sssd-client-2.8.2-1.el8 >  A cPU]$:9\nnN ,p%wj@Fax_}*3?َ:<3߬{XBAbYE,7484ُ ²swN{.@% Z,V,[_&Z P;ց\1;pOUb#Z8ʣK4ᯑdb1+qe0YO-f@(+mCp}C~¬Esǧ ͒;dX(?B[Udt=jӟk})1֒<`( t8h0ۛ=/r8)M{mTrLŁ1m(lS_b*BwuB]!9AT+"l:4vbFۋb ).027144fdd1dba97b5872c4319cee26e7591af3646e6d47256ef77140cc8a060d50d8db85b3cee2d8eda05e4831a58af71357f20d cPU]ԤvBShYD=WT7_Q8hf 5@8I,(][9ӂz<jՙ!?7*D DyPBj+xA9)& sgs *ֳݎm,o1x-\߲BZNX=ϹoWaXN@uX5d*UƤKvOvȾ:':QT:=ΘVbx}t[3$0 528"wbB ?۝JO+ىUIL̘e[2kfH5,jD z/{J}\\ΆȴR*K|$t]Y7u؊[qHC6dG[]i\!_{nd^\bsld1.-R#ğ^S e'3Bh'|"|nbT*_IۅodCwD_[[,%g<#b $[ >pAD?4d  @ %+3<11 b1 1 1  y1  @1111d###(89:m>q?y@G1HT1I1XdY|\1]\1^-bSdeflt1uh1v,w81x1yI0Csssd-client2.8.21.el8SSSD Client libraries for NSS and PAMProvides the libraries needed by the PAM and NSS stacks to connect to the SSSD service.caarch64-01.mbox.centos.org #CentOSCentOSLGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxaarch64/sbin/ldconfig /usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so 20if [ $1 -eq 0 ] ; then /usr/sbin/alternatives --remove cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so fi%@)%-F2> H` pK = (|  [ t 2  AAAAAAAAAAAAA큤ccccccccccccccccccccccccccccccc,c,ccccccccccccccccc1bd6d1b38edd9d85b81c7014643a14b54a3014935927c6fc068ad88b59430acf28a5b0ca0cf7f105ed82206a2b6ae2725357a03a85cd7c983d5a33f9266db65db736350c8c0ba6cd4e796983059ac35342f619881d33cb0761145ef96f76a5b511e4034df4151cd4fd2bbc0a274a4a885f44bb052788782c893ae0347f65bda8967d33096f9d5f7a5cfef731650996e92082fc33ff452d9d8897b3789b34ac47dc8ffdf49938c2c66faefe4ef6f3aac500bc0d86309e5109e31ab6e8edadcf7d94d617d9d197c9455c00ecc68496c4c10c0a6d2550ef70d885e714b591fcb64891b08e936590443bb35eb047355b24f21fcb36bb8a37ab939e55f1c1436663848ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9036c57f43c939054fd4b831f271a14c97a488c38f98cdda5e887c5d396e3b3bc582bc665c303402fbac36a7294e879e4491e446189b57a8b3a15c072d84b541509a30d629b8dd03a959f09bac4ec7b42b6c6c5b02c74314e0b4f7955e74197b2e210e7e331e4884e752783eaac0bab0778adb7831100d59af069be9cc0b683048cf4779f58e14a178f076b66e57371984e1d84ca9d4b3d287560c477bb4090eb8281370ec739b1c4f25b2ae9678b67af5af258a97eabcb516d6458b565d02d10f1f2caa174e29d50ef9f673724454656611de7f392d911a5db40de6daa37322ad21a7d7ad315e79f1776845df4334c19ff5eb8a4231bdb823116d10dfd54e16cd957b7703268c1d7dc87387790326cce14d1d9323a7e0db90e41b24bccf400e1db42409f2990558a0728f5246c09e2d95b7d1f2484ea2bdb722081d0786428387bcc19fc590ee75b41aa962e71d1dca166bccc835c9b9c321d4bac314f88bc2c4d0094fff6e4d7cda7701c2419b4b5060bb02346289e546a66e8fbfbaa918efdc2281fd149e23e446208dfc940b79f2b306179faa662a81405aa303486736be13c525604827c4c6cdd38ec5c98a4e0469f251240edce6708bb4caad4b5505154a06413b55f54ff4a6ea0968f1fa4d3c98fa4aaa9966906082a7fed321f89d81be6f9a8f72eae36dabfc29ba010aa42dc4ff935b8c08cc91d2fcd47f7fb8164ec3d47e8dfc61c95a76c8b3ade64d5b672dff15cecafd3b2a7a9c96ee4795f53f50b7361ae38be8fa0e1142cfb7cd179f9184ac1931fa13f2c670d5a3bc310b91f5c../../../../usr/lib64/libnss_sss.so.2../../../../usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so../../../../usr/lib64/security/pam_sss.so../../../../usr/lib64/libsubid_sss.so../../../../usr/lib64/security/pam_sss_gss.so../../../../usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so../../../../usr/lib64/cifs-utils/cifs_idmap_sss.so../../../../usr/lib64/krb5/plugins/authdata/sssd_pac_plugin.so@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.8.2-1.el8.src.rpmlibnss_sss.so.2()(64bit)libnss_sss.so.2(EXPORTED)(64bit)libsubid_sss.so()(64bit)libsubid_sss.so(EXPORTED)(64bit)sssd-clientsssd-client(aarch-64) @@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/sbin/ldconfig/sbin/ldconfig/sbin/ldconfig/usr/sbin/alternatives/usr/sbin/alternativesld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcom_err.so.2()(64bit)libgssapi_krb5.so.2()(64bit)libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit)libpam.so.0(LIBPAM_MODUTIL_1.0)(64bit)libpthread.so.0()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_nss_idmaplibsss_nss_idmap.so.0()(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.0.1)(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.5.0)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)2.8.2-1.el82.8.2-1.el83.0.4-14.6.0-14.0-15.2-14.14.3cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/sbin/ldconfig  !"#$%&'()*+,-./01esrurururusvsvsvsvukukukuk2.8.2-1.el82.8.2-1.el8    cifs-utilsidmap-plugin.build-id26ac3e129575e6a6c29dc26321daa76a793cb8f94f15e632b0845ff1fe9fd58b6031d4914503a90e5373b4fbe076c405645e7d19a2eb38b9a49038fb9210e243645552daaecbdb7eeeeeddaf93cebb5c2c8f5bc5bdbe848ebc2708bc6fcef8859fc98989d256592a48b6db1a98ce5e7e0410b5e1a313ae99c49688dea5209a7f7a87359d0424e1d5e99002a2844402055d22f51f2a4dcdaae616d882dabc86cifs-utilscifs_idmap_sss.sosssd_pac_plugin.sosssd_krb5_locator_plugin.solibnss_sss.so.2libsubid_sss.sopam_sss.sopam_sss_gss.sosssdmodulessssd_krb5_localauth_plugin.sosssd-clientCOPYINGCOPYING.LESSERsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gz/etc//etc/cifs-utils//usr/lib//usr/lib/.build-id//usr/lib/.build-id/26//usr/lib/.build-id/4f//usr/lib/.build-id/53//usr/lib/.build-id/5c//usr/lib/.build-id/89//usr/lib/.build-id/99//usr/lib/.build-id/a2//usr/lib64//usr/lib64/cifs-utils//usr/lib64/krb5/plugins/authdata//usr/lib64/krb5/plugins/libkrb5//usr/lib64/security//usr/lib64/sssd//usr/lib64/sssd/modules//usr/share/licenses//usr/share/licenses/sssd-client//usr/share/man/es/man8//usr/share/man/man8//usr/share/man/ru/man8//usr/share/man/sv/man8//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnu  directorycannot open `/builddir/build/BUILDROOT/sssd-2.8.2-1.el8.aarch64/etc/cifs-utils/idmap-plugin' (No such file or directory)ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=99c49688dea5209a7f7a87359d0424e1d5e99002, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a2844402055d22f51f2a4dcdaae616d882dabc86, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=89d256592a48b6db1a98ce5e7e0410b5e1a313ae, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=26ac3e129575e6a6c29dc26321daa76a793cb8f9, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=539210e243645552daaecbdb7eeeeeddaf93cebb, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5373b4fbe076c405645e7d19a2eb38b9a49038fb, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5c2c8f5bc5bdbe848ebc2708bc6fcef8859fc989, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=4f15e632b0845ff1fe9fd58b6031d4914503a90e, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix) "*4?  