sssd-ldap-2.5.2-2.el8 >  A aQU]UhL<"6lYYna-/Y#Hfx &鈴߶H&4{Ź*ySilBjVĽGʉ8(&(j1R#~Wxfm?>h Îzth<kw0D;:P$&r(Qh Hʄ)/MA4-wZO🕰x(2ԃz\K# 5 ;hEtSC]#U=$Ims~dE0N#(]N>y-7cD(O8FĊV^UnBbEa?YS{M,q(IJu&VMM`ZN[JyHLwEA-)(Ztx[Cb(e}VH.njբwQe^1xWJַ3pdC³/p?1yRD\쿞y } FQo#cxx ק LdU0%ǍR8z4addc8d8a110c472cf06adae6ddc0851a801b8d1ab5e516deb7c7b7ff02dd3b1a7e22de406796c0d40ba53f0ff2b84b73762f9e3)aQU]BbTsXT`zz1}""!I75%SΕ/DP=#=˜Uƚ {l6G귕yGh`9XiW5VdE[{nAL@}zX2|kΓ7#+< "GJ% #bK~Q tYj ڗAl$pQ=?DQN&69ka"E E80碶жY2Vjg}/3hϖTgWn:$ۋ `O٥ d,MyX[#~Pϫ}k^BonN{Gz݀]3چwA!v`TmU46+,%W}{!-ҩ:U:p8xJQDh&uXAhdxsXW]R?PhT,/IJZVH3&R7H$\ɨ.Mk{Fg46̩CnDa)Hzh1{G,%>p?l?kd   6  <BL     : // ^/   ( 8 9`:aGdHdIdXeYe \e<]et^fm bgDdhpehufhxlhzthuhviwjxjyk(kkkkCsssd-ldap2.5.22.el8The LDAP back end of the SSSDProvides the LDAP back end that the SSSD can utilize to fetch identity data from and authenticate against an LDAP server.a6aarch64-02.mbox.centos.orgCentOSCentOSGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxaarch64)KE\=4A UAAA큤a a a aa `aaaaaaaadbeca08ed4efba02b0f58a7a63ef1135cbf9d52700c0fbc0e7bbbfabf3b472da8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903167c72e1702ad50f4b0163dd84f77e116d4477d4608a76306f512907da5f8ac98b1b63e8acb53b7dce1980df81ecf425a42b1302ad4680706ea55b90769e4e2afb6657f513dfe8237d41e95e0b9115577ce445c58b9db797f71ab8b79be0480349589b5a6168c47986e7e3e733cd8f4c926717a29a5d0fd0c1eaa8b4b03f56f7e7d92b0e5d4ba2cb5cf6b9678c701e284eb4e2d06a5e98f459637e3a2a3910290f111d104812f6531c11883cb9cdbfe20e787225922334add87b923e60fb4e4f66e569648af2853b52b6132af58deee6b410ac5ba182abedd6a39b835910082812aa5843842ba75d1f169c48e6b9732b961bb3b94c1f986aef313393e808eec1../../../../usr/lib64/sssd/libsss_ldap.sorootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.5.2-2.el8.src.rpmlibsss_ldap.so()(64bit)sssd-ldapsssd-ldap(aarch-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @ld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libcollection.so.4()(64bit)libcom_err.so.2()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.5()(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.2()(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_certmaplibsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-commonsssd-krb5-common2.5.2-2.el82.5.2-2.el83.0.4-14.6.0-14.0-15.2-12.5.2-2.el82.5.2-2.el8sssd1.10.0-8.beta24.14.3a@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code) esessvsvukuk2.5.2-2.el82.5.2-2.el8 .build-id97d867529af70ed6937849bc62e09b5339685502libsss_ldap.sosssd-ldapCOPYINGsssd-ldap-attributes.5.gzsssd-ldap.5.gzsssd-ldap-attributes.5.gzsssd-ldap.5.gzsssd-ldap-attributes.5.gzsssd-ldap.5.gzsssd-ldap-attributes.5.gzsssd-ldap.5.gz/usr/lib//usr/lib/.build-id//usr/lib/.build-id/97//usr/lib64/sssd//usr/share/licenses//usr/share/licenses/sssd-ldap//usr/share/man/es/man5//usr/share/man/man5//usr/share/man/sv/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnudirectoryELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=97d867529af70ed6937849bc62e09b5339685502, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)(PR$R'RRR RRRRRR RR RR!RRRRRR%R RR RRRRRRRR&R#R RR"RRR+utf-8ff4d899b8b46f380d543b799868dbd477cc547743a9ad31ab9304b00eb73eefa?7zXZ !#,9] b2u jӫ`(y-o OBiTʝE(07 RY8"P,͉ "ኺ1c#{JןĘPAKzS N3FA< OB[KkWG-+ V~&a}J b##+7R.k7*6o+m6}a]!F)"ٸ'ȋ̬̕sHU?g`ީ8 4 3nY|)j[Hz9$к72`D<9RgAY5 2QL2,Y\f$`0ybǁ{%"{ti#}{xH1G i"%6fӂBK$}Pb%DEk Lx#pvshY?v,K}/Sd{CdNuN fM̫(=}qjֲq.3AtBjq$"?\ǡQUB>Ed{SVfePno9˸$8MQA{>LfaOC("CpurSO1XҲ^zzZ>6QN 8&utM/QL@.l/e|.bnua, 9M Hj$nYq~Q[i#;3nޥB(NxBl쟣A%> %&4x {6`н9D~w,ۜ|V?dFc:䜉dLʧW:(ItZFbw,PߨnHXB4Ԕlt W{ⰸo6Ư!eÇ?E'YQK|N!vIΐckRm|q#e0cŒi]p}o3WϷU_i1%\RJI*X8_~w;& s/t0"49֞,cwc/T?E@.fu'WCqȕmzQeUV|r=vU,gnn_-ao|ј5E.Dz5I\eɜ>uVnb<EHOI9)R@ Ӭ \Q-~{>i4،]歠_jQ7Tf ɀ;]fߴxvR艶ZFTkl_ԫ3/`=TLjVZeGjf:R Q,]V/b9.I2&fOp.>5Z*`Li=@)=^ޭ;$X|aAhJCH˖eJDU֐>[jނ9 HN35F!@/X06gg}6J5w辵d/6GA Vfe[)/I4Ajvоy铘IrQ.ϯR4rfC:YSMk<:EI3W~÷Jn-7+lJQ 2,Tjk#k1v:yZ 򯚽NiDZL.r0P^:(1eOs"xY^Mĸ6iQeI/ݙ# iGUt-iXT*֢UEk8MT7rٴ@q8UTm0:QM}Jh&!zhS:LO[wDOGwkD'r_4l!^]rY7x~~60SIJu9Ēj[S  ;&=5 Ԟ/0UMߨ䄽qnSӬU  UYc y@6*r\wz:pW6 &Tq2 '3(Ҕ"~,qYv5N-|$[٦V'@OnS}<٦p3dH. dDVjVI kXXņt3N7,S2u؆20nc$J{O0u):Lߚ1kCƣS9v64=c^JaըWHQWCɱD%Ao5Pewj)^&9Ud+kIL;PZ(ScGcc!FlpyC6~ ':)⃋mq[}p'8h{2vK]`F/o`i6| 郒>y 6uGwGu@_# ۊaw0r3uw2lcÓQo_<@~]g 4[RI_fH G:ڑUN[zr=KXj@yٮ^65>d2Bƈ"j_Kzdܰ&8/}C uVqOӪ>( ]4so zGiխ]w$[sy8Q4 fO5@_RwSN$'4sQdLSP|~?x1U#+g3UxW`}eDoÖ~i׿R .يyT:`DV]*]xG1Yf] L sZ+hZ ʄ ?ēFfCUo2W'F#} /ܷ?>oG9' S.xƑ@F1rE`YlHbϛ3*$B;F*a$0K<.B0# x;1gws7';{! fx b,@-wwH_ɶ{((P#*'6TVq2..]aKr"`}t\Ro9TIGe7zk&I7*FT".r1$;Kt5 dF.8/kQg+.s}%x4.^NGH/ۅZsGVߋ.R8YC_9$3çGaNBIр3H.c9eǬ)E#r> 8rⷫWvp"&9CґnY xO-:~\uk1n5av4 j EMڬU6j7@uT~rqL855 kdܫ) eJ&-&-<*mPҳXq#bVt58T` y[R+>Pkͻl:D;!Z&sEpXkb XFY/sF4uǪ\G1 JKk@}0d1>~s!xRn1F3(ʤz [ly/W-d+|_c! }6M~%p,֝97.