openldap2-contrib-2.4.46-9.56.1 >  A `p9|gTz#YgT 5i7$p?~?7/HZ?L{Dd>V* KGp7wg!/T{% ѷc;l%jW>b Uyr*we)^_/½zz&_H;w>I< ˂߱nc`~MO E3[H`ai N%L"ö*i#qw />[ǾSF"67fe3c7c34098b15c9625b17c71d919e321f820894a546e092db8362b5653296bd8a3a204e9275a34aa177aea6c3e264644776c1 `p9|)p\ bܔߋCѤa.#aHV6p]%a p^KiGA`eS;;蘆Ӗ/HGJ8)Y.HhnQJĉ)%$vwվOm VX%C-԰Ql<[Gq͈_v+5tnOW tD[Dgt)b=\s2P:c gMoD`dD|7֡mE >p>t?td " ;DHPTm 44 04 4 h4  4  4444  N (x889`8:m8FbGb4Hcx4IdH4Xd|Yd\d4]e4^hXbhmcidieifiliui4vjwq4xr4ys`;ztLt\t`tftCopenldap2-contrib2.4.469.56.1OpenLDAP Contrib ModulesVarious overlays found in contrib/: addpartial Intercepts ADD requests, applies changes to existing entries allop allowed Generates attributes indicating access rights autogroup cloak denyop lastbind writes last bind timestamp to entry noopsrch handles no-op search control nops pw-sha2 generates/validates SHA-2 password hashes pw-pbkdf2 generates/validates PBKDF2 password hashes smbk5pwd generates Samba3 password hashes (heimdal krb disabled) trace traces overlay invocation`sheep23SUSE Linux Enterprise 15SUSE LLC OLDAP-2.8https://www.suse.com/Productivity/Networking/LDAP/Servershttp://www.openldap.orglinuxx86_64(hp(h~8p)w(8)(Xi (8(~H;Hp( 큤큤큤큤큤큤큤큤큤큤큤큤````````````````````````````````````````````````````a29e90de58f7fc18fbe7962fcfbe5add2fdd3c85fe715a1d6639551f37d3936e131823d0945bf91290b48681ace45aa075e0fabe30cfdef74e7b71fbb9c55d623fc29e4e717f3fa44236e6b004246cbfb579d2bb816398755e4a071ede5d40ac815a92e303d83dee5ecb402c1ae7a926757e5be2d04f0cf494108630c22a02072f61a1ff922f16618fe8becd68d62b51badb81a6f266f384e566bed25b3c920a665ca79accc1a80fcd1055fd777ac1a7948d3d0788c7e446e31de9ec776f32713592f976ca689d85c457aaec0f6af293783d07c3304f5421f3a8428416b1dbd6476630e523e17471065dccbcb260b65afde8a01fb143f34dceaf64351fdf5936e084b9ff54510aea552ca6661b6d9f36a00ae11a6d01401bb0ebaa0572f1606a1592e369b05f2f97619deeb7db84d4a68d58b38152fa444c51a46680dbcd49cdb13a9dcc49ef2f54f573378a09b32679cfd6b5a6ffd009998a6dea39888d4f615a14afb23c584c2e25c86233bb08ae98c9f7cd1ddabb49143d2a0df27ee4cd77ff5303bcc6b5d36b7f6e7fa20481975e2b7fff375bab602290db5c7f796534e6eb61aa301d83e1cb6a3b092f0f95baa034be2d0fcf061cf71530ecc7c016be826c7788713fdec6736ebadd99e17c817dc807dea3fceabdbf0cd7b17865ed827e38d642f5131e9f6bbaffd96373b6ec718f326ac4bb767a14b7e46cd4c5755af5d1d040e86ccb662118e9ddc449b0dde6f55fe1052a313730ff351787156706ae8099af1f80f71731628eda6551de1223fafb78da8c715cc15830b4d2cdc03e1f9cf9cb1bab260523d73902e3d57aac9129137d2e6f6ebe792ad2b2b62b0b37251c6292c8cdc7ba7a90d60d70703d9c4cad1bcd9b1be98a9b441fee9ff9ff46131b0b9927dd05e1b0fa4d17885adf92d2de83287ca6445027f08531867c265cc9444c67c89c0ae752396c33969c2dfbba2d68c9bc114291a0cbe6cd7904b424a08fa7c296b29698018f89f2bab899d100df95c2080ca2c3fd5b7d738926382e78abc7998fa317b9bbecbcf8c9a9522adbbbe0589efc4ca613fcf3f4f7631861d356bd132fa0c0a1323f07e24fc2916523838aab85e43703a44abfda0eb2afd08190b29f6c00877e5bf372d518a0d578688ead42c5456641865fddf7a0f0cd2c8eaddpartial.so.0.0.0addpartial.so.0.0.0allop.so.0.0.0allop.so.0.0.0allowed.so.0.0.0allowed.so.0.0.0autogroup.so.0.0.0autogroup.so.0.0.0cloak.so.0.0.0cloak.so.0.0.0denyop.so.0.0.0denyop.so.0.0.0lastbind.so.0.0.0lastbind.so.0.0.0noopsrch.so.0.0.0noopsrch.so.0.0.0nops.so.0.0.0nops.so.0.0.0pw-pbkdf2.so.0.0.0pw-pbkdf2.so.0.0.0pw-sha2.so.0.0.0pw-sha2.so.0.0.0smbk5pwd.so.0.0.0smbk5pwd.so.0.0.0trace.so.0.0.0trace.so.0.0.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenldap2-2.4.46-9.56.1.src.rpmlibtool(/usr/lib64/openldap/addpartial.la)libtool(/usr/lib64/openldap/allop.la)libtool(/usr/lib64/openldap/allowed.la)libtool(/usr/lib64/openldap/autogroup.la)libtool(/usr/lib64/openldap/cloak.la)libtool(/usr/lib64/openldap/denyop.la)libtool(/usr/lib64/openldap/lastbind.la)libtool(/usr/lib64/openldap/noopsrch.la)libtool(/usr/lib64/openldap/nops.la)libtool(/usr/lib64/openldap/pw-pbkdf2.la)libtool(/usr/lib64/openldap/pw-sha2.la)libtool(/usr/lib64/openldap/smbk5pwd.la)libtool(/usr/lib64/openldap/trace.la)openldap2-contribopenldap2-contrib(x86-64)@@@@@@@    libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)liblber-2.4.so.2()(64bit)libldap_r-2.4.so.2()(64bit)openldap2rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.4.463.0.4-14.6.0-14.0-15.2-14.14.1``KW`/@`+_@_@_/@_FN_?