sssd-dbus-2.7.3-1.el8 >  A bU]Ԩ9z*7 zb5G,{F2G 7E }C`M'ؒc`9unIzSKE2[2Z"DhuJc~ fj~rgW҃8F7+mqم\A'Yp=-o _>b@)*\xeF[*X@TE] RhPNhw=OvL&%| }{Z) 16p)0T/n^{wEtbdRY uۈ뗈4q9-\'[%%t/.(uЏ9?-nnC_Ccbe412d4fbfa1485a90e6bb5c65f81b8b1dea7cfb00b6e3015114f0ae31ca8badd7fbc7d383de8734397fa7139a73d9478c642a4ITbU]TLTj77OS̏c#zJ@~'ɕp~TUETcKcnۦ[F?D(V"=$4,;IRj9 smЭM1Sʁa( Aȡ8B7W-é23ѻff߫v.^ c'_XYt!Tp8^uv$k<bƏɛ],(=e+[aR*`MOM4C𴐙ZB1T^}{փ>)e/0`pޭs>bpGZeK9vMఊbvۧj^ETHpN9D_˔ K|)dUÏI E :a)jҾĶͯwgo:`XٔNƸ K7ٽn "_ŧ%gm'え,i0%>'s}(չondp"O Ԕ5}i oK3ErFsZpB?d   8 #7TZby 4  N  h       P    @44 4( U8 \9:d&>}R?}Z@}bG}l H} I} X}Y}\~ ]~< ^ bHdteyf|l~t u vw< xp y)HLRCsssd-dbus2.7.31.el8The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.bچaarch64-05.mbox.centos.orgCentOSCentOSGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxaarch64 if [ $1 -eq 1 ] ; then # Initial installation systemctl --no-reload preset sssd-ifp.service &>/dev/null || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable --now sssd-ifp.service &>/dev/null || : fi if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-ifp.service &>/dev/null || : fi%&PK;  3AA큤A큤bچUbچbچbچbچYbچ]bچUbچbºbچMbچMbچMbچM4601b3592d313effe1a70c44167775b06693dc9b72e7bebc718b6c9e8b094b8f09f028cd5ad8b15e0d13531d362fd4f515952a830f6c821442cb3f901cf292a924c522bc5b034376d2368a4536ecdd7f88346d9a25ecd4a398dfc217a1988d00a2631eb70e5cdc8392c97e19924dc9aca4ddcf4b38a44ada079dbfd5f3b5c8738ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903b15e50b6ac1227685038061d97b54f52b0692fb8a693abe89160e5746ca5916c5f8fd689498fae76ac88ff93eaa9619d784b3f9f462bc063a0d5f450544085e945ca06a0d1408755e4dba5fe06bd4fa5183cfb115d3a0de64338c3dc47615f1e7aeb6744753774d6c0fb8b2ca68218ff50a89a0a72da6cae3e684d4a28bba14a../../../../usr/libexec/sssd/sssd_ifprootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.7.3-1.el8.src.rpmsssd-dbussssd-dbus(aarch-64) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/bin/shld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcollection.so.4()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdbus-1.so.3(LIBDBUS_1_3)(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.17)(64bit)libifp_iface.so()(64bit)libini_config.so.5()(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_iface.so()(64bit)libsss_sbus.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libunistring.so.2()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-commonsystemdsystemdsystemd3.0.4-14.6.0-14.0-15.2-12.7.3-1.el84.14.3bγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh rusvuk2.7.3-1.el82.7.3-1.el8 org.freedesktop.sssd.infopipe.conf.build-id4234323cd894304143f0479ca4443a3b2e07cec4sssd-ifp.servicesssd_ifporg.freedesktop.sssd.infopipe.servicesssd-dbusCOPYINGsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gz/etc/dbus-1/system.d//usr/lib//usr/lib/.build-id//usr/lib/.build-id/42//usr/lib/systemd/system//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/licenses//usr/share/licenses/sssd-dbus//usr/share/man/man5//usr/share/man/ru/man5//usr/share/man/sv/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnuXML 1.0 document, ASCII textdirectoryASCII textELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 3.7.0, BuildID[sha1]=4234323cd894304143f0479ca4443a3b2e07cec4, strippedtroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix))R'R#R RRRRR)RR%RRRR!RRRRR&RRRRR RRRRR R"RRR R R(R$R R*RRR.utf-8b7808210bf0ebf4cd08890ee91bec260b152d3e68f57e4e2909f3df20736723c?7zXZ !#,Ԋ] b2u Q{LT0ā8.cո\AO_ XF _אR/ IZLqA~p; &d&?ަ~MjҾh oU qL#5}uX6j]ag}9'6 R֓%^5@)+Sߩ4Çhu"fıfUyR V\j.x.嚖|LOWʉÚ_F"f\nT6~z{߉,KVwT}#_ ًӤhmSb]_5a\ubK6| G! ԗ8mUٺ4 7P)5$?>&1^q+o1޺,`2q%fSP z\EM8t'r"U65AWQ[ [%?Zck]_+6յB{ Md !'Ah~>Q9F;r=zQ5 gr^2uՕqRҖh=IF ' ي_7#ChL\h0ЫBmW6/}μ`h % T ۇL5بԱ5x^RА б{|>L'sk5A/ 敵ÊBF;- Ylhh<=%h(CK 4^4g/<^QH x>c'U^CMPsjJh(UX(-ɰ w+Xb0ɵ2xlFG nj"`X@&.y%6w4DJ뢄Ď\{,r5 fH b,  nOb5+, 韠3Ws), hC>-6PjVoΔ'ZW܏Ra}g#G){ixyZ^ӣ3< @-Cް<TY_ %jg0 cIx?4hspewo3uH}a5OC2B* q@2[B :z6#"F0V(IED~=Дay/{ky]C+:M>p!Pr&;`yџVϢ̿:k{2W`%r}%QSM5L"1Ss3m  ~Yv@zcDy.ė5eh61aFt{6, `ԚrC@^LHͶ憰?21x } SvJ!W V>=kHgvw㱯3ny{7VDȕh+w/4I )Fu*+^^jOTS1naZxveC6LKXr%~- ?@oerh쮕[2PѼ]8>A9LVA  Oh"LGOɈP8{{qdF: ةH.Չbkb!v]t:g%p{o-n~=<8*r|`}HT΂PDL"eEyxҾ=dIM9isy}ҕ'䖙  SؐY\51E>꓉_@v7.ٖźcwrkSQ 3VlI>BnRV`|+=@Ӵ-(O:#$'ih}>3 RQZ(0N1>I!Ai eJvJ_E~_.1Uw7YL'w$yI3ƼLD s?I#?>U6&{_c#h(Q@ø_"`6hGK"UYWb5$QݧĕHRk)w@\ Mf׆:|<`^NO;]1QUhO0+bK+6r߻Tl|s|ϡ6WF3_1HsReq- &%ˑ  B sQ?]-z x_L$q$TةbԳwoKnZ33j%d=߶v"3-5h|nhib[5= ER>ЈQ%aI|hj eކ)R#(:!SkHOe&ƫK_7=Ϻط8fKј;d!ˠGoIXc|-f\ʓm?Q Uz&[pXɺ-U4 JO S~wO-?8ofc=c.[ ֈ]QF(FB:He+_br`Ljj?ioTcg{9@Pv!^g=BrǶ432FJLn\]ePsy%BcJD'[TZ;t1A@YG8izmmJv>uπkʺ]WK}FXEqۧ#`M5 ] :4kJEU?8ڢWR_`C-]s%/J*˽lnM9}}H, 8R+&ye)E܌[ Rm1oFK0iai:^9P& [&0RJ.6l,*l˱ϗڈ$Qif 0) JI\ۧ:>lzDFe=}}]_+_' 0xK"5~WE~^z3QzWDHV·LQl펆.&s}RQ0N_/ݭq*XI D)&mH70W)tu.HDZ>L ai>kܟr@>z`%!JfYUѡCc&z"KcTw"`HtLjԬ qwuVCz; ,f<ĕXVm$YeG,LAJrW|'?O06@3{N~w/rkA䇰VI7wďk<@d°T =#w\SYo_:]0+q<&SxiSl~ēZtz7qFL8lХÔ?.6~(dOI^rKb*C$AVMzu^WZ ]`av+hT^Xƌn晈 #m4[]6Hr+7G%!^A"c6kh3{/2&= _#Vq)[/NFݿFmkd0 r2fPm[zTnAuVR~7U@-V1 괢⊳nH QMO[zqAЈ'$4weQ9-#'B+c&/k 'lA2{L57m;&@ɶnC +foɻkj_x\3ZD ;{~ P0!4(Q8kp*Wijy@,UhPfʯ.