389-ds-base-libs-1.3.8.4-25.1.el7_6$>P!V ]*o!$>8=?=d & N8<TX_f  . L   0l,h44 4( `8 hZ9Z:UZG5 H5\I5X5Y5\5]6,^7%b7}d8Be8Gf8Jl8Lt8du8v8w;x;y<,n=C389-ds-base-libs1.3.8.425.1.el7_6Core libraries for 389 Directory ServerCore libraries for the 389 Directory Server base package. These libraries are used by the main package and the -devel package. This allows the -devel package to be installed with just the -libs package and without the main package.]?*x86-02.bsys.centos.orgUCentOSGPLv3+CentOS BuildSystem System Environment/Daemonshttps://www.port389.org/linuxx86_64 p8KmAA큤]?*]?*]?*]?*]?*]?*]?*]?*]?*]?*]?*[+؉[+؉[+؉]?*od7bd633c826acba9976afed0321e1bbeb23db2e1798ff92e04de1b3b3f8ccec4c72ba6fddac1dde204d3551bd46ad7ca4813a842f69d214e374e353364718066814e236aa23b5d015db6abae463e89ed0ce00577fe3c88d9cad7213e8c98758972d29c430b9fd9b62fb659376d3b68c12c531457da78f081fa0b7bd3be4d1fdf3f20b480b5c9b374febfb62f87bc06cfa9b3e9bcf88dec5f494baef194f60695495b7c1e22dcc0f37d78076a1fcad786b69ac78f1e806466d798fd8fc4a5d10d8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903a73b7d3598e98f46aeb0559e641d3e6ac83c0fc34e1e5fa98cb9d4a6050bacd997a6a0413ce3664e192dff12a29bc3f690c24e8a0d48d986478c56cdfe370c3blibldaputil.so.0.0.0libnunc-stans.so.0.1.0libsds.so.0.0.0libslapd.so.0.1.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootroot389-ds-base-1.3.8.4-25.1.el7_6.src.rpm389-ds-base-libs389-ds-base-libs(x86-64)libldaputil.so.0()(64bit)libns-dshttpd-1.3.8.4.so()(64bit)libnunc-stans.so.0()(64bit)libsds.so.0()(64bit)libslapd.so.0()(64bit)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.2)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.8)(64bit)libcom_err.so.2()(64bit)libdl.so.2()(64bit)libevent-2.0.so.5()(64bit)libgcc_s.so.1()(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)liblber-2.4.so.2()(64bit)libldap_r-2.4.so.2()(64bit)libldaputil.so.0()(64bit)libm.so.6()(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnss3.so(NSS_3.10.2)(64bit)libnss3.so(NSS_3.12)(64bit)libnss3.so(NSS_3.2)(64bit)libnss3.so(NSS_3.3)(64bit)libnss3.so(NSS_3.4)(64bit)libnss3.so(NSS_3.6)(64bit)libnss3.so(NSS_3.9)(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libsasl2.so.3()(64bit)libsds.so.0()(64bit)libslapd.so.0()(64bit)libssl3.so()(64bit)libssl3.so(NSS_3.12.6)(64bit)libssl3.so(NSS_3.14)(64bit)libssl3.so(NSS_3.2)(64bit)libssl3.so(NSS_3.20)(64bit)libssl3.so(NSS_3.4)(64bit)libstdc++.so.6()(64bit)libsvrcore.so.0()(64bit)libsystemd.so.0()(64bit)libtcmalloc.so.4()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.11.3]] ] #\Z@\\\l@\l@[@[@[[:@[[-[~[~[m~@[W[U@[L[L[L[L[0@[0@[+@[@ZZZyZyZk@Z`@ZX@Z*~Z }YZ@YZ@YZ@Y@YB@Y*@Y˒Y˒Y@Y6@Y$$@Y@Y i@Y i@Y i@Y i@XQ@XQ@X@X9@XP@XX@X@X@X2@W@W@Wu@W@Wt@W.@W~W~W@W@Ws@Ws@Wi,@Wi,@W_W^@W - 1.3.8.4-25.1Mark Reynolds - 1.3.8.4-25Mark Reynolds - 1.3.8.4-24Mark Reynolds - 1.3.8.4-23Mark Reynolds - 1.3.8.4-22Mark Reynolds - 1.3.8.4-21Mark Reynolds - 1.3.8.4-20Mark Reynolds - 1.3.8.4-19Mark Reynolds - 1.3.8.4-18Mark Reynolds - 1.3.8.4-17Mark Reynolds - 1.3.8.4-16Mark Reynolds - 1.3.8.4-15Mark Reynolds - 1.3.8.4-14Mark Reynolds - 1.3.8.4-13Mark Reynolds - 1.3.8.4-12Mark Reynolds - 1.3.8.4-11Mark Reynolds - 1.3.8.4-10Mark Reynolds - 1.3.8.4-9Mark Reynolds - 1.3.8.4-8Mark Reynolds - 1.3.8.4-7Mark Reynolds - 1.3.8.4-6Mark Reynolds - 1.3.8.4-5Mark Reynolds - 1.3.8.4-4Mark Reynolds - 1.3.8.4-3Mark Reynolds - 1.3.8.4-2Mark Reynolds - 1.3.8.4-1Mark Reynolds - 1.3.8.2-1Mark Reynolds - 1.3.7.5-18Mark Reynolds - 1.3.7.5.17Mark Reynolds - 1.3.7.5-16Mark Reynolds - 1.3.7.5-15Mark Reynolds - 1.3.7.5-14Mark Reynolds - 1.3.7.5-13Mark Reynolds - 1.3.7.5-12Mark Reynolds - 1.3.7.5-11Mark Reynolds - 1.3.7.5-10Mark Reynolds - 1.3.7.5-9Mark Reynolds - 1.3.7.5-8Mark Reynolds - 1.3.7.5-7Mark Reynolds - 1.3.7.5-6Mark Reynolds - 1.3.7.5-5Mark Reynolds - 1.3.7.5-4Mark Reynolds - 1.3.7.5-3Mark Reynolds - 1.3.7.5-2Mark Reynolds - 1.3.7.5-1Mark Reynolds - 1.3.6.1-16Mark Reynolds - 1.3.6.1-15Mark Reynolds - 1.3.6.1-14Mark Reynolds - 1.3.6.1-13Mark Reynolds - 1.3.6.1-12Mark Reynolds - 1.3.6.1-11Mark Reynolds - 1.3.6.1-10Mark Reynolds - 1.3.6.1-9Mark Reynolds - 1.3.6.1-8Mark Reynolds - 1.3.6.1-7Mark Reynolds - 1.3.6.1-6Mark Reynolds - 1.3.6.1-5Mark Reynolds - 1.3.6.1-4Mark Reynolds - 1.3.6.1-3Mark Reynolds - 1.3.6.1-2Mark Reynolds - 1.3.6.1-1Noriko Hosoi - 1.3.5.10-12Noriko Hosoi - 1.3.5.10-11Noriko Hosoi - 1.3.5.10-10Noriko Hosoi - 1.3.5.10-9Noriko Hosoi - 1.3.5.10-8Noriko Hosoi - 1.3.5.10-7Noriko Hosoi - 1.3.5.10-6Noriko Hosoi - 1.3.5.10-5Noriko Hosoi - 1.3.5.10-4Noriko Hosoi - 1.3.5.10-3Noriko Hosoi - 1.3.5.10-2Noriko Hosoi - 1.3.5.10-1Noriko Hosoi - 1.3.5.9-1Noriko Hosoi - 1.3.5.8-1Noriko Hosoi - 1.3.5.7-1Noriko Hosoi - 1.3.5.6-1Noriko Hosoi - 1.3.5.5-1Noriko Hosoi - 1.3.5.4-1Noriko Hosoi - 1.3.5.3-1Noriko Hosoi - 1.3.5.2-1Noriko Hosoi - 1.3.4.0-19Noriko Hosoi - 1.3.4.0-18Noriko Hosoi - 1.3.4.0-17Noriko Hosoi - 1.3.4.0-16Noriko Hosoi - 1.3.4.0-15Noriko Hosoi - 1.3.4.0-14Noriko Hosoi - 1.3.4.0-13Noriko Hosoi - 1.3.4.0-12Noriko Hosoi - 1.3.4.0-11Noriko Hosoi - 1.3.4.0-10Noriko Hosoi - 1.3.4.0-9Noriko Hosoi - 1.3.4.0-8Noriko Hosoi - 1.3.4.0-7Noriko Hosoi - 1.3.4.0-6Noriko Hosoi - 1.3.4.0-5Noriko Hosoi - 1.3.4.0-4Noriko Hosoi - 1.3.4.0-3Noriko Hosoi - 1.3.4.0-2Noriko Hosoi - 1.3.4.0-1Noriko Hosoi - 1.3.3.1-19Noriko Hosoi - 1.3.3.1-18Noriko Hosoi - 1.3.3.1-17Noriko Hosoi - 1.3.3.1-16Noriko Hosoi - 1.3.3.1-15Noriko Hosoi - 1.3.3.1-14Noriko Hosoi - 1.3.3.1-13Noriko Hosoi - 1.3.3.1-12Noriko Hosoi - 1.3.3.1-11Noriko Hosoi - 1.3.3.1-10Noriko Hosoi - 1.3.3.1-9Noriko Hosoi - 1.3.3.1-8Noriko Hosoi - 1.3.3.1-7Noriko Hosoi - 1.3.3.1-6Noriko Hosoi - 1.3.3.1-5Noriko Hosoi - 1.3.3.1-4Rich Megginson - 1.3.3.1-3Noriko Hosoi - 1.3.3.1-2Noriko Hosoi - 1.3.3.1-1Noriko Hosoi - 1.3.1.6-26Noriko Hosoi - 1.3.1.6-25Noriko Hosoi - 1.3.1.6-24Noriko Hosoi - 1.3.1.6-23Noriko Hosoi - 1.3.1.6-22Noriko Hosoi - 1.3.1.6-21Noriko Hosoi - 1.3.1.6-20Noriko Hosoi - 1.3.1.6-19Noriko Hosoi - 1.3.1.6-18Noriko Hosoi - 1.3.1.6-17Daniel Mach - 1.3.1.6-16Noriko Hosoi - 1.3.1.6-15Noriko Hosoi - 1.3.1.6-14Daniel Mach - 1.3.1.6-13Noriko Hosoi - 1.3.1.6-12Rich Megginson - 1.3.1.6-11Rich Megginson - 1.3.1.6-10Noriko Hosoi - 1.3.1.6-9Noriko Hosoi - 1.3.1.6-8Rich Megginson - 1.3.1.6-7Rich Megginson - 1.3.1.6-6Rich Megginson - 1.3.1.6-5Noriko Hosoi - 1.3.1.6-4Rich Megginson - 1.3.1.6-3Noriko Hosoi - 1.3.1.6-2Noriko Hosoi - 1.3.1.6-1Noriko Hosoi - 1.3.1.5-1Noriko Hosoi - 1.3.1.4-1Rich Megginson - 1.3.1.3-1Jan Safranek - 1.3.1.2-2Noriko Hosoi - 1.3.1.2-1Noriko Hosoi - 1.3.1.1-1Noriko Hosoi - 1.3.1.0-1Noriko Hosoi - 1.3.0.5-1Mark Reynolds - 1.3.0.4-1Noriko Hosoi - 1.3.0.3-1Parag Nemade - 1.3.0.2-2Noriko Hosoi - 1.3.0.2-1Noriko Hosoi - 1.3.0.1-1Noriko Hosoi - 1.3.0.0-1Noriko Hosoi - 1.3.0-0.3.rc3Noriko Hosoi - 1.3.0-0.2.rc2Noriko Hosoi - 1.3.0-0.1.rc1Mark Reynolds - 1.3.0.a1-1Rich Megginson - 1.2.11.15-1Rich Megginson - 1.2.11.14-1Rich Megginson - 1.2.11.13-1Rich Megginson - 1.2.11.12-1Mark Reynolds - 1.2.11.11-1Mark Reynolds - 1.2.11.10-1Mark Reynolds - 1.2.11.9-1Mark Reynolds - 1.2.11.8-1Fedora Release Engineering - 1.2.11.7-2.2Petr Pisar - 1.2.11.7-2.1Rich Megginson - 1.2.11.7-2Rich Megginson - 1.2.11.7-1Rich Megginson - 1.2.11.6-1Rich Megginson - 1.2.11.5-2Rich Megginson - 1.2.11.5-1Petr Pisar - 1.2.11.4-1.1Rich Megginson - 1.2.11.4-1Rich Megginson - 1.2.11.3-1Rich Megginson - 1.2.11.2-1Rich Megginson - 1.2.11.1-1Rich Megginson - 1.2.11-0.1.a1Noriko Hosoi - 1.2.10.4-4Noriko Hosoi - 1.2.10.4-3Rich Megginson - 1.2.10.4-2Rich Megginson - 1.2.10.4-1Rich Megginson - 1.2.10.3-1Rich Megginson - 1.2.10.2-1Noriko Hosoi - 1.2.10.1-2Rich Megginson - 1.2.10.1-1Rich Megginson - 1.2.10.0-1Noriko Hosoi - 1.2.10-0.10.rc1.2Petr Pisar - 1.2.10-0.10.rc1.1Rich Megginson - 1.2.10-0.10.rc1Rich Megginson - 1.2.10-0.9.a8Rich Megginson - 1.2.10-0.8.a7Rich Megginson - 1.2.10-0.7.a7Fedora Release Engineering - 1.2.10-0.6.a6.1Rich Megginson - 1.2.10-0.6.a6Rich Megginson - 1.2.10-0.5.a5Rich Megginson - 1.2.10-0.4.a4Rich Megginson - 1.2.10.a3-0.3Rich Megginson - 1.2.10.a2-0.2Rich Megginson - 1.2.10.a1-0.1Rich Megginson - 1.2.9.10-2Rich Megginson - 1.2.9.10-1Rich Megginson - 1.2.9.9-1Rich Megginson - 1.2.9.8-1Rich Megginson - 1.2.9.7-1Rich Megginson - 1.2.9.6-1Rich Megginson - 1.2.9.5-1Rich Megginson - 1.2.9.4-1Rich Megginson - 1.2.9.3-1Rich Megginson - 1.2.9.2-1Rich Megginson - 1.2.9.1-2Rich Megginson - 1.2.9.1-1Petr Sabata - 1.2.9.0-1.2Petr Sabata - 1.2.9.0-1.1Rich Megginson - 1.2.9.0-1Rich Megginson - 1.2.9-0.2.a2Marcela Mašláňová - 1.2.9-0.1.a1.2Marcela Mašláňová - 1.2.9-0.1.a1.1Rich Megginson - 1.2.9-0.1.a1Rich Megginson - 1.2.8.3-1Rich Megginson - 1.2.8.2-1Rich Megginson - 1.2.8.1-1Rich Megginson - 1.2.8.0-1Rich Megginson - 1.2.8-0.10.rc5Rich Megginson - 1.2.8-0.9.rc4Rich Megginson - 1.2.8-0.8.rc2Caolán McNamara - 1.2.8-0.7.rc1Rich Megginson - 1.2.8-0.6.rc1Rich Megginson - 1.2.8-0.5.a3Rich Megginson - 1.2.8-0.4.a3Rich Megginson - 1.2.8-0.3.a3Fedora Release Engineering - 1.2.8-0.2.a2.1Rich Megginson - 1.2.8-0.2.a2Nathan Kinder - 1.2.8-0.1.a1Rich Megginson - 1.2.7.5-1Rich Megginson - 1.2.7.4-2Rich Megginson - 1.2.7.4-1Rich Megginson - 1.2.7.3-1Rich Megginson - 1.2.7.2-1Rich Megginson - 1.2.7.1-2Rich Megginson - 1.2.7.1-1Nathan Kinder - 1.2.7-2Nathan Kinder - 1.2.7-1Rich Megginson - 1.2.7-0.6.a5Rich Megginson - 1.2.7-0.5.a4Rich Megginson - 1.2.7-0.4.a3Rich Megginson - 1.2.7-0.3.a3Rich Megginson - 1.2.7-0.2.a2Rich Megginson - 1.2.7-0.1.a1Rich Megginson - 1.2.6.1-3Rich Megginson - 1.2.6.1-2Rich Megginson - 1.2.6.1-1Rich Megginson - 1.2.6-1Rich Megginson - 1.2.6-0.11.rc7Rich Megginson - 1.2.6-0.10.rc6Rich Megginson - 1.2.6-0.9.rc3Rich Megginson - 1.2.6-0.8.rc3Rich Megginson - 1.2.6-0.7.rc2Nathan Kinder - 1.2.6-0.6.rc1Rich Megginson - 1.2.6-0.5.rc1Marcela Maslanova - 1.2.6-0.4.a4.1Rich Megginson - 1.2.6-0.4.a4Nathan Kinder - 1.2.6-0.4.a3Caolán McNamara - 1.2.6-0.3.a2Rich Megginson - 1.2.6-0.2.a2Nathan Kinder - 1.2.6-0.1.a1Rich Megginson - 1.2.5-1Rich Megginson - 1.2.5-0.5.rc4Rich Megginson - 1.2.5-0.4.rc3Rich Megginson - 1.2.5-0.3.rc2Rich Megginson - 1.2.5-0.2.rc1Rich Megginson - 1.2.5-0.1.a1Rich Megginson - 1.2.4-1Rich Megginson - 1.2.3-1Caolán McNamara - 1.2.2-2Rich Megginson - 1.2.2-1Tomas Mraz - 1.2.1-5Noriko Hosoi - 1.2.1-4Rich Megginson - 1.2.1-3Fedora Release Engineering - 1.2.1-2Rich Megginson - 1.2.1-1Rich Megginson - 1.2.0-4Rich Megginson - 1.2.0-3Rich Megginson - 1.2.0-2Rich Megginson - 1.2.0-1Noriko Hosoi - 1.1.3-7Noriko Hosoi - 1.1.3-6Rich Megginson - 1.1.3-5Rich Megginson - 1.1.3-4Rich Megginson - 1.1.3-3Rich Megginson - 1.1.3-2Rich Megginson - 1.1.3-1Rich Megginson - 1.1.2-1Rich Megginson - 1.1.1-2Rich Megginson - 1.1.1-1Rich Megginson - 1.1.0.1-4Tom "spot" Callaway - 1.1.0.1-3Tom "spot" Callaway - 1.1.0.1-3Rich Megginson - 1.1.0.1-2Rich Megginson - 1.1.0.1-1Fedora Release Engineering - 1.1.0-5Rich Megginson - 1.1.0-4Release Engineering - 1.1.0-3Rich Megginson - 1.1.0-2.0Rich Megginson - 1.1.0-1.2Rich Megginson - 1.1.0-1.1Rich Megginson - 1.1.0-0.3.20070720Nathan Kinder - 1.1.0-0.2.20070320Rich Megginson - 1.1.0-0.1.20070320Rich Megginson - 1.1.0-0.1.20070223Rich Megginson - 1.1.0-0.1.20070213Rich Megginson - 1.1.0-1.el4.20070209Rich Megginson - 1.1.0-1.el4.20070207Rich Megginson - 1.1.0-1.el4.20070129Rich Megginson - 1.1.0-8.el4.20070125Rich Megginson - 1.1.0-7.el4.20070125Rich Megginson - 1.1.0-6.el4.20070125Rich Megginson - 1.1.0-5.el4.20070125Rich Megginson - 1.1.0-4.el4.20070119Rich Megginson - 1.1.0-3.el4.20070119Rich Megginson - 1.1.0-2.el4.20070119Rich Megginson - 1.1.0-1.el4.cvs20070119Rich Megginson - 1.1-0.1.cvs20070115Dennis Gilmore - 1.1-0.1.cvs20070108Rich Megginson - 1.0.99-16Rich Megginson - 1.0.99-15Rich Megginson - 1.0.99-14Rich Megginson - 1.0.99-13Rich Megginson - 1.0.99-12Rich Megginson - 1.0.99-11Rich Megginson - 1.0.99-10Rich Megginson - 1.0.99-9Rich Megginson - 1.0.99-8Rich Megginson - 1.0.99-7Rich Megginson - 1.0.99-6Rich Megginson - 1.0.99-5Rich Megginson - 1.0.99-4Rich Megginson - 1.0.99-3Rich Megginson - 1.0.99-2Rich Megginson - 1.0.99-1- Bump version to 1.3.8.4-25.1 - Resolves: Bug 1718689 - dse.ldif strip-off string after 1023 character (missing patch file)- Bump version to 1.3.8.4-25 - Resolves: Bug 1722828 - referint update should discard any changes if mep update fails - Resolves: Bug 1718689 - dse.ldif strip-off string after 1023 character - Resolves: Bug 1719720 - CVE-2019-3883 389-ds-base: DoS via hanging secured connections- Bump version to 1.3.8.4-24 - Resolves: Bug 1718184 - segfault when using pam passthru and addn plugins together- Bump version to 1.3.8.4-23 - Resolves: Bug 1672173 - import task should not be deleted after import finishes to be able to query the status - Resolves: Bug 1672177 - after certain failed import operation, impossible to replay an import operation. - Resolves: Bug 1672179 - cannot add cenotaph in read only consumer- Bump version to 1.3.8.4-22 - Resolves: Bug 1660120 - certmap fails when Issuer DN has comma in name- Bump version to 1.3.8.4-21 - Resolves: Bug 1659510 - during MODRDN referential integrity can fail erronously while updating large groups - Resolves: Bug 1659936 - After RHEL 7.6 HTB update, unable to set nsslapd-cachememsize (RHDS 10) to custom value- Bump version to 1.3.8.4-20 - Resolves: Bug 1645197 - Fix compiler warnings- Bump version to 1.3.8.4-19 - Resolves: Bug 1653820 - PassSync not setting pwdLastSet attribute in Active Directory after Pw update from LDAP sync for normal user - Resolves: Bug 1645197 - on-line re-initialization hangs- Bump version to 1.3.8.4-18 - Resolves: Bug 1638516 - CRIT - list_candidates - NULL idl was recieved from filter_candidates_ex- Bump version to 1.3.8.4-17 - Resolves: Bug 1643875 - ns-slapd: crash in entrycache_add_int- Bump version to 1.3.8.4-16 - Resolves: Bug 1638513 - Message: "CRIT - list_candidates - NULL idl was recieved from filter_candidates_ext." should not be critical- Bump version to 1.3.8.4-15 - Resolves: Bug 1624004 - Fix regression in last patch- Bump version to 1.3.8.4-14 - Resolves: Bug 1624004 - potential denial of service attack- Bump version to 1.3.8.4-13 - Resolves: Bug 1623949 - Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly- Bump version to 1.3.8.4-12 - Resolves: Bug 1616412 - filter optimization fix causes regression(fix reverted)- Bump version to 1.3.8.4-11 - Resolves: Bug 1614820 - Server crash through modify command with large DN- Bump verison to 1.3.8.4-10 - Resolves: Bug 1614501 - Disable nunc-stans by default - Resolves: Bug 1607078 - ldapsearch with server side sort crashes the ldap server- Bump version to 1.3.8.4-9 - Resolves: Bug 1594484 - setup-ds.pl not able to handle/create the user "dirsrv" if there is an already existing user with the UID/GID 389 on the machine.- Bump version to 1.3.8.4-8 - Resolves: Bug 1594484 - setup-ds.pl not able to handle/create the user "dirsrv" if there is an already existing user with the UID/GID 389 on the machine.- Bump version to 1.3.8.4-7 - Resolves: Bug 1595766 - backout this fix for now because it breaks FreeIPA (removed patch file all together)- Bump version to 1.3.8.4-6 - Resolves: Bug 1595766 - backout this fix for now because it breaks FreeIPA- Bump version to 1.3.8.4-5 - Resolves: Bug 1595766 - CVE-2018-10871 389-ds-base: replication and the Retro Changelog plugin store plaintext password by default- Bump version to 1.3.8.4-4 - Resolves: Bug 1597384 - Async operations can hang when the server is running nunc-stans - Resolves: Bug 1598186 - A search with the scope "one" returns a non-matching entry - Resolves: Bug 1598718 - import fails if backend name is "default" - Resolves: Bug 1598478 - If a replica is created with a bindDNGroup, this group is taken into account only after bindDNGroupCheckInterval seconds - Resolves: Bug 1525256 - Invalid SNMP MIB for 389 DS - Resolves: Bug 1597518 - ds-replcheck command returns traceback errors against ldif files having garbage content when run in offline mode- Bump version to 1.3.8.4-3 - Resolves: Bug 1594484 - setup-ds.pl not able to handle/create the user "dirsrv" if there is an already existing user with the UID/GID 389 on the machine.- Bump version to 1.3.8.4-2 - Resolves: Bug 1594484 - setup-ds.pl not able to handle/create the user "dirsrv" if there is an already existing user with the UID/GID 389 on the machine.- Bump version to 1.3.8.4-1 - Resolves: Bug 1560653 - Rebase 389-ds-base in RHEL 7.6 to 1.3.8- Bump version to 1.3.8.2-1 - Resolves: Bug 1560653 - Rebase 389-ds-base in RHEL 7.6 to 1.3.8- Bump version to 1.3.7.5-18 - Resolves: Bug 1539082 - Fix memory leak- Bump version to 1.3.7.5.17 - Resolves: Bug 1539082 - Child entry cenotaphs should not prevent the deletion of the parent - Resolves: Bug 1540106 - CVE-2018-1054 - remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 - Resolves: Bug 1535538 - CVE-2017-15135 - Authentication bypass due to lack of size check in slapi_ct_memcmp- Bump version to 1.3.7.5-16 - Resolves: Bug 1542645 - Outgoing secure connection is failing with recent OpenLDAP- Bump version to 1.3.7.5-15 - Resolves: Bug 1533828 - Server allows to set nsds5replicaid=65535 in the existing replica entry - Resolves: Bug 1535515 - local password policies should use the same defaults as the global policy - Resolves: Bug 1541108 - Allow CRL handling to be configurable for outgoing connections- Bump version to 1.3.7.5-14 - Resolves: Bug 1519406 - New defects found in 389-ds-base-1.3.7.5-3.el7 (fix regression in -13)- Bump version to 1.3.7.5-13 - Resolves: Bug 1533828 - Server allows to set nsds5replicaid=65535 in the existing replica entry - Resolves: Bug 1519406 - New defects found in 389-ds-base-1.3.7.5-3.el7 - Resolves: Bug 1534379 - CVE-2017-15134: Remote DoS via search filters in slapi_filter_sprintf in slapd/util.c - Resolves: Bug 1533571 - memberof: schema violation error message is confusing as memberof will likely repair target entry - Resolves: Bug 1535515 - local password policies should use the same defaults as the global policy- Bump version to 1.3.7.5-12 - Resolves: Bug 1459946 - GetEffectiveRights gives false-negative with ACIs containing targetfilter - Resolves: Bug 1507194 - cleanallruv could break replication if anchor csn in ruv originated in deleted replica - Resolves: Bug 1517788 - password policy: minimum token length fails when the token length is equal to attribute length - Resolves: Bug 1518287 - heap-use-after-free in csn_as - Resolves: Bug 1531153 - Indexing of internationalized matching rules is failing - Resolves: Bug 1517383 - ns-slapd segfaults with ERR - connection_release_nolock_ext - conn=0 fd=0 Attempt to release connection that is not acquired - Resolves: Bug 1523183 - search with CoS attribute is getting slower after modifying/adding CosTemplate - Resolves: Bug 1457315 - cmocka tests are not executed during rpm build - Resolves: Bug 1516309 - After cleanALLruv, replication is looping on keep alive DEL- Bump version to 1.3.7.5-11 - Resolves: Bug 1518069 - heap-buffer-overflow in ss_unescape - Resolves: Bug 1516676 - gssapi authentication fails after upgrading 389-ds-base - Resolves: Bug 1511885 - Automatically load /usr/lib/sysctl.d/70-dirsrv.conf after installing 389-ds-base - Resolves: Bug 1517980 - stack-buffer-overflow in slapi_pblock_get- Bump version to 1.3.7.5-10 - Resolves: Bug 1464463 - Replication fails to start with CBCA (Certificate-Based Client Authentication) while FIPS mode is enabled. - Resolves: Bug 1465383 - Segmentation fault in valueset_array_to_sorted_quick - Resolves: Bug 1510865 - python-ldap is not a dependency of 389-ds-base - Resolves: Bug 1513467 - IPA upgrade fails for latest ipa package - Resolves: Bug 1192099 - IPA server replication broken, after DS stop-start, due to changelog reset - Resolves: Bug 1445188 - Misleading error message - Incoming BER Element was 3 bytes - Resolves: Bug 1498980 - heap corruption during import - Resolves: Bug 1511462 - scope one searches give incorrect results - Resolves: Bug 1514033 - opened connection are hanging, no longer poll- Bump version to 1.3.7.5-9 - Resolves: Bug 1271208 - Fix copy and paste error- Bump version to 1.3.7.5-8 - Resolves: Bug 1509016 - cleanallruv task is not logging any information- Bump version to 1.3.7.5-7 - Resolves: Bug 1474100 - Use of uninitialized value in string ne at /usr/bin/logconv.pl - Resolves: Bug 1506425 - Improve valueset sort performance during valueset purging - Resolves: Bug 1505046 - [abrt] 389-ds-base: SLL_Next(): ns-slapd killed by SIGSEGV - Resolves: Bug 1271208 - nsds5ReplicaProtocolTimeout attribute accepts negative values- Bump version to 1.3.7.5-6 - Resolves: Bug 1488836 - directory server fails to start because