sssd-client-2.9.0-3.el8 />/  A1---//dpxU]tpQ]R/6sqc1_(nM.FzYH@rd^l;}_YB9|@2 jZJE 4] Ĕ 036Ϗ~K@ rۉa'.09җ CGΎ&Sh!~JJлJ~U< K|0)ʶ_ OIyDE&>.4pzy`崹CT_,N4R2A5TK{i JzT,˼Uōz y V"(\PxF4G%ii.lreV" "3Lԭ81d`xl. Vn[_y 83V.X/VzٝNQc>$7 ~z-DR7A>N./]R5ܟ? lX@7&;J-kd}fe|g ,蝕eb61bf16babac3cce13df5b1201259423b2796815ac8df6cf5b2c9466ad6bddbca5870668151063259e68a2ed15826b8e75391a10302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500683066023100ec050b8a8d06d681949553aabbeff2c550b40939647645bfd7ab5989628bad09665d3e6d278e7178b1f0320242e5157c023100a3183a1139bf131deae3633205205ca7e4be4b23c67f83e65509851a2b27801a3f259e10dfa93fe3ab1bbb6b01d270420302047c435bb50067306502301982eaf25acf935f23a4b41910ab174490a24431d877648673d242f708f5f0267ec31bb72a3723f8772a10c0ece846a1023100c6005bca0562ae061b486d47005d462aa4df1d8d72e569940622570fc1575be4b447d65f63e04386f7582f7bb235b93a0302047c435bb500683066023100f8b693cd2d1185393253ceaf1d1394d57ff269e897ba36b731c40388a2c22ffe26a665be1b1912fff5199f0289a3b16b023100e3efdd153418f17dec6ef0550cf78a26447a2fdf0af112044ac74818e1b51c980aa74a64dcbf1fd9e60f1511a7f319fa0302047c435bb50066306402306a839aa99ae19a242715b6d3b3402a328db29e8b1e3d1167e4174442e3bb558094854af0dc978a7e2c5d3868f408d89602300a8aefa64992b0128e1b7fbe026dbaa677ed4424a9c15b5019878b5ecec1aa7fe1e63225929af7093c679a93ac7959d60302047c435bb500683066023100f789c270c6f0306a7235d4f97444a6bc0f95869ab23e8eed165f93377a7f147b0b0df8b3dee7febf6d5b0ace8c8d3c97023100acf26c7e3d28fc8ba3c6e0d4d21387c51455700fb7bb73f2e166638fcfbe9ce48641b3c960899f13b9cee0e919b233b90302047c435bb500683066023100bec0b8f5af6abecb5009e5241f2fe18119cbbc1638201eef74c98153632a42f6ad812303e11f4ef461aacb0fd5fe45fa023100ad4c7ee8f17e80d00aba845fae3b63a567a4fa70f22898af1158cc692894be457a055caaf165eeb508ed0d0f0955c9e30302047c435bb500683066023100a50c5926f2b2d9942ec344ced37250b0319790ca4d51f0c670e20425286e79785c9ca54e42477aebaa3111e63d10f15f023100c73e4470c545c2f85fb4fb3ae589e9ed81401cb38164c00eb412b6a882aeaddc3a4221108769275f6f46f7e2e0e4e4ad0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500683066023100e3bda17734f6716c8bd1354170a0f490144b94f590a4a0f73400f6bf42b1749d9b19c6fbef6b81c0de770a1a8cd82904023100a256cea646c70d346da43a1d2f3acfd782a334da5c7c322f54da57231a3937499d8e3f3a4c777afe918b163e76132b1f0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500683066023100f5043a01aa5862c2f7f85abef3b4dc90d94693f71673e88cfff435d1a5b951d23d090d56ae0b9212e20153ab1f1a9e9e023100ed597ab22e9d8deb558a4a04c049cfabc44d0b6feec1c72c7f5e63bcde05b0b5e8ab15e722d798e9fee9d4fd272ab54a0302047c435bb500663064023031c6c6669bd97ca504aa6535f192161bbbc5dcae3a7bf8cd7b9fa7a92629eace719ce36880514c7e1c9b2a3acc30db4702305104c45b9f066ec55e2dd79211de4d3d7da70000bf2dbc9766e0fa6ed41bc51f34c7029a38de5032c45fd1bed566b56d0302047c435bb5006830660231008241cb25199bc1ea4535d21d9575722b98594c7db4259476f4df8f3be28f6ad0380f0e229edf18cec5e776c7969cae27023100bc4dc778d0b52e8af0d6b7cebdd5efe621771c37c88f1108a6a1b8f8d73c67611455fbf4ad4f7d65bb6de860e52845940302047c435bb5006630640230189d6524ffbda80436f7af5fa6ae71667a5406b375c537c9333d7ebe11c96b4e361b2f3de825c293c3d31f567a8ebae602303ee804b7613bf15708518678038aa1f6d80d973b9c98b417dfc0abf14f04dc9feeecce0b4d7abbe2b3442e74352f28cd0302047c435bb500663064023060dcaaa7c64c5f7bf5fe7e1376a159e1ee7606ce974542f7f19b6ac9a7bcbba7433927038d9baec47a4830e1a36b349402303bd89ca1ecf3b386adfff1b10dedf939b105e44a36951701cf89777cd789b86d7c478842a4bbcd7da5a928b16ff2de5d0302047c435bb500683066023100f3dbe930ee30166d28c49e9fc9d7864eeba19386d1d1c5f18f571138b1bfc6ac4cdec72fe85ad95000af6061dd6319c1023100cc222e925cbf6a8f078f71ae06c6d1bddf8affb510c62e5cc385541fa7e5b57b996b7d4acb7ef6770b99f2c863b13c850302047c435bb500673065023100cee8ad2775e5819c9689ebbdebe10df0851515c9cd5d4a9dec197cf5277c384a8dd78d6bf8aaa42427b1922b124bec5f02300c5b7bfd0349306ef9369654c0cb8b44b3ef962f7fb55d77acb4fec0f44834ace160c3b4aee1b5989742c762887fd1590302047c435bb500673065023100a32c6ef06a6b8a9e4627914fbb1ca798a32277de8b051e0304860ada2e74104ef4ab74d871a1abe74be53abefc8b109f02304892294182becaad13a5d2983331736c7dee5cc1d75b18e81eddde7a01430345bc3a2c29044154d2aee04faa2c6dc4b80302047c435bb500673065023009d7d30c2b4afb4ad841c63f35bf36ae7e4888647682c89deb21fe6dc6581c96fcdd684dc41772224d65a7d4d5a3b3fa023100a2691eb3cd36313b5c02a4aa71515757a0702fbac657f292966c5be93cc58fe414cb82c3d53a7805d7d1c4e71bb062a60302047c435bb500673065023100db2b4701087f2691cf32ee520e618ec569c1db213eaae730625a750d63f2eb14ccd49512b9f250ef0388069b4340715d0230744b3afa451b73d55c0a4dfdd10ce466d4dfd3a20d6436c5201e7d8c45c3e45bfa711d2d425fd4bb5d4eab83e7fd864b0302047c435bb50067306502303aaa4180afe40ad0056fbe9b6789c1033fec1f8895c2acf8018d4ada5c79f836210c34effdcba69ec7821b01ce72ddf3023100c5af0f1b4bf4a42c5a6c1cbc27d85389ac48d6d6e9f2f7f164fa0a6b4c4b446ffa301d5070a8344a1cd0ac5db9e4e3930302047c435bb50066306402301b3560455e4568a3340724305766d2ff1b3395cd6fe61751ae1e6d9b448b6751ad4f180eb8051730550b9316f2b724f80230219056f2f1da5ce24e03aec8ad42d095d9d615ca3198c49555db838093a0a2a8588df4b3a64fb2f4ebf24e29e051c7d80302047c435bb500673065023062ea6ffd52acf9a51db83f65b486b84d7057939da4f86e4e9d3a4c6c1339cd629ae93247a87cfea8d5b1179ea2824403023100c4730a77051016bb5a279a24ce55e42ea97bce3c26964d7899693b87e936a10b1cab77e0eb9a00f4c38d7e0dab4813040302047c435bb5006630640230774902acaa7cad265c9137489782f18413592a7f7f2110335d9e3aa21a0696b9228275889e161613ee69fb904fac3cf902300222b194843a78fd1c6190094bc3f287f3b4a7d7e93f972ee63a77397d94b6c7561fd44982e07740eaeb926c186713b40302047c435bb500673065023100e64c423dd722e7d0539f585d9aa6f1cf11448fa148370df6dcc1d22337d35343b40ecb5599457771ed4d58a05ed358b302304c0d6e7909c6a6e852d9e5b74408ccf27769c9d7ea27954340dedda27512a4465231d85c37bf9606cc32898c273d5e1a0302047c435bb5006730650230593ebf7a92b5cc7e2dbdd5d08a35af84f06c1a9e480ab2a71d398db08a4a56496d98a22a5c4152ecf1e86f59eb12491e02310096255cfe32e100f5e560683f5e0549bb3eb390f642467823af9a175ef259aac03070bb215edc95debd6c7471dde1165c0302047c435bb5006730650230725814aa44d6686361ce497c6b22a3742057fe3ecd06d22cb1ecddb44dd0f70d727eb7f1d8715cae2a28960c8bfcec6c023100c1307e04df2d8e522a6fdc8af848c46350c143c9e1ed18c940274087b8b02b0075adbabd95dec274ae46be9283fcb5590302047c435bb50067306502310080d5c1cf8eb7480199226558e1167f6b1c74d9689f06e44b592e1fc055047d54fc3f76036e736e2c27db3b8c5be1b623023077005bbb347a26f684e6b2cceaf0ea3de49892feafaed2bef8020866b758820fe0cc04d2b2f6d2f99ff8da020156c03f0302047c435bb500673065023100cb4bdbc10bb3a8f8c5afa17e3cb4a43148fdf1369634ffd1ab9c20f5dd73f059829204a730e1e1edf7c74a55eac125b5023072dee1a3bd098c2ec53dc913e067bfd3b7504265456b1a9002a08e20ea66696f1ff0bcb401a4c30612728ffbf178b42adpxU]H FEVfDzGB|%@"h=[z wɸN;X}$N(_ʒe4VS5@ Ϻ<~P;YF{P4$avk~W±7 Bd(BHTbIsH:/6~u:d2s/*mҕ %Zsg&pr˨P,:ܹIY4ThL:} ;jx~䟩SdĹ7i1eajy\&D<rt30$n9]gX< f'KfDg+1㕶kVVZCތsiXItʆ.OfibB,?Th.