freeradius-server-ldap-3.0.15-6.1>t  DH`p[quI/=„Vn=48k6"gSJx闞Yl>RF콆cЍ'9y3QʈΎ.˝nF6;D#OQ!֊kϺqPĵ j ?R#sJ8"gP v 9moQ%e] ѾjI(U Rxce\V F9*2Mw@{g/%t?Ԭ򕌜DD]I687983fdc6d244384bc8eb6ac0a1bff553faf07dgj[quI/=„DF26KQWG$P}+$1l5Q.W1ϲ:d1zuo@ Rp/ 4P@ݔ@oaym ]?VZ U#;&ʿ]Fʇ$:<9dR )EsuG(p HxijE8:sF2g%.+s)p@O`R#mu/M[c%QK6?KPW(qHKgQrj#,w= ^z .SeST(>: ?d  $ @lpx|      b dlv L  (8;9;:;F-G@HHIPXTYd\׈]א^סbcudeflu0v8wxyzCfreeradius-server-ldap3.0.156.1LDAP support for freeradiusFreeRADIUS plugin providing LDAP support.[qu+lamb74openSUSE Leap 42.3openSUSEGPL-2.0-only AND LGPL-2.1-onlyhttp://bugs.opensuse.orgSystem/Daemonshttp://www.freeradius.org/linuxx86_64Dw[qt[quc2d168f8dbdae55ecdc61e949d6348da9acc37ca0bb200aedf222dd5a6d14e5erootrootradiusdrootfreeradius-server-3.0.15-6.1.src.rpmconfig(freeradius-server-ldap)freeradius-server-ldapfreeradius-server-ldap(x86-64)rlm_ldap.so()(64bit)@@@@@@@   config(freeradius-server-ldap)freeradius-serverlibc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libldap-2.4.so.2()(64bit)rpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)3.0.15-6.13.0.153.0.4-14.0-14.4.6-14.11.2[<[" - Complain if the detail file reader does not have permission to read the "detail.work" file. Fixes #1398 - Fixed SoH. Attributes were not being copied to the virtual server. - Used a wrong list to global statistics in "stats". - Create EAP-PWD identity correctly. Prevents segfaults. - Dynamically validate authentication types for PEAP and EAP-MSCHAPv2. - Fix includes in installed headers. - OpenSSL 1.0.1f and 1.0.1g do NOT calculate TLS 1.2 keys correctly. See raddb/mods-available/eap, "disable_tlsv1_2" - Allow password change to work for MS-CHAP. This requires 'r=0', because password changes are not retries. - Fix home server fail-over for home servers using TCP and/or RadSec. - Special characters in expanded regexes are now escaped e.g. User-Name containing '.', and comparing /%{User-Name}/, the '.' will now be escaped. See src/tests/keywords/regex-escape. - Use correct authentication vector when sending Access-Reject replies for RadSec. - Set FreeRADIUS-Proxied-To in TTLS again. You should use the "inner-tunnel" virtual server, instead of relying on this attribute. - Fix debugging constants in rlm_perl. Patch from Herwin Weststrate. - Add samba-dev / samba4-dev to debian builds so that rlm_mschap can automatically use the new winbind API. - Automatically skip zero-length attributes when sending packets, instead of erroring out.- fix bsc#951404 * Rebuild of freeradius-server package fails * fix source url - ftp://ftp.freeradius.org/pub/freeradius/ + ftp://ftp.freeradius.org/pub/freeradius/old/- update to 3.0.10 * Changes of version 3.0.10 + Feature improvements - Do more optimization of unlang policies. This makes run-time a bit faster. - Re-name most of the functions in src/lib. Third-party module authors will have to do the same. - More documentation on contributing and how to write modules. - Update radiusd.service for systemd. - Open IPv6 proxy socket if the server is listening on IPV6 auth / acct / coa packets. - Create debian packages for DHCP. Fixes #1125. - Add more tests for "update" section parsing. - Update "man" pages. - Update attributes for Alcatel 7750 - Add dictionary for Boingo Wi-Fi - Add support for DHCP lease queries. See raddb/sites-available/dhcp - On HUP, check all modules for config files which have changed. And only re-load those modules. - Allow FreeRADIUS-Response-Delay(-USec) to be set for RADIUS packets. Patch from Herwin Weststrate. - Documentation fixes from Alan Buxey and Matthew Newton. - Update "logrotate" script. - Added more RFCs to doc/rfc for new standards implemented by FreeRADIUS. - Don't crash when doing "radmin -e "help hup". Patch from Matthew Newton. - The dictionary parser now does more sanity checks, which prevents run-time problems with invalid attributes. - Update debian packages. Patches from Christopher Hoskin. - Many other debian packaging fixes from Matthew Netwon and Herwin Weststrate. - Add "session-state" to Perl. Patch from Herwin Weststrate. + Bug Fixes - Fix rlm_files so that there are no collisions when loading 10's of 1000's of users. - Fix radclient to use our internal v4/v6 parsing functions. v6 addresses with ports now work correctly. - Fix sending/receiving packet messages to wrap v6 addresses in square brackets '[]'. - Check for sasl/sasl.h when building rlm_ldap, and disable SASL functionality if unavailable. - Fix issue which caused a non \0 terminated buffer to be assigned to attributes if the value being assigned contained an invalid escape sequence. - Fix deadlock when reconnecting connections in the connection pool. - Fix potential overrun in functions that used fr_utf8_char with a non nul terminated buffer. - Fix decoding issue for Tunnel-Password type attributes which were very long. Found by Denis Andzakovic. - Fix radclient issue with TCP sockets on FreeBSD. - The server now creates ${run_dir} and ${logdir} directories in daemon mode, when running as "root". - Handle tags when using maps. Fixes #1191. - Fix crash when CoA packets time out. - Fix parse error in rediswho - Fix regex support in SQL radcheck the "users" file and radsniff. - Register listen xlat earlier, so that it's available when the virtual servers are being parsed. - Parse Ascend-Data-Filter when given as "0x..." - Print Ascend-Data-Filter correctly. Add test cases for both. - Allow old-style clients again. They will be disallowed for 3.1.0 and following. - Complain instead of crash when "else" and "elsif" are in the wrong place. - Clean up memory more aggressively. This lowers the maximum memory used, most typically for TLS based EAP methods. - Prevent the server from unlinking the control socket of an already running instance. - Fallback to using the configured OCSP URL if one exists, and no URL is provided in the certificate. - Return CoA-NAK if proxying CoA