openvpn-2.5.6-150400.3.6.1<>,cpVp9|"ء?ѥNz!97>*ȡQiMzFKM0REX<":,8,E>1͜N%tr#B_υ |b/$h`r8μw%眨A*N5 cR<J;9DXKIg wQJy􎢷 "'6ݷA('QF)4 dafp#1 QFܰ+*i`nDA5<>Ld?Td   V *V lFGa a a a a -ua -a/\a1Aa3&3La445`8(8G88P499 4:<4=o>w?@FGaH(aIaXY\@a]a^/bcZdefluavĀ wƄaxayɌzPCopenvpn2.5.6150400.3.6.1Full-featured SSL VPN solution using a TUN/TAP InterfaceOpenVPN is an SSL VPN solution which can accommodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and remote access solutions with load balancing, failover, and fine-grained access-controls. OpenVPN implements OSI layer 2 or 3 secure network extension using the SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN is not a web application proxy and does not operate through a web browser.cpVibs-arm-3SUSE Linux Enterprise 15SUSE LLC GPL-2.0-only WITH openvpn-openssl-exceptionhttps://www.suse.com/Productivity/Networking/Securityhttps://openvpn.net/linuxaarch64 if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in openvpn.target ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fi [ -z "${TRANSACTIONAL_UPDATE}" -a -x /usr/bin/systemd-tmpfiles ] && /usr/bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/openvpn.conf || : if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in openvpn.target ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi # try to migrate openvpn.service autostart to openvpn@.service if test $1 -ge 1 -a \ -x /bin/systemctl -a \ -f /etc/sysconfig/openvpn -a \ -f /usr/share/fillup-templates/sysconfig.openvpn && \ /bin/systemctl --quiet is-enabled openvpn.service >/dev/null 2>/dev/null; then . /etc/sysconfig/openvpn try_service_cgroup_join() { local p="/var/run/openvpn/${1}.pid" local t="/sys/fs/cgroup/systemd/system/openvpn@.service/${1}" /sbin/checkproc -p "$p" "/usr/sbin/openvpn" >/dev/null 2>/dev/null || return 0 test -d "$t" || mkdir -p "$t" 2>/dev/null || return 1 cat "$p" > "$t/tasks" 2>/dev/null || return 1 } if test "X$OPENVPN_AUTOSTART" != "X" ; then for conf in $OPENVPN_AUTOSTART ; do test -f "/etc/openvpn/${conf}.conf" && \ /bin/systemctl enable "openvpn@${conf}.service" && \ try_service_cgroup_join "$conf" || continue done else shopt -s nullglob || : for conf in /etc/openvpn/*.conf ; do conf=${conf##*/} conf=${conf%.conf} test -f "/etc/openvpn/${conf}.conf" && \ /bin/systemctl enable "openvpn@${conf}.service" && \ try_service_cgroup_join "$conf" || continue done fi fi rm -f /etc/sysconfig/openvpn || : test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable openvpn.target || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop openvpn.target ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ $1 -eq 0 ]; then # Package removal for service in openvpn.target ; do sysv_service="${service%.*}" rm "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart openvpn.target ) || : fi fia Fj#]{-5pFBBp m #pB>)v >,z>?*  . | h9S$ &JAA聤A큤A큤AA큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤큤A큤cpScpScpScpScpScpScpTcpScpTb1b1b1b1b1b1RՇhb1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1cpSb1b1b1cpScpSb1b1cpTb1cpScpSd014ac279d3e98492f0dabc15fd92180f69c8a70993f37a660db7dd851fc41ba569389ce60a5234eb02ab47669ffe09e56886d2949e1195eabc6361cdce3bd6fe2d9ed9278ee76ddb66cb02331a00567fc36a0aada32056afb473bb3f1a31685c6430e35187187aeca952353b8e68dee1fdbd8fbf2f7f1dab724f8a4b10d548579ad325cd47ae152e12cf7dbb15b3b9ca61377209980fdaf6afdb6a85808a07724438a3747863ddc4b6d997c1845378193991b83ef6b343feeedee1e4d899b861fcb78d7e478bb8a9408010bdc91b36e213b1facfad093df3f7ce7e28af19043f3f07149aeaf42a691946735e6d3382bd7e7a0646519379221d4e91106596aa1e81f6aa6fd0f929eb21c7f9c4e5abb5953b30fe333d6b7dec16db98e6718d3460ade068198f0e48eb65d38df2448d33b46b19a4b74185286ee1237ac3ff28deca2f22331aebfea76dfe6d3fda7ca813c240e45ac94d30bca065bdbf7e5943fce666088dd817e24bde55fb9b3c21feb2ac90419a925df05d32600f1c3dc7a86dbb3eac7b0a837d753adb7a4f96a0e9bdcb7068abd993bcd6d38fb4821434ab8974449bcd5f4b0693a15f793d5576422cdd1e36b4b574086665bd58300d4988aaa8446163e7abc5ca32ba658bbab3a4005af9151f5f3f4f9a19b02ebf3c51b157ba66d089f122748ad4764ddbb7a972a677c4c2a79e4fc272ab76d5ac720eaabc370547100d533cc453bbe9b6c22b52b4e6ba73a676042a45b3e2acf914cc390f11c9f6676e9f8cd7cfd7fb42089c16cba3e1e8e517bd9b89bd4cb6cd79e3cc2e1734d4be80f4980f9e5da566cb7e5729f90dd74d81011f5d38cf5064a5c37ac66bfe02f4f47f2186cc5a36c49450a4cf824024e750198bd58c4a2999dd7533d77bb4bb64b5572c74e7a4c873a6650c2e7e2e3b4e480c0785474fc5d198bad82f9b83d6c8b0c38bad3cf58ca4180f6cee4b2a3f29091d5a5229654fa8aa349281db9250357ecab441f941a57f5192bb0b5b57cab19c317dc1a49666c2c24a018d895094e0ce0de6fddd5710d437f3cfa8374a4b650a7a2d37fd30f850e85ef38ad06b7210d738c1ae9e61e049e016bad55ae28918bd51aa8f0fbb91fdba428bb8413a03ca813f0cf2a271382657691cf4ccf0cc13d89e5fe728a70eda954d13c189e1de8e0f568fe87bfe70faeac229ad9b94e15183b01298fb3b069a542ae9a224f310589986cec0424117a3b4f7e493048dd41d2e244840808ce23727fb2ba1468b4fcf04b1f8093ac892398fdbfed1757f03ec63da7801a312d703ba80d4244e11347918a9fab9f89eae922b89f5e3092c74bd674a46a5d8ef1eb9915b7ba7bc59f9ec9ea9efad8963199e69cbc6600352fbc11e13dab487f6dea64022d0851b14b4b95032abe052c538da9a29629a773715d91fca54f217cb5e5c9432338f8c8dc5d0b0691f991d00b911c3c1ed2f42ea74de5ea2d69e0c68ff0552e99d93e780c106e275d32bd83fb78f76fb8f77186f91ffd8f7a876f4210e7f8aa92de06169904458141521266c167e82b52601d3ef6b04595332ec797904e7f4b4c96fd51c11c832003b7d908c9853babf5119827c064d32eac2f1c23a135e9bfe1094c94930fc1541dbca4f36bf0663790bc0ee2a1432ebe9689a33879f286486e08a30ec779f4fa7c817d107cb8b75715c1d32521bdb4dd868ac65683a49f757d3f0c5ee9f1b119488e29a135bb7a79f34c3bb642ecb1a1965b58db0bc5bb400a0399c0121a3855785eb8bb4121b698e30f859739023cad3a5a6f22a14f2defa6a1552233f8b4e985b6e06d1b86070ee59632fab2b67deb242d59efad0cb3f536ee41175550d1749d778389ed624693dea44db1224b4e2b2757bc8842c266c4fefc6f170c094052efa123841b50cd336f91e13fbedf25ef23bda6b5512846c4d684f850268307983599724ab769a8a291f81422f6a200db0c33fc087fa76b4abf5cd46a205ee0d81c17031548f7d27d057b39ce925d520994fee56859aca0801bd03a8dbd93cd636f931509023c50e4d51a27fcd3769251dcc5a1e07e0c3279b7b42d2720153a474d78b7475e8eb813a87018fdea6b9dc26b733af0aa58008275d79250f70711d06ff00e4c747c007618652e058f25e11a3e42513a5278cc13065b84e5c730b38b609d38aa7a42d6dcf8a9afa76daecc089982d4fde51d7d36afd0b699863fb1da7e17c2a333407c42ec79d533ac9212b12a80a925018f175e33605a64fb2a51b8dbe9307262ede23db4a4926a81711d6b4a58be474eb3f1bbeda224132e2b5f275da9b75c95d6adfb103c9fbe316ed3da3a0f3b0adecb112caaf3d25368a60ee36e2aadec5a36c983b8c6c005fd7b06d91e7cd3035cf9dad83c57a2568461eb8858d24817506df14c5f36d2298c9bd9cbbfefbcaec6bcbb64a5dccdc004604391fe65bb430b60e774b269f443b785b164b675f4d12d7e0027bee5f79cde07280573666d9ffe7d29f64561643f1d1086dd425503968a1485c5334e1246ee6fd7cc033179ce5a9689b1446315ebc04aa9350f67962d691ea9c98bf161bfab4297f53c732a6959110b05953a31ba2ee682615d95399af6921334b6e16f3f2b4fe18f380d5e2c9590f0535288ff69a556c40d2a8fdebc56e65c72e290d2260ea749d9491bbe27a8f29e7062a7cd95d56fe603f924f25485611b2d8079ef5f360847b8306c074e4ffd030aa36ad1de431970f83394f92d2e60903ce2806d558b875ce76181eaa0b71cd3276a335404960f48f4f3de32c20e5150568bd0fc3598bf4836cc22c5347b64ff7a3f01f3ee6284440149559a1c1e1ac20ea0bee3fcf3c7b8a66594cf92ba82b6e12758f9d236c73787c4e555a9720f1694b99fd99f38583b70a2fef6803de5ac7540217b2da5d3b6ab4595597f236a183bd9e794c883aa59b5141595636e30ccb1680b46cf9b29c21a5889a72e653ec0334bf2ed13bd26195ad751522771b5d1b46278938347532162a3b1581c7ec694c7e2e256d383868ddbec241be6860a01ad1177cb5be91d03d25ef7f4351d0ba8240754bcc7abdcabff545dda4480fafd5ec96ee70629aeed4de2df2e890277678e5c17a061b2e3c881e8b4b4c1213aab9545b29d35430478cc3847490762f1a6a8d7f45d074141e181040b911440ad37c7f845741ec9cc5fb8e7946d90b29a8392ec317b6bd6359067b850c0bc3d5ed68581774f532f687a9554daf1da63603b69b14239c5a5c57b94d5fbe48799a227356e80f12557da75ae81cd7510838c716f37e6b580da1ed8679582cf8046ea1451adb6231b2ca7398e7e4a528a8dec6beebf021aea342be2017b1432b1214b1a296a0a35ac0f9ec91c876cde3dea48c19b6e38789a6b8d5d524105bb0eff5108a40494c52ada16fb35afb6ce1f4e0fe6891bf601697a7bb3c90fd111ec96339b7a2fe83a1444d339f38c26cafddd0cee9f332857d4bcbac2f6383a3d4fe1d14bec89381658d93f6954fe0eea829e4d98f84475df6191b3e02bb86d478fdd335e5d3b9f4faf6aeb1a30a60e658627937176bdc0a0a496e7581e8d4c6d493c986ed0ac79e31d445cfdf89168cd4412badcda34551b@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenvpn-2.5.6-150400.3.6.1.src.rpmopenvpnopenvpn(aarch-64)@ @@@@@@@@@@@@@@@@@     /bin/bash/bin/sh/bin/sh/bin/sh/bin/shiproute2ld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.17)(64bit)liblzo2.so.2()(64bit)libpkcs11-helper.so.1()(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.17)(64bit)libssl.so.1.1()(64bit)libssl.so.1.1(OPENSSL_1_1_0)(64bit)libssl.so.1.1(OPENSSL_1_1_1)(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)pkcs11-helperrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)sysvinit-tools1.113.0.4-14.6.0-14.0-15.2-14.14.3cӼbgb; b@aa@aX@aja ``Y_@_[f_FN_FN^_@^*@^r]f@]@]>] \n\mA@ZZ̧@Z@Z@Z@Yܶ@Y@YMYA%@Y6@X@XXXXBX<@WRW1@V^VqR@V`.U@ŬUUv@TPT|X@TR(@mohd.saquib@suse.commax@suse.commax@suse.commax@suse.comdmueller@suse.commax@suse.comjengelh@inai.dedmueller@suse.commax@suse.comdmueller@suse.comsuse-beta@cboltz.dedmueller@suse.comdmueller@suse.comfbui@suse.comfbui@suse.comfabian@ritter-vogt.dedimstar@opensuse.orgbjorn.lie@gmail.comdimstar@opensuse.orgmichal.hrusecky@opensuse.orgmax@suse.commichael@stroeder.comfbui@suse.commichael@stroeder.commax@suse.commax@suse.comavindra@opensuse.orgmax@suse.comrbrown@suse.comndas@suse.desebix+novell.com@sebix.atndas@suse.dendas@suse.dendas@suse.dendas@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demichael@stroeder.commatwey.kornilov@gmail.comastieger@suse.comidonmez@suse.comidonmez@suse.comidonmez@suse.commt@suse.commt@suse.comidonmez@suse.comidonmez@suse.comidonmez@suse.commt@suse.demt@suse.deidonmez@suse.com- bsc#1202792: --enable-iproute2 added back as default option.- bsc#1123557: --suppress-timestamps isn't needed by default.- update to 2.5.6: * bsc#1197341, CVE-2022-0547: possible authentication bypass in external authentication plug-in * Fix "--mtu-disc maybe|yes" on Linux * Fix $common_name variable passed to scripts when username-as-common-name is in effect. * Fix potential memory leaks in add_route() and add_route_ipv6(). * Apply connect-retry backoff only to one side of the connection in p2p mode. * repair "--inactive" handling with a 'bytes' parameter larger than 2 Gbytes. * new plugin (sample-plugin/defer/multi-auth.c) to help testing with multiple parallel plugins that succeed/fail in direct/deferred mode.- Fix license tag in spec file.- update to 2.5.5: * SWEET32/64bit cipher deprecation change was postponed to 2.7 * improve "make check" to notice if "openvpn --show-cipher" crashes * improve argv unit tests * ensure unit tests work with mbedTLS builds without BF-CBC ciphers * include "--push-remove" in the output of "openvpn --help" * fix error in iptables syntax in example firewall.sh script * fix "resolvconf -p" invocation in example "up" script * fix "common_name" environment for script calls when "--username-as-common-name" is in effect (Trac #1434) * move "push-peer-info" documentation from "server options" to "client" * correct "foreign_option_{n}" typo in manpage * README.down-root: fix plugin module name- Drop 0001-preform-deferred-authentication-in-the-background.patch Upstream has meanwhile solved this differently and the two implementations interfere (boo#1193017). - Obsoleted SLE patches up to this point: * openvpn-CVE-2020-15078.patch * openvpn-CVE-2020-11810.patch * openvpn-CVE-2018-7544.patch * openvpn-CVE-2018-9336.patch- Avoid bashisms and use POSIX sh syntax. - Use more efficient find commands. - Trim marketing filler words from description.- update to 2.5.4: * fix prompting for password on windows console if stderr redirection is in use - this breaks 2.5.x on Win11/ARM, and might also break on Win11/adm64 when released. * fix setting MAC address on TAP adapters (--lladdr) to use sitnl (was overlooked, and still used "ifconfig" calls) * various improvements for man page building (rst2man/rst2html etc) * minor bugfix with IN6_IS_ADDR_UNSPECIFIED() use (breaks build on at least one platform strictly checking this) * fix minor memory leak under certain conditions in add_route() and add_route_ipv6() * documentation improvements * copyright updates where needed * better error reporting when win32 console access fails- Update to 2.5.3: * Removal of BF-CBC support in default configuration * ** POSSIBLE INCOMPATIBILITY *** See section "DATA CHANNEL CIPHER NEGOTIATION" in openvpn(8). * Connections setup is now much faster * Support ChaCha20-Poly1305 cipher in the OpenVPN data channel * Improved TLS 1.3 support when using OpenSSL 1.1.1 or newer * Client-specific tls-crypt keys (--tls-crypt-v2) * Improved Data channel cipher negotiation * HMAC based auth-token support for seamless reconnects to standalone servers or a group of servers * Asynchronous (deferred) authentication support for auth-pam plugin * Asynchronous (deferred) support for client-connect scripts and plugins * Support IPv4 configs with /31 netmasks * 802.1q VLAN support on TAP servers * Support IPv6-only tunnels * New option --block-ipv6 to reject all IPv6 packets (ICMPv6) * Support Virtual Routing and Forwarding (VRF) * Netlink integration (OpenVPN no longer needs to execute ifconfig/route or ip commands) * Obsoletes openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch - bsc#1062157: The fix for bsc#934237 causes problems with the crypto self-test of newer openvpn versions. Remove openvpn-2.3.x-fixed-multiple-low-severity-issues.patch .- update to 2.4.11 (bsc#1185279): * CVE-2020-15078 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements * This bug allows - under very specific circumstances - to trick a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. * In combination with "--auth-gen-token" or an user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. * Fix potential NULL ptr crash if compiled with DMALLOC - drop sysv init support, it hasn't build successfully in ages and is build-disabled in devel project- update 'rcopenvpn' to work without /etc/rc.status (boo#1185273)- update to 2.4.10: - OpenVPN client will now announce the acceptable ciphers to the server (IV_CIPHER=...), so NCP cipher negotiation works better - Parse static challenge response in auth-pam plugin - Accept empty password and/or response in auth-pam plugin - Log serial number of revoked certificate - Fix tls_ctx_client/server_new leaving error on OpenSSL error stack - Fix auth-token not being updated if auth-nocache is set (this should fix all remaining client-side bugs for the combination "auth-nocache in client-config" + "auth-token in use on the server") - Fix stack overflow in OpenSolaris and *BSD NEXTADDR() - Fix error detection / abort in --inetd corner case (#350) - Fix TUNSETGROUP compatibility with very old Linux systems (#1152) - Fix handling of 'route remote_host' for