openldap2-contrib-2.4.46-lp152.14.21.1 4>$  Ap`t:X/=„$vZ2j#X RR.:hh$* #y.)*iWY`N&u?g% ,Oj>6VU\0W@p>sL?s<d ) BLPX\ox 44  4 4 X4  4  4444  F (p8x79T7:*7FaGa4Ha4Ib4XbYc$\c\4]d,4^fbfcgdh!eh&fh)lh+uh@4viwpP4xq 4yq;zrrrrs8Copenldap2-contrib2.4.46lp152.14.21.1OpenLDAP Contrib ModulesVarious overlays found in contrib/: addpartial Intercepts ADD requests, applies changes to existing entries allop allowed Generates attributes indicating access rights autogroup cloak denyop lastbind writes last bind timestamp to entry noopsrch handles no-op search control nops pw-sha2 generates/validates SHA-2 password hashes pw-pbkdf2 generates/validates PBKDF2 password hashes smbk5pwd generates Samba3 password hashes (heimdal krb disabled) trace traces overlay invocation`t:lamb276openSUSE Leap 15.2openSUSEOLDAP-2.8http://bugs.opensuse.orgProductivity/Networking/LDAP/Servershttp://www.openldap.orglinuxx86_64(pp(p~8p)w(@)(Xi (@(~H;Pp((큤큤큤큤큤큤큤큤큤큤큤큤`t9`t9`t9`t:`t9`t9`t9`t:`t9`t9`t9`t:`t9`t9`t9`t:`t:`t:`t:`t:`t:`t:`t:`t:`t9`t9`t9`t:`t:`t:`t:`t:`t:`t:`t:`t:`t:`t:`t:`t:`t:`t:`t:`t:`t:`t:`t:`t:`t:`t:`t:`t:a29e90de58f7fc18fbe7962fcfbe5add2fdd3c85fe715a1d6639551f37d3936eac4ba3f307fa5e55f5ed7f99b773150c58f119b2583f11f017cc5573f7521d5f3fc29e4e717f3fa44236e6b004246cbfb579d2bb816398755e4a071ede5d40ace7204c1a3d0c5c4c8b002599dac0dfe0458317abdce589b538bdec465ccc0f8f2f61a1ff922f16618fe8becd68d62b51badb81a6f266f384e566bed25b3c920aed7362ae9315aa99150b38cf00390d38233e82b6cd88f4975416b7b20e9442d53592f976ca689d85c457aaec0f6af293783d07c3304f5421f3a8428416b1dbd63ab2c6be80fe17d8e157e382663599c934c04eebba9b26f73b7677038d138eefe084b9ff54510aea552ca6661b6d9f36a00ae11a6d01401bb0ebaa0572f1606ae91951e5533fa81308dc3194c4afc3990fd6e51e8170c9b153e8d87c7a6f98d9b13a9dcc49ef2f54f573378a09b32679cfd6b5a6ffd009998a6dea39888d4f6115a05af76cdac2b82bfe19448bb13efc820de44e0bd6271054c4be2e1b681775ff5303bcc6b5d36b7f6e7fa20481975e2b7fff375bab602290db5c7f796534e60172f8795c1b7f9d2469b7cd6c25904a9be69382c3bcc5120ea1a198235840806c7788713fdec6736ebadd99e17c817dc807dea3fceabdbf0cd7b17865ed827e4e89d5a70b327796d333fe7813cd9b96afa3f9918c11e101a5a3d59e5f1c4caad1d040e86ccb662118e9ddc449b0dde6f55fe1052a313730ff351787156706ae7ebe274c159cd4a48b47778745a0fcb9374eb812e8f9b0c9203785f5cd9f80589cf9cb1bab260523d73902e3d57aac9129137d2e6f6ebe792ad2b2b62b0b372574a45971d941b5a693c6499ec83ace98553817fef204d5b57a04bc97c8fc58881b0b9927dd05e1b0fa4d17885adf92d2de83287ca6445027f08531867c265cc9ed8f7eb37208f18d0aa583c323e023303410921807609f260264d93138c4a6b78fa7c296b29698018f89f2bab899d100df95c2080ca2c3fd5b7d738926382e787dbca940098615bd53bd194bbad2b8f9f76da1196e5b4292f28318c0a02cfcfb56bd132fa0c0a1323f07e24fc2916523838aab85e43703a44abfda0eb2afd081bc2641f5442cfcca5898b3314efa9ece47d120e8793c518e2d52904f4b88316eaddpartial.so.0.0.0addpartial.so.0.0.0allop.so.0.0.0allop.so.0.0.0allowed.so.0.0.0allowed.so.0.0.0autogroup.so.0.0.0autogroup.so.0.0.0cloak.so.0.0.0cloak.so.0.0.0denyop.so.0.0.0denyop.so.0.0.0lastbind.so.0.0.0lastbind.so.0.0.0noopsrch.so.0.0.0noopsrch.so.0.0.0nops.so.0.0.0nops.so.0.0.0pw-pbkdf2.so.0.0.0pw-pbkdf2.so.0.0.0pw-sha2.so.0.0.0pw-sha2.so.0.0.0smbk5pwd.so.0.0.0smbk5pwd.so.0.0.0trace.so.0.0.0trace.so.0.0.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenldap2-2.4.46-lp152.14.21.1.src.rpmlibtool(/usr/lib64/openldap/addpartial.la)libtool(/usr/lib64/openldap/allop.la)libtool(/usr/lib64/openldap/allowed.la)libtool(/usr/lib64/openldap/autogroup.la)libtool(/usr/lib64/openldap/cloak.la)libtool(/usr/lib64/openldap/denyop.la)libtool(/usr/lib64/openldap/lastbind.la)libtool(/usr/lib64/openldap/noopsrch.la)libtool(/usr/lib64/openldap/nops.la)libtool(/usr/lib64/openldap/pw-pbkdf2.la)libtool(/usr/lib64/openldap/pw-sha2.la)libtool(/usr/lib64/openldap/smbk5pwd.la)libtool(/usr/lib64/openldap/trace.la)openldap2-contribopenldap2-contrib(x86-64)@@@@@@@    libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)liblber-2.4.so.2()(64bit)libldap_r-2.4.so.2()(64bit)openldap2rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.4.463.0.4-14.6.0-14.0-15.2-14.14.1`KW`/@`+_@_@_/@_FN_?@^^^*@]B@\ڭ\r@[H[@[vZ@Za@Z@ZZ.s@Z@Y*@Y*@Y@Y@YYp@Yf@Y7Y6@X@X7@X$a@XWk@WbW;VVɦVŲ@VŲ@V@V@V@V@Vf@V^@V\:@V@V @U4@T@TuWilliam Brown William Brown William Brown William Brown William Brown William Brown William Brown William Brown William Brown William Brown William Brown William Brown William Brown Peter Varkoly varkoly@suse.comckowalczyk@suse.comckowalczyk@suse.comzsolt.kalmar@suse.comzsolt.kalmar@suse.commichael@stroeder.comfvogt@suse.commichael@stroeder.comrbrown@suse.comjengelh@inai.demrueckert@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.comhguo@suse.comhguo@suse.comjengelh@inai.dekukuk@suse.comhguo@suse.comhguo@suse.comjengelh@inai.dehguo@suse.comhguo@suse.comhguo@suse.comjengelh@inai.dehguo@suse.comlmuelle@suse.comhguo@suse.commpluskal@suse.commichael@stroeder.comhguo@suse.commichael@stroeder.