freeradius-devel-3.0.20-3.module_el8.3.0+476+0982bc20 >  A _Me8U]=dkKk %ݼ[\40kuCe^⴯ D76F4Yv.Xl(0XH]ߒYD4l2 g/PTU|(d4ګYiy1dꩥQa5EW}55-e'0b] 38˙2 g4>V9WE=U$ d݆U5!kU/b-.ٳ 8%!Rέx6*i'~攣\v*k&TSE*҆k>p:>?>d 8 U  %+4GPG G lG G OG GGGzG~(89:GG3GH40GI5LGX5Y5\5G]7G^9b9d:e;f;l;t; Gu<<Gv=X=====Cfreeradius-devel3.0.203.module_el8.3.0+476+0982bc20FreeRADIUS development filesDevelopment headers and libraries for FreeRADIUS._Mb#aarch64-02.mbox.centos.orgAxCentOSCentOSGPLv2+ and LGPLv2+CentOS Buildsys System Environment/Daemonshttp://www.freeradius.org/linuxaarch642lRi8?| 2qi r +wt W &~ |TK0LW0GUN0x.S!OTTqwY b/ A큤_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb_Mb2423357eeeb7c262b021d09ef44cab55c31f95ec31ebd182e7b3a5df2abf3f4189919a88062faa259fe7dca2fbfd11e7ef1133e7ef28e11b80f86e0c41b0a3fb61f82a2397a91786f76e78815dec88f1161a43c99f2a5cc31a80b7a9e81127f9a970cc6ea0cf6c90358da867431a47765f1d2545c9c5c511fc319af787ec7f4fdc8f8333cbc4b156128456bae9344bf659a6c6e94befcfd2c824c24c6f607e4fddabf631e1ae081f6b24cb0fbee02bf169281697b25870eaeb3984117fc424ab600f82be3dbe330700cfde195134d8d23f48785d5703ca23f081afa361c63f0712b6bbb0f3baf16f71cd778a5517456ee4d840ab5944f40a6034a219bdef5e1bd368973b5f9ba5a3be952d38bc53171768b2139e8ca0f2ed1ed3d4db6e2486870d8f97f8a8aed80bcf6740a353da070fdcd6443aefa6b9acce6b1b8a16b7875207e77afbe9cfbf9c37c24f1172248b3934f41ff8a60980a15a6605f4f4d82efb27f3e7c083b482c439626625213b9ffabcce8ef2b59e9290714e03f3cb22ad292cb2167411236ff67455e4033b336240e34b89bd2d61fcfd0d778fd029c5e06e2e74144a69a7aa49e882a0210fdf1cbf7bf56c28b2a59c4d6b35424a482d249d8cdb30ffd08e303718365155c8810b0441f0ef5f8e924f172a5b57a05d5a6c994a2bc551a7bf24e232db932ee56cc35df0befa44558cbc445d776c9527ef43ba4c36e9f8bebb05a74cfadf58ce29c0307a8df01b929882ffb7fd98173b0793c5db66f171706710862edb5a2e4d6ea2a79edd7769b60138981b5e30b383e44276390a77423fe29ce757d681a1e2599ea0ca122b69ded2805c3a3e2a298390d41dddaabb24cb0260f45a111c8a0cbcd516cea9cd9ae9e44f9efb1963650ad611a1b585119f6f56d2b796e07e99e24ce0d8af1c6562fa287c34c4a95a53c2acf2abc88c3b2f3ad981149d87bdc06185bf4ee4472ee494639d0ddf81e8ffa3b8b4951bae580ca8219d2ab14c5c188c80fdb0e6661ca83abf039494001a70e9e9ef74ea7f056fe01f62089a5cd2ab3891ab9fad7a623ef8c9a47eaa52cdb1225354fee15db0ed2313fe362119cbd20488d8acdf96be0e8c44e3f2197d943bb7097365e593d8da5ec5c7ee47feaff4056ed4378f76299c48c62af60e6421c3bcee4eebe311144adbe8ea4635b99c494d2616887a889a0ab195f8895d1e495b8ac2f30100c829db2ea58658a6b2ceba589e0724c51ec7e3b57b3cc6a36243fc148971781cd1a1bce26e83937bf77f50c9deefad8a54cbad4cf27cb98de497a1d8664f8d118d970a2dddb31680d1f1c5a4c9338784b823ee937a19451a865843b100da02f2076742a64e485c2773b39df5b45a1dd22345208373c742c5f65b156b287136fca79c207e9f32854847645af8a0aa1ec900a81ddd6392cfbe6edc200df33bc42a300c0655969af4a864e2fb610b4f50ea3ed82b247ccbed7c8827e4e5c594c7cd0b192268e3ddc3d0cb51ec5202ed37ceb24fc880bbc8898d0a69f038c7d06ef553edf45a95b24c389b60c9fce513708ad586d6a50928b4a88a8458be003ff9fefd564ae740259fe477ce001217c0c3c8e4d00089a695e6a0e3d132b0d3c48dd7e2f11c60fea633083be7243fbf925be2e42be0c6685187858c6cdaca3ca61bf553edf45a95b24c389b60c9fce513708ad586d6a50928b4a88a8458be003ff9eff0c06a562d0eb49528849a2dd7e747b78975492e60bd368822fbd5e59a83c73625a02462bd14adb38066495f2ed9599c705f94042126563f94016e8bdee3bf495546c15af8d85997968d9100ba9b82563b60a167ddfff99f32bc032f785d52c191e8d5e478efad503f360d91239b1bf79ab9e643e33ad32d071e86445e0a6cf1e13050768377f0de0aa1081631769cae767bcb309adf2e5beb5da834bff46ef553edf45a95b24c389b60c9fce513708ad586d6a50928b4a88a8458be003ff9452545863795b33646c1fa1608791e6a47caa8fbd604ebfae4ff1c1415795cfd363612c0ef13e44644dededfd16bb6eab15c800312fa46e93a4112cb285ed0437523051863a55a8fb034b8427ec649ed213bd49ce13e2a0545d549b634fa593eed6a795544e91629ab206b5f6835b669bc2bbd035941b21c69b8785df7a8ff327c6455fe53b4c2662864a6cf36e8961057ffee949015b18722aba07a99eebb8a519b664c6df430254c02e4323a07fb70b285b2a11582f621e3d89b1546197815fa806fdf5c3ac0373f4858943b223445975594d6a37e65c8215c6646e13580bbf277cbd30085289c4b8f2022533ab879afd459fc21427f08907acdf14c185d5c4c7e68dda54d809f32a60c0c18a1c9feb157019efce849f4d94e81cff9926c0e58da6c5e3701fa0e4b5cab71f7745c7ac142543a21e5c00f630a2dee09449d7c4ebf731318939f15117e9ff283e392ab7c543007efe78ec55bdac9d41d1c014509a2dff108da9728e7f0b58a14366028a75200f0c866807094ac6acd38d77054f9e97b3c46c775b8753d79dc8c597134efdb81275af27fd2e3ebeef265cd5a9309184f1b8635c841ec09fae090bdbfbf65ffb26d85fe4239ff7e90927cbdaf638f784c4d7444c98de9e4abe06a36fa063e5c425d8aa863c4005adb9ea6350fb557e112925307cdf22251c366f4ed6224961246b1ea4ecb7a8b3009055a405637f6062ee7e517763f46b535664a65da7d886e6edb4158e92169f7ea730cc373e56ea066400c53b6204ae309868fcf8e2f7309fab29f844a9475e4b6dfa0b8f8f252410c4c0a205325e5cc84838287eaf7abacc3ca3ef404b856e285c5a48cced79b51d0d2b5e5aa72f84b46ae24510131399cc8edbe213f2c497bcbb41084ca65f80e1a933f465ffccb638df5b234eca3a1fb3d3a389cf1b5f33565b070e542ce6fd2636896639cba23e521f9b5beb23c7ced4955f09037b2adf212bf2799cdc70a9193c36520dd65a0e8cf28a8870adf8ff6f0c6a6ce62c952ad3559d3980280113ef0de636436d82169f671f04490409b677f55a61960e695f9b6f12dd915401964fafffe5789f4c5be1126146052f1a76c230619a1915892ce9105ba3b746b45be4f4531bf6e25985a62c26705b02c4bbb60bdb11a9f92f25f5906d5d6cedcrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootfreeradius-3.0.20-3.module_el8.3.0+476+0982bc20.src.rpmfreeradius-develfreeradius-devel(aarch-64)    freeradiusrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.20-3.module_el8.3.0+476+0982bc203.0.4-14.6.0-14.0-15.2-14.14.3_+_*@^(@]]@]@\@\@[u[@[[[^[Xf@[d@ZZ}@Zz@Zc/@ZOhZ-!Y@YyY(@YYx@Ym@Yg`Y3@Y-^XۡX,XX+X@XXX@X|XwoW W;W @VVhUoUa@Uq@U?v@U @T@TT2@TTT @SvSGSSg@SsZSj @S 4@S?R۾@R&R@RiRnQRZ@R,fRC@QQdQQ@Q@PP@P@PqPPl(PO@OE@OfOLO1@OONNNyNiNh@N(N&@N*N@M@MMMMQ0@M@Mt@L@LT@L@Kj@KEK;@K;@K/c@K/c@KK@J@JJ@Ji@JW-@J@J%@JMI@III{I7@I6tI3I3I2@I&HH}@HWHM@H=I@H-w@H@H;G߮GƢ@GGW@G5@G,bFl@Fl@F@F^Fr@Fr@EL@E@EySEnD@D@D@D~D}@C@CCCqCu@CqC=(B@>̻>j@>j@>>>@Alexander Scheel - 3.0.20-3Alexander Scheel - 3.0.20-2Alexander Scheel - 3.0.20-1Alexander Scheel - 3.0.17-7Alexander Scheel - 3.0.17-6Alexander Scheel - 3.0.17-5Alexander Scheel - 3.0.17-4Alexander Scheel - 3.0.17-2Alexander Scheel - 3.0.17-1Nikolai Kondrashov - 3.0.15-18Nikolai Kondrashov - 3.0.15-17Nikolai Kondrashov - 3.0.15-16Florian Weimer - 3.0.15-15Petr Kubat - 3.0.15-14Charalampos Stratakis - 3.0.15-13Björn Esser - 3.0.15-12Igor Gnatenko - 3.0.15-11Fedora Release Engineering - 3.0.15-10Björn Esser - 3.0.15-9Iryna Shcherbina - 3.0.15-8Björn Esser - 3.0.15-7Nikolai Kondrashov - 3.0.15-6Zbigniew Jędrzejewski-Szmek - 3.0.15-5Zbigniew Jędrzejewski-Szmek - 3.0.15-4Fedora Release Engineering - 3.0.15-3Fedora Release Engineering - 3.0.15-2Nikolai Kondrashov - 3.0.15-1Nikolai Kondrashov - 3.0.14-3Jitka Plesnikova - 3.0.14-2Nikolai Kondrashov - 3.0.14-1Nikolai Kondrashov - 3.0.13-3Nikolai Kondrashov - 3.0.13-2Nikolai Kondrashov - 3.0.13-1Nikolai Kondrashov - 3.0.12-3Nikolai Kondrashov - 3.0.12-2Nikolai Kondrashov - 3.0.12-1Nikolai Kondrashov - 3.0.11-7Fedora Release Engineering - 3.0.11-6Nikolai Kondrashov - 3.0.11-5Igor Gnatenko - 3.0.11-4Nikolai Kondrashov - 3.0.11-3Jitka Plesnikova - 3.0.11-2Nikolai Kondrashov - 3.0.11-1Fedora Release Engineering - 3.0.10-2Nikolai Kondrashov - 3.0.10-1Nikolai Kondrashov - 3.0.9-1Fedora Release Engineering - 3.0.8-3Jitka Plesnikova - 3.0.8-2Nikolai Kondrashov - 3.0.8-1Nikolai Kondrashov - 3.0.7-1Nikolai Kondrashov - 3.0.4-4Nikolai Kondrashov - 3.0.4-3Nikolai Kondrashov - 3.0.4-2Nikolai Kondrashov - 3.0.4-1Jitka Plesnikova - 3.0.4-0.2.rc2Nikolai Kondrashov - 3.0.4-0.1.rc2Jitka Plesnikova - 3.0.3-5Fedora Release Engineering - 3.0.3-4Fedora Release Engineering - 3.0.3-3Nikolai Kondrashov - 3.0.3-2Nikolai Kondrashov - 3.0.3-1Nikolai Kondrashov - 3.0.2-1Nikolai Kondrashov - 3.0.1-4John Dennis - 3.0.1-3John Dennis - 3.0.1-2John Dennis - 3.0.1-1John Dennis - 3.0.0-4John Dennis - 3.0.0-3John Dennis - 3.0.0-2John Dennis - 3.0.0-1John Dennis - 3.0.0-0.4.rc1John Dennis - 3.0.0-0.3.rc0Petr Pisar - 3.0.0-0.2.rc0Ville Skyttä - 3.0.0-0.1.rc0John Dennis - 3.0.0-0.rc0Petr Pisar - 2.2.0-7Fedora Release Engineering - 2.2.0-6John Dennis - 2.2.0-5John Dennis - 2.2.0-4John Dennis - 2.2.0-3John Dennis - 2.2.0-2John Dennis - 2.2.0-1John Dennis - 2.2.0-0Fedora Release Engineering - 2.1.12-10Petr Pisar - 2.1.12-9John Dennis - 2.1.12-8John Dennis - 2.1.12-7John Dennis - 2.1.12-6John Dennis - 2.1.12-5John Dennis - 2.1.12-4Fedora Release Engineering - 2.1.12-3John Dennis - 2.1.12-2John Dennis - 2.1.12-1Tom Callaway - 2.1.11-7Tom Callaway - 2.1.11-6Tom Callaway - 2.1.11-5Petr Sabata - 2.1.11-4Petr Sabata - 2.1.11-3John Dennis - 2.1.11-2John Dennis - 2.1.11-1Marcela Mašláňová - 2.1.10-8John Dennis - 2.1.10-7John Dennis - 2.1.10-6Dan Horák - 2.1.10-5Fedora Release Engineering - 2.1.10-4John Dennis - 2.1.10-3John Dennis - 2.1.10-2John Dennis - 2.1.10-1Orcan Ogetbil - 2.1.9-3Marcela Maslanova - 2.1.9-2John Dennis - 2.1.9-1John Dennis - 2.1.8-2John Dennis - 2.1.8-1John Dennis - 2.1.7-7John Dennis - 2.1.7-6John Dennis - 2.1.7-5Stepan Kasal - 2.1.7-4John Dennis - 2.1.7-3Tomas Mraz - 2.1.7-2John Dennis - 2.1.7-1Tomas Mraz - 2.1.6-6Fedora Release Engineering - 2.1.6-5John Dennis - 2.1.6-4John Dennis - 2.1.6-3John Dennis - 2.1.6-2John Dennis - 2.1.6-1John Dennis - 2.1.3-4John Dennis - 2.1.3-3Caolán McNamara - 2.1.3-2John Dennis - 2.1.3-1John Dennis - 2.1.1-8John Dennis - 2.1.1-7John Dennis - 2.1.1-7Ignacio Vazquez-Abrams - 2.1.1-4John Dennis - 2.1.1-3John Dennis - 2.1.1-1John Dennis - 2.1.1-1John Dennis - 2.0.5-2John Dennis - 2.0.5-1John Dennis - 2.0.4-1 - 2.0.3-3John Dennis - 2.0.3-2John Dennis - 2.0.3-1Tom "spot" Callaway - 2.0.2-2 - 2.0.2-1Fedora Release Engineering - 1.1.7-4.4.ipaRelease Engineering - 1.1.7-3.4.ipa - 1.1.7-3.3.ipa - 1.1.7-3.2.ipaThomas Woerner 1.1.7-3.1Thomas Woerner 1.1.7-3Thomas Woerner 1.1.7-2Thomas Woerner 1.1.7-1Thomas Woerner 1.1.6-2Thomas Woerner 1.1.6-1Thomas Woerner 1.1.5-1Karsten Hopp 1.1.3-3Thomas Woerner 1.1.3-2.1Thomas Woerner 1.1.3-2Thomas Woerner 1.1.3-1Thomas Woerner 1.1.2-2Jesse Keating - 1.1.2-1.1Thomas Woerner 1.1.2-1Thomas Woerner 1.1.1-1Jesse Keating - 1.0.5-1.2Jesse Keating - 1.0.5-1.1Thomas Woerner 1.0.5-1Jesse Keating Tom Lane - 1.0.4-5Tomas Mraz - 1.0.4-4Tomas Mraz - 1.0.4-3Thomas Woerner 1.0.4-2Thomas Woerner 1.0.4-1Warren Togami 1.0.2-2Thomas Woerner 1.0.2-1Thomas Woerner 1.0.1-3Thomas Woerner 1.0.1-2Thomas Woerner 1.0.1-1Warren Togami 1.0.0-3Thomas Woerner 1.0.0-2.1Thomas Woerner 1.0.0-2Thomas Woerner 1.0.0-1Thomas Woerner 1.0.0-0.pre3.2Thomas Woerner 1.0.0-0.pre3.1Elliot Lee Thomas Woerner 0.9.3-4.1Harald Hoyer - 