commit a454fad660298645324a7516e039c5d29327b61621df1a2ac019a31f4408c18f
Author: Adrian Schröter <adrian@suse.de>
Date:   Wed Dec 18 16:12:45 2024 +0100

    Sync from SUSE:SLFO:Main dnsdist revision a4f9580be918935cf026521b875200d6

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..9b03811
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
diff --git a/_constraints b/_constraints
new file mode 100644
index 0000000..11f2c7b
--- /dev/null
+++ b/_constraints
@@ -0,0 +1,7 @@
+<constraints>
+ <hardware>
+  <memory>
+    <size unit="M">8000</size>
+  </memory>
+ </hardware>
+</constraints>
diff --git a/dnsdist-1.9.7.tar.bz2 b/dnsdist-1.9.7.tar.bz2
new file mode 100644
index 0000000..1b3f390
--- /dev/null
+++ b/dnsdist-1.9.7.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:285111c2b7dff6bc8a2407106a51c365cc5bf5e6287fe459a29b396c74620332
+size 1594532
diff --git a/dnsdist-1.9.7.tar.bz2.sig b/dnsdist-1.9.7.tar.bz2.sig
new file mode 100644
index 0000000..4ce59d0
Binary files /dev/null and b/dnsdist-1.9.7.tar.bz2.sig differ
diff --git a/dnsdist.changes b/dnsdist.changes
new file mode 100644
index 0000000..4550d90
--- /dev/null
+++ b/dnsdist.changes
@@ -0,0 +1,611 @@
+-------------------------------------------------------------------
+Tue Nov  5 01:50:12 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.9.7:
+  https://dnsdist.org/changelog.html#change-1.9.7
+- drop powerdns-5_1_1-2_fix-build-with-boost-1_86_0.patch included
+  in update
+
+-------------------------------------------------------------------
+Sun Sep 29 19:53:59 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.9.6:
+  https://dnsdist.org/changelog.html#change-1.9.6
+  https://dnsdist.org/changelog.html#change-1.9.5
+- add powerdns-5_1_1-2_fix-build-with-boost-1_86_0.patch from Arch
+  linux to fix build with Boost 1.86
+- track series file for easier patching
+
+-------------------------------------------------------------------
+Mon May 13 15:36:16 UTC 2024 - Adam Majer <adam.majer@suse.de>
+
+- update to 1.9.4: (bsc#1224001, CVE-2024-25581)
+  * Fix “C++ One Definition Rule” warnings in XSK
+  * Fix DNS over plain HTTP broken by reloadAllCertificates()
+  * Fix a crash in incoming DoH with nghttp2
+  * Fix handling of XFR requests over DoH
+
+- changes since 1.9.0:
+  * Support “no server available” result from Lua FFI load-balancing policies
+  * Release incoming TCP connection right away on backend failure
+  * Use server preference algorithm for ALPN selection
+  * Fix a null-deref in incoming DNS over HTTPS with the nghttp2 provider
+  * Fix DNS over HTTP connections/queries counters with the nghttp2 provider
+  * Fix first IPv6 console connection being rejected
+  * Fix XSK-enabled check when reconnecting a backend
+  * Properly handle a failure of the first lazy health-check
+  * Also handle EHOSTUNREACH as a case for reconnecting the socket
+
+-------------------------------------------------------------------
+Fri Feb 16 15:04:56 UTC 2024 - Adam Majer <adam.majer@suse.de>
+
+- update to 1.9.0:
+  * Fall back to libcrypto for authenticated encryption
+  * Optimize the DoQ packet handling path
+  * DNSName: Correct len and offset types
+  * DNSName: Optimize parsing of uncompressed labels
+  * enable DNS-over-HTTPS via nghttp2 library usage
+  
+  For details, see
+  https://dnsdist.org/changelog.html#change-1.9.0
+
+-------------------------------------------------------------------
+Fri Feb  9 13:37:26 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Revert "provide user(dnsdist) and group(dnsdist)": the package
+  already uses sysusers-tools to create the user.
+- Actually install dnsdist.user as %{_sysusersdir}/dnsdist.conf.
+
+-------------------------------------------------------------------
+Fri Feb  9 12:41:00 UTC 2024 - Adam Majer <adam.majer@suse.de> - 1.8.3
+
+- update to 1.8.3
+  https://dnsdist.org/changelog.html#change-1.8.3
+  https://dnsdist.org/changelog.html#change-1.8.2
+
+-------------------------------------------------------------------
+Mon Feb  5 10:06:37 UTC 2024 - Marcus Meissner <meissner@suse.com>
+
+- provide user(dnsdist) and group(dnsdist)
+
+-------------------------------------------------------------------
+Mon Oct 30 16:44:24 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- BuildRequire pkgconfig(systemd): configure checks for the
+  presence of systemctl, which is being pulled in like this.
+
+-------------------------------------------------------------------
+Fri Sep  8 12:11:34 UTC 2023 - Adam Majer <adam.majer@suse.de> - 1.8.1
+
+- update to 1.8.1
+  bug fix release. For details, see
+  https://dnsdist.org/changelog.html#change-1.8.1
+
+-------------------------------------------------------------------
+Thu Mar 30 13:37:37 UTC 2023 - Adam Majer <adam.majer@suse.de> - 1.8.0
+
+- update to 1.8.0
+  https://dnsdist.org/changelog.html#change-1.8.0
+- Implements dnsdist in SLE15 (jsc#PED-3402)
+
+-------------------------------------------------------------------
+Wed Mar 22 13:40:08 UTC 2023 - Adam Majer <adam.majer@suse.de> - 1.8.0~rc3
+
+- update to 1.8.0~rc3
+  https://dnsdist.org/changelog.html#change-1.8.0-rc3
+- dnsdist.lua sample config -- comment google's DNS servers. Valid
+  downstream DNS resolver configuration should be chosen by the admin
+
+-------------------------------------------------------------------
+Thu Mar  9 11:33:45 UTC 2023 - Adam Majer <adam.majer@suse.de> - 1.8.0~rc2
+
+- update to 1.8.0~rc2
+  https://dnsdist.org/changelog.html#change-1.8.0-rc2
+- no_doh_protobuf.patch, f44a8a8f19aff191fb1dc0631e37ec30ff087c25.patch
+  upstreamed and removed
+
+-------------------------------------------------------------------
+Mon Feb 27 09:20:22 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- update to 1.8.0~rc1
+  https://dnsdist.org/changelog.html#change-1.8.0-rc1
+- no_doh_protobuf.patch: fix compilation when no DoH enabled
+- f44a8a8f19aff191fb1dc0631e37ec30ff087c25.patch: fixes compiler
+  feature detection
+
+-------------------------------------------------------------------
+Fri Feb 24 16:26:04 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Refresh keyring: redownload
+  https://dnsdist.org/_static/dnsdist-keyblock.asc as
+  dnsdist.keyring.
+
+-------------------------------------------------------------------
+Mon Feb 20 13:22:22 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- Use sysusers* macros to generate and install daemon user
+
+-------------------------------------------------------------------
+Fri Feb 10 12:02:43 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- Remove some build dependencies, like GNUTLS
+- Remove DoH since it requires another http server that is not
+  even in Factory. It's enabled by project config
+- Build on 32bit arches by using 64bit time_t there
+
+-------------------------------------------------------------------
+Wed Nov  2 15:13:30 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.7.3
+  https://dnsdist.org/changelog.html#change-1.7.3
+  https://blog.powerdns.com/2022/11/02/dnsdist-1-7-3-released/
+
+-------------------------------------------------------------------
+Fri Jun 17 11:46:44 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.7.2
+  https://dnsdist.org/changelog.html#change-1.7.2
+  https://blog.powerdns.com/2022/06/14/dnsdist-1-7-2-released/
+
+-------------------------------------------------------------------
+Mon Apr 25 11:21:05 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.7.1
+  https://dnsdist.org/changelog.html#change-1.7.1
+  https://blog.powerdns.com/2022/04/25/dnsdist-1-7-1-released/
+
+-------------------------------------------------------------------
+Mon Jan 17 16:52:52 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
+
+- make re2 conditional again to fix build on sle15
+
+-------------------------------------------------------------------
+Mon Jan 17 16:20:42 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
+
+- exclude all 32bit architectures as dnsdist wants to run on
+  systems where time_t is larger than 4 bytes
+
+-------------------------------------------------------------------
+Mon Jan 17 16:17:28 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
+
+- cleanup all conditionals for pre 15.x distros 
+
+-------------------------------------------------------------------
+Mon Jan 17 15:58:38 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.7.0
+  https://dnsdist.org/changelog.html#change-1.7.0
+  https://blog.powerdns.com/2022/01/17/dnsdist-1-7-0-released/
+
+-------------------------------------------------------------------
+Wed Sep 15 09:45:15 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.6.1
+  https://dnsdist.org/changelog.html#change-1.6.0
+  https://dnsdist.org/changelog.html#change-1.6.1
+- drop dnsdist_bindir.patch
+  we didn't install and load the env file anyway
+
+-------------------------------------------------------------------
+Thu Oct  1 11:04:28 UTC 2020 - Adam Majer <adam.majer@suse.de>
+
+- update to 1.5.1
+  https://dnsdist.org/changelog.html#change-1.5.1
+
+-------------------------------------------------------------------
+Thu Jul 30 12:53:28 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- refresh patch dnsdist_bindir.patch:
+  user is now handled via service directly
+
+-------------------------------------------------------------------
+Thu Jul 30 12:50:17 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.5.0
+  https://dnsdist.org/changelog.html#change-1.5.0
+  https://blog.powerdns.com/2020/07/30/dnsdist-1-5-0-released/
+
+-------------------------------------------------------------------
+Sun Apr  5 22:05:54 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- enable luajit on 15.1 and up 
+
+-------------------------------------------------------------------
+Sun Apr  5 21:31:27 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- add instantiated services to the systemd macros 
+
+-------------------------------------------------------------------
+Sun Apr  5 21:29:00 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- enable DNS over HTTP support on 15.1 and up
+
+-------------------------------------------------------------------
+Sun Apr  5 20:48:30 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- fix cmdline option for re2 
+
+-------------------------------------------------------------------
+Sun Apr  5 20:45:34 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- enable lmdb support on Tumbleweed 
+
+-------------------------------------------------------------------
+Thu Nov 21 09:20:44 UTC 2019 - Adam Majer <adam.majer@suse.de>
+
+- update to 1.4.0
+  https://dnsdist.org/changelog.html#change-1.4.0
+
+-------------------------------------------------------------------
+Fri Nov  1 06:37:06 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
+
+- add BuildRequires for doh build conditional
+- make sure we build with epf and dnstap
+- enable libcap support (new BR: libcap-devel)
+- for luajit support if we build with luajit build conditional
+- prepare lmdb support: fails atm as we do not ship the pkgconfig
+  files
+
+-------------------------------------------------------------------
+Wed Oct 30 16:03:23 UTC 2019 - Adam Majer <adam.majer@suse.de>
+
+- update to 1.4.0~rc5
+  https://dnsdist.org/changelog.html#change-1.4.0-rc5
+
+-------------------------------------------------------------------
+Fri Oct 25 12:50:24 UTC 2019 - Adam Majer <adam.majer@suse.de>
+
+- update to 1.4.0~rc4
+  https://dnsdist.org/changelog.html#change-1.4.0-rc4
+
+-------------------------------------------------------------------
+Fri Oct  4 15:56:51 UTC 2019 - Adam Majer <amajer@suse.com>
+
+- update to 1.4.0~rc3
+  https://dnsdist.org/changelog.html#change-1.4.0-rc3
+
+- break up long long in specfile configure to make them more
+  readable to regular humans
+
+-------------------------------------------------------------------
+Wed Aug 14 08:28:55 UTC 2019 - Adam Majer <adam.majer@suse.de>
+
+- update to 1.4.0~rc1
+  https://dnsdist.org/changelog.html#change-1.4.0-rc1
+
+- dont_return_garbage.patch: dropped, no longer needed
+- dnsdist_bindir.patch: refreshed
+
+-------------------------------------------------------------------
+Thu Nov  8 14:26:28 UTC 2018 - adam.majer@suse.de
+
+- update to 1.3.3
+   https://blog.powerdns.com/2018/11/08/dnsdist-1-3-3-released/
+
+  - Security fix: fixes a possible record smugging with a crafted
+    DNS query with trailing data (CVE-2018-14663, bsc#1114511)
+
+  - New Features
+    - Add consistent hash builtin policy
+    - Add EDNSOptionRule
+    - Add DSTPortRule
+    - Make getOutstanding usable from both lua and console
+    - Added :excludeRange and :includeRange methods to
+      DynBPFFilter class
+    - Add Prometheus stats support
+    - Name threads in the programs
+    - Support the NXDomain action with dynamic blocks
+    - Add security polling
+    - Add a PoolAvailableRule to easily add backup pools
+
+  - Improvements
+    - Get rid of some allocs/copies in DNS parsing
+    - Set a correct EDNS OPT RR for self-generated answers
+    - Fix a sign-comparison warning in isEDNSOptionInOPT()
+    - Add warning rates to DynBlockRulesGroup rules
+    - Add support for exporting a server id in protobuf
+    - dnsdist did not set TCP_NODELAY, causing needless latency
+    - Add a setting to control the number of stored sessions
+    - Wrap GnuTLS and OpenSSL pointers in smart pointers
+    - Add a ‘creationOrder’ field to rules
+    - Fix return-type detection with boost 1.69’s tribool
+    - Fix format string issue on 32bits ARM
+    - Wrap TCP connection objects in smart pointers
+    - Add the setConsoleOutputMaxMsgSize function
+    - Add the ability to update webserver credentials
+
+  - Bug Fixes
+    - Display dynblocks’ default action, None, as the global one
+    - Fix compilation when SO_REUSEPORT is not defined
+    - Release memory on DNS over TLS handshake failure
+    - Handle trailing data correctly when adding OPT or ECS info
+
+- dont_return_garbage.patch: return a value from function that
+  wants a return.
