krb5-32bit-1.12.5-22.1<>,쇉\@d/=„A3}abt:+\t>*A$P*oΐeFlw ܬ~]P(1ȯܲXfE!a> :|pUTbԔɶBNQ8a/b,{K4~vBgtgiTzsD<3 ICA&gBdž4LQqV աCvD";Xmb|\)Ui$&J Hސ>=i?id   A  9Z{   0 |  |'+ p+ $+( b8 lY9Y:Y>\B\G\H\I]<X]PY]Z][^\^]^P^_b_c`id`e`falauava` wfxfygCkrb5-32bit1.12.522.1MIT Kerberos5 Implementation--LibrariesKerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of clear text passwords.\@dbuild85openSUSE Leap 42.3openSUSEMIThttp://bugs.opensuse.orgProductivity/Networking/Securityhttp://web.mit.edu/kerberos/www/linuxx86_64/sbin/ldconfigq4p80Dv 80ܡ\@d\@d\@d\@d\@d\@d\@d\@d\@d\@d\@d\@d\@d\@d\@d\@d\@d\@d\@d8ae0268590bbe9dc7b44eee1c532921d9b3bed756b28cac1606de0304232e7c698dc2a674feaf270d0b636e81ccf8bcde5f02a06b29fe2e60ac95c9aa8d85f023ba392003782aed361a232d1a58067b26e7d99b9196c1436b39829628836abf6ab5d3cd9b88ea4a18ac972a75eb784f1bfd79dbe9f36522eaede65b3e0a83e471a53c58397e9ca41364282863b4226f6libgssapi_krb5.so.2.2libgssapi_krb5.so.2.2libgssrpc.so.4.2libk5crypto.so.3.1libkadm5clnt_mit.so.9.0libkadm5srv_mit.so.9.0libkdb5.so.7.0libkrad.so.0.0libkrb5.so.3.3libkrb5support.so.0.1rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootkrb5-1.12.5-22.1.src.rpmheimdal-lib-32bitkrb5-32bitkrb5-32bit(x86-32)libgssapi_krb5.so.2libgssapi_krb5.so.2(HIDDEN)libgssapi_krb5.so.2(gssapi_krb5_2_MIT)libgssrpc.so.4libgssrpc.so.4(HIDDEN)libgssrpc.so.4(gssrpc_4_MIT)libk5crypto.so.3libk5crypto.so.3(HIDDEN)libk5crypto.so.3(k5crypto_3_MIT)libkadm5clnt_mit.so.9libkadm5clnt_mit.so.9(HIDDEN)libkadm5clnt_mit.so.9(kadm5clnt_mit_9_MIT)libkadm5srv_mit.so.9libkadm5srv_mit.so.9(HIDDEN)libkadm5srv_mit.so.9(kadm5srv_mit_9_MIT)libkdb5.so.7libkdb5.so.7(HIDDEN)libkdb5.so.7(kdb5_7_MIT)libkrad.so.0libkrad.so.0(HIDDEN)libkrad.so.0(krad_0_MIT)libkrb5.so.3libkrb5.so.3(HIDDEN)libkrb5.so.3(krb5_3_MIT)libkrb5support.so.0libkrb5support.so.0(HIDDEN)libkrb5support.so.0(krb5support_0_MIT)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   /bin/shlibc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.2)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.15)libc.so.6(GLIBC_2.16)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.2.3)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.7)libc.so.6(GLIBC_2.8)libcom_err.so.2libdl.so.2libdl.so.2(GLIBC_2.0)libdl.so.2(GLIBC_2.1)libgssapi_krb5.so.2libgssapi_krb5.so.2(gssapi_krb5_2_MIT)libgssrpc.so.4libgssrpc.so.4(gssrpc_4_MIT)libk5crypto.so.3libk5crypto.so.3(k5crypto_3_MIT)libkdb5.so.7libkdb5.so.7(kdb5_7_MIT)libkeyutils.so.1libkeyutils.so.1(KEYUTILS_0.3)libkeyutils.so.1(KEYUTILS_1.0)libkeyutils.so.1(KEYUTILS_1.5)libkrb5.so.3libkrb5.so.3(krb5_3_MIT)libkrb5support.so.0libkrb5support.so.0(krb5support_0_MIT)libresolv.so.2libresolv.so.2(GLIBC_2.2)libresolv.so.2(GLIBC_2.9)libselinux.so.1libverto.so.1rpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)3.0.4-14.0-14.4.6-14.11.2\4[Z@ZH@Y@YYY@Y@Y.@WWE@WwW^@V@VwVVA@V0U@U.@U.@TT$T!`SS;@S@S@SK@Ra@R@R@R Q4Q@@Qn@Q@QQU@Q}@Q]k@QZ@QR@QLGQC @Q7/Q4QsP@P}L@P}L@PyWPnO؀OЗOF@OJO'NxNxN=@N=@NHNNS@NP@NNP@MMlM6@L8LeL|L|L@LT@KKŮ@KK"@K@K@KK&(JJ@JY@J&eJ @Samuel Cabrero ckowalczyk@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comfoss@grueninger.dehguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comddiss@suse.comvarkoly@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comnfbrown@suse.comckornacker@suse.commc@suse.comcrrodriguez@opensuse.orgmc@suse.commc@suse.commc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.delchiquitto@suse.comcoolo@suse.comcoolo@suse.comcoolo@suse.commc@suse.decoolo@suse.commc@suse.demc@suse.destefan.bruens@rwth-aachen.demeissner@suse.decoolo@suse.comcoolo@suse.commc@suse.demc@suse.derhafer@suse.demc@suse.demc@suse.demc@novell.commc@novell.commc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.delchiquitto@novell.commc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.dejengelh@medozas.demc@suse.decoolo@novell.commc@suse.demc@suse.de- Remove incorrect KDC assertion; (CVE-2018-20217); (bsc#1120489); - Added patches: * 0115-Remove-incorrect-KDC-assertion.patch- Fix for resolving krb5 GSS creds if time_rec is requested 0114-resolve-krb5-GSS-creds-if-time_rec-is-requested.patch (bsc#1088921)- Fix CVE-2018-5730 and CVE-2018-5729 