sssd-krb5-common-2.5.1-2.el8 >  A `{U]Z(S[FpƲa$#x`Q$$VN(:‘^Tb@ӏG\|#JtRT]=rt:QZ_r'$[Nl~QM13"^0μkb·)Ik*=r;3~ԙ%cF/M붚:Yh,Θ g8H<(=ܠL/(mΫ,\i4+6 &WQ.i TB]@qm,9@AZ5F uTNdK1B8EPUECČo{y/򖅎r-h؂|T*/6^:JLFY9hQԚp덏u&%O*9!e^"vll'~]P-/#GKH 'OrnWODdVA@EWW!JlPdMf5B91663b04e80467b3e0119ba411e5a91b70319671ee51b6c65801b3e6fbf5454cea247c07f1ba2bafa619cd798a0cd2c580a1f089P`{U]}1ڼ¸UȚzY/Qc88h[ S~T{h=T3Гci4}8W_l6|nPM/*xhmgel\v)ȗw%[ah:eAg7C0ggՖxzC>➟|\1IJv\4xUI>"-:Kts݉^K:a 8F~ȰD Nz5:ziXӑmUmH_C!gr*/8 ^IPvRQY):sQr v^PfzO%CСP%Kw/sh}BBjDM.i%CF!#0dWn|F$U&*U%9,f! 괓|b|.uG;ijͼE5fd '[5uU16i 2$#NɈݶtNTr AsP)4\GΠ%Y;G[X/ğC@oRL#+y"!08>pAd?cd  Z ';X^f $  8  L  t  >     $@ h((809:\=]`G]h H] I] X]Y]\] ]^ ^^b_Xd`e`f`l`t` u` v`wb xb yc 'ccccCsssd-krb5-common2.5.12.el8SSSD helpers needed for Kerberos and GSSAPI authenticationProvides helper processes that the LDAP and Kerberos back ends can use for Kerberos user or host authentication.` paarch64-02.mbox.centos.orgţCentOSCentOSGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxaarch64getent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd'' XKAAAA큤A` Z` Z` Z` Z` Z` 2` 2` Z`@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh 2.5.1-2.el82.5.1-2.el8.build-id4cb3dd86b349898836eb48344d352ea3714442b4d23f0646ca015398bb07ddda893677dd807f76c1krb5_childldap_childsssd-krb5-commonCOPYINGkrb5.include.d/usr/lib//usr/lib/.build-id//usr/lib/.build-id/4c//usr/lib/.build-id/d2//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-krb5-common//var/lib/sss/pubconf/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnudirectorysetuid ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 3.7.0, BuildID[sha1]=4cb3dd86b349898836eb48344d352ea3714442b4, strippedsetuid ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 3.7.0, BuildID[sha1]=d23f0646ca015398bb07ddda893677dd807f76c1, strippedASCII textRRRR RR RRRRRRR R R RRRRRRRR R RRRRRRRRR R R RRRRutf-85aef5bf7e582228e237bac9f902d2ed5ac8501c0aa5628318ea62a1502bbb275?7zXZ !#,vW] b2u jӫ`(y,yϑ;ӯny>TV.elbѭ eTq`ffIT!GA>N5m*LY ]T<;cC : 5 k:,g?,/ڨ=}XqS0` m r8">/ӭ2 \QWmp$'FO!apD+flؚTrwG+gqB>RrOA\CɅEcgː/ |wYACnZr(pPKض,!_*2WS<ǔs)C2'yo3'AfN1#w$}Ig8]Q'NB梄 NN1-xs9֖PӐw6B 1fWrv\h*;4O?\(~ be/J1">y=4:N./oِ hHTiR emÕqM^?H)u *1˝$)$D3tF_ =P*=D–#w`VG-CҗIbSgt3tWȠPCaui=n\3ƫj\fN&+jO4|Æat8I9q1xsB+  0d)?2uJ ( |L{tٚ]IlئҮGWg6..FEC=e+8]nyk6 R XASݐu%Uvĭ.|Fq#Q+ԿVa]<>k5R~-adèҵaLBQ@|:=[3~bqo3  'J&\;NEQ<> "l|H9j5.5^l6LhwNUԒy;eU[3E܎4jP T%e4DR<Y©" WA\y/R5Ι,;mK؄ %EQI hu)1oM_- VĜh{׎kdW@l(*Gמ٤M >H+R6H2tYN"mLUѽuxQuMmk%|Oq2֖}ELK{ Z -AX7ѕ"nτ a"laer:j=p2M߻#a)2[,7y Bs 9nv_DsĢ/cgi;PJ$ G5^L3]ᅛf!򙻘"y6p.}MϮ0wқ)diž.00gT O;.3-Wg{BgyzeSe'%7+x=Hov sQxmZS(Q Vl2+j CPH)c)Wgq$E0JJ`>% Y, 0&U4NY]uhG@A'G&ұE/"W9f>oZ:~*?h ]45O$}$tH?-ݥ}y"8L S+I}>K5J|˾"~&\mPyk2հ\ňhވ#C gjpXY#-/܃:8_%(8ܘsQf,a鐖l=J2.+BO\c]Fn풱aY !5\6WZVm87ksP@YA]eOK}6kS@>NH(C'O\ "Y)B*U;5qB"4X48´";7$V _OĚ})6yZ"jؕǻ2l<(6p\Ð߰@g4C:U!Wn%#Vܻ2:K;K~rz+L4bp%e8h+bgzis.$F +t̥&@Nm"rm<޾EoNtU\Z=(SA].!4KJߛEw`j\*ox9aΰD/x~˝j%1:zMKqpWl$:֊jZe)Z,QuPE4Cn¹| xFP.ʸ#**z&6F;AGqF?mkzo[E2vXZ.=n"^阊?gz4w \erl" Hg  feӄO͐M)6MF!B_Mp-kw䵸ֵ@Y휈ڲߢ#b5Z=@eAtr\tR[wHM4]?/Q sN17y"nۣZk) ʃI51( n7PbVtYPٕf)xIټ}a]c 37K=O4V-gװ>\C^.TixZᘌ׿ IJ'8jp0}n½V{ԖcFE*vsjl^.™xK+-*d!`oRJgʁ>͵%3=Vf7հ/IO_r| ,ˁ-exVP?vJ7M-k(ՕTCp#ͷ: Z0MkWi%˲|r ~1Nb€e̥2JC6F$ь'bJp8-,Հppp[WDT]0>HdrkcE?o3hyŭȔ#5BtE+JJMoG8M5` >4vS}O83G򣀤)Qӂ^7rUo7qZ߰*|9/] Ccnm"" M=XuL5k)*S@l%&"ͫԴͫƍ 60!TK[_/G)um+w[nmou:ń 6[O3.6 -ól?zEn6չBM뎂6 Ϩڪ9& H4(@)kZ ơz nt 4EOՂW4j %rB. F{-D:9aoܙT- 0Vө9cO(._9^x`2obxݹp`vykIyٽZսLKwd)ܿR)|ڽC FdYN䬣1"n/ !