0.9.3-4Elliot Lee Thomas Woerner 0.9.3-3.2Elliot Lee Thomas Woerner 0.9.3-2.1Thomas Woerner 0.9.3-2Thomas Woerner 0.9.3-1Thomas Woerner 0.9.2-1Thomas Woerner 0.9.1-1Nalin Dahyabhai 0.9.0-2.2Thomas Woerner 0.9.0-2.1Thomas Woerner 0.9.0-1Thomas Woerner 0.9.0-0.9.0Thomas Woerner 0.8.1-6Thomas Woerner 0.8.1-5Thomas Woerner 0.8.1-4Thomas Woerner 0.8.1-3Thomas Woerner Thomas Woerner - Require make for proper bootstrap execution, removes post script Resolves: bz#1672285- Fix breakage caused by OpenSSL FIPS regression Related: bz#1855822 Related: bz#1810911 Resolves: bz#1672285- Update to FreeRADIUS server version 3.0.20 - Introduce Python 3 support; resolves: bz#1623069 - DoS issues due to multithreaded BN_CTX access; resolves: bz#1818809 - Create tmp files in /run; resolves: bz#1805975- Fix information leak due to aborting when needing more than 10 iterations Resolves: bz#1751797- Fix handling of IPv6-only hostnames with listen.ipaddr Resolves: bz#1685546- Fix possible privilege escalation due to insecure logrotate configuration Resolves: bz#1719369- Fixes two EAP-PWD security issues Resolves: bz#1699417 authentication bypass with an invalid curve attack Resolves: bz#1699421 fake authentication using reflection- Updates radiusd.service to start after network-online.target Resolves: bz#1637275- Update to FreeRADIUS server version 3.0.17 - Adds OpenSSL HMAC patches from upstream (unreleased) - Adds Python2 shebang patches from upstream (unreleased)- Actually apply patches added previously. Related: Bug#1612512 Man page scan results for freeradius- Fix a few minor manpage issues. Resolves: Bug#1612512 Man page scan results for freeradius- Add make to Requires(post) to fix certificate generation on install. Resolves: Bug#1628213 FreeRADIUS fails to start due to default certificate permissions- Rebuild with fixed binutils- Rebuilt for gdbm- Disable the python2 subpackage- Rebuilt for libjson-c.so.4 (json-c v0.13.1)- Escape macros in %changelog- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild- Rebuilt for switch to libxcrypt- Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)- Rebuilt for libjson-c.so.3- Use mariadb-connector-c-devel instead of mysql-devel or mariadb-devel Resolves: Bug#1493904 Use mariadb-connector-c-devel instead of mysql-devel or mariadb-devel- Add Provides for the old name without %_isa- Python 2 binary package renamed to python2-freeradius See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- Upgrade to upstream v3.0.15 release. See upstream ChangeLog for details (in freeradius-doc subpackage). - Resolves: Bug#1471848 CVE-2017-10978 freeradius: Out-of-bounds read/write due to improper output buffer size check in make_secret() - Resolves: Bug#1471860 CVE-2017-10983 freeradius: Out-of-bounds read in fr_dhcp_decode() when decoding option 63 - Resolves: Bug#1471861 CVE-2017-10984 freeradius: Out-of-bounds write in data2vp_wimax() - Resolves: Bug#1471863 CVE-2017-10985 freeradius: Infinite loop and memory exhaustion with 'concat' attributes - Resolves: Bug#1471864 CVE-2017-10986 freeradius: Infinite read in dhcp_attr2vp() - Resolves: Bug#1471865 CVE-2017-10987 freeradius: Buffer over-read in fr_dhcp_decode_suboptions() - Resolves: Bug#1456220 freeradius-3.0.15 is available- Rebuild with updated MySQL client library- Perl 5.26 rebuild- Upgrade to upstream v3.0.14 release. See upstream ChangeLog for details (in freeradius-doc subpackage). - Fix TLS resumption authentication bypass (CVE-2017-9148)- Explicitly disable rlm_cache_memcached to avoid error when the module's dependencies are installed, and it is built, but not packaged. - Prevent segfaults by adding a missing handling of connection errors in rlm_ldap. - Make radtest use Cleartext-Password for EAP, fixing its support for eap-md5.- Fix permissions of default key files in raddb/certs. - Require OpenSSL version we built with, or newer, to avoid startup failures due to runtime OpenSSL version checks. Resolves: Bug#1299388 - Fix some issues found with static analyzers.- Upgrade to upstream v3.0.13 release. See upstream ChangeLog for details (in freeradius-doc subpackage).- Do not fail logrotate if radiusd is not running. - Fix output to log file specified with -l option. - Fix long hostnames interpreted as IP addresses. - Avoid clashes with libtool library symbols. - Remove mentions of Auth-Type = System from docs. - Improve ip/v4/v6/addr documentation.- Fix three cases of comparing pointers to zero characters - Support OpenSSL v1.1.0 Resolves: Bug#1385588- Upgrade to upstream v3.0.12 release. See upstream ChangeLog for details (in freeradius-doc subpackage).- Make sure FreeRADIUS starts after IPA, directory, and Kerberos servers - Don't rotate radutmp, as it's not a log file - Logrotate with "systemctl" instead of "service" - Remove executable bits from "radiusd.service"- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- Move tmpfiles.d config to %{_tmpfilesdir} - Install license files as %license- Rebuild for readline 7.x- Switch default configuration to use system's crypto policy. Resolves: Bug#1179224- Perl 5.24 rebuild- Upgrade to upstream v3.0.10 release. See upstream ChangeLog for details (in freeradius-doc subpackage).- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Upgrade to upstream v3.0.10 release. See upstream ChangeLog for details (in freeradius-doc subpackage). Related: Bug#1133959 - Remove rlm_eap_tnc support as the required package "tncfhh" was retired.- Upgrade to upstream v3.0.9 release. See upstream ChangeLog for details (in freeradius-doc subpackage). Resolves: Bug#1133959- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Perl 5.22 rebuild- Upgrade to upstream v3.0.7 release. See upstream ChangeLog for details (in freeradius-doc subpackage). Related: Bug#1133959- Upgrade to upstream v3.0.7 release. See upstream ChangeLog for details (in freeradius-doc subpackage). Resolves: Bug#1133959 - Add freeradius-rest package containing rlm_rest module. Resolves: Bug#1196276- Bump release number to catch up with Fedora 21.- Fix OpenSSL version parsing when checking for compatibility at run time. Resolves: Bug#1173821 - Don't remove backslash from unknown escape sequences in LDAP values. Resolves: Bug#1173526 - Improve dhcpclient and rad_counter online help. Resolves: Bug#1146966 - raddb: Move trigger.conf INCLUDE before modules, making it easier to refer to trigger variables from module configurations. Resolves: Bug#1155961 - Fix ipaddr option fallback onto ipv6. Resolves: Bug#1168868 - raddb: Comment on ipaddr/ipv4addr/ipv6addr use. Resolves: Bug#1168247 - Disable rlm_rest building explicitly to avoid unintended builds on some architectures breaking RPM build. Resolves: Bug#1162156 - Add -D option support to dhcpclient. Related: Bug#1146939 - Don't install rbmonkey - a test tool only useful to developers. Related: Bug#1146966 - Update clients(5) man page Resolves: Bug#1147464 - Fix possible group info corruption/segfault in rlm_unix' fr_getgrnam. - Fix file configuration item parsing. - Fix a number of trigger issues. Resolves: Bug#1110407 radiusd doesn't send snmp trap after "radmin -e 'hup files'" Resolves: Bug#1110414 radiusd doesn't send snmp trap when sql connection is opened,closed or fail Resolves: Bug#1110186 radiusd doesn't send snmp trap when ldap connection fails/opens/closes Resolves: Bug#1109164 snmp trap messages send by radiusd are inconsistent and incomplete - Fix two omissions from radtest manpage. Resolves: Bug#1146898 'eap-md5' value is missing in -t option in SYNOPSIS of radtest man page Resolves: Bug#1114669 Missing -P option in radtest manpage - Disable OpenSSL version checking to avoid the need to edit radiusd.conf to confirm heartbleed is fixed. Resolves: Bug#1155070 FreeRADIUS doesn't start after upgrade due to failing OpenSSL version check- Fix abort on home server triggers. - Fix segfault upon example.pl read failure. - Fix example.pl permissions. - Fix integer handling in various cases. - Fix dhcpclient's dictionary.dhcp loading.- Upgrade to upstream 3.0.4 release. See upstream ChangeLog for details (in freeradius-doc subpackage). - Resolves: Bug#1099620- Perl 5.20 mass- Upgrade to upstream 3.0.4-rc2 release. See upstream ChangeLog for details (in freeradius-doc subpackage).- Perl 5.20 rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Add explicit dependency on OpenSSL package with fixed CVE-2014-0160 (Heartbleed bug). - Add confirmation of CVE-2014-0160 being fixed in OpenSSL to radiusd.conf.- Upgrade to upstream 3.0.3 release. See upstream ChangeLog for details (in freeradius-doc subpackage). - Minor configuration parsing change: "Double-escaping of characters in Perl, and octal characters has been fixed. If your configuration has text like "\\000", you will need to remove one backslash." - Additionally includes post-release fixes for: * case-insensitive matching in compiled regular expressions not working, * upstream issue #634 "3.0.3 SIGSEGV on config parse", * upstream issue #635 "3.0.x - rlm_perl - strings are still escaped when passed to perl from FreeRADIUS", * upstream issue #639 "foreach may cause ABORT". - Fixes bugs 1097266 1070447- Upgrade to upstream 3.0.2 release, configuration compatible with 3.0.1. See upstream ChangeLog for details (in freeradius-doc subpackage) - Fixes bugs 1058884 1061408 1070447 1079500- Fix CVE-2014-2015 "freeradius: stack-based buffer overflow flaw in rlm_pap module" - resolves: bug#1066984 (fedora 1066763)- resolves: bug#1068798 (fedora 1068795) rlm_perl attribute values truncated- resolves: bug#1055073 (fedora 1055072) rlm_ippool; bad config file attribute and fails to send reply attributes - resolves: bug#1055567 (fedora 1056227) bad mysql sql syntax - change CFLAGS -imacros to -include to address gcc/gdb bug 1004526 where gdb will not display source information, only - Upgrade to upstream 3.0.1 release, full config compatible with 3.0.0. This is a roll-up of all upstream bugs fixes found in 3.0.0 See upstream ChangeLog for details (in freeradius-doc subpackage) - fixes bugs 1053020 1044747 1048474 1043036- resolves: bug#1031035 remove radeapclient man page, upstream no longer supports radeapclient, use eapol_test instead - resolves: bug#1031061 rlm_eap_leap memory corruption, see freeradius-rlm_leap.patch - move man pages for utils into utils subpackage from doc subpackage - fix HAVE_EC_CRYPTO test to include f20 - add new directory /var/run/radiusd/tmp update mods-available/eap so tls-common.verify.tmpdir to point to it- resolves: bug#1029941 PW_TYPE_BOOLEAN config item should be declared int, not bool- resolves: bug#1024119 tncfhh-devel is now available in RHEL-7, remove conditional BuildRequires- Offical 3.0 gold release from upstream - resolves: bug#1016873 - resolves: bug#891297- upgrade to second 3.0 release candidate rc1- add missingok config attribute to /etc/raddb/sites-enabled/* symlinks- Perl 5.18 rebuild- Install docs to %{_pkgdocdir} where available.