sssd-kcm-2.9.2-1.el8 >  H   7HLe(J U]Qg2iuX.k=%:sYݳH"rײַRT0H?ȶW+\V(R3ɍC~@9REP$٬akm IB HHXP65+%,aHG½G|G-IpxĞ+  asޢ\4f>, !r ^("R5&aKЭ,^'Xɴޥ6>-}OHuvmaa`DE4T{3qxTƶ%6RC8R8qGv68ީVTaNND 8U"OW} uac^R7qf!޶c[8cc6LT*ݷ}Q9wHO=6:RP9粃z 4&*zbєc#S&] V'9:?LsQL~MSbe]/Eƙ5>#2{Fض)I-Ȯ|7kweYw y|(2擶*Elt[=o㊎2H.қbfL5"N| 7s+^~& :Eg I V=S.׌e'm)+Q K'L(m6~8F׸5;|Zt> <o3vOl ,ʬ]=2d!zkq`B ?d   B   =CK`p         L     (D t:: :(g8p90:g>?@G H I X,Y8\\ ] ^N b+dWe\f_lat| u vw x y - Csssd-kcm2.9.21.el8An implementation of a Kerberos KCM serverAn implementation of a Kerberos KCM server. Use this package if you want to use the KCM: Kerberos credentials cache.daarch64-02.stream.rdu2.redhat.comCentOSCentOSGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxaarch64 if [ $1 -eq 1 ] ; then # Initial installation systemctl --no-reload preset sssd-kcm.socket &>/dev/null || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable --now sssd-kcm.socket &>/dev/null || : fi if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-kcm.socket &>/dev/null || : fi if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-kcm.service &>/dev/null || : fi%7ځA큤A큤ddddddddddddacfc8b31ea1b1931377b6c6c0f3541e0617be0a9e24769d5e1f32689120c0d6bbbac31b33f419589e342f20381138c0dea737fa71b0d67a0db97020b4451afd8c2f6ae53e988971d19b13a2104ead7d8f059bf8e7097a1a5d82ccb81764fd479c88426aea992fe22b4d4f109b699a1966ab47febfc81c56d3ea061ba96957899cdae3017096a1e504092e196dd4a03c639f78092c332151e26663edee1cfc9792477b7788cbe2c6b1d51e061e39d4a5fabc3d7147a648c21b91b6ff3a1e210d23b943cf029bd820eaad7463b1234ffdfc7e4a5e378ff5c0dceb7ae6e463264ae280eed4e941573f30f5b9eae3bec516fd17095ec7a56f9467b26ba3ebc2b7cefacfc8b31ea1b1931377b6c6c0f3541e0617be0a9e24769d5e1f32689120c0d6b../../../../usr/libexec/sssd/sssd_kcmrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.2-1.el8.src.rpmconfig(sssd-kcm)sssd-kcmsssd-kcm(aarch-64)  @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/bin/shconfig(sssd-kcm)krb5-libsld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcollection.so.4()(64bit)libcom_err.so.2()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.17)(64bit)libini_config.so.5()(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_iface.so()(64bit)libsss_sbus.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libunistring.so.2()(64bit)libuuid.so.1()(64bit)libuuid.so.1(UUID_1.0)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-commonsystemdsystemdsystemd2.9.2-1.el81.18.2-113.0.4-14.6.0-14.0-15.2-12.9.2-1.el84.14.3d@dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh rusvuk2.9.2-1.el82.9.2-1.el82.9.2-1.el8 kcm_default_ccache.build-ida7993f79aa82e5e7affa7b04c604cedb22ebc8sssd-kcm.servicesssd-kcm.socketsssd_kcmsssd-kcm.8.gzsssd-kcm.8.gzsssd-kcm.8.gzsssd-kcm.8.gzsssd-kcmkcm_default_ccache/etc/krb5.conf.d//usr/lib//usr/lib/.build-id/fb//usr/lib/systemd/system//usr/libexec/sssd//usr/share/man/man8//usr/share/man/ru/man8//usr/share/man/sv/man8//usr/share/man/uk/man8//usr/share//usr/share/sssd-kcm/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnuASCII textdirectoryELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 3.7.0, BuildID[sha1]=fba7993f79aa82e5e7affa7b04c604cedb22ebc8, strippedtroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)-R+R'R0RRRRRRR)R R R-RRRR R/R%RRRRR*RRRRR RR!R R R"R&R#R$RR,R(RR.RRR4utf-858e49449cf3cdac69fcf7e4d2c941ee4d9e21423f036720d7c33736fb7e80320?7zXZ !#,] b2u Q{LV+g^#b,ӲvR"Aq+)̧<]!iw?̡&æʼnt˿R0 oh?~^%q1Ƅr\˲ջ|5.@rh/LOG)5Yv}(-%?AK |i MofiCziwG/#l2R1S`Lg.[wHqh-EV̐[fNO:J> GuwEI?W1#m{Γ)|S;ۤ~if> ;mCχ X}J0"w%")h9Xx%ٳNkضY*Xyk}F@xѵC>=EaePlQ*J\&uY{g"oQAn WɼS |8Eb<TpsXHώb4FZJ惵Nq6N7zʾ)1˪̉>!l$rOD/l!gz|F#,'v1~neaE}QՏ^HQˠ,F<ӨC%0!lpA9cFx5z_I+gZTc *ܜ `U#x=HoNA*D^ps<ﯖ x8q34#`= !Y!j3YgB7S5N4>e^^9hָR}?-iwvmg oз'AϘHυK0R gGY,T 9;Y3']0f@q ܲvA|jI];[e<Ϝk,<2s! y)\U߼v)0 SM ;eF:t0jNTA+~D1B;6%pS#~0(LS%^.hvs‘rAsfȇfwy)0/'P]Rȗ8VH$o',_b&+w f̻) P9y L\@'j:Unf}S9""`Nϛ¶07_ԫth‘GjgH}7"1Z LN\N{KT+Jgw$' 1`G`2z=̓GLTZE>4J)9^2cV} wT7P{穑zf(Kiƥu{ v 73yX,w^_֭XcHLƖa Up#_!NBe`3P KgvdF38sJut چ^ťvB'0rhw:= bе ozj#Qg;\@_DN!WeVWLǤXLW{"AXYdk@vj LȨw-R> n&ye{bot-=pSSy䳼q.i{i;3}[V29Y+>~R>X$urRL c6HH|Fu)hM7AUzWƄb^c3٧0Z+J1,czr?Rjp 7y2Uą7d3˫ ![OJ҃GuF}Ky |cT*)`ñ> /> VkR&A#) wZ%mN#vz&~tQ•GZqo ̮؜wLx$6^$Ef<q2)GãiGmhxj6TKQ7ЃȔVGmC.ּJEcۜ*3AAhb.d%uw 'D- م'2x /u2qgMx2eBd1CIZ5NNi`15*mzr+i`&Fsj{37Xȳrn2[Id#G.< /Z&O7{>0J_JTnX& 7ir2r#TP X ML8H>)@.Qщ:˚o͞*SeUqbp`-ew"b^zw^Ր+hTuwV ]()qԌMiL]tuT /h`o)ӎ^ >(uUҝ^J#Møi}~Yr=ԫ@b-%Gr!|^uL$ b?d'&5Z)V K:ſAUٝ#WҒ0(;h@.f}_34/SOx`!zzkl m͐8s[tZ6״Gكa85nwEBZwգ e]̨4Ѣp Wgd4?Ƶ6HF;JjBOǩ+s%)Ң|CpUm)c=#@a|rT#! eVnFkW |ci5⃖D׈ol$H#)$'Յ9ø>ˊG~`@F;F[wm:vPQ{@ } {>Lh4ѳúG~~2&ƿo2ΘۣhSs-b5Bnm1! Jg{>8@iW%!Zڞ0K&8$aD]- !֑eGVѪV; =(\ܛ<̾%m!?djHYk1U3\& R=p*6N&*]P<&;g9JT RzۇYdȅ厓K<6/ZsԸ Pz(^{Ld(2Y48Ua^hCs’Fz}]AMj"ʼnOHV%@ĞI+/4=mT9dHW5-k%:T6fhI}Z{73x@ М ηj=mwG6/gr/^J[l!3v JZQԭ5|+1ζ)Eqqѭ]*Gꆼy#b7w 1E`@;|q0햤{[TNzڿ8)H'dob(iV *g ]D%tdَem"*hZrQM*B.nɆ m~g nO/ "!3]WRlQ3NOpO"<<}fcݘɬW\waП)y Yx:I,#2616K T9Ψ>ϙ?Wļ'\h2zW{ḽ~@jk?\ρcXn&vO휗e{VӼ@ڴVW4\ps}] ~Va=-3Q'D&sJ!=-. y+}IҴ 4[96 .[|78ϴ(ON^zyHM=mz[w/ bH#  #)5mY2$\-ͤoQ_"nșoc]IhQd:l$AG_DzUc ldq0`hP%S8%S6UG擙yҽIw=B;PX מ04!@R~J[P|YS:N'Ĵ~N2 Hܜwtׁ;dܷͬ‹򐗮\ Eqr1_@R(0aEmOplrb@sNɣMI_0,4ZS'SBWZ[ I䩨RzKF&zcIn<ʒA5Wu J!賃:W6ANS-k:Qk.:tMxMw&Bۢ\?}]c=\nEZ/H !**ωLu"U9g˹M!Rn$G^P%ld :`ܢE#jjJ67c"2f49A}ys]_ry)@|_` (E0D5 cH:S**EyDEߤI@42צ/UI]F'am!2]g(9=CY*P\pJ=H2 1ll?}&pwl0 ձ[ȻIwrvF4fCD>"r|]%'e5Ccͮ_~jĊͪZ+=KV8JC G@fSG&虖R0B@>>QdPuw\4, 煈#7-$KA \%,f1\oTe_+5D̒Hsk<\ĒE9T5:T뙣g f;<"OCGJAI6cfhԍz6@yl`~p+"g M7uʸ ?wM|,dALDR).&JxPt:Nڸ-sS\X`8""˭ۍ05q{Av3PHVRP(j{ (eNUmGA1툕Y5L7c?9|?ޤ׍r4ojIH';_4TeFfg2agMtr>љC&(]8ݝTϺqÖl4SD?g#z* zt@d!4:՘92RR⸩jrJs 1|W,|I^#zV(7SviJ[FSS3xEߥ˦ybL纻`4zI𹛤qgxdbG']j(Ӑ\CESaHJP+\Ht xZ,79#3kl=eO6mJ_܀#EZSm(Jfo rqYe:KH>Z1ʞ!.P4UYK=J G˹=fc L+fCJNwxt+}E>nC=gPF[IcUBS |J̌AH#yD<8քxl\-sdicF$GvCYneK&0CF4t~ZVA8j^e!NE?