00000 n 0000000425 00000 n 0000000478 00000 n 0000078537 00000 n -0000808935 00000 n +0000808750 00000 n 0000000531 00000 n 0000000572 00000 n 0000078662 00000 n -0000808848 00000 n +0000808663 00000 n 0000000625 00000 n 0000000674 00000 n 0000078786 00000 n -0000808761 00000 n +0000808576 00000 n 0000000727 00000 n 0000000757 00000 n 0000083075 00000 n -0000808637 00000 n +0000808452 00000 n 0000000810 00000 n 0000000861 00000 n 0000083203 00000 n -0000808563 00000 n +0000808378 00000 n 0000000919 00000 n 0000000964 00000 n 0000083331 00000 n -0000808476 00000 n +0000808291 00000 n 0000001022 00000 n 0000001062 00000 n 0000083459 00000 n -0000808402 00000 n +0000808217 00000 n 0000001120 00000 n 0000001162 00000 n 0000086441 00000 n -0000808278 00000 n +0000808093 00000 n 0000001215 00000 n 0000001260 00000 n 0000086569 00000 n -0000808217 00000 n +0000808032 00000 n 0000001318 00000 n 0000001355 00000 n 0000086697 00000 n -0000808143 00000 n +0000807958 00000 n 0000001408 00000 n 0000001463 00000 n 0000089639 00000 n -0000808018 00000 n +0000807833 00000 n 0000001509 00000 n 0000001556 00000 n 0000089767 00000 n -0000807944 00000 n +0000807759 00000 n 0000001604 00000 n 0000001648 00000 n 0000089895 00000 n -0000807857 00000 n +0000807672 00000 n 0000001696 00000 n 0000001735 00000 n 0000090023 00000 n -0000807770 00000 n +0000807585 00000 n 0000001783 00000 n 0000001825 00000 n 0000090150 00000 n -0000807683 00000 n +0000807498 00000 n 0000001873 00000 n 0000001936 00000 n 0000091227 00000 n -0000807609 00000 n +0000807424 00000 n 0000001984 00000 n 0000002034 00000 n 0000092886 00000 n -0000807481 00000 n +0000807296 00000 n 0000002080 00000 n 0000002126 00000 n 0000093013 00000 n -0000807368 00000 n +0000807183 00000 n 0000002174 00000 n 0000002218 00000 n 0000093141 00000 n -0000807292 00000 n +0000807107 00000 n 0000002271 00000 n 0000002323 00000 n 0000093269 00000 n -0000807215 00000 n +0000807030 00000 n 0000002377 00000 n 0000002436 00000 n 0000095715 00000 n -0000807124 00000 n +0000806939 00000 n 0000002485 00000 n 0000002523 00000 n 0000099053 00000 n -0000807007 00000 n +0000806822 00000 n 0000002572 00000 n 0000002618 00000 n 0000099181 00000 n -0000806889 00000 n +0000806704 00000 n 0000002672 00000 n 0000002739 00000 n 0000099309 00000 n -0000806810 00000 n +0000806625 00000 n 0000002798 00000 n 0000002842 00000 n 0000099438 00000 n -0000806731 00000 n +0000806546 00000 n 0000002901 00000 n 0000002949 00000 n 0000111314 00000 n -0000806652 00000 n +0000806467 00000 n 0000003003 00000 n 0000003036 00000 n 0000116624 00000 n -0000806520 00000 n +0000806335 00000 n 0000003083 00000 n 0000003126 00000 n 0000116753 00000 n -0000806441 00000 n +0000806256 00000 n 0000003175 00000 n 0000003205 00000 n 0000116882 00000 n -0000806309 00000 n +0000806124 00000 n 0000003254 00000 n 0000003292 00000 n 0000117011 00000 n -0000806244 00000 n +0000806059 00000 n 0000003346 00000 n 0000003388 00000 n 0000121386 00000 n -0000806151 00000 n +0000805966 00000 n 0000003437 00000 n 0000003496 00000 n 0000121515 00000 n -0000806019 00000 n +0000805834 00000 n 0000003545 00000 n 0000003578 00000 n 0000121644 00000 n -0000805954 00000 n +0000805769 00000 n 0000003632 00000 n 0000003681 00000 n 0000128461 00000 n -0000805822 00000 n +0000805637 00000 n 0000003730 00000 n 0000003758 00000 n 0000131230 00000 n -0000805704 00000 n +0000805519 00000 n 0000003812 00000 n 0000003881 00000 n 0000131359 00000 n -0000805625 00000 n +0000805440 00000 n 0000003940 00000 n 0000003988 00000 n 0000131488 00000 n -0000805546 00000 n +0000805361 00000 n 0000004047 00000 n 0000004092 00000 n 0000131617 00000 n -0000805453 00000 n +0000805268 00000 n 0000004146 00000 n 0000004214 00000 n 0000131746 00000 n -0000805360 00000 n +0000805175 00000 n 0000004268 00000 n 0000004338 00000 n 0000131875 00000 n -0000805267 00000 n +0000805082 00000 n 0000004392 00000 n 0000004455 00000 n 0000135608 00000 n -0000805174 00000 n +0000804989 00000 n 0000004509 00000 n 0000004564 00000 n 0000135737 00000 n -0000805095 00000 n +0000804910 00000 n 0000004618 00000 n 0000004650 00000 n 0000135866 00000 n -0000805002 00000 n +0000804817 00000 n 0000004699 00000 n 0000004727 00000 n 0000139470 00000 n -0000804909 00000 n +0000804724 00000 n 0000004776 00000 n 0000004808 00000 n 0000139599 00000 n -0000804777 00000 n +0000804592 00000 n 0000004857 00000 n 0000004887 00000 n 0000139728 00000 n -0000804698 00000 n +0000804513 00000 n 0000004941 00000 n 0000004982 00000 n 0000143458 00000 n -0000804605 00000 n +0000804420 00000 n 0000005036 00000 n 0000005078 00000 n 0000143587 00000 n -0000804526 00000 n +0000804341 00000 n 0000005132 00000 n 0000005177 00000 n 0000149542 00000 n -0000804408 00000 n +0000804223 00000 n 0000005226 00000 n 0000005272 00000 n 0000149671 00000 n -0000804329 00000 n +0000804144 00000 n 0000005326 00000 n 0000005386 00000 n 0000149800 00000 n -0000804250 00000 n +0000804065 00000 n 0000005440 00000 n 0000005509 00000 n 0000152984 00000 n -0000804117 00000 n +0000803932 00000 n 0000005556 00000 n 0000005609 00000 n 0000153113 00000 n -0000804038 00000 n +0000803853 00000 n 0000005658 00000 n 0000005714 00000 n 0000153242 00000 n -0000803959 00000 n +0000803774 00000 n 0000005763 00000 n 0000005812 00000 n 0000157511 00000 n -0000803826 00000 n +0000803641 00000 n 0000005859 00000 n 0000005911 00000 n 0000157640 00000 n -0000803708 00000 n +0000803523 00000 n 0000005960 00000 n 0000006011 00000 n 0000162330 00000 n -0000803590 00000 n +0000803405 00000 n 0000006065 00000 n 0000006110 00000 n 0000162458 00000 n -0000803511 00000 n +0000803326 00000 n 0000006169 00000 n 0000006203 00000 n 0000166048 00000 n -0000803432 00000 n +0000803247 00000 n 0000006262 00000 n 0000006310 00000 n 0000166177 00000 n -0000803314 00000 n +0000803129 00000 n 0000006364 00000 n 0000006404 00000 n 0000166306 00000 n -0000803235 00000 n +0000803050 00000 n 0000006463 00000 n 0000006497 00000 n 0000170082 00000 n -0000803156 00000 n +0000802971 00000 n 0000006556 00000 n 0000006604 00000 n 0000170211 00000 n -0000803023 00000 n +0000802838 00000 n 0000006653 00000 n 0000006703 00000 n 0000173279 00000 n -0000802944 00000 n +0000802759 00000 n 0000006757 00000 n 0000006804 00000 n 0000173407 00000 n -0000802851 00000 n +0000802666 00000 n 0000006858 00000 n 0000006918 00000 n 0000173666 00000 n -0000802758 00000 n +0000802573 00000 n 0000006972 00000 n 0000007024 00000 n 0000178846 00000 n -0000802665 00000 n +0000802480 00000 n 0000007078 00000 n 0000007143 00000 n 0000178975 00000 n -0000802572 00000 n +0000802387 00000 n 0000007197 00000 n 0000007248 00000 n 0000182449 00000 n -0000802479 00000 n +0000802294 00000 n 0000007302 00000 n 0000007366 00000 n 0000182578 00000 n -0000802386 00000 n +0000802201 00000 n 0000007420 00000 n 0000007467 00000 n 0000182707 00000 n -0000802293 00000 n +0000802108 00000 n 0000007521 00000 n 0000007581 00000 n 0000182836 00000 n -0000802200 00000 n +0000802015 00000 n 0000007635 00000 n 0000007686 00000 n 0000186852 00000 n -0000802068 00000 n +0000801883 00000 n 0000007741 00000 n 0000007806 00000 n 0000186981 00000 n -0000801989 00000 n +0000801804 00000 n 0000007866 00000 n 0000007913 00000 n 0000193797 00000 n -0000801896 00000 n +0000801711 00000 n 0000007973 00000 n 0000008021 00000 n -0000200929 00000 n -0000801817 00000 n +0000200198 00000 n +0000801632 00000 n 0000008081 00000 n 0000008135 00000 n -0000204630 00000 n -0000801724 00000 n +0000203284 00000 n +0000801539 00000 n 0000008190 00000 n 0000008240 00000 n -0000204759 00000 n -0000801631 00000 n +0000206134 00000 n +0000801446 00000 n 0000008295 00000 n 0000008358 00000 n -0000206490 00000 n -0000801538 00000 n +0000206263 00000 n +0000801353 00000 n 0000008413 00000 n 0000008465 00000 n -0000206619 00000 n -0000801445 00000 n +0000206391 00000 n +0000801260 00000 n 0000008520 00000 n 0000008585 00000 n -0000206747 00000 n -0000801352 00000 n +0000206519 00000 n +0000801167 00000 n 0000008640 00000 n 0000008692 00000 n -0000212548 00000 n -0000801219 00000 n +0000212092 00000 n +0000801034 00000 n 0000008747 00000 n 0000008812 00000 n -0000225487 00000 n -0000801140 00000 n +0000228344 00000 n +0000800955 00000 n 0000008872 00000 n 0000008916 00000 n -0000250777 00000 n -0000801047 00000 n +0000249840 00000 n +0000800862 00000 n 0000008976 00000 n 0000009015 00000 n -0000250906 00000 n -0000800954 00000 n +0000249969 00000 n +0000800769 00000 n 0000009075 00000 n 0000009122 00000 n -0000251035 00000 n -0000800861 00000 n +0000250097 00000 n +0000800676 00000 n 0000009182 00000 n 0000009225 00000 n -0000258398 00000 n -0000800768 00000 n +0000257289 00000 n +0000800583 00000 n 0000009285 00000 n 0000009324 00000 n -0000258526 00000 n -0000800675 00000 n +0000261042 00000 n +0000800490 00000 n 0000009384 00000 n 0000009426 00000 n -0000265598 00000 n -0000800582 00000 n +0000264019 00000 n +0000800397 00000 n 0000009486 00000 n 0000009529 00000 n -0000273368 00000 n -0000800489 00000 n +0000271609 00000 n +0000800304 00000 n 0000009589 00000 n 0000009632 00000 n -0000273497 00000 n -0000800396 00000 n +0000275993 00000 n +0000800211 00000 n 0000009692 00000 n 0000009753 00000 n -0000277450 00000 n -0000800303 00000 n +0000276122 00000 n +0000800118 00000 n 0000009814 00000 n 0000009866 00000 n -0000277579 00000 n -0000800210 00000 n +0000279923 00000 n +0000800025 00000 n 0000009927 00000 n 0000009980 00000 n -0000280795 00000 n -0000800117 00000 n +0000280051 00000 n +0000799932 00000 n 0000010041 00000 n 0000010079 00000 n -0000284645 00000 n -0000800024 00000 n +0000284136 00000 n +0000799839 00000 n 0000010140 00000 n 0000010192 00000 n -0000288061 00000 n -0000799931 00000 n +0000287127 00000 n +0000799746 00000 n 0000010253 00000 n 0000010297 00000 n -0000292241 00000 n -0000799838 00000 n +0000290947 00000 n +0000799653 00000 n 0000010358 00000 n 0000010394 00000 n -0000297161 00000 n -0000799745 00000 n +0000299584 00000 n +0000799560 00000 n 0000010455 00000 n 0000010518 00000 n -0000300516 00000 n -0000799652 00000 n +0000299713 00000 n +0000799467 00000 n 0000010579 00000 n 0000010629 00000 n -0000304309 00000 n -0000799559 00000 n +0000302914 00000 n +0000799374 00000 n 0000010690 00000 n 0000010746 00000 n -0000308483 00000 n -0000799480 00000 n +0000307356 00000 n +0000799295 00000 n 0000010807 00000 n 0000010854 00000 n -0000311630 00000 n -0000799387 00000 n +0000310690 00000 n +0000799202 00000 n 0000010909 00000 n 0000010960 00000 n -0000311759 00000 n -0000799294 00000 n +0000315319 00000 n +0000799109 00000 n 0000011015 00000 n 0000011079 00000 n -0000316642 00000 n -0000799201 00000 n +0000319284 00000 n +0000799016 00000 n 0000011134 00000 n 0000011198 00000 n -0000320520 00000 n -0000799108 00000 n +0000319413 00000 n +0000798923 00000 n 0000011253 00000 n 0000011330 00000 n -0000320649 00000 n -0000799015 00000 n +0000319542 00000 n +0000798830 00000 n 0000011385 00000 n 0000011442 00000 n -0000320778 00000 n -0000798922 00000 n +0000319671 00000 n +0000798737 00000 n 0000011497 00000 n 0000011567 00000 n -0000325086 00000 n -0000798829 00000 n +0000323695 00000 n +0000798644 00000 n 0000011622 00000 n 0000011679 00000 n -0000325215 00000 n -0000798736 00000 n +0000323824 00000 n +0000798551 00000 n 0000011734 00000 n 0000011804 00000 n -0000328673 00000 n -0000798643 00000 n +0000328095 00000 n +0000798458 00000 n 0000011859 00000 n 0000011908 00000 n -0000328802 00000 n -0000798550 00000 n +0000328223 00000 n +0000798365 00000 n 0000011963 00000 n 0000012025 00000 n -0000330556 00000 n -0000798457 00000 n +0000330105 00000 n +0000798272 00000 n 0000012080 00000 n 0000012129 00000 n -0000337530 00000 n -0000798339 00000 n +0000335499 00000 n +0000798154 00000 n 0000012184 00000 n 0000012246 00000 n -0000337659 00000 n -0000798260 00000 n +0000335628 00000 n +0000798075 00000 n 0000012306 00000 n 0000012345 00000 n -0000342914 00000 n -0000798167 00000 n +0000339954 00000 n +0000797982 00000 n 0000012405 00000 n 0000012439 00000 n -0000343043 00000 n -0000798074 00000 n +0000345857 00000 n +0000797889 00000 n 0000012499 00000 n 0000012540 00000 n -0000359893 00000 n -0000797995 00000 n +0000361728 00000 n +0000797810 00000 n 0000012600 00000 n 0000012652 00000 n -0000367453 00000 n -0000797863 00000 n +0000369044 00000 n +0000797678 00000 n 0000012701 00000 n 0000012734 00000 n -0000367582 00000 n -0000797745 00000 n +0000369173 00000 n +0000797560 00000 n 0000012788 00000 n 0000012860 00000 n -0000367710 00000 n -0000797666 00000 n +0000369301 00000 n +0000797481 00000 n 0000012919 00000 n 0000012963 00000 n -0000378500 00000 n -0000797587 00000 n +0000376715 00000 n +0000797402 00000 n 0000013022 00000 n 0000013075 00000 n -0000378887 00000 n -0000797494 00000 n +0000380480 00000 n +0000797309 00000 n 0000013129 00000 n 0000013179 00000 n -0000382250 00000 n -0000797401 00000 n +0000380738 00000 n +0000797216 00000 n 0000013233 00000 n 0000013271 00000 n -0000382509 00000 n -0000797308 00000 n +0000384189 00000 n +0000797123 00000 n 0000013325 00000 n 0000013374 00000 n -0000385594 00000 n -0000797176 00000 n +0000384447 00000 n +0000796991 00000 n 0000013428 00000 n 0000013480 00000 n -0000385723 00000 n -0000797097 00000 n +0000384575 00000 n +0000796912 00000 n 0000013539 00000 n 0000013584 00000 n -0000385852 00000 n -0000797004 00000 n +0000384704 00000 n +0000796819 00000 n 0000013643 00000 n 0000013695 00000 n -0000385981 00000 n -0000796911 00000 n +0000387323 00000 n +0000796726 00000 n 0000013754 00000 n 0000013807 00000 n -0000388172 00000 n -0000796832 00000 n +0000387452 00000 n +0000796647 00000 n 0000013866 00000 n 0000013915 00000 n -0000388300 00000 n -0000796739 00000 n +0000387581 00000 n +0000796554 00000 n 0000013969 00000 n 0000014049 00000 n -0000392598 00000 n -0000796660 00000 n +0000394680 00000 n +0000796475 00000 n 0000014103 00000 n 0000014152 00000 n -0000392727 00000 n -0000796542 00000 n +0000394809 00000 n +0000796357 00000 n 0000014201 00000 n 0000014241 00000 n -0000396172 00000 n -0000796463 00000 n +0000398249 00000 n +0000796278 00000 n 0000014300 00000 n 0000014347 00000 n -0000399548 00000 n -0000796345 00000 n +0000398378 00000 n +0000796160 00000 n 0000014401 00000 n 0000014446 00000 n -0000399677 00000 n -0000796266 00000 n +0000398507 00000 n +0000796081 00000 n 0000014505 00000 n 0000014564 00000 n -0000403017 00000 n -0000796173 00000 n +0000402263 00000 n +0000795988 00000 n 0000014623 00000 n 0000014687 00000 n -0000403276 00000 n -0000796080 00000 n +0000405983 00000 n +0000795895 00000 n 0000014746 00000 n 0000014802 00000 n -0000407430 00000 n -0000795987 00000 n +0000409000 00000 n +0000795802 00000 n 0000014861 00000 n 0000014919 00000 n -0000409438 00000 n -0000795908 00000 n +0000409258 00000 n +0000795723 00000 n 0000014978 00000 n 0000015040 00000 n -0000411217 00000 n -0000795775 00000 n +0000411037 00000 n +0000795590 00000 n 0000015087 00000 n 0000015139 00000 n -0000411346 00000 n -0000795696 00000 n +0000411166 00000 n +0000795511 00000 n 0000015188 00000 n 0000015232 00000 n -0000415380 00000 n -0000795564 00000 n +0000415200 00000 n +0000795379 00000 n 0000015281 00000 n 0000015322 00000 n -0000415509 00000 n -0000795485 00000 n +0000415329 00000 n +0000795300 00000 n 0000015376 00000 n 0000015424 00000 n -0000415637 00000 n -0000795406 00000 n +0000415457 00000 n +0000795221 00000 n 0000015478 00000 n 0000015529 00000 n -0000415766 00000 n -0000795327 00000 n +0000415586 00000 n +0000795142 00000 n 0000015578 00000 n 0000015625 00000 n -0000420360 00000 n -0000795194 00000 n +0000420180 00000 n +0000795009 00000 n 0000015672 00000 n 0000015709 00000 n -0000420489 00000 n -0000795076 00000 n +0000420309 00000 n +0000794891 00000 n 0000015758 00000 n 0000015797 00000 n -0000420618 00000 n -0000795011 00000 n +0000420438 00000 n +0000794826 00000 n 0000015851 00000 n 0000015929 00000 n -0000420747 00000 n -0000794918 00000 n +0000420567 00000 n +0000794733 00000 n 0000015978 00000 n 0000016045 00000 n -0000420876 00000 n -0000794839 00000 n +0000420696 00000 n +0000794654 00000 n 0000016094 00000 n 0000016139 00000 n -0000424316 00000 n -0000794706 00000 n +0000424136 00000 n +0000794521 00000 n 0000016187 00000 n 0000016219 00000 n -0000424445 00000 n -0000794588 00000 n +0000424265 00000 n +0000794403 00000 n 0000016268 00000 n 0000016307 00000 n -0000424574 00000 n -0000794523 00000 n +0000424394 00000 n +0000794338 00000 n 0000016361 00000 n 0000016422 00000 n -0000428255 00000 n -0000794391 00000 n +0000428075 00000 n +0000794206 00000 n 0000016471 00000 n 0000016528 00000 n -0000428384 00000 n -0000794326 00000 n +0000428204 00000 n +0000794141 00000 n 0000016582 00000 n 0000016631 00000 n -0000428513 00000 n -0000794208 00000 n +0000428333 00000 n +0000794023 00000 n 0000016680 00000 n 0000016742 00000 n -0000428642 00000 n -0000794129 00000 n +0000428462 00000 n +0000793944 00000 n 0000016796 00000 n 0000016851 00000 n -0000452665 00000 n -0000794036 00000 n +0000452485 00000 n +0000793851 00000 n 0000016905 00000 n 0000016946 00000 n -0000452794 00000 n -0000793957 00000 n +0000452614 00000 n +0000793772 00000 n 0000017000 00000 n 0000017052 00000 n -0000455525 00000 n -0000793837 00000 n +0000455345 00000 n +0000793652 00000 n 0000017100 00000 n 0000017134 00000 n -0000455654 00000 n -0000793758 00000 n +0000455474 00000 n +0000793573 00000 n 0000017183 00000 n 0000017210 00000 n -0000473476 00000 n -0000793665 00000 n +0000473296 00000 n +0000793480 00000 n 0000017259 00000 n 0000017287 00000 n -0000481010 00000 n -0000793572 00000 n +0000480830 00000 n +0000793387 00000 n 0000017336 00000 n 0000017376 00000 n -0000487261 00000 n -0000793479 00000 n +0000487076 00000 n +0000793294 00000 n 0000017425 00000 n 0000017468 00000 n -0000493751 00000 n -0000793386 00000 n +0000493566 00000 n +0000793201 00000 n 0000017517 00000 n 0000017554 00000 n -0000506413 00000 n -0000793293 00000 n +0000506229 00000 n +0000793108 00000 n 0000017603 00000 n 0000017640 00000 n -0000509914 00000 n -0000793200 00000 n +0000509732 00000 n +0000793015 00000 n 0000017689 00000 n 0000017727 00000 n -0000513167 00000 n -0000793107 00000 n +0000512985 00000 n +0000792922 00000 n 0000017776 00000 n 0000017815 00000 n -0000526648 00000 n -0000793014 00000 n +0000526466 00000 n +0000792829 00000 n 0000017864 00000 n 0000017903 00000 n -0000529371 00000 n -0000792921 00000 n +0000529189 00000 n +0000792736 00000 n 0000017953 00000 n 0000017993 00000 n -0000539063 00000 n -0000792828 00000 n +0000538881 00000 n +0000792643 00000 n 0000018043 00000 n 0000018073 00000 n -0000548798 00000 n -0000792735 00000 n +0000548616 00000 n +0000792550 00000 n 0000018123 00000 n 0000018156 00000 n -0000563202 00000 n -0000792642 00000 n +0000563020 00000 n +0000792457 00000 n 0000018206 00000 n 0000018235 00000 n -0000566429 00000 n -0000792549 00000 n +0000566247 00000 n +0000792364 00000 n 0000018285 00000 n 0000018319 00000 n -0000572337 00000 n -0000792456 00000 n +0000572155 00000 n +0000792271 00000 n 0000018369 00000 n 0000018406 00000 n -0000579088 00000 n -0000792377 00000 n +0000578906 00000 n +0000792192 00000 n 0000018456 00000 n 0000018493 00000 n 0000018862 00000 n @@ -13853,10 +13821,10 @@ xref 0000018546 00000 n 0000026687 00000 n 0000026750 00000 n -0000787388 00000 n -0000761445 00000 n -0000787214 00000 n -0000788413 00000 n +0000787203 00000 n +0000761260 00000 n +0000787029 00000 n +0000788228 00000 n 0000021847 00000 n 0000022064 00000 n 0000022133 00000 n @@ -13877,12 +13845,12 @@ xref 0000027992 00000 n 0000026913 00000 n 0000028114 00000 n -0000760224 00000 n -0000733703 00000 n -0000760050 00000 n -0000733018 00000 n -0000730874 00000 n -0000732854 00000 n +0000760039 00000 n +0000733518 00000 n +0000759865 00000 n +0000732833 00000 n +0000730689 00000 n +0000732669 00000 n 0000039881 00000 n 0000031232 00000 n 0000028262 00000 n @@ -13938,13 +13906,13 @@ xref 0000039290 00000 n 0000039445 00000 n 0000039600 00000 n -0000053267 00000 n +0000053268 00000 n 0000043217 00000 n 0000039966 00000 n -0000053204 00000 n -0000730323 00000 n -0000713242 00000 n -0000730139 00000 n +0000053205 00000 n +0000730138 00000 n +0000713057 00000 n +0000729954 00000 n 0000043807 00000 n 0000043970 00000 n 0000044133 00000 n @@ -13998,28 +13966,28 @@ xref 0000052034 00000 n 0000052204 00000 n 0000052372 00000 n -0000052541 00000 n -0000052709 00000 n -0000052876 00000 n -0000053043 00000 n +0000052542 00000 n +0000052710 00000 n +0000052877 00000 n +0000053044 00000 n 0000066633 00000 n -0000056923 00000 n -0000053365 00000 n +0000056922 00000 n +0000053366 00000 n 0000066570 00000 n -0000057505 00000 n -0000057668 00000 n -0000057831 00000 n -0000057994 00000 n -0000058157 00000 n -0000058319 00000 n -0000058481 00000 n -0000058643 00000 n -0000058805 00000 n -0000058967 00000 n -0000059129 00000 n -0000059291 00000 n -0000059458 00000 n -0000059625 00000 n +0000057504 00000 n +0000057667 00000 n +0000057830 00000 n +0000057993 00000 n +0000058156 00000 n +0000058318 00000 n +0000058480 00000 n +0000058642 00000 n +0000058804 00000 n +0000058966 00000 n +0000059128 00000 n +0000059290 00000 n +0000059457 00000 n +0000059624 00000 n 0000059792 00000 n 0000059959 00000 n 0000060116 00000 n @@ -14042,9 +14010,9 @@ xref 0000062905 00000 n 0000063072 00000 n 0000063238 00000 n -0000712353 00000 n -0000691022 00000 n -0000712179 00000 n +0000712168 00000 n +0000690837 00000 n +0000711994 00000 n 0000063404 00000 n 0000063570 00000 n 0000063725 00000 n @@ -14084,9 +14052,9 @@ xref 0000070153 00000 n 0000070310 00000 n 0000070468 00000 n -0000690056 00000 n -0000670089 00000 n -0000689883 00000 n +0000689871 00000 n +0000669904 00000 n +0000689698 00000 n 0000070626 00000 n 0000070784 00000 n 0000070942 00000 n @@ -14100,10 +14068,10 @@ xref 0000074150 00000 n 0000074213 00000 n 0000074276 00000 n -0000669295 00000 n -0000650978 00000 n -0000669122 00000 n -0000788531 00000 n +0000669110 00000 n +0000650793 00000 n +0000668937 00000 n +0000788346 00000 n 0000078910 00000 n 0000077730 00000 n 0000074463 00000 n @@ -14116,8 +14084,8 @@ xref 0000077880 00000 n 0000078073 00000 n 0000078847 00000 n -0000367646 00000 n -0000428706 00000 n +0000369237 00000 n +0000428526 00000 n 0000083587 00000 n 0000082530 00000 n 0000079034 00000 n @@ -14147,7 +14115,7 @@ xref 0000089268 00000 n 0000089421 00000 n 0000090213 00000 n -0000304373 00000 n +0000302977 00000 n 0000091355 00000 n 0000091037 00000 n 0000090364 00000 n @@ -14161,7 +14129,7 @@ xref 0000093076 00000 n 0000093204 00000 n 0000093333 00000 n -0000788653 00000 n +0000788468 00000 n 0000095974 00000 n 0000095344 00000 n 0000093497 00000 n @@ -14170,29 +14138,29 @@ xref 0000095844 00000 n 0000095909 00000 n 0000095491 00000 n -0000288125 00000 n +0000287190 00000 n 0000099567 00000 n 0000098862 00000 n 0000096086 00000 n 0000098988 00000 n 0000099117 00000 n 0000099244 00000 n -0000650295 00000 n -0000638233 00000 n -0000650116 00000 n +0000650110 00000 n +0000638048 00000 n +0000649931 00000 n 0000099502 00000 n 0000103686 00000 n 0000102960 00000 n 0000099693 00000 n 0000103621 00000 n -0000637660 00000 n -0000626674 00000 n -0000637481 00000 n +0000637475 00000 n +0000626492 00000 n +0000637296 00000 n 0000103125 00000 n 0000103279 00000 n 0000103450 00000 n -0000212612 00000 n -0000359957 00000 n +0000212156 00000 n +0000361792 00000 n 0000107856 00000 n 0000107457 00000 n 0000103852 00000 n @@ -14215,21 +14183,21 @@ xref 0000116817 00000 n 0000116064 00000 n 0000116226 00000 n -0000625776 00000 n -0000615980 00000 n -0000625602 00000 n -0000615416 00000 n -0000606330 00000 n -0000615241 00000 n +0000625594 00000 n +0000615798 00000 n +0000625420 00000 n +0000615234 00000 n +0000606148 00000 n +0000615059 00000 n 0000116946 00000 n 0000116388 00000 n 0000117075 00000 n -0000788778 00000 n +0000788593 00000 n 0000115893 00000 n 0000115951 00000 n 0000116041 00000 n -0000225551 00000 n -0000265662 00000 n +0000228408 00000 n +0000264083 00000 n 0000121771 00000 n 0000120837 00000 n 0000117308 00000 n @@ -14239,7 +14207,7 @@ xref 0000121159 00000 n 0000121579 00000 n 0000121707 00000 n -0000432734 00000 n +0000432554 00000 n 0000125430 00000 n 0000125050 00000 n 0000121923 00000 n @@ -14272,7 +14240,7 @@ xref 0000135372 00000 n 0000135801 00000 n 0000135930 00000 n -0000788903 00000 n +0000788718 00000 n 0000139857 00000 n 0000139279 00000 n 0000136132 00000 n @@ -14294,14 +14262,14 @@ xref 0000149169 00000 n 0000146252 00000 n 0000149477 00000 n -0000606055 00000 n -0000602696 00000 n -0000605876 00000 n +0000605873 00000 n +0000602514 00000 n +0000605694 00000 n 0000149606 00000 n 0000149316 00000 n 0000149735 00000 n 0000149864 00000 n -0000428448 00000 n +0000428268 00000 n 0000150700 00000 n 0000150509 00000 n 0000150111 00000 n @@ -14313,7 +14281,7 @@ xref 0000153048 00000 n 0000153177 00000 n 0000153306 00000 n -0000789028 00000 n +0000788843 00000 n 0000153811 00000 n 0000153620 00000 n 0000153470 00000 n @@ -14358,7 +14326,7 @@ xref 0000173536 00000 n 0000173601 00000 n 0000173727 00000 n -0000789153 00000 n +0000788968 00000 n 0000179103 00000 n 0000178315 00000 n 0000173904 00000 n @@ -14366,7 +14334,7 @@ xref 0000178471 00000 n 0000178622 00000 n 0000179039 00000 n -0000581322 00000 n +0000581140 00000 n 0000182965 00000 n 0000181694 00000 n 0000179241 00000 n @@ -14396,1030 +14364,1030 @@ xref 0000193732 00000 n 0000193926 00000 n 0000193991 00000 n -0000197611 00000 n -0000197420 00000 n +0000196858 00000 n +0000196667 00000 n 0000194168 00000 n -0000197546 00000 n -0000789278 00000 n -0000201188 00000 n -0000200738 00000 n -0000197723 00000 n -0000200864 00000 n -0000200993 00000 n -0000201058 00000 n -0000201123 00000 n -0000204888 00000 n -0000204103 00000 n -0000201300 00000 n -0000204565 00000 n -0000204694 00000 n -0000204823 00000 n -0000204259 00000 n -0000204412 00000 n -0000206876 00000 n -0000206299 00000 n -0000205000 00000 n -0000206425 00000 n -0000206554 00000 n -0000206683 00000 n -0000206811 00000 n -0000208396 00000 n -0000208205 00000 n -0000206988 00000 n -0000208331 00000 n -0000209950 00000 n -0000209759 00000 n -0000208495 00000 n -0000209885 00000 n -0000212677 00000 n -0000212357 00000 n -0000210049 00000 n -0000212483 00000 n -0000789403 00000 n -0000217067 00000 n -0000216876 00000 n -0000212803 00000 n -0000217002 00000 n -0000221518 00000 n -0000220971 00000 n -0000217205 00000 n -0000221453 00000 n -0000221127 00000 n -0000221284 00000 n -0000396236 00000 n -0000225616 00000 n -0000225122 00000 n -0000221643 00000 n -0000225422 00000 n -0000602341 00000 n -0000600343 00000 n -0000602176 00000 n -0000225269 00000 n -0000229578 00000 n -0000229257 00000 n -0000225755 00000 n -0000229383 00000 n -0000229448 00000 n -0000229513 00000 n -0000234658 00000 n -0000233560 00000 n -0000229703 00000 n -0000234593 00000 n -0000233743 00000 n -0000233897 00000 n -0000234053 00000 n -0000234237 00000 n -0000234410 00000 n -0000311823 00000 n -0000239219 00000 n -0000238822 00000 n -0000234826 00000 n -0000239154 00000 n -0000238969 00000 n -0000789528 00000 n -0000243110 00000 n -0000242919 00000 n -0000239357 00000 n -0000243045 00000 n -0000246838 00000 n -0000246647 00000 n -0000243222 00000 n -0000246773 00000 n -0000251164 00000 n -0000250219 00000 n -0000246950 00000 n -0000250712 00000 n -0000250841 00000 n -0000250375 00000 n -0000250970 00000 n -0000251099 00000 n -0000250545 00000 n -0000330620 00000 n -0000255133 00000 n -0000254571 00000 n -0000251333 00000 n -0000255068 00000 n -0000254727 00000 n -0000254897 00000 n -0000415830 00000 n -0000258655 00000 n -0000258207 00000 n -0000255302 00000 n -0000258333 00000 n -0000258462 00000 n -0000258590 00000 n -0000261849 00000 n -0000261658 00000 n -0000258767 00000 n -0000261784 00000 n -0000789653 00000 n -0000265727 00000 n -0000265407 00000 n -0000262018 00000 n -0000265533 00000 n -0000269285 00000 n -0000269094 00000 n -0000265883 00000 n -0000269220 00000 n -0000273626 00000 n -0000272812 00000 n -0000269454 00000 n -0000273303 00000 n -0000273432 00000 n -0000272968 00000 n -0000273561 00000 n -0000273129 00000 n -0000277707 00000 n -0000277083 00000 n -0000273781 00000 n -0000277385 00000 n -0000277514 00000 n -0000277230 00000 n -0000277643 00000 n -0000280924 00000 n -0000280604 00000 n -0000277832 00000 n -0000280730 00000 n -0000280859 00000 n -0000284773 00000 n -0000284107 00000 n -0000281079 00000 n -0000284580 00000 n -0000284708 00000 n -0000284263 00000 n -0000284424 00000 n -0000789778 00000 n -0000288320 00000 n -0000287679 00000 n -0000284942 00000 n -0000287996 00000 n -0000287826 00000 n -0000288190 00000 n -0000288255 00000 n -0000292370 00000 n -0000291867 00000 n -0000288503 00000 n -0000292176 00000 n -0000292305 00000 n -0000292014 00000 n -0000297290 00000 n -0000296613 00000 n -0000292538 00000 n -0000297096 00000 n -0000296769 00000 n -0000297225 00000 n -0000296931 00000 n -0000392662 00000 n -0000328737 00000 n -0000300645 00000 n -0000300325 00000 n -0000297416 00000 n -0000300451 00000 n -0000300580 00000 n -0000304438 00000 n -0000304118 00000 n -0000300770 00000 n -0000304244 00000 n -0000308612 00000 n -0000308121 00000 n -0000304593 00000 n -0000308418 00000 n -0000308547 00000 n -0000308268 00000 n -0000789903 00000 n -0000311888 00000 n -0000311439 00000 n -0000308738 00000 n -0000311565 00000 n -0000311694 00000 n -0000316771 00000 n -0000316109 00000 n -0000312000 00000 n -0000316577 00000 n -0000316265 00000 n -0000316416 00000 n -0000316706 00000 n -0000320907 00000 n -0000320154 00000 n -0000316883 00000 n -0000320455 00000 n -0000320584 00000 n -0000320713 00000 n -0000320842 00000 n -0000320301 00000 n -0000325344 00000 n -0000324895 00000 n -0000321019 00000 n -0000325021 00000 n -0000325150 00000 n -0000325279 00000 n -0000328931 00000 n -0000328482 00000 n -0000325482 00000 n -0000328608 00000 n -0000328866 00000 n -0000330685 00000 n -0000330365 00000 n -0000329043 00000 n -0000330491 00000 n -0000790028 00000 n -0000332270 00000 n -0000332079 00000 n -0000330797 00000 n -0000332205 00000 n -0000333624 00000 n -0000333433 00000 n -0000332369 00000 n -0000333559 00000 n -0000337918 00000 n -0000337339 00000 n -0000333723 00000 n -0000337465 00000 n -0000337594 00000 n -0000337723 00000 n -0000337788 00000 n -0000337853 00000 n -0000343172 00000 n -0000341329 00000 n -0000338030 00000 n -0000342849 00000 n -0000341539 00000 n -0000342978 00000 n -0000343107 00000 n -0000341707 00000 n -0000341869 00000 n -0000342031 00000 n -0000342193 00000 n -0000342355 00000 n -0000342517 00000 n -0000342688 00000 n -0000581289 00000 n -0000348444 00000 n -0000346524 00000 n -0000343284 00000 n -0000348379 00000 n -0000346752 00000 n -0000346915 00000 n -0000347078 00000 n -0000347241 00000 n -0000347403 00000 n -0000347566 00000 n -0000347728 00000 n -0000347891 00000 n -0000348050 00000 n -0000348211 00000 n -0000354782 00000 n -0000351214 00000 n -0000348569 00000 n -0000354717 00000 n -0000351532 00000 n -0000351701 00000 n -0000351863 00000 n -0000352025 00000 n -0000352187 00000 n -0000352349 00000 n -0000352512 00000 n -0000352665 00000 n -0000352828 00000 n -0000352982 00000 n -0000353135 00000 n -0000353289 00000 n -0000353443 00000 n -0000353605 00000 n -0000353767 00000 n -0000353927 00000 n -0000354086 00000 n -0000354248 00000 n -0000354408 00000 n -0000354566 00000 n -0000790153 00000 n -0000360020 00000 n -0000358503 00000 n -0000354894 00000 n -0000359828 00000 n -0000358704 00000 n -0000358867 00000 n -0000359020 00000 n -0000359185 00000 n -0000359351 00000 n -0000359514 00000 n -0000359668 00000 n -0000493815 00000 n -0000509978 00000 n -0000363860 00000 n -0000363541 00000 n -0000360145 00000 n -0000363667 00000 n -0000363732 00000 n -0000363795 00000 n -0000368097 00000 n -0000366901 00000 n -0000364042 00000 n -0000367388 00000 n -0000367517 00000 n -0000367774 00000 n -0000367057 00000 n -0000367227 00000 n -0000367839 00000 n -0000367904 00000 n -0000367969 00000 n -0000368033 00000 n -0000371444 00000 n -0000371253 00000 n -0000368279 00000 n -0000371379 00000 n -0000375184 00000 n -0000374863 00000 n -0000371530 00000 n -0000374989 00000 n -0000375054 00000 n -0000375119 00000 n -0000379016 00000 n -0000378309 00000 n -0000375296 00000 n -0000378435 00000 n -0000378564 00000 n -0000378627 00000 n -0000378692 00000 n -0000378757 00000 n -0000378822 00000 n -0000378951 00000 n -0000790278 00000 n -0000382767 00000 n -0000381929 00000 n -0000379128 00000 n -0000382055 00000 n -0000382120 00000 n -0000382185 00000 n -0000382314 00000 n -0000382379 00000 n -0000382444 00000 n -0000382573 00000 n -0000382638 00000 n -0000382702 00000 n -0000386110 00000 n -0000385403 00000 n -0000382892 00000 n -0000385529 00000 n -0000385658 00000 n -0000385787 00000 n -0000385916 00000 n -0000386045 00000 n -0000388559 00000 n -0000387981 00000 n -0000386307 00000 n -0000388107 00000 n -0000388236 00000 n -0000388364 00000 n -0000388429 00000 n -0000388494 00000 n -0000392856 00000 n -0000392407 00000 n -0000388685 00000 n -0000392533 00000 n -0000392791 00000 n -0000396301 00000 n -0000395670 00000 n -0000392981 00000 n -0000395977 00000 n -0000396042 00000 n -0000396107 00000 n -0000395817 00000 n -0000399936 00000 n -0000399357 00000 n -0000396413 00000 n -0000399483 00000 n -0000399612 00000 n -0000399741 00000 n -0000399806 00000 n -0000399871 00000 n -0000790403 00000 n -0000403535 00000 n -0000402640 00000 n -0000400048 00000 n -0000402952 00000 n -0000402787 00000 n -0000403081 00000 n -0000403146 00000 n -0000403211 00000 n -0000403340 00000 n -0000403405 00000 n -0000403470 00000 n -0000581256 00000 n -0000407689 00000 n -0000407239 00000 n -0000403647 00000 n -0000407365 00000 n -0000407494 00000 n -0000407559 00000 n -0000407624 00000 n -0000409567 00000 n -0000409247 00000 n -0000407815 00000 n -0000409373 00000 n -0000600062 00000 n -0000592778 00000 n -0000599882 00000 n -0000409502 00000 n -0000411475 00000 n -0000411026 00000 n -0000409707 00000 n -0000411152 00000 n -0000411281 00000 n -0000411410 00000 n -0000415895 00000 n -0000414952 00000 n -0000411587 00000 n -0000415315 00000 n -0000592457 00000 n -0000583244 00000 n -0000592271 00000 n -0000415099 00000 n -0000415444 00000 n -0000415572 00000 n -0000415701 00000 n -0000417251 00000 n -0000417060 00000 n -0000416132 00000 n -0000417186 00000 n -0000790528 00000 n -0000417691 00000 n -0000417500 00000 n -0000417350 00000 n -0000417626 00000 n -0000421004 00000 n -0000419778 00000 n -0000417733 00000 n -0000420295 00000 n -0000420424 00000 n -0000420553 00000 n -0000420682 00000 n -0000420811 00000 n -0000420940 00000 n -0000419934 00000 n -0000420106 00000 n -0000421458 00000 n -0000421267 00000 n -0000421117 00000 n -0000421393 00000 n -0000424703 00000 n -0000424125 00000 n -0000421500 00000 n -0000424251 00000 n -0000424380 00000 n -0000424509 00000 n -0000424638 00000 n -0000428899 00000 n -0000427680 00000 n -0000424789 00000 n -0000428190 00000 n -0000428319 00000 n -0000428577 00000 n -0000427836 00000 n -0000428015 00000 n -0000428771 00000 n -0000428835 00000 n -0000435786 00000 n -0000431958 00000 n -0000429052 00000 n -0000432084 00000 n -0000432149 00000 n -0000432214 00000 n -0000432279 00000 n -0000432344 00000 n -0000432409 00000 n -0000432474 00000 n -0000432539 00000 n -0000432604 00000 n -0000432669 00000 n -0000432799 00000 n -0000432864 00000 n -0000432929 00000 n -0000432994 00000 n -0000433059 00000 n -0000433124 00000 n -0000433189 00000 n -0000433254 00000 n -0000433319 00000 n -0000433384 00000 n -0000433449 00000 n -0000433514 00000 n -0000433579 00000 n -0000433644 00000 n -0000433709 00000 n -0000433774 00000 n -0000433839 00000 n -0000433904 00000 n -0000433969 00000 n -0000434034 00000 n -0000434099 00000 n -0000434164 00000 n -0000434229 00000 n -0000434294 00000 n -0000434358 00000 n -0000434423 00000 n -0000434488 00000 n -0000434553 00000 n -0000434618 00000 n -0000434683 00000 n -0000434748 00000 n -0000434813 00000 n -0000434878 00000 n -0000434943 00000 n -0000435008 00000 n -0000435073 00000 n -0000435138 00000 n -0000435203 00000 n -0000435268 00000 n -0000435333 00000 n -0000435398 00000 n -0000435463 00000 n -0000435528 00000 n -0000435593 00000 n -0000435658 00000 n -0000435722 00000 n -0000790653 00000 n -0000442432 00000 n -0000438868 00000 n -0000435898 00000 n -0000438994 00000 n -0000439059 00000 n -0000439124 00000 n -0000439189 00000 n -0000439254 00000 n -0000439319 00000 n -0000439384 00000 n -0000439449 00000 n -0000439514 00000 n -0000439579 00000 n -0000439644 00000 n -0000439709 00000 n -0000439773 00000 n -0000439838 00000 n -0000439903 00000 n -0000439968 00000 n -0000440033 00000 n -0000440098 00000 n -0000440163 00000 n -0000440228 00000 n -0000440293 00000 n -0000440358 00000 n -0000440423 00000 n -0000440488 00000 n -0000440552 00000 n -0000440617 00000 n -0000440682 00000 n -0000440747 00000 n -0000440812 00000 n -0000440877 00000 n -0000440942 00000 n -0000441007 00000 n -0000441072 00000 n -0000441137 00000 n -0000441202 00000 n -0000441267 00000 n -0000441332 00000 n -0000441397 00000 n -0000441462 00000 n -0000441527 00000 n -0000441591 00000 n -0000441655 00000 n -0000441719 00000 n -0000441784 00000 n -0000441849 00000 n -0000441914 00000 n -0000441979 00000 n -0000442044 00000 n -0000442109 00000 n -0000442174 00000 n -0000442239 00000 n -0000442304 00000 n -0000442368 00000 n -0000448605 00000 n -0000445167 00000 n -0000442544 00000 n -0000445293 00000 n -0000445358 00000 n -0000445423 00000 n -0000445488 00000 n -0000445553 00000 n -0000445618 00000 n -0000445683 00000 n -0000445748 00000 n -0000445813 00000 n -0000445878 00000 n -0000445943 00000 n -0000446008 00000 n -0000446073 00000 n -0000446138 00000 n -0000446203 00000 n -0000446268 00000 n -0000446333 00000 n -0000446398 00000 n -0000446463 00000 n -0000446528 00000 n -0000446593 00000 n -0000446658 00000 n -0000446723 00000 n -0000446788 00000 n -0000446853 00000 n -0000446918 00000 n -0000446983 00000 n -0000447048 00000 n -0000447113 00000 n -0000447178 00000 n -0000447243 00000 n -0000447308 00000 n -0000447373 00000 n -0000447438 00000 n -0000447502 00000 n -0000447567 00000 n -0000447632 00000 n -0000447697 00000 n -0000447762 00000 n -0000447827 00000 n -0000447892 00000 n -0000447957 00000 n -0000448022 00000 n -0000448087 00000 n -0000448152 00000 n -0000448217 00000 n -0000448282 00000 n -0000448347 00000 n -0000448412 00000 n -0000448477 00000 n -0000448541 00000 n -0000453183 00000 n -0000450919 00000 n -0000448717 00000 n -0000451045 00000 n -0000451110 00000 n -0000451175 00000 n -0000451240 00000 n -0000451305 00000 n -0000451370 00000 n -0000451435 00000 n -0000451500 00000 n -0000451565 00000 n -0000451630 00000 n -0000451695 00000 n -0000451760 00000 n -0000451825 00000 n -0000451890 00000 n -0000451952 00000 n -0000452016 00000 n -0000452081 00000 n -0000452145 00000 n -0000452210 00000 n -0000452275 00000 n -0000452340 00000 n -0000452405 00000 n -0000452470 00000 n -0000452535 00000 n -0000452600 00000 n -0000452729 00000 n -0000452858 00000 n -0000452923 00000 n -0000452988 00000 n -0000453053 00000 n -0000453118 00000 n -0000455978 00000 n -0000455334 00000 n -0000453308 00000 n -0000455460 00000 n -0000455589 00000 n -0000455718 00000 n -0000455783 00000 n -0000455848 00000 n -0000455913 00000 n -0000460316 00000 n -0000459996 00000 n -0000456091 00000 n -0000460122 00000 n -0000460187 00000 n -0000460252 00000 n -0000463916 00000 n -0000463661 00000 n -0000460469 00000 n -0000463787 00000 n -0000463852 00000 n -0000790778 00000 n -0000467164 00000 n -0000466973 00000 n -0000464055 00000 n -0000467099 00000 n -0000470892 00000 n -0000470636 00000 n -0000467290 00000 n -0000470762 00000 n -0000470827 00000 n -0000473733 00000 n -0000473025 00000 n -0000471031 00000 n -0000473151 00000 n -0000473216 00000 n -0000473281 00000 n -0000473346 00000 n -0000473411 00000 n -0000473540 00000 n -0000473605 00000 n -0000473669 00000 n -0000478401 00000 n -0000478145 00000 n -0000473872 00000 n -0000478271 00000 n -0000478336 00000 n -0000481397 00000 n -0000480624 00000 n -0000478527 00000 n -0000480750 00000 n -0000480815 00000 n -0000480880 00000 n -0000480945 00000 n -0000481074 00000 n -0000481139 00000 n -0000481202 00000 n -0000481267 00000 n -0000481332 00000 n -0000484306 00000 n -0000483791 00000 n -0000481550 00000 n -0000483917 00000 n -0000483982 00000 n -0000484047 00000 n -0000484112 00000 n -0000484177 00000 n -0000484242 00000 n -0000790903 00000 n -0000487650 00000 n -0000487070 00000 n -0000484458 00000 n -0000487196 00000 n -0000487325 00000 n -0000487390 00000 n -0000487455 00000 n -0000487520 00000 n -0000487585 00000 n -0000491100 00000 n -0000490844 00000 n -0000487790 00000 n -0000490970 00000 n -0000491035 00000 n -0000494075 00000 n -0000493366 00000 n -0000491226 00000 n -0000493492 00000 n -0000493557 00000 n -0000493622 00000 n -0000493687 00000 n -0000493880 00000 n -0000493945 00000 n -0000494010 00000 n -0000497747 00000 n -0000497491 00000 n -0000494227 00000 n -0000497617 00000 n -0000497682 00000 n -0000501246 00000 n -0000500990 00000 n -0000497873 00000 n -0000501116 00000 n -0000501181 00000 n -0000504419 00000 n -0000504034 00000 n -0000501372 00000 n -0000504160 00000 n -0000504225 00000 n -0000504290 00000 n -0000504355 00000 n -0000791028 00000 n -0000506931 00000 n -0000506157 00000 n -0000504584 00000 n -0000506283 00000 n -0000506348 00000 n -0000506477 00000 n -0000506542 00000 n -0000506607 00000 n -0000506672 00000 n -0000506737 00000 n -0000506802 00000 n -0000506867 00000 n -0000510368 00000 n -0000509723 00000 n -0000507084 00000 n -0000509849 00000 n -0000510043 00000 n -0000510108 00000 n -0000510173 00000 n -0000510238 00000 n -0000510303 00000 n -0000513425 00000 n -0000512783 00000 n -0000510508 00000 n -0000512909 00000 n -0000512974 00000 n -0000513037 00000 n -0000513102 00000 n -0000513230 00000 n -0000513295 00000 n -0000513360 00000 n -0000516948 00000 n -0000516627 00000 n -0000513578 00000 n -0000516753 00000 n -0000516818 00000 n -0000516883 00000 n -0000520534 00000 n -0000520343 00000 n -0000517088 00000 n -0000520469 00000 n -0000524012 00000 n -0000523821 00000 n -0000520660 00000 n -0000523947 00000 n -0000791153 00000 n -0000526906 00000 n -0000526262 00000 n -0000524152 00000 n -0000526388 00000 n -0000526453 00000 n -0000526518 00000 n -0000526583 00000 n -0000526712 00000 n -0000526777 00000 n -0000526842 00000 n -0000529630 00000 n -0000528856 00000 n -0000527058 00000 n -0000528982 00000 n -0000529047 00000 n -0000529112 00000 n -0000529177 00000 n -0000529241 00000 n -0000529306 00000 n -0000529435 00000 n -0000529500 00000 n -0000529565 00000 n -0000532901 00000 n -0000532580 00000 n -0000529783 00000 n -0000532706 00000 n -0000532771 00000 n -0000532836 00000 n -0000536141 00000 n -0000535821 00000 n -0000533041 00000 n -0000535947 00000 n -0000536012 00000 n -0000536077 00000 n -0000539452 00000 n -0000538807 00000 n -0000536280 00000 n -0000538933 00000 n -0000538998 00000 n -0000539127 00000 n -0000539192 00000 n -0000539257 00000 n -0000539322 00000 n -0000539387 00000 n -0000542330 00000 n -0000542139 00000 n -0000539592 00000 n -0000542265 00000 n -0000791278 00000 n -0000545396 00000 n -0000545011 00000 n -0000542541 00000 n -0000545137 00000 n -0000545202 00000 n -0000545267 00000 n -0000545332 00000 n -0000549122 00000 n -0000548478 00000 n -0000545633 00000 n -0000548604 00000 n -0000548669 00000 n -0000548734 00000 n -0000548862 00000 n -0000548927 00000 n -0000548992 00000 n -0000549057 00000 n -0000553561 00000 n -0000553306 00000 n -0000549261 00000 n -0000553432 00000 n -0000553497 00000 n -0000557014 00000 n -0000556823 00000 n -0000553687 00000 n -0000556949 00000 n -0000559746 00000 n -0000559296 00000 n -0000557140 00000 n -0000559422 00000 n -0000559487 00000 n -0000559552 00000 n -0000559617 00000 n -0000559682 00000 n -0000563591 00000 n -0000563011 00000 n -0000559897 00000 n -0000563137 00000 n -0000563266 00000 n -0000563331 00000 n -0000563396 00000 n -0000563461 00000 n -0000563526 00000 n -0000791403 00000 n -0000566753 00000 n -0000566043 00000 n -0000563731 00000 n -0000566169 00000 n -0000566234 00000 n -0000566299 00000 n -0000566364 00000 n -0000566493 00000 n -0000566558 00000 n -0000566623 00000 n -0000566688 00000 n -0000569470 00000 n -0000569214 00000 n -0000566905 00000 n -0000569340 00000 n -0000569405 00000 n -0000572724 00000 n -0000571951 00000 n -0000569596 00000 n -0000572077 00000 n -0000572142 00000 n -0000572207 00000 n -0000572272 00000 n -0000572401 00000 n -0000572466 00000 n -0000572531 00000 n -0000572595 00000 n -0000572660 00000 n -0000576010 00000 n -0000575691 00000 n -0000572876 00000 n -0000575817 00000 n -0000575882 00000 n -0000575947 00000 n -0000579475 00000 n -0000578832 00000 n -0000576162 00000 n -0000578958 00000 n -0000579023 00000 n -0000579152 00000 n -0000579216 00000 n -0000579281 00000 n -0000579346 00000 n -0000579410 00000 n -0000581103 00000 n -0000580782 00000 n -0000579615 00000 n -0000580908 00000 n -0000580973 00000 n -0000581038 00000 n -0000791528 00000 n -0000581355 00000 n -0000592699 00000 n -0000600288 00000 n -0000602588 00000 n -0000602557 00000 n -0000606275 00000 n -0000615715 00000 n -0000626222 00000 n -0000637966 00000 n -0000650683 00000 n -0000669750 00000 n -0000690637 00000 n -0000712780 00000 n -0000730675 00000 n -0000733505 00000 n -0000733275 00000 n -0000760812 00000 n -0000787923 00000 n -0000791608 00000 n -0000791732 00000 n -0000791858 00000 n -0000791984 00000 n -0000792110 00000 n -0000792199 00000 n -0000792300 00000 n -0000809473 00000 n -0000829875 00000 n -0000829916 00000 n -0000829956 00000 n -0000830090 00000 n +0000196793 00000 n +0000789093 00000 n +0000200456 00000 n +0000200007 00000 n +0000196970 00000 n +0000200133 00000 n +0000200262 00000 n +0000200327 00000 n +0000200391 00000 n +0000203412 00000 n +0000203093 00000 n +0000200568 00000 n +0000203219 00000 n +0000203347 00000 n +0000206648 00000 n +0000205608 00000 n +0000203524 00000 n +0000206069 00000 n +0000206198 00000 n +0000205764 00000 n +0000205918 00000 n +0000206326 00000 n +0000206454 00000 n +0000206583 00000 n +0000208189 00000 n +0000207998 00000 n +0000206760 00000 n +0000208124 00000 n +0000209711 00000 n +0000209520 00000 n +0000208288 00000 n +0000209646 00000 n +0000212221 00000 n +0000211901 00000 n +0000209810 00000 n +0000212027 00000 n +0000789218 00000 n +0000216037 00000 n +0000215846 00000 n +0000212347 00000 n +0000215972 00000 n +0000220376 00000 n +0000219828 00000 n +0000216175 00000 n +0000220311 00000 n +0000219984 00000 n +0000220141 00000 n +0000398313 00000 n +0000224420 00000 n +0000224055 00000 n +0000220501 00000 n +0000224355 00000 n +0000602159 00000 n +0000600161 00000 n +0000601994 00000 n +0000224202 00000 n +0000228603 00000 n +0000228153 00000 n +0000224559 00000 n +0000228279 00000 n +0000228473 00000 n +0000228538 00000 n +0000232815 00000 n +0000232449 00000 n +0000228715 00000 n +0000232750 00000 n +0000232596 00000 n +0000238081 00000 n +0000236948 00000 n +0000232940 00000 n +0000238016 00000 n +0000237131 00000 n +0000237288 00000 n +0000237473 00000 n +0000237647 00000 n +0000237832 00000 n +0000789343 00000 n +0000315383 00000 n +0000241969 00000 n +0000241778 00000 n +0000238275 00000 n +0000241904 00000 n +0000245874 00000 n +0000245683 00000 n +0000242081 00000 n +0000245809 00000 n +0000250225 00000 n +0000249284 00000 n +0000245999 00000 n +0000249775 00000 n +0000249904 00000 n +0000249440 00000 n +0000250033 00000 n +0000250161 00000 n +0000249610 00000 n +0000330169 00000 n +0000253476 00000 n +0000253096 00000 n +0000250337 00000 n +0000253411 00000 n +0000253243 00000 n +0000415650 00000 n +0000257417 00000 n +0000256906 00000 n +0000253632 00000 n +0000257224 00000 n +0000257053 00000 n +0000257352 00000 n +0000261171 00000 n +0000260851 00000 n +0000257542 00000 n +0000260977 00000 n +0000261106 00000 n +0000789468 00000 n +0000264148 00000 n +0000263828 00000 n +0000261283 00000 n +0000263954 00000 n +0000268201 00000 n +0000268010 00000 n +0000264304 00000 n +0000268136 00000 n +0000271738 00000 n +0000271237 00000 n +0000268356 00000 n +0000271544 00000 n +0000271673 00000 n +0000271384 00000 n +0000276249 00000 n +0000275442 00000 n +0000271907 00000 n +0000275928 00000 n +0000276057 00000 n +0000275598 00000 n +0000276185 00000 n +0000275773 00000 n +0000280180 00000 n +0000279732 00000 n +0000276361 00000 n +0000279858 00000 n +0000279987 00000 n +0000280115 00000 n +0000284265 00000 n +0000283597 00000 n +0000280335 00000 n +0000284071 00000 n +0000284200 00000 n +0000283753 00000 n +0000283915 00000 n +0000789593 00000 n +0000287384 00000 n +0000286745 00000 n +0000284434 00000 n +0000287062 00000 n +0000286892 00000 n +0000287255 00000 n +0000287319 00000 n +0000291075 00000 n +0000290573 00000 n +0000287510 00000 n +0000290882 00000 n +0000291011 00000 n +0000290720 00000 n +0000295558 00000 n +0000295183 00000 n +0000291257 00000 n +0000295493 00000 n +0000295330 00000 n +0000394744 00000 n +0000299842 00000 n +0000299203 00000 n +0000295684 00000 n +0000299519 00000 n +0000299648 00000 n +0000299350 00000 n +0000299777 00000 n +0000328159 00000 n +0000303042 00000 n +0000302723 00000 n +0000299967 00000 n +0000302849 00000 n +0000307485 00000 n +0000307165 00000 n +0000303210 00000 n +0000307291 00000 n +0000307420 00000 n +0000789718 00000 n +0000310819 00000 n +0000310327 00000 n +0000307597 00000 n +0000310625 00000 n +0000310474 00000 n +0000310754 00000 n +0000315448 00000 n +0000314956 00000 n +0000310945 00000 n +0000315254 00000 n +0000315103 00000 n +0000319799 00000 n +0000318751 00000 n +0000315560 00000 n +0000319219 00000 n +0000318907 00000 n +0000319348 00000 n +0000319477 00000 n +0000319606 00000 n +0000319735 00000 n +0000319067 00000 n +0000323953 00000 n +0000323504 00000 n +0000319911 00000 n +0000323630 00000 n +0000323759 00000 n +0000323888 00000 n +0000328352 00000 n +0000327904 00000 n +0000324078 00000 n +0000328030 00000 n +0000328287 00000 n +0000330234 00000 n +0000329914 00000 n +0000328490 00000 n +0000330040 00000 n +0000789843 00000 n +0000331762 00000 n +0000331571 00000 n +0000330346 00000 n +0000331697 00000 n +0000333222 00000 n +0000333031 00000 n +0000331861 00000 n +0000333157 00000 n +0000335887 00000 n +0000335308 00000 n +0000333321 00000 n +0000335434 00000 n +0000335563 00000 n +0000335692 00000 n +0000335757 00000 n +0000335822 00000 n +0000340083 00000 n +0000339574 00000 n +0000335999 00000 n +0000339889 00000 n +0000339721 00000 n +0000340018 00000 n +0000581107 00000 n +0000345986 00000 n +0000343078 00000 n +0000340195 00000 n +0000345792 00000 n +0000345921 00000 n +0000343351 00000 n +0000343513 00000 n +0000343675 00000 n +0000343837 00000 n +0000343999 00000 n +0000344161 00000 n +0000344332 00000 n +0000344494 00000 n +0000344657 00000 n +0000344819 00000 n +0000344982 00000 n +0000345145 00000 n +0000345308 00000 n +0000345471 00000 n +0000345634 00000 n +0000351091 00000 n +0000349173 00000 n +0000346098 00000 n +0000351026 00000 n +0000349401 00000 n +0000349564 00000 n +0000349731 00000 n +0000349901 00000 n +0000350062 00000 n +0000350224 00000 n +0000350386 00000 n +0000350548 00000 n +0000350711 00000 n +0000350865 00000 n +0000789968 00000 n +0000357481 00000 n +0000354419 00000 n +0000351216 00000 n +0000357416 00000 n +0000354710 00000 n +0000354863 00000 n +0000355017 00000 n +0000355168 00000 n +0000355322 00000 n +0000355484 00000 n +0000355646 00000 n +0000355808 00000 n +0000355969 00000 n +0000356130 00000 n +0000356291 00000 n +0000356452 00000 n +0000356606 00000 n +0000356769 00000 n +0000356924 00000 n +0000357089 00000 n +0000357255 00000 n +0000493630 00000 n +0000509796 00000 n +0000361985 00000 n +0000361190 00000 n +0000357593 00000 n +0000361663 00000 n +0000361346 00000 n +0000361500 00000 n +0000361857 00000 n +0000361921 00000 n +0000365206 00000 n +0000365015 00000 n +0000362124 00000 n +0000365141 00000 n +0000369690 00000 n +0000368491 00000 n +0000365375 00000 n +0000368979 00000 n +0000369108 00000 n +0000369365 00000 n +0000368647 00000 n +0000368817 00000 n +0000369430 00000 n +0000369495 00000 n +0000369560 00000 n +0000369625 00000 n +0000372889 00000 n +0000372698 00000 n +0000369802 00000 n +0000372824 00000 n +0000376973 00000 n +0000376394 00000 n +0000372975 00000 n +0000376520 00000 n +0000376585 00000 n +0000376650 00000 n +0000376779 00000 n +0000376843 00000 n +0000376908 00000 n +0000790093 00000 n +0000380997 00000 n +0000380159 00000 n +0000377098 00000 n +0000380285 00000 n +0000380350 00000 n +0000380415 00000 n +0000380544 00000 n +0000380609 00000 n +0000380674 00000 n +0000380802 00000 n +0000380867 00000 n +0000380932 00000 n +0000384833 00000 n +0000383998 00000 n +0000381122 00000 n +0000384124 00000 n +0000384253 00000 n +0000384317 00000 n +0000384382 00000 n +0000384510 00000 n +0000384639 00000 n +0000384768 00000 n +0000387710 00000 n +0000387132 00000 n +0000385043 00000 n +0000387258 00000 n +0000387387 00000 n +0000387516 00000 n +0000387645 00000 n +0000391108 00000 n +0000390787 00000 n +0000387893 00000 n +0000390913 00000 n +0000390978 00000 n +0000391043 00000 n +0000395068 00000 n +0000394489 00000 n +0000391233 00000 n +0000394615 00000 n +0000394873 00000 n +0000394938 00000 n +0000395003 00000 n +0000398766 00000 n +0000397877 00000 n +0000395193 00000 n +0000398184 00000 n +0000398024 00000 n +0000398442 00000 n +0000398571 00000 n +0000398636 00000 n +0000398701 00000 n +0000790218 00000 n +0000402518 00000 n +0000401886 00000 n +0000398878 00000 n +0000402198 00000 n +0000402033 00000 n +0000402327 00000 n +0000402390 00000 n +0000402453 00000 n +0000581074 00000 n +0000406241 00000 n +0000405792 00000 n +0000402630 00000 n +0000405918 00000 n +0000406046 00000 n +0000406111 00000 n +0000406176 00000 n +0000409387 00000 n +0000408809 00000 n +0000406353 00000 n +0000408935 00000 n +0000409064 00000 n +0000409129 00000 n +0000409193 00000 n +0000599880 00000 n +0000592596 00000 n +0000599700 00000 n +0000409322 00000 n +0000411295 00000 n +0000410846 00000 n +0000409527 00000 n +0000410972 00000 n +0000411101 00000 n +0000411230 00000 n +0000415715 00000 n +0000414772 00000 n +0000411407 00000 n +0000415135 00000 n +0000592275 00000 n +0000583062 00000 n +0000592089 00000 n +0000414919 00000 n +0000415264 00000 n +0000415392 00000 n +0000415521 00000 n +0000417071 00000 n +0000416880 00000 n +0000415952 00000 n +0000417006 00000 n +0000790343 00000 n +0000417511 00000 n +0000417320 00000 n +0000417170 00000 n +0000417446 00000 n +0000420824 00000 n +0000419598 00000 n +0000417553 00000 n +0000420115 00000 n +0000420244 00000 n +0000420373 00000 n +0000420502 00000 n +0000420631 00000 n +0000420760 00000 n +0000419754 00000 n +0000419926 00000 n +0000421278 00000 n +0000421087 00000 n +0000420937 00000 n +0000421213 00000 n +0000424523 00000 n +0000423945 00000 n +0000421320 00000 n +0000424071 00000 n +0000424200 00000 n +0000424329 00000 n +0000424458 00000 n +0000428719 00000 n +0000427500 00000 n +0000424609 00000 n +0000428010 00000 n +0000428139 00000 n +0000428397 00000 n +0000427656 00000 n +0000427835 00000 n +0000428591 00000 n +0000428655 00000 n +0000435606 00000 n +0000431778 00000 n +0000428872 00000 n +0000431904 00000 n +0000431969 00000 n +0000432034 00000 n +0000432099 00000 n +0000432164 00000 n +0000432229 00000 n +0000432294 00000 n +0000432359 00000 n +0000432424 00000 n +0000432489 00000 n +0000432619 00000 n +0000432684 00000 n +0000432749 00000 n +0000432814 00000 n +0000432879 00000 n +0000432944 00000 n +0000433009 00000 n +0000433074 00000 n +0000433139 00000 n +0000433204 00000 n +0000433269 00000 n +0000433334 00000 n +0000433399 00000 n +0000433464 00000 n +0000433529 00000 n +0000433594 00000 n +0000433659 00000 n +0000433724 00000 n +0000433789 00000 n +0000433854 00000 n +0000433919 00000 n +0000433984 00000 n +0000434049 00000 n +0000434114 00000 n +0000434178 00000 n +0000434243 00000 n +0000434308 00000 n +0000434373 00000 n +0000434438 00000 n +0000434503 00000 n +0000434568 00000 n +0000434633 00000 n +0000434698 00000 n +0000434763 00000 n +0000434828 00000 n +0000434893 00000 n +0000434958 00000 n +0000435023 00000 n +0000435088 00000 n +0000435153 00000 n +0000435218 00000 n +0000435283 00000 n +0000435348 00000 n +0000435413 00000 n +0000435478 00000 n +0000435542 00000 n +0000790468 00000 n +0000442252 00000 n +0000438688 00000 n +0000435718 00000 n +0000438814 00000 n +0000438879 00000 n +0000438944 00000 n +0000439009 00000 n +0000439074 00000 n +0000439139 00000 n +0000439204 00000 n +0000439269 00000 n +0000439334 00000 n +0000439399 00000 n +0000439464 00000 n +0000439529 00000 n +0000439593 00000 n +0000439658 00000 n +0000439723 00000 n +0000439788 00000 n +0000439853 00000 n +0000439918 00000 n +0000439983 00000 n +0000440048 00000 n +0000440113 00000 n +0000440178 00000 n +0000440243 00000 n +0000440308 00000 n +0000440372 00000 n +0000440437 00000 n +0000440502 00000 n +0000440567 00000 n +0000440632 00000 n +0000440697 00000 n +0000440762 00000 n +0000440827 00000 n +0000440892 00000 n +0000440957 00000 n +0000441022 00000 n +0000441087 00000 n +0000441152 00000 n +0000441217 00000 n +0000441282 00000 n +0000441347 00000 n +0000441411 00000 n +0000441475 00000 n +0000441539 00000 n +0000441604 00000 n +0000441669 00000 n +0000441734 00000 n +0000441799 00000 n +0000441864 00000 n +0000441929 00000 n +0000441994 00000 n +0000442059 00000 n +0000442124 00000 n +0000442188 00000 n +0000448425 00000 n +0000444987 00000 n +0000442364 00000 n +0000445113 00000 n +0000445178 00000 n +0000445243 00000 n +0000445308 00000 n +0000445373 00000 n +0000445438 00000 n +0000445503 00000 n +0000445568 00000 n +0000445633 00000 n +0000445698 00000 n +0000445763 00000 n +0000445828 00000 n +0000445893 00000 n +0000445958 00000 n +0000446023 00000 n +0000446088 00000 n +0000446153 00000 n +0000446218 00000 n +0000446283 00000 n +0000446348 00000 n +0000446413 00000 n +0000446478 00000 n +0000446543 00000 n +0000446608 00000 n +0000446673 00000 n +0000446738 00000 n +0000446803 00000 n +0000446868 00000 n +0000446933 00000 n +0000446998 00000 n +0000447063 00000 n +0000447128 00000 n +0000447193 00000 n +0000447258 00000 n +0000447322 00000 n +0000447387 00000 n +0000447452 00000 n +0000447517 00000 n +0000447582 00000 n +0000447647 00000 n +0000447712 00000 n +0000447777 00000 n +0000447842 00000 n +0000447907 00000 n +0000447972 00000 n +0000448037 00000 n +0000448102 00000 n +0000448167 00000 n +0000448232 00000 n +0000448297 00000 n +0000448361 00000 n +0000453003 00000 n +0000450739 00000 n +0000448537 00000 n +0000450865 00000 n +0000450930 00000 n +0000450995 00000 n +0000451060 00000 n +0000451125 00000 n +0000451190 00000 n +0000451255 00000 n +0000451320 00000 n +0000451385 00000 n +0000451450 00000 n +0000451515 00000 n +0000451580 00000 n +0000451645 00000 n +0000451710 00000 n +0000451772 00000 n +0000451836 00000 n +0000451901 00000 n +0000451965 00000 n +0000452030 00000 n +0000452095 00000 n +0000452160 00000 n +0000452225 00000 n +0000452290 00000 n +0000452355 00000 n +0000452420 00000 n +0000452549 00000 n +0000452678 00000 n +0000452743 00000 n +0000452808 00000 n +0000452873 00000 n +0000452938 00000 n +0000455798 00000 n +0000455154 00000 n +0000453128 00000 n +0000455280 00000 n +0000455409 00000 n +0000455538 00000 n +0000455603 00000 n +0000455668 00000 n +0000455733 00000 n +0000460136 00000 n +0000459816 00000 n +0000455911 00000 n +0000459942 00000 n +0000460007 00000 n +0000460072 00000 n +0000463736 00000 n +0000463481 00000 n +0000460289 00000 n +0000463607 00000 n +0000463672 00000 n +0000790593 00000 n +0000466984 00000 n +0000466793 00000 n +0000463875 00000 n +0000466919 00000 n +0000470712 00000 n +0000470456 00000 n +0000467110 00000 n +0000470582 00000 n +0000470647 00000 n +0000473553 00000 n +0000472845 00000 n +0000470851 00000 n +0000472971 00000 n +0000473036 00000 n +0000473101 00000 n +0000473166 00000 n +0000473231 00000 n +0000473360 00000 n +0000473425 00000 n +0000473489 00000 n +0000478221 00000 n +0000477965 00000 n +0000473692 00000 n +0000478091 00000 n +0000478156 00000 n +0000481217 00000 n +0000480444 00000 n +0000478347 00000 n +0000480570 00000 n +0000480635 00000 n +0000480700 00000 n +0000480765 00000 n +0000480894 00000 n +0000480959 00000 n +0000481022 00000 n +0000481087 00000 n +0000481152 00000 n +0000484126 00000 n +0000483611 00000 n +0000481370 00000 n +0000483737 00000 n +0000483802 00000 n +0000483867 00000 n +0000483932 00000 n +0000483997 00000 n +0000484062 00000 n +0000790718 00000 n +0000487465 00000 n +0000486885 00000 n +0000484278 00000 n +0000487011 00000 n +0000487140 00000 n +0000487205 00000 n +0000487270 00000 n +0000487335 00000 n +0000487400 00000 n +0000490915 00000 n +0000490659 00000 n +0000487605 00000 n +0000490785 00000 n +0000490850 00000 n +0000493890 00000 n +0000493181 00000 n +0000491041 00000 n +0000493307 00000 n +0000493372 00000 n +0000493437 00000 n +0000493502 00000 n +0000493695 00000 n +0000493760 00000 n +0000493825 00000 n +0000497563 00000 n +0000497307 00000 n +0000494042 00000 n +0000497433 00000 n +0000497498 00000 n +0000501062 00000 n +0000500806 00000 n +0000497689 00000 n +0000500932 00000 n +0000500997 00000 n +0000504235 00000 n +0000503850 00000 n +0000501188 00000 n +0000503976 00000 n +0000504041 00000 n +0000504106 00000 n +0000504171 00000 n +0000790843 00000 n +0000506747 00000 n +0000505973 00000 n +0000504400 00000 n +0000506099 00000 n +0000506164 00000 n +0000506293 00000 n +0000506358 00000 n +0000506423 00000 n +0000506488 00000 n +0000506553 00000 n +0000506618 00000 n +0000506683 00000 n +0000510186 00000 n +0000509541 00000 n +0000506900 00000 n +0000509667 00000 n +0000509861 00000 n +0000509926 00000 n +0000509991 00000 n +0000510056 00000 n +0000510121 00000 n +0000513243 00000 n +0000512601 00000 n +0000510326 00000 n +0000512727 00000 n +0000512792 00000 n +0000512855 00000 n +0000512920 00000 n +0000513048 00000 n +0000513113 00000 n +0000513178 00000 n +0000516766 00000 n +0000516445 00000 n +0000513396 00000 n +0000516571 00000 n +0000516636 00000 n +0000516701 00000 n +0000520352 00000 n +0000520161 00000 n +0000516906 00000 n +0000520287 00000 n +0000523830 00000 n +0000523639 00000 n +0000520478 00000 n +0000523765 00000 n +0000790968 00000 n +0000526724 00000 n +0000526080 00000 n +0000523970 00000 n +0000526206 00000 n +0000526271 00000 n +0000526336 00000 n +0000526401 00000 n +0000526530 00000 n +0000526595 00000 n +0000526660 00000 n +0000529448 00000 n +0000528674 00000 n +0000526876 00000 n +0000528800 00000 n +0000528865 00000 n +0000528930 00000 n +0000528995 00000 n +0000529059 00000 n +0000529124 00000 n +0000529253 00000 n +0000529318 00000 n +0000529383 00000 n +0000532719 00000 n +0000532398 00000 n +0000529601 00000 n +0000532524 00000 n +0000532589 00000 n +0000532654 00000 n +0000535959 00000 n +0000535639 00000 n +0000532859 00000 n +0000535765 00000 n +0000535830 00000 n +0000535895 00000 n +0000539270 00000 n +0000538625 00000 n +0000536098 00000 n +0000538751 00000 n +0000538816 00000 n +0000538945 00000 n +0000539010 00000 n +0000539075 00000 n +0000539140 00000 n +0000539205 00000 n +0000542148 00000 n +0000541957 00000 n +0000539410 00000 n +0000542083 00000 n +0000791093 00000 n +0000545214 00000 n +0000544829 00000 n +0000542359 00000 n +0000544955 00000 n +0000545020 00000 n +0000545085 00000 n +0000545150 00000 n +0000548940 00000 n +0000548296 00000 n +0000545451 00000 n +0000548422 00000 n +0000548487 00000 n +0000548552 00000 n +0000548680 00000 n +0000548745 00000 n +0000548810 00000 n +0000548875 00000 n +0000553379 00000 n +0000553124 00000 n +0000549079 00000 n +0000553250 00000 n +0000553315 00000 n +0000556832 00000 n +0000556641 00000 n +0000553505 00000 n +0000556767 00000 n +0000559564 00000 n +0000559114 00000 n +0000556958 00000 n +0000559240 00000 n +0000559305 00000 n +0000559370 00000 n +0000559435 00000 n +0000559500 00000 n +0000563409 00000 n +0000562829 00000 n +0000559715 00000 n +0000562955 00000 n +0000563084 00000 n +0000563149 00000 n +0000563214 00000 n +0000563279 00000 n +0000563344 00000 n +0000791218 00000 n +0000566571 00000 n +0000565861 00000 n +0000563549 00000 n +0000565987 00000 n +0000566052 00000 n +0000566117 00000 n +0000566182 00000 n +0000566311 00000 n +0000566376 00000 n +0000566441 00000 n +0000566506 00000 n +0000569288 00000 n +0000569032 00000 n +0000566723 00000 n +0000569158 00000 n +0000569223 00000 n +0000572542 00000 n +0000571769 00000 n +0000569414 00000 n +0000571895 00000 n +0000571960 00000 n +0000572025 00000 n +0000572090 00000 n +0000572219 00000 n +0000572284 00000 n +0000572349 00000 n +0000572413 00000 n +0000572478 00000 n +0000575828 00000 n +0000575509 00000 n +0000572694 00000 n +0000575635 00000 n +0000575700 00000 n +0000575765 00000 n +0000579293 00000 n +0000578650 00000 n +0000575980 00000 n +0000578776 00000 n +0000578841 00000 n +0000578970 00000 n +0000579034 00000 n +0000579099 00000 n +0000579164 00000 n +0000579228 00000 n +0000580921 00000 n +0000580600 00000 n +0000579433 00000 n +0000580726 00000 n +0000580791 00000 n +0000580856 00000 n +0000791343 00000 n +0000581173 00000 n +0000592517 00000 n +0000600106 00000 n +0000602406 00000 n +0000602375 00000 n +0000606093 00000 n +0000615533 00000 n +0000626040 00000 n +0000637781 00000 n +0000650498 00000 n +0000669565 00000 n +0000690452 00000 n +0000712595 00000 n +0000730490 00000 n +0000733320 00000 n +0000733090 00000 n +0000760627 00000 n +0000787738 00000 n +0000791423 00000 n +0000791547 00000 n +0000791673 00000 n +0000791799 00000 n +0000791925 00000 n +0000792014 00000 n +0000792115 00000 n +0000809288 00000 n +0000829690 00000 n +0000829731 00000 n +0000829771 00000 n +0000829905 00000 n trailer << /Size 2296 /Root 2294 0 R /Info 2295 0 R -/ID [ ] +/ID [ ] >> startxref -830348 +830163 %%EOF diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html index 5836a1cfe5..177f31a54c 100644 --- a/doc/arm/man.dnssec-keyfromlabel.html +++ b/doc/arm/man.dnssec-keyfromlabel.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -98,7 +98,7 @@