+
+-------------------------------------------------------------------
+Tue Jul 10 16:38:19 UTC 2018 - mrueckert@suse.de
+
+- Comment out the control socket statement and add a commented out
+  line for setKey as it is in the upstream configuration. The old
+  default configuration did not work anymore anyway and this makes
+  it clearer that you need both lines.
+
+-------------------------------------------------------------------
+Tue Jul 10 14:26:03 UTC 2018 - mrueckert@suse.de
+
+- update to 1.3.2
+  https://blog.powerdns.com/2018/07/10/dnsdist-1-3-2-released/
+
+   Breaking changes
+  ==================
+
+  After discussing with several users, we noticed that quite a lot
+  of them were not aware that enabling the dnsdist’s console
+  without a key, even restricted to the local host, could be a
+  security issue and allow privilege escalation by allowing an
+  unprivileged user to connect to the console and execute Lua code
+  as the dnsdist user. We therefore decided to refuse any
+  connection to the console until a key has been set, so please
+  check that you do set a key before upgrading if you use the
+  console.
+
+   New features
+  ==================
+
+  The DNS over TLS feature introduced in 1.3.0 was missing the
+  ability to support both an RSA and an ECDSA certificate at the
+  same time, and it was not possible to switch to a new certificate
+  without restarting dnsdist. This has now been fixed.
+
+  The packet cache has also been improved in this release, with the
+  addition of a negative TTL option to be able to specify how long
+  NODATA and NXDOMAIN answers should be cache, as well as a way to
+  dump the content of the cache. We also made the detection of ECS
+  collisions more robust, preventing two queries for the same name,
+  type and class but a different ECS subnet from colliding even if
+  they did hash to the same value.
+
+  This version gained the ability to insert dynamic rules that do
+  nothing, and do not stop the processing of subsequent rules,
+  which is very useful for testing purposes. The optimized
+  DynblockRulesGroup introduced in 1.3.0 also gained the ability to
+  whitelist and blacklist ranges from dynamic rules, for example to
+  prevent some clients from ever being blocked by a rate-limiting
+  rule.
+
+  Finally, we introduced the new SetECSAction directive to be able
+  to force the ECS value sent to a downstream server for some or
+  all queries.
+
+   Bug fixes
+  ===========
+
+  In addition to various documentation and cosmetics fixes, a few
+  annoying bugs have been fixed in this release:
+
+  - If the first connection attempt to a given backend failed,
+    dnsdist didn’t properly reconnect even when the backend became
+    available ;
+  - Dynamic blocks were sometimes created with the wrong duration ;
+  - The ability to iterate over the results of the Lua exceed*()
+    functions was broken in 1.3.0, preventing manual whitelisting
+    from Lua ;
+  - Some statistics were displayed with too many decimals in the
+    web interface ;
+  - A backend outstanding queries counter could become wrong if it
+    dropped a lot of queries for a while.
+
+-------------------------------------------------------------------
+Sun Apr  1 23:56:33 UTC 2018 - mrueckert@suse.de
+
+- enable dns over tls support: new BR for gnutls
+- enable dnstap support: new BR for libfstrm
+
+-------------------------------------------------------------------
+Sun Apr  1 23:40:36 UTC 2018 - mrueckert@suse.de
+
+- update to 1.3.0
+  https://blog.powerdns.com/2018/03/30/dnsdist-1-3-0-released/
+  - New Features
+    - Add an optional status parameter to Server:setAuto().
+      References: pull request 5625
+    - Add inClientStartup() function. References: pull request 6072
+    - Add tag-based routing of queries. References: pull request
+      6037
+    - Add experimental DNS-over-TLS support.  References: pull
+      request 6176, pull request 6177, pull request 6117, pull
+      request 6175, pull request 6189
+    - Add simple dnstap support (Justin Valentini, Chris
+      Hofstaedtler). References: pull request 5201, pull request
+      6170
+    - Add experimental XPF support based on
+      draft-bellis-dnsop-xpf-04. References: #5654, #5079, pull
+      request 6220, pull request 5594
+    - Add ERCodeRule() to match on extended RCodes (Chris
+      Hofstaedtler). References: pull request 6147
+    - Add TempFailureCacheTTLAction() (Chris Hofstaedtler).
+      References: pull request 6003
+    - Add DynBlockRulesGroup to improve processing speed of the
+      maintenance() function by reducing memory usage and not
+      walking the ringbuffers multiple times. References: pull
+      request 6391
+    - Add console ACL functions.  References: #4654, pull request
+      6399
+    - Allow adding EDNS Client Subnet information to a query before
+      looking in the cache. This allows serving ECS enabled answers
+      from the cache when all servers in a pool are down.
+      References: #6098, pull request 6400
+  - Improvements
+    - Add cache sharding, recvmmsg and CPU pinning support. With
+      these, the scalability of dnsdist is drastically improved.
+      References: #5202, #5859, pull request 5576, pull request
+      5860
+    - Add burst option to MaxQPSIPRule() (42wim).  References: pull
+      request 5970
+    - Add Pools, cacheHitResponseRules to the API.  References:
+      pull request 6022
+    - Add a class option to health checks.  References: #5748, pull
+      request 5929
+    - Add UUIDs to rules, this allows tracking rules through
+      modifications and moving them around.  References: pull
+      request 6030
+    - Apply ResponseRules to locally generated answers (Chris
+      Hofstaedtler).  References: #6182, pull request 6185
+    - Report LuaAction() and LuaResponseAction() failures in the
+      log and send SERVFAIL instead of not answering the query
+      (Chris Hofstaedtler).  References: pull request 6283
+    - Unify global statistics accounting (Chris Hofstaedtler).
+      References: pull request 6289
+    - Speed up the processing of large ring buffers. This change
+      will make dnsdist more scalable with a large number of
+      different clients.  References: pull request 6366, pull
+      request 6350
+    - Make custom addLuaAction() and addLuaResponseAction()
+      callback’s second return value optional.  References: #6346,
+      pull request 6363
+    - Add “server-up” metric count to Carbon Reporting (Lowell
+      Mower).  References: pull request 6327
+    - Add xchacha20 support for DNSCrypt.  References: pull request
+      6045, pull request 6382
+    - Scalability improvement: Add an option to use several source
+      ports towards a backend.  References: pull request 6317
+    - Add ‘?’ and ‘help’ for providing help() output on dnsdist -c
+      (Kirill Ponomarev, Chris Hofstaedtler).  References: #4845,
+      pull request 5866, pull request 6375
+    - Replace the Lua mutex with a rw lock to limit contention.
+      This improves the processing speed and parallelism of the
+      policies.  References: pull request 6190, pull request 6381
+    - Ensure dnsdist compiles on NetBSD (Tom Ivar Helbekkmo).
+      References: pull request 6146
+    - Also log eBPF dynamic blocks, as regular dynamic block
+      already are.  References: #5845, pull request 5845
+    - Ensure large numbers are shown correctly in the API.
+      References: #6211, pull request 6401
+    - Add option to showRules() to truncate the output length.
+      References: #5763, pull request 6402
+    - Fix several warnings reported by clang’s analyzer and
+      cppcheck, should lead to small performance increases.
+      References: pull request 6407
+  - Bug Fixes
+    - Handle SNMP alarms so we can reconnect to the master.
+      References: #5327, pull request 5328
+    - Fix signed/unsigned comparison warnings on ARM.  References:
+      #5489, pull request 5597
+    - Keep trying if the first connection to the remote logger
+      failed References: pull request 5770
+    - Fix escaping unusual DNS label octets in DNSName is off by
+      one (Kees Monshouwer). References: pull request 6018
+    - Avoid assertion errors in NewServer() (Chris Hofstaedtler).
+      References: pull request 6403
+  - Removals
+    - Remove the --daemon option from dnsdist. References: #6329,
+      pull request 6394
+
+-------------------------------------------------------------------
+Fri Feb 16 10:30:23 UTC 2018 - adam.majer@suse.de
+
+- fix user creation code
+- update to 1.2.1
+  * Make dnsdist dynamic truncate do right thing on TCP/IP.
+  * Add missing QPSAction.
+  * Don't create a Remote Logger in client mode.
+  * Keep the TCP connection open on cache hit, generated answers.
+  * Add the missing <sys/time.h> include to mplexer.hh for struct timeval.
+  * Sort the servers based on their 'order' after it has been set.
+  * Fix the outstanding counter when an exception is raised.
+  * Do not connect the snmpAgent from a dnsdist client.
+
+-------------------------------------------------------------------
+Mon Aug 21 16:29:41 UTC 2017 - mrueckert@suse.de
+
+- enable snmp support (new BR: net-snmp-devel)
+
+-------------------------------------------------------------------
+Mon Aug 21 16:15:43 UTC 2017 - mrueckert@suse.de
+
+- update to 1.2.0 (boo#1054799, boo#1054802)
+  This release also addresses two security issues of low severity,
+  CVE-2016-7069 and CVE-2017-7557. The first issue can lead to a
+  denial of service on 32-bit if a backend sends crafted answers,
+  and the second to an alteration of dnsdist’s ACL if the API is
+  enabled, writable and an authenticated user is tricked into
+  visiting a crafted website. More information can be found in our
+  security advisories 2017-01 and 2017-02.