֎j^L۝ZKb;4iKlT:H^nd,SY[T9,|*68 /{ҋe7RqPcPz3wJ0<(Rd$֫Jwmm̖XIߢ6mNU_w8:OLT^a3TIc\L=/k5w{sac3n}*ȀMyTE,3&K|q?fA˯D3z{q'n $UIOn)XPdؗG~$@B_:oO/ k M\}Dն05 wC@rx>Qo7g6vBz[r?~*O#/_{߳w]qn CôWMfOu0[ݖq< ?Os Gt,L &Hc%޾ HT,o!"†M_(ZR<gn.uۈ0LATP 2\rjdT+٘%%'bҏswh39\+zƋkt[9xÓ(45 w(~OddR!Vl>wyn[wxqu^cN/ͱ$I[iödpłp2gDpg7;rvnŻt V }vv TF)O# \FICԐIE` ?rp|t{̻i)G##" ˅.)veï@|vsS~iGehqȍ<[~ ZaQ!,v%1g{Y f1m~'MrZ愂j3oT2\EM 227V-Tw?ĕ:W#AU{a+No5:o)DYr+#I”U*gkM5! `筦 2Ĝ"&;ȎS5N,AfZ XZ%H 4cHpKW[҇!5s|ti>5Ҍi)|K9 wL;7þo,@[h&0gūw˴(\vW M 0zB4y]2`[4˾a͟8䷅8k{El5o wE9*99]uٿ/3:*ܯF~H@zaJ:*ݭ^00ޯgǡ`ISA+6J|rZǦ;/1C (x7ln٠7 ;e,2Up`IS+#HQh.,C}hSGS)v"3Pbl T-4E24$|xC%xG'b/&k\Ek& ,Lg̨!Xy`G A^zqT4;(B=!>|1hI3 xb@Q'Q7q/")Ck%6W("27WGLc"4\J.Ң:VRS`p5=700_j@w#Ӝ^GkfF.DWő2Ins+ØWrRf5 LlhWȍ!ô)_p bpXjsͧʯH]V"+1+ĺ #6>U cy];Y0{dӉÅ_i/rD׷%NJu9IëQ{@F!n)l}Ƚ{LUG-j# ׌/dL> 8|d?2@iDZIC؞KmH!虤w!^EH 7i0?q_q4måYk|Ot&%sD$\uРsȸA+^wt9Ԓ!އ\|%>LZd23 p}S J#?g fPHEۊI_!UI3¾}w-s&)(*5js^M2:n{\δ82\IC4Mc Ses7ڟ6hOIs䣗J0PTk"3Krl>{iRΟJzq{_o(਌15P~WxhgJr?<+~h@M~\4(Cpi[p?< vl%Gp |:z %a%Ex_#jÒD1ݱb1Ac\1$~`?B31b9ce!}8X#;y_ ״sl)cC[|&!473:ށ 0KT66NHh7PU2[ zMK"iT-6(u#ECܨ{O>Nv8[6? nbo yz"ag>4R8;jUcQgrI9!K S'Ț8[*^cL|@Wn~ĵ$L˰$Ͽ+4waS@]' $yUy~+|25prxk?ǽkm2%r~;t;ƉPLg!KQPQAZ+66BFY)+҇g:3LwQo@'-/T%w`Yyy!ݠ~$QB*USgu%Qq՘P; TjYɶ k{&T:x$C:1Yk0Ob$#?N'e I^',5͕=bՌX 3w11/eHEWJdF8{D) ,q' W0V@59b0#'٥(Z}-֦s?muQӳCE2gcK'pr >/gƻ 68Вőb;Fclj֖ І96W|DTۊ*ңubci'r*)1FUB.{ԆM:)"I7L.YW&'M ` 7"#JBUUg5#g ɥ O\r`PIܭh .ga߷s &=.tj7ٹ%e|nVWdx;s! g <N"Ʃ 3TPUeE mOU$,zYIfEne}`IHM.'SI,5B3>Bz*H =E~*Uloj],.>f#IK}c/xb"jU[*f3nԓfrkZfE>S'Ed*P ^_pb<3SxS%V8e.^l]rx Q+0D۹Dfc $Z@#o'c"E̒pCu!iO'CdH#J}/WBpׇqc^u7C?Ӵ+ڹ7Ui'NASY҉3}^1cb/2;^ɛ34J BXòNXXܔĻ Zs: rRΔzE/|`E&% fh/b=1Z &"{6Ӄl\: ȩZB;sG3L@iX¾P);{Qda*1 jBZk Za+|@vA;'yB{ۤE A r΍trO^ې+#նU\iުhc]zag#3Z*[" 9RmDx@}{iSKgC*)*m 5LZ"cҔRz;:GrȊ%LFXpM35+ E۵-dL3FP{Lr2E`P2 $ylzNLWt#=+#Јgd[{5:쨑r֕m;z,9bycSb+tGX_870 컞JS9W`aRx&m<9*%ĀwoDð*Jp& =EZȆt 0z(TMQ>OB>yuS3^JhcM$:1V.ʙލbSv^eT濌>D(۰Rr.Nc1rQPg= IydFh˒M>4RUʪ8\Ύ KI0VM6eT~v jl/[D@oϥ5ROqE$*lZR'tXr0-i1@1$ㅆ9rG/JP7Hq8w6r6p`C5辱SEtQh~]-4+ }I,:l\;y4P=-I+Se1| @y4YQl/$]P9VkuŲ 2)i*/O8_JmK?'DTqdz = 2S48F jl[80?7KXN`X09SJ\t)=WyWB)!Be-'gqB,# "*>cz^@jL_ 9X_F:^1bv"KjL4G*ˣ 8](DU$A_Dp]Mך A 2)r㝾Ei-%)S3" r^sqTp$emk]hO*UB.]D_=K03aVV&ˀw=2'֪j,{Vt0hӄ+}Q%@ ]O56i_hX5'ط9jrP8Zv8C^e7҄:ϡuѬe MCZ>\"< *,0_ZW0{1ej}S\"b_V$ęH}@ QGG׌X.thLgq3'&,ZP굜/ہf 턐/s?sfS`I!#Etfq7A4\5}8{8oL|d(t.#Yڶ=;$ F1Lnvmۈ&\2 ШGӊ[KV}$Xgf3ECu2?jD\LU?%1_bo`bbF /ne' pDHg! 薁=t|XeG)ӛ]ꖋ Ti<&8>g?H鯂c@^SDFʇga `"*CoBUfڹtNe+ t E:],R(K-"h\A'r<% ھţ♍}$ݭ<_.Zb f_8Q0A}~ @ DCc$.$n#VF^(TUˆqn"q(ŒdU=hJj.M\QUOz`BMP;d2yoӛmȖᙡn VT?-@St~0pb gh+ja ` @a qrŌl݄2c&i2(7(YfHcqL|` Xʗ7W~`P '|ҝxtj|YC59AV_1jQ`!CĶl[Yv[Z11..i/rP:))-em* ; ;dj-%g2 D|i`td|(^Iݟu7x*Ap>W]yEtWˎ+MZ8MYC{^ p|etRBEl}ԟFQStk@I!9ФAd^IJCJ0حZUX2%g(/m؁x>M9TA?:&,N XA Kg]?_vB8Լȟwci=3[S1din/So=Ot4n}5M@EY`jR}|(Ϊ.υ{E &#Şhk+pW-I0Vc!H٥0`ԨnP}n,=looh}>JXmv(Cf\2Ly>.]V׵'D6 b>?āH{V rhF-yO>ɮEqE'|G[' {: ^)nYi̘(vgoH LLW|>vє W9X&BMKO2SȊu"'cc ʣeA .9^c9i W/7w&%进H h-/|Q 2c PRIiyfMz$x$jQh\WvpQ"A533U K4kV[Jh#*vҼ=IG%y `)ܿ 4K-@ }ݨ,POJyQgk&0ānK~|ksޱR%y0,)`Q۵]JLf]~ɐYQ^v[{vYѶkM+$z*B)y!3ֲM: $!5:~z;]שf"⧦:`oY^se'A;kdۿOZ+r'jUQV YcA }X;HK.\9!\+6Ruuh𜃺+B"5kG$~Uc_<=a-*GʢA$݊ uEE4ȩZ^j*bdwD;%xm",?x3`ULv?̺+^Nޡ>Oc,^&٠M s?dY`1s+WK[ѱkӒwV0{ )]6OipUNT%@Bdy6ᔆ_V'zmn6!;2A6H?jgS|AHUtF4j=5{)Y- R,HXZ) Q5X?gPk@}P 4YBNHu& cEVdGmWbkJqE?]>sSN; ΉUlvhS:MPuO]};eh !>-{=깗Db? Db a2/p>u|`ڪPjbaSp4L/A4~l(鴜v=v+0oHu#`Y"O 4h0ZʠtM؇̑:V4je7]R`lR8BܯLm4$ψ~KYce7mCd[Ky ͚=(H(H:`^&VS׫ָPeժ߫IYlmPw6 nCNZhb\m=|dhؒC- Y.͓'pڛ׼4=~lv0Vm@`C=aѦH n?W(;,1*?(LUn}TjO;K4Wx|;K˚U:mS"ʐ9F(a-5>>qyfQ;77x:v@P"7_=]瑔wb MCgaj!sw^cB`AfyQxʪDZXHmÁ fEY T!ɩKi_*7.L ꚅޗL /*ӴڷKmҨ<w6`7_]6$yc&>)Loa ȶUa";%cMqqt[s+Zҳ)l3 VUJ&DX%:oEM;rJ[d Ti&|>.-ܔk:G}nDvd*o zRa]-$MT q]FYES^ۭ L`~9)Y_ N1r,pցP16sb yo#e}X*%$@S}3R2 H:iV`ynDO ݟd`X /,]DWpmr,TqlIY6Rm\ttv +stco ht!u뵠;qu+aP<OUDxONޅ%I+)%҅%V t -)T%MZ & Wʟ7"/YpVG\ yf.eu7,1(cjjF3RwWSM5Q8\(&);$3: jPV2JxNJ6zBE"d)D;R~jHXڔ' } ߅D< ^brCz'!Y+Knp˄@KgŽ*;nXu[3Ȝ5+BvݎjCr"s% 'G7>$Ւoq/P!x98Gv^RBneE hHL 0/VR給du|^\H_LυPcF˵tiύV/ߺ$;NY=uX5 8t9cU{'m $g͝2Baz7rl;r1 X 'I?Ǔt1Ե1lF{S;]0PP"!*@pF\)@Y3|5 u͝*̬v|z8r]JJUhmR^0YdvSH#}y,[OeBk#17;-`O`bnZ6I,fbƾy姃rEMP ʱ3!}B~t??]7D5UK%Qux5yv0|`^Dǚ#u5S .kJ5cW ^;R VN#wY-~"] x0oќS;2L`ˊ˰l/4c7&J0ӂϻo2&W)1 1uc!8o#4 -/X̷b6)Mo3:c;wP oڕk5)xY 戆mV =~5wq) j |ڐ3d8}`Q8c0 m6*GCv,x9CmN; Xp[,6/Pki >4cJ+pw* .՘(/yAZo,Ԫ.=M0ʕ-=rfσ I; PH::PU^ks>:;T R ?a>~ᆌSDzbB4`ћ1~rr.٣D]A@ixcxTfp!9#)aLzq2]IӸ~ɣtfHilu  ŒŢ0SJTO 6()ݦ2CE1႑T9tnXK(rXʘ́.KYk.ོ 0jZ8A~"*u9,;%gmv?PR\Δ~GW5SM]1}ig%WR3O~e, ~Δ8`g bU#ѱNQ^,1ϝB;YBR](޳Nw\.WY<a]gCG<}.̟6@X$63P]Qln9{)$fo6s0lnLԸ躃QϘJ!Ɗy*Cy.Fba[\]ɶz+3}YF.}$KW";JTNJ OV2KF{WP?_" Pt4iCGrzV8*{]ؑIN@HYIK,@I7捏1+R1l>[hovY1늌W|spE:"G)ɅA$Hv@Ni9*Tz\D+ OеŸ`“Yg/{yI:}^ynE.>uIsd!,\7X)\E'\:'\Qp-xEa )%zT4Aɷ-;=Z%lJ q-=D$6GDQ Ôu6uGgkd wu%$קR5͘[$|_YG̢PFfL'{秆jhz 2 Iᲂ(jL\ zW[[=90uL9?5G^֦sylD9.F.@Bg/nN`OiU2 V$¤ĝI<."Qwx2-yt,RWڍf1)z/Ql.* wά=%$ȘEĽ zObʓ58`_ Oׯ/ m| 4>i[z%!a S GǯdlЬQY#aGp̳G(m Д,kFrfq|ٲ6U[imp)mp~] <0O *LJ2IyxKr,VX4ₒvŋmDz>Qj|)G :݂fyaɇq{3LK2)u,^#̲z~yXQX:w<АPpejÿ;-GnPfqnmN6qỦz1_.~'&l| e,'.B9'9 g:0HJc+n ƺ tHdyJrU$ ګM[ŃOFjݒ-Tu(hxaIЀNKQO Hs}RRi+/޳$07iZX}߅݇(NfR=c]92[!7]]$IY1+ZC} N/VoO`W%7}WyۑUGRj8E}s+txD6߉3WvΎEү%uר XA2^s0]â[TJ5`@1*O}u8SV^.vV8`d{:Ϲ*(v3_5 aAmMFUku #rS/[Ya|V.Ru˄_"ݮZL XzS'@o@XUX~enEKyC eNQ ]G|A]2:~DjAni/LN֏I-!G|"w-Gώ`:a.&͇ĹaLOj=:A:I;#ЬG꬙\ }oLJ❅eMґG@ fO,.u$T{#lLvJe+,Fjb?[HTƸ369ԠvwEIoD.|M57U`(KmHMf-{ )1VpK߯vSoŬ_3yMyj5OI1/I =#9 &5oۺ\ؕ- )הj&@)|(g ~l4JuP9w?b*$fD* ^3V8N ҫ@.Ʉ#E(.B閮UpEbD;s*E랚x7 >eu;NUR*w!|r04$|5,]D5t),C;cP-Tj1OGX /b NuakVXpZed] &QMĤJ%U3Sశ,5[2 3sfcEkK*3[3YIG;ؤPjJȵ-5<~e(v)gyź ϲ!S& #wR_}˜|g>`!aCM FTR?c⭘H@l:Ry`xIjK[D$Kt Cg+j\ !I~Òw_=1 OSyF+%%X\ ӸsCl \`I WLcp RBc3L;Oš屏F3&6XyԒiw܋V'H2 qZ ~EWFCJSɨlE>^`,y>U,O/_J~D:+u7A7ot!S|#yvBq?A͋8) y)x*TaڭO|)W`Fn"x/Pl˵x2ګVʔtğWٝ'UDl9>UMWWTG@j&Rږ=0,&N@ZG_jJS/^!qְk" Fmb$TlE :/^U|u_pxUHԻSx=c5ŎzWM0fr fsiHE g6x.tBxүY׶K h|Me1u1EF ӕnTy# YwAѶU|3( OMe"nɆ>;ۻVyeShkR=Z6A;NL[|VZ䤜 7qU Jw(!U >S`H13IZ@;-D9ls:Ap!Y}hz8((,xVx33bRWZdžcו8-d]=ǣ]I>wl(KG%H3 /z&]":'Duuƶh{<ڟN U*~%N+m?Pkݱc"冀g2WJgW/@t"`dM^$EBx8G֍1iԉݾ{gFt Z~T&gs1 +{)6G.Fl6 3eur83H2Aͧ)_!