sssd-krb5-common-2.5.0-1.el8 >  A `ç}U]HTMe!}F{"T"(FNs>zٔd{ c'LJ=9@X~ÖhNʐK=uzq0dtH|G jr# ő9󘅇lh'BuFd%),Xܔ -&}0B6 XyK"đ9 (˜` ]Lojp@r 7$WT*(ZJq+ZN -]~K*(x+0! cuQ+#ĕ36|-|`mK4BHtm ÇiPne?%sb6&h^&h%W4ݡ…39XaDB#w>pA]?]d  Z ';X^f   2  D  h  1      Dp(8 9h:\f=W GW HW8 IW\ XWhYWp\W ]W ^XEbXdZ!eZ&fZ)lZ+tZD uZh vZw\P x\t y\']4]8]>]Csssd-krb5-common2.5.01.el8SSSD helpers needed for Kerberos and GSSAPI authenticationProvides helper processes that the LDAP and Kerberos back ends can use for Kerberos user or host authentication.`åoaarch64-04.mbox.centos.orgCentOSCentOSGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxaarch64getent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd'' 0KAAA큤A`åY`åY`åY`åY`å1`å1`åY`1`å(419989fbec9426cbdb75f5129b5f843d42e8560a36ac61e85f469c8797dc62caa89b505d5999ad9c5986844355a63371261072a00e2ee0490de0b8ae5e59694d8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903../../../../usr/libexec/sssd/krb5_child../../../../usr/libexec/sssd/ldap_childrootrootrootrootrootrootrootrootsssdrootrootrootrootsssdsssdrootrootsssdsssd-2.5.0-1.el8.src.rpmsssd-krb5-commonsssd-krb5-common(aarch-64)@@@@@@@@@@@@@@@@@@@    @/bin/shcyrus-sasl-gssapi(aarch-64)ld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.25)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcom_err.so.2()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libsss_debug.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)shadow-utilssssd-common3.0.4-14.6.0-14.0-15.2-12.5.0-1.el8sssd1.10.0-8.beta24.14.3` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh 2.5.0-1.el82.5.0-1.el8.build-id53b2ae2348fa0bc4557569dcda0ee835426e78fa73f074e318c6a6e862704f296d5e580c131293krb5_childldap_childsssd-krb5-commonCOPYINGkrb5.include.d/usr/lib//usr/lib/.build-id//usr/lib/.build-id/53//usr/lib/.build-id/fb//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-krb5-common//var/lib/sss/pubconf/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnudirectorysetuid ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 3.7.0, BuildID[sha1]=53b2ae2348fa0bc4557569dcda0ee835426e78fa, strippedsetuid ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 3.7.0, BuildID[sha1]=fb73f074e318c6a6e862704f296d5e580c131293, strippedASCII textRRRR RR RRRRRRR R R RRRRRRRR R RRRRRRRRR R R RRRRutf-85913786b0c94035c3749324bd88f28feb605a61f7bba65b100e46b2b0575bc3e?7zXZ !#,x`] b2u jӫ`(y,xoIkiqg9C(/o|BCj‹3ڀϋ >ppV q"=xP8Y!URP) Y]w/`,)<-C5fn8P㟷&]i=rw?ԉ3vk,k*F#@iMzh?~{&LV:A:a]zXwӨݏw X%E~Iפ^GF%@J^& S1%)17^r eQy\`DU-SKw_]}%hr\hxҝ;lW& F} x.^ZUM&GnbWXYF)xU"y cWn*D>ܘpHEQTH~ rjliʂ;oCb7MZiI#XS˻+w4ΔQdx.O׈W7D_öF6hq }7["ڐv6gm<2uӞk/bi#NP+'RZ,gt71g$J 8xz?˴[蛬js *nyKzze}/<.5^𫆳hiWk,z6Zl&&͜ǁ=$ ^vR&{&ոm4(y0m0jahuxan2$o=d2a;`Գ;\+zCTiHэ?w'=n1+VFݦ Z:d2U^jo!/^tޥ''aUް@ KddwLg+nbc%A(eV5: mQ#0n1!ꕐ r-SQevvR!^݁c"d'7_UgrG5g$dt Ήd}>[crZ[cZSRV>R_Gkrn$2/]^S3Y2#3|풓 Qu;nΠ0&N̷;)GFǧSUD5i6S]$Aczdž9bPr>¨o|(➄Tl/{.,rMK0Ζ; P=)M4Bj}SwxD>"ɹSzB~Lľ_%zIS0iU{b۾ kKCH5^%"@M\S*!qli(OsԹtm`gCı1m~; `ܝU:eoM[݈j>]Z04OVo076"Ycx&rˆR)+]=𑥜*xIcAktbϏmR/PHX`SLEa=t: 4kϖ5LX5"q^ZH`3eR _kXa>pvAK?Ϣ1Đ t%{Lj LvEe# XdV/ߨ67,| JlMJDDzV{B <ۏDòw ،?7e}),K $'?*pҹSp _} ~>aɹqD sv>lq0d:2.lpxIm Ws]zDۖ=&¡[b9K_Dة>{G] ؾ_5)(H!Y qfMImxIOX\a"azyTlJ:?vNNd?Akumj2*18~8_ܑh֦}-] j%.m32C  7L kvxq_B-} T9v&bf{EX{[rJC(&SD=dznT-R"5n?