Fetchmail Release Notes ======================= This file is in Unicode charset with UTF-8 encoding. (The `lines' figures total .c, .h, .l, and .y files under version control. Abbreviations in parentheses are the maintainers who committed the respective change. MA = Matthias Andree, ESR = Eric S. Raymond, RF = Rob Funk.) # DEPRECATED FEATURES AND MAJOR INCOMPATIBLE CHANGE ADVANCE WARNINGS * The MX and host alias DNS lookups that fetchmail performs in multidrop mode are obsolete, deprecated and may be removed from a future fetchmail version. They have never supported IPv6 (including IPv6-mapped IPv4) anyhow. * The monitor and interface options may be removed from a future fetchmail version as they are not sufficiently portable. * POP2 is obsolete. Support for POP2 may be removed from a future fetchmail version. * RPOP is obsolete, support may be removed from a future fetchmail release. * --sslcertck may become a default setting in a future fetchmail version. * The multidrop To/Cc guessing code along with the fragile duplicate suppressor is deprecated and may be removed from a future release. * The --enable-fallback (fall back to MDA if MTA unavailable) may be removed from a future fetchmail release. -------------------------------------------------------------------------------- fetchmail 6.3.3 (not yet released): # BUG FIXES: * Do not attempt to overwrite the netrc password if none has been specified. This fixes a segmentation fault bug introduced into 6.3.2. Fixes BerliOS bug #6234. BerliOS patch #804 by Craig Leres. The patch, as accepted into fetchmail, was available separately from * Handle other clients concurrently accessing IMAP mailboxes better. Fetchmail quits the poll if the EXPUNGE count does not match expectations, and servers not updating RECENT counts after EXPUNGE are handled in a better way. (Patch by Sunil Shetye.) * fetchmail no longer replaces the local user ID for an empty envelope sender when using the proprietary SDPS extension for POP3. Fixes Debian Bug#353575, reported by Roger Lynn. # CHANGES: * --idle can now be specified on the command line, too. # DOCUMENTATION: * "ssl" is a user option rather than a server option. Patch by Nico Golde. Fixes Debian Bug#354661, reported by Keith Hellman. * The manual page now suggests "--" before the addresses in the sendmail MDA example, for safety. * The FAQ item X9, Domino IMAP omits Content-Transfer-Encoding header, was added. Information provided by Anthony Kim on the fetchmail-friends list in March 2006. fetchmail 6.3.2 (released 2006-01-22): Unless otherwise noted, changes to this release were made by Matthias Andree. # SECURITY FIX IN THIS RELEASE * CVE-2006-0321: Fix segfault or bus error after bouncing a message. This bug was introduced into 6.3.0 when removing alloca(); it caused fetchmail to free random memory. Reported by Nathaniel W. Turner, Debian Bug#348747. See fetchmail-SA-2006-01.txt # INCOMPATIBLE CHANGE: * Automatically disable the POP3 TOP command if the greeting string contains "Maillennium POP3/PROXY server", which is used by comcast and known to truncate messages after 80 kByte. Fall back to RETR, and complain if we had used TOP otherwise (the warning is printed only once per server in daemon mode). Suggested by Ed Wilts. *Note* that this means messages are marked read on these servers, which is a deviation from how 6.3.1 behaved, but we have no alternative, comcast haven't fixed this bug in years. Preventing the loss of the remainder of the message justifies this incompatible fix. * fetchmail, since 6.3.0, requires write permission to the directory holding the idfile. See the amendment in the 6.3.0 MAJOR INCOMPATIBLE CHANGES section below for details. The manual page