- Upgrade to new upstream major version release- Perl 5.18 rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild- resolves: bug#850119 - Introduce new systemd-rpm macros (>= F18)- add compile option -fno-strict-aliasing- specify homedir (/var/lib/radiusd) for radiusd user in useradd, do not permit useradd to default the homedir.- add security options to compiler/linker- resolves: bug#876564 - fails to start without freeradius-mysql - use upstream version of freeradius-exclude-config-file.patch- Add new patch to avoid reading .rpmnew, .rpmsave and other invalid files when loading config files - Upgrade to new 2.2.0 upstream release - Upstream changelog for 2.1.12: Feature improvements * 100% configuration file compatible with 2.1.x. The only fix needed is to disallow "hashsize=0" for rlm_passwd * Update Aruba, Alcatel Lucent, APC, BT, PaloAlto, Pureware, Redback, and Mikrotik dictionaries * Switch to using SHA1 for certificate digests instead of MD5. See raddb/certs/*.cnf * Added copyright statements to the dictionaries, so that we know when people are using them. * Better documentation for radrelay and detail file writer. See raddb/modules/radrelay and raddb/radrelay.conf * Added TLS-Cert-Subject-Alt-Name-Email from patch by Luke Howard * Added -F to radwho * Added query timeouts to MySQL driver. Patch from Brian De Wolf. * Add /etc/default/freeradius to debian package. Patch from Matthew Newton * Finalize DHCP and DHCP relay code. It should now work everywhere. See raddb/sites-available/dhcp, src_ipaddr and src_interface. * DHCP capabilitiies are now compiled in by default. It runs as a DHCP server ONLY when manually enabled. * Added one letter expansions: %G - request minute and %I request ID. * Added script to convert ISC DHCP lease files to SQL pools. See scripts/isc2ippool.pl * Added rlm_cache to cache arbitrary attributes. * Added max_use to rlm_ldap to force connection to be re-established after a given number of queries. * Added configtest option to Debian init scripts, and automatic config test on restart. * Added cache config item to rlm_krb5. When set to "no" ticket caching is disabled which may increase performance. Bug fixes * Fix CVE-2012-3547. All users of 2.1.10, 2.1.11, 2.1.12, and 802.1X should upgrade immediately. * Fix typo in detail file writer, to skip writing if the packet was read from this detail file. * Free cached replies when closing resumed SSL sessions. * Fix a number of issues found by Coverity. * Fix memory leak and race condition in the EAP-TLS session cache. Thanks to Phil Mayers for tracking down OpenSSL APIs. * Restrict ATTRIBUTE names to character sets that make sense. * Fix EAP-TLS session Id length so that OpenSSL doesn't get excited. * Fix SQL IPPool logic for non-timer attributes. Closes bug #181 * Change some informational messages to DEBUG rather than error. * Portability fixes for FreeBSD. Closes bug #177 * A much better fix for the _lt__PROGRAM__LTX_preloaded_symbols nonsense. * Safely handle extremely long lines in conf file variable expansion * Fix for Debian bug #606450 * Mutex lock around rlm_perl Clone routines. Patch from Eike Dehling * The passwd module no longer permits "hashsize = 0". Setting that is pointless for a host of reasons. It will also break the server. * Fix proxied inner-tunnel packets sometimes having zero authentication vector. Found by Brian Julin. * Added $(EXEEXT) to Makefiles for portability. Closes bug #188. * Fix minor build issue which would cause rlm_eap to be built twice. * When using "status_check=request" for a home server, the username and password must be specified, or the server will not start. * EAP-SIM now calculates keys from the SIM identity, not from the EAP-Identity. Changing the EAP type via NAK may result in identities changing. Bug reported by Microsoft EAP team. * Use home server src_ipaddr when sending Status-Server packets * Decrypt encrypted ERX attributes in CoA packets. * Fix registration of internal xlat's so %{mschap:...} doesn't disappear after a HUP. * Can now reference tagged attributes in expansions. e.g. %{Tunnel-Type:1} and %{Tunnel-Type:1[0]} now work. * Correct calculation of Message-Authenticator for CoA and Disconnect replies. Patch from Jouni Malinen * Install rad_counter, for managing rlm_counter files. * Add unique index constraint to all SQL flavours so that alternate queries work correctly. * The TTLS diameter decoder is now more lenient. It ignores unknown attributes, instead of rejecting the TTLS session. * Use "globfree" in detail file reader. Prevents very slow leak. Closes bug #207. * Operator =~ shouldn't copy the attribute, like :=. It should instead behave more like ==. * Build main Debian package without SQL dependencies * Use max_queue_size in threading code * Update permissions in raddb/sql/postgresql/admin.sql * Added OpenSSL_add_all_algorithms() to fix issues where OpenSSL wouldn't use methods it knew about. * Add more sanity checks in dynamic_clients code so the server won't crash if it attempts to load a badly formated client definition.- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Perl 5.16 rebuild- resolves: bug#821407 - openssl dependency- resolves: bug#810605 Segfault with freeradius-perl threadingFixing bugs in RHEL6 rebase, applying fixes here as well resolves: bug#700870 freeradius not compiled with --with-udpfromto resolves: bug#753764 shadow password expiration does not work resolves: bug#712803 radtest script is not working with eap-md5 option resolves: bug#690756 errors in raddb/sql/postgresql/admin.sql template- resolves: bug#781877 (from RHEL5) rlm_dbm_parse man page misspelled - resolves: bug#760193 (from RHEL5) radtest PPPhint option is not parsed properly- resolves: bug#781744 systemd service file incorrectly listed pid file as /var/run/radiusd/radiusd which it should have been /var/run/radiusd/radiusd.pid- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- rename /etc/tmpfiles.d/freeradius.conf to /etc/tmpfiles.d/radiusd.conf remove config(noreplace) because it must match files section and permissions differ between versions. - fixup macro usage for /var/run & /var/lib- Upgrade to latest upstream release: 2.1.12 - Upstream changelog for 2.1.12: Feature improvements * Updates to dictionary.erx, dictionary.siemens, dictionary.starent, dictionary.starent.vsa1, dictionary.zyxel, added dictionary.symbol * Added support for PCRE from Phil Mayers * Configurable file permission in rlm_linelog * Added "relaxed" option to rlm_attr_filter. This copies attributes if at least one match occurred. * Added documentation on dynamic clients. See raddb/modules/dynamic_clients. * Added support for elliptical curve cryptography. See ecdh_curve in raddb/eap.conf. * Added support for 802.1X MIBs in checkrad * Added support for %{rand:...}, which generates a uniformly distributed number between 0 and the number you specify. * Created "man" pages for all installed commands, and documented options for all commands. Patch from John Dennis. * Allow radsniff to decode encrypted VSAs and CoA packets. Patch from Bjorn Mork. * Always send Message-Authenticator in radtest. Patch from John Dennis. radclient continues to be more flexible. * Updated Oracle schema and queries * Added SecurID module. See src/modules/rlm_securid/README Bug fixes * Fix memory leak in rlm_detail * Fix "failed to insert event" * Allow virtual servers to be reloaded on HUP. It no longer complains about duplicate virtual servers. * Fix %{string:...} expansion * Fix "server closed socket" loop in radmin * Set ownership of control socket when starting up * Always allow root to connect to control socket, even if "uid" is set. They're root. They can already do anything. * Save all attributes in Access-Accept when proxying inner-tunnel EAP-MSCHAPv2 * Fixes for DHCP relaying. * Check certificate validity when using OCSP. * Updated Oracle "configure" script * Fixed typos in dictionary.alvarion * WARNING on potential proxy loop. * Be more aggressive about clearing old requests from the internal queue * Don't open network sockets when using -C- restore defattr customization in the main package- add missing systemd scriptlets- convert to systemd- Perl mass rebuild- Perl mass rebuild- reload the server (i.e. HUP) after logrotate- Upgrade to latest upstream release: 2.1.11 - Remove the following two patches as upstream has incorporated them: freeradius-radtest-ipv6.patch freeradius-lt-dladvise.patch - Upstream changelog for 2.1.11: Feature improvements * Added doc/rfc/rfc6158.txt: RADIUS Design Guidelines. All vendors need to read it and follow its directions. * Microsoft SoH support for PEAP from Phil Mayers. See doc/SoH.txt * Certificate "bootstrap" script now checks for certificate expiry. See comments in raddb/eap.conf, and then "make_cert_command". * Support for dynamic expansion of EAP-GTC challenges. Patch from Alexander Clouter. * OCSP support from Alex Bergmann. See raddb/eap.conf, "ocsp" section. * Updated dictionary.huawei, dictionary.3gpp, dictionary.3gpp3. * Added dictionary.eltex, dictionary.motorola, and dictionary.ukerna. * Experimental redis support from Gabriel Blanchard. See raddb/modules/redis and raddb/modules/rediswho * Add "key" to rlm_fastusers. Closes bug #126. * Added scripts/radtee from original software at http://horde.net/~jwm/software/misc/comparison-tee * Updated radmin "man" page for new commands. * radsniff now prints the hex decoding of the packet (-x -x -x) * mschap module now reloads its configuration on HUP * Added experimental "replicate" module. See raddb/modules/replicate * Policy "foo" can now refer to module "foo". This lets you over-ride the behavior of a module. * Policy "foo.authorize" can now over-ride the behavior of module "foo", "authorize" method. * Produce errors in more situations when the configuration files have invalid syntax. Bug fixes * Ignore pre/post-proxy sections if proxying is disabled * Add configure checks for pcap_fopen*. * Fix call to otp_write in rlm_otp * Fix issue