sssd-ldap-2.5.1-2.el8 >  A `{U]B;bJ1|GҕZW`.f܎|+izwa24400507e2973e08d5d3dfd32c5415b811ff0464e172e899aa44277b26330c646ea8a62f6d953344cc704320069592f3d0a29f4&`{U]=k¿7ÇXm-w _;[#Xv 4j¨=]򩬺uߋe:Z >"}Bx9Ⱦ-)ˤRULk&M0$[q4j9+,"Sdbq~21=s#Qe b+&+A]t8ƙsɍaw&nkȽG5]S7O3d)̲1`/Lכri>OL5SJ̏N4#UilxV韍V˕Ӆ ߉',ǚy6%ԏF-QT'HRih$MCdi l6zBc^ц@ u:w{SZ4փf}*dD]\y38O4WatMX!F|+Є.iJY^HޗO(\-E+Wo.U-/Z71|/-/#8C AIvĥ})Zip yYlȗ؋TNWDc] jk% Sޣ-Ղ(8>p?h?hd   6  <BL     : // ^/   ( 8 9X:`Ga$Ha\IaXaYa\a]b^c bcde eefelete0uehvewg4xglyg(hDhHhNhCsssd-ldap2.5.12.el8The LDAP back end of the SSSDProvides the LDAP back end that the SSSD can utilize to fetch identity data from and authenticate against an LDAP server.` paarch64-02.mbox.centos.orgCentOSCentOSGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxaarch64)KE\=5A VkAAA큤` Z` Z` Z` 2` Z`@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code) esessvsvukuk2.5.1-2.el82.5.1-2.el8 .build-id0cdc7bfd1d6c81708e15c2c9546f0cd2f825f220libsss_ldap.sosssd-ldapCOPYINGsssd-ldap-attributes.5.gzsssd-ldap.5.gzsssd-ldap-attributes.5.gzsssd-ldap.5.gzsssd-ldap-attributes.5.gzsssd-ldap.5.gzsssd-ldap-attributes.5.gzsssd-ldap.5.gz/usr/lib//usr/lib/.build-id//usr/lib/.build-id/0c//usr/lib64/sssd//usr/share/licenses//usr/share/licenses/sssd-ldap//usr/share/man/es/man5//usr/share/man/man5//usr/share/man/sv/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnudirectoryELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=0cdc7bfd1d6c81708e15c2c9546f0cd2f825f220, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)(PR$R'RRR RRRRRR RR RR!RRRRRR%R RR RRRRRRRR&R#R RR"RRR+utf-8af24fc406b0ee9bd8278db75b8358096fada2e3c9b766d95b8221bb7d9b7378c?7zXZ !#,9] b2u jӫ`(y,yϑ;ӯny>m̻EӇ ] ad(4Dq6agZ|hECd)sBL\BM o>PjS%k<QJ_v@g<)nE=IKph/iw,OM!Չk=853% yX,pX?2S^9 L3tqڑ?$e==i*_>rɰM֏0%MYg*Mu|u}m9y4Z..zCܱ#y*#7&4S5IJ+]NA7jU#;Tx͔ ry''WcAګx4:LӾZ _|{s9aWY4;_*_Vo֗I9~Ь~q`rԭ\~mt ,ɸue:ȄnB pl% זiB|4piY(yN(Ŕ6^SV!crisGHg$  4č6 Pu &9GbX=bЂMj yDXÒ [#=]춓v>1>>n5\CKt;]jgcO'~?j?e߫96ӹegZp'vvXtXV rSeJfE\lLV6 LWzJKƱJr_ˤ`da!%!rz.CI($t&<>~cb [MBʎq"WtP 4 H*<{ 皤̶ydkG?6xM8PP溷@BrH!QuK{Ox2HJ+M®6)H8J.]uÿ f&98{&G ^7Ec#SckPmA+ZM.ŭa,1u _"zZC4|)q'́o|W {R'"iu\K}^5-ĔFdN+U@,N7)$|mR|; _,y6i/RGpZAcֆapɼ6<κEEyAc ~Yc{óO9Oμ_ڤ3B ݯmE, n1RcCz@zߒ [tv f!-OfJ6m~#46nj-qüq4X;\8)[ 1Hf@.a,BV]leP bxs=qdH~tI4 av0 ;o_zUH( 6,"sy{B.5J!OT[>A̯P-VbGǚS^44)EGm=枻4q` ## 7‍G8ƨ¡i/t`oC C(oVQҭ}K%~_ey?ݐ&w?Zs؅.<\A1 C}j"1jaZas/Ϛ6Q؝j{fxqLSi^ibbw_Noi)eiv7 ItadcV 8V|e8]-"f[Jr2m>|~k ^l| fXd'gcI4yae/J%GD'u\2WZ[dޕyzZ|C4́S97Y|zJ/ c<퍵CB_s`k?0 tdYJ>;ڑ7wΪv\ՊZ:JqEBBpKr>cIMUѓG{d[ÇS@H퍬WLB^GBW;&qVR=oz&3JJI4fÕsO\yE?8vRa?~{ .o? iJpqԔM@JCN=mHs_Xt1{(`KumH_R9/u}'Ƈ =kVviМ8dʩ$w?485`7ӲGֶ^,!e0ĹDif&i%m!ͼ:5R }N##e!Y4 V9b S;FJoʳ 8FD͑EGyd¢(%^@]*J fdH; r  GǬ3&."7/$g_w>4G([Q'~M4Sy@.ধ0oyWAΚoPa2m.h$4 %Op˧ƴ1dA褚KƺgԆ`TF`L' b^<&;{4GLq)#u0i^ ЋW2޴ݚ8nnPZ0(F H}]R(JdvP8%u|<+OD1ޔlcd+#aQm9[ U1x~oZtCg4?~`)D^I:ָV|cMOyOIw#ܡ֤xn=ŦZ,^:!& 9?V:t5bn]Bgh9Gqm#=yD̨BwjONn2[7woNo֯qE y] r8{_XʁC{"Q3p}R'2I}6zy:NT)A{t<3oEa9Iۀ;ဌLSݥ.:/i*4#z~_l}͡am+;&h?7ϗDlmu& GFnkhmTqiGҒΜwLG3"Xko ZC-~ wۍ|p{Y3UP\)k2zՌѮ-1&ܩK{3+ٖ̳ {mlFwXVӎ?sj[4g*ᇷyS#8V§7ˎ9q_35r,^%BmC/1 ||W(Oy@Ku/:*FR vW d h zPJQ<3 s]% ƦZad1d)هbi4^%LŤgݎf`о`sc?J&D[8yVZ0KeB4 בm|Pnilƹr8H0IhDOdHu|Ahluk633j42Ax( ycJCAB,")%2OsIYi83|091KH&cy@D16Ipc0{;NY EUmCG]E:O+A*J%J"9QπjSiW@8i'(gfM[$gJ0/ Q?\d(b䔩kacn6L}#ǵ51|&{6dNw-[AfO,pa2t E/هQFPNcHA!䍲΁X$[c1\,uZTМHx:`i:t!&d ٮNjDQɻf蚛.MV`;7GPmva˱_BO'>Ȧ_}Ol !JO\klU7E$ch6l6c&jjM 5W xv iJ<.03bs=dt^ =lJ[yFsLˮ>,oXj]?inwǹX̒ N^kMYnh%ϰ\J<%07 f~e/[f ܸ(؛usCsҏZoGmY=}VSK.sc \0HM^,&(Kf(Er츫 ;zX%ݡ]EOwC~z8}#n(&ʹ.y Z܎^X`P0'Bp #\3%_$2d~֔ojY )o|+)1](g$YESb 73Sv z@ۗ%6( T |@Kʀ dg0:D_B6Z7lsCCTY~BF<-0:zWHh1_\3 f# -1(8R6rFp4m,A23ruKaz~#?E^9'N$-"jөq;y֨VoIËB,? l卄.\Yq^i^]h,L svLRD ӯ @xsRa|_wW<|@-o4]>)Nr.r*0;zfd2?R|E\sx[FkKWK\p0t([ dlKL.r~?™O&6礔 |Kfٟv}U1f_Gg-#G1'_.)l!zѵdZغZL AIb ]3j~fo[!t2GwݤumsE@MwbJDZ2,t`;dZwT|7Td`+#^,lT#jovV.<3J 疙yBl%&] ɻʈlSq Xu:av$B)A.88 #7aF tZ8ʖ }6YR9P0S1Yr|nas J.ou-T l>j4pݽ"Ջߐ?6m[11w' Crj&Q+j:{m?1xqcz!m |k' (UEF^Ot dA hIB9|TI+@S]RA: [|2%ri82} +ݖLzz˛,KxOBnv&6 :#an/FWPZ6vy{N*^ 9sedNxc0 70¡$G {<3B wOW{n"KP*Psumrʙ:> M DsrMʏ\#Vđֹf7ȼE PcɃ&v sp-2>xn}%nJ+z WY/>76c@91oTTlOL2.6$F@WMʄ!5=Cn\~B Uynۑ+1Zi\5e $/VNI9K]T"٬/RmAr3՘ňڨה}q\I2ͷGg O9kQREJkue>c%,g5ATAkCDw`g(R=&fS9Ǒz5T1ũr5i2JH$!ׇy!lwT4@諔ndXaE\#E=醑)G$c;U'@&5@42FJJ}UlFj*g Q'' 6\\ =me {k{w'h+GG`N]C6 p暰#v 31:&˘awtPqpnj 6 wuv;!d(t"Y%)Vdds!M7|jT=VdpT${Ǟ7Q8i-Xdw樨>\[YlӅb~u rܝ{'M3w A!k.A?SJM&_*;YC{C+7RD(Ѣ-^ody )Y (uj*hYH؜n7k5hvyZp}s^bjaйu{ӵ3k-',CUGHwkpd8!p/Aѫ t8So4#GxV-Vc`o-B2d)) '~[ J;5iNPQ eQL VDZv"O`k+y}KhHQ/tyXL~0FJ|IjPB[vE/6Ҁjp~%E8sF(X5&)Mh8–dӀymD/t'S&áCi4?c$F_=IÚu;'@ڇ g͟0_wX(Pkr^JĬB].h`r }Dћ't;nc %1ђ,E䃮nNMp ζ#q.