was updated. # CHANGES RELEVANT TO PACKAGERS: * The outdated BUGS document was removed from the distribution. * Added fetchmail-SA-2006-01.txt to the distribution. # BUG FIXES: * SMTP/LMTP cleanup to fix these two bugs: - switch back to SMTP after having tried LMTP hosts (multiple smtphost hosts) - switch back to LMTP after sending a bounce. The patch removes the global state variable that was the root of this problem. Patch by Sunil Shetye. (MA) * Don't complain about fetchall keep in --configdump mode. Bug introduced in 6.3.0. * fetchmailconf.py: Fix novice help for Poll interval and fetchall. Reported by Justin Pryzby, Debian Bug #344978. * Some verbose output disappeared in debug mode. Adding further -v options would alternate between verbose and debug mode. debug mode now comprises all verbose output, and adding more -v options does not switch back from debug to verbose mode. * fetchmail.man: Fix accented characters in Héctor García's name. Merged from downstream debian/patches/01_man_page.dpatch. * Add missing --help text for "--sslcertck" option. * fetchmailconf.py: Accept --help and --version. * fetchmail --version now prints the copyright notice. * don't complain about READ-ONLY IMAP folders in --fetchall --keep mode. Reported Alexander Zangerl, Debian Bug#348964. * the RPM .spec file now generates a -debuginfo package on newer RPM versions. fetchmail 6.3.1 (released 2005-12-19): # SECURITY FIX IN THIS RELEASE * CVE-2005-4348 Fix segmentation fault (null pointer dereference) in multidrop mode with headerless email. See fetchmail-SA-2005-03.txt. Reported by Daniel Drake, patch by Sunil Shetye. (MA) # OTHER BUG FIXES, DOCUMENTATION AND TRANSLATION UPDATES * Fix broken default port in POP2. Patch by Stanislav Brabec, SUSE [CZ]. (MA) * Fix manual page, some lines starting with ' were escaped by \&. Reported by Simon Barner. (MA) * Ship with gettext-0.14.3 again, as 6.2.9-rc10 did. Found by Sunil Shetye. (MA) * Actually set default SSL certificate path if --sslcertpath is unset. Reported by Heino Tiedemann and Rob MacGregor. (MA) * Remove bogus Netscape IMAP4rev1 Service >= 3.6 warning about BODY[TEXT] that we are not using. Patch by Sunil Shetye. (MA) * Plug potential memory and socket leak when polling multiple folders or when the upstream sends bogus message sizes. Patch by Sunil Shetye. (MA) * Update Catalan translation, by Ernest Adrogué Calveras. (MA) * Fix segfault (null pointer dereference) on some operating systems with fetchmail's obsolete DNS MX/host alias lookups in multidrop mode. Patch by Dr.-Ing. Andreas Haakh. (MA) * Close SMTP sockets early, to reduce resource usage, trigger earlier delivery with some MTAs and avoid SIGPIPE (SIG 13) when the SMTP listener gets bored and drops the connection after timeout. Patch by Sunil Shetye. (MA) * Don't treat hitting a fetch limit as error. Patch by Sunil Shetye. (MA) * Fix negative "messages left on server" on idle/repoll with fetchlimit. Patch by Sunil Shetye. (MA) * Properly track logout stage. Patch by Sunil Shetye. (MA) * Preserve error conditions across postconnect script. Sunil Shetye. (MA) * Do not trash destination domain if multiple messages are forwarded into the same SMTP/LMTP connection. Reported by Joachim Feise, Berlios Bug #5849. (MA) * Manual page: Add "-md5" to "openssl x509" example in --sslfingerprint documentation, since OpenSSL 0.9.8 changed the default to SHA1. Suggested by Jason White. (MA) * Cope with servers that return UID information in response to non-UID RFC822.