RRRRR RRRR RR!RRR R RRR R RR!RR R RR!PPRR R R RR!PPRR R R RR!RRRRR R RR RR!RRRRR R RR R RR!RRR R RRR R RR!utf-8165eae37b53f4f94e385c4b696459e4b895d182e5e8840586746e074ea4da94c?7zXZ !#,苪] b2u jӫ`(y.b$*;0]|?",{(R;( +I5B=5_l͌]m{`C'ÑR fL ޡ Fj ͈7HY\A=QgJn-60V =P?5$~vBsuIFVuN^ LG-\nq&7\+:[M7 V'JehklE$^h`d-&<(X`F-v7.FZmy  RR]Cݟ ~yguO D|KÀ:D膲ix.OMW @<[}~)WG0;TՃ6LDd4;FՑ0sƬ1NH i1Y?1_ 2tJ?`νrmXA"(D0Bu/ i̛oG^Qmu&X( ݭ;kЛ,1LӛV(YS xgU_xP\h7P ,Ӷ;'dJ񌄞{ ~f=q7`;.vVej[oZP1_b;ðڛ8͉d5awlA[d6#A&K`˅<6rMʋa*,S^[B7N<F֘ךϝ$-kwLihX0b Whje |imT$=т߄nDLDN_c螟.ZV kQzn[g!]I-wlhQcChm;kQMZrf _Qd :@e^HD[UnJ˫?#\.Y0GT^x^5IqG ll &]{-~48.=͎^1_yiW+T| |zڗ' hӚt_L*kw/5ޅ~n uWJ|C튦:gU\x1J T/hũȵl 7a?NC$T?)fh5`s}rW,Tu]OnR6+?cSushDrvv';x윰nHg:Mug`l4t-WwS@;Nnsѓ|͂ i$d JfwXԃPsqXd5ո,U 2N=Y>qKᐙV/XR e\MiܩhZ{3f8?E|3K<%E8be*U<±^xE` Ɂ ^L><1zBT?ZCG2Ovg9*5j?Yv3H$st}80zn4eٴ"q \t ')Dq'rm̩OYZM 6ev Bﮣj󲹢U B;&Jia8AKpצML;(Ch#u:b3 wwApprrGlL_gDT}W0[$5N&1TGq+8pqDZ`kPWDV Swb|9yDPzBP|Hm:ԲYiX,tF.RvԚ X]!%ęR*q('D;wI~C=& n~MX }cn;G}uhEL/ x{H1TT]{N {r?=<;>$nŶZQd{xMwT[Ā蹈}(g8-.i2i?/2h9 ǩ@XfI?ǟ'8m)C:?<rtܕ\&Qi$DP2QYX.Jh/s"1J'o:H 7;-;a}ALQ 9P`'xIOabe^.Mw ^uIUw^(ѼX`5=PJ8t,;_%8xHHO9vOܲ6Kb=Yvv<($tmњ8 O]aw8`+T'"WEk XP7^1OH| DKq:`7Ɠ+47lqxXBX`mu$m#<ܩ-#K*+ f^/1C󻯝W[F h2P53XɫY>Ec*|_F܎7ͲhA{,żF_nS!\coe"@W%$͸ N n5ۏ,MЇѮ `[ H4${69B:I.'y*)azh-K-l .URѪ\,XTϟWuu8_$Vh>Q䞄x 4Q%K KI].22 *e/HJ#h8Yc`csVYhq9z견h['*irLˉp2paVJ CW[. ^K)3&x'C9vcp =aaVM_mQӬ'x2׼ӕxJ!ŽaىM>%TT+i:DJLDCˆbv'_E {خ,MF8P'u)G(d-MŏHKJ / o@4@*$W8 X-Bb5ikab;Ϥ=*izeYLc{lYPlחZ9tL-9<5J%p E;nXʵ^|Ik}8;a0!+}2 X^CDQxv}E@P)}7|D#m7ťL|2'1Yt,~d/Lu]0',@՜~JMdzZ, sW֣5Op~FM[`)xNgx?j*'XCiR]1 WsS6q-9enJR@P(2zӄޝzO#a>X,4G9[۷lqNuj989~wC4!p{k]("\UpN9Z&ҁK?xdaR((Gmq5~4ITE\QQKc2(YGt͎v+2{֧Pj l* 8є5[o<0,ŔeuҿPol}Tr7,Hx;7lm?5(mTEU#sL 57tܪcc3Wjn IOQViR{=G0JqF 2!4LӇY0f(E®k\QM,C`t'gM /ŧTnJ*㫈Q85t]7 warRQ{z|~Dov:BmH à95oE< GIxx*_d-a,a:UQIR"t]AB-vtпo![Y~F`C|Ƴ%|̫-O{Q&ap=H!t[ld詳um&z6BbS[=HP w-`э`WmgRTF}|Цc9q0dfF@-kVPI5*jT<__Qfc9g(ߣ&f٤z&\sR7,ja*+Op0}ۀȌ.Cq3Bl'CL˗D|ۃ?W~ܓ.-;vķ,cI\}1V_ɞ~ =')KTF4 v zRoG;DN3o ]>w^/j}ka_-?ӄ6F?̼Ϟ[ȭW.T(A4j*Ué(ēy a F 759q!ZΦڙ-|rr!;9URUo[wA:ųβiϪp-ow)v?)$ zAܗKd5m$wq4;]^,Y(qZF NpVINgt/ybKs֧EN<(VPZ6q~TvҴY*-z8K02"Rwvs |-܉!(o(!TK 7k7:A;ؠ&׾z"xO_1EuNFE ~%74h"66Fp~ڙT|phj7ΪTs* j5VQ ۊ6Y#v:4Z 8Nkŷ򷗄HC;R.`0ݯ6؉2#~ԫWK8T)y0#6тqڧ.dEw}o>hdep:f5c`e,@lx[7O9Jȁp+b1U  *e^_~c/-i3azKx2zMs9tab? 4sTgzE;M {}& O' 9kЦWs- }SC;KKCDXxG`4f=7󸇌%Kà>q/~n]lKHs({Y]Ă6Ro¾Ob+ 6l+Jts,qYlI$kK#W/BUγ;</?̈́)&nd<= ʹFTj];sLc|4xG`9qƍ ^F^6\@ QdCѹZ s¥iw043#[R/{ 5R+ͫaL.h6j7 Xοޟ$R˗CDՕ~m"!70:eK{*5\ɾÙ K֠э4*`$}1V8O2ĈB~G U{~Y"ޒk5Z<&8/Y]O]VˇFoM}<>~iPhʠ7rLs Zi$NMM`ax/sqZ5JJVφr [dDQX$aJ}̾\};Rx ,eG),L޹Ru@t:N-"s޹|t匤&6;4Y{HG)mSۇ1XbMꦀHp#Y#&r: qcaShybCzכVUpJ4'vmW 7H*Z+!; yjf^5U)2-(%LFS3S"&F(H>h/'d js`i@ӗTE(H& @vC2ox-'$5<<] n QQbSnKVާ/'9nG9uT<فGu;j^lL6$-Z=D^tQq]Awt9 W%9E/6)JWKZ1s »Sn#or!"KI&Iq9+JX*BV&Oʐӫb=TX}DRPzub H $q/b}cG<=fŮ;%~h~$ Tz>Wǐ0_201_%kBGKd* 7+qK OB½HRHs3|@ f# 1ݠ4qG +n&tx61qA ,ZtTz3^^_Q;X`[_I؂ 7CfZ7d 3ߪN)(|?*~ߨW5׍ֻB.:n7 Lԯ"=q)]GYMNʧU{ 恔v9=ntA8RƳtT-Q_òQ2lŗvMƏD*V59- Q$O{8}C]W6!GFo2AD,N޷7e:?|>;bO b*C5r>}U1Ţk &+hn'di6驋A{ru8ROJH'V.徠 bÕ6m~O"Ƙ;UG6_Sq)܋PV29LTHaAP2*'#N=(k(gh|gq"z7'&m29st>݇ 5ݮ_=Kjꜭ 'OUT Ǖj\No&r7G-֘O,j郎Mb|*OPbД,Z#RTg{rӿn8t0đT(LXGV07Iw&^T'1 q&I o%A1J:TwjHҋЎ*q>k "fc BfJqVm  q-ۜ^l[2)*"|6JRMyR n@WѠ;5]l.x0(PVA&|wvXlfloU+vjˊUcA, j"&Oh&@r&ʩc9$/?YnqU2JC% B~zH;֗$I j/t,vړLӯ3ԟ:MTG7e鳯a 1>?H.qqKSԢU8gcĐjkq@ <(dz` fT^^%"=䎍(#܄ 5()Kw#-=T?6[b_ԡ8'bVq#<9V#Pwdz(l.؄xbe_TokR =r #XS“L–q\(b!VVD Tőf 7޾j|,J>Y} bVu^@Wμy늽Tõ .v=NM鐂=|Ļ {+%f"V xd*pM)uڐ~6[*]j(8cL>bp3b&j:aͬu`x<wxvKY7ɖ ?n%}FYWrHiNcxey )y:K;~3Sh׸ _ )Mfny5`tKeS|;;kZ=!; mc:ZR$#M3QXT7C+זJ !n=Qo_i3THuݻP|PQڐI +9YDdkee|E!$$Q7%֖㲤1:9\bS}S o={ 䍫7DSeXLi.<-I=36.; Uc+otGRs Rcf=6 #&ei1wo֥maqluAEi(ɠYrۏ4c=#aƻ?WkimXE Xv^Ua\ t5%m EdטZE"U\h2?6.KPi,)nu ~haUA : VTt>UJiJg)\3D "\ v&m f3 n?61=;1p^#A+쏻7 ybyb:Gu,߶r|P`fG%lowe8wB.y9a^퀻eUFu=֩dCX*MZ'YxഭG^wB̈7Yl2·Lܲgbi.w4їoH8q?J *j{qMOm"ur߅Z!d!!Dx#ݸ #tTQ.ն2,g/" fBD1Spī}jV^>@qGRG*s4M5+iN.9 ƤfqtV,L1~sYݹ i\4 a;'A;u[&$>C>aO񠰱;E tjL NӤR""4>nmwib{Z71E &G1uZO*ܸtTLX H|-[:<wD;Nj)uQ3ܘR0piMl X2XaW·?RD!rFku0LتXw6aeiMEjā{st5]F]ŬB1ozY@Ib}cƙ˟L jZ쩣#z]omS)5{utcߗlgO wE1%0$CzRyj%_CDY"{()@9A^ fQ;=Y)˧kF5y \ҵ]rȪJw@eyUO??R@,-"ʗ^g'`oN|j^u-C1tj`o,_9=]"^|a!hPba1A!{#}?%IĘX `q1t/u@4 g{]mlvB۟mIsL{^/ 7#Viũip9D0AV oJŅ?`BtW4&#<6! QZANUw;%RvYJWsŨ2UE{?q.V# nsWTk7BLŁ݅ᄊqګ"`ta\a~q6GEҏq{Mv_Nx MzŮGLu-Kk xXK|e1SQ;7xuQb/;i?`p<P_a+ ILj`OsG:+g%ÀGό}qSy/5}*f7ī vJAP(-:Gj}M(1z JpO)*>=Fzݳ 3hK'm6(tN]Z8>9tٝ{LĢÏ|ӠŸ 8Ha 1˨R5(j/*ic \FH}j1 F>7W41::%O2S"Z E3{]g]HcĘ;9U/."sޱ-4ObG"fȚehD!>p0O&::^9(j^6AEŻPO*ބd1'~9G0邐XLr2O@lRJ[.N`ߍ~ X{S$ M[u_{=r0Y)E _Wxւ(W~ةs貪v1]:`Y8wի&5_r۔U R~f\%DfʎoRz_8C󲔫-J͗Dx?m]KYpV!3~Ǯx+}w &fvV]`]hɤfR͉QPGl~U[gFAטdHB$| (<8YdX+y.cuZR ve{]RuF''DxtbCʓrORdM‹ fwKP6Vra~ǢS a@^Dޗ۩b *=P{ kC/$`0)\C ?0،o@ä^SL7/ɣ= pŬpy=wl~HY˪Bm}&RRCvrݛvU4!Ni{1(B w?vhJ/VFU`(D8<%΃2رgJ@]R^d9ntrxiUP>XijH7W ^O4=Rܯ`IꙆ¥*:@tolRF){(P c%{{W,-sƈp|f6L4ŃL4vAE[F!QL4klc3|E?@ч|\koML2 Y F%OHS*}MJ 1-= Y2@yzBGZZj: 8_'dœs#}7?KUtfdPFqggةof*wf? j@QTlz1qSu!П.nObtEzTxH\lw$$XnR=+/Hdr۴R:R1vFO ]qRdC7q`AP,\ah]7 _&G]r*O3+ȕOX!