+
+  - applying rules on cache hits
+  - addition of runtime changeable rules that matches IP address for a
+  - certain time: TimedIPSetRule
+  - SNMP support, exporting statistics and sending traps
+  - preventing the packet cache from ageing responses when deployed in
+  - front of authoritative servers
+  - TTL alteration capabilities
+  - consistent hash results over multiple deployments
+  - exporting CNAME records over protobuf
+  - tuning the size of the ringbuffers used to keep track of recent
+  - queries and responses
+  - various DNSCrypt-related fixes and improvements, including
+  - automatic key rotation
+
+  Users upgrading from a previous version should be aware that:
+
+  - the truncateTC option is now off by default, to follow the
+    principle of least astonishment
+  - the signature of the addLocal() and setLocal() functions has
+    been changed, to make it easier to add new parameters without
+    breaking existing configurations
+  - the packet cache does not cache answers without any TTL
+    anymore, to prevent them from being cached forever
+  - blockfilter has been removed, since it was completely redundant
+
+  This release also deprecates a number of functions, which will be
+  removed in 1.3.0. Those functions had the drawback of making
+  dnsdist’s configuration less consistent by hiding the fact that
+  each rule is composed of a selector and an action. They are still
+  supported in 1.2.0 but a warning is displayed whenever they are
+  used, and a replacement suggested.
+
+  https://dnsdist.org/changelog.html
+
+-------------------------------------------------------------------
+Sun Feb 19 18:39:54 UTC 2017 - mrueckert@suse.de
+
+- fix build on TW:
+  - no longer look for libsystemd-daemon
+- enable re2
+
+-------------------------------------------------------------------
+Fri Dec 30 01:43:23 UTC 2016 - mrueckert@suse.de
+
+- update to 1.1.0
+  dnsdist 1.1.0 has seen a significant amount of development,
+  mostly based on feedback from they many 1.0 deployments. The
+  majority of the new features have already been taken into
+  production by pre-release and beta users.
+
+  Highlights include:
+
+  - TeeAction: send responses to a second nameserver, but ignore
+    responses. Used to test new installations on existing traffic.
+    Also used by the Yeti rootserver project.
+  - Response rules which act on received responses
+  - AXFR/IXFR support, including filtering options
+  - Linux kernel based query type and query name filtering (eBPF),
+    for very high speed packet rejection. Includes counters and
+    statistics
+  - Query counting infrastructure (contributed by TransIP’s Reinier
+    Schoof)
+
+  For the many other new features, improvements and bug fixes,
+  please see the dnsdist website for the more complete changelog
+  and the current documentation.
+
+  http://dnsdist.org/changelog/#dnsdist-110
+  http://dnsdist.org/README/
+- refresh dnsdist_bindir.patch to apply cleanly again
+
+-------------------------------------------------------------------
+Mon Jul 11 15:32:09 UTC 2016 - mrueckert@suse.de
+
+- initial package (1.0.0)
+
diff --git a/dnsdist.keyring b/dnsdist.keyring
new file mode 100644
index 0000000..262f7c4
--- /dev/null
+++ b/dnsdist.keyring
@@ -0,0 +1,381 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: GPGTools - http://gpgtools.org
+
+mQINBE5fJpEBEADl7Epp8pxg5ENBY4KM7U/lrxRg33BPDJcZTxqnCLbNCdEOSO1T
+Ej3jWl1HEh236NlWLvHsXgrsKiB1jX037q62QKrp10trQMsM6QiEUjwmrGJxgxv2
+D/+U2PJPh6/ElFhx1PqGEC1Ih3pTpP1YINzfX6cQ9/e3nc64BcBTQqYA2/YIv4pH
+MYXZrPm398JZbPpT0ot9ggdLulUYSRJQ9dfNJbGpstMMfOkA2IFvfmKc5BT5Y/ZA
+ayF7xPBEGbBMLaZuT8q+x5S39ZyzxzCMSIJD7nYAh7qI0xiosfu8YyjXPN3x1OYX
+kdBKzYEk8ji9xgyNZ/9Hlsq3JhJzuGKuXKuC3GKf8BcNw0JH+/VWmq+3kd30a8dy
+GgCW+YJok+zyo51WWVLeJ//5tZ2/GvRhbIivA6Gp2cxQlwl9Ouj7SkBNRWvjBJUr
+N0NF1FxKo1Yq9OECq2KgLn3l2vURW+LUtdXDbZcn9GcYbGHIE0xdCGQSH/H+Dkgl
+T63rQIgBN2MTQ4lhun/5ABLq7s82BAtakhQ5S+3gD+LykCcvCxgHApV28yJJT3ZZ
++Qt6uNtHf2y6T4eJpiE+bWJpG3ujCwzQxu3x5L76jOgiRaj6HcwzT79LpjZMzhnK
+1sKhDAuJP2VNIYhAXn8UF+z54dmBRK58t8zQVop+BpJAE7QM/DFDp3uLhwARAQAB
+tC1QZXRlciB2YW4gRGlqayA8cGV0ZXIudmFuLmRpamtAbmV0aGVybGFicy5ubD6J
+AjgEEwECACIFAk5fJpECGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJENz1
+E/p+7RnzoQQQAJjEVUbLcBd4blXL6EW3VMqIMFbxBt4CiHRjsSo02+rUMWLOqZBE
+Rfynv0oufhrW3AqTO0OMoqPLWjWFNeOHOdKieBJdcXHDJPO8qRUpbcYh5CXr54X0
+9d5WZU8sGipnd8wxO68J8g+5vux3xscEaZTwWZTwyelWA77OxJm6WlPPxJ+lTyIu
+hVC3KoBUWRwfNrxE/ij/0tkVFoIXvczbAQqB6+nApHZvtoR4Wys4bzmCWuo9PUj0
+r3+eyjsWEB0A4Ya1bwaJOchubi/Gq99wfp71zJC8FcSMWmoGPRnpg6oLpkxC8Yre
+V/16DUgiMnxUPyJAEpb+AH0MMudmp6tnUaWBs/hWnpyWPXqjt6wzs7X31X2oj93A
+NKjnSpglOgUEBKk4GTyOuBo3S+kyXD9WW977kyKVtUQf3U5EHUR08UA/DuEJPGDn
+Ma9lujXM17h//iyixa0RhJXX+ZRKRwEAZqj6H8wNayF045JdwMJ6TIePuymV2lty
+G5E0M5l5SOc4fELNHJyHvjhi1Fb23lqBxNhvdm8+RtwtFz+QtFwihP/cEBMue5lc
+j5Bkvwx3NERJxoPi/Qe82mLZLaMCdlP++jzvSrsVrRWkyw+i08T0+Dp9/V5YoEUk
+hSfNp1w26FtrFVqC4XpVxtjda32Ipw3aygpOqEkCxNsy3+C1buzr/QK9iEYEEBEC
+AAYFAlFruf0ACgkQHF7pkNLnFXVs5QCgta+8ZUOeL4v7TqkwxYndHlflBqsAniga
+MY0FMHCAkKc+MIubun0ww9QHiEYEExECAAYFAlITG0oACgkQ7JEU4tMwuvwvawCg
+n+/TsPo3BDq+mX/EfvKhFQEdCUIAn0KZVZwDN7mZTa49Amy/T5Ai6hIriQIcBBAB
+AgAGBQJSExvtAAoJEHcKmPCS30+Zo9wQAI+4GsOZCtV1jd8M88KIDl5b0Kh0ogK/
+pg6orYu0kyDF9W16p5qEn0sTZP2QP4+DyZWDfPTe1fxHlSac3KXMTqGtLKDq0xP0
+WIoqjhSnMRmvhmODNxnODueSL7Jmg8cvXKvj7FEYaI+mqgChyikX9JSJdTWiMuQM
+OC6adGr2EL77e6e3jAaI31OtCTbam+EAJFwxpYSlBMop+SemBbeokHHRivEyg2hu
+O6o7m4SprxkvZZWmiT7DmdIGhaPt5CHoDbUdUbj8ni2EdSZnYJcCUpPHJqF1FUkw
+sc8NDH6tiAo7cHsjkrDAx5Waetnt9mRkMkG0tUgnULcChcx6NJiG3lhIWNDnj9ML
+zhA7kDaktvtEwCyuQA8iyWWfOgIABofYJk3zbPG63N1XhWyZ/ic3IbmnWWrEaK2x
+YDABvTN6s8nOgex0D+kArhsPE+RMWPzF9F+2YgrbP7R68ek2+/4SdQNifUloMDJJ