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comrguenther@suse.comjengelh@inai.de- bsc#1182791 - improve proxy connection timout options to correctly prune connections. * 0225-ITS-8625-Separate-Avlnode-and-TAvlnode-types.patch * 0226-ITS-9197-back-ldap-added-task-that-prunes-expired-co.patch * 0227-ITS-9197-Increase-timeouts-in-test-case-due-to-spora.patch * 0228-ITS-9197-fix-typo-in-prev-commit.patch * 0229-ITS-9197-Fix-test-script.patch * 0230-ITS-9197-fix-info-msg-for-slapd-check.patch- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. * 0220-ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. * 0222-ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. * 0223-ITS-9427-fix-issuerAndThisUpdateCheck.patch - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. * 0224-ITS-9428-fix-cancel-exop.patch - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0218-ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0217-ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch * 0216-ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0219-ITS-9413-fix-slap_parse_user.patch - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. * 0213-ITS-9406-9407-remove-saslauthz-asserts.patch * 0214-ITS-9406-fix-debug-msg.patch - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). * 0212-ITS-9404-fix-serialNumberAndIssuerCheck.patch * 0221-ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). * 0215-ITS-9408-fix-vrfilter-double-free.patch- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. * patch: 0211-ITS-9454-fix-issuerAndThisUpdateCheck.patch- bsc#1178909 CVE-2020-25709 CVE-2020-25710 - Resolves two issues where openldap would crash due to malformed inputs. * patch: 0209-ITS-9383-remove-assert-in-certificateListValidate.patch * patch: 0210-ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch- bsc#1179503 - fix proxy retry binds to a remote server * patch: 0208-ITS-9400-back-ldap-fix-retry-binds.patch- bsc#1178387 (CVE-2020-25692) - unauthenticated remote denial of service due to incorrect validation of modrdn equality rules. * patch: 0207-ITS-9370-check-for-equality-rule-on-old_rdn.patch- bsc#1175568 CVE-2020-8027 openldap_update_modules_path.sh has a number of issues in it's design that lead to security issues. This file has been removed, from the package, and the %post execution of the install. The function is replaced by /usr/sbin/slapd-ldif-update-crc and /usr/lib/openldap/fixup-modulepath, through the addition of the source files: * fixup-modulepath.sh * slapd-ldif-update-crc.sh * update-crc.sh- bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. * 0206-openldap-tlso-use-openssl-api-to-verify-host.patch- bsc#1172704 - Change DB_CONFIG to root:ldap permissions. - bsc#1172698 (CVE-2020-8023) - local priv esc via start script chown -R on olcdbdirectory path. Remove chown -R on start to resolve.- bsc#1170771 (CVE-2020-12243) - recursive filters may crash server * patch: 0205-bsc-1170771-limit-depth-of-nested-filters.patch- bsc#1158921 libldap-data should be requires, not recommends to help prevent user confusion around configuration ownership.- bsc#1143194 (CVE-2019-13565) - ssf memory reuse leads to incorrect authorisation of another connection, granting excess connection rights (ssf). * patch: 0201-ITS-9052-zero-out-sasl_ssf-in-connection_init.patch - bsc#1143273 (CVE-2019-13057) - rootDN of a backend may proxyauth incorrectly to another backend, violating multi-tenant isolation. * patch: 0202-ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch * patch: 0203-ITS-9038-Update-test028-to-test-this-is-enforced.patch * patch: 0204-ITS-9038-Another-test028-typo.patch- bsc#1111388 - incorrect post script call causes tmpfiles create not to be run.