openldap2-contrib-2.4.46-9.58.1 >  A a3p9|W d> RcW1E u Dv|llw_bT< P=Z43P!F< DmcX[<6ڗqƜ&U J0$.UMSn<&^F|cGj֞vϸoJp>u?ud " ;DHTXq 44 44 4 l4  4  4444 $ S (}889d8:q8FbGb4Hc4IdP4XdYd\d4]e4^h`bhucidieifiliui4vjwq4xr4ysFzttttuCopenldap2-contrib2.4.469.58.1OpenLDAP Contrib ModulesVarious overlays found in contrib/: addpartial Intercepts ADD requests, applies changes to existing entries allop allowed Generates attributes indicating access rights autogroup cloak denyop lastbind writes last bind timestamp to entry noopsrch handles no-op search control nops pw-sha2 generates/validates SHA-2 password hashes pw-pbkdf2 generates/validates PBKDF2 password hashes smbk5pwd generates Samba3 password hashes (heimdal krb disabled) trace traces overlay invocationa3s390zl37 SUSE Linux Enterprise 15SUSE LLC OLDAP-2.8https://www.suse.com/Productivity/Networking/LDAP/Servershttp://www.openldap.orglinuxs390x8p(~8x`p)w') (i '(X~HJp'Ё큤큤큤큤큤큤큤큤큤큤큤큤a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a29e90de58f7fc18fbe7962fcfbe5add2fdd3c85fe715a1d6639551f37d3936e6f7128ef53365c1c88f39a4b452fe5f857b35a524f702d9c6f9003a71ba61aec3fc29e4e717f3fa44236e6b004246cbfb579d2bb816398755e4a071ede5d40ac36ca5543b9c73ca5cd47ea7f164fe811ea079b8bf12736cef5877ace7418d9f22f61a1ff922f16618fe8becd68d62b51badb81a6f266f384e566bed25b3c920a8d12d7702cadb349af8b9394184b7cead8ecd84f88f0ba75488111785ef05b7d3592f976ca689d85c457aaec0f6af293783d07c3304f5421f3a8428416b1dbd69baf82646b1a1ca886090978d2b7f5a074192c57c6cfa5b87a9c7c3747e70092e084b9ff54510aea552ca6661b6d9f36a00ae11a6d01401bb0ebaa0572f1606a47861d173bcb7b12582d93974894c4c473cece355d3fae147b8251b2b9a9e4c8b13a9dcc49ef2f54f573378a09b32679cfd6b5a6ffd009998a6dea39888d4f613a227149f261c647c5d49646cfb69450015793b93ab9022791679e764b968525ff5303bcc6b5d36b7f6e7fa20481975e2b7fff375bab602290db5c7f796534e6f78b4d64d188dd7aedfea9975e476690fceb96184c7de863a8236294b54123756c7788713fdec6736ebadd99e17c817dc807dea3fceabdbf0cd7b17865ed827e6f135fe10ca051ad9b0915edbdda74947a6dca39ccb91a92a47f6205eba80c6dd1d040e86ccb662118e9ddc449b0dde6f55fe1052a313730ff351787156706ae031766cbd1c0c1a6104c3eaedf49c1d3f3a3fae7e2136836b9e8e9a04371257b9cf9cb1bab260523d73902e3d57aac9129137d2e6f6ebe792ad2b2b62b0b3725c424a94b7e8e3a09a1c563bea4e2f9cb394ada28da2f5475a5819bb34d96a0801b0b9927dd05e1b0fa4d17885adf92d2de83287ca6445027f08531867c265cc994c94c376a39b405246890745b2cbe3b721479ea697dc9781f5a5072110a7a738fa7c296b29698018f89f2bab899d100df95c2080ca2c3fd5b7d738926382e7861065586c225b200d79f92e533f524227bed210f1c8430259c3c960eaa44bcea56bd132fa0c0a1323f07e24fc2916523838aab85e43703a44abfda0eb2afd081f085e9bd32555c4cbf159ae78c61ca425b48f2eb652b34efad04df87935a52f0addpartial.so.0.0.0addpartial.so.0.0.0allop.so.0.0.0allop.so.0.0.0allowed.so.0.0.0allowed.so.0.0.0autogroup.so.0.0.0autogroup.so.0.0.0cloak.so.0.0.0cloak.so.0.0.0denyop.so.0.0.0denyop.so.0.0.0lastbind.so.0.0.0lastbind.so.0.0.0noopsrch.so.0.0.0noopsrch.so.0.0.0nops.so.0.0.0nops.so.0.0.0pw-pbkdf2.so.0.0.0pw-pbkdf2.so.0.0.0pw-sha2.so.0.0.0pw-sha2.so.0.0.0smbk5pwd.so.0.0.0smbk5pwd.so.0.0.0trace.so.0.0.0trace.so.0.0.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenldap2-2.4.46-9.58.1.src.rpmlibtool(/usr/lib64/openldap/addpartial.la)libtool(/usr/lib64/openldap/allop.la)libtool(/usr/lib64/openldap/allowed.la)libtool(/usr/lib64/openldap/autogroup.la)libtool(/usr/lib64/openldap/cloak.la)libtool(/usr/lib64/openldap/denyop.la)libtool(/usr/lib64/openldap/lastbind.la)libtool(/usr/lib64/openldap/noopsrch.la)libtool(/usr/lib64/openldap/nops.la)libtool(/usr/lib64/openldap/pw-pbkdf2.la)libtool(/usr/lib64/openldap/pw-sha2.la)libtool(/usr/lib64/openldap/smbk5pwd.la)libtool(/usr/lib64/openldap/trace.la)openldap2-contribopenldap2-contrib(s390-64)@@@@@@@    libc.so.6()(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)liblber-2.4.so.2()(64bit)libldap_r-2.4.so.2()(64bit)openldap2rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.4.463.0.4-14.6.0-14.0-15.2-14.14.1``KW`/@`+_@_@_/@_FN_?