܃R]X(W}!uk*:hXj.\uɳ]n7%I-B:qt,"v#=$B,B=TkV}=oIʬvnsGZSKR }x%*wuA"~g\9EYeRr_6Pal9$%:TJ:"#7=WsЋ?\1gجc}j;݆_ΞIJDMscpvbz *c$ U`>*x)3PW$oC9L$#(wW ȶcFDuR#ië:вeݭf?z{7ʢXpB XbjXw-y2O4gG!,+*S-#@*2MPk}D`a&ѓ8ݧwiH e UόXYьŧBwWcXQU4-]Щ5_]gx=˝9-TWbClW6)w #f7U-;üeamGw萒uzUbfQ{o*ID!|ajI(~Mfփ|~D = :/ :Gyͅ?+c|5DXA>G#3Egn5* -qÂ7@,MZ]6Af˒"y# %Pҿ'yzJwA<-pFQdK|i6d=>)iN$s 7}-R"sy(3E e!3I'`C ފQJԟCe!B5铗YhKpOEJ%hzyrIP¹dJ7FYY5llHU|u8?ҙpTXf1'ϯ?poƱ{^ѝcEIzNM%hlW4&JmiPc!+h0kti= zs_nHZ5 I[Gxl,a*Q׼hɡY\RL\Qq 5/Ќ%? p"rf#wZ(E=T8:7R{Իe E\Qw%p =pdlTTvg+iKPpR$B1#[otGUu1SZO)xC]OduAMiHiżs8J9xnTS UBL-85VauA&$RkU$\Cj`Biae; V;6mJg_wijkC>jQ)Pe"olg?k@rJ~*iSNfdh2sTEVv% jIYbBZ}+z@iRJC!N%#| *V#^M*r>m (w0~c G!6 ?Tl8GV=uk7?.GSzEIEzCo'8NL7^|1y3md_wUmɟ.2wPJ.;\1=c7s9N?Neeg3oEl}MN x"pA,S@)`U,uoM?@2b;zTa~nòFܾ?zePc)_ueONX6\i=ht$F+5J!Ҳ|2T3.;?7ůu3Gt֫GacipRޅ +iO˒ߐ 3s;j)tCozXx%1,5wvm܁Fu纄Gntxl"x'W½fbZ}+Ly* *`ؼvȧ  vn9^4obK@82._ѫ Ŷ: $M^A>'Ɣ}2ߵz+PDM֔>@i283$c9Ӊ.S#|w7Ep]Lk1̬ qs 2F w4Roapo{g!Big1r!sqo,{74]2:aBnU&["2x`(9-?"X-$= Vyt0a = 9͌ 夞xPd+\aoS),#\W'l/'},H)/I,6`L&0iMWb >+ěIг J\a56+9L=^J 砳.sd kQ7OJ`zו "Π(gqn?h9J=بIJ|Ԫ0O{JM7!"R):tNdǦt7!QPGMZ(^lNXy\5p}sh jK 0KJ(0I,`tbc ӗcNjV\kDߚp>[W`@?`@58'L_m ߪc"=bB@ JF;;a%xSCeQ;\귱%_wmzƬ[{ njl0%Lak»)4\2ANU^#â5-(+ƛ#Ic5cC,srk  grW7.9,/&XZS%z~db8h?792.嗖K*iWhEm=Δ:4]C8"QtW}~Y#=4JU@\tZ+z1ޛ!#cN+DhM'P(5T/A‹65aՋ` -#rp?v7϶P)$ M2UؐmS^gp N,3s0]zԿn5]hL!ۭB18MU&<_cǷXd-NI20@ yp= U~o-]Z,ﳮJg0"iyN>\v'gEt#ґ`;׊hNkr\?RT4xz0\9Vt^+/ɰbEQ ]L3j;%8cC0NbA4Ǥڽ߽Ё.g*$t*L, BS*as%/+lj9kGz4&\gYg_+GQqtD%mf?W #F?P1w= ' ^|pSWHAcOD_Sbԕ.}ZStD:f*609K4+1&J.cfcd W0%H=Ub7@ :7;nd9ulhWf2Qsq['b6 >7HiK=8&:ΛiKIkd燎۟xJYd:UO+0JP'P~T>p>j:y+Nq߳Ra]4oX-`AX 4\0{-s`N0$0W,"VӮzvh!Qcq\w,KrnrhQݱܕrg`͏:E/"PZ tĖjc%`q!yV7<-zR(ĖODB5|lP`A&{]oKW#:ԠB{2 RxGAK5*\[=Ҫ'2DؼǷf2F|p`pq t*s ^NĦy+5= PWD烰ȟ3G%J?m9 d6mnU_}SDDž_hxN #[Wz }nG<%( à"bkkZ^7)Rj*9SWőwPKg!#$wm׫6b.Pθo$VN|n8JT7Z?wof8 z4:#}Mf^ptB{ql0[bֲ;`%*3Olrryw\nJL4; !ڞ{kN,d(M[*.&ebh<{g֠Mq,K@̈b:cjiZoX%X[0 /|4 ~$S V5.DxJ :ݭ2A [B+3}=aFmd}̓R|s#+Z3 _0emXr;Ag5-ye89bRH͹20JO}0jeZb?bv;@WpoK$AB(o=#~Y4Uӛ"bxAS4]r ;5$4$LO'.L~۴ "Ѹ;PdgkfܾG(jPȟ^Z!!whpla[ʝ@hݛKʙL!}\~.l+pbZ4&b1%_}N[';D1 j .et>#yot8TVcB:'yhk[h9"fo&&wTAV zFp2^KPꁅ2ȓE962:><-ewtr)Dr$ LZKjF(]} PVtc } 3]Ӓ(K4.QgG/|1M8M {c|z+=4>ْZ/E˜aLIcV7Uf(IRslU _qZ $zӐw&KJ*;~m8aژ|K?6ִ62+ ,IfڥB '۷[-+ Q"$,&d~k*xM9PP>bQ/rbA!r>,Uia nmW-^D{KrvFT~҅/3=Ҍ\A o9)ϊ%{1?"vRu3 =9=f&QEs@+Ԥo&m0 D@tTV2mtJ/8:rsCZxzg5[SM& kɾ%Oj:|覧-&86P Bcxs`.