-E engine

Specifies the name of the crypto hardware (OpenSSL engine). - When compiled with PKCS#11 support it defaults to "pcks11". + When compiled with PKCS#11 support it defaults to "pkcs11".

-l label

diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html index 926ac96f5e..48e1cb51ba 100644 --- a/doc/arm/man.dnssec-keygen.html +++ b/doc/arm/man.dnssec-keygen.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -151,7 +151,7 @@

Uses a crypto hardware (OpenSSL engine) for random number and, when supported, key generation. When compiled with PKCS#11 - support it defaults to pcks11, the empty name resets it to + support it defaults to pkcs11; the empty name resets it to no engine.

-e
diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html index eb6a800b1f..983af7bc8c 100644 --- a/doc/arm/man.dnssec-revoke.html +++ b/doc/arm/man.dnssec-revoke.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -80,7 +80,7 @@
-E engine

Use the given OpenSSL engine. When compiled with PKCS#11 support - it defaults to pcks11, the empty name resets it to no engine. + it defaults to pkcs11; the empty name resets it to no engine.

-f

diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html index 6d4c3a451a..0236dc0bdd 100644 --- a/doc/arm/man.dnssec-settime.html +++ b/doc/arm/man.dnssec-settime.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -101,7 +101,7 @@

-E engine

Use the given OpenSSL engine. When compiled with PKCS#11 support - it defaults to pcks11, the empty name resets it to no engine. + it defaults to pkcs11; the empty name resets it to no engine.

diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html index ed082794a1..5ce500d3c7 100644 --- a/doc/arm/man.dnssec-signzone.html +++ b/doc/arm/man.dnssec-signzone.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -90,7 +90,7 @@ Uses a crypto hardware (OpenSSL engine) for the crypto operations it supports, for instance signing with private keys from a secure key store. When compiled with PKCS#11 support - it defaults to pcks11, the empty name resets it to no engine. + it defaults to pkcs11; the empty name resets it to no engine.

-g

From 4ffd660d41080dc4c5641c9ce4f80b04af611849 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?= Date: Tue, 3 Nov 2009 23:17:31 +0000 Subject: [PATCH 14/87] 2745. [bug] configure script didn't probe the return type of gai_strerror(3) correctly. [RT #20573] --- CHANGES | 3 +++ configure.in | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 9b218c20dd..c47ffe276f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2745. [bug] configure script didn't probe the return type of + gai_strerror(3) correctly. [RT #20573] + 2744. [func] Log if a query was over TCP. [RT #19961] 2743. [bug] RRSIG could be incorrectly set in the NSEC3 record diff --git a/configure.in b/configure.in index e815f03bb0..c8b476c9e9 100644 --- a/configure.in +++ b/configure.in @@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl esyscmd([sed "s/^/# /" COPYRIGHT])dnl AC_DIVERT_POP()dnl -AC_REVISION($Revision: 1.487 $) +AC_REVISION($Revision: 1.488 $) AC_INIT(lib/dns/name.c) AC_PREREQ(2.59) @@ -1973,9 +1973,9 @@ char *gai_strerror(int ecode);], [ return (0); ], [AC_MSG_RESULT(returning char *) AC_DEFINE([IRS_GAISTRERROR_RETURN_T], [char *], - [return type of gai_srerror])], -[AC_MSG_RESULT(not match any subspecies; assume standard definition)]) -AC_DEFINE([IRS_GAISTRERROR_RETURN_T], [const char *]) + [return type of gai_strerror])], +[AC_MSG_RESULT(not match any subspecies; assume standard definition) +AC_DEFINE([IRS_GAISTRERROR_RETURN_T], [const char *])]) AC_CHECK_FUNC(getipnodebyname, [ISC_LWRES_GETIPNODEPROTO="#undef ISC_LWRES_GETIPNODEPROTO"], From 7184a893c1df7d6ea3a5551062ee2273099b761a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?= Date: Tue, 3 Nov 2009 23:18:11 +0000 Subject: [PATCH 15/87] regen --- configure | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/configure b/configure index ca4278bf59..dc84b5b0f4 100755 --- a/configure +++ b/configure @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. # -# $Id: configure,v 1.471 2009/10/27 22:26:05 marka Exp $ +# $Id: configure,v 1.472 2009/11/03 23:18:11 jinmei Exp $ # # Portions Copyright (C) 1996-2001 Nominum, Inc. # @@ -29,7 +29,7 @@ # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# From configure.in Revision: 1.487 . +# From configure.in Revision: 1.488 . # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.61. # @@ -27849,13 +27849,13 @@ sed 's/^/| /' conftest.$ac_ext >&5 { echo "$as_me:$LINENO: result: not match any subspecies; assume standard definition" >&5 echo "${ECHO_T}not match any subspecies; assume standard definition" >&6; } -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext cat >>confdefs.h <<\_ACEOF #define IRS_GAISTRERROR_RETURN_T const char * _ACEOF +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { echo "$as_me:$LINENO: checking for getipnodebyname" >&5 echo $ECHO_N "checking for getipnodebyname... $ECHO_C" >&6; } From 126dce8ebf94ba4084befd82dd75e19b0c1d3f69 Mon Sep 17 00:00:00 2001 From: Automatic Updater Date: Tue, 3 Nov 2009 23:48:23 +0000 Subject: [PATCH 16/87] update copyright notice --- lib/dns/nsec3.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c index 4c44194bc4..2598a60118 100644 --- a/lib/dns/nsec3.c +++ b/lib/dns/nsec3.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsec3.c,v 1.11 2009/11/03 01:07:48 marka Exp $ */ +/* $Id: nsec3.c,v 1.12 2009/11/03 23:48:23 tbox Exp $ */ #include @@ -155,7 +155,7 @@ dns_nsec3_buildrdata(dns_db_t *db, dns_dbversion_t *version, if (rdataset.type > max_type) max_type = rdataset.type; set_bit(bm, rdataset.type, 1); - /* + /* * Work out if we need to set the RRSIG bit for * this node. We set the RRSIG bit if either of * the following conditions are met: @@ -169,7 +169,7 @@ dns_nsec3_buildrdata(dns_db_t *db, dns_dbversion_t *version, need_rrsig = ISC_TRUE; else if (rdataset.type == dns_rdatatype_ns) found_ns = ISC_TRUE; - else + else found = ISC_TRUE; } dns_rdataset_disassociate(&rdataset); From a3285e811de7204f1d4d296c7f16082fc58e1b7a Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 4 Nov 2009 01:18:19 +0000 Subject: [PATCH 17/87] 2746. [port] hpux: address signed/unsigned expansion mismatch of dns_rbtnode_t.nsec. [RT #20542] --- CHANGES | 3 +++ lib/dns/include/dns/rbt.h | 15 ++++++++------- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index c47ffe276f..a385948f61 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2746. [port] hpux: address signed/unsigned expansion mismatch of + dns_rbtnode_t.nsec. [RT #20542] + 2745. [bug] configure script didn't probe the return type of gai_strerror(3) correctly. [RT #20573] diff --git a/lib/dns/include/dns/rbt.h b/lib/dns/include/dns/rbt.h index a0f5acaa54..3e9dc88657 100644 --- a/lib/dns/include/dns/rbt.h +++ b/lib/dns/include/dns/rbt.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbt.h,v 1.76 2009/10/27 04:46:58 marka Exp $ */ +/* $Id: rbt.h,v 1.77 2009/11/04 01:18:19 marka Exp $ */ #ifndef DNS_RBT_H #define DNS_RBT_H 1 @@ -70,6 +70,12 @@ ISC_LANG_BEGINDECLS * multiple dns_rbtnode structures will not work. */ typedef struct dns_rbtnode dns_rbtnode_t; +enum { + DNS_RBT_NSEC_NORMAL=0, /* in main tree */ + DNS_RBT_NSEC_HAS_NSEC=1, /* also has node in nsec tree */ + DNS_RBT_NSEC_NSEC=2, /* in nsec tree */ + DNS_RBT_NSEC_NSEC3=3 /* in nsec3 tree */ +}; struct dns_rbtnode { #if DNS_RBT_USEMAGIC unsigned int magic; @@ -103,12 +109,7 @@ struct dns_rbtnode { unsigned int color : 1; /*%< range is 0..1 */ unsigned int find_callback : 1; /*%< range is 0..1 */ unsigned int attributes : 3; /*%< range is 0..2 */ - enum { - DNS_RBT_NSEC_NORMAL=0, /* in main tree */ - DNS_RBT_NSEC_HAS_NSEC=1, /* also has node in nsec tree */ - DNS_RBT_NSEC_NSEC=2, /* in nsec tree */ - DNS_RBT_NSEC_NSEC3=3 /* in nsec3 tree */ - } nsec : 2; /*%< range is 0..3 */ + unsigned int nsec : 2; /*%< range is 0..3 */ unsigned int namelen : 8; /*%< range is 1..255 */ unsigned int offsetlen : 8; /*%< range is 1..128 */ unsigned int oldnamelen : 8; /*%< range is 1..255 */ From 0181a0a92f0d3a9ec7f04754253bb6bd47307e6f Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 4 Nov 2009 01:25:55 +0000 Subject: [PATCH 18/87] 2747. [bug] Journal roll forwards failed to set the re-signing time of RRSIGs correctly. [RT #20541] --- CHANGES | 3 +++ lib/dns/include/dns/journal.h | 11 +++++++++-- lib/dns/journal.c | 17 ++++++++++++++--- lib/dns/zone.c | 9 ++++----- 4 files changed, 30 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index a385948f61..64fdd64740 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2747. [bug] Journal roll forwards failed to set the re-signing + time of RRSIGs correctly. [RT #20541] + 2746. [port] hpux: address signed/unsigned expansion mismatch of dns_rbtnode_t.nsec. [RT #20542] diff --git a/lib/dns/include/dns/journal.h b/lib/dns/include/dns/journal.h index 04ab4c6920..ba125c9a1c 100644 --- a/lib/dns/include/dns/journal.h +++ b/lib/dns/include/dns/journal.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: journal.h,v 1.35 2009/01/17 23:47:43 tbox Exp $ */ +/* $Id: journal.h,v 1.36 2009/11/04 01:25:55 marka Exp $ */ #ifndef DNS_JOURNAL_H #define DNS_JOURNAL_H 1 @@ -232,12 +232,19 @@ dns_journal_current_rr(dns_journal_t *j, dns_name_t **name, isc_uint32_t *ttl, isc_result_t dns_journal_rollforward(isc_mem_t *mctx, dns_db_t *db, unsigned int options, const char *filename); + +isc_result_t +dns_journal_rollforward2(isc_mem_t *mctx, dns_db_t *db, unsigned int options, + isc_uint32_t resign, const char *filename); /*%< * Roll forward (play back) the journal file "filename" into the * database "db". This should be called when the server starts - * after a shutdown or crash. + * after a shutdown or crash. 'resign' is how many seconds before + * a RRSIG is due to expire it should be scheduled to be regenerated. * * Requires: + *\li dns_journal_rollforward() requires that DNS_JOURNALOPT_RESIGN + * is not set. *\li 'mctx' is a valid memory context. *\li 'db' is a valid database which does not have a version * open for writing. diff --git a/lib/dns/journal.c b/lib/dns/journal.c index bc1ba0cdda..6062d5d683 100644 --- a/lib/dns/journal.c +++ b/lib/dns/journal.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: journal.c,v 1.106 2009/08/25 07:41:28 marka Exp $ */ +/* $Id: journal.c,v 1.107 2009/11/04 01:25:55 marka Exp $ */ #include @@ -1216,7 +1216,9 @@ dns_journal_destroy(dns_journal_t **journalp) { /* XXX Share code with incoming IXFR? */ static isc_result_t -roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options) { +roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options, + isc_uint32_t resign) +{ isc_buffer_t source; /* Transaction data from disk */ isc_buffer_t target; /* Ditto after _fromwire check */ isc_uint32_t db_serial; /* Database SOA serial */ @@ -1233,6 +1235,7 @@ roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options) { REQUIRE(DNS_DB_VALID(db)); dns_diff_init(j->mctx, &diff); + diff.resign = resign; /* * Set up empty initial buffers for unchecked and checked @@ -1350,6 +1353,14 @@ roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options) { isc_result_t dns_journal_rollforward(isc_mem_t *mctx, dns_db_t *db, unsigned int options, const char *filename) +{ + REQUIRE((options & DNS_JOURNALOPT_RESIGN) == 0); + return (dns_journal_rollforward2(mctx, db, options, 0, filename)); +} + +isc_result_t +dns_journal_rollforward2(isc_mem_t *mctx, dns_db_t *db, unsigned int options, + isc_uint32_t resign, const char *filename) { dns_journal_t *j; isc_result_t result; @@ -1369,7 +1380,7 @@ dns_journal_rollforward(isc_mem_t *mctx, dns_db_t *db, if (JOURNAL_EMPTY(&j->header)) result = DNS_R_UPTODATE; else - result = roll_forward(j, db, options); + result = roll_forward(j, db, options, resign); dns_journal_destroy(&j); diff --git a/lib/dns/zone.c b/lib/dns/zone.c index a0e3509545..319c93e1c7 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.c,v 1.523 2009/10/27 23:47:45 tbox Exp $ */ +/* $Id: zone.c,v 1.524 2009/11/04 01:25:55 marka Exp $ */ /*! \file */ @@ -2429,7 +2429,6 @@ static void set_resigntime(dns_zone_t *zone) { dns_rdataset_t rdataset; dns_fixedname_t fixed; - char namebuf[DNS_NAME_FORMATSIZE]; unsigned int resign; isc_result_t result; isc_uint32_t nanosecs; @@ -2443,7 +2442,6 @@ set_resigntime(dns_zone_t *zone) { return; } resign = rdataset.resign; - dns_name_format(dns_fixedname_name(&fixed), namebuf, sizeof(namebuf)); dns_rdataset_disassociate(&rdataset); isc_random_get(&nanosecs); nanosecs %= 1000000000; @@ -3262,8 +3260,9 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, options = DNS_JOURNALOPT_RESIGN; else options = 0; - result = dns_journal_rollforward(zone->mctx, db, options, - zone->journal); + result = dns_journal_rollforward2(zone->mctx, db, options, + zone->sigresigninginterval, + zone->journal); if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND && result != DNS_R_UPTODATE && result != DNS_R_NOJOURNAL && result != ISC_R_RANGE) { From 0a30185f80f3962aba0e1f30ad7743fb8c8aa65d Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 4 Nov 2009 02:15:30 +0000 Subject: [PATCH 19/87] 2748. [func] Identify bad answers from GTLD servers and treat them as referrals. [RT #18884] --- CHANGES | 3 + bin/tests/system/resolver/ans2/ans.pl | 3 +- bin/tests/system/resolver/ans3/ans.pl | 3 +- lib/dns/resolver.c | 147 ++++++++++++++++++++------ 4 files changed, 121 insertions(+), 35 deletions(-) diff --git a/CHANGES b/CHANGES index 64fdd64740..78b4b267b1 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2748. [func] Identify bad answers from GTLD servers and treat them + as referrals. [RT #18884] + 2747. [bug] Journal roll forwards failed to set the re-signing time of RRSIGs correctly. [RT #20541] diff --git a/bin/tests/system/resolver/ans2/ans.pl b/bin/tests/system/resolver/ans2/ans.pl index 2d49de836f..25932f6bc0 100644 --- a/bin/tests/system/resolver/ans2/ans.pl +++ b/bin/tests/system/resolver/ans2/ans.pl @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: ans.pl,v 1.12 2009/05/29 23:47:49 tbox Exp $ +# $Id: ans.pl,v 1.13 2009/11/04 02:15:30 marka Exp $ # # Ad hoc name server @@ -68,6 +68,7 @@ for (;;) { $qname eq "foo.baddname.example.org" || $qname eq "foo.gooddname.example.org") { # Data for address/alias filtering. + $packet->header->aa(1); if ($qtype eq "A") { $packet->push("answer", new Net::DNS::RR($qname . diff --git a/bin/tests/system/resolver/ans3/ans.pl b/bin/tests/system/resolver/ans3/ans.pl index 30cc3ff6c3..966c3fc72e 100644 --- a/bin/tests/system/resolver/ans3/ans.pl +++ b/bin/tests/system/resolver/ans3/ans.pl @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: ans.pl,v 1.11 2009/05/29 23:47:49 tbox Exp $ +# $Id: ans.pl,v 1.12 2009/11/04 02:15:30 marka Exp $ # # Ad hoc name server @@ -49,6 +49,7 @@ for (;;) { $packet->print; $packet->header->qr(1); + $packet->header->aa(1); my @questions = $packet->question; my $qname = $questions[0]->qname; diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index bf9c42859c..bc5f62b6f6 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resolver.c,v 1.408 2009/10/28 18:04:29 each Exp $ */ +/* $Id: resolver.c,v 1.409 2009/11/04 02:15:29 marka Exp $ */ /*! \file */ @@ -4819,7 +4819,9 @@ mark_related(dns_name_t *name, dns_rdataset_t *rdataset, } static isc_result_t -check_related(void *arg, dns_name_t *addname, dns_rdatatype_t type) { +check_section(void *arg, dns_name_t *addname, dns_rdatatype_t type, + dns_section_t section) +{ fetchctx_t *fctx = arg; isc_result_t result; dns_name_t *name; @@ -4830,15 +4832,19 @@ check_related(void *arg, dns_name_t *addname, dns_rdatatype_t type) { REQUIRE(VALID_FCTX(fctx)); +#if CHECK_FOR_GLUE_IN_ANSWER + if (section == DNS_SECTION_ANSWER && type != dns_rdatatype_a) + return (ISC_R_SUCCESS); +#endif + if (GLUING(fctx)) gluing = ISC_TRUE; else gluing = ISC_FALSE; name = NULL; rdataset = NULL; - result = dns_message_findname(fctx->rmessage, DNS_SECTION_ADDITIONAL, - addname, dns_rdatatype_any, 0, &name, - NULL); + result = dns_message_findname(fctx->rmessage, section, addname, + dns_rdatatype_any, 0, &name, NULL); if (result == ISC_R_SUCCESS) { external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain)); if (type == dns_rdatatype_a) { @@ -4876,6 +4882,21 @@ check_related(void *arg, dns_name_t *addname, dns_rdatatype_t type) { return (ISC_R_SUCCESS); } +static isc_result_t +check_related(void *arg, dns_name_t *addname, dns_rdatatype_t type) { + return (check_section(arg, addname, type, DNS_SECTION_ADDITIONAL)); +} + +#ifndef CHECK_FOR_GLUE_IN_ANSWER +#define CHECK_FOR_GLUE_IN_ANSWER 0 +#endif +#if CHECK_FOR_GLUE_IN_ANSWER +static isc_result_t +check_answer(void *arg, dns_name_t *addname, dns_rdatatype_t type) { + return (check_section(arg, addname, type, DNS_SECTION_ANSWER)); +} +#endif + static void chase_additional(fetchctx_t *fctx) { isc_boolean_t rescan; @@ -5103,14 +5124,17 @@ is_answertarget_allowed(dns_view_t *view, dns_name_t *name, /* * Handle a no-answer response (NXDOMAIN, NXRRSET, or referral). - * If bind8_ns_resp is ISC_TRUE, this is a suspected BIND 8 - * response to an NS query that should be treated as a referral - * even though the NS records occur in the answer section - * rather than the authority section. + * If look_in_options has LOOK_FOR_NS_IN_ANSWER then we look in the answer + * section for the NS RRset if the query type is NS; if it has + * LOOK_FOR_GLUE_IN_ANSWER we look for glue incorrectly returned in the answer + * section for A and AAAA queries. */ +#define LOOK_FOR_NS_IN_ANSWER 0x1 +#define LOOK_FOR_GLUE_IN_ANSWER 0x2 + static isc_result_t noanswer_response(fetchctx_t *fctx, dns_name_t *oqname, - isc_boolean_t bind8_ns_resp) + unsigned int look_in_options) { isc_result_t result; dns_message_t *message; @@ -5118,11 +5142,16 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname, dns_rdataset_t *rdataset, *ns_rdataset; isc_boolean_t aa, negative_response; dns_rdatatype_t type; - dns_section_t section = - bind8_ns_resp ? DNS_SECTION_ANSWER : DNS_SECTION_AUTHORITY; + dns_section_t section; FCTXTRACE("noanswer_response"); + if ((look_in_options & LOOK_FOR_NS_IN_ANSWER) != 0) { + INSIST(fctx->type == dns_rdatatype_ns); + section = DNS_SECTION_ANSWER; + } else + section = DNS_SECTION_AUTHORITY; + message = fctx->rmessage; /* @@ -5403,6 +5432,20 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname, fctx->attributes |= FCTX_ATTR_GLUING; (void)dns_rdataset_additionaldata(ns_rdataset, check_related, fctx); +#if CHECK_FOR_GLUE_IN_ANSWER + /* + * Look in the answer section for "glue" that is incorrectly + * returned as a answer. This is needed if the server also + * minimizes the response size by not adding records to the + * additional section that are in the answer section or if + * the record gets dropped due to message size constraints. + */ + if ((look_in_options & LOOK_FOR_GLUE_IN_ANSWER) != 0 && + (fctx->type == dns_rdatatype_aaaa || + fctx->type == dns_rdatatype_a)) + (void)dns_rdataset_additionaldata(ns_rdataset, + check_answer, fctx); +#endif fctx->attributes &= ~FCTX_ATTR_GLUING; /* * NS rdatasets with 0 TTL cause problems. @@ -5817,7 +5860,7 @@ answer_response(fetchctx_t *fctx) { * If it isn't a noanswer response, no harm will be * done. */ - return (noanswer_response(fctx, qname, ISC_FALSE)); + return (noanswer_response(fctx, qname, 0)); } /* @@ -6137,6 +6180,16 @@ log_packet(dns_message_t *message, int level, isc_mem_t *mctx) { isc_mem_put(mctx, buf, len); } +static isc_boolean_t +iscname(fetchctx_t *fctx) { + isc_result_t result; + + result = dns_message_findname(fctx->rmessage, DNS_SECTION_ANSWER, + &fctx->name, dns_rdatatype_cname, 0, + NULL, NULL); + return (result == ISC_R_SUCCESS ? ISC_TRUE : ISC_FALSE); +} + static void resquery_response(isc_task_t *task, isc_event_t *event) { isc_result_t result = ISC_R_SUCCESS; @@ -6576,27 +6629,56 @@ resquery_response(isc_task_t *task, isc_event_t *event) { (message->rcode == dns_rcode_noerror || message->rcode == dns_rcode_nxdomain)) { /* - * We've got answers. However, if we sent - * a BIND 8 server an NS query, it may have - * incorrectly responded with a non-authoritative - * answer instead of a referral. Since this - * answer lacks the SIGs necessary to do DNSSEC - * validation, we must invoke the following special - * kludge to treat it as a referral. + * [normal case] + * We've got answers. If it has an authoritative answer or an + * answer from a forwarder, we're done. */ - if (fctx->type == dns_rdatatype_ns && - (message->flags & DNS_MESSAGEFLAG_AA) == 0 && - !ISFORWARDER(query->addrinfo)) - { - result = noanswer_response(fctx, NULL, ISC_TRUE); + if ((message->flags & DNS_MESSAGEFLAG_AA) != 0 || + ISFORWARDER(query->addrinfo)) + result = answer_response(fctx); + else if (iscname(fctx) && + fctx->type != dns_rdatatype_any && + fctx->type != dns_rdatatype_cname) { + /* + * A BIND8 server could return a non-authoritative + * answer when a CNAME is followed. We should treat + * it as a valid answer. + */ + result = answer_response(fctx); + } else { + if (fctx->type == dns_rdatatype_ns) { + /* + * A BIND 8 server could incorrectly return a + * non-authoritative answer to an NS query + * instead of a referral. Since this answer + * lacks the SIGs necessary to do DNSSEC + * validation, we must invoke the following + * special kludge to treat it as a referral. + */ + result = noanswer_response(fctx, NULL, + LOOK_FOR_NS_IN_ANSWER); + } else { + /* + * Some other servers may still somehow include + * an answer when it should return a referral + * with an empty answer. Check to see if we can + * treat this as a referral by ignoring the + * answer. Further more, there may be an + * implementation that moves A/AAAA glue records + * to the answer section for that type of + * delegation when the query is for that glue + * record. LOOK_FOR_GLUE_IN_ANSWER will handle + * such a corner case. + */ + result = noanswer_response(fctx, NULL, + LOOK_FOR_GLUE_IN_ANSWER); + } if (result != DNS_R_DELEGATION) { /* - * The answer section must have contained - * something other than the NS records - * we asked for. Since AA is not set - * and the server is not a forwarder, - * it is technically lame and it's easier - * to treat it as such than to figure out + * At this point, AA is not set, the response + * is not a referral, and the server is not a + * forwarder. It is technically lame and it's + * easier to treat it as such than to figure out * some more elaborate course of action. */ broken_server = DNS_R_LAME; @@ -6605,7 +6687,6 @@ resquery_response(isc_task_t *task, isc_event_t *event) { } goto force_referral; } - result = answer_response(fctx); if (result != ISC_R_SUCCESS) { if (result == DNS_R_FORMERR) keep_trying = ISC_TRUE; @@ -6617,7 +6698,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) { /* * NXDOMAIN, NXRDATASET, or referral. */ - result = noanswer_response(fctx, NULL, ISC_FALSE); + result = noanswer_response(fctx, NULL, 0); if (result == DNS_R_CHASEDSSERVERS) { } else if (result == DNS_R_DELEGATION) { force_referral: From e94fe42a2007a4ffdd27ba99d3756622f8da1008 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 4 Nov 2009 03:46:44 +0000 Subject: [PATCH 20/87] 2749. [bug] ixfr-from-differences generated a non-minimal ixfr for NSEC3 signed zones. [RT #20452] --- CHANGES | 3 ++ lib/dns/journal.c | 84 ++++++++++++++++++++++++++++------------------- 2 files changed, 53 insertions(+), 34 deletions(-) diff --git a/CHANGES b/CHANGES index 78b4b267b1..ba301734ab 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2749. [bug] ixfr-from-differences generated a non-minimal ixfr + for NSEC3 signed zones. [RT #20452] + 2748. [func] Identify bad answers from GTLD servers and treat them as referrals. [RT #18884] diff --git a/lib/dns/journal.c b/lib/dns/journal.c index 6062d5d683..479da1e98f 100644 --- a/lib/dns/journal.c +++ b/lib/dns/journal.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: journal.c,v 1.107 2009/11/04 01:25:55 marka Exp $ */ +/* $Id: journal.c,v 1.108 2009/11/04 03:46:44 marka Exp $ */ #include @@ -1859,18 +1859,11 @@ dns_diff_subtract(dns_diff_t diff[2], dns_diff_t *r) { return (result); } -/* - * Compare the databases 'dba' and 'dbb' and generate a journal - * entry containing the changes to make 'dba' from 'dbb' (note - * the order). This journal entry will consist of a single, - * possibly very large transaction. - */ - -isc_result_t -dns_db_diff(isc_mem_t *mctx, - dns_db_t *dba, dns_dbversion_t *dbvera, - dns_db_t *dbb, dns_dbversion_t *dbverb, - const char *journal_filename) +static isc_result_t +diff_namespace(isc_mem_t *mctx, + dns_db_t *dba, dns_dbversion_t *dbvera, + dns_db_t *dbb, dns_dbversion_t *dbverb, + unsigned int options, dns_diff_t *resultdiff) { dns_db_t *db[2]; dns_dbversion_t *ver[2]; @@ -1878,30 +1871,24 @@ dns_db_diff(isc_mem_t *mctx, isc_boolean_t have[2] = { ISC_FALSE, ISC_FALSE }; dns_fixedname_t fixname[2]; isc_result_t result, itresult[2]; - dns_diff_t diff[2], resultdiff; + dns_diff_t diff[2]; int i, t; - dns_journal_t *journal = NULL; db[0] = dba, db[1] = dbb; ver[0] = dbvera, ver[1] = dbverb; dns_diff_init(mctx, &diff[0]); dns_diff_init(mctx, &diff[1]); - dns_diff_init(mctx, &resultdiff); dns_fixedname_init(&fixname[0]); dns_fixedname_init(&fixname[1]); - result = dns_journal_open(mctx, journal_filename, ISC_TRUE, &journal); + result = dns_db_createiterator(db[0], options, &dbit[0]); if (result != ISC_R_SUCCESS) return (result); - - result = dns_db_createiterator(db[0], 0, &dbit[0]); + result = dns_db_createiterator(db[1], options, &dbit[1]); if (result != ISC_R_SUCCESS) - goto cleanup_journal; - result = dns_db_createiterator(db[1], 0, &dbit[1]); - if (result != ISC_R_SUCCESS) - goto cleanup_interator0; + goto cleanup_interator; itresult[0] = dns_dbiterator_first(dbit[0]); itresult[1] = dns_dbiterator_first(dbit[1]); @@ -1928,7 +1915,7 @@ dns_db_diff(isc_mem_t *mctx, for (i = 0; i < 2; i++) { if (! have[!i]) { - ISC_LIST_APPENDLIST(resultdiff.tuples, + ISC_LIST_APPENDLIST(resultdiff->tuples, diff[i].tuples, link); INSIST(ISC_LIST_EMPTY(diff[i].tuples)); have[i] = ISC_FALSE; @@ -1939,21 +1926,21 @@ dns_db_diff(isc_mem_t *mctx, t = dns_name_compare(dns_fixedname_name(&fixname[0]), dns_fixedname_name(&fixname[1])); if (t < 0) { - ISC_LIST_APPENDLIST(resultdiff.tuples, + ISC_LIST_APPENDLIST(resultdiff->tuples, diff[0].tuples, link); INSIST(ISC_LIST_EMPTY(diff[0].tuples)); have[0] = ISC_FALSE; continue; } if (t > 0) { - ISC_LIST_APPENDLIST(resultdiff.tuples, + ISC_LIST_APPENDLIST(resultdiff->tuples, diff[1].tuples, link); INSIST(ISC_LIST_EMPTY(diff[1].tuples)); have[1] = ISC_FALSE; continue; } INSIST(t == 0); - CHECK(dns_diff_subtract(diff, &resultdiff)); + CHECK(dns_diff_subtract(diff, resultdiff)); INSIST(ISC_LIST_EMPTY(diff[0].tuples)); INSIST(ISC_LIST_EMPTY(diff[1].tuples)); have[0] = have[1] = ISC_FALSE; @@ -1964,20 +1951,49 @@ dns_db_diff(isc_mem_t *mctx, if (itresult[1] != ISC_R_NOMORE) FAIL(itresult[1]); + INSIST(ISC_LIST_EMPTY(diff[0].tuples)); + INSIST(ISC_LIST_EMPTY(diff[1].tuples)); + + failure: + dns_dbiterator_destroy(&dbit[1]); + cleanup_interator: + dns_dbiterator_destroy(&dbit[0]); + return (result); +} + +/* + * Compare the databases 'dba' and 'dbb' and generate a journal + * entry containing the changes to make 'dba' from 'dbb' (note + * the order). This journal entry will consist of a single, + * possibly very large transaction. + */ +isc_result_t +dns_db_diff(isc_mem_t *mctx, + dns_db_t *dba, dns_dbversion_t *dbvera, + dns_db_t *dbb, dns_dbversion_t *dbverb, + const char *journal_filename) +{ + isc_result_t result; + dns_journal_t *journal = NULL; + dns_diff_t resultdiff; + + result = dns_journal_open(mctx, journal_filename, ISC_TRUE, &journal); + if (result != ISC_R_SUCCESS) + return (result); + + dns_diff_init(mctx, &resultdiff); + + CHECK(diff_namespace(mctx, dba, dbvera, dbb, dbverb, + DNS_DB_NONSEC3, &resultdiff)); + CHECK(diff_namespace(mctx, dba, dbvera, dbb, dbverb, + DNS_DB_NSEC3ONLY, &resultdiff)); if (ISC_LIST_EMPTY(resultdiff.tuples)) { isc_log_write(JOURNAL_DEBUG_LOGARGS(3), "no changes"); } else { CHECK(dns_journal_write_transaction(journal, &resultdiff)); } - INSIST(ISC_LIST_EMPTY(diff[0].tuples)); - INSIST(ISC_LIST_EMPTY(diff[1].tuples)); - failure: dns_diff_clear(&resultdiff); - dns_dbiterator_destroy(&dbit[1]); - cleanup_interator0: - dns_dbiterator_destroy(&dbit[0]); - cleanup_journal: dns_journal_destroy(&journal); return (result); } From 2484c7db7a4e6fea66d4c6532316be4711dad3d4 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 4 Nov 2009 04:22:16 +0000 Subject: [PATCH 21/87] spelling --- lib/dns/journal.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/dns/journal.c b/lib/dns/journal.c index 479da1e98f..5ef2a2e784 100644 --- a/lib/dns/journal.c +++ b/lib/dns/journal.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: journal.c,v 1.108 2009/11/04 03:46:44 marka Exp $ */ +/* $Id: journal.c,v 1.109 2009/11/04 04:22:16 marka Exp $ */ #include @@ -1888,7 +1888,7 @@ diff_namespace(isc_mem_t *mctx, return (result); result = dns_db_createiterator(db[1], options, &dbit[1]); if (result != ISC_R_SUCCESS) - goto cleanup_interator; + goto cleanup_iterator; itresult[0] = dns_dbiterator_first(dbit[0]); itresult[1] = dns_dbiterator_first(dbit[1]); @@ -1956,7 +1956,7 @@ diff_namespace(isc_mem_t *mctx, failure: dns_dbiterator_destroy(&dbit[1]); - cleanup_interator: + cleanup_iterator: dns_dbiterator_destroy(&dbit[0]); return (result); } From 7efc6d9cb8bea410d0580b03c7fab449f38902a4 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 4 Nov 2009 05:58:46 +0000 Subject: [PATCH 22/87] cleanup [RT #20509] --- lib/isc/unix/app.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/lib/isc/unix/app.c b/lib/isc/unix/app.c index 04dfa7e5f8..5393be9425 100644 --- a/lib/isc/unix/app.c +++ b/lib/isc/unix/app.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: app.c,v 1.63 2009/09/02 23:48:03 tbox Exp $ */ +/* $Id: app.c,v 1.64 2009/11/04 05:58:46 marka Exp $ */ /*! \file */ @@ -68,15 +68,6 @@ #include "socket_p.h" #endif /* USE_THREADS_SINGLECTX */ -/*! - * We assume that 'want_shutdown' can be read and written atomically. - */ -static volatile isc_boolean_t want_shutdown = ISC_FALSE; -/* - * We assume that 'want_reload' can be read and written atomically. - */ -static volatile isc_boolean_t want_reload = ISC_FALSE; - #ifdef ISC_PLATFORM_USETHREADS static pthread_t blockedthread; #endif /* ISC_PLATFORM_USETHREADS */ @@ -504,11 +495,6 @@ evloop(isc__appctx_t *ctx) { if (n > 0) (void)isc__socketmgr_dispatch(ctx->socketmgr, swait); (void)isc__taskmgr_dispatch(ctx->taskmgr); - - if (want_reload) { - want_reload = ISC_FALSE; - return (ISC_R_RELOAD); - } } return (ISC_R_SUCCESS); } From 515cba20eb6310106f1a9d73473e3a5c003bde8f Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Wed, 4 Nov 2009 22:35:08 +0000 Subject: [PATCH 23/87] fixed typos --- doc/arm/Bv9ARM-book.xml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index 81665e8e7b..bda1ffc4a9 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + BIND 9 Administrator Reference Manual @@ -5001,7 +5001,6 @@ badresp:1,adberr:0,findfail:0,valfail:0] random-device path_name ; max-cache-size size_spec ; match-mapped-addresses yes_or_no; - match-mapped-addresses yes_or_no; disable-aaaa-on-v4-transport ( yes_or_no | break-dnssec ); preferred-glue ( A | AAAA | NONE ); edns-udp-size number; @@ -6282,9 +6281,6 @@ options { IPv4 clients that are servers can then erroneously answer requests for AAAA records received via IPv4. - - security - From 2d84cba8f40073b8bcd38630d3353bfaa8560880 Mon Sep 17 00:00:00 2001 From: Automatic Updater Date: Wed, 4 Nov 2009 23:48:18 +0000 Subject: [PATCH 24/87] update copyright notice --- lib/dns/include/dns/journal.h | 6 +++--- lib/dns/journal.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/dns/include/dns/journal.h b/lib/dns/include/dns/journal.h index ba125c9a1c..8100ce1b96 100644 --- a/lib/dns/include/dns/journal.h +++ b/lib/dns/include/dns/journal.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: journal.h,v 1.36 2009/11/04 01:25:55 marka Exp $ */ +/* $Id: journal.h,v 1.37 2009/11/04 23:48:18 tbox Exp $ */ #ifndef DNS_JOURNAL_H #define DNS_JOURNAL_H 1 @@ -240,10 +240,10 @@ dns_journal_rollforward2(isc_mem_t *mctx, dns_db_t *db, unsigned int options, * Roll forward (play back) the journal file "filename" into the * database "db". This should be called when the server starts * after a shutdown or crash. 'resign' is how many seconds before - * a RRSIG is due to expire it should be scheduled to be regenerated. + * a RRSIG is due to expire it should be scheduled to be regenerated. * * Requires: - *\li dns_journal_rollforward() requires that DNS_JOURNALOPT_RESIGN + *\li dns_journal_rollforward() requires that DNS_JOURNALOPT_RESIGN * is not set. *\li 'mctx' is a valid memory context. *\li 'db' is a valid database which does not have a version diff --git a/lib/dns/journal.c b/lib/dns/journal.c index 5ef2a2e784..067ed5da90 100644 --- a/lib/dns/journal.c +++ b/lib/dns/journal.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: journal.c,v 1.109 2009/11/04 04:22:16 marka Exp $ */ +/* $Id: journal.c,v 1.110 2009/11/04 23:48:18 tbox Exp $ */ #include @@ -1971,7 +1971,7 @@ isc_result_t dns_db_diff(isc_mem_t *mctx, dns_db_t *dba, dns_dbversion_t *dbvera, dns_db_t *dbb, dns_dbversion_t *dbverb, - const char *journal_filename) + const char *journal_filename) { isc_result_t result; dns_journal_t *journal = NULL; From b55ce50367d22a965bbeb460a9a1ffdb83fe4bc5 Mon Sep 17 00:00:00 2001 From: Automatic Updater Date: Thu, 5 Nov 2009 01:15:15 +0000 Subject: [PATCH 25/87] regen --- doc/arm/Bv9ARM.ch06.html | 96 +++++++------- doc/arm/Bv9ARM.ch07.html | 14 +-- doc/arm/Bv9ARM.ch08.html | 18 +-- doc/arm/Bv9ARM.ch09.html | 180 +++++++++++++-------------- doc/arm/Bv9ARM.html | 46 +++---- doc/arm/man.ddns-confgen.html | 10 +- doc/arm/man.dig.html | 20 +-- doc/arm/man.dnssec-dsfromkey.html | 16 +-- doc/arm/man.dnssec-keyfromlabel.html | 14 +-- doc/arm/man.dnssec-keygen.html | 16 +-- doc/arm/man.dnssec-revoke.html | 10 +- doc/arm/man.dnssec-settime.html | 14 +-- doc/arm/man.dnssec-signzone.html | 12 +- doc/arm/man.host.html | 10 +- doc/arm/man.named-checkconf.html | 12 +- doc/arm/man.named-checkzone.html | 12 +- doc/arm/man.named.html | 16 +-- doc/arm/man.nsupdate.html | 14 +-- doc/arm/man.rndc-confgen.html | 12 +- doc/arm/man.rndc.conf.html | 12 +- doc/arm/man.rndc.html | 12 +- 21 files changed, 281 insertions(+), 285 deletions(-) diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html index 79369cc943..6cbe3b0bec 100644 --- a/doc/arm/Bv9ARM.ch06.html +++ b/doc/arm/Bv9ARM.ch06.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -78,28 +78,28 @@