IPv6 transport case (#1247 and #1332) - Fix --show-gateway for IPv6 on NetBSD/i386 (#734) - A number of documentation improvements / clarification fixes. - Fix line number reporting on config file errors after segments - Fix fatal error at switching remotes (#629) - socks.c: fix alen for DOMAIN type addresses, bump up buffer sizes (#848) - Switch "ks->authenticated" assertion failure to returning false (#1270) - refresh 0001-preform-deferred-authentication-in-the-background.patch openvpn-2.3.x-fixed-multiple-low-severity-issues.patch against 2.4.10- update to 2.4.9 (CVE-2020-11810, bsc#1169925O): * Allow unicode search string in --cryptoapicert option (Windows) * Skip expired certificates in Windows certificate store (Windows) (trac #966) * OpenSSL: Fix --crl-verify not loading multiple CRLs in one file (trac #623) * fix condition where a client's session could "float" to a new IP address that is not authorized ("fix illegal client float"). This can be used to disrupt service to a freshly connected client (no session keys negotiated yet). It can not be used to inject or steal VPN traffic. CVE-2020-11810). * fix combination of async push (deferred auth) and NCP (trac #1259) * Fix OpenSSL 1.1.1 not using auto elliptic curve selection (trac #1228) * Fix OpenSSL error stack handling of tls_ctx_add_extra_certs * mbedTLS: Make sure TLS session survives move (trac #880) * Fix OpenSSL private key passphrase notices * Fix building with --enable-async-push in FreeBSD (trac #1256) * Fix broken fragmentation logic when using NCP (trac #1140)- Modernize openvpn.service * /var/run has been obsoleted since a long time. * on reload, send HUP signal directly rather than relying on killproc to look for the main process.- Explicitly requires sysvinit-tools as some of the tools shipped by this package are used in various places regardless of whether openvpn is built for systemd or non systemd systems. For the context: sysvinit-tools was pulled in by systemd since 2014 but it's no longer the case so better to be safe than sorry.- Fix inconsistency in openvpn.service: * It uses the unescape instance name as config file basename, so use that in the description as well- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut through the -mini flavors. - Use %systemd_ordering instead of systemd_requires: in fact, systemd is not a hard requirement for openvpn. But in case a system is being installed with systemd, we want systemd to be there before openvpn is being installed.- Update to version 2.4.8: * mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free() * cleanup: Remove RPM openvpn.spec build approach * docs: Update INSTALL * build: Package missing mock_msg.h * Increase listen() backlog queue to 32 * Force combinationation of --socks-proxy and --proto UDP to use IPv4. * Wrong FILETYPE in .rc files * Do not set pkcs11-helper 'safe fork mode' * tests/t_lpback.sh: Switch sed(1) to POSIX-compatible regex. * Fix various compiler warnings * Fix regression, reinstate LibreSSL support. * man: correct the description of --capath and --crl-verify regarding CRLs * Fix typo in NTLM proxy debug message * Ignore --pull-filter for --mode server * openssl: Fix compilation without deprecated OpenSSL 1.1 APIs * Better error message when script fails due to script-security setting * Correct the return value of cryptoapi RSA signature callbacks * Handle PSS padding in cryptoapicert * cmocka: use relative paths * Fix documentation of tls-verify script argument- BuildRequire pkgconfig(libsystemd) instead of systemd-devel: Allow OBS to shortcut through the -mini flavors.- Add p11kit build time dependency for pkcs providers autodetection- Clarify in the service file that the reload action doesn't work when dropping root privileges (boo#1142830).- Updated openvpn.keyring with public key downloaded from https://swupdate.openvpn.net/community/keys/security-key-2019.asc- Drop use of $FIRST_ARG in openvpn.spec The use of $FIRST_ARG was probably required because of the %service_* rpm macros were playing tricks with the shell positional parameters. This is bad practice and error prones so let's assume that no macros should do that anymore and hence it's safe to assume that positional parameters remains unchanged after any rpm macro call.- Update to 2.4.7: Adam Ciarcin?ski (1): * Fix subnet topology on NetBSD (2.4). Antonio Quartulli (3): * add support for %lu in argv_printf and prevent ASSERT * buffer_list: add functions documentation * ifconfig-ipv6(-push): allow using hostnames Arne Schwabe (7): * Properly free tuntap struct on android when emulating persist-tun * Add OpenSSL compat definition for RSA_meth_set_sign * Add support for tls-ciphersuites for TLS 1.3 * Add better support for showing TLS 1.3 ciphersuites in --show-tls * Use right function to set TLS1.3 restrictions in show-tls * Add message explaining early TLS client hello failure * Fallback to password authentication when auth-token fails Christian Ehrhardt (1): * systemd: extend CapabilityBoundingSet for auth_pam David Sommerseth (1): * plugin: Export base64 encode and decode functions Gert Doering (3): * Add %d, %u and %lu tests to test_argv unit tests. * Fix combination of --dev tap and --topology subnet across multiple platforms. * Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6. Gert van Dijk (1): * Minor reliability layer documentation fixes James Bekkema (1): * Resolves small IV_GUI_VER typo in the documentation. Jonathan K. Bullard (1): * Clarify and expand management interface documentation Lev Stipakov (5): * Refactor NCP-negotiable options handling * init.c: refine functions names and description * interactive.c: fix usage of potentially uninitialized variable * options.c: fix broken unary minus usage * Remove extra token after #endif Richard van den Berg via Openvpn-devel (1): * Fix error message when using RHEL init script Samy Mahmoudi (1): * man: correct a --redirection-gateway option flag Selva Nair (7): * Replace M_DEBUG with D_LOW as the former is too verbose * Correct the declaration of handle in 'struct openvpn_plugin_args_open_return' * Bump version of openvpn plugin argument structs to 5 * Move get system directory to a separate function * Enable dhcp on tap adapter using interactive service * Pass the hash without the DigestInfo header to NCryptSignHash() * White-list pull-filter and script-security in interactive service Simon Rozman (2): * Add Interactive Service developer documentation * Detect TAP interfaces with root-enumerated hardware ID Steffan Karger (7): * man: add security considerations to --compress section * mbedtls: print warning if random personalisation fails * Fix memory leak after sighup * travis: add OpenSSL 1.1 Windows build * Fix --disable-crypto build * Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth' * buffer_list_aggregate_separator(): simplify code- Update to 2.4.6: * CVE-2018-9336, bsc#1090839: Fix potential double-free() in Interactive Service * Delete the IPv6 route to the "connected" network on tun close * Management: warn about password only when the option is in use * Avoid overflow in wakeup time computation- Remove --askpass again, because it was also asking for a password when none was needed. As a workaround for keys that need a password, the "askpass" statement should be added to the config file (bsc#1078026). - Use Type=notify in openvpn.service to reflect what openvpn is actually doing. - Import the new signing key from upstream. - Remove obsolete configure switch --enable-password-save .