+@{Ltu(Ԥ$x oRQCd$oyx=uEX.yJ꨺Mq"7Ϳrg{L]seyv4VK<1"0^ :LQ4 Mζq7O}ؤKS3vZs^QQ5Ic6CW@ \!A2\\|qw<3w]Ёn!KHmo9 7+)+BNj7e[xݵaJ=%>:M ;y4gX[<3 NR?lo/E0yX='J7+\2%q_$E9;.uE\>vƬfz? d埝 6T"T.^s~EfNhI uD;k42iY Kѝ"&Ά j "S@؞&04J5miކm8*9-@3eyJ (fY&ߩxVL+]^$'k zgT,w,3;9ƣPhikPaW>ۜH(1ovxncˉES|g}5JT bu1?;f4b yF##`2ι@@v2{B:f$ܜ5M8iA{>&Sy Rw[z |s)ұNDŽ,_IT}F!Wdvr{C[tqɢR +^Cu- W{C8<6DnH0h xQ(_#_zrL~a;ˏ WO}5:>BͶ$Vں窒obmS ?|+V^ٰ˾MFX|ăSN ϖ_WlDiV~**dӸulEB5.gfdUNJsTꕺ!e *=a)[C)Kg@ln{NoaMYrA2>ı_&#fM3b)7Fݞ( W7tVP\eQX 8R]yBT& q!`jiդ{eV, ,YDd\' )tԂ86i0c{#p8=z& -m5먇ddeTv/We9?pciJB8 l2ge3zaR@ri#AU)aֹ+;*[dH7 9NDb 5$4'keȠYu{ Qڑ4X?;7!N pft0&qYxÓ҉vvr&"t7~W`:RV  o$ZZpuE)fS#5py` փtFI-$a}i늋dH$NԚ)|8'Peb߂Λ7"xu7by51A Y\ktwc֢)`~RAj;Q(h+F_MVa%ci3;{oIK#;Ĥn&oAŠWfVT=ő4s;qSt ֭rÛMn(XVb}<#V D_u:Ґ:D _`-|6y1z 3OzC_#9TE.3FLQFr\8'8r~حal>M Y`6TX #56N- A{: G+dߦ7dU<Հ["3] ~q.δMS(H4~fvG; ÖR[PɰTVoҕ9C1 Rw{揮 9yNE)8ߓL?5 Gt}:yPuDZJi`S f`^X'Eޞw|}t1H #Ss3'θEBZӶ,$phL?EI<jOuT?%"d89vUU2Vؒ]us+s=һ^ 9/RPC/Kk6xq3aإF_(UX&\WWUXz +ͦ<6f<^_TF]na/YBdgSOSr~ETڑExX]ǯ. 9 ^ȪWXE7/ 4j;FtzݶNYM<#N/\eYV*EcWu^(9/ Vnj8:4ԎtӃÅk< u|[? zXͅe1:V]ŮQ-<}blАiA %`zԙ"5xǣBj7 G̈́Z S52h&%y) Aht1BA.N/ I^g0;4BA,Sbca&w"U#5pmCDxT)șqO/ ҘjFyi~+\ Ѣͧ%!@rɬWP<.+}D*(T?O G7ֻ[ _-r#HX@XtjTdDw&yhZ]h=~u`j`}O[Vte/80’ * j p 7,9"?PH`riuN} 5ND ~*1x%z*M#[6w T ~ h:k^˛\Ji[=܉.CpS GK#C [~N0WóvY!yPrd( p/Y#]D53fd$ۯ.%R\k'+U.<5!αj^.R0}-knǨ x#>au?4"%pB`zT.& ɴSx/#yu sY^:<~'aP F0}sLr;ͧ)NO(K#O( m9gp=L٧ 蕘h;/^5v3!cK2։ENSeܖI2k^ܐq]N|?~+HqѢˀy ^˼ʬQ{J@*gZ ^s-ֽ$r*C߆] ms15k heNFC+bfjt\e湐.)4N8d3L{S$Hdܳsi;ʺV=| [X,YڏZ'*hٗt&XPq\I~[eph,`%Mzs`WFڛK {)ھ X9qoBؔQ<:03-_ܾ<sҴ2y{٧j*M;zckEu ĸB']P*9#1Eݍbk"kEhm,z/p[~&&w2:JQB3R,N6:3a:0a^4g:RIWu~%Z)Olr/vMx[zQ]~/9'N܈a^ԻJ?Ϊ&dR[SV8mp7RwifΈN9wWwi!/KE8V'd.̎ɽG!oϲ!]حUwGAD]RI9X4ly.xK۬v/{.q?Fm2̎}I׮0ΎөD}6˶/C<禁 2!W |eD]Tf,':3^:FԱO[DA"$ h9-.?ԬDEdَN|eKm:/}>AE_?{4IDHFǴ}'N6BΤ3BOf8+HG:Qq<{!w;B B>G+5N(侖^ic G N-fDFkob,4:aF" V?fb+Z;E/#[҄T Rݖ&-+:9vWOo6`ټZk]4x5RsL.Jԧz۞k\5pkO_ 絽+^  \5ANTTJ^嫔64!\#St1 O(>87b-vV61FjYǓ.1C(Ӑ`a5 \ˊurR0>G#F$m5noڍ&Xv@fI`#.z]Ov1yشyyZ2rٙx~-"khpgύ3SRI͐7$+^P\jy Q ȋ,ODtřy`i{T+QIL-n@QQ?9Dn/fj(Arev-,?y]N{:أRv$GIbmZ[| YQxsz.-C""n>S{_g`f`Y -spqMk@h3޴s^߂UJhS ?BfWRZ -BޑQh.Ʉ;dNCf?t4]a8_۾UT(qaQPW>< hiլ-ϣ#7':ܱ+HҚjӯ9#e+M&U:P:Nᾮѝ(mVZpdo\޳x&wXyI3;H۸>At75uSWHg&GUIoÎP|E.@3i;^z} Z@<%l[p$GG4CDTq.sc裚7{C!_G09I0L*3WS=%,?t䥍DHVGFԿ !" sj_ ewR8MT$ERgӕa)Iei87lɿ.xWY{@5Y{$Ku6߾ʼnE/SJs?/@Bbk=1RP-ҀiBNxՀ#,Y \+XUbKb)FKUgy3 lW&)²Gܣyg͟ɨt\#,r#^ʔ 6nS ?VhKw O?̨#vۃF%DS?s0BI'O_Box 3R:0_9~76֓h7-b!}ٝB 4~n7[CF~),IDsQyr!=2{Iu㎉DXdE`Jc|ɞ5c@Ӏ^[Бܗ0y>GW?>Z]h;lw mH_KP 訐i폾4+Ӻ$h><\Q'!$${hzi|K"ҌS5NwsHA9 U4%sdhe*WEx2qT5 D[iH)ﻊ#=p^ $#C FyqkRStAP&v~~!k:P ɟfoiɕΘ0LޕS^kQg\!}ApgRlxeW$]hb~&bi| ]-Gw;=0o3NPz74+j䂝(v^HovefK\`g 'jAsѝmWǔ-iJ[7F 4/wD5]StϩT3?E3mu@'x|q*5N"Cr ɏQ6%1i6(TE#_<>K*q ^߂CX|h O`TnjpFl" Ȧ-\is1{~+6$3FqpQNb69j.=i鮮'Y%MbkDlp#']=w'׽w{-C{H_ ']v&mk#9ybgcZ R0\ ֻڒZ0UE ڵDtU$OTk>hYY<p)r?G}EtsdFP^pN!R[B7%V[1ev'.E!U\W-[f2 TTX#pjo$eI\l*/[s 5jҏXbBmxBҺoWEr$a قz~KB[4v+Q8ytZPoeJΗ<#i.Fp "chr0]:z\\YCgW0SSm&0p-i9 rQ@^ Ν'R fXN4 xoox?bb܇ZgM*bGϥea*53v̆Xe,77wɽNS*m;xT$~6C)Tzn>}a\Qp)ƺ֚̏ka)*V5Uל+F) 09XWLf-#Xk( J8I)x-^hh3ϦӑJحo֨LΛe{ H;>xi>fʼnZѼfB8fT3OPX/fA(vx:bX9n斂&CS7ߒ0trsl ]Osep|IB:7^aa\(4P`o;_y'3OL0E]#*XrJKސt󔳯eUL zNlP1u/G-UKY, j" W1d:L/Xl[u_4k.~i~m$51w3Ӑ5U[ZOd1B҈}clOrJ},ʘ3Ksy^xB;{gh%2Zpe<Ī6>&'@R=h'IJzoeX Nб_36:3/~nx&4y8'b$Nd⮇9H ީݨ9",|HҾɅd^63 zjN*k@ZUMQt/[MȸӋج@}9:Ѫ fyF6B߁Ȱ{d-9ܻ]y˾|SMO t@'1!k\`Gd#]ФV}{ ϒ㯩31^33[bz,yrO BIj?$H5ҀgrSm{nT͛S5Ɣ48U,g` ȣHߎ P%L Kذ -J'@ˏ܂kaIe,UʼnE6,\k v;*YkZoa';[h _c+hB= %o:f Z8a8L`) S ˘ 8<B޺WA"|S y{ű*WfzWLoxPpwRg~3?|=b[eBV5a n,%o?`^*>vKKf^g\>dnD GotjY9g;bٶN!8i0,y$ Uc7B!B!oac~8J{^c:LJyI+@Bg&l[}H,.V Fr\#Yq 7ƙJNO 2mULHQl%sPHPͳBG UHၕy_hȹnQxNCAl ٶJ=IXSݫSc_G&by^pX2T8=Q] 3CF"(z")ЏG??9|ڳyRq(Џ3Dd Y׭lPzר g,T]%@$sOy-^_tEZ0gPK(26n }+C^Xsۯt *l^P,jͱ=C` #o;xⲧNҢX~&{j DX EV:F,hEp >׆,̲Te^G"L΄M,k,~p=`+t缀f 2ouǞpM9«1 _qYG՗98?>AoӾ$, jpNfPdtnۏDwsb֛X6ëL0׫aܴf@:KUrͺD}piѣ9[ MQ*$@>J}):8w{ S@hn*U4*4K-3p!wq(X8uhqIJHf*_^q"gɊrsMP6EI>Us#ؘJLJl\֕S/tX qj:~Uv %ڼmShF(MKnWL4γ,4P -$w6%P* tOBX WV\i%lCKGq隼(9+ggm69XG rk%bYS2T#aZtM)QU7{M RQ/^\ a:4"Y˦e@o!xx :8ئB`u3okZF^{Ha$jNeK}+Gy- pg7ijq>0ZXeqob]g41o Eusc=T:3ӖpOC)s}ioa>CyW>dzgH"־Zbљcncp4~[½ޒF 16R4\S87`v ژ̒J0G9dgDߜӦ0ayH%T_!CS1ܼx&1rnqتiI iT񆌯v@=%J;0{Ϻ&m~NsحmU(۸WWd6Fo+R8=nwȺPe4L!\b+)񾰘kHiM7JR%R\56xKp-si -@a#Lb(HL#~ qzV*xT$L~0_[ӭLz2֌ ǘ]OxcsQzlCy4 |+N䐈 0V#u=QpkAfm sHNH:;U1W .&zηeZm)(kC4j\F,ۀ^PH¢j˺<&6}ug!g%Dia/:mhp/`pN(78AFLj'ND)Q$e8q3V/Ov #J Zg'6H7\DG.To ‘H6'QQPGu$/cB24_6Xbe:ѡ6GoL [gjh4pi76v 55nQ;@F|'NjVיL6^v=Qd)<46R+wjУQߤrH@{x 71A}p((pwS)uKP&%: ڲΜa[ %*10S7t!V)f.Ĭ!N u4;zNHeI@POh9W" :Bw! kkSRmV6̄d,izEvy$*QtJ"39*ٓ߁4ƅfkm8m^/m{`Mֻ͜[0F,?UB겜_E_aE旈HID 깥!{p j)M#$I2"oT܋V>JeG(7SOZ/t%"^qp I1xOVNuz*H+5*oKzј^wr)`!x;X>}ؖꜧe [%׿Y!Ole= ,dci<:3-ItI-9L]LH>a M͕IȺ~M#/6F(n9Òz~>J}++ihqw|pU50~ÁYV")Y5])_$t䳽>0^FJ=EiG:0Dej >ty? ;ٲNhUToxȆɪuX A/cF9!pl(Nr>mTs.#Nh~Z"C^+,ZĆAvK0Tu~qթ+)f\^ f@b QrA";[QmN^{gl2"Z 訥8RikCDۆlB@d޻Kڜ2n℅[;)ul`#?! Rzz5i#hR z0y65FT1+KirWߜY&(lVRrR"SWTP̶3JX= osUhb"f(+&˒g,1 dRim> 5!ny S3㦦7%РN t8E^UdL vL[}W}3cwaA̦ 0K/߈_üNZ?#MvSUs(ׁNC%Ƿc RA}(#kɒnߕُI6l(Togjؘ"Huہ=Q(Jɒ""?[VAisLWY'z&BSdx-nՁ2d BXS nl|Zk2 ɱ{Ա .l_v+ 7oR<ċVͻM8˱?ҍ!,Ie"ta ^Ŋn(_ 0p#sOL6YNG~ WWdtYI! RgTFbKg!Zew]pTR4Lmxaec=-$TL#i; nv $?+%ug~ 4} n^TR#~)N45ؓT}MjPJ.`fHٔԾ87#(:*,UzFmĊ)p/g[؉Z$kfZW5mDrK$m[A!ѓmcNȿ˜ѹ(kPOWCnqfȇNS|#JѦ9^΍9dʳ͐s]TןZ] UE6H( W,8Vb:ډGo-bV'#\ƛN1Jp} 0dBrh%vS(gQp͓4/($ҁ~=7~1ìR/?^US`T4tx7 ؠ#F%W[*1P,rY87Fp.?Ai02Btr@@4qcP!hTNDC8GB)P]; d2cNhMX& lWY7P[ p".f+ i&<E<$ozc`Q@fc<ക *ֶK@”TxRwg"ːΊ~Z\D!Nxhm~ΉCdT1No9$QgT jf_NѯHfndYʨCМ'MfQK/w[*0;,.<,b?9@(_Y1۲X[~B9STJ#_E዇xtJam](B+BvM>?s˾UBIzRk@K^.1C#]=x8Rte))qăK郴P" T[陕 $WET /jVK/7b/_/mma;P)I/JOhq5<<.zXAK|9kQ~p(J6ng6,o!I4>sRN4g6=Qxfk*!3ׁ_dLT@.vTPkZH@**ћ6Iq9vdUALIׅ?٣7pzRd>?>ME-CDɕYo .aOwq.>@r茚OP}0<7i¤&k.