sssd-client-2.9.3-2.el8 />.  H0,,..e[U U]kmKڃcaFñl њ(vjK:rN_04HMV E 'ŪL(cG,s2%V`7א~5yT@^8i0Qq+r~xs2@.bᄾ!SR.R\3qcG%qB=.4*ߟ\[/CC{[HM/x#sjЩ'X 1JwF^jFCAfkꏋA&cce8265c04189023d1d0b8999bfc62160e6229ffd96e502c280e831e31607a24e5bcbe47a6c4a5bc249ec1c4816ec9a1a306db780302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb500683066023100adec060c8e39ccd74995af14b4ebf5f6d5f189d87d5d9c0250a40683927fe813a998356cb69b17717cd164e046913e630231008de46a255f474379fdd37d1563b849898f38929581aba253e274d1ade7ab9bd95ebbb5cc0436a20b0cc7dafb79fc61670302047c435bb500683066023100aa241a1dc658c8fc004a14aa4572c529b177a960f9c0f02989cda7b86bd6481c29add9119dc116ba644b8832b05e66ee023100b9b80f91038f61a8e06e9e5800545de85c266e9dd83ca8b8300fa40689ad1f30a81cf9fe61d822b2b24a8c0a410fdc1b0302047c435bb50066306402300ad2b911f13522b81ca991f2ac71a2efb81609640ffaf5d018aceb1cc50b1e853e464e3ed55ef6ea26858d1bf60640d70230365135f42efd7cf5f3cbf98525b00786fda6de75872d82aacdd580360373f148b3e68cfdb02df1bbf00f98d93444a8a80302047c435bb50066306402300c0b7608beef4b4b2a8fcc63f2694795b238cc146aabf6942e7bb29cff479b4920d4f33130e3dcdab07a4da7414d6073023036861f508b97b9716793a281b3b6f425cd816a5fbd84eb251f83214ef17322f85e040254ec2566c8b1b1f77b5351f69b0302047c435bb50067306502305f8b84b49a444470db98a007348f3b32dd660bf631319c6d64c81f0bcd87802416bd3a255255594447db4fb792de562e0231009352cc59c584709fc6f682eaec9e4a583a9b6ad6834d36074e1d1a8fe2f22f0fc238fabbbad141c1d7e8a5c689096df60302047c435bb500673065023053bdbae1ba808db44fa68d5189d13979ce8936d3b3867a872fa82c15cbe4d7338556a21f8dfd1332a6625386d691cd25023100a16344bac586dd17626dff9cacb18188f8d3baa425ed3aa79787dd631d54d91df805b6116e3e1feead59945b3405941a0302047c435bb50066306402301d1f2f9c76f6ef1390fa0f2c620b4dabe0490e61c723d170c9bd0624c6e6db8bfe535f6d681d335e48417412ea30f8c2023033516362c48b9328f7f48bdb8422aae26d279e5812a6f88c9e385883ceef5d1c08a68c2a8d95079d004f8481ced6acbb0302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb500673065023100c9cdbebfe780544897c2024e4ee16a9376b24e3dc60f9376965122b2744c8f3b63eb3d25689b8cd985c4b97c493ce6900230019f5ef753957e41b3f2c76f1bdcafe3895bc0d45c7f3e2666db774a454d504f46a86cecf141f1c0375c483c97df0dc90302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb5006730650230304efb3685479d3c0b9b3c5b56585fd00205df6c94a7c721eea1678011d4622074fdfbd1ef290d4192fbf1db6f02b5d9023100f5720c01bb887b750482e05a432405ea3dcfd32bc0e4bd029d7781fb313400331af2092c7a3a6581edbba195bf0358d70302047c435bb500673065023100d8bbf3c73f10de803d2db4d432e8c8793a7e225098e15fb7d0c3b41a395c91bba5cc825ffa793d39c8fdfa9e0f5517bf0230026e1da6b649c797db8bdb269e008d005c04aaf816660ead043c64504f4768288c90c9b2afa2dc6cbf182da0d488debd0302047c435bb500673065023100b7cb84ce4ff2bbbddf73aa5b42e747ae0c36afbbd997e6e44b1768b2fe716341ab8e9db1ce405219cda83e5fc145e02902302fff163bf3f79bf640165a5c05161d34d003f440d78d77006e269469b75e1cfb59adb0036a991dff8fa572d3a33e635b0302047c435bb50067306502300bd70c904dc6bae2ab134aa2d56e3f736fa3f182eb3dee97ce1d51324be7285d56661afbdb4637ae7f35edc083d4344002310085f06f7669afc68a4f45bade3002d07d7ac9574cf71b8b3975410e8e41cc806da93f9efd1f30e7448804d14feec71ede0302047c435bb5006630640230505dc1f1ab01d26c08c046a372ec5013fc22bce2c735d5a4c3fe2f0443f0c413d942edb58966608b610031a4bdd847e702304bb906dacb0a786ac72bcb055d89de9c6d0dcb7167408d5bb2241c0ec6f7ed2af59cd22ac3e21f84bb4a3c08f001779f0302047c435bb5006730650231009c8337d381558901492731afbdc246959fd0fa6e0eb70f7666fcc51731e97a44db47fef39e27fca80d2c630bc218a29a02302f91cdf9cfc8a9f3dd622dab48fc5ea7deab1ddad2287e0af36584efda2eef76b00fcfd35789ffd5288e4be14630d4ca0302047c435bb500663064023011c883649d57fe2f8d6856968fd96c747d5b282ad54f0186c6437ac0013727a6e5946ecb36525537e3c25411c4b0869502304a687c99d59d00a457e3380f80884ce4df2cf84aeafe8938ea3a4bcbaa968ed47c7099efc0122b9ead11f2cf1107fceb0302047c435bb500683066023100803276e8e88ffc133b22706b957b74257afca5c2ad48c4b1e54f02c5f10579fdaa1ebecc948bc543daecd7b399777075023100d27f9a141af5f609489f36febc20d6da09b5116d10c846f801a8216528dc10661be640b1efeedb350bd4d5459672872c0302047c435bb500673065023057725ccbb01f5820b92938b3490eb9bb261f631f4018b6009b06a8dcfb85b626978f9533b628095deeee68b4e4d33bf0023100fc8ef5488216edcb580b50685ea56a208cd4b3c355d0988279d9f30c782bb131052054710cf271425cd2c33228cb5e1d0302047c435bb5006730650230493ed4596df09918c61464211e3e5789d3b5eadeec895874835a864decc3339206168b2db5a765d88f29717ca499efde023100976525e57955d9a9af974dfbf87da10b461fc2cbce92b83c033d91b1e9cada6fe30da073aa2717d4cc9373dfa94668d30302047c435bb500673065023014c0f6d89df845c33ab1b6820450fb920c4635ca89d581268acc85ab119b04df5038b69bc66e2940c636d8903d4857ad023100cbe990a3e856e34cbf8a21f3af5b2ed730ae3ffdf8be5d311df5fb7491555ed9ff86ee50f49d57c24f2930382f5e080a0302047c435bb500683066023100c50261de43fc22544244788e047181ce99dec57584f08dc12ce17109974e6aa142409fb88a1c7ee40756a97f44cd9b5e023100fa561f15493f96e8aedda883112cefc3f28439a8fff561efa08e45db401f6b4fecbac127b38861930a2282c837d199b40302047c435bb50066306402303bcdd904f9bf0f90268ed5778f74df0dc7b86f5b548e356537339db54ed8367c3d33494326a288cfdd28e1d4ec2d14d2023035035cd420007b8bc40b8a9537fd447e66e999ba3527e1b7c6b7a1e12f4c115d5cc40e8d47cbc6c01b221d31cc618dc90302047c435bb500673065023019fd8303d89dba141a336b5b0e9136a42bc8defbc753a174e5cb5c7f02421f08caca2990b9699c47f7613c72549a0fba023100c409ca3814d0f807ad1bc7607197b026fd3afe2061a390d8441a6dbb2876db45c1636dd49b38357ff49564753ad441320302047c435bb500673065023007a61e7deaa09399ec86f7f0f9d2ae53eb2be4e768eb2e695e43b59336418cdaaf8a211b0e53f73c8dcbf542baa76821023100ddaac1e6ffaa24997048bc9b0a1c786ac550de59396f3ed93c6718a75c66b170f25c81780b26dda06227030cf103437d0302047c435bb50067306502302ab74c7e1ee5973dd938a9776f4bbfd7f4b5a24daa4e30a424d416d1262717b41506e53a218dd504e24bd978588909c2023100c564ff9524dcd3290bb868482acdecf69e33c5a202fd11144239b3c588dd0924ef3d1fdb7eb0c7f3c44de3d9de41f7c20302047c435bb50067306502300992a42c7858842bfdecbef84398206e0cfdcf613dedefbb3cc3efc82239756e38e00f60cd84738be64a03866b19efff02310094f582880a55f82a1cc5e8e958ebe9829d111474213bf4e0c5dbe1b813fb6639f5577944ac8faf02579a5f6284070a320302047c435bb50068306602310084a65049c3a1ac8203314b82b9583a975ee712fd1d50eea9df91fe6f6d13a5f99934d3be23bdf7cd092d7460666bf2b1023100973ee411aa59a97d3ef4ea28ceab04265bd2e7b3a0c42a0aeec9a6a6c8e55f2b9b690bee7bdd501837562af81ca153a50302047c435bb50067306502305cef4784f0600e28b9aad33a0ac2d194d3788e50cbd7f93029480d5c9b9b4ac5674e4b7903894f26e7b4dbc2990c6a43023100f3cc365b461341fda40fa3d47118aae971a337f457979f1d55fdbaf31bf18a5b9828615609bc661553e259b1454ea81be[U U]KOTr`swÆq6@auzx>ż>F0"*Z:e޴;~]]:tb2x}7?5fJ{M>\6 LN ϷnzP]^͇XBm%`>mS®f9h^pAp?