fails. Based on patch from Jorge Pereira. - Lower peak memory usage by decreasing size of internal memory pools. - The control socket is now left in place if a second copy of the server is accidentally started. - Allow virtual attributes in "switch", "case", etc. Fixes [#1240] and #1265. - Many spell check / typo fixes in comments and example configuration files. - Better handle multiple DHCP listeners. - Don't print secrets for old-style realms. Fixes #1267. - Don't fall through in empty "case" statements. Fixes #1274. - Update EAP-TTLS so that MPPE keys are correctly calculated with TLSv1.2. - Always delete MS-MPPE-* from the TTLS inner tunnel. This allows TTLS / EAP-MSCHAPv2 to work. Fixes #1206. - Fix off by one error that caused some MSCHAP-Error messages to be sent without the password change version (V=3) and the textual message component (M=). - Always include C= V= and M= in MSCHAPv2 errors. RFC 2759 does not say that any of these fields are optional, and not including V= caused errors with wpa_supplicant. - Do not include M= in MSCHAPv1 errors. It's not supported.- Fix boo#912714: freeradius can't use ntlm_auth * Create winbind group * Add radiusd to winbind group- Remove gpg signature file * The gpg signature checking is broken and doesn't work- Fix bsc#935573: Insufficent CRL application for intermediate certificates * CVE-2015-4680 * freeradius-server-CVE-2015-4680.patch based on https://github.com/FreeRADIUS/freeradius-server/commit/a03814af310bb3bee74ea012546d99c48b0ea5c3- update to 3.0.9 * Changes of version 3.0.9 + Feature improvements - Make "pool" configurations more consistent, and update documentation for them. - Move connection pool logic to "most recently started", instead of MRU. This should help with pool stability. - More VSAs for 3GPP2 - Added examples of multi-value attributes to rlm_perl. - LDAP-Group and SQL-Group attributes are now dynamically allocated. - Only the "sql" module registers SQL-Group. Other instances register "instance-name-SQL-Group", similarly to "ldap". - Unknown attributes are now complained about more often when used in unlang statements. e.g. if (Foo-Bar == 3) used to be a string to string comparison. It is now a parse error. - Rename RLM_COMPONENT_* to MOD_* in the code. This makes many things easier. - Move to C99 initializers for modules. - Load modules in raddb/mods-enabled. This allows attributes like "LDAP-Group" to be used in the "files" module, without explicit ordering or listing in "instantiate". - Added 'bootstrap' section to modules. Third-party modules will need to be updated. - When adding clients from a DB, add them to a virtual server if that virtual server has a "listen" section. Otherwise, add the clients to the global list. - When reading dynamic clients from a file, don't expire them if the underlying file is unchanged. - Allow the server to originate CoA requests from the post-auth stage. - The server creates ${run_dir} and ${logdir} in daemon mode, if they do not already exist. - Add dictionary for Wi-Fi Alliance Hotspot 2.0. The server now supports all mandatory and optional attributes for this specification. - HUP now re-loads the configuration only if the files have changed. If all files are unchanged, HUP re-opens the log file, and does nothing else. - Much better debug messages for EAP-TLS, including which attributes are cached, and when they are retrieved. - Increase default max_requests to 16384. Memory is cheap now. - Added "stats memory" commands to radmin. Debug build only. - Aptilo controller dictionary updates. - SQL modules now use Acct-Unique-Session-Id everywhere. - The redis modules are now stable. - The LDAP module now supports SASL "interactive bind" method. This allows Kerberos based administrator and user binds. - DHCP code is now in libfreeradius-dhcp. - More DHCP encoding / decoding unit tests. - rlm_replicate can now be listed in the "accounting" section. - Better sqlite debugging output. - Remove "required" option from many sql_ippool directives. - Set default CA "basic constraints" to "critical". Fixes #1073 - Updates to help / man pages from Jorge Pereira. - Added more tests. + Bug Fixes - Be more careful about unused config item warnings when using -Xx. - Move more defines to be auto-generated. - Allow virtual servers in proxy fallback. - Allow %{module:} to work. - Don't crash in RadSec. Closes #980. - Return better errors when a unix group / user is not found. - Re-enable detail module "locking" parameter. - Don't crash when logging replies from Status-Server packets. - The couchbase module now uses "update" instead of "map", for consistent with the rest of the server. See raddb/mods-available/couchbase - Don't require NT-Password for MS-CHAP password changes. - Be a bit more careful about decrypting MS-CHAP-MPPE-Key attributes. Closes #1013. There is no perfect fix, tho. - Fix security issues with EAP-PWD. See http://freeradius.org/security.html#eap-pwd-2015 - Fix dynamic clients read from SQL in non-debug mode - MS-CHAP now allows retries (i.e. password change) when passwords are expired. - Allow "user=radiusd" when the server is already user "radiusd" - suid up/down works on non-Linux systems. This means that the control socket should have the correct ownership. - Fix issue which caused the server to sometimes have problems when a home server was marked zombie. - Fix format.pl because Perl is now more picky. - Fix proxy to Packet-Dst-IP-Address, so that it uses the correct destination port. - Fix corner case with cursor functions and removal. - OpenDirectory fixes and documentation. - Fix leaks in rlm_redis. - RFC 6929 "evs" attributes are now encoded / decoded properly. - Fix talloc pool leaks when receiving malformed or retransmitted Accounting/CoA requests. - Printed attributes again use double quotes instead of single quotes. - Set X509_V_FLAG_CRL_CHECK_ALL, and add "check_all_crl" to