- bsc#1114845 - broken shebang line in openldap_update_modules_path.sh - fix the script- Emergency fix: move tmpfiles_create post from the library package to the main package's post script, which ships the tmpfiles.d configuration. Fixes the post script of the library (-p /sbin/ldconfig does not allow more statements in the script). - bsc#1111388 openldap and /var/lib/ldap/DB_CONFIG* (transactional-update) * source: openldap2.conf - Added a patch to let slapd return the uniqueness check filter used before constraint violation to the client. Fixed broken memory handling in affecting error response of slapo-unique ITS#8866 slapo-unique to return filter used in diagnostic message * patch: 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch - Don't require systemd explicit, spec file can handle both cases correct and in containers we don't have systemd.- Fix CVE-2017-17740: when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack * patch: 0017-Fix-segfault-in-nops.patch (bsc#1073313)- Fix slapd segfaults in mdb_env_reader_dest with patch 0016-Clear-shared-key-only-in-close-function.patch (bsc#1089640)- bsc#1085064 Packaging issues have been discovered around the openldap_update_modules_path.sh which has been corrected: - the spec file was wrongly configured, therefore the script has never been called - the script should create the symlinks first, as slapcat is useless on a system which is already affected.- bsc#1085064 Add script "openldap_update_modules_path.sh" which which removes the configuration item olcModulePath in cn=config which is after upgrade from SLE12 to SLE15 holds inappropriate information. If the cn=config is being used on a system, the conflicting items in slapd.conf are ignored, despite of it, the backend DB configuration section has been also commented out in the default slapd.conf. In case of correct cn=config (the olcModulePath has been already removed), the script stops without touching anything.- Upgrade to upstream 2.4.46 release - removed obsolete back-port patches: * 0013-ITS-8692-let-back-sock-generate-increment-line.patch * 0016-ITS-8782-fix-cancel-memleak.patch OpenLDAP 2.4.46 Release (2018/03/22) Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717) Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373) Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687) Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791) Fixed libldap MozNSS CA certificate hash matching (ITS#7374) Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389) Fixed libldap MozNSS initialization (ITS#8484) Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650) Fixed libldap memory leak with cancel operations (ITS#8782) Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705) Fixed slapd to maintain SSF across SASL binds (ITS#8796) Fixed slapd syncrepl deadlock when updating cookie (ITS#8752) Fixed slapd syncrepl callback to always be last in the stack (ITS#8752) Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778) Fixed slapd CSN queue processing (ITS#8801) Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720) Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520) Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226) Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404) Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692) Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752) Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100) Fixed slapo-syncprov memory leak with delete operations (ITS#8690) Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444) Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100) Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607) Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800) Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486) Build Environment Fixed Windows build with newer MINGW version (ITS#8697) Fixed compiler warnings and removed unused variables (ITS#8578) Contrib Fixed ldapc++ Control structure (ITS#8583) Documentation Delete stub manpage for back-ldbm (ITS#8713) Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121) Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818) Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715) Fixed slapo-syncprov(5) indexing requirements (ITS#5048)- Use %license (boo#1082318)- added 0016-ITS-8782-fix-cancel-memleak.patch- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Add openldap-r-only.dif so that openldap2's own tools also link against libldap_r rather than libldap. - Make libldap equivalent to libldap_r (like Debian) to avoid crashes in threaded programs which unknowingly get both libraries inserted into their process image. [rh#1370065, boo#996551]- use existing groups instead of inventing new ones- added 0012-ITS8051-sockdnpat.patch- updated 