*ҷTk߆)MXklR"ZIid`14hՌVÜ;:XW؞}Ew{3l.G*;raXa V *v3+;AUOKA~\6s4 Lc۹&Ҍ R7+~M`X&êG,;Z&dyo\iU]C ,0?S4r^m<~2eۗ0<5:>ƽr N3MigSԢVe=z=(?Q!S$s ;ZLiURZ-h[_h!uX {-m]~٣&IϽBm6#P# _c "D8{ 0M/O ѓ ~KDߤ+v6;](::Ȼ=Cb!I"l_?4 ڣD[EHtp9:c r|VGD~WZr#bTX\D-~怴^̃\@b=W3Rw_HWoضm'Q;e=DxG8x9!ۼ.A8\0D Q/ NdIxW _@l 5HI.v2Q<IdR0sEV  IHRoV&򯎶oƕA_:4PEÜ)=adW\3[Vބ!J4}mJ>PAgv;T7Q͖!uǀYt@e*_WmHQu+gfYLP'!!S;>KV^ Y(hH3OZl2TdXm陮^e_ 7>9Y,QO⎞;Zʥ?jK.؜mR~dL[ 'L6x[UeZTXGȤu|ڙ&ܴ#:9%=фΩ9']]HgOvD{|lx3m1.f"3P, l_zLYk7Exk^C& J=zF`yHPB~i_ JPD)JUp< Mo6ydO(x$ d#EGLq[rO=:yv8Hw)L II+>0=ORk  y&|g<ϰ>m!w|wieE`*శ*ݨyf/夗0L:|1x]1:{( kC&0S%vffً&[Dk-JaSLvI{ym&E˝4ې:8/h'0zK36o6Zhu 'PnӖ_ʚ#nb3˹'ͤ ݵŜ2 De|Z7>3I*KVl+&<̈́=hN%҈Xc H3$Nv}pMUʼ%BCֲcn9 Gl/{^UR l8كPBE׫\8;vf0 brb'BQ#$i`{gnޝ!T,a2<(Kcc!z~DE$c~o1ʑlJ*v}B$z06d;{gHrCW|^ҘMl0rZ2cHz;FpxR ;FWs9 M+Il G -0bh%hO]\2n*> 惑jJKWwV<,&$LHGzBT-넀BϑD+m) ElY) !c$YZUv(*r'GS8db&g2md`n o)dR[XDa8\QqT#up–8>NHα5Urc-wub}4%fduغ+&ӻ1d[ɟUD'M|SK؊;ۻzW(3DE9wؘf۫4;gl+ȧ<[dY͖_I6xQd u2~(#;)JKO:XͬV+hD(f>&q@CԚǠѓW,fW5Al$U!^!;?~2MР.pqFÊJI.F;)&9,*G>t"2'Og?w  pD}XׅnDO/ ~,[,ϒϕ>ih}3AOcq%s\%݅-C "ѮUO  ؞>,66 &4fF]6k]up|AµK518HQL V6g?CO6A,*7u6ֆzl\IȤLfb ?y[E\Æ]1oFǽX ={I۝*_=AK'R'TMծWP'6 D$Nރ,M%EOy<凿L/ .·Z Gg %Vh#=%hcFl_k<&D .b9*;+M42F1҈ ռ -1 -؁JqOTAuK!)Z /ǟ] 2'cC9&3x9aAGU9^gT)G2n2 'VSYO(z5ލﲙ"8cHt-rѴ%/Ģ?BgYy9GɈn[75@2lWcC pF&[X}6춿g1s#E~PHY5B}Ua)zB=5)\ =/,[Λ$LwXӛViQMBzoylzJ.*m!'|y FЖRT [be0ry5ՓpJbuXK w/!:3JJjlWrNƼ\ 7Wti}嬘i#sZ3﫡j8ݑ t Ji]jgRPXtSJ_t~ R$ֹVk| aeoUC5 |~Zu07P'K-I%z+ m0}l#= ` wJ^Zl伀^zy;՚_Z2[WLRFnk}7X*ohî 5uQſQ:?%7p!+Bq{q3 pf,gՒ-P gPMTLQـu}%bT1(ҶfP2_Z! A' Qd{OCHOAŽ rK1PtjwP]c3j؁.^HT‡M^Z pD \U1!fĞw|CgIAo @VNptfK F'Y 86RjZdz^%T}h&/c/2%9yjD2d4c4DfD/v׽)U7^x:ˊAJkꝚP6ױh">jiךСN [Fz0V;UrYVȵGUa"IQ"m#cخ7* y2bfa*O{Ue900FT(HT;SVN+<@>m͙tN!T!ۥiF(ޣyْ= ayiSI+X%Y&@iaײg$*o>p439"~u=_<cv@oY#6D۽3i$78zP9CkJ@2kWNct&{'N>"(sm8Gʂ,.ܛ9zQoK_ Dk110*W<ۊHd4RZ;1Y C]!JBxqU! ލ6-eC$amqWHlэB 2UdU{Gycr=bw;X:BfMj~׾eYah^UݨkP{{P^ I[5ܱS!%W0 mY.Fv^PGZƶfl'(k^yHj\%h$S,BרǙ۝?:EѬJҡ2x^r6l- k(Qst!$>ڃFqKVLxβ #'tDyzMskZdCd+Jނĝ}v *ƽ}̴)Į4w)Dd/GuL3X%,BT~K.Cpcfn]ea%zBjN@vRxJ;M>ٚ?qiՅqe'H{v J$|EG֔Щ>1_;!ш= X-.YA$F'kgItVӕ1+;j%NM")ZR52g0H(LoO7%\xH>3Oy~ `SץgEc9Un*?4Eq>A"2dnL_Zt&g\W,12q:P_~ٵEB{xlctVt 5PnuXJ6Py NyשsOUًg6mO0ʒ0їts2vy񓚋x T15$Y^K ͞FH\*&/շ]{5x`JAWSW;`rP]j-N>0&G=y52F`!ژ0'7 008}yi溜UGmU1ZGwz_s|<_ Oh xVNzY[|m&Gh/zF|/:ңmE/6uD ,{i;W ''iٵu1&~^s<Ƒ:#SQ"}.9qHMbCV."DԽlIcM֍[a_"'LXۃ^7u"fA Hv+,@Y6tUqqNRN(6q7d~4@no3}?PWcQ'ᆵź8r?'G >'q#˛(ZC?:[=ýsM%0~ӕM ;&[;Á 8 +S[&ܞ簂0<O ڋ6p5N(}eR8-jCE8S)"A?H)k׮,|2wx)3X@al$jBkr-.* @WA}7MY6̹~Cص9Y6XnF*@"d'ivqA`i>*џNv>ΠMXܭUF[_%%jl%r>kfϳ 俏F}%`|T3֪mx CD5 U>9FH 3_(AnuW#eVdCj9:Ř !]%+,?$eAyH:lJ蛇k0əIe[}ַ+Wp"gD}zN!]Tr>Ot\x |3vF %NVM}F|RwDŻGp6 /ӥIEGtw޺HH\aSʯY.zA.0toJ` nPgN / iΰӠs%/J mDqN^pNq4ol:r=% A?e~ev\=&6ո]j.kSUp2.cVxr)2*0d'v*T羳!+8 &FRmقJr9 :0n1u-# Yuk~ݚWz͓y5by^tU)J72S1;umv+Av  7OW#d_YNԼ'4xx?S_8E_ `=2-ѮA+]m_ʺEtAMR`Dwٍ[dkC CHX\œ=  s[gk`?{Bxꭃǝמd3{h:ju]9o1t+e1β-=_MHL= ]WJڔTtlWug%xBK8! <"8| o7aw42;axnNxS͙= YcȾ˅i(p$QrHr% H6X 8/^mrgT/!O߄V}BE&c8Pg鸾zhC_6E?)ӝþcUo[G9N`4XW{dnZ&D:BfMe)H.:=muLqᔢ5&e-|^ !.n 瓳݂ճ-VD^MH!a^=Jt]AVi(-Y"\!hS@zrFp;4r!)Nh 'QW>PkkacqkK܍5Z^@XNjfKlTm/wA{?C. 3zBa9Nټe |ihl?qkiI3JNF_#[)$XkOfRO 棪q;)q]҃"(1' L#m3CO7"n7Է{0xղ۹X H5f乃!HB!i MlSƇˁ2FŐ s5&KYueП"gfҜy KTlAv]㷍hdG$X3TdZ&(0Z+- 2 VvJQ4(_#5Ö#+qx- ƒ+UQꃧvֱX"ĊAwCɎȵ2n/}r%u 4/oZx(v"Y,%8T|y-7rd6c\Ciť֊/g#6l}v Cu zӁGHBfmEH' Kܓ2e >͍[" M\i~I=4͎ Y 9DE)P6wIɾ%|r啯 2{Z;&J2&3m{sHvݖ5Bwې*˨ A^<=r^-R6O;7"ӧf-r>Q%xlCA?lٙ?ny_Dgm3R$7k6wL,> u;zJ{ [?ospG[v8;S{i@b a7p<1J lG7[MFy> bn,K-=I;2/3 !EHa)\Ycv]-x6jll pP#[cYۼj KM}v,J,Qj\8>s$h>5|ˆT| 2pB `l[\!dQRy8V4p&l9zPR|ڠʻuJ%f*"zKBQ2q (ta=}߰.SEjnF 0ťuqw2D-ѡI`Rir{`Ms/um srTz#؟m0֑lom%Cc˳luAs4@fCLȘR#+ga^vZa=}LXgh?{U7& <\AׄJē&߇Gݙz"?p>^a" hf$q\-J2[ @ٱن?]U>*9g0Y.%-sHaR蓺,/?Чגk-%'RG'םE{wS1Y>V&\VFN5vvP 3 u&_^vivݴ$Zx*(3W"5?9žWR;ʮP@`:TjI@(?;?<)3V,\ThTxodܗf8OOU);u;4^wӄb GLhZq]m\9z8.NӨ|C{!8n&x޺{bp)^me{d(3g8|Cy8zdw[|trW۶6'Xm\u yrf;b1ɻN=sXl})r{[:nƆYa61LMe%{6KBא@ 3,&tENďN !<s`:g1 /W'F>*'xQ0k C?vH{BJ; Ũ&S>}dp_"f7\h5]$>,V{8J[́&|T%5ÍMc zP]h7#wa žp<8Pq R|IG$݊nţ# 8rQ#*5\?tӦQ<_̣qm|ZG)ol]xT6N5J@„N?ZPgBu:K-HE=,SO =?}VejȤ-8G8qgGeHU&  CA iC돂w ϋrstm;.m'F_;],U{SiJp( q1ҷ's[ xUOzvLoF Ps"$葏e[$y#,QeT[7oERKx!)77DQ4(|@C7h)Ph03+m7R=`QJ;䶄|xԽ%P"'O#_3M2J,ȑ.'nA^G gcתqe P|jrFE9rR`'vݝ#h*BfYQ{ >iyp8"Z,x* ?cf HIEB߾t扠80$+o+'7 XTl-ʗz@QY:+7 )X\I\'辽>"C_3 LBi矍Mrԫ[A~5m gqZ'ghI]2 WJ~J&oHHg:4O 'b㴼]jtZpk_$>e^sb2s2#)=nHW#0ZJG1!(.#sdM8p-#ySNIe1$?5jIoTHemshPC(v!p ]}|>oI$6Lc'? 0KpzI1XT£@' B'?~&_Os) }G݆VRb t ݌z:8C4Ժ&d.8323J> $FD&ClM)- b,!HZ8obQrҸGQ}4Io$xȘz(\~iOIV|F&gH4x@Z?nپܨk$k3۲>t2rGZVv&Y}]:1Uyr#]H}%W"K5.=S̬6Vz=Ehtۼ Y*rO럹ʌiS!]Obљ+h@S\4e"YT"A1L'eLgfTdBހ eTCҁaSV@ktt@if8kK'͍#1\2 TεzrDW|s*8u)}}MպPÐ2SwnoHr@p$ϟq]Yq&mU]]HGK.b:oZU L=㖈gX>pd|e:w`=MCF+8a*A;[. A'۬gl*ri DJP@Ifd/kX[5l~$߁Y8+`vX/u&[sÂ) &ȣXQ C\9 Mځ/۶Wq)MG*װD})-,l Mz[αNjg0uJ# W=JH.|Zc՚`@Hh Hrpk =\¦q̗.%NOr#L_"وSܹ K T;2%ZxF .|c3k/&^*caZex,>4Q>$kx3CW .ULm ,%0]8`[;RBUʫd_[㔠{ Ke.!Ot<&4c?16ޱb U<VZ?Xy..wsJ4 `+P&% r^ )e1mۧWci᰽Ys1D_!RuI* K53 /?cvFk( o}Seixy &}ҙCE1R, _m$L<;qE|?(do@Kk#N:0! ϪYcTa@:/~.%;wa=PtdK؃7$*5-F%Ewcwhda!b:ny`5}LLq`G、Fi*OKV j@\=SqIC ^{.* 7;q7LtVcz@iM}))?Ә<ڷ!~."\SnϪSrɉT٩3nKQ plA}[qc0Sh)Nh_\_*N}H]a'rkxKJ}c3Ͳ _{u d.Y,pF]Y!d#$x;CW|!I`3p$:M47Zո uk;.6m`Sj8;!