server Statement Definition and Usage
statistics-channels Statement Grammar
-
statistics-channels Statement Definition and +
statistics-channels Statement Definition and Usage
-
trusted-keys Statement Grammar
-
trusted-keys Statement Definition +
trusted-keys Statement Grammar
+
trusted-keys Statement Definition and Usage
-
managed-keys Statement Grammar
-
managed-keys Statement Definition +
managed-keys Statement Grammar
+
managed-keys Statement Definition and Usage
view Statement Grammar
-
view Statement Definition and Usage
+
view Statement Definition and Usage
zone Statement Grammar
-
zone Statement Definition and Usage
+
zone Statement Definition and Usage
-
Zone File
+
Zone File
Types of Resource Records and When to Use Them
-
Discussion of MX Records
+
Discussion of MX Records
Setting TTLs
-
Inverse Mapping in IPv4
-
Other Zone File Directives
-
BIND Master File Extension: the $GENERATE Directive
+
Inverse Mapping in IPv4
+
Other Zone File Directives
+
BIND Master File Extension: the $GENERATE Directive
Additional File Formats
BIND9 Statistics
@@ -2221,7 +2221,6 @@ badresp:1,adberr:0,findfail:0,valfail:0] [ random-device path_name ; ] [ max-cache-size size_spec ; ] [ match-mapped-addresses yes_or_no; ] - [ match-mapped-addresses yes_or_no; ] [ disable-aaaa-on-v4-transport ( yes_or_no | break-dnssec ); ] [ preferred-glue ( A | AAAA | NONE ); ] [ edns-udp-size number; ] @@ -3256,9 +3255,6 @@ options { IPv4 clients that are servers can then erroneously answer requests for AAAA records received via IPv4.

-

- security -

ixfr-from-differences
@@ -3482,7 +3478,7 @@ options {

-Forwarding

+Forwarding

The forwarding facility can be used to create a large site-wide cache on a few servers, reducing traffic over links to external @@ -3526,7 +3522,7 @@ options {

-Dual-stack Servers

+Dual-stack Servers

Dual-stack servers are used as servers of last resort to work around @@ -3723,7 +3719,7 @@ options {

-Interfaces

+Interfaces

The interfaces and ports that the server will answer queries from may be specified using the listen-on option. listen-on takes @@ -4175,7 +4171,7 @@ avoid-v6-udp-ports {};

-UDP Port Lists

+UDP Port Lists

use-v4-udp-ports, avoid-v4-udp-ports, @@ -4217,7 +4213,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };

-Operating System Resource Limits

+Operating System Resource Limits

The server's usage of many system resources can be limited. Scaled values are allowed when specifying resource limits. For @@ -4379,7 +4375,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };

-Periodic Task Intervals

+Periodic Task Intervals
cleaning-interval

@@ -5175,7 +5171,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };

-Content Filtering

+Content Filtering

BIND 9 provides the ability to filter out DNS responses from external DNS servers containing @@ -5505,7 +5501,7 @@ deny-answer-aliases { "example.net"; };

-statistics-channels Statement Definition and +statistics-channels Statement Definition and Usage

The statistics-channels statement @@ -5556,7 +5552,7 @@ deny-answer-aliases { "example.net"; };

-trusted-keys Statement Grammar

+trusted-keys Statement Grammar
trusted-keys {
     string number number number string ;
     [ string number number number string ; [...]]
@@ -5565,7 +5561,7 @@ deny-answer-aliases { "example.net"; };
 
 

 

-trusted-keys Statement Definition
+trusted-keys Statement Definition
             and Usage

 

             The trusted-keys statement defines
@@ -5605,7 +5601,7 @@ deny-answer-aliases { "example.net"; };
 

 

 

-managed-keys Statement Grammar

+managed-keys Statement Grammar

 
managed-keys {
     string initial-key number number number string ;
     [ string initial-key number number number string ; [...]]
@@ -5614,7 +5610,7 @@ deny-answer-aliases { "example.net"; };
 
 

 

-managed-keys Statement Definition
+managed-keys Statement Definition
             and Usage

 

             The managed-keys statement, like 
@@ -5740,7 +5736,7 @@ deny-answer-aliases { "example.net"; };
 

 

 

-view Statement Definition and Usage

+view Statement Definition and Usage

 

             The view statement is a powerful
             feature
@@ -6020,10 +6016,10 @@ zone zone_name [
 

 

-zone Statement Definition and Usage

+zone Statement Definition and Usage

 

 

-Zone Types

+Zone Types

 
@@ -6234,7 +6230,7 @@ zone zone_name [
 

 

-Class

+Class

 

               The zone's name may optionally be followed by a class. If
               a class is not specified, class IN (for Internet),
@@ -6256,7 +6252,7 @@ zone zone_name [
 

 

-Zone Options

+Zone Options

 

 
allow-notify

 

@@ -6926,7 +6922,7 @@ zone zone_name [
 

 

-Zone File

+Zone File

 

 

 Types of Resource Records and When to Use Them

@@ -6939,7 +6935,7 @@ zone zone_name [
 

 

-Resource Records

+Resource Records

 

               A domain name identifies a node.  Each node has a set of
               resource information, which may be empty.  The set of resource
@@ -7676,7 +7672,7 @@ zone zone_name [
 

 

-Textual expression of RRs

+Textual expression of RRs

 

               RRs are represented in binary form in the packets of the DNS
               protocol, and are usually represented in highly encoded form
@@ -7879,7 +7875,7 @@ zone zone_name [
 

 

-Discussion of MX Records

+Discussion of MX Records

 

             As described above, domain servers store information as a
             series of resource records, each of which contains a particular
@@ -8135,7 +8131,7 @@ zone zone_name [
 

 

-Inverse Mapping in IPv4

+Inverse Mapping in IPv4

 

             Reverse name resolution (that is, translation from IP address
             to name) is achieved by means of the in-addr.arpa domain
@@ -8196,7 +8192,7 @@ zone zone_name [
 

 

-Other Zone File Directives

+Other Zone File Directives

 

             The Master File Format was initially defined in RFC 1035 and
             has subsequently been extended. While the Master File Format
@@ -8211,7 +8207,7 @@ zone zone_name [
 

 

-The @ (at-sign)

+The @ (at-sign)

 

               When used in the label (or name) field, the asperand or
               at-sign (@) symbol represents the current origin.
@@ -8222,7 +8218,7 @@ zone zone_name [
 

 

-The $ORIGIN Directive

+The $ORIGIN Directive

 

               Syntax: $ORIGIN
               domain-name
@@ -8251,7 +8247,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $INCLUDE Directive

+The $INCLUDE Directive

 

               Syntax: $INCLUDE
               filename
@@ -8287,7 +8283,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $TTL Directive

+The $TTL Directive

 

               Syntax: $TTL
               default-ttl
@@ -8306,7 +8302,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-BIND Master File Extension: the  $GENERATE Directive

+BIND Master File Extension: the  $GENERATE Directive

 

             Syntax: $GENERATE
             range
@@ -8730,7 +8726,7 @@ HOST-127.EXAMPLE. MX 0 .
           

 

 

-Name Server Statistics Counters

+Name Server Statistics Counters

 

 
 

@@ -9287,7 +9283,7 @@ HOST-127.EXAMPLE. MX 0 .
 

 

-Zone Maintenance Statistics Counters

+Zone Maintenance Statistics Counters

 
 

 
 
@@ -9441,7 +9437,7 @@ HOST-127.EXAMPLE. MX 0 .
 

 

-Resolver Statistics Counters

+Resolver Statistics Counters

 
 

 
 
@@ -9824,7 +9820,7 @@ HOST-127.EXAMPLE. MX 0 .
 

 

-Socket I/O Statistics Counters

+Socket I/O Statistics Counters

               Socket I/O statistics counters are defined per socket
               types, which are
@@ -9979,7 +9975,7 @@ HOST-127.EXAMPLE. MX 0 .
 
 

 

-Compatibility with BIND 8 Counters

+Compatibility with BIND 8 Counters

               Most statistics counters that were available
               in BIND 8 are also supported in
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 50a850e165..1649df4c84 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -46,10 +46,10 @@
 
Table of Contents

 
Access Control Lists

-
Chroot and Setuid

+
Chroot and Setuid

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

@@ -122,7 +122,7 @@ zone "example.com" {
 

 

-Chroot and Setuid
+Chroot and Setuid
 

 

           On UNIX servers, it is possible to run BIND
@@ -148,7 +148,7 @@ zone "example.com" {
         

 

 

-The chroot Environment

+The chroot Environment

             In order for a chroot environment
             to
@@ -176,7 +176,7 @@ zone "example.com" {
 
 

 

-Using the setuid Function

+Using the setuid Function

             Prior to running the named daemon,
             use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 239c5553cb..23b225b4b1 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,18 +45,18 @@
 

 
Table of Contents

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 

 

-Common Problems

+Common Problems

 

-It's not working; how can I figure out what's wrong?

+It's not working; how can I figure out what's wrong?

             The best solution to solving installation and
             configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
 
 

 

-Incrementing and Changing the Serial Number

+Incrementing and Changing the Serial Number

           Zone serial numbers are just numbers — they aren't
           date related.  A lot of people set them to a number that
@@ -95,7 +95,7 @@
 
 

 

-Where Can I Get Help?

+Where Can I Get Help?

           The Internet Systems Consortium
           (ISC) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 10c714075b..4c6bdd575b 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,21 +45,21 @@
 

 
Table of Contents

 

-
Acknowledgments

+
Acknowledgments

 
A Brief History of the DNS and BIND

-
General DNS Reference Information

+
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

 

 

-Acknowledgments

+Acknowledgments

 

 A Brief History of the DNS and BIND
@@ -162,7 +162,7 @@
 

 

 

-General DNS Reference Information

+General DNS Reference Information

 

 

 IPv6 addresses (AAAA)

@@ -250,17 +250,17 @@
           

 

 

-Bibliography

+Bibliography

 
Standards

 

-
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

+
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

 

 

-
[RFC1034] P.V. Mockapetris. Domain Names — Concepts and Facilities. November 1987. 

+
[RFC1034] P.V. Mockapetris. Domain Names — Concepts and Facilities. November 1987. 

 

 

-
[RFC1035] P. V. Mockapetris. Domain Names — Implementation and
+
[RFC1035] P. V. Mockapetris. Domain Names — Implementation and
                   Specification. November 1987. 

 

 

@@ -268,42 +268,42 @@
 

 Proposed Standards

 

-
[RFC2181] R., R. Bush Elz. Clarifications to the DNS
+
[RFC2181] R., R. Bush Elz. Clarifications to the DNS
                   Specification. July 1997. 

 

 

-
[RFC2308] M. Andrews. Negative Caching of DNS
+
[RFC2308] M. Andrews. Negative Caching of DNS
                   Queries. March 1998. 

 

 

-
[RFC1995] M. Ohta. Incremental Zone Transfer in DNS. August 1996. 

+
[RFC1995] M. Ohta. Incremental Zone Transfer in DNS. August 1996. 

 

 

-
[RFC1996] P. Vixie. A Mechanism for Prompt Notification of Zone Changes. August 1996. 

+
[RFC1996] P. Vixie. A Mechanism for Prompt Notification of Zone Changes. August 1996. 

 

 

-
[RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic Updates in the Domain Name System. April 1997. 

+
[RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic Updates in the Domain Name System. April 1997. 

 

 

-
[RFC2671] P. Vixie. Extension Mechanisms for DNS (EDNS0). August 1997. 

+
[RFC2671] P. Vixie. Extension Mechanisms for DNS (EDNS0). August 1997. 

 

 

-
[RFC2672] M. Crawford. Non-Terminal DNS Name Redirection. August 1999. 

+
[RFC2672] M. Crawford. Non-Terminal DNS Name Redirection. August 1999. 

 

 

-
[RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington. Secret Key Transaction Authentication for DNS (TSIG). May 2000. 

+
[RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington. Secret Key Transaction Authentication for DNS (TSIG). May 2000. 

 

 

-
[RFC2930] D. Eastlake, 3rd. Secret Key Establishment for DNS (TKEY RR). September 2000. 

+
[RFC2930] D. Eastlake, 3rd. Secret Key Establishment for DNS (TKEY RR). September 2000. 

 

 

-
[RFC2931] D. Eastlake, 3rd. DNS Request and Transaction Signatures (SIG(0)s). September 2000. 

+
[RFC2931] D. Eastlake, 3rd. DNS Request and Transaction Signatures (SIG(0)s). September 2000. 

 

 

-
[RFC3007] B. Wellington. Secure Domain Name System (DNS) Dynamic Update. November 2000. 

+
[RFC3007] B. Wellington. Secure Domain Name System (DNS) Dynamic Update. November 2000. 

 

 

-
[RFC3645] S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead, and R. Hall. Generic Security Service Algorithm for Secret
+
[RFC3645] S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead, and R. Hall. Generic Security Service Algorithm for Secret
                        Key Transaction Authentication for DNS
                        (GSS-TSIG). October 2003. 

 

@@ -312,19 +312,19 @@
 

 DNS Security Proposed Standards

 

-
[RFC3225] D. Conrad. Indicating Resolver Support of DNSSEC. December 2001. 

+
[RFC3225] D. Conrad. Indicating Resolver Support of DNSSEC. December 2001. 

 

 

-
[RFC3833] D. Atkins and R. Austein. Threat Analysis of the Domain Name System (DNS). August 2004. 

+
[RFC3833] D. Atkins and R. Austein. Threat Analysis of the Domain Name System (DNS). August 2004. 

 

 

-
[RFC4033] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS Security Introduction and Requirements. March 2005. 

+
[RFC4033] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS Security Introduction and Requirements. March 2005. 

 

 

-
[RFC4034] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Resource Records for the DNS Security Extensions. March 2005. 

+
[RFC4034] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Resource Records for the DNS Security Extensions. March 2005. 

 

 

-
[RFC4035] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Protocol Modifications for the DNS
+
[RFC4035] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Protocol Modifications for the DNS
                        Security Extensions. March 2005. 

 

 
@@ -332,146 +332,146 @@
 
Other Important RFCs About DNS
                 Implementation

 

-
[RFC1535] E. Gavron. A Security Problem and Proposed Correction With Widely
+
[RFC1535] E. Gavron. A Security Problem and Proposed Correction With Widely
                   Deployed DNS Software.. October 1993. 

 

 

-
[RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation
+
[RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation
                   Errors and Suggested Fixes. October 1993. 

 

 

-
[RFC1982] R. Elz and R. Bush. Serial Number Arithmetic. August 1996. 

+
[RFC1982] R. Elz and R. Bush. Serial Number Arithmetic. August 1996. 

 

 

-
[RFC4074] Y. Morishita and T. Jinmei. Common Misbehaviour Against DNS
+
[RFC4074] Y. Morishita and T. Jinmei. Common Misbehaviour Against DNS
                 Queries for IPv6 Addresses. May 2005. 

 

 
 

 
Resource Record Types

 

-
[RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris. New DNS RR Definitions. October 1990. 

+
[RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris. New DNS RR Definitions. October 1990. 

 

 

-
[RFC1706] B. Manning and R. Colella. DNS NSAP Resource Records. October 1994. 

+
[RFC1706] B. Manning and R. Colella. DNS NSAP Resource Records. October 1994. 

 

 

-
[RFC2168] R. Daniel and M. Mealling. Resolution of Uniform Resource Identifiers using
+
[RFC2168] R. Daniel and M. Mealling. Resolution of Uniform Resource Identifiers using
                   the Domain Name System. June 1997. 

 

 

-
[RFC1876] C. Davis, P. Vixie, T., and I. Dickinson. A Means for Expressing Location Information in the
+
[RFC1876] C. Davis, P. Vixie, T., and I. Dickinson. A Means for Expressing Location Information in the
                   Domain
                   Name System. January 1996. 

 

 

-
[RFC2052] A. Gulbrandsen and P. Vixie. A DNS RR for Specifying the
+
[RFC2052] A. Gulbrandsen and P. Vixie. A DNS RR for Specifying the
                   Location of
                   Services.. October 1996. 

 

 

-
[RFC2163] A. Allocchio. Using the Internet DNS to
+
[RFC2163] A. Allocchio. Using the Internet DNS to
                   Distribute MIXER
                   Conformant Global Address Mapping. January 1998. 

 

 

-
[RFC2230] R. Atkinson. Key Exchange Delegation Record for the DNS. October 1997. 

+
[RFC2230] R. Atkinson. Key Exchange Delegation Record for the DNS. October 1997. 

 

 

-
[RFC2536] D. Eastlake, 3rd. DSA KEYs and SIGs in the Domain Name System (DNS). March 1999. 

+
[RFC2536] D. Eastlake, 3rd. DSA KEYs and SIGs in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2537] D. Eastlake, 3rd. RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). March 1999. 

+
[RFC2537] D. Eastlake, 3rd. RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2538] D. Eastlake, 3rd and O. Gudmundsson. Storing Certificates in the Domain Name System (DNS). March 1999. 

+
[RFC2538] D. Eastlake, 3rd and O. Gudmundsson. Storing Certificates in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2539] D. Eastlake, 3rd. Storage of Diffie-Hellman Keys in the Domain Name System (DNS). March 1999. 

+
[RFC2539] D. Eastlake, 3rd. Storage of Diffie-Hellman Keys in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2540] D. Eastlake, 3rd. Detached Domain Name System (DNS) Information. March 1999. 

+
[RFC2540] D. Eastlake, 3rd. Detached Domain Name System (DNS) Information. March 1999. 

 

 

-
[RFC2782] A. Gulbrandsen. P. Vixie. L. Esibov. A DNS RR for specifying the location of services (DNS SRV). February 2000. 

+
[RFC2782] A. Gulbrandsen. P. Vixie. L. Esibov. A DNS RR for specifying the location of services (DNS SRV). February 2000. 

 

 

-
[RFC2915] M. Mealling. R. Daniel. The Naming Authority Pointer (NAPTR) DNS Resource Record. September 2000. 

+
[RFC2915] M. Mealling. R. Daniel. The Naming Authority Pointer (NAPTR) DNS Resource Record. September 2000. 

 

 

-
[RFC3110] D. Eastlake, 3rd. RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). May 2001. 

+
[RFC3110] D. Eastlake, 3rd. RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). May 2001. 

 

 

-
[RFC3123] P. Koch. A DNS RR Type for Lists of Address Prefixes (APL RR). June 2001. 

+
[RFC3123] P. Koch. A DNS RR Type for Lists of Address Prefixes (APL RR). June 2001. 

 

 

-
[RFC3596] S. Thomson, C. Huitema, V. Ksinant, and M. Souissi. DNS Extensions to support IP
+
[RFC3596] S. Thomson, C. Huitema, V. Ksinant, and M. Souissi. DNS Extensions to support IP
                   version 6. October 2003. 

 

 

-
[RFC3597] A. Gustafsson. Handling of Unknown DNS Resource Record (RR) Types. September 2003. 

+
[RFC3597] A. Gustafsson. Handling of Unknown DNS Resource Record (RR) Types. September 2003. 

 

 

 

 

 DNS and the Internet

 

-
[RFC1101] P. V. Mockapetris. DNS Encoding of Network Names
+
[RFC1101] P. V. Mockapetris. DNS Encoding of Network Names
                   and Other Types. April 1989. 

 

 

-
[RFC1123] Braden. Requirements for Internet Hosts - Application and
+
[RFC1123] Braden. Requirements for Internet Hosts - Application and
                   Support. October 1989. 

 

 

-
[RFC1591] J. Postel. Domain Name System Structure and Delegation. March 1994. 

+
[RFC1591] J. Postel. Domain Name System Structure and Delegation. March 1994. 

 

 

-
[RFC2317] H. Eidnes, G. de Groot, and P. Vixie. Classless IN-ADDR.ARPA Delegation. March 1998. 

+
[RFC2317] H. Eidnes, G. de Groot, and P. Vixie. Classless IN-ADDR.ARPA Delegation. March 1998. 

 

 

-
[RFC2826] Internet Architecture Board. IAB Technical Comment on the Unique DNS Root. May 2000. 

+
[RFC2826] Internet Architecture Board. IAB Technical Comment on the Unique DNS Root. May 2000. 

 

 

-
[RFC2929] D. Eastlake, 3rd, E. Brunner-Williams, and B. Manning. Domain Name System (DNS) IANA Considerations. September 2000. 

+
[RFC2929] D. Eastlake, 3rd, E. Brunner-Williams, and B. Manning. Domain Name System (DNS) IANA Considerations. September 2000. 

 

 

 

 

 DNS Operations

 

-
[RFC1033] M. Lottor. Domain administrators operations guide.. November 1987. 

+
[RFC1033] M. Lottor. Domain administrators operations guide.. November 1987. 

 

 

-
[RFC1537] P. Beertema. Common DNS Data File
+
[RFC1537] P. Beertema. Common DNS Data File
                   Configuration Errors. October 1993. 

 

 

-
[RFC1912] D. Barr. Common DNS Operational and
+
[RFC1912] D. Barr. Common DNS Operational and
                   Configuration Errors. February 1996. 

 

 

-
[RFC2010] B. Manning and P. Vixie. Operational Criteria for Root Name Servers.. October 1996. 

+
[RFC2010] B. Manning and P. Vixie. Operational Criteria for Root Name Servers.. October 1996. 

 

 

-
[RFC2219] M. Hamilton and R. Wright. Use of DNS Aliases for
+
[RFC2219] M. Hamilton and R. Wright. Use of DNS Aliases for
                   Network Services.. October 1997. 

 

 

 

 
Internationalized Domain Names

 

-
[RFC2825] IAB and R. Daigle. A Tangled Web: Issues of I18N, Domain Names,
+
[RFC2825] IAB and R. Daigle. A Tangled Web: Issues of I18N, Domain Names,
                        and the Other Internet protocols. May 2000. 

 

 

-
[RFC3490] P. Faltstrom, P. Hoffman, and A. Costello. Internationalizing Domain Names in Applications (IDNA). March 2003. 

+
[RFC3490] P. Faltstrom, P. Hoffman, and A. Costello. Internationalizing Domain Names in Applications (IDNA). March 2003. 

 

 

-
[RFC3491] P. Hoffman and M. Blanchet. Nameprep: A Stringprep Profile for Internationalized Domain Names. March 2003. 

+
[RFC3491] P. Hoffman and M. Blanchet. Nameprep: A Stringprep Profile for Internationalized Domain Names. March 2003. 

 

 

-
[RFC3492] A. Costello. Punycode: A Bootstring encoding of Unicode
+
[RFC3492] A. Costello. Punycode: A Bootstring encoding of Unicode
                        for Internationalized Domain Names in
                        Applications (IDNA). March 2003. 

 

@@ -487,47 +487,47 @@
                 

 

 

-
[RFC1464] R. Rosenbaum. Using the Domain Name System To Store Arbitrary String
+
[RFC1464] R. Rosenbaum. Using the Domain Name System To Store Arbitrary String
                   Attributes. May 1993. 

 

 

-
[RFC1713] A. Romao. Tools for DNS Debugging. November 1994. 

+
[RFC1713] A. Romao. Tools for DNS Debugging. November 1994. 

 

 

-
[RFC1794] T. Brisco. DNS Support for Load
+
[RFC1794] T. Brisco. DNS Support for Load
                   Balancing. April 1995. 

 

 

-
[RFC2240] O. Vaughan. A Legal Basis for Domain Name Allocation. November 1997. 

+
[RFC2240] O. Vaughan. A Legal Basis for Domain Name Allocation. November 1997. 

 

 

-
[RFC2345] J. Klensin, T. Wolf, and G. Oglesby. Domain Names and Company Name Retrieval. May 1998. 

+
[RFC2345] J. Klensin, T. Wolf, and G. Oglesby. Domain Names and Company Name Retrieval. May 1998. 

 

 

-
[RFC2352] O. Vaughan. A Convention For Using Legal Names as Domain Names. May 1998. 

+
[RFC2352] O. Vaughan. A Convention For Using Legal Names as Domain Names. May 1998. 

 

 

-
[RFC3071] J. Klensin. Reflections on the DNS, RFC 1591, and Categories of Domains. February 2001. 

+
[RFC3071] J. Klensin. Reflections on the DNS, RFC 1591, and Categories of Domains. February 2001. 

 

 

-
[RFC3258] T. Hardie. Distributing Authoritative Name Servers via
+
[RFC3258] T. Hardie. Distributing Authoritative Name Servers via
                        Shared Unicast Addresses. April 2002. 

 

 

-
[RFC3901] A. Durand and J. Ihren. DNS IPv6 Transport Operational Guidelines. September 2004. 

+
[RFC3901] A. Durand and J. Ihren. DNS IPv6 Transport Operational Guidelines. September 2004. 

 

 
 

 
Obsolete and Unimplemented Experimental RFC

 

-
[RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. DNS Encoding of Geographical
+
[RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. DNS Encoding of Geographical
                   Location. November 1994. 

 

 

-
[RFC2673] M. Crawford. Binary Labels in the Domain Name System. August 1999. 

+
[RFC2673] M. Crawford. Binary Labels in the Domain Name System. August 1999. 

 

 

-
[RFC2874] M. Crawford and C. Huitema. DNS Extensions to Support IPv6 Address Aggregation
+
[RFC2874] M. Crawford and C. Huitema. DNS Extensions to Support IPv6 Address Aggregation
                        and Renumbering. July 2000. 

 

 

@@ -541,39 +541,39 @@
                 

 
 

-
[RFC2065] D. Eastlake, 3rd and C. Kaufman. Domain Name System Security Extensions. January 1997. 

+
[RFC2065] D. Eastlake, 3rd and C. Kaufman. Domain Name System Security Extensions. January 1997. 

 

 

-
[RFC2137] D. Eastlake, 3rd. Secure Domain Name System Dynamic Update. April 1997. 

+
[RFC2137] D. Eastlake, 3rd. Secure Domain Name System Dynamic Update. April 1997. 

 

 

-
[RFC2535] D. Eastlake, 3rd. Domain Name System Security Extensions. March 1999. 

+
[RFC2535] D. Eastlake, 3rd. Domain Name System Security Extensions. March 1999. 

 

 

-
[RFC3008] B. Wellington. Domain Name System Security (DNSSEC)
+
[RFC3008] B. Wellington. Domain Name System Security (DNSSEC)
                        Signing Authority. November 2000. 

 

 

-
[RFC3090] E. Lewis. DNS Security Extension Clarification on Zone Status. March 2001. 

+
[RFC3090] E. Lewis. DNS Security Extension Clarification on Zone Status. March 2001. 

 

 

-
[RFC3445] D. Massey and S. Rose. Limiting the Scope of the KEY Resource Record (RR). December 2002. 

+
[RFC3445] D. Massey and S. Rose. Limiting the Scope of the KEY Resource Record (RR). December 2002. 

 

 

-
[RFC3655] B. Wellington and O. Gudmundsson. Redefinition of DNS Authenticated Data (AD) bit. November 2003. 

+
[RFC3655] B. Wellington and O. Gudmundsson. Redefinition of DNS Authenticated Data (AD) bit. November 2003. 

 

 

-
[RFC3658] O. Gudmundsson. Delegation Signer (DS) Resource Record (RR). December 2003. 

+
[RFC3658] O. Gudmundsson. Delegation Signer (DS) Resource Record (RR). December 2003. 

 

 

-
[RFC3755] S. Weiler. Legacy Resolver Compatibility for Delegation Signer (DS). May 2004. 

+
[RFC3755] S. Weiler. Legacy Resolver Compatibility for Delegation Signer (DS). May 2004. 

 

 

-
[RFC3757] O. Kolkman, J. Schlyter, and E. Lewis. Domain Name System KEY (DNSKEY) Resource Record
+
[RFC3757] O. Kolkman, J. Schlyter, and E. Lewis. Domain Name System KEY (DNSKEY) Resource Record
                       (RR) Secure Entry Point (SEP) Flag. April 2004. 

 

 

-
[RFC3845] J. Schlyter. DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format. August 2004. 

+
[RFC3845] J. Schlyter. DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format. August 2004. 

 

 
 
@@ -594,14 +594,14 @@
 
 

 

-Other Documents About BIND
+Other Documents About BIND
 

 

 

 

-Bibliography

+Bibliography

 

-
Paul Albitz and Cricket Liu. DNS and BIND. Copyright  1998 Sebastopol, CA: O'Reilly and Associates. 

+
Paul Albitz and Cricket Liu. DNS and BIND. Copyright  1998 Sebastopol, CA: O'Reilly and Associates. 

 

 
 
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 1d45adf2fe..313bdbb07a 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -157,28 +157,28 @@
 
server Statement Definition and
             Usage

 
statistics-channels Statement Grammar

-
statistics-channels Statement Definition and
+
statistics-channels Statement Definition and
             Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
             and Usage

-
managed-keys Statement Grammar

-
managed-keys Statement Definition
+
managed-keys Statement Grammar

+
managed-keys Statement Definition
             and Usage

 
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage

 
zone
             Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

 
-
Zone File

+
Zone File

 

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 
Additional File Formats

 

 
BIND9 Statistics

@@ -187,31 +187,31 @@
 
7. BIND 9 Security Considerations

 

 
Access Control Lists

-
Chroot and Setuid

+
Chroot and Setuid

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

 
8. Troubleshooting

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 
A. Appendices

 

-
Acknowledgments

+
Acknowledgments

 
A Brief History of the DNS and BIND

-
General DNS Reference Information

+
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

 
I. Manual pages

diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html
index 7f54b3b95f..277661d281 100644
--- a/doc/arm/man.ddns-confgen.html
+++ b/doc/arm/man.ddns-confgen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -48,7 +48,7 @@
 
ddns-confgen  [-a algorithm] [-h] [-k keyname] [-r randomfile] [ -s name  |   -z zone ] [-q] [name]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
ddns-confgen
       generates a key for use by nsupdate
       and named.  It simplifies configuration
@@ -75,7 +75,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -142,7 +142,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
nsupdate(1),
       named.conf(5),
       named(8),
@@ -150,7 +150,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index 2160379fc1..bd264f72c8 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -52,7 +52,7 @@
 
dig  [global-queryopt...] [query...]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dig
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -98,7 +98,7 @@
     

 

 

-
SIMPLE USAGE

+
SIMPLE USAGE

 

       A typical invocation of dig looks like:
       

@@ -144,7 +144,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

       The -b option sets the source IP address of the query
       to address.  This must be a valid
@@ -248,7 +248,7 @@
     

 

 

-
QUERY OPTIONS

+
QUERY OPTIONS

 
dig
       provides a number of query options which affect
       the way in which lookups are made and the results displayed.  Some of
@@ -573,7 +573,7 @@
     

 

 

-
MULTIPLE QUERIES

+
MULTIPLE QUERIES

 

       The BIND 9 implementation of dig 
       supports
@@ -619,7 +619,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
IDN SUPPORT

+
IDN SUPPORT

 

       If dig has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
@@ -633,14 +633,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 
${HOME}/.digrc
     

 

 

-
SEE ALSO

+
SEE ALSO

 
host(1),
       named(8),
       dnssec-keygen(8),
@@ -648,7 +648,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
BUGS

+
BUGS

 

       There are probably too many query options.
     

diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html
index 122e2b1c06..93f1d9e647 100644
--- a/doc/arm/man.dnssec-dsfromkey.html
+++ b/doc/arm/man.dnssec-dsfromkey.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -51,14 +51,14 @@
 
dnssec-dsfromkey  {-s} [-1] [-2] [-a alg] [-K directory] [-l domain] [-s] [-c class] [-f file] [-A] [-v level] {dnsname}

 

 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-dsfromkey
       outputs the Delegation Signer (DS) resource record (RR), as defined in
       RFC 3658 and RFC 4509, for the given key(s).
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-1

 

@@ -119,7 +119,7 @@
 

 

 

-
EXAMPLE

+
EXAMPLE

 

       To build the SHA-256 DS RR from the
       Kexample.com.+003+26160
@@ -134,7 +134,7 @@
     

 

 

-
FILES

+
FILES

 

       The keyfile can be designed by the key identification
       Knnnn.+aaa+iiiii or the full file name
@@ -148,13 +148,13 @@
     

 

 

-
CAVEAT

+
CAVEAT

 

       A keyfile error can give a "file not found" even if the file exists.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -164,7 +164,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html
index 177f31a54c..f27814b2a5 100644
--- a/doc/arm/man.dnssec-keyfromlabel.html
+++ b/doc/arm/man.dnssec-keyfromlabel.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-keyfromlabel  {-l label} [-3] [-a algorithm] [-A date/offset] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-I date/offset] [-k] [-K directory] [-n nametype] [-P date/offset] [-p protocol] [-R date/offset] [-t type] [-v level] {name}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keyfromlabel
       gets keys with the given label from a crypto hardware and builds
       key files for DNSSEC (Secure DNS), as defined in RFC 2535
@@ -63,7 +63,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -174,7 +174,7 @@
 

 

 

-
TIMING OPTIONS

+
TIMING OPTIONS

 

       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -221,7 +221,7 @@
 

 
 

-
GENERATED KEY FILES

+
GENERATED KEY FILES

 

       When dnssec-keyfromlabel completes
       successfully,
@@ -260,7 +260,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -268,7 +268,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 48e1cb51ba..ae24160d57 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-keygen  [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-E engine] [-e] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-K directory] [-k] [-P date/offset] [-p protocol] [-q] [-R date/offset] [-r randomdev] [-s strength] [-t type] [-v level] [-z] {name}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keygen
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC 4034.  It can also generate keys for use with
@@ -64,7 +64,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -256,7 +256,7 @@
 

 

 

-
TIMING OPTIONS

+
TIMING OPTIONS

 

       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -303,7 +303,7 @@
 

 
 

-
GENERATED KEYS

+
GENERATED KEYS

 

       When dnssec-keygen completes
       successfully,
@@ -349,7 +349,7 @@
     

 

 

-
EXAMPLE

+
EXAMPLE

 

       To generate a 768-bit DSA key for the domain
       example.com, the following command would be
@@ -370,7 +370,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
       RFC 2539,
@@ -379,7 +379,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html
index 983af7bc8c..4f0d4c7229 100644
--- a/doc/arm/man.dnssec-revoke.html
+++ b/doc/arm/man.dnssec-revoke.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-revoke  [-hr] [-v level] [-K directory] [-E engine] [-f] {keyfile}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-revoke
       reads a DNSSEC key file, sets the REVOKED bit on the key as defined
       in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-h

 

@@ -91,14 +91,14 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       BIND 9 Administrator Reference Manual,
       RFC 5011.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html
index 0236dc0bdd..faef38b678 100644
--- a/doc/arm/man.dnssec-settime.html
+++ b/doc/arm/man.dnssec-settime.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-settime  [-f] [-K directory] [-P date/offset] [-A date/offset] [-R date/offset] [-I date/offset] [-D date/offset] [-h] [-v level] [-E engine] {keyfile}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-settime
       reads a DNSSEC private key file and sets the key timing metadata
       as specified by the -P, -A,
@@ -75,7 +75,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-f

 

@@ -106,7 +106,7 @@
 

 

 

-
TIMING OPTIONS

+
TIMING OPTIONS

 

       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -151,7 +151,7 @@
 

 
 

-
PRINTING OPTIONS

+
PRINTING OPTIONS

 

       dnssec-settime can also be used to print the
       timing metadata associated with a key.
@@ -177,7 +177,7 @@
 

 
 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -185,7 +185,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index 5ce500d3c7..12772703fe 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-signzone  [-a] [-c class] [-d directory] [-E engine] [-e end-time] [-f output-file] [-g] [-h] [-K directory] [-k key] [-l domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-p] [-P] [-r randomdev] [-S] [-s start-time] [-T ttl] [-t] [-u] [-v level] [-x] [-z] [-3 salt] [-H iterations] [-A] {zonefile} [key...]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-signzone
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -397,7 +397,7 @@
 

 

 

-
EXAMPLE

+
EXAMPLE

 

       The following command signs the example.com
       zone with the DSA key generated by dnssec-keygen
@@ -427,14 +427,14 @@ db.example.com.signed
 %
 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       BIND 9 Administrator Reference Manual,
       RFC 4033.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html
index 3a0f1c912c..6c881f4fcb 100644
--- a/doc/arm/man.host.html
+++ b/doc/arm/man.host.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
host  [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] {name} [server]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
host
       is a simple utility for performing DNS lookups.
       It is normally used to convert names to IP addresses and vice versa.
@@ -202,7 +202,7 @@
     

 

 

-
IDN SUPPORT

+
IDN SUPPORT

 

       If host has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names. 
@@ -216,12 +216,12 @@
     

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dig(1),
       named(8).
     

diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index f4f8ea67fb..bb8b999ad3 100644
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,14 +50,14 @@
 
named-checkconf  [-h] [-v] [-j] [-t directory] {filename} [-p] [-z]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkconf
       checks the syntax, but not the semantics, of a named
       configuration file.
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-h

 

@@ -96,21 +96,21 @@
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkconf
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       named-checkzone(8),
       BIND 9 Administrator Reference Manual.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html
index 5bec81bde9..fc43f61f9c 100644
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -51,7 +51,7 @@
 
named-compilezone  [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkzone
       checks the syntax and integrity of a zone file.  It performs the
       same checks as named does when loading a
@@ -71,7 +71,7 @@
      

 

 

-
OPTIONS

+
OPTIONS

 

 
-d

 

@@ -257,14 +257,14 @@
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkzone
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       named-checkconf(8),
       RFC 1035,
@@ -272,7 +272,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index 58d36a164d..65844bd9e9 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
named  [-4] [-6] [-c config-file] [-d debug-level] [-E engine-name] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-u user] [-v] [-V] [-x cache-file]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
named
       is a Domain Name System (DNS) server,
       part of the BIND 9 distribution from ISC.  For more
@@ -65,7 +65,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-4

 

@@ -246,7 +246,7 @@
 

 

 

-
SIGNALS

+
SIGNALS

 

       In routine operation, signals should not be used to control
       the nameserver; rndc should be used
@@ -267,7 +267,7 @@
     

 

 

-
CONFIGURATION

+
CONFIGURATION

 

       The named configuration file is too complex
       to describe in detail here.  A complete description is provided
@@ -284,7 +284,7 @@
     

 

 

-
FILES

+
FILES

 

 
/etc/named.conf

 

@@ -297,7 +297,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
RFC 1033,
       RFC 1034,
       RFC 1035,
@@ -310,7 +310,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index 5262a3283e..baf332c4ff 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
nsupdate  [-d] [-D] [[-g] |  [-o] |  [-l] |  [-y [hmac:]keyname:secret] |  [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [filename]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
nsupdate
       is used to submit Dynamic DNS Update requests as defined in RFC 2136
       to a name server.
@@ -210,7 +210,7 @@
     

 

 

-
INPUT FORMAT

+
INPUT FORMAT

 
nsupdate
       reads input from
       filename
@@ -474,7 +474,7 @@
     

 

 

-
EXAMPLES

+
EXAMPLES

 

       The examples below show how
       nsupdate
@@ -528,7 +528,7 @@
     

 

 

-
FILES

+
FILES

 

 
/etc/resolv.conf

 

@@ -551,7 +551,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 

       RFC 2136,
       RFC 3007,
@@ -566,7 +566,7 @@
     

 

 

-
BUGS

+
BUGS

 

       The TSIG key is redundantly stored in two separate files.
       This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index ae70fb761e..280f18ddf6 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
rndc-confgen  [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
rndc-confgen
       generates configuration files
       for rndc.  It can be used as a
@@ -66,7 +66,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -173,7 +173,7 @@
 

 

 

-
EXAMPLES

+
EXAMPLES

 

       To allow rndc to be used with
       no manual configuration, run
@@ -190,7 +190,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc.conf(5),
       named(8),
@@ -198,7 +198,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index 4d418ece22..2294d2f3bc 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
rndc.conf 

 
 

-
DESCRIPTION

+
DESCRIPTION

 
rndc.conf is the configuration file
       for rndc, the BIND 9 name server control
       utility.  This file has a similar structure and syntax to
@@ -135,7 +135,7 @@
     

 

 

-
EXAMPLE

+
EXAMPLE

 
       options {
         default-server  localhost;
@@ -209,7 +209,7 @@
     

 

 

-
NAME SERVER CONFIGURATION

+
NAME SERVER CONFIGURATION

 

       The name server must be configured to accept rndc connections and
       to recognize the key specified in the rndc.conf
@@ -219,7 +219,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc-confgen(8),
       mmencode(1),
@@ -227,7 +227,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index 7367778e9b..115fe74e5a 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
rndc  [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
rndc
       controls the operation of a name
       server.  It supersedes the ndc utility
@@ -79,7 +79,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-b source-address

 

@@ -151,7 +151,7 @@
     

 

 

-
LIMITATIONS

+
LIMITATIONS

 
rndc
       does not yet support all the commands of
       the BIND 8 ndc utility.
@@ -165,7 +165,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc.conf(5),
       rndc-confgen(8),
       named(8),
@@ -175,7 +175,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 


From 9a050780dce1bf3cbe81bd18404df3e79c146583 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Thu, 5 Nov 2009 01:57:49 +0000
Subject: [PATCH 26/87] 2750.	[bug]		dig: assertion failure could
 occur when a server 			didn't have an address. [RT #20579]

---
 CHANGES           | 3 +++
 bin/dig/dighost.c | 6 ++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index ba301734ab..814b9f8cc1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2750.	[bug]		dig: assertion failure could occur when a server
+			didn't have an address. [RT #20579]
+
 2749.	[bug]		ixfr-from-differences generated a non-minimal ixfr
 			for NSEC3 signed zones. [RT #20452]
 
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 7b81605304..0673b99676 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.326 2009/09/15 23:48:09 tbox Exp $ */
+/* $Id: dighost.c,v 1.327 2009/11/05 01:57:49 each Exp $ */
 
 /*! \file
  *  \note
@@ -2581,13 +2581,15 @@ connect_timeout(isc_task_t *task, isc_event_t *event) {
 		cq = query->lookup->current_query;
 		if (!l->tcp_mode)
 			send_udp(ISC_LIST_NEXT(cq, link));
-		else {
+		else if (query->sock != NULL) {
 			isc_socket_cancel(query->sock, NULL,
 					  ISC_SOCKCANCEL_ALL);
 			isc_socket_detach(&query->sock);
 			sockcount--;
 			debug("sockcount=%d", sockcount);
 			send_tcp_connect(ISC_LIST_NEXT(cq, link));
+		} else {
+			send_tcp_connect(ISC_LIST_NEXT(cq, link));
 		}
 		UNLOCK_LOOKUP;
 		return;

From 052e7083acefb30af8d776b3eb27b5a147b689ac Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 5 Nov 2009 02:59:04 +0000
Subject: [PATCH 27/87] correct bind9.xsl.h dependancy

---
 bin/named/Makefile.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index 8898a24797..235126a072 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.107 2009/10/05 17:30:49 fdupont Exp $
+# $Id: Makefile.in,v 1.108 2009/11/05 02:59:04 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -145,7 +145,7 @@ docclean manclean maintainer-clean::
 clean distclean maintainer-clean::
 	rm -f ${TARGETS} ${OBJS} bind.keys.h
 
-bind9.xsl.h: bind9.xsl convertxsl.pl
+bind9.xsl.h: bind9.xsl ${srcdir}/convertxsl.pl
 	${PERL} ${srcdir}/convertxsl.pl < ${srcdir}/bind9.xsl > bind9.xsl.h
 
 depend: bind9.xsl.h

From d586a9b72f6d85e6402dd84b1b8016c93d39b664 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 5 Nov 2009 04:49:48 +0000
Subject: [PATCH 28/87] file test.sh was initially added on branch rt20438.


From 2a81568d17c12e08b03f2eab2c224af91d80d7a4 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Thu, 5 Nov 2009 19:12:13 +0000
Subject: [PATCH 29/87] filter-aaaa-on-v4 was listed incorrectly in the options
 summary. also the configure option which enables it was wrong.

