From a454fad660298645324a7516e039c5d29327b61621df1a2ac019a31f4408c18f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Wed, 18 Dec 2024 16:12:45 +0100
Subject: [PATCH] Sync from SUSE:SLFO:Main dnsdist revision
 a4f9580be918935cf026521b875200d6

---
 .gitattributes            |  23 ++
 _constraints              |   7 +
 dnsdist-1.9.7.tar.bz2     |   3 +
 dnsdist-1.9.7.tar.bz2.sig | Bin 0 -> 337 bytes
 dnsdist.changes           | 611 ++++++++++++++++++++++++++++++++++++++
 dnsdist.keyring           | 381 ++++++++++++++++++++++++
 dnsdist.lua               |  10 +
 dnsdist.spec              | 172 +++++++++++
 dnsdist.user              |   2 +
 local.usr.sbin.dnsdist    |   0
 series                    |   0
 usr.sbin.dnsdist          |  18 ++
 12 files changed, 1227 insertions(+)
 create mode 100644 .gitattributes
 create mode 100644 _constraints
 create mode 100644 dnsdist-1.9.7.tar.bz2
 create mode 100644 dnsdist-1.9.7.tar.bz2.sig
 create mode 100644 dnsdist.changes
 create mode 100644 dnsdist.keyring
 create mode 100644 dnsdist.lua
 create mode 100644 dnsdist.spec
 create mode 100644 dnsdist.user
 create mode 100644 local.usr.sbin.dnsdist
 create mode 100644 series
 create mode 100644 usr.sbin.dnsdist

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..9b03811
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
diff --git a/_constraints b/_constraints
new file mode 100644
index 0000000..11f2c7b
--- /dev/null
+++ b/_constraints
@@ -0,0 +1,7 @@
+<constraints>
+ <hardware>
+  <memory>
+    <size unit="M">8000</size>
+  </memory>
+ </hardware>
+</constraints>
diff --git a/dnsdist-1.9.7.tar.bz2 b/dnsdist-1.9.7.tar.bz2
new file mode 100644
index 0000000..1b3f390
--- /dev/null
+++ b/dnsdist-1.9.7.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:285111c2b7dff6bc8a2407106a51c365cc5bf5e6287fe459a29b396c74620332
+size 1594532
diff --git a/dnsdist-1.9.7.tar.bz2.sig b/dnsdist-1.9.7.tar.bz2.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..4ce59d047842f12d10fcbd23d5c52636d1c902704030619992bbb90007f78e4a
GIT binary patch
literal 337
zcmV-X0j~au0Zs$}0SW*(79j-IFbu29^l7`}lH~)U2<=ab^@K(R0%re~y&4>HWo>CL
zXJKP+XKrOcaBp{Ia%66EE@N+P0162Zq6qCziuHs>d}jy$Z)dKov>cl_!HWs(g@`TD
zzFOkBebQi7ktSc4SAMI0uZqgmwQD<<q_TRlRBbRzW{&G&E+wh?a58U4{^q7%FKYm|
zcr)$lLfoW0%3*f|Nlol>j}@$Y&iH@cDPx6ITT5#l$@3!?ipVj?(L<E@iEbpT>?J5w
z+@E1iSk(fxB5w+>U<T1uVtGRYy(-w8TgN%6f7Qi6x@stucSAakDaKEpiQnf;?g}KU
z>LYEIw3ej`6pI2EK;+ix6ZhU|<SZhak1%aF#$dw9XWg!CvwJaG&o(3k&U24WkuvyG
jL8J0U6aIjMi5Sgx6Oh4w1ZQ&_BL6qx5b*C7`nFpUUBjId

literal 0
HcmV?d00001

diff --git a/dnsdist.changes b/dnsdist.changes
new file mode 100644
index 0000000..4550d90
--- /dev/null
+++ b/dnsdist.changes
@@ -0,0 +1,611 @@
+-------------------------------------------------------------------
+Tue Nov  5 01:50:12 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.9.7:
+  https://dnsdist.org/changelog.html#change-1.9.7
+- drop powerdns-5_1_1-2_fix-build-with-boost-1_86_0.patch included
+  in update
+
+-------------------------------------------------------------------
+Sun Sep 29 19:53:59 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.9.6:
+  https://dnsdist.org/changelog.html#change-1.9.6
+  https://dnsdist.org/changelog.html#change-1.9.5
+- add powerdns-5_1_1-2_fix-build-with-boost-1_86_0.patch from Arch
+  linux to fix build with Boost 1.86
+- track series file for easier patching
+
+-------------------------------------------------------------------
+Mon May 13 15:36:16 UTC 2024 - Adam Majer <adam.majer@suse.de>
+
+- update to 1.9.4: (bsc#1224001, CVE-2024-25581)
+  * Fix “C++ One Definition Rule” warnings in XSK
+  * Fix DNS over plain HTTP broken by reloadAllCertificates()
+  * Fix a crash in incoming DoH with nghttp2
+  * Fix handling of XFR requests over DoH
+
+- changes since 1.9.0:
+  * Support “no server available” result from Lua FFI load-balancing policies
+  * Release incoming TCP connection right away on backend failure
+  * Use server preference algorithm for ALPN selection
+  * Fix a null-deref in incoming DNS over HTTPS with the nghttp2 provider
+  * Fix DNS over HTTP connections/queries counters with the nghttp2 provider
+  * Fix first IPv6 console connection being rejected
+  * Fix XSK-enabled check when reconnecting a backend
+  * Properly handle a failure of the first lazy health-check
+  * Also handle EHOSTUNREACH as a case for reconnecting the socket
+
+-------------------------------------------------------------------
+Fri Feb 16 15:04:56 UTC 2024 - Adam Majer <adam.majer@suse.de>
+
+- update to 1.9.0:
+  * Fall back to libcrypto for authenticated encryption
+  * Optimize the DoQ packet handling path
+  * DNSName: Correct len and offset types
+  * DNSName: Optimize parsing of uncompressed labels
+  * enable DNS-over-HTTPS via nghttp2 library usage
+  
+  For details, see
+  https://dnsdist.org/changelog.html#change-1.9.0
+
+-------------------------------------------------------------------
+Fri Feb  9 13:37:26 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Revert "provide user(dnsdist) and group(dnsdist)": the package
+  already uses sysusers-tools to create the user.
+- Actually install dnsdist.user as %{_sysusersdir}/dnsdist.conf.
+
+-------------------------------------------------------------------
+Fri Feb  9 12:41:00 UTC 2024 - Adam Majer <adam.majer@suse.de> - 1.8.3
+
+- update to 1.8.3
+  https://dnsdist.org/changelog.html#change-1.8.3
+  https://dnsdist.org/changelog.html#change-1.8.2
+
+-------------------------------------------------------------------
+Mon Feb  5 10:06:37 UTC 2024 - Marcus Meissner <meissner@suse.com>
+
+- provide user(dnsdist) and group(dnsdist)
+
+-------------------------------------------------------------------
+Mon Oct 30 16:44:24 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- BuildRequire pkgconfig(systemd): configure checks for the
+  presence of systemctl, which is being pulled in like this.
+
+-------------------------------------------------------------------
+Fri Sep  8 12:11:34 UTC 2023 - Adam Majer <adam.majer@suse.de> - 1.8.1
+
+- update to 1.8.1
+  bug fix release. For details, see
+  https://dnsdist.org/changelog.html#change-1.8.1
+
+-------------------------------------------------------------------
+Thu Mar 30 13:37:37 UTC 2023 - Adam Majer <adam.majer@suse.de> - 1.8.0
+
+- update to 1.8.0
+  https://dnsdist.org/changelog.html#change-1.8.0
+- Implements dnsdist in SLE15 (jsc#PED-3402)
+
+-------------------------------------------------------------------
+Wed Mar 22 13:40:08 UTC 2023 - Adam Majer <adam.majer@suse.de> - 1.8.0~rc3
+
+- update to 1.8.0~rc3
+  https://dnsdist.org/changelog.html#change-1.8.0-rc3
+- dnsdist.lua sample config -- comment google's DNS servers. Valid
+  downstream DNS resolver configuration should be chosen by the admin
+
+-------------------------------------------------------------------
+Thu Mar  9 11:33:45 UTC 2023 - Adam Majer <adam.majer@suse.de> - 1.8.0~rc2
+
+- update to 1.8.0~rc2
+  https://dnsdist.org/changelog.html#change-1.8.0-rc2
+- no_doh_protobuf.patch, f44a8a8f19aff191fb1dc0631e37ec30ff087c25.patch
+  upstreamed and removed
+
+-------------------------------------------------------------------
+Mon Feb 27 09:20:22 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- update to 1.8.0~rc1
+  https://dnsdist.org/changelog.html#change-1.8.0-rc1
+- no_doh_protobuf.patch: fix compilation when no DoH enabled
+- f44a8a8f19aff191fb1dc0631e37ec30ff087c25.patch: fixes compiler
+  feature detection
+
+-------------------------------------------------------------------
+Fri Feb 24 16:26:04 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Refresh keyring: redownload
+  https://dnsdist.org/_static/dnsdist-keyblock.asc as
+  dnsdist.keyring.