@^^^*@]B@\ڭ\r@[H[@[vZ@Za@Z@ZZ.s@Z@Y*@Y*@Y@Y@YYp@Yf@Y7Y6@X@X7@X$a@XWk@WbW;VVɦVŲ@VŲ@V@V@V@V@Vf@V^@V\:@V@V @U4@T@Tuwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comvarkoly@suse.comvarkoly@suse.comckowalczyk@suse.comckowalczyk@suse.comzsolt.kalmar@suse.comzsolt.kalmar@suse.commichael@stroeder.comfvogt@suse.commichael@stroeder.comrbrown@suse.comjengelh@inai.demrueckert@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.comhguo@suse.comhguo@suse.comjengelh@inai.dekukuk@suse.comhguo@suse.comhguo@suse.comjengelh@inai.dehguo@suse.comhguo@suse.comhguo@suse.comjengelh@inai.dehguo@suse.comlmuelle@suse.comhguo@suse.commpluskal@suse.commichael@stroeder.comhguo@suse.commichael@stroeder.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comrguenther@suse.comjengelh@inai.de- bsc#1187210 - Resolve bug in the idle / connection TTL timeout implementation in OpenLDAP. * 0231-ITS-9468-Added-test-case-for-proxy-re-binding-anonym.patch * 0232-ITS-9468-back-ldap-Return-disconect-if-rebind-cannot.patch * 0233-ITS-9468-removed-accidental-unicode-characters.patch * 0234-ITS-9468-documented-that-re-connecting-does-not-happ.patch * 0235-ITS-9468-summarize-discussion-about-rebind-as-user.patch * 0236-ITS-9468-fixed-typos.patch * 0237-ITS-9468-always-init-lc_time-and-lc_create_time.patch * 0238-ITS-9468-do-not-arm-expire-timer-for-connections-tha.patch- bsc#1182791 - improve proxy connection timout options to correctly prune connections. * 0225-ITS-8625-Separate-Avlnode-and-TAvlnode-types.patch * 0226-ITS-9197-back-ldap-added-task-that-prunes-expired-co.patch * 0227-ITS-9197-Increase-timeouts-in-test-case-due-to-spora.patch * 0228-ITS-9197-fix-typo-in-prev-commit.patch * 0229-ITS-9197-Fix-test-script.patch * 0230-ITS-9197-fix-info-msg-for-slapd-check.patch- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. * 0220-ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. * 0222-ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. * 0223-ITS-9427-fix-issuerAndThisUpdateCheck.patch - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. * 0224-ITS-9428-fix-cancel-exop.patch - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0218-ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0217-ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch * 0216-ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0219-ITS-9413-fix-slap_parse_user.patch - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. * 0213-ITS-9406-9407-remove-saslauthz-asserts.patch * 0214-ITS-9406-fix-debug-msg.patch - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). * 0212-ITS-9404-fix-serialNumberAndIssuerCheck.patch * 0221-ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). * 0215-ITS-9408-fix-vrfilter-double-free.patch- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. * patch: 0211-ITS-9454-fix-issuerAndThisUpdateCheck.patch- bsc#1178909 CVE-2020-25709 CVE-2020-25710 - Resolves two issues where openldap would crash due to malformed inputs. * patch: 0209-ITS-9383-remove-assert-in-certificateListValidate.patch * patch: 0210-ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch- bsc#1179503 - fix proxy retry binds to a remote server * patch: 0208-ITS-9400-back-ldap-fix-retry-binds.patch- bsc#1178387 (CVE-2020-25692) - unauthenticated remote denial of service due to incorrect validation of modrdn equality rules. * patch: 0207-ITS-9370-check-for-equality-rule-on-old_rdn.patch- bsc#1175568 CVE-2020-8027 openldap_update_modules_path.sh has a number of issues in it's design that lead to security issues. This file has been removed, from the package, and the %post execution of the install. The function is replaced by /usr/sbin/slapd-ldif-update-crc and /usr/lib/openldap/fixup-modulepath, through the addition of the source files: * fixup-modulepath.sh * slapd-ldif-update-crc.sh * update-crc.sh- bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. * 0206-openldap-tlso-use-openssl-api-to-verify-host.patch- bsc#1172704 - Change DB_CONFIG to root:ldap permissions. - bsc#1172698 (CVE-2020-8023) - local priv esc via start script chown -R on olcdbdirectory path. Remove chown -R on start to resolve.- bsc#1170771 (CVE-2020-12243) - recursive filters may crash server * patch: 0205-bsc-1170771-limit-depth-of-nested-filters.patch- bsc#1158921 libldap-data should be requires, not recommends to help prevent user confusion around configuration ownership.