<~P Oas]ipꁾ\bp"0 /S C^ܕd#=Rt:T/HAD,a{a'7쁄 $?L!}k2hCrrjCl-Әٺ78TTXjKYP;rS&t\BGqU(Akg cY>N~sؠ>%.(3i:0Z\?*uz$}4ՍĘc?$SQh-IƝ+j6K@~b^=Mti4kwg0!OZ्qrphbEQyESa:;G#&$+2 yu. S;IV7-ݴ:HHZk%${JUf%-J^bUћ԰Ux@r?D͹1r{k}Nz 0&Ӟy6@ka~`Sd70??!Q50GZ)M࿒/7T"hjTee'3S\͝MEViETi(6٨i6\P~ez I ي]6XGl7 D}9Fx!q\~~ܗEQWgG}wV{!O6x1Nz<9) EpL뭷rT5C K '툰 $Ty=ΧE2^Ѻ'Q5!ze1΄dI OgC iACK~`a:rÓ#w\yʿ2 }w17+xa7ޣaJdp;QaS j:ahnqxaY++  6m"Ħ ÝY뢋+ѐG>qrAʦad)%ӆXih'JG3HӴX g+ZWJNi^3~'q xe yktLmr޶M1kF*>u&cwnaAɘݞu PT,3 Tʥ?!ĞoF8S+tR_ HU-k,Y9"QP}Pr4X@W!LPT@bLcc290y#A )LW`o'lbvj "wxa'A&2_MENIHۻ+@DwHWSXآϡ#S(wRT6x2مR ]VӴ  wzhvޫz!hg] kXJ98 bX9 pCHX0L_Wxkb9bme|챗g`~Z=!~~Coi96t,6 \>ԿݔB)O>4%GFg_ף?PZ> v31!-NeEL`,8TkC29TQXͲ?ZwX3^uxy#gg%/e"+*=VMOML o dSwPIR.}fT*i:~3z'?+6ZZ{эz[S9yM\+vS qL4Pb7p)Z@Qwy>#6Zgif&qЦ K.´%7,b%k=QEK/ W.FjԚ{| f>,Y~ڒ#!OGD\CS5@VNTXUM`?z1r3oZ'F ܌4L41<߈Y: Qy`Xs ӻX=y?$*(|RyywTڀ.#cdܠݎޏHKhPэy!>B~P8hZ+[$Z sE. f/c\P6T7:<36.]k͂=v-` EW}Yb8Q|6oz͇eW3jj'|>vgF0be)7H5ks!3-!g0m.*dmpڐ`%SQAeYn(WpSg곹`q9NI݀p!R)Ao-#G%{%{&ovrp'h+-|(Φ}C|.efQe">0Ls^Nd) :odum( K2,Cscjӿ#sn]1?y-JUzk#B !CTx'aӿ6ƕ6 t&qUkm ͪ?[䶴D ~.<%m1ɓ.3+oS0:sHwdU]KVӮ[vx-Dhsrl}dx˺9)~ w:H鹱^e1B 9Ʒ*֨Ia- ,SfFBD :*!~${&H#`"7``%}ųj7/"> ֳKZՌIGLJ.$#`qGsJb d"\0PE͏ 5&ƛn~Ȣ]֊-T ) HvBPayu+cMb/ $>AZzVNh4JmI`1\TRs/j/^>~֢pJ K[q^C[ƶ~a, kdW>A "s>OtR;VB_7cpj烨֣pPe]=JS:CwBOky FkCRy悀`8S@f2[Rb4| oYש}m׫SdM&ѩDy|,iϸ2$TKTl1}C D48h2x_zG+忧.:xn>LU#zV'Xb6CZ)gCג*VJ=PL)KW3i74y_Npݔt nW( Atc )wҴw,'F6Ml`aqj:US3spVݪ)ϒAjq'Ո؊sHI0γ<] c-Pǧ{킘Yu5[zIHSZUmdOMA\u_r()" @R;'28 \V;9H`LdC7 f5@֤bnʾ?8C[2Mwiȴ 1}=E{YBMȿ*驼a-ׄI[jM!n|(-(yK ˑ_Np.҃$LAJ}v揂q%_W84=[Bn5Lڼ+گ1/"}uJa_+u%)TU"(v,EJNJwse;'poǛYٺ1b1(c.\>qCo HUNJsDIm48qNmO\!ż Eo H) }lg-3ojuԌ,SL~cqxScuɬs76^L ,g>AYĪ s}_o'+IYvo(-+3z5.4hC)[`v5UZcxLۥ- iSKݸ3Lj] EF{[JXt zL^ʷww`NFi;mbfih{ Bq],F3?eHG6!%QI=M >x5-mc(k>| .;$vJkOUѪ|Il3r.a DQ9/z.A24մ_Ө 'Eyr-oԹs?-|xF7{(reQiD~U<2s%FE^7Vq~)=쓾tr]ܭQԴf<b_{UYSMXtg '#wj1Au%ݖ&crLCDA|cU9T ޔUִwrw]fLs)fZx  ˊ&~{bT W ^}b1S&'/f*a @$ 9aʒ X.빿xtq.dt谽 ^L3TN=Q{w-}v˼@ NU2#}3M_rz u%hv0*7tm=:M͵lU0ZcWOnM;L.8*ӟprAH U,?!nlsN ml ̂]_yVݖFjhS =y(@y`O0FGv^H.՘Ny |D>;E|cYy'2sxHդk<7DjkdѠKIgW1LU%9eo Ñud-,jwmĈ_QFl-RxvtspQ*}fݾprt{ϣ4 jh:jѱ 7 <4{E(95]Y! >̃(ۥhy6iÿ'|N!ni.6l~ϭk:$5%YΥ1֨<ɊQ{l2lҵ:rBaR z3Eoɼ-` [O[xn?`8Yу?yQf^%jJU+l:?%5YlǺ.UO:6 uq_")sqwbR-@B^IfJ@ :&Ʒo~Ojuuٟηj/zWo]$Cڃ2XNQ3D.FGR '4x>+A9l9D\b97 %0#წIrdMސa?]L&J& Y R!?H*3b@v10LE +~ˣg%RSZvd44| (@M9lp @t&pOeJÝ De6'r`)$RTs" ,<7'FHCkb2O%?uY,Y"LNf98QMM^Mqn}#NhGޝAeu̸ܬ2jm5-2$5jGw DLrD(?- st~׋48~?(w8etC@Ac6~?DdN!qRbNS<̻b{L߻|%](Ϛe!*mVar {;eaSt5|oM2x^/?3qiH5wzv?75}v*zʏLKp/dh>ѱ2y2*<`k^g=+ vjUF%co0`G xكID/atqCje#dVcCNt pI=z;07.r0D~FP`tn}.[Cp>rĮ ཉ(b"-T)!7@Sf9f1OlqQ+ߡJt2̨(&k͘@G)-w9b/+t$;.^)s*<  nM^c@(Tz-a RCȊmG^D +9T~2y@-ZgٗS-d D/ lŹ8Hë1ͻa ՑxCS>Ua;E'ӟ&-uδPzILmPQ'|f`:M>򤌥D> w:\&G~ HpWgM#^dlC DT:=bDá1eMd r64}n^'1O,[XHǯV7\QI\SE:j4&3l݃%y.SaH^E} Fֵ? Esw_ό|Ǔ]*O-~)lFWtFPXT-`dsݹa(Y&i}峙.]8jH4a2M RĜr+j]|HHKeʗsE^ϽEaĻ Y4BP\{VW>im66`#;?*f#Rkw)܀2իN0_Qύ+0)RFkϞekn!s8V0nâЏ,.kEi9}ִLwCYc֚KɡUT9W T4gQܵ!8iA J[+ӇSA /́n+Y$AYI4 Ip 2( Y3}55 ̼{T8:(3ռ7]BP7Sb4n\iUx:L}ҷI bbyt)$C5\ff?I!# 7[_C^L70"R@L`/QO!X%N[S;~HSg vaLS$ n|cN2DOehQ:U|t6Ԓ*׾ AHK5Qe`1~}W}!H5$ISo! ,#;Jkg XEl/WvԬPfmS)2 {+Qi>Կ5ڑ'd䗰PDNDł9[J  q);{cW{!nz{+̠ڕ+mVprqJP:TWD{u̿ωkoӬ=l4BodgIJjZ1"P68j(k妴I_Y^Q׽HY ,MGo7vr4S4ۮNt L b'5@n覠hX.? _mRGRa$½ !b-5JoN%% _>Sv#d'@Mڪ".^`okl+l)%zd5 BW@ڏ^GY^A*.("Rw wycFԚX`g89 q<|QYduRd0>T,u4zy ۩۾;"Kw7l #6Š}#Urgd!*{]/zsAFP>Sb9lT*!X痋.&֘`G̸}k*3d88NC87z^@H]]2.6UfܧG Ӽ8 V'kǢ oyBw28 `L93Am$(]yj/*^0 ^WE]'<PBұgL槲.Qo4WZ BKY["a㮴9/ţVLFŽ9˃]!jSb-JT"KgD6!~O&̏OݰD@H&7e u]7"wҤeGY]Tc;c?aq$"I)od3pI#E &F-4fq{A:km|YN`L=Ksjkr_[9=w`"ճrɊwh^ɐ ~gԆ3_j`w53hXs*,1%iluS"CNnO>i]ˈ`F%U-T=N_j]R4pϠsy'mυ*sIs)l+i'n.'I0*5M ^jK9Y v5LzAFR+lXLj<07MCq}2 Flj2km ^fiKb!*2lTs*YW%K#z^3e# F!f2AM^tLv]v{IJr,cƜ: JQS$yÝqP9~LBl(pa ɫil ۛk[HnV G5A!6ޢ@@]R-J'KmOݲw*Fd}Wl71$[7,y\- \'Yegork-ch$~x0k o8% ڋP9l VБz{]KcvJo Qos1;\}S'Ƣ`ge][4ӍkWNa.)|hN'S?;MoZ.wW8{HQu2U608˫aDZjR b\Tyb[ԈaXtk/!'¶k88 0$E`6ہҥpȂA~ w+Xρ}khO=TG-}&բ;'o3B~8 jm0$?Hk%2V|?@Ȕ{^ق5b|/ӞBS{ϝ&cmNUS {Dְ8Ƥ9LQmYg8jzB8O.B{zKmGS)$5s65jQu\MFΏ"l;nD#=seWGGF^f|U|Ó<+@fL|ҝ^Ns:1K(vf0i8) Y9È)F'd"A Ee4CdN#x 7I.R5A8z;e𨞈zY>,lUdb5\G9Z8 5IxTsGcZAh2U|\5 ~o+IAV'a5R32Թ:yҒH!]2q0h`usxۂEpK쀻**fTR2[&M])xS} hiYekSg'Bfg}vV]f}Y:g+j1갑. !T;lxu2NwM,<#2ısuܽ-0(O^Puyb6Pi ޲.dqzG:9NXWn. 3U@M{{-jئѡ(.j h4(,| =Dڬ֌N.j.qww$D”\c?ݛ:V.񾈝''cϼm!~)Z} 3"٥KVD = 5%B& Zur) ų HxBzqc  MyW0y߂ ouO>ǧa&4v I'w֑]9sBf{);W)wLjDhpO)ͦ1!yKLPDU~˙w` )J˖"2r_=$Y[#aS6ó?!v81˹苰B!~6x(LcTi=*AdzYi;v#ئɾ t%/W6bQ 4s.f=._q"H>D-D|[VyRoU|gjHPvb?_ܯaX{9{|S /e.gh T2>OygՈ7XE~:<(a1\k-.gG>bH>J.:o;^0P NSG@kJ Hۑrr#b xJ%*JĆ W(aklaM V: 1h0L akCw̮qFk?W͜Nxe8?)k-|I㹎# Ro?MzvzM?0GnN+ᳲF4} ڄƘ/#Ne<1g0ֻ/iNa&a'ՙ9e5F8o(*zL 8S@uPAcs(1xT[nVBI*-;`2ޤR:(ؖ ;kCÈh\UP " .Q\ @ޢf:FV&*R]'27)c=]X1{\NqU&ČJq&2; !"ĒȆ OI&;==Lk @)1Hw3cޏݿ1@+mMOX.gϑR; "U˗q 4 Rf% 1a%T/~vI푚?oO)z </ZFGFp)%cjqlTR?9)苽n> 5֏ݦG Q6 ,L=*jk^ uO*&Z6yu Gv(>e4dʔ2NS[ѡ7jF/10# ™^AªY 4Q+qS*pJ@k"2I]$ mG/+@ " gˏ90P~t6Vpq+d20hW;՝Х;xl *mӗu ߛjγapKv4 `6Źw`0a}gwY"0 O6)XɼQg%EJ@ }lP$.h?GZU$IH{(0g5TC! #eaVD+;S2u" bmL&9]Oh RNV]wݬkM#mZ]3)_nW?d(&@P05 IA!L(Jˀ8N"X#/ԏ 0›x壽;gް9/@o[qGz?{<7@u2035`"̯@ǟI R3jD?>O#T:" O dY+vjW@bv‡Xඍ)}šyu<6\89Qyk eE8 9nFofT©^=L%'3K 7&aTX:מwSQ*=׆6@ XE|b|Y'3R_,lBQW3=$G1Yoa;Kq'%iqz4^ HZ) :*\`o׆ dRy.@'&?ԏ&TI% 1~o}. 0 e@9F^;{z!3`ALu|Kֵ~Q\: 3eVjlBٍ#p;=j_O#A"{6gK̳ Twڤi`ӣ$>D> 23oZݰ ݠC fm;Z e ߧuՑAL%I88hsŒ+0{?D%e'T$ P+.13G,4>sYZA3o} Pv-B}^4H,(">] Y>U(x|ƳG5e "쳿@թ$ί-cqFWRa\Sy̚NZ,su2 /&c% d&p C$p d{Œ(.Ux ¹P?fo;y,:qՉi+8R8gPQb V.g{:wѼy)Fm7.++PhqK-K4"ƥb@-JI;{!o䆷'Ǚ,0]sZ7?V d1ԧij_| EsҲTzusMv}f슺QFPэ;1Ymx]Oxڙ$W-h`[C}00w]ԝ,ASKX~QHyM(7 [n +x߲`:v/HM'ko1 ]>h, [. ^ڇt:l'+tАΘD*.P_^KM`hzf'T|@(q<؄|nS0ythEm%ơ?ts-z#r23#pzX>w~U[p>^SFEHuqF]$nNGAk%3w$C#4Bdb~QYDpU N.\=UG5v~7|?