> ;W`/,TuZR3J ͻX^1,>zar IH)Y5~nIMn0lgkoj7Qz5TEƻ 2>ᜮf?}Gi>7!?0@佈yr9Jmvꄑ*|8WbҶShGf~ol=NRp>Ӡ!2jg qvl& |51KzxH&o4[&UeX5,n-ٳC) :hrm]wQ~s G$ JFBhkz9߃isfAN24) ue2$EX#ߝ-qߖ@LL*yteaK9M7o4hf:m1Z 1 ɌБzFxC?$X1etJoK@@l<&x A a޼͋`m%,lCV-%<Ĺ Ru ;.ym ivC,ðX񭻅Y>!xR࢞@nV>U`Rr(.?G^D ,&L322RXngHPw..nt )PƾG}rT JW$ls.>HT_hRT;{%rRa{LEUɢ]8#}1U O :NJpyc%UHT4M㴻\R .Ldr-T*=8`yC2ĖFBgrXLa0E/=UW[1N `<{7- ΪQQvk Dڞbָ̟#\pTܴՏL7ME^r߾fuyf1.O ӏ'tlGpB$}F`qIi4lJƎ bo$fDv8a ".4iinkt#zhE^}6lWEJ]Z 3@Ҋrby㥭@B '.B9P{G1E+q`ȁ͙o !aVyfmB?0QE-`݈f]57;rR<=k$vp TǐJPqhpT~&DŊic>={k}wShzLzl2=K@ad59kQց?nKИ0QFVS}_O>ћg ֬J¨{ue %>R*< h2-Fn0,#,EzsO/9 UN_כf%ԎXk0i;:{fŕBd` xhjT$չaBǺD:]ϰF&Լ;CM4!w߲wG*ń/&5'A< `j,Urq5$bJ9Wm:;ʬe4鈴!jA![vԪЖYU 5(ϻL BKɹ$ D$#2T՚_3B!$]՘bi7`̶׷s% x`XpApqi()財ǔw%Td XH\ncd#tSn2路; ;\̨l"8yHjB:CqؘԛcHwiY# C g͊zk9Rع|=;snj9;\' '+Vf~: 6p^0.pHy@A2n=тIv (tADa}?`8tcY:j ;"~ .O%Ag ̟n/o9tӭm`gRrwn! 7vm{(%;/s1ATOa/E9-;ښ(TN4B'X #nO_uA/ 8XHM{3Ww |){X`63:6,FE$Z4]v.nlU0= @kb-mcM*eO n}KzveҀjsT0tʧϻWGEIl! WJj __Vб!qcqtd4 /V|vpIζm 'uwTlS~)->_ϖI^Zbv/rd^J'MФQTkGwf6݈A&6@uKmX6$Z^ĦSB2X>׳K ](WM_GfĺLP4FKc.f-1*#!NmWd\~d{ݸ?(b-x +1H,wZEDB|+h•;bt\Y0w&ozƋlC;kp0He9d7~uf1Wr4_]xLvF*Rb? 6{wҚ7렪a{6OHU2o>*b$|6mRMr*OBuQ )@Cz}(# TP4ÃPFd((am NMET4!G83.>g7?lF\e7xEXv?7t2t2 /G/~*Ks3$>^r h]=%PbMHDgFVw ~ |b0gA )Oq m[Ud?qʈgG]no_-<\c̑ܖx<] /Ep&Rk)y.hԫ-kסOM 0|?ݝ?)mQn3; Dm 7Kvӿo4F?dQWVs0*~2G_> W.*05_W ȊL7۔ڔRjr%͊!֫sLGY,W GwSJԱ{U ȣA"$Q [A#}M$՝70T>k<<,XxJ!/-$E|2[("PA)53ue?t@L+\R$B9LcԶXrqNQf#>/YcJxࠔͭ hѣ2It;rj2pwC-ېVP]>mϳ"mzɻF$Rn+I]zjd 1r~mr[Td%L 'QѺ.l|I]uW1A+~GU=TWzy*jW +scaa,9ò[[6i;36&|9]兀@(فݧh^|d['gf9|F2F 7´~lFu$s~/}nZ]4$$҆-+k%=j޲ .?SezK?u8̥?n= g[i{C^joןjrP.Oա]tJ qu5-Gb6|Yҝ-@ HQ I`{'̑ Kՙ6 f)h6ft%q+ߑvtbjhg 4֎BOu2iy:ْ)ZEm8,>f2Ib@7(=bo=p? l޻DX㛞Kzd`6$<ITfgRkׅ% X:v8AY=w  2FfqL M 1EtOhlye&X=ag((d!OlALM (MV/ӛXeCyx:I 4mU_*c]yb{\01*J⶗&W .DWۢK$gq7 zYԨE! kqdm搋GH*&Vi@qL`ՙ> rpvLZƠC ʄޚef,eQ̅ku]{iT ^;/`4K+h4QΡ% 1iMCƃHb}2p#xmZQwHKBinoV Dt*V[s V\n4Lrivap4юG|hUxdۏJkFwo.o1ǩŔ i.h}0%%B ̭mC5U~>^#~2M-'%;&FMa<1ը>#Y0)Ȫ`((R?ޠ):Mmг<.fNJjlfN4euҷ% :3wߞYzV-·Cgr+ Hf,>JA;!h>m#+ `13rOn/v%{@# < `"+|תEE5.>&WBf^ OY׮v)!PzG'9zGNy|^QƑ9xֱй'䅬{)f?xrl9iE.>_#RoΊی*ڲzGNOϗr„&/[Q.3?Sbre9R<EыKX xXm"Eoi\ WycϞFDFH(ئ"(Y6юP)Us-0+.ꂧWeIw9]2|]N9#ͱ5oͳ]"uH/2 FkšQ# (@zaTkD0{zui×;ھ0p&LWw|0OpO'~\r 67rHkt6\)Ʃ658mFMc8}̐_}ۺL爫 %JdX} ox~ܾp0,9eJ0iEeP=5T'Ne34c%;7<>op֟T*{R= _47%;\KKmt@TE}Θ,x9pr MJ3q cGn/Œ=|6D}5B@4v T5GSxrPI gjhe!;]uȯY 9⩊Z\ۉ2|9<ӺQOƋ' @iZ] 6 ڙJ5VsZn܍۝yѵ9ؖekm(=>w 'xSuEZkY't{9HM\GO_mJQEnUF3DŽ5(oFTB/_gu ((wDsRMTmpf//uAL^ Rs]:(> G6a(zqNJY:~:4._&N>OZdO\E$16$^#:*ר3 NkdER9@ĜjrڏkldETX0$+qk㲟.-Cn!K%z2'㉠p_w_t'J?~Hjo *-4@#r 2v TZSjJ.Z!Dі!ZBWGK;}1i#E2{I;ُ<@un\u))s>wM_#oJ~p}E ;pD_č@OaptU".xkeV!X Sob f{ 8nr& $MA ݄a0 ('ӗnκp77?(d݆|T.Яd\OklZR mQaIHeբw# \V ̡$W_/ia03p&F_u }&.aa"&T+5O*: UᆔxiO-cGY0C" l=a VRcDL=a&{~|)xȎx}#-,8Be~ xR@G(M̴j;yKlVwb(}\;vs^z42ZWSb2@LTYYoI~"["\ھ *uq UV3'P?,aۚIwX948Yb/(RS}k*Tc+?ʵ )e$qX\;wTUc'OVt0 ^66I[ Ҭ䆷y+MEb΍yJ~.e@!oֱxzхe8 O$ua*|V=MbST~0![Ml"`/%UxH7<؊P,7"7fE5>~Ɛ]=RPt oϝxW"ZjeT|윝[6̓Ť~x]Tc.+EfHD 'CƆz| g{su!;.= SORRMN|75,lK Txܖ6{.u`|A"ғwYw ?ZMx^6;W}EˍbmfGĔq[ʈ6`Y<q9 >(:@|9qY)"ah$nUehGy߯!n4^pЦu bU>,T)%l7vh!i<QlK, n@刺'@{l'mhʬo6\_jlo)]H (~#ۧ(wR>I$\N1&-lB)F 3%Eh~~DAB '7M$#C!kZ(Ӑ5-<|O6K {~:6p5vG<+Ew\Me2gV]+Ovbi*#C-:LLC,y~dWčذ>.z./\wP xtv j}~,.]FLezt]vlj' yܟӓS&)rRcƐYtetcA<+vdc4XzF+MFaaO"\AG8']QNZr~we8Kp$Wm#/g1l #zI'g6]sɕT,NM7?Jexc]t#&z>*ޤtEp?ax ʿ(H|?[z‚rl#.