- bsc#1143194 (CVE-2019-13565) - ssf memory reuse leads to incorrect authorisation of another connection, granting excess connection rights (ssf). * patch: 0201-ITS-9052-zero-out-sasl_ssf-in-connection_init.patch - bsc#1143273 (CVE-2019-13057) - rootDN of a backend may proxyauth incorrectly to another backend, violating multi-tenant isolation. * patch: 0202-ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch * patch: 0203-ITS-9038-Update-test028-to-test-this-is-enforced.patch * patch: 0204-ITS-9038-Another-test028-typo.patch- bsc#1111388 - incorrect post script call causes tmpfiles create not to be run.- bsc#1114845 - broken shebang line in openldap_update_modules_path.sh - fix the script- Emergency fix: move tmpfiles_create post from the library package to the main package's post script, which ships the tmpfiles.d configuration. Fixes the post script of the library (-p /sbin/ldconfig does not allow more statements in the script). - bsc#1111388 openldap and /var/lib/ldap/DB_CONFIG* (transactional-update) * source: openldap2.conf - Added a patch to let slapd return the uniqueness check filter used before constraint violation to the client. Fixed broken memory handling in affecting error response of slapo-unique ITS#8866 slapo-unique to return filter used in diagnostic message * patch: 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch - Don't require systemd explicit, spec file can handle both cases correct and in containers we don't have systemd.- Fix CVE-2017-17740: when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack * patch: 0017-Fix-segfault-in-nops.patch (bsc#1073313)- Fix slapd segfaults in mdb_env_reader_dest with patch 0016-Clear-shared-key-only-in-close-function.patch (bsc#1089640)- bsc#1085064 Packaging issues have been discovered around the openldap_update_modules_path.sh which has been corrected: - the spec file was wrongly configured, therefore the script has never been called - the script should create the symlinks first, as slapcat is useless on a system which is already affected.- bsc#1085064 Add script "openldap_update_modules_path.sh" which which removes the configuration item olcModulePath in cn=config which is after upgrade from SLE12 to SLE15 holds inappropriate information. If the cn=config is being used on a system, the conflicting items in slapd.conf are ignored, despite of it, the backend DB configuration section has been also commented out in the default slapd.conf. In case of correct cn=config (the olcModulePath has been already removed), the script stops without touching anything.- Upgrade to upstream 2.4.46 release - removed obsolete back-port patches: * 0013-ITS-8692-let-back-sock-generate-increment-line.patch * 0016-ITS-8782-fix-cancel-memleak.patch OpenLDAP 2.4.46 Release (2018/03/22) Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717) Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373) Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687) Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791) Fixed libldap MozNSS CA certificate hash matching (ITS#7374) Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389) Fixed libldap MozNSS initialization (ITS#8484) Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650) Fixed libldap memory leak with cancel operations (ITS#8782) Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705) Fixed slapd to maintain SSF across SASL binds (ITS#8796) Fixed slapd syncrepl deadlock when updating cookie (ITS#8752) Fixed slapd syncrepl callback to always be last in the stack (ITS#8752) Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778) Fixed slapd CSN queue processing (ITS#8801) Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720) Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520) Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226) Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404) Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692) Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752) Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100) Fixed slapo-syncprov memory leak with delete operations (ITS#8690) Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444) Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100) Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607) Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800) Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486) Build Environment Fixed Windows build with newer MINGW version (ITS#8697) Fixed compiler warnings and removed unused variables (ITS#8578) Contrib Fixed ldapc++ Control structure (ITS#8583) Documentation Delete stub manpage for back-ldbm (ITS#8713) Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121) Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818) Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715) Fixed slapo-syncprov(5) indexing requirements (ITS#5048)- Use %license (boo#1082318)- added 0016-ITS-8782-fix-cancel-memleak.patch- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Add openldap-r-only.dif so that openldap2's own tools also link against libldap_r rather than libldap. - Make libldap equivalent to libldap_r (like Debian) to avoid crashes in threaded programs which unknowingly get both libraries inserted into their process image. [rh#1370065, boo#996551]- use existing groups instead of inventing new ones- added 0012-ITS8051-sockdnpat.patch- updated 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch- Added OpenLDAP new feature implementing OpenLDAP ITS#8714 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch- added overlay trace to package openldap2-contrib- Upgrade to upstream 2.4.45 release - removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch and 0012-use-system-wide-cert-dir-by-default.patch - added 0013-ITS-8692-let-back-sock-generate-increment-line.patch for supporting modify increment operations with back-sock - added overlay addpartial to package openldap2-contrib- Remove legacy daemon control that was used to migrate from SLE 11 to 12. (bsc#1038405)- There is no change made about the package itself, this is only copying over some changelog texts from SLE package: - bug#976172 owned by hguo@suse.com: openldap2 - missing /usr/share/doc/packages/openldap2/guide/admin/guide.html - bug#916914 owned by varkoly@suse.com: VUL-0: CVE-2015-1546: openldap2: slapd crash in valueReturnFilter cleanup - [fate#319300](https://fate.suse.com/319300) - [CVE-2015-1545](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545) - bug#905959 owned by hguo@suse.com: L3-Question: Are multiple "Connection 0" in a Multi Master setup normal ? - [CVE-2015-1546](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546) - bug#916897 owned by varkoly@suse.com: VUL-0: CVE-2015-1545: openldap2: slapd crashes on search with deref control and empty attr list- Drop binutils requirement; the code using /usr/bin/strings has been dropped in openSUSE:Factory/openldap2 revision 112.- Remove superfluous insserv PreReq.- Introduce patch 0012-use-system-wide-cert-dir-by-default.patch to let OpenLDAP read system wide certificate directory by default and avoid hiding the error if user specified CA location cannot be read (bsc#1009470).- Add more details in the comments of slapd.conf concerning file permission and StartTLS capability.- Test for user/group existence before trying to add them. Summary spello update.- Move schema files into tarball addonschema.tar.gz: ldapns.ldif ldapns.schema rfc2307bis.ldif rfc2307bis.schema yast.ldif yast.schema - Package previously missing schema files in LDIF format: amavisd-new.ldif dhcp.ldif dlz.ldif dnszone.ldif samba3.ldif sudo.ldif suse-mailserver.ldif (bsc#984691) - Fix a minor issue in schema2ldif script that led to missing attribute in the generated LDIF.- Enable build flag LDAP_USE_NON_BLOCKING_TLS to fix bsc#978408.- Move ldap.conf into libldap-data package, per convention.- Move ldap.conf out of shlib package again, they are not allowed there for obvious reasons (conflict with future package).- Build password strength enforcer as an implementation of ppolicy password checker, introducing: ppolicy-check-password-1.2.tar.gz ppolicy-check-password.Makefile ppolicy-check-password.conf ppolicy-check-password.5 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch (Implements fate#319461)- Remove redundant -n openldap2- package name prefix.