%=;&;9BHeo~$I FPZœV jىʱ5E@K/I>gHoAA W5S3uJxd6"i`4N3kȿMt`٢a c6re(/=m>Jg"f_NĘa@zj\).EٹUTZ\fI:Cufͧ.e Q~Ɣ }ʌfXzDM.R{sZYH- )o<;ѼTغ@9+@j)C, ,33uqe@dcWa S"BKE za}&T[zg\K" [kzA]#⠨d%EdM$[PkEJi`9t6A_-'L ?3JMfO9 \q*l҂dmJ0b4Ԟ0lw7n#2#D}ix*WQ *bA2!l|LUl3ԍz_bKFb. :4KÍS rFlnV.VY'ڌ{G vC 1m򨗷~bpT.w̌#Z(W/~;m`noUϽkt (`Pe" OnԬA|`;,3},K6H)'7ua[#Ru[\D`[eߞ[$/ k}zA@gyF<=i@?rd/ c#¾Li勽k223t@[}}]3P&FdDzg[m>凞pVصay03S [.iKbKT'L&#=T(v%-Tu3z"eNbC?NzI<&F1t  M41GT4Z;/BQOy?Hca/vJ;l/6ݜ3A~֜ (( qz,|@/ 5 /l06DXs ңߏYzK'OdUbAVjXH.EVB2OOn`҅M{eU2:YIhdݨE}S>z6" HvGؖVez]`jvZ;ojJb"ArkSl+F/nJ -Hb yj7=% Ihע ^J?JK]DY3TV[k,cpSw:#pN,te3h< "a  f9]<`9skSX"|d@S;z_XwRj\ɱIܫ+!9wYݔ2O+>Ꮊ ,"}aJ}&x/هSj9_Za¦nY``Q<8ר% T)d6`iA I1OvǖN'{B@&LЖb2uiD|» FD:&&`[65I3J;p)ߍK!ТmCkp( Lm忳cD#6^}J 9Z ٷcJ}?+ol6FW7bdP =  C#Yy#똙زW`1i6P5so|^X^||57[=h}KZۙB?}ܔ)KFdYN̳(/Cl@#:_,o }>^P1TiUnIjvshjSh RX\؉@o4]-)_RY?r R=g=h.Qt>㧩/c&s: ]A.I\GƸVfO W;y{ψ1.[( ^cr=ͼzڅ M5QvL8s([{xAEkŰu?Ʈru:yozD2ܻy0r9 b OFIMCW.+`#y<٨cYo w&NDsq+vz}8SJn[E]h/ϥz]y8p] Uš%@Ď߈P|pLnuxA("nW|qlY/q?k_Cև2Q~Uyj`e}{/Dٴ"*s%kYuF-[ϻr׋#sU_ L\5ۓ Q21zb.P^ۣ!HMӏ-"*Aހ¤#bm 6J\tUHֱ{݀ D //L)ys€弌~B.6:Ym6h~Zq|9cwy _=D0QR>j\|xua [qXY t K4%vR‰y* .C 5=a Ovl^f郔8ڐEP;ĖPȎ`\I۱- 8k؇c8nw\`AMaX^}g@|:8ftgL'tgrz"uI#e3Fshc૟1OW}}BY(QeazJAS\o`rב3߻dt2-RK)| gnZ*CVx uܬ·[jL8uT': H8 tsN$Eb`;O%,`6sh%78s%Օvl%̤}9*ܭ&m;o 5ڑu)|} twY|V_. ˄O7υƆ2CD2ͮNc8i-` `taK; ne;iI}C ߰\sN[BZRb&7R#(dWiKv}WIͅ \ wjCM+[Orm']=[vSHFSX0ylty>+'E 'b@ES~mβi]`(Ys/iȃs '&/UZ9t4ΪhcJˢ*rzd~ w0g)6IB1rE| l?8]}e"u/w.8`e[uH.Ԥ6X^?gvK7 Hf} g$DlJv$pa`iP91lbe1 ]Q &B(уJsli1VY|"oD~I u>E0K$7[h3ىUAI3f__S=SԏpcsO-~\uE 1CvqjGrDi~*.IX>rto.7Y>ʐX $*;!Bnwߟ8cg2i`% _;+ S36c;-%aLW#x$(.[eV[l آЦZ!X  W &ҕ['),R?A[}FDSW`TpSfWBSo% I,N>fglbu/ҭZ@==ނ<֊Jao#'nϛ Ml2ŁDs{ÃM˓ekrOAхˤ$>\`Wx[4@Vl1R@RV1T][acv̀NÈ$%HQ{ e߄Y8򫻧~›^S*h y J~[-u{g9ST-iM)r^>l'b٨Z ]FEP{ i5zt~Ky;N+Y?<44#zLrz1 XX]һ`…+6C- 1d} Ӗs#1ArL7ARy=g}( yIt+؈A޳BN>"{GVh/ܥtsL^VH4NsL*ԟOj`#lS.u \ʮnoGe$Ԩ6ՙm޹t{F.=/,CVjL ܨ~hFQQχo&>t:&NnA@C<804ȳoﰹ  ӊ2*yV /r-Pm<./6gLIAHS·r*Ÿb󉅸Ig3'xQ˷@6貋5%i,/ R7SH63+hkh[Z)H|jڣ7OdR vzz9|֕½ 8S| FtwnҲ]zyӣn0:1Pp jHɺjDѵ쁖O FDQx1Tsʃ'͔H5WqGEp\6s&װ|o]K,$2jA<5:e{ܹU׏)e8/: iBƜ> v,csԝrķ"}`NV3GU:~fЦ1miN'Fo3.،:nIIg)⏅iw~ۃcU#|7S!|iNVqíC] l "$tv|VS$ww\Kn){N Q"׸xPPS f₃x:0bh+ȧ^hZQgGBb;_o1V7Mo&xz$8S-\[C  .ְ$MX )@ҮSUhy}?|= JՒ1bn[360ۗDWeoV0AJ.HDd#FlrzS7O7)Y{v_~!AW,W`ߠM1G|<7MB ܫsy x 7D"6x7Z vKږo ;ڭ'YXsGԆ==IY"B'yY%]+WŠr{_&jXG"H~4H',|mؘmݼj ed -z=ǽGX97v ,L:Z)؎|b-' 5L#"tȼO)ٔi!TщH%W/ǿ ʛwcW)`EkFaTô9WFN~TSN @Rl\CNՀQj$/ I뮱R1 :\d#Iމ(rO y)HQBPl5!]MT({*Ÿ$R/XT a\8l@`jP P37&uyPm\ZZbzUЌECQG!ᾡUd$ܮE@z42!˓i>h!H#lgR+ŸϺĩ/Rq~7TV]QCgy+$4$klHm<*t @&P\G˶t;`jGDvWY"2ܭ߆dcuJ-Z3 &>˔x*)@w5 tqZ\EO~EԴ}0O傫4}"Z卛ZȫfW:> =-tǛ&cGN"}+HBJ$<a0g6 )kx52;_R|l*yhB/LS g YaPȱ5p[K [cMmHym$ vP"V_tݨorb@(RO0牏JFwrL]L{PoqsEs bf&WaƙwXfŲ ^wMV˅vcv2;/YA]]\"\Z$<,$?Pǹ~D&uJّuZRY3-DJd񕩕.:C5oPON@ьd #\D-B[8CahOhXȹm; k8Lj_ nDB+meD$f ںՏ~"1uIkczw[}kө^}q)ʵe#YmùҎCxKo}I=FSCfN,kа˩~cV s=jy+|ǾKe3fد^"'/n f %)fw =N5K˹kz3d .@49K0y$v1iø@%/1X5c# tXAY+ً$fH\r,%txI>Ih !-t!X۽yc7 %0UV` ȸh,enWE9 uweOU􇀝.iJ"5Fd"ImEd{k[Yf ]a9بXs0#ݮv8to btOV5ҲK-n$yAo! ȍC+T.Qn! }$@~Yf|}>A̔T&aE76JPkL4ӽZ >aж6L)uB{#W(BE[[DtG@5f}{.{7D/Sln1VyF.tuQr~4tFs,4M;F 2 vNCק]XȉZ]z%&еLyn"Nnn{ 4ٸm 7>dgno<{q:΢@qc|z`&v(q^ˈY q[bʁA ؜9)8 !# Dru-.<3_Ȧe+NdJ(4c4`S2f;0j&@ s3 [YCtĦfVsͰ=2Rʗ")^I^XZvm1ח<ѹ*F ܈,ͶCQV&Ȃ0xΩ0;FB!!1iK~v]Sl;AnZ7Eu4}ޑ#KEP2L\ ,A|EP!e`~W]ñ]d%Jx o{gz bIutǓ7an牀EIz~GDOZ/NmK)Y) پ߮jx^v'p(m@)91pư©dW,xLt+ ڛJz>'d vEM83?3C`mWEXH,9׌VR?<7qi aWwVdA> K]g! a9'p'x c:O{Rc~Cf(O[ eCc<EU1[yStY!-]wDC`0.z3 VA nA?a;KU~L;*1UIW!87?PY*v$戂-WTAaѱdt+ijIzn=ADQд1r3U:˯ ns5W-]=RK}!61S%YnzOz}8mu #ӮÓS:TO4}!Z"LK ]KM>`%ݾ$5>G_f q*@iDvKHKaS&AV#^7vKhyOebZ}+s1]zgf "Bܦv䁧TZ@L~Xs#Cb~Z@rJxƇHR`c:61M*xl+Fq~{6-򜇉d~?N-zSQ7Sx}Vb]$:^ xt3bBb~= 1F6ybJe{i5f2c_" WW{Fd#5B eyE?"[7m ?/:<0 k}hlkTb񥌸(#ܯ\{-+B2ECB:"ZtĠL O,t$ES<ãF_:݅Up?}p^2( Iܜ軥UN-XLc cȅ'}z.<.] r3^Rm>0ْ8Quȶ .Yt.|qlJ=+:wx[{6ZM'˥aI>@b*?S|"T7x*嫶هfhBχ:$;&@Ldv)ο*: LOȦp̭b冡&y 0d>D`/sƔnA!h[δZ ɬZN$1/Q,uBth3tL3m]!E&;-LMmztIEbT$%I2ZgfO$ƀC% fm|"gppsͼu 2u^9ŀޡ$Dr]ҳPjJLYfo:t(C@珯tY>c9` ]V԰nBY 93e2$7sr)hisVRIˡ Γw%oc0/aLӤ D[2Mhmeb)Q3J@Бc4Ф<%걠1߹hs@K^58'27/6򐜃?_wLXFK5bPrk@#B-yW4b"L|2wfXl~vģWLqc4c~Wy®B7yhG+&gxDRf 1+/R&l嵉Rik'^6fşՉF )֜Ojo )"pFkPf+H>gWj;)KJë TY|1 \9ȭ6 *]"|ZXm?_[5{sn&_eha$jZ6ETv$mԶ6BZoUX/,qg҉Q-$5K!LMLz֭{^A1uVmlivTxtd^EEߛ0x{lt QM9&#@Qۡ{)X/vӦ6T8OA2Tf+ J{s-=5yxV5lq0{~YoNпsumm:ƾ ޺U,¢!d+|ݚ>C~(rn8[9F?~)3LT GF#ѺןpwIu}f+{tX=qӾ4@cH@Tc穣O>C~;x#C <5H7Gn:!kM߶d~ _aAedZȶA]E\?bmWx)=pT, һ@?:(;uTMF(B0S*x[K%8/>Y5WY!.3\F\rveh)pzXicC>yYN+m++^ ?+9_~PWYu 2һ[iJvmPLl#n\Io,#zQe;t67cU Q %7ۖOa?nCy퇽i6ÔN,,R^|)c 1É%z9E 1O-q<YIu;3IFaC]hp?ؗ,X`sMήc-8~ޞDt|n յNݱ(׎G?:3D~r#E{xv(XNE$nVo-S X4㎎/X,nМR\?a@.8i`)84LX9Vp@S$ȹI#SR0^gzWL+ŁL< u?kZlq/%YAʯ.DPmqA\)X!^.ُsSSV4;kn#NM^wI]"bfh(X=PX-IKoNٕ'Wm1%s>I a8Nrz.)㻀i(8 E3‚0N5 ?!F '`)ШYKz7st])B@⿐?*i٩jl[Y.m6|W y&~N{"N2?#eS:W8Au#-Ѣ+oWTxC`29:.x6)7: qKaɣPx~=ɺ(āf#KVs$S1;Nލ 9O9no43J_MJ4X~:ρ Dkf ^ m³"U띄 렭aJ_̀vk\$ g=Cyy!/㏕#;'1b(=Fz`υL"x<<] }8GQJ5 Gޮ-{E/$Ѭg;2} l!. It aNJ]]{TqقW4wZF=&r@F 3ء"7AT"Ė=Їv:J=/l홂z#_hg`C/-5MkfpۜG2P{4$v6` ,HU΃P}L۱ )V/xc"y__I~>HDR|P&AxSwEvih(i.ƴⲬWo;^q"RL7-h{%mt:dPWů5xZ3 F"LD+7m[䏋+HHG,` @u , 'A.lp8,:  >9 g2DH[~%pLwէOQץcཨQM %t>.0p9?8Ds'_|Pa(2_eY^gQ(CGWm+->nuݩ$"/d/H3d1-%YqCqHGS(%$\T"ϻsI`HDNte\2E3ɱC [UI&L*nɃQ.M SB(@II~2Sj|+#K!Zq:3M g3SD SI>"[E?8K/w ~pLZ8/ܛT~UKQ2 àq2%>,]tƾ/wOGl[7g(w}[5S5Yk} `޿|QVxxƀt743n$%2Y&U56: \bƔYa8W1{S0}w!A!)` ;vByL^V'pqn }zӲ::_ ZtߔTK`dnP۹g\9C9( xwocKm? _,1A?'']J͠J䍁1+fN,4j[_UVh1W m[5ܷչh2@p۲ElsC?pV'!5D}<"D~,>n+1-ru\H&6 +Uu5>( ߣ{~ =|>%`6#X_\9]W=0/ٕI9SbUnf䯵UO[6mCԙH5O 6.}3|yJ|Ĕ[r 3 %wubQ[CӐ̓T!$aRǩOxj8MjۏFQb"M13jD&Z{.hDvru .V&Rd+ ]f[]gbnR aɟVtw؋iVѿѐw  Z'T#Y,:O%*M䮜LtNasԁLzO;Y~J& vuP٬uqؾ0CM9KOz:ݖ8<΂! pkdtxBcq|݉8-?s}ޤgH 1!315bs~]7?bSɅ,2T;d?qy)ŬJڗ_n M1|5K~;jLb+9Mlm Jۜ3u۠L6KjZU*yWhXR,N(PE%^2M]4C_ nVnr?))stYꊹ fN=]47e#] -6wNs`G\VU`U3,cv`{ \f36*o¦&PMDŒ*)֥d)a0/tά(K鷂_"V$|LW. ɠj;c<5. $f8Q\I-r' O}^O>0Y{nx yI+dfܝ*:re&P/TG_j[r+7FY./YbW>|0999tŴlxňYiP6$B>bk#7]89R-L#zVzqh2zSpqo=3R\#;\9xI=& @a ~Xxށ+:kgEYs/t4V#-=NAհ6ٳ,/GƱU'w>.Zz!