with 0113-Fix-flaws-in-LDAP-DN-checking.patch (bsc#1083926 bsc#1083927)- Fix a GSS failure in legacy applications (bsc#1081725) with patch 0112-Do-not-indicate-deprecated-GSS-mechanisms.patch This upstream fix supposedly fixes the issue resolved by the previously released workaround done by 0111-gssapi-assume-that-mechanism-from-acceptor-credentia.patch (bsc#1057662 bsc#1046415)- Introduce patch 0111-gssapi-assume-that-mechanism-from-acceptor-credentia.patch to all legacy GSS client applications to workaround compatibility issue by setting environment variable GSSAPI_ASSUME_MECH_MATCH to a non-empty value. (bsc#1057662)- Introduce patch 0110-Fix-PKINIT-cert-matching-data-construction.patch to fix CVE-2017-15088 of bsc#1065274.- Introduce patch 0109-Preserve-GSS-context-on-init-accept-failure.patch to fix CVE-2017-11462 of bsc#1056995.- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf in order to improve client security in handling service principle names. (bsc#1054028)- Prevent kadmind.service startup failure caused by absence of LDAP service. (bsc#903543)- Remove main package's dependency on systemd. (bsc#1032680)- Remove unneeded prerequisites from spec file. (bsc#992853)- Fix CVE-2016-3120 (bsc#991088) with patch: 0108-Fix-S4U2Self-KDC-crash-when-anon-is-restricted.patch- Fix build with doxygen 1.8.8 - adding krb5-1.12-doxygen.patch from rev128 of network/krb5 (bsc#982313#c2)- Remove source file ccapi/common/win/OldCC/autolock.hxx that is not needed and does not carry an acceptable license. (bsc#968111)- Introduce patch 0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch to fix CVE-2016-3119 (bsc#971942)- Upgrade from version 1.12.1 to 1.12.5. The new maintenance release brings accumulated defect fixes. - The following patches are now present in the source bundle, thus removed from build individual patch files: * 0001-Fix-krb5_read_message-handling-CVE-2014-5355.patch * 0001-Prevent-requires_preauth-bypass-CVE-2015-2694.patch * 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch * 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch * 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch * 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch * bnc#912002.diff * krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch * krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch * krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch * krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch * krb5-1.12.2-CVE-2014-5353.patch * krb5-1.12.2-CVE-2014-5354.patch * krb5-master-keyring-kdcsync.patch - Line numbers in the following patches are slightly adjusted to fit into this new source version: * krb5-1.6.3-ktutil-manpage.dif * krb5-1.7-doublelog.patch - Remove krb5-mini pieces from spec file. Thus removing pre_checkin.sh - Remove expired macros and other minor clean-ups in spec file. - Use system libverto to substitute built-in libverto. Implement fate#320326- Fix CVE-2015-8629: krb5: xdr_nullstring() doesn't check for terminating null character (bsc#963968) with patch 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch - Fix CVE-2015-8631: krb5: Memory leak caused by supplying a null principal name in request (bsc#963975) with patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch - Fix CVE-2015-8630: krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask (bsc#963964) with patch 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch- Apply patch 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch to fix a memory corruption regression introduced by resolution of CVE-2015-2698. bsc#954204- Make kadmin.local man page available without having to install krb5-client. bsc#948011 - Apply patch 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch to fix build_principal memory bug [CVE-2015-2697] bsc#952190 - Apply patch 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch to fix IAKERB context aliasing bugs [CVE-2015-2696] bsc#952189 - Apply patch 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch to fix SPNEGO context aliasing bugs [CVE-2015-2695] bsc#952188 - Fix patch content of bnc#912002.diff that was missing a diff header.