@^^^*@]B@\ڭ\r@[H[@[vZ@Za@Z@ZZ.s@Z@Y*@Y*@Y@Y@YYp@Yf@Y7Y6@X@X7@X$a@XWk@WbW;VVɦVŲ@VŲ@V@V@V@V@Vf@V^@V\:@V@V @U4@T@Tuwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comvarkoly@suse.comvarkoly@suse.comckowalczyk@suse.comckowalczyk@suse.comzsolt.kalmar@suse.comzsolt.kalmar@suse.commichael@stroeder.comfvogt@suse.commichael@stroeder.comrbrown@suse.comjengelh@inai.demrueckert@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.comhguo@suse.comhguo@suse.comjengelh@inai.dekukuk@suse.comhguo@suse.comhguo@suse.comjengelh@inai.dehguo@suse.comhguo@suse.comhguo@suse.comjengelh@inai.dehguo@suse.comlmuelle@suse.comhguo@suse.commpluskal@suse.commichael@stroeder.comhguo@suse.commichael@stroeder.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comrguenther@suse.comjengelh@inai.de- bsc#1187210 - Resolve bug in the idle / connection TTL timeout implementation in OpenLDAP. * 0231-ITS-9468-Added-test-case-for-proxy-re-binding-anonym.patch * 0232-ITS-9468-back-ldap-Return-disconect-if-rebind-cannot.patch * 0233-ITS-9468-removed-accidental-unicode-characters.patch * 0234-ITS-9468-documented-that-re-connecting-does-not-happ.patch * 0235-ITS-9468-summarize-discussion-about-rebind-as-user.patch * 0236-ITS-9468-fixed-typos.patch * 0237-ITS-9468-always-init-lc_time-and-lc_create_time.patch * 0238-ITS-9468-do-not-arm-expire-timer-for-connections-tha.patch- bsc#1182791 - improve proxy connection timout options to correctly prune connections. * 0225-ITS-8625-Separate-Avlnode-and-TAvlnode-types.patch * 0226-ITS-9197-back-ldap-added-task-that-prunes-expired-co.patch * 0227-ITS-9197-Increase-timeouts-in-test-case-due-to-spora.patch * 0228-ITS-9197-fix-typo-in-prev-commit.patch * 0229-ITS-9197-Fix-test-script.patch * 0230-ITS-9197-fix-info-msg-for-slapd-check.patch- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. * 0220-ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. * 0222-ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. * 0223-ITS-9427-fix-issuerAndThisUpdateCheck.patch - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. * 0224-ITS-9428-fix-cancel-exop.patch - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0218-ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0217-ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch * 0216-ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0219-ITS-9413-fix-slap_parse_user.patch - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. * 0213-ITS-9406-9407-remove-saslauthz-asserts.patch * 0214-ITS-9406-fix-debug-msg.patch - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). * 0212-ITS-9404-fix-serialNumberAndIssuerCheck.patch * 0221-ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). * 0215-ITS-9408-fix-vrfilter-double-free.patch- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. * patch: 0211-ITS-9454-fix-issuerAndThisUpdateCheck.patch- bsc#1178909 CVE-2020-25709 CVE-2020-25710 - Resolves two issues where openldap would crash due to malformed inputs. * patch: 0209-ITS-9383-remove-assert-in-certificateListValidate.patch * patch: 0210-ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch- bsc#1179503 - fix proxy retry binds to a remote server * patch: 0208-ITS-9400-back-ldap-fix-retry-binds.patch- bsc#1178387 (CVE-2020-25692) - unauthenticated remote denial of service due to incorrect validation of modrdn equality rules. * patch: 0207-ITS-9370-check-for-equality-rule-on-old_rdn.patch- bsc#1175568 CVE-2020-8027 openldap_update_modules_path.sh has a number of issues in it's design that lead to security issues. This file has been removed, from the package, and the %post execution of the install. The function is replaced by /usr/sbin/slapd-ldif-update-crc and /usr/lib/openldap/fixup-modulepath, through the addition of the source files: * fixup-modulepath.sh * slapd-ldif-update-crc.sh * update-crc.sh- bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. * 0206-openldap-tlso-use-openssl-api-to-verify-host.patch- bsc#1172704 - Change DB_CONFIG to root:ldap permissions. - bsc#1172698 (CVE-2020-8023) - local priv esc via start script chown -R on olcdbdirectory path. Remove chown -R on start to resolve.- bsc#1170771 (CVE-2020-12243) - recursive filters may crash server * patch: 0205-bsc-1170771-limit-depth-of-nested-filters.patch- bsc#1158921 libldap-data should be requires, not recommends to help prevent user confusion around configuration ownership.- bsc#1143194 (CVE-2019-13565) - ssf memory reuse leads to incorrect authorisation of another connection, granting excess connection rights (ssf). * patch: 0201-ITS-9052-zero-out-sasl_ssf-in-connection_init.patch - bsc#1143273 (CVE-2019-13057) - rootDN of a backend may proxyauth incorrectly to another backend, violating multi-tenant isolation. * patch: 0202-ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch * patch: 0203-ITS-9038-Update-test028-to-test-this-is-enforced.patch * patch: 0204-ITS-9038-Another-test028-typo.patch- bsc#1111388 - incorrect post script call causes tmpfiles create not to be run.