openldap2-contrib-2.4.46-9.56.1 >  A `p9|H_ xX{&%3]P lȘz}9<H[ЇѮpwLSIW[V'32 GcDYvk35D =}Yu-$[1e (: jeڼ(p=[Ww\a:y1f9ك$i$>l+UߍfI[fJ1nǝ1<:4$YY B@BYsD"yGc"e#w5641618576376b0f32819404dcf25c6cee8be533bccc8d7cc25015ef33cdbcbdabd973060c4ddb27931f52d11bb4239370e7dfdd!`p9|6l,:G>reL3٩l!ܖQ "wfk? G -pp^6aJwy &i^2β@ܦ+Y=% M42.ke8 r'$)IAEwܣQᚕzΘn'hn${uay;c(iȳcBiv"?v~޷~f-_u'S_ysc`@0 [AMS)`t~S >p>u?ud " ;DHTXq 44 84 4 p4  $4  4444  4 (]8d89D8:Q8FbyGb4Hc`4Id04XddYd\d4]e4^h@bhUchdizeifiliui4vjhwr4xs4yth:zuPu`udujuCopenldap2-contrib2.4.469.56.1OpenLDAP Contrib ModulesVarious overlays found in contrib/: addpartial Intercepts ADD requests, applies changes to existing entries allop allowed Generates attributes indicating access rights autogroup cloak denyop lastbind writes last bind timestamp to entry noopsrch handles no-op search control nops pw-sha2 generates/validates SHA-2 password hashes pw-pbkdf2 generates/validates PBKDF2 password hashes smbk5pwd generates Samba3 password hashes (heimdal krb disabled) trace traces overlay invocation`xinomavro SUSE Linux Enterprise 15SUSE LLC OLDAP-2.8https://www.suse.com/Productivity/Networking/LDAP/Servershttp://www.openldap.orglinuxppc64lep~ pwxi h~( 8pP큤큤큤큤큤큤큤큤큤큤큤큤````````````````````````````````````````````````````a29e90de58f7fc18fbe7962fcfbe5add2fdd3c85fe715a1d6639551f37d3936ed8c745bbdc68d698e87de683b91370a612dca90f51f79f14d38c46e47d612b083fc29e4e717f3fa44236e6b004246cbfb579d2bb816398755e4a071ede5d40ac3d7311e8a54859dbb150c0c0db5fb8f886e2ded33de2a1593da14167938c86f72f61a1ff922f16618fe8becd68d62b51badb81a6f266f384e566bed25b3c920a8286f6eb1db212022d20e0e99b72486ea5155d21614316bf15680af51bb127963592f976ca689d85c457aaec0f6af293783d07c3304f5421f3a8428416b1dbd62117f03731edf3f028d0ab4de3cbddf91e6686d7c539ba083c64a50da5131227e084b9ff54510aea552ca6661b6d9f36a00ae11a6d01401bb0ebaa0572f1606a3626bd2cec0c553d16d72f3d7f1f3731912175963b9527e9c31d62acf6e43705b13a9dcc49ef2f54f573378a09b32679cfd6b5a6ffd009998a6dea39888d4f6150ab28de8aa75ec09af5024c7bccd778602b37646a075dda5b77e2b7d48e0a17ff5303bcc6b5d36b7f6e7fa20481975e2b7fff375bab602290db5c7f796534e6d7393c586c7a6f7ab94fc8aabb432f9d168a3a2b4e28edc22d56254280e0e9146c7788713fdec6736ebadd99e17c817dc807dea3fceabdbf0cd7b17865ed827ea10ad8a6eb938a38a2f39cad093586ceaeeefbed7cac2ae4046e2327cc84ab8ad1d040e86ccb662118e9ddc449b0dde6f55fe1052a313730ff351787156706ae537d6b1b3aeb2977978a7672e76ea20f87a2fac460a2076f6f8c7b40b66679699cf9cb1bab260523d73902e3d57aac9129137d2e6f6ebe792ad2b2b62b0b3725b48517a32532348a449a914551f072f68b5b3d8dcf74a62bafd381744f0dd5c41b0b9927dd05e1b0fa4d17885adf92d2de83287ca6445027f08531867c265cc989bac0b0a13d9423b843d926e2e202e77975f3225fc78c7d913e34f23bdc6b1d8fa7c296b29698018f89f2bab899d100df95c2080ca2c3fd5b7d738926382e78d7eda2815a71475ca551ce0ef410b827274d59f04d7007c4c58e0187763f619e56bd132fa0c0a1323f07e24fc2916523838aab85e43703a44abfda0eb2afd081a5069c6d21b5904ce8fe1808a05ff29aedff36fc735fe9bad40dcf233b42edd4addpartial.so.0.0.0addpartial.so.0.0.0allop.so.0.0.0allop.so.0.0.0allowed.so.0.0.0allowed.so.0.0.0autogroup.so.0.0.0autogroup.so.0.0.0cloak.so.0.0.0cloak.so.0.0.0denyop.so.0.0.0denyop.so.0.0.0lastbind.so.0.0.0lastbind.so.0.0.0noopsrch.so.0.0.0noopsrch.so.0.0.0nops.so.0.0.0nops.so.0.0.0pw-pbkdf2.so.0.0.0pw-pbkdf2.so.0.0.0pw-sha2.so.0.0.0pw-sha2.so.0.0.0smbk5pwd.so.0.0.0smbk5pwd.so.0.0.0trace.so.0.0.0trace.so.0.0.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenldap2-2.4.46-9.56.1.src.rpmlibtool(/usr/lib64/openldap/addpartial.la)libtool(/usr/lib64/openldap/allop.la)libtool(/usr/lib64/openldap/allowed.la)libtool(/usr/lib64/openldap/autogroup.la)libtool(/usr/lib64/openldap/cloak.la)libtool(/usr/lib64/openldap/denyop.la)libtool(/usr/lib64/openldap/lastbind.la)libtool(/usr/lib64/openldap/noopsrch.la)libtool(/usr/lib64/openldap/nops.la)libtool(/usr/lib64/openldap/pw-pbkdf2.la)libtool(/usr/lib64/openldap/pw-sha2.la)libtool(/usr/lib64/openldap/smbk5pwd.la)libtool(/usr/lib64/openldap/trace.la)openldap2-contribopenldap2-contrib(ppc-64)@@@@@@    libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)liblber-2.4.so.2()(64bit)libldap_r-2.4.so.2()(64bit)openldap2rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.4.463.0.4-14.6.0-14.0-15.2-14.14.1``KW`/@`+_@_@_/@_FN_?@^^^*@]B@\ڭ\r@[H[@[vZ@Za@Z@ZZ.s@Z@Y*@Y*@Y@Y@YYp@Yf@Y7Y6@X@X7@X$a@XWk@WbW;VVɦVŲ@VŲ@V@V@V@V@Vf@V^@V\:@V@V @U4@T@Tuwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comvarkoly@suse.comvarkoly@suse.comckowalczyk@suse.comckowalczyk@suse.comzsolt.kalmar@suse.comzsolt.kalmar@suse.commichael@stroeder.comfvogt@suse.commichael@stroeder.comrbrown@suse.comjengelh@inai.demrueckert@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.comhguo@suse.comhguo@suse.comjengelh@inai.dekukuk@suse.comhguo@suse.comhguo@suse.comjengelh@inai.dehguo@suse.comhguo@suse.comhguo@suse.comjengelh@inai.dehguo@suse.comlmuelle@suse.comhguo@suse.commpluskal@suse.commichael@stroeder.comhguo@suse.commichael@stroeder.