%'GҰ;0gjG؁P[nS??J6c1/1UcG(B PrEi2 \>`A0? d  @ $,411 Z1 1 1  q1  81 111\###(89:n>D?L@TGd1H(1I1X8YP\l1]01^b>djeofrltt1uT1vw$1x1yICsssd-client2.9.03.el8SSSD Client libraries for NSS and PAMProvides the libraries needed by the PAM and NSS stacks to connect to the SSSD service.do4aarch64-02.stream.rdu2.redhat.com dCentOSCentOSLGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxaarch64/sbin/ldconfig /usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so 20if [ $1 -eq 0 ] ; then /usr/sbin/alternatives --remove cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so fi%)2F@%-> P h @K F 1  e | ;  AAAAAAAAAAAAA큤do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3dTdTdo3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do39b4681b8ae0b59dd6e7b23764ea438379ce8cfc2bc82cf20a4bb938346a9906e65d3aca089d1799c32b1d0098df3a39c6c02909340d09eeed57fe9171be6aca29b2133b55ca1a0b177932c5f48471befb09d823ccec1c4a072c95b1530e17ff746b824a06f419d925b17b8a8c55a7d7ddd06f1cb40562516b1711245c0376f6c44cb00686bb5352507ce8a5b32c57d07f6c8ebb020470e4d9118078d3b64efa3c9db2e198b442e3a24f619dc2044ae4b60aa38faa7769c25b69a3d0eed2b08425e531aafec13bf9fd4b5d7312ae8e655458b53e3397c851c5e158125d551562cc2a9ac836273121e4165cabf046fbf1d8ad275b8a0068a7a0bb8fb755f1960c88ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9036c57f43c939054fd4b831f271a14c97a488c38f98cdda5e887c5d396e3b3bc5865f8ec1077a66b8023bf9b3f0c6cf1b4290122f58b8d94d43e553d7c2902e027e8fe7981a68f79662c4137146a8267f7f3d67ba2cc8df2f81e574c245728a5904e6d06f961938c6cb8f867f7b7ef8d6bb654fa7720b1328855bd2d41c2d8e62cc286ffbfeb9ee185087deffe15902a2e7245996b57585fbc99dee2877bd6fa10c2de3b5e7d1b346fa8041507a08e5099e1b3dc835c50e6c66c969f5222d28deec5e39714bbdc7869207f91f34b05582908e4edbbee31c05deb0e9314b779cba3dca746c97a6cdbc211544b795306b25d870fb07f25cae803fafc439987c5e31c71fd1e67da1da8af8d3eac107ad961ca44c07cb73e594a2140848d2e9d0013ac15ad72896c832a391ca44ab681c99c8cf5512eb054e08a9386120db3cfab32a2cf3ea969519fc4078b3a4c4e4bbf3c37c548c5f0be4aec0f9a47ffaf3896111e0777ce4ea64ff69cf3c1b93467d3afb5a6d98fb40ab21031a078422d4f4b336152cf4573181b1a4f5d845ba414700668c6ee7ecadb1ce3b6485dd8194faac61dc15624271ea87cb4ea12783883758f09e714649ff952bb4b72ca820d7736c2ea9af196e2be32f510471e106ccedb0722392a61dee72ca627a14236656a6845979b4704f111080fb9376d0b0b9a424450d00a4e6154775600cf6dff75f0d4c0c37502f1b4c65a13d694cc4d319ed31fbcea48eb2e3fb2ba3c385b67f37d0ee9dc2796e2e2b19d32ce9141db5bd5ce49888b9b20ebeb2782aadd182b8390627e95../../../../usr/lib64/libsubid_sss.so../../../../usr/lib64/security/pam_sss.so../../../../usr/lib64/cifs-utils/cifs_idmap_sss.so../../../../usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so../../../../usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so../../../../usr/lib64/libnss_sss.so.2../../../../usr/lib64/security/pam_sss_gss.so../../../../usr/lib64/krb5/plugins/authdata/sssd_pac_plugin.so@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.0-3.el8.src.rpmlibnss_sss.so.2()(64bit)libnss_sss.so.2(EXPORTED)(64bit)libsubid_sss.so()(64bit)libsubid_sss.so(EXPORTED)(64bit)sssd-clientsssd-client(aarch-64) @@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/sbin/ldconfig/sbin/ldconfig/sbin/ldconfig/usr/sbin/alternatives/usr/sbin/alternativesld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcom_err.so.2()(64bit)libgssapi_krb5.so.2()(64bit)libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit)libpam.so.0(LIBPAM_MODUTIL_1.0)(64bit)libpthread.so.0()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_nss_idmaplibsss_nss_idmap.so.0()(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.0.1)(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.5.0)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)2.9.0-3.el82.9.0-3.el83.0.4-14.6.0-14.0-15.2-14.14.3doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/sbin/ldconfig  !"#$%&'()*+,-./01esrurururusvsvsvsvukukukuk2.9.0-3.el82.9.0-3.el8     cifs-utilsidmap-plugin.build-id17a164d7e35c3ca8b2defc42dafe9aa606fc1e77698b47a6ed13c9dce5627a2e93db97e9c32c6d4bb758554387464d53d19237b5b82caccb1a56d86f0bb41c7e34d7027cdb812a93d55273e951d2749aa4a03f6f56b02977d1fd54776cfa26dcb5572ec342443cd12ec43f31e99996f24c22fe73cc526cc596f93c6a5cb230e9774154a546507b9d87ef36d7caf0653da702d2ad9e9d9b4f2a174637f355e1cifs-utilscifs_idmap_sss.sosssd_pac_plugin.sosssd_krb5_locator_plugin.solibnss_sss.so.2libsubid_sss.sopam_sss.sopam_sss_gss.sosssdmodulessssd_krb5_localauth_plugin.sosssd-clientCOPYINGCOPYING.LESSERsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gz/etc//etc/cifs-utils//usr/lib//usr/lib/.build-id//usr/lib/.build-id/17//usr/lib/.build-id/2a//usr/lib/.build-id/4b//usr/lib/.build-id/6f//usr/lib/.build-id/9a//usr/lib/.build-id/c3//usr/lib/.build-id/c5//usr/lib/.build-id/d7//usr/lib64//usr/lib64/cifs-utils//usr/lib64/krb5/plugins/authdata//usr/lib64/krb5/plugins/libkrb5//usr/lib64/security//usr/lib64/sssd//usr/lib64/sssd/modules//usr/share/licenses//usr/share/licenses/sssd-client//usr/share/man/es/man8//usr/share/man/man8//usr/share/man/ru/man8//usr/share/man/sv/man8//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnu directorycannot open `/builddir/build/BUILDROOT/sssd-2.9.0-3.el8.aarch64/etc/cifs-utils/idmap-plugin' (No such file or directory)ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=4bb758554387464d53d19237b5b82caccb1a56d8, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d7caf0653da702d2ad9e9d9b4f2a174637f355e1, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6f0bb41c7e34d7027cdb812a93d55273e951d274, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=c342443cd12ec43f31e99996f24c22fe73cc526c, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=17a164d7e35c3ca8b2defc42dafe9aa606fc1e77, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=2a698b47a6ed13c9dce5627a2e93db97e9c32c6d, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=c596f93c6a5cb230e9774154a546507b9d87ef36, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=9aa4a03f6f56b02977d1fd54776cfa26dcb5572e, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix) "*4?  