openldap2-contrib-2.4.46-9.64.1 >  A b/Dap9|: i @'!_/FvFSjcѷڶ~7d/dUU0DfU]AN6,d$X^[v2\΅L1`5Mr,f~[akb;߯,h%UQwMǵaYi+٣&sʢ0@cp>u?ud " ;DHPTm 44 04 4 h4  4  4444  N (x8:9h:::FcGc4Hdh4Ie84XelYe\e4]f4^iHbi]cjdjejfjljuj4vkpwr4xs4ytP;zu<uLuPuVuCopenldap2-contrib2.4.469.64.1OpenLDAP Contrib ModulesVarious overlays found in contrib/: addpartial Intercepts ADD requests, applies changes to existing entries allop allowed Generates attributes indicating access rights autogroup cloak denyop lastbind writes last bind timestamp to entry noopsrch handles no-op search control nops pw-sha2 generates/validates SHA-2 password hashes pw-pbkdf2 generates/validates PBKDF2 password hashes smbk5pwd generates Samba3 password hashes (heimdal krb disabled) trace traces overlay invocationb/Csheep64SUSE Linux Enterprise 15SUSE LLC OLDAP-2.8https://www.suse.com/Productivity/Networking/LDAP/Servershttp://www.openldap.orglinuxx86_64(hp(h~8p)w(8)(Xi (8(~H;Hp( 큤큤큤큤큤큤큤큤큤큤큤큤b/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Cb/Ca29e90de58f7fc18fbe7962fcfbe5add2fdd3c85fe715a1d6639551f37d3936eed3bf332cec0d938dd29af30980dc8458e6b43c02eea5ac6908d62887348590a3fc29e4e717f3fa44236e6b004246cbfb579d2bb816398755e4a071ede5d40ac0020f368a2c58100ba52e73a853c41bd0b9bf25325a678c9025d4e1f4642d8b72f61a1ff922f16618fe8becd68d62b51badb81a6f266f384e566bed25b3c920af63a339d0ebb61685b8e4f4d31d3c5e58ebc16e68d7d6eda8170cf3a84c649633592f976ca689d85c457aaec0f6af293783d07c3304f5421f3a8428416b1dbd648e7e481b123f6c24458a9d06c1dc1015dab458d7b6d4c72c7c44419e62e27dce084b9ff54510aea552ca6661b6d9f36a00ae11a6d01401bb0ebaa0572f1606a8dfc21a359aa290a6b53a32f84d33820aeed5245be9bf58b41440252d81c8079b13a9dcc49ef2f54f573378a09b32679cfd6b5a6ffd009998a6dea39888d4f6168f3679634007aec1cba3f20ad9617d4453c171e4a90f4aa56ac667e9eb55b49ff5303bcc6b5d36b7f6e7fa20481975e2b7fff375bab602290db5c7f796534e67338c75fa5ab29476fddaf084686b8b00d252bb829109b55889a682c7e231cdc6c7788713fdec6736ebadd99e17c817dc807dea3fceabdbf0cd7b17865ed827e3d7af119392112ad3bc43719911bd4b8683a35f51480abc622b65b374a677a10d1d040e86ccb662118e9ddc449b0dde6f55fe1052a313730ff351787156706aeedb3cdebf6217e5ce72d65ea408c99788f501bb93b603aa06cceb58b21ea246b9cf9cb1bab260523d73902e3d57aac9129137d2e6f6ebe792ad2b2b62b0b3725230931f752a8a14992ebb6eedc2ddd2bf0363b5eb0eaab447af34f210ee724d01b0b9927dd05e1b0fa4d17885adf92d2de83287ca6445027f08531867c265cc9e10797bdc0fc7b3fa8c6355442c44839ab0ae21bfa007cda92d5dc01f1de67e08fa7c296b29698018f89f2bab899d100df95c2080ca2c3fd5b7d738926382e786596602428aa80ebbe3b186a039d0d4791da8a0de344c636d8089182d3f5a1b156bd132fa0c0a1323f07e24fc2916523838aab85e43703a44abfda0eb2afd081b4a4df2c606b43ece721d7d492b739430b0d2452ae30cbd614a863f4fee86e71addpartial.so.0.0.0addpartial.so.0.0.0allop.so.0.0.0allop.so.0.0.0allowed.so.0.0.0allowed.so.0.0.0autogroup.so.0.0.0autogroup.so.0.0.0cloak.so.0.0.0cloak.so.0.0.0denyop.so.0.0.0denyop.so.0.0.0lastbind.so.0.0.0lastbind.so.0.0.0noopsrch.so.0.0.0noopsrch.so.0.0.0nops.so.0.0.0nops.so.0.0.0pw-pbkdf2.so.0.0.0pw-pbkdf2.so.0.0.0pw-sha2.so.0.0.0pw-sha2.so.0.0.0smbk5pwd.so.0.0.0smbk5pwd.so.0.0.0trace.so.0.0.0trace.so.0.0.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenldap2-2.4.46-9.64.1.src.rpmlibtool(/usr/lib64/openldap/addpartial.la)libtool(/usr/lib64/openldap/allop.la)libtool(/usr/lib64/openldap/allowed.la)libtool(/usr/lib64/openldap/autogroup.la)libtool(/usr/lib64/openldap/cloak.la)libtool(/usr/lib64/openldap/denyop.la)libtool(/usr/lib64/openldap/lastbind.la)libtool(/usr/lib64/openldap/noopsrch.la)libtool(/usr/lib64/openldap/nops.la)libtool(/usr/lib64/openldap/pw-pbkdf2.la)libtool(/usr/lib64/openldap/pw-sha2.la)libtool(/usr/lib64/openldap/smbk5pwd.la)libtool(/usr/lib64/openldap/trace.la)openldap2-contribopenldap2-contrib(x86-64)@@@@@@@    libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)liblber-2.4.so.2()(64bit)libldap_r-2.4.so.2()(64bit)openldap2rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.4.463.0.4-14.6.0-14.0-15.2-14.14.1b/.@b[@``KW`/@`+_@_@_/@_FN_?@^^^*@]B@\ڭ\r@[H[@[vZ@Za@Z@ZZ.s@Z@Y*@Y*@Y@Y@YYp@Yf@Y7Y6@X@X7@X$a@XWk@WbW;VVɦVŲ@VŲ@V@V@V@V@Vf@V^@V\:@V@V @U4@T@Tuwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comvarkoly@suse.comvarkoly@suse.comckowalczyk@suse.comckowalczyk@suse.comzsolt.kalmar@suse.comzsolt.kalmar@suse.commichael@stroeder.comfvogt@suse.commichael@stroeder.comrbrown@suse.comjengelh@inai.demrueckert@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.comhguo@suse.comhguo@suse.comjengelh@inai.dekukuk@suse.comhguo@suse.comhguo@suse.comjengelh@inai.dehguo@suse.comhguo@suse.comhguo@suse.comjengelh@inai.dehguo@suse.comlmuelle@suse.comhguo@suse.commpluskal@suse.commichael@stroeder.comhguo@suse.commichael@stroeder.