+
+-------------------------------------------------------------------
+Mon Feb 20 13:22:22 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- Use sysusers* macros to generate and install daemon user
+
+-------------------------------------------------------------------
+Fri Feb 10 12:02:43 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- Remove some build dependencies, like GNUTLS
+- Remove DoH since it requires another http server that is not
+  even in Factory. It's enabled by project config
+- Build on 32bit arches by using 64bit time_t there
+
+-------------------------------------------------------------------
+Wed Nov  2 15:13:30 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.7.3
+  https://dnsdist.org/changelog.html#change-1.7.3
+  https://blog.powerdns.com/2022/11/02/dnsdist-1-7-3-released/
+
+-------------------------------------------------------------------
+Fri Jun 17 11:46:44 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.7.2
+  https://dnsdist.org/changelog.html#change-1.7.2
+  https://blog.powerdns.com/2022/06/14/dnsdist-1-7-2-released/
+
+-------------------------------------------------------------------
+Mon Apr 25 11:21:05 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.7.1
+  https://dnsdist.org/changelog.html#change-1.7.1
+  https://blog.powerdns.com/2022/04/25/dnsdist-1-7-1-released/
+
+-------------------------------------------------------------------
+Mon Jan 17 16:52:52 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
+
+- make re2 conditional again to fix build on sle15
+
+-------------------------------------------------------------------
+Mon Jan 17 16:20:42 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
+
+- exclude all 32bit architectures as dnsdist wants to run on
+  systems where time_t is larger than 4 bytes
+
+-------------------------------------------------------------------
+Mon Jan 17 16:17:28 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
+
+- cleanup all conditionals for pre 15.x distros 
+
+-------------------------------------------------------------------
+Mon Jan 17 15:58:38 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.7.0
+  https://dnsdist.org/changelog.html#change-1.7.0
+  https://blog.powerdns.com/2022/01/17/dnsdist-1-7-0-released/
+
+-------------------------------------------------------------------
+Wed Sep 15 09:45:15 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.6.1
+  https://dnsdist.org/changelog.html#change-1.6.0
+  https://dnsdist.org/changelog.html#change-1.6.1
+- drop dnsdist_bindir.patch
+  we didn't install and load the env file anyway
+
+-------------------------------------------------------------------
+Thu Oct  1 11:04:28 UTC 2020 - Adam Majer <adam.majer@suse.de>
+
+- update to 1.5.1
+  https://dnsdist.org/changelog.html#change-1.5.1
+
+-------------------------------------------------------------------
+Thu Jul 30 12:53:28 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- refresh patch dnsdist_bindir.patch:
+  user is now handled via service directly
+
+-------------------------------------------------------------------
+Thu Jul 30 12:50:17 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- update to 1.5.0
+  https://dnsdist.org/changelog.html#change-1.5.0
+  https://blog.powerdns.com/2020/07/30/dnsdist-1-5-0-released/
+
+-------------------------------------------------------------------
+Sun Apr  5 22:05:54 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- enable luajit on 15.1 and up 
+
+-------------------------------------------------------------------
+Sun Apr  5 21:31:27 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- add instantiated services to the systemd macros 
+
+-------------------------------------------------------------------
+Sun Apr  5 21:29:00 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- enable DNS over HTTP support on 15.1 and up
+
+-------------------------------------------------------------------
+Sun Apr  5 20:48:30 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- fix cmdline option for re2 
+
+-------------------------------------------------------------------
+Sun Apr  5 20:45:34 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- enable lmdb support on Tumbleweed 
+
+-------------------------------------------------------------------
+Thu Nov 21 09:20:44 UTC 2019 - Adam Majer <adam.majer@suse.de>
+
+- update to 1.4.0
+  https://dnsdist.org/changelog.html#change-1.4.0
+
+-------------------------------------------------------------------
+Fri Nov  1 06:37:06 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
+
+- add BuildRequires for doh build conditional
+- make sure we build with epf and dnstap
+- enable libcap support (new BR: libcap-devel)
+- for luajit support if we build with luajit build conditional
+- prepare lmdb support: fails atm as we do not ship the pkgconfig
+  files
+
+-------------------------------------------------------------------
+Wed Oct 30 16:03:23 UTC 2019 - Adam Majer <adam.majer@suse.de>
+
+- update to 1.4.0~rc5
+  https://dnsdist.org/changelog.html#change-1.4.0-rc5
+
+-------------------------------------------------------------------
+Fri Oct 25 12:50:24 UTC 2019 - Adam Majer <adam.majer@suse.de>
+
+- update to 1.4.0~rc4
+  https://dnsdist.org/changelog.html#change-1.4.0-rc4
+
+-------------------------------------------------------------------
+Fri Oct  4 15:56:51 UTC 2019 - Adam Majer <amajer@suse.com>
+
+- update to 1.4.0~rc3
+  https://dnsdist.org/changelog.html#change-1.4.0-rc3
+
+- break up long long in specfile configure to make them more
+  readable to regular humans
+
+-------------------------------------------------------------------
+Wed Aug 14 08:28:55 UTC 2019 - Adam Majer <adam.majer@suse.de>
+
+- update to 1.4.0~rc1
+  https://dnsdist.org/changelog.html#change-1.4.0-rc1
+
+- dont_return_garbage.patch: dropped, no longer needed
+- dnsdist_bindir.patch: refreshed
+
+-------------------------------------------------------------------
+Thu Nov  8 14:26:28 UTC 2018 - adam.majer@suse.de
+
+- update to 1.3.3
+   https://blog.powerdns.com/2018/11/08/dnsdist-1-3-3-released/
+
+  - Security fix: fixes a possible record smugging with a crafted
+    DNS query with trailing data (CVE-2018-14663, bsc#1114511)
+
+  - New Features
+    - Add consistent hash builtin policy
+    - Add EDNSOptionRule
+    - Add DSTPortRule
+    - Make getOutstanding usable from both lua and console
+    - Added :excludeRange and :includeRange methods to
+      DynBPFFilter class
+    - Add Prometheus stats support
+    - Name threads in the programs
+    - Support the NXDomain action with dynamic blocks
+    - Add security polling
+    - Add a PoolAvailableRule to easily add backup pools
+
+  - Improvements
+    - Get rid of some allocs/copies in DNS parsing
+    - Set a correct EDNS OPT RR for self-generated answers
+    - Fix a sign-comparison warning in isEDNSOptionInOPT()
+    - Add warning rates to DynBlockRulesGroup rules
+    - Add support for exporting a server id in protobuf
+    - dnsdist did not set TCP_NODELAY, causing needless latency
+    - Add a setting to control the number of stored sessions
+    - Wrap GnuTLS and OpenSSL pointers in smart pointers
+    - Add a ‘creationOrder’ field to rules
+    - Fix return-type detection with boost 1.69’s tribool
+    - Fix format string issue on 32bits ARM
+    - Wrap TCP connection objects in smart pointers
+    - Add the setConsoleOutputMaxMsgSize function
+    - Add the ability to update webserver credentials
+
+  - Bug Fixes
+    - Display dynblocks’ default action, None, as the global one
+    - Fix compilation when SO_REUSEPORT is not defined
+    - Release memory on DNS over TLS handshake failure
+    - Handle trailing data correctly when adding OPT or ECS info
+
+- dont_return_garbage.patch: return a value from function that
+  wants a return.
+
+-------------------------------------------------------------------
+Tue Jul 10 16:38:19 UTC 2018 - mrueckert@suse.de
+
+- Comment out the control socket statement and add a commented out
+  line for setKey as it is in the upstream configuration. The old
+  default configuration did not work anymore anyway and this makes
+  it clearer that you need both lines.
+
+-------------------------------------------------------------------
+Tue Jul 10 14:26:03 UTC 2018 - mrueckert@suse.de
+
+- update to 1.3.2
+  https://blog.powerdns.com/2018/07/10/dnsdist-1-3-2-released/
+
+   Breaking changes
+  ==================
+
+  After discussing with several users, we noticed that quite a lot
+  of them were not aware that enabling the dnsdist’s console
+  without a key, even restricted to the local host, could be a
+  security issue and allow privilege escalation by allowing an
+  unprivileged user to connect to the console and execute Lua code
+  as the dnsdist user. We therefore decided to refuse any
+  connection to the console until a key has been set, so please
+  check that you do set a key before upgrading if you use the
+  console.
+
+   New features
+  ==================
+
+  The DNS over TLS feature introduced in 1.3.0 was missing the
+  ability to support both an RSA and an ECDSA certificate at the
+  same time, and it was not possible to switch to a new certificate
+  without restarting dnsdist. This has now been fixed.
+
+  The packet cache has also been improved in this release, with the
+  addition of a negative TTL option to be able to specify how long
+  NODATA and NXDOMAIN answers should be cache, as well as a way to
+  dump the content of the cache. We also made the detection of ECS
+  collisions more robust, preventing two queries for the same name,
+  type and class but a different ECS subnet from colliding even if
+  they did hash to the same value.
+
+  This version gained the ability to insert dynamic rules that do
+  nothing, and do not stop the processing of subsequent rules,
+  which is very useful for testing purposes. The optimized
+  DynblockRulesGroup introduced in 1.3.0 also gained the ability to
+  whitelist and blacklist ranges from dynamic rules, for example to
+  prevent some clients from ever being blocked by a rate-limiting
+  rule.
+
+  Finally, we introduced the new SetECSAction directive to be able
+  to force the ECS value sent to a downstream server for some or
+  all queries.
+
+   Bug fixes
+  ===========
+
+  In addition to various documentation and cosmetics fixes, a few
+  annoying bugs have been fixed in this release:
+
+  - If the first connection attempt to a given backend failed,
+    dnsdist didn’t properly reconnect even when the backend became
+    available ;
+  - Dynamic blocks were sometimes created with the wrong duration ;
+  - The ability to iterate over the results of the Lua exceed*()
+    functions was broken in 1.3.0, preventing manual whitelisting
+    from Lua ;
+  - Some statistics were displayed with too many decimals in the
+    web interface ;
+  - A backend outstanding queries counter could become wrong if it
+    dropped a lot of queries for a while.
+
+-------------------------------------------------------------------
+Sun Apr  1 23:56:33 UTC 2018 - mrueckert@suse.de
+
+- enable dns over tls support: new BR for gnutls
+- enable dnstap support: new BR for libfstrm
+
+-------------------------------------------------------------------
+Sun Apr  1 23:40:36 UTC 2018 - mrueckert@suse.de
+
+- update to 1.3.0
+  https://blog.powerdns.com/2018/03/30/dnsdist-1-3-0-released/
+  - New Features
+    - Add an optional status parameter to Server:setAuto().
+      References: pull request 5625
+    - Add inClientStartup() function. References: pull request 6072
+    - Add tag-based routing of queries. References: pull request
+      6037
+    - Add experimental DNS-over-TLS support.  References: pull
+      request 6176, pull request 6177, pull request 6117, pull
+      request 6175, pull request 6189
+    - Add simple dnstap support (Justin Valentini, Chris
+      Hofstaedtler). References: pull request 5201, pull request
+      6170
+    - Add experimental XPF support based on
+      draft-bellis-dnsop-xpf-04. References: #5654, #5079, pull
+      request 6220, pull request 5594
+    - Add ERCodeRule() to match on extended RCodes (Chris
+      Hofstaedtler). References: pull request 6147
+    - Add TempFailureCacheTTLAction() (Chris Hofstaedtler).
+      References: pull request 6003
+    - Add DynBlockRulesGroup to improve processing speed of the
+      maintenance() function by reducing memory usage and not
+      walking the ringbuffers multiple times. References: pull
+      request 6391
+    - Add console ACL functions.  References: #4654, pull request
+      6399
+    - Allow adding EDNS Client Subnet information to a query before
+      looking in the cache. This allows serving ECS enabled answers
+      from the cache when all servers in a pool are down.
+      References: #6098, pull request 6400
+  - Improvements
+    - Add cache sharding, recvmmsg and CPU pinning support. With
+      these, the scalability of dnsdist is drastically improved.
+      References: #5202, #5859, pull request 5576, pull request
+      5860
+    - Add burst option to MaxQPSIPRule() (42wim).  References: pull
+      request 5970
+    - Add Pools, cacheHitResponseRules to the API.  References:
+      pull request 6022
+    - Add a class option to health checks.  References: #5748, pull
+      request 5929
+    - Add UUIDs to rules, this allows tracking rules through
+      modifications and moving them around.  References: pull
+      request 6030
+    - Apply ResponseRules to locally generated answers (Chris
+      Hofstaedtler).  References: #6182, pull request 6185
+    - Report LuaAction() and LuaResponseAction() failures in the
+      log and send SERVFAIL instead of not answering the query
+      (Chris Hofstaedtler).  References: pull request 6283
+    - Unify global statistics accounting (Chris Hofstaedtler).
+      References: pull request 6289
+    - Speed up the processing of large ring buffers. This change
+      will make dnsdist more scalable with a large number of
+      different clients.  References: pull request 6366, pull
+      request 6350
+    - Make custom addLuaAction() and addLuaResponseAction()
+      callback’s second return value optional.  References: #6346,
+      pull request 6363
+    - Add “server-up” metric count to Carbon Reporting (Lowell
+      Mower).  References: pull request 6327
+    - Add xchacha20 support for DNSCrypt.  References: pull request
+      6045, pull request 6382
+    - Scalability improvement: Add an option to use several source
+      ports towards a backend.  References: pull request 6317
+    - Add ‘?’ and ‘help’ for providing help() output on dnsdist -c
+      (Kirill Ponomarev, Chris Hofstaedtler).  References: #4845,
+      pull request 5866, pull request 6375
+    - Replace the Lua mutex with a rw lock to limit contention.
+      This improves the processing speed and parallelism of the
+      policies.  References: pull request 6190, pull request 6381
+    - Ensure dnsdist compiles on NetBSD (Tom Ivar Helbekkmo).
+      References: pull request 6146
+    - Also log eBPF dynamic blocks, as regular dynamic block
+      already are.  References: #5845, pull request 5845
+    - Ensure large numbers are shown correctly in the API.
+      References: #6211, pull request 6401
+    - Add option to showRules() to truncate the output length.
+      References: #5763, pull request 6402
+    - Fix several warnings reported by clang’s analyzer and
+      cppcheck, should lead to small performance increases.
+      References: pull request 6407
+  - Bug Fixes
+    - Handle SNMP alarms so we can reconnect to the master.