`/ Ohp- %y1x6M9-vv-G\wT# _hW5x(~j1>#m;[K&w@GUF4!4ɴPwB u- D'F|^QOuf}q5BU~8<1ri[h2RɈu9))K>3nea-3VݥzM ؇It72PF[t`+@bű(GyQ9;@n)1?3xs]`d"^+qCGB ˖OrA%_R1CN&=ecq{؊J>貦ޒ2Բ+L0ͧDz+ʵkkȲ-Q&I<[[@"l?g'ɞڋչgeǎV23IQq)uр6ZuPVK_w>+̐k vT=f"PGq<?) gog>8=bN/M#<zQzVVO njՠdv(M#cs2N<6c8WS䨰1j Fd PP_+ fG B$DgO&.A$Ovֶ&,%kP+Ѕa0j #1awvϮd[ :rAFx2s 0+C*[3D=sS{SYwO w"myVs_n`:I=;@ǿJq/:vm#- :NT~IfmR؇h kTԫr#q/FPI'U)n Y݀]_gKP=ĨJ?.Dalf:s#=xءExLs 20DϬSJ;_ rɭ=O+/G4oE'xa)qW, l%㞺 (:B(GtɃR1c%: I[.Z0k\ZoakтTI gUןsw iy)LUL2)Eх"4Y!qRE2?~wm'F/t~3bШmh9 " 23YE2hˑqļ=) g5EQGS?:#v:\cU@*1$C ]~*ެ W?k@$/6=05 ˰xd{V_2CگD9Tk XQ$R~p]9 @CIEMAd44$"槟VJk.)iG?f>54_ +hcR[>} l7hk;܋O4|SU~g;q%C.F=VNb?_ 7Քtӊ<3gle<*I t,SFVD%“NЃ W'OұȠSb=dE)M&ȄdhM@MeSHg}lYg(C03$B,ap7 Y^gM:)/U̾@iom+JCGCvh4Y#_ VݷBUeknkg`_KMsR2D\

ie]zJN#oC7x\ML&~H^v Ђd 8~RLM9UP!gf]1 AV{4b-|&Ϊzg'9X-Y:1jw_/M}!ݙר@cV`M;\ 1jgO^)13id8=YŢxq˲ףUTGjf/aEd Ya?=I2<43^'"_3o`'!lyZPGD1J#SIG>fs}L1 5<GCe:LǎD0]^t4~Ð!JR?+‘n.RBYCDD(v{.^_pda+[ 9gjh̵ֱ o: A|ƿn{a]$2 Z .EHYﯣgOUk 2ЄQ ?~l5m6/P[`RSr1XX|ϤʝTsCi : ]oEɲ[l5M`Lڧ@rn8͠r^M DrG0cX.0^q_ dP!i0DI10N="pGsBkodD'b/ߦ^;-Ў1>*l* ƥ >7'=9py|1zB{i|Qr6\jP<~6A_Mw>&%#{XiIh:MY GC e*@,:h0\1od̓}a.E˾h\5 J 2MZ )+ޗ:Sa--Sq$~{>v6(C#bWN*r"xsK2K.E ʠ d=!>g{}ro9E0ʬ_22֨OsbVDbtΰ2RIz,S g θїF5y2ًȶAP oO0e_x75VTlF|La"6,2Ѧ=yI$C׉P X*WkɁMӗ/Rϕ/UI{.ʕdEq]"ō670GbM1 WO>2 3ܳm-xc`L/"({eaJ?= qO.4zҙ= DsP3_x=k2, Gĥ"۬/&׷R6G/oÊ.E ylɔ !]FfQg\MR- P7.>'<bKM[qCfى`IKUv+O8p2]] 4U$&gR"n_iI@ Z#PMǢr6K~9i/ }m(_16tcd< 3e%1A)% &$~ڱ]ԡ^wfKaAo͊szHZ# Ճz_[{8 ʛ~+7D냱 VSfA;G-}}bwdlITKﵳ,Sņ󖕷p0{Cf8EJ-5[VxZ6)koFN$щe׽208y3w3k]~Tg$OU5CTm5Jcp?W-爦lЄ!#"*+dQt+ t͊{ pHZC]ؚ3}%ю$&]m9T3a|aE 9iJ~{<l'MKMbN 1ȑ˘ wENnIƢm-Qm/ZjfiSkv*nНҮ04O]ޤ$0:٪2M3`¡q^ms:&>+tM64ZLoG^7iowɖ~Ul-PkD=X6RIs92(ȈiyS!TVv+KTr)RK=gS˹jTv WDG e') uj'i Kh䣏@n9VLa3X ׯ>¹H kg - -/< yӴ0+ u O<9.YSs^6b5OFg-YLb0O-y.w֕,{T瀞$V>w/[nP+349;܍CO_  qoON޶YzCNoMxZT h0aB- F£$k@" -`>Fdh̛n_K*|xyL:_EFpbœ:K4gc5`r|Tzr{]~23;RrlSu5ګ@a+*f4(3 p\(/w10bqt`kșdU;MRM[K1{ZP%YmC(,_b=UtFb9~]2 ֫ϸĞ9kC\b=6y3?&5P~4\p8Dkq9PѶ9*)@ c> G@dE@1}6`@5MgaSl;F*V|#LRiU=dÇ$ 1eI'IjҾg^HBEu>7<ݹ[.c}&Cy" 4 D5׮xmp\o\U}?e>>(kŚVe㻝MD38` @yKľr0J{cwV2~4RBηp:[&,8Mce>4SmC8b4P+VnȦ~i !2YWjuor"aM0w#*1Qd &!ţ Mw< 8~wGng IM=܋+Tt1(N a0nҀo.R|(tR󳤒EJK츔)BUEj.rdl& Ir6(w-.eW֣ XN:ǚ)%_QީE*.z[=ӱ2+Qeio O\N|>~<;%w d};BL^`nR0h ZU譺mdOri D +\c}-0V^6DDt.2$lT?3YԲ̑`zf3jo7Q3ƯޮZb{H`䯒>,^zگynh-}%%iS6)“ WzqZ@Ypr ^KMD3ANG5+dvNc7 /Y&{%} FɥܲASujr,Ʊ;iZ]+7 tL OA˜A;!0U5^nF)ܥ39Xuqn14]n%i)sON\N@-α`q z׎ᆍ}:x1I4fwQX ,( č%5|wޥ"AYlPMYTvFt(WildgC@%|߰PU(Rs|pm7W(? DlwJHz6l H,@XdH^ CɺQ1ڣ$'T)0$AuZK-чLAI3/"mX>eE2G=7%p!2"ƥ}1g$ 1: =2Wg 򹇝 p߹㮲!Y.|MpKrig4`H2Mk+ݸ5S+j>Ӵzzgus*nM`'+@ںO{y#QXҽzgq |XCmgK&_UǬ m!a'o_l7!8D~T4$!E]vbk`|dbXF;*>@K#9r Ih{ & :! szUH(~y^yߔgW[`Sd'A*X#Dl80VjV2Dm l6@XlGk ?inỉ$,H6$ !1ɲf]%G8m2qSFIRJ$H_o继n!e> (~r" 8i|{ ;݀!7oF֢Z>':$Ýv]Vwo5}fl%؈$5 7C&KO_DᕂX GոU"SU}%Z4Bv%7@|reZPtMK,3͏ {P7z'CƇ9uZ~n5N&Oē9#в&yA:^' 5Oz̠&DŢaR4\Dp) dIDU7k8lpHW&4 07r̻H/@K1CNY 8^mͺ3BJد+$ H+MO[ DT.;ěPG&VnL.(U&0LhI+:fu$Ӱ(MF {*/vlAMwz~'INv/G`&vwE,PA@qa+[4:*%4*Q22L+ނa6zT'8:E6<@vRq`Ow4a$GP g0h7i&ƣ[T®_@H2.Q\I%:CBO^>ΕssfFo9f0^\TZ\By5@tmEK)6~+PԖ(b&}\VLfh|B5[Q 6nxYc'fT `礀`Km]/TZVlZ~E ʙ}=WA1t=jr:|yhO͹~WB;!히iěx\tV4OZ@sF,o<h@) cSvIo߫җ&:/D]Ŏ FQzEagYcQz.v26b]ľaGųf~JBS x?!(튤u3>VnŠ@^oKm:..(+H`A~܉k|脦 Ʃƪ];x):k6klE*iMn0a P/Vd*u_Ur|ukvC}(k}y'l{B^1.JF:.t\p" Jq:wy;";uVbYhVzx7yUK۶Teqqt>8%ȶK(>!QM_-3n!1kJp`QLTi2r_RY{6m&@}]Gs8я6V{fND|́Z':g,d|Q [ oDK_Ov@ ~*۩T̿$++Fje8>%i89_AtVQJWJ>ʜ&*(Nht~ž4 vvB}Q6Ph$|T*]W%񓔠$hYEW5gho C`Gtbdc>km%ۜɋɋy&~Q +T9b~ fNτP!G}/m$R<'y,V uP>YM#zLtq 'z R}n0`eқ됋l-k{oXO ZS1o+S!Y0#BK—\~BgHVy<kz V*:Gy=bp& F[0鶙k^I)N̓K|'Jbznhp~ ܵ< XjED_ qr{SKsF fcY Avy kBZ$ E@vmH_ Jxy }]h$2 sjht;m&UŅA%"% ^Fyy Ѱ^O1(>H}ɁC+bd5;]_55)ABFMyvCq 4E'b1 &~7Ž-x'8a=dKVy2<n9([4Rޯ" z!xS;xR}$,gP _Q;䣟Gi HIK3msu/윁%J&#G-s /HԖ Vn.E37z1ЉxSc-XfV<,Us3+%>3]R2Ir,}۞:N :2AC3EtE_3X`wpS=5c?