$K\YZp9O&]7;"z1,Vt5a4o27 @甪u A/{f۝w@L]/y(Ev"%Uc-EN7U1]n]@KI(+b?\'|ĝ9KPxI9ӡr}J}H=+(u| 2 7U%γhw E( Vب3}9<){sVwbNQ kuO#,An2C^"RXRr.n |AѦSn<ƁeChe܄"L*|v!>gI5 u$A˼(Od0צ5ηq 9J քt l|bȄ;7=[Tg 8]03WiaDbLu"hsr  \,n@t&6VރM;hm%D { |h>Naf4_,iɷ!p|hRDueZCsvLoY{B kAʱu]0Y$*>ve&5΢ gN1Ҽ:v5oPT2mtepwpG9rz H'LhNm#ڸwuz1=&J1rpgn1!F;Xܝѵ зh;,8UȢXkQ NT͸S}HxJ;Ge^abk\<yr'IW͝=Pŕ7PoW:IօwʤFOx&+zLgg'UjMŤZ␛re8|[%Cq cK8[(:eQ~v0 :͝6m| mÕ*;]JtW셒ζST ,ٍ+x6܂c߱MfўysP5[įC&-w\qW 2ӣB=;~r 6?b{*D52>M>4!"Sa GUҬf$0:02 Zn~ bˀ Dzn41q4YY"&,EtSq`loKZ/*ǭ(5u!n>*Y2~2itܭ 3땓:d.Yrgñ8F|jfVH)w ZZ}$EDp1VHZr(k;+SKWbF.KՖAOӘ h~ P mfp7;ik#z{س6m./U sԉz.ý~'$FFV^\.o2;3#"Js@`$߰xϳY!yVbsUT+`JwL"SPL藱Cʜ, pqO~gb,:'%n/Gj6b[Mss~B7fQg?F?Ьʄ5q5#D>,W ch9(Hb g$;93,2瞘 qN3_`u B& 6,WV2z ,n.sZJRJoL :͌HI$> p`=k=A$_8Mf#M.MS3j4t<^F%n V3x)kW)B`ڛnyب7A+NzM | 9`C|htXi @ E_-A{U^ r/z>aʘw* ]SA[9yg~[Pp1<0kaurqJr2k#\%{0 D/[9>=9B8%h Ԁ WC $^ ''t8'd)p9KC:aɿ(yIL2I\^ Fv8j6:/]ʥ,qRvwcd/U  |Ǔz6#W(72#>!ƢG_XnJ8s| 3PNyƏ+]L_vqe\b |sIN\+d e>[x.xƘ]$Zc;=hQ`#msC)QIyDS# kJh)^e(wo@֕Èb ڀ}:#b0 \fpq;\ QYa}o+xYqldj۸T՝BBg~;( jCEq&x1=9+R9q,V˧C{ox6@z3t2{ȑ)뉍A(wTa\0ΨWdHp푥]ѷ!SvXdg:@|Yc^!ȏ`A<66}}{6MV/t!O8jDzfUxt#&xeK+i/j)͔GQO)A"X5 [wQA|' gURݯ; 9XCX=:?l_d^O7oN)ܮjhLj?47'߹Hr~V3+:dE=Q|.ػ U\bsa$qTBY .{.9EO7O!5@ٷqYkŠceW{Bc>â$TjQoHNT 8^A{-OpSB,Xs߿zJ|Tqd#v!a`oj*HY-ؼܝG뿝ZoBTy:äMxX}g1fC>mҊ Z_*N 1rErzd mmpJ œCEݢ8qLP X֒3.NK I\ƕ{tBNl*{IWQ7MRhE8\Ī{BýrV7Pzl 2x +_@a`Mm֮g0ʴFg2/+D30ghea_׎fot33nUt=_$K5uȢh7k˪olgE}᲏$n=Xr%N;x⮻>i]bH"ƴ_}N}JYZƥ).ou0lFev*hХk? [C&D>(kƎ| c}Nį^D۪`c/J~!!(8JTޠz`TYkvra!H1;~#j-p<&MUn" "^Qe:8q& O9T;<6y+rP H&tGƽ"7A֐a:xC{@\VΊ!K|tj/E_>LZ"RE15+3`$A<]'d8 JM#. (讨oJ0fC[˥ŵ_l @25`;l5vgUl7=~ÐcGf:1{] )y;Y`I߅M̑Zi&Gݾ0FH.JBfcCN>YZqQUvbk ctLHҚ:(O SS1(^z"ʵQHJ 24 >k>ujD3r闈yyfN Yl ffrM(&90@:|{U?_!7^;acqM(E(׼5ΑwǗY^ \#:1rVhݶPԿ +j<_wxJO sIM‹nD qz1]/֏<m28>գ^8Oז~-l!j3dגXQKBf,u_z|yVh p]<8\$]PAGbMвɁ5S} F"$HՀ<z^u<}?sqOp,aaLxx揦,&{Q `|#Mp%nMJljV3}JͮSB쫪h}җr\O&ze8a31ygb8X@aRdxzg0sȭنx\eNEI80+`="ynghP748 mzhޯˆHOAb?Z;>g"՚wT0SVu)?x}] N_/ *Aγ/)̗D+79!uUI:5P4t@Gi#RJw̼+"Mv 2säU2=Y𬭩h%ؠIZ+e wF2}^c*C(o4oR&,XЋ8\&Hv<7hq볥yE+5G"P^5Q]fNEתo6! ,`N zet,Fw/-F)s4hǡx1"S{ uMVE(BXݫqj86wꦯ e_R*YV*`٧szRl_2VjK>YC2Ǝ< V )&61\Y*Vv;h^ 6z…~<b*_R'U!גo, Jfa/b#ĩtΣ̝ti 2?~2]tݲ*߯TJZo.NrZP`9U 3Уv.HY{Ĵ>C5'ԨK|Ρ62Sւ;YQ 餳dۉU,DvAw O-E^..WH0`P*;mov`h$?W։ w6i̖\K,}x0}JZ`bk+7di!;U+$bBF)%n%/2i@|[~lqAU*'VLXV&Q+c$#:|p!XLu]g77ڬ^,sm;[#Ri 6 0y%rxgjlUc֛ T{ {'`;̾VWTG'zȠL_* Ew`\BV*U ҷoPr.Onm6|=ҩFnHgRբT\n!eԲ\Z1e8)ٞQZ[8Z륹r6o;.Dx"bpGW&v=EPtȡ cb=qʑRkx|#ѻm }$VNto{L7\sFOŲܓ$ r|e*ibrgǗTSWz49/*0u!$i|-mhs^C"Џ.RpL.Jఘ݌PfdE. ՟оH)Dr rtD[- _JN< 7v9h= miRuтcTƊ! Z6Ϙy2Lm++f;#u{)vX Z .9bvGw< ^.lz.#M3_ԉwN5)9ՐMa VEG7bvwO  G:ց PG\k 6%c \*xfCMlksO 2ƨbF?̈H=.CsH1v2h\Mc2XoeP @i??'\ N_i?I/{XEu\`ŪMYQűny؂fpmѠ1q]i`>Im-|STc_;Y]XUǖ%똷~4E?Uja1 r‚ZfP{hBMٽ4wU ,Ho5vP2"@׌C,TL>ty(.+-5ߘd) r˽gcx^0ږɌ:("DxqnB o|wϥ2{/2 ~'l P^r\pP&4x $%c#rX0r/ lSG+3(ϱdI;Isf :1& (<՞Ûo4c抁&$`J]!| "ٸH=ȈsvE6ޝBPﳐ]7l!O6}m~c$y$A[es ~3!>C`Y{]|eO+S%:rGѴt"7@] Z=iHWߨDn>|?3te7pa9T9 @[^vʻUs_A NA $p`y@ R8io/ߘ5gV`e Գ(7H[G /If-Kȣ'U) 0m"g3?_5lN{G-/#k,(7&Wی]-5x "sIP[(fyB-LxQ)"R ֟+ Nu4Jl$}9ˁ+渑19NqyK3"S=ģG!Ŵ͙l⸲TL%^ͧ>XĎ/F'cl <i&Y֔Ʊ-dBnVZLضk@>:yV.GKFr(ͻFmWIvû%0\-SDc.bhuk!EDЬ.LoR~Izk>l)$Db92^i 5XII53Aځ$ iIݏp2݀f3x(7WM%/K{UXPV w a:?V']өk'<%˞0W {Ve)C9QQֵh'3qàzuJúGIμ_;"_.DyQ9YiO0ǏmSgK45HmTeߍ9w]@z͜YkYz˱c®`%Н3kR?yEiXL[L᛼kp66ЩYOjʰĝ56Q@_Qb~yqezܟ:K DTrͩiEsO`t`1wjC"ʛHHiE%k14$Ӽf)ԠsV+z_t.+  L U"ްյ$[%:lE\J~H6h]ExxRT+]q,=é,V#iH"mn*Zh`1V[Bkb$GN 9I#DHΰF0ڂJ% @-,Dg8Nv4'xUT:g^b0;Ide<{hQe}ϹmC3eN0OѾFNI.Y|<]!F0t$}o[ LO(T h!g{1\txL#[ "G"UuZ05}SJYF&Ymekw3X@͹!˲??GUHxI~x}l }zF![zųJмvM k`2.xu<Bu. WHAW~$$+(a56o>#Db|vQ8uduq`::l &e:E ԛ]ߪyh~,,#IhZT(|OdvQ kuU|l=y녘F0!7&tp~..NjQZ]V>a -|zd ^vw'(]:s=/%Cb=%⻚\95 ʜԜkC<+8{D *W?vy26RXiаݴMR2P+WPn4ɐ? G~aO}'zuꄗ q-H4}"N=;( H6Ȁ%OO'm2,/`o#aOW|vQ)X~3;_`"Eo6'ElE+AĔ_xb_"3B9hu" pٌP[!t׶e>ijKxF_P+_z1d_OZd:H&6BY0' R  KxKbn1M'-G6xJeT8 I"6rw4#W_"bFI:uUQ~N׶&s^!؎]9UˀX3m)a)"fz0?֙YHE)d1a^E 7©AeQ}p2@ru^/[SO.*ڰ74-#+`Ͳ 8L['Rā^e~ Aa0oCUT~KrLp!/S;٢;it,"{]:ﲇL]rf4D.MI\J¿;ЦYO32*Zs2V}7$ԧ[uϟ%Fb9s~K\g:[bVe&C{R"iDvA`I!c"RzW.UJr0J]0Bi[9.9tB`3gIE`f?_: u0K1 ρSjG$Տ.3ȹqxB[ J77AGcXq.5h]5&qª>Cis 9*`fSV3"K &1;;ʎ]%AAgi菦:u?K,M^xīK_4 ͫ?$xm!q>̹4+FM_הF~~E,=tţsC[A,K=Wۤn/Id`?֮ v'I@簲IcRV A}ҖQIx,HA+><1-f\IiRR `憗d!Xc2tc'˞`:&~[}8ՠ\iO rf9!~جjfyd V{,C\YCb)?BOUu#aк8|#h t$4 njG>6o2r<2:'rC6VUS4[ cN0lZ;%_҃iVe*sFvt;<%ED%_?#*T2O+QdPDO8<[db:G$ W"YKPae XA60mdl&9r P,ypTcqz~3'xa9L4{5N՚ 9mf P'YΛ GwqP=ZҟM;ʔR7yGu+q/:x^]\$`@#> ݢ!QDNQ("5@{ے7 \.YZ զ :G*j܈>i Csc~*"0Y=] kYއ[G^) ]j,n]Óf?GI-Q鷺5dZ*>H#bMF{pOoFPD(M1BSab'cE6z n" v*Wd uh=w( w ^hhd_k"ȳ+c>|F9 z TcAܕsK6 D6pۚ#x.