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch- Added OpenLDAP new feature implementing OpenLDAP ITS#8714 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch- added overlay trace to package openldap2-contrib- Upgrade to upstream 2.4.45 release - removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch and 0012-use-system-wide-cert-dir-by-default.patch - added 0013-ITS-8692-let-back-sock-generate-increment-line.patch for supporting modify increment operations with back-sock - added overlay addpartial to package openldap2-contrib- Remove legacy daemon control that was used to migrate from SLE 11 to 12. (bsc#1038405)- There is no change made about the package itself, this is only copying over some changelog texts from SLE package: - bug#976172 owned by hguo@suse.com: openldap2 - missing /usr/share/doc/packages/openldap2/guide/admin/guide.html - bug#916914 owned by varkoly@suse.com: VUL-0: CVE-2015-1546: openldap2: slapd crash in valueReturnFilter cleanup - [fate#319300](https://fate.suse.com/319300) - [CVE-2015-1545](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545) - bug#905959 owned by hguo@suse.com: L3-Question: Are multiple "Connection 0" in a Multi Master setup normal ? - [CVE-2015-1546](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546) - bug#916897 owned by varkoly@suse.com: VUL-0: CVE-2015-1545: openldap2: slapd crashes on search with deref control and empty attr list- Drop binutils requirement; the code using /usr/bin/strings has been dropped in openSUSE:Factory/openldap2 revision 112.- Remove superfluous insserv PreReq.- Introduce patch 0012-use-system-wide-cert-dir-by-default.patch to let OpenLDAP read system wide certificate directory by default and avoid hiding the error if user specified CA location cannot be read (bsc#1009470).- Add more details in the comments of slapd.conf concerning file permission and StartTLS capability.- Test for user/group existence before trying to add them. Summary spello update.- Move schema files into tarball addonschema.tar.gz: ldapns.ldif ldapns.schema rfc2307bis.ldif rfc2307bis.schema yast.ldif yast.schema - Package previously missing schema files in LDIF format: amavisd-new.ldif dhcp.ldif dlz.ldif dnszone.ldif samba3.ldif sudo.ldif suse-mailserver.ldif (bsc#984691) - Fix a minor issue in schema2ldif script that led to missing attribute in the generated LDIF.- Enable build flag LDAP_USE_NON_BLOCKING_TLS to fix bsc#978408.- Move ldap.conf into libldap-data package, per convention.- Move ldap.conf out of shlib package again, they are not allowed there for obvious reasons (conflict with future package).- Build password strength enforcer as an implementation of ppolicy password checker, introducing: ppolicy-check-password-1.2.tar.gz ppolicy-check-password.Makefile ppolicy-check-password.conf ppolicy-check-password.5 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch (Implements fate#319461)- Remove redundant -n openldap2- package name prefix.- Remove openldap2-client.spec and openldap2-client.changes openldap2.spec now builds client utilities and libraries. Thus pre_checkin.sh is removed. - Move ldap.conf and its manual page from openldap2-client package to libldap-2_4-2 package, which is more appropriate. - Use RPM_OPT_FLAGS in build flags. - Macros dealing with old/unsupported distributions are removed. - Remove 0002-slapd.conf.dif and install improved slapd.conf from new source file slapd.conf. - Install slapd.conf.olctemplate to assist in preparing slapd.d for OLC. - Be explicit in sysconfig that by default openldap will use static file configuration. - Add the following schemas in LDIF format: * rfc2307bis.ldif * ldapns.ldif * yast.ldif - Other minor clean-ups in the spec file.- Use optflags when building- Upgrade to upstream 2.4.44 release with accumulated bug fixes. - Specify source with FTP URL - Removed obsolete 0012-openldap-re24-its8336.patch- Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch into 0010-Enforce-minimum-DH-size-of-1024.patch- Upgrade to upstream 2.4.43 release with accumulated bug fixes. - Still build on SLES12 - Loadable backend and overlay modules are now installed into arch-specific path %{_libdir}/openldap - All backends and overlays as modules for smaller memory footprint on memory constrained systems - Added extra package for back-sock - Consequent use of %{_rundir} everywhere - Rely on upstream ./configure script instead of any other macro foo - Dropped