}-<}jg:)"AsDKb)({Q_d -'R<5,(ɍCȳªx?' ,  `z D&6SՅہQ'Fk_ KU0۽A%_&?"kx$RbNX$'L#f %tk3>4/_ڭ֘#X+(CIVDjKIrV#eۭĜj@=F&82͆dzYbMV/X2!D=~v5ҙR0`>O.3⋃>犃|NGٺ2ã{SKϚ;oeU ʊ}{;ʧ=ӈ| uL8:sAU]UgkڗlV~]Q8AB`EራnM̬!^_< IҠ'C"H~RBl+0ASh産UoFˎB:5=iPdf:<598ic uoQ!yY"k+bRG.5޲p-#VQ%1X y)b'F.И@}K0K0>BT:2-eC i&-@y\%f%c[r1`4d_^N`4@5!FwJ.8D~ $Ö,1|EA!لW$o@iM tk?~$?v[:pe`T.n;-ɥr~ _SWzRÌu232MԵ^ێO[ELiB,pYt bɛGGlFjK~+U @!Ȇ!K4BI >:m_"Sys4bQ@ŀ˷zМRk=QmWEɶvr[<|~o&2ҨI׵8NO<:~8<>M8b~+%D5| 7 vėҔ:}½ET_|F/77<# pY#כ]/" 6GLH\֗$}bs5$OJƿwژz'Ř{ ۲1Tq ݌RjSvݴ=e^ "T9%vZ73W@H勶f}XTǼVPFiUFm[t#5EPX"yU9Zg%Y"UlwWiPAJ%kw$&a`8o70,qT_|-ü`o48!3;NEJl^jfwp AԼ%i &)VARZv>2D֑[[l8t1;|)myv) Jd0$!irUq:tcRt`$߫$aKc-CAI˶q$Mc@->wSS-pxX$s1RbuK}u z"JAP}AV6N_A[3ǚ($)5 ḁM=G &x CQvd9^G$D`٠OM ˞tL#p_fё v:SQ{R˨p;w C)MIP0yQ4 +7e #8/OV (cCvw׎0g'9f$*_4ǠEQo/]x.u:#Z  :br|Q|1r)cF.q#"Z#@BeiҰKk[w {V€?U*eEU({vfX1-*0NHźza!@<>oW*96#7 X٣KD}ʼnzEq\I6ƬoBC'=Ω!}$E"χpY&hEl4uN2ٶH ]Ps+[LZ^]¦#}=#C旑 #lQ0: 9QlaaDH'X u|xQ+&J*U29ZRפ˼ku֩#fh/xi}P֣׽PQk6w3MGY ?P} LS7OExsKl8_h6E#S=#5eȬ9M=z BNAGZB{ GkM] Xt$.HҥuDlMĮJH;DA״V(`}5cQ K< S|6sw๼bǷh}`1(=r`pBg8KdCWr xBU,iOQ hP}RkGGO6 =0Q# MsF.{Uwm=W8"@x@)~]U@H%ǩ~.?E:r;B|SM?~;E|+u"SG1+^)vZt>|LdhG,s,Ϭcnh܃vu~ݟZK0I8u %^S ԑLoNj_gE}xhL] Fc3;b4W@] = BRfOt*Ȅrmyͺ1@ZuDņ[C@3$o]E"!`|uB!ܿpiL IcPbDmGUU'x|&:ʷ?CƢgO M "@y w p/i9}4y6.dK/-BB %ap`Ѯ:}mfw̪,yKz7#g4So6᪬^I LbA++nf!>r"-Y+]7ADD`T/j>šV$]Sqzya&iesT0eʨt1# sCjUqme߼^ʫmIp``!Ͽsk>=&9dH NIf4Rh'YK YCBPѷֈxpԅ;sw=D9<~ppcpo97&ok']CtiN]B*F۱Er꧆QZ2fwx9dTnVgscSWĀf@tZnEĔi2ΖqU҄ΚTb/Xl,E5.YwܹR#j\0͓! <' HyXb9\*fMNT6Wt":ms<&uj$=9dwm?)zw/V` |}`[m,.!ju-8Bu3M,a= O v]ae.Q|r ˆA([*c:kSa3'?LbhIkL=]nb#QGY+oY@x=9GLU<_0ӱ9No4iueB8JJV /+>?آ'{vu#k'YR?A!OB6K> gy1ft倃$+l!_n-GA",WH?75xsT+STP oF+34DCJ'5uQ*b0]s"Fc0dX_oDMuE8 Z v/-c_1ՙW72hHV⠎/4቟+!>)dB0y cn-0fw_LyDz "g-DL_Q,Oj_65IVrwALSpIFJ W@C4 (Yg깛fuV䪄iu4=%o֕EЀSy&x#֮!N\d,KT{H@C 89?ݾQCiJG )9t|J_QD K,_,,ɯF'DKP i քv1is򢥽iHzBU0ȯu A2BT:{D1\ҔTJZ1+!Q a,?s{/4FtaE#g[ZÄ*GMr]Azk!&]p"c ocY_6/_ŵ`zvRί%tz!};y=cˡ1jԐp53+ y靈UԘ0OIre_ 2++HzV-#Jh#64$0!y= :)xTiJ]5[FyIsr\<=j␿*\f7TL)3ZzSg4 ov#F f oЩ&H"Z]923 0I6<uƱBxi?ǵdJtGfIYP"n҈(=2 )“@Of`%hub=D-P;J^U>Q|}9Bv̝yyQ>X\89Y"hKC tG!vyi4G+{r+ gkxw*KJEguȠR.'&O4nwPJ0SV:J} gt n)( K&/⿍v fA9kܒVpS(Q7ao$ǼQNVXF||zF">)쏂A0G.Q;ȇյ^eۄ0X 5Җ?P;ІXkg=dd,M"52zТlo"1 {&Yd&pvHY(00@~:AU.I€8d1 o<ybyA]Wj(tz \`#$jèMl co:#^w?͞F%mw6_Jb7=e@%+#Ck'f{f˯DLpz?ms^v+ pMױӮg]D;$N:j"DeeN\HFbnfo0UbbLJ`-ݒKE<[ŜY1(͛F({U hiߒ j!ȘlӤ&L 4Pw'#I=>xLr뷆+.ZdLύ9-H%Уd/$pP:172D-g*{ezjg%G[lb֥~wl]ͯX=T;mMrsߤ"'$:'>mpN$F\z*nLq0bUR".\. ėrwk5%Z{̺;m T:}V㣞m@ 2D6в{(g&f? ^nT$0u+ʜ 1zcFiG2M)SyJ췳4q08 N.1YW*a5Š1ã6mƛ%1y07I&xL>sݑͣo-+钗uh <NĠ-12s1qKA&#~$E)WݾrXEN 2Ӭ[ YDptjk& T2wrF* {zz&pxA%a,6@?0*kczCo69H9y 4E&m7F@RQVj|2}2>c_>4H}KIAiŅU;5^'eZa<) *%WoZnŒ Sψ*:E7|EKk h$d/޲_׺~{{on5Mۃ+@ )Шvc7.tz]hek)M#_$cb3Kܓ]BTfZ#Yw 9n bNE"A쵓z̿ }ȁ70}-'8Gf 2G/|͔WҒzx" Zr01qd3DkMa<}p%ohtB0#+O md9w.c{,"hRFo[E4Z=`LZcq= +\0}*țB 2,HM3U=v4!~ꏆR^"xFUwmh2"q(YQݿ: 6cӊrZbس$e)B*cHM?|]Z(]E T j; (:)R? ;+=J&kIReW)|tؤIֹ9] 1ɠoB+9gPv=/<`)vHzfcTQ730ABdOFNGpL L߅R5q"z޼zIz@L8Fugh3 Gq+.d@uO㸙mM ;LR!կu_sJ)Wv`}p!2͕nH톲ަQ0 p p˯4#!;Bwz clF>Ǔ€9a(=z!EYod/ p9dPNNLR8دfaZ`@ zBP]:K6/h pߧPBqJ+Z)/W4݉93 njI a7Lf6mvR:VaEњոa1Ӿxl|ef(KT Jk{s/P|K5o[+ܐD+קU%A" aZy>~˾fkԢx ~E^1̫2|1.b1u^z47?}$#}nlda_->[m@ȯ+_O<[ad(2],,qQ0WUхgVÕ| ^COKgOHHlȶo3珌 Bv'P0-ED1 -I|+`JbU*9bY&.4~@顮3vyJ2Z&}$׿`֎Oq1鐙gr=`!Ha-~|zfqo,a "eӜe0 Z )[m ~SۡNv46`0D\j=Bl;BWZJL$rcǹ^dRuQ+Ę aI^J󥸅,a?4ZiY Ev PNP\XbdUv,-A^(oMk//İy_%{_|5R䠺0zp/%Z GeB%;d%ԺtkRÂk2'kH#iWeGhX]Jj\ [kWDJݦ;g\o 5/WH=S˻(<-?YX>u{\^(=S{0a/Gص\(G`nY` j-bQQ?