openldap2-contrib-2.4.46-9.64.1 >  A b/D;p9|S$C7LsysݐBY] gA i7CsAWKbϘ IǟE >z!\/b(]( .G%ls=[Hq0.Lxmq,~F$0c3^.vu&Zc$1)A.C]ˤ{^ҏ-_tz$ !,1n;70.2#ZpNu h|o+#ސ@ x|)D<06bc0ecd88623a26072d7943fd6d6b039fce3c94207d9f833a671ec5b4db280e92922a409e2992138ed7ed9c57d82728bc8f9b93$b/D;p9|\,.ZRɧ`4^]-BAPe@MK1CXA]W!l'؉CӇfTʫE]?klO8'<Q|gWza_Λ 9v PxD,Nмt5$fd_{Ŏ0 *8}_e0d9GO Ef1.2cfv\Cҝ->p>v?ud " ;DHTXq 44 44 4 l4  4  4444 $ S (}8:9l:::FcGc4Hdp4Ie@4XetYe\e4]f4^iPbiecjdjejfjljuj4vkxwr4xs4ytFzuuuuuCopenldap2-contrib2.4.469.64.1OpenLDAP Contrib ModulesVarious overlays found in contrib/: addpartial Intercepts ADD requests, applies changes to existing entries allop allowed Generates attributes indicating access rights autogroup cloak denyop lastbind writes last bind timestamp to entry noopsrch handles no-op search control nops pw-sha2 generates/validates SHA-2 password hashes pw-pbkdf2 generates/validates PBKDF2 password hashes smbk5pwd generates Samba3 password hashes (heimdal krb disabled) trace traces overlay invocationb/Cs390zl34 SUSE Linux Enterprise 15SUSE LLC OLDAP-2.8https://www.suse.com/Productivity/Networking/LDAP/Servershttp://www.openldap.orglinuxs390x8p(~8x`p)w') (i '(X~HJp'Ё큤큤큤큤큤큤큤큤큤큤큤큤b/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Ca29e90de58f7fc18fbe7962fcfbe5add2fdd3c85fe715a1d6639551f37d3936ecd279d20487b58d664fa051aec923fc6b5ed937620a2b3873ff9936399d47bb63fc29e4e717f3fa44236e6b004246cbfb579d2bb816398755e4a071ede5d40acf5351a24a2b016ef52ac9b056fc66114ab93eec4547767a24c7288a88a2321032f61a1ff922f16618fe8becd68d62b51badb81a6f266f384e566bed25b3c920ab74c155a18816f1d59e596a4bf77eb3f227f559216a35874f05ce453ed550c143592f976ca689d85c457aaec0f6af293783d07c3304f5421f3a8428416b1dbd65e7fb24effbd8a404aeb41afdbd25004cf2b171e86ccf282e8fa205183350198e084b9ff54510aea552ca6661b6d9f36a00ae11a6d01401bb0ebaa0572f1606a4492e7dde9b2c71a9007d058533d06290247e4f3fc76abf15d3fbdc75f1e5668b13a9dcc49ef2f54f573378a09b32679cfd6b5a6ffd009998a6dea39888d4f61818c41557d8086288fdf85fe8d930cff8523d63b20bd6783e77e3ab9f6f8b0f8ff5303bcc6b5d36b7f6e7fa20481975e2b7fff375bab602290db5c7f796534e6e4c064d3c87df49fc1540d2b82c46ad694bd03ad602e1410ba34d1d83879e9896c7788713fdec6736ebadd99e17c817dc807dea3fceabdbf0cd7b17865ed827e4e652ef86c85d16c03a5c657d25503f4a2341ed26a604b25ec862ef3ea74fc97d1d040e86ccb662118e9ddc449b0dde6f55fe1052a313730ff351787156706aea7f29cc46945c1140500714c1032c3ec7cd15d721554e5abe90127738e7f9e1a9cf9cb1bab260523d73902e3d57aac9129137d2e6f6ebe792ad2b2b62b0b37252195d7230e36313b20f14a391ba4073b49bfbcefcd89df1cf20b0c38efe3869d1b0b9927dd05e1b0fa4d17885adf92d2de83287ca6445027f08531867c265cc9b2a34f4aa41ef4fa8ee47e3b3c56023f5bce64664dc01508622f3000162ca1338fa7c296b29698018f89f2bab899d100df95c2080ca2c3fd5b7d738926382e78d1ca89ac33f003e2e88b956236c5af70e08ccf86a065fbf3561ec2d8dcdbb76656bd132fa0c0a1323f07e24fc2916523838aab85e43703a44abfda0eb2afd081a10477d0c36cc79e28595fd2c00834abc61d8b619c193008ebad81611a65a925addpartial.so.0.0.0addpartial.so.0.0.0allop.so.0.0.0allop.so.0.0.0allowed.so.0.0.0allowed.so.0.0.0autogroup.so.0.0.0autogroup.so.0.0.0cloak.so.0.0.0cloak.so.0.0.0denyop.so.0.0.0denyop.so.0.0.0lastbind.so.0.0.0lastbind.so.0.0.0noopsrch.so.0.0.0noopsrch.so.0.0.0nops.so.0.0.0nops.so.0.0.0pw-pbkdf2.so.0.0.0pw-pbkdf2.so.0.0.0pw-sha2.so.0.0.0pw-sha2.so.0.0.0smbk5pwd.so.0.0.0smbk5pwd.so.0.0.0trace.so.0.0.0trace.so.0.0.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenldap2-2.4.46-9.64.1.src.rpmlibtool(/usr/lib64/openldap/addpartial.la)libtool(/usr/lib64/openldap/allop.la)libtool(/usr/lib64/openldap/allowed.la)libtool(/usr/lib64/openldap/autogroup.la)libtool(/usr/lib64/openldap/cloak.la)libtool(/usr/lib64/openldap/denyop.la)libtool(/usr/lib64/openldap/lastbind.la)libtool(/usr/lib64/openldap/noopsrch.la)libtool(/usr/lib64/openldap/nops.la)libtool(/usr/lib64/openldap/pw-pbkdf2.la)libtool(/usr/lib64/openldap/pw-sha2.la)libtool(/usr/lib64/openldap/smbk5pwd.la)libtool(/usr/lib64/openldap/trace.la)openldap2-contribopenldap2-contrib(s390-64)@@@@@@@    libc.so.6()(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)liblber-2.4.so.2()(64bit)libldap_r-2.4.so.2()(64bit)openldap2rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.4.463.0.4-14.6.0-14.0-15.2-14.14.1b/.@b[@``KW`/@`+_@_@_/@_FN_?