openldap2-contrib-2.4.46-150200.14.14.1 >  A dup9|UœrCp3Tψ5ocpFdnijRCyCkC`De_:'Xy6h6)Dcn}*_(m8ɛ%p$k}LF~D19` ?4OE"nu'U`ҀE7ZÖ"UQVؠFǐmȇUK/{LE6v*<e-l/OM VZۼ@4b366b32617fb8c186e6603dfb7da2fbf7f8e01c33412008266ebe22eaa801bf5c07f8c09828512bbb4effe53b1e51454d6d13b3 dup9|o1"]/)ǚϱ8/)G3= ϏnwQ2LH&F@~Y-v.n/>᠌CfU9EwkUYMc֘$]wO Ҋ^;dc§X}29KFexI߹՚b+r$+B9fHw`X+uE`5/Mq~RvIoZY+ Y ̮<5Jaq6hQލ39.>p>z?zd * CLP\`y 44 <4 4 t4  (4  4444 4 c (8A9A:AFhJGh`4Hi04Ij4Xj4Yjp\j4]k|4^n bn5cndobeogfojloluo4vpPww4xx4yyXFzzpzzzzCopenldap2-contrib2.4.46150200.14.14.1OpenLDAP Contrib ModulesVarious overlays found in contrib/: addpartial Intercepts ADD requests, applies changes to existing entries allop allowed Generates attributes indicating access rights autogroup cloak denyop lastbind writes last bind timestamp to entry noopsrch handles no-op search control nops pw-sha2 generates/validates SHA-2 password hashes pw-pbkdf2 generates/validates PBKDF2 password hashes smbk5pwd generates Samba3 password hashes (heimdal krb disabled) trace traces overlay invocationdus390zl36.SUSE Linux Enterprise 15SUSE LLC OLDAP-2.8https://www.suse.com/Productivity/Networking/LDAP/Servershttp://www.openldap.orglinuxs390x8p( ~8hp) w')((i '(`~HJp'؁큤큤큤큤큤큤큤큤큤큤큤큤dudududududududududududududududududududududududududududududududududududududududududududududududududududua29e90de58f7fc18fbe7962fcfbe5add2fdd3c85fe715a1d6639551f37d3936eeb98df518fe97b65c9985cca79c8529cb48d2600bb0257e33acc2c26880a2d963fc29e4e717f3fa44236e6b004246cbfb579d2bb816398755e4a071ede5d40aca45cf83bde974cf7a08d9a0dafc2f64cc0f5158fdb70cb41ea562de8641c92e12f61a1ff922f16618fe8becd68d62b51badb81a6f266f384e566bed25b3c920af69c6a6417edbf9a2a12dbc3efa160d672719210de549e1c1f16f95c2ee51e933592f976ca689d85c457aaec0f6af293783d07c3304f5421f3a8428416b1dbd695d2c542853a94cc144018e7e0d1dd297e902b493da9a3a267d22b999edf9b20e084b9ff54510aea552ca6661b6d9f36a00ae11a6d01401bb0ebaa0572f1606a9f004909f7335b5c40f58ae1924be7c9776364a3de4d7644367c3e3c02d6b037b13a9dcc49ef2f54f573378a09b32679cfd6b5a6ffd009998a6dea39888d4f613107084c38a27fe310fb579a42f9b7b1eddb365958bfb98cd29421918cad0c3cff5303bcc6b5d36b7f6e7fa20481975e2b7fff375bab602290db5c7f796534e60d8d43c71a025b59c968eee0de7254c145e9ce7d1cd2244ce82393994f3bf0106c7788713fdec6736ebadd99e17c817dc807dea3fceabdbf0cd7b17865ed827ea171936299946bf89e7a58311cfeb634b5ee8ae2f90979132a7d439226f7760fd1d040e86ccb662118e9ddc449b0dde6f55fe1052a313730ff351787156706ae8f38ce5612c21b4fa4439d7e574c6d00181c061d3110ea828d884e602ac7508b9cf9cb1bab260523d73902e3d57aac9129137d2e6f6ebe792ad2b2b62b0b3725ee53dacaa2d25e18fa0f077400a9601925eea7f89d8de146b72ebffc52484bf71b0b9927dd05e1b0fa4d17885adf92d2de83287ca6445027f08531867c265cc954768ed92ba81b15903f773c319bfce47c83abe9ea74f2632c78800104c6af568fa7c296b29698018f89f2bab899d100df95c2080ca2c3fd5b7d738926382e78916b419e846aa9f798adedc2db9625a4bf083b146a6a68cb43dc72e7094e04a856bd132fa0c0a1323f07e24fc2916523838aab85e43703a44abfda0eb2afd0817c2b63ed4f04530381cea90289cf325b0ded8a37a17a7001a75ac74917371f95addpartial.so.0.0.0addpartial.so.0.0.0allop.so.0.0.0allop.so.0.0.0allowed.so.0.0.0allowed.so.0.0.0autogroup.so.0.0.0autogroup.so.0.0.0cloak.so.0.0.0cloak.so.0.0.0denyop.so.0.0.0denyop.so.0.0.0lastbind.so.0.0.0lastbind.so.0.0.0noopsrch.so.0.0.0noopsrch.so.0.0.0nops.so.0.0.0nops.so.0.0.0pw-pbkdf2.so.0.0.0pw-pbkdf2.so.0.0.0pw-sha2.so.0.0.0pw-sha2.so.0.0.0smbk5pwd.so.0.0.0smbk5pwd.so.0.0.0trace.so.0.0.0trace.so.0.0.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenldap2-2.4.46-150200.14.14.1.src.rpmlibtool(/usr/lib64/openldap/addpartial.la)libtool(/usr/lib64/openldap/allop.la)libtool(/usr/lib64/openldap/allowed.la)libtool(/usr/lib64/openldap/autogroup.la)libtool(/usr/lib64/openldap/cloak.la)libtool(/usr/lib64/openldap/denyop.la)libtool(/usr/lib64/openldap/lastbind.la)libtool(/usr/lib64/openldap/noopsrch.la)libtool(/usr/lib64/openldap/nops.la)libtool(/usr/lib64/openldap/pw-pbkdf2.la)libtool(/usr/lib64/openldap/pw-sha2.la)libtool(/usr/lib64/openldap/smbk5pwd.la)libtool(/usr/lib64/openldap/trace.la)openldap2-contribopenldap2-contrib(s390-64)@@@@@@@    libc.so.6()(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)liblber-2.4.so.2()(64bit)libldap_r-2.4.so.2()(64bit)openldap2rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.4.46-150200.14.14.13.0.4-14.6.0-14.0-15.2-14.14.1du@bx@bu bX b; b; b4t@b/.@b[@``KW`/@`+_@_@_/@_FN_?