/5q2V z~ wOVi3TFj $](B>VdGhDv`E6h,h_m QO>>՟{%vQ穥ߓ#u'?]AH^!g"-/?}W=cXM ̬؉'6N b%Q`_pr&AKK|_>$z4]7MCOO T!P(}k (nOu6•|C R).~ķ"n w[ʁO jDi׾PrC_-;D007y t-9;*"+g[}Oa62bfv]% 7&fPʠ/:\x.2Ҽ >U C##MZs`t<C6 m?]de]}@GjIE$_(-чfṁ3WPNlKCD/^ʘY⊍o /aOe: |/ah/7U^FDX6Իs贝̾ SRDr4.[l^ŀsP3'*Aq;_S?x4^cȇUeuQ)s:rsXSV]W's7tАxkgτd]]>(3rL[xF,ls؂F,k;"!JoN䕋PQ&jR2:D<`̥sUІ!{IWO3hLbuf~3bFv]pA'bgLœa洊ձHٷQ1J<n9̩@Fc@zN/GD21HHL]47hSb]>4ȹ`te}cVraZd(uᤧ ,q\I6.^Z_ =_..GB2PIJJ0_L.7}w I)lprvC3|[~_}őo|_6:)lVCӨa\~$Պ=@b^ָ#,"0UL"YJ^41`pR˂Xe\!3u/ؽ'I&D;Y2-tqdӲ~^ײV4׽U3DPk͞I$93Bvg+EC[4˄Y4HL58 hV=Nȼ_I,N՘#i0 Y38LӼdexjMM0JֈSEFI,sU VrGdKQˑHq*[M /\%8z#lu}yRuV?N^Ȅ_rErw1Vj;!Գ'Z#`l8O8Br?R\Of&rNJٸo`bkv(@wTROgMY%ҺA#p} x7*PF}:k'&|GO}Nߺ,;ChVh6\naQ^"% +Q$%F7Gx\*@BNR$p˅kEPWC^;6Pt5gWv?åSG[WZfne+`7tYM*5ND&TN3Q>Ұ֫QE] 1{ k{ s gtkGs&w߷ҳSW#~ >*/ŷUG1O#`YmxGV"Nԃ9s^$ŦR-Q8eLG^^E22Kr&|ZC  ?Ȳƒ;xF E(؀7\;-`ENz҈>^6v8 =/hLIPL!__K]5N*52x7ƕ$I_Tx S(k}?zyvvܾ[n]h$g!?d9Sq?n Mi4|o٨yQ)KāBӬdjQw~R֏pQpŽ8yeI&5}9!)ǹu4֣2j4m͒> "Xұd!lPk9hц]GhA%Bt+$߅ѷY#bKuT L!ؐc,Uʞ)khC"/}|-FJP+!vDj/:(A\w% !1=_*]Sg ^->חPS8KM#T& g\(R^7`9q'>ޛl쁈CtqIč7ޤ.<- mIXh7lx#iBז I3фzUd-[P)"-)]Ս(㵳m"Z$Zx n{ّgv)(`)@z*0D 0)p opgCѬVxmP!#&h{ <7$:lX7$g}aGmYS3.W|A`dk'7Q ؍^6.gw Pu黡zXmH]#3бs x/V9F=yH 跊Ti [\f7D0  o Y3/CEcE0 2QD9况ųDhRKn )<+]Z37~gUir?(TmӎJ7ːuFкH4g9mA;9y1. ȍwj[{@5G 1 οA%WMQ9ɎˀEdKp7(?+vȔiqMB6 z@1@].iEO2.wDtMvPCdtFrS!h(y;kuw=)LrMŏ[TT7uƻν4_ 3qCNܖL G l)-\|#ql9>r͓.[Kq gusUj8hUM`j^dA[p& #Z < */ yӡ5[88?#>W0]n503:nجzfWVgX\9U\edG*Yಱ!fQ{OТ ͍ٿ˨2L듧Z ӸNuާ̸ [VD8cN8Uǒqihdm@I8HA"}sg'L~3 9o]) ^Ģ>W*[{1ZX-\"ȝH2Jv#X{`wK0 (v<\ p4/t) 1P,eNMqEM1Md2鬫*EGlH1O PxDSA@I S#!GHs妯lV׻L˫Qys 41cZWlFtOGvMUC`?0/Wdd1M7bs`Gdha!lzHH8vﺋHJvAgbI8r?}o{!J}4N|#.#هn>h2=s(l=P5 ;rMw6~%hG!qsUƦ(ޱRKD7ms96uU0H F`Q XhqdRQahH謈:;ְOI 1 AA–[$%F+ Nw4aךuU<4m &f*(zI-G( ͨt(& 6CdGͭRxx'N$Xpq8ծg)m7/~ob&zka}źr%`K(HAuF>dCsD09tTȔ J,d\Iݴ,E(߅`Ҳ#AQcJbPӾ~t+0ROuݗ;N-q8OJ"ۂ sHgt'(_DL00dÝ9-ԞM,|jFQn퉐OX-cW删TxT}*r7y-@)W{ A>!=PtfdBU)A w> 6*]8= 2c9@vc ={Q${U(`.p9 Q7 v8*1[sZSQߝP_Vv/mRtN5o*v;Lr [K#hY1LDwO42 aR6J>Z+Uz˚vz93 $7fXCp6di eX #gHX8ye=e˱jE|`X* ;X FBX2>s.S>쾋`jzx`rи"}HO o9ڨvAO@ݒyn0j!@‚vtAezmDTwUM5i^1ƙh2^2em"Jcmmzr?$ %_E }iҐ+ھЪSL rH(t GZo=)bhߩ|p#|q{Pr1m.!OhS`8ڦTB%&}SaZ !4, \Rz/+UqP9?(0i۸s>RLCߏ4rhB`rILbq /!}#dTvZmߴ(lm!a]CWQq!7ӴFqew8^-֘84I(ēЉt_ip#N#}(r֪PмX۬P.aY@s#%ɽ ć䞃KSŚ~SgQh=y+_\Z:.N1IffA4]JoYW=-c=z~[R%3EYSp_K?&R8|O m{p5شCw5VN_ɼj0r@QHI#Y$V*? lz{ Ԓ  a3\<.#k`D)NV'u\BԼ@nsXMJpK]ӑЩy(-sMB"r0<04V8ϜGF'r:baU7ԋrJI[4?@,fd/aA'D:Lv݋ ֝JygSwh<Մ&?>dJ#΀ɔ )f3O{.)ĉYL`|l 3MOd:܇^6R84ma~=A(^pxL8mU*؞X/E`[zuzvMT&~+bPӮeYAlx:vӇa;+ǂ+ Ɂ'aYcfhT@bȇ-޴!H< v8$ 7 BoRE?ґod ?uk!_S]ñBHUDo#kqU2%OX@VT9,1] _(6℡ya}$[/NJ_eWD'pQ=}6=3 ^#N-րмۯ|ج i- 9L96R\)hr7_l0PEc@y>#ϳDnUm(dg$L+Z1kxX @.[Ta[uģ\}?M瀁X'y?*P<C ̝rQ^8Ցvj{5]Ew۞c!{YpױCzw"~g_Ezc?X-;<$q;QTjIєJge?mL0Lfmm/_,Z6!ѹrZc]rWZV=> XrK (+M > e{hHHSlBmS%b/#Lyy!b aiEz$܆Ng88v;3Y+yML)#hSUW\8Gf_bIo$U,)dBb3:AvfdD /-+BnXS"Qj&*ǀ|v.5ok8U!U3NS4AJ`#U vJd|"v ]ƚ#/:Q ֈ޽=%z@ިkN^CW= `L 2[tO%;v@fK}8jSu~xPG3`d3{#rV.߭J n&SSuvDvm>#CǺruV,$Mp.BvBbȾ9%K2^_4pʒ>#7ܞ,5-o3U.zp/0.+ɤʉCv-l.R 6 zbzG186Jܝﳅ zUB1 ez焃E)fd0Z 3`K,uYAfK[ftޖE1Q; z!d?p8p~@L$nE84?Ir-גnnIOFDdB3x$)ŶrW(Dgs>0Sv{еQ/ЎĶ`̋Exvӆz3Lm* nW"c /R}IUߟebUpXW!Sb#y>*GoUUSV[(˳D얝dZ]ke[/TPuv'Iľ1=)G*c0FY0Y)S8ޘ7(l& Nd%u&.ǣjk;am銍gNv [x=Z#-2VN.B9ے׊pYDX@A6Dm`tQ;0lLՅ={_[\+[Ié~C?X1ޙ;ѧxc]f~t2 yM@\hRH ڼ( hKxle$5#Bp^xAcUZK3}!?&X {"t^&\l3"ۄBf [ԓu<[֤K!NiSQ{8#rX=!Ql<$Iֵߏ:O<8 -Xڝ#b9||`e9y2|E]:QW>X#ʨ0MZvZe_ݭ_M=77mtb7¨1"mẁx~k5?