+A38nmxkM0SsLNgbIWLaltw3GwT/0LQ7sTtcLLMhl7bkgyYLmmII8MxXPQhvr1oXX
+17t6fwJLiQjokO0CVw20CT6QeFo4P+pgoYkSPn7tFtfkB3sgZhea3Lr545NDpK5V
+j/0WxMOYhqEUmgCRjyzmczklyoXPMFD7rX5LxEENXUnxkGGkKFB6OIMq7zrheBsc
+B0/wcZcO05pFiEYEEBECAAYFAlII5FkACgkQahHbMDrZuj6xHACfWTyc9fNJJybm
+0E8tJmVmQFjuyTwAoJXupHi40ejoB7Wzv9ikitJXXpcAiQIiBBEBAgAMBQJUYG5b
+BYMDwmcAAAoJEAYchHN7TRAcCKQP/1/nQjNDuVPHxe/ukv3v+EMwenhCq0Sq/kCa
+e9MDMU3pdu0ZYdXmdKbWdyJi/sqmdAaRttYcJDxzO7seC3auTdSCZGs5ENFszgEq
+OPIyYFJHuSCnHz9W1+ZIKKCE8O32KllAltSJBN4AgtKLgDVlQzHVbszUJrzJhvxf
+ArTuAeY13zTWq4yRAWX3VhM/z6mHC4jt4csk7mwgGoEthJ6/evUE3zh2uQX8EeQK
+QXFGn8URk52tZLuUq7s1tAeiABwgkCo9vtEcHHIYXyk6tCFY9R9fA2doqRXpFXTi
+ituk5QkT9EJSDSeBrB6NvgXaJLHWoqp//+0pKpOWm0LYP2SHm2MY4FyTv8YB+aQC
+j1FgzeJU17SE4h31isliTB1qieasa4v4BvHqJpmpD5k9P8L9dsMIMVc6KVhkvhc9
+bmEbKVbf77U83O0YAwQxuImIjFvmZMTDZEk0vepm3VL1ZG3FCrERrmcek/NVD755
+YNtVEN9rvG0LFGm2Gbs9+AWtfjmhhVrOHNYrsSfiuykSnzKf20dHBegB7AZMdxv5
+CCJ1uIw4Wv9Km4jaR5NUwOjEccn8fHwoRC4SxWj7FWbl5j48RTM0eZansWMjkE4O
+UKOx5LRexfiyUFQ+4/w5+Z7afTr4v8yhs84bld4eDt9D8S/Ynj3CPItWsO56Kwei
+uzBVkVaLiQIcBBABAgAGBQJVB+GXAAoJEF5QcVvy/+GnMCIQAITJ/73QIgrsUFh6
+fWGfKMOgY8f2JUfwe5g/vSO2BQPScSgTjoKdpy4DCILI3WzSZ2xzxOlS0SMj8hoD
+IwQxSydYuZhIfAmlUmaT0Q5p6Zaef7/+pFRVkas9CA4NE4V3ZCEhQjVvEI8bXabd
+ld452PE2Fahi6m58JEFwFnU84sIIsQJCiFFFFj7OxNGGMK63vZFxgE9dhW1kpMGB
+fxdKLFyglEpll2qGbCp13shFLeZSCg5WJ/pC6R2t0K5tW2XAHz7TRj94dnFTVD8D
+MlydrBrxYh7DMVaeFLDgepxtT5n8yW/RLThHAvg7Qyvie/l5bt8Ukk12ISPv7sY9
+bYdM0wHWj0913RKbK5Ic22LM3RK3My/yXeKMI0u8PTUuCppIiCRhqNjFr23Xsaix
+OYRDSsvo6ca70oCUzyVMJs1nmknFoimw9yRhT4bUN5yS30E9jqhgNb06cXUcCM/r
+PYvVqe2/OoUMYBHjRHqn64uHzvtnnrJKAGUk0EqTdqyRCfWzo3+mClCzeyes2P0z
+zGYzwZ/fo+fIVcT552wWCbJa7KW7XcW7CTzWgAucupK7tm9jOezvd2Zt68lROAVR
+L1F+P2HUQvzLcXVaSqOIHkiySMAKfVEBfwA6y2oBjUkBv0oKuSV8xk+cq3B3sxDQ
+ra4Vw2MjyyiCrw+piIntgqnSrzTviQI5BBMBCgAjFiEEt+XF44bdUAOtVxPgrImY
+jct//fEFAlnd4lsFgweGH4AACgkQrImYjct//fHjpg/+LN+cdoeASfejFq+mU6r8
++WV31ZaZyWpr6S8tH3G3YvPdASkMl1/B5FIEnSpFHIc/JaZp1AU7a2YvhTRgK4vG
+YXZTltKKWShxE5oQ+5Ep70rU9dVlbBMzZau3Z3GKwITSemSyd3qmZSnD6w5UFGEG
+LXT24F6h/yL9EArNbUmfLRptuq07+UI7Hr1qnwBe4ymGvFngJMg590dNnjouDsLS
+MKvH2sMVACdz5N/fy4t63APhKGweluLO8FxAtEd42Dj0wSXDGwoW96eIG2mJsdgG
+Fr6Uhgk3KQnqXEUtJfCOQhaNOiz/b5uhgQ9/kxrhlgk5fgi+ztYUCY9UpXGhVRuv
+d0rmmUpaAGlPSH+Yd1QZexcIkCmKbsNM9yNndx3DuZmAeVIvapA1AsflksGHwi6l
+/U/3QJ7TVO1IZbsiDyoqZyo63RpuP8jsy50r6L2xj+j/ZLKCHH58/w8o+qw6f6A/
+xxdpRYU+P2lpsHRPPDTuTkI5+IOVzibjqMILT5NeYEytmcHpXqrHYN+0TXLY/vSW
+NRiDojU0A2HlEcHFWu6PO+jbYGxDx9jiAtwW0O8UExQTIYoP/pGg8WZKEclG70W6
+nxhnBhwDPrvma4uVmMsH4T9XVaXX+STv26s71qtsouxRHUfyBaN0GYQDs/SELVsg
+gZslolTci4yTHmb0BhVET0GJATMEEgEIAB0WIQRWlObIM8rVEjhhucmZAzeH8Ry7
+VAUCW8c1sAAKCRCZAzeH8Ry7VKTzB/4k5/tlyCypnSy1Xnb657rDbUnSk4TGQD5A
+itDFviXzt3hLW+YjHQUwUBSsi/Pp/w9EoVHd25Y1l7P6ZUlV3NT1iKRH6UAFP0p3
+k9sbFN28+IoS59vl+2DpwHy6DDwj6FV8Cd3UDKeoW+6PuMVPnJlADJYFM9rUhri3
+1YxnG9fHMkGwZGNd7Ye+whhIdI+KgPkmK1or3c1eTFWoHMVauAdg01iXz/F6CbUr
+VoT527GRqMAR6KTkQQ0Ch8elwTtp/5girRH4a64Xbq2pOI88sAASjgfty0JvN8u6
+BQrx1xK/l0D06C5rr/ArYOgx6jsmDtCgfB2R0wH4doqHoe9WFq3fiF0EExECAB0W
+IQS7gq9g2+DPgdGGuTBQKbfQFEC55AUCW8M8TQAKCRBQKbfQFEC55K30AJ4+nUlC
+r+BbW2dM811xEz/xlo7OtgCgwhqe4gO3yudXTqqwW4fsPyj26tyJAjMEEwEKAB0W
+IQRhPku5L/nxcvrPC4LuEaJYliHpkQUCW8M6HwAKCRDuEaJYliHpkUIyD/9oYYzO
+KCbxFDWJWAZo0x2YNdDdf5zZed0uxn7jljURqzCiWIFgXGQLjgsLGxXJbYnKhkmX
+fggk3KY2sno4VS7ms7jqB5kMN/kxU/PiZbrzSCdWtjhMFxufgq2oft42tR3ukW2m
+mAH1lj8vhY0Tq/jXSHuZ1TJoyQdaZlSAKFehzrZNadhIYl/a5sW9XSVLgV5Ic/RL
+r2aeL21OJ0cdnU2hw3sK98fTwvU/RmEGSSJPBu6h5hUMxjR/qTBLEMvVbEaT5QuD
+vGAfampY9pmawqHA7ykUWwTEiBPjgjjNiQ5Znfag91jQNKs3wRH03xf3jH1AOSxI
+LJMmhnzXwuyy9/YX7fC76KyFAfeDU3fVfX165wQDuu66zSn3zJxGxa/FwNr1aI/5
+DhDSXu2lqg3oJx6DiiCPOVgCur6XGJsE4EmHtbuIq0fb0KJHcGXFcsg81cM2/mBN
+R3Gewk6+C3OJlPe73Eq7WB1JghKo92bKfbc50+E9qr0sfZvoiQ28/bpfbCGEqCkB
+sucpWgH0u+xfdPSs473H8YxY73HLHaBiBFlPb5OD22c7ff9rUPIxz1/G/HRvmJDk
+w4aS5PqPwFU6OwReYU6K4lqdFQscr3+VPPxF+eeACKnCciLbAOuvVMC2nGd1nXIx
+6w3ISNKaBofmf3SvJgtvWfgFLifZx3ADB6uv6YkCMwQTAQgAHRYhBJlv1LkSXQzr
+4yYeHBXgoyUMySoFBQJbwzcNAAoJEBXgoyUMySoFJDAP/AgmhccU+8gn5Rgv+f7t
+zjvNaI4mpQM07/gUTPPJCYg+yy+xe7V+OtJedjuSFd+IMKym+iXKLXDD+SA2bqt7
+RcQN/tsbKMTy7k2KraFbbtv3fLGekwgtKcYbyHHYwmOfqYTup+dr/XEYMugAjKP5
+ga6FG3E0aP4B69FBVfOeG/D+z/6VtAqbbsvvNeDBicqL/MGyHnMl31CXUZmcT2J9
+gXXNsLEVWfUdh/uabEo+QoI/ZkqbBQ+6mLKxWgnZ/K5H3OUr7mbiKyKG2+6qfY8Z
+XOCNlekuK0DTdKSaQvmnbqJiE0BFJqucZN6IaEWPaFwocgzH+GteQh6h7iW8hQeq
+2z4Kc7/qW4cOoSdVGc73EZvDWvqoYgBO8MKC9xCFy4fFHnqwbkxkKTS5hTkaluOb
+HSCu19Atn1CcNBzoSO/LnagUQVDMBGmxN6A1mU+lwJnpPOpdlLKv669IrTaGLh6W
+w5KOQwXtM3/PMC2ngM+0640yIP9zVPrUBWxuXC5UHhBppIITwSg0wWBnTu2FF+F9
+SdS7daQ7zG6azEle6qi4XBklvzfnW4YDlc7/grwD0kgRSj2RtnPCMuMZLwlvBNu7
+NAwHHr4ktIw6FcHqvpFT2r+eHcMOiA5WL23nrX2yzD4xj6R+65XBryBh/P+y198S
+I8KKX/St5S7Y71xCgF7GfHDdiQIzBBIBCAAdFiEEt2zUZxwJaLqofeYcXlBxW/L/
+4acFAlvDMxQACgkQXlBxW/L/4aeeBA/5AfHGXU9mrdfpofDigMMvojXoyMBJNIyQ
+MZ7Tw/j64XmC5JOsNbbWJ0wJDWgVj8tI27rc0hYHxKBRo4v5nmLjcbG3Zg1/7g/w
+ukgGhFC1DevsgRKBbMJiF1oiAzp3Mn8smNAqDFE37W1qvhJrHP35py7ycNIpRc5w
+jEiCJwSqLAxXMzWu8fpg3rFatQXi/8VH90TjoAaEXkJ1eCXFoKOacZMwWi/v93Ax
+u4ePlci8YDyZ7EKXoLUuLZeSafFLGcWQGATbTvau6ATQ2EEA6jjgIosXHRUaJKXM
+FC21OQIzs6CejrmCBEovr43JIju0AH7vFqBoQck0B0Lt2g+xW+nSnSJrEOERY3p+
+O0g5q+rl74+G4J4xExqVH/jSdOKP+eknckKLBHLozarOrBJ8y/rN1hUoqLMBQZgr
+g8NdPaIALe+Fub1SW/mVY5xQ5tX6CgaSDGl1UWWpG0NbWU2r/l48FlFZnYeUPmZv
+exXasS53pJ1zXfrnAA1sEGd8KJVu54B56EoLBoVk0pmmtkMpxG2DynlEfRdllZo2
+oLfn9DhcPr2/OJTnTMkNwO12cFEGfS0GAKE7aHrNSydgwysKf+N1mueSbHVCcq5D
+yiuA7gepEmB+bWKqhZPEqBamOSnU6vRszbuy4FQnwI4jQlPYQkTrIPi0CIJnTX2o
+SCllVj6HQhiJAjMEEgEIAB0WIQRzP5dju4GBm7I373Kz6hjuXm3eIwUCW8MyagAK
+CRCz6hjuXm3eIwdMD/9GJJDPKVPacmPIe0eqBTZjvr5mil5iCeb2v1yMacdHTK8p
+JDV6kT7gy+YKsrgF+l59+yy1ELgrcWjWR1HewChr12MnfMVWVLCS5wlJw8YEY5F2
+BjGdaqFIeZyJmmYwQ3PjJ5jZ3AKTS8qSFUTE86hdwFS1NXYaQJrBMieyN+f39PSF