`d  @ $,400 T0 0 t0  d0  ,0 000@##s#(89:o>?@G0H0ID0XY\0]0^Rbdeflt0u0v`wl0x,0yI\Csssd-client2.9.32.el8SSSD Client libraries for NSS and PAMProvides the libraries needed by the PAM and NSS stacks to connect to the SSSD service.eRg&aarch64-03.stream.rdu2.redhat.com CentOSCentOSLGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxaarch64/sbin/ldconfig /usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so 20if [ $1 -eq 0 ] ; then /usr/sbin/alternatives --remove cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so fi2>F)@%-% P h(@K G 2  f ~ ;  AAAAAAAAAAAA큤eRfeRgeRgeRgeRgeRgeRgeRgeRgeRgeRgeRgeRgeRgeRgeRgeRgeRfeRfeRfeRfeRfeRfeRfeRfeRfeRfeRfeRgeReReRfeRfeRfeRfeRfeRfeRfeRfeRfeRfeRfeRfeRfeRfeRfeRfeRf53f74bb112331cf28aae162c9759f806980eb241ff099fd6d69ee49542e43eaede66fe167e749510bf997bb0ac98257584bb6f8f16c017b1555f0a8dc2de308463ff1acaf94d16642cba856d03297028a2f241a75b9449381de7e580974b7300aa58229ca3b8538c1aea1c30001a290bd6fdc02f1f7f3249b54624322c5ad4f44362535aa390826f95daf1cfbeb72c424c9152ca18e5ccbb324f105df4fcdfa7d3d9ec9d8755fc5064ea205ddb325a243856cf63287f21d4570dc1283119f47d80f33750a36cf2bf3120f0a5972a49fa2ab589c7e8056b3e8eaaf878f753647b3f3b5a6a63e54a1a7e9fecf5be4dce18ce42b135f18741311272dd9d196cce598ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9036c57f43c939054fd4b831f271a14c97a488c38f98cdda5e887c5d396e3b3bc587d45894ae9b861b91b8ada1e62662bf482a92f6e7dffbe8e17a5615ea6af0c50b1771dd14ab3db68a23e617df8b1437200af24f2093c70574595c4f7625a54ab0cc2b914a1138271a6dd8a36b45e3208934ffc77a04f548d53f15053abbfe36c7d9bad4283f1acba2d90c08a578a40890c27dd5dace255f3a1b5fa81a5c8416b986cbc0044e549cfb8493f9c95738c61cb86f45af1c5a9693bc2773add2e299a21c42184762ae6666f5dec83a0b6223e4d30d7451b7a4a5641cf1c0f0a4a2fbc13ac8e03ea5e88193c47726745e90bf716ece393820fbfec32f86e575a5ba920c3da079ab6934c74446fb3a04ded58d48e1ff559db66edc3ab4a938242033922c1810545de1c52559aa99ae9c83d546a100aa501b07217b253198e4a3d86515cda966870b0b95d451c8bb490833f61bf877374f4b2b6b22c5e46e36345e4bf6092ed59f8e7511fd4383dc4637e9676afcce49393eb5637c94e60556c35d8729a87db4531e938526745d953325cfe81680ea282182de5351de5525036023a13d8298c1a78555c833aee661bd1ce4975d86c9d50dc4fefba191b3d94247db815ad5dfc79a81f4f9195faf7fc06342f97dbbfd690a4108f5ff5edcc777b65c40fe2f4c68a2b89487ff4e62dcfe70fbe7984a6d2864058bc5aa1682bd3850f3b0da374c67f35eec4e08493fec7cb765d5626c3c6d7df7eb8f7376c4a0f4c8b456ed9f4d7892c2d2230e8f91673573fdf986b8ad210346dbbbbd33d026b5b33b16f72../../../../usr/lib64/cifs-utils/cifs_idmap_sss.so../../../../usr/lib64/krb5/plugins/authdata/sssd_pac_plugin.so../../../../usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so../../../../usr/lib64/security/pam_sss.so../../../../usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so../../../../usr/lib64/libsubid_sss.so../../../../usr/lib64/security/pam_sss_gss.so../../../../usr/lib64/libnss_sss.so.2@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.3-2.el8.src.rpmlibnss_sss.so.2()(64bit)libnss_sss.so.2(EXPORTED)(64bit)libsubid_sss.so()(64bit)libsubid_sss.so(EXPORTED)(64bit)sssd-clientsssd-client(aarch-64) @@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/sbin/ldconfig/sbin/ldconfig/sbin/ldconfig/usr/sbin/alternatives/usr/sbin/alternativesld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcom_err.so.2()(64bit)libgssapi_krb5.so.2()(64bit)libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit)libpam.so.0(LIBPAM_MODUTIL_1.0)(64bit)libpthread.so.0()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_nss_idmaplibsss_nss_idmap.so.0()(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.0.1)(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.5.0)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)2.9.3-2.el82.9.3-2.el83.0.4-14.6.0-14.0-15.2-14.14.3eReRd@dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.3-2Alexey Tikhonov - 2.9.3-1Alexey Tikhonov - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-14070 - sssd-2.9.2-1.el8 breaks smart card authentication - Resolves: RHEL-3665 - Unexplainable error "Unable to find primary gid [2]: No such file or directory" when SSSD performs lookup for an AD user- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/sbin/ldconfig  !"#$%&'()*+,-./0esrurururusvsvsvsvukukukuk2.9.3-2.el82.9.3-2.el8   cifs-utilsidmap-plugin.build-id0325eed164d5d8c67a8296055f9a9b8741542fdc91d8999597ac91fd1c6c4750b87e697349593b12a13340bd953a4d485fed672840493246c4e2d875b951d0230352db57e935fe114f2c9a1fc56a7efec96cb974a4f0cc3e001709df78c7db805d76385ecb6c9ace1058cef61c2a149e7927cb71993d33ef85b6f63ec9005ece89dc409aa874c50e49475cd311bfb7f2ae1bab99cb44387874eeefaeae24cifs-utilscifs_idmap_sss.sosssd_pac_plugin.sosssd_krb5_locator_plugin.solibnss_sss.so.2libsubid_sss.sopam_sss.sopam_sss_gss.sosssdmodulessssd_krb5_localauth_plugin.sosssd-clientCOPYINGCOPYING.LESSERsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gz/etc//etc/cifs-utils//usr/lib//usr/lib/.build-id//usr/lib/.build-id/03//usr/lib/.build-id/91//usr/lib/.build-id/a1//usr/lib/.build-id/b9//usr/lib/.build-id/c9//usr/lib/.build-id/cb//usr/lib/.build-id/d8//usr/lib/.build-id/e0//usr/lib64//usr/lib64/cifs-utils//usr/lib64/krb5/plugins/authdata//usr/lib64/krb5/plugins/libkrb5//usr/lib64/security//usr/lib64/sssd//usr/lib64/sssd/modules//usr/share/licenses//usr/share/licenses/sssd-client//usr/share/man/es/man8//usr/share/man/man8//usr/share/man/ru/man8//usr/share/man/sv/man8//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnu directorycannot open `/builddir/build/BUILDROOT/sssd-2.9.3-2.el8.aarch64/etc/cifs-utils/idmap-plugin' (No such file or directory)ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=0325eed164d5d8c67a8296055f9a9b8741542fdc, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=91d8999597ac91fd1c6c4750b87e697349593b12, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a13340bd953a4d485fed672840493246c4e2d875, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e0d311bfb7f2ae1bab99cb44387874eeefaeae24, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=cb6c9ace1058cef61c2a149e7927cb71993d33ef, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=b951d0230352db57e935fe114f2c9a1fc56a7efe, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d885b6f63ec9005ece89dc409aa874c50e49475c, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=c96cb974a4f0cc3e001709df78c7db805d76385e, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix) "*4?  