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comrguenther@suse.comjengelh@inai.de- bsc#1187210 - Resolve bug in the idle / connection TTL timeout implementation in OpenLDAP. * 0231-ITS-9468-Added-test-case-for-proxy-re-binding-anonym.patch * 0232-ITS-9468-back-ldap-Return-disconect-if-rebind-cannot.patch * 0233-ITS-9468-removed-accidental-unicode-characters.patch * 0234-ITS-9468-documented-that-re-connecting-does-not-happ.patch * 0235-ITS-9468-summarize-discussion-about-rebind-as-user.patch * 0236-ITS-9468-fixed-typos.patch * 0237-ITS-9468-always-init-lc_time-and-lc_create_time.patch * 0238-ITS-9468-do-not-arm-expire-timer-for-connections-tha.patch- bsc#1182791 - improve proxy connection timout options to correctly prune connections. * 0225-ITS-8625-Separate-Avlnode-and-TAvlnode-types.patch * 0226-ITS-9197-back-ldap-added-task-that-prunes-expired-co.patch * 0227-ITS-9197-Increase-timeouts-in-test-case-due-to-spora.patch * 0228-ITS-9197-fix-typo-in-prev-commit.patch * 0229-ITS-9197-Fix-test-script.patch * 0230-ITS-9197-fix-info-msg-for-slapd-check.patch- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. * 0220-ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. * 0222-ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. * 0223-ITS-9427-fix-issuerAndThisUpdateCheck.patch - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. * 0224-ITS-9428-fix-cancel-exop.patch - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0218-ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0217-ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch * 0216-ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0219-ITS-9413-fix-slap_parse_user.patch - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. * 0213-ITS-9406-9407-remove-saslauthz-asserts.patch * 0214-ITS-9406-fix-debug-msg.patch - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). * 0212-ITS-9404-fix-serialNumberAndIssuerCheck.patch * 0221-ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). * 0215-ITS-9408-fix-vrfilter-double-free.patch- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. * patch: 0211-ITS-9454-fix-issuerAndThisUpdateCheck.patch- bsc#1178909 CVE-2020-25709 CVE-2020-25710 - Resolves two issues where openldap would crash due to malformed inputs. * patch: 0209-ITS-9383-remove-assert-in-certificateListValidate.patch * patch: 0210-ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch- bsc#1179503 - fix proxy retry binds to a remote server * patch: 0208-ITS-9400-back-ldap-fix-retry-binds.patch- bsc#1178387 (CVE-2020-25692) - unauthenticated remote denial of service due to incorrect validation of modrdn equality rules. * patch: 0207-ITS-9370-check-for-equality-rule-on-old_rdn.patch- bsc#1175568 CVE-2020-8027 openldap_update_modules_path.sh has a number of issues in it's design that lead to security issues. This file has been removed, from the package, and the %post execution of the install. The function is replaced by /usr/sbin/slapd-ldif-update-crc and /usr/lib/openldap/fixup-modulepath, through the addition of the source files: * fixup-modulepath.sh * slapd-ldif-update-crc.sh * update-crc.sh- bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. * 0206-openldap-tlso-use-openssl-api-to-verify-host.patch- bsc#1172704 - Change DB_CONFIG to root:ldap permissions. - bsc#1172698 (CVE-2020-8023) - local priv esc via start script chown -R on olcdbdirectory path. Remove chown -R on start to resolve.- bsc#1170771 (CVE-2020-12243) - recursive filters may crash server * patch: 0205-bsc-1170771-limit-depth-of-nested-filters.patch- bsc#1158921 libldap-data should be requires, not recommends to help prevent user confusion around configuration ownership.- bsc#1143194 (CVE-2019-13565) - ssf memory reuse leads to incorrect authorisation of another connection, granting excess connection rights (ssf). * patch: 0201-ITS-9052-zero-out-sasl_ssf-in-connection_init.patch - bsc#1143273 (CVE-2019-13057) - rootDN of a backend may proxyauth incorrectly to another backend, violating multi-tenant isolation. * patch: 0202-ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch * patch: 0203-ITS-9038-Update-test028-to-test-this-is-enforced.patch * patch: 0204-ITS-9038-Another-test028-typo.patch- bsc#1111388 - incorrect post script call causes tmpfiles create not to be run.