eap.conf. Fixes oCert CVE-2015-4680. - rlm_expr now errors out correctly on malformed attribute references instead of triggering an assert. - Make "break" work in "foreach" loops - Allow dynamic expansions to work again in the "hints" file. - Correct minor typos in comments and examples from Alan Buxy. - Re-urlencode the path portion of ldapi:// urls before passing it to ldap_initialise. - freeradius-server-rlm_sql_unixodbc-configure.patch removes hard-coded directory in configure script of rlm_sql_unixodbc - install new module rlm_sqlhpwippool.so- minor adjustments/cleanup of spec and changes- update to 3.0.8 * Changes of version 3.0.8 + Feature improvements - Allow syslog_severity to be set in rlm_linelog. - Allow defaults to be set for bulk clients in LDAP and couchbase. - Updates to dhcpclient. Patches from Nicolas C. - rlm_mschap now supports direct connections to winbind, which is faster than ntlm_auth. See raddb/mods-available/mschap. Patch from Matthew Newton. - Recommend /dev/urandom for TLS randomness, instead of ${certdir}/random - Allow TLSv1 to be disabled via "disable_tlsv1" in tls{}. - Allow Expanded EAP types where vendor is 0 (IETF) and type is normal EAP type. Supplicants sending Expanded EAP types like this are broken. - Add support for server side sort controls when searching for user objects in rlm_ldap. + Bug Fixes - Don't complain about "authorize" in "server {}" blocks, but only if there's no "server" block. - Fix cosmetic issue where debug from the first packet read by a detail reader thread would be emited during config parsing. - Fix ASSERT on truncated detail packets. - Don't use main server log functions from within panic_action, as in the case of syslog this would cause deadlocks if the fault was triggered from within a malloc. - Fix issue in "switch" when "correct_escapes = false". Fixes #911. - Fix sqlcounter configuration to use "%%b" instead of "%b", otherwise the new syntax validation will fail. - Allow forward references in configuration items. Modules aren't always loaded in a sane order. - Fix more escaping issues. Closes #912. - Decode MAC addresses correctly for VMPS. - Fix memory leak with TLS connections. - Fix state machine threading issues for conflicting packets. - Fix copy_request_to_tunnel issues for tagged attributes. - Allow "ok" to over-ride "updated" inside of Auth-Type sections. - Update state machine so that post-proxy is run though child threads for performance, instead of blocking the main thread. - Allow "netmask" to work again in client definitions. - Relax restrictions on SQL group queries. - track outgoing proxy sockets and clean them up more aggressively. - track proxy statistics, including CoA and Disconnect. - If radmin has a connection failure when running a command, it re-connects and runs the command again. - mark home servers "unknown" less aggressively. - Fix potential SEGV in PostgreSQL driver on error. - Fix issue where fields like nas_type would not be accessible via the %{client:} xlat, for dynamic clients. - Set default busy_timeout (of 200ms) in the sqlite driver, so writes don't cause selects to fail in multithreaded mode. This is user configurable, and may be increased if required. - Convert Password-With-Header attributes to binary (from hex or base64), in the authorize method of rlm_pap. - Fix invalid assert in state.c, that could cause abort in post-auth. - Fix double free when -m flag is used, and connection pools are referenced by multiple modules. - RADIUS over TLS accounting uses the same port as authentication. - Regularized return codes from radmin commands. - Fix RHEL spec file so it works correctly for Centos7 which uses systemd, and didn't like the SystemV init script. - radwho and radlast now have a -D option to load dictionaries - DHCP packets are no longer checked for duplicates. - Don't crash in sql module group comparisons in corner case. - Calculate MPPE keys correctly when using TLS 1.2. - Fix load-balance sections. Closes #945 - TLS certificates are available again in the post-auth section. They are not available for session resumption. - radclient encodes CHAP-Password properly when using -c Closes #955. - Fix issue in rlm_cache_memcached driver that caused variable length values to be truncated. - Fix track functionality in detail reader, so it no longer fails with a "Failed marking detail request as done: Bad file descriptor" error. - Actually add the peer identity (as User-Name) to the inner tunnel in EAP-PWD requests, so it's available for lookups. - Fixes to PostgreSQL queries. Patches from Santiago Gimeno. - new set of consolidated patch files: deleted: * freeradius-server-2.1.1-logrotate_su.patch * freeradius-server-2.1.6-rcradiusd.patch * freeradius-server-initscript-pidfile.patch * freeradius-server-radius-reload-logrotate.patch * freeradius-server-var_run.patch added: * freeradius-server-radiusd-logrotate.patch * freeradius-server-rcradiusd.patch * freeradius-server-tmpfiles.patch- Do not disable as-needed build - Remove the with_sysconfig switch and just stick with versions- update to 3.0.6 - fixes a segmentation fault in PEAP module (bnc#912588) Feature improvements: * radmin / raddebug conditional errors are printed to the output, instead of being discarded. * raddebug will exit if condition set with -c was invalid. * radmin auto-reconnects if the connection to the server has gone away. * rlm_cache now has submodule support. See raddb/mods-available/cache * New memcached driver for rlm_cache. See raddb/mods-available/cache * Add support for &Attribute-Name[*] in conditions. See "man unlang" for details. * Add &Attribute-Name[n] which gets the last instance of an attribute e.g. Module-Failure-Message[n]. * Allow for redundant string expansions. See the "instantiate" section of radiusd.conf. * When checking IP addresses in conditions, make the right side be parsed as an IP prefix. * Support JIT compilation of compiled regular expressions when built with libpcre. * Support named capture groups with "%{regex:}" when built with libpcre. * Increase regular expression capture groups from 8 to 32. * Emit error markers for badly formed regular expressions. * Allow 'm' flag to enable multiline mode in regular expressions. * Support limited implicit attribute conversion in update sections. * Support casting between IPv6 and IPv4 where the IPv6 address has the v4/v6 mapping prefix (::ffff:).