maxdisksize - Resolves: Bug 1474100 - Use of uninitialized value in string ne at /usr/bin/logconv.pl - Resolves: Bug 1447308 - Add option to show full un-ellipsized output in status-dirsrv - Resolves: Bug 1438526 - Server allows to set any nsds5replicaid in the existing replica entry - Resolves: Bug 1185774 - Missing warning for invalid replica backoff configuration- Bump version to 1.3.7.5-5 - Resolves: Bug 1476207 - Enabling instance service doesn't work - Resolves: Bug 1434335 - Errors log filled with attrlist_replace - attr_replace - Resolves: Bug 1453155 - unable to retrieve specific cosAttribute when subtree password policy is configured - Resolves: Bug 1459965 - repl-monitor - matches null string many times in regex - Resolves: Bug 1463204 - Adding a database entry fails if the same database was deleted after an import - Resolves: Bug 1469567 - Activating roles returns error 16 - Resolves: Bug 1498773 - Installation of ipa fails with crash in topology plugin - Resolves: Bug 1501058 - [memberOf Plugin] bulk deleting users causes deadlock when there are multiple backends - Resolves: Bug 1352121 - [RFE] allow to enable MemberOf plugin in dedicated consumer- Bump version to 1.3.7.5-4 - Fix coverity warnings from convscan - Improve atomics- Bump version to 1.3.7.5-3 - specfile remove cap_net_bind_service+ep from ns-slapd- Bump version to 1.3.7.5-2 - specfile updates: add asan support, make nunc-stans default, and general cleanup- Bump version to 1.3.7.5-1 - Resolves: Bug 1470169 - Rebase 389-ds-base in RHEL 7.5 to 1.3.7- Bump version to 1.3.6.1-16 - Resolves: Bug 1444938 - nsslapd-allowed-sasl-mechanisms doesn't reset to default values without a restart - Resolves: Bug 1447015 - Adjust db2bak.pl help and man page to reflect changes introduced to the script - Resolves: Bug 1450896 - Manual resetting of nsslapd-dbcachesize using ldapmodify - Resolves: Bug 1454921 - Fixup memberof task throws error "memberof_fix_memberof_callback: Weird - Resolves: Bug 1456774 - ipa-replica server fails to upgrade- Bump version to 1.3.6.1-15 - Resolves: Bug 1429770 - ds-logpipe.py crashes for non-existing users - Resolves: Bug 1444938 - nsslapd-allowed-sasl-mechanisms doesn't reset to default values without a restart - Resolves: Bug 1450896 - Manual resetting of nsslapd-dbcachesize using ldapmodify - Resolves: Bug 1357682 - RHDS fails to start with message: "Failed to delete old semaphore for stats file" - Resolves: Bug 1452739 - Zero value of nsslapd-cache-autosize-split makes dbcache to be equal 0- Bump version to 1.3.6.1-14 - Resolves: Bug 1450910 - Modifying "nsslapd-cache-autosize" parameter using ldapmodify command is failing. - Resolves: Bug 1450893 - When nsslapd-cache-autosize is not set in dse.ldif, ldapsearch does not show the default value - Resolves: Bug 1449098 - ns-slapd crashes in role cache creation - Resolves: Bug 1441522 - AddressSanitizer: heap-use-after-free in libreplication-plugin.so - Resolves: Bug 1437492 - "ERR - cos-plugin - cos_cache_query_attr - cos attribute krbPwdPolicyReference failed schema check" in error log - Resolves: Bug 1429770 - ds-logpipe.py crashes for non-existing users - Resolves: Bug 1451657 - -v option is not working for db2ldif.pl- Bump version to 1.3.6.1-13 - Resolves: Bug 1444938 - Fix backport issue from build 1.3.6.1-10 (part 2)- Bump version to 1.3.6.1-12 - Resolves: Bug 1444938 - Fix backport issue from build 1.3.6.1-10- Bump version to 1.3.6.1-11 - Resolves: Bug 1410207 - Utility command had better use INFO log level for the output - Resolves: Bug 1049190 - Better input argument validation and error messages for db2index and db2index.pl- Bump version to 1.3.6.1-10 - Resolves: Bug 1444938 - nsslapd-allowed-sasl-mechanisms doesn't reset to default val - Resolves: Bug 1111400 - logconv.pl lists sasl binds with no dn as anonymous - Resolves: Bug 1377452 - Integer overflow in performance counters - Resolves: Bug 1441790 - ldapserch for nsslapd-errorlog-level returns incorrect values - Resolves: Bug 1444431 - ERR - symload_report_error - Netscape Portable Runtime error -5975 - Resolves: Bug 1447015 - Adjust db2bak.pl help and man page to reflect changes introduced to the script- Bump version to 1.3.6.1-9 - Resolves: Bug 1442880 - setup-ds-admin.pl -u with nsslapd-localhost changed - Resolves: Bug 1443682 - util_info_sys_pages should be able to detect memory restrictions in a cgroup- Bump version to 1.3.6.1-8 - Resolves: Bug 1432016 - Possible deadlock while installing an ipa replica - Resolves: Bug 1438029 - Overflow in memberof- Bump version to 1.3.6.1-7 - Resolves: bug 1394899 - RHDS should ignore passwordMinAge if "password must reset" is set(fix crash regression) - Resolves: bug 1381326 - dirsrv-snmp.service is provided by 389-ds-base instead of 389-ds-base-snmp - Resolves: bug 1049190 - Better input argument validation and error messages for db2index and db2index.pl.- Bump version to 1.3.6.1-6 - Resolves: bug 1437006 - EMBARGOED CVE-2017-2668 389-ds-base: Remote crash via crafted LDAP messages - Resolves: bug 1341689 - dbmon.sh / cn=monitor] nsslapd-db-pages-in-use is increasing - Resolves: bug 1394899 - RHDS should ignore passwordMinAge if "password must reset" is set - Resolves: bug 1397288 - typo in logconv.pl man page - Resolves: bug 1436994 - incorrect pathes in pkg-config files - Resolves: bug 1396448 - Add a hard dependency for >=selinux-policy-3.13.1-75- Bump version to 1.3.6.1-5 - Resolves: bug 1377452 - Integer overflow in counters and monitor - Resolves: bug 1425907 - Harden password storage scheme - Resolves: bug 1431207 - ns-slapd killed by SIGABRT- Bump version to 1.3.6.1-4 - Resolves: bug 1379424 - Reset-agmt-update-staus-and-total-init - Resolves: bug 1394000 - dbmon.sh-fails-if-you-have-nsslapd-requi.patch - Resolves: bug 1417344 - targetattr-wildcard-evaluation-is-incorr.patch - Resolves: bug 1429770 - ds-logpipe.py-crashes-for-non-existing-u.patch - Resolves: bug 1433697 - Fix-double-free-in-_cl5NewDBFile-error-path.patch - Resolves: bug 1433996 - retrocl-can-crash-server-at-shutdown.patch - Resolves: bug 1434967 - rpm-would-not-create-valid-pkgconfig-fi.patch - Resolves: bug 1417338 - To-debug-DB_DEADLOCK-condition-allow-to.patch - Resolves: bug 1433850 - Deleting-suffix-can-hang-server.patch- Bump version to 1.3.6.1-3 - Fix spec file to include the tests- Bump version to 1.3.6.1-2 - Resolves: bug 1431877 - 389-1.3.6.1-1.el7 covscan errors - Resolves: bug 1432206 - content sync plugin can hang server shutdown - Resolves: bug 1432149 - sasl external binds fail in 1.3.6.1- Bump version to 1.3.6.1-1 - Resolves: bug 1388567 - Rebase 389-ds-base to 1.3.6 in RHEL-7.4- Release 1.3.5.10-12 - Resolves: bug 1384785 - Replica install fails with old IPA master sometimes during replication process (DS 48992) - Resolves: bug 1388501 - 389-ds-base is missing runtime dependency - bind-utils (DS 48328) - Resolves: bug 1388581 - Replication stops working only when fips mode is set to true (DS 48909) - Resolves: bug 1390342 - ns-accountstatus.pl shows wrong status for accounts inactivated by Account policy plugin (DS 49014) - Resolves: bug 1390343 - trace args debug logging must be more restrictive (DS 49009)- Release 1.3.5.10-11 - Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates- Release 1.3.5.10-10 - Resolves: bug 1370300 - set proper update status to replication agreement in case of failure (DS 48957) - Resolves: bug 1209094 - Allow logging of rejected changes (DS 48969)- Release 1.3.5.10-9 - Resolves: bug 1364190 - Change example in /etc/sysconfig/dirsrv to use tcmalloc (DS 48950) - Resolves: bug 1366828 - audit on failure doesn't work if attribute nsslapd-auditlog-logging-enabled is NOT enabled (DS 48958) - Resolves: bug 1368520 - Crash in import_wait_for_space_in_fifo() (DS 48960) - Resolves: bug 1368956 - man page of ns-accountstatus.pl shows redundant entries for -p port option - Resolves: bug 1369537 - passwordMinAge attribute doesn't limit the minimum age of the password (DS 48967) - Resolves: bug 1369570 - cleanallruv changelog cleaning incorrectly impacts all backends (DS 48964) - Resolves: bug 1369425 - ACI behaves erratically (DS 48972) - Resolves: bug 1370300 - set proper update status to replication agreement in case of failure (DS 48957) - Resolves: bug 1209094 - Allow logging of rejected changes (DS 48969) - Resolves: bug 1371283 - Server Side Sorting crashes the server. (DS 48970) - Resolves: bug 1371284 - Disabling CLEAR password storage scheme will crash server when setting a password (DS 48975)- Release 1.3.5.10-8 - Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates (DS 48954) - Resolves: bug 1364190 - Change example in /etc/sysconfig/dirsrv to use tcmalloc (DS 48950) - Resolves: bug 1366561 - ns-accountstatus.pl giving error even "No such object (32)" (DS 48956)- Release 1.3.5.10-7 - Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450) - Resolves: bug 1360976 - fixing a compiler warning- Release 1.3.5.10-6 - Resolves: bug 1326077 - Page result search should return empty cookie if there is no returned entry (DS 48928) - Resolves: bug 1360447 - nsslapd-workingdir is empty when ns-slapd is started by systemd (DS 48939) - Resolves: bug 1360327 - remove-ds.pl deletes an instance even if wrong prefix was specified (DS 48934) - Resolves: bug 1349815 - DS logs have warning:ancestorid not indexed for all CS subsystems (DS 48940) - Resolves: bug 1329061 - 389-ds-base-1.3.4.0-29.el7_2 "hang" (DS 48882) - Resolves: bug 1360976 - EMBARGOED CVE-2016-5405 389-ds-base: Password verification vulnerable to timing attack - Resolves: bug 1361134 - When fine-grained policy is applied, a sub-tree has a priority over a user while changing password (DS 48943) - Resolves: bug 1361321 - Duplicate collation entries (DS 48936) - Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450) - Resolves: bug 1350799 - CVE-2016-4992 389-ds-base: Information disclosure via repeat- Release 1.3.5.10-5 - Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48919)- Release 1.3.5.10-4 - Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144) - Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48919) - Resolves: bug 1350799 - CVE-2016-4992 389-ds-base: Information disclosure via repeat - Resolves: bug 1354660 - flow control in replication also blocks receiving results (DS 48767) - Resolves: bug 1356261 - Fixup tombstone task needs to set proper flag when updating (DS 48924) - Resolves: bug 1355760 - ns-slapd crashes during the deletion of backend (DS 48922) - Resolves: bug 1353629 - DS shuts down automatically if dnaThreshold is set to 0 in a MMR setup (DS 48916) - Resolves: bug 1355879 - nunc-stans: ns-slapd crashes during startup with SIGILL on AMD Opteron 280 (DS 48925)- Release 1.3.5.10-3 - Resolves: bug 1354374 - Fixing the tarball version in the sources file.- Release 1.3.5.10-2 - Resolves: bug 1353714 - If a cipher is disabled do not attempt to look it up (DS 48743) - Resolves: bug 1353592 - Setup-ds.pl --update fails - regression (DS 48755) - Resolves: bug 1353544 - db2bak.pl task enters infinitive loop when bak fs is almost full (DS 48914) - Resolves: bug 1354374 - Upgrade to 389-ds-base >= 1.3.5.5 doesn't install 389-ds-base-snmp (DS 48918)- Release 1.3.5.10-1 - Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48905)- Release 1.3.5.9-1 - Resolves: bug 1349571 - Improve MMR replication convergence (DS 48636) - Resolves: bug 1304682 - "stale" automember rule (associated to a removed group) causes discrepancies in the database (DS 48637) - Resolves: bug 1314956 - moving an entry cause next on-line init to skip entry has no parent, ending at line 0 of file "(bulk import)" (DS 48755) - Resolves: bug 1316731 - syncrepl search returning error 329; plugin sending a bad error code (DS 48904) - Resolves: bug 1346741 - ns-slapd crashes during the shutdown after adding attribute with a matching rule (DS 48891) - Resolves: bug 1349577 - Values of dbcachetries/dbcachehits in cn=monitor could overflow. (DS 48899) - Resolves: bug 1272682 - nunc-stans: ns-slapd killed by SIGABRT (DS 48898) - Resolves: bug 1346043 - repl-monitor displays colors incorrectly for the time lag > 60 min (DS 47538) - Resolves: bug 1350632 - ns-slapd shutdown crashes if pwdstorageschema name is from stack. (DS 48902)- Release 1.3.5.8-1 - Resolves: bug 1290101 - proxyauth support does not work when bound as directory manager (DS 48366)- Release 1.3.5.7-1 - Resolves: bug 1196282 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) (DS 48109) - Resolves: bug 1303794 - Import readNSState.py from RichM's repo (DS 48449) - Resolves: bug 1290101 - proxyauth support does not work when bound as directory manager (DS 48366) - Resolves: bug 1338872 - Wrong result code display in audit-failure log (DS 48892) - Resolves: bug 1346043 - repl-monitor displays colors incorrectly for the time lag > 60 min (DS 47538) - Resolves: bug 1346741 - ns-slapd crashes during the shutdown after adding attribute with a matching rule (DS 48891) - Resolves: bug 1347407 - By default aci can be read by anonymous (DS 48354) - Resolves: bug 1347412 - cn=SNMP,cn=config entry can be read by anonymous (DS 48893)- Release 1.3.5.6-1 - Resolves: bug 1273549 - [RFE] Improve timestamp resolution in logs (DS 47982) - Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates (DS 48766, DS 48636) - Resolves: bug 1233926 - "matching rules" in ACI's "bind rules not fully evaluated (DS 48234) - Resolves: bug 1346165 - 389-ds-base-1.3.5.5-1.el7.x86_64 requires policycoreutils-py- Release 1.3.5.5-1 - Resolves: bug 1018944 - [RFE] Enhance password change tracking (DS 48833) - Resolves: bug 1344414 - [RFE] adding pre/post extop ability (DS 48880) - Resolves: bug 1303794 - Import readNSState.py from RichM's repo (DS 48449) - Resolves: bug 1257568 - /usr/lib64/dirsrv/libnunc-stans.so is owned by both -libs and -devel (DS 48404) - Resolves: bug 1314956 - moving an entry cause next on-line init to skip entry has no parent, ending at line 0 of file "(bulk import)" (DS 48755) - Resolves: bug 1342609 - At startup DES to AES password conversion causes timeout in start script (DS 48862) - Resolves: bug 1316328 - search returns no entry when OR filter component contains non readable attribute (DS 48275) - Resolves: bug 1280456 - setup-ds should detect if port is already defined (DS 48336) - Resolves: bug 1312557 - dirsrv service fails to start when nsslapd-listenhost is configured (DS 48747) - Resolves: bug 1326077 - Page result search should return empty cookie if there is no returned entry (DS 48752) - Resolves: bug 1340307 - Running db2index with no options breaks replication (DS 48854) - Resolves: bug 1337195 - Regression introduced in matching rules by DS 48746 (DS 48844) - Resolves: bug 1335492 - Modifier's name is not recorded in the audit log with modrdn and moddn operations (DS 48834) - Resolves: bug 1316741 - ldctl should support -H with ldap uris (DS 48754)- release 1.3.5.4-1 - Resolves: bug 1334455 - db2ldif is not taking into account multiple suffixes or backends (DS 48828) - Resolves: bug 1241563 - The "repl-monitor" web page does not display "year" in date. (DS 48220) - Resolves: bug 1335618 - Server ram sanity checks work in isolation (DS 48617) - Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48837)- release 1.3.5.3-1 - Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144) - Resolves: bug 1332533 - ns-accountstatus.pl gives error message on execution along with results. (DS 48815) - Resolves: bug 1332709 - password history is not updated when an admin resets the password (DS 48813) - Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48822) - Resolves: bug 1333515 - Enable DS to offer weaker DH params in NSS (DS 48798)- release 1.3.5.2-1 - Resolves: bug 1270020 - Rebase 389-ds-base to 1.3.5 in RHEL-7.3 - Resolves: bug 1288229 - many attrlist_replace errors in connection with cleanallruv (DS 48283) - Resolves: bug 1315893 - License tag does not match actual license of code (DS 48757) - Resolves: bug 1320715 - DES to AES password conversion fails if a backend is empty (DS 48777) - Resolves: bug 190862 - [RFE] Default password syntax settings don't work with fine-grained policies (DS 142) - Resolves: bug 1018944 - [RFE] Enhance password change tracking (DS 548) - Resolves: bug 1143066 - The dirsrv user/group should be created in rpm %pre, and ideally with fixed uid/gid (DS 48285) - Resolves: bug 1153758 - [RFE] Support SASL/GSSAPI when ns-slapd is behind a load-balancer (DS 48332) - Resolves: bug 1160902 - search, matching rules and filter error "unsupported type 0xA9" (DS 48016) - Resolves: bug 1186512 - High memory fragmentation observed in ns-slapd; OOM-Killer invoked (DS 48377, 48129) - Resolves: bug 1196282 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) (DS 48109) - Resolves: bug 1209094 - [RFE] Allow logging of rejected changes (DS 48145, 48280) - Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144) - Resolves: bug 1210842 - [RFE] Add PIDFile option to systemd service file (DS 47951) - Resolves: bug 1223510 - [RFE] it could be nice to have nsslapd-maxbersize default to bigger than 2Mb (DS 48326) - Resolves: bug 1229799 - ldclt-bin killed by SIGSEGV (DS 48289) - Resolves: bug 1249908 - No validation check for the value for nsslapd-db-locks. (DS 48244) - Resolves: bug 1254887 - No man page entry for - option '-u' of dbgen.pl for adding group entries with uniquemembers (DS 48290) - Resolves: bug 1255557 - db2index creates index entry from deleted records (DS 48252) - Resolves: bug 1258610 - total update request must not be lost (DS 48255) - Resolves: bug 1258611 - dna plugin needs to handle binddn groups for authorization (DS 48258) - Resolves: bug 1259624 - [RFE] Provide a utility to detect accounts locked due to inactivity (DS 48269) - Resolves: bug 1259950 - Add config setting to MemberOf Plugin to add required objectclass got memberOf attribute (DS 48267) - Resolves: bug 1266510 - Linked Attributes plug-in - wrong behaviour when adding valid and broken links (DS 48295) - Resolves: bug 1266532 - Linked Attributes plug-in - won't update links after MODRDN operation (DS 48294) - Resolves: bug 1267750 - pagedresults - when timed out, search results could have been already freed. (DS 48299) - Resolves: bug 1269378 - ds-logpipe.py with wrong arguments - python exception in the output (DS 48302) - Resolves: bug 1271330 - nunc-stans: Attempt to release connection that is not acquired (DS 48311) - Resolves: bug 1272677 - nunc stans: ns-slapd killed by SIGTERM - Resolves: bug 1272682 - nunc-stans: ns-slapd killed by SIGABRT - Resolves: bug 1273142 - crash in Managed Entry plugin (DS 48312) - Resolves: bug 1273549 - [RFE] Improve timestamp resolution in logs (DS 47982) - Resolves: bug 1273550 - Deadlock between two MODs on the same entry between entry cache and backend lock (DS 47978) - Resolves: bug 1273555 - deadlock in mep delete post op (DS 47976) - Resolves: bug 1273584 - lower password history minimum to 1 (DS 48394) - Resolves: bug 1275763 - [RFE] add setup-ds.pl option to disable instance specific scripts (DS 47840) - Resolves: bug 1276072 - [RFE] Allow RHDS to be setup using a DNS CNAME alias for General.FullMachineName (DS 48328) - Resolves: bug 1278567 - SimplePagedResults -- abandon could happen between the abandon check and sending results (DS 48338) - Resolves: bug 1278584 - Share nsslapd-threadnumber in the case nunc-stans is enabled, as well. (DS 48339) - Resolves: bug 1278755 - deadlock on connection mutex (DS 48341) - Resolves: bug 1278987 - Cannot upgrade a consumer to supplier in a multimaster environment (DS 48325) - Resolves: bug 1280123 - acl - regression - trailing ', (comma)' in macro matched value is not removed. (DS 48344) - Resolves: bug 1290111 - [RFE] Support for rfc3673 '+' to return operational attributes (DS 48363) - Resolves: bug 1290141 - With exhausted range, part of DNA shared configuration is deleted after server restart (DS 48362) - Resolves: bug 1290242 - SimplePagedResults -- in the search error case, simple paged results slot was not released. (DS 48375) - Resolves: bug 1290600 - The 'eq' index does not get updated properly when deleting and re-adding attributes in the same ldapmodify operation (DS 48370) - Resolves: bug 1295947 - 389-ds hanging after a few minutes of operation (DS 48406, revert 48338) - Resolves: bug 1296310 - ldclt - segmentation fault error while binding (DS 48400) - Resolves: bug 1299758 - CVE-2016-0741 389-ds-base: Worker threads do not detect abnormally closed connections causing DoS [rhel-7.3] - Resolves: bug 1301097 - logconv.pl displays negative