RRRRR RRRR RR!RRR R RRR R RR!RR R RR!PPRR R R RR!PPRR R R RR!RRRRR R RR RR!RRRRR R RR R RR!RRR R RRR R RR!utf-808d735dbf64fcf98c4fd1b4b4b977abcdb365be3a4bbce41a7d4f7c07d9172b5?7zXZ !#,羙] b2u jӫ`(y/kӡ8e[U> SRŚ5D7WI "m16qiHNu9 +~,v=Oް+fl/Y#R{TS4 ? סQ_vAc" ڦh |BJu!uD ݦy1 xئ QU9*>*壂KrA o_WFBHJ4=3dArl0wo?5ӭ4bB;ƍ5R8FV%*s/Ce*L2ȸ{b(67'm)~#*/ikĢiVx&'vE..7z#bݳZxGcDLD!|bNbn)9|MؕOkΘeVMN픅Qi#p|"ܑ isv HtyR˄anN*(3E53FgoAk$ig;CN8TΝ2KR/slqy*<(BnpThS͉ #"lk$L#*0#%OKK&/c+]Wxu<)Ef E{sp4G/RL3@je|j"Y$t!~q7빛Qkp c C:FxF(ʎI ԹVуŶJ@'Z$d|1P<ԵOk>=@42H0qlX,?k;:K3!yչNܟ郗JiNǥE A= [գy I-ؚvN65WqhVg#{I7,;`zhԝ1AlyaJh傟wPQE)МҠ͍Kh&p[IcG0st%V&jҴ"̻?8{S0!vVI"Ӷ\YJmEpN 偗:_>bSbdH0}] 70LسPGPu1uۃwCbgOB Kz1Lπ|JhRc>H,6fx -سU}$g=^}4AzZscZvJ`z-L!qW͛Lс"囅,ed oNH̑NtjU4r%pHM?c/U&" ŏ+L~DX4y %6o{@@'Na-T |Od1,5#K%ҭIF A/UZEک :j%4Tp)>`^o͝٣Ȍn4Zw@Ͽ{k=8Isɢo ǥ"&\c'bp^Fzeɢ:YN#{,o?:ŠLn?h*0o9crTs4AvYcZFdؑj1VR3] soi LE@Ò71СsSL\{G7z 'ĽbS:a?OHwx!x^%98A?a`۲o`]Sf3^98ej_ Yiaoi*.bo&!{*y+ v1Lzhِ@~E2ŏݮIbl܋!\Hcao)l x:ar"vP#{ 6m'1jNXWp7`܄jW(JW a{gٲ[$9N>wM\U7uvY&1dz7Sۢ[aY&Ya, Bj'Eq[V1mT>_q8pM$)vA=n'qrB_HՈqلxT2DhUՇ0?T+ڒ>u߾|cs഼ɰ DurnfAgtBE&8 F ⁨qq'x=' .QO%hNrGkY(Fwge(v yMsH>|eozB-bkSYQNi7E]Ԓ+<|[W2a``c~&N5bc(à N j<˱ MH)xo A .y{!/D%1ӊtc4b1yk R㛗p̲/<[]8cy)fgGw'WzD?8=C`HV,8 ޯUi9s0j0My[m:"b9qǦD( #XXlAG PdICp5۴CC-j6-A 3ˣjAl| sP1s~V6M)7ĕzd+,oq|b$2!;_>^_jTC ,,Gẏ6q]@Gy#@}$!do`Xxfw#kddA銮b% RR ȽhKBP>!!$kS 6Hw/hPd>2Fdh\Z`p[-BRi%aqkÍ8Tɾivn Mt4MG p#lG{_xg+43n)}j37ѡy231myF NSn9~3&rQc8jY6T*kW^i Q'rU62 Zuɜk:c#&Z;T}a6}ڬ556W9O |@{ >r'K~ ĂX. $!MԘ,1ĕ @>ю8|ʍD &*+!$)֦#y$OGc0:_ZҬ`kGIIIoԷgPՕCڊkSt*wȈ\_ A߫|;^s>@kv&~+eIS@!aC<@HK 4nY6I`s޼'~X^6k̴Kʾֽ,FImV2+J+.7uB]o<rG oMThRa*VsJ+P HRBQxy& 9i6vR)ٟ$,5+ŕɂInّƇ8= ؜_T[D~O9I u7&^-Ɠhtlz\;hEȮUȋqۺΠgtZao_N/#Ҫl_C.~D]S,?AZlE3Gml2F o^_DcMbK[6\DQ[zAbqj3Nf^pzgZY (UA޶*Sc{AC3AwHԐ`Tyx]Yh8>x14ڒ[X {cJ&V=x] oG 7z懘: =iedI+GYm+6VMvǓ# +f;[B ~Z,߶iQJJ~Ǭd1wlWؘ.\~=A_aѯS;|D[6hRP?<#Tjx[d*SeRbQ5MiI0Ǚ_jC 7l~vg={W5@䕄6dN%Eo/ealaIЯ{Y]jԷ<8ƝŸ;n7 D²Fˠv+% _XmW;ѰU7ჸ2DݬMGk̝׾/!EeS{rRjS #ڐݱ0j$f(ZwXŷ`bϟD|T6n_6KtQRANM(4Cw*bdvZ&Is h%췎ѕ4ZߚEF) <*SP:!Hf!ۖ]#2/X vc{"y"( p4HFJ#ȂT7Nl=>i _I^b[DC Qg̩g#E.*S9j36)hx;cfq,mZ/ TQЦ_rLl1 o3h=?749S֯AJ:d]0=x" S戦K\%曽F?Gwf!!ĦQ*p6տ,`:s:I7FG"Y*;V|dp ,1c OUꟗp! .Т4طsu8WXjKwٝgB?1*JuI#a\^;Fg<.{.3zUF^"g-`EwI=_N<$P>\^:όwK܇kH  1sdPא\,=ԑRگxU 9M歴KR"@&9?_L4I%c\ٷ MZj8V+&pceo:G÷"!d[,N͕,B7J,$Ki1xcDJnz:y H&P"NE`qad7&Hi1UK` 05LmXYjZ!d2~񸩐(قo&8s Î@SGO;"b4_0XB$$^䪳7 ?4k`Hbixeaޙybl0XL҅Ȇ, 8W 7}G`kMySzUmud( PyC|ZDSB+$HөKd=8Hz\UTx}@ugcJ=+7{V,QPVb ZnwY)xh!DN7폸+ &q\taK41-J55R$Fl'g234? _6cJ_C &3atPƋd 0_5YJCUz"ݐ8{\NMM4ۻ^i9n_}h T[74j0sCqϼ< JHcwnEoŀive e7l=-1xjUW 4aq+9q3F!l'?I[w,d2adRvESnD_%kB̵@oqf0ur[_F%LԲq=[Ndum6'0DwCS)i7=~^Oڤ3en:8:UNiaQ8 `  JlM{~dEe@ (m">,EB?1ٝipdkY!k-rh-Xuj g!:lB1Єβ|]J:o`b⭌NIzFȉ7 Os~,lzo #%f୻tR7ATBba Այo᪵~ Fj{s< mGt ^e.9E\m6gf9.`>9kB#`vVjƀ$ba[>w:nL& FMͭ4ط09y)0zLu[z:}4hwTշ ȷalx͆0=)g8kcv'єkҔ B׾lj?}cqG#n$)ڐo4{fߐ.Rv.'\p44%ԦvWn8.7K[<l&ZQj ;bwwL;z7 E@Ӧ܌1EfKӊd&tࣟrBOu5nL O>MgJ{quW"TпgDL*rT>ÅQA渮"dָ\}/QVgE31Slj%]9ViIC[iWT $r0::g?5')3Eoa󲟮 ̾^Vk/D|;,>Pb$n؟`h6KȞ^D.(2 ܊PZ7]V(qU@K%8ܨCrXZ:l0a{\W`#N2U3~Xđt34X!*?4m9fނ qQl'j1XAٚ@GOmչt'FݵS , 4w4eEѲRqKDZN>ֳDEL]ff >&9/O#eG0B m݁05*U%^lut?럠^,`9H&i\dB5N*Z_ۉ[9?YG~H`I(^/q{XGG )[R7{E=H^m G@o; wpJ0s9(K+K*|ʷB4>E~yehP.;CŒT/tU頢zsWY.ܪ74kyXtNB|% K,s~$=B|XVIaN㇄-ˎ8w ɚ"} czȘ_. Y9I,MI򣹑n-aVaA;,w!MUZyPFҦ+S٦P<:3xiK-z`. i.w|0kGyU_m!.O|G>MAO̴ ΏJ2Ğ+$FHL OoPZɶP6|DAdm5y!D >ߜ OSlJh&r9?,'8 ^m__M L (x,+I yU O4XWK6uZW*u{mBʆiSb_3ȈqQ:bK7ĶخN@7`y]QO9?\QƭW;#gfT-oQB~&&% N%)AF#:$ Ga遐=Oz,彞lҘMJڞӫ{껒g<);1c ܭ?Ǥ|_5F3_92PuOqAj>&7&%n1n}f\ O] /.qE¾U]xdަeh[K KW$;Qݕ"{A.C`%{Y [ya'MUUmV$y8QHCR䢿gd X{nl"́XwZ `vGf6&"fσs5g!"X;fgkv .;LBV7욌l(]UW 9ECWˑgn?zev*<&p6Fq} HrKz:'JoGi*۟v0 ^"~7玝L ټZeu|VL4_S ᎺJ* mB[ζb:E<1Yw 8L:ˣ+hb^v[K$8?jX`-#]TX6VykM}XB=ǜ:e)WTqF- { pbJObHP, Dō`n[D^PүH%3JK[`igja 4itEQ#0['nX cM,vsf=:86^YI#ig0T_?;*Zv_6ϊ_qZ/~Hq|d{V0Ho"zjyO*?#כ}.i &!M,_!Keǎ-}w'+TNlYghl. Rbvu”m@\3&.#k3*~H#> 7HáÑI)'lBH[ HmT=-m"(Q]gKœ} ?~!B|$UJ/N`h) /Awz|P>6'|4Q-`^F|MSe6[;OMÊ闱Fqw \li>!:3dW5Ju7PN!vmGz] -v(IUeO{+_S0bcЧ2=!Y6LbN0ٯx6d,ujZ!b_?F1!Qv6*.ĞΊ]A%:'3?5 {`_bܕKY\x&G.:}Q<ݩ-+VԜc<"ib83[s.&ICRZS#%h{b,rvZ2DLFcف?TGݬrEa)u(إxw0 RHԊo3gH^\Oż LO35-P[-[3߮Bb5h11-syc\5I)s t&E5|` =u/C* ) -7d/@K* yD⻼KP{KP}a)+h!prOoxp\$fG}M6d$Y2u+6"0E-C\j,-or0#OC*`WTv_ QEC ٌ:boc= \wD8%[rh[t+ wY'n vR9eh%Lqj Nn#S};&0ZPϪ.Zg y?OXֵ1;b '%3\euG\ p-9j'4YM=5mOI} 1D;tl#m &߇UzF|3K.;T7ۊ3Azinלg}M\e$:(Gby"v ́b{OIKOr9Mк=p>H踺Rr7!.&NA q]j =ܭ43SaGس+>Ja9}\e3;=-lqDVm$oĚG)LIOĢ,<'RMpppݔf:YbwMkrgCԦ-|[r,PYy[nA 3pgy_ˉqM_"pxrӖSuǖx .O(CP&kWЊMK^^7:0u.,<iF+WŽ-wˤm(͙Gvj#tHxl48}`:;mz|0QjiI fR/GL@VMLg#L//jd %KzO:IWBHDQ)w> $,,lydcwlle<[MbLɦ!WrېN]UTݕD 'B 046F\bT3,`Niv |tV}=.V0#2gwl߭{?{P, =:vCI\E `7% ,o&o$S2^+ R)?}B#S%O|{3N[e(=Rz42' ͻu)ʆ)h_1xi}b/Ǘ9Q+~GHLW*U9p@xXzpJ" 9)_spCKM ~c#CV H-|/K)`l\AIh,Xkb[-,X /Kevo"/kl+6yBE{w,=8ePFᩰ(m<?{^.ٯZEl@|bݺ+%Hŝ"b0 0c8?l!:2J9N&—t꺯ر2z^G1E(^Vh$Zlaf;O+#VMKI|9^tb&2G=1PR@AOؾa:`6>|n3Hx7I8ycwYz3kQX%I9$/+,c!A%E=#Tu7#Og[A#is٠P` J&}83OH ̛2R{qB8 a=澭5_؇C;{5L/ Q D ~zIj a5;7r I Բ?FZJ=$Dڶ{7fAVAl$2ɣH ru>BN,ܩRf:i."Bm V 6w>t}!g򥘥*"\X_{1u2ݭ*Di5amZL4j24>S9z}cD̨."u`1Q]{ٸe!~mtF7#vlbT;_8њH5{׉h 2&6v"n]^ރO7s 1qQz0d )mNx7}0 >vNotd n13EM6+~P[!7?&:l*ffH((هf=|Qmdmm'R-.:Ku%[lCY5ht}=~#AÆ\Q4b:$bʯCR9`P!M ' b7)u84QĥV:)AvvE,Ci.?I l %gRoZg_J8bbP裈bM] 4wmH#z=y3 X+ MD!ȂXa pIg3}zm󒹕L63:5+/Iw돦lԤ$ iSl+K,CxG N*')QP,v[fSȲ/iJxU HNq/E捺K[osG YHz:8$#ҥ%Ƚ,n \!aEIa) v!e3bC-6M_$G> # @NMv`KSo…{RHCRMScr*inm4>-mG6`ruK;SGsEd¡3ܤh9.SQi1nz9}w$kP qP޲ll~zXIڒepk1/kt|U.©ӄE3wWwU*gcԕ.͹GtiĪhler:qaDu({s8up-eRb* xfWfB!#\Ѻz6r _Xy8Ng0L;#p_!ŹLXx {Q5c=|Lq)#eсGAV8V~b ߷QM9Q@9|Q)pVp@ ڸ >Uid <:rL GDTNû hM0 w)Y!Ϗ$)VEuDp@ d5?IpsqfCTa MOɪۤ3ȇP7Mha)pؤ#Za:QI $X"[Q: ;ZSe7?K7` }-;AZxcQ2*`O SH{N86lb\ؠ-py[:4eY FA[{gJ)~2U3JVhXLml&LሉD<*|R/WT_Ij#ØA(Y 9c*0b`I@v$@&=' ڔRո`C͍[F۞Gͥy-3e0ֱMtzCyqĶ<_a`vSlwO_^L ЍX%g)K և \)j&Y5VB7$7ʵwFd,h[b/88 Y{MrU;m>j/m,T4"Bk`z^ِK}e0RR{Nol O@t9QktjK$sؚgF lIoH;/1{[b;wNpǽB@.H{@=<ŤMm/'k %v<_;Q@rԦ;&0*ld )x7$9("Bdg43\Qe[?yٲuԬ*-AqO9'qkH$ xeHO7߿l`E@;ϩfR[cNB1Xaxϰ0 PR XM\\H9)akӬ3f Ic߂w.UMHN3nRRi}D3pDj SaX݉P>= D%ʩm2&8 x9w)W{4'Y3@è{qP5g'0 r;dтN#Ltp~υ>ؤ7;kg5mzV&@s?