@^^^*@]B@\ڭ\r@[H[@[vZ@Za@Z@ZZ.s@Z@Y*@Y*@Y@Y@YYp@Yf@Y7Y6@X@X7@X$a@XWk@WbW;VVɦVŲ@VŲ@V@V@V@V@Vf@V^@V\:@V@V @U4@T@Tuwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comvarkoly@suse.comvarkoly@suse.comckowalczyk@suse.comckowalczyk@suse.comzsolt.kalmar@suse.comzsolt.kalmar@suse.commichael@stroeder.comfvogt@suse.commichael@stroeder.comrbrown@suse.comjengelh@inai.demrueckert@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.comhguo@suse.comhguo@suse.comjengelh@inai.dekukuk@suse.comhguo@suse.comhguo@suse.comjengelh@inai.dehguo@suse.comhguo@suse.comhguo@suse.comjengelh@inai.dehguo@suse.comlmuelle@suse.comhguo@suse.commpluskal@suse.commichael@stroeder.comhguo@suse.commichael@stroeder.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comrguenther@suse.comjengelh@inai.de- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression reporting is bsc#1197004 causing SSSD to have faults.- jsc#PM-3288 - restore CLDAP functionality in CLI tools- bsc#1187210 - Resolve bug in the idle / connection TTL timeout implementation in OpenLDAP. * 0231-ITS-9468-Added-test-case-for-proxy-re-binding-anonym.patch * 0232-ITS-9468-back-ldap-Return-disconect-if-rebind-cannot.patch * 0233-ITS-9468-removed-accidental-unicode-characters.patch * 0234-ITS-9468-documented-that-re-connecting-does-not-happ.patch * 0235-ITS-9468-summarize-discussion-about-rebind-as-user.patch * 0236-ITS-9468-fixed-typos.patch * 0237-ITS-9468-always-init-lc_time-and-lc_create_time.patch * 0238-ITS-9468-do-not-arm-expire-timer-for-connections-tha.patch- bsc#1182791 - improve proxy connection timout options to correctly prune connections. * 0225-ITS-8625-Separate-Avlnode-and-TAvlnode-types.patch * 0226-ITS-9197-back-ldap-added-task-that-prunes-expired-co.patch * 0227-ITS-9197-Increase-timeouts-in-test-case-due-to-spora.patch * 0228-ITS-9197-fix-typo-in-prev-commit.patch * 0229-ITS-9197-Fix-test-script.patch * 0230-ITS-9197-fix-info-msg-for-slapd-check.patch- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. * 0220-ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. * 0222-ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. * 0223-ITS-9427-fix-issuerAndThisUpdateCheck.patch - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. * 0224-ITS-9428-fix-cancel-exop.patch - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0218-ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0217-ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch * 0216-ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0219-ITS-9413-fix-slap_parse_user.patch - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. * 0213-ITS-9406-9407-remove-saslauthz-asserts.patch * 0214-ITS-9406-fix-debug-msg.patch - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). * 0212-ITS-9404-fix-serialNumberAndIssuerCheck.patch * 0221-ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). * 0215-ITS-9408-fix-vrfilter-double-free.patch- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. * patch: 0211-ITS-9454-fix-issuerAndThisUpdateCheck.patch- bsc#1178909 CVE-2020-25709 CVE-2020-25710 - Resolves two issues where openldap would crash due to malformed inputs. * patch: 0209-ITS-9383-remove-assert-in-certificateListValidate.patch * patch: 0210-ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch- bsc#1179503 - fix proxy retry binds to a remote server * patch: 0208-ITS-9400-back-ldap-fix-retry-binds.patch- bsc#1178387 (CVE-2020-25692) - unauthenticated remote denial of service due to incorrect validation of modrdn equality rules. * patch: 0207-ITS-9370-check-for-equality-rule-on-old_rdn.patch- bsc#1175568 CVE-2020-8027 openldap_update_modules_path.sh has a number of issues in it's design that lead to security issues. This file has been removed, from the package, and the %post execution of the install. The function is replaced by /usr/sbin/slapd-ldif-update-crc and /usr/lib/openldap/fixup-modulepath, through the addition of the source files: * fixup-modulepath.sh * slapd-ldif-update-crc.sh * update-crc.sh- bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. * 0206-openldap-tlso-use-openssl-api-to-verify-host.patch- bsc#1172704 - Change DB_CONFIG to root:ldap permissions. - bsc#1172698 (CVE-2020-8023) - local priv esc via start script chown -R on olcdbdirectory path. Remove chown -R on start to resolve.- bsc#1170771 (CVE-2020-12243) - recursive filters may crash server * patch: 0205-bsc-1170771-limit-depth-of-nested-filters.patch- bsc#1158921 libldap-data should be requires, not recommends to help prevent user confusion around configuration ownership.