Ů^,ǘnIڟ)J=ژ\?$#e_NcpQUqqQ SqnO[L4䶍ok2HEAVB| =*}#NZ6x]>)qOC>Qlbț ϹCp\nNRL|ڹ*NjCAuN4#L%BF_Ȳ4| @>Ln};u8>EtF9 ^'53ӾUPh?&H HNA^ ΋Wk 4Ѽ}6|%\瘺jE*k)Un*9^m׹0A: jޞM֖=F-%Fok 5ZO9EveuC@V{mwJ_x)"#*h$ITdMAw0e\`o^M?d9]Q\#w+uQc/6)iA: n\BQt$91/me> gr$SgN0ԕɟc)TU!ūnY `4zKI®c uƀCחP{ *qpg&J"=MbrnnV7 _>w q {Gػ^;eM; . }v3R1*8\Ct;A_wv"$XץA2um|& S}:R#]wG n[) TaTԈ'Ss <)/m&ϧWu"E&&#N^T4Ps&Arl}6!qYi:Gj+bZ(fuAiT]4_rS+dw *>(]p7сE6e%~U1:V7-m}/U8s-9BHz\ZMM]'t˻O3h.3 gp ,R9U rbIk`jy IAҐ[ضz Z?ʢ`s2OaO~X+#'eȌ#&xq6(BFD 7&kvpzer)R? zpF@) q$`haZJDM鲛șۏѐ;C/F(J~u|iE͑ozZR.;SwOs C2Dy݀*>V8BIQ$4qPH$k%=Ӛ+S$(.X pkEE)&75M=,>P۴eC/{M{?KX_ X%8L# (GBb0DžBsh] >~]qX!לTs*Xp0k젧7A .tU GYӲ9Rs&5*-Q$du=]#^[zwE`C:? E_i[旾b} I ?9NN9~Vw(d $ ?{"}VkNѝP^p&hjJ>NC\{W\w5qy8N^*L|{9 kcwJ{r*-> .˂+YrWL{u:AB(#nӍTI(I@/߃$ 2uF}D!A !8[FL7tm #li+fJR0X!˃f,F`CnAo.gF[#:]tn^ǡ$H1;w K| =z:ƌG 9*,-Eލa`T9哉ǚ&oZx/v#^9:*A_/K!$ I[7Hwyp0 E]۵%.m 93v,r¨Q SI 1x _.az jK%vE dރ!bee^d.IYхfLMLf1 2IԜj0x e1q^._k:Mogʕ"y33#3e4K r,1)M΍ K G8~5$K"5c5|@EX`'3P)L^Npҧ; dy|TOoj8g^rĸ&ȓ*9kCk"Q\@w q_ ώV0h_㠌[Qz{ErH9l8Fp`Lւ<&fyp4(J/X&ly#H4S06F~>+ouP#3zHOPNtf'17ˈ6Hw'sqH.$UBBrJ0:KY^@5P '_ںc86'*T@/`$ c񖁽wwe!"`UP3 ea/m)Ģ?ٳ0j[`K7Hnuzm?َoљHq A'YҌjAhY9C\Z$:"7'i!TIDաLCzWCU{}M3òդ$K9V kl4'9 fwL`<=:aD_ ԛp瑝u&~eS0XWSI|GK cַ&Wc0<tcE1q {2:C.Ϭt_tM䤢&,ezj2 x{zD:!fV_Uءȴ o(+u^7LLb^2cV(OB~ PZmnwgBH!W%ʟ'B*}@mí+^'|_d@X4¸]k.tZ^KV=վhlˋq)9ߣ5ȷR6@&:VI)!f(p#ۏX8Ic[і_oI|Byo r 4&K ;5d=n:ZBnF9I bƍ'7YH}A,ôPe yXr7[@emgD,8JcR]Ձ @4{-Y;Tvhlbdv q؞WQ@?un+Aߛ$|)A~?8hy=>(3fV 8P\54~=2:ӟ{AnTd{B0m ̪ꎱn/+{ > gIȩw?R*32bəfiU ە2'6>A"=˅7s^1Kd'0(BL]2%ۖBico_sSYJgeiL_j|?_ Ң3!~+ =C98#p)34ґ+m{ށSÿө6lsV(Q}vnP,Dz݁;sv֍pSHKל:z&o;"c*5ŕeb_羂 .BS"}6Bǒ|U8ڽu'~QUxءb;5bS#6slÞݲ X䒚WZkS܆yԧaXjD.xccgOXk[R[5Jwy3J:G7:f PKpgQ7bqO@@[76H?9Ź]`琄4ʝ}4#bOXvM6x*rdQɃRӬss I3*@8Fcݱ;O- #>V+scw|Z&TP@ db_qa/E]d1܊5 vGՙ{b+1P8yz\BbskOna=mA[̬B6Z'k!W>k2W_h)&4Pv1*>ӗ^E\G!iCBE@|;ZS;B"F}ghYһ9R( sm:ZSgn#apApbwfAyۭ6%5  }8cfB.k[c !wMo)-i{9 5 ) :[p(w݃$ 2 '}t/ FE;PfE0*1f~Ii [RpT =ZA?vE>i>}scPkaa+פT8cu)e+DBp|nc?.iNf ?$+'̌ +@#UUAzd-M/ޟ}%eg9^6w["\fϮQw.-Bϋ6eKI(=y}1;DX0UEV x}ۗ$y?,-{~|Y%Tأ/{3&u[S&;.&!ڒp0i#&MX-~sF$i`K6ڎhL H"$lDƍc0Pm*T|F]ST>xZ?|BQg?{I%`-gWlRy:{zߔKgV)G $pm,ma>KV,co5LI rGEONiX-׋pJ@17A(U\#WXִЭƪe*,Av}߭Ci[umAFw8D <-BN9?7w:q+EC`_HKn]}HԛFihq2"w}; ?<+[- .#(z\)i@KJBtUp$-]殪a+<)Р6hצIWDSCbS_+ϫ %'5hJ1cO??³/9 f=v%֕G*2y6oF%ejbͪKX:#P'iqDOy3 [[y[vgfz`/~6ejоDU +MؓQ7%Lj'.6!/vSL='uEpn@#Dɺ;{31-kMeFoD(Go1u~ޑ/'F_]b8qN w ͚WBWP%eIuBlPMOYi34v$$3ՎHDC*/$gOL!PI}Z8u=1/.ZZF&TP*UPT_mFO&,CƬ,࿜bu gg-p^,/O7^ˎ W5mbn%ɥM{rH40 nc ePmС4؝ͤgswAkj;B0VKG!aV5}uzUW it8z3YV||Y W$ GssW`r~q xFIn>;8 @0{HYӇ 2^)mVߨbN[^s:EPGVSevW!7dh #S5gEhUdSE+qv$ٙ>fQ4i$:/atqϤǮ.nڑޯDGĎ@=bұ`ƞ)8hF}vqB 3)lJJ7KU 4Dvmg&rFУse]G0R1]$etOm):Jx(hܞxXq}SZ6 G-y[3g{DNL:;ٛ *ū9Zmf_gOP ! IWy1{"⨽iw QscDN\GSTm K? C @ fQdwD0P*FHs3 1s@V7O7{n}Q]@f/IϦL]raR J'aWteʔ(H@WY/?jg#ƖVK? ~\0UJaVhyu+Jbo\=UPwTI k ȩoL5pȈkxy f+:Z WεCE_-Dz:6q۰ylV"0:w iH_#۬_ Y7~J+|m/ A f cKaJ1"G.Ƀ/@6dlv(q{q U,S-W^yiv,},w S f!Gdhu]M+ 3eeVd|{?[2h>uP;?[##zO A@tnqE{$֡&>/! ˹dْ2 0,,\z}X(]CZR[%=١\j@eӅ\. Ic_*W*GM_6uЬF|9dqU2g'CN-!PWQt/JQNK7#N=W] bb31 OG })*T!멂lx' OVyN5!|JOJhV Uq3R/\݉A X)K\MI,x*ZTwwˆV `3anRIl^P((*C +a˿G?()[*O7o`xM9= BJJM+P.Bc̴WI*V[ _o=gJ+ 5t<Fsf'c(/eg 6zEI0,%O"2]hF̈́%^Ÿiۡva4](ezɹRF/0$Qm /4l?,x/eMXD\?DX"*Hsn\<72J%fNWX*jOmR3>B"~ZXõ?\꟯_ro>IULPUT Zc 0kԏFywqPگfktzw+Y&i)M۞҅|8=4w_ ṭߒ5orRW(si(dߠ9bSL!pO2(;.ĜM-=[ t3g@rXoo3eZz9uI`vo 4,oO+%JӍ0oM[ط7+V60Qޤ 7(ߦYwLkCP1.Ǯvu,9dDcXB&x{=iC)N؎tPIByiʍކxl6ܲ?M^YPT!5#fnH8BYm X9w2<Ѐ?6c2=6`_tEЦY0sKHZ$*͚ag 5v7UyQ. ~UvC _eJQؙqYRùbnCq}#!F" YX=Zb쐄g`p##v . yʩ`E" >Tl|8R59u vq+͚Tks9yogĭZlfj rhʚ_rD"t"L Ìdl'nIɡ!*,wSՎq/e`>{1j"%yJ(!-˘V8^l<{FZXmLɅɝGR/Lٛ5RV.f5sp0y!-{Qdz}-%-hb?*ZMQ'ub"oҬ^,U 8F)L%|; Z@? gNl#-=BSE>PNAR?lQg(k7caEOc{GH4 -;T;nt(ҿAVne psjVヨ3\aHeK'h<=k|UYtdoq:_9qud51[:qU ${9 ubW7TҤPQ:-"w)iڨsIژFE,]&,PEyE)XA~omN2)8du_ײZh(۱ ]Q8cKڹ+-O5JexO ]SC2"x3(UL*u˼}lj(U3KV~g7h勹CMnKO_#1y_'f-'!uZ DžtqK>5Q9-=,#n‹[?:$6j\`#xP0:IU/VgHXcasf_1k/@ eFc2z\=|h{YDX{5;#khm9A',^ SRfSAK? 4+vRE ?*m k`tx猝 ?c1d$%Fvkf| ps8 l~6rNAǭ" Hxfc(.|#p|]qĘPdK`U"?-z5rD@MsH+ѡki.?- 95 ;d8W VM be8ƔPZQ}FPD r|sCbww4 ⬝?nw~H\CE9i~uȿTPlŜBe%V~&xA ~ulz_eX fF>ZvBQ"V>ai1 foj/g7¥T9q͓pqfU&*i7n;Ԣ$6bvF`Jx?}K MWl9Vb߀PW8lq խsaj[q)"}~U XEO%co^@?'O6\Sn'G=z8;Afup ;I'ժaG楸 cAU \y7HP&F$C! >+V r tLI~*?Q3E-&@j)5 r`dWm#ǖ:.h荽̐ \p. mgLd:ڻVReiaA&[8Ô,W*%^P_Tb, rmc&"úm/ƅzjKӗLY"7i"Es*s|KT3$H:,~#~5:O7S ߪUXVGIC&6Of uUg/KEik*}RlZ`1r-C 1vQVQNMP'&-f6ޕaʖ}vZIT5r&O> %Y ́2(џ[F<.2^lpnݐHHZGKmw;L۽K8D&N"ZhTL&Z޿7 <%OBEIHK3*@ ,Np㌻k9CLalc+wLqg& /҉Ғ@b"~!Q~_>+X*_;b+t")U't~AD1F2M{V+(-2[|@g@6ŤBp6E!7r@ԅn+`!XsS\č[ $u`W mIN~!q͜q5DR9V۪gQuJ% BrWJxYl ʓPLz@SU1_IZG\FOio?F((Fd/V.i2V1*ߐtٴg\G-?