linking with libwrap - Dropped 0004-libldap-use-gethostbyname_r.dif because this work-around for nss_ldap is obsolete - New sub-package openldap2-contrib with selected contrib/ overlays - Replaced addonschema.tar.gz with separate schema sources - Updated ldapns.schema from recent slapo-nssov source tree - Added symbolic link to slapd executable in /usr/sbin/ - Added more complex example configuration file /etc/openldap/slapd.conf.example - Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap - Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap - Added patch for OpenLDAP ITS#7796 to avoid excessive "not index" logging: 0011-openldap-re24-its7796.patch - Replaced openldap-rc.tgz with single source files - Added soft dependency (Recommends) to cyrus-sasl - Added soft dependency (Recommends) to cyrus-sasl-devel to openldap2-devel - Added patch for OpenLDAP ITS#8336 (assert in liblmdb): 0012-openldap-re24-its8336.patch - Remove obsolete patch 0001-build-adjustments.dif- Introduce patch 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch to fix CVE-2015-6908. (bsc#945582) - Introduce patch 0011-Enforce-minimum-DH-size-of-1024.patch to address weak DH size vulnerability (bsc#937766)- Introduce patch 0009-Fix-ldap-host-lookup-ipv6.patch to fix an issue with unresponsive LDAP host lookups in IPv6 environment. (bsc#955210)- Remove OpenLDAP 2.3 code and patches from build source. Compatibility libraries for OpenLDAP 2.3 are built in package: compat-libldap-2_3-0 Removed source files: openldap-2.3.37-liblber-length-decoding.dif openldap-2.3.37-libldap-ntlm.diff openldap-2.3.37-libldap-ssl.dif openldap-2.3.37-libldap-sasl-max-buff-size.dif openldap-2.3.37-libldap-tls_chkhost-its6239.dif openldap-2.3.37-libldap-gethostbyname_r.dif openldap-2.3.37-libldap-suid.diff openldap-2.3.37.dif openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif openldap-2.3.37-libldap-ldapi_url.dif openldap-2.3.37.tgz openldap-2.3.37-libldap-utf8-ADcanonical.dif README.update check-build.sh- Upgrade to upstream 2.4.42 release with accumulated bug fixes.- Upgrade to upstream 2.4.41 release with accumulcated bug fixes and stability improvements. * Add patch 0008-In-monitor-backend-do-not-return-Connection0-entries.patch * Remove already applied patch 0008-ITS-7723-fix-reference-counting.patch * Remove already applied patch 0009-gcc5.patch (Implements fate#319301)- Add 0009-gcc5.patch to pass -P to the preprocessor in configure checks for Berkeley DB version- binutils is required for "strings" utility invocation in %pre [bnc#904028] - Remove SLE10 definitionslamb27 1618229785  !"#$%&'()*+,-./012342.4.46-lp152.14.21.12.4.46-lp152.14.21.1addpartial.laaddpartial.soaddpartial.so.0addpartial.so.0.0.0allop.laallop.soallop.so.0allop.so.0.0.0allowed.laallowed.soallowed.so.0allowed.so.0.0.0autogroup.laautogroup.soautogroup.so.0autogroup.so.0.0.0cloak.lacloak.socloak.so.0cloak.so.0.0.0denyop.ladenyop.sodenyop.so.0denyop.so.0.0.0lastbind.lalastbind.solastbind.so.0lastbind.so.0.0.0noopsrch.lanoopsrch.sonoopsrch.so.0noopsrch.so.0.0.0nops.lanops.sonops.so.0nops.so.0.0.0pw-pbkdf2.lapw-pbkdf2.sopw-pbkdf2.so.0pw-pbkdf2.so.0.0.0pw-sha2.lapw-sha2.sopw-sha2.so.0pw-sha2.so.0.0.0smbk5pwd.lasmbk5pwd.sosmbk5pwd.so.0smbk5pwd.so.0.0.0trace.latrace.sotrace.so.0trace.so.0.0.0/usr/lib64/openldap/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:16067/openSUSE_Leap_15.2_Update/ae55ab79cd8822a71cf55e7745543397-openldap2.openSUSE_Leap_15.2_Updatecpioxz5x86_64-suse-linux     libtool library fileELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=f6c505cc8b5d6a0b0a556f5a11d870e236ebd77e, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=01515da7c3dca222540ad0ea6bd264e4943315d0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6a5a57a18867bf199c041e2b9c86758a14110978, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=f46b08b99d6111385168728f664b72359c6c88bf, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=50744872c1e6a1243cc5af60edea9f6daa87b770, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d81e264a08331b89c7a70691cac9363430382a49, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=9b6b76241631f625e74b0ff8a7be46a2bde714c2, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=1eb45cff90b6690a85c3362b8d3f456e3dc39d29, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=39fbcbf3fde60ed776de3bd7e231fba1e45d298c, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=8ce4ae895afd0f67fd0a206ad2c49ed5e017dc0c, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=082c17ee162c5735fabdc3dc58e68bd91d8fef6f, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=08d2586e710b554f49b7fc0a160bcafb4730fb45, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=3c2a4c5a7aad829ef147ac77a958836c777fc11c, stripped "#&'+,0178PRRRPRRRRPRRRPRRRRPRRRPRRRPRRRPRRRPRRRP RRRRP RRRRP RRRRRRP RRRiVLr㊟x(Qutf-8e6ea891531fea5227062b772cf3b375967e86d9775bc5e958f3f4454d334a621? 