sssd-dbus-2.9.4-2.el8 >  H   ;LPe U]3#vDQa_tGJtк7h8cCPDaPB՛/-C7`-?vhfpHBdDo 4ك{c@NTin<>HU-ZL;K-$bqSu7iwUBK2*wCT ?$2fWMv'6?!^^Q'Y?~pvH:o5#Tg(øl,BHsuvF CPIekjH87zl!Bv*Eqea3U4QB%uoK&lk``~6Xz[zu֌{d.r#EfXm(P1Yusy`%NJ= =Eh~? ҄iFgkȨtFi iL@lP&p~Ζ;`]15b Qd*Arq׶, -;t%b&web6fd9bdbf0575175fa1b74c07568e69df384a64281d3cae108295ee94a0196bf183b453668c7354cc1d3fe334dea292063314f10302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb50067306502300a280d83ccf3656ff841a2def06438b2025eff1a9bbbb46cb99c7ce83bb5a3fbc5efbbc7c4be5224a84c0587268dd22f0231009e49cc3acf84c982610c365412744b1fce776cc864d72b0cc43bf95016b09d8a0c8403946fef490d2a02ba90439f7ced0302047c435bb50066306402302b349c7b482935336a173b5946ba199c954a9a01e1df90b9e72c34b260028bee76fee8fb8b85d2fb99ae7a048ca39eda02307decc224fc6b2295d0965e4a18d01eb5dc50e2a0fbfb25158969a16df9e38b12108b9b83ee76d201db04243c901c41270302047c435bb50066306402300727e3176ac391335e5851588189ec92e202db4778d139caa5738d23777bbbee36e4d0069635610515918836999a80ec02301344198d6952c91f7e9332dd50bad48d51bae5b1c4e8af841e44636ac6a87b686d00e370bc85de75c40210b4d24b92320302047c435bb500673065023100c05cc213b2b379f280f691917b94fa1a2f47a0afb1883da147b3801dd739ffbc6e2d7cb977ca66d5765003ad8d4c18710230625ddf1e4d0eacd473314e9d28a5004dbdfdd87c145cf2e171864e8039ce001e16b644d9d189152582b973a29e9e346c0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb50067306502305bb0bcf4e2ca031b7d6de3c6a3df1f7b4a200570f412bb05decaa6f4991d4458e1b4e33636ab411af3697fcacc728b3e023100992a9cea98d6aadbc3eefaa0eda385b74eb65dbbf5e24197ad7d2ae9ecce312926d59d4785852b7fa1c1a921c67c63430302047c435bb500683066023100cb89b2913b5998a6a9f15bf8c40ffe4b668512f2e20ece9611d39271f91af18c25bc450dc2385a7a408373c1600ae146023100912fa001ed3a5f3a884d7511d1ccbf91de0ba69f185defae063506e542c57064eb22afbfcbd2e62586b48d81a20842dd0302047c435bb50068306602310093424e00e2c7aa7938447f6984bf9d2e2ec00b34bfda8374cf8342ff49344d7dcd236d65737daf65045c566a9f265a6c02310095272fae696c95257a23c9f8f263891306d1ce2d2d52bcf6e7f257307bd7f3eae476e13fc37eb7c25dba0a46ed5db5790302047c435bb500673065023100d89d220887bdd6371b82f9ce38d216c342ec8aa34195a1052e3a039e955c5c139d543f7bcd2425472b6100b1481eacd102300f75f933fc5a1d999fbc82edf5c3ce747795ff7ebb574ca69ea474d38695a9eab8e92fa384dd9b67fc2233e9849a3b660302047c435bb500673065023001e75ab57f70e5ff516736d24d6a918d6f67c498fe8fe55ea09710f7871bb75bfc95ef94f15aa8d4c92216268f51542d023100be8380f175da92f8a34a1c12532e529f16a9cec44742064f00dab9d95b6b01de6bfa0d172d29f04f6bb4952bca93ad2fk̉e U]^iy!GvH>Uz ]9`9A?Iϡj\=u7HFi{1!HdS$bf ˰S |N_sZg@ٻx2h珋o͡`'۝S&ʼT3)Vǡ(gs3xpj=9 Mb&D I B[O*Zd1SR! ȧGRâju1w형olsambb+L`Sr`Eix Q&|nlv߼!IEr:_s`P)b~㆒$,'^=Tޛhp[~xTMJ\r2oof1bh%UK_H$-|&Yb@="`p $BG f ۃnk`B?d   8  0MS[r ,  D  \       < x   55 5( _8 h98:g>~?@G H I X Y\, ]\ ^: bWdeflt u vwD xt y*LPVCsssd-dbus2.9.42.el8The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.eaarch64-01.stream.rdu2.redhat.comTCentOSCentOSGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxaarch64 if [ $1 -eq 1 ] ; then # Initial installation systemctl --no-reload preset sssd-ifp.service &>/dev/null || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable --now sssd-ifp.service &>/dev/null || : fi if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-ifp.service &>/dev/null || : fi%&K@  7A큤A큤eeeeeeee+eeee09f028cd5ad8b15e0d13531d362fd4f515952a830f6c821442cb3f901cf292a9b4f4cb05a837deda6b57208c02ae7ddfb18714ec6275da994de519513101879b614bda7917c82f59b9e4db0155423adbe3c2f1e3c4361c8fb7fd4d1dae5a9e364601b3592d313effe1a70c44167775b06693dc9b72e7bebc718b6c9e8b094b8f8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90333ce94134f3f65dae446e2e928383ce8a64fb5a34da089e5fb0f8f72f18e766efd886632ace72c7db9277f3c4ad951cc733d7adfb892f8358d68787512ea3c34f30e5002b9819e18ed997f36ee8dfdc310753499919ce3e452d29fc619a82a79e7a604042a82f51aa5bdb594cde63b486bec35185137642e17f2eca23a314ebc../../../../usr/libexec/sssd/sssd_ifprootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.4-2.el8.src.rpmsssd-dbussssd-dbus(aarch-64) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/bin/shld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcollection.so.4()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdbus-1.so.3(LIBDBUS_1_3)(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.17)(64bit)libifp_iface.so()(64bit)libini_config.so.5()(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_iface.so()(64bit)libsss_sbus.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.15.0)(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libunistring.so.2()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-commonsystemdsystemdsystemd3.0.4-14.6.0-14.0-15.2-12.9.4-2.el84.14.3e@e{@eReRd@dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.4-2Alexey Tikhonov - 2.9.4-1Alexey Tikhonov - 2.9.3-2Alexey Tikhonov - 2.9.3-1Alexey Tikhonov - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-25064 - AD users are unable to log in due to case sensitivity of user because the domain is found as an alias to the email address. [rhel-8] - Resolves: RHEL-25066 - gdm smartcard login fails with sssd-2.9.3 in case of multiple identities [rhel-8] - Resolves: RHEL-25065 - ssh pubkey stored in ldap/AD no longer works to authenticate via sssd [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-1680 - auto_private_groups does not create cache in IPA server SSSD cache - Resolves: RHEL-10092 - logfile rotation for sssd_kcm not working properly, sssd_kcm never receives a 'kill -HUP' - Resolves: RHEL-17495 - New