operation speeds (DS 48446) - Resolves: bug 1302823 - Crash in slapi_get_object_extension (DS 48536) - Resolves: bug 1303641 - heap corruption at schema replication. (DS 48492) - Resolves: bug 1307151 - keep alive entries can break replication (DS 48445) - Resolves: bug 1310848 - Supplier can skip a failing update, although it should retry. (DS 47788) - Resolves: bug 1314557 - change severity of some messages related to "keep alive" enties (DS 48420) - Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450) - Resolves: bug 1316742 - no plugin calls in tombstone purging (DS 48759) - Resolves: bug 1319329 - [RFE] add nsslapd-auditlog-logging-enabled: off to template-dse.ldif (DS 48145) - Resolves: bug 1320295 - If nsSSL3 is on, even if SSL v3 is not really enabled, a confusing message is logged. (DS 48775) - Resolves: bug 1326520 - db2index uses a buffer size derived from dbcachesize (DS 48383) - Resolves: bug 1328936 - objectclass values could be dropped on the consumer (DS 48799) - Resolves: bug 1287475 - [RFE] response control for password age should be sent by default by RHDS (DS 48369) - Resolves: bug 1331343 - Paged results search returns the blank list of entries (DS 48808)- release 1.3.4.0-19 - Resolves: bug 1228823 - async simple paged results issue (DS 48299, DS 48192) - Resolves: bug 1266944 - ns-slapd crash during ipa-replica-manage del (DS 48298)- release 1.3.4.0-18 - Resolves: bug 1259949 - Fractional replication evaluates several times the same CSN (DS 48266, DS 48284)- release 1.3.4.0-17 - Resolves: bug 1259949 - A backport error (coverity -- unused variable 'init_retry')- release 1.3.4.0-16 - Resolves: bug 1243970 - In MMR, double free coould occur under some special condition (DS 48276, DS 48226) - Resolves: bug 1259949 - Fractional replication evaluates several times the same CSN (DS 48266) - Resolves: bug 1241723 - cleanallruv - fix regression with server shutdown (DS 48217) - Resolves: bug 1264224 - segfault in ns-slapd due to accessing Slapi_DN freed in pre bind plug-in (DS 48188)- release 1.3.4.0-15 - Resolves: bug 1258996 - Complex filter in a search request doen't work as expected. (regression) (DS 48265) - Resolves: bug 1179370 - COS cache doesn't properly mark vattr cache as invalid when there are multiple suffixes (DS 47981)- release 1.3.4.0-14 - Resolves: bug 1246389 - wrong password check if passwordInHistory is decreased. (DS 48228) - Resolves: bug 1255851 - Shell CLI fails with usage errors if an argument containing white spaces is given (DS 48254) - Resolves: bug 1256938 - Unable to dereference unqiemember attribute because it is dn [#UID] not dn syntax (DS 47757)- release 1.3.4.0-13 - Resolves: bug 1245519 - remove debug logging from retro cl (DS 47831)- release 1.3.4.0-12 - Resolves: bug 1252133 - replica upgrade failed in starting dirsrv service (DS 48243) - Resolves: bug 1254344 - Server crashes in ACL_LasFindFlush during shutdown if ACIs contain IP addresss restrictions (DS 48233)- release 1.3.4.0-11 - Resolves: bug 1249784 - ipa-dnskeysyncd unhandled exception on named-pkcs11 start (DS 48249) - Resolves: bug 1252082 - removing chaining database links trigger valgrind read error (DS 47686) - Resolves: bug 1252207 - bashisms in 389-ds-base admin scripts (DS 47511) - Resolves: bug 1252533 - Man pages and help for remove-ds.pl doesn't display "-a" option (DS 48245) - Resolves: bug 1252781 - Slapd crashes reported from latest builds (DS 48250)- release 1.3.4.0-10 - Resolves: bug 1245519 - Fix coverity issues (DS 47931)- release 1.3.4.0-9 - Resolves: bug 1240876 - verify_db.pl doesn't verify DB specified by -a option. (DS 48215) - Resolves: bug 1245235 - winsync lastlogon attribute not syncing between IPA & Windows 2008. (DS 48232) - Resolves: bug 1245519 - Deadlock with retrochangelog, memberof plugin (DS 47931) - Resolves: bug 1246389 - wrong password check if passwordInHistory is decreased. (DS 48228) - Resolves: bug 1247811 - logconv autobind handling regression caused by 47446 (DS 48231) - Resolves: bug 1250177 - Investigate betxn plugins to ensure they return the correct error code (DS 47810)- release 1.3.4.0-8 - Resolves: bug 1160243 - [RFE] allow logconv.pl -S/-E switches to work even when exact/same timestamps are not present in access log file (DS 47910) - Resolves: bug 1172037 - winsync range retrieval gets only 5000 values upon initialization (DS 48010) - Resolves: bug 1242531 - logconv.pl should handle *.tar.xz, *.txz, *.xz log files (DS 48224) - Resolves: bug 1243950 - When starting a replica agreement a deadlock can occur with an op updating nsuniqueid index (DS 48179) - Resolves: bug 1243970 - In MMR, double free coould occur under some special condition (DS 48226) - Resolves: bug 1244926 - Crash while triming the retro changelog (DS 48206)- release 1.3.4.0-7 - Resolves: bug 1235060 - Fix coverity issues - 07/14/2015 (DS 48203) - Resolves: bug 1242531 - redux - logconv.pl should handle *.tar.xz, *.txz, *.xz log files (DS 48224)- release 1.3.4.0-6 - Resolves: bug 1240845 - cleanallruv should completely clean changelog (DS 48208) - Resolves: bug 1095603 - Any negative LDAP error code number reported as Illegal error by ldclt. (DS 47799) - Resolves: bug 1168675 - Inconsistent behaviour of DS when LDAP Sync is used with an invalid cookie (DS 48013) - Resolves: bug 1241723 - cleanAllRUV hangs shutdown if not all of the replicas are online (DS 48217) - Resolves: bug 1241497 - crash in ns-slapd when deleting winSyncSubtreePair from sync agreement (DS 48216) - Resolves: bug 1240404 - Silent install needs to properly exit when INF file is missing (DS 48119) - Resolves: bug 1240406 - Remove warning suppression in 1.3.4 (DS 47878) - Resolves: bug 1242683 - Winsync fails when AD users have multiple spaces (two)inside the value of the rdn attribute (DS 48223) - Resolves: bug 1160243 - logconv.pl - validate start and end time args (DS 47910) - Resolves: bug 1242531 - logconv.pl should handle *.tar.xz, *.txz, *.xz log files (DS 48224) - Resolves: bug 1230996 - CI test: fixing test cases for ticket 48194 (DS 48194)- release 1.3.4.0-5 - Resolves: bug 1235060 - Fix coverity issues (DS 48203)- release 1.3.4.0-4 - Resolves: bug 1240404 - setup-ds.pl does not log invalid --file path errors the same (DS 48119) - Resolves: bug 1240406 - setup -u stops after first failure (DS 47878)- release 1.3.4.0-3 - Resolves: bug 1228823 - async simple paged results issue (DS 48192) - Resolves: bug 1237325 - reindex off-line twice could provoke index corruption (DS 48212) - Resolves: bug 1238790 - ldapsearch on nsslapd-maxbersize returns 0 instead of current value (DS 48214)- release 1.3.4.0-2 - Resolves: bug 1235060 - Fix coverity issues - Resolves: bug 1235387 - Slow replication when deleting large quantities of multi-valued attributes (DS 48195)- Release 1.3.4.0-1 (rebase) - Enable nunc-stans for x86_64. - Resolves: bug 1034325 - Linked attributes betxnpreoperation - transaction not aborted when linked entry does not exit (DS 47640) - Resolves: bug 1052755 - Retro Changelog Plugin accepts invalid value in nsslapd-changelogmaxage attribute (DS 47669) - Resolves: bug 1096409 - RHDS keeps on logging write_changelog_and_ruv: failed to update RUV for unknown (DS 47801) - Resolves: bug 1145378 - Adding an entry with an invalid password as rootDN is incorrectly rejected (DS 47900) - Resolves: bug 1145382 - Bad manipulation of passwordhistory (DS 47905) - Resolves: bug 1154147 - Uniqueness plugin: should allow to exclude some subtrees from its scope (DS 47927) - Resolves: bug 1171358 - Make ReplicaWaitForAsyncResults configurable (DS 47957) - Resolves: bug 1171663 - MODDN fails when entry doesn't have memberOf attribute and new DN is in the scope of memberOfExcludeSubtree (DS 47526) - Resolves: bug 1174457 - [RFE] memberOf - add option to skip nested group lookups during delete operations (DS 47963) - Resolves: bug 1178640 - db2bak.pl man page should be improved. (DS 48008) - Resolves: bug 1179370 - COS cache doesn't properly mark vattr cache as invalid when there are multiple suffixes (DS 47981) - Resolves: bug 1180331 - Local Password Policies for Nested OU's not honoured (DS 47980) - Resolves: bug 1180776 - nsslapd-db-locks modify not taking into account (DS 47934) - Resolves: bug 1181341 - nsslapd-changelogtrim-interval and nsslapd-changelogcompactdb-interval are not validated (DS 47617) - Resolves: bug 1185882 - ns-activate.pl fails to activate account if it was disabled on AD (DS 48001) - Resolves: bug 1186548 - ns-slapd crash in shutdown phase (DS 48005) - Resolves: bug 1189154 - DNS errors after IPA upgrade due to broken ReplSync (DS 48030) - Resolves: bug 1206309 - winsync sets AccountUserControl in AD to 544 (DS 47723) - Resolves: bug 1210845 - slapd crashes during Dogtag clone reinstallation (DS 47966) - Resolves: bug 1210850 - add an option '-u' to dbgen.pl for adding group entries with (DS 48025) - Resolves: bug 1210852 - aci with wildcard and macro not correctly evaluated (DS 48141)- release 1.3.3.1-19 - Resolves: bug 1230996 - nsSSL3Ciphers preference not enforced server side (DS 48194)- release 1.3.3.1-18 - Resolves: bug 1228823 - async simple paged results issue (DS 48146, DS 48192)- release 1.3.3.1-17 - Resolves: bug 1226510 - idm/ipa 389-ds-base entry cache converges to 500 KB in dblayer_is_cachesize_sane (DS 48190)- release 1.3.3.1-16 - Resolves: bug 1212894 - CVE-2015-1854 389ds-base: access control bypass with modrdn- release 1.3.3.1-15 - Setting correct build tag 'rhel-7.1-z-candidate'- release 1.3.3.1-14 - Resolves: bug 1189154 - DNS errors after IPA upgrade due to broken ReplSync (DS 48030) Fixes spec file to make sure all the server instances are stopped before upgrade - Resolves: bug 1186548 - ns-slapd crash in shutdown phase (DS 48005)- release 1.3.3.1-13 - Resolves: bug 1183655 - Fixed Covscan FORWARD_NULL defects (DS 47988)- release 1.3.3.1-12 - Resolves: bug 1182477 - Windows Sync accidentally cleared raw_entry (DS 47989) - Resolves: bug 1180325 - upgrade script fails if /etc and /var are on different file systems (DS 47991 ) - Resolves: bug 1183655 - Schema learning mechanism, in replication, unable to extend an existing definition (DS 47988)- release 1.3.3.1-11 - Resolves: bug 1080186 - During delete operation do not refresh cache entry if it is a tombstone (DS 47750)- release 1.3.3.1-10 - Resolves: bug 1172731 - CVE-2014-8112 password hashing bypassed when "nsslapd-unhashed-pw-switch" is set to off - Resolves: bug 1166265 - DS hangs during online total update (DS 47942) - Resolves: bug 1168151 - CVE-2014-8105 information disclosure through 'cn=changelog' subtree - Resolves: bug 1044170 - Allow memberOf suffixes to be configurable (DS 47526) - Resolves: bug 1171356 - Bind DN tracking unable to write to internalModifiersName without special permissions (DS 47950) - Resolves: bug 1153737 - logconv.pl -- support parsing/showing/reporting different protocol versions (DS 47949) - Resolves: bug 1171355 - start dirsrv after chrony on RHEL7 and Fedora (DS 47947) - Resolves: bug 1170707 - cos_cache_build_definition_list does not stop during server shutdown (DS 47967) - Resolves: bug 1170708 - COS memory leak when rebuilding the cache (DS - Ticket 47969) - Resolves: bug 1170709 - Account lockout attributes incorrectly updated after failed SASL Bind (DS 47970) - Resolves: bug 1166260 - cookie_change_info returns random negative number if there was no change in a tree (DS 47960) - Resolves: bug 1012991 - Error log levels not displayed correctly (DS 47636) - Resolves: bug 1108881 - rsearch filter error on any search filter (DS 47722) - Resolves: bug 994690 - Allow dynamically adding/enabling/disabling/removing plugins without requiring a server restart (DS 47451) - Resolves: bug 1162997 - Running a plugin task can crash the server (DS 47451) - Resolves: bug 1166252 - RHEL7.1 ns-slapd segfault when ipa-replica-install restarts (DS 47451) - Resolves: bug 1172597 - Crash if setting invalid plugin config area for MemberOf Plugin (DS 47525) - Resolves: bug 1139882 - coverity defects found in 1.3.3.x (DS 47965)- release 1.3.3.1-9 - Resolves: bug 1153737 - Disable SSL v3, by default. (DS 47928) - Resolves: bug 1163461 - Should not check aci syntax when deleting an aci (DS 47953)- release 1.3.3.1-8 - Resolves: bug 1156607 - Crash in entry_add_present_values_wsi_multi_valued (DS 47937) - Resolves: bug 1153737 - Disable SSL v3, by default (DS 47928, DS 47945, DS 47948) - Resolves: bug 1158804 - Malformed cookie for LDAP Sync makes DS crash (DS 47939)- release 1.3.3.1-7 - Resolves: bug 1153737 - Disable SSL v3, by default (DS 47928)- release 1.3.3.1-6 - Resolves: bug 1151287 - dynamically added macro aci is not evaluated on the fly (DS 47922) - Resolves: bug 1080186 - Need to move slapi_pblock_set(pb, SLAPI_MODRDN_EXISTING_ENTRY, original_entry->ep_entry) prior to original_entry overwritten (DS 47897) - Resolves: bug 1150694 - Encoding of SearchResultEntry is missing tag (DS 47920) - Resolves: bug 1150695 - ldbm_back_modify SLAPI_PLUGIN_BE_PRE_MODIFY_FN does not return even if one of the preop plugins fails. (DS 47919) - Resolves: bug 1139882 - Fix remaining compiler warnings (DS 47892) - Resolves: bug 1150206 - result of dna_dn_is_shared_config is incorrectly used (DS 47918)- release 1.3.3.1-5 - Resolves: bug 1139882 - coverity defects found in 1.3.3.x (DS 47892)- release 1.3.3.1-4 - Resolves: bug 1080186 - Creating a glue fails if one above level is a conflict or missing (DS 47750) - Resolves: bug 1145846 - 389-ds 1.3.3.0 does not adjust cipher suite configuration on upgrade, breaks itself and pki-server (DS 47908) - Resolves: bug 1117979 - harden the list of ciphers available by default (phase 2) (DS 47838) - provide enabled ciphers as search result (DS 47880)- release 1.3.3.1-3 - Resolves: bug 1139882 - coverity defects found in 1.3.3.1- release 1.3.3.1-2 - Resolves: bug 1079099 - Simultaneous adding a user and binding as the user could fail in the password policy check (DS 47748) - Resolves: bug 1080186 - Creating a glue fails if one above level is a conflict or missing (DS 47834) - Resolves: bug 1139882 - coverity defects found in 1.3.3.1 (DS 47890) - Resolves: bug 1112702 - Broken dereference control with the FreeIPA 4.0 ACIs (DS 47885 - deref plugin should not return references with noc access rights) - Resolves: bug 1117979 - harden the list of ciphers available by default (DS 47838, DS 47895) - Resolves: bug 1080186 - Creating a glue fails if one above level is a conflict or missing (DS 47889 - DS crashed during ipa-server-install on test_ava_filter)- release 1.3.3.1-1 - Resolves: bug 746646 - RFE: easy way to configure which users and groups to sync with winsync - Resolves: bug 881372 - nsDS5BeginReplicaRefresh attribute accepts any value and it doesn't throw any error when server restarts. - Resolves: bug 920597 - Possible to add invalid ACI value - Resolves: bug 921162 - Possible to add nonexistent target to ACI - Resolves: bug 923799 - if nsslapd-cachememsize set to the number larger than the RAM available, should result in proper error message. - Resolves: bug 924937 - Attribute "dsOnlyMemberUid" not allowed when syncing nested posix groups from AD with posixWinsync - Resolves: bug 951754 - Self entry access ACI not working properly - Resolves: bug 952517 - Dirsrv instance failed to start with Segmentation fault (core dump) after modifying 7-bit check plugin - Resolves: bug 952682 - nsslapd-db-transaction-batch-val turns to -1 - Resolves: bug 966443 - Plugin library path validation - Resolves: bug 975176 - Non-directory manager can change the individual userPassword's storage scheme - Resolves: bug 979465 - IPA replica's - "SASL encrypted packet length exceeds maximum allowed limit" - Resolves: bug 982597 - Some attributes in cn=config should not be multivalued - Resolves: bug 987009 - 389-ds-base - shebang with /usr/bin/env - Resolves: bug 994690 - RFE: Allow dynamically adding/enabling/disabling/removing plugins without requiring a server restart - Resolves: bug 1012991 - errorlog-level 16384 is listed as 0 in cn=config - Resolves: bug 1013736 - Enabling/Disabling DNA plug-in throws "ldap_modify: Server Unwilling to Perform (53)" error - Resolves: bug 1014380 - setup-ds.pl doesn't lookup the "root" group correctly - Resolves: bug 1020459 - rsa_null_sha should not be enabled by default - Resolves: bug 1024541 - start dirsrv after ntpd - Resolves: bug 1029959 - Managed Entries betxnpreoperation - transaction not aborted upon failure to create managed entry - Resolves: bug 1031216 - add dbmon.sh - Resolves: bug 1044133 - Indexed search with filter containing '&' and "!" with attribute subtypes gives wrong result - Resolves: bug 1044134 - should set LDAP_OPT_X_SASL_NOCANON to LDAP_OPT_ON by default - Resolves: bug 1044135 - make connection buffer size adjustable - Resolves: bug 1044137 - posix winsync should support ADD user/group entries from DS to AD - Resolves: bug 1044138 - mep_pre_op: Unable to fetch origin entry - Resolves: bug 1044139 - [RFE] Support RFC 4527 Read Entry Controls - Resolves: bug 1044140 - Allow search to look up 'in memory RUV' - Resolves: bug 1044141 - MMR stress test with dna enabled causes a deadlock - Resolves: bug 1044142 - winsync doesn't sync DN valued attributes if DS DN value doesn't exist - Resolves: bug 1044143 - modrdn + NSMMReplicationPlugin - Consumer failed to replay change - Resolves: bug 1044144 - resurrected entry is not correctly indexed - Resolves: bug 1044146 - Add a warning message when a connection hits the max number of threads - Resolves: bug 1044147 - 7-bit check plugin does not work for userpassword attribute - Resolves: bug 1044148 - The backend name provided to bak2db is not validated - Resolves: bug 1044149 - Winsync should support range retrieval - Resolves: bug 1044150 - 7-bit checking is not necessary for userPassword - Resolves: bug 1044151 - With SeLinux, ports can be labelled per range. setup-ds.pl or setup-ds-admin.pl fail to detect already ranged labelled ports - Resolves: bug 1044152 - ChainOnUpdate: "cn=directory manager" can modify userRoot on consumer without changes being chained or replicated. Directory integrity compromised. - Resolves: bug 1044153 - mods optimizer - Resolves: bug 1044154 - multi master replication allows schema violation - Resolves: bug 1044156 - DS crashes with some 7-bit check plugin configurations - Resolves: bug 1044157 - Some updates of "passwordgraceusertime" are useless when updating "userpassword" - Resolves: bug 1044159 - [RFE] Support 'Content Synchronization Operation' (SyncRepl) - RFC 4533 - Resolves: bug 1044160 - remove-ds.pl should remove /var/lock/dirsrv - Resolves: bug 1044162 - enhance retro changelog - Resolves: bug 1044163 - updates to ruv entry are written to retro changelog - Resolves: bug 1044164 - Password administrators should be able to violate password policy - Resolves: bug 1044168 - Schema replication between DS versions may overwrite newer base schema - Resolves: bug 1044169 - ACIs do not allow attribute subtypes in targetattr keyword - Resolves: bug 1044170 - Allow memberOf suffixes to be configurable - Resolves: bug 1044171 - Allow referential integrity suffixes to be configurable - Resolves: bug 1044172 - Plugin library path validation prevents intentional loading of out-of-tree modules - Resolves: bug 1044173 - make referential integrity configuration more flexible - Resolves: bug 1044177 - allow configuring changelog trim interval - Resolves: bug 1044179 - objectclass may, must lists skip rest of objectclass once first is found in sup - Resolves: bug 1044180 - memberOf on a user is converted to lowercase - Resolves: bug 1044181 - report unindexed internal searches - Resolves: bug 1044183 - With 1.3.04 and subtree-renaming OFF, when a user is deleted after restarting the server, the same entry can't be added - Resolves: bug 1044185 - dbscan on entryrdn should show all matching values - Resolves: bug 1044187 - logconv.pl - RFE - add on option for a minimum etime for unindexed search stats - Resolves: bug 1044188 - Recognize compressed log files - Resolves: bug 1044191 - support TLSv1.1 and TLSv1.2, if supported by NSS - Resolves: bug 1044193 - default nsslapd-sasl-max-buffer-size should be 2MB - Resolves: bug 1044194 - Complex filter in a search request doen't work as expected. - Resolves: bug 1044196 - Automember plug-in should treat MODRDN operations as ADD operations - Resolves: bug 1044198 - Replication of the schema may overwrite consumer 'attributetypes' even if consumer definition is a superset - Resolves: bug 1044202 - db2bak.pl issue