- bsc#1114845 - broken shebang line in openldap_update_modules_path.sh - fix the script- Emergency fix: move tmpfiles_create post from the library package to the main package's post script, which ships the tmpfiles.d configuration. Fixes the post script of the library (-p /sbin/ldconfig does not allow more statements in the script). - bsc#1111388 openldap and /var/lib/ldap/DB_CONFIG* (transactional-update) * source: openldap2.conf - Added a patch to let slapd return the uniqueness check filter used before constraint violation to the client. Fixed broken memory handling in affecting error response of slapo-unique ITS#8866 slapo-unique to return filter used in diagnostic message * patch: 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch - Don't require systemd explicit, spec file can handle both cases correct and in containers we don't have systemd.- Fix CVE-2017-17740: when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack * patch: 0017-Fix-segfault-in-nops.patch (bsc#1073313)- Fix slapd segfaults in mdb_env_reader_dest with patch 0016-Clear-shared-key-only-in-close-function.patch (bsc#1089640)- bsc#1085064 Packaging issues have been discovered around the openldap_update_modules_path.sh which has been corrected: - the spec file was wrongly configured, therefore the script has never been called - the script should create the symlinks first, as slapcat is useless on a system which is already affected.- bsc#1085064 Add script "openldap_update_modules_path.sh" which which removes the configuration item olcModulePath in cn=config which is after upgrade from SLE12 to SLE15 holds inappropriate information. If the cn=config is being used on a system, the conflicting items in slapd.conf are ignored, despite of it, the backend DB configuration section has been also commented out in the default slapd.conf. In case of correct cn=config (the olcModulePath has been already removed), the script stops without touching anything.- Upgrade to upstream 2.4.46 release - removed obsolete back-port patches: * 0013-ITS-8692-let-back-sock-generate-increment-line.patch * 0016-ITS-8782-fix-cancel-memleak.patch OpenLDAP 2.4.46 Release (2018/03/22) Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717) Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373) Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687) Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791) Fixed libldap MozNSS CA certificate hash matching (ITS#7374) Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389) Fixed libldap MozNSS initialization (ITS#8484) Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650) Fixed libldap memory leak with cancel operations (ITS#8782) Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705) Fixed slapd to maintain SSF across SASL binds (ITS#8796) Fixed slapd syncrepl deadlock when updating cookie (ITS#8752) Fixed slapd syncrepl callback to always be last in the stack (ITS#8752) Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778) Fixed slapd CSN queue processing (ITS#8801) Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720) Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520) Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226) Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404) Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692) Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752) Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100) Fixed slapo-syncprov memory leak with delete operations (ITS#8690) Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444) Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100) Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607) Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800) Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486) Build Environment Fixed Windows build with newer MINGW version (ITS#8697) Fixed compiler warnings and removed unused variables (ITS#8578) Contrib Fixed ldapc++ Control structure (ITS#8583) Documentation Delete stub manpage for back-ldbm (ITS#8713) Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121) Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818) Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715) Fixed slapo-syncprov(5) indexing requirements (ITS#5048)- Use %license (boo#1082318)- added 0016-ITS-8782-fix-cancel-memleak.patch- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Add openldap-r-only.dif so that openldap2's own tools also link against libldap_r rather than libldap. - Make libldap equivalent to libldap_r (like Debian) to avoid crashes in threaded programs which unknowingly get both libraries inserted into their process image. [rh#1370065, boo#996551]- use existing groups instead of inventing