- Remove openldap2-client.spec and openldap2-client.changes openldap2.spec now builds client utilities and libraries. Thus pre_checkin.sh is removed. - Move ldap.conf and its manual page from openldap2-client package to libldap-2_4-2 package, which is more appropriate. - Use RPM_OPT_FLAGS in build flags. - Macros dealing with old/unsupported distributions are removed. - Remove 0002-slapd.conf.dif and install improved slapd.conf from new source file slapd.conf. - Install slapd.conf.olctemplate to assist in preparing slapd.d for OLC. - Be explicit in sysconfig that by default openldap will use static file configuration. - Add the following schemas in LDIF format: * rfc2307bis.ldif * ldapns.ldif * yast.ldif - Other minor clean-ups in the spec file.- Use optflags when building- Upgrade to upstream 2.4.44 release with accumulated bug fixes. - Specify source with FTP URL - Removed obsolete 0012-openldap-re24-its8336.patch- Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch into 0010-Enforce-minimum-DH-size-of-1024.patch- Upgrade to upstream 2.4.43 release with accumulated bug fixes. - Still build on SLES12 - Loadable backend and overlay modules are now installed into arch-specific path %{_libdir}/openldap - All backends and overlays as modules for smaller memory footprint on memory constrained systems - Added extra package for back-sock - Consequent use of %{_rundir} everywhere - Rely on upstream ./configure script instead of any other macro foo - Dropped linking with libwrap - Dropped 0004-libldap-use-gethostbyname_r.dif because this work-around for nss_ldap is obsolete - New sub-package openldap2-contrib with selected contrib/ overlays - Replaced addonschema.tar.gz with separate schema sources - Updated ldapns.schema from recent slapo-nssov source tree - Added symbolic link to slapd executable in /usr/sbin/ - Added more complex example configuration file /etc/openldap/slapd.conf.example - Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap - Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap - Added patch for OpenLDAP ITS#7796 to avoid excessive "not index" logging: 0011-openldap-re24-its7796.patch - Replaced openldap-rc.tgz with single source files - Added soft dependency (Recommends) to cyrus-sasl - Added soft dependency (Recommends) to cyrus-sasl-devel to openldap2-devel - Added patch for OpenLDAP ITS#8336 (assert in liblmdb): 0012-openldap-re24-its8336.patch - Remove obsolete patch 0001-build-adjustments.dif- Introduce patch 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch to fix CVE-2015-6908. (bsc#945582) - Introduce patch 0011-Enforce-minimum-DH-size-of-1024.patch to address weak DH size vulnerability (bsc#937766)- Introduce patch 0009-Fix-ldap-host-lookup-ipv6.patch to fix an issue with unresponsive LDAP host lookups in IPv6 environment. (bsc#955210)- Remove OpenLDAP 2.3 code and patches from build source. Compatibility libraries for OpenLDAP 2.3 are built in package: compat-libldap-2_3-0 Removed source files: openldap-2.3.37-liblber-length-decoding.dif openldap-2.3.37-libldap-ntlm.diff openldap-2.3.37-libldap-ssl.dif openldap-2.3.37-libldap-sasl-max-buff-size.dif openldap-2.3.37-libldap-tls_chkhost-its6239.dif openldap-2.3.37-libldap-gethostbyname_r.dif openldap-2.3.37-libldap-suid.diff openldap-2.3.37.dif openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif openldap-2.3.37-libldap-ldapi_url.dif openldap-2.3.37.tgz openldap-2.3.37-libldap-utf8-ADcanonical.dif README.update check-build.sh- Upgrade to upstream 2.4.42 release with accumulated bug fixes.- Upgrade to upstream 2.4.41 release with accumulcated bug fixes and stability improvements. * Add patch 0008-In-monitor-backend-do-not-return-Connection0-entries.patch * Remove already applied patch 0008-ITS-7723-fix-reference-counting.patch * Remove already applied patch 0009-gcc5.patch (Implements fate#319301)- Add 0009-gcc5.patch to pass -P to the preprocessor in configure checks for Berkeley DB version- binutils is required for "strings" utility invocation in %pre [bnc#904028] - Remove SLE10 definitionss390zl37 1628844942  !"