- Update to 2.4.5 * New features + The new option --tls-cert-profile can be used to restrict the set of allowed crypto algorithms in TLS certificates in mbed TLS builds. The default profile is 'legacy' for now, which allows SHA1+, RSA-1024+ and any elliptic curve certificates. The default will be changed to the 'preferred' profile in the future, which requires SHA2+, RSA-2048+ and any curve. + openvpnserv: Add support for multi-instances (to support multiple parallel OpenVPN installations, like EduVPN and regular OpenVPN) + Use P_DATA_V2 for server->client packets too (better packet alignment) + improve management interface documentation (bsc#1085803, CVE-2018-7544) + rework registry key handling for OpenVPN service, notably making most registry values optional, falling back to reasonable defaults + accept IPv6 address for pushed "dhcp-option DNS ..." (make OpenVPN 2 option compatible with OpenVPN 3 iOS and Android clients) * Bug fixes + Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+ + Fix lots of compiler warnings (format string, type casts, ...) + reload HTTP proxy credentials when moving to the next connection profile + Fix build with LibreSSL (multiple times) + Remove non-useful warning on pushed tun-ipv6 option. + autoconf: Fix engine checks for openssl 1.1 + lz4: Rebase compat-lz4 against upstream v1.7.5 + lz4: Fix broken builds when pkg-config is not present but system library is + Fix '--bind ipv6only' + Allow learning iroutes with network made up of all 0s - Includes 2.4.4 * Bug fixes + Fix issues when a pushed cipher via the Negotiable Crypto Parameters (NCP) is rejected by the remote side + Ignore --keysize when NCP have resulted in a changed cipher + Configurations using --auth-nocache and the management interface to provide user credentials (like NetworkManager) on client side with servers implementing authentication tokens (for example, using --auth-gen-token) will now behave correctly and not query the user for an, to them, unknown authentication token on renegotiations of the tunnel. + Invalid or corrupt SOCKS port number when changing the proxy via the management interface. + man page should now have proper escaping of hyphen/minus characters and other minor corrections. * User-visible Changes + Linux servers with systemd which use the openvpn-server@.service unit file for server configurations will now utilize the automatic restart feature in systemd. If the OpenVPN server process dies unexpectedly, systemd will ensure the OpenVPN configuration will be restarted automatically. * Deprecated + --no-replay (will be removed in 2.5) + --keysize (will be removed in 2.6) * Security + CVE-2017-12166: Fix bounds check for configurations using - -key-method 1. Before this fix, attackers could send a malformed packet to trigger a stack overflow. This is considered to be a low risk issue, as --key-method 2 has been the default since 2.0 (released on 2005-04-17). This option is already deprecated in v2.4 and will be completely removed in v2.5. - Rebase openvpn-fips140-2.3.2.patch - Drop 0002-Fix-bounds-check-in-read_key.patch * upstreamed in c7e259160b28e94e4ea7f0ef767f8134283af255 - Partial cleanup with spec-cleaner- Add --askpass to ExecStart, so that the user name and password are correctly being queried from the user. (bsc#1078026, boo#985798, boo#1031748) - Use %service_add/del macros throughout (bsc#1038406).- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Do bound check in read_key before using values(CVE-2017-12166 bsc#1060877). [+ 0002-Fix-bounds-check-in-read_key.patch]- Do not package empty /usr/lib64/tmpfiles.d- Update to 2.4.3 (bsc#1045489) - Ignore auth-nocache for auth-user-pass if auth-token is pushed - crypto: Enable SHA256 fingerprint checking in --verify-hash - copyright: Update GPLv2 license texts - auth-token with auth-nocache fix broke --disable-crypto builds - OpenSSL: don't use direct access to the internal of X509 - OpenSSL: don't use direct access to the internal of EVP_PKEY - OpenSSL: don't use direct access to the internal of RSA - OpenSSL: don't use direct access to the internal of DSA - OpenSSL: force meth->name as non-const when we free() it - OpenSSL: don't use direct access to the internal of EVP_MD_CTX - OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX - OpenSSL: don't use direct access to the internal of HMAC_CTX - Fix NCP behaviour on TLS reconnect. - Remove erroneous limitation on max number of args for --plugin - Fix edge case with clients failing to set up cipher on empty PUSH_REPLY. - Fix potential 1-byte overread in TCP option parsing. - Fix remotely-triggerable ASSERT() on malformed IPv6 packet. - Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst) - refactor my_strupr - Fix 2 memory leaks in proxy authentication routine - Fix memory leak in add_option() for option 'connection' - Ensure option array p[] is always NULL-terminated - Fix a null-pointer dereference in establish_http_proxy_passthru() - Prevent two kinds of stack buffer OOB reads and a crash for invalid input data - Fix an unaligned access on OpenBSD/sparc64 - Missing include for socket-flags TCP_NODELAY on OpenBSD - Make openvpn-plugin.h self-contained again. - Pass correct buffer size to GetModuleFileNameW() - Log the negotiated (NCP) cipher - Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c) - Skip tls-crypt unit tests if required crypto mode not supported - openssl: fix overflow check for long --tls-cipher option - Add a DSA test key/cert pair to sample-keys - Fix mbedtls fingerprint calculation - mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522) - mbedtls: require C-string compatible types for --x509-username-field - Fix remote-triggerable memory leaks (CVE-2017-7521) - Restrict --x509-alt-username extension types - Fix potential double-free in --x509-alt-username (CVE-2017-7521) - Fix gateway detection with OpenBSD routing domains- use %{_tmpfilesdir} for tmpfiles.d/openvpn.conf (bsc#1044223)- Update to 2.4.2 - auth-token: Ensure tokens are always wiped on de-auth - Make --cipher/--auth none more explicit on the risks - Use SHA256 for the internal digest, instead of MD5 - Deprecate --ns-cert-type - Deprecate --no-iv - Support --block-outside-dns on multiple tunnels - Limit --reneg-bytes to 64MB when using small block ciphers - Fix --tls-version-max in mbed TLS builds Details changelogs are avilable in https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 [*0001-preform-deferred-authentication-in-the-background.patch * openvpn-2.3.x-fixed-multiple-low-severity-issues.patch * openvpn-fips140-2.3.2.patch] - pkcs11-helper-devel >= 1.11 is needed for openvpn-2.4.2 - cleanup the spec file- Preform deferred authentication in the background to not cause main daemon processing delays when the underlying pam mechanism (e.g. ldap) needs longer to response (bsc#959511). [+ 0001-preform-deferred-authentication-in-the-background.patch] - Added fix for possible heap overflow on read accessing getaddrinfo result (bsc#959714). [+openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch] - Added a patch to fix multiple low severity issues (bsc#934237). [+openvpn-2.3.x-fixed-multiple-low-severity-issues.patch]- silence warning about %{_rundir}/openvpn - for non systemd case: just package the %{_rundir}/openvpn in the package - for systemd case: call systemd-tmpfiles