- bnc#928978 - (CVE-2015-2694) VUL-0: CVE-2015-2694: krb5: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass patches: 0001-Prevent-requires_preauth-bypass-CVE-2015-2694.patch- bnc#918595 VUL-0: CVE-2014-5355: krb5: denial of service in krb5_read_message patches: 0001-Fix-krb5_read_message-handling-CVE-2014-5355.patch- bnc#910457: CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name - bnc#910458: CVE-2014-5354: NULL pointer dereference when using keyless entries patches: krb5-1.12.2-CVE-2014-5353.patch krb5-1.12.2-CVE-2014-5354.patch- bnc#912002 VUL-0: CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423: krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token - added patches: * bnc#912002.diff- Work around replay cache creation race; (bnc#898439). krb5-1.13-work-around-replay-cache-creation-race.patch- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal - added patches: * bnc#897874-CVE-2014-5351.diff- buffer overrun in kadmind with LDAP backend CVE-2014-4345 (bnc#891082) krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch- Fix double-free in SPNEGO [CVE-2014-4343] (bnc#888697) krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch Fix null deref in SPNEGO acceptor [CVE-2014-4344] krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch- denial of service flaws when handling RFC 1964 tokens (bnc#886016) krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch - start krb5kdc after slapd (bnc#886102)- obsolete krb5-plugin-preauth-pkinit-nss (bnc#881674) similar functionality is provided by krb5-plugin-preauth-pkinit- don't deliver SysV init files to systemd distributions- update to version 1.12.1 * Make KDC log service principal names more consistently during some error conditions, instead of "" * Fix several bugs related to building AES-NI support on less common configurations * Fix several bugs related to keyring credential caches - upstream obsoletes: krb5-1.12-copy_context.patch krb5-1.12-enable-NX.patch krb5-1.12-pic-aes-ni.patch krb5-master-no-malloc0.patch krb5-master-ignore-empty-unnecessary-final-token.patch krb5-master-gss_oid_leak.patch krb5-master-keytab_close.patch krb5-master-spnego_error_messages.patch - Fix Get time offsets for all keyring ccaches krb5-master-keyring-kdcsync.patch (RT#7820)- update to version 1.12 * Add GSSAPI extensions for constructing MIC tokens using IOV lists * Add a FAST OTP preauthentication module for the KDC which uses RADIUS to validate OTP token values. * The AES-based encryption types will use AES-NI instructions when possible for improved performance. - revert dependency on libcom_err-mini-devel since it's not yet available - update and rebase patches * krb5-1.10-buildconf.patch -> krb5-1.12-buildconf.patch * krb5-1.11-pam.patch -> krb5-1.12-pam.patch * krb5-1.11-selinux-label.patch -> krb5-1.12-selinux-label.patch * krb5-1.8-api.patch -> krb5-1.12-api.patch * krb5-1.9-ksu-path.patch -> krb5-1.12-ksu-path.patch * krb5-1.9-debuginfo.patch * krb5-1.9-kprop-mktemp.patch * krb5-kvno-230379.patch - added upstream patches - Fix krb5_copy_context * krb5-1.12-copy_context.patch - Mark AESNI files as not needing executable stacks * krb5-1.12-enable-NX.patch * krb5-1.12-pic-aes-ni.patch - Fix memory leak in SPNEGO initiator * krb5-master-gss_oid_leak.patch - Fix SPNEGO one-hop interop against old IIS * krb5-master-ignore-empty-unnecessary-final-token.patch - Fix GSS krb5 acceptor acquire_cred error handling * krb5-master-keytab_close.patch - Avoid malloc(0) in SPNEGO get_input_token * krb5-master-no-malloc0.patch - Test SPNEGO error message in t_s4u.py * krb5-master-spnego_error_messages.patch- Reduce build dependencies for krb5-mini by removing doxygen and changing libcom_err-devel to libcom_err-mini-devel - Small fix to pre_checkin.sh so krb5-mini.spec is correct.- update to version 1.11.4 - Fix a KDC null pointer dereference [CVE-2013-1417] that could affect realms with an uncommon configuration. - Fix a KDC null pointer dereference [CVE-2013-1418] that could affect KDCs that serve multiple realms. - Fix a number of bugs related to KDC master key rollover.