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comrguenther@suse.comjengelh@inai.de- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression reporting is bsc#1197004 causing SSSD to have faults.- jsc#PM-3288 - restore CLDAP functionality in CLI tools- bsc#1187210 - Resolve bug in the idle / connection TTL timeout implementation in OpenLDAP. * 0231-ITS-9468-Added-test-case-for-proxy-re-binding-anonym.patch * 0232-ITS-9468-back-ldap-Return-disconect-if-rebind-cannot.patch * 0233-ITS-9468-removed-accidental-unicode-characters.patch * 0234-ITS-9468-documented-that-re-connecting-does-not-happ.patch * 0235-ITS-9468-summarize-discussion-about-rebind-as-user.patch * 0236-ITS-9468-fixed-typos.patch * 0237-ITS-9468-always-init-lc_time-and-lc_create_time.patch * 0238-ITS-9468-do-not-arm-expire-timer-for-connections-tha.patch- bsc#1182791 - improve proxy connection timout options to correctly prune connections. * 0225-ITS-8625-Separate-Avlnode-and-TAvlnode-types.patch * 0226-ITS-9197-back-ldap-added-task-that-prunes-expired-co.patch * 0227-ITS-9197-Increase-timeouts-in-test-case-due-to-spora.patch * 0228-ITS-9197-fix-typo-in-prev-commit.patch * 0229-ITS-9197-Fix-test-script.patch * 0230-ITS-9197-fix-info-msg-for-slapd-check.patch- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. * 0220-ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. * 0222-ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. * 0223-ITS-9427-fix-issuerAndThisUpdateCheck.patch - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. * 0224-ITS-9428-fix-cancel-exop.patch - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0218-ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0217-ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch * 0216-ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0219-ITS-9413-fix-slap_parse_user.patch - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. * 0213-ITS-9406-9407-remove-saslauthz-asserts.patch * 0214-ITS-9406-fix-debug-msg.patch - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). * 0212-ITS-9404-fix-serialNumberAndIssuerCheck.patch * 0221-ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). * 0215-ITS-9408-fix-vrfilter-double-free.patch- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. * patch: 0211-ITS-9454-fix-issuerAndThisUpdateCheck.patch- bsc#1178909 CVE-2020-25709 CVE-2020-25710 - Resolves two issues where openldap would crash due to malformed inputs. * patch: 0209-ITS-9383-remove-assert-in-certificateListValidate.patch * patch: 0210-ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch- bsc#1179503 - fix proxy retry binds to a remote server * patch: 0208-ITS-9400-back-ldap-fix-retry-binds.patch- bsc#1178387 (CVE-2020-25692) - unauthenticated remote denial of service due to incorrect validation of modrdn equality rules. * patch: 0207-ITS-9370-check-for-equality-rule-on-old_rdn.patch- bsc#1175568 CVE-2020-8027 openldap_update_modules_path.sh has a number of issues in it's design that lead to security issues. This file has been removed, from the package, and the %post execution of the install. The function is replaced by /usr/sbin/slapd-ldif-update-crc and /usr/lib/openldap/fixup-modulepath, through the addition of the source files: * fixup-modulepath.sh * slapd-ldif-update-crc.sh * update-crc.sh- bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. * 0206-openldap-tlso-use-openssl-api-to-verify-host.patch- bsc#1172704 - Change DB_CONFIG to root:ldap permissions. - bsc#1172698 (CVE-2020-8023) - local priv esc via start script chown -R on olcdbdirectory path. Remove chown -R on start to resolve.- bsc#1170771 (CVE-2020-12243) - recursive filters may crash server * patch: 0205-bsc-1170771-limit-depth-of-nested-filters.patch- bsc#1158921 libldap-data should be requires, not recommends to help prevent user confusion around configuration ownership.- bsc#1143194 (CVE-2019-13565) - ssf memory reuse leads to incorrect authorisation of another connection, granting excess connection rights (ssf). * patch: 0201-ITS-9052-zero-out-sasl_ssf-in-connection_init.patch - bsc#1143273 (CVE-2019-13057) - rootDN of a backend may proxyauth incorrectly to another backend, violating multi-tenant isolation. * patch: 0202-ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch * patch: 0203-ITS-9038-Update-test028-to-test-this-is-enforced.patch * patch: 0204-ITS-9038-Another-test028-typo.patch- bsc#1111388 - incorrect post script call causes tmpfiles create not to be run.