- fn]\ɏ!x3e{<9*mmg]<J[Hp҃_jKIeNa#: #a5lQ<713\qӏvpu+q]Q 6OqI;DJ?tyvb&`Xv&Μ) f}f2_0uM'(jÂ#{P/|ImiKݳT 9QY+9s1fmƩ֡>=%(h0]|`أ;PT> vjl̜ w/VG1^Zbz3zgؔqv|e РH wBG}<~#c{+[Cm,_1}/tcƎ--QB;p¡WoܶLDHbuLDOөgYxx:~+tERudCz\NbG{,ancA>FUϥ C%MZ|1@N./x`rݘweT=_oOְU/Ne&oO>SV(쇻>F VN=ol4$3Wjd,7eu*B_^ 6I5f%w~'ߒerQ!s&)Te!N!aK<T/" ]R=mF] (O ,C8͇m]8z%[$NGBًzZVJUռG)d1g?ڞ%aY\84Iaq #[fbq`EFߧo=޺/dĸ"iكػ\[MT 3cIW~8HbFgJs9hpK#.xRɀM0~ǾDMqfĖUZ8<>EuᨧA)q)ϾHzđǍ _O1/u&0GL;B '7d;P {~%X .q*ȡeKy/ҺWCyD0uq$L{N.vN .d| #C"m ]Wn&flî9W |e;nO3/@.U{3Ð `x.x;ڪ j܉L&p/<Ўv) _c-=Z坮;J ;a_d;ijgra k?0l jCiO,̪H$B`!$$~772AցĄ~'%CSebcs(i $EyFRolboHAټ/+y's"=w~90tU%fH0B_mtǤ i'B0%bhG-DIMgt5m[.b^e~IQRaV&%&W^ZV@%saOY88Y=}|Cʝ癿M{qK_beʠP ÞÏA!3 K(֒82r"VGjWM=)Ģcg';1U .t[=Ēf+nk uȟA@7Fֳ|˺?I'q)L6 Ye͇OTHtcsaQC_]MIb,vDl,M+ [hcx" _UIȊ(:V 9%x=<,]z'TjXZw2q51'Uy:v@3Mn/q|Wo/>tpX*޹ܛc0ng:l_iIV}WȽc8=Kg.TF#w VM'66GnRJu0( \裐$-_īZ*b@ 꾍_{?ΊcXQU(rD)c*f k1\:w nR– `dܟ c$149˰+&I.LH//F[Mswxyd8TVdB{YoT[?48}Vc5n?g ni9q}ZB? 8v ʹ"Z4`L'~7hj. .&Aׇ־y8U+%pŘa\}eJ"}X#iWh#ﰏ?/]I1æCѻz}}ssj $+Ǩ15—IR&'w~,(oc 됾VSkh0h| L72i7! knd A`¼%{LgK|#*0j5e}=XMTm& mΕ0CAWA!Ba-Ÿ:u}vw@KMꚵ҇Bќ!ђ&[UBOl>>c520qM-,JKp仂b^;lm1N4 oĥL'hlwfP]NmBnedKuc2G?! Ƭ29 fabjFy AȆQhY2hRw7>D$j>[}R3yU:zzs2G~jSX_,m.Q`(TMS;$vj|@}ses.l#댽4pnp H$|a>'l˗4{qˎ |[<щ2YPFδ #Ħz e2 @x_P$Se2c1F 1!-Ty^ ZߘpEԯGRKXԚWuL2 Z~E!zdi&@aR xs?n'5n=lCr HlvM0@V+u|~zjv|.bZN9)l,lf:] ,Ce<80>;Rc웑AW䇃FYMj⼄`:dH9FM<<$'P6dNgV/s^nA]խ7){\ 7:yޛC@ر/ކ;򂤄1,S!]4RvS 'K1gx?N 7j˜Hx~>+X!"mCCJ~*dⱧ]u޽B!lNidQCS8#{BфԘKEc?1"O %99֖vQe#jg BJ$yW3\bp+}On=Is[O{sX?\ܣO͈}k㵵8㔑X~m4oE*q%MM+jQh J]Ÿhn`<'o9;$V+RGv7V`j+j_u>{ŇsD!'%[wĬz퀼ܯ~aG&ZQ;3>7oBvj>t\%yLM1ނA`H6}Bws/rC\2˫3&W $cm,+;JS9ʯ#R5g'I/:]dxEw=cH~lK 1/mc eG(-tT ?` ^^5b]s>$wq oV/VR̗דlه x=zrRo(8vG٦SV#6iJOcڃ:q`Y[^C>c􃶖c\0K04e1κMYbY.W$K/|䋬)Y6dH0mVz ZO}T'4g 4"N- E⦍dHќ|ϭ0[cEht8wʙL})ؗA^Q%H 5׀m(54M[@%O8Gu([>pXṉap/TDG\h9F6`צ(ѩssxbhZ -' V9;/yɇ%xovIDʥдlÔ7fpx4aW#LDQåV&KyEJH">"2ADpf̽JF ١t=?565PKظ8Ӯ?.v_JEރ!"&G7 Ŷ)NygKAt6' Z&J'`uqgajq Oq!aդm~O{CPV۱4fU7a?GvV l`~_ {v˒߅=^+ JtL\,Q 4&Z4¬ ) !1TbZ8S2 wnE/ n~&M?3&+(r3 7itSD_Pfk卩J-~^#}v%1Y݈@&uP! SB_„uO-h֡PS1Vq1; Dv차F[2 T90>hKf_Lb0uO_^j],Ę1~L2 yIե ch6*ܤ2ˋ(oJoXbv@xrEьO\F" *ϿMZH`4I z'U:Z*<$&pO4@< %LU-ȕ cXBDMrQumB8X-T w0ַYN8`wk4-BK :d@2)fc%byt*K;D m;ƥigYY22Qػm¾5K1N,}2uzժ= kP)e Q - XB(F>>/0j5τɴxI<4nPk ,je\X6idNdd 0 jMI G8T XF* 3YRh"^8JMӠF7}ʢEJ⢠(})\څ_d2@Ynbr볾%hplRaͺd;kN(A'=gܤj"_bI\~0WaDMv2~f9R =԰+֊X30aQD6|l[zr͙C3kV}7( r!0v>lMvMe3}oe"@tȐQ7Ɗe0*]' zԱ/-Ӭa:ƿtS=镊LI'W0GoSLia^B#*C;qϞFX숝' j HjSt8-ҏ77nxf `;%];1C:AJ?aۻؔo9 W^h;^FG$3E loa,5Sf+T1银 >͖CNz_IfDo+6&T ozI4H!bS2~*nTE@[4i=u3Ż=*ukVm/n)RA1"YeqS jk_yù .#Ϊ( c8X*H?)vtK& Kٜ7iU.vVJ/`K2U45w ͺjEOOZ89Udt_92 x=o}؃tWϷ׭½T g㨑\;[2'2iŃijnBX,Xk1IP^wNח!ayj K3͛Rik cf)hh K$ӡ^.\AL\qNX5XRjN1;h$xw34σ?.ȿ7 '޹% HDVG2fAQm2͵g.N8FȔ8K)Sw7&4e˃%L`|I{$4DnpB[w%8g~K"Uz.z ķŀ|8c+hRDWQ]Dq<ȜZQd]dWoҁt ,Uut@[ UW OOaO)0:=*ׇM&J;IPRuwu8UnfHyx =g,==,@=T5=Ѫ„ib sOD~1@&pҎV z(usPQ=5A]0WN(e)G9J8XYG]7S0Nf9ߎ'SڢxGxk}`!hl ˕;,*_zsiUUȌ,QZN'੟jL&x~>)d/@H%aI9-Q2TKRZO&ȖJGCKTqwCJLC{tcPK/-c=u|nԏ ~ k&Ż]p"3Q\VO?캄mK#G0[J1XNc/Y%9H8Optzy / r0M#9K :8}ʄv^ L@V@O-3Wo b萷o^gLK(2YPUHqyGF|0qSL$@Kĥ T2a?HXBl@VyC9ֶt5H,n `9 `D.ȔNmo])$ CؚQA| '6A۵Q73& SC{`&td0\('Vl VQp0Pˉ4d":U' E},ަ:YP~|߹ `s)ʹ ByEaoc]ޔɥa¾+4hÕŻ tC~N>cȲ r9f:G^fs})зz%Ѕ,4;QkC9S?i*–3}5bM ࿜>$f &_ޞq2{vWS㐦统K%lj|]Se$؈3)R™Y,٭1; HܲI ^K#,ZvrJwg>FkHy  $OSH-6̇>bћbdgT̋KX(J jؗrw+vwrBin#`V_r @|i0uVIx/+`r/)xj+PEҩg"0" ZOWA֖%IJ*z9ewn*:aqڦL!iZkt4H k)bx!>HWOX kz +w@MgM(D%К?k/eD˩)lbC;e4ujG+N0P.^x^x %tk\^<- " 0JS.](r^֚~W[A:hCEEնl~4VHOOt%!,n MGj0CաV@zt,O>عې Njx[ v% [qzV.jt~F0-].d)һ?Oͥ= ME&ùi=v~v6X%g켻j<]@??d-ʾid^4O,a[ȺˊgTA7}Y\GHV?h3XĠaUvB~YxC vS%]zRwó, ldAy킚hc]'jiUdT[ToU_*4YZٯZ@2\CF$4 UqM񃞲XlϜͫO2"N%B9 V}_Ng}" Ə}4P^'HACdfDĴp]ԃ=loᮥGsUS!5j:AHtwifhqtѣ!)n.:Gss)Ff!r ]DV9YFA '}*)VрL,TEOO10$桄u)9Ϡ=A0@P3 u'+GQI- ORMLٽ!