КD-L++s&*Qt&`\b1(Ι[OymKt#0Ng7"|+)̞q,d?WyHe >_Dj9RT x՘pplj W@64 3*zD8|+;a !/uUJCg t\*n9[ 82ݯhg{wu"tdH;/8^ 1\IAO"l+Ka˦hz>@/%ׯ5%CJp`>SSOp0i.ՏC4Imo^նob6H+mw{xDNNdr9ykjWUEѕui 2oPZ 1̤*LG!`26ɨC s~J6I:VwwX%#wS\&,|E3 Pݹ q) {-PTsAFKefSB/K3H''Uޮ-k#ŇhÔ|ߜJZ,LSES)/3ϰ4 )mk=EU˱Iod"S>:8by{w};+Ow/h+ip}d7旿 Lcw#HO Y&ţJ2sL=c K Ҫ~&tcqC5]]F?_Rx0hRg?:=?}ą7~u-\*qV5}bXA|̶Cq$ψ09=$;hf㟿+/&'Pzjheezž\TTmju]t6.]iLg[!-p`&KՓpOРG0xFm4.Y?У6?0d󉱁c1bOd \/Tb|DxWZ bd(Tt`hLC9?U&4uEf.O$ 7z1vJP(#:9B,t_؋n~ru%*fAY M*&䱴"x^F6݄< K:nb}eVSN-Mǥc}$q3C.7΃Zvbm5as/*_*8UЄ 'Ҋom ,#9sV|M&v'DoQF!l.rEt"si~#]?wnsMD*LU\nEb7q6 Z,5X6uvCQQf=k2;{DQ@$e,"W4wnLXym]K0ض7e;ia _;h Yx]_xEo`H$.++bbb6=x5 ѧӪ {+Q5ž7OGS?_^IϲK=,_CPmUv+~v`2CFcQY$" 38#Ã0"iRZ>cDR*3E B;X۠>.R%1R` ހ[Jشbcҁ> Wj;5(F/S**'n/-JLh<acK-A{/ɑOm iK(f}H殉r1 6T2mVhu)(rM072{%XvKD/蹊vb))μhűuHmZ}@rs< dHz"^ M7{ޡ=m1qŐ;'y ʑxM 4f3>c| P;G6jjO2qVg$ 4J]W*j6}:$ވ3J : !],><\He`B"[; ^ _qȔV}YLLumǶ~viw5a'9vz^^TPE.R!TC EyAFt..' ڠۚUaAR[x48>q\b$zsl(H;Ul5@wTW0:9G5ZYX)R d X굃(ԗClr.%z]aiL&CJx.vVh%}2j^5S&9귯A/G3t~I:%I P0"@hy7)=DNxqҧ|6fU>c9~i Pi/VK|@݃*''LCxcפ7qi)N=qJ@7zĔsQ&Խ9IG„@isv a;l*9;U-Ӿpd Z0,,8GaW7zgDojU]GrU!zo6T˃73rGT5_(UCbC!-^E',rckn*0h0T-a.@GK.nGSh'G +yܥIZ{~Y>f#.o4 h+lh-C腏$| cG($ڶi])`v$9Yxe=[6?)\:Y//q: !9Fs h%\NdQHS b(ύ" NewƩ̟:8|7=9˩ 7PSacit s4g"{fRĤ3E녟4n^ђide{yK;@.:.)dj9.\Roec.Ӛബ;)[WhcW}[2Mc{3)@OS67݄98U]"4Ѻ=q9;H/Zn߻;Tg$rħ-M`?QJo I׉L)JƭS/Todh,r4 FsۊN)vd9JO:;#C;:2Bʳ1=lR0l3Jn\QP ^k7B=!DyB2Gs1R0`ӅJW$X5wAZ8Z0P,gҋTú  1Hu7bᑰj-`|18' 9J+-іH[jPݶ ^,G 2lr.Tߕ[iCH xgU24@h %%6#Gڹ95)y~_OG:lzĤvlB Xę'-qgNyl7Bˢ{$v}>̺3B!~@8 9$p>JG=1#lN|1mCCɥɰa'gڲn\=4TZ> ބW<g }`z7#H{P=n/)~ L1llu/C5^R\G-]%ac)|g:Zs;&DPؿ<r2r|_GΣ!J}p3sWc8}x?ChB!|r斲!s,ZbPZF7.1{' Xm"=(]VUkYz :dF=֧O )SjfaxUߙVamUnϩn1z+֋tfM+|-+xنXЪ@$ꭽF/8"+^:|rv)tc,x# a[*0:3w ?tkF)k!\a\[ _;_K嵮 +D礚}TQ^E@Nu gKگS5ٳ5+E?S-֏ ;T:D?<}OdG"قV, oeD;Lm!0tQ]=TRgoM|Oԁ'| 4K xR$Oh$WmRj_տT5* KZ,><V&ZA-pNXcuOmNM(JÕܙNlZymV}bL0QG!3YeO.YLt=2da#*wG#bm@!|Xk)񂘪@@(Sr!qֶ ;W2Lǘn;:b䞖1Zo= tټV)" '|oHm+շJfAU@ḵ̀1cҚ6~mkeU? _BM*k+Q)GlT:+Qyv&LI0гYc,yܳ\?NoGuIC9ghkF `-|Т}RafvInf*eawLG:}aoE!m' 3'#`e+`]X0}_#;qO/)4Ul2 f}D=@>%«q^-5jC7_M(_WzD?smC2K"bs'*;9^m _m #tc'b=.1ȷٛB=q iYilur=ܔu:_4B MATb:j[(x <:NIkHki*y\^uTZ $Ք'vz(v熌%F֚T;,hېTYأx`j9d,2\D#eb}O\n+MZE3WIJ}LVb?sD-rd?k\*d;1@eA=l(?E] Kx_sjuy[kX [U)\ ?7ȥ<¤0){}4IeJ&G:CV)b( YzdKmk*ř8Ԧ3ˏEpRjvY" vW4Ex~1.  3k-,RAvִ(z^8݂}0iՈwNV|U\ˁHzx~Y ,T&9d,Dt׽UOĻC.WMy |)5u= n5ێ:X#൩g7h6#j0KfF>RB" r DZH"{rNTk|d*k--΂0 ߥb LQR/ s,PVJ &=,е+цVG#j <\ktzDF>paOh.]6֚@l%&ꈏܛ[; Lqd>;qcb]ҖσhHRț?5@:Lj;lZy,Iξ7X.IoDR@ƾ]r63_ ~oFUCdsF H*9BRb]l޸Ҫ?BhvqXLDgTCQ =fUƔm3!-] ͆>0vG2].eӢOmr]1a<@|(WPx*p.TO1^=w(}":O$|4!tGkr}`k oo_z*/Fc _YX=~y:P>dl2.I]5Эdۑ/ a O&]w7[0IQfR#@SdB}cƞC(C5vQ%嗞5jR-lݪ|!R/)T8AO0Pդ%kbqߖ}v̽(-cW^E#`ۘu}]ޭjlahĹcFZcLꑑgaC[ H*ǯ)`ISuɏ^CE}PPGCq(0#"n*}Wk" yjObvo.T;QDdXl6wCa\/&l֖5xuF򋹛cm 9{Bi9 ;nqg]tEv잎H^P!Tf m:srQh@vU>WdJKh6IOk0 LT#0a!}l3IdƁfZY)~ډhn ,4 e,݊aS1'S}6?Q%Aw`ah9 xƚ_9\$I2-K6R'ͲCS7W\Mr9L(!kCW}jv|}#r7(&EeQʲG~tivi )4uGhQdch(gJV txM$&n,_O- C3WM!5_*2CƓXg ~5OVTYMmgǣd˫)Ϣ ZfOO{x, 9QmqR8#nyW2|cݜ!F}An)R3Us8$0s6`x'DnK,9nIq9 6iHeJ 'VZ_sY1F(u0_sɒZ"qF.*`&GMz/(&4LZ-|"&ckx:7ەzbXrGG ^pw^90R1!_3GEJi!sĐJhT4U2[`#86[67ЂђOu0)9phPq=sjeB2jڲݱ.78O T=Ƙ: XoPg~wgR#3,e%tܞ}VL"@&Se't)#L89`7l٪/h|VvHҐ4CK| \*Uc8/C A!m_jQj yo/P9.m`%EbMM5teg99O)7ksm~mu\{URMLaO1oX)ڸ\ 9(<^^MT}(5L,Xo1 L9QeQ"]hUӺLefuM,p)"\}N4C=4^D}PeOWWhD9nv|,9*Xs,e(UjgQ2=VRr%̹(\p؀S[$\ #Q<߂ si&NCZ2=EN]|0nd.x`=8,oNہNw^f@PB܄=_y~ރ[iJCN=̌Tٍ$o`O =IKS i07iAK6h>TLSWxR E^f=(d>Ș^W"&m}vX+cg娜r GFJ-cs;T !jQ50RD-7Fb:p'<FZ.$|3g ͑[wՉ·.V/_iEc-Y*}M%j2ټ]hՃ9Hyަod?=P+Us:37{ +xBѸrJ7d⪗GvĚ$G)+|%9op #_)t'IwJJBg br"^ȗr/ia)ē σ7] 3-c-Y)J9JQ@_AEDͳ-&e UܗrBndS 68ǂiSxOÌtT xZ2㥳BRKDLhᘧv sU==OJ xp35p<=Jbg+N$0*8C <^SGGuHH27 xwG #ׅzٓrc-6ֱ+Uw%E7Sm!EWs^ޔO)qꉮPF|va"l$qjoB.{HȪQ'&Ր0W4PcCG-"F`;) -xawV'IQ Mn2XU~Nüb) <IM?Ur49,]VvZ{91uRQ;e`nXkVq8 ^~$E2^آ-2 vxTEG0]6\{$D1! Tw~ ߀>ܽJ&M۱e3D@QY :)Vc" 2. ~g"ҡ )hnbJ 6߂W%~@NLdBC?@jjWiV]Q鰙F36> !bP4'Ӑ3h)JpyWiɝ|رCc2YQ]5ȍ} HetrS2=du-U|D]b礗 T)"?xl\$o} ̗y"M,Id ڒPqaz4v?(߷%ւ]dF (H-&{ VtbAA_߸z ~>9. rh/riIɭm-*`[3=+\k>հ;&Xh5-0ܶic՜Ḁ2wk|J xEj/>Qc1|F"^ĺكDAE0JhŌM,"2bi)WUa~Lĉ1! 'Hwܽw35,S0j+kԉIs:a5Ty@,d_((-ث057zA7LJ\TC-a:sjܓ(]]{[IWwiZzW?a8Rp`TA< \'>5[wn5oGg|/F# rPVڞp+ai3]Y-:D2 ;qX.@L)b%ҫS%${~rYS!AmDKGVϣ*'0xR@13u/$;'tg nenk|n% nۮBqQ[ J^. Xw/t$[^#s ܆aT!hW³˭Tt![BKApFN1vSgAyk@Mn@G>~{'!eȦBU >?e9)3xG\ 6+jCAEϮ Wyᴛĸd\χUͧ2 85T2VS(? g=p.IC%RO"GO2;W;uxk#ddi]f!"K"=/sG+4!qkN9e//V=~p"1PvB/n-*< ::y:bZH^)ZJ j{˪'`4=4f/K|IWɥ8%D5 !~ΗQDOKū8&^QFjsF a1 d7ODբCNW(y2cNH4vjӸ$h-Xސ٢8.Dw_p8hy!긟^2K ž)sIU}O}8>x?_iF)0LLbS< $S;5@eښuJ@  pP03s򥛍^{̈́ O^Lw]']Ғ9?p,UteQqY<0Okpz.4ߥ홽@A$4ڑ"hS&ƅTlFm)Ix]ͯҋ8%R D.aAf:- rVZtׁ:Gf[|έ~% ; w̘b9'Q:ˡ ɹ<{l:Hʦ/m@Sy>p2*R 7OQW!:ifae^]Yk晬}~쇧YNkb*iGrB_469L4`k11OPFSyYcӗ(ǩIjh·Ձcb!]dS; 7GG&o$U{Ac]Ġ<]iDˈJr&]ʫ,MC [u +i%(5ԗt_u0O{s9qI]#A7%QUL.4sy6UUֹ1vnΘ{p|$dtv1ɿ\Af$naSgyR2N 9:ddUW͗6ꢦ;X 2O#`VcZ <!")dB,t"8[r[U^*5SGKAJ xLrFn {ŔlJ&s7VNpX[>1NJf }&t6b,#ںŅ\~A-7dw V,ɰ iK) { ȣD,F0ȾD 0iYtt9DH!XZV.V:Jԭܖ-VX/oh d_ʫFNbKd4%˅!v\a9J8!# ˋ1g]yTȈyU6WViىMٰLg fy1 l< 8StCulٵy}Y崦;5VWI;׼OT%00rIӅǯr@* dj? Kc˼<3VwyGQ A7?Z7_T+)q+"&R-4 Fl{XgS p kX<ĥdY: ߫9_DbDzr#e?0n`u 'cD4{tl͂AB TQ\At3S{I>m*n7rH{fP ZfIqA ŋfeeMSRY6b/ݻQ+Anl_M@fJ*'q/wN3go2VtnOF2H)}. D{uKi,O,mlbkTHz.