+      References: #5327, pull request 5328
+    - Fix signed/unsigned comparison warnings on ARM.  References:
+      #5489, pull request 5597
+    - Keep trying if the first connection to the remote logger
+      failed References: pull request 5770
+    - Fix escaping unusual DNS label octets in DNSName is off by
+      one (Kees Monshouwer). References: pull request 6018
+    - Avoid assertion errors in NewServer() (Chris Hofstaedtler).
+      References: pull request 6403
+  - Removals
+    - Remove the --daemon option from dnsdist. References: #6329,
+      pull request 6394
+
+-------------------------------------------------------------------
+Fri Feb 16 10:30:23 UTC 2018 - adam.majer@suse.de
+
+- fix user creation code
+- update to 1.2.1
+  * Make dnsdist dynamic truncate do right thing on TCP/IP.
+  * Add missing QPSAction.
+  * Don't create a Remote Logger in client mode.
+  * Keep the TCP connection open on cache hit, generated answers.
+  * Add the missing <sys/time.h> include to mplexer.hh for struct timeval.
+  * Sort the servers based on their 'order' after it has been set.
+  * Fix the outstanding counter when an exception is raised.
+  * Do not connect the snmpAgent from a dnsdist client.
+
+-------------------------------------------------------------------
+Mon Aug 21 16:29:41 UTC 2017 - mrueckert@suse.de
+
+- enable snmp support (new BR: net-snmp-devel)
+
+-------------------------------------------------------------------
+Mon Aug 21 16:15:43 UTC 2017 - mrueckert@suse.de
+
+- update to 1.2.0 (boo#1054799, boo#1054802)
+  This release also addresses two security issues of low severity,
+  CVE-2016-7069 and CVE-2017-7557. The first issue can lead to a
+  denial of service on 32-bit if a backend sends crafted answers,
+  and the second to an alteration of dnsdist’s ACL if the API is
+  enabled, writable and an authenticated user is tricked into
+  visiting a crafted website. More information can be found in our
+  security advisories 2017-01 and 2017-02.
+
+  - applying rules on cache hits
+  - addition of runtime changeable rules that matches IP address for a
+  - certain time: TimedIPSetRule
+  - SNMP support, exporting statistics and sending traps
+  - preventing the packet cache from ageing responses when deployed in
+  - front of authoritative servers
+  - TTL alteration capabilities
+  - consistent hash results over multiple deployments
+  - exporting CNAME records over protobuf
+  - tuning the size of the ringbuffers used to keep track of recent
+  - queries and responses
+  - various DNSCrypt-related fixes and improvements, including
+  - automatic key rotation
+
+  Users upgrading from a previous version should be aware that:
+
+  - the truncateTC option is now off by default, to follow the
+    principle of least astonishment
+  - the signature of the addLocal() and setLocal() functions has
+    been changed, to make it easier to add new parameters without
+    breaking existing configurations
+  - the packet cache does not cache answers without any TTL
+    anymore, to prevent them from being cached forever
+  - blockfilter has been removed, since it was completely redundant
+
+  This release also deprecates a number of functions, which will be
+  removed in 1.3.0. Those functions had the drawback of making
+  dnsdist’s configuration less consistent by hiding the fact that
+  each rule is composed of a selector and an action. They are still
+  supported in 1.2.0 but a warning is displayed whenever they are
+  used, and a replacement suggested.
+
+  https://dnsdist.org/changelog.html
+
+-------------------------------------------------------------------
+Sun Feb 19 18:39:54 UTC 2017 - mrueckert@suse.de
+
+- fix build on TW:
+  - no longer look for libsystemd-daemon
+- enable re2
+
+-------------------------------------------------------------------
+Fri Dec 30 01:43:23 UTC 2016 - mrueckert@suse.de
+
+- update to 1.1.0
+  dnsdist 1.1.0 has seen a significant amount of development,
+  mostly based on feedback from they many 1.0 deployments. The
+  majority of the new features have already been taken into
+  production by pre-release and beta users.
+
+  Highlights include:
+
+  - TeeAction: send responses to a second nameserver, but ignore
+    responses. Used to test new installations on existing traffic.
+    Also used by the Yeti rootserver project.
+  - Response rules which act on received responses
+  - AXFR/IXFR support, including filtering options
+  - Linux kernel based query type and query name filtering (eBPF),
+    for very high speed packet rejection. Includes counters and
+    statistics
+  - Query counting infrastructure (contributed by TransIP’s Reinier
+    Schoof)
+
+  For the many other new features, improvements and bug fixes,
+  please see the dnsdist website for the more complete changelog
+  and the current documentation.
+
+  http://dnsdist.org/changelog/#dnsdist-110
+  http://dnsdist.org/README/
+- refresh dnsdist_bindir.patch to apply cleanly again
+
+-------------------------------------------------------------------
+Mon Jul 11 15:32:09 UTC 2016 - mrueckert@suse.de
+
+- initial package (1.0.0)
+
diff --git a/dnsdist.keyring b/dnsdist.keyring
new file mode 100644
index 0000000..262f7c4
--- /dev/null
+++ b/dnsdist.keyring
@@ -0,0 +1,381 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: GPGTools - http://gpgtools.org
+
+mQINBE5fJpEBEADl7Epp8pxg5ENBY4KM7U/lrxRg33BPDJcZTxqnCLbNCdEOSO1T
+Ej3jWl1HEh236NlWLvHsXgrsKiB1jX037q62QKrp10trQMsM6QiEUjwmrGJxgxv2
+D/+U2PJPh6/ElFhx1PqGEC1Ih3pTpP1YINzfX6cQ9/e3nc64BcBTQqYA2/YIv4pH
+MYXZrPm398JZbPpT0ot9ggdLulUYSRJQ9dfNJbGpstMMfOkA2IFvfmKc5BT5Y/ZA
+ayF7xPBEGbBMLaZuT8q+x5S39ZyzxzCMSIJD7nYAh7qI0xiosfu8YyjXPN3x1OYX
+kdBKzYEk8ji9xgyNZ/9Hlsq3JhJzuGKuXKuC3GKf8BcNw0JH+/VWmq+3kd30a8dy
+GgCW+YJok+zyo51WWVLeJ//5tZ2/GvRhbIivA6Gp2cxQlwl9Ouj7SkBNRWvjBJUr
+N0NF1FxKo1Yq9OECq2KgLn3l2vURW+LUtdXDbZcn9GcYbGHIE0xdCGQSH/H+Dkgl
+T63rQIgBN2MTQ4lhun/5ABLq7s82BAtakhQ5S+3gD+LykCcvCxgHApV28yJJT3ZZ
++Qt6uNtHf2y6T4eJpiE+bWJpG3ujCwzQxu3x5L76jOgiRaj6HcwzT79LpjZMzhnK