{SIZE|HEADER} requests. Reported by Jason White. Patch suggestion by by Sunil Shetye, simplified by MA. fetchmail 6.3.0 (released 2005-11-30): # SECURITY FIXES IN THIS RELEASE * CVE-2005-2335: The POP3 UIDL code doesn't sufficiently validate/truncate the input length, so a (malicious or compromised) server that sends UIDs longer than 128 bytes can corrupt fetchmail's stack and crash fetchmail. This vulnerability is remotely exploitable to inject code run in a root shell. Edward J. Shornock, Ludwig Nussel. fetchmail-SA-2005-01.txt * CVE-2005-3088: fetchmailconf now changes the output file to mode 0600 BEFORE writing to it, so there is no window where passwords could be read by the world. Matthias Andree. fetchmail-SA-2005-02.txt # MAJOR INCOMPATIBLE CHANGES * Remove support for --netsec/-T options, the required inet6_apps library is no longer available. http://www.inner.net/pub/ipv6/ states, as of 2005-07-03: "/pub/ipv6 Our IPv6 software is now long defunct. Please find a more modern source." I haven't been able to find a more modern source. Matthias Andree * Operating systems that do not conform to the Single Unix Specification v2 (1997) or v3 (2001, aka IEEE Std 1003.1-2001) are no longer supported. They may continue to work and non-intrusive patches to support them may be accepted. Matthias Andree * The default for --smtphost is now always "localhost" regardless of authentication types and protocols, so as to simplify configurations for workstations where the SMTP daemon only listens on the loopback interface. Sunil Shetye & Matthias Andree Amendment, 2006-01-04: * fetchmail's idfile (.fetchids) is no longer written directly, but the ids are written to a temporary file which is renamed into place after being written completely. This is to avoid writing incomplete idfiles when running out of space, which would cause excessive duplicate refetches of messages, this might make matters even worse. This means that fetchmail requires write permission on the directory holding the idfile. This will usually affect system-global daemons only, for instance, Debian. Found by Dan Jacobson. Matthias Andree. Escalated to "incompatible", 2006-01-13: * Try to obtain FQDN as our own host by default, rather than using "localhost". If hostname cannot be qualified, complain noisily and continue, unless Kerberos, ODMR or ETRN are used (these have always required an FQDN). Partial fix of Debian Bug#150137. Fixes Debian Bug#316454. Matthias Andree # CHANGES RELEVANT TO PACKAGERS AND USERS * fetchmailconf is now a shell wrapper that calls the byte-compiled fetchmailconf.py script, which is now installed in the regular python directory. Matthias Andree. * The --enable-inet6 configure option was removed. The code is mostly protocol agnostic, a fully IPv6 aware OS is expected to provide getaddrinfo(), getnameinfo() and the macro AF_INET6. Matthias Andree. * gettext (intl/) has been removed from the fetchmail package. Install GNU gettext 0.14 separately for NLS (i18n). Matthias Andree * Added Russian translation, courtesy of Pavel Maryanov of the Russian translation team. (MA) * Updated and re-enabled Czech translation, by Miloslav Trmac (MA). * Dropped da=Danish, el=Greek and tr=Turkish translations which have more than 10% (61+) untranslated or fuzzy messages. Matthias Andree. # OTHER USER-VISIBLE CHANGES * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP. (ESR) * PopDel.py removed from contrib at author's request. (ESR) * Matthias Andree's fix for Sunil Shetye's fetch-split patch. (ESR) * Include James Stone's moldremover.py script. (ESR) * Enable .fetchmailrc permissions checking under Cygwin. (ESR) * Nalin Dahyabai's fix for POP3 strong authentication. (ESR) * Revised Nalin Dahyabai's fix for POP3 strong authentication (the original version would go into an infinite loop when CAPA failed; found by David Greaves.) (MA) * HOME_ETC patch for PLD Linux. (ESR) * Sunil