(sҔ|x~/UnSݖ7[WoszhTJt(K)ꓵ'X<%la&þZ?.1DZW" ЎE:=hg>2y#pdNw .uKWWN3nw,,>=^EI,ʊ/x8)E|N2}^E;0qb' ; !vD*4#!8(vH07Ya;7pdÐYڡ)7(ZR: $s2MNa *.] .Jf71)b+љ&mNy""-D%i0q ~UЬ&ɔ_lVID}.NA4>QVa>nU*2ϳyXP_$FR{c^?1ME>JROE<\a2/G[y>Ʋmd/%83;,E*9o%QM,[X!F3p׮Wn2ۺy6~t_Puk.a&V\uV\p,f6$ {M *dUbOڮűĹYe꿕u8K y=ćI*<^dHK\\ , ϾFќ9ُ<{[-VhSs7 Xstֲ K)U?zU{N\k( \IMZ TO=ͽUzFc;)mIK> YO^7Z/2NRUcXJn}GQ9:¨XŏdOXHzo,""ʾ҈:;:Pl/kcRrl%XkUqO}=odp#=[J-vc$9)X,l)ر3q3z'hGr\X{=0v\mͼoV-#`EQ^I MlRtmwhֳ 3n+Nߪͯ:}SfJ;8킱2s pLߏxA Ng/tsL&$OTVyCS {jaw礮RydצI6^ņp[)t~+J&6H` 5 iKrna6ڔB)7t-϶@v^ qA>yܒ,CFLbD$l:|t"ŚшkݘIggwJ EA$  ivAP.{մnGxv#ݢZ|S(Xp4~6{|ވAgT۩Q\E bg.,]P>jbr}H鬅Մc?h/ mnf#*H)>J8 QGYa̡em~j?%@"dUAbTjK g0G\*u.">&Ln̰g#Sh"!6`w[&kyje&rQ8sBkޝUp]d+&D<&È3`uڂB==B*\59G:F{@ot7 _Дp#ǃs0\`[ d_n2lYvLBn@^S;-L:);zu?Uq"^HA>lsiՕMc>hI'qL(B_lWzCeYk.3U%^(ze!Ԉ^ڶt\1m2Nmc!/1f]e7[U>SQi1s>f 8pݤx\SUR\BTS1)QOuiпD^w>`i氳+GTmRҶEAk꽥{ZMi<,'Oǒ5\v.{u܈" ,_@vmqd vą/&${eUA'&YK[q)hYYcLgJE`zv nN3JJȰ?e\>7 ҴdnWpg&6{Y=e&,&yaG ?u/>Qctj2r:xZ҇q"V+tm`,eD7?mX=]9k,1a-t<[V*翯:҃S/:Kol@E⑽bazF'NC Fr4iA&oYE !Z.; 4v`U(|uoNPB`\#t4E6^}A4₊FHFM &HeowmbU+!y\4O^K|I6{t N_H y~ۭ =9QJ`vMy*'0"SҪ b*nI.D^U%J.Ab΃l uVTo+aJOS/2|j2ƛ0H9&Z|qTT-?7LTn-j' Y#c̛A9VEƣN!}Ј-.%k7^Z6 8V@;vvsS|0*)Rͱw;mXLlNxNm3׏Whw;w9JNR_;@8,*$HhI 4.s_J:Ṋ؀BmFd>u6ЊdŊH`JHӧ"1'3wٯ[QS/rv /1tB+ؔr9ɢwXyt0?B +R:r7;V&]fIl׈6&̰#[v-%xyy #vW|+:Rze:H%6P%9\zC$ZUB X@jnTB;[\<‡}x=my9 xa_ˎTpC֖|X"%QA2@ֱD(ى<}AqҪ6Rr0&5:ɺl2~T Uipm:VM_G2w ̦=o̲ fP2V{YP=JGjh>p*9" `T e{d{Ӭgw!vB-ց݃~[m:CRELN* 8#~[ ,Vl %B/5) jq59ȗ-Q}͞U\0U1K3Nޒg%n[; ZSmqsot'm螢csSB/u g}j|†bԏ!kHQs y!InSW%2fnĩE)V8:5q]\)_evThCsO=2)$O yIZ TH߿wmL=7y!E&TXk>ŷZϏ+^sU"̑Jxiȸ]47F=;apssB>|)pYG , 펾+-叩[O\j-f]V Iꍊxeu6KofT\&y)?,Rjߩ|1thknb蘆+0#[ PW^`z,pܞ*$* 룣Mb*Pf6)j*)ZpqaS\^-i,cw$'X WtG:{ [t:n4'aHWyɼU=,`t=ԏc˞5QVPW7KlhB,rf*4}=!}ב,78AVumϟ]ENp0@:{Hd&CJYv[Af.I:8kW V)D&)aPprT}32|2 eM:@GќkTxB*u~?̖^E v\Ɗp"nM /,"\i!f-D]hqj'܉mgt=ZΟmI,dzu_r@9 60{ýg޺U@Z7ӥ>#8'w)O;5duL>wgYE"_/t!"xp,j*]^E [a0nvNfA's j,#/P$φ79x*1}RAF¤0c ̬s2\1yhqd]|C^ {FbV,iK5˧;it|X"EA$zms^ck!PfH_;dehNFIƣHvxXL%ə q-jmqeJ/\h+r"S}\^bViLeCIku h[mYÛZv)abp p @?/1h#ߙɨ|HM ^ ] Nʔ)S8]H{ƭ\2SH&'Є[IiEjNIEY}i)Mp5lz?%[Bbtgv醅wtugf8S*RQ*Y,J--;TyHsWU$PW5c,_\tCFR̓EANjX0xbQL ~Y`D;ݯ0N4+2e ѧFDW_mrNi4I>)t/Y~4&RXF>vZ,^]Wb#J7bF<;oga,$juKM/&MP<2տ\zf+k% sqRZf+U[NL=C=Gty "'FkQy+Ih#<WMNmV>7g)k#.( RPExDz/#wKK l$Qx-q>X.z$X7[=/{衭&ȽJ2:$-9:UN_l>Hf׾g}b~/F@_BD0޷y R rw>+!/ 8y`|%xuZ'#˝K6`]e$g5v˝(p˵C|~2 j;Rl9;eqP?fުBz67̟>WHBHuu_ZM ¸ck{j\U10|&། eFgcKC˸-\-hcy:D"ٺnt2)*,'`SMF;PT5!-7Dt@Sun FD"yylH6=* ||L4 R8ݣcVB61(&#neu v ]1FX~3?&*f7 w2tQ }"Phjvd8``Ғ](Bqf JBj;P&=qfi+s>F,Ogm*KsJ2QnDڷl}h5Tڠ֔"{9@1/Pe?eiFf:M %$A-m]O另ށBM p-Ql:+-]Y# #nQ3"M I]={8`ǡs@г(Ȇ9n8ϒ,"#=ZK}7$ "?macmC@ӛBX<H칞Sc ?b+*l.Ι YnFŢ`Ylpu1ۤQ?)QaoBzkǗl-erl8ƏրA8~,f; [ϼ I~ W (i7TXtweAeƃۼRŻ!@- q ϋ)q!^LAD LhFx LZ]ʓg޿GB1%I&Q$@s~w#m) Nrr|IIih}84#& 7]Ud"<@V̈́[ ~ 71~:bqmY[{̚6՛z Yl[sr/ t6VEJc3C}:;%$|U[GYEo"NUx" j2I ڰZf_}־zJ/!U"H{IoVdOnhjAO-*y& 6u#Nf6 /b[$ܕvCX>Jug/uhWFY+C(+gbz NHSr>p'mio{Cx_ Ew~G;BmKp誅xRɥ9-UtEYUFDmyW}CM,%[F󰺿/$84(.cֺx2q [k(X&EȎX>reym‹A/($dTՏpG$z l 4gb@qybPMPhė7=ۚ*&kBgSs esYx;HxQv@ a @lG)ce x+g2RȊ;6 [!зyKD\췖86sn1*$!Pt/@' X,?) 4,k"Ra"c2/DݧtcMuT0Xo0@%YIӁέQ#0D=`w~i#' š3[ӏT& - ubPc#i:(W}!XB6$=J7@sʒ8Y 064='JI` Ӟ o&Dx\X7CLGbL6RPl?uadaNs CsoLcξ^ޚzjRԄ5/=2]%~ cJ >&Vx^Pn=E_5 `͞|7zjDjFWKH z`4$c]ޛaMP7?_)U`ysP|rDʩ[SlLm^ Tp@q&{֤s};Џ&o%Sȵ(0BH/΄콌2ժ\]^Q2?fѺ-V 5eCm3^ԇ-9GdX[zc@J8kGqIJ_@'\h E`ed{XN֔ HK4Ŝ&bPvl Թ{O2M3@ӋZ!/^eWC"D*%BR8UKi< JE͉<eJ;R,FomV_kZBγA" ɧDx5 HAّCJ!Z5*P pgm=39=ᤩ-Fa="L|;"e[˵W1|{r} 8ђ!-F6Ƈ&̕y<%)`tB\0\W))!]C?)£m4})5D84A?6攸X (S!mCSɅ[SsZCZbv09;[ň-82)PL! mC+N}'~cB_F>=&_"^WwXGG<:56qWRp"ADBBvh6a# +ET$BЄ]e-peA ap'xP-XOyZe4LnyREu<:1N,IOK;Ӿc`_1&mD{47W*L*]XWtSOVpZu-ŁXI7 +ʀR6SƋ i?Br">bݺ'\j~ljLkbKiIK`B!v['ƌӺ<[[IFd)RcuZuv7VXxeG_Asޓ 5+Yi{&^|' rp|yZDRV2J)[MrK65QoPfV1W.MNDȈTCԏ'X9ٱnNϠI.!Ve Ee4(P <A&#Ųw >϶Hk= jB~41O&V3ԗ}hZgkA?`t'}{`b=S $TgOcN~L5Q:MIUQMónCӇV+dhi:5"Ž$_O-@[4d=`O6u PØ?hReRǷ؛=NJJD[Hh1Eƶd:7xwômE `Ov _ C_YTROOҫWGݚԺH9nP)|o?zKΒYVZ%xO ,gYKtC\:3X<Ԉ-RaͧDsZX`yNQ*֎oW]xĴ D1J/rV֣*N9RA vژ,홰 bV)}4Z0aןmPAfhbt,>@pիzJ+iOS1c" оp55/5%ϥl15U{cߙ*2|@I]rR*Rz5d +Q:!M6 ۓmZ]cε=7]19HY.X{&wk Ha nj̜mvexU,9{Gk,!c.4?e4SvW"A;~tl-!0l勫 . zAKBQbXЫCD~;u@^g%MݕUv_νxkjHWPM?ۭ[QnTg>n*"[&Tf߈trԍ6^ i3 >P{δeQY_г+^\E>`W Rd:V{B?l*|y4Tbz}/ cx*o#AsUt/O8QN(Arh/ :xͷ$_#u`l  p 1pY&\--ƎZY'"+㣫PKrB`ZVL+ߔFy0ͩZI҂aE׸ Klבp/U9'w5/vtV$ Nq fMn[ #ޚn`IG_"8giȟhȲ m L]7:wl3);)s }tꍩ>Hw2bvM3>O?mn Dhc68bns0b.۾0;z9()mwl%?|nE[gaZUP3n\%Z)~=b@piYU8c6FM_s<>*Du &j]Ysl ≹?hj-A[٦i=æ<\erͧm_# Q;]1"$?('ؐNIȤKm do} Ͽ'۲$'K & A`W {Ϗ U~k ?[;M&6a,(8vdwxs]`I?{D F83Oȗۺԏ Bn6KG/RxԵZqhj͔`x^JrR-mK?Y@SƊm#Q\r{5au`ҭV8N1`|SGpژ0f*m|P*qᕩq ty)PZ/#lǔpA* znՆiM%o ULU)S'PY #"uͣ㪏qyBVKN;[bWhh5j%O!Qh0p_A)YcLQD\*=+ByYS6n}<]%_XzP2seJ^(솚6\+B@[WP!Km+buJPTZcogPRC$8Uuɵ MԒSn[ v>atkf @ytws[!Ш:n!d]"q5Q &ZGf\4Zf* C\ƆF2AP}d3؟]:A'm_xGYRBpw1{#{OM== ץ8\䘓*h+!ڙ'7܇d@ mkԿQ:y> dM-;* yC* eR,Y[1oPG Cq!s#ta~(#ßI=`PG ^hK"U\ JUB8_萻LF'$; jh[X۶tbq}Hpfp!Vo[D 6%R<ϡLRJŽ45$/ВЊEZBo#0u40rڔ3SKTc\fz +=7[FǫˡnE(4gHK[#Yɹ˖VLByh@ p4 $-A9KvĎ' %M͔)BĴTZw~-0ijjt*fv3f{w" m3!$ʼQ359σf.MJ%C檼װ81:v^DMÄ:_8\ճ?crE;L{jX :boK& _%J6g s^[BH#=9/L-].c:+0..ΐmlR:Aoem\T|B;R<]}  *QŰY8 p74 |(7OC胰YV[(XoC VNSX[}ޚjYsضPG o%wCF2;M|8o[ʙKq\R} m_V[;b mĚxz0ʪsEP$|QC$(I[NĎV&߹߸qbCcF0%qgDLٖթ૙Qǎ؞eMzc*%و?3>N*vp농닳A~~cE1XfY1*gMa̤]iQu=F^ !b#ooW#HMf44i*Dzz/=&B=ㄔդWKd!ZlUs\O.gtzXSآAMNlBԋ3OP .M\'39s%-^[86 f#a+-|Ǽ[JMحD8Pf$sk-nqRDgɄfȎ^d /5IvӨZ2e`D+ 8 Iq+L&%=36Ruȶ=Q$k+tk8Pe 2 bK%Rz>1JB<B6Ȉ%>QUAOƭ*h#I`x;Mf1L ` %M0hc[(WLrRyf{>RYsؚ&@ݡfI)poHÏ_`5,0}LZ*{ˤ|/^HzRmp'(Jkb+O6pbJlDvR~(L ELpX+mBo>V8ɵMZQuA}0Eg\QϻbA99װ-Y",:Ȼ]=VYש RB0g`Mά}5Fw31h>x%LD XJ~p˻^USoͰ9Чᴨx EDʴ["s[eY +6v~ݜ_Z G\4&q>jg`{\٨vgCB )z @i 5{`a=V_ќmb 65}mIdu]T6kK29Ά1!i2?^M`ֆwlk0&ӟxN@(*Ƶ PDy[Znġ^nt7 Gɐ*>1vYaAzyMލyᐜ#3X'6r/] rِeJ*szaC* y`!:.JكAksQNlD7CU- qQLא>!KboRn]W0oÚ1sLrF^ģ#&Չ43IWT2#d9؎vXX%r=r*$U#"˞ Z<i)}eaki !$lP* 4ٹr؀4Խ|\O1 JbV:tόoJ RT%)fDƂ,>赱u;I";sNڜ}5@E'.𐟆dW"Y>R.`dg hJ> !o+bPwN6K\##b+AY4m̓(oJu q==wNŘt$W"`4JjT)woeƕ\ Tաxܯ~gsqo |N xE*tzI >>7qĥ 4 ^bY~ q9QS}Ka")VPA8VSJ 6|܉l/%;]%P(@_xUb*a6X,Ņl0=Ukf*>} 0` Yet}p4E9$JV%[êF;޺ܸ.