sssd.conf seems not to be backwards compatible (wrt SmartCard auth of local users using 'files provider') - Resolves: RHEL-18431 - Excessive logging to sssd_nss and sssd_be in multi-domain AD forest - Resolves: RHEL-5033 - Incorrect IdM product name in man sssd.conf - Resolves: RHEL-15368 - SSSD GPO lacks group resolution on hosts [rhel-8] - Resolves: RHEL-10721 - very bad performance when requesting service tickets - Resolves: RHEL-19011 - Invalid handling groups from child domain - Resolves: RHEL-19949 - latest sssd breaks logging in via XDMCP for LDAP/Kerberos users [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-14070 - sssd-2.9.2-1.el8 breaks smart card authentication - Resolves: RHEL-3665 - Unexplainable error "Unable to find primary gid [2]: No such file or directory" when SSSD performs lookup for an AD user- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh rusvuk2.9.4-2.el82.9.4-2.el8 .build-id9c5aeeaac6c278edb5caf179b07af1edfa16acsssd-ifp.servicesssd_ifporg.freedesktop.sssd.infopipe.serviceorg.freedesktop.sssd.infopipe.confsssd-dbusCOPYINGsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gz/usr/lib//usr/lib/.build-id/0a//usr/lib/systemd/system//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/dbus-1/system.d//usr/share/licenses//usr/share/licenses/sssd-dbus//usr/share/man/man5//usr/share/man/ru/man5//usr/share/man/sv/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnudirectoryASCII textELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 3.7.0, BuildID[sha1]=0a9c5aeeaac6c278edb5caf179b07af1edfa16ac, strippedXML 1.0 document, ASCII texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix)*R'R#R RRRRR)R*RR%RRRR!RRRRR&RRRRR RRRRR R"RRR R R(R$R R+RRR/utf-884d9508e0faa1189874e8e4452ff0553ef15cca3c88f55dbb79ddda0aeabdccb?7zXZ !#,] b2u jӫ`(y/u`dAwyטj}ʻˈׂ&sd̾8%)'&Xqt㷵^g{|ҒCnj_Ғ9oJ6]׼L3>vCW}L} G— wv;N<r]d֢=͡Z6 ־8:<rӣEr>3(` 7;]zD$7O`Ƅ>os)6XD,JgU^ lS;hagC6mWKβua/JI# bgX2^b[c1' 3^{$}ٚvN ٜ3"F!5MG7A2LL%bV< @ NXI)uj\(C;8q;FХ? F=ײh_FY}2b1y-0P7n q^)13X0-Y%ow^۞BM<fNHoïbǐrdgTUv ̛p`V IPK{ L$ϓzzA0oM2{}P73__QLi; w(V(AK:i7f,3ӛ˴"iD.I(lזl !A*ڲ 'WG iPx}SJ[ A Xݠfpٵ@ײg? 6bX2ꭃkr+Eg<؁u$;Rߪ^5QSso;JH*/=}|(D5RQ^#_p'wpE-LЩ^vz:R^C0鹏µ (#ƣyDB"Ȝ~B 6jJvj0UZQhiO֝<1c #s`JE2aG7ICFz<ʡcz5q|Az*'9U߁Քe/wM]N^#n*2"=HbQg|/"7 x}y$VfiZ^c% LߑdpKjpq1Hć:s{TuMC"U)D 5C; iB~MmϔuEUeTb}(DB$۟hB.F(LGH" s,dPm(@tJ >މjs8?;HhX!sfY0g˻v1ᑌ]HO1*M"ӊ&#5JOvX9mԕaEϭA돤G.AƚH*t D*M,{Sn8; (jVv"Nh|6憑:wmafg>r_YF ty,r<ÂD%3.qp| b]pÆ V&x=s<փmzs&)\`~4K킔ȒB2l N vT)LC|9Y|S~lf3OπAInaGk7sX͟uAQfGn#w:5rgr7FcF~Vnb7-Ṅ5^YjFJY42CAeܘJ/6.?,*Fۮ 8Hɪ>>oF@!|im:aWpG<p'C2{N'g/i){^՞lxy.8ԲGüKrNwz@P\#yWķ4z<ԫ/%!p=gG,ĉѥŕh.4jQzYirV!p_&בp9JWOctB(AOe(,ۧ]j '2;v ʌ|WˢA6hNTc._BvbQ38 3$Ǟr/F/pvMsŔO#\1H=M8Ϯ+xVGzR=t !hǶY'cJqrrT$%C1%%ˊCsh ۡE~=FjRÀ.| l28#\R4/։Έnяv]YM5OM #Yc7?ֵ[}jŁ󯜋F̑bҰ-ʘ-p&"Ny6α*EtKR?{GIH 21\ƆƒN+C݀3P[AU#t. :*%z;Qlc*07=iKM|ǨW;ssBEHuA(Ȅd9j˙];FL u;oN( ͗ 5 93- lWcjj2h;j[L0O7]A0c-McܿX.7a"5h,u64C6ߓa.YӕKH WS19~ϖqb66Es0%nݞl7Dchkdͽw-х/A忀sxiX{c7d|o3NgCuٛUwTj|D WZO]5R^WΚ jSHv#ŠZCtR a2B =*JRJG ppcQ6#u|e󖼥̾SN󄛜n׶ ^(e('LcЊs :2=t{o#"u˺#/Bw}}0l3?<[UR*?:̍\UߊzNCwH?𚥘 tsl>y]lP,~~&rGQ?x.I8$Q2>îf[zsSKu5v>ZY ؚ&_(LqZqVS[9TG>lg/Dͩ0=&2'k`peD Bq dBܺc5rע i9R ~^e!w k *v cLBL0%eBgfjFD5ס -5$Adժi_s@1x@TrefնY5H~^h"G=.>QXȟ2vY! *45SlR+!.Q%DgK'*G>ˀt3Y?-YJɈ2-MoJ;6_H#tG7?H^(P5E&~r\hȿdA ٓ1ȳ'drZD˦<9~ >~wΩgM No*>,Rw+}mǑ#*% |*//mwvkqEe>تQSKHڪ#N٬Ʊ-|-kw~<~5hGG䙱pv?^⡷m)$e>¢$k&A:Py] ٔLjbjEo'e~UO2ŧNCg,zA@yA$p};jrK\RB_dž4BB$ȸ[,y;Woj|twohaA+ʣa(`Ij}P Tjlu@ ">GgF˸ݡD퐂 :o5, /7xV9r궇$PuP¼Xju }.BtUPe;6?K`Bb٧PoU&B%f40 fӖWlLpa]SJWq#] P\8 -jyRJJ㱎[g)yW WVj:vM>)~# d8wT-|1#gI`b,lgҦ Ȋk}=;M)nw"niҙ#ͨɮX8xI7Knot#0QZ{}Vm 9tvdj|w{Up(-Pm,=21ѩR"Gw2`o,r%ۥ:[9]{n FhK|BK,_VF〢٨"TeDj0-Dfy+\oTOQ;/$Z}B[tr2S((vkm ekA8[}NށTH݁'{ M-V>%ʓ,&d;N|S.m8%`fRgTcε{uLc~#}KDi/y1wV8@<^  IJ78,1_䍛QU1aK6UEAM /;aB t9?/#GcpdN&ɀfbqT5,NlLq&mn)άؚq rOM ;XFVR,?y}KN˻>x8MaM o8ko0HvYd"]c~͓]W?ћBѵ0n$HI &"!x!JFdswm~It/0)M.(Fknx%C8>H)* Njl}۝#+6bPN[tLNHoJ|IFeX!ybT(:LddgIh}ﶚu[ h*TkE#48O]Ǐ@-d6IDz>H?袍/vKW糺l(ۄKʚYY-|Z$ce?[qƹ 6[ ɖOu> otV;==)TY%$0FaxL{r9uLq??;՜Z hCud!_XhLpfb~yokNT`Y׷#g9+b?Id,iH HLa\c1Q}n'Jg@P=is#5&`{Tm <>Mg^l~E@~&8HЭMe.S&:tRW([U!]Mݻ=.Էxv!nuy6k+ާad?4P[$BtṨz3KG7(дhcK/lU z;bFp@Sx9 xF'κCguCj}TYL06Ǡ;wl?!gnenIpJv _;ȷRxXATiho>Ȑ fv0"# r9:hE3?t'9KwOaQSIsǦi^vaCQ?"< 2z L0bk%lm!u7w?#U-}4^b~ E~vPxq0O '^OAZDjYJB?TagKTȷ #SJT 5%ق-y[?BCclUK[IuDOI;>7GjڴvgƓ^C!˖Jlg-ٕhÐ[a:MӜ`/[*稏 kz-@a-U`W+A֎yEfK /k%6q>:e\W OXd^~vm |TXGpbsEkX]4>{8nY0'4|k%㸳\!vsD2 nzdAbnpMzmw69J^8" .'i!\$lT1GjBQz~[<*dq) t##YBU=MNI0UP[5OH*z=C 6>ϠX=Z wWNil"%l3r8sHJyt~ Kh_s%rF(ŦH)}*GFYn YGSG1n$8N/}kwy2~ӆKg#sG֨#5J42VQ H|q>.WfUqnz-DD{ay9z?]i%'Ts?Q`_>a5==Ip\+B!BT7hKF}˶I퇏E9ޭoy=Â<03 h,]3 Wa{&` $0jNw)k>*Mjjl!$0و} J U7Lswi2 aQe-'πU7O3αd[V!!~ߦUgWhڨi۔R"+U~%G{Σ|U)$nxmTCvvRAƒB:6V {z/2;Ƣ[|Ma^ǸH-h/7P~9hr:.@UCpاxy,!' vaGi1JzNt]j3bkzxw'?֩-[2_:=W``pF 76{a6fEDxT(ߜq+^CyKi'er@4]F.a..<> :#ְyTjDì#}̼seU0.=[\J=)ΟLty  |ew  gvv_G8 4;i?b#by5H&q[ԔZId[6xdf%: >]+JӀܔUi?c&Yj^vHbr nUB-e.c*m/ُmRJFR@-5 WdI [5N Aȍ{vΤXeCoV+_5q!f.JbHG.wWvÔwY`P785N%f?FoOQ6b.BmŬ,sT2ZRw]t墒qa%U͓TmlBO{0ֲƉ'¢3-2 't=Z((ͫ_e1DԶ ADbMiT;'m$D&1EF^Ġ>Z mx7c݅`Pj^}jY6' x:pu):0&2Vi~0zy5!MU9 aH!~9QX0z9bgbb\vwdeG]DYNBX%zI?WRd ܸG,uQ 6X|MOUw!& r'BN|7r;o9MugY訐5Jk[~+Ͷ;F(~`VShAKfuCM@6!sJ9di4u8[8L0b9s/nXE$M4nYs:PRԄn>,Ɠ5F*C4 w߽ {hV|1b%{޴#w\!qQL>Dޚ <KlZyמ5w|w=mٵ@Z\&!S~e)VXNBYa\mg+2dw"-Xqgy\o;ܵChyoϢ8Zk.OII] \.1]qa3em!5A^ "nsLFz [,e$C_ɻ4ڷbIH[!n. /qTpǙu1Hs^eS:!߻&}'p]Waw5N͘T'|qL;CU@zw1B$69"MrJ&rY[kMV,qqujYSCAOo[Up1Ҧ@a /)?3i4"`2uV')VZ0J;?ֲu~_(̣\(DX̹ ~wEm'"VЛ(ȷUUF#/@6}2'>lWcd[sñw2[ 5t >O؅dְ]LEfoʘ՝(G7)ړdk]kza lzt`_ޕ~߷n^IL8F)|t6gA.e|D:*&_zt>qڣ/k? /uD؀%vU(뺮oq#z?