when specifying non-default directory - Resolves: bug 1044203 - Allow referint plugin to use an alternate config area - Resolves: bug 1044205 - Allow memberOf to use an alternate config area - Resolves: bug 1044210 - idl switch does not work - Resolves: bug 1044211 - make old-idl tunable - Resolves: bug 1044212 - IDL-style can become mismatched during partial restoration - Resolves: bug 1044213 - backend performance - introduce optimization levels - Resolves: bug 1044215 - using transaction batchval violates durability - Resolves: bug 1044216 - examine replication code to reduce amount of stored state information - Resolves: bug 1048980 - 7-bit check plugin not checking MODRDN operation - Resolves: bug 1049030 - Windows Sync group issues - Resolves: bug 1052751 - Page control does not work if effective rights control is specified - Resolves: bug 1052754 - Allow nsDS5ReplicaBindDN to be a group DN - Resolves: bug 1057803 - logconv errors when search has invalid bind dn - Resolves: bug 1060032 - [RFE] Update lastLoginTime also in Account Policy plugin if account lockout is based on passwordExpirationTime. - Resolves: bug 1061060 - betxn: retro changelog broken after cancelled transaction - Resolves: bug 1061572 - improve dbgen rdn generation, output and man page. - Resolves: bug 1063990 - single valued attribute replicated ADD does not work - Resolves: bug 1064006 - Size returned by slapi_entry_size is not accurate - Resolves: bug 1064986 - Replication retry time attributes cannot be added - Resolves: bug 1067090 - Missing warning for invalid replica backoff configuration - Resolves: bug 1072032 - Updating nsds5ReplicaHost attribute in a replication agreement fails with error 53 - Resolves: bug 1074306 - Under heavy stress, failure of turning a tombstone into glue makes the server hung - Resolves: bug 1074447 - Part of DNA shared configuration is deleted after server restart - Resolves: bug 1076729 - Continuous add/delete of an entry in MMR setup causes entryrdn-index conflict - Resolves: bug 1077884 - ldap/servers/slapd/back-ldbm/dblayer.c: possible minor problem with sscanf - Resolves: bug 1077897 - Memory leak with proxy auth control - Resolves: bug 1079099 - Simultaneous adding a user and binding as the user could fail in the password policy check - Resolves: bug 1080186 - Creating a glue fails if one above level is a conflict or missing - Resolves: bug 1082967 - attribute uniqueness plugin fails when set as a chaining component - Resolves: bug 1085011 - Directory Server crash reported from reliab15 execution - Resolves: bug 1086890 - empty modify returns LDAP_INVALID_DN_SYNTAX - Resolves: bug 1086902 - mem leak in do_bind when there is an error - Resolves: bug 1086904 - mem leak in do_search - rawbase not freed upon certain errors - Resolves: bug 1086908 - Performing deletes during tombstone purging results in operation errors - Resolves: bug 1090178 - #481 breaks possibility to reassemble memberuid list - Resolves: bug 1092099 - A replicated MOD fails (Unwilling to perform) if it targets a tombstone - Resolves: bug 1092342 - nsslapd-ndn-cache-max-size accepts any invalid value. - Resolves: bug 1092648 - Negative value of nsSaslMapPriority is not reset to lowest priority - Resolves: bug 1097004 - Problem with deletion while replicated - Resolves: bug 1098654 - db2bak.pl error with changelogdb - Resolves: bug 1099654 - Normalization from old DN format to New DN format doesnt handel condition properly when there is space in a suffix after the seperator operator. - Resolves: bug 1108405 - find a way to remove replication plugin errors messages "changelog iteration code returned a dummy entry with csn %s, skipping ..." - Resolves: bug 1108407 - managed entry plugin fails to update managed entry pointer on modrdn operation - Resolves: bug 1108865 - memory leak in ldapsearch filter objectclass=* - Resolves: bug 1108870 - ACI warnings in error log - Resolves: bug 1108872 - Logconv.pl with an empty access log gives lots of errors - Resolves: bug 1108874 - logconv.pl memory continually grows - Resolves: bug 1108881 - rsearch filter error on any search filter - Resolves: bug 1108895 - [RFE - RHDS9] CLI report to monitor replication - Resolves: bug 1108902 - rhds91 389-ds-base-1.2.11.15-31.el6_5.x86_64 crash in db4 __dbc_get_pp env = 0x0 ? - Resolves: bug 1108909 - single valued attribute replicated ADD does not work - Resolves: bug 1109334 - 389 Server crashes if uniqueMember is invalid syntax and memberOf plugin is enabled. - Resolves: bug 1109336 - Parent numsubordinate count can be incorrectly updated if an error occurs - Resolves: bug 1109339 - Nested tombstones become orphaned after purge - Resolves: bug 1109354 - Tombstone purging can crash the server if the backend is stopped/disabled - Resolves: bug 1109357 - Coverity issue in 1.3.3 - Resolves: bug 1109364 - valgrind - value mem leaks, uninit mem usage - Resolves: bug 1109375 - provide default syntax plugin - Resolves: bug 1109378 - Environment variables are not passed when DS is started via service - Resolves: bug 1111364 - Updating winsync one-way sync does not affect the behaviour dynamically - Resolves: bug 1112824 - Broken dereference control with the FreeIPA 4.0 ACIs - Resolves: bug 1113605 - server restart wipes out index config if there is a default index - Resolves: bug 1115177 - attrcrypt_generate_key calls slapd_pk11_TokenKeyGenWithFlags with improper macro - Resolves: bug 1117021 - Server deadlock if online import started while server is under load - Resolves: bug 1117975 - paged results control is not working in some cases when we have a subsuffix. - Resolves: bug 1117979 - harden the list of ciphers available by default - Resolves: bug 1117981 - Fix various typos in manpages & code - Resolves: bug 1117982 - Fix hyphens used as minus signed and other manpage mistakes - Resolves: bug 1118002 - server crashes deleting a replication agreement - Resolves: bug 1118006 - RFE - forcing passwordmustchange attribute by non-cn=directory manager - Resolves: bug 1118007 - [RFE] Make it possible for privileges to be provided to an admin user to import an LDIF file containing hashed passwords - Resolves: bug 1118014 - Enhance ACIs to have more control over MODRDN operations - Resolves: bug 1118021 - Return all attributes in rootdse without explicit request - Resolves: bug 1118025 - Slow ldapmodify operation time for large quantities of multi-valued attribute values - Resolves: bug 1118032 - Schema Replication Issue - Resolves: bug 1118034 - 389 DS Server crashes and dies while handles paged searches from clients - Resolves: bug 1118043 - Failed deletion of aci: no such attribute - Resolves: bug 1118048 - If be_txn plugin fails in ldbm_back_add, adding entry is double freed. - Resolves: bug 1118051 - Add switch to disable pre-hashed password checking - Resolves: bug 1118054 - Make ldbm_back_seq independently support transactions - Resolves: bug 1118055 - Add operations rejected by betxn plugins remain in cache - Resolves: bug 1118057 - online import crashes server if using verbose error logging - Resolves: bug 1118059 - add fixup-memberuid.pl script - Resolves: bug 1118060 - winsync plugin modify is broken - Resolves: bug 1118066 - memberof scope: allow to exclude subtrees - Resolves: bug 1118069 - 389-ds production segfault: __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:144 - Resolves: bug 1118074_DELETE_FN - plugin returned error" messages - Resolves: bug 1118076 - ds logs many "Operation error fetching Null DN" messages - Resolves: bug 1118077 - Improve import logging and abort handling - Resolves: bug 1118079 - Multi master replication initialization incomplete after restore of one master - Resolves: bug 1118080 - Don't add unhashed password mod if we don't have an unhashed value - Resolves: bug 1118081 - Investigate betxn plugins to ensure they return the correct error code - Resolves: bug 1118082 - The error result text message should be obtained just prior to sending result - Resolves: bug 1123865 - CVE-2014-3562 389-ds-base: 389-ds: unauthenticated information disclosure [rhel-7.1]- release 1.3.1.6-26 - Resolves: bug 1085011 - Directory Server crash reported from reliab15 execution (Ticket 346)- release 1.3.1.6-25 - Resolves: bug 1082740 - ns-slapd crash in reliability 15- release 1.3.1.6-24 - Resolves: bug 1074084 - e_uniqueid fails to set if an entry is a conflict entry (Ticket 47735); regression - sub-type length in attribute type was mistakenly subtracted.- Resolves: bug 1074850 - EMBARGOED CVE-2014-0132 389-ds-base: 389-ds: flaw in parsing authzid can lead to privilege escalation [rhel-7.0] (Ticket 47739 - directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind) (Added 0095-Ticket-47739-directory-server-is-insecurely-misinter.patch) Tue Mar 11 2014 Noriko Hosoi - 1.3.1.6-23 - release 1.3.1.6-22 - Resolves: bug 1074850 - EMBARGOED CVE-2014-0132 389-ds-base: 389-ds: flaw in parsing authzid can lead to privilege escalation [rhel-7.0] (Ticket 47739 - directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind)- release 1.3.1.6-22 - Resolves: bug 1074084 - e_uniqueid fails to set if an entry is a conflict entry (Ticket 47735)- release 1.3.1.6-21 - Resolves: bug 918694 - Fix covscan defect FORWARD_NULL (Ticket 408) - Resolves: bug 918717 - Fix covscan defect COMPILER WARNINGS (Ticket 571)- release 1.3.1.6-20 - Resolves: bug 1065242 - 389-ds-base, conflict occurs at yum installation if multilib_policy=all. (Ticket 47709)- release 1.3.1.6-19 - Resolves: bug 1065971 - Enrolling a host into IdM/IPA always takes two attempts (Ticket 47704)- release 1.3.1.6-18 - Resolves: bug 838656 - logconv.pl tool removes the access logs contents if "-M" is not correctly used (Ticket 471) - Resolves: bug 922538 - improve dbgen rdn generation, output (Ticket 47374) - Resolves: bug 970750 - flush.pl is not included in perl5 (Ticket 47374) - Resolves: bug 1013898 - Fix various issues with logconv.pl (Ticket 471)- release 1.3.1.6-17 - Resolves: bug 853106 - Deleting attribute present in nsslapd-allowed-to-delete-attrs returns Operations error (Ticket 443) - Resolves: bug 1049525 - Server hangs in cos_cache when adding a user entry (Ticket 47649)- Mass rebuild 2014-01-24- release 1.3.1.6-15 - Resolves: bug 918702 - better error message when cache overflows (Ticket 342) - Resolves: bug 1009679 - replication stops with excessive clock skew (Ticket 47516) - Resolves: bug 1042855 - Unable to delete protocol timeout attribute (Ticket 47620) - Resolves: bug 918694 - Fix crash when disabling/enabling the setting (Ticket 408) - Resolves: bug 853355 - config_set_allowed_to_delete_attrs: Valgrind reports Invalid read (Ticket 47660)- release 1.3.1.6-14 - Resolves: bug 853355 - Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs (Ticket 447) - Resolves: bug 1034739 - Impossible to configure nsslapd-allowed-sasl-mechanisms (Ticket 47613) - Resolves: bug 1038639 - 389-ds rejects nsds5ReplicaProtocolTimeout attribut; Fix logically dead code; Fix dereferenced NULL pointer in agmtlist_modify_callback(); Fix missing left brackete (Ticket 47620) - Resolves: bug 1042855 - nsds5ReplicaProtocolTimeout attribute is not validated when added to replication agreement; Config value validation improvement (Ticket 47620) - Resolves: bug 918717 - server does not accept 0 length LDAP Control sequence (Ticket 571) - Resolves: bug 1034902 - replica init/bulk import errors should be more verbose (Ticket 47606) - Resolves: bug 1044219 - fix memleak caused by 47347 (Ticket 47623) - Resolves: bug 1049522 - Crash after replica is installed; Fix cherry-pick error for 1.3.2 and 1.3.1 (Ticket 47620) - Resolves: bug 1049568 - changelog iteration should ignore cleaned rids when getting the minCSN (Ticket 47627)- Mass rebuild 2013-12-27- release 1.3.1.6-12 - Resolves: bug 1038639 - 389-ds rejects nsds5ReplicaProtocolTimeout attribute (Ticket 47620) - Resolves: bug 1034898 - automember plugin task memory leaks (Ticket 47592) - Resolves: bug 1034451 - Possible to specify invalid SASL mechanism in nsslapd-allowed-sasl-mechanisms (Ticket 47614) - Resolves: bug 1032318 - entries with empty objectclass attribute value can be hidden (Ticket 47591) - Resolves: bug 1032316 - attrcrypt fails to find unlocked key (Ticket 47596) - Resolves: bug 1031227 - Reduce lock scope in retro changelog plug-in (Ticket 47599) - Resolves: bug 1031226 - Convert ldbm_back_seq code to be transaction aware (Ticket 47598) - Resolves: bug 1031225 - Convert retro changelog plug-in to betxn (Ticket 47597) - Resolves: bug 1031223 - hard coded limit of 64 masters in agreement and changelog code (Ticket 47587) - Resolves: bug 1034739 - Impossible to configure nsslapd-allowed-sasl-mechanisms (Ticket 47613) - Resolves: bug 1035824 - Automember betxnpreoperation - transaction not aborted when group entry does not exist (Ticket 47622)- Resolves: bug 1024979 - CVE-2013-4485 389-ds-base: DoS due to improper handling of ger attr searches- release 1.3.1.6-10 - Resolves: bug 1018893 DS91: ns-slapd stuck in DS_Sleep - had to revert earlier change - does not work and breaks ipa- release 1.3.1.6-9 - Resolves: bug 1028440 - Winsync replica initialization and incremental updates from DS to AD fails on RHEL - Resolves: bug 1027502 - Replication Failures related to skipped entries due to cleaned rids - Resolves: bug 1027047 - Winsync plugin segfault during incremental backoff- release 1.3.1.6-8 - Resolves: bug 971111 - DNA plugin failed to fetch replication agreement - Resolves: bug 1026931 - 1.2.11.29 crash when removing entries from cache- Resolves: bug 1018893 DS91: ns-slapd stuck in DS_Sleep - Resolves: bug 1018914 fixup memberof task does not work: task entry not added- Resolves: bug 1013900 - logconv: some stats do not work across server restarts - previous patch introduced regressions - fixed by c2eced0 ticket #47550 and e2a880b Ticket #47550 and 8b10f83 Ticket #47551 - Resolves: bug 1008610 - tmpfiles.d references /var/lock when they should reference /run/lock - previous patch not complete, fixed by a11be5c Ticket 47513 - Resolves: bug 1016749 - DS crashes when "cn=Directory Manager" is changing it's password - cherry picked upstream f786600 Ticket 47329 and b67e230 Coverity Fixes - Resolves: bug 1015252 locale "nl" not supported by collation plugin - Resolves: bug 1016317 Need to update supported locales - Resolves: bug 1016722 memory leak in range searches- Resolves: bug 1013896 - logconv.pl - Use of comma-less variable list is deprecated - Resolves: bug 1008256 - backend txn plugin fixup tasks should be done in a txn - Resolves: bug 1013738 - CLEANALLRUV doesnt run across all replicas - Resolves: bug 1011220 - PassSync removes User must change password flag on the Windows side - Resolves: bug 1008610 - tmpfiles.d references /var/lock when they should reference /run/lock - Resolves: bug 1012125 - Set up replcation/agreement before initializing the sub suffix, the sub suffix is not found by ldapsearch - Resolves: bug 1013063 - RUV tombstone search with scope "one" doesn`t work - Resolves: bug 1013893 - Indexed search are logged with 'notes=U' in the access logs - Resolves: bug 1013894 - improve logconv.pl performance with large access logs - Resolves: bug 1013898 - Fix various issues with logconv.pl - Resolves: bug 1013897 - logconv.pl uses /var/tmp for BDB temp files - Resolves: bug 1013900 - logconv: some stats do not work across server restarts - Resolves: bug 1014354 - Coverity fixes - 12023, 12024, and 12025- bump version to 1.3.1.6-4 - Resolves Bug 1007988 - Under specific values of nsDS5ReplicaName, replication may get broken or updates missing (Ticket 47489) - Resolves Bug 853931 - Allow macro aci keywords to be case-insensitive (Ticket 449) - Resolves Bug 1006563 - automember rebuild task not working as expected (Ticket 47507)- Ticket #47455 - valgrind - value mem leaks, uninit mem usage - Ticket 47500 - start-dirsrv/restart-dirsrv/stop-disrv do not register with systemd correctly- bump version to 1.3.1.6-2 - Resolves Bug 1000633 - ns-slapd crash due to bogus DN - Ticket #47488 - Users from AD sub OU does not sync to IPA- bump version to 1.3.1.6 - Ticket 47455 - valgrind - value mem leaks, uninit mem usage - fix coverity 11915 - dead code - introduced with fix for ticket 346 - fix coverity 11895 - null deref - caused by fix to ticket 47392 - fix compiler warning in posix winsync code for posix_group_del_memberuid_callback - Fix compiler warnings for Ticket 47395 and 47397 - fix compiler warning (cherry picked from commit 904416f4631d842a105851b4a9931ae17822a107) - Ticket 47450 - Fix compiler formatting warning errors for 32/64 bit arch - fix compiler warnings - Fix compiler warning (cherry picked from commit ec6ebc0b0f085a82041d993ab2450a3922ef5502)- bump version to 1.3.1.5 - Ticket 47456 - delete present values should append values to deleted values - Ticket 47455 - valgrind - value mem leaks, uninit mem usage - Ticket 47448 - Segfault in 389-ds-base-1.3.1.4-1.fc19 when setting up FreeIPA replication - Ticket 47440 - Fix runtime errors caused by last patch. - Ticket 47440 - Fix compilation warnings and header files - Ticket 47405 - CVE-2013-2219 ACLs inoperative in some search scenarios - Ticket 47447 - logconv.pl man page missing -m,-M,-B,-D - Ticket 47378 - fix recent compiler warnings - Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold - Ticket 47449 - deadlock after adding and deleting entries - Ticket 47441 - Disk Monitoring not checking filesystem with logs - Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold- bump version to 1.3.1.4 - Ticket 47435 - Very large entryusn values after enabling the USN plugin and the lastusn value is negat - Ticket 47424 - Replication problem with add-delete requests on single-valued attributes - Ticket 47367 - (phase 2) ldapdelete returns non-leaf entry error while trying to remove a leaf entry - Ticket 47367 - (phase 1) ldapdelete returns non-leaf entry error while trying to remove a leaf entry - Ticket 47421 - memory leaks in set_krb5_creds - Ticket 346 - version 4 Slow ldapmodify operation time for large quantities of multi-valued attribute v - Ticket 47369 version2 - provide default syntax plugin - Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold - Ticket 47339 - RHDS denies MODRDN access if ACI list contains any DENY rule - Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold - Ticket 47428 - Memory leak in 389-ds-base 1.2.11.15 - Ticket 47392 - ldbm errors when adding/modifying/deleting entries - Ticket 47385 - Disk Monitoring is not triggered as expected. - Ticket 47410 - changelog db deadlocks with DNA and replication- bump version to 1.3.1.3 - Ticket 47374 - flush.pl is not included in perl5 - Ticket 47391 - deleting and adding userpassword fails to update the password (additional fix) - Ticket 47393 - Attribute are not encrypted on a consumer after a full initialization - Ticket 47395 47397 - v2 correct behaviour of account policy if only stateattr is configured or no alternate attr is configured - Ticket 47396 - crash on modrdn of tombstone - Ticket 47400 - MMR stress test with dna enabled causes a deadlock - Ticket 47409 - allow setting db deadlock rejection policy - Ticket 47419 - Unhashed userpassword can accidentally get removed from mods - Ticket 47420 - An upgrade script 80upgradednformat.pl fails to handle a server instance name incuding '-'- Rebuilt for new net-snmp- bump version to 1.3.1.2 - Ticket 47391 - deleting and adding userpassword fails to update the password - Coverity Fixes (Part 7)- bump version to 1.3.1.1 - Ticket 402 - nhashed#user#password in entry extension - Ticket 511 - Revision - allow turning off vattr lookup in search entry return - Ticket 580 - Wrong error code return when using EXTERNAL SASL and no client certificate - Ticket 47327 - error syncing group if group member user is not synced - Ticket 47355 - dse.ldif doesn't replicate update to nsslapd-sasl-mapping-fallback - Ticket 47359 - new ldap connections can block ldaps and ldapi connections - Ticket 47362 - ipa upgrade selinuxusermap data not replicating - Ticket 47375 - flush_ber error sending back start_tls response will deadlock - Ticket 47376 - DESC should not be empty as per RFC 2252 (ldapv3) - Ticket 47377 - make listen backlog size configurable - Ticket 47378 - fix recent compiler warnings - Ticket 47383 - connections attribute in cn=snmp,cn=monitor is counted twice - Ticket 47385 - DS not shutting down when disk monitoring threshold is reached - Coverity Fixes (part 1) - Coverity Fixes (Part 2) - Coverity Fixes (Part 3) - Coverity Fixes (Part 