- bsc#1114845 - broken shebang line in openldap_update_modules_path.sh - fix the script- Emergency fix: move tmpfiles_create post from the library package to the main package's post script, which ships the tmpfiles.d configuration. Fixes the post script of the library (-p /sbin/ldconfig does not allow more statements in the script). - bsc#1111388 openldap and /var/lib/ldap/DB_CONFIG* (transactional-update) * source: openldap2.conf - Added a patch to let slapd return the uniqueness check filter used before constraint violation to the client. Fixed broken memory handling in affecting error response of slapo-unique ITS#8866 slapo-unique to return filter used in diagnostic message * patch: 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch - Don't require systemd explicit, spec file can handle both cases correct and in containers we don't have systemd.- Fix CVE-2017-17740: when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack * patch: 0017-Fix-segfault-in-nops.patch (bsc#1073313)- Fix slapd segfaults in mdb_env_reader_dest with patch 0016-Clear-shared-key-only-in-close-function.patch (bsc#1089640)- bsc#1085064 Packaging issues have been discovered around the openldap_update_modules_path.sh which has been corrected: - the spec file was wrongly configured, therefore the script has never been called - the script should create the symlinks first, as slapcat is useless on a system which is already affected.- bsc#1085064 Add script "openldap_update_modules_path.sh" which which removes the configuration item olcModulePath in cn=config which is after upgrade from SLE12 to SLE15 holds inappropriate information. If the cn=config is being used on a system, the conflicting items in slapd.conf are ignored, despite of it, the backend DB configuration section has been also commented out in the default slapd.conf. In case of correct cn=config (the olcModulePath has been already removed), the script stops without touching anything.- Upgrade to upstream 2.4.46 release - removed obsolete back-port patches: * 0013-ITS-8692-let-back-sock-generate-increment-line.patch * 0016-ITS-8782-fix-cancel-memleak.patch OpenLDAP 2.4.46 Release (2018/03/22) Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717) Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373) Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687) Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791) Fixed libldap MozNSS CA certificate hash matching (ITS#7374) Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389) Fixed libldap MozNSS initialization (ITS#8484) Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650) Fixed libldap memory leak with cancel operations (ITS#8782) Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705) Fixed slapd to maintain SSF across SASL binds (ITS#8796) Fixed slapd syncrepl deadlock when updating cookie (ITS#8752) Fixed slapd syncrepl callback to always be last in the stack (ITS#8752) Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778) Fixed slapd CSN queue processing (ITS#8801) Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720) Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520) Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226) Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404) Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692) Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752) Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100) Fixed slapo-syncprov memory leak with delete operations (ITS#8690) Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444) Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100) Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607) Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800) Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486) Build Environment Fixed Windows build with newer MINGW version (ITS#8697) Fixed compiler warnings and removed unused variables (ITS#8578) Contrib Fixed ldapc++ Control structure (ITS#8583) Documentation Delete stub manpage for back-ldbm (ITS#8713) Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121) Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818) Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715) Fixed slapo-syncprov(5) indexing requirements (ITS#5048)- Use %license (boo#1082318)- added 0016-ITS-8782-fix-cancel-memleak.patch- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Add