&z*"Ӳ(^/7hxiTyo7oTp~;T bwb.:奄Ir.+VQ X?3wф?u#>Yй6Y^61:&|lB*q]=AtnW~8?&|r63Z[+T^^|;V#'bJo£C&9LRN{_bv[f4yWG.L{tzv d'=(ܰL=%CTM֍˓솀q}rO2Řu QL^}V}*;r"XPOBuO?QͿ=J7Xe” TI_G}K}X(+@FR_S:W5709nؒ3S( .l#Z@Lj~^ȓt.D[ t:{ێ ,' +}3U [hbR1A&,+}3>1aΐ}$cRX;6xWGv 2nU.&]=odrj Mx/9:(o] b=oxʗ^WntF:zÔ#_ )xhu(ɴa<.?%VvA0T'm"&JOsfqimQh \fN঴Wv?3o?q)t:K7h~Nh;B@sxj0Enn4DF!4|M&9Xv$ bk$ANI0}jNvm)46-}ʠ`sRJT>5u "Hȴڕ+9jSYtBO X=Ex;%ݖgX}rߡ* aǤO^A`q91,e6'w5cAחY[r^ҏүir@6>O}GϴѵDyY![B=.T=jzScFo0{rnYOYM-Rr)Q9 NgTZa_LK=%z*J5I[9x}r֨EO*dKx `ް*GBR\w)l~!c,i2_ yC8~z5Vrr~Y]޾XV٬9ع75f T7 $]CvUZ_.wܾƨ*G!o!{b,LttϏm-c9owģa>/ַb)mkK'o |n| O`yM}$&à *I[a"p`!oUn 7ʍHx>T\+t:AzG3p&Q^%B>h8uQݭ'UF>]@?pvϯqyNbdp]X$'AT=ٳ.͏ 1K+l%AJsl_)2ֆtpW%)>3a7y#p yc'pZ~.wA6=gch{-xZ1VJcgxgH[ 0ᦿGtd]j/N(*9V)ڷU%(KSD0ĥǯNN.9%߾ G.vR[l=ElIP:?\ECmG$3Ir}saUj="&\nIٜ6OvDei4|3'ʒE˥c/#c>4q; E0vKaqsQh\oлs']Rl(`e Rƍ:1\"ų5j~p~\e/9tb{FAh*-'_qUe!+_ay Vؾ~{Ў-uJԾa8E\aG~ҧ2:5ÿYuYJwΈ'\ 1NՉLl>@p_EagfLáҩ̖KuF?p}A;Td>uFih{BcoAŗW n4"1ۿJw)%C{Gm@C;Zք @`hq-,,g>OͤoCTq=4>rNeyx{F@,tٶ Cg|͓)Ҩ,=lJKj3Ʃ ن}U`Tp,:/+ I ?Mf>/*@ f,W&H#NUΐful5}B7z/\e#MP_@ד"Bq'C9i|9,Zv3ߘeBXs_f@'f =RPQm%&4ђeXYt jrs˾ GGƩ"dV¶E{${9*a}w]PVՒ'#55V/xwKB 9c^3МVhFRVqv}jP9s/%snPj}X/B+nE+vM.v-bw΋0[-ߞaNG%Ҫ+ey2zc/GizmcL7e Wg gw JO 鿁$"b eMͺ:bkJ'CsD#mM̞U2?b z(u:Vo5_n8tϒ>E/3O P qd*1>p<v*8;a͹g[2}-@e"7WD^;7V7M HWˀ΁, ˳}tc?6rư O};"g3\c>Ώ^~EE@K,Sn:(ib8ܯDrb4 \Ȥj2+V^D}I7l2Wl[ 9q. jDST|¨CDfM d;)(bXzhݺy7#VWPˢG!<cAdx1}CDa=`w*hf-~ڔ$#{$I:GC'Iz|YN{,ܮP^^Y%j^ }]:kPO]|T;swAگRvb_2FzQ-id!=zH8鋬md($d<-nXC=njOC|qs5uL,mV< 4{ QQm]jv0teÏ=$a2,Փ0d*z<e?k`.ɪJ%vCvˠe x%8C"%*Z;lXǑ p0S_6(S "T:'"N$-:[n4 xmЧ׾ bUb/ :(gL}71>c,/%L*Ck Gݳ w릟S-LCY#0يf~e_7HEp⊆DMn;p@T`Ӵ o6VLcogpڎwM-|=HA,BW YX?:2fp}иʣ *H&ӘXsty)f2O{[@S`q"^.ʢӮ/}D۲I\Xy;$ꂏјN=]6vmiLdTZbSPsrjUߌOmy js ԅrE DCDUKBEvDAnjR%ܒ4vVwt0 ALy .I1vY%hC&-?sp)riW}x7:P&c*[lGB1TGxo6Z)ZS,C 82~`v58aX((x5xLJO\Hm9m7v_d!YAjŜ:yFO9AQ$=_[u.3nv&)2K@v'@fwM'Q Po qO=♠swMzV ΰfY]2镴:HjsIY.[5"訇9iȤرYJ{25ˏ$a%Wɒ؏}yJ i~nIM9hD<i}ޡGGS‘7m'Kޱ./pUށC[NvEGPfNR\m@T;;,Ĕ\F$ 5Y >")' U4R9-&[CK89d-("R?4\p 3ɧ߀!B%< P|8i˳㓁ƴcl Jie{Cqm%NZ4ZTlC)&I5Yy S5qH]eq)eJ, C[Km%oes/S *\yyY̆_V*9i3US]yn ~* T;uLj8N7|ba~P<M"! + [|v~.j&|JqV+|lEtbir+c4VL"P*&9v>.+) KYLz_h=΢0x9ET3hxUTXzB(zrQ> ~M(D˚d|)DD dA,=}_.8x(}}Qͣ35oV\dz:ڨ޴`-G `"ꭣ=OdR4 74y{2mc:~E[c!_j}eMdz @X9[\~J>'Hk?L/F;7|uz!K0-fỶo%is_1^tY8. f_Pـ-g.v]R9Ȧ*Ѧ#s"XJw ɭ$p2oEбLjoa1}hsz"}igEJ@J7; }8lNK5xvEAU~l]ߌDXYH[&̈A-|b(/^nކliTHW?0fo^uYUch9XU9MBs3Y4'HuQRɸbEY7x!aA2Dq<䥒gDiO+kB׹QRӑV|N lcֻR?)뤼Y`nؔZnwg#qlqh/7%jLٞ BÒ|H1\ Q+ >L$3ScI2ˇfX$ڪ,W"< CЀ9v8XYtBBg)0A:`Pwg {OU{;`uDhhWNt^?mG/qQ|(315A0ϏE#j=6k2_9z^)6"} ǴM 41򡏜N^:x\Q~b=i8:xؽe'2$y?Ha+qRc!lS6Cq3>Nt f@F뙾Sc*OX+ \ /é+@DsB3_܉z9Q8L*F'6yezMS7pPIsGٵ<po;>Bׄ03'%h9秂,O=~&<:b`prَNAꒌP$'eꏿyc߇%¢a[g{iHʽC y}v%7ikt';/XyȕL}Kq/}+TӾze4FP[X$iȍG(.;P՟ڝ(dpw[X5>gar;V$K"8fk+j(I'ؒVrj.w ޠU:uO$9ܷR(d6A[l=gHH'g6* ȦVO癘1glH w-@&'CbtUÅUF#a'O<Krp͍.3>؟s>N*|#5ZQ˓ (+,Q3I6ZF\nbƁNb+4kuhu qh 0#qnB^QϚ2Ⱦ҄rnYFG`=']j|qb3!X)n 횱k'Q[+6AN $ܽ( ,b$z6 8jj-bM Ufg H^υ& N1#yPTy"GAϳaU ; ]ӿ? U/(Ն0ܟWa}}\ (>OOI|s9I jYT k>bҚ>1`bXnU0F-'tm;'uGM*4xL[GBxDWz.p y (s׋P CO)~|J@Fb۞矤ד^ғÐ'^V##xîGׁ)=K\Os@;^HwT _fSJ@NUm%rmm°r- j˙hk4DžُYiq]`u#I*%QC)^툒#-m僖!|k:k/.$Ws߈V0lK1ҫ@-/{Id' ·a;hd urNxҌC<2ަ_i_3.LG33& lXyż*ov Vo&`MfJZ;9> 8ĽLj ߜc@ R\=Ͱș`&\EfY2ڨL L醳i])nQ}oVy MȄe aFLȺpE}J~I|^[I%Ep,AM@$S1JyYSg3.};֘]IGƮh-Ȓ~Jo?d^J6F]ALD|aI_Ä+ \V&2d 33GQ9D-'hlX A6ƪJ|MSnSp1)ec>=!y2~ v7%Y6 Wn{_tz/l6$VPBʞ{EΣz\96"z_5_!jxaJa Lmzڟ7"ϙ˄6$"5_\$w 16r?X]  λa*D= ^;β;( TWi8Rg4)#w0ca#Xys*AsPP/o}2!zGL} (5@3kl`!=nB_|忚-:`Y2 \mf"cY44f*^{{e3|׸WR"@PHB;8Q?EƃYI*u\>iGfut,qt.ّ5y)| &چ`oEr,'O2IyʳrtZ;uX;;Q?\|VʪUlSMƦ_dID"Z=9&ZWl1ݹ9꘡>':r\\rMf zPR/ סӎ lb;!cLfȿbl2/wH%eS7qYq׍MCD#B󑞤nu Biw^Uݹ#]X#)b'׭}9V<8PGL6JyʎhrڗtT!xVL- guoZbKOiO-&~r3tV̞.8oHXUhOm%$쿑+1c(0a;>@?(2:΢J Zf#Hv2zAy&ns6et7(ZY/+3&&OA뭄.:c,0:}%n~{ULA;@3+%=j.|5| SZl9\b2;c%38i($ߦL{1X-k ܽ00c[65ćTR=scMJb,>@wƫ{]%S $^v#>V5, 9Wi=;,BzT 1;<;)}حL:x;*VmU( M)#AV۞:ɏ"yYAJX_U>\&mly%Jy]4HUQv^^ 5iS}"!WY Y#MDͭB-RB-~ 0Яs,How , *FAk+/c,7>2Bheނ %<|S_nԚ9b@nuHP@T f.Xq3R6wa3p9;fX(4D!ZGQB](@6g:GWH(1FlG1M-C];*цݿ/i{ܳ{ %xe'TgauLc4(\Pds,ݛe5Tc"gv D2=e']l/t`%k9eQ|kD&qD݃ {>_* dfZ ))[x19SRi=˒5 p[8KWƉYA.I(Mf% 5^Y9{4ZlwLLa6?TF㻓tppWKj3S4g J#3@ _# ./ϰzǞ^Od12WЉ}ٱP3ӵz@ffVY"dL0;qs_) iH@;t4/NCLc9.nϨ}ِO\ Ϩ SwM!bmڣ.Wu05XI=VikeV1 J|-U+Wߊʍ=D^Ex'3ܲ|#7U~WagN '@ݚ VNC.> ɉ\pN[aU T| '?ϫo!/^B.T6 CnZ듫58JU0eKs4dk+[m}XNY8 K0pOU'kzw\ /K.tA^}K_5TҫZMS%YrC-5E-DhLowJna|it$rrCOyu^X䬎j%ΠN2 1GY|)!^2nv HS㖇u%j+=ե䘛q^CSDPztn#^}v012iϕX6INx,vܻ'҇W |SOK {O÷;\'b|gA`Ut|tDau1fV N$JC8GUra m6OG}P[v%jDC=ZERf]'EzL`p5RȥѴR(/ bm3ꋌgT[3YhMڒd Qo&[凶+ou9cs'U)ghpFj7<ensp5 Y*[~7ר/ݠ6UuuV,:n,<K~(UnֿAzG0ڦ 4 (yM}W6t:>/L0PΊ餳ii+F Y_8!۠$])]t=3 /ч`V=?iyl6̱QX^>^&纠^ Zq ֋ "hxbd*MzCH+7[2T(TvDWR׏*:GX|Dl /=Ȟ,N?viL(5ޓ7b݊oOm2ҫny G޷8')EzZ?߂ t\o_Q(݋ 0 $fO_zh<'*q7|ӈf rq|=eK#Z@aղZZ:k0xPsR="Ճ%֌!믓'ۻ"* )#힩wU-a,hep!g^1!GWޣ,+ o\ )VքMDd۟!bujARL:qq=T_)X84M䴓'\CA0Bx+&JNt*1_ai.V5@%q.>` wLݪ҈iȋ~k$%3Ҳl舽uS@ ډ u=x(->= Ȫ0,׺qZzP2ҩAHXQ8ZvPsۇDŽ0wN}j -.Y' Y#XsW+z+UӼ~|8WvUV58\*\ePI.+OEԗpcM u4G̒+dүW% JSZ색e^ 3ctQzy&>[E(̓ {sP Lp6ɂp*G`CΆ[qp q@蠅xjh.L"bڼޖ*D֔ީر{sY*]ɥțѽTO/st)E)CtTꁏuPz{GSyO.rF#D8*ɜSX <,yiM ){Rц v sm!B ֛ ӍQgkR;"gr;E.&WNN *e=R?atxٕSdLn%sm ;ftnqރhtƘwySL*Vr=W6 k-\b'sdV Z?YP#\ U~|UWWW}"h ;DqaZݓ1˛ЏA4@\2/1\Z:l7``j֑oBGDpxZyIUQvI?\,G[j6Kj_s)J݌$?/sDtWk vp201rFgr2UnÍ BY<kJ64<=m'ŲeV'ds9= K6=) ʥ!i\_r`"3A,Au:|#Tw﯈xek66_͈Xu|1Gb ʴەLJKS'iɵ:~$@3-z4&[h,bL sŔzLJԙ'B: @ Epks 1:{ rrb!]Z|̚ƕmd;*~03',^縉|o4aʤ<)Kv'-RT糖 /1O; K Aq+ʬmIKKey Q=#z9Muc,f(y}}]ĂI~1|V8$Lu[ؠ}F1ClH&3E)s%&|δ.Y*S>,Y.箑N`-n.SxC7d#kcoH Ig.P"W~<4,,kw\\X {! r}]gQmhBwL x_s[C53Ez5h~OC4xwL"N q*u%#} Q h&<6!LA>SJ<}h46US8Sy)7=@(Ib>E tO>fe_?,jFti,eq6 Y#OKeMq3iOm4a)%(9ITVH?!Mɞ#cPb|zm#|BE̛;d9kt4kfKsґg4g$@|WŕY|w ]4ڳ58X Ai@Jݣ}7Az]OVrPt t|Ńϊh|'t|xt(7)r%jDKcP%![U$U"E쌀3/-ј/e@Z8C?s+~^ABJ^kEVSUM͸LSdKGGRw:\|3`qqX\.UXp;~R Uy\YiX>'v^ 4s7{YL*g1F_-WJ$橚.x!