`Agmm׻Qɥ:U /gt25I=1 8EkWAܟ9s7WV䷁lCƤAcO!T`'Z$ cq$NJ 󴞦aRܰwKDMZ_EQS9{+$Y-hU6CcW[#|Yk׫| {=L3But5h41{7Q"<CīE<܋@l,J[*4 K'?b0GS }W=b&s  0?ܮB> 2?0&TXʺ4g>A`[!X󉶱]ܞXmb}7ˈq= H}8yF؁|}d] iG}6ͨSV*%Cs))-Wb5 bΒCR5\~t,E1~`XMbc Es1VBZ2K A3\q=Gv46SvN-0ذ*=)C]إ2FcMyrD9cY&XVf?y ԄE5.'x8*Wr&S.ߟհ'8CֹN~-0]>ɇK$ s ;+g_<{*n2+ϢӲ2CRڮ*:|Nv[D8Yjt_y]IdYs 嶮cT]bGH fC_=,)á4'zr?MIoBEd9ڙ2F) :]J$֒׵A`BeRIuXp uY/OK$KڈÁ#BY944:v6Ɇ2o2C_{\WObdF2 G(njͪOWǏe WVmF,Ǿb͑2e)6zzU{[̒!EQfo!#l{,xy^, [^\򿩂3'R쉭\6;y#>`\7#x) A`z rsk2`Hےz,!͐lT:Hvdr=?_N Av>k[k4UW>W+;ZxGٶu೜O/A6U4~l &ϙZ,.> f%_ڃ620P\vJM|4dQI)*̥nQoS>?Ȯ*l7 _]Y-[W07.' +[U{$w[K?֮͟6Ԃ2P mU) 2}FYŞ]^=rxӍLE٤o/rxsBo5:}nD%=@P[UAc Ba[ 0L?9L"~f*1|XƞLI>ޒHLL>blWK _` e3pPPmpZy#Z~lVx07}F~J=|m)<5'@+-HdgVVtx^~}\Cz [LOԮ.]I9 X͈u~*ST˚hk>+,Ryƈep}<MgY'~y -^~o޳"w-z<;z=AX\hI4V$lg&Ϝ  /QlNYzev>ZOkz-gw?~'kH:Rgw_._5xXʫK$ k䑮OaϜbFor ꍓOp$cYI|m Ū5LgUv/OΛ +|K >+0]cIJIճQ/m7uYVZ;޸l^MK{F*mEWK/ݎܯ+|h.mX5L' ɜ_\UE+9U7tg1G~pzXꜣ >F LP0.e y2'rX>JtzK7|n32ojFy:m*# ;H`tp~Sm2gET쉺6¢\ә UoFm{U6U,m#y| YwA gtGhjPFΟ>xi*K YZ%mڴ۔ lU"~@max-tN$5Qa.\HΦָv4#z\)CXDX@ew HNSJPVrXDmZ٭T;T gpk:զw[ CM@ ?x?:Fh:ԓJ& 7@@Oko<_9z_y*'װ)eSye1:ßMc$<G,oߒ敬 *OD:RyXO3[0[%@>bj"$OU S߅M-*S+֣Ѯƨ h^5FFq)::L/NCo^2H Bxlߩ-6 j9c9 MT(6B/"\BS`NV$_\d*7fi h{'zy_!OՅ%0ÛW0PpKrkܠ;^dρ,Txc\X4=7h,(kʟ7# ;5B-e>B!V$z5D:?3eC9%!,PCz2>pĥl=JLh$-UM;T?|['" [be{+z뽣Kd L5Wi!)u< c G.ύKLLӯrl7Q [1x 4-j))0\PitgJ-Bt(PVh^4WK=@ȉnδs'$8)q%}t{uxQn̰οR)9IT_MV]yVu4/\B C<_欯M[,I`^=jB$}Nz^u9%8/|gA 1qVYz3{/ E҆n+E ;SEā Ē݋*0N"Q" k$ Hd^"STcm<$4|)e-pi ?؎5 ~=3<bCR=K1ݎX=o{FB<Nhhvp1AegX Ȥ6diWh,`Ӹ[q: G );|ɗiL5&iY &jD8ƨΐeF4Х!5]LW]W/#ymwM?|UʒbxYwx%' ]N\)L$sC76o*ݰby;)#d7d@H kݔpohO)xPAo- eC],)!LDuQwa NeՌtdx2)PZ+}*bb_`=b%Sx 29W!!8^B~ OIbTc[vgZ:@ܟ!Q~}C1lkC2xb]&}OT᛼'2 'aG@޺ FKuڞ*RdA'A\ea7| [>MA9R6ϺDԱn6@,C'3K {Ѹ+fT"E E&aD" ZByVg8\y4?z9O28\/: pٮJnCe6\mϘ2ti_Grf[}<=C hBMXW #fiNӨG[y(k4-ȫiX",OKX>2%#udb F42y:kҐEm*t ۻb~Ys9- zˑ+| "Mg VhA6~C|HT9>1 2rGbL$gr"Ւo"  BS j{~hmHQ] y>"dsn769̖rwj6y'`01༢?&c\+[϶HїЖhGZ 'Hr)(3ёWdUHs blœ,Ōo!zNkΆV0cGf$io6"ϜTC(1U} ;>颐kV'ͨbiԧW=@"O KPLZGO@}D$PigkbLV "?SmjS\[]vo! 25u_3R$yTdͳbmh./L`\?F\1Pk@0iwZ-E!{1Re1i?*"M_X-Q GU cρE*HD RJS@{ш m%XqdF}b37#=eo]بg VFc.FN=0uߐ+2׷*Us7;x܌K=sZFUTT #b҃@CLkDX$ahv#@(}tpw;Zn [-wk>DkGm7BPHۮB(;?10Q (+ZED504%g # wWfjtu + &凴燍7XLM4 ˼2F3E5AX/vQX 0J!y G&{kdE{nr5(i-f)Ž,HcS`LJGKrH<55"6.0 ")ގNtUvCK>WӒBJ'٫Q|^љ^s.m#z!~ :zP ̓X7_Fk MIOv}=JUlh`bIcpW;`ހ5í(Ї@ v@ɸLT\$l<_)afl,CP`|d1ҷD?Ƃ:b ׻NTgZ5qPעyX&>6>HXuL8 %mǐn)Dw=%$$0Q4hExѨ5| Z*N'bj_Uv ߒ|w9NS#?p䥜@䩶9~Q碚-v Ptd5PLJVdJg Y ]^IWFGP"3WH** z^I%zK]7\,E/AZiyF/?A晹bq̣,a ﻆ@YrO\IKbGm Œlܼ lRG<=z `.sLt!ye; FӨ9N*J3J2}#w2dqsS"Z:Uw  V,._z:s\Lp~ -R&|Xt53cu"~2x[sB#ɐ{E哓 lOąq.RӤMSVaZ.o`:ywRpɶ;E(ЉVxڒ7]Le!#0ivb-{xzjȧ|6}Ɇ-RO-VQyvѻ4+kz{Uu0~"iJLxK93*(<s~k&N}0(Նb};N^NΛKm2Mc4KzdU7Alj,mIl;P/P//n;K؃2Ĥ;4UݲJ24wD7kD8L{.guW[ i58TiQz tA;Vf ߉VA}>x!Tc6N#K^GU  3.,l=7ʊ ' QFr} ^x 4egfkʱY77f"5ڥ^Mޖ^6&gȇU>j+w҃]M ,d TqTz(&UU7 lǚg`R^JmIot<5ʅ\rvq 5pZJK@OnL,Ϲx^djܽdP[6 NM, PƓ=1!!=)F<ڸpsB˨f-Б*L<ֿzp{u;΂Jf2r>4#9`_`U% !|5㚫n2_ a m qP, pǪSVTtMD]"]1# =\*K:SM+e~0Yf *Y \]7t>Đy[K-8X3_'x ow2]h*iݤp-Pxfl K(hxWfBiTk/(j*͏-[f)`?-Vxa|-jk z*)V1 ;hoeaX%HC{I|blU<\gxչ%`ٸ<r-&OxJzƫ@Oq\'s^x; AGyZZ*}%Lh?;[\k'Ty3C 뤄AeS$\}unՄ)epd(#}~KYS2=zEhds괎%)󿷄+\:Xqtw e-f5W<x5v-pWn,%ak!7xyQ3U$Ntle/'eRoS'NN"m1r%7ͫ&VC V^fWb1(}{ɺa"Ge h _[Q[s,15ضb"eMr|O3 V4)6tdQ6[8{Z>ڱ uko}-/:]W/zf q?Nڭvd8c  TJ=A ~A~ώI`G$ByȖRl6,UeYTr0TU7!]xel'| c &k[V vBEm~$ .A P7Uw4hiD . iNpi2^Y4z0>6nUm)cN6;f0"fd%O$d:Zi(7if0x&h]>WW}*Dƹ\~W⠉uʽɝ2sNJÃ]Ҋ1/$h}-oS5(^ǰ48sfܷsWn r,Q2(a^6F)C(Y%?mh 'UnbH讜x.a>P*yV}'UV@nH"_X\~Q%oyVEoVrܥH<ߛʁat?b0! jS7H愄T7wTnj26쀰n% ֡%c*Y*\D w֜Lh׭qf^3Lu/Kуza DO[Y"܏ɇay+(~Bd^t&+2#<" W#Sr!KEP}B@ԛC m|~-X*n'96ῤaB</Q^k~bt Sp KrqFoiH4| %W&]z?ED gA|ϟQa=)lv3L-g6 ==SBd蓽x̣t 3.cЧYQ3tKMD* ۟ϧϓôXmd]Tb2uC!SռSS[yDrJW< )<ORB"Ō Л( #Ƈn8:6`KeO85 穾l g(]`ŸXWt. ?5{ǾUp!dec|XB +@Ҵ5&Ϝe"^6ez-tRL }Pk'@ԍc`e|dֱך a%tLW5wP=}Q 7u0bqLe?BB^i5vN$X2>6?ju1{lIES K1)SF򧗯1Zi??Ig (*|aP!]@#*S2%zpoG3Z?A7[vث]'fr4ZL_-#ͭtRU]7ߜV9WK!:ig!"X5?|Vq |wl5:i$:,, 9jyPdRNɯ k.hPZtڀ##}l}CEg2qfKx 1S@?wZi YkL98vX+d}GH?*iT3:ٰȖv5\Mjk/;=zqKyOPVWPaĘٵmMѤ^~/Qw?ͯ  bdwYVjGuLM 樇FUv7x,N>>&.Rjr-i(`O'.ye_2<[V3+2(E8rjhƇFҕU"^ߙH3 XrR &BxcM.3 fLwBj;ԯHHJmխ&xxZV(*L"*PvE~??LB$?+.ψY7OI +8̜`g}@*Rb ҴUh i޽$ʳ^.u>khKvLb(X"%FxQ"GZXnC_&#Ap[%, hћw]Y O}pmo&U 2Ӯ  >NqV, ";!tdx`Ps3؇f1n޸>׮NO;ȝ5gpd`\"۳[ {?ᤄ5򚢍Ԉ1$-<K? {Ȏs8ǗsĊ2!Ӭm ӺH>gŪ ^ȥ1l% Qٮw-M$T.D-mЅ72e VqOyu_&oP/fͪ ʮ~b#e]Z5`MhG8-W]*Wߤ|Z]ZC1) vE,Pz:MGZUK ^\V&ieuIǎQutRjQ6͙H +boH+)cbWFR;>vnX~ ¶щţh7SGt$-S!Lo~y@3N؟Y R uqOˢ_Ik곕B$4%ʄBS/#./b|Q]ΣY-/c}2Λo< ΦEp50%w 9V"š 0_ emSc24/[ Tg&XlЊX]!TOo)'w:*ךDo}F+;sʑ9-QJ `]͉u݄K PM%ZF4G٬ w҈Tx8a]^ÿQ-a^DdρawFpiQym+*rV0_Rp+u ؤ9cP 7I񚄠) "}K餑fjO_N7>X$z%Bx*oIrI1uWuW@({u9ftg&j-M TwʊCoildqu`'C~L_ q_# t^>6s]؍o;s";߳8`}QK,dnI[F_ XD;!P _K2#{׉l#KgM#k2vM?Z%" * M<(I]ۂaO Fg0C7B^hfj?