-o9U%YhiWE öz/">rcPx  "8m CPD?^#I|VG"ZE%bTH0ݞ(9;(Tl&wbhtJ,6 ~3Ui崋yM6 ԨbG=Ѵ7Md1Wgdq '-t[["a2쓞Vaߐ 4Qu0cKAƽfBݪ~yR^Km'L)0"0He(k$1V5ZofTo7pzrҙ#y*٩[F8C;lw6FT{.i๦NÚ[J=]A޽kabډSÇT_BZej<Оo2ׯLųB~!!7:)͊^|2KeBe(Py%(q= UD>h`1- ZLo;CXME?U^8Ӑ~o)}.75W>Gݯ;`Ip`b6v#R TL_}2|~`N2/s>u7Ψ"ɬ{!ڹrjJT`Ezg M4(&o!Lc|e#\&vy;#r~54s;E(Q3ی<.i19԰ O) u`>'DK#'ZuYDH|0E+>_AҔΩ(KX*L'^}I8`uT/# %y%2sReĀ;3x6:Kl/D֒/qcv I@N  WN˯rBUoOn}@75'r5yT]S|]E.IkAꎨ|iP~o0‹@-Y{jsμe,~1+' JMLƟ/hrZo {˴$0IX ùAĉ›rM#/zŸ-V!wUJX#XUx{%LBuR;| k[\$Ŕڜ9 sp{ybn kyBWb\y5k-!o5 3>+s䲰#=A\RaI z]Ora;%u/Bo~Ē 'm'#ڹN\mc76#xP+htÁtAghz,/5O~N ŀZ9ZE,K*lgrp?ʿIBuQ'7"x_8 ez7<<2N"]K CɆ72Bvpev.xR dwzՖNFP}ѕ o,N)_@o@?6_;e%  ٞc0-X+D1 :W.Giȟ>C뷼bc?F1W0/R@³$*Poa L#Hr(2p׻.X9`+%wY,(Ѳtb>[ʢbKTaZ]]; A&rm|.' HƂ~sW8:n!)uG `wj5PZ? |{1g~t A1.֝ Sn=ѽl-;VnXV72I G!rx!^DeL+eμ\;㭯{(*&$Z.iڝm=}mt C/bZ RDm*wTpGLEWHZI1W楘5|w f堍w?҆^ Nv_]%gxe'rm}"d$~>Y\0t''.R)G( 8ydO)|iz3+UɑyWa 3yt(U~^Nwg蓽@z`_A6CSGĶB5aIGP6fN)`EnF$ `1%|(fwpq_!:kpWaq-қ:Ya,;K&_8J;.2`cٖ@=21;SZɨzL`%?S7a``æYJÚ;<ü_[DtnTbY˼ڮ+LIChiڍR#^ݯ4mTlsSKsdkPwG%9mr^)gDg$ 8?ImfKvNd ~@htuzv_}&YkYx m ?jSבE)' E>{Ʀo‡7,-#/C f;J` ,pWrݶWfsmDcot*yRډ$t< zD5T"ك~wim7@f-Xuط0F ۏGO1%Ws!P+|8i I8s8Qu`OF) \@ +rB:J _ayK,~gGה$c0kF+kh`"Gրdhvg_$yp&ҍb+-;h/D>eFVTxdmԚ̙=z°]@v7 ؝YU!,ģy^;6†;Gc8!{ؓq’I_kq W5FQy.W'u '&<ͽe,?8eNT rc07 _qږP%&-;R`p !N7$'"77urhxfEk^}B)r*k=Gi6~x9;b0[iEp=ȭE/! Cw =*:X)HQO\ߺ=Bq!IQ2ӱш ]I1U%LfD#a}1 `Mahg.81+ꊈgx0KX~;6yp#|aD +xXL/2ݚDn㘓]`f>j/MQ> A#RQV`Gw"Fј-./ic\Ɍ"QMZIr;3fkxMspnŋfܽnd͞?T [;Z_Qh`9f|v3-[z!imIV,d=–3gr'OQl(C3zc 09j_kfk|f*VCE Tsrq)ajF!/]ilBu !-ZVpM9:GG'#Kq'! EȏojIڌkHe[;ᡋd\sX\gS@zXw6V`ɽ +c JWCpm8x+FR׹bVzh *ZTc0*?e(+A|CUd5ljƟ.2(*J~]&֓H^>ﱣ1\(&ӔUf=|[E@0pbFx2) K{ 0tZ1Y cI_yk+QoqmxM^MyP&$\Q̅ڴl ȅ$h@|ԉQƨLE>/61F8}̃BO Yp L?ra=6OdXGmm}3̋=\k4_Up8A=Tطcaai_CP7S+}B嚰AlUNgnB9h֩ 7UQVZ/jrm銢*}nlKoO%$XC{2vG5jFl!1e*g~>sQZ$GQare,.M"?E9ڍżM Lt|Dbsz @Ҋ=| <^m #ۍ&=H(!$x)rGuS I}~u#Z|\wߎCS%>͝)@<5Z#e~>SvjHaw.eeEkDF}hRz`r3 e5yG:It K};ɠ߱H?KQͲ򑌷1w r!ϧ:fm4CJMJ-\0mZ|(QUr(s=Oa#mInaGK^Hji58h&t88m le!-:Qo~\|5כ 2:&ȏ)U!Ke+MXEhC&ߗu,po%c9 3)^`};`WF\="W 4۱ ,~~SR9{|<'̂qen{ݎi`ft':Uj;Y?'wzޏI!!_`BV"J4. G;9 j{NIdWL \Lt82ݥ/NJ-^̟2O}D$3N1UPyIX*9Nˆ:`e?l_G5!"<\| &v]};D]x鯿+| ~s#.JׄԌл0~,v΋D:i(T)ѥX';M(ڨʂN_4 ЬoIeҪ VEqu*VƔj3{L-NOB>[1aiԼO3Ҕd{I#&6qƺ H4rknU]}vKm9SEj5G=b{Ak\N9.HY#hL(bt?%Mzc5Ōe[}4;ɕ mNE8@}Z֢%sO^=|LS-# O{42Xy 9Ey.*c6mpY [tIppˀGL_)FJ:6X˝jMiTIfQr^e48.--!3i@kBIȗ ^Y#;I9u/Q”kn/sԖ(%z)^N c)+ ɗADr$@ Cr"[KLo{Truخ_1EF2+'De.7{mlO\]B+\wg7cGsRςTmD?٫d\\R|e+_1oZ6m~48j]o.!܈;zЁ2G:_CMKn2ʴG@$7Sr#l2< v}%WWŢjm௻{4z=yAz24 CQPCx@2_&"*8Zkg_ )uzLA{FpH2.̮2ͩցigǚ=kW-pZ73X#ܪ^CLY>[ U;<ɣ5A@̀Hpâ|kNj+juo]RQ~%p`gkV Έ͊nkgerH̸ Jȭ2pÞ[9qJ;U: flҞˡ;%]cѡ6{dƨ5<Ͳ$E<pB]Øhyւ?EͅC8E5 ب4uTW(R4*.vӂIMyL]ujt4TB i&'TNK`Aƫy3GO/;g)*3TnejB_5Oq=陕1Ĉ8+x<PL 'ro6'Uk9?$:I*$hVM}{{~NJ0#ZPD: isƭ4jI?o,萓*9+1Wy?0C?,;sĊo2<2`dSxIh0STG /YIC'I2-\1Rml<; <.m/`6 N9XʮI=AP4m>9B"j*VwaXd>Y([}'ʇ6>AWc3qZ  in{1fiךB;5")_WZ7=RYؕ 0'ơ2Tǹ °V~gy z^ؕ G\% <Mj3WZw>v$Z&Ap:rKo{+]*L#\q&~QJTL}Xs6(uضz!ddQ$;P`DNgsI'r `4x .L}ܕvO1DW4+0ҌU25>" k{ sA8֮pt V4X[࣫<*'Xr^J-E|wIc֣m8Ǜvz5IDգd{ǜ.̦G!PS!VJ}r$mKHzzRLa?zb$vw!,!8öK9UJ9dY-Q]!=B 1+fJ GuM]X,lmxIh=nvy.JUz3P1I̽n4a٢{BRF`*2,o.O +:Nco8k^\>f[oJWxsMY;+M"V|539j$oHnja*Yr11ֲ$ U \(P] ŖE=)9.J]ef8)9"Eabi>*5.: IH8'~<4@؁cn nCHypܺF,F읾|Po Estge14T!jizTO{J3wk6aZ>;nw_#TA]ED@]k--8 QWYE]e43N/,*#*Z9.RSQ%F{,Be!hh{p"FLӚ.YӔ|TҪ㘮ob$r͜ Ӭ;,mÛS APJ)x%>юa9ͼR $R׾3=ÄjoByr* sx3/8PMItqPE@Ixpv4-rbʰeF= dC2&+,ba63'q]_9͞Ʊ}э1Xwu? hћ;#N3Ə1Lpn%%G)+Eˁpc05oU;)Fs)GK\ۡ'[Ł/Nzlj/\i],tso|o"JI6h(}AxK?hqBQ7rhP]KM2m\}w?ݬoO|)q}p"::Fƿ:S@(*2AYc[Ǵ]'Z4G³"ߊcCLo3DgWQ}@LP ijn S;$5_L؟ i1fўG Kr߰+doa=Yg؇uXyhQΪSss[>**?y\B2'mb ,}{3ҳ^ Qr<:Qh`BA2 ]JdƠ+6(>c`$y`%mAQȩXزoO&W韀s BHۂm& oX%~OĖBGٯ7E%8L[wU=$5:8Q鲤 #*=2ծ;?#bD3&Ѩ60vC72S fl:cGW{~T75&{jSjɃ _G(fNBB(iz3X:*q$BjTe*3\!lio?7M_ !&X#( sj0lu6Mê 1Y6K-Dc48Uكj~;Sj.ĒBmV%qRBmeRQCh&csuB#%h66˰}E[IZcfN]pyr}w7Q-^dLPg!?UX,߿œIjUJf̩8/+GA< }o#i=?ig'vQjs2FhrsGP|ZdB}W%Βq*Q?4TK8ĬN(laPXۧ}"I5␪[q>2vn3Eyßg dBիFVcbzkXmQN& BvÁcy+ϕ[+l1 )։!T:7yJZڊe{J<Ơ&Ө< Ȃ;'?΁+M"+# ; P%K(/:q! ugbF˺I_WmBBMm!m¦#䣴?-TMʼgY㙽&V5 i:*7i_)mHu/4F Qzh^ܮnZs4|$zWUz `Au{t$[WbX݉/H5? mj~F g tOMHTvݫƆ̧[ vlf=VN%:&YQ1rI$:"6j ڊ9pe{> O*5̕N( pq\PK;&kuK}?[Z 9dJ^.N̿Gic ϱ۝5"&#lz$8$*w%q)e T{pYE3ԹP:9RjF z[_Lm?ʨ;e-⍮6gfcH^(NK@h3ޣґK>5_mlNsu6> 8msD*w<\J uD[ms9#u|+!jKPC`Śg뢜3oCG%̗ЮFi09XRQT*~ӡF;9.LVЮKGA>qۖrNayO&104޴ҍܿt}YRF6꼱5" bDx=J>xT*+?O3S-> % { ȣ\?7#$DV6K 78+4ZUQG+OIna_;r26)d]&+SJf5Ct .C8yQA>4BO*[tk[ ]y _Jڃ~sg*X}BDM)m%< Q WBK{ a3_-e"o- 9⋃Ƞϖ@ś)gHʸk!07!aw{\3P5Ǡp604m?q4_^trvG4MTʿ9|t ޡtd  ch&`=QaQHek`dV=|%F"xx, xEC!ucdNjA&V;70n~;9Y+q퍚ߥܤL;9=[o@=g4A"K8D^)]#$Ew/FJG܉hTeKzIʘa^␢ Ϊ[Vϧpد (F4,; ,vިcz"$@sszeF T3kG2ϊ'm8AXCK!gbh&McZ>1yXrh*0A!Pl1?o:TYAVf[Qw+q 9-.,͌LT&y] 0*`3e҈&%WEv})V;͖{~} |͎Vy&R twf4ј$2??'_/xN=L6_b=N]aq:&y_< c+Ur_ł7 7.>س|=P0=1DYMzJ #th N#=}TBiN cg'p ,HdM쀷S # M= *X RrVpJ\vY F(ĕ.g{T6wetR61:?$ڃZp e#8#&**CПHV2H=_o)3|hM1&ޑ;G'N*U8Y!2 F3YXнr|n#T徝F6a;]5ޟcwlYp2ߞ6l(`7I饔EBf Tvp+$]waZAG B#SnG ʜA)dK4}bנ5V[A}UDʙ{Q>г]j m^ƛ}FcrHlh8烞*O, om2fYKNfyuॄH Q^}3+υe;м6d6,˯>RȜehk3Kи2gU Ճi0i jwY~¿mWgG5uӫ?ڝ@P3O*eݭ,ǜk٭卣tOpcO?\t0ȃm%WZP ! ᪡i7n&R!ޗOS& CT/Nf'7fɍYa䖃pެg{S/UGšrwERqq>#IG'T܁&Bg FRq >ʿ+ZFA2 z^uP"3=JBqVMCL,Xm[(aLmeOp6nb)48"RW41j><9ud/zUzRn% ms;B1IX4o*DQ6CREpz>۵#%j38Jb^;0f=ߵ6^RVA*K⓬-rarFo:$l{4 j"G˘(س]epeLx!~W KpW ?fLڳ*3IyGlsNj]nxd SFkRx?sulr6ymSyb$A2S +RֽyO{p'QflNwְ* ˫Uw<|=IXl N493: a)B4ՅS,8MQ <%R)sɤoBh)GjFv5sxD3fCK}sT8<>NAof1-vy{"ZU7IjnzdiD5])%\Hb^jSz~" b*wӂRd:?`_GJ?x4Lz*ye+ΓhT<z9 Z6I̦~U[Y4ϣ;gaoB镬 !quJ*b wSF-dF%"8tRlEuDO8P]?=ryc;B >W|I#%3{P,2Ʌdn8g`aǧkӼJHZ6rƟAznv pWgmz~n{[Ǧ3;|` L_զ]C-8d{qsK:Dgu\{bN@hR4:K4jMwհLUFDdCpê@v*_Kmyj m`DI58nQYf/`& - 5X Y#s)}i𛴠>ѱ^H.x#-gdb 9()@e{Gg;o8 a忊GAf* oq/¼9mzwC6l5/3p:oq6+w>_HRUݱPckW$]ڲ8{Ɂ8Ҥ$ZµsprPAʱB7γ/|8W@$ ۃyuk$;DwsTz#B@2p+c6e$A)4f~VVV@]} =7nh=Gѵ 11,&@0Dg٭2ln;U e Ϡp ީZ8&f cZ:z:(L=ٵ&C٬;3 FvGRY2Nau,TNm=BܙeJ`?_^tgpk!ӷی%ȰjivyV,?Rf})tJ(@b\¬!vK=(-{X~8Qm|g}0I~w a4ֵH(݈B+.