+JtiQ4In+wUhJbCFJkI9l2ZekBTYsd+7saY+E/dxjYL7ayyteJuI5+H99430L50LK
++vWdzSMF8PQGK+gUHROJWrWVsG535iOLVDK9uQWJaBooPpHj334/K9Z3M9YJOFI1
+TfU4ts7VEUBEDG1Q731OpXzJKZrHJ3AVuVDsw+sgTIijXo8oRf7vaU5Z/MN23BBF
+9slvsY4t7M06G0Afvir0gXcbJvPKuCdyq98JOIp5GoJ3tFaOtyUzknucTaND+wy6
+c5wymaUZNc2vcJqYVYrhtI7ZZ1Nye31G2gZvK0yORrormIaGZ3Ah1knJUs5wcNcc
+WgIQF/IQe8r0ZCt0eOJhvbC78VcaC4bhxOx3qYTsT6N6cNpXCdKeOdviNVNVAGTV
+oUyXhFxCMXENNX0zqgMxXYylV/sNT8+jZJ3goMw99kFVYElVe1apbbHZQ1Upl8+b
+ofX0AT7iG1DAulnAO5lnGLltkg/xnvwceWqj8cm/S+l/ki8Xx9jxzXNTlFEWMIkC
+HAQQAQgABgUCW8WxhQAKCRBq9U117gNVoEPUD/9xNvqOZO+knOTIO1gwrldPJfG3
+sarISY/QHw0hu95zm7RvPbvB3USNCFs/34c9NR6qohuEjuXd3yo0BVAUzq9ACSwb
+ocwuRGHOw7dfH8jxQOjLfMsls8Qh6UeVYTXCU1DrDO82yiUbhdCyJZN3UKDsUFAL
+bmEfCeOvTITXSglvKTl49jvbIqlOsBAtVllfStnnv9/DaZrAfh3/aC0DZ4up2Kvg
+DKc5h7fRMtm7fYJJhgdIYkzaKoBxOUKLgcJcuE9wclj76wxQXaVemVoJreZ0qxdF
+9P6vttkXdc7j1yzJwIQgSEUOcy5BhMsh15qff/eMYxj6gASmMQKQurxaKNyfd9Av
+pSmLSL0mi8AzfRdKAax6gwparkKKTQq9g9xZxY4GR2XKYhbPflMc8BLQKB0yHpr3
++798/Wk01z4ahXlp7K6oK1xt8Lw459mKDbI5R1Gc77Ica6/bs5gBDg7963K9PkuP
+VmvgLkbL/W5LXYBXCGF3B+vJwVwgI7b1wtqeQl7CM47AUoTuJE772fD4deK4gSEO
+3c2EJPtTLOXBFswCO1ft9XQ2V9aHGkW5cMX5Mw+so7HYz8wtflza5VcZrhKDx/R9
+XQEHyPb8pYQdZOBAYg0nZpT3/Qp60wujwLBP2vVZ2Ck8daqGWVINsYzAlBazBgdS
+I/8mTAQkR107EE2iurQsUGV0ZXIgdmFuIERpamsgPHBldGVyLnZhbi5kaWprQHBv
+d2VyZG5zLmNvbT6JAjgEEwECACIFAlTKH88CGwMGCwkIBwMCBhUIAgkKCwQWAgMB
+Ah4BAheAAAoJENz1E/p+7Rnzo4YP/jbQIh/QFRk5m6XTRzclq5j8YDuVyrXy2fuI
+M+g9UKRcBTv2Dy/YjfEYc7GSQnrLSOrT/b7gT75LuzXdSBX7mZVJoNuoH7VE0FJk
+THf5TJtuuFjmD17tdoPPj75FMF38qAHHd9pzqUjJKYhcpkTfBrU8yJuKjoFgNvpn
+RVjJdMU0rir+tDIjSLMxCg/NFMQ0tm0o9XL9lQcQxcJpa8zxGv6M8QCPbfQsWPC7
++grBH6+ch0ljpFf5qkqPuDnoHTY4kUaHjKNP21ATrZGUspI9jjUlQZ9aCDmELRaK
+1IbUcmRSySIjtdbM54EQ6kWDrJZjDC7mdpPv2/yuBPY7yb8+8rfmNwTzrI0bVfbT
++6EiiaUzeNz0502yjDNkaVUzd2z7X4WdfokLm5NMth9l2ijpyl+sBHY2ljqAUekk
+c1c0s/HYDqr5HwYQP2yXIcFh58nJJO22SVzLM2n55CWc1v3lXrqKVIJMlnjB6epZ
+4KcKUqgj159dM5t2wWDUjhXQgl9kLN4QfHy4vDkBr/abopGZr3SMC9Y1j9RhJJD/
+eMRU7b+MKoAcpMko0zAbPcxAzjhqtsdp3VCWblKaGOwBwbc5jK38Lrh8MhR301aW
+pRN+kun+w/FAOt9bzvwRnA4/ucZwIYUwYohW8KKzYwH2bOP23ympuL+a2G/q4s/j
+iWFWtJvSiQIcBBABAgAGBQJVB+GXAAoJEF5QcVvy/+GnalsP/1hpf68ZnxklO1dv
+CZsxDplcL5qdYvKA/GTp3cNMV91tI7BgcfRFJqrKaEnziVXKmhQ/u1nFEEvmka8E
+TmLuJlVMCP3L6ZX3kQp4z9tH+TgRhCLqcCBpJEoWc38GSKZ9lEUGJXSjH/dPEGMh
+kVQbs/7ROBj/wLyMinPYa3Uy4LonrAj4ORQPuYVOPNBLP8dMhBy2eBxOriUW9mI/
+ylwEO3+SDy78BOUmKH0s9+LHJmjtgi6duPvuMuiaQqRKGw0VAQM84haxCi2MhicV
+vdgrW+AhASkJlkT0SUATD/rJ9chXKo/ODxmI/VQ4QNAnDv8BWF9vW6JH9RLbI97z
+HF76xVpgOCIzpUIbWVu6f+Xv1tASja2Npw6KH9RtrlQ87O52x5btcyCHAh/7VjhT
+WvscQRtFF3ekaqaMEWMZx2fDlfOlnsrLPAaOJ7nu5/THM/CmO0giv4eOIh9GYG4V
+LH3Ym+lWJ65yIZPrjoXZ3i+zEow2xjz29Kg7x2pcQVY6NNptmOTllaPPe0JumoMC
+AByPxVWfhdcc8zZGih3WYgQ1inYiwgJLYmz1FFF/GljkaTkTvMVeQe8kt+K3C7dU
+rAHaJY/WbwtPFAdkWMs3ZM8XT3K3yp+sJTK5j3Ycm2hGonZfg3YM7SBOu2ILKV59
+0m+RJ/w0zizPk7ARbfxX/wOueLdLiQI5BBMBCgAjFiEEt+XF44bdUAOtVxPgrImY
+jct//fEFAlnd4lsFgweGH4AACgkQrImYjct//fGfrg/9GRfVANnlRc32mf9jsoIg
+X7AWkz8WPighTGWgHFDS68YIPlskOC4QoVvkCaaEhF66TweZ2vqXhNVvIrkduy6b
+ISXjTDX9tv5lcm3I6dmarJOWfPRWdj7fsVFxUjpsN39/RJ6RsGQqqPnny9hjmd5r
+hUY9ilfhM0hxGsoOCIqiyjfE9ckWtLbx/Ozd1oDaomWgMzriPO0R/TtHq+BbmW2v
+MG6wkDuSxQWCjt75441p2kM3J5veBjJird0sKysgWIHJOqAc4rKXRYFLHbm1qQqK
+58hHcKpwtW8nNQ4NNMgfSra1wTZ1Ownk2N/aG8bfZj1bBck25jGb5hn8Tfq7eBnX
+tcNWP7ByEj7UVt1YwYsOmSF4vR3n6keNfCIJ5ZdCGFtQnFCalU8j9XyuBpqO4pub
+BwOa/TmQI2yVePYlII3UDrDXckJNaARQKgXvBLjWMN+mRgD4BW4Zl7vppytGbWY1
+HbhU/1etnqk6bsrG6FPfuS/hxFlHc0XXqms2Gufp4gi7MQ+2Ipj3VS2KrflC/CrV
+Qj1E1zzbOLTuPpScd7gRVQ59cGhTxZ4ZVwrDhVhujlzRgzkVhB+CmXvOqLUNuBB1
+Vj0sypt3h/Y8LIIDlTNGgaXKEM9S/3Bz0/U1VldHEUqqZvTcn0fS5T/kCpl4nxOi
+UNTLP+/KFF+Nu6KR1U7MjauJATMEEgEIAB0WIQRWlObIM8rVEjhhucmZAzeH8Ry7
+VAUCW8c1rgAKCRCZAzeH8Ry7VHpwCACv4po8TfHnCti4qiRjhab6G1LZt0LuSX1X
+VF/4kqQN9iYSdMvkDWOLVTg9oy79QRCGQ7OF5wzU286LTfY9lOSyVDp8oB5t/hBC
+6LgM+F6EjFsTH5xznuYShDct60aJP2yvCUDujq8el+jyHW+iEL3is6+TwA95lYtA
+ZHq5rBkJe6mt9j0cds82j8JSq5VQE0Z7/4iihNeYeghlSeYLCT8EC+Lixbzl9fgf
+kMdQar+wlfqpSgy90Vafuft6m1WwFh03rOOB3FRnTnRCGCcYsRfXboZegkK7Xk02
+475g/RvZZe98Ik2sKUx4dbIQdPPJhJbG8ydOhrmDeR8BwGj5IUQwiF0EExECAB0W
+IQS7gq9g2+DPgdGGuTBQKbfQFEC55AUCW8M8SwAKCRBQKbfQFEC55A2yAKC8SLXp
+lcLRt58sCsJLITuNeW0edwCcD64dEB1q8Ch53IWH+Kn4IIVyvm2JAjMEEwEKAB0W
+IQRhPku5L/nxcvrPC4LuEaJYliHpkQUCW8M6HgAKCRDuEaJYliHpkam/D/49I0tp
+41dBMihn2iw1kLrmMSLXaRe5aX+hMg07V9hpL3fmT83jSi4XpA99KaphONRfqrEX
+jl4o4rj5H44rLWZ9c4JBRtugfYgDhoRRsJa372fEYXWLb/dt7PBR0u8ufRllnKhf
+dNwPFlumtUREiqqnft4hbpNz+C1cpjqYSCx86s0xmAQj5r7VOV/9H8XUvB3/Q7wu
+1sR3w8Em0VbKV4wmic5VM5h6VuWUb84pGbc79g9uiu92aODvR1hTWceh3BDuzmQ9
+JqG+isfTsIb/pTELJzP5ABpgYbpC6pdRrbOj7CSxBS+VVDYU2zls4lcaexPlpg4c
+zNdnFvss+KnL8j8U9OS5IlmGBR8VJRYHrni9/ZpPgwu5SyX9M56E+cQ25wokN8fM
+H6dGndZ/o4IVprfAxXCwglnx5d5uaPTHmsbSD6sR2WcZg3s0I/ylFuuXfcacF3wH
+AJaCjaY/CPf3opTbY3dY98/sWtSqpK2Ao1HHWmQkZJhIHmVuOHh4lNGI0h1KYkj/
+r8WbMdwJC6vT0Jbpy6fHbFH+EQimmjcqdiG2g2OCs2MU5f/xQvEoZIaCAfjDjTYY
+lLd3cTH53/aMffN0kBDGvKqMTimEa0Mf16zfH6em6vAVGEidsQJ94jcz9EfM/Tge
+fymh7rqq6ISJE6sq0GB/nLtbgsbr3UP88Ggvc4kCMwQTAQgAHRYhBJlv1LkSXQzr
+4yYeHBXgoyUMySoFBQJbwzcMAAoJEBXgoyUMySoF26AQAK9g7a8k91pYS4yYnWdK
+kSLLl/b3vBnukRr45dqU2qxoxFeHGcGIhOaE5xnSMWx5ra1zqGPbYoOost/mq7MJ
+KaOwjXJUoj+KXdeMs5eKJvR4KHSfQbBJ7BoUjjBNdEBj41offE5GhObBWAn6ASHT
+KgTBAX6Lt+N/D0BlBpll34THnAyvXblrmDPUCcL0pvw5Yt00uYV/HYS86OF2zj5W
++JdgzJFYoNKuwDYwMb39KM0C3/mnb5S+cFSvLCs+qVKCVzdt7tbGO8zQu4dgA/XH
+iNfourxxNLgSZLXgwtOOLq/RYkbCwRIGoCYv3HOGGfWT04cg7O4F0wUYf+82MmrT
+lqd3Z7JeM3jBEU/JCJbqN2pqNacBNxeNhM+dKSj8DKFjHm0ItWZOacEaSNczeIae
+hpjq5P+D7wXf+JMDkrnYwoU5bgpwx1xrJQvVVgiByQvfTFGCaaNFIGG6n2UX9c2B
+EzyxfHM7dMsWYWiJYRygvdEDM65lQ2dhWW7oO2B4y5FvuqNWHm2qBYgy1XKGDeBx
+QpjCzDPMvNHd1YDg91bIraB9f1+1EiHbMJofJP0Uds0zr1Zd4KBZAO+CC/UNvTri