new ones- added 0012-ITS8051-sockdnpat.patch- updated 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch- Added OpenLDAP new feature implementing OpenLDAP ITS#8714 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch- added overlay trace to package openldap2-contrib- Upgrade to upstream 2.4.45 release - removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch and 0012-use-system-wide-cert-dir-by-default.patch - added 0013-ITS-8692-let-back-sock-generate-increment-line.patch for supporting modify increment operations with back-sock - added overlay addpartial to package openldap2-contrib- Remove legacy daemon control that was used to migrate from SLE 11 to 12. (bsc#1038405)- There is no change made about the package itself, this is only copying over some changelog texts from SLE package: - bug#976172 owned by hguo@suse.com: openldap2 - missing /usr/share/doc/packages/openldap2/guide/admin/guide.html - bug#916914 owned by varkoly@suse.com: VUL-0: CVE-2015-1546: openldap2: slapd crash in valueReturnFilter cleanup - [fate#319300](https://fate.suse.com/319300) - [CVE-2015-1545](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545) - bug#905959 owned by hguo@suse.com: L3-Question: Are multiple "Connection 0" in a Multi Master setup normal ? - [CVE-2015-1546](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546) - bug#916897 owned by varkoly@suse.com: VUL-0: CVE-2015-1545: openldap2: slapd crashes on search with deref control and empty attr list- Drop binutils requirement; the code using /usr/bin/strings has been dropped in openSUSE:Factory/openldap2 revision 112.- Remove superfluous insserv PreReq.- Introduce patch 0012-use-system-wide-cert-dir-by-default.patch to let OpenLDAP read system wide certificate directory by default and avoid hiding the error if user specified CA location cannot be read (bsc#1009470).- Add more details in the comments of slapd.conf concerning file permission and StartTLS capability.- Test for user/group existence before trying to add them. Summary spello update.- Move schema files into tarball addonschema.tar.gz: ldapns.ldif ldapns.schema rfc2307bis.ldif rfc2307bis.schema yast.ldif yast.schema - Package previously missing schema files in LDIF format: amavisd-new.ldif dhcp.ldif dlz.ldif dnszone.ldif samba3.ldif sudo.ldif suse-mailserver.ldif (bsc#984691) - Fix a minor issue in schema2ldif script that led to missing attribute in the generated LDIF.- Enable build flag LDAP_USE_NON_BLOCKING_TLS to fix bsc#978408.- Move ldap.conf into libldap-data package, per convention.- Move ldap.conf out of shlib package again, they are not allowed there for obvious reasons (conflict with future package).- Build password strength enforcer as an implementation of ppolicy password checker, introducing: ppolicy-check-password-1.2.tar.gz ppolicy-check-password.Makefile ppolicy-check-password.conf ppolicy-check-password.5 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch (Implements fate#319461)- Remove redundant -n openldap2- package name prefix.- Remove openldap2-client.spec and openldap2-client.changes openldap2.spec now builds client utilities and libraries. Thus pre_checkin.sh is removed. - Move ldap.conf and its manual page from openldap2-client package to libldap-2_4-2 package, which is more appropriate. - Use RPM_OPT_FLAGS in build flags. - Macros dealing with old/unsupported distributions are removed. - Remove 0002-slapd.conf.dif and install improved slapd.conf from new source file slapd.conf. - Install slapd.conf.olctemplate to assist in preparing slapd.d for OLC. - Be explicit in sysconfig that by default openldap will use static file configuration. - Add the following schemas in LDIF format: * rfc2307bis.ldif * ldapns.ldif * yast.ldif - Other minor clean-ups in the spec file.- Use optflags when building- Upgrade to upstream 2.4.44 release with accumulated bug fixes. - Specify source with FTP URL - Removed obsolete 0012-openldap-re24-its8336.patch- Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch into 0010-Enforce-minimum-DH-size-of-1024.patch- Upgrade to upstream 2.4.43 release with accumulated bug fixes. - Still build on SLES12 - Loadable backend and overlay modules are now installed into arch-specific path %{_libdir}/openldap - All backends and overlays as modules for smaller memory footprint on memory constrained systems - Added extra package for back-sock - Consequent use of %{_rundir} everywhere - Rely on upstream ./configure script instead of any other macro foo - Dropped linking with libwrap - Dropped 0004-libldap-use-gethostbyname_r.dif because this work-around for nss_ldap is obsolete - New