Shetye's fix for SSL configuration. (ESR) * Simon Josefsson's patch for GSS library support. (ESR) * Added Andrey Lelikov's recipe for Hotmail and Lycos Webmail. (ESR) * Remove blank between MAIL FROM: and <, which causes Cyrus to complain. Patch by Phil Endecott. (RF) * Build fixes for HESIOD and resolv.h trouble on FreeBSD. (MA) * Fabrice Bellet's fix for Red Hat bug #113492, fetchmail hangs in IMAP mode after EXPUNGE when the server (Dovecot 0.99.10) doesn't update RECENT and EXISTS counts. (MA) * Holger Mauermann's bounce patch, to use a NULL envelope from, not write a Return-Path header (both to meet RFC-2821), changed From, added Subject header, rewording the human readable part. Fixes Debian bug #316446. (MA) * Merge Sunil Shetye's time.h handling fix. (MA) * Merge Gerd von Egidy's patch to avoid a segfault in multidrop/received mode when the Received: headers are malformatted. (MA) * MIME-encode bodies and Subject headers of warning messages, limiting the header to 7 bits. (MA) * Normalize most locale codesets to IANA codesets, based on norm_charmap.c by Markus Kuhn. (MA) * Remove sleep(3) after POP3 login, patch by Brian Candler. (MA) * Fix option parsing bug that trashes the showdots setting when more than one server is configured. Patch by Brian Candler. (MA) * Honor sslcertpath setting even if sslcertck is unset. Patch by Brian Candler. (MA) * SSL certificate checking fixes, don't display same error message twice in succession, make sure that Common Name and fingerprint checking are only done once. Print all validation warnings/errors even if not in verbose mode. Patch by Brian Candler. (MA) * Import Bjorn Reese and Daniel Stenberg's MIT-licensed Trio 1.10 from http://daniel.haxx.se/projects/trio/ for systems that do not support snprintf or vsnprintf. (MA) * Clean up the horrible #ifdef HAVE_[V]SNPRINTF that made the code unreadable. Use Trio where [v]snprintf is/are missing. (MA) * Default to Linux 2.2 /proc/net/dev format, and use uname(2) to determine the kernel version instead of calling uname(1). Thanks to Paul Slootman. (MA) * Be more careful when swapping UID lists or writing the .fetchids file, requested by Manfred Weihs. (MA) * Print a warning if multidrop configuration is attempted without envelope option. (MA) * Split information on fetchmail versions before 6.0.0 to a separate OLDNEWS file. (MA) * Merge SuSE patches: (sent by Stanislav Brabec, merged by Matthias Andree) - fetchmail-6.2.5-declaration.patch (double sigint_handler decl/getpass.c) - fetchmail-6.2.5-implicit-declaration.patch (missing #include) - fetchmail-6.2.5-random-result.patch (uninitialized variable/opie.c) * Revised some bogus assertions about POP3 LAST and UIDL use in the manual page. UIDL isn't flaky as the man page suggested, but a reliability feature. In fact, IMAP4 code is flaky in that it relies on the upstream seen flags. (MA) * Miloslav Trmac's patch for fetchmailconf to support string-type values of the "port" variable, avoiding "port None" corruption in .fetchmailrc. To fix Redhat Bug #55623 (MA) * de.po fixes from Nico Golde (MA) * es.po fixes from Jesus Roncero, Debian bug #286044 (MA) * sink.c fix from Cesar Eduardo Barros, to avoid double @ in address when username contains an @ and the envelope sender is null, Debian bug #272289 (MA) * configure.ac cleanups by Miloslav Trmac (MA) * Miloslav Trmac's fix to reply_hack() type, for systems where sizeof(int) != sizeof(size_t). (MA) * Nalin Dahyabhai's fix for driver.c to not call the private Kerberos krb5_init_ets() function. Sent by Miloslav Trmac. (MA) * Nalin Dahyabhai's fix for sink.c/transact.c to reserve sufficient space for \r\n trailers in snprintf calls. Sent by Miloslav Trmac, possibly fixing