- Drop .keyring and .sig file: freeradius-server still uses MD5 signatures, which are no longer validated/accepted by GPG 2.1.- update to 3.0.5 Some of the new features: * Allow LDAP to specify arbitrary attributes for dynamic clients. * Allow one level of backslashes (finally). See radiusd.conf, "correct_escapes" setting. * When supported by OpenSSL, allow TLS 1.1 and TLS 1.2 in EAP methods. * Allow multiple new connections to be spawned simultaneously in the connection pool, to cope with spikes in traffic. * Use kqueue on systems which support it. This allows for better scaling when using many sockets. * Home server "response_window" can now take fractions of a second. See proxy.conf. * radmin now supports "show module status", as thee counterpart to "set module status" * "ipaddr" will now use v6 if no v4 address is present. You should use "ipv4addr" or "ipv6addr" to force v4/v6 addresses. * "client" sections will allow "ipaddr = 192.192.0/24". The old "netmask" is still accepted, but the new format is preferred. * Allow custom HTTP headers to be set for rlm_rest requests using control:REST-HTTP-Header (attributes consumed after use). * Extend format of %{rest:} expansion to allow HTTP method and POST data to be specified and urlquoting. * Add support for aliases in rlm_ldap. * Add support for connection pool sharing to all modules that use the connection pool (pool = ). * "tls" sections now have a "psk_query" configuration item, for dynamic queries to discover a key from a PSK identity. * Preliminary support for EAP channel bindings. * Foundational work for dynamic home servers. They do not yet work, but this is now only a matter of updating the "realm" module in a future release. * Support &attr[*] syntax to copy all instances of an attribute when used with the += operator in an update section. May be qualified with a tag. * The logintime and expiration modules can now be listed in the post-auth section. This makes some configurations simpler. * rlm_sqlippool is now IPV6 capable. Set "ipv6 = yes" to get Framed-IPv6-Prefix returned. The SQL queries have NOT been updated. Please submit patches. and numerous; bugfixes - remove gpg-offline - create /run/radiusd after install - drop freeradius-server-opensslversion.patch (upstream)- freeradius-server-opensslversion.patch: do not check the minor version of openssl, minor versions are supposed to be compatible. bnc#906682- added patch to changelog to fix factory-auto failure (Req #242825) added: freeradius-server-var_run.patch- fixed SUSE spelling in a filename (bnc#889034) * don't install suse/README.SuSE - remove old tarball and signature file- spec run through spec-cleaner - don't install files to /var/run- update to 3.0.3 Many bugfixes Feature improvements * Everything now builds with no warnings from the C compiler, clang static analyzer, or cppcheck. * rlm_ldap now supports defining the LDAP attribute name via backticked expansion (i.e. shell command) in RADIUS <-> LDAP mappings. * rlm_ldap now supports older style generic attributes. * dynamic expansions (e.g. "%{expr:1 + 2}" are now parsed when the server starts. Syntax errors in the strings are caught, and a descriptive error is printed. * Static regular expressions (e.g. /a*b/) are now parsed when the server starts. Syntax errors in the strings are caught, and a descriptive error is printed. * dynamic expansions are cached after being parsed. They are no longer re-parsed at run-time for every request. * regular expressions are now parsed and cached when the server starts. * Added the %{rest:} expansion to rlm_rest, which will send a GET request to the URL passed as the format string. Any body text will be written to the expansion buffer. * rlm_rest now available as a debian package. * When an 'if' condition statically evaluates to true/false, unlang does more static optimization. For examples, see src/tests/keywords/if-skip * All modules are marked as safe for '-C', which lets the dynamic expansion checks work in more situations. * Added 'none' and 'custom' rlm_rest body types. 'custom' allows sending of arbitrary expanded text and content-type headers. * Added "config" section to Perl. See mods-available/perl * Added '%v' which expands to the server version - Patch from Alan Buxey. * more mis-matched casts are caught in "if" conditions, and descriptive errors are printed. * Support basic response validation in radclient. This allows administrators to write local test cases for their site-specific configurations. * Removed radconf2xml and radmin "show client config" and "show home_server config". * Forbid running with vulnerable versions of OpenSSL. See "allow_vulnerable_openssl" in the "security" subsection of "radiusd.conf" * Catch underlying "heartbleed" problem, so that nothing bad happens even when using a vulnerable version of OpenSSL. * Add locking API for sql_null, linelog, and detail modules, which should improve performance and work around issues on platforms with bad file locking. * Allow DHCP NAKs to be delayed, via setting reply:FreeRADIUS-Response-Delay = 1 * Allow tag and array references anywhere attributes are allowed in "unlang". * many enhancements to radsniff, including output to collectd, ipv6 support and packet loss statistics. * Many dictionary updates (ZTE, Brocade, Motorola). * rlm_yubikey now automatically splits passwords from OTP strings. * The detail file reader