sub-package openldap2-contrib with selected contrib/ overlays - Replaced addonschema.tar.gz with separate schema sources - Updated ldapns.schema from recent slapo-nssov source tree - Added symbolic link to slapd executable in /usr/sbin/ - Added more complex example configuration file /etc/openldap/slapd.conf.example - Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap - Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap - Added patch for OpenLDAP ITS#7796 to avoid excessive "not index" logging: 0011-openldap-re24-its7796.patch - Replaced openldap-rc.tgz with single source files - Added soft dependency (Recommends) to cyrus-sasl - Added soft dependency (Recommends) to cyrus-sasl-devel to openldap2-devel - Added patch for OpenLDAP ITS#8336 (assert in liblmdb): 0012-openldap-re24-its8336.patch - Remove obsolete patch 0001-build-adjustments.dif- Introduce patch 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch to fix CVE-2015-6908. (bsc#945582) - Introduce patch 0011-Enforce-minimum-DH-size-of-1024.patch to address weak DH size vulnerability (bsc#937766)- Introduce patch 0009-Fix-ldap-host-lookup-ipv6.patch to fix an issue with unresponsive LDAP host lookups in IPv6 environment. (bsc#955210)- Remove OpenLDAP 2.3 code and patches from build source. Compatibility libraries for OpenLDAP 2.3 are built in package: compat-libldap-2_3-0 Removed source files: openldap-2.3.37-liblber-length-decoding.dif openldap-2.3.37-libldap-ntlm.diff openldap-2.3.37-libldap-ssl.dif openldap-2.3.37-libldap-sasl-max-buff-size.dif openldap-2.3.37-libldap-tls_chkhost-its6239.dif openldap-2.3.37-libldap-gethostbyname_r.dif openldap-2.3.37-libldap-suid.diff openldap-2.3.37.dif openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif openldap-2.3.37-libldap-ldapi_url.dif openldap-2.3.37.tgz openldap-2.3.37-libldap-utf8-ADcanonical.dif README.update check-build.sh- Upgrade to upstream 2.4.42 release with accumulated bug fixes.- Upgrade to upstream 2.4.41 release with accumulcated bug fixes and stability improvements. * Add patch 0008-In-monitor-backend-do-not-return-Connection0-entries.patch * Remove already applied patch 0008-ITS-7723-fix-reference-counting.patch * Remove already applied patch 0009-gcc5.patch (Implements fate#319301)- Add 0009-gcc5.patch to pass -P to the preprocessor in configure checks for Berkeley DB version- binutils is required for "strings" utility invocation in %pre [bnc#904028] - Remove SLE10 definitionsxinomavro 1624440263  !"#$%&'()*+,-./012342.4.46-9.56.12.4.46-9.56.1addpartial.laaddpartial.soaddpartial.so.0addpartial.so.0.0.0allop.laallop.soallop.so.0allop.so.0.0.0allowed.laallowed.soallowed.so.0allowed.so.0.0.0autogroup.laautogroup.soautogroup.so.0autogroup.so.0.0.0cloak.lacloak.socloak.so.0cloak.so.0.0.0denyop.ladenyop.sodenyop.so.0denyop.so.0.0.0lastbind.lalastbind.solastbind.so.0lastbind.so.0.0.0noopsrch.lanoopsrch.sonoopsrch.so.0noopsrch.so.0.0.0nops.lanops.sonops.so.0nops.so.0.0.0pw-pbkdf2.lapw-pbkdf2.sopw-pbkdf2.so.0pw-pbkdf2.so.0.0.0pw-sha2.lapw-sha2.sopw-sha2.so.0pw-sha2.so.0.0.0smbk5pwd.lasmbk5pwd.sosmbk5pwd.so.0smbk5pwd.so.0.0.0trace.latrace.sotrace.so.0trace.so.0.0.0/usr/lib64/openldap/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:20172/SUSE_SLE-15_Update/b7ae1001d01277cac95dbc0f9100014d-openldap2.SUSE_SLE-15_Updatecpioxz5ppc64le-suse-linux     libtool library fileELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=2baa5fe8f0f3e6b52f0844389e647c84b6ff0847, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=66d70d67ba3ab792cb5c1b94a2b175d762fb65ab, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=1114772628a7ea82ef562bb71b428eff271f4d5a, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=6fe1023d1708fed70e407f0134e7fd4769bb325f, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=cb35c9507f5c3b2b8cc1e4b8b426a133bc86b7a8, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=7d3e5014e4dbf029059130c8b1cca5ed40be7f42, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=6c3ba9199876406e30d2054cba7e62b2a0c77fd6, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=113ca2af875f7c07ec3a5e0c7f4122cf57f04866, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=fb227689d75e14a43e2cb09fac4e8f287729d91f, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=54873fe53c32cf3c45227818457ede9db82bd576, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=63ebf6ca615ac87030b041d40765b721317dbfb8, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=eed35038915c38d769d0a7c4c88ccec2cd1a1f51, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=5c2231db5cb21c36f6987ccb21186d2418f54604, stripped "#&'+,/067PRRRPRRRRPRRRPRRRRPRRRPRRRPRRRPRRRPRRRP RRRRP RRRP RRRRRRP RRR+:i_.fEoutf-807c01bacf4300d7d13a8cfade4abc2606d1e9b542a581662b744b8a878348828? 