---
 doc/arm/Bv9ARM-book.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index bda1ffc4a9..3c63f46d6b 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   BIND 9 Administrator Reference Manual
 
@@ -5001,7 +5001,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
      random-device path_name ; 
      max-cache-size size_spec ; 
      match-mapped-addresses yes_or_no; 
-     disable-aaaa-on-v4-transport ( yes_or_no | break-dnssec ); 
+     filter-aaaa-on-v4 ( yes_or_no | break-dnssec ); 
      preferred-glue ( A | AAAA | NONE ); 
      edns-udp-size number; 
      max-udp-size number; 
@@ -6240,7 +6240,7 @@ options {
                 
                   This option is only available when
                   BIND 9 is compiled with the
-                  --with-filter-aaaa option on the
+                  --enable-filter-aaaa option on the
                   "configure" command line.  It is intended to help the
                   transition from IPv4 to IPv6 by not giving IPv6 addresses
                   to DNS clients unless they have connections to the IPv6

From ca97301c37567064984e9744cd6d62af525565e3 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Thu, 5 Nov 2009 21:45:05 +0000
Subject: [PATCH 30/87] remove extra \n from a log message

---
 lib/dns/zone.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 319c93e1c7..3fe2477d42 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.524 2009/11/04 01:25:55 marka Exp $ */
+/* $Id: zone.c,v 1.525 2009/11/05 21:45:05 each Exp $ */
 
 /*! \file */
 
@@ -2320,7 +2320,7 @@ zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param) {
 		for (i = 0; i < nsec3param->salt_length; i++)
 			sprintf(&saltbuf[i*2], "%02X", nsec3chain->salt[i]);
 	dns_zone_log(zone, ISC_LOG_INFO,
-		     "zone_addnsec3chain(%u,%s,%u,%s)\n",
+		     "zone_addnsec3chain(%u,%s,%u,%s)",
 		      nsec3param->hash, flags, nsec3param->iterations,
 		      saltbuf);
 	for (current = ISC_LIST_HEAD(zone->nsec3chain);

From 6f6f08b7a4ea50806099b23ca97010195c1365cd Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Fri, 6 Nov 2009 01:06:38 +0000
Subject: [PATCH 31/87] 2751.	[bug]		Fixed a memory leak in
 dnssec-keyfromlabel. [RT #20588]

---
 CHANGES                          |  2 ++
 bin/dnssec/dnssec-keyfromlabel.c | 10 +++++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index 814b9f8cc1..8ab0d22d89 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2751.	[bug]		Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
+
 2750.	[bug]		dig: assertion failure could occur when a server
 			didn't have an address. [RT #20579]
 
diff --git a/bin/dnssec/dnssec-keyfromlabel.c b/bin/dnssec/dnssec-keyfromlabel.c
index ed88a37445..44207790ed 100644
--- a/bin/dnssec/dnssec-keyfromlabel.c
+++ b/bin/dnssec/dnssec-keyfromlabel.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-keyfromlabel.c,v 1.25 2009/10/27 18:56:48 each Exp $ */
+/* $Id: dnssec-keyfromlabel.c,v 1.26 2009/11/06 01:06:38 each Exp $ */
 
 /*! \file */
 
@@ -197,7 +197,7 @@ main(int argc, char **argv) {
 			options |= DST_TYPE_KEY;
 			break;
 		case 'l':
-			label = isc_commandline_argument;
+			label = isc_mem_strdup(mctx, isc_commandline_argument);
 			break;
 		case 'n':
 			nametype = isc_commandline_argument;
@@ -320,8 +320,11 @@ main(int argc, char **argv) {
 		int len;
 
 		len = strlen(label) + strlen(engine) + 2;
-		l = isc_mem_get(mctx, len);
+		l = isc_mem_allocate(mctx, len);
+		if (l == NULL)
+			fatal("cannot allocate memory");
 		snprintf(l, len, "%s:%s", engine, label);
+		isc_mem_free(mctx, label);
 		label = l;
 	}
 
@@ -525,6 +528,7 @@ main(int argc, char **argv) {
 	dns_name_destroy();
 	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);
+	isc_mem_free(mctx, label);
 	isc_mem_destroy(&mctx);
 
 	return (0);

From cd0df9459e87097d01fc6c0de0a283c7e8d3c401 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Fri, 6 Nov 2009 01:14:51 +0000
Subject: [PATCH 32/87] regen

---
 doc/arm/Bv9ARM.ch06.html             |  96 +++++++-------
 doc/arm/Bv9ARM.ch07.html             |  14 +--
 doc/arm/Bv9ARM.ch08.html             |  18 +--
 doc/arm/Bv9ARM.ch09.html             | 180 +++++++++++++--------------
 doc/arm/Bv9ARM.html                  |  46 +++----
 doc/arm/man.ddns-confgen.html        |  10 +-
 doc/arm/man.dig.html                 |  20 +--
 doc/arm/man.dnssec-dsfromkey.html    |  16 +--
 doc/arm/man.dnssec-keyfromlabel.html |  14 +--
 doc/arm/man.dnssec-keygen.html       |  16 +--
 doc/arm/man.dnssec-revoke.html       |  10 +-
 doc/arm/man.dnssec-settime.html      |  14 +--
 doc/arm/man.dnssec-signzone.html     |  12 +-
 doc/arm/man.host.html                |  10 +-
 doc/arm/man.named-checkconf.html     |  12 +-
 doc/arm/man.named-checkzone.html     |  12 +-
 doc/arm/man.named.html               |  16 +--
 doc/arm/man.nsupdate.html            |  14 +--
 doc/arm/man.rndc-confgen.html        |  12 +-
 doc/arm/man.rndc.conf.html           |  12 +-
 doc/arm/man.rndc.html                |  12 +-
 21 files changed, 283 insertions(+), 283 deletions(-)

diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 6cbe3b0bec..387a978a7d 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -78,28 +78,28 @@
 
server Statement Definition and
             Usage

 
statistics-channels Statement Grammar

-
statistics-channels Statement Definition and
+
statistics-channels Statement Definition and
             Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
             and Usage

-
managed-keys Statement Grammar

-
managed-keys Statement Definition
+
managed-keys Statement Grammar

+
managed-keys Statement Definition
             and Usage

 
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage

 
zone
             Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

 
-
Zone File

+
Zone File

 

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 
Additional File Formats

 

 
BIND9 Statistics

@@ -2221,7 +2221,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
     [ random-device path_name ; ]
     [ max-cache-size size_spec ; ]
     [ match-mapped-addresses yes_or_no; ]
-    [ disable-aaaa-on-v4-transport ( yes_or_no | break-dnssec ); ]
+    [ filter-aaaa-on-v4 ( yes_or_no | break-dnssec ); ]
     [ preferred-glue ( A | AAAA | NONE ); ]
     [ edns-udp-size number; ]
     [ max-udp-size number; ]
@@ -3214,7 +3214,7 @@ options {
 

                   This option is only available when
                   BIND 9 is compiled with the
-                  --with-filter-aaaa option on the
+                  --enable-filter-aaaa option on the
                   "configure" command line.  It is intended to help the
                   transition from IPv4 to IPv6 by not giving IPv6 addresses
                   to DNS clients unless they have connections to the IPv6
@@ -3478,7 +3478,7 @@ options {
 

 

 

-Forwarding

+Forwarding

 

             The forwarding facility can be used to create a large site-wide
             cache on a few servers, reducing traffic over links to external
@@ -3522,7 +3522,7 @@ options {
 
 

 

-Dual-stack Servers

+Dual-stack Servers

 

             Dual-stack servers are used as servers of last resort to work
             around
@@ -3719,7 +3719,7 @@ options {
 
 

 

-Interfaces

+Interfaces

 

             The interfaces and ports that the server will answer queries
             from may be specified using the listen-on option. listen-on takes
@@ -4171,7 +4171,7 @@ avoid-v6-udp-ports {};
 
 

 

-UDP Port Lists

+UDP Port Lists

 

             use-v4-udp-ports,
             avoid-v4-udp-ports,
@@ -4213,7 +4213,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 
 

 

-Operating System Resource Limits

+Operating System Resource Limits

 

             The server's usage of many system resources can be limited.
             Scaled values are allowed when specifying resource limits.  For
@@ -4375,7 +4375,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 
 

 

-Periodic Task Intervals

+Periodic Task Intervals

 

 
cleaning-interval

 

@@ -5171,7 +5171,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 

 

 

-Content Filtering

+Content Filtering

 

             BIND 9 provides the ability to filter
             out DNS responses from external DNS servers containing
@@ -5501,7 +5501,7 @@ deny-answer-aliases { "example.net"; };
 
 

 

-statistics-channels Statement Definition and
+statistics-channels Statement Definition and
             Usage

 

           The statistics-channels statement
@@ -5552,7 +5552,7 @@ deny-answer-aliases { "example.net"; };
 

 

 

-trusted-keys Statement Grammar

+trusted-keys Statement Grammar

 
trusted-keys {
     string number number number string ;
     [ string number number number string ; [...]]
@@ -5561,7 +5561,7 @@ deny-answer-aliases { "example.net"; };
 
 

 

-trusted-keys Statement Definition
+trusted-keys Statement Definition
             and Usage

 

             The trusted-keys statement defines
@@ -5601,7 +5601,7 @@ deny-answer-aliases { "example.net"; };
 

 

 

-managed-keys Statement Grammar

+managed-keys Statement Grammar

 
managed-keys {
     string initial-key number number number string ;
     [ string initial-key number number number string ; [...]]
@@ -5610,7 +5610,7 @@ deny-answer-aliases { "example.net"; };
 
 

 

-managed-keys Statement Definition
+managed-keys Statement Definition
             and Usage

 

             The managed-keys statement, like 
@@ -5736,7 +5736,7 @@ deny-answer-aliases { "example.net"; };
 

 

 

-view Statement Definition and Usage

+view Statement Definition and Usage

 

             The view statement is a powerful
             feature
@@ -6016,10 +6016,10 @@ zone zone_name [
 

 

-zone Statement Definition and Usage

+zone Statement Definition and Usage

 

 

-Zone Types

+Zone Types

 

 
 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
@@ -6230,7 +6230,7 @@ zone zone_name [
 

 

-Class

+Class

 

               The zone's name may optionally be followed by a class. If
               a class is not specified, class IN (for Internet),
@@ -6252,7 +6252,7 @@ zone zone_name [
 

 

-Zone Options

+Zone Options

 

 
allow-notify

 

@@ -6922,7 +6922,7 @@ zone zone_name [
 

 

-Zone File

+Zone File

 

 

 Types of Resource Records and When to Use Them

@@ -6935,7 +6935,7 @@ zone zone_name [
 

 

-Resource Records

+Resource Records

 

               A domain name identifies a node.  Each node has a set of
               resource information, which may be empty.  The set of resource
@@ -7672,7 +7672,7 @@ zone zone_name [
 

 

-Textual expression of RRs

+Textual expression of RRs

 

               RRs are represented in binary form in the packets of the DNS
               protocol, and are usually represented in highly encoded form
@@ -7875,7 +7875,7 @@ zone zone_name [
 

 

-Discussion of MX Records

+Discussion of MX Records

 

             As described above, domain servers store information as a
             series of resource records, each of which contains a particular
@@ -8131,7 +8131,7 @@ zone zone_name [
 

 

-Inverse Mapping in IPv4

+Inverse Mapping in IPv4

 

             Reverse name resolution (that is, translation from IP address
             to name) is achieved by means of the in-addr.arpa domain
@@ -8192,7 +8192,7 @@ zone zone_name [
 

 

-Other Zone File Directives

+Other Zone File Directives

 

             The Master File Format was initially defined in RFC 1035 and
             has subsequently been extended. While the Master File Format
@@ -8207,7 +8207,7 @@ zone zone_name [
 

 

-The @ (at-sign)

+The @ (at-sign)

 

               When used in the label (or name) field, the asperand or
               at-sign (@) symbol represents the current origin.
@@ -8218,7 +8218,7 @@ zone zone_name [
 

 

-The $ORIGIN Directive

+The $ORIGIN Directive

 

               Syntax: $ORIGIN
               domain-name
@@ -8247,7 +8247,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $INCLUDE Directive

+The $INCLUDE Directive

 

               Syntax: $INCLUDE
               filename
@@ -8283,7 +8283,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $TTL Directive

+The $TTL Directive

 

               Syntax: $TTL
               default-ttl
@@ -8302,7 +8302,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-BIND Master File Extension: the  $GENERATE Directive

+BIND Master File Extension: the  $GENERATE Directive

 

             Syntax: $GENERATE
             range
@@ -8726,7 +8726,7 @@ HOST-127.EXAMPLE. MX 0 .
           

 

 

-Name Server Statistics Counters

+Name Server Statistics Counters

 

 
 

@@ -9283,7 +9283,7 @@ HOST-127.EXAMPLE. MX 0 .
 
 

 

-Zone Maintenance Statistics Counters

+Zone Maintenance Statistics Counters

 

 
 

@@ -9437,7 +9437,7 @@ HOST-127.EXAMPLE. MX 0 .
 
 

 

-Resolver Statistics Counters

+Resolver Statistics Counters

 

 
 

@@ -9820,7 +9820,7 @@ HOST-127.EXAMPLE. MX 0 .
 
 

 

-Socket I/O Statistics Counters

+Socket I/O Statistics Counters

 

               Socket I/O statistics counters are defined per socket
               types, which are
@@ -9975,7 +9975,7 @@ HOST-127.EXAMPLE. MX 0 .
 
 

 

-Compatibility with BIND 8 Counters

+Compatibility with BIND 8 Counters

 

               Most statistics counters that were available
               in BIND 8 are also supported in
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 1649df4c84..d63e74336d 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -46,10 +46,10 @@
 
Table of Contents

 

 
Access Control Lists

-
Chroot and Setuid

+
Chroot and Setuid

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

@@ -122,7 +122,7 @@ zone "example.com" {
 
 

 

-Chroot and Setuid
+Chroot and Setuid
 

 

           On UNIX servers, it is possible to run BIND
@@ -148,7 +148,7 @@ zone "example.com" {
         

 

 

-The chroot Environment

+The chroot Environment

 

             In order for a chroot environment
             to
@@ -176,7 +176,7 @@ zone "example.com" {
 
 

 

-Using the setuid Function

+Using the setuid Function

 

             Prior to running the named daemon,
             use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 23b225b4b1..356ce95b02 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,18 +45,18 @@
 

 
Table of Contents

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 

 

 

-Common Problems

+Common Problems

 

 

-It's not working; how can I figure out what's wrong?

+It's not working; how can I figure out what's wrong?

 

             The best solution to solving installation and
             configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
 
 

 

-Incrementing and Changing the Serial Number

+Incrementing and Changing the Serial Number

 

           Zone serial numbers are just numbers — they aren't
           date related.  A lot of people set them to a number that
@@ -95,7 +95,7 @@
 
 

 

-Where Can I Get Help?

+Where Can I Get Help?

 

           The Internet Systems Consortium
           (ISC) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 4c6bdd575b..7cbef3ff74 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,21 +45,21 @@
 

 
Table of Contents

 

-
Acknowledgments

+
Acknowledgments

 
A Brief History of the DNS and BIND

-
General DNS Reference Information

+
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

 

 

 

-Acknowledgments

+Acknowledgments

 

 

 A Brief History of the DNS and BIND
@@ -162,7 +162,7 @@
 

 

 

-General DNS Reference Information

+General DNS Reference Information

 

 

 IPv6 addresses (AAAA)

@@ -250,17 +250,17 @@
           

 

 

-Bibliography

+Bibliography

 

 
Standards

 

-
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

+
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

 

 

-
[RFC1034] P.V. Mockapetris. Domain Names — Concepts and Facilities. November 1987. 

+
[RFC1034] P.V. Mockapetris. Domain Names — Concepts and Facilities. November 1987. 

 

 

-
[RFC1035] P. V. Mockapetris. Domain Names — Implementation and
+
[RFC1035] P. V. Mockapetris. Domain Names — Implementation and
                   Specification. November 1987. 

 

 

@@ -268,42 +268,42 @@
 

 Proposed Standards

 

-
[RFC2181] R., R. Bush Elz. Clarifications to the DNS
+
[RFC2181] R., R. Bush Elz. Clarifications to the DNS
                   Specification. July 1997. 

 

 

-
[RFC2308] M. Andrews. Negative Caching of DNS
+
[RFC2308] M. Andrews. Negative Caching of DNS
                   Queries. March 1998. 

 

 

-
[RFC1995] M. Ohta. Incremental Zone Transfer in DNS. August 1996. 

+
[RFC1995] M. Ohta. Incremental Zone Transfer in DNS. August 1996. 

 

 

-
[RFC1996] P. Vixie. A Mechanism for Prompt Notification of Zone Changes. August 1996. 

+
[RFC1996] P. Vixie. A Mechanism for Prompt Notification of Zone Changes. August 1996. 

 

 

-
[RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic Updates in the Domain Name System. April 1997. 

+
[RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic Updates in the Domain Name System. April 1997. 

 

 

-
[RFC2671] P. Vixie. Extension Mechanisms for DNS (EDNS0). August 1997. 

+
[RFC2671] P. Vixie. Extension Mechanisms for DNS (EDNS0). August 1997. 

 

 

-
[RFC2672] M. Crawford. Non-Terminal DNS Name Redirection. August 1999. 

+
[RFC2672] M. Crawford. Non-Terminal DNS Name Redirection. August 1999. 

 

 

-
[RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington. Secret Key Transaction Authentication for DNS (TSIG). May 2000. 

+
[RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington. Secret Key Transaction Authentication for DNS (TSIG). May 2000. 

 

 

-
[RFC2930] D. Eastlake, 3rd. Secret Key Establishment for DNS (TKEY RR). September 2000. 

+
[RFC2930] D. Eastlake, 3rd. Secret Key Establishment for DNS (TKEY RR). September 2000. 

 

 

-
[RFC2931] D. Eastlake, 3rd. DNS Request and Transaction Signatures (SIG(0)s). September 2000. 

+
[RFC2931] D. Eastlake, 3rd. DNS Request and Transaction Signatures (SIG(0)s). September 2000. 

 

 

-
[RFC3007] B. Wellington. Secure Domain Name System (DNS) Dynamic Update. November 2000. 

+
[RFC3007] B. Wellington. Secure Domain Name System (DNS) Dynamic Update. November 2000. 

 

 

-
[RFC3645] S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead, and R. Hall. Generic Security Service Algorithm for Secret
+
[RFC3645] S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead, and R. Hall. Generic Security Service Algorithm for Secret
                        Key Transaction Authentication for DNS
                        (GSS-TSIG). October 2003. 

 

@@ -312,19 +312,19 @@
 

 DNS Security Proposed Standards

 

-
[RFC3225] D. Conrad. Indicating Resolver Support of DNSSEC. December 2001. 

+
[RFC3225] D. Conrad. Indicating Resolver Support of DNSSEC. December 2001. 

 

 

-
[RFC3833] D. Atkins and R. Austein. Threat Analysis of the Domain Name System (DNS). August 2004. 

+
[RFC3833] D. Atkins and R. Austein. Threat Analysis of the Domain Name System (DNS). August 2004. 

 

 

-
[RFC4033] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS Security Introduction and Requirements. March 2005. 

+
[RFC4033] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS Security Introduction and Requirements. March 2005. 

 

 

-
[RFC4034] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Resource Records for the DNS Security Extensions. March 2005. 

+
[RFC4034] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Resource Records for the DNS Security Extensions. March 2005. 

 

 

-
[RFC4035] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Protocol Modifications for the DNS
+
[RFC4035] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Protocol Modifications for the DNS
                        Security Extensions. March 2005. 

 

 
@@ -332,146 +332,146 @@
 
Other Important RFCs About DNS
                 Implementation

 

-
[RFC1535] E. Gavron. A Security Problem and Proposed Correction With Widely
+
[RFC1535] E. Gavron. A Security Problem and Proposed Correction With Widely
                   Deployed DNS Software.. October 1993. 

 

 

-
[RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation
+
[RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation
                   Errors and Suggested Fixes. October 1993. 

 

 

-
[RFC1982] R. Elz and R. Bush. Serial Number Arithmetic. August 1996. 

+
[RFC1982] R. Elz and R. Bush. Serial Number Arithmetic. August 1996. 

 

 

-
[RFC4074] Y. Morishita and T. Jinmei. Common Misbehaviour Against DNS
+
[RFC4074] Y. Morishita and T. Jinmei. Common Misbehaviour Against DNS
                 Queries for IPv6 Addresses. May 2005. 

 

 
 

 
Resource Record Types

 

-
[RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris. New DNS RR Definitions. October 1990. 

+
[RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris. New DNS RR Definitions. October 1990. 

 

 

-
[RFC1706] B. Manning and R. Colella. DNS NSAP Resource Records. October 1994. 

+
[RFC1706] B. Manning and R. Colella. DNS NSAP Resource Records. October 1994. 

 

 

-
[RFC2168] R. Daniel and M. Mealling. Resolution of Uniform Resource Identifiers using
+
[RFC2168] R. Daniel and M. Mealling. Resolution of Uniform Resource Identifiers using
                   the Domain Name System. June 1997. 

 

 

-
[RFC1876] C. Davis, P. Vixie, T., and I. Dickinson. A Means for Expressing Location Information in the
+
[RFC1876] C. Davis, P. Vixie, T., and I. Dickinson. A Means for Expressing Location Information in the
                   Domain
                   Name System. January 1996. 

 

 

-
[RFC2052] A. Gulbrandsen and P. Vixie. A DNS RR for Specifying the
+
[RFC2052] A. Gulbrandsen and P. Vixie. A DNS RR for Specifying the
                   Location of
                   Services.. October 1996. 

 

 

-
[RFC2163] A. Allocchio. Using the Internet DNS to
+
[RFC2163] A. Allocchio. Using the Internet DNS to
                   Distribute MIXER
                   Conformant Global Address Mapping. January 1998. 

 

 

-
[RFC2230] R. Atkinson. Key Exchange Delegation Record for the DNS. October 1997. 

+
[RFC2230] R. Atkinson. Key Exchange Delegation Record for the DNS. October 1997. 

 

 

-
[RFC2536] D. Eastlake, 3rd. DSA KEYs and SIGs in the Domain Name System (DNS). March 1999. 

+
[RFC2536] D. Eastlake, 3rd. DSA KEYs and SIGs in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2537] D. Eastlake, 3rd. RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). March 1999. 

+
[RFC2537] D. Eastlake, 3rd. RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2538] D. Eastlake, 3rd and O. Gudmundsson. Storing Certificates in the Domain Name System (DNS). March 1999. 

+
[RFC2538] D. Eastlake, 3rd and O. Gudmundsson. Storing Certificates in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2539] D. Eastlake, 3rd. Storage of Diffie-Hellman Keys in the Domain Name System (DNS). March 1999. 

+
[RFC2539] D. Eastlake, 3rd. Storage of Diffie-Hellman Keys in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2540] D. Eastlake, 3rd. Detached Domain Name System (DNS) Information. March 1999. 

+
[RFC2540] D. Eastlake, 3rd. Detached Domain Name System (DNS) Information. March 1999. 

 

 

-
[RFC2782] A. Gulbrandsen. P. Vixie. L. Esibov. A DNS RR for specifying the location of services (DNS SRV). February 2000. 

+
[RFC2782] A. Gulbrandsen. P. Vixie. L. Esibov. A DNS RR for specifying the location of services (DNS SRV). February 2000. 

 

 

-
[RFC2915] M. Mealling. R. Daniel. The Naming Authority Pointer (NAPTR) DNS Resource Record. September 2000. 

+
[RFC2915] M. Mealling. R. Daniel. The Naming Authority Pointer (NAPTR) DNS Resource Record. September 2000. 

 

 

-
[RFC3110] D. Eastlake, 3rd. RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). May 2001. 

+
[RFC3110] D. Eastlake, 3rd. RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). May 2001. 

 

 

-
[RFC3123] P. Koch. A DNS RR Type for Lists of Address Prefixes (APL RR). June 2001. 

+
[RFC3123] P. Koch. A DNS RR Type for Lists of Address Prefixes (APL RR). June 2001. 

 

 

-
[RFC3596] S. Thomson, C. Huitema, V. Ksinant, and M. Souissi. DNS Extensions to support IP
+
[RFC3596] S. Thomson, C. Huitema, V. Ksinant, and M. Souissi. DNS Extensions to support IP
                   version 6. October 2003. 

 

 

-
[RFC3597] A. Gustafsson. Handling of Unknown DNS Resource Record (RR) Types. September 2003. 

+
[RFC3597] A. Gustafsson. Handling of Unknown DNS Resource Record (RR) Types. September 2003. 

 

 

 

 

 DNS and the Internet

 

-
[RFC1101] P. V. Mockapetris. DNS Encoding of Network Names
+
[RFC1101] P. V. Mockapetris. DNS Encoding of Network Names
                   and Other Types. April 1989. 

 

 

-
[RFC1123] Braden. Requirements for Internet Hosts - Application and
+
[RFC1123] Braden. Requirements for Internet Hosts - Application and
                   Support. October 1989. 

 

 

-
[RFC1591] J. Postel. Domain Name System Structure and Delegation. March 1994. 

+
[RFC1591] J. Postel. Domain Name System Structure and Delegation. March 1994. 

 

 

-
[RFC2317] H. Eidnes, G. de Groot, and P. Vixie. Classless IN-ADDR.ARPA Delegation. March 1998. 

+
[RFC2317] H. Eidnes, G. de Groot, and P. Vixie. Classless IN-ADDR.ARPA Delegation. March 1998. 

 

 

-
[RFC2826] Internet Architecture Board. IAB Technical Comment on the Unique DNS Root. May 2000. 

+
[RFC2826] Internet Architecture Board. IAB Technical Comment on the Unique DNS Root. May 2000. 

 

 

-
[RFC2929] D. Eastlake, 3rd, E. Brunner-Williams, and B. Manning. Domain Name System (DNS) IANA Considerations. September 2000. 

+
[RFC2929] D. Eastlake, 3rd, E. Brunner-Williams, and B. Manning. Domain Name System (DNS) IANA Considerations. September 2000. 

 

 

 

 

 DNS Operations

 

-
[RFC1033] M. Lottor. Domain administrators operations guide.. November 1987. 

+
[RFC1033] M. Lottor. Domain administrators operations guide.. November 1987. 

 

 

-
[RFC1537] P. Beertema. Common DNS Data File
+
[RFC1537] P. Beertema. Common DNS Data File
                   Configuration Errors. October 1993. 

 

 

-
[RFC1912] D. Barr. Common DNS Operational and
+
[RFC1912] D. Barr. Common DNS Operational and
                   Configuration Errors. February 1996. 

 

 

-
[RFC2010] B. Manning and P. Vixie. Operational Criteria for Root Name Servers.. October 1996. 

+
[RFC2010] B. Manning and P. Vixie. Operational Criteria for Root Name Servers.. October 1996. 

 

 

-
[RFC2219] M. Hamilton and R. Wright. Use of DNS Aliases for
+
[RFC2219] M. Hamilton and R. Wright. Use of DNS Aliases for
                   Network Services.. October 1997. 

 

 

 

 
Internationalized Domain Names

 

-
[RFC2825] IAB and R. Daigle. A Tangled Web: Issues of I18N, Domain Names,
+
[RFC2825] IAB and R. Daigle. A Tangled Web: Issues of I18N, Domain Names,
                        and the Other Internet protocols. May 2000. 

 

 

-
[RFC3490] P. Faltstrom, P. Hoffman, and A. Costello. Internationalizing Domain Names in Applications (IDNA). March 2003. 

+
[RFC3490] P. Faltstrom, P. Hoffman, and A. Costello. Internationalizing Domain Names in Applications (IDNA). March 2003. 

 

 

-
[RFC3491] P. Hoffman and M. Blanchet. Nameprep: A Stringprep Profile for Internationalized Domain Names. March 2003. 

+
[RFC3491] P. Hoffman and M. Blanchet. Nameprep: A Stringprep Profile for Internationalized Domain Names. March 2003. 

 

 

-
[RFC3492] A. Costello. Punycode: A Bootstring encoding of Unicode
+
[RFC3492] A. Costello. Punycode: A Bootstring encoding of Unicode
                        for Internationalized Domain Names in
                        Applications (IDNA). March 2003. 

 

@@ -487,47 +487,47 @@
                 

 

 

-
[RFC1464] R. Rosenbaum. Using the Domain Name System To Store Arbitrary String
+
[RFC1464] R. Rosenbaum. Using the Domain Name System To Store Arbitrary String
                   Attributes. May 1993. 

 

 

-
[RFC1713] A. Romao. Tools for DNS Debugging. November 1994. 

+
[RFC1713] A. Romao. Tools for DNS Debugging. November 1994. 

 

 

-
[RFC1794] T. Brisco. DNS Support for Load
+
[RFC1794] T. Brisco. DNS Support for Load
                   Balancing. April 1995. 

 

 

-
[RFC2240] O. Vaughan. A Legal Basis for Domain Name Allocation. November 1997. 

+
[RFC2240] O. Vaughan. A Legal Basis for Domain Name Allocation. November 1997. 

 

 

-
[RFC2345] J. Klensin, T. Wolf, and G. Oglesby. Domain Names and Company Name Retrieval. May 1998. 

+
[RFC2345] J. Klensin, T. Wolf, and G. Oglesby. Domain Names and Company Name Retrieval. May 1998. 

 

 

-
[RFC2352] O. Vaughan. A Convention For Using Legal Names as Domain Names. May 1998. 

+
[RFC2352] O. Vaughan. A Convention For Using Legal Names as Domain Names. May 1998. 

 

 

-
[RFC3071] J. Klensin. Reflections on the DNS, RFC 1591, and Categories of Domains. February 2001. 

+
[RFC3071] J. Klensin. Reflections on the DNS, RFC 1591, and Categories of Domains. February 2001. 

 

 

-
[RFC3258] T. Hardie. Distributing Authoritative Name Servers via
+
[RFC3258] T. Hardie. Distributing Authoritative Name Servers via
                        Shared Unicast Addresses. April 2002. 

 

 

-
[RFC3901] A. Durand and J. Ihren. DNS IPv6 Transport Operational Guidelines. September 2004. 

+
[RFC3901] A. Durand and J. Ihren. DNS IPv6 Transport Operational Guidelines. September 2004. 

 

 
 

 
Obsolete and Unimplemented Experimental RFC

 

-
[RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. DNS Encoding of Geographical
+
[RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. DNS Encoding of Geographical
                   Location. November 1994. 

 

 

-
[RFC2673] M. Crawford. Binary Labels in the Domain Name System. August 1999. 

+
[RFC2673] M. Crawford. Binary Labels in the Domain Name System. August 1999. 

 

 

-
[RFC2874] M. Crawford and C. Huitema. DNS Extensions to Support IPv6 Address Aggregation
+
[RFC2874] M. Crawford and C. Huitema. DNS Extensions to Support IPv6 Address Aggregation
                        and Renumbering. July 2000. 

 

 

@@ -541,39 +541,39 @@
                 

 
 

-
[RFC2065] D. Eastlake, 3rd and C. Kaufman. Domain Name System Security Extensions. January 1997. 

+
[RFC2065] D. Eastlake, 3rd and C. Kaufman. Domain Name System Security Extensions. January 1997. 

 

 

-
[RFC2137] D. Eastlake, 3rd. Secure Domain Name System Dynamic Update. April 1997. 

+
[RFC2137] D. Eastlake, 3rd. Secure Domain Name System Dynamic Update. April 1997. 

 

 

-
[RFC2535] D. Eastlake, 3rd. Domain Name System Security Extensions. March 1999. 

+
[RFC2535] D. Eastlake, 3rd. Domain Name System Security Extensions. March 1999. 

 

 

-
[RFC3008] B. Wellington. Domain Name System Security (DNSSEC)
+
[RFC3008] B. Wellington. Domain Name System Security (DNSSEC)
                        Signing Authority. November 2000. 

 

 

-
[RFC3090] E. Lewis. DNS Security Extension Clarification on Zone Status. March 2001. 

+
[RFC3090] E. Lewis. DNS Security Extension Clarification on Zone Status. March 2001. 

 

 

-
[RFC3445] D. Massey and S. Rose. Limiting the Scope of the KEY Resource Record (RR). December 2002. 

+
[RFC3445] D. Massey and S. Rose. Limiting the Scope of the KEY Resource Record (RR). December 2002. 

 

 

-
[RFC3655] B. Wellington and O. Gudmundsson. Redefinition of DNS Authenticated Data (AD) bit. November 2003. 

+
[RFC3655] B. Wellington and O. Gudmundsson. Redefinition of DNS Authenticated Data (AD) bit. November 2003. 

 

 

-
[RFC3658] O. Gudmundsson. Delegation Signer (DS) Resource Record (RR). December 2003. 

+
[RFC3658] O. Gudmundsson. Delegation Signer (DS) Resource Record (RR). December 2003. 

 

 

-
[RFC3755] S. Weiler. Legacy Resolver Compatibility for Delegation Signer (DS). May 2004. 

+
[RFC3755] S. Weiler. Legacy Resolver Compatibility for Delegation Signer (DS). May 2004. 

 

 

-
[RFC3757] O. Kolkman, J. Schlyter, and E. Lewis. Domain Name System KEY (DNSKEY) Resource Record
+
[RFC3757] O. Kolkman, J. Schlyter, and E. Lewis. Domain Name System KEY (DNSKEY) Resource Record
                       (RR) Secure Entry Point (SEP) Flag. April 2004. 

 

 

-
[RFC3845] J. Schlyter. DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format. August 2004. 

+
[RFC3845] J. Schlyter. DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format. August 2004. 

 

 
 
@@ -594,14 +594,14 @@
 
 

 

-Other Documents About BIND
+Other Documents About BIND
 

 

 

 

-Bibliography

+Bibliography

 

-
Paul Albitz and Cricket Liu. DNS and BIND. Copyright  1998 Sebastopol, CA: O'Reilly and Associates. 

+
Paul Albitz and Cricket Liu. DNS and BIND. Copyright  1998 Sebastopol, CA: O'Reilly and Associates. 

 

 
 
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 313bdbb07a..58e10f0b68 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -157,28 +157,28 @@
 
server Statement Definition and
             Usage

 
statistics-channels Statement Grammar

-
statistics-channels Statement Definition and
+
statistics-channels Statement Definition and
             Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
             and Usage

-
managed-keys Statement Grammar

-
managed-keys Statement Definition
+
managed-keys Statement Grammar

+
managed-keys Statement Definition
             and Usage

 
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage

 
zone
             Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

 
-
Zone File

+
Zone File

 

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 
Additional File Formats

 

 
BIND9 Statistics

@@ -187,31 +187,31 @@
 
7. BIND 9 Security Considerations

 

 
Access Control Lists

-
Chroot and Setuid

+
Chroot and Setuid

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

 
8. Troubleshooting

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 
A. Appendices

 

-
Acknowledgments

+
Acknowledgments

 
A Brief History of the DNS and BIND

-
General DNS Reference Information

+
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

 
I. Manual pages

diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html
index 277661d281..0e819ff7ff 100644
--- a/doc/arm/man.ddns-confgen.html
+++ b/doc/arm/man.ddns-confgen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -48,7 +48,7 @@
 
ddns-confgen  [-a algorithm] [-h] [-k keyname] [-r randomfile] [ -s name  |   -z zone ] [-q] [name]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
ddns-confgen
       generates a key for use by nsupdate
       and named.  It simplifies configuration
@@ -75,7 +75,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -142,7 +142,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
nsupdate(1),
       named.conf(5),
       named(8),
@@ -150,7 +150,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index bd264f72c8..b8d08d3f1b 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -52,7 +52,7 @@
 
dig  [global-queryopt...] [query...]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dig
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -98,7 +98,7 @@
     

 

 

-
SIMPLE USAGE

+
SIMPLE USAGE

 

       A typical invocation of dig looks like:
       

@@ -144,7 +144,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

       The -b option sets the source IP address of the query
       to address.  This must be a valid
@@ -248,7 +248,7 @@
     

 

 

-
QUERY OPTIONS

+
QUERY OPTIONS

 
dig
       provides a number of query options which affect
       the way in which lookups are made and the results displayed.  Some of
@@ -573,7 +573,7 @@
     

 

 

-
MULTIPLE QUERIES

+
MULTIPLE QUERIES

 

       The BIND 9 implementation of dig 
       supports
@@ -619,7 +619,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
IDN SUPPORT

+
IDN SUPPORT

 

       If dig has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
@@ -633,14 +633,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 
${HOME}/.digrc
     

 

 

-
SEE ALSO

+
SEE ALSO

 
host(1),
       named(8),
       dnssec-keygen(8),
@@ -648,7 +648,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
BUGS

+
BUGS

 

       There are probably too many query options.
     

diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html
index 93f1d9e647..b2e5c4fe2c 100644
--- a/doc/arm/man.dnssec-dsfromkey.html
+++ b/doc/arm/man.dnssec-dsfromkey.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -51,14 +51,14 @@
 
dnssec-dsfromkey  {-s} [-1] [-2] [-a alg] [-K directory] [-l domain] [-s] [-c class] [-f file] [-A] [-v level] {dnsname}

 

 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-dsfromkey
       outputs the Delegation Signer (DS) resource record (RR), as defined in
       RFC 3658 and RFC 4509, for the given key(s).
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-1

 

@@ -119,7 +119,7 @@
 

 

 

-
EXAMPLE

+
EXAMPLE

 

       To build the SHA-256 DS RR from the
       Kexample.com.+003+26160
@@ -134,7 +134,7 @@
     

 

 

-
FILES

+
FILES

 

       The keyfile can be designed by the key identification
       Knnnn.+aaa+iiiii or the full file name
@@ -148,13 +148,13 @@
     

 

 

-
CAVEAT

+
CAVEAT

 

       A keyfile error can give a "file not found" even if the file exists.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -164,7 +164,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html
index f27814b2a5..4ba62ebc9e 100644
--- a/doc/arm/man.dnssec-keyfromlabel.html
+++ b/doc/arm/man.dnssec-keyfromlabel.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-keyfromlabel  {-l label} [-3] [-a algorithm] [-A date/offset] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-I date/offset] [-k] [-K directory] [-n nametype] [-P date/offset] [-p protocol] [-R date/offset] [-t type] [-v level] {name}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keyfromlabel
       gets keys with the given label from a crypto hardware and builds
       key files for DNSSEC (Secure DNS), as defined in RFC 2535
@@ -63,7 +63,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -174,7 +174,7 @@
 

 

 

-
TIMING OPTIONS

+
TIMING OPTIONS

 

       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -221,7 +221,7 @@
 

 
 

-
GENERATED KEY FILES

+
GENERATED KEY FILES

 

       When dnssec-keyfromlabel completes
       successfully,
@@ -260,7 +260,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -268,7 +268,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index ae24160d57..7fdc45f9b3 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-keygen  [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-E engine] [-e] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-K directory] [-k] [-P date/offset] [-p protocol] [-q] [-R date/offset] [-r randomdev] [-s strength] [-t type] [-v level] [-z] {name}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keygen
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC 4034.  It can also generate keys for use with
@@ -64,7 +64,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -256,7 +256,7 @@
 

 

 

-
TIMING OPTIONS

+
TIMING OPTIONS

 

       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -303,7 +303,7 @@
 

 
 

-
GENERATED KEYS

+
GENERATED KEYS

 

       When dnssec-keygen completes
       successfully,
@@ -349,7 +349,7 @@
     

 

 

-
EXAMPLE

+
EXAMPLE

 

       To generate a 768-bit DSA key for the domain
       example.com, the following command would be
@@ -370,7 +370,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
       RFC 2539,
@@ -379,7 +379,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html
index 4f0d4c7229..d33d9b8cee 100644
--- a/doc/arm/man.dnssec-revoke.html
+++ b/doc/arm/man.dnssec-revoke.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-revoke  [-hr] [-v level] [-K directory] [-E engine] [-f] {keyfile}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-revoke
       reads a DNSSEC key file, sets the REVOKED bit on the key as defined
       in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-h

 

@@ -91,14 +91,14 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       BIND 9 Administrator Reference Manual,
       RFC 5011.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html
index faef38b678..99c285abf0 100644
--- a/doc/arm/man.dnssec-settime.html
+++ b/doc/arm/man.dnssec-settime.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-settime  [-f] [-K directory] [-P date/offset] [-A date/offset] [-R date/offset] [-I date/offset] [-D date/offset] [-h] [-v level] [-E engine] {keyfile}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-settime
       reads a DNSSEC private key file and sets the key timing metadata
       as specified by the -P, -A,
@@ -75,7 +75,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-f

 

@@ -106,7 +106,7 @@
 

 

 

-
TIMING OPTIONS

+
TIMING OPTIONS

 

       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -151,7 +151,7 @@
 

 
 

-
PRINTING OPTIONS

+
PRINTING OPTIONS

 

       dnssec-settime can also be used to print the
       timing metadata associated with a key.
@@ -177,7 +177,7 @@
 

 
 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -185,7 +185,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index 12772703fe..bb8f8ae8fd 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-signzone  [-a] [-c class] [-d directory] [-E engine] [-e end-time] [-f output-file] [-g] [-h] [-K directory] [-k key] [-l domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-p] [-P] [-r randomdev] [-S] [-s start-time] [-T ttl] [-t] [-u] [-v level] [-x] [-z] [-3 salt] [-H iterations] [-A] {zonefile} [key...]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-signzone
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -397,7 +397,7 @@
 

 

 

-
EXAMPLE

+
EXAMPLE

 

       The following command signs the example.com
       zone with the DSA key generated by dnssec-keygen
@@ -427,14 +427,14 @@ db.example.com.signed
 %
 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       BIND 9 Administrator Reference Manual,
       RFC 4033.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html
index 6c881f4fcb..96702f5920 100644
--- a/doc/arm/man.host.html
+++ b/doc/arm/man.host.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
host  [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] {name} [server]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
host
       is a simple utility for performing DNS lookups.
       It is normally used to convert names to IP addresses and vice versa.
@@ -202,7 +202,7 @@
     

 

 

-
IDN SUPPORT

+
IDN SUPPORT

 

       If host has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names. 
@@ -216,12 +216,12 @@
     

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dig(1),
       named(8).
     

diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index bb8b999ad3..f1315c316b 100644
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,14 +50,14 @@
 
named-checkconf  [-h] [-v] [-j] [-t directory] {filename} [-p] [-z]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkconf
       checks the syntax, but not the semantics, of a named
       configuration file.
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-h

 

@@ -96,21 +96,21 @@
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkconf
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       named-checkzone(8),
       BIND 9 Administrator Reference Manual.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html
index fc43f61f9c..b0a46d245e 100644
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -51,7 +51,7 @@
 
named-compilezone  [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkzone
       checks the syntax and integrity of a zone file.  It performs the
       same checks as named does when loading a
@@ -71,7 +71,7 @@
      

 

 

-
OPTIONS

+
OPTIONS

 

 
-d

 

@@ -257,14 +257,14 @@
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkzone
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       named-checkconf(8),
       RFC 1035,
@@ -272,7 +272,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index 65844bd9e9..0f04f878af 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
named  [-4] [-6] [-c config-file] [-d debug-level] [-E engine-name] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-u user] [-v] [-V] [-x cache-file]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
named
       is a Domain Name System (DNS) server,
       part of the BIND 9 distribution from ISC.  For more
@@ -65,7 +65,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-4

 

@@ -246,7 +246,7 @@
 

 

 

-
SIGNALS

+
SIGNALS

 

       In routine operation, signals should not be used to control
       the nameserver; rndc should be used
@@ -267,7 +267,7 @@
     

 

 

-
CONFIGURATION

+
CONFIGURATION

 

       The named configuration file is too complex
       to describe in detail here.  A complete description is provided
@@ -284,7 +284,7 @@
     

 

 

-
FILES

+
FILES

 

 
/etc/named.conf

 

@@ -297,7 +297,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
RFC 1033,
       RFC 1034,
       RFC 1035,
@@ -310,7 +310,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index baf332c4ff..ca9bb5a810 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
nsupdate  [-d] [-D] [[-g] |  [-o] |  [-l] |  [-y [hmac:]keyname:secret] |  [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [filename]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
nsupdate
       is used to submit Dynamic DNS Update requests as defined in RFC 2136
       to a name server.
@@ -210,7 +210,7 @@
     

 

 

-
INPUT FORMAT

+
INPUT FORMAT

 
nsupdate
       reads input from
       filename
@@ -474,7 +474,7 @@
     

 

 

-
EXAMPLES

+
EXAMPLES

 

       The examples below show how
       nsupdate
@@ -528,7 +528,7 @@
     

 

 

-
FILES

+
FILES

 

 
/etc/resolv.conf

 

@@ -551,7 +551,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 

       RFC 2136,
       RFC 3007,
@@ -566,7 +566,7 @@
     

 

 

-
BUGS

+
BUGS

 

       The TSIG key is redundantly stored in two separate files.
       This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index 280f18ddf6..3053b74e20 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
rndc-confgen  [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
rndc-confgen
       generates configuration files
       for rndc.  It can be used as a
@@ -66,7 +66,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -173,7 +173,7 @@
 

 

 

-
EXAMPLES

+
EXAMPLES

 

       To allow rndc to be used with
       no manual configuration, run
@@ -190,7 +190,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc.conf(5),
       named(8),
@@ -198,7 +198,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index 2294d2f3bc..c7055d5d67 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
rndc.conf 

 
 

-
DESCRIPTION

+
DESCRIPTION

 
rndc.conf is the configuration file
       for rndc, the BIND 9 name server control
       utility.  This file has a similar structure and syntax to
@@ -135,7 +135,7 @@
     

 

 

-
EXAMPLE

+
EXAMPLE

 
       options {
         default-server  localhost;
@@ -209,7 +209,7 @@
     

 

 

-
NAME SERVER CONFIGURATION

+
NAME SERVER CONFIGURATION

 

       The name server must be configured to accept rndc connections and
       to recognize the key specified in the rndc.conf
@@ -219,7 +219,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc-confgen(8),
       mmencode(1),
@@ -227,7 +227,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index 115fe74e5a..1367f8c447 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
rndc  [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
rndc
       controls the operation of a name
       server.  It supersedes the ndc utility
@@ -79,7 +79,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-b source-address

 

@@ -151,7 +151,7 @@
     

 

 

-
LIMITATIONS

+
LIMITATIONS

 
rndc
       does not yet support all the commands of
       the BIND 8 ndc utility.
@@ -165,7 +165,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc.conf(5),
       rndc-confgen(8),
       named(8),
@@ -175,7 +175,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 


From 302ed789bd97f34500ee4ba3a8329590d6453fc6 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 6 Nov 2009 01:30:06 +0000
Subject: [PATCH 33/87] 2752.   [bug]           Locking violation. [RT #20587]

---
 CHANGES        | 2 ++
 lib/dns/zone.c | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 8ab0d22d89..b6e1c5001f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2752.	[bug]		Locking violation. [RT #20587]
+
 2751.	[bug]		Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
 
 2750.	[bug]		dig: assertion failure could occur when a server
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 3fe2477d42..4eaf8c12c6 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.525 2009/11/05 21:45:05 each Exp $ */
+/* $Id: zone.c,v 1.526 2009/11/06 01:30:06 marka Exp $ */
 
 /*! \file */
 
@@ -5937,9 +5937,11 @@ zone_nsec3chain(dns_zone_t *zone) {
 		/*
 		 * Add a NSEC record except at the origin.
 		 */
-		if (!dns_name_equal(name, dns_db_origin(db)))
+		if (!dns_name_equal(name, dns_db_origin(db))) {
+			dns_dbiterator_pause(nsec3chain->dbiterator);
 			CHECK(add_nsec(db, version, name, node, zone->minimum,
 				       delegation, &nsec_diff));
+		}
 
  next_removenode:
 		first = ISC_FALSE;

From aa2f010f132f55699d580351d5d0cf80dfc75a87 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Fri, 6 Nov 2009 03:14:10 +0000
Subject: [PATCH 34/87] Switch from OpenSSL 0.9.8k to 0.9.8l

---
 README.pkcs11                                    | 16 ++++++++--------
 ...openssl-0.9.8k-patch => openssl-0.9.8l-patch} |  6 +++---
 lib/dns/win32/libdns.dsp                         |  8 ++++----
 lib/dns/win32/libdns.mak                         | 12 ++++++------
 win32utils/SetupLibs.bat                         |  4 ++--
 win32utils/win32-build.txt                       | 10 +++++-----
 6 files changed, 28 insertions(+), 28 deletions(-)
 rename bin/pkcs11/{openssl-0.9.8k-patch => openssl-0.9.8l-patch} (99%)

diff --git a/README.pkcs11 b/README.pkcs11
index 89d9be21d8..72ce281e75 100644
--- a/README.pkcs11
+++ b/README.pkcs11
@@ -47,23 +47,23 @@ choice depends on the HSM hardware:
    intensive operations.  The AEP Keyper is an example of such a device.
 
 The modified OpenSSL code is included in the BIND 9.7.0b1 release, in the
-form of a context diff against OpenSSL 0.9.8k.  Before building BIND 9
+form of a context diff against OpenSSL 0.9.8l.  Before building BIND 9
 with PKCS #11 support, it will be necessary to build OpenSSL with this
 patch in place and inform it of the path to the HSM-specific PKCS #11
 provider library.
 
-Obtain OpenSSL 0.9.8k:
+Obtain OpenSSL 0.9.8l:
 
-    wget http://www.openssl.org/source/openssl-0.9.8k.tar.gz
+    wget http://www.openssl.org/source/openssl-0.9.8l.tar.gz
 
 Extract the tarball:
 
-    tar zxf openssl-0.9.8k.tar.gz
+    tar zxf openssl-0.9.8l.tar.gz
 
 Apply the patch from the BIND 9 release:
 
-    patch -p1 -d openssl-0.9.8k \
-            < bind-9.7.0b1/bin/pkcs11/openssl-0.9.8k-patch 
+    patch -p1 -d openssl-0.9.8l \
+            < bind-9.7.0b1/bin/pkcs11/openssl-0.9.8l-patch 
 
 (Note that the patch file may not be compatible with the "patch"
 utility on all operating systems.  You may need to install GNU patch.)
@@ -92,7 +92,7 @@ We will use this location when we configure BIND 9.
 
     Finally, the Keyper library requires threads, so we must specify -pthread.
     
-        cd openssl-0.9.8k
+        cd openssl-0.9.8l
         ./Configure linux-generic32 -m32 -pthread \
             --pk11-libname=/opt/pkcs11/usr/lib/libpkcs11.so \
             --pk11-flavor=sign-only \
@@ -110,7 +110,7 @@ We will use this location when we configure BIND 9.
 
     In this example, we are building on Solaris x86 on an AMD64 system.
 
-        cd openssl-0.9.8k
+        cd openssl-0.9.8l
         ./Configure solaris64-x86_64-cc \
             --pk11-libname=/usr/lib/64/libpkcs11.so \
             --pk11-flavor=crypto-accelerator \
diff --git a/bin/pkcs11/openssl-0.9.8k-patch b/bin/pkcs11/openssl-0.9.8l-patch
similarity index 99%
rename from bin/pkcs11/openssl-0.9.8k-patch
rename to bin/pkcs11/openssl-0.9.8l-patch
index f97396a6a9..0990825ada 100644
--- a/bin/pkcs11/openssl-0.9.8k-patch
+++ b/bin/pkcs11/openssl-0.9.8l-patch
@@ -11102,7 +11102,7 @@ diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
 +++ openssl/crypto/engine/pkcs11.h	Wed Oct 24 23:27:09 2007
 @@ -0,0 +1,299 @@
 +/* pkcs11.h include file for PKCS #11. */
-+/* $Revision: 1.2 $ */
++/* $Revision: 1.1 $ */
 +
 +/* License to copy and use this software is granted provided that it is
 + * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
@@ -11406,7 +11406,7 @@ diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
 +++ openssl/crypto/engine/pkcs11f.h	Wed Oct 24 23:27:09 2007
 @@ -0,0 +1,912 @@
 +/* pkcs11f.h include file for PKCS #11. */
-+/* $Revision: 1.2 $ */
++/* $Revision: 1.1 $ */
 +
 +/* License to copy and use this software is granted provided that it is
 + * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
@@ -12323,7 +12323,7 @@ diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
 +++ openssl/crypto/engine/pkcs11t.h	Sat Aug 30 11:58:07 2008
 @@ -0,0 +1,1885 @@
 +/* pkcs11t.h include file for PKCS #11. */
-+/* $Revision: 1.2 $ */
++/* $Revision: 1.1 $ */
 +
 +/* License to copy and use this software is granted provided that it is
 + * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
diff --git a/lib/dns/win32/libdns.dsp b/lib/dns/win32/libdns.dsp
index f736b897c1..1bfc110be5 100644
--- a/lib/dns/win32/libdns.dsp
+++ b/lib/dns/win32/libdns.dsp
@@ -43,7 +43,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "BIND9" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "libdns_EXPORTS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "../../../../../openssl-0.9.8k/inc32/openssl/include" /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../isc/noatomic/include" /I "../../../../openssl-0.9.8k/inc32" /I "../../../../libxml2-2.7.3/include" /D "NDEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "../../../../../openssl-0.9.8l/inc32/openssl/include" /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../isc/noatomic/include" /I "../../../../openssl-0.9.8l/inc32" /I "../../../../libxml2-2.7.3/include" /D "NDEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /YX /FD /c
 # SUBTRACT CPP /X
 # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
 # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
@@ -54,7 +54,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../isc/win32/Release/libisc.lib ../../../../openssl-0.9.8k/out32dll/libeay32.lib /nologo /dll /machine:I386 /out:"../../../Build/Release/libdns.dll"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../isc/win32/Release/libisc.lib ../../../../openssl-0.9.8l/out32dll/libeay32.lib /nologo /dll /machine:I386 /out:"../../../Build/Release/libdns.dll"
 
 !ELSEIF  "$(CFG)" == "libdns - Win32 Debug"
 
@@ -70,7 +70,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "BIND9" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "libdns_EXPORTS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../isc/noatomic/include" /I "../../../../openssl-0.9.8k/inc32" /I "../../../../libxml2-2.7.3/include" /D "_DEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /FR /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../isc/noatomic/include" /I "../../../../openssl-0.9.8l/inc32" /I "../../../../libxml2-2.7.3/include" /D "_DEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /FR /YX /FD /GZ /c
 # SUBTRACT CPP /X
 # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
 # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
@@ -81,7 +81,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../isc/win32/debug/libisc.lib ../../../../openssl-0.9.8k/out32dll/libeay32.lib /nologo /dll /map /debug /machine:I386 /out:"../../../Build/Debug/libdns.dll" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../isc/win32/debug/libisc.lib ../../../../openssl-0.9.8l/out32dll/libeay32.lib /nologo /dll /map /debug /machine:I386 /out:"../../../Build/Debug/libdns.dll" /pdbtype:sept
 
 !ENDIF 
 
diff --git a/lib/dns/win32/libdns.mak b/lib/dns/win32/libdns.mak
index 2ae1c7cb3f..f26e89a9f4 100644
--- a/lib/dns/win32/libdns.mak
+++ b/lib/dns/win32/libdns.mak
@@ -208,7 +208,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "../../../../../openssl-0.9.8k/inc32/openssl/include" /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../../openssl-0.9.8k/inc32" /I "../../../../libxml2-2.7.3/include" /D "NDEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /Fp"$(INTDIR)\libdns.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "../../../../../openssl-0.9.8l/inc32/openssl/include" /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../../openssl-0.9.8l/inc32" /I "../../../../libxml2-2.7.3/include" /D "NDEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /Fp"$(INTDIR)\libdns.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -248,7 +248,7 @@ BSC32_FLAGS=/nologo /o"$(OUTDIR)\libdns.bsc"
 BSC32_SBRS= \
 	
 LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../isc/win32/Release/libisc.lib ../../../../openssl-0.9.8k/out32dll/libeay32.lib /nologo /dll /incremental:no /pdb:"$(OUTDIR)\libdns.pdb" /machine:I386 /def:".\libdns.def" /out:"../../../Build/Release/libdns.dll" /implib:"$(OUTDIR)\libdns.lib" 
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../isc/win32/Release/libisc.lib ../../../../openssl-0.9.8l/out32dll/libeay32.lib /nologo /dll /incremental:no /pdb:"$(OUTDIR)\libdns.pdb" /machine:I386 /def:".\libdns.def" /out:"../../../Build/Release/libdns.dll" /implib:"$(OUTDIR)\libdns.lib" 
 DEF_FILE= \
 	".\libdns.def"
 LINK32_OBJS= \
@@ -538,7 +538,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../../openssl-0.9.8k/inc32" /I "../../../../libxml2-2.7.3/include" /D "_DEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\libdns.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../../openssl-0.9.8l/inc32" /I "../../../../libxml2-2.7.3/include" /D "_DEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\libdns.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -663,7 +663,7 @@ BSC32_SBRS= \
 <<
 
 LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../isc/win32/debug/libisc.lib ../../../../openssl-0.9.8k/out32dll/libeay32.lib /nologo /dll /incremental:yes /pdb:"$(OUTDIR)\libdns.pdb" /map:"$(INTDIR)\libdns.map" /debug /machine:I386 /def:".\libdns.def" /out:"../../../Build/Debug/libdns.dll" /implib:"$(OUTDIR)\libdns.lib" /pdbtype:sept 
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../isc/win32/debug/libisc.lib ../../../../openssl-0.9.8l/out32dll/libeay32.lib /nologo /dll /incremental:yes /pdb:"$(OUTDIR)\libdns.pdb" /map:"$(INTDIR)\libdns.map" /debug /machine:I386 /def:".\libdns.def" /out:"../../../Build/Debug/libdns.dll" /implib:"$(OUTDIR)\libdns.lib" /pdbtype:sept 
 DEF_FILE= \
 	".\libdns.def"
 LINK32_OBJS= \
@@ -970,7 +970,7 @@ SOURCE=..\dispatch.c
 
 !IF  "$(CFG)" == "libdns - Win32 Release"
 
-CPP_SWITCHES=/nologo /MD /W3 /GX /O2 /I "../../../../../openssl-0.9.8k/inc32/openssl/include" /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../isc/noatomic/include" /I "../../../../openssl-0.9.8k/inc32" /I "../../../../libxml2-2.7.3/include" /D "NDEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /Fp"$(INTDIR)\libdns.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_SWITCHES=/nologo /MD /W3 /GX /O2 /I "../../../../../openssl-0.9.8l/inc32/openssl/include" /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../isc/noatomic/include" /I "../../../../openssl-0.9.8l/inc32" /I "../../../../libxml2-2.7.3/include" /D "NDEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /Fp"$(INTDIR)\libdns.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 "$(INTDIR)\dispatch.obj" : $(SOURCE) "$(INTDIR)"
 	$(CPP) @<<
@@ -980,7 +980,7 @@ CPP_SWITCHES=/nologo /MD /W3 /GX /O2 /I "../../../../../openssl-0.9.8k/inc32/ope
 
 !ELSEIF  "$(CFG)" == "libdns - Win32 Debug"
 
-CPP_SWITCHES=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../isc/noatomic/include" /I "../../../../openssl-0.9.8k/inc32" /I "../../../../libxml2-2.7.3/include" /D "_DEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\libdns.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_SWITCHES=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../isc/noatomic/include" /I "../../../../openssl-0.9.8l/inc32" /I "../../../../libxml2-2.7.3/include" /D "_DEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\libdns.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 
 "$(INTDIR)\dispatch.obj"	"$(INTDIR)\dispatch.sbr" : $(SOURCE) "$(INTDIR)"
 	$(CPP) @<<
diff --git a/win32utils/SetupLibs.bat b/win32utils/SetupLibs.bat
index b1b8f2738e..d2dd7ca1cd 100644
--- a/win32utils/SetupLibs.bat
+++ b/win32utils/SetupLibs.bat
@@ -20,8 +20,8 @@ rem This script may be modified by updateopenssl.pl and/or updatelibxml2.pl.
 
 echo Copying the OpenSSL DLL.
 
-copy ..\..\openssl-0.9.8k\out32dll\libeay32.dll ..\Build\Release\
-copy ..\..\openssl-0.9.8k\out32dll\libeay32.dll ..\Build\Debug\
+copy ..\..\openssl-0.9.8l\out32dll\libeay32.dll ..\Build\Release\
+copy ..\..\openssl-0.9.8l\out32dll\libeay32.dll ..\Build\Debug\
 
 echo Copying the libxml DLL.
 
diff --git a/win32utils/win32-build.txt b/win32utils/win32-build.txt
index 5f005b1de9..08b1e6f922 100644
--- a/win32utils/win32-build.txt
+++ b/win32utils/win32-build.txt
@@ -2,7 +2,7 @@ Copyright (C) 2004, 2005, 2008, 2009  Internet Systems Consortium, Inc. ("ISC")
 Copyright (C) 2001, 2002  Internet Software Consortium.
 See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
 
-$Id: win32-build.txt,v 1.18 2009/10/12 16:41:13 each Exp $
+$Id: win32-build.txt,v 1.19 2009/11/06 03:14:10 each Exp $
 
        BIND 9.7 for Win32 Source Build Instructions.  02-Jul-2009
 
@@ -54,21 +54,21 @@ Step 1: Download and build OpenSSL
 Download and untar the OpenSSL sources from http://www.openssl.org/.
 Extract them at in the same directory in which you extracted the BIND9
 source:  If BIND9 is in \build\bind-9.7.0, for instance, OpenSSL should be
-in \build\openssl-0.9.8k (subject to version number changes).
+in \build\openssl-0.9.8l (subject to version number changes).
 
 Note: Building OpenSSL requires that you install Perl as it uses
 it during its build process. The following commands work as of
-openssl-0.9.8k, but you should check the OpenSSL distribution 
+openssl-0.9.8l, but you should check the OpenSSL distribution 
 to see if the build instructions have changed:
 
-  cd openssl-0.9.8k
+  cd openssl-0.9.8l
   perl Configure VC-WIN32 --prefix=c:/openssl
   ms\do_masm
   nmake /f ms\ntdll.mak
 
 If you wish to use PKCS #11 to control a cryptographic hardware service
 module, please see bind9\README.pkcs11.  You will need to apply the patch
-in bind9\bin\pkcs11\openssl-0.9.8k-patch (this can be done using the Cygwin
+in bind9\bin\pkcs11\openssl-0.9.8l-patch (this can be done using the Cygwin
 'patch' utility) and add --pk11-libname and --pk11-flavor to the Configure
 command above.
 