@͐\ޑ.{?%>-ʭ!jgN 7 ߭b@=Yz|p𾠥BTxoL &u2U$˖qS[5 d6HW o{yW_<#gvCadx0̙%O guh|)v!,bU/KdwKw伖_4$@@Phq#>@ =>lMES{ &7qDrVl,_{"o_&@|MZO@_s57MahWB0uH1Чb "Ls^f:[]\TyoTn{.D|WVL^,Jtc[Lx9,8S-ƚJsy@.~M0ANERR1 UQKiQN[ā/ .T0(AZ.)PISr"J:5O6 Z/Xt6IxQo%1-i %+oʐK@Dy‰?e:V`ת`tZ%g b&E]n8(e(0jfL$-`+ݨiAnQVHXAW?lʔUsUv\Se^<8RV* 2% 0Y`#KNV#KOE<@?s[>v,;UR`e48" $2}TA [p* Y#|~~O,V{hd|4-)!pw?m_v .ULoE-ˋiJE:Ku*Mqe+ѓx'\'p*yC63M QG-W;X 8,"}V*(7@((vL$ gcr94\JcVaar:SV-ʆO>\8-+ }2vR2͞1R=arglr U.Ƭ]N7n drolߘױAfF8L7Up#ȶL28P&xJsC4ni\ge`m]KMPdpƆ }[͆G6- "6O` "LXڕ#Q* ˨OXF#(H-;@ (: sdyfvzT~Sn]*̕J.5}w|V <ՃBQtu;[e9"גI[_Z?}cn6cPwd a[R3 c!* h/Cd&*nJEBR"X.xB)(lU+, { wvUbw36`k ixˑX V0ո0JW(Ћ^{Mg2 P`?ilTUQtYk#L5:V,eMHxT5ZnY Hlߍ;~Q|"D2:}ds=d= yY]/]\snJ+ݶ ȻdVbM)Xݡp}P e3iHN07nW蟑q}[K[R$vi3'FQ1+udɖ3-x]2VCsF89VJ˽73ЇC]Bru0U&wwe\Lclͪۑ~ג}@cN^HZ_Τ8r{+׽CnSc)%Dc1d0LpNߙbso#KuUR@c-~qd=73Q2ĔY`)"9[p~ |vG>0#-I9q1bzgt4-$’}Z8_pħm*ԓ]ݘӌDWt]˅o[  Z]'4)6~nZ,?Qw El /HK;(փ0˝<_خM z0pܾATnfpN^oDnu"i~ t⳨@PAWJ#%1 ztr6qR1|W޲D[ 7W' G "LIOYH\eG~#"or<1`i:w7WoT0Y4p7K_A7X;"R>` X("OԵg-rcK[@5$NjJ2PJXB] QDG?Gi?mS;xs@qv5hn,,:S`_~1En<^ j(D'R!PlPO^p ]=iMriZhʣ,}LUo }8QwsyroNhh\ܬIyuh֐2+ k,<vw d(p=l*%zO@c䩓jۣ Vt q&kI5 s±Ft$='BJlCl`|svVrJ4RzDs/=8 ʓ4Cz54Ш1.y6͑L$7uE=I% j| G%(xM, m(Y-a" jӑK 9fZmi" ŤY~x9D:d|ae4[˨;Nd/qP[nè05{%c`S1烅ɝp~̾^|c!}s?uָ ?0=+ZFf?6cdzY]T)6e՚t-˂niLA#J'-xߚ=;2R-M^p&_k߇}g+P7:S 6KlQEMBAϓ[vt&ōo? S*#i ;vhjbbijtuzwc/ܟ 5-n/aҾUa桖4Kd`$1!|Ҷ69er+bV#M}7Vc;ft)'"9.Wyt7V߬iNmy/BŢ6o1ֵg'~BN9饷< MUq:naT' !賑LsSHq; _ْ\9|Idy- ԑEt=Bkmu.W:mw$(gpX@n͕-Pq:| a֐Z<2`vЧz2k; kd-W]8X>VEXZ @!ImDoׄNS]!U^`o ܢہz2ۀ {y2@G#ݛ#xw#ry|["%NVFHM{?^xx|pٲ-fxUn"YЊ=$[t#m=x@Q$=r|<}~@5uE Vtݪ,}f*'R;@]*X];Rv=r|Xa}эE3'^r#!\§i*s"W(r3v\$z 3C]ƞS%*d`v7Я&SrF--?pi㲼0,kHB"Ր.el= 2u=V5P֫C֔đC(Xv8lbċ{zo@ᄞ1v1R|+O8 -CAJ٪ {:^UL[Nx KbwV"ңZqɄjaJ&1(-"E+uS\HF(MV'ZbjM@5lFC &Xxǚ.qn,'p% Оvvw|r%jDJ_;/o+ wᢠ0+X×J:191˴`c77Ql_&JIьYl4Z}`8 LHG(,4?`CH`yZpۖdzwA~M} iSklL[3Uwh)C)1\ )mg"/}S0!Nv} huUXlr[A_./L; 'oDxr ^pi4Q&[r=TnZLL B^zDȷF Nu?¦RA!̽atQVq]bI| 6@鈙1uvqžmӬep gM#|\B}㜩"1MΗ*1^3lAe}.`2`eNXsHBfC?= #0 --]yYO P5ZHf_jd]H4š|RB\Ko2-uy-E[|X_b\0bM{݋Nz[~ؿlYa RFmk)Rv2Jl/^i"ϩ!Q=FW#TW#@!#\(:Np8)}HPhbڝ"tާZ:k՚L5mn-œOdB 72 yY4P;YP%h1̗zlǘПOr0~",k e| l~uJ2(+0 QY6k d"[fJdRS.qeQɦϿƂZs29֗ضPhQu+~mI_8ܾ$s.qviYqn:$@^$8N/ښք4BlJg, )2w%p+:B HH6~<9u%TEЗ_,AMFcD߹S~r4Rh"#V-FƁ͝CuXR9F_z-zV.