7zXZ !t/] crv(vX0^3VB|?igN%@J]0~8KݞfyODUS۔kKt(6+ ײrx{eT(yK<̊nyd: \Z08-SO P T4]KOVk-˘d\^ZB~\-9GK˝ 9s K , 1peQ⹷ퟹ؇+I#!N,0 mrބ^,PP>>}a~$:|(C$@0`<#m>LjB1^Gur\o՟ݻysZZ?8_@ggs@֧^A7FnxhR"I^n\rq(ϗ d }3!Ё cسz}q/Vt$7/2?$jy~ [rh?[r}ͅUi! <I-Mlթxʚg\#tt}z9Zn'Rاƚ5חYKS`f E$кbɗjỌ͢<BLLC {^-}X:J|O~7Q |aH <Зe&h.@PQ`뜷^84)iAɑ[5_#G7Gv~~fhah1oyK'ô%w˙;RE_gM$ayĂnHTb\z&Df<ߊ>|RC6*/\y6eF#9{s$rW;6I @iX=0 :<`7m/^3 X!>;1?N?n ? b\EC˙9t acLIt0s7d"*%T0W~jsؽ 麗ͽ8&ބ9mvlKOv$TzM(l8 .^o"90u)7uTк2ݻ?nQ~xJ,9  \hoՇ,x(7D;ijj*^Fh"@wr knrI|Cn Vјɍs`#n)Z₷'z9Q~)m[-h<CqQM>j[f罘<Զ5]V{Į[­W/f&OhK<U' p<*ȟ~ z#O^k5m߲Z@|k+~81MdBɃMFTxぅN7'< !yī,\h&0N ^X#J(L-3hYU]U&J7>A?;)Nc<^B-jj9OJEO7SB[tJ޵Fykn[ 4ƭ$e'd{ppԬVN7W"e9$ՒP-Ce!"̞!et.&7XC [:Tl|u*|4i'{_ˁ`Q XH^N:=-0?K_;1l?Ln{p9I:Svx _e\]M0R=V< A!uN/ag$v;ꨐIuqvq]˘K`UXW\l~z`BH.;{G |?.|+L-ZZ7@Mט/` ؆n׷=?h *nx6'CD;<Ўcɨ=_Xʖ^XFTP0$BC^scrbUۊ>ɂlg킲ZjP:35Ng:k JpMBI'P| Qvّ:,V@猺tLϝGv,BP RĮs@u?3-- i=1F@o"Z*{*n,JXx[Um*g\v#ID Zz99ǃviPpa,X)~#L^-PEc:cygZq OTrA`H8.Xڣ*Yчqc!:YWD'U O0HG:Mg,曃Wwayhae*OZ`gG[u)w|x;GF Y"U^ds)"CD>**w`bQT]ǺA,3N5d$k"sAi$K봨yўKCpxFg1ä% gM{TC(t}.FDT$J $_t^qA(֥-B i۸M? xZotcxF.lj^ C]*C,0~DH-YV}xL ^ցE.k GdÑ峻)[pJ}h_0#$!FdwO5`\+<AR -Ff#zO,R^^!{uss$q Ebrš} ܭm69v!6LȈm&5ξ͐_7?v/S:L,1gKrd_C /$Yl;eé+RJL"Wňu8;]H\')$rZCJ{Gܤd1e!Vfܴ VkW%6wU`WIkQ % B;@ňH~_>|aL Ns" "[t]],z,' Qxq|A(=%w /8C-)M)h[ClĆxM7X|+y2x%b6ɎmAR"@m3v`å:uɓSòl:{yFAl1F)<,QxAf ګSN[BthD4ntVCI G)tp v@0nw0_^:hDyQ+#Eg bhw U ͷ?LPV$g4vMŁ\G1cu(zxiZa7{;tcfM𐚰Bv#'AggH2,VW)&-*)7Ɠ\I|%&L)DI2e^F8s8$YK>cxrς/ ^mkr$ނX9[GuLzb3&&PeZR bhȬ xZ:[ e(! m]$Z>A-z )}Ej,'!"h-#:g5Ybs|O@9V|.ZXAְYȾTUQ0+rHtT+*h疗Am566|kG}`l.tzdhF}ҽ?>tmsJ* rNl@*R 'o?C2TЉo1WK)8|̇6zH/%[j"-sNݶSPi=`zB<&[fm&6$vXp°뎒CN?-uC(:g DyC"Y)*6f`+܇sUh uaٚ{ ,~r`M;ʸDklm̸(V3۬D7;ߍ"6o>ą7AXd̖g71y.yOt@F]y(rR-kSm6Nn’Hq[R2`|?F, GRCx\^2o K[%\o-Y{uw=k qǵSƞi}!#)$xǛ9FSM2 1$;p ~HqIUr@HD1`c[d菢7h!@c줔wm<(Ă+۰ìnQE"nJQriqGL Vk6#71MTtX Ʋ@vン,hcMaMj#q( ca9 ύkڱ^6 iĽM@g%hM;S1C ]?Zd߻YmFՓ^s?t^ćJ$&K$RM3E^`]ѳ~Bzdy|_j 2mIc8hm&5ЍMv> ]J (8ߋMgbƔ 9=DE3ЉO ¯Y".TT"Qs\k7hjR@cKJ``&BN,A9EcO`꘳^J,^ZZP!p~T:|%40S%u6C'AsgkDl-+ U% TZ[rI[,C\$vQOhVlX[*6-Nk]kq  &s4bI55lU".K}C8u\X )}Q29U)Edoj{uV kG'4DxW8нvSPu_Rkdog&[T"\%(zi䟅hiѰw|w|/[Qݖ& pxrBBk}`G iBzZ. jɖ[&jq"lЅ%f7ݨޘN<E[϶iQO &B "+i2RMB&5QC/ Wp)=Ef}mtD\@;Ē)ZQhvnF XfzPTñT[_^p.qQJH"x Ơ3uQ)PEPɿxNL:}cWCSs}P7ma[ΗkmvnX>G^!fI|ec5p0I:%6;xu0_orx]Jrs{"P,T&,q>"!ԢR/ndW.@GPI ` ` (:ɦI}cF]g VNf~p].*<;<75N(tlLs6u.kڜ fbVȒ:QYeٝӥJ <%a q#%ehvI06Bmqg};Q6T"iPD; W,z'n xXk|IX[Y~/h='!0JUeR A Ͼh@_;.mBzCZgo,0d7 r6{[>16mӁ'g80:o,Tυ_?b4@׃nї$]ф~?`sk )l/?g4r(y"+)K6CJ("LL/{ %j uߞM‘aܓ@ ]S{uTLo``3oѹ{ޭ?3P XnMi+-f+wqE)#FtQ  KlV<Bh ܴlaUƔTV6đ$1V&nj]}^XpavU# <^^&)cSnyыDzv4 nϸuǍDJ!~h *)S%O 7LƥFRgPcA4t?" ,-EaG veUmyna[1q׼ f9ht+at"iV-]6ύU4X:˅'_LJ{ N/30k6)vFcg,΍!8_cCMEs{AOQIŵZKw7i[:?phKcUp@eڇ=<`l_^~^6NXȀĻ2Ζnpw2NR393J=>L)NqQ %u [І\eo9+yF !J]I -}$' Bؠ-_tJQ%7(2])n=uj`ŕW4D7 *Ge:p (s5upy5i?Xs +6Y4Z@'D9+`Ed $UJ)觱f+kÿfʿm&HL1Dq+zS(DX%EsA4L0bLh{0?u>lDtr>R>`ټ kx@Lmct|Fy6Ge5n|^rqO/c@l|vۥ7=FڡsW,ћ VBD(* TӐa"JT QF(:F}ܡ;6 YLdFO4G4aO8rH]Ixt#e7_GU4Ƅ'C y| ߶OO`_VWW0+5nd0J˨ļZh !4g)l#/hӉ)]Q 1|j1~~D@m.~n1{m`=8JKزf>(0OWug m, Kĩ e_[ѧij ڗiU|V,u Z$!fnA)$_C3(5 v* ,_Ίzѭ2b;-)ZH]s9aPT +^rA V ,L!d3MfcC1냙~鄑>خA8~Uݨ@-%>Ǹv*{þR& ,ܬkZ{+~ùh&K/ ]E,ot x(_=4l&ْY ԪxvZ-sZ8.<8N3ӱ(ߐSxC.2lk:ᰣ(Q3\52$ќ$H>΂hýb&#rEԱzޝ84 #8}(i_75`?w8.uWykTD -lpa=u4g[]E&k ,[ hGQp3of#l)x75FM9sx4(!BE2)C~^?39{ta]2Ӡ;*ݯHRe9:ŷaz܍TK6RHȘyC vMdMsG|#aH+=[zy`/ty8r8= 2H5y;r T/{-| &9݈eևh `6ʽq:ÃVEn̈́:VŜc|T~ gX ? Bs8|!QB+}m3_"U)-ym;,<=IY*N7M S勽|ҬM;ηgXZKbQbwk+Nd|gMӝB(hv.BQ]4;p Z.cOMς%< ,m7NNeBW>YE=]G鰂ۇljo@-LJdW@>6ǼՖ) 9}o|߭Svf=*f.#aЯoDN냢D5({G3=*fYKӕ;wHԫs\$>SLZ1ZR; 90l)Ӓ !x)g mFĜJbd'D\QBa5Qʑ8 d})Ui& HDqg`IJD%-%a&շ^] fWuR7O?B's÷.qpJ|W`^`8/\f 5NTmVQpN$p,'OXmC5QicȚ=;eMTe)ӦNa鋮ͧrg.B|glbDϛT X-8@wTz#,'R\J5ƶG ){4K[\,|1Vht8UE,)|lÖ5H2ܯLˍ}AZ K#} o!0u)`䇕ڞ'{PZZ!naМ)BC.amb ŬodYXF'.YKpfO8߁>=_č:zE_9,S!Ǯ f)&룕sLnT W3o|,>T̄;6P5fg$q}c~FHx:Z 3Ӽ^y؂J\2rB.^H &)7J*KhÀjKrtF}Sh82,SL ;Kf[Q75F qL6XbLF$ i@fFs! !PpWŃ0(" g%Z%Xfcw7i3{y!x;"-*]mCWJTˁ6Bb%ȅ| &`|?d~q.`:fg4g ^+<38"Ӑ0]_+ /z'8nj`ᬑ6%t}f1ט=!KzcpA}t,LݒA&P`<b?;Zř#*7p ,_@]} r3x`45рYI^ܓca !ǧ8*_ w/>50~7(,.lm,U#zSˤ DjL?Tc?ϋ< 54(b=xG@%,l9dWL]0\ߧĻUݙQP]jwթھl^s"i tnԴ )((ZK wIzl eWq`uTh Z"Uد@ W~q*' Q[}7]y/x}"J>Kۢ`)+uw!O.ˉ]+̎g~գMzڰҾM4AdtѓtVR?d@˱oԒ޼t:;o1J`>),HQs|Cd qfO1&D)@CS?GGTzeA).ҡF{e*!w.T|Bb晢3)S>-7lbH^tj=CZ#{, )QkChޒ~cȡ<67HV-5IY13+M*]1F^R&EHz+Y#ڑQ4Eo]2u7@|{yEs Zy'=߱y ).S`nIywrA1XYLj ȏ+{#g]!wgU;Yh#[|エ[&r̉% EPnϻܔT)w|J3u:i Ta+.}샀*hjl4(B<+k$։ms 42DI*62U'u}KAB,0x߄I5T9M &~'#]WB꧍3?hXƏ???Ѳ}>o%8|APMk[x-j<7h˨n76"|}LWՉ=S_Q.~'`*w)d|Ԑm\4!o~m ܞ;7E%[L2ҿw!ìE q{ W &5N89J0 *'y~S&~Hn}>Dv` t3s s׉Apߔzf .}Xo9*z3aq}gG]nMVPTq$a~$} BX%ZI9e[Li)GRr^( BtW?c' G ۖdh?Icn7?(Ѡ-;8?jАUfqc;%̑r[.