4) - Coverity Fixes (Part 5)- bump version to 1.3.1.0 - Ticket 332 - Command line perl scripts should attempt most secure connection type first - Ticket 342 - better error message when cache overflows - Ticket 417 - RFE - forcing passwordmustchange attribute by non-cn=directory manager - Ticket 419 - logconv.pl - improve memory management - Ticket 422 - 389-ds-base - Can't call method "getText" - Ticket 433 - multiple bugs in start-dirsrv, stop-dirsrv, restart-dirsrv scripts - Ticket 458 - RFE - Make it possible for privileges to be provided to an admin user to import an LDIF file containing hashed passwords - Ticket 471 - logconv.pl tool removes the access logs contents if "-M" is not correctly used - Ticket 487 - Possible to add invalid attribute values to PAM PTA plugin configuration - Ticket 502 - setup-ds.pl script should wait if "semanage.trans.LOCK" presen - Ticket 505 - use lock-free access name2asi and oid2asi tables (additional) - Ticket 508 - lock-free access to FrontendConfig structure - Ticket 511 - allow turning off vattr lookup in search entry return - Ticket 525 - Introducing a user visible configuration variable for controlling replication retry time - Ticket 528 - RFE - get rid of instance specific scripts - Ticket 529 - dn normalization must handle multiple space characters in attributes - Ticket 532 - RUV is not getting updated for both Master and consumer - Ticket 533 - only scan for attributes to decrypt if there are encrypted attrs configured - Ticket 534 - RFE: Add SASL mappings fallback - Ticket 537 - Improvement of range search - Ticket 539 - logconv.pl should handle microsecond timing - Ticket 543 - Sorting with attributes in ldapsearch gives incorrect result - Ticket 545 - Segfault during initial LDIF import: str2entry_dupcheck() - Ticket 547 - Incorrect assumption in ndn cache - Ticket 550 - posix winsync will not create memberuid values if group entry become posix group in the same sync interval - Ticket 551 - Multivalued rootdn-days-allowed in RootDN Access Control plugin always results in access control violation - Ticket 552 - Adding rootdn-open-time without rootdn-close-time to RootDN Acess Control results in inconsistent configuration - Ticket 558 - Replication - make timeout for protocol shutdown configurable - Ticket 561 - disable writing unhashed#user#password to changelog - Ticket 563 - DSCreate.pm: Error messages cannot be used in the if expression since they could be localized. - Ticket 565 - turbo mode and replication - allow disable of turbo mode - Ticket 571 - server does not accept 0 length LDAP Control sequence - Ticket 574 - problems with dbcachesize disk space calculation - Ticket 583 - dirsrv fails to start on reboot due to /var/run/dirsrv permissions - Ticket 585 - Behaviours of "db2ldif -a " and "db2ldif.pl -a " are inconsistent - Ticket 587 - Replication error messages in the DS error logs - Ticket 588 - Create MAN pages for command line scripts - Ticket 600 - Server should return unavailableCriticalExtension when processing a badly formed critical control - Ticket 603 - A logic error in str2simple - Ticket 604 - Required attribute not checked during search operation - Ticket 608 - Posix Winsync plugin throws "posix_winsync_end_update_cb: failed to add task entry" error message - Ticket 611 - logconv.pl missing stats for StartTLS, LDAPI, and AUTOBIND - Ticket 612 - improve dbgen rdn generation, output - Ticket 613 - ldclt: add timestamp, interval, nozeropad, other improvements - Ticket 616 - High contention on computed attribute lock - Ticket 618 - Crash at shutdown while stopping replica agreements - Ticket 620 - Better logging of error messages for 389-ds-base - Ticket 621 - modify operations without values need to be written to the changelog - Ticket 622 - DS logging errors "libdb: BDB0171 seek: 2147483648: (262144 * 8192) + 0: No such file or directory - Ticket 631 - Replication: "Incremental update started" status message without consumer initialized - Ticket 633 - allow nsslapd-nagle to be disabled, and also tcp cork - Ticket 47299 - allow cmdline scripts to work with non-root user - Ticket 47302 - get rid of sbindir start/stop/restart slapd scripts - Ticket 47303 - start/stop/restart dirsrv scripts should report and error if no instances - Ticket 47304 - reinitialization of a master with a disabled agreement hangs - Ticket 47311 - segfault in db2ldif(trigger by a cleanallruv task) - Ticket 47312 - replace PR_GetFileInfo with PR_GetFileInfo64 - Ticket 47315 - filter option in fixup-memberof requires more clarification - Ticket 47325 - Crash at shutdown on a replica aggrement - Ticket 47330 - changelog db extension / upgrade is obsolete - Ticket 47336 - logconv.pl -m not working for all stats - Ticket 47341 - logconv.pl -m time calculation is wrong - Ticket 47343 - 389-ds-base: Does not support aarch64 in f19 and rawhide - Ticket 47347 - Simple paged results should support async search - Ticket 47348 - add etimes to per second/minute stats - Ticket 47349 - DS instance crashes under a high load- bump version to 1.3.0.5 - Ticket 47308 - unintended information exposure when anonymous access is set to rootdse - Ticket 628 - crash in aci evaluation - Ticket 627 - ns-slapd crashes sporadically with segmentation fault in libslapd.so - Ticket 634 - Deadlock in DNA plug-in Ticket #576 - DNA: use event queue for config update only at the start up - Ticket 632 - 389-ds-base cannot handle Kerberos tickets with PAC - Ticket 623 - cleanAllRUV task fails to cleanup config upon completion- e53d691 bump version to 1.3.0.4 - Bug 912964 - CVE-2013-0312 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data - Ticket 570 - DS returns error 20 when replacing values of a multi-valued attribute (only when replication is enabled) - Ticket 490 - Slow role performance when using a lot of roles - Ticket 590 - ns-slapd segfaults while trying to delete a tombstone entry- bump version to 1.3.0.3 - Ticket #584 - Existence of an entry is not checked when its password is to be deleted - Ticket 562 - Crash when deleting suffix- Rebuild for icu 50- bump version to 1.3.0.2 - Ticket #542 - Cannot dynamically set nsslapd-maxbersize- bump version to 1.3.0.1 - Ticket 556 - Don't overwrite certmap.conf during upgrade- bump version to 1.3.0.0- bump version to 1.3.0.rc3 - Ticket 549 - DNA plugin no longer reports additional info when range is depleted - Ticket 541 - need to set plugin as off in ldif template - Ticket 541 - RootDN Access Control plugin is missing after upgrade- bump version to 1.3.0.rc2 - Trac Ticket #497 - Escaped character cannot be used in the substring search filter - Ticket 509 - lock-free access to be->be_suffixlock - Trac Ticket #522 - betxn: upgrade is not implemented yet- bump version to 1.3.0.rc1 - Ticket #322 - Create DOAP description for the 389 Directory Server project - Trac Ticket #499 - Handling URP results is not corrrect - Ticket 509 - lock-free access to be->be_suffixlock - Ticket 456 - improve entry cache sizing - Trac Ticket #531 - loading an entry from the database should use str2entry_f - Trac Ticket #536 - Clean up compiler warnings for 1.3 - Trac Ticket #531 - loading an entry from the database should use str2entry_fast - Ticket 509 - lock-free access to be->be_suffixlock - Ticket 527 - ns-slapd segfaults if it cannot rename the logs - Ticket 395 - RFE: 389-ds shouldn't advertise in the rootDSE that we can handle a sasl mech if we really can't - Ticket 216 - disable replication agreements - Ticket 518 - dse.ldif is 0 length after server kill or machine kill - Ticket 393 - Change in winSyncInterval does not take immediate effect - Ticket 20 - Allow automember to work on entries that have already been added - Coverity Fixes - Ticket 349 - nsViewFilter syntax issue in 389DS 1.2.5 - Ticket 337 - improve CLEANRUV functionality - Fix for ticket 504 - Ticket 394 - modify-delete userpassword - minor fixes for bdb 4.2/4.3 and mozldap - Trac Ticket #276 - Multiple threads simultaneously working on connection's private buffer causes ns-slapd to abort - Fix for ticket 465: cn=monitor showing stats for other db instances - Ticket 507 - use mutex for FrontendConfig lock instead of rwlock - Fix for ticket 510 Avoid creating an attribute just to determine the syntax for a type, look up the syntax directly by type - Coverity defect: Resource leak 13110 - Ticket 517 - crash in DNA if no dnaMagicRegen is specified - Trac Ticket #520 - RedHat Directory Server crashes (segfaults) when moving ldap entry - Trac Ticket #519 - Search with a complex filter including range search is slow - Trac Ticket #500 - Newly created users with organizationalPerson objectClass fails to sync from AD to DS with missing attribute error - Trac Ticket #311 - IP lookup failing with multiple DNS entries - Trac Ticket #447 - Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs - Trac Ticket #443 - Deleting attribute present in nsslapd-allowed-to-delete-attrs returns Operations error - Ticket #503 - Improve AD version in winsync log message - Trac Ticket #190 - Un-resolvable server in replication agreement produces unclear error message - Coverity fixes - Trac Ticket #391 - Slapd crashes when deleting backends while operations are still in progress - Trac Ticket #448 - Possible to set invalid macros in Macro ACIs - Trac Ticket #498 - Cannot abaondon simple paged result search - Coverity defects - Trac Ticket #494 - slapd entered to infinite loop during new index addition - Fixing compiler warnings in the posix-winsync plugin - Coverity defects - Ticket 147 - Internal Password Policy usage very inefficient - Ticket 495 - internalModifiersname not updated by DNA plugin - Revert "Ticket 495 - internalModifiersname not updated by DNA plugin" - Ticket 495 - internalModifiersname not updated by DNA plugin - Ticket 468 - if pam_passthru is enabled, need to AC_CHECK_HEADERS([security/pam_appl.h]) - Ticket 486 - nsslapd-enablePlugin should not be multivalued - Ticket 488 - Doc: DS error log messages with typo - Trac Ticket #451 - Allow db2ldif to be quiet - Ticket #491 - multimaster_extop_cleanruv returns wrong error codes - Ticket #481 - expand nested posix groups - Trac Ticket #455 - Insufficient rights to unhashed#user#password when user deletes his password - Ticket #446 - anonymous limits are being applied to directory managerTicket #28 MOD operations with chained delete/add get back error 53 on backend config Ticket #173 ds-logpipe.py script's man page and script help should be updated for -t option. Ticket #196 RFE: Interpret IPV6 addresses for ACIs, replication, and chaining Ticket #218 RFE - Make RIP working with Replicated Entries Ticket #328 make sure all internal search filters are properly escaped Ticket #329 389-admin build fails on F-18 with new apache Ticket #344 deadlock in replica_write_ruv Ticket #351 use betxn plugins by default Ticket #352 make cos, roles, views betxn aware Ticket #356 logconv.pl - RFE - track bind info Ticket #365 Audit log - clear text password in user changes Ticket #370 Opening merge qualifier CoS entry using RHDS console changes the entry. Ticket #372 Setting nsslapd-listenhost or nsslapd-securelistenhost breaks ACI processing Ticket #386 Overconsumption of memory with large cachememsize and heavy use of ldapmodify Ticket #402 unhashedTicket #userTicket #password in entry extension Ticket #408 Create a normalized dn cache Ticket #453 db2index with -tattrname:type,type fails Ticket #461 fix build problem with mozldap c sdk Ticket #462 add test for include file mntent.h Ticket #463 different parameters of getmntent in Solaris- Trac Ticket #470 - 389 prevents from adding a posixaccount with userpassword after schema reload - Ticket 477 - CLEANALLRUV if there are only winsync agmts task will hang - Ticket 457 - dirsrv init script returns 0 even when few or all instances fail to start - Ticket 473 - change VERSION.sh to have console version be major.minor - Ticket 475 - Root DN Access Control - improve value checking for config - Trac Ticket #466 - entry_apply_mod - ADD: Failed to set unhashed#user#password to extension - Ticket 474 - Root DN Access Control - days allowed not working correctly - Ticket 467 - CLEANALLRUV abort task should be able to ignore down replicas - 0b79915 fix compiler warnings in ticket 374 code - Ticket 452 - automember rebuild task adds users to groups that do not match the configuration scope- Ticket 450 - CLEANALLRUV task gets stuck on winsync replication agreement - Ticket 386 - large memory growth with ldapmodify(heap fragmentation) - this patch doesn't fix the bug - it allows us to experiment with - different values of mxfast - Ticket #374 - consumer can go into total update mode for no reason- Ticket #426 - support posix schema for user and group sync - 1) plugin config ldif must contain pluginid, etc. during upgrade or it - will fail due to schema errors - 2) posix winsync should have a lower precedence (25) than the default (50) - so that it will be run first - 3) posix winsync should support the Winsync API v3 - the v2 functions are - just stubs for now - but the precedence cb is active- 8e5087a Coverity defects - 13089: Dereference after null check ldbm_back_delete - Trac Ticket #437 - variable dn should not be used in ldbm_back_delete - ba1f5b2 fix coverity resource leak in windows_plugin_add - e3e81db Simplify program flow: change while loops to for - a0d5dc0 Fix logic errors: del_mod should be latched (might not be last mod), and avoid skipping add-mods (int value 0) - 0808f7e Simplify program flow: make adduids/moduids/deluids action blocks all similar - 77eb760 Simplify program flow: eliminate unnecessary continue - c9e9db7 Memory leaks: unmatched slapi_attr_get_valueset and slapi_value_new - a4ca0cc Change "return"s in modGroupMembership to "break"s to avoid leaking - d49035c Factorize into new isPosixGroup function - 3b61c03 coverity - posix winsync mem leaks, null check, deadcode, null ref, use after free - 33ce2a9 fix mem leaks with parent dn log message, setting winsync windows domain - Ticket #440 - periodic dirsync timed event causes server to loop repeatedly - Ticket #355 - winsync should not delete entry that appears to be out of scope - Ticket 436 - nsds5ReplicaEnabled can be set with any invalid values. - 487932d coverity - mbo dead code - winsync leaks, deadcode, null check, test code - 2734a71 CLEANALLRUV coverity fixes - Ticket #426 - support posix schema for user and group sync - Ticket #430 - server to server ssl client auth broken with latest openldap6c0778f bumped version to 1.2.11.11 Ticket 429 - added nsslapd-readonly to DS schema Ticket 403 - fix CLEANALLRUV regression from last commit Trac Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute valuesdb6b354 bumped version to 1.2.11.10 Ticket 403 - CLEANALLRUV revisionsea05e69 Bumped version to 1.2.11.9 Ticket 407 - dna memory leak - fix crash from prev fixddcf669 bump version to 1.2.11.8 for offical release Ticket #425 - support multiple winsync plugins Ticket 403 - cleanallruv coverity fixes Ticket 407 - memory leak in dna plugin Ticket 403 - CLEANALLRUV feature Ticket 413 - "Server is unwilling to perform" when running ldapmodify on nsds5ReplicaStripAttrs 3168f04 Coverity defects 5ff0a02 COVERITY FIXES Ticket #388 - Improve replication agreement status messages 0760116 Update the slapi-plugin documentation on new slapi functions, and added a slapi function for checking on shutdowns Ticket #369 - restore of replica ldif file on second master after deleting two records shows only 1 deletion Ticket #409 - Report during startup if nsslapd-cachememsize is too small Ticket #412 - memberof performance enhancement 12813: Uninitialized pointer read string_values2keys Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values Ticket #410 - Referential integrity plug-in does not work when update interval is not zero Ticket #406 - Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled Ticket #405 - referint modrdn not working if case is different Ticket 399 - slapi_ldap_bind() doesn't check bind results- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Perl 5.16 rebuild- Ticket 378 - unhashed#user#password visible after changing password - fix func declaration from previous patch - Ticket 366 - Change DS to purge ticket from krb cache in case of authentication error- Trac Ticket 396 - Account Usability Control Not Working- Ticket #378 - audit log does not log unhashed password: enabled, by default. - Ticket #378 - unhashed#user#password visible after changing password - Ticket #365 - passwords in clear text in the audit log- workaround for https://bugzilla.redhat.com/show_bug.cgi?id=833529- Ticket #387 - managed entry sometimes doesn't delete the managed entry - 5903815 improve txn test index handling - Ticket #360 - ldapmodify returns Operations error - fix delete caching - bcfa9e3 Coverity Fix for CLEANALLRUV - Trac Ticket #335 - transaction retries need to be cache aware - Ticket #389 - ADD operations not in audit log - 44cdc84 fix coverity issues with uninit vals, no return checking - Ticket 368 - Make the cleanAllRUV task one step - Ticket #110 - RFE limiting root DN by host, IP, time of day, day of week- Perl 5.16 rebuild- Ticket #360 - ldapmodify returns Operations error - Ticket #321 - krbExtraData is being null modified and replicated on each ssh login - Trac Ticket #359 - Database RUV could mismatch the one in changelog under the stress - Ticket #361: Bad DNs in ACIs can segfault ns-slapd - Trac Ticket #338 - letters in object's cn get converted to lowercase when renaming object - Ticket #337 - Improve CLEANRUV task- Ticket #358 - managed entry doesn't delete linked entry- Ticket #351 - use betxn plugins by default - revert - make no plugins betxn by default - too great a risk - for deadlocks until we can test this better - Ticket #348 - crash in ldap_initialize with multiple threads - fixes PR_Init problem in ldclt- f227f11 Suppress alert on unavailable port with forced setup - Ticket #353 - coverity 12625-12629 - leaks, dead code, unchecked return - Ticket #351 - use betxn plugins by default - Trac Ticket #345 - db deadlock return should not log error - Ticket #348 - crash in ldap_initialize with multiple threads - Ticket #214 - Adding Replication agreement should complain if required nsds5ReplicaCredentials not supplied - Ticket #207 - [RFE] enable attribute that tracks when a password was last set - Ticket #216 - RFE - Disable replication agreements - Ticket #337 - RFE - Improve CLEANRUV functionality - Ticket #326 - MemberOf plugin should work on all backends - Trac Ticket #19 - Convert entryUSN plugin to transaction aware type - Ticket #347 - IPA dirsvr seg-fault during system longevity test - Trac Ticket #310 - Avoid calling escape_string() for logged DNs - Trac Ticket #338 - letters in object's cn get converted to lowercase when renaming object - Ticket #183 - passwordMaxFailure should lockout password one sooner - Trac Ticket #335 - transaction retries need to be cache aware - Ticket #336 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) - Ticket #325 - logconv.pl : use of getopts to parse command line options - Ticket #336 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) - 554e29d Coverity Fixes - Trac Ticket #46 - (additional 2) setup-ds-admin.pl does not like ipv6 only hostnames - Ticket #183 - passwordMaxFailure should lockout password one sooner - and should be configurable to avoid regressions - Ticket #315 - small fix to libglobs - Ticket #315 - ns-slapd exits/crashes if /var fills up - Ticket #20 - Allow automember to work on entries that have already been added - Trac Ticket #45 - Fine Grained Password policy: if passwordHistory is on, deleting the password fails.