with Access-Challenge checking from 2.1.10, when the debug flag was set after server startup. Closes #116 and #117. * Fix typo in zombie period start time. * Fix leak in src/main/valuepair.c. Patch from James Ballantine. * Allow radtest to use spaces in shared secret. Patch from Cedric Carree. * Remove extra calls to HMAC_CTX_init() in rlm_wimax, fixing leak. Patch from James Ballantine. * Remove MN-FA key generation. The NAS does this, not AAA. Patch from Ben Weichman. * Include dictionary.mikrotik by default. Closes bug #121. * Add group membership query to MS-SQL examples. Closes bug #120. * Don't cast NAS-Port to integer in Postgresql queries. Closes bug #112. * Fixes for libtool and autoconf from Sam Hartman. * radsniff should read the dictionaries in more situations. * Use fnmatch to check for detail file reader==writer. Closes bug #128. * Check for short writes (i.e. disk full) in rlm_detail. Closes bug #130. Patches and testing from John Morrissey. * Fix typo in src/lib/token.c. Closes bug #124 * Allow workstation trust accounts to use MS-CHAP. Closes bug #123. * Assigning foo=`/bin/echo hello` now produces a syntax error if it is done outside of an "update" section. * Fix "too many open file descriptors" problem when using "verify client" in eap.conf. * Many fixes to dialup_admin for PHP5, by Stefan Winter. * Allow preprocess module to have "hints = " and "huntgroups =", which allows them to be empty or non-existent. * Renamed "php3" files to "php" in dialup_admin/ * Produce error when sub-TLVs are used in a dictionary. They are supported only in the "master" branch, and not in 2.1.x. * Minor fix in dictionary.redback. Closes bug #138. * Fixed MySQL "NULL" issues in ippool.conf. Closes bug #129. * Fix to Access-Challenge warning from Ken-ichirou Matsuzawa. Closes bug #118. * DHCP fixes to send unicast packets in more situations. * Fix to udpfromto, to enable it to work on IPv6 networks. * Fixes to the Oracle accounting_onoff_query. * When using both IPv4 and IPv6 home servers, ensure that we use the correct local socket for proxying. Closes bug #143. * Suppress messages when thread pool is nearly full, all threads are busy, and we can't create new threads. * IPv6 is now enabled for udpfromto. Closes bug #141 * Make sqlippool query buffer the same size as sql module. Closes bug #139. * Make Coa / Disconnect proxying work again. * Configure scripts for rlm_caching from Nathaniel McCallum * src/lib/dhcp.c and src/include/libradius.h are LGPL, not GPL. * Updated password routines to use time-insensitive comparisons. This prevents timing attacks (though none are known). * Allow sqlite module to do normal SELECT queries. * rlm_wimax now has a configure script * Moved Ascend, USR, and Motorola "illegal" dictionaries to separate files. See share/dictionary for explanations. * Check for duplicate module definitions in the modules{} section, and refuse to start if duplicates are found. * Check for duplicate virtual servers, and refuse to start if duplicates are found. * Don't use udpfromto if source is INADDR_ANY. Closes bug #148. * Check pre-conditions before running radmin "inject file". * Don't over-ride "no match" with "match" for regexes. Closes bug #152. * Make retry and error message configurable in mschap. See raddb/modules/mschap * Allow EAP-MSCHAPv2 to send error message to client. This change allows some clients to prompt the user for a new password. See raddb/eap.conf, mschapv2 section, "send_error". * Load the default virtual server before any others. This matches what users expect, and reduces confusion. * Fix configure checks for udpfromto. Fixes Debian bug #606866 * Definitive fix for bug #35, where the server could crash under certain loads. Changes src/lib/packet.c to use RB trees. * Updated "configure" checks to allow IPv6 udpfromto on Linux. * SQL module now returns NOOP if the accounting start/interim/stop queries don't do anything. * Allow %{outer.control: ... } in string expansions * home_server coa config now matches raddb/proxy.conf * Never send a reply to a DHCP Release.- Perl mass rebuild- Resolves: #689045 Using rlm_perl cause radiusd failed to start Fix configure typo which caused lt_dladvise_* functions to be skipped. run autogen.sh because HAVE_LT_DLADVISE_INIT isn't in src/main/autogen.h Implemented by: freeradius-lt-dladvise.patch- Resolves: #599528 - make radtest IPv6 compatible- rebuilt for mysql 5.5.10 (soname bump in libmysqlclient)- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- bug 666589 - removing freeradius from system does not delete the user "radiusd" fix scriptlet argument testing, simplify always exiting with zero- rebuild for new MySQL libsFeature improvements * Install the "radcrypt" program. * Enable radclient to send requests containing MS-CHAPv1 Send packets with: MS-CHAP-Password = "password". It will be automatically converted to the correct MS-CHAP attributes. * Added "-t" command-line option to radtest. You can use "-t pap", "-t chap", "-t mschap", or "-t eap-md5". The default is "-t pap" * Make the "inner-tunnel" virtual server listen on 127.0.0.1:18120 This change and the previous one makes PEAP testing much easier. * Added more documentation and examples for the "passwd" module. * Added dictionaries for RFC 5607 and RFC 5904. * Added note in proxy.conf that we recommend setting "require_message_authenticator = yes" for all home servers. * Added example of second "files" configuration, with documentation. This shows how and where to use two instances of a module. * Updated radsniff to have it write pcap files, too. See '-w'. * Print out large WARNING message if we send an Access-Challenge for EAP, and receive no follow-up messages from the client. * Added Cached-Session-Policy for EAP session resumption. See raddb/eap.conf. * Added support for TLS-Cert-* attributes. For details, see raddb/sites-available/default, "post-auth" section. * Added sample raddb/modules/{opendirectory,dynamic_clients} * Updated Cisco and Huawei, HP, Redback, and ERX dictionaries. * Added RFCs 5607, 5904, and 5997. * For EAP-TLS, client certificates can now be validated using an external command. See eap.conf, "validate" subsection of "tls". * Made rlm_pap aware of {nthash} prefix, for compatibility with legacy RADIUS systems. * Add Module-Failure-Message for mschap module (ntlm_auth) * made rlm_sql_sqlite database configurable. Use "filename" in sql{} section. * Added %{tolower: ...string ... }, which returns the lowercase version of the string. Also added %{toupper: ... } for uppercase. Bug fixes * Fix endless loop when there are multiple sub-options for DHCP option 82. * More debug output when sending / receiving DHCP packets. * EAP-MSCHAPv2 should return the MPPE keys when used outside of a TLS tunnel. This is needed for IKE. * Added SSL "no ticket" option to prevent SSL from creating sessions without IDs. We need the IDs, so this option should be set. * Fix proxying of packets from inside a TTLS/PEAP tunnel. Closes bug #25. * Allow IPv6 address attributes to be created from domain names Closes bug #82. * Set the string length to the correct value when parsing double quotes. Closes bug #88. * No longer look users up in /etc/passwd in the default configuration. This can be reverted by enabling "unix" in the "authorize" section. * More #ifdef's to enable building on systems without certain features. * Fixed SQL-Group comparison to register only if the group query is defined. * Fixed SQL-Group comparison to register -SQL-Group, just like rlm_ldap. This lets you have multiple SQL group checks. * Fix scanning of octal numbers in "unlang". Closes bug #89. * Be less aggressive about freeing "stuck" requests. Closes bug #35. * Fix example in "originate-coa" to refer to the correct packet. * Change default timeout for dynamic clients to 1 hour, not 1 day. * Allow passwd module to map IP addresses, too. * Allow passwd module to be used for CoA packets * Put boot filename into DHCP header when DHCP-Boot-Filename is specified. * raddb/certs/Makefile no longer has certs depend on index.txt and serial. Closes bug #64. * Ignore NULL errorcode in PostgreSQL client. Closes bug #39 * Made Exec-Program and Exec-Program-Wait work in accounting section again. See sites-available/default. * Fix long-standing memory leak in esoteric conditions. Found by Jerry Nichols. * Added "Password-With-Header == userPassword" to raddb/ldap.attrmap This will automatically convert more passwords. * Updated rlm_pap to decode Password-With-Header, if it was base64 encoded, and to treat the contents as potentially binary data. * Fix Novell eDir code to use the right function parameters. Closes bug #86. * Allow spaces to be escaped when executing external programs. Closes bug #93. * Be less restrictive about checking permissions on control socket. If we're root, allow connecting to a non-root socket. * Remove control socket on normal server exit. If the server isn't running, the control socket should not exist. * Use MS-CHAP-User-Name as Name field from EAP-MSCHAPv2 for MS-CHAP calculations. It *MAY* be different (upper / lower case) from the User-Name attribute. Closes bug #17. * If the EAP-TLS methods have problems, more SSL errors are now available in the Module-Failure-Message attribute. * Update Oracle configure scripts. Closes bug #57. * Added text to DESC fields of doc/examples/openldap.schema * Updated more documentation to use "Restructured Text" format. Thanks to James Lockie. * Fixed typos in raddb/sql/mssql/dialup.conf. Closes bug #11. * Return error for potential proxy loops when using "-XC" * Produce better error messages when slow databases block the server. * Added notes on DHCP broadcast packets for FreeBSD. * Fixed crash when parsing some date strings. Closes bug #98 * Improperly formatted Attributes are now printed as "Attr-##". If they are not correct, they should not use the dictionary name. * Fix rlm_digest to be check the format of the Digest attributes, and return "noop" rather than "fail" if they're not right. * Enable "digest" in raddb/sites-available/default. This change enables digest authentication to work "out of the box". * Be less aggressive about marking home servers as zombie. If they are responding to some packets, they are still alive. * Added Packet-Transmit-Counter, to track detail file retransmits. Closes bug #13. * Added configure check for lt_dladvise_init(). If it exists, then using it solves some issues related to libraries loading libraries. * Added indexes to the MySQL IP Pool schema. * Print WARNING message if too many attributes are put into a packet. * Include dhcp test client (not built by default) * Added checks for LDAP constraint violation. Closes bug #18. * Change default raddebug timeout to 60 seconds. * Made error / warning messages more consistent. * Correct back-slash handling in variable expansion. Closes bug #46. You SHOULD check your configuration for backslash expansion! * Fix typo in "configure" script (--enable-libltdl-install) * Use local libltdl in more situations. This helps to avoid compile issues complaining about lt__PROGRAM__LTX_preloaded_symbols. * Fix hang on startup when multiple home servers were defined with "src_ipaddr" field. * Fix 32/64 bit issue in rlm_ldap. Closes bug #105. * If the first "listen" section defines 127.0.0.1, don't use that as a source IP for proxying. It won't work. * When Proxy-To-Realm is set to a non-existent realm, the EAP module should handle the request, rather than expecting it to be proxied. * Fix IPv4 issues with udpfromto. Closes bug #110. * Clean up child processes of raddebug. Closes bugs #108 and #109 * retry OTP if the OTP daemon fails. Closes bug #58. * Multiple calls to ber_printf seem to work better. Closes #106. * Fix "unlang" so that "attribute not found" is treated as a "false" comparison, rather than a syntax error in the configuration. * Fix issue with "Group" attribute.- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- Mass rebuild with perl-5.12.0- update to latest upstream, mainly bug fix release Feature improvements * Add radmin command "stats detail " to see what is going on inside of a detail file reader. * Added documentation for CoA. See raddb/sites-available/coa * Add sub-option support for Option 82. See dictionary.dhcp * Add "server" field to default SQL NAS table, and documented it. Bug fixes * Reset "received ping" counter for Status-Server checks. In some corner cases it was not getting reset. * Handle large VMPS attributes. * Count accounting responses from a home server in SNMP / statistics code. * Set EAP-Session-Resumed = Yes, not "No" when session is resumed. * radmin packet counter statistics are now unsigned, for numbers 2^31..2^32. After that they roll over to zero. * Be more careful about expanding data in PAP and MS-CHAP modules. This prevents login failures when passwords contain '{'. * Clean up zombie children if there were many "exec" modules being run for one packet, all with "wait = no". * re-open log file after HUP. Closes bug #63. * Fix "no response to proxied packet" complaint for Coa / Disconnect packets. It shouldn't ignore replies to packets it sent. * Calculate IPv6 netmasks correctly. Closes bug #69. * Fix SQL module to re-open sockets if they unexpectedly close. * Track scope for IPv6 addresses. This lets us use link-local addresses properly. Closes bug #70. * Updated Makefiles to no longer use the shell for recursing into subdirs. "make -j 2" should now work. * Updated raddb/sql/mysql/ippool.conf to use "= NULL". Closes bug #75. * Updated Makefiles so that "make reconfig" no longer uses the shell for recursing into subdirs, and re-builds all "configure" files. * Used above method to regenerate all configure scripts. Closes bug #34. * Updated SQL module to allow "server" field of "nas" table to be blank: "". This means the same as it being NULL. * Fixed regex realm example. Create Realm attribute with value of realm from User-Name, not from regex. Closes bug #40. * If processing a DHCP Discover returns "fail / reject", ignore the packet rather than sending a NAK. * Allow '%' to be escaped in sqlcounter module. * Fix typo internal hash table. * For PEAP and TTLS, the tunneled reply is added to the reply, rather than integrated via the operators. This allows multiple VSAs to be added, where they would previously be discarded. * Make request number unsigned. This changes nothing other than the debug output when the server receives more than 2^31 packets. * Don't block when reading child output in 'exec wait'. This means that blocked children get killed, instead of blocking the server. * Enabled building without any proxy functionality * radclient now prefers IPv4, to match the default server config. * Print useful error when a realm regex is invalid * relaxed rules for preprocess module "with_cisco_vsa_hack". The attributes can now be integer, ipaddr, etc. (i.e. non-string) * Allow rlm_ldap to build if ldap_set_rebind_proc() has only 2 arguments. * Update configure script for rlm_python to avoid dynamic linking problems on some platforms. * Work-around for bug #35 * Do suid to "user" when running in debug mode as root * Make "allow_core_dumps" work in more situations. * In detail file reader, treat bad records as EOF. This allows it to continue working when the disk is full. * Fix Oracle default accounting queries to work when there are no gigawords attributes. Other databases already had the fix. * Fix rlm_sql to show when it opens and closes sockets. It already says when it cannot connect, so it should say when it can connect. * "chmod -x" for a few C source files. * Pull update spec files, etc. from RedHat into the redhat/ directory. * Allow spaces when parsing integer values. This helps people who put "too much" into an SQL value field.- resolves: bug #526559 initial install should run bootstrap to create certificates running radiusd in debug mode to generate inital temporary certificates is no longer necessary, the /etc/raddb/certs/bootstrap is invoked on initial rpm install (not upgrade) if there is no existing /etc/raddb/certs/server.pem file - resolves: bug #528493 use sha1 algorithm instead of md5 during cert generation the certificate configuration (/etc/raddb/certs/{ca,server,client}.cnf) files were modifed to use sha1 instead of md5 and the validity reduced from 1 year to 2 months- update to latest upstream Feature improvements * Print more descriptive error message for too many EAP sessions. This gives hints on what to do when "failed to store handler" * Commands received from radmin are now printed on stdout when in debugging mode. * Allow accounting packets to be written to a detail file, even if they were read from a different detail file. * Added OpenSSL license exception (src/LICENSE.openssl) Bug fixes * DHCP sockets can now set the broadcast flag before binding to a socket. You need to set "broadcast = yes" in the DHCP listener. * Be more restrictive on string parsing in the config files * Fix password length in scripts/create-users.pl * Be more flexible about parsing the detail file. This allows it to read files where the attributes have been edited. * Ensure that requests read from the detail file are cleaned up (i.e. don't leak) if they are proxied without a response. * Write the PID file after opening sockets, not before (closes bug #29) * Proxying large numbers of packets no longer gives error "unable to open proxy socket". * Avoid mutex locks in libc after fork * Retry packet from detail file if there was no response. * Allow old-style dictionary formats, where the vendor name is the last field in an ATTRIBUTE definition. * Removed all recursive use of mutexes. Some systems just don't support this. * Allow !* to work as documented. * make templates work (see templates.conf) * Enabled "allow_core_dumps" to work again * Print better errors when reading invalid dictionaries * Sign client certificates with CA, rather than server certs. * Fix potential crash in rlm_passwd when file was closed * Fixed corner cases in conditional dynamic expansion. * Use InnoDB for MySQL IP Pools, to gain transactional support * Apply patch to libltdl for CVE-2009-3736. * Fixed a few issues found by LLVM's static checker * Keep track of "bad authenticators" for accounting packets * Keep track of "dropped packets" for auth/acct packets * Synced the "debian" directory with upstream * Made "unlang" use unsigned 32-bit integers, to match the dictionaries.- Remove devel subpackage. It doesn't make much sense to have a devel package since we don't ship libraries and it produces multilib conflicts.- more spec file clean up from review comments - remove freeradius-libs subpackage, move libfreeradius-eap and libfreeradius-radius into the main package - fix subpackage requires, change from freeradius-libs to main package - fix description of the devel subpackage, remove referene to non-shipped libs - remove execute permissions on src files included in debuginfo - remove unnecessary use of ldconfig - since all sub-packages now require main package remove user creation for sub-packages - also include the LGPL library license file in addition to the GPL license file - fix BuildRequires for perl so it's compatible with both Fedora, RHEL5 and RHEL6- fix various rpmlint issues.- rebuild against perl 5.10.1- resolves: bug #522111 non-conformant initscript also change permission of /var/run/radiusd from 0700 to 0755 so that "service radiusd status" can be run as non-root- use password-auth common PAM configuration instead of system-auth- enable building of the rlm_wimax module - pcap wire analysis support is enabled and available in utils subpackage - Resolves bug #523053 radtest manpage in wrong package - update to latest upstream release, from upstream Changelog: Feature improvements * Full support for CoA and Disconnect packets as per RFC 3576 and RFC 5176. Both receiving and proxying CoA is supported. * Added "src_ipaddr" configuration to "home_server". See proxy.conf for details. * radsniff now accepts -I, to read from a filename instead of a device. * radsniff also prints matching requests and any responses to those requests when '-r' is used. * Added example of attr_filter for Access-Challenge packets * Added support for udpfromto in DHCP code * radmin can now selectively mark modules alive/dead. See "set module state". * Added customizable messages on login success/fail. See msg_goodpass && msg_badpass in log{} section of radiusd.conf * Document "chase_referrals" and "rebind" in raddb/modules/ldap * Preliminary implementation of DHCP relay. * Made thread pool section optional. If it doesn't exist, the server will run single-threaded. * Added sample radrelay.conf for people upgrading from 1.x * Made proxying more stable by failing over, rather than rejecting the first request. See "response_window" in proxy.conf * Allow home_server_pools to exist without realms. * Add dictionary.iea (closes bug #7) * Added support for RFC 5580 * Added experimental sql_freetds module from Gabriel Blanchard. * Updated dictionary.foundry * Added sample configuration for MySQL cluster in raddb/sql/ndb See the README file for explanations. Bug fixes * Fixed corner case where proxied packets could have extra character in User-Password attribute. Fix from Niko Tyni. * Extended size of "attribute" field in SQL to 64. * Fixes to ruby module to be more careful about when it builds. * Updated Perl module "configure" script to check for broken Perl installations. * Fix "status_check = none". It would still send packets in some cases. * Set recursive flag on the proxy mutex, which enables safer cleanup on some platforms. * Copy the EAP username verbatim, rather than escaping it. * Update handling so that robust-proxy-accounting works when all home servers are down for extended periods of time. * Look for DHCP option 53 anywhere in the packet, not just at the start. * Fix processing of proxy fail handler with virtual servers. * DHCP code now prints out correct src/dst IP addresses when sending packets. * Removed requirement for DHCP to have clients * Fixed handling of DHCP packets with message-type buried in the packet * Fixed corner case with negation in unlang. * Minor fixes to default MySQL & PostgreSQL schemas * Suppress MSCHAP complaints in debugging mode. * Fix SQL module for multiple instance, and possible crash on HUP * Fix permissions for radius.log for sites that change user/group, but which don't create the file before starting radiusd. * Fix double counting of packets when proxying * Make %l work * Fix pthread keys in rlm_perl * Log reasons for EAP failure (closes bug #8) * Load home servers and pools that aren't referenced from a realm. * Handle return codes from virtual attributes in "unlang" (e.g. LDAP-Group). This makes "!(expr)" work for them. * Enable VMPS to see contents of virtual server again * Fix WiMAX module to be consistent with examples. (closes bug #10) * Fixed crash with policies dependent on NAS-Port comparisons * Allowed vendor IDs to be be higher than 32767. * Fix crash on startup with certain regexes in "hints" file. * Fix crash in attr_filter module when packets don't exist * Allow detail file reader to be faster when "load_factor = 100" * Add work-around for build failures with errors related to lt__PROGRAM__LTX_preloaded_symbols. libltdl / libtool are horrible. * Made ldap module "rebind" option aware of older, incompatible versions of OpenLDAP. * Check value of Fall-Through in attr_filter module.- rebuilt with new openssl- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- install COPYRIGHT CREDITS INSTALL LICENSE README into docdir- resolves bug #507571 freeradius packages do not check for user/group existence- make /etc/raddb/sites-available/* be config(noreplace)- update to latest upstream release, from upstream Changelog: Feature improvements * radclient exits with 0 on successful (accept / ack), and 1 otherwise (no response / reject) * Added support for %{sql:UPDATE ..}, and insert/delete Patch from Arran Cudbard-Bell * Added sample "do not respond" policy. See raddb/policy.conf and raddb/sites-available/do_not_respond * Cleanups to Suse spec file from Norbert Wegener * New VSAs for Juniper from Bjorn Mork * Include more RFC dictionaries in the default install * More documentation for the WiMAX module * Added "chase_referrals" and "rebind" configuration to rlm_ldap. This helps with Active Directory. See raddb/modules/ldap * Don't load pre/post-proxy if proxying is disabled. * Added %{md5:...}, which returns MD5 hash in hex. * Added configurable "retry_interval" and "poll_interval" for "detail" listeners. * Added "delete_mppe_keys" configuration option to rlm_wimax. Apparently some WiMAX clients misbehave when they see those keys. * Added experimental rlm_ruby from http://github.com/Antti/freeradius-server/tree/master * Add Tunnel attributes to ldap.attrmap * Enable virtual servers to be reloaded on HUP. For now, only the "authorize", "authenticate", etc. processing sections are reloaded. Clients and "listen" sections are NOT reloaded. * Updated "radwatch" script to be more robust. See scripts/radwatch * Added certificate compatibility notes in raddb/certs/README, for compatibility with different operating systems. (i.e. Windows) * Permit multiple "-e" in radmin. * Add support for originating CoA-Request and Disconnect-Request. See raddb/sites-available/originate-coa. * Added "lifetime" and "max_queries" to raddb/sql.conf. This helps address the problem of hung SQL sockets. * Allow packets to be injected via radmin. See "inject help" in radmin. * Answer VMPS reconfirmation request. Patch from Hermann Lauer. * Sample logrotate script in scripts/logrotate.freeradius * Add configurable poll interval for "detail" listeners * New "raddebug" command. This prints debugging information from a running server. See "man raddebug. * Add "require_message_authenticator" configuration to home_server configuration. This makes the server add Message-Authenticator to all outgoing Access-Request packets. * Added smsotp module, as contributed by Siemens. * Enabled the administration socket in the default install. See raddb/sites-available/control-socket, and "man radmin" * Handle duplicate clients, such as with replicated or load-balanced SQL servers and "readclients = yes" Bug fixes * Minor changes to allow building without VQP. * Minor fixes from John Center * Fixed raddebug example * Don't crash when deleting attributes via unlang * Be friendlier to very fast clients * Updated the "detail" listener so that it only polls once, and not many times in a row, leaking memory each time... * Update comparison for Packet-Src-IP-Address (etc.) so that the operators other than '==' work. * Did autoconf magic to work around weird libtool bug * Make rlm_perl keep tags for tagged attributes in more situations * Update UID checking for radmin * Added "include_length" field for TTLS. It's needed for RFC compliance, but not (apparently) for interoperability. * Clean up control sockets when they are closed, so that we don't leak memory. * Define SUN_LEN for systems that don't have it. * Correct some boundary conditions in the conditional checker ("if") in "unlang". Bug noted by Arran Cudbard-Bell. * Work around minor building issues in gmake. This should only have affected developers. * Change how we manage unprivileged user/group, so that we do not create control sockets owned by root. * Fixed more minor issues found by Coverity. * Allow raddb/certs/bootstrap to run when there is no "make" command installed. * In radiusd.conf, run_dir depends on the name of the program, and isn't hard-coded to "..../radiusd" * Check for EOF in more places in the "detail" file reader. * Added Freeswitch dictionary. * Chop ethernet frames in VMPS, rather than droppping packets. * Fix EAP-TLS bug. Patch from Arnaud Ebalard * Don't lose string for regex-compares in the "users" file. * Expose more functions in rlm_sql to rlm_sqlippool, which helps on systems where RTLD_GLOBAL is off. * Fix typos in MySQL schemas for ippools. * Remove macro that was causing build issues on some platforms. * Fixed issues with dead home servers. Bug noted by Chris Moules. * Fixed "access after free" with some dynamic clients. - fix packaging bug, some directories missing execute permission /etc/raddb/dictionary now readable by all.- fix type usage in unixodbc to match new type usage in unixodbc API- add pointer to Red Hat documentation in docdir- rebuild for dependencies- upgrade to latest upstream release, upstream summary follows: The focus of this release is stability. Feature Improvements: * Allow running with "user=radiusd" and binding to secure sockets. * Start sending Status-Server "are you alive" messages earlier, which helps with proxying multiple realms to a home server. * Removed thread pool code from rlm_perl. It's not necessary. * Added example Perl configuration to raddb/modules/perl * Force OpenSSL to support certificates with SHA256. This seems to be necessary for WiMAX certs. Bug fixes: * Fix Debian patch to allow it to build. * Fix potential NULL dereference in debugging mode on certain platforms for TTLS and PEAP inner tunnels. * Fix uninitialized memory in handling of vendor definitions * Fix parsing of quoted (but non-string) attributes in the "users" file. * Initialize uknown NAS IP to 255.255.255.255, rather than 0.0.0.0 * use SUN_LEN in control socket, to avoid truncation on some platforms. * Correct internal handling of "debug condition" to prevent it from being over-written. * Check return code of regcomp in "unlang", so that invalid regular expressions are caught rather than mishandled. * Make rlm_sql use . Addresses bug #610. * Document list "type = status" better. Closes bug #580. * Set "default days" for certificates, because OpenSSL won't do it. This closes bug #615. * Reference correct list in example raddb/modules/ldap. Closes #596. * Increase default schema size for Acct-Session-Id to 64. Closes #540. * Fix use of temporary files in dialup-admin. Closes #605 and addresses CVE-2008-4474. * Addressed a number of minor issues found by Coverity. * Added DHCP option 150 to the dictionary. Closes #618.- add --with-system-libtool to configure as a workaround for undefined reference to lt__PROGRAM__LTX_preloaded_symbols- add obsoletes tag for dialupadmin subpackages which were removed- add readline-devel BuildRequires- Rebuild for Python 2.6- make spec file buildable on RHEL5.2 by making perl-devel a fedora only dependency. - remove diaupadmin packages, it's not well supported and there are problems with it.