- bsc#1143194 (CVE-2019-13565) - ssf memory reuse leads to incorrect authorisation of another connection, granting excess connection rights (ssf). * patch: 0201-ITS-9052-zero-out-sasl_ssf-in-connection_init.patch - bsc#1143273 (CVE-2019-13057) - rootDN of a backend may proxyauth incorrectly to another backend, violating multi-tenant isolation. * patch: 0202-ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch * patch: 0203-ITS-9038-Update-test028-to-test-this-is-enforced.patch * patch: 0204-ITS-9038-Another-test028-typo.patch- bsc#1111388 - incorrect post script call causes tmpfiles create not to be run.- bsc#1114845 - broken shebang line in openldap_update_modules_path.sh - fix the script- Emergency fix: move tmpfiles_create post from the library package to the main package's post script, which ships the tmpfiles.d configuration. Fixes the post script of the library (-p /sbin/ldconfig does not allow more statements in the script). - bsc#1111388 openldap and /var/lib/ldap/DB_CONFIG* (transactional-update) * source: openldap2.conf - Added a patch to let slapd return the uniqueness check filter used before constraint violation to the client. Fixed broken memory handling in affecting error response of slapo-unique ITS#8866 slapo-unique to return filter used in diagnostic message * patch: 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch - Don't require systemd explicit, spec file can handle both cases correct and in containers we don't have systemd.- Fix CVE-2017-17740: when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack * patch: 0017-Fix-segfault-in-nops.patch (bsc#1073313)- Fix slapd segfaults in mdb_env_reader_dest with patch 0016-Clear-shared-key-only-in-close-function.patch (bsc#1089640)- bsc#1085064 Packaging issues have been discovered around the openldap_update_modules_path.sh which has been corrected: - the spec file was wrongly configured, therefore the script has never been called - the script should create the symlinks first, as slapcat is useless on a system which is already affected.- bsc#1085064 Add script "openldap_update_modules_path.sh" which which removes the configuration item olcModulePath in cn=config which is after upgrade from SLE12 to SLE15 holds inappropriate information. If the cn=config is being used on a system, the conflicting items in slapd.conf are ignored, despite of it, the backend DB configuration section has been also commented out in the default slapd.conf. In case of correct cn=config (the olcModulePath has been already removed), the script stops without touching anything.- Upgrade to upstream 2.4.46 release - removed obsolete back-port patches: * 0013-ITS-8692-let-back-sock-generate-increment-line.patch * 0016-ITS-8782-fix-cancel-memleak.patch OpenLDAP 2.4.46 Release (2018/03/22) Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717) Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373) Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687) Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791) Fixed libldap MozNSS CA certificate hash matching (ITS#7374) Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389) Fixed libldap MozNSS initialization (ITS#8484) Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650) Fixed libldap memory leak with cancel operations (ITS#8782) Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705) Fixed slapd to maintain SSF across SASL binds (ITS#8796) Fixed slapd syncrepl deadlock when updating cookie (ITS#8752) Fixed slapd syncrepl callback to always be last in the stack (ITS#8752) Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778) Fixed slapd CSN queue processing (ITS#8801) Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720) Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520) Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226) Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404) Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692) Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752) Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100) Fixed slapo-syncprov memory leak with delete operations (ITS#8690) Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444) Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100) Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607) Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800) Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486) Build Environment Fixed Windows build with newer MINGW version (ITS#8697) Fixed compiler warnings and removed unused variables (ITS#8578) Contrib Fixed ldapc++ Control structure (ITS#8583) Documentation Delete stub manpage for back-ldbm (ITS#8713) Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121) Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818) Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715) Fixed slapo-syncprov(5) indexing requirements (ITS#5048)- Use %license (boo#1082318)- added 0016-ITS-8782-fix-cancel-memleak.patch- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Add openldap-r-only.dif so that openldap2's own tools also link against libldap_r rather than libldap. - Make libldap equivalent to libldap_r (like Debian) to avoid crashes in threaded programs which unknowingly get both libraries inserted into their process image. [rh#1370065, boo#996551]- use existing groups instead of inventing new ones- added 0012-ITS8051-sockdnpat.patch- updated 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch- Added OpenLDAP new feature implementing OpenLDAP ITS#8714 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch- added overlay trace to package openldap2-contrib- Upgrade to upstream 2.4.45 release - removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch and 0012-use-system-wide-cert-dir-by-default.patch - added 0013-ITS-8692-let-back-sock-generate-increment-line.patch for supporting modify increment operations with back-sock - added overlay addpartial to package openldap2-contrib- Remove legacy daemon control that was used to migrate from SLE 11 to 12. (bsc#1038405)- There is no change made about the package itself, this is only copying over some changelog texts from SLE package: - bug#976172 owned by hguo@suse.com: openldap2 - missing /usr/share/doc/packages/openldap2/guide/admin/guide.html - bug#916914 owned by varkoly@suse.com: VUL-0: CVE-2015-1546: openldap2: slapd crash in valueReturnFilter cleanup - [fate#319300](https://fate.suse.com/319300) - [CVE-2015-1545](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545) - bug#905959 owned by hguo@suse.com: L3-Question: Are multiple "Connection 0" in a Multi Master setup normal ? - [CVE-2015-1546](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546) - bug#916897 owned by varkoly@suse.com: VUL-0: CVE-2015-1545: openldap2: slapd crashes on search with deref control and empty attr list- Drop binutils requirement; the code using /usr/bin/strings has been dropped in openSUSE:Factory/openldap2 revision 112.- Remove superfluous insserv PreReq.- Introduce patch 0012-use-system-wide-cert-dir-by-default.patch to let OpenLDAP read system wide certificate directory by default and avoid hiding the error if user specified CA location cannot be read (bsc#1009470).- Add more details in the comments of slapd.conf concerning file permission and StartTLS capability.- Test for user/group existence before trying to add them. Summary spello update.- Move schema files into tarball addonschema.tar.gz: ldapns.ldif ldapns.schema rfc2307bis.ldif rfc2307bis.schema yast.ldif yast.schema - Package previously missing schema files in LDIF format: amavisd-new.ldif dhcp.ldif dlz.ldif dnszone.ldif samba3.ldif sudo.ldif suse-mailserver.ldif (bsc#984691) - Fix a minor issue in schema2ldif script that led to missing attribute in the generated LDIF.- Enable build flag LDAP_USE_NON_BLOCKING_TLS to fix bsc#978408.- Move ldap.conf into libldap-data package, per convention.- Move ldap.conf out of shlib package again, they are not allowed there for obvious reasons (conflict with future package).- Build password strength enforcer as an implementation of ppolicy password checker, introducing: ppolicy-check-password-1.2.tar.gz ppolicy-check-password.Makefile ppolicy-check-password.conf ppolicy-check-password.5 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch (Implements fate#319461)- Remove redundant -n openldap2- package name prefix.- Remove openldap2-client.spec and openldap2-client.changes openldap2.spec now builds client utilities and libraries. Thus pre_checkin.sh is removed. - Move ldap.conf and its manual page from openldap2-client package to libldap-2_4-2 package, which is more appropriate. - Use RPM_OPT_FLAGS in build flags. - Macros dealing with old/unsupported distributions are removed. - Remove 0002-slapd.conf.dif and install improved slapd.conf from new source file slapd.conf. - Install slapd.conf.olctemplate to assist in preparing slapd.d for OLC. - Be explicit in sysconfig that by default openldap will use static file configuration. - Add the following schemas in LDIF format: * rfc2307bis.ldif * ldapns.ldif * yast.ldif - Other minor clean-ups in the spec file.