/-Τl3F؞vltnh3o!iCM eɅ~t9tŞˈ{=:C.|rtBTϻޒ[ ã1ѥk&J"_+SD vU_unO(U&<`P#ZO?h^2z qv;U 1Lχ e6tӉyKSZ:/a-N7-,n @ZFhUrCO&=hRt%Eov"Y@0{](À>PEgx>N*Q2WP˯g {5P$">Af54~%i<ATJFS*Xi2*Ip_R]ͼfUnn1lCuhZ^PؒZ#v~6Kۗ:j^=R>?7p.^7y?HWZb]bK{o1V0-+H+$@s0c|xEs27 ؏7ַr9b|&$ixO~j(& qpOȉm<(t6eI;({cn,1.mC=?h$ UZ=&s*۫? WO#=$7>[Aƒ{M&!YCa{U.osGٵ9)~UVMY c;?Ю9!OyKW@jQd; AUCr -\q%N{dŒqjsŷH"}W:yzup%/Q+K%4נifvQ.YezB"ƇL#@U^h 2Ӿ-9+U(`fl2n͈,HH\G( FtXPkF6Eέ!`HX֨$Y8AQ~:-ò*sWlZ+tX˴"ܻp% V>a vQ0Q `ڬUG;68^Z"эzuFaP]@7''/ {̛~g+=-'l5' OAXmە2Ǿ"Ec@g5^(HL23d%*?jxL1EU#D4زg@8hl'J d48*,7Xٽ,QY*J61ylkx"IsxY=s8P7VPÊʧ [g|]EIa>#I;c~x.)KWB.%dgSN32c{D%53!@G@uC H1X[|^,۞0f%B0.HIf[j3@n6pЩo9TP^ҸO34gTw/aB"]ٲ28tIjSzsaS8 A_*6^GUp^A &*xh=r,l #VhWkLE Yؑc.M!ǚ)jK2$忤 Dmeuرbګa{.9a<:˔pm<=+ ɗgBss.,5jߤ_*57 =xQ2v;pp6LybI _IfjbT^p SoN^ p Նpٸa@ ՎU̬.![BaϺ q)HSt\RpMt2b9];LF !ރQABt;#UNTm'G n0 KPE>v󏩼!|#z^ϏJqȕ &!"~͒k{Jc4[ vd=}VTq#1؀A4U2GuOǙbbD ZNnŅ&*X_Cː£ fz}_p<PC]8/R^æN:c BCMA)3(+ @m0б(Cf ϠvrJRsji:J8t6q苞}exό7ylҋSS?jG_YℲ2lk(tB-fS9< "†HD8szo%~g?tk8^Mtx:$*r+ENDķUKx dP|&^zʀt(66c@q`jS -~ki7wћt )Ս`.7ʬUZdA$U]II3f"t!z7?;*U0/[c.뜱@C$U*Jj"+@(PGMFS6tO%mIٸU_a 6DK2AMROjj`y= ^TK$"$^]#6A=OVͯ~e l6e$ $ bY'W `| VX 1$p^ mMrkHqA 7y=$Mj/wW`@C/ւP,<[FcT2S2 ,dj<ӟXiA?BTS9wHѱ/т4VVt>ϞhK_|fO…^nYqۡZ3]fD.SRC*ŹN/6:^+6-4򙥎'f& ﴸ{GL9k! Q& P"*BwZKMhB% DIͦ8Y@}bPɁC5م@lXY||jL_"< ӟIyCGǸTE#P+喋"\x }7a2;^ ,[U2z)-r$wΰyXn۽I4ʴ }-_k_H&~p`x2UKEf*57xJfdVzXTLo&! ސt7R.smX!WG Q2"O";uqŦ'ZPĆ<{oů':ݐSY aWq>ɝe` )-w,:0R Idwx0#EQ_GTW8`hFa5DI>~17ރIg+hett-.,{z670VABj;p^8\}D 3+X*='$m^ݼlyft qW]~ϚBD% #"0aqY@p B%cd޼KO]RXL/ &0@ĹDR[rz,{&ue߽:RMYIJ{ˎ`7PJQ+< e(ޘe.JcgSgkF+97(՚:A?. gh{rI!pSdCݤMq  4x^c .bg%a&]-_3+4 "7@ͮObCE-LytZ7d(~~_`UuS\X9#hL8Aa.nO| M}8Jw}/sAtٜ6O297b{67p@ aǡ eJ󵣏ֹDv7Ӵg!A$2+ U ȓ>ԇt3wI߁q)2XT?YsHlKZ0;`;8+x,fPm;U\@*߯>gZ,5&J7'o`b{sqEPUvu?q W7%Fk%? \McN1qlFv2zR8se/%.@Z@M腾7*jzD]r{1<,pk[]Xrlru& ̬W'謿&di&i C1Z޶I?ϙo }2^t"-|R[pK^Jpy8h?&]_&gVڈz5%!DV9t{ 葠8 Fi^Й*V ^dX 2޵B_@I=yw3d}A:J̌QN%ЅZ6k+Ӛ,=6`$ԦET*H6OWSg^_ A/, Z6@sCB`b:j;HJ Oa a9UЦ"sXKp`͟8:QYW PJzP2S~ە41lg]0]]t>-6nkM[ª`RG!- D4rqDvxdu]RF!*$`k@8Ҿi*:Empᕛڎ^R"jV$ƶ Qdֹ6; %hܛ9\Xi.,8 bJQuo} =%Zǟ *2qd 4`?bN$UFm oRQg#3el3VpLܾ)\9Pݳ^vl"[Hn!^cGۂAya1T'шEqPMdoЁe1LZ7d&]$E8NW`ӶENxS_3j6аJ#L ̐]U./:VKnju_TF[dE%XavZJɺ\/`o NՈvFS5* fꇾy]@:AK&pkJxX]D<d`^qX>'m=cWl#Dv #M/g5ݴAdQl2#w E:e =<ܡp!ű˫׀z\J\RKԫ1,: wK4*t0 sIt]kS;QvXGr.g'.8ԦP:| ,W<.hT$dzh0/=t:=mTq2(\T TRs%gxq2b<gqX; Ֆw)HxE 4`ۀm~1dZ4TB^|0O*cÍ@%Nn0v.aߴ nĭ"OjE%Q˭@G'z>>b沉0noDyB '7!uᰉ8^ϸOeqAzMFƘ~ ${Z1UA'^WmNLUGlpNͲÿ : l]ɻ;}I:r>ncIL /GJa-iJlETہž!,NؗUQC2E$pzHeD KcH"ڽyO<}C3/47L'ُ5D$ PmnЋmܧV/.7{*H X99oIv`~2m#߰{,m뛎 ;yg%QYhYp i57b]xf7M;OushZRRS@J&:H¥Xnv}KuS|*LHI&lgr Da] $ZCRQեv+ au;?kd3,̶mzܺ${b˸".l!^L:ٺcvFl{ίjP@CXOy)n;V < U EVn@.<T@yx᧪Z1 ,Aȋ X.^ }g-J/3ţ;wгOF4lo>h%dKt/Z/.:y-0Sa?˪:\V\vrGP aDz"'<| lS57LBuG)M2}'8xdZ y@X %aȟX/5Le-O Dm[X6~\P| 8}AsqEl_9f ~`e{?d!*$m 1rȦtSS3ס8[$Ig$Zj#ͷ5ѤcS;*bN;=aD!uZ?/.~ /fm/IuFunwU!mIX>]Zj!]UKJҾ\u,-}hiwNTi$10LhY rzwQ-$"A>e SIU/ϔw/ W DuʹQqeRWC@. 'Bhm|c]xɛӅ/cGcyGgڢio 4B=vW%[cGz̀W>-YJ\Mߖu 2IL)aXb *V?zJ`l sf퓜un{Y  \ Ne䅏 jte: lT]_܆^WiBJ4!* qm rz/ 29Lo"s IF{8ե}=J*lJ=el輽*c%o SA/'d'2u"{g`Pq-H$פDlXTJT}dAf={HIEvk)шԩm1^rk}juT1Q֧]<^aU^zcgfo>4rRw5Dpp'Z!E,q= /vcЊLeX!lXzV f2z Ւ29܌z6 t sw9MwB%x:-hCXK3,KXJ>"K 5 KJLepʓ$f0¨Mz :|k2j="(}pvz֛=GltiٌjX9ڵaEhzRooFKahٽT1ϔm-xcol0(h-RFY:̕9"48Q#:c<t]SA7.6h29(*FK# spUpph2V6͙HK.gh*8 @5ݷ 7kr(h'@w$`8vK;v8TPя/VzB2A@I{`)XwޏAdžG.lG 7oUǿ1B *iCG~A{1^=!