openldap-r-only.dif so that openldap2's own tools also link against libldap_r rather than libldap. - Make libldap equivalent to libldap_r (like Debian) to avoid crashes in threaded programs which unknowingly get both libraries inserted into their process image. [rh#1370065, boo#996551]- use existing groups instead of inventing new ones- added 0012-ITS8051-sockdnpat.patch- updated 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch- Added OpenLDAP new feature implementing OpenLDAP ITS#8714 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch- added overlay trace to package openldap2-contrib- Upgrade to upstream 2.4.45 release - removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch and 0012-use-system-wide-cert-dir-by-default.patch - added 0013-ITS-8692-let-back-sock-generate-increment-line.patch for supporting modify increment operations with back-sock - added overlay addpartial to package openldap2-contrib- Remove legacy daemon control that was used to migrate from SLE 11 to 12. (bsc#1038405)- There is no change made about the package itself, this is only copying over some changelog texts from SLE package: - bug#976172 owned by hguo@suse.com: openldap2 - missing /usr/share/doc/packages/openldap2/guide/admin/guide.html - bug#916914 owned by varkoly@suse.com: VUL-0: CVE-2015-1546: openldap2: slapd crash in valueReturnFilter cleanup - [fate#319300](https://fate.suse.com/319300) - [CVE-2015-1545](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545) - bug#905959 owned by hguo@suse.com: L3-Question: Are multiple "Connection 0" in a Multi Master setup normal ? - [CVE-2015-1546](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546) - bug#916897 owned by varkoly@suse.com: VUL-0: CVE-2015-1545: openldap2: slapd crashes on search with deref control and empty attr list- Drop binutils requirement; the code using /usr/bin/strings has been dropped in openSUSE:Factory/openldap2 revision 112.- Remove superfluous insserv PreReq.- Introduce patch 0012-use-system-wide-cert-dir-by-default.patch to let OpenLDAP read system wide certificate directory by default and avoid hiding the error if user specified CA location cannot be read (bsc#1009470).- Add more details in the comments of slapd.conf concerning file permission and StartTLS capability.- Test for user/group existence before trying to add them. Summary spello update.- Move schema files into tarball addonschema.tar.gz: ldapns.ldif ldapns.schema rfc2307bis.ldif rfc2307bis.schema yast.ldif yast.schema - Package previously missing schema files in LDIF format: amavisd-new.ldif dhcp.ldif dlz.ldif dnszone.ldif samba3.ldif sudo.ldif suse-mailserver.ldif (bsc#984691) - Fix a minor issue in schema2ldif script that led to missing attribute in the generated LDIF.- Enable build flag LDAP_USE_NON_BLOCKING_TLS to fix bsc#978408.- Move ldap.conf into libldap-data package, per convention.- Move ldap.conf out of shlib package again, they are not allowed there for obvious reasons (conflict with future package).- Build password strength enforcer as an implementation of ppolicy password checker, introducing: ppolicy-check-password-1.2.tar.gz ppolicy-check-password.Makefile ppolicy-check-password.conf ppolicy-check-password.5 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch (Implements fate#319461)- Remove redundant -n openldap2- package name prefix.- Remove openldap2-client.spec and openldap2-client.changes openldap2.spec now builds client utilities and libraries. Thus pre_checkin.sh is removed. - Move ldap.conf and its manual page from openldap2-client package to libldap-2_4-2 package, which is more appropriate. - Use RPM_OPT_FLAGS in build flags. - Macros dealing with old/unsupported distributions are removed. - Remove 0002-slapd.conf.dif and install improved slapd.conf from new source file slapd.conf. - Install slapd.conf.olctemplate to assist in preparing slapd.d for OLC. - Be explicit in sysconfig that by default openldap will use static file configuration. - Add the following schemas in LDIF format: * rfc2307bis.ldif * ldapns.ldif * yast.ldif - Other minor clean-ups in the spec file.