ͷz>(z.xV]׉@>FNģ- YNGɝ@q]BE <;왿̭!/S6te2c^uަa ae=୧) ^cG!fAh ;+a!bO[r01A~ARZ`)!D:es QI)u3kլe.1pc!@{l;L $x9GuxƬt|ɭUmIvhF PR>̻\z( as̑iKRv:&; ßpwH [(Q#bpi΢\".}\WGd <{%k! g@],Z?rPSԠ#צ hh ޗzGށ*D@vx?ޛL#Pt(ՔiގV!z۟n>J= ><0L)4y1'[lJ܆nZ680ڜʈ*CHտ\"@ Z}ֳbSCuqpǫ*@25yào DOQ<}'ME!a%m\]<0ь߾y&ZQs8FIªȺQ=4WX_Q[?8 AQNJ 6/Z^DC2ۓ|8}nDL3p f:GecD*L_lgl[uwCku^K8#P͐$޺C&->xM;;{#C~atH"dE/d ͕ ~oEP~Pud2;D& `ђ9B!KNX0qW´Ԍ7Yl(&[-EP|4CN{\BS4FJHA> ho`t_|Cc&3>*߭C~B3Q.~+!]oj3*ct2.B5\3Z\~ Cߠ7X7p;ʘQb\"Rl*s!SY%IឥѮyXV)V;#aC Jn2-ѐmH(ޢ=Ը;J׍id4M 8cmV\8K|E%=.yoK tFBX(";LYj& C.\D[Y 83-o/p<++"E#qa:Cv`eY:۲ʥmBmﴢ87@#tϳWzsͦ",n ӡmx-KByՁ{qEGM~hTsMtyC5 7E_tyx ׺K8^|y AݯZ\J@u l' jWa;s*甏0?/k*+w:%I~Y,4 vPcq<:xWqCT .P}JSB֒%qK2Kk>.Mawi~83~'e#-OHmbۖx"PմE aafx-"A1< gzbZ#dizdabڤ@DM1t)o{ϟK?딚'^K(mk(٠"~Ua~38~"(|Cn.n&r"P/#dRl%SuI_]VjDDpHhIʃ  e NPĘINlC5d.=nNmO*e> FG?AP'VA;ftkcI-LKUXcc^y :|HZI4^<.,kOR!j2?vЗpyBy'n+o`{Dhߋ$Bt1.["1J*+HS^ï[U. .}yn2&ͱft01p#6ahuOaJX(K Ëpy5c;C6I=|oCJR(W$s9ӿt@,eNF!L;-W䄤LSΆ=*_*I'3?l$8I֥Li0HښBxPK@;mqFChgm^0vuIr"x #+?/I |X].&M2чʀncT|/I<+O` FRu&i0o^~߈ IM W +&x1R6[lQ".s{j'Q!"f:2̱>=oPI HlőW?Bq3>!Th>5LiV ;ڤ^-y1#m>;ڑUP}Qzy:XGqΥNC~hy%2 8y({nmK)pŚۛ/&ׄvְV0niM.]I.Ot5QrPŲ^t# X-+V3L8쐛pl /H\ g8Y-y_&Le®SBNT8E&B6{ʔXdH+2]nũĘp\)g3>(\_/j`Sr5~/v{H`~ 0ܶ}b]"gS }Dr~߄0t^ =+Bt"eH|i KXMVH,"pS8#c˃IfySТkĘ.P{c* %vY(5\_y|/1)+<#M5byorìyґaC`ObX16)B Jw> KEwZ?=Eœ  ~4@s6d aGD9@Ŷ6Ca^> 04N^![E9J44iŖ/m[Ѷur!kCEXq)[,)Bl5wΆ찃bPqm?df^ pBc(C WF(oA[jb 5^7sEwn"7׻X1%5ߔ"Ն ( :fO‹;0&YRfn83^0>>V1KMbiñ* G/3 (x6*d+t8ɡ W(EA% F:9 %,G7D+l0l;g /.{%D,P.3q?(Aq&Uo-F2懟l@FP8R.µ7J̶?d)>uVrCYpٽ}MmuU~h-p>|BW+*!A*hΓbXYm%NgXH ud ]YqVfGi11Li&Dv"ʿ@ f2ypzS' c ywS/^g'̹祼~f[LkpN+u$Qk"ץ=k^(ѣE*bͺDwr!MI"\0qTƛa霋[OƛnXYagL]@ol5boOG&筳b;p4DEhf^:͈+z:gז9P#)J77z/`'6Y9PY:}3%H {9K% $=žpdlՔ]wrtR\s?1-<5/WgV,m jz*e*\lzϼSw0gq+ to9zIJ,ǚbƎn炠iG).@LZ B5*Bmu~'9'6~ iрD IX*sfI^ dŸ#rIDf2nBxOԱ4zT48#(~y&AxK^:0tP+ˈԪSr 0WXVN SL<9>Rz7r`,KY Gy^;!. .U0BgP^^Zq꭛ϧoi4jn$y_Cѽb@|aXjR 5AD P2Ṵ 5L[Q'oF Ռer֍4% U$yvƞmwPDpX*+p!= +WtAYt8 {Ncw͐.':M}XVQpXmYS:%2CX/[Zd&LJA FJ&j+BaA*65aMHLQׇGr`F[xȨr3'nN}b*49hKu!IT Pڱh1f2kisQoX?<'+U7N='T5#uYެ@ Au2 v̑:Wv%új7w;C=L#>½jBbܟz%Rff0L-B W;vW9#D }$ʝnAR w>K;0 tosz~H midUb 1Uv1.Jf U `8؛z| HL6yG9uBj 0G^RyI:TFUՃ&aC8@a5]c4,>uZ*==9+Qtb`XEq 3aHhv 2 w֓ F5kǟ7l?}9fvC{y~Pl},Cdbc6=lr5};RF o ]'<0Td|VVGRM  ^CjVwf 5%ٹVuv0"l=WgSb9 nޅLA99\n_fE$bQ19{c[KOtS,ȪfMDRR>{>)&RkW7m clUmܗF@E^4V pO׻աs OrڏV0wl'Vct!wEXQ7H?rZĉ3V{2$_J e[9lN>mʶZIʀEڄˤZVRz<;xeEؚM]xm~ Y׬½kT%Ha4;h ]}Ϲ}vDJ$l+,THC@ F૰rYjz3o7&P$Qۉ6X mv&0ct'%ۿl% VΟ]p$25PjWrk#4Evx =,DDzPv,H v3.m2Z?\dw ͒PZ$gX/j6H+MąE:fJ.)w)&&\m,E0BkR\7KT{> x73DıG{mA_Y8Xt, =sU5P)몏4Y̚l~+7S(&Ozd6)~' ]܅oQ[]۲~b /Hp[h;b -YuA[4f ;ez)l c>I[oxWP5VWRKTh?HEn( *M!gI5rs;gVn<Q τ!m=}bBɱxAr%EU.-B`O +$/V4I4KIY @6 nB&m+x ]Ƃ`, =RvA=vg6Z"dոo\9Gz08o.R$a0Zl|'n嗌YTM;\icoli^rs}Yu#h1~09β5 j\>va⶚9֪쫖uj]YL&Zfhh"2nE{J/;K#._؅l O泛bb@HUC#~JGc@YS} = C% /r+%3Lny,uU>Ȁ1"6a<لFMݒmR_(['5Hf7gw*0+~'TVu B<#/դEaK`oc >R} = 8`u']-;5p\ʍ |~@2.Gݗt[ m$0 ǟ%o6PQ UJ3?TѼ$}}uY&l L:< #Y-][6&ᷜގ!*yxʻ2( mu:Ռ:bfӴEQ{)t3U k[+*>@tQ;v_2s×ڌĚE!*mu8z#crYe6`mwW{ V5i؇#* fX24@%rA#?*V&Xpx#Vk2+,/dՈh2+[@mst g,Wc^w_[0+'yWt2E-rJ +`んFq.byb]D-Nݻ|2SB y?ݍ=2z\uߙ[A\-dmj7D%C#%J>H=S,)}}ehҏ=kk~Ri1dbHu==n`r b\6 ykk=SCwŀ3䰛AD[qE)*M jNDx 79n3Ǟ􇓾=z T 78s2CX꿂]L IQ{-twJKP&/ۥYH`Ĉ-"1Hjr9{ ̕Azd|9b %bXmbےYP/Ymu#}Sl *rWK x+"c`PA d%#V}u&y\;9E䋭_VKSnCCB QURٵUvh\.51U#pp -f,xSeUްQt#7Ien]o%y2{iEkNeP Myr*Y]:%Qܜ2LgzōP} PnQ`\_'*]3:{v?':+Y2rAOit3Kʄ ZFt)"Գ)՟ߩ^*Q&]#if > oUknxwmk^""k&5 ,NxׂlP  TOn{W 9#6,Hd~+ۤe;CGq{wReYbTwUx5^sb2RzQT&F,{L *Ompf`Ѿh =ro>;ӭ^B!%zTa+]#_ w`K~dNܣ]>eܻQ`De~͇-M&Uste뼷^[`<$a7.KۿB4B8 &[umLKga෾&NC57TwIM;&x$C %[?.닕jWSRFA q_抵8dZlɴ 4Jn!eaߙl t/s#J0{.-Wt`، uƕrPPSpce)p@p6r% \r!79Z},z  z7ߣ-~J=Y^%,DYK`~0UK\8)H(ʜƆh%,j޳{nJ![ 01%Jw; gRHf+oF8jۜV7dDZd0"9uA-lN3ו5Tұ.fk7Rg+˼YH=`sv?4mשr7l ^Hw enoi65vE*wOsR媩sIٝsMj]Fcd@wH3?QGƾ*mίfrZcnKxZhHoS'ANµbH:p4_lxsv8QŴsV#~RJM ۑ}&~5zwzV\ǡcvsky{֔AIBt#Kz48E-y[[g|z-#Y$4;w6/08_5*]? >ws?Myĥ({WN6wCn.,&G܂3jn~df+U6_ K`wgdl}(%>XCFGDzN.14;85A"߽WS'2J\{xY6 uU@*,5<ށAװٹ_;`Xbӂj Oj99<>RL_pL;*EGUmD|D /BY[QP7V4~ȱluMB "#XCp|$t4q~/Nw0OJ;Ɣv*S *8Xl_!7]2cU|ԉk5.D (/{ZRc '\zES?ld2GU\XWZqAr a52KvblMO_1,-qgD\>04;7;u|D\&sMǔ)kq^nI[[N։"GRy-;I[*:c[v3ڈ;2d :M_ǿyk d!;KN$%/m.V0k+d>ƺOsPu/~Cmcd0P1{0޻;_+u$En-:Լ\]*ZoHf_{A6Ph^H(@Hx0H B 3+khxŖȱڍ/ZO߹ZP-OjAL %t!4Q,τD2@q ڽ-2*B+.⍃Q'641x%w|bjS;ׄ*@׶oI1=8:5N UPl%<22>]ksˆukZIZ?ij)و]5^O^ĿoL&d8{M~:tuZZpHfjwj7a^1+x09nʘ n\_hg4w`FC|6gS3%>&"ϝڽADžEE0*/u[ JuIG\592i 1#]|9` ̇Ҋ?5SIcm;|@{2 J"cqn_<v˰i+̚ZM8Dfsvff/B53VZTG %-ueİ (Hta`?p$,(Oxcp!]brj-Ό"H"k}gqJL4wuFڦSAeAnO:o1iy&!&łeOv]\\IG[w[A`8v/.}g,Gwu% #,(U77j~M~.64X!BXU&Kֹ#VZ(/f]4r [X=EUJ/oYR+#]`Rݳġqv*J* :9i VWCqCE; (◓s k(#+L-6r-Bp4L12y C%6e˺`۔%5h4'`.1}6[-_U%N}5Ol-2H *m=J;6{=B;!Yi'"7;Fn<϶iAFWv90mݍ$ӫ!Psd~nWܐ¨ VRriT&B`EhB5W 9W-Pɼ!hb_y5qhyk5$9ϓ)`I_љ'* ;& B~\\FP= 8Jڒ)KCfs=/-hX_VM;x0A 4B4 !IU[K\ Yċ_WplvGtv8idB8zŇ>g]]]7Kyu4o^qNA F)DbUӔt?m׽򬠳Su};4j:jcu%[XMs[XJѿ1wdPU2HĮFą)ٺHl\S[#mgMU9rIUz?{*c޵-ĢW {EQWs/b}$X֍F Pլ`dWmoJ`W?ba D6a4!ȕ-7uzYš% k=3u;(U!=M>Y=1Oes,~yS0Qmo6W+&\Լ e&nXaAZHcʿ` ,h& j[42V4`1es+x4(̈́ny < (PhT06&ߞ"p Mky 6nbc" y7A{J*wvB>䪞-MC{n>ОT8!b}^#=h߂ 3}OКk*&xT*p)ڮGnl_R38o Y0ua4Z%9*\{ %ErhJD5t,NТ@;OڼԱ;2dpDSJ6qr#8@pJfԧpT!4p4dH쁹oDq 6?-[2XЌlmth‚ftսrG/s:)݁ m@`c\wF@moFfUmh캶Fmor'ՂTtrp&=٘R۫>SH}֭NPV] ak~!