ʚ4GgL>w"t,ߗH*Pŝ<*vL[U9+-Oq Q,%c-6!? :M.Bb3#Ŗ ŊesO'ֶTSef܋'Lʼn%<_9ART"QX0Q ҟ褌2Iv '5={oYܓ J;X2I\ Qyrc|| Uڎ E66ӫU ~k,Cٯi=fXN# 6.[#Z1ʹ-k& h(2`Ui3{42 jС#ԽB1+^(ԛ \@H!knw]y/R||Xx7je ؉u3Wڪxg ͆K,|'{h}M6K/"kPwPR[Qr$GyYvvU}yzvUrTlQ+yTO=pl'}hs|:f%'1b]f %TA2X9O'݅0:Q֣H1{Y*lu{â۠QLpjkzV24HS}/ PA`D>A?!?sL$% cZ (ж'7Rm k)s9%!SQ6'3URF2_& d#B5_lL$3$yv:ЂKk#3/lx)mY$Ծ/yo:CJP&B)y^>d7&0yKZ)'M@6ڳ1\?erZ@"z<`tNryxurz,`BQ&;'kUzf3(jIC'CAT׾z8˜aa? sY C :G0^YbpƢ%,#~Rmz)Rw_KHdC:xR C@QqM)B9J-$ޭSڞ7ht'u,8 %Fu/v!"1F4UE[ NUت}cQR MA6O`ԣU)x 7 Di3˼| m')(3%ah$*o298hc"+  6ʋtKTx/˹pDQF !exd%K?ueaY:W+RϢ\!*[RP0G_EA#&9_f<+1&lŽ|Q+dO =0 y:rqu&Q fdֶ٢ӓ͈a4$Y{̯詽Ht:Nb3T0{o6Î0wKA 2^9-G$tO1J)ʻ L~V[;Wa ;P\wXVfEkǶ$x QGJ* r$Q.4Gz/)tȺЁV+ӵ;R;Cm(Hۗȴ>bBMQG 9+I:އ-B G?˹ E{ٴ I<5_ T-ގá&uhH1eh4ʳaȌc PKYs$Ɋɤ@,cLR|w ގE۴KfD?ElR<%#5'$*}W$j~1zfOV8a㊴ԄN;+p.A !ur7/~ݽ3;;jo,Q7"Aº_}3op`GXЄR_ԥڭ΄&҄m]-SGZG*]`Nnzw'[K2 }9aWHMZ,<#tߪiC]E{:1, *(8 *<^ ,4-|{ae񱐺Yc{UT~3 jwekϷx %$zJ$ŧ EU?ny06DQ$+^XV(Z) =Kɏnwc>Ox]:w8 [cڷo2Ń8jI,Co6ӷ,A\s1ێrtvnsS\bP>i1 l C}^xw14D3]MOgϭˢ a￈o]lַuu]1z}߽/Q 4b𧻃:Oc:x=@i3W.$>C*7s̑}: CMUMZ57!!|`N0e\# a׍B/ȻՒ%{̃qEZ95A̵.{uy2u.*%_)x!R=3pK=Ack"& 16F&JF*Kԍ =hi*GiOy^:v.!Լ'X[Ͷ‘]t_9>ާ=|2B_z((~P.wCxe Xt`(MJXy.r2u 1oun>ޙ听bD5ԦO^(OT-`BT )tP 9KpV Zzmro,pnqBO >ߏZu|q S"I2Lv@,Y[ϻW/U4\Ha.Q)RΣhSLP0,)T,RAgT``['[p")& OG[*u &p^W`CNg~W('Px݈7B›W,sĔqgo9 {,êML.+T^Xd}2sʍx o0!닶!C?ŽrA*o(0)3k:+5#B 1UWť56 iK:E ՓD U5.{iIhZ$o;!TK孼@A )Fi<A-,'9&o^,x.^ly6G.G iǜjj<aNA \Z@ʾ1 Bma)2[8r 4P_d@:TduX>bb[Guo]dS߶%-%>oȪA&6Tղk[unz^K[2%R]H Y"dOq_:<a0|YOJ2εwzӞ 0$ oɘuBxN&H;ČC~>Dx1YxQcil'*wl~ŵ˽@ ƏDxqJʜlbE*5 bKؠS#:9)N;ϩ턢& p4.'1̯}wqfJ"*yKܯ&V<\,)cGx =m6r(=G<,6ᥱm5kü6!(+7Ҏů]~+;z-{c4`lS9O$d'e%h4eqCp5@ J,f_ΌfZ&G 8EBJ-YKGNA'0AI\(TA \z.y/I:¾b&C `n#z$i2R`\** ZEPڠ6ƞ0Dq b;?nk!S̗6hE0ilQyD0Ń9@s$V#ې=2&8@6 );tzd.D/jfSd{-n$\m W 7M6+`)^"6ՏĪκ\O~YoNt*?R:$u:&W C| OGJ!jǩ ,瘜 $s:SU+&qAŶ+c9A>BB dUYL$O߻/^E`ڻ @]]+u t(KXCYh@sұx4L԰erS{lH_j["(E(""i ĩ_nV˵ܟ3ϻkɡX?ЈW>>%+K6z]gw?,^Hf}n )'7TP 7+U:2Yog55:$n7S8s&xOdVw p63d/KKG"2 )"ݢ[A --C ["1HR@rG Dož7aVpu:6-8i2A4 =F yTɁMhzwlmtԧr>j#ZEAԲaA!!ؚ8gG Dg{Aj5ETU L֣` WU>Tؐ)?әTcJ_M+}y3n_.:nlLgx޵@`^tA~oTakלw%h%?c~Ѕk".#,g [mq)o骛Ҧ,5%kI&"~8rsA|y2YѤmS5D=;g1]Yȯ̆*x 9̱|rCoF̆ӡQJMޠ`r3-Y ٽQ/?j,HђIo 5 r8ᄩeUOp"4 }BO4Y{ĹEw=fiNd<~^«1M8s3,DazF(ߍ Ot۳!3SŝK/rx8MIgk?۾VNDs7䜵*h,{G90૚AR̠J%Z|54DyǙBS/)Yh,#bs5w1iOLtFI'+z<ݵH%wKz#WbHnVXT#fv bp%RAX@[) ScɷrhI>sj3/^7|'&*<4.#ې֏-j:faO&xDMha4cp3@AĪ> RͩtèuL/=;CDë?gF59'#Ξ2qM_ޔH$juUٴ/ b!V0, >)(\x#!AJ1{Ȇ:/>ZsM*(BG[:!A󸤈^jB\8$]XR9*wV@=wcO}QfٰϐqBȭiQ–/gM=|n?([I" $Vecq940U;ce QWAFYc,g257$W&ǀLfݛW\N]Gdy?JF!>veExU'L1L-JK |,^"TgOo"sT%h=mU? $~"UJKj|; a.o^T\jH *"}3Grޤ :yZlOyڍdbQDO׮/2) ÏƖq>73 mlɲ3kgDJZ(}m3mͧqr?%nTG5Bٛ=n 7ZK^A5.sxaQ$K/vpLTuc\'ZA'<{BT]u A&o7i,^" A_"ʱ}UL-ոg2{닄 $~$7\:׃hJ'lԢ;#aS<|8s7c (fC0Wf_?Q#,LmU_%⻗OҠ)8i:;dZ<(u63?S7U$ZiɄ\/s8yk0鹞z۬lbiB˥y i %|tGnr#ҵ8rݵ&5 ^rDFxQRsf?5 8w`En7޿ p4'_flj!JQ&3o&Z֜.;r3q"Ui|6E+W9^ro h!,,*nVAzRA872'wG&zc|{09cʢK/JzqP3 SZ#q$!ٍZ$\.0Ӂ{ ^QC N#A/\jjߕ5{+'"SVXwSםumw*0q)7'+Bߑ.F=C8@Qap[I]bf_o3*jjE;ɐRQƨ2>P 􆏮&)ӷ.ElvGSE߲: va ^wI jcY66S_\m֓, W8O֝G|LyyW+&$+ʚhgGH6KR=A-D!,z㩿iƤi=S!֌!r   nIMΦp@>V%IEW\Ob(#1S+ZͽdhrDDuLp`-^̸ՙ3iKҎNC$)ܙZƆ-7 Y (#FWSCûc֒]o1Zݎj), ߂qH=HxHJHU=`OTb۸2׾ 65b}(>!' h̓cɡ沰DGZ6cc-O Sܥt9㜟۷Q(N:OXM=@&|N1Iq[qw3!ʏCݍuqb\$w߫E@<`}TĻbgak1pBTTHb0w?"jX0 r\ Y܂ɂyucmI],sF[Ƽ#,Df!ʂC 1VH1AtQϾ\ՊvqkHӍ\Ug`Wުbl'{P&y-⃨]]5z"G`P΍;@|.#S:S+*ӯm{pTolJ#9.ʑ8|RW%hGš4bσR5MbݏdR9)X耆S󬑮0T<ae 󕴞F,\ F󬩝j*뼨NhQ6s@ٱtIXw Β j )(pKi\IgB%-9` F+Lcګ2(Un%ɔttCRk ~" ~;+P_Xm8i/S]=܏.q7G,dyJpܑ~N'F#DP@qt5̼[#Aof9%"RMS/1G'S?M2uEr)L ]¦ Ha9]S^`?㿠65 $oe`xSbKԠQ间c;R Ly8%_&&DG@WJ\";ܡ"n͒딯8})U61z9o4] gU?&ڛ^slyMxzSb Wc~^A= u=n(}0)-4(,-Yv"gU<ݫ؟ $ B;Ԉ*,K) o#^zNgt`N܊Y2!ALsӻC⋌{x1i-J%չ17^5^̕>qDGͼ͌5H]I527~s_M1?6faSN_l9mٞҠH%PI\SZw.$7'!~hyY*;%Dǧ^NzFkM,acr9lmPc^|e7n)N5VSUo˵>IY 9S&ehVBh z~F[c-9cA :A*טf#WdSC'񿳝r} eS5 z G,8؈u߇{5K6 ;JIĞŻV ";*2ǵLQar2.dZJR3)|03к[h1:o{c}] ~|U hysr~ptw*'hI ĴM[1d04mDq.ƴDCUKeƁ+JL=͠h[ tA61JP,rtvy} H%ǿIo39QRL:w7ޟ MS?lbw(+1Av+_o V'Z{D3e ^,`s/8k>kd_ctS'& ė1e}W>rmQ [Y(!k`bR؛Jsݺ@Ȍo8qg/_JF1=ρU@Oi]Q?y7LFRwgnYn@7>0 *N\w5tx Ax~7U$v_2!][2kE 7_<4DF{Ϣ.R3矺g]9FYAAHhD21O+˺L_y+KHaI#D*ҏ`"D(\ԎCi v]αQ?.NQ-)dʞ-Tc<,jڛԳjt]֎)3FUb#L{Ვ֯uV ?^J?b *Q" s.& mxpptDr{tހsRp gW2y;dz5vf؈|&^`-+U*^jaWڋ}Әj{z`*]2u]Jk $>naF:8r'3Y0uYA\ui`"pX´|W(1An|r|"p^rX^ +Q⛠-\A3u2]<}51>.IxJظ_ oqpZn3#-I ij?$ s U"T"#NwW2F7^nIҹp)Pd ^ L{?Ԇs]nr/wN#̦ewȽ`"y"4jQWbUS]-~j~F"e1hʣ>΢h=MbPc@߱#1xLv-W'b7ʸ˞oAk.?_'՞ ߒ{{^p OGwuA" !rK46b$<}ҫ!\WՂ|ΚI诉-|j'DM^@1SMA* g^r*cRB†G=f 2L3)Y+)ll䕼3B8QOl[WR*  rg'\uYQ)E!$a]99-t'X Z*wxI6 dnP*aZ,V9Bu%t7đ`J'*W5Z%`*y' r*{+U{z>As&3b~a:OIC%* p(߽-6`Йddie L=ݶC]c,[U'CFɁ ֙; [26Sّr^!ؠT.I\8+RA+p]kNuX&+]wC+m 4O keԿ''\ĕ (dvr.txWY[>rz[ԟ3 p0l(Upf4oH *X8gL1OI׺p5~.D4%LD V7oC-jz 4…uaҺ6({ym 16V;׌avJ>e;$Ӈ3:hF^27pH'N+cY[h 0pbrO|1W@Kڅ4S5"B u.7+byO*G & 2ǔ&,IR3H)yE }skȠaL 8ToN/l Ly?X*[yqnCT Qxj9/d x+d>.`Iy#A|FoJ j)WA M˥'acP(MOJ`8 omQgzs-Tp~'_ypDu%sa }H4MuLЅ!R!;)ҾoyJGRʱ rxv PԛtCq^ycD:E~=O"i+D*=W ǮeP WLVg5.