From c1bfa5b0ad6a031b0a3038207938897128a241b4 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Fri, 6 Nov 2009 03:26:59 +0000
Subject: [PATCH 35/87] 2753.	[bug]		Removed an unnecessary warning
 that could appear when 			building an NSEC chain. [RT
 #20588]

---
 CHANGES         | 3 +++
 lib/dns/rbtdb.c | 7 +------
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/CHANGES b/CHANGES
index b6e1c5001f..2ec43ff45b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2753.	[bug]		Removed an unnecessary warning that could appear when
+			building an NSEC chain. [RT #20588]
+
 2752.	[bug]		Locking violation. [RT #20587]
 
 2751.	[bug]		Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index ee7161c77b..1833335a7e 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rbtdb.c,v 1.285 2009/10/27 23:47:45 tbox Exp $ */
+/* $Id: rbtdb.c,v 1.286 2009/11/06 03:26:59 each Exp $ */
 
 /*! \file */
 
@@ -6204,11 +6204,6 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 			nsecnode->nsec = DNS_RBT_NSEC_NSEC;
 			rbtnode->nsec = DNS_RBT_NSEC_HAS_NSEC;
 		} else if (result == ISC_R_EXISTS) {
-			isc_log_write(dns_lctx,
-				      DNS_LOGCATEGORY_DATABASE,
-				      DNS_LOGMODULE_CACHE,
-				      ISC_LOG_ERROR,
-				      "addrdataset: node lied about NSEC");
 			rbtnode->nsec = DNS_RBT_NSEC_HAS_NSEC;
 			result = ISC_R_SUCCESS;
 		}

From 7963a67df0bd8f4cea292228dbe1060fbb924dc7 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 6 Nov 2009 04:12:15 +0000
Subject: [PATCH 36/87] address statement not reached warning

---
 lib/dns/cache.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/dns/cache.c b/lib/dns/cache.c
index 9752836f96..1538a53cd4 100644
--- a/lib/dns/cache.c
+++ b/lib/dns/cache.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: cache.c,v 1.85 2009/09/01 00:22:26 jinmei Exp $ */
+/* $Id: cache.c,v 1.86 2009/11/06 04:12:15 marka Exp $ */
 
 /*! \file */
 
@@ -482,11 +482,11 @@ dns_cache_dump(dns_cache_t *cache) {
 	result = dns_master_dump(cache->mctx, cache->db, NULL,
 				 &dns_master_style_cache, cache->filename);
 	UNLOCK(&cache->filelock);
+	return (result);
 #else
 	return (ISC_R_NOTIMPLEMENTED);
 #endif
 
-	return (result);
 }
 
 void

From df1599d0e120028e4786142d30592f3e8ea5d28d Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 6 Nov 2009 04:19:28 +0000
Subject: [PATCH 37/87] address initialization type mismatch warning

---
 lib/dns/ecdb.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/dns/ecdb.c b/lib/dns/ecdb.c
index cb36edb7c3..450b9d872b 100644
--- a/lib/dns/ecdb.c
+++ b/lib/dns/ecdb.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: ecdb.c,v 1.3 2009/09/02 23:48:02 tbox Exp $ */
+/* $Id: ecdb.c,v 1.4 2009/11/06 04:19:28 marka Exp $ */
 
 #include "config.h"
 
@@ -498,11 +498,11 @@ deleterdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 }
 
 static isc_result_t
-createiterator(dns_db_t *db, isc_boolean_t relative_names,
+createiterator(dns_db_t *db, unsigned int options,
 	       dns_dbiterator_t **iteratorp)
 {
 	UNUSED(db);
-	UNUSED(relative_names);
+	UNUSED(options);
 	UNUSED(iteratorp);
 
 	return (ISC_R_NOTIMPLEMENTED);

From cc3ed192b030ccf9a903a4a7c8667cda8ad23eeb Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Fri, 6 Nov 2009 08:38:56 +0000
Subject: [PATCH 38/87] 2754.	[bug]		Secure-to-insecure transitions
 failed when zone 			was signed with NSEC3. [RT #20587]

---
 CHANGES            | 3 +++
 bin/named/update.c | 7 ++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index 2ec43ff45b..dd11d75f41 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2754.	[bug]		Secure-to-insecure transitions failed when zone
+			was signed with NSEC3. [RT #20587]
+
 2753.	[bug]		Removed an unnecessary warning that could appear when
 			building an NSEC chain. [RT #20588]
 
diff --git a/bin/named/update.c b/bin/named/update.c
index 140c8493af..0c82ebbf86 100644
--- a/bin/named/update.c
+++ b/bin/named/update.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: update.c,v 1.166 2009/10/27 05:42:25 marka Exp $ */
+/* $Id: update.c,v 1.167 2009/11/06 08:38:56 each Exp $ */
 
 #include 
 
@@ -3043,14 +3043,15 @@ check_dnssec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
 	CHECK(dns_nsec_nseconly(db, ver, &flag));
 
 	if (flag)
-		CHECK(dns_nsec3_activex(db, ver, ISC_FALSE, privatetype, &flag));
+		CHECK(dns_nsec3_activex(db, ver, ISC_FALSE,
+					privatetype, &flag));
 	if (flag) {
 		update_log(client, zone, ISC_LOG_WARNING,
 			   "NSEC only DNSKEYs and NSEC3 chains not allowed");
 	} else {
 		CHECK(get_iterations(db, ver, privatetype, &iterations));
 		CHECK(dns_nsec3_maxiterations(db, ver, client->mctx, &max));
-		if (iterations > max) {
+		if (max != 0 && iterations > max) {
 			flag = ISC_TRUE;
 			update_log(client, zone, ISC_LOG_WARNING,
 				   "too many NSEC3 iterations (%u) for "

From 8433da5e37dd759d56d4db257fffe0e20a6d05f1 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Fri, 6 Nov 2009 18:54:48 +0000
Subject: [PATCH 39/87] fix misspelling of queryport-pool-updateinterval in
 options list

---
 doc/arm/Bv9ARM-book.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 3c63f46d6b..d3beaddbb7 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   BIND 9 Administrator Reference Manual
 
@@ -4939,7 +4939,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
          port ( ip_port | * )  ) ; 
      use-queryport-pool yes_or_no; 
      queryport-pool-ports number; 
-     queryport-pool-interval number; 
+     queryport-pool-updateinterval number; 
      max-transfer-time-in number; 
      max-transfer-time-out number; 
      max-transfer-idle-in number; 
@@ -8875,7 +8875,7 @@ deny-answer-aliases { "example.net"; };
                       port ( ip_port | * ) ; 
      use-queryport-pool yes_or_no; 
      queryport-pool-ports number; 
-     queryport-pool-interval number; 
+     queryport-pool-updateinterval number; 
 };
 
 

From 3594635af7c6fedb2893ad1a9df4935bd0234a47 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Fri, 6 Nov 2009 21:36:43 +0000
Subject: [PATCH 40/87] add placeholder

---
 CHANGES | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGES b/CHANGES
index dd11d75f41..da093af352 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2755.	[placeholder]
+
 2754.	[bug]		Secure-to-insecure transitions failed when zone
 			was signed with NSEC3. [RT #20587]
 

From 6f0cdcbfbc8d5ccfa133e7ec1da3e20182789813 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Fri, 6 Nov 2009 23:18:40 +0000
Subject: [PATCH 41/87] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index f5f05b4587..0e76642256 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -277,6 +277,7 @@ rt20438				new	marka	// 2009-10-28 03:27 +0000
 rt20452				new	marka	// 2009-10-30 23:27 +0000
 rt20453				new	marka	// 2009-10-23 12:52 +0000
 rt20474				new	each	// 2009-10-27 05:30 +0000
+rt20526				new	each	// 2009-11-06 22:50 +0000
 rt20541				new	marka	// 2009-10-30 02:28 +0000
 shane_dbbackend			open	
 skan				open	explorer

From b3c2030de4cc02b8e881ca4e6f62b385d4b41b0f Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Sat, 7 Nov 2009 01:14:41 +0000
Subject: [PATCH 42/87] regen

---
 doc/arm/Bv9ARM.ch06.html             | 16 ++++++++--------
 doc/arm/Bv9ARM.ch07.html             | 14 +++++++-------
 doc/arm/Bv9ARM.ch08.html             | 18 +++++++++---------
 doc/arm/Bv9ARM.ch09.html             |  6 +++---
 doc/arm/Bv9ARM.html                  | 18 +++++++++---------
 doc/arm/man.ddns-confgen.html        | 10 +++++-----
 doc/arm/man.dig.html                 |  8 ++++----
 doc/arm/man.dnssec-keyfromlabel.html | 14 +++++++-------
 doc/arm/man.dnssec-keygen.html       | 16 ++++++++--------
 doc/arm/man.dnssec-revoke.html       | 10 +++++-----
 doc/arm/man.dnssec-settime.html      | 14 +++++++-------
 doc/arm/man.dnssec-signzone.html     | 12 ++++++------
 doc/arm/man.named-checkconf.html     | 12 ++++++------
 doc/arm/man.named-checkzone.html     | 12 ++++++------
 doc/arm/man.named.html               | 16 ++++++++--------
 doc/arm/man.nsupdate.html            | 14 +++++++-------
 doc/arm/man.rndc-confgen.html        | 12 ++++++------
 doc/arm/man.rndc.conf.html           | 12 ++++++------
 doc/arm/man.rndc.html                | 12 ++++++------
 19 files changed, 123 insertions(+), 123 deletions(-)

diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 387a978a7d..9f29f39889 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -2159,7 +2159,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
         [ port ( ip_port | * ) ] ) ; ]
     [ use-queryport-pool yes_or_no; ]
     [ queryport-pool-ports number; ]
-    [ queryport-pool-interval number; ]
+    [ queryport-pool-updateinterval number; ]
     [ max-transfer-time-in number; ]
     [ max-transfer-time-out number; ]
     [ max-transfer-idle-in number; ]
@@ -5316,7 +5316,7 @@ deny-answer-aliases { "example.net"; };
                      [ port ( ip_port | * ) ]; ]
     [ use-queryport-pool yes_or_no; ]
     [ queryport-pool-ports number; ]
-    [ queryport-pool-interval number; ]
+    [ queryport-pool-updateinterval number; ]
 };
 
 

@@ -8726,7 +8726,7 @@ HOST-127.EXAMPLE. MX 0 .
           

 

 

-Name Server Statistics Counters

+Name Server Statistics Counters

 

 
 

@@ -9283,7 +9283,7 @@ HOST-127.EXAMPLE. MX 0 .
 
 

 

-Zone Maintenance Statistics Counters

+Zone Maintenance Statistics Counters

 

 
 

@@ -9437,7 +9437,7 @@ HOST-127.EXAMPLE. MX 0 .
 
 

 

-Resolver Statistics Counters

+Resolver Statistics Counters

 

 
 

@@ -9820,7 +9820,7 @@ HOST-127.EXAMPLE. MX 0 .
 
 

 

-Socket I/O Statistics Counters

+Socket I/O Statistics Counters

 

               Socket I/O statistics counters are defined per socket
               types, which are
@@ -9975,7 +9975,7 @@ HOST-127.EXAMPLE. MX 0 .
 
 

 

-Compatibility with BIND 8 Counters

+Compatibility with BIND 8 Counters

 

               Most statistics counters that were available
               in BIND 8 are also supported in
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index d63e74336d..94bd04a7a5 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -46,10 +46,10 @@
 
Table of Contents

 

 
Access Control Lists

-
Chroot and Setuid

+
Chroot and Setuid

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

@@ -122,7 +122,7 @@ zone "example.com" {
 
 

 

-Chroot and Setuid
+Chroot and Setuid
 

 

           On UNIX servers, it is possible to run BIND
@@ -148,7 +148,7 @@ zone "example.com" {
         

 

 

-The chroot Environment

+The chroot Environment

 

             In order for a chroot environment
             to
@@ -176,7 +176,7 @@ zone "example.com" {
 
 

 

-Using the setuid Function

+Using the setuid Function

 

             Prior to running the named daemon,
             use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 356ce95b02..c09d4ef774 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,18 +45,18 @@
 

 
Table of Contents

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 

 

 

-Common Problems

+Common Problems

 

 

-It's not working; how can I figure out what's wrong?

+It's not working; how can I figure out what's wrong?

 

             The best solution to solving installation and
             configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
 
 

 

-Incrementing and Changing the Serial Number

+Incrementing and Changing the Serial Number

 

           Zone serial numbers are just numbers — they aren't
           date related.  A lot of people set them to a number that
@@ -95,7 +95,7 @@
 
 

 

-Where Can I Get Help?

+Where Can I Get Help?

 

           The Internet Systems Consortium
           (ISC) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 7cbef3ff74..ba5bd7fb7a 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -47,7 +47,7 @@
 

 
Acknowledgments

 
A Brief History of the DNS and BIND

-
General DNS Reference Information

+
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

@@ -162,7 +162,7 @@
 
 

 

-General DNS Reference Information

+General DNS Reference Information

 

 

 IPv6 addresses (AAAA)

diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 58e10f0b68..c72a127279 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -187,25 +187,25 @@
 
7. BIND 9 Security Considerations

 

 
Access Control Lists

-
Chroot and Setuid

+
Chroot and Setuid

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

 
8. Troubleshooting

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 
A. Appendices

 

 
Acknowledgments

 
A Brief History of the DNS and BIND

-
General DNS Reference Information

+
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html
index 0e819ff7ff..46690a832d 100644
--- a/doc/arm/man.ddns-confgen.html
+++ b/doc/arm/man.ddns-confgen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -48,7 +48,7 @@
 
ddns-confgen  [-a algorithm] [-h] [-k keyname] [-r randomfile] [ -s name  |   -z zone ] [-q] [name]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
ddns-confgen
       generates a key for use by nsupdate
       and named.  It simplifies configuration
@@ -75,7 +75,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -142,7 +142,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
nsupdate(1),
       named.conf(5),
       named(8),
@@ -150,7 +150,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index b8d08d3f1b..0fdf61e8c8 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -52,7 +52,7 @@
 
dig  [global-queryopt...] [query...]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dig
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -98,7 +98,7 @@
     

 

 

-
SIMPLE USAGE

+
SIMPLE USAGE

 

       A typical invocation of dig looks like:
       

@@ -144,7 +144,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

       The -b option sets the source IP address of the query
       to address.  This must be a valid
diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html
index 4ba62ebc9e..5dff527eb8 100644
--- a/doc/arm/man.dnssec-keyfromlabel.html
+++ b/doc/arm/man.dnssec-keyfromlabel.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-keyfromlabel  {-l label} [-3] [-a algorithm] [-A date/offset] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-I date/offset] [-k] [-K directory] [-n nametype] [-P date/offset] [-p protocol] [-R date/offset] [-t type] [-v level] {name}

 

 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keyfromlabel
       gets keys with the given label from a crypto hardware and builds
       key files for DNSSEC (Secure DNS), as defined in RFC 2535
@@ -63,7 +63,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -174,7 +174,7 @@
 

 

 

-
TIMING OPTIONS

+
TIMING OPTIONS

 

       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -221,7 +221,7 @@
 

 
 

-
GENERATED KEY FILES

+
GENERATED KEY FILES

 

       When dnssec-keyfromlabel completes
       successfully,
@@ -260,7 +260,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -268,7 +268,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 7fdc45f9b3..5f96a5d2f8 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-keygen  [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-E engine] [-e] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-K directory] [-k] [-P date/offset] [-p protocol] [-q] [-R date/offset] [-r randomdev] [-s strength] [-t type] [-v level] [-z] {name}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keygen
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC 4034.  It can also generate keys for use with
@@ -64,7 +64,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -256,7 +256,7 @@
 

 

 

-
TIMING OPTIONS

+
TIMING OPTIONS

 

       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -303,7 +303,7 @@
 

 
 

-
GENERATED KEYS

+
GENERATED KEYS

 

       When dnssec-keygen completes
       successfully,
@@ -349,7 +349,7 @@
     

 

 

-
EXAMPLE

+
EXAMPLE

 

       To generate a 768-bit DSA key for the domain
       example.com, the following command would be
@@ -370,7 +370,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
       RFC 2539,
@@ -379,7 +379,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html
index d33d9b8cee..90831056b8 100644
--- a/doc/arm/man.dnssec-revoke.html
+++ b/doc/arm/man.dnssec-revoke.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-revoke  [-hr] [-v level] [-K directory] [-E engine] [-f] {keyfile}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-revoke
       reads a DNSSEC key file, sets the REVOKED bit on the key as defined
       in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-h

 

@@ -91,14 +91,14 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       BIND 9 Administrator Reference Manual,
       RFC 5011.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html
index 99c285abf0..9fdcff4a94 100644
--- a/doc/arm/man.dnssec-settime.html
+++ b/doc/arm/man.dnssec-settime.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-settime  [-f] [-K directory] [-P date/offset] [-A date/offset] [-R date/offset] [-I date/offset] [-D date/offset] [-h] [-v level] [-E engine] {keyfile}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-settime
       reads a DNSSEC private key file and sets the key timing metadata
       as specified by the -P, -A,
@@ -75,7 +75,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-f

 

@@ -106,7 +106,7 @@
 

 

 

-
TIMING OPTIONS

+
TIMING OPTIONS

 

       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -151,7 +151,7 @@
 

 
 

-
PRINTING OPTIONS

+
PRINTING OPTIONS

 

       dnssec-settime can also be used to print the
       timing metadata associated with a key.
@@ -177,7 +177,7 @@
 

 
 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -185,7 +185,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index bb8f8ae8fd..40fb19ccc2 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-signzone  [-a] [-c class] [-d directory] [-E engine] [-e end-time] [-f output-file] [-g] [-h] [-K directory] [-k key] [-l domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-p] [-P] [-r randomdev] [-S] [-s start-time] [-T ttl] [-t] [-u] [-v level] [-x] [-z] [-3 salt] [-H iterations] [-A] {zonefile} [key...]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-signzone
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -397,7 +397,7 @@
 

 

 

-
EXAMPLE

+
EXAMPLE

 

       The following command signs the example.com
       zone with the DSA key generated by dnssec-keygen
@@ -427,14 +427,14 @@ db.example.com.signed
 %
 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       BIND 9 Administrator Reference Manual,
       RFC 4033.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index f1315c316b..6666ffc2c5 100644
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,14 +50,14 @@
 
named-checkconf  [-h] [-v] [-j] [-t directory] {filename} [-p] [-z]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkconf
       checks the syntax, but not the semantics, of a named
       configuration file.
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-h

 

@@ -96,21 +96,21 @@
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkconf
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       named-checkzone(8),
       BIND 9 Administrator Reference Manual.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html
index b0a46d245e..9428276636 100644
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -51,7 +51,7 @@
 
named-compilezone  [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkzone
       checks the syntax and integrity of a zone file.  It performs the
       same checks as named does when loading a
@@ -71,7 +71,7 @@
      

 

 

-
OPTIONS

+
OPTIONS

 

 
-d

 

@@ -257,14 +257,14 @@
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkzone
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       named-checkconf(8),
       RFC 1035,
@@ -272,7 +272,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index 0f04f878af..022b40fae6 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
named  [-4] [-6] [-c config-file] [-d debug-level] [-E engine-name] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-u user] [-v] [-V] [-x cache-file]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
named
       is a Domain Name System (DNS) server,
       part of the BIND 9 distribution from ISC.  For more
@@ -65,7 +65,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-4

 

@@ -246,7 +246,7 @@
 

 

 

-
SIGNALS

+
SIGNALS

 

       In routine operation, signals should not be used to control
       the nameserver; rndc should be used
@@ -267,7 +267,7 @@
     

 

 

-
CONFIGURATION

+
CONFIGURATION

 

       The named configuration file is too complex
       to describe in detail here.  A complete description is provided
@@ -284,7 +284,7 @@
     

 

 

-
FILES

+
FILES

 

 
/etc/named.conf

 

@@ -297,7 +297,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
RFC 1033,
       RFC 1034,
       RFC 1035,
@@ -310,7 +310,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index ca9bb5a810..f0cdbbcbdf 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
nsupdate  [-d] [-D] [[-g] |  [-o] |  [-l] |  [-y [hmac:]keyname:secret] |  [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [filename]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
nsupdate
       is used to submit Dynamic DNS Update requests as defined in RFC 2136
       to a name server.
@@ -210,7 +210,7 @@
     

 

 

-
INPUT FORMAT

+
INPUT FORMAT

 
nsupdate
       reads input from
       filename
@@ -474,7 +474,7 @@
     

 

 

-
EXAMPLES

+
EXAMPLES

 

       The examples below show how
       nsupdate
@@ -528,7 +528,7 @@
     

 

 

-
FILES

+
FILES

 

 
/etc/resolv.conf

 

@@ -551,7 +551,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 

       RFC 2136,
       RFC 3007,
@@ -566,7 +566,7 @@
     

 

 

-
BUGS

+
BUGS

 

       The TSIG key is redundantly stored in two separate files.
       This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index 3053b74e20..9ada0a4ac6 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
rndc-confgen  [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
rndc-confgen
       generates configuration files
       for rndc.  It can be used as a
@@ -66,7 +66,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -173,7 +173,7 @@
 

 

 

-
EXAMPLES

+
EXAMPLES

 

       To allow rndc to be used with
       no manual configuration, run
@@ -190,7 +190,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc.conf(5),
       named(8),
@@ -198,7 +198,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index c7055d5d67..c7f7bf2a4f 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
rndc.conf 

 
 

-
DESCRIPTION

+
DESCRIPTION

 
rndc.conf is the configuration file
       for rndc, the BIND 9 name server control
       utility.  This file has a similar structure and syntax to
@@ -135,7 +135,7 @@
     

 

 

-
EXAMPLE

+
EXAMPLE

 
       options {
         default-server  localhost;
@@ -209,7 +209,7 @@
     

 

 

-
NAME SERVER CONFIGURATION

+
NAME SERVER CONFIGURATION

 

       The name server must be configured to accept rndc connections and
       to recognize the key specified in the rndc.conf
@@ -219,7 +219,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc-confgen(8),
       mmencode(1),
@@ -227,7 +227,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index 1367f8c447..cbc194d37d 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
rndc  [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
rndc
       controls the operation of a name
       server.  It supersedes the ndc utility
@@ -79,7 +79,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-b source-address

 

@@ -151,7 +151,7 @@
     

 

 

-
LIMITATIONS

+
LIMITATIONS

 
rndc
       does not yet support all the commands of
       the BIND 8 ndc utility.
@@ -165,7 +165,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc.conf(5),
       rndc-confgen(8),
       named(8),
@@ -175,7 +175,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 


From 5c6c5669ecb196e817c0b7f158249ebfdc343ac9 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Sat, 7 Nov 2009 03:36:58 +0000
Subject: [PATCH 43/87] #include  for the ctime() prototype.

---
 lib/dns/dst_api.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index 5b12e98b5a..c0bc43d41b 100644
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -31,7 +31,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.46 2009/11/03 19:43:54 marka Exp $
+ * $Id: dst_api.c,v 1.47 2009/11/07 03:36:58 each Exp $
  */
 
 /*! \file */
@@ -39,6 +39,7 @@
 #include 
 
 #include 
+#include 
 
 #include 
 #include 

From 2d46d268ccff30bb50e661b47c6496d23d9156c7 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Sun, 8 Nov 2009 23:52:20 +0000
Subject: [PATCH 44/87] handle openssl patches

---
 util/merge_copyrights | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/util/merge_copyrights b/util/merge_copyrights
index e957aefc5d..08854d82e3 100644
--- a/util/merge_copyrights
+++ b/util/merge_copyrights
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: merge_copyrights,v 1.33 2009/06/11 23:47:56 tbox Exp $
+# $Id: merge_copyrights,v 1.34 2009/11/08 23:52:20 marka Exp $
 
 %file_types = ();
 %file_years = ();
@@ -54,6 +54,8 @@ while () {
 	# Contributed code should maintain its own copyright.
 	if ($base =~ /\.\/contrib\//) {
 	     $file_types{$_} = "X";
+	} elsif ($base =~ /\/openssl-[a-z0-9.]*-patch$/) {
+	    $file_types{$_} = "X";
 	} elsif ($base =~ /\.(c|h|css)$/) {
 	    $file_types{$_} = "C";
         } elsif ($base =~ /\.y$/) {

From e2facd7af296d90d0d1fef7994b6b8e795490a92 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Mon, 9 Nov 2009 01:28:32 +0000
Subject: [PATCH 45/87] 2756.	[bug]		Fixed corrupt logfile message
 in update.c. [RT# 20597]

---
 CHANGES            | 2 ++
 bin/named/update.c | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index da093af352..9008e997ce 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2756.	[bug]		Fixed corrupt logfile message in update.c. [RT# 20597]
+
 2755.	[placeholder]
 
 2754.	[bug]		Secure-to-insecure transitions failed when zone
diff --git a/bin/named/update.c b/bin/named/update.c
index 0c82ebbf86..d7a054beb2 100644
--- a/bin/named/update.c
+++ b/bin/named/update.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: update.c,v 1.167 2009/11/06 08:38:56 each Exp $ */
+/* $Id: update.c,v 1.168 2009/11/09 01:28:32 each Exp $ */
 
 #include 
 
@@ -310,6 +310,10 @@ checkqueryacl(ns_client_t *client, dns_acl_t *queryacl, dns_name_t *zonename,
 			      "update '%s/%s' denied due to allow-query",
 			      namebuf, classbuf);
 	} else if (updateacl == NULL && ssutable == NULL) {
+		dns_name_format(zonename, namebuf, sizeof(namebuf));
+		dns_rdataclass_format(client->view->rdclass, classbuf,
+				      sizeof(classbuf));
+
 		result = DNS_R_REFUSED;
 		ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY,
 			      NS_LOGMODULE_UPDATE, ISC_LOG_INFO,

From ca35524ce2b57e6f1b261d23565d1288a355d12f Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Mon, 9 Nov 2009 23:30:31 +0000
Subject: [PATCH 46/87] newcopyrights

---
 util/copyrights | 1 +
 1 file changed, 1 insertion(+)

diff --git a/util/copyrights b/util/copyrights
index 3556e91f0b..2e433030bb 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -236,6 +236,7 @@
 ./bin/pkcs11/include/pkcs11f.h			C	2009
 ./bin/pkcs11/include/pkcs11t.h			C	2009
 ./bin/pkcs11/openssl-0.9.8k-patch		X	2009
+./bin/pkcs11/openssl-0.9.8l-patch		X	2009
 ./bin/pkcs11/pkcs11-destroy.8			MAN	2009
 ./bin/pkcs11/pkcs11-destroy.c			X	2009
 ./bin/pkcs11/pkcs11-destroy.docbook		SGML	2009

From 7fe4b0447fb3ef0c8ff9851624a7bca072732973 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Tue, 10 Nov 2009 17:27:40 +0000
Subject: [PATCH 47/87] 2757.	[bug]		dig: assertion failure could
 occur in connect 			timeout. [RT #20599]

---
 CHANGES           |  3 +++
 bin/dig/dighost.c | 16 ++++++----------
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/CHANGES b/CHANGES
index 9008e997ce..b61e6e2e41 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2757.	[bug]		dig: assertion failure could occur in connect
+			timeout. [RT #20599]
+
 2756.	[bug]		Fixed corrupt logfile message in update.c. [RT# 20597]
 
 2755.	[placeholder]
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 0673b99676..b2761ad8f8 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.327 2009/11/05 01:57:49 each Exp $ */
+/* $Id: dighost.c,v 1.328 2009/11/10 17:27:40 each Exp $ */
 
 /*! \file
  *  \note
@@ -2581,14 +2581,10 @@ connect_timeout(isc_task_t *task, isc_event_t *event) {
 		cq = query->lookup->current_query;
 		if (!l->tcp_mode)
 			send_udp(ISC_LIST_NEXT(cq, link));
-		else if (query->sock != NULL) {
-			isc_socket_cancel(query->sock, NULL,
-					  ISC_SOCKCANCEL_ALL);
-			isc_socket_detach(&query->sock);
-			sockcount--;
-			debug("sockcount=%d", sockcount);
-			send_tcp_connect(ISC_LIST_NEXT(cq, link));
-		} else {
+		else {
+			if (query->sock != NULL)
+				isc_socket_cancel(query->sock, NULL,
+						  ISC_SOCKCANCEL_ALL);
 			send_tcp_connect(ISC_LIST_NEXT(cq, link));
 		}
 		UNLOCK_LOOKUP;
@@ -2792,8 +2788,8 @@ connect_done(isc_task_t *task, isc_event_t *event) {
 	if (sevent->result == ISC_R_CANCELED) {
 		debug("in cancel handler");
 		isc_socket_detach(&query->sock);
+		INSIST(sockcount > 0);
 		sockcount--;
-		INSIST(sockcount >= 0);
 		debug("sockcount=%d", sockcount);
 		query->waiting_connect = ISC_FALSE;
 		isc_event_free(&event);

From 5857247dbbfe384a1bcf376d0451f1b2bc3c2c7a Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Tue, 10 Nov 2009 18:31:47 +0000
Subject: [PATCH 48/87] 2758.	[bug]		win32: Added a workaround for
 a windows 2008 bug 			that could cause the UDP client
 handler to shut 			down. [RT #19176]

---
 CHANGES                |   4 ++
 lib/isc/win32/socket.c | 108 ++++++++++++++++++++++++++++++++++++++---
 2 files changed, 106 insertions(+), 6 deletions(-)

diff --git a/CHANGES b/CHANGES
index b61e6e2e41..30cd329ae0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+2758.	[bug]		win32: Added a workaround for a windows 2008 bug
+			that could cause the UDP client handler to shut
+			down. [RT #19176]
+
 2757.	[bug]		dig: assertion failure could occur in connect
 			timeout. [RT #20599]
 
diff --git a/lib/isc/win32/socket.c b/lib/isc/win32/socket.c
index 2cd69abfdf..14e2e6ffe4 100644
--- a/lib/isc/win32/socket.c
+++ b/lib/isc/win32/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.80 2009/09/25 23:48:11 tbox Exp $ */
+/* $Id: socket.c,v 1.81 2009/11/10 18:31:47 each Exp $ */
 
 /* This code uses functions which are only available on Server 2003 and
  * higher, and Windows XP and higher.
@@ -272,6 +272,7 @@ struct isc_socket {
 	unsigned int		pending_accept; /* Number of outstanding accept() calls. */
 	unsigned int		state; /* Socket state. Debugging and consistency checking. */
 	int			state_lineno;  /* line which last touched state */
+	int			in_recovery_cnt; /* avoid recovery loop. */
 };
 
 #define _set_state(sock, _state) do { (sock)->state = (_state); (sock)->state_lineno = __LINE__; } while (0)
@@ -364,6 +365,8 @@ static void send_connectdone_event(isc_socket_t *sock, isc_socket_connev_t **cde
 static void send_recvdone_abort(isc_socket_t *sock, isc_result_t result);
 static void queue_receive_event(isc_socket_t *sock, isc_task_t *task, isc_socketevent_t *dev);
 static void queue_receive_request(isc_socket_t *sock);
+static void hard_recover_receive_request(isc_socket_t *sock);
+static void recover_receive_request(isc_socket_t *sock, void **lplpo);
 
 /*
  * This is used to dump the contents of the sock structure
@@ -716,6 +719,7 @@ queue_receive_request(isc_socket_t *sock) {
 	int total_bytes = 0;
 	int Result;
 	int Error;
+	isc_boolean_t need_recovering = ISC_FALSE;
 	WSABUF iov[1];
 	IoCompletionInfo *lpo;
 	isc_result_t isc_result;
@@ -763,9 +767,39 @@ queue_receive_request(isc_socket_t *sock) {
 			sock->pending_recv++;
 			break;
 
+		case ERROR_HOST_UNREACHABLE:
+			if (sock->type == isc_sockettype_udp) {
+				UNEXPECTED_ERROR(__FILE__, __LINE__,
+					 "WSARecvFrom ERROR_HOST_UNREACHABLE: trying to recover");
+				need_recovering = ISC_TRUE;
+				break;
+			} else
+				goto fail;
+
+		case WSAENETRESET:
+			if (sock->type == isc_sockettype_udp) {
+				UNEXPECTED_ERROR(__FILE__, __LINE__,
+					 "WSARecvFrom WSAENETRESET: trying to recover");
+				need_recovering = ISC_TRUE;
+				break;
+			} else
+				goto fail;
+
+		case WSAECONNRESET:
+			if (sock->type == isc_sockettype_udp) {
+				UNEXPECTED_ERROR(__FILE__, __LINE__,
+					 "WSARecvFrom WSAECONNRESET: trying to recover");
+				need_recovering = ISC_TRUE;
+				break;
+			} else
+				goto fail;
+
 		default:
+		fail:
 			isc_result = isc__errno2result(Error);
-			if (isc_result == ISC_R_UNEXPECTED)
+			if ((isc_result == ISC_R_UNEXPECTED) ||
+			    (isc_result == ISC_R_CONNECTIONRESET) ||
+			    (isc_result == ISC_R_HOSTUNREACH))
 				UNEXPECTED_ERROR(__FILE__, __LINE__,
 					"WSARecvFrom: Windows error code: %d, isc result %d",
 					Error, isc_result);
@@ -780,6 +814,7 @@ queue_receive_request(isc_socket_t *sock) {
 		 */
 		sock->pending_iocp++;
 		sock->pending_recv++;
+		sock->in_recovery_cnt = 0;
 	}
 
 	socket_log(__LINE__, sock, NULL, IOEVENT,
@@ -789,6 +824,41 @@ queue_receive_request(isc_socket_t *sock) {
 		   sock->fd, Result, Error);
 
 	CONSISTENT(sock);
+
+	if (need_recovering)
+		recover_receive_request(sock, &lpo);
+}
+
+/*
+ * (placeholder) Hard recovery, doing nothing useful today
+ * (other than to avoid unlimited recursion).
+ */
+static void
+hard_recover_receive_request(isc_socket_t *sock)
+{
+	UNEXPECTED_ERROR(__FILE__, __LINE__,
+			 "can't recover fd %d sock %p",
+			 sock->fd, sock);
+	send_recvdone_abort(sock, ISC_R_UNEXPECTED);
+}
+
+/*
+ * Recovery from a Windows 2008 Server bug
+ * (WSARecvFrom() getting an ERROR_HOST_UNREACHABLE).
+ * Free the overlapped pointer and requeue a receive request.
+ */
+static void
+recover_receive_request(isc_socket_t *sock, void **lplpo)
+{
+	if (*lplpo != NULL)
+		HeapFree(hHeapHandle, 0, *lplpo);
+	*lplpo = NULL;
+
+	/* limit recursion to 20 */
+	if (sock->in_recovery_cnt++ < 20)
+		queue_receive_request(sock);
+	else
+		hard_recover_receive_request(sock);
 }
 
 static void
@@ -866,7 +936,7 @@ make_nonblock(SOCKET fd) {
 }
 
 /*
- * Windows 2000 systems incorrectly cause UDP sockets using WASRecvFrom
+ * Windows 2000 systems incorrectly cause UDP sockets using WSARecvFrom
  * to not work correctly, returning a WSACONNRESET error when a WSASendTo
  * fails with an "ICMP port unreachable" response and preventing the
  * socket from using the WSARecvFrom in subsequent operations.
@@ -1318,7 +1388,7 @@ completeio_send(isc_socket_t *sock, isc_socketevent_t *dev,
 		UNEXPECTED_ERROR(__FILE__, __LINE__, "completeio_send: %s: %s",
 				 addrbuf, strbuf);
 		dev->result = isc__errno2result(send_errno);
-	return (DOIO_HARD);
+		return (DOIO_HARD);
 	}
 
 	/*
@@ -1387,6 +1457,7 @@ startio_send(isc_socket_t *sock, isc_socketevent_t *dev, int *nbytes,
 				   "bytes, err %d/%s",
 				   sock->fd, *nbytes, *send_errno, strbuf);
 		}
+		status = DOIO_HARD;
 		goto done;
 	}
 	dev->result = ISC_R_SUCCESS;
@@ -1431,6 +1502,7 @@ allocate_socket(isc_socketmgr_t *manager, isc_sockettype_t type,
 	sock->connected = 0;
 	sock->pending_connect = 0;
 	sock->bound = 0;
+	sock->in_recovery_cnt = 0;
 	memset(sock->name, 0, sizeof(sock->name));	// zero the name field
 	_set_state(sock, SOCK_INITIALIZED);
 
@@ -2332,7 +2404,7 @@ SocketIoThread(LPVOID ThreadContext) {
 			/*
 			 * Did the I/O operation complete?
 			 */
-			errstatus = WSAGetLastError();
+			errstatus = GetLastError();
 			isc_result = isc__errno2resultx(errstatus, __FILE__, __LINE__);
 
 			LOCK(&sock->lock);
@@ -2343,8 +2415,32 @@ SocketIoThread(LPVOID ThreadContext) {
 				sock->pending_iocp--;
 				INSIST(sock->pending_recv > 0);
 				sock->pending_recv--;
+				if ((sock->type == isc_sockettype_udp) &&
+				    (errstatus == ERROR_HOST_UNREACHABLE)) {
+					UNEXPECTED_ERROR(__FILE__, __LINE__,
+							 "SOCKET_RECV ERROR_HOST_UNREACHABLE: trying to recover");
+					recover_receive_request(sock, &lpo);
+					break;
+				}
+				if ((sock->type == isc_sockettype_udp) &&
+				    (errstatus == WSAENETRESET)) {
+					UNEXPECTED_ERROR(__FILE__, __LINE__,
+							 "SOCKET_RECV WSAENETRESET: trying to recover");
+					recover_receive_request(sock, &lpo);
+					break;
+				}
+				if ((sock->type == isc_sockettype_udp) &&
+				    (errstatus == WSAECONNRESET)) {
+					UNEXPECTED_ERROR(__FILE__, __LINE__,
+							 "SOCKET_RECV WSAECONNRESET: trying to recover");
+					recover_receive_request(sock, &lpo);
+					break;
+				}
 				send_recvdone_abort(sock, isc_result);
-				if (isc_result == ISC_R_UNEXPECTED) {
+				if ((isc_result == ISC_R_UNEXPECTED) ||
+				    ((isc_result == ISC_R_CONNECTIONRESET) &&
+				     (errstatus != ERROR_OPERATION_ABORTED)) ||
+				    (isc_result == ISC_R_HOSTUNREACH)) {
 					UNEXPECTED_ERROR(__FILE__, __LINE__,
 						"SOCKET_RECV: Windows error code: %d, returning ISC error %d",
 						errstatus, isc_result);

From f82d52e82defd947805f0882f1559e88d830922a Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Tue, 10 Nov 2009 19:49:32 +0000
Subject: [PATCH 49/87] 2759.	[doc]		Add information about
 .jbk/.jnw files to 			the ARM. [RT #20303]

---
 CHANGES                 | 3 +++
 doc/arm/Bv9ARM-book.xml | 7 ++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 30cd329ae0..95ff4e3e47 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2759.	[doc]		Add information about .jbk/.jnw files to 
+			the ARM. [RT #20303]
+
 2758.	[bug]		win32: Added a workaround for a windows 2008 bug
 			that could cause the UDP client handler to shut
 			down. [RT #19176]
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index d3beaddbb7..66eb7525d0 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   BIND 9 Administrator Reference Manual
 
@@ -1727,6 +1727,11 @@ controls {
           each dynamic update, because that would be too slow when a large
           zone is updated frequently.  Instead, the dump is delayed by
           up to 15 minutes, allowing additional updates to take place.
+          During the dump process, transient files will be created
+          with the extensions .jnw and
+          .jbk; under ordinary circumstances, these
+          will be removed when the dump is complete, and can be safely
+          ignored.
         
 
         

From 38397492000c996d50f9bf96a4da318a742bd07c Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Tue, 10 Nov 2009 20:02:01 +0000
Subject: [PATCH 50/87] 2760.	[cleanup]	Corrected named-compilezone
 usage summary. [RT #20533]

---
 CHANGES                           | 2 ++
 bin/check/named-checkzone.c       | 8 +++++---
 bin/check/named-checkzone.docbook | 4 ++--
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 95ff4e3e47..f4c4583f3e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2760.	[cleanup]	Corrected named-compilezone usage summary. [RT #20533]
+
 2759.	[doc]		Add information about .jbk/.jnw files to 
 			the ARM. [RT #20303]
 
diff --git a/bin/check/named-checkzone.c b/bin/check/named-checkzone.c
index c36152b3e9..653c80dff7 100644
--- a/bin/check/named-checkzone.c
+++ b/bin/check/named-checkzone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.55 2009/09/29 15:06:05 fdupont Exp $ */
+/* $Id: named-checkzone.c,v 1.56 2009/11/10 20:02:01 each Exp $ */
 
 /*! \file */
 
@@ -76,14 +76,16 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
 static void
 usage(void) {
 	fprintf(stderr,
-		"usage: %s [-djqvD] [-c class] [-o output] "
+		"usage: %s [-djqvD] [-c class] "
 		"[-f inputformat] [-F outputformat] "
 		"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
 		"[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] "
 		"[-i (full|full-sibling|local|local-sibling|none)] "
 		"[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] "
 		"[-W (ignore|warn)] "
-		"zonename filename\n", prog_name);
+		"%s zonename filename\n",
+		prog_name,
+		progmode == progmode_check ? "[-o filename]" : "{-o filename}");
 	exit(1);
 }
 
diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook
index 488c16f886..0b1c999eb2 100644
--- a/bin/check/named-checkzone.docbook
+++ b/bin/check/named-checkzone.docbook
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   
     June 13, 2000
@@ -69,7 +69,6 @@
       
       
       
-      
       
       
       
@@ -99,6 +98,7 @@
       
       
       
+      
       zonename
       filename
     

From 2e2a294b05e54e41a46816c684be60738529e57a Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Tue, 10 Nov 2009 21:30:42 +0000
Subject: [PATCH 51/87] remove unnecessary braces around {-o filename}

---
 bin/check/named-checkzone.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bin/check/named-checkzone.c b/bin/check/named-checkzone.c
index 653c80dff7..fccc0e29ba 100644
--- a/bin/check/named-checkzone.c
+++ b/bin/check/named-checkzone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.56 2009/11/10 20:02:01 each Exp $ */
+/* $Id: named-checkzone.c,v 1.57 2009/11/10 21:30:42 each Exp $ */
 
 /*! \file */
 
@@ -85,7 +85,7 @@ usage(void) {
 		"[-W (ignore|warn)] "
 		"%s zonename filename\n",
 		prog_name,
-		progmode == progmode_check ? "[-o filename]" : "{-o filename}");
+		progmode == progmode_check ? "[-o filename]" : "-o filename");
 	exit(1);
 }
 

From f466c1552a3dfce8fbc8033d1f6f0a0992aa778d Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 10 Nov 2009 22:13:24 +0000
Subject: [PATCH 52/87] new draft

---
 ...t => draft-ietf-dnsext-dnssec-gost-02.txt} | 80 ++++++++++++-------
 1 file changed, 50 insertions(+), 30 deletions(-)
 rename doc/draft/{draft-ietf-dnsext-dnssec-gost-01.txt => draft-ietf-dnsext-dnssec-gost-02.txt} (86%)

diff --git a/doc/draft/draft-ietf-dnsext-dnssec-gost-01.txt b/doc/draft/draft-ietf-dnsext-dnssec-gost-02.txt
similarity index 86%
rename from doc/draft/draft-ietf-dnsext-dnssec-gost-01.txt
rename to doc/draft/draft-ietf-dnsext-dnssec-gost-02.txt
index c7ffbce49c..73faa6be92 100644
--- a/doc/draft/draft-ietf-dnsext-dnssec-gost-01.txt
+++ b/doc/draft/draft-ietf-dnsext-dnssec-gost-02.txt
@@ -1,12 +1,12 @@
 DNS Extensions working group                             V.Dolmatov, Ed.  
 Internet-Draft                                            Cryptocom Ltd.    
-Intended status: Standards Track                        October 18, 2009
-Expires: April 18, 2010                                 
+Intended status: Standards Track                      November 10, 2009
+Expires: May 10, 2010                                 
 
 
  Use of GOST signature algorithms in DNSKEY and RRSIG Resource Records
                                for DNSSEC
-                 draft-ietf-dnsext-dnssec-gost-01
+                 draft-ietf-dnsext-dnssec-gost-02
 
 Status of this Memo
 
@@ -29,7 +29,7 @@ Status of this Memo
    The list of Internet-Draft Shadow Directories can be accessed at
    http://www.ietf.org/shadow.html.
 
-   This Internet-Draft will expire on April 18 2010.
+   This Internet-Draft will expire on May  10 2010.
 
 Copyright Notice
 
@@ -49,7 +49,7 @@ Abstract
    Name System Security Extensions (DNSSEC, RFC 4033, RFC 4034, 
    and RFC 4035).
 
-V.Dolmatov              Expires April 18, 2010               [Page 1]
+V.Dolmatov              Expires May  10, 2010               [Page 1]
 
 Table of Contents
 
@@ -106,7 +106,7 @@ Table of Contents
    "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
    document are to be interpreted as described in [RFC2119].
 
-V.Dolmatov              Expires April 18, 2010                [Page 2]
+V.Dolmatov              Expires May  10, 2010                [Page 2]
 
 2.  DNSKEY Resource Records
 
@@ -145,7 +145,7 @@ V.Dolmatov              Expires April 18, 2010                [Page 2]
    section 2.3.2.
 
    To make this encoding from the wire format of a GOST public key 
-   with the parameters used in this document, prepend last 64 octets
+   with the parameters used in this document, prepend the last 64 octets
    of key data (in other words, substitute first two parameter octets)
    with the following 37-byte sequence:
 
@@ -155,23 +155,24 @@ V.Dolmatov              Expires April 18, 2010                [Page 2]
   
 2.2.  GOST DNSKEY RR Example
 
-   Given a private key with the following value:
+   Given a private key with the following value (the value of GostAsn1
+   field is split here into two lines to simplify reading; in the 
+   private key file it must be in one line):
 
    Private-key-format: v1.2
    Algorithm: {TBA1} (GOST)
-   GostAsn1: MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEE
-             IgQgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
+   GostAsn1: MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgV/S
+	     2FXdMtzKJBehZvjF4lVSx6m66TwqSe/MFwKSH/3E=
 
-   (corresponding to private key value 1)
-
-V.Dolmatov              Expires April 18, 2010                [Page 3]
+V.Dolmatov              Expires May  10, 2010                [Page 3]
 
    The following DNSKEY RR stores a DNS zone key for example.net
  
-  example.net. 86400 IN DNSKEY 256 3 {TBA1} ( AAABAAAAAAAAAAAAAAAAAAAA
-                                              AAAAAAAAAAAAAAAAAAAAABQe
-                                              n56cyawiseMj3y1PKTV2Kz9F
-                                              WlDfJ9qcmOBx5JGN )
+   example.net. 86400 IN DNSKEY 256 3 {TBA1} (
+                                AADMrbi2vAs4hklTmmzGE3WWNtJ8Dll0u0jq
+				tGRbNKeJguZQj/9EpGWmQK9hekPiPlzH2Ph6
+				yB7i836EfzmJo5LP
+				) ; key id = 15820
 
 3.  RRSIG Resource Records
 
@@ -209,13 +210,18 @@ V.Dolmatov              Expires April 18, 2010                [Page 3]
 
    Setting the inception date to 2000-01-01 00:00:00 UTC and the 
    expiration date to 2030-01-01 00:00:00 UTC, the following signature
-   should be created (assuming {TBA1}==249 until proped code is 
+   should be created (assuming {TBA1}==249 until proper code is 
    assigned by IANA)
 
-   www.example.net. 3600 IN RRSIG ( A {TBA1} 3 3600
-                    20300101000000 20000101000000 9033 example.net.
-                    96ObOt5gR6Xln8g42w70OZvi6BZoQvLIhrN9F+VBc29mp+ap
-                    DQov1re0hApGenYDd2zLaHecw4H2vnPj0NhhxA== )
+   www.example.net. 3600 IN RRSIG A {TBA1} 3 3600 20300101000000 (
+                                  20000101000000 15820 example.net.
+                                  K4sw+TOJz47xqP6685ItDfPhkktyvgxXrLdX
+                                  aQLX01mMZbJUp6tzetBYGpdHciAW5RLvHLVB
+                                  P8RtFK8Qv5DRsA== )
+
+  Note: Several GOST signatures calculated for the same message text 
+   will differ because of using of random element in signature 
+   generation process.
 
 4.  DS Resource Records
 
@@ -223,7 +229,7 @@ V.Dolmatov              Expires April 18, 2010                [Page 3]
    type {TBA2}.  The wire format of a digest value is compatible with 
    RFC 4490 [RFC4490]. 
 
-V.Dolmatov              Expires April 18, 2010                [Page 4]
+V.Dolmatov              Expires May  10, 2010                [Page 4]
 
    Quoting RFC 4490: 
    
@@ -234,9 +240,22 @@ V.Dolmatov              Expires April 18, 2010                [Page 4]
 
 4.1. DS RR Example
 
-   example.net. 3600 IN DS 9033 {TBA1} {TBA2} ( Su0ToNow7Lwex+wqac+cTQ
-                                                djJ733qubhan+KqUrselc= )
- 
+   For key signing key (assuming {TBA1}==249 until proper code is 
+   assigned by IANA)
+
+   example.net. 86400   DNSKEY  257 3 {TBA1} (
+                                AAADr5vmKVdXo780hSRU1YZYWuMZUbEe9R7C
+                                RRLc7Wj2osDXv2XbCnIpTUx8dVLnLKmDBquu
+                                9tCz5oSsZl0cL0R2
+                                ) ; key id = 21649
+
+   DS RR will be
+
+   example.net. 3600 IN DS 21649 {TBA1} {TBA2} (
+             A8146F448569F30B91255BA8E98DE14B18569A524C49593ADCA4103A
+	     A44649C6 )
+
+
 5.  Deployment Considerations
 
 5.1.  Key Sizes
@@ -283,7 +302,7 @@ V.Dolmatov              Expires April 18, 2010                [Page 4]
     of multiple elliptic curve point computations on prime modulus
     2**256.
 
-V.Dolmatov              Expires April 18, 2010                [Page 5]
+V.Dolmatov              Expires May  10, 2010                [Page 5]
 
     Currently, the cryptographic resistance of GOST 34.11-94 hash
     algorithm is estimated as 2**128 operations of computations of a
@@ -339,7 +358,7 @@ V.Dolmatov              Expires April 18, 2010                [Page 5]
               Rose, "Resource Records for the DNS Security Extensions",
               RFC 4034, March 2005.
 
-V.Dolmatov              Expires April 18, 2010                [Page 6]
+V.Dolmatov              Expires May  10, 2010                [Page 6]
 
    [RFC4035]  Arends R., Austein R., Larson M., Massey D., and S.
               Rose, "Protocol Modifications for the DNS Security
@@ -396,7 +415,7 @@ V.Dolmatov              Expires April 18, 2010                [Page 6]
               "GOST R 34.10-2001 digital signature algorithm"
               draft-dolmatov-cryptocom-gost3410-2001-05,
               work in progress
-V.Dolmatov              Expires April 18, 2010               [Page 7]
+V.Dolmatov              Expires May  10, 2010               [Page 7]
 
    [DRAFT2]   Dolmatov V., Kabelev D., Ustinov I., Vyshensky S.,
               "GOST R 34.11-94 Hash function algorithm"
@@ -430,6 +449,7 @@ Moscow, 117303, Russian Federation
 
 EMail: igus@cryptocom.ru
 
-V.Dolmatov              Expires April 18, 2010                [Page 8]
+V.Dolmatov              Expires May  10, 2010                [Page 8]
+
 
 

From 3a5fe5abf08f16b8d31ab8ee9a788063110ef000 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Wed, 11 Nov 2009 01:14:42 +0000
Subject: [PATCH 53/87] regen

---
 bin/check/named-checkzone.8          |   6 +-
 bin/check/named-checkzone.html       |  16 +--
 doc/arm/Bv9ARM.ch04.html             |  75 +++++------
 doc/arm/Bv9ARM.ch05.html             |   6 +-
 doc/arm/Bv9ARM.ch06.html             | 160 ++++++++++++------------
 doc/arm/Bv9ARM.ch07.html             |  14 +--
 doc/arm/Bv9ARM.ch08.html             |  18 +--
 doc/arm/Bv9ARM.ch09.html             | 180 +++++++++++++--------------
 doc/arm/Bv9ARM.html                  | 108 ++++++++--------
 doc/arm/man.ddns-confgen.html        |  10 +-
 doc/arm/man.dig.html                 |  20 +--
 doc/arm/man.dnssec-dsfromkey.html    |  16 +--
 doc/arm/man.dnssec-keyfromlabel.html |  14 +--
 doc/arm/man.dnssec-keygen.html       |  16 +--
 doc/arm/man.dnssec-revoke.html       |  10 +-
 doc/arm/man.dnssec-settime.html      |  14 +--
 doc/arm/man.dnssec-signzone.html     |  12 +-
 doc/arm/man.host.html                |  10 +-
 doc/arm/man.named-checkconf.html     |  12 +-
 doc/arm/man.named-checkzone.html     |  16 +--
 doc/arm/man.named.html               |  16 +--
 doc/arm/man.nsupdate.html            |  14 +--
 doc/arm/man.rndc-confgen.html        |  12 +-
 doc/arm/man.rndc.conf.html           |  12 +-
 doc/arm/man.rndc.html                |  12 +-
 25 files changed, 402 insertions(+), 397 deletions(-)

diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8
index 5c38295f1e..548f5ca67c 100644
--- a/bin/check/named-checkzone.8
+++ b/bin/check/named-checkzone.8
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkzone.8,v 1.44 2009/07/11 01:12:45 tbox Exp $
+.\" $Id: named-checkzone.8,v 1.45 2009/11/11 01:14:41 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -33,9 +33,9 @@
 named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
 .SH "SYNOPSIS"
 .HP 16
-\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
+\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
 .HP 18
-\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
+\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
 .SH "DESCRIPTION"
 .PP
 \fBnamed\-checkzone\fR
diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html
index 571b8b39d6..8e6c123a17 100644
--- a/bin/check/named-checkzone.html
+++ b/bin/check/named-checkzone.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -29,11 +29,11 @@
 

 

 
Synopsis

-
named-checkzone  [-d] [-h] [-j] [-q] [-v] [-c class] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-M mode] [-n mode] [-o filename] [-s style] [-S mode] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

-
named-compilezone  [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

+
named-checkzone  [-d] [-h] [-j] [-q] [-v] [-c class] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-M mode] [-n mode] [-s style] [-S mode] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

+
named-compilezone  [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {-o filename} {zonename} {filename}

 

 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkzone
       checks the syntax and integrity of a zone file.  It performs the
       same checks as named does when loading a
@@ -53,7 +53,7 @@
      

 

 

-
OPTIONS

+
OPTIONS

 

 
-d

 

@@ -239,14 +239,14 @@
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkzone
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       named-checkconf(8),
       RFC 1035,
@@ -254,7 +254,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html
index f49bff7b43..ae5341ce84 100644
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -49,29 +49,29 @@
 
Dynamic Update

 
The journal file

 
Incremental Zone Transfers (IXFR)

-
Split DNS

-
Example split DNS setup

+
Split DNS

+
Example split DNS setup

 
TSIG

 

-
Generate Shared Keys for Each Pair of Hosts

-
Copying the Shared Secret to Both Machines

-
Informing the Servers of the Key's Existence

-
Instructing the Server to Use the Key

-
TSIG Key Based Access Control

-
Errors

+
Generate Shared Keys for Each Pair of Hosts

+
Copying the Shared Secret to Both Machines

+
Informing the Servers of the Key's Existence

+
Instructing the Server to Use the Key

+
TSIG Key Based Access Control

+
Errors

 

-
TKEY

-
SIG(0)

+
TKEY

+
SIG(0)

 
DNSSEC

 

-
Generating Keys

-
Signing the Zone

-
Configuring Servers

+
Generating Keys

+
Signing the Zone

+
Configuring Servers

 

-
IPv6 Support in BIND 9

+
IPv6 Support in BIND 9

 

-
Address Lookups Using AAAA Records

-
Address to Name Lookups Using Nibble Format

+
Address Lookups Using AAAA Records

+
Address to Name Lookups Using Nibble Format

 

 
 
@@ -158,6 +158,11 @@
           each dynamic update, because that would be too slow when a large
           zone is updated frequently.  Instead, the dump is delayed by
           up to 15 minutes, allowing additional updates to take place.
+          During the dump process, transient files will be created
+          with the extensions .jnw and
+          .jbk; under ordinary circumstances, these
+          will be removed when the dump is complete, and can be safely
+          ignored.
         