- bsc#1114845 - broken shebang line in openldap_update_modules_path.sh - fix the script- Emergency fix: move tmpfiles_create post from the library package to the main package's post script, which ships the tmpfiles.d configuration. Fixes the post script of the library (-p /sbin/ldconfig does not allow more statements in the script). - bsc#1111388 openldap and /var/lib/ldap/DB_CONFIG* (transactional-update) * source: openldap2.conf - Added a patch to let slapd return the uniqueness check filter used before constraint violation to the client. Fixed broken memory handling in affecting error response of slapo-unique ITS#8866 slapo-unique to return filter used in diagnostic message * patch: 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch - Don't require systemd explicit, spec file can handle both cases correct and in containers we don't have systemd.- Fix CVE-2017-17740: when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack * patch: 0017-Fix-segfault-in-nops.patch (bsc#1073313)- Fix slapd segfaults in mdb_env_reader_dest with patch 0016-Clear-shared-key-only-in-close-function.patch (bsc#1089640)- bsc#1085064 Packaging issues have been discovered around the openldap_update_modules_path.sh which has been corrected: - the spec file was wrongly configured, therefore the script has never been called - the script should create the symlinks first, as slapcat is useless on a system which is already affected.- bsc#1085064 Add script "openldap_update_modules_path.sh" which which removes the configuration item olcModulePath in cn=config which is after upgrade from SLE12 to SLE15 holds inappropriate information. If the cn=config is being used on a system, the conflicting items in slapd.conf are ignored, despite of it, the backend DB configuration section has been also commented out in the default slapd.conf. In case of correct cn=config (the olcModulePath has been already removed), the script stops without touching anything.- Upgrade to upstream 2.4.46 release - removed obsolete back-port patches: * 0013-ITS-8692-let-back-sock-generate-increment-line.patch * 0016-ITS-8782-fix-cancel-memleak.patch OpenLDAP 2.4.46 Release (2018/03/22) Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717) Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373) Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687) Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791) Fixed libldap MozNSS CA certificate hash matching (ITS#7374) Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389) Fixed libldap MozNSS initialization (ITS#8484) Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650) Fixed libldap memory leak with cancel operations (ITS#8782) Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705) Fixed slapd to maintain SSF across SASL binds (ITS#8796) Fixed slapd syncrepl deadlock when updating cookie (ITS#8752) Fixed slapd syncrepl callback to always be last in the stack (ITS#8752) Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778) Fixed slapd CSN queue processing (ITS#8801) Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720) Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520) Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226) Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404) Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692) Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752) Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100) Fixed slapo-syncprov memory leak with delete operations (ITS#8690) Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444) Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100) Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607) Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800) Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486) Build Environment Fixed Windows build with newer MINGW version (ITS#8697) Fixed compiler warnings and removed unused variables (ITS#8578) Contrib Fixed ldapc++ Control structure (ITS#8583) Documentation Delete stub manpage for back-ldbm (ITS#8713) Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121) Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818) Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715) Fixed