@^^^*@]B@\ڭ\r@[H[@[vZ@Za@Z@ZZ.s@Z@Y*@Y*@Y@Y@YYp@Yf@Y7Y6@X@X7@X$a@XWk@WbW;VVɦVŲ@VŲ@V@V@V@V@Vf@V^@V\:@V@V @U4@T@Tuwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comvarkoly@suse.comvarkoly@suse.comckowalczyk@suse.comckowalczyk@suse.comzsolt.kalmar@suse.comzsolt.kalmar@suse.commichael@stroeder.comfvogt@suse.commichael@stroeder.comrbrown@suse.comjengelh@inai.demrueckert@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.comhguo@suse.comhguo@suse.comjengelh@inai.dekukuk@suse.comhguo@suse.comhguo@suse.comjengelh@inai.dehguo@suse.comhguo@suse.comhguo@suse.comjengelh@inai.dehguo@suse.comlmuelle@suse.comhguo@suse.commpluskal@suse.commichael@stroeder.comhguo@suse.commichael@stroeder.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comrguenther@suse.comjengelh@inai.de- bsc#1211795 - CVE-2023-2953 - Null pointer deref in ber_memalloc_x * 0244-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch- bsc#1198341 - Prevent memory reuse which may lead to instability * 0243-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch- bsc#1199240 - CVE-2022-29155 - Resolve sql injection in back-sql * 0242-ITS-9815-slapd-sql-escape-filter-values.patch- bsc#1191157 - Correct version specification in ppolicy to allow submission to SP3 for TLS1.3- bsc#1191157 - allow specification of max/min TLS version with TLS1.3 * 0239-ITS-9422-Update-for-TLS-v1.3.patch * 0240-ITS-9518-add-LDAP_OPT_X_TLS_PROTOCOL_MAX-option.patch * 0241-TLS-set-protocol-version.patch- bsc#1197004 - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions.- jsc#PM-3288 - restore CLDAP functionality in CLI tools- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression reporting is bsc#1197004 causing SSSD to have faults.- jsc#PM-3288 - restore CLDAP functionality in CLI tools- bsc#1187210 - Resolve bug in the idle / connection TTL timeout implementation in OpenLDAP. * 0231-ITS-9468-Added-test-case-for-proxy-re-binding-anonym.patch * 0232-ITS-9468-back-ldap-Return-disconect-if-rebind-cannot.patch * 0233-ITS-9468-removed-accidental-unicode-characters.patch * 0234-ITS-9468-documented-that-re-connecting-does-not-happ.patch * 0235-ITS-9468-summarize-discussion-about-rebind-as-user.patch * 0236-ITS-9468-fixed-typos.patch * 0237-ITS-9468-always-init-lc_time-and-lc_create_time.patch * 0238-ITS-9468-do-not-arm-expire-timer-for-connections-tha.patch- bsc#1182791 - improve proxy connection timout options to correctly prune connections. * 0225-ITS-8625-Separate-Avlnode-and-TAvlnode-types.patch * 0226-ITS-9197-back-ldap-added-task-that-prunes-expired-co.patch * 0227-ITS-9197-Increase-timeouts-in-test-case-due-to-spora.patch * 0228-ITS-9197-fix-typo-in-prev-commit.patch * 0229-ITS-9197-Fix-test-script.patch * 0230-ITS-9197-fix-info-msg-for-slapd-check.patch- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. * 0220-ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. * 0222-ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. * 0223-ITS-9427-fix-issuerAndThisUpdateCheck.patch - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. * 0224-ITS-9428-fix-cancel-exop.patch - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0218-ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0217-ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch * 0216-ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0219-ITS-9413-fix-slap_parse_user.patch - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. * 0213-ITS-9406-9407-remove-saslauthz-asserts.patch * 0214-ITS-9406-fix-debug-msg.patch - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). * 0212-ITS-9404-fix-serialNumberAndIssuerCheck.patch * 0221-ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). * 0215-ITS-9408-fix-vrfilter-double-free.patch- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. * patch: 0211-ITS-9454-fix-issuerAndThisUpdateCheck.patch- bsc#1178909 CVE-2020-25709 CVE-2020-25710 - Resolves two issues where openldap would crash due to malformed inputs. * patch: 0209-ITS-9383-remove-assert-in-certificateListValidate.patch * patch: 0210-ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch- bsc#1179503 - fix proxy retry binds to a remote server * patch: 0208-ITS-9400-back-ldap-fix-retry-binds.patch- bsc#1178387 (CVE-2020-25692) - unauthenticated remote denial of service due to incorrect validation of modrdn equality rules. * patch: 0207-ITS-9370-check-for-equality-rule-on-old_rdn.patch- bsc#1175568 CVE-2020-8027 openldap_update_modules_path.sh has a number of issues in it's design that lead to security issues. This file has been removed, from the package, and the %post execution of the install. The function is replaced by /usr/sbin/slapd-ldif-update-crc and /usr/lib/openldap/fixup-modulepath, through the addition of the source files: * fixup-modulepath.sh * slapd-ldif-update-crc.sh * update-crc.sh- bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. * 0206-openldap-tlso-use-openssl-api-to-verify-host.patch- bsc#1172704 - Change DB_CONFIG to root:ldap permissions. - bsc#1172698 (CVE-2020-8023) - local priv esc via start script chown -R on olcdbdirectory path. Remove chown -R on start to resolve.