|z'2,G;Œe1ggKz+#"֍=rW 8B )Օ ;KTSqB8DPku;BN)F=.3bMc؊,\!1&d1BU+5tLۺxO$PhAcq~sBw)$ A GD[.P0fPJ0%7ݷO^ =PKqyџ\ I vN8?AgǛu][.\q1~:_3s@bFE{QU^^.@6B m؏J]8U\Jcf-8g%<숿>"}CkԀ5-©Ɂ٬ajB"w!beX!lԃ1@XKp{kQ/.䅘k&aaƸe˙ ;(jw_BF"] v& .ɼ+#[y;dN+ wxx=T4 3 R %VSUޢJ~Ix}:(81fC cU5]B_nUTK(Ce 9@ _e7\IYҁh2@X{=T` $d&àټTv=;!Z ԏtɁVV؞ßY8S#/[W~L[ M[^\úhKrRXϩPw:N 1o GpzieTf^4P\4>Pa^ȅofkېe*.&V8<bZ~Z׎ao랾31ԽAչGbʟ#U[SRҦהjgN`;O;!ϟ`dx|w*M5%ð_L9X8פ9 Z[~=GU|VQ|ߓyB9C^,Q;iHNROr,k̴gU5z"art:H$Տ5絃r bVГ`M'-{yQxKf5~ 䒚f2%U# Usަy7.ȼԺZHHZ{A_9uΧ\0>bFX:/ 6+u+"Qj'cDa@m9V}kcyE۽Am8<֑בd+Y_;;%#l47 ܚ(Ghːd*OC%ZmØyRuoqG"UXC?t0R7ɳ+1X dsL[:|2$)ڎ~CQ(j\TÿdDn aumQSN QubM^CwPQezԬߴ 90.dV*57̵1ّNˣ148HnNכ|:LidaU?,鏡Qǡ\rfXǑlK㫨Dͩ8Kgؿ "I%p1h[nasO'GvpNŷ+w!M}T؅Y2goɖ8 KJ؟yX ~g [z8 nA>H(tc;[-FN);D0XY[1pHos 2Lyu,FejVüF*\Um#Ld\VG{_Se|7,$7MqnkGsa5$%"fwlBmZ՞CZP}9'g1cB;UtE9^UXv㥖 pׄ9KB5(4)L6wЊM3; Q,n3ël& kMi痓+!ǝ5 Ԟ)1 &Aim벡X1kj@.Ǫ-[>9( aD&SY$wf2tux=BqpjyE3@q>kLv]0kF Sqhn4  Dj[eEpռ]+h۸ii>Fq{K,@~f!/9`A 6cU{F3ҟ*h*̅ mm8FOU倻J6c.$%~%>>k)"6mQo]. YOKjqPƵwєAE(SpP~vmS62V{*mf鳻Ј`n BRISDQ.dߧTw6|}SFB?T\\CJjGӕ" p)/H٪  h +Ju*>!l]>T4V.Xh7SCc#Y"?PzlCY7[QpchԸdGd1u]_frRi%ïG3;<<AV9x6PMn})a֞lP\T) 7G>͸g$t>jgLXoFv ;'m!BnkD~ϰ~蔜4d8'B] 閣id\n/m,aGë0epßu6QÝ Sw0/%qaaHVXB -h`"˙l`o,5\8>JS$ òKiu ||}EO0^H1/HKZȷ)UCVCH.aYK*㕘Yw=C8ƾg _!Y@> D>8Y ,&j؇t9 Aw=Y@-ꃹa~3zlZA˝A6բ齰y2H5#-7!$RVZ/FVh*18p< U9o1[bTCR׾HX>+߄ HVHLIm\LlҹG-,SiG*lQد~;ynCb{61xN#nI]rY# =6ΖbLCދBWa>Z^F k]7A\̚=?(Vu>K[^)<"ScBK'ϡt4ϥZZu Q˄LWg}YRHJCOrU5Eb'PSgܷ(U-*m op!)R5 r7Kӫe'_f^ɇ9sdl0>櫦"E/E2JZ3˫-濡݌c'=.r9ڠ/L_#eϪRH0k!| _s}Ǐe]K:졹b{lVG%Biĸy,$\ 'W=m&Z۲~^VG68J.KrbN|PCԳ0RGÒѢy/J4E:%=)-/ZL`:A)|ۖllY4Z ȃ̅M$H_*42YOl o6 :^ZEfL&U9*5SXP.V!A8'ڢ%3WA:q1@պ.7*`;P]E>^왾M3b)BJsCM>: lrW;YOŎR "@wܵgټn:r̔%3pz'@IͳlWFNQ {6,1ӊ4!e-]O^ht'yF w&5@/#?HJf ˛D_}͔&v^K0/٣z_U ؏^$d6"9/f072Kb]ז ZmWXheD'JΒMW9qEi{X fRyf \1C8޹_8@_DԤ`7]hviFp\"Ѻt`IV l>^NÔ{JfG s- $>P;I׏ҩxeRJ{/J[θR`F]7\1jmoFi~GGmĨ!c&g0 s j$QcafujLF+VSYTȖh|=%$B-4˝hD1M*5$;['1ưUL;>Ѭna'@*4fr!~*Z g*`@ZBLoWRJnsc:ͩsw°ND{_npT GQQ\_t>D|%%.oCE=U fD"N]" Q{X)nD DtfIRƮld=1,X K #9V_ ¤V֚®&)a[(St0 ٤94W^I3i%p0̴CdZx:!t+H*tW,d~Gȁ"`."bU}zw{"77;(M4KjI H ?}W$<Vmc+aV Eg ;:}25 J\(p2A증H3]I̵ׂV2(+2}\TV( g}X\Mi26LE 4Psay tCZƿ܉A?Jk\Z,O:Li-r,@'$Q$o٧%V1h,/TN>2hizN=Ӱ}f` 1.=^&?T~K]Tϒuy^TLsvpy{uJa#o|4ž?