#$%&'()*+,-./012342.4.46-9.58.12.4.46-9.58.1addpartial.laaddpartial.soaddpartial.so.0addpartial.so.0.0.0allop.laallop.soallop.so.0allop.so.0.0.0allowed.laallowed.soallowed.so.0allowed.so.0.0.0autogroup.laautogroup.soautogroup.so.0autogroup.so.0.0.0cloak.lacloak.socloak.so.0cloak.so.0.0.0denyop.ladenyop.sodenyop.so.0denyop.so.0.0.0lastbind.lalastbind.solastbind.so.0lastbind.so.0.0.0noopsrch.lanoopsrch.sonoopsrch.so.0noopsrch.so.0.0.0nops.lanops.sonops.so.0nops.so.0.0.0pw-pbkdf2.lapw-pbkdf2.sopw-pbkdf2.so.0pw-pbkdf2.so.0.0.0pw-sha2.lapw-sha2.sopw-sha2.so.0pw-sha2.so.0.0.0smbk5pwd.lasmbk5pwd.sosmbk5pwd.so.0smbk5pwd.so.0.0.0trace.latrace.sotrace.so.0trace.so.0.0.0/usr/lib64/openldap/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:20856/SUSE_SLE-15_Update/0373a0ca7d9880eb33e66dbd6a3d8ef4-openldap2.SUSE_SLE-15_Updatecpioxz5s390x-suse-linux     libtool library fileELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=d310411ecd3e1192fe204370c32aeb12e1a144c0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=326a172b2cc088d35d0088578e61e3a2187472de, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=f1cee29d154f18b70f32780f1bd73475993cc26c, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=1b4c277017006a3a2d55707be16e5cf0591d6f24, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=3f15391343979b5147fece42bc7faf889bcef399, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=33dc38e70b8d3a3d98028d36bffe68f2636f2b4a, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=c3334f6bd172bf2d6db2026926546eb172af784a, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=3e6fcad9786bb9be16ecd90475e212c9abb64baa, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=e7c289c45132b32ed1a6f03a78034b3a506d3a0a, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=11bc836959483412ad8305d8976393f3dbcd7f10, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=d0372e8665cebf825487e4880e17581b129be6c5, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=cb21df4a920f3506d08dbc3868f030e078949939, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=02229032fd8bbb4b7750f749882446bd559fe720, stripped  !%&*+/0569:ABPRRRRPRRRRRPRRRRPRRRRRPRRRRPRRRRPRRRRPRRRRPRRRRP RRRRRP RRRP RRRRRRRP RRRRglTmr8utf-8477d48d15afd2e87e0e9a7d3583ca8c458d7a0bb7cd96cdac24fb2900ca55d78? 7zXZ !t/-] crv(vX0d:P ߉0ShW\^/gݠE3tlV}r3 ~R؞?JZ#X!YEo/ɦmGHWL*V]븕? CWI[汢~M||܆MHBr +"S/b 5$0FYv_YY|9y1v>z"զ1@N}>(A~RT턭-U%X0UO֣~vNiP.=ż&콑 {UO:HzN"ʱGz&}yt|قR E vb9-OjJ ݦT-m<;:vu ZTޟTxՉ1Xf{|8J}f ST9cIh(HGbyl 03p *sMvAYT(@=tz,0.*ە'E- .A $2:N5xss_Jc 8]:3Gbqyx MAq- 3BlXƐh - Gi䙁(p=NΑ.T>I;ٸxabvoT9#BŒXjL~,QRfYYC!SaWw* [Jh uY,l-!_ et@!L[5%<۩ml}ԬE J $]J̊U+SP*Z78jQMс8`5]A(F-O0TG pF:j m)f{i8ko.1}ym"+9,]u-K [F rYP"Sf ڃs["dRO50bão9 b!0Dzr STup0HFcw YuL.FR* 3g6QOՊUz)vE#[Xxܕ;0A>L-Z:+#̒O$`ֶz} &\0AS!t Kt(̩h)HE0IxEcUڋCሕ*ۤbWtpj,a?M"}ԣ40|c41RJZ6v9.6aa%V'lAeNcw٧T Q7F%wJ:"$8m[W"7esEA*-*i @d<}-<ي ݚ:if3:_1"ìHrXNɉ̫g). EHb.u&, Ix;5*S0ֱs183BHq:Z8&4)QBDs?r 9.D*h]:ꑄpZm78XR<,$Zw ƂNj\f $ux,\qoE(Q珋sB3T6QZ$f70y5#B!e#B(iA!Ã/j+^m}nMڳND?}Wfn-|b:!RpE7 d Z535;_Р,D[-8-(_ڏS|:XI'm:&ah9O:1-D_7N1}X]Fj%WKEg{܀]rZf]ŪOZ-1 ʽ椔q]OOB\S-7` DAJh;m{ڟ{j?-rǝ2raHE΋|(~<$FfakfR:#M]+9UYz5>UQ=/i@g(f:9.*}z9ސ<ғi>_j<hW%} X" >,*=^ 1*Zes-g;|V3jX+/UXhrRwr`韆/Mbx^ۖdφ<` 3K+/X"L&$f:W6 Mܱ o ^Ei_he`woN}陰gԶr*k—;TN:bG t#t&tg@Zh-*7{%{yΊq ,9(.ӭv<`19ң uC3)aGٲ)Q`jܽ&:v7TI|2mH7k2c5_SHU h~@ *pUh(R8Q}(xIAF2rbja7HK $Ț]|c 0(v::T( q̸8(U/mg+it$ hA[wEy=(5/x-H*ڵԡMZw>Ix:QHx2*P> 1g,Ia} %hUc 7MX0'M(^3^b{ `$v)O}-:yhךbuSp9EfΣ SL7O:7 ̸Rf`IxF_E;iLBf|򶏍&r33Ͱԕay䋏jIX5gy| 9Jboj{- ĴΤ0V =[r|a[qwNpuMv_,oY)g!}҃D #O05RQ$KEzDx<;ҍ#_G \.6jD= _2wU LQn|+Ղ}ޱ`BVASH\5vItc߃4'x6'gtqw@!"ſb޾-v2v_Fgr:u~͏B{l# I᧭ɃLmz`t˝mc*7HN/q6.t޸hYXdɋ@dR-6@s0s[Ϙi￝ma2QXgr~䶘>BKn]oFg u8$[ʅMp_@:B(*(dxR+7#Ue"ݝ邏 8DiHHe?<,A.R̫9[b;tF|d~a/O} p b -NO2i37:.4.fUe"s HaH+ZxiFŬ aIfm^3_$|=<`cqd)z¹ TL 3= 2,ϭT<:ĺq/O'0b\O~Z"߀k %A}*06!wuSekAFd*]0(-GQjaE/Yй'Q&quik}wzu5T*dysrpzq̿ )ٯ$Py6a܍l|bysj# y]'Ol-H %d+@*};Fms-ڹjĠSc;Q~ʌBxeKJ&Iv.Ϊ/%ת->CҲ:ד:P$Vaa M.q¤>̳~O-0qEm؛M)R+Qm6FR@bkKZzyx&V&ii'0$X͐b 4Qx&$sLX_ҷ&N% yWC/Pt$b(Y/Ol%cv^t!CMkDH3w'e!+X_@k|w\ۇИL7G.