+1sKhDAuJP2VNIYhAXn8UF+z54dmBRK58t8zQVop+BpJAE7QM/DFDp3uLhwARAQAB
+tC1QZXRlciB2YW4gRGlqayA8cGV0ZXIudmFuLmRpamtAbmV0aGVybGFicy5ubD6J
+AjgEEwECACIFAk5fJpECGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJENz1
+E/p+7RnzoQQQAJjEVUbLcBd4blXL6EW3VMqIMFbxBt4CiHRjsSo02+rUMWLOqZBE
+Rfynv0oufhrW3AqTO0OMoqPLWjWFNeOHOdKieBJdcXHDJPO8qRUpbcYh5CXr54X0
+9d5WZU8sGipnd8wxO68J8g+5vux3xscEaZTwWZTwyelWA77OxJm6WlPPxJ+lTyIu
+hVC3KoBUWRwfNrxE/ij/0tkVFoIXvczbAQqB6+nApHZvtoR4Wys4bzmCWuo9PUj0
+r3+eyjsWEB0A4Ya1bwaJOchubi/Gq99wfp71zJC8FcSMWmoGPRnpg6oLpkxC8Yre
+V/16DUgiMnxUPyJAEpb+AH0MMudmp6tnUaWBs/hWnpyWPXqjt6wzs7X31X2oj93A
+NKjnSpglOgUEBKk4GTyOuBo3S+kyXD9WW977kyKVtUQf3U5EHUR08UA/DuEJPGDn
+Ma9lujXM17h//iyixa0RhJXX+ZRKRwEAZqj6H8wNayF045JdwMJ6TIePuymV2lty
+G5E0M5l5SOc4fELNHJyHvjhi1Fb23lqBxNhvdm8+RtwtFz+QtFwihP/cEBMue5lc
+j5Bkvwx3NERJxoPi/Qe82mLZLaMCdlP++jzvSrsVrRWkyw+i08T0+Dp9/V5YoEUk
+hSfNp1w26FtrFVqC4XpVxtjda32Ipw3aygpOqEkCxNsy3+C1buzr/QK9iEYEEBEC
+AAYFAlFruf0ACgkQHF7pkNLnFXVs5QCgta+8ZUOeL4v7TqkwxYndHlflBqsAniga
+MY0FMHCAkKc+MIubun0ww9QHiEYEExECAAYFAlITG0oACgkQ7JEU4tMwuvwvawCg
+n+/TsPo3BDq+mX/EfvKhFQEdCUIAn0KZVZwDN7mZTa49Amy/T5Ai6hIriQIcBBAB
+AgAGBQJSExvtAAoJEHcKmPCS30+Zo9wQAI+4GsOZCtV1jd8M88KIDl5b0Kh0ogK/
+pg6orYu0kyDF9W16p5qEn0sTZP2QP4+DyZWDfPTe1fxHlSac3KXMTqGtLKDq0xP0
+WIoqjhSnMRmvhmODNxnODueSL7Jmg8cvXKvj7FEYaI+mqgChyikX9JSJdTWiMuQM
+OC6adGr2EL77e6e3jAaI31OtCTbam+EAJFwxpYSlBMop+SemBbeokHHRivEyg2hu
+O6o7m4SprxkvZZWmiT7DmdIGhaPt5CHoDbUdUbj8ni2EdSZnYJcCUpPHJqF1FUkw
+sc8NDH6tiAo7cHsjkrDAx5Waetnt9mRkMkG0tUgnULcChcx6NJiG3lhIWNDnj9ML
+zhA7kDaktvtEwCyuQA8iyWWfOgIABofYJk3zbPG63N1XhWyZ/ic3IbmnWWrEaK2x
+YDABvTN6s8nOgex0D+kArhsPE+RMWPzF9F+2YgrbP7R68ek2+/4SdQNifUloMDJJ
+A38nmxkM0SsLNgbIWLaltw3GwT/0LQ7sTtcLLMhl7bkgyYLmmII8MxXPQhvr1oXX
+17t6fwJLiQjokO0CVw20CT6QeFo4P+pgoYkSPn7tFtfkB3sgZhea3Lr545NDpK5V
+j/0WxMOYhqEUmgCRjyzmczklyoXPMFD7rX5LxEENXUnxkGGkKFB6OIMq7zrheBsc
+B0/wcZcO05pFiEYEEBECAAYFAlII5FkACgkQahHbMDrZuj6xHACfWTyc9fNJJybm
+0E8tJmVmQFjuyTwAoJXupHi40ejoB7Wzv9ikitJXXpcAiQIiBBEBAgAMBQJUYG5b
+BYMDwmcAAAoJEAYchHN7TRAcCKQP/1/nQjNDuVPHxe/ukv3v+EMwenhCq0Sq/kCa
+e9MDMU3pdu0ZYdXmdKbWdyJi/sqmdAaRttYcJDxzO7seC3auTdSCZGs5ENFszgEq
+OPIyYFJHuSCnHz9W1+ZIKKCE8O32KllAltSJBN4AgtKLgDVlQzHVbszUJrzJhvxf
+ArTuAeY13zTWq4yRAWX3VhM/z6mHC4jt4csk7mwgGoEthJ6/evUE3zh2uQX8EeQK
+QXFGn8URk52tZLuUq7s1tAeiABwgkCo9vtEcHHIYXyk6tCFY9R9fA2doqRXpFXTi
+ituk5QkT9EJSDSeBrB6NvgXaJLHWoqp//+0pKpOWm0LYP2SHm2MY4FyTv8YB+aQC
+j1FgzeJU17SE4h31isliTB1qieasa4v4BvHqJpmpD5k9P8L9dsMIMVc6KVhkvhc9
+bmEbKVbf77U83O0YAwQxuImIjFvmZMTDZEk0vepm3VL1ZG3FCrERrmcek/NVD755
+YNtVEN9rvG0LFGm2Gbs9+AWtfjmhhVrOHNYrsSfiuykSnzKf20dHBegB7AZMdxv5
+CCJ1uIw4Wv9Km4jaR5NUwOjEccn8fHwoRC4SxWj7FWbl5j48RTM0eZansWMjkE4O
+UKOx5LRexfiyUFQ+4/w5+Z7afTr4v8yhs84bld4eDt9D8S/Ynj3CPItWsO56Kwei
+uzBVkVaLiQIcBBABAgAGBQJVB+GXAAoJEF5QcVvy/+GnMCIQAITJ/73QIgrsUFh6
+fWGfKMOgY8f2JUfwe5g/vSO2BQPScSgTjoKdpy4DCILI3WzSZ2xzxOlS0SMj8hoD
+IwQxSydYuZhIfAmlUmaT0Q5p6Zaef7/+pFRVkas9CA4NE4V3ZCEhQjVvEI8bXabd
+ld452PE2Fahi6m58JEFwFnU84sIIsQJCiFFFFj7OxNGGMK63vZFxgE9dhW1kpMGB
+fxdKLFyglEpll2qGbCp13shFLeZSCg5WJ/pC6R2t0K5tW2XAHz7TRj94dnFTVD8D
+MlydrBrxYh7DMVaeFLDgepxtT5n8yW/RLThHAvg7Qyvie/l5bt8Ukk12ISPv7sY9
+bYdM0wHWj0913RKbK5Ic22LM3RK3My/yXeKMI0u8PTUuCppIiCRhqNjFr23Xsaix
+OYRDSsvo6ca70oCUzyVMJs1nmknFoimw9yRhT4bUN5yS30E9jqhgNb06cXUcCM/r
+PYvVqe2/OoUMYBHjRHqn64uHzvtnnrJKAGUk0EqTdqyRCfWzo3+mClCzeyes2P0z
+zGYzwZ/fo+fIVcT552wWCbJa7KW7XcW7CTzWgAucupK7tm9jOezvd2Zt68lROAVR
+L1F+P2HUQvzLcXVaSqOIHkiySMAKfVEBfwA6y2oBjUkBv0oKuSV8xk+cq3B3sxDQ
+ra4Vw2MjyyiCrw+piIntgqnSrzTviQI5BBMBCgAjFiEEt+XF44bdUAOtVxPgrImY
+jct//fEFAlnd4lsFgweGH4AACgkQrImYjct//fHjpg/+LN+cdoeASfejFq+mU6r8
++WV31ZaZyWpr6S8tH3G3YvPdASkMl1/B5FIEnSpFHIc/JaZp1AU7a2YvhTRgK4vG
+YXZTltKKWShxE5oQ+5Ep70rU9dVlbBMzZau3Z3GKwITSemSyd3qmZSnD6w5UFGEG
+LXT24F6h/yL9EArNbUmfLRptuq07+UI7Hr1qnwBe4ymGvFngJMg590dNnjouDsLS
+MKvH2sMVACdz5N/fy4t63APhKGweluLO8FxAtEd42Dj0wSXDGwoW96eIG2mJsdgG
+Fr6Uhgk3KQnqXEUtJfCOQhaNOiz/b5uhgQ9/kxrhlgk5fgi+ztYUCY9UpXGhVRuv
+d0rmmUpaAGlPSH+Yd1QZexcIkCmKbsNM9yNndx3DuZmAeVIvapA1AsflksGHwi6l
+/U/3QJ7TVO1IZbsiDyoqZyo63RpuP8jsy50r6L2xj+j/ZLKCHH58/w8o+qw6f6A/
+xxdpRYU+P2lpsHRPPDTuTkI5+IOVzibjqMILT5NeYEytmcHpXqrHYN+0TXLY/vSW
+NRiDojU0A2HlEcHFWu6PO+jbYGxDx9jiAtwW0O8UExQTIYoP/pGg8WZKEclG70W6
+nxhnBhwDPrvma4uVmMsH4T9XVaXX+STv26s71qtsouxRHUfyBaN0GYQDs/SELVsg
+gZslolTci4yTHmb0BhVET0GJATMEEgEIAB0WIQRWlObIM8rVEjhhucmZAzeH8Ry7
+VAUCW8c1sAAKCRCZAzeH8Ry7VKTzB/4k5/tlyCypnSy1Xnb657rDbUnSk4TGQD5A
+itDFviXzt3hLW+YjHQUwUBSsi/Pp/w9EoVHd25Y1l7P6ZUlV3NT1iKRH6UAFP0p3
+k9sbFN28+IoS59vl+2DpwHy6DDwj6FV8Cd3UDKeoW+6PuMVPnJlADJYFM9rUhri3
+1YxnG9fHMkGwZGNd7Ye+whhIdI+KgPkmK1or3c1eTFWoHMVauAdg01iXz/F6CbUr
+VoT527GRqMAR6KTkQQ0Ch8elwTtp/5girRH4a64Xbq2pOI88sAASjgfty0JvN8u6
+BQrx1xK/l0D06C5rr/ArYOgx6jsmDtCgfB2R0wH4doqHoe9WFq3fiF0EExECAB0W
+IQS7gq9g2+DPgdGGuTBQKbfQFEC55AUCW8M8TQAKCRBQKbfQFEC55K30AJ4+nUlC
+r+BbW2dM811xEz/xlo7OtgCgwhqe4gO3yudXTqqwW4fsPyj26tyJAjMEEwEKAB0W
+IQRhPku5L/nxcvrPC4LuEaJYliHpkQUCW8M6HwAKCRDuEaJYliHpkUIyD/9oYYzO
+KCbxFDWJWAZo0x2YNdDdf5zZed0uxn7jljURqzCiWIFgXGQLjgsLGxXJbYnKhkmX
+fggk3KY2sno4VS7ms7jqB5kMN/kxU/PiZbrzSCdWtjhMFxufgq2oft42tR3ukW2m
+mAH1lj8vhY0Tq/jXSHuZ1TJoyQdaZlSAKFehzrZNadhIYl/a5sW9XSVLgV5Ic/RL
+r2aeL21OJ0cdnU2hw3sK98fTwvU/RmEGSSJPBu6h5hUMxjR/qTBLEMvVbEaT5QuD
+vGAfampY9pmawqHA7ykUWwTEiBPjgjjNiQ5Znfag91jQNKs3wRH03xf3jH1AOSxI
+LJMmhnzXwuyy9/YX7fC76KyFAfeDU3fVfX165wQDuu66zSn3zJxGxa/FwNr1aI/5
+DhDSXu2lqg3oJx6DiiCPOVgCur6XGJsE4EmHtbuIq0fb0KJHcGXFcsg81cM2/mBN
+R3Gewk6+C3OJlPe73Eq7WB1JghKo92bKfbc50+E9qr0sfZvoiQ28/bpfbCGEqCkB
+sucpWgH0u+xfdPSs473H8YxY73HLHaBiBFlPb5OD22c7ff9rUPIxz1/G/HRvmJDk
+w4aS5PqPwFU6OwReYU6K4lqdFQscr3+VPPxF+eeACKnCciLbAOuvVMC2nGd1nXIx
+6w3ISNKaBofmf3SvJgtvWfgFLifZx3ADB6uv6YkCMwQTAQgAHRYhBJlv1LkSXQzr
+4yYeHBXgoyUMySoFBQJbwzcNAAoJEBXgoyUMySoFJDAP/AgmhccU+8gn5Rgv+f7t
+zjvNaI4mpQM07/gUTPPJCYg+yy+xe7V+OtJedjuSFd+IMKym+iXKLXDD+SA2bqt7
+RcQN/tsbKMTy7k2KraFbbtv3fLGekwgtKcYbyHHYwmOfqYTup+dr/XEYMugAjKP5
+ga6FG3E0aP4B69FBVfOeG/D+z/6VtAqbbsvvNeDBicqL/MGyHnMl31CXUZmcT2J9
+gXXNsLEVWfUdh/uabEo+QoI/ZkqbBQ+6mLKxWgnZ/K5H3OUr7mbiKyKG2+6qfY8Z
+XOCNlekuK0DTdKSaQvmnbqJiE0BFJqucZN6IaEWPaFwocgzH+GteQh6h7iW8hQeq