- Use optflags when building- Upgrade to upstream 2.4.44 release with accumulated bug fixes. - Specify source with FTP URL - Removed obsolete 0012-openldap-re24-its8336.patch- Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch into 0010-Enforce-minimum-DH-size-of-1024.patch- Upgrade to upstream 2.4.43 release with accumulated bug fixes. - Still build on SLES12 - Loadable backend and overlay modules are now installed into arch-specific path %{_libdir}/openldap - All backends and overlays as modules for smaller memory footprint on memory constrained systems - Added extra package for back-sock - Consequent use of %{_rundir} everywhere - Rely on upstream ./configure script instead of any other macro foo - Dropped linking with libwrap - Dropped 0004-libldap-use-gethostbyname_r.dif because this work-around for nss_ldap is obsolete - New sub-package openldap2-contrib with selected contrib/ overlays - Replaced addonschema.tar.gz with separate schema sources - Updated ldapns.schema from recent slapo-nssov source tree - Added symbolic link to slapd executable in /usr/sbin/ - Added more complex example configuration file /etc/openldap/slapd.conf.example - Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap - Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap - Added patch for OpenLDAP ITS#7796 to avoid excessive "not index" logging: 0011-openldap-re24-its7796.patch - Replaced openldap-rc.tgz with single source files - Added soft dependency (Recommends) to cyrus-sasl - Added soft dependency (Recommends) to cyrus-sasl-devel to openldap2-devel - Added patch for OpenLDAP ITS#8336 (assert in liblmdb): 0012-openldap-re24-its8336.patch - Remove obsolete patch 0001-build-adjustments.dif- Introduce patch 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch to fix CVE-2015-6908. (bsc#945582) - Introduce patch 0011-Enforce-minimum-DH-size-of-1024.patch to address weak DH size vulnerability (bsc#937766)- Introduce patch 0009-Fix-ldap-host-lookup-ipv6.patch to fix an issue with unresponsive LDAP host lookups in IPv6 environment. (bsc#955210)- Remove OpenLDAP 2.3 code and patches from build source. Compatibility libraries for OpenLDAP 2.3 are built in package: compat-libldap-2_3-0 Removed source files: openldap-2.3.37-liblber-length-decoding.dif openldap-2.3.37-libldap-ntlm.diff openldap-2.3.37-libldap-ssl.dif openldap-2.3.37-libldap-sasl-max-buff-size.dif openldap-2.3.37-libldap-tls_chkhost-its6239.dif openldap-2.3.37-libldap-gethostbyname_r.dif openldap-2.3.37-libldap-suid.diff openldap-2.3.37.dif openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif openldap-2.3.37-libldap-ldapi_url.dif openldap-2.3.37.tgz openldap-2.3.37-libldap-utf8-ADcanonical.dif README.update check-build.sh- Upgrade to upstream 2.4.42 release with accumulated bug fixes.- Upgrade to upstream 2.4.41 release with accumulcated bug fixes and stability improvements. * Add patch 0008-In-monitor-backend-do-not-return-Connection0-entries.patch * Remove already applied patch 0008-ITS-7723-fix-reference-counting.patch * Remove already applied patch 0009-gcc5.patch (Implements fate#319301)- Add 0009-gcc5.patch to pass -P to the preprocessor in configure checks for Berkeley DB version- binutils is required for "strings" utility invocation in %pre [bnc#904028] - Remove SLE10 definitionss390zl34 1647264721  !"#$%&'()*+,-./012342.4.46-9.64.12.4.46-9.64.1addpartial.laaddpartial.soaddpartial.so.0addpartial.so.0.0.0allop.laallop.soallop.so.0allop.so.0.0.0allowed.laallowed.soallowed.so.0allowed.so.0.0.0autogroup.laautogroup.soautogroup.so.0autogroup.so.0.0.0cloak.lacloak.socloak.so.0cloak.so.0.0.0denyop.ladenyop.sodenyop.so.0denyop.so.0.0.0lastbind.lalastbind.solastbind.so.0lastbind.so.0.0.0noopsrch.lanoopsrch.sonoopsrch.so.0noopsrch.so.0.0.0nops.lanops.sonops.so.0nops.so.0.0.0pw-pbkdf2.lapw-pbkdf2.sopw-pbkdf2.so.0pw-pbkdf2.so.0.0.0pw-sha2.lapw-sha2.sopw-sha2.so.0pw-sha2.so.0.0.0smbk5pwd.lasmbk5pwd.sosmbk5pwd.so.0smbk5pwd.so.0.0.0trace.latrace.sotrace.so.0trace.so.0.0.0/usr/lib64/openldap/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:23252/SUSE_SLE-15_Update/64c3e9ba52304389111a9955fec22fb6-openldap2.SUSE_SLE-15_Updatecpioxz5s390x-suse-linux     libtool library fileELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=c1e70059345e0beb48b5e7a6713514f22f12b152, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=a81533a3957fa3b0de864e3ae989e39f8e4d1c3d, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=5501e04ac162341e3dca879102fc4d2ee5ee0f34, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=76d532a539923d35d84bdebd96e613a93c7575bb, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=c347a7f078e5a135e9bda338913b839142d626db, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=10024afb5cd09483088a95760c4ce01d9de691e3, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=b19571d801230f2b880804fba12519bda3a8ea18, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=fa1bc2a4ed0b29ec59b50c0391fc914895d9e363, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=e182229f5cec9f9c5c9032c95821b44f31284a1f, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=6520af5dfbf0cbee7bb81d03c186ecc14856dd1f, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=5eb35ea0851cdb0883f7dd127ffeeb424354d9a1, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=ee4b73bdbb70dacc52352ae80ca5c3ff62dc9822, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=7b5c0ee5f5722665d00a427d8a264acac04d81d6, stripped  !%&*+/0569:ABPRRRRPRRRRRPRRRRPRRRRRPRRRRPRRRRPRRRRPRRRRPRRRRP RRRRRP RRRP RRRRRRRP RRRR) `mnutf-87962adfecd6c00348bfc7c95ca94320a2eb195749ca1e77149b3958f4d58a484? 7zXZ !t/-] crv(vX0 1M2X=Q@ڪ Q? E/gjqjUL56 $8j b-KDZxdM[qAu98a-KD\7<;B!D)0 ь37VZ0Ogn@MߜM"AY@NaDA ڠϲ}͝0!9gIȡ2Y|U_&= ;5.fWS&D"]V%jPm{Ȭ+g9Pj0)&z>ϺYZ; NzW -Ͱ=?d$W2%IsZꞵ$$^+7*5|)FqYz=x8yLC׸ţ0ƅ%Ll僢44@T0v#YŬ<@znd!U~R_fWsǮpmƆ&[ uԫ: ֗2)w"n"ؾzaF7e&#%z4뾆5gEK|prv*FdðPY;R~TgAiLj 3I!8û4p-53˼:Z@(F ^U`pPŞ$ex.SM 8U[Tmq=^Assc9AT"tڿɍ'stnyF?Jܒ=`ѽ_^7UB$QRK_$!C/>~hV\p:CqhH#Sp {_fm#/bjf9[/̐g}|WQN#y@{벾 66rDԇ_iD7gP:-f"^vu'0/&{rۜ5;)k0Ҁ^"LeN9ɭ'qZm5:}@tUJb 5!cB\ sv#{s6K 6·1#v&i3؉p'FGڰдצbgN:ܒ}?Gj]vѢ1 ,Wh33BG+إ>{P?!s.$!H +F(B!]Ɇb&jmK/PIiy?~kM13x}n8JvCm9䭅"G Քu#`V # }LЯp?brk2 8o^8ژ}c(j[_D-<{mrZi&cchKG MH }Oh!x@[v;5ʦ*WCs!+~Uz[Aw,و051̠v^9,s0Ł7P hWpZ.M)09!fڄ &90Y1^%/wM5LIҁeP2-gliy8O43 ngqe8_߻^K@)o$= V4~ LZxG{u/=x2=LAsR+Ǵ尥#{h29=NEq-kFロxJыf.Rfc\k-݋5ҳ^Pɓ{g],tiL{ozReKh D~ʑ,Iq7^nwo;)~kO Ɗuw.Qą>$ P3.$:[E*p\.8a8gLN>OEAVQrNϙtTUv9~TrN)C|E)pq4nr\0e;ך5<9C uX6m|BEb~nR ߯P VБ+ڔpg %2D Dj%ɐ ya+2hJlk0ME7**̾pޭv<@~AwH*,4dvh(H*~BOg{iؙ)wl;#l0C'+*]HpsT+Pc8%Nݶu;=XdS!IZ02. ߘ=EK6loܗGQͣؾ 5#\$UMj\./K ]<]`9UX¤xsH{de^ݬŠ3`0M+nn;>EfC_zRŇyCfp 3{a,O:|:״up(:eys.x9Gm`+(pf,ez0+c: +"4GN=Kk--hJ8{EO* Wx4%j,sFC>wˑG&Eɘf /[dje6}r|8)%EYlyvRH'kkWq}Fz| +uC4mIʨUʯT$5 "]'8nTbʕ.)z+xQhbS^)ڂK`Ǎkk-2bj T~Lz[LjKh^%{Htjd* ( +Y)),3яe)f} ^ ̶~pr$,/NA6=B*+-3N[F7N#I=9n5(ޞ3BѾz]*X¤3LZka6o?E2cGqa?/hO1mzn`` B/4^ptSNXjE`/B`r d3^ohͥRj+BEa:`bR &ih8w[PI @g@r9DvNϙ"fՔg7hت_5oAMB|HXM"$9o08٩.HmB+hO8Oʧ0M˰Mf4 e+7C?}]ͬ"2S}ꦛ&2|Ϊgʢe9tbGo?%YZsEK^[9v`~8b"i\-C_ yE#BJO;UĝƘ1=\|2cOf*g'96!2*ލݦS?vyejiѷҮ3צ:wK{g(GhM c~]]6B~oD1o;Z%rQ ؠ28PEb^'+Vosc̞?: z҃ N8ˆtǶ*Io~HzRzXV{{LWT#.%4 ķ:؅B+<)gjL1%RFXBZ$\Dn,9gOPI`ӍhT#]8g6_LzzӗZyfi%VT"-ʻ[,5ͽUe,E?~ -915Q)á>5`*]Hդ0'5s?{, éh8@~17fy YcshKA ~&b'ꃔ\= dW^Y[Т>]p8pp1Cp$/cPQމ}:=8T2@Ku]jm /Bü]BZFy֗@a^$EJ]i%t1) Er]p䒌DZb"0˻LJJvyx2~Lԟ顿r;9HZ! M2RTLt3aʢ8ޭC?~c\f(dLZl B"W4RdFO#TGTHZ2=_+HfOb;سLk!buK@]P&Pz=2e3Y5bf'<pg+7AK&9j1 LVTk,ވv2*96=XL9L k.RUU kUF46˗`?}3HkGłMYD*5;J?ph#_SK's,Cpd:=/hNCC%Z&QmHB= |)I /(\ޱR5Uז(]SI\-2~ߙ2oIK~o,X=}_~&ڎ Md4 0.N|i śΊg'(*Dd ArHgˆ)_mTL%~{3~ȸD뛸T;+q]0ݬt𗐃@޻->\`yݖZU #;x:6~KwjU&BV,=Mn)9MIoa5\V2|OF"fL˱;s\VԯFhN2t)Lnk40Vf&eWt<^Ó 'B/Q6ڒdr Y!͑uב]`'D_o6KTxYF X*a]%З= nu59/p).}̓ (ۓKھqk$s)mOVn# =+.:t tyBv#sǺ4.&!rW1nӍ†9`6M80sbbUmB!]K"xH-) A-^DE '"Pg.}f)aqǐ@g3~iYu/ P|ĉ# X ?:䘾EB q2)*mk7UVaa'; GjN9'D\*pЊdIBs?6tLx f?d傷>ADO= "RöG))bLg]|oe=oCw\EdntdJ KA~ W1-lGv 8wDcꃡ%ȟ˸Ds\<me2!0\ +!XPSgߣbflQ6BO{`>7䫨iObqq׀LБUzu[WSg7p/rɽUˁhɹ3XneO?o[ +maG@qo䁔nӞuOu cq_:މ1Yu{x&1MyUZ|js<7CLb(]/%2#+ц~&;O-D=PTClTS?Ir4]jӝIBi:(@E$H_O6wZQ2V ւ$}y:"n ?+VgH;~'x9w`'J8U-gЧD<^g''A: ؖHh +3Q)Fb7:/p@3EP!/ϵeFHEG^M3s/ b[kОt^k?iHID9gau;F0ۊU%0PV٦86$A 94p. 1&%JN&R@8Σġqsfm)+ΠL=?eʙˉ&j]6*h|I`)zZ3=h#XLߝ%>h젌~ $m O[ ]tKs \RW)cfSYH.2nhTBsԃUh GZi碟<~I.U{^D3v;g}* lrq|4?jETO DF,V5OQpv/$شl^=E^ O ?y8U?Tq4ZfH')X鰟a#qquOO6]XqQ^ɬ5_M˰@(P=)Kp2GDGvCm]o CHEZX xOʊe_< ] 4cYYx? )\1@ԸħpXYgz ֺE0`41kl%K[:h!&sc{6O*9RӜ?YE*{.$KugwFE=IpJS"yn@Yj|U:b۸PɧN[[S}RvJKyao)f C-AM'W nGBS'A%_/9sMώ(?TB({7#TՒU t%Ub 1V3ChZf 2yA#]1.nOaB6b*i'Aj!S  fhP_NY;F裪Ck RY2>/|ર g!@+C:a1okuLe.hwϸ֘ AWO8NPR`97+np>ď6k|nWgflbU[R:. -Tׇ!U!vxu&efiC0`ӤØfIF\K_(S^kZ ͉څ&C7QlHv46ɺhe3?_dۤ{`).DLLqa[s ܉yR<'OiFh}@4ZѴ -"cbWĢZ0=3GL?PM$NAZ;XSŏښI#L߳]^T wycT% ?lw"LafY uƳ~(zY~ B!,\;j|Id'Xr8_wU "`˵ O@4E 1ة:')&t ,;'?{|>($ʚCc|Spu}2 lz/9aX E]ޖ93Y$)t_<=ub-cp2*3PX Eߍ$iy}̾8g%+Of=hq!vooJ'q2DNi~ Praf|T+]b^x[{(]Z% ObioL)~[og|L@VN:]d1≁ n{DS@%~הcůk]t?x#Mh*JOLlYH 똦K-jmuGZ|e:Q]UJZ%.YY\$v[7(HW!JA)=(~v*-@m2.݌[2;Ssc'E.=.䍝2̉X,Mrzċ~1Y )a Z>'Rމ(Ջ w{ H9}G_r/WkG2LY8失+);j.Wi,$l}(75Z'dkcmrWWvP_qwQ/gݠqEj$\D`W¶B"n*2}RLPm.v\긫M:5=Ť:2N,Y:'ugAكc2PB֮y}Bg= O8lOTf)r0C ZLI>G HU&pgL_i.