î56ϥd|MrbOP3x-{̔BAGFYAQj\ekLKE P PO*9 ITy6[yUg;"8 Q"fj6zm>z-'w9JdIQw[KՓb`|iUCjSdN[j89*^19*tӥaM"?OئEJ%8An.qRٕCbƎFNSJMkH9\YXMŇ:m,e%y XM7{b"G+k$=AkߕRDr,_lr '>u5|ElT/(w~Իs{ 1[;Rgsԃ ŐM+#3nt5HF)KF9`N8Djf(Fb~_\[j o<6T r>&0M:^-[qLtNVC#w@4O٠L7+4OJ,.B zf 1vFgvKφ}"qKJmvQܨv?h6bc5e` ,@yc[=]Ϋ}NjzfJ m҆h! [ &0ʕK`lm1(+ol`}*i(oF3)`.<0L!B-70F.F&Tf֊Ʉk$BsFx:6e ߂ C.^+VN)t[ߕ&:Avx&hsUyTBmhl/>>ܜkЎB1?qKLؿ=sNVP|ֱL,jEMI,OB-'@Yj#WWx*idPy>BgL)> :5ZTUuFYբZƚJLvJ?<7mr3M?\5viSf{%?jO ؛7c4왲 Q%C1X]Gި>nMe#Od^zMR{&y57R&fgc@[U7CC@LgXAMU[8M0) sV@a/D_'gF"+BmE-U^H&dh,㮜1uc>CxUtzLK b%.Av&!Ӛna>HTA| (,zuʢFgbOIhZ*`*rhW^T$ͶzljڴoVخC?N!yvޛ*?v@J"bL'Q"gI s^e1dMnWX3_}ܽhuuDYz>p5J46~`{ W@/-g<,C|.s8*'hG=e=ɿPZaPA8_(,~`twrL > JkbZi yL^TI|#x^ H^* T¬a YX5a^3M`cf;H4LT= 1˸ JYr \i%l):dqx-MfUYrj bKކm$!#d+!5m;PT@L-9#}~̅Ғ0r 22uXQ+wDNE_.:?$hT\:( EiWN18s0ׇ3f&[\%5߷[}c T_%-8ף8E\(3J3zZAO ]" N$ۦlv GI2otInn_ZX1eDzz6UCJAY(Oo.w5{Xk8GK}`x݋k镮/[`*>gJ_ вv{R|4ϐ ijb? ld-Cu5 i(ߘ!8/WN= Ltl6*\-RUe5nۮ􋤯N:)G԰3rA`rT㩋LVE4v+2VUsy_7{R+~su35% Z|VGt;[|]==z+dmJAl'${A yN m"ʼnhT/cl҈ԈUL4N>?~\2d7U %~.]8"q)8lk>aS0Ià jؒ+ؕPkB<f*193:=+S^6 5 /P"e8Gy"+y\1lF $32?{/kOCƐo.qP,7eP\g+DDOY9ELm\YJLcDy9f[F~>ocvs'p8*ީQ L-v)v qcLcpkŷe藺72\f%6Z-=_kHqPrF 4B e0)r5fK㋪F?95=#)ۑq=QΒDrP&+T9 %vrB|~,exB 24W%{ӛjx cm$ h795Ӛ|h(z/wI& ݏgClS˰k ]G_ 0per8d6.~/-h}pz_9frҔQMĢh& 3a2oTbMH,eZm%NC,UQi3*'$FHWx=/H!$2U6!.!@1 }) JΑ/Y&9+K'l4[H6E VXgeuHzwפ4٭?"N5#`pC-e;;J|{YV 9RYoL)"75zN{+Z(JJS@~v{;#=,<<(qF_~4FppHvҭI)#/_g>XO_51$X A*h~?Rw z{y38D Ll AV\;:BTB3JݐhͲ$uz맅fU$ޮSiv ڒz|2HZ^[uΗ$(mZcz6LlN.aOǒ7RT>Mp*)~ҡk# ;x^wٵ@L`@ae&k߁#m(GplGk;njce cPglL8oQjݺkn<>gROý(~ x>CNT\玚]{3Ya%O*rTM$HfC@nW2wYX%Hvsژ\:Ǭ'G$B- =+`wHxѻK@3^<ŮaqQ@\f-ߴu3q 'uW<+IҲW7v>i/2`"֟^hI`:]`ѹ̃lH7Rz6YdґdЗksrDALrňz~DϞ2>tGW@JVA7q|aov5SrG q;Im߷/mJڇo墣 >V5JC<<\wsa iSrLp ^㪋N2C*ũp+.Vi[)! ^Dڽ088Ap^ok1mƌPO,-S|T vIn+YE2'\GXqO>B`NpA],e(ڮMz<3f omch.F%z =!e>@a?x8DM\oX^2_ WMO!>]0{1`0SVK!+K8(hx]UD^;<ۚDOاmeXmdEW2:r1 {L0sʧDk$W2҃mKؘXrKs;h?6À0JlU+poFsp>Ѭ'FCLu?j.ٜ1}9V`! \FJ^i@d{1@ךx,&Od1m*P N/" ax2ؓWCnV+8DbM]-}#9֑xGR57'&1#?(yķHN8 bw{|QĿFUث\Ec]!gV&-K(g40{ْ:SW KpJ..ɘ:(1<&Mhg)orX%MrOݽiJ 0=W3n()3x!sA&&T{<[+y{XSpf'j5Xq}↘Ii.JAU2 )ǥuR(+26,y:O%WƹcUT\#T1ۥzD;(xpMNlυIj>%80v2Kd"!zMALЬzd:꽇A޲l{`Ìc!.9J,o阣TG$ 3jy{xi_y!4d ?:KHx`3%-)CtRtO!4p LS8m{ t էb4U$!1ꆎO w͂jG1S9K8v+-q\m D͆W2e53D6O&fF\/VGƛ6.xTRW SauL*WA=P6(AX zH&#e ƫqS@e``~8d  $\)hw`0Œ5ˠfupjEwUD-f`8sXEcm=qF7@֡:x9|<$oA?&p2%,2bSW,&{4"z Эы#2Ǭ{GNcg3>6& [dsPv*3XUb[="qZ>K#?*:p$I*ērćh85)O,~sm -254)f[.еɦT+ N,4zh+ )U&- "D*) /}eUB]@i7ئ O*ww}$N@`AxZ#@ u~aUoJ@i OCX)m$Y߻Z¥=x1PwJ\@7$%贯.1V4!XtGjjd{0YT%v_Č^=:4{,''Jrh՘2Ĕ'۪]mCj+/|Dڸ 1x ps\"q\+lΖNu hm:% ޝ!ж\ mα:Μ8ۡ7#S~H]-k 79 ±jXasUQՂCK0w@6Ha6)(d!B [PT9T `GHt;Ɍ6 hbahVk=5Fmwnݴ4KbNjmб yk5_hU.ag|ˁq%c5cbcL~@an UČRF$@sk[ _6omK2_7̷=8^J+v3*/D{"YȴS5 w}fUCЁےeB @kU Tt}}H8b4 jKzV 4,Ai ;x%6niѢb/Gy>ל2e"2;JxS%- Ǻ+zVDq F+J;H[Run?QF>/b#ߔ'IZ<5RaAB \c>eJ~/^90S `ltAs&<D5j[*.|71򂕸sI1USm> J*bkA\_ߔxh!AAMh(zqv"ZY/ Er~㧨TeE?B7q $/~* p*erRK#^LW,R@<~HCW<@펞Bg`qI4J"ʼ6'Ÿ^Ңa|=]J&cY9bNY-_%FT,vfBo{ueABxl[Yd*QJ-Iy6i_c#Ҵvad!"єBk✏MafHS]qbD5?佃|XM;{s!kjeJ-xS+v~p6~^-ˆaox#ؚ?ѱp=I?| &jaLfEvI: yO{]{uU Nf@mRj<.n@"J) guO=DˆM΂WǫIQʮx UV#õra9_bNN>:5w>.ˋc2o $h48~FĐ7xo<\x*U1,<:+pvX!̞ˀ$0]Qj^{ ߍѼ7at&@A%~`_JwST402p]?Soڔ0I]aSy{o|t{g .ǡRd *捛כMQ96%4$f8ĥ9 /Զg%ꤥZ!n@|dZ ht0%PF/8t IUZF<, [n@/87^Hث;T9]PJR~F}Q~7'zV]z >" 1߰*ZMi~E+qɬo"Sջ9WbقS/yvn(^㓗ϟ^!]MN2d:L~DPavV9gU#7J5=#?: H~q:gqlk,}3_\+-)2גD{ 5qyqP" ک7$)Xm/ M$Ay Ə=gu4n~mn. }K5%1D@C"u|{1^E.ǒEpCTf} 񍢺 D#QRFi.bR!U.ҺЂ vKfuաѬ%ZphvAkjZ9F+y ûۄg1rkKXbgpxRhFcQ]z퇮OY1j'J>6UJO Crx3ghR6e"IbKP <{'ƫP9]R783i@1& Q*"b+XpߡvbN!jfMYDQ[ OA`gyz_~l[TيlsZϾ7]$̘?F]-A4cU8GPlr$p'AEȫeӼ娕V9 Ġ֬ sKLNku'ONTNh}i9΢riz{.lTJ);yqlssBbA; W"KE|Z I\,j giǣjO~)MU켵 iBR:O;Xo 0 L 3rv:1Ih3Iڊ."ڜšz>4k'az*/o+]rw=PEǮ\xdX|;I<|^ܶ`]"; %/Y;{AyУW^o :'CC+ijЍ Z&0 >LNb؄j-$54q9Pc^h, Lo(LaL2Ԩ;m&4?8 URm&>ھq@s*Jciw5g'KhDn<](5D8=$D6JtMF>ѫ'JVxYi l"NA^r!Q]:Ja a?>#ka'oPj `?jU&IXɔBKq[Bj qc'k䖰ZK4p4Z>>)=PP$ZŠxHqhLBIә-Bp6FbY8M?=9.HBoZb],ܝwDUt}́WWf.q`[|f7Dg?\4T*]Ȍn=Y<,ܯ5G$H{/7 ҙ;#wbn"?j: u7t2CSk4zQL|Mg\qZ'p٦l$1%ʛaU*FYm!14MT|2h@M.8VbFf  P"d-)0DH@}%S|<;M%BCdr RPP:acFͺ]ۆ"C]=;:A MmzR{(vğyXQ(Ӿb-==IYo H \@J4 ^i?+_P>w .ЮЎ;Yα MCXBpo} M!dDlx-йƿh>  WHv!G]s" .&qy&H*?,~?EA}m xx Q^yzEƕM= љ WL OK>K~+~GsE.m@EUA2` + l~EțƀMV6SDm|VJ ٗRqf zCj [<;f;Y#bQHqń(}˼޽ FъHez%9n[-ol#c{權W) 9 `쏧dEW( 7D~Ɛ6&Cy6+#!lfwkwzh>m?Q3X GR@Ż3Yl>> n!%ww]dݟE"n*tz,n@0c;!(uSn; Glצ3Qv5d,- A}{7JAIVkʹFޘQ)nZ xS\t@X]XiN/^#/0_SӝTNnaK\mXb]l848c3 YbcE/]g[@" fQSإВM9i(N5ddhtOAfhe>*O9__2ݢ<]xd34o3Ӗ rKl cʐ"C@0&V:юp# *Z.