- 453eb97 schema def must have DESC '' - close paren must be preceded by space - Trac Ticket #46 - (additional) setup-ds-admin.pl does not like ipv6 only hostnames - Ticket #331 - transaction errors with db 4.3 and db 4.2 - Ticket #261 - Add Solaris i386 - Ticket #316 and Ticket #70 - add post add/mod and AD add callback hooks - Ticket #324 - Sync with group attribute containing () fails - Ticket #319 - ldap-agent crashes on start with signal SIGSEGV - 77cacd9 coverity 12606 Logically dead code - Trac Ticket #303 - make DNA range requests work with transactions - Ticket #320 - allow most plugins to be betxn plugins - Ticket #24 - Add nsTLS1 to the DS schema - Ticket #271 - Slow shutdown when you have 100+ replication agreements - TIcket #285 - compilation fixes for '--format-security' - Ticket 211 - Avoid preop range requests non-DNA operations - Ticket #271 - replication code cleanup - Ticket 317 - RHDS fractional replication with excluded password policy attributes leads to wrong error messages. - Ticket #308 - Automembership plugin fails if data and config area mixed in the plugin configuration - Ticket #292 - logconv.pl reporting unindexed search with different search base than shown in access logs - 6f8680a coverity 12563 Read from pointer after free (fix 2) - e6a9b22 coverity 12563 Read from pointer after free - 245d494 Config changes fail because of unknown attribute "internalModifiersname" - Ticket #191 - Implement SO_KEEPALIVE in network calls - Ticket #289 - allow betxn plugin config changes - 93adf5f destroy the entry cache and dn cache in the dse post op delete callback - e2532d8 init txn thread private data for all database modes - Ticket #291 - cannot use & in a sasl map search filter - 6bf6e79 Schema Reload crash fix - 60b2d12 Fixing compiler warnings - Trac Ticket #260 - 389 DS does not support multiple paging controls on a single connection - Ticket #302 - use thread local storage for internalModifiersName & internalCreatorsName - fdcc256 Minor bug fix introcuded by commit 69c9f3bf7dd9fe2cadd5eae0ab72ce218b78820e - Ticket #306 - void function cannot return value - ticket 181 - Allow PAM passthru plug-in to have multiple config entries - ticket 211 - Use of uninitialized variables in ldbm_back_modify() - Ticket #74 - Add schema for DNA plugin (RFE) - Ticket #301 - implement transaction support using thread local storage - Ticket #211 - dnaNextValue gets incremented even if the user addition fails - 144af59 coverity uninit var and resource leak - Trac Ticket #34 - remove-ds.pl does not remove everything - Trac Ticket #169 - allow 389 to use db5 - bc78101 fix compiler warning in acct policy plugin - Trac Ticket #84 - 389 Directory Server Unnecessary Checkpoints - Trac Ticket #27 - SASL/PLAIN binds do not work - Ticket #129 - Should only update modifyTimestamp/modifiersName on MODIFYops - Ticket #17 - new replication optimizations- Ticket #46 - (revised) setup-ds-admin.pl does not like ipv6 only hostnames - Ticket #66 - 389-ds-base spec file does not have a BuildRequires on gcc-c++- Ticket #46 - setup-ds-admin.pl does not like ipv6 only hostnames- get rid of posttrans - move update code to post- Ticket #305 - Certain CMP operations hang or cause ns-slapd to crash- b05139b memleak in normalize_mods2bvals - c0eea24 memleak in mep_parse_config_entry - 90bc9eb handle null smods - Ticket #305 - Certain CMP operations hang or cause ns-slapd to crash - Ticket #306 - void function cannot return value - ticket 304 - Fix kernel version checking in dsktune- Trac Ticket #298 - crash when replicating orphaned tombstone entry - Ticket #281 - TLS not working with latest openldap - Trac Ticket #290 - server hangs during shutdown if betxn pre/post op fails - Trac Ticket #26 - Please support setting defaultNamingContext in the rootdse- Ticket #124 - add Provides: ldif2ldbm to rpm- Ticket #294 - 389 DS Segfaults during replica install in FreeIPA- Ticket 284 - Remove unnecessary SNMP MIB files - Ticket 51 - memory leaks in 389-ds-base-1.2.8.2-1.el5? - Ticket 175 - logconv.pl improvements- Introducing use_db4 macro to support db5 (libdb).- Rebuild against PCRE 8.30- ad9dd30 coverity 12488 Resource leak In attr_index_config(): Leak of memory or pointers to system resources - Ticket #281 - TLS not working with latest openldap - Ticket #280 - extensible binary filters do not work - Ticket #279 - filter normalization does not use matching rules - Trac Ticket #275 - Invalid read reported by valgrind - Ticket #277 - cannot set repl referrals or state - Ticket #278 - Schema replication update failed: Invalid syntax - Ticket #39 - Account Policy Plugin does not work for simple binds when PAM Pass Through Auth plugin is enabled - Ticket #13 - slapd process exits when put the database on read only mode while updates are coming to the server - Ticket #87 - Manpages fixes - c493fb4 fix a couple of minor coverity issues - Ticket #55 - Limit of 1024 characters for nsMatchingRule - Trac Ticket #274 - Reindexing entryrdn fails if ancestors are also tombstoned - Ticket #6 - protocol error from proxied auth operation - Ticket #38 - nisDomain schema is incorrect - Ticket #273 - ruv tombstone searches don't work after reindex entryrdn - Ticket #29 - Samba3-schema is missing sambaTrustedDomainPassword - Ticket #22 - RFE: Support sendmail LDAP routing schema - Ticket #161 - Review and address latest Coverity issues - Ticket #140 - incorrect memset parameters - Trac Ticket 35 - Log not clear enough on schema errors - Trac Ticket 139 - eliminate the use of char *dn in favor of Slapi_DN *dn - Trac Ticket #52 - FQDN set to nsslapd-listenhost makes the server start fail if IPv4-mapped-IPv6 address is given- Ticket #272 - add tombstonenumsubordinates to schema- fixes for systemd - remove .pid files after shutting down servers - Ticket #263 - add systemd include directive - Ticket #264 - upgrade needs better check for "server is running"- Ticket #262 - pid file not removed with systemd - Ticket #50 - server should not call a plugin after the plugin close function is called - Ticket #18 - Data inconsitency during replication - Ticket #49 - better handling for server shutdown while long running tasks are active - Ticket #15 - Get rid of rwlock.h/rwlock.c and just use slapi_rwlock instead - Ticket #257 - repl-monitor doesn't work if leftmost hostnames are the same - Ticket #12 - 389 DS DNA Plugin / Replication failing on GSSAPI - 6aaeb77 add a hack to disable sasl hostname canonicalization - Ticket 168 - minssf should not apply to rootdse - Ticket #177 - logconv.pl doesn't detect restarts - Ticket #159 - Managed Entry Plugin runs against managed entries upon any update without validating - Ticket 75 - Unconfigure plugin opperations are being called. - Ticket 26 - Please support setting defaultNamingContext in the rootdse. - Ticket #71 - unable to delete managed entry config - Ticket #167 - Mixing transaction and non-transaction plugins can cause deadlock - Ticket #256 - debug build assertion in ACL_EvalDestroy() - Ticket #4 - bak2db gets stuck in infinite loop - Ticket #162 - Infinite loop / spin inside strcmpi_fast, acl_read_access_allowed_on_attr, server DoS - Ticket #3: acl cache overflown problem - Ticket 1 - pre-normalize filter and pre-compile substring regex - and other optimizations - Ticket 2 - If node entries are tombstone'd, subordinate entries fail to get the full DN.- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Bug 755725 - 389 programs linked against openldap crash during shutdown - Bug 755754 - Unable to start dirsrv service using systemd - Bug 745259 - Incorrect entryUSN index under high load in replicated environment - d439e3a use slapi_hexchar2int and slapi_str_to_u8 everywhere - 5910551 csn_init_as_string should not use sscanf - b53ba00 reduce calls to csn_as_string and slapi_log_error - c897267 fix member variable name error in slapi_uniqueIDFormat - 66808e5 uniqueid formatting - use slapi_u8_to_hex instead of sprintf - 580a875 csn_as_string - use slapi_uN_to_hex instead of sprintf - Bug 751645 - crash when simple paged fails to send entry to client - Bug 752155 - Use restorecon after creating init script lock file- Bug 751495 - 'setup-ds.pl -u' fails with undefined routine 'updateSystemD' - Bug 750625 750624 750622 744946 Coverity issues - Bug 748575 - part 2 - rhds81 modrdn operation and 100% cpu use in replication - Bug 748575 - rhds81 modrn operation and 100% cpu use in replication - Bug 745259 - Incorrect entryUSN index under high load in replicated environment - f639711 Reduce the number of DN normalization - c06a8fa Keep unhashed password psuedo-attribute in the adding entry - Bug 744945 - nsslapd-counters attribute value cannot be set to "off" - 8d3b921 Use new PLUGIN_CONFIG_ENTRY feature to allow switching between txn and regular - d316a67 Change referential integrity to be a betxnpostoperation plugin- Bug 741744 - part3 - MOD operations with chained delete/add get back error 53 - 1d2f5a0 make memberof transaction aware and able to be a betxnpostoperation plug in - b6d3ba7 pass the plugin config entry to the plugin init function - 28f7bfb set the ENTRY_POST_OP for modrdn betxnpostoperation plugins - Bug 743966 - Compiler warnings in account usability plugin- 498c42b fix transaction support in ldbm_delete- Bug 740942 - allow resource limits to be set for paged searches independently of limits for other searches/operations - Bug 741744 - MOD operations with chained delete/add get back error 53 on backend config - Bug 742324 - allow nsslapd-idlistscanlimit to be set dynamically and per-user- Bug 695736 - Providing native systemd file- corrected source- Bug 735114 - renaming a managed entry does not update mepmanagedby- Bug 735121 - simple paged search + ip/dns based ACI hangs server - Bug 722292 - (cov#11030) Leak of mapped_sdn in winsync rename code - Bug 703990 - cross-platform - Support upgrade from Red Hat Directory Server - Introducing an environment variable USE_VALGRIND to clean up the entry cache and dn cache on exit.- Bug 732153 - subtree and user account lockout policies implemented? - Bug 722292 - Entries in DS are not updated properly when using WinSync API- Bug 733103 - large targetattr list with syntax errors cause server to crash or hang - Bug 633803 - passwordisglobalpolicy attribute brakes TLS chaining - Bug 732541 - Ignore error 32 when adding automember config - Bug 728592 - Allow ns-slapd to start with an invalid server cert- Bug 728510 - Run dirsync after sending updates to AD - Bug 729717 - Fatal error messages when syncing deletes from AD - Bug 729369 - upgrade DB to upgrade from entrydn to entryrdn format is not working. - Bug 729378 - delete user subtree container in AD + modify password in DS == DS crash - Bug 723937 - Slapi_Counter API broken on 32-bit F15 - fixed again - separate tests for atomic ops and atomic bool cas- Bug 727511 - ldclt SSL search requests are failing with "illegal error number -1" error - Fix another coverity NULL deref in previous patch- Bug 727511 - ldclt SSL search requests are failing with "illegal error number -1" error - Fix coverity NULL deref in previous patch- Bug 727511 - ldclt SSL search requests are failing with "illegal error number -1" error - previous patch broke build on el5- Bug 727511 - ldclt SSL search requests are failing with "illegal error number -1" error- Bug 723937 - Slapi_Counter API broken on 32-bit F15 - fixed to use configure test for GCC provided 64-bit atomic functions- Bug 663752 - Cert renewal for attrcrypt and encchangelog - this was "re-fixed" due to a deadlock condition with cl2ldif task cancel - Bug 725953 - Winsync: DS entries fail to sync to AD, if the User's CN entry contains a comma - Bug 725743 - Make memberOf use PRMonitor for it's operation lock - Bug 725542 - Instance upgrade fails when upgrading 389-ds-base package - Bug 723937 - Slapi_Counter API broken on 32-bit F15- Perl mass rebuild- Perl mass rebuild- Bug 720059 - RDN with % can cause crashes or missing entries - Bug 709468 - RSA Authentication Server timeouts when using simple paged results on RHDS 8.2. - Bug 691313 - Need TLS/SSL error messages in repl status and errors log - Bug 712855 - Directory Server 8.2 logs "Netscape Portable Runtime error -5961 (TCP connection reset by peer.)" to error log whereas Directory Server 8.1 did not - Bug 713209 - Update sudo schema - Bug 719069 - clean up compiler warnings in 389-ds-base 1.2.9 - Bug 718303 - Intensive updates on masters could break the consumer's cache - Bug 711679 - unresponsive LDAP service when deleting vlv on replica- 389-ds-base-1.2.9.a2 - look for separate openldap ldif library - Split automember regex rules into separate entries - writing Inf file shows SchemaFile = ARRAY(0xhexnum) - add support for ldif files with changetype: add - Bug 716980 - winsync uses old AD entry if new one not found - Bug 697694 - rhds82 - incr update state stop_fatal_error "requires administrator action", with extop_result: 9 - bump console version to 1.2.6 - Bug 711679 - unresponsive LDAP service when deleting vlv on replica - Bug 703703 - setup-ds-admin.pl asks for legal agreement to a non-existant file - Bug 706209 - LEGAL: RHEL6.1 License issue for 389-ds-base package - Bug 663752 - Cert renewal for attrcrypt and encchangelog - Bug 706179 - DS can not restart after create a new objectClass has entryusn attribute - Bug 711906 - ns-slapd segfaults using suffix referrals - Bug 707384 - only allow FIPS approved cipher suites in FIPS mode - Bug 710377 - Import with chain-on-update crashes ns-slapd - Bug 709826 - Memory leak: when extra referrals configured- Perl mass rebuild- Perl 5.14 mass rebuild- 389-ds-base-1.2.9.a1 - Auto Membership - More Coverity fixes- 389-ds-base-1.2.8.3 - Bug 700145 - userpasswd not replicating - Bug 700557 - Linked attrs callbacks access free'd pointers after close - Bug 694336 - Group sync hangs Windows initial Sync - Bug 700215 - ldclt core dumps - Bug 695779 - windows sync can lose old values when a new value is added - Bug 697027 - 12 - minor memory leaks found by Valgrind + TET- 389-ds-base-1.2.8.2 - Bug 696407 - If an entry with a mixed case RDN is turned to be - a tombstone, it fails to assemble DN from entryrdn- 389-ds-base-1.2.8.1 - Bug 693962 - Full replica push loses some entries with multi-valued RDNs- 389-ds-base-1.2.8.0 - Bug 693473 - rhds82 rfe - windows_tot_run to log Sizelimit exceeded instead of LDAP error - -1 - Bug 692991 - rhds82 - windows_tot_run: failed to obtain data to send to the consumer; LDAP error - -1 - Bug 693466 - Unable to change schema online - Bug 693503 - matching rules do not inherit from superior attribute type - Bug 693455 - nsMatchingRule does not work with multiple values - Bug 693451 - cannot use localized matching rules - Bug 692331 - Segfault on index update during full replication push on 1.2.7.5- 389-ds-base-1.2.8.rc5 - Bug 692469 - Replica install fails after step for "enable GSSAPI for replication"- 389-ds-base-1.2.8.rc4 - Bug 668385 - DS pipe log script is executed as many times as the dirsrv serv ice is restarted - 389-ds-base-1.2.8.rc3 - Bug 690955 - Mrclone fails due to the replica generation id mismatch- 389-ds-base-1.2.8 release candidate 2 - git tag 389-ds-base-1.2.8.rc2 - Bug 689537 - (cov#10610) Fix Coverity NULL pointer dereferences - Bug 689866 - ns-newpwpolicy.pl needs to use the new DN format - Bug 681015 - RFE: allow fine grained password policy duration attributes - in days, hours, minutes, as well - Bug 684996 - Exported tombstone cannot be imported correctly - Bug 683250 - slapd crashing when traffic replayed - Bug 668909 - Can't modify replication agreement in some cases - Bug 504803 - Allow maxlogsize to be set if logmaxdiskspace is -1 - Bug 644784 - Memory leak in "testbind.c" plugin - Bug 680558 - Winsync plugin fails to restrain itself to the configured subtree- rebuild for icu 4.6- 389-ds-base-1.2.8 release candidate 1 - git tag 389-ds-base-1.2.8.rc1 - Bug 518890 - setup-ds-admin.pl - improve hostname validation - Bug 681015 - RFE: allow fine grained password policy duration attributes in - days, hours, minutes, as well - Bug 514190 - setup-ds-admin.pl --debug does not log to file - Bug 680555 - ns-slapd segfaults if I have more than 100 DBs - Bug 681345 - setup-ds.pl should set SuiteSpotGroup automatically - Bug 674852 - crash in ldap-agent when using OpenLDAP - Bug 679978 - modifying attr value crashes the server, which is supposed to - be indexed as substring type, but has octetstring syntax - Bug 676655 - winsync stops working after server restart - Bug 677705 - ds-logpipe.py script is failing to validate "-s" and - "--serverpid" options with "-t". - Bug 625424 - repl-monitor.pl doesn't work in hub node- Bug 676598 - 389-ds-base multilib: file conflicts - split off libs into a separate -libs package- do not create /var/run/dirsrv - setup will create it instead - remove the fedora-ds initscript upgrade stuff - we do not support that anymore - convert the remaining lua stuff to plain old shell script- 1.2.8.a3 release - git tag 389-ds-base-1.2.8.a3 - Bug 675320 - empty modify operation with repl on or lastmod off will crash server - Bug 675265 - preventryusn gets added to entries on a failed delete - Bug 677774 - added support for tmpfiles.d - Bug 666076 - dirsrv crash (1.2.7.5) with multiple simple paged result search es - Bug 672468 - Don't use empty path elements in LD_LIBRARY_PATH - Bug 671199 - Don't allow other to write to rundir - Bug 678646 - Ignore tombstone operations in managed entry plug-in - Bug 676053 - export task followed by import task causes cache assertion - Bug 677440 - clean up compiler warnings in 389-ds-base 1.2.8 - Bug 675113 - ns-slapd core dump in windows_tot_run if oneway sync is used - Bug 676689 - crash while adding a new user to be synced to windows - Bug 604881 - admin server log files have incorrect permissions/ownerships - Bug 668385 - DS pipe log script is executed as many times as the dirsrv serv ice is restarted - Bug 675853 - dirsrv crash segfault in need_new_pw()- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- 1.2.8.a2 release - git tag 389-ds-base-1.2.8.a2 - Bug 674430 - Improve error messages for attribute uniqueness - Bug 616213 - insufficient stack size for HP-UX on PA-RISC - Bug 615052 - intrinsics and 64-bit atomics code fails to compile - on PA-RISC - Bug 151705 - Need to update Console Cipher Preferences with new ciphers - Bug 668862 - init scripts return wrong error code - Bug 670616 - Allow SSF to be set for local (ldapi) connections - Bug 667935 - DS pipe log script's logregex.py plugin is not redirecting the - log output to the text file - Bug 668619 - slapd stops responding - Bug 624547 - attrcrypt should query the given slot/token for - supported ciphers - Bug 646381 - Faulty password for nsmultiplexorcredentials does not give any - error message in logs- 1.2.8-0.1.a1 release - git tag 389-ds-base-1.2.8.a1 - many bug fixes- 1.2.7.5 release - git tag 389-ds-base-1.2.7.5 - Bug 663597 - Memory leaks in normalization code- Resolves: bug 656541 - use %ghost on files in /var/lock- 1.2.7.4 release - git tag 389-ds-base-1.2.7.4 - Bug 661792 - Valid managed entry config rejected- 1.2.7.3 release - git tag 389-ds-base-1.2.7.3 - Bug 658312 - Invalid free in Managed Entry plug-in - Bug 641944 - Don't normalize non-DN RDN values- 1.2.7.2 release - git tag 389-ds-base-1.2.7.2 - Bug 659456 - Incorrect usage of ber_printf() in winsync code - Bug 658309 - Process escaped characters in managed entry mappings - Bug 197886 - Initialize return value for UUID generation code - Bug 658312 - Allow mapped attribute types to be quoted - Bug 197886 - Avoid overflow of UUID generator- last commit had bogus commit log- 1.2.7.1 release - git tag 389-ds-base-1.2.7.1 - Bug 656515 - Allow Name and Optional UID syntax for grouping attributes - Bug 656392 - Remove calls to ber_err_print() - Bug 625950 - hash nsslapd-rootpw changes in audit log- 1.2.7 release - git tag 389-ds-base-1.2.7- Bug 648949 - Merge dirsrv and dirsrv-admin policy modules into base policy- 1.2.7.a5 release - git tag 389-ds-base-1.2.7.a5 - Bug 643979 - Strange byte sequence for attribute with no values (nsslapd-ref erral) - Bug 635009 - Add one-way AD sync capability - Bug 572018 - Upgrading from 1.2.5 to 1.2.6.a2 deletes userRoot - put replication config entries in separate file - Bug 567282 - server can not abandon searchRequest of "simple paged results" - Bug 329751 - "nested" filtered roles searches candidates more than needed - Bug 521088 - DNA should check ACLs before getting a value from the range- 1.2.7.a4 release - git tag 389-ds-base-1.2.7.a4 - Bug 647932 - multiple memberOf configuration adding memberOf where there is no member - Bug 491733 - dbtest crashes - Bug 606545 - core schema should include numSubordinates - Bug 638773 - permissions too loose on pid and lock files - Bug 189985 - Improve attribute uniqueness error message - Bug 619623 - attr-unique-plugin ignores requiredObjectClass on modrdn operat ions - Bug 619633 - Make attribute uniqueness obey requiredObjectClass- 1.2.7.a3 release - a2 was never released - this is a rebuild to pick up - Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIs - Adding the ancestorid fix code to ##upgradednformat.pl.