{{:eVmώTf)gQ%LWvB$ @58q}rātdi7NSES \wYy2r4 sDӲSqDUsv30.mUlI!OWRlN އڍzv<@~Ǥ^{wM-0%öKpp7U#e~d;㲼ŕzdN1 u˴w]RDGE[[tSc >U.k\;j: ơV`7%Aa_ns;ؘ-zhn,Q-%M«6pGGm/dMě5̢9f9~_UㆣkVᩮ}VNm;  Q]3YYV4bG3"YGM;q<0{ 0GH-H[WzXyL|bv'Alt$ßLp@?^XCHAXÈK9d o>zHD;SkLw[mnLsk꿳|9A÷7}ȑ*U 3faDjpYDd!e"+hx4hP$zr1H:e %AS;Tup{''(w iذ)Gn~¦CDq~LJ8H&cBĩ[6&NcQ1/'T+<3-M;>1 sj3Ω$<Ӌ f䆪,jؚW7(Ԃ{4* GbZn-z͙N&oƅ"Ar,אՉD[>@#tZ[H8<#XlM ^.ss##|y86ĉՒDi&W"<tɬiA(\I>7v> uKf v WSS@V_YeM"k|s ւJ!1TE)$ z2B#%v|cgܛk w2}$W! f>~ݎWBu7rv+l :_>֍P7VZGLu86!܂hGqg+f`ޢcI]9۞yQn9QZ*o~(;P%(3_/ęMRl|mPD{Z)㇩Oth;7zW݄[F'd|˯>oaNAӝ{5&^+ ĒblgߞtV\ tJ/3Bi:Wza d,<&/vw7eT:TnX̥Vo=.-`ԗ"}1;-Ù/ YO4@btE[0q'2\=Hά3]><#->V(\ߘg;vfDM,bg::ሶ'";*= 9M1\MGߏrjEt(,\_3 IqJ2GqqShzGM<_MtFJZX`NZEɤü9nb-8ˊ?:YaC+bwY[zsx*HueNEZ^:+jq1@5"c.݂ӦS~"s]*Լ-F7o! [/Izv_?^Q(֡@^E !hp,63zmJ8]- eHݩ/ߑ6uCy ]jѮh"gڣ c #+)yJb՘R'͉4+Ip8/{,i ~OnјA%+a8d۽uV17T=j_^<`>[6h5 NvHH`_y-_2xb/jEމbUՙaiĞRx 1i(eM;U)aLfbo@f*x2_G5c6\@ۼBkp l~COfc8-g ,;:PNL,262Wߖ AV6wVc(L9|[0&d[l`lRe;KRh!")Caƕ-wӄNbf-In,*O:!{_U0W,j֕x8\ꜘzҔ?Ec"r>8*$7|zXsb s/EЦڜ=9K%{Hȡm>Hn;S̅ ihu^FeN+rT-(JgۘP KPH' Qǩڤx֬fRNuER^˽@e%;,-}g!!z?C(\'fAW$mCu\m0wfaBUa'(3{ Iu|Νs[THNc+_2'> 8wQn8>6lR Rx~T7}H }ʻe){ n~ 4>gY߾h*MCKeHm@lpP9Kv3q{hQYC샨<š:e W8C=j7Y wtb3%hv`!9Ǽ>ykbJɷ47MO?^%8 H/4l[?CEޙ0i*w0_Wl})旁E̶q !-؜3TրrGr2#(xH&,S0)q_@|ݩ:W)KoUUU(UC_?2'nz"=t ?5bqBto[IX ^Spf)Y0(E4kux Љ^D/Y ,>Fqv>$&]t-EU)< ڽ"VPGuOFӦ)~A#ؔKSBjOB[V'0Q{ܼ7. KK].h6Tfz=?}<)  6j˃2#,4h&f(~1믳}圯aÐ}PxZk]++ |2Nd>;̱h6׼s"S^Nm 0Y$]m-Ku-)z-oǬy G{$ڄvekЀI N6o [y_f9M5(1Ί֣xevN=g{&-O V+]qlƎHp24fN/QvJ1t5kO?7/8)/LVCg؇+ā iBg*):˹JϪv<? 9[{p?,Rug,>A}w;q-Fz~?ZpB㨲p>*( P6|mNrrbݭ(Y3_6 W{"ÒX{@@(=4p>XL}BZI`oOTr&7}HE]D(0χUadPuH:Ig?sv=(кOވʯ"]D`CFYs~`˲dwF.nddwOޥ=ZAT"15y;bXÅ!.M {@;tفY_K| /SSVoa炫e)!Ҝ/)8ÃiW&(Vx QsTE fI)G!S_Ս~i'S\ rD9[J_nuŠFg[*t> &-|SzUzp5V]3DTbJMZ+͙Z"MR/x*uUlj2H%"Afu$ Qo'_\΋&qh9PK~;"{ Jc8n}Ki~J^>,  ɇldu8~߇>e$\'A3*gQ6XCpɳ8.OEG/O% ZE(@!gf0ğ~Jh(Ew zŝ`3[LG;Z\tΑf5f6о=.&/(;&7$bEMRo+MDp?^l1zF2{((k|i jȰϿۄJ-b#:9>`_O*6r8fVeYavf*{;b"HaBO&1>uvֶ<:e&7@-킪6'\%1f&dM619>hA{;E-T %7u8ɣI)JmNHè#p 'YOGJ^mMAw DnRD-CK8*͗w%<֦- o_݊L=٩ h:^BBѬ.={!eұr2=U9醔!  ZnG z;?:6!;QQs6%$9!%Tzj;ja^~͘Lڑ]/ۢjJ(fW!wJ:쬱't+'{h@7g&jRjof C(ah;lt:rrҸ%tӞ_F TM4ya#%E `D0A|U7 i%ѻf2L;ʙ1E* p-~r"9k!4 ;2dڏIF0v1wt'Eه5:q:!ͬ^vi} ;jTqGX#Xͦ8r WX­k#>4ϓq!