((6n.sJl?k QL1YFCH/=vэp>vַ +_ќH*?Dwf|%d<᝙@'d5i O|WXPW:V+|iJJD@fpJ,,T*řA0Z\Y)M6bo;\?sq%KԄ^"\]}ʎ_fd' 8 __uH0TմGJ e\yޗėGIȂc*YRZȨ@q1 X6/ECawsL؈ἡaV``q@ ݃WC,pkRK>y`9JN0[Y#qgU o6 }\Zt1_<n%jNjl0.b8I.%/)sZ=4 >ߙ(I!<9ԇ惨# ū*/]:@H7<f[Xsɴfg0TDJ}Аٻ/5גp鳝s[A$\LQfLd 'l}1.ДRji>B7Dyr8qpo1(d詟a_(8嶅Ȩ] k6nxl^U$^>>1M 1k3gc+fŔɶY6FZc⏻)z˔989m:F]P/@iMkDA_0܀1J)kDv:KCuO e*qn- `2)6wxȢѠsV#Cy(K~/o`n2&Q-v"w<e(`ƠNNED>/(#7QޤdMWq; Dܝ(C$27~5c9u+Ck\ VWPUn{Q2\;h%5 X|?ҲXBCOpD+Gc9hyM+, 6 zmkcmB4RIe>+'[J=3qJ7UZ쮺 iڱ2LK]B|Ak m9]Jf VSݨ jxݙa& )i@uDqɱ Xj6GF5UB{TY7k# JOp29~m"ϩu{& +I?mnA]gN#Y .N*ٙ5;;贻 xtq} ܴv Ti=6"mlR_FIj [YT|dUCe<'Ln7W d^R0;@-Cy&YRT/;`wv:ܿ$SC쩀V쩧y<|1D鷇7rouj S:46fh΅FoTRqVʉ^fcV'7Ht&EkW'M}r?Mkn7YA҉_ 0ْ޺Q*#ܿk8s9O)̨]¡=y8zy{3_Fqf1SARIJ.,O!Lu So{[24z_Ξ LZ{+ԭ| zG`*S ?n,Qb{Ran8oQu:ߨKK-9ˆdf7_aiV %Z15gJge)g4Wa|杦ApK#tH aYL+_#mg(yvR$\FaJ2MKg?d$oxn ]3"`Rd +Bǒt߄YX>եM2~r<0ƵޛMw2O{J74P=i0?\dN7Ŕ#-1b8aF{"ϡ%sH |(%@"nZ~Ќ7m"4ٶw|\wf# ʜ`I ^z^PӪh;s̊AÎ8)MQ!L+m3#+`:eȻۙ '(P #Wx/:dbǰBr(ޱs!}ANonv)mF)b'pR3"=Vstg`YB; :dP,Pǃ)jl)sKԈ9z?M+%~H=p# OhmVzaJ4y TaN &C7;\\n/"nNqE_y[#';I Lr FKbhhr5. Vׯ0B:°F/,EG@<dO> q2R|/Ѐ7#ǁ=T`9aE%EfN_Oe-ul0lCrS#rxLϯ0vt[2>/FHܕhmzY4E?RԚizZR*` \7j\2rq|xmI APOy3` :&F\snTƦ׮Z{aWQI7/9Wz:JlƵ%p|s-q!V ޿ԌǩNȣ0M抓9S30vÛ9RQjoՇoc˰ef.V?y5ř!Z7U /ij'YqӛC̨;&Y&/ Ε@ϸ xBV]*Q!|Ū$+n$u񿨟VIe9˅=(gGbyJ׊07Y= [[mI*8\bx-n]2~fH\7vY~j -$.li@Gh?6 /7[=KAYҟ2Jb* | wu1[MN)ҍ*N&os_8DS Fgkx~ TK/aNmpFb(]lOq2H&K‡qrnގG*Cp*d$2%dCY*4MI79HJcnU ^BsICPɜyW~%Xe !tp6χil \ l"wќz/Jje?u}gs엦 'B٫)<5 T*UuIh׏X>a]ԯh.\kkG"8@|˲$nCD p)WPhsF!qkԊ!J~^p&QU#/56:kGcԸR-ɈW''X`;M\ ?ژJ[;wÖ$Lj~E9 !0qw,A\vB`Uoh2a(7@Ouϑ1"C&e%aC+_ <ڃ@ဢu!SH(]3j7y+N:(s9uAދ; wL]t̸}׳2kHQBmd "UAӍ3jF. ZDp8Kc53)RZG_@n]xԿ)*j+/ŗȦߜBu]-ϲrM I<CvSaNzoϏQ;AjXQƈ!.yPJAnQ?7 Hr}0W4 c0և:&7s'nh-b.TLgϝ)_3!7O:; (8rN꺁(Sܔ5`pzȨ"U\lxT͓S2dsBtLLY !ta&I$6 Ȏ2|n6Ǭ3y/FSA"0Q vK7wt9|COS5-ȅ &M0ךyZV-c Ø]]mޤ>!$}*̈́)h#_[ =9"dq`:)RèLACnhDB`#|1"hgD镣3)t}[W:@@RmVb綼do)kʬZRm E|Ctiwv|+So%&wN]Q=z"ͽ*,>ёZιbJ+9zn_׍)4(x=*of]ݲ,d䥃{nEލ⭽UK˖WWla\1xZ U;38@-x}EGΟB AMt'&61:][ ;g ]k'Lre6RLzy`'eB6@8gkN2Yctݕ  ߝ9"l/-۰ (čT&[B&r$z͑70V=l; [KIm:1(tm˂c|ҪA1\ BOgɪ~`j@(Gt_@-R8,֡NbqZ1^Pt4b#$֗4\C6 •M;QViͰS| t} QR`S]% buǔw(JFTp" !iЫ*YbLM!Ⱥ::DVe}UP%x*: a)X^A_з?bRjcsrWJ\m`X*Q{m h~0Z۶r1 B(6K.|K̴W& ٴCջȝS¤̜p>k+9D)k%7*YYBa]yd~bҗ\n+aD_ǘtee7 *r:k ︮ 8.lh Y /R|5LYxD*eOY[W K,^!HxB=K #h800،,;Ak8N6cr -'A0pʷ=̷'#Pw.X 򼕵/ _%!*vjQ=EU2K&s-&X[ 6RB.dG5On&h򑑋Lk 6vGO ƄӪ2kR$h@[~gLi=H6 R)MAV59P3¸c7⇂ʋJc{$!6J < X}; s;zכ ')֐ dFt:A]ʆYx M@k &m{3bg+M47vhf &Qf_C;I1ΥQZ.P6,Kָ_Avݲ0M8:Be H`At-. NݳKh .f=15m@AE釒 (C*Bq*$o\`\ͬS86QaVUqdŃ#Ghv'IQi$c= g fǸ؝:*`>۰8q.1C6] RG{pNo;1nb&"#};CX.,t~2LtHw$^p#:S;OY*zr W5˅8 (`zߍG!Z-G 'hTG?ZmmZ#a{irJEf]"ӚV25=#s4,b`ic^ȴG)% X&Qo)ʴ^D,|n|cO[kiI,M#U״Q˜uAPOX:<X1Bj-1ۡ(Ll9 dG:y&f=g·̝ar@v&w5vTJb_nMjPԜ50idCL!!J1m~isҀ/~M{iDti1PB,:+Kh AΗ*h=7dISu#M`;YV1u 3n`AQ.&3Sу_IxY8$eȜLJ)C}; mV$p(b|:<:SNw})Ȥ\QDImxt> +$U0ªGch+Q0:hC/[ia6³[5zWϯN JFNuVyǑ~>K1ާAwen[JbD_IN7f(/]g*0؝;&dVS_͡YR"jInLXS}1ͥ2np'F6fk0[WE1IJmuv6gȨg=/ʉU⌿@ ^@2N`{~lBgc*nKe1ZB*F2G.lu7d=kfGO:~s9U^ T$Iäe2Ԋh6VYhm"zoѢ?7 vU,{4 0.dZ R$cua0DyfS.n43!Qz`s+J"]Wq&hVᅱt[돐גA\l.`௓Z6!pv=QEߕ!_љ')G'8 :p; )"[F#AF@|Ii{Tv ~"Ɛʛ };n OIP2ͯ똖u ?̀;Y/9}DzAqt[%d$6I~ZeN8_؏kluvϮR*_y. {ܰQl4`_6:@4agC9~AѵIS#.H(.|.oogq+Huy.( AX7=nzSƿ- 9S49VbWks!.R+Or ۡd*nh)8H:nR'I_Y=NlQW3'tv=I[uh^bq?dyV_s?\Eg5m':{?ϤUAw+bqů+7uz5MRnr{' O‚qr 1̊")YA>D@q\\_ 73W~YEF~dx|g;5C7F6Dݢxˬ$w_YGTO0-C #KqjGM±Eq8 >!fgA!VlT#Mș/>rCQ|c:i€+$ju U|'ڥ籆ՠ%]tg(UddN0)U s \W[pl  rJ ̣/ m'IZ@?H&Dy@\B:BuMԉܳk*T\qc?&0*n /;΃ GRi ']xX*C~5LKcUdݧh_`"@ڡ<|[ r+Y.f3pp1shMbu[ 1&9bᓢOΨ3HzNdoZ'yY\^3׊`n49> wIs5Fјs] {/~APQ MfBB'1{c0h')"/˹={?]v`*@zÐYJO?Iӌ1r}$O vSz埊T>ofDıAjRnٿ@+WE)b*`e=OƖׄc⤁<5ãkc:T_|l9 2 ukH3j \Hok azkpa$qJ QhqYc)0+_p)ہ~l]`> %0h+dK;(#iv@➷ cXWWr#"xc,eFsL.JF["44tQ Ҫqb|sPykQ! Cq;0gwQdgSYvwͪ*i9˂Ƶ Q * K f,H$L;(kXhP 7Ӌw1L՛J@TTuͼNtG@ERFOR[s?Í׮bq@3!6* N>Fxn2Iy]a bCts[u oFOl]b bUT=ZGRR59;K`z$,]PⓋy&j;{BB3s1z!z0^Tk`M( [OBFOvkIO o ˍܝ =o$#e}*2n 2tBjw a!]IC&G}dpC\Z8Z8hr' ĒbXYSά7RoWD.?Vfj1u˒8\(m@줉3!Jک#CQafZ\\"nq. ,%oটn&><1蘦5"B̍Ze̋JI$Gvge (jdr0=ɏIֹtt%Be%*,`LI_RT%jeQ 3't&W#T}=Li;*Xuxzpm IwѾ^ꛧ@/exm ks|KdY5z&8{ q'NǨ{@1EMҒҁsx1uD02q)VKQ(nB9Xxa-JdB(Pϫ 2g៻r*)(٪~NYc_S(S2AVyHhs)PG`؞HԞՠapY/<`gvŗ^3"QǝGGaLp3)QdyyĠ9*#9B8^LH$ ~r@EH 6tT (L Z|2i7z#T` VuҌ|`%J3p<^rŎxB5r wgjj ״9-i ܬ1)Ifk3ܯ)odH7u/@Ջқ۲4=s,]2+*(63CgM/ 1}pj ,ÓZH.nZti=-mXޟ9"(%&V.Gt^g6g=ݫ.h?J >IҸ%.j ;?c 2oQihɈewnd/U}_eq(:w g L @&|ѰICj?=GB>7 2f@@Ѕ?Mq2 IP_[Ru;KA_ႭquK4 I7|KS,Y6 cφD`ŹGd'-X"j ْ8_`%S*3ؕ;=}w4+zH['ՎMFX2k~"v1&Kliiz jQW,vk1]ߋ fːey$~W|QחQBo̬0ΧPB֘PMvj4Z ǨmwR93!Is{#dl>5wQu(:;`jo oY%w*)ȐYQ#zߒ ˨gK|\3ӾվJ $ {޸Y̫37Yڻ@{f}6v7i9ኝU8W69bh@yY~ k1gKB ;W*ibneMWiÝx`gXkjr>“d]d+'t7:%.