/N+Z;kseuYVOgV! mpdވmÚ\q^b$gJ[$Zȣs<"{gA<ßߓ0`H85iRU G- lQp7]@`۲rL䳱lH1e Z߫mF$`$148q2x+>hg}̯-N@\Gʋ"?4nE4I!//yBܙgXl$7͜Ӧ0GgյM_<(F6Sy&U뼖49auڛ3ʌg9O4ϪJPO蓁4.DQM=ŊI;&5[9g\$i# /5z _"Ǝ.N3!^UbX?V0ۼg*u-[M<7=AAӫbU׳uhGKPE(=Ik2GХNR4&sC9zW0v[I˜[aK"ޠTM"G52C⹓ޔ"^@^ ^>;pG4lNR@Z<πzFڀlf&o!:_q ǧ 9Jr:}a5dl3":g"-]ێ{m;)US/9xXb$Y{':'[`gY Q^ >-C\xϯCzd`!f'Im’'CݡYA[n*+˚ˬpJ95TT"V|Dh+!,wxKQ駯M]}ۚ|VKi;zg-Ae^XGP^\2n.=h? zU08*VSWuHxح.ǸRaDM"!\Dͭj#8k:Vfg+~vx_@'ͻaEM9|9#nhX% UG'>OpDc#< W>t wBbv竬&$ܰ}DZR,rq6ag@Xk-gߡÃ-W(g{W5M1s7pItA -ن,Mrt#ǿ׍/1PcLD쐾E<2N٥8 '4$Kz&9 a:`̈+}( , \g zgE1 w O~}Hs|n%_ҋ/i,aGrz\HfcXNG}-}Vn0<&;[B \E/5~Y޸ _BugpBfa6*b|]Rtl8_ZeHHMwXK|Cʜmra?ٓX@e1E~)ϋ(:FbE)9+ʭq=<ɘk:$=~ ka~W*@E2儮,>Yܮ Vd5]+ʒ k/s~2 tZi[4_y)p?̢G-Z Z@wHq6)~¨z>pc>+r5(@H]/!==q+v=ه[n mYwIr+slP#`jMZcx.M` V\:dVX#n߹GӘPEYIB3~~i!2\F_zAwA)_Wmh Y=`Qr)p[b:<עSʂK*# O"F+R!SC@QJhE=Ϧp}ǴYˏ싖J5aӦט.;1p68o%' wY;j 3&iz#x:XD4Hn|b׈Օ04T`S1D?S6Ǻ{>1.T(,VW7Z\n2s'(F\BB/s#M- ` ~"-;0MHyRB٩y=LŚDQݭQkݺJR#:[:/(JqpMVu{Sg+>.N .}v-.dgoI1;H?=4BDE-zz=rsp^ïdl) MS#b;4`BKb t FϼY6p~~>S`Im`Dɉ]y<W6Zߙ)߃p .Nm ys;C3Vχ_cΟWS>Z$%aFuuXpLj=S%#@@(_eF}j>b0: lH=5-{ޕaOS9P7eU3ջR9s{ 4/j!es y܌" !9׉Er}V\MϵOAFnǪt}^O|7jQ?h*"0⛧S +]KtH}(av۲ >sC?/,_;y{yPȄ 5ph[8L$qa: xR楏=jξqKH89Mϼݨeb/\zq9$LLeӞf'U<%̤ΧS6'kMͽ J@-^qlWXlX(I oft/*U-,tiouڃw>z-ĉqlVjќR+qU9q bafR,Ƹ7NP/f"u"]fjE0F$H͢{S(P364ci%")Pj΃CS*tnZ%^ceϰ{/ f{#wo4˛ƃ8p{xtF8 H^ fvt5Wn,yBl^?]\%E|ok;T>h;JXҨBE74i1U1YaC8k[Q RZ]qb4/uE-1fLj@,MXnn!*eWڮ+~$x2@T 6 CeYp`)^;z1>/ˮZv> 8 ͆]0tTg2mx6 E"^}o);O'‚ޗ2*qM? lDωEzgeWf.[3G΂)}n5jI]e!4oS>㿁ݙN S\r* P Y)IwÆ$b$5r#^fBܧT  5k'Q_|G\rU.֑]'D%ڧ%/ <ö3Wlؘ؁sw0$B%hO`ޘ7VN .̲'ce(WHT,d52閻ǙG])^ėӆ]l4:\F"J[JEz;I*Ry 6 Z`yyyβA ZT,Ip_7Q#&jYn!\*ѓZ (NTi1dA#:D=}wr5aK0XgfpS)#PH)4l~z%b-^n~dQ1$yd@5`"m#H:vQd12ሄvJfU`y!nVf3Lޙ1:JNղyB5ΎjVPiBDģu`\@->c ayO.V0%Bn=%2@64?ISU=/)HFc^1o HFIo/n w\yZa0#K8ZWK7n;h/_Ȏ% .%c Xmlj[胅m2j-j)x\) ߸ ?:]ޡoZ+ 艻Sd>* P"oo ,È{ֽۅ鼯TbԈhـkZ ܹ$lnorND Z :&ſ$Kg$Y1-lL +^*)v͊&Ⱦ\jHWks`6_E]NӝՉ5tԠGL^"0n]a] &đTvnt7^g;-:=B~#(jd@C w j\`XvjHF #mLHY ]ra[V`CT^fn#N[5'i&بIБaۚEA|NڭyyYzg6Rgw7xo}@5հ`$U0J_}4\Vnih eg VW$H&`%%[$X]5` .:}XAx<x!o?> ^aQyQrC>Fngf +2hkuk:2]J'vNO[Lb[ 11xD[rl;;ow(o0歪PrFmc3b |x`D3yʣ!|y ǂ( Bܨ0hhmIg4 :ΆTgE)"gSwf5Y.Eh#/~C95Z·XaB-ue]G Н) ˤYtK;hD]Iaɦк8s=Q5X Ynq+z\̡ Wr;P/Ap+nq'<krvk&cNDyW٠[k0)>j(9h1ҟ[5 - E^tӫLAeuG* 2Z{?,;;ŻqRe@J$H9kŹom(Y`ĘQ B,o9wC>kW6\6/Y'A֔C}``'^~73e*nxE?aBE74N4\ERYF$ou:Y3ឃEB{3^@*sh1P^laj:'4[Ni\};UGu+to QݓrNfD3ʇ `::@hA5d ;:tKO0s=5#}{ ʝf4:g stX141YYQiv֮.@t " %8nG1xz@ZlP.$]pb G?j)-% Bd8zt(3>>;OJyaeˍ:?ѽr*̼86PW(4 ϲd(`π{?tHrecnf^8Uɒi=.EBr J+@rA$Reo=#@Y|( 3P:ihv%&Oi鍮\<B>DISW/C'z.Lk7ҭ"x /piyzw|4 w8ad~OaF/RHOJ*OJC_9.ZFx~Jz ӧ!(>0CϦlHk$cխr,Agkm&QJprB4BÅŃ=ӣ@\|,Iw@Np\2H(~!g Y6)0'Y({i,&B7Z"RuŊKmi [üHH8Z\cdXΛrQ"hTY2vGLX"s#UJ,ϗTGDD *<J%A Z|*DPÆeԅeW\2 a+D$,iOb/(|_u*r8n? GǢߕ@VPU-Ȗ4܉Q䃌[+e+I|p`"OͽQZ ӄ'Ae 22.G4CG >K=vQ!0]cAZWmJ*U$ >Ƭq|۱%zqI`r)Eexߔe mD;r1_~ӓyecYw x2b+\Xg3ATF/q1S(niV(6'zxrLT̆! u#[(h->ljd :|%Y1,>75Hܧ~azRJ+(g!7~XFse۠8ѰcI,܇U(/Ь]{BBA=Waa%MtkSJQe-4 ˤɒ6!8iy:] |?O va;#6HW8`$Pv1rIz5e}NU%i :.T[6)fj^/Wl/ξZ "$l{߮TqzbS-R4e7'F^Dlk%Է\m%ƒ KӕEOuPw2PZfeW^ SjbJ%Eu@\ q5p\GX[\Ƴ+ ơ:EB*d v*3:ʝគ-O7JKqRԢH D010VRS͟΅FB7gA%颚DjhoR4o-ȒlSs%P|bﻙ;=u̷yI׹=s.L@PUcTu!b5;{@jhn&ݺ]!(2YhDdӕy#|+rC։ĊCۿ/  <$QJdW=7.Rom!e%o'> f$SJK<<϶;e6]}e+ߍ 9Dfj1B'4ꮚ&70 ǒAIcf%y5;9EwS<G%z a3~ -j>۲rziybih#yrU%j|λ1M_!K:thQB}݋>=bOJєQ4PX@jUľĞxK{{ˆ'p3eήZaJ\S/1',1- j"$o$(ǹ0]*0Vb,y ]tx듹nARcXFy`8Y{c> 8lgs_r߶i83/PqQ줱܇~A{_8ZRgkV_ ʶ b~ +r{) 6/15m]T3DU (D8P@naLNo܊ -[?KQJ:iNfanm; pƦՑ R`h>LM6ʉ4tطBhTS-1pIvx1w":ꈍLʻâ ~%NCwJ2@!S#G)V'A=`A+J4/=$F2{%V=(oHk.u2֑Do ti_CמqA^Hm"7l9^=_DU[e"PKq-%̛(y i#zUbьgtZ;p\vǀQmLgb$>RLLwlTJq0^ϯߔk1#UqLA{yww A`;~/囼hImhP@!\[|qP?يI1萢K-("87.m${eUi^ 'Mr; :\G໰qi8@83]J^G9_CBG :6&TC~h롙F>LS_Ƕ~@Oww#Rv["X\j!TZy!%`+Qr˄y=\S(=5-e‚"C6 r}?Zȉ% j* O*;@MmYͺN( &+X&>ݘApyyD@ÖI4# fzYܴ+<| t.$BqV00qP z{[do0PWGηt˩h tERle:Ǖy:4?VA4Jn0O CT=Jm_j6awŔ"XG1Usz PT*dU᧣Pط Ɋ>|haSVs >zkܡ|8$J|)'$1c1 M@hүwD~kjPcm5yv>['ĪdJw\*Kܼ\~.J󮡀c `tK!W5d1n5v=d RtEfOزQ8Wa c9beXMwa_~c2}qdrG;Rvj] L6һS:97E2[M[XzߺlKcmMXS㰫 l8*saʆM{Tt -U >F]B=.f'<ǓvEUDp|,8EErGq:H6+wSm\d휊R8ES(Xp1^:n)A:Q])RdVM7?ʯƮ$tCgl:IUV|k\UB(\5y k|oq@~Uͮ>!,u n}3ITwn0vϵw.ڗd~S”i0<1 qOtm'H1՟Dt*tVO(R##(ݟ#t}rC\# Ɯ=1}n$3(YtdW{`YtHrF|T 0e`HKvxc<3b%0Jd>ʭɾ5<6lyg`lViW&V3]ʽ͐tv}_n_rCR;)eއjqZ<x6&;&MIΫo46 INܿbl>Y*i 7_/.ҐԚك6l5ڌ&S H#}e5̓j2 /%VyJDWED0 5D*#욍{zB*2n%ƇSg5H9Ҕ]GMSAԈ|C&y-T4M.}GlZ/ċ9B68'()or%qs)4ʑ$3>j{]bv8ӒmUD2Y"x=[@aUTRXY-P-OI$|Jb:14ʌOc>K9LErN!ÄHƔóvlDyccxRpejClt9Yxj.~F:u Ai7o/H[v!>)( 4ZOr㷇E4[:1YYMd@weVǔ͡7cA̭auGooUĿeP Kd&4w&,6Hl0*a,Y 3[^r72YZ)6sM*T*c@I:rqgRMQ\h͈y2sPmCgҘ(D \8}HFM{V30~ svMer7gS<Òn](/\#dQr_rn*F1 ^9?֡bGۃDOum`BWuz{xg+'^0 ŏBf:+ $k)O[]&2 ]&NX>/ws5Fz/~w F.BQ`͆(8g=< þor:J6Wap%["8_7}|&62. )]jV"lI3pzRiu >oH/0.Eپ LѯKӡ|Θ3J{N\c:T^vY;ރ $`j}4K CnCWYh+rEzq5ĒWd6eZn'SXXks|  _-lƈ=IS)ؠUF>%SeaXazW>KAY+FK9[ynׁ y ơDyaTm-*K,p`V7&[8xhoQAdPr9GfXEOQr@NY$2RVэ.-;/ -gW~z m#)pl/ꀗvFN/۔TEɶkqJes~먢n$g q(כs0? ʘ"J%ꄿcE*qn,M'"6+wfX^]mg`"-KH լZ3D7OFL3j:I /+t/mgkj#_FǤB$tzMbjrF]Fx?ف|Z~ى $GН鰕`0R 4TiL+ oM6}JkՀڡ$of^" (pF)#t_Q0з;)˺޵pTmޥqCk>Iٯ=:<N+TD!wJ8Sn]go6uARYY|>sUrMD1ŭH/yFh[LoQS#铤!ĉ fUx:;9Ycv{U@@1D/./X5D X,m[O}D-\iw`0cQaqW*F-|I>!77-g(k9w]:Kn~J|A$zGP5ʧmJt[H6rmRe.\`ϯkbVHs2& 3%b:'Z[ .rqM@ه27e-Mk7_@t}gG {J|`!43=R/}[ifqVvRo}CY(ptUһhӜ.=*i>dhhvzEҸؼj=! R(77u,˾K`$,V)h= IHT]f.sg,`Iwsyc鑙?Lx^)$qIݐmh+jc: F(rbbz"y{sBB7<'4'Zפ.6$)^$),Qzbj9rm~'Xx4ʴw}2]B젔fв3,,z@*/.%[H[<9tfN@K.8а5ΣCVKk ڪߏ<>.́`ƌ_NT䅜56\C:n3 a' uY!dqhG=5W_a>fwbEdbeE܍TRGiwϫ?1[ b ADO?