(.hUZ`ݍOmR7Uާn'YAl"?ر6hg}K,={k ue2vK%:PRut -\5dͰ*Z*p UD5iIU v+4i c wrLs^K_JoB51+ԅxQ$0BɆBznyDMzcJP*ehND|h |'̹^ a%ĔL(i>Z1'Bm.TiڀB{؈mBWt*X ]2 ,Xw5dzV5_ȫf$u<>G(mou؂a|/^p+ܡ3vUv ᳚) ר9lDh5ԝwqT|=|̎kodII_P-^8Ϲ8-i;K#\qQAx,}2r ; n،-ִW~C+T`3)CS%qNyӁg?ti3)r"b|%*̠wH8("Rՙ1[rNͼSxrKr;m֕~/J/Gn' d*)! )ij$t2+zQ72)sf,ӠU]7R!AFjRZ71X^¢װmE-K*,-z+,OFfs<)ĐD(+gK>r-`٨0 B+Lr`,n6zwVw@6W9%iE o߈@~33"Z8Zzm;QإG6)XSlKpc=½79Ėz 8nn߮$΃3q)n3鋿Јt9[e5t{׬>ڨO 9ebmEyN5 $-mh$@׼dz}P8ML=z|¼'D{Nڣr :1M0- kט/6a +с5lp"V\F,6ͼ,?U\dR'ܚ&皉HeJpwE5q%:=0ZĴo3a.Slj羲 &W{4J4IW*mŞ:?_c~4]_^xvĩ*x7|:@#~Xk鋺;~O1#$]q[ɥ̲&"2,`N.ՔL!(@2NHE@S!%<+K 85h"j#8ok^ .фqO /D3zצB[gΞ!2K!ZN5uDDAȏRG61/-HP9%.f~{ߗ._V kkx|{LLhn;mep7c @;.4( ״(/ta$ŢXu.eP33f:6DE+  {HbPN|c2_ZjDҒC/.mvN(X%YzdQX BehGjkp{k3 &! hdr]^}FR_!YIpH)})'XGϽ  Pu ,3C*S1yE/"+(ʽ%MgY\ 4K+n~@w}؇;3oդn^;:.I@ں'yw˝GABdΟ>A=eg&[.PJۮrj=n t:z'@y1U[C;9[jvҩITCېPx . kUk3<K9$Ώv].GE?sMt8q_"Q/W a>5[ՌL j ,ܔ 01%2J~N {w7 wʗN6VIйݫD08ꂧ*at}R[]vK\0kCssjpW6%>\w4W[$#CY#4]Sh wO$9\WX={_1x,4>@>X]C2"-29d;5^ϖ5Kzj u|oY k`]= lЊ5M"}"H8 fz{h^E;ݵf@M@WROa+nOzdž%~;~\^+zzDYyH[ ,, F~jciyNT `<dk/8F9eY%x>2~<X@b,ɩFFC]dʟV[ĊVMŴ| Ct]%w++vks9{РS҂ϥCi-|<扲rHgz-Yg#ۥ$o6t呭 ^U)hNRAldDfeX[g$pa@N訷֕FfO mG89*J" I.uhgi?k(dLҮP%!{1mkSbK4Xj z(H R2d1| BK["\+3.Ƚ2=kz)-(qOiý*[dYΦ-N+z[ȫma7ށ *S%,Fz5 C;vS&O%(#? ت!:tmB^] |` K]*ɕ1Dņ" ?A?-Im'oxDYo:{ ]BJdYʇ{!xMiM-m3)Z ^K/3&A~Y"$y:~^Bnq,f&äX`T5RA&cmsT~f2MӍ&+9P!fy43FZm61b<7Njum7$C%3DXXw(MtѿΜX{=ue w1-t"ᄊ=Pɹ%HKWER;s5Dq;`:lվ}‰I޹`X(#0t*{73koYyY[/9uZlo`ef:: &lYgI[^s 'Fb(1;8 2 *0`[P_LZDf&OAQ&Nj.Nv%U=5*̜ny=ni<,M $12Yw |CqÜJ (Q hZPq7-b޲1fP uN[`PK{TzRfiuʤHSoxӸCG3Ft\_L☼<fg鯐iQFw1vmSq_#YMťp_'TiqD;a>nI;Sի)r{Y}ʵ7N GEL2(QrRsŞ՜4䭂|[:V0 6=UX[z^5=u} Clh 5[>a2v{G˭ 5M]Ov}pC˗gaa+iP&(*qEK3t'5(Y-]RbF}$ah:.c j!-cF 1,gNm%rl}O T}aЦ'·=;>o آkiN$sg9^<,|쫔ל!7.?O݃Կ *Аag(B"O~CScEeÄ/^>A3T ]b 9#8ӥl5SIR'YO @1_3n;&wpm#@Gni| m+,z1_?4"?5SN곆Φ(B%.f3M: *#Tdj )n])'<-Y(ZaV\g ae`JGB契C5k?o4t/VxCe29zRd,& ur! v/J)ҳ̀%a\+:Ey.Ey8&\*&Rg=[B>y(M$c=+T(>5`qڮ 3 1sJ#n#Hm@QpSqrg P* 0b;hzSW'OrZ%E)9MXѩXqzFbDU:Ķ<'dmnPKSfؕدRH2 2Q:t+N8=26`eʣNM2 >\RWCF Qk5äĪa'( JEu#gd5Tb 4V  턷VoRr*;1~BY9P 7I]^Y/,s!m_pi-|f8KRtq=jw`j|BLPDowg*Z [^lG=,c+qE%,S^CKB,[XkÃ}= B@ڳ5]w?@$G (z#T`f}ϭh+YH E۸1s?Y,'b=_b'<Ӊ}K#c?Q%; 9Ӽ֣i^dw GNA}o@(.`=|QeH ͥ]P}ێjeIC6>^Y.94y5́L{QTt)ȒY<;\l4܃'Mbӎѓ*x?COv^$c;x+!|] 1-Tnwǐ&S#y ݜ]f"qs"=hF +Z%ִrnǪ"[}Y=gzft?>*BX!\A>G*%Lfn4ZɌc2_koΓ"auTnOtɸŬ % ~ !#mǠ)>e^eJ,]bYZHDwVwM_~B#$^BU4$.Z)ЙeGlDZ :RT|OWs[aT|+C[ǀ' mFsl)͠xh@0*cjٱwI\z,daNO9͵E5"ugTXӕΙAJd -BԐrEe/ھsۗ{g ƞD)3?ͭ$2+T~Z/^2Zdpi?HJk_*dc>#l%~o,`ށՠatR+1") v7ڇ .I./䘊5hkbc0v{bq2!>-3R`޽#ۙ[V',uFDθT =C .)>#9*]MiGc452$LupঐAsˊaR ZTt~VDj'C6;i!dFLJ>ldrJ}Q.q~)|)?NM7ȕ8X0ҿF^kCλ\ūlҽ@gXl\=+2![(]1;Fl0ިWu:3Î/W6|դt(Lsm> XvWEu$(zj!U/&k9[0KJf1.aYK !P~hjD]!9@6ojW_i< 8T4+AQG&XJU}QLbtLUՍ{y;+/ Tz C9ijw>r"\aOGl@nX;l>d ͽ*?.sX"0N1!`&fLR&%^Ǻll,o-ECZ)7Ș5gum3pb|s$6eO6uDI^Tҡ4 zք̶I0  +d.D6zn:Mr4su|Sf!s`!EW qp%Um/q `l>Ɩ9+4Hg$.qiAl Tȡ| )ڍo^(E$`I[Ogk/HuS з%7Ify^^~Riq A@b~ ߒ49$ iSbO\ki'fr g(o68F1|s̙v:ӻ\0+(I/` D6}j.Hi Jk'%$$njrp{Ѣx4ѹD O[!a=ׅo4F3eGXHG}%knkTyf*n)ݔIn&LƷ1]v ^w>1m:GK&H^;tяAk<8a}B?`T550\Uǰ`o_)!0޴6͘]&2d.3f7}s65nF",G:R~">a>pO/Ç.QaV4a-M\ۤż'ͦ:qFu+ՕxV.|\U8")n"Bǻ*$]o*Ƒ(?Ug9yQg6bփ`>OP_EsXⰏ}^-iT=YDR 3G.9Һ#JPe av'zy0^ _LAƕ(8z0d}jH{1/]M rdHd3Pϑ;_sMÌTT;av ~x#墤ߩHrr[DK=h8 /uyȏVuͲ]ӭJ\@pP&$/KMyxtʰ~Ж(E M9tA].DY~\n`D{4TGd1u^8ոARԍ./C2 }Npgz(7C܋[sw ɦIq@c⎾S}G'rpwo5OWq}n9]I\IO|(0srf&^؛;DeL ]Z=tx!8QÞ "p`@OVVø&!`9r)d媣VmQk/ʄctbMnTOkE"d3}?cTƘD WKA<4c7}{pjӢ@U1G!o pz+WxJ{ac8&Y3| @r*w2u-wR'fU<]zG]7 9M?Yٕg˜s$__}_,M[㸸[Kzh%wN2igZq"oS&#ζ! ⰇA}gwQ<S*Fx['.*h³}0{rI$47k~ y5AsH &uh P04sj`e^Hȵ^ܝ;Ps6:AH\75W#Jht-/MuWiʑ xq^ˋc;v92 \o'[=;W.Nw^ThrƁS 1t,&O+*%,1KHCW+&+Z"Ž+lя0LR']潄 m2C9J9.iԾo:LîW=+fk4ꨀY8xJ[^HTs&3ݑް%f3ɹ]{Z`rUEڠ'hx^E\H3/)xD| &s'ɢoz Zu9T;&V1%}MosR>lp{Alg09&1* (]m3×xgj,f!ZjMO:ui<6ԌU.Iz~ Ruwf7;BeNΛH63 XlyEɆdm$WZ7VfVY @%W&w6뙎.$lb'i KB)ڹ~TlC::5P69 yVr6V[?䍄CnÀ* A&"G+ 0\JXƹ*ga'+nħX^2{!R\߾S?8wOzR[}ʝ]tbi42< $Qr-5FL弼TWqڐhypw %[l؛N!J} S)//KNҔK@V@*ʝ_7S+ud[1(Ú0 _ofҋe)DHq2>?)4O&8w WOcT-B̏߇PHޓ)aMs7 FQMv'H*>䔏EYWy_<ϥᘄ4 Ig,|˩p? % |V>.9–P VR}fgv@݌h{hO}Yȍ(q2`F'g *W8/Ioʀ+P.'݁`V/>=˾ڋܫ&F=sP:45Odأ1W$fGjjkpC ;ˊax-H.kwGSU@э㘵-%Nio Ffd#XJ qyT/l ]0AXYO=ҩ^] #bY@g%;Q&,^:i}O_X8iOMgN2s)Dt{zL俰G Lս '\k2q vQȫlq-tQsȅH$W695)v 7=&[Sm# %ԕ?&Kx߾ /#J K3(vcO]bt$kPd"PആYt䡐k+eH.u_2Bι"PvB)Շ"g'~#o@*f{R% Nu" a3<3%vnL}ƐԪx]\b #C߰Kn-Uzd@{'fIYRj߆$<@p=P#Oz-ڗpdlmLC֮V(_,JmS2tX6aD=dsVy52ԍ9H:,׃~f8cI:6i)ExD0`{EkFs7R8)b+I\/e)7Go,MֲϋQnfDdׄҁFDXihӞ-3e&\}ϢZ$m 9XIA(X ^ٯHޡ9XRfˣ([,zRq/:m%m55-A4m"d t/(C˼e2iAHf1:©*ң*!btUBnIu> r k#kgT42h56zHJR/23BdC Ю N*U{&i2Ž+U+ib@~10iHd~Uב\c0- y9Rx? }t)XDr#RbŪ=DoaA.aBJ:BRx?;\a"y x{K%ܢ%L{ٵ*| L9%ތI ۸!E~o[t\hv' *̋"3E&]HizHMn̿~X1 7-Oթo˦c12mj-ej^Mғ'3{nxsW|ɻ 9* (ç 7QVFC'.SY:}AzjM,ǽB©U _:-G#P"=^B9$Kǝjt6!5sV)[Hυ+̍lT6 %W}U)jq Fs&fJ̈_( ̜Ŕ OM>XJIؼW ?yյ,N rE đJ.e3[xYjS_蒎 |S4tiy l=.V낯 ҹrLДe㏽[>;U+ 1#*e#=eC\qr{OvP48 =Sܦлlh.LkV|_VZQEk߽O%W:x ?T]命Ҟ͚ƫDpQYS@wf3Ni5U\d0+'i/yFzjw򙤱YH$} N|)MYK\j6bȂ8$<]|S~ǐBBR@?ffsd -7T5acY6_S<0l!#Pd TzrxM[7Ņ'2yqbc~C#& 93j'_Vr9Ҿ/@+Hfv@F. w$h-]N[6ڞsaqPF1xl|_!4ؼN;JT1DG\+}ϒ yEi_9Tzuw<]NMGI`y(Lq02; ӳ/WӬF>O$(c@}#]=ERA>dQ{\Ro{a3޹EA-HBZ^=b" $NM2}=:+AsoOgLJ9 ӽ'oDflof〤cO5ses[P" FICB$z u;va3*<Ʒc*׾kd,ڨihMh9)m>(>].ӥV:M fiw$m4Q BZuemA>yd$H]ojUbֆhUiW)ao7zk! xD 5xƻ><->qчz2zD3Z}E}S~]y>%ׇUHGuZ΀֯rZU 1|#}.2sJCs/d]yo [`y+<g?KhJְcyM'٧eR՜74&kӌY" ?#KϿTE{#G+aAIR %d1[a(g|YjC+aHhsޣ v*?)[6i7W$wzfa ڍ|\*uՕt!]Hgr;oo ]713罂%E Eg%\>NL2 ~b:<دɫCi:k8cR!?GxBGn"ϪJڎJ+!.YW/$GαN Eu}5 kk r:lw' ),>mյvCk[A}ߙ}4B654z0YeGc?d##Uy &6 @O S.$HWMk67nXk&К >Ylirz/>*Ş{qz7ӠKp{[1SV*y0GLX^wa=:0(\ LW ĽWZٗȖ&sV4/8W?zr(!D7e隵\,Di_[Qt"F#8f8hYM t >ă v9 ǩNdkH }vƧM3%AdOC? x}|SqQiKܧ> Y'6RL&Dꐘs껴 v 챒&/OKIv-T*`` SD%…j!:ii~+-hMlr G3H!M]#xt7=i~.4@*QĄ drFӘ9 .ލNvku:v|8mV93,Ok*̑*|ǭ lB0J c+O/>)ۣtع?(ӏ$AkٽK;sb/NevNf|h%U[4QۙD>zn?X>X)v75Q≚!/rL8FQr>_Q`0C( s^BTtʖ!#^ɳ3)nk˖)Ny;{CF|j"tYL Y.ü U_ ˘@*9It歖s@ƨhwЀS]iS03TG뤇Y3mG:5&6D^ Gn1^%wodp̀^I~$vd}k[ƜGE/"̛c:d* V޴:T*ŭ|X;psBBI* thoA[ﺴZEV8Xqn,n?]a^ ,T,BOWUzz`8Ufsl/]myT+-TDd^ȏ9V!