and own the dir as %ghost in the filelist- refreshed patches to apply cleanly again openvpn-2.3-plugin-man.dif openvpn-fips140-2.3.2.patch- update to 2.3.14 - update year in copyright message - Document the --auth-token option - Repair topology subnet on FreeBSD 11 - Repair topology subnet on OpenBSD - Drop recursively routed packets - Support --block-outside-dns on multiple tunnels - When parsing '--setenv opt xx ..' make sure a third parameter is present - Map restart signals from event loop to SIGTERM during exit-notification wait - Correctly state the default dhcp server address in man page - Clean up format_hex_ex() - enabled pkcs11 support- update to 2.3.13 - removed obsolete patch files openvpn-2.3.0-man-dot.diff and openvpn-fips140-AES-cipher-in-config-template.patch 2016.11.02 -- Version 2.3.13 Arne Schwabe (2): * Use AES ciphers in our sample configuration files and add a few modern 2.4 examples * Incorporate the Debian typo fixes where appropriate and make show_opt default message clearer David Sommerseth (4): * t_client.sh: Make OpenVPN write PID file to avoid various sudo issues * t_client.sh: Add support for Kerberos/ksu * t_client.sh: Improve detection if the OpenVPN process did start during tests * t_client.sh: Add prepare/cleanup possibilties for each test case Gert Doering (5): * Do not abort t_client run if OpenVPN instance does not start. * Fix t_client runs on OpenSolaris * make t_client robust against sudoers misconfiguration * add POSTINIT_CMD_suf to t_client.sh and sample config * Fix --multihome for IPv6 on 64bit BSD systems. Ilya Shipitsin (1): * skip t_lpback.sh and t_cltsrv.sh if openvpn configured --disable-crypto Lev Stipakov (2): * Exclude peer-id from pulled options digest * Fix compilation in pedantic mode Samuli Seppänen (1): * Automatically cache expected IPs for t_client.sh on the first run Steffan Karger (6): * Fix unittests for out-of-source builds * Make gnu89 support explicit * cleanup: remove code duplication in msg_test() * Update cipher-related man page text * Limit --reneg-bytes to 64MB when using small block ciphers * Add a revoked cert to the sample keys 2016.08.23 -- Version 2.3.12 Arne Schwabe (2): * Complete push-peer-info documentation and allow IV_PLAT_VER for other platforms than Windows if the client UI supplies it. * Move ASSERT so external-key with OpenSSL works again David Sommerseth (3): * Only build and run cmocka unit tests if its submodule is initialized * Another fix related to unit test framework * Remove NOP function and callers Dorian Harmans (1): * Add CHACHA20-POLY1305 ciphersuite IANA name translations. Ivo Manca (1): * Plug memory leak in mbedTLS backend Jeffrey Cutter (1): * Update contrib/pull-resolv-conf/client.up for no DOMAIN Jens Neuhalfen (2): * Add unit testing support via cmocka * Add a test for auth-pam searchandreplace Josh Cepek (1): * Push an IPv6 CIDR mask used by the server, not the pool's size Leon Klingele (1): * Add link to bug tracker Samuli Seppänen (2): * Update CONTRIBUTING.rst to allow GitHub PRs for code review purposes * Clarify the fact that build instructions in README are for release tarballs Selva Nair (4): * Make error non-fatal while deleting address using netsh * Make block-outside-dns work with persist-tun * Ignore SIGUSR1/SIGHUP during exit notification * Promptly close the netcmd_semaphore handle after use Steffan Karger (4): * Fix polarssl / mbedtls builds * Don't limit max incoming message size based on c2->frame * Fix '--cipher none --cipher' crash * Discourage using 64-bit block ciphers- Require iproute2 explicitly. openvpn uses /bin/ip from iproute2, so it should be installed- Add an example for a FIPS 140-2 approved cipher configuration to the sample configuration files. Fixes bsc#988522 adding openvpn-fips140-AES-cipher-in-config-template.patch - remove gpg-offline signature verification, now a source service- Update to version 2.3.11 * Fixed port-share bug with DoS potential * Fix buffer overflow by user supplied data * Fix undefined signed shift overflow * Ensure input read using systemd-ask-password is null terminated * Support reading the challenge-response from console * hardening: add safe FD_SET() wrapper openvpn_fd_set() * Restrict default TLS cipher list - Add BuildRequires on xz for SLE11- Update to version 2.3.10 * Warn user if their certificate has expired * Fix regression in setups without a client certificate- Update to version 2.3.9 * Show extra-certs in current parameters. * Do not set the buffer size by default but rely on the operation system default. * Remove --enable-password-save option * Detect config lines that are too long and give a warning/error * Log serial number of revoked certificate * Avoid partial authentication state when using --disabled in CCD configs * Replace unaligned 16bit access to TCP MSS value with bytewise access * Fix possible heap overflow on read accessing getaddrinfo() result. * Fix isatty() check for good. (obsoletes revert-daemonize.patch) * Client-side part for server restart notification * Fix privilege drop if first connection attempt fails * Support for username-only auth file. * Increase control channel packet size for faster handshakes * hardening: add insurance to exit on a failed ASSERT() * Fix memory leak in auth-pam plugin * Fix (potential) memory leak in init_route_list() * Fix unintialized variable in plugin_vlog() * Add macro to ensure we exit on fatal errors * Fix memory leak in add_option() by simplifying get_ipv6_addr * openssl: properly check return value of RAND_bytes() * Fix rand_bytes return value checking * Fix "White space before end tags can break the config parser"- Adjust /var/run to _rundir macro value in openvpn@.service too.- Removed obsolete --with-lzo-headers option, readded LFS_CFLAGS. - Moved openvpn-plugin.h into a devel package, removed .gitignore- Add revert-daemonize.patch, looks like under systemd the stdin and stdout are not TTYs by default. This reverts to previous behaviour fixing bsc#941569- Update to version 2.3.8 * Report missing endtags of inline files as warnings * Fix commit e473b7c if an inline file happens to have a line break exactly at buffer limit * Produce a meaningful error message if --daemon gets in the way of asking for passwords. * Document --daemon changes and consequences (--askpass, --auth-nocache) * Del ipv6 addr on close of linux tun interface * Fix --askpass not allowing for password input via stdin * Write pid file immediately after daemonizing * Fix regression: query password before becoming daemon * Fix using management interface to get passwords * Fix overflow check in openvpn_decrypt()- Update to version 2.3.7 * down-root plugin: Replaced system() calls with execve() * sockets: Remove the limitation of --tcp-nodelay to be server-only * pkcs11: Load p11-kit-proxy.so module by default * New approach to handle peer-id related changes to link-mtu * Fix incorrect use of get_ipv6_addr() for iroute options * Print helpful error message on --mktun/--rmtun if not available * Explain effect of --topology subnet on --ifconfig * Add note about file permissions and --crl-verify to manpage * Repair --dev null breakage caused by db950be85d37 * Correct note about DNS randomization in openvpn.8 * Disallow usage of --server-poll-timeout in --secret key mode * Slightly enhance documentation about --cipher * On signal reception, return EAI_SYSTEM from openvpn_getaddrinfo() * Use EAI_AGAIN instead of EAI_SYSTEM for openvpn_getaddrinfo() * Fix --redirect-private in --dev tap mode * Updated manpage for --rport and --lport * Properly escape dashes on the man-page * Improve documentation in --script-security section of the man-page * Really fix '--cipher none' regression * Set tls-version-max to 1.1 if cryptoapicert is used * Account for peer-id in frame size calculation * Disable SSL compression * Fix frame size calculation for non-CBC modes. * Allow for CN/username of 64 characters (fixes off-by-one) * Re-enable TLS version negotiation by default * Remove size limit for files inlined in config * Improve --tls-cipher and --show-tls man page description * Re-read auth-user-pass file on (re)connect if required * Clarify --capath option in manpage * Call daemon() before initializing crypto library- Fixed to use correct sha digest data length and in fips mode, use aes instead of the disallowed blowfish crypto (boo#914166). - Fixed to provide actual plugin/doc dirs in openvpn(8) man page.