slapo-syncprov(5) indexing requirements (ITS#5048)- Use %license (boo#1082318)- added 0016-ITS-8782-fix-cancel-memleak.patch- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Add openldap-r-only.dif so that openldap2's own tools also link against libldap_r rather than libldap. - Make libldap equivalent to libldap_r (like Debian) to avoid crashes in threaded programs which unknowingly get both libraries inserted into their process image. [rh#1370065, boo#996551]- use existing groups instead of inventing new ones- added 0012-ITS8051-sockdnpat.patch- updated 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch- Added OpenLDAP new feature implementing OpenLDAP ITS#8714 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch- added overlay trace to package openldap2-contrib- Upgrade to upstream 2.4.45 release - removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch and 0012-use-system-wide-cert-dir-by-default.patch - added 0013-ITS-8692-let-back-sock-generate-increment-line.patch for supporting modify increment operations with back-sock - added overlay addpartial to package openldap2-contrib- Remove legacy daemon control that was used to migrate from SLE 11 to 12. (bsc#1038405)- There is no change made about the package itself, this is only copying over some changelog texts from SLE package: - bug#976172 owned by hguo@suse.com: openldap2 - missing /usr/share/doc/packages/openldap2/guide/admin/guide.html - bug#916914 owned by varkoly@suse.com: VUL-0: CVE-2015-1546: openldap2: slapd crash in valueReturnFilter cleanup - [fate#319300](https://fate.suse.com/319300) - [CVE-2015-1545](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545) - bug#905959 owned by hguo@suse.com: L3-Question: Are multiple "Connection 0" in a Multi Master setup normal ? - [CVE-2015-1546](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546) - bug#916897 owned by varkoly@suse.com: VUL-0: CVE-2015-1545: openldap2: slapd crashes on search with deref control and empty attr list- Drop binutils requirement; the code using /usr/bin/strings has been dropped in openSUSE:Factory/openldap2 revision 112.- Remove superfluous insserv PreReq.- Introduce patch 0012-use-system-wide-cert-dir-by-default.patch to let OpenLDAP read system wide certificate directory by default and avoid hiding the error if user specified CA location cannot be read (bsc#1009470).- Add more details in the comments of slapd.conf concerning file permission and StartTLS capability.- Test for user/group existence before trying to add them. Summary spello update.- Move schema files into tarball addonschema.tar.gz: ldapns.ldif ldapns.schema rfc2307bis.ldif rfc2307bis.schema yast.ldif yast.schema - Package previously missing schema files in LDIF format: amavisd-new.ldif dhcp.ldif dlz.ldif dnszone.ldif samba3.ldif sudo.ldif suse-mailserver.ldif (bsc#984691) - Fix a minor issue in schema2ldif script that led to missing attribute in the generated LDIF.- Enable build flag LDAP_USE_NON_BLOCKING_TLS to fix bsc#978408.- Move ldap.conf into libldap-data package, per convention.- Move ldap.conf out of shlib package again, they are not allowed there for obvious reasons (conflict with future package).- Build password strength enforcer as an implementation of ppolicy password checker, introducing: ppolicy-check-password-1.2.tar.gz ppolicy-check-password.Makefile ppolicy-check-password.conf ppolicy-check-password.5 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch (Implements fate#319461)- Remove redundant -n openldap2- package name prefix.- Remove openldap2-client.spec and openldap2-client.changes openldap2.spec now builds client utilities and libraries. Thus pre_checkin.sh is removed. - Move ldap.conf and its manual page from openldap2-client package to libldap-2_4-2 package, which is more appropriate. - Use RPM_OPT_FLAGS in build flags. - Macros dealing with old/unsupported distributions are removed. - Remove 0002-slapd.conf.dif and install improved slapd.conf from new source file slapd.conf. - Install slapd.conf.olctemplate to assist in preparing slapd.d for OLC. - Be explicit in sysconfig that by default openldap will use static file configuration. - Add the following schemas in LDIF format: * rfc2307bis.ldif * ldapns.ldif * yast.ldif - Other minor clean-ups in the spec file.