^.ȞR+webM`/bhrE0,3;CW#V&! eNKVOJH@tL_pIa!H,[瓗1۝ JWM!ob)p9#,004D&nkS&h=z|MxVI%gaD!5hsI݇vOhm*HMs+yԉF9aì|:e4 Iybt"Nʞg{~:$~HC,1H7a'guے(ɧK"?^?R@ G+L_㍦/=2S9fO8#ljSB(R*,7>؏+`O" c${8ɪ H!􈦫݋1vsocľ|tS"& >\ }4Ϳ\YzzuDC^4 V൥5Ծ^?cU{`blt-4^6hsu:9f`F^/˔Swe3)d~WbN11OjcFS'`Vry~В=A˹ZCʈЋ#Qn)v΋3>UrCT Ҹղs >}IDKTFP4s"(`H!{چ 4wq+3; +`ma;?/ z폄WP4Tq"t&nDv%Q`JLAR:6/1=ZZ?l 1߬T8-a/*Pz)\GOOZ!GIbpd"DN`4sG "t/s% /) F#]ׇn`7o%+-$VD^ךJ5T,uߢ$dH9ᒚ#}Y`4_ AHf]y3/1.ǑJh9l)3P$6lWNEj8@ zt g͑DY: Y4VTFn]y>a'ݞ$.ФЦ8J0u7&aQ=ӏX_H-l`yG k ^RCd!/g`rDi3>-v,k .3 |$PvEXb~h%HġlɭC.aOB_Bèo\GwܖpFn?YޑkB^;JW>'3\m3ƣ[c3r~?:.Ւ;wuN'I?z2Ai=GdGGxZW yS5a| tb\ϨK#fȊ񲵂I!ų4v/)C贕+Ac@tj]n g41 Fu k,m". .xP ?/nґ-RYܝR+uIi^qoۇ+<gf ʕKEgL)Tge'tBF 99|"׭_ձ/CdȫgB  *AdsUuȒeҡ~79WVk"fAg_!A${KSC@~.Byy%4o UUEx}3mKQJ_@w6#mq21 ćZ5EFy`8X ?^'ﶿ6|QoO{hv>X5c-E M4 B@/\++bLO&޿±Hr-"{I|ԑ"|c=*8I!%]k)r=E1%aKHNK %y @:ȇV86;`Vp!X6HUmՌԘen}mYҤ1 ዠ+5xG]߰ 4 4DH<+|uxѱ [1CϘO{#vmM.V!JED'( HxJ(ݫd{%rO$ P5zA6넟`K7EM[`yFi𯺦,;-Di-2OJPq ]s%,8g?[VN[.kQ~7[J=P4z`vJy@FOjOh:23]a$֞DXO1,yGٜ%msk.(}~qgB-> ;[9U!qÖGLBytNf"Ow F苺)GGf>k2jaR8mYJ3(x=bHgAR}ZBf2Ep=NꓟE{a_ SCLi߀= Ym^<j@CRq)O7} y;HT7fG\bxwXs1*X e5Pkr!ClzHPS`tKVG%f_%C6,-G?*ՀӰiY#h̖DMlS !#?D (UHZ+?$0dr.><2֫}Z ɭ߶_8.r#3Rj:c)>u+A3 d<.` zM8/KD\UeO259!qk$Xq>J=^ wx^ [c26}L<Adސ6j_xYq ?J1̀cs:1FJCZ9zZ"i$ܵM˥Y.!.YA;]q+w]O)H\Vp5,AH 2q/XeQJ0?yjPiYqpIGIDfh[, 7UhV/VQjEg65ziYl! Bi0b*IO$D&_LLxt3 >YhrzD@V:0d :ҭNPWX#~ O=fњkߛ<]=.He^Lu NAsAXXټkO#O,yZ`HUB/vvqeh^ ƈeXV[ l6l!9…1tc&Rf Plɐ` O"rrA@-,;ds=9Q8sky]E}ILU֢o e`a5IL ž#yVM1kVe wқ4ɔIqH-l!WUuip@ zC$8&3D1dMVm7QRDDx_;r{宱j4/v݃bjYuNWjMbu8J [ݵYNʴRUNrK1O.Sb4UP#X5>-;@Z lmg]֫yn<̵Kd69Mq?U[> L1ˑd~gwmAWH'YڟvW 4mYvJ*oyGN3@@2?G Q _Pb_Bӷ͠9[""^"!ў(aŝ=I}/w$Ї˳|L=G%}ZC .6{w0#t@'pϮ8zUG/ճ?0H%$ ʡsꦏ^xMn)m#Q15PnPn՗\oE?5Ң v4xa,=u '4U:\_ E2R~PRhۚ۝<"Z:Z:T^Q5QUiWlR7x9S"D)Eyl!Aצ" cQ!)}.]ߕ#Fnv__& db0tTQ ݟ Vb.M()#2^g?qډ;r8l=;,px,D'A?ؗ#I*,䐦$ڴڌgq_[*n]MLpvuS~_F!/-8-8!ejfu\k8cF5[5ڕYo?(x|0>iЬCv{lix>¾{uYm q3_}{b?<[yJ3s-sS,ᾊCwFqPHȔ>^|gJ*vۭ(;r Ϸo%p0 R>=$H]JjuqO KյD88y(W1^Y '9,5$Ϫbbgl$=3(u(ss 5o9z6q3RU~8FN{:¡3z5lN>G{ßZo-E[")U^ic<.6̿2C»n[2g(u@E G. m??_YL J'7Ԣʃ!ܟm /-r  _ Ax:ro/Q5 iS.F&V5.=L`M$6.Ȍ`5EP#PYqrSUQs]X!-a-DRI8l,F8w>LX~֦9f ,EiRNAǪR#&'8^zLr`^ނ2_Eͩ<_[Ք3.T:vSeI>ϯٜR Ɖ YE9ͯ +<,mO*eFh=Gq^~r:mmk'ep0ҾQ_g,[In8zƼe% h.7-~u%KR_;ܷSh–S"J{f>Dd IKmQ㪎KUZտz>w^q7#  emiq4fex5UM&vuqm 㻜jqE |UbKid ݇_'f7 s-P>(Ph.?`/S:\ivƂ,%>+^+-/ dQ^vj崻9_w"\TҥwRN;]wPozQѣsuՆ m+x%Im1x=fFXY;v)o\V+=߸vȤ=LЃ= B$z$=_*?%,\:&K\YA,I8 2 Ġ( ճW ' Q{.⾂%s\D, )2 ciYGiHXŃs55J+c!q.v{=&CvњZܖB+3BDD=8ULu9,V\w|dO£t'8b6ܯ!2X18=?9 _{6doĹ6sW??a+^h1<`i}Nv|fym{Phqp+eTTOMK0FmjBc-(?THOҚxvPETJ`Y&Nld_LlƎqP,i=ꋞٔaxsrn}"<Eң/a5?4s҉kR^T'APXm蠪.SdlM+XCKBRJ9wP1JQZ;0rb8YcnGX(\1+3 g(ԃx#2(m'pVr0ۤU;SNP_jܪRjQD0]'u ﱸ[@Uj!zf6'vimul`pʈh4l]ml0]XS63$Tׅ֖/qy8n7)B0rq8 Џb!CX%7A0x[;5vgf0FV6s@9R+[$9X?-Ao0sҊqCrWx N+JGk3PU˴&x궇mT4%z?w$0WK:qՇ 06v6%`|.%}G*j =qun{xDj _XE;QlujDta(\^u*Qp\[m{*Py=RB?k3P`dz߽ie]܃/] a9Q?)w͌-S1wͻBG@ٞDXqf4^A6C+7.u{ ô wu& \V [\܉G Mؐ/ic|73YL)hPɟuESrMܼ=itܚm1Pږ1bw };/iqӤ_OW.ۚGifIop?w dUk;s|"+φLYB(lpWusD Xe/8֞T a>FBv^mQ56 t={b6(ۈ9#U[7P)Lo_1vr#E,FFL6 3O3G6 &W0†-X_,ǪgOH#clb,*!W#;\Q|IA$KJi)$F,ؽVԖΈHӀ8tp4L%M\c,jgzYrHU4kP^Ip4y,c*i֝֐7 *eVo3j>|l&(" 3-K|$4]bE5'NE%*nWL, l+XO5-1[HU3N`AOX)CV=p0`}m*{yReQ%yځ@2mLv%mK),}t*0ܥXI:}qG38`F٪fZu34 s%œ`Z_Z5x UDOod~)O|ʞѯV:A/n;PN_t tp}G 4Kp T? ML>> 9;?mļ&5~ ڔd(lRVwzeopm$'M$XvfN,J)yȍHka|e _Y2)O&2|*>̲s"^ ,*BiaczһQ ,=t/1'֍&6N(MU,WpT?" fT%;WoZ41T @L9XmEehSb />N_0)iחc :)U !'n4H/8h(2J|QyNS u`j_lN-9xD&., V Y@pFi!