- Update to version 2.3.6 fixing a denial-of-service vulnerability where an authenticated client could stop the server by triggering a server-side ASSERT (bnc#907764,CVE-2014-8104). See ChangeLog file for a complete list of changes.- Update to version 2.3.5 * See included changelog - Depend on systemd-devel for the daemon check functionality/bin/sh/bin/sh/bin/sh/bin/shibs-arm-3 1676963926  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a2.5.6-150400.3.6.12.5.6-150400.3.6.1     openvpnopenvpnopenvpn.targetopenvpn@.servicetmpfiles.dopenvpn.confopenvpnrcopenvpnopenvpnAUTHORSCOPYRIGHT.GPLChangeLogPORTSREADMEREADME.IPv6README.SUSEREADME.auth-pamREADME.down-rootREADME.mbedtlscontribOCSP_checkOCSP_check.shREADMEmultilevel-init.patchopenvpn-fwmarkroute-1.00READMEfwmarkroute.downfwmarkroute.uppull-resolv-confclient.downclient.upvcpkg-portsopensslinstall-pc-files.cmakeopenssl.pc.inportfile.cmakeusagevcpkg-cmake-wrapper.cmake.invcpkg.jsonwindowsportfile.cmakepkcs11-helper0001-nmake-compatibility-with-vcpkg-nmake.patch0002-pkcs11.h-rename-interface-parameter.patchCONTROLpkcs11-helper-001-RFC7512.patchportfile.cmakevcpkg-tripletsarm64-windows-ovpn.cmakex64-windows-ovpn.cmakex86-windows-ovpn.cmakemanagement-notes.txtsample-config-filesREADMEclient.conffirewall.shhome.uploopback-clientloopback-serveroffice.upopenvpn-shutdown.shopenvpn-startup.shserver.conftls-home.conftls-office.confxinetd-client-configxinetd-server-configsample-keysREADMEca.crtca.keyclient-ec.crtclient-ec.keyclient-pass.keyclient.crtclient.keyclient.p12dh2048.pemgen-sample-keys.shopenssl.cnfserver-ec.crtserver-ec.keyserver.crtserver.keyta.keysample-scriptsauth-pam.plbridge-startbridge-stopclient-netconfig.downclient-netconfig.upucn.plverify-cnopenvpnCOPYINGopenvpn-examples.5.gzopenvpn.8.gz/etc//run//usr/lib/systemd/system//usr/lib//usr/lib/tmpfiles.d//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/openvpn//usr/share/doc/packages/openvpn/contrib//usr/share/doc/packages/openvpn/contrib/OCSP_check//usr/share/doc/packages/openvpn/contrib/openvpn-fwmarkroute-1.00//usr/share/doc/packages/openvpn/contrib/pull-resolv-conf//usr/share/doc/packages/openvpn/contrib/vcpkg-ports//usr/share/doc/packages/openvpn/contrib/vcpkg-ports/openssl//usr/share/doc/packages/openvpn/contrib/vcpkg-ports/openssl/windows//usr/share/doc/packages/openvpn/contrib/vcpkg-ports/pkcs11-helper//usr/share/doc/packages/openvpn/contrib/vcpkg-triplets//usr/share/doc/packages/openvpn/sample-config-files//usr/share/doc/packages/openvpn/sample-keys//usr/share/doc/packages/openvpn/sample-scripts//usr/share/licenses//usr/share/licenses/openvpn//usr/share/man/man5//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:27882/SUSE_SLE-15-SP4_Update/a5987fafb0e912df8b6d987d167bb181-openvpn.SUSE_SLE-15-SP4_Updatedrpmxz5aarch64-suse-linux   directoryASCII textELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=2eaeb523e9f75f75acf909305d38355c1277a9ce, for GNU/Linux 3.7.0, strippedBourne-Again shell script, ASCII text executableISO-8859 textPOSIX shell script, ASCII text executableunified diff output, ASCII textAlgol 68 source, ASCII textPerl script text executabletroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)R RRRRRR R RRRRR RR RRRGz*Bʦ(systemdsystemdutf-8af0bcc75d2dd8875827d13b051b0043425afaa35df738b5e1381216f7e5c97e8?@7zXZ !t/K_]"k%w!n.SET&b=;r7nbM5R[%jj>ҷR ȵv+Sc]E-,}c &ǻȳm4bdF35&62>A>2z=7rmIs;@ h;y_7IC*Z/hr[!:Zݤ(uLn>\`11:E޲-1/lzU羬9*Eܶݪԥ= %yN.{RS2MO$@}}/2r\WE6 ǽ+& 0O͈bMPɥ#bhH? YmSl ȻQ| + =+8i'FԮ#XQI)Ye!8=4?`JjNo=c_ h8jS vg1R ecGh/7' "༨C߷/OT BQ2Nyc7$lيfٗ}`UM )ma! ԄfVo蒑Q55EqS+2= 9י#졶dSG\[3IR|O< &!)]ES\mFBТ#?d}Uv\X%lmh90,3V(B0?ħ^* DdE.~61,MNg`b 6f8C8xԎ:Ƈddu#ArZi+b\n]hUofR8 Lya8ng-,D!L >{x}j\lw Gn)GI'5#0lQ\Q`ہv^gVoZ1K,"Uvۏϟq k_+?Rk{X }'Mip̲YJLd&Q) ZLX!,U]$+vM d(wb/2;sG@ٶ-Tej n CH\VcRa(-V' b1$hCMKϧ q߸MWe՟si!!7C0𾤰8f:}-4gh4߯}V\twNM03#(>pn< SDnTA#IrFٟ3B)f寮dVN">&^|2غR*O"u}N`L[{d 0NWKd@Op]9q[|ٳ6CWr+qN3M[p9$mĔ)x.D2tŲIN3t%R+V׷xh',$aM;ok-SzTe+^VFI! %I8UǓA2T0]Nw~%;;[=&X (HfmAU`:`q nD sP^7G9t< }3-y_E]8Wzc8'3Sx2n%ӊFwhO\TdL8#~/d?pam_6t Zp}G ?8! ŇM /`sE`/}C.[E"8㱷[ޓ=Nֱ|{H!Ni¹њmNV4QqC^|eU6LcxrVWo1fKR$n/k{Gd #s_#g> `Cmԫy\ޏzm:fooEW'%2qJxb2BeAkJJfeLmEVJ]I_LOL\&ki:,*;Z"瑏WB9eČAXO=/&nDPgF\4v Ƒc+ʠUk/ D][lV=i2$ٜ ^h߸:t ԕb`UYxm)ɽssQO>ސMry }G[f߄JMNFwնNp=㼂--6M^R$J&b(-jsZΆU/'w"X^$_5ceǟEQgLW[anx|zz0h\F6qfy A[Ck6F&Vk˨i6/h>ƊĆLC-̎r77y0m6t+f @(-t݅WJqC$=N. C5^G{?XU3ػk!bhqwjN\̒ー=[G&z[:pњcufDMlf$m5VZuHiR Z=1a~o ;xo\]$tA4&P: $I&f{|<䥠_lI|-hqV^E:8πH:fFĞnF.UCEwmc9_&+Vu9;9vq5\[a:ʣqbk t=R+1N~x}xͯG`yg.PޒT. RΰB̢qHuH4 kZiMmq.P_Wߦ|Nl1!9M|xȅxdpޙ֥:ςZV0t2^kټ]^SaBy 5Kv;j^ SE IxT kP{:fC7]Vc6 u@~W tsOh ܳ$FK꩑$ߒ >{sdI_83RRϮ6yL7ߖ *p*`v2SMDT!= dbp@T  ?hR'.LDk;B`q6WR8Ь*_g0B3 ۘ=Y,#ޙr{€+; 歊r;BlW"V$ğ^ i3;ydN\V "i+^ǗI' ̾E_HVT2i94@߰G'&حH8}9X(3#]Eڵ5 8y=YǪzZ]ٴ]}XrNxpֈ:߫U:5l`_WjeZ &Lj8Td%Xք:ڵsbaP-`MG>ZM2]l-iND\C&g48Fh"V}xȂͶ~WJw+>L C0'Y/q0+Q0uײ/[o2Dod>?2AA!0!MVOղ s1@]~ib оtW'nFd-3eHRiXwM tA2RPOX6<6ڀE@b5}GH`9U/H2v4[x{Bqǎ)s2n(ƺBCs K4oګmJ{Kd_ʇ* FRأ)Q"lta!k%b@LDk>\e4aHfp+Ǡ:$ur-sej5”5w[KIiP_zA)cJ`!l5BX]NT $RwLsZI7n0-YQC#[j4ji; +?ZWt-Z_5p}0V ;1rg q !<[dveۯG豲 E>|yD4K KJN2S\r nfh# }=nx{R$b1ݷ`+Ŏoix<Wgt>;xSRPq}ƩIM.\ڌ1<52E)C]Qatd 8. 2m5-ψ^d^}G:.k6+2-hyb /WO2?b&f% TFVV1:p9Q&XVM Ѫ^_N%XB =Pbn1O>b:#sG8 _mSz{4WpN"Cd US}sHk-)3϶fOpGX+ՉkBg= Q6y ODC.Ƶ,P*&!k!)QL) @ h"sRdȗS4wGm04wmaS/oI;zҁ^`:C_ps9ht{h`MRu{۠W }VA3Á,/kUP=Cr[Ƒ݁ƃTAnrZZx1f"f݈Q>_}Oi VlA2DLh1Δ}l'K{} `3RŬABt`#!MND ǂOd+H߀Y_+|dv@?Lf(pq!-NH҃!#3 Lb ! F]Bd f's_GVR[l-]o^Z~B} FZQ&ߎz?E>ח68#FCOlܲ{&ղTjgg<!P94E=n} WpfB9/C~E"Sjqxe/oMxrʋ-WŇrCAYE$,z(GH{犠BFCjF{.?[mCJO`GqnuY?С(FT;Ou xczåP{(tޕ! +!Om>} `k ղ7LQ:a0`P+[["qlX/FRYe?#Fans]Y -ӷ$H⛲䔱jdWox~2mV tWɌFh6^s-@\>3f[|P,ɶG7z&/3m.}^ըset .L2UnW*4F^=;)-~oy>\9,Z<γog k.P'0Ҡx`!mb]g)Kcd6hyX6( xvo#=_WρM0QiAfe_@hU]A[rhYU"}A]䀈ĦeGʛM-եK M~`eDuG'TR5L %xe +ǭ]j ;j?\ /Zqm! )0q#%XV *Hy;QdB}.ϸ;ӭm3(VgukU<1v>uxҺ2+o}g@092ڸLB3: {YRț p[ |mn $Qu;N?x-ғu +B#" ^b=2-e㞠p$%3G6xS{Ye#2@"+\8Wx$0'C`y kNT'\\k jQ0 5joz0সy0aJ& s4E{"!h2{ʀG&ٲ0g<+ڝ8PPP3M&C]"[Uwp͖o ph{7vC"5J!"Xn>D 1|۷I5eӡO691h[X֗]ZMx uѻqS'7.]a"gUű]~uwNZKNˏIV0ɐ7#nzïvJEq[c}l밷P_+拭~}|Ewv-r lQcp6bXJV;?PTxι,6]˲Rl1SWHԈ1r~$XY6 sͽ Bc9C33 m.Z rm sU@kQXt;n@¥d=ttqhjN}Yt"'Oy pjS NCX: ?~q#Bq1UY&wZvGIL/pyOˢZ)^ )WOhE)id™qۇI;[&/? -7]K?..'Ԅ%Uwis%Q)Cy7f aXB`>ĒqjY8YÎT[2<^}Ï*@h%$Poa sP8!L ~!5xq]Nˑ$ˢpDuy{|Z ęڵ=s޴P-e[^l8߸M]7y' a<2uUTQfXx\N2bږ90 Tb\vJ$WtFwr;q >aX=ݸig-W+l>ֽ0EƌʘvG36rxY->;^&W:1j!{>=Jv̲g 3u3OyfR!#chY'_ Za 2V}(L4B f`(N9x OZzp#EN>8Xl=_*&D%6/OkEA73^LН?Ki.gE] Kii] ,ME78\5|@5 ~t(e05(g(#`y>gP2)`OWoh*b R抄m|\v-6 htςO!$9_V|XL{2 "2[yG!È{(#˜ը7Ra#Ҹ+{,Ixm)c!?]