+Vk8JKjevrPjMZPvzCXLpUYPCw9MxD6ZfkbUDPxOL+sX/856BjMlB+J0JdVgBkP9k
+JOqARqmvX4v87D10HGpvn2xviQEzBBIBCAAdFiEEqEV7iIacLNgYR70IuAd10BL0
+SI8FAlvDM7kACgkQuAd10BL0SI8KkQf/bz/RW0uLGuckqpthhXM4EGv2uDp9cbZE
+eoBUf+xK/5vRyBZVeRIM6jhGv+zjhVr6/y+OmJoDRfJnzt8Az+HNvoIW6Tu34BPj
+nmg7VWDb3OosD2nyi4Pkn8mmJWQrnxQiKYWVo6l3zgAT0s4dmrUDGSTUS932Q2yO
+p6CMrH2cmNOpulG97qtOJWf2NDiaunIsc8hD4V5QNS+C03Lg3oDrSP3z1CehjpvF
+nwyQnSmNJU1k1hILzSpBMGrilGZVdzprIIowOga4v61WNoWFpJkdYm5edfIy96kc
+HsXrKMlR+pjDdVexv3EzyK5FEMOQd6ygnV4+e22bvNyvrQ/AzneFS4kCMwQSAQgA
+HRYhBHM/l2O7gYGbsjfvcrPqGO5ebd4jBQJbwzJpAAoJELPqGO5ebd4j3l0P/1BS
+vkPLLbzhh/6TRvTTHZ4GSYbLXov37BCbUAHRhASewcv2ryENKIf3EDVk5BB5ZEug
+czU/shy2TqTA5Nb3JNRrEqgBGSn27OLmYFXHMzXRxREUsRAgG25xHQVEEj+/tk12
+angSjPek1e7KytNjdKh56cuhTDa9QUuADHL0wEZpcgHBOijFnB6YqFqXMiskjTjI
+o/gKoI+LQ4J2buAzq42bQiBsidUPMeB9e2vwq6ssBSo6axyDUQ4AAFK3X4uo2HFr
+J6Qt5uUjwSt/L01nFnNjQEDx5m9NlpXi2c5iS3Lm6+Kx2U5Pcvs/C8AvVklVJHUb
+BPyVfnIuggx02PX1iTG6Vo/l5I65swVVj1dojuSoiVMLSiFmR8zgLkPP/elubWt1
+z6exSSAeb4xPREKm1zqROcINVlYcPrB80kBOSww7ixS6O9gxRxhDuHbgapzjznJF
+Vnren+zNPqJ5yTMBwqUgZAEG9TXOFNHYQO1FBHPEbBI/ICO2kIcCtbXG+PQbAcB+
+lirRLchlZau0YQxC8LlT8Clc30W8ZjJ78jBY5tbN4ArQnZZqwEA5mOZ9lcHIbwbV
+ny5mRAoqnu463qpJThtDBvEm8Ej0mXayd2PZ8Fi0B4kg9M9aM7w4vAX4z83fOMcw
+EyPKYRkAkwoQ/yvxDfYqowhcOyMzAk4JPkdXeBndiQIzBBMBCAAdFiEEktPR7/7Q
+ieSQeRfBok0RNW6j3zkFAlvDLyMACgkQok0RNW6j3zmgaA/+O8tj/8a536he8yzJ
+OJmxIm2MAJeAJonCJYLUXawui6Dx43TgcbuqEE2DQ3ylhtAMdLwmkpqCZ+HV+sya
+8FkEMscNvJ2rnlCieMs5eEfvEkuAh2gqI/ZmNJyZUbxPo69/8BYxeR7Iqg1DuWJ/
+E7qHMd/oHocSyw+9YS1Qf82lHDges0fLwoSibAVhmw4GsEKIjZSvRi8Q2Ng62GN8
+nVAhgRHe4tJCaOE7B3naZJ2TcsDWaVoGEwD2DYwhi3BnjU7oFcg0leiA7+6Uh7x9
+uL/0wb2QmH50NvVo/57W+sqRFbqDoTl0deSZIpaA5KjNpAy/rApvIYi5mP6LIqCT
+FJiz94rcWgtm9Rx6m4MjGbMGMkVm05tp52V4VQ7Meck4L2w0X77P/TAZ1AIlYKe3
+SojBpIMn8dxiN4E6GGsaA+eQn119ZX9jghz8gDA7PXb1iwkfawrnr8ajSHwcGVR5
+AYYaMuGTLFWYMHcN6ZnzNo8LCDKZuYk4BkvT+3wyvVGVemyc9wRo4c39XrtaXmms
+3+riWsE6LhK6rZLWnrAxX0NaT9XBKXqJLKJM+AbDOhLT1YbZSzgwxJl7zF6PT/hw
+er4/BxCFjX7sHgt49VeutlUmimM0OO58CMfEs4Q3UiLdUOpdATB/OUBtLGRQxj6m
+dVd+I5/ztbe4PzNXNIVS78Ty6xGJAhwEEAECAAYFAlvDZ+QACgkQV2ZtHcFUWHmt
+Vg/+LZSRMv57LtZm7dVBiaxh3URIDR37PkDlRdfPQb5cJr8j1JcBIjM0VFMsY6CZ
+X/zgZIc8mEXulwx9yXVc4E/OvM6qZ7drWq6DXSLpLEO7KJNG/PX72S8Nl+A12dxX
+NoiaSedVLZiA6kv8IoTXUC4zvmqaL9fIguilWCJCeK0AlTZlp0eBGw5TuuI4ffdm
+lfVO1MLJ5mgWZefRMMh017dKkZCjzEeVL1fMEPuhxFWiztOeVd+50La0pTeWmmWk
+o0op33e8NyjPOOYXfTML70Zr8vIcRe3g2nCq+3UU0YAO4raRyH1f/uqV6lpg8Uqm
+7zmcotKiRJuf3ReH1NL1u4EFubdQE6oWVXcieB4Wu6K+wPgM7uBv6sr57xN55BZG
+iqdtGY4w4VMK0ElylVyY7DWUdvgPB4JmHAxLQz8K6tcMOW+SFpbM28R/ZCJiLkGL
+tDAXr1E4jZG0tuAklapWjFbp2Q583mMHwcvistrbbvjbMZWeUP9uz5oFBlvDyF0F
+k+4F+3rR23moW+SZpBNxAcSfu8uzHs0o0C90uKfdaZL5fKMjXZNoIdeRXNdCY8s4
+c2BbUrqRIn/qmtlINXrHpRXypBrC2eDkjRGuapOOJ6d36C8XvOoR74T/w9V8m7Sp
+nUzZuFJTJitfEgnAyA7S+ecP7UYyVUj/LT6/V0BcRFU/AjSJAhwEEAEIAAYFAlvF
+sYUACgkQavVNde4DVaBmmw/9FB4m/SEqakuytfTydAZu8WfVmZoQjIiP1xt8wQRg
+Ajf2zajeuO1+0ThR6EtzyQKJLNwfWMfCoLnMRNzdQ6+gplIhfvqQGsGjfOXYqITN
+mqq5Emt6/d+WVWF/uqexS6HTwq2Fh1FxJsKQoh3+W2/Vn+GHu1hxJau+TTh7OOUh
+gAyYk4e6z8XuFg8S0AnKsGbKtBCkMOfBjttapXZUUvGDyq+ZwDlY4EQPXjXaTMgW
+/al2FGIPAyTt8JgeouzpA1iDrtTc1gWs+MLpB0y0XhpXtj5ahK6CPROY3+52ptWi
+YN3iLjGtqnDBcqa7A8wKiNiYZ5Ke1bwm40/nlEIS7gRLeEDyTV+a0NshxxTKivKR
+WB7E63T123aO4tr8XfVcrTqtj5QVMNrI9e+JpUhI6/v5ZYpYQCafJagppbcSwQJH
+71v36M8UBUqQEuB4e5bvmx0SPz8cuzBX17HMIgC9nLDhuRKOp3q8vT2g/k/Yh1L2
+NBlyGveIbmKa5GudcbjWmK7+GeXn4lrl4lBznMqQjIm5sPj9qqd4vvLXONUL6FhQ
+USAL7+Ld78SxRWv2JLK/j7UkwN7f+srBRUgbEus3lzj6OExIHIBmUCCJUS0kCOSJ
+Ecp+qlanOFN890KzaAg4AIn55Wrif5y962T7NodvHn/63lnBoztJE+Fha2yy36n2
+FPi5Ag0ETl8mkQEQAM4WIsHIK/1+/39QZbh376iVXfc4NVdE3ID/Lozz9JDanjkp
+ScpikwugDwguVx+8JdO2tTyo6JTzpiZ+CoaxmjudJpUTT7fD5ONcAd1stpHKUQFw
+JczU6LSXpTQCpmhV5s13pwumxjymKRlotxLdr9+zxFl0e4VTFb5oj4Ik2wu6sehc
+It73AxM38C8smFRrRegPQL2Xnq9BE+WUF2yyY3TOVAK5TP2MbwQTkrTOiTYJZdNH
+NlvjIpZaxHKOLqytNXSmXn1k20nitmyssIzv0aEC1UdktWIL/gD1Z+SjrJQB7/y5
+6Dx7o6gr6J2MZZeo7a211TLdblejD6bMjGaH4CTnjzmkMtDC/2b+FUc3x3/GlQF4
+hWB4iaT4aCjiKOVNQgaQyAeRTsv1BUoqf8LDytW1/MdalLYElKS77t69HEQ9HSyt
+7QHU3sjAG6qgso8yWn8ebYCefm1lyZSP3BbvZ/UpoKuB+aGlXjteaXQhIRLRA1Tg
+ijiGA3Yw1dTcz2Cb42w4UNZw4r55yN60QDRBH4l1yrRPltdyAaX3qEg44U/Z7LU2
+YTDX+4JL1O4ZE+snDVsTPMpuZLvRFkxCLG1FTXZacZRXfzlFzw6YWhpnHUYORO3f
+Ghb+PKMKYEloTyLywjkVLHFbvaPts96dCxWyDrcMOqhgiLOLJo7qC+/Sq8k9ABEB
+AAGJAh8EGAECAAkFAk5fJpECGwwACgkQ3PUT+n7tGfNv1A//dYWV+vL1jiL+X4vR
+SCrDM8bBmt/cZfN5O0i3HYPMdSD9lVr9O+WYKJogxEXX1ofgEO74rwZxGw0crrMN
+8VM9SgMZ3jioGI15NF3INnA1r53GNGhJ4JVnz0KV2NKtshk7CtSxrjoR8qplwbMM
+ICVgTIERVP1enuOb3FEtbhI4rcy+2UTw3hwURBhIfUotVFO6SKu3ZLscItbiNxpT
+qTpL6AIp9UOrZjcqfCuFs8P+57uusAHcp6GYhhIhNIdXf64RQs7gtdLVW71z0diS
+xu3KFWlrXOx0rrm7RTAQn1VOLl4W5oBPvcF2ZVQvd84I74TMtpP0MRDFgLuK0HHF
+VyDff0vx76rubQgom6z8ajiIa6MfEmd7z9xhQT5PU0FApYY6H/kW7ao+f2h2IIjz
+/+QjHuYn0CqqcjkkLC76RAgQjHYO9NIpL9Gi9O+I2AFz8YjOK3hOpxMrF/LjPJtx
+BXGFEwP4ud+hzDMjwaa7PklcmDPUBuSDIgbNvsVNA6gn7AkbQn6NH+DImdrpzgpS
+r1FHMbjIWqpXWbAZtmOurxn9f5ZXPKAgMvlV4TS4NZqnWT5HZCKs2b5Ped2L+zAd
+LP5NmyzJrSIyVTJ7JMLLfCLaWu/qsHRGt1w86gewg7uMPdA1IEvjjXaIWNhYKUq6
+ik+DNrq0Y3fUuRg35QHaPTcab+eZAQ0EVjikBwEIAIhTkdGQEbdVwF8lqp63Eigp
+0tHFbdeZ4LCu4sW3oM3erxtO2w25Awkdrw5jRopYmheM5BJsGgpIZUAUpOakJR8f
+i+ESu3wNarKCVF+KjYvdxN7jwZmOI5t1ctnGewg0DHZZtymgJEpON1ZfQwfYmD/J
+/k9Lqdv6CVyVGwNCZUZCO33a/bec12wKnwj2uM/X5tDLmIcHUiJC4UnoMFAmGBZD
+OSxPZrNnzdoAO9zj/4WDtUVhLNkeSn3w1/LNSSJTNiLQjk7Lgq/Khd5L8Jf1a1AY
+zW+NkBdeIP44MnQ68HYSwJRPq3iL2lZaH/4uc21FYhWfw8l5BsIA7bAmUzFfbwEA
+EQEAAbQoUmVtaSBHYWNvZ25lIDxyZW1pLmdhY29nbmVAcG93ZXJkbnMuY29tPokB
+PQQTAQoAJwUCVrBxMgIbAwUJEswDAAULCQgHBAUVCgkICwUWAgMBAAIeAQIXgAAK
+CRCiCO1PivWERnTOB/4jLvex0M+TE5iL/FUki8EHyj6648sOCHnUHHnS+slME2b7
+1iAvLJxClDJjLD43Jj7FL0hu2LOnw+5PQZrhLyB1WEa1tC0tLvIkPuzCVJPI4FH7