- Use optflags when building- Upgrade to upstream 2.4.44 release with accumulated bug fixes. - Specify source with FTP URL - Removed obsolete 0012-openldap-re24-its8336.patch- Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch into 0010-Enforce-minimum-DH-size-of-1024.patch- Upgrade to upstream 2.4.43 release with accumulated bug fixes. - Still build on SLES12 - Loadable backend and overlay modules are now installed into arch-specific path %{_libdir}/openldap - All backends and overlays as modules for smaller memory footprint on memory constrained systems - Added extra package for back-sock - Consequent use of %{_rundir} everywhere - Rely on upstream ./configure script instead of any other macro foo - Dropped linking with libwrap - Dropped 0004-libldap-use-gethostbyname_r.dif because this work-around for nss_ldap is obsolete - New sub-package openldap2-contrib with selected contrib/ overlays - Replaced addonschema.tar.gz with separate schema sources - Updated ldapns.schema from recent slapo-nssov source tree - Added symbolic link to slapd executable in /usr/sbin/ - Added more complex example configuration file /etc/openldap/slapd.conf.example - Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap - Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap - Added patch for OpenLDAP ITS#7796 to avoid excessive "not index" logging: 0011-openldap-re24-its7796.patch - Replaced openldap-rc.tgz with single source files - Added soft dependency (Recommends) to cyrus-sasl - Added soft dependency (Recommends) to cyrus-sasl-devel to openldap2-devel - Added patch for OpenLDAP ITS#8336 (assert in liblmdb): 0012-openldap-re24-its8336.patch - Remove obsolete patch 0001-build-adjustments.dif- Introduce patch 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch to fix CVE-2015-6908. (bsc#945582) - Introduce patch 0011-Enforce-minimum-DH-size-of-1024.patch to address weak DH size vulnerability (bsc#937766)- Introduce patch 0009-Fix-ldap-host-lookup-ipv6.patch to fix an issue with unresponsive LDAP host lookups in IPv6 environment. (bsc#955210)- Remove OpenLDAP 2.3 code and patches from build source. Compatibility libraries for OpenLDAP 2.3 are built in package: compat-libldap-2_3-0 Removed source files: openldap-2.3.37-liblber-length-decoding.dif openldap-2.3.37-libldap-ntlm.diff openldap-2.3.37-libldap-ssl.dif openldap-2.3.37-libldap-sasl-max-buff-size.dif openldap-2.3.37-libldap-tls_chkhost-its6239.dif openldap-2.3.37-libldap-gethostbyname_r.dif openldap-2.3.37-libldap-suid.diff openldap-2.3.37.dif openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif openldap-2.3.37-libldap-ldapi_url.dif openldap-2.3.37.tgz openldap-2.3.37-libldap-utf8-ADcanonical.dif README.update check-build.sh- Upgrade to upstream 2.4.42 release with accumulated bug fixes.- Upgrade to upstream 2.4.41 release with accumulcated bug fixes and stability improvements. * Add patch 0008-In-monitor-backend-do-not-return-Connection0-entries.patch * Remove already applied patch 0008-ITS-7723-fix-reference-counting.patch * Remove already applied patch 0009-gcc5.patch (Implements fate#319301)- Add 0009-gcc5.patch to pass -P to the preprocessor in configure checks for Berkeley DB version- binutils is required for "strings" utility invocation in %pre [bnc#904028] - Remove SLE10 definitionssheep64 1647264684  !"#$%&'()*+,-./012342.4.46-9.64.12.4.46-9.64.1addpartial.laaddpartial.soaddpartial.so.0addpartial.so.0.0.0allop.laallop.soallop.so.0allop.so.0.0.0allowed.laallowed.soallowed.so.0allowed.so.0.0.0autogroup.laautogroup.soautogroup.so.0autogroup.so.0.0.0cloak.lacloak.socloak.so.0cloak.so.0.0.0denyop.ladenyop.sodenyop.so.0denyop.so.0.0.0lastbind.lalastbind.solastbind.so.0lastbind.so.0.0.0noopsrch.lanoopsrch.sonoopsrch.so.0noopsrch.so.0.0.0nops.lanops.sonops.so.0nops.so.0.0.0pw-pbkdf2.lapw-pbkdf2.sopw-pbkdf2.so.0pw-pbkdf2.so.0.0.0pw-sha2.lapw-sha2.sopw-sha2.so.0pw-sha2.so.0.0.0smbk5pwd.lasmbk5pwd.sosmbk5pwd.so.0smbk5pwd.so.0.0.0trace.latrace.sotrace.so.0trace.so.0.0.0/usr/lib64/openldap/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:23252/SUSE_SLE-15_Update/64c3e9ba52304389111a9955fec22fb6-openldap2.SUSE_SLE-15_Updatecpioxz5x86_64-suse-linux     libtool library fileELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=4af7bc5a873d7e546afc0e34cf35b2091bf8e702, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ab41097bb38b869ed403041ec78b45173ec38cb7, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=868be0e09574bb4cf167b0184d48334a44fca292, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6ed204df0758f817c05e989c6f72707279214dfb, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=b06764deb4b2f6dfc4017538c94bb3188ea48a43, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=18bcfe7a4bf106ebe3d18d1dedd26144aa6124c6, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6b2a50c12bb1a863b9f5cdb54974d387cc4a6a8e, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=9754d9e7fad0e828c64af60e60ccd0aad2d0ea49, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=aec4a05925d6d98a9972d1322a681d1c3be98b54, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=9a5e6be1606ff954765bd5a3c0908b8025b5f92e, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d062334700c2bf11dbbc12a9bb3dfedc84136cab, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=32a44add4d81649a9b9a269d4f24d37423e9b63b, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ac96f10ae45f02b9780d7f06edd6acc95a629001, stripped "#&'+,0178PRRRPRRRRPRRRPRRRRPRRRPRRRPRRRPRRRPRRRP RRRRP RRRRP RRRRRRP RRR.NhBEPܾhy:I M5+X _mwY_Y8?b~D!PLA"uny@T(l)> zmY[2ۉ&P=f:@+s!>3L% h$O=/&e5 X؀j,!/ ٽQ8܃ԥ+qqen },8xiй!=}xHxUqoyt,K\=4}rŚ:2cݺ1F8Y?L/p]츝{?ރ+LK B\zTv O##_mgK Kz"۩prz2`ʘTsG87K,Af:> hv>asZ݉Y=9; !֬vP V5&`xAF3.RgtwHCr(=9S 1YWA lRՔL}u`_dX4(4굵DʉIJE+>S0 ֓t at3&o^v:vn j]g?%#є2.F{2 mAA4؝:> *hid6u䄇~DlŨ-~] MGTI^BT&ҁ3Y.%|[{s5 .Rl8@Zso(oTj˶s)Ŋ?D. XJ.A4h#NxP/6k*Y'Ӷ}Z00 3"Eov%`Sr'Ll?^YH6F6dOD/FyTVqMqSb =}vLSGW+OsBȩ9E7;&9Xe=%R_!HFCjM<̦T9l&K8 `n/c}NW~ZBaH\4N1UجDUF #$@eGom NuJ&[Mx"?ٿY {ۣ4i‹wr҈Iay(TLP,lͺ~N`XtngZK7c+Xg'm9Jf61/F7E^_4YGg>։6ͨ=sNrC)tշΣR\PN?<7J)\e%~JJ, -&]=BLp,X5mؙ]@{^3PTvcKځv +=t)B 8?1^?(\Gj4Ff#д)Zo1f6 Q (ck`#e#:Kz@C8OkR$ݼ:KC'l57;߶e%4蟊6T0iz'p5 \$i|j ` 鏼ia\:ňJ*0N y=@(0;a=?es*PD+O&' _$CP Y{h4 YE nN3Śΰb@Phg$z'GQ}k$rZj9]`p\6}NV(Q_o |q8$ @MQY~B i V,^N%*!o}`-p_cz !l9{Le)gr&d;:y/_W;8bef(BaN]OW˺R/X'=.)/NL0  >ШvE*|y.H_]֠?V:%8_!i D̻_YB0!kagtߥky dn)WCẁ18uBh[N|rX t݈:>B~6&9uؔ dU-3HE0g#܁*Tش-"kTsʗe4#Qj>>z{|,ĮNuwΥ@f] Ai5 =Enbesdh5`m!+~+ ÐBa{dVz,:K9&f`3bg%խRՠ{ ]Bgv;c`4}h܋P=_Oj3&4J^!t 8mܺ (AǘsU`(M!Sc²AC*A*߾W;p?H k9 K)cf%]IIx9hjȑ'O[[)rJΣ@ERĊ| י9uoE'”_0þEv7^Rf^=4ܜɸl;p jXB@*B'aZ d,. iE/aZ*juZ_e|:U膗csG&լ;HHHF/C_ Pp@ediS KCy5VՋ0xM]T몞>cw+Web6"WMP70P}ŘYebV j$CWI^ }!r Y1FHboPS}hFy#䎗n}kR,N"B6;sđ4-q|`&_-i jy)e wEߪJvb\)pH׶XqN \/;o̷ToT#PA4Ҹ5xD:E)x!AIG_("LW0ͫ&4ci %s86y5AeԷ7N+)=&̻CsgoI:۩_XiE< J$s˰1G6,qa{qtIb)b 7|PrD9PſYq\qu=| ?:G9 vVf&uOk9H~-_aٌl&ئ_%Mӆ* SpTe2Ţy DCU_|G4|q vx123u(sU.8A2{@ ܿ>{M:Y`>vTrpA$ieo +fYZ8y4K.˫2"J>Ymb:R1/wBA67긁׊އvzp6h9d&A͟h9kDJ*ffw d1̡ݫ^rg-Uqh[7g9da^~2x!S)G`oC z?>im1?%KJjc8E)PD`q?&tA~lAL@CFp!-mB',O2hPj%XsĜpHXr!/ӚF@xII&mv = u)nrg{0zj򭟹 F!6]qW$Ժw0AC@|Y_MD|` >Q/eTcyms|;!ZBA؉4>r=E UP(CUc/U15KN̸@5G?M4' tc+O*,E}4íqiWCf1.Jj6k"AE|!89j4mp-VP!/*$Hw 8\iZjovK}2U8ԹE  $>o^u`&3t9SeI'pN3mK:X(l|U|\A7w` U0Uŏ;46wJ"v·ΤNa TƦix2 ߩ?|\LF; (Ж[v|2*S3LܼcyByq 'G(S7%{?MoV1J1{b b*8B\yɤq9( WJQx>?zxbw5f0vɂrC yc8<*.pEsiP|;oDaγ+#ΜdܞR}_,l6b"j I*#4 }_f]TY턆@p1oh=3uj˫JҌſ+?:j8 z?\?Q'U41C;Rwn~3j::p#СF^%c6Kwemp m@9YPlfW h* _s 7Di)cRӇ[?h{]+u]}'RЀ`ڠr*]{SAͶ[7ƄQS=kBNnl6SLь' M8R+`tfiTѤ4@}s*|9luO`YcDgJMfV o ȟlm6?:psu`5&l{ 74;v~TXc'G~>>ʦK.eIBz -~m&Z^Rq!Kf mIG]lЕpj- &oh:@Q:ց. Qdy ?: N>ƺ%^}ظ㻼%!%7l)xb ӷ!' s``恿/F 4ߠ+2aM5Os3J}c[~E-kͬ9"ALISa2(7na\avk7wH.tLq B+/4VFԔ_R ?կ~g)) 7 4 *\ /LZC%[J/&!:` ;JSQ,(5d罆sՇ6=;vn v?A\V( ֻePY t݂ߍt3αjd+k^jN %@)N}3E4-{ۿK@2}iiWGɯʶf,gnֲ|<ߌGWXFMОEp[.Ȫ gDpܨɌvrqpoTHɌ AA: 7oAfJXaLkp9~CQ{}R r`!#.ӓ*39jorMHetzW*tW9A ^sS\b,lpk}Ue=fW7:tsNZS(‡WG3a)쮦]yuG\\z34Y*0q,_M'1`&p&AN}F:u P d:?#6E8fz\gQdf&&s"9R['@y`nXP>8T-PARxr4sQPsd dIj}#d֕M/ZNbyM)A|ta7$}Y ꒋ& TLxR|XT3l8U}LoIy,IblNZ'IC#.ȏ0luzAeπaQ! t/-(i*O. [,-\TS {Tٛc(AIu|D,774m >NJ!'pÅJ[bP2qǟ:tL9m0ĶË#3`.qǗqH^6pQ4> "& ƓKw) ٝqЭ2Q ٷk_iR)Ћ"0] Hu?oΛ6ltj|_-$'>Sv-hXn?Ÿe;v)ID1B򲁢΂xX^k=QDܚ&.0JݲN׎3kϑÿƇԢv|c8y}"ѣۃe"<9? EgL(LJ'֬ud¸1:- Dw[hղ D2+a Eb$F V[ ON&VdbT9:*Mz9m;,3LߕO1~Ӓp aǴD61JQ(ٴus#w:4'IÆ::ߩ5z[qVmTtns4|ߢL:"F4x-9tLp\˭NWL*/++Z$_N";͟M hj;'mKת >gG*7cu{\q`l} jKJO2Cm׎m qQPA~*K Eߛ qo)ɛkM}d $M j9G%1lԻ̠7,{HX @xť%GQO]c`JO9u}3^lkMrʃ(R~rD |X5ԯ@nJJFYG D9à@P7pKhaU=awJv .BṚFyqxyN7xħ>An/*el٠Яvd`m3/z>Gm6rڝ5x<]RAFI3Sncp??Aw wxћg"%juIJ1P-!M"Zu&]=*/If摰W|1^e)G,DDog1dl 3#1XՌTcԊ)S9S0aI AzK-a|箨i:cdGk!ȫF \T &>hi Y<$՗D/ q&xK46.viv^Y0g-wAi'( , uoi.PʩVF_qe%4&˲Us9H<-֓7ٿ,۲@dRäfOg)*:b搁në6s.f0݃RZ ]J~^;WQīɉ G{xƻT`@'.&Y!$j@)/hzo!JN7XIQ,@؆d~WZˈ#W *w5 <#ze.K?1r!߂9fEceDפ˜t61&5dQT[F0 7LŽ1 aLZ۳^JnFHu< c)]. p=$ng$y-my䮎,@&8g1vI@ [P )Z#KrsC+pY5~%qƟN1JbdwetPU@wP?  ޖ_"RR>KOV{:ecL niHQnS񜱺 Jn /[ J b q0Z5*C@<)E!wd`7:@{-֐zMnb{.:(18Kzh|Re Y%\ol+uCZx\ w/)gt㌤#Ep!PpzUΌ͜S.osu:"A}}X_DSa4 %ʪ q"Ճ, \bch>9o~bG kaɗkEh,(Yj t{a˲ \z\hYIx@[2?HPk9cpf)Xػ_dtg!Xa_h]lJKDSza5++ 2. y1_c`BߙSD份\ωi1s5vf$im 8:*б@\5[NHCL`l]Ӻ/ yB@~ƘsKjCV~ MA>vMEV][Sbd݊0 zI[A&P'a7Gqf:˶-W G-B·pm2heۧ}&XtX`6"9*waê#5B*_ P-&JJޟ]S|m^ "]nHt&ZRkAZwjYl}q#*/ dN+3S?ǡjE{LX FϊGsk(EޡjQIlf !&YQQUHn4W h-M)F54lS7!H7dɯ#@Q_+vgOVWXfZ%fSVGh?fαAX[=BaH{UaG 5{2E h`FYѽbtKn;S(eIe,*HːslXt&m%2l <Zbba ;onκV ɬZXVw=?C0ʻ#)&]Y'=0إ;3U<Ke<2Ug(Xn ,(O=7VgO ޘInP(J4SooU@h^i:E,NWmI9!#i?Syșa(̪4] Mlj5bܣit{qx)B[IAL2-c0f{B Pf?)~);&hx|o<˰ b(0?