>gULPYXfQr 2[2q=SA;:Qb18^+(AES<R^;ZT4O@&Dq+IO]a2,),hG[i\Q3ŃS(8E*شy\joPTT(> eȈ kPh6CvƎ*SrJd16#x}H%0.P=Ǭ6;b[P;. u8 |IxBs$K 2Ǵ%+ǢI Sb[%i],~H[/.xW*+^5ىk,w[BK61`1L-:rG\ Λ}?}\y!"d] cSpg)6?- _*B\_Lp+zT:,ZV I#ǤQ4fSE==$9WUt'#S=#ZIL4PWFܿ hP!4T_uYrltd~I}=-)s(wz)aB68%O `(6an8eI$2%ߞQ`DwOtƷ7il([X/E%17@ᆻ| :Akz\RWW  T_hݒ0N#O#Ќ:ƵAÁhhZ~ņ:GD0Vu,wx@y7 0iD%k8i%FIH2@kNjU!\Jũn4kZ/❳(Z-wirNltqEzл+UXؠOh90۲-fvTߒ(Wg Ģ@Ox1ȵSo̵iVpt0Քxm#$9(S @2_z`5z8[(G;?NQhTW\KˊgƢ%WXDCA}S>Eh is(u"C>4u]Kbtf%2K9,#*rBY>MU̩\wC[xԎhHX?>ܲ'cS7QgѤ)惜R \YHrj|15bI,ς b}l7UiȓwO$<|遧 q+7/-.JSq>O=ꐴ ϝse 1SK}|A@1 pBy0ɦ#b,y]wןDB$9P}O1t +2 @%}7nsYމF9Smd-UPcRH-뻆F$~̃@Gy˭ QJ1ݨ Rz h b4/G jVYfRY "ةA[6 /`U`c:["WaG5o&jpuo md} sHd.?U\Ip< %(\8ؒ e`^3sv;A0Ѩ̭-Mq_6rIw]fM6E9oYql-mn`iK+h\n zlMCau/wKč\gt%9H)ڷPɼw@v]Meƞ?hHDChfL-ӾV~.8BoY"ET;n9>}߹Sɲ;)åބP$S,iߦ8Zn LL,=/[mv*G䳈J> ɽ!A١}=g_{}%t4VxxqjJ`^햑A=E,?2|6?^|\]O9vcד~p Ng>e?/xzR&0n+ΓB>`-`@x(, =>4=@\\d|\Z{akͽ7y1Lo*&)}pz9I%" ~(Cdt]x9#2I̺)ݾiDT[ 0P(v_$oD ɱRt MId[>XX'Jܬ_>P`]#0OI d!|uWn M' 2+my,alj u]2س+YvL:g)@`DY(%o-eQ" n:!Fט>>xWɗLb  ~(+k = ,&Of'b *FIuNN\ڀVQA U$؀:FM!ǿ+e~(ZR6K5Zk+PZJO W|hɘxjM$D'A[i&rq?Nb?2=',<'Ux8E&]}ۨCGKe v&"oSe& GQ-%HM?Z+E4 ؍e7tcGtÏ\6*Z<19?y–h);3FykT-Mi}J X#G0r2 ڡ!',79TX2Dwɧ"p/, !ױH? -j96!9荆]]CcVwe<AܗG#P fC_AnSe^'Ryw4[n=G儁V؍W14K?tcgT:qCOSB'5AliktI*Di(EQꮖ[rrG1OE [ř4KZ}AEr{b9 ̢ٸRXd|~B1 7Â٭avO,Dc%sn@,Nq%6ZFG$U 8sI8ťHH'*r@Dɇ/jݴ1C8Q7 xㄡsڧ0JTO2?n,_7p  N8ݿqLK7Ov-9#}eڗO;F+s8d27vw4=uKd#? Jd`b6XNϪމDN[\*7Հ,QW_ wT)k3s[9\e9;L}eכ_@3RpPc~CXH<_>Wzj0usl9:4%xvWWEtr=[Ћ o?h}iPRUw;YrG~bSf8h2; WW{V0MQXٔ7wyb,+4nȼrtzQ(Puxtޒk \<8R01JXrTz}>9z&9\.bF$K})#%f~).-kl9!ǟV\"<JzGvl F^z '3Wt;xlgnCs(%s5zPFevJ]Iګ@ez ~%6#t!P] Uw)]16Y̿solU9or,Dz {ivYALFT/)UPy)r ♘"e? պDNmLO~ω"[8ӽT!Fs-lR G76~:;rv>!2:۱wj~p}-`Y2tp~!N11O0GF8%" MT(8%DpxB$$p<3оR_9=rg'/]%ae6;7î<*F.Ȕb_+ssHILU))} h V)MZgꊫmUlۼȋ>myНU1C6iA3QD[44pko\z+]laF,JT 4dU1W3~,;/|lN ~1W"PҤ&Dq:}/wj5Ӷ6̊IlI )ݎ('Wǹ= &ؗ}O\쉪"CrVj~hFy:pƙ+?Q5MحJo$OT{|{+$QUi'C=3IQʈUaa#ɻ!Y_:[ϛ!ȭ[.LR@e,q\{p{KR7#@EuJc|=2rtly#m D)U 8I @ :d)uA1ע! HĂZRxVmؗ}68ZU^k%8P2A$L(Yda$ O4 H`FLQ:S.rx"I5OP7gui'n[ %릦uf@B<>Ea(*< Ra)wyPO+;>BTSʓjI$hBGVέK/Lj>7fdkWEA}2 A¸8z1ލcqbMۋd=' Eg6uв4 *kuZH3O3e 粽E36µ.`(Mc> 6ztǢ4- ^`^ޡYk/RGUpc0iaTG (t$Q1zKSǐbT9_um eI/ _Y>!la zZ lykө)1_jFJuecJ4u O3!0oҲ U`!k+cqXa{izoS8A;Z_G[ʌ+s]8%o~O3OwFu ڋ2l)[ t,+YS*}3 Ku*2Ҡ.}.YI"Kb8_zD C{,s V%3:PQBwŲNoP_aȲom)@K۱[s3f\uܿ2}yW3L|pŰhKmڦfliU-R4̀iFJ)5j?YL//iʗSqglyE>rji2'œ FFDB"]7$Ut ER%n,ڷgD4TH %Ԯpvt*H9|PGƷ?X\ħ|{V@ x$SYzH|v'moDeOO+gMת2Cj%oВ*aFKݲj_#婮 mcGP$WR3e|._dY[#^%9Yvn)&]99P!tLOS򍎩 `FoS|?xM(L.n b9r)6e&RH}.~aVr1$eGE#qzn\&~r,@/Q 0r/yOR"W-c אT>UϬ҂wXU ͥ3$O^V3 [CzgjT[xtx{@Te:WnChWPWnv+`AS`Y(w#``e}:> rѿ2 Dx]XpX\.6"& 3ďe V|LhigeDc%0&nj\*^x|{Uj+Y!#e wQkvݘ[ MLg xG>Pbv\Jo!TŘdM}3v!lFK p~=<"{Ӷ"B-£sU4ŽmX+{TŸb2kfE^Gymô D y5~Mdp &6R+$dX[)4-AĤ;okrOI4?zzle *uMw ݵLN5&H V:֦`NB"ycVzc{i$mdR8 93_戈"B|7tTҍ4"Ƥ8(W%L쫊EbxSۆ=RuN1|.n('GjWVP ؋Rm$h0u.Td!c1!ꂀƒzSjnw*)8O%F 9.y>!^Imr)0 JObt=Dस~j z&O cڿD($ LJ_eMaH+@I )}8&j/6ʕVssmTVϱ5$ *r#:m蜨 !C5+Ay0p@|kASBO؊x(%\;_!7NƑC-&igeXc = ƕa*\ҏ8ϰEwff@FnDltBIҭ.6!ͭ-;orؽl*I]P6E'Qfhpݚ!V S$9lS3 c4_5GHUe,K|c9-GKDTx:*Ǚ>zpYas)X43:G%UkpRGak]WŊ?zg^0͖z>"VTCro#l22B:%cFؗTVW+$P@DY ֬˴IOy'K nvL޳R;<1ז@#jOBГ)v{KwkntyY55$lw20ausr8v x:^GztJL~ g@Mg`2owfd Xa߯+:pLh:7jTq>0:/(^KAw+1"XH\Eh6 <0hI|!G``+s= 驸XXn(.{w'Aluv91],Ux0m`݉Jz0pY(tD qai~ĹIby#z;};W "8 /#O68wiJ0~;>ܖ;U!ٮkY|Wɕ\U97C\KE^;Kjf,C^zO n=hڰ_ex#"xo:9q}Ƶ񧕞+F Eڢ3nRө.@k\g,@5:jvΐFcvї|@vYqAwL0Fc_')ۈW>B *$5W+I! 3%N\Uٽ nO<3U'neG_b#v-8-Wu2U9M-\Ee2>vYs.*c{菷yؗC4rdI d4h/^A6ɨv-qg}OtwXLgvoՠJh-mcoڜcn1J]Z<? /~_T+Pj]ݒβƥ߲Ӳ:_z%>J m eVY) _XoH~Wi?P%u1|Aܺ[y<&QPyï8MWb~JQQf>NԠⷦ{Պ:hXC0OjtHfo-+{_`2-~)0KIǘPCM,SY:*FKTQ׽J#vE!4:]+svy9Es'?a{9_ݶ3DΑ5]dŹl 52 ƄII:`&t-(tۢʞ( tFMmOvѧ B#e|=`AE%~}GvDg" Г7G*6QQ`$ܤZ@@W/C+_3fLZRL*^$d ٘Fi Kc`$ݸZӼGh"^Y{!qSzLD /4ᰄ*Hx0~t/S;kU-o/DX{pPkqJ1@bi<0 /_$@&AJYi q g oN&xpPC4 r[7q0"Ze؈des;LypZ?:VE܀Av]:J,#@A/]ӆܥpQ ]$0pZU߮W1'Ywtm.x;Cؓ.:(.T&LyO5wyo} #WARTgŨpƐ+3j?֣mg =@JŇeBh ڲY{ڬ"KЭuf,+Ģѭpι^Sf;lbY 4W M,١QKʉ v(x]3~a,fnn&g[1z C)pbf(1 4Mcm?=*@*pW'geLܪf+2aL>z2afSau]u75%"*&^cpV1Ђ-߷-#_f1\z\JjORT0?aT P mf(&Pc\졛BIKCr嶍3 PQViyֹ$NKP62WU$mG\%1>n6&ݙP]+h-FKRݏ}t`xWkUֱsz+T;`d fUE:S<"N|,,OӗS;pq``]:o!h۴ ΅:6u$LZ;u UBB0}ؕ0awd_~ZDEFMZeZ\1'^CrŌ2wnJ逛(#8NFH&hT3/UW?s4`(M[ډ;|Fۋ@I$A|/7s1vgٷsPZV ö'2C#mI$ak 2Tsq젟ކ\МH==pzrWo'og>ꖒ2H}Kj"ne1//h?u~nu Ÿi To .G ‰ncl[J(uMPGHzRx%߹G/$'q:=b]/ƔAay[PG>IѦlȣߔ!bqMBcsK?'"v=rRM"p b¸C > snB'k*o\ (7,5W_'ϗ\+KuIoH8bMч daFZw%-G(m@܀Tc 0֩1@b6x.J[U}'/3k)E@4*);Jof3r ׏':>)FH7[&bra](vYu⧲Lr;k~׸Fmzٞt};:"dtal< O= ĺ–} ᪡)G*XBngQf:>5wKHx;*>$!:fR~b nuxڭ;qc^ٲv]]+Mw/{G<,RbNxx ?'ͬe/1*+ +8v*󤺾Ҳ5ĨۖZ?0~n%#79f,"OJ Y&%<#l5+vxѮZ jϼbm2/iKlgj!ؗ/ cZuyBYelo{L築WY )Zo1X&2ޡMdEYI}Mׅj Hv'1YPdt܍nO_fe{62&$ڢ>$ HJ_@H X{b#UY,Gi>$&9:45"@lcPO 6.,L($.vap|l,Uָ4g;wf\xTM̩_n$Qt de*ۆoa6B>Vz YӰUK> -MSQ+6=\doĤMc[Q੘X;7մ r-)~M@Ǒ)cZG/13E#vgͶN׏­ltC R]M(WLHw mݪw"ICuCIoj^ƪ( ,Z 1?,qT>ZRKC-ԋk#PUm-7̢ߐ oc݅G=_ёǣvQIjNCi*=pa6I4ntKi/cuFiF/KwK29g,$ЭP瑰m_cG/SZ41qUp2houzz+}YRy=] I*`Qà #Hǔ$A+B,\zCTwD^|~%bPc-~!bt*NoEAk[snBV!Ĺ-텧KD/gI`i @GB&]a{Ėy2݄vG\lrG<$9sd `/@gvybދ|NZ&K+÷aץ4_4P ԦA&7 IdgwTO4'nBJjk#Q8fg3nrŒdCJ ;Q{U~\xk‡J8y!k_MH#r:ëx@IKfZ|ªX^Xr_=W9Ÿ|ʬ,kAI)9]īZBD$ nu!?N@t"6ԯ{0d,$$3C֛s1(r(܃ $B! ,t<뛫 I 3*7 aEzA"Z*YȧٙYKr}ǘåL&1YYPRr *= {R~  CaX"xmYQ3p6i9ř{7Q 0ԞXpߵs&Xh8Q&dtu"x?5JQ=D x3pQT}]b5>ȺeKcQnou9C:!|%Δ [3Bfdu.DŽ^l_bC/x=,GM7π9. #Sj ԉنhK,dhdL9b6ruϜr g =!vZrOYsKfs׃á$L@hL00E#gX JNFqUL?sslc;cwdgZgw_r W4DO׸2Ǖ!̣"r 0^]}WigB.sT"C2[ijORn4E1(ʘ퀽J*ֻ/r)Lg@GB Q)ڷXF;^Vnj+PvrpWg`)1=jDzqћHUK&w^{ hvmorT910sh*=oߓԡޠ:1#t1y\) h:2ƷZ\zW"HRP-.웲H 5T\t]5 Ʃ'ŎRШt}vS|d,KQBgGҹ s K>>jXhsLʇg: #1ۿwL(_\cm:^MVjt4(, {.k*S)cxjgDP0}M6L1gw],buYxpN|ٝdUxUvRe' `a'tZ LFeE})PYC6֖AKQrM.-<86/:xEH梨[Ԇ &+ +uŖ$YCut:뼕G+|D{ {5IwPi96֣AVk=}KOd}ލ `G֫NH)ޛh'oH7n~ V#1HUhAG?XGc&hĴUA>h>[Z̈́{^KF T> IM Ж7G;q [co|xeΐvDPaR$3܇zS>wݣ;=ŨB)u,}M@}sĒ RE˕4P_:afY|8Ys#SI2U_WHj9cڕ(sX}c<)%F-]qB2yad;xчe6'!W->"14NTp_:*ӡ0\RAEv$R%meLk ]8XAtcc&@BGď+tNGϪEd;~K Z9-<)t{N^o %1c<\4+`<̂ vcoM+kncO]!5MSSځzI}Zi]Gi%uc0i&S/'ѕp;XzV|r/$4_M^{Ʈ:^-?Ǖ[(Y.-ьZ#oՈ >IEzB6ގLAjes.󎬺0t׋}vh )''lѼgkٿYjS7%l וcd!ϡ?[S& ,}|urC;6(MDh2mfs7 n[ vt'` .LnzA[y.EӘ@MzNodcIvly5^M %RןQc  t׿VOw2+PkGRUo؈ ~-pGq~KP O$1 ՆI~[{+>4WnqrW%9ߵ*u ÎJ+M;1:ߢ}_DV> %c95ZOjQ~IJll}2 %Sء2,ܪ(#*(mWYd{YxcN,R''R^/@-86. $9~n(%lһQ6 uXq`^|bc_pz69T@ɗRjqG>c _WbO+ȞZG8yəf@K%JCbn IݽLLZls$5:jܮWӲOo __z 0" {tF%{ڷTJiЇsE+3Svw< A))fŵ[GCqD`q9;kWc;k=&9!h~ci4Dz!3 ,{qNe~mD R>[٬GX[Ϋ0ĉ䭠ME@cx}D] {N%zf)IM@v~ qe`2ܐ17N<9arIXyg%:e'xD:% 0 K9ӵ=W72 E,IeiYkJbD薆qY杰mjԨASqL @u~s&0br}7ΊX|| &N;l7$Ĝ3SJO_eg=HgXMq+W4f_p #ߔfQ;m\qgcnt}qSOO ch 3F/pb؝yM)ú%cI& Q(v;1i̖qm!xB Dsr@?)Ȑ+ɱcpF}0t0 ua+%@M%qs1*6Nolɞ W _!C@߷t9Jz>*T5 Z:s!;#`7a,MYOyL734śǁZm~E:{Q^h9j>t1u.*}׮ Rή @v)*AZ܆'dtcLtC9A}4J-' `uȫmi`o&(CZ m3FyaAR)CWH~I[ >[+IrlP_`-TZ RnXO,RvJt?m-a- BlZaNLtP T%:/\cUl+o1 j%nM)d6d0Uo{V7+7"ɍ$K [4ycn0sWXBy册 H%-zR{gG3[0ŋgDT=R5L׎w]lS+ˮ] :)6d >!0XL]i`Il<&:Acz^*UN?iU ľꢁFq"=xK>p7oOHoGs2ݓ|HEuWex>*EپȦƚ)z-eB! F33!p`ptѰH1uȴH<`˴UX B8ȨӰ@U.)kq+ҕ 0n8ZH /^PKEL eQUdmW/SaY*2긍o7[=IL2 DH~l'qF)Zѕ+_G⚼~P\r;aUGYo0+OvO~W(W([]b“ HRjF.k0m&& TfK8]q)8/2YVI~h5#, xSW\s=]3d[o U%lT Jusс_~8Uzآs2Z& 䧁-5LF-Ҳ 5(N7\O"ht_k9uea#+:9E7#=}lD;i -xz-UȞP]n= LDV.){d!aܘe?6^4j$_s) '&ЀTgSE'x4'ɾ8VOip˥<2S='"(v$l+i{6w806If;iJo/^3_`ŚsZW.fZS¾h'\4.ކe{t[ .%_kzE2$zXss%Ǒ`~A.b,Pa/"y䨭H4SbO'ЇKny©4a1<˿|CTlwل@\ٗPfIe3^&#G=DE]ʈ}PQ։ "$͘X{B7fŷ2'l>ZC P䎒 X@ ZVy[46Ssg_(_hmZ݃CY%hO1(-jS gPR,&yߚt!ww*'kI-xEU~1`f  *9]7'mw緇Vb§R18l55YV1LizVun!w vĨ WZ_'bJ^·yz!; F<.UG53wzy`Tݜ/;itx%ξKp͓̞5PRR\`>kӼ~^V}3Ƣoc G$ﮦ( AmzӋH_͑;UΕx( ?h)v~J`P3%0&={LBjr5EN4U!*aMz{~4m?餜녥7{k[ r(U:lEV@Dz]8x d9:嘔 @/\zPra-I5r(9.9LjwUzG = 4:\LaHnjuNWJohF9]kɰ-KC}nOr$A= @oT Cȯ=e&gK\ ((_P~*KesMQ.̥7&+`03 g}aoSW,Xjt-czTJk%gCbJS`W=ԭsl.qVeHh ^5o4_ yjD]1Md5FDsN︴rREdJE?x͓/h/$.bF~7BϑZAB Q*kZUn,bnK J-Hy3\8kVCj/Wu%ں,`(?