=%&7PExTã+|4c `'5#@+֠s1+ODNW(V~-]EA Z u™j}gϣhn˫_rOpëc*y\7^ߤ|#ʹ fˍI2W_/1**NJud]`'&&UEwOKgD`")~e3[\ DFhfck)AXBD_'~u:Vi~JDWۉ *ȯIߟZT͇3`N lх1À0X5|'ߠQnr1SLh 3sw<¹¿SpI/6ˀ>66܍Gj|.G"> %qhiM^W\/>,&>яFD +4y:ƿћd@y#n(ڢ!zf)$g(}owpVI2C Y@ugߎ\aZJzBy?k=5~hJç/((B r2Mç砥 {0?gh$Ov. L^~6v炳CK;6REz)QMl\zC+l3"f44l1eyHÆ,OʦyS$_큫t }{Adi/3Ə7<#G Tz*+.a. Ȑ>-Su>g"F*[zN5plN#Ja4}Q'BdB }U\ W@:sȚgO~٩.( kL'1 G#k.l'CvY8E%RY!@~I5vH60ƣ+e:6'Ih`ԩ|*FMd]NƨWKgu~x0&SeQ[@<$ *q]]NJzPs^0f1оKEkF:(c> 'i?];C[RBmnc =2B/IN Iڽcz/;wNڇFpM;$t:ziQѐcN.y}MvH^0 FgTY?j= ^pḾU 36)4u)bYsYXL..#bMXS)BEe>&8.W`(qR^S4-HqԳuɑa*-ŃKW4Xr@/wD|qvG<q5/-\zߛmFs\pA>)%Ј)9Xn#F-ZP!2*PcHA÷="F5 ໟ`aZ"\.4MQ厘W猾[d?,2ݛ.7KQ>W pN{ N$ 4W62 t e̼REEz tGR`qNޙRK, gp" @Ov/(=лFԫ7'n)SMLsYy؏cOdQr)o V~* +(3_~/U_D=\XnX?]8.4Rϥv8H9)QVAF=BY3 6n }~m*ƭޟDOh O%,Et1n==,[ Yϊ=\7ܸȢT Š;' \:op0,!K+7΄yp]+otiuGcT^`'ж_˔O¹O6HhM5 C0: BAZ{,o7q.FOiC.$~$Y-n>-9"=wik%Tw+ҐTG9[a6;M/f@DyK^]_zb/jL!'~}Pt#i/kKM7bE׋LD$?ɢ]6eZ~˩4E36VVVƧROÃ|wX]cMS\ 6fO5dl}n+h_rIh`h 1vǚWwanJ!@t 6,RˬVx=ߐCħUvy{w'u0UK w{ Cm-FP]0AXZ#6UKn$Mw(.sGϒ9*M؏|]rO3BqK+V>4ۦC:i#I/ Kg0!s2εdJ-<ъaI>/yÝvQ:u0æ{>|80Nsv 2,I٩%@ThN]7k^Յdbq0#A 7\!!’f?$"sVP %S !Y=e>Qf/%5:!j {z;v%+j}ƛ/,)&FtkHL˸tW+Te!4:PE{ȔxQ!}*@Nt;*(qg[/os$1aiǣdlIc4^l̊_l!:gGX@O]:K^S~`b8Cf(š=W|3^wn!cجTbMc>)Zyv)MbsjQS :d|ޫJyCD}k亅Ezh[2iEjI$\E(G6Yy}G$B)ޒ+toO@2ǔ-7߳39~J=;62Ålw (x3=@J(9k!,ŷ|[[s7~a@eZ~k&m[.PЁ +Es4))&B x-*n4ԺƵ82s jy:S_Ec1.ʜXG^[ko^0ל1frcgY>ja]QIm2(@'S[thu%܋A΍ _VqRA/JV C 1xH vr(`Guι,a@Syw<8,:11[j3,ZP m+l}\5E38Q<ѕGӶE$+,M5).6Z*K/&53,ZOFUjk${1H3$GHP :Ybاvl! =hjfT<ZBb?ב*e!:<N$mTP!\A ET Tj2ꁃduN-fcakoW5]1LMBKbX9LӰbt0z .tW0X$֌ɓwgC!x}m{ub\Ç08u$WYE}1o&`;$_NӐޜ;%[-ΌT~w"ǰ1ypFq?0WQAVK $Eb6Fu;6xj`\ 2ʁ4E˰; Ҡz I;-h[͑o k}0zC1jbw w wu t&_YhO%? <Α Q%,,1{?ۛW# ;ɐԗ<*Ӧ = uy:G+ufmGG=cPQ6pI9MQp ej1mqHM|%aO%[tŒ{SZ E&vr4ڮ<iBl)|}j}iޱ͹ `vXRƟus#:CKd]-aYoHT{<[W 龼ZktR^;O}&E';N2MVΞeNp_-LX<*vE,4ї'O>Qo0v9׋Dh&ni^A=qJ.՞cﴐ׷GuZ]G>bകrS'6H_VF&m~n*AƑKYHxt}|[q[.MeN]L;zWN~I.F~6rDeVX:`DJ@H@,^𼩻  CYu5ER젤)L٪',nUɼKBxa/V= le3HH#\.!f HQH]Dc1U{]ZD|>*ڣz#!iϠ-*H!gǛ+>H J %؜oLgz+4*b-fF05 3"tZ.^Dޒsqj ʢ#n<>Ctq"#{Y _yuf!G,\t`Ve: WV(qGF(Nxp0ŕD@收˸ED #pQ4Iq'G)$n2W3  @^8w-y$CE;*`q/ܹ"M2M3nH)0 sܣY|zpPֈm"aMkDQ!@'u0wBT{<.ooLk Hmm`rCHj"6~^YX2 CcJ J!@H3Qkeh2^HE69Z3^zꋿ n=y558RC4a_WT_Ւ7ʴ_1!N٤p:FkyGPM0LV_OÉktf@v2GMm3+.Gh$:"RKXA }`5_ԴBI[b%Yidp$!{/_I'{KA'XZmM ^)+?}2 E #ξ?;=')'7n6;.kbܷq2cz!;|mQ@n9u'9cMt84AR`f9csWz)q%#TOupo+`/$B!Ĩu״=),Rэ(tա]*TQ KQ{I \Li/P)'|`lS9L_:͗:saaZuH7ѭ 5.F)v .,skwFncd^@39* 'YSsM`|h}KOV4FGH"X*m=^N2&BgQaHw嵦8KɋC/ũ*iAl!ee퇳%ITi B:Fպa6}'T[\ 6Y`#H&jp_t}غuOHRn īӐ|^J~؁N' % _>_gP%BմI| L v*L gh"ymHhsP402z]] }鴟B,OIB:7C &˜Qv `:s :DsdqZ;^3Ayecq),55B/(Rh$$J $iU{_WȮ۲=X=;LPo +"&2g{ QFn 4h[ _@z&t8Q#C0F?-Aٲ+V7 y y6gRq*zӐ\dwHc; \!j%*^i+MuoB6FpIk4 ׮$*^* ! Ws~392Z^s&Ma> 3|Ks5FM宍3 "̀N83O<)M 8:W>vysګG#* .,|ģE9Z\)AW,v;]kTcl`xeVB(9dx& 3פ״a(:䏻[ g1P3 3R/Z.H,i2ȉ8̇Q7^,;L' _禧18ZcTbEZf-y=^f.zl=0 _FA2F-.T{pNm}wFnU fX 6_92Q}Fgf_rh%fcvND}ֶvۨʳ5@;$֨M^i:hTW~ (Q $ k˂n|n^[|SI { ū# JMxT ĸ14voȸ;mJmhv2_E{7LUVU& B΅ԠF +4|eDk5Z<°v-3Jd^)5(YnO}^RmS1jj,!žc\KMGyC/bQ׬j {ҔDj&>f/2QĖ70$oFߝ30UX4+ɧ;V)s9ZO񁱗!) l*ȢSbs?\-Z깯,YJ9%(uƥ&4]4A~gkOX _E+P7U\&|KL%` u(Em[3sg~:4S:|:>SH16#HܑŁ!P%񤭼==:O-6SE+̣_2H;Gi-7N,>G9܎sQF%{;+?[f3O<-Hj/Ξ%dR)7>F\܈6?(. AN qՈHSU&*$A3l Npm-D u3%jNTv f/^~~^1鲡nٽZKM.X ЙS$uq̏5r~ v}8{]@ZbMja>G ^jQWd7[h Wy N_]saR$,#"GV-UKgwc"I.DQ>%<\ y֠Ԅ go:Bf~P#"24%(>CCM*Qz6 vKJ *-d/c9$A@Epkfݗ{WJtuj!2Lo}U9Ւ;5`.L 1kh=&7C'?pb]?;Ae0$7GΩjos# BmbIey1nԦ>E:ʧ('oE-! 5fx9<\bV@|*n$4s|r0pL*Y1ǕR 7a~okH|7FO}EaYM`ݓ \ѣӿ?ѶO̺p6Ng2J{%iUɭDf{ #T;msz vq߱*hK`G eZ9U*}>J R Z q7U4N5(ZjƏ#݃`9!0va nH\k&V |_GǨFR'ʛϘ>3~cT'q1Fƥ|ބPNNzyviw%ǸK^Eo)O]`\N4S?76TaKM U__WWm0ԭ\!Bo(|QD"ǪplxKw;Q>31Dde4; LjTK kD=ɻePJXtI9&"_L:Q~>^Hִ0令o2)y?Ez%qFlۀ3*GD}!*<_It26.xfZCe*)YBR18Je'k|7%qf}1,⨏OthNawp> @lJsۚ~lsV١jq D_H^#ixfPHG+TZEs^pG0~(G@α-SA,I > ߔZ tVIA'Z$/@S,D gIN|[`9;ZW_IhOinx{5Ġ:}h6 gFR 떗 EQG6( 7/+QZŸ:<赕܆ә'su +\ tpaLV7!&* V!RA[g7k՝63~L \iAÐ N<^Sn-P.SI7ɲ ]+#n,VMkZ X+;6C~rIs*/2 ^rs*9 $/N.)pUgY9TVU4^~Yu 2K.y8bh,S4s2/lI'XR2+z eS1eǕK=;EnT8h* ,)tфmN+jBXiJ 6z5Ep/Cfc1E$Q;@lƑ~gi8))oH$ͤF'[T~8 {6C,Hcj;;9j7gpnTrv7d;.IVLzDlDɢO }mirTCU}qKc"t)C >}eOV,w{uSz#_GETrchFw7d&eK!s{ qPs,ClDbI/\K&yjMT-sD9lm/{5:Nk . 5f/_D /fYa*,Ev3 6{-+8:z hw ~#=뢃.$EèڼF&wةaۚ8(/h"Y~^6k'a?o'q5j IɊlUi*6;V*'5prec cǨ2̈ T/S΅&.M }k{[Yt>/CGSȘbL9! ҜA^_%FxzNΒ싸ō:r Bp֢+Oz+^YBk{FLmo]0\$NXTa 6M;NH]L'i5O%7QoHiON1ρe+[j^:K9 =zdjԿ' "0*\rZ:o(4c\n8n=M Gf.hK[DjLR+z.ާ;<6Td܀G<}zWn)bwrIi&w1lZ6f2>3@*JY ک\(IRXI!OnQ+Lb&Q0|Jz9N.{i7rCP)]-\aӜUX8bIu C >a'p* $4rϸz/A@5nZcKKzޕrߋl!'+mw3|Fm5OV8ɒ(9J 1v@'YתҵWV ԶeWif4u~27' {o[ 9~`-բᧆh`2aUs$M $A@ d=K-ICO/Il.$N9搰f`F9S?ʦpo&=wN 0}MhE+%v`}Ʌ–r'](1~4~؜|B} ^rqoSwsh ==uCװ EMuGY/?޳Sh*s|('(. % 0%MQi ^"T'I DlHPO=]3)0rsG> >?(븀]0δ瓂 hG9r/z+頏T.Պײ[{ `j3VYr Z_ĎepPvBكr1fs' DZ6-01CA$∀b& c36Clj~m S۞Ƣ'f ٽl4%(F$S/d fc.oZ g%L O~ĴZ$w$Ia.% ==<MiMIAa]x8EXKNx*Y3.İ<rƅ~k-d;q-9>Z%T>E=tz>06o菅!*uWz</#vTrǂ)r^lQ7-^瓑?o/]d:1Y!ݭw_ wYSdk=G2RAË ֘*s1. ܈}P! B2rQ5\=zྯ6sv j]( Ò0M O_%6]bA@e5G&(l-|lAW'zg*iRMhdA8l1XEw*] 8榬,E_,'H9+A 9eǸdsB\:鿡;<9} Lդԃ8QMwul@U\/>љ'<*o}'ѥ":N!l/-OjR3ߜ]FR nQ$ߞG5%CmN֓b(j/>Z=cҎ\TAmeQqKKJV?߮W[S}2sJܠUYa}Вc 4mce6zj_g @&&6g,985gt :庫.`&*M hd'ɦB~_\ʰM2Mq J|v } _)A@#lbaVoVXX Ai5uJ<(c&񼇔"B2҆S?a_~Mͧyց>pܼ43˟JYU S{zuRxo(q[+79xVђ6z$KLد*H66oXB^y,Xn!%E~g{j龋:OцUoLp/}== T>j0n/ZsMAI}ea ˆ66=o ECnYC'  9m~*ނ 7먋MHNẸ[=Bh4a"T MHܢZiړ!viEE8{RH$Obm4Xmnj쬛Y(p 'JhzAD?7lc:P72Wjr# -]R҂tE*GpǼpcw#^x,U $3|z:M=h+hCT`vBq@44M³)0׆G, u2}v~42tO^W=GqKUMtTibh mךl3hJ,rg&~.(ysl7tw*-5FY o-ZgP-4F R9) Lz} &8F+Tp4_A1ɇ hNŸFR0jAyCQk]4F+-Aq6۶c2/Il0d㢾9nu/jlA> Kak4z12"'4XlQj˵;D hG轝:;i~s-6nBz_Bk^"jŸmuLjT'Nwb_JLy.;v s1_أ2Bz +`0 v9HT^~ 4m8w I ՟Us[EZo\,LV [i$ko %hl …=3+XM,VF7y;:8{f|jpHi[e?9pxshXBҒf&3aua)-В&Ѫ|L %#o+@0b;I0o,sa>o G"3HϬR&F=$ŮGIHum^_Ag>\N_Us [6Rk9ל"*J%(wkXo' Wv0;I !1g:< .="};zFj/"d9ki@WaϼJƲp.e&T+c e_3Cpo{P d}_Sr輬3 ?|R]έWx\lTa%bM7!~.e5NUy- Qq)fW]Gnm(O.(<ɦb~i(3bnJye)72$4OΉՒ6;.HnAA, ]pvfo>NJW0ܚ d{H3pSwge Cb''aM 6C0ZdsDC k$l+cQr#33Sߴ-q]/QnJM!H\>шEtjJ?I^qIFNPhi neiPŹJT{ GuTXeVɠ@0.T'l;FLT" g}C@W뗒3M pt 50@A{--ڹk"W7͙D|]ZH#v z܇l㮯]]iTw 0q29nEҢo(zHemK b/>gAG] Oq~8bFδ(jw M|lc5W}[.}]*Hy TȚW8yYE^`6RdUN!Oڏ{5d{6G=;}rxRݬMJ%5y>/&!k"5 0 .[# /+޹Q kNJg{St]^AkRAU(Mk9`;|Ԛ8(O!Ksw#?XZ=-,_@3:8u5d6K+92LDkPؐ}>. ?FK;}}g3Gb>xMhkpȃ^.^>{D$( TîIsk&]Tb]-鐹  PyV`-ZI\9m4A(&Sw I 1c]i(Z pCtzjzL ?N 70/q\ʭa-Q'#z X2M?>?l)f;:LQ)ul01R tWW_5K@BCfc0֘`|r*՗VQ!lB ;U@2GD ʟcq5 3E`q#>j#b IxvլgXF` 9%;ݴ<6& ˖rw5 Iqe2@Cy?[*.-;YmU_$mt\@TO0v7@O v0K5Ψs@[zE)I'ÙP|5CmV6aAVs}(khvUT<0 6_?Kq2kXwtɭT0238CT`U)G]^W;[P:#J4>N6>e퐅OA TUJ`-@M"מ52jQ=*ec89ZD#9]"e"|lcz4 wCO$^ mzŧp[AQo)R%Ce4bi sr4x8ɝ_,8/=+6J5e*6BUh/->v)m d49mUAbn`A#.վ EYD` @#L0Pռe@1S6I8(xgZpdEQA08˖w`n*j#YPJ_y7/@HGْ f8ĥ{\U]GA5j\~S]낟<\]Xs+}z?ah# #М(A2 \i;yFjXkhzgjՌGyØWv6uojD?Uh;GvMƒ[#ygqTu {2>E&y q R~ULʹ&LC` Xnrq>jrU\1+"؍tK.!Vѥ,Ax9FHs ?"w37vc` LxܑI/WnhahcÔ$pfWFUZ%Q@Y1Jot$%q=4XJXjdd*LqJ 5Je3"ˤ/^w?