_Ǹ×\ITIĿ"\0T,:S=+vKsP<&&Ph\?/.+~֎ $ i6Ty+F{ƚw_} @ֆCj=檠 }.7eT᢭+%' a=Cوp4KAYK.3s>ztM#~xK۬Y ̬j(Xim.횃˴`oƦ)- )QvUTR! ZY@}9+Ȍ^rK IĂśqCP[(OwGJe]- o;[(fGi0|/f'tz("Ea@5Nu xf4!ԧ)hRCl{mV;>g /!qIGua+k>lQf`tL_\|nUc>/L*gDx_O QVM͇L)ZVyA6~X>BeuK[2q\:vuqԪ!s!׆'ykDr"Zjͮ$z2.t|Td`Š ]NJs+tXDyEnfoY,n#ǩ׵xݹyQ4)C"^b0qε=7Z׻ٍNmTD5l9e_oH1>NHdz?ƛSGU#φo\^r‡^8ijy :  t:N.*?$[En e.2m'DfgGYq|^ :[gGTϡͫFn`e"43(K@1 N2Zد9sI1 Il%BQYvn! n!DMH{qkp}/]> f{p^/f*KZ p6*Iڼr|X?Awċ4i_xc Fi*r-v(֔z"sUf'fQYؚrIHq~繆ӤId. "M S>'B'KBfNARU-=[c3N`tT+fGkI\l 2!:K@WdM %LO"n6G3Z ^)%.9׮(.|B *&0mO39IߟmFYV-?FN«,S$vqw?2\i5<*cN33S2 (|_H~']bȦsB h;2u Q; ,"GɕqF*U ?ϰX[ƀNH5F˱ZYR/}uL@,Bۑ{7Nv1x (MdlÍnw]/t&ΌF`X~ vnmؿ(d&qDt>=eLADХ)1bust5')9wgiGԱ9V)UdT,,T^}&t&knXe@Ƣ!xnyb2䅜2'.W\-25Eb&':aH0_RsZz^Q^W^Z]t9!Dk6]Q{ %JSmn78cex]2v'p?z_CUQ/X/?dy}PQRqM`+H6f9NT e5a-k!*ԊG{6`AKI_ER=, o&ҺcH뇍٧by@Ǟk'di# Er{Ul0 G?Feaol<_$M& ܋T 25ED2E,™('꼱G~LP̺xg[4!=܊ u ޴=>[׸*H"lAeo_Ju/Yx M3j|~v`,>1aQEgJs(_evh_jJ2ދ瑡 -`Hݬ̞^ cK\0ν' cVtnPxI@p &jm _'oxcv~P?5刨%`Gq""j3G 縇8{geYZgAu߉kQ'oc6ew~,]PX@=A8}ai\ _O@+x6Ўa|V<[.v-Jjlٮ<obYa]rsԂ7RD{aFFl0BH`CMn|/J=' c*IQ:B?*J comYN!0r)R\hh+g&@kA("⪼h @ L_sq7v3˖Տ&:AoƎ?1 [hn(DYʽ sI[GRʌm(JPNvQs@WOs"AGf W۴tNG ǞVNߎ3m6F+K$z5 @+_JmPzizG2*VkFN`PnF]>K!+*+o\o<<(F/ji.Ɲ&@/xR*8{NE Uli,(Bbn>&zHz 4TVO&RC9 fc |9 `x -'=G EE'3FɭFžwR5L;b5NFnZOE\n<̅&4S7:`񭇭EEV9t@1k #7,+bW1d @FQťt=ԁh- :e 4p8_bX++R\&W ȒoK_P4UX1Mf\SX=,Y~MaQgҳ?/ݚhhx:+h2w O;=Ij7ij/2SRO6kZ{ LQmy1IqD2Tuf4Uz_a4;$-k<^OqH WX ㌨8sy2ϰtjБ YyªkVsk]!Utm.o'jaiexZk}I#yOd6,O~sY˞_E)F܈,.!-i4ۑ /'r )%^2<E2qvQ{MI|mX :@%YmpV(hoP,fVcYI#gA1Ri.SCO[ bOKK\*!.Ǣ73:*؃).9RҭBd6앃Hٛ4$Z5V1Q .\I##Urt|2s]ӄY*&❴l?ekߟNyRžI |`P Q"g@Nqj@V 1 j 2DPF@O3 ,M7Ǵ[/.Tz*G +PXA-x(w.Ov" 6e4gFUoҽ7v+ϑLZBÆ$s_T)C8T=ihάuz/ WRwD!rZgE=csϩ`0Q)+bFK,.iXWbyG;ʼ/i1bUGhin|X &>"H).G]> QH(>D](G}άd%?jx9m l~'cϨ?KTJ/GkTh>w ͉ݨߧ6 8{(;C BK/=U!#f"Gu)j ^AZXmUȴW U&\%m]q/qtA\#~(V.vRV==]*sބp*zbt]~+, VC>`ܬO$\Ֆʦ'iO/hD\luR⮘e^"B-y:R A=?ZsZmȀMW!iiA\ X#0hܡZwӒI} ba}k)F߳bk/mC\Ӯ0,b"sP<*K D )f*4Jnkʎ]I 7WCMA%d$2Lrh8zu'Jm_$eO`݇rO mwJ)9: nB}qɫOd\Va@?`JJJ30r~^eGBqVq{@Yo ~ajpq v0glW5 Ì>DH6ZOWZ<%qwp<~461'D \-1zFV?`In}on忼LeiQjnQYO5H{gAz>SFDY?J?4^XA} (Rpty )`e` {z?X$цI~ciz g7M\4£lsf]JO2܀TjGf~ݰv}MIhzl'g@UD2a,Q霄 EqwWxz3,pG117ZN(au(ՄH+Gp` zVz=Yzc(N %f]pE ]_@ϫcm;X]Ɔǁ\v߉)dbve>3L:~Tq}N2+%Olܰz.?l~acd a>yWס5׉=ȱt\B=8!FF XͮO(EKQ[⟋yH:xrYC:t1kS&i _~a`:a :4XY bLXj_"BBeS(΢Qj8ed% ԝQGЇQZafWi9:؇E-c\Lcƍ5l[T/O^pYzmD`'Ω6OsDuR }]z9]VxpsW^.ÇTi!qhFL$**É^j{篽Kn6iTB4,*cCn|_Y<,kd(el}ćewV /J ߞ$ *]"jyDʪ;mM-BYeULhv(20L֗ jz8ݰm@3Ϩ]z=7X. ƀŞ#(O!7 K`Z_džI`v+Z =-u(q9Ph xĜ3=!{3+O(C5-ƈI|vl1oCA"_[/pfD{P}+l߷u sp!*rqy;m'!uNC_ ;ota >5&rYSO֕Lq'L䮑oފyЕ=?3mK1~eW7yUlȚ)٤/`IB9mW!Tw+;#}44$ gG=hރPQ9]lerg*:LtV X.U|b{M'^5;;! 8E/vYn`uN[T%E|jq9K"ȡa{A* w{Pۥ&Wݢ#%%N~+ထwAd"ҫ]K2@{ 8A=0{^% ~fb'8Ͳ^(S vjyyJڧjݠKl5 Ee4Pqr?0JOp;nbR1}'2(<tzpT\Ӛ#dzO՛~t-TE\U!Fj,p%{0a*U[4r7XƔQ>4o|χEc<(=w2s4e~z˟ب2,6ѫxGBVFgCYPk]^ߐr;l ӧ?3^wC t{&_ whw3 QS o)̗#ZZd`(pAX6f<(=1K?X̃-:Rg?y/՝0'jJ'ɩb&0n .'׋yi{v6(^- f{Kl^bȑmYIt hIk6J\/W'ۈX1Svn2 P0-my ݑ`*_㨠Bp,FNz0LDEU-䲀Ʋ}JtȂ2W^!zBsq߿I.7uVTaz9l'L=(4#GY3BȊN̲H!f[,TO&i?Qf8R(fPVmd6@k+JX2gՎ P+VS-'ec͐f0𾠗Qؘ}<}RK+Bl[za=#ꖶ51nRUC_"5j<-{AX "2Yʝ A$,X6bv3PC>7UfaOHҘbO pOKS`y#H@ϐ Pc A2#-kwj‹Ov%e۶%dxTJuY2ɥ$O̪4:i"mOe3]loo*DnOnxEO֜P82neOO[e{C% &5'+#ldPW`Pҽt}m 2qg_KȐB&;$gQYZ B,;0M\I.K:kZ~dֱw*9{r+k`*<EXQp?u#izK>F1?9y9ѐrrZ K%Sʷz$Q=ZJ,`j ̖J4hT[uL~K(̢l pgە+ R n'6#Ǻ#fxb*F% HQ֋]9++æ s&8(iC[N! %kl  nat+$Q[fm,>TJH 0WMQ"X=' ?`~mkCݛ&, &`,|AaQXOg}>zh76q^: 8[@ e箊Ѧ!T#WZQ>U^a%YGW;VyDaVoN`ִEjցkt6Tkx "R_wh1y6@N`垈gc6w?q/ED6y$8d@{<滚J*\,C<MI-j[r8 Lǃ(\2օb2;CLMZCT0( ك'9C^9EVzV 0As޳2`HI:ChEX +=A \yJddCc/`|8{9Ǽ]BFnCLCW\2*#OtkU@$\U-q~ k~xlȖޞb=)zW4;dMV"ңҚT`b@۰ZCw9c!7 x6P  J*m!B=Ln 1ahm` 0'`N5zGK΍9*=«|8̦s0ry=z(fིqj!(|x,+!#u(}FJ'XITQsp`d敲!q9^.A;"0$y%;'\ß-@U˙$GK=dtl"!זY#iqH]ߧ N80\@7ȬA-|+Jda¨ kh8ABTtР۷^\ӓP| w'yd'ьJJ"r#LqB\3G pX|*[fO#"6F| 6Q;H4Q's?,9B*NL71{] F); sg VV\_}suo~^oڵ.O/:y ~@uSduGwL5Qi 3D J.؁Cfl\TОg8& ~2vmBHkKsT*VV[A)k/-?6`]=hW J ,;8)P"RM+PSvN EpO!xݸ%:Dq ~{A?)RX6~arÔ&Q@^|3=9>]#  K{tVg7?{pYW#(L~2cwCƾGDnĿ6gB_R3naq~W;vk+n6j4´i|(d뾍}s? \ xJs"MI-#}̉M2 4ܮrޟSxò2c* 7܉ٰO.G7.f"PF Tc1{^Ot|DYfTID i)$w@DRPKnDЭZ-$]◳XZ?q?,6/^<@+m$9W{`WOXT'8r5U~$p3 [ǝ\9'$G #"xD1'MW{'Lt*aFex\.M#j~9}޲)d2u`}[~2G3+;w*$"3 s:amvHK$=>yqxxaKMR@U ˨e\'dL$F8f-&T81aXUZt _7 >j?|!i>pfDUHْff= 1ΑD%V|T i%ԠΈ\<RV0bCIᐎ){KZPn?+F`+TRFZ"F`ve%Zicn@ۑ\bЪaྐྵ_r-oU.B!͉/,L00sQI:Z Ø"0%$E$즕 7% 5"a (?j\@Ɏt9X] rOIgvDKwsHT'}!tXrqtYo)Ǡ$]3o#TɕGƊŢpZWÆ9aDkNVl7ҌP(ʚ\vb$tNK6 3)C.{}E*49lтhOyJG>hR[#1d~Q=% 7k*28M6@SϷ`J^}yTZVEĞ.`ov>+s'%Y&4lgbd(!i,i5uDzFL0#ŕ9dH_y i%xQ;IWb/Zȿ1GB{Z90gPMm+&C+FU뎢yb ٬)y+J }Ց"9'"bc2ϗ—؇%ɔX`oYNwSe]@y2G27{pu2,ݔ.[c,\8xBEnX]ϙ1X3}]SQ&3T"y1(tZGn~ &nRy&+RE"0(B0-Y}"a?%*& )Q(rQkZ'ack\1R z!7V!84Z*- }Vج[5F>Q]MP׆דr+Vڕ/|qUgg5k,͇s \~TѼ1:E!bO|v+@GWHc:a"V."/Vi9Y|f^H,Η:;/`jtuXXrzRh3ePRaNցUW6yπw,F&(]Yc*H+g v$aoSgTdq^t [o>l{mn>#7/>7IŴ kRty9Q#y+ۖ&ϒ75JC;N${fU bA%T̹LY@*~)˩p^)'cۭ K/.+_y +g"6Q^O+V׌NYN"BKD];ڈ4B%*%jp2OL6}+MG$"@~A 39PN[4KCS/7 K&┳ָ$cl^%羨QʅdIaD@GU8eS!%r~Hd4:Uê^4PƁ9 j^GEn B=.oXm~n~zwWV:8iKexZaU4+3Z:a?x ڢE 0(y ΓpZALA:Yнq 7!g6<-!+(wA~7n=ejY.3z^\ٰ/޽\r"ʴN0='M: 3`!PIE=\tx0 uryYGK cCawb@%sONшw<3uUAp@fnvJnhd.fO )sXG,qy&9{b*S5ηT%ʘzWF)+%`U&ω5Q^4:p'g ߚs]nNX|Ox+" dsaAG-flQ~u|T/JO9hYBYS#_ ?gE Р?kU6̢ "7Y)6_IaQhMO;ds~: ؇ (+S"sDdK[r X W' Vk#˸.R>xEaNp=ɨ't:%u6B7(pb/]¸^%F}f8@;ݿ;A(ry٢A9_jF&]()UgujJa %!hM yF"y`ɋpRV ?w?