[z6mٛ&`g p/UBa4FU|UT _p_y¿q37vR{ES]nC-;˨ ü/j@7uM$JpyD#XK($1 }+ˡ9`H޼%f*8ɥYwIQ ^+7 6Q7Pv*\0,.4[[{ڞe5;R]c#iƜv:'\-C\y~NpDzjSVFG{sɺqc1q1qr}N+$ݒheZ#j_ޢp-|mD @P܏mߤW"tLQ`,%|Lg&\67P~gCuLvM}uBTJa[CM[>} x^&>np+&SՏs0{X,ZQ)g`GSd@w[I.]R0gJ|4{\K|B]̮ږ\QݏW_#]$T/~1Z^7F^ߤ뉒 6_gKPMD5m9GnNxX3PJ$HbJJz2[ƄB]Lܢ /Ԫ㋊`UAֹMj ^CCi4eEvb]'4f|uS^jHr1l~DRڞk>\яWIՁUvl ;LCWWJ ` s7LYk #V0??:'\K $]5P7ڛT?cd]\8O_3 7H.gfl}q6K@iS#~dqF81'(TS. Z X'v[` vBm`/C\*s\jl%oSY~mfRGhL!NnБ<a+@K!j1pb 3E5RصZ )'n&6p5N3p( oh2.,H&0aڎvv^^INJ&^eA.eY) C5fw:`dCu9e×5w0.^g> fh1O7иRaNG8}u!өm$Aպ?'1 bn 3Tpʭ-X/QZ6N]bhIP~h,Ά{Α$ p SC\,bI/. gJsi`"rRڌ1 N;ȇ2~ÌDY@2jڎ S񲣛N"K =DrLb8@4[dV룵ӮWI5 q9`A6@!l\1Cq2EżXR81tU!2O6Վb RPծDn2)o$BsQI;4'YϷo# ۆ٤H*J(A-B@$3[qi`/f\ÏQzA@ׯ=`XZz&\q 10 P?DV eijOV-8QʪDV=#+υ9IsSr|-IL+X8 (W q#]<ɗRnܹ@&%GG4[dkVu:ׁh$^vo'g5vQ( 9a{wo!r%# oz(4s: 0ς4Kh3HX"S} O0 ?ꭕ+F<"sT#M4 TA]Xn0*?WCǴllN=|'PsM븎K?J!?2Go|jZ:Gw]FAH{ _J".xġ3b'‹LPr>/ ]<7^=Pw8x2gzѩս"SoJcxB u~Xr=qz̪aEkKx\mACx "Kg؆e:33A=r&>tBo_2W&Z(pG=cy|)8BjO$`pRWr9S94k~x`lI )f"FhPHU>A+8 4M֣r(0,&ƒEK7  x1gYͰM22w~fv\13N GtL ~=MO]i&`dˢ6 p/Kx2󧦐lJ(-b|0U*< Uau7f  r^}LS"ml>QUOsUEDlizjs6<ᜀ8Eg1d1JLq`y;1'XߩfZ"TTI!5&J3[评  81O:wӕ=-| 'Ҭ=yZ>Z^D[HUH\* d3A`1ѪJ޳;}dž؜n.Yu͸Ut`7אS]>2j-D w,M7W3B;Q bϰ1V:Z,8 qJ7}l@"I}IBUY#fV^TWTպ'馥haww4t9Gc Q`\G,B<*PDAHQʽmh/J ^_vlRO/>A fݬ_X;YͮɮaޕzhRs1? [?3^cnbt~n Hg̞)_?%@BW(֮uah4"QQp=Y% >FP8"_$5KO!\w=؄y~;{XmqL'|N9N݀1[P;{wLjmaEw:rY Oϯ#dyE&4Ҥ%d#cѡ/]}>S(Cԛ;"QeD94x}--(<,VșWxnR4>Pp`6}Q:J%FUv6<%M ^톴#b,ɏtW{1q b9X044, ~l=20Ch33?ٱf}::Nk7"$C 2Y4 &%2!ybХP eX]Xfi ^C'z> OVs6$l"nD v^r9\[(f9{ _l֏4ڜ!І3"S:&B-.%vawOhP'keDɮ'БVMQ+z[ _q9?d{ jKHJ =Ž v$wU'w|P޾ <#jBB6Lxt#"?9BM( emhdta%I(7;Cf[ϰ^ԒR58_/zi(DY0VߺߕtmpI QNt_$yOе·iCZ0UJnF/1G(Y~ddj$^D`_/eIyq_͞^[3kv7><פlC! [uT/X_ '1<"< I@ʄO50j4C"X]ؖb> îdB GU”'tgedj ь9–ַ^F&eBCD.!rKiI"t'Y.gL{"_^jv*HfHH. Υ\?Dj>;I27zުIp,N8ޭe+~tv?,U÷qTeo>۵mad8VfFtoFTGd0l(34([[iDN@C)٢5rw~_5=9C4^5+C헿X˨%_uX4LV8C嵹a5e V rc 4M*Vacɸ*wY&1\$#'rrW?XV12LWpzŗT>4/ 2ćM @HnTi JĮC0octڐ`gx7ml)t7GmJӵQ@j,0j8}ҝ2ʌ$^O{:; MIO·rS:is(Rڑ=mpA3BadPBs{E{{?YT4(T=r._8!-[!iE,TKn,y'Q5V6pQt1EogY8؉-Cnb'Z+M8 r㞸}jn|)0k")A"oD-TlHT`UxS6 %R Q_(tH >5GE+*&գW-*?GD?N=zG*/ۧ05$M ?vYI&&?i&2R!M `뾎lGzJUpQ_˦jWsXf6ښVZ+!L.=uP Ott}1^ۭQ)ۇ>6 (iL YA}{=H_"R˵#2Ipȍ*oJ[z|+5ލ!Rt!{_f@C =&{v:˲cӊ#;X"LG {1X,mW jjw`/jzu$#c(3㿸s!ϟ,BP^N1)t#xbtΖD %J41K= Ns"t&A?`<0LY,]ظ$;FX{1K6 &$T 2(D6"ҩX)..CU$& o\h]9(P` l ~O/> >i^R9?gy qx(>[lǯ$q}yi E$SZZM7\E o93$O5M80XBP?ye3e&yb3ty/t*x̆yLɁXl.ԇ:M IkjZE~LwtJ':m580x߹3&Td[ R-[hs$XF͏X*Yw=W{ Tˉٚݖԓ0r-폈NEvk )BxaD_`Rrbq8mq&2ϙ)Z;[ov!P7֠ 1t{lmf 1OZu1o9 3Pih0Qmw\*,5YVicGKnA$.J2qt}YH|6arTKLk»y蓒|SL q{152œyU,> GK< a /J!ЍdԅC ЌE(J3']NŏV_2澊w0*0j+yWjCjrX7Z/ljXС*fO4pt-Og/l wg2'y5fAy\ǽ.1cs#9}{%e qTkO^`u}O3`dBNRWV_tk@o>%$Z;fyL8"k qLY`%g>{ʠ@4أ~X"R7:3jP@{0)Qjz&ߛ!T ϼ5ӗR:;cKȞ9lR}q.$QaƶGt}v^^ha_*ޅop h N'8~$?7_daW+"g GP9GtV@+kGþc6Tw >)fzr/?VZWcK5 .cZWeU/™Dog-uy!lYnΉxdN³^]:c5)ii)~5zYy#o%4A3<2iM (ey"F. #\)[i9 \lA*Q=< +MCI,%p<-8 7 XPE! `C=nΊ )O`*2t0~>oρ8O]Fn9[d_ʳDDվVqAPz,vs|`2ha*NރWA_ wiPc> ._IE /\dE{vޓR)V. ݦtfَ@ӌGV5`,ު\X QXg0KWo\52kE{*SWbKK8 -oeIU-~ViNfvh|AvڲeJ vQxCg%Xi7SAD[UWit?_4; &~9QϔuEK|3uG|IGkw2]ݡƇ7>ݪI$ Mr 4jyEUX_nt&9iOP|;\^a(U#㓔 bq>߼l|=$Qlm7H0J4s VF#EE*TZ`" bǒtw6+H0`'>P'/bA5Xh$ϙڟ[Uˆ["u($8bX3ϕ 2“YS3'1=;FmMR%Nb&k>3oNݕ*eL t zA~Ig 8K}y|dӡ?k% 1`duc_uĎ) /ɢ?)|Йt( y@&N&_ V|=zќsQqQX?I"߳Yt׮"k=7е/Y֧vK|8i-v?g9#ڪ B͜.ē\F}_(eI N7 ll"[D.u-3uPG>T{{+cZ5=ȁV௿ZJ.'"$y.6QR/1I1T%m ₰UؓPWrx-,8nWG.Y\ŀr#D$8R]̜kׅHje%VX}C 0nTP,b,P޷؃2f6h̯Hrj5.hM#xE3p<7 hdjԪ iJKqºGЦg D|{@cs  t؅ ˯ZUZ-rЁ}Fz8ىr_Դ- oh.Gm[9fhJHkzPFu #›: ՜ _Q!Z0Z7DS\14&o@ &5;.#x@1+VW J:3bϮKx;s]K1J'~qZ9p 3?׍yP6Ҩ.nt$xoB[SX]!եZ$)\gf`oUDt7}k%> >eq(7{@!.<.=*A4F-m6YzmVM㧿I2_ >?ؤ]a\(8u U=NVW=Z&&:dW'5۬Sg0#;umDz C+B595@+'Ν"M$C4)q8f'ha_2BrG33p$=crvVJ/y\HZgfTndykDkS]I`O>%oʮ,Bwh=&j`%/ݙ\KƂ!