$)(9FaERcIdJgs9zEѮ!m6"H[f_wnh\g <hsjvHh$#/7c)wc A5ez̎ߢ19K;$1OQװ[*xpt00NңmB Ky*;Y6bD b~=bؽ |Y_!XsXIPs }-R'DfG5+HA,i_ՍV| V%I9?a>E Shwn;ΌEv8x*$aȾdfJ0Qi %(6ٗLW6y GɄ;XQSi16YՃ1*ވ=ٺ얽obLoJN6vʚDx^Yz2x-OU6 xr`٤zGQcm h go² n(XSUknUϗ}McH o +,ۄb&a6ePkk0#"K1tI阁ug{X!yxcЮ_m0"yU|s_5He~:Nߍ>ӻ;rl{ɹ:,/o3^=֒E?E{Q5;y:o-F ѩ>X %/FE1vŌ][]\[%LUwLZq2ޏjv^}5;[(DTĎR/r / "`wFr\Ql-U62s:|t歏%M!V\fq+\2ΐ㪆^\2w:_6Ciuv9G: H\&780]j'$^>QKkKl7W<-d#$3c3"cƢ@crVm+?(=̻|Sr.ƫ[#ΑԬ;p%odLLţ2/uJMU5VToG7[%u,Ж4o<^ru^NLxӏe7 l?D5ݎk;IYJBK|B׽FBM);{=Jįdt] br-O^Յx-R-#Q? ;g"=|gv}aNQnhC".,@"ѩG%[e*r1ގ9](RxA7? o6)ܼ rw跴ϐp}sD$Z:C ei/<ޒ++.bÝ̥~%z}IJ & 4 XS׉&@YSPr 'A z7w,Ho"e6ʟGou>ޅtŸ3?w} l:xdzSЬ)8}tzqkJ ,EgxL @y:&rc~+۪XgFO_~MC;uФ!]endGVl7Vݿsg1pt./Wơ -0p,a$KwtF_ %m v j)}Ƞch'C13腠8CrTQ|uWbE}f\♩Nv6*t{u΃ R\I+ԟi^&%= y)4X'*Z\ XK#ĩ, Id#Ö A/p=ohcemKzq~vW[@iR+|?}k1OOPp]ƈdElIVb,ѝδ[lqSݲ<Px —X/gs232t %?!H̅W`_*^y#) m &'Ez\Uqe׈"K͂=+ .mKj Q"/U C,=-n6~bRu}eCh_}Jn'n<Ï{>)аsEu4 KQaţ>$x\{X"$7^6nvH.MwyIR4s>A&ZЁ "C%]YqA惢GS-%?ҫ8, 3_6xF!WhCi9>s5j!WQF!0Us+9rtM@iv=`6u]iIvBKi;m@=hHǍvž:ŗq,8ϔmC/#+ 年]Taۢ*\(^ؓ׌) OR*ۉaVBpB7yZQ4d_zJBA:jz% h!z]17^ky{yȯCg.Bxn( ;:N!5ؚ}UVk|qQ)Kn`BrkBQr2@X| r'`X}~%0B|Uda2 \<ge',ɥcF8>Jag]mD0v$^6Ki5.Z_>] }'o.݇$9Ni駱G\7O2ex(WV06~8)<66d[h}H[r= `GsOwW aF/8)*Uk\KRxdLv}lO1CV>I[נ%y!o}W:U6۲< 2wl(M io( XGem2A`Ɇq $p#g. 2FXV :<$To. ?҅|%m_4R_9xzM1lmn2U#h}SR۔I5_%/CE8]TGIih [c~ȳn+^!82+w[M_l>4PyJK>[K7v|dNLe1a'ַN e[,A_Qߨ=*v<ٮ @E3^aX.wf6X툁 "nns$P59F4,G %38S{JCW 4ͮ\tb3QČt|8@Js{"` NKuWZtXEqP@dPEw. 'Khĉ;;ֹil]=(;wzonx~ٚUR k [ròo7ʨRY =4̆Ey25Ό(H XW0fP++mz)Ń.f[5vM 4ʅH8AEo;-)YM#46A.z Mm2Ȣ^A58i"*m1&܆ " 'V\@,1 5j܆E@d_@'xbꚎYkǺ$طΜ?) bC'uOx+/iPY2o4=n?HW:Ӎ/8N\赻um0$a&,&[f28c /{Mb/H,p` ]Х2w> ڢUV{W-BVEؤw3]q+$J. }7=Lku0޶hw( G.{'N b' K{2G0""2|-ڱֶ.k1k'ٴ" ;8<1 iXH" $0}[?ՁED܄D^[UJA^{ԊDB%?7@`68U`LhAGG6Qs K Fy?= TôP֝‰[bn1h5v7O_22]-|Ƨkiɴ䑞Bӕk@uk٨*a5̲ /PёXw1FbMWB 4:7~a,mad"O;fڴquSwGANLn?8++8 0rJN$_~b;e; \),APIn2{4'f+w]| VF!Q=&>&%h (ۈmQ7 Ɨ.IY3]r/Pmmu-b>slMd?Z<"R"+S̕7h );8qyWџJEZcM 0TKFar%Q\TMxcݴN84&ӇHAࠬ;ܔf <9y2ݮ?i؝ŷ%[d&آŷQ8\!,O &sẏ809w.Wވv;o0uL!l>䵫uLvL$y̫L+~"9iyps$I{mV_OҪWWd> o+ہ%*x9S171,v@A P/" 91y&@K4YLsTuRbrvi c~ˮ:bKuXh}HJN+8㛐:TYX-I:HhF Y{HS.%q._ލ>KH˜Dɓֽ4J[W SQ ; MQ|S$x'"9B =d&)?\W&>Mj82x2t41XDWV?=WkxWTt1m0΢2޼zB.yؙʓԨaԣUOToɲ }X` ͖[.V5w : (]om{1Ыz8#Su fn_}8)]Vζ(7ba5.eHui^W1Ȋ=ޟNhK~?M*pɷ !1uUlv_"3|0yA1KX2y\LX繿`u7qj}[xT ۺx7"]JAz~ Qhtr@OiƋ C_Y ;Z %֧,6TqZ-VO $y]Hj<_iuBZɂP tf9#?({W$zijlm;.Cn;!&M :Q䈗lj88 VAv:iLWv2Kʳ BT`((Sn*z, MvmG٫ D .cO[?_@a͊Ԟ 3XT{zDT0CoJ?:@74/,-"rjNw]=CTAP(,L)940sTZWmj\5& Lj +P ˶cȇ\g= U'ә!(n КߵYcpjX07]C&1>|@XZ"SUܷaMCN-|΄TsvWkDoFd,>j6xuR&`Ft"o.45qWRlxbW܂@'q6Fv]h7&/苜fo9–p6c=/npɔX\ 9]ݙIuO i >*/&#B=C\RL!_xEmEncjG_jo6+na㰳%=#wθ&2MXo0|!_њ? 8tq+w% ^lߓzcyqA&z&=s5u`,6d6^1Ʀ L8wKDɺn<(^*@o:^~D*Id5`S).GmEkrדum@T?97%.n{=THvW¶;~JGjzLAAN8uhYYJ^g@z *|ą~??fVV%pf?Au`|&Nf7okq &q<x1zPӎ^TTh0"L  BW*Rܒ _=Hǝ S{ernF,aVv <ÁB r-QCSaKtN#zhA@ǧp(_mx:ȱ.r$Yj^?-6~, r 􀦠YĎH~H.ٜ)-ܼ@N40xZRmn#` 7Ⲋ-ݹG@ݟ*'jd3=JL4(ԛAzGGՒ[v3ɞia숳ߥ4sId8 V.JKC 4J5-jkʥHSśXIQu`_sgυaa>/05Q HbrIƠ2|D.l_VOFZ;: f(6.P*X/wc;^~iyt ,‘x;6AeL?CjkgV"tsZkR4?*:I$:kxJŋŴ6)*J5` Lζgߜ|ohYM;Lw9he_3l13 -LsGygv"c,P'ؠVKCAW{@c,@OLuGIp8ۍ#6e6,z_!e}di}OJi0}Vfst읰Qs4d xAkB]1#0B5)leC`OdbIw4[ѷ;UzX(y!LFDэ*8NgNw  >0֡B[. `T3z;!}VYqȀO&w=JxLA'Z*ˉ9+R>j,`ߒĺ]1r+4TP#ރV? dt"_8S%;=frSWHGTtxhe> aCl sh3NrVkMD}g,pyލxczu=Si9Cӊl&k:Fqƶ`3 򮶺?ͽ=s{p^Bd{LN\C6jS6T<8–ݹz Sdw)0%hzC[p8c \z+G. Zxͭ\|f"k]p^raA;ʨ7U< Q;nfFy%^h#. a_lӟ,TE>{6UnqZc\CPK$$3L^еkZZ2lL o̅1pe@(h"8~Wf,[_qh|qgoss֖?M~~ۂgv ō;f5¼2 12؎w/@|ok6_ L# (d7y"B?)Ns+ pd+x9_VF@2^$){^]/L'O(nzn{O)C`C ^[P32YC+zĮ[0 ZM&y#>8D蝠7VI{L3r)ld]7*SzꥬD)@ ,:0)| Z'׼B+\UE HzB#`LtrpT\_qY|DaIJ@dXk]Qw Ory$}+OX88ސ'JT_Ő!fa<=6 Suc$@w(ʊ0M"V +"!Ny'K^+|UHù\2|"FhLdoR8t\H5ER>(@jLDT~~ɋN|bϔaGaGfхB2}t^a{2J%r ..@񨁥%$[Yqln3 %2V(,sӉKr.-#)py qSM$n軴&EC8^%fh)¹a2:]B9'i1I}8'Ÿ;"@SMl+ VDuOTRph7,.{Ԡ/ܰ $5l0|DS:zL dȍw+:Eko}91^gߪ~꫌{},V Ke[fm攡ul(W7't5]Tj2 x|{,@Yρ>y>u8ЉRRXUjpbS /rv) l懄g\2o\WKUO^^ֺJ6xEjY8$ŤT'"m~  gF>-> 0cX\M쌭8`ӻv ZWhZ |zdD`tb]džr\<[/\E6P76JKrP42$jG8`kv*w5,E *PDI+`|#ecA䊫YziBqI D3r* qWO ̌ 7sIN3>rQ?=cՉ1)ҽMeٱW21Z]ȳnrŘMun{LT N2ĥ%'T:ɸIZ>J#n!d{#8"|cps)#Sv% %*'ï Cck'-T>?*8O <0Iu&A9ua%៛鴿A0p[9޷*olף9t'Pn$_W>Gq^Fn{`[(o&FF,JwsrNtj.WaJ|~J뙊нD- ;4w@k!B0J#@d(_gDDbMQҴmI$9̣2S s1},+/Ht֥ԍ= G& 89#8rw/Բ5p[=sԌ>lOɶ8-Bu+,{Grl!;c i4)Z;؛+Y.]^ |!;wG.@钌,nX?P$I<8(sQ4fƠsuKEAH)-teOfPRՉd.0Δ2t)/E\!PN< yUAV:K#j_0s~OǠ9| ^RfӚE&:x_Ӯ_)z#X-&8|Jj㖤tSA.O۸J8+/{P^447 Fߚ̇ZTtsM:-6|b'dp斪D}G6hwf1bLqaIh#Gd@Lʃڸg@{_zqcKكLdaj`U`5!8 shC$HgXejSC _"*lX2yZ_-PJl1h,/%a¾jEGDχذ'FBXSpQbV]co59g0LK{ zcqr*e^I!1X 61E"cm>`GX'%1:P1Ƌ7 ^ԨPPiZCcs#;NUP,)-Ύ<Qan ب^~lK$wͻ9%^#GT?LB60ðSVބԈF]qo@5o5MX-lK4227-55cwk#K@6_IWJjmMCI*zvrz4k#dR%g8$+'ܚU wFTv (dc#h[U=†TЁ6a m,K+@= tftpuע=ȣ.ױb~V.I,b`!yo.v*Zf+6 C..,Av|,]ER'_J +߂AbQ|ev g¦-O2㳂VR؈'i{o-`+}! +'}S{hDEFn#{#QJ2]-hT>{1V:L _])8!V8L!npɂB )æҞ|Eí=]:7w;D'zGjCw7 OFō1NX8njׂMSm$Y2.rE}f7-0b"`4BhehTg K9%]!؛mUk&k?fFГWkIYdp^ƥ2'p9͒dY8I쎦}H8 r\Hp'qQ&9.{r|Uu6DjVf]g%˕r #iv-`7ѳ]`uA$:Zd r F<ъ"+bߠx88c|+?[+hpO7^5_ӬvL,=0LPtHjc I59i{Z:!?^JDf*Srh8e11j,HhԱ(Wx"q"F7TT__̎P y6!Kn"_bP<8:n&&G*3T$U$/ ·8 0?մUg_(%w54>Z %Tdۇ6 ՎzjtB$v QQwYx >j4ёYi^6f"DPC7lyy'Zlk#od4 GaDNMX|X ߉l jgRkg.?lbB[tNX{9Uax4s#(r,lZ*=P3!g@ڑ+ع}u?VnICY}s0Y-̒2b$]'cqBK3<ϝWON%ʩxuZ 6>jpN! NxKlabےS7~`0 :ޭb .[{)8ƭ,I#r[/~Q" cW]UzҚ3*zΆNLڛKe,„~շ^\2nLӴ@2[^8Wr" vv 5#r;y>$3xXq|BvXW%@(֛z6+$NԐ3'@XIϓyCt=].u0Y'"2BX@a.Wm6&*@2?}l ?.ؠfv0F5ݳACzŠwpdmָH\ل8jv1mh?{l'q/rmI b/D;qC,`%]Reΐ wD6KI") tV}pEzŅ>Aj B(Qf !]Cl)EY\M 2Y8>'`aϽ LBFC]tAz4\F(FW[ϸGLI_`1o3xwL6Qؕ:d>+3W jw5kX` 74=F'wK2/CQ y kOƞk鰤`x73V.H TN A.e.$Jɥl> Tu NDFEP,>VSk9A;DrXl/QH|gGoR!ܼ" F@^'as¢~^? 'z4ȳZ5U3>x9G‡d0*8E)  C&uD}PJeҧ0g@^猪7hx,@OP-s>1u܍VLl'g^UAJ0*cϼ3$˙AimC1m1NU.ס܆o1tKxy~x&R'v+7geY?(&fC@{Z{P|g,6P0y8O(0뿴Tg0;jьʊ6H7i_ >MĀ0ejJ qJUt *)*,UC$|_GS%HhA N Zhui9@ۯ5&T,v3GX(Y#}☁l[,~oYa5M]5V'|EA%`)jur請90Z5HY{_tQSUdfT&KTTᴥDdXdB?Fpt;OJ|_q3R{"dI!R{)H)H?-ws\>i k0B s`OOj,pLIROHF^b\rIn$D?!XGazS%]L ,ؽ=Db2!Q3QrE;qة̃9Pq~nTn6@qTe$7[{ݕ;`W2qq9GB{뭞+֕>'tfF_Vd1Vo3I.-~ 4pNMM fCOV8ng<(ybiRc2YdIk|irlnq%Y]d1o=j6jͺwߣ@QwBo; ~RH-nbגּ@B}sI:_O_20vI93y?rn|HÚ Ӿh".-Bsb*&irpA 3Q/\p/CZD$ܺ|oS-}֮d{?Ŧ7X>g );I)~cjZX-Hm=I~/?YX-0gutqMYN KB@uzF"1fH }}s킸:l(qHk|F<ϔ;:fī0gUo,( &NĝV*fZj)>b#7ѤG?"0PUvǙ؜Uzw㖖1`#8 $[JǛh /^AO )w wE;BiJ)l)! }%C(ҲOy5<84B bRskn%AG1,Ph* 5mVʝKײz"wyIZ= M206MzKm}X;!U|OyxV勭k\MTN-:J)ǓfDC^_O lnƕ >u4i.k)T]bww%zҐIŻx%氾" ϝ  xJlΥ:g}bs[y hu(?հy"{8 qq( `Zzt^*գwx")Z/+"/8}EE y3$&)7XSѷ@1#!! dhJd?#uŽ՗4XޤMe\^*{wĒ8쐜+ΦvD2y%0oE+#7G?(=~L؜3@ga$|!