- bsc#1170771 (CVE-2020-12243) - recursive filters may crash server * patch: 0205-bsc-1170771-limit-depth-of-nested-filters.patch- bsc#1158921 libldap-data should be requires, not recommends to help prevent user confusion around configuration ownership.- bsc#1143194 (CVE-2019-13565) - ssf memory reuse leads to incorrect authorisation of another connection, granting excess connection rights (ssf). * patch: 0201-ITS-9052-zero-out-sasl_ssf-in-connection_init.patch - bsc#1143273 (CVE-2019-13057) - rootDN of a backend may proxyauth incorrectly to another backend, violating multi-tenant isolation. * patch: 0202-ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch * patch: 0203-ITS-9038-Update-test028-to-test-this-is-enforced.patch * patch: 0204-ITS-9038-Another-test028-typo.patch- bsc#1111388 - incorrect post script call causes tmpfiles create not to be run.- bsc#1114845 - broken shebang line in openldap_update_modules_path.sh - fix the script- Emergency fix: move tmpfiles_create post from the library package to the main package's post script, which ships the tmpfiles.d configuration. Fixes the post script of the library (-p /sbin/ldconfig does not allow more statements in the script). - bsc#1111388 openldap and /var/lib/ldap/DB_CONFIG* (transactional-update) * source: openldap2.conf - Added a patch to let slapd return the uniqueness check filter used before constraint violation to the client. Fixed broken memory handling in affecting error response of slapo-unique ITS#8866 slapo-unique to return filter used in diagnostic message * patch: 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch - Don't require systemd explicit, spec file can handle both cases correct and in containers we don't have systemd.- Fix CVE-2017-17740: when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack * patch: 0017-Fix-segfault-in-nops.patch (bsc#1073313)- Fix slapd segfaults in mdb_env_reader_dest with patch 0016-Clear-shared-key-only-in-close-function.patch (bsc#1089640)- bsc#1085064 Packaging issues have been discovered around the openldap_update_modules_path.sh which has been corrected: - the spec file was wrongly configured, therefore the script has never been called - the script should create the symlinks first, as slapcat is useless on a system which is already affected.- bsc#1085064 Add script "openldap_update_modules_path.sh" which which removes the configuration item olcModulePath in cn=config which is after upgrade from SLE12 to SLE15 holds inappropriate information. If the cn=config is being used on a system, the conflicting items in slapd.conf are ignored, despite of it, the backend DB configuration section has been also commented out in the default slapd.conf. In case of correct cn=config (the olcModulePath has been already removed), the script stops without touching anything.- Upgrade to upstream 2.4.46 release - removed obsolete back-port patches: * 0013-ITS-8692-let-back-sock-generate-increment-line.patch * 0016-ITS-8782-fix-cancel-memleak.patch OpenLDAP 2.4.46 Release (2018/03/22) Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717) Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373) Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687) Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791) Fixed libldap MozNSS CA certificate hash matching (ITS#7374) Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389) Fixed libldap MozNSS initialization (ITS#8484) Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650) Fixed libldap memory leak with cancel operations (ITS#8782) Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705) Fixed slapd to maintain SSF across SASL binds (ITS#8796) Fixed slapd syncrepl deadlock when updating cookie (ITS#8752) Fixed slapd syncrepl callback to always be last in the stack (ITS#8752) Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778) Fixed slapd CSN queue processing (ITS#8801) Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720) Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520) Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226) Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404) Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692) Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752) Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100) Fixed slapo-syncprov memory leak with delete operations (ITS#8690) Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444) Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100) Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607) Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800) Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486) Build Environment Fixed Windows build with newer MINGW version (ITS#8697) Fixed compiler warnings and removed unused variables (ITS#8578) Contrib Fixed ldapc++ Control structure (ITS#8583) Documentation Delete stub manpage for back-ldbm (ITS#8713) Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121) Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818) Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715) Fixed slapo-syncprov(5) indexing requirements (ITS#5048)- Use %license (boo#1082318)- added 0016-ITS-8782-fix-cancel-memleak.patch- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Add openldap-r-only.dif so that openldap2's own tools also link against libldap_r rather than libldap. - Make libldap equivalent to libldap_r (like Debian) to avoid crashes in threaded programs which unknowingly get both libraries inserted into their process image. [rh#1370065, boo#996551]- use existing groups instead of inventing new ones- added 0012-ITS8051-sockdnpat.patch- updated 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch- Added OpenLDAP new feature implementing OpenLDAP ITS#8714 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch- added overlay trace to package openldap2-contrib- Upgrade to upstream 2.4.45 release - removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch and 0012-use-system-wide-cert-dir-by-default.patch - added 0013-ITS-8692-let-back-sock-generate-increment-line.patch for supporting modify increment operations with back-sock - added overlay addpartial to package openldap2-contrib- Remove legacy daemon control that was used to migrate from SLE 11 to 12. (bsc#1038405)- There is no change made about the package itself, this is only copying over some changelog texts from SLE package: - bug#976172 owned by hguo@suse.com: openldap2 - missing /usr/share/doc/packages/openldap2/guide/admin/guide.html - bug#916914 owned by varkoly@suse.com: VUL-0: CVE-2015-1546: openldap2: slapd crash in valueReturnFilter cleanup - [fate#319300](https://fate.suse.com/319300) - [CVE-2015-1545](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545) - bug#905959 owned by hguo@suse.com: L3-Question: Are multiple "Connection 0" in a Multi Master setup normal ? - [CVE-2015-1546](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546) - bug#916897 owned by varkoly@suse.com: VUL-0: CVE-2015-1545: openldap2: slapd crashes on search with deref control and empty attr list- Drop binutils requirement; the code using /usr/bin/strings has been dropped in openSUSE:Factory/openldap2 revision 112.- Remove superfluous insserv PreReq.- Introduce patch 0012-use-system-wide-cert-dir-by-default.patch to let OpenLDAP read system wide certificate directory by default and avoid hiding the error if user specified CA location cannot be read (bsc#1009470).- Add more details in the comments of slapd.conf concerning file permission and StartTLS capability.- Test for user/group existence before trying to add them. Summary spello update.- Move schema files into tarball addonschema.tar.gz: ldapns.ldif ldapns.schema rfc2307bis.ldif rfc2307bis.schema yast.ldif yast.schema - Package previously missing schema files in LDIF format: amavisd-new.ldif dhcp.ldif dlz.ldif dnszone.ldif samba3.ldif sudo.ldif suse-mailserver.ldif (bsc#984691) - Fix a minor issue in schema2ldif script that led to missing attribute in the generated LDIF.- Enable build flag LDAP_USE_NON_BLOCKING_TLS to fix bsc#978408.- Move ldap.conf into libldap-data package, per convention.- Move ldap.conf out of shlib package again, they are not allowed there for obvious reasons (conflict with future package).- Build password strength enforcer as an implementation of ppolicy password checker, introducing: ppolicy-check-password-1.2.tar.gz ppolicy-check-password.Makefile ppolicy-check-password.conf ppolicy-check-password.5 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch (Implements fate#319461)- Remove redundant -n openldap2- package name prefix.