is now threaded by default. This should improve performance reading the files. - dropped freeradius-server-CVE-2014-2015.patch (upstream)- fix for CVE-2014-2015 (bnc#864576) * denial of service in rlm_pap hash processing * added freeradius-server-CVE-2014-2015.patch- remove the old 3.0.0 sources- update to 3.0.1 Feature improvements * Add "timeout" to exec, and "ntlm_auth_timeout" to mschap. So that run-away child processes are caught earlier. * Allow TLS clients to use "proto = tls", in which case TLS is required. The shared secret is then set to "radsec". * More documentation in the tls virtual server. * Add "date" module for date formatting. See raddb/mods-available/date. * Added unit test suite for internal server functionality * When loading "update" sections, check if the RHS is a literal value. If so, syntax check it immediately. * Update LDAP module documentation and functionality. The generic attribute can now update lists. * Updated dictionary.extreme. * Update sqlippool to do clears as a separate transaction, and at most once per second. This should help MySQL. * Respect control:Response-Packet-Type for all types of requests. * Add support for SSL encryption to the MySQL driver. * Allow arbitrary connection parameters to be used with the PostgreSQL driver. * Changes to the OpenLDAP schema to fully expose functionality of the new LDAP module. * Update debian packaging to include a freeradius-config package. This package may be provided as a site local package to avoid fighting with the preinstalled config files. Bug fixes * Use correct field for ARP setting in DHCP. * Fix crash on debug condition (#454). * Fix a number of minor issues caught by the clang analyzer. * Set WARNING messages to yellow instead of normal text. * Correct debug colorise logic. Patch from Phil Mayers. * Encode attributes of type "ethernet". No one uses them, but it makes sense. * Work around regex initialization issues. * Fix build when linking against OpenSSL. * Print IDs as positive numbers, which helps for large DHCP XIDs. * Fix issue with sql_ippool. * sqlcounter now uses 64-bit counters, to deal with 4G overflow. * Fix issues with DHCP subsystem. * Don't build / install disabled modules, or their config files. * Fix build for OSX Mavericks, which hid the header files in a magical place. * Fix LEAP buffer issue. You should still avoid LEAP. * Mark "unknown" WiMAX attributes as being WiMAX. * Fix typo in packet decoder for fragmented extended attrs * RPM spec fixes. * Fix rlm_perl build issues when not using threads. * Enable %{Response-Packet-Type} again. * Update configuration file parser to handle "bool" consistently. * Update declarations of global boolean variables to use "bool" consistently. This fixes an issue where some modules were instantiated in "config check" mode and did not work correctly. * Make more messages debug instead of info, to avoid polluting the logs with messages that can't be fixed. * Set operator in internal unlang code to suppress spurious warning messages. * Fix debian packaging. * Added "status" to Debian init script. * Fix "update outer.request" to update the outer request. * Don't print TLS debugging messages when not in debug mode. * Correctly manage counters for "limit" sections of TCP / TLS "listen" sockets. * Fix libldap debug output. * Fix rlm_ldap tls functionality. * Initialise OpenSSL globals early to avoid issues with the PostgreSQL library. * Fix typo in sqlcounter expansion code. Fixes #463 * Overwrite previous instances of SQL-User-Name when adding it to the request. * Work around bugs in both MIT and heimdal versions of krb5_copy_context(), which caused segfaults in multithreaded mode. * Provide meaningful error messages if Heimdal krb5 is used. * Fix attribute supression in rlm_detail. * Exit with error code if child fails to complete server initialisation after forking. This allows init scripts to correctly report whether the server started ok.- don't build with experimental modules - fix packaging bugs: * install init scripts only on <= 11.4 * install systemd unit * add %defattr for submodules- update to 3.0.0 * new feature release * see /usr/share/doc/packages/freeradius-server/ChangeLog for complete list of changes in this release * documentation for upgrading from 2.x is in /etc/raddb/README.rst - drop oracle support (wasn't built anyway) - dropped patches (obsolete): * freeradius-server-2.1.6-codecleanup.patch * freeradius-server-2.1.6-dialup_admin.patch * freeradius-server-2.1.1-edirectory.patch - added systemd service unit * radiusd.service - added systemd-tmpfile for /var/run/radiusd * freeradius-tmpfiles.conf - added gpg-offline verification * freeradius-server.keyring- add libperl_requires, as we link against libperl and thus need a specific version of perl- fixed a bug in the logrotate script (bnc#797292)- files in sites-available/ are now %config(noreplace) [bnc#781756]- update to 2.2.0 - see /usr/share/doc/packages/freeradius-server/ChangeLog for complete list of changes in this release - fixes CVE-2012-3547 (bnc#777834) - dropped freeradius-server-2.1.6-overflow.patch (upstream) - dropped freeradius-server-sha1-default.patch (upstream) - refreshed freeradius-server-fix-cert-bootstrap.patch- Use the new 'su' logrotate option (bnc#677335)- Enable the same CFLAGS as for other hardware- update to 2.1.12 Feature improvements * Updates to dictionary.erx, dictionary.siemens, dictionary.starent, dictionary.starent.vsa1, dictionary.zyxel, added dictionary.symbol * Added support for PCRE from Phil Mayers * Configurable file permission in rlm_linelog * Added "relaxed" option to rlm_attr_filter. This copies attributes if at least one match occurred. * Added documentation on dynamic clients. See raddb/modules/dynamic_clients. * Added support for elliptical curve cryptography. See ecdh_curve in raddb/eap.conf. * Added support for 802.1X MIBs in checkrad * Added support for %{rand:...