 

           When a server is restarted after a shutdown or crash, it will replay
@@ -219,7 +224,7 @@
 
 

 

-Split DNS

+Split DNS

 

         Setting up different views, or visibility, of the DNS space to
         internal and external resolvers is usually referred to as a
@@ -249,7 +254,7 @@
       

 

 

-Example split DNS setup

+Example split DNS setup

 

         Let's say a company named Example, Inc.
         (example.com)
@@ -506,7 +511,7 @@ nameserver 172.16.72.4
       

 

 

-Generate Shared Keys for Each Pair of Hosts

+Generate Shared Keys for Each Pair of Hosts

 

           A shared secret is generated to be shared between host1 and host2.
           An arbitrary key name is chosen: "host1-host2.". The key name must
@@ -514,7 +519,7 @@ nameserver 172.16.72.4
         

 

 

-Automatic Generation

+Automatic Generation

 

             The following command will generate a 128-bit (16 byte) HMAC-SHA256
             key as described above. Longer keys are better, but shorter keys
@@ -538,7 +543,7 @@ nameserver 172.16.72.4
 
 

 

-Manual Generation

+Manual Generation

 

             The shared secret is simply a random sequence of bits, encoded
             in base-64. Most ASCII strings are valid base-64 strings (assuming
@@ -553,7 +558,7 @@ nameserver 172.16.72.4
 
 

 

-Copying the Shared Secret to Both Machines

+Copying the Shared Secret to Both Machines

 

           This is beyond the scope of DNS. A secure transport mechanism
           should be used. This could be secure FTP, ssh, telephone, etc.
@@ -561,7 +566,7 @@ nameserver 172.16.72.4
 
 

 

-Informing the Servers of the Key's Existence

+Informing the Servers of the Key's Existence

 

           Imagine host1 and host 2
           are
@@ -588,7 +593,7 @@ key host1-host2. {
 
 

 

-Instructing the Server to Use the Key

+Instructing the Server to Use the Key

 

           Since keys are shared between two hosts only, the server must
           be told when keys are to be used. The following is added to the named.conf file
@@ -620,7 +625,7 @@ server 10.1.2.3 {
 
 

 

-TSIG Key Based Access Control

+TSIG Key Based Access Control

 

           BIND allows IP addresses and ranges
           to be specified in ACL
@@ -647,7 +652,7 @@ allow-update { key host1-host2. ;};
 
 

 

-Errors

+Errors

 

           The processing of TSIG signed messages can result in
           several errors. If a signed message is sent to a non-TSIG aware
@@ -673,7 +678,7 @@ allow-update { key host1-host2. ;};
 
 

 

-TKEY

+TKEY

 
TKEY
         is a mechanism for automatically generating a shared secret
         between two hosts.  There are several "modes" of
@@ -709,7 +714,7 @@ allow-update { key host1-host2. ;};
 
 

 

-SIG(0)

+SIG(0)

 

         BIND 9 partially supports DNSSEC SIG(0)
             transaction signatures as specified in RFC 2535 and RFC 2931.
@@ -770,7 +775,7 @@ allow-update { key host1-host2. ;};
       

 

 

-Generating Keys

+Generating Keys

 

           The dnssec-keygen program is used to
           generate keys.
@@ -826,7 +831,7 @@ allow-update { key host1-host2. ;};
 
 

 

-Signing the Zone

+Signing the Zone

 

           The dnssec-signzone program is used
           to sign a zone.
@@ -868,7 +873,7 @@ allow-update { key host1-host2. ;};
 
 

 

-Configuring Servers

+Configuring Servers

 

           To enable named to respond appropriately
           to DNS requests from DNSSEC aware clients,
@@ -1014,7 +1019,7 @@ options {
 
 

 

-IPv6 Support in BIND 9

+IPv6 Support in BIND 9

 

         BIND 9 fully supports all currently
         defined forms of IPv6 name to address and address to name
@@ -1052,7 +1057,7 @@ options {
       

 

 

-Address Lookups Using AAAA Records

+Address Lookups Using AAAA Records

 

           The IPv6 AAAA record is a parallel to the IPv4 A record,
           and, unlike the deprecated A6 record, specifies the entire
@@ -1071,7 +1076,7 @@ host            3600    IN      AAAA    2001:db8::1
 
 

 

-Address to Name Lookups Using Nibble Format

+Address to Name Lookups Using Nibble Format

 

           When looking up an address in nibble format, the address
           components are simply reversed, just as in IPv4, and
diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html
index cc6bc909f9..c4d9bb4c3a 100644
--- a/doc/arm/Bv9ARM.ch05.html
+++ b/doc/arm/Bv9ARM.ch05.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,13 +45,13 @@
 

 
Table of Contents

 

-
The Lightweight Resolver Library

+
The Lightweight Resolver Library

 
Running a Resolver Daemon

 

 

 

 

-The Lightweight Resolver Library

+The Lightweight Resolver Library

 

         Traditionally applications have been linked with a stub resolver
         library that sends recursive DNS queries to a local caching name
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 9f29f39889..580aeaa4d9 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -48,58 +48,58 @@
 
Configuration File Elements

 

 
Address Match Lists

-
Comment Syntax

+
Comment Syntax

 

 
Configuration File Grammar

 

-
acl Statement Grammar

+
acl Statement Grammar

 
acl Statement Definition and
           Usage

-
controls Statement Grammar

+
controls Statement Grammar

 
controls Statement Definition and
           Usage

-
include Statement Grammar

-
include Statement Definition and
+
include Statement Grammar

+
include Statement Definition and
           Usage

-
key Statement Grammar

-
key Statement Definition and Usage

-
logging Statement Grammar

-
logging Statement Definition and
+
key Statement Grammar

+
key Statement Definition and Usage

+
logging Statement Grammar

+
logging Statement Definition and
           Usage

-
lwres Statement Grammar

-
lwres Statement Definition and Usage

-
masters Statement Grammar

-
masters Statement Definition and
+
lwres Statement Grammar

+
lwres Statement Definition and Usage

+
masters Statement Grammar

+
masters Statement Definition and
           Usage

-
options Statement Grammar

+
options Statement Grammar

 
options Statement Definition and
           Usage

 
server Statement Grammar

 
server Statement Definition and
             Usage

 
statistics-channels Statement Grammar

-
statistics-channels Statement Definition and
+
statistics-channels Statement Definition and
             Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
             and Usage

-
managed-keys Statement Grammar

-
managed-keys Statement Definition
+
managed-keys Statement Grammar

+
managed-keys Statement Definition
             and Usage

 
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage

 
zone
             Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

 

-
Zone File

+
Zone File

 

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 
Additional File Formats

 

 
BIND9 Statistics

@@ -477,7 +477,7 @@
 Address Match Lists
 

 

-Syntax

+Syntax

 
address_match_list = address_match_list_element ;
   [ address_match_list_element; ... ]
 address_match_list_element = [ ! ] (ip_address [/length] |
@@ -486,7 +486,7 @@
 
 

 

-Definition and Usage

+Definition and Usage

 

             Address match lists are primarily used to determine access
             control for various server operations. They are also used in
@@ -570,7 +570,7 @@
 
 

 

-Comment Syntax

+Comment Syntax

 

           The BIND 9 comment syntax allows for
           comments to appear
@@ -580,7 +580,7 @@
         

 

 

-Syntax

+Syntax

 

             

 
/* This is a BIND comment as in C */

@@ -596,7 +596,7 @@
 
 

 

-Definition and Usage

+Definition and Usage

 

             Comments may appear anywhere that whitespace may appear in
             a BIND configuration file.
@@ -848,7 +848,7 @@
       

 

 

-acl Statement Grammar

+acl Statement Grammar

 
acl acl-name {
     address_match_list
 };
@@ -930,7 +930,7 @@
 
 

 

-controls Statement Grammar

+controls Statement Grammar

 
controls {
    [ inet ( ip_addr | * ) [ port ip_port ]
                 allow {  address_match_list  }
@@ -1054,12 +1054,12 @@
 
 

 

-include Statement Grammar

+include Statement Grammar

 
include filename;

 
 

 

-include Statement Definition and
+include Statement Definition and
           Usage

 

           The include statement inserts the
@@ -1074,7 +1074,7 @@
 

 

 

-key Statement Grammar

+key Statement Grammar

 
key key_id {
     algorithm string;
     secret string;
@@ -1083,7 +1083,7 @@
 
 

 

-key Statement Definition and Usage

+key Statement Definition and Usage

 

           The key statement defines a shared
           secret key for use with TSIG (see the section called “TSIG”)
@@ -1130,7 +1130,7 @@
 
 

 

-logging Statement Grammar

+logging Statement Grammar

 
logging {
    [ channel channel_name {
      ( file path_name
@@ -1154,7 +1154,7 @@
 
 

 

-logging Statement Definition and
+logging Statement Definition and
           Usage

 

           The logging statement configures a
@@ -1188,7 +1188,7 @@
         

 

 

-The channel Phrase

+The channel Phrase

 

             All log output goes to one or more channels;
             you can make as many of them as you want.
@@ -1753,7 +1753,7 @@ category notify { null; };
 
 

 

-The query-errors Category

+The query-errors Category

 

             The query-errors category is
             specifically intended for debugging purposes: To identify
@@ -1981,7 +1981,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
 
 

 

-lwres Statement Grammar

+lwres Statement Grammar

 

            This is the grammar of the lwres
           statement in the named.conf file:
@@ -1997,7 +1997,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
 
 

 

-lwres Statement Definition and Usage

+lwres Statement Definition and Usage

 

           The lwres statement configures the
           name
@@ -2048,7 +2048,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
 
 

 

-masters Statement Grammar

+masters Statement Grammar

 
 masters name [port ip_port] { ( masters_list | 
       ip_addr [port ip_port] [key key] ) ; [...] };
@@ -2056,7 +2056,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
 
 

 

-masters Statement Definition and
+masters Statement Definition and
           Usage

 
masters
           lists allow for a common set of masters to be easily used by
@@ -2065,7 +2065,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
 

 

 

-options Statement Grammar

+options Statement Grammar

 

           This is the grammar of the options
           statement in the named.conf file:
@@ -3478,7 +3478,7 @@ options {
 
 

 

-Forwarding

+Forwarding

 

             The forwarding facility can be used to create a large site-wide
             cache on a few servers, reducing traffic over links to external
@@ -3522,7 +3522,7 @@ options {
 
 

 

-Dual-stack Servers

+Dual-stack Servers

 

             Dual-stack servers are used as servers of last resort to work
             around
@@ -3719,7 +3719,7 @@ options {
 
 

 

-Interfaces

+Interfaces

 

             The interfaces and ports that the server will answer queries
             from may be specified using the listen-on option. listen-on takes
@@ -4171,7 +4171,7 @@ avoid-v6-udp-ports {};
 
 

 

-UDP Port Lists

+UDP Port Lists

 

             use-v4-udp-ports,
             avoid-v4-udp-ports,
@@ -4213,7 +4213,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 
 

 

-Operating System Resource Limits

+Operating System Resource Limits

 

             The server's usage of many system resources can be limited.
             Scaled values are allowed when specifying resource limits.  For
@@ -4375,7 +4375,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 
 

 

-Periodic Task Intervals

+Periodic Task Intervals

 

 
cleaning-interval

 

@@ -5171,7 +5171,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 

 

 

-Content Filtering

+Content Filtering

 

             BIND 9 provides the ability to filter
             out DNS responses from external DNS servers containing
@@ -5501,7 +5501,7 @@ deny-answer-aliases { "example.net"; };
 
 

 

-statistics-channels Statement Definition and
+statistics-channels Statement Definition and
             Usage

 

           The statistics-channels statement
@@ -5552,7 +5552,7 @@ deny-answer-aliases { "example.net"; };
 

 

 

-trusted-keys Statement Grammar

+trusted-keys Statement Grammar

 
trusted-keys {
     string number number number string ;
     [ string number number number string ; [...]]
@@ -5561,7 +5561,7 @@ deny-answer-aliases { "example.net"; };
 
 

 

-trusted-keys Statement Definition
+trusted-keys Statement Definition
             and Usage

 

             The trusted-keys statement defines
@@ -5601,7 +5601,7 @@ deny-answer-aliases { "example.net"; };
 

 

 

-managed-keys Statement Grammar

+managed-keys Statement Grammar

 
managed-keys {
     string initial-key number number number string ;
     [ string initial-key number number number string ; [...]]
@@ -5610,7 +5610,7 @@ deny-answer-aliases { "example.net"; };
 
 

 

-managed-keys Statement Definition
+managed-keys Statement Definition
             and Usage

 

             The managed-keys statement, like 
@@ -5736,7 +5736,7 @@ deny-answer-aliases { "example.net"; };
 

 

 

-view Statement Definition and Usage

+view Statement Definition and Usage

 

             The view statement is a powerful
             feature
@@ -6016,10 +6016,10 @@ zone zone_name [
 

 

-zone Statement Definition and Usage

+zone Statement Definition and Usage

 

 

-Zone Types

+Zone Types

 

 
 

@@ -6230,7 +6230,7 @@ zone zone_name [
 

 

-Class

+Class

 

               The zone's name may optionally be followed by a class. If
               a class is not specified, class IN (for Internet),
@@ -6252,7 +6252,7 @@ zone zone_name [
 

 

-Zone Options

+Zone Options

 

 
allow-notify

 

@@ -6922,7 +6922,7 @@ zone zone_name [
 

 

-Zone File

+Zone File

 

 

 Types of Resource Records and When to Use Them

@@ -6935,7 +6935,7 @@ zone zone_name [
 

 

-Resource Records

+Resource Records

 

               A domain name identifies a node.  Each node has a set of
               resource information, which may be empty.  The set of resource
@@ -7672,7 +7672,7 @@ zone zone_name [
 

 

-Textual expression of RRs

+Textual expression of RRs

 

               RRs are represented in binary form in the packets of the DNS
               protocol, and are usually represented in highly encoded form
@@ -7875,7 +7875,7 @@ zone zone_name [
 

 

-Discussion of MX Records

+Discussion of MX Records

 

             As described above, domain servers store information as a
             series of resource records, each of which contains a particular
@@ -8131,7 +8131,7 @@ zone zone_name [
 

 

-Inverse Mapping in IPv4

+Inverse Mapping in IPv4

 

             Reverse name resolution (that is, translation from IP address
             to name) is achieved by means of the in-addr.arpa domain
@@ -8192,7 +8192,7 @@ zone zone_name [
 

 

-Other Zone File Directives

+Other Zone File Directives

 

             The Master File Format was initially defined in RFC 1035 and
             has subsequently been extended. While the Master File Format
@@ -8207,7 +8207,7 @@ zone zone_name [
 

 

-The @ (at-sign)

+The @ (at-sign)

 

               When used in the label (or name) field, the asperand or
               at-sign (@) symbol represents the current origin.
@@ -8218,7 +8218,7 @@ zone zone_name [
 

 

-The $ORIGIN Directive

+The $ORIGIN Directive

 

               Syntax: $ORIGIN
               domain-name
@@ -8247,7 +8247,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $INCLUDE Directive

+The $INCLUDE Directive

 

               Syntax: $INCLUDE
               filename
@@ -8283,7 +8283,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $TTL Directive

+The $TTL Directive

 

               Syntax: $TTL
               default-ttl
@@ -8302,7 +8302,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-BIND Master File Extension: the  $GENERATE Directive

+BIND Master File Extension: the  $GENERATE Directive

 

             Syntax: $GENERATE
             range
@@ -8726,7 +8726,7 @@ HOST-127.EXAMPLE. MX 0 .
           

 

 

-Name Server Statistics Counters

+Name Server Statistics Counters

 

 
 

@@ -9283,7 +9283,7 @@ HOST-127.EXAMPLE. MX 0 .
 
 

 

-Zone Maintenance Statistics Counters

+Zone Maintenance Statistics Counters

 

 
 

@@ -9437,7 +9437,7 @@ HOST-127.EXAMPLE. MX 0 .
 
 

 

-Resolver Statistics Counters

+Resolver Statistics Counters

 

 
 

@@ -9820,7 +9820,7 @@ HOST-127.EXAMPLE. MX 0 .
 
 

 

-Socket I/O Statistics Counters

+Socket I/O Statistics Counters

 

               Socket I/O statistics counters are defined per socket
               types, which are
@@ -9975,7 +9975,7 @@ HOST-127.EXAMPLE. MX 0 .
 
 

 

-Compatibility with BIND 8 Counters

+Compatibility with BIND 8 Counters

 

               Most statistics counters that were available
               in BIND 8 are also supported in
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 94bd04a7a5..bd89bede94 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -46,10 +46,10 @@
 
Table of Contents

 

 
Access Control Lists

-
Chroot and Setuid

+
Chroot and Setuid

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

@@ -122,7 +122,7 @@ zone "example.com" {
 
 

 

-Chroot and Setuid
+Chroot and Setuid
 

 

           On UNIX servers, it is possible to run BIND
@@ -148,7 +148,7 @@ zone "example.com" {
         

 

 

-The chroot Environment

+The chroot Environment

 

             In order for a chroot environment
             to
@@ -176,7 +176,7 @@ zone "example.com" {
 
 

 

-Using the setuid Function

+Using the setuid Function

 

             Prior to running the named daemon,
             use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index c09d4ef774..546b7f3bf0 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,18 +45,18 @@
 

 
Table of Contents

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 

 

 

-Common Problems

+Common Problems

 

 

-It's not working; how can I figure out what's wrong?

+It's not working; how can I figure out what's wrong?

 

             The best solution to solving installation and
             configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
 
 

 

-Incrementing and Changing the Serial Number

+Incrementing and Changing the Serial Number

 

           Zone serial numbers are just numbers — they aren't
           date related.  A lot of people set them to a number that
@@ -95,7 +95,7 @@
 
 

 

-Where Can I Get Help?

+Where Can I Get Help?

 

           The Internet Systems Consortium
           (ISC) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index ba5bd7fb7a..fe3f8a99a8 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,21 +45,21 @@
 

 
Table of Contents

 

-
Acknowledgments

+
Acknowledgments

 
A Brief History of the DNS and BIND

-
General DNS Reference Information

+
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

 

 

 

-Acknowledgments

+Acknowledgments

 

 

 A Brief History of the DNS and BIND
@@ -162,7 +162,7 @@
 

 

 

-General DNS Reference Information

+General DNS Reference Information

 

 

 IPv6 addresses (AAAA)

@@ -250,17 +250,17 @@
           

 

 

-Bibliography

+Bibliography

 

 
Standards

 

-
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

+
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

 

 

-
[RFC1034] P.V. Mockapetris. Domain Names — Concepts and Facilities. November 1987. 

+
[RFC1034] P.V. Mockapetris. Domain Names — Concepts and Facilities. November 1987. 

 

 

-
[RFC1035] P. V. Mockapetris. Domain Names — Implementation and
+
[RFC1035] P. V. Mockapetris. Domain Names — Implementation and
                   Specification. November 1987. 

 

 

@@ -268,42 +268,42 @@
 

 Proposed Standards

 

-
[RFC2181] R., R. Bush Elz. Clarifications to the DNS
+
[RFC2181] R., R. Bush Elz. Clarifications to the DNS
                   Specification. July 1997. 

 

 

-
[RFC2308] M. Andrews. Negative Caching of DNS
+
[RFC2308] M. Andrews. Negative Caching of DNS
                   Queries. March 1998. 

 

 

-
[RFC1995] M. Ohta. Incremental Zone Transfer in DNS. August 1996. 

+
[RFC1995] M. Ohta. Incremental Zone Transfer in DNS. August 1996. 

 

 

-
[RFC1996] P. Vixie. A Mechanism for Prompt Notification of Zone Changes. August 1996. 

+
[RFC1996] P. Vixie. A Mechanism for Prompt Notification of Zone Changes. August 1996. 

 

 

-
[RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic Updates in the Domain Name System. April 1997. 

+
[RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic Updates in the Domain Name System. April 1997. 

 

 

-
[RFC2671] P. Vixie. Extension Mechanisms for DNS (EDNS0). August 1997. 

+
[RFC2671] P. Vixie. Extension Mechanisms for DNS (EDNS0). August 1997. 

 

 

-
[RFC2672] M. Crawford. Non-Terminal DNS Name Redirection. August 1999. 

+
[RFC2672] M. Crawford. Non-Terminal DNS Name Redirection. August 1999. 

 

 

-
[RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington. Secret Key Transaction Authentication for DNS (TSIG). May 2000. 

+
[RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington. Secret Key Transaction Authentication for DNS (TSIG). May 2000. 

 

 

-
[RFC2930] D. Eastlake, 3rd. Secret Key Establishment for DNS (TKEY RR). September 2000. 

+
[RFC2930] D. Eastlake, 3rd. Secret Key Establishment for DNS (TKEY RR). September 2000. 

 

 

-
[RFC2931] D. Eastlake, 3rd. DNS Request and Transaction Signatures (SIG(0)s). September 2000. 

+
[RFC2931] D. Eastlake, 3rd. DNS Request and Transaction Signatures (SIG(0)s). September 2000. 

 

 

-
[RFC3007] B. Wellington. Secure Domain Name System (DNS) Dynamic Update. November 2000. 

+
[RFC3007] B. Wellington. Secure Domain Name System (DNS) Dynamic Update. November 2000. 

 

 

-
[RFC3645] S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead, and R. Hall. Generic Security Service Algorithm for Secret
+
[RFC3645] S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead, and R. Hall. Generic Security Service Algorithm for Secret
                        Key Transaction Authentication for DNS
                        (GSS-TSIG). October 2003. 

 

@@ -312,19 +312,19 @@
 

 DNS Security Proposed Standards

 

-
[RFC3225] D. Conrad. Indicating Resolver Support of DNSSEC. December 2001. 

+
[RFC3225] D. Conrad. Indicating Resolver Support of DNSSEC. December 2001. 

 

 

-
[RFC3833] D. Atkins and R. Austein. Threat Analysis of the Domain Name System (DNS). August 2004. 

+
[RFC3833] D. Atkins and R. Austein. Threat Analysis of the Domain Name System (DNS). August 2004. 

 

 

-
[RFC4033] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS Security Introduction and Requirements. March 2005. 

+
[RFC4033] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS Security Introduction and Requirements. March 2005. 

 

 

-
[RFC4034] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Resource Records for the DNS Security Extensions. March 2005. 

+
[RFC4034] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Resource Records for the DNS Security Extensions. March 2005. 

 

 

-
[RFC4035] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Protocol Modifications for the DNS
+
[RFC4035] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Protocol Modifications for the DNS
                        Security Extensions. March 2005. 

 

 
@@ -332,146 +332,146 @@
 
Other Important RFCs About DNS
                 Implementation

 

-
[RFC1535] E. Gavron. A Security Problem and Proposed Correction With Widely
+
[RFC1535] E. Gavron. A Security Problem and Proposed Correction With Widely
                   Deployed DNS Software.. October 1993. 

 

 

-
[RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation
+
[RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation
                   Errors and Suggested Fixes. October 1993. 

 

 

-
[RFC1982] R. Elz and R. Bush. Serial Number Arithmetic. August 1996. 

+
[RFC1982] R. Elz and R. Bush. Serial Number Arithmetic. August 1996. 

 

 

-
[RFC4074] Y. Morishita and T. Jinmei. Common Misbehaviour Against DNS
+
[RFC4074] Y. Morishita and T. Jinmei. Common Misbehaviour Against DNS
                 Queries for IPv6 Addresses. May 2005. 

 

 
 

 
Resource Record Types

 

-
[RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris. New DNS RR Definitions. October 1990. 

+
[RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris. New DNS RR Definitions. October 1990. 

 

 

-
[RFC1706] B. Manning and R. Colella. DNS NSAP Resource Records. October 1994. 

+
[RFC1706] B. Manning and R. Colella. DNS NSAP Resource Records. October 1994. 

 

 

-
[RFC2168] R. Daniel and M. Mealling. Resolution of Uniform Resource Identifiers using
+
[RFC2168] R. Daniel and M. Mealling. Resolution of Uniform Resource Identifiers using
                   the Domain Name System. June 1997. 

 

 

-
[RFC1876] C. Davis, P. Vixie, T., and I. Dickinson. A Means for Expressing Location Information in the
+
[RFC1876] C. Davis, P. Vixie, T., and I. Dickinson. A Means for Expressing Location Information in the
                   Domain
                   Name System. January 1996. 

 

 

-
[RFC2052] A. Gulbrandsen and P. Vixie. A DNS RR for Specifying the
+
[RFC2052] A. Gulbrandsen and P. Vixie. A DNS RR for Specifying the
                   Location of
                   Services.. October 1996. 

 

 

-
[RFC2163] A. Allocchio. Using the Internet DNS to
+
[RFC2163] A. Allocchio. Using the Internet DNS to
                   Distribute MIXER
                   Conformant Global Address Mapping. January 1998. 

 

 

-
[RFC2230] R. Atkinson. Key Exchange Delegation Record for the DNS. October 1997. 

+
[RFC2230] R. Atkinson. Key Exchange Delegation Record for the DNS. October 1997. 

 

 

-
[RFC2536] D. Eastlake, 3rd. DSA KEYs and SIGs in the Domain Name System (DNS). March 1999. 

+
[RFC2536] D. Eastlake, 3rd. DSA KEYs and SIGs in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2537] D. Eastlake, 3rd. RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). March 1999. 

+
[RFC2537] D. Eastlake, 3rd. RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2538] D. Eastlake, 3rd and O. Gudmundsson. Storing Certificates in the Domain Name System (DNS). March 1999. 

+
[RFC2538] D. Eastlake, 3rd and O. Gudmundsson. Storing Certificates in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2539] D. Eastlake, 3rd. Storage of Diffie-Hellman Keys in the Domain Name System (DNS). March 1999. 

+
[RFC2539] D. Eastlake, 3rd. Storage of Diffie-Hellman Keys in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2540] D. Eastlake, 3rd. Detached Domain Name System (DNS) Information. March 1999. 

+
[RFC2540] D. Eastlake, 3rd. Detached Domain Name System (DNS) Information. March 1999. 

 

 

-
[RFC2782] A. Gulbrandsen. P. Vixie. L. Esibov. A DNS RR for specifying the location of services (DNS SRV). February 2000. 

+
[RFC2782] A. Gulbrandsen. P. Vixie. L. Esibov. A DNS RR for specifying the location of services (DNS SRV). February 2000. 

 

 

-
[RFC2915] M. Mealling. R. Daniel. The Naming Authority Pointer (NAPTR) DNS Resource Record. September 2000. 

+
[RFC2915] M. Mealling. R. Daniel. The Naming Authority Pointer (NAPTR) DNS Resource Record. September 2000. 

 

 

-
[RFC3110] D. Eastlake, 3rd. RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). May 2001. 

+
[RFC3110] D. Eastlake, 3rd. RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). May 2001. 

 

 

-
[RFC3123] P. Koch. A DNS RR Type for Lists of Address Prefixes (APL RR). June 2001. 

+
[RFC3123] P. Koch. A DNS RR Type for Lists of Address Prefixes (APL RR). June 2001. 

 

 

-
[RFC3596] S. Thomson, C. Huitema, V. Ksinant, and M. Souissi. DNS Extensions to support IP
+
[RFC3596] S. Thomson, C. Huitema, V. Ksinant, and M. Souissi. DNS Extensions to support IP
                   version 6. October 2003. 

 

 

-
[RFC3597] A. Gustafsson. Handling of Unknown DNS Resource Record (RR) Types. September 2003. 

+
[RFC3597] A. Gustafsson. Handling of Unknown DNS Resource Record (RR) Types. September 2003. 

 

 

 

 

 DNS and the Internet

 

-
[RFC1101] P. V. Mockapetris. DNS Encoding of Network Names
+
[RFC1101] P. V. Mockapetris. DNS Encoding of Network Names
                   and Other Types. April 1989. 

 

 

-
[RFC1123] Braden. Requirements for Internet Hosts - Application and
+
[RFC1123] Braden. Requirements for Internet Hosts - Application and
                   Support. October 1989. 

 

 

-
[RFC1591] J. Postel. Domain Name System Structure and Delegation. March 1994. 

+
[RFC1591] J. Postel. Domain Name System Structure and Delegation. March 1994. 

 

 

-
[RFC2317] H. Eidnes, G. de Groot, and P. Vixie. Classless IN-ADDR.ARPA Delegation. March 1998. 

+
[RFC2317] H. Eidnes, G. de Groot, and P. Vixie. Classless IN-ADDR.ARPA Delegation. March 1998. 

 

 

-
[RFC2826] Internet Architecture Board. IAB Technical Comment on the Unique DNS Root. May 2000. 

+
[RFC2826] Internet Architecture Board. IAB Technical Comment on the Unique DNS Root. May 2000. 

 

 

-
[RFC2929] D. Eastlake, 3rd, E. Brunner-Williams, and B. Manning. Domain Name System (DNS) IANA Considerations. September 2000. 

+
[RFC2929] D. Eastlake, 3rd, E. Brunner-Williams, and B. Manning. Domain Name System (DNS) IANA Considerations. September 2000. 

 

 

 

 

 DNS Operations

 

-
[RFC1033] M. Lottor. Domain administrators operations guide.. November 1987. 

+
[RFC1033] M. Lottor. Domain administrators operations guide.. November 1987. 

 

 

-
[RFC1537] P. Beertema. Common DNS Data File
+
[RFC1537] P. Beertema. Common DNS Data File
                   Configuration Errors. October 1993. 

 

 

-
[RFC1912] D. Barr. Common DNS Operational and
+
[RFC1912] D. Barr. Common DNS Operational and
                   Configuration Errors. February 1996. 

 

 

-
[RFC2010] B. Manning and P. Vixie. Operational Criteria for Root Name Servers.. October 1996. 

+
[RFC2010] B. Manning and P. Vixie. Operational Criteria for Root Name Servers.. October 1996. 

 

 

-
[RFC2219] M. Hamilton and R. Wright. Use of DNS Aliases for
+
[RFC2219] M. Hamilton and R. Wright. Use of DNS Aliases for
                   Network Services.. October 1997. 

 

 

 

 
Internationalized Domain Names

 

-
[RFC2825] IAB and R. Daigle. A Tangled Web: Issues of I18N, Domain Names,
+
[RFC2825] IAB and R. Daigle. A Tangled Web: Issues of I18N, Domain Names,
                        and the Other Internet protocols. May 2000. 

 

 

-
[RFC3490] P. Faltstrom, P. Hoffman, and A. Costello. Internationalizing Domain Names in Applications (IDNA). March 2003. 

+
[RFC3490] P. Faltstrom, P. Hoffman, and A. Costello. Internationalizing Domain Names in Applications (IDNA). March 2003. 

 

 

-
[RFC3491] P. Hoffman and M. Blanchet. Nameprep: A Stringprep Profile for Internationalized Domain Names. March 2003. 

+
[RFC3491] P. Hoffman and M. Blanchet. Nameprep: A Stringprep Profile for Internationalized Domain Names. March 2003. 

 

 

-
[RFC3492] A. Costello. Punycode: A Bootstring encoding of Unicode
+
[RFC3492] A. Costello. Punycode: A Bootstring encoding of Unicode
                        for Internationalized Domain Names in
                        Applications (IDNA). March 2003. 

 

@@ -487,47 +487,47 @@
                 

 

 

-
[RFC1464] R. Rosenbaum. Using the Domain Name System To Store Arbitrary String
+
[RFC1464] R. Rosenbaum. Using the Domain Name System To Store Arbitrary String
                   Attributes. May 1993. 

 

 

-
[RFC1713] A. Romao. Tools for DNS Debugging. November 1994. 

+
[RFC1713] A. Romao. Tools for DNS Debugging. November 1994. 

 

 

-
[RFC1794] T. Brisco. DNS Support for Load
+
[RFC1794] T. Brisco. DNS Support for Load
                   Balancing. April 1995. 

 

 

-
[RFC2240] O. Vaughan. A Legal Basis for Domain Name Allocation. November 1997. 

+
[RFC2240] O. Vaughan. A Legal Basis for Domain Name Allocation. November 1997. 

 

 

-
[RFC2345] J. Klensin, T. Wolf, and G. Oglesby. Domain Names and Company Name Retrieval. May 1998. 

+
[RFC2345] J. Klensin, T. Wolf, and G. Oglesby. Domain Names and Company Name Retrieval. May 1998. 

 

 

-
[RFC2352] O. Vaughan. A Convention For Using Legal Names as Domain Names. May 1998. 

+
[RFC2352] O. Vaughan. A Convention For Using Legal Names as Domain Names. May 1998. 

 

 

-
[RFC3071] J. Klensin. Reflections on the DNS, RFC 1591, and Categories of Domains. February 2001. 

+
[RFC3071] J. Klensin. Reflections on the DNS, RFC 1591, and Categories of Domains. February 2001. 

 

 

-
[RFC3258] T. Hardie. Distributing Authoritative Name Servers via
+
[RFC3258] T. Hardie. Distributing Authoritative Name Servers via
                        Shared Unicast Addresses. April 2002. 

 

 

-
[RFC3901] A. Durand and J. Ihren. DNS IPv6 Transport Operational Guidelines. September 2004. 

+
[RFC3901] A. Durand and J. Ihren. DNS IPv6 Transport Operational Guidelines. September 2004. 

 

 
 

 
Obsolete and Unimplemented Experimental RFC

 

-
[RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. DNS Encoding of Geographical
+
[RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. DNS Encoding of Geographical
                   Location. November 1994. 

 

 

-
[RFC2673] M. Crawford. Binary Labels in the Domain Name System. August 1999. 

+
[RFC2673] M. Crawford. Binary Labels in the Domain Name System. August 1999. 

 

 

-
[RFC2874] M. Crawford and C. Huitema. DNS Extensions to Support IPv6 Address Aggregation
+
[RFC2874] M. Crawford and C. Huitema. DNS Extensions to Support IPv6 Address Aggregation
                        and Renumbering. July 2000. 

 

 

@@ -541,39 +541,39 @@
                 

 
 

-
[RFC2065] D. Eastlake, 3rd and C. Kaufman. Domain Name System Security Extensions. January 1997. 

+
[RFC2065] D. Eastlake, 3rd and C. Kaufman. Domain Name System Security Extensions. January 1997. 

 

 

-
[RFC2137] D. Eastlake, 3rd. Secure Domain Name System Dynamic Update. April 1997. 

+
[RFC2137] D. Eastlake, 3rd. Secure Domain Name System Dynamic Update. April 1997. 

 

 

-
[RFC2535] D. Eastlake, 3rd. Domain Name System Security Extensions. March 1999. 

+
[RFC2535] D. Eastlake, 3rd. Domain Name System Security Extensions. March 1999. 

 

 

-
[RFC3008] B. Wellington. Domain Name System Security (DNSSEC)
+
[RFC3008] B. Wellington. Domain Name System Security (DNSSEC)
                        Signing Authority. November 2000. 

 

 

-
[RFC3090] E. Lewis. DNS Security Extension Clarification on Zone Status. March 2001. 

+
[RFC3090] E. Lewis. DNS Security Extension Clarification on Zone Status. March 2001. 

 

 

-
[RFC3445] D. Massey and S. Rose. Limiting the Scope of the KEY Resource Record (RR). December 2002. 

+
[RFC3445] D. Massey and S. Rose. Limiting the Scope of the KEY Resource Record (RR). December 2002. 

 

 

-
[RFC3655] B. Wellington and O. Gudmundsson. Redefinition of DNS Authenticated Data (AD) bit. November 2003. 

+
[RFC3655] B. Wellington and O. Gudmundsson. Redefinition of DNS Authenticated Data (AD) bit. November 2003. 

 

 

-
[RFC3658] O. Gudmundsson. Delegation Signer (DS) Resource Record (RR). December 2003. 

+
[RFC3658] O. Gudmundsson. Delegation Signer (DS) Resource Record (RR). December 2003. 

 

 

-
[RFC3755] S. Weiler. Legacy Resolver Compatibility for Delegation Signer (DS). May 2004. 

+
[RFC3755] S. Weiler. Legacy Resolver Compatibility for Delegation Signer (DS). May 2004. 

 

 

-
[RFC3757] O. Kolkman, J. Schlyter, and E. Lewis. Domain Name System KEY (DNSKEY) Resource Record
+
[RFC3757] O. Kolkman, J. Schlyter, and E. Lewis. Domain Name System KEY (DNSKEY) Resource Record
                       (RR) Secure Entry Point (SEP) Flag. April 2004. 

 

 

-
[RFC3845] J. Schlyter. DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format. August 2004. 

+
[RFC3845] J. Schlyter. DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format. August 2004. 

 

 
 
@@ -594,14 +594,14 @@
 
 

 

-Other Documents About BIND
+Other Documents About BIND
 

 

 

 

-Bibliography

+Bibliography

 

-
Paul Albitz and Cricket Liu. DNS and BIND. Copyright  1998 Sebastopol, CA: O'Reilly and Associates. 

+
Paul Albitz and Cricket Liu. DNS and BIND. Copyright  1998 Sebastopol, CA: O'Reilly and Associates. 

 

 
 
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index c72a127279..dedc24c5e5 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -92,34 +92,34 @@
 
Dynamic Update

 
The journal file

 
Incremental Zone Transfers (IXFR)

-
Split DNS

-
Example split DNS setup

+
Split DNS

+
Example split DNS setup

 
TSIG

 

-
Generate Shared Keys for Each Pair of Hosts

-
Copying the Shared Secret to Both Machines

-
Informing the Servers of the Key's Existence

-
Instructing the Server to Use the Key

-
TSIG Key Based Access Control

-
Errors

+
Generate Shared Keys for Each Pair of Hosts

+
Copying the Shared Secret to Both Machines

+
Informing the Servers of the Key's Existence

+
Instructing the Server to Use the Key

+
TSIG Key Based Access Control

+
Errors

 

-
TKEY

-
SIG(0)

+
TKEY

+
SIG(0)

 
DNSSEC

 

-
Generating Keys

-
Signing the Zone

-
Configuring Servers

+
Generating Keys

+
Signing the Zone

+
Configuring Servers

 

-
IPv6 Support in BIND 9

+
IPv6 Support in BIND 9

 

-
Address Lookups Using AAAA Records

-
Address to Name Lookups Using Nibble Format

+
Address Lookups Using AAAA Records

+
Address to Name Lookups Using Nibble Format

 

 
 
5. The BIND 9 Lightweight Resolver

 

-
The Lightweight Resolver Library

+
The Lightweight Resolver Library

 
Running a Resolver Daemon

 

 
6. BIND 9 Configuration Reference

@@ -127,58 +127,58 @@
 
Configuration File Elements

 

 
Address Match Lists

-
Comment Syntax

+
Comment Syntax

 

 
Configuration File Grammar

 

-
acl Statement Grammar

+
acl Statement Grammar

 
acl Statement Definition and
           Usage

-
controls Statement Grammar

+
controls Statement Grammar

 
controls Statement Definition and
           Usage

-
include Statement Grammar

-
include Statement Definition and
+
include Statement Grammar

+
include Statement Definition and
           Usage

-
key Statement Grammar

-
key Statement Definition and Usage

-
logging Statement Grammar

-
logging Statement Definition and
+
key Statement Grammar

+
key Statement Definition and Usage

+
logging Statement Grammar

+
logging Statement Definition and
           Usage

-
lwres Statement Grammar

-
lwres Statement Definition and Usage

-
masters Statement Grammar

-
masters Statement Definition and
+
lwres Statement Grammar

+
lwres Statement Definition and Usage

+
masters Statement Grammar

+
masters Statement Definition and
           Usage

-
options Statement Grammar

+
options Statement Grammar

 
options Statement Definition and
           Usage

 
server Statement Grammar

 
server Statement Definition and
             Usage

 
statistics-channels Statement Grammar

-
statistics-channels Statement Definition and
+
statistics-channels Statement Definition and
             Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
             and Usage

-
managed-keys Statement Grammar

-
managed-keys Statement Definition
+
managed-keys Statement Grammar

+
managed-keys Statement Definition
             and Usage

 
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage

 
zone
             Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

 

-
Zone File

+
Zone File

 

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 
Additional File Formats

 

 
BIND9 Statistics

@@ -187,31 +187,31 @@
 
7. BIND 9 Security Considerations

 

 
Access Control Lists

-
Chroot and Setuid

+
Chroot and Setuid

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

 
8. Troubleshooting

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 
A. Appendices

 

-
Acknowledgments

+
Acknowledgments

 
A Brief History of the DNS and BIND

-
General DNS Reference Information

+
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

 
I. Manual pages

diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html
index 46690a832d..7091a1d161 100644
--- a/doc/arm/man.ddns-confgen.html
+++ b/doc/arm/man.ddns-confgen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -48,7 +48,7 @@
 
ddns-confgen  [-a algorithm] [-h] [-k keyname] [-r randomfile] [ -s name  |   -z zone ] [-q] [name]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
ddns-confgen
       generates a key for use by nsupdate
       and named.  It simplifies configuration
@@ -75,7 +75,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -142,7 +142,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
nsupdate(1),
       named.conf(5),
       named(8),
@@ -150,7 +150,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index 0fdf61e8c8..f4abfd7253 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -52,7 +52,7 @@
 
dig  [global-queryopt...] [query...]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dig
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -98,7 +98,7 @@
     

 

 

-
SIMPLE USAGE

+
SIMPLE USAGE

 

       A typical invocation of dig looks like:
       

@@ -144,7 +144,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

       The -b option sets the source IP address of the query
       to address.  This must be a valid
@@ -248,7 +248,7 @@
     

 

 

-
QUERY OPTIONS

+
QUERY OPTIONS

 
dig
       provides a number of query options which affect
       the way in which lookups are made and the results displayed.  Some of
@@ -573,7 +573,7 @@
     

 

 

-
MULTIPLE QUERIES

+
MULTIPLE QUERIES

 

       The BIND 9 implementation of dig 
       supports
@@ -619,7 +619,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
IDN SUPPORT

+
IDN SUPPORT

 

       If dig has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
@@ -633,14 +633,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 
${HOME}/.digrc
     

 

 

-
SEE ALSO

+
SEE ALSO

 
host(1),
       named(8),
       dnssec-keygen(8),
@@ -648,7 +648,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
BUGS

+
BUGS

 

       There are probably too many query options.
     

diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html
index b2e5c4fe2c..a788ee198f 100644
--- a/doc/arm/man.dnssec-dsfromkey.html
+++ b/doc/arm/man.dnssec-dsfromkey.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -51,14 +51,14 @@
 
dnssec-dsfromkey  {-s} [-1] [-2] [-a alg] [-K directory] [-l domain] [-s] [-c class] [-f file] [-A] [-v level] {dnsname}

 

 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-dsfromkey
       outputs the Delegation Signer (DS) resource record (RR), as defined in
       RFC 3658 and RFC 4509, for the given key(s).
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-1

 

@@ -119,7 +119,7 @@
 

 

 

-
EXAMPLE

+
EXAMPLE

 

       To build the SHA-256 DS RR from the
       Kexample.com.+003+26160
@@ -134,7 +134,7 @@
     

 

 

-
FILES

+
FILES

 

       The keyfile can be designed by the key identification
       Knnnn.+aaa+iiiii or the full file name
@@ -148,13 +148,13 @@
     

 

 

-
CAVEAT

+
CAVEAT

 

       A keyfile error can give a "file not found" even if the file exists.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -164,7 +164,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html
index 5dff527eb8..2a2c26bdd9 100644
--- a/doc/arm/man.dnssec-keyfromlabel.html
+++ b/doc/arm/man.dnssec-keyfromlabel.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-keyfromlabel  {-l label} [-3] [-a algorithm] [-A date/offset] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-I date/offset] [-k] [-K directory] [-n nametype] [-P date/offset] [-p protocol] [-R date/offset] [-t type] [-v level] {name}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keyfromlabel
       gets keys with the given label from a crypto hardware and builds
       key files for DNSSEC (Secure DNS), as defined in RFC 2535
@@ -63,7 +63,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -174,7 +174,7 @@
 

 

 

-
TIMING OPTIONS

+
TIMING OPTIONS

 

       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -221,7 +221,7 @@
 

 
 

-
GENERATED KEY FILES

+
GENERATED KEY FILES

 

       When dnssec-keyfromlabel completes
       successfully,
@@ -260,7 +260,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -268,7 +268,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 5f96a5d2f8..a4cf2c8e8e 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-keygen  [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-E engine] [-e] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-K directory] [-k] [-P date/offset] [-p protocol] [-q] [-R date/offset] [-r randomdev] [-s strength] [-t type] [-v level] [-z] {name}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keygen
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC 4034.  It can also generate keys for use with
@@ -64,7 +64,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -256,7 +256,7 @@
 

 

 

-
TIMING OPTIONS

+
TIMING OPTIONS

 

       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -303,7 +303,7 @@
 

 
 

-
GENERATED KEYS

+
GENERATED KEYS

 

       When dnssec-keygen completes
       successfully,
@@ -349,7 +349,7 @@
     

 

 

-
EXAMPLE

+
EXAMPLE

 

       To generate a 768-bit DSA key for the domain
       example.com, the following command would be
@@ -370,7 +370,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
       RFC 2539,
@@ -379,7 +379,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html
index 90831056b8..cbb5929146 100644
--- a/doc/arm/man.dnssec-revoke.html
+++ b/doc/arm/man.dnssec-revoke.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-revoke  [-hr] [-v level] [-K directory] [-E engine] [-f] {keyfile}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-revoke
       reads a DNSSEC key file, sets the REVOKED bit on the key as defined
       in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-h

 

@@ -91,14 +91,14 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       BIND 9 Administrator Reference Manual,
       RFC 5011.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html
index 9fdcff4a94..53e7c3036d 100644
--- a/doc/arm/man.dnssec-settime.html
+++ b/doc/arm/man.dnssec-settime.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-settime  [-f] [-K directory] [-P date/offset] [-A date/offset] [-R date/offset] [-I date/offset] [-D date/offset] [-h] [-v level] [-E engine] {keyfile}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-settime
       reads a DNSSEC private key file and sets the key timing metadata
       as specified by the -P, -A,
@@ -75,7 +75,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-f

 

@@ -106,7 +106,7 @@
 

 

 

-
TIMING OPTIONS

+
TIMING OPTIONS

 

       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -151,7 +151,7 @@
 

 
 

-
PRINTING OPTIONS

+
PRINTING OPTIONS

 

       dnssec-settime can also be used to print the
       timing metadata associated with a key.
@@ -177,7 +177,7 @@
 

 
 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -185,7 +185,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index 40fb19ccc2..d9012f4b5c 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-signzone  [-a] [-c class] [-d directory] [-E engine] [-e end-time] [-f output-file] [-g] [-h] [-K directory] [-k key] [-l domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-p] [-P] [-r randomdev] [-S] [-s start-time] [-T ttl] [-t] [-u] [-v level] [-x] [-z] [-3 salt] [-H iterations] [-A] {zonefile} [key...]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-signzone
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -397,7 +397,7 @@
 

 

 

-
EXAMPLE

+
EXAMPLE

 

       The following command signs the example.com
       zone with the DSA key generated by dnssec-keygen
@@ -427,14 +427,14 @@ db.example.com.signed
 %
 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       BIND 9 Administrator Reference Manual,
       RFC 4033.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html
index 96702f5920..d75023bd25 100644
--- a/doc/arm/man.host.html
+++ b/doc/arm/man.host.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
host  [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] {name} [server]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
host
       is a simple utility for performing DNS lookups.
       It is normally used to convert names to IP addresses and vice versa.
@@ -202,7 +202,7 @@
     

 

 

-
IDN SUPPORT

+
IDN SUPPORT

 

       If host has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names. 
@@ -216,12 +216,12 @@
     

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dig(1),
       named(8).
     

diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index 6666ffc2c5..0dff65f058 100644
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,14 +50,14 @@
 
named-checkconf  [-h] [-v] [-j] [-t directory] {filename} [-p] [-z]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkconf
       checks the syntax, but not the semantics, of a named
       configuration file.
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-h

 

@@ -96,21 +96,21 @@
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkconf
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       named-checkzone(8),
       BIND 9 Administrator Reference Manual.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html
index 9428276636..e60a9418d9 100644
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -47,11 +47,11 @@
 
 

 
Synopsis

-
named-checkzone  [-d] [-h] [-j] [-q] [-v] [-c class] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-M mode] [-n mode] [-o filename] [-s style] [-S mode] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

-
named-compilezone  [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

+
named-checkzone  [-d] [-h] [-j] [-q] [-v] [-c class] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-M mode] [-n mode] [-s style] [-S mode] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

+
named-compilezone  [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {-o filename} {zonename} {filename}

 

 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkzone
       checks the syntax and integrity of a zone file.  It performs the
       same checks as named does when loading a
@@ -71,7 +71,7 @@
      

 

 

-
OPTIONS

+
OPTIONS

 

 
-d

 

@@ -257,14 +257,14 @@
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkzone
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       named-checkconf(8),
       RFC 1035,
@@ -272,7 +272,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index 022b40fae6..4fdad63b2e 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
named  [-4] [-6] [-c config-file] [-d debug-level] [-E engine-name] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-u user] [-v] [-V] [-x cache-file]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
named
       is a Domain Name System (DNS) server,
       part of the BIND 9 distribution from ISC.  For more
@@ -65,7 +65,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-4

 

@@ -246,7 +246,7 @@
 

 

 

-
SIGNALS

+
SIGNALS

 

       In routine operation, signals should not be used to control
       the nameserver; rndc should be used
@@ -267,7 +267,7 @@
     

 

 

-
CONFIGURATION

+
CONFIGURATION

 

       The named configuration file is too complex
       to describe in detail here.  A complete description is provided
@@ -284,7 +284,7 @@
     

 

 

-
FILES

+
FILES

 

 
/etc/named.conf

 

@@ -297,7 +297,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
RFC 1033,
       RFC 1034,
       RFC 1035,
@@ -310,7 +310,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index f0cdbbcbdf..69440bb2d3 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
nsupdate  [-d] [-D] [[-g] |  [-o] |  [-l] |  [-y [hmac:]keyname:secret] |  [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [filename]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
nsupdate
       is used to submit Dynamic DNS Update requests as defined in RFC 2136
       to a name server.
@@ -210,7 +210,7 @@
     

 

 

-
INPUT FORMAT

+
INPUT FORMAT

 
nsupdate
       reads input from
       filename
@@ -474,7 +474,7 @@
     

 

 

-
EXAMPLES

+
EXAMPLES

 

       The examples below show how
       nsupdate
@@ -528,7 +528,7 @@
     

 

 

-
FILES

+
FILES

 

 
/etc/resolv.conf

 

@@ -551,7 +551,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 

       RFC 2136,
       RFC 3007,
@@ -566,7 +566,7 @@
     

 

 

-
BUGS

+
BUGS

 

       The TSIG key is redundantly stored in two separate files.
       This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index 9ada0a4ac6..911024fef1 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
rndc-confgen  [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
rndc-confgen
       generates configuration files
       for rndc.  It can be used as a
@@ -66,7 +66,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -173,7 +173,7 @@
 

 

 

-
EXAMPLES

+
EXAMPLES

 

       To allow rndc to be used with
       no manual configuration, run
@@ -190,7 +190,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc.conf(5),
       named(8),
@@ -198,7 +198,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index c7f7bf2a4f..ab39c610f2 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
rndc.conf 

 
 

-
DESCRIPTION

+
DESCRIPTION

 
rndc.conf is the configuration file
       for rndc, the BIND 9 name server control
       utility.  This file has a similar structure and syntax to
@@ -135,7 +135,7 @@
     

 

 

-
EXAMPLE

+
EXAMPLE

 
       options {
         default-server  localhost;
@@ -209,7 +209,7 @@
     

 

 

-
NAME SERVER CONFIGURATION

+
NAME SERVER CONFIGURATION

 

       The name server must be configured to accept rndc connections and
       to recognize the key specified in the rndc.conf
@@ -219,7 +219,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc-confgen(8),
       mmencode(1),
@@ -227,7 +227,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index cbc194d37d..cdb4f9df8d 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
rndc  [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
rndc
       controls the operation of a name
       server.  It supersedes the ndc utility
@@ -79,7 +79,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-b source-address

 

@@ -151,7 +151,7 @@
     

 

 

-
LIMITATIONS

+
LIMITATIONS

 
rndc
       does not yet support all the commands of
       the BIND 8 ndc utility.
@@ -165,7 +165,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc.conf(5),
       rndc-confgen(8),
       named(8),
@@ -175,7 +175,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 


From 2c016c64f533171e1342c1914754b017026c8ad5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Wed, 11 Nov 2009 08:46:47 +0000
Subject: [PATCH 54/87] 2757.	[cleanup]	Enable internal symbol table
 for backtrace only for 			systems that are known to
 work.  Currently, BSD 			variants, Linux and Solaris are
 supported. [RT# 20202]

9.7.0rc1
---
 CHANGES      |  4 ++++
 configure.in | 26 +++++++++++++++++++-------
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index f4c4583f3e..0fa2895f28 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+2761.	[cleanup]	Enable internal symbol table for backtrace only for
+			systems that are known to work.  Currently, BSD
+			variants, Linux and Solaris are supported. [RT# 20202]
+
 2760.	[cleanup]	Corrected named-compilezone usage summary. [RT #20533]
 
 2759.	[doc]		Add information about .jbk/.jnw files to 
diff --git a/configure.in b/configure.in
index c8b476c9e9..c36f43992d 100644
--- a/configure.in
+++ b/configure.in
@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
 esyscmd([sed "s/^/# /" COPYRIGHT])dnl
 AC_DIVERT_POP()dnl
 
-AC_REVISION($Revision: 1.488 $)
+AC_REVISION($Revision: 1.489 $)
 
 AC_INIT(lib/dns/name.c)
 AC_PREREQ(2.59)
@@ -1367,8 +1367,7 @@ AC_ARG_ENABLE(symtable,
                           [[all|minimal(default)|none]]],
 		want_symtable="$enableval",  want_symtable="minimal")
 case $want_symtable in
-yes|all|minimal)
-	
+yes|all|minimal)     # "yes" is a hidden value equivalent to "minimal"
 	if test "$PERL" = ""
 	then
 		AC_MSG_ERROR([Internal symbol table requires perl but no perl is found.
@@ -1377,10 +1376,23 @@ Install perl or explicitly disable the feature by --disable-symtable.])
 	if test "$use_libtool" = "yes"; then
 		AC_MSG_WARN([Internal symbol table does not work with libtool.  Disabling symbol table.])
 	else
-		MKSYMTBL_PROGRAM="$PERL"
-		if test $want_symtable = all; then
-			ALWAYS_MAKE_SYMTABLE="yes"
-		fi
+		# we generate the internal symbol table only for those systems
+		# known to work to avoid unexpected build failure.  Also, warn
+		# about unsupported systems when the feature is enabled
+		#  manually.
+		case $host_os in
+		freebsd*|netbsd*|openbsd*|linux*|solaris*|darwin*)
+			MKSYMTBL_PROGRAM="$PERL"
+			if test $want_symtable = all; then
+				ALWAYS_MAKE_SYMTABLE="yes"
+			fi
+			;;
+		*)
+			if test $want_symtable = yes -o $want_symtable = all
+			then
+				AC_MSG_WARN([this system is not known to generate internal symbol table safely; disabling it])
+			fi
+		esac
 	fi
 	;;
 *)

From 06db2784b599f8b04f5effe2ce467e5d179785fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Wed, 11 Nov 2009 08:47:27 +0000
Subject: [PATCH 55/87] regen

---
 configure | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/configure b/configure
index dc84b5b0f4..16f3f5975e 100755
--- a/configure
+++ b/configure
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 #
-# $Id: configure,v 1.472 2009/11/03 23:18:11 jinmei Exp $
+# $Id: configure,v 1.473 2009/11/11 08:47:27 jinmei Exp $
 #
 # Portions Copyright (C) 1996-2001  Nominum, Inc.
 #
@@ -29,7 +29,7 @@
 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-# From configure.in Revision: 1.488 .
+# From configure.in Revision: 1.489 .
 # Guess values for system-dependent variables and create Makefiles.
 # Generated by GNU Autoconf 2.61.
 #
@@ -26177,8 +26177,7 @@ else
 fi
 
 case $want_symtable in
-yes|all|minimal)
-
+yes|all|minimal)     # "yes" is a hidden value equivalent to "minimal"
 	if test "$PERL" = ""
 	then
 		{ { echo "$as_me:$LINENO: error: Internal symbol table requires perl but no perl is found.
@@ -26191,10 +26190,24 @@ Install perl or explicitly disable the feature by --disable-symtable." >&2;}
 		{ echo "$as_me:$LINENO: WARNING: Internal symbol table does not work with libtool.  Disabling symbol table." >&5
 echo "$as_me: WARNING: Internal symbol table does not work with libtool.  Disabling symbol table." >&2;}
 	else
-		MKSYMTBL_PROGRAM="$PERL"
-		if test $want_symtable = all; then
-			ALWAYS_MAKE_SYMTABLE="yes"
-		fi
+		# we generate the internal symbol table only for those systems
+		# known to work to avoid unexpected build failure.  Also, warn
+		# about unsupported systems when the feature is enabled
+		#  manually.
+		case $host_os in
+		freebsd*|netbsd*|openbsd*|linux*|solaris*|darwin*)
+			MKSYMTBL_PROGRAM="$PERL"
+			if test $want_symtable = all; then
+				ALWAYS_MAKE_SYMTABLE="yes"
+			fi
+			;;
+		*)
+			if test $want_symtable = yes -o $want_symtable = all
+			then
+				{ echo "$as_me:$LINENO: WARNING: this system is not known to generate internal symbol table safely; disabling it" >&5
+echo "$as_me: WARNING: this system is not known to generate internal symbol table safely; disabling it" >&2;}
+			fi
+		esac
 	fi
 	;;
 *)

From aba6fd423409157e28c97a2980427563390ab0f0 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Wed, 11 Nov 2009 09:28:31 +0000
Subject: [PATCH 56/87] generate