| dC`@w90K 9FmFKVUpA8FT/OMj)߄ZaVa${ $GO<` iX@n n0VZ5iw9ЯL%rNޫ|g"e5F$2qw }v 1-ׇV'dJ' B# ȭܺ7'R'NLr8Mt7h\NtH¤H(s[rUiiL|\nZ xC }eB:oCYUQ++& ~$OE#МhjVhԣJf H/MNH eAC:vh#mq ²seu1ڢ6bKګ1}ɀ/&OO\Zm6(iM+Fz~E@ֻ"ilkpcNJnzzYD#*YJN1񁮏Z#txpS%H nM } $}m/:MB}>f۝_U~BV;@iGvfoq_>gЧ‘ͲLqSۮ4gJ_ 4+N^ b(£03m y c=s)L 8/"N24xrXx].pl)y#oȉtD(+!x*0/ۡ|/,VA*}2(m'KjIR’JݨU 8_'F@e GjKx{ u']"Z{O/=.'~gS6ų 2E((0 $84A:Aq`cPc r7tO<.=BM;lrFx@~Gk^NF c;:#z}9%Ρ u6iB?*5TŘ-WE GM[KzLZډrEL%KT"bD{Ǘn@4;50r_xM‘}GЬ_`Q'v}R~ídxHN;|kp Wn7ayڸpwɽ@|L =ό{\T_+pq&J@]%p/R :El?㏱r§)jWrt*LIh`ox8sixzl[xI ZC"%CC"Ag V^&r^=PZjQљ./!ypCNsKH!A*pu`vƖ2j7Hn80ba|gSF$fgH@07%V GTn=/Tzi1nDͱ/LZ0¥ΌNIAdnK(hLֽUR}&UMu5)li؇!A{=Ѹ,*xumtUGAIBe ^`,[MW!|&uQ}w*#*3%8rv4ߗM+mA*5[. h2q{58S@b.5L8%(O@.߁3DFcsͭi4!HHq ץk$;=X $;B@ ͖:scJ3y|Fɯ=xkr'% fryj7n2zCMÙh``qMsWG/g\> y┏jJ2x ?ltqfg-#Qj>ausSt!x}+X|V[ T6lŠ3h]'DؽJnšvWFNٸcUI'$f 3 lslPShi}#)R˚'1_!I1 F[=֌d F/Lzv.GƑGxR<T6U#4~KwT%tXdCC;!yXρh)>$؆f?-8@A`"]+1u8K#tӕ2QMɓ~o ΂1ำl !,TU3S4e~Ve87pEI { Pa@o[?㟛G''7`qgi _u)!'c`_?md`J1YpHQQclrGg/%?ZGeVEG*NUxJ/N@5Dʤ%\ȣS;UH2^j^jޏ=,#T * ɶ_n"m=\ pGid~wQAwx+Pb`A d8Ƚ#"r(?dOjoK> g%0;JQ&g쾼lgsX4zeI^pPdkکֻ.-tdLƔhbپMs@S_vɡށ9 ~tZU2/wŭƗǁ*QDHexx P>6vJNq-_o&=@+._{mT?2㨬JC41*j3!34 eVf&awt4gzFi0I|OękDEp4s>m&S:Ir[|o=༷J]r3K|?ם8y˾2DӖɦ'u}lߎRn.Sϓ5jQVnYS]3^X~J'6!zcѢ󗸟(۳uC)#FxPM|Ra'`];'_mbk]yX?*Ϻ>Ƃ. YG\#Kx۵ټĭA6''OV _NQ> wb'?<˟/W69=k2Fj2qPZhS3|9s"2(eeICˆ[?_|2Xe \ ^g7or<0+LyUmԜK:G{JGd؉ e)ܐ)uA bޥ 7}=#e:2a%893MFfah; 0b{gι`T 6 Ӓ k.^Cf(-:2Bށ9'Bõ(<;[>p= )ތ@9C};v1 0Yhz[붜X2åvS xP)o/zTD?} S-uO{ -: F>&H"o21SJݢ3":plu`cHr3 4=Ĝ,P?|kװufDZ瞄U|L47aD} K]'ra>U#YI6-ސJi/OzjdqaWnJ@#D:w@ǥjyxMQBʵЯZqY=S9M͉IG~ ֓NK'z;X%x!4# H>E^JlFlsZHV|?!kKf ऎ5!+6E<,rF$Յ/ pIIxUؔk:sHy=ο \:Ю Y54QW_SݔQZ*"xPx5)x|HGORWqtT\.+vR1=$J_+ޙ~L>L@ pC)|w#,Ȳީ/ޭFKK` @R`N mH "X6Ӹb~L4,vh&qIcF|Kx/w;BSej,>Phᐨ}D~1U~{Cםg˞'ņm{P<ً#KF'>(}b6qpz52El&MvOD`'oen"@@k(̼"4eiGCj Gq{[8)l29l F!y$e޴t^F~xgAjP?񛹵͑^P--BfO]b0 H"_W=9 FPKQ5z V3"تI^&l:֔0:z > w;NpHYR .3lMFt–\ӞNV<$igMw*4y }F#EQϚpjN^%% P1K则 F!|n7;)dD#6gA )NX+3هpT;3T`lR)ibOƭY {~E0-rftCѦȸa,bUA[qA;F? ºׇ*e`8[A .vr|'~䏚lչa^q3~OV7 0"3tJ4$~ŸƷ'9<7èO#E!$W.&FūDp<=F,=! VL:ⷶM sshNe0p=/c5B!4hB_ &hһOv{Qe*5MdDR37-^ H7k;ڐ}."#|;7Ea 0HFt R B[d @ ԂYbTp#C`WR"W$s(tJ`jz[F/UZR[AUow XǰqM5G#`j(Qdsqy]{:P Cz'heVJ}NRroB\0Gh BnΙ;T9O(Vـ-[b$W 8%jyTNguX Q}΃- Vm'fnc> ّaŴ0>^( A'3y "V[.GS224}*(:BTS> hM&qo6p-pooigxkf|k~K$ud@AŮP ^P_hADK-ƪXƾ3,k%AgᔊSĬu$‚v'39&ʂ_դckB5;ώn;Ϯn jiC]DR|yKx|<- {yY>w` \Rq`E_"}\1Ě냿:R.ZgU _˔{6_f5ӅK#hNFb'Q1O 폮MWC}UsL*{IV=({÷)‚Z v7V&NOa\1qŪ 1xDɊ#{lb'thJύ7fxL ^w-%,(I. ;e*‹`NzG:K|V:]?xiyxb/ JK1KOfH}ʼn^+("vgA&V,C^A9^/5&&؞Oc*`;+|2.o$@ΡEr]Ͽ-؞[VIegЂrMW|:4SB4b/?OpET@~^IpAM90@ގtVbږ`rI>$ctAD^=JGuX|c̺R(qeؑbËsNyaQ5[ً89Ȝ>sI\̚qx$sf \ TDٚVϧ)" wh[ͷNz]eM}UM%2k k'uQ`Z۬$2sD_c"TrtjljYRPn AA8i21}G1g &m4Z*yk J)KFu<# gd]j~6oP>Mey.~FμibeT5J:%3f_4҄&q0㤄| }Bm[ʶ*C$:G~ σWa.}A19NP3ht7(c`%3}+X;D`^e$/ 􆕪 kNb JߔUp_ؔVTeRh4930j ݠ2&CP$F OՋL ׼+V_ 2μ3涁!6Vf d[|S{oa,y'8=R?[(Vw0'oLj5&Ht%5U1avFLR䗅Lz`WHcN@"wCp?uhBw2&r  u3WwJ䓫EN+)~od=/3T*بtnJMz+lz v(/AV(6-y-`W[ NZ݆5ЊChܡ-7Ts4DH+*wiq%VZ*q 6ŕX`&^](>o,{FmG`/3d vO_]ٻ󔌺P 7vi(“ԡL8%FFPV%{v'J>ZG2BHϋXLz-Â'B;eZ:qo&nƌu$YTD!Cfqd<jiO^-͊ a־h\7̢?F u7^f2{՝g1Ƀ94v_d=+W[):tN -AS9_wѸu4]iX#c1vBJjh$m>{ Sz4 ʹw}X@[jpQA _ߊf '37|iLc;[Ioky-)6<~Hsmu}d>`p]+֪ Dk`/МRsqtopqLOx*oSIU۴HcP'ǓƳxy壽#aKd/7%R.v'L <Pۜc#F}O3n2o=̟n@6:Z)oky`DS;❤Y}gDKܹQhICy#HA/:MXg|Գq a4R\B nIKt> oh궽>bJx +Y|iF3v=^N:=- t|߶z? 3+JQ2w)ehI#3%ذ⢵bUĽJ Z(6 ,әx8Nʘ*:kQƉW5 Žjͫx^]$֝lHyR15M7,GYʪfB'p")[ {? od.͏?x K֣gCۨoFx_'9>ݩ1:tfr5[)uϏӨUH% H&*5$V0w2Q[".Ч;FԏH\+l52%II◞UĴ PeCV?@qz.©I%ce~w aÄhybK8LK<.`$ &iNEm pb#&53 inR M{2RdSj&0~?j|7$GF+: R\9UOnI[OiճwmGӴl@:3ȃ3bCBQ.)vĀ0b떻u6h#uRZvsAyaEx5x=њ90`G*8|UsK]Hꠚ@$=eWhBݾC"<9LZ꿾0PSN0dw2a zxMБfΆp 4#iVd B'e\(y}#H{iUDƴiNƤy4`.\͓}w*< i'dٕɐhع,)QS;!;7,Y_˶,MPW9Kq`\kzXFTt!'+p$`\&s/I֛W"[1W( @ `yL .aI,m[UT<=n:K)IZE ղ cCTQN$|oeom~Nt]Q#(zo-kׁjxΆ=IuRHb>Iݵv*Z`|N֩SyU/RbWhw #³Ldș#[$ ϗQ*'\( @(o?]4)(܏cM[pZk>2Ȍs {+2ujTZPr nBSQ lQlӵ% \ob&:*I2PRƜkѲGp&cRGRWfLi ARN#)>dl݈XTz嗕"|!}}TƦ!&/H^7k  :]AʠVʫwp%PÒ+[b띄^Ҩ̉TR^C-m]#[6]al-_T8ۢOt !5 O'rF 1¸US4XVb) :7)H)prW=<ţ369[~;@rCjp:UZrMIr TPM㫎uT6``15ueψWOQrgY2l )׶U+<;0\MН2 AZFB/D'NG#x_!XlT}JhW"nLNTGXqvύ J/Wys:Ijz^Q7bb 6A>cd;.I]PsW*|ufPT Xsnv?h:?e&a8k9"oASYA]Zqڈz!rI$gp5$kk<0}v+g#`z_B*M[Y5ٕNBjtV?M~J-@De.5Ƙo?ʁ,.lRr FtN)36Z:7ӍՃu¨EX$7$$ JXʒw-jt/.fc*1F+~~nxϢyQ ȎE:bwi? <`B @:ZĕOdVڙE/D, " \(ڐu!6kUf@!5uCG߂ Ft چXŮaPdgx3W^5͂ʟwNݚ5*N]Pwq=z7`{ONfW6~[]n񥾸CP|`eȗK7}o+pu]dRj+cزv_6WapZ8N{ً9RiKFGڀ Ѥio8P V26x&i3T]/=њnkTA% ZfxWLo/8LJiKFvH?q` %nMMLMi7 m[uDLἵm276o[+oCdUbʈ ߡ"!Eu`ffx+)%^ $)`wU%Va_ͽ Yzq}^6ʋ9r@a_84q akuUwBԀcn< `I 8g:%CV(NDrvj* t-ˊ3h20dctj= V-v]yW-ވ4uvwDG9Ak*k0 |X[}aᖗj=!B:EVQ ߳w.X3 0~r~d)t3E څ5IQ9AJZX-,6{R!"k)=4{$K2&Kfr[ɼ*00 i;2h~C`"4c][?jOAha/2ر{5b,9u_*O-luQ&$(Q"0ev|ZVlEre_zQs x.?$BkGV(}?>4 sDO򃬮|$3 >=yۻs/l bgHy]wfќ*vU[Gc쌒Yye .YMq)AxEFcj]i=*]2qsktG~o0T~g` (7~ʘT.vQCz AϜYê0Wh0au(@loq`{; uvXUV;ߪJ_KY~^iJ $ur=z 6` K^_}Е||N|?S1sr9^~tHK9A`Nv^/(94:sA ۏ;i~F˖.qf|ӿ2Ān0[zm|Y_-{Z/.xT*uG N+$C ?MŜzѮe ,j$oc%~(B%Z%K_Guq^  w.Ncv 3:@EX_2;4%Ldk8699w,Gl">Z,1vYe[h EFcӴBqhŌ`x+ ?/6/~b e} BXiQ7N8,|g4ql̩ S釒/b0 $kOR7:puI_[g~AhQx*_aAp#Ԙ_/=| @z$wE|'(y(4ޮThY쟟e1,iJU}Y^\!Ip !u-u Qpy;5NέM΢32dk&i4ďD `CHښ{js]@wN O^9R/D`0r o K,t0B/FZ4:OHBoϒ16ɵ]QFO' ƕyLmi 0gR/~`)N'ʈy Z_ RL'[*2"bnG!^*.@6v)T! HWPJϱ'Z*+l F["Q5:'e011mse cp&*:;h@N{zw)WMFB]) fegN뤢X.~2U1pKЂ6174IG cgW1gb8rK[횧l!fiHH:q..RQa˱7tכv1ɣwpNw_YjD/Fed{ԿID n}c_GC:A[ݶ4EMIr/Oȣ^IwƥR簶bֺf/tal5Cq{;̥xK+TV X @Y.S{pCXdp@3g4+!]|h+ T>#.{cW؍5(oMyD9j >$'ѡ֌ $㖜$0 'EҳL .*48w!;UL1BP(iAgtR[|I'%2i4Z&Ͽ𱩂wʃ]vXYD3?YF\ b:rhU_d .'"bӅ#U˺ERuh^r=^&; x`B@QdIq:Y+wg2 !9_[z麹.2R;<"^=?c;[s K{npxI׬hKQl߬Zn*+PS~S0*5kWaᱣ$K`zE @/kPƅd/ *{#뫲Dԇ>%DQQٷEkӬdNCցPG; ?zbn}>pa&K[նK筅X81 %ls96 S ]VXQpY2"ȭNJg7<}sNڳ<2_sg06pXT~O3L D٠%FX*ͶV9՚71p|_.UmC|۶oe!ex\{/xH'WU+a}k)P6J&yWuQ-Wl29 !F1mf*f*xe!kiRK G*MkDbT X'0vQ&bCQqjfzSDf0 #9zЩp:88l5]3VKVI0Ki1dȻ<—2Y8uNTԤ{KWfCf  UE@iʺ;~8rE3yږoV1΃ @LQ!