Red Hat bug #114470. (MA). * Nalin Dahyabhai's patch to use the krb5-config script, if present. Sent by Miloslav Trmac. (MA) * Nalin Dahyabhai's fix to make rpa.c compile. Sent by Miloslav Trmac. (MA) * Trivial fetchmailconf.man to redirect to fetchmail.1. Reported by Miloslav Trmac. (MA) * Internationalization (i18n) updates by Miloslav Trmac. (MA) * Fix "couldn't find canonical DNS name of NN (MM)" for hosts that have only IPv6 addresses. Matthias Andree. * Revised INSTALL after question from Brian Candler, inet6-apps is no longer available: remove inet6-apps hints for IPv6, and add some apologetic message for IPsec. Note the code may be removed in a future version. Matthias Andree. * Brian Candler's FAQ update about SSL certificate verification. (MA) * Nico Golde's patch to support "proto RPOP" in the configuration file, reported by Dr. Andreas Krüger, Debian bug #242384 (MA) * Skip sending POP3 PASS command when USER command failed. Matthias Andree. * Run fetchmail.man through automatic spell checker. Matthias Andree. * Major fetchmail(1) manual page overhaul by R. Hannes Beinert, to clarify singledrop vs. multidrop operation. (MA) * Make tracepolls a server option, as documented. Fixes Debian bug #156094. Matthias Andree. * Fix some minor inaccuracies (RFC-1893 related, grammar/spelling) in the manual page. * Rename ESR's design notes to esrs-design-notes.html and add a new design-notes.html document. The NOTES file will contain both of them. Matthias Andree. * Fix Debian bug #301964, fetchmail leaks sockets when SSL negotiation fails. Fix suggested by Goswin Brederlow. (MA) * Really fix Debian Bug#207919 (garbage in Received: lines when smtphost set), patch by Tobias Diedrich. The 6.2.5 NEWS claimed Gregan's patch had fixed #207919 but it had fixed #212484 instead and #207919 remained unfixed in 6.2.5. The entry below has been corrected to read #212484 now. (MA) * When writing the PID file, write a FHS 2.3 compliant PID file. Fixes Debian bug #230615. Matthias Andree. * Make ODMR really silent, suppress "fetchmail: receiving message data". Fixes Debian Bug#296163. Matthias Andree. * Add From: header to warning emails. Debian Bug#244828. Matthias Andree. * Fix IMAP code to use password of arbitrary length from configuration file (although not when read interactively). Debian Bug#276424. Matthias Andree * Document that fetchmail may automatically enable UIDL option. Debian Bug#304701. Matthias Andree. * Put *BOLD* text into the manual page near --mda to state unmistakably that the --mda %T and %F substitutions add single quotes, hoping to avoid bogus bug reports such as Debian Bug #224564. Matthias Andree * Rename lock_release to fm_lock_release, to avoid namespace collision on Darwin. NetBSD PR#28543 (pkg/28543). Matthias Andree. * The RFC-822 parser no longer strips the last character of bare addresses. Matthias Andree * The IP address matching code was broken and 1. didn't search exhaustively, but matched only the first IP address of the server's queryname against the IP addresses of the server name to match. 2. didn't match IP aliases versus MX hosts. Matthias Andree * The "port" option, while still understood, is being replaced by the "service" option, which is now supported even without --enable-inet6. Matthias Andree. * The default distribution format is now bzip2. Matthias Andree. * fetchmailconf redirects fetchmail's input from /dev/null so it doesn't wait for the user to enter a password when the user doesn't even see the prompt. Reported by Michal Marek. Matthias Andree. * Write RFC-compliant BSMTP envelopes. Reported by Nico Golde. Matthias Andree. * Fix --with-gssapi compilation problem. Simon Josefsson. (MA) * Foster protocol-independence to support IPv6 better, for instance, providing IPv6 addresses in Received: headers. Matthias Andree. * Received: headers now enclose the for <...