$uvkw촖ͽ,eٵG5""?d*;?ғhrR=+L|^"lV b(6zlԪvߒXpLO >G2d*E2IE**GҒ avUv; a@*14_CIhb_^"9ջBz?.m>0uj*9A4sp:?%\&HсP@b\6E*j.p&m;0Lr^%nAPE`[W2LK25\ k>7B.ssi) $WH$*h%BOw;O׏_v,gLR#==im/J[!>|Vl;ߪ?6҈5KvAU.rKLPwte \1a3./].(LAxNsR2)dg\ Qs$7Ļ3YLjY@߽f DY1ZdY4x&Gˎ~^('J*f} d$aniq񇷕՘'FV=C^μEaV$,9Rz̚*,O"Ta S|ЅƁQzh#ж\ K ">$:۫íCTgssXQOd&ˀƅtDz aHF9: _Μ3g -~uxGEN2^+\{K`54 dBlԟilZUŠŜeVV]-n0Un%@uV$ΚHQVƝnl qL) v_ukfic2έFR+{z F\Pm#í1ܓZU{K'J>-Sxۓ:X ȥ)ILM}BFUlj.7+lᖞ@IWQ㥿g**4wphw(n/Tk%=i p|!qanqA(P77mѪm *t((1dȴKst TׅUW/-e= HUav 4QUh4dn[R=*2^@F>hk|qOp@7Z_'㹎3p]xa_mF*T\ Qu /HhځHz}n{<^y+ʄ`y\~8c!ukyRPMLm GWIw@L-la1.oAa3֠qCp]^ $F ƅM&.) _Nt[ɧ'-qQ&wYG,31EQШ`^/ 7@uS~#,;4P\ԣa_ZFP۟]OþVV>q38Ej;XKP[t@\NesH&K[J|JΥ W楁ez5Nx0D- ~>ͪvɹV׿n֖$NHT3)&AIyi?Ӡ4n۷|x3ڧ?ގX[öM Bdơ@m?1jP yW)| GjybSrˉq*'h5D?Xz̐exa baTӂU__jmo%2X2DZKDIS3'4^D3q<Әu|c,X]փ?:D'x(m;'Td:8j p~ mu@^# wr`cZ2̌F(yD֠rgtCNmr A0>RnmTOPgYx\mž龀ccgْsY)ŔвB *Udh Aȹk_ƺ9d^-2\ Cq/>~!^mʸ O4+Erd&׈/l$[eOhIu {}{B',8}qIv(-|k9TBѾqzŨ}xC GS4Uد`c1@fITB-oWO2 9b \_|Ă}I|,=yAyRo`5BU@oBB>ZҤf#?X8"Q: M7uBy!AhfW!E͖O5)Nbp>]z{cF%-8㟣t9|~:V6(_eڼmDB@O  2D^ " w#鿗&;}*{`d԰OaVF\iA}BT'4i yyWFLb8X1dYyۈL{).vc!0l><_=[&jh=]P cWM;H8&C)%\A #paj_ D!\ٺj?:A$KuR #YYr"&kbWŖ$VugqkٶHn|;` 7f!B0nL3qTKvUӚ62@.% -2ZG34+Qa|4¤ _X2U)X3|6E5^a\\ig`P1/+wɘYQ QeI-:=ru*_K˭ryrX$-9.y vjt,G7޼5_"Ft"*{Я+Jt)u֭AOiaU>8vfˬ2p N 0< x+la{eyߏM#$+CdTnTucR|5";gǞ;f5` ~ ZkN%!O*Bwv N_2̺jhoO@PfRJϟ6S99t^^ܛ>_,)4t&SebS?YG4 ^T]SӬ`Pxtn~DPR]<-|]K)ɪAd(]Y-iM^Vű<1чAlrs/6[1|9EPx* /uSdp*>s&H`kĝ=Nw^ Ƨ[xe"TJ)YUYT`\lj%y??s#U1)>gTA\#uykHYE,g[tOecq$l #UNō]sTh]H ׏m{TAP<$_fr\DkQ t4s35f% lPc\O){-;bEe9,ZD=Y߆[.uhXڌgbg\D^CaYe@4KH#@O}̫s;^`l|0" DIh6\D%\E~i7}1wq 4P %FNߧP#m8yYj tV}(QD}V%M>%~H{]/"+Ɨ[>݉Uvog'\Il ,U78*lY^7Ҫ&*ҲaGiΠ&i0)i˗K#Rɲ*vGįK  $,bk6wD~r9V"5€FJ-P2Q 1T D֡~բRIrܟR T0Q6ۃņfLU DFׁåY EvT2>)c1С+헃,}[Wep< \xQ\RioyQ Eti|!+2eI7R,Y8( 72F i'ύ͎N¾P #ZGtޫL-X r\oESrX|4u2b? B)W;Zyvgإ> _lmz<̿Qj+W=+5qfp[1rW(z9ܓ5~v8H)w:zugQı&Xkrz%_fF-A:Q KCM)PEM04Y>Eդ)4̏hI:YV2f8?ߗ۫3uy+ޡNxpZ Į 0c|4'[Uc|N;FPsS m(<3{~_t$OtpZ]9oY>ZVv^0򔻜ؗqC'QXׄ+l?PJpZ,16R`Kh^V ` ٴL!3<g&ô4ͷ-XGODa>Vk|-VޙShgXD jO¨vJ#!+oPyÝ>(X!|sǨi0ꌼrϯ} e4ms?xH3]MPtX:[J9hq1)U\&׳óٖ@6g C}uyTxH8*`£s5뼲źKkl{HPxₐWVM?1(,ŭ&I9οh??t6Mdײ5w#{^)U(FQ}u-96֕Vۖ+`#h|fVGA&{$? ymN1QI^NH RNX4  xnoq"OW;(h&^Ycz2#wiʳ(^a6\D,ǴQLO+hx흌tNԬL׸n$a!ebQEE+g~F!8[ME<^A?>'?Jrà @tحJ9[f4ϓ܍{˺8\tވf00W8I`{#k["l L`DR:cF0a;mn0T 6u'S7䬯-͡JS2H@HRof>oK?a<*5(2ǵNfd"v9<[y.#ZYt|$ՙ~t =pvj5dw\ۊ[)}\ g#=:[xj$Ft{HSF`Mn=Dy) -V^ZϲZ3Fpv4ړGt#Q3U.n0.ɒLxiRt N963G'~*['6R0lߓ |׵h'S#c^=P?,.'-b c"sA)FrKks4U0W)6ߢNJY~( Ji~|AY­.ܫv)|Yժ.j;̋Kg'A[K8ǧ'+*Z 1 K(D;@G\?Bl]d1i3eRQْC<|Ŧ Toڃ=\&qg45e{9LHs[})| hPSK V׶+a/VV2[>Y&1:2ƖeȨd~Qk0e3P3#(yJևOւ (rlŽ~NБZ7˹A@ J5'GFtЦO/w 1l $|pd9D]]q|}B`\mP6W0-T`c;oGṋ#9^CbkzՍ_ }5)hhє⅑%%+O]?Z5smuש̌]1 ^sEVg9)b$]r<  %I]*ʐA)bMN~. {=c?nb<(FQݢi''y3 ޔ"Rkۓ4-ӅE%S@N9qL% T; > ,Y=ؘPlϕ %J䓊\(FSkQ?,%4MpKux`m=[uZ+^a"Є -f@VɞB~pn1PmVEDM>]n2#uMʚf ^bd~(+qTÿ,ڒ3y;`D:Ց@qz~(~+IVW]z>VcDv]3ݦARѮ:r(!܁olȞ*ӇSE=Ia֌@}}a $.% ꠭vl>mf(И1V_jmQ x .Au WsP%MbN25k4n䃆7wm3k@Fc˧}ᜁ?0!a)(}JTz<ГG g>+gH ϔ\6#_?B9ҳ$;t݀&xBͼ. ,.bKWmЏE2<ʓ:A'2l8 .\Qu#vqͺ'kb}gVu<O@9 Q.d AS /QG1Cu(5!vWPuθ";Ps ߇c0Qu6&*_-eM08xK]kQQ_[:fB76¦N- )lsQ(.VYU{?!Xd^vVPĞ`0Zʩ8~Zw3DɈSnQ$ S~6#, ,e^ڃ܊'g=tZ*R=ZYd >BblOߚ#p%V·g%BY܁ՑWp¦q2ݷfU>B!~YRȁLN6" a?/c5B4Q59d=gbV]B?͍օvX*sS=^u汒s|,cPdoq(9̖Ak.Idj RtPaVUFpjD8?7 {b/alh\MD# \*bbha~ZȒ*@ȸcQ_"0Þ =U 3w1k% \R8FokZO|+(O81遮Ӌ~kX>ݽ9&@Oܮ+xQ8\ֿ]=Ѿ\}1* AB SЉKL l}gF\m@ׁE. YNu4wed*i~ j?q 2V> aVs"!x$nb?g.ukAQ֙W"`(fj )?ƁA# @ϕOG2:>.9'7o5 D|rn)!F$G|T.XM=&I֎H c\C_tz3ۙG+6w/y D~l!iTu^!nD~^@WvYś9B?l a׼['%$ȋI<+c  WAJi߇"ooN2ley[PeU͝cjS m/QLRP@}Q| 4LGnegү4^K7n'H [U jD3IY[6_+`)b@/blQ4q'ɰ9n4}m^e78^z 9@f:~],&=1|b߅s~kfT $v݈4-&<Tyl/ַsl70$o2|nsT{x|@ْgN.!;-s]м!k9q_ ;F?XADu\V2(m̚%(J;1xkٜ@׽0;蓳bw,^(sd@Zޫb1F'́ f#u~0--RZ*$utoۓ]I5j ‰xuJV'TI06m2l]m1)zi gLfi{A#72Wi[ZJ;%efoz BgYW~ -ڜyvZJc2$./n<3{ƭ0@7b'd1j^H: -;m!3rD|󫋎dK;.NSteg"&q.ؽp;SrBgdI9hQ_xJ ?yv٩9ygb`ޑ6&^#1L0ET`Q@V{=0"ᦐi2on^I3*Db)쪆h*-e &zAX162v)49eXz8U%0ʳFo%9J5j 2öMCʦQSG8ui Ѿj$|f;W^\E_a̩̭84stsGEY+9O\2=8EV#J~:%B:1զAhuC<73g&Gܠr-jMNߦ 6)$ŶLǗ@P?'Nlo_ŃCB= Sb<_3d_sB0GNd&@Tr7(`R'RFdHZǜ+d<19rTn+ "2v@+Vc2#2ē"#Cc,<G_l̓twiXƷԋgqȱ;pie)ǮoZנ1hq}*O~kً6}/Գk0WC{mMWAZl /|:E4".P!ՠum! AGe2u*XR#4G:\b4U [r(xdҜ'ԃ@xn@5ӂQPZQ*H6X8o[-0 C.UR)\DvwWy͎dB]a1׉]UD*2& +f.}9]dJNlכHKoo&KY'R{Ҏ'˸-}kbq_K)C[/$;7P#1؎syL^@"R0RΈC =_e2q*)ԟ(c#Љ{ F|IS 0e~ΟzEpҀ`uST\K#@-/D _Bs2"ےid87q6,t5Y.>osEJ]G^d IQtV 0wZ~H}=֐K%HO8h3Fv^-yH~69G6|c[A 2G:OJ0WR8g§:{Є~(w>6XD$:^9(6,Q"v EZ;8Wf >M(/Yn2rs ƴ?#공`.aΠ/=N r56 =g#|)N+ j`6S8y/W~albA{ơHJukHGy0, 5%: }tpF7U_!<+E9S(Cvs}GS#A}63W-kõc#% ˲ㆬ~%I F^9jڅҎq>6@dWDʄ`fX;FFbHGrkW&5, {>3꩔7t?G|K^f5"'u*gGCWl(}m I^*wN8Yl>u?~0m&k̂}:ꌆf `T`ŲqFR {s;M6%v05B2N5t jiY?ãJnf%ו\4^1GyCO:0HZӛ q`]Y"zoUhǍi9 3w̶N9Sa=J4i?} Mq6wx/&_&q\ktKA/3 2yn t*P AY☋~l{ NGCF&.tL_2ڹ2! dK(I7<=ֵIۓDc*&]x=8ͨM[Lu+'" ˁN0 ߻ep'Bi,nEX"[׉u q^^WʅUObQ1k K l.zAѼXѥpU!|IcT2E[uRjY5Y^%Gh փr|v۸L#Sei ` sSZΌ1 }uw8]BL9BX!함WuQ],ֈc쇥Zf6@\V3דm^ނ&?Jo0Փ‹|$,bD(8YO~nk]MR|I'.Vqɢ^Ⱥ`T/[[ &-xv]SFj =RXH  cukԑ#bko;HuM :& Oʏcff<{ lA[g\:yy5;J S5,My[.0R94SpCkq]5Vo82 i!2w]t◈SHTdl4+!$ *c:fz&V*o%9l^:6"SK{D=Pai[(|}RTq|6(!…:ք[t(0\i[U\Jl["r{+'ۄ:K%IhĀ8̒U6 \qlCÄ70)-M-HH.-Fa"3r{]8gmX7tvnSle(r$i>VoYn7$:=o>q^43Y}*Wȏ]|GY9j6h֐spVbGJ>7F@^*_kQ4Ztٯ]E@J,{J`:YW>`*,ӼʈP`MP t= /j0VZޖ/9G R'}_[,2=A=s2ɺaIcejqf>0a.]wʆUNVJhfW{=A:|mzn|Ąq5Yc {Q߸ _jV%@{`_)<ӵHr6]7]rŊ'W=l.c2Mex/lٯҸܡصݗ}4{-:ZwkNϨMB K[t3>uARB#_7 F"SOp _A5!vc}[> 垔e3{͙ G^w{_Z s% aCi>3HuTBl(R[HGC_nD]}h ؟,o<*#EJko2Bߟaqƀ`ZT'wK 2}"A ʸ =)#4sق$s $b$PH5gzz+ZUgl@e=,Z541Վe%BSw,݈xӋ:\X:1 V&NV8CgP2gƣ`'ĕ.X^ktK[t<>o+ 9XCTu'qVn>}!<+#9š]gApb\; 91rָuP?gͷzR\(= b}Ǯ٧L}&G( 3j|heJ%̋ &{ЄLFrF$fvHF P}EHÍwP(O&ྉd:H+qy;?O@:v]>2wm%uy$}IV+ٟmv-BOޝ ݋ M{&= T4\jMo1cB~? /B)qu 4 I=]e1-˴HA*1m~荦И6z<هXFn|AšmB7Rl yyd2bV4⃌G{?Sê>-uS,c~í1ܢR-쉣MoA~\J2XRЄPaG9N9fvHT{zD1ca"P\pedTf93) {y/¸SB- ͝!:b44(l;i,?A_GLIy m؅#_Q9Z %r *1л߷7 <0kw)Xzn,p9ƪ?BeoԶX/D3GB:H357ݬ *//'!Yz*/(Ĉ.z-U Y e8Q'35!1\%8'O R ,Zhi +q9H؏@bjR]ղծ}3 C]`aCL)ƭA?