$rG>k5o63*`&1z1ōw&hb7]p8ȒQwh E}@f^5km?~8X7Y NH#ax{GY n+뫺 m4N&{nr FoJY|a7g2^i0JfU 76>9 xҹk\j( ,,cfOʪ4KA~sM5(3jb -M6s %MH9p~؇0=eIm"NNDʈIop"pݓj4fkk}[%+@W!;ul2!LFLcސ̔7‚L}F(ATnQG@X6r쉟Odk">K.cnD+p g096?ODuLKNoI݊0  )XZR4Gf lԿ^su|Q*5P2"SՁ/Rjl꺅w106)ݰ7j 2Vm 9}W{m=$ߴBjF1!]'2&A1e{ĭ3!:  f _3U*e(kqWd_wmwGO+e3ѭU@vL^1I'XE9(ccRFJ)]HDָah&h¡N;L;pGdSF}!ސta(>^@,HtePɌf;ݢ2+gTI3oG>P{WBbw/%ouL\Ru1(5n3DVs8={2Ǖ$Uwcרin >r$"o3$HyF?Oێ_%&Lqߔk~ ̚]'b)DA^2hi1~vXI*ƣYamͺe@{|zdu||9=eʴ 4y9UQ/_C0o'j\Mɴd%}[ܯa͔$4w>'UFqN!C& @aԌ}FL2 B-D(Qczָ T([+J*X|ES[6 e},xzZ5KL.:cPFZus}~V޾ZLhiF}EH,Na2 ֽ'4[{:pu% C1}j+E DDAș8K73+IS TTv3,J,aXSqgcys *Jp}!^7*`hs* l| oz(Fmh}q=6$+$CnKw>oN2b4E;&XyraQ~d@pPjvwӝ~R 9B) CҲ'Z%Y_<\xT~$J%Z3]@vYhtky/Lʃ3>?<}f9[qUb\?ӚQ1wx|jFiri /8 ̃vJ¹,F&4 X:ơDN8 s|1ZC½mbDbv-rz)ChY‰ z0fr^ ̀ջRl1ʠXR3itMp2\l/vraF1KAQTm5̺xLP|~ ļ U_ P !L>V 4_ A@=t`vE'ra2;,0}X*pTDX)ai Wݎk͉kg~ˏ"eKwmQ< [ voyj&bJrsee%;#"j٣T`}dia >N+4hahn5v-GQc&NX|xUJ}uay.CNP?{BT(ˤ]K u,S˺@Q)ӪF2.]6;C^>[,=7IqhK)_.&Ô6<70^". #Da EM5Md\B+zU0_hu&A /=ās7)LLu3c튔okp4:МTF\>qwl1$s2B$P5 XrczIE~s`;N_w%41'PYs@`o%IuRmH'RLH. {ɄΕw0cUjw#"T|Vү7K5x)PA5;.U.QOa^ެ"Ҿ ˀjk Ěiu_l|^Jyk5Yђ,re?3IN\_ݩ_ B 8v/je:/]GSHh i:]+f"[u=8˝E@NpNtE/ܘ/CadyY.+p$frfk2zRo)FǦNjMK;"6vnKH7|#yKhX=A0ܿap/0t!^G'잟9˺QߟݨՊڰ M /nvp?$_*uqfi۔Nİ1y HN=\T.F2 y :ލ^xL`OzdhFb|Aքۼn|P=N=5fDK4E>,7񩦸_#-w=#/OY|W5a4 Dblmx[FW޵ה)?|ݚITu݄ H8a.Mo _4,?RV{rHRCmVIX4dxm$f͹Z_)Fª^I`˱'慙Zv.!U 䘨H9xj~ dkJ~^gᡦl事;\I-TO_:Kܧ{j)Oκ0T!Cg2#K|dWzfzEA'9^8@<;S< iC60v=nU`I$8 `5yi,fc i>=ijYIJur`B`Jz|DZȢ StʹyC" G>'m/-}zՎc5)vNTl0Z_![odu( #fS,-oW%[is^?yA{8cDz#4[WM\BMCPj<3~Ԗ8[V"[.BhhٿH#Wa m2|9mpQnҪ'uvUoʷ;:$ܛx JS%aadLS^}L%6†M`$Na  1bUKbsj?n֣d ҩ+y}hr I*Gm՞9v2qDE30 S{KprVLEkw8N=0 MW5GFUjKX;fS!QySi-{!Pq*aO+ (ӁZ .pmI#=#} !pA"o7\FH^w{.(.,t`?.6ήP~u9Jc:@?D:^5e^ -v8T1OZ.̣ WѨ]T#;\D~l13+ksݘCf)xϔ+/'j7O5h8maY @D=T%. ԂZu)XfY #pEP76cm3>,%P[ٓS ^ z{a5Y|Aii)[KG ѕUj&^,-)tQ2ғ^ruݨ9%IM;9+0޼_ŠsLN 9QD7z3^$wS9M|DfE7rXyS܀S0 ,L&Ƀ FyVx%w3U`hGC/#r{K vuKBa3 g۳WF<Ήr>8 F6HD֫$$M^r[ywz {E[I&j]H̀gP~w̏m?ڭm8Њ@PH Mٻ7V6 "iVjrS񋍟g%3b? JClc>@SpʣgE <6"k(+k-[vLC?ɻ薱#ONvC-r0E~\- UHjl>͘Aeq7'\.-PDp1*OIwr[ .t3q@ (ԝw\_1ݣ0-<nt}Xה RgȇH-01_1<@ 5T7)bcOոIT ;c:~/q5Œ_"'FL6^§ufXH-VaV`2:;Wojx~/}oxgFA_WNWa<~l=_3A3(lllo^i(2Fjٵ_c^iSEjMv |K7S}`lzTĎ.oKPVl8~jʨձ2V>Hէ|')+1Q;XZ]kq)zDDƛ. Y2s(ȼ)&'4A5Djš6 i^ff7CCtj=8ߊE&iw 8퍋S~Md2]BvXiQX 3Hf{|L%.Gmq֢a;p_jИv"ʬc-"udܿkQ*Wfg ɵnKUp/8p;õ떥V 5(Cͅe23z#i/Vwcoi{/^{(Ќ* I7uHٟ=bli=* v/3K " 'k0,-IG6e䙷EyW`=x:WAȿތG %Xۼf5S`{{g^r3SvV/RCqq0ZdG f)GRIJf\oO@Ƃ 8cY(C-6>DSC W ӧ5>{V4E.mO *q#j뚱pP3 WlbAT$R% CtPOX0&KzTP8v뇬ɓ=Ƴ"Yp/Mqe,35=@ILk" ;-xo|QxSY+l6زwB%`FO ;+9@ *@-"Ϩh_c<\ծ֥vિEGS6Ale[P@>TƉFg#zRi~/@ JZ(cYkR慄1Fcw⹶u' o-hEÖ1窐lidk=)ؿQC|Ӊa@^)BJ{ޯC]UM#O$<)M8 $nloU1tՀR+ª /zQ]+FZ*,fSβ6jcOM'$Z=sۉQ>hA f}U'F0)۶bXNd=Y! fraW<@2BALVh",k)(8$Nd᭛%AK PZ\,L ֱz<}{nhO]z!DsCg㑆.hjs\GevhӖ݈X+F 37k(0˪‐iFk R[af )^)l"ڻ.0u3%擺[qVBt=,֍81hJeVmn!>7zjse~+3ش'Jԧg{0W %j 䃾;gג9qQ?%-g]yye{h,@uWwKGM֝[>/'`ڨ(F(Bߺ/Lu3K{DY m֝nKEy\H=Չh +'^d7,~;~d!g*-Su"Hj&-;{ax#ukX8@91H!>)<}5:oDWaXG3&B+{='glKg#6\& PLj2ȣpsd@%bʕaH)1[2)C4@y W]rGէ`vUDQDA䀩S42@1\ o~;}yuOU$VWDԉ/63 ,HEqIJ 94'|=Uj) y%mDCƇQe*^0CzP8E%=P3Kd%#FׂtpIʪMߣki#˦\l- E1Z7B k\ȹPb^PYKdbr5&ꈦ T.kD+ufw;i{@<mg^&1V Pi%YLLy 8K3ȸEQBLJ$Mxh M`Mk9:P )aYx% |V* Z-AՖbx_DUMmzLOiUB/iixH4M`o~ W[E6z+IUiqbj8:$ #cUMuK{R1%6~nSQ^`U2U' 4go𲚾ߡI; t27#wRMt *6mu{ibV1p.>CZA(c,OĜ́ 0;zE*ψocPL JI~POlه^FޠW7@U4izo)B2gOPdr3 0&퇡fFK8nm(%S ~}CʯY|H^f!rNS#G#3Ut!k?~,=XE "ZF/ o. Ebtp)`WEּ24 =EKH}UZ^r "Lf*Q2F|;X 24bv@1F6_cLFY+qܥz ..zr5H!(c.TIiM_ (D!q鈴uP !gnd4FЏ""J)͙wIAϝeFwM$:Cۡi jڼ=RL3ޫƷkLGlHys~#XEpݔb1\~9>0o"Ss3P;R߫kh{+_BW&~cv;'P/{A[w3b#ʎʺ-ڊ\, }ԃP)zd?R 5_gZ ;U]r?[]cK04:eNIWJ,B8 M9Ӭ@E,Y5ںk)Z[l?ߧ6zÌmSNJ'XN޺z焀OB6M cEox5C]T)뺙2*6e5G3K՜s\]CЕoo'ʙƸ~ ʡ1gfKV}UTωcͣ$2rnf}NeXpm`qY"=Xʏn\^5% Tf NAc'm%ay+HC VJJ@7gy[603pf>x#l3X=G Pݏr|+1=xI7I<0&O$͏L0[<~i8W@Ffz2UL)Y]og,>܀JpRŊBCh-ep\H W >E7^US%]%aeKO2h$-62 xy˩#hip}UEԓYW\b/Ah.vR8[b؈B'?e.p':|61iP#)]kZ^ӪǕa,ߔ۳rTfH1=K_^H &zi:ŰJ- ycDiT [$x 7wo鼧Qk ha=ye$]Kfr2ߜ'ˮjB&+66Ẋ"t9SoZXdK?g't)M2)=WJЂ;™4ץ6+:{QҘ* epo^|]Ԕ F&qB?QL~:IzGnNdIPng7  d.PUj82=[~MVKY[\'!.1ohnUIyiOqpIπqcwBth*>2>T$pCF`=o瘐NJABu1Μ"Xn*೹f+kiB#fBg(brXRPʤiХN3J٘r'vm~:Ub&P4$sC+?ae*b*Ր#Q62C<.Bߦ 0Ivb+b#V i>їov"-|WS8kcYhP"|Cjpg.4qn^u.