> destination address in angle brackets for consistency with Postfix. Matthias Andree. * Operating systems that do not support at least one of gethostbyname, gethostbyname_r, getipnodebyname are no longer supported. Matthias Andree. * Fixes to --with-hesiod option. Sunil Shetye. (MA) * Delete oversized messages with the new --limitflush option. Debian Bug#212240. Sunil Shetye. (MA) * Fix MacOS X compilation failures in sink.c (ru_*time has incomplete type). Berlios Bug #4725. Matthias Andree. * Fix "auth ntlm" to send AUTH NTLM (rather than AUTH MSN). Add "auth msn" officially. Reported by Yves Boisjoly. Matthias Andree * Expunge between IMAP folders when polling multiple folders. Sunil Shetye. (MA) * Fix IMAP expunged message counting. Sunil Shetye. (MA) * Add full support for --service option. Matthias Andree * When getaddrinfo() fails resolving a service, log getaddrinfo() error. (MA) * Fix bogus "cannot resolve service * to port number" error. Simon Barner. (MA) * Failure to set up SSL connections now results in PS_SOCKET. Suggested by Thomas Wolff. Matthias Andree. * Kerberos IV detection fix for FreeBSD 4. Simon Barner. (MA) * Fix display and documentation of --envelope option. Matthias Andree * Make "envelope 'Delivered-To'" work with dropdelivered. Timothy Lee. (MA) * Add -DBIND_8_COMPAT to Darwin (MacOS X) compiles, to fix build problems on newer Darwin versions. Matthias Andree. * fetchmail should now automatically detect if OpenSSL requires -ldl. Matthias Andree. * Fix Solaris build with --disable-nls (blastwave.org). Matthias Andree. * Missed --port/--service/--ssl cleanups in the manual. Reminder from Thomas Wolff. (MA) * Complain in POP3 if NTLM/MSN auth is requested but had not been enabled at compile time. This configuration mismatch now causes an error message and authentication failure. Found by Yves Boisjoly. Matthias Andree * fetchmailconf now allows expert users to choose the authorization type and also offers MSN and NTLM, suggested by Y
From: Peter 'Rattacresh' Backes <rtc@helen.PLASMA.Xg8.DE>
Subject: Sendmail-8.11.0+hybrid

Hello,

This is the hybrid patch against sendmail-8.11.0.  To make the binary
RPMs, type:

cd /usr/src
tar xzvf /path/to/sendmail+hybrid.tgz
cd redhat/SOURCES
wget ftp://your.favourite.mirror/path/to/sendmail.8.11.0.tar.gz
cd ../SPECS
rpm -bb sendmail.spec

This patch includes MySQL support so you need the libraries to 
compile.  If you don't have them you need to change two lines in 
sendmail.spec before running rpm:

  Change
Patch8: sendmail-8.11.0-mysqlmap.patch
  to
#Patch8: sendmail-8.11.0-mysqlmap.patch
  and 
%patch8 -p1 -b .mysqlmap
  to
#%patch8 -p1 -b .mysqlmap

----------------------------------------------------------------
begin 644 sendmail+hybrid.tgz
M'XL(`$&=TCD``^Q<2W,;5W9NVR,[Z'%2D\K#=L6+:Q()`1MLXD&`,J*A"0(M
M$1%(8/"0K,@JJH%N$#UL=,/]($3/3%:I2K+/(E5)JF:732K99)-=%EDF55G,
M#YA]*KLLLL@BW[FW&VB0!"6-1/H1=GF&W?=QSKGGG'M>]T*NH8\T?T.ZRB>;
MW<QN%8OXRY^S?\7[5K:XE=\JY0MY*9O+EK8V)5:\4JK")_!\S65,<AW'OVR<
M=^I=!SG7_;A"_KN]>J-V55KP8O+/E3:+N>(FEW^N6,C>R/\ZGE#^[=9^Y\J,
MP`O*?[-8+.7RI2S)'ZIP(__K>.+R-PNW2U>A!"^S_XNY3<@_G]N\L?_7\L3E
M;SN:.QB]?@UX0?D7"WGL_WR!Y`]MN)'_=3P+^[_T=>[_>/R7S]W8_^MY0OEW
MFKUV5;VB$.`E['\I7^3RS^:*-_*_CN>,_#7+U#SC-:\4^5RV!(>^1/ZY0@%]
MI=)6,8?_2CF)6DJ0?_;UDG'Q\_]<_JOR:F(GM9H.!9^XK>19:M=PCPW+.$VS
MPD9QX]--&:,8JX@AS+29/S(]-C0M@TU-RV('S2[K&\QX-M%LW=#%"(.-#$TW
M7#9TG3'-W]=,*\/Z@<\>UAL-FG!B>F8?0)P3#+,-?^JXQQYSQ!2VT3?MC3$F
M*80_L3U[$ET`G[C.D:N-V8IM3$/B5]@8TB3`;F`S;>@;+I]']*D,\^9DXV\P
MT34?Q`Z!3[-/V6"DV4=8GN\L(O-&SA3+<9W@:(1.YAFV'E&%9>UJGCE@T`[?