/q8 .ړ5+€B326i7Z;uBZ"?83ڋX1$J".Yn;(ngP W2{&M6}2KH7KR_G0hFaw$ԓ^K'v?%HR[9:د )PFfIš?r+0&q8(@C%ff:U 4I+O: Ճf)Yf  Q a;'1jJ9'NbŠ& ?OGYt^l[ H;NkJo !:G>%#Scu/M9I }.z_ ~JaZu_~$W [o xt(c`h{#lleYjN]-_h玺*5;sCtnv^'?_櫬ZZ'eת,T+LJu%3L&7dJnBE^'mȿt_arTv_Y~^0N(>GlZK^WC>"}IRt*1~"K]o=Q8{Li~&w<ư>!f@ oCjH_{ yUjL N~Ի@uhk~=x%◐+p2/! i $Wս|%\#Oo7у fd)sBk6\mݝ_%-3WmUJzSLVp/@K 5OԘN~F ;swӄyl—YjyNxt/=CdOYNTkı],3iII*N7璒Ѥo9pilYCg sY jgel3?xBv=_N-9}y,9ъɤAI'Z[ PI NCbXB&G/\I,YkEӌv"G1! РX ypL8oa0Fm,^PEV5Q=!g 0ݫyDr`m2SG  :pA#|r:Wm-+ԑ¨TQc1#Oݖ.˖l&{= ["u{68 '0oy&ԕ4XT T1oi[ť{%vJ[G溺V5׸x{Lo+ƃzm < t#+:ɍGS.Of)J<[ ߇:HXz}oV*znTi!/'V! 2p8GZ QDHΧ>]7}GR*.@)tBF'XbӉsf򂟚=bOlDYv|CXó Z,db*u iI'h+ύtسƝݍ.uhgl?[Y<=Tsy}ARk'd/ktIח\Ɵ9/M JVƎوݴZC/hCl[@{!j=u _򆝘푉6bڔ?]ߙ\7ȉ Eՙ&^7 vy67yQBIA:F:oPT#tzsfeQ1q%tOw,xX/%hK181'ط۷u 0GxS>> Tc]to^"meGDv &27G֡*/!e1\/@$AM*=8Nɪ.lᐖמTU"Pn`w/oL~Põ~z5v!"{ c[BS6ͩ]~A#asX舏2gItyH]o:Ǜ'3-|.rTGQX(JOWd5]Ri)Y~H} ﳏڰHt5- +iKt ))R7ӨKI#pm^BM^'&oUO1uoڑi;(T5yo^"ɅKvzUvXK Oܴ?aϔڕ5/wj.sLW);v %$z1$Arz W:"+?ܞxV̀)"DdPW74cpn2ģSCy͕Cǧ|5k_I׍ڸ~XOزd%1Y[P- Aدs`/BR PiehaO1e箐_15E7hʇʹ{fIS[MBIRh5 \Dle6b'EjW7ڡ(lO̼~~{g+ 2i:ef.P_CYp5o[-TqN Cch` VwPr1&b|ˆ/JyP ,1]_g2tM }}l~No2Gޣ[gek T/F7)uU%c|iq  7h]ɞ=ٻO,Z˲rzsW?ؘ_IElUtG"E+ĎoKSQb o i"ݩ ˵nr\=0ѪکI&ϐ02ۺvf̹ކ)3nd@yk!Uf!BT:ګ^ IzAՂ lON4ٿM9CI[灮uWyGlb[ϯMO}Q~q#Mw (s./0tƉ$ϕ@.$ht5 Ο4ƯKw3OTeВBcSC%9hr[ijݐąY˻fD5j]~TDJ=Km^ͱ ƶ>[Ra\0ܘq kY0v1^89VGRX Dd eTFh{W#Н{h̖%Ұ0e99o)d:noŔ:|P&i[|z+?&1^z-#s4|bA^rE5?q-^#  @Vs3;# fQIyPh؉_п˯~u.k |zɟ-5p :&%|ǻp}}wCeP;AHpܟOy£*uy(N`@)DP [G,=<$BJL<4r$9-st2;fN>H\}P*3~N-~ Ӷ)Ǐ_P_aut0l Hrj%Wb(m/|!?A}K<޾_h7j*3*&U~V<vxcx܍>ܺ?':tdnzш[ IŽX4<}=%vo#ՅBCC_1}֠'J@KOj` 󸪨_5!m4ɈD㝧 Zu=G5sB~+od![б dϥZOЂUDӏ:cm/L ty$jVwwl+FYķ7mӫ(JP`eGNQ q8'YkĶ$۠cHG_[EQeKQ9zǑ|I/;NUr|GD߮ F` !* JoiDi[,bdmnT"hׯjCjl# )c;`΋C 4(Y~#[)sc/X1)ĒƿaocbmJϤa~@@uSRs7 ;yԀkwðo35M{6nŖ|! r d~tI0@S>\snV4wCA"ZJ;5sAk'`dvgeyȩB4qc]sG'jsNQzQ/t6yLoS66Hߴ9Z©.OYMj¨`?ʨ-y$C̓.d޲ 2gi Zjؿ&/ɟṾ-T1(VB!=<.k6 y9@|rїҲQeO݀rzf D)??-idį^dS?f ϽJM(?%#^ZapCbzYn0F9X/Fjc<>n/7RO 2ri eTm= P+ ^~bɷU ϶etYii#ɦ 䋰Pp>"z}h[+ ٙKu a9Fejp֚T$ :;/Z=ވSGs qzD 3f95 'B}qQBGWLnL Bs&eaӜn{#K ۵2NMdE[eSZFŮ.Fȑ: Y]Yu\IMx: _ '7y䶅}=.p(}?H|Rk(&nǵmYb{{IAu(Uljs;o 2.3B͓:KQDE_l#FnaFpd\2IhʔAnPLZa#h1-YAQ^umΌ4ln;#>J>&_ "[Z\m~҆FT{(TgH|٨rA2ZNI Y8Ex$ʹ ?~9ٌVff@L$tpSbۺ~G&3JX2mRޙFkc礀!Rˆd7||:v1VjVHc4@C\#sۿ fmՆCz9_ JF{Y&rŢkFpV~) i7L.M4\!I#=|]&I;sbS%Hʈ7$2l؋0:Tt5xOx\S4:[!(t50aQ'%F\R_3,l(X{.N5& ]̉0?@"YdF|=N-_Hy]piVN AGŠaG`Hut6SC iT%k}MBHb N,Fz[{ū̳ȳ@^0HV)=:!foL%U=~}m9C`j[UPA#a[eUc':='->D\!vL\3̛I(cr\z8ZE\k#Wmy؛'< fn\ws^Js!s-/~:i<"OW~=tptb@ tSy/_棼@x]^84e7#Z}%StH]+rʳW{J?i'gض>dQX c5#օuNnJg{I:НyFt KylsR^`Z N;Czpګ jX""GѡLd~v< {pԴXaDvf/m;t=jl%co4;1.n^0ٜNIޘhxO/  w$nz4a8$) k߸$uT@" 4" Rh:Yhy7d],pPBhWt46nr0ȔuUNYG hPTAUUlp,_NБMD>J$w#]Q'?By7wy BCgs"HeUbIQ0TcFsF+g'ӋϊQ$n&-yv!NlpprZ6D3AdPK:7P*}[DmCk|M}v4ާbF4o4&Di{_h"<ޝ4 ȴWf_Sm3D?Ӕ#_2*g~FNDfEa_U1ԾȞA AX^h,)I@!сeDa3 k'}~/阺H 0'60B=V31;yu&k%w~T/ m;S $(o8mW`a\pA'}FRw;K+~4O .YڹiWIFRO5%ͩdu ;h?Ƞ4 INmǻI>h˽~8_H"9 `=n=VJC!OAP9Pޫ4)XM9/"@[g ͛H ?[tac{s>juԛFFqMP9YaRz8UޣQ#&2aWdOUw I{L&$ل"W~}`5E#OܮatXN W3t!688ɍj8[B~C4zx![BuB ]fBXuBq5XyrOg+l8E+q*[:85PڳTZ5(!%Т^uS/ [ڇ Gg8s0pEHpO]LߒOP0As.lh;4kw$oEUdXucy%5?sv b:ҔSU_ǩlx<]c?h@ [[Q{ s%QT?!Ӷs3)ػ쮱fb"ľ;_HcUB+2s4MzGQc"!0 wuqH`-luLΉ¨p,ʵFȇ q2K2,.ks(s0q縐n1'Vl|! I0i1p|w8~݃`rOzg߀HlR̓Jx͡r׈*G^IѫC.\LcIHC4NýQM(*Z]a 1_F*S#\dp ͒4ؽ?gz8@Dblnb]sg}D2"Ϳ@N|HxXv}JMa_‹ د_jA?&ÀQ¹E]TKP9)_Awln#=}kF}Nc7LTڡ2TM(K(9[”VnI4yۅ҈ /Oɲ7Mh7:A,n$-H4 LbY|u$)ga-SL[r\QM-B),9~&ZM7wz3mP)̌+r\ *{4w1,M!edIs~RkfڝZRKtw~BBվ;xF}$'x1\`STmEIpи`V_yRJ.?-Aax&j0 2y?j-qE /#T?Դ浽>C\\2dZk4t\oFgVS{ y“7U  gˀFvҴu2  cZd|>D_ذ Ta[fZ/tQx^V)4pf_ zVJ!˲=l.=S:9GuXT{rrPI 7%yʙ|}4h&|'q2cҭ W+X{T-R6~+O;iBb3'O1-;fPrC6>f:2DdVc)wFCKA?73X" 9%Gweqllo!U W%mg;Jȴi0EZ& ;Ep]4,>ٳ"SF_5 # =fdε#PMi㲜SQe+ +Ll9.%&BX NcxvFE&(g5g#PKT±sL&Pqݹ8)2"淾=u(ŇbNU5AB?R7+"FݢCN| >C߰:)| <9f%MVܿJ7z+H5r!{5""zJBicHRƾkËp 7 sRՈ/ʰ'F(x! US020aGN"yI,Cy5:)8v Ks2sB)|ǿT:%Fے+,mF#> &I`?CJtJwR'3]xְ% &uW>vVђ @" H=#mp,m|=[msE?}6-j9TzA/Xz修6H/'/i}?0`1آل!Fg~r9Du\]!/C29/O"dΒcJk hABUE$ ߖ7o_#{fwmMuUIWC>rJlQ4Lg2.SZo j[FZXv< ZLK;0<^1!XOٚ7[[,yOr(^*Hz0E+n]~J=mg oHW?|ф8go_ )K 0ɉb1ڇЎf1S٪lEXnȷ()Rg'm~.Է*lĪ^q<-˝&B&ZoR$њ MAH=0NM=B ɠ* f[8Әޖ#$}|Tm$}O!D=!>z~K|k5~3%/5 5:UT:0zjn+R5J~gb́]4-9,2KNIq&`sֿLcMNԆbι2o D*ˬD`(ptotܠo+RJxCҧw# ͤVu>BYGdiL-!8pg~R7C\RkFL%$L^ KlȘ=,:.gvV!ܚWf1ynVM]zAFM MH =zo sS1MGcZ_plL+="aB Q`x:O#F8+*XŶ7?UzWea=Be>.*#&?x\;JcH{Q$w!HqPյkx$..M<Tb1< mIH'-UFkFWw8~žk( D!ᨛ!!xFql6Ym`o"_w[Z ?Rh-׏s0xV[}%?#\Qb!PaHN}60jCQL4In`'SRpNu7zoqܚ[GǦ: bA9X8V^楰 jCt*+= c/ZPLh#0vsBǶv /ug WpTQIrUAo?lBR$'|2kVK\-Bt#+fzaSlOy~v ¸^bC>#E424nbykǤ>!;to@+eς@ mz!0tg<ü): 7O |SsDۗ$9z ?4TiQk, 'LpTTώҲLM{JMky5~ВdwW&ͳ gT@ڳ>'yQb 7*9L Cރ 7 je 9Y̴%M>ؗvkkC' t -lez@=u!/'<yZ=QSjN= LkG{$ fw$Tq5@bz_P3?ےq[I|Cv~rN;/?%Yy"-*U*\w]Dy!R^)A f90{ 6s6]ʋJcݶ+YuX7?9\eTxoʌb ;zmt)k2̔t 'Wa9)5Q kE1>$D"4 x~q{8KEAu y13s@UKG({Ee{8N3O}pϳ(-l廊 ͥ jF=WPxFK *&G$1hq#!iM,$.1NвB\[ E 9!=[dYZ?;cI='۞a!J9ktK bv%\z.+kʺjA$[^,H aci냔,7ijJSڎgziX]x^v_HB{uɅXъ'S/E!kǚ4J\NмI%E`5(qX^U@0<&cՂ?r0ZcT .{|̎Zř]M,JgVie7_.hZI(YW}+@˹,Rrث'uoi坓F}[54fDþOySZ]zOeb&u\׃qET'?%"b,mbX9v<4ºdRu OjT=EBR]e |?»X(!"I:=gZa7f-?aҫv3m~GȐ@ZD6":F^`Nj)]8%qtw:KXmosLyl.|s_/6̲8rY5Rlh4St|]dtvJk);H+znϠXSp ,[(֤,T8fǬx^/~([,giaBn"3L[9L·V[3O1=-Zo[3;RbC#% I7'1>8wcH BSϐJ yb*hk$K~@.q-Q.6`էRw +XUGwOD:6&.m j7]ڒO1}J_Gh 6#g'ɪ? )]Gj/г_*i~"pX,o3~cBj|O/vuoSv뵀 W9r5h6S\rИ",C'(H/4% {?Xԧx1Hykf,ptcC|ym=M1.%h_f|8f}C0w7_6vx mVJg,ι'iiȩrC~lt &C['f M8ޏ$0l4Ð+VXYR,hZW>UuEӞviŬzIJWt)g~y} lT@.ɑ!~T9NۙuUIS$1p8abh_%{P^P0XnpO 6_1/r\'Wے#^Wn-ݠVA Gu4 %QQq e9*B#<gn@);c^*O'03K z4BlA..S;jFQ C'ɻd=wH-*l-({x\NS+3b+[3mdBnZa\2?i%tHfx iALyYM)lG O^jP@$CL'8bNT:Zؿ*(-S0@f7/!#=UHn%TÔAzؕٸ05 k,bs0M1lgٖx'z;\귪ӱ&~N5!?Ijނ S#2ALi--\NcIWX\郘D$:9t.0j۽;݋z'̤H.sڭV3NR+5u˫^N(T.^):Z!GpISK;D+u46"x-.DKcc2(*J<,wJKԧX$Z.$l9{,,_Z!E/P%R_ڸQiJ@Z@w1 =hic4Կ#˃,'-v=b|dws,\LR 1}`ٯҒbc;jv g3 qL6? q,%Wku X'cSo9A!4ᄈ`q)OAe{e4F0^ǨҾbp!7e>c h*O;`-Z{~T!