ѱ0] Y:/4)Q`9^)`J ]O? 0V G ];ޅ7\Mˤz8% Y au:7odEΞ-UF%c`ށe!5Lɓ?yO-a@)XM+>Z n*T$ Uy#H B7 2|'>2$ja8位O}#:#ҒnhqRcqWgd泐eYS003Bin [m/lzx%E3g1>J}C=z.Gn3Ue(QvW*0N厯1 eFv)isxSj!ʴݘ MmQ(}H巼mʊ 0udDcp36dJ+y4/i'pO+)Qw[]D$lw~̑/}pYVRae4]5xQ5/KqOּrԵ?GAώ;²s?Ft{ڶ9M&Yo#:dӅ$" Lzɚ8< MkX2J8so$YSMQ#GNU c5OڧnlW^&to&2D A4m~(nM2"?_ntKQKS}\C[9汢V 8*We ʘtd3]7_W%a=]E0z%!nEo(@r1pI&5SqЖ| nxs."fevqb娯)5å!]n77 61_AH{ h;k W$#l9t>-2H)'Ł-&/X&+-6ʻʣ<PIo]| ԭ5͖wsީqRs9*h|#q=09 '7vc,V*S?z[qtIB۔t'L{Oee#m3=fP2rUˡZ" , к8R",X.Xv"RR~yQxc0ھ/ [ Z;ι׊@'尩Uߐ uTTj 5iDY`€PV|[j=XʓueӸP u[&p; YSoT%-=Mꚴ-6a''ԆbywZ-!8G|\Z7S93gÑ}JNSFO]bقqKϤtFXcXm\l\O3 gfڠ|,$)ܰ~':Vvc&P\Y1pI9x ς7_ˋ=zwX$7i07y9K e+$BФdJNӧO,nu/gC@x@VZP`GH7Ozi" p EBؚfWr4. >zOOXfCk}Mٗam0 G,|>N"*vi/Hlt+\<ƼQŗP!KAn?Gx: :(KQ%cvאNeDD%^s_ oNh0!BFluH78=Wx%]#rNm;r' sSˣիö_UJ$b(z=ɋ& $,=@x!Ą |/@QQ=48@/7fg6(6:rn9o7_Ȯђtzbg'A1,$"awSeYDC;?~#* '-xu+TĬpο&PA{r9KQPi现E})mT\teȺJCx(qt9R, mgJe66n׀Y#LdsU ƇT<߇y6~_4!JJOZ3r_S`/Vo4hL J~A;ٍѪpm49 $TA+4:kֽ(|ls}Y]y_6/]<ʹ7v.b ~Q˜SX.VmH(iՑ(۵G"^zD@Kab(SW;v(jUwWnH޳G)R2ysN<( f ؁f,!ݜ޵OJGt:36l6IoC1WX@"Ȧk_8MZѡq)M7I9a$s֊tOSN2L:~d uFF [E +ujz -^lT+81>JI`݌ +T ;z/mFU%lN1 CEc*e7$N^b*Z ef]B}WKWQo+ &] X"XY*QggDyǡk l܎n,AJF B{lE_ʚ(w@R0/GuOí%}پ<+7߼5*G*vQ@!=+[3^ 0ٲX,_|ˉΌx߭:wӋytAn#MP66'Zur$e@=YeONHH>˪RNضc ,Q%~LVB4b2 ?V"mK͈ؖwwF/x e 37J.^jztg=CO@h%_|k*RPwa•2pu|T9St'B[P',0$.R#-ΩGBP|jHߍs}{!pyç}AǢJ!w $*EOM`[?gP מ=~3x?.ƶW%OV*<\V#(y#:|ZI o`LX'JeEV'J>ʩRDuhMϢ3ȶ7h1֮( oQ*t 14Fu>`^0JO$T(x$p<q%,]G)` ̲P!A)xN⁨ўea6WIHTHqe%Aϩ;f%l-Z څD^fdºUu}xdyRgU sU_dC;HQʍ6P&hU*=+/*fY xghCqNE36@nZ 8sqBAIWv݇m.V\u>RPB\;~3BJ* *ϗ0}eѰpX/!oA09;x4ZdYbT <ܸU8?gTk'_z*9-RV.E=c9*ekbۘ·VO8T-<)ɓo>s`8BҖ 4Vz8d!w,-ߦRʀl҃ -ZQˌw?¯ZcM!&x%y\qzr6&\JN7̪+x;*'i%(Ll5VoIOEF 3]\$ф̠ãy]HJ)l S?~wl4QinS3u몶*fA ya/M 6V< "h\rJu3d ?I?Q؅Aw(?6kP,Dz9! ]0qԗmRoPu\KwIw sgEO[7oCO7&%~2[;'oLTh*CΏBꄑu{YqmLø,p[K^LN?AS<*fOHƼ;r_Uk(CKHXi˻t@_On2 $ S3Zn`aᏒtkP}9R7u _>hdP*Dq,0k[+.="RzWxF^XLlRI"aU&輽L&="Sx"bNyM -S3X$:?LF< ?P^+2|T*Ҋz>䣇רטиiDeBhpy1=O{ca飨zߒ+ è(첂MQj蹃X^⃆eJa}} oNQ?-J<xs[ #؁%d=5Hg\#FI΀t\5H8ʟLŷŨ߀ԉGyb;l Gc8H@Iƫ.7ϳb0tc}%onP\W1 dxx'{Fw'T4.°^Cc֙ l8pRm f Z(FLJ <(X`V`jp<.θ0<զMe"Kf` aTu:% /M(b J&^1-\',2V7#=ښ;tpxdx`xijc%f>Jc㲓ۣPtE||gѶ0@^*Eq 0LFag6' cN,$ιkgRik)8W%dD27m~/oP 5c-^4#; b QqtpK{~XޓQ`vXɸ)J#Dq3tfaӏJq8D>`Xvs\ː϶+cLcqsᒵџ Ɋw6L\ti]5;;,w<AXKf'"Rs`?ٷ)U1"T~FIpa\W?C<[ Ȱ҆D{y|W|[hNupO3~ hT:a|g]"rexcIjmPDŽgGTZg,ޫ}%bf]R`2-De?L_"(,)BMC,3:|A{7s< 2v"?~/,;֓bC(J1NphaD:C} L'3h& Ŏ힗0 p_.r&-e WH=@rIW {pu姓 #lcL=Ʀ?~ (Z<Ũ+ '!VFR T 'P*PVX9ת^!x)vɍ 5 !5 WmTIi0XD0KW`zsk 2l!wTal:[NgC8ȣF1Zs+a\^ŋ{YWg. lvH!`zz|6I!3*1<12GFT-E/3rwZD$%V ii]ɰ>$fgYO=I 3ǃ*z\-J2޵Um"gӨ[\K"^2S*%X#>ѳkK{WqsKhNaӀ݋w ܵ<$v!&fsi*C7ra|3@yJ@6WasxXk@T@Kdq5Fp.^K mG8ģ-頺>a_.퀨 R!f~M Sࠡ -rG3-3ݕ ?.CK{oBEi!}]'~禸W7J{06_a n Me?J YӳZT `<ْBi4[P4QMdq9uL7DMkcjθ$g m]5hor* Y1:N`*5AT< N٥̊{x7z`r' w!`'RQp0^1bKNȎ|MCuzm(3&2Kf|Y7I$3p9ok KB57M?>ԸFUu@0<,_f.2%':;[x ޾$ZR:sUHeZzo3*_f|"ZQNi=ިգ2SɯNAFaPM{ɾʕH/ԧs8E8Qg{)2!Rsnf'x~Y&6}1n{cɎ~tXte.b:Uw#GTk&nD U8 X kjG Zeb栟U+9+A)) ]:iJ8k/ZS񰹠Q DnE] UAI Y"S"}+;W:4;7?9肱K"ԕ g]$5=pVWrYAx`s{_+^YC!abA;ÛٜBȸFc嗠EBhi'͢}BETtKOLn0aʋz]G$tS fЂ56W)ju F1?7Ҙ8DЂ c*tg8{HTn\c}/VN~j~@ vQSqx\)$EU/kA!uV-2fƥ!Yx$qH K湲,aQ>'ɯ=h y*o9PQ>Ɍǐ0'D;>?mQֿV xTFPXWqr /<`_v]m`in1]/W4;eӸ-eDcCvoxDneF8{b &rC8#_ivJA>Vբ=LJ,16ȮpX|#Os˳eaWWOk ט t8k`${ %D*7[2i6'%@1`6y}KL. efm)gf4 (.LJ _'HQϠ/QHرeˎwW`Hw1/* }@q89,Lrs{o6,Zx<3Veb4@M-3_dB˂sW35DaQ]U=HzD7Dv&Y(ӧO> |4(ry C}x'"?Ti\CM6 w#"$a?\֐s>޼yGn8+~ 4}!=$0 `yJ"%/c :.KCQ;|ӛf0]*Cn,c8"gaWͪg*MaSfoMе3#E( f5I/OrN{b,L)!IslP.+uRxtFBv0X-EN?m4!ٿ 4t([8c!