- install and enable systemd service files also in -mini package- remove fstack-protector-all from CFLAGS, just use the lighter/fast version already present in %optflags - Use LFS_CFLAGS to build in 32 bit archs.- update to version 1.11.3 - Fix a UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443] - Improve interoperability with some Windows native PKINIT clients. - install translation files - remove outdated configure options- cleanup systemd files (remove syslog.target)- let krb5-mini conflict with all main packages- add conflicts between krb5-mini and krb5-server- update to version 1.11.2 * Incremental propagation could erroneously act as if a slave's database were current after the slave received a full dump that failed to load. * gss_import_sec_context incorrectly set internal state that identifies whether an imported context is from an interposer mechanism or from the underlying mechanism. - upstream fix obsolete krb5-lookup_etypes-leak.patch- add conflicts between krb5-mini-devel and krb5-devel- add conflicts between krb5-mini and krb5 and krb5-client- enable selinux and set openssl as crypto implementation- fix path to executables in service files (bnc#810926)- update to version 1.11.1 * Improve ASN.1 support code, making it table-driven for decoding as well as encoding * Refactor parts of KDC * Documentation consolidation * build docs in the main package * bugfixing - changes of patches: * bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif: upstream * bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif: upstream * krb5-1.10-gcc47.patch: upstream * krb5-1.10-selinux-label.patch replaced by krb5-1.11-selinux-label.patch * krb5-1.10-spin-loop.patch: upstream * krb5-1.3.5-perlfix.dif: the tool was removed from upstream * krb5-1.8-pam.patch replaced by krb5-1.11-pam.patch- fix PKINIT null pointer deref in pkinit_check_kdc_pkid() CVE-2012-1016 (bnc#807556) bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif- fix PKINIT null pointer deref CVE-2013-1415 (bnc#806715) bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif- package missing file (bnc#794784)- krb5-1.10-spin-loop.patch: fix spin-loop bug in k5_sendto_kdc (bnc#793336)- revert the -p usage in %postun to fix SLE build- buildrequire systemd by pkgconfig provide to get systemd-mini- do not require systemd in krb5-mini- add systemd service files for kadmind, krb5kdc and kpropd - add sysconfig templates for kadmind and krb5kdc- fix %files section for krb5-mini- fix gcc47 issues- update to version 1.10.2 obsolte patches: * krb5-1.7-nodeplibs.patch * krb5-1.9.1-ai_addrconfig.patch * krb5-1.9.1-ai_addrconfig2.patch * krb5-1.9.1-sendto_poll.patch * krb5-1.9-canonicalize-fallback.patch * krb5-1.9-paren.patch * krb5-klist_s.patch * krb5-pkinit-cms2.patch * krb5-trunk-chpw-err.patch * krb5-trunk-gss_delete_sec.patch * krb5-trunk-kadmin-oldproto.patch * krb5-1.9-MITKRB5-SA-2011-006.dif * krb5-1.9-gss_display_status-iakerb.patch * krb5-1.9.1-sendto_poll2.patch * krb5-1.9.1-sendto_poll3.patch * krb5-1.9-MITKRB5-SA-2011-007.dif - Fix an interop issue with Windows Server 2008 R2 Read-Only Domain Controllers. - Update a workaround for a glibc bug that would cause DNS PTR queries to occur even when rdns = false. - Fix a kadmind denial of service issue (null pointer dereference), which could only be triggered by an administrator with the "create" privilege. [CVE-2012-1013] - Fix access controls for KDB string attributes [CVE-2012-1012] - Make the ASN.1 encoding of key version numbers interoperate with Windows Read-Only Domain Controllers - Avoid generating spurious password expiry warnings in cases where the KDC sends an account expiry time without a password expiry time - Make PKINIT work with FAST in the client library. - Add the DIR credential cache type, which can hold a collection of credential caches. - Enhance kinit, klist, and kdestroy to support credential cache collections if the cache type supports it. - Add the kswitch command, which changes the selected default cache within a collection. - Add heuristic support for choosing client credentials based on the service realm. - Add support for $HOME/.k5identity, which allows credential choice based on configured rules.