7zXZ !t/] crv(vX0ELվgQĥ8%!x)RZJn!KgE8 $t=Д+tӚKC‚F͊qµ}"ӬŠa5JG|l$oag℗s@Tp>D^-o?U]Ќffn5@?BWkl!ᕔly{301Qg W!|׼F1~ixG(D7⓿{N.Sy'w"O@oTї;Ga4BߟJ6.cpĝEo$P=D*} <a.n5^RZ+!GbY`TX u 8c2 E„եӦ9BQ1n`ɛ4VBSw.\f?Pr9bH+L{ùLqbU.560%)9Px8ܛؼYGZF =<*%DcIagFbC+g"xP$I vxLa-nQ6TI^gIj?XgKy2-_Iwkxz;!4ҎFK6>x;ugLL/Ho~y*Huu<޳9T??O@wKH^fSfs\D9c~8X k45;T[z Tt9']“4^;{kQ'tpYLIV" |:FA?OoD̓i4T˩lZɺA/Aq\"9MCf]*NJiMbA,0e@{2)%Lr`o9IcHʥXu\Ծ0 1+ێf T`%F7y< .:C][q `?ּTšԕQ55/'`4X,f瀜 n&&]M7?HT $ o{^!"DegЄH<%ё蓣Y廥YPqHKok<b}Ke]/X="|N{U egt䅱ք|*Z̔R쁃Ιu׃-7Ǚ'Dd+5DSBSwv((va`!cFl^`y emV$MHjΧOLYTO"X#TE?j!™8^,0>>vҦ%9n-߭Z]|ƾ.\lVZ}t2ISOa xX&b.N(efLݺ_qKb sBk?XYd_nj&{WdXB(t{C*R%!+KkʺBw'..u9:TΧ:gzmL5T %/Xwmx.>uqYdU$Scij[tz{Ly-0Be^(E2 #7U pz 5mڰ 5n'˧2S1([+±-nh.MO` ܋H{]`K,iYT[͡MAFkϩ ў]|BX0^~Mrtd@u+.7k)㡂ͻP> n꿅ٓ'I 5 ,rGSԎբD"JP6:[N(g8" A4& !}dkK./u.gU+8x;kCzO#^9Erh -Ý B1>EJҁ SqȽ"b)U$^byD~[CU>K =6(caK@޾,]@Cy{$x(?7yn@1g u$7,X" g(g9؝"XClJ^ q+^̏ɀlPET!2⌶2sa6>=!xKxG񃴕8 2fп+ƈJ15G`9Gu91c/9,5^=L͸iWT0ܸQy^r4P(hH`xlow|$}H$gt!ZRőN5lڽɽ]qh9o\V }7{%t⧥uˡtJ9E YRD<9=źj< "/[\g6"2O D;- 4M]eN% ? w\oF:"zV$O ba y1=m0OᦢⳂ+F“*x.?[LODJQ:ǂGGdPGzt[gZ'(Uދ ]=rJZO$Ղ!.^ۖHUMYTy+|bɃ- yxP!&KFFT0*/˘B%`NePgٷd CNeKM)wO4}A۴Ov Է)Fj ~Γ"R`kƘ%GMtkْb`p pUXʝIeDG*K`f8b}q^o#;yMiQLA>ƥפ;jCLP(!HCHȘI~ԭ*['O¸*bJZ%*~njVeio#z92nkmcf&sDZM"r5*N_V|,d~c\ #җX`p b7cdȅ ŵ>x*t3#fhA2[:\"#XEXgmC5E8< r̚&~Rqj3|t &Օ8D'5FK(M*^9ט4Q2>~L=Փ+RMbՆ\.I-o0z,,:LMj6޽`=߻]T \Vzm6()0B'm%0X3.o6eqtvT1?\LJBےv`c?h-by4iʰ*x7DB1K]U~1f.h \bsrUF^w u`E0 7KA2׶K.oS]#uj θC-GSyEh7L\JJH§.lb:J= IO[ xitF"{GTu[@ދ,ъ=4--9>3n#}p7FH/|zE͸x O&S 4)+ZOG[Ƥ6.hvʿPm>˝=ow4T£Jh4^)#,!}9#xM[40*lC@RA;Lһ 3yJYqC-h̕ױf!&C~ n\4hpR[|ma$[6 A~ty(׸9݊K\u ހ^.gX.?RDTL"q{iK;WR?L6Ou̖Nʋ]oj{\ˮ$1WVG"պ<J&ʬT H'eca A֜I3A,3{,9bx-e1FZ\M%D](KO}cluWH^mZ" z1i%H0 ,ʠ>Ȧ˔Ԣ⎘VqvvvRh+y@!k$ϖa~1dwc9%\tR~,sV ǩkm s<Ov2U/+֟KX30 _qUXo-n_Z(N+o ~P0f]4U+kgH}%>dBm:/ H4%" %. k0e~{uПO:o$xQV:-puljC6,csNKaFeT-7e~&SmuqWK?qKy>,$&VD`Le]Dn!ܐ)$*) 3rb2ovh燊tX46k!hqno<-bZBۃdX:vYcE& ]4s6;!8l`>uyYvk_aILoTeT~?=&K-5Nr$ըxjxe @:ʖ'{P~iޗK4 +DVZR۽6$3\r\N-vƂU f))Yapx?|ڔgtQaiVO.tx}*yZ Jz}:_O ޑ/V9=*2lKxYw_1:~G ^Bu HHT@KE5wHZ=%=FG;Á7?عɟn!S7=F}Zz7jӆR796PCSSiszI&5TʤҍGKao5afz—PFIC:HzٱͪIJnL,$fh.~Get8܍6ݔbqK͙!ʚXVm Z=oPܖ+w˩'a'tEVPCe_Pc8tk<-d@ms+%yѕN j)'W)iטmoY} ‰q\W\.\7xqPtDVN7Kh؎}.ӿ|X!%C"Yn\UcܯUr` w1*،0}=w̋V4ɲrph>Wc~ xSLYd-|8ІYK9sG[eβ`)_Ẅa"mVws?ɵb2HB˖xZE>׏ӑ 2uK8hzp rHocV햂&[7tDbЈΔٵlDVg nUsL=Riida4b7[ٛMžXUZp&{`qo\]K9 G=c]QƺPBGVU  `Ӄ!J(+JOe#0HGy(˔ w5K$֡_hඩy~<:&Чzw!,Ru3 +[ż^q쑀匀OsBfdJkn7Xo4 Kv ݴn䘭V/ Y!ʼ0WQDGm5$9!9%rR}yg\;mh!2mCum._D%2㒃ω4`nI@k7LMs9,oI <)oEUYo~ZF]eZlƶqisP@O *fmn^(:b0Oq/bgC(ib"3P9 &fadh: |R!y4CW^2I]7N a[/(CEǰtCu-<;B z[!Єď0-2\J* "2% #Pr"[uN8c$$L첟#1ؖ:_{}vy`cGBV2o<-I6&gտ0֭YlمKݷsea ml4nԆd. D/E HDHFwq[覻@ 9/BEhڕwM\CoxYS|XkGmƉɋ4_ uS4RQ'1s%۾GİY}}h]x4ѴZ׷Sk׌6bj v''C$y"5 -{0"UH'E;W \*>A$uф"m߬ Oʏ@LV|ތAí:dR(\N5z$->.3EGOx&Lhhdy}5mآ>S{,˂i蒋A#w)@ؠ6vV.͡#5?3|o{{ ͠%+𴉶7qSeVW8\_VdVT&@%._na̎Z53Lme >_yLzB}ޞOz0G~=s(%APjNPDy'*V?2*7'Ūi*I X[Se5gGl2Ŝ"v.厤AmI@9H5FZ cU@6{SmB\G*j9㡑 ]ugAVΆ_KKMoJxvzQ 4`#zm ȘIY24O1lD`3l# Z{љٵާ朌2i05UnL}`Z$.[LD'mF$ϟ UK֝5~˜"m%zN]a =^Jح=?9t I^ z!&ig]f u<Z;v}I$~MQkKuZtp Ǝ'GUNe xlռ^+=ׁ_y0$UBSZEkûpw[;7D?&pj:HPJnR7X<`Aju?Z /vRA!ŏ >ՄI.ڿXN+86(mǗL}xbBsbK>H:##"kdLgrs/XnAJ]mc[ ߤ02 ͺse TSLy.bfЬJeoF&FZ"j; ; *PӴا NgOӱ%y$%4}^k:ObPG0g'=o?gCQZzqx!'k }% c(«SԕB.ʂ1[i:qC.Xe[ǂ] 8VszՃ\m6. }~YӋjpy_{ #/ñ$zfŰ ZHjͬ®2HIQozP&US~+N-pqnUDֳq,<zvz"wߘ|=?"9H-7;I}jK1ODؗ%iݯШsKiBYAICHfsw^ X)2EPa$1qߋ3VD;_-W5D)0 }UJ{{z$TfUJmSג{jSvY9>kʜtF{WPF$HXbOW/1r3OSWO$9{69# iҮ_c}t篹/6V_^_P(]$UW1ِw_$5o=C;6lWIFafdgM9"cm%%>ίq1 moA 0Co񇒥%Iai7 Aқ OpOT!}m /18A> v)& R\ߧU"}O I(*!y*tfE̴C4;D—G܇ΝU'3*`v_Muܑ\)AFrx}6hWRN~k( /Y7Iय़áQ5^k-܀@̿̀/gRmeDwR]0EtdF.fѰ?7kX67 UL9YЎgCH5gWxtR@a(2mnv,p{qڟ~f'9-N ڱSj'.Vt ؃^Q n@?<qKɐPrCv9,]XHWqs_300Ms=\eu>}@M uݺYj Í٥ .6y@Ba " ȌMhxU\zK9 Fvnr{86MJH@m('3C5  U2;5,DF]'h'ZiN{hn: JuaLjKDND^9ϳqwV ŠŹ G܂;"QVʰ,v٤G9{dTbtUM^ŸcQZˬ%ܼn~}/";B"'mz}Yt FmG1Fc/8ˮn "قKXQ<=bedh>l}˼0?' ?ci `eit"h\xzYW){V{ed ޸8c‡I!Qkk9mXu{Yg"|&&ZN=(dzc-Ay'*SJҘ[D:,Wžz]vk&pl@Rq܊OFoAv3[칓WXV* 5$?e?jQ]z;8[M$'ۮN8P@?~ IS)|`š4BJԦSIT yq}Q.RM=İ])Wkv2f*e}61ܒ p_ `&)ΪOT(䖈5BKo6[Y0[F sZ?6sGlNzoXV&(Jb,ynkR0s8+ry~V*5ҎfH(0iQ(]3b.7օ&쵧xw}naon; `sNl\txjuzTepsD?