- 1.2.7.a3 release - a2 was never released - Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIs - Bug 629681 - Retro Changelog trimming does not behave as expected - Bug 645061 - Upgrade: 06inetorgperson.ldif and 05rfc4524.ldif - are not upgraded in the server instance schema dir- 1.2.7.a2 release - a1 was the OpenLDAP testday release - git tag 389-ds-base-1.2.7.a2 - added openldap support on platforms that use openldap with moznss - for crypto (F-14 and later) - many bug fixes - Account Policy Plugin (keep track of last login, disable old accounts)- added openldap support- bump rel to rebuild again- bump rel to rebuild- This is the 1.2.6.1 release - git tag 389-ds-base-1.2.6.1 - Bug 634561 - Server crushes when using Windows Sync Agreement - Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self - Bug 612264 - ACI issue with (targetattr='userPassword') - Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager" - Bug 631862 - crash - delete entries not in cache + referint- This is the final 1.2.6 release- 1.2.6 release candidate 7 - git tag 389-ds-base-1.2.6.rc7 - Bug 621928 - Unable to enable replica (rdn problem?) on 1.2.6 rc6- 1.2.6 release candidate 6 - git tag 389-ds-base-1.2.6.rc6 - Bug 617013 - repl-monitor.pl use cpu upto 90% - Bug 616618 - 389 v1.2.5 accepts 2 identical entries with different DN formats - Bug 547503 - replication broken again, with 389 MMR replication and TCP errors - Bug 613833 - Allow dirsrv_t to bind to rpc ports - Bug 612242 - membership change on DS does not show on AD - Bug 617629 - Missing aliases in new schema files - Bug 619595 - Upgrading sub suffix under non-normalized suffix disappears - Bug 616608 - SIGBUS in RDN index reads on platforms with strict alignments - Bug 617862 - Replication: Unable to delete tombstone errors - Bug 594745 - Get rid of dirsrv_lib_t label- make selinux-devel explicit Require the base package in order - to comply with Fedora Licensing Guidelines- 1.2.6 release candidate 3 - git tag 389-ds-base-1.2.6.rc3 - Bug 603942 - null deref in _ger_parse_control() for subjectdn - 609256 - Selinux: pwdhash fails if called via Admin Server CGI - 578296 - Attribute type entrydn needs to be added when subtree rename switch is on - 605827 - In-place upgrade: upgrade dn format should not run in setup-ds-admin.pl - Bug 604453 - SASL Stress and Server crash: Program quits with the assertion failure in PR_Poll - Bug 604453 - SASL Stress and Server crash: Program quits with the assertion failure in PR_Poll - 606920 - anonymous resource limit - nstimelimit - also applied to "cn=directory manager"- 1.2.6 release candidate 2- install replication session plugin header with devel package- 1.2.6 release candidate 1- Mass rebuild with perl-5.12.0- 1.2.6.a4 release- 1.2.6.a3 release - add managed entries plug-in - many bug fixes - moved selinux subpackage into base package- rebuild for icu 4.4- 1.2.6.a2 release - add support for matching rules - many bug fixes- 1.2.6.a1 release - Added SELinux policy and subpackages- 1.2.5 final release- 1.2.5.rc4 release- 1.2.5.rc3 release- 1.2.5.rc2 release- 1.2.5.rc1 release- 1.2.5.a1 release- 1.2.4 release - resolves bug 221905 - added support for Salted MD5 (SMD5) passwords - primarily for migration - resolves bug 529258 - Make upgrade remove obsolete schema from 99user.ldif- 1.2.3 release - added template-initconfig to %files - %posttrans now runs update to update the server instances - servers are shutdown, then restarted if running before install - scriptlets mostly use lua now to pass data among scriptlet phases- rebuild with new openssl to fix dependencies- backed out - added template-initconfig to %files - this change is for the next major release - bump version to 1.2.2 - fix reopened 509472 db2index all does not reindex all the db backends correctly - fix 518520 - pre hashed salted passwords do not work - see https://bugzilla.redhat.com/show_bug.cgi?id=518519 for the list of - bugs fixed in 1.2.2- rebuilt with new openssl- added template-initconfig to %files- added BuildRequires pcre- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- change name to 389 - change version to 1.2.1 - added initial support for numeric string syntax - added initial support for syntax validation - added initial support for paged results including sorting- final release 1.2.0 - Resolves: bug 475338 - LOG: the intenal type of maxlogsize, maxdiskspace and minfreespace should be 64-bit integer - Resolves: bug 496836 - SNMP ldap-agent on Solaris: Unable to open semaphore for server: 389 - CVS tag: FedoraDirSvr_1_2_0 FedoraDirSvr_1_2_0_20090428- re-enable ppc builds- exclude ppc builds - needs extensive porting work- new release 1.2.0 - Made devel package depend on mozldap-devel - only create run dir if it does not exist - CVS tag: FedoraDirSvr_1_2_0_RC1 FedoraDirSvr_1_2_0_RC1_20090330- added db4-utils to Requires for verify-db.pl- Enabled LDAPI autobind- updated update to patch bug463991-bdb47.patch- updated patch bug463991-bdb47.patch- added patch bug463991-bdb47.patch - make ds work with bdb 4.7- rolled back bogus winsync memory leak fix- winsync api improvements for modify operations- This is the 1.1.2 release. The bugs fixed can be found here - https://bugzilla.redhat.com/showdependencytree.cgi?id=452721 - Added winsync-plugin.h to the devel subpackage- bump rev to rebuild and pick up new version of ICU- 1.1.1 release candidate - several bug fixes- fix bugzilla 439829 - patch to allow working with NSS 3.11.99 and later- add patch to allow server to work with NSS 3.11.99 and later - do NSS_Init after fork but before detaching from console- add Requires for versioned perl (libperl.so)- previous fix for 434403 used the wrong patch - this is the right one- Resolves bug 434403 - GCC 4.3 build fails - Rolled new source tarball which includes Nathan's fix for the struct ucred - NOTE: Change version back to 1.1.1 for next release - this release was pulled from CVS tag FedoraDirSvr110_gcc43- Autorebuild for GCC 4.3- This is the GA release of Fedora DS 1.1 - Removed version numbers for BuildRequires and Requires - Added full URL to source tarball- Rebuild for deps- This is the beta2 release - new file added to package - /etc/sysconfig/dirsrv - for setting - daemon environment as is usual in other linux daemons- fix build breakage due to open() - mock could not find BuildRequires: db4-devel >= 4.2.52 - mock works if >= version is removed - it correctly finds db4.6- Change pathnames to use the pkgname macro which is dirsrv - get rid of cvsdate in source name- Added Requires for perldap, cyrus sasl plugins - Removed template-migrate* files - Added perl module directory - Removed install.inf - setup-ds.pl can now easily generate one- added requires for mozldap-tools- update to latest sources - added migrateTo11 to allow migrating instances from 1.0.x to 1.1 - ldapi support - fixed pam passthru plugin ENTRY method- Renamed package to fedora-ds-base, but keep names of paths/files/services the same - use the shortname macro (fedora-ds) for names of paths, files, and services instead - of name, so that way we can continue to use e.g. /etc/fedora-ds instead of /etc/fedora-ds-base - updated to latest sources- More cleanup suggested by Dennis Gilmore - This is the fedora extras candidate based on cvs tag FedoraDirSvr110a1- latest sources - added init scripts - use /etc as instconfigdir- latest sources - moved all executables to _bindir- latest sources - added /var/tmp/fedora-ds to dirs- added logconv.pl - added slapi-plugin.h to devel package - added explicit dirs for /var/log/fedora-ds et. al.- just move all .so files into the base package from the devel package- Move the plugin *.so files into the main package instead of the devel - package because they are loaded directly by name via dlopen- Move the script-templates directory to datadir/fedora-ds- change mozldap to mozldap6- remove . from cvsdate define- Having a problem building in Brew - may be Release format- Changed version to 1.1.0 and added Release 1.el4.cvs20070119 - merged in changes from Fedora Extras candidate spec file- Bump component versions (nspr, nss, svrcore, mozldap) to their latest - remove unneeded patches- update to a cvs snapshot - fedorafy the spec - create -devel subpackage - apply a patch to use mozldap not mozldap6 - apply a patch to allow --prefix to work correctly- Fixed the problem where the server would crash upon shutdown in dblayer - due to a race condition among the database housekeeping threads - Fix a problem with normalized absolute paths for db directories- Touch all of the ldap/admin/src/scripts/*.in files so that they - will be newer than their corresponding script template files, so - that make will rebuild them.- Chown new schema files when copying during instance creation- Configure will get ldapsdk_bindir from pkg-config, or $libdir/mozldap6- use eval to sed ./configure into ../configure- jump through hoops to be able to run ../configure- Need to make built dir in setup section- The template scripts needed to use @libdir@ instead of hardcoding - /usr/lib - Use make DESTDIR=$RPM_BUILD_ROOT install instead of % makeinstall - do the actual build in a "built" subdirectory, until we remove - the old script templates- Make replication plugin link with libdb- Have make define LIBDIR, BINDIR, etc. for C code to use - especially for create_instance.h- Forgot to checkin new config.h.in for AC_CONFIG_HEADERS- Add perldap as a Requires; update sources- Fix ds_newinst.pl - Remove obsolete #defines- Update sources; rebuild to populate brew yum repo with dirsec-nss- Update sources- initial revision 1.3.8.4-25.1.el7_61.3.8.4-25.1.el7_6dirsrvlibldaputil.so.0libldaputil.so.0.0.0libns-dshttpd-1.3.8.4.solibnunc-stans.so.0libnunc-stans.so.0.1.0libsds.so.0libsds.so.0.0.0libslapd.so.0libslapd.so.0.1.0389-ds-base-libs-1.3.8.4LICENSELICENSE.GPLv3+LICENSE.opensslREADME.devel/usr/lib64//usr/lib64/dirsrv//usr/share/doc//usr/share/doc/389-ds-base-libs-1.3.8.4/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnudirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=f6173d8e45dd9ccb7c5ec4eedc7258cd53d9462e, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=8f48c8d1c8a6a4b3169d246ae4fbcfadb8b13b01, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ddc29c5a90ba9b916d5afa6d7123d1a0b78c6692, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e9a8beb3769d6dc0fcc8783f697980e8440dd3ea, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=2efd865bd635008161ab4f7b3a94b1b06180dc63, strippedASCII text +8D ! *PRRRRRR.R RR2PRR!RRRRRR$R,RR R RR R-R#RR.RRR"R%RRRRR R+RRR R2PRRRR R#R.RRRR RR2PRRRRR.RRRR RR2PR)R*R'R(R&R!RRRRRRRRRRRRRRRRRR"R,R%RRR R RR R-R#R.RRRR RR2?7zXZ !#,B]"k%=c7B♶6? z,3CWuaFڶ H0цsbt^8p_mg*=6TYBw?{A\5xJ6=ݓwK(gucՙ- 0p(=vW{;i "zּCҘRuOKpcKxZvR A䜎"Ր[_mnt (~PkDtjUTA#!̷Btϝgҗ SɢU5L6IZn=">MLgRƗ$PYbx"6ŗrӧze 9-jbIbK#EoF) C{?E?1XBYpWT 9v\.Pݯ,*@O܇1UNo&+C#ÀLVr\,}*˸vQz Iߎ]C}t=0vV8Ef0ʱ!QXU)0vl5dx/kApCH=:M*eK;_aOu\Qrh;tU"8^jtYQ"( b3cL7½pń|ʝ ]ӍQmT{5OSzRxoC=ZYm"Y(lR=%IvOiV\1(ПV`|eK̓;ƻS2#& [g4 jBl1 fqH/!9yXwqzI˚1u,F"x3<Mu2*7>>V>D i~ͯY)vTPbzcEJp |Qe9ʨujĻ4[y(7vl|~dxV2&rW, J-nz;q9HCRN>M?b߾@ajkW.]Nm;<- 塀Ch,ᣃNQI$(l1-Bl NzQgeԨVpz3 Wװ)^Gr~g:uҨۤb~m"h[juvXZc\儈G&=T$Ҽ+Rprru좆X? L:uIˑCw?9L+":[^*’u`ap uCk]x@nc p)h TMr8r%[m=`NBA'٨x;0{,) h-WV$\baYӀ)/AGa nքm#pZ8h|C>4"hnm+>M{{LP7,|q\$n?t2q)V51 P9*PY#=]vme;/A({#P=eGP)9#<7֪P'(>#%E:=#%byhz+/qUOVcdZ= y#_GyVAfaȞl# #pyP%A当]]Rb&j  .1r<-zVAsd/_гj6XX: ,L} u o:>lAl=i5q&PYFCjyS4ᨷUo&xtD? ߬$pj 4#?wi:[[GV0?Nw,zK6idعʘ-d8deF}U|`)4q3 f߃7<І>k,?-]`;|+<[~RA31;u*6eMMHp?mWpId;ѽ=4AV߱|3Uktu9tE|$Ujk-}gwGC  ʳrRA ul@nppm~y.37/U :ﱘZX261q>8FTf>J{W ~f8 CKwF>ۅn?"r1WLw#/cXD9SųjS4)B (),wf "Z%/#S?I,c3AuTy]&Y9BQpahL~G`3V,{P0m*^?F@I8?| ;>%]k]wT!~),}b)8VB8_\Im1c "n\Ji|ڴ.X /HcitF`"Sn| Q݇Z 듊ΪX4 dq1fI|sa~>:dȐIV.u ._e 72J0]]S8WgI 8`FA k{['3/@/Y]xS,4ZAH],L~}JcWz[6߯Z^4eO jXISWm}Nxx}! Iq>yKp݅j?u8>Gş!(tx=1$V[@s%GZRhL"zV'~QoA@aG%HHbUPhW<7_UOm3,hY@!32i^֜Ơ aϡ>!I9 ;c^Et|wd, mc>_fVD7(G)6OHpc= ~jՏxI_fԓܿi")Է')1^DDf'(-@]6cw`5-qdH6ܖΝ).1'E;bMcXYj53M]]Dӵ_b? ۬ Z8}P>h, :ِ_j ͳ5+p5 T!݋,/vnL}v8b =tv+ ddtTzaB7R<5="4W2][ H I-"F$c[#"~ ihpqDn|O譿3 I] O_x?,WjQRBdXIG@"/XǓ|Ter<\puGJܲ/ ՞]+G%u\gt&;ʛXד+9P4  #7$ $2kmQ v2ߍ /+t3v~p9ٹT 2)5H]wL,Ksa!Lj~itIQ%*]~Sk;|-k[V>%7n 'evDl s0!ġ[̂!au:*K (0/׷tlH)xdظΠ:,Z˂m?gHsM=%0t/%r OOkf!u5W>,ʕR)gW+A8᭵FZj%o^T䧝e*ml:*o%Z|uhC00*N5U)W&8vK`L!S@7E Ujq&d8+6^X>X%4ZdHŃ^B:dj&z̥v@DGgjyW 1nF/)) FKޙq@G2nA5~,6c&cNWB)ঙ92qp[oRKh&7 4dy;qޢʼn;v~]17:ue+MSذqr'鴘8mM$-\ʠcu֍QOXLHKӾz\ƘvۿGG1WpFGOb[dWŒrd{!{{.Ud52ڍ+0o>T"}'HFyΘ7|]C}V\gk.H^0)7!rVbuVk`@7Q/D["ſ^[DuGόl7=O2Uj2{!ˀCWAt-dR\$Oe&pYMjWh:75mFuu F 7nFim]o?IGvYg*H!\Whw,Tj#K/NOsAgscg9aǖD$Tb$rG2Xi5y~MwC_ghPhf۩E)DpW?ю}6Wݙr~YGU(hz]&Wtxm.V{[\f+F3xD;rW>Mb ?v-z4QvfY.(YҷqDZĉZJ5FϐY- ١WO+H1}V_ BKṽ2UPbyƤq QdQvR46p$N[†GGT΋Q+_2Nj[Ӹf^j6o1MJm؀gCTz@Kr#Z`㽓n[yxʊj9"G7]!wAƶ泌ڰu˓7Ž.on HSq[e+ l^ =w+mo9 3"v @I=d;MbFL%tI YX V(Jk&ZLR>çp<ΈஙT"!EXY:SnvU1 uԮjw\b @7 U3 ^s8ٮsGjsʲ"DXNk OQUG(>@o0m;.ĭ # j G8[uiM ɵYc{)]أzqPQȓe0~1kZK1Q/1mІI|cfn3Qe`"@{ġ;inGK ˎL4IOwUCC4㗁/#}!박6֍Jഒ{q~(SrTߑZ0ԏl p`C;Ilf"~a ;2#?+6ytȷ5L0o٘&V]= ̃Z?[8W~F:@#2mtɦ J歏DxU(E˺n$DIFͨ)}$d亘*7\$b[bӸ4Rx0~=+D.aVGV/8%# euRMݱO$Qߕsκ~e6PW[mj<9덥sB$~0|QT+E5wLbU-^e9>0Ne@{Vg>ODHxoz[=hЇ9\" p:Vg9"9㊐ɿ$:v=+;~[0zx?Vՠ.tc vCm YY}}7sqLQq'pl[bN nqa=[4@eEqա7 2˔CNT)$_,+E5Pר/L9%J4PO*]ZhGt`M{Қj8$ ι g?,aJX5sŇ,/h4ʨ ?ծqꉈ >x_N1.eY^-Mާq*JN޶χjEɗ_'N@ b+ ujIͳ:"(% xRcXm;9bwFUrxdwTWLbgѨx'[^%SYVקe qf v 64#HIj$./R;:{dܫ(%)@ڻ"ɸE!5$!cBdE*ckӬ$GhiΔ$rM ϡt^#I0@BT ۚU̸M4"47P*34ZyGqe0M~_OmѨak$ ÛSB뮊&ܚrUȼ+o{␉p ԍaSk*\ҽF/'I@S#roJU8z&!JFN^ I1W&a%QFcMVkuWhWdJH F嗋l<K-ޑ6#s_cț8Um.$x6.29GknlY޾CB">;|601Hm7pdXpKN>'ҔiN1 U!iѹNJU4dE ^ Xʰ" ۖȸ]dV& fW5%0JX32//!0p{lgˠǥiyO^Yub%qA]CM.nMM$4&]qT ֦&mt<8Ñs̏]#3(M~4-=җvV!Cet6ѫ(<}{ ^WM4, pH=u8O+&Mz=["pPNޅ?R0Q{:rKfאd$g^tcc?Gvl -\Gjq\4?p!8T "+9X=s:|zi[XhƧL?%c܏1/t_?uk}usdAlnlc;@{Nj0 *a_ݬdO.](䘖R-n¥!WjA@@Jz>わgu~u)5ZKU%УYHf˾/?؂PQ71!!R-W} PpLuS,Vǩ+Qku7}}ˀ٘ 5A\«$y?T0e=EHHYC b1k y/ЕrDIk#SſlmL><{\i̙5_pf@Eg*M88;T_RĀ(v\3# qBmc(>ta d7.Њg&ھzMzNdJf<'1hW~>] m |w ^D-Z %sP D. 5GVZDvB>,3qj6w?>QIO&\O Caa"H{l^ظU)u0W#dl; H-譞q/ސXPAڧ=aѓբ#hyjkֻ4r6B؊1- a=yhʔ0L<#XR.QeP|63Mu޸ Y>$@tX4(j lX˱S~VET| }e>EY]fW8' kw,"V#d]REYOX_hP6GOt3ڵB|dVx%&*PMX%kBL36}R[\>զ?FWKrUf"^HjIAMQk8$dy3}:⇑qK)`捦]EUypukqS*Oy6[s^$p0$~q>`>Aѯx%90D&JX2I%.')͎}X're\;7;:k[<k&F97ܩU!&[$ư`Ui}q}(3˸?y"0f$N#Aq ^b[~3Q<;y_ NmE5Gj$B:R0rP8TuT-)R{ 6'ܪekMn)f/條.2JzR BMXC͍mfO~ '[pO~v*Jvy3`,YDNAA;CX^pUhĐj2'k=bt_bZ[E8$d?YmjK{S_suZv\Oizзo-AեPJ$ܱP}gj@Q'>`3@j8:wWsD>xhnH߆SS.`IcQh6-K̶w2_ERO$%QPQD{lNcÄ'>7 ( O|5t!j6f>CzM`Qr;cN&*(V00>èlH<p(I Ѫ|thx˷*e䀄HTQ|b]zc ÚE[C4#(2-.:ux.g@ۡ1G.(ÅL&x=η>E9ٔʆXdkm.xSNoAY_Ip (~&p>Р n/6w"2X:ҒZO8g!9߁0 b#ȩB j՟XS )]}q@`D  ^'ԟ;HP=gjUE x% X>):3P6y RCmD"p.|4+F8g%uAsho}hwps6 :N:NsE:WUg.@KLЌ07/X3CrY ĈmMұLּKZo k{|#06 Xejn MJR CsLZDb9xurHMOꬆ4A">tO ogy2:B0 iy[cC1`h$, VzcjGP}Wn[hэVVlFV.p0 %2JSD'AO?^ OTx)m@g3m0Y҆aС9p(#]nt٢aCPCZy4ۦͤ?7pĦU>0rIdi-\!2}.L_4@/z\Ykr_{'G*] L%),!4@[Shd]Cye$v*; Es.W| C7/ǟ/FLU7-q@\qȱY/_t@vW̔;Q^:gy,ӣB{"7 {u,_W{dAz:N'ɷZQmf?#6m]{2j!Ʉa}>3ڝޯM$A.Vt>Hp#)lCZ*ieꎡLhU~8Dy+c0$zpW={oriI.5dֈ{||Le+ٻ 9] = yv|GtfUyz]_[.:M创7W9ךOb\.IdHHXMXۀyG% ߼&cGofrft+8lLTJLx^_J!{pؖbOC4iPt#jȒu}DCM1g;=DZzZbf Wp}.j[-C7neC|>"p2@xM߈!ikQM\dqwoxȕ-d]FJǓO@9 6g C bSSH#hԂzme!Nkhveiހ8O tC_.dm6d]M ÞvMEXO{m9]!A c{ZÒ;t>Ui_<@ !;>3Kˁ%[/X8ǥ;_ް 4Z^ݣm:hztJFM ?@OJ3"^5-YЦ͇{W8dqےl`X6ҿRfIra+% 唖|L-OL@;1{t}wu0xWK7'섨cݓm-H%s G%J _S'#īs/X*/e{&KxCUC_&T%JbWqfӄ\_#]2WLC2銴*V7]Bڂi#["W%vμ#>eUY7 g,xneSd@N Q[54 ͤ:C_CW_y6ίܫ(%0Q)M.CͼK/m˘ƊH{ V7yV{ӎߪITb`y=i܍ }g]urD!X$ $gOgVi*=( EՀBL[i1c[Z3/UՉ^‹$"3w|$]uJ^BBVtոo#s!܇ lDC_CC5&?_=CU˃qK hqYxsoKDQJ(I>R T] |3 L|--dj)*84qIIY$&ӑSltߕJY6{Ǧqw|3 hՅ!̅u~ [  Ec[f*| OuHԪYTw1w]@]3y60g{m;sf8ONC0mwzF]:G:[#Q٤#Ht +KCҬFe4~8M(q좝@l4دhBSoM)46dDyN{#v{ uu;'}ˈR7ӡqovGĽLDRIpi`sSN QF_㈩K{GfQsk;ESuR7XEZ"h9XT@݄ȟYquQ_m$f;])eH0n[{nguB BYM6;gR4(WYd_f\f2 >3&j(f鲂񆅹hE~_v}=4ġ^ޙ \ΐaDUW5ʝ$cw1BKS`.=^6 9`f1x$8TT,o4>Cp1 Ao<篴}܀Ws}/ˡukU/tYh6-/@\ fl+9bs_$GogPOOL3K׫pfUOT1 j{AuͲ|": N # w=i4m`'OǵL6,m ݭknkG&Na?YRQKZslߋ FtV  :6l`m< L)ٍIG9,gGawJ-θ':t;i%5ypHEMahWF 'Z>5M]cs!qlk̖Ukڷ\;SD"th0X4OXuSCTɿGR}1ߓkv\y)_y?]7͍<E><@(8NL\fz>Dqi]nQb d':d}`|p=M@e"4^e@) #$3~~r4$JDcƤ;Z*_B_Ry &!)xl 9vᾈ i#gܥ`ǘdrH}x@+wǵ}ح@.~1W~jC M%1ɊUF e>a`>m {.?y+HpӔ׍kMOh,a8`33Š%־6B`h&? U! )$)|OE_[؞ ˆ1&WBKfh\%'&IG}QBPi+M~[qpWDr)$}$bQ[p]}ĹW͓Z)3&ހqK,5`az2g B ᖩ~U xj^g$O $tw,2ӣPMc"fobW /)6Йw9_'%ɬ٭󷌇V`u_i|>j5RaJGYM N[4 L#O._,*Y*{%alx_lU:&[zk]U=$5r[ 1`7=xڰ8|M2bbaQTRi|5Zi}ӢNeZۊ5<+GHvAJΠCy]UMv3Whw*ŸN01yz1Uȸ&OQ vO`N] ڷ^{gfx\`֣$2%ރX~jgz0?xrҡ;lg=yڤ6q)ks~]\3}|=¨*7]7}?D=`sΛCnELs!{K˨)U]!T_Rp5ĞL) 'r+>gs|UTVzr v$* =?8jYra am他ƒT  CUqkYM&hyAhY_z*,|9:3ia<-x7a@&AT0lcxF0"{L6E)։ge 9<6Bj;` 'L}C:Ӳtdt4?MW8mKo5]qU+ J rV#l Qͣ| Vku)4,:4Z8CO_̑׀p eQ! |)Ǜ`?"8! m7s "ةVppZtBt+(i39rse { %\!S=K`]d)can|3L3>uQ@Noobk1w6TR,k+!)gJ<:奰dDS= "/ 5ZqDwYPv[]Udw^B'FSN1ƆBjv+ Y o Ykd=qp ՑIA!1ޞhPQf_<`![.㘼roGwnv[vTsNX>9I)f -aФu\ U"sSA)tmϨ; ѷ@fRP*N{*\5/y8z\EmJ7^,͚3T,2.4.H M4r![l@o^]bq[٨OcZW^׆4I3{$ڿX8b3a58uװM@~F|X8<=p4t z|[mHԶ fdATuX yG 1U uJOL*eLݑgzsGsv !`y\BOH ,Ys RmCT I MW; TQ.;7*,:}mHb6X:A,YzƢQ0n2ƶSѰ Yejvr2,gZU d/ޔ-T{IQd/ oߺ˿shb,̀1 [3d g֍ Cfb#i/B y`:Yzie¸D422S~4靲P|zEkZ%b!m<39 V_i& ZHR{9ď9Uy 1ajKp.7h J&ɣ' QW!%6qtVh%XI" K O:\br!ֺJ}1Xϐy 0H'0nl)8&F}A9VnN.^XAU\J5-)vW$Dq0xZ'0ך+w)91X;Phـ}i +1umP-)Lku26RFc05~zD[K2B(:щVvKpL& A6i`܃k_^',ppÉx,qYYQ6fˏ!ѽ1IhOؗG1`SۣC^@Eh^E{nn UOIߓ'GNg(a*oH kW+#풉MFO#'x>? M2EԄF#6;Ђ:pY6)b)(xn$,8W |n\^l{dծ>:ȱvjWl:p& f:~+cˆS枤0^vyw]yA}d's"^)ͫRœ$PAwj >+Qcy,M`z;x/$̋8Fs/8 s BTOشx Xn& r\OH@;30ВӦA8gG֬bȫjCTrgWTeO0JZ S3f?_65rtMa4tJD*Dd-(Sb(M2#Ω kM11~^WkOWߕ.eJ`x T\8:;l\V sT9TrIQZ Ϯ`.'PK~R!>shkCtSg1h 6PR-ٖ(Ʒ?4~h,afiMW}2gϥ<Ǧhמf =Q%{ephe1?!3'?Hx^58.Z]%!}Y1S~RSq"۲xA iXQ#SNݎ4a&0?Tq#ۄ˛IlQ)-N_$ͤì^0aF+Zϯ S% vr, I+A1cV۸DF-z]=Qh|7Ygv![ҭ|mzZ/9ky6)6sa+Rh#YXtڑp vU$۝ |}u.{Vy^~M9Hܒ",H8o& z>?+29,H%3)qYvm"I9׽R7tQ,k;%B"9'G/️G?)!(ĀOo`Fs y1K 7e(( hֻZgs =RHUGg =Fʱ>(󨪽1,өȱaxҍ!ard-v8A Gx:=܍EOҙJaZfB󯢢s)@_+wg-(e@ߙ͹ udzݸVh͖EC8,,at!R#l$)mǹ6 鶃 >}x*<>&5Íbn-Vst#oJ,A!Ε IkHz :50+ɩJ-Zn䱖ݱX$}}n/jD7YƉ L'V ʢ]9Ȑm6He8ijc*6kgRN47:-&W"3{tHR%~~xaZ[ZM2t>dLQ.@x\(B~u%8NjeBפۓ}dP1M_ X)[k&,0^3-E•&0`SMnkGsQӭ%l62ӳ%tl`#O'@ytfR?L"`@XpX喒ٹKE/^sTэƶ`78oJ%s%XElM$J2[~=ȩVe?^{CD/ i;7LP\ l]X~yb֏AT)?iиh Mruk؏w[Wᯯ7Fn}Nr3./l!Pc7clM8!lDm+Uhb,^$]*u,yFPoJ]XoCS<C/U@SB_Au>x kIEjlMق]5LTc^IhC#lM n3O L񷔆Wr: szΦ5sA)Q DV}xE48gcx"HuB=OR ּp\X[;Ep.v+!MAX}J$Gu|%T4|hF]GBx}sdq E˫?ej1qG;Xd~#/bH2cW::~(>:Pv|Z)\gR9Wx(:rʇI麟()F1h$.cޝo:(",oH?sb4.ya:rqc҅ψ\d J ۣ\SxN0GаtdRu>)y<|s[8ҁi "K?QXCW_/ǿ8i+p)gnҐYH]"߽ LGZ惝3#HǧxD㐐O6͗Lr(Nli\@S(q"?_Xqy`Dv_Kx^ThݮB3.vnW2K&zo0-d;sU_1O)5 KN@lnt;Io<#a]ݽ<،1Džx9[4q1"k"DAeMBR(E VE9nM3^$oefݏFI[&Fի bka*LC&$ks2 g\< aw`ϪQ`Z=Aγ|Π}fU~3lNڔ}<)Ǧܶw}p'NۣIGkZjR(~Zf 5>h@̦27(Ӌ[ɬ{_ 9[`yTT m@Dr Mm%.`Id1gƦso1JXEэhyxq'i^>LlmJ#LUC|kxNM;еIsRhf.7k :3J J9nd/<ڱ(FK'oox̿(}L['EO ݽ4NC!8S7M17Dضjp1Aq0tS9NZޣRoDi+Mh !pD!lݏmR7˞ :}.NE臖n@;0cŖuBڣs&_IM L \8!̄x=VKۯxWbYO/SZqk,IqUeKb] @lB00Цt0Ğ<-:QL#SW(9ib4Ѭ}z%QZZ=Y#e㬷B4IS= r4y9q(Fh_+hU{I!͡ǫ;؅FO B1YmճO3/٭EUOr7 )?O <$7 lU&ɪfZ- <zXh'eVPdsɸ4xd(dFW6)+_mfsI#e:8bXА/CdZ4L"cq^9zȒkmN@~Y*Ќ8v,_}ė1IF{9g,(vXe.6EEŀG v pf%%!;)!njSs1ZM"A>p4[6<=IݩK[O% 쑤iډ;'`A%G~gV:c&-y#2 Sv4Pqq/[c֣7!&+}ycPMn3e(];̏G :0Y ~l\_:id\Eɚ/CfR*5XKׅb״tu94qO7:kx{'=_X-/teY|q)کgUo&$)۠;dYrD;"7oTIIfT*Mb6}Zq"kZ`av3f -$2H >QʬC.2Awmepa,{9^u4>2T/f6*BKUAyMt\}7S̿aOiaT" 1v/]䷩΅WڴH3uӮLZp|^3K"pl*(2c3I7!%\c"m Ly-ntm9Sl=mlcsz-pI:a'fۈ &g'ܨ,a;onNݬIk}4,wZe t^V2oqj~$:1~V^]u犃G/72ѴdV-nGL^*#=(nC//Lc~ҳ~9j %G=u&Qpzfu^׀7lOmy[c>k0ݓ{ PF>٪]</L%;k벟~LPT 3V"S[6rf▋~RAZ0\gQ%śW-*ke*iOgޥ~:A;nŚ R ;j`X2 _etnmFCꯢt3\͔& Vs#qFLZp|UIq҃?B 4\6GV`ZMv¾qf71lnXtRWrw0{%|(5{7w͟sNmTt\% U5ՏC&jXf!1q̀JM:ՙp蜣(me#V,>ulYvi] aȗϪYD9%o@ZczuU-L#KFC(iicZ{\]NpK]JS5W/G2 !"c^;O֟f]#qPXS.N43qmF,)aivH.ކ2|9V+6eَ-XC DXr'FwȰ|" 4mgɨ'HD:!$瑝3vTkwX \FA˘[YԞLJz,#n򪀪I]X~Vѫ);A;XIRy[y:9HAzy ;($`xȳUyBߩ6!6t}Ea+Qn n=m7s.Ax^%c԰F@! Mq^Hv́~eo'DI66CgD*2uH9+حaV'IuMpȳ z@w6AqsV2' >-^iJ_nw^ 2ߕ@!8l]-q_4*f-ρ rWvOr6bx84OC Gt>sh/U!8M~XV&0TB;pu#3mGPW#DPS^A͍nD;C ȡk"ʟ(T틃J^FigiV+V|> {fэk47.,%AUZC%!dbK, 6W81˂nnEd $]>K倐cJ?M'9ryleE|ZrMWPoܵ2:;klJ:q͇: GΜbFz07J z9qئV? 5BjO@\:; ډ^|fAЎdBQ4LqLw$u0T|Qdu/nE:}}**DOy)̭I-*r&6r(Y /=.+l|ⴌX,P`;nCh干.BwpfTwFlirQ,sRЌt}t2D'yŧ zsIxr 9rFːfbEU901-l{#x( :KC7#}S)bjnٟ޶"=|Mx6+`U ;sbI Zg]?$-eAkZ; 0 213!:r=^ @=nmvbO@C"4fSxcXr54/de/&Yq_84x 'rwVV)LHXuѐK{U-f(OX,n쁇NȚiuq͟& .;Nޓrb `pY9qlB:VFʫiHo gt ha OUS v< Ԇu87RuஜW}f}B:)EJ&0eOEoi}^[qL14yʶ1nƙAn̓\NIԫl6zTMՈu2V Ӝߛ׽0PώCEv8- l[4M!)\ r~PQ )(UM0U(%Dق^+:Ih4h-KsL6.%(۳}}nb*iM.p3aMlG[56[{ jXWS Rk7Y5U7 y Al7,R0JY=l `Zm裄[;Kar/^eU,eCVJ͐ 1ɲq@CIs?=40bBszljGQ*2}LEqXĕgT wYIdo*^-9%eHāA^EoUOWR TL}\ڠ cSPOS<3xGHV Mqi0=p==z0|w~mlB}_mpo \J\Q`lm ('MS~q/^żdtа.47nP61[֮jY}g.ʓT8 =;Jlr1gL]DѨ쫫i`*?ٺr\\H㳂q)## ـ1?|]/}YC\Eɰ"#D@|H! \0MKHx yˉc$_r1“pAygh\8H}oj7 `v1&jmaVYP$Os7&#71"ٺB;’żnh[90 fs=m/=0k?~w*.'aBQ :ZiW=?c#;1XXW~mb=A\AYoF%/)k)4!1 z rqZ8_G(PsO`o'pvIJ/|@x8wd",5ex*SDJ <\Cد6r*/99k~b@LD}xvgӆ\۬fͽ,O^ښ}ujjyt:DJ'gf$sV (afN]BTw7\`@-\^pF=OSˢm}jsWla6˥#w+~oe*,/lc.EtB DKRp$76HOpdYwWK1D^'r)4L k'/Y/acEhtLA13ewZOXN v\36.ejnAf:ZW]=Aȍ+84)5Bػ .55Dx:n7C*HsFswJH{ @½˟\VtVtIi^H۪&> >>]͠H*$Q=hJX|e7%l`4m@A&6!IZvYBX$'ZnO:.?ȝ/ 4Jo"(Z>dS5$)tXO*gR ùIKs+P# .,$Tko^9rȾcX3L̏1x&K 0oSD Q O:84A X 6gH0WXDۖ8&|c\àTό,X~n3 D PXoxQ/ãO߼| KL }==%*'ul{>'Eh`iUi-%qYP^ط5±č!blpT64c}ĐGt4ZEb'iɦ.ʷס`s*3 n䝞X .4uøC;Ʀ y(!