- add autoconf macro to devel subpackage- fix license in krb5-mini- add autoconf as buildrequire to avoid implicit dependency- remove call to suse_update_config, very old work around- fix KDC null pointer dereference in TGS handling (MITKRB5-SA-2011-007, bnc#730393) CVE-2011-1530- fix KDC HA feature introduced with implementing KDC poll (RT#6951, bnc#731648)- fix minor error messages for the IAKERB GSSAPI mechanism (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020)- fix kdc remote denial of service (MITKRB5-SA-2011-006, bnc#719393) CVE-2011-1527, CVE-2011-1528, CVE-2011-1529- use --without-pam to build krb5-mini- add patches from Fedora and upstream - fix init scripts (bnc#689006)- update to version 1.9.1 * obsolete patches: MITKRB5-SA-2010-007-1.8.dif krb5-1.8-MITKRB5-SA-2010-006.dif krb5-1.8-MITKRB5-SA-2011-001.dif krb5-1.8-MITKRB5-SA-2011-002.dif krb5-1.8-MITKRB5-SA-2011-003.dif krb5-1.8-MITKRB5-SA-2011-004.dif krb5-1.4.3-enospc.dif * replace krb5-1.6.1-compile_pie.dif- fix kadmind invalid pointer free() (MITKRB5-SA-2011-004, bnc#687469) CVE-2011-0285- Fix vulnerability to a double-free condition in KDC daemon (MITKRB5-SA-2011-003, bnc#671717) CVE-2011-0284- Fix kpropd denial of service (MITKRB5-SA-2011-001, bnc#662665) CVE-2010-4022 - Fix KDC denial of service attacks with LDAP back end (MITKRB5-SA-2011-002, bnc#663619) CVE-2011-0281, CVE-2011-0282- Fix multiple checksum handling vulnerabilities (MITKRB5-SA-2010-007, bnc#650650) CVE-2010-1324 * krb5 GSS-API applications may accept unkeyed checksums * krb5 application services may accept unkeyed PAC checksums * krb5 KDC may accept low-entropy KrbFastArmoredReq checksums CVE-2010-1323 * krb5 clients may accept unkeyed SAM-2 challenge checksums * krb5 may accept KRB-SAFE checksums with low-entropy derived keys CVE-2010-4020 * krb5 may accept authdata checksums with low-entropy derived keys CVE-2010-4021 * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery- fix csh profile (bnc#649856)- update to krb5-1.8.3 * remove patches which are now upstrem - krb5-1.7-MITKRB5-SA-2010-004.dif - krb5-1.8.1-gssapi-error-table.dif - krb5-MITKRB5-SA-2010-005.dif- change environment variable PATH directly for csh (bnc#642080)- fix a dereference of an uninitialized pointer while processing authorization data. CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)- add correct error table when initializing gss-krb5 (bnc#606584, bnc#608295)- fix GSS-API library null pointer dereference CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)- fix a double free vulnerability in the KDC CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)- update to version 1.8.1 * include krb5-1.8-POST.dif * include MITKRB5-SA-2010-002- update krb5-1.8-POST.dif- fix a bug where an unauthenticated remote attacker could cause a GSS-API application including the Kerberos administration daemon (kadmind) to crash. CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)- add post 1.8 fixes * Add IPv6 support to changepw.c * fix two problems in kadm5_get_principal mask handling * Ignore improperly encoded signedpath AD elements * handle NT_SRV_INST in service principal referrals * dereference options while checking KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT * Fix the kpasswd fallback from the ccache principal name * Document the ticket_lifetime libdefaults setting * Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512- update to version 1.8 * Increase code quality * Move toward improved KDB interface * Investigate and remedy repeatedly-reported performance bottlenecks. * Reduce DNS dependence by implementing an interface that allows client library to track whether a KDC supports service principal referrals. * Disable DES by default * Account lockout for repeated login failures * Bridge layer to allow Heimdal HDB modules to act as KDB backend modules * FAST enhancements * Microsoft Services for User (S4U) compatibility * Anonymous PKINIT - fix KDC denial of service CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781) - fix KDC denial of service in cross-realm referral processing CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347) - fix integer underflow in AES and RC4 decryption CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351) - moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl- add baselibs.conf as a source- enhance '$PATH' only if the directories are available and not empty (bnc#544949)- readd lost baselibs.conf- update to final 1.7 release- update to version 1.7 Beta2 * Incremental propagation support for the KDC database. * Flexible Authentication Secure Tunneling (FAST), a preauthentiation framework that can protect the AS exchange from dictionary attack. * Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which allows a GSS application to request credential delegation only if permitted by KDC policy. * Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 -- various vulnerabilities in SPNEGO and ASN.1 code./bin/shheimdal-lib-32bit 1.12.5-22.11.12.5-22.1libgssapi_krb5.solibgssapi_krb5.so.2libgssapi_krb5.so.2.2libgssrpc.so.4libgssrpc.so.4.2libk5crypto.so.3libk5crypto.so.3.1libkadm5clnt_mit.so.9libkadm5clnt_mit.so.9.0libkadm5srv_mit.so.9libkadm5srv_mit.so.9.0libkdb5.so.7libkdb5.so.7.0libkrad.so.0libkrad.so.0.0libkrb5.so.3libkrb5.so.3.3libkrb5support.so.0libkrb5support.so.0.1/usr/lib/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:9482/openSUSE_Leap_42.3_Update/e09c4136424427ad9b014757de6e7b57-krb5.openSUSE_Leap_42.3_Updatedrpmlzma5x86_64-suse-linux ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=ede3ab6e173092b5845a031beb74063f8eb9d552, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=a0ac7d99d9b41a443f0b1df6642f37531c030a59, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=34b3db4d53f7778b66c82472b470cb47f2c69120, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=b039df11e28d289e217a442abfd181c6d3d39986, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=dd4e4807e6335512a72b6e6df23c08b2733bc281, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=4d640200424d1c12430ebd793e792599ad7e74c7, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=4e64d8d4b1cb62092dae9c7fb639ddc111bd9312, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=5a3eaa874184fff007f66b7c0801a1d57a4375f4, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=fcc77883ae23ecd7b1300aea4b3118be7e302bb2, stripped,B[o|  PPPRR"R R RRRR RRR RRRRR!RPPPRRRR R RRRP P P R"R R RRR RRR!RPP P RR"RR RRR RRR R RRRRRR!RRPPPR"RRRRR RRRR RRR R RRRRRR!RRPPPRR"RR RRRR RR RRRRRR!RPPPRR RR RR RRR'RPPPR$R%RR"RRRRRRRR R RRR R RRRR!RR#RPPPRRRR RRR RR RR&RR?0]"k%f.9v^Yﳟ:?%|&1;),Y'Ś,3[ MSPh 4W!6 pR&rJݽۤ7T3򣾷}HgX?CiD-NWwa3pz# u IH@c1"~!\ >;)E o!4@XDoK f}$ 㮿R lݴQ$YE#+◚%*_4Nvm쾜CbFcQ5*_)Z-`&%dJ}Z(:񱿣Dr0!9Vm( l|}q`\20?")%weJ ` egNJbiMeQwP;.` zz}#GL FzM3FUYAL#Evu?rgʭ.fh0$4iN;􃅬0#uFmqpLy5RRkf_8Yc-'JD`Eg=E3-`Gzz4 е&,h:%zN?2'ϮS|edrFQm= s_Yn&Z$rҦϋq?cĆ<!jsT]JrY6h[2D:.湈$-: >ಛ5Dk`Z[@zˑ,v{rAAv& C ,o E<(ZDa?8}^x /$ZaurP܏F\?19cKwxJ #O.>u* ~Mn&+&2_0×1?&:QU8ՏJ+":w nNb720.NlCswVZ)=eVWLJ%`cF JMXVkC?zX-vW!UKJ b1OW@y%$w'@&k 5lT\ǒ|cχ}1/l;Hk5]_ʞo!1[U;%Dȥ5@bKsϹlYp"J%p \ʎ!c)aԑI8,|*m:_8.wDAlDQG4 ;Ա6ґMKK?ILc;y,1]UM^ԣ&MF(O.Fti KJrq}A >DʫR=`ǔ|V-꾤@NlhDT\fi@@nGEև{}YTk䬜H+oz'8ZmE ?k(<.NomnRVWdE3A WA\.֔ xoahϑ!+8)=?M# uzt?\ )S(Zޭy]%/T:SFP\[i`egMemW %)O@,g/Ԁc|kx L2lu˓cW@FM@}PұAﳥҎ)9v5F]^G:>D\jXB>f>"ocP["|qVNW^2FUztE%K@ɟ@B0jTлt[?+ Xs<q -Gf)Ѫ&|tk96jH>} lE1!)y؍&#tYĤۯG~Vy4MRtF}Q_n4:A[Tel@r_zkz{#[I~!f(n(p; :JRB& b% q0ۥd+:|v#ai'yqsZ ® 5n4܊VQ.]I=iMj֤G%-fEcG_6LOu1q:.r੠x$mÏi/c#3b߷sAJ 4u<@64r k62\ 乬0aS0țbg7>D,-/ A>cl_\PiW%gG% O)]7k.([>[i-ZF%>ni3dwf1RsY-*yMM*N|0Trf!tS.C7a:u|_M,xQ*Kd,UV+bL T,̤G) ~VUQ4+zda>$Pp=@ ,RMc:j99hF)[3& K[5h<lEj(DY{^`LI+)EN4gy0$q!\ ǜ&17qv'_SJxk6%L  ncDK$ lˬ}Ea~H 8C Tue"l]֡.eFA^zb!ʩc'3MJhq)F y8(tq`Qe9Y21M̃4R(3ŵ/!fļR# 2NW%*vEMjMݥd /~a'tP"ߴē[kyrW`m%X1;CڥB;*idr1|my|p,iԮSņ#/2:Uͩ~E{5[YK>4Lui' KW_屶`r=6#}VTӘְK)?pGL퓗6=>7sP\3L'lG&Wjt)QdKUo^/#¥d`IܸӮKP>c:*$`.fwzt-cth YjmY|7^ % )=K'O+hn*1eyTzC4'Jqv&Y8ֺ hC9HXZl̂ <,n $K&Q5g\Wk/&vD[V]gO:]tq ̖?/A4f2:='N(1>pTِLkYШbYԹ\rWnb VQr_OL& ؼ^7> w ъQ˧Dx%QyY/M+Y)2j}Ag.;Y)߃d߃BV6@K'u!Ng 7GX{"i, SNV%<\E'8앜9υ0>dâ7Bi[k㣦:1]J( `8oP$"@]$ϜYOx?0%CbQ9n'?!+i$6xܩMVj%O>03 /`">5twz*659,{HFWPfrI?M4|tHP ysw3xz ɜkZxvZE /5[ <1l]SH;׭@ZeϟpɚtPA8`mfEA;FKB,2H$ꎂFf[x|cVNyhC={Dgr;6>l{B"3:DO T2n'CV,2}@d[WO4E)z ݕ6:Eq[ۖ]-*\`9uh䄂1쾟Ajiv=?