>%u?Hh13}݃bDrki?L3F;ֈIb˅L[/tcc>5LHBk *'@—_g Mh5OtX2dU0TxK%C1Z6@=ƗYR |XL~~2 -@*X\NI,4y 719B&~dEƤLܻ1aaq 0s|bE|YyX2wҞX+&.TsasqV Y8MF!ȞCD~֬NU8M`)XníNIGgtL8D<'W$P6ǥs7rbјXrRZkVʅU;K'F)Z댡NLRvqv`gqfF~R{tsoT<~%ȣl"@ઐ>foYOio?.bd )@1UuOV]N+iʖ)nd?|~˶Ti*ҝ (,t\ D6/ HI塭I6rF:62ؠ;9 @97ށL8yheHlݩd2j?EDH*@ p3};QuzP[Oc=t5q)]s$)Utru;z9I3fd44f1K]Ӕ[z!.I&˽S]JUo!M_|rQhj'aOEݯ{D&UO_5V㣫 =\ +'%c$Ml&r¿Pf=OdP!h|9`?zM٤4e7Tbۖc21k0zzj@wء@oSm8j'{;/ ck8G͑x_r>"vWh7I}F>&mY&ԛ͓[81B#ӇXꐔZ!Ö2JuY8+ؠvQH%<~&=o_,DC;if3%`K?9 $iҘj#y9JrtDs$/h یB3\0=~@ߎ?AtT'P73՚pF YbNSy crÞŸR t,^3AYp{^asSə}TĔNʻK\h U ikrձM^b8V(y60oP9ѡ6bՃ&tͷ*[Ү1;gGa;xn M#j\Eyr^Xvl̋=9MշD(u47TX4i ÎFă7u:NwȐOzlͧuߎt+3{}NwNZŎŻUILA̞Rg3xwLk*,FX-q+d=DFg$q,?S1 (W4Ѱ>]]L/ݲ@ȰRgҝ6`]x =RJihb*(7LsUYr7ڇrfi_V,;.nWXj|ٶ]J-|-By1*?/b^ړ1|֓d?Y84m\-SQm7O<b7xP;VD!Ao J({ZeIIAl$\k 'ssEv_dǧV yzX31kWeԙt.?rdֈG6qGK|*͂i D- ݉N+N^|~Gwk?*HW~D⣘|bmyл{ t"{,ЮkmKs˨J^ xE/ Ԓ 눠x 櫆ShQ8%&9=˅]O hM9_kmگb߈q,~aW3ˇk=(1|3TdUƔ1aUV;f,o NzU0SYWk[1"FoND1i_(dq5ǯGI~ !>`ǷHf:#sEzun@cuL0eXI!q*a2] 7j Y9 u3.;3I473÷VX D_ZkAgs?@RGb_aQy7OteW  s}.̓x33㢾tRظ:BUlx[̝ǏxMːA@$C|Fjv~MwavƮ.}ڿEʭ᳇*t0}&]QzuyzwnQism=[A(xgWT'C\gƏ+-sk2e2aorxTkCQ m^]Q!< Vi7[Y\/֤"R l GXx+uwn7y}?L>寯#Ke)pN6`,*!!D:B>MmP 392y5s=ļ1N/) EJV̋)å.S.77(lqg;e 4%}-KUk{-O 3_Z?~Y-FyFTtBtF cscC! g矚u`|TG 3@ L;q=P;LhīH;ۣUi,rg.'ߘ)]j74]$nO|zH?W66Șl9̉$\Ave.I e&z* tʀX(/('lw^5! YzE.;8UfRX)-sP8J!F0Ndc1|) k,X2T_S`R0bEؽ-zSc  vO;t }\_N6yɴ&)Ɂ26R̥BɼejI2!<ǡSt]YF,;esBŠNMǃ찬%B:/ Vo_=L{_,,%UG5SM ڗ;62`cGS#nܜ7aozH ? s'Q24!!0V V{  BScḇAϲFT~B.RaQ6ROz@yXxDtm=ff?r-nvu)al .GϟܳI`M$XGt.wJd=p zTt+b.,F"5UT&"KO7 䲏6knOs?; bGL70Vj\Qjѫۆ6fBcV@d3)vS`*4|Zڔ\^KKלuAiG Riq=G9QOQB6vy,{(>K<q$V+[NG 8seAiX}k-f4~Ti VSr6&;#ɤiް Dk)pE/$gv7bY&I ))Shyf"yt FhvFk2ACk/iBUK sQ$yfV/nvƣEM fxAm L0fz DĽYZj *k6.SN[> kui]89yjqzCW%;o&㕱6_fLT/o;~*qNؽ,vOțUsrC^>D$s6W#l.h8e/p6fF ?| Z> ^@Q~KQזPQ?4Ոuз3wնU<5+66PyWfڙiUd:O]D0R&lXJZ ~%YR'y2 B8q0--;$լ,#*kq2iNq$6?\}-U-YС3Ж@WAr8<z/O_snP'B;ЖboH87CJ;ɰ+Y;td^6Y?dIvgH-6 dd.8܈:->%&SOO ij{< |s%~y4hp-p “j5Zk:Ej%svOh*(i: m+&cΛy!&`ˮ"2 /&Dh#xcfo EP.vο' 3fJBځVKHt{Q5 U촊t3 5WЪN˺E;n .__)&bԟTf^UTxW0BQPfzQ [¬? 1%(@Te X/:U: B.j2;bҘtjh_~]AZ%ѯ^fL"\8QP2'2wipgGɷY|^+#Rw{)z*Kő,ILke|[-v3q?+*(FM^hEbM-lCZ^M-J渦P4tg|P3sXo8ToJ% 6S79[cowsc RuZkl97)9uL!,? }PmCDjiTnڿh~\ =%}D2BUiK#Fe'7E_P Osp6 )>ɀOP1Gl3^P.[{۶>GFN4l,w'N7=w+2/>[߬wjeS$H'Sݑ,szu9NXlnBRҌYKqX G܂ -eRi ;ay82 ՌnKaNU;8 Y.7X܄/%%d0Q +[8ܽkrooxO=b72Zs;ŪW.ĺkbPqD,%N}GډnH!YZ o~.3D5VNw|ߪ=s*C> yUW#/jЬߔiOo%?-C{l$\5 -:,ʹeLWgWm;ZsؿDqϼԎs. vEiBBNnnu #P?hm5-aqRN ݍ98qE$-?tg9ܻVG&l5i [-VQzsvT/0 d6L PwcUG  P<'^,zeS4:';yZJDcwsٌ2QGnx[f6ϓgVoJiߺe}YnXmOGFnse>;i0He)=-TULT xIzL0Eg0x L:*U`яǓc,Rv& =t+Wp"[Q(Y&QDF }+T&x63!nRɆjH CL1TĪvC?ߧ\[#_0<( =_'Ә(ITZ{ K# LR1qa}r}'a=z/%k rXeNC]z&?ƂO4>>7g|jt[ozUa֭,Krn/2 VY6hL ۡƈh͏f1+/pGЦDR*Γx~@{^eAQZmyFm!-c \1D #ƱTGIU0ãb*kܾ`0,ȝ3zO? n``&6y^Qpa@6? $ "JH")lUk]r.m{!c ~8Sfg Ʊz !g:ȁn9+E.-5׻/W9Ob0¨!{y{3GI}.Ab=;2^oG'%ZzF8Ϯ |\zĚja{Igfa, ~fBHk9dUm{"A=xt(:"{/1xSɼu.q&|Hϊʴ,V@} v Ajq'ՀPads 2uD\C`&h 2買t;RE'阮F_?CNIy8D ɰ0*}0Pzi3J&LvaK"o݆rTwX(TeCW]XEETBJhy p'ta42f:ӷJn˓ǟ&<xcuDgtĔ>{!Pr\CB 3C!OW2X@Ք,v5_ez"dYC\^#`X S#"\Tɵg$[ #oً,KԿtHP(]?goVp}JNNtߢp42-Ë;eMma0jZq]f(H;Cl8֔ŧ,ƣ#-kQUx9Ͻ;jš9`c=*ޅwW*z:;$jx!o!Ct4焌s*:sfQdC"hB]1X65}"$4Vxu^3 s9Dr貶J;ApB30rƝ$8IOZC@Z(\m5'~m2U-њ0(bߑp*qpo)WCB 5l$ǖMokĔN ³ht̋wTk Y $6r >NGdBNR+|?[4^7Λ-}"S(nu< ,28,Rŕ9)z^Llc0u~(]iUݧr -[M|LN6ʺ>]vvB|cr@sD$1 z΍? Ɵ~_0h~֙ꟳh͚,Ws;[ܞQAk!+ ͭpJuײ07,7v<57}JN11!І,$n(}EkFjϛ^̔,Gj#)m'J(#{ue\;M)S3r8%?$>G)/H35m+5TS-VwnBX>Rn&.DܞVm)y+Hd@j:}iݡ+6vhyy-dGuD6@EX̼V/&{^>c[TmW 0p*;zc1 dEVLųGU.H)]ljN秉^B[z P?r-VK2A;okWn%ݸXYb?h=2EGG!