$ٔK{a9_j7*ؿϹ)Y}y`v,`z|5C@\$4_ΑFq.eƙ T§<)\H[.rwe>Fը⇵_8 @ ( x arb|~y3)f(*Xkxɤ,>Vp 82kTz~n_Ω9(p*xtz5NTS@[_{~RWsK@2Z+Bmp z.^Mb3NbgD?^EkZ[%p*bY(}a?xӝ 9_խܾ?o-4/|C=F^%wq߿E:w fPeH\V[mN)S',H !/ J薏sNYf,4 `;E6Uc eď@D02ܙQ}lր).!*}sܞz&ۀ`&NTmdCp9DoA]c2t ۡ \"{ ᨿŐy!OhiG^%]WYlXP+\vu9p2Ko!Rl_L>&>Y)w$ n8itY>Dtr0SF ~d-OSKqyo'PK~lXR*MGgh͗76:>1 3q`#_>ڲ8}nfj?Z,Iwק$=HȱNjګ##~/Wy߳u$%CdW K,v3=mzEH?v0]LE3O {eY ~ciz"f܊"Ȥ=-|vcCr䤌z!\E65p\稪!06#+⧭m%74eT5G0̶̚%r~!R}ѠHc&, *Fqlk+zIYyK]9z9ɕԡ{ҭ*Q jqMV ;4 YvrknuI_ܙIQ20xG/M߅-_nbx}o=0g? _QULh= nVf2LZ ^94c UaSE2@<]ҧ¨5d}n~*8*߱Q .A ٧>"%?/ֱgKW&s^ZKlz1~!P^(Tr"]fSuAﵥD;go|J/}_4o" Bu*ݔ,A߬>A) i@m% >QVj39\&x^^4^ꃹ L.B!)Bg'3+ s]g[-E$S$̓hWVBw9šD@A0K@< +fAisPKr*-FETs-6[d/5dW0 ?F%?H~J"v.*MsRPX_ڞ.Q(m0/qۦ+h@8ʽ֓䢬FzOe_rᕺPxf8?xȐm&vK0)|)+5>lPuzV`5!E9! [p$`js2kvEIF㖀oZa c 8@1Gz^R 50.m{A:8[Tw"90mLGKXw8Q B$w\D'#KdI t7%d\O pB}T0?f3/{Ŝ/nv!7ד%^lA#,綺|gZߋ _DJ__uSV|݃(*9Q|X2\ Ra{bX{$րNNKt#;tƱj b~ 1H0_hw|M:*f'1-/݃w^6݌&DTBG 'o\Mo\Ta ,;ٶ\Vym޸"j"ߪOOEv|hGD! &[?dS}5豲ݮji 8+*Rs\#;=LN&:&SX}#ݖW ض$/@x~vO,JˑbҶg|`"뚸"c,FtMa}~bL6r9Oz/S< 83YoFgR$tmKd5Ϙ|Z̮= S]V9S\Sž8*@ / W^B~%`K0PgóR44 &VԘܪK<gۄ = }$ U=jnt5wBWlôD)3;KѣM=.? lp6 hpƮaeAfڱ y2}a:K+{%G"ZZ ? sL\SKLӅX〺<2 >%~R1Ii}3k]ֹI`?ܒ Ra%Hݪd(V^Y ɚR!ɰ]2ɇm|"VJY\Vrf`_AyyXOl-rB݌h DNx?0wQHvt=vGpO9 ZFN&׀<42"Dó@܌u%2L>}р|R0 Ll6ydgo[[ƒYW媱gAX}Џ]ޤ߹34:yT:\Mф\_""96hhJ%_M/5Ga>sddgᖳڀ®JEJK`zc$(Ghw,9::Zl#hڏ,a&Hi[K2-a!npbW/DKk$1HSC]313xH. " ʙ, Kyu aw*u; @J"*"\/Q12aI} }ۮ1f;ͅԋ?2Ȧ([c.%4kyw٩gKw )Q8& .M7^{hU|j.hz^NؤJ*~Qů_˥biK'ҝ ,ҙ4|l;,5G wXtD`UUNj6>-WMH^3߾P4u "Hj )] 'ǢcX'd›aD:`@`Py٘NӒ"Mv[i͚vO$7䥢vPϔ>Rڤ0v5вM]m ZPSp33r(cb bÓ hZiߺ0z>_(Lk/"0zi$^Lk_B@7fmxjh@YMy{LׁTQһ>^Ifڜb6Z}Y9h\%_H0)HCK}Xl3xzGQ= H'LeAu0go"YNJZ1y.[ߦ5ye* ϥ!?{ȳ@ ^ˎD"P 𱊅!y~I@V7gZdX@/qvR2hc>\i;|>GFe'&45,or׸,zJX"DELeߘ fp e]Zt)zՑl_IiZ8{ ͼͿ SN/16ow*>b~roQ9֣ki&qK)c_ݝY*& kMK+^&tYB>4Es5>RdJ==6f/$(r/Z$҇\ ­d!$P[ToХF^o;C3=]{QSHڴ#s2 PbG.q ,tv+꼷&r2csvvسfkԆn}ɍdoQeJ䰊4\n ]pb}iga7uU5䇍)P em:Ϣ!Hjc}6<̗Wkd w,t~ 0YD7k\͓\u=e7I`p`dcqwo_1 a|/^FY~ংV+q8ٷՐ hdjrck=d$֫>,kW[qK||%J·ff-^HTi ݺLN*^&%5uTW E;k8/3;O*@ٍP#c,٭lAZt{Fg\oʲ RIBS=J.G g_-+n]H#!g/q(dv`y'o4Yy+=Cn;D@o[;I'N%=#KH=̍}EǣBg%Z[|KAr~Z9%" #@s#xhA/B:,R﹍hrXe %Jl<FG"8ñ|%]+ZZ ՈJE]oLzxJitY}G̯J GV.E%Uy15p<[c/k}pm^G@ l;z yڑE b1Ao`B<4u}OF&uEU:­(L*frSZAxk. yi v\{o֌rǧW4eZv9r7?M>єύ[*n,;Y$cXp&y+_l&p3 j>{Ell9Ӱ萃݁Jʱw\F*?agx,(oL.1(\HLۂytFuPo{חQJC~El9hj^io~TcFNwR}ߊ k|JX\DVkJuS~aIN GkoplYC؄cXJ5#^'u@N DDls N1uN}EcIA[f jfI8,(Gpl)uΣAQAz`;-W%y-3!GΠ4@.ōDokd+BEX{=Oj1j Oq~zR[ח!"b1d\|ڷSspJVvm"ٟ@  gs~Ո Oo ̾VV HRVۺhB*lY/*2w {=`8+Hep KƲ}V2uR>zRēEN7jÎII9Do4%01n jW:X?+lB1X,ZF1rým)SA0ƖSHp y|-ǰCVtLMe|;$tDߓ["قPk #MxdRU:R"SYtwO[񒒞J%Y_OS<..suS #byȌő4@Jr PERhc4k"T:Q ' sX}{倘?{wn 3Rv~ALS59{Buyǂܚ6p4AuED%OSBL]چs_`J?$FK H1 T\{q6wmG>uxx^x/oPx9vb?¼0xi 5dÐ}v8¬աupyw[sq~FCKGqR_=m̕Qte`1Bf+P+ETW6zY}}V$}xuZ4K_:}81&v] EQNl}I'5ؠCD#@zϺQQh.l0.:<,Y8/W))(F|賏A3B Ѭ/rK[ J P^ـ?DE~&@{xJ)˩5mw-8%9Ns#~l3Y{ke}b!;~Ԯw@"/dԴ 5R{4H:RYډyVt~w?6Сv.`@,LNʕC*D,f-{TCP]>:!{FH{oO8Ȩ䵪L1Iℸ[̅[0$Tq{D!]fKo6\tE5a( .2 BC@3;gh7:&m_#:'C6%;[Gˆq%pj4-ky,YxWXE'yx(|01E&Rri+O*,Ʈpa>r׀J܄v 얡cE7 9=)ߴ<nJRb0μ_ * WR0٧=\^%V; ̀ZLXjLK}}! 4" m_,Jʤ#vʵ@Mjݣ1$q0w7SV$1L 6כ ¹ImB0*Phl6}4}d QǨhgJهݧk : a1+ZA_u e jww_0[lظZj㴣rSdcwP ~c+1J~[H4׬z)H/3C ;Dx]dPwTW3Kؗx{I96QT֪׈?J`,h<:굔7e0Ρi.Adh+=Wȕcr[J3]GMTQR*ϳM=ߠ d W&:6`9yK%]ZJۄxu$Z>B%cTO|BSI?TJ`l"l{ Ȇt.EK忌|x\b'4u) @ϥK})06p|vPɧs05[5 欋0g]< -ɶE&|#a,&tq{%2"@S5 HlBc8U{xDiq-Q"1&zFzt:^8uiҙUS/-f]kMIË] pބ^av8yV (LP~ dSx8ČqqZP+H'ة.4&xH ff`bj< H6vK9 NXa~ONmi6al !Á/'@q(#w3킗' WI`{d@qr}XcB5cBOU:l7*no5@\m475m<;,OjrK2iC!qo/D byi~rtѓI<~U%;vxa*G/0K4U q :VtNu,ݾ"-hvi=t*ρ+;t朑VWS{M 4,^ ʦ )2.6.?۩i{L%tDoĽԹdxJתCqޤC8Tҟv:Є͎݆2`o%.@h2'05g*9?/ DVԐwTr F,ao`9/"Fa*tv(6b9ezp^ $:(f|q\K (E.¹;I#3}_tm{#} 56XٝY^;14 Gsf7&3?U{γ 9 xF!cK-KWV] $|i;Ve9τ g <49}EO54ʃIf&=YBQKugI ]Z@C/N8h-虉Sg&igG.(C%6խVx @b:"th 'r@luʿ&//5sE jV㎨u~jb=(fZ'[*ͲEZ3~N>Ձ)(of!5-& Ww$k3+o'G ɍ2f֜q~\FNV)ivR,0jwn=1 Oa(f x3E bIRaO c0}K>'<[-J0-?~;@>_8Ivp==ǖd|jaFD9ԏE]i^w|xʒl&tXaʞ1#3!v/XLZtq9-A *Ó7z A`'?*]rPڍmfC=.V̲soMT9'>S!`r4_B/#]Y|׌yp7Pזcs&H&h+_.j4dpda)&\͑!bɃ/|lN4kLNM 3$0|'LUf\]e> C1_^];&r-ʿE|<8dev_f_Jo67E`^, q.bIEhbsM*VvnJXF玼 :&3 sm[um5Bo0yg#VS^9OyCJ|TwTloIv%BUzD# fEXrק;O8zC0hț>Ǘ=k#pvy?룈?Sa몊;߹ qϻ3o7(Fw.U` KMca_OCՆlcY>0ȋ|<,aM.t0=si#EL*O7+"^08_3n"e"5<\u)%Dk|Bpi5j! H~6*Wڵ q[vE 6 g72 w)'ĤVȻwIG7xEr& mn *_{C 19uVf A21oJ Hr={.ytO 9H›@.Tr]_(r@[ƚ=/g; ej9 BhY)S]_NZW0Ğ}ͼC鬘xL=yYp1R}$q ޕ9$_S84n͚~8W0\6є 7arC8KSL@BTSu>q} 1L"R8}Pf=Cq=~=?X}I;19$z:x8qtD8PZpq^QHmvݣCDD9!&4Lu|iJ$qQ0{eQjɽc]}tU!>jҫEѮ̡vs38IڅM[oR3^SLDHP7\'Dd7Nגٝ O{PZK=[Ha25˒T{iWeD95~X6P!@3BOl0su4!ngg C!>X$~/^.B>.x%|C`HTZޙmQq]4d|O| rdEBb)/VG JkJ$slɤ9"$T^{#z1=DH7:5Jܮp!)%H6Pm GȨ ?eP vECʏY.$5[;c{w_ϢӚeC|1xۡQ=ݒ,=KPڋ|SYZ.SC9 ~zpvŁVǧ%W-G) MM.ҤGmuQAZOXO"nm n#MT.5]!(qH`'mAǘt.OYn&y\F:mca23wXb{\GQ۷{1)qAq4 E& ŋ>;VbLm~6XJ=@"9|ʽ'*OgoKntwL~4Ԫ`=[g{T8ݻ C6XfvPwr+S={vhP:6=Z//%Iz"ړ SmL H.MfnߕVk*^$$y54tq7 tbAg-933S}ӨAQe#渃E?⑏vy@{D'ͅHencS|&|sj%=ud{T`|RHq3V⫳k}ao2SdjZLvb$bEuc],ЪMap*`9ճS4ʌPc&#'Z0*">p(6'B~?ڼnlVW:a,J~)ۚbLD7OiW[0ϯp-}ҾH0~C,Fu#05r M1!T NĔd*r|Yd pX5ꋞaYpjs;;X=\ Y5!: N|va;‰XpDImUX=Q>Қh Zۆg7У 7M, W'\^TuczY#; G_$qD]!ȍ]q&da椉;edH[gi֦W+tAX,=̢C 5~M:S;k\w| 3Q`3& hmL|3An?$Z\jW #Lyu7 !PZ>|kv٧iTIZ&M}YU}#,BB al;j̿͞)H]<""/Ѧ[N_ "d c/ \e +^s ~yJmHP'W^ubp_{cPMZ] ݨvE]F;w.Ÿ꫁K(| mo t[ƺiL ؒr9pUՑ͕¿qJφp2Xrw(, ח;pП?QC.0j#`6d\KYжv٣^٬G%5*Τ -S* ݴu=TƱFf;ȜBAۺ8:?Xz}V)) a{,iS:|:hꔺDۊ>Z/AْsZ)fad8W~жHd%Vܷ1CMbΐ?-Q>Ff:47%X>î>KЦ|\}PYb2@[À~]a$M8$u-.QK<Ŝi4Չ'<)jgm&6q)S>Ɨ"*Y3a/X3ۆTxY |V)/^2uxq#dd3o5,!p<{J]]dU[LvAyERhpXg[N0 (i3UU+VpMjuCy=Ȟ`BYXS^=9Z-^Zg1ʅI5kÝB}"(loV?_~<Gd^i]*:EYT7EA16UN!K,7`nL-+PM!PAO4{B[V؜ Y$=*=cz{NԘȉV#O[P/='{QOA5]w0)O!7BPֹ߷Q+>]t~ ,Q@ E8AYA?P ^50MEL=AQ-W!AeO2f̠{쬕~w Ϙ3Ry[wQ`)ڧs2 U-5MgS{Tӏ&oaE,zl#.mm9ݏ\\f=rx1&u>;RA3m3rlMmh4ng\l+/CJp˜. R՘tSbHY{xizX,|r)* 5+r>񵛉b0$ŐSc$Tac<ȮJE·.D(qK@U}e',_4ף[ԀÊS={=Di8¬jGp>ץߡ?gӫ)X8H0؈}mn ZhwvG@aL{}@YRms3ZH4nP16^4gytފ!ݤwkz3d"O˘11{h$ݦ9=I4ѫ{b*. VCA oM!WKAqW\ bQ(W#wN\S"drN6}5EnٺF@E:,Bӹs} &OWʇi)=KQ،-z%3i'܅X#3;"F c1PPq=.(Z`>'/,f%3iNLPGh:1@[5yV2Ⱥ,kX)Bqǐ7^B#U$ԚrAqJW2-=&+ATg"9%ʝ55rKLvdJߐюdM}\6T51dcI'ݗdP۲ njxŎ}NY&O PdA]={(;OD]M׏ 6zg q f4Ϋv =mnr [5 :9[,z%k'A q*cTӀ=F aLk&So0:DL/#XGf02G-qtP[Yq:>ȭl*߼~Pea!{ЗoJPݩ%beZ1R!ۊ@2!?ydxCK, (fv՘ VרR\l16ξ$!;EBU>01zMo=>U*sDcλ?+#N@8CBWځ 5- 3#ً=:ն CCgǠ6)bQw3vlW>W,_y1uy3&Yf l^eXeւcԁ^WCeK:b#deͳw]F y|׾4 h^ <.HG-\ B9?&>)'/D+V-qMѠq0 S/Yz|r {^v d6 YBX,s4AӨ&PQ쉇q-+5T\7#ZwPVqN|?$PD9;Sndwdk {F2&iMqЈ;|]Jgj,auVN;#7\UJ(0K̓Y9敽`y#i7g.o?xWt2CO$۰HpSR٣ALt3DnΖ^0/ЃXjEӹƯ0 .!Ѳ3ʕn4Pǟs'NA @YF-\='p<* _:jZzn6 !M8yF t5|jAoqjmCp:7\&Fj{L}N BQgmnuѓh +Gp,QNj=s_9N4>jyu=N,?0 `]wL%O˓M&,$qqN/f3~u q6^ &$f| e}T0,ԑ:@T o&#AtwjtvDJ3tRob+-8eNXj>!