+2z4Kc7/qW4cOoSdVGc73EZvDWvqoYgBO8MKC9xCFy4fFHnqwbkxkKTS5hTkaluOb
+HSCu19Atn1CcNBzoSO/LnagUQVDMBGmxN6A1mU+lwJnpPOpdlLKv669IrTaGLh6W
+w5KOQwXtM3/PMC2ngM+0640yIP9zVPrUBWxuXC5UHhBppIITwSg0wWBnTu2FF+F9
+SdS7daQ7zG6azEle6qi4XBklvzfnW4YDlc7/grwD0kgRSj2RtnPCMuMZLwlvBNu7
+NAwHHr4ktIw6FcHqvpFT2r+eHcMOiA5WL23nrX2yzD4xj6R+65XBryBh/P+y198S
+I8KKX/St5S7Y71xCgF7GfHDdiQIzBBIBCAAdFiEEt2zUZxwJaLqofeYcXlBxW/L/
+4acFAlvDMxQACgkQXlBxW/L/4aeeBA/5AfHGXU9mrdfpofDigMMvojXoyMBJNIyQ
+MZ7Tw/j64XmC5JOsNbbWJ0wJDWgVj8tI27rc0hYHxKBRo4v5nmLjcbG3Zg1/7g/w
+ukgGhFC1DevsgRKBbMJiF1oiAzp3Mn8smNAqDFE37W1qvhJrHP35py7ycNIpRc5w
+jEiCJwSqLAxXMzWu8fpg3rFatQXi/8VH90TjoAaEXkJ1eCXFoKOacZMwWi/v93Ax
+u4ePlci8YDyZ7EKXoLUuLZeSafFLGcWQGATbTvau6ATQ2EEA6jjgIosXHRUaJKXM
+FC21OQIzs6CejrmCBEovr43JIju0AH7vFqBoQck0B0Lt2g+xW+nSnSJrEOERY3p+
+O0g5q+rl74+G4J4xExqVH/jSdOKP+eknckKLBHLozarOrBJ8y/rN1hUoqLMBQZgr
+g8NdPaIALe+Fub1SW/mVY5xQ5tX6CgaSDGl1UWWpG0NbWU2r/l48FlFZnYeUPmZv
+exXasS53pJ1zXfrnAA1sEGd8KJVu54B56EoLBoVk0pmmtkMpxG2DynlEfRdllZo2
+oLfn9DhcPr2/OJTnTMkNwO12cFEGfS0GAKE7aHrNSydgwysKf+N1mueSbHVCcq5D
+yiuA7gepEmB+bWKqhZPEqBamOSnU6vRszbuy4FQnwI4jQlPYQkTrIPi0CIJnTX2o
+SCllVj6HQhiJAjMEEgEIAB0WIQRzP5dju4GBm7I373Kz6hjuXm3eIwUCW8MyagAK
+CRCz6hjuXm3eIwdMD/9GJJDPKVPacmPIe0eqBTZjvr5mil5iCeb2v1yMacdHTK8p
+JDV6kT7gy+YKsrgF+l59+yy1ELgrcWjWR1HewChr12MnfMVWVLCS5wlJw8YEY5F2
+BjGdaqFIeZyJmmYwQ3PjJ5jZ3AKTS8qSFUTE86hdwFS1NXYaQJrBMieyN+f39PSF
+JtiQ4In+wUhJbCFJkI9l2ZekBTYsd+7saY+E/dxjYL7ayyteJuI5+H99430L50LK
++vWdzSMF8PQGK+gUHROJWrWVsG535iOLVDK9uQWJaBooPpHj334/K9Z3M9YJOFI1
+TfU4ts7VEUBEDG1Q731OpXzJKZrHJ3AVuVDsw+sgTIijXo8oRf7vaU5Z/MN23BBF
+9slvsY4t7M06G0Afvir0gXcbJvPKuCdyq98JOIp5GoJ3tFaOtyUzknucTaND+wy6
+c5wymaUZNc2vcJqYVYrhtI7ZZ1Nye31G2gZvK0yORrormIaGZ3Ah1knJUs5wcNcc
+WgIQF/IQe8r0ZCt0eOJhvbC78VcaC4bhxOx3qYTsT6N6cNpXCdKeOdviNVNVAGTV
+oUyXhFxCMXENNX0zqgMxXYylV/sNT8+jZJ3goMw99kFVYElVe1apbbHZQ1Upl8+b
+ofX0AT7iG1DAulnAO5lnGLltkg/xnvwceWqj8cm/S+l/ki8Xx9jxzXNTlFEWMIkC
+HAQQAQgABgUCW8WxhQAKCRBq9U117gNVoEPUD/9xNvqOZO+knOTIO1gwrldPJfG3
+sarISY/QHw0hu95zm7RvPbvB3USNCFs/34c9NR6qohuEjuXd3yo0BVAUzq9ACSwb
+ocwuRGHOw7dfH8jxQOjLfMsls8Qh6UeVYTXCU1DrDO82yiUbhdCyJZN3UKDsUFAL
+bmEfCeOvTITXSglvKTl49jvbIqlOsBAtVllfStnnv9/DaZrAfh3/aC0DZ4up2Kvg
+DKc5h7fRMtm7fYJJhgdIYkzaKoBxOUKLgcJcuE9wclj76wxQXaVemVoJreZ0qxdF
+9P6vttkXdc7j1yzJwIQgSEUOcy5BhMsh15qff/eMYxj6gASmMQKQurxaKNyfd9Av
+pSmLSL0mi8AzfRdKAax6gwparkKKTQq9g9xZxY4GR2XKYhbPflMc8BLQKB0yHpr3
++798/Wk01z4ahXlp7K6oK1xt8Lw459mKDbI5R1Gc77Ica6/bs5gBDg7963K9PkuP
+VmvgLkbL/W5LXYBXCGF3B+vJwVwgI7b1wtqeQl7CM47AUoTuJE772fD4deK4gSEO
+3c2EJPtTLOXBFswCO1ft9XQ2V9aHGkW5cMX5Mw+so7HYz8wtflza5VcZrhKDx/R9
+XQEHyPb8pYQdZOBAYg0nZpT3/Qp60wujwLBP2vVZ2Ck8daqGWVINsYzAlBazBgdS
+I/8mTAQkR107EE2iurQsUGV0ZXIgdmFuIERpamsgPHBldGVyLnZhbi5kaWprQHBv
+d2VyZG5zLmNvbT6JAjgEEwECACIFAlTKH88CGwMGCwkIBwMCBhUIAgkKCwQWAgMB
+Ah4BAheAAAoJENz1E/p+7Rnzo4YP/jbQIh/QFRk5m6XTRzclq5j8YDuVyrXy2fuI
+M+g9UKRcBTv2Dy/YjfEYc7GSQnrLSOrT/b7gT75LuzXdSBX7mZVJoNuoH7VE0FJk
+THf5TJtuuFjmD17tdoPPj75FMF38qAHHd9pzqUjJKYhcpkTfBrU8yJuKjoFgNvpn
+RVjJdMU0rir+tDIjSLMxCg/NFMQ0tm0o9XL9lQcQxcJpa8zxGv6M8QCPbfQsWPC7
++grBH6+ch0ljpFf5qkqPuDnoHTY4kUaHjKNP21ATrZGUspI9jjUlQZ9aCDmELRaK
+1IbUcmRSySIjtdbM54EQ6kWDrJZjDC7mdpPv2/yuBPY7yb8+8rfmNwTzrI0bVfbT
++6EiiaUzeNz0502yjDNkaVUzd2z7X4WdfokLm5NMth9l2ijpyl+sBHY2ljqAUekk
+c1c0s/HYDqr5HwYQP2yXIcFh58nJJO22SVzLM2n55CWc1v3lXrqKVIJMlnjB6epZ
+4KcKUqgj159dM5t2wWDUjhXQgl9kLN4QfHy4vDkBr/abopGZr3SMC9Y1j9RhJJD/
+eMRU7b+MKoAcpMko0zAbPcxAzjhqtsdp3VCWblKaGOwBwbc5jK38Lrh8MhR301aW
+pRN+kun+w/FAOt9bzvwRnA4/ucZwIYUwYohW8KKzYwH2bOP23ympuL+a2G/q4s/j
+iWFWtJvSiQIcBBABAgAGBQJVB+GXAAoJEF5QcVvy/+GnalsP/1hpf68ZnxklO1dv
+CZsxDplcL5qdYvKA/GTp3cNMV91tI7BgcfRFJqrKaEnziVXKmhQ/u1nFEEvmka8E
+TmLuJlVMCP3L6ZX3kQp4z9tH+TgRhCLqcCBpJEoWc38GSKZ9lEUGJXSjH/dPEGMh
+kVQbs/7ROBj/wLyMinPYa3Uy4LonrAj4ORQPuYVOPNBLP8dMhBy2eBxOriUW9mI/
+ylwEO3+SDy78BOUmKH0s9+LHJmjtgi6duPvuMuiaQqRKGw0VAQM84haxCi2MhicV
+vdgrW+AhASkJlkT0SUATD/rJ9chXKo/ODxmI/VQ4QNAnDv8BWF9vW6JH9RLbI97z
+HF76xVpgOCIzpUIbWVu6f+Xv1tASja2Npw6KH9RtrlQ87O52x5btcyCHAh/7VjhT
+WvscQRtFF3ekaqaMEWMZx2fDlfOlnsrLPAaOJ7nu5/THM/CmO0giv4eOIh9GYG4V
+LH3Ym+lWJ65yIZPrjoXZ3i+zEow2xjz29Kg7x2pcQVY6NNptmOTllaPPe0JumoMC
+AByPxVWfhdcc8zZGih3WYgQ1inYiwgJLYmz1FFF/GljkaTkTvMVeQe8kt+K3C7dU
+rAHaJY/WbwtPFAdkWMs3ZM8XT3K3yp+sJTK5j3Ycm2hGonZfg3YM7SBOu2ILKV59
+0m+RJ/w0zizPk7ARbfxX/wOueLdLiQI5BBMBCgAjFiEEt+XF44bdUAOtVxPgrImY
+jct//fEFAlnd4lsFgweGH4AACgkQrImYjct//fGfrg/9GRfVANnlRc32mf9jsoIg
+X7AWkz8WPighTGWgHFDS68YIPlskOC4QoVvkCaaEhF66TweZ2vqXhNVvIrkduy6b
+ISXjTDX9tv5lcm3I6dmarJOWfPRWdj7fsVFxUjpsN39/RJ6RsGQqqPnny9hjmd5r
+hUY9ilfhM0hxGsoOCIqiyjfE9ckWtLbx/Ozd1oDaomWgMzriPO0R/TtHq+BbmW2v
+MG6wkDuSxQWCjt75441p2kM3J5veBjJird0sKysgWIHJOqAc4rKXRYFLHbm1qQqK
+58hHcKpwtW8nNQ4NNMgfSra1wTZ1Ownk2N/aG8bfZj1bBck25jGb5hn8Tfq7eBnX
+tcNWP7ByEj7UVt1YwYsOmSF4vR3n6keNfCIJ5ZdCGFtQnFCalU8j9XyuBpqO4pub
+BwOa/TmQI2yVePYlII3UDrDXckJNaARQKgXvBLjWMN+mRgD4BW4Zl7vppytGbWY1
+HbhU/1etnqk6bsrG6FPfuS/hxFlHc0XXqms2Gufp4gi7MQ+2Ipj3VS2KrflC/CrV
+Qj1E1zzbOLTuPpScd7gRVQ59cGhTxZ4ZVwrDhVhujlzRgzkVhB+CmXvOqLUNuBB1
+Vj0sypt3h/Y8LIIDlTNGgaXKEM9S/3Bz0/U1VldHEUqqZvTcn0fS5T/kCpl4nxOi
+UNTLP+/KFF+Nu6KR1U7MjauJATMEEgEIAB0WIQRWlObIM8rVEjhhucmZAzeH8Ry7
+VAUCW8c1rgAKCRCZAzeH8Ry7VHpwCACv4po8TfHnCti4qiRjhab6G1LZt0LuSX1X
+VF/4kqQN9iYSdMvkDWOLVTg9oy79QRCGQ7OF5wzU286LTfY9lOSyVDp8oB5t/hBC
+6LgM+F6EjFsTH5xznuYShDct60aJP2yvCUDujq8el+jyHW+iEL3is6+TwA95lYtA
+ZHq5rBkJe6mt9j0cds82j8JSq5VQE0Z7/4iihNeYeghlSeYLCT8EC+Lixbzl9fgf
+kMdQar+wlfqpSgy90Vafuft6m1WwFh03rOOB3FRnTnRCGCcYsRfXboZegkK7Xk02
+475g/RvZZe98Ik2sKUx4dbIQdPPJhJbG8ydOhrmDeR8BwGj5IUQwiF0EExECAB0W
+IQS7gq9g2+DPgdGGuTBQKbfQFEC55AUCW8M8SwAKCRBQKbfQFEC55A2yAKC8SLXp
+lcLRt58sCsJLITuNeW0edwCcD64dEB1q8Ch53IWH+Kn4IIVyvm2JAjMEEwEKAB0W
+IQRhPku5L/nxcvrPC4LuEaJYliHpkQUCW8M6HgAKCRDuEaJYliHpkam/D/49I0tp
+41dBMihn2iw1kLrmMSLXaRe5aX+hMg07V9hpL3fmT83jSi4XpA99KaphONRfqrEX
+jl4o4rj5H44rLWZ9c4JBRtugfYgDhoRRsJa372fEYXWLb/dt7PBR0u8ufRllnKhf
+dNwPFlumtUREiqqnft4hbpNz+C1cpjqYSCx86s0xmAQj5r7VOV/9H8XUvB3/Q7wu
+1sR3w8Em0VbKV4wmic5VM5h6VuWUb84pGbc79g9uiu92aODvR1hTWceh3BDuzmQ9
+JqG+isfTsIb/pTELJzP5ABpgYbpC6pdRrbOj7CSxBS+VVDYU2zls4lcaexPlpg4c
+zNdnFvss+KnL8j8U9OS5IlmGBR8VJRYHrni9/ZpPgwu5SyX9M56E+cQ25wokN8fM