-uSV/*2o# YqHa/CV _b:l)}hJiI|79u%?BC69V×v6DUx;ϩȸ[ GaIw[dwo=* MFtfnL5CIX9@~;51ơS"Bljm WǾL==JIJS1T>"f? MVqdY+'t/vJn$K_Vpq']&pg,OWAOSƜB"'*fz4L*Յ3ab~@%;1A jb1`xcz&L[O](bvEJt$R1#E2sKu,cPł`k١DǤmPU0< t Il+a(8)OUH}6WNn oɿZx+oz+uqŴY+U"[LdݽTO_. -l <$ J^(d|~~bEg  F=U<Td>AQY؟0o&ӯI{gRW4mvR[=~N7 F.gZ%3+5uZAipL"?崠Cg*0ČrL `uDVM5uLיǍw<~&pEV6Rx\ Jc<s'.q3&='p C'}GHC/ZRQ AMD {5_*`y'1B;w_bsvG1퓁3 /^I+H)):3ge|I`!--.06@ 7,N-/<`J!xyS:=LO: ѥj7gIE׈aEeL^&'T8"zz ˯h?riʼ{]ՁPSʋDZ@ZpaE{,Q؋mߺ\-(e kIKO/ξKqlmy<Ҵ 2sj܍%/ՍtIjRyFXv8Sg3ʥУiϒsF8Ut> ~vk˕ \lƙ[dbJ]&=Ց3 ^ݻZMr$kYy0X49hH\-Q0wmRp ^յk,$bkpN 7Ev,3 P߶`trsB GwqaJN qujQtÊxj=S mf+B) VC[*QֶAf='oP:@}v[b4Wis{ _g>z3{Ûi<b&1k :BQ3̾P>Y/! >;{EK6_ԈK5Ua~|/'lF2e3^w%  Z}Se[ S:&85FtMcD ݏ.rFjKҵ̢ڪGRuVךh!("{vq!77jHgȮ\wUjˉv$=SB"5?kJC(>_@ ϖs)µ}/5G, t0G % }õӟx ]~y4a+lʷvfk */'=:z9}c0.cP٣[,ü?WߟgP8 W,}Q] p ?! ui^)}G' R$ I{60G^Ӡ8jª"? A^5BuԹAKݞ!,+m> ZH,G*MQjalBg+v:fػ+PT[lD뱍; B$$H*ն#UzUI'?><,;bnozSDt Qu0ь+UPd4 aZP`/!hs7Nܲ}H40< ќ7vE_} DS?˝,*>(%`@sCʫ˷Y2e|%L(B4nGC4/Fa2H 4:up+ ;6Hj砼FbH> od2ىm5:5 p"E[϶.?MeC@0pAYNOLAMt1٩]7EArrEw<ș =0cN\}60RyS{9, :x.^jpWV6 HLoLh%Ɉ~ p,$ ?ĆS-ہH"ff˫Q\۟8't a~42}9xDm~a̍{fs<+ fDEMlbds;zaZ $Ҕ]I/dx''SΙ” @U^o_/l2c:+jP*XϦ)z0-7|:;\V3 Ml`݂O$kpy`WWwoK^ІPp3^{(Fռ-0ޞkXbyըF%ѶH4nTS"dM*Ȧu89T(`PK]սF4ng)hZK):\˺Yրϲg> ?h~XܵGI@A41#Q50zBW`vmf(2xV/N)C HpHt"0yU{=n$1Užh8gn iE',֠U!D!’?B9a6Y1 EL J5hy ޝL+ɸ3S"!U.MzM#urSZEyH=KLqn~ALbtTj}d{({/"w._(xD_x@ WyU՗z^9Xɮ9C6te-bza|KKe`wP/4zG:Ul \dt:ARy=/&HnKgt SQ%_SWq9#Xa) 9Q<e-cѲ2qD^;%bNe*K RkM}54`|S1hE 2EbaC)gBd{twZڻ:h1ɘm~ vTD|tЭexVF'0ؓ"ěf$}Oc M&ɇ):QmOB&ۊp·,+,&X)_,9!#>QaҬ[ R 7ؚT͕u|`aIC/%uw/Z.{rt#Z+E<\]TCҴ/ڡsDc0x>jع} PT?Wp9=fUP_4HH]Iz]?j1gҬ#\4 q=ԕ¥8W}^fPd#rӨu6i6-~9qBs1Aӻk2l0yB!*Ŧz\I 2|J4T-~4B]QۿK^֦~~9EGQ({s1>,jnHݙK/d+r]cR 2nW@hw.ʅii4dt*˟E rv$c}&\:z FuI3ˣ4 kF!,fǜ l-ϮrVCФ֔ qЏu0NAR"AT )ԽJZ_>N ($gg~&5MtF hNB'l#d婈x :q ZnE|:k(/aޗ BL]\ .RY4bh+a pǩ [2 1]2l;s\zJ6lz^$jA&+ؑsjvZ+ ;mtKuEc4(QoU "wָ ܣtUڦwI6lpt^~3&(%~ũOow27=b!WÙDaOL ӆ s!JX#Sy˽%)2L--=eM.7P<.#`+eͮ_dQT7Y$4$f~+܋vֆ`OEbhutqhTЫ oAAů44>t/ĿUX-! +I480ė+7 p "Cq1BXdIMDgs Msx1bN=MX.>!jʇpt+^F A $[D͂=2ixiŶF]fK&R^ `l-xsm^;>r*HmTHK 9/&|@t] ;+d_K1]ȁ=6izuAܦ"P M9 *bxQh$ښ SuSAMQ%.R#twG@&w+kAπ.Ҙz ieYMA-_0rfC-Pf5?hs(ৌkN E0D(~''{Ѝp*Bzsjάe0nֶU̺>9;8L:侀&l z(Oux%͏Ow U@p=v ]yzV:m),jU~S<3 )ؓZY>H`O9~+Z0K +LVL$b܀GOZv"P.%7b7M^ >Ʌ'O~Y>|؞u i9Rvn#k.db|U6H!$zrWF8淈u~k.JJ=ve|@q63u4 f%ȞR@Y/7f>=Goʙj E#_r 1"(t}-PJ^b=3ZCi0㚕gۙW<GQ-;A 71 xNq0!#l8sbC2 ?%5)?é$0p;֔1u:p2Ҁn eԡHNUe .p l'B_v|D\SQD⢋}KM/񦛽8ik |\f Ħ辧TRO י~À[Ht&k F=i)t ']LUS8D+%hzeILAXB[8d_Tς 2̼mboͫJpy!&GoF1sNT(MU,en%~seF@&Ef,Cq9!DwNN:APK9Dd'*Cv'(uR TjZC]N7rOey+mU?aGN.RG8N VA^ӪcDX,7 q>*T1--|~/UrY=Һf3yə,x6|GOۿJ|{z}?΍z\TmWmMl84\ˋ jY7N\}ANsؗB& $qHXqQ|ȩ!(q #8Q69\{c"~tS.5\?{wM&Hg2uHDk kɄF ^v3$p&smn$[ҍȢ<|>-..)Kk-۞e%X8]hRdqOA@.+SF<624٬Pl{f .yEVHl*NUi6Ѥ:=#CF4[{@,n$gfEqPg걹_lmhw=]A][JBߢ汱,)<}YϧZmYT[ $! D{+=6<iέ{:L]_JOqxǣM w8sI'1Uv<\Ɏj+IbK;Oipꄁ>sv,5g.tO[ޓ2]W%/|2`X'GljB ;GdnE Y@wt(OIJ/ G}^QxO|9-'a[رlqpP68vo1'M/E>BLyZ#/a-z kF3o* ت Mr9OtOYXg32QRJ;o`5@yU]O~0&!+ |e9*1@.߹(ADkC2W 17MW}w4S@cԱ>8\s׈3i d^ftQ1zY}(Azqk5-2931HB</)޶(Ɏ:~b} p =-*A%/ )ovEK0*0|\ iL\KXe]aFuQ!/n=)NJ>Txqw::1Z?RgˠgwX}p6!2i 젔eT/ P(/O5:uSsIw,,Y+M%Vj>^`j9y]/"]h&_z$hďYT= tFŴ} e@ -X,qkts6qaK>ֆ"\"F:?LCH>neOڴ5_m[}uUK6xߒxNCtkH`Hn$u֯x_3,V}\E$,-.u/`! 9 l/zmCZ1 FxC?vY.d7{p ,bgWџB"(b^@1D#/md`~0PMbO]Ԛр &Zք ҟK8xCo?ŬjP{)_ Wdn*8ޗ](֗^iyPU_DZSy\rݥ[:xRߟ `[}XKH n|hlE@4رQ6ߕo1AA 9 ;;̇u eSC@2_BLQ@ˌa1:\b{n"0z!|eش`t$иTKg>2..3FQ6hw5 >6Uop*XXuI?hSuNLco{_{9_]p)*/R$x[0S}kΰKTKf5E% 8{R%Uq nv]9? .yQ>D!̧$=Bwl㓅Xt(#T*~f*"lsmCՃkU0㎅%boBy,+8hkwq`Wlf;}4zk<[|?H<41IU;G2.+#pqRvVGS0g8`#ByK)U'md WYh`+3doVd$18.'=C"ok !X:Ѭ&R&n߂X|-.Sh'#VWLt3z€xl"š _SF[ tn]t@<^H <oL;Kz&ۈSJKok"KL0n sڨY0Yu7r 'YgGU,(Z2P$G0yxA3T!Re)9L s6&๓.}c7!TCs9N?MŇEǔhLo8F Ci{zҩl  c>c Iy} AF8|.sqNCb.26ғ8':zgFzo5-R\\_R"}cD܆sf/̡7*}(O!7B4>3x6(K{q+w[7#PD|cJA!~&ּ[ HڶޑE1$}|0Xf<95W-%ä -=G|aKx9@X '߯d.qvaC _כ^ί.0J]sPJ/8} 0/ s oٚe%[V#АPP_SVf{ ~nmx#5KK "/3)816Y Uu[W4FqӪ3kA-8gbnQ˓i 2gEUt`Zk;^bܐMo7 VeJ稾2No{X1ӕPoCD47ůў]ؓ l&כְPgem~wsy?*B#='ӷba[]s @N}۵r ͈[obk$C_=տX`nOuj4p(_VJ< UGػ3fyCo//V'&G]r\:$&oiG c/U(5)uGW#1"kuK!H eCtC7?vmk ^^l"lgC@^hq5Ti4p:Ip J O?b]UCW%Kg\N(r&lTa>O-3`o&)NǡR'”ckK\& o1N0'lˍ8k+3R_6fEiΗ+DYD".=&Dտ MCU`S*0K'>қΗn4rT/X)ny/zk>T Z,ưաky1mZ  z3n$ +@ *zMՉ, w7 l1EڞZG;PU]Uuܑq#A12T6x=U6HzWg1`VyxlLʍJY4]ۨ{ H%Rl9*Y?>A"s3RcKf3HԀ%m Q~K)GՏ;L :ֆ>\ΫiQ|FP5I ,Vy#ۦ7Ʀ. ٝNdOwg?>DU򉙷/EbHUwR ạ̌M/z+ioy`)LT://d؊^vHSN~: sb5@3H;6m-E-t(BeU'6OC|d2ק (5&31V bU9[:xWLrf2ԟ3^qa9dr FmK2i h2*rQrŨmabNurafꮷeu|OZ; p 0"+pG)  T$n^2e68>|\%!wmͼ>C̣ "% g^L |-*lOjl.eEd}C 8Do,cA؂~63݀Y^ERBB#D+3؏aK+Shݜ3y54鰿<η ƝUN4j C1J̹Yސסc근kn oͱIjx$k/xsyj@ "=)k^66 Bu$)\8ӘOR >1tm'#3{,ja2]kg鐘y 8GvӳtAʞ"]Q:֛X_v:SPN隘 Saj{7ڒ';E|T{_3^(['-)̰V6M\){f~Suߙ5dPRO ڊ+ c7HWlQnܛlcV9OVP< 9.7”fr0d44#Ƴ(Sۓ~t>`!cJQ!LK+! c}/DW#gS#K3e#hrkP[?h&5|Q 8u 2{|Ht6 |Mhը3~6H7}(=hA7 S4R9ONj#Lf?=^Ibv j$szǽ GbOnNfPIAIԵdB>s7{[<q8If q[7`H@^{a:Y3LidjbeF5~O= `l%4(zyW^Fo*v8A\Mi՝7vR&ceV4Z chy2_jr fMG~)S:xD">Tڌq"MFz(>=fRSch @_AG5:-9ǔ$^j#M̻1R cC0"`SҤԮ?_bjHё^/XGkzA/UP ØXh$H"&fn"K[<]1J7,z2+??t>GҧH- U1p4~HQ ) ڙD!eKu:f|CK8*Q{PzW,*ȷk -zUjz=" d 9XyR>co"\$kBXN-hlҬoЭ;Xv4[]M̮ SC nC}dfQ0$>\=Lj~.w}ץ6I"!tْK?PnE"\ 3v+sY[ehu,[$23A 3֋l~&rN1Ғ,})|AV9P $Գ4v`(H*E!zthУ~wN4Ymf1̾sfg< qM-4x31#)<{)|VD0ѰvP\Pj\>iaa61X(]S-{k0.j|bm cSSn1ZNh@( KA3~moITw~*$ iʷ|κS JZًCSuWrcmSn I0^,d8.3BVht9!-LL|E\]UxaM#m _/Z Rf~"A)w\DU+ruA&$8g)mO@_rOr\+yAb) 8?6zuShLifR` 7]b1]@R띊iJ8 -Y9, [ ۏV1/pӴ/ioK(RQ: 돃0/j ѥkVa$h{NdKݽeoH==\{a=>:?21IʪC~4qJK:K|yʍKbS"(`?]U>ȆTV;AbH$#+OXeYGSrzL_BLX ={l2X Z~"}g!3D(5E Ⲋ=i[MJ[Ҙ !O}N \ߟ ̵қ1tX /ZeDۊͪiÓ59WA{Mv=ڠz5}u=`bck$ViŠimI)b_B%Z-,CI@w H7.C;D˙=ՠ5!>l }]o' Ls ]F:&%RVs( '0^q0ūos/T E^ܧ:.mH#!so0q0lGy Ug{ylg:'&8Bm"qߨ\xaNi"8aGL#N-oi*]<&,pވx$=xaWH ;]u"no~:Y24V Sי|aހyUZ_ڗ-Y=qńfh($&#:Ԯ*7*WKB԰?W^z;m8{nT`)t*xmHn`JdN6{^j<ц9G]iwrlX>uCܥ_R6F[ ^ 3bwq3RQ,.*^z x6ІK6S#~zЙ6t7<"iuD`F]uA=ã( e YZ