M&+.0$+:^3@SP#+;?ZW#63%Q\V;XB[U?J#;6]7JNH^\V#<F+B>/Y8\XC2^6LY
M0<I(P.\9MN%J%L,N-5UCX)N.[7&")YX1Z`[3!@,GL'U/D<&K<D+,TS5C[,R^
MCK2QX44?IGWDSK]LI^_HI]&76$+TY3N.&[T'P6`2O8.HAX9EK1_;SM2.UJO(
M8\W6CF:4Z\%X8LRF.WC7?">V+-_5)DPW!HYN$$<'FC\8@:^#P#7]4Z;YOC8X
M]F0Q((:X9;B>8[/I"$(8.8&ELR/#9]2[YC$2B;Q*'Y@Q1B`KRU_WWOHV/&?L
M_V!D#(X56,37B>-2^Y\KBO=%^U_*YF[L_W4\;;52VU<5+O>KPL$8@_@9_<T7
MLO07@N9_Z4&JCP^,R.9+6:0`>1J>0TC`KHJ>FV?^=&<N<>#8OF;"OWC&"7<Z
M*WN5ZOT5X6\BI\=N*[?)9+O&C^&.F+%.C9[,_;4WT<9CF&AX4YW&P.>=P.?Q
M4$#K!_"&SI"=.H$+6ST8F39:,588;M>PM%-%EBLV11$6O`GY.G@&F[SG$$Y.
MAU\HRW=Z[4:9C7Q_4M[8F$ZGBFF#O#%&'RN!;:X?FX:EZ,;&[V^I`VW#(-BA
M31OY8XMMRS+%#K0PH':-LLP[#[D_'V\F4D2EAE!DBH`$7/!`1#HV)H]!L<_"
M_-,=3'P.07?L-9\1'!YM4&0Q=ESCHW1L8.%YN&C0YB+P8NR3,VOQDY-"$M"=
ML1>]DS3H'9@.S4GT9E-$$'WPR;Y#GS+)#4PAXG62S="Q+&?JE>6<EF;S53.B
MW&.0$N(\4AVA(F/RX@@PTF69^)N*"$C//XFVM+SK^`BDM&.LWF;.A`0-;=/<
MHV!,ZI(B?>$:"1T"IK3"9:8;0RVP?-[#5\!)M4R/8KB^`4*A/AS3G-*T+.?Z
M<=+S(>V(_+0^C]0NHCPVGB`,XA`*(00HV]`$Y@@2`F&L*BZ0YX`N`'1^QE<N
M\'",D%9Z_L&7&_L.999>6"^'0##[<9@LY2!,"K4KP]4R/OR5,:;%AAJ:+@)O
MQS8H#CME(^V$5'NB(4`W$-"2)"$_VO(D7().MB`F:+DOU`XRS`_B"RB^,HG%
M*Z!1+J3CLLXL")ZPD4(@F0$ZZY29W.S-,5*TF_(,LHK(?!A,6IJ2'IA6I02!
MN5!G'Q1!\>-+(=AIV7'/-9(FR1T'])*AB=M/;%W:NW)=$##5R!H[,2T8\Y0,
MB01?)M_N4-8R:P6^_)Q=?'ZKP1IPZZZ,!YQE"H%AFJXCY:`M`VY.YZG#S%ND
MA!.9#\S(P$">*!TEDMH$V=[$-9&OA0;G<6@.GI1GAB[Q>,/P!SQAW.B(MB>)
MR"02N+,#:J(9@\A*7,ZD_.5<6K`8C[E/'9%SLSSG0B.7X:`BDX;11R9<96C&
MGEP7*V>V*\;-'P?V<>*QWD?Z/6,6M1&7^"[BWA8DBZ&*@,_^J'=P/Y+$3H@^
MZNNT*OO[:ENNN@9AY2N/,*>0.&(['L-33V8T#D8.XHT0%79;JU-FCR`:B@8T
M),$G$1@*,%Q`J;>8Y3C'P42$'B-#/D%FJE,RR243;>2[[>9^Q!S6/Y7%?D\]
M/:RW#AO-YOU>ZW`MDTOKMC7OJAUT'E0:]=JL!Y,GE(J?&!9%+"VB+NYAB(2X