׷Q$"dŠdD46:EaװHeeF ة 4i qۗ,iӐWdUɽ0FWPN p* Q1T$yK@E u,HYW*v#؈%FWײ?9㤎6z'/Qd YW `;7;, i~*폡OzwȻ{Ic F +$eLv }"(Y{v2 jS55eſvW8z4|t:x(/1pt n9 #( iAG0έDLsyM`U?…sΤ5;d8d&)xM)d yx1u\݁E6r/8~!tr,H[!F:zuEJWW#CKCHGb[c,%t׎_4ty6YM!'z½D+e+vȫy4{zy=W-cZsj򾺤uW1ŝ|rU$;^!5kZĩCmsʳ4sICY}EG}5$6 +V4BaVv?e\vٍgX#"J\BW&sS# 5ߎ |'DoDDpZET;QS/q/lKDl֜) ՘̟Sx4)"l9_W}Sybc֮71|D@ݖ26rY=3uz+郏<`D[hpqBK>;XZC RG~bBaeJ`4݈ _p qHÒ Jj_?E,@^pOJԮv E nI׬$n6E@YX w9P𳹶 \jEK-B| 1D[]*׹ r}_:$MMu)/]U ;ja \65XvA6:f48$=t߆*ou tn;AA_3H.Ŏ/wz,x2K2G?rkr7R ;j3V(|0Fr1 %JE0B=)O0h6)sSsS!`2;&9r:r$hE>MrcP'ltU@A 4)+86<02eukgb7}0|-2JU۬eq^s@=_U\$#lỠ}J&ZL$d #Հ {YDpP(8TXyιgy|w,:J4r+D[u)H(ic*?ֵDo88[flz(P]uE 11F ib9RQgK?m.c-iJ[qu&s_lݐKl QJא#f^ RS]/~ru]-B \c@$AKP(i-`JarqK̤@m}Ax 4T&BKs9ԂE:d EpFtv?:Ӆ|Hﺏ1@7O Z8!34wG}kk w0g-687|h|buw")8J DmVT<7g+-=/Z`/cd^/wN$Yx!"5 ǷcSP:\|Tڴ `}WYR ۭvu4TZɎTiN'l.[9xn3ր3\1o걂`}Ǩ#'XjMi? &^:)P|NQΑ'Ob C5Y%SЀhun ~BizKxa3wZ s ,V-3hRpN\`cZQ+p]BQ+",Zf(:*+{TO0Xu]V+ a{ߑbSF7u^V^Y*U,ăqukz8=BQ[I>ŋ[Y%4V?yo۞fV|T: 8G-]d}&*6F 񲀒G!|>h) Xgw}"*-܊!.J>%#<2Cg_xKrvg+mTĨaDs=Z-*Nٳa%p/ݝ9$IF@07'.k*(~ *VW!0g3zUsGY~XVQ0x?[B=_A>C49 =ѣJ3ݵKpP ~>gb#!(? sHG&$K\_ʀ W]B:QQs %{D; NˣƖfD8F]Q5: VMmVm%}eJV3O !d;h%=p;lA=L:1p[B0 pA {nOu|'H7xbO~fO8KŊsl$b5S D=ϩ M"cD.[鴯wqġ& Y.<` GJyBrںG7wO- '`L~g3\$Nȼ:ֻtYbQ`sۮ۷|*rʩ^xGuu 5M25 WC*~noqY9u2cIv n+zeeΊ溂cqdTB(Rc5uPf_RkYIPln)UarmPZHՒAZ[sߡa%!& k2!IWe1dz [D͋yܖ:'i`uka\2;L~q%FYaiv#1v26La,G9J -.h" Q2`m@,@󼯾I*BBjEz,3?o|UG!l.ÓP, |p!/$l .rGQz46l Mhj !Ic&Ky^c`M*B^.bhZij hD]RC7> X;QpΈA]?ftyFu#Cтu%'{JsQs\)D4h g2 (@_ckW]RD#FfקL0Gf'S#&qqA*CZ:qTf'!D5m.s5X- hk7]7}ݰl6=2Jf\;Τ`zH+i PSJMhSHX}D nM8lX2->a-'k~P{9lˡ籫kkP+AuxG'4seH O(QN2Xrr0Xfmȹ aXl\x%jNe35 v]^sᲔ[9pJgwtQdjOri(&F./?zby6&57̃d iMBfS߃>[[Ԍ00e[0æ4# `{hJ /,*:v]hAɓydK(C,q?\Wj !yu‚-{h. XV $`r%gfO^sT b/F9jQk@U([lj'ՌV Ij@VRuP`+}%oo| fXPĀuƤ{²b;P/@ Br=„a$j)ch֗1+n__;v1{ZYa> MK4+Ņv7{*:(N,8vIV`E$1CNԖ.gSD XX IjZ-zTN#l9;a=Dm? =߼s/ 0O7Jao;6fk‚0)BwO%"3D#-3:bV1#]G=-5YcpɒđuއS&80k+FcjÂwg䵘P FMvVRL=Py(8!MC)gSiɇ?h m&S}`Ra1)&^Va]d/ sy̓;y?u{g_)?mO sJ !hjf#Her^w3R3ϳ[OO_]2M|!U;$<؁ liepwCUNCaha45NG <0dFvB@J.zQ> ggqRܮ u9 l>BґnSLR G.ý޻tԵ$xLa;0 m<Yn*mGn4b,A 031j3mH`QMD#%āj#;\ϩlK- hHq)0ؑ>ڡJzʺEE0죂[FE;:e wp"wD_>|_SՊxYe2+;^3ZcuE5Ц:U8xB-[*!uhAĉ+W^g RO#p>@IoA5;7.+SnU!-͎t6L0sBmo[{ݼM|뛅'TƁcKT ~H'i O1cqsFcj_AI"LEu2ȤQs. R࿲GNһ@X9. <ծ>=у2 lM۩ n20=绘=sc.0Mp$#sU62Łix=!6X PgCt*8%쪘g)7ܺ4=>ʤ+rr&On0ߒ.s`o7C,p-E!MeKS;Uvu<8SO(պ)IXtn*mSQVgr*KĽEn\_ ֓R{dP.T`U5 t"5[LN6@8 !`\vh{< Txrb^TQ|OC~rqX5Q=?fϮWZSŀLPvhDzR8&)$fi%,`A bHFRg/b> ';k>ΔzE^[/\u߅.bBLIeu0@az?ʱNF2,*Ê* \\BUEX_侱SsbR.Me]Pg2CŨFz( BQ16R-zj1$=t1i۹+᷄bS7՞s;u_cQſAi2.5V1p|z,H"90םvo_^ٚpsi!BPZm^!c)a>CZQǸK^sQ-j#1+6mGֺsrqp7A3XKm-ukH ֭UIGS<ɿ}lvm>B4'CGCJdtIb4IVs PYw 4kxBqJd{La}ZQ2E񑓚ؚɸIK9xՐ=yFeZ ~QV8&pVCиu5D ңF JLV:QjoZ5hb8-cHdRͽgzQ^2׹X_hR_ͯV^9)=_7<KE 1}y3Z'r{eFs! Fj`z3㹅`]<9I^E_'#t 3 $۪Hoi6`w79cEb]BЛ>Xq 3Aț)yPkLBkԏ3tFA&^7{P0Du.i#wӈ1%ش%Bcc8sl>T("ՎAnT\Y+<[K&ڰǿ԰_Bǀ6 *A9PW&~˩K g)-8.ȣqQs[u6QٳBn`^9vY;_ I1,VQ̃ME=It/~͝ |vоUnP|I*Q.hKςPcE Vyr1d#OOa߄α'zE0tJb# m1ZK[k(֮-<ѱ@RA 7 |9MB6Kk:۱z ɡ-=)0ބUPm$][{'W(tvZ∇gmU-,P=7^?BE\0U+(Ow{.teQhgҪY,NMmEM@. UӁr~RfXR t%bSy;FCԐ~=E}NKi&;sMN0-3[봾$HuOmNHSzpvBqrX#n-0J=$g"^rC\r#O)e"sWMcCv][™$MS 4h .m7 KJeMr!*WI!="F;]Kn1kzO NaxtGR0e+`8OxGB!cm.Kң_i9 -Mst%r$X;*g81D L 1 L2:P)fDew5X0XlWe'RmNBԞ^r2`U?a(8d7R@Y f@j',LbcVS\- xAk6z%}ujs 9h/y"*VQ<#)KE@MWo1|=-w&9 Q}Pvy$ʉ iOi zx" f6uIw+sl$fєɎgq~GS46+Rϝv *%S\{;m ܳNI_Mrh&S S\e&&,4;ލRuNP |i N&B6dz k+%Q*h#/#KWAc6%(1 `}/ë˾@iZ.Eh&ϻACo@8<ߧ*Ml*$ꖘb.GwfVyB{]Ldp=EŋaM6Pnήn8 ߞ8g},=Jio9}H.% aeH-"7­la.icwf(*ufEpXȢ""?Λ͞S/T$qѽljjoP} pB EmK{lnW ƄE_zq E-q}D[%~YHuBP$G(vql>>a*{r)"&q ĈV-f' DP$OהAg(3O.r+5 d31uAdwT7* ;@ ^Čk,H+&q"wdlX٨CȎ.ɻnX!yq; $TYpnZFԛBs6\J=B:F0>۷ ;{ei0'mܳ97y}.x+o1<`]?)B; :5B=]Zh݌Otѳ/"n 7Eep ^4v|P` Rlf c諭?E1UJ"WK{I!ZYֶҿ{1ub]Qp,iA%&1(X \`K4DH-,;裉:4PqqwShb D(<`0v;=ֿ}?[yrr{:@+~6 ǴJmJ U<++巣|A` 0UyKA1:& < >R'L4 sB}{kV.zcP.O&ЧO^C&; L1Suibj0O@7@RE\J1qlsFR+> a8 ^{3 Yf禮 :?}Z']̿! I5ۧ޾-\}f9U jAtF~[SⓝâWʠH ?9;%dcXFF#O-~ur٘us6杙gu.ΛZ6o4+:ȟ!jTHY&5Fv{YM<ݪ{W'ܩtgPr-&/sjf"4I_)D<:ې|RE]ztJbo7,[q[f l*tU-%&Z?u%w#Ye q%]h:%Om,_# 1艩H 3qů?fX܀ī)cl[ؾpQꠚ.b1o1ƮkE+!ghTE S0&u&8mlߒVCDΠ ;SOλqN֞_#12 !@ua0ኦd{Ie~WaiԏCKc˱g`1|{48^p.g˥PJSXaB$U< 386!NK c"؅Ǣ.lR/#Hۏ~t*CJA‹܎K0):AOniªfOcJsə,i|٬Ad# O?ٞO4l86('fTpZվPYp="6K9RI)\~zk]*%(jz`F&w5Rl:3/,cͽL7qa߹@CZ kw6dlDz K&mq f36xt)‚ <}ӵZ"9CbӲ'#jgL5vlJIe#BI"ybffr-#9 ܁v4켸:="MVtQ-<{*ݧ)xV+]C\n8iNM8ӱ$b?H[JD|YP-)ZbR7Dž}TeNf~wO&B|pkx*ve罧!6M#02*nJj̊q {;&Ya! Q9e3U5wvW'<)gho4gH̓OqnԕڊU-M}z@gOӱ$Ɉ(a'7?$czA^P seWriS-!19!/;䠂vƸZ!EeQոͲ4 HvɍHiG d`az֧M9i qCeF?z!j)žBJ['`c`n=/AP9`-- oKK.œb7pѭ\*S?ς{ڇf9m^C벆tvXiPTb&!