(s6|v "q `mg%l&f݄Ow=&1m=}0Jz"\O}Y8eM'9g1Ȳ;Z9:l|4a@>2vҥq189dRǣN&V0da'/+Xi,4Szl)U][M64A2xZlNV9seh2B =,@q<x \!O|_ƴ}Ƹ[3*D@ )O*:q1@CFmkajOs! P|Xq}QK}Qu?e,JunJlo:ӥ<HݝMl ]IM+5iFvNg]*cjOjAm[)ǫ! 2*d.IjՈo O)Uu0F"}hfXڿ\}>v2Fb6sc.e&J5iTtbYRq;m†iݗ:>^vE:HO7 NFG$NL0a+M6ekWȇN$Q &CQ;k74%"&h{=|7?El̟F'so{L =R<65NޮlrR(W0oG MVD̲kNrϮM柃N#^A̢H̑Io ,Q/Zz8 hos(͎ ^)%[<R͡>N%Mw2!??h)&-|_Ԟ[c|Ylcˆm]Hkz6r7)Ty^&IIBVh|/؃ώMxw JkOf0E36o!omcoq9X;YYl;^#):i!F0u㣎H1k] SsbizhF6m*C(1D|VЧ|杜KT[<E(vx2$'-H;/5 +&@ EM ~C%]h/ن*`M̾h*:a1}jW>OޢDߢE+OPH7F2NiuSn/m~ S jcI$T{?GJbAw/'cG7#&yOԯ+ʾZIfIu 49O#拱Fq?,;nk#5/]&a^"n30ҺYAGM,DgAe>tU襄=k|r2컮JO4hD̒Xt㡥_E;CDgG(ԣ>b J6^_aL0o}X\Q R>/Z)4&w[A>8s@ДX 7֐BC\`o5ы gG|5}.I5z/^2\+8 jT~V$x]m睤бARs_DB7QI|2Z F0Fo n5DYT/{8Xn"\$,̼q#@ކ6! H25}Qwe<爀71 ztmtmFhJ(ĻVem._O{}$i&QI,[؆W1^ᑏ8o8SrX{x>`meO2IA+aY_/N.[SN}Vv%Ui:2eP'? *||z?qtk~_KGP!0>v!5FaV`#۸uSue~+wǶٸWpmNnʝ~-UԢVғ_bla"y`gydJD{pJصl:K:i Σ`[(z[dNl\LڜPaoDj9j|)'*N3g`Q>Z|`UN@Ŏ T(ϗ HuZX\ *4<*";UP߼6۠>cu:qһYck"DE([/99z\/K򬈩7q2Ej"m9ߎ Yt5Z>Yb=ɣB~S-T57ҧG+y:@rt3`B1,L/z%xnjz+g6|5 ,e4(@gʄS?ΧA4i RsDSUtrw#3HFWffLs,\Xs$. ̢xT : *l [0Zn0Q#]]z&r𜿡6h{7#ӌtJLUbQMcnb)poPu IFKJ2V1̡@c6X$ z 5?q28ȘPZqk'ou.u~=wfExyq#U[ǤD2]ikSou^%?d2u)SzRUYg+%/]Ǎ8!S6DcS,6n} qY˶ei0RݲvR+LHk3 &u!|Eºr- MO|{L;((EkV2,๿+裮.CP7FemfAT]x syHV||H0CA4dX7GbAnguZmgc_1<+-֥1 fWW>Dkê-l!kZyG' y6# Y"7ol'&O˼%&?MNp8,qƞ B>n9Y;)/!ƭhMZ;$ qŎ19I9L?qidJ4J,!9PËW>/eƱq"ñd2dF8׸ƣ4@_L:Q_.wqSFRj$ė;YI:69Twmn7fU "÷` ׎)bA4GS 4NZ 3s~hfbgUmCtFEďG8̤ro ^G^ oTy#0DXSgC0}͏v)"G4i{ NVUb԰Ua)?1 xc D (LcS6e@)0tV..|62`z_Mw ƺ잝XZA mӪ? jpSܚb3t[EpMK$w J&=4Ӹ X_e,)@ToT woغ>`ޤq@2L 83oOi V(?lmjǷ/j`(bg P>@\ri6NMÛj D`ɇilQTΆ!`Uǒ_?_3<۰ky^'bE7/Wޜ !EMQnyGebfor-mq:VEwMN_[㬥 Mԛ@+G5\3Cb1cG}~ rl)-F8W_T567Z&}K ZwﴔAh~I] 5V-J![{̜Gq!~4z#쀜TQClo5a%<>Q//KbZn#%>Kf^awY"4ʄH4K&T9;e{/x?}=))T`P2Hm)O-ߔۍyL\5*w:$mGE$# SWע xq8#'s)/ղ'P"XpU Iϡ~ca3AxAJQb%HzY o/u)ܖ{:)wɚ{iIcfT>}zHV!{o"3&JAK~܁]OBL$M>OcZJ{dS[?ǢE)`4{@U#Rs[WL1"5rcn/P_:$XPg47DwS %h.<8Kެu`4HS9rHgV3u_CXn![$a}ٟQQG-4/Q֪T7|IYlZEJo_bE"JOQ.pߐŻK㾉qJPo2SNq`ri:{0@kCve2XG=3N b#S 4Nؤ>SZXDsth HDs?9_`:*8fHo41^ACTgkJ^9j竕eMbB0F`Q\_]ݲ EhK4͂oW?͇!l:{h>.zANe >Djg>MTYhT7mq[:\i}:!.ʕSlx ]b4B|=Ndi‰A3ܞNz0=1(_Pvg{k6+tKQ/aB' i`vO: ٍuK>H=<m}֨<Yqse-^ƶ|>~kvg?tf3Pid O~RyY5 bX2[f5!GOd$ EƘfvl s@/TH&5Aҝmkk%7@*~E>+=ÌO,fWHSDvJI5xj))c -ъFYiݽW޽YFY"W ҭH0@ˈTB!1(:$<>sa SY0+En\x/""I Bz3 Q.P)M-H3zNK?2ڸx<r^SeN䌠vF{q'hL90qᯩYX;HȊUDgjyLcZ&vZQ"8WV_~dcf?zyI(rҜ6tt7g8|~tC9YcMUŒ$!i|QZD#De[pf]UbwGd]\bHw(7|irTJ6]n6 "mmKg[ (gӑ[k=iؓWzs.aN%/X-x#XIgJ^eH)xl砶Agwрɖxƽ8΂4VJAJGY2J'F˄)`=, ̱6F_KKmvߒI`)5\g%^!7MVczB'G,bn055+! β2%B̓LNFg[EGZZex"9 ^5y,@f)!c;(^6=-"qԵJP1.ȕa# [z kϒ'uٯHux4bM ^g8ڢ*/ۢ%%tB/ԸV>J$-9`4كf-t)mK64r_v^ %B4zW?,̭}J(1$sӀKɼަ&2k"h -gڮ?]Ƃ:}E q.WDdH,;S$PsF@Ͽq3̷,iJK DyOݔJD#T>SmkX]rR<=&/SIΓ1OmVqH?*Jtׅ9Y\acKP5ep# 4 L4rT\3O.p 0|ؤT(`Dl%߭ñDkzLA}Q?KDp3grԧHo ~~$@Imo)TJZQpGhJJ|bT_6FzNxSߦi"ۖ~H[+ Pbvh}]amt#$>ϛd5'i_{uzP[xvZ-׃CNURoIu#<ֳhv-?>67Deg5e=cɘhSJ&ix!UfzZt<[ƒ+,< YR\0F[ga0,s5㎥t}wJ.KWnp"H~u0[r?&aAoNJc!8fVrdZroPn^o*$_՘ꄁ5x p#2@Dnq6VЍh܅xFʘ~F&9?PFXn9!4y!x\3Ǚ_䣎 >ꭥpu8ݓ91E7C|̧BAP.ҿmP.6ʱȘ"=\\ָ%'R#1 ckt;mί(sB cGd25ֱ Ronvt&Ie:+oBP.iE5)##I %`2uLwx;_gЄ:㽹ʯu7z=T"W%W?f\q,[YсoZdV9wx&Jv7QEZ ]v).y}]sk(cx R카;kKGŌ}y`.쐨,ټFQ3oOJ}Ⱦ.3u0#¿şv~ԳR ]'X0>((tUr5N}@ zn Dlk 6wvOޛMpeonZr=p( \jI=Y Mk 8oKH?~ Aya)&45rg#Rtz0yniY׌}C΄ }Iy>Q;WWSÕtᯧIk4iI}FB\d~Uy$|ݼ!rV{~fBiP>i'V.rbDJ ֢KPv4,0E/ue-z^˟7I4oP{U+@}WpΔ5/JC-+]kƇvrgeC,ȿ*`2G>obBa&u# xE85Ґ_uB>; = ş}t6thCNMBVVZEl#n7qT^L(=4KG}13Q$ _r^뵮!_mKqLٷG(g,0 kԿ:ؕ pwnsX.p%1w ǃ#Б=O*5~:@Gg7=67rX=0@^ ˹QeS z0z5`p`Gڗ!]JfB6H3ͮkxnUB(4Z|< EK[CX%o5# nc4,7m63M%43>JzlSBBU7tף0<\^kJ. 4\y! D OZhdhgTþZ!)]_;N7֨٥OsAC-VT  He;txiN H,Y`Zr{:e xkǕK60_ogE/Þq6b,,7IXqQ4ر*=}TPǾEΒ\s_ j7H05gh&$$#룭<Qm( QrX,'_cWb-rJ w쉌k.4ɹBXgy9G9܍%>ɨtNoARc9kˏKUyM/EeStr h5N|[29PeWuioz-Dd)nNrx۾#nh'3Nx{\&K1#Rͤ{J E=_ja(BUz,{G%+`fHb,X+1^\v~<]^1>-2OER2{nI6H,Il1qT?&D 1܈KoL?gW=z̚oʢ'kCl-rvvI31a[Qo*,܍ìtĒHLךX@~f,{\Mf?bpՄ\OgfIN]GrgU=y.lt]J}@~Xm*QfN-Kƽț_ǞMJ㺋T`p&1c{^AN.&sp.li#M5kshES/"6cz>OiY]@ZGw餕F=~NG+qX`'f@' sa*aZd]F9`r2.K;ɞ:h~%/3q\TnINbqgOs$% A&hx.ڬE=l2 ~$Yy̶ِkoMK=ߩwԮ&HtJ8(- sg#&rNQ]cF |Y@A2=\Zc.9W] YBL~w/`Z8jN.:h&ޭSAEvx12>o0d^g.LZ~o;}7I0NQؚ̌x6F! O&]2ߡQ #[!v7.OrEB`7zK4wuIvIįxD#;A^>M6*ETOe5RdlοTl`A)]b@]])K. _$۵B^+0de&&(ީIa^\ƛRwZU $B[zC3fEh|| =(Vi+X<Q7bxgPdLKeۺN y'?J"4SB;τ Wj#C=j(4Sk_by1 RIZ+ޯw"+&jE)Dk`QG[9 P(."%4sj&*˹1Ҍ7Y>e;?*b )D) tw罥 ttl]2Ǵ(`|)jygUF^R;4 )CF$L!F՟pT# /!o3 Q׊xn.TZRHGաeL/%E%Z7ɴ,%#Zt&#5L<EaY9l Cn]}O3䟇ay[N&  !=Y R? i:OaZ7W[IC~.Q1aF0d,㧐B~\0co|B;@+2 W-e%5`E8/d,6z isʖc(+1A/7~' W<12ܩ5f 10߼T'y/rv؈c1٢rCmwcdeME(B$Abۘa K͘竽BK~HJQdӓ.XO=\>A~qU̬N1|vh8f=%Q[_-̯>G0u@lmuAGsAz"iw2x0c>nzib c7EyK).ݚ_`o?U3-@Fň,~To{3mO 'Jzg[<#PI#] ] ۶YѢy\l$|iCj=~0yQҙ5bXYpN`#p6}3Tqmb4Zu2XX`=S0z|R ǢM@![ _lD_wY\|RP\O;<wo?Ech}L&n ?yTj( W%4NẗVKiMC.d* pFw)*PP˳M`DIb9XQ X(p9leU1<*`!xCݽ!Ĵ1MCnй \HڤImjR*܀]we=jufra4tpN|άX=UN=Ҍ^ܧ%4aO?G' =DYb}ͶOu|Z"Ӽl\$hsmINJiRnG*!4q@ @nBn T}ּX.S['в ʜ"?،.rf~vנue׵n#V1B7iUF{KyD:N`kSqĉ ]㻲wwJ4#'.IJ;=ĈCV +UgO:"h,5l-0]DT"؛_q8b"q+ٳ7P*s$ΰ3Ju*YjGRaH2Ի0TUGLm-C/_(x`ӓb8!@o&y\)bCz 1ݷqe'&S'trv;ĭC6>Em_O$OrhԤMB c S}\^AaX=#t>'Её骏1lmdW88&7vaZ @ݦ\XoK6ClN {ԙͥrJ<wm5Qۇ _nۚ hAV:&<V#eaJ~X@VXmPm߄`l.?lJ:aI35hUЛOH;1؇P+`t[Cc8Z,u %>f`lb^0/$0E)@0yƒĝU_g>F`΂ʩwC gI[.2wmgwm6>]TU98қb&2BrR՗-mFB4Q~뇍 %zKxqkFU\RBewiFʒeBR!?wOT),ndjqOnx5`ҽbUJZS.[6encϞ*th#>d<4l{QζdˊZ: ŠA7)UMh"#Cn) ?0a,/류p?{4sCUV"r(m&y+ 3j|x6VcLO݂9.w(x*ZI}Ȝ8yeۼ+V~C"ZL Q0Wh5AVCQȯC^LM;W .Jv ;-^~*ː5񾦫n,_GO9~R&+C]nFtqC+BQȰ,}856QW gQ"xe 5{fx3@ܸ>?мE<O^5lMq ܕ"giOȥ7Hy|CG['Y/+Ý`Z>HerUŰ#ΣPK-zJLzL f0 ַHD3Z&ebZ;d*ixTsc]#7j̲+`fpSB]%6*uDXJ&&Y Wo8$L/[~u/SC+rͮzS$!QçKLuO<F8 PlPNzpѫ-6]0[ 2%V_eVIR~hH4ߦQZEǺT˄`Q9ѩͶhC tYzXEX~1xm mkKDzTqADT[)Wp jE (QxtDp#Xc$`}'N|ZX[EFqtU>>)˔p^;hIn*"XN-Jfr܈e``ΈzZot5w"*aSb>Lk5"j@} 1l51vKdCIfyt`3-'q$Cٓ/fa,0' qsG4c/س'X$ab!x~yd >mBd҉RDO+.`g73r a=h$1(e<9 U(iďԲUo +__Q&҈p/Cq!\P$:n7dǦl:RLP% -ys^!y!b\E_'\wk;rG]F&B%%/@T"S(o06ls}O*Hkߵ ïgkEw1{3Sn:!ׅ ' ='- V0z)u?j-Nn|?QFt8C&ߘ%p>bCopIAt݌Q&n8̣`Qg*L*GhOYWctm ɧ6 s).U;{RR&gABhx>O4c R#wϽ4ghu3j8lx{ǣ9T~NA_Y ?{>%Q3Nfa-|9c-ޅ䌯?Z23˅7K.@oe1V/^A!^WËMh ( D( OcVCX- 5#皯;/CNN=W:dl9` d7AjF ʝԴA$Qdx"qx{mCBǑT+(UW5=,,}`/Pg\F6n- _mɿ*<[@l-Daګ?⭞r 9x';w pdjAnSgg.-ˤp8~Q'{WYU"$6`f"r8?.jW]-W5sOoܳ@\äߘ5®Kjc!~?CdӸ]^ЩHѩZ՟&`0bZ=# xU߮Е4oǾXJShC_L2&9}LWY 2G|qHO[{ =nLjS'r`ׅATHg B XeRY-Ky^ D] kG7#bn IBu'}XwNBx{%[<Z6yB,ܠ_5<.&28+kŲn*0g[4+M3Ta~ OB/^sV?Q"iq`JZ^%n|?x.F֯~RPO!vBA^s Ti9@HݡBynEd[U'g蚤$bWH֊U*M{O wE FL|͂ք:f Ext]vdwB*H~Oli6:+ݞN/rkz!f "F7 MJ=$\%Fbx0_7gu՟ygw\gTL5:Fuq R F ۽%+1v(>7+yTk  FO9Nlp!97LT_Jiph^MJZf¸"]$M̒aؐ)N(=ۋU°TLzvL%?J lsdy՟9)pP|{th~鰼| Bǩij.BMj?E}Z P4C@eHe6(Șɰ"pR,I3_ޥI gZG>xʠ݆FD΋\Di~@69R!:C een-VGh!OZ)i),+VHL Vc#$lZ&5E %$VweNGLGZcF0ďȟg0~]Y $<%)]ت$Wp ^gv`I}<;umϨXn4=Qi~M&rg%G4V},g{= *.