RRRRR RRRR RR!RRR R RRR R RR!RR R RR!PPRR R R RR!PPRR R R RR!RRRRR R RR RR!RRRRR R RR R RR!RRR R RRR R RR!utf-831b39781553dbd551e942e7e20d88cb8763130ee26dc8322d441f5d466e1b62d?7zXZ !#,t] b2u jӫ`(y/+ @~+H (UDrk%!O%,vc\D ܽ>C Hj2_zbIݬ!=S|nat8*"vIN&:M?4\ h"uPndS 2ۇunm!1J]gֱ&΁ 1 f7T/!眄Ar܏uOI!Dy]j> TY:[FF;Q4?Rz_|J7 9a9X I'T/R+zַ^ WqS ߥnU(#7RgzvjmV_c,$jdW.ּt _)H3c~0D&8!;5wxi>ߵ~^oi9F#;/ku)G2qCfb7HXn)z[,M{okSۼ 8 sCh+U_Ӂ ]kg4]MIt8}fn@koظ_[%97G;p0F׫@;!З/:P{IS:M{\,Ժ]_QG5S/yR,߫ ->.* ы& tl0 OZ.޸oSYܭu_~5&RBC^G׆$ճ9hր?nlўЂB=‡眭R/LGP.4Aq g;%څ UftdL~WGK!\!2Gk y Tv:zbuP}}c46ŮglQ#mS$mfsmzVĩUvJd(mݓ6ce%^N7GqI1 ^g9j#C"=^Ro0hMeOr|yehډ?VEJXaDkbp;-XF)-RwL=Ң}&IIH#7 k2uC$#:ɧx/ FRG"ӖUT>D?W~0/ hĠ%](_YTU@6(nb;T#35UF~N4/_0Y%V'cDy51>(her|7V?VI[nyu>5eaJHCAQUl}FY0Ez:{)wK!H`Uy]/( D KACA솤Xyݓ+v/wܖ+T?zPF]a޿O6>C\M}V CAAUC&W\(밫qoHTIYo<m&69C߰ ?S >u;w=vKpkz=AY N"!blu"o`ڡHLH&W>IS؃ tDBp' }9%{)DA?Ib'jU +qR{45suB)d1~QY5HK)@o5A͕eWMvlw0#E]3GG|+wF;O;M0]a!6SSmͱ__::/Yit[T dnLPD.)uNl69d3kjНf*ܨV81vC\Z !ҞF™rӪyjjd,{|Xe"Tz@#HG@h<4c LoP4X֒\̳9595l*LVLJ7swie9ȼ%h,m7K? H8Zd%B[uW,Zs;{Y\Cq4#8[s*@T03L "p%gvu.N??g&[O__22ps2Y&GIYZ#,:$N-c-ZB\2v@R(&ۀ'xSn jԶX(qfBZsKCD_>wpZ9Ɂgk܀L=)zjy]L8-O0 p.wpyYUsIvvr98sy'őn?dJ5G!] p䤜[ƍwv=yxD @j97'7е>%[4ٗNOߏdVG٠l5")|K>iFu*,WK\>فC sFF &J{U4eq`N-՛hSxg \ ~N7D죢dmo%d 9ciW o;mӝ{>Mba) |o^ج1T?[1PK\cӲ45R4#_Ω-͎)qT%1<;+Ùu]ݾ%p%Q$ YO\4A8p8UN=K ѽ㌛^C'3vvL/Еe{K.*/w" շ*sk*/~u.2xT -fÖoyMn #T~fin"P - k]>g6n>̣ WL`_I! MǸC'5m3mf˰E_i>5|.*ܑ^QfM58 `N6%fQX k{q Q'v-u2l)2JS/+P_ăC/geon4Aѧj+wiplIY+S'CI L }c(rw Dr!$,1${b.ǎIzHh[0wa\+rE:XHJ.$d7Q Re8^e`G$_$_3 pL ̓qč -f8%ta)&a5WMirHkhvt.2H!CۘR2%7/ AD3aFB+YʞUt4rr-#<ΥldaɶE0r2bf@]\SDHcS$dѱ& sbw╈ qYR"a@h6e/Lm⟶H[Wk =-L0%<2] LN- oW! &u9Y%O+]{gt p]kZޑ|L(`ju := N7K0 F%o}L}5X a .w@[EN[!HuvĿ\S{+yxns>FYwv%4c'ٷΞѸ}yn/[K%'7“dc#BmBUp,Dl!db>zlrgX([@ f솰;wbݜRQ݀/|gjƴyϳqzuI"0c1@ހ[#$xk^8E6G&cL4"LS>r|v"Azesl5ؕ˴ {uUЂ602$({WQf&/+ ʊXc5{70zc/*.I=Yt#6xQ/C @AN|ˋ í`b96bn{4Wbvs -,oprBt_3Ƈ1a[!I1b#LSHqdACa yH|$0Ҏ kYv6F<"$lȷCk(zWvGc7B' yw9JF;jN`NoB d悶aZ-z燗NBԇWOvCpF̗JV>w7a6z}ykf͔W 3¹uxOotM_MH _iƗ#(FԽ_ XS!B7 C+#dn, =nQ惑9buy[]O(ŕ𮚓!Qq8X++7~o?!ïC6-\I@b0xzN;).+&םf0i+C4ჴ;[K~@lus]c7[%Z+S >/;o1Udu3^iu]Em2_R-8Kmi"@J H{Fo_NJfY/vnG,,?CM`9$u'퇈σzy k WXR2k78jҒn@fm_rܜa(3cg7IԨHnAB~RBq?,YsʺU- $j ^/xO2y=y8؝fQbޞ<0Y @.#[yIe_j61rG\+pVD:6IWa`SRBkgͅi2w6N0g-՚Rvr TJ2HSf1a43濤H3TZբKPA"Z[e:HD&3C*-)Ee0/E?(7 hb;N.Zx\ؖ (8 ~|t x1 Nh.aؼP?[v\ 7)?֛΅۔ , .6KLq9>A(T֡\gpNY1u҄ D|9ՕDvOgAuhI>c;FulDEkbni FI<I]?iΑIÁKhs0X 8xޔԁNN "7O-FʩLq'3ذNUerC2As8oHXgN #15~#gf厩V͢Z(2ZN'{ `AUN;Ex#Ȳrj}=U"+_X+ɬvѶֈ_ KLfrtw$pq(Q Ax\^Ie@ԇ(1aRbҥ8w8¢{7Eߚ)[^EN7;xJ"4VY՗ mo٤؎$N ITLFSC~! .:E.Ar2(yZ]{D /) 7QA)AkDGõ۫&l 'Cm]&(}-^gZLNa"# U6;eb|Z҇DM:>P wK e-p[Q`١v>aʯuc˃Punt{#]Qz۴چ[J("p7\IfQ:H3QNj?=%On sQ p9a? [CO u(7+B7G6ɼ7R?EAƄ AO_Ǖ+ń+sHW2 HRO%̤oK^PX{ڼ1F.DdԚؖ@0AkRmq!b"PYwh&\]$R|i}d*NY\bqLBmaGMxԨ'CdUf,-ԓGPyKJUB^?SuN骢0{կ~\ueڏC tj:MGk&ިKRA>_W\Si9IoT(Zkp<^0pRNuGJf݊[S(xJ"C%l4L!ʚ%&#ܮ8; "Fz"= 5|@_% '{7XwmB\-ˑXHLY쮱9n|x)D.\C-(RIJ_R'xB$3  BՖYj_DoxS7;i$oy^3xv(bg 8 XO WT2йqf`NGo? nXʎ ܫ X,˦ uP5dB;.7iZk@;^rNnchpʐu2Ű,{@=Ԁ)!I |ї'pPb5y\lȽBDM*;2_/ .1ÕZLљЉKIP sCw *i\P 'ۀ3TF$B}D!X\)2Ѐ8xm_ՒG}Ϛ۔~^'ntX\5c-*ޅb5,(X& ֱ^u.hVP+j{_J+\ {]3W:bȽ_>]X+D׊ޢap]ii B Z&# %B-kɭ?2duXN)Ȍ>٠-<ßmd.|SeOu] CӔ6Rr x- ߖ]SG^V+\Δ Z3"ST-{P \Ċ,j[ pW&IG]0{y9'8ⲛDgPNRORuuL*x򢖉NJE+]-$b9+;Dcr `DӈF-VS|rjJRݮKV:a"vbBYG &<'qe~6xtdsU &BG@_1z_g LIw\12h w3թxZ4`fzdf9w^ضp7z8wУGΪ7 {1\_ktXG*\wZvڎʄ_.8rO3. uRk󝆼cMN S['y!Cc!'䃂S!c~ZHP.*b4&$ЧHtTDnsVn?,J?D%p!jp|1w8') l15u'|z@_-Cǐc$ӭ"q .Sڵ`G'ݍF`G 7=UKL`jƌ8,.6#p%`7҇ +z)LZ*Bb v' ȋcf ySZ{œ .pTKy[\8Lګô #0:-DYIWα6m>kg4m<>B2!?F@ nbdzB28G+X.\o1_NÒoITcb;!h` Iܓ%938g jfEb*EqV_k Mzj,d$hP-Z5Fe8ƕERi#a g\2ݘ&EYhy^',^K3EN2<%f:xSRWsϯ7:Br?A_KhiakJ݊ U D?#VfKO?ސ2F_E}Ձ=_9#@U:\pc-Y!+j>j-D-@zTJ,z:3ҮŷR-u*oL鲋 uaInK[ڌp vMLw;Ajj1(U.?q2OVJD#2 d1LWdDx,p]:鍽(Ca&{*q&l>3jr7WoݦJڄYc!=YUj<eKu^\Y1gCiпUwǗ'CpBtsxsb%Kf/A`/K%}eqA.q-8>q>)? 4B$.67L]jTdPRK {qGw =q5G:<1._ ͒h$\7卌d>Q;|# gZ.C0A]>i ,aa"[9Q,غŸܸ@pM{Yy_L!ᐚ#  &aٶH^o$P7xԜ ~Fe#]uX"uĤ4.|Ԭ޻{D10ow  \[>LWk.#kގcC@*LaNٸcԉ5v\G< ں+tE['Qh_ O W&?=4fKeUWD#E ud'D$|mE^WLҧ鯮;/"j^Xa4D2T u>͵f1wrhht lLNO$i$Fhzr XL$HZPu:sȥ4}TdȜ1-Jd0 rbn/[֎%T$0;VH`E? y~ mzov}D($[=6#p@Zó1 'i Bu tF3wL$aޥ#HF@\6.WoyQ)=otF蛥o,'J>luD]9 :y,ِK)qs_vt4IbM)pMQ=j繙xHПcU9?Щy YЇ6ˠbA=e2ȓ4fs;wH4(ׇNr[s3UL̍[?d߼$7~7%!W˚쁃3WhBm}a-W~d)|OA::2|o9M89J8$= yTr6dڷ*6!^v\1&17,?K94;0:u@ӥ7XC +d)*F:ENEz[fyONF؎ X{ԛqyeXsJoסo@q 'D3\>Hӹ!ڙC!VԄ󬽲; wRHJ_L/c k P C n nxٹqA=JًWXȥ@,B`gл=^u2^iƫ׀9)%.d=A%6,1Կq21hMA / \f蜠݁-#]/V>WsϪCT7:l(|L>.kQ1 |㖴peoݥl¼lHs(>+2ATހx u=!n= }۽=9,Ye&kCP%zB\!K߸h累Xఝsˡg{nb|UIQռE-Od\V8.O0(ty$ˆHk|l[}d04yfs A\f_ևThlrU9XMpЄtUA=ibERI}Z }tm ΥXJudV|Ṭ>F$<T$gA;6Vv4>R…)KD3}҃'FYWj߈ӂ90LfYQ*H7 Yc~6)uPEfRdig_v9 v`svE{=+7RM.\E⾰2<1c2!>G9h7J5Wo;/0"[ҢݛI(Ea c~$D("٦#CC8d7Y@K$$p e@,zp+dO(grhȘ>Bq Иo[.v-n!~aFರ٩LcmTF.}vL9H#UEU559޹cY9FnwW7~0l`YJ!iS' $Գ+4v_$t2o/W绉DG!:Yu=H>-]KU3' Kgf,AϹf86ʶdpoPդcA_j[ IoqtP[ZuwHefCsn) 6 L p9~0*!:K.Tfg)~ك#K72j+)]p45M5e,{2T n럧\2T0/#c GdTX4nǍ* ʞUnM?u(ND%Ow2BJ}vGw>o,C7V@.g;Rzq>;/[y0VXѦ*13)/i$͐(%5)4z8LM$ceǵI~6QYKh 6 Mz(^~ _d8299m"|.jӱ]jxbLÇQ.CҏGԌUoH@I߻$uyb?+"89̞wS&uOteIiF:;>77OՃ"+Ҷ1'݆Q׍I`LQ#zi7f)FhNnZ(a&I %t:N7Fx(qLWDF3ЕƋ LKVJs76h{M&GW Cgz=!zvL"\B0*xW翙+q\T]VwAH;[Vf^Bԙ!v3 f3֡x2g* 2Nh.`kŵ%+O6ICV.\2c=7Re#X*t,AݮTOV@):z"ci Xӝ4ךPOSl޼frLH."iI(mYY޸Ys _f'=yp^`W ͟KU2=7&gk& opd&=]EpSKX`VܪRnNSf{a a[t2.- /*t6} /_n*ԅLsg+!Gi :_Rz(Y <;B'@8>vKCj[^KwobtBh!QrrgB.qO@̛DP ="U8UP{hfNTՂl4?LE4 bb|P'ȒԊO.XmHay9>~J]X3eyBlIA\y`NG__K5q"{kg^Ap;*Ѷ˂8%_.B\ i 0mRE4'ΐWBf(L 5yד/,HX{Rf3 ᲦE_`WGG<$_h9!5䬕\(,bc>o]e_PqH&FT0={I? V>Ǚwll򸮦kN%mN'A'.,,b"kRm!kx6EvܺsDHJP ]3OCC.A_PR3 kإ|(\َ6-dfNdlf?Gºp TmFwHrbQ-HE/Iv]"l$sԗ`2̗޿v%ˑW槆Ix5 &n P nu0%B | _ٸ±)W2u K"!#uD$~ҙd/QO7\ ݫ*_#pJ\@ۈh@4z2XQY!SX>һK\ݤC@GBP57=,ZֱR'4`IV#s(!y)L'[d#ܟƕbet)v"ȉYUAU1sN?IȴZm8)RE^%T䵁1}t6'i=trJ xL|ʩԍ=3 …1:t9X䥁GkiּP-Sv팃Y*O  Wd3"NTX~X[u/aCH#/L@uV tD4D EߕwoH\=+ n{ X||AGax ŝC.3zu᪗ӆ˒[rH ERA( _-3%p+gTzsl"Mr.dh]?Kzvt4d.6v6޽9kG"%Ez0Iqm=0E@87 m!0~oq:o #B!O(g5h TFeP"6MZ *dzJ8·jyg]ʍ*}y3և5V$ykܛ` ,bfGGԂP^0 gFO+aݫi7&S/3$;q#Fs6flcjsyz:N\bh'sq4/"i'N$w)uEA"28 A+B 琝0IA'B,yW\ LP sPǩʮYqڈVRQ-'dTgez†\`O,|ڏ+5yɉA^^ F̛@Um+j}sԳ{.h;Ku~``~a,]S!ŮVbؾ󓤝L1ZTRK+UQc ږ=e?|DB9 B' qbw/ewV* 7̋z\3#I96$p9H7e+;T#(KdxV:˲0CW ‰mPp 4'~u٨ݜ@ӕ MTAwWPCm3(5'܃ԘyWmbR怢fKg 0[yp۱Y5Ѫ!t1.