- Remove openldap2-client.spec and openldap2-client.changes openldap2.spec now builds client utilities and libraries. Thus pre_checkin.sh is removed. - Move ldap.conf and its manual page from openldap2-client package to libldap-2_4-2 package, which is more appropriate. - Use RPM_OPT_FLAGS in build flags. - Macros dealing with old/unsupported distributions are removed. - Remove 0002-slapd.conf.dif and install improved slapd.conf from new source file slapd.conf. - Install slapd.conf.olctemplate to assist in preparing slapd.d for OLC. - Be explicit in sysconfig that by default openldap will use static file configuration. - Add the following schemas in LDIF format: * rfc2307bis.ldif * ldapns.ldif * yast.ldif - Other minor clean-ups in the spec file.- Use optflags when building- Upgrade to upstream 2.4.44 release with accumulated bug fixes. - Specify source with FTP URL - Removed obsolete 0012-openldap-re24-its8336.patch- Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch into 0010-Enforce-minimum-DH-size-of-1024.patch- Upgrade to upstream 2.4.43 release with accumulated bug fixes. - Still build on SLES12 - Loadable backend and overlay modules are now installed into arch-specific path %{_libdir}/openldap - All backends and overlays as modules for smaller memory footprint on memory constrained systems - Added extra package for back-sock - Consequent use of %{_rundir} everywhere - Rely on upstream ./configure script instead of any other macro foo - Dropped linking with libwrap - Dropped 0004-libldap-use-gethostbyname_r.dif because this work-around for nss_ldap is obsolete - New sub-package openldap2-contrib with selected contrib/ overlays - Replaced addonschema.tar.gz with separate schema sources - Updated ldapns.schema from recent slapo-nssov source tree - Added symbolic link to slapd executable in /usr/sbin/ - Added more complex example configuration file /etc/openldap/slapd.conf.example - Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap - Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap - Added patch for OpenLDAP ITS#7796 to avoid excessive "not index" logging: 0011-openldap-re24-its7796.patch - Replaced openldap-rc.tgz with single source files - Added soft dependency (Recommends) to cyrus-sasl - Added soft dependency (Recommends) to cyrus-sasl-devel to openldap2-devel - Added patch for OpenLDAP ITS#8336 (assert in liblmdb): 0012-openldap-re24-its8336.patch - Remove obsolete patch 0001-build-adjustments.dif- Introduce patch 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch to fix CVE-2015-6908. (bsc#945582) - Introduce patch 0011-Enforce-minimum-DH-size-of-1024.patch to address weak DH size vulnerability (bsc#937766)- Introduce patch 0009-Fix-ldap-host-lookup-ipv6.patch to fix an issue with unresponsive LDAP host lookups in IPv6 environment. (bsc#955210)- Remove OpenLDAP 2.3 code and patches from build source. Compatibility libraries for OpenLDAP 2.3 are built in package: compat-libldap-2_3-0 Removed source files: openldap-2.3.37-liblber-length-decoding.dif openldap-2.3.37-libldap-ntlm.diff openldap-2.3.37-libldap-ssl.dif openldap-2.3.37-libldap-sasl-max-buff-size.dif openldap-2.3.37-libldap-tls_chkhost-its6239.dif openldap-2.3.37-libldap-gethostbyname_r.dif openldap-2.3.37-libldap-suid.diff openldap-2.3.37.dif openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif openldap-2.3.37-libldap-ldapi_url.dif openldap-2.3.37.tgz openldap-2.3.37-libldap-utf8-ADcanonical.dif README.update check-build.sh- Upgrade to upstream 2.4.42 release with accumulated bug fixes.- Upgrade to upstream 2.4.41 release with accumulcated bug fixes and stability improvements. * Add patch 0008-In-monitor-backend-do-not-return-Connection0-entries.patch * Remove already applied patch 0008-ITS-7723-fix-reference-counting.patch * Remove already applied patch 0009-gcc5.patch (Implements fate#319301)- Add 0009-gcc5.patch to pass -P to the preprocessor in configure checks for Berkeley DB version- binutils is required for "strings" utility invocation in %pre [bnc#904028] - Remove SLE10 definitionss390zl36 1685430771  !"