ɴP z f]c`# kQlլ* 1j736^+6{7טs4G$E=#-dZ_w3hH8w<ñin&bCTXi!|^J`]$pMp.7OMȢxz1kDw-ώFDE$=d5.ͱy{RX^lk˜{8Q"u#78pNGyD]W5;mdbc~^n8L0IV£˿k[Lt8OUŖ8m;l3?O7j ew~D& fw l4Y61m\DD^ [x>?Ej]h{T/7Toݪ Dl ˽xep>Nڠ:xO`g0~o8xiOwIޕ^$JTwWDIqV$,CV%?[HO3-!ڵpėޞpP 2ɥeC;UAH=V KقZҟ&w9@,hK1f,h'Zw͞glK 9xT*U^ 6<-jK? 'lrP]bL263;e#k㥕)w~2j ?= : ğTr"Jn?&gZѺs Ant wũN99c,J=%M% tr<CdMF_J]4YK D0|e;Ad\uM(xOp-g)qFFBudM4+0lڒsDjEJx 2<\ HJ+EtgGp2+N G0u=ƀBLN~Z(D( ^Jw1^j,aAR#7j[ x42@>ⲵժ O&,c'o'[:lhm.E;|@(xdhg~&q؄'[(=uޫ;VەNb>8)X(RnaLz<>>4OE[V jj f$d1zu`םD,FqydM 2tI oLFS˫jng4Q\^N5rĿ̓:6:?Ͷ>mpnt0EbN3_d`Wg,PAxX讣s0VCӋzR=r}Zfi"q>~$!ׂN/Zw(+#B>DɇXj:cWp+ЋF!iivɯ-cyT\".&@&3aU\Q~JJ``呛̽#p,2s48c QË5ԜdZC.\!E"XN=qv.Y 2% qݣc؆D5,ʘU[6Vs1u~$>9a`hV !ŶW\ÃZ 4lQIo TȘ3 ~d^C$cNTkh,N09,nkH0hS0*>aXCW^s+Kj0jpYyٖw&VEqg*w)i W/`X&Ơ5A`Om IQEq&vṄEz}8!'l/P3B7 肾@(wɷ8 GB~hѬ úm8Pp,9\_h20d{EwAm>G$QT(H{'cJO,\}{ Ʌ&F}2|pn <~L+en_;Ä8k\7v̖f+Pg9ƢmV+b<ݖf"MQ " ery/:%?t{Fcg)SO+iF<;C7 K]I)E Bڲ-ugʃf-Rr_.Yd*kܪ!G ÉY6]GiK> k@~$H_ֿN(sAX(P}hњr%][>4ErY;r/A8.X͆F@wdh7l~8BoGomiT ݵb=9GZ~5j K_oe]α}޽ 疜z'򖎹 >Ƹq ?[nwlHnr  la¢,-Ks' 9NC mohP8۟6o_nuK oY>jW;Q&ô'=VC\bM mQ$! R|'ϊ"+5ZJ0kJvw[0a6fd[zRyslBK~P@V}sW[?sw~-l9OI @3JYfO%>|2HxZبHh4t Y/Z\.| yI4K,Q[]EF/JA=su;3DyVN/-km.8S?&Z2\ZjeeʨHQ-ksq#A# t⤺p-*@,=Z[@μ@J k]_;Diu1rdP O-`JM;5Mp4X_)sNvw~F"$ y,Ћ_9@{I]/EӻsiCeΖoƹ"mLVL#汦Ɉ%u9nXX 7:~`+[S573T"NZ[ Ϛeh7>٨kyAI1_tY x,ڸhTLtF)̬o-P,taBi&ȗXLOtX SvS}gpRHDH KdBԉ{pł͖3Ac}1ܛq?ڢ/ tSܑ?ۛ9Ir#T dꁸ8&lZM%s!M1,.)羂sL&/^`@^  ƥ&o;U&8uueOvKpf-[tX؀4YJ`6|?˚@ڙ1r&1 ! v{뮒7^T1nߢab *הu@<̝SfY'@W{vQٝB$d\pˏwsތRnq&jBFdV~ _Bqf+hY*8-DZ""g%~ oo4 Y8OIOtQۓE&02ClE?j,$w !|9i`4Zo`Pa@"LƒHPFwbD}%,/u͎v/dO;jPĠHR}FDtdw/h ZZWg4C(I,s _n\$>nCabFZpv&`b/Ox,Bnư΢A=ĩ)z;õ kx2^=V eXaF~H-UWe XabؿX!ji m@. [x4O {W\K&:I04qx:&3RPIǑ#|L1UkaX%%IsYɄeq $y&@r;eha2r"Bl65%f6˻}d(sm?݋5W3 FC@ ) i^p!1²,4==r@W&6JߟP QrB}CZ>gCWwx>7D,d0@|ݐbUZA0M z}|*cnbR9ysif~r8F7(Dxzt bJn噍szTIP[djt0>4a%];6tMQ?X: ZLGm2!LX&&e-Iz|5I1=r֜a%H[ Y~OTVCvy|rr [&5!өav %{C8O@UڷVEs-Ga1cCcHqoithl քP3w\3Ji%UV <9FjR.qDn=駈ũY!M1 cϱbsEC58k>.soJDW7[2Gt dsޜk #"R{eM/#+g5V1K-yXМa Ytֈ)!*+fge . bI@mw"a: v!4J/O%؅q:dyːŇIü\:{J許ݡHп+`l$F_<Φ5.rb/gp r#}vrkn._d#XE_uldOȢ8\A4dlg.Lj(Ȗڨ?|'?Mgo*~6'0V=?r@.j^,{ZRUXp[ŵ Ie2%!ٳ@m;uuZ@8[O wg>ػa%;ӈV`\r<ҵ8jEv>5 ZXrFv2\FxZrqk˽wר-3#,qXɘc;X/}ǂC|k qB߆.c cĐ`*W!?%%N\ K\/u䚴p^ N+~}M~'wB~rsG ,M|XF@Dٯ:X̛L*]AOڇ2(ٳU9$Ѳ}qhtLe6mJ6E`AN>"΃U+e1&^fV!5'8_1H>>_|#vʳM]qzxo״rmCxVr"pp^'@r ^FRD0>jVl`|Ǡ2:w>ܵy y]"% _vȞq؅--" #%rY8r4Huu!q0PU;KuAaZul?.UɡSڣ<st2HSvjaW\ŗv[U/ph)+؀7%F ;U|a7u%Jpr.gLԌ4K28FǝPIW9f{BC.ӿ}24Б83{ġӰ^wN>kL5iDjs}>m0lvq" bWw'yjJh]Ks}9M JWoF kRje)aAL\ak2=wJO*MჹU+5(䳅O1rEj}!V4 =rE7Jy⼬1dkHpV'6P}}!Z>WQ DA0LOݜ~,C±Ny.HmIq}ᗪ]$q*Unqai^6|0:;j~" (fHoFaB|e]c4J>c6(2ۥ]{Ro5šc3nZ$mbx:BKGIn``@C 3!ނE϶Eb8GQ_{ܦ] J89XXF>nU>jr.`0n=7sjF?/%[l/ϰϿ:t"{pw( U[ f^ƙuDwHWU5ʀ>/v&lIZ TJT5QJZF*ʶ[Sb6C:&EYG6\WZVYKؚYg ([)[FBJ!+2HeY'ʪCDf+Q7.F0TюEe,ܫêLER-p'&Eܰ}"bW]ve3’B h\偸q[/yB RTL65k\{&38ՁeQ;_%$u F~˪njM>8aq}3w0?QSoWF 9L!l#-0ٹ~h3r $8| ?6X@fIrJt?yDŽbLsnJ[ @=5BݬPck?@kxQ;v:a<٭񷼘!?%X؞Eyͅi_ H{Zx`eZGϛ2pb"= ?=b)ޛh _SnB1[K;e_崃CLT;c^ь[VR]Jo;s? H7 #"i#c?n/G%~ap5}IsJa1ŢjmE9FݓQoR⣄ћGWĺ(JQO9ȣדg;k(zy!%x3ۨ Z#NqWg$ڋS73B}4#␒)9v1Spn~/&rQֶkrZp;pa:VShC_Gf.+k:1"6t~:hA/Hj>I@yb7 rU{.8Ev y (PE"HrȀ!Q笎4s n`\btlj{uB!DL"r/^hNV? XU%H8ɱ2_n/EmyDzYD(.c:vs8cn$R×QR=SB1^JXl-XҹL 4w)hzz}. D2_{a5WN35(xh2=gD|9ĚAc+ѡؼѺ aυF"gq .U+ގ |YuT%Ro1BftCRWK8Cw{y A`76;eN)UL*@HΨG*g 7 < yK5}C=pFzIćew_nCs? ; ycqٯAfO:61"9SVBJ@ƩTYD5+|NW=%}݀HHESjS$ź,\_/,BOF4bW W0}ջ\&Xi6|kro=ALr"5HZ 1B&&sʈ3[ d!`6T߭^ u''k (#j$uOwu1Gކ|,f"C re\ģ4\@TʚiKh$ЉH>0yLp_#r(ڎ& I-`Bh|w1F_zMv>\n{;>5-C TY)vz{,V{*;  >U9M%d'g3oTh% ))nik/o@hAYy׷GA*~q-Jxj:lRUEG{>`Pn"X|J1kc `Q6>[6,s )odϹ$T|crlIOƴNL0ZAopWO[AgCPUuMߜhn Ct3a a "q+tKxzu `U!{m_ý~}J_LwV<56)0_jP9)/Xh=LhHyl>|16ԒZpC:i,p򚃳p'3zYP i3ܣi2>%|sIO̸vpl9QS*"=4^C zR)q@݉jT \y^u-=i}~{h 4 };V%w3.„mтg%oT҆yj3*ZYgyY ߨsdt{)9X_OȎBg&EpR e qL k}Q*prTLBȟ-PTS.<56 QVotmݱWw 䦽">)ϲ b$HV`/kװ/ ¤g*.ђty~Jx|J d+S?M {%ۣ^c9W20)\݂P+{[J 1_N?ѻC/ |C T9h2: "Oh$=]`ReN`1%'C3Vv\CRk6wiLt- G0r`_,xQ+!OصI)П{{K3{3A_3׍ dGWtq45 VbA]xxYw.YYOʢz"Lj>4P% e3&=YsY ]^mA 2EE #0Gu瑯H`}m#p Da+ԉ|՞&t:N萗HsQwY7JVlh V2v< RLX|telYPgr7<5J2lbT`;Ɏ b;s^PtՌM/a'G7?eM(I%\x;Bzg!u("U!}<'GWRjUc(['FAUK:( [X3=瞰 >t@*F8&2ǭ5m'P9 Oe1O7`WyѶ==n}):qX>;u& := iMFIze~_h{ ړJM[,F`)K2yn1,Ķpl+i1)yMxJf_KȾ%xʋDlBfS'&BN%ᲬdCs2IgQ“vh ;F~k&8ey'>ൗV7ZV *<v KSu/\n6(0BuU'%b}@N@іȁB֢  _0J{M]rVXhPVq%юb O'.@ޅ/,h0xs@_fn:pjQfpw&&`:ĭOXܐN\GYcrmwA+^6|LN Uv2ey>U ?W diw*Lx+dR xOb&^LfsݨYs U݃"?>r}ċPp!C[(|u!wq $ k RqkKl+ԫ`W YY{1=iL -;=]!+(LUظ4R'\=?$X~-)# p1jV$ݺ9tv$nL^]pUu9YF懀3mzGЩcך$%m}lx1WZFMʨT>N7PQ@wO'ɨJ w' MnCQ<37h6.asH4n\hE,16[蒩Q^Gvsy =pY1MrSh3*oGK8!lEsӥ_*bSzf3rNU _l"ߝÇé!D6%޻Lǿ?$7щU ujX¼sԩ'jA ʋ7cfV!CCAtzġU= LBL4ǞK"*"֞U#2?