ϑP3|lc(NNcCɥfbۤGbmu\x|fEZ%X_];IVF|/hVkC'do]B`{&E<RBH4%:Q5~SӟHb;֠5| WG%tVW.ѫ5u hE#bGo _mט1|)fPk` "fY1{Rc 폙[')bݟ<'Հ(ܼŐShaMj s `E鳉#-)& MY^w1n\}WW"p`g|Iy) *TyILߊN4==0;itefbȅ#nQ,[904Rk|`9ЄkO!+yZO/>5KƷf6MAɬ>FTހo+࿪UP-E5>5+d#ڇSE:*yK3 3_`ٟ4L_{7szV gWF5Z- ,j/n6n M G;Ę]lȉwlz(Љ񒇙6cnR6y6+l#s he+Q/'w+]zA`;PB']$W.٧<*28 ^`s8#q.wfxYb"C<b{Q)L'~W.`uKcv=V  $r*mNjUI ?ߖ'b&9p`0 /aDի>g}VZ9ۼ?*O`]o UBr,}j<]3{N%.Q?&0:||8-!9l &(HES7Cnmg?5I 䤟GY.xH{7m0 UCT9Z<č'\;-\SiN?>{gdJX> r{*G[0d$d6~q<ئmkSv셐 ^'14oyklxH~s*mȟ@yo~d )М+wCFB_ܚϔ˯ y1[py(.L_E&f4j1.D(hvG@?!#9~,|8@j/$y'~1uˢ 1LK:}i<aM|w CD7~Op{+Q㓻>1R74Z>i&>K-:T98E]5̌G@ܝ kKN}P[^,88,NeB&\TH. 0H 1D]D-(aA͍Jpn3k!+73orp[ssFw*=JĄyy'z$ܨO!0VQj!&-> qO#rs‹uL&+1鍦',kQLq1'4;p"q.,n$G<5mɤaA| \ۅqLu=Nbt&+&/rk#RgJu8F.0pBB>MluˢTqwÀm 6$n gHG5DB;1NK;=/`wB?XhN;h 4 XcJZWlYWaISxʃc2g<o%XmǦ݂Mi1/ ͠ lpN`XkVQ9 =:|&p$uL9e9Ʈ}UeS߮&1K|xRewI9u ,I?!C&?HuΫstvoAQ ?r(j+l ya.HmpR<~HpQTp0JBzu6\Q=jV٩=6 34+4tu2FU?Lteե]0n|$U f.WH4ܒʾDƨJ!?'*]D}?ir*J55[dKc{RUGIm_]bo^ӶNq2bkym|߽fP Lܷ4!ȾwWG St|M u3oI W8ZU*+UQ9x]5A}!NVy-^<:2_gtti[6@`G(df/Hh{7_ qN[99*[ׁJ?=+Q2MJ dVhn+q8FEhE+*;+!q0_;)3SC2`pWBpǴ#0;(?C/*5.*/*ܛϾ]@>-t$V HkЊ;۰Td+'cyK^玢DҥLACtLpآt*Q?#Y< aߋ 7y^#Ы%()'[Y*4@ ְx)ylLF_7iF"i_#_1\c6bF쩡M ORQqؕɁPzy"VA!#uu[<51cmHvK5zф&J y|Kr<VB),=3B ,,؀C|!`ddlع>ѣ%7AO"RTWU2L"*GGY8tEWۺ1X9Tuo*ef!zg /mBahzR e*vrSbzݸ]Ge} a#;9` Fk;5 ynՋz ::*Wͣo=@ U-]eUpbwq«Q"$ Z 8-S\pf i{rN9e} uѫqqk!f +r7k]1q@m  fRE]׭Jާ.AY$W>9w][}Zϗ6ZW7~bSUUg<tczR2sV&vm N@RV#y\d,6])ϑrQXyΒ-AXU'-%SLX<؈Prau(>[ł\úH3^j"٧dEtP}%ScInA,;ڂBVT+b}r`$|qlC^G]ׁ8EAx+k$0!U󮭹g?=dҟCd,yV"jzgk vSX&i4=6|>1T>j%s|vgUO٨VRqSW#89#]Y$AHx~3V }K>T;QO[C/[9}g0_);}`@&\tvhߕ-GHL=D(\, <2Jf?kSn|:"F TLdHB@tAag[1?6:/DӌM$e_=]EXs׍<D%, ńNq"ҤAH=Cdi|DyhqpC!p-&OxCʆhDyFlÂ&_"zͮ/PJHlK# 8pN({l4Rkӽ3&A^Y#RtR.*02]ƔD#y09S \Fg(H.3B#X7΃!+;~ 1jH*:XXwR'ӭnf ]P߲I]HUpHͤH@j\?dZEc TL๜o`%Lƭ'Bu?ZYye#Ҿg2}wx7 bBkHS=]_\ɕ$ObZ*Kzv5UsĨ$Д+&y]pGaP&w!DaA2FWBKk c G W.c2U>q_%4S3nCZz_!v[cdh Lp0S+v<"x [uTp#_\_@q%p$v8ít~ߩ~}aivqgt2qqJ̌4=l0Q YϥA7ځ% ;$DRA(kL? Ow۰/7?{Fjv5 O\7ِ> +I2RT_7Y2|QxX2mM&^c#YfU~HB2Ym!>:TYQ*SYf:`z'R |# ke(p$0dQԮ*N>0udw;atԩUuX^7'&1׋oM(K8 P-#9Ioa"ٲJ `3"0zR نHӥ%&̕EM/H*!I([9X]f݌qmo]]rVo4mV::;0K d(3)0Zz U]o%/)3 Rx ̏Dn:c.['EKg*+5?C4nղ ֫-Plfwƣ︫@ԶPwbEƶ`Z*%2i5BA\k;=N:1[#>$3Iqm\mF&׏[9c 2AY6S N&оJ`hT$#XEC=KpèCa86ɊoÙԁ&N#d%t o+5+ 6.{k`_88`ui065g_rгl` nl6`s "/t–+jrN'af,^rC;>oo[^bQ)-gU.LF@;6-RKkGr3isP~\G{0?!% +eY3LHu $ Ѥ? m~3}6~B (`." ?!^F71#Dan7^p38IӀȖG &qZUVO!$h ^,ߢ($*f#w!p=w 5MvX#'eRl+et^.(U'']ˍs 3Ls@j%o$r2(Kn1킟o UÖX-{7.ómX9TvF`MLDxHD4[.u;P0j mڼFk|kEߥDФfUqg{%퓫:Uo~<%l['B=._0?J<gUMrE3D%s*ⷳM=W׺Bl")ؿg6}  q~3Iǖq`+cH9xmGu62 Q`A CgG[`^1F| ٳ<ܣ\ϟ*V%y|[4'E!^srO%ոb1124aH@;G܇`yיkyKhB)ot]WA [b`vD'〆(N?b3VzEmԤ'6MuV^ 't=Bf&hW@WcDJq::y޺2V*X.W 26ت|8*7[76FLNS [85H)ܳL(M͟ V"x ,9h;ȩ7ݴ˸v|  oQ:߫n]O4|S!4Msk̳bڻIsrdD.DfάY} ρ-jվ|:HA-Ev`^DFYQY! 0ׅWqܑPc3懲($@9Ho .>n@9d@PFubK7i_'7 @)ߌ\Wg[h7o&C*^c".$7S"/ʺ eV.>bqԎK<>)6xOS :sweL ;lf]W,B ɂ]G"P=v( ^Nb3wвd߸/[]̿{j=*.cY)ROm ?J0]p1Pr2vigDK6t5&}>&07AD \6@` )M&BYdx)?MD־"vk2ی Y4s%EMiz .G'뒤c~׀) {L&OGna„,WuotS? {jK` Z 5-L ^']BT`L-~:xTP?}Mgq)i:FWQm0F~}U/Q"'<~e?퓒k iR r;m\8G? ZEA/]/sf&P vI0pmqA;80+Xi{\C"]FyNY 0  hd[gUWF*<7(!n Ŏb<$>.AT4ذӳ}~X80:g%l BG{[0Y᣷-IL #T3lP -ILҖLfM,_]/ש/Y|g.fId0p2֟9_. W@ )[(AA 5?N _bZ`_8i"FІT`OB\v쒋c6Ũdx5P˞)c)~A)(tKn)thW$m -=+;Zl/xQ&8S͈Pe\wt utE3tO8lI"=g jNL_06sw@=5q'$'lTWt *9#U[Um|`֟OpEc19}T&n 5,[zRXWu)mo;n :~8J&K-gZ!0,굀QU~x%'O0RcA&٢K}NK!>zOsw럤\ayhncy>fjp^Di%xܩ U3| e2|KG=()V[fh|g 42.8|Y쾩i}h]ʊ.ĉ '.Y9:coP<.`g5 c9dF x$R.\adK,=V n{m/Oh7\)Dg8M`ll,; ƗtMzK(-껌й̧Ej:AiM0r/5j_b-xO&X6PXࠟe&Hd'~N#[vW& 9$J~7u}GsoOJ&P#bkltQEvdom.tm/bCwIIGM+ɍ!BIZ5fҟ2AbnM4SSc['a,5H0@T78Kldےd'}=ۚ%8dtFud-A}hu!Jpb']}#/IhI(kZ9n~Iz S 7=%.t yrT"g-%*G7GvHiТ֑28 ZŨh>Arߊms3fs_]29\&xWpsp_~p\+z<+BPS%Q$Tf vn+QbO qF_: xw K>u/P84S{Xw!ur1ɵmsux:R?*! %{#?m#ɻfqZ 5iC94FlsP %'G+o̙ ?fDVf4r܅ B,N/"%R*HlY=+r-4IJ_h'cu|݃J G גR2X0L~`p(* 8͖!a^e4!U.iőK'Een#^5IsnCo`7ע7xz\3,EC7IHBvvxWP|qŘwљ|DLRsk '+-gv/G%10D9~DXD" Q& $HPߔPEtOxčn p%f9&ޫ!RΟuBn*ncFz'cPE>9H#7/}z7 o\CE1YX4i$$NQ=1$jTBcelYQgljCD6ݐ'Uwq@8 QlBo7e{}t9VH͵TkĕyqNHCH01"{M!/#ƳNêiqYeKR't;vfwCα@DN_9WjH^]\RY|e\ 7|`yPvԏ}] :a9 y!|*ʄz:nY/ffV!'^:Y8/viCXbxħ'}Ax-a?㧐E-nl<6\Ԅ R9!5Dx!1hӲMG2 UV=Ãڬ>-?dv;5"jiafΐvNQK&`Pd_ўe(6ι1 pUᄷPk-+!8w,Q:ݼˇȁbE)ucFa&{˛ps!Yb0ꇷ*SMB jO>M+'Lv g|C5 R\?ɳB݄M(鶃[7[ak#X0ؑuG@\S Biʜil_9DqIkb4tVl0]54f}Z9}4p\q=g0q|^2Cm,)4+m[x r5b%;ˎ@຿wq0KXQk ͽ{k"u*]eYPGnUT7T/q6w P0jOk+OzHG4 +o}sC3|Bl-H"vFj$we'JR+(gÇMds5QA*kގ8/On;NF&=3(mA?bhR\} U^5pL7ޥG_; "ݬGԤX{:!͋ā̯Ҋd:D4 ]u<=0)FI7B̘蜓>& H`m#ڂHz9]ЀZ)q M-ct ?:f/W)i. ~g>gug7Uӣ+`_TQ66bMAAVqxLAKf.ύqUbM$ohUmK{"U ؍Z%p5 ͖eYP:ў5RS~FeU{) h1K+1Ȅ30H[NJE wr&[E;.#1 ֖G^FEGx{K[ϲKK=ŰmWB:AJoJ:i6LT3g[ˋHt@3ߠ'@y5Gx$Ŷ?hj8l'~* B1i-+}g|(?yrp\Ө2#2i'3m\T̋W0[}/s{·*Te-֞_I_VnrNdƒx%CK6ԢK&b/UjD0RJ^ʭS !{46O,YBKyF OsreL4ۃFd_uQVd[YH'#r‘”3q?8=Q{PN GH;ird@/*WS(Dl/%lwr\klq1iQ(@A]L?4b_ qK2'I~KRfU`g)՟qrPURU S9J 5y]j`w oE_L[5bIVHF1(p}+BPAѮ-T(mN!F]oSw0S]jP;X ݺ#a廤yDFWyus푗ڽ't!ô0u-'P텇an&GSⓎt&ɱfHj)_qI3fD]+\RVY*<)ܹ{steE cA73z3 N"π %u`k"dD2+X1κn 1u Cc˛pk u =V|tj84{ojD"`u,2+o"^QwAŭVxCHԩ )V\d^ 6пO>`k|~~([: ǼϢn_>+EHUB1rTfuC9I*{X׾U*EKG,8-WhW՞$pXAu 2^JZGK-'^l0-uI w\׻%Ic#|;~`zIXc?z P00ּ4_"+KL#l(ta9dr6'  :]NGІX.