*!czӋӎ+L;>bå?t3Үp0ꚟlMp!1%8:P  ^M9XOI>03z p;rvtjo«7W6%oGz^˽QF HE =Qqj&E}L h}Y?9i_D0iY LiXZ& DPŋ iUɒ5xP^CCCy#\m>14-X3ѦP-g'8([^T@Ifw J-D.#߽ȩIC 2 Z RBAR+J{z'B^]0+5S׳TStr kǿV} >h&Qj/nkYI_@zh *cI;h7^f a;ozj -rt Y>vOfWGyBrXIAnZ^BoSzk{Ʌ0䬡BJmbR Ja P~MgU&_^Ky|Kew5X 8c X9S:\k^xqfoF̋ռ\6JԐԧ8lVTc CўQE~O~hL:Y{*A_=]0 䂋`f~2K v:\;*|H NIr|obk"soysb|A%^JՆix%Yz_ ȃR`>D'/^p Ckg33q]%r3w%8̢܄0{W[l!IddSYq{BY5=ӂwnuV.}a>菢l|h"pM(կQ4L5Bִcu4WrjDuA)A\>+j:p\WCH9;BTWMy_d,2BjqZ\"DZpgiz `S i;nm>7 ذ>WgH S.9DBڸkL]a[(;R`=J;4;|Gm:_B(/;e>wt(>&0Q, mjD?1aۏjەQ7z)dxBEi_>;%R-$5k| .POnrK`|a8MqCVRi&=ؔT;ʋWl xTN9w[$)6ͅpؠ?feqbvNT%9zc3ɭSc'3ZϚ;pzUyJ<=%I7Ѓ/޵-{45 g.w-yXrFw5sEljO᭪Ι>Ɏ3 '۱c XOH9B0-(b X8 >F}*,m= !Q!ng߂TؒB o7afJTP>>M1`wv"ڜ *N;Y)y-ۘ)$e+dh@%]Ħ*kI%ł/W(LBxacH' OGĕH8d-ÜlnF~A1bI~NR<˙N7& }it0 Ae3%Ͳd (W ࣒i=L'|HY`r#!!vk0=>6^Dya ~goa͉AR~h}9qř)GS qNZA9Yd3C=u'VK Kk''RaֱdZbL!C[]Y[ *!M0m/VkyJ0#?WtHƨpGвʚq;MȆ1p gPP{- Xb?o.216Ita(k#_A |+m]ߋ\3*ԊudT# p|YZLG'WঃX"6Ntsa\tdF y>V%yONwjh.5"2=qRXX}~o^N錡ڡ#FЃQlƿ!fA zV`>|qTUItKL3yǧVNE5ykGw$sTV&Þ Ӯʗ}ĺx鬁3"m֟B F*(4NXXgysQ[myvDVd~4"4%a!SQ=q ]Iόojp - YvBݝٟz9Nm;k[i( 2KF;)0I̔OdTb 8uvc F0+N ȑN Cv4Ě%xF)7oEU- B -Shpv9j^yO_?>Əcv- tQX`2ߌ::X-,RwġNS]?9]9KiEgX,Z\k4EǜA>y7P9ՑЯL? Έ~PNf'!USKsq7gaέiծPS0K~o}v1xL cGi %DV4S1ZNi lw;ZHEDZPKןWs\Q_d-iP1:I-o %9P;; gt%Pظɸh+c+p]H8lV@ܷR[_h!1'6D UsW82A vYn%-2w@+4' bpoǛ ͎"KHPZu1}3.7ʥ|cGbyn(1t@}G.["p|P͌:2x4Кhr>ƚkw^PUMZa RdSoޘk""s$d߬a퐖YNc71yP|8Q oLbK$3|茧7~Pj8ovVх}.J$N&i}2Rba/@(@?=Zb Rv[,G0LBFRAm"Юܓb6 -m3,[2\y|æaLjחa5l>7"x#;hJx`+_[Q?!VRX>NĒ[' >H`68ƒC`ze_uqreR*)GmN9(UgQ@VR9r0GP!eq-#o6pM~"#qv 7߻FׄVX8,ʀ7)1U䷣oU_SI{$owR&{}ٹиƛO\Ԓ%ܗ9u]%t 7P7EJS ph.,Ze_PuV9`~eXez@?F[6 .~B˞D`(E]t[͏V = cx񽂴X #I4YCXow$R_Mms4M1z*/͔TZtӟF*DG,} h>cJ M0 8Ї{l uԪ<[̯Wo|lmIk[o ]Z|FG}&:I)NY$R8]SWKlģHH/B>+Sn^IśJk1h)kcڇ8$ILjmuE:y,X[/ 327nƢ͡ uyo0s"0СNthp~vM ԽD؏QBphX̖iV|IءZǽ> {{_1L;p3bDhhD 5s7gGP>mO@ &`}Xv%=q"T$᪡$[ҝ@[%${_FQ"M{o7\ʁ@/jH'td~LFj7y#_eq\aa\NւWr$gX#dNRjWq ~b?>: r]gklfd}棡{_'uv[=uAէΉ_'u|M8 ҸlӪ_ewbUuӔ)d6G N7ׂ 3EUV][aԂ1pb(6}|vƳ\?pfx;v XCxpc(+-[UD_e1Jh|VHѢH_y|yW1}\͏KUǶ"Ϛj7ieesisި̛ <@ߔYǀet͓,~'i_]O*Zu]m2 |##IC߈Q1 /~La ykLÃyU!]btPHaoJ$S{;\I$fBS*"",x]9dR* 5zk7v,ḋ/8U~Wjn+RiEQF_!spΡO'2yIޙbo'"M% L5'#Tx0,R-O}kZ=}6),iȪDZW@V 5V;2w+2hxOX jlL Zd,T@ӥCLʗn C΋pRCMg偀X<єJ[f?Xן}"ĪZOUD l&Da{!thŤ ]k1*$>*Y tw*'LYeZd#_peZۄӁ1>lٹ7 ຾*d̃F II_Dga g J0+w{;0Yzρ4mЪ03K8qXn% 4i&@Ayֶ@> \fJ~u Az o0u sJeCSϾ>7G4R@[L͋.*-ݳŸ5Q}+ܑ\2Tv˅q \g7aEOsNYƍp{ uL΄^&#WVk1-LP1 Y;rLCTF:0vۭ8O@; 8|ކCQ7k'A)f :[m]csW^~IRa-/e0jP۝@ R ff oJn 3klۛXGws"6r>'A?!yJ'VCj@B3W-.EEÄ#rJ{7bZO+.傡޹K]a5oXUg&ׯp: 1 {+9Mt(#;F*:\aF"pTnh(xݺ09BJtj^Jc_zϢ;:~ڕ yy.^v"%}eID0U<֧_kBӾ*m:&#ASS.O5J;ֶ7lw]nW0}VBF'96g+54>эW>\}H]\&1!yEK8y{ |iTW `4~ոluɳcjC9`n"W7)'Iǐ6hb}$hڠ4Í4WQ䌡J&ԃ}|F6K Dg@.>ݻzs=i:Sly}R\fq{ s]GZƕGxA||{+A*ˋ~-+bvrVԲ5ڇQr*f+_W+t=qK  fPǸLScT grCSʤwG~w{t_]aޕ"G/V,J <)Hx=:%!QOdLryuRٖ/M}=8=+5i$$yi%f3~.,yTii~hS*f2SBu񛆈qJ-1.:La xكMW+;Z4Šc+XI$kvgSdjVt+8W5 Wk=)E;{Ld4-(j5(@ KQ~#1͝`C=5^\`GЎ}(9)duV r5 ڄJ^MݣVfHBei 3 bj>%?Ꙧ[iOLoXSb-&aS-7f[qze:O(V<*MQbZ])gsTS' t*7uR826KS|!ZMt_8E)R i6g2tkEpO26qΜ:6} ۖru k!E ǖ!YEY!+Gf[/TA -.q4x=M_XnbfjRsOq),u-sȐ%CVg(OENvs6R@9v9VK3n>"bRo:M;vB6(V5~Bc:p fi?yfRoа>ߺ.,"H_ɝV޻zQ@=쩔`0][xR:nu2<)_&ukSw}&k#P0w؀P/oNA/l?(WWBm1[LٰXٓ+ܣU|#,`c E=ջ/9opX7]S q n Ko Zl[7o,Na<A)uc4 ?+@d0(ybSlJVЙtKF J+oHI8eOC>c/Fn/騍H>@3giMUb[ICt!Qju#>07tNf5k"x.. kR KH!BIךĵhd7;6c4VWlvO+,WGfPWmg?f`NqߨIjC3O >`j Ob\x؋t \ -%ZnvTijHV쐅׸(f/:dhq.&}臃ՂE`NBɤc#w}~? 7}k̎>;,(ZPDE`7$Tua. b(N? ?p|y?7&vȩ/:uЧ!WoGQY;{JInR&%jاߨ 2+Ei\>ݛ$nSGʪxoIфXW{UJa'ؒOBVl/rCOp 2TX-UQ6ͭ=<ɔFBTxD6!2c#MQSB>-Huډ:!#ұ_;8\׀VÏ`gΉ↜ms;>a{oDȭ|lEH:}a8oȮ0?Y!Pn63 Ƀd+Ü}T|rCJc*(WdD|+3`kv`mtqDʗL@">[*orP[D7*Nh * U R2}{|1 qc2\4  21?i~vm(o2q8uR&]PvIdH8x,튠#N[mŋwۀJD]Q;?,N^CF[8KF[Q S,@ YQ޿QVcZH(> [+  DePUv@ujϺ98\).s[eS!POD-3EFCUTo]fٮ3R>+LnB*Oo DeE\1ѯ.<$R6 ?M5Ze.n -~X50x żSc{ŸLLq_$*BI6pW"XɆBg)+J zTשRIZ<hTʚ'[T^1 KKAGgJP\|7K;G'tM咏yT@E%G*񥑳g6/*RA]ߋn[-9v{Jy+4LOw% 10dxFi#kV^f<iӽPN,;.;)|sj^wi"H¯y:3 |-+RgypN˪ޥx 4EbD4 g>gA_ӿg1\TK NmH.{sϕ9)8,i\5/) w&Pp,L i@|Qϓ0"7sۮ3\o<-m תrm{Eucqs0u›Փq?rtsEI71 (Y4!32fɡBy2I +Џq9Wͯ[OF0SL}-9Bc:ՈsoɌ77V9 LP-Ϭ4&/ ̓*Lʔ_+%ˁ7=gb1[;ۈ2Bp u``eϖ M$+U5]`O՗؜yNJTI/ޥsX/#MVm1,uE|ŪvcOkĎ @e7w~AjxOpP: Qʄ*Fv.Ֆ܎UV"[I y~u[-avگ+ 78\Vtضe8)50Qn~2ntp8%ZlzR½.OmK7H6`b74]ULm W;aflS pL`r+֮L(g0vx[ۀ^`BaH 4n= f($߭R)ߪ><fHE#x)H'vvۋԚ† wv9C}Ֆbf ;>w;qSk@Sn?U@@QPKz8H8._0huim_L)KND b7ɇvz2^|G> ^3}@*Q}z-4:d%16m] JǝĻ/x3ZvwwjTJg_z,&7pHj]90zt;pҺ<%XX4%* $8cA쪷ʴvJs:,~Y `b\{8Ҵf_i>d +7 d1HD$CK!xFF%YF46+N/y:)=K=ujK6b]*}>J؟^t'y_Dzp(xoDX˒wzL;x$8BOqyU\I?֢!_I' 3 6z)QT7u$豯Mn gGzj Dž[43@3p|XcЯ{\Ѩe[}G2K%b2ki捺*^mfV.C! $R'\O+!aLJEGyi9#~/9KSS:/ިcqyU5a.;OC»Ά3axА$M]0?Q'L^+[ 8@r~^ OT<-h(,4V0jhEkHQIF!h Dd۞HpSHـiba0eU'piˢYj d#r|4?