+H6dGndZ/o4IVprfAxXCwglnx5d5uaPTHmsbSD6sR2WcZg3s0I/ylFuuXfcacF3wH
+AJaCjaY/CPf3opTbY3dY98/sWtSqpK2Ao1HHWmQkZJhIHmVuOHh4lNGI0h1KYkj/
+r8WbMdwJC6vT0Jbpy6fHbFH+EQimmjcqdiG2g2OCs2MU5f/xQvEoZIaCAfjDjTYY
+lLd3cTH53/aMffN0kBDGvKqMTimEa0Mf16zfH6em6vAVGEidsQJ94jcz9EfM/Tge
+fymh7rqq6ISJE6sq0GB/nLtbgsbr3UP88Ggvc4kCMwQTAQgAHRYhBJlv1LkSXQzr
+4yYeHBXgoyUMySoFBQJbwzcMAAoJEBXgoyUMySoF26AQAK9g7a8k91pYS4yYnWdK
+kSLLl/b3vBnukRr45dqU2qxoxFeHGcGIhOaE5xnSMWx5ra1zqGPbYoOost/mq7MJ
+KaOwjXJUoj+KXdeMs5eKJvR4KHSfQbBJ7BoUjjBNdEBj41offE5GhObBWAn6ASHT
+KgTBAX6Lt+N/D0BlBpll34THnAyvXblrmDPUCcL0pvw5Yt00uYV/HYS86OF2zj5W
++JdgzJFYoNKuwDYwMb39KM0C3/mnb5S+cFSvLCs+qVKCVzdt7tbGO8zQu4dgA/XH
+iNfourxxNLgSZLXgwtOOLq/RYkbCwRIGoCYv3HOGGfWT04cg7O4F0wUYf+82MmrT
+lqd3Z7JeM3jBEU/JCJbqN2pqNacBNxeNhM+dKSj8DKFjHm0ItWZOacEaSNczeIae
+hpjq5P+D7wXf+JMDkrnYwoU5bgpwx1xrJQvVVgiByQvfTFGCaaNFIGG6n2UX9c2B
+EzyxfHM7dMsWYWiJYRygvdEDM65lQ2dhWW7oO2B4y5FvuqNWHm2qBYgy1XKGDeBx
+QpjCzDPMvNHd1YDg91bIraB9f1+1EiHbMJofJP0Uds0zr1Zd4KBZAO+CC/UNvTri
+Vk8JKjevrPjMZPvzCXLpUYPCw9MxD6ZfkbUDPxOL+sX/856BjMlB+J0JdVgBkP9k
+JOqARqmvX4v87D10HGpvn2xviQEzBBIBCAAdFiEEqEV7iIacLNgYR70IuAd10BL0
+SI8FAlvDM7kACgkQuAd10BL0SI8KkQf/bz/RW0uLGuckqpthhXM4EGv2uDp9cbZE
+eoBUf+xK/5vRyBZVeRIM6jhGv+zjhVr6/y+OmJoDRfJnzt8Az+HNvoIW6Tu34BPj
+nmg7VWDb3OosD2nyi4Pkn8mmJWQrnxQiKYWVo6l3zgAT0s4dmrUDGSTUS932Q2yO
+p6CMrH2cmNOpulG97qtOJWf2NDiaunIsc8hD4V5QNS+C03Lg3oDrSP3z1CehjpvF
+nwyQnSmNJU1k1hILzSpBMGrilGZVdzprIIowOga4v61WNoWFpJkdYm5edfIy96kc
+HsXrKMlR+pjDdVexv3EzyK5FEMOQd6ygnV4+e22bvNyvrQ/AzneFS4kCMwQSAQgA
+HRYhBHM/l2O7gYGbsjfvcrPqGO5ebd4jBQJbwzJpAAoJELPqGO5ebd4j3l0P/1BS
+vkPLLbzhh/6TRvTTHZ4GSYbLXov37BCbUAHRhASewcv2ryENKIf3EDVk5BB5ZEug
+czU/shy2TqTA5Nb3JNRrEqgBGSn27OLmYFXHMzXRxREUsRAgG25xHQVEEj+/tk12
+angSjPek1e7KytNjdKh56cuhTDa9QUuADHL0wEZpcgHBOijFnB6YqFqXMiskjTjI
+o/gKoI+LQ4J2buAzq42bQiBsidUPMeB9e2vwq6ssBSo6axyDUQ4AAFK3X4uo2HFr
+J6Qt5uUjwSt/L01nFnNjQEDx5m9NlpXi2c5iS3Lm6+Kx2U5Pcvs/C8AvVklVJHUb
+BPyVfnIuggx02PX1iTG6Vo/l5I65swVVj1dojuSoiVMLSiFmR8zgLkPP/elubWt1
+z6exSSAeb4xPREKm1zqROcINVlYcPrB80kBOSww7ixS6O9gxRxhDuHbgapzjznJF
+Vnren+zNPqJ5yTMBwqUgZAEG9TXOFNHYQO1FBHPEbBI/ICO2kIcCtbXG+PQbAcB+
+lirRLchlZau0YQxC8LlT8Clc30W8ZjJ78jBY5tbN4ArQnZZqwEA5mOZ9lcHIbwbV
+ny5mRAoqnu463qpJThtDBvEm8Ej0mXayd2PZ8Fi0B4kg9M9aM7w4vAX4z83fOMcw
+EyPKYRkAkwoQ/yvxDfYqowhcOyMzAk4JPkdXeBndiQIzBBMBCAAdFiEEktPR7/7Q
+ieSQeRfBok0RNW6j3zkFAlvDLyMACgkQok0RNW6j3zmgaA/+O8tj/8a536he8yzJ
+OJmxIm2MAJeAJonCJYLUXawui6Dx43TgcbuqEE2DQ3ylhtAMdLwmkpqCZ+HV+sya
+8FkEMscNvJ2rnlCieMs5eEfvEkuAh2gqI/ZmNJyZUbxPo69/8BYxeR7Iqg1DuWJ/
+E7qHMd/oHocSyw+9YS1Qf82lHDges0fLwoSibAVhmw4GsEKIjZSvRi8Q2Ng62GN8
+nVAhgRHe4tJCaOE7B3naZJ2TcsDWaVoGEwD2DYwhi3BnjU7oFcg0leiA7+6Uh7x9
+uL/0wb2QmH50NvVo/57W+sqRFbqDoTl0deSZIpaA5KjNpAy/rApvIYi5mP6LIqCT
+FJiz94rcWgtm9Rx6m4MjGbMGMkVm05tp52V4VQ7Meck4L2w0X77P/TAZ1AIlYKe3
+SojBpIMn8dxiN4E6GGsaA+eQn119ZX9jghz8gDA7PXb1iwkfawrnr8ajSHwcGVR5
+AYYaMuGTLFWYMHcN6ZnzNo8LCDKZuYk4BkvT+3wyvVGVemyc9wRo4c39XrtaXmms
+3+riWsE6LhK6rZLWnrAxX0NaT9XBKXqJLKJM+AbDOhLT1YbZSzgwxJl7zF6PT/hw
+er4/BxCFjX7sHgt49VeutlUmimM0OO58CMfEs4Q3UiLdUOpdATB/OUBtLGRQxj6m
+dVd+I5/ztbe4PzNXNIVS78Ty6xGJAhwEEAECAAYFAlvDZ+QACgkQV2ZtHcFUWHmt
+Vg/+LZSRMv57LtZm7dVBiaxh3URIDR37PkDlRdfPQb5cJr8j1JcBIjM0VFMsY6CZ
+X/zgZIc8mEXulwx9yXVc4E/OvM6qZ7drWq6DXSLpLEO7KJNG/PX72S8Nl+A12dxX
+NoiaSedVLZiA6kv8IoTXUC4zvmqaL9fIguilWCJCeK0AlTZlp0eBGw5TuuI4ffdm
+lfVO1MLJ5mgWZefRMMh017dKkZCjzEeVL1fMEPuhxFWiztOeVd+50La0pTeWmmWk
+o0op33e8NyjPOOYXfTML70Zr8vIcRe3g2nCq+3UU0YAO4raRyH1f/uqV6lpg8Uqm
+7zmcotKiRJuf3ReH1NL1u4EFubdQE6oWVXcieB4Wu6K+wPgM7uBv6sr57xN55BZG
+iqdtGY4w4VMK0ElylVyY7DWUdvgPB4JmHAxLQz8K6tcMOW+SFpbM28R/ZCJiLkGL
+tDAXr1E4jZG0tuAklapWjFbp2Q583mMHwcvistrbbvjbMZWeUP9uz5oFBlvDyF0F
+k+4F+3rR23moW+SZpBNxAcSfu8uzHs0o0C90uKfdaZL5fKMjXZNoIdeRXNdCY8s4
+c2BbUrqRIn/qmtlINXrHpRXypBrC2eDkjRGuapOOJ6d36C8XvOoR74T/w9V8m7Sp
+nUzZuFJTJitfEgnAyA7S+ecP7UYyVUj/LT6/V0BcRFU/AjSJAhwEEAEIAAYFAlvF
+sYUACgkQavVNde4DVaBmmw/9FB4m/SEqakuytfTydAZu8WfVmZoQjIiP1xt8wQRg
+Ajf2zajeuO1+0ThR6EtzyQKJLNwfWMfCoLnMRNzdQ6+gplIhfvqQGsGjfOXYqITN
+mqq5Emt6/d+WVWF/uqexS6HTwq2Fh1FxJsKQoh3+W2/Vn+GHu1hxJau+TTh7OOUh
+gAyYk4e6z8XuFg8S0AnKsGbKtBCkMOfBjttapXZUUvGDyq+ZwDlY4EQPXjXaTMgW
+/al2FGIPAyTt8JgeouzpA1iDrtTc1gWs+MLpB0y0XhpXtj5ahK6CPROY3+52ptWi
+YN3iLjGtqnDBcqa7A8wKiNiYZ5Ke1bwm40/nlEIS7gRLeEDyTV+a0NshxxTKivKR
+WB7E63T123aO4tr8XfVcrTqtj5QVMNrI9e+JpUhI6/v5ZYpYQCafJagppbcSwQJH
+71v36M8UBUqQEuB4e5bvmx0SPz8cuzBX17HMIgC9nLDhuRKOp3q8vT2g/k/Yh1L2
+NBlyGveIbmKa5GudcbjWmK7+GeXn4lrl4lBznMqQjIm5sPj9qqd4vvLXONUL6FhQ
+USAL7+Ld78SxRWv2JLK/j7UkwN7f+srBRUgbEus3lzj6OExIHIBmUCCJUS0kCOSJ
+Ecp+qlanOFN890KzaAg4AIn55Wrif5y962T7NodvHn/63lnBoztJE+Fha2yy36n2
+FPi5Ag0ETl8mkQEQAM4WIsHIK/1+/39QZbh376iVXfc4NVdE3ID/Lozz9JDanjkp
+ScpikwugDwguVx+8JdO2tTyo6JTzpiZ+CoaxmjudJpUTT7fD5ONcAd1stpHKUQFw
+JczU6LSXpTQCpmhV5s13pwumxjymKRlotxLdr9+zxFl0e4VTFb5oj4Ik2wu6sehc
+It73AxM38C8smFRrRegPQL2Xnq9BE+WUF2yyY3TOVAK5TP2MbwQTkrTOiTYJZdNH
+NlvjIpZaxHKOLqytNXSmXn1k20nitmyssIzv0aEC1UdktWIL/gD1Z+SjrJQB7/y5
+6Dx7o6gr6J2MZZeo7a211TLdblejD6bMjGaH4CTnjzmkMtDC/2b+FUc3x3/GlQF4
+hWB4iaT4aCjiKOVNQgaQyAeRTsv1BUoqf8LDytW1/MdalLYElKS77t69HEQ9HSyt
+7QHU3sjAG6qgso8yWn8ebYCefm1lyZSP3BbvZ/UpoKuB+aGlXjteaXQhIRLRA1Tg
+ijiGA3Yw1dTcz2Cb42w4UNZw4r55yN60QDRBH4l1yrRPltdyAaX3qEg44U/Z7LU2
+YTDX+4JL1O4ZE+snDVsTPMpuZLvRFkxCLG1FTXZacZRXfzlFzw6YWhpnHUYORO3f
+Ghb+PKMKYEloTyLywjkVLHFbvaPts96dCxWyDrcMOqhgiLOLJo7qC+/Sq8k9ABEB
+AAGJAh8EGAECAAkFAk5fJpECGwwACgkQ3PUT+n7tGfNv1A//dYWV+vL1jiL+X4vR
+SCrDM8bBmt/cZfN5O0i3HYPMdSD9lVr9O+WYKJogxEXX1ofgEO74rwZxGw0crrMN
+8VM9SgMZ3jioGI15NF3INnA1r53GNGhJ4JVnz0KV2NKtshk7CtSxrjoR8qplwbMM
+ICVgTIERVP1enuOb3FEtbhI4rcy+2UTw3hwURBhIfUotVFO6SKu3ZLscItbiNxpT
+qTpL6AIp9UOrZjcqfCuFs8P+57uusAHcp6GYhhIhNIdXf64RQs7gtdLVW71z0diS
+xu3KFWlrXOx0rrm7RTAQn1VOLl4W5oBPvcF2ZVQvd84I74TMtpP0MRDFgLuK0HHF
+VyDff0vx76rubQgom6z8ajiIa6MfEmd7z9xhQT5PU0FApYY6H/kW7ao+f2h2IIjz
+/+QjHuYn0CqqcjkkLC76RAgQjHYO9NIpL9Gi9O+I2AFz8YjOK3hOpxMrF/LjPJtx
+BXGFEwP4ud+hzDMjwaa7PklcmDPUBuSDIgbNvsVNA6gn7AkbQn6NH+DImdrpzgpS
+r1FHMbjIWqpXWbAZtmOurxn9f5ZXPKAgMvlV4TS4NZqnWT5HZCKs2b5Ped2L+zAd
+LP5NmyzJrSIyVTJ7JMLLfCLaWu/qsHRGt1w86gewg7uMPdA1IEvjjXaIWNhYKUq6