|nr@!f :n5,;<;9e'&Bi܋_\Y_-ipd. kf{`3ӽZhze *A;dz^YANμ ' =XI wiUp%!hH:$gA .p'fdPA*F@M= i{{9:E\]Ƀ:",1Y ZS ȷ{ d[ P#m8yG-4N!(с<]Q< bn‘Ԏ^6Q>k)"o/H\$uJwmtz#)=] {Km>]xj\}$7*:BV Z@,ua%&' 9)}פ};0-wہil _]FzȳԽ"\/%^ =S[QCZi9+i :[Ze't.h:3xd\=i0tDZG*`BIyMvRGFpi?XG).v>#H p*}Rn{~{|5H EL9Kѭag(l>q޽˺A@öƱv%ԵJg1c%{ȼ}փ+zWa\{x[~~z3{'+r[ oA?tpU:6+c Ald=AvؐP'}X g?R˅m+&s >Hv2wzOɪPhIHpr pgo am( {U "?e؃X^/D>V-|7Dw;=9Ku&|~ `# Lz5b0K~Kcl]$VFI"qqg%*pxj%: 7.csHvM"GXWȆ{xy^xp6/V`D~,rD h(1tK S!X҇Q2.?d>7`psdP1u}O݋OZG!3~;OջqXv51;ۿYuKwdcHdn?ꌞ;&Y gվU#Iuѽaah_"vd <[hn\Gy+eHH'):}ˏ7 w@pSfaeo:Э_]'0څh)^\уr,]ceE>QލXJY6o;F]]Dwn!o!'KGlNCqV,Oӭ%V#RݛXmթhd:6Y>cӜ;CMU\hǛ%xq6CLjD?!hϢqլ Wk@brS An.ʭf^~ "ՅP܎omVa Ј!% R!R;n*b([u$`"'Pq&q̱z ;86ӏ7g?t$@/q$mY,tɾ."ad:1\|Qc;)4I#$b}?E:F1'ŝ{4_]CZdx?Kx԰|tU *crGQ`u#+O.VSՕNaA]!hژ  ˴c(_P:XeaZx>c~y; vx(lwv]ϢC7(d%8wrXƣ, 9AgЯ+,+`V:T׶ѫ'bڨj@VP4[+kVc@c3Rl8$쩆QCb+0X%MRJ`u6k۬0+K9 lJ0t''nEԾ'Om/#Nxȗ%h r/%E">i_<04ꎯ|oOE9JMCPA9&<ܯf(^Uk{T"XV0)lҦn [hм{z`&I]LnP#љXg+C]Mz̐_c@3[dCi1R-p. dPxYFG&}@t M] zI_ ^ 2/]F K,~2ZJ'Ӷ I{]E[ P/Qٕ狰)G& >tkX!C2*p@x FϊK"{./,G$Q46wÍ?ڃ qRǼ_f(_s{jH|K/dbx7a9 lUug]"(.d(_vu4Dp`r)g WƛSeE^DAiWO_HX.NvRيHkH–Yem`N;+ m7dU\+b/>p7!sڈGAnu!A>zƳajKzbtSA)ӴmGkH"r rެ*wOn+qѺDz|) xb2|zEx.D.aHZV@W6TwC1Ճk3"P!p .:j(eQLfa^Ѝ7pr|utQXm@'fKݕU*U%Q<'cin s S$?+vqB4Y]S2 N>~ͥ0tM+q(y8xɲ88)*2>Up)J6w0L(4!%q W]# Qf'g^ػ2x"3k8y .|`fe׫ҼL/h:Z$;-yV фޘJrbLH}Ene{.lY9t^3` ӹӖ3IdV_ԫBM`j-YUBįuw~<6$(.]l/dF.>*&*ۇ I&C%MGi; 5 P'H_OUY{w51.HuXi^VD=z6siMbs'GTG5LA"aAU@}뮐@:טR L&UnfRW(PCsRk zIj'b^|Ӝ#kxG HM ;ڕbr Z㟏V0*8"ᆯ]Ku A` *ngG:˂pkO|Jn"K}.9_^΀`$5戀;e7eI=q>ސؽq~_HiAsxlMU;Q<>S0ӀSVy4@9~2O:8tvc$/Iz"UUlNmRGr_cq$ʂ;6atz?ş5 ^w@0-::G25/؜J؇A\T92L!BBdYGNEsJ*IִsW<#T-Q`[!VlZ߁Um5D 7yx9힙Uԟ` caѓ+4^- q7 R[Dkh(SX/[6B-Љ<-2N_Y:}FjگVx(DjHۺ Pۿ"0ep+ 23^+H?`EZ` f0*Lx&[_*/;(U0IS៎絢3-;l.ci0*K*%vnn,yY;j1Pc` aܬvqiu=uv\j=;L|}~D׀x`WHepkt#Y +[Pqus^X((ل6qvSn# hh=F+u(𙐓aXrI1+mwO_XU9 8G{4ԕ fAiC-xz{ؑ(}g$~5w0Twm4$ 0" h1J/0RE veɺzvFi+K*Q2^nԏߩ9WB4 fl)1~W@ɡϜ—qoo|/cNv/v6~4_}CGrkP(M=jyy)3HfOal{f6o*2z/|(uCB(PR<:IU"hM*DsXWɼ2rLWvPYKp>\9ʺѯ P/fimR| O1}{ GVnK%=6м>fe~o*USb&1,!|<岣Sm8@0iLPc² 3XH`U^fޒ6!,05,mZ;?5FxUQٲ+'O+iILKM g6eyTV۵k+M>?Qs'ᤫ4Ϩ,\5H+ڣ( Pl'6Q䔱򵘈_Y& [;^*-X,KK؜p+[y<%o[Zb$^vW.Sm'q#GFG''yepvI)f. q (:cTD!erh-Lp wCS+]neearߊ`˿4.^86qfPmޢs !_nf]Ͳ S4juXd:ri$#ŞlTЙ%}3wG^ ) oTWǨw d E{G^95o]0ޡM t@&^@Ie$1k VǠkjXeoy),{TKB&-l}v8h!c4$mKb2\A=pO*e\ߐ\r%i}q% )T-C{iD_+~gyYIKM6Ch4$"=/CIwߵIkb|K HV]VTm@XTZ,H6[$2Vv~!>= gȢKm0ը5)xsЎH\>7J{bw\5,{,+ ch{\,p{f.TLJ‚11hD |H; Pnj~16n_O`Rq <;ojbzw_KNPJX-g{@$Dzu+X4.gMbՎ}9K zbEhí·E $[h4bE9X),Im{fIu4j*TEA0\x$EYݑH1)Xj ;|Nv -(K۽`{4(yhd ͒ m>#/2co/twơ.2^'n6)\e3 d=`}U&d=9~z6m7}\ ">Ņ1/gj0RFl8'y*pmHsNG6@\ c6ň=KTG򅍽Ζ53DlSUnl}`SzOF.yT9O6hS>}ʓFUz1GX-˭6G!lv*l.곫4'ؾj\/ʎsD*YICÂqƊT!#nU_Y.p~n|m >׮R*{srOBg2˛?&SPwI ~HSpsڗL=RVNT[Aak>h*Z jϥ\Je@R,HV]U24-F frQ*R\Y5_C[ThW o n0?$''+QYR]*qV~uHS| އ?}3'ų5^nčL詾x@ǃ$}_V,Iӝtz1~45'O!Gmp0-/?Dso7As#{,y_!ޙ#Ͱ',̀o*T!O.\D//zqM8<&iOqgv$q|Z;]1l1%BY0@A|U,B6lg! moYO9[KͰJCu_q͒?XD"'El;t*ݙ|.]NYăhTM/2$g;I cd<_q.`=H]OāT7"94]RXmN +^M+F;\ƄCbgu>RN:qS-jn xl |#HēJu7.l QN';*ė6ֈO^^mhdk6poSiJWᬛ:=m6ͦVJ="-'LQ-sBie#eE @M,9ƽ"FP{4i ћkOrF2lr QG&Z;8]i a6(f(B ZH(WZp:OZCMћRK% "[j|bAltBOKg;2M`T[j9s^sR&v 9uaY5" ޷%?;scyZ2kRrHm\q/0aH^Y$]ZOӤoE=)`V= kxCҕ1n B[>Um%b.baR4Lz#4Jkcos>H o2Zu1V]BL53#٨.t">aL/"d=(zMPzy*z k!8]BcQݣ)|)aL3Sc逃)K( 1HX8Z~"Wy0!uA@eF"[~$ -;?I ns6tg2(%mKPh⅔u-iD@ȼ1C dja?e@dR^WvqW>i][p\*wS14ή9Q0N]yZgK䰄Y~}9*j2~JA"lػ==`- 1JfwH.RHT-zuHi›| )kK'Td?)`JP5y[}/no`R4Zd4lʐ\ zđp6P8,^4mQ>mDwOyqOiř߷^mp႟RGڂ) j."M l NxNW|Eޞz)5r8 MzXabfhgMѷK46uĆi0yN|{CQ$:;ɱf㌹9°ʊ&eQ S WpPCVŚ$~)ߐC3#̔F\qu7bYEtCEjN2S㐦gG7sE j |`Xzseag  &wPaeK1BYo]|M]S2_.h F"ѾٯKo5:=6aQ _}X'y:?U({Z4V pMZ9Ӫ0:tN_"Y~'Ļݘ=IioM&]m+;Zk b+ dSb=s[)j>oVߍ&p CA0D3< B}Ʒr.|M5EUۧ8RՃM&Fi&ܽ ;DEPl&/EȿAoA/ pP;c}7IzifZXٰ0k c$#PO 9#8`7J3;l??(n]Ět|_B67yŶo^7e^76܇F6m"cXE$ځؿdfQhini6t,ja8Tq%ˮHȽjOGfZb5;@SZ{=0\.X !MG=\0d1Gr:JZj, = Q}<*8?EH 9"Ԯ 3iG50>Xːr8TTlQNBQ{GY⒁@ fa$;EL ;LKVi"o.FpfQX3iK}@;=I I(k2q[qL|jj`l]RK`樎KIugGp7\->378Wl ϖZƖ&7i,(&i+y[CQŏeJ'WkeGLw]/5全 y" s<v3w', BA͔Eɓx6D6kyMW'O CMf)2Y>{daMg"z.(ax(ћ~) PGIg& + X&Ѻ|l6Fu|Rkh̷ܱ=/Ho4_ ; wvﲧ^#t?-_ *B۞4FYDecg2r_QF 󂞪IWI 6VSb.ts9 BBs"3v9k怢կ y9r@%~nF̀8v T2ʚ|d-ak 8׫O!Sѣ@) +?3%Ŭύ|]2ItuްX\ Ñ3m\ú39)Ws8XMIw qfdy'tnDW^nHc+E(,-zAMw{lTt@V'ޤ X,-TjG ߈uY/v/]6|3| j ' 5[/4g-+^cV*ni,_ LjwEq6D*!=>v:Z_P/z}<>Ye {DKmkNh>Dno,CPCgLprԉGfNP d_` "P-+=׍!`nBz"TfFG $sZ XFy""/0UʽSHKE6ek'qxCQ.*[Vd{Dי|$#YM@I)39C*H~=d>.fc\H慐S=`;J 1<"5*+>Zʫ[|eeM͔3 ؿݍ/O[2UL߄B:ojߋ;xVvq41O(TZ7;f0$uc9\ [IWr8;_"̋^]nB߸ϽM7)TЯyd e1~w7 ) S_2SԿĿ|SK%$k2$\X3xi2Xa#FD2-d!I_!(t,bdfl&hJ ѳ\ ٢ޱPtldȅ2"ӊGuS9[yã @@ks>#B&M=i+ s[Yycd=o}胆 !?75U 4̩z7_>)R#"B03"c de$N˩]Zo/Z|,d:h59e30RO!g~4`ӨQ|P?'^gκ) "WXj801~})8ijSEd0Mq6BV;X,sT.Tխ/=g0R{ &:1%*AZfY\;ʖ)/ eF%mo{li IJ;H:DCS}fƥM͑"ouI%@ۛݣpAʮƨ;2zcJr؄+-k boZUA5L~{:.Acγz JkU \jH[Kl20U 38Lm]a&Gv05.ZBͣx/hsA6ϝz?L(( :CXzu,kpX'i 6|%ÿk?䯤%Lډ^}[') _eP=xo@!n03 HZ+]aVb?=;f:5Y@ gȋ~eT :#^Rui* Fd7L`NH;?bHz4@:[X@:vAwÒ:C MI"q+$u%׃WC'o ZTdL" lZBM#oveH>j>s K3E&%Jw~`VG= ptr[zGZo[G@$bmx\TҸѮpe=WļުaH$V^ BvQP [_`X32_iP^B 8T#q0qH^R1Q# L,'tD1nAao艉 73ojlUQZ@?M54UD|JvJAڿXuVrk;X6aM)`r:?( 7^*ZbS @S&v:.]2 b5]Q_Ć|/qXREm36r1{\êyJUAg)NGj`B$Q{v}},5"fXL1q>Gjk6b!ExN\ Z`Ѱk}oe¤R 6f[d6 %De*iފ.72YFgHQ u9*:-΁ceǽ[TɝԦLߗ/{ 9IG)^٥q͇N %G^XE F BjLA{E͛F_fC~ .We[m@fMfL;5VsC}=l.Ƅ }* ؈jҫi@~o0ly[kC+j7JLP^BLoã1vyEηYO\ HkIp Ai"\@t)sy,u+}|@mq6m}4"Yks<7$ew)@c#j-m3n8Q+KpZJ]=ҿtu /,yҦ۳N6+1–:ٕFo8ոtel={6C2f$LHKO7]O2MGmsܑјP֢g2]g"„ZF|]X$vy`ʝ1&^P,tY5P,8eҬ!J8ؐlLm2#ήuwe~^/E \7y1eN*=Ö0 C K%,zj.4YmZm1`X]wm0B л;9a#=<ӧ}?:!ƓjEM-oB( K8~}%hNh퀟B+SJm~څko;<*kQq;,Yَ~1'"oucgrtPNӠ53aj٨B(AhL#Ud%J^:-Y1" 3a7{Œ.g_;K7D?VՍYWxe u~tOjY(2O*]мG1^uaEEd>,[LU& UsE;K2n+/|ڸ$붧J2N(_6(ΉU|%*@X4rzG47 H6D0b8ȞH!ej?=,PIg𐢴Mv f`(:Y`d[w7d`HPD/D%HW_20';yUCuk)USyp<:_t;fIR'jMY\X]W˿ZuVoNn AbKs)L_IZ R[^m-~;;q8XJ,)iiP7־}ܸmoܨ6j7)A9MF1JCS[uRY15PWwP@DZX;<+9,]m#!W]+ UVzmr_g/{9w摤)/ok\JcƱ7L%e!