嫍mS^WDO8N/?V&aˮƓԫXQOsKQNday\#㗰eTH`^F TXk}~֓oޮ ~ *J䓚 o®HYnR@;қyr$kߩ0֨x蚿tѾc}OC1kߊ+;ԟ>/H G+\^+hØOMhmQur0l Dy`.YqI nÔx#PKކ,(PGc8 {Z!gv]&V7[&2)@z0^(PMi~ECS}C&\J76J nyh[#K"D>zpm `FԂevwV[L¸ݺfEp' "->jwJŠcpMsVWކ@þ4vhBaI{{ LAa~CB !h0/k@D+!T~eܞAAk6WjtKsJm8G()_Z:j[Td֍ͅE#Vhed$50ޥRU {"a{I @;J9t] P' bY,#H~"rdJa:S"oUBƬ68y%_rQTfv(G#*n[CJkhΨ\kHձ)XE&T6=VJl ԝ=ԧe-9Tl6}pM8 JZa NLzbs ;7/@p˒-E;;'g _ wOQteQZہpwpΙ2#ќ 0Jk]\jD IOJL)"BuA"m:)O9v] rwvMJHI[j*fexOVuۜ^nBA_ ǁ 09>Cqeip_ FûyP/8z8iFK><$/~;ὌDa43F%%Qm]=̘BZ 6w)}~〴L%Q8ۚDǁ}llW'T>_9<*l*+Fײֲ8Hd0q{rtYJq$Nĩ,Mw?h6PAp6[.yZ_UC 9mdTӀ`B&YHmȃoHwv$<,72Y3"œ& L=}sqdM/Z)Nұ[ex1Gl+Sߌ6i15K3t;8m d;HΕQQЬ<`0ـ}[n hRZCk:gEr +>0Rڛv-ާ(k~w#lE){w.3 >" N?dSfZYʦ2X1HE<'>JzseIڃ!9~ EѪd\j a9bA#]7۾T>mx;Al3+kcݔ"[@FD ~tFn%D$E`Lmjpob/@.0Ü EWH%%^ԺMJs+ J&f[ Oo`"]o$Ϣ%LuNi*^/5l~rI X$0&hb{G8?;tDEa4sMU٩Ŗҋ9. \Gh9ԠK˗p;.w}TGȎؿ;*&W:#vI?G/{ejW剫@UA534 ndzGz'w+~"VI @\9P>5S)_f:4Uis-%Lj`“}n+0mQKtG=aaNFBC$/4۰"}}QM!0ݎ{iXf$$(G7Bx;oI$VB`C_PVUHqy5 믈ZO];wbE˩\ -dZU)Pl SinP}JūV+* 'c0%8=+TKɱuZw2妊:ϽNنV`ՌAyUʼU"BΉ;~KJ 8&i5(}VP>'oiˍ[VZ5>r"IY{K_%oӽk6j`V%'3\L-3C݉mI1ᴜe\d!ޢU"7R/4E=Cjg0/ ʊ~ƛ[.R1`0ח=A %:%ѦCl,V1GqK1[~g-bLk18RY-i`aY&.dr?>|}|e/Q]X[ :yDc_So9$=$C2p|\|B)/P(?x4v+G>ٯu:pU=wRPRN.R~5)wݭpaHwܚ,%S9 ҘzX y&#-\gmʧ4{$1cԇZ>K.CHla^N]c7$<ڛ^E;<ҬH\(e:ʭ$H@΁D\N?NelB7u*. :ŭun",1D9(0i3]qB'c8kwMl)Q S_Q|&MKZ}B=,>D vZdfv@N671)nᙱGYS0X~/J,zdqg{?w4>hꣵH.0SRw9VxlW"y{VݴFYW+zA<{u@UTQgWYe rg'ا~ _f& J@Aό\g9"*Q3q'}8ܺ- /Bˇ|ضTaVޡs 0ъ*)>}I}?wv0e}MðаSAљC[Etj̈02E-ٶ"5zOQʼnaf ގl2̿TkN d\{mИNZJ@Ǻ}pjFФ7cX7J$;Կ'+U$ciYR&x{A,;H4NJJ+ѳ;/J~L4)Q5נ PeY*zu@WՉrh3zEUǵ_V-T@Ǭ↿tVQ 5ds!e:gtXǝwwg)CI]p G/{ĕ,MxX51 pMNjSTxso,G jd$@Ak4F]+O([D ͛!)q,Aɖ;,a󜍆_DJ . ~("4x3N9R5ڥ޸(\nm}:[H/*y~@ŀRD9IN6XlֶL9kqQەx.]q$5+i+Bc>L)FM>_[rprSH.JE.DiMSzzSͼGİNL`>DxI8ٰ:{ um2ݫE4␲!=i$]9ASۋ;) CLo0m)Ct0PkS\`?X6oq>y#=xqi{hΓ K+VֿXlHGQ5c/v%=q 6Kgm?[[ t~,.Nq)xh2?PS-Q@w~q{OůtcNu,O9/4BAAdtf(Ax6lV.`10zb*aJe֬Yx!)Ђ}P_f{k%z"_ntПsE+s`Mt)F"Cٹ{b(CIFwh Cۘ fwwx!{枴 )&325; #nSeѾt(o}\J" YW]{G)I8 "#W$}ޔlPymWxsb 8Jwf+G&j; ҌNE߰Z"P:ȜURWK?U@@irqNr $G6K\i'8qxoTuӁaؙL/CIE"7d(5mtca%ܦ&rR;Yc0-w]98V!ĄhIи9ûpILKRrJa_@x= f3(Z}`WE{ϙQ ʵB%M?bZZDPϲr];$( G).aRԟT)'6ookqE"MO$kL)k8"G8/oDZ/C~! p*m^ZH٭% 35`iZɿV:OޞyF AcσI`{ 6hWlƈ@1ramKK*:屵\OOK!oxP3V?8F!B,Wdv= Z H̤c\߲L$]{C3@aL,Jk [0ۯ`o'FC-W9 !(yFyĻ6PbA\k$uq2 wx#Ro%Y-fU(r)Hi)`%P׬ s^ bf]''N:dȐ@T.Q,Mӟέ{o N -s\UPȥP%J̉%?-,ﴆ߂Nz9,Wj[*?@b.>idNhM*& t ̒*N.PN"m"|.5vѳq z X$bb ڋztr^C`K$'χWw$> O2|ݡ7{1!YO_2AYZYFbm>>e~P/ a!Ht165K"O!Ri[vNoI0Hݐ/~Gr>5+5'Nk9vCRwJ#/6x de+ɉ(CxWRz5`L\*K [d` ԅ_VS=i[o6/&l|A l_edGⴏyfxMuƏ=FIUuou嵑c6>L^lFKMʀY9yK𘻪JEJV dѕMU+)/_tdm' @{vt Q|IZTR2H>Xfxx`m/RD, @,Q7o"f;VOqS;+?4ΛI R%84a*xѴ$)hGy}`ѺaSA,:y_ٺC.s^C>xTw58iy!x9QG F0}Z{+uФ74]tdݷ3E:2W~ Bka6V)(q62QЗGg);Vs/fgNcM;+ZR?o yvbP-CatƦn=-]V)Ϯb+ Tgr祠ZQ*D!Q$ٝXAm,;4 SD?.RUk,LzPN8,@=248EdaNw)F \uteSC P,YWo <,>INu#Xq}骢j^olMGE09=/; e=\bĬ%>6b +>E-_ q/#87 -{?=,q̼#h$Ť&=d,WonBP%VHWrqa-<3HeB%Q.(}ul"20u:\ /_}3gZwVh7|A1Jf3s(vL琢7ow*6#mDG~ӈ"xr\XfpBaYswa`ǀT|%^5:>|zAvUBvD+GJ3i.'lh99 +iyĤWYfQ2=O$&[|_ *2YdFk͐vZdށYs->6^!zt1:f|*XPv<Wb{o&fb$Kjj}[Ͻsu&8s}'? >*zx_VuS>Y.8.X ip4zZ/xI:0%]ϙIu.\wk"ISP^9Qu$"(3tnl0[>ptMUzɝ*|;S^®]rfģj mkGRSMAbb>sk#2J_@>ip^Jki?v鉳EXyq֭m_)Uj|&#z D+xQaBzx O~ǔ*5 Nbfb\Pʽlϝn ɤS+VV =1Qh\9^u+a +&N Ȗ?ЯS (6u\rqu/OL`y-3̀TIG뵝{Cs- Coz--1EH80y{_DXп޵o-:'V=S5t&w#[7h;uӷVg9H  ў[ +/Y/ghƒb#Gx1Ѿ۫[C>T-)hi^(#mJKT3ه9v<|{\0hp;XDlq(o՛/iHC BRC>L#^_]V7CeVg rV6O׌]V^:`(C͋O!ĢW&$ܰs֐g͂K4.31‘wpN:כ~4߃<)!Lj8ځ`"1Hc8/FGPpOqBA'Usb8PnPn.!9"Ѯ7{ zE҅ uwo,|;@vAg,k͈I5 V7^[A6ׂ&$HRQEе(q^RgK4T9 L,+Kֵe)lx8ųP$9Ŋ( I7j7*y'ׯT܃W' 7n B*1PS582p}04\w5[$;c2$`d6fb[ܵ~qSzv0 'ވ~b9$ }>NBb0g,%W"gv;wv+2D5\{BxOqdxvSpRKY_fCaѶopgɦV>tlD=Im˔6]?E^V ߢ~';)bBԫtiOdg9՗`Yb%Wfhjkhឱu:^*Vm$ EKjyu>Ճ~CmF~oa4 J΢r67%hA*->_ypp"~/Yb͹C6 "MUsρ' JCBtHuaTiH}i{3 åO/^bL !VՇౝ734|I4|څNnll1 WeXKlV$R .a :G Ʈ ^5 Aj.ݞAũM覌j&Y]K49ط ؗF#tOSquK򊩥 ¾`V- Q͗ p[aF++r ]TH"15 Or!`)A"U3g~瞝%)B~ƭ(2/]_6rkjDs|[ɼ[PkcFS}!ǡns:tI ?W6l~P-|YfE0_Ȓ<[v&^(bFh tG%gƕ3G (Zpi [) !BMT5>F*ޥ;hrbQ|2 Z(KSezϱD)FX_C@b*6FrLMї`ݿFYS(pKw/ҩE]JwV{eQUU?F_QgY[V$O\wO`şu*Q$ Z@~44zᐩf3 ]#rʆ K&Ŭe۽PDܧN^ E[f.@ZfCUM@DL,[{|EW1Ihĺ9h]s!^h.*U湴C$ݸ[ >%17YnLIlgxKK,vZ's򟚔~!īxYD#u|7H81'?,5L߹asw'b1[enn>X(15QTTT4 'F;Mw[|k0A('Nw83::DC%nTAUb>qx|'EP1/JoT@˯ЖwdWVc[ޓxdCS6x8̃7V蘻hBe$e@eT7%o˧%(W|>4>˟p6,}:9N zހi9{ݞ @:BnXn;2{)/'B%˜ e'~tgcYiXȻVڪ}!DŅE T Hn{~49 :§N%e[أ )5[sT^djn hi4^%R%qbK=ykl:DtzZ1>/nc$;AN2tٹ ̐<:sC1 HR>F|[vm@T} 7.۶q<>!XW D-Nl 51 7tQrB*1t|dQpSqgU|BmxR 2!5䤔 .u {YeQzH GAFeu9}h`Of8ךX)P;+\')T871 gMic /dL= rGE;K@os Iל֎y6JsYGl_a|T Tc.ϓ?_1}uUWm|٢ Pc;_iޒuG"2W Ox6Fߛ]gkaRuyPސj{8oe}O:zw-cV>tH"o3DI=BrʂߟhE̋7^O9@S*םʦ|EegN{~Ζ9}1=bj{au "#x)6NNOPmm.Hn$,SHs}lh9}8FhK@C^ɋY+ƾ| ѲʁG oh2Hht)>7T>(QSp s.gbU~DVk]~_^:ڛ`gpdxJ.x3(c&^:̼s]R[UU=̈wQoUOT\hPܙ|W>^`~)tqv3j( }+kLe\f5Pi[1eh\u`κ<}#gcw@Ȕ_VVlSq-JmA|K^\`S9/vy>WK ]x[Xu2>wت=Jn%e!3qetmqŅf{?@'jR7$D{S?v$`G#1>ðe#iͷtl7uSLoc㷀 遘9$u!T?_ \shI}&]&k:I[{+ **v`iA2FG^~-y枮$y5̶y%HEvaDJebE\{mhGO8G,nR O te`N*ry4|8W6ta^y2]֍]^߮Wn[j?.ި;<56}g2(O]:_ON9v j1@زhTq`N͟2۵qzl>yACè,Rq'k?+$m"k2R0<\mP OR{V%3K{W-:1fF@S[֒E2mcsP0n91xyWOE8>ur$T1 5fK"Y|,OFTyn.A)v^}6z+ۨ ?