+ik+DNrq0Y3fUuRg35QHaPTcab+eZAQ0EVjikBwEIAIhTkdGQEbdVwF8lqp63Eigp
+0tHFbdeZ4LCu4sW3oM3erxtO2w25Awkdrw5jRopYmheM5BJsGgpIZUAUpOakJR8f
+i+ESu3wNarKCVF+KjYvdxN7jwZmOI5t1ctnGewg0DHZZtymgJEpON1ZfQwfYmD/J
+/k9Lqdv6CVyVGwNCZUZCO33a/bec12wKnwj2uM/X5tDLmIcHUiJC4UnoMFAmGBZD
+OSxPZrNnzdoAO9zj/4WDtUVhLNkeSn3w1/LNSSJTNiLQjk7Lgq/Khd5L8Jf1a1AY
+zW+NkBdeIP44MnQ68HYSwJRPq3iL2lZaH/4uc21FYhWfw8l5BsIA7bAmUzFfbwEA
+EQEAAbQoUmVtaSBHYWNvZ25lIDxyZW1pLmdhY29nbmVAcG93ZXJkbnMuY29tPokB
+PQQTAQoAJwUCVrBxMgIbAwUJEswDAAULCQgHBAUVCgkICwUWAgMBAAIeAQIXgAAK
+CRCiCO1PivWERnTOB/4jLvex0M+TE5iL/FUki8EHyj6648sOCHnUHHnS+slME2b7
+1iAvLJxClDJjLD43Jj7FL0hu2LOnw+5PQZrhLyB1WEa1tC0tLvIkPuzCVJPI4FH7
++AegmBrGYN6554Hy0C/YRF8mOGngL58hrumJTgjB7vC+CvDp0714WQG/SgcKqk4j
+kIz/Iep2vj3dCifdh+kJkaK/nnzIT1euiOzp8xLByiVbCOdlbvYoVetqvJcqIhOH
+Cglv045lZcAp9kP9pm/kEzHM34PhkH6SrR/uodshOH4p3Ux0wGgwUbouDvHUtjlK
++GB8cYXdRny0tvdGBYUO7CsFNzPoRC8CvD+VY8DltC1HYWNvZ25lLCBSZW1pIDxy
+ZW1pLmdhY29nbmVAb3Blbi14Y2hhbmdlLmNvbT6JATEEEwECABsFAlY4pAcCGwME
+CwkIBwYVCAIJCgsFCRLMAwAACgkQogjtT4r1hEbMMAf/WS0+yuheoWrxCZ4qYQo+
+AjlaenFTPQwrEDNioj6gjST/eAaQW1/+trFPzwNrBSenDE6bwPcPdL51mXg+30fN
+zHLWrBPDsMqBlPTIvpBbQ/bVqjV3JnU8I8dHfdKmInJRrCJM21gDTprQdqfBfSHJ
+HgM5TG2+fUxpdLIAhBRknXt4+TuE272DJf6gHxnDs1oqQ6kAxC0ANJyEufFXJGeE
+RN2OsFtSygOcUiHeXwWyM77RGf73gkS9+bCoftiuM4gbKSibk4BbUVBZJCs28fDn
+AsmIstZldUGZgIuy0vUfH153DTJflN+CIGEvRUwk+nrDIwYkV0pr9eZ0lz/OFhwz
+J7kBDQRWOKQHAQgAjr1xEZh1yglszi94+HLNFcgRPgRNktg2vxOGf64dAreJvL5i
+DrS2lrFMknh5BNuj7nJZ2r40OOS91oH1qkVk+v9Cyo/3xwCpCOPQCkhzHpuQWXoM
+GMw/3/0tG6zTxnYdC999faCH0lLA8oDwHCHlZSHgsH9+qSNyjaJXvS+HVoGYzyua
+nU6OTM7EM5c7RCPhNjT9JzHLISnwaxgDpwi7Ez6yudcrg6DqS/uUwkyNtWyesx1D
+F9y2VJUNwa4NKIJkSH+niEoxK9NBfBAmAKc4o5+KPs6BvpvpiYY9gTKaaLypPHNc
+veQTDFv/26XHyzrCZmwuGlcYBjboH/BWzKbhuQARAQABiQExBBgBAgAbBQJWOKQH
+AhsMBAsJCAcGFQgCCQoLBQkSzAMAAAoJEKII7U+K9YRGXJQH/3PtQG0AkrXOpkOM
+XFLTKdCEViNNHN94VIaceVn60zbmXzxhYeKz7K345/EqATi3P3/yDHcht7j3uYPh
+vaMjy3smN6vEwX7Ue40PbFDWmm8mHpLdlOfPXF0SRUD8KTSD6+W2VJfEcDI6DDfU
+mCx9yYZ1U5u+O8Aj+1l2gdQbgAioPnQgqzf43qgnRcsfNmsVsXg7EbHspRpJOR1X
+yXl/9KrDP7p6kjwWTQ1NoRjCw0qaX93odLeKIpd2riShlB7GteUTps0IfuiL94CA
+58PV2YvZapN1KmwDohHU8rndN7zte7jbCyv1Vv9tP6Ns0TvycBAqlOZYdgabrT+P
+ccb4jCeZAQ0EWOzWBQEIALuqBv3556Glk00Hu866hDtDEOtLeyVXOJA8ySsKYIwa
+cAHzaTa2whLLzfx3XdwBWKtly1o3hlduwfwL1l3aMh4zamHFgl58a+P6fGTlPEEe
+hi+1silIT3QPbqxzOowiwe93UVkJiTqhapGbFDmnguiLZYTWhgAuGYRrEpvtNmnJ
+U+6TrDTO8DH834uoYTESqs+fuOVw6Ab84th+Qucq1LB3yKsHhyq7m0en81a22xVX
+Il5+CKZts7pH8bRTTSMn6eo97k1KJ2E15hoRnnrshlduxhzbRjrx1wfqOZ0mVzuN
+HSJYlGvUKnbtNTatOZXRfUAlqMqcsYkXz8t3QLz/cuUAEQEAAbQtV2lua2Vscywg
+RXJpayA8ZXJpay53aW5rZWxzQG9wZW4teGNoYW5nZS5jb20+iQExBBMBAgAbBQJY
+7NYFAhsDBAsJCAcGFQoJCAsCBQkSzAMAAAoJEG/8M0ObDQTfcIcH/32n9IqQwvOq
+h+rNjl3vHn3on4MdUebEIIg3QkhGtBb912Rdbvqp2lJxLDtgI1EolYbmab1HRRBX
+h0x4ErGt2yJSruyQrTPp6RKX/dP7tAghTPHtiZ5JK/KjhvuBgjbZ4xiy3ge/ZVJo
+EOuxzPfZlK+MOz75RqT7eH4mBvfB4oBr67OTfAzbYQOGRXNSsRzhHr9xCGXk1zlN
+HheyXrwpPm9wD2RahRPRXscagv+HKI7W8taDLY500C3iX7ux3VfzJcy0ub4m0ru9
+6VFJRrdwi8O7WT7oJEZvxV/QtG7sXfo7dt+ryRAKxu3er24Hmk1S9iVhowEGnq/J
+RMOIg1ioRj25AQ0EWOzWBQEIAJ+8XbWUGbMEpYf0gEfnxznD6WxBf3j4E2GWiqfG
+YHd5rQPMErrk0DXmxCwSWjJf0+96KNvJ4wrQ/G5gAUj7R7OChXWFt/KZeaEBCJQd
+0de41pjBQ7+kVb8cRTBt3gCLWC0xEkbYn7jk9T/Rqm7fOkkmt8x2i5+jk83M+lte
+R1aFbwIIA9dMuG5lm5jz+a1Hu6fK65A2V8lsBacp3+D3NNXIwl19UEh7u1H6Pg1R
+67BuePT2iKo/TYyLrfD/G4pLr8HoU19wXEkJq4S/yzoYr9oABZ3spTSafNoVYaxq
+merpBHSC5EY/D1t2QfR0C6pUVOVjxaGjYNoaajd0kA4BXqcAEQEAAYkBMQQYAQIA
+GwUCWOzWBQIbDAQLCQgHBhUKCQgLAgUJEswDAAAKCRBv/DNDmw0E3+DaCACIyXcU
+OmgyGqFXmRXC8MVzc5NcKEE6amh13Cwb75xjmXI9p2nvcklCiIAF4MrJJqR22Hko
+k0SqlcrUb5vjJw2/CZ4PNdbWM1PaB7AyKmiqvM4lpFfH2hR1U1miQZdM8V1CXmzO
+H6DGwuZNU3jUNyYvEbidIxBcJT282Zp/jC9hZFGLL7VL1he0hUvF3WyDmQo9RSe0
+xNrLCTNN+HE2VaTEk7L0dAcVS/NbOv0BJkdB0LqlHGOAE5ahv/iUxO/6FCpxjtb6
+qfCQwUQXjRrMSTSwdSTTlKA015yy44aEXfRnMH9zOPKYbZeJMFOCsfc8fU3LLuac
+V5Kv6l4aJyRYJaN/mQENBFwsoP8BCACU+waQJk8NT0hkuTQwVEJjHiLHsHIPlj1w
+487uzBVnZ3jaacd1iPz6v5OTDVcT6qaQ2f6NQosNpuLKzJr4lZTxRC2dIho+R7Oj
+WKQ4vZ/XYbjRH/52+nT39VHEF6yTYj/rVDZvAsuu8+sTJ4hkiGkqQv43OfDtbMCR
+3LdkwPNfgZ5KCmdFrmcOg3kovaUbffBhe8mFwZDVws7XnZJntvrhYi0zRH3MYmLn
+d1WBBiVWcvqZDQsP8FwssFtmcjPgANpHBC/Q78eaji3XhcL4JGcpzok7nV6nbjkY
+q/kgkxlYviyRdIW/Xm8tZWyFDjOktKFBQv4+S02j1D5Hqb8YUc8lABEBAAG0L01v
+ZXJiZWVrLCBPdHRvIDxvdHRvLm1vZXJiZWVrQG9wZW4teGNoYW5nZS5jb20+iQE6
+BBMBAgAkBQJcLKD/AhsDBAsJCAcGFQoJCAsCBRYCAwEAAp4BBQkSzAMAAAoJEOrK
+uQsZY+wr0xcIAIEUvf0YeJ0LRN6uNo0IXuEqq/G+wvjq2drc/AQCxHB4yPyF65ad
+0OQnphzCRTRSPmcVmRqNkqxc+BvORtwcX0we/KcS/4NshJ1MFel3X79jXowOPSuJ
+zp+IwGWs3hkvTuI9U6dT75i+8jfG9XFDjO8q1l9Nr2WEmxXwtJ9vCIbLShMV1tnJ
+tsW75obyhLVfXGIQBqYSDEWXwLEccILI+mizvwWPk+wI2ReefXUDi1QIn4Ckbv9T
+wKVlI0wrHoNCPhz8Tp25RzUktpGT+GyGSAgDMRBBP35BRGF/jUF5KrmmYhC9XH5z
+a/XzBL2lCj4xg0yr0nV1wGpPdAC9SDw8bFW0Kk90dG8gTW9lcmJlZWsgPG90dG8u
+bW9lcmJlZWtAcG93ZXJkbnMuY29tPokBOgQTAQIAJAUCY2TfXQIbAwKeAQUWAgMB
+AAYVCgkICwIECwkIBwUWAgMBAAAKCRDqyrkLGWPsK3dpB/9DXbiyiFn78wyJaI9O
+m0bhcjaRG2RN7+ECGEHbTpbbMlOlOteWbl3JWEzcuvPiUTlI8Q6vf/+UAGFyh9cM
+cayX7sPE+iH1OUKu+tgSDi1Qb1USAORg7wv038KGQhZcRpP6XeTBcBFjQ+sFvp2Y
+upUhSSj6DcxYCdtDVZD9MpENOU/jtu0n1cxeYkYwgY+40+I/hju6dIMK9PCypQmN
+faKJnd908EoROU62OWQ0kmaekfsMs8LqSijHwyycsd3wzAm/wRNZcG9KMjlLKtAA
+pWbUNRdgeD80ZY/OQxCy4ATyHsmIbyujMHSQQscfenQvAITq3cysaLI3F1HdBOdX
+chVHuQENBFwsoP8BCAC+gR20VVklctCTUykArlBpfxd6LHhHJW1L1oImBmkujUNZ
+j0kiSWDYPkdDn9fpztiZLUqM0+YKvaQHwBqYEDyTmVv7zk6PG1iYeiucVWZ4uSXJ
+f/ywDHwwVBcp6NRG+rfvoy+tBxoFiBFgykm/Fnr1l++ppeGPvsZBt4HheTRzYMR4
+XTaQ7JNrhwpykiYM3yS6ithOxylYxKRU4NpHuRTlv/OjdK6VLILi0UDiZ2SbW9At
+cQXX+p1C5LOh4nERsbnmsdlzZeb4iCu8Inz1MsPGorX806K5ZWZBeWGQMBYv5Y7I
+pu5hwz1T3UlCmzxtfbxVZQW0fADVH5fOvTTJqYOXABEBAAGJAToEGAECACQFAlws
+oP8CGwwECwkIBwYVCgkICwIFFgIDAQACngEFCRLMAwAACgkQ6sq5Cxlj7Cs3mAgA
+kj52FeeO+wOf3M4YwZNUwz4wYsIYET+V/j1vzZHTAHJNc6w+TxrF96bmAIEzKZ9O
+0C3w3YQy3NPfioXafID6dkkoYKUth+XdBvklh6G6X0kqDINoowtrZrY4u2QjGFi8
+lEEe0oqoRnIEftAaq2Aaosj5Bsp6/IuzxHbzDYI/vYSWG/iygejsfn/0MXPmOZkd
+7oOf1zuPhSp0wItuFBUSzN3UrTM6+D72CbVn4/JfayvMldpyb9hLxJLUuUYyomCm
+96HeMJn+KPTvsU/c1jCYyBCvFbr9QQBR6jenGhwVvVI0nUCnnCy70dC//miyE4vo
+y6CI3b5MGO+W7v8asfDCgw==
+=zkWd