林7Jok|_"~*SM^<{箎gޔF]Dt.rd,^]3[vcJ hL?j* UdhY"lſ}\dtXbW*~mı[3N3j0e4l;F4~[?mY&=tʯ%/shr;蔶yvoySxzْI.K)|.Nn$o~3Zt׈udxifn)zf^à-A]紎ŏ{X`&SG*J+sыQ 9P*Ah gR7K+"/fe~'V)gj 4^frŗ†:f 0e]U2ڐyܢ80g}mRYI,]iDS瞍K%Bx*e`@qqcdZn.l{ۥUڡkl2t҃ ?F?AdS!%i6cyzm?DPI9nW]֗+qe v0 J0()qjFrRΙX,!^rV2|y~,e H~-<Em缟KG={G2-9O9%-vx6*ƳMzHmz'~\wv Ƒ&χB,d5{>,g݆d)I@>j|w+\C($!xVӶF$y><&ESJJ3%O+Xulrl{hv$k$T!zDrbѪѳzU2wCbzmS'U痉F RF ޞ-us1Ja!^\SA 2},)J<" AY+U'ͧj@ERE[:RSAΈ]zbg(GI BU3T@b%X$Z,660Rx$L=F8 PKovJ^\]tsnm82N Ėg)-@ш7dG[Q\ ڨ=Xt`Q a{9ʣzD9kWTt 4Eo`Z9d 3|FIWHPu'ȑ:ٶUHTa+|3r#DgMmJ69 ,:XYܜN\%ӎ;$ ob1"-SU/"Mw6c>COڴ7K1sG N2\8?gLv% "#|h>B`Mq`D|@ϟn$ƿ7V䳟Xؔ(]XɈC}T#s$KzQpWѾзCGi踪`)cK]ͬCvs&|Jd"[b0zy_*'Hݜ7\0 4(m~y*@DUe AMG#dN TUdZ=8k6Z&eE^湇 RS}nxoQԂߝ!;J6ۖ;@ <`%gwYp֋rw7nu>C!Z#O=6<;',Y1`O=Itom& R?.h 7lr_HZAS*2¿RoN@x}xJPrQ[U `q40OۅusFŠ57#ړX zlH/L,Z+^oصuTì#+ƵAdV{Kmj(GQL4Hk?PY໻vK~F7) ><")X EH+?[3VsE$!-C9{ȜxFߐp:xvL uxK5GhM%zX*]{>0vP"=r,yJZ{Sfe']%/Ѱ ؀ԄCTwzIW ٩:̵B k1ߗjV%Н_Q)cӹa@.gv?lC@J٭8`^!d¼$D0[?:@ 0yѼ=Z-Eݹ<(Ɨ|: 7tDqFvom*)A<bW7a Jէƕ(_uDw]tϤRsjq7$E5ᄯ_]{m7eHe<)VM%]pX 7.Ӓ$4yڗa԰u^0驽Ks&m>뱮t0BYNfQwKH bKhsV4,Cӳ(DluETL3ڶPzo ͩh4虴^i6D_\>&x"C d `K:=8T cw͠ߓ71T՚B P^0$c.uos! K.a'/R;jz *FBTdYu#PU Ό'90fxLODU&z+AE4t-IQiNF"/7Ci<,zor;l3"s BhAXkd'ȂW| JWܪAD gz߻;3l7&oCH<ҥP8ѷ!_ؔ yYv[ZX\bdR"DwʜP0_h 9`:τgiSqq z6yd+vF9ZQA~GE $z Lоf+q6s6E*&$â;!ڊ\z1.1)kuT|5?iIoA_n#S<ΔTP=@QRskYBcHcgVAFZ3Fɇ.0,XĆn^*y qLG-A^ХzkRU&@7Щ :n RrGw,t"2} &'1J ͷ}\$+2 #B @Ji:6!O|qa+/0Épaw>)`1~ʀdV~Z}n/M1qE[%#>I0ɴ;3TuVP*p)H he=8dk~7|,i kTYy 1~h;`/ Ky',guDUXv.'}h2%p8:'و@e6V'FS_Z;˙eҪˮ b)V̭ JZZT՝X цOѲ(VT : ^@RGS@;6Ce3ypnO5 7UQyNsB^iO^b#]fʱY^Lb? Hଇ}w *F~&opO♵EtyH9Sېu9f1Ӿ,Ectcro峹gG @էѮDۘnӿ$k|I=jf9=xBs~F"5P i֦x`heW(_}{'~Qk%d⣬Fyar[PvY3 Po P%Dx>0?RuF3@{SVi{xR܇}r _VyO σq6aNp+f^*k. h_^_ѸVɉ8PoO.t,OY{{ETE\5GhT:8?tϗSH=:%̏;C]C./h@L4!gb.J5&[AXC= j|R8M?܉P{ f~& /D=P]T}mFO aꯏ|J@1VƕuCrڋgq4;eA.N@7I(57Qw6uhiZ̧gMٻ9/8+ gN&tǥFh|*zAE;f˧. zhU{Ԑq(X*l @Ody0[\ k{$-*a>ޗ&;aRR!cv<Tj_/PfI%IiWº٩}B-p̑)LՆelp)a_аt~q=U!CA=sAN:rPb8!d`z*%0'n!w<Ћ8yQsf9:#]< !$kY63Z BƂc׊ DЍ?[,Ez:3qٵ;*G5 ߓwdZv4 *(A;"i3@Jku'oGR_Ca4FunI7wPչHg^[5X,PR6K3Z.κg^)Vޣn)˄Xjm! 6\8hw JM=Uvwӹ+3~}QDd"n$RѾg3?NcpGfOӇ~kO?r8f$3w/3zߞ?C4tz`o@}'[_* a9TCn>a$/SG(|Y+ɤHj,9^eb4.Şx+^7QL>3O Guԉ,i\՝DP>Bs̻ߕ)RDMgZ;6KN7l "Az9> ` F4e>#Ć;vViJ/op@sMlLCùq {5RlP~W* aMi!щ]վfvw7Ty{[=&#%L>HJwugAJ^!g9@'6ZXd^] 5FU)(UY޴kNÜ6y7L[ %? 7G aCFh,WrjPN@f>T*ucㇳDzM~@y P SL|x ^.ށY}uھ\3؊zi[w H^ 5S[ [ Jګ6[jq-sToUO)ub^ d sTHT\Lz& -XOPl(%WxUG/3M C1P|lHJ[b ^,f*{'UTQ3UJҐ.fKQ>ܔQVmcj˫[)HC í(p0cG_of=,~u)tƱ@/I/ 0():D^ 0q.P3F\LcE,o4zƃ^&qwfgoKd >\QC^[J0P_X27(Q!E(iB.Vuv_q6r!lIiq9G@(.\CDYHt0O02XlD;nJL"69^m( ?d\u(֓X193_ٷH!b`m|ps u[e0.ۀ=!KKlVSؽF*)3Cagp4t_:e# w55\$2CuX7R;).=SyZUY$]v$6u2@3Y;v{ pϬO3ex)\QaBP\-,T:㋧R|n|1`3!9aD.i|!}MXCY,+rzpQ\WG+FjBWVRjP9vNl[cL-F;W}Qn֜C.'X'¦1u,Uv qGnX -m݂mM/:3ϼ0qLޅBt!fX5O;xKȼce? ( D6@EŎۍDA܄t2.Lg aO-Ġ FhPeI"2TSb",nD"cfG1bjY=q\9\EϞN΂d?c9j.V}/ hGDdkt9A,X%QG <;ceXR}4yyyVkId3 ̕=5(4 OE _F-1p{ME?>]]}Il_V+P|gsɱzٞîK|X, :%zAϩ0Odp Q)]4_?i杤8;@:2XPj $r^56GpsQjr'C 5U3dzXEࠟ{w^1FBtwy?3fK͆?PZ[/Kє:`}jBE% yoܘ-zM|a[[lh_rP QZҠv[`0n|C {U G0V|Ґ6!|gzW0~mXOi>`30qv0y]_pWjr+J7$A: NsY 4YMPX׹W߾х%bKB7~5c:J! UD؛Lƥ?V;:w8b>.goq H]+4L%<𼹨hH@7S*/D3KMh_OtWAq-2:-:T2U_72K! wd효cz%`>xI6ُkVuᾳqK[>iY1'VulO&wޙ!VQt_HΉ ;(VD!/ky,Qs&Iv]ȩ+L B35盠6XLSŎbLK]#g4B-k}E+{zqgh&谞b_]Sϭ~(ebÞ"1^(;\|>M894p2 kDKh&rm>PfH&gf2 ae˞b%2nLPK-feIU0g}ϘO> [xWAB?n!kOk{brl(n0N$R-0|WWE00Oʴ嘍 ONc5B#ـdFG~2 7bf&ߘon j)V޻܈3Ax' @rq \ȍDŽT?Lu+lޖ1Nu;ܵl c9П͊-O׉ 3N*26%i_b܌AEamn&>ia l<c=Ga`4UyҨAĒ{/55"8;?TatfHY6znHbzXh5`/ :Ŗ'>汯uVmP mWO&gT'Wjxhh]z=-E>'^Ջjvh^EeU%vlGVIo2#,1=n 8)#e#xә6tI[d>^~wLX-6IPC[rx%rX1Fׄ89pں} =N0 Iis\?