|N3\qD1%W".yNq;BNJ#B ӽ%"jGk[Q=r)IvvT߫C;|hL{;5ψakRn=XH}E*>6o-+)e|"!7n_T͵^`hp`{7 +9Jڗ9+.7uI_#٩m5Ǡ0"M8囱`XJٞrqzuEx6*ʏν 8pjʦ՞$=GPcP~bРl3`jMtbծ)y^Eq3[HU/6( `ťO4m5.XIATFUVZV}z mVM-kFɔ]uMS4 KFHJRgyMY*FVYk*ߑW|΃0g'~7Ɛt<+1A98k]@Be %֮A8*v]ՄLSMF3-,: v_ƶʋJ]jUqkP0İhYrm5ZfDA#%?Ue_E^1O,2MYgF rPj1`6~gDpR-٘:sa_{9 Mj܂? :bFP#Z k& ʍ#pB5 }6HsPFQRW0SkVu~GM7G@fƒ8 hh|Bl,Ht^ ~p.L̔4.2+ BfnpI_bNdS @ Nz[ )2<o<?O)Ќqg_Pa,YP}neUz"5PӥI^Qjlɉ3^d6;F>.ZMLtĩ銤1#y?-Ξ4 L|EWk# .RJ]tYI6XV@\q\oiz{ma9\1<.$]q~_O KRfx\n^`.(:u)`#<댨;6[C]z٧oSӺ>%\~Jb57?g i|m(V]{SN5;b&Hbk22FgfZř6 =YX !<\8mC!Uy.YQr Gk }\H0[j\vJ"álPԁ`V+}ZVѠq=&/,`Y54>Gg UH wPsm`;R jim8k&;117oe5{huSV9c c/@SKS3 :-}| 绣R_9"'؟0T1kCBE֞28^oʰG>z͠X%J*v)mѥpr+=vH1$#f-8 1t(ڠUсL=uJ/<4{H?(dH_bLGFTZ3qqiyse凇\BT~62ߘP0R%HgSW_DŽ>%sys4#dS2|&suŵ;bWYvfo~zFOIҢ . ^\s) oգI͒ig߷x>p*^DYEw ys(j(ж+[=W;" dž;`mP]3snvC]?'?ɋ߮Ι4TSyv 1V1|C>Eۮm2$ݴm!3=S9RyM m'GfLKjʒ!VeW'-9NCm{8y0bOv0 4Wǔ z+IxBdoAy3%B^[n-vjVEh\B}JRKz͏"<}]{rAZi#pw پ2zZīoII`0KK@E>Nft/CfWíG8Guƥ04TdLSu*pL=ia:ue>Wc-BRU|1>pwY{YiH ͋%[WkPN4EqW[>DW\Xd z|έqG%ܝJ.Q.Q;5 RDIn+cdşhbKC"W{NaP\1?f!( 2бdpZMη0WK6aCw8_@lޘ$\T"4fƉz-"cNUʹKˆ%5[B%#HspӴb~L~3&q\WޛlKA~qgךobU2RפV W.Z"Nr㈸u{h#/θzy"8,_saxTfM}M._K( ㇰ F/*,ɚ:*ժ;`w_%#A!Wyߦ 1WHR2A`^rptf$T9&Z˵Qηa]B}6C{23HiG0rׄ&(e{Ε:@fo:%TF]vY2N1(b ^YOzGcoTU_%*nzucG G¤ C<1Kb)&(ihx+ :Hv0"E-5LuJ1;5F=X~DVL8撷)m U"6AbƧ"LC2sP:h!Cziꄛjԝ4gSV l`I|,#G)-vSK̅)]ë{3p:ML T'tC 捐r 'uKgdAf/p%Rev9gU *>~2 |Mt+g.7 K.RYS]M0nȢ9 An>ba%h gՁJ4z\ ًk**峄Qqc KGRkšQkq&>ߥr6% vkNtE^#<0{1h=>ٍ:(QhF'}"%``Ò"amRF`:ԓ)}7˺hҢ>n({nN).bGH]EW$+`it5;MцfQ#Ve =7#]3  ӣ=BPuL)R#qo1zHh> 8jh. l2#Ƹcʽs%dlW%霗əZbCn^ gVU%avb2ԞQ1q5,6w,4oJ?al˄L=0b'if:CDK{Z{tc<$hxPQ aag5  KW,ÿý*%~0 0<:'3iZ-~TU swe/&b|r=d/#y(.D#?Oa[gu#WzH|=0Sנ]2u mh%B kttWbԭՈBrޗ1kYZg&ʄlhMZbWӲo·tRpecVTR&ZDOGm`l]&*|!@H~ ŪFb҇^K寬IIs0FwAKñ)dAUdcw`Ev8 '2V}~y}SûYZ׮l6%?A!V5UA(9TwnSֻ -`PFi0'Gg1(zaQ[n-#ެ76m'Pm=U?)T?Vh/e%~{&ޠt ~dϪ)t!I6*=vxe.42Ni|T-(\ëB'Fc&|& EOJ&T9 CVT }ۦDrК: Xh|}#6W ~׬A/3FN}vqn-mh_&`M/4g^ F#Thnac}uwjq3@C W1_ 2#S#{QtSI]nQ:}wK1X_E0ϫTz,ȬOت?B T˹-ݘEҺMH79%Xq-Ct! +v&õ@W{_D\]wk9cyPq;A]:6[Fpꮸ^ ޒ\EN”A7%!l 9_4ޒ{͇&/ ' _h]pH-/<4Ne=','Racb+M_Kr-CZ(x&]Pn7=j,?gH3wV{ipld&?ciY&ȑ&]T>׺V}TqS8b@Lnw02qmJ3k[p ]ĀrI lͫDRhU .ey Qt7`P5'{{Yb"k0 ի13=@0>>ՇC<.Z@jw=M57vՋdQz{SH+$:G E\nD+]~CFvMpW’6krX"-O F'_wl X.7ᅯy9UݧDE0ZuRyj!bVgҺ I_̋b橨l䍒uO>x@$hq5InvR-ٿ<{hM8W>ìHQ ){6 G?]jQsf&AiY|h5"S2t/+f1jCrżEȡPΦ ,B5^kH ccc#>|^/(MWD J%>ѧj/{f+Ǘ]UJ{~{v~RH$ׅ[ `]Ѽ*.H6A`#z˴r|3! v }2ճ:iZ6݀ԂDaW, L61-җO8y$&R91me~5:%؟1G:dڡٷYI'ֆ5ok>hs։DxԴbf]B4U6^> x2/wڒ_BC w#˕;oM!U:2j4-?Aul`5d!&qým֌ֳxzPkm3 O.E^R!Z'#%B5cPSeBz@?yBӟ^aX;vʹImuUb3LbRd` (0!_ <rBT=Buj:  B*)@pOd%1-Y؆/>t)g[ZmV!lZȡC,+C@[e{#}2=83*Lu(05Ň}@irU?b&p/2,Ebs`21dN2q+ ۏ+spj;Ah cem8wTDKOfLSm;6N ~fЏ$X!1?,C8߭ě?[*k ZZ|޸Zmk0%!uʹnERb$Bu@0&2Ad ~oE2b()r*dgj:/O n7NkT 3AW`IobMؠbݪ+E^Bet$(U5̰eDN/h֤T9qFs}lvK(5p(: Nn7M_2¸.SvZ3K>=xV5\sPdA|eNƍSlFaNiz8Yk:. ho&e$kEEף_2c͕7wMٚt{omt#}ۿ5 hFtߋ5߂Spc_˜nKutHp#)P{lg90&SfJrDٻ[t7rDpm[Soe>5o (4LHYH҉L{ϕtV}I yZjDfGq2gIӒ"]ʝ-X}e{,"1@O`S!VpFogEԀfǫX 4" KWR߰+C (`2: Uk"=nC%B i%"l]@9`ZV \:m 8QLc r }V[ 8ͩf%gj.5Solί(=[cV#ǒHfN^>1'|]OKR?WfJQP6]c#eKJc1hff6hWwŒ"uүIcBF ]t,8d5{2x2輾֓}A]'=S*n)Y犍'y%W^?{ޞ7vڴWoR42HT!Iz)}68&Fmfzb%5׊Q\a<^Q{6W(1­`9|,V=o0WᗭFKynBpwC^1""e+d ]ݚn !L8Q4MewjXu[p =yh9pPOƔ$P2n"ğP7*0ETWCMZ_=yPTqH%N_5`1liĠ`m֠ AO@`/e _f-?Ӈhl%IᎆT-wx)jiO-JV$%VY,SdUu[]u#|oD*:5/8tMo.j-&ՐƢۺDLe4 ,9dJ!s>nĦ 8iZt9پ ~7k4_1H"u')Sy%quG,r=ICj%}qL [ L'^%8Wpϲy4u!qEOX 6QUy6ӞI#WHMZ% F׃K8¶/D hƻEi#j}␷&dV G}Sieo.{618,Y7}"T|5 >82JvQbB08ѿ|IL= @(Lh39۵bR82JĐPCx劲^*dwA>9K^@OǬdlZxc9mp%.1標Hg*a xqITol&-AY~+pRh֒Z9ʮEܙ2; lh[WI\je:֤*m9=KS~]p~UGIa˪P}h|,R=7Q.p [p`jc3rCJYb=s P "2^XL8?Z<\Q1Gր|lV~F~?\TŒG˺{DKbBLdz?@\/(ȨS+m-cHVL_gxv9`NKUz3 ^C+O-VvGY黭Kš,/1ŀ,RFukvTz8o?OT KVQs~{Y@0Eq 6}Tpо$X]yw&۪If|hن>'Wm!=@eQ=k""3W2VF%;NňDNL+]KjkI.Ɲq`xi?55T W(R{ʽzEHXdËd2ƚ|涂/Ɗ1ZصE.<QGg9,6ۥ'ّd>LqäV cƝ[7І*V'$G_ iS.t*Oԝxm2-Wͱx9+VE c~2?3싑˭˕l<ܑ_#tvoK^W j2?7U}gxmy|[C,pDDyO@YoKfM^kHpPO{":-r8s2]o&i{Bju٠K&oKyz=u2&Ƽuic1*z~xm;$ .7?qwnҿI_$ |/rA̘#di"`-*Osxl DҎb&KU쾆ľ7A&t"q8#qR:NopNϘۄj3"#:R'$ X9255RgaϢ~B("%& q19SY;S6TH)_,{ZJwVV?""ThW/Ss͂ >ۢ%n_/Qe&CrG_';y~5M&m,Q OwRNK}hw_7GM R\(5(NA aL3U>[K-^J}eM㸱Z+:{]Wie`~|2&\7'٨m 2:ě !VXJO1=86ފJbHcJy1 !c3s#.quH1jVdDzD^Z#9ǎՀ^&W80ȱgR6KHp瓴W#CrRi29"HLj[Q0:fOnAy1ɵ1E-!}8ӁBZ@}ǒe(! 5_GLNipt A!-DkԜLPn>91EW&@RVAevUhs83b*e{5IMSqT1n Rv8͵Iڠr8+{_ZEiܻ񴼞i=I kq=x%m;ϸ<,@=[s1Gv}4/C9XW&wr &G\̕.ߗ*4F 0RoTff> C[LY;!OR.×B]t֋>Y}T/zfa<3b$,'o'tp9lͻv*\uf~Y=BIq+,]k/p!p44+w^3!J&Jl(CfUUn|IPwOljo(UoQoۢKf@3٤(>ۄ I9 ']NrB>2po2*.zWޛƞAf.xŁ-U"xӂU16Ij6C$Zύ$.}/@hujF!Ԇc(·S*,:iӕWF#'gKc;B 4VOGi5 $1v6TeNm94irna3 g,g6\KB+LPJY:^|PiҪ͆5- iq$GvǨ@?*(O0/OݏpD+FZ͵0hi?)2:pdyPͯ]ݴȉ.[fR %(R4pH K)~/őXhOCWUYQ E~ڈ֕#S^s)r)xhXE:H^1.~Ui"S_?%[osmAax~M*ns[ӧauSFscmcqqnL۩3aP`,b"/0\ 3e ;4T15;:Q^Ƃj\a޷/ y'8`cs͘R~A1VK%UC^B)JyFy,1~2J>*)Mô65U#lvikQOLևt\ֿ )o.p!-r}7P"[Q@Ik3fYjWK&-ŭN~BIڈR|tې86 wUHrq坶[RVLnV*¦}w7c ъZ4+ZG_0O3H5Ֆ:vT 2ur:݃mLTS??DRg/AW.?|j䂳ϸк9ox'3zPĘ@\$6;[)C*;|ڲNSc&p}/Xh-wؒtMSc]*=!8T'HщO=ӵcJ[`7dM7w0Fc˷"Y:b_{t[Z<1s4kZا̖֊O.*daԹ9\D HI_I\9HJH0sU0 o-+]ƽ%2˽TxHh8*%]NFE?yOUeJ󓿵=MS1wQ@n5h :{f+Oĝ'tQ qOo3DP %H,&G0L`EZvPR7)w輆4QZIo)K'> cu3q^bvܛ#gkD/-81psM#jjn0T]R$5$Z&MhRަ.(t(˙jG"l+YPeHEN * ]N&]c DY4E>+ZJt7}gd-"w ^Vvx7Nj=tfWT>1<1~}hDr5 rY1ZcߝB>#ۜ %^sD?ُcp{hi<}XCkZh(ԩH͠aO_Kɰ JXj ok"Q͛,7nd%Ύ*j#ܐՍh`Ё'}owQW4:ψ`s6`n6)gud(`MUKyBKZo~Kr4XK!97*Jk[ ? rc\Ku")!`N O`4jQԑ us#*OԵMPZ[k/Vm5+1/Oف6sH?NJ^ )2 Omε~ H<-cnbid|IeI?d{EBtRR-ΐ]ԳxJ 4pm EWCbF^0귂wJ6 Jꛍ5DH~Cni ˰9K ό\3j0 _ioҩgc90{ b]:w]fJVcJqm,3|\"G~p"gg#NW͉Q ho5 w|"lVeLdJ.KVZhB&ŐP%+(]kiC 9SfE(1.dQrC׽ȉl'} h Hd{̊~KO˶nܔU]ﶌ }X]{s҃5.B 7 #0!_Ry B`^"s&U&{)ښjZN:ȑ|6t οb3ϒ\b g*gDĦN8 Z\qCK~h K4 m8Ɲx6evLϽ% kYg'/غlmтg#Fe"ܙO+sqGDhR9:h2c̒ξc^NałolZ=dΟOf@9&@jzxz┱U `9; n9L8&FW&9DJ :1Als=tE;^Sg<.bds@#lδA+Gnr =X8T ½ ߢc8o5ԅQ  $'xgER>V\y?8ٔ̒7KX[1TX3Ntl3;#ntssOF ^@\%,2e\yUV.p0FՏ0O1YB$&@c]#ު@x*nS"q?Q\6'> w\x#gE*ܤ@`=AA&+z;ͽ #ߚNXH-HFq37dbF(%کR+=/}c=`^̕sw\?8/; (/Pg[g[-kw8Al)`:@{w>-plpAN0"/^^,6l o?yzG1dvg7Bn=S)PkM>zER9G1>s' ,/,Vy? o_^'Qr8}`+'q0خ$eك`VESC[v!G `Cv2$/(V4wee?u>[?5=' W9J.8  P<6)Z+'gW*QY ޢ]}UU0 sŋq=M,Ly<WG1V~bUhD2zt~J46;7qpJ4BFr19fWn<rNy5`M<N$:Q4[5B(SM߻WCfvVp~,ȼ!34ݱ҇VQM%.