#$%&'()*+,-./012342.4.46-150200.14.14.12.4.46-150200.14.14.1addpartial.laaddpartial.soaddpartial.so.0addpartial.so.0.0.0allop.laallop.soallop.so.0allop.so.0.0.0allowed.laallowed.soallowed.so.0allowed.so.0.0.0autogroup.laautogroup.soautogroup.so.0autogroup.so.0.0.0cloak.lacloak.socloak.so.0cloak.so.0.0.0denyop.ladenyop.sodenyop.so.0denyop.so.0.0.0lastbind.lalastbind.solastbind.so.0lastbind.so.0.0.0noopsrch.lanoopsrch.sonoopsrch.so.0noopsrch.so.0.0.0nops.lanops.sonops.so.0nops.so.0.0.0pw-pbkdf2.lapw-pbkdf2.sopw-pbkdf2.so.0pw-pbkdf2.so.0.0.0pw-sha2.lapw-sha2.sopw-sha2.so.0pw-sha2.so.0.0.0smbk5pwd.lasmbk5pwd.sosmbk5pwd.so.0smbk5pwd.so.0.0.0trace.latrace.sotrace.so.0trace.so.0.0.0/usr/lib64/openldap/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:29143/SUSE_SLE-15-SP2_Update/35681de35cfc5aea67e59eaedf17726f-openldap2.SUSE_SLE-15-SP2_Updatecpioxz5s390x-suse-linux     libtool library fileELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=e1ee761d1d5133a26f77d831327b7bf34f7d3e2a, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=cf670e661d48d234f679c50a3ca6fd1becbbdcf0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=d8987c2346dadb96b69fe2befa77fb9519d88e2b, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=3c70332b746f1eed9ca613497759d5fb6e61d3bd, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=2a1b154b16484c5fa86945000e9f650e491f8324, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=80977409093310699b88db39396e9b51bae10444, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=2a060741fe1dfe007498c2a8481239e71ab16f1f, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=cb2585654475b36b83562c79126e94a244884305, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=bc0aa3f38d658defa980daa12dd13ce569f393ac, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=ed78aee58396eebf5ef835bd9eeb50e3e563d2c3, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=8b38262a3f3c84ccde71e8775530fd8c2d9f9183, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=4ece2a70cb1507d084ac462d64c196d7300397a1, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=76e6d1ff7dea8398d854891eec13d47b63f59918, stripped  !%&*+/0569:ABPRRRRPRRRRRPRRRRPRRRRRPRRRRPRRRRPRRRRPRRRRPRRRRP RRRRRP RRRP RRRRRRRP RRRR[Vpk Dz,MYs5utf-8c311ba7e8960e4a7c29e416b78282478bcd913f3e8aab6cc1c73bea508b9aef4? 7zXZ !t/.] crv(vX0ۅZ8NMn ,krn>9<(R"bj|!3Μ!۵;`Yi#+e^` 5܁L+sCdZ 3J@GN`,O;&SC?yohʤi6 z&񶉩kfc?@H tu)OᆃB0pi ErsPZ!V &W$M;$;6IR/Z\_ %T( AOcI}gGlI5ʃmt>z# 4e9 Pn?aD/T~@JCydAoz˟P-]KH- $?-:~DdqrYrMڑ5?V" c$0U`k[wfLzd_QSY߁ ?aG$i 6e;ؒ&to'ᭌt@ԡM;TqD s"~l=. XsCNn*|wChSoȠAKXڵU}{$L>?7tb\mۡVjnQtoV`ɚ XF߼A5vɤHlv_Ṙ8#/F3}k)j8yj6|+WSgYg5F57Uϩ&(p~AfȓuHkFE_|1`[;R ;&t!'7|Ŭk0\M%RSRd AQꛙӤgݷbchagWi1;K |C _m}TOHnL;Rp fjjz a,?J.˖fydn $#Ŕ^MeƇ"?z e+ YT8Э6"YX&fPb0o+ m Ȕs}Ego!а :AZ|ݢ %N A#*Qi`t &gFS_Ӆ_ʠߧF5Ã*&q9H¹Qpꥥ.4Y[ XӃ?; m#;\}b;yQt U\}\GuVQ7 p7̈́idP-B%wj] =p~t gpYSGwQڦix wv72׷0~[>)꒸RACO ɭO4ty@:w>$\Ӫ:l%IU4jOk7ݛ½6Tca=Fg%Y,[*o`@pˌmr`+PTwqҖEʩkVNq1e3\3Sj( hmEGȺHڜ6!|ɴjG A5֔q(2_<¿\bh&CA]S<̏8):`1y`9=I_*ƴmr?7z 3&J$ LY;N %$ @lX!o%"+VM @U J` @a2}9M&}#]{h3ijB¦62۱BhmU.dMƪ4,I=I'x]EB/Q Hbrw#MvRrz ߍ7&YoAAÂ,B%R05w$IQN)%k5r qza³[D*V>:]:K?D)٢[ j@VM/cRbf2"!? 3z8.ZȍGZ%2?9U 563Iv,Z{տ5N6*ᵧ}rIw;V8:2>ڒrP Z$4JLqJrl^fJ ^ObK ;^EWz ;Y`\Z~l_ oo^-/vYͩ)KJe_\xqo*:VWh3!8duQE&HiO3<U"- iK'נ0ġڃDlz{'&pP(,'/οE) [lF&$$񧊔&5ZoF?զÐcOd"ZfL}6DJ^z0gb'ҞSC'PJ&/mU  壤m2GCuZ#=jh857F?%wGF] 坬GSO |˯C P=\ z,{(>Dz=8I:n}Hhr(Osa8c_~g|{r3;qcY^8oq~ ^jſh!VO`i rOv}$:o{%*?cGjH>IF)f@FZ^ٴ7v {~jIW=^A̻V l' .uQ'p} h޼7afu$TsS;f4C YlAgXn bSW0gJ<1Ht%?([rok8'l'm[e]ֈe SYXqra^?lh読43/ }Gvzhƞ9]aKec10 H9Y Xd^h*^b6Ψ7=&IM'H˕X*:@y_H-jPR ujo;Q&+1׹J+t``Ĥmg>aR௜_/g/*Cj4f])pov!O"TT|6z,wYcth[WN-M1ף`=PytӐۡ] ݦ6ڲ>V]NKU5c6X@~XU e1 g?N6W^u/S&s}wj?p=;VP,~ba;J%_TF(=xHq3r]S)^NX :uPHuoOiBhg&[DS1y×KQV ]O8P% bVZ' "3z %=i(B Cp ĢDb9R%r<_s2ct ?cL+Qh;SVl85 ^[$ mxH|ao.1G$;}jAp<sb-:aӿf}lpAUF/ZxujLyɗ`X OH_5y:Z)PID2'.C [m>1d NJL"ZT٥MSq=w+pL.;F)LUO:zp}XR;]IHNhu*[7>{<+hӀץVea~1]Q)&D縺~ԬA+4uVY2¶:@9JkU^D" 墹t[j0N r>9/0Aŵmg ~ʸവ oӒ+z|+5zcxD˂zGæ~ 9oAq: ? iR=AzNh#>'ғ &2 RCCo>)kOk_kP$2·Cv腿]3ۥ摝"gU;  3C1nà>54~C(]5S+`Q3IՃurZ/[UM唠u `:wYDWU~iMr~⤓hz^|CR&W(83Ƽ_J=CG3׉ jh`3ՉI+"b n(&t{`Ҩz|fqf4Fغ xs۪2eb-?K:Ŝ­TYG*IR-p,-V|+ޅy] `W_*O@ЀdYI^JYư*y ^~W/F`νq)cKKbc0ގ*d.KŏG2I4m N9ޏ>9^x^ f{L2AІ&DtG dRv.wF0+ zX43B/ԟr IENQ+nLޞEE%[v` wοlly?(ęP5o 7iq e-gI;>ETuoUg&_.*E-yqMQr$gZ^vv/^Ln WG )y$Hj ͈dqbv .eءiJfdFA/]ÉV#Uw|q\>=:^5/(syAG5C+љqTp؊XL&g%R"J2Ǖ(adѤ-E^WHCM}-NTJn'Y!I8;k0vgG6g"#2!+XR(Ҁ:>JT;59<4xmvEkf/rY>-`0:F,ITG˱/۠?ݐ* :w?th~idmGa1e r=^pzϿr=FKsBP{Ř#~u.w_26 AbmwLSAaP2 K YDw)ydW0GqsTtM|MS!̈xm[\,p߭q'17O^d𑕑1>#Ur=HgZX::A`C^\CĠ@5;hėU ¿0Ͱdm,Z;9 (@Gv &-r{~6]T"gg:3tYhy(1{/Ҩ~&GgĐ{?-5OvXͶwf0n7~LNcc>i_T~o8<\E co&nIVUݍzFt~Or8#4(Uld6)vPG:UcSU]5t}o_Shy0U{Wki}3]9*ӽXXE4eIx{d;=@2 V_+̥^QZ6Pqx .+nS֧(!J{ Oa5쭥? z("Y72 o_hmU g)R[,Z`0l*Sԑ}3lJVz|M>"X5NqwBŇgIJ$UrD%QUMtD~xgEX G%@DJ{T&S*pm۩z2V7}ZSWۏt[]#hZHfdh>|BxN;(aO$cݻL2h5(Vw\<ぐׇxcUB 2T  EL A4͟ҟ8PJkM^sU##z$0 k/;wq;ɼ-"5|4uJ )Q4Ѽv%?Vjԯq,T㍣/衫>PnIz6/0 6IIM:j1vv`p)';  oV"T7Xo4Z6 .Zc- `oJj̽XNn"b;*aYˮy@^+_yݜ_dX5YBn d7 ;]ȠYW?8,1kndKFb'44I頻C La`#%㗸9~/}O٨~.n |}Y K?