}q#=fTd?kla;3s? ZՀ P[7-7)#JZՆLsu/)UUx64l۠"x+l6Byx5R2针ϒx6H1Qcna^y4'ԽW 3JKߘ;N_2ߏ3SܡtFH_&35\viTlo:M/Px5xE!l7j~fv`^Ns7#zV"gwBm ŀ{4~TN "~C1?ZZ1Bpl]՜j[k+y@wC&xBiD6{}g c6ȚH^;9HU)dZm!\/ǧn%6JdڝݚȦE?tJF"6)vGg%Z`e e3cB"PfǸ~wF) wow@|c%iwdϮ@vVk"TRatvT'R-{lm&-Xa-PNTqja_S+6:> p} ۯ\mmҫqpWa\m2|ԴbwΧoS\8qf J gw[NOFkZ,"4@$a.BW zE-BoăBAeK}4ExS޺tԕy2XĘ7e)=C mٙJ`-,^WhAvQ؍c1"Narc+h?,=q˒RȜ/ uhc&_˶dP^4r9ա0zv&F= garY,\*;!.۰ti]s>V$ڲ y[?z|!{Z8#ۘG7|ȭ!E\l"7+  #Mt#YњFINSY޳?j`˘w̖F_b*%{Wy଍qb 80 ;ڡXi,ŨN *N/:xU߷jW԰]CcsԌL/7L~z9!85{m1(x &X~Ymws,?!: Ң=ql}U父hIDfxZVDV &%r \c-M1/ĭ/H z-R!ESIe*M1N[oTGC*ңg rhVVuը B\[k6Z%.H[7 0%Rz 6 ,@nNss>f&3+ʠRyd߱1oP.9HQ[| u6~pȱ穷aszIiRQ>VH谥nȌ)_Rmڀ+IFrxaޝ~#Gii41!g{a2@-kȯopI|fߵ .u&Ƣn0iP:3o˕ϫEh_B.f 0&͉8mXE\Oq"'5d39o'APk.J6_*ЕրO\߁ NQ6|!J)_pA#LDZ~p&/2E#mJGm+ CAӋ3c31ٓs8̽3q7}RnuJȲJߵφ6BX)AWr-V!Y =h/vQ\g&Y!a2-XP m?:J}c%S|`"L&5@I.IȎms B5[+0]< W;9+ {^Ftֲ6`M[@?;ޔd0ځ=i?k*^Vu]Ur+ `c9)=KV'-FB-oʶ@-;QgV[Lz,;0՛@'y,3 A@P #O:u*Qr dW-v˱JKA^Ԃ`sMZc35`K]_' <'9{{B%z 5zU#&3K6*zҘq1}rޔc3 T.Ƅ60c$Fw_>OŠgz⊓jcBT \D.6rWfJroR('3ɥWq\p~?"iF~c7ghhG3X$ZNjMqsfM81FNr,>2 D$3T{c0Aݑ+y]\FYm/,~$mMt ‡Vq!N}-tx$3 [t$&Y*^}c0 e[Cd|н;eQ ^xKCʾW;78M/!>ȲJs`Kw/+uxđIqR [!'o6!ENG! ^e'`Q8 +21u9'~1ȪUj ^VU1:-W0LMZp]gsͮ(<0 ý~Yzp}񍷯y%.I\gn܄)>!; ,`Vn56Z閛HlSXX`v2!9cL/[ubH4c]n ˩5nOe_A3$_p  lq5y4@]Q2r-h{qdI- }SPI5Iw6Јv {1, ˝-gJźC'#ߙƎ1b$`e0@n6 zM$0It2BR0\ ?Ei(ُ0=>Ӓk( h5lC^nfbF)p<gHAʑqliC-$խo#γ*id{3 yI=t! d0ȞO;yۊCiLlMn[^OU_ qdlɐ)[w {$2#}nP'pImeH ThXS%~X+.[l5ġTbzd3NBwf߈>]OV8n1Nr&]İ9.:0}`̄?d?IuƑtys iPw&ޙA24C P긚@7h9$'2>`ӤxwK:K@}E >T7FP3/Aͼ;=STGm@;?=+1.2] .;h Akn>EB\_G#H(d|<μ Wa12 hpQr\.*oz $׵sV6!%!s ,5%$a*$ 8&q$AUvfnMut҇g(iW0gVM$))(Aa\dy< ^RPzKWE "/W6ǯHe2&{ '9bȎ)zTLW=s;\8)%_θYm1ދ;TH;\27\ ߈&{_1$ؑsGcqcɝczX߄bcyyhB 8! $B;IY2MHk5 2YR͕.rs)a{HZmIZ.Вnwa h94^laFgEv}`ASĮa"B` =,ňX'{^j̛ʌ.j5 }s~BmF) Zmg'tz49?az  d_=PԈVzd'F@}+*Dz7d> FcՖ*2#iS!m酖,oMS'r}*J; yL X;߃[c5+*Sb6!ZKY~vuL "gC5 ;C#Z tai v;7,?ğ>8%^[dԳ6䊲ݏ#.B K.F#hsL+M-0:b%g|B]LcXHП)DG+fMT\eDsCIHqV^nczt+:W.*|P'9G{zW+4_ź-e-quQ N^2p˟ G7s$J\Ovzc,#iMyNVu2*igRu~)7hˌ%,l؏f&Jkױ@K9-w!\XDi+tsr[8Y^*g цAze&!B]$B [|>lcJ{;fuwIkeɹdPQi?+_[ڪpB;=+Z$'8쨵/4jweP*ѭadd) _܊[3D[@ KaʟwQGe>Y/VGF_V|'yY@CC>`~>O)Py$1oY *#J,QKMe&Fec$g3gi}{iP_V+2[6@9# -W/[Lv} !塛z2@ C-slA E|kBPkxgd)~C߾0fT}`KnE0T{/:9@lQ*E^T{nyWX- h;#H jLJRu6gjh/RIŖJHe%+VZ]7W~"ӈ@ɊJXw1mK<-{*y7|cyʖ~F*+EzoYܘjJ'vIʤ?JERpH%mJu1jӧ$44=}(BSS0ŷ ': [- 63]4[MkG+1{i$D֙J^dk]vud ?wV/$̱0N"0_vD0.ItveDDQi3Wͮ4I&OTM\&>IE޳)vX_jF9G*qʃ.q ӂj\xt)5UE^s-M9lA2QSxIUR#VfeUҙd! W8p,iaӂ*2_"y]kvf,7" rܮ2q=%C:>?NowA멕i\|8A}ѼTZA@~Bz.` -e赥:)ƟS}4}'XѨ fpChv[-Yo+O 69t}@ 9J/7= g*BM2^" ƺ*Gt$}X:|Q&9$%ʄԽoY4%x89[^gRt!:PVbبÌ:ko"(Q̙"Om|.poV{07"7p&6Ms<1jDVaHmjY&I]NWHQ>OTIƽڢmG.ږW6ƚcJTi|8UPΪ3 ̓H7P%4,x`كd @4{Lª1 ӹXO [-r g;`$e$fzz-؅(~?5w8ʸ.iES WmJ!X깮pN3o յ式n@F>/)>(CAƞHb^Ω,Ư0JA6 N|{j`4TbC#3'H^?bj; m:%_n6;(+Sև޼ۀ=h@؏4ia 4MT;ۜ}=hJ^l GG@V c4~ FK:x$;'kLm l۲bMI[e2q2;g(gJ.8m@|Z=&n@g6>]C D7'b_[Hy/<[x߷@HRRiQZFLf4ϟS{5Sb8,cZ{Ձ{mVABgxec"!=ªlz|d}XPԗ K.q0/?i:okUjU ntdUpʥ0KmӨ.gv;{"WUw2rr`ͧ/68YBk(Uq<iBq\alQ]֖E&I8d{xyrr,å?Wf[UL_R P=D0w6p k䤞 e VRN&jp}R@gr u4FH:]5j&Qd$z/SuRg&ނ=gcZ7dsN9״A .^N̵ѼfncϢA_xy#7 r_[X㔳Ѧ '@|쭂[޷iwrP>U'"`[-}'^#ή>צfڐHqœM$Lȵ}|4+ϕUrr{G'#h0ZAJ9Bb>*-wËy!Tg=Pߤ?%O}> $v9#HB⨎Qޭd7,MTEW,D4ƺXUf7ݰtdW$g-)5Qp2 jLq"*J\c,7Zs)Nᝃ>ᱨYo`TW֕ \!NV wc R1ӶMANd3MH |Qp&&b&@++[yʰ>3H,FZ'4O/S89e]>\>sb)iQS[ܔ vàz3rG7zt" _S)^;vbhL\>iK^-&lM2K+ddjɃp_qoSCt4{Pݕu E, H*eVrZ*t&a@WN?6 -Re>%;bkbr: eOMZc5[\FdR: Si_(stSs ( od:m1޻t=`u!lFZDR}oKOMOM5NN-uP?¼9&uoG x*6Y\0f;, PD9za2[Y6Ģ |,.N--;ň,h5it ;;BM2h ixU+ WK ]4/<7:g\ &dII{>!k@y't^"=:Iί7DRsî } $B4Nj1lWedƄ_ŻTG1ņk8xN==lU_IjN}_xeyɲT^8Tь] kG&/U&+LޟT7 iM~-3nrw?0WPX5Jj]ţ Iǁ;8P `3-i^J_u҅z }I*jԕvƤ1?\^n,b틨Tߝn0O h!%Z%h yyzp#`I!lyJ(IAYDmTM+Tލef'xE⊠XD=$"?qwg$~Q{ y:S1E01xqm?tj y|^G\ L)>vDŤ7rh| nTqM{\?3L9:n/(>YU/Bn_EĒ^0;QtJ9w0u*vfnnZJ(n槢9g4I 6+T#ڈ6}$en 2  2loTKɖlMcŗ9SL72oZ==P #2F|F>T%݄*)1hʀ _H ] ftZ9p/΁ܒ$?tԘdcnȂ&~9fsBr]Vܘ<0M+o쥁@,Θ>xԙvl2%tƐYkK>/"-J<5yUxxWF`ozU3|*O)uKt;=H}2ƹN qOcx*e)efӕ~mͦ!ad֍7ԀSaR䔞j5%a<teZq>Lz Sխ<&fɺ!DF KѲmuT^$WJA <.g&R˩Rȳ~N qm) ^zQ菹UDNB38lN;ҕJ )ՆMPs wQR dKk:r}Ἢ({E9m{Ъ7%c,G U̜ YcFfՏc 1?ob tg! %z llڬt'yӭ yd~wnH 2Qa8Yq,)"$NPi*tn;kr'#UzWܞgUt^i`I9R5SrBW# UkmecӘ n?/x!+8U~k sъ+bMw:~>rsY矞Y8 Vy@E늺2lCHa42/BUiͽwu:(ʁ(!o]x-ۨei EpFw;n6a>2SG [h>l~m|ZR%ڋFaј fB]2b,9Y<.XmڅM<3qEfD xQԗj$!`>: &Lmʋ^E璹A_2Aa콋~xYWS#^WM<>*by3<T!Бv-K-rk/ݦb:"PL iu ]0qcXдouHH絴= ^ځtFp2L~`KODA?|V+*'Jsj "̈́  %<[ jp9a aP5c>N1^lfjVfE;2@kjz?g?^vM!'d,3-[9NH|7Y&l$FK~z&K&LBZ. \~F#K 0ܺMf}Yx t#OY@|eʗF&9k]Rd+ Tu鱥exbLT:'TQ;4uEuZsVv wPzVQQ *oТ C+8ǚi_MNv )9m.[B00iz:&Y(8/0jVoߣ޿Ɩ3${?]p nBZx<\y|[!;O7}ýKljxS4,K+"9vǘ 䓐V@8isKnpm&ʩ~z _r&LpIuC_CjG-ޝO{BwB3'5ldXɼ ;9݂ڲtz v{zm8dJմpWyi5 }A(YyJM#icJٞ b:1Mx^*Gep\ BO7Gtoe!LHnQ9K(̺aG l>Kb2y1ڳd<%@FF-$d1Jf~4c\nGʇ'Z>r0+UN %Tp656/V*oR#n-wWtb)M/3ٓ0> ?@Ⱦ B]bVX6#Տpj vp*J'.JŮI_ Ud!]P-T0h">Ua9Hcପch| "ܹ1;XYm0xVTrhE l]u*IkQ1|dsbye9?.S;,΁QIQ'Dgw$n>kK#%*C\ 193)^c3$9C>J7<}:JYcxÁG]J鞛APGUE0cnYkd $=U WԷtM8+-4Y^rPH,^8?8!uǘ3Z+m֍>ψj' fs1yʔ-k3pD̚йJ9eWFvg-ʼnb9o mI^#:uO$97{*EDw&o%ÚR4r,F2&if.ʹR*tXuryUZ^)<2}FtxFY(pUK´ 2>f W!ҫs BBƁFMn-O 2歿l !<[M:qCFZG?#srDMF -n'HQ k&n<_ u\N#gpMgnC.'[ ؖW ^z! *U|}o?;3#@j;k]w\ZʇEnS4^ւARB"`DD#`@ 7М%l#u/@h>C֧ }ݤpN'oprq T_z9uuXȈNS.Bx };8pҗrON1pdO #2YTN;H|W.m?΃yoW&cL|P\xX;>aXƫy*$'9Źnx֋,Kzn[ܐ/ WU6ݓ8(#G؃WQIWƅ{ l `BEʏuƘ'!HLY\E=5*P^D_a-JQ 0EEIM[eR* ;I1Rߊ{ -*9Y/+jȇ- F%Mrۃ>g.RLomibzl\ΓIk |yů[fS-̦]#Gfkt/ D݊- ׃?~s3tsy4i>IWj- #-$bJ`%09=_ޘ{ {~^ Յ\,"ab~CAE^y#z# #ޕ&tdVDth6g H5p&2j"Ca \Y͉ʹf3m`yɺkx t~焨9-3ker'bت!\谤zНtvX!NŸO" G:FMe\!2#.1 ?` )٥d埲y6tkęԁ;4Bt~y\? qƺLҿclUMaAqio%L) ˓Yϓ,D@ɶyWrKvdq跹9F[JB0Stʤk@#Wd Q#eF?fnIU3?Ύ 8dDA1BBPe]rro7ﺭ3,KSD3TN% i3ѷe" ü\?dZJ?-O'R>!1XѠ-\_di)^ʫuq58_EVR3P)n֏˄#JcXK n/)]0/Ͱ+G.7N2·OፈglOgb6@nk!]Xf2R i/ x*۴!Ne5I 2)ӊ}& |uw  ,oDcwT7NSKa?u6:Č$!i}yb*8 F /.HMs'OgzzF Hz>sl5*#şKr!n>4h=9tL[] &F&Eg9ILgKr)B9CP_ct;z q= `%4?N{F~dwBYs0O_po0"=&#F-?,ylWd{$ӊssuՁT4z`ɝz` $$#,k/8"57`IKWW;:qr7u[D85/xQ;J[Xñ[eTofQJSIs Uh,B?{.E:*ڕu&_ es_eyd@@D~2QJU 8kSX)>+ ęCPddfH[T ˫b:LeXKT_0 Ls"Fm<[EjN;  ]lӋX7٠"Y}F="-Y b2)O{ #p2A9`]ܟ"!3Kޅ`s͂q1sm =} >\0bcڰE~H?R" G>Y`Ú>.<P_^"+t9lbASOGк:/gh O`pÑ+ el#lR)S҉4 SG=[!HM l" ;&B(13; lՙIْ֦JvܓI;mj z[NCGלR[u$!*?(.5{~\$Mǩ7EfoFv,^5/;?CuT>01aN=K#V~/E?<e.>֠hyhĖr 56kkd(I]YLwgeU~S\0kj:>e@ZP@ Ce}u: ptǗ?EQ}TUrv 8c^DYHfdvM;&qflN#8!}fqT5SrbRU@5v]s,kCjy8Ay`\23^Z w % >K#-] _;l]0%_ۤo_cg\xS'),p Qm3,,\ $p8n Rbĉ`BuN'rVŝo|sVO piu D:3uLPfv$8X$X~i;8|c.M7q73i(23!tTz^֫wJJTGI1`ʽ:/%Z{n>*vqz&$VE8Źb K!xfUtwSK9vQ6բIvہUӒ.Ԇ+`lmŐqІTVEgq2p[L}y"hCC|τ<>#CTV|dB0QI\4dBigUxQ(2r;9,FdŠ"WCbM>kϑfqEkEx@iytKL.\Y?LHI]gEF̚ ;Er"u~/ s&IgˌZ t;S#h q\[_5x(9 C"ǚ*2OԓXVY bMGcbL%R"+wlҹaѲAǠR 0y[P_L? )`c/f? A4Mic0S+Hi? U˘}T6VkKop38k 1E狾w#Xaܒ dAW6^v*OK2v"3t=zkQ|(tͰ`"mG#Va&[Fᮐ!?