- Use optflags when building- Upgrade to upstream 2.4.44 release with accumulated bug fixes. - Specify source with FTP URL - Removed obsolete 0012-openldap-re24-its8336.patch- Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch into 0010-Enforce-minimum-DH-size-of-1024.patch- Upgrade to upstream 2.4.43 release with accumulated bug fixes. - Still build on SLES12 - Loadable backend and overlay modules are now installed into arch-specific path %{_libdir}/openldap - All backends and overlays as modules for smaller memory footprint on memory constrained systems - Added extra package for back-sock - Consequent use of %{_rundir} everywhere - Rely on upstream ./configure script instead of any other macro foo - Dropped linking with libwrap - Dropped 0004-libldap-use-gethostbyname_r.dif because this work-around for nss_ldap is obsolete - New sub-package openldap2-contrib with selected contrib/ overlays - Replaced addonschema.tar.gz with separate schema sources - Updated ldapns.schema from recent slapo-nssov source tree - Added symbolic link to slapd executable in /usr/sbin/ - Added more complex example configuration file /etc/openldap/slapd.conf.example - Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap - Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap - Added patch for OpenLDAP ITS#7796 to avoid excessive "not index" logging: 0011-openldap-re24-its7796.patch - Replaced openldap-rc.tgz with single source files - Added soft dependency (Recommends) to cyrus-sasl - Added soft dependency (Recommends) to cyrus-sasl-devel to openldap2-devel - Added patch for OpenLDAP ITS#8336 (assert in liblmdb): 0012-openldap-re24-its8336.patch - Remove obsolete patch 0001-build-adjustments.dif- Introduce patch 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch to fix CVE-2015-6908. (bsc#945582) - Introduce patch 0011-Enforce-minimum-DH-size-of-1024.patch to address weak DH size vulnerability (bsc#937766)- Introduce patch 0009-Fix-ldap-host-lookup-ipv6.patch to fix an issue with unresponsive LDAP host lookups in IPv6 environment. (bsc#955210)- Remove OpenLDAP 2.3 code and patches from build source. Compatibility libraries for OpenLDAP 2.3 are built in package: compat-libldap-2_3-0 Removed source files: openldap-2.3.37-liblber-length-decoding.dif openldap-2.3.37-libldap-ntlm.diff openldap-2.3.37-libldap-ssl.dif openldap-2.3.37-libldap-sasl-max-buff-size.dif openldap-2.3.37-libldap-tls_chkhost-its6239.dif openldap-2.3.37-libldap-gethostbyname_r.dif openldap-2.3.37-libldap-suid.diff openldap-2.3.37.dif openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif openldap-2.3.37-libldap-ldapi_url.dif openldap-2.3.37.tgz openldap-2.3.37-libldap-utf8-ADcanonical.dif README.update check-build.sh- Upgrade to upstream 2.4.42 release with accumulated bug fixes.- Upgrade to upstream 2.4.41 release with accumulcated bug fixes and stability improvements. * Add patch 0008-In-monitor-backend-do-not-return-Connection0-entries.patch * Remove already applied patch 0008-ITS-7723-fix-reference-counting.patch * Remove already applied patch 0009-gcc5.patch (Implements fate#319301)- Add 0009-gcc5.patch to pass -P to the preprocessor in configure checks for Berkeley DB version- binutils is required for "strings" utility invocation in %pre [bnc#904028] - Remove SLE10 definitionssheep23 1624440226  !"#$%&'()*+,-./012342.4.46-9.56.12.4.46-9.56.1addpartial.laaddpartial.soaddpartial.so.0addpartial.so.0.0.0allop.laallop.soallop.so.0allop.so.0.0.0allowed.laallowed.soallowed.so.0allowed.so.0.0.0autogroup.laautogroup.soautogroup.so.0autogroup.so.0.0.0cloak.lacloak.socloak.so.0cloak.so.0.0.0denyop.ladenyop.sodenyop.so.0denyop.so.0.0.0lastbind.lalastbind.solastbind.so.0lastbind.so.0.0.0noopsrch.lanoopsrch.sonoopsrch.so.0noopsrch.so.0.0.0nops.lanops.sonops.so.0nops.so.0.0.0pw-pbkdf2.lapw-pbkdf2.sopw-pbkdf2.so.0pw-pbkdf2.so.0.0.0pw-sha2.lapw-sha2.sopw-sha2.so.0pw-sha2.so.0.0.0smbk5pwd.lasmbk5pwd.sosmbk5pwd.so.0smbk5pwd.so.0.0.0trace.latrace.sotrace.so.0trace.so.0.0.0/usr/lib64/openldap/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:20172/SUSE_SLE-15_Update/b7ae1001d01277cac95dbc0f9100014d-openldap2.SUSE_SLE-15_Updatecpioxz5x86_64-suse-linux     libtool library fileELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ca7f89352d5409ab24a365cd1959bb979c28dac2, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=182539d8ccac570c2e7cba0b72c277831f2ac49e, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e6b3e71ce47ecd311ca686c56217133f5e8ef94d, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5f7fdb35ff681950b354873ded363371ccc3a1c6, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=0272fb961e433b96b35738e7619d291fddd79bec, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ebb27a36421bd7a2ac261bfe0cb5a690b756c026, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=f59182ae4a41a6fa9acc8e9beb659c6cfb6e0014, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=05e22033b45b748b66c4ee48103e9658ab4b01be, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=212f265bce1de3b1fc5fdfa896540dfee8d22d7c, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e54a4980389a835ede4b0d0aaeb20e54af66bc1d, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=c9fc230319bc232ce36d9f36c03b9d4da3643cd4, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d0a5cffe8b00bbf09f7d3b1a43f5bac2ce0b26b1, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d3454994d9ba18c8a588488c668420153cac230b, stripped "#&'+,0178PRRRPRRRRPRRRPRRRRPRRRPRRRPRRRPRRRPRRRP RRRRP RRRRP RRRRRRP RRRw\z/ݴ:폚ax]utf-8d5df7e13ff87eaf172f8a8f204827bd22f57941b6b00d35a5418f5ae1426d226? 7zXZ !t/Ǧ] crv(vX0Yny7~>$6DzG6:A(UDYrԵuE^CA)M3:J6ӷ|yCa8Qfu>uI֤I`FScM牅; /ZI@an,rj-׭[eK>4eJ/la.0m-@_jd %qamUak4窙8jG(L;&ڡ&\Ns]+"O`aѐS`u2Tf{m,XN{ua9mzu2Wh8łQƨ}ZDu)+&R8cԒOY+=% WL l7[w5ap07:#&T8嗍҉8Ճ7Ni19uP5Y5s$NO"4Axu]SwGDٔS y.$ 1AE[WK oM40Qjq !d_kb+e%7G?$Tl,nGoH P-C|VG(eujdġ3MY08;Bg/yo! >&|Ui$FHD"za3[opJ\R10X)eԓEO[ @yaPw֢Xqvv"to;h뗜$G7܌F 9%u%Y70,> Tl&V꛽k~^y#ʹW .E4Ia{uR*-÷s;c ?KUmP#x'9h KOPEl{t !%N\ʎx(cn UI @*,@-^!7gp"VƣF1xSe r$d3Up&Kef2Y]pp] AHa,=/Cm<1'6z6JĞk* 2ִ+h́*iiѩ =VJǺOɚ^~ltl~Ԯqs0+ 0?%I2tb R0"eRO2_x3p] ^_pkd:!8Dx+Bvy?rO\v A.1csD _Ϊ/&xICm]yQ1"`~z6Dg[ZtVD6' |AUGv:% ּXa xAY۫0AaEg$]Y#w8VZugrp/_M?J t"/ w VjU'!z5^ ED)gR@y+C_7?9z:>r:#V]NQM͟Pn~*ིT/h\c+xɖ o+ ipG:T) 0ee--#<4y(Rymվ%T&PHCy[Ĕ{"ąHlȼtJ;jWSՋXYú!0fa`ی0@St2;s8m 2I^fmW2|0wp&{Zb k`.F.wc-ZA;~ ]wM~DS54G\rm@`Jp43@ui7eq&@gZd'Vc Ǡ<ئ6={Kh2}d2)6u+_qW09`<76u' 7F7](Z" vB@D^c^aZ4*|;fRD:.$D{UsLGPxv' /;3XaF~y"E?~+my07Xb[iTYNfaW္)rsB ^"Kg=>|srԩ0 (uNVPZ5TQ8 Qmǟ{!<&i?JM6 H"=4GL_Sp/809MB ;'I}WRÉ$Dg?&Fuv’dw7hƨMAiU h#uPL-:<.93n3k{~:k7u!$1S]-"<)}vE]*%mE璉Qa%}Q4 G+{\OҒ#\%5e9G&dBM~G |-tx0YǍol$'KuJ~LxV^BxkFT;LR˯k"R{1Π-?)p ?PS)ZowZejX*w؎œL|kXlfd` It|>9d̩giؤ5` HeZg˪YEs1T4 BOTDdwPVyn xYF^ u\"^&F(x~^ФH7YoB3})gDO6AZIqI!ψ}"{Y"\4 pBhAzSz!S3bNK3 fzviC1 Oܛ3R;&1ʯB\P₍S[S?g[pRFe y&ҟg[< dMgQ1Hӝ{@fB-dqxpi!Nb$#{]hkW.D4CXda>;;څe4HE%2ܽ7H''>;>LTfbExeY'bUl ܌"y;|ǮOeǜ s"fnsǔ3={fIX# uLi]Q1pǧ.J\ ѩ2 ,긽wO>VGGꡨeZ7N;ZiU騛#HܱQEaĘ!I%_`GeU ]ʚI J8~yj.@[J %_M{Rb~㙔 N$_D]5w Ź<)BÕysased_?≲Χs{b3Y̙;,'lگmG 3CeDUncȁQVC۸l{^w 8> Er1x a}BZQA_; \5;+uT`$ %jx98VţC[dYA/c]T
hEt}iY.t҃#W{5 JtJۺp\S2p^40Cg #} JR8`v uNG taLGZoWݿVM:{*" Q՝@t;%J*:#m_`Ӑ7C43-{̊mɔmɓq[ G trh(gZALTFz~k7D-Mx:0xL3xUGno6a:V – yٽ0@1s~ps1 hYԊY6`C:rʝ ȸӒ?,( ƻ\slUvܘjbE~Eznkpz89BƤȽ'ՒIqi#ܵwpla!˃J N'L;h C\bXwsnoJBcp:oZbҊz@)}= ~xU~uT9Oqq>*LMV&(0=gqWWU< _'S-8R5 7WbA<4?*sCkl,: ۼ7u ̀DnNIV? O^-^H!DuP K퉳vqTz ]It0@ _Jج:Ns![ԯ[1i61?>e<[Z_I< cøDO"ٌҝ1*ۛo6yeBX|Ou:?[^0 a!X9lk$b*2QJY=MW$=c}e3lf$ >M 6-m/\sM4XUhsRkb`Mm4uL}?]xsp#+"'jF< ܱya`Lw.zI^-2(f} (P ?lG.ilj56DBc:y ~9}T̥Zsz'3ҐSzHRISI)g⋢1 k;gVe.uRƹ)V1n c Ǫr 0φrܕ|ۺq ֨8`MK5.%S}la% vp{6 {΋3;3Y f )G7E?+Ϡ_4[p[:%%6Rpպ)f-s[p.~(0eA9r~P=ɫ1/I(wl^88z.?]=.fϴ$ rH#J9&]Nx47Ԡ{mc#'w;C/_h!q2JNqHUqvca+ >WWp DOm6eb"܁<8YTp+S`Jˬz c)jkONXbj|}h8#^oq2oXf4Oo*I4LSRO^&2MuS=7 5ykyhhقbuIžx>l_$K^rՠ|Of( M _>)趸|[fl)qbR_*3\1U#Q+3DWXE=,IízV^tK u(RpcW{7D׉֋8Eλ9 V[ĥNF. Le8dg-G'9& Z?"2ji-> ˋz &44F:m_`:,@LyrҮ E!Va p898N17RbBxO"DzM:%WjVL)M[ VxѾ鑠&(oj@SXDb8\ygD DR[-h.xf]&5kuo5Ws%n@PkQ5`)0"l!ϰZ7 2"w#<%܍]+Eg஑Ax+k _o3ݸ{]a\ەuf:pOɜ+-LhPzYҭȾp(@RrL# L͔NDJPLJ;J,id'<HE .3^W~&:M] 7$;7s.Jq.@zŒ09?3ZF{v#GoxKJŶ< jjM }Q'0 BGrYOMWUB">`M0VC!f?K v؇`c$M殯+mHI|1,9-ƪORp2׏XΖO_@%JV'󤂶@6 S];ZCZMW+S ȍ4Ilo||ڒ틷4TkCmjy+/J|܍o;5{Wp~V=>#, ~:{f/ AUQCS@ M<Ą`SY!؍d((f}xbQĴ|unXՕ  aù-#-]fuɈ%&II"VJKgWJ'4$f_𼞲h\d/xK:xw :.?~ˋw=!GgyYʖdb.-[Wu?ݎ9N j)=STA Q6zD,g4 tW7}#U=\Za E8UCJhffhMSu~L*iGi;. *j#>|Kk!DѲgx2,V"c731o@UB+#քDl>Q9a>7eG? Rz AF6J0ζNf}% | j:xE2IS|{f{J i@rBT83t͎5-ۗGA}`s[5 57G#Yqt)/1Cj1/ =.8d UE Lp䵇-h;8*PD$^?!Lb ?G*3iEk3 <fN;SUjMMp\tO: &Rcx$^+yӛ۵5{*!I7kh9e!=侤D1u=lxΤ"FWQ87*cȃxmR7Vm<Pڸ+ )?[u+÷T4q"fwUI[S{Ux:LI6 K |]4-.&-ͩڑ 0B ֏e5by{/m_u d}GGekh nՇK>mqr'"IFFhxW= A2YȝH1[{nyhgLGBI9 XRDF:5,f(ߪ߹m;mcy^h6AE3ɾǭrш̤czEk2/;KXiJ3Ug]u&YVlxXbȃp.3<^p5@؀\tn WkkP#2bo'b! \@F^ QnyaOPٜ,1Z2Tzrɒf` ~yocA\+A<={8 8“.>+ ,!Yu!jYX^3e&%nk`8!^`<3q$lPz?$iɓFB MK5 ZEƻ no7DDA~'xMbT}#890KAqMGo\tf[DoTڤ'c]4,@l ~T"@SRxMmP6ƟY"#ErCl9 .G+w.›7qM?Xjn#,uY;Ke^v"1BˢΛq ab;N$( Me@}1̴rd+l'۹X̷|d5C{0_ҽiXd)G`DJ48OﯗRXdyqSU§IttD-(pDS1闣U)#l$: .Y֘+<eA!EB4I5Z,=1Btj$d~0kg@r/Fb'IK%&y2D?