=R'?&H]*~e9lcI`uRgug3J09o 3(269^ W1 {+"7$~' ,Bbk"6@(@+C?Z(W\T9/ v(Cymlr%WeKk3vkgPFr େ{zMS.#L&υ -=?,~iiolb~Tu0!:Bɪ/raH #~9 k8edGI~wl̇^3{vS`?AmXnYSĥ7p3=*׏7 "]e}Ic,~:TQe =Lƃ֬ ߩE a r!P3x$Ѱ^\_{JR8~2DjɌA@ 6%kvUVkp/Ȓ4. Oݰk6?~; 6dV}1Xf԰?J]4\<)ؿrGE;+w<|[ ǫ75Z>M_?wew`C;\<2GZ_)+ٝ6{@lK69J"Y\+V|f ՁWC:;'v>@ru zPRm}N$} "YF]p|6(G8c? i˽?g=Lӟ>d1%hI7̆*{ 4$2Z[]HN [GkhE(;S3K5«īV5Rќ3h%@c_YZ/,ʅQ҉(5&<&U4L"5υWm⮯8i)WHl ݹa4R\ŐUJޏ'oEBM }tmr0X=Z$0-L򇓍s@UВ> :f5 ,Px|A":.[ B{Y͍ (QzQo ϒ.A#~}>L&)$D5|V]V]d7i7ԷsN% F~#_?1!'ܶ㸭ے3ԣ/'"L:7@+LzN5&- hvkZ纘%T CHN^b@{Z@,w11@q%:PxY(Io>Euf$Fm@jwEE!w@ܰW?GP5ȴ8x BdYifS3;:'Gp(vLʕ*& F-*ڍQ~V$oHX]8  C]^9F aE`í(l6.3 :ˈO_{"v :A˚>kާFށ5Ġ:9ёxjd}4G"2>lHqLI 9CmGTw6n[{m$ODTdBղccNB4t[K#x:/ou33$ | xQrxWm0xE̅jty5M^ .t (e'W/7-?_+!9tkogmRj-J|X^}<4-BR6BqJ灖ېQKz/P[*`c\3~FD ^Wq+Eȉ#> \>Auoɇװu E3hrD/CtcK,o{4Xr Ϲ!b/|3O"&N m TU[; n0 ,hcM£\O4gKM~T! {b|IGx2u;q|>}8]3 R|FCO SaRYQ,y0˰IGi!Fh͖B4\c4ey i`mԬVE?CQKu`8Ǿkj8/w+{&SGetN.,,<=<ʽ}WQ6st`Du9%{J]3)@_稖P$iTvW0ȏa3+E4#UB%Ȃ D㮾}1P  #\ŁЧfz?T.`9cӊɚ_kY0T+~Dcv:ąr{F^])_47N9hDQj˟&Aϼiu -%3't$U>YU870O Ɓ(ÿ*S*{$2U}/6EY0r߂!NӵHqo|յ,cݢS(A DDh,̦ٞ@a7O'EthTPqfP43‰ W'/4QˤF"2Z(t-@(zk4/ع@\IT[Y.O'9H77Ft8`Gf mnNӊYвopl =S@[$s;!pwdjrka̷1]3L#yz[Jk`E vhoAh}/!{A0ヅ*o@-]>߄./ނ/\vٖub0J))#zfR! 2{z#d*!Q2dxȾTD3Ă\j?Aeę Q.$"CfQ4҈JV2<d7*vX(%끠Ak,h@Mv?l;<$WFT m]JdRtDBTҞߒo.<ǔJQ/w'RP/s5~s,GyHj %^KV< ZU VNή6tLGo}z/Pj\q#s[K¾Voh͑#th@ޚ`ي'm:r^r\Z`K豳4B-J I[ y-L)%,s4g_AMdi̠Aq.n, ݸ5Ɠ uL> čmLdhJȸrлM I2tȥRRS4Ŀ(o8;\\1m u>įh^=YL)EmnZƢдSƮfD<@fDzgѝEΠElю)]!&H[#*<% nvW3uN${ŷs.nk!7Zk/A(7R;o [G͵B@Vfco$h5* ӱ D8{3V?؈ fX+hE'x~KpJ{S*~ $y۔(Ac%]`Us#X-ܻ&Rp4Ҽ_>(G@y۫HJMY/gzᩑW>$a;ղ`6J?(#YSЀ|8Vhg^nl5ҼtyfmL.s#nSU,InS̎û5H}h@9vnpggٚ?!+o]c2fҙ9ߡ#85J|γ AJ S[~=ZQ-G{yf2+:{J@iI!0Je"e&cCL!ZGphpP7tɁ\6Cuߨ[ʃպCaj늺8 -'@5^X<3t1 =ƧYVY8rOg1O9\EF>P^4$HR̀u*٠Hgw6?hkFsv6S4*u}[÷3aMTc3bN?"Oc8';oڎP÷6ZcgPz5 JxS !XIh_k`S6N"T}\y\B&}RG+rxy\Ak3L [חհ(p{o0lVIA;b89? ow/O9[^-./gt>S ohY/DWN,(W.d 7F쇹6~B5 o9: ČR!t Xahrvbi5bYooj]ͺhƥotwIS2زw#nK{Lȱ|@GM+Bim͈?Lwn$].yǔ*@ߴ7|5`T1IM"&Tq0&VyކXJI#5_8^'J:}ԵoGJXt@XDǢsXPy.(tڪg2nIcK-'5<XR\*]*a ILvH:x7wVLRM L^)SjA;|30V7%D=Ѥ&͵&RK(in8>˝^wpAm&}*ق,F BS,Xl[S#]5g2 ZZ5ڀ뮈Fyڰ"\wVOo~2$rkc$/K;?UG>9LOΧx.)Q'o|7oym1$)o0z ˯,"vZ>nz( O+<-5'ΧyѸKyu晱= ¶)E]+ r}Q 5:BM:ך]Ki[ںn]^BU sn6Eүt\ L859]Y?_|r)ÜQDzKثN HYΨjD_B"wE^];v¯oJ>+#7y/Ns]`خV)O&}V͌EcݦC !3䍺l>xD %XnOW/D\:|I2L bMfNE?ɢ2J{d]Ȃ(/;ͭt42=M^+; ^ G6:1g Rl) N؆*>ʗqv67.1Q/"$s}4IR p |~֕޺@4kRJoy?L"0jaL[$ I>dpx~~S>i9 h#l ydռSf܄K(z60pOx_x(|fy&\ay~#j2q.D*z†㽸4;-l*d8U9nr bZ lې׺I}t+xgdbZeexz蒇& sF"ƥkdd1<> U {*)ԁcՏ|F촛+y]1B{(d=$h7(l&]54\nКu Eڸh8.BN>ubAjh$Dv1Ў!A T/vaȢ K<<ÌΘ6ͦAj]?LNJqNH5:>~Y[ZLB+oU?~"N"%S FJ  &RK, 552cg||`~m`QbVe55* [30g\RBQh (4%r*s}Glwr;;L<>ƗQ)+ +ݲDcZp-IQZpKbo1lqI]ӈDB_sa c0DƖB*TCc?yixBDӱ4RFWp9[߇GkhPr5 q}!ʀ(LCf \%YhPic !7B^|YՖ1j&k F뻓5>n- Y_~aË〇#?q{f 9pD}a, \랱*I%3fU4WNXoR9%b+M큷%4(pI[ VwסdAWoq7L71/-٣U*N.X[ɇcڄo[at΂Dd&Fd:Zj-(l`»XֺEy8kР;QnjF ђkNk(C9Fֲ2^5Ot3B4M mfs\[5dGH{ptxl>PqP{a_Ey͡0loA:PbRY((hRi O1PPwT-͐ƅ ;uXY˸@:X'`a9 7l`QY"D]&,*p4H8"quwޞ٪mad"_N U ivp CA{z@ɯ-;VLW$S#[0CtzY̰ U@#霽Rcb=?ގ |qlo1|*.\);8@37pPO-[Q)5g|j: uJ F ?9-]›!Y]8qVp( }?NOQs[yo3u||GvEdԬ7:$r6sUG}2e'>͉hhcn#K ;'Ga0fGcI.kvrDGiL|~c6H_*)YM2E{aX,WB 'U*ȬÀo;jP/.fρ#SSC\gݘ6¤j,ű;z!<`?;v`~C,Is4qӿz/|l| 4L\V N p^|.om㪌pUB *>懈F@@U.YniT,uŔ5ֹ."{qDV9bזv-l9ToY7cs]W=+ЧnCS "eR edoe` A+ޅH-nJQ~¯l,/~flz R&JO!!vy_7O-fHpO$X*Zf=ЕNdp7QՑIAS/$տKԋ̘]4Ӵ*CENB1 (ۆnkR`5;ɊQk"'JC2t|럡g4 ^wd&kt \lWݱE|0>-]k>\^Ruf6+%ب=fG(K:/6 { 9sHّl]jp$t^f%$o)](Pan\r{|y4Jl.8x\*b{}yT;Φ'j&eP1f\D6@5,-dz FbKPeNQS^鼻׌;!`/fyo8W[ AUe7msh++B$@{ޔA47iH-5jB{Scy .oN{"oeK8\cpZ?OSj*}7\ǔpѱW7{G.U麰7 @U*ͫr`gRMM?N5@9U4[ۆTa`P3ߙ3SrYNHFQOt`8*)l p`3UȽǷgsxIK+H;Ĉ}rkqrrڠdb} =,{=oŜ9j 2wg}9w<JmnVΘL0%xS`XdJl\i9 욥9eK",]_KQ(D{#tҔ`tz?}o"G4m$%^F9>\IىoV!И 2+;wgOr*4i$rU"&RsRLlEYGSyǯ>E%SOtZ: I2- QGO/Wǻ)syktCD _tĨ:"(wt\!Vlj٣(gdY`͂KM(-9lӥ~& 4䙰\||gֺC8pu z3AL3?ˠCNRCpRXͷe ١7' (yb-ۢ)v1$na4#zZV:yt""~TY2p\r<@Nڋzy`71Jߨ7U=MVրwsFfT@i1Li*v;z q8_D1__v}/% &JTED;wZ 3z+Fπt(zOUsfNDƚS+RxfÞW5?Xͩ`DRB;kN9(y X+4׸t[ȷqs;21o }W;b_T\.`[π.+xiNP-@@¤{&  :x]o')?rόdYŮ^S-?yWoU!w\3c4,JVįTdvHG-%FO წ S"u:y9" K1Tnc#xFn9w>1S(́ >Q#$e<>hhm|Sd?%`k!"GaN;~=&.|@(H$J{1י0d!)_i׬嵔@۪ksZBEO;_ P^u{F#UՎߚ+^Q7oMsrشvy1=D]TR&aM.z; زl|RO\ [1ڨXxAVE{A_7 -&YZhfxFk_@}^ 4gyB=!'Z긬CZR~K;1' qҦo'I}i ȭD"K9Vn}y! Dsg@G`EuҨ*׆!ɜ*~I!&{VB2SNweZe7_|Hu(U<]KbrA,bBhϾʢ~i%?