= U/ $nS 4]:z[uDr:ix= Zgt9n '(dPpˋV$mo@+r괁VUt8oڙŞ|Q,k-8ɛkVT X ֬9fǤ--ӐF^MyKuO@Uӎİ#P -pbʖ.oXOǪLhMY Ϫ?Ȁ4T 6_}U, NDz%IugU{bSw%kO[6T=8ԣQVY?Momդ#-I35ݘhi eHm'sJxIpMRDi1l,">@c} L+kõ_R~o@ zܵ/  v)_ Mґ.`?0qF=3y#'C%1L`~GoƎy/_2Kߊ$2'֒$cQ<'+,DkI^F/cm},,U]S"Kf;F?!ÄupM6[_eώѓ\\>Myzz.nA M"O u+,| ~QF]sl75RILj7 ݱ kߡnCaG7x(Ml|7,$x@n2)j.a[s1nnwZeq2aHlSEa0׏iy~%p{E(.*dgO4q $Zʵ,gKt ՌVcM@ܮJbEm\VF)s, s=v_msOȊ,oN{YwԋϖE8?oWXUiƮ G/gptںNK( W, aRx*幯ȷXO7if`,B_ +2tBg>cop""D `xl8\/FY pc2Akʵ\%ځ ˾_AS4ܷO5gOK 0WNZ&Hm(,E7B.7"c_ G8?4}C,ebzOriW1QBdN2V]A-%ot&QX-4YBoa-Nе ZV\i{fӑ'7iH|9 8ݪd}_(p!Cb0pR'yEwqw>{1ǚq0#PW8AHG~K7J:;}s2@c,'2p֚(*6[#aΡ|f,:ͳ/>@uW;Mlϋd I꫿^lru)Z4ԄQsuPk1s`Ɂ!S-0/Hӓ۳l3ޓ-|_uZ%bJe1:)>ewb8o̔]KfL4s,pqbi0x/WPVE !c IrW]~*{F4$S\u+fK/&r IԞА~m0^{{9=l\v@~ޫ\m1⃥Ϻ}?:0s;)g4t un8 $fQ^"*5$ۧJtx7ZIJ Q>?  A2)DLB&8H"wj=| JW\Lk@S':. xjT̜*WLgvtI>8%_gUqEv9%ȋcPc[6FTM'xgјSPskSa 2HE SCݙ52m" 2()OG|M&qpH9ӲS7 :cP6?2**JܘqB4yWG+$;.FW.N!wQ1Rpވ[tЩf+!蹡{@š $#/%&cwPĴs vOjkP6<2OgCv2<=69p#@(dn&e.fuIбx 赠$%ВZp]6^RHdJы|hWN25|81#]"*XF]qH^6 #pTR浣 uïꕣYT-nU@ZP=Dbz3JݴQ/\؉יDxpBl* YZN G$fD41)7^"K,K s.]AEGL'HBn HO Mܡx@i Bg▻٭:kur;!*dqm9皝5r>6?m*-S[8۝83K@g-՚kTsCl"TOPǵwE%/?3t {&] HWoS‰6nV]hO{>~WRZѐ~јys^&Av/BW;U6Aav*^dSH/c3kr șW*F9({+KfiPS m{M]pWܝ01Z*GrL~鷥1u<+^H0W B07ZB_.ZPTEv^ߚ=/V%v2N;oV1pxN.*~RYp~XT;dNqVXS٦E i_@~Y2Ud?˶EZ⌘(h ObXedQ5Ez<Rե"d 5NS7`V3WQ@[ѕW< ,jgT}@tσf{M\IŞ6KAk5R^1Yq+ V^b2:HlZ6%nIh,6Ң^Nwu:! },熭be{nm$ wߩysehU^&NUF[XXiE$&ޝ#/$cPY4]V<2xE_.t5 RPjVSz4k۱ FO`0DZazL,lLU"'}No2ɷ V?7ix犫ˮgbx_SS,91E`cO6WG̣WB@|&7j׃[Eaz{/r@sh>ձ!Cmԇވ6Hw$jetq*q9[d~H ]61fiH{3 Wܮ!RnA;rO.YąR `Ȍ.jw5Uɝ>I&v784єQfr; WÃbY^#P_EfC˪:ڤ:۔,0& Ďr٣=(Ip H + "k1+rIew>-GHR3Z/. /]mN6 m`GHpnx"$`pKz\|MILq`K` 8kNZmf-9I4,QX!;@:X_Z;aT %4@.ɒ^[vqVPT^ZkRcaI%nϒ_G^*21 uEN}=FBuH8o0o9j݋b fbeJ!S^) 6!|lgK+ -Nx?[}`BYIV b t 4I͠V+3#f)M:HQ[4&+YؼFlUX74WTƅ핍up'T5ōTC#EQєՠ4 >d27,̜bw`Zɟf3lGN37;:W;2ؐwCnQdF2S&,E^]17[?OrPg),SY5yŶ~ Uj[@ ܼ.za| KXG\Δe|HJy8gZ<=<rG\?,I?5 5 yP$U aRS7`fiɂ%!uQJDjJZ2zԢCa'%jr_齾EhNSƏ#~wC޻dwvuaL)j ;[C*$FI o:ie(.왭9,3[[e]ueN&Ǯ I{Z=!^j iOi)= hɷVXH%t3cT" x"t7ϲ=1bQs8ȷ{/뛪bBf77|O<;˝N:}o"I%X6<াݕww:Așq"  =:r`Ny2'"0"{[EC=G3E# l}E&c%rt:|Ouya2SZ!9"PaJ!CZMxTpv-d;;+ =_7b1wׂKDL*/*83+w6 i<%uXY eN|~mP_o Lpe~mZ| {Id*sF5Ʀ-* <2JRԔ-f{8 }C0u6/07-c9aƧrw}W.vDCuJ 'X.MAdٷr҄ԑ@QjQt\Ή^1wo4G]A!>cj/ ʶƠt_ğnjvAr\2L5u(Ŝ_SSrmk3ܯRs` Rfx Ci͎Hx j5X=f]*ME:%POrO>k[ye>x-^E- xElKqɀb$A8ݻ/q,!w1ءa.®^U6Yw3VPsRWgWlF*Fm<\9/h3/Ii+<`r\ /J(9~ԛ5yH %ZiHz 7yFf# z *O*xtԸEGFCLgېV[>e`|xL% rVS+$d ~0K'Pb}띤 c]*u FS%ŮZ%>6@'R|@v[Mڷ&^e"(1.! AE})ߴp>nn:#(mdpa˩(뭮7ESIaPJ_HȵhBie`[KV 9@YA W]S&!d3Hh .{<{)b>pmWQ.jdeŌ^ ՌoTE(I W7#MKkEh(76彣Ȣü4dž)rwA$,DW|=ʐ9hr`,sAH6k$!E)HVښ/fnZ64rƉ'[1渃r 'X GT8"<.+iG W 9ɽ>%>/l'5`)GM|M0 ^+MP6 "QEVr.esr[ 7(j/QT,TQ"% IF <w{UK_qǁet*&.uVܡܙm 破|$[ſ['8LcpQ߬M.Ԭ9{m#(5gkM!ʧ3ZqRɑ^eVo%:%\p0vL"hj G/Rp14zpbr,ݎJZ.J pi)s rB|}Y4Sa"搓x>[WfdfçW=ʝaJ,`^[ɹ?%DƹFǛ;v?Me[X3rx͚pQfAb)#+QZ`s2Ȱc-TkYM(E?}.yOj_Xͧƙ{Z!4oY::(p#j,#-҆р/>?OKF"d׍F/O><^K^^\'+ XM"NmlWݢ -5.2jm|Jj2nvx:+Dz4"XQRL :JDO*qC5&IR$chQuYIxe'M~0QGًC;5}QEiMK(Z䥖@0G\d+\ZQV)5 ·3X)sm,)ŕPiƢctuA%S#S*Km r7@Ũ%Fhߏݚ}jP:DgmsӋUގtm fS,upom5&U-+b6XECuUf~ :{I=&cEXb6nh0=>FjEz-unx{a6!52/Wu}Sa2[[=Y5ϙe?W4 tNӷU#;2 Q{pT k ë@r/g_(fϴQ c=ɿ!%3T ߍ+%1AWAMSRɬΠo=:ot|urgaY [ʯ? % WWÄx1OUtOket{ 9$ YSjЩp^`jj)que+"*W! mp]YjlNE0~J)/bj H % ac 7 seBڥM#c3f bbY /x\TNL1\Z2X']]?vsa 3=V.I7r'[FƮWLfT$5NCrЭ$7ˉ[.N(oA{OBmC ƑCoincYQAXܢ 恭J{vJ(WTtUl)RFZ$}/hyHg`%}gN͑ ꀾE5]/P~`@iUkQ,[0;Jݷrbg?bRO' l Ee+(_a >񙭘IhZ3v`Nj⽄r+ Ms^*:uCRFUު[l*lc+ϞZZn0W,!y,Fqd= kOH {gBh 8-dr%p]O!Ηsm i&HtlK\a3{Ự!Q;)4X?