\$+ңp;8}mK#30+ !rnXnAGJZ]P."sSq7go`O" l[଎r}> oimc)IT07(coW0H^K]LGȊ#az sLkr<=}|CU>«RG¸]էE[5NI6J^\YOuW EinGAݻP*H9Vux= wO Д"`3yn_#dH H>CӔ~n É E|MSA^7=!6n{ S%t~`=ؕyX{ ¨IP@NVlR?y]VlEֈҘjrx/r@Z3U ګ1/bmqߘwAs)p/3mkS(y~t_a\ZF## ]fa}GmTGދaf#{9䔣D]UCrg`{s˼/*sy_bnrTSV[,}%@q)JD"}CR y:9qg|rz|sޓ@eti蒫3#:D8DЕ)#0j88>).B}Tz5x^O h-ڬPٳm3o|$'&pmmH`N6/G5e&mޣtFL2,zpڪ?+ɪ <)fwzz$OwbsXd‡ c`o$Es @xe,BmߊRe(ը7kOq $AU"BGtLu@9 89jQǮZၡMDޑ [R,:97%>Ėv' oG54o[4*-H}WLH-:D|sy1Ngx7w*bb#7PJ,G{ỳQaPKKn/{y<\iV4*L!jf̻#fsX0c_0̼6]*E{`_%E@#`Ze1uc6r.s5u!M#c넵x gHCrr|t\ݻR= a ɡ}QTBA(K ToiBXu?1QC*#;(˵[q/߈ݯuHT?*} r-[F!8['_[:HwEG^q'jTٵf6ⷝ%YUd7Z gP˅ kk]#x?hĨ1%nȻdUwX"z\G vj*,`.P &8ϺnCqRKbh!9pA$D*\tƍv%q0:a'-8%өtBvMAL9C$$ԓ] 3NyFؘ@NsKzm=xU{eY."؅Z4Rt|Va+ vdW3L9{=3CHx.2P0栥"c0.chPɌ2JraNiZD>Wq=#ҘH4sb4Qiso |jM6˄|!( ʧ͙Gq$q7܂@k&ſ]H-Xz=NMڼiv_){O/.KuGAXސ8pVΑrH/Hͷ@:9:~ZkG ?uYj.7@`.E=O Pi+ϩмH WUL01AX*e{=KO9}"<)4 .r3j0:bc291 9RF=1t )cʌԏoNW*K"#iovSE%ݡkqP 8d}ٙ3%2TnmHiZlX}ćJͭqsLCctEaܓE1^"%<[gOy㛒?ʕ6( M*0/ u$ИЙ0%u.S8н-7=5|\.Ĥ͸;onUfG@7r/uTdmA%̮9[3p̐9Jym0B̙|gi%`m(8ɇxש6qVbke:ޣE]NxmLsv™yu]c-fZ@? --zk<De7|tEL} m&HkQ2ː@kF#[S`\O|G3Ll >ǖE}U )$e/mC!djmv]~xٍeNL-?mC#ܗ'=Ls.z֥k3NF 5υ,5K/׃c8ɻ_P޿Soo F[_}aYK|t,^m\WXPk 2u):{F&cX{e ^Ll/>B]ݛXy OiP* i nĮaS;V4unn^Kq80HTb&0vb9 jsRIkPB?E7$(`mCS'H )00l$*i5 X re@I=ek@/KPaPz1<)%E%YŒaP-~|ߓ!˘1_@uVq cG eKu)_L{?+0wͥsR1[ ֹsA{a/=/k+ƈA QwB2k8CLrJL9:ՠڷ{)d DT֫77G@ǵR7>>oB ^v}dH=nͲx/e ?~=f*^AJ&+m[FƯ@ll3h޼ők-u.`BIc7/1)6 S1ُLcW #!E u Qj0z~w-XNa_"I~z9x8hpq1ᖘr݄r!3.搝eyrXE8LLg.8>ЎHo#Q% -r$\م|ҎmߚOT tLuMIllߝE9KC 5qJv1oX+E[5۟Eul | ~y0k'R}'q+6vlJtu 8!(N=Cc`A[yV[F8Tg; Crky*u]j~X+=^X^M˕@pyq='+J>| %أIxoqEvXIOEO H0,BxgG`=J}HqrT/[EE w `r_A@8s'}ݟ1)$M-cFDkF޷H'Hrw3#v+4#OQw68뉳Wh]~B=P\JP5x͹ 5'JP5-T24 1!J3,pVu9@q('dUq1eUM$8jך-Bp;k<}X!/|20io4*v0n_ǟ>F;Xt;Z?<$ȩ@7tiwӶ8/ɫEF+.1xe ]yП:߀[ѧn v;"Zu=%){H; {Qht> l$WML_3).O0RFuu"!])>"[9YEJ zۙuma*Gg!A[7i6U%D eP kfWD[E/-R3cu <ơ4ya*!(;\${< {rFi`EΏg>v4"Ԥ<Տ:gDJ1BI'"3U-ZR%@tg^̔nj6 jX_aȮ-YG5XAbJ8aġ>3-x/#_A:SX u1Wbk_@Ew㈂\aX>dF rhI)V+2w{~ Si_5ıgD"D}k\'9Kb͸Ӑpfnzd>0__lkAx嶀/i P-x$xSYc#j{<]s>ޟD΅-iN~.t>)1ipK`ZKhKe5>+!) WIQ8NO#0'ij[~"Oe7-+(EAc_gR;q5n5Z~/.:+axV,ӵfJǼ46 ˂r3["nu`JqD޺H4es=ޞJtԗ}h5')hŧ @Ezԙ9' Z^2q%G ['M.1N>NW:L2p$끩zyY(Ƽd)(EAWSi( /gҹ9 }]tHFw`o'u}:~zگ!y*dj8srw5Ve7cH>E] ;0xa=Q_NmB]f"K Ϲ%̏0ۣ) jH)| \PY0*5J!w%ƝXX>7Xt|GD*0Uo`WBYÓ7|Vm0~E4ώߕThngca]SR4l90>,4PjpeCRFD&kۥ9 +5UiZg6*^o]!bW&A"PythQLAL-g&i8eٍ+;T2YF}9<Fg.fN'ő$8Ͳ*[RkJպd^vj\^ep,=ۛDB,ẏči7r> SxA:kI, ؚ\1@?ؔBhIF-q !]`K*&cQN$/(i&Z5"ߦ Jf܁Emzfazl Mt6_[HʜC3HHy ԄTdD:!/g|v=pP /ADZ@֒ߵfM76:EAȞV ptTЯS< Z2lazfÇ$F":C Ur@n~Dpv z(oOtoZ*HMu%:y&;e[]h [+:x2x͎2zmؾ `YKGBi&,YBh%aؓ1z Am"ʪRy= :Ηxz2 P!:3j;]gNػJb#t 8X@Q=x8T^PI;__ `Tf*2^O@KCnUi'ǎxDSA9J9EAt/Ƌ|a\gڲh\5ܶ-W+|\n Bp=dm*Y\͔vfΌ" /%W?ٛw MzC Q',WʌֳS'{ baQ΅@{ fۨ/s2/ 眉n$ Q\d:'g.eZn_ECҏM HC͔5^Dn^5B]r&٥Y͸3T>TW "g-nj9V9 O&hh]fHbM 2٪6BD L Jj¡& {mv`0>#ƪ&F:7ư, 2H?=nJVQ;(Y:EӈLFo"&x~Ku>bu,$| }?&2Q<|{BzÁk#9v|NJxA5SH'=JNf} QuIӦ~(^Z(6Aeg"i*S*0x pJ`" K TH| vY VPa@x}uﰒ5JF ;Y1fK,);Wʖܰ :i*+n!i>c~77q;wmK%S#8&v0M(SpwX̏ \$v:THV'KCZW_{48Ć*32Pv5$ |aVfMدuG}x ~dm#Es䁃w$Af@r19y9+/?kOlҦʆHB.h]`>:ظʦWq7@Ů,:z"cMǘD}sMv1MT./g?c]i>LzAFOAՃ ,6-5Or]1׊fT0꽹=o幬!_4"LYl[`* QUyIpqr6 94@1Gw-Ht8#|ROÜ:&?* E2]׆uH ~j 4b2l@RRFٰ}z慑)]\a7'S_N |]b.)TZZZIJv9n.62g9@.UgQOakFl `g{ :K<ӠgEdbr[Zk͛EKM2N,ʹZ5#Qc<(=imM C2hnmV||Ent*fvl?!aZClYZeG6c.Xh=u 2.3E=7Ϟ{=*%1pgk?Ŭ9mYT$|q̩V_llffόQW|$&mϻ+ ~7%߼v~?1γX;g:]3]k2olk-#̓mפ%RZAQo ӕ9Lql .Z&`ޮYs=B+J7 I`¨]F=-T gw#.ޣc&q7wpVM} #b`Y)kbDUgCxq+tHst_Q:F*[ kDz.(6z 8nDpք@d* }2QHZ㙏1F%={qg$"JöouA+s%OVVM\+ brQJ y0W_˙]FU@xFU>hda5 QЂV b%xHʚtP[dYj՝I|%7[dB]DlKYא w!]g\T RMVGXS7pۢZɶ?gސwϭ|˧QE-c./[3q{U姩JUs* 8jΞz!-\\6cWfzQ3Y_^40 $W5ԡ?%Ke#6H䦴Ve̞G3!ZBB)rE>\Q]ʧ{6?Q6O :q#TYUIH$!䲴;+?lVɫoԪB;ZQ!yI7;~V |/xƼdt)cws)cAfv_EGߞ;DҶ{2=zjHE "AKǛFsdT`#n+r% ;J+Eubʏ@ʕ4?ijɿ3k-n%&7J˱(9 >RAovݭ7W~3k!<9I+ Ț?X2媳OηfZ&Dga΍.| RV=C r_~ ^zv{XrIx74ûOr|LJ,&L";X > i&˪r&="`m:Da){XJٵa.,8x*Ŕ0pWHm1ks$e}f1{;?`Ԯ( 51w3.e-b44ŭʠBs +W9ipS{ntbz=TY [΀i:(Is;ߜyeKBT'3k`"%49?6vequ伲y(1DPEnijKQJ"5%`|A@nsˁỤ=Lmi\[2f{|2XƞE9nTh!R^Z-5ZMm95hzbh>ioi=tKjrs3>^*.it'Wab+y^ჹ` YGs'$Е a-֜`%~.I}2J;O3:<AGaj#yq&?h-Qa8Q%]! Δ^)&{` eP (g!mf U 6mw-(gmk L'l.-Ãwi4 sGan=(AAs cɛ1 <pqT9YNQuqɭ.J5\NM8[dAtaV\EjeTp##"r ĵ, cV#'O RVO^Wl],D dhH^Ͱ3n#`V3C X*u{WIkz2'3ݬ ktELWwۗ6i]*yyxtQ*t@8{4:z2;eVTeꚼCJn\ݴ8>CߺlZxEY-G)t$jx = hy׫`{hٻָ3Hk uiL6cJ(ӤKk98QQ]Jґ=)E} >=d{gFF_n|[^jGqę͑t TTUӆ&H>e2n@3:xj}bvAz"HVsi#Ͱ1ڤ U*ЦxTKh S}xv;G7Bc%2te5ރU'O!C5D\^m MjjޛA Tڮ'V4Q!|rq]݆a4HO)pקu}(8]o/ax*q^Bݓ]H[ZXW\A/V pPm#ץ p$&3虧 3mh˯ Cs'kxc(⹖gNAS =e")TA`lAEXqS+bY I-|NjaSyD5Qu`eM&`MÍRgm٠.nF./ߤRa:&}g$!-#L}$xU1 # \;hɍeY^cތ&Н#|A00a=򀩮Ӡ3Q[T #4vڙ Kv8Nk*yI ¸Af*qlM̆F bmWY0rl BX73'Or y!_Q7oGn>jrRyun -D$.( ?I"[/2I<;wBk특# ipi,Dsrd6 s~gz)4\$pqA#pml˰DPP\,5VIͨ:AS06<)&z[Up.BrηR'en d"RްfGb#8̀[C}Zd|v'2S[ jeHu&1;?wHY)HRb~DpR420|C@9QAmzPS* Tq3im|_m pWW:HgIS|>EI\BKWh79R*]R= RxfDd:S׺5ƽVri ٬3ȥ ۶ YZ