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/dnsdist.lua b/dnsdist.lua
new file mode 100644
index 0000000..89e39dc
--- /dev/null
+++ b/dnsdist.lua
@@ -0,0 +1,10 @@
+-- this is a base example configuration
+-- for more see https://github.com/PowerDNS/pdns/blob/master/pdns/dnsdistconf.lua
+-- controlSocket("127.0.0.1")
+-- setKey(please generate a fresh private key with makeKey())
+
+addLocal("127.0.0.1:53")
+-- newServer{address="8.8.8.8:53"}
+-- newServer{address="8.8.4.4:53"}
+
+-- vim: set filetype=lua
diff --git a/dnsdist.spec b/dnsdist.spec
new file mode 100644
index 0000000..5bae01b
--- /dev/null
+++ b/dnsdist.spec
@@ -0,0 +1,172 @@
+#
+# spec file for package dnsdist
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define home           %{_var}/lib/%{name}
+%if 0%{?suse_version}
+%bcond_without  apparmor
+%else
+%bcond_with     apparmor
+%endif
+#
+# this should only be needed if we have to patch the ragel files
+# in which case it might be faster to just run it locally and put the regenerated file into the tarball
+%bcond_with     dnsdist_ragel
+
+%if 0%{?%is_backports} || 0%{?suse_version} >= 1599
+%bcond_without  dnsdist_re2
+%else
+%bcond_with     dnsdist_re2
+%endif
+%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1599
+%bcond_without  dnsdist_luajit
+%else
+%bcond_with     dnsdist_luajit
+%endif
+Name:           dnsdist
+Version:        1.9.7
+Release:        0
+Summary:        A highly DNS-, DoS- and abuse-aware loadbalancer
+License:        GPL-2.0-only
+Group:          Productivity/Networking/DNS/Servers
+URL:            https://www.powerdns.com/
+Source0:        https://downloads.powerdns.com/releases/dnsdist-%{version}.tar.bz2
+Source1:        https://downloads.powerdns.com/releases/dnsdist-%{version}.tar.bz2.sig
+Source2:        https://dnsdist.org/_static/dnsdist-keyblock.asc#/dnsdist.keyring
+Source10:       dnsdist.user
+Source11:       dnsdist.lua
+Source12:       usr.sbin.dnsdist
+Source13:       local.usr.sbin.dnsdist
+Source99:       series
+BuildRequires:  gcc-c++
+BuildRequires:  libboost_headers-devel
+BuildRequires:  libedit-devel
+BuildRequires:  libfstrm-devel
+BuildRequires:  libsodium-devel
+BuildRequires:  lmdb-devel
+BuildRequires:  net-snmp-devel
+BuildRequires:  pkgconfig
+BuildRequires:  sysuser-shadow
+BuildRequires:  sysuser-tools
+BuildRequires:  pkgconfig(libcap)
+BuildRequires:  pkgconfig(libnghttp2)
+BuildRequires:  pkgconfig(libsystemd)
+BuildRequires:  pkgconfig(systemd)
+%systemd_ordering
+%sysusers_requires
+%if %{with apparmor}
+BuildRequires:  apparmor-profiles
+%endif
+%if %{with dnsdist_ragel}
+BuildRequires:  ragel
+%endif
+%if %{with dnsdist_re2}
+BuildRequires:  re2-devel
+%endif
+%if %{with dnsdist_luajit}
+BuildRequires:  pkgconfig(luajit)
+%else
+BuildRequires:  pkgconfig(lua)
+%endif
+
+%description
+dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life
+is to route traffic to the best server, delivering top performance to
+legitimate users while shunting or blocking abusive traffic.
+
+dnsdist is dynamic, in the sense that its configuration can be changed at
+runtime, and that its statistics can be queried from a console-like interface.
+
+%prep
+%autosetup -p1 -n %{name}-%{version}
+
+%build
+export CFLAGS="%{optflags} -Wno-error=deprecated-declarations"
+%ifarch %{arm} %{ix86}
+export CFLAGS="$CFLAGS -D__USE_TIME_BITS64"
+%endif
+export CXXFLAGS="$CFLAGS"
+
+%configure \
+  --enable-dnstap \
+  --enable-dns-over-tls \
+  --enable-systemd \
+  --enable-lto \
+  --enable-dnscrypt \
+  --enable-dns-over-https \
+%if %{with dnsdist_re2}
+  --with-re2 \
+%endif
+  --with-ebpf \
+  --with-net-snmp \
+  --with-libcap \
+%if %{with dnsdist_luajit}
+  --with-lua=luajit \
+%endif
+  --with-lmdb \
+  --disable-silent-rules \
+  --bindir=%{_sbindir} \
+  --sysconfdir=%{_sysconfdir}/%{name}/
+
+%make_build
+%sysusers_generate_pre %{SOURCE10} %{name}
+
+%install
+%make_install
+#
+%if 0%{?suse_version}
+  ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
+%endif
+%if %{with apparmor}
+install -D -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/apparmor.d/usr.sbin.dnsdist
+install -D -m 0644 %{SOURCE13} %{buildroot}%{_sysconfdir}/apparmor.d/local/usr.sbin.dnsdist
+%endif
+
+install -Dd -m 0750    %{buildroot}%{_sysconfdir}/%{name}/ %{buildroot}%{home}/
+install -m 0640 %{SOURCE11} %{buildroot}%{_sysconfdir}/%{name}/dnsdist.conf
+
+install -D -m 0644 %{SOURCE10} %{buildroot}%{_sysusersdir}/dnsdist.conf
+
+%pre -f %{name}.pre
+%service_add_pre %{name}.service %{name}@.service
+
+%preun
+%service_del_preun %{name}.service %{name}@.service
+
+%post
+%service_add_post %{name}.service %{name}@.service
+
+%postun
+%service_del_postun %{name}.service %{name}@.service
+
+%files
+%doc README.md
+%{_sbindir}/dnsdist
+%{_mandir}/man1/dnsdist.1%{?ext_man}
+%{_unitdir}/%{name}*.service
+%{_sysusersdir}/dnsdist.conf
+%if 0%{?suse_version}
+%{_sbindir}/rc%{name}
+%endif
+%if %{with apparmor}
+%config(noreplace) %{_sysconfdir}/apparmor.d/usr.sbin.dnsdist
+%config(noreplace) %{_sysconfdir}/apparmor.d/local/usr.sbin.dnsdist
+%endif
+%config(noreplace) %attr(-,root,%{name}) %{_sysconfdir}/%{name}/
+%dir %attr(700,%{name},%{name}) %{home}
+
+%changelog
diff --git a/dnsdist.user b/dnsdist.user
new file mode 100644
index 0000000..d36b2c1
--- /dev/null
+++ b/dnsdist.user
@@ -0,0 +1,2 @@
+# Type Name ID GECOS [HOME]
+u dnsdist - "dnsdist" /var/lib/dnsdist
diff --git a/local.usr.sbin.dnsdist b/local.usr.sbin.dnsdist
new file mode 100644
index 0000000..473a0f4
diff --git a/series b/series
new file mode 100644
index 0000000..473a0f4
diff --git a/usr.sbin.dnsdist b/usr.sbin.dnsdist
new file mode 100644
index 0000000..5539243
--- /dev/null
+++ b/usr.sbin.dnsdist
@@ -0,0 +1,18 @@
+#include <tunables/global>
+
+/usr/sbin/dnsdist {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+
+  capability net_bind_service,
+  capability setgid,
+  capability setuid,
+
+  network tcp,
+  network udp,
+
+  /etc/dnsdist/* r,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include <local/usr.sbin.dnsdist>
+}