ʆ^_Y 0qX v{._KMm;D`-yΊi8=w Cd$IupoPa7lMmgXbI-r9Y L8VUJS]/V1LPF3~B϶qTRk9t_MooϷ,h ;ByKgLxחt{" ݶ/`3O`F֏rJWό)׭" od2j0gQE3<v;A4hҴ)x_Pvq.%װܸbq l#h2PF.#/Z=j4}n@.2:dF}?%6LM 뵃6$L=fI}bw8;JU=sK$ &yJqI4p2<_+>[p76Ѡg nnihj''Z ?#X=/[A(jh =Eq[{(1_o XNdA- Oa9f۰A_- zIOQ<(ӻy*ƺW:!e9Al2oW̥\UQD%2_XǔTg)N<2E:Snlֻ֘@MQ&)UM!^}І۬ęL.S'BoX&_ F߀TV̊HiˣjٺyyЂ&?Udi|Qs\ػqڰqGqߢfe+?O泊x&kdm`O[֮ ?@rMf Z~c6sth xr4m٨_e6t~fE0 J|H9v!Y2{澶ǕN^>Y+n?!J2(Ck#շ.YόMY>(ڴu0ddɧ'[3aA,D$pzˆ)Uo WXXSYYΘjl4rGm1= W Õ&a7rAk=Ula a4v=$GhZܫ ,ĒgooG*F.u\#gx&ƱtQ̝e#Vju(.YeE˰0O VSvqhzN&#݅" \AA$U:},Ҏ)pxj xS:1Я̪GS,ջ>? 1\ܙX*dzhQ:bML~qS2Z2©__Ӧ#ЄD!de;Z.-7U҅nOܛnpCa2+ |0 MuC-hO<Ï} 07{60ׂu zi-C3ZJlQ þ P%߂DI( vp}˝Oo &m rZ.̺zd}uuORV"q.B?Wfa#!NiZ )NHَ^v5[fv`V[!MV(2͸_GjIeg#O|)c%‰Kl_Kx* I91Pp#]Φ3z xPcn9dQ@8|TO)z8ʪb0KJQ"}&e B r}0aV-ɿlvCc),B8+Ms&M w?B:\/d-7]#wriH2>bRl0#eG%M(憀4A<0.}eNU\Cr4#7u5˛)5ƥ6_\fP8C@M>eL)*iZqA:'p uK5M38cJ}^5I#3N+#9&;sO\^fsWjό4TsN럭)d{4KFD>F7Fs󫓱RtV@»S!8v OFkEǵ-wV;)D(INֹ42vXVǶ(߀lyqht6tr*~1.dР&OB$<2Њ`(tU<6 &=vSKP$s̡ѓz׫)Q&1:]gQ9ؠ:$|{Iޠ?t9 ؜; $%K/.ܳ楓=z5қ-MN߄T9v10]t+^^X"Sz[ 8Ԡ׌6K# &ʻ:b*S'`! Q_:#\7D5<0pz{iH}(| 5e3CFobS$sF40gn">SнA04Lr+$#OGߎMDr_3"(0yR-5ZПc\CӅ:NpZ&`"TBo,Ra$\BdӟuGI;RqzPo..28cljCUؽ~Ϊm939ƳFElZ zf+}ofꝀ mjS?m=Rd/(|E)g'xsdcrg x[|%)X!zG-:R[/CS:FiF,4d`[Jmkx}SQ@+,5aFۨw1D'35x!|TղE&qMs.Nz@/h(P~>ӤD1U&IVhSw:\+sL~qOzßV31~E ;;-ߋ^=,,. ͓_WoGn,opnڭG$XWBiLٲVzÎb#jtkW*g'bYT*_/e֖ER T bx/ "hS]ԭMsOZ_V9(82m ۣdiL[f' ?Dcr*422c9?eUZ @JY*jLuCg\z~,07*gpcU{hG3N_QWZ΄uvt{9USj1#ns.Nabq^kɂ]5iBlr42)DqvR#7t묉Kbֳ.I4%Ҝv8d E)xpoqMjXBѸf&lDU{kOPE|߄;}g;V~qۧ2G\9hr5*(& 0=P&bE^ BU098ڬm`z`̤7ſ0HQ: Xa!QHܴ/9;)I\@i<4XXgKt|.1Kt$Mۂ6lPo:u~ҁRqPavt?~ʘ L p};ry"LA {@NYkSь+*|X v1}KaYZ,,7s! R/z@&)0BlQ_ط<Э QF+GU'V'$&+0!`aR:BEױ<%QoG:|-vH~aUw>n++ jK慓hF}^ z*È9Ź: scdvܻĘ^"ԶnT~BԑjúGJA{YrGs xΘ7 F&>eXl{;Q߱nN[ԹNYziDĭܡ(/P63_{ :=%)WP㑁D7}CV|A-nh8;%8(A:ܳ:jI8?BȲ9p‰%Pў=YzI Eg|كXp_Yԫjy˭BZi2Z뜷`.JQf@M(FGb!*T\u*zΣmOGt*UTh@tJX_ZT <*6~[k ~~\>j𒆇QON ͐I;q=.2m(f!Yf(s^Dp}ֺ:)kLYo V)>3` D#LJ(Xo&JO,zi;]M.Q|JRS xOEFaG,12|S9ZQcNT"J̌8u"~N|ۡk(K,Zn^+6Ke͸΃7tZ1bL0UE8v$FLvjfJmh!i^@9!w}}4!/O $(VX#TE֣¯@?r(.fgyB0 |ꯉ1!1>> ֩:t-4e;6^pH jVp!_&! V|uΉzCO8 $md&Je+ϏUTcՎfXotbQĔ~8Y5yK4vѩ4ȓuzb$"{hxD[ߌ>>P?N|:{aճD7g)g 8(b&SARmN>XُmKh:sh;)R"v&EO_xa"rwX *8̄n䨓'e#`A{} \*k?q'hUrC*"Evٵs{l5xчKL~ڳ#Rؑ܆v-[Qd  k 1HRPOoR&,XbcKp8`?2s;K|(c?l#Y.~uId1}HrU8,&8#xcz{(Xg28Dذ/ ZVLbG܏RVz|GN tx-MIo(>IPޕ,m2M5z2)Vgdv%$ ;^OX!l/i 6k~ 6n '!pY8;6Re<2{1#iP>$EٱΕ7ZD헇nQBK]nY,_?2 733 B{QknOak}O+ 8mߧIͮ\q~h(ziiGo(Sù Rf-C Ɲ]ѣQU\5v_{3G{;.3 R* O֒*m aPu{K370k@߶8cg<M(l"U;AnY+o~Y1})8osُQ-R wFF*|{:6TȞi(dѽRUޅ;cˡ`ʑ\#(x%,txvEӭ RLy4z`]+?6@@@]JP$ +:p`\pZxŊjEj[@FOXa 'm}Ҳp)mTKF0XUTk)=&xsK~lco =d;Xȃil!$bيs s8|ψ Ng їx+ݺZ uM5&kjʂ2IҲ>RjB)1L;չbkJĥ(%ss[)c݉Vf H䰠-| 6blVG}2|#A'`rPS47Z 1}wm&4nՁ='l׹%XBNcںV7Bvwxh Ph3p*=ڝte,>=+3!h/ԘP1zs8Av dzT\gFf kmΏPck/?_v% n2w̐^wu' oϵ{Mm?Wׅhm ޼n=_k 걦(K}\W,`./DM S][9_3Vc,B`7]uDӲnf ѕG4g.6,TUb3EiRV"+0I}zNpNGa Li %vC >,1^(L}qYVf[f ߫$w K>mWvUs ~NnG E [\R4 h#sIP X#|mi"HvyV٧ud<-T\A?#\_Rd enľ̷Fy(i[ute *`jQc38;f`Z+1D *'E 1DP$qt3ZOQB Hr'[뒽\>n)u2qM8u{M};wap4Խhh"47&Vh9ꃦKL Fi#F."% l> :}JTt orX'[P%vg/u7ԧ  0 T4v.$<̤xKZ+Sd܀~i$2@vRoG,"%W@1 Aaȑ;8_elgw$JD:diŔEBdJQ*Jw[ŌGhUeeѓu23v4zp0֨p|E(<#5i3AfK|q*y/{~z#s/2TqȴQ{4& !5Ya~9oyR㥑x>Hl6Tfd`&9;*xt4*Ϝ@9sɳa%Ci2WFO/=ۜSz y% z}p%k殆-wֽR3u>OԲ Bz tj̤ *s\3qUO(67:#+Pdpv5GvFʛxHPi¡Bc'WB I1q} Ros;(1sKzV(yc> 1(FkۧC1)PWQZzɽ#屯}YrbLjADߧhm5%GY|1m4'7DIv5]S5= c5Y70dxg03&} `0ABies?2y0pwf'Ǹ-w"%[Ik6#~˙˗}>y#Lx }BYh&}ʏab|xݞ!dJ&fԔ740šu *Xi J1e߾.uJS=YLf$Eh)*{VUEތ쓨kqR+*Ww 0`sP,QfT%dK ߰B?b/ªXIcjB#3¦cG=Kn arn$t&?]_thD%ߒ"WdL6E˩bLa9ْ.5F=(]9f = y<!ҼB \'+ \D&d6"umBށcv=2baYӦy"M|&,-Ӄ_h_~L+9,BůseEkiz ~G'Rlp~PQ@o5;sLw2$ϖc+F!\2+ۥdopU)Q9iڙPRkf6Zt|^? ˮ!i GMX Rܥbh%!K`e6F@͕gybpu{~@'[׏>WHzOxGSSS8Nt ,Y_ cW^qnmǿ׋ :n5(…|8%'Q~<'&)2d,=kBx֐2J$Q>씚^*7I|s,]9F_Me ]E qHgzFQ,oF`jǸ( MG `#B9?x]kǬI3J,1n1鋥$<#8TKS1J[x2 5eW|MbZ=F)ьpkDmNr?Xcg@ YC T2~ql)## 1>Z*`ٖJ vĔrH^}I.F<"ecz`ʋ1yb68K Hkq"&T Nk[E8]hGBdӌnyϳ$8jĠ]A vN.T~گ#CPL;y{`#QqO| vrmh%fMy8ڌh754n J[4{ML=ouZoRLM7JAyAL <&YL--~!p <5۩L6n aEsvzܕOֲ*iQAA' f>BrJ^బa dtP^PJH%VFc{eAFx[K Sqw[P71XIgY06pF?MJ`URrcq{-uO@2Xiu1.*%ƓQϡߪuҦ\JHvmKiFCPyɡRMqƗf5! KSu\GL&.aWY.gSZoI)jl #հ{Rtɒ^T =5z[^,~lgB\OEX&GB)borG q&>-I 'YsQW l~$gkIf3t8{('O '125  }X#kq޶õ|fqdkMw80D`ĸ &y ._]ԥ'Q*4|j eh6<x [Wϲ?[<# ~ſ1L`9-yGucߒ v4eGab|;/}S+!2'E2TL]ph`bMhEEoy #ؖ&H7*;K>(RENcEh9EQoHE~ƈ-`׺#[b?v8I  Xw {:OTH]xhP5Y69VBz,[>{\b d#I,CQ6VdGun 2xqͮ/ʚ5m1B_OrJJܼhQ?d匱9ڒ]CWBV~tgck" ~O ~^a p#`] hnjIDsy 5&<λc¶i* r|(v|:†潹585܆td85>C,I6XѨi ԇbtySog7}jňfG f5W#@lLF :7#Rz@F:q4xܒ Oѭ8k0$e\\zzUlA'f7Df ᥒl ~xG]7_ '>. WČ:M T|C#a ڵѲ W _1>vFPO|wSQT|4eBilcfo| +*r艤nyS| &B!]