\PS}qg3 ZYy4koa"W%~)0=X횯S&:20wu(Tijy8$br{T{JgHL7m5iBz:Li>>1/(4BCZ{'kyxSw@S;ۯS_HΜvJ@':O[~ vtm9pj2_Ql pwNPRt xUxâN`|WɑbλQrߚ$ANy)yƨt8eݦC>wD+)h-׆0Wk@w8:-/F.2w9Zr}LI8p1kj;~^1-ޔ)s# x@U9YRӚg.gH3*(z6Ebyjѥ]63\HF%g(ho+*yGJTS|%g-Oa{Yk1e\Bl,*ƹLoKe_5t'O*m#4jC]䈚pj-3rBN4XQQ%*HM]1!l,:άT\~>6p1DM'‡ڀk{^.˽my0mo|Td:_EҊ2``g{(|:\*XT6 L|~># c}Uwq71uh[O{ a[id*U(VQ8& C?8™ *G |u4lTʳy98:J㙯SMJ\m@g m5hNHуMdIъ]u8Ku~c}"$x1ΓB!Bi*@+KBCS 8puD;zdo44)^aKPq~DߪNWVcא&?xRv(2Yx"F8eNH."H@"xD_wƭA5v/c_*-. oрi!G^& fM+?O#ZA+]gھudy *3EV+5uo(s%x[sIPV#  TE;y؊UtGxu~ui4CYe&q M*]!7teZ67б*axR*0*R {]1QAӸjZrѮ(uozj: MըA8D/̷zQV ЧveE[5.fM-zgS')(Q,h,Ixd)t[@ U\;.cY(Ջ'$`]ʯ]PoS5tڳ`{-7 wLܰn%G |R:SP`wu$cB!˝|9ՏB8B >"^%^NFi%Zo\;y MQ(1cAw%/Ͻ8S1Mqź4mb'j\q(=&8%{^H2LWcAvZ0NNpxzB|s}GS΢vf_ӢQV1䐷ͻV|eS3)X1}k4n) p<ĩXFZ jQ ;@E~} n$2ߛ:MZS"PS>AeghX4εx2LZ~j.gj;3E,E^/$\f-ƺzNBDS[ :ev:3;7`4 J*Zm(q!H56q+cKY ~O2ҕlu糍|rd ؆W|qB.\t\5/x.9wh^ôӻ:kͤ\Vd-V\I}VBCi˼7hNtrnAyεX'Aej\/>UQ6O`&%:+ j%Xa0O/PBZtHjO 包i@3責R"0v 01](]ס:ZV#4C?Ii5@u`d,֛`]-VLN!崱juJ6|=wDRȆ\dO\|%> ouy+j!O)&;+THFa #T+#Sb00 '>{+ȇ*yH5Q$ԊhEga9,B^3X q[%n|> ic,8diPH;GKJ]EZ nۇ?˃%8f@~Ք#u7[fʣI3rdBݬ]g85|8^ekfNeL\|j hsV/GaY<-M4`wxrQ#Uyb:9=HX˛ D2\~ϽA?+M5,x9oϒ`lL!:x?Q8M,]9dO2G9a`lGu)|F)$!?7'YwNp9:FRI/`gn];zzOߺ|9#a,5`cA,]ߤ)\|ֆ`4Fõv;gEp0e]%iY[jL.זp==WPޘl#d.&"Ag+$7P} $ lCӖ]v!hF+7E,I4 fRRYYl[1wfT7qp@⿪Ae8H$5ٹߠ'<|nk Ï*'YD8=vOteGψ3ii܈ȘQ ¼Hɝv62댘B;I;Wj-"6J*}0i=N^}Jjd'Lë2(lcpps=xw#uST#_>{sS5f|d}{VyzxƂBjөtQeFpAx,kEXexWf#4q\ i>{=[*t'-x!b3~f.j˰K K9;),oÏ[0̜ R"u^Zܧ';q,6) n|vU)'\g-) L+߳enʆP :Mmfː P"促7ES4CslZz5 \#;\T5=p-~Rx"Ԉc GO+0WW)|x{8o /hGKz(Zi{f# W4yy'H/xie?H~[ T5RC6jvOw.44m>/3S 0x_0@3xL-Jiw;xb`J ¯*t9lS,|C}d *⥨>r2НZpT=_E3ZH5L(~yM ˘n&LWM7_}##χ/^ ~Ds8(ڋz텝mѱq Qww9VyJC\c!ycck"uH5>s&iWCTPL+`=HxY<&оRv"w1Az;X+"s\QMn JR9Ʀk{KQyg^,%@MKX=(M{?_Ԑ V͘HS#>F|C#kB{{‘ J*7z%F(r:+*enT58ӨK boX-Yݤ?訚uQ:zZ)Bwv%E3QQ3tUr {04J-o VwTjSiq&@(?l+KA ^! J/"lN0VSMHVbD0v;Pվ~}pG\̲ӵY6 ~!+!2/jij5=8 hwG[QC 4ڄBf /5&S?08ⓊS"SbюlkWW::^Xq|-7V%<'0<\mc+< u= y"'1ɭ5{FrgME҂#DyyF:8!?δc^Sq뮁iNޘ=}6Ld3:&4Rj ؋NS8wcM/POtS3\YH jxu hEF6D - A5f[i] p`cD!Jw][gjIu+WM(e=3c5ϳWYM}Ehxi%e1E:U}|x3Xx%z:-(ߑٿk)hQZH; pA609u*P-8/f%X Ol;\"w(Vv?#÷/iIX^'&d<ךӦV z}ߔ)N(7 fTf=BR'kwBA)P:8!ݝJR?8%X{#4CEY |*nLmu}<8X,_=vGP6 AEwx^R5InYFf[`@Aa _D5E%q@E{m5S^*pBo腑0c k ͗۩d]~@TL6:/X7X '`QM@V•`+=䠼TM}k2(txFh6m8tPؘkSیXptCCPSc%{, ~Yo)ju PN$Q0kGGs= iAѦ[oCO$`P'> >cRQnYX0:Uݭ<՜ۖɒxhR)Ҳ09N.j'B"ֺ(iTzQ%$6"{~?*ea)>Ԗq0zڴK0X@w:"*[5aaPUʋZ4תڏy'* #C5J7:w}Mӑ|/*u|$ͷF>zS]0'Ǖ:QL".v }w;n\?Fݼ}1QN>8UO QB0_IC9 -(ՖN<`y|,jھ& +&7|`{$`jS00]V0QhS("X9)u\^~WG9a@S. P4F^woG LFpUi{Camdmn˜"t5#^i` D8ި-IQ=ĥn?fl,єoիͪT.$4JGML]!xǹ;~W_ȲuN5HȨ53oN$>TQv0GbO`[`mqUͦ(llP*1su8 V~-*bb~$AgmGAHf3s ]JW6DҤ MK%^]@n>l4R>p.WcQVU®tI @7#9=A"E uvZC'`]KT}? CEN*SAP0Ss0oeLebQ:] ]5|"b \$ `|o4Oa{{p Úתj0. UƓ#UG\_,DJZ¬ znz` 㚉gsgD+Iڱr_6@8NITlBM~Ѕ/yU"Lfy%dy,7Q t3(j>l٠)a-RM 47Wx {OaǮ{|8#lF Sag:FX2怑<5?V w^h)G8/׋2R8R ko*SeHpqj&½Piuy?4,[RY!P;xr-+KRtsM3Y+ϕeĽȸe6npN e^yfRQUDyjsh2k0F)|M6&Ɠda(K@z35a I}QPi je 丒@c `=":Xe{Ŧ5.F=d`}eE>qQq|EK?A2O2wle'3z7P5NaQ hp~VfVI6+ vЩ{IJVF?@n1(CDV{@}KYalAU؝n4^m4gg KLO3>}"9KwuxL1;(X9CV:0VCS0$1 |B㮇>h=F&ZWAu ҕX!US)/{jkg NaxRB@ml!?p0ͫ-dUu7 vNdi1:5rE,„A^$ʸL1OE4t1j5#YSAY|:jg/5٭$V pA4+6tv޴L0:4Vxk-RF.2~fl/k״T6"qIS*akkOج[њbDe;ҎE24h 6@qІl^%@@ܞO'6yٝ %n`.Ր7E@{<5Ό`WaI}{KFɺeZ5K#޶o ԺezyR5Ҹ"?"IqNC%CC d@B^s*+u;J 7n<2lLW|B\poZB}յpwqåL_@2R%l5V@ N![D$FHYG=zїQ&xm;'f&:d\ GeD1u$W@nAl#Ve7(cĜ.Y1g&XIAߠ*0qj'939lx7eyJIM$%w6P}> H}/SaMB)ۘj<-(EyDa-+ʕ{ە2 ț<f}0K~Ezb0uI+׎Q/BCtDtО+ƭtc,oexu>NR D2= T .aVdzL[riRc;ǸB&x))O<~cxeTgs`UTRL`Fl/@z?9||g- & 4+'kٔpə4omGMHN16r:i%I8`Ac4"&V)V #a m&6 pxa_g8 -&:ey>OL;?er̡;ؙ*9f&lѲsҰTEMe6^`-o'P ].q2 Kp T)+k*C|8f_QN C'vȆB}sA[r$(KG9˃aF_If^݄ʖ)b8 -oKe63tҪGKl&Ǥd9zq(H/ J;Ff+M 4\){q4c6 WT9ڵ:"&iC՟[vKPXyXer։IJ(5b 2;@ '1/:[S275fIZj)F_!'*\IxRۓƬZ|q#L1e"cWd LssFeO}:0S(ՌD3 )Y*BHIָb4F( GE⍬yo%-4N}<۫Гh̊s jO~e}{#3Լ{R+J-t C)B_)@QyYK aV_G clo""Oĩ946z^/fmJA⊽ Yna|뾮PIܫ4mw)~+wliඎhpPFٽÅ+A&-M`ʏTrdZl]Oe~0[1gcX!⁻^F xV/GQ(vswn:\⇚Z0}a g[Iݟ~fOUMux.S{ŵci*lm32ʲ n>^zF#]Ҵʑ6N@iL @~'Fm?4xhy;&ݧ:O^"D[!E:α U^AO2Bh3uS1$] <ܰeD$<*A;ղ(4"ե秣#Dž5~MqZ+סt]ĵfozL~ڝsp@ϤG&L qij YKӠ}0|D늃/Oplz>OS-Ed moF} ;mB8GߣBuӣ֔"<#ۊ˒|0e4c@'7m$agum&ۉNۜ"Ȫ,̢g5Vr{E-s*Nv@挐܉jX%trUFǩߗ < MP3G8⟚yy3hPbbQ縺/7Ե[jjiM#B3x̾V8k?,z_?rj& = V+8c&3yt;v|./6#6*X, \8u5'O()Dפ[rPAgw/pYz5a!3T 7c2m˙eگMudEk Ίͪ$TdG[]op#T>si#N&A$@j a"ms!E.;~yk ۳1ğ-|\I6EH~29#\=[*7 ef $qM6th͟'im \HpB1 14f)[Q{n?Q\IƩ' ":"9 ߀u=:헰WjjA ~_f GC t l&>YG G``Kw=PEHon;EgM~?OȉQF菣;[ZAq3hߛF[m.0Uݏ)tv.)%;JWeJ̲z4r;gk^ߎTRm`WArG[pUi ;,5,Bc k>-=l#1 D%GKAT6cY/C[|ͫ{s%eY2kQx'9@bo%-lLҬR DZEM7E5fN&,,"Ǜ2pF#Jnlv\Kc]5o^$iHq'&^wpmç8}5WzfIcJԭ &^mv-v@e% KWQrI "\69uk/Jci8M԰T7})2-ged/N*k5}ɨQ 7szGFi & .I;0 Xn⊋6aq(m=QO+LA, WNY Je }IYOeJ~ք&~/= SpD>iwJl 4bdʬ9'VNA-٣dEG6~X5Kl1A*!)'Dp3/{8cL'RŦfc"}ywvP/o~By")UҚT7=tGͺ;#ʋ+% N)׊0>t T24%JpD&-?bnA4&ndRdI(u30gG<K1'{fB\GWT|quCT}.q;YJ"I2Tck߈>fumbMh֡o_O`D1鼁8NQ4O+8EvuaoH? ⪞CRHpbRoT0*t llp c/6=N˲ G1Ϋ'.E XM5-@b.i~H/=Rh$;1׋7q3~-"T, =U4Q2M_r n[L9d.]:VP4c$_B |Cڱy~SXed 7<_uݲ?;"Н?C&Nv eɶ}rC.mTByDW\dr}`Ü*mRQ[vo׹7uˎ!@{ g7N2u0 \L OROz̏>W-BRct ~Uxȅ9ȲQ! aV~A;&2l>V}+eU먭E/ejX`^pXm ߬d=\/Q2҉c5D}ZmI?CXjS *Y@>E /H(0B:=F ~L1\¦G1&[7Q0ą)o~'?.b 3@j^ nk Cş>k:"3:T@bKq*#`eoP,7 E[hpXe X:wW:b&@X7WMSΆ⼁l`wzQ9,;hI۱w" Y  g$<ֱOpvF KeO6ޞ/>Nlq BWYx c@eY")LFۦ ȵ񞡄<.7]A@-H5LIWrQi!i?П4N(wQ{1.զ7\T_ڌNXe3ÊvbMJF=f$(I>+guFs$Wˤ481Ѱƣ>Yt w$XS'`MBř%4B~ #M,LJr[MoʵB82S)bDe92%# hcxuLWi4em DN74jI0fJQ™|$_zq$*W7rK<g_ɉMC)t@[M|a,)SxD3%\0*BYӗT ^#Hm1$Z( g{;O2fv@AVrD1 Kv^t*i;XKRZӇ#Ys!m(im8f>Vƣ K$DW:H)٤{쉢3 $n -ƬחFWR$hLU`S>WtC"V׹@_P.{gcU]7v0q3Id>?lctO, uqu@ٜLHD¬?&M=f%&7GyrR&q+wFH_KYe>KtU"gYc, :̽x.jMi`=j.V'Y-=wD~6۾[1|W4$# v3%jTB;YKٽnmsf]LQ~Zמ!7I9;WnfŞz>e{Bomu4A΄,`G4l\lƗ1X uKy(Ke/q1U)pZT'8 mf# U|ŴoS䫏:SQHuuj>aĩaʴ?\z%:;fɗs[8%RFx[3ɑ2 Oã(*E̯B'T)4BzQL߇;Tow ^xŋ'hy;IzldR9ԅ [|p5Gk@T5gL!:Vi8ֲ[:, Mqtiv qʠO ,FYJu,}6%Ÿ+6l+zQ  ٧3 :؆E(-NQ;ҤBȊ+ 8!/ei$ƫ}'t))V@@zvܲ>ttʼpi$> '7(4EKCe](NuXr<q%:` zxD9"v3rǡ_Pr `-Fz67A. jF$ -LZOwHE4pxDjc6ItLbR@ 9I!"GB'b\N޵l|D]:c? ;Fa)*BO>IÝ8_!mf|p-*}bА+OTZ(:>"8chlG[­nG59a=#k!1d>K_O|v%nO5&!GeknKW71*MՃ",)NLTXP䍩ki>@rJ >)4&l(Ȭq䲔<KMRf;A85`>jѹXYvd㑩[L>v.\b zZZziB#1]cZ)ǶRE*@<T8aw9T-+K'?q2[WBb7#-/̷0aNCٛxG`6!;սR|6$T-y], 1/)C!G#Aߨ%z3'E3R5$dI MѻGdjTo קZ{1JB-4O+H?䄶QTo'4*qh˭z$ G{n d5U4ljgSjW9Kc^d"1 ,4r w ٸ!dzk٣,`KNE87VoD3Q@6)J{Hnsz"10hxCQ6m[ cz])dvq.Yc TJ>K .dzu;/sݨ8+Wܨ;c˘J>TqBwg_d"wҾ~G#ݏn ]I i-\x1%Ze.j& 눫c6N 8FS8?tȞƇD^|c=7shwsiJ Cw\P*} v p.>DK¹q)`kӧ{ ]LJH=KT$sh#6uO/t7Er4) 7o7QSƗxԤfxCv֞2E2YGd|U]'hhO_39A|4e^]!7&O҄ۧ鞖n[=ö7g^/F"Z2XR\0u/B:{}͢ M$,4[7mNWBĊcwVGc{5Sbе!ŜUzqX>lxqFq ~= auE?Vʾ"$+ES3\g>zYn2=+Su&,@֓ƿ ԔZ? e1[՘ . B) rm%!jqi9Mat[h66`amf9"HDeHE;,:Wخe:pBox+kEb ж^;Ȳ,ke*Qɭ'6v0C-./ }iep|Ԧ|5਋Y5g5tT;,QE6)tXVӯaq5#"yHvj3ޥ/ .IRȢܛ~FGɞ=< RfAMZIlGZ8oAH-A'϶a䤁Ā0Ǩ;z ۆ@Ի "g= 16;XS32" YS :\4$No `Qm#Q%i88BYkT^C)SWrൡQՓy4.@E?[~FؗHF(Pw84ŇȠK )X=Ki>3ˋl{:ȀX.m2Cʽ[#DF"y%zcZjzG* SgdDyYSMŧqY>UX|ěЌ'bfwt~w GU`b47fTJ;Y$+`+[$l AUg/47,2ɨ흢;ф.J :$>K;_ⳄfF#}sdLV NR.X&LS3Ey?[֋˭Qj񁄥a-kK-'8NJU[ 0zƼG;4ꊜ"gaҰF: !"589Dʻ*_CEq [^ 'ސ@ noc|C{iBl=IJoV]OWdɾ0݉YJ.+G2 l;a+Y,h5nr!νwV-2^{i›i| q!e]57NdM%t eճk=b]'G/+XޘSYkWX7i[< x RȦƃ 6eE-=eBjqt#M%3Ͷ<ѵR1ڵ]omuFztE ={A3_ͽͤZL1PUi kyf=/pSQv׋lBYl+)ww&q9P0i6KYd#(n=k_pzMץ?̃L @4)$^Hts:mc4(SyG/$v̯pA!FqA[g/"Жm7Éan &m_ǩ_ Og"L6n:x(>GC6* A ZFA$S:CtV<',8O*HynJز!}1+h3Ι =z+²R?VLX@,Z˽|D*2Y&nÔʞ񴲢͛Oab"_lSE(:n%P``J` qA ,6S }<MeG&{gqӽԖMXaJ ܑ,uϣ)˵rP¹܆p3 ٜg 5G1[ﶂȖiL MŮAYWi?x/XMay8)=~GV/Z.wNj'+x 4Zb/.sٛ!yR 4 =__/$6Զ}D /O#Ax_(" ch|M[):\!XB㐶a&Z>K,KP:Ј]L2^Рh-(oR8W-<~3(Epֱpl>96AYO᧗moP, 4ըF  .% \6zVG><~lYQvPj'Kz#k?4YAI[l]y P!յK>Zy pk\e-]f3Y 9Vdv 7wPU9-~zKCP TU|H&R'KQGg2%b. 3ŚU`^<>HMeH^ܥ~G KY}^A-."E7ϏqOoRY!ԲqϴU~%s\WF=l2V#e%½ 40QbpqݎTQw6mU#o֧tq|R~Jʼd{w:39oVDPp[j#{DLd"@*G"PMguxՑT&y)tGwaw\@FK_q+2S9|J C#󈖴@*b՚|=0YG b O3_Tw{ ޔ7zFpdabA srq$! ;#Uɪ8-YmÆYvټ[h{2|$Q=aUO2^و޸?~ ҍ}<%i3Ӕ$XW3@=+4ue!8iJ콱%PF_дvg& ٺ"b7W[OzAߓm!Aͼq(/(G^ w"7TVrOR!Չ\ʱL DB.;㮍?ec"g1S)PND&UV, ~3 -\41qsh޶ YZ