=;+M\;)=b5JW0* bH`>M^86g;%D0 .@AS"$zQ~w<)Q0oq^_O Z l ~ZϱK4  E!e'pB蠘0 v쳨x;s›tbwRD"GEGy6JOOz R RCϙŝޜ>^"e?*Bug@sp*o;J3'u po}0)CiL 9r-oz~\lV܇l^00x{oEzwrq\xܹ4 {n"[X)P>n<&t3n#Ph B~&ލC»C1pӝ 0zKDsӮZrɱuֆG%mi4X\s)"RVGlQBpɦ!mh σ~_MҾ3ꈟ>yLJ#S|·-™ b-wQ+]㴫@h}qurOOLT`KWސ@t2-g2gܡąKwVoF|il4`h\!U:W [ĭ LK} ;s.0)fIV3D&iuI-t)3܋8Nċ{/j=8W*>_9C>H:<. VR=ԏ*dJ?ba*ҹ8g'䰑2DMKԚ7!kFpW?7H d?6Zvr;!b+އ-;,g~11#xn5mP"_{L ދSۗh?T=\!'6p.= \%qr~ xѴ."NDzrS$+巔.vs[%4mxNxip-f0{942Q󛔖a~97yVojs&W%L҇kqvW#}*pXTsw,Pؘ*ޙB` j˙({ IZ믙z'_vY8\iQip%JFeӚW w .iY̌IՎIWh_.Isu^;ovrK?"1`!qߴ.ou]t|tήi8H|L;)s]yÕDށ m(o@pvta dwQ'y{LD #FO3ʢ^V` AoK#*`^hĆ# @uS:Xȷ5KZOw1c-~cއƀ,Ў"h%pc4KLTaQ5AT"4JBNuJѣ*7 dJXPmz9I`YZcX~/1E:yvc"6 Z!egZV>SR3wsqK &I-`#;1!H$ UJSH':aJaXF4c P\+;we&j ٲ/q?6őGm[,Zu_*'X4e* \93nsB3Vh bPN4|z*qd'GaSA&/ji]28d`~Y6 l1c˓aN:9d88b: 4%" Ls񄆕"F9z2dbHhDp3z.'-#ĔJuﭪ&rF. CNpG,V8T!nV韫ة+~k`}-.PsuZFoLj%._Ӯ xN uer5B|jI|2vzϊ5i{)23>.so lUn"vE'Cηl]_&Q?L= wƧDKڔsGڼ1P̼4H ;)`.HH҂]VXq-s kTvcH#[mqiID|9?C۷o!fBz.t}A^I9]b ?JLPwaNFV8c_ fF+lV1Bè tuPjk=Rn4CQN.vs,ϜecJ͞jX =cOҋo%;bK%, 52&hD#YvOad` v ZV{&B)HRիo`C(/lA{F)53V|Z7d.WTt"kQ\ISi7/suY:1G bx1q9 *,dF\?XFaP6 c1%bq*VX>NSu+DWAW0Ο7w e|Wa.V*? ( 9+I6KU}'Jږr''7A w5.dM[%!^f$=dȮZ%^Aɗ~OiRԓA@{DqEr:՞ٸ>^\}qk 2Ҝ'OSk/݀MRbX~6H:S${ +Vm䑕2l:ˠ \*: f+ش^e͠z@ׅ`p'0'C~l|k|$_Uxܘ7^ɜ\Uָnh$<{p?. C(v~{',0g@AWFg xR |Ы3}OIHU>[ȷ{ϨF2%hm--4 NxkGƊ <3ȐpE$YE$Uc4N#递{H{z_|jq2six Ru헿?0ӻ8-bX*|NVd8?P |͔8rRh glAJ6`K" aDl4.^pz&f5{bT1) )إ+ #$Fc*y}/d^/DgKk4F0]60J0 8j}(3 u1@2%[ R LJ!U@5hHmuX֦WEVeK}806hXF7^!o Lˁ9]n2kB–6~˥FNz^CT2G,JЭaGx`]IN*ymKJԷZȡ~•zDe N @*#q>^amy Q|4Czuɔ]xLlR8 L|'6^" 0CFzڰdOsӒ#~c㩗gXS 5(7rc9bdkV!\e#^mWt/8ǹ^0$(J:Q-|znݬ~!!+$^J΢f2zjޛct ](8;QN;zm~)tZC3lv")M* dS;ӹ@}~ڻ\΄b[BM'J X7 R(Kl&?1WVzk?r^Oieq_X6`LpXRt;{X֋3}a: DRwݻ1*Q>WfWNs.JuoaFjl T{5˹$;۞-$lk%%OpF yd`Mސ)qlzUŏ$O@6$1zDB~$řدuS%E^`i!-Y=؛տUv?Vo/&Mfi]VlL "utǠp +*ħLQ m|tscD P;k_9p*Gl0%̡3G &.5&xq.!+'jVgBxUytBWsl96 `X^X[Kاʔ:?ڻp 5Z66U/NA4(wSei ZgbŤ*R:!!*@t 2mؤrJdu_k #_ p*ň 5ZѶo^`# O|SdfYUN%JG@:IMwEF&[@ ٞ_БkG)jEH T)Q ntI#f=Mu/+Rx׺L $Ihf=CGծ;;Íw);0S.E5nyJM Jk=ZX 6(8irx'r$ ÂGƏ|ЌPl ;u3?1LsHy^s9M}e\Oh~yStsoqd`a_-]wUFEcKVkXTw"׾k=p/:I~-'cQ-qN|c[zSCOVIA$ Ԫp0~5YmTl2X(ax9+oX]͕:N?Fܐ+*>PmEZN8u1N?0vJH5Z/eaKA<‰P [fPCYj|ڼM갊gij֌&䓪4Vg> E$K\U\1Yƿ8^5y2CM"uz8W:X U;sSh[UG;FI cP>_Kl[ 'mmKן_]us\ tI`,Pxln]$g%ħ뢓5pBצE8"maduP'D#o@.=dl"c[8aCy~,?8Jȴ#Z)787R@$_Z=po;A(,CRvI~hGqa3͔mAE| +"䒥M/ PZVK{MS?D7\~"\u2+=+4@_}!lKJ|@x5p"ȴJ3ӿt23l<?I#DP{t%.ۮhz(/3/@.7bh rP;DgT P3mR+𰺳~xm7yV1Qn-?+jq^$ veIh:1%⴩B,}DrTv4I,y<*gIH:/vt(+ 2nH(UB˗ ˄'O-00<$ S}uFd4 f+S ,%R1 ]AMsF'&yMh!;G1MfѬ̪Mϊ7Uߥ6Y<{歊R!pE6c=mkxo'>=8.ngT;/M(CMhtB g_ۙ)F)D,U7iJ Xٝi~pRu)eʣ}OT;GXNWvN+9_jMCL@gniVXՀNO_#au3.zx$SH"c C3 U`%΂f iإhS6{* /^頃$Йܭwa0T(es|/6x눝6g]oԥ}CE(U;i]B8!Jd5RX+)Jaa{i.>11٨0ghW;1h=v_ o)\Ǎz$Ł!Ya*8g>uԫ4l$$L;1f'gQ۪}9 Mݙ]a9g@#7S6"$mKwG]WbNニȻYJcs|!K5H@9P@]亚LTk3 @bc{9eiCMx+HQgGj&8rl:Px_NxlvrUY]*] ~M9=r] g9{L*ʦqOj?ި[gu! e&*.yx+| ;+&5eth~NF{sOZWWff[>t5lVĶًJJ>x y5/2БV N{&rN0n CdJn"y&3ٙHb4-&<^ׄ.|f^BrIDl\}Ӽ# m"Y\UeHՌܝ.*f嵳2,8Y7D?^1lD° s_ڒ}6,Q_ Q6L2MC 칼Dvl{~?i.PS^Џ"9[Ug$+p{<*L*ԛmiCNc,+mduf I;U.hрdN$p*S[M$E^|x5q0MX6~7F3VB2_M<~u\%"9W emkcntdxįp"<#ǻW3&΄[Vt-= xi߁NƋk]]w"_U#fw/."ʹd>mDʕTnc[̶}6{Bb}1VMy8ei7~sGe0\QHArh83rEF2B v{< b`OHùl7,*+Ҧ<fU7 ,14=R夞n!je5 'ȤA[{7AsRm$-Ǣ:S{[j4s1+`FQrȹ!kh}ErkcR+_{鲝4o`4T"Dy=7PtҊo 'H+h頌½xGxtůHd) PUf.Q?kAڊyN|4x-P2 `Lg.0m ;w1 NEn ẁ ߟ N~]"串פlLU-HwAY#2H:ӾgΩ4͑V#v|u} 4 T B?z=p$u߻&ViZZiE9nȥFNty_E$EllyLiI:=1q_ WI<1G8\$⳶5R:-8[OZ3rlh:1@+7IօPY}(at'.Xƛt0ZmXÁkv4 Jn8P`$46C $ɕ!SoaGu6Q\l1M0qg `S=Z84i+Q:n3W?3ً_fe\F.7Bnf)g}ҍ!N{Ľ[[^^#HW'4>͎'ut_[iؿ鳯DR~^W3WuuJSNp & w ۀ 5RtoN 6ɔL&b EG?rUbYU*۔;&6$0p63'+{#|3_~wp p#@*àYcNfKi7DW/؇cx&^Î }9ok&AR.lEf(4{_L~,v =`{+!m"KxmE^t q`_T~G;vnSu]? aDg+Db +j$Z"Ky #ILeEIey"'#ʤFO zd)Ԧw?ɈvaSv=Qy t=1Cᡭ)V&bI;q>XK~8pްRm˷=hfKԯWm9FR QSV]P+hABB^CB\y_{YCՊɨ`)8SO/(語dqw2ЂlAs[E^r̵x 6-J%W5,g2БՅ *[ l?jr T<0j3 Օ̈;ù@rW8C{Y)J>eI+nj2[f}9I7nE_ 2xLϜ`B< Иꑵ'K([ik+Ͳˁ4njg}4IUĭU"K'ȭT4TSK8U mnLsM8 sJ#/fiU,bmU /#'ګTHNҍEk#WɰuQ o?@}dɍ7Z65BفOmÐ)CAĆ_.^6GkB:^no3^?6YYZIoK~-lj=-L !q;RU}͔9׍ˆ>? I`8 oi0RS‚AJ)ܞ5[0D+"c.ޏrWcHD᪃ɬZ}3Џ+ n˒pK#\>i \{-!(zeqmG ;l z]8#Uy \-cWiMuIVs-AX"3"`{vH[:]~\d.MIgYgHPg@sX0g` dR?Հe MJRry[)I " C ySԇ/Z)+1 Tj ؖqp1PIv<850Pfz NM#Gi<߬.K(Ncޢ72Sk: 7Ax4[]0*1v݂2[7NXݖf G mfkZWc9Dd@Q.[Z}9qvTHɑsI6-|c(#4>ft\^/9 ?+O%շ1hnCkѕ! JM2j mU@BBHaEqu7X3-YmkxmP7F|f=8NE]^u&;;q[\X| 2m Q ojܜt`my;!z6ΉlvhepS'~xfRpsX}rpNԤ(1wGuK!JVߵekZYƨŏ IMWCaq Ze] !>R 8̚ iK$䁯hXgF!%^;yV&&'DH5l"?H=UZΙiYgbug^\ㄙseXgx<BP3.;ex+>GyrxG@u!cD}|_ k!A%"z&a &5ù&:b"R[>hr5g˺eRl%ܳ`LNHp=4sԦ}p{sE0Y?~p;7JPCbgVD:q)aW䚆B:F5 "&y=}GCQMkpC_@1Wlz4S9_`tgYe**xMlE 7~6/>#=_:il2+XQ/~j\40śBr㙧C`8J[ؐk$5( bI?}F0'8UZTJ_%G4_Z:"CbC/J`fN%Mώ\eE1$k'[*9?Xa93lt#w}%Qe7ws{HqdD06NN KjACI'eݲ|\8*2 |MC[U׉"Hu%>ƱI`1v{&\O˄)+G[n nSMՎPyU`*LkW\~W$"-ۖcXԟ@rNgsգi?Bz0a DK_c4q 1 %w-ۙCI9IbEl H*|ŏ3+J=Vco'BY<e Tﱷ @S(un.OJ-`(36c:D J.3"㻔SH͙bB!67B vXA!c@դ $FV\- NֽɠW6: 0^eڈhˠqAZ).a1‘6lt8xE4*!,]X@F+5 QZ}K(/~}YꥣP>d%:;*|V[sms7isE05\E8\= ySJ+ьzyilě{ Yo:頗 Y?@tCu9*y{6FD 3J|;?b ,6B2PO4ôZX8՚O3Gu¦E\6i =NB?7k 9*[άc4RTlzؽMӢh]r^(ZMgBQxgy& Xv{27 4P|N]fw *io 7҄l599? @Hj$Kq[4 FB $sb{LRX42׉KZKH{Ї#l Sa1)a }ٞ\wd^2fK XhPN'kʝPU6$k]Ƴ  7(,)đӻ1*dr 'f(J 'Զy Z9!;O)V&odYڱM( bn>g%Z QwXG6#-o?%EЊ ζǪ/*kJK l^Kqsпq -2Q?B)]B-m <_A5xNE$_$ G D6>L2$)gYT6(S2zjuFe+IX7W_Г Edtu Z PRbc{"e?xX:M9K4`O WY ,<Y퐃N61KG/B$Q\W2Pqq,t l3d !?/w)ŸG쁇p &bfYI>0ː ޵R'/xgvڃlhv'B؎m 9G./ ~ѫ^}Ȣ q(Í;KHzw7τG y+j.,-UX-ZqJPI,7d]gj}llku9M<,4(;YF5i2I܁ ]T]1V[`* ij*@{XTr] ;O'HKk* FP̭6~A ]KgFo_qzһP67u=<`1OQw|@8ԃQXO1YnB,vv!եP75phOpgǚ%?[Y4PlSC̋/nP @qD/P rgv| !W>R^=NWt^_Aʙf*El9$H%©pTFcO~\f:C{dLۊ4.5Bݶ^ڭVO'1NS<y#4/0V=z``*A&{k|R]d7fe<{O.IdPG9Mv)k**ǰZYSwg`Aqe31a^*= iz ;@(,%!0: }827wCG <v`H|++H7ag^6H.k7KR+[]]. +Odr)B"W0_|RLvFBFpi#LVZ`়]z=vyP68վ1IoSU,]ق }ԊȒwaYVEh1jDVuViJp_-iXLbgRL ju+7@Fɻ?^V4a1-op }1Хy8Yb6:ɸ\&Iy!aZJdkxS WF#t% ]"`B ӶgnexbXVm {籘[ӣ]nT?kH u Dц޹^mzh&_ p J#'<\b.%XNyGTzs:|W[Oև Vy} $,me~dK) vhʰ8+?8>G319Jc "jv4O7)kmz|JU:-[^+f!pzEBr%o*`l3ΠB1:xk2 .,uPH=g>h\(q_vþ`]2v;e$r'y5>6D)r4wmE ފ837 ૎ `o Z^x`.)閜(n- P4a2-O XnRJu[\FD']=8{`Ѻ'+nZ:nu5BWlLlOUT F~cY.5#N/c1K=?G~4RϪb5uzoW#"]'܃SD4bN.q@R$ak85̵K z.%FĐE#aSl~bk@hGٔQٲ RW1'&2tJ|.{X%ƻ Vy>xkÐcvw)Oe"-Dae=}e;no> K9gMg_y3{֑\6$ϝ-≦4.J]% 4#Lboh@TQbEp9qr {KqΧN| 5F]cn)ac9[(U .Tx MW"XՂ0ed0ShUF :/H0@hum)"{pO8ߙd)$7$N_4ML[6-2dEF*Tˉh 5q8(`\"FE^:0`vi=Y.$oxUgm_V=%J"WJ!b<ÇV td:]$zwmp/AߪM&3v_nd/xV -d= 02#~0WQe5]+ThݿL=J8^0'^ܦ  }Cv L>ס] ӱ{`vwWb'{JyHIUu_E idjWjcw\Ÿ3ُ(X`8AG[l%ο&3Ջz?)(K-6qd/Pn`;?\yW w<$4֗s9&F-6FsLN W(cܛaxxagN}L9+OsИfAo&[h#))n\!* EC|"m) ~~KOb2F)4X\KiǮ9J㶚1DRlxbR3ԓ29!;͘|[dab!,?