{+ ڱ8Xtp ԍ_PSFqM@Ĭ ИFq`zry+-X?T׬xej_eLyj̭k`6j{bZhkDzҙwؚWnڈ8ی6>݋%A7԰xWt#}k3i)Zá1.l SDiOux_lh Uה'7unSe6嬊mU(:CCKZA6`3/p`Xpz " bܹeit˫ #UyH-  2 撅3cۤ- wp ;/+w?YL!7b\i6*@{vw[(k tqZxm M eS Zvԃ*R`m⅞r]ٺ_snऄ%po[oqL4/R̪XӼוYk}kܝ,_e[<9;A0iI >f* Yv$9:b7рn(w< =f6lUEXEjyߕ@2SrKϕ5 THVPr%ψ-t6 %'.5AԑkV.uY{%HtBw8D\\hZ'h,BQE0&wp$$a $}$ $;l9^ika1 (0RZL{{ΗyaJa:!l{Ø0Lx\&)?gk-YgHI2> ncEc|DsƖ'FjH6[i*C&U~ ^ɀI`i?LXsR?/c?ȁ{=Vh0 n5xz+f~u?w %RBpy``l3EjB A% M[G[oh:qvq2Ɲ ^en3g"9wsW{ ˓?C7+6\r Z.|e|!Aб:$[hAm!.X җO՚'S9DQ 8gжSQT_XTxld ZhiQ̜ ÊExBW7\ rEnjmwgMl(eΧrxY-د->s!&b Y #幖5`*(fMO~яӸ{t:ݼh6qoq=Jmž +7_g*ޅfC j@lAs=;m9teê7DC: kޔ2<qJ>Q2/3vxBH|b9G)oQmCg̟:'Q4*4l4\^MA&PLI9we/rx雂ggxeH}43s,P4W)i@;3d$eniҍk.H=Pȃ{ndRh+ڥFF<FjxЏ8AѪa J.gYŸX=a{ >s4 C4s~I6aI >AXJ9DK;.IG LDPUa`hIc8J^1ʹLA/e>qi`ˇ5UKjJyF(SyuZ|)X$ܴo>rⳭ[9"}0=X=Hag: }ipV^Iph)뾹`L@.qd!37K!PLѠwc9-ˏ0i"hKƇj\a6=#Ѹlĕ*ӉGRh{,ˑbV` PM&x&&eC)oRO+rn.Cz ɯn| su?NOuJ"\nt2e9\ d%̃XA4E~pQ`8sm"dIBrpW|{&D@\Y /g<텖<%8Y,Y!zVU#eJ V8y iNFe~S@G$7wZsSZ]^YLˉ8 4FFiyUg FRbWtEZ*jG\PgJ+. LٖucQdOu'oW%`x% /qE;sH?`zW՝rψ*q̬5r3('(hM( vwgܾL®( ]/^Z!v#*>AVxpD#A~ob` ϽZpp 1+Yiߦ#]k2DbtSsb*Ib07,ṾZy6/oQja: WK_;xcO*Lm胔SeHE~OGsnF.욮I-Y|je?&m{̰R Eq@ Wc5Fo EEC"O` E;z&_v(+"Eͬis,0LT"XӚa%JC[0qmY>!~&c " ˕)Vpu(İxUF̏tG:VHEĨ#h8-sK`O &tRЁe,Np[Z>hB{we*q{mRu+bˠX}KN:kzhI$8MPőI~6М j# mefD fتmdžDai}۵8Hd~9*a rCQ3x.+=.h:p{jg<Ky ``8e,D=%A'iejJWrHbOEy7fG}ȾiVW몢C_p|/Ρ!26]W{k4YVTi# ـq .3KcV\GT%Zɏ!_AFڋ'=%k]- 6Z[IvO_ H 5Gp-`2,yYJp)4V)c/3 ER7W D /lF c a(r|T#v8fYj @Hu]1;*9nz[)RrM{XQT7Ohy@{nja&t 6YwҴu/s#dfOL$3!1m=8e@F:Z"GzRSR8/f_8C)ӜlI4533N ;[{cy̱Ed2]\DG7` /<Ɵ{Ƶt~~%͂ =rǣ"9fI#z~'pqڙ@O9|;ieDj=m_z:43sڙI$,[egL[xRޣ8SNB%XcVV]hyFr,pE.uD'?f9A)sxtǯ6_O?:o-0vn}w:fx|`Y X&G<' cЪ·^3K*F\s-Km"e  *NZU&MD6'sF& {5Jp5q_F%F[{i`hk+}UO=^Ra7bZAșى^+7ZL 'r S7 Ew&g-NFc OJV!: Y-~mLAٚG0J O ;mq"i87Z#{ t 5`%̘z`oK%Q >`&0MBi묢eQq*-'8XIdJ٠k.g4WG.*K=̾u7~_>fy3%ˬ7xq]pi'= PK`{hBkD9~lҕpO;p-k/%;},)T8SDwTM"RYP˜Hz&#U&_epnHLcH,$zjEeٲ@nЗ`鰕1PIG.^ɞ#JT7;#`4RhGu(^ڌ}x3ˣE kd5hQXq \43D4f$(c+ם=#5iuK[l3i ̢c*H9qk`>WP6uJE DcϨl%X[.2'bCFk~՜L S]td𕔷|9pDh? b 2moZ3KGqjԺq)~ =Ro>⸅ !NKFgYc oD[ڍݐiWq;Փo2 C;Rsm?F'a_HTm+.4bxF,A8H[(-:Aw1sMo"8QC/w]ή{@`QI$ݏE]qQI$ /vF6d<ăـh AɃ7A^+J`nc!T(ykݒ2fK01 m pOL'76ϐ{]>5rgWn u;EFuq8!7 69u/²^M(g"^ V$<&D{iV)s"hd)Wv_#͚Pf#b.U4m[`'/J1/[;h}L#RXKZnC8NCթ<#\;ŐΤ>P_@>9!%OrG9ZBQx3l%Pv |$yz*Iw˔!M D'>tvc|Z?"h-TS6v9YVt7+۬CQ^~nOMK际6E}?9áhF#[_p:S1?GdۥmX!h\}4cdk¶XPj^/sFץ4b9ZE|!