---
 doc/private/SRCID | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 doc/private/SRCID

diff --git a/doc/private/SRCID b/doc/private/SRCID
new file mode 100644
index 0000000000..cb250507be
--- /dev/null
+++ b/doc/private/SRCID
@@ -0,0 +1,6 @@
+# $Id: SRCID,v 1.2 2009/11/11 09:28:31 tbox Exp $
+# 
+# This file must follow /bin/sh rules.  It is imported directly via
+# configure.
+#
+SRCID="( $Date: 2009/11/11 09:28:31 $ )"

From 0c3948e6066e8910edb3f6a7820bd42ffaefedf6 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Thu, 12 Nov 2009 02:59:20 +0000
Subject: [PATCH 57/87] 2761.   [bug]           DLV validation failed with a
 local slave DLV zone.                         [RT #20577]

---
 CHANGES         |  3 +++
 lib/dns/rbtdb.c | 17 +++++++++++------
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/CHANGES b/CHANGES
index 0fa2895f28..4579c45fe0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2762.	[bug]		DLV validation failed with a local slave DLV zone.
+			[RT #20577]
+
 2761.	[cleanup]	Enable internal symbol table for backtrace only for
 			systems that are known to work.  Currently, BSD
 			variants, Linux and Solaris are supported. [RT# 20202]
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index 1833335a7e..8e9e46d85e 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rbtdb.c,v 1.286 2009/11/06 03:26:59 each Exp $ */
+/* $Id: rbtdb.c,v 1.287 2009/11/12 02:59:20 each Exp $ */
 
 /*! \file */
 
@@ -3225,7 +3225,7 @@ matchparams(rdatasetheader_t *header, rbtdb_search_t *search)
 }
 
 static inline isc_result_t
-previous_close_nsec(dns_rdatatype_t type, rbtdb_search_t *search,
+previous_closest_nsec(dns_rdatatype_t type, rbtdb_search_t *search,
 		    dns_name_t *name, dns_name_t *origin,
 		    dns_rbtnode_t **nodep, dns_rbtnodechain_t *nsecchain,
 		    isc_boolean_t *firstp)
@@ -3285,6 +3285,8 @@ previous_close_nsec(dns_rdatatype_t type, rbtdb_search_t *search,
 			 * records.  Perhaps they lacked signature records.
 			 */
 			result = dns_rbtnodechain_prev(nsecchain, name, origin);
+			if (result == DNS_R_NEWORIGIN)
+				result = ISC_R_NOTFOUND;
 			if (result != ISC_R_SUCCESS)
 				return (result);
 		}
@@ -3310,6 +3312,9 @@ previous_close_nsec(dns_rdatatype_t type, rbtdb_search_t *search,
 		 * same name as the node in the auxiliary NSEC tree, except for
 		 * nodes in the auxiliary tree that are awaiting deletion.
 		 */
+		if (result == DNS_R_PARTIALMATCH)
+			result = ISC_R_NOTFOUND;
+
 		if (result != ISC_R_NOTFOUND) {
 			isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
 				      DNS_LOGMODULE_CACHE, ISC_LOG_ERROR,
@@ -3452,7 +3457,7 @@ find_closest_nsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
 				 * node as if it were empty and keep looking.
 				 */
 				empty_node = ISC_TRUE;
-				result = previous_close_nsec(type, search,
+				result = previous_closest_nsec(type, search,
 							name, origin, &prevnode,
 							&nsecchain, &first);
 			} else {
@@ -3468,9 +3473,9 @@ find_closest_nsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
 			 * This node isn't active.  We've got to keep
 			 * looking.
 			 */
-			result = previous_close_nsec(type, search,
-						     name, origin, &prevnode,
-						     &nsecchain, &first);
+			result = previous_closest_nsec(type, search,
+						       name, origin, &prevnode,
+						       &nsecchain, &first);
 		}
 		NODE_UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock),
 			    isc_rwlocktype_read);

From e9dff04d3bd9b7b247cad0f914ed80914a49bccc Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Thu, 12 Nov 2009 03:03:36 +0000
Subject: [PATCH 58/87] 2763.	[bug]		"rndc sign" didn't create an
 NSEC chain. [RT #20591]

---
 CHANGES        |   2 +
 lib/dns/zone.c | 122 ++++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 118 insertions(+), 6 deletions(-)

diff --git a/CHANGES b/CHANGES
index 4579c45fe0..4b20018109 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2763.	[bug]		"rndc sign" didn't create an NSEC chain. [RT #20591]
+
 2762.	[bug]		DLV validation failed with a local slave DLV zone.
 			[RT #20577]
 
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 4eaf8c12c6..3bae041ed4 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.526 2009/11/06 01:30:06 marka Exp $ */
+/* $Id: zone.c,v 1.527 2009/11/12 03:03:36 each Exp $ */
 
 /*! \file */
 
@@ -6025,6 +6025,7 @@ zone_nsec3chain(dns_zone_t *zone) {
 		}
 		dns_rdatasetiter_destroy(&iterator);
 		dns_db_detachnode(db, &node);
+
 		if (rebuild_nsec) {
 			result = updatesecure(db, version, &zone->origin,
 					      zone->minimum, ISC_TRUE,
@@ -6412,11 +6413,7 @@ zone_sign(dns_zone_t *zone) {
 	check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK);
 	keyset_kskonly = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_DNSKEYKSKONLY);
 
-	/*
-	 * If we have already determined that we are building a NSEC chain
-	 * continue to do so otherwise workout which type of chain we need
-	 * to be building if any.
-	 */
+	/* Determine which type of chain to build */
 	CHECK(dns_private_chains(db, version, zone->privatetype,
 				 &build_nsec, &build_nsec3));
 
@@ -6560,6 +6557,7 @@ zone_sign(dns_zone_t *zone) {
 				is_ksk = KSK(zone_keys[i]);
 			else
 				is_ksk = ISC_FALSE;
+
 			CHECK(sign_a_node(db, name, node, version, build_nsec3,
 					  build_nsec, zone_keys[i], inception,
 					  expire, zone->minimum, is_ksk,
@@ -13306,6 +13304,116 @@ next_keyevent(dst_key_t *key, isc_stdtime_t *timep) {
 	return (ISC_R_NOTFOUND);
 }
 
+static isc_result_t
+rr_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
+	  const dns_rdata_t *rdata, isc_boolean_t *flag)
+{
+	dns_rdataset_t rdataset;
+	dns_dbnode_t *node = NULL;
+	isc_result_t result;
+
+	dns_rdataset_init(&rdataset);
+	if (rdata->type == dns_rdatatype_nsec3)
+		CHECK(dns_db_findnsec3node(db, name, ISC_FALSE, &node));
+	else
+		CHECK(dns_db_findnode(db, name, ISC_FALSE, &node));
+	result = dns_db_findrdataset(db, node, ver, rdata->type, 0,
+				     (isc_stdtime_t) 0, &rdataset, NULL);
+	if (result == ISC_R_NOTFOUND) {
+		*flag = ISC_FALSE;
+		result = ISC_R_SUCCESS;
+		goto failure;
+	}
+
+	for (result = dns_rdataset_first(&rdataset);
+	     result == ISC_R_SUCCESS;
+	     result = dns_rdataset_next(&rdataset)) {
+		dns_rdata_t myrdata = DNS_RDATA_INIT;
+		dns_rdataset_current(&rdataset, &myrdata);
+		if (!dns_rdata_compare(&myrdata, rdata))
+			break;
+	}
+	dns_rdataset_disassociate(&rdataset);
+	if (result == ISC_R_SUCCESS) {
+		*flag = ISC_TRUE;
+	} else if (result == ISC_R_NOMORE) {
+		*flag = ISC_FALSE;
+		result = ISC_R_SUCCESS;
+	}
+
+ failure:
+	if (node != NULL)
+		dns_db_detachnode(db, &node);
+	return (result);
+}
+
+/*
+ * Add records to signal the state of signing or of key removal.
+ */
+static isc_result_t
+add_signing_records(dns_db_t *db, dns_rdatatype_t privatetype,
+                    dns_dbversion_t *ver, dns_diff_t *diff)
+{
+	dns_difftuple_t *tuple, *newtuple = NULL;
+	dns_rdata_dnskey_t dnskey;
+	dns_rdata_t rdata = DNS_RDATA_INIT;
+	isc_boolean_t flag;
+	isc_region_t r;
+	isc_result_t result = ISC_R_SUCCESS;
+	isc_uint16_t keyid;
+	unsigned char buf[5];
+	dns_name_t *name = dns_db_origin(db);
+
+	for (tuple = ISC_LIST_HEAD(diff->tuples);
+	     tuple != NULL;
+	     tuple = ISC_LIST_NEXT(tuple, link)) {
+		if (tuple->rdata.type != dns_rdatatype_dnskey)
+			continue;
+
+		dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL);
+		if ((dnskey.flags &
+		     (DNS_KEYFLAG_OWNERMASK|DNS_KEYTYPE_NOAUTH))
+			 != DNS_KEYOWNER_ZONE)
+			continue;
+
+		dns_rdata_toregion(&tuple->rdata, &r);
+
+		keyid = dst_region_computeid(&r, dnskey.algorithm);
+
+		buf[0] = dnskey.algorithm;
+		buf[1] = (keyid & 0xff00) >> 8;
+		buf[2] = (keyid & 0xff);
+		buf[3] = (tuple->op == DNS_DIFFOP_ADD) ? 0 : 1;
+		buf[4] = 0;
+		rdata.data = buf;
+		rdata.length = sizeof(buf);
+		rdata.type = privatetype;
+		rdata.rdclass = tuple->rdata.rdclass;
+
+		CHECK(rr_exists(db, ver, name, &rdata, &flag));
+		if (flag)
+			continue;
+		CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD,
+					   name, 0, &rdata, &newtuple));
+		CHECK(do_one_tuple(&newtuple, db, ver, diff));
+		INSIST(newtuple == NULL);
+		/*
+		 * Remove any record which says this operation has already
+		 * completed.
+		 */
+		buf[4] = 1;
+		CHECK(rr_exists(db, ver, name, &rdata, &flag));
+		if (flag) {
+			CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_DEL,
+						   name, 0, &rdata, &newtuple));
+			CHECK(do_one_tuple(&newtuple, db, ver, diff));
+			INSIST(newtuple == NULL);
+		}
+	}
+ failure:
+	return (result);
+}
+
 static isc_result_t
 zone_rekey(dns_zone_t *zone) {
 	isc_result_t result;
@@ -13370,6 +13478,7 @@ zone_rekey(dns_zone_t *zone) {
 					    ISC_TF(!check_ksk), mctx, logmsg));
 		if (!ISC_LIST_EMPTY(del.tuples)) {
 			commit = ISC_TRUE;
+                        add_signing_records(db, zone->privatetype, ver, &del);
 			dns_diff_apply(&del, db, ver);
 			result = increment_soa_serial(db, ver, &del, mctx);
 			if (result == ISC_R_SUCCESS)
@@ -13377,6 +13486,7 @@ zone_rekey(dns_zone_t *zone) {
 		}
 		if (!ISC_LIST_EMPTY(add.tuples)) {
 			commit = ISC_TRUE;
+                        add_signing_records(db, zone->privatetype, ver, &add);
 			dns_diff_apply(&add, db, ver);
 			result = increment_soa_serial(db, ver, &add, mctx);
 			if (result == ISC_R_SUCCESS)

From adb42115869b8258cd38bc7fd044766f662bdd78 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 12 Nov 2009 14:02:38 +0000
Subject: [PATCH 59/87] 2764.   [bug]           "rndc-confgen -a" could trigger
 a REQUIRE. [RT #20610]

---
 CHANGES              | 2 ++
 bin/confgen/keygen.c | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 4b20018109..82b5bec970 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2764.	[bug]		"rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
+
 2763.	[bug]		"rndc sign" didn't create an NSEC chain. [RT #20591]
 
 2762.	[bug]		DLV validation failed with a local slave DLV zone.
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
index bdeac94d88..a5db317700 100644
--- a/bin/confgen/keygen.c
+++ b/bin/confgen/keygen.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: keygen.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
+/* $Id: keygen.c,v 1.4 2009/11/12 14:02:38 marka Exp $ */
 
 /*! \file */
 
@@ -194,7 +194,7 @@ write_key_file(const char *keyfile, const char *user,
 	       dns_secalg_t alg) {
 	isc_result_t result;
 	const char *algname = alg_totext(alg);
-	FILE *fd;
+	FILE *fd = NULL;
 
 	DO("create keyfile", isc_file_safecreate(keyfile, &fd));
 

From 5d061b8d769758c7008df6aa190f52a75ee50975 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 12 Nov 2009 14:18:09 +0000
Subject: [PATCH 60/87] add ./doc/private/SRCID

---
 util/copyrights | 1 +
 1 file changed, 1 insertion(+)

diff --git a/util/copyrights b/util/copyrights
index 2e433030bb..dbb2aa7944 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -1680,6 +1680,7 @@
 ./doc/private/bugfix-by-assertion		X	2001
 ./doc/private/delete-list			X	2005,2006,2007,2008,2009
 ./doc/private/options				TXT.BRIEF	2000,2001,2004
+./doc/private/SRCID				X	2009
 ./doc/todo/brister/todo				X	2000,2001
 ./doc/todo/bwelling/todo			X	2000,2001
 ./doc/todo/drc/todo				X	2000,2001

From 6d4fb86a4d2a1a8507d995dd4704751f4e5fff8c Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Thu, 12 Nov 2009 14:27:28 +0000
Subject: [PATCH 61/87] update

---
 doc/private/SRCID | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/private/SRCID b/doc/private/SRCID
index cb250507be..eead7807d9 100644
--- a/doc/private/SRCID
+++ b/doc/private/SRCID
@@ -1,6 +1,6 @@
-# $Id: SRCID,v 1.2 2009/11/11 09:28:31 tbox Exp $
+# $Id: SRCID,v 1.3 2009/11/12 14:27:28 tbox Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
 #
-SRCID="( $Date: 2009/11/11 09:28:31 $ )"
+SRCID="( $Date: 2009/11/12 14:27:28 $ )"

From 2667bea6bcca8547237cc6b5f50678462c571775 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 12 Nov 2009 20:47:28 +0000
Subject: [PATCH 62/87] new draft

---
 ...t => draft-ietf-dnsext-dnssec-gost-03.txt} | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)
 rename doc/draft/{draft-ietf-dnsext-dnssec-gost-02.txt => draft-ietf-dnsext-dnssec-gost-03.txt} (92%)

diff --git a/doc/draft/draft-ietf-dnsext-dnssec-gost-02.txt b/doc/draft/draft-ietf-dnsext-dnssec-gost-03.txt
similarity index 92%
rename from doc/draft/draft-ietf-dnsext-dnssec-gost-02.txt
rename to doc/draft/draft-ietf-dnsext-dnssec-gost-03.txt
index 73faa6be92..061df67944 100644
--- a/doc/draft/draft-ietf-dnsext-dnssec-gost-02.txt
+++ b/doc/draft/draft-ietf-dnsext-dnssec-gost-03.txt
@@ -6,7 +6,7 @@ Expires: May 10, 2010
 
  Use of GOST signature algorithms in DNSKEY and RRSIG Resource Records
                                for DNSSEC
-                 draft-ietf-dnsext-dnssec-gost-02
+                 draft-ietf-dnsext-dnssec-gost-03
 
 Status of this Memo
 
@@ -44,10 +44,10 @@ Copyright Notice
 
 Abstract
 
-   This document describes how to produce GOST signature and hash 
-   algorithms    DNSKEY and RRSIG resource records for use in the Domain
-   Name System Security Extensions (DNSSEC, RFC 4033, RFC 4034, 
-   and RFC 4035).
+   This document describes how to produce signature and hash using 
+   GOST algorithms for DNSKEY, RRSIG and DS resource records for use in
+   the Domain Name System Security Extensions (DNSSEC, RFC 4033, 
+   RFC 4034, and RFC 4035).
 
 V.Dolmatov              Expires May  10, 2010               [Page 1]
 
@@ -220,22 +220,18 @@ V.Dolmatov              Expires May  10, 2010                [Page 3]
                                   P8RtFK8Qv5DRsA== )
 
   Note: Several GOST signatures calculated for the same message text 
-   will differ because of using of random element in signature 
+   differ because of using of a random element is used in signature 
    generation process.
 
 4.  DS Resource Records
 
    GOST R 34.11-94 digest algorithm is denoted in DS RRs by the digest
    type {TBA2}.  The wire format of a digest value is compatible with 
-   RFC 4490 [RFC4490]. 
+   RFC 4490 [RFC4490], that is digest is in little-endian representation. 
 
 V.Dolmatov              Expires May  10, 2010                [Page 4]
 
-   Quoting RFC 4490: 
-   
-   "A 32-byte digest in little-endian representation."
-
-   The digest MUST always be calculated with GOST R 34.11-94 parameters
+      The digest MUST always be calculated with GOST R 34.11-94 parameters
    identified by id-GostR3411-94-CryptoProParamSet [RFC4357].
 
 4.1. DS RR Example
@@ -249,7 +245,7 @@ V.Dolmatov              Expires May  10, 2010                [Page 4]
                                 9tCz5oSsZl0cL0R2
                                 ) ; key id = 21649
 
-   DS RR will be
+   The DS RR will be
 
    example.net. 3600 IN DS 21649 {TBA1} {TBA2} (
              A8146F448569F30B91255BA8E98DE14B18569A524C49593ADCA4103A
@@ -291,7 +287,7 @@ V.Dolmatov              Expires May  10, 2010                [Page 4]
     Due to the fact that all existing industry implementations of GOST
     cryptographic libraries are returning GOST blobs in little-endian 
     format and in order to avoid the necessity for DNSSEC developers 
-    to hanlde different cryptographic algorithms differently, it was
+    to handle different cryptographic algorithms differently, it was
     chosen to send these blobs on the wire "as is" without 
     transformation of endianness.
 
@@ -313,16 +309,17 @@ V.Dolmatov              Expires May  10, 2010                [Page 5]
 
 8.  IANA Considerations
 
-   This document updates the IANA registry "DNS SECURITY ALGORITHM
-   NUMBERS -- per [RFC4035] "
+   This document updates the IANA registry "DNS Security Algorithm 
+   Numbers [RFC4034]"
    (http://www.iana.org/assignments/dns-sec-alg-numbers).  The 
    following entries are added to the registry:
-                                        Zone     Trans.
-   Value   Algorithm          Mnemonic  Signing  Sec.   References   Status
-   {TBA1}  GOST R 34.10-2001  GOST      Y        *      (this memo)  OPTIONAL
+                                     Zone    Trans.
+   Value  Algorithm         Mnemonic Signing Sec.  References   Status
+   {TBA1} GOST R 34.10-2001 GOST     Y       *     (this memo)  OPTIONAL
 
-   This document updates the RFC 4034 [RFC4034] Digest Types assignment
-   (RFC 4034, section A.2):
+   This document updates the RFC 4034 Digest Types assignment
+   (section A.2)by adding the value and status for the GOST R 34.11-94
+   algorithm:
 
    Value   Algorithm        Status
    {TBA2}  GOST R 34.11-94  OPTIONAL
@@ -336,7 +333,7 @@ V.Dolmatov              Expires May  10, 2010                [Page 5]
    their hard work.
 
    The following people provided additional feedback and text: Dmitry 
-   Burkov, Jaap Akkerhuis, Olafur Gundmundsson,Jelte Jansen 
+   Burkov, Jaap Akkerhuis, Olafur Gundmundsson, Jelte Jansen 
    and Wouter Wijngaards.
 
 
@@ -413,17 +410,19 @@ V.Dolmatov              Expires May  10, 2010                [Page 6]
 
    [DRAFT1]   Dolmatov V., Kabelev D., Ustinov I., Vyshensky S.,
               "GOST R 34.10-2001 digital signature algorithm"
-              draft-dolmatov-cryptocom-gost3410-2001-05,
-              work in progress
+              draft-dolmatov-cryptocom-gost3410-2001-06, 11.10.09
+              work in progress.
 V.Dolmatov              Expires May  10, 2010               [Page 7]
 
    [DRAFT2]   Dolmatov V., Kabelev D., Ustinov I., Vyshensky S.,
               "GOST R 34.11-94 Hash function algorithm"
-              draft-dolmatov-cryptocom-gost341194-03, work in progress
+              draft-dolmatov-cryptocom-gost341194-04, 11.10.09
+              work in progress.
 
    [DRAFT3]   Dolmatov V., Kabelev D., Ustinov I., Emelyanova I.,
               "GOST 28147-89 encryption, decryption and MAC algorithms"
-              draft-dolmatov-cryptocom-gost2814789-03, work in progress
+              draft-dolmatov-cryptocom-gost2814789-04, 11.10.09
+              work in progress.
 
 Authors' Addresses
 
@@ -453,3 +452,4 @@ V.Dolmatov              Expires May  10, 2010                [Page 8]
 
 
 
+

From a64415fc94672a4f137ecb214452382862f106ad Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Thu, 12 Nov 2009 21:16:21 +0000
Subject: [PATCH 63/87] update

---
 doc/private/SRCID | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/private/SRCID b/doc/private/SRCID
index eead7807d9..459ed94298 100644
--- a/doc/private/SRCID
+++ b/doc/private/SRCID
@@ -1,6 +1,6 @@
-# $Id: SRCID,v 1.3 2009/11/12 14:27:28 tbox Exp $
+# $Id: SRCID,v 1.4 2009/11/12 21:16:21 tbox Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
 #
-SRCID="( $Date: 2009/11/12 14:27:28 $ )"
+SRCID="( $Date: 2009/11/12 21:16:21 $ )"

From 841380d97555b83cea41a29b859337823912bbbd Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Thu, 12 Nov 2009 23:19:16 +0000
Subject: [PATCH 64/87] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index 0e76642256..08a9b239f4 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -279,6 +279,7 @@ rt20453				new	marka	// 2009-10-23 12:52 +0000
 rt20474				new	each	// 2009-10-27 05:30 +0000
 rt20526				new	each	// 2009-11-06 22:50 +0000
 rt20541				new	marka	// 2009-10-30 02:28 +0000
+rt20603				new	sar	// 2009-11-12 01:38 +0000
 shane_dbbackend			open	
 skan				open	explorer
 skan-metazones1			private	explorer

From 1d0ebb4cf21324b28215c5df84cce0f84dd6948b Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 12 Nov 2009 23:30:36 +0000
Subject: [PATCH 65/87] 2765.   [bug]           Skip masters for which the TSIG
 key cannot be found.                         [RT #20595]

---
 CHANGES        |  3 +++
 lib/dns/view.c |  5 +++--
 lib/dns/zone.c | 30 ++++++++++++++++++++++++------
 3 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/CHANGES b/CHANGES
index 82b5bec970..7b4aa81e0a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2765.	[bug]		Skip masters for which the TSIG key cannot be found.
+			[RT #20595]
+
 2764.	[bug]		"rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
 
 2763.	[bug]		"rndc sign" didn't create an NSEC chain. [RT #20591]
diff --git a/lib/dns/view.c b/lib/dns/view.c
index 2265a4934a..e9185cf876 100644
--- a/lib/dns/view.c
+++ b/lib/dns/view.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: view.c,v 1.157 2009/10/27 22:46:13 each Exp $ */
+/* $Id: view.c,v 1.158 2009/11/12 23:30:36 marka Exp $ */
 
 /*! \file */
 
@@ -1300,7 +1300,8 @@ dns_view_getpeertsig(dns_view_t *view, isc_netaddr_t *peeraddr,
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
-	return (dns_view_gettsig(view, keyname, keyp));
+	result = dns_view_gettsig(view, keyname, keyp);
+	return ((result == ISC_R_NOTFOUND) ? ISC_R_FAILURE : result);
 }
 
 isc_result_t
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 3bae041ed4..a84cc5e176 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.527 2009/11/12 03:03:36 each Exp $ */
+/* $Id: zone.c,v 1.528 2009/11/12 23:30:33 marka Exp $ */
 
 /*! \file */
 
@@ -8196,6 +8196,7 @@ notify_isself(dns_zone_t *zone, isc_sockaddr_t *dst) {
 	isc_sockaddr_t any;
 	isc_boolean_t isself;
 	isc_netaddr_t dstaddr;
+	isc_result_t result;
 
 	if (zone->view == NULL || zone->isself == NULL)
 		return (ISC_FALSE);
@@ -8221,7 +8222,9 @@ notify_isself(dns_zone_t *zone, isc_sockaddr_t *dst) {
 		src = *dst;
 
 	isc_netaddr_fromsockaddr(&dstaddr, dst);
-	(void)dns_view_getpeertsig(zone->view, &dstaddr, &key);
+	result = dns_view_getpeertsig(zone->view, &dstaddr, &key);
+	if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND)
+		return (ISC_FALSE);
 	isself = (zone->isself)(zone->view, key, &src, dst, zone->rdclass,
 				zone->isselfarg);
 	if (key != NULL)
@@ -8423,9 +8426,14 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
 		goto cleanup;
 
 	isc_netaddr_fromsockaddr(&dstip, ¬ify->dst);
-	(void)dns_view_getpeertsig(notify->zone->view, &dstip, &key);
-
 	isc_sockaddr_format(¬ify->dst, addrbuf, sizeof(addrbuf));
+	result = dns_view_getpeertsig(notify->zone->view, &dstip, &key);
+	if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
+		notify_log(notify->zone, ISC_LOG_ERROR, "NOTIFY to %s not "
+			   "sent. Peer TSIG key lookup failure.", addrbuf);
+		goto cleanup_message;
+	}
+
 	notify_log(notify->zone, ISC_LOG_DEBUG(3), "sending notify to %s",
 		   addrbuf);
 	if (notify->zone->view->peers != NULL) {
@@ -8472,6 +8480,7 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
  cleanup_key:
 	if (key != NULL)
 		dns_tsigkey_detach(&key);
+ cleanup_message:
 	dns_message_destroy(&message);
  cleanup:
 	UNLOCK_ZONE(notify->zone);
@@ -9668,10 +9677,19 @@ soa_query(isc_task_t *task, isc_event_t *event) {
 			dns_name_format(keyname, namebuf, sizeof(namebuf));
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "unable to find key: %s", namebuf);
+			goto skip_master;
+		}
+	}
+	if (key == NULL) {
+		result = dns_view_getpeertsig(zone->view, &masterip, &key);
+		if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
+			char addrbuf[ISC_NETADDR_FORMATSIZE];
+			isc_netaddr_format(&masterip, addrbuf, sizeof(addrbuf));
+			dns_zone_log(zone, ISC_LOG_ERROR,
+				     "unable to find TSIG key for %s", addrbuf);
+			goto skip_master;
 		}
 	}
-	if (key == NULL)
-		(void)dns_view_getpeertsig(zone->view, &masterip, &key);
 
 	have_xfrsource = ISC_FALSE;
 	reqnsid = zone->view->requestnsid;

From 710b3ae385edf517e81b79f3430ce81c660b5f8d Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Thu, 12 Nov 2009 23:31:05 +0000
Subject: [PATCH 66/87] newcopyrights

---
 util/copyrights | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/copyrights b/util/copyrights
index dbb2aa7944..2d08a6d40f 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -1676,11 +1676,11 @@
 ./doc/misc/sdb					TXT.BRIEF	2000,2001,2004
 ./doc/misc/sort-options.pl			PERL	2007
 ./doc/private/CHANGES				X	2000,2001
+./doc/private/SRCID				X	2009
 ./doc/private/branches				X	2002,2003,2004,2005,2006,2007,2008,2009
 ./doc/private/bugfix-by-assertion		X	2001
 ./doc/private/delete-list			X	2005,2006,2007,2008,2009
 ./doc/private/options				TXT.BRIEF	2000,2001,2004
-./doc/private/SRCID				X	2009
 ./doc/todo/brister/todo				X	2000,2001
 ./doc/todo/bwelling/todo			X	2000,2001
 ./doc/todo/drc/todo				X	2000,2001

From 86132f0ef54d263cd825dac9db3c992eeff3e8d9 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Thu, 12 Nov 2009 23:43:02 +0000
Subject: [PATCH 67/87] eliminate warning when building without -DBIND9

---
 lib/dns/cache.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/dns/cache.c b/lib/dns/cache.c
index 1538a53cd4..6c971441b9 100644
--- a/lib/dns/cache.c
+++ b/lib/dns/cache.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: cache.c,v 1.86 2009/11/06 04:12:15 marka Exp $ */
+/* $Id: cache.c,v 1.87 2009/11/12 23:43:02 each Exp $ */
 
 /*! \file */
 
@@ -470,7 +470,9 @@ dns_cache_load(dns_cache_t *cache) {
 
 isc_result_t
 dns_cache_dump(dns_cache_t *cache) {
+#ifdef BIND9
 	isc_result_t result;
+#endif
 
 	REQUIRE(VALID_CACHE(cache));
 

From 53d502202ad0f65168e034d390ea2eb2d877df54 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Thu, 12 Nov 2009 23:47:59 +0000
Subject: [PATCH 68/87] update copyright notice

---
 lib/dns/zone.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index a84cc5e176..ea26c1e5ff 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.528 2009/11/12 23:30:33 marka Exp $ */
+/* $Id: zone.c,v 1.529 2009/11/12 23:47:59 tbox Exp $ */
 
 /*! \file */
 
@@ -13370,7 +13370,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
  */
 static isc_result_t
 add_signing_records(dns_db_t *db, dns_rdatatype_t privatetype,
-                    dns_dbversion_t *ver, dns_diff_t *diff)
+		    dns_dbversion_t *ver, dns_diff_t *diff)
 {
 	dns_difftuple_t *tuple, *newtuple = NULL;
 	dns_rdata_dnskey_t dnskey;
@@ -13496,7 +13496,7 @@ zone_rekey(dns_zone_t *zone) {
 					    ISC_TF(!check_ksk), mctx, logmsg));
 		if (!ISC_LIST_EMPTY(del.tuples)) {
 			commit = ISC_TRUE;
-                        add_signing_records(db, zone->privatetype, ver, &del);
+			add_signing_records(db, zone->privatetype, ver, &del);
 			dns_diff_apply(&del, db, ver);
 			result = increment_soa_serial(db, ver, &del, mctx);
 			if (result == ISC_R_SUCCESS)
@@ -13504,7 +13504,7 @@ zone_rekey(dns_zone_t *zone) {
 		}
 		if (!ISC_LIST_EMPTY(add.tuples)) {
 			commit = ISC_TRUE;
-                        add_signing_records(db, zone->privatetype, ver, &add);
+			add_signing_records(db, zone->privatetype, ver, &add);
 			dns_diff_apply(&add, db, ver);
 			result = increment_soa_serial(db, ver, &add, mctx);
 			if (result == ISC_R_SUCCESS)

From 88a4f97370e8ea55f3a7aff84af847b73eeaaebf Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Fri, 13 Nov 2009 00:19:07 +0000
Subject: [PATCH 69/87] update

---
 doc/private/SRCID | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/private/SRCID b/doc/private/SRCID
index 459ed94298..bb0b9d99ba 100644
--- a/doc/private/SRCID
+++ b/doc/private/SRCID
@@ -1,6 +1,6 @@
-# $Id: SRCID,v 1.4 2009/11/12 21:16:21 tbox Exp $
+# $Id: SRCID,v 1.5 2009/11/13 00:19:07 tbox Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
 #
-SRCID="( $Date: 2009/11/12 21:16:21 $ )"
+SRCID="( $Date: 2009/11/13 00:19:07 $ )"

From 37a34ab54fbd17651961316fadcb48edef7039c9 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Fri, 13 Nov 2009 00:41:58 +0000
Subject: [PATCH 70/87] 2766.	[bug]		isc_socket_fdwatchpoke()
 should only update the 			socketmgr state if the socket
 is not pending on a 			read or write.  [RT #20603]

---
 CHANGES               |  4 ++++
 lib/isc/unix/socket.c | 29 ++++++++++++++++++++++-------
 2 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index 7b4aa81e0a..f07291c85b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+2766.	[bug]		isc_socket_fdwatchpoke() should only update the
+			socketmgr state if the socket is not pending on a
+			read or write.  [RT #20603]
+
 2765.	[bug]		Skip masters for which the TSIG key cannot be found.
 			[RT #20595]
 
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index 663a03ab10..c3e5430ff1 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.325 2009/10/01 01:30:01 sar Exp $ */
+/* $Id: socket.c,v 1.326 2009/11/13 00:41:58 each Exp $ */
 
 /*! \file */
 
@@ -2628,10 +2628,12 @@ isc__socket_fdwatchcreate(isc_socketmgr_t *manager0, int fd, int flags,
 	return (ISC_R_SUCCESS);
 }
 
-/* Indicate to the manager that it should watch the socket again.
+/*
+ * Indicate to the manager that it should watch the socket again.
  * This can be used to restart watching if the previous event handler
  * didn't indicate there was more data to be processed.  Primarily
- * it is for writing but could be used for reading if desired */
+ * it is for writing but could be used for reading if desired
+ */
 
 ISC_SOCKETFUNC_SCOPE isc_result_t
 isc__socket_fdwatchpoke(isc_socket_t *sock0, int flags)
@@ -2640,10 +2642,23 @@ isc__socket_fdwatchpoke(isc_socket_t *sock0, int flags)
 
 	REQUIRE(VALID_SOCKET(sock));
 
-	if (flags & ISC_SOCKFDWATCH_READ)
-		select_poke(sock->manager, sock->fd, SELECT_POKE_READ);
-	if (flags & ISC_SOCKFDWATCH_WRITE)
-		select_poke(sock->manager, sock->fd, SELECT_POKE_WRITE);
+	/*
+	 * We check both flags first to allow us to get the lock
+	 * once but only if we need it.
+	 */
+
+	if ((flags & (ISC_SOCKFDWATCH_READ | ISC_SOCKFDWATCH_WRITE)) != 0) {
+		LOCK(&sock->lock);
+		if (((flags & ISC_SOCKFDWATCH_READ) != 0) &&
+		    !sock->pending_recv)
+			select_poke(sock->manager, sock->fd,
+				    SELECT_POKE_READ);
+		if (((flags & ISC_SOCKFDWATCH_WRITE) != 0) &&
+		    !sock->pending_send)
+			select_poke(sock->manager, sock->fd,
+				    SELECT_POKE_WRITE);
+		UNLOCK(&sock->lock);
+	}
 
 	socket_log(sock, NULL, TRACE, isc_msgcat, ISC_MSGSET_SOCKET,
 		   ISC_MSG_POKED, "fdwatch-poked flags: %d", flags);

From 6bb622d361318ccf784a6970172ce4e4684a8e8c Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Fri, 13 Nov 2009 01:16:30 +0000
Subject: [PATCH 71/87] update

---
 doc/private/SRCID | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/private/SRCID b/doc/private/SRCID
index bb0b9d99ba..cf62451a8b 100644
--- a/doc/private/SRCID
+++ b/doc/private/SRCID
@@ -1,6 +1,6 @@
-# $Id: SRCID,v 1.5 2009/11/13 00:19:07 tbox Exp $
+# $Id: SRCID,v 1.6 2009/11/13 01:16:30 tbox Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
 #
-SRCID="( $Date: 2009/11/13 00:19:07 $ )"
+SRCID="( $Date: 2009/11/13 01:16:30 $ )"

From 9b33a79659b5d70919eab3a0a8550ccf29cd5a60 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 13 Nov 2009 06:04:59 +0000
Subject: [PATCH 72/87] new draft

---
 ...draft-ietf-dnsext-rfc2672bis-dname-18.txt} | 168 +++++++++---------
 1 file changed, 84 insertions(+), 84 deletions(-)
 rename doc/draft/{draft-ietf-dnsext-rfc2672bis-dname-17.txt => draft-ietf-dnsext-rfc2672bis-dname-18.txt} (88%)

diff --git a/doc/draft/draft-ietf-dnsext-rfc2672bis-dname-17.txt b/doc/draft/draft-ietf-dnsext-rfc2672bis-dname-18.txt
similarity index 88%
rename from doc/draft/draft-ietf-dnsext-rfc2672bis-dname-17.txt
rename to doc/draft/draft-ietf-dnsext-rfc2672bis-dname-18.txt
index 9f0591e7c2..3b9a35aeaf 100644
--- a/doc/draft/draft-ietf-dnsext-rfc2672bis-dname-17.txt
+++ b/doc/draft/draft-ietf-dnsext-rfc2672bis-dname-18.txt
@@ -5,28 +5,32 @@ DNS Extensions Working Group                                     S. Rose
 Internet-Draft                                                      NIST
 Obsoletes: 2672 (if approved)                              W. Wijngaards
 Updates: 3363,4294                                            NLnet Labs
-(if approved)                                         September 24, 2009
+(if approved)                                          November 12, 2009
 Intended status: Standards Track
-Expires: March 28, 2010
+Expires: May 16, 2010
 
 
                  Update to DNAME Redirection in the DNS
-                 draft-ietf-dnsext-rfc2672bis-dname-17
+                 draft-ietf-dnsext-rfc2672bis-dname-18
+
+Abstract
+
+   The DNAME record provides redirection for a sub-tree of the domain
+   name tree in the DNS system.  That is, all names that end with a
+   particular suffix are redirected to another part of the DNS.  This is
+   a revision of the original specification in RFC 2672, also aligning
+   RFC 3363 and RFC 4294 with this revision.
+
+Requirements Language
+
+   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+   document are to be interpreted as described in RFC 2119 [RFC2119].
 
 Status of This Memo
 
    This Internet-Draft is submitted to IETF in full conformance with the
-   provisions of BCP 78 and BCP 79.  This document may contain material
-   from IETF Documents or IETF Contributions published or made publicly
-   available before November 10, 2008.  The person(s) controlling the
-   copyright in some of this material may not have granted the IETF
-   Trust the right to allow modifications of such material outside the
-   IETF Standards Process.  Without obtaining an adequate license from
-   the person(s) controlling the copyright in such materials, this
-   document may not be modified outside the IETF Standards Process, and
-   derivative works of it may not be created outside the IETF Standards
-   Process, except to format it for publication as an RFC or to
-   translate it into languages other than English.
+   provisions of BCP 78 and BCP 79.
 
    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF), its areas, and its working groups.  Note that
@@ -44,40 +48,41 @@ Status of This Memo
    The list of Internet-Draft Shadow Directories can be accessed at
    http://www.ietf.org/shadow.html.
 
-   This Internet-Draft will expire on March 28, 2010.
+   This Internet-Draft will expire on May 16, 2010.
+
+
+
+Rose & Wijngaards         Expires May 16, 2010                  [Page 1]
+
+Internet-Draft              DNAME Redirection              November 2009
+
 
 Copyright Notice
 
    Copyright (c) 2009 IETF Trust and the persons identified as the
-
-
-
-Rose & Wijngaards        Expires March 28, 2010                 [Page 1]
-
-Internet-Draft              DNAME Redirection             September 2009
-
-
    document authors.  All rights reserved.
 
    This document is subject to BCP 78 and the IETF Trust's Legal
-   Provisions Relating to IETF Documents in effect on the date of
-   publication of this document (http://trustee.ietf.org/license-info).
-   Please review these documents carefully, as they describe your rights
-   and restrictions with respect to this document.
+   Provisions Relating to IETF Documents
+   (http://trustee.ietf.org/license-info) in effect on the date of
+   publication of this document.  Please review these documents
+   carefully, as they describe your rights and restrictions with respect
+   to this document.  Code Components extracted from this document must
+   include Simplified BSD License text as described in Section 4.e of
+   the Trust Legal Provisions and are provided without warranty as
+   described in the BSD License.
 
-Abstract
-
-   The DNAME record provides redirection for a sub-tree of the domain
-   name tree in the DNS system.  That is, all names that end with a
-   particular suffix are redirected to another part of the DNS.  This is
-   a revision of the original specification in RFC 2672, also aligning
-   RFC 3363 and RFC 4294 with this revision.
-
-Requirements Language
-
-   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
-   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
-   document are to be interpreted as described in RFC 2119 [RFC2119].
+   This document may contain material from IETF Documents or IETF
+   Contributions published or made publicly available before November
+   10, 2008.  The person(s) controlling the copyright in some of this
+   material may not have granted the IETF Trust the right to allow
+   modifications of such material outside the IETF Standards Process.
+   Without obtaining an adequate license from the person(s) controlling
+   the copyright in such materials, this document may not be modified
+   outside the IETF Standards Process, and derivative works of it may
+   not be created outside the IETF Standards Process, except to format
+   it for publication as an RFC or to translate it into languages other
+   than English.
 
 
 
@@ -103,14 +108,9 @@ Requirements Language
 
 
 
-
-
-
-
-
-Rose & Wijngaards        Expires March 28, 2010                 [Page 2]
+Rose & Wijngaards         Expires May 16, 2010                  [Page 2]
 
-Internet-Draft              DNAME Redirection             September 2009
+Internet-Draft              DNAME Redirection              November 2009
 
 
 Table of Contents
@@ -120,7 +120,7 @@ Table of Contents
    2.  The DNAME Resource Record  . . . . . . . . . . . . . . . . . .  4
      2.1.  Format . . . . . . . . . . . . . . . . . . . . . . . . . .  4
      2.2.  The DNAME Substitution . . . . . . . . . . . . . . . . . .  5
-     2.3.  DNAME Apex not Redirected itself . . . . . . . . . . . . .  6
+     2.3.  DNAME Owner Name not Redirected Itself . . . . . . . . . .  6
      2.4.  Names Next to and Below a DNAME Record . . . . . . . . . .  7
      2.5.  Compression of the DNAME record. . . . . . . . . . . . . .  7
 
@@ -164,9 +164,9 @@ Table of Contents
 
 
 
-Rose & Wijngaards        Expires March 28, 2010                 [Page 3]
+Rose & Wijngaards         Expires May 16, 2010                  [Page 3]
 
-Internet-Draft              DNAME Redirection             September 2009
+Internet-Draft              DNAME Redirection              November 2009
 
 
 1.  Introduction
@@ -220,9 +220,9 @@ Internet-Draft              DNAME Redirection             September 2009
 
 
 
-Rose & Wijngaards        Expires March 28, 2010                 [Page 4]
+Rose & Wijngaards         Expires May 16, 2010                  [Page 4]
 
-Internet-Draft              DNAME Redirection             September 2009
+Internet-Draft              DNAME Redirection              November 2009
 
 
    Its RDATA is comprised of a single field, , which contains a
@@ -276,9 +276,9 @@ Internet-Draft              DNAME Redirection             September 2009
 
 
 
-Rose & Wijngaards        Expires March 28, 2010                 [Page 5]
+Rose & Wijngaards         Expires May 16, 2010                  [Page 5]
 
-Internet-Draft              DNAME Redirection             September 2009
+Internet-Draft              DNAME Redirection              November 2009
 
 
    In the table below, the QNAME refers to the query name.  The owner is
@@ -323,7 +323,7 @@ Internet-Draft              DNAME Redirection             September 2009
    DNAME record and its signature (if the zone is signed) are included
    in the answer as proof for the YXDOMAIN (value 6) RCODE.
 
-2.3.  DNAME Apex not Redirected itself
+2.3.  DNAME Owner Name not Redirected Itself
 
    Unlike a CNAME RR, a DNAME RR redirects DNS names subordinate to its
    owner name; the owner name of a DNAME is not redirected itself.  The
@@ -332,18 +332,19 @@ Internet-Draft              DNAME Redirection             September 2009
 
 
 
-Rose & Wijngaards        Expires March 28, 2010                 [Page 6]
+Rose & Wijngaards         Expires May 16, 2010                  [Page 6]
 
-Internet-Draft              DNAME Redirection             September 2009
+Internet-Draft              DNAME Redirection              November 2009
 
 
    other types that have restrictions on what they can co-exist with.
-   DNAME RRs are not allowed at the parent side of a delegation point
-   but are allowed at a zone apex.
+   DNAME RRs MUST NOT appear at the same owner name as an NS RR unless
+   the owner name is the zone apex.
 
-   There still is a need to have the customary SOA and NS resource
-   records at the zone apex.  This means that DNAME does not mirror a
-   zone completely, as it does not mirror the zone apex.
+   If a DNAME record is present at the zone apex, there is still a need
+   to have the customary SOA and NS resource records there as well.
+   Such a DNAME cannot be used to mirror a zone completely, as it does
+   not mirror the zone apex.
 
    These rules also allow DNAME records to be queried through RFC 1034
    [RFC1034] compliant, DNAME-unaware caches.
@@ -387,10 +388,9 @@ Internet-Draft              DNAME Redirection             September 2009
 
 
 
-
-Rose & Wijngaards        Expires March 28, 2010                 [Page 7]
+Rose & Wijngaards         Expires May 16, 2010                  [Page 7]
 
-Internet-Draft              DNAME Redirection             September 2009
+Internet-Draft              DNAME Redirection              November 2009
 
 
 3.  Processing
@@ -444,9 +444,9 @@ Internet-Draft              DNAME Redirection             September 2009
 
 
 
-Rose & Wijngaards        Expires March 28, 2010                 [Page 8]
+Rose & Wijngaards         Expires May 16, 2010                  [Page 8]
 
-Internet-Draft              DNAME Redirection             September 2009
+Internet-Draft              DNAME Redirection              November 2009
 
 
        A.  If the whole of QNAME is matched, we have found the node.
@@ -500,9 +500,9 @@ Internet-Draft              DNAME Redirection             September 2009
 
 
 
-Rose & Wijngaards        Expires March 28, 2010                 [Page 9]
+Rose & Wijngaards         Expires May 16, 2010                  [Page 9]
 
-Internet-Draft              DNAME Redirection             September 2009
+Internet-Draft              DNAME Redirection              November 2009
 
 
            into the answer section of the response changing the owner
@@ -556,9 +556,9 @@ Internet-Draft              DNAME Redirection             September 2009
 
 
 
-Rose & Wijngaards        Expires March 28, 2010                [Page 10]
+Rose & Wijngaards         Expires May 16, 2010                 [Page 10]
 
-Internet-Draft              DNAME Redirection             September 2009
+Internet-Draft              DNAME Redirection              November 2009
 
 
    This conflict situation is a transitional phase that ends when the
@@ -612,9 +612,9 @@ Internet-Draft              DNAME Redirection             September 2009
 
 
 
-Rose & Wijngaards        Expires March 28, 2010                [Page 11]
+Rose & Wijngaards         Expires May 16, 2010                 [Page 11]
 
-Internet-Draft              DNAME Redirection             September 2009
+Internet-Draft              DNAME Redirection              November 2009
 
 
    In [RFC3363], the paragraph
@@ -668,9 +668,9 @@ Internet-Draft              DNAME Redirection             September 2009
 
 
 
-Rose & Wijngaards        Expires March 28, 2010                [Page 12]
+Rose & Wijngaards         Expires May 16, 2010                 [Page 12]
 
-Internet-Draft              DNAME Redirection             September 2009
+Internet-Draft              DNAME Redirection              November 2009
 
 
    any domain names that may exist under the added DNAME.
@@ -724,9 +724,9 @@ Internet-Draft              DNAME Redirection             September 2009
 
 
 
-Rose & Wijngaards        Expires March 28, 2010                [Page 13]
+Rose & Wijngaards         Expires May 16, 2010                 [Page 13]
 
-Internet-Draft              DNAME Redirection             September 2009
+Internet-Draft              DNAME Redirection              November 2009
 
 
    ;; Header: QR AA DO RCODE=3(NXDOMAIN)
@@ -780,9 +780,9 @@ Internet-Draft              DNAME Redirection             September 2009
 
 
 
-Rose & Wijngaards        Expires March 28, 2010                [Page 14]
+Rose & Wijngaards         Expires May 16, 2010                 [Page 14]
 
-Internet-Draft              DNAME Redirection             September 2009
+Internet-Draft              DNAME Redirection              November 2009
 
 
 6.  IANA Considerations
@@ -836,9 +836,9 @@ Internet-Draft              DNAME Redirection             September 2009
 
 
 
-Rose & Wijngaards        Expires March 28, 2010                [Page 15]
+Rose & Wijngaards         Expires May 16, 2010                 [Page 15]
 
-Internet-Draft              DNAME Redirection             September 2009
+Internet-Draft              DNAME Redirection              November 2009
 
 
               RFC 2136, April 1997.
@@ -892,9 +892,9 @@ Internet-Draft              DNAME Redirection             September 2009
 
 
 
-Rose & Wijngaards        Expires March 28, 2010                [Page 16]
+Rose & Wijngaards         Expires May 16, 2010                 [Page 16]
 
-Internet-Draft              DNAME Redirection             September 2009
+Internet-Draft              DNAME Redirection              November 2009
 
 
 Authors' Addresses
@@ -948,6 +948,6 @@ Authors' Addresses
 
 
 
-Rose & Wijngaards        Expires March 28, 2010                [Page 17]
+Rose & Wijngaards         Expires May 16, 2010                 [Page 17]
 
 

From 67b57046efe1ef6338bcf49acf0f3baad43e4814 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Fri, 13 Nov 2009 06:17:03 +0000
Subject: [PATCH 73/87] update

---
 doc/private/SRCID | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/private/SRCID b/doc/private/SRCID
index cf62451a8b..d23726c45b 100644
--- a/doc/private/SRCID
+++ b/doc/private/SRCID
@@ -1,6 +1,6 @@
-# $Id: SRCID,v 1.6 2009/11/13 01:16:30 tbox Exp $
+# $Id: SRCID,v 1.7 2009/11/13 06:17:03 tbox Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
 #
-SRCID="( $Date: 2009/11/13 01:16:30 $ )"
+SRCID="( $Date: 2009/11/13 06:17:03 $ )"

From e856482b1fe1c554a8e47a519b59902b21792564 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Mon, 16 Nov 2009 01:44:33 +0000
Subject: [PATCH 74/87] 2767.	[bug]		named could crash on startup
 if a zone was 			configured with auto-dnssec and there was no 
 		key-directory. [RT #20615]

---
 CHANGES          | 4 ++++
 lib/dns/dnssec.c | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index f07291c85b..5a38be3bc6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+2767.	[bug]		named could crash on startup if a zone was
+			configured with auto-dnssec and there was no
+			key-directory. [RT #20615]
+
 2766.	[bug]		isc_socket_fdwatchpoke() should only update the
 			socketmgr state if the socket is not pending on a
 			read or write.  [RT #20603]
diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c
index 9bfef56754..cac4d6c1bc 100644
--- a/lib/dns/dnssec.c
+++ b/lib/dns/dnssec.c
@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: dnssec.c,v 1.108 2009/10/27 03:59:45 each Exp $
+ * $Id: dnssec.c,v 1.109 2009/11/16 01:44:33 each Exp $
  */
 
 /*! \file */
@@ -1124,6 +1124,8 @@ dns_dnssec_findmatchingkeys(dns_name_t *origin, const char *directory,
 	len = isc_buffer_usedlength(&b);
 	namebuf[len] = '\0';
 
+	if (directory == NULL)
+		directory = ".";
 	RETERR(isc_dir_open(&dir, directory));
 	dir_open = ISC_TRUE;
 

From 36d20ac80b76424637ef2ccd6117b450bd9ddadf Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Mon, 16 Nov 2009 02:17:59 +0000
Subject: [PATCH 75/87] update

---
 doc/private/SRCID | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/private/SRCID b/doc/private/SRCID
index d23726c45b..179884ad66 100644
--- a/doc/private/SRCID
+++ b/doc/private/SRCID
@@ -1,6 +1,6 @@
-# $Id: SRCID,v 1.7 2009/11/13 06:17:03 tbox Exp $
+# $Id: SRCID,v 1.8 2009/11/16 02:17:59 tbox Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
 #
-SRCID="( $Date: 2009/11/13 06:17:03 $ )"
+SRCID="( $Date: 2009/11/16 02:17:59 $ )"

From 00295e065080e0b9856d00b15976d1ed5d280cbf Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Mon, 16 Nov 2009 04:27:44 +0000
Subject: [PATCH 76/87] 2768.	[bug]		dnssec-signzone: -S no longer
 implies -g [RT #20568]

---
 CHANGES                      | 2 ++
 bin/dnssec/dnssec-signzone.c | 9 ++++-----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 5a38be3bc6..b70114e84b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2768.	[bug]		dnssec-signzone: -S no longer implies -g [RT #20568]
+
 2767.	[bug]		named could crash on startup if a zone was
 			configured with auto-dnssec and there was no
 			key-directory. [RT #20615]
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 0303b4ebff..5c2deede34 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -29,7 +29,7 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-signzone.c,v 1.252 2009/11/03 01:31:17 marka Exp $ */
+/* $Id: dnssec-signzone.c,v 1.253 2009/11/16 04:27:44 each Exp $ */
 
 /*! \file */
 
@@ -3129,10 +3129,10 @@ usage(void) {
 	fprintf(stderr, "\t-K directory:\n");
 	fprintf(stderr, "\t\tdirectory to find key files (.)\n");
 	fprintf(stderr, "\t-d directory:\n");
-	fprintf(stderr, "\t\tdirectory to find dsset files (.)\n");
+	fprintf(stderr, "\t\tdirectory to find dsset-* files (.)\n");
 	fprintf(stderr, "\t-g:\t");
-	fprintf(stderr, "generate dsset file, and/or include DS records\n"
-			"\t\tfrom child zones' dsset files\n");
+	fprintf(stderr, "update DS records based on child zones' "
+			"dsset-* files\n");
 	fprintf(stderr, "\t-s [YYYYMMDDHHMMSS|+offset]:\n");
 	fprintf(stderr, "\t\tRRSIG start time - absolute|offset (now - 1 hour)\n");
 	fprintf(stderr, "\t-e [YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n");
@@ -3453,7 +3453,6 @@ main(int argc, char *argv[]) {
 
 		case 'S':
 			smartsign = ISC_TRUE;
-			generateds = ISC_TRUE;
 			break;
 
 		case 's':

From c5486083212f2ef344a6a5f7a9693ce8ed8182dc Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Mon, 16 Nov 2009 05:18:00 +0000
Subject: [PATCH 77/87] update

---
 doc/private/SRCID | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/private/SRCID b/doc/private/SRCID
index 179884ad66..929791067b 100644
--- a/doc/private/SRCID
+++ b/doc/private/SRCID
@@ -1,6 +1,6 @@
-# $Id: SRCID,v 1.8 2009/11/16 02:17:59 tbox Exp $
+# $Id: SRCID,v 1.9 2009/11/16 05:18:00 tbox Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
 #
-SRCID="( $Date: 2009/11/16 02:17:59 $ )"
+SRCID="( $Date: 2009/11/16 05:18:00 $ )"

From 7048af0a551f13d2916a06cce21357714939a89b Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Mon, 16 Nov 2009 07:56:06 +0000
Subject: [PATCH 78/87] 2769.	[cleanup]	Change #2742 was incomplete.
 [RT #19589]

---
 CHANGES             |  2 ++
 lib/dns/validator.c | 54 +++++++++++++++++++++++++++++++++++----------
 2 files changed, 44 insertions(+), 12 deletions(-)

diff --git a/CHANGES b/CHANGES
index b70114e84b..a8199089a1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2769.	[cleanup]	Change #2742 was incomplete. [RT #19589]
+
 2768.	[bug]		dnssec-signzone: -S no longer implies -g [RT #20568]
 
 2767.	[bug]		named could crash on startup if a zone was
diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index 3b6759afec..8a08ab0524 100644
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: validator.c,v 1.180 2009/10/28 05:34:21 each Exp $ */
+/* $Id: validator.c,v 1.181 2009/11/16 07:56:06 each Exp $ */
 
 #include 
 
@@ -1438,8 +1438,11 @@ create_fetch(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type,
 	if (dns_rdataset_isassociated(&val->fsigrdataset))
 		dns_rdataset_disassociate(&val->fsigrdataset);
 
-	if (check_deadlock(val, name, type, NULL, NULL))
+	if (check_deadlock(val, name, type, NULL, NULL)) {
+		validator_log(val, ISC_LOG_DEBUG(3),
+			      "deadlock found (create_fetch)");
 		return (DNS_R_NOVALIDSIG);
+	}
 
 	validator_logcreate(val, name, type, caller, "fetch");
 	return (dns_resolver_createfetch(val->view->resolver, name, type,
@@ -1461,8 +1464,11 @@ create_validator(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type,
 {
 	isc_result_t result;
 
-	if (check_deadlock(val, name, type, rdataset, sigrdataset))
+	if (check_deadlock(val, name, type, rdataset, sigrdataset)) {
+		validator_log(val, ISC_LOG_DEBUG(3),
+			      "deadlock found (create_validator)");
 		return (DNS_R_NOVALIDSIG);
+	}
 
 	validator_logcreate(val, name, type, caller, "validator");
 	result = dns_validator_create(val->view, name, type,
@@ -2227,10 +2233,15 @@ validatezonekey(dns_validator_t *val) {
 		 * give up, since there's no DS at the root.
 		 */
 		if (dns_name_equal(event->name, dns_rootname)) {
-			if ((val->attributes & VALATTR_TRIEDVERIFY) != 0)
+			if ((val->attributes & VALATTR_TRIEDVERIFY) != 0) {
+				validator_log(val, ISC_LOG_DEBUG(3),
+					      "root key failed to validate");
 				return (DNS_R_NOVALIDSIG);
-			else
+			} else {
+				validator_log(val, ISC_LOG_DEBUG(3),
+					      "no trusted root key");
 				return (DNS_R_NOVALIDDS);
+			}
 		}
 
 		if (atsep) {
@@ -2471,8 +2482,11 @@ validatezonekey(dns_validator_t *val) {
 			      "no supported algorithm/digest (DS)");
 		markanswer(val);
 		return (ISC_R_SUCCESS);
-	} else
+	} else {
+		validator_log(val, ISC_LOG_INFO,
+			      "no valid signature found (DS)");
 		return (DNS_R_NOVALIDSIG);
+	}
 }
 