+' Q꿌wX`GLNLTJ,(2u+W[7 ,K+uWw)qW3x٤p3i_TśWi&՟("è0@8\f>՘}QIje# +$ƔR$8B7~OkznF-U;~i~} ~mWFMiU/@Ê; y]TڠnJOK9;=xz3 C-X.945,GDYewi~Ӧlj—HR܅Xz-nF&`^i+26Aq؀32hG _Jqٷ_cYA95 H Ҋi0ql'S {H4k̒"idjgYolgng)Z3#i.Ƹ $ؒȷ]Aß, >B>Ben$GGw,-u 8ښ94/%\Yg9:PAy8l*MP圫+,Qيlx`iwNhdLmBhk6D@304Ik (ۚK,b.Ά8KiJi<W lwt@}V2LC+4 6lL:# ~f_xD>sѐ n.CbCOB#Wa$5鈫 MF: PXn]9hdgߟg'.*nV}s:| q߂6x7 1AuPoZ@]@Wu n-?d"ɠ3vroZh+W t{`ul3bqgi$BDh!9.CD'Xp؝ y }Z {VmMb8ӕXi>"`TKXތIDi,JdOoCIuIK 0Ŧ]_Fp/ uA1- 33)^YlBX@=R.GP bXe^8 Acgfi#vpc _[O&~ l tn K7}KȉD>>= fz\.ءቻ@RdIW>Id!}$ x~I-Vk>x qj)p%C#4"If$`kG۝.UY1kgFWeZWK1 %wdFdnQߔ1lO-T1t}uJЧA(eĠ.ap1M|LiD䥆Y`eǤsdJVJE!fgXBޟ-\>Dӊlj.?̡~7$~ۆ{M(Ansmk a 7v3[IAfK`P3|Zrm8P|cѰSsH9*78xpwv+B=ڇ"S|=9iټ6|,[0qp4m`H8,Ap$I~ (Vu'ƌRLk!MtЍ^hmE=)TTV$h>`hIwd1TS z q/]7QT-;Y+PegL~Q!JcozQ  3P>S}z2~hMquZBe_+LrShR Fu?=1MSZ{h;1m_ T1 VE*)j u1vzXսFz%Z%hоmo)o1/U!y[OwVl m+P7Bio] XFNmȉQJNOe@ ͧ3 'X`V,F3?)CD YJP3\*%(9!z:Fz "A 1s1u-WDzAnb;]9|fghI4{R $ڀ|h ȍ괦fɍ?Y)*8ծp:xŀ 0WJon7 dfۗs>$'Ԓ8AڝP e^BWހ;$hė.$L6>95dC<5GR`fZRu8j5N^ͱʺəfQ|.,T\dwo[v._a#Tޢ YѬea"3"zO]6mم.$w#1uǗ~+/+ԉiJvG ޲0Zͷ[q~[SJ`6!qTڗ0*Zbg?,ǯ/Ke:*oE1;zgQZ@8|S&yLh|/ \le iC+(Cu'K$](@R?~IX};ӱ$,J{Tu'^!b6IHZ¸i=&v&P=Y8*;tcE;TPw.ZA>ԾSigq/Q椝bX9T1霸+s}C9p@jzؼxV-\$Yd1 qshbaxK dXd'CRW]17\UON끄07اҥJ tyߛ]㹉K8 ouc)(@O\p޽l<_:#cwO  D6Z7jŌ\ESP0IvLȾ?As@PFGaӅ,>Wy~u͎A51TKOLBL1<*|p#Oo~ Ӏ Mb*nTA!q Xt PȏxIT:Y_bxeJ7#vE`|a"֬)/O ʜF0`$?Q}6` /gq0s%!&f(GKe-bSM8nHz >^=ZSEc@Dl*% UCnCIn[XDԎB.1N(1 Q``13pa0  d.:sarhYF:goڹM)Mj|ΣиgDy∅jX̃0%ĥϞT8u 8-+:9XQֹ*+9 >'-QnU.Sbz"@Pxj#d5c'I!?luvT#? 1ɾ@6z`@ z{WNKAsNoa=tu?.0J}8Tj錠'|1?{mdqegkg־j#|\I䊮_PlCo~ NWڔk;!8e6ߏ:o 1ЧOь+4!K#A󋀓Am0h xi-\RR7Xdg IΏ /`yބ~VBc I8ΖZ+9;n?3Yh!4m[GH9?6@V4y6?c #YAhBO%|m7&b4f %,` 7?@V-s&,6?qRX͇B&␛JiX lY l{DM%sc:!t&>E9zW[< wY\{j^<޵O<8+#XcbE,oILH0`p0U? nӥPХt*у5㵏%NIYaqh.LO)k_h.g@Ӓl%oa23/v"ZrWlww7v m2 R5 u tJ?p4cZV'hO'L2}! r{0s 7Z6t0qH6/~m挠C7Z/ZVEoEǼnkIM6Rzܹ0Nݗ^{>l ^8· GNZѼ ֫D_c~&1xL,UdLu2yO5od / =[|BTV?5?`xzcx8К4|G24e쩊mQƢdGhī+_h^:w&SⵥM DF?zK^cȎ qwאkOg)G* .* =iY}ֈ%wF1Euy%ݞs{CÍЕl\ں~9RQ:s{*:JW[AN823% $;{B 8<5ʹ]&'p~`mxbwPJ7 ]k,ۇR;%MQ~HѷES8ԠC!ժI{X z͕l&lXuCdZ;h:|hR]D:V(*<sY;(~uъRB#?W#f~AKΆcALm Z(3,ѮkЧH uv<s-JyI٧._MdY}a\pT s|[}pmS3Vxit|4H75vΰ3@ĵ8sW('oܩ_~'`_+k@yu2sk}vt`֠reQyYm2nHPXN/Yh>q0=ht(g;3A`sKYPD!b_qrIՅZ1`eM$r.'J5|R]@]- ˟[}rv|T#ppwxl4w3@񆷯q^ggNH&| [lG aD~35*7hokBӳWQw3Ny6M5b ٜt} ͼ~raf.f29ֵYZ D*1Ik*+rKcT Un;kfW>faLhZ΁N駄vBIuL[xM|ya0G!V5VQOۚEE 7'[ꎁk} /@:)X:*OV`gv'Q&|0 Q6ĞLzJ2iⰡ*z7[H#p:/CsJn>YI<`a'XM)Wml 862'SXc1lY+Ӵ]q9>6-~y : m ^ d fHr1;o=3˜YZ&~ Igsc2-@vfz>6Kc)|;]9ST%g "OFG=*Ad?V$Hߐcta_ x^r^K!8XbMus $dC<끜SE?ۗBe Qj}c8 )H}-LSFsA9 bQF2"9hT索~;2,lƒr~|Oli[ TZdqB=ceXNG94"|gvfۀuMBHm$:4FA7 {&׌eon2{.n.ЙpVw+9OIjGNPӸw>]J5;ٹry#>}Z;ralus 0Xr#E=˒jrd7]% ֢@2?l/tr-e%f7:H#K!9i L817 #_8io)`Vo3n{)N3iK?Ӓŭ2I $MK*A EYN CHS']V#-ɪYKԾURJYDgWLil\|1~K(;i! 6GwrUQ+*8_; "dㆬ2r. 0x'ZEWҭ6`5N^ձyJht@565afwفRW}7l-|?kGFc9m 𘍕mYMm:6G3ɺ(vrEtI_M7==b\C/}ɀT0~gַbݻ/UolHaaʌH|.CWSc|1S,.EjhSn7 )Je00G4lVa0ƍ,=7r__y2"K<{_J`*Zۍ; A+A2ss%xEtWB 7mu_2?zEXOvAHt6^}ـk9pZGT9ih dnzEw-L=?PS+؁pNm8vAHDQm6lh>O%:wIol-7ԓaY'Pī4Ypܙ2{@KXӐ>?ѭhhd>y(x$ FEs@D9Z6.[p h]ЍJ^kjzK*M/CI%[Mg:DZg+KNoet/{UUg+._rH yP#v~n5eeg9K6b׍K6DA6S,4?Mw.ҳh68)3-kܺwQylW&^>|FI/6zmpB gFh5rSRCеIoDe%QAJm[h L$*vƣ_BLX!撍b\.aHy*[ˠ\B*JEDPpN?0h}ڢm3D=PH50ֿx}Xt~yFD?(wl. nN)Jy+eƬ <bQfn:RB ǡE$8LIj̕|nzzUӨroڍ&9dfpλT 7z砉n3tW;IZÎ "ae4xb[@5?4>8>Rh+26[Sh h!ݒ=<%[[yO֙͢goŷyNnT7jri`\-,BS=ͽK†,}eSv$ۭՁ R#=Hjz#VшKd'f? ;a> j|0f/^<<]UnwzѤ}s;a61[abjᚈ] 8m9>,ӄ;EYM\E9/uwW8N&q،Ŏ'VbKBW\ljB17+q$a lژV#Oba:#:`Ua6Hb,#2 b J|TГS8YGγ{@erEjBnq΀)髤+& D&%r(U*Ef>Aj)7M鱪0%0+V&+aY\8Xs D稀QR/g{%f3]U"SfYzˍʛKZA/Bi5<-*#0 UK|އ+=n-{Ey?zP8fމLn:!# %EѢHҠ@3BĖnkȋ,.F#Y蹚ff-5(FBّPtZywU. b?>Oq!/8ϦD~aKc&RE)Oymz%"džsS+sdBL3P;U%lJ͋c \mPpPQ2$\acrJ蒃fV*N *hByc~Zc{-G&R\9c9Z1w6Q>Br rڍU}V,/?ؐe:9.e} w CH%Kpb-X]H `c?&fByFkZi !w&xFlLH7Fhd`>>v6CœD'1ԼOxTD &N*ΰ=e!3u A3fB>6Okk=kֆB2ol*8rD@E"l7 Zl0e :\H1x#SQ|lu/]O0 w.+KV4[Vb(:"1зYBدf7W3}mІjX-fI0_Vݵss zAbWYӹ Y8()voRjY=䧸)zMS C n 7.h^B `8MÄAc3"=N.ǝ*J_, R #6.`vՖc.Tf's%PR3*`wԤhW7p4unBWspޙ).[!"*idXhWCg˒zP/h$C~ـnDT%U%mu: pN:޻;fYs ~">Q%|*7)S^x}7$BS&XNNՔ ݑrfF_95lP%:s|ѵȨa47;r#)<0ϑs+i#w4PN"Bx>w 4r%9Z!M 6k /ͨ]855:)8Qɂ`g1qVwl e혁#_,q*\K7N ڽ#ɗZ_HmRv^9;ݳBh<^f6ԇƁAF1)k:{CSٮTѓ=<:j3ɧe>˛%(8/Z|?)< Ryqn0°`Άz9 FLCDtIU&G= g*xeiP Q>}D̕F¼Thi_fs" im3uqHUD*+S9,Ř[2yR'bpNx/)Ln# 8A1  8PR\;fPC8VOʯL }KXwx_}h \4l!᥮bmD%iw-3ԃyz0&判Gw|0]5.'-;_Y[{ԩi/EKԄo"ݩyˣ*d( Cc y颍`"1uƶĬRA~+þLhge?,P"@5 gQ(EPhM +iT5l !$>˹ۢ$D8s&OR LO!Pvr$jXÊy""弘lfr@+u oSi^ !{!xo(=XI48ʑMS[սb/ԋk+yri+:& 7Sö4uKpj m%v_Q\雳GXy OfDpU`9q-KQ+E ,3!sC6a`T&dxUNJKwG΢ᶯU|X# Qb|Gt qi דhºrǵ Fޠ2ZPnih[!Z(<7rԙv|H6hgͻ=‰L'H.Nj.|+B3kL!T1jqFR֙d˲?H_rgKFN~$=^\@$n<1t[+7_m\2[lۭ@`X7gx3y,Fq~jl%'7'>A.믄A&2A[P`tXhA j+]-"g*Hg1}eIN\%k)J_VB<vsNxZ 1jpjTI O]Tļ 1|gUVaDס~{5\U;B+;xrfV~ z39giIa  x_ YZ