ۨCH BV;cKg䑢xwrY J lӊw-[7c-'>H$6XsɫT S Q2O|=qh0O>4L ;8 Fd%q6ڷkﭝ=1lȒoǙ]up:6߁wSyĮa&>j#aBh Y(%/[dM!4&zN2p /`U)nr,۩ 1-jʊ9j`Dŕ(O5F6s/r~]7)hO.(\HlAMvq _(:PϪ΋yǷ9iu0MnA;"* 'N8ڻ[9a)-$6 y D9_m $P XُHìY3 N q.5gd>iamn3Zm VO0BTK'׽ƥ׵k×]P11;qR9\2vf̎'OZXtp99IkA=!7,;nolT`E4(S񭛃(i]XZ`}w)/>urqBYAc쳆d: 4z3q 5==ϑv~J#M#]/"gQS(v'O_TG0 8Kgh'W,|&_AQ=tcz, Gk!rUB-oכyȐ: ff~8BE|5, jJqev<@q%XPR5 9|U3:VPw u ;ΒG5z$I:L1V6Q.G1x9z"H[[ꄁ ,5uWD+*MQϖ3wnk[nl"' "f_RudWΟYMG,zxeۂwAjܳVyõ"&h^|[= 2JxY{!ō-H>33,ND_y![ kD|ɭ0r/5,Bt-6i;tM֑ͷg#J\?/ 7> a!OUwk ȉLYhd ֧ q.KYS?:_\HHo"^DbYѥ){I z\[6q (+ "i)u:} `cD*555Xx0e&LsT^熐,M٢UBh!pS!C"͇kaJ&Kȹh'hv=B9o-&V>PNsh!W٤#5KC[A/No8,D^4 5uWZ:=TOhV5v :y)\<`A&arT{p\(5utz<>cޭ36{dxyRo k,~z츥pz7֋=s#*UQ`鄚M nPVh-j" պ]RDlI;Pq/YưPA38O. :mqObu- ݑCNoD3"wӏ@'USTH9K3lqAbD܋v,=u!/}+=dA;SuSߟ'/rX#IS}n9E.)s2Hd/w7k-}+I~܊g:3zn^%x9TVL0^Ra_UH Peu7zU!Q򛰱v %+7cn8#~VkPσ2Y( =WY#[^rWƦtP:/nR`rug8s'wt8"٪ #U2 5j2R}a'H.=MGgVꌎl,m: g:xѯjWT@f,e3T |8g0&Œ$YTq{D=x )}LIV[-!#U^w9G{BtŒ8w]TWT)1Wc0 OvP=3&!3^Z uX=rk\囇U'9mͤq9E-x)(ulk[3=icX̕N|HVv 5L}2*ۘ2_ iŅ#XRWދR.05%pgF7ic>T!S;DNG sogD غlބހrY6ecuC0=&cOWH@b`JW:T2- Q12."1ǥ],8k%w/HA~X5_44G'Ӣ& pi>t]z.úh&1 jul%Is.KGK7"kXE {33 , {8 9ǮJN"S?w~EwsV]qcG>8kiog7RAg_M<pN\m_'hh)-  ^YX|3KS7WدF*`M]QrY$oI{yb x"#^({*16W$hg-NHݩaVX?6}Z,R2g@9Si< {zC-!f4^e(^ǿ6}!\\a$r+ThDL/E[AIqDLkquU3p8QwN{пoSU>̥ WNlشs<2*{} F=.rz;..j{`K*cddD)CnMׇ"%cюr溄oU 6ȅﵹ&1ݩ[љ~[ɚ^X iDKR.HP¿z% A"AQP;Yi8Ta]ҙд; *vR,7 rNho+Zп,#]2P:T$*iLoG -qVȌJU'q]5wOX4o3AV ^wth8 h#qio.w{%w@6}-)YTg.ans|x5Fn=XL'ș=}&=EY26a]i+S|t<"OWōc)Q9s= 1-f72#67@gqEFWeeiX-?r}xN5*e#>$'h4,-lګt% U{-Q.*nw<?9}mM_\ Z#g8BaW t*4bf/SO p0 {#0aB.-2ZWI:&CD~uPgц hUwR/Q])w, 3;O:? ή0Sǔ_Kb]ɌMt17ՉCX9MRO,P#_0\P qq{eR|(P4`[odQ^J/ 8Hz}D*\o}<4k܄L_+^j&'čOڬLF֝?ֹ2)vСǕ6[=ETV_ ߠ*c" 0}1~B*՘Ji ~&R\~cH-;? ^(P Ip "X" I M}T\G/0ô+A/pߒ!:T9^T44[_#ՁyIzGX8 Oݴه翕j#S,rsa< 'Th+ለy Ӄ4Bgu$N/MLpn@]z SA8 xPZ%_3IJSI# ߌquʏOB!) o9İT%"r'kFmhr)3C=C[!g~^vCs*eK>Kn@IW>\?!cS#5 0$0_}&{}rѳs)iQ٥6m[|ѯ tH܎,9x9DXWMCksL"_j2aO '}bjF]]]g֣CG:G;4n"h'] ۿ^.feHA#$ėґ A'LDܷKY#8%g)n!i@3!xql;YKv_,@_Fޮ<˽CC"dJf)6GT"!A05}I#6yPB|P%!`  fFzWU$k8[_o I U8:=4+ia#& }Xg6';&49k]uM7CSd-]*0pfKz'}4ff"$<*sR;G OPǢ fTXnTd Óyoّih8k/_;g΢ %'7AJ"IP*L4c?$3-1,},#< ?(Bn'$)aH0 ?u.ZV#į)c\8o]XӰ)XײMc6 ekю~ H-̉(|]ל)͹}OsoI7Nm3/HL<'4 C4|OroGÂS!R f)no,8r{δ2|:ZQ_:TJr`}ǮId֥p0Y"g=`yGPmP }?\ϴA(@)fR'"g|ΛPŀ|M5ٶw彙 F)mAÔ<\ ]0]6Db2p#O#6c>DSucDr>A: -oh3>f<%L[U/t$;z[4D%.E;.ˣ*%ErE#gw(pDvx7BBoi~V'{[X u@SC3Pކ±`4P4ɖz"9 95405lmy87Cú TL.)PM J~ⷎ%uL_l%DW@ID99D:AYS̬4Q)믡Cq_5A~<nA=f6L >B_eun=LE;]r7 wj53'PfWqze8DXP᪯֎_Gv\%)tso.#_mZ2Y}fDZ~᝽8PrMJ!P$ڂz[Pt,%ub%&OqQP\uGz{vb!WLد st7 ,Oߙ:WQ6;1w~Ƌx-/E"\j"j0bڣ+3O~Wa7i֬Bҙq|`nck ]q7!o68@s(L MqJosPx\\K.St)y< rx T܌˱B⥿ <IT\䍒hhY/#g-XoEsĄН5Ey' 6etlSKi%lpRοs8e40{I8pS(jڥQd1`Gk45UVɬ =_p'TeS'[t2FRtHSG4Ny~ux߿pM!½feũk9#n$0_5Ƀk`qX$ px{ϺMv+V0aeIݳo 'M0:5H]OX5&ժߋ5?{5Lˉ!*T^Ly}<Ywdd`\G򵒡IqKhPv hBQjWQ83ֹb[VTS@Kl#_YWeV#[\ ԅ86InBZdn_fH͛mt i6GyЕ1=HڼSm+i>Yh_9"jר12&@OĬ"^q2@2yCjj[bquDa}žR}#d{ѴEr<ވ\́[RQ.D/CNzN͸z\U`-lnd-{s ks~8(I*#m4ݱ=ڛML.#m鬷mZCb$eNqUTHSBd|\) ĉgUI `_@WgT_FVgbMRXm RJxb7ظ 8LyAS8ΚQLyg71 aoƺ},#wtlqtqNp2l:i߼mZkw'lA*0Bn0B Y-|׊09j2rk(-8ao#E$ ^`<^:_^T dDT[j:gzg=PZ ;}GY6[qȹ [q86 d. hq+<)m}ouQ!Ӱ̕ Pn."ı &0etٗm<KH2`fMXWcǿ*skڑ\`IwW(Ƣ:ȭ|SҨUlM]\<W MoCRT&Fjqo‹s-Ds1)7*w@h&յ ,*٦3.;7{Nt}hF~"IЩ,=8ʥ{v9vZ6.C aJDPhk3Hjp{)џi x@{t 4g$p9l_%Q7++M!e71Bģʺ,654 :A>q E *~(=].TePTŖ7;S?rx]z(ă0y!7BXm-KI|m:W+dl(;D=߃6Ѳ<K߼POByzkE皦eP+%uNuXg /&O3i7|^%@g Uɾmc_PENd[۷"Tg(g[bO-5lY2)i !M*צ, Ub'<4z `ULJsx`lL19 Gq$#x.JfC y4Js@$[JmzPΞ5S8hTy{`g3=C[PMv,/ 53M [/AwOؤ0G; ҏy~jjJ)T5yr/`xKP}l4.:(IU@9Ĩݿda <0"<Ʉ3W|`),{?D? JUJ9%a7fI9{1߾v jÙ%8VNLv/oU.FC2Ǚ\ fhcU8M g ?И`RSŦ?I5%$+eIJo8<"jAA@߄.{&$@S{C9/(C{ FcQS s9m Sj$YJ3#W-hb& ,d˿PV?2 sv( ? 'aěbUq|LK`)ኃA)zQ| ||ců_R򋥃WdߖnхrQ«vM\M(zzB@ 4r0:_۟g ,th`/$~741LWӳ=#,17b )/|G]X=` =YV@WHR$_n,ur1 (2,P:r#!)1W`9V';THp:ӀA:*^cDM*]zx2ݰP鱌S-<;-i"uDȠTMǕޫע6ͅf"sf ޫE9.]<(@4X,gTB+aC{ CE'Cqo F0A=X@]/B-+pБ1qe9ȂLy@z2o\=bD2!0!J(F'ec~f,=ޒPT6(Ty>m j XU!Vr"r+ x`'s|:!<[$B*yl_ѦSe]VW@O2Z) S*|&/ب!֫pο(S3kN0ἒ6[ c?DZs=AY (r6w/MD&C (g39i`1+S?2%Ua7Dr =XO}0'CG\EEPx8d~.m'G,J?n ly-a:߲gsD' S}/4w{2_|4cT08XBw[ JtgO,:o~ſqESQ&v*CH STFA1ש-&-m{{-|(2Hce>0~A6M a/˄#J2Y}ث()ߺZHH8_xi5R!ȵ͉R[Tȓ$߆0!ߞɉ uP<^037]]uoN :rc)Sdadh w-2|++$2R@Ox*@5My&)2 z!`pHQno[)wnDӖew,̡ l9 Ňm4.{;!ՠ r]^&:!g% -J×z]aTvdh$Ļhp6&ǹ wHP,fn ĊmMfnIA_uGDQw$JDKc"0rx2LC!!O\עEܬt뮂F} =-xOM܊r$ O2~ӿ3u sS`K.PlFoYD9͝n ellY,[M>M5iРLa}Ut`ט&;Ɏ\SlV>h*r:D-p#(S"5f<T #*p]@Z0Y.*藲mLiS\OK_RE-^N"9Ά_Wj S82V9pM4;c=$9Ԫu+2 B8vEW/$Jg~X-'[m( H#{؂+mm}L+n Mn[mGC:-WpN~)/ՎZزDm[}Of.ڦ!pIZ08[ $B<x)Ii b|u(ÖO8tl@)TÐj241h8)f/r+zIݷzr'g.fHQrۅ˧n$Hset$*FP$+d=-e{Nu?I)#kŌvr]^ء=%a8o_m'dBmm:|bXfs!4QIiq[w@gD0􏦞JL0bqHo@miIM.~?VH-A?pp2@l؊xU?Q J=wA=ہޣ]6'#7yԘH!(ɛww#(z/0~ YT's[?JEqa j_"cSIVcCʄ4Փ54,IukWD^v x CbCsen "~Ug %ntC.[t|&[H6(eH&Qb8INP r3bxUa%Es$`UR4܀i)\./ls eH̐x+"ZTn㠒Dw/KdY PzM"/ ʚvmحt Mٸ\E{Fo HkV%'-8>͜z[ؔ]=~l dt*@1 ԟt0Px=#C קozd3* 4g@,oR.vmm p̃U\c3O\ϩ{ jZ!#fq*QO;g)c:JDRKO1ڐnHV)Y FU)g__)2e :"gBix0 SƇS@͞$,ٗ2^8kv͸HƽcXE8^4([TFYLfK+t'_"ix޻MXKJjo&' =a}_n1,0]@pR*+mXNB~ kĬM|3>O6Upeױwxȏ`JUTx<׳ r:` &Ѽ=?t_GFkTs-bKR#i4k7wrT75Ǝ%Nx|/_Õpɽ3 yJQ aB,xqER> Iv꛰I}ј5"Say_1+:P?4,X1Cd:`[L6 ֚ R$T%d iX"=jfC|K/rwsY\1,s+@M─MGZ>מ&즲8@o}6te!Iqz}{ &\|!МI<_f7į?]vxD0iq%6!3yZ|幞ՕӷxB: a!5Ҳ0oG[iN%SQ ΅/-Rϳ(єE`~Jb A}B+[֔\ѹih"7h6 :I0&cC[B<2쌻K& )9'H &l8hNț[6%;6uc?;k_gcVaA.i}(N5*$4Tk /r\eMuKXL6œv =~Bv,B XwJhR8[Zt}R3H1&+N -8P]y2˦y,Z? :j;Y8?;]fOu/) WGXmO[ƕGmN'V Ol4wBx~xJ ư!-ޗ*-^ i,p >؉.ZW)ٵϖ XSG_-c`i/%"op߭ &Z&L)l𵊭[M|Jm/qXkOnҗh`P?SNW[{1ҩq '*:Y!#vޖӸ׀0!n"B ,dN/3 UlRoD^ocbϋ6!9 u&gķla(AEd2D&r*{;}NybONDž6b{ FwW$$pt$3KExdhw!%*^/_<qI-,0E!nsEF ~"Yj!o9M4vVg%vPx`:]+sÝnI_pHLɋrbC}ے//&!IlmO@$ZU' w.@k)i͘l0 8'%MSps-=5rbgËOHɳ(J*NSդ ,C8(?'0x;PuO3ObS+Yů}ܟhSɟ7݀cu@FK.aﰧ !u^ÛtOЬcPO5|]=}n3^q_ p]=?J=VϪ=mKCFO_^`B$<%ksWKj\P9wCd*=Ao@ ί/|[W?b_=|ڶjP;]+U媿("E1nپI"KXw $Ϋy`FY!HԘ[V&AԍJ!C3Svd˕G)&c1agqE_Ba|lf! d6}qiZj$\Mͪ2ȩYn'BNH%wtfFK?e.H?QQwN7KEvNVS u+ ONM8X?Wd,?j…-'Vh Gv[}Y f'J_3}o<^S#Kj"jBoY^P5rC$;G0!lr4DFmDG!LRmb܎ve2d#KӯZJm >Z=NxF#D\EKy؀Q8s{0P4B濒vAazE%Jy88!f`%K5n N Mk+U5uUקubʎYN{*f C,"jha|#/.N⮨p$G䠅lͱ`Li=X+; = iyeE{5?cx찬aR+j&G7FάIHH1!za݉p%TceK |s58Ir}aNCidU̎>qE#hU -3")iaO r!?5Gnɢ9ڈ2/t0orDW)U%8?}fhV)xx}s48m\3"&՚7~], 9ۃAL޵9xg0UV"@д-ǵ6⹦2ہ;p\@\IPH:^,A臅BWIϔɆS;Z`qK 'os@jI{ݔOn 2PLA4o(*`(ݯ3j$B?/Fy^.d@腂>.MhGᨠ$nL-8tG=dP{ r#n6"*9\#G})f|&= :_At]HrcCP;}k)ۧH)>CvO|*Fئd 6,;gۨ)~|'-Py 0l9B !`B,=JϨ&M׏/vU|;[?Rlb/XQ`r6ÏY%QQYg Ʒ=kZr8$ʇ^hٗ=i %?