- Resolves: bug #464119 bootstrap code could not create initial certs in /etc/raddb/certs because permissions were 750, radiusd running as euid radiusd could not write there, permissions now 770- upgrade to new upstream 2.1.1 release- Resolves: bug #453761: FreeRADIUS %post should not include chown -R specify file attributes for /etc/raddb/ldap.attrmap fix consistent use of tabs/spaces (rpmlint warning)- upgrade to latest upstream, see Changelog for details, upstream now has more complete fix for bug #447545, local patch removed- upgrade to latest upstream, see Changelog for details - resolves: bug #447545: freeradius missing /etc/raddb/sites-available/inner-tunnel- # Temporary fix for bug #446864, turn off optimization- remove support for radrelay, it's different now - turn off default inclusion of SQL config files in radiusd.conf since SQL is an optional RPM install - remove mssql config files- Upgrade to current upstream 2.0.3 release - Many thanks to Enrico Scholz for his spec file suggestions incorporated here - Resolve: bug #438665: Contains files owned by buildsystem - Add dialupadmin-mysql, dialupadmin-postgresql, dialupadmin-ldap subpackages to further partition external dependencies. - Clean up some unnecessary requires dependencies - Add versioned requires between subpackages- add Requires for versioned perl (libperl.so)- upgrade to new 2.0 release - split into subpackages for more fine grained installation- Autorebuild for GCC 4.3- Rebuild for deps- add support in rlm_ldap for reading clients from ldap - fix TLS parameter controling if a cert which fails to validate will be accepted (i.e. self-signed), rlm_ldap config parameter=tls_require_cert ldap LDAP_OPT_X_TLS_REQUIRE_CERT parameter was being passed to ldap_set_option() when it should have been ldap_int_tls_config()- add support in rlm_ldap for SASL/GSSAPI binds to the LDAP server- made init script fully lsb conform- fixed initscript problem (rhbz#292521)- fixed initscript for LSB (rhbz#243671, rhbz#243928) - fixed license tag- new versin 1.1.7 - install snmp MIB files - dropped LDAP_DEPRECATED flag, it is upstream - marked config files for sub packages as config (rhbz#240400) - moved db files to /var/lib/raddb (rhbz#199082)- radiusd expects /etc/raddb to not be world readable or writable /etc/raddb now belongs to radiusd, post script sets permissions- new version 1.1.6- new version 1.1.5 - no /etc/raddb/otppasswd.sample anymore - build is pie by default, dropped pie patch - fixed build requirement for perl (perl-devel)- remove trailing dot from summary - fix buildroot - fix post/postun/preun requirements - use rpm macros- rebuild for new postgresql library version- fixed ldap code to not use internals, added LDAP_DEPRECATED compile time flag (#210912)- new version 1.1.3 with lots of upstream bug fixes, some security fixes (#205654)- commented out include for sql.conf in radiusd.conf (#202561)- rebuild- new version 1.1.2- new version 1.1.1 - fixed incorrect rlm_sql globbing (#189095) Thanks to Yanko Kaneti for the fix. - fixed chown syntax in post script (#182777) - dropped gcc34, libdir and realloc-return patch - spec file cleanup with additional libtool build fixes- bump again for double-long bug on ppc(64)- rebuilt for new gcc4.1 snapshot and glibc changes- new version 1.0.5- rebuilt- Rebuild due to mysql update.- rebuilt with new openssl - fixed ignored return value of realloc- use include instead of pam_stack in pam config- added missing build requires for libtool-ltdl-devel (#160877) - modified file list to get a report for missing plugins- new version 1.0.4 - droppend radrelay patch (fixed upstream)- rebuild against new postgresql-libs- new version 1.0.2- rebuild for MySQL 4 - switched over to installed libtool- Fixed install problem of radeapclient (#138069)- new version 1.0.1 - applied radrelay CVS patch from Kevin Bonner- BuildRequires pam-devel and libtool - Fix errant text in description - Other minor cleanups- renamed /etc/pam.d/radius to /etc/pam.d/radiusd to match default configuration (#130613)- fixed BuildRequires for openssl-devel (#130606)- 1.0.0 final- added buildrequires for zlib-devel (#127162) - fixed libdir patch to prefer own libeap instead of installed one (#127168) - fixed samba account maps in LDAP for samba v3 (#127173)- third "pre" release of version 1.0.0 - rlm_ldap is using SASLv2 (#126507)- rebuilt- fixed BuildRequires for gdbm-devel- gcc34 compilation fixes- rebuilt- added sql scripts for rlm_sql to documentation (#116435)- rebuilt- using -fPIC instead of -fpic for s390 ans s390x- radiusd is pie, now- new version 0.9.3 (bugfix release)- new version 0.9.2- new version 0.9.1- modify default PAM configuration to remove the directory part of the module name, so that 32- and 64-bit libpam (called from 32- or 64-bit radiusd) on multilib systems will always load the right module for the architecture - modify default PAM configuration to use pam_stack- com_err.h moved to /usr/include/et- 0.9.0 final- new version 0.9.0 pre3- included directory /var/log/radius/radacct for logrotate- moved log and run dir to files section, cleaned up post- added missing run dir in post- fixed module load patch- removed la files, removed devel package - split into 4 packages: freeradius, freeradius-mysql, freeradius-postgresql, freeradius-unixODBC - fixed requires and buildrequires - create logging dir in post if it does not exist - fixed module load without la files- Initial build.  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFG3.0.20-3.module_el8.3.0+476+0982bc203.0.20-3.module_el8.3.0+476+0982bc20freeradiusattributes.hautoconf.hbase64.hbuild.hconf.hconffile.hdetail.hevent.hfeatures.hfreeradius.hhash.hheap.hlibradius.hmap.hmd4.hmd5.hmissing.hmodcall.hmodules.hpacket.hrad_assert.hradius.hradiusd.hradpaths.hradutmp.hrealms.hregex.hrfc2865.hrfc2866.hrfc2867.hrfc2868.hrfc2869.hrfc3162.hrfc3576.hrfc3580.hrfc4072.hrfc4372.hrfc4603.hrfc4675.hrfc4679.hrfc4818.hrfc4849.hrfc5090.hrfc5176.hrfc5447.hrfc5580.hrfc5607.hrfc5904.hrfc6519.hrfc6572.hrfc6677.hrfc6911.hrfc6929.hrfc6930.hrfc7055.hrfc7155.hrfc7268.hrfc7499.hrfc7930.hrfc8045.hrfc8559.hsha1.hstats.hsysutmp.htcp.hthreads.htls.htoken.hudpfromto.hvqp.h/usr/include//usr/include/freeradius/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnudirectoryASCII textC source, ASCII textutf-882856ae1d098484fd9c30090499d7006747d8d1a2e413dbb2c117ddd5027007cfreeradius:3.0:8030020200831192931:1e4bbb35?`7zXZ !#,k;] b2u jӫ`(xy1 ]+yXkn > uYl==[G&jWhda.TBD(FvyW(hB[YVL H|+:+Ʃռ>d|"n 6&~K|{qeEdn1Q1{+;T(Rxs%=7CP/2}<P ;"&д5Z@j-5e狼N'M׿%(MSqgw.qmvH6o&-U]n2.sБwLw_wJ|ZS?} ֨EAs 3h-p3ltQaRᶞנӜI!K=d.ra"\nq/Ft4N Q;a&u5'*ga+i1`FFhW lS5F9L~U\$Q}>zsydUq1|r;}w4*E)To@@4S 7I}W`Vւ>:elw:+{[Y ^guޮe(eK( Ck.I1%u|*(SnJ9x"EŤ EՈ3yLSF>~3] &JDauRev\:nНWI$) vLU 2e`®%ӊG/B}CF|[v!1ot N9X= by q"&seǧTm&}8AXvt0ýY7Ls8l̝v'ކ&3->CM͙z#rcdYSTz0wK|j͐~H![y0*q>|m_'HQh0gbAҔ@}F6T|0G};]N'fNk=Y&+t;ZtA],p{8<=CBF; SN;:bh K *˭CqB-) QYeb6 Bi0pxV?TO-n[@׏Y ݉Y7" >lף!2W#@Lw_b5)/.![8S6csY>`DkH) V "b}wF`<^~Έ:͍}mvZ,=BwSZl3жNf7%xJ/̪O%K4f݈ğ_ ;̞C~,+Os䓺MֱwֿFoOkpaX# iYulnL{Hyζ.U_ғ lzbti $/( F}pA%&Xh7VK.͝AXp/yDAʟ\1՚K?껢GޙBt,w>/"Vְh[@ڤf_ cR&oA$ /iR6Ԝg+!6_lPD %4l J: P jГ#$j'j7[]G`Wl ttH~ ,|$ҳɶ5L%Qw:W9IlnAU>"V1Mp9#oMH a\lU܄7s'lb&S=A6>O4l_$zx5zZt7b->@)N < ;8R QNf at#)u߂fuoܙjX x$ k2~౧b1 %'c$T>YN{GP__o9)wW^jETkx06nߨ,_sRqǣv\+u{6?39/T|{1,=\n 2w&J̑3*4K|uFwKX5'=cJ 7t͏eGe[>!Ѭ\pF8-HG w÷DGD7A`ʼOzN%rA jI=Ix$We2gC7Dc[3DIi>1b9QC/FzIRj 6Lxt yp?H"@y64FHzM,6H<+({\1F<b/ t>g]BQwZGq qcm$r *Lc "pzxto'e8klj!8 ׉ɂU'Q=~ ++ L͜}P3slkW8XŶX{'6Dr)*7gLSTElh˴`M!R4^nƫ@g}K|ϸʟRBޱ2n>;'< 7&f%">ьb17֥h:b{uIGv%Ͼh|1 i547Vo"l 1נxwd"$ ݙ\';}[nǽG"OXA=",]xܸxI5GxsNjI@Nv 8V|9X[5~/*ҏ1g`G8xO+9cm'qJ'c)+-(d9Jg,E:^? TϹZ:0&Rω? jlJIܸحO%'> xZ&x!2C`pB}W`j O!/Wֱ5*tM:s1[[Qy堻CB|! u 8/{'ig[ | pl߾Fe7y 0 *I`.s6k  B¸m Oy>1B`foS:.Q]lST1`|"342u'qx:__9N:Ӻ&C JL Ebw'yq"΅šcu;ڮ D==1HY`w -ҢJ7q0dejeI5ƠekpB5CzpkpMt ]Q9!^v<:NRUV%m/pkA)fhwEQ fࣤ1NS):>Jd[ ͫC1jaAGL1DbK+#WָYo (}BggE b e] }F`*HRdΘyj4D=jShD|7\3p#R$4a{?{#ϨOg)$Hg]a58$\[>_8@;oS^1Χw#!@"{aPH~BA!"< 4=5^]do% S?&Ԗٱš'Ἕ{[XaSF2$|Uŀimc#ÉL$!q:C)T;dV[P-<ĄGwG. G{-XXT#eqױg0D"- njV&s^EQ6q8pOdSx HC{TܧO-bomwF0MoZzͤ28Ԅe%yG\V%rYF4-kW^5Y\o,dz|."EXto$fez_ sS3:މLK@z|&^y=sZZ.X|2~aP2_8ED~vO(>(´ {O<$\fD zmf`6e [ <ԴAgghc;6rhQv~^ icL)N9۫P.ct$C+ PQpvТ8zt"FHVg㌩MiZPx$H!q9ђy1'ѫ"I,$Z5AMFx3BUR < 9F%oQa )i♪ki[тRzO7A?S[ Ø*bGo5&|/e\pFi#GEv-9_o9 qNsG6o?@5((NOzcP1<ޑߦrVnugtbk$ju=Jw;Kf8sz5E-i~󝟶~9Gj2otԸ{SDpXyd^sCV.c\t\K8 >ۦhX)7D%E+}:KׄMe4qGxv)+Ȩ A|d!\BŦ mK:Җ,aH޶^@3Ey;|d +:;C 3*6AZAᾭ%Ŋ l#Z9+eRivLT=>&0N灀:$uƒe ^LJYlPhDb}H)0EVS~s3'UX ?1w@;*pd;KsŒo/ ŷ;Zb2te#0Zd7Ds_.'VoHRMlE& 9/)B6F⨖V«PQK|Pu;9W,d#q7m&5TyEǯG%(?#3@ݮ(x}N~sq㮤Tu{8?՜pSsa#"rZ6яӕf3?Ix ^S$'a=rnI]P"e,y "(A-)ғ, ~9Ȕ^v0kٛ;)GDow3.vMa3)ʡwнUml<,[gDP1W̝RB>-JLj3t~eD{3@PNTqzBݰK r8!pBaE{gKU(>ZȒJ@̰9(<Erip-6TlN!\:5EF'%Ʈ_܉K*rHDyY&Ԅ8D߳EF VNbsڨ<3H*({Gƛo|eU/BC0yWmDzlx8藮n ][P$9Owxa$^x \n"g*gW{J.3 _4 *0Il_Fܧq*JWRF-\VoQ']1<~BN ԇDuVxE+{o-Yy/&۪37 Eෑ-NqGѢuE5~ +vPݔ\#EVɯ"!?DV<Z4W4G3j".4)i@ ˵-{.{lrD3-GT$a\=hS'Fj8av$hD0 eq1OzwBMXLBP&2킸߯=0C CDIl/;axC˻՜VE@wA;^b8FADn}%iO<#79(pKo)~"F5sꀍ[q0$u}%ЈbOs* .rM;orBZLضT8w\,x'02):P5̮H7;nhyyRBo֘YGc=JoLn`!w=۴#W_5:8;ĥtQjpU tGv^ Ճe⊻pr(;-KFEZUWrUJelzB0m+j G[_]_d賹/JoϿw` T&-윯8#;~ o ~eVAT N"DXB?e2ʓz NaB_&$:_b!V8%GV<5sQo9_1h;Z"vM-AG/d2v3OVx+`~l)f[8(yN]WM85hb[fnZ>kJ}:$W(Oe0(+DAЎ:5 GMw& :pn,czļjH u@ozm_ry#˦裚$-U1t/pq cmf%6ڶ@/\ypn"SQc j,Kc"^j1B,L|Kj3 :,[ل-Bqw`%R2:uAeˈ}EhL]~i{>+(xSXDԓzTՒI ^lBrHu!lV o7[,t-fjoz'//:uK$qaYB.>)&õJ8`"q2ݒ7S𠄄 L*=`oEYfwhG;IO\6e4vw_*`GT];)<4,X*jH+>DjB) zqZJN~~ac ?E[P~'/PQ:0eMB8\@w鎾ޗ7Vd=y>> 0Z XNAO{;GC݅eb7֜zV@5xB16Á @U/>"4R((-kinY~CTjDO|"leqwGI콶J.NH_ETyN 5zNcz ĈojExE7Xv+R?D+O9cN涵({CgV+vOSK5@| A`J N&1ߠX\ڌeɚ9B ԭC6ָ٦޽7Fk;Vn,2Hch,r?^3jǼS}H4&/y%%^MlFAn8c~[`) [o1Vǽg?ϩv;b(g|-9B5#EbgبǘUEBO>)&8BW10׫I;JN4 LgMW1l#!`ǻK,199:'7]1fJcRa1._rIǷ Mn].V%`ƒRj~uRnZH DsVUE+L.)I/9'hb[Zmjx%m/?cM!#(ܼn )Yv²tqO)vkSFSN1Nw=Ñ_h ";u%l~5zn7xFuYD͉y Dԡ]Kt1ֺk9=G?Z&[7a t<\𣇏7dii 1I!|V|F=Lq[s?ռWqa%*#e}5h 5. ba3"u`h_&$[BbwE6IadCxyP)+M8L=q(J m0Vض~I] q&D?Po>*VBBx&@CI⧇П/ GcܨVvQo`w;mVٵr*-JsY 8kp.g$n¦M2CV)LLf/(y@<{Og]r&J3b8QG ;v^& "އ4 qT},}uRKQB ؉)ysu굎]Q*s-7gϞP51T}!ɷT8vgb{hWB럥g@q܉T0 X/]UoL~L1?9bIXEmz;贜ʍq}HfXӡ[ HSxH}1jƄ<Iܳw' _s@9=s鋸d4YdJ9e%qzWyn\g!@5LK:f !Sn4% \Inဴ2s<#5 %˓^ac 5v=B3qwOXcq8Ǎ"SJgG <֩їE=چ tKPS/%=RYPyX}HȮJ>L:fybp U@C7FI?թDԤmDs3r 3U6 %sS:J/ۨiT"Di9%RJJ!Aȩ.F e`!I䯺eC$K }LbՓn/P3KDģ62{j=UMBPb< 򏱐{ǀV{ 'g_wP>E/,̸Ğ мS&Cb+;YrZHjwѯqB) sf\Q,:5%KxȒ)늙H~:;~MI3-LMIqb~kF7|U4?{S8cۣۄ)فJPO/46AyRO8ǿ>Mfe E%O  QBVEw_$&> >>,<X*]rl-pu蚈sn V9x ` oyRJ=q9Q mӘ_`X E {)G T,ǽnaKBĸŶ׸)tFrt" Dzцŵ;:$J&s~TߨJK7͒ǂi`Qze}Ovf XZ "^@Mh}U`Ɋ]PFO+:%ݴlubJ򨍩9lei? ۂ̩>&qν%Xp:Cy3%((O ?Y] P$1 &)T .^p'YZxdv (ȨWi()_Qt1Z&%f9;Ŭdn)8 R6DI MIzQ[aHvC`펤K/5 \;0`}ZTFkZ|g~@wP[8;0,)\49Fvv=; &xBlAKa<\5TV6~J,6a= F}63}xsU^A!͗k}45R=I$T*s3YI+VtIoEG..AzH:`<_ҒjH2y"d?zTbʯ7X[@ ؾ'|ڂ %_UM3kƈ6$mAhe셇 PI{= Kgb2wj*Up!ǘO7rwD@Hlm4fa ֒];n2Iy 1^Ou_T(ah7c} Xr%+ $8/zzW0tA\zW\ 3ai09ښC'P˔AwQbvSJx`qO Zm 9'*6{pݐIƗOIJ Y@bf l E\rQ&I1%헬<򹅯t ' uy4 ?VU1,7dN ޿1@hMNs4`W.D.~Q,FqqKQM7n$LpW7< hP8FnV!.IrAT'eO]@_/v"%QKe۰VS장4=S %24hW*9ڂnUg hOI\nu@N*6=Mȗ>۟htP~16FOpTK:08Ch9Qq(F 58$~!ѭy(/u1BxVR{u! e*ll8fm(894Z:blnO Y`mqDaVeB d#oAu<{^bPbt~ rﰀc 3JV2U+O1Y怡IG6rUY.P ћ: nV QP\A"XAl0R8lu@N̓.cQQ^$3 JDG%\Srwg/qn|k"{U::i;rhd#3l&1$LKF kg$_勡 QfeƞK ^Z U\91mBʨ1|H^ڎ݋ 8:2YEN{&23V@6 YHbRKixBʾ(#fM\jr?>?[(hԔ#Ac Ŗ*lƎ s U,f=*4p ^ez۵NLx}˾SqqkT.ջT oWIE&Zdy.xy5zuq~7mpY"G !v%2]@vz9 OSC=UȠK<$O"}f@4#0ʭ!Exp,7 4?K?ԡ+2= \h}TS_:LAsPXj]RЭs4Z!g W.