&9ͶP<Òx3[H1)nԲTF#g̃` n"<+0PaW']gVO%l65 G`VE5^j%SrOGs+g l2MW / y:Ƭ1w-"?9&bE! rljHD8>%(Np)#ٌ14(FJ/Sx@-U2_ ߆Ψs|Ʋ1<^HYʿbGW/5;RmSl#O"y:أn0*Y30PXOBo=-KSwb "1}ɀquA"9RW7/eX~OݪK~*TGj ѹߵ&gfjɗJ ^Мf7R 58bؗ9m.Ak3Nk|UpP(X>WJi<ŧ!+56 Qvo 7ΊlV3۞k#:s" }\wb #BaoY_%!Ic?3ZFD^n5h죢C(>M~5bjJ{HyN?s8[@%"BHPf-cQ{B9sNs! LtP,ZS4/m+OS}ꐂ5 IcZsAa)(bdSL 9'EcRȁ My4 5]4t1}2M]c!,;ۭ0nb`8+ $xi;{~l f`u(zD5 ؤj%Z!U9+Ξ"F[y@8NA8>+ܹ)& @M2זwS 8Xt 2.-f!Bq}F\ 2f1.&Bc5rYMCpBV4fn2R #cgN4݄l嚰 D,{zs|ێ(;DeG*٥[x"Ϫ@ tJ}j[P-iC$S@ 2xETj1S F &RWJr#Z&U@96ye-.kސyi?R_n?spѬ],Ĝ*t5H:җk Jh+$2t },%}~wT'o Y6H_NTSqȉ\"$gw Lz\*^ᨩ&*$#\>7ݣ?uYN}ҩ7> d)Ju{ ]Bo\"m2T:=3%eB|3W/ŃVɛDk 2` M}!鬥';ZS3 g#HG\[=$zA֕!y% O <}0]k Zp\ڱ<9@>/ak5jlڈ.ܴykSlyM\ck0rJN!*=n(yXc Ӧ\I'7tV$NC]6_v(Dx@ 3j3>n(DnY[!\pWBnH?1N6׫SΘ?=D?(( cyFmN;#>An$(!_TU¹ d4!x=įqZ~ 6¨{X5nN{/JԆ͖MZ.O3Hr#}隬 Wxm |ZTU0^"'vH?/< [#H KB"οi6)#M}.MHb$x k>&H8ʪX@.xSA#KAh#N\FA+m-_2X. *`8iQ13]D~KczCߤ5,7\i黹C^$N8%OKoF@heR|xVE?I_l]m1WƌĽeAF^E GJI6Ի#4,i+2 _&TrdnD5EGHN?I王S)fA?%.wcy` -h#s)oLLqC6vUwU^OY)ϼ){[h,I]x[[ \s_!2-3GZG]ѵSgt{\NX}B,JC:2*K/ۜKKOhD -KzʲFNZne2b MA\HYW~ -F`[wOÊZ \G:y teKRT-R?W#Y @z~(ֆ% zȊ7orfţY`v8?ܭPsc?Բ* &+OӨ8]$=q+2oqg\{zցгom3;j`lJ1zR\^/0ޛ2ͿȶV~q/sqI2z53SԉyDf]ҖK99;MOg 3LK?c/$NJI'ܔ?}Obʸ@"&xqLa}o稧x Q9̗ ڵ%_*( r: @;ua갧IlSH8fn#K|݈hUy,K1)6moHMO '*q'W+y1T>G=KԺlgQreCNo 3y[$L J5{ 1*Of@:J B]t? !&̲0ieJ"Ymb?{8۬y2.9R^V1l t,.op9NNҐK DͲG~ƞ:ڐA_˩12{KY.5 pc:9r ŜecFgz:A؟ f;< .fMQPbZMMyCZj]\KY"*v4@>EM\bVqbF`1=/QGM6 &-+'eco#Wҧs, L ## ZpF*u#jzl'Qs> 1,~x,57܉+-%*V 1nXI*1XSO>JXבTR#4ro9щ}$IĿnS%hePO'<6`M*QQTV"Qe/eێwn2VkQ7eZbD$D8|pX'9&뙾%+iQh )?&0ӣ@5M,Q݃d-Ğ'E'bw "~`ݤǤSgrT!P\IlܥHݰN5HA`Bsݏ@C3>8ҨNÚnķ%(.ϫ#H#a{S-cp gl`QB6e|k$Q^.Jݯ|cY3fW>QP=.u:oVUdЌ=6WAۡJf)s-V}+@/c> 3_ iρԖ 뢶AIX4UUS@U;b,<@ Kuv6f3Mu/# v\reC.xJY gD4ys`0 Or[) d<1)șWiPH~`d* :|8[;7|dn dM :f%eTF%1D']:,! > (/'?uWkT _=nLIq*Y[[aH RTͱrlq hʐLꚠr!Va*8Rj!+JL5 pC:9Bߛy/VqА\Y <ְ؎Y= Gp\ɕE>d` %?К[fВ`7# M鹹dz?SAc.UB_A]|Ȼ]&n +$޸)cEifw'JXC'o_+i!rl# ԺMp%HW%n2^9/3ܼ8T $ccLŪe^ib~ˍܱOEG2N"H-PRn:nz).IWHྱ-eLJу%CY7cэ' j= )"ޢ|'vј_w74>ljx^Ey"hu)x_zۻT]`sU/*tG6$[7c ^/4:b  ' . ]k.ܬ=%ԜdǸ/n@G1,~4Չ%1!5 HAwu V^JP6l'rĕ| BG0Ր"΁uYKPSUF? PbXap KM+^|10(I%٭fL4G3(!l1X==Cd KCw2m/]?W݆?Ke迳<^DAM/^i d7&9kK ^`VFVJ s$>캳ı/+)ÔݿxUDiV!ehM>L9PEk]1T@Ll'\LU(5+gvkseCG.a3AI/c4 N"cA5LTf!,_ݖ}bSo^Ruӿ`m뿌)Ddhq.p-!=%z <}m{<n+,(3CkTl[$}<̻IzWj$WˆZlG] rg޾ʉqLm˸>tX/~}V> MCOy-7B&fr9βP2o;B&O%~b>H> ZV/0~R QXRMi>B5۳1щx'X 7%17KkWƸ tPMbkYVغ>d\_IL|-?y\бS^eeY׬m[ԭTGV.edjњI:;ý)E<}׬& #7/S-w*7!Qy ~$ǛΓ gEU}eS>OPz'UD8,`%d |sL<0~"CZE)>+\@^L|Úh#.PᑒAk $ܮ=1t3,} ,`ZVi-xl)%cʑˌ}ˍ8o6l8L30 CƵs {(ƈrOYC|#/iM=UX!Px;ip A2m0*@f~ ψuQ 챥G9]v6Y[Z6졚ugbn ͆qGU^q=/'xmp^'%֋lvEWW%Z5hf]̬7%>'mo:p8!i$,Y$Z3kHK*J{`>(5?#XaikX?R$K>\hu?o勩d @͆H `⺩Ӳe񽤓LZMpk#bS]:|r73g FXGS%HS\Wu@ZGfz@ZЅy0 ~3x] "`P/9@5l0!IJhүRg|b&>^BbVyn;ʫY=9՗J]!ȿDDXR֋A٧8ڪ%H'Ir_oi}C,*!Q{z3Wy_ ÷8+*6y PeG =6J6;$<]A{a͈GLz#Z4YKDݤIHܜ~=l56%I{1B<ན#$?٤%-} G^"5b,y1 S;( WiƠxY.ifuuʮ3cEKM &2}O=3VNg^֩<WSNCyZ؅Y&pjh r9HDW̅|'؈ ʸHnfIg~qAADh_: ]fװ@وبգʩS[͇{I'RO@]R 16\&!J.Fia</|el|*JOkYdLp.^٫Ð)ncd4){ns{}%o2_Q9%zĿe8)RO WNʝg{|l_deBM(CiOZ [(u\BtR{N UB2) (5S u] ?YoڐߒRCɥl"b g0HD ΰAgMs쨚rG JQCxsLC?ae!8R}g?)WGrBYaJHܽ|1d)$SB[ h=Y Kз=V>Pvj[rHq3 vƋ蘴? ^`nLj\;&{koOb qW⋵U|o-+Ez-ؼE%U%d >n:@_jSAOxGYnv_!.]"r76FedP֟>" l}4 XX 8WD ȹi"^P;ԸN {z uE] Č:YioTٶ5Xn5namF֥'%˭l6ў !M7GpbNھFڇnzj3打*ϓ+WBF\Lo˕3\O58ee[ɡA*q[LbKΞ۬><Ѵ8jUE.|ȔA5U56riџjkCrkiOd~w3UN͕wJ~ J|&Z~(Xs۔#n+,tqvM9c *>nxNw`|#|)I>rY4ـ W0!Όp/ (yrSv>+M5t0U1qv2ڌ 4CF&`QGn{1}h/2[*b֧E]_;v=SҔI&b aTM~-JFf3 vQ8 Bw=uK1g$I2ʶRw|1拕6R$j򱫤~{C`RdPS)Qlz+LUZ G?`:cF4hRnQT]ykCW7u C9ArsZ+Y}9`]Peu2Fue6) ,(3 %&5SMf-ƽ/w9 sjS3\-f]b6c*E\u:{nI+j #a^+R ٩vyoM"d]bmAR:I|l>]=a/ Ij7v|C_Ǣ5@dDڟϿ«%tEؓߴ}uvFG'فu2/| _R[!|6%Gvo0DB-o~?f^ |6{{@ZJ~')Pb!7Fr1Gӵaw190.;mrgyz,e~bCwhXTd1/vtG]DvYu+Ŧk6qB?[0Bސ#byA{8ЛUvd'.v1wr{V3C8A|B̡hTX>现?~S~*`6o%xF&GZl:5Uq^`g)NE}#@G )t;3/Qb6 ƙFCn^V:Z 47Q\EAY5}i(-TRvkeR"9 LEɸ_㳯cPh}TMD?OIQ;Bpk?X,3/: H} tpЕΡ2M+ʒNxӈvY/42.SrMM̉?&/5` ͱS3Pqc)S.Բ0!n *_GNM!ͨq;7X<l8F.+p E"&]~e%O% N9H <a@"C[cF\M4$G{N2J4]OP406F%"@ucRnaajILK鞴[Xª=|U G.eXZ$o1+>Uetg/^IxC*|Wc7yHw$?ڋGQ%c}p!#C -7HDY6? A{]H|xrvfzn&ߦ㲋0x F>(KwZDILS"07 + #Fl_~?O H*')P!ƶk{u`Ke6B?Z= ":WRʻAABz" Y Wc&A`)Y[7퀚ޖރ.ƹC*0SzJi4bDF ^rQ>:,{*; BZ(%.:1$LR#Bw1Gvlw+F| W'Tn1*0 `b]4>m|= w}{TW+D(TQ&M/nO /hE2j)!(;J8i$VK$pb#RS o] 83s (](4{z1I9|aL sjm발Zii#x9WwЉ m&yG2wX #☢ҝIXxƾ|_ހt}p\/<訅A_K,בN{7e@= _R|DsʗwW'->L;u=Bһ#*3\ ̾I?=C v<0e%2x?aB }