~yTr76>VgZ22'j8qAF1q?+pJS? P[EQC<*Ck]yQ=v uqğNs!fE}p,|Ϥ1JC'gU% e%J-Tb8WRVDx;R EF'\;C#LFŒ%+k@fP3Eto魆ћbdCTI:ZX 54a0aqCWD=Ǯ=@ZbhF8]AU $+W۵N'Zu#Dw4z2'5 F.@2xhwPڰnG|v}R'(Ԟ*3/CR_1 IXAf+Q:IR4fa1bBaɐO(i5K-~d7Ͼʖ6ps3s4S#l6lfDGEӆ wV.G1 ){qzۏpDKł-,bnaʑ^[ILZ9B_\]ZaV2.}OeϤM&nxJdAjӔ{`]LM>~ dĶK/V u=.:μ6`nck k}ό%Ub"LS۷{zԱ0h^L;ff>E溘c颇BI/d?g坩f}Vr)a# )N2KĤ A2 P\mYQC3A%ۦF%}Ry:U>Ҫl eqj1ҬgJ5,@Ӷ0UvwZ?^we)DdC$sB{C hC|H)3ݸ"8*!q?m7U|Oq|[qvׂ=ce_wh$\.tPǔJ]~EW@n@=!VHE Cd.($\ G=7n-3z 5+i/D@:8!ظ;; 2UC e Q8ͦ*'$GrEPdG1S-;N\FIVŏZvA atiX)FkY3gBfVѴ4ɟ'nE3^U4vQoxLBSy%2K T_錡cڶfeu -R)kq ᧕̕x+Sy>U5ui?ţyRC4.˖QUxV`gE;l`o,/|Ģh•1m  I)SQP6@ի[/9#0Zهo }sè'ouq4x%!ݲ+{_fA ^b}#A-2*%Nh; N{m'&gkڇC]V1@44ݎk2ZxqzҲ]}LJ7s< q"gQ/á/s\su0T)qz4~p$T7$Y <]zzT%x#䰚XvmYĸ"=Ĝ#q%sY0 'l? ͽW^)X.l݄7}k.A //^D7or=C-ԛACT 'X_f' -ڱ)2; zA{G7-yP 4u@wAE F@Wc[^]:o{l,uI}/OL;x.[I˪1VZ}#H8S DL&~cg_uJv%w!iapw"_@jjTK*-*t`1^cJLFIiunNsSXDkή^mX$60w&v W Q4b6 yA0>VAo\6UrTL{63 w54 u Èu2rYv _+esu a(ȨCɔD;br4Y'b,0҇tA jxnopMyMQq&nSPzʴ1TgN\H:ڵ0O7|b,LJJ2u3A|jhWr?^yMyLRRvIYK9\ݴqH~ Gkz *< DIxFrc ՚^;$s^эQ8[LHOZM]xɁd+w71PZ)vs&-&Đδ8n"Q~r(D tymy y[} ֊5P*rKem` = 5Zp?_VB-B|.-vX!}ksm䟕nn$Zd<_RaB!<ÂNNȔZZ9O*Uԋ.Fw})'w&lyh7,Dq{røx7onyuyx~0z+NCK_ob_ҔvĨRz{δٺ!R8˼X2wB/ͬʇjՌ.#8gD'jeœyW~٥&E'4nQ<\A)HMq/ X hT|Q{ZT2-mD;:<2:TZ0c1iYj":\,5@55aH߼͗f~7+@7<>ur0 l]-!d9*yBAFmށXV[2;\ϗÒ.kPtbken;S&:LݗѡiG\E~-O~3-Nխ2$07pa%@//w2IIͅOt^E5셍W@~rv {I7c1"]MM[Z׸, M;l]q>Kw5PmgVV 8[AJG ᤠC8:fMM7O~f_%UMĴ}tWT4=4iSA]2o]UZ'􄻆!=SLȹ3Cu U7p^(8=~'c;tT8g?^ibB 90%EJ%3ɷ.[DO$weέTl)Ts2T}SUEy4(%<͓D<}1G+3&OMJvAzr^ kڢο$4ƣr@@fcۣ{:He1P(R15sR\:ww7-QH)`2=_Ւ Ea#)}g/GUL"#p' ?]?%l?>֜u^Vh7USH3Y;CdVjj ږ&|R[%Xwon$zZ~Vj+f/=|{D.^dqFQ43̔((DBrw'֛kp>-"KKd:9Cy\@ZsL+cS7Y3 v#8mG.3ra[vCOFOK<IB۬]^,0&m xz^PJUVA`9YgwPM.tB Bc:֔4VAM7nI>cK Rp .,I.r[羢nsuv'PAj3~+Z@)\8BV pMɝo%thRCe(BA<ڹKkOs̵!%zNf,*;A5G{oFuufFp:Pp|Aw4`zUr~Zzґt:7'/x "oա A6ν5z ?FKu`a&Am,AaV$Z= s@w dC0\%̹9m[UH_Vn0CO{ȕ<:8DiAMCfCu(J۬^B<Ci>~yfa:;eδnE1.߯3f@1C. *9PjMmAK88TMb~\v)Yp{!s;nC^E5oɼm̰BA ڴ8h.mY,mPdߋx܋vpۂ4Vr=B0mա+y%c0H)B)meU{f.'Q0n;硘cz+aY!NjDZ4fBȳMR=2[w]zHL9Yh3uҩ ]VH¤5 SD RǺa=3sO26:&16 e) (ZK.f̑\jlƧuTYK•V.`V:ۑ^=Lg u}ԲsrhZtSz3 ns*s\ `e^ύ#3C*Oďy(1Z߶}tpk(PktogdJ=7jCb%kk݃8n`S1Pݨ?ᔖZc*N5^b݂[:'W[&qҤ#dI!뇴2.W7Dإ fn h}depWK] nNYWRΆsd>FMr/$Dηt<>|CM{!1q4kQ0KB"'8_ +%B{(soěO^g@4Ȃ/]mQ_Dѯ3ldiOhD>g:dv!ߤàYxazÙO:unՃ`Q] ),%7PmM'91 '.b/[{k8]˯j'8l_lDG,Q̤R!$d$~KεE >}*SLl~tcv]PB9*{E՛g zç RsW}0XaT>Yt{<Za9g#4FDg> \nQ[-4#,ch=~Rs|dpe么JhZsr 0K7Xݧ&J{*L&g(d RP 4 `pqA 2HƊtҖ64F*g/f#&Wƪ):ig[xԥHX%蚑MRgȝrz>t׿^0xU:xieK7POg>Y%pSo9jXʢoz.8&J0,F5l1|2yO @iO!ҽ@ӵ+ ?]~ܥxv>8jYESX85ۼ2~;[M݋ILF!Mhu+7=#(ۙFAlgrdv\%^k$'/C6/Bʟs$\} ݡ\"|4(n/lԑ~-|ezp]oY%9nt޲K1 e@ Of+5%wLst|^5v=v!CroV^1-]3Z#9c~?(:KM.ٱzx* (l-d9!G]T7lzK8!ƯJyՖus- Mڥ1ĴZulc\Z-I+ 4S굋|CqI;[C/4]u;VeBy|w++4艐c2~~cE~QÇߡ;p^GiVNVWscknOulrm<6p-:S"i^%B!#,؜C]o+dAGq> -cZZ:4wsm-r ,.n+#)Ƞpj^s":MCi/db2;ēV鎅'%3nrP&t٫Emׂ<լY:,K=لZs>(ZA6og{6VIRow2[* :4`r磗 Fc 9ЊHz}f}hiGAu+h]OX8DꓗC:Y:BI4cv*o4U2K'鮠l'c )orxMtq%‚ l Jd O9F\}Ʋ#× n͘>µBe0<G)(xR`r8>n(9"dHA4u̲Wdߣ`kw6ϳ)αNN)ϕQWkuvٞ\kbًbWmc{fyVh}lъ!ˑGo_dGFdǞcs}(E.Zw`M˭f4+dRQ_`!>7ST[i0RʞhZDu$V{΁Ȣ R2ҫS4uEm{u/2o7dJp;[(2{9;/>xДhRXmW96$|Im|\AxH*`Z8:+SKTx;)n9B5w 2G&6K4ҳ O<@*$;'WR0(=s-W滋l2%z޾&Lt9ި5']71.z񄬽=ll-с?}o3?ӫ0-߃_-?l?'|ӄ1)L^@(b r>䃷'p JP8 7PH*6d\JJE'Ih[T? hձ XwݑrT3n kt'pK ZƛoBtWp{~smҔRVN /1W~4)PoS+-Sn ?>!5Ҡ'=A$ 4VrkZ%ve61$ar`)Ya[$k:t筂_H繣~06)ci,npvе~vv9c .#UxrL{EI13͛Y Q% 79>m#Ke9IrC baq,u)gCI 34%SQ)77|=vYdtumq1M>~ rb_EϫF2BXp=dhC8V}z),FZ^BGs;117AbvI!@=pb |-A1ޛl@ 3@oƆː˯LUrN'e1zn[1vMZl::qmO>~;ur  +D zH>hJP:M 5U1CUIմ=SNć6"5SEg1h1 av-r?D`GDx bX `~`TW$S,XY&M:VWN!,$g:0gkE}ZJL7,b4HF}(:! O3p%BUX>la9a2/z jBc!xK-Zgpt#NctAZ4|$Uo.[K&`KJC %r+"h9z+ǵhk[CmzRov6!J}3Uޖ /Rn.2p%[:rv>,G&t3ImKh{vb;sd P-ӌK@bJ`i- 0x,A*p/0~({O.  yx/rMr>Gp&Pn5+y,'U )͎ɰ|t߁@A뮹D]Q뇕s\U_tNmU>W3k zC{&Dw;O6.MhcƐZUHtdyŹ:'ogcQ2kДfp |6.!: oN F6(eTM zKr]4lDjlL_{c+Cei<"aʮųFޝ߬gL|JSH9U{d xYI,>Ap6߻l˄K{?@3*ך;361AN0<%W`yQT^ E2y]@R1` L%a $@ lwM7*@K)/ SY6{>8'Pξ - R0Ue<788 j(FvNfwMkQ4Nw옗+Z0\7*4fKF 92Xaȋ_q*h@aabW5G6"3dfbj+=BP7}u;< G}N [0YeJJ}ȑv\x4&Ddb('(ʌJhف S-YȂgkewǠG|Rl$طRC:kӈYD s-+WGBr6.Mx?m!uc~6f\XZ+oʭz^z18 -iJD0<)4cLdsԁfw^Vp Fɼ}./r-j$lp~T녋u8ꎾ`IG%8pd00;-GWV5jo}x&7,eee= Qɧ#ܖ{HϒdqCuU{W4./L%I"{\!%#+}\[L f,Nׄ(p i d*>zs MƺҺ>Tq&^lHU;VnQG[/uTlnR ~zztnzν|}}Ej%`ɧnv)|B0Uy&e*9(wϺL@%04f Wdv;%ϩM L[Sl)[^o{&vÒJ7 ޲NfhJ/)ѷoԿ*9Ҷ?#C .Hu;c1Ş^w'@&.$6Q{ _Qb+n+{1!90IAkxCpeL|o#L.x]bF{Ƽ80Z!R1X J#i~C!!q+ry9{ 5wji; =R|졀"ŸBUBC =6F1&"Ė((f%1+lXBWM*Kti{ z9>~ݍz<(QRI];ו1\D-{n"G%cKP;D n 3'p@ q:|+ЩmJz;!|YƤד9ʈGl"˩6dYd^u뒘 KĐ^YSJ^kV!%96 yΕ@G@txܔZ6qx@^& MeF!z2;5L+PçԢt sҌ9#6\LaV㕠p=Mg4Waɿʘfc)ft %5{uZGl"WQTE'8I89I$0vPReamCUKlLH7NeHq2v!匥N@t)B8O 8ցUe&^[V9J/cF c+Z Ҥ\` ̶5+%0,4 S:Ej89{$x,(`&W n5dȪiIifۀxY]|!:'Relyl{ߺ (qsF>H #l-/'6`W]N[zՎ,&*Fަ(YBӱ\x氼5C7d)vq^SZ1$Z%q-o:"|($Tn?<&Y,k-9c~?@ F̀+BڽHw0JJ%eͲw_ ZSR9h4{r ~\ߤ \ ٭ו79]c7*^-&4Sžk^S&Tyer`޲2j6{ YZ