ݩd:ŔkL_# PΈlƱBl`K q^a4m6j\͸%(B|NI~#- ?T/L.͹Wkw}(buRPZF&'-Ab8bA2 Y)eq2}V9Y;GF:$;c5>ޱti쬉AkaxgT7C7l=Z%"傢I b޴#ZRhˍu0+Ƴ%knUA|lqf!յg~׎A{^w'M,ZGNlH,ڛ@:ɢrɔ(d'Y* ޝbÑeh ̦,.Tn:]4\e-%ȮTA3g C##,찺n64hɄF(!l JycR۪ѨkӇ<]w> #9siT:!S:N !x /@h%N1n#y1{Se{|3:|JI3`'{[VEBYæZNCX 'o$ɜ4q; I/C귽(,`hޘUҤ!28RcEaXsPQ94C%'aKت␽e`s$6M0o<wRZ(HfHs)[[FǑ$vکGX2҈@ߺ;GݩJ dO.RE@QLa"d>n~U33o2JǬ'#2EiC/`͟zTj+7ۓƩdA tD.-RqZY/◫]$Y25-ҭx 8L)_⭞`Su_շ!CC qV%\%+)HKεx (~EjeQ[LjĪģۺ1ŁgIM;unnh)e(H޻tk߳\lAn[Mހ1$ѺX;f]ebz|&!qH, Lym5DFϥ6.i)?\Q#8\6CԟphYўw뺊]%rWH;YmaxMO᫗-I[X|9>1TE1Jq6DEkN5y]KE9_BgcmN?e{8m7;asxۮB=^^ TX06@g4%7ffKLMJf[)1lѰ XIVAA܄}]T<-gWVO+N$eݯ%\ ߇ }iߓw(&}Gt~)\ &*>t5]r|oYy_k9uiySJ; ʦTYKhD 5NKuK;Sϒ{6{ K*eRF@-#佷Vj֎V;z"ٹ*;8iG))LaCͬ,v(viCuhkB]*=??'zP`ǿMqfzp 2~.b W1ŋ :FQfmaetu?,eӦ&+¥UBpy?դׇ"K]oN)&0XN0%U50&T2 J WIe_\-p9o'BKym.iYB2n0|ab_[R w  3PDj[%๦d:;g,0B%0DUGk*+3 k$MӴ-hxO#S$ úEGTT;JbK~$]>a+2pm? rCP@+q:dGןCႅ!QEEgA [W=֒qk[0,UPD,8FZIyXAT@)8U]5Oc0 j1 [A\ (V)9)6 6:dahO ]f+^BL b 0t$>ꙕqY ܜ=ZzAM:^ى[IPۂRxRLq ާ6)F3\])+oiW؈?PQF!-x'7KaqG]*%ח%sJj6δ5Z `b)Zc{b6.RcTe%=6r6Q?w+NW:(mOT3v\LzE\BXdBҽ# .CvzrpyuuK!XEfT*\)KԈɼ Klu dA`-/;3ft k&P Pf .Vh9ox_5C>1<4."˾[['xc[{.uy3!f%?]J;.>&>:w^׸:󃍤N3Y% wBcPEROnxknS<* 1;ur 9Pk5jD"-P:'!EW"ۊG]7%(Q0Th嗅 O!೧-bG M:fNQDn57Q(ݰɄPaKm d KGǴ)Fn4JIGo$dIV; nz8ˌ[H(Up@Au8?\i1х)F6nuP즡In6 脑-lwVxHiJw]CRO.Q0a<Y} ǣojbϫJ8p68!4+*GB1v:~qWuS'Tt#Ź~ )ZA3[Ig9^3~G~ >,GNFMJ] O$1V3&?Zĭ+ӔϮlhd@0FB%7+f^J W&))m/m1mSaU^F@ :ܗfPoưa-1yn)RB .iA M5:D v7*"N CUv(W݋DOxӭׄoS9<+ʻa ߟ z#3QA%_8L)|t cxhAq0կ p>J㼬CUf*ں"⟓]B!gi9&WTVvYIiI½;)9ɸ&N}ZQQL98a]V:'8ANvK$=cu)B{9Rb8:~֯XʆL()>A]JU"[!Âac^h%Ӱ-uZ6=lP_ @ %2Tn0 $>͐d1İpTYӢE6zv,3Th.H+UA7 q{6 Y evaS~p#:IQL̮3#ck@aǂӇWyDr߶eQVl鯙q&'-ޙQ3zY+s֓›4/UgYd<`1t;p1>2yJY2  /ay.?`F6ժ{ܩU/(dCZ)󅂓!`0O)Վ|lR0 7>w)׍Prݗ]ek;)s"6 6ۀѻw+ARHZhSv] ұ1F #ɩ? 5LsO8%C 5<Z*zx4X,2TX K u]R WZHWQL@'@H 's"A-PL5 /~p`uu#3ĀJ]:TE@hZ/H*^ &f}[F 2Q,DQUؖ&Qؾ1 Ɏ\H.h"RSz`~$HJr><붶9yca 3r0T ?&Q-EP(f[ȬH]՘y ^Q#"KVkjlL5,vh苛G06W`-m$eKBP4qNDYԀ/{tҀ(iʆd>ELZ8l0x#T! #WEt}W)lIءF@Vp4>R-94z]BW쏌|+VpS.JyWWSR'GMp{%-qFo#4D\("M۔lƂo4y;\ &PDQx98VTdԿ?0nH拇g }{9BFQ@;,yAi d,W}TB#=AxP}X[I nv,n "&Ȳt*q?{{L x7-bz +C\1DR@vN4$+/ H&4K)ʾW`1sX͜ɗdA*|qU[ID b i$wT Jm`~`9YokI_!24ygWN2PR⏯xR0RTTTIm{81]0IC0S#`2`p]&h.Cim"zK3teVkJe[g }d.[usVN~[혌4E5~h`qg}7BWix~xP\8`:l(,#Ek'JYð<|c\oÝÀg+bzoZMPyL k=78ެ+'J8ے1Wk&C+ͣM͑p-Lֆ@ZG2u՞;Q3K5`=t`L5oͯY@ۼĆ*Rsw3 s"uyb{GGկwjy 6v3izbnհoUܬi5i<5E2lkJ1ܻz8[{evAd195aүʪf/ԶN',!oGm2L7k>yG GF)sG}8>!2S"o?#viʄB_ h!pѮni@Mʲ%GNIQ?i?:O{aS1S]Jb%Wz[AAãf*͸*it'-raǹʲcrI1+17/H'~ȏ'1`;Tu5< Q8FdL2{1FGk5S冹|jEf'an; ^|Ba>*MWw$2J՜Pp RITmU NVH)k]WJk焾)EխG;jIZiK@hMiLj,ĥ,X%DG4v'61&hPӂK;ܦ(1B1oY>ScNiۅ"Ց&yRb)a/d9̅7wg7B>C䁍T^͞f o\2uO9r熥'm?a)QFa-Ձ#ŜhA ZJzCx=*/[96ȀiF]nAuv}{e>*?w뾮ReAۉqOu' imoj}Gr\1D]}.J$-*0gT:uH!i$D& %CpDpK.K"#]Z4/+7B"2!oHUyu#$?oDi/pQLRr̍8e_S&jSaVT -I>RY`PPDe;meBzK_S8pB$9gIu?-Lu~>M^:ԉ;c-9qL\ΈDAF_)Og^(z1]2T2Y=c꘻RFM&H)p1`tYKؘYvM:`}0A^l#ڸŻaw pjx ܢ󘄚YupGef&Fs#s|;-d"/AW8vd#Ta?M43 $8J‹)` Iu#m$_2#--| ䷃FBY =R")IÐifQN_Hq;Y) 871ƞ`#3ueL'~TpnYC@ὶ%z ioV 20#.. eC*Wj?B'.UBkT!!ѯxBDPrC+FQK\0YE#Bm}^֌4t9Țq]\] P{']Pr鉡G38(WkJ^ IR8 ]Ey\HKkjO%wʵ  ( ΖLPzQ%<bO!BR\WSv3۴8{vȨxؔD7܊âĀ%e%bHpH=b"rEl0'ґok3$]8+N,\c*(|F+jO^%Sw6EOĨ, CZ/I19DiaWaY *0ˣP*pS P@UZʨA =!JH ]K"cNѕo=Igo{k[*J:=tdK4pl\%b$PـUaEgWph3\Cb-%e~KyyÄj_:M}D oz&*XBF 0 luNBJK])7Y̐eaǞRa}=Z(ϖ 33) sEчI$X\MUe4nJWNj1!Y#ŸFjJw}ءEB|6ġܾ5aȻ,(S8 fYQ)W3g 5IM:;U¥Z+g6ھ<m<ս+f=t9.軐 Eʉ9!b 1_vqĉ첽&<)qQy/yv{OLLř\@0gX>"q>e3nQw!=eAB콽/v2SNPi%ZWZ\;o[p&cw$+n~="G$1sإ=fnqzz-*WTGS? (7'\ oLoH tMQv'}g\gނHHFҼ0fPɤP_ڴ#&{gItTK'~B%,Qe!E)>d҈W1 Kt#vy#4o|f.”+9M=T4 pQkь!jVtF:F!Vbk_l,2V ŋTm&B BmC2gҁWg?T FF7c vQCT/Mʠ痽&7/CE#\Mmp~&͔3V}/ĆX;nR8c^jZv=^Q$,eXǃt-#ȗ&3Jd\)WKB 63#r﷊38]胃>o04*WKu.ԀnjIQ4}8\^d1FJױeyLN13^# guIh=5Xwpb (V+|{NJ+-uQ>[bJm'!}"P|IY'~Zt6Xg6UZnÁ'a(zK}wCH9tf3=珋j[NH~1Z#&fAr~DNxyS`}dLjŖ1S(?샶y\8f]J4OD=|q(412G;uyvL7/:o&# wH+ьC0Jа%[fPYiw[դ}+w8Lݜs@2. GD )^S0(rςusDު\ )2l|*YAa5OK zB0 @\a/ctڡȏ=qW\ |4nY4yDV%c?t1AkRE41*T/CNWB+.,!w_`` 2T*Z3}>AARM;;-1XEoo  @ gj@9wq4r8EW,_RL9qU n{3j"w[d?V8W³0^ܡ?\r=DetE|Nk:{rh2a+:lO~qrTSb+[m!g9{4e"ghmӖGُ^Xb7wꬻȥZ{$o^4tGT\'E7hd3y)7)M@kfeP&̢@SYm*e^UMiv,|3 >|ã'7_92ZFQs{pxeO0ѼY T_V:;XfVF GoY9r =;&gTU%?!P .oCU%vUQ4p r'uqނ=@7chX#B@ ^9e?bw5 Ux(9b1Gv})g F8Ftғ c&{ bw(4;*׷=ךG$`ŷ.>>I6.Lސ]: !TR$cA8ɒf~iU2 .!u>.]$w.@hmǾͽ+R^*A&a4_H;5Nk Վ;C?L0W *̹ܺ*/WԻ#&$$WkGtJP ׬/?ܤ+ ]B*YB@lo R2x. v @f YZ