}, which generates a uniformly distributed number between 0 and the number you specify. * Created "man" pages for all installed commands, and documented options for all commands. Patch from John Dennis. * Allow radsniff to decode encrypted VSAs and CoA packets. Patch from Bjorn Mork. * Always send Message-Authenticator in radtest. Patch from John Dennis. radclient continues to be more flexible. * Updated Oracle schema and queries * Added SecurID module. See src/modules/rlm_securid/README Bug fixes * Fix memory leak in rlm_detail * Fix "failed to insert event" * Allow virtual servers to be reloaded on HUP. It no longer complains about duplicate virtual servers. * Fix %{string:...} expansion * Fix "server closed socket" loop in radmin * Set ownership of control socket when starting up * Always allow root to connect to control socket, even if "uid" is set. They're root. They can already do anything. * Save all attributes in Access-Accept when proxying inner-tunnel EAP-MSCHAPv2 * Fixes for DHCP relaying. * Check certificate validity when using OCSP. * Updated Oracle "configure" script * Fixed typos in dictionary.alvarion * WARNING on potential proxy loop. * Be more aggressive about clearing old requests from the internal queue * Don't open network sockets when using -C - freeradius-server-snprintf-overflow.patch merged in upstream- fixed interaction with eDirectory (bnc#720620)- update to 2.1.11 - see /usr/share/doc/packages/freeradius-server/ChangeLog for complete list of changes in this release - add freeradius-server-snprintf-overflow.patch - use spec-cleaner- Supress timestamps in binaries, breaks build-compare.- update to 2.1.10 - see /usr/share/doc/packages/freeradius-server/ChangeLog for complete list of changes in this release - drop freeradius-server-2.1.6-edir-64bit.patch (fixed upstream)- radiusd reload after logrotate [bnc#634445]- update to 2.1.9 (bnc#615699) - bugfix release, for list of changes please see /usr/share/doc/packages/freeradius-server/ChangeLog- add freeradius-server-initscript-pidfile.patch - handle /var/run on tmpfs- specfile cleanup- drop freeradius-server-2.1.6-ltdl.patch - not needed anymore - clean up specfile - remove bind-libs, zlib-devel from BuildRequires - not needed- update to 2.1.8 - for full list of changes, please see /usr/share/doc/packages/freeradius-server/ChangeLog - drop freeradius-server-no-default-case.patch: fixed upstream- update to 2.1.7 - for full list of changes, please see /usr/share/doc/packages/freeradius-server/ChangeLog- freeradius-server-no-default-case.patch (bnc#527742)- freeradius-server-sha1-default.patch (bnc#546042) - freeradius-server-fix-cert-bootstrap.patch (bnc#546041)- disable as-needed for this package as it fails to build with it- updated to 2.1.6 o Feature improvements * radclient exits with 0 on successful (accept / ack), and 1 otherwise (no response / reject) * Added support for %{sql:UPDATE ..}, and insert/delete Patch from Arran Cudbard-Bell * Added sample "do not respond" policy. See raddb/policy.conf and raddb/sites-available/do_not_respond * Cleanups to Suse spec file from Norbert Wegener * New VSAs for Juniper from Bjorn Mork * Include more RFC dictionaries in the default install * More documentation for the WiMAX module * Added "chase_referrals" and "rebind" configuration to rlm_ldap. This helps with Active Directory. See raddb/modules/ldap * Don't load pre/post-proxy if proxying is disabled. * Added %{md5:...}, which returns MD5 hash in hex. * Added configurable "retry_interval" and "poll_interval" for "detail" listeners. * Added "delete_mppe_keys" configuration option to rlm_wimax. Apparently some WiMAX clients misbehave when they see those keys. * Added experimental rlm_ruby from http://github.com/Antti/freeradius-server/tree/master * Add Tunnel attributes to ldap.attrmap * Enable virtual servers to be reloaded on HUP. For now, only the "authorize", "authenticate", etc. processing sections are reloaded. Clients and "listen" sections are NOT reloaded. * Updated "radwatch" script to be more robust. See scripts/radwatch * Added certificate compatibility notes in raddb/certs/README, for compatibility with different operating systems. (i.e. Windows) o Bug fixes * Minor changes to allow building without VQP. * Minor fixes from John Center * Fixed raddebug example * Don't crash when deleting attributes via unlang * Be friendlier to very fast clients * Updated the "detail" listener so that it only polls once, and not many times in a row, leaking memory each time... * Update comparison for Packet-Src-IP-Address (etc.) so that the operators other than '==' work. * Did autoconf magic to work around weird libtool bug * Make rlm_perl keep tags for tagged attributes in more situations * Update UID checking for radmin * Added "include_length" field for TTLS. It's needed for RFC compliance, but not (apparently) for interoperability. - FreeRADIUS 2.1.5 * Release number skipped due to procedural issues. - FreeRADIUS 2.1.4 o Feature improvements * Permit multiple "-e" in radmin. * Add support for originating CoA-Request and Disconnect-Request. See raddb/sites-available/originate-coa. * Added "lifetime" and "max_queries" to raddb/sql.conf. This helps address the problem of hung SQL sockets. * Allow packets to be injected via radmin. See "inject help" in radmin. * Answer VMPS reconfirmation request. Patch from Hermann Lauer. * Sample logrotate script in scripts/logrotate.freeradius * Add configurable poll interval for "detail" listeners * New "raddebug" command. This prints debugging information from a running server. See "man raddebug. * Add "require_message_authenticator" configuration to home_server configuration. This makes the server add Message-Authenticator to all outgoing Access-Request packets. * Added smsotp module, as contributed by Siemens. * Enabled the administration socket in the default