~_j/zt(G YM&8=@ HZ/R+&}=(w1wyz=qNa4mbNg`-!mH6?ekyi>y`R5$ 51rGQV4}L_1[?41%Ë!M)Y (JO=4lb|kZ(쭁8y sPL$bQeJkM <@N+.FR6J?>oGe0J\beP r7e5'UaWrN\8=ʖ7cX7(/ oM.ovj+v[iYilN " ȫ4V [2`G-kiMϙ5Ɗ`u ˺z;9&0$LqJWA^Do "@>qPa76TU t0VRqS8qu`dsI& 7'Mdg2C @Ys`Y?kqbWb4U7H@p9$Һ,gpȉo$YCe>gCŊE'x ,A&W$P2)Tѧr+ E߹[}&bH:bjJ /Ys=vb& 󾍌㼕r.\ڕr6mbOAt?*2krOQʿY> @n'qsda%./JhޕAd_]@8t7-U}gvB1D֎|j +n,6 Ք-U2S'K%wGT0 H@`zn Bg8«'~fA;XiGyqJ9½2vQx[plV\RIKf9PzȊ8RI0~ nGK0#-g b8زƹoj 2}EËX?b~2GJ q&FW+gʹEpu;st_1A'k}keĔ`(ax*Hg3Q]Lpx긊?C;$R]Rc_*}Pv#Tzْ9 Fx/uY u-C+(ٛ[|4+)= Zv>@ \C!̶tdU5?={AӜQ /q Q\BZ0ya0A]T|~l.J\%Y6 ? `d>۽./Ry^.?mEoخaY@Np"N ]К}hI'QwܮG8Bp 8Sdž|.NGy,=evo+XzTH/05^l RsHdk`D1!,H%I@HҬfA  VՕ^#b/I5JxSc:UY4oJYx)aq{4FGN?])>Ut4PqU^v'5Z-;.M*>B:* $;i"g=,c|246|h;{, u].iG;peʹ5` QPfprQ|'6H;2JZ'p$iI dW^=u\B2)b5O ^Tmv#@ۂx[UmLJ`f#qɃvG۾ZIlب*70Tgequ[hؘ=G­4UjY7WӇfqIVfp̷̤E\B93Efā)&thy '8\Zm*[zĘCLk$*;ϾU\熓#f)bHӾD4\\'eY,o2}+X)yRVh[A#4< 암07A-<0{?U#`D՗:L !8͗ / ?/fdr6QӄH<*)wz}j~F-M rC-F#8O<9 m sXZhIi^vBohIAe4zakvq8ii p` PWՏ|xUn?mN\<*8MmD2L55sRɐ :!MۏǎxL`4ccJBg]PC |1||m)4䔺`S)~䀆%dfև -XI1FkA; nf#=-Tc+ʏ4[)(<z5g@QkǷ./{]RM}I+Mjǘp3Y8$ͬYO&JL#s*)c%1{Iuriq 6ST )( ?">0:Gۄp0~8ʴhS01ң-ÅKD7:ЯrnԼ\kc+p% F yPc7`~e+50Bax:wNօ^qcRDOI2NAvw .{xxJH7Mk[٥}`SFyDP68P54`($ȈPJ+.  3 ~DJ2T-X" d|cC*2﵇6,0np>3<{ZԼ6QiC_^„`b:XBC*&FNmrm5r(ӝC8*I3 l?m :onsTpA]oTxqMhDaZAGTBJq=cD9 6"By=%hKѻ[0 )X!Q)c$pT9 Å7yS0znO݊ s! ,?ط-Kg׶Ml{JH_X7E(/PվdFk t=ps_ş@m~4JW@V}8l4AէM!cg16 aI?Yڟ?WC 4,`&$D=ɶ{K? m KN9!س1$7Q&+ X'šG" g)~A ݵWa-/ ƅ*+)U6 ƽY8ni"ϴ^b{?A(2ҷ=$N6j{sXV0X4IjA-E=A ֡0cۙ/,J ~a:C4B_1YOTݏC=Q`~LBؼkTw#K9wi`wUooPeE>r 78 ׯiEm>9Fy'[CZ9_*f_~gv/!@)^^kN- ȍޚ07}{C0D<D/tZ*38buFb6(?0SBiIwބ|읷.`0|?=YQ4I Bǫd2thXyBst w /m_, F2qGJIj,5 B$y48ĉnR ;6K i#!8x sՖb3FtfO[u6= \Ʊ3zm m:b[Gp% #e^*l2zg V uLD ڹn;7?^E@uNf"lp{E~R1:K,fl0͝JmrTM+#rhXFe3pn?ӘyQRDzyx^}D7Ϙ) VAn쬐mܮMBCy`&~F[p_^>aQ;ހK1m(uݏ`v'y>O\UJu ũQGM[?2:= c]+uc9Tw޿ ؗ`fDռ=?W)&Y$DW H@BL!FϢeޫD|"u(6|/ͅyĜNfdEtB'CNG}}> qʾ~#0d/OvnY?" 9bZ=gRH33K{S[pqD%)/Fe󗬁*m_R&jPJ8lLMĖm#ΰE DȂʝLjcv$/j/ahJv&6p8L:cQRDnߟ[?[B=S'7qcw%$ sH3BXw _r$Û*T*RlѨX=8ID9|F*B '3-dEʂ&pǽ~T9z1H5EB`ңf% g<ʈG{JfV(Om6dxhe W߹MAoк$Xo}JvQt4WE-O p %i;o *Y^݀+RڛvuR,l{W-uكHnvl#`/I#)ks{nw{Zr PÄKR6eC`+a|? 7i֙DC|wB5:|Vkfm1@]ܥY:ITĽOOJ:{sAOuAV;Ck+z~ G jk̝ؐ@zMYy&fxuwo@%÷7%N¸ډ׍bwDB|6DLAqw몫]aFt1hBb9~0Cx05i+)qO`~دr5:/?KB/OϘn1^V62#AfBKCZw:m6* RAT)GS}F!*v| RlDԳ\+Y NeW(07mKK-;muDGhN$U,(f0$w.YagD-մ@ '$ݡJϙU/3UI;zuCH}[mShOJ6B(%Yu h6'Bjez=ǤndNC@ vIXx6ꆚs6&LYcg腼ښ,~Ҏv-;F؏u_N_$7.e (=TRNY__WlòZVYPnO 3~p3lRN@u@^Pl5!$+#އ?U%0Vvg 1t0EGhv~Yfv/JR\HaӁU,gpMU[$aC|2i^"R">w~([Tע]/b v+TǷ: }hM9yB~Vw8)Gi0mEh_"#m k`I5>G,5 t,تrǡ,j{Fh԰V$#1sX{w[{"~:vFOQ kO$Ժ#vy4T;jH48*O+)vX=:}|TM`U3輡|RfwYĨ$I`2*pF__ҿ0j)Ҿf>9Hi/j587Lm&Vo]Y6yKt謹M" ]`y~%/ $MEFR@ DոAxs=SpRL)G(&Sr%$l/εd5 Cb^+QkƋ%7.LOuj,LcJ3.Sr -K/R!=*zxc dA^⋋D;y“-͡`4L∥Q쎗M<'XELLijЫ5ju4!@jY!X5K~=Z̧p sr? ЦJM"-U4|/23It#˔'5Me)5HYenc̊M7m_gS^Zߙ|};ÜML5f1a6vu  _QW``~ϵtPZU&yܡ$,7jy^' }un)ׂg`:Nc N\=Miv'k;`i ە|WLr,o]㸺+*d:c TO_';KKR^XuXjo:w\cM:DGSD; <)i! о֗ڮQ-r.܄3>ǡ$yquYSt|K`bʡkj$5iENxҹs}:ke0?ZҌhO^k\7t+O'US.s \ y(DU|h(kM dRC񓁴"6vS%#VC[Y byk:w"K.='{uFUkBYskI4,-dⲲ ".ō< C|ßq u=_`~/cJ1dbmh8K+1"e+4x&Α!,qD2W/X p)<ӕ勿CKIR*#_5ǩׄ^<&uޔDTzw50fp[ s_>b4a;q E1M&j@;fְV9Ze 𿧇qWl>3=_vWARQyI}}&}ӭXaO~?swuN-װ&fh-Y8HЖv;fF_#B$SܘR W뻹Q: m%Z_0}Y2>%rZH6& ϡWR.[ +D|w edk2" [̝}ޖ #O3dM/(3 z3//IE`>T:#zה5fN/dz Dm2*c#ܖ'L:E%S}LӉ %8zf|$I6q0«dPYx]JEUbRiRtԣ?B98=DGC/1%D%Yhv$Mk"[+J]"O,l-v]T$O^t,לg 8ɩT9 ]U>I8+"my<t҇WlB8_qQ+YbAି1t[JA~ q$[ ['MI|ހ4:ی3]LFiMzҌ%զtޒGNYXZ{,Ϟ:#P3Z;NǼq c`nJC^>[C/':!ԚϲӰ;vmmP"0h" 3ф_4VWV܉@v3}Ƽƕa1Bx8sT9TWE6ft^C]0m&1.M2{C$y^ +M<(&3m۰dl'^q(S)A.bQ|_1A4`z14-T59jNpomҘN&:d9|HDM_Ru"-~ӥ8>yqw9q׏/Gu|$+93j$DF.fV` CM߫cdkgX>c RnJ͠!mk}ԣ%eO$i{6,6:X{J[(i;.\ q4+OOrSBU T͘u Veu$h7pG=c3BÁF>X߹j@*wT$H?PD*' !kbt׶e 0` n|./Ԯ)FΗ7 "!47;16 e7e ,$o?wi QfFsLH FoxӣC^_ۘD~ 8@9uJF2pL>w^惉~lIN:8/pbY|{z\ <4bkj3迨KQ43ﴖ52IM=%ob_O -УRs#WJQ ܫւ@?bW;s'qh =.MT꫶vRjbƊY$_= bqwYj\⣊gIt\8ޜH[Q*d2s޿܃[:Jncs%>=7VeUׁCp~rߡO)#8&V`O롃I'4 T&|HgKa׳RL;rn"<ʖ6ͻ&5"#aS/ҶE('r ;ptV2| W8 6U7bJ}gO튼jm~q&t936' aaFN'k8ϲ9N ϸD߄ s]%"SFNV3$˴lB83y w0,oFF$f?E2zzoW܏GvN7٘Ѱ1Ci$ sU|^p̨H^'5F]EMRWiI )[ Zk~xu6%e[s7Ы[- h:EuSR!eľgweC$\a\<( ]<"a&v3NgYҪ·DKD]4^ !_6ND;ǹQ_#5ܧܹ&u $ΞT=ZK_7*j- Ys7p󸝓`vΕnΝ=b=]`7tM?HS\ط4x6%αq wT>6Oй}{`CV)zq <[lqfrwSE< |XzoɖSq"1⳹V3@Kff J{"Gof&$Fi5 b6: ͤ,Efp<;VGSi!jZwWR9D\NSsO 2̻jl6~Zi%ܱ|cfӛک`tm FNͪeqagǢ2ql{YqrahÓm%, f/1'+l n`$Ł,ceQ2TV"-q?ȋI^9`W~LovgOyUS6{ "kꎀsO pKxC焗kA;=psY9Vr`G: A2CGWNĥX댃 <"ŀIj5Bk1!9&u6YehS98ա#$dyKP#}rvSSƇſۆN&@;?iPYPT b_FӐzxG 5`rVbzNJ̗oo}Ԙ=@ߠx\Jqj XYp:FKC-VUǔ@z–,G*O2`6!87{@T3 Xk;1@,>(L=„An$Dž{?ø8WGv7N%_>eԱwrӓԻuC|BvNc~&J 'ψ}4モAF7J$CP/XH(Ƽ*-i97r!y65t⧰P} sfs5o?|@u ?})g:z)o1x3:! kDsa>R'"c2n|YgHݯN DP#OsݬlF?q p6dVU>p{*WaU|.IV9M4y'L ]Hc3H˧sƲ_ Ђߋ.3t:_p&eѧ 5M"8nuX4v?>uWdfarr[yW?9ΙI>סּT^EJFOxF &A0EKy]kYU|'>`M#)thN Sh(&@KYS{_6pH=j֬\vYA] -I֑w$z7%GhIt (Fl$'mwpE,XSGcm`.S>BAJ$ڲp=.,PQT=E"n~w.FHn_+@)z o~N<-jiyȻ.-BVWIzfNk 5-P=BfT>e EuD_=K3i֘dM [fm/ήh+@qE㾚[/Pl2R.@0T7o$##aL\ 鸚yg{Ж7N\8f4O V-<|hC~ꌶ[=:ޜ5& M@OgI܏ i>j%<1)5 eԗ^ Z]-d%~np?1NV8J#zS}BWb=R*<܍pXA Vk<0ړ WZ+q RpTq.nL᳅tLk {פzރ$] w B+@/)- .1DQg˺ہ [P,z eDy " k9 U@GgEƵWd`&Ӎw4RIׄ[pOi(1)FalR}v.xᏱ4@FT~vP*Y% 'ZLyUhjΗl5TLUF{9s1bD=H{"/Cef(<̐T<:)NʓiFaow7d+D蔾=_d2q{`pэ\@Ke鬚H)74tì`,|\ִo4@)V]>eshrj?E43ΡLWw!!9MRE=ZuRz`mQ<)NsUKݙ=*'/E_+e7gl/Oܥ:)$+ br<|#!+? ˍ‹O%o2n(D:sMHLI/( =Y9>oFNn! sOP\|Ѩ=_-f>@& 5v_*Uł'ɮg"?G2+Ui3Nԏ6D֖u8׫rա܀7Wj4/ 4.>dAIEYy"vhT7ص2sE]rJp/Gc %|фv$}x>@ZlyaBfTM1S}FRF;_$U2<Տ$O;h7Bd4TtMSdbF{ZʎcZׯ*+ͬ^}s' To'pƍb[.޻4-8"FR~f?ts p"6AȘ~"n|+Q_uDZz5!c (|09y Ni5ЊJxdc t t{l)kջNMޢ@Hs1Y>UOkGpM~k: E%#+e򆣶_cõo#u;cIq7_"hvB󎌫 R &6Gܪ~P`:nN {ʸiv5L0řoL6$n <*E+FwlN[lf.51s:e3}'7C'˅I/5ye-+AODE4<ΚL|`yc%࣏R^1`&.MP_m|:ySIC]Dj@*ՈGR@igjMǞث6qQ o4g"$ևъ°1C{d6n|%|ilcNL hIV/rJLlC:H0_: |꡵vH Ejr=MU(Xu!tC~wmǯiGd<'*[:.j5|!xŧCQԖ&yP/L}Q^dU@8mMdootz&/>ڀ7ed- 1.ϙȿx6p`3: 8qe$RPa6|`|Z.Ź}Ng^@6_0f1!heoMYo+q^qKOh;wsiߨ•ȉݩ6S]PM,1Mh.:"$Fc;ڒx9#P/Uƭ FOWmh|܉FrtaniYbDIXHcWQ[{xI']~ZqvFz{Dq̦ٔF0*ė3wz~8ed|d<^Bkrj ?p,EQFK#{q 'X„>{E94eN"z/E2X^KՌ+=3?DW\E ෧B:XK%IyǮPMe=DnTdi_a}egs^fR'' s¬+DR! ~|Gky̳>3]5 tyf#7B+ĆA?C>]c,fy8Wʞ^ȩ\AR(v6ğ[ZgE [Z/'?[GO{0澡fcbKaaӃ"t3`h$sl z Jwg"^Ed.?cSN\J8|ldrg&]oZaUgR%nt}٨czpͰix.Įd n\B&5`=flv=E6us؈;SlS}BIIhm*NNrTcҰY&#ٻ4Z#_)<µ̪==}@^{n|%)Y>"-D(b6Q~yu:EEK\-Ku<80sv.6*!_bXW"'@ VZEMAV=.;sp1J z7N鎦c-F\]0 pFe/zTYYXMw;oV-@Q+-Ry 0g&L&@$M#FV :߄ĩyNcE!:Cш2]!$5@̋V-{~jYy: ȆG*9U 1ϗy ,[̓$h7wSzz/|,[162hʗhV~EJߕER$uä9; z _c ӓ# hp- }Á9fQ+ܠ>\U#j{ƼBOzy0P'PTENE5ٹ6; p뱳Ǧ;GBu&s̳RXi'Vϰ):(Wdn^QhTcXQClSb^(Wl%(Ý=E5t6XRbJ775Y5*c(صKv?uk6k1W)r8~J `[JTZR5$Q&(N uN@<2Ea IQ?)>U_Q$