+g"+'AIe.c!&6 {H4ᥥk}GR-aƄ+eE7We^ڵr/qctxyz'T^_͈=;hZE[ܼ,@bz .0^_Nr_Z2 BԛB|/'1q֐e |?Si9Vc7lN^{ %u*ٓoDD+DJ ]豹WRM_(bnl=" &N34_p<u#m@xl|ZŎ&68rcvҜ(f_UHˁT!z1J]*{J?;~/K[Yeܩ }GqPyiTp]&KԎ"Mg O=qsN¾)nXJsVOworm )=@B]r lbrF'^TTIw? ]{,f b-!NQ߂ *ɯ~lsY;,%Х.!{BS VWj YDÑ 20%!Yz\zҍIr'J@hfWX)IJ ; 'v ?n/5&"IzLߐ*v>h_/գ:N 6#`E4uc|qT<#߼J$ueƳ %ׅAv"K.ĮMԟʒI$<R}, I[ֿhN`:WG f"IM'Ebr}ar}5 I2@#A{}UUTG \ zd')$U1#u*_:y5ʣN$v(X7׈"&)PoZo@[,$ 7p."}%8lz<&1[.b,"ƈ,4:L9O+W՛b\ ~n}wýR־-1>BQ%!~9ŀ嬺c޺ޥE0R錅UzM:[<6{0 .یsŦL#= ̹KL^4\WPK%K;e4Ib?ӽ>)o:YN.D[г"B^<ݶ,i*2KiEp X+յJCMnȬ-rQ! }g t(9Ivifשp.mbV Ti-;|K +ܟ 9b˴i]46i. 1GRWyiJl8QQr,&CӉ,@elJ.byGbw6eo9f|8+Vy8^ccK h8€I71m=Cl0IT9*#aOJBzuٕ[@4IfiR^Dz܍J<|]E_YhnSmhp?7%X}U( e)Ֆ'KcyZ@ձWSgN،]K' &z:d'7@?"&VfґӶRK&;Vm*ݬ$B' Sy#=a)ٝqgP2ųR*X4}1Z<7f>)ۅ/xt6C*$ qMuk?#Im-ɐVF[rwS}3i[^ՎT4hV}@8o{@ϖܿ̋e'(I/Q.5Cn6¤^J)w!֊A^O=ˮUqh7c$^Y `i"PyjϦU(HVC8gC+7n`h0b{']aNf~% y"a՗De@ٸ4شQID ϜF$ 3f P#흜u8dҶ J!ny9fU8LLH/qv#͓j'WnuO+`=rI1o55qt}lj۠ lʝ4vꒅ|}8}T(AW LF^yFKN#U 8S!M4תmJw2HףؔHp7DF,TLyO**i TDa[:BlaR.hiȮ74@7e{ZQm*qL? GOy mS4>)fg[Kul^cCdZxK V48,?_E/ #Qa%9yFY*1u0gnwsQWVqQD&) x,)A줒3ř0 5ۮ71ceT2Y jGf^|1)HWK{lI?+gh$ Dt :fمa$ltPlT-Ǩr\jKByŘ'gQ++XC겣i>?DJH8ͫ#AYNTn$v}Vm93vI2(!,g wb09%x=YHh $UM\l} # #,qGYRfB]$)(rI`iVwCPMXA|9P ~"\@k(#2i 1YPf6i`hVo 3CwvU/*.`:csBщ4\#҃2,d[!_Ei#lxMNQҕL!譆Iq'>#<[Ϟ*PaquɅzKQf(׸ng$Ql,NT1DdvqzCfy Q'{sS&I:oѱ+ ogqǣ^=d V k;S+")b$}\ [u1U7?m'9ຶ.Pjꮐu*oaָeftmUSSfV8^р1_ VI%pyF&cQIg)Sg÷IۅI!Š k@{%ae40ASI}Y3@WC(uel~x ɡE~ t?鸱z1` TO= f<Hk<׎{a@Npiw -zXX,@=Ov aWpvr-/-m&u;%mYb(YFRd۱I;p 7N۰cl$ۆR0"A>~ЯT؛(5_s0pE6]0I78<>2.98RBN|wt{:4QAs[n_*:Õi)WAKuq|4< .n r e!U는EJ,-f9"Ov f@-\.v'jxʭ6}ČYOos|Jl Pu16Mkm^vЙee1!4r!aJr3s Y+YTpCzm+c-au\DٿGף Ng $],r`T*7L8T~,;,Gy FpŖbYk3ie&I\ pm4\Mm6>3lDLqk0լspLި"q+\sw|T1s;VZc`EISr(Kj38`e.K-XEUj)nxo=ȔOԇOT"ۂ#Iٞ'`hY0&U݋-g9mM33+y[#{K֨F6C9f@jcڤ2BwBU!]KVǰSs1{2Q'" }Ҵ3+Vǒ Ϟ_N OVE,Zt_qfHH()r?~9VbDU-tbţk$䁣{w~0(iIFRFQG67v xMn¤? Or)MktpP+/ ;45l2&^:uOM{R<|!Bg2|>! Sog2MɊRDM7A즎 9lUs\ @›% Ju`cn On^|A7+/,zk}@H^\i/~|]>y'f"͎2!UU&ʦd5vJLRj‘%Qר1%f`:xAt$qV..gA.Cb;7Tvu$[ ODH^K/Y/-8_B!ыϧ#E/sci-L;RZDt6 "ɕ3 |2㋞!捇v"0+݇3X X8iQ^k.`nOd?&oks/#l )b XTJ'A],;G&/1j\8 }tvMlFޏ| >Rc!Rxp!"`Cě.nk\ybE28=P7@zzdauE:Xٵ{\f',K5ƀ]m]ޭzmwsCLRV=el،x:Ь.dfzgna^fsgWl<=S/R; @Ȥ+ !<auat%`Ń:ް%ou3a.l,y.Dc D:1nJ%v{:b{F|:'ۨ02JQrf=ʠlRz’}J9eWʸbÚUܘWnC 6sPŢƋ>VV${%ftB*ŜL̶.<1VOjݷH&&Eqy4A @TE½~en,ѕ\hk"Eؓn.X˴~E%nJ/QxKWL18u;h`gnt5o R7pE#t j1fqٕ|cӯKkB8sAoR8¿0f $iJg;pc )֒Rby"M5lo=NOAV zb=ɘV$;2w*1G2?q`)άfh#xn9["YAd!F,R),c#l$Pǁya?G^y2s ?x0'!x 2ƈ=W mO ! CKCs%1j)#ti1M|LJ H_ X#jު֥ TŽԏ6>Ի%N$$=oY"3|>s㉖cnhaVUSFB \" DX!&:(TF3fd*E: =9gn*=.BiCE)E@!*w$WQnRd0s$Иr> "/K),iyC 辔0KpNJ)H!fgFBXK;clD>kH.cה4:h>ps6[KAEÏU3FBry떔OݺՍ~V}U uhŵ9@Z'D^REB0uor͑mD!VDER7eG& 9U;OiF[FUddҵz^Bo@*rFuU5'"l<o:%,-G:R(Ҽ*D.>|fD@a]TPUNjUr+FAyVC[A1MHvX}̷(f#{P< W4Aվ,hy}D{j_uQmY$fVÂq}.Z[U+d?6cS.yY( [TPŝEA<Fp߾Q!_eg%0nre2<?mhTe Mg\7jC 0͗t{68/n߿ɫ_?=僣>1 <,e9%h7MHjg_w7 + J{aÛ?:6GYW o _*HԠսԒɾ۟+іU`Oh6H#3pCsTLW=N/ՅRakdBr/1zW>^u`RDZ2\"99A'vĄ[%n @b¢hLsd5J' f7ڷ>}<Iȕ O|{ϾDLU3ڋmaB XQ[GOPT%bm;ϟp!"QDho༤ARWƇг}E݉#ɱ, 'B2^\IB#mBwwDyO5Ae6{#BTM(4/Vݚ{5¢2WfbkڦPit-\PxN]7;XxwJruZYثoWl~b"s] o-'7O)"o+"2Qo9g9tDXY+z7|->qޚ?Na5͙BKuIY"9i;Ů-%A3*DڕŽOio bPO- { gch]3e(񎁁&[!Ǒ܄(~b}=cQyٳtGS \3`ӟq(e3:0_|ѢȭFz$n,Jtlx=0}U~ SJT9dLeKDMFh &N^8 E :_ur g, Ō3EϷC3clO<JS֞G.uXtey'B!eJ ^C(󏠢p  qs hB΁M+D t$3}Շ'q@ 9)`J ,Y6m$V9u|DlD\_¤)dQz1mBDVּM)j78M(eQ|5 `')o>2oVv{\)~s[C 3cH4{^ʑyWEu"-jn3xwHq, ~]b-BO|h8<!ПU*%ߺ! KQ`{8s,3=wi%uoe sc&]QmKq$Ҭ&έ{>fJtW׍@lɘhBp mbjC`]-0`|NSNZg\zd; !uf nyX}hN]! ܵ9Ty` ۝E],`*XҰx8u<̰|՗cgv5xs*ImSt.n~4}P5z<9˂>o jDͥrO,άr+s|X9d7Xi,?^E!!`kmwr͖}%̡GdL(iGVY ˞ӚWBE% 5T[1 S/%4,lm (s>}3T]Z>*=۩IwJVYT˓aP0?L4+a!uء܅.t"޹=Ӏ]O!Ҕ`%%=>gj)X=Qo[v1L7 &Ȁ5T+jRwQ2zzr(:;ٗC&P)R* ݇ݕ`U\!&h@:㚓@k6sb|Rt鷔 ?6"kΎ5Z4Jݡ>@_I?nV+p毿,f@Ӟ tLG(8N=פTPJy˾(CJw"+܈+!C;)w^=7]Zz_bQN$Mߗxs}sg-v:Үt_ "' rv̾W +=~dUkTI7ApmzX70R9 J JE9/s0vC;0"vqa բh2tPX]190< 2GKrxHl\dfg8}ކd?뱣_Wp%<|eBɴ([E"XkYZiΙY&K>ҙ0:s[`6iΪYG{lwlӎ3͜WiS)si4luée4>+=XSCc`8j\VhrCK(,(H½&3z}ʔ^T4EY90i4<+R̚R|,`\4`MOf8&m.R;rwG遰 M-#9\FHV r ٨3A6 kÖ9M˞\F=4C3Il`x)F,!(,D'28LW` s>{P 'f)UV{B4hڮ|<`\!"{S?j{wGb᩟< M :p֖ˊѤ֔x~E0bm4m34Ci=G~^6^r5?A?tç %HusvVrWVb&g]̏kbe ;PQb#@_I~ņfn%VWI45P@7udFGTsD7# ؇2%.QPOY]KU^ iXx4/RtI=}a5uڨcxX uC炏Q͓yøXY:+kɣgG[58x-kl?A=KBs{r IwxFZp0 d}I-ZH7BX+;oHr>f;p 쬠gO7}MAbtfxDvZ7iÀ+2i4٩>}ljR z(+wp21w;:{@𸣇GO&vk.?@{u$q-aل}4,r!`ۢgW}8-lT"`G>`ܬ ѓcpתړx{> SFͱ:z=}^W:p; 0Ĝx(F NE`oe,ng x}ŕ'~=>\< _t c3ǃIԩ;ƹ*I댶TW*Л`lC,OD87@8յRyyٴI0)!^"B{NoV wr|? C|*uZ{?Ť9ǥrv~" $ƲtzBč&ֳq3Ta∋RpG7CE#\ET=rC8\$hLJCGhRteS^f>(S`C hdУ{|籐G{,d] ؟!h oZ{%X/t5>duar3@XsrƮX`j^L׭S RWl- >MeG6)#}PC+ DZD"hLarDewW4]+ (?zጎ2ny[g@?,_x3P=r#('z|NQxqG>bK"G"pp12'rd 㪰/-xX$qN]!vZ)"ϱBBLzJfUYbtܢc+çɋ Ae ]d`ҳTRNeEl9=:6%uschxpժU}9Ku?pw?k%;o!+_jpzF[L֮ ]! ^u@x[ sҨyPƢeX`S3K1vՍ[+Z|vG;@?ųCsH;'鋇'O8 eyjBr=)corztg}#ox#!+YoJjn<tPN}gl@`uo)UҝOұ_;P9uIʁӌ8C!4+oY ú;93,18\lңкH-'1B|mDe΢-c!=v 6*<=f `%&G3RGS@4MXii)CSs8'j5 |ê{NobBs9QҬ9}x`[ѵ$XLrl⫵UY l_Wņn);7p?g z o|pEVaQ?a .c@>}F|CT[Pі!-?ۯ/pe ݀E3n.sm]SML$3. h G; r`NNTd$COF~U\@.DɮJưvdс\#>Aѿ\ԓX:X Y kny@wSkؾ,nݞ,DZ4+vN,ƕz&쉏5NN.!2`<<2CoyoO7nH2aDE |Mi_N,PmFg˼zn)R*'QIc=Yn]] MAEm=j-YSIu;bNƉO d]V΄Sհӷ%X?:v֎2ȃZNƓܣVOG3ɐyOB+\ʼ.D/(A߻c;%Eh@;4-1,2!mVQy)ZR)X·XԞR.Gf?BqRwJ6gz4y= 51 d_m:Vg2k~֍me9cS+TYsG$] # 2``QkŤD Ww0u4sEM9fEeruXKqsTc~8Uֽ:dvz2Cz̶<"^3!|ۆ80n!Ww5ɋTYKJ X8f|,U5) ˙4.lh/i ) %95 -b;.nzSdi>fiGu'!iw@$?MWU/)'/kYދ0ryIKyZ@CᄊdzXy䂤@PG*y e8 zE--zJ+ˠG]O -W^AiXʑp_]5~TV6%w:%/IЩ;dixr !a27a&N(BmVx6v;Uu>v5 dcI-ca\pw~ ʹx n䣿z]J8qyǑ5&[ f& kٝPz*g>L4VW6E 3r1jVܼXLn gG]kuڕ-#Odg0Zxp+e Sf:e] Yc X*-?+<Zz,n盋L0vxE1wj O/BulN J5_(lD>OlOµĆ109r`Q;>;x!I#*iuih:y~?+Av$ u-YLIg{B@$G \8 ]œ&T!ϡ.(ͺyhYl&܇6KW1!l= LS n \Xl-ֵZl78ί]4.LHj"^LR'<^>=GI%7Ir{ن*D 5D$H ^BvoG!