&W?@\(C[qC9g*!UA2`i93KPGÙҋP*aZsN*0ˈz5'/&'ߢxw+˱Nef5~.% -;4̋PM/ϲ@]ImBzf = [30}Vwu11c·,-vl"QWzop { "wK'%cncBx{ZJAnl3?XzS.x%1٫av->e$?0|5+4H[Xl &{:FܜSV}:;.Qv0 v.!W`ktWl@$[Ψ4.lz XULL-bOCWe^A1h޵1Q9* EӦs^5Khy%{鋝?ؐ5z+%W#NKG=2H*DBv0(jI.IbM_W[Y!N3*Rmt:GhMj9Պb)F bw㓼#pK񓓹jK##$K%09`MU%WվtFߦ$vMocۧN/N={j| 8q');n* , 5l!H\i ~3a*K%08*vS^MN()3!.b2B{)\6E>][79OQ㬻{d^dZzMv@k@%eЕ3pw C.y?58&Sp;&FY0,h@1KݰMع\<$X||.Mˆ9,o)ͼ/o/"g~DQT>ڪF [[ÀLzQ9p pƶ`X(HX,#B[%`ba|ЄLC Tۑ'Fh RԐ]Zn? lb({_v̦=4=pYuCGfsr1$l~L@T..Ǒ%_Vf/VrGo%S- pheKUC>gĒԣ¥~ҹ 5I 8%!h rT%}JsIcF=Sj*jQkS#>s- HVk7P No14}GߎF]UYk>5&1{;_C Xp hjR-0Ro;gy^QrqC 4\Shq!YM#֙PWإͨsEҝǷ7*?ū v)++ZHX-/a*–nցRKVġE5lqoE8/£?l?݄uPKHE༘6*3:A D[;x;|1auJT.E[yEl- -8 AP̱+:V7WC6v-(Ɓ/bzH4GkVܛFm=K83Q;<d0\ * ! .A`FzFn2 xgcպ.^$3ݺ@ij`́quwKrebS7c/T>S/`UߴO!2G|Oӧ®e|[2(;;.MߍiXiTv؜^6KDjRw6K;7)U*_f֓*""s-6T%*w;yH~Z*@OᢍHҟF^@](!-adcG4ኺd~E{2l4dG\ִ g3RJy/a<֑~r/*PGjy;sZu>JVM&7:Ly๝^N㪪N絊})fz>Ye]7d*1VEvSUJf]=a*B\zNˬ{AcY"aˆ2z֐~n[ԀKaB'L%=M?aE\bֲzpg:yغc朌Eݦ_3VWQʎ=;epAb;Esp|eʆ~v`̃%6|sA!zrt"`ӑۡe.4"caw&1~Pq:h;VpќfzslwK/3 uH~E 2SU6 ׊[Wx_+!L,F @\8`4Lt svENUD.|=9534t#ڝ=ja$-y8/=WBN?#SJySOG=b󯗯1hf2ӟ̻ԝE&1l'1,GP#1Ƥ~ǣ\Fot h'1eG͊VI-YLmADZ7EDL, VSF }#X2lnp%]KiE.eXxYI&qt<Vë՘ </5rw.pVAU:gbL;ٴ$ywQX81x|I[&i28U$z*5EzWxb,ةW߷U1KO:3xLC)%ݓ1rxSMs˸B.5lc uiK;+WSo3Y˭Y'!?5o-3fUOQ @<-Z⨢݃ĪS 'xOɯy}=%0x#^juhvq!?hM5!GM!̿zDxu0%߫h6`<-Z!SλOOIlrzfܭ-K*20U)jxΖisp{kDYX2{t[5F9dZ }/1Y`(Sz&5NcOͩ_EKZt t/| k'1bsDxȚlUb5r iv2ReNәG B R\#u}Y)&.n׏yKd|Qdi_/ccodShXvJ(pL)\d! $b/m%V$1tZ`#=SҢ὇0*nK1Pb -Ri G˧l^E2y.>t磯a-JSl]qщ |kB{ENс0,!”к!?tLƉɱݭF:8ר7Jբme7([>fBFE3}wFE5˘boReꀝhEPk+ߎ:_UΚiOܰ,6J$9vu(aPq:5B-e09.߆V6*TmijpuRh4;YK:j]*+~gmEñgk7Zn9b+WASo+.f(wܨ@xLn&40FXp.eiUfrP$⒵:˟/@N㒎4 epy)427U.^ip߮!c+C^?<}B5o!Ŗ)5&s禯"7#@iǰ̞ D 4$Ð9JLmAk8f3Y:1\5o>$KO/oL$n]Syյ R6NB]sYl\6_&C\"l^%}K |J5BaUZBŗ\;6I/aUJJU_4`XmpCL8A``H)Bn*/vto_ P}\ Hx#LY) ēŊ@J#|Ԁ2U cU`9y|jŴZ J-@Z|,s~&HZ/&r fbH`HT|Ԫ2 3r] j]ʩi3既+MVWt|0JjETA'4RWvlƺY#V(oP-tllYY`n*2S/>&R'%} &Rg/-\7Z|t; n@Kg|AB6Qǻ~m{bV Aj\EoLQ4g [Gul D Ϥs4Y."l7L" ҥobp=z0ʯpEfRbrm,Z@ui_9,P?oc3T03HdfqG8c)X-6ufi_TKN6jQiW]fY~0uzgpTo[VW7 )J6,Sr#e9i7=XS_WHɑ: 1YdC'aj+BԳ0+q OՍ,H迍}sOS5~4DAzî8q}a,d_,P%[ePC9Ahƴ}Οp=рMZ.3q5f;;^I9\zMHftjugg^WP7V*u3 [% +NcL:o[0m~ TR28'c@H- DbWiՋ[OZ6g떮< 4$`dia}a6}_OmiƩiv ?{rR櫍Zx-T=~pn؞+wn~"8_,G8aO;(b}"@%<8jAK\AJSS`;8t8-Gc_JW?`}F%klvLwl$wU*}fN)#OJ %葒UK(o ]`Xjx _zdRG\(Vq4&P|Lڇeڶoŋw%Q8O*I/F#LZԜzۑftP##z3 Gp @5V7pvꪎ2FCCSiv6Fka@ AaIfx[06&5c2ʠ',3ߊo^s.z;^Z[Au$<=C)2?oS2`$e'${iY W1C?7z9ݜM'^M7aW?nzo7PL@8ZI{3m~F_ n?0j;c:_3Il&f 6 HKB4UU!& -ErI2vF&YMƊ`E)붟ԡ#oRP ~4?VЌ n{ϱ]O9?C0f,b_ ׬{ўQ;S4Tsmzd۲xJ:hH㢪 5A2/55_bP DZ 0 ''5tS54O4L+ҐR>t0PjpBHɦf=U7"e0je=? g!0E(M2.mL&~(o*oOp{AӼ3:d]$ cCH]Il{~yT Fx (IhBӸZ~8S1 eu'a%r)$I(bQ[{c> `F4 Ϳ>- m6mc=hՄ}?3KI0VԦ,Dс:n`Aϊvu4k6n";?!6t]59ֺ*.AC]*TʚsLAEK 3<l*-~KgBcnXM (? bnVaї gLŎ='"M6>~al>_ƀkry\GE@WG1@9rq2ns#QqʼnMjPb'K, <+ LM` q ~Qn홉 {n VyKx c<{.0 7gBU)/o! (;ϘQBKnz12b)ug%)Mlrd˟{DlpWɐ{˵5̓|2'<=?)A9+vYo,+|Qi-M_g˃v㺉..0,_A2eb9B<6|dS~F+Ou d]JBf[lߵmߥe1,0HKÉqPm԰y.^#Lq9MZ+qCIsJa^ 8^O6;bG}=)roCFHtW=Dú)Y56F)&Mu>PL_Ҙ$Lrݷw&cиG>nډ44tH/} [IgUC>vWr?* g>E0pNfE6~k +=l F3 4̩gɜ@!E6+˜hC`ERqj|8 !T527OgkCWeDUFR3pu@zWC '!-(@5U>3V_hy`UDGNKi/e֙k}34lxqpBCj]R8+-C'BJ_Mq"P\/yGe&YߌxzjVo!7(Zcd=cpcX4} ] ?;d)v-2Ճ=D+]aB?v5!CDQ' Md=(ܦ7\EP/j.%VW%/lnٶ`J$g 3JH'aŒLjm"}kI Y*Y9H).N`>1jõ''E]Fj[砽@&θoZ*Ks)Y=Ԭʅ9u;RvA[QqM*ylj¦ <;8\=ݤeL$\'J7 Kr:{ş-X=-%'/-\Ofot@is!"!̐ Jd8D1f0ڱ⃃c)tD{s@?3^oH/Ivu{z _ϣ Olsz*4][i/x`gD=eդ;aA˔<ל;PP]J6XҠB#ߦ{Jfcʲ>aUӝ2F6vbv`B5TTݐ)SG0Y(&- `SKJ}V'BJgAbMY݅(B ;~Q xAoe2n"8*PdӲCVnhW< i_ҡlJ!BCGeÔJ^t|Wp4O46.1qư ,d$$8X`MKq7fg^Кk,9Fl-m=wU&Y2KqTp+F-8D ukO Luj*1D`LdU2zpym1hRFՇ '}aB}i`J1=^B1=~ZT,L 2C4$oUOb'Dp0"{ 3ܤdOyg,ݛa)NM;63>9tc\&$K-\dQGjA'T \!e+3;a5TD5`&d4ޫi@Ak;ONsS중ӦF6x=RZ~҈n$K<[bdٱM- I;-:SH²Y~Qmcv\HxA3yR^!>5OڟLV#ZW#!R iX;L$ T>u?вN-\H]Y(+'avtouiQرk;n/H ~[]G{B=m;f Rz+, ^cap T4gKip w'`ک@Σj~Иseg IGlinn\W"T'%-S6m~,*DAp; `Rf;^|}3Y5C"S٤ mnaCx7/El"_5tw..i+mZFҧ%Zug0!,mG}1ze_:/ƈ{x&+DxO8|05?8lEƿ!nh I~V>:Ga78"XudJEl_3YatT(>X[l.03[eX4:Vpg?Bf' Q1њ8*򓁪LLDYd4wBN+J7- .—|\me+KB՟ ?CRW:pIov $f;>?l +JpZM͝&03qIjvYůY?`B$o7F|d`W/ CΐNJu[>SH+E*%n{ K'm9zOzT(2,F4ER+ Ż 7'P[0,3B$  eo>ëbP9.mEƺ2&C_ _bqm @oͩF(h=UW;06\s:yX.C>T)5HF]R~0J܇6AdZ:4F3q.oYu6);O4ŸΒ #1ǻVYR{Og3%s2Ɍru*twn~ |i !3VJN%KW_[ZP23}MEXX?H /{֊7,Hlj!ģq@°7nIHE#=+!އ8jز]fksnlׯ̱zт(L#kUuawXQ=@͊5?8vC!YzW}nT[8eob\)F2+_vS-P.r[Όv }hz @bBܰvy1Y ]E;1ЬNk"L}ơ%^7riEVW!o y!>FV2w=R5;_j䂎UpL j4bh'JΒZʓY:gk (KGGk1hjfUa4GnZ9.n?U a5%}/`Yc[Ծ4 r:`-оYޜ)3$۲Ԛ(w :ЍV/S0;$ѱ,$>(ÑXO\N#18Ȍ!3Q$OS2FVc<(\FN[jgGbPצ^؛FqB(XLxWg*ٹBC+7EHP]I P@Țc}޴u[-bH2 jOf8/nfiH<H2?&AܯCJ&aLsr{_=:xJ_ i"Y%YRY xpS ~7h[f,%gew)+*Fʎ@۷!0bdz$6ȶ,=ڇs! s9,Fϒ&|l9(ܭף<2O[K>_}{ř9@sMp{wj kQrKښ!g0o9^sS~(ck@v^>w g򳃟L ~bcd? % fg2bAul=*74Mu*ݵa#% 6oa+\?ZY[Hdw3nG_[(y!ھ%Jqp/v` ]T+PTC t 9eG1&҂ (E_0Ѡ [^h|CZeeR t4@iFe/^]R!^„g*<;g7WMS h}ʀMP/"]7K73Y4 '&[JڔşkwҵrQv0"pWo`cx􎽭[qNvϋ` 6^b2B|:7>+Cj]mu 8sfeϣH~LgQB5}AR b gߍ㝹 rI&- @~JmM0Oڍ4!QS]{kZ^yU cם<ӂPr\k&S V6滽$ޓJadV?=(iS5׉erir~WPھ rb?_n>_i\pX.w/]^i2O%,Sq&(@Òb)\<^5E^j=S+ԯ@Y@2vh搗ci*;+61L_9нK1~Nd>mCjjCŪR|]ɏs2=Ғ)HJxBWp&)(Y"/VHM/ 0PD  G&,bQ[VX .hGW&m2;㾟@&x!}Ɗ2ʩ/|/HNߪL&Tz޸*:ec:ׂ <K=Sm' k)mxB*9Ip%pdgp} & ;M'eEeT{,05{|v-YRºUZzboNWtF a2%R{.D֠yh#-EERR0p3BXZ+x Re&׹&ߟ m׫OCRV*!W?Bo}nrWsPv#2\s8ӳRQG}CguSgJԶdluʖ!wim@-`\F*8 f)2v;3Wz%"߱6NFVoFS&iphKg^zϳt}wѶX:W"Xˏu 뽏oC09иC1l9,5}t)0ܹ@a>a"a?<iT{AXC1s? ɽpܸe0p^E0?A ě\OS"YQbg\=*t & F(Ɠ\ѣꥑJ _KZ9:-+e3G15Y~7'-rd $Rs6JSRsҭvO7ä#F:g&U􆷼mp bl?o)囅p ;b-;lےֵa=E2?ڈVx)Q\ Mv5J xqLe6r~v==V$UkRFV4[`̠nx+M\j&!HMK7G)>Ϗ$V;}]PXA$pgg{EJ?|:6h>0ڶfUH{;Ls(5to|%qāe?!XiT7?DZNjl1_! В4)"R!Bc$Ɲ_h_Y}Y`|΋z"zG$>,aג7JAPGwW@wyt? _~N7l D(TNZ9MvvՊʺ+oX_]@^*a`WJt^ !S_D#/O'Ooi3Ύ6y{|4/4z v{V܎ih0/ەj"d̡T!`Y&4{">Av2bťˋ^86c"qm'-ᬲsrL\UC7zc^('$9N1Tŷ^"zGޟtx%Uw_ }G H-]tw]|V x]NWN5쭗WfGn^aÛ^E P5O{BTa&j轚5zG+dz>E$…Dѽ'Dal0jgqO7h"tNk 3[WIiz b* Ĉǵ!plǂ& b%Aw _\~(Җ]1 2hFHQob$q,`\_K;EOм w>͐p;1[ h6L ?Gz:CoC~>3YWHO6N[';+خ;OVLbB`ֶ YZ