install. See raddb/sites-available/control-socket, and "man radmin" * Handle duplicate clients, such as with replicated or load-balanced SQL servers and "readclients = yes" o Bug fixes * Clean up control sockets when they are closed, so that we don't leak memory. * Define SUN_LEN for systems that don't have it. * Correct some boundary conditions in the conditional checker ("if") in "unlang". Bug noted by Arran Cudbard-Bell. * Work around minor building issues in gmake. This should only have affected developers. * Change how we manage unprivileged user/group, so that we do not create control sockets owned by root. * Fixed more minor issues found by Coverity. * Allow raddb/certs/bootstrap to run when there is no "make" command installed. * In radiusd.conf, run_dir depends on the name of the program, and isn't hard-coded to "..../radiusd" * Check for EOF in more places in the "detail" file reader. * Added Freeswitch dictionary. * Chop ethernet frames in VMPS, rather than droppping packets. * Fix EAP-TLS bug. Patch from Arnaud Ebalard * Don't lose string for regex-compares in the "users" file. * Expose more functions in rlm_sql to rlm_sqlippool, which helps on systems where RTLD_GLOBAL is off. * Fix typos in MySQL schemas for ippools. * Remove macro that was causing build issues on some platforms. * Fixed issues with dead home servers. Bug noted by Chris Moules. * Fixed "access after free" with some dynamic clients.- do not ship static moduleslamb74 15341622193.0.15-6.13.0.15-6.13.0.15-6.1ldaprlm_ldap.so/etc/raddb/mods-available//usr/lib64/freeradius/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:8587/openSUSE_Leap_42.3_Update/2bd2f97931c8394ad85c2248d05276fc-freeradius-server.openSUSE_Leap_42.3_Updatecpiolzma5x86_64-suse-linuxASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=822e407845e7776583c60c2aa84b8a757c35a736, strippedPRRRRRRRIӘ@}*?gU?`] crv(ȭ3NA&Gý4L [e-Uc"ASΟu|➥u$"ϐ0l-<-%1DCc#wtO=QAYhXhV@HB*ke F0!KLX{u4䢀2D~ǜļdq/Io^3ץȴ@np%?P25#7j!-jqj|1E4_|BPέCwg?2[WT4'9<ڮ~#>>hmؾ^gL6I! Cji=%5_}9X 8oo4k‰Kۨ,!,+C!VYwRGR0sgYEO&3wD7+<$'|NM?>WY^ &#l$5Vtr3V=mzJd/dAGlיrx0#b6u=B. >'%=&jWr)w\)HL>MPU >F)y db`AmIlIpm]elZjmIR[} ލ[xR / >*M*-?Pϖy}g,dYF嬝U\./~ngDAp7suA@hy 1s4e{mNf)|Џp˕iHF`LۡnavdnR÷M?{; ]nPJJH[. ;71x|z.6ה1WV鹸WbNIH^Sk.:^΀M4:x@P맗+TJFR!4SMsdk-=6.7Փ |Y}Qz9.rf]1qJ"/76٬+;\!Q^>#ZlW|$)>k}s@g?$cIFn(%}s눶6jJ'YMͣ-gdPwMtzс)jyOᖌtbLSm%;ڬ W>pz2bsjv3%ˀK gFwbaGssDp?/:[` R0$|iI"h}gX#LG}-iM"۰y2y \5dM`mx iњ(PkM{;vqԢQMC|]ҔRB,uLoʈ[Aq@J7J3lazXMliɪ+(A&;e<. 97bUW3](:-Wy* 2x0cMv'0§nʆGյ\]UIzίKVOGݿ)F.7!})rن*v]z Ԍ  o;5NT!OL3f Ǐn ީ?$^b+fz-OkIJUmkHXb|/i?/@ ni2s#JN#gl%.wȋkt|3"ƣ ą-xJꔚ:x'6d=^Q[Dus%t]i" X= Q^%iYv!צV^6|-NY B ̕EeJA99o e#\9gx&@G&ckk2Pp'Sޗ'.[Y ݏ/|NӚ` !GrY}DNբ5ƆIQCNiJ8$_$@}ri54$K1:Sܕyl@+o@cN{eő~Ks[$#qpS1]c-i"+Vv79]sahUpΪ D y.=Wy`SG<}JDaL`Nw'mrqK3p'1O:pDIL' y,3~<6% >m3}4!^ZtqzRS\ >-TD75ӝ-1=:jyo7xX2'S󄵝/X0r t2 >#7r~>jF Wt0?@ct^@4#+&`:\u";zhAN/-l:>=UL5lC[Χgq'͍1a`Fx[kwN UEsEnB: zO̷ I."G8d =Pj!NDo㝌(ld(q2_"]|ЦeOv.2heѦ@hn:%Cm8g k}g 6*xK\?)԰^71Kjw4l.ȄN&XflV ;6[ռ "_E 'V3=`Tb'o4[svUKCUC%ATP1@M4|ѩe1 /5nm"\$)<}*PQ0,;P9]1W!f PQTQfm9nQU` -_Ol%N\' 8l")O q֑^h}~?e"9MY͹ەMiU"?| JC $)"Kd٧ޘd~x(>X$A>b \֪_AvWp%K2a:=$L8qn?DV0~6!\0Μ\HSǧJ:J2b:t4_wE:ϯ>֙w3 %JC|ť g %.r2 lHd:Y=ZAI)IOQ{2)wPK*ɇA鈦(? ,I>Y7qz5G@L=Zo{8rp/tid57@0V(UJ8Gp2C9$((4gCZ zG JxM!խ$SK`-K}a\"39qgͳ SPӂZtm,r㿉WxxZhTw8p'ќC" j=#1Z$.Q بvFc5 Y#$3F<ƹ^Ʀs&*%\n x\#'Ct*\0:pfDX{(݋@Re&O 5{&`+*pC_錷9yպ8([\;x(..bSLԜ?V#{ptGpNDzjiN!(™ WG,ăСW@]-p;#:[5#TI>O{Tfң|TiV1&[9{u jџp C@6leOWO^X~ž}l/vNL̲SGP =!,%%?%SdQJatp,z!W&짃Wm' صmK\%ni ծ^nÓ4%\ pkCA܁ȑnx.r(hj `Tq]mGW/.8 Ĩq2_ ]?+z +[bSyOSH%F;Kׁ\rBCd큁zN?xiKz! '{p&}~YDYB؝f2ZOs<[)DxWI̅O\f{{]0m.W ۛ'pٙYE[ LUxnKߤxDg t&Ab׶(./MV$6;>΂6 NMq Y <ͨ"of١ğS|HC&1TΩ'ˆjw`UaCu($b|Vj&LG,tx|W!h ¡7Rt2W8EUQLGQ 4af>}o H~6`,4d-b.5f j @N7pqCYTX\Cս‡~Ջ NpkIIK2vJg;3\ Vl gstq?_Ud:Tjv9uQ kTU ʛt|@"ͨ}tfhWx٪ x0? NjI{ϗnxP^KK1DG  /dNGD9'+\)>؏W`u~Qςe[$-kOy{ 3"ɂ[.f;&~V].2kDB5g-iuRY{?C2Z;mb3"OMcN";)"[UV^fz>neȩsQ5hI6s [2HKH|&dH(+~0{'Pif{y\}] /AJ.v>H5 #z78M~]yЇA C 4l84`2&srW0fSsLR EIxsCN".{И%Ȑm,U) X I.E=R,i)1bCq\q߰ihƧ[ kT1t(-R5`vhnR$_ 052岕xےLB;5{C2KpLuJ9ڝ2[%fF{Ӻ"0,{Z Un)NL|#t,=NC/KZ.MZ4,K0U۟]K\Gl9񓱮2ZEKhZF&v!OOTȺfgvNS],E۰-mq7ShtQڙw`SFcwۏCfтGmˬ}%+|\Z,M[q K $ÍhS%in0xc $% ԤРqf O*fD:G1T =5cNmxp?;l[ p \0ѦiŘDs, 5H }y%AH5-ƉIvBUu e|!Bѥ%Nm(54 I tҁ,@٩O[C!U-ߖUF}sU5U ϊ` =\]Bٜ>qM-HD}c7xxE-7]K?p; GT[ՇRXt48[> XQiϳ~ݢ,oSU]Ll|cAawB,J|BoD3Y| 9OQ'E5CH3GxzpW%-O!;?fJ1Cv}Z#Ij$f O_ >ZߢWK*ExW{ůH񹸴+nphl$QfQyvK&˯ #~}"ˢ+kwQlG}%ϸ8 $qs n07뼽n( Z2[:*<lE׺ݷG>G "Ʌ%1;tśЋi@}0cV~”wYWFD3dP 3_oLzgڍME/Rl"!8i8]םb7Mۺ{ pڶE%-3z.=p}Zut,']!`Cj/#(Du3F&oAHW؛cB(].ivcm U-Ёy2[oB LB32!!NDƸŵeh˳v-#1k#!Ѧ@||#Emkk&+ ^MS8S!q_ ͖$6[21PfċX75},tuA7~ xLr:JWlrأu3UrK)vpЯ>,V{׭Qv:,*T db!2@Ngo {TbZAx_yVbmǺ1m0a\ lERGU;=.Ԓq42.b.+HQNW2B;?,r|%dt1Min\ 襸/6BI9iܙӒVʙunr7=oiyHU!mА#^} 9ff=xmUeY#~* s/6hl4P~!6 ]{1#5:!sEְIl0èy%B63?WUݭ6|HIEqO6&@U7#SZVpi$ٹ5U,'>A1՞s'j= ~+צK# = V#Eq2WhUw:UO;|66[Jk O+JnK MCg֠u˖/Ib 黕oYܡi+y* =hB &ɔG7\]Eɠmy1f TJŶ &W]3:av.${ժV 5g۫rQ;hc n0LXQ]b ^GZ{tvM[C& c9W@f1,C`tז` Ť} _,`\oik93irwɺ.. H#ne_SgGfd' hMCǷj8 2-7L-aFck룮ƴoy7#\RKARe*El4J[Vz+Ic6.35=i~߆_-rdZb e>#~lbJ0|?ĥ}P.e+6uFt/gjr9X)4G[E&/u"VsQ\2y$.GƘN>BqG{VapJr՚DobxDg)C\Z0;JQ5?̀p"ش;090:e.iS"^ /^?sS}K`Erzq%C{H#AWԞFmo"m1w~N"ɪκ%93P263JDA"k`Z[sO;Vp!bwF[5N\B[&iF\d![;yxƛc{o6I}TfrM[gV`r+Y8TK|UGKNHU3kn񙶸GJ˔kҔFbA-|Slz[ZxSrs~5ǒxm[AViׁ^|٦V1H~LYKl*6Ck#"B'd_zNMwq\2&&Ks8qpHVK\㣏?JœeFj> a(R5ox5MLhИߢ `"8udN&M)2q*xUdvjE)z\1W ',p>G9a0zdf|l, Dp*쭝 #aOگiM kVOSS7 LF`Y?5!kj[ dTT0\ XS?cyD\v 5\\XBw @4&!phPξAH#S7P' G'm? -pwjW490`IT?ޕN8SZsF26Б9J v4+K&S:RGJ<` *H zC66¦;B(ٚ֩bi*|Z}$6]p#2N_]"ư#J$z2j!*gK3P+AhO;|byr[ x!x ο[9/ʮt)ݒ/Gs^OlK[Ǚځ{Wˆ8w>wF]3 6=ʱ$K)bfeHl ИqDO;;_$mF$^?R٧sVm*}Ɠ,l|'"#ũ޼¶|jΛlU a{BR$  RqN#;OA^+̇b I Zj#{5yS6$R1xrpKTK- N/|9.i):ݪ76 ]r Fy.{ڦ.YQ z%U@ !M۸Df[<=壚umSNbΎ/1^`l/_s[ @M0dSq$$gJ =HcQ^4~b} 49`IP'$=Rťnjnjɷj0Ё-jY.A'V|EڨÃ'H~lf/U&z GMblessh2⠞m//Jq(ބ02D_ZQi^` G\(pF`tV!bk76qҳGe_X ;m6> iX&!rboJqhT 7fT K>gPxfX8T1IZT%sqY>~f1B3oj^D8.  gU=oъ)Ce;lOΫzoZzP͛jG'r Ϛ<Pp^?A{``9-/`|bu~Dzkzk2 -p&Y<Ū|CvFiZ }˞)'Pӗ!frQhu͸5ۺSr1m]5M0#hbhVD*>ʻZi߲ "gN2-M+fG`z!.nDL?rRR,)ј!