&px"̿ib?]oinT]fQDEv+I5,"ne!J1rX\LQ&L8#B([*bGϸCHוm_8nL2W"c=*$.Q[|"ljJg½ꘟ\EtazzEti8l;i+(٩zb+ep!j3Hz¥fMv? ڤj 4͇wLwi4 Hdo:ڻOiZRkc;as!$)ۏF)9?\| \kfq'Y![>H@k\ޫ0!s^lw7W}ϛJEј[CF&ɋjת\2D_ {i ӂݾmDQg\Dv\ů y$؞+N*H(H݆Z&N i vHCN,N猗>c:n"c͍d{~8u.9' uun3RTf|nSWMkIF9KPWezwkgyF>f݄?);SuDu891wr n. Gr!Vo7AfmDb4B/Q-Sj)%tER{fNjkIL!)-46\-}?ޢ@)ĕ6'lu=Y~aб!]adv=>,/ Qn]k t@/<0dgf~Cj-i /&ek_5rZ/-a-6\U6dhVV,E?~RD6.nK{M==Lh^v%%i{~*IiPo蛓`?Yx,iteH =.7]H#{c+14U 2g =3|F0ɡʹ\cV>S~&ƚzUEfwDr,1{0]-ԳSrOyn$1 U%I\7HAUYasK݈rިل S<Z|-xK=thI.`͠|{s$mE]B:1a}hRl /{vˬj. Npwhǖ(U|Y.YQ(yuyVcO){A>!=-x h5= |7X۴,y' FV/NE@rS ڔF;D<ؘG XN="+j0.g:||г* k |"D0Ś#J,א=/ZmV)9Oml' 3fXF!-h6pR2XIa5R~{Gm@rAԍWMڡ>F8>D}Жn]cت`Z[ZpԛOBp$#~DT[)u{s2LWXBǩƙߛn|eG?F/+yEhmU~Ou<&/r0$d"An!5DKl<`״o&+6y!*40 A_?~$WAάLê[7(KXSZK0Mxo_s=IZ_muZ Cj;^*xKQǹob(\HEK!Ȑ|*s) pz+eҌ󯼤RV-Ӯ~Nit0Cid4~W>mB(w{\>İBCRw6}Nt7+ y?f Ԏdҟ@!=O*A`M5JdCUUkD薱,i׉ %2$~0D=GQ>H~>*P4l" xq[.P-V(;DDOY)]*'1R2G?# P=ۗ};">4ۈ*?Q.p%r Cd0C:Qгj_;'rwiKj M\%>ldy1$>`* F~^E߉X1:q s5|D4oȗgUiOθq1)5)]0bf J$Paͧ/߉6g\2~d!׫ ,R%l,Tar^:j܍\!kO|6#,`nFsW 3G`ͺě nfhUN"7g}N?B,̔r)L{X.Pu2l@ʰ?$?($)U W@xJǁ`~+o. [Am&[ (+(ESǗb0Hr/D,M{kzʻ{N"(OMF25qY(J"<;x"3 rMή?/uw+Mhf׾icb3ٓ\R!f%w(t7EO DiD 6AaGɆ=Bw6 襠k@~[cӥ!)&_#AJ".u`W TI1þ]Vۨ}##|Q0}qj߶?޹.KWn+ɌGR&̽ziH>&Y " U"2RQ>g\Z3cr(: {Pu3naIP] ". LNJwjJUmrz5]=i1V*T?tSp>JOz:I0ԾZ[,<=|$lШk?Sz'q:Y ̐`mszI #a)6/ڏoRڋVArhby'CȰJYu[a:D8txD e'pۋ~nSOvqyha xܥM2E y V:|b]fsG|,;A gUMvkv *S&S\Sp)gECvM!|;A_Ъ:hZWtY#RTIJ۫TJG0 A~IJ`=C؀IIX {*6̥Fei 9QC$sRyvb!RohHXܩLz&y9Fݲ@c#V#A: /x K gtsU"(**84*KlSIbB_8=$A%.K2Mʥ@"ҭ ѺL_GϞW-Ԓszm4VpESW=~+JI$`!GTzr!>֣ʹoUМ~C}~Si}aa}"mx3lhfx^1C/WNt=Wb$# ("E- [-oӶ/OF5Ed-P-77|#4{#0i83}' 'evg'u7ZNKJ3t|o?`m/\TyL홧ygk("WpSaBojb{ܢ^RAg~6ϴ0GHȽIgBנ̩Bj'XL Zzj'*dLK1♉YHz6F٢\[ /R_X![AyoFYHE^X&CEnQEG.:n6UtŖi6o]0@fAg4DwkOLU9_]5( :?Y+Ҋg{ZNguxSe:*$zn"]+ ./|nf`χ߲ե4a$ qĞQMolkTiG|wN*Rh=gDFۥ8x8oiy K*e3詞 iaBjMJ"Uƨ!­P yw:~άx7QzqzuD'GG4d$mFp=i;;cA&3̚/]I]54G1ŰCH(I<Eu}-KСMMEғF7zGl(4t .0H_6g7ɩr%,Eֱ0vn5hI.yn/(W2A9vMsx 麺ɶT}pἉCבr$M0Kh뙌9}^>&aXGv-0֍ trbb+>\XHm/6wƭg úz%:$ xC٥;2v*wMc7X 2aM-)E(?vv,"'- zLi|ýpf:tr[7eCXϬfkTNpY`k&ә:m˩0qCL=wqC6khd=}*gv@vqmB//e|?I1"6IXl̺ HJZtNp ?B/\،z}CnoKr%sEhrM7vb+,j4ѻKSp =(fn>A?ІQAcഃZ2v%0Wf =+Oqj8ޤj-qCNBHt<11ȾP4]9$M.U.V>h T`7p؇%5^Wnr=M']@[A\&_Bm,$Io%T5iM!:|7Z$]y˳?0^ֿhD x+xf]nZx#.nd }{5a0݇NZ3|L,F{'4Qrn h"GJj;{zg}Q0$Z?$pe*qh;Xr׌*^% ^sD\@sfॖ,F58 㣋rw)B9Ryᕨ~>@Uu%Џ"Tۃ2NCFXc:"9!OBwQ%\^*/>K+{' Q(o+?niyߩv}>z]2RSؚ96~"xKdHyqyYT$jr9JӘ>n0vxpm2V.SbLR2`pyn4?uj =t\gq9}{n.%:mq ]C ۿaI. 7S ^;nj7o]$l4c'dnWiNw\:80-%V ˇ?",o78 _ 0KɰND/|g,tRoaX?0eFhKYߊxb~Ssݩ|{0iB+/$H,>w,b,YLt%~"$n&S>M`9>V@Z!6=|'9ՌOt"A*E*} ?8R V=tZ^ þxY(Cn4 Ȣi:Tsc0gтѵ=djflĪ9X-| IjM-x CfHV̍cG{ \FE[/s5̟ Lsnb={Ks>!|Py(& `ߗ}?RDH6 zxƳ6Z}#+HkC//zȕ^`ZzsPsQ["#h2pn[[:Qߦ<[ί"s +(d7, 4*$j$vAԜI'Ve{$RɠEك{t Ëv?%gBTqU#@1+JCVy5B~f/[`ns},k@Axp4@'VJG/C-η+JjųM:aIu`ʖ_$_Ox{ub#׏vf0ul8JEIrmP'eP&W{2h%0ֲ>erKSۊUN&xfun&xAu>u,ϫe|V¯>{xe7nf9PW{7YT6?}o!a;@pU~lCQgʩKV?tSPm2#lN^5E"L zPUR8t(-]4?j 19W m&t joZVea!.^Ycrʟ]&V`aE9aK N(-q;)ANe:wTwC榊сPNWmf];\i$dlؗaFigaT7 w;-# p$TIwVYLJFWBPŀ\{o$C,V{| u|,yӴ=e-wNy2&VZ`.)ݨm ~Gي|`++~f`06ܔl^P 9%>6dhX 9% l;G;_nXkEa*\f*vK JP_D11CX KmqcW?a XfWPKl6 :B[2Yo7z2jKwKdۄ`J ﶸ؎[\PmYis<.x3ˊ]ݟ!Ŏ`=Q Oq +iY#3>} - mZ2.٨F4ǡ)R(c߰E΢ed:W}=h&~`jVfF 6?^3Cv1LY݃M_] p[#Ֆ 2܉s1 *ZMx'nyJ浇P!%/'X_ғ$*EݽI춡^YRH $˨ uG_^K@XtIF @=U6E)U`5{`VH*MéJ lF"^ءszRWys3),GzŠT7P'q9u"kvF`j#G?hjEky/+0z'9[qr tmwargEv[cmç 'EW@݁(Fv{Ik} g44A.#`8ť!SĴtAʲ:}dK#w}[e8xr8\3Q_@9;6Q.lS{N4ڐI>pUbt"껐 {6 CA8 cՎy4g4#]Xr'(`yQ |-6ZnwqYQbQDajGIDZoeAOϏ>9D!ڔiLp#o Q$Rʽ­8vI+ظ?-\CmꭗE6FE'KԞl ]ؗ؜FdgcjpCNe; 3 gp#{z]-9-3R `lDRדAjS[#i6|y5vQ9H.ͦܺg -ILQbnjt>MF>iM:4:^ᶀFXp_.!xa;?Xڌģ?iȁj !AXH$vXzJjқs+Hmf"*N~(@5@[ mAϠu6~qXO%h\% ~=&0f0Y#vtL "uT>eT2>Aq Eدpw_})}v(8U#Y.ó6|k5e{lQbB#i5'bna|ơjҷq! (^c|Z2r1?'R_q2elC(+gIwĒ%+I0K3k}B )rI rPvWH^Mtj&mS!+ex)H>&I;%DZN6.KGSi ~zYQCjCV4‰No*`G~,vn g D]>g*G;w?Y4P8N˓bn'(<1ܳ/qBaWY@__@mAPq^+)JP&J # K9/ہL߹m $$Jyt,fV-ރ(C3.'>wrœ@7֥ʣA}\/"Tr C)KV\/;iU 1" BUc}j öɰ>lC' KɤʗAztz+^]oV W:: h'LL'I!'wNA)eA^Ԁ]R-$e?gC-/slP8^2O8$4ѧ,/&&N/{ NSU3nKώvF<M74Ӊ< R!?*KfvosgnMAy4bZ_7u|5*Z!AR`]G+_9XHfia~kE9,[(>5 Ad8ѲDJQ}-]wú1Z/a-[QQ*&'Y na<"-[1/t⩆>OC%SjFPր<Ӗiln? ng qBJ/z`/!E"J]2@xWS_#,D3|8ƔߞQYvJI? h~w=~ Ml-њW@đͥd P!%dˏ|;!x?ع†Bqk!d"&K~GڳՋ%ћ)ܾO<\V ]}V m+td⓵!Mb†F{R6Elnw+t0As. ,'&!2ۂH-)W8$ɱB*! "Mr!UfGm\}B ؈3LW,b3 4wxx.@bTDl;8R~Ž52۟Rld{ݿjf3GsPO|{IRyc " $!vnwa%-!W=zG u [4MPeMp?PĀ!yW.5lyXY*:;0u|IuΤ҂Sϐİ}0gn]t>&*HvOWꄿvJ19?3N:?3@5^ 5wkPO◣񨿻NoO)cWB\ivG<@ $9X̘r֦I} XBKQ!@QǦC #tKb+|\}WVI8Nu>lrBʱ4Q4lArK8AS׌ %DL^™m)q.cd+ZW+fKKFP*js'Mm_i)+(:D=]I;1¸/*uHp|*g0I.)o0iovw XA >We>#^ș^ZR1uAbY##6ZPT&/Qx.% q-mP5Bqʩ ;(i$o"J ]?JȭzܧR-œ'Ur^fn*bX74%hB72bFjr0S8OqW*eaCvlNԋkHȹ҇tvqfwvʈonQzj;£ s=Dk+.g-}wCYAn6 @4r2 ws) ݊x= 2<Vް t_uu{xe%4cARNnu e2buu ,*O jւ?fNx @rPĞۡ7Y0,&:@`rXU"_XR PLl. 7sqW^0=yd/S@~,ґ-X㷠U9KIP>縴QA|wG߀pv-Td]/͎=y'9Ċi塞C_+l|{6[BC:p|UQ\NM?Ȇܽm Pik~"_nLįif>uLW FnV`"[]ʦ=v!FP8QGW6+v]s+xpfYZ89Jy@BZy'`k $G)I((`m!EYT>)0*GfOy:(?[FY`ew Pi@Ѷ#VabTB$Oq1UH%Q"OE5mȇ^\voux)sJ<[:*މ-N;Zkŧs.xOZ]_i,ݗ( Q7bF>o=phHu]v)2o@Hۏ}-.sHN4WLzLMOGz(fFg,R1kϛёdV.4?#:[ԴC~K&~灻я jj)0G?M:FהTv"{ro!UWi=Q1iό>A'R(@LGHazF:~2\@M:>Ԏ͛y_ |a\3_C?.׸-4lQjE٩'YRqϑW tSiAPJ*,-{ͳySd֮̅-y"X=@eF\yPAb?