= 4[#iͭ4RI&_YeaYu4:<0I[ Pn[U:C/6ЅzRb-4͡VỜ^hTc;=T[#hJ\"HdS2F h{qa$bih7]V, f3gƠb ٢'8MaTKIdZl.'v0 g\zpDA7gy(=WMmlK0S)[LbIDjR]1U4ΧfFVoУ4#aKta-57^Ǧ*+&)d1Ve= G,(ڰk1.,|fLA6ȉ8<Ί?kvT`r|璩DFQlE׌'y/ 6@HvmV!~gֺEZ a p'Q,S5E՘jcTbd,rawlGxo{j}3ȭ#uJ =XSQ5SG5,Z1Dh;\/NbH{#)-$@5{KTTS9r״$=ۘp%nMwĨ4&3|V:7#<s A6djfAF9~K @{7ꑇиRnSmbS<8a XfLHlP ꭞUCL) ma4^\_{9N0S`;g-zZiKѰֳұcQ!S*CI@V~ԑ"1;Ԣmچ )N1&z?`/qUoƐٰ8aٯSh=`JT/&Wz1pKq5 g.2ќzm+UD[<`7"S:L8HĞW#"NwSOAIz3XlM $RZz{IM;y0pJMqA]Xos,UI~}8Y*DIn].oc"z1D}zea5-eHyM~4lGv;v%#Ot[ZHH<-4?"Z_I-Ipf.W4*J^:/(7Ƹeqr&ැ@sѶ-v!ATΥԘSpic A: ~,ZX`Ɨ HXי6Dtsjt349a9Bc y!<[.)B:/Yj~\ߤcz4WB" @3dԯ䷀~V^1f~2V1,g0q24y:gh۸ܱˋf=*ީÏaWȭ 刓+0on@aXQXx2nWSm_L/{ (&-M*"@Iݪ$ <&-P ` `|}Ս}mH'_OG>ڸGFF؝_%t s&Cs8WW佽H:-^/ ,s3B9Po"_f_-tƹaC7mnV+۳(gaho2gh31djprj_7pT <3xr*IJ~?|lF!Ϧ,f^5JPZ FLynG`'@)Ov [e@sD75 /~dw!cWwp4pwr^Z $Abt꤫Ăݐ=OaJ3tbETT yy+fEk*Z%r"\:tDBxD3UD]SYsf#GTU=ͶYXLe8?s]wgl+' UH7=NF8Yk(彨Ҥczu.S@Gqa(x73h.K _L,{aGts5#T^r,>G4ZNs]PӞ)''j}e3tdq$&ME 'anD`Fw \jHDU GYcMC@` Y-P!@oƠg^'NB)aC$L1ň:ӭxNS:r¨򼟛csV{.͜|1e :?VPqH'25~[ZG&Ho*^52Hl#R+'DpQ{L2 GY8;Ϯ7tJXO{hx1.Xnjg?'S_ņu /i ]wV]? potf55aoH 6G'}\aͶ+`mo7q,aPV>$ uڏ\<7>6{b\߮Z`(M`8w#\Ƹ'qJ$z:Df=Ѡ0@ ꙂỎZ]g?_c%lZFItWEril~3̶}cot{*wݘ>"*/UP W[ꑪ/Jd5;ȼ>5~uX^aaH_ml<u6zγiz=r;:]>v@{kCikY Njtզq|@.E22\^ T&\8Vݜ&rƛj(.^!,Qy MSf,jo!$̭}ƀMp!~B76o92pݲcG hmZ/ #_j%gݻ|ƀlDiys@F#Ⱥ$Qc-V0YUmžt6 IIoe 759, lz0;D9qj}9LoC89VnC50~5W&`Q< m}|:F8(mֵ=02V;gt/=M| KGb0!O , 6-aB~u)1݂Mi oxO˩@:-@i:eszH㵆dЋx;A`QCE)l~+HkDx:RpO~(P_Xc}ݵ%8ꊥj|L~ *;YW#N9Ⱥ"{SW?0g~3SR 5qT(dgH@*>|W ӏ:{Ju>9%=oi#{:d1P )X(:C=6C#\J,qas NKdA6i A<E\w,|aJ˦9K-o) /x:]BϚ PX-b{z\4=&atxB>LHGI"r߀eˉ*rY*)FQ*VIK3{)sT 3/7քp۝ߋTv)m-ұWIxXeýOȤCޡtVHO8"&Ej0`JqS#,L῁2\koOp!/oV˿FtՃَ myЄ±m%d1=[JLr/N4|aV/X^ـ a!eO J2ţKQoeu]'O'U i+^$ސ9H*HC }=wá 370niݹQDƟm:,0Sh.Ɛ<[l VQqXNJkj"Nbn +EZ@CaLR(ztt_sq ,} '^sK_dp=;k$BitaT$YxNX*;uwyE -Dd[jQI9ByVZWFHv/gf?꩹gCJ0,փn,oP"LcNU &P=T0AJnғ"\26%:*dGQ$#MN:Ә^|v-Yω5BK |or;#99,2ݕA{:{IѼF#L}a˵9DʥN)-3x;A21CAڤ66}4/kS/X,x0djd\Jjgf0ʉB\uOpڔo\zꍉNjNFƶbp!A̓-K</ 3vG?>9(^iᮓk[k~* ;h)M!6rrKog-Ws3'q8BɿwbsvHD:X@G&At~Nr2RY4V@HBFёw+(4΀4jŬ<,.̶gSzO*\VKߪ{3%n\Hv6Or@VR,\}OfS#EZ'6&FIs8{{׉ knqsK޷(ڡ~~ WC9:OiY|7 Cb-4c%*"pX\ej֡0sol_[uD@0iBHxEnV $FQUh9xW;ph@vսrcd1E؝%XI- {:17r4F3az2V]gC0La#2HD'$^͏Arr[(dm,wr꿭w쎄wysO;}\'-XoIO;̠`а) g; O`|4.~yÑyf`v)MoWFX#O#v!sAJ4/piP]+oװ3њZt6Gt[#6ۺWyWSsB<>Gq )yCY?p7I zS%n " rǵ =YyK.2`g#ƋTѳxXO-/Ev&q8Ɨ=QSH&\i-tO枴eFZ&HJ,;M7()FOG_xAe@X?9n NݔCU0..r)-9{SS2lCΥ]V0 UMQ@Hׯh8)=YMV e>Odל (Gm> sS T's-RFdBk ~)U'4+KOQ0Pq3"B_Ye?Hx\Du9p) .]t@ K.^ >'/T;@*N_!ˣrh\yrLSg#ruVIU(dЃE-Pe@#IobFHc"7[$߉|*3aX']OYJzG֧}G-Q*s,LxlmSK-KUAՆٌC~ʟQ7}?u_aZkxC얕U3KUVjl@ dHU(WT@-C1Fy,BD=ڞY /&!2;&B0.E"Ja_UNbnr&˗nb,J0 Sލɣ@Vh~\V5_POD7\gG1yq(JҢ0?y`[5 !%~/Z.z6>({$ Mr&HᘒnA}{I6S찬{ZD~[#-z"(;@|;27n0.>#a&=f&_E3Ôo;,y2o=^0YG,B`}Z{6*Vz:K '{RQphc \,=z9yWL*K@aǨƝ PLT]p"fs/{ps vTgy! q$8AAȜNtbt`e-B>MbgMKrm)6Ƶ"ʐŘCgdޮcF T׃HpfB{c*8/ER\z1qTƈH!cXԅycD[z,WԢ. Pa 8<╁cwc+|[%',Cɋ);hFyjKSqϩ(dBjG%)т3c=owRO?Jo1頮6yk&wI7Usw[10>T:{軾Ug\vTXM#ϊJ<2dY?LD>>PC*Fo=7k4f x{3KHvG<;/׮AQj(cgJU"{j,, xA[h:7wzmC}~˔7bV9 8vz;ѴBlx'1ݣ+[f+})$ud S0iI~h(]n TT86jaS..m1Η W?d`a74]WQ̓פ!07e)> zwcP-[ C0P+ztamG*J@bc暞:}z5Nr+p`Ÿ;9J|$ 9@ qN3LεDP]g|V3Q@?28N3Kt9]h/:w•gAͽr]vD*k!(9ʻG}VezEMٵ]htmg]ހ:/WP៤͵JD6kOlE g8 RmQv9#OϬ;7"hRNgY\KDr@GoZ+ PMsuܩQN_i%];H j! jogU:n=V\"1ZXr.~0b+&#A8ӵPSt*MAbqAʶȈ~GZ|p[w0 &lwh'A[>x W`/_ #;ƕHrjWd*xA8%IHD^P$3cCVg2_ݛgJu +ȧl]{y%笂I$=. cR##AGru"Я\Xܚ -AxZEr//ag$2Fпw.k21|Im?$[n`M՞?R6lufqeq\,* T8򪭦ٯ6eZ[Xx4M}vLfo/qVEjRrsJE!e4'5Iy(%JXy;P ֪bQsF44<X`;@+B-OKGv7Rv}q3f-,iC A̧15I+9W1Lܱ8=7ZNm1 h&4>LP;cқqqᗢLhQgS@A