ԠFq-_OÿlCXn?]F]8 ReTO2}g Қ0]u|Ye 80*e*Q{<&GHw B@Ph?F>8-dJyJfVDaۀ1;\†H94&~E_-{P3u2=ʧ9qwdžߠSCY*0E^9[D~bw-  >c]B~Íým{" F[gEհ{,ZqUP'o8yL}!fo]ܫ)Yyǃ}п&/N8|b#g,D5AZtdce+MGg+L~!`I{sy^`0U;oθGwXmو>>b뚨W ٻ:Fy[FMuvl9(z$FDD=-'3oz'`P:cP^AGytM1A7`5r8FŘ<Cˇ3U-;@:y1 G-cc"\H}7muHd+=Ht)N-t]T[h>mՑq#|_hW`2ns|s\Q1b2g6(AvwR)ARSl#"©#W)r3jPLef![e_;I& K2K0JLGpiWD9H[8n|3shYb3֎\i#Vtћu/KvzLKxT0&j'n;B"à 56 -/Z#&&z== Fݬ֓5!Y6Td#e(|;ׇ6 0{4]e% a~ż|(ү۠`W@?%QRm3삷S #;!EVn*s_L7I*$ /aAn[ʚ\j,GT~lALǪq9ddD7N^0ji Tf/*"ovt]G*P&bx WE3ÿNNQtրvQH׼m)f,!~KPKYgIBw~yHFjXf9'{FC@=6w0 \tm1Ć/pfOj=ͣPD+ibIE8u(X10̲@!}bEyzhźwpϺU8;>zG uuԃevIuvY7-c"87 +-F&oyFN=XיQx#M;kOIx1mҊ,Hq:YZ sxz-ƺu`ebA^]T!L#l% ףFN p_ 5/г<̃Y^Dwpr ̓hsO0=O\Vh}sQ1-юbG媐Ǻ(8A<n'ny82"Zf=jV2̐dBB<|^^jԜ =XӚ "(Ȏ k o Ih?ȎɐPpITf(} X)wkQeǼ)oA^A\5-X37]4uX#4 'H-ETnDLHw`epB'*]=i+ޛ-3Ӆ+- s ;'Ni랆$f4*=YWP!W bwNq&Y 4%$ ѤYmCl@L51k &0NոD@eTD:$~i¸n5֌=aBE y SfS7(7K!noj.߃P#6 ~zM#My5HDŮSie=#P1|uǠ!(N;O`0z bc@9{|e I"īUYM+`-A#~=~ipG񂒻;줧B-yTzq)Rj%éx7KT( ْFiMC=ަND|""F|WjZ7;Hw 3'@s\BI`/Njm+)UZ`in(py׽RO(5Ub YIrqg<`&#S҂u"π^hL.2Ê.5]Im7tVpc^x7F>VG?%qe /-JM&BޓS5{Iv>Ȅx:@ӫfI&(YʭаEL}j 6tqN }]a8L75iQ5U%Z"1Wy5H!ӚG$T/C:U?Ƈk~p Xy#iu^L0#)o#?L=!Pdq!>sq&c$[ym2"7߈<=nuVEUȩ\'LwE*6Kae&,qܑ+vs$oT|ڣ?a-͞(9pz $+nFF9JZZ2: %4&NȔPo`7}mj,Z6g^&e*#|nu(ūe^#GōtReY3=d-˩YTieamRDb~a-hwRߙ;֢͡0* 2#{;1RSfPl]CO i{gCA՛1j&ǟ:vp3\ؤ&${\/⢘5ݼw/+5}e ~4^XaAdO&Uؑxͳ}6 :\+z 50o㴯ca(T%Vx0i`]v5Owcz[Ecȗ򰸣ؕ.t(>Vg'*YEm4/!bbc.#ח \q-w_Q=⟐0bh]]K urMܣAYگu\uۀ퉿o%C0|x8} $q }=b-AނI b ly6N!H56ڄO]4[I.WֻJ,dHXQ!اh67PVzh2qhP!y$WJl D'ãY ?W@]6܆x 8 ,K.OkWفSfAAaV[[a?yw˪ñ$:R.\t rכ0ehuӊ\1m[u¥dQwZ͇kޱ*AZ1k2eRN쮽%7]!+gyŴlW)eh vU_Uj&!UP1!8beոh Yx6:1,rvpYn{5Q/Hfv4YY؊Zώ496x:̚O(H|p 2QZ(-hU5O*ҫW?\*􀱏V8b>?G&L*RF<8 ׿ J=ř%X5MMw1L`Uxqz*08%1]]]!4K-$)t84JOPGrJ 綛H75 $B*fIl %h'k1O$>43]w‰2|u<,;7`?myGt̤`JRauxDL<3k>{5}Ҁϝ9ީNXI/'iYį9:Bj>FM (O1m+`{/y'îlw}4^\ X#$~H.`[bH4, n{0XL=GKaxtʎJ*mh}\{X-47|UtmeQc1_n7鏭mDwW0Lr fd@Ӵe~k?OP*Feׯa>wFcfw+zCהohllA߱p[u8lյ_$e -1 l?t K,É-t80VD,W&Et :f} 42nG!Rr*UdBQ-rw*OnyGXAK $}uj%FKE5ڭƼ[@q * C:3~a{PK[PY \n.i[h-WnU鏝f[`5Ed +kjCY݈Oʛc;]iw-]} 0c ÈƬW98˙FϻⷩE< hHd%4HeVS ,B͏?4/ WqO u(VY%e/Sl+aZ.`U;O(# DK㬌BAʍ=[N#[ǖ~FZ"3L!^ypZYQO$!w7N:T/SPZ6gt䊬(ل3ZzǶ.XxDh=`w2cɇD R#]Ӎ&>$nU LUggIt'aڵ)2pF= n@_/d׿;!21#c' wE.z{[0T(td  cSKxc=ՈlZ{9Mzɑ̰c@5Kыjwc4O0q"4\ȍO(~Ƨl bAL2* >kO.!6kWjz4-Ԧm+2ք*-vw4|@RS3 /NYyᇬhN۬Crૂ -Y=#ޡ%J<9|MToH,#c!9PK3%|,g6.R"?A"eqn/j;v*2S}n|k\NLӢyBS{Tu=Hʬpj_Þè :l!AL~8ص*qA}pdn+-PbH: J<75!(|xOak0`e&ig/x(Cįpn,I!/\5e{ kr\V^p - q dh{t^d-M!x% T]/hx>׾u=/sԦDU\ǁ853E+M_nfm )ⴶK#r[`F`gpp`z2R: eZќ#DoK?UI}86)5gy9@HآɊ1Cl!wK}'|# 1[A \GCh}M3Ps;yԮ 'Az@Ŗh [JsVcV6 Wfr[`(@|%Rڻi>3я{ /({U(sB+ix<7Hv mcDO{=8n(s(-C1Qm N_A֭eޏSqt;F,n_ӵ$n|%^tҗFՂ 0eڨq>RaH)eMTJVE觰 mX#X 79Q 2{g"%hCN/8x] @z >ֶJ`f~׏TrD uaGC;*Kyi! :ǚ\OsG f-N)" >K> n*e&qU&$dxNilξ{{uWf o֯,nzI)ya~GVic2ZAEBG:j,)Fw) gZCalfF_H ;j1|mC9UC8̪/yF{ǻoP jwm}740С xΤ:@VѾ/I2\N"m6!]@ [85XDyX% uFאKd n]1R#Y:ca`>|@ewgg"6n˸X{$D 8z;cLK8*oWMw BBϾSIˮ|/#sjhٌ͚QtkJk{'[MGCS0w;)VIҞOE1`05ֺ l|[aqlxSJm/=HaX-<, 21kJ7upBLP$ p.?Kx( ɢ9#G\Wb-j/2QdJ>`X'`J$nZ ~1;^vgǒ@F8r @)G 66-47]flL&46oTq|[w0I50"~h7HXPKy=tcD$#?Vքŝ67j{;ڞG8v:/0 -;[E~L!qodbntAaf\mo]a ͘qKI{7 KrU<9;[06/QtEiv&/Nb*Z܂U*|:U WJ &4et#a`kӿT lVbTcsDГlKXCYL&l#V?6ZO6 k?6cK_PC< f+-x1d[l e[Dr˸r(P$zŠE;Rc$ xֵ) VXcNRkKMpdhJeBhja6FE7S魮B h\qZu/xm4l ]Cl3Is-(WERGH)BM~J4[iz*s;rh<%ꟼkWD,urs/.GDTnJ5`OG=G3lhSg8w@_",F@UZJAAIy17\T>_8${ ތCV6vV󥗅 DCԈ$C Q'dICCPψgG_o8* #U$-ܘ{$Fi>d Q6IF04GgƝ=/цJN&o2 FHe }ڔ{ȑSYm&riM]Pybzs '0cb%F 8(@$[6M_Q_\U[>'ӂ%C0QѠ&N5 8T=Y{J.Zae\{7LwtHRkY$ St;V]QtJ8ռ{^_"xssia.ݽxw0]6ci/a[f%q$4CɾSDk&&z-)H,J<,rFy@is*!#ˊberwWdTpFL#>$Yva4B`A!&[ 6>.#o0,uɦ~"+fn+N){}_j$y3ЇÍ >]f__ } >ԧEY w9JWㇵg7m#T>KlF!Zd?5iu;-|rn0AQ'yt/τ )Vx3{T,iCU3DG,;ӖKB|^RX2ݱu1yScw/ HN`CEGWch^¶Ae "af"B0z !N_<%mOcOZ`1^o_ye,A'[Pg\t0`j;S&۰Bk&;Nd5|BX(Ra1\̯oah>N+>в\:\?٠)v6M9y;$G=q鿭gUsFJ"$ո?/Vwh1/oćntYceڗZ˅EӔUl|Q3.f4zgz =eV7Td0rP) -Itxv^s)-&[Dt,Oy{g6e*,O.r |qXg Z·Oy|83IA9dݙtn>DY臭|ySKiq#zզT*%꛻هJ߶$w98&^V*S1:vY3{S@}3:k<*qɕ3(@fABEI9|3 5a"jŠ^۫+E״pAM1>t'Q &p eT1%tFBouBqYUDXnj_\Rh=o"wY)'r޷TЌgUtHpu WR!8RK%`)w)@1{n^fkjY>M=Pp6MTYdu vŌ~zs%Ԩ7JIԡtdZYjm!,IP "\Q|jx\7v$|$aZ~CNn x}WF .X~Uj(f]l3>1y\ p7q2$Z(<Ï J3AP1a<e%n((ߊݛ6/e.t{Vвa w~?dqoIhؘ ̋Uk,m8q4D@6%ϴ6RqR$2V*Z;K>FĀH\(1,b`өCdLm?*f~1%MjI~yu|+;W"C ]*]Vu82l. UL_cĤ#)'UDwgcoAՎ>me[Xw <[8ό2fޭ(@#VSv'5;gK锱!'R?uZ ,NHPͻzI2X62̔lL?`׬a \5.|2dܠyf1l31o%r](" ZQf2 rqY@eo:x_Mp`ihW?oES/5M1K+cEJ)jf'%7oqp~/Ҥ>j@|[8!P\Vs;[qƿųILЀJLw6}sQ$v$ʆt(qF0j 6xJoCYd-dH*[qd߸LJ )zwT.NJKJ't0e|Tw1WNMk&>ZIOLVsG`Qcp{ID)-T9h=wAc!TStzFsOK#gdu˵SbҊ 4ۊ(|. AU愜f[0" ^*`r;^EZύO `s x%Y 4 h>?͟n?UАwnb,XYH mq)2L|17=J#}Gh*DL:%,'Mo(d1 J^G|1&ٲW({@8 Ę&A`N\W. 43h:VkՊK"{))#g:pLEk0a74`)ueDY$~nG8m;+ ީmtc|]Ŀi^5`6"u Cq9S!i]!|!?{.vNjRIw.{,]ȥ ߶ YZ