ۚԝs(tmaX_h= !:::z+w&6i*{mo58wS--%A)rPIGrM NB83?uVz7ox.+fMZTWQ}>gȬ +}XMiݡ#zT0XKA(+lTý>t^x$Dpp+{b.2pVI@ѷBFN߮e򅴄4kr "sj@?&WphcfفaD,iJ;6͑燼_/-inYL\BN,7x!RGC8ѕڅʣxo|c2n<ݏ^D%s\Obhg{N%MHZ,VƋICsa1M5H˞o]w?1/ظ'5k@[{Zel:h"vʎCKdYmbfi$7=AUBIv\F0^-ȜWy-@%>4ke\5#y[&L\kN\Vݍ yǞO1.ۀ}eɧ3T!$^sRl xmJiHd@ %>Uc LW+IݰC8=:@TâpC/x l8Rq{LR[RfЊQJ%}> ;횑QEp19fe"RV˩/ g{zH$u[5| ]qﭳp=-':6-#y[}lsW*eoT5ݼK馁˜:떱QG_`GʇNR) V$MF*p>Lp Y1VWU )'n~tvV7Zz9OssM?ql#+N j[ERIV _ڴ] u Vo  a4R.#yDw22Ғ2b0.pXp Te7ˣp^ZpshAbn3CxqC|y9|IF ^@)úlĥ䤩hG.K(Ԑ?^x+t-x'H:֍3/=ոؕ%(Q+G9WbֆI[UG&{Pa沛m]ߺhگs\,la͇t|0MPTcT%zz%b,R̒ϼK[~5?x_1Z`y:O+tO1a,8.N$)a3nBŏIdB.SHֶ ߉H^0%Iqp#߮gM^eKj*+ηB /'L19df@{sjYM zX.-lrtKπhx544i0#Z) wiWFNE擴V7y$Og,R]HE$ uP?2SF]b=Sx *=`T෈\.NFdj֊bRz,F .%;5GǂF}=BQҕztbp^ܒs1EKnt:@g!n9'vgwmE&+Jo֏2OlkʗOfvXBI:8c\4[7\űkmh\mߤәbhStnX/^ =U?=ُB$clxq)s ;ؠBԸO(!zFءΆn(Qf O R'P>mqRd`(Z.12%#N 0SGp@Q%JqGGNK;b0Y/ U S; rvc6ROCt3t#3AGs3^x'XWIVظ}0w# oS4yuh2z[m9Xj",||2OW50Fxg?Uw.BRn+Qa@GP93~Zhӯ(e}Z %e~Ze?CGCaxy0z.2"$Jo0D=^bxKaJ2kk:rn60wgd-3`1&Iٽ2䴵E@p=4Ԕ s 4r!.7Wu:!x]l:Y:% 0 nD :\|=c`*VrRA9)%W꾸bd_i&[h  l@-.#f@M~ 'V)/s8W6` SGRhet/4%IC99zfA!D?qis(k˳p YPexM.^jabWfCK"]YkΛz#HA+f! b7rXw{p=7AAv1%k4wn(S 躻 m)iA]!Œqi}N3Ȩ~7P"~6׋nzQ3SO|ߴTZAz;r"{/$|aP6Li\J^}.1fAxlۡ ?571'։e yL&ݪ~)rZˡ` ۭL(!U1Fܼ@x] hF~ҹEԧ.҃+%}*&)}ٗ54o6d.8 ,Ct)ds?SzWfJ`JU>$@X;8XIl~Y UomŇ=\FC SѫKJ:]׼ VKe kYU%-x= #,2dnw*quE{|ony4/nFWC܄~zW3~$^L/4e*ʂui.???n>)Q*R4d aMg\H}2Q*Iwme/]/O=%kOj="sst`eUz`2q]My|,.&x "X!FadXNlb?Z3=}fu"j AGFz ĤAik:~W5KVTጩ,CG]olyV*ƯYnCs* -M6fQ&,F-RۈX^+OQO3!FpA0YDŢ \-乯-2y%PVR%i~DNēJIo֌\&`O父l&ڑ.,QUVįсb8ۅF@cCZ =AZ)KEUef$ԢxKbAܕZ^+ȹ';YفIT7Ibeo{(Vo%XU-e:^$R{мB>[xB$Fz_~izkU2'N1|V2l$@RCg $@@\"S[ic=C^ ÕRԌ<6tL[E穗kk.%^ZY +Lpn>4'O~:Z9c0(rC^uQgLo{ȱGRh5)mYۢ graP;8ڝv]?u=^u,Nz K\i8H(B\^Hd0ԤGP}KF1sF^WUtƪ=w :LYgeq[zY7Z֮o9jCsE\{;CXQǕ Pn;ǺJ`Ai^>8*Zu_pXrl:#:aU'49pElhp쁻uT5.`+kJn珽)@0a[Fyz]#"'dڜEf?wZTtZ#!'~Mջ?l-_C c1u:3HŦ k(f(dȪ,^Gy* !Vg&gYj7*1Okr-ڑC-< N/*O% Z{Ufu L謱P?᩼H҇Q^w_sǖijxPC/m J6kK M><"d(?E1_FNfG_v68kt%`BP[9}?45Yzᶝpzy>4ɫS#0һH n{߃PJyDVYJ!c6Ks k,(ra*\02}>ƙ;;wH UE%PdV{]CژwG>{(e]t5Y1Q2Sj);f4L?Ѭ_lVDKc^!ѱ?*j4-E̔3ߦ[X#oN-ք|d@c3r^ w4>$U̪eOkYI1XreA8/m%8w@/+w?Z_h)Zw&CgЪ[qplR0|2]T V09xO)tn=J= l.Q%+[> J?9UMB"i\6 GL:nbŜ.D<`-kTЛ9,e3f Ǭߨ?ܥ߂@|Q~HXsT.ؙo 2:H8עLN~$>kˏÖIKh#0\''^e8זr!b[: :?3[GgT=;3sG aH>Ͻx9*ˇ`˱NRSVQ A@lR•4T ~žsh6}0ƿuWi\.2T#"uWYWu=<0!0էsvg2-AFqRJ;!\.q+S^ӳC|*vB;dzs%y+䎽F[1AGd}K{4L0N 38D֗?ضeI7rxxmZ9Os_]E@ Rx)ٵ^ZZƿp`y$x45A~Մ-NG cu<#%pf֙jI ߖY\ǰs[ݖq:Nm$2mE9Ц |}*kvr\*6otӁ =;W'Æ9K"ËFjƵ{B-oyIS#0%X~YHEѺwwGY qPx"@;]KE&LWzmwDZ-SX~PܫYbZH9nީ<fǒpCT7"mƒL '0UbF\hAi'%u؇)pmevl?Vf{DܛrXi!M 'JDA:Ÿcg|5%<{' -,ͪƐbjj嬞təpހL|p2[!~:!# JT(zU;!ؽ9Dkz [Bk!g!N);HK-]m^oc 6&xd~pmR  8 KN"dҌ`5QWI*וgMXBŃ0Q4^e+綑x^:IRoc!9:-Q43:I6]`ȊA怊a0 77S[hwۃBu+KeN;D/iǩ/-:L皤|J'|>H TE[H?_\wwd:)&׏Z˃.Ҋɻ:>>*l^۱ST]}_ɖ:mJRi]G"K4z7YV8R+@ I@%~[`9l@jf.D\-X#/6 _N֌Յ?] "o4pRU}?ddȴL,^Bw&d/$˒,el`ooTLĪDfXŚզOi ha3 .LIPO'6)yBY R\])K7)w(K:Ij.d82Ca+,˰xxv9]w:(P=8/_< c>,"O {S.ܹbYpre_0H{tNn_@Vzaà|EDZme_8sFv4z-zgXyrRO&O!,wYV.'⪘uiy~neAuٗw}j:v䩋/Olj2¬EnSYSl_6}BQњh AH,`:1ly#խn>TTq|K1twXw`SyӌX N˥_ C#t~TdGb\>6ٲ@41NR`t7=EI.3폶CmPum=/F}Reuޤ9R__$fM"z`QښDkض͊l"|.?0. "gJӳÔJzT2(K:MU ?'L_ajY/cfC 6rpioK$1RZiFvٍ:o qa=-yMp?FtBIc>G˥`V*0KsIi:eJ*) '!=߯!f8pѰG| J$8K3_0mtlBa;~3&;3*U =@{,Ę(Z*EVy*܎9=FrDV0! 8߰> }Q:n7-Vve_2RD8,Ŗ'.ZYaҒ"#">~>v1}Ji46 cS&d?+(@?Z<-ʄ\@(U5'4J{B ζ<{RY±Γ'׽Ӂ2;JbWO$@,\6yuU Ml*jءyI 4gi[aT錉 CB%rhi+`$q5ra[s,!-,>@=]#wʈ?U#vrFMi"0Uו (Vh.7iӞ[s Z_qu&Ձ \9ߓS{_'2~r*l\t+^u&O~TJQ,um@TaMrf:PB&$iJhBa,mBP~IGfgSA+t!&MRP5* J"&] Ra[W#W?PO^Lll<(QetWkZl[f_r+ŖnlGn Gw{CC!~h~Ԓ9K,!lP͘v=d6W!`dR.PJc6^@YB}:߲@ˏpʫ)g21S&ڪ 49H6%-j筛*e#B+`}r٥v@.1nl~!i tP< WDt]&8P7W{cAP>ŖTv?ӎu$(J`~)"sȢI ׏c)dƢc.gMf%@>.;P6 lIvE1{c_kr.dڷ}3syS^9yaj}D zJ>).S>LCDLT@*5m"K#UɫqSK %yҢkesxAO7AGH5'ӊÐө/ oPיҶdӁf9~ Sb3DʨHSlX3l׿gdo;[o pvW"_48Y6ԕ\V90TH =ȝK[ =L-JZx.:'Uk8, ʪrSh6 `HUGvwpk㔘\- b'wa,hwp :l=4` E↏2}80%j9fpG9WK ǥU^~ yòQ N7ߞ0Cihr5wݳEq롹'>q&֠@ְR7-4 ~eQ1*gJ? 42 ͟J^^q5L^_BJTO4a"&[bWpĆVԥ?l.xSԖ;;ϬŧHv2i3aey^ 2}Y*pB{൷ YUxG 3c xDɆtA)篋cBWWůOW*x[H\ňJ02C9-~s!o]lѷQC&k!dA^3;=: 6F[}G}qă`GL U OSbvAI3jr`2MQW&Bx9Q2|RKnѠݷs2 GB8ި6 RqCG"g y 晴WO60okwH9H Z6Bs#1 CȚꄛ.nǥіD\$#zqfX'~;$WP ]z3AYcཱིZ&r7uo J@h(Kn Zji˙ET([A OJ3lF 6BʇȸdmF$<7d qʍg8(Pk`'D"yWrwR^VD 7#_,,L IMIpO8?NgHs扜mV ;T"ȋ&G_Z}i>{_9o 8͐'una!g'8~p A%4܅P(\]+P CpQ6yz9E9tRxh1Ѫf')t<pǁK`6DE'1ۇqFVJC@0 ea4{'V)cqPK_eTe<(Iո p%XrDm@Jq{.ď_;^ ~NHRty<ϸ JNKP0%J |buq4l+ OkO*el~Q0ķ8Z"EY96En67 4x+ n0>d;GyؽТ||3.[hO2_=,΋ߓ_Ob}f_^8d8-9dcO Y Rt4;GB6L[?$itCxвJadvHc`3]i@}~(gs۟^ Y#s|kWb Y7מu{bTDRYw$+$WWYfr~̻$&^g-;*1R h2_s,\BTrVx֜VbT.<{JV[^) 5 zaSصEHv-n><=ӘTxO涌> wRRYB͢A |ZTg0q氆X(Zd+ ˅&A f^> WI+_lɣgVɘ z50w5]gQtxbj$HM-ʗ q^H7Fdhk{y\ d2rm5e3.hF6D" O ۸Ky)Ele *S/=ms