슛|K1哆NXDc TYЯXŝA$VX < |ߞ.kyIŕeQ̟)IiWŰhtj@{6He5[nDb|ks9矃:l d0DO`VzŷbafFab8:4W. X!e)liu"H0$љ&СuZZrMn2 M)C3vnh|UseKec koW$Kn?K/Ӓ|^ʙ;ںƜ|0 rB _"<ܘ-ԚZ\1wGaFu)FAqa߲2UbMrU6liLPBi sIU4V}k5Dhb^9d$b š'*U>M.kx.?r6K<!Drcn,{jxXPͲfNYw!xRMu*NĖG2\eosʰm!ݷ9*Wʘ׉)09l.)c5(P1ysdXNcAtrAkѦC JsP/-Wft;LyGRʊWB44T,WY;8*Yx RE/氨JdC`kh{_X&"n`-a&''0Q[mzB9so8_վzAp\z:`W ۝!N"c7YoX %n)y r=9F'LIkFLaifع Iwĝ̽^;xz23p[ 8:g~~L%7Y^ݠDPes>' j"22#{E3{\ZLd:SB]ă׊zſ]Ks{ W|$hM, sOphػ_;Z뾐Ɂ&vsڜ2#GwSat9Ry ŭU{yEULX|N)mi%m)0nGe3,(,O-pcYYXnW| ߽Uy_`a2ĩWF1x@ݷn NcSi1[>aϵ,=[2S$1Ѣ)Ò&z{=hx0i "k;؅, w,f?G4Gr5V֍ )GrZf't-֨0̑>͉t=Hվ&F&  tJ:@,9A4=8jy`5RI5[odK?gGqzlCG܎{I'S;TNn`E2$(,2ߠA4U OV$ۘjy u9(9Oi*?ک yd" wn䞧2$3/ UFw+Xk^tF`#!C,pFzեU6b,fQʢWWN 70Bi(Fdؙ ܥ1wsIOa4fz_JU?*`*47ȆtL ;]F(yK/XwDc2Nͬ40Gwۂ#V7uZMNBb!U:xpMT؞1zQMfzJqwwJϛT\/6Q1&}NYM&uDTV4N2ICGmNL~s yM""F aҁ4ZZ: ;ߗݱiU{šW4 HZT:crڦsWDW+ Y%fy)IU&Zz._q"'k CM؛@Ӛ+ʵ@^?Jl!ljK#u\[:Bl9Lxeb ݀ x;A5_]8i{*3\M 6?w#$9ׂ ?vUvڝJ dxq#u됅$,kt)ufPr i1:dWĖ/b|]G5B]]=劁W f!-7Wؤ4;E;;W*Կz C 8 $~ǝOB^&Ա;Xlømq)ibR^N)U篓P Tʫ* ɢp*ӅžIdշa:I_EIiFT2u_WEonZ@Y@2&ڠ|dNcR~ņj{6!> `.7:|6"\[ jk;B;F "xߧW \a o炀1kF(0#rjd&_Ioqց]+%Y6 3iPJ,"x i"FPeؠ%tN!uz .}?ɿ)uFf{(&y\|rןS(l؎q$4h hϙvL ԧq~0֋t@C7%~Nk[//Sx>?#MϺ !/3SR>Bť#rkWҫvHg PMb@5x%h"ԠWJQtP1>Xe}?6R.)kݳ-k{ 2`%T^FUDVw1܎P$!Km۝ɕMV+ i";ܥ؋3$03SX65-i(2!t;Ծ",Ă~)^SE} ԙsCsx|~ρ H_|_uG-jaݽ(kJKf#V^oJxW {ppqhE.DedtwX9|DȖ5(S8ryE J|?j&B'C0gZƟtǥ-iRy\_Ҵb\h\>HθӉ8T2]!ț)쏌_oS*NʗUb|BNn{`H x-XՉ;C ԧGUw\^o_[)1ySeJb#W,gnjׁf mlYǥaՍ 4Dvmq9(o!jac@7,w{̬Neax'뼵يIBAC/|\'Dj,)%An"Aqg:d,k=tvG̝t%U]a>Ǘ[ zKe;@Hv$Te_?*o%"-:щ̢whlY F ԡbMgu1?%ְ |X<^BJ<9cbs _6ޑNLZKۂX"?ƋA88l4SZFɢ4~8:),k#c@hKdKΚ] s= 'FOpAFZzۓ,VS*ߎ6tBq$HtM3)rGqquy.ieOt~#Y{9zH./܋r'(i#sCOFW]?"~ '+ [ [rr^qSQK\r5s*͆@ᱟ͍(ZaY"׽fZq'8xyA?#yNq#k!1W߄3d#2b3%^%dhggtE!_k 3͟Gg9}M G>[Yۜ_3Vhc2?,$ tOr̢IQ/ iMeQɧXos;pTnO$$EӹF=x|`iDQVb HmV((COcPdiV }ojg[fwOc̎\I6#ǼM롴DRV;#N Bx@c?['F8Hf10j  U!>qBPxX J4cpii:p™+lоL%kNtEB\TzM$I= 3k 9clx׺bSx5% [^9XۑAݡ@|/P%hyrPm^yrxƇIl>D.nmBqVs7Q|7+ܘVP͑7Eߧ)߀DZVLL̳bj>)!4ؤTM7HKN.5Hi8X4$b`R1֪OA Z,drH ѧ+"4zmkgg䪆E8 XuvfJI1Ý$m"CbaMN{IwW}n+c_s!U&F)‘᧤Q^r?U]v=2 MUс8I+ f"J1:eKZa'}s&?;BMrۣSZg hle;!(}&u .{X6G}y"6 %}h&%6B>USW*2T5Q ǻ_Eam`YqEͦ*ūdR YM,P1iDY)yp-4K2i4J-$MrJŸ+!A+Bo͚SdCUa4o_=c  T>k1’vY2 ,3@S<hƵNpIZ69 PHJ[@0!`KO3;-ưLj4A%W]T)v \qgFzt K%Ai:=|9GP޷g cߐvT‹eGDآ%& {swF'G bǰHW#{{ 9*d l!iϧE}AQg& _/Aߤ9%imSDĊMgu壟Yڝ"҂71<;C ءE-2b8fFJv-%y 2hv2 6;_2co\IaAŌD)/n燁o E2@GlYMy5m\m(:cMd{,tK-Sf1 >^>M>+Iǂ|5 ~aQ:kU% hT.+Gt XepHh%5\J0;%y>KC;,ibN.x$ #!G.ޗ8P,3tBm\jm1[Liq#VRmmF򍵄Nz~g͐lxR rʯIpgW7HY۳9কXOA]DuOEl-K[/+pӺVǖriDd5h8>M' 68^4KFKkStMҋtX 7]26qo{c9 $֐ϰ:;3oMJyASWmt, ?(pM%4F]'p[WaߧPWWD?K`S 3Ȯf9>Juj(]߳1 Kk˗+Ue^>]Ť#=vwYdp-!c@}dnAV+$IZ"`6\/~?"웟]2c;C$u6/5j<c`Ip$BA`9մ8Ne/&um+N2F , -[ASh2BЙVFh^Tʛ{ ' U<:6ӈ ˡ3EPkF7UߎWsR #cˣVyPPLc @{ס~@݄=aRH3\-LVr Ƙ{ KDu׮9 b%%-/w\9Lǫd7Ylπ^tdёoDpxuhup!Rz"Y{dy(,G?ls''̂pkC 9ef:gvY@"6ԽQ?oD4vBr7BApok2s\Ȑ%Vf1.~LRC K>DWRVH0Da+7$19j b j8d<ͮnŞcT)iR@ N ! |219&y/o,Pc*0 Co:iWYA v4k69M.5rN\Yt~>D(Z,MPкPT<: nyHzJ-w]Q*@Z}8o^wGt+y$07v-t5+nPT MphB{) e/毁pzv3݂N PR2sg]]pƟΫw`z̄VPDiI+'sEc+B4TK|@EnoFBZph7/}lM 2D! )l1UVT%}./- %ة hj-z;#@B]h*dEqzOhl2K;e|IEaVU#:q,%6j0_{y2ghK,,oe)lf G,yG>ȶa8j%7χtJ]FJx H_>gG[Ee}`walHg q6 ?ܧaNbAU ٰ$0QUwm-I1&f3$j&׻vG͜ROFRN:@&ڿ ?&YZ^D©tLW39Yokݥsd&ϔr5I@~ ׁ7Oy psIiw}}B!1XcD/hF}TEŽvCIx8tNBHwbJqfC Jʈ+c&.8P4h2ah%q?ѩ h,tᲖ)8sǿ:j4W"(ѽя?+%R ͯ)XVt9Gf#Fb0O05ڻ< eM+ B'|S69d&񪴏76vcȪZΫ4dP5߽ĺ 1j1+R5! .v<'0а:$_ߌQWxH=K1D1&vyj!0G# dCEk,ogά` >"ItDk>OkPoWATSnW"jNpVr2F5G>ʢ-˫(N?Nbn%ˤk'sy+,i|Rx5?2R*nz$庶J遪pNIH˰Gai2#(A$^9q'%br4.frp8xYxmBX<"u=75&*8EG5?^cE0 2 =.׍n~6n[Z]3c]>:6.+tI:D7_?d1q~/r0 [\2u-pWzXZYgrXx7\RuR_mR4ʔYP,u- MOMӮT@={$ Kur N Q@VXõgi?j16)·íT1qEԱ,;Jk\d5 'Ym7QGtdc gN>˕zjipQ.:ܲ@<Nɽhbd \;Wʓ}!#27Y>L{,muI q)̑hd ٩&ͮ@(6_:B3Yo|ݙ.o\M*#[,ߕ5dS O,B.F\FwpH*UrQ!e4nI(0 W D/A0T7/Wg5gV6u} )FM ?1d,ex%>lI4꧸OBxdCp% xHPtЗ4L(bi0b_Wh:Io-y} $AJwn.SOC> Ol"6SO}a9]: gWBl7,EHclXW7hmWT} S " {;HKڎ^=1ID$/+AHxgH RO|N;[W+Ta ɓ3"&8nfD?\i"ԃi'WYxZCZՑB vx.ԫτ~j{}da(#nCF߬l}a|*Q,>,R%wj?b\ -T %湗dY lM/6xĩZXC.3%]Y Tce :Qs.8+.3gq kIpx%O{9y#D&(^hD Ŝ[@Ž}Qz@,'i骙ZƸEgS!T-jwk ʏ[ڈ { 1o6 چT$agTq b}@-JM8GU CYX@m26-yI{TQN+&" 35r57|PRHbJ/2<퀨^H}^ "p% ܗh~"TbpA2<_bqxUUPluJМ[,cl$zl">(  J&d EaGd3w ?mH>krfo3b1'Y`ڞ_7XcfݸayNUM϶66\\#wԖr`Apn/ uqvz-I9wO;֬C9Iվx[Xȉ@Ƿ؋/౬JjZO_>%WI@Q3nyx=I0$c{jt/5}9~[N/~UyVn^>1%3sP&3#0*(ș@OUHb>6*\FA=$ 'vZx_M;}$ޙW`UgE''J,MNOHu_s4Xk30 xL 橌j|WAWIˊ _1bFd'~ǜΛ#7_;Le|O}fXR sFtL h׻20ˡH03,6/+ vު4. )OXݎk2|5:aS D"#Hq~\ČXa+jc7z诲WDBa maL/ŗmWЄctGv>n/J'MMco|+@oW]mn0$ٜ|Û*]:@O3%ZVOfŨEal\Vx~j֣?BE/:Pe_E i!c /eT9P}6L@PnoQbհywˉWc>L*zSo 0oN!DG"t@.a]qλ媖krl4z6hght 屰/ו_;`|ƨ`c7jLЇ|`Ak7 E/^]Ohz]]fiH1L4 ioHZطPG̮V>"_=3KL0_Nk ;O2 VW> Dd:{,g:>`_,ӹ#Nn3>-Ժ"1ӾmVD08 !ci9]ۦ4qJBbID8NЬTH8^qX Lf3zHȯv1Ns[\2)5Kd6]?uM2qgDt}?QuBC_$$Eȹ X\sds;?<T^CwR-E^VocifI)9T$2_:lPZJ/YS٬EJ@M+ˁcCCsy <Իq8!S*PMI )*6REy IXC7;CWvX[ ]#QJ| 9{#sƠV?nN m0Aˋc7-$'\oUk-7hGpN.ɿst#Jx_Uպ 1²=wRR㥟;_iC~'cG$1}i j'2Xa{=wj^&㎷ľ^ }GpE$G ߕoS^]49ybK*5wӖ8K-}ͩMMA] ddyG1Ih&ó:(1NOuzB4]fWX/)O/(UdSdhlb:\}O5 C8WV 떓;;_ 9*>-+ _; žoB0JlLXk1эK^<GQcx|靰\J(m;Ҡ'oxۡ"YME@g\U;u9G#< pPw-pk^xa+qZZW.3QP?SBtz$J8" 6ʒ^Y?Wa_Ohh6S)Uܒ&Tƨ7:~mUE! /0 uzo^jb?=Btm`V|F"Vxt=7r~K8Yf[Tk|`/}6Ul?F$ 21dH$>bKqS7}jT9(i<` ח?l^en*p߮*C5&clnUc |dAc,lKwfuCi|?Fz0Jې=4F 56Z.C H79}.1 hp]h5urolˢSxyl)Je(VW3*v ҧW`[Htfz@PObWѩ,C @J8Z~aEFX CZs xXz"\ &'R<$p@4^r\xbOSkN#?6qŕwM)RD:Nh9ޞF/),fxpIxnەF1 23<#ҪNjLc1)S`8M9{hsK1^pUJ/)zaRx{C¢t=zB;~ e z!3N׳hԆlkɂ7,KR5Tp8Xi?F?$839eS(  ~- %*E{{Wj&6SŐ7 BivV.xY+:pg/leo$T;ژ\w 2]7%a~mnLS)r|β9Ȉ4p'܅,$Q9i2v[hlUap^RސGlY:\ZZֿݞԐD_LR>Bg65Ö,p^7$x(h^ طף֘@[ku߸gwx ^LMme&grb58=K+(ޥp"PkmTOjѕ4cE3qȮ7^ãAHH*wrzlר I֕͟_x,` eek@?9 O!fpKVRaSqf/i0B\{Q28g>~@g;HubiiynKe&AN\(7`Uf3bPx-%c^DaBo)IhCNB)6U^AmJ.=[!Wn4Q 5t˜Eث{Ύ,GںߴR}X8 ҆51AoA#0#G[AI{g:&B`=pfas~YAcdrH JS#!m^q3n`dbٳUgxFi@spN\!&}K< f7!(ۮi,?&Sh Bȹm dIoذHĿ&ԥ*ArVA PPqOn"Gᔏ4LEY﹜2Jf0Hr"~x9~Sa8D{cCMkqW" /پhmqV@+n)S%.:@_Q+EÅS6wD)z\ e1[345ߨz^S Y Z𱓯E#8*lpBw;MOb`M Xy@A| t9ƪE6Utm|碋7Ke䐟Bn^a/Iw7 \<>X'7H~LQ9ER<rq\-XȡN{}-g}ݱ""7 3̚rFjퟫ9"֝cac;SI $<Ŀq,܅yR6~˪yc?MxU;Vj<;- _Ov']QHLe+[%>/QAkWKZ\ykMG$y.SF4Jo}E gdrYaQt 4\+s˥cWowRUS@i7Y4`ڃj0̾ L,2$vg>tӒZ5 PU7Z1 ǫ)8/-AxkD-%#c+Hۜ#X)ӽb6Ctr~<_DmDIW~rOA@wOV:ǽskviNJ 50^;8ysqB. VQMt#/Z%oQnT1? gh