ӂ+KMsy X 4Mj*I>;|omPݢ>ג-n#;|[](}ǒJkh& r ^SJ&=Bhk_oڦM |e=Hl'[o ϵ=0zɾ4Όŋ&` kƗhSh -pR#7i ci|+ⲫW+DcI!h]!c/w#R3kJx _`lR ʟ ~)\-P8fM\`Ll$6>G/~0e^j%`%? !Vh4BF|Uġy)%+ŸQ|\z K]gؤ )-\œ'=K"ȃ$qSW]Mpۻ&WX7mw<$Sű<|#Mw.14qЄkrp@!2!fd/ҭOr!( 邻vE.^6>pqĈ0t(c_A ܭw \$ްJPCv5*vܻof&ߜAˍA/2Y2f:-VgiĤ-*mgGE;WCea&iU䞢n/i;!3`l{a|Ǯ\="2uȄӯVH<'\'#Kel\l '`aVWٶ^N@+ժ)f]# 7"BsLUW)aj 5?}dJl0!`p=a[ +Vv;K^0̺%]Gn9GEI7Qj:]4)B-7ƹqCY/jnzؐA@G=0?u r2}ʹw'Wτ4RDWw]Z0*ª"zQ+|T c #?w~oĶnK;K1@oC-#?1ʼZ~nq ܇>f(*E^I*X?++Ox%&u2: |ʶj'vl2M II!ܗj' ^x}E&}3Q xvXoh#64RN?P+['"QU@[FHQ붡S,?(84B8aU$؈SpBrh퍩Z1Q Ç'z=W[_F?UuU @^o:h "v!+vg,-1^W')pڀg9AK:G'LP4;%ڡ[qw ?ZaޒHBr,UM,#"nV8\64?]"CƋ%s_ (ӯ[>HȪQz4ń y{r֕ X JR415\+Dt>.ZKiPTrۻɾK ^Hկpi:dYG-> o.p'nuB:՚mTS7#2zY`+R`⹌JqgָvfU m/;=x$OAƵbT;_?c,}=ad/w7Tl<<)m݆=0_va[?\Ez;`\>.Y0*TNƋ;/)+> ĽJurϘ!'& R945)Ck;:G3"q"Fo(g1?EYs2h6/"vAW`^#6uaI `] ZB vݘ68V/ MxF쟇`bKnxRe<_CЊ " ʆ U >OQ8pm%ЫiN%3\@ ,ݱg! `N Z1 "Nփ+GU\bZnBz"uI֓~㒩0˥xp~:Y7{Llj= }?F&*_sL{vpX6͘ł9`ہ0x.o*7u~oV`II(r̄_> wH&[a.ТEc]!xx=k|?[ z);S!^uwDk6lY hGr8wh} qLEwkâgQp&}JIг8jʱasBb߮9ݒ [)r;,x 1H,_P@]!Mځ~`$mhrWksCMʹpqIiժ{W5{bc?)t1vC<_uOY$ }/FX#pȾӧUA~ ,ӊ·an32&ɲHrbF̡o<'ڟ}B!4b]a7@έ3TnRjupK?@nK )]ڽ9(u[ԃBׄˉ@a咢޲jdr>&=?E`GVVTÔ.؉9OT"Rp{FnD09u-9(iik'N`OSŢN~5?~avs ]3/NIV{g 4޿֧ͽČd@x))>``hU HVT f@NÂ_uVA.{T=cZ!eQA4%[biChVhƊyXёB4_@/輨!>kyfJ>Uz=m+pz Nۤ)'i)9ѻ^]QK~d$*z3q1|.*,cD>9/)JT1'C(~tM3f˺ogG|B\DPe<2W^HX틥3%w?w:qp.wڋi?Kz*N"yN/YpVP3Oa6$'/y68>̬}V[̴4, *noA =w q ĜGFHma?sf'fL:O\ҖXj+mw3*5Cہ]o` \ƥiDIKyʎ>oټQVq_}ƛrmLl(<'`∡jvh.=Os}m8$rޘY@1l~\ƓvծsnŞKyVkiq]5f>Xʛ]xyG8#yڝ&VŰI>@!T. ɶhq0Dnl-Y_4Bjm[6t3cHV"H_ ]-Kv=|e]@ކ 7ZK|-ŀ.ve /Gw xN!V5 r{XMrٮū~N"6~Mas0? 1!1Awȁ%_n% T7)!fAE$P2AϘ1ap<@5>h#_u^8ׇ_Cٻ5e/mfq$z4 Ul S!.Aykk1Jo\Dӕ| FN=6.byNEޣ7ɭs) CZeDHO ]izI9`PRĄE*KEX#6yT'yjF飣l&-{&U`S' 7j||t*vc E}H0aɡ VB~<`<хCm(}r½{0rˏpWݵἶ%31\V?My=YH&7O.` V39kZľb#p%`~n/7.SwR4>@Fqߪ{0@Wd4mrĉ֍ qk:#م35I[ ?\&-|(pav$"L/[LlqQPx9 9ƒt7=<}CѯF&\\WVQ/<.-% oį)8Զhi3$Ϫez8w@"2WCiƍfvGCIꭞf>)< u%kY b/n]Y\5A\p;o-Z}nTtPi"pCn5"2Lja2f3q.o~x'ƧrH wv`QVL> \'( kW0YS]`83H]OE3L\AS:6$TKgZx# X'a>~^z }3ÓXf@:Š߿PM|u%OBj߱e81kLe0eF:{fɴ {1ұsR3nTsC, XJgObLaCqp` NM(|%4-PK5;1Ne  À{ 5M9(i(0i#j&Zr>ؖɵ o^_$IS^]S'cnmmY}|(ä}iJn$'p$ѰYk! bõFxDO:|%;࿑Qг*jc-G騊)8WĮ;{Ԭ(pWKU|/̧ց1p`1 ^QM|4 Z_!s'dU3ٹ+CTX bjR HKV!1 /)gXk5'g}?)QɷS臬%ʲz#Z3ü={}T),0.#(\;$uhpLB%ޤgHn&Zc&Y6ס\ Z9ߞX!#HyuC5㔎$ȥŲ*'uxŢ=U<R~Nc2z::*l\ cV`S4f8dsC2=IO*YF!c vk2:sQO3:c n:U` E W.ǰ',M XTrίB0Ck:ܹߢ:ZjL&<Wzmk`Pf?,K T=G(cQ4S}=󕔽r s=ZDvAPږ;'@u)ֹ;}%9"5 cKt(Q@DJC_E)cnE]TC2(Jqq´{Ez@i^'܁c$L y>NAr\ w¦`d=u/B3J~Np WӧzUVǃ ~6׏. {Ufx` u j7 n$M)RUa^i\}LrY/"W*^?6~Hd|0U>lZ 9&7e,eh [֝ʊA̼j7>%xS {eO@IBA-,,'X'3ÙKf YOWt]cm>R"uNЧgϻMV~oE~ ѷp5cgfQ^o|U-aϯ:cs1RAû|}vA8`?W𑳱4Zd8},'kSߛIgRBV4 M޺ kVާ0o-AGJ=6"/jCCTLi {Pj@<& `T B[k踃ݣ^>'-qA,  ~nϯ? #S 2e X}cV mȀ0(vB䓏!б ~BS>u[hIn eEh6Fj/Q\)0Gb4 /?Nݝv릛H†n?/}AIWx]C_@ˣV/֪+_Vi:#h\6͑KQM ʖ"U*iKőh FxYMXj^O[0;0򇙨DԂ d n)4x CfYX5uĕ%< SWh-@r;WIB1)E4ўD^~ɽ\ڂ[DWSp\aSW{o67<BIܢr[nezZsoXswIYZ˰X!Iٱ'ԛF((@}@xSuuƔB#Cy BaT= xLMe&BT;MaT5+ TH5D_1y3xSug0|KdPɠIl-G4Jb@z}<{!Enܯ X+pR,\8˨o"17.N+Wװ8 n!]W>1~\{`bX&LA?Q"<fbYfx%2l 1'@\D=I]im񰙶'o ~&;B)gYJ _n4|"spi.Y*?q?0^~8*pLt}$,Mg6;х'+~ԃvy0frY ΋ǔZ;AAYoDg0vMyX}@0+#b065[Y"dý/C4hޙ7T~M Vpm&MkNdZqA-rJ<^3 rA+Չ}(#?Z 5޵)T&'%ca$!'bQ,]g`dxh05):*uE-x2e[n^;2;i rrn%jBԼ|Km g-POZBT?,lv83܍DڞמQZoS,Q#ݺ ]0TJ˯:`/x] +Pv(T+=0R.Q 0Ƭ񊝃sDp%K}?bJ =s@G3KK)ȗAfӷUXe~Gqt l$K!vgf+!RWnc6 6kx:᠊wP]2}Q9^pRO";@s53Kgr/0ץ]ҩ_U vٍpy4*-)4<eЅ :ma Ɏ<-oLLLSpZm_bC{a' @VKb[gGQ5 UEnWSշVADG-SnMmbd^ 0E5S912Ysd<Vpg`+E*Q,mh˿Pj12T!Bfr86 6|Y(MFz|Sv*e@i&yxD0ZRDɍLk4fS[u$#vHdO#Hʍ3.8ulBD3٘GWL‰6/wz "WDidY'TKtӎ9D?F$%2PJoXe]גހp&w4QVmM}?{> x= &XMr_`d^;ȕjsxk_۸雈`VقwE׽& fGY[f1WoKKi>yH|3zPDy9D3 vlؗD2J]-o 橵U=Fb^HQ=;A ,DU?t!??<~>c? Ӗf%*ھ3VA+ b5k穞ZW}ØHExT#2cv%Jmh8La}"W~{Ggk1YWfx(Ї>D؝n,-1`ށdbpX|>W ]xfΜR><IlL0FgAf.(.S@xl!ye^[I $aes&]8|,φyԺ>`B~ƉN|ւq" "mgT4Jnn`awGX[tɾWdM-zWCw_}-Z9%&^`NYh+ KR_A&Rҙ|7WHdM/0hƀYyK`>nڻ[7=MCG#{߷gIIlUXQ 27}nt=ơE r oᔘդY>+獆tލ-Ymkq?X/g+bK#jXE\ |AkN' C;=ٖbqjg} ݭvvSnIء3[\dի WTђiyI|,MP]9W7v~pt2U]& 9Ӵeʴ7>A,c~ H}>/iyY̺ث h7"J"{FZ6}CzSxE+^|U=@9Ws<^"r7v456qO6QL@-TvM,uM5/|3&yP;ZH ^;A%|<%V["~EyB2:ZٯS 'UL dc쵼4u,YgU=`l$5ܸMo|W2/ѺU _R|-f m;T25?{BXoȓŽ~QI=ĖʊMlU6Sű!l+1ȅ)r!s+k,~j|$lB^G5&EG]w[M 5\siAroKy ~$(6b$tLct-%b[ B1a >TL?̢ jRO顝9JBڣERWv( -[w-y$U!l{=ϫiS/7'%ҟDXvr,*ǥ'wPkxISJؖ1VC,89fws܈,I2F=m@8ֆFNG^LEUd$Y5JJ;_"f~V"7U jnb1p:C ˿0!V6)bR ɵPۂ!6|2*#SzOƏS=K Ej1b"a?٬ 2PSV U9-R̬T]T .Bhi};e?xN&սu ~C lmx{%Ļ yRȍ}-q 0tZP|*[vdE? FËg? *Zr~vb9WJC!0Wzûlۊz&\EMT|V=. %C8(Z*b]*`qpWG^vbEYzW4P0M/+`[o^gXD} T4iTЦRU97CRsb>nr.헋Cw<ۗ4 G twIˈ@ ƫG=9[gR&L(ԠZwBzL- #e8 VD0eC3Win6&wA,aҐA[3e ψcaÀ$ۦL Xҍd6W)?-E$bn:WD VX,!%S Xgq(U;ťԺ.UXqK72Cu" +uO xs5:U/SxXDaJp5X-VPJ䀩͚.9>v[,\nTi]˳@}գcG4hiCae0\]Ղc]9$56HzNWɻ6A>rn2] :pBXgC@{p_|1ice)bhBvkT ݴ%bg-1;.+T843,yY)&en<~F1;(-tXj eTy*juG hv4oQ(+5nVm*OџAKc2c0jd2M^J!RykfeAMcp8z̫s%R,A?ze&@ܙ? ^ 9Q ȳT-|oɜjFы|!>ܜ5>LԟJ;R0ĩ,21 (5X"(SRrs< WRI/Vȶm -DM6XݡEz#3!({_:س;MǦK'8(v~ɇv٣ 0f>hgѱs^jJI>.^OK~- ;3$r(dHi3O?EtKvOmsieMGdB)aqsk=RoWb3C=vYh޶oE މ#Z0eVFRs)b P:n[C?sA=6YlWBd0a7 (tk筪]SSuR} ]n- F,7@rۥ\pZ鼚P%dS5ė=t@d:!!=o=LS;F c%9@[lrF{2P+|>ni#۟?ܱI-f)>H[pO8F澹ΞcY؆<ى5|(kwPN]bF}9qC/C!4fX )z5A5{qV JY)AdFZH4`(F&\"Ef:!˶@8˜ALmE`9 65zl?xub9Ȋ`X"('<~'6;gp9җeWڒ$O MrޮaڽYG B(+tvJs45YĨqgG@⚳kJ/^;3)PpfxL ޙp.Aq]/ql:;^syt/8ӀG^أ9.²}/fP3 68D%.9 UEI }ʮʣ9P#b* 4NpjlDȴ~m_]C׬p #e"MΗ*ׄԀ.Ǿb؆:Gh 2_7܎g4SO&t&'+~qҫ~z)` .6kɕ6+ vtq):gˡN47"-@9rckQֳhND(f-UNK4ohbU|ca߆WZQHsڸiGesu` FwHض@^>o8kl=|φ\Ww?VDnN9 ](FQ'y2%jՒGZMmP:9F,FT}y fİ)@i*wwhV"{ ~qGCQv{~؈# a Xmy[]_BEOe&hzG-BRÐ%Tb8`L}l6{εɮqtե(u"0gLL7jHcAT;oG'lTi%0 wYfkVmh#ԇ L6_49х#GS {;|^2t>J@1{M5(#,RَMtŹ.ͳ -$2 a*Ӫ>brgoKy5>ڷew3D`y} b=t|?FQx,TR9z_Xd,2/T,iWbrX[ΞI@@@y-cp_}oxe1ԧ g[e4r TaQ7֩C_#2f1T>>w6O2^ hU {544` +l:J.FF&_կ^nHӒ]1V4#%'jCMrX?2P^Z4I> &~0b N|Fp̼РMnyezwj u8_ aOGtpSD*}Y]ۇ;^f1.J-t,^|kl:r^ZQO.!P:pǗmn?dmjP$aج8kRee~i̸%R}ŕZPGIВ! `<)W*~O<.#7ѳFoXw+,Q~g4IgmJd#L~sʯZCBg l@&=D66k +R(rtzDZ s&ɋa]lMFMG| >hP|~w]Pa'5 v[UM;~C?MUޜ|Pb'O#GD˾VA+ƛ˺9/xa:rECQz` D}Ye4 *7~{HJ{wQn1aU;ƹkd$p Aw֌ Ts}wz;^-G%z疫*YT [ubt=*fH_C'`03Wf^z~ע k991"?Q@+8¿b*YޔO JB%x2ҩKtx0`Di_\0SS1j-,l#u4ٚսX TL-1Mzԥ/8*IG V׋fK2t,Dt7uXnEʍ8!vn99¿'Zx mD&0_g앺f9]9Jk% WQ.~>D_|pI)T~`ǻ07en6V )¨{ u3܅ %)I;JlYiC3ZWL^AywV2|MH|K$B6`\nH;/9hT:;)R<7oEǗ?&J情Y,9 Bf[K-1t_UD_&>vl"fO(g1!a*ĻqQf]dְ@*Q@;j#Y>*4dg B3]_7Jd/| P׭1$/ |;Vu;cQ*xQ4@֑Au[p1uˡ zCӛ 6Kh=yE}< dY^vE,v_&<?S`l~;IJIyDfPY ?K PՖIK I-l6|8X{T`q?$KlvUm2>B)S݃gL/BGcHJ-l)C!\Di'}j7z9!Kh@j.% xiiœ4+RG/d/\hpk Q6vSq13$Z^}%l9f8؄T=ū< `0Q]4z4?+U[vٮ b9ўL,yKO]q `=(ǛW$*wsGwtQ[/QŸ1l Xŷ/Նrcg~96W9YRg]4xbƀ ȊI/'T^J3h^] U o6+, p읱jS-[ ?@~B{V\*{ГR]?ªq_MBDJt%^g!: XyVnQwL.cUaBpNmk(*tX}){@k蟀Mb+K3c xFzkp~ܮ!8@QٷVp>q權sŚxN<˟ϖzMhE{_àNT%=R~SoehJǙGWZѽ>5t=F {r~\λTx 833Y_ƍ /l +5q!(f{$Fb`>/`R¥Cz&t*^L8/P,!Qw8 h7AĢށ1eZnMMQ7!OdE[ Ksq%L昍y.u`OyN^|MwB&|BC9שN'<>鞒%OaH!uNKiHkՌ%,ם>gⴐ^dFb!@;iR꫆`w*jGt JP1Pm7^?ceC*e~9\s$kݓ ~yz vmS#R>dh ^ -oKk2 Z[PP|^ZmF ,?j\f׍ +mp0kcP۴D' =IGĺ5w$Qy2XTNL>yp6 :Q=QL3iTjsUlץtnL`~0zۑ]|<<+=)g CI;%/iT*z<-;#1: ^f+u@DmZȶO{ :xuw?,tU:pF'XBQZMǺMp]n)j0 {S(`*)c&RpYB:Np@F-ee`l}+t,.(,vj*@A"?GѢ '6'q<.I4o &aGױRe7ːNQcH%RWRN4ۦY^ʬbOy<ʗ[3M:_ (ŞRIm`܈6-q6y^\n)$w6lZ8(+OȒח`Ȣ~z$b^졻CD P=mۂAto/! *8 *Z[If2,znBV%`\F:CNu( qnooV(M|+$fqUB}t <iUF3|g όvNMa[&BNeS"KrӪvl T>W !17[pI.+Ԑt\a/5jjhXdO#:;kkӪ,oixe\Dk 3 D!r`ӳGW sPc& 1Qqa i} hV^"+6R_6cvE;{(Ac@Oh⺃{cJ_ՙ % =}kH1ίN({<}nf{q+rB\{y[T2@V̅Jbv A}_(T\ea5~l~՛Cu}o7DTn٥ttˊO M_f({z}ZmHE>{yU\]݈ܺ7,s1b XK,5ȰgE]~aX(7'%"[;:Ǎ#lZpD4f/:k'LhشG]1B_TRw8J۔GcQ̲ƒ5u'w ј+*Jy^A}̰lzccUZܺ=$\EI eML4vMT-JI2BJjmP/] ]E=HfneEsM# _ˠ*E;"bCjn{,a%2d"FtLU)ؚ‚yˀ ;JDʻ?t 9AH?g|cc4IK*6k;Ivɪ$KGvqJzvCc$JK;ym庍w=g6g#dʮaa##JQ(ngҸg5OFƨM\<?.fY1A޴&Uz|3a/XGUq(@퟼=ֻx^=#w!Q({M:t^H@pb}.0(ɯbQ,$7q1 )bRIb88ݓIaU&:"b>:* fKd1- \9̦ߴbRgX-1dJCZ ͕-'q´_L8-We+J7X A */s宵S)9X0@/%QZZ&G(lH Je>XIM,GS׆m(evKd{FC(QZa C"m_LnJݙ{MEOi u0lAn+i>w }ԺCdw@9+k1%I a߉p%bi*CSd(YF0C?#MkX޲nX/sT{TlGpX{AS,vЌ%}l3JBq'0(הlR:#5rI{֔s{ xos +Rz7Ի a dovF -%3L체"TE.#Kah]*cV 5Lb0d4e~SUvkQqQmv7ń6%y4r*&W8Wf^*@עf?ʸR :Z8ҸuBx+-?J%G!r䦒2]s>]ٽrBJ*CkB߇3v#KP4m0Q,v^"*vo=*1Ż/VDM4{i $3ݖb3wBlSo^ȅE)3 l}dP$0{Q*wec/sroI~݃|KO*A?(PiM sȠٛAImƸOXCުg%kƓ2I NQE/POJ+mpm<[c('h1#cș;?O0s8DH)p$Z˰.QF|}ZyG:2X1h>/ :Q.5GjeǵBfoڋ[<[d_0@ TȮѨ`(`v?^)Nh(q};/8(l[ķyW&y#HW~y7+bdoz].V^65-H[J"ɼAny)Jԫ^Uz T ^Q -6+#@ʇRS+nm<l0{.beeF"bj^b+r2$DNnZYL[DixWIC'[|x+Hjxju%rk pq:|/e]OHv *C/Ǿ~ ڔ|Xc!M+HN)B#[ԭҬA4#;031=m~=\N`>?q>dPM@1 H'E/c92^J(Y!9Ja@Yg6&/1 .['9F}/nC5f]e zju4 ]E'YHw)ElL͹[w/U?>{39:wY@EG:3e@H+eg{MhN9:u(5#W&gX= _{$wNCq7Lδé=0W¥o &1s)>`fB8._(}Ҍ >FmX?֪NDphWugk?)\']{r ƺZ ڛ#X1Ul5|PRZ:qӰpce H*0 t({St`8ґi@y݄IH"fѣM ?܏:cې2:5/R;= L}$}Q:Qfw?\AgH,HPu'.tNu](y -`K E;IxdWV> j Ο6*? rߏan~,C,Xw).AB۔)ϣ8Z7I}NZ~);"d:f!:n-m5۪B-D`^iO'aR<5 Ts=vk|i't7 ˿R.kn. \qjFNE/p|(3=j{q{ߗ 4]Z8^ 3^1ClqSR*ȵbb v*;dbą" qB%6:O9hSAGPF{ I`]$2.[8evmL`ڹ{0Qޡbt|oL ٺU[Mf^f]P 8Kߠ 3I9 o+}Dm-QeޓJCl2&W(e+FV͝".8bXMs#4T{}_#|Yv21kt=֘ 3Uc)76`Y,ܡ4gGkٻ`VZW<;A[Rx)?ֻ/.ʫSD8bFV ss#2 Dޑ "T5" yІfP41= "6]G!z/[ZLz#/.P0zzxKaxl"r8nA UXB+>Ch Âh{$0/;U|ɪiΑ,L]k@9K``EC qֱ-))ԎF$ ܥGC\)`-L>!'цETK T߿bN&6 -8 CѼq(dcDdت=$#ux(^nf|ctܤ%seؤ=v/g f1lj;z'4ly#&L8Sr\-(&io V%JFxSnuC!O9|m4ٮ13`]I^_PW|yr3.騗iWL ڜu7aso[}9"5X.,Km/$W]/nk2Wm )JP|u8>ǀ "jhVX):;o:,}n^_\Q6IvU{ UQ2hw*JpQz9 .6w!Y)$2Eu81\C!m>(gUn]"+bCD.W$-⍾ "EPzvΨ6:T82Wvwa-F`Ty-j }kH+/P;㌮izo my엳3,2ɻG; 'j \NmxG,V<рj7X?DuJ0}aV`E Ia.F]KFPr@rw;Yijw&ixN|@a8Y;䱝|vHXg2H0KׁK[Z>K㉤?@);XCenENɞ8D۞}g=l^FʼnH=o| P> ß0=%QW  / ȱWԚ%Yq!-p?mE˜ܽ,~e5Uj-pb憐rBȃ!dj=6kU>.B EJ69G gf.Xi CЌ&Uzj^c)O:N%ٵxG1OA?4zFܬdˢ e-nO+2 ?U g0棬E7Ə%Z>fRf葕 } ֖a%<.qh? fs3{p1tz&c@e )Vp~^{}P6]GhduIE-46埧P4 "-}'>1H8K:C.IwA7`[je|Cզ>~cZp\Ao ,ℬt(Í5W]#c[Vݻⴶ>hPj9|ϱfiXmJB2=|⁡5=v$$&1ٶ}?x dn\s#^ k U,r# v5&ECx&שuZd .tz<^|.wJ=ϩzAY.A36 `,BgYj`4Vh2m63—ĊDVJc({Pl~@Ko ihV<&"hH9Gj) ]u* oF*?R?`Z3l=2#T#?f;Y6fсǐpхlliI 8)O&^覨˕V`ܥkIM (W6{@CýH}>yz2{)"DsJ"% ǍV/]ҹ2ݮKAn=3Ӳc Ԃz8'|6StY_ȜُQulBT-}rV DOS穆T>51fyP "ש1ꕚ$\zO8(Ŏ©O ͋Z/;K"'LruC0yEjb ~<(D +V{176oWq8 kpqY$jOPk&׃0V5*wS%/˥EYTbM4 MC߷>'!a('QEAW' df^ywˆ4hQGřV;}\+]3}v*[chW^r]a>򡧰Gxwϩо/X'BtC@ EO~FCs<"oK̀t[}Pl. Lln&%cgԽiTdXB&D/5{n/P!`awpB3}Hn+e4L帡)l)~ChQc`H,VS@ 49OZ9kx`J9R M_˪6lB%ς%Z=eh,d,N:Z失C ew޲uDQ2<"I[cS[|bQ!'Ec-K3%2KŒ <7Rj4O]:*lД߶j;&2]J.H=tuwWLQ%ePlj(pk&Kvkm.C];[iZLW(`%H}"N}]$}Z,n3*9ąaTj0 ŝ$e+Η$(Ne&YqNӎӔKMIhZ8kg?[ņa+iQ<~/gؔpP혔HRa4񭝊O:.Tvy0b3:S0J0w LɎ:$EqO1UɡTQ.'Pi"Xs{]ww)>$x?xxM{ WߐX@G: d:8m'0A)O>vKM&vpH[ :Eɔܱ#@ 5,%mq~ލ-б^l<6-miJBQk7(}Um}ye|a>.LJebZG=}6q>r?>Y\JQCR> Bw}џJp49 Y:)g䮬:0N~; ju=t)k2η-.w ĸBJ<:"awg/`l_`E%uVjb#apWUdGK9 W|WRG! Zkl8G6׶lէ1>TdN1hDzf'0L:,:#\0rXp/KAQǔaٞ'9xaLZAdS6q( -\nWU^m8}\Y;Mkٜ@kPbcx?vj̾p;g]smzmlNӂZ,J7#ʞ| 5bskoI#2j//:3GLዖ\JFzʹ#:p>ie2wɄ 9*p#DsI|Itkg-d׿-bc~/R3[8ˋlt]a4 Wpw"hpSHr P4]qE:tu:ǁ66ɴeyi]LSn_U!&zH-ئ0^Dj5 X5L%@E "W#Uڥ;"@&uwL8K5;:N)2Yf;S)WmvDoҏl!ABͼV_ ys[Bb;9 k_މ#aB$PBjL츻UJ*y ԞS v E#a#d ͯ]56|cӟWv.:)3-x.scjurX.ʍ6X?jXTV2`؆2!]:nZE7x-s̭+^ 3Q iBQW-&XQbHL1/{T1Ϊ`ݥZRp#i&S#t$<)CSt ̢E3Xl&FASSkie󠂭]צRڨkjVS3rt?\_K96@߃J`o)Xh>#yxyGv2C~3i3 PCkc*F^7M֛ OZe"JuOOF<JgvJxSPgD/ڼ.vZ3%򒃪^r{Zr}˧Ǐr*9[D!O)-g :yx.u@fɅnWc!LEj)L-?4chGv sD?x5'g6qs6f5-ʮ -PDzK#`?{ UcO{)vZP#˺X=ÎՅ9aWr'.v,pSI'!T .cp#MN*qӞKl1`ҟ$gFN BDIgiS_+~+G:JX% ~j !%>ve!bF7aʉ*>a ɷN0~R6!8ȉG Y"uB?}IY7}Ӥ :}:33q ʲX7 -;͂&ҩe .|A-w2Y0 6!F=lyM)l'W`^Gf< `,ĭ6İ'F* x2ᮟy۔6o(Pw,;dUe-LKՅv(΂Eլ}b~ZBI-aJw7bTTLd}E}\<lA6?۱)%aZBPukpe5 ԇu< 4qiE*2f^j"*sat5z]<;gjCXEM `ټ9>)z}W-~ d[ bx`@i Eg !Zb}9^Qd014(E鏨<~IIQ 1pUK,ꪘ]w>ܿ4RӌٟVRl=J&Z5:HؕWK)~oI%xCA5%"v+ &r#@ԿլBb[+(La{(0}Cߚ v4O6pMB49 0qGnDsLL.Bá tّS:XxI_=gDя/3pgE(xbij/4h64Xcƪiܻ3# kQOVpY ߪ<FMH/0 $sfAiwVϤ_Іg!ᩛKGxu5[oO]V=GT)x;|. BoQJc)|~bb6V `{1ѝ`6בƣDNGbQgM0|V6PU@ kƥ`'~:y|vXEP0Jd)jBA)8;W^!~bye+- XDO,Tqϵ:\pD LijV0$;*ߝet7ʡ\dƯ]=\g[axoc] H%>SC=r!)9Q4--YS\*jW;8. GB/MG!cnchw,Ʈ) >b糂-8uoj _#Ug#QE)+DK? Z9r$x0_r4hۏ5=|8?oaJY@ԍ3z:}ȴ.N_v~kL#xӵ42㟊,_x 6uHzw0V,+mcNhRԌVVA, -D.Z]Mmpme@,Clo&ǁQmBpIʳb]3 FЖQ xVg/c43:1n֨ғ{M!):B0O6 ^ose'v 2!H:Fn5g;wp{qR3z/ ~JTmoꗦwܻ$7r؈<b@#_\Hi=ڰz@eai*&c[rV+:$YlV;"w;C7&Vvx◒l`]\$2VllmZ-OnBgB`H Į߲NFu`97WTF8.^ o!ّXuN]Spc8lGe煯7ҫ$ J#E -6-oO+7ނ8݇11ȈМ&E>(^ק8l% `۠Fh\ U~r>nQʱ8&"}a 2k ,=d 4?z ~L|>a < dY}{꺢ϽEhIIƢ hjdFTVPc}Fo8~Z}L-$bjѩ c\Vvd3|RI4Ҵ-0?̟gT}-JYH%NgT1쎹a< G;דUPR$dSװ mr +'j+!K9-+K# My(")ѹRwD FX~XzVMb*̆8I**c@o 2]8ēf#+k3lƞ.Qe} aV!:^EZt?U8 =]ГTE*Q 7F>qͿwp3SFP'M @j]$+㴪 5ouB I}h&5]Egi?)h׶ag&xzS@޿Ěu-&tulqH Wt-AwɳN/]Tn 5pof7YdeY(ю!.TpI `:,=,fpEA^Ep "0%)CyXYM_f[(4R hH+ñ?\&)j4M3(DSORȌjw}]:q+KK˟)|dS8^&Ds2pJ}MQS@8NCi;ˆc;B&KVn!2/lF_N)(S J7,Egӭ݆1:[vXN>2G%VI7rb|mE|L1{Ďʝf| 0s@d-rbWr;_e^WZ2cɜ&s =t"zwPm!Y/?le 4 F%b40P%D0 cYeF-[wv+aB&?rlq"JoP(ʂg/LR4SLWgg=uQ79¹*tʬi.x&F؝ڝ[N"|lC :juW~9 R` Tgu֧ d*aQ ko!/U"\5ew)Ʉ L,뇠]KAF 4/D毺cZ\ӗ?٤Eծ6cwh ژG%RŰ>H]^DrIxE􎔚S;\G (,Ր9N S:9ߔ۳ E¯L.K{cB>Cmhc0c#= cd)'CskiHs]0  tUv̜;z6)3}Wg_7x fȯʍ&= * q$*oOu;1 w1UТH A7>M4qv Km %AK}m+{mh/ v_:k [4bh24:q [-U)rxU_/s!-ȵ'$u6=x>uI!;'j`G|4& (x 1]u TrV/~u%O%s"F:6^Vџb\}/݂ P+7b@Y S;3/|,rD [c&{PX:s[  ri|J?GDmgr = zC8ŴԿǜ SBR3C@퇈ܟИH} j} iUA(T"ZT֓=yHV#7|+;/n{%}O~ WqbAav/`́m JYИC,5x^-;N!JcJd O -HivƗSo7D6洹demI[@U,}JL뷴Me/oߡ/oY|i8AVAaZ8~i>~ie2bxQ[mK}YO6;?7x^9;Jfe\%i"t)9sU o]3l6ʗfcs[i(I c-W^g^?JCt]`ݳ H건(]4DOJoNiɒݸ?P[ bwv\C>>&QyU^10DۧA#7s*] U泝n[UJׯ*R*ZB_RP5"ëZ@ű!N,Ԋ)G$:!r"A6 ՁO B-++&~ H19=G2+ 3 &iߪ?DS6?t^Fd#$ @`| 4m>iWFÈ_o 7H*e81 q~1d0t|$nv.IO_a Ǝg6\&#rˈ7f(AsȔQcG2h+O[q_ː9eg֩wE!D}[v)T/l7FG^ H*' _2[@n\{ŶUȬfWGmoV INzv[(T55y,. %Y$Rzh2J (+sgܳ7W(:)] ue'ñ%Tvj>: !Lilh-O6e,jeC$iM%&p>eP݋'($=Nyۿk sM{hEh$+^Ho`Aڇ=37I|omO"yC@1 Cggu'H W?eE%?QC jЅ_q~rsՆ[ʾseMڋW'S'xMD1$ڀߟf> 0}\֯=JO4o2;Ynag%Q t)V6WUʚ$/IS\2mr6F?X33ar񻵽P0P|Q:˭$- O]lR[^ݢҧwY7'"jxnEYMŀ~xUCTq0d~2dwA,DP7XZIIzҀ9 z,/H/.)ﳀ2Ҩo!q+mF{'ʅ5'ε\WYNz&O) P͌ng2oIhn=ؗ7ʽ~0?LCPU~x_4SWA\ڪuVx5b9sU $_8&#>E 9o= ␪8hY:KqaYI\MYW$?Yp-~Ix\ >cu1h |unj ]i^Y ۟h4< fG'S(Dt;̕:;K/‘<50JpUCO կ+H#x=ik)eUEd˽H1ލMv$ * xfX`.#Y^0m:|MZ2bM]~ga.bBm U>W^^D\&EG k% nGl?E !cXtŇTl} ~4(e!FW܋P`KS(uٷ9vŤG]i/cJs-g N@;@05=,$"f^82uQ֞"}3"0\5WR+$S%-$Лn}[)IF|a,c{pRıST8~EbPe87V} I}lȄ^aU1h1L0Uh_`MzR ) Kl *P&jJթdbɖPԷȆ~03h" 4xzaxnϷmAl`؊ZW{M0 CցbJ8FS>KX?7hք;I=bFqmz$vDf(r**+@`Y^c~08U] 8n_j-9x 4>g8 "oSfFD7IcB5]Qw^Iy 5;ZbEQԜ73ӈ"%ՏJYyF(cdcы602vUYz%ṡ0g*S_rħ6X\n19l?im\2U/kH#Lt /S:9bQ6D R@R2h,kU7.*L3,I^`. [bMD1*Ucw BfTb-D&5!WYHyQIgE9O*V8yX?'˜=(2sħb&y4S`PH83+uepe @K{aOmE!$颒KEv3]V̠ݮ6*eo nZsC5tK5N}7=Oi/ 5}~< (A 3<S2~ctۋD6UǏ zs= Q8]cAYE(`r*˦'o9"UK3%LrzR7o ܫ[.T zWcgLe" ՉV<qM}Qް0eӥQ=]0VU~i3ʇOX1"/[YXD366Į9 ls,iEP3=^- 0\?;EhLTȑMqOn!%85yT W?3U,@E H 7^$jYۖ, i?b *.YySu+%@|L܍`ncS获V\u}W=~)_b޴.9nV'cѦH"SLT\HE.rQg ECivG#Ӎ-?OCLGyh\e?V(;[@ǫU"5%hY~ ,rvQhl} 5#'= |ahP %VDX+ 9-"U %6GVi= 5e&Xru؉g;09am TL0.-L^8J6N+`9&_. $*Fa;c1!Qs589֤q:d#dT(iEtݿ5X0b2]uYU'Nsyеx f .@'k3XA"D`d۫\́+"#N!U?=3Rpe#-T~8Z +p|߱b%<~imOXd'bP[N3FRŝ"E HWPg [ iotWlp#Ku Al;txzP;u,9M-A6Kk!C]ũ f^՚}YٖvXm}CT6T6CJT~Dv"y<d g9HPasQ"!pu'hc_+qtpЗP_m;  /bzu)zT5dAa 3ӝ91})W{pF^.5aw}If+Fe>v.';D {)8I+4`Z"ܻ|Ӆ;͗C=3yV̓4B|3|oa uij?_AEg}BN=Rt 6UjIyj+>p)F@"0 ZZiGCԏ\,FND`WB S@6@JTGvu<vswp[gOס9)/sQ)u_7uv!=(蚼=jZFIB8r#E̍ pk렻U&aH=X2bĕE!ʼDmF&ubٺwO0C\yס#U0 ݪťVKlj7.oi0g]4X/D}gZ_K+7r"ҕ5)["Ї@ $pqNr]m.fd^-<ı#+NM7c">cx<  j^=zIf/cv CoW8DI}Kn%mU?U!}&Hع/7>g+@YS .0,I e9Si RrtD£M1KfI;@u7ZQ8yl ՛ɮ72mD8ǺOg3]-+*؏O4Lm(+:ǫ겆!|}eewFG t?3 䅅PF+`v $4('X9n)r4"r (0t˗;-hTsWa! 1OOa> GsXMqVc1JXXkDOvT`qjN~L̸͇!\CP_UC2_d:+f`!he1sZ&q%ψ)aAX,%]R#>V)F%B"IMB BGqi. 1V8j}~h̴c跲O}GRe_E0",m-"T%B6I=ÙM%D \M[F2iNZ12}^axCLgEXđm9 ʼnOKu5\͡."CaűIjVB;hnʰ K4+c4N|OHX!rnΛݣN7$$R2AYa˰'2K7HCXr\rÊ.7s "=JSZ BEQ`P"W&״7G*j̣MXMG0^Z@ \}K۞Z<qVOwT V&";Q9=ԛM 1bSeQpQ ءsAFPF b;9)7mo8nl2AFgNDg>M-'MXcV? DTd'7J`1I;2-Hy)5NE]ߑ0$?X"_Nɵ`)\h<ͷC䇇;1?[F5 F<@s7^/ut{㨾p>5#;(XĈMayMWC[R*8Юۑr>~ć *QArm`?HI~Xt*Ԉ: JC88b;yGG'IQ؝(XqRkG֨8s鏤`b֫eS#89ӻR*#LtvgI&@dh@|N9X,=Ii'-2Y2d%Uw% ƃ@UrCI$D(IҎm}:W*r2'&D@T4AsTD0U%·'(s s #U/{v_4nhˁ@wLRxs7o&'=4vz:6rZ͎%0Qh0pqff!_:VX=|k )0 ]o1=KS0eGu Y DӾijy,qRuBq4z3s XGO3v,hPy!>mTU}C5)4ŅO[Ykv_C\|~M1Vn-:G}Ԑ3%&)LKhPۙ(:dKਅ'hUMRun߁>V%> cȸ{j.:^VW R(.Hx0&A%IA\QBj4ީH2Q3a'`1TEAu6iϙ+{ҋe/a2,z *hm!|y4"ԯĶ@+^D7pɓ\LǶ4s֏(˅mTg7ZA:ȃ!ʑ@5^4PJy';ό LM>ϟ.iGe|ǥymݽ?7Dr)(&Vn8xHA-o*C'y>K݀}8F3HrUÃi=l޸W " hf߬CvrB(d>}@!qn”K%[%a BZەV92rϯ ک\#'3}kpg6e%IJ$“*op'`4Mj͗#IQ d0ez'{4m3j NKM[vcvSqaxĪ׍,"dsaX2IRFiN7\{ Xs`. "fsu9sx;w]dp>j,v8pWk]{g.9aژs;y%ެ Q:[ɼq^՚heev @Ǐ0{1uǁhZ+灈]`<ѮTp <v:ACS M5Jq b47{},3VcL34B:bD[Uh؄̐•lYqsVĢ<:EzOF6*zrB?ra}$7ЂqO/ݩCdSW ˑTojwI$v瓒)*o¹.M*,uV(h[|`|9 Iۈo~'/nЍC4/5+v&Pj[7 q]>p _bQlzR+Ktw/A5N˄Ng:Iy 4(2? 000s9-I\Gл7ʼ,z" ,GCX%kEwPߒ=REݡ[qJ0Óo'du@}k9;"ןIuy>? )CcsS :%&;e6y b{1<񅚕 'q" A#{9BW`Ȝ)`7,5΃~÷rWqrU2+HɎcL!횡ř^K 4V8TUϊ9KmbW8[m.=䍾4i7ӂPJ|嗝F}'Lt{TC(7/˝O3HhP}+R>1p'Az%QJMgyuxnwIn bcWۙݿNlxrթ mo+|==3F'vyk;z=bW:(_-:_z61]88g_6`n{j}$_*؆J FA/Gjk9Y#$$lqTXlSU.0=~a.qZ8 /c2 4{TO)9FZIN-ߛLz>-{SB=\=NȖrۋDrpI8&6}(65>2牃I6$a:!k8jc'BWyi#isx-̝:qJ#Eޡ̸x]7/[v\~eq?roRQOf ^6k^ W8u$Py:c JTk?{CMFTY* We14f$:a (m~ 7 Ez=/V5%  ֹ-̬X6A6Qɨ-" iXڻ>wGqS3Q6 8[4%ՆDJ [ƹF' 5 A\ 4fJ<7ljs`va^-1bN.ۏ꼱*޺km027i9_1FCÉқmY56ܬ PFGŘ:9pmo j}:V*W= VJH@q ?h0GRČqy2u ?胶{5P%ܯ '-t"AXC1mkWzTGmP 'a-9*Z6UIW8q'VA Hږ\Ԃٌޗd5U:Mrxt8^!=_ _ 0Q|kΚQnǯ{Sgx! y\Q>("RwG00 TCάPl^1n[ ^-iߍTA*_J$?SWgwԞ~q[F]<> y\$G2ꪪ!GOd#,dD?JE@JO e b+/֓L>5Gi7YY^lŪ?|'T$@p {+E™ Y^3INE6_dy«7bNaȎˣ2LYBJR/ Uw9BgIϨC/[Mt_8p!+V~㙜n-Elhsil:J vVlu6{Ł% |sPf JmLq.%!`/^˼__nZn"9BE[Ida RV\$ qO-."t7XR*E%rIz7W)AAj$LO= D,ơ\_) ]Vw.;.l8C W#;WXhS? 瓟 Wh[|nzh=X[c/ꡞmپaEp+]OƼ'H=rtn!WO s[5He,kѨh>*".c&$_FtU]ёU_d.v 29"{Ɋ6{fGIǠ"y^Ƿ/Fj;h4HRD9'UdE3NréģZwO6$eܫoMYln6 #0m!\S|`-W*z4G(F,kSY:'1 '1I5> ֒Q䞳"xח%T#F0.ʒǕyl22vr=TҳUZEA$! V j= [@;H} >1՛3 p _ݙiOC2` t D= pA_9*U]x{QDypR$u7-y' 1UO(,=N1ԸF7ssPxj7S@V~j^ZL3&=*k$Ii9iW,1*~58x4UJm,T:,)H*pQwGwyȫZ̹k ?yZE>KgLk~~m=Zmu| qiA[,eL!TWSyir~=obWġ5M2]ghF`Dj,G'AWnAAR(q²i1 q'HJXen@Pu*c2f9yNAl}=~3\cj߮)F/%j\2h^{0Όy@ÈSfESqV݄% DY/2k&qO$ܨ?H{%l[>vDZ$gp'JE320H~kAN)r8vLvN.ո١s$JdFhՑ U0i'Ȧ01s%$8XQlL%"ޜlߧjfA\IҐpHAP;^jV5q9̈́2/cO%KnC+*bɀ ;Du'm\C~jmKB5^d11@&2D6,y.MzҒkdmb7O{E4Ͼsپ>5bZu˸ڵZ 觧'}dB A#C8C%`0 CqI1r@/>;bo"m?@*yQ7D>E!51"y^JdY5)]"7!!-JuxPpvO|56Ԛ,:5Z@ߤ Q.)xfr?0^N=n̅'nn\awArS`$.?4?_&}Pgr4^$NH/NT|U{&+u3.l$>"|uGKWس*#jrVL8_3\Ms3 ?ހ攠x 8(m3BpA(xH`$r(`e\SL?7E;(դi(7jhq53i:d'A. WQ]T)q'@_2ܩ*nk_tgH)CX!C%~ <k\ՔݷS]SapN_Vr-!Bg^3,hE25aorOZuKq+L]ȼY2,.{Lna*^Ӫ3+/TGl3"b _S t2 {Vf%:ԶČPML^\(aA,|G|LNDS/\4OxҋY >v>GKxA[@=*~1h?\9se*-eЋF+x&F!P'a }՗'Tz9|"!U{ՉDbX̐# )py+7o2-e (4op[!i!δYAtY;lc"N{])pE``RAI6P 6Oiv*pi`HKv2nMv>,U(k|`$PX~d+<OJg^TAZ*dX3'}6W;bA+>1R|oq_2Rbĕj.0^4!=zSY 6pZnF9rG:qCb\!C}IBNzG8kkOeb+)awJX:Ƨ{0p)r \iY̨P*h_=1+9`_wC`:z+5Of $%،%h$P^vm ^J'cQxI>FqQ.{`uբt\@֯Y@*zJ.p a[6e3}- f3|w ۨ k=msz~ |}ӯk~`‰%u &{$ =sXOoV  gtd;sql}GR9A1KN#k%54Zy[GQR{>OByAߡP,|_Y@ b28DaDJH,-HضvlCrfz^0r@2^&^eBҐOHؘt5[QVw\ V%V5)H]K:\_/\YzzR`p HbLS8|E1Ԃ4ngVS䚓VǛ>5Wp|aKS| BUǒ' T.gdŬ?Q}5:NX!rmܼTgݰ,߻!RUu@Ѽ abMD#kZbWPw:jxl>˗O )̯t]صÞ2a䆐aOyJi:[ٞzSt6) w N{=K+n2R=yLBd: ^vv2-LKhT#U ?1-u*9K&5pny3ג%Ρʰ#RdZn+= XhGKxlo80:Q u@nfbQ-X  $J9#]8}z P K-+~Ɯ;+B~#Vco=ڂ| ~U>(屻jۛ逾ش{4vH=RªGk-mq3M˒4l@!_krp;"_FW_<46i (mҰHyiH_Kᮡ+v;ovHP+^Y-c(e{ĭOT3_Xcn1sMuy>>7 :oʏߨb УU*zdRVb7yLՉvtZka*DJ $Kq6J*ʼn".c#X7iOZ#odW0m y%fvr bjn=P6u~bONygz廍eT_:V!D/} =?5*`Z{cO`B%l&q[_ֈU.hTm?A/GJڳe?ظa2n*Op)ʆh5o|H9F\׊"ۊտ!*#>Ѻc;"V =-b6žSw4  ]v / saK]W;ɡS39ELh&ًENXd3dJF^.UOa*MhIrƱWsnG}DU P YĶdll/h/صÂI8 @J8By=pqBjX;zn;9ըgf]Sw]2oVbzA. =t1( J9 uKW i79⼶e!*bP<~Y r~E12ХJ:v7brg0GRỜ?",0Y!5y~Ciew0݈t.!jwʧ&~\>e uɖ$F,8gMic2#K{D,瀇7m|e5`i ύE2>f3uP&˄b@>"Hx# 4 NJ>:x&ZJ}x E}HZ@(0sq ”ŜvQ5ORNMOL ;:) G!`[/@. 6Xb pTB_ 51.;ڬmtF fȎ hDIԂ旙U w(L崟 i$*$omEE| hud,ix^{$튕T5fe+Nl̘=$1"Nwx}QSӴq![tЈ._$!̮t F!aOFTN&,|O=p0,<:.[gM**K>tIg3T3&ߧ9&A6[Wt32DK:I}]OˍńZՂ,St7\̘ ?Z|9&{w% ߫% R:n>m&P, 7oOw[,r8+w&7沓d7aۮ;ӌj;4U}a,pVy%JFsR]H#blPc;H Cw&tVA9=P]b!m:)ƚt2MjFZ8L'V[߭-Ђ%_Jn\x؇Wc:<8ߒZ!Ͷ{mCj҄9T|[-qdy'b Q#^w,MR-ܙ}EBkT9p| `IvA6fOL"e> 7x{02Eawi NE>'* ܉4/3N!^RC;+-d Ia>pSNO^oc)h|ސv+mmpqMln_ V|8F`1ވ<`%p>uM*mJbpaڨӽAh뵆l78}r[a%o*'pdM &V>חazv n, I wUG jUtZaxoav1Rɗ$1KȌv9*絷BzAi$!*#)) ݤOYc}&02!Vcľ2#K"lq#~ۥ/Qȿ걪~.ҳ$pLԺx$fs68󥙣 )/o@DDǁhÈ7LS}|uP:9Mj9!}-ȡzc~_-v׬ -n+0'#$Ћ*N6@CFD@:&,(eSU7Ծb{g\k eL4:t\_y4B]VH":k6x>[N7}uXrΙ\v6iOܟӑ{R!I*uhL"~bמe}xN 粲a;0i?W&FV7oBe)@ *$PoXG%M1\#0d=kROty?ug0O O =|$|F2.aGBXS 82E`.$(wi' ^MUm[8ra0/>/H.!M{#n*j7t>DQX/'B?!ϯEapl0"0 K(%WIi|Rv@E$C3zpE4z}_HO?s4CPD;J`IcKvaR^xx|!j 0U quFs{'̽5&kG%z`NjW$WF"j h@@ogLqS0$#wo+f*)DĎ26s5e*l*rҮM妺iuL3wuWkKgcbJ RњT&"'w E!#UΞeN gٟTx(EaW.o1Z} ;'W.PDguNJՠ(VڼC|҄i"o5عވSԆGQS9QyZJnT?s5/>^*߃;C`e2\w"8>,'%BZMjQZsb-TVD* iٺzJŸ)6agr %%EҚ9* .1/㧬Fbk=#RUG7Co&ڤ^SqǦ0ٌ'4gmAFh'S,;p5bM\g[=+x `ޚu43$ hl3̊1ՋFIvG|Xş-S!ؠt?.=U^1imuG ;=ЃSӏV5."ˡfCAW6}@<`"9{p+&#Rle"(SЊ}r 40 s>|_ :5B{P^}ч_5C7pYCU*q#;~\qQ}ya\lJ[iц?3'ޙ߆9.|A}ؑl2yC߭Wۢ@Kہ3(=@F=Bgq}vt#Q,?_ +B!ѸЏ@N.1Y'KÅ #xD<=[2 |y$E+V `}ѹ&q b °Kf~u$uteODK })2i&BFc_J*IhIMLڏZlS@,8"py›*/tL ֘4P{̲H\AV.0d6]w֧pm$;JmO(3o-(XUs 4t%-`6$eޑDAT+#LBSQ΍'8nYEU:ۮՐg<>0m?Q+aaq$DX!"D}b`yljc7]급rY܏$̭ Z[&HX#r]@bw%Qq? 7r эàzV*3~?u# X|$rw7bj:%*$XayyF5Y_Vc;*(.{lse|H0Z)U1*[؜IƐNI.bFP)}PijJY$yyS}##{,g]/>Hc -o+cG(,Q/F~,} Nc]cig@eZ562/Y&Th쳅}-H9(@XzVVT5vŋal{㓘3ԛv'tJ i{PSvqf*- a~0w`f;D8Zc3ꪝBB/`,eDַ߰r:K-cH1yDA:ۉ of,m2E<`{rjxُCb. u.QmvcF%XT>ȋJ/.f3̅M%7ڟWr7d x+tspl vw!ou(E%H$?TMм -S~. beV=.\jVl@8Ss-ni cHe"FvhFbP\G(qwµPDʹȽ''A6eorhpSci;m֔{zbY u}\bF52`tmӞη{qic 2M51ނy6$D PE0-yvn`~1C&s@" >R{^g=F*s.q ҌbПjޫ -Qu0C~/:ɴf[, 7r.q|F.!/#/4awN_kƾj4W̔mZ{Ŷ %BH2NG]Ϗ= zĵ٣8'u?#ωJfD*tű03TssߠE!>3 E>UhxN1`ӋC=u]n'ķA}mY|OlGĽ|)o3RJ?Q_ ]G%a6Gj{En"EN:kJZ ?s!Ơ1ɰ~$PuH=g)3ɗ0F(Br8-8Ng?g4]½mur{!A=g'(lYk=!m1 dog'r2Wx!S16m]qrD;244r$3` k\}R~ۺilz$KEC#J9allVz!vV`{DU /RHD@-=rLD4A4_c֚=Xh?"% :zNckp3?@xs.UI~ g[%L(d9pg@$+if}l}N$O>_􄨖ՙ?|EOcN}2`!0B#/w2 _$"Rxq%K٬afxKi]"W/&@:X) KH)4Z.P.Wk}$l5"i:t۰`0JߧHV/T̴{X3@&[*["%1ŵrݨ ~`:Dn6H"lAY%6ߏL8J= Ƌ<Ն:lpƨu*;Ua;xBZWO_=1S@g66$ c7vIK:R둼!¸ ݭytZ+UQO` inӓ ՑZ-ID#]Vw0w^, ot/nW,;j֠ QFQuVE"<%<59|v_eCuڕ _r_vm!qHUE0ի|&QCxr_dZa VQ$x\pp*P B{㦙&};%e,a=ξT$n 0l_ K-R3Iӂ&&h*kG(3D3%_<|>HYK}j]3nCCj]#9*}Jr];jV2`&@ 5{*)}܏ۍ-)w/e,4m/SLKE_>8(qpU-XzU.m-_Yx'u@F0]`'$<69SLYUSB-cYt´ً0ԓK5 9x@kE*.E{ |*|켅bC㦔MQ4,tG}AM-2g:=7_pxcӪG6Jü'f(y9~z@ ͍)S0(CPt#\ 5z HGΨ5&E+"y5FE@xљPFMa32W"