>3Fsf6n+l9ބRyMCD=tDc.R0[tkʶc, <,*# Qqt zņ*%$&yۣ0"Y!,'[ - X6Xŵ{1ܝ!AU$7!q?~arEn- j`o}y㱖x1ە7Um*-Db;uKu"EbgLɮbn7RS(l3U0 |0 rcWjwe>,֯-_EvPx&ui"m*H|"D@ ʠИQݒqӖL j? 2kZH>zp@rbDTI5xFf>!_ݙ涻Ѵ ɣ5K*~ GMm1]lvU_٭ G7:\'N&2ns'I}w 뿎b!_oI-B.4+KG(FAғho GQWXg I+F*|?+B^=>Nm}Il4@&ڌsM&NClyו@? %+^iX\d!jARџ@sI"7»Y`1#kYZvS37a.~J)k>F'֯ro`ރژ*w}xmfB+^hZP e8cVN XS+e{dkH\Q}~`T\4nIսk؉HuS qceO7Wy5%w%OŽ_17ԟg+w}_ [)` 15ըHQN~‹Cm}BVECGG挃 )_|ɡڠB #;`g;^@:S:(i5dBŎZ=fHź3Wk,5_?ȟ4H)j{_E΀XpAx}Z6yخA,wΠ u ǔ/ŤXCTUÅiHy% u3Z &eo ¾ A0Qa)p`lpx X1A~ Q$Bʰ$>-j8Z|'-~YfAr#EuǧNÝESBHCN\x _FhCE8#df' b@_A@w] QzY]advw@ y3ܜlCa9 [64V<'ǸW"?RlאD[$&vrYJ2\]"d nDFݷǝŘO5vrJlB%!6'9}Ԥ ΂ 0+qISO0wpuyQapp ^ϯt]~9@!\˴ AJ%گoIxV̨^Jqa鸑FP!3-&Y3JGop1O,FNt=mEI9aU딅ˁJ ۟˘CF2ygbRɠyѳY7}WIE?OW8\l{ LBNfQSOQȦd(&?ۺmAm<{qF=5좱(&_Jhv0k:0xKCb:EC2ԅcxa|R1؅sƩ#†Y=&HgmBoI]X1:޾d&۔xRevӳ+ڢN4zGDZbpKĢh $q!G `.}$ڰ6_%W%G2!@Sʞ`acܟ0<R~oV'F[0"/6uaQiBQ!8=pdX=:``o@@ lj>$+Ξ++7REq#d}Ŏ 0'7]mmq{AkStX {d#knJuAKm{HQRC}aɞh:*>N30=Jd=k:/:W@­%lWZ癴*u`#!Xrb}pKb6<t:v:cm<*U̸2Hq[-AiU+pKQqs}9Wm]Jqϗ )I+HԦI]MQg mdOXZ9E3aӒcx&X)[$7:tFh_Spq 02xփpnl[^]ɬJN~%m0W5 8kp<06з-O\\,\Aȫ /#1#ꎋ%FG"W.*^CL~?ZNjfPݱ/Ocoaa mI Zryw3jE8%ޞh( g^>͑8}XU+iE$ H*HϸkH]͜XA۝CNVs4U m^gH-igfKSz״6E `z㪸j @ ^rZ`] Lr&* fzk ;R&t &RB8T$Eq7pg# IPxVF;,1`(XGj%ZP|@7xio4Jlu{<_F;m%Cd>/֓>ߠGeU`~Ș|1 ,7ؓL" Lў8lIG`&Ow̔e 6i;L @ Z *+k}9Xq%5B5ge!1KFnE?nYs9b5y Ĩ[A1䟰/PIa!&Jb E(AO&؏d@Z䗟7,KInqn7S !ڠ rlE~ϳdOJxe/$`ܞz4טrhGrc튣5=vkx$0n6%*g|3谺AG5Mqͬhs*kpJ̪N+C$>W:WOO}d|tMLC&^+{,4Wک[$zBXj7ޚ-_ >J &-g4zpi`qqG\͹aI Awtꅑ;<7:b3t̞aE-""9,%N^[;mn⸹/x$8aPc8 Y{xS8Jا5GRxy&F ap*<^}WWvG?C"5=JeQ~@`:%("^"R8gG]徖RQM T\Xsu TI ӷ\ e`n$X& V U,{uO1䐳vbV1?p @E{BIsG&Qf%( ;5+/Tv si~ Iw>0gZ@Y,F!wPaj]Sc+s4)1Jh%/d!p#ϛ}M [TjRwkK&պƚ5OY- ,Ph$BJVv͇4'8F'&ү&fʌR(:{!B ǚ̋/( ԝظZ4`ۤo^5NxH1Ŧas#%󺩢b QH:'K|a빬|x̑cp<>ujm!Rvo&Y"٧tR=`l6Y7!'`Sja/Ӈ´:@\&ok |w‚5b$gL@m.9F5jzOzB;NA0ߝI* j; };m6jN]m %~wH-]X S xzD[1*ů ͩQ s|vZ1up `;?hZ3`Dkrk$ǟ\!?n2D-m1glpM}j ;xjMO@`(hJO S{\SťyX$ X z`Hۭ,Pl%M[*|G;5͡tt"׃R6~bN_ o9/Rwy㩈aıxiyXNcX8/}=[3]+/^>X='K*>(<|SYN; FJcY c_nMBn@81Zؿ%(B- S08ƚ_`{J$dOo5ڥf%;_{Yvt>/Pn!IeTlOnH679Kͩ1_n}AU`>T9K".d0 扃<ϥvם_bvD x@LC_!I8,++i#KPڡPэ>dU^vbvX:2=UsU5 MWkn=#Y Vs(!ČiK¹T *eYY /Fޟ(LDwcGhzy۱ݶh;O 0Gvs*nDZmތcݜUlEd"|rDV8%}6ɬ7ŨŠf֦R6c}!0cvC}3IUpT[SжJ$Ig1(.)T+w!}cU?rM,7ȈTg9a!_~F?MZ LhUX+>nm+7Y $à$gvƽn r @N}⚊j>ŧǰqrŎfx=XΑT2$UzqT Q'[mnG~I JT0cjL5-p:s~lWCpJ0/H?yꃵH%mYU%#m!@liLˊ3R;bۯnMqApAzP(_s޳c5~"Uq&);_ams'IɲʇtHCީ7; wvQG+bqg%O~șnʹ0ir^c".VZ'7ĦP|ZANTuev"(wˉ uOxEfO4fٻ^A; W8))Q%( ˛whq>ty*E3C*J~KЀq%R4^l+2(%RRE./\T̝ /i> |~>Ecب|YX0q+qIĸ>`Ѥ\n~ƍ_vǻKH» l7֥彍gX0R**;̇"6Vl"vj:JwJVUJs^rXm"vΙÁ2*{?ahp4<,7Zcif#weFmC\6vI*xv\aSs`=-sªL:IkM~7( %Ũ_5RmrvN>SneC:I͡Ҵ{I,CiXߐUa\O.>;vphΔ6 ;:r /\v2K"N+U=rLu&z+!@l*-G+ℂXU/3yy|F8H!F@6B @S7:SQnm4 ֟Ƚ/z!3#ˢ2g_\#u% )}/}GS|wck6R>AxcḒd`, ]PseE!I]:7à9&c]hjZ]¥y&6`3ViԽ6Y'=vN W'vskA6F0u2YvH4@HOζ T[ . C^*LPi}h))I:x/~@)֌HZ]j*is~ %k`|AAc^(.#JPf[CV[g}8f5떈fCIG16UN/cs dx5&NP NT-Sc X_\? Fϊ=a9{W %3zYmI"Fj):[EȢ+N1K7rqWD5.^MD,![ߢa2C8։#fOgVmG6sҶ2n)s9EC,F懞Q+~#mߎtlIRz݌E$2%W4#.@1w&(^t4/߾8B a&zIJ$e3?h͚li->^Kb=v S6nlqN@dm9qyND,p6dSdd{ j9t}G (-L(Nh[Rjx97T~.*T-'<6%1MtD_%ƪ3zbPqZV3w e"}q*1A|qA\ dP9ɧ;"0re0u0d" ?^7 ,mcrgd8s1,AZ~D4%ь=#whrkȉrmM\FΤ<;SQ$yrVC_-0ltb4{NιU.=<5lh{`i ,,cXM ;t"ݓWЀ^? BrхlD8¢Iqj5zl-GCn$ǢryHKHϠ FkueϾ~JKy)R1)%N.Խ]T~R֟V]Kh>Ơ7,|6Ќ1DM jS9hT\V:J[:(3X:xN .- EU|&) RwEn oY0y;9.2IK3Y }W.裌 Há1[iVryo$\lMQa3vm0J? =8dvYaI(WR(Xd!_"8$VY>Wo|y*zhRhm[+ IfCN( \³b s#5Ai) A*45ܻ# CiG`l66RkHIy,zfNo U̔\݇O2W p~j]i} ' 264ڦ2DKZKF^@DQcԠ״;4_WfY&1$n|\)]7=e1 5ăy4g1v6qh0/bi 1 sÈ3٪ {Ҙ]V^8=B.`0fa+Ia~P %HP ?~J= ̀Ls\E:Rolr 8K.Fd^@._EYqbe_Ùxoâ\j!ee`z\3I{#ش la5W_쟅~1f+@Iי ֯{7lSM7ʻi۽uaoib^Sf_f>?(>@. ":菭һQSB ɴq|ca2sGO 2ɰ8PkgϛԸwٙ|o@zAl*vI̝ou߈Gqш U,mcRբ>ﴟ{(Yc9AqX?v84xk݉CI;AоAXNʀ.jS QWz8Z*Ŕ0o$Fa;6 >n& G ⅆ*a7{G-x^~&@/jV XC.@^[yh#D} F̆ +룲P[5*Rj;ΜAAѳe ͕5N)'"p$?^ >-v޳wx㼉d ,=D}]wP_ԊSI֜~fLV94 .yd@Dvr#*o9o5m?'^902b$[&{S&bjݳSpeYi_eyoQKy;5v4hNGhJaƭڿ8A7 hn@t=J-G@rϣ1?:p?oDfuEz{7Z&,:*2+ƍZe`{Mr ݺ{ՎB"܀7p}h0M^|V]0z,K.st| ‰?*Pg;)Ea|H)-26*sz<<5ǖʙ_=^L9VjquR0f Á!A΂Rf{=eؖ+{u6!1b[ fJ}}s5pݘхM`r@zO,xȮ5 @LJ\\CVUC^pkXV3z۩fN93—LnWN4_mfvhi&EkPaYס7 nD"]SIC}MeaCCEޕBn])27mƮow+puZ9T?:vFʏK\M CՐ"`{T'@P 0!v SZ;iMtQ~ESi ޷DžU$3̟D=-Y34"̯5UlXY=cP rz_1:#@>D ^\!zwN~-ҋl<-9sg(r2l8'?J% d3&Ʋ/!#WoYS_FyBC e,.3ο'P#}5!1\X/g?!K{$lg^m$yl]Sy/3YWҽPݵppVQ*咘әAPx[l UIƒu59Rsf cJDh fЂ5@󙎷Ed i6%rCWIV£@vCEר`ED/ksh0deX 1qu}oFrq&t%Y4iD56O VrhZ:.(NZG3V͹tCT ZDՃ_5-uPDn@#9O>WW_OpFd_ƹq Z/u`]2/xr^Q(:N`6+ecpN[oȓ]([~ѷUKu&hQWqñf,5Fw$[r-"سũHj=  4✣Qq7Ui]0feXŀRM@as@ y/ d$\wÝ(}8K1N!mz׍^ʾvHSBF`0U/%H@~##+{$Q cҽm&,rmńُ]B\M vF`Ps*±ޖ8nyJl>G#¢6iL>>޳ j~X  001!&fªX Ζ' `FW8kAxCbhꦾEX_zRF$hzoepuD#ZH gј3$r$_%GAf5kҥZzpзJ\]Xl99[ M'7VTF$:%pFe