+RO0NJo$^h,{QINܵ,,k5E}}xGyIuC8~#z1+銾: Ǩ"ˢ)Vb7L)g$t'fbYf`*:G'Cze!7iƺQOCǡ0^ [f:uXC l=ml,ݚF}p)p7냞I_ ¨$Bq4wMUX]] I"]j[r_氛{(yޓq8$RV,tx˦#C7Bc9;?~atH' P5gDK3 _lfhعi42ѯpw-9a~x.TKؙpFBV|^_nt6|pZx=jugJ9(˕LBSe3d *%>,#Psݘ|F+]BAv|-_-qF7{ߡ BY01^:|g ={^S/DƎ;KHuqPKFj[6 ̙?OQçuאƍXXRz;` +eLּ) TCC#eݵMmSza|9rHP[$ "*]ߥCfϿ1( }پk⑹tQ8zK{.G_<㔗 ֯9;L%U%&IX6tε cGr. FضG/VLZG𽠑/ ak,;C$2NkIhѵN&}"ߘPv5":rH*IZsR|6O:J(j"Up|4{L2@2N v9%9l^. g@/LtrI$57Zs@w*A"7\h&p5Q^,2Pn9v $X}UbGFZQ"]*C!oօ~I/lL-yi va1 wT9^ i$zsQLV:MqTwrbA!{pn؜fDwf+#<|rOWu !. ܪpwȵsGb$ܵ.4v糥^+[h hCD|B|2n;exyiR7hr0:McYi ]AЙ {gC!>J}ySRQT3k'SL\h(Q ]QtKU'`MAVqXv2f_=ӆihIGC myPpaj SgJS92oD'/7;Z_TICۖ`сb6sgMkSI%-j]^)?©DCxo zQP,ޭIarvڃ,{Hی5eW GڰD +rdi6Jʈ^D˝!8P™utuT [ȃJvVH/LRb;HU -!f0w$҂ЦFD@-jox,)iGO}=I\c rۜm-'"o5-]01Ww9zw el[_zЖR3hbPD[1ؼĮ ( iVw\x:m2[i:ubDܓI(h:j$NU21c\S'r!r'&ZŶ[2 tI\%gYQ%G<ٵ˾ N)ow^$>v}{})3D :Q^}*v; bIB—¿Ӊͽ>{ۀ2vF&ry2趵,O>_/,sJaöAto$u\WqLk{kI ޱ 5<3[&5lG]Ƶ[SOwt͕T[@8@E/$ztqTO}v2m;KTw G%W_ц m<`q5T0H% }yru೴8P 6#3Q hXk Mϰ6i RV\^ LAlcM~ɳ^ k}ʕaB/ |^?[u6ry)6UOQN$S*@}̖73F1Dt6 ϶[ E}ox]*쌗&&yJJ X^zcTP6+$51=˺ }ZW67Ҽ[+J'gĊ*PH,Q7KUA5PݔpjJR<maE,NaѷV|<$ޛes7\"!䣅 ߆̫q R0kfj .ɤeniX=P? ݕQ&fقEmt*mf3r{i 7@o"w43\\w ZD5[wXB]5ePErU Md`1^vM3Br>N,|@[X L*l͌y[F ".Ge2q|`U-dMVªBO+䂥J.;R\(Q,b;G^u$#a9| jژ(.V\ 428V+ݽ;|# drO<[):;ݨdt *_:7.rHlz#6(&aohOZiP7rtd|i%*U]zGy[7 #8myG ϳYQ'<ԢŤYȿa+MpmRr~!^r \dT !W:7paBDS`c7ׄF i ,=^ h}h !-8'RXa7ECݫqo7Fta` EZ W 亣"j5Gj<&:h zu309g"m5 ",D`$gtP8E7 ok5W^@_"oitsZ_Vs\{Gd#7O t"tّNL|-[ @ 3XrCC46'4 Lү`6+Z$enp*c6Yi6I!dVV]9DX7nQHi5_Վ,r|ltmіEv6`枺}ِhi&FbM+@^Lh!EIS (Ņ)R1O3BU ؂;aQx\R[YZ_ꤒMԤU|:n!"BG|xէDW\ ރ 'A a]GBr"y+@I%SB2OMHlA&>Fѓ˯ȃ0E0N;[RU ic1MVG0CGD],80;*4n|+t]X$͛ܣ3٢Z2!nT냳7rH:P;H_-V89ig7ҮCP5¬'%1 ɑوy[Ɉ\JF+\~s%4ĤvqtdOV"|y_[*xv`׊^)n^c Eiy<[:)5;[Iq"[R;*0>PaemR-6C >΁'B LdLTޭXQErz`ǽY~0NagUXٺd}y!V[60Fϕ|'S Y\^qtn{%gK)63B(@_͝tn-pYHxۀ'3&de5:< ΄w[G춸uAc$NFb`ν!OZ5cq:$ŧ"&7[Ilɵ4@96:dC/x>Kzs#إ8)u~hl}47G4~qwR}}~#ym~gu1h(bó9fSHHU$MiGT ۵l>u o `+SuA]/RP*2Bȴ⥹*)/zGayy.|u!o64vq[j⇪`'FPܼg,-):&UZZgwȁCC?*gL=6ÔQ͡:%'m&8e2lzwʭkw.d2) ,TM㜀:1U8.eX\ _s+]+׽ &P^BIP+¾nV#pWrz&?UQ/x!fS݇* )gܸy)zyG'sF+; m^JzsD6r#结Z7ka3sTx:č]5"?V Na׷?h9&ӈaUfHW7: h76p@}ίPK@\سJ/\`e48fAi"SD+h" 7z`3KI)éfYKKunkBN?=UH>پ 3Bp x'!u}ƯJԹ2#zjЕݰ-$ПYʡ7=|ЊmɳK9.0('FD@] 3VHy_%R=薨|\ Lt7O"@8;:Ê/t@s!~ {b# g?')4WFG(cG>K煁;kAk0rx5R!C\EIS>5MpJsD`]ݿxJ{I{fآW0Dэ2Q2^hD΋h_PCo,fw*W;`g{ҿL8 ř;c 2{o5s3$ c4fUoKR )bQJ7G_!aݽᘸ+9}8w?G֩y!V=Q]5M hRU$X$myKԃ?{~֣do$m)/.c%62ZlibOKarơ X NM8%2s fcξعP#?[(εNNR~B^sxB:i!(ҥA gYFG0\i׊A7qxiwZSyY2ib }*/ 򐵨yW59`=yW+[h^-UpyG?C5x'sD<x_X]_rY'0">+tvDrd檌,M>D4MBXx\WQDk#LJI3cp 61~eCOPJ|'-}j_f '(jg&8Ef%9V{J@DN}DFE<&2Ƴӏd3n>&C9h3(K|aX% `djq=Wt̖Qu){vF36|% ,v3%# 8ϟ*pA l PBh qTG2'[YZ ?$3_p \GhC3%]2vR8ɣCZ.ۏrsNnIB}̲`9@k+Ԅ yތ^dy{X/da!7#ؼ[:: .s I +rGΩ%@jP%~l16`SoHY1=syI#|+r[/P?dq-q4d^¿Geno[Os5Ee9 X+~j(Kl{t.zGL3UqݛPjmY2h3^K)ZU0PYvS[~?4PuGvM]/mf6Q}'6s_L놚_r,~zyK&hJ:)CHSȘOyfǧ MȐLZF):E1'F7;V$DMSkQwn.GZ;,]Jx 7a sZ#d NsЉϗ&\:ˬX B7W+5]z/ %Ca{\_~la"ps":W!wngh0(&ǐ !d.X ȉhA^Oa_AѼ@kH =|4 r޲8\vÛ@awqZTs%uRﯠ (73,VZa> fbjXy=KW㚄GLk4Wwa~-2uN2ȍS8kڬcj4Nuz^ð4NFf[h !kFo! /`\1CPۦ 3@Ou$:mcK897^< DT*"۪ %274R1S#5؆Bs?7i"yMaKkR犑#![D/?I85+ 'PӺP5pV@'@Fw"buMjm![A%dكhI&鴬t! %M,٦\(*ڴO`6)P@_Ɨp gkbw u(m-w08u:ex_2)-qYh)_r%_@P+tK;Pur-p$|nj)= 1tT H͍oqd|: ʯ7"mŴALkxRFmp=};EYԯ0a|Cgae͏_Wl̀iR~Q\D6ĵ..ۊ-%e_D[ryN`ذ?h%l!Oub0\TQ`)ki: kċ**)a{hKlKJ>ap;VNl.|@T.V,u溵{|Z^ c>5NM \=3\R5Vk6 ã þn'T\_~L7,?h@ @.Hdz3eR[QcR농)$J6;KnlVw¤gr{)܍S(]Iҷ*]Թ=Z?-֥Deq'|؁cëW't@&Ү1m}?a% M3Q,y0QKm!X<կ;F)gb{3}~d4tMiYbaï>c{ڐ4V_i1lw1t·HBj eȞ9P1^d@ >ܫ-ERv()`s/L45dݽӒ3>Rˑi(!Ilsm]EuXI;n.1+lsx壙e= $w'XV>8_j#IRA_\EFP{^3 NX ,ɏq=+3+|7a|IA~,q)<7xcDN{}?dwg[ @v`=@.` `W&dts`Q?" |Hur-[f >E'2hatN#KʲnOۏAKiSK<| R)PaGYvD\d8(GQ_ LMTN *1`V!@O(%%F ؕCu^Vbl77'%sB&.Ek..Ba$/N ު@ h-yAXIׯ҄EK9Z* pD+kO}nIKC_*;R"Pm~ -VAMiv4~r\ i~Ȕ6}"n?h؀nsgPaq0~-`iƜ%z^?"9wa] FS|aǠVwQ K}⃷Tw)I>_lnZWXL8wת}{Poa*ʀA1<#6\EkS|ַVS..)GH'Uͼ1GG^c}74 VY*,A0lMAf?k=Lqr!sQS#\#9`|G0,"M!95CBs>V1i9Roϩ rv({{*1k5<|TP"ĽJ;Ɲbև*9K.xT-mdV7>_ kU5]2WVK]Qt@Xަ9P%jAjFfmj&܁`ݾY`S&\0faD8Gu\@;0ǾzʏmcɯQ`_) Vv=J*XElWX]"1ij~hTZ~ L:tc*fշ{TxZi+G?O::εkFTx*uا E}~EGT㺈@]ф/> 3PhW䕍tF֗˕M'-q.Dcz@6.)eg-kUXj߷UA`(Sv]VR2*19/i!mQgw5l;!78$L!u+Xﴨ b9.L\0#982FviahHb 8v<%~8Eyf(U[bOYvJ{γ UoRapY =떦dB./)oow^vi D찖̮yd6P8Fg l.#37RޚTxM~ԙ70ݒG,NHB1EbJ؉zVC5^\oFA+BD^ލv}YCʜ]"(7c&l>&FHk^|q7M%u2\50y(M9c6“V@v}HF^2}ℴkNP(j.r& H{hqk%lVaeH>TMzԺs_OEN&'˒l6bK`2_fLW3yVEab%5:qJ9z!nJL1!O)/o%Iyoilο+_D#yÕ72:<,25#~q6wĐk 1[In9=&bXBnD4Ao , l09[³:P*ҝ'95-%}DV-gT;r"Q!WVݯv脥),mW1 0@+AuB韜QDQF=ݐv2`,=T/ZZ7+Ss!gPt-Ѳ+v@"JqH7 !5#s쉪 mtnyCw P̨.8$jژԈw /6:q0 W4Ih) /h^Y(#RmK̓3lN:Y[l7.dV-[T8MbU{K7Pгr\ +!vf kJo^:`QfCưW[h{;{nEѳ7x=wP(:hG2nQg~xaUƺ{.Eu#XLgǦ*zFN`I5>rgy3~i@aT4$=Hʢ2WHz"5,z2e,ы@)7`Ht˷AgEdlS 34[־@}hni]N | R\CSFJ:}NE- h8>| tN'`\PM[WҐ1tA^($pg%^WQn &cqr?D\H ճ!Qq%Թ &]U$w9 `A(ϼ[bXzxFYG H{W0.;AO&DC1^));JI>MfKWytd JϝU?FΑtV)َz/Ed#I.CșTqds+ART1LOo !`)!BX^F>J.m &.{J=[{#bث|  duSQ ЂL~1j"R6*5)a?# }~IW()T>?HK$Z'o̜ \Em{n;itk!1X9DA7ˤAPi*\AJB&_V5.%~6,iy!h|~2Z_8~C/F$<5]hp)!CU&-!F3j G >W%]QJ3O3Ƭ9-xf9R|ۻ]+*@GQ ?@|)["7m0$1'#Q13.ۀ3@ڒ#{p|(&^v[#d>K$5^B( ٦R){97[^0 "צ:;e>1F/TtocPFv{*S;$>IHIz5pS?ܚ'Aj @QnǸc GLsϽg&۬&]tU^+ ;8}E0PƦcI9=jӺ?m9"ϣh0SMFVSĜ28 ^307/`\{zvL鷭S^GNO4To,^n\JEE8S9 /C غIHGs oC|i8NtmƄxЬM%yA͠]R6nhI3I 5kHa||4x dCw j>X b!qsH>zㇹ9@« _[ѳO\Ar֐+u0tE!|ܬψ>(R}ݽVc_%(u=%frG>17 *b$+&݂y#iԗn fn;)2-)yq0zӪxg @uegʕ`у5ԾgHmhai{+!Njx. MsP-B<\XGmI!i?q1[e 1+Eݾ%]4S8XF蓓Cx}ȵ+= i5t`f*/s^WYU }Q"y+N;OA_:HFϔG"@e*c^/ijaF;̥F䥿'Wʻ cZ%p]Ln?0yH B.?Ml7-u]υp"Ec Ku'o#QVc7w̃yf߉="5t&=fNK3س6vƳNcF#UUvS_*:y i}BOxCE`gXL-r7jYspg``Xq(`y5؍7ԗ)d zZ"OKOUfّf/.HeS]EDh*pcfzx,vl{ ~.B)K&zchrNc`O藍 Xr_ $4pKؗIhZM3 }{/b~(}`SNvYa _GM0wRMS" Tu8 _Ej Gj{Nh8R(=/Բփ7V, e6*0D0`z%4a(ZEMHx4fFpdʾPO?jS3CרŻ}\g_X`ܾ:MFp;WPRxnQҒMe9ĶW`5)u=Mulȡˏ*tunpP#ïj ٓե(< 7h\JpBV&<&{Fi>ec,$9t=kiYW3 C a~/|ySui+GV)3|~D=Q {eO"n*FYR-"A?ޠ C!RuIu$ۗQ9Q/֚k}E`v` GerX+ /8[]h?cϭ6Y]y  Κ*2-퀆F@;,>),P, r{# XWΝ`~c0!cFeYUqEE5u# WNCRR AF;/3Ժ^}|lQTl0ʛRy Ն)T)t=jso/tbHi/9YÎ\_5[IC0gEZ'kZjאπ63B8 eNNq5D!JSvS169[H1Nq9 ;rEJCs[efxeA_C8jQup !QI8S7Q'0{d`J Ct@`f0(Qo߿ruG!( \z;E']K/F8ph8MM RĢi1`?@8(6{YH6YOf޵ƶ,+.i}/Fj!7=P Fކ״reVjwg38lߓ.Wϲ =B,Mj!H65/HPB dk2yvq+6^3zcc0# mKa>+TD ڷTk r;@o.+ Dq:@7Cm\e`p;T`:)2ZuHm@{\,rG('.-m8DӗϚS_A) ˛|&$>jQIy6톤P-c .~ƀ;.!MT$Jkwѱk Y #}W_E/LD~LmuGf p 3IUu77Ϗ/M 0=yjO /q(qak "lDͻ[j>"Q'%DRG3~X!a&1&S$W~26S0:?cj&}й&{h5qO.suc!+T8ܺ Ei/>?R %t ,WMiqz ҦoLL]!- 3`l:]3vjMTG+1P<-$#Whcs7O-yCkdlQڵ!X"AHRVnp]vsj=jp CjnFC+X ]97o,B֜ qx7?g*4%hy'luO"z ,*Subw 07W i)bp'ί<'T4M7^yb>S NNOD!K,<#/55?YljQSbjE 0n`׳pS,fߨunm"pCR >_/Qr̈́덾g=2w;^rYIK# ,t~(je&nK5TlScZ?V#GVD.{ǫ0VoK_jDy,OWoߗƄ*=h"ގr)۴ׂ5JUl@hW~|("9+/rWtFF~Qkbbdһi)Ԙ ~].EE>I!j gcm?N!)E)>`c"NQM !T.Z:0&M>$}]'VA__2 ~Z=7T`ǶyBvr]V%Pץ:bb\st}'9XG)p\?ssQ)H /Pjd;?KbWdxrd%>dysiW!mvVȲڠ6.y &V**[sF ҏ!9"x Z%wu]iX5g+X[&jS=gZޮ(vl/+bPO0{xUR_[vwBr9`peRL.מUrT'hdޖZC-ȿU6p,#Z*X|{tiбl4 SM(|8ی51"lXxz }l F|&w ң6WN~5 K3{;T$kU\:{~`v6Pآ:!ɼ18!'0C0K)^EnzPNOU#4L|nbxt叾&A+WC3/σgp_>KD鉺 |3];`}3|m!)[뇮([~d򖌶>w{Ǡ;C3|l7 t+ p"1`oK I՗?tJz,sߏ̺q8pI}1Қcة$fBd뭴 =_W#+Odm>P!8B$e瘙J׍O;OUk#LHУ!_O&}.0c76^~p<4\{D8^% fEdLS0)y'$~v\. A6A7*FO,1jqI  mǿ^ PtҘ҃NFQ2ykjbr ˸i_ٻ]K~# ͞jP'\sM.Fn +/:~\ E#GvVu˽2c}8oIWԉ msd\yM҃iWF17RFf%23Q$Ik2>d&aPz pE᷍n@5_ F^MGǐÿ9}׋J\cƕ#Ҡju<ܚ,T?P&V4xGP.Zf{`4"=FxOb Ҵ{҈dPU*'H3۰4O$sdWZ!9Ҷz:ZN1ԗ~K%(޼蒕n+sAA*s;т,FGv~%cTDZ)s!ޡN}|pyJ%#$x xHE@!?9|t҈ t\'{ A\|)/i}5ܱE 9֭6N 3L5N/^zWW`NG-L =НUM}=ߺS5vy(eP;(O@"QN 9`@EUޓH9>k?Gn2nHca6m`&n0_=UZs^3umx "d5)?;ӂp!q/STXfYU;O=ngr^ p;6YM€LkGES"~:VB=f>j/tZP&s:*Iq*:~fJ'nW 2>Lszn&N|5ޝgs[9;I2{U4G/Rה눡.䓽Ow{jWd:UDRal Z$|cv41-$YjNP-ŪMCҨI@Cyp?,m@8º̜cy=}vR2RqvAt +h``7]̌B4 z[@ZU)7}Ҿ Ec@0h#LҜi|\gN, 0{<+B ҠCuk͝uk_`VOTPrʨ FppcxK5ޣ?q?x1i8iz/L wٌsꔎ6ÂHsq]6DF7}Є#YSzΎ@7U5\KNN׽AnX.뷳'1ăJ:U YZ[Ei&,@-n"ZNegfp+WP3(ZH67CY~[ oqѤ6<}1Rok H?F`}>p(XOz+4Lp7IҟFNaSr5|WgLآt|B6 x<`8D"vA"BK#5X:ZY_(Xخ>7u]ຒñSTZg>?byiO ~2?d}āiMکjecpk'8&&n#_zCzeOrW0i:B-Rv%YK#ɪޛv+O~Eۍ֤qiMCF\t:(QYIyfΖHaô^;5FalEU-[=qZJ'Ҧ}l8o liW0:%TP/ϱ֔y!:DohB$;$mHO7>)^ ҃iT]Ϭu\!d9h$+0cqT'P!Q1l UpJ-8"Ƚ j l2R<爽 "XژkR0+*=]IF85%[.7r浤i\U[c"7zsv*0) 2[i}6kuX[&UN!ܒ4x¤뽂G{`d@4agXqf!r3jeF uE%/&7 Iᣆ0_4B2cc%4o1 N_gt z[LX3h; @&F7h0Y%ӵҒ8G(7&c^NExH4i?Vx <Ч"iL6|0ELxxGSmhy̒8q cy_ce,gJ/.b'9'Ǿ5n$T~KɎMK7qNaж -MahEr`yܿҦ)k ' :xv% uUճ?%Lm$KԆA/тXBʵ|`r{j RQB1w]x#L#\JƢg3iFtg f O)oWqdF+"# >yxύL eI-4 3>x%W?jUSғbP͟ѹ/38ϫ6~M^VΩQ -\MZܨ)@|9xl[q?L}':FR_c,JXfbu3C *:TɆ*ٹtU\|T|;,mDxsܨe. J˭ ]A.hANH6V5Ke@AD=u=ɨvLrG'̀=A&F/cx6%|p/61Ķ@(*# HhO$WS9=7M3Sރi?(e wk&bh`qqpBZhqaF ?^@+A'U9oя99'-L;]ט[X!kZ bu1ƨ8',*whд#2ֵŅ[az.PWv]*?1eRµD5_۩j[ҊORrO.@4)h=ĺ0D1ZDZx4&QZDJ6aE,M%o43n!rK\W)QDZqK\U y`o*(qDF$^Ai+]Ix{ϕ,,1Bre o+xw Fp㉀odV mv tKI*8ǧik> c2ޞi#1I`˦kzGl!#q]MD:}^$w39Xa[? &?[ݏOھʨM@S=g4튭+"Mf&d^57CMݿ򼭈<{"[Maڰ˅.< EDfb×\$'U¶a\Od~^@wSqiǫ/b(4rҭH {ig!1s8`}ѳ02Q JJt^I:q@ލGִy 5#ߏ^7#.0npC=;^$y, 71)9UED#0 bT09dk `lGuO 7pJE8Ԕ_;4X2ؒ2n򧘁$n'2,/:ZNUrV8~2!o0-^!w7moyjؗ,%JwȮg2rpx mV#JS mkP t 'GD ^0DU`"4svٿ*;{@S TASф:|5׃eoN>y<2~N/N aid6j*'@\4ҚXt :ntDl ,bI8f*%_5ظ&V Ҡq.kqwu@*Q\'次 Xu^?IQPbSLp$q\_fh8o"p kfT}Z2#(఍ůP{ Sa:ߡp,ӒUo qLN!.ou(_ϥ GT@$\5# enkdx0wy{:u_Wr[ENH;hsо\?RG~Kn^S2P"VCӺzAkԝEwzf,/T*Mdee1fcmy`*H6a_3Z2a81m C8GPD&=!s1W Svm=(aH|-{ yڊ ꃙBl~%G1`z*Q*'([5J_GITs;Hl@ud* J"X]ddL.\g~1}ݵ`{;n2?GNen6CR.9uŤ*R:DXyE9 p(9%Dkx-+ΌfS9^Orv9p[ k-"%BK6jz~Kވvӯ&bѝn9vm0Q][6zX/wzzuھW6,512ftoJ)$& *f~Gs{6V}W6Zͫj+'&lJlVMwh{, O#RB{eG('xi*JP+ eIቷ˵{+^h*F;cɩwix|65ytJN-Dה27]/qȚVlMhZdI5Oj`A;%b3ݴ,-S.Puqْ "nh9:Mǐ@#a ^0pޅXɱn@W5ʑũ_+ϟt1z'FΒh O`<~۝-ZhmuU7t:-=f/1 R`n_[.# v-^nì;+fm&>nsqEZL;&?=@i_[QiQ7#AQF, ؈ 9Dk["}h%չN], < ^ef2rr}4vU&OjS,˥`6%fiIW8d>"yo{<Yrb}1Nl$Vm [k㉲dCĽX3j=[ثu'OyO$`䇩J0@:3 kDT/|V_3I++,pWhsMܘfBPh (,1ONIܜf\߰\-MWa/ɋ")-ԇGNR谯J)s|d*/%cWn/:=16<ؘ+iтmLk3--HfZ [ s@l19͆]Y_Ll0[zL42 e=! b ukc6.6Z RQkTQ9CБCr{Dø\ܒҝ/}eߘ o 95z ΃+TkvڇglE,iS ՉP믅2U`UAxj g2[ACeY]x@\'Nũ}B^3lJpf^c&}s$%,zm8eSzjfz!ngD/%l ZLv]rq8JgcZF~·Lw">#'*hHéc(s,Q@ԟ'GS wƸ/<~ Z R@G`^(^s0WHɃ/KiyZ5e(U'i50X;k.( I c(.%Z5SBŁ?6է'0_k0٤ytFYR'%fX@耐>{p|v?@`GQ%v{m%E!1tߡ(L쏥:u'GLML۠ VspFHşV,mXȤ"`;ozOl {]=/f<pq< !pļF4e0p+ DQHF믦x~1ePxp8K1S8~i&?UԏۥчϤ-EB6aI1}Ht[Bc&cS:d]κ$'8X^$`U¹i|8Dَb);v), S$Y/Z`$["I}To38#.#OD'<ޮo]X:rE*Q.ɲMO=zQKx* N!K[|-:QSL^E%ujCsegzMUER7Ptox-ϔ'zEՒp(JMX5_߅&o=“Vc?e ڛSQ#3]@lrAwC 4sYsÖr lx1v2P5%&F4*b1sNN\* H?pFQ3ke9V+~ m 5KЭ^ޅ0A^4\,ж1:=CdN" ?/AV<ay| ,?IsZleP'̀^CJu;D֭l%ԩD7o5D-V/y303 hf ;.K]A>εCh )L,EO ;ѷ}BDϮuݹDKgmGFe]lFHl.hP 5z,L+Jz+ ko}:Yu3I5AƳq,kb5 Susm:K+cB(({]{H49@\K=߱_Ti֢i6dU@4("z'Lt†ZczH~RƔp@(NJgl [*V#Ԁ/SE̦e8uZH>i{."A\ڿCxtgA;.4#`״/eiej/qzBn2˥.@Kǥ R `cG9&^Zd+S"c=G4LR)||%ug4Էj|pB)#|Ӊ` rOe(u&EÉ|- L0?!K^`^ˍ 1 dl̝+I|J3-J0Mh?ut(&~ݝRq5E{~9rTc[[,wIJRV\{E τl/4MAr!=hҶ 0d١gZ+ayF2ͧ)Cq (IXa)WFKe3&Ƞt()a ;)q~%[֝z$W.ƊVLT yĖ_rtU}_D_Ԭ>LTxTzrVBI9lcCW8gx+;^Ifrrx=Y WU¥.Xe6 YK]u l4$Ml {1e#gefq8H;:%no3nw2e3JμyH4eB;*,R^%Ji2.H}%Bf5efT.HYEK mqCyP'9MWoqŦ/BjRQHD8bx|j`mٳ`:51p=AT+B ?taMAPАDTyҽkLc?^FhuݒeڂVl/ɎjkW_6 yrʹA],#TYj4yâ]<}=fo9d2Ҫ_#@U}=JjnKS#2*zK@Ƒz1Yp+[cgLjDlj|[J$Y-Jӻ3 LZ^VbԤ;_Fͪ?z|$, 3 jb&nvX"bȬV-Oښd/@ۤ{R_54Zr&ѧ6ў^Bڧ(\~@B.x'Tm!u|/+0Tr$MKFL`0B ~Gb2⒰%n;v>wM KW]`x@)"Td18$js<3Z!Wuhȝ`όÜY76y7ȁ#aCOfLoon&Wo"XVh7F_ k'Y!UPZ\6Y4y}V>N_91ޖ)YL]KX9&Je@WMwYhd 2|hh)5QsP 2 T YZ