*&PuL 0Beb?U& ֈT֗ot_DQDs~R Q'sG+Y&"6"^t6}4N6>A~+чD-*brp rG(B AS\p|"t87& r1A# 4 [{FP$įG+qMxY]nV?PZ ƳI9h}~-6vZK!g I%H3x[ c6\_K>T (M4LvI%|bq(#03 !88>okoW\>V@ &މ A+;Ye'̏&ו'4~ja1"Ý_<}I=IR.6>M3." a3hhgdO^:ls$P% Bf/ 3 ,fX\t3X! a2=;8n]+d-=i"]~gLu3[\8uɓxr aD^_R*rE̮TZ (C}ay(O4ĩÇͲM_kŲ XY-kk|xloeCᎄeꇎ8&aEzr +Ir L3Ssh00xM%H _Pffz5Ga(;l>m჻z@.{Ia HUT4+]9; 0MӲ GL) F:mwއ0&ڒ,b|B|?6v!@z/ηc*#MjoV~0MGMUq`iCMjS>ʞVP̈ƅHrQ@j]KrGwQ]-W0V?J 1Nj#p?IBoPDf;)xC@M$uxѽa=[I} hcXmP ǂ&+D\qLLh3)ɽ]d58l;W䷮ᙃ*P ^k%ת5ZU+F#MB#1"$* A36CcHv'?P*%1RR]@R@ƨ1G#)ޅRoP_rfu-Wgc퍯`#Nu14hZ `ݶ@M!v9G=suǾPΩ{9rsjؚg_mBӡȸh`=ʆRMP~mqI۫"fn>NEf:GecV2r1o݋LKϙwYs6^MD‘QCyRqVS<!VSh]:jQ!|-:(e=4[DaCS"MR׉Re~Z"RS"Fyb{, ;TZ'pf$r+BaTX8T|p"(s@"ft]3,'2u0$z@h?r㏑ &&DafS0WMcKL'?cʹp)- lV^-UT" . ^ొÐ ڱ#8dתaẊ>@$!̵ͧt UĹ| ڃ@xV]~+{efhp`^:rBT(@Zu Ny4QQ/mvWA~4:)kCqgѓFpw/ȽDj0Uɗ2aZby.Z=Hgvugl.YSv$6COǛG+M ax mI„FS0v$Νi=7,s#Z"V˻B*E|ϊ2C1B0 1$]Mb(;*o37OϨ%Nmw2ǓG? X3VPͶڻhux]B\kM?ۑB?#q|mW{Q C7pfr"RMd>*ļ*8tghY'Zk荎E|hnt:"ʖ!_|Z;_->;>x3hmȄ 1tPL0nyj`sNi8,=ÛZ yu' dmjoX?Jd'({$xCw1ν "*C**6 etř9`%Iir+\%")tp>(|S1Xv&9c5Ë>@7OĞx@;;wǼ.]Ur:3 ²yE"(Q&<1.Od97W(TQJ0ƻ!=stp.G!B@J kYԳ[Sa<ȵKk RI%gҨ-sj7JNǏ0M~9<Iv^wGG[dU=}NuWLK>𸁽 nibV*>Z.F>xot6]fkzK1Z;38JF\(bD/ " W1ZMtqy2HJjz#VRP?EvرJK[YdmIDYJ`[ +β6zbW),WɭçRɯۢ,o?~3f 9Yl ۫1 ?G~yGb(bY=^UY}J =%rtiIq%vY\Я\ P{5H Ʌ`zwɠ̍h^@0O:A!oL45sEe[kAT: 7m2Ȣ-cRg!mѝ#&f^E=@ڳ[OAcQ/6RK;I@ 4ph:A?.Dΰ0.KCm00_,K WIu_yNEG6.z\1 7861Lͩ7j] onEoc`^bQLWAQ#UN7~EM/Ճ1 ߤG+K-?Bu q| Zk #ipUh6f۪lR)$.Q%KTi-7:Gݡy,; 5`AFBąizk1U`9bWԈwr-:|-ќ`l#ʈf9cB޹mtW.K/6]:"sފ1 ^r < -B9~bpYg>!i? vi .T nx_4-P{Ə l4)m{n4!DKԣWyMC}`b(6a!Pס8Wғ+uP,ո$WGX'b,Mf2x̯VuĶMrhU|fmH4avVe3eїJĝABHo 2=pؑ2 HȴgѤ>KtsOީj7ĸ:L~ڰObnQ8D gNKBBWfRؾqj'WϠ^4Mvf挮皕Zx[b1b_=$r+t0 L $\m.yuki$wP az:ј_VZkdqL4K Y"vK{"ڱj3k_zi^/6jЛ`A( cOz>ٷ2gf`1"aY=+D8JP6륓=3wb{Tw<&ݽ({ yI[i3̖7uM]#R354)\%e\QE s{:>`WZ&޲vmcB m0*=ءpZbڀvmRґlQ|Fzv*kB6ލ݈кhp;L|ܹ6C= #wE?L@.21p}ȟYWG i]t,]`ǸnWBx?r%fb:T{Z|{p|ueA@lz娢#ԛ oEZբ[h,}+(pαH?"Uw3&BZ\QILrU(X-jt ~<`V'S)?Uf-32WiA;'Wáj #nZ@<4 iy]=iKy)<PxߴD3V`1n%EiNZlc&\{YOc e s -r[ nwoM~4uU= ˏWZf QJFpԓBx'/\]/. Sd5 L% J9K֚E ['v#Rx=\R_>72WsimtϚ4杇[ oׇ%b5 l8͟%K)2[\'-q v)g7״ H%եJ+N4n&q}GG\̣UCgP5I_8@V;J  >lwoǾ`Ed2h5S|KF/#Mŋً(B6M$?mmj%ߌ܌6QjQY jR7X'' 0l?Tz΅!AQuͺ<=ުޛ: m+m9TC {؅a։/;VHt%R }Hv6$jQUIvr"ojPnmFԼ_t,*hIq) J?3+cL&6?,Bt:_AlqYnwrV@G =IblX.(yvaӸŮbZ[ lTQ-{[c\DE+8O+T .ZrK?^iV4={uڄMpAхvvob.Þ0m 6a5t'YcBY ?_j2Vy ]U*ars&g!\ Im;-(? Hp5$W>) ̴ݓah'r[dsE +r}vPP:<|rF+cQڶ GCAbX _y Ƚ㐐&˟<8Q/a[wJ5"'*ngsIF<8Ɣݕjip u-[XK@XF㆐ N+-W1!K׀#Eͪq:?^5 D`bVhtUΩė?y'.@C i;& ۽'HAb}8gDJPkqSu \dw"4 N8J}dii|^ hKЕG&w+\2_=`Fp o {?ѠwO`h# KwO/X^m4ؒ Zg~S.V{CVHZΓu^n]C\^kXgtX=TC[q%d0d ui"IA?fK^h(89#Vߪs 0%Tt%8?͒25e " u'|`F9ErnLNp-6!w7l$xJf.™ Ka&JE׭UԴaD^L0?B~Hrs6y .͒;AERҍE)ǕϜ"IIbK)+?리(eein5piff >^1ňCSaJOE7d7&n鶑<9wlW;E{:|pe5IxƂkR>C`Èb 7j 5qw'΁[Ph#c0n,]ߧTq^џ#)6eΩ={>@Kn7Uؙhz=Lva¢]+RguɮZimm Z*EĴޤp``C\=M cDΘw*A1Ѻ-n-س.\v˲+q\y)/@bv[La|-x DdqŢl 8T U&| & ,ii%(]Z\+@ Ovb%E,A盙LY bS5e#IQ $N P>|F ewπ=[AjH%e (]8iNrdu(``3,iݔPԙCiP`;9OP~[ڡVzQ#esywXrU=idDOt/_ILW8`Nr= J#7N G(pcƋ)9aK=$ى5jՆF4ɜ,YaM2GŪ9},lhۈcC%txbeǷzL 17ęi`CɪdxȌsH@1F+dϽsSCR3fIW{041DC}c삔ZQ!ț|JYW a9Ǝ '`y9MžH_R60@?o|UJR*upeL;4(+]\ʖ[}ħʲlRve6C<PZ诅6#i_( }k<,g.D*GLRd񊤷'c$u+uaT3n„YKmt%YaGgЬEi҆d*˹SzG*BP5'9׼PfYoܾ*F\)+<劈-WB3RT~sjhX|V'URiR.B \< kz3DJ4+n#l %gF#:X K4>V)驗Y}S ۬2’"F^zN/qGB:DJ(DI]8(: nɑSYTvhIࡳ~+pTUu`ra9^.sߔhJp[>CͧW t灬&d=iba09\iStjWz@ˁ )dF9i,peF^k\9s++=}i c1v*iՆ,$!r(@?y䗳u s&~ Ţ*K;E3dhN:7krB1S8xK=HV}丧@h/j\ D/YawV4)-i-ىU48b-/5#ͭE_/`.P@6M+ȋ`iMEZ:~ L٩r{'|5R V%l8S6Sm>a_( 'm[0aE)1;PUVǪ]|\234t Rt6m05prfc}66ZFgG{\uAr_Hm3 _0 L&K'Qx 9) 7z*à_cY  F͇#3 ނQT!4A*s4!IF4Kщ̃텯 6/Y=Z`59k "/gE( PwR4W]sdi3t uk5M`$bx&+8Y,x;u. bCvzpX--*MG'eKvS7ox%OzQDN<79tQl$ VGd;CFW B0j R w"Sc`;r_ &]w.n94rݺg 7-w&΄bRr:]8L8LPӮokKs႘P1e`yU hfr)bC޵/].Z:F!{huV`J98G%kQ Y<Ƙ_x )sڵح =LA =0?뼀/ê.:0xd>o+j*r6N/vJv6Lۛ* kS@ |sL!EMlYf9u.Au\e6j;FRufw3ZAr ڄ !P$7ޓ!Dkh p.@Q* ZxM`Ιr66Um8 %(.ZbqyuMP,a&;C>9Iz_P䴂qa|'s"Lre!CZx@( w+ 'TP9-pm5d=ӈN~p&]!o[UWw_q?>1[|OYfc5 iks[*5%k~RUf.KS!Z]1I̺RPVrA_I7gca.g1/r+o뚶 v8_1pd쭷ƓM ?ވt҂|}yo,bqh]An| ؂)O56='F ]~+@j571c%2q<#59XD!jRζh80 Uثz@4NfEW!n,|n:;G&A+>b88񶦞)7#ǙAoS㻰' giz oNA|d)q)ݷwv[X!Yn>6&OY]㦝~ J<tӪDx|0 fxqN) HVy!iKQ&U8.ɞpt=~zmPΜK}daΥ"IE<\U㓸RDou݀dl-dѕ=(jD?,qLJ-P'1JvN`"-IsA|T+[ oog`-hJ" :`'$3*pS=^Z|7,u.]rRJn(30ZEF݁t=f aD# 4JLxsڃZ`M¾fɮj#*sfl R],;9b_އ@")6$^sٔD4n:)VWҥcDk$U(V͊x#)J ( Y3C=лcF&%' nN7 ?ߍŔZKFp XUH &\0J?n%YiM*sb՛ mP\+L&U+ S R(-nrxG13*+[YH#?sVT $<Λ eo ߚ,^ E z(;F9(!r0 FL`#2F;YFb)t3J_Cڋ[ZYxU$~1 @Z3)Wl ES;bh DaXlESlU4:*OYL%(r90svµd`CJ± {(zms<#$jDe*AYQ<rt L$j7C="02#PΦ`XZ30 r$6Vl=͎Gn5@@kW(3Ha92!LiۊTeJ6 +<+Ճ \)ew,%[,2:)?W0 xƈY9^uT:9vFޭ-{(/ߎd?C43pvCʓՠY.