[D]7l9 Sֵ̕}HgY!uK5qZR0φ֗!"BXi% N. A48ATeSWc ŶNUqѓK٤SF? `Oⲅ>}N~kt mJ郇iRB=#؊ms/Wxu,AЖSRmQ7b,lAYBl u3$pZpʚ= 4i(C2=4v&x6+4]QbА*} `zDqbs);΀؉R}bUS{%mL?RE@lU;;dUV[VI5 vE*Y.uc!bׂ&SeTy7P6D =~c(}vӧ 7qV ފ:LwV= ӘՌXǨb6ŧHI0W`k-xH-Ikre6:EQk0FmIEeKC ظD$1\Fn?#7Iyady k.Λ4^O>>Mf+6){G1 ϝXMTˁr+h[hSZ6K,mdt{b࿶\! qH\&0/y.s{vKEw"0ih/ >J:|\IoJ}_2"҂II-,Xד.&b=Yabx˥r3%1aa E`50ϫ'ģvu9uezjtH Ɂ. b4Jov|{_.B2T^v,j@8)Q_#OĀ Nq*{@;^3/Eų kE^ skVw`Wݠ)\OѲ-O$w:Uroǒ%[ N'}Eֻ~b_RVd~Q8}u^Q & BqJwi3w3M1g,ebq󖟛@NXigCGAp,,⁎6 P߿EN}4} l+! ~%y~H>UD9|PnB0#Eej??R/ L5[q$͸֠)I_̍[)"aUO )MH0Gש5P#(f3 JkaZuVYQg9;k4iQjq_؄xiW"$ GW:M~؋'<>aFհ;Rl}&e#Bb\0gFO@cA!R15 R^\!#y yO9[Jm^UHʥyxHvAVvˍl|A|VI21j84\VHaa5';T Wȗ[j!pNە< (<}yOr RrAitu>qFqHungt8k3M?w- 6_q b%|܍hF\k%S΍zhs>đ_yQ[^rJДq Oҿ>e\91'WQ!pBnT%W΁%xH ϓ?RƹK-JTp6ah+\sוξֈuمXq}Iv9S݃&_7Wb/ԑi?.w>WcCz\:hUї)i6Z(V+ ]p^8S>B$&ljyu?2TMs;H"cvƵj=p'MԲ)ED'SE g<IRO<:U65hB U#w E6͓]ZG$3\dk+b䄽 +&[I0 mwܔ fW7\P`a3Wqߌa+5PVi؀ttB#{kf$DB|ba+Ř.U <.l}4rOQ4p".ﴆ~CY&[ ֍ovL[~WFDH@eT\'MRϗd4QݍpcΈUF5 [Z)Rp}bب<y"5,jnq/DhLKzsKFzE%d/LU^6|-'䝻^*CirjI8׮ҟ5b5k6׎Nj4bXޚ^SBZ:w4WAta62,`V0{̅m J[zz3gbm4ދ>ikS3j 4𤅣7!mF JMk##ۼ|7 =e…p*`Ai2p@xVj=ɦ dIK {Ի>,߃X5Hz_m=lt(D$ DPbzZ 0]g'Pۑ$1 .;3Dhvem]in|uIy$k_KI5g&CYݷ|q&|N,oz3z>ͽ&8UXYmXqŠ&ˬ[|o$/?otu&Jϣ _҆W̃Ug݀5ج)c i%ث%zO'L7 ϊcT+Pje :p5z twM.ބIsD/AdR6n#XEzl8ڎ 6(jk/I gHSC1eVB7aaא5|WOݝJ+\呮qT.e(? >D~qȏтBn]rbj=b#YQ%^&jM6U:8kM` JXVAO,o'r(v:~wW)z gb97vvH}1Wxهzϲt.gj5^w8Vό&eM7>cJJ:ɥ0 VHbXHu$+ޮ$1\ ORP.Wpv0X:#9v88&ŠD\Fw|X x6I_HHiǴBUCIώXz|}DNkUz)7QOy+Rsۅ|F@y9/vR´Cbj;eVܾ.O ZyT#E1>#Unt;ٗk~t<2FzDlnc\3N2T=*u.)|O D[ !yǒ- +ʰNc|HfyNKjU֢%2-lDR\%O'EAD "ܔ+`h(o= URh/u,zIN1>[<#,\s@qmRgMrӃ מ__L۱'z| 柨?sȲ8v<dF&h 9-Ic2:"֟&8SX2Etnjv6A_Mlxf9E/{z<7KSLf?AŜLmU+`F /]m0gѐv"šU("ƌg0I&;103$ϯ]?O)!\)K+<9b/'LVSn 0eK5x6L;`Y6)4qPO Jcw;)n\6V)5bQlUg_K /?8: *5Ħ0e],H#eITف40t2Q3lmrHtǏPAXٿ@ʡHnć}BK!k6=J֒'wVrNو e|7~|yAN^FO>u+oʺžmjWrIEFqz + .F} MlJ^I; Zo1Br}uel.]>c##UکIoo xzԣhnS,N?Apl/>,Ȑ dž#E*NY' .`,=ﳅ{搈V03@F9<'8FzAW)3}Gſ!Q ݖLg$ [>Z 8ފW(Iǽ0cd&/̻ b wCdLMd3ظ(m_)w<†e.T$ݖS!d'lLn1kV~.-BM6j 9ߌ!꾩3~{?BQ{Z}ⰪyԒ ֓kx5²}G"f(IQXLP NpíJ|>QgB B~{é]4`}ʕ_Dd{7b_TgozQrq#}Ý%n]Ch\>5QϛRZNZ~3фݔ}`ߣ#}3?Aq'G!6@Cɛ^yF\1S-g1'UZxp7,/Qw>#lM9F"i@nuoB&[+FApw%'йg|bQmqCk*a-O; È~gIMv6&1L8( T7LN=/ΜJ9~"48Օ< |X^զAľa9Q> .ooKW2tLFz0}z6ElPNxȻvh_\Ju0¹ D53s)r҈D!NiQ,w<|#Bt5NW ;q[iڲqǣRT+SWv n/5 E)Rtrc2:1㪓3J.uHƳLzB6vvŪh0R8$$Cs\Mr^y=lW{0 Vk!`S㯨"2EsD\X !(x+t Ox~G̠_`7RkApi!= AE$/-+vI R{cF'J uabS[{ dn?3msCz 1uӗ}(4enmh\;a2 ذAOW"r@V4Ja֪%ةULJWKW Ť?Pc֖f_Sfds'|8C٬@8i0 v2kH˷ X}#h!h'#[j#ly;Հl,%EI2cp$oSam:wVfL%c#?זd k 4kg?bbA:`LOD| tK`6wXJ}} R-{* 7$ `QPO6lzm?mp`SaG)%Ӓʜ;c÷G6?6Xkx o@}LoP_.y;$*k^ڬQ՟+#V3'A?ˆJX{{2\"}pO(q t. -ʜo+h_LO&(K27xɮIyg,q8;(:Ѿ7syˀU_\z`V[cOi C *:dGC)AP`#0ϐ _'|9J(~4xoyJ](~D>[F^2ώ?rʛh\ %*cӭ/K@q}WIhw8 K/9jR&zcpy]!AU*7'y1v77}C1TxnC : EIj-#WT ~wƂ~TyBR7SR+E\\v멳ۃBU>, [L@[+$d)99H-w5KAнcO5aא\CnlWMqa(Y_2 Q~sdH?bxK7/_r6g--0M wj۱+أG䭯X3!1`/UWq$F˃Y{7z";@]l#9:w`3PA%R^z sѼ緒t ¹-MV-.sY'X L_ʍUq~W47pcD F58+R3a~}3qm73hO Unc݋ozWbD+<J¤XBO3$Q);~|q--7 y> DhR;}Ǒ:A*F}Ńۈ$(.w)ƹ?(f8ߡȘL e"߾Тoouf߼Nl1H W5f]+gWӖU H,:U|y.%cbf-^F`a γע͵8v.2AYί`K֩X'0w u3lL1i s|Ǜ "YR3ȴaO1 LVc܍s/&i"{(hxZyr4H˥o]e3p = Ƥ\]{Tf6}AtVJ"7۩Ղ&SYc[v+1LTة{52EUxa%sXA/<- cL{oB-Va̠ԫ6gw)^NM(U8 p`*&^CZMelt6"g YDSz-djSc!Lp˔FFb(Ǩ t9 ]@_ :rC)‡BПaZhyJJRWxv)c.@U=! EJ,k+ڈcrKroԬ%ƣh_m"@_x wLhAEK768 E?g']*YP#1?80еHޱZe㽜A<*@*uMنmvQȶ=0Q70)`*oҵ(%CJ,U,>W\g$l5]d:CBNӚ=ly;M,LqV_s4-o++!ٷl%\CL7 Ni%ubQ65jձqm ;WV0 xDJ_{ӳ2!kkI/yo3fo~*_}i exLdKjX{n?oH8j;9?2բK)(\u}m{7OPJS5劔N4bNr#X"a/ uа#( fH)3۰D-&Hɨ9CQEpeb1|4AmUYqRp#`vAvJ6!s/(`֍X/PsV=\n+0C4@W~CjۺT=2psa`PFVBdۄ\+Ѝ_GXBFSF`GEuF(!YP8C\bbqEe ]%<"1HύQ5QMwO K9=-鿼Y&2 Y*<؍au${2X44LS[+FC=L_%@EPࡃlmTˤ2!ğ^8L@fF*k 0GͫD ߜqp H_MC6Lh&ʐAVǸ58u߳ FQ)aw`1ra~WMT5WcoN?I2]Z{z F4c;YƹR3!̘!+`9B\Gehw Y$6R=67H6+~@DUrmIvZaǃ; &g" /cr!ޘ@0Uh&cpaHnO1'0l w[Z%|0޽z{{B_7<+isTShp95vb ߍ5L`Rz)8S02g+xP ìvfxuRS0 }H^r s0~0^'yE%pރ%C]ލ\t s%}Np,$kJgmq3l]2'WqVnZ|5Ɍ!l~xfFƙ&`ZS%KmaI$a^A [zza98(Lft>p >@63O]V )S4^OͫF_ԗJ>+Fb5!3x#Jms0 `` L5-nC 3l {9Wh, n?)5yFq83Y$26}S?IxtEQN?\V/T"~Ff_OG[/65:_f0 1U3n2U@=D^H# Adv]vb#,!_">T)CǴ 嶥L;*EQyX7b+]6›n ڱ2nuGxX(΃9niiL>rwR>Pjnx/"e|쮲>My̌;(L5TFE)#~ 3bSd"Ew"_\fݑ([!>T7@JG|sChPh]B49E1M5exWubY Z ;'rW$S|!M|-:. e0SO-v~]n/Erk| I8zn_vrEϤu /p=fhicQ"^pq Bxg޻UޤFl}I}/ڱA8)֒&ݔXǶ$:n (;f]'Y<˃6Xs\ŶY`M~'ArDUm3fЖ8`yIA}4)TU8:o+E!:+Dta'={+*T4ʭLyd\uQ'k t*d"^Hv<_0h=)IM*МO5]]Syಮ|ZGUk=ЖC ߇}MxpV)+{9͠,$Pz-hVE^{xbޒ%wxbi_m2E{M^㟀Qg2;txZWEYU S&ڝ;&Ξl[]XrQ>v[L]֤o(Q3Cc q$>e=r,~vgJX,y`o7[&BQy tH9 ]WcE.1sm&Xx}W WᗋBI!LRF}0@˩Wm.ք@;!adFX.߹\xAabS`C$ۘ+! z:o34EiyO9F? p[tb,TQpV|#ǬᔁFE3V;Y"o& `) 49P|8D 'dE݊UE.?Ȧ=rĉz 8{9UC̬R9 fuZTyrpTљΠ=T-V1wDR|;P iq,{i>F9Rd_X5gv~7 2^i"ߗcҦؘMiܓ}0'ѵZz`dHJX|¼ھ%m*)==CJm'VKbȬCH)msYt-=PДD~Xof٣S18[ky${_ij/uҤ-Q-u}%VK-枙shM#C- 8>DB .'vBEOOy%A6IOiRDvnZұL9TjC/e쉇6{J)R1b0H"$agݖfxA͊Ж[iOTJ@Zm&-t$ RRu:v1]۩@b (9[@`c!Vq7m/=/gMyd(XBp|_e,їw .k<٦j,Т% ޏjmJHIW#q̉ȘQJ.xMǨF~]Wֵ?q*V_IޚKĪsY_#h?]te1Œsdy~w5!!ƒTr3q\GNlՙ}.`e@sրVڵrwveL7IeKKa"ViӤr $%"p`|oi$cJ82rʢ#*+cGS#o*du]FB7N4ᗁW!W|w"5N7͔`oԢ0Dm4tLoT{>7: H)5q!]8AW !I,[JwӼlˢ*\ #)K,so׎v[ԎX#OeMmӾ碌*y!P44%7'_lo3 yZ#T|=UYK\yI(-\5s8ޠ}XS?$YH oj78n?-?kl޿&h^~Ԝ Q/ĉiMq1dZJ9xhJM`%[NTy.I3lO.1"rRR?5݈1I9Pkz|NB`]w^X4wKN>4xx5)6~D:VדW-`? li0i3A]4qh7_ ݧ}`D0鐺SlOLw TQFWG094:Ҷ)ۄX.ɀaĖVٱlG{q>s/J2IĚ=W$BMg| ]"G)Tʺ޽z %!>OK:#&3yƉ>2f-Y.N1U_Wy"vSЦ"Q1qE|ce?B6I8!%G3,]ظzO)8JҧM \q;1-Ke5{-eBYUYR1A۸DMu}; 2=M &oNХ`$ĸ+q!n7&7swF@OԺasմ.U!v2͑c`7k2@'1ݔ@:+{[w/ku^LcH]6Jjtq<=SbϺ9Ꝃͮ؁*3!{1&usj2k:"~u;a0UwAu Nq,U {JBaw>cwJptsӑX6oH{hJnK 4[6N6î[PBFSg&\,@let{RfR{bzKt'NW o:b{\XN(LK/UV-" 8w8HiV(U)z&&F}vUIƹJ@l\j=&(hrɟ/]jŚ%}3Y,U!iBm<҉]E@WӬ ۼ2Ϻ?19^F!(%zZȂsJ`|*v [D%$Ӝ'-,%,w"Y5xfRƃ)s!QRg3vLƟ$DnN^Y op ( 1,}u^@\W=%CW8\ \cțvS+f<.X[ݣncB EltgG Ouh.É${r%M7l@W;9ѻв'$taklJ`h神ei~Z|`8c܀!PDgs `}VM袯;h#3'h]  Z><'HIJ{(˴Umc; 6TPf휠h4ylV 7:S4_~u^ psvo2T#p.'Zw).b, G^)R<U٘1M^eUao}G3p 2,0 9 S=^~#^FFIIJ }LThK)zw% P{ԂEJMWe1\IEU#>ۼltB?6,\b0RVc* H:6CBͲvpDA.Y9ϯ8BrV,ZCV-2_YJp|˽3˾OvcmP%&~<&\-}6Uk )0t۠A' vbeo^fL+ER >UEq\P@Y -.rq??)Uo;woz+T6/W[H%eZ1[R< 4l4fliCfQ^^NKt[*Ñx4k0Tn,g+:{"AwϲgB(. pGQrmd 0;~Dj.bh~#}^mN =#\́6fnt&Lvi]HO? uDh&Umk`Џ \LI GuN6spf÷:ӭ쎏[P*\:T&UV(a!r]6r[LG_/ G*]G>*Km/ RPAP֜,\ JfGDڊᐮZjy*: .߈UBAYMϝ 3՗o~i*ǰ-1c -iX9:Ⱦ^TOzˉv2 KڕD3+M ˅[4b{nc]F[@T6W4}JGU略qY R$P|K#fkpOﲏ_=F "Nrd=VQSoǽ-&!eϲ$_|샣_d*R$ 20B7KS` GXn94$Ŝ\Mvšɚ~aQÏR4*Z8g"l1I7_q#kK'{W(Q`x@Tӊh OtuVwz"IϏ 978& ;,~|#:M7 n}\HngK)i*r˒gV^Ve0g?esYgy =׀4[ABXɴFa GZaw G 3^ռߙ ´!Zw€gܥ8}Sh\50oQY!J-; ;-m;)n:GL#IA AԈ  =Ja5\q]0AaK 1-dэF7ߟ\Aq GvkyԚ~!nOkdjBҖ{Eg"?|}P,/wN1M#+(2Yqa |AP$&Hᗑ&W k2`*ECts3[K(y[ׯtv]8|ÍYӗp*ҍo! bCٙU*)zO(.8_rłeN4c (,Xpmu݃"א=YLe _%AOPP0K ˀA14`/bY&XYT@  p Ë7Gn^AO("Z؍.5o=1{D %idaX҈<ÔE#J r,7 :(pJR#4wӮU*.K[*I$ʈdShV/⌦DZNdHFR\UrO g t-+<&/6FbR!x6]b ȥ$UR}OHDw|="qF&9[qE~*~D+6б45 IA S !yH&/nӡ‰]Ւ*m#ͼfoD |VjLLl S8fͷ??