@]bOP(:]RVP[irR7^DpfE~dw\Ȏ"zi9wlu5 9ԅ,PE-rsGTbegbʻ1qCX XQ2RlISz?dY]CZ|/R|vG<%'+٤^CQ0fj5gLJstiߑ`Kj@sN!ʮ3邏C6`pT|ķf1kD'K4RٲÓW#k1V`֗P(J mT\"#v'ƥJP8cE|q"*Gop7Lڑ־'"nQ!`$?}PPx 4r9v0:nu(CtqGنJg%yM?Ѷ+UEMsq! yjCvhw%B?t*/\ /ѨamSDT(l`1LG_UD'sPȾ ҺOv[/{1ȏ9K!ڸX'>zHewJ[5DQ$e>hKA5j3|X;H G&oI$ݵ vXYUo/劕 oy {m#3)&n,f\ wM,msfw u+0匥5nS'`ߐp`m]"SܤT~MHǸݹ3rbHD>Ftd33ܝ^R.#4js.$p'06)N'x$Ǜu͆[x?pp? R,L^>$& GM{'dw=Z8VH%Cb]wφGKl ϩ.79uV>Kb,]ݜVJI rCFen3Hqz:t?z& lP,UgxfgRC3Xx<\I2IZck=l.d\l0ăO1N G'Kf)TҌsdĔOx#SPDu;vR~ ^oǠ[3jaQ-=p5q,]-̨Ko$}2(#D ^*lUn+<4TYDL<KN< ^K}7SQl|a_S"3ƕ?/+؃ j$z]0SG r: Epz`(/ҾZtӝ9MhW՘~$s~U@B3nԘ6Xh\Q~kp$:MW>g[CRekNjڛ2tŨp>XT8#C8(K7)v8WI߈G(y|pq^|3h5z.={)⇠ $AYhVoŗ#Qπq-S䇧U:LW~> }nM#g@xX<޶j,}'Y rQnxMVYSu gD1^ks^qU ^:t ۦ// CC L6j(mLjײ!ZH8J ?|S-@˒|$ !,MN ;Vsb5I$S A-o$: Ah,UD(d^wyI4?S-}aq?Yhh To'18:ERyo܍Xx'G89=K 2T3",Q)wjFRaH=99v-JeV̦J'hZ :" 4rUKo֌^y+@n\pZŪD`Y1<%᳘O >:3tO L=ȇ`6UHc.LLY8EQ«3Ֆk_ŌahEdZԀѨsN;H2թzjCPxvYӟqN3˲[@DS`Qo ArlHr  ۉg* :[NG2uMC q~PS \D61*V]fWaAr; rk ػjCeYA G1|f|6շEh#ڡ`l`96L'ÒqW{Yd,,2gR(3Nyuqd\ d.xEîCEDގ"'s`-vBs| \g-82:LǓLq pu'3_F\e@c/'wLwGiU,-kNֶ {hʄg+"0$2{b<5o)|_8%;.X$8}`=PB gt5cPAչ.ڒyH<~ 3=) jgO򣅦 Ls|{C_4{޾<4\ATo<'_ۀq4  H.&iOzùa~,;qp Mhtی?aµNtmw[|2Tc|_W70ȩ>?P`@5-ER4q;Ov(݁73\|)B>@Ylt>A@ (jeRDw:x%o{-Guz$g@bqU9=9_/_;jWknlqn\ vԾKR%S]^/pp5#ֻa nsMHRH=>SW' S'veYugoDѢ|@.4pZK ԊY E87ngFX#J*TqƜ1z F?wWM 6pVs S3֕g kB/4Tqos]`xNk*7M |f} ;=iS: ?̈́D⩢&ėJ~]N 52E2/gw M@(^-/Bzj)3OoE8 @Giޒ56aZy# K7Y=f? x=;жDh62}p _0{1n9 02ߞMЄQ9I5+)m00Z4=亄,yIA•蝉R |:1-JObJw,ͽ-BOT q^vs"ߌ̈́L9>ּ)ACCl# Grsa&nm$SOo/4w]K=pS@ɑU3Q7)%$x=!mƶ\7{݅M{j-_L( nv}.-ObBKnVJad9P*C3F7ґvb *Eb(x6/@K'eAsӐ *cm< y3SVqUSӿpeˏ腤v -0[Qj /Y)F/*Dz5ܽg38$s\S;b[nAzTjNqQtT}}W3xej0S6, bHM9앢j\](XȻOՓSbws韚}hߞ!AP jP8J,<!}{Ae^@o{k.ArxoQW$y@z"e>\6;QB*Sv:ZLa Ԛͻ_Tu7>Q DIrf H6'˙>^V36x6I`%^"kQyB<OenYX cgx]:%P6f>m*'-qE~+VlÝ;ME Esގ,5ڒ~sh; su;јRyn%Yf1c j!b, HUϹL%MnA=KcA~ͫ>zsVzBugI%l[# }uu#4K8P#p}u1qSEo:Qg-ص,bkKHq_]DktqP'qg3Ƣ=W66oLT<ZGAe N0jXs8f-2 byVΣ\9^G>юGu543v蒮m` [.ic6U N*WN9Morc>?!:|NtD{P~=dlA`8Icj}_v)qEyA+8\h8ÜE5>`AyQ+PuHso\^V _ioq.UW+20:8!'-eL 6YCaq7A*N NO5]0 &[!=n&K!P3ctЃNq1bؿ_ఘ:KWH6T@N $-E >y}Ut;G5-]:Kn|\{1 PEDDh4m(EL~Kzb(ޞCݝe[8tU"MBڨbIIRB4K5߀3&p?δY7tɳ8, \WYJޔŊzZ][kS7 [ PӐo#eֱxn} 5 "' (&V/S{fi@1ƆB1>U훒5NѾ4nj*_]BwsSdl%!3r!D$,$?7sʎ0 ϜtT~ΔzZ bq%Ti7, H%Vo xWFP` ;p0KUjlO4+#ͮӵ71SFk&It Ԫ8`1V@IQA.H/>@h0.a8O}BmP<O!%OD:^Y5wuܠàon M5^i2ߙKh,UӰN3%6j%wkkT%i;2;sO۔̈ yZvY`f,:'6643By&iIz5|$&tOI`c(G'#H7%>{6"5T(a1z |aǜ`Z~#(s'-, 6Šdft?-a?:U N X%5>lZ^k)4Vu,G㫎헠JrI ^M4W76}^wkĻ1Ȍ(L+1wFdU%6Gauf4VGi]E1ɍˊ6z%.hݵqiz+zy̋x|D@]z`42ټ'D -yW\'5!*n7}> a>$STG**2E`(1O{?98 .J^PPaƏ6h:йTP:J\W4ʱz )IwԤ2 NSRE?~ vj< _1ʰEHIМ* YuJ{&u7;17@IBYZZʉ[L t92!7rP=mbL^Gs|AFe^k|=0Le]7dWB- sT$]+xJ>\) ,55^Nv=ķ߈5|k~ҵ<AM)AU1;g?Pb{aD[Mvr@݋nM(zD )jFx3!0GO J8;z<+"B۲]:7ul%2.3!xnn5Co%;yaR $7* աoTmU `[ط YA+Rq/p,C־s㥶&rϢ1ɚT< 1+{HxESɋj7VnO)k\F̦XV-q"i* B2^4i+ ˔"WݭKc)- Jzի3^qDA9iUíȓ[aƮP4\?>H,.\Jï4~ͅ\!JI{M:|ƶ0;ʡӐ= \ukiR&/t˰ehCs NUI /fi 3C%cߟM"ս%,m\cOCyW omY̟ђ3Nך4x LC]þ%L%DFz [mJ$[@*4^䂧նz @kOj  ~>6c?35-ݙ.܁mΚn̫6s¨Tofje=xz\a$]ZD\k|dPqaof $+mf3ڣMgFC+bUJ[pHeqdqw(U5+;25?:9[ڗo[ їCz^YM4P:gV+J~5 |BcN1=1>9W-w._ ~o>(WurŸ-_V%g{'Mst-}B&t;FDP[+4YܟS-@J*0~ F"n@pめBvCXZ`|"04Q)AmWmUv Z!.U/rs~Չ{A[X91"1!AƜh髊nOjut#JhZk^ulךּ&Em T䚂vC|Kf<R^7]sszQe5Kv7{2(iO;pH~-_vfm/ow˟]k\٦pf᯿es耐W\(+&U&Uw?m/R T@z{ RYꥲK%8OBx4w?6R=$weU`^zwiC,b/ ∖g;q Nh(+ˊ9!Q} 궀jb< A&R.P.ya#^XQӴ4ߗ9+9 s.NӃ(n˓J-`⇘OJC0w /j~i"C1GU^0T6SrvEe8O?ı9Y-! c/{xs^*wDjFLքO.C M@)u^V=\iLܘ&g˻=+WG/j|"afĐc0` ]͏ `NM**(vv헥cDA"{@ڦ=p7'rt?68Ieg)>ŀjC%yĨ|RHZDI&.[dq*Qms'/£MN.5Ca_DMNsOPS;~eZ 6*V9*0"cW~rwQ5&tӫDq<UFL ,誃D̡(fԬFA,ZkL0| A]NťہﴢuWg;z'l` D-(&fN\'t꩎ nҾq8P;xM@ U躋Fw6[ \oӰj?IKMN !'F,oa&:G Fxn:zk-}H95;d" fY7*d:aԆ9a3sSh8G[\FRT^)(CGdpfga6R/uyK>qPf]:߫kP"oq{gEik( <2?RчPo]q@a-J` CN܄\&%n8e}K. >\^F tgofaloa&SYNi9N)&[- Fj-0poS a2JMA \h},o2J=^/4R_~ZI>KR`7S7}O4EbmZtB4z,vSi0ce,PyZ ' ݐ5njkU~~تOLj}VD[jp}$ѓh@o-hXqW%]$/T9GaŸ<+\9ke^#",GL DNdisNIAoxlPmZc!nhxWwBhƊ=Yof i/Vowò1+ZIChHYv (. c/8;07( VV*Ewdt (t7x$X.0ؽE'9gI D!yETǽSלRFC8@ɏYedž'e[,"RJ`W3`gG%lM>"˔A L`?5e[B8V*6yTFs|pn[T%QcRl)$ >R&'H9Sϒ oXɦf$R.7gvzKA,f;j`vҼwbvd+DaiD+Cð7M7[錵[/ mvD..jвfΊ Orn;nzw9,rqj; (*3Yט0%C|EgY ?ٝHU%L#R2LxS_)XdhEXs,?b4?F=`_iWݼK X$hp\hWeAA YSŠ h#\eML-I|wĵ[H[%nb C;p3w+CPg G}ʬM ˹HW xͫ@wә 4P ܩՊ;Q=h1YvX&m&k~<%'H$ь]I^UDLZ= ˌs%قQ%uddؙ U:.v^ !a^203lM|^R >gv2T3nQmJ(}GX_ڍqOIt AR;'.>XsɚS=mޡd{ęO~['T+|[!:dKv<Bxn5 [sHICf.e\jFr,} 4o]L[O !d3"b$ςqi3t %YO~ܐ&&\f:2iFJKU5:ǭWx̶| nfe$UCH >3瀝\VNg3uix|mɤD/6:2 _&"CSa)̨NPa 3k 5SD59n{}t o "/at)t=IHj wvA:7@6ѣ f "dfqH?·sѶV^`d9+YM!y)ܔB 7Q*u<Īñ߱9,Ͻ\G ˵& &9=⡉$T WZon=5.D $ ݴf!Z7i4~VOeD\8 N;)PqI&kFZ*2"eਚ7*4w,6wxC |k8T4W;2ޭےd|"[aΘtn 2f%Ү%}4 n>Vv{+y//bz"Cj&&e 3-?\$W/n݅Jk!f'5o^xH{cX+QI 5s3o8fP+eK.m7L\pX_W慎{l'c"uY! %rE.-=δYn p+M3 7*[AvhM0YBX,޺U.3J~Y6ű+9h(QUqJ -6`0y3W<Te ytmn,ۛ"?8P'p=3X6IU5Trf _N2!etoOf9%G焊= ~OPtչ6cߋ{UHWS ϸigSy.L&!\i uNOjKN@FS)soaGQ]2%b%FmϵjQӆ\ܜ0Vx5yQ6P֡4a6jS6o/lv9@r33:I d7GG{Ts|905ȗe+>|l3% fA0t &S?ڮjXYTUjul05JڽǪj;T=9֎o/Rl"ޑ)ASXYa)w![sBM+0OOi-T^R%Hp ~Űlmq@ зG+C{NVzB.K7eSqM*F{mQYKH82eJF 14Zi/pMeK)%%]['j~9./MwG&+m:֧i^kXlr|ju"7̌> |6ȊElr9:[0Kjjewh5zj@hOv3ݢ_)mϳ1h/%n{և EG'Bl:^lV`|X>z5"/E5j_gȷu]ruP0wMƅX/YA[-8jq$ D~#UF ʭ:5cEVc?3w,Q? X.ך`@nn3AQ C.&N)j-`G!(SnwtDqp oz-iK;0{[4FB.lۃՑ6璟O#큓(J5O{LWK.6&@F*NO>ĻfY2]Mh'_ɁWZmC.W2B/X7G/wo-A"Ǻ  K~f/pETth{+"FNo)BhBxRiit"D^'2W,C4[hxR%s 3Vv~{6jC }I.;TS=Nb$"koSp;I7WH&Ple*Jv(*2iU?m-,"ݻP}\*<$=nFTFIr#R@&#ƌgwLhUMڈn9ìP ZwHڨ7n !|wNٚgϨ O2~[W)j?4뷈d$Y;[SЁYk]d`76.tOU}͇H>ވ!'~@k_V6n3O:!vj C>=Cy8-P)$ap PLׅ@˪& o&zkv~"dks=,=51p#XHVk*7<yku8l*#/H[mH6}?y֌Ka%bNFU|z_ _YF;%Res# &/0El.Ow$tFxJ0E{{# (J]r8ju%NoX HVY7T:H_ZuT9JF9Cv# .7QL@^p٘C:M A v/?GMgp8  }S<ߡ/{ qZ.Z@g_˸Ģ[xLϾ^8zCdF%WWQ])%Kz<pF^* "yz3 ]}}}p~9;ۉhx@0lV0ke'%:.]