++AegmBrGYN6554Hy0C/YRF8mOGngL58hrumJTgjB7vC+CvDp0714WQG/SgcKqk4j
+kIz/Iep2vj3dCifdh+kJkaK/nnzIT1euiOzp8xLByiVbCOdlbvYoVetqvJcqIhOH
+Cglv045lZcAp9kP9pm/kEzHM34PhkH6SrR/uodshOH4p3Ux0wGgwUbouDvHUtjlK
++GB8cYXdRny0tvdGBYUO7CsFNzPoRC8CvD+VY8DltC1HYWNvZ25lLCBSZW1pIDxy
+ZW1pLmdhY29nbmVAb3Blbi14Y2hhbmdlLmNvbT6JATEEEwECABsFAlY4pAcCGwME
+CwkIBwYVCAIJCgsFCRLMAwAACgkQogjtT4r1hEbMMAf/WS0+yuheoWrxCZ4qYQo+
+AjlaenFTPQwrEDNioj6gjST/eAaQW1/+trFPzwNrBSenDE6bwPcPdL51mXg+30fN
+zHLWrBPDsMqBlPTIvpBbQ/bVqjV3JnU8I8dHfdKmInJRrCJM21gDTprQdqfBfSHJ
+HgM5TG2+fUxpdLIAhBRknXt4+TuE272DJf6gHxnDs1oqQ6kAxC0ANJyEufFXJGeE
+RN2OsFtSygOcUiHeXwWyM77RGf73gkS9+bCoftiuM4gbKSibk4BbUVBZJCs28fDn
+AsmIstZldUGZgIuy0vUfH153DTJflN+CIGEvRUwk+nrDIwYkV0pr9eZ0lz/OFhwz
+J7kBDQRWOKQHAQgAjr1xEZh1yglszi94+HLNFcgRPgRNktg2vxOGf64dAreJvL5i
+DrS2lrFMknh5BNuj7nJZ2r40OOS91oH1qkVk+v9Cyo/3xwCpCOPQCkhzHpuQWXoM
+GMw/3/0tG6zTxnYdC999faCH0lLA8oDwHCHlZSHgsH9+qSNyjaJXvS+HVoGYzyua
+nU6OTM7EM5c7RCPhNjT9JzHLISnwaxgDpwi7Ez6yudcrg6DqS/uUwkyNtWyesx1D
+F9y2VJUNwa4NKIJkSH+niEoxK9NBfBAmAKc4o5+KPs6BvpvpiYY9gTKaaLypPHNc
+veQTDFv/26XHyzrCZmwuGlcYBjboH/BWzKbhuQARAQABiQExBBgBAgAbBQJWOKQH
+AhsMBAsJCAcGFQgCCQoLBQkSzAMAAAoJEKII7U+K9YRGXJQH/3PtQG0AkrXOpkOM
+XFLTKdCEViNNHN94VIaceVn60zbmXzxhYeKz7K345/EqATi3P3/yDHcht7j3uYPh
+vaMjy3smN6vEwX7Ue40PbFDWmm8mHpLdlOfPXF0SRUD8KTSD6+W2VJfEcDI6DDfU
+mCx9yYZ1U5u+O8Aj+1l2gdQbgAioPnQgqzf43qgnRcsfNmsVsXg7EbHspRpJOR1X
+yXl/9KrDP7p6kjwWTQ1NoRjCw0qaX93odLeKIpd2riShlB7GteUTps0IfuiL94CA
+58PV2YvZapN1KmwDohHU8rndN7zte7jbCyv1Vv9tP6Ns0TvycBAqlOZYdgabrT+P
+ccb4jCeZAQ0EWOzWBQEIALuqBv3556Glk00Hu866hDtDEOtLeyVXOJA8ySsKYIwa
+cAHzaTa2whLLzfx3XdwBWKtly1o3hlduwfwL1l3aMh4zamHFgl58a+P6fGTlPEEe
+hi+1silIT3QPbqxzOowiwe93UVkJiTqhapGbFDmnguiLZYTWhgAuGYRrEpvtNmnJ
+U+6TrDTO8DH834uoYTESqs+fuOVw6Ab84th+Qucq1LB3yKsHhyq7m0en81a22xVX
+Il5+CKZts7pH8bRTTSMn6eo97k1KJ2E15hoRnnrshlduxhzbRjrx1wfqOZ0mVzuN
+HSJYlGvUKnbtNTatOZXRfUAlqMqcsYkXz8t3QLz/cuUAEQEAAbQtV2lua2Vscywg
+RXJpayA8ZXJpay53aW5rZWxzQG9wZW4teGNoYW5nZS5jb20+iQExBBMBAgAbBQJY
+7NYFAhsDBAsJCAcGFQoJCAsCBQkSzAMAAAoJEG/8M0ObDQTfcIcH/32n9IqQwvOq
+h+rNjl3vHn3on4MdUebEIIg3QkhGtBb912Rdbvqp2lJxLDtgI1EolYbmab1HRRBX
+h0x4ErGt2yJSruyQrTPp6RKX/dP7tAghTPHtiZ5JK/KjhvuBgjbZ4xiy3ge/ZVJo
+EOuxzPfZlK+MOz75RqT7eH4mBvfB4oBr67OTfAzbYQOGRXNSsRzhHr9xCGXk1zlN
+HheyXrwpPm9wD2RahRPRXscagv+HKI7W8taDLY500C3iX7ux3VfzJcy0ub4m0ru9
+6VFJRrdwi8O7WT7oJEZvxV/QtG7sXfo7dt+ryRAKxu3er24Hmk1S9iVhowEGnq/J
+RMOIg1ioRj25AQ0EWOzWBQEIAJ+8XbWUGbMEpYf0gEfnxznD6WxBf3j4E2GWiqfG
+YHd5rQPMErrk0DXmxCwSWjJf0+96KNvJ4wrQ/G5gAUj7R7OChXWFt/KZeaEBCJQd
+0de41pjBQ7+kVb8cRTBt3gCLWC0xEkbYn7jk9T/Rqm7fOkkmt8x2i5+jk83M+lte
+R1aFbwIIA9dMuG5lm5jz+a1Hu6fK65A2V8lsBacp3+D3NNXIwl19UEh7u1H6Pg1R
+67BuePT2iKo/TYyLrfD/G4pLr8HoU19wXEkJq4S/yzoYr9oABZ3spTSafNoVYaxq
+merpBHSC5EY/D1t2QfR0C6pUVOVjxaGjYNoaajd0kA4BXqcAEQEAAYkBMQQYAQIA
+GwUCWOzWBQIbDAQLCQgHBhUKCQgLAgUJEswDAAAKCRBv/DNDmw0E3+DaCACIyXcU
+OmgyGqFXmRXC8MVzc5NcKEE6amh13Cwb75xjmXI9p2nvcklCiIAF4MrJJqR22Hko
+k0SqlcrUb5vjJw2/CZ4PNdbWM1PaB7AyKmiqvM4lpFfH2hR1U1miQZdM8V1CXmzO
+H6DGwuZNU3jUNyYvEbidIxBcJT282Zp/jC9hZFGLL7VL1he0hUvF3WyDmQo9RSe0
+xNrLCTNN+HE2VaTEk7L0dAcVS/NbOv0BJkdB0LqlHGOAE5ahv/iUxO/6FCpxjtb6
+qfCQwUQXjRrMSTSwdSTTlKA015yy44aEXfRnMH9zOPKYbZeJMFOCsfc8fU3LLuac
+V5Kv6l4aJyRYJaN/mQENBFwsoP8BCACU+waQJk8NT0hkuTQwVEJjHiLHsHIPlj1w
+487uzBVnZ3jaacd1iPz6v5OTDVcT6qaQ2f6NQosNpuLKzJr4lZTxRC2dIho+R7Oj
+WKQ4vZ/XYbjRH/52+nT39VHEF6yTYj/rVDZvAsuu8+sTJ4hkiGkqQv43OfDtbMCR
+3LdkwPNfgZ5KCmdFrmcOg3kovaUbffBhe8mFwZDVws7XnZJntvrhYi0zRH3MYmLn
+d1WBBiVWcvqZDQsP8FwssFtmcjPgANpHBC/Q78eaji3XhcL4JGcpzok7nV6nbjkY
+q/kgkxlYviyRdIW/Xm8tZWyFDjOktKFBQv4+S02j1D5Hqb8YUc8lABEBAAG0L01v
+ZXJiZWVrLCBPdHRvIDxvdHRvLm1vZXJiZWVrQG9wZW4teGNoYW5nZS5jb20+iQE6
+BBMBAgAkBQJcLKD/AhsDBAsJCAcGFQoJCAsCBRYCAwEAAp4BBQkSzAMAAAoJEOrK
+uQsZY+wr0xcIAIEUvf0YeJ0LRN6uNo0IXuEqq/G+wvjq2drc/AQCxHB4yPyF65ad
+0OQnphzCRTRSPmcVmRqNkqxc+BvORtwcX0we/KcS/4NshJ1MFel3X79jXowOPSuJ
+zp+IwGWs3hkvTuI9U6dT75i+8jfG9XFDjO8q1l9Nr2WEmxXwtJ9vCIbLShMV1tnJ
+tsW75obyhLVfXGIQBqYSDEWXwLEccILI+mizvwWPk+wI2ReefXUDi1QIn4Ckbv9T
+wKVlI0wrHoNCPhz8Tp25RzUktpGT+GyGSAgDMRBBP35BRGF/jUF5KrmmYhC9XH5z
+a/XzBL2lCj4xg0yr0nV1wGpPdAC9SDw8bFW0Kk90dG8gTW9lcmJlZWsgPG90dG8u
+bW9lcmJlZWtAcG93ZXJkbnMuY29tPokBOgQTAQIAJAUCY2TfXQIbAwKeAQUWAgMB
+AAYVCgkICwIECwkIBwUWAgMBAAAKCRDqyrkLGWPsK3dpB/9DXbiyiFn78wyJaI9O
+m0bhcjaRG2RN7+ECGEHbTpbbMlOlOteWbl3JWEzcuvPiUTlI8Q6vf/+UAGFyh9cM
+cayX7sPE+iH1OUKu+tgSDi1Qb1USAORg7wv038KGQhZcRpP6XeTBcBFjQ+sFvp2Y
+upUhSSj6DcxYCdtDVZD9MpENOU/jtu0n1cxeYkYwgY+40+I/hju6dIMK9PCypQmN
+faKJnd908EoROU62OWQ0kmaekfsMs8LqSijHwyycsd3wzAm/wRNZcG9KMjlLKtAA
+pWbUNRdgeD80ZY/OQxCy4ATyHsmIbyujMHSQQscfenQvAITq3cysaLI3F1HdBOdX
+chVHuQENBFwsoP8BCAC+gR20VVklctCTUykArlBpfxd6LHhHJW1L1oImBmkujUNZ
+j0kiSWDYPkdDn9fpztiZLUqM0+YKvaQHwBqYEDyTmVv7zk6PG1iYeiucVWZ4uSXJ
+f/ywDHwwVBcp6NRG+rfvoy+tBxoFiBFgykm/Fnr1l++ppeGPvsZBt4HheTRzYMR4
+XTaQ7JNrhwpykiYM3yS6ithOxylYxKRU4NpHuRTlv/OjdK6VLILi0UDiZ2SbW9At
+cQXX+p1C5LOh4nERsbnmsdlzZeb4iCu8Inz1MsPGorX806K5ZWZBeWGQMBYv5Y7I
+pu5hwz1T3UlCmzxtfbxVZQW0fADVH5fOvTTJqYOXABEBAAGJAToEGAECACQFAlws
+oP8CGwwECwkIBwYVCgkICwIFFgIDAQACngEFCRLMAwAACgkQ6sq5Cxlj7Cs3mAgA
+kj52FeeO+wOf3M4YwZNUwz4wYsIYET+V/j1vzZHTAHJNc6w+TxrF96bmAIEzKZ9O
+0C3w3YQy3NPfioXafID6dkkoYKUth+XdBvklh6G6X0kqDINoowtrZrY4u2QjGFi8
+lEEe0oqoRnIEftAaq2Aaosj5Bsp6/IuzxHbzDYI/vYSWG/iygejsfn/0MXPmOZkd
+7oOf1zuPhSp0wItuFBUSzN3UrTM6+D72CbVn4/JfayvMldpyb9hLxJLUuUYyomCm
+96HeMJn+KPTvsU/c1jCYyBCvFbr9QQBR6jenGhwVvVI0nUCnnCy70dC//miyE4vo
+y6CI3b5MGO+W7v8asfDCgw==
+=zkWd
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/dnsdist.lua b/dnsdist.lua
new file mode 100644
index 0000000..89e39dc
--- /dev/null
+++ b/dnsdist.lua
@@ -0,0 +1,10 @@
+-- this is a base example configuration
+-- for more see https://github.com/PowerDNS/pdns/blob/master/pdns/dnsdistconf.lua
+-- controlSocket("127.0.0.1")