&8MZ;=JL<ޭZ@6:>&8O[br k3mC<$tK$ۏ=f̒X]~[b4cճ8ǐ3V8kQF=s|\tk:SzkH4$2暀'EUu>,P~ArIYZ٤R~X?,fl(c= /T*E SMMKX|tO,y?ɬF|5t^5 ŋWPwh0i_ NP;yvң 8-tt"=ܬ vu1J=JII" *j,R&uv0Ik==r|wB1btP]=B8a.KrEI|](h}_Jh #+/ʇ,Fҝ C\1.1~\4%0G6%=j ȗR>/DcVIJ RۮA</|u0qxD%;Eiėcpa/W0{`4N2lEF P>򮛍S|OظK_hTNݟ/BqݒYbUbq7^˺9E!h"> \’r{l4'U)A?vu?^εn#VQ9QXd@c?'`L:ch|faR$oN)bV鴡997z&ɉeXW+<'Kz}~і}]RFnH}- J!pgؽ{U<0Ѝ2(GW_:pIj-9RpNv*_O[:t@7]B <Rm]bPξgO:>t RPZ`)a^h 0䅣Ԙ@!6e:ry.H;vo^ɿ5NQB  [(?+.cĆnal(Bmtϐb=be@h3hrc T]TWE4(o#ܾ'ia_kpPД̷HVLͥu@=S)Q~/(>R˛$3\k9!]E3ݚ*̆$v1G Q@[ӗ"&S&F~jw*}_)a9Z_ rjt1Koq8ۨCP ' 7=6ӣaaFqa݀ȔoT|D?G;37> m}%3n勘&[I /wRa[l%oDgE4s05N8SY aC/I R}ѫiAS(yI~q's_翖J🧃LH炍 oU( L"~Q@̼!Do|}pU^X$$}˩x7 Q|uU>vfYE0*fNR}3 7|Q,j{Vs~$W7)-r]u|_}ie\!m˩U0W~三Et Ȇ fEbW ؒ]̦ή<2<&*$,/{j2A h9tvOy ؟WlZ^Ge<ݣMj=:H>AҠgЮbFA-`A[`Pn6vP&ODw:qI)hF⽓p4kIYsjڐ&޹La7) Ǔ|YB 7̟wZ=rHH3V`Vh%PֳRN "گrIMi۔ ͅLo4‡CEp$$tش;-Ίcw1`TYc'y0Ө_ˣ)JAZ n/["S-7x魰%nNzj LjS#qG-*lSuu_$g`GƏaƞ-XG?`mG1bFRp A{٘y$~nʹw!MDO6?zKjCj^=08=p B0#Ї}7~(0zϞWS^r:/T13Ԃ .01=x): )hPA!Fׂ j{fƸ˥?VR؎9v+Ta5lIR@UdEٽjNmGb/eijxAH\)\wB;`GW^ԨNqOdP˜pp|<$}7H'(+GyhzIզD:ӆ::*/) )}?&#wdGO sZթoTΒ;&ެ9q8ŵy_c'-э@*J>Pֹ|isE9(/?O2DCB.jIu #ctV!uJvsVxƫML9C᳀BĹ&]TQ5*)Fǯ2OQ9`ܠL_/n2 ^3}=)TDD}7_S#9J h`>nKZWAa4B!&zpcW¿]֙ N^˞hJǿbgc0>i~%m!HS{qǁ)>9;'ߚI~ggm~+>;vAcNH#Mڀu.+zsVjG%;.w=Oz[wM7`.ύ$`t nEv#颙-l,O!E/<@}c$C8iwֈ(VhZIUGx-8B[_:΁]0w,?jDoh*>L`<[a)d8 X+`u!^UN)x:85r>Ⱦ{{1mGs)s<}%} F.@χthJtUgѨؼh_PUsd5M 77>Ɍ4pKGLrbgmIjO9:TG ,j܅k Fko7s һ͏(ˀ^>WtG8Mh5ŝ2, n&h{x數גMal) f.Y+?Z*pE_J5@q7H3%{O&Hzzs -8sVG.3fakp-0w^Yeu ZB(RRUWoM@s9F ԥ:~Yh6ԥW !@}Pcɕ T'ugTx£:U!4 SrX=$Wp ü7Wθ 7̻EOUy8M:2 \wVPL I/CyͬQO :Cܖ+ $bQ-Ja,ME OPaPL&n,9 -E}dQ9ʢcU2~kK5O2^usY+^ '޽D07c~ 4l+EA Z:@`U ܆_}*#Оh *m%u" O0*3?^ۻ(>O_A~Y!_ _xg9},taԟmpx좒|D r6$O JO.۩HYS[J2P"<FLVrzWՍm e$6Yru` #,(cP"7:B r-ɧ|9`䁿%|#{u&MEf(qf {mNʹ[\&̀ &Y&µs|j-H*5ep/_a3W$gR| ,G^M#IZ Hv *X-3v1d=nAeJhbN'LL-;[Vbg]Rsj7wV `E ?ƧnG$-m8S\TX$?ZbnlG/y ՘ƜG`+JtmZÙg['(}[!p o!@C ̦UbP`u[5+ +kM Uox&UB$L-h=~䱩u4?_3~p,OotnUF|]SQ7;\Wѧ01e9~cXvwoK0(kˣ,v]u۲3}x@it46Ae\50w#ზ4Ysv[~G^"'za%RM78Zc=Lv]9Wϐ,jޞ}F>礀;,x7M-ޏfF?M$j}-m4ӒkGQYdY^VM4c Ŝb$'Q/ =aw]\ \m5ӑ!yN{$aiyyȃo^6 ;΂r,SzW~4Ǭ.US)=k~/3Ьǚ/r10Eu(0sK{  UF|C!r_niA"5JGJvCXpD!FGѠ7wn9Jם ئcd̹J۞9{O\_uЏOp t2D<#}h'NOlZ GV2^ga 6Nya]o z%ZFXxezIEcX*J,5h[ŒI#8D\M笅U/NICюq:}gIK"'$7v"foX.Ƴ g,QtXH/WZ4ș_gM1tЗM񍲀eu@{<$h2nhg c6W+SqՏro"Kew11|$Z)P^);S OH֘G+$/[ v5K7+\48/p${*i>0k1ഁRC>,Wc{7_jMJhgPwcM?REh/kmsnCɋ-֗t`g+5hK}dHM/yT^>~~GexvBK8UiUrt`6<曼Yۣq V@[a7#G&>^^@-uvd<߿ANt~y=40Puݠ'1#iyK?p|us9 T,psĤ\Ĥ24,=׎ 5EZ8,ޥTe8e5Xsif],>ZEНvcB`Rn~Jh1~lǬ~Y. [+DƖhB]LӼKQNY@&<`q8RJks>"/鞿Ca2v ׇBG"f۫g; ʤgs&2=iڵ ~ݓJ#xn8ƴd/w5"O=Rh w?\Oz}EmYSk_uZQOĽVu<|X( )¶DrdC6C]6&%R3u\ rLёв6#KWD < +ftR]tM3/K衆&ZQQ Rӓē ʎU=Lj.U!_`ܲWiQЇlɃ~S}X g wjmI<* T6snZ /?gsgS0D#~a4GRq).bj'"jǣF֐$1rfڞs;w<:tl3V%sYkyխpuc C <nRP2?t\5qN(E~,f@RY0l1W2qTYCu'&:pX /jzvҮLmzlmr8F}m硋EZ@akLdԙ nNur-T;& Xubsq5Owa찌%F'/fwiE|rk/N0+]Id<M%.DgUѦ3}ej1` ME"eQKDAɅSG%S6S\Xҳ#Wz÷\ K[զ(w-+y$):2wiX CsWɢU%\zj;!sGSֻVT =\eGNm7[HՅ*A@"FDꝳ3JD*1InYo jI'^^o1O>dvm$e<_ %H ^F -NFUAߐ[Q)9G v5/g$WN |&x)#,F>ۗ`>OoHbbd9Wݮ}xh uo^获kC"EcU0Cpz N}-BD²G,qWθJwV6-[]@Xg h݂35TP_.|LsZ|Oi@;Ug)j#H[1pȼzi4fC,Vn ƎVbo]ŗ=R yѾ9c'P|? B& Tc|jǢAiIs28Ls1Q4vdmp6T$(z;sbXSDU$}?h,WK`Q]ghZm>Ӎ'4s~8fĮzuA[y:TWlA)TN=lyc2 VN?AH$ZM\  _rt @_X?_/XNh a37{&-+k&9ݰX_)}4B&pwU)A-=鏨IJtԜ"D)^X|M1ܑ}2*AUp!}H$$;/̖Eiӄ1u$,+!ݔNf{D<Bhg;TAX+@iGPŬZI uMFF8hyK-RH*w@"k|`riݯ\ư; Ke-GƁ9DFjf3z]>M#ím0GIі Vi)Y{ְ ^=b &-N1w@ H.z=!\X޾3̅=AZp*wW[hP$gJXhdx4CaEg}r@FNܑg7 Y83_z2QKBx(dp0i ^* vNE\*x@8=4wf}˭ǎ*7^)0ٲ5_X$́ VacM΄U)%cſ<#/:X{H m` 400G-8B+APnx0K$L8<ő{̝)$-Fgz|*Õ,Dq@6$kZ>=উv畚>W~&VEzuֳ5l{,k [:?vMd5E=ʰkX 1YiDB/q#+"n,C5QњkIHgӿlfQCJЗFkʇ2!`dYd/O2E+f ɕdim#"p~\G\ =m +Vк[yC;'N;[S%80%EavAUH,l4g}bXK#boZ(&ޓޘ62H=(Gv#\z3NB@GM$,=lmJIbf+8_X'' ͡kࡼ6;5!,nj]og:S@!$^0,"ͳ;cGr!ȃY=IHr>+wε+TDgP Nt*6bٯۛj|Cj+n#k3vNFoZAͱ6A0JMS!呎 JYr\>H^gr]AK?NTh\mLh, ͕`xhdҒN^S Zg%YP3Gb82菛zg{LJ‘ _: '€.{eK!ʦTatgv|Wi9%W薣ق%Ps< 노8N^d(ޤd(gsͿRV?Mm=7c.%k"#i>S)Xva#.&Z0keYOG:+."؀2JA{a~[}|)Pc${$?0i0,P:FվɒPrh9DU% 2*pLJ4ucW-Oq.KC@nzTψ5\ƤL=iNӾCͦՀC]R'[V^ؽ54]䌎+W$+=,g}%p2HXIajn)+ݨK-GL)gS<䞭`085~SqGkvdmSj"O&5Ԅ=R&(`@I"`}Ӂ5H|]!x ~ %]_&-g?pT1>r3wDNdv3p{$p_oZȩz0Ƭ92_ϩ 3,ЗRYΞ͹,reCLNSn(qN0C~*ޒ2%9!oTe=r4ܑr|ofN`R?HsZvkQxMe0u2鄡9VR.,} c%2x @@ )xtfV6Y;[-ٹe"Jİ/[f"2if;XGA>~0|Kc-Ћ|mo!4gTR>kspHKK~(7S+p% V/(̫-,4ƫFqG6  Α1^Oڛm O_kEq3U&0\/XbW?P II?iٷZ\p]eMk!0؎X0$iU}>Q@LcӚbDpTs/DQw"Z{"!VZ ֙] Y_5>, l*VP)D=T. U=cǩ HbTHpY%2݆w'ӊ bX^~J#: lbh*0|fm2 8gѦBb#!3:6הm0XLG0x'ʯz7h&Yn,㕗w$q]9n@<s:x{ɴrٍ>fAo-_Q xtʠr Z7pk +V c7!D‚NVx~f $z?38h:h #3bc1tK-|)Pi#w~6Zڣ^ @Q.# KSaQcG:)7ӯ^hkPo ` ͫ.]*ų3وc}@Ůg!yg# z򠬙tu)A+Ҭ(,9>4>7E`0" pU_٭t7';?.x4,e8wrZ,_ݞ,"4{ l ]b>#\_\՜9abn)zaIMD5:+Qlp{Jw"QK?J|j_5HQz'Rį(Z5SypKlR36X љɥjjH^9&J}^rE*~."<Sh:nEӤUod!rb׼Fw߉ ̷Y 4O9#0fZͣY<;v Q{,4f_Ѧ@LӑVebiJiD$F*;CjȄ\c:a"87'IsL5V*swLa5FbGGk t^#n.  gb7G%f66֤8zR JbL3Uk wJ=()p0az zIq P;"$<[2\KLCRw2IT@dKTl;1:LsY>SxV/5W]L#uZ=Ϝ9[koL@YEC] ^!ق+Vh2Аa1MEC[x0c0Ukc:),Ѥ C,1&wob.2{mwc]"%$h<4]Nol_i)=ev&dFal=AP%䊴?CU~471b1XѶRHU1 6Ƙc!s,XaG9@3 5pxmȫWq17Oy3"we)ev{VoԌm7tc5Mޘ*Lܖǥٕ$$60-6 XABBoL?u (8^JH,eoUTB\»oRTN2`Rrc1\cQc*3p׃'!~g(kٶ9=V;*fMO 4v2ҚM!P,iөrŽ*0Kt$CU&ǏP5dj(%1L;ZG}Jo-Rq0OOC At0ګ8k~?3(X!! 85(܍j BaV55F3;H6* t `֮[vcnسdS?n! Òpx׭bu,,s𘄟i`fss3Qݚ׍I^$BٻU4DwAC#cFJ 1CQqMc4bQgOy'~$d.4.GLV/S_]W{9XX%8l98=uqi+Q[@׳OISDAi<\jƆ,VoKN`NQ-;hdwh>WzuLA~/|:$ ;3aZ<5PZ)-  J;hZzLf!kTiuyr-h7B.91B9rJ><`alij_.NjA<19\'1]3}InbMyu:L@(Y jKާQC!%n =*vŹ1㝢?^`GQN-TN%B qg! Ą$zW0j$;蒙6Є?рcy| qc=Edqhg }9Nd .M0I'ʝYDBvc%6:{o7uՃR\y\’S͒)͏-*OT%:I%1; ǠzPP@c`^/1r-µf02|ߝ"7/LE*JВo37qco(5't)gb' a+ '8 9{;Ϡ$:ry(t$u@|iLG(f z|i櫧>"( Dv%3ٞ9cQ(_g /7Fx&K`B:ntQjb.{8l]v0DZD)688# sJŐɹ>R qKtMs<e&ޡM.Ny7M磽y窖 }6Y294NF\@ uP5.]4?׽\ W {K|2dZc-?B'mQqV;ٝ ៭_C+ OœNUbAjJ0t$+.w"T=Q~ g˴ fg~t|ǜ+惆?.z`L (׈O"dN)iBv 8weQ* ˣ淎͕5Zx OJzeFgzS$=qDF L#so~F@Ųщ4Y %-dnE(R_ Ӹl"[].J"$4X?sO@yEت$BOT趧}tz?R9 JKGy'O9 IÌǣ1VMD8 Y1ډbwKE>aҕnοY|Y-˱:G>]Xu7btMzMN@Sۆ4=AWZ  8}%|}Z;fi$kz1KNQj0HK0V):?ןnb*Ǽ`XR!OZb38jCx9K\Xq!a#_ /.]_\.DPK.j #܄Q-kVU"Q+x)c4"ͥRPILZI6|4+ }dci>k 7 fIdzO"XP6G!#B[NK#F7`w@\ōۓ{ v:cu YU5n^뮀oت*SF_0`+;PP+cypl0M`5QW`,OCDۦSPo@>ƫĺQ =3`YYI]X"/>[X>`|6*8'Bbi+et#|/[Aj=X҄tL]HGk,J~`9У)x*t7QD#ыL(rEq{i,.  lUڞsb$vf,,ʩ;8p>, ku\)IÑ7m16A_ ]FJYcd̗o %V(c{n[>j U\V})/|[=n-}(vڥ$JN]"'vM򅑓 _.4ˋ^M~ڎY[.S%csG /(|-wM_^#6YX3*zt"Z0)qgu7e_\zS[ *JΌaҀ^EN(|QN'o;z0h%mhrd΢=uY=fLǵqxMaB/y3t6*`m_ruŨ&9e}< 錱nD| ~8hz!gtbvo`cX<+|Y֖h\.v,yl4rAh{WFeB}tfXvp!ݝP.t]?lTmUt Ov;ίb%tI!ںɋ:DƂ8Mk(yYpG[$?0"nK~AE%{2y5$z#bdիA1vNF*;_-yńYJPW t²$eLF{ (/F]&RI۴Tv].?ꉹ<<1cÉ߇9Ӄl4B `\1k(OC[B EsÛXyg=i͑|k[ę4ҏA !`jz$iXX