Ӣ9wMNꉉ+ Miޜź*'Lٸ=uu &Vt0-1 fꥂ6fd]ж~ZE2yz$Ja݅2ML8LNZg_4c>c g6w8V9h wGğ I$MBg&GG[Ǹn7ÎX psY&^"WK^OkՎJSp^=gf66q({LT~SqGߩG4BQ@\0 ` i<‚,hz[pq h/>J૬-b8ua=LAvi[s*MW9d>Љ(%ff4eXM+MjXJOދLhpJrK1I?K0b`Xdg5)a^Rg; 蜲d5h!i3NAM}u7 ']}%J"'{U=[ޗsHhDo;Of@*AJf!"}.Xd|'v߃fa'Xsi%>ǒ?W9Ѣ:L+Xiɞ~hfa?rK-9]'n2|㏎ ~jšf7!+lu9(YA^8f>,,U ѧlӿ5Fw 67r̋KNPJQS̽ gl<>+F5w~s!%<,Aȹ%nJ8\ȣޝn܋ _; ǧ}./|9tdvܗE#'tq@gdJpcl#vJ6\F9-5mY`0y<΀2= &ti/MT@O[_#Xb~=4&-9<=G,< _faŁ'F5@Eå"4b-Qdxŧ;RXeNrydM^t@9qn")TPlW^co/4f^v] jE"f &MeԲS=be4'gUw*6e , "YkW' lrU_tܥ1jvSBF"4)@HXw|_X@%n_aY@9J9+HCw0! AX+&M+_oc(M~ vp!w"AAY驘uiO2):Wj'Qׯhd3KL%H筘ңGmn|R\]odҗF}˦Yw.~irXjKx#0r =jDX6b'(VeCpeҾZײ!۸>ԞN722˻}pY6iv ,;y,ɇ)@E\EԙPR㾻D҄"%sPoF:k׬t|y3~uMFxu sp0V =U! kaAƦr|\"C^h6K{-,ƾjQQuRG7mbn8t³’AUY c!xnfo`_HWĔ#?Tbrssޣeb)F#V 5vg1g2~W.(5_,soȖS ˠQzO]r^qNj3VГ: U -smW8))W໨Ԣt@9;$'76]B[p "o&CB3#w'4P v<F6AZR5)5GJ}ݘZ可l(J>WٷNϥu<4`Fw#踾T>"B;+cT RǠ q`ѸҔ*~n~`ڵ;\DxT*I=Ы)޷bGVU]a}ҳ`,Tѳn΢/aZݱ:ube崊'ۖTb%zLaX@BJOxpOARPL䇅0ӝAEѰOmʌo9!>w8dK P* :,_[2 ,%oxUͲPϳ[ Q6lmaz' /K1`jHNEs(8҇WVKOH9jE6S3&Z#貥̆ SP $An^'fXHoF& 񚠐"|h݈Hiz )Wl/DTGfX@~ /8s݊94'\\$0WR}[iԔ3N1Ġo*ʙIang>3\JJIXn<"53'q5#żhEx~39"[.z^("b( rTfrb:Z5! + &/b!B;_2 /tC,i8mل]7b BJ3B."S;#&(A\w\I/xXsKL^L;FEr+}-7u[lYGk~b:^="څ+Zca. } .nM5ruY)iaqSc.$n]C[{)w?fErjxUUC6e2 d0خԒt $-q{ y;DX`իOZ|ാbS4R-l,  /v  Su{qqLznGd B'yHgQ] c9nYG1e~UY:&@~+ yv_0R>lsmgt"[*(=2~qwl5[ 3B!.ՠy?# }Lr4(* cHĠ vN,O[qK]Z3°CLiKex2HTFeH C-bR3>|>C9]P>/c&-9t98٥(J#CCȄVV,sPm ƙ5*|mnB=q۪Kmy|t6zpË2+, /tLL !2hɞ ekŬ\f<X8:L>%0j3ӰcG=ϏZu5evVEfR+V>zyD\z$6F è_sꣂՊzgL.ob6=(xHoJ1#_C<(cM:^ݻ,ݠk+Պ@p]m ~2q p# W<~lZah;?N_Mr o:n ` RM9s]EKSB O!M@QMNbC 2aqۈY{>4[cRmurOܵt7~͒H0K'C7 w xK?k/9_v*zJwV}I,bo@IYk5o+y>a5 8s5O+wek}#o-m?JU :Qy$6OЗùY:cV]ZH}W7>β_Z#϶bֽbm#:0=k>ts` S ݝT9k_<59qKn$<΂%u5NMkMb.mOS[N/;0 zcX@ z`!Vy5ӿ P?Lg';Gi^FVcrswq +Dzm(k8y TupPHCF3^C)% TTOʴ;dZ׈w{#vc AwA_Œ]Gv\eԡhH =2+A3,SΞy&W6ޢ geYG >'z(:2%AB{$+^DT>KG }3 7WS)^Y%fDkfQek^Y\IDi@V/*:R z *t{S6&Α#{,#^P餟=p7KE g6Œ݊_,X:[6|m92< k}XJr` nhSˁ'J yuPFޛB݃ĎoB\8fה_}'We,~ dKdh<ؓ#=H |VWc&:;Ej9K8,2g1=lj돳 Xä̍A#EYJӑ=b6*> E)WxxK]nP oS^ho㚜yyrK4IOSG 3剗ɜ9, 7"zCFy q vGXd&;rЪIˣhGjx-m%֘Y'SY |uT&N)/2/-̾.gǖVO !eN#M.qvODXǯSkSMjYp.?w}O \@"W8]=cZ>>*:)uE'm'7xf&̅~(Kxx#C{bHIY17d햻1ybU ϻL~jRx`Pbϒ)o԰*rFDpMTu8YCjU''RMхpD}xW(+#mޝ..V KbQw{=3J< GKv <Ձo OIe ;lZ C/ǃJљ>4\[;Y֞%,tTh#7+hzq))0=?)teHlղdB e%?ՙ^( =;YbߔK-]yX-a W9*hVgno2\{2VûZ|lTS$cmO4pz.f*>@q[)X_:hhMWoVE'BpOt'_bۉ*V7+˼Id%mGajSٔG[|_d?'# ۥrgk-[Er @BY_W#ٙ^*"fOICm*Amwڵqxdz@*T!hb^[(7$ksXߥ$va`R|}T^3϶'X$s xh7SO\)"4yL)oqSQ0B,#O"B)Fԧ(#t;r^ ->(!w+F͚t_ ގ)>MNj1:9/QduJQ`kH/Rw V!q;(9"H;jRz<]@nov$Y%l\ri*9v)/w5bs\:~0O&1zi@ 9`XT]:I t$7j̒b.ѡ%Y#|(NNWh BG[W'PMW~׶< =-]s%e]nNH끂>߆[GV .l:m"|D Ͳz?+\3B68֛ea||C%+nS_ `@1]_{_H@F4@d8$qGl!E1)1Wx:oފEc qV(,`U8>K"'L/U@<Ƌ J`):0ekHW+79Yw8z&D߯vRRyqJg6 $9ecm &~kp֭O.NêR4z>j35I5cz2TM,.A_k;k ol?"0iYo\v . |{)5aQvOhW=kb!( ``7LT'-dusm)~M,GA%(|j^X3SELLI k!55>4yD6?n?*듉\c|]}Vreb$-EL v&"]L6-(xЖv٪LfEigQs_UTFIUL ʀAdMG4<>~#6ǘ;Dk6zOV>ؽ2dELrq  t}Z/w 9KG\{c8%ށ<-wq<}Y}=m*P3ǜ6]ꢴoz; GQw# U_KbcֵATfx Xfpd?V;U_ЮX<|ȹT1|(+oE#KєS41ӑ8 M,'QuVCpl,+MWR@`tw`"K+?tSvbxGΰ[L!efIzWRD21TUu.H|:1zRI#q@şc|l4] 5E5z%b4;{}:&5Hb[SWq^W.Yp(  t!+q'tiCu5Z&MPLA.-?.#cwK04_ AɒŨ7G9.zs+j⌴`i($AѬKJ"ѷk̭\A%'?rR( 3=+#83 H-.U?ÞP Gcy*`LMZ0U ݪM]opBMZΗYPOvzBu 70UY744ݞl]쒭0ǃx«l x})nFǭM$}(zV$R燣wqCy4pi [{X I|xrGƺ+bwQ~/C qvհؙnvD'4s0W9nAm;qSKm҈qxO8=#@+ ܱ)ۘB͘^19]sUX#5IJ 7UUȄR q"iFS> \Hwٵz?"0bYVZޮ}k 9kSIq%?A؝EP&9 m*N%+9JZ hC"Xu" 3|fKvmXo-=ՏxXCK@' o)vte@څy1& }E捣ǶQF- `"pLkw’i0/YUqFH>6,́XaC4-Lnĉ9QrIEs_S&S{=DQZ+_V?xO|gs8Hw,,ГCՉS\Ť4I|^@Y[ɑ< ?|OC\o^E.0P'/@A t0TPob~ɚj٫~a&G]~@RrсDy[֓5J,gdOzk(";);gq7x;z+)w] KZC⽎GMl(BbہPJ=ƌ:iap=o?I˘. 6%%|/1:1f"A'g}Ic!`ka&2AMwױ*krp&lVBg_uL7 ^҃k3A"4+]V C~ x`S +t>1 \C OtxAD\HcD%`>xY|Q@ d:,=C [xu[̲͎"JNy$ u6ߛ&mø's8N~,a>KU).`i~5PJp4X:-Z@DU/&ijhΟR~`vğ.9fnD,yģ&oi %p42It+bnamR F/Y)K%WsƇW+PY)`\bFgHn 4in({u-Ʃ{<1&qWy"ݷ eg#rz-Zh}{qS~0d38$[=6[1s71 Qzdy(,\:o7}_i0g }8$Zg!;"@)ppp!'eKE-Ћ?|qdg<̻jѴ PWEgP\ȟ| Utu$.k+?fx]e$^H6%hܴǖE,2c۶7nI LS> @D:WL!۝X$KI/HO/"*&*Iz(@׬@m}N#m2u*A^w'XEF KKN`oنIࣈV'.FZFE3#x(7I☄]6oeLma{ĎC_XZ;&%I稤> Nw99PټP. Fm5 hB: P~[hΆ Z;\h֋.e8TĦXJ~&K +2[GMpҏN-&ױCA޳xaޝp\} TJ c3B#Dk}G.JC0Ȳa똻l٬L /_|˝ybV(IX>h?")oo\q~sW[3Leo*_e6z8fZ6wjvG˴ Xonti| -/2״G|9lEuNyݼ_36f˾]$& RT~4}I9ϩ}Ȧ0;i K{`4PE]F.u(GΔ$cGQ| :+킣xl(qK Mc+覞\cN 2,~zDqZgVǸ>UlG,Ѹ3Z=h7v7R_$7)#5g1uhكSkB?Qd#NrTϴTw$E9fnp%XnaG\ѣu'K$MJ PqO22V; "t=d:P1hl9 IERϠoԭ(?0 $ySPaG}2$}ef(ud'8 N#n0gX<% JR=#]RaMK +xk P',f3 / %(2va"E=c6!q.Eܲ6$,N9 .x|h<9X`*h0AH'ASBhB )K o d^\B5h;ȸQ >ANHyTO?>J V7xܒh7gA&̢eK@b'!̖ʤ>E3F.K&9NV[ NV$ص(oH4 l#dxjna3H$`v:Tڄ2Q˓*<ۘ'e,{nZ!gL>ǣ'wb}-@9Yוzce˱zy϶4CapF=O$1FWڸk"4raywf=C"=Vt`Z~۬rv G5ؐ~.kTrVU1e%3aUA*8+cCS2S Ynp-^ȚɦlCn|e{y\—gx9 ~L1iFSxPگO 2٩G2T%Vw j ̃̀Ag\6 E^Nka6h4䳧)<HLe5 H:kX]Nn^ɥUd(\Y [k|C ϙ89.y-/ꆶMYJpvIvzy\ySQ֬_\2ؿ?eNt4iO"ǼRѦS 0lMǒ HЦs򝘞]}HyNj;R8{g|VˮG[|^3p<ZapJa֏9&[نh Q)4^AALg@mvVDJ/=Y×`;b geO:e횿]tZAJnF\cBYAьfa"3 U˥<9ً&w<{m,Ouwip1H.J}goPG`4!Mvrq8.2B*F]xXszwzBM FfWRv[Bjj ߇%yXE /s!maS ]㶯j0t59v. >&VLޤBMO”F[&TLuzIuzP N.3 m'uMk-i{h}`U#g FdXn8++3)[RͲz@a^9&L+X}SC'D &ԖPAc0oL']:z(g9Hx o}j$d0mAsGRTy(^6W#㰲c߰D,/ZM.r1 +ќYVK򤊺%PEY [kv*c-/zKR.w:ʛ=yN"zF ϤQg $̙+]裨A3=_2"ܘ${Y[nǿ`a^31}~-SL__~LM4Im[8JܣTqnp@, ݠRmݝqku bC kXn6/x/E=I?e&sW18E5w0{_$(DDmI*17(Y #$5M}oT=) YZ