>/Q9N`Q%4Ib&" zatv \o=?_@R?m0(wmmh.hl,ct+N;v9LL#}Ks ĺɉw 7kPB53~;jB{4)]ХH/q =);{`X̮ҁ۸8X}ߤ4fpg |œm^ QiBO8}2rNףWR1neƐ*m`~E?UMU[KAomy5^ Orc9T"ZH3sE`1sb; ıV6Q$\EzSRG@LhK ` <&&3-[DI_Mr 9TOo=dFlS!!Hj=، 8]w1J(2X"! SNz9\xxAK+B\xX"s8x\wH&G{_& TD٫3LCן6\CPNW,J5\Q.}8q~v/YSZ] C#+`2CᏄA â)%./8㉓JI(S]\WH/1dE7 ZU֌ѫږrfd0sWdȉ5DOngoC XM[D5Fض$̝7* *֥q|0^JE:W_R#τbhQK׳ Vќ:Lq ͎SP!ALh螭PHy*Gĸڶ"s.ǷP^k98t}˴#[KJqf**Ao2]QO%NJ4-tȴ/@Q lم\dM~zQnLN JK Y4O\ Ge1Jʆy-޺{[@Ao>t= ~P1'Mpԭ$tN)iٙX9Ux\-RQ$>[ k)ag|M* ; W[>P' `ZfE^L/&[3~gN~ī)p< g]t9F`iO͘5?`"GI1vL_+ϛ{JEeT ni.P9!iiuB,U}=LjK4-V-¸Zmߧ" a~2=:| }|{Y.R#\P5m恵G G9ٯ 끧3*g{+RL_hyQT ܦ̰Z I`CRTHRHb#z4bf48TG|î>|)oD&GihcUJ\ʐu.Bi X M5ک㐍~G@)h[mKg R7(x_ %PkRtXڎm(,Uf]*.>dJ,[]Lbʑ d=$ʵV4.)Z(`0z4s'ۿn(\4}_#*\,P(|p1VHH"QDeOҌ#ok/YVkbG$]E3bEn5HUVKon}i!A17u+c#= dC'8UK'/t7sFVP)⩰"$l=͉ $ej|J[_C*S:$kHKETG'NT1i;1 }x[2vCO8$b\I5-Kq{iO$E9, LxM"N0#];dȴ/F>3AAV-JV$Zԟn/" 1;?ѯbor䇨aWc -IᅱgXo=r]u?;5ϊٹ4,b H6ZI'g􇿋Û^"n=^֍误7FLT@!)/d_}"$mf(CnLVC1CwSЉd%HFa&ЖYë/UXባu*I*uk6K>?o9tubR1\:mw++Bk<zC=?RĚ.5ĆH)ZK,UqXMfMCYƤ=lEǴ_;2OLɝ>xr }j7XWn)~^=ɹ`p$3Ӡ2rnu.2aya3݀m,w ]5]($3# VecdM~uiy74i4 D$&3"(-M< }swhVӉiJFR= IoʽM%] ^{qI&dm ML9Ņ z7Ghf>  z7zrzl/K%?=NÁBB67 Wd>֢u|wVčX vtj4(EJ #jWܔyxѯwhD{Os f9>b6O y qa}䌭+[Xcf%FCTl٩[5y!f׉ -n+LQ2 *TE'`fe-ЃFk)-Lp K~-1bV0ͭHVF+qBF1 EӀGbgާn'7\uxE![AMޫqxr&,?ge$ !7-ʠMTj=c. NH˓bea_V:k1"~jKK+3=ٯl0Fxl3]<;ÞMhu?M;V\ 3RdJ"[=GDӯyȸ~!(u2좷b݃L4(<`#*Ŭ'vGSʆ^h2VBN ü"C5`3e[AD6K4sBDܪY L!$/ş31ZQD!eD!t8eZ4t.wǙ`b$0%D|Z/9ʩQCryC:* "aYiٻH{9!]K aKotiith L_u-k<@D@'mM+pwODX hNcZсoOY9]1uO/i+Xl &.1°> *'QöRhUFڶr&pw%.-`/. ZM)5yidi޵/0wYX rt2MjgqB;?W̺+[8N*3~{2si[TvkY~$cF?Ϭxz$QKI'7U= <~4 rnj;+]>Id՗[H%=: u X눞wVfOiSw}C'6 2qhUu},'"btvvi"H @2m'@%\;mNʷӺQR I"$}U.*`XSnmOTݒc\Mӂ^v)F-^C[NvovWI96bu͆V]xRCzڊi@~|3ۂpD6Os8DwF|͘}Blܱ뛱-4Bf#W {&:|* cw+x- ԍ:'+m}>@BjQѱ4p&h%zN2w~BN `LQLKIKD!6Q\m!8"1ͺ9M,̚ao 1d̐Z%mpF,ݣCiS͕ ̣/"K놾]}{N7?ٴEnrp5$oK0*D*8`(hhfY^Ժg RHQ_EͳZA]IOvWfˠQ'Ե^kIKi@=:QW\w!1_&E=w}  %uS9[IOL O΍2iN.5mj;C@؂?XhOQxZf^ ^5VtG3+CshTszuaW8yA ߸'wYC e4u' 6îslks2foqQ '=0ݏOסJ M :@ k$8խOiC"hpJQ'U‡񁃛RwfLv ڟ01-_;2sZZCTAlp;F0a>dX8,khWu<**i|RzIiQ6On]UK|gF@M OiZ ?<%Zg)$8#DWYqkY&G~$v~Yb#w2EnGҲv}_y|SE j*H5RtZ7C1|ˉUAߎ>Mxȓ>meRY葅=y_iS>.Eg|bcw:b- N3Z NQjqk+JEG/+VAď:MCwB|+AN8aAn3h<Тq%ygA;=…fyJH @4(HO/C"&`OߚD׷$T ;3֦q-(H C;*r1߀i$hGqWS<1#Y״8~ryͣs,^ m{p7љ'a88L)[P\cJD~hv:=v"v܇g$ܫ)n1' 鱹Lw1'GwHj0O)^ٹSIL^DQM8UAt'd1 SQm(vk 5\^ܹUOS] 2L}Hhm{7_ #A^TybhC =ҽR~'<+w#sq$.潬?9ev0۾*4AxHQa0pi{vhe0ʧCopR6.B]62A= 4n UqM[U.GՔ4EnؒFDOpdJx- 7ȂY^mMat%#4Y}tKg/2pHt Ƿ:ʋ ɃESFGYp %NU+kJ(: MU4>5E[ xTEū[c_^YoH## Znpb=`,:8Ή9s+X`ʑ-!q p7Vz'O+Hu.ѹH&3c2!y X)kQ-Q"<=ϟt! g,0Og>@W5. 6;XqxNFV{2&!Jؐ2Fmt>F\gcE]W|s?8z̯[e\?7\9N J omfpmUP,J/T:` F{* 4)ww7<˼[<<-6`yhȵE\;"qŸq`OOa(t̞^nUqE7F+M(N ɯN&.cCh/x&A(#(UWѣA%D۔mM|b$XkPpOÂ\3|p`w o `O%߉%d$*MW?䖩W(/vgi:zxP\doZs[%6T3.&i}9ӕ`ߑcz \7 ?df,3(Oԑ6`f43cUNL]nؔ%E4=seXՙx v N GbkXVV"=$LX8H wpQT`S~gNW3cY<2,4".p~eMz$ݬaDIx~Ch1y|1NڥpD;Ĵb@{ pڱ`UuA\+Qd=1 qC蛜Ru ''Ph{}er3 ypx5)3-4r;MOl6nO $1J_KXIW'Q_t\^ƑL/GW6^.HőRv1뫬WRH$d硑)Tgsʪ7qHSu{g;aqnP~:ՍĊ? ']ͮ]Khs&\s e8P7C%s ^e>h:)n }D +Kߩ$ߵȲ)ڄwWF貵ݷ=!)VoI.B!H&`?o (ȱ½yb7託Q`T NZ"ae< <:̶{۰ s#[یK(8kBvqІ4#ݪ32MX4Eh,{{O}&`p iDVkߢBVc% .ʄ[,d$9kgosrDU3qUhIGkL‹N-(NO ҅%O`>[(MG!B*婒(,9f(J{9GݶPʑ;FUq6?qPG~яX2ׁvG9tM7_3'O1Iז=?O1dcWtsC}'@n0N4l)h20•M7b߻ O-^":ztƊgWJ;N'LqаF`*onvh?f~|"PnZ~emuA7wZY,}&/AGـl°K=5қ=F]N eanRJ/,"h"B!&1fhպV !b-˳`ѡxQi1&SVyn((H%Br ^]a|ı[楧'z9֐=%]NY%N[̄\(m'y] R%iTdIsWfIJ]K`BQ! ZFd~!6>jI50ɬ?"c!mTcsL_S!4ng Ywp veKkx<ǿwYhIua\?ړd׿bqعkmpW9%SџȢ#1Lb3=*]M݅œZ XtJs;@.l\#h~5aQ;lɿN ! IƊďgx]#ѻu( vF>IV;D#X r %\`"*R#b7}4+ƃc0E%TȚ%^)+҅TI"Re0D2.܄@$sK)f3znBv5xr_U׏A{kWRuLn`0w۫)[ ΚWX[X Wy y]kBX;ČZͷnإ4q`` ȴ$OuCߡʮWIo"bRN'oLӸĝץ\icVveEON "-I/ c؄xFk{I C|>N5Lv-W74ƶRU__-oH eSg{.f*L֨?YKMe̮gq0яBirtF( FuH`TĜ%b]3" qcC̛ŧTGo˭7[A誙D&eQWȅsDM ǒR@."5WIʕI IG@! kO,$gU@K^pmHgqFN{NsdѿW=y.fհܘ[` Ak1D " ؾsz6}g]l6\]BTɯ" Z-+G*2m. J2##p[~vunT mEe.f}#g's]NxxJ9lYc = lˉY:;xG0YTY'EOh,]gx%\>(v,\upМkucqrEYz뫚>mb]&#J>({ճ`8Gj/.*5qP<ٲ0\+ёڄ>4J;sBFf~Ľ% ~L`- M⼈~KV:AWبlۤF/ayʣ E9ۈ|t:GL]S}$%CޣJQ%+3lRl|PiCN%aܨVm\b?rkkcShPT8_|a bN9߿h_=h|Kn);˵T⛩rVUܣ9T :ˠ8EMxbDBq mZȔU:艭|jࡃ-]HkKFӗn~~5Img *':w_}#2BҰCꤝ C#|GuM(Du%C[OwU+͔ЧoAs!SBZ󖪟n6j|lA֪݆ͥjdQ5 Izk4e f"㿇7ol[eVm_3$_8c@RM~ԓS5|sB3eENtE}4Ano`; Nj8R1JPN%V.MlQB>XZ|sCbO;!Җ=r~+Jd[mcM?">3#}-{@Wl"a3$֎kAr }z{k!},btƀqWtD 9OMFa#AZ٪Fw xIILz{Gx^ZA/zg/ԙz~QXVRWzy(hؑu %:\5wA8*b*7x.|WrR)\ύ$ k-X@o#ފcX,VO~tW-h,>Nf6"/re<z:*v dC?! 7te@937V{z%PE=6! 1 YwC>6 ' BBsj(ᠴI%,92J;n}ss OZ+>ݦQVOv6̻gOh\>S\Z+ Lnhi8Yw|$TŀVfmu5.)&q[=qWێt{yq0c7pZfjz$*99-YFdi#ʢ &|m6ŋ 4WśyӴb\GKLAG.2IKx_o{x9V,`O H:P ƑvK2 8=Lg['sh=5 I9fn'բQݫ|cuCWwnhD@P`h\k:c{@OOgO@ꣳYؚGt|d F}/z&:oȆ nI>FTӂD>o‹ t(s YZ