 /*%
@@ -3190,8 +3204,11 @@ finddlvsep(dns_validator_t *val, isc_boolean_t resume) {
 			      namebuf);
 		result = view_find(val, dlvname, dns_rdatatype_dlv);
 		if (result == ISC_R_SUCCESS) {
-			if (val->frdataset.trust < dns_trust_secure)
+			if (val->frdataset.trust < dns_trust_secure) {
+				validator_log(val, ISC_LOG_DEBUG(3),
+					      "DLV not validated");
 				return (DNS_R_NOVALIDSIG);
+			}
 			val->havedlvsep = ISC_TRUE;
 			dns_rdataset_clone(&val->frdataset, &val->dlv);
 			return (ISC_R_SUCCESS);
@@ -3279,7 +3296,9 @@ proveunsecure(dns_validator_t *val, isc_boolean_t have_ds, isc_boolean_t resume)
 					      "not beneath secure root");
 				result = DNS_R_MUSTBESECURE;
 				goto out;
-			}
+			} else
+				validator_log(val, ISC_LOG_DEBUG(3),
+					      "not beneath secure root");
 			if (val->view->dlv == NULL || DLVTRIED(val)) {
 				markanswer(val);
 				return (ISC_R_SUCCESS);
@@ -3310,7 +3329,8 @@ proveunsecure(dns_validator_t *val, isc_boolean_t have_ds, isc_boolean_t resume)
 			if ((val->view->dlv == NULL || DLVTRIED(val)) &&
 			    val->mustbesecure) {
 				validator_log(val, ISC_LOG_WARNING,
-					      "must be secure failure at '%s'",
+					      "must be secure failure at '%s', "
+					      "can't fall back to DLV",
 					      namebuf);
 				result = DNS_R_MUSTBESECURE;
 				goto out;
@@ -3372,12 +3392,13 @@ proveunsecure(dns_validator_t *val, isc_boolean_t have_ds, isc_boolean_t resume)
 			if (result == DNS_R_NXRRSET &&
 			    !dns_rdataset_isassociated(&val->frdataset) &&
 			    dns_view_findzonecut2(val->view, tname, found,
-						  0, 0, ISC_FALSE, ISC_FALSE,
-						  NULL, NULL) == ISC_R_SUCCESS &&
+						 0, 0, ISC_FALSE, ISC_FALSE,
+						 NULL, NULL) == ISC_R_SUCCESS &&
 			    dns_name_equal(tname, found)) {
 				if (val->mustbesecure) {
 					validator_log(val, ISC_LOG_WARNING,
-						      "must be secure failure");
+						      "must be secure failure, "
+						      "no DS at zone cut");
 					return (DNS_R_MUSTBESECURE);
 				}
 				if (val->view->dlv == NULL || DLVTRIED(val)) {
@@ -3393,6 +3414,9 @@ proveunsecure(dns_validator_t *val, isc_boolean_t have_ds, isc_boolean_t resume)
 				 * there's no way of validating existing
 				 * negative response blobs, give up.
 				 */
+				validator_log(val, ISC_LOG_WARNING,
+					      "can't validate existing "
+					      "negative responses (no DS)");
 				result = DNS_R_NOVALIDSIG;
 				goto out;
 			}
@@ -3444,6 +3468,8 @@ proveunsecure(dns_validator_t *val, isc_boolean_t have_ds, isc_boolean_t resume)
 			}
 			else if (!dns_rdataset_isassociated(&val->fsigrdataset))
 			{
+				validator_log(val, ISC_LOG_DEBUG(3),
+					      "DS is unsigned");
 				result = DNS_R_NOVALIDSIG;
 				goto out;
 			}
@@ -3475,6 +3501,10 @@ proveunsecure(dns_validator_t *val, isc_boolean_t have_ds, isc_boolean_t resume)
 				 * there's no way of validating existing
 				 * negative response blobs, give up.
 				 */
+				validator_log(val, ISC_LOG_WARNING,
+					      "can't validate existing "
+					      "negative responses "
+					      "(not a zone cut)");
 				result = DNS_R_NOVALIDSIG;
 				goto out;
 			}

From 13cb972c4095320129b5803488215522a0002c91 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Mon, 16 Nov 2009 08:19:51 +0000
Subject: [PATCH 79/87] update

---
 doc/private/SRCID | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/private/SRCID b/doc/private/SRCID
index 929791067b..c893128c39 100644
--- a/doc/private/SRCID
+++ b/doc/private/SRCID
@@ -1,6 +1,6 @@
-# $Id: SRCID,v 1.9 2009/11/16 05:18:00 tbox Exp $
+# $Id: SRCID,v 1.10 2009/11/16 08:19:51 tbox Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
 #
-SRCID="( $Date: 2009/11/16 05:18:00 $ )"
+SRCID="( $Date: 2009/11/16 08:19:51 $ )"

From 3ed58d616215105eb920e0fe927a43cb4edb1d53 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Mon, 16 Nov 2009 23:20:46 +0000
Subject: [PATCH 80/87] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index 08a9b239f4..cc540632b1 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -280,6 +280,7 @@ rt20474				new	each	// 2009-10-27 05:30 +0000
 rt20526				new	each	// 2009-11-06 22:50 +0000
 rt20541				new	marka	// 2009-10-30 02:28 +0000
 rt20603				new	sar	// 2009-11-12 01:38 +0000
+rt20619				new	sar	// 2009-11-16 19:51 +0000
 shane_dbbackend			open	
 skan				open	explorer
 skan-metazones1			private	explorer

From 44a3999cf4f71bd81a7942ff5e60c6b1828e5f9d Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Tue, 17 Nov 2009 02:23:15 +0000
Subject: [PATCH 81/87] 2770.   [cleanup]       Add log messages to resolver.c
 to indicate events                         causing FORMERR responses. [RT
 #20526]

---
 CHANGES            |   3 +
 lib/dns/resolver.c | 149 +++++++++++++++++++++++++++++++++++++++------
 2 files changed, 134 insertions(+), 18 deletions(-)

diff --git a/CHANGES b/CHANGES
index a8199089a1..b5f40df73d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2770.	[cleanup]	Add log messages to resolver.c to indicate events
+			causing FORMERR responses. [RT #20526]
+
 2769.	[cleanup]	Change #2742 was incomplete. [RT #19589]
 
 2768.	[bug]		dnssec-signzone: -S no longer implies -g [RT #20568]
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index bc5f62b6f6..98f2dccb0d 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.409 2009/11/04 02:15:29 marka Exp $ */
+/* $Id: resolver.c,v 1.410 2009/11/17 02:23:15 each Exp $ */
 
 /*! \file */
 
@@ -272,6 +272,8 @@ struct fetchctx {
 	unsigned int			findfail;
 	unsigned int			valfail;
 	isc_boolean_t			timeout;
+	dns_adbaddrinfo_t 		*addrinfo;
+	isc_sockaddr_t			*client;
 };
 
 #define FCTX_MAGIC			ISC_MAGIC('F', '!', '!', '!')
@@ -3395,6 +3397,7 @@ fctx_join(fetchctx_t *fctx, isc_task_t *task, isc_sockaddr_t *client,
 	else
 		ISC_LIST_APPEND(fctx->events, event, ev_link);
 	fctx->references++;
+	fctx->client = client;
 
 	fetch->magic = DNS_FETCH_MAGIC;
 	fetch->private = fctx;
@@ -3492,6 +3495,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
 	fctx->rand_buf = 0;
 	fctx->rand_bits = 0;
 	fctx->timeout = ISC_FALSE;
+	fctx->addrinfo = NULL;
+	fctx->client = NULL;
 
 	dns_name_init(&fctx->nsname, NULL);
 	fctx->nsfetch = NULL;
@@ -3723,6 +3728,33 @@ log_lame(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo) {
 		      namebuf, domainbuf, addrbuf);
 }
 
+static inline void
+log_formerr(fetchctx_t *fctx, const char *format, ...) {
+	char nsbuf[ISC_SOCKADDR_FORMATSIZE];
+	char clbuf[ISC_SOCKADDR_FORMATSIZE];
+	const char *clmsg = "";
+	char msgbuf[2048];
+	va_list args;
+
+	va_start(args, format);
+	vsnprintf(msgbuf, sizeof(msgbuf), format, args);
+	va_end(args);
+
+	isc_sockaddr_format(&fctx->addrinfo->sockaddr, nsbuf, sizeof(nsbuf));
+
+	if (fctx->client != NULL) {
+		clmsg = " for client ";
+		isc_sockaddr_format(fctx->client, clbuf, sizeof(clbuf));
+	} else {
+		clbuf[0] = '\0';
+	}
+
+	isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+		      DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE,
+		      "DNS format error from %s resolving %s%s%s: %s",
+		      nsbuf, fctx->info, clmsg, clbuf, msgbuf);
+}
+
 static inline isc_result_t
 same_question(fetchctx_t *fctx) {
 	isc_result_t result;
@@ -3737,8 +3769,10 @@ same_question(fetchctx_t *fctx) {
 	/*
 	 * XXXRTH  Currently we support only one question.
 	 */
-	if (message->counts[DNS_SECTION_QUESTION] != 1)
+	if (message->counts[DNS_SECTION_QUESTION] != 1) {
+		log_formerr(fctx, "too many questions");
 		return (DNS_R_FORMERR);
+	}
 
 	result = dns_message_firstname(message, DNS_SECTION_QUESTION);
 	if (result != ISC_R_SUCCESS)
@@ -3748,10 +3782,21 @@ same_question(fetchctx_t *fctx) {
 	rdataset = ISC_LIST_HEAD(name->list);
 	INSIST(rdataset != NULL);
 	INSIST(ISC_LIST_NEXT(rdataset, link) == NULL);
+
 	if (fctx->type != rdataset->type ||
 	    fctx->res->rdclass != rdataset->rdclass ||
-	    !dns_name_equal(&fctx->name, name))
+	    !dns_name_equal(&fctx->name, name)) {
+		char namebuf[DNS_NAME_FORMATSIZE];
+       		char class[DNS_RDATACLASS_FORMATSIZE];
+       		char type[DNS_RDATATYPE_FORMATSIZE];
+
+		dns_name_format(name, namebuf, sizeof(namebuf));
+		dns_rdataclass_format(rdataset->rdclass, class, sizeof(class));
+		dns_rdatatype_format(rdataset->type, type, sizeof(type));
+		log_formerr(fctx, "question section mismatch: got %s/%s/%s",
+			    namebuf, class, type);
 		return (DNS_R_FORMERR);
+	}
 
 	return (ISC_R_SUCCESS);
 }
@@ -4953,8 +4998,8 @@ cname_target(dns_rdataset_t *rdataset, dns_name_t *tname) {
 }
 
 static inline isc_result_t
-dname_target(dns_rdataset_t *rdataset, dns_name_t *qname, dns_name_t *oname,
-	     dns_fixedname_t *fixeddname)
+dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
+	     dns_name_t *oname, dns_fixedname_t *fixeddname)
 {
 	isc_result_t result;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
@@ -4967,7 +5012,6 @@ dname_target(dns_rdataset_t *rdataset, dns_name_t *qname, dns_name_t *oname,
 	/*
 	 * Get the target name of the DNAME.
 	 */
-
 	result = dns_rdataset_first(rdataset);
 	if (result != ISC_R_SUCCESS)
 		return (result);
@@ -4981,7 +5025,14 @@ dname_target(dns_rdataset_t *rdataset, dns_name_t *qname, dns_name_t *oname,
 	 */
 	namereln = dns_name_fullcompare(qname, oname, &order, &nlabels);
 	if (namereln != dns_namereln_subdomain) {
+		char qbuf[DNS_NAME_FORMATSIZE];
+		char obuf[DNS_NAME_FORMATSIZE];
+
 		dns_rdata_freestruct(&dname);
+		dns_name_format(qname, qbuf, sizeof(qbuf));
+		dns_name_format(oname, obuf, sizeof(obuf));
+		log_formerr(fctx, "unrelated DNAME in answer: "
+				   "%s is not in %s", qbuf, obuf);
 		return (DNS_R_FORMERR);
 	}
 	dns_fixedname_init(&prefix);
@@ -5224,8 +5275,22 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
 					type = rdataset->covers;
 				if (((type == dns_rdatatype_ns ||
 				      type == dns_rdatatype_soa) &&
-				     !dns_name_issubdomain(qname, name)))
+				     !dns_name_issubdomain(qname, name))) {
+					char qbuf[DNS_NAME_FORMATSIZE];
+					char nbuf[DNS_NAME_FORMATSIZE];
+					char tbuf[DNS_RDATATYPE_FORMATSIZE];
+					dns_rdatatype_format(fctx->type, tbuf,
+							     sizeof(tbuf));
+					dns_name_format(name, nbuf,
+							     sizeof(nbuf));
+					dns_name_format(qname, qbuf,
+							     sizeof(qbuf));
+					log_formerr(fctx,
+						    "unrelated %s %s in "
+						    "%s authority section",
+						    tbuf, qbuf, nbuf);
 					return (DNS_R_FORMERR);
+				}
 				if (type == dns_rdatatype_ns) {
 					/*
 					 * NS or RRSIG NS.
@@ -5235,8 +5300,14 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
 					if (rdataset->type ==
 					    dns_rdatatype_ns) {
 						if (ns_name != NULL &&
-						    name != ns_name)
+						    name != ns_name) {
+							log_formerr(fctx,
+								"multiple NS "
+								"RRsets in "
+								"authority "
+								"section");
 							return (DNS_R_FORMERR);
+						}
 						ns_name = name;
 						ns_rdataset = rdataset;
 					}
@@ -5255,8 +5326,14 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
 					if (rdataset->type ==
 					    dns_rdatatype_soa) {
 						if (soa_name != NULL &&
-						    name != soa_name)
+						    name != soa_name) {
+							log_formerr(fctx,
+								"multiple SOA "
+								"RRs in "
+								"authority "
+								"section");
 							return (DNS_R_FORMERR);
+						}
 						soa_name = name;
 					}
 					name->attributes |=
@@ -5334,13 +5411,23 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
 					 * this is a referral, and there
 					 * should only be one DS RRset.
 					 */
-					if (ns_name == NULL)
+					if (ns_name == NULL) {
+						log_formerr(fctx,
+						 	    "DS with no "
+							    "referral");
 						return (DNS_R_FORMERR);
+					}
 					if (rdataset->type ==
 					    dns_rdatatype_ds) {
 						if (ds_name != NULL &&
-						    name != ds_name)
+						    name != ds_name) {
+							log_formerr(fctx,
+								"DS doesn't "
+								"match "
+								"referral "
+								"(NS)");
 							return (DNS_R_FORMERR);
+						}
 						ds_name = name;
 					}
 					name->attributes |=
@@ -5390,6 +5477,7 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
 			/*
 			 * The responder is insane.
 			 */
+			log_formerr(fctx, "invalid response");
 			return (DNS_R_FORMERR);
 		}
 	}
@@ -5397,8 +5485,10 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
 	/*
 	 * If we found both NS and SOA, they should be the same name.
 	 */
-	if (ns_name != NULL && soa_name != NULL && ns_name != soa_name)
+	if (ns_name != NULL && soa_name != NULL && ns_name != soa_name) {
+		log_formerr(fctx, "NS/SOA mismatch");
 		return (DNS_R_FORMERR);
+	}
 
 	/*
 	 * Do we have a referral?  (We only want to follow a referral if
@@ -5411,14 +5501,18 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
 		 * progress.  We return DNS_R_FORMERR so that we'll keep
 		 * trying other servers.
 		 */
-		if (dns_name_equal(ns_name, &fctx->domain))
+		if (dns_name_equal(ns_name, &fctx->domain)) {
+			log_formerr(fctx, "sideways referral");
 			return (DNS_R_FORMERR);
+		}
 
 		/*
 		 * If the referral name is not a parent of the query
 		 * name, consider the responder insane.
 		 */
 		if (! dns_name_issubdomain(&fctx->name, ns_name)) {
+			/* Logged twice */
+			log_formerr(fctx, "referral to non-parent");
 			FCTXTRACE("referral to non-parent");
 			return (DNS_R_FORMERR);
 		}
@@ -5543,6 +5637,7 @@ answer_response(fetchctx_t *fctx) {
 					 * NSEC3 records are not allowed to
 					 * appear in the answer section.
 					 */
+					log_formerr(fctx, "NSEC3 in answer");
 					return (DNS_R_FORMERR);
 				}
 
@@ -5595,8 +5690,16 @@ answer_response(fetchctx_t *fctx) {
 					 */
 					if (type == dns_rdatatype_rrsig ||
 					    type == dns_rdatatype_dnskey ||
-					    type == dns_rdatatype_nsec)
+					    type == dns_rdatatype_nsec ||
+					    type == dns_rdatatype_nsec3) {
+						char buf[DNS_RDATATYPE_FORMATSIZE];
+						dns_rdatatype_format(fctx->type,
+							      buf, sizeof(buf));
+						log_formerr(fctx,
+		 					    "CNAME response "
+							    "for %s RR", buf);
 						return (DNS_R_FORMERR);
+					}
 					found = ISC_TRUE;
 					found_cname = ISC_TRUE;
 					want_chaining = ISC_TRUE;
@@ -5727,12 +5830,15 @@ answer_response(fetchctx_t *fctx) {
 					 * If we're not chaining, then the
 					 * DNAME should not be external.
 					 */
-					if (!chaining && external)
+					if (!chaining && external) {
+						log_formerr(fctx,
+		 					    "external DNAME");
 						return (DNS_R_FORMERR);
+					}
 					found = ISC_TRUE;
 					want_chaining = ISC_TRUE;
 					aflag = DNS_RDATASETATTR_ANSWER;
-					result = dname_target(rdataset,
+					result = dname_target(fctx, rdataset,
 							      qname, name,
 							      &dname);
 					if (result == ISC_R_NOSPACE) {
@@ -5842,8 +5948,10 @@ answer_response(fetchctx_t *fctx) {
 	/*
 	 * We should have found an answer.
 	 */
-	if (!have_answer)
+	if (!have_answer) {
+		log_formerr(fctx, "reply has no answer");
 		return (DNS_R_FORMERR);
+	}
 
 	/*
 	 * This response is now potentially cacheable.
@@ -5867,8 +5975,11 @@ answer_response(fetchctx_t *fctx) {
 	 * We didn't end with an incomplete chain, so the rcode should be
 	 * "no error".
 	 */
-	if (message->rcode != dns_rcode_noerror)
+	if (message->rcode != dns_rcode_noerror) {
+		log_formerr(fctx, "CNAME/DNAME chain complete, but RCODE "
+			          "indicates error");
 		return (DNS_R_FORMERR);
+	}
 
 	/*
 	 * Examine the authority section (if there is one).
@@ -6239,6 +6350,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
 
 	fctx->timeouts = 0;
 	fctx->timeout = ISC_FALSE;
+	fctx->addrinfo = query->addrinfo;
 
 	/*
 	 * XXXRTH  We should really get the current time just once.  We
@@ -6515,6 +6627,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
 				 * cannot make any more progress with this
 				 * fetch.
 				 */
+				log_formerr(fctx, "server sent FORMERR");
 				result = DNS_R_FORMERR;
 			}
 		} else if (message->rcode == dns_rcode_yxdomain) {

From f9a07be8b3145a3d8132604186f93906c5f0add8 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Tue, 17 Nov 2009 03:20:19 +0000
Subject: [PATCH 82/87] update

---
 doc/private/SRCID | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/private/SRCID b/doc/private/SRCID
index c893128c39..8a4d12dd20 100644
--- a/doc/private/SRCID
+++ b/doc/private/SRCID
@@ -1,6 +1,6 @@
-# $Id: SRCID,v 1.10 2009/11/16 08:19:51 tbox Exp $
+# $Id: SRCID,v 1.11 2009/11/17 03:20:19 tbox Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
 #
-SRCID="( $Date: 2009/11/16 08:19:51 $ )"
+SRCID="( $Date: 2009/11/17 03:20:19 $ )"

From 7ee4b13ded769df52e8c66b3dfa1de968df7bd28 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Tue, 17 Nov 2009 05:46:53 +0000
Subject: [PATCH 83/87] 2771.   [bug]           dnssec-signzone: DNSKEY records
 could be                         corrupted when importing from key files [RT
 #20624]

---
 CHANGES          |  3 +++
 lib/dns/dnssec.c | 15 +++++++++------
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/CHANGES b/CHANGES
index b5f40df73d..0776dd7558 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2771.	[bug]		dnssec-signzone: DNSKEY records could be
+			corrupted when importing from key files [RT #20624]
+
 2770.	[cleanup]	Add log messages to resolver.c to indicate events
 			causing FORMERR responses. [RT #20526]
 
diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c
index cac4d6c1bc..c629dcf197 100644
--- a/lib/dns/dnssec.c
+++ b/lib/dns/dnssec.c
@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: dnssec.c,v 1.109 2009/11/16 01:44:33 each Exp $
+ * $Id: dnssec.c,v 1.110 2009/11/17 05:46:53 each Exp $
  */
 
 /*! \file */
@@ -1364,13 +1364,14 @@ dns_dnssec_keylistfromrdataset(dns_name_t *origin,
 }
 
 static isc_result_t
-make_dnskey(dst_key_t *key, dns_rdata_t *target) {
+make_dnskey(dst_key_t *key, unsigned char *buf, int bufsize,
+	    dns_rdata_t *target)
+{
 	isc_result_t result;
-	unsigned char data[DST_KEY_MAXSIZE];
 	isc_buffer_t b;
 	isc_region_t r;
 
-	isc_buffer_init(&b, data, sizeof(data));
+	isc_buffer_init(&b, buf, bufsize);
 	result = dst_key_todns(key, &b);
 	if (result != ISC_R_SUCCESS)
 		return (result);
@@ -1389,11 +1390,12 @@ publish_key(dns_diff_t *add, dns_dnsseckey_t *key, dns_name_t *origin,
 {
 	isc_result_t result;
 	dns_difftuple_t *tuple = NULL;
+	unsigned char buf[DST_KEY_MAXSIZE];
 	dns_rdata_t dnskey = DNS_RDATA_INIT;
 	char alg[80];
 
 	dns_rdata_reset(&dnskey);
-	RETERR(make_dnskey(key->key, &dnskey));
+	RETERR(make_dnskey(key->key, buf, sizeof(buf), &dnskey));
 
 	dns_secalg_format(dst_key_alg(key->key), alg, sizeof(alg));
 	report("Fetching %s %d/%s from key %s\n",
@@ -1430,6 +1432,7 @@ remove_key(dns_diff_t *del, dns_dnsseckey_t *key, dns_name_t *origin,
 {
 	isc_result_t result;
 	dns_difftuple_t *tuple = NULL;
+	unsigned char buf[DST_KEY_MAXSIZE];
 	dns_rdata_t dnskey = DNS_RDATA_INIT;
 	char alg[80];
 
@@ -1437,7 +1440,7 @@ remove_key(dns_diff_t *del, dns_dnsseckey_t *key, dns_name_t *origin,
 	report("Removing %s key %d/%s from DNSKEY RRset.\n",
 	       reason, dst_key_id(key->key), alg);
 
-	RETERR(make_dnskey(key->key, &dnskey));
+	RETERR(make_dnskey(key->key, buf, sizeof(buf), &dnskey));
 	RETERR(dns_difftuple_create(mctx, DNS_DIFFOP_DEL, origin, ttl, &dnskey,
 				    &tuple));
 	dns_diff_append(del, &tuple);

From a5f51e95e765f7d4bc770d9f8e6b4516342df191 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Tue, 17 Nov 2009 06:16:53 +0000
Subject: [PATCH 84/87] update

---
 doc/private/SRCID | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/private/SRCID b/doc/private/SRCID
index 8a4d12dd20..adf150b57d 100644
--- a/doc/private/SRCID
+++ b/doc/private/SRCID
@@ -1,6 +1,6 @@
-# $Id: SRCID,v 1.11 2009/11/17 03:20:19 tbox Exp $
+# $Id: SRCID,v 1.12 2009/11/17 06:16:53 tbox Exp $
 # 
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
 #
-SRCID="( $Date: 2009/11/17 03:20:19 $ )"
+SRCID="( $Date: 2009/11/17 06:16:53 $ )"

From 124293bba2ec76c3e63cb95e804464f246d47a4a Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Tue, 17 Nov 2009 23:19:03 +0000
Subject: [PATCH 85/87] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index cc540632b1..9bf8e7f89b 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -274,6 +274,7 @@ rt20405				new	each	// 2009-10-14 05:15 +0000
 rt20406				new	each	// 2009-10-20 00:14 +0000
 rt20421				new	each	// 2009-10-20 19:04 +0000
 rt20438				new	marka	// 2009-10-28 03:27 +0000
+rt20438a			new	marka	// 2009-11-17 03:39 +0000
 rt20452				new	marka	// 2009-10-30 23:27 +0000
 rt20453				new	marka	// 2009-10-23 12:52 +0000
 rt20474				new	each	// 2009-10-27 05:30 +0000

From e34e9a8d68321e4bf1ae67a8d4609e4da5da021d Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Tue, 17 Nov 2009 23:48:13 +0000
Subject: [PATCH 86/87] update copyright notice

---
 lib/dns/resolver.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 98f2dccb0d..57a7b42175 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.410 2009/11/17 02:23:15 each Exp $ */
+/* $Id: resolver.c,v 1.411 2009/11/17 23:48:13 tbox Exp $ */
 
 /*! \file */
 
@@ -3787,8 +3787,8 @@ same_question(fetchctx_t *fctx) {
 	    fctx->res->rdclass != rdataset->rdclass ||
 	    !dns_name_equal(&fctx->name, name)) {
 		char namebuf[DNS_NAME_FORMATSIZE];
-       		char class[DNS_RDATACLASS_FORMATSIZE];
-       		char type[DNS_RDATATYPE_FORMATSIZE];
+		char class[DNS_RDATACLASS_FORMATSIZE];
+		char type[DNS_RDATATYPE_FORMATSIZE];
 
 		dns_name_format(name, namebuf, sizeof(namebuf));
 		dns_rdataclass_format(rdataset->rdclass, class, sizeof(class));
@@ -5413,7 +5413,7 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
 					 */
 					if (ns_name == NULL) {
 						log_formerr(fctx,
-						 	    "DS with no "
+							    "DS with no "
 							    "referral");
 						return (DNS_R_FORMERR);
 					}
@@ -5696,7 +5696,7 @@ answer_response(fetchctx_t *fctx) {
 						dns_rdatatype_format(fctx->type,
 							      buf, sizeof(buf));
 						log_formerr(fctx,
-		 					    "CNAME response "
+							    "CNAME response "
 							    "for %s RR", buf);
 						return (DNS_R_FORMERR);
 					}
@@ -5832,7 +5832,7 @@ answer_response(fetchctx_t *fctx) {
 					 */
 					if (!chaining && external) {
 						log_formerr(fctx,
-		 					    "external DNAME");
+							    "external DNAME");
 						return (DNS_R_FORMERR);
 					}
 					found = ISC_TRUE;
@@ -5977,7 +5977,7 @@ answer_response(fetchctx_t *fctx) {
 	 */
 	if (message->rcode != dns_rcode_noerror) {
 		log_formerr(fctx, "CNAME/DNAME chain complete, but RCODE "
-			          "indicates error");
+				  "indicates error");
 		return (DNS_R_FORMERR);
 	}
 

From a39a5f4d816ca7d3f43106712ca668dd1ab31d69 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 17 Nov 2009 23:55:18 +0000
Subject: [PATCH 87/87] 2772.   [security]      When validating, track whether
 pending data was from                         the additional section or not
 and only return it if                         validates as secure. [RT
 #20438]

---
 CHANGES                                      |  4 ++
 bin/named/query.c                            | 68 ++++++++++++++++----
 bin/tests/system/conf.sh.in                  |  4 +-
 bin/tests/system/pending/clean.sh            | 10 +++
 bin/tests/system/pending/ns1/named.conf      | 38 +++++++++++
 bin/tests/system/pending/ns1/root.db.in      | 31 +++++++++
 bin/tests/system/pending/ns1/sign.sh         | 51 +++++++++++++++
 bin/tests/system/pending/ns2/example.db.in   | 28 ++++++++
 bin/tests/system/pending/ns2/named.conf      | 48 ++++++++++++++
 bin/tests/system/pending/ns2/sign.sh         | 34 ++++++++++
 bin/tests/system/pending/ns3/hostile.db      | 27 ++++++++
 bin/tests/system/pending/ns3/mail.example.db | 28 ++++++++
 bin/tests/system/pending/ns3/named.conf      | 53 +++++++++++++++
 bin/tests/system/pending/ns4/named.conf      | 37 +++++++++++
 bin/tests/system/pending/prereq.sh           | 28 ++++++++
 bin/tests/system/pending/setup.sh            | 21 ++++++
 bin/tests/system/pending/tests.sh            | 47 ++++++++++++++
 lib/dns/include/dns/types.h                  | 34 ++++++----
 lib/dns/masterdump.c                         |  5 +-
 lib/dns/rbtdb.c                              |  6 +-
 lib/dns/resolver.c                           | 35 ++++++++--
 lib/dns/validator.c                          | 12 ++--
 22 files changed, 607 insertions(+), 42 deletions(-)
 create mode 100644 bin/tests/system/pending/clean.sh
 create mode 100644 bin/tests/system/pending/ns1/named.conf
 create mode 100644 bin/tests/system/pending/ns1/root.db.in
 create mode 100644 bin/tests/system/pending/ns1/sign.sh
 create mode 100644 bin/tests/system/pending/ns2/example.db.in
 create mode 100644 bin/tests/system/pending/ns2/named.conf
 create mode 100644 bin/tests/system/pending/ns2/sign.sh
 create mode 100644 bin/tests/system/pending/ns3/hostile.db
 create mode 100644 bin/tests/system/pending/ns3/mail.example.db
 create mode 100644 bin/tests/system/pending/ns3/named.conf
 create mode 100644 bin/tests/system/pending/ns4/named.conf
 create mode 100644 bin/tests/system/pending/prereq.sh
 create mode 100644 bin/tests/system/pending/setup.sh
 create mode 100644 bin/tests/system/pending/tests.sh

diff --git a/CHANGES b/CHANGES
index 0776dd7558..40c3e4feaa 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+2772.	[security]	When validating, track whether pending data was from
+			the additional section or not and only return it if
+			validates as secure. [RT #20438]
+
 2771.	[bug]		dnssec-signzone: DNSKEY records could be
 			corrupted when importing from key files [RT #20624]
 
diff --git a/bin/named/query.c b/bin/named/query.c
index 4d08c90da3..52365433da 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.c,v 1.331 2009/11/03 04:39:41 marka Exp $ */
+/* $Id: query.c,v 1.332 2009/11/17 23:55:18 marka Exp $ */
 
 /*! \file */
 
@@ -116,6 +116,8 @@
 #define DNS_GETDB_NOLOG 0x02U
 #define DNS_GETDB_PARTIAL 0x04U
 
+#define PENDINGOK(x)	(((x) & DNS_DBFIND_PENDINGOK) != 0)
+
 typedef struct client_additionalctx {
 	ns_client_t *client;
 	dns_rdataset_t *rdataset;
@@ -1761,8 +1763,8 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
 	 */
 	if (result == ISC_R_SUCCESS &&
 	    additionaltype == dns_rdatasetadditional_fromcache &&
-	    (rdataset->trust == dns_trust_pending ||
-	     rdataset->trust == dns_trust_glue) &&
+	    (DNS_TRUST_PENDING(rdataset->trust) ||
+	     DNS_TRUST_GLUE(rdataset->trust)) &&
 	    !validate(client, db, fname, rdataset, sigrdataset)) {
 		dns_rdataset_disassociate(rdataset);
 		if (dns_rdataset_isassociated(sigrdataset))
@@ -1801,8 +1803,8 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
 	 */
 	if (result == ISC_R_SUCCESS &&
 	    additionaltype == dns_rdatasetadditional_fromcache &&
-	    (rdataset->trust == dns_trust_pending ||
-	     rdataset->trust == dns_trust_glue) &&
+	    (DNS_TRUST_PENDING(rdataset->trust) ||
+	     DNS_TRUST_GLUE(rdataset->trust)) &&
 	    !validate(client, db, fname, rdataset, sigrdataset)) {
 		dns_rdataset_disassociate(rdataset);
 		if (dns_rdataset_isassociated(sigrdataset))
@@ -2602,14 +2604,14 @@ query_addbestns(ns_client_t *client) {
 	/*
 	 * Attempt to validate RRsets that are pending or that are glue.
 	 */
-	if ((rdataset->trust == dns_trust_pending ||
-	     (sigrdataset != NULL && sigrdataset->trust == dns_trust_pending))
+	if ((DNS_TRUST_PENDING(rdataset->trust) ||
+	     (sigrdataset != NULL && DNS_TRUST_PENDING(sigrdataset->trust)))
 	    && !validate(client, db, fname, rdataset, sigrdataset) &&
-	    (client->query.dboptions & DNS_DBFIND_PENDINGOK) == 0)
+	    !PENDINGOK(client->query.dboptions))
 		goto cleanup;
 
-	if ((rdataset->trust == dns_trust_glue ||
-	     (sigrdataset != NULL && sigrdataset->trust == dns_trust_glue)) &&
+	if ((DNS_TRUST_GLUE(rdataset->trust) ||
+	     (sigrdataset != NULL && DNS_TRUST_GLUE(sigrdataset->trust))) &&
 	    !validate(client, db, fname, rdataset, sigrdataset) &&
 	    SECURE(client) && WANTDNSSEC(client))
 		goto cleanup;
@@ -3733,6 +3735,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 	dns_rdataset_t *noqname;
 	isc_boolean_t resuming;
 	int line = -1;
+	dns_rdataset_t tmprdataset;
+	unsigned int dboptions;
 
 	CTRACE("query_find");
 
@@ -3950,9 +3954,49 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 	/*
 	 * Now look for an answer in the database.
 	 */
+	dboptions = client->query.dboptions;
+	if (sigrdataset == NULL && client->view->enablednssec) {
+		/*
+		 * If the client doesn't want DNSSEC we still want to
+		 * look for any data pending validation to save a remote
+		 * lookup if possible.
+		 */
+		dns_rdataset_init(&tmprdataset);
+		sigrdataset = &tmprdataset;
+		dboptions |= DNS_DBFIND_PENDINGOK;
+	}
+ refind:
 	result = dns_db_find(db, client->query.qname, version, type,
-			     client->query.dboptions, client->now,
-			     &node, fname, rdataset, sigrdataset);
+			     dboptions, client->now, &node, fname,
+			     rdataset, sigrdataset);
+	/*
+	 * If we have found pending data try to validate it.
+	 * If the data does not validate as secure and we can't
+	 * use the unvalidated data requery the database with
+	 * pending disabled to prevent infinite looping.
+	 */
+	if (result != ISC_R_SUCCESS || !DNS_TRUST_PENDING(rdataset->trust))
+		goto validation_done;
+	if (validate(client, db, fname, rdataset, sigrdataset))
+		goto validation_done;
+	if (rdataset->trust != dns_trust_pending_answer ||
+	    !PENDINGOK(client->query.dboptions)) {
+		dns_rdataset_disassociate(rdataset);
+		if (sigrdataset != NULL &&
+		    dns_rdataset_isassociated(sigrdataset))
+			dns_rdataset_disassociate(sigrdataset);
+		if (sigrdataset == &tmprdataset)
+			sigrdataset = NULL;
+		dns_db_detachnode(db, &node);
+		dboptions &= ~DNS_DBFIND_PENDINGOK;
+		goto refind;
+	}
+ validation_done:
+	if (sigrdataset == &tmprdataset) {
+		if (dns_rdataset_isassociated(sigrdataset))
+			dns_rdataset_disassociate(sigrdataset);
+		sigrdataset = NULL;
+	}
 
  resume:
 	CTRACE("query_find: resume");
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index 4936e0e7ac..d19138662c 100644
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: conf.sh.in,v 1.41 2009/07/29 23:47:42 tbox Exp $
+# $Id: conf.sh.in,v 1.42 2009/11/17 23:55:18 marka Exp $
 
 #
 # Common configuration data for system tests, to be sourced into
@@ -45,7 +45,7 @@ CHECKCONF=$TOP/bin/check/named-checkconf
 # load on the machine to make it unusable to other users.
 # v6synth
 SUBDIRS="acl cacheclean checkconf checknames dnssec forward glue ixfr limits
-    lwresd masterfile masterformat notify nsupdate resolver rrsetorder
+    lwresd masterfile masterformat notify nsupdate pending resolver rrsetorder
     sortlist stub tkey unknown upforwd views xfer xferquota zonechecks"
 
 # PERL will be an empty string if no perl interpreter was found.
diff --git a/bin/tests/system/pending/clean.sh b/bin/tests/system/pending/clean.sh
new file mode 100644
index 0000000000..3ecb0302bc
--- /dev/null
+++ b/bin/tests/system/pending/clean.sh
@@ -0,0 +1,10 @@
+#
+rm -rf */*.signed
+rm -rf */K*
+rm -rf */dsset-*
+rm -rf */named.memstats
+rm -rf */named.run
+rm -rf */trusted.conf
+rm -rf ns1/root.db
+rm -rf ns2/example.db
+rm -rf random.data
diff --git a/bin/tests/system/pending/ns1/named.conf b/bin/tests/system/pending/ns1/named.conf
new file mode 100644
index 0000000000..b23843f597
--- /dev/null
+++ b/bin/tests/system/pending/ns1/named.conf
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.2 2009/11/17 23:55:18 marka Exp $ */
+
+controls { /* empty */ };
+
+include "trusted.conf";
+
+options {
+	query-source address 10.53.0.1;
+	notify-source 10.53.0.1;
+	transfer-source 10.53.0.1;
+	port 5300;
+	pid-file "named.pid";
+	listen-on { 10.53.0.1; };
+	listen-on-v6 { none; };
+	recursion no;
+};
+
+zone "." {
+	type master;
+	file "root.db.signed";
+};
+
diff --git a/bin/tests/system/pending/ns1/root.db.in b/bin/tests/system/pending/ns1/root.db.in
new file mode 100644
index 0000000000..d32be8a76c
--- /dev/null
+++ b/bin/tests/system/pending/ns1/root.db.in
@@ -0,0 +1,31 @@
+; Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db.in,v 1.2 2009/11/17 23:55:18 marka Exp $
+
+$TTL 30
+. 			IN SOA	marka.isc.org. a.root.servers.nil. (
+				2000042100   	; serial
+				600         	; refresh
+				600         	; retry
+				1200    	; expire
+				600       	; minimum
+				)
+.			NS	a.root-servers.nil.
+a.root-servers.nil.	A	10.53.0.1
+
+example.		NS	ns2.example.
+ns2.example.		A	10.53.0.2
+hostile.		NS	ns3.hostile.
+ns3.hostile.		A	10.53.0.3
diff --git a/bin/tests/system/pending/ns1/sign.sh b/bin/tests/system/pending/ns1/sign.sh
new file mode 100644
index 0000000000..b0b0a0e40b
--- /dev/null
+++ b/bin/tests/system/pending/ns1/sign.sh
@@ -0,0 +1,51 @@
+#!/bin/sh 
+#
+# Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: sign.sh,v 1.2 2009/11/17 23:55:18 marka Exp $
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+RANDFILE=../random.data
+
+zone=.
+infile=root.db.in
+zonefile=root.db
+
+(cd ../ns2 && sh -e sign.sh )
+
+cp ../ns2/dsset-example. .
+
+keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
+keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -f KSK -n zone $zone`
+cat $infile $keyname1.key $keyname2.key > $zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone $zonefile > /dev/null
+
+# Configure the resolving server with a trusted key.
+
+cat $keyname2.key | grep -v '^; ' | $PERL -n -e '
+local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
+local $key = join("", @rest);
+print < trusted.conf
+cp trusted.conf ../ns2/trusted.conf
+cp trusted.conf ../ns3/trusted.conf
+cp trusted.conf ../ns4/trusted.conf
diff --git a/bin/tests/system/pending/ns2/example.db.in b/bin/tests/system/pending/ns2/example.db.in
new file mode 100644
index 0000000000..ca0d596b21
--- /dev/null
+++ b/bin/tests/system/pending/ns2/example.db.in
@@ -0,0 +1,28 @@
+; Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example.db.in,v 1.2 2009/11/17 23:55:18 marka Exp $
+
+$TTL 30
+@			IN SOA	mname1. . (
+				2009110300 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+			NS	ns2
+			MX	10 mail
+ns2			A	10.53.0.2
+mail			A	10.0.0.2
diff --git a/bin/tests/system/pending/ns2/named.conf b/bin/tests/system/pending/ns2/named.conf
new file mode 100644
index 0000000000..5ed012459f
--- /dev/null
+++ b/bin/tests/system/pending/ns2/named.conf
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2004, 2006-2008  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2002  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.2 2009/11/17 23:55:18 marka Exp $ */
+
+// NS2
+
+controls { /* empty */ };
+
+include "trusted.conf";
+
+options {
+	query-source address 10.53.0.2;
+	notify-source 10.53.0.2;
+	transfer-source 10.53.0.2;
+	port 5300;
+	pid-file "named.pid";
+	listen-on { 10.53.0.2; };
+	listen-on-v6 { none; };
+	recursion no;
+	notify yes;
+	dnssec-enable yes;
+	dnssec-validation yes;
+};
+
+zone "." {
+	type hint;
+	file "../../common/root.hint";
+};
+
+zone "example" {
+	type master;
+	file "example.db.signed";
+};
diff --git a/bin/tests/system/pending/ns2/sign.sh b/bin/tests/system/pending/ns2/sign.sh
new file mode 100644
index 0000000000..ea8af0a8a5
--- /dev/null
+++ b/bin/tests/system/pending/ns2/sign.sh
@@ -0,0 +1,34 @@
+#!/bin/sh -e
+#
+# Copyright (C) 2004, 2006-2009  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2003  Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: sign.sh,v 1.2 2009/11/17 23:55:18 marka Exp $
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+RANDFILE=../random.data
+
+zone=example.
+infile=example.db.in
+zonefile=example.db
+
+keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
+keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -f KSK -n zone $zone`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
diff --git a/bin/tests/system/pending/ns3/hostile.db b/bin/tests/system/pending/ns3/hostile.db
new file mode 100644
index 0000000000..2a2d3501df
--- /dev/null
+++ b/bin/tests/system/pending/ns3/hostile.db
@@ -0,0 +1,27 @@
+; Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: hostile.db,v 1.2 2009/11/17 23:55:18 marka Exp $
+
+$TTL 30
+@			IN SOA	mname1. . (
+				2009110500 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+			NS	ns3
+			MX	10 mail.example.
+ns3			A	10.53.0.3
diff --git a/bin/tests/system/pending/ns3/mail.example.db b/bin/tests/system/pending/ns3/mail.example.db
new file mode 100644
index 0000000000..d56f9f01ed
--- /dev/null
+++ b/bin/tests/system/pending/ns3/mail.example.db
@@ -0,0 +1,28 @@
+; Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: mail.example.db,v 1.2 2009/11/17 23:55:18 marka Exp $
+
+$TTL 30
+@			IN SOA	mname1. . (
+				2009110300 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+@			NS	ns3
+ns3			A	10.53.0.3
+;mail			A	10.0.0.2	// the correct record
+@			A	10.0.0.3
diff --git a/bin/tests/system/pending/ns3/named.conf b/bin/tests/system/pending/ns3/named.conf
new file mode 100644
index 0000000000..6d39ae9b87
--- /dev/null
+++ b/bin/tests/system/pending/ns3/named.conf
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2004, 2006-2008  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2002  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.2 2009/11/17 23:55:18 marka Exp $ */
+
+// NS2
+
+controls { /* empty */ };
+
+include "trusted.conf";
+
+options {
+	query-source address 10.53.0.3;
+	notify-source 10.53.0.3;
+	transfer-source 10.53.0.3;
+	port 5300;
+	pid-file "named.pid";
+	listen-on { 10.53.0.3; };
+	listen-on-v6 { none; };
+	recursion no;
+	notify no;
+	dnssec-enable yes;
+	dnssec-validation yes;
+};
+
+zone "." {
+	type hint;
+	file "../../common/root.hint";
+};
+
+zone "mail.example" {
+	type master;
+	file "mail.example.db";
+};
+
+zone "hostile" {
+	type master;
+	file "hostile.db";
+};
diff --git a/bin/tests/system/pending/ns4/named.conf b/bin/tests/system/pending/ns4/named.conf
new file mode 100644
index 0000000000..8c941496e2
--- /dev/null
+++ b/bin/tests/system/pending/ns4/named.conf
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.2 2009/11/17 23:55:18 marka Exp $ */
+
+controls { /* empty */ };
+
+include "trusted.conf";
+
+options {
+	query-source address 10.53.0.4;
+	notify-source 10.53.0.4;
+	transfer-source 10.53.0.4;
+	port 5300;
+	pid-file "named.pid";
+	listen-on { 10.53.0.4; };
+	listen-on-v6 { none; };
+	recursion yes;
+};
+
+zone "." {
+        type hint;
+        file "../../common/root.hint";
+};
diff --git a/bin/tests/system/pending/prereq.sh b/bin/tests/system/pending/prereq.sh
new file mode 100644
index 0000000000..1e1b22ad5e
--- /dev/null
+++ b/bin/tests/system/pending/prereq.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2006, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002  Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: prereq.sh,v 1.2 2009/11/17 23:55:18 marka Exp $
+
+../../../tools/genrandom 400 random.data
+
+if $KEYGEN -q -a RSAMD5 -b 512 -n zone -r random.data foo > /dev/null 2>&1
+then
+    rm -f Kfoo*
+else
+    echo "I:This test requires that --with-openssl was used." >&2
+    exit 1
+fi
diff --git a/bin/tests/system/pending/setup.sh b/bin/tests/system/pending/setup.sh
new file mode 100644
index 0000000000..5332d36de6
--- /dev/null
+++ b/bin/tests/system/pending/setup.sh
@@ -0,0 +1,21 @@
+#!/bin/sh -e
+#
+# Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.2 2009/11/17 23:55:18 marka Exp $
+
+../../../tools/genrandom 400 random.data
+
+cd ns1 && sh -e sign.sh
diff --git a/bin/tests/system/pending/tests.sh b/bin/tests/system/pending/tests.sh
new file mode 100644
index 0000000000..58019a9d48
--- /dev/null
+++ b/bin/tests/system/pending/tests.sh
@@ -0,0 +1,47 @@
+#!/bin/sh
+#
+# Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002  Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.2 2009/11/17 23:55:18 marka Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+n=0
+
+rm -f dig.out.*
+
+DIGOPTS="+short +tcp +cd -p 5300"
+
+echo I:Priming cache.
+ret=0
+expect="10 mail.example."
+ans=`$DIG $DIGOPTS @10.53.0.4 hostile MX` || ret=1
+test "$ans" = "$expect" || ret=1
+test $ret = 0 || echo I:failed, got "'""$ans""'", expected "'""$expect""'"
+status=`expr $status + $ret`
+
+echo I:Checking that bogus additional is not returned with +CD.
+ret=0
+expect="10.0.0.2"
+ans=`$DIG $DIGOPTS @10.53.0.4 mail.example A` || ret=1
+test "$ans" = "$expect" || ret=1
+test $ret = 0 || echo I:failed, got "'""$ans""'", expected "'""$expect""'"
+status=`expr $status + $ret`
+
+echo "I:exit status: $status"
+exit $status
diff --git a/lib/dns/include/dns/types.h b/lib/dns/include/dns/types.h
index 46faaab982..6940fa4d8e 100644
--- a/lib/dns/include/dns/types.h
+++ b/lib/dns/include/dns/types.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: types.h,v 1.137 2009/10/26 23:14:54 each Exp $ */
+/* $Id: types.h,v 1.138 2009/11/17 23:55:18 marka Exp $ */
 
 #ifndef DNS_TYPES_H
 #define DNS_TYPES_H 1
@@ -275,40 +275,52 @@ enum {
 	dns_trust_none = 0,
 #define dns_trust_none			((dns_trust_t)dns_trust_none)
 
-	/*% Subject to DNSSEC validation but has not yet been validated */
-	dns_trust_pending = 1,
-#define dns_trust_pending		((dns_trust_t)dns_trust_pending)
+	/*%
+	 * Subject to DNSSEC validation but has not yet been validated
+	 * dns_trust_pending_additional (from the additional section).
+	 */
+	dns_trust_pending_additional = 1,
+#define dns_trust_pending_additional \
+		 ((dns_trust_t)dns_trust_pending_additional)
+
+	dns_trust_pending_answer = 2,
+#define dns_trust_pending_answer	((dns_trust_t)dns_trust_pending_answer)
 
 	/*% Received in the additional section of a response. */
-	dns_trust_additional = 2,
+	dns_trust_additional = 3,
 #define dns_trust_additional		((dns_trust_t)dns_trust_additional)
 
 	/* Received in a referral response. */
-	dns_trust_glue = 3,
+	dns_trust_glue = 4,
 #define dns_trust_glue			((dns_trust_t)dns_trust_glue)
 
 	/* Answer from a non-authoritative server */
-	dns_trust_answer = 4,
+	dns_trust_answer = 5,
 #define dns_trust_answer		((dns_trust_t)dns_trust_answer)
 
 	/*  Received in the authority section as part of an
 	    authoritative response */
-	dns_trust_authauthority = 5,
+	dns_trust_authauthority = 6,
 #define dns_trust_authauthority		((dns_trust_t)dns_trust_authauthority)
 
 	/* Answer from an authoritative server */
-	dns_trust_authanswer = 6,
+	dns_trust_authanswer = 7,
 #define dns_trust_authanswer		((dns_trust_t)dns_trust_authanswer)
 
 	/* Successfully DNSSEC validated */
-	dns_trust_secure = 7,
+	dns_trust_secure = 8,
 #define dns_trust_secure		((dns_trust_t)dns_trust_secure)
 
 	/* This server is authoritative */
-	dns_trust_ultimate = 8
+	dns_trust_ultimate = 9
 #define dns_trust_ultimate		((dns_trust_t)dns_trust_ultimate)
 };
 
+#define DNS_TRUST_PENDING(x)		((x) == dns_trust_pending_answer || \
+					 (x) == dns_trust_pending_additional)
+#define DNS_TRUST_GLUE(x)		((x) == dns_trust_glue)
+
+
 /*%
  * Name checking severities.
  */
diff --git a/lib/dns/masterdump.c b/lib/dns/masterdump.c
index a451d98dfd..42d382976c 100644
--- a/lib/dns/masterdump.c
+++ b/lib/dns/masterdump.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: masterdump.c,v 1.98 2009/09/01 00:22:26 jinmei Exp $ */
+/* $Id: masterdump.c,v 1.99 2009/11/17 23:55:18 marka Exp $ */
 
 /*! \file */
 
@@ -837,7 +837,8 @@ dump_order_compare(const void *a, const void *b) {
 
 static const char *trustnames[] = {
 	"none",
-	"pending",
+	"pending-additional",
+	"pending-answer",
 	"additional",
 	"glue",
 	"answer",
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index 8e9e46d85e..bfb4cf01b8 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rbtdb.c,v 1.287 2009/11/12 02:59:20 each Exp $ */
+/* $Id: rbtdb.c,v 1.288 2009/11/17 23:55:18 marka Exp $ */
 
 /*! \file */
 
@@ -4121,7 +4121,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
 	}
 
 	if (dname_header != NULL &&
-	    (dname_header->trust != dns_trust_pending ||
+	    (!DNS_TRUST_PENDING(dname_header->trust) ||
 	     (search->options & DNS_DBFIND_PENDINGOK) != 0)) {
 		/*
 		 * We increment the reference count on node to ensure that
@@ -4664,7 +4664,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 	if (found == NULL ||
 	    (found->trust == dns_trust_glue &&
 	     ((options & DNS_DBFIND_GLUEOK) == 0)) ||
-	    (found->trust == dns_trust_pending &&
+	    (DNS_TRUST_PENDING(found->trust) &&
 	     ((options & DNS_DBFIND_PENDINGOK) == 0))) {
 		/*
 		 * If there is an NS rdataset at this node, then this is the
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 57a7b42175..eac42b8b5b 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.411 2009/11/17 23:48:13 tbox Exp $ */
+/* $Id: resolver.c,v 1.412 2009/11/17 23:55:18 marka Exp $ */
 
 /*! \file */
 
@@ -4363,6 +4363,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
 		 * for it, unless it is glue.
 		 */
 		if (secure_domain && rdataset->trust != dns_trust_glue) {
+			dns_trust_t trust;
 			/*
 			 * RRSIGs are validated as part of validating the
 			 * type they cover.
@@ -4399,12 +4400,34 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
 			}
 
 			/*
-			 * Cache this rdataset/sigrdataset pair as
-			 * pending data.
+			 * Reject out of bailiwick additional records
+			 * without RRSIGs as they can't possibly validate
+			 * as "secure" and as we will never never want to
+			 * store these as "answers" after validation.
 			 */
-			rdataset->trust = dns_trust_pending;
+			if (rdataset->trust == dns_trust_additional &&
+			    sigrdataset == NULL && EXTERNAL(rdataset))
+				continue;
+				
+			/*
+                         * XXXMPA: If we store as "answer" after validating
+                         * then we need to do bailiwick processing and
+                         * also need to track whether RRsets are in or
+                         * out of bailiwick.  This will require a another 
+                         * pending trust level.
+                         *
+			 * Cache this rdataset/sigrdataset pair as
+			 * pending data.  Track whether it was additional
+			 * or not.
+			 */
+			if (rdataset->trust == dns_trust_additional)
+				trust = dns_trust_pending_additional;
+			else
+				trust = dns_trust_pending_answer;
+
+			rdataset->trust = trust;
 			if (sigrdataset != NULL)
-				sigrdataset->trust = dns_trust_pending;
+				sigrdataset->trust = trust;
 			if (!need_validation || !ANSWER(rdataset)) {
 				addedrdataset = ardataset;
 				result = dns_db_addrdataset(fctx->cache, node,
@@ -4752,7 +4775,7 @@ ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
 			for (trdataset = ISC_LIST_HEAD(tname->list);
 			     trdataset != NULL;
 			     trdataset = ISC_LIST_NEXT(trdataset, link))
-				trdataset->trust = dns_trust_pending;
+				trdataset->trust = dns_trust_pending_answer;
 			result = dns_message_nextname(fctx->rmessage,
 						      DNS_SECTION_AUTHORITY);
 		}
diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index 8a08ab0524..2fd0bc1c86 100644
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: validator.c,v 1.181 2009/11/16 07:56:06 each Exp $ */
+/* $Id: validator.c,v 1.182 2009/11/17 23:55:18 marka Exp $ */
 
 #include 
 
@@ -1614,7 +1614,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *siginfo) {
 		 * We have an rrset for the given keyname.
 		 */
 		val->keyset = &val->frdataset;
-		if (val->frdataset.trust == dns_trust_pending &&
+		if (DNS_TRUST_PENDING(val->frdataset.trust) &&
 		    dns_rdataset_isassociated(&val->fsigrdataset))
 		{
 			/*
@@ -1629,7 +1629,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *siginfo) {
 			if (result != ISC_R_SUCCESS)
 				return (result);
 			return (DNS_R_WAIT);
-		} else if (val->frdataset.trust == dns_trust_pending) {
+		} else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
 			/*
 			 * Having a pending key with no signature means that
 			 * something is broken.
@@ -2269,7 +2269,7 @@ validatezonekey(dns_validator_t *val) {
 			 * We have DS records.
 			 */
 			val->dsset = &val->frdataset;
-			if (val->frdataset.trust == dns_trust_pending &&
+			if (DNS_TRUST_PENDING(val->frdataset.trust) &&
 			    dns_rdataset_isassociated(&val->fsigrdataset))
 			{
 				result = create_validator(val,
@@ -2282,7 +2282,7 @@ validatezonekey(dns_validator_t *val) {
 				if (result != ISC_R_SUCCESS)
 					return (result);
 				return (DNS_R_WAIT);
-			} else if (val->frdataset.trust == dns_trust_pending) {
+			} else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
 				/*
 				 * There should never be an unsigned DS.
 				 */
@@ -3375,7 +3375,7 @@ proveunsecure(dns_validator_t *val, isc_boolean_t have_ds, isc_boolean_t resume)
 			 * There is no DS.  If this is a delegation,
 			 * we may be done.
 			 */
-			if (val->frdataset.trust == dns_trust_pending) {
+			if (DNS_TRUST_PENDING(val->frdataset.trust)) {
 				result = create_fetch(val, tname,
 						      dns_rdatatype_ds,
 						      dsfetched2,