MOPBW_4H?2:V.K'J%M`N)NS%!SDV[=BY6\B$.!,VG0\6(Z+'"N#Z%H5"T?IT/
M+L_IK%2K:JM[V&GNJX=K:;D6N4N8DP6.0W*,Q+ONQ"0<DJ/:OFN2?:0R"J?;
M#T5>IF!A)ME$\WZH6/3&7:3,B:2`AYUH4"]L(C!]80--1X8K(+;W.I%(('>9
MBC$4<E!Q!:PUAZ>T:0S7!>V\1I":CDS83(SC]I0/%KHB^\8S/\UY/IM"3<KE
MV[GPHMNY\)W9SNO:#FW2\]LZ%;HG'H[:B,W@"V>@PNW.2V2BB^C/\"W+O`#R
MQ%0YDAI1))@S0_=1^E*[L:*2R-:K)&7QVH7T5I:9DF7#?V73HC[3QA.+\H#3
MON&"EV-'&2"762ENY5C'<5WX=O(5F*!GF.V$&8\H4'*9PMD.#&5%'B&R.-WQ
MIH;A8PO-@>Q1>X;&KKED!\*59=@1=&F*.'[E&V[@\I<%$!1@7;27:E`(R`A;
MGBL-*0DF1W.%)(AN,D^6,\!>"G-"(IN6:P=C"(1%<1]I(-;#H[)8^*>P`\@_
M0[7$,^@$K6+'$E6,ATH4Q47I[0PA5`,L,[G:^K02J`@'(:PB94*"Q-3`TL#7
M*0*SFC%!1DPFV@GWMF=8HD";81-L;F[99_$C19[^R#6BU-.T0<B"2<@(&V9!
M([P9CX".1ZS*R\;`%<NZ^@PKRCC(EIVU15#/(#HJ"&.V<IB&)N)Q6(,86V_!
M#,W6<Z[[@%K#$>$*XV/:U-1U>!CWZ:=;Z]G">JY4CJ<Y?%_!M`JK%18B!#&<
MZ_.D6*[[4!2^I;T8A`(YK]`#>3Z=>&@G0*W1V87)9>R28Y4U.I5`XUAD@SR/
M,*91^D5Y`Y*;>$Z_Q&%RJC/0(0X"]MYW`U'\ET7*`%;##PI_ZC@@>Z["&6;Z
MPENQIU'(L5:F1KX//+$12'-I<\AD*G528L)DV-CSSL00YBVR(RGAS2!+.KS@
M-J:<YJSBF3!5<"8LQ:&G2:-HN##%PED)S8Y\F"PX22E8(/:9RTM`V$`N'0-Q
MRL-RT(+C8)Y)IGHA$`G]0H(CET,7%36&K958CD?FYEQZ&(569V(02%,WAT/P
M&**A)?JGX$QHKX2Q&&EVW/.798YQYF\KC4;SH5J+QUG4_^3J7&Z$D;QNX5*[
M+=+6YP=!8=IY94$0S9F9^Z61D/SZLY>:\KGR2/EC()>K]$HON\KG]*="_Y<:
M!E8\]&+"^%<S;#=#PJG0@26,[Z\<>A0NRSE%8O_"`KK*,/6J)/3-"4@C51#1
M)<\?5D*E6&@B]5AHJ"Q^7KG*1#D6]7D4"LVF:V$*108NGN:`WP@A9MYH%N=`
MBG.9`G+5L0=60%ZJ+,O[<5ZRP-8QQB<C/AV!8]1&1\_XIE??X+$-]XS!<"CW
MC:$3S:1TDP(8QAVC+GQ8%'A])->9*)8?!3#0MF\8T5F\3R73CZ+=(1)H^Q0D
M'1T!&_E!\-89DT[CS;!AAP>&^)+A(H@AE@&C;3#24EJ>I04>JW@>N&PG[@RT
MG8O/#;;E!H5<XFI`F8EXXO9Z;DO^KN9_(X0(&PN'(*__C.GR\S^VF=_,B_._
MS5)I:[.`IJW-7.'F_.\Z'AV:ZOJI]5R:7_*I.I-3USP