^.9f72Ќ5c=ܢ ;%2XUgo:StxS7a/elZAxv o=u䩤C3}L%7xĀ(ZZd- #&BX6ҌCƗO&#ߛFH2xMs*6k!7hWy'ŭonVhFl J/o 2=oo+7gmQK7͚ P (ju #HtʷN7|:^[(Sۙz` C'Y4O`{ Xf-3LՉ4sk*,EB\rAP'w]8@PLRbOﮜm"cP*pcNSj]سZUolN=_H]4L1WXBX0G zk"ӼL6D)7wdy؅ȵ΍aX t9fi(S񿰋0{@'w?`y}I2Sa[TQ#.2 8r7xMC(e^#d#{/'g밁+@+j[ށ]2[@S%dʯS$Ӻ)}+ECDw>Q065Ʒ)j{ٚe(5ȗwR-{dg;n-]Jx?NG+L:pO( 2VkVLE?ǺR{CDȀ1,۽/r_ of9XPkdT~ų{'WruQA(?f-yO}`a۔0f?8)ː8 H'Og ?ߝSg-/IhKǜ>̕7}o*_:xsB}qx@zCdu QѹEEU|㟧p?8}3 b E-hg!0`NgR#ghE(j8 \Dw\)Z%&J'xH2uXHF.ilAU)p(_B=%djΔ)5)_g|| /{2~e. 450@>=5gOJ@ՙ3 T{a!^Z#bk`yK@S9a})!Ưm3ϐVi v2qG~v]*G4]<=·zE7$*VZYTivcMo / g?}Rjys@&u@ ձF}6TxѼKBDۿֆAA3+Y[N+%MM`bEr^[`/؞+LO#lTJa 21mf(NI?_^ v)`yZh'$dIJVLBKئnh RGcֹDž@M#i^ ~XJj-4SMH_ɭa9*;,J.{4}|!|V{eƾ jթL 2v8|7&DB%[A֏Ʃi$j26,c,4omQΆBb9p򐊡xdf+q"tYe{~?#:/.OA`z"zNkv2 2rw`RSH_<=/}/9ɗHNk쥚d,YJFk#1.lT~&/\l53 ;@,yߜW n1 @D2:M1i(exCtd(5F~_xPBZNW=d]Pc.ڬ{쳢QYUZG=IPZĻ7t@96'Q4tv/-\;}SX9_;\UנcC5VY[K?+g( K]w%r ۹I+bYFs u:(lC>6_Piq8$j?6'~ m f=.8藍/`|_rK*Jxgmpb y M-ٚ=Ɇx[kIxX1rxxP)utml_%s$ZgDjvouN8TxG+ޗDh}yG5NN{@ Z⯥N8{fzq\U#uq'؇[ZԸ|9X꜐2+#>̠{v4NY6h4@.ye.ճe!Z8f*qqӦKvvόF]!i4~O`i 8:94 O~Y5 8T#J~;әe n q3Q05KI}mk,` y#zT/s/ʇR]s" l^R&HЦR{'@_~ ¡j+$/O@\oʸ/IޝӸҵ]n7 3Bޞ_m-@;y" ؈-m TS`L4p=@{Of5b,CNA۟^4T5;40HPlW'ӵʰly+ӭ8d@0[gŰ+@ {4KG4:nb"wj)KEbWk/T/k"aMK"S@{[xH{f`ɞ*0s]2I]&f4Iǫ(oOoKtOʙL+gu9"ޢ(!e,r0Hjo5W~xTb|O#NX|<,^H%4pWMCnuIa\"|}Z$(" Vl Su<j$_1p x${}=(.Ktcmme&dW*[p:(sX;fr@Fغ pIKjC\ DXb&>EP|recO^>si j,3p M;Xuu~TV6> -Eל|?2+_l9gFwNyzJ@ds(mo8cD^}YNe(a47}q/pa}+@W3nʛM@F==Dj~Lfn*%v^0~yO<4_ϣ浜ɰc/ZWsρ[Yk`>O-PE9؅ 'op"-&I2G C,nflCYT/y-х!k*65Z{  D( $3j;5x.Z9 'Pp <Kg~ MjgGL6d.dbYO2p_kea41k-0Y >>}#W\{X? iw=Gk>;8c;&Pf`# S^El ݼ׮ ap|"`u갑k\3,FE-~]V@̙3Vjiq^0唊'էAIh?*LT:f_'ʹ?\:Xx10;#RRߗbUB` 0 Gf}V7-k&ݖ;ɾÂK1Fp{ %\Ϡ x)Swseqq)* &= B(+%6]edm[&%<{ Rz$8DnADSga2dse ޼LP%Lvrn cp0)gw0\TEQөS 8(ͦSnN C=5w@9k,"'W0K9Kԏc)vA`g?xSCa"abn-|r4¦˥3.k홞ƣ.uAY\Ucπ!A֦R-&Q74t7($O6mK ՊހP2!C FE$<-/ 3xYorA?m m /aճ jy [5@ȨF)9se4Ԍ-$xzP hE]Zyc38(a5 tfh0() K=qY\v3Ьmg_],U gZ|TYwݬ4Gex-CO@y8>y@^Ѵ#~,~\=z\B+]-$ f(-bf7J(J?E59oe[{w5?m8*dߣn/RxMWm)?^t}nȶ7Q #@3`,A]IH_bvB&oM"ޭ*2mHCyJQ0wNd9hr)c]~ /ow.cre㓮_@5jGj+j;kt Yz53Z/ /I/1oBm8lE?vpm %T3׵b2Qmv%o;N+M1YQtm*[pWD_v6Յ)X -*7f˯YЋ2d S i?!B8<J*P=QMT"iv5ƶo`WbyՆEjsw}Y;aAIᔞ:,Nd/!nJu(OdZV2$: 6Q=J3[ yoDq.'"!nca()PgReS|ŷ0t(XK( e? O |˞`|Gw2aw/'dnPP["~(=]6Imۀl  -UEa>z`D5q\[M!^U\i=/ܬx.lޔG=C, ^W]NE4㔚;l$IN8x W}53Yy|B`< H [h,]Ÿ #c̣x/B {⦒#R N dக%.H5^eh5U/0ib.GߎM&Ӈ]۸N6}.斈Bk0DuP ~⁆hђD@ cn'}g;PZ#֛SIM ٳ |p Ctp8gRŏ#UxX(~y2SlY?Pg}_i $!S;Dلy\ TQ"UwmB8v,i[rr=g_c/icIϲ"quownSԩ!+U\#lʪ%WpӖ{)l4yKAG"RSV#NJ^3.F(zcĚ T2(Fu0:D {tL?D% fdQc(|.:>D22W h)M `X= I/:҉Kw=ieGw].y5ySJ [k1ָBiV*g) F$m챼$?Jz=?lo]}mL` y KfwiRpIиY8oIkDܕ+M´+^m؂:v>rl*J6}ϥ{(jbC \~.{ӺV 0O'+MGpݶwk 'M'T|Ke1k6dwM|9Dj2Жkڼ9F.Z,SGzIʽ6;zk Gvׇu(0X)`eN\JV{&3F4y %Q̉AY: %.QǠb$]1B+FETWJ}זw6UxEjRv_{.0l9T_㤙qc̜TGiAkʸr=Ȃg18U{4$n 5$`7T-yaC'P"p =Ү s-3~v{`@!Ri#ׯKH:80V͕ U1r xO9L(0mM6?仔F2W޺m tK43@n/^ 🬙u1C;rqn?FCIK2U[RNQ^&a¬e{iZ:FWDI.~ٜTEM٤Jy5Φ^9oT C3 p%1 4&|_N+LpCs66Wy.coǸ%˟; o~@јp=<} 7@َ8EQ _ܭ +{ۼ+_ YeEO ֻa=J>$􀏲˴@0t Mqi fsJLOrU4JB4ceJFOC>.غUM6'H4yfbimoa_mގm28NLΐ!Y@8Kox?ҹ^d3ckUYrFɆNFjD,'/ڃTJ䯙{Ei]CvbfUoZ 56GEC-@t9_J"^%[l æL?a)-HF*o 磃ĩ+e×r17ę37:/dtx7LRM78{hBӽ?0H)m싞=id,ddj T]NMS1oFI =IsRߢ4ރmlғ5^VdF_T R}cM,מq6q(ΨwCSC#0&98O \$NtpS|݁'6ȶjRo ΋Z3w;&~Dyr x(-MEY tH/77rLͧN:S0+o %gz(lEPVP+H/)OP? x+D Fo|^?ỷrA4+J<|簺oX*@hHt^r|Oj3mse[03j:P9 OВ"\.J }<Z\E7BL s VN:m}C 8t'v1wIIPF+(mGF 4:]P k䜩!W"~@[J><;;D}.p|ȣ!(a 4.KOoM1ᕡwNo!= %P`!/OɆНl^f&Y!\JRg.9V"M,2,:'֥LDl v*;{K}*(_Ū\ pTuR݃j9u,a\Ea%U~Y3DOSa}s2$'j#sǫ]M/bҰ /W챥hXjԦU16p$H^s8tI2IXç⤽M WYbLۚX9IRҝ╨DBH YZ