ٞw=^6\rB-PȑǮ5p$ZO˝%Hj Μxfl(/Fs&Ebe݋K^_:ۃf:K( QwUxp`Á\￿hrX95/zNAk`-?z)C݀5>ޘBըK.c6(`iƫc].?zja95]q<4S*:tʢXW 7GIrce/ߞv$2U1R4T ~țS %gKvmW0쨺,SH[H4]~1x3/mOĕJAgX3\)6]9 g\ZdB54bmd,Ri=xA02A ͘d_c[Փ8 ? 鹆NQ!67q30k ;;#}= j~τm(-ݤEl\+4&5MlZo\m }XQqyyTN5RUm}ŏ:m$,߉ e 'c_]*U^)0*N+Dw\7q:0ΞK(},~{]W=]J7m떑^&`E[R* Mr()릨CSßc QYŷ;DΫlZZNJ>TKTqB^,ƥD 'Iz.{2=\{s.J_ow튀-Fx$mGLH!2_jcP'Dop'2ۏw{!BD8T Ts+◜w50ER^oӘzf܋N.Zc9_$i7z ?^`|(#ÿzсM"2y'+ahDsGЪ\W. )4﮻-Bo/g&7dî,p;\{@3ʢ> B>luzAFA/{ ʌz{U  Ίڟfn5XI5Jۋ#T%g̀C)2AR2"(H[/\m ˡCp䪎 `枪=vַY/uF &z#vJUmϚsCLӔ|xI?l->?L@ FM% Yj.vXKZ!L,^ a̓=*ī Xh>{zDǃ9ҥ%Smv#{+wĄk?}bm-}x!ʝE=WNHF(<`{D(:L^N s\zϘ)Xphf4 gfvǺ웩2͔L޴qFa%hK)xQ爭q1n5vgfc@x*B&u5T^`c£^ZNUt-gN#p@P=; G)q+>HA0Eq G?r4[A6ufjԡyk VI3Z#8~ޫ ֦(НǞ2ȪFpv_$t'@j0ʬpu/$ ;5oRѸ4+u#p^4RkNNoOWwXw+bt6#Z{ Th`PȔ{h; :ދ. b@m7eh#?T_]ƐBѾS0ܾ֚}-'D`Vs7 Q­C ǀNc^x1RV5 P췁 zxlE5 C-&9 qvc[F*̛T ?AqE!${'~fٮn zHEhp@mqS>A8Rݖ* Ia2:rYpW]to}n 6R> ިp3z +aȌJhYpe1 d_By 4/@sט SR{Sv=Cg_br2cIz(mb)"xefy-!\xP@ &Ȩo^ҐD±{r(fMPqqVP'.YXdĈv.;* Yt$R?+\FHm6!t26PcqnBg,ʘүd niI{?~P(d\Q 4y [C8OރI'#TNqdfꞠ}@IRU/Y.KA->br{ RyN֒ prg#ݡW,ӧ^W0nPAtkp]#<Ġeω m H^?D*wѿր/:TsǮ_=* ?OKS:Q7tiG }<?VOndȟNɧF^ Wx(wKzKW=%Jc#[{ёsg-=/Eğ33,8~BXߖ[{[@!k~L^6v..<~ _e| SpCO#qcIeOXK(>sژb԰_KѭNg(B]|u1$QQfA p;7 l Ǖ;7}e!aU,{ bpڂz(oCݝ<;1ז,f' !ޒe>IJ6vg !vr  H|cJjs6X;7<jdW<{YPCo:U~SgYcJ%I]'h={?Ryfveǂ?Y+,`Mȧ̌z;VD-K4h t@ү!(AoPX d{^+W^%4qA5 ᨢ[+:pJ07]C_Et@:_<vtzbK%YrƄvx6U@5 vAK,Vzh>!9^5|lZ#M9G,+9i;NqRy^ƃUdtqۡq\d"S˖&n^\8>k5Y9f܏~0 jީܫ r^冋IA*E$3+P?LMV V_vIxTqGG zb^k2P;*?o8y-$]ЬVHK}Ef Y2h`k{[: \D/^R|لr.NF%9-?8%B >/Țe Y nZT4 (raI-6[ߥ U.r^l\Pm{KΧsYzv=ERӢ^4w 9Zjb;wgUw29n>YaٽkNf`/SW2ad\9Ih3_4S#y"D(R;CJ$rmװbalCpb%Ɩ=9dh :r ET`A&m _p/A`~CD\9xte; =#pҋ"M L3dj0%VezN8w!۰ 3j|a~ km[H8Lu6xAH-zhQI<#.sZN(x AYvM=ԶB(oc@3̀pr_{hQn5oΪכ*+\NEh9ӚgٶJaEVdc˴l zzu$#( fF7ZIE˚7eT'|=]O~P Մ_Gq#+w;H` uơ42Vf J7 o.&( W< 9:7e_gh8k)U< =Z&cje;}9$ӓbh($rUC9:(~'sFXo}a|AGO iRNm%Kzr\=y[9:Kk0?A6Ftڢcj?tAVl1ܪ[ jѝWHCR:~|kju?m_8C0+rq ]UgAbF-r ؟r)]j&zcͼ|NuAG<]6} Zp&Nws{~sKkط ¼+yqE{vd+*?q'*7jw ߭ [D$/6&o3gtYU!(,2r#V70#pJʤ܏'? (1Dm84Kۅ,_6^w'-;i$yYs@@o GfMb RdHȶu60w[gUcH0 ]-,@ #Y* l&9;d r(|Z6Z8b@bns[ ˖q"siӏ3JAO(,Æ1z[OjlMd'i 2G |sք7ȦfQ5D(8bsKuxvB!ݧP&Q!PM.pE$oc\=2 .Qf9rK#6d,d807(=p+m 6$i/S{7m SE5*Ή+A}Lv8EEz"12RP݅mDh>ҙ_PM!@D*ssjzaIi-+q Γ=Gj'1iWXL{ sHͻܮIQ.LwK f@#d+ 4;c5Tw\< ~}sy/382)'䠑=ֆJphxƧ; RɪwiB>OkxW խv'GiEcXk!V^2ɡx^+& ՇX j/H5tmo 6Uд"`ǨDd1^L L qcmle[#֚U%]u;jӭ>%2A %bEwM-y߲i_:|dm^͸mY8dnqMUJO xڛUMo3{SI7UsHS"-C1!.]V@ 4"5DXG0 ]ub2ʹҏ=ʄ 8z[ "J/"l5Hԛ2 U}^kX.AiI<Ԧ*+HaFBbUӴf< #K15>W9&̓'['&2Zc_d-)-#+Eg=W"n@Y]sʳH BPK'̹C]+f@T)] |" kdYd M_?$%gֺv<WMm/^Mg[$3!{S6.lAL 8JN.EGU7$ }Us\ydiU,(fKvh[@\-[,燙MNc#4 Sz[pS1Hq\T|* --*-CC ^(Fiְ2P\ϐm@3rfU^%O8+V{p&0ZinbN?4rv1%tnhFB1KԸ_-LT[J}(&['|jƍ8,_l;sSa33KuG=!rެNGpVKTc.pD&zoeS'V6a[Kʍβ_eA]K'=S} bZUha@T9鈢9ۅ,&ぞObdޥtD|}@Fo-7`b[.w\+#be?bcE#7Ԋ;"@`sϬVCIFB*[0h'hˆ[^DI6%UȄ\#zU-DAMLEvcך',FztU|ٺF "6C/}gEnn/`r ?+* .68{jIOLSzQc>2QǹEfseᑉ"u@͉8Y"@x@K!#3 #Ɨ ߀kmvbj0ɢ!8K7J)#ܮ6:a;v˥Y`| wNVV u6(.?4*:Q\ڋ`,dL7-B&z|Zu/5Mؔ/)Z 3'jy.MYBkFC.GY+/:*+I3CL9xSV"3Ojpc|m6qŋobPkf5f]]7kՀ|+Xn /L{T$4%r?!(캧OXf%-vBKC n 50<$q^DdHgsvn 7s_]rGf%r |=Ek!D_P+l6 ~=g\toVm-ʹ^{k\`$ :Yh Xfe39^6G½?Hpd}:dmL0j 8C ۆKHޅ$Z!sbTp ]߼;oUIEK*c`\]\7,%YG"Nv8 ؄s:ܺ o/xмyFG4jLʶdt`М.f HX]VRMCv(Ƴgg[XvWjU xgbzo#xG%mS|DM d>c-zh4'gI1A<6+6cc_vkgƉ?7U޺4 .5KJ F^QRwh7O?C\|2`;M qe;^h-S [L@懲J~ghi41f(3VIk7ShڑyȌ| !k`mB  xD@G˩)OXOP䣚u9t3E 1×z0 `~Q|VPJXC3484g|auy%)ݫM;ec ZKs^4>t*b=y"G?Ώu]bCZ|;q$yһ@/*ecð۵y&P8^S $<χa*/U!q$w7G )?G#$T4@\ ֋6!bh:c}uKWxceKj_ xw^>8K L ]tboϏqi6 X8=rL9Z"7SdRm%ISAtڷF2wy1 mrVFXf'rT#zEPbL:lt漹2O{ rgB%9ug(|χE11]p+F6xc|!bC(ZnuRrSٍ]Xv|Eçsv;NXeTfj$fO|Sn+?6!0DODͽuTq ^EkWg/ЕxE;PH3w sTBo;0O"OP5EJ9vu0s;7H#L)Swo;ńH`{}ݭ3Lӿ@XHHfg} 8_g(Q96Ad%=5*F YO%H^D{ yK ~m)%RcY($\n#B<(I=y~:Bf8RF3fB% NԜ_%\zGVR#^;or'vs);P)^$>hwZDTuP%YW43tV?狝Xr^T$x򐋊C`u!cP WuL I`Gd *!MZԵ6$Ծ67zմڞ+ZHaz3QMC䬦ޫSt*H0[4xh׹b)+}>T`K~,LY0_2.lN4b61o-[waәDúQߺo)PEҜ,} NrIJE^6q!n2ƲvXAE?R9tm),W/S{UD3ͺM6q"PV6LCkr(0"-nH8Tg_+DͦQH)_hmC4c;01*cJoP͜t #jn;y6E7u\)UOG 6`w?S@ڎsޭ h)iKzP #P Y.L-MaɳӎoI3T3=auo84*2f0!%05#X9@ft;n}dcSDȳGoC,ߤ9w61Jh*Ex:qpxToDΖύ?S⃻\߄9O fXӳs̿< 5&QP-4'ڀ.hȻįT2]e}csT~kRA5!C߿9V%29 "`la}(i`<\ՠ4+lx8+dY=yj@G ?|[=ffP,Wpb[{ie:5.P$qgV[kS|+4yDݴ Oܲ,( _-kda1imo4fEs]T*-`.:Vv%̩^JD?:D5yI{iEطo;OV^\w;־:n g_C)eKz}rpNYNP"e77l/8xNDq5BR[\15>3 IYѽiAKR4HzqrҜF1wZ%bKwݺoF"kBrt\ \T%m5х9Yc d¾}J@/+JS˄v ʶ'LB:X^#bͰ8 D:lsd#S%`|G[KiwEZugyW+*ohfƓi+4Ncz"Ν:TPw 5B:)d=X!9- lM ig(+ޤp`ɩuimg>SM[Sa*SO0d88sھs&J*Ȳ}(-nEZsU/Gl0@o},5lGgh[<Rcw9f"0?D 3Si"S/ĐUR"p<-n*x R0R/qyw=b=ۢbM*.A7/L-V &[|JmԔVFqoR+"vaD<#?95O;5{qv ﰋBbW À":^],ZzR6J=HNjJmGqH(~^ЂQh(Ba;iIW9Pjg6w =K?-.*9#wP'K% tPyܝ z- Vs#]:Q5qٻ;ƴi bP.ZEj)xil.{e4V>jYwCG%CF}*F Pp V}H XB*-4ʧIBM![ -.fa>54_\p> ^d\{J!?m@vg"[%t}>c\p4: vR$ K@WE+?&?En@G5{@/\ӑ#ԗQMlk-LXdV $"W !ODpx4I=D}gHFDݏ1q , )b IƅN ?FA0O또xu鉚nXNtq@=qU\4./Vl)O(s + 'Zg۠lt.zm'R.N'G['M}6*tg4j5fY&_k7mxFM~+"Q_w9MC4g^ pѧV>0!cgOˉ]_*.,@ ydž?;Y8&&xhyȶSSlo?ˁqvB; O)o)Q?!Q-ur2,HZ9(zkO48GQbxFj,y+JLLR#s"(v.WV}JJ!E_8~hc{&/w[ X-Rs MƯ}=OHL(sY0,KNa=T Q:H [kb1HA%xMJ-*Ky-WύT? -BY>Zy:R>~u'2Clȏ xrQ t,}6PqO .! bY+6P=;)@x銙-Mqzn9 W'111d >-O2*h\re` 6 8k帯v0dzU `ԕ{~8c3$i>1:㸆yfG4s*68 c[&T!W6c&l~e?XBzZ)ky"2 nN]mL^E( {ÄgqJvrbGb(a BS2FB6Eo oD%~S(- `p$Ǟ3!CR5+ը0P-%M!2\WL1*v$c94zp z+:pp?A?UEhOBz ~2yۨ *q;x^^cPͿ–E%`jtin[s?Z  x,^E4t]M^6鲼]?꿆JsXWP/պ|-!URVtu'G XJwf.uLvǁfC$1-AObz-?r(sԡ\Qv!Z& j.a{a(rLiv u0i}{uRPrF @k_q5+1f<ȥoWA^oN;t/ $S82x]GgkKC ;O*ɖG5v{7ٍ<(p9SBVZTWV1bdnYI߾AW-5uF%5|5z<7oe(rKi' Pkۉn0[0?ldAqeTA䩯 rF51wGX(wIc 8Jqg~TnҙSTXVw/[[s:~# Cne/m2q[w^Kmk6EQ݌.SNsPLiT@XI5*?ClT2Ze%As]6v&&$FnᩄX9[nQdmc }L@w5L2G$]3'7H2d7H,3#A,ot]ѷVRD7Z_v}zĂBP542E}Lg`SmXirXap0|+!qu\q|JbOC6F!uSj[U7)-ĥ#ʓ:SP3[cqeY,OL'm+&wd1y8b =]VK/p66ApöɃ)VC>,?tg (Cd0%EB% V sϓІΠ㈈8Z~WW,&åP(eG<^S90濈}ЗW@=M(֕ @&aKUm`I^(^juC19ɍ˜X YZ