+-- setKey(please generate a fresh private key with makeKey())
+
+addLocal("127.0.0.1:53")
+-- newServer{address="8.8.8.8:53"}
+-- newServer{address="8.8.4.4:53"}
+
+-- vim: set filetype=lua
diff --git a/dnsdist.spec b/dnsdist.spec
new file mode 100644
index 0000000..5bae01b
--- /dev/null
+++ b/dnsdist.spec
@@ -0,0 +1,172 @@
+#
+# spec file for package dnsdist
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define home           %{_var}/lib/%{name}
+%if 0%{?suse_version}
+%bcond_without  apparmor
+%else
+%bcond_with     apparmor
+%endif
+#
+# this should only be needed if we have to patch the ragel files
+# in which case it might be faster to just run it locally and put the regenerated file into the tarball
+%bcond_with     dnsdist_ragel
+
+%if 0%{?%is_backports} || 0%{?suse_version} >= 1599
+%bcond_without  dnsdist_re2
+%else
+%bcond_with     dnsdist_re2
+%endif
+%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1599
+%bcond_without  dnsdist_luajit
+%else
+%bcond_with     dnsdist_luajit
+%endif
+Name:           dnsdist
+Version:        1.9.7
+Release:        0
+Summary:        A highly DNS-, DoS- and abuse-aware loadbalancer
+License:        GPL-2.0-only
+Group:          Productivity/Networking/DNS/Servers
+URL:            https://www.powerdns.com/
+Source0:        https://downloads.powerdns.com/releases/dnsdist-%{version}.tar.bz2
+Source1:        https://downloads.powerdns.com/releases/dnsdist-%{version}.tar.bz2.sig
+Source2:        https://dnsdist.org/_static/dnsdist-keyblock.asc#/dnsdist.keyring
+Source10:       dnsdist.user
+Source11:       dnsdist.lua
+Source12:       usr.sbin.dnsdist
+Source13:       local.usr.sbin.dnsdist
+Source99:       series
+BuildRequires:  gcc-c++
+BuildRequires:  libboost_headers-devel
+BuildRequires:  libedit-devel
+BuildRequires:  libfstrm-devel
+BuildRequires:  libsodium-devel
+BuildRequires:  lmdb-devel
+BuildRequires:  net-snmp-devel
+BuildRequires:  pkgconfig
+BuildRequires:  sysuser-shadow
+BuildRequires:  sysuser-tools
+BuildRequires:  pkgconfig(libcap)
+BuildRequires:  pkgconfig(libnghttp2)
+BuildRequires:  pkgconfig(libsystemd)
+BuildRequires:  pkgconfig(systemd)
+%systemd_ordering
+%sysusers_requires
+%if %{with apparmor}
+BuildRequires:  apparmor-profiles
+%endif
+%if %{with dnsdist_ragel}
+BuildRequires:  ragel
+%endif
+%if %{with dnsdist_re2}
+BuildRequires:  re2-devel
+%endif
+%if %{with dnsdist_luajit}
+BuildRequires:  pkgconfig(luajit)
+%else
+BuildRequires:  pkgconfig(lua)
+%endif
+
+%description
+dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life
+is to route traffic to the best server, delivering top performance to
+legitimate users while shunting or blocking abusive traffic.
+
+dnsdist is dynamic, in the sense that its configuration can be changed at
+runtime, and that its statistics can be queried from a console-like interface.
+
+%prep
+%autosetup -p1 -n %{name}-%{version}
+
+%build
+export CFLAGS="%{optflags} -Wno-error=deprecated-declarations"
+%ifarch %{arm} %{ix86}
+export CFLAGS="$CFLAGS -D__USE_TIME_BITS64"
+%endif
+export CXXFLAGS="$CFLAGS"
+
+%configure \
+  --enable-dnstap \
+  --enable-dns-over-tls \
+  --enable-systemd \
+  --enable-lto \
+  --enable-dnscrypt \
+  --enable-dns-over-https \
+%if %{with dnsdist_re2}
+  --with-re2 \
+%endif
+  --with-ebpf \
+  --with-net-snmp \
+  --with-libcap \
+%if %{with dnsdist_luajit}
+  --with-lua=luajit \
+%endif
+  --with-lmdb \
+  --disable-silent-rules \
+  --bindir=%{_sbindir} \
+  --sysconfdir=%{_sysconfdir}/%{name}/
+
+%make_build
+%sysusers_generate_pre %{SOURCE10} %{name}
+
+%install
+%make_install
+#
+%if 0%{?suse_version}
+  ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
+%endif
+%if %{with apparmor}
+install -D -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/apparmor.d/usr.sbin.dnsdist
+install -D -m 0644 %{SOURCE13} %{buildroot}%{_sysconfdir}/apparmor.d/local/usr.sbin.dnsdist
+%endif
+
+install -Dd -m 0750    %{buildroot}%{_sysconfdir}/%{name}/ %{buildroot}%{home}/
+install -m 0640 %{SOURCE11} %{buildroot}%{_sysconfdir}/%{name}/dnsdist.conf
+
+install -D -m 0644 %{SOURCE10} %{buildroot}%{_sysusersdir}/dnsdist.conf
+
+%pre -f %{name}.pre
+%service_add_pre %{name}.service %{name}@.service
+
+%preun
+%service_del_preun %{name}.service %{name}@.service
+
+%post
+%service_add_post %{name}.service %{name}@.service
+
+%postun
+%service_del_postun %{name}.service %{name}@.service
+
+%files
+%doc README.md
+%{_sbindir}/dnsdist
+%{_mandir}/man1/dnsdist.1%{?ext_man}
+%{_unitdir}/%{name}*.service
+%{_sysusersdir}/dnsdist.conf
+%if 0%{?suse_version}
+%{_sbindir}/rc%{name}
+%endif
+%if %{with apparmor}
+%config(noreplace) %{_sysconfdir}/apparmor.d/usr.sbin.dnsdist
+%config(noreplace) %{_sysconfdir}/apparmor.d/local/usr.sbin.dnsdist
+%endif
+%config(noreplace) %attr(-,root,%{name}) %{_sysconfdir}/%{name}/
+%dir %attr(700,%{name},%{name}) %{home}
+
+%changelog
diff --git a/dnsdist.user b/dnsdist.user
new file mode 100644
index 0000000..d36b2c1
--- /dev/null
+++ b/dnsdist.user
@@ -0,0 +1,2 @@
+# Type Name ID GECOS [HOME]
+u dnsdist - "dnsdist" /var/lib/dnsdist
diff --git a/local.usr.sbin.dnsdist b/local.usr.sbin.dnsdist
new file mode 100644
index 0000000..473a0f4
diff --git a/series b/series
new file mode 100644
index 0000000..473a0f4
diff --git a/usr.sbin.dnsdist b/usr.sbin.dnsdist
new file mode 100644
index 0000000..5539243
--- /dev/null
+++ b/usr.sbin.dnsdist
@@ -0,0 +1,18 @@
+#include <tunables/global>
+
+/usr/sbin/dnsdist {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+
+  capability net_bind_service,
+  capability setgid,
+  capability setuid,
+
+  network tcp,
+  network udp,
+
+  /etc/dnsdist/* r,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include <local/usr.sbin.dnsdist>
+}