(Ͻfi%E?73`d^,LKȵk!Y?vyҘ_$'UxjkL|g[|. p;X|=QQD}n%kЩ1Fwe\wݞpͬ!cjkk7oR$܍`nQ7,;E$QsbO[īɱFIzv-ժzq}1Č=<3,]`$,n/g,|K|U sPLJ~k_qVQ9)6T ;1DAeMWh3(ޚ@עו> VבT{k.JO܄5ZQmHy`w蔜ߞ&_#6Ji*^a|,-i'*U>VL5 FH8_bT[E^#_ a,yBsbWWMފ|Γx=k%VkRyz%)p7=I'["f k FdIwհ_]8דTݱ'@s?5>4CV+"ǜ9.2*UQQ3jUُ TBC:fG<^>1¨擄d +)6$syǃ>7{cΝusדRFAٝCjK>B n.qy}Y:}L6׉egO[Cs@,Њ(6h=`p(L~NȖT0BfzdMsQkG<n-6h-7R^aͪ*b:.GrK!v|ҋʅ; 6JvT&oOO"uZTĝ.YheݹN4դA!O=\Ok%;nz.ֿ}I5^./*4flNl_D~b@Y̬.8ְܺ*w8m8W*گ/&$jvyt5ԍȐ{IQicסY)],)F9xN6akSp*['Α]=1`q`ʜ_j1NZ&x2/8Rٍk`q=,( 1^#Ea+g :5 (;a`7k47A*j:W/{T"(B[&1]  u? 2Wvf=fOH9B_g؄(x#s0kKUbYeR`vL$˟_^g>Pwp *Q=)O0V׮oR:j~%ݬZ-> ڈta{3?n^J!q7tm~{s<Ai3(e.J3j:aMU=DH$ȺL1%'#rw):njz ÀOz<0 ԰3(uFC{{NkSPtVYp'oX %oL}f~xtOrqT֜77hE O+#b=(/~$N0sPG'/eBo l5Ϙ۽,יEM&2bΎ [t+Yfc~YDsH(gO 5e1ldr,Uzb1ezUۡW}ML+i\(8I,(OnԂCdzաE3c S a@!pa /#_È{,sET^ȵ)6S)6#G3hKV1 H 38vXsJPVGD`gLFV\c<Syu!B{ ! 6rѣ:bmt]De 嶰JRKFU>5~8r;\{%1$d%nS >sKX~xU?yayO[Ek %k ȘeF[w!tbh)Ϸh QG:)'mu}B ";#]#qƚBD)2gYb,hm坬udʁNW@ZJvYNXZ-+2ÄF"~,n]Ke+B9!UTUL aMU]G$imNTk^iT1Kh_+"zxRݒ(Ykq Z.@ ہq)[k ϙnč^$pRanvbvu:}-]˥Hhkh-S a5 p"ʪj@~r[OTl+zB:u5ױꃽUZ f2X5O#!=`'}=]WϷSs?&N%n^[=y.l@_Ɉ:_ߔJQy]}\E6C^Uw[}AI^\s-WyCP_:ЍGFr=|}UMgɎ.^,׫B?U 2aIV0p@ ĕwr,EqS<2}m!e- 4~qBV&e龮`F:"P.ze}P#.=ʧCmU^CbjUJn:G>O(jv.(w:dm r4}jm3xyh&vO6 |FUnGvMddYaslIF,xO7ӄ9Y-;v__&5T7Gt%?I'Ί:i!~7(l1өB+u&Z w+~Js>2`KUB旔|`dHDHKp6 ),8d:A<NrS\.R4X;Qn3.Flz Gedk۬;.ѝ֬_n_oLq?ב9d7$:̆j_P4B,b.~ ?#Q@+A$ ZG {UD;FǮ]B@8>n) U'a/W%q|Ki }&o7_jf3eFw0< #p*϶h[Z^r|1aY Cvobn+ĀY|jgUu2NyL'sֺQ6\[HWTzTqTI 'zxO^ٖavG-]*$nڴ׀RT ƛ54:yb21*QnvWA (< bW&d9UtmTg:DP9XF$hr/- nvadct"'JAY];e>7cj%D{r)_wx9Х JyÔ$0 %uI37`2"1}+ OԜW`1]ji o|u&mDU mF&,hsՆx$ ×LMzܕ9HsN;<_ϊ:V *BEHz 4HF0cBowvC\Kʬ/ß3U+|GQT]3KMn;DL~oMcG`IT> }L/bd=N׆J෫w<*4"BzϬU+(\-)=zE98SJr)B-})ڤ豛7Z"w/ղ;-)+b7+4r*Zd{/ -'s hʲeuiS). TQ/ձ3.}10/MEF/HTOO`Jo #3㈀f>^:8LBe[͕ۥ@^Z,K;Ϛ ^AV㬍! A`L߄]ZK rzȢQd\vNN % u 77O1MB.K$bK̾?LV+~N3S(jJ `mRqHGA*s.r 2e&fQFڊX gHԂO 純6>}P9 ,IxG*R,|ө)ucګˇ,U KR8I͂r ܚ ӈ t+З!Q}rr!>@v Sy%R=~ieU9rs_v%`5 id'w`Ɏ瓵ş$^}z@bƵQ=.XXL7APaf˶2-+7 ?qZ9Q-( c܄'P5~V eq|9SS QVez}ÿ;hcb*(p7@,?Jc<Wb֝-B͡4rz1 Y+Mg 'Y]$Xk#8Y/z-﹗ƺXH"͖D kr[o*SP_I]"JNqxuM;(*ޛΟC2j veȅ8=rj0 o WHqQc%|.މOU/#~=Eeְ@9J.7{@#jblEkK!"ͶAlQ=SIɲQ4#v.F~sOu"r}iPf[Gx22h)U( R&3@(ѷ2 OlȌѠ֧Ih|e&uAp٬~=L,ܸ~~pzDqx=?yۇ0".qwpD`kL'Һ;(b\AJAV 4v* 9c5(N`8obx_ZQab56JטB*T]V)EDXyv̟sArvଠhݧDTP`a-I\%>I2,v!>+v@ oB\t5}:k s{^ 6H9o=ad rr;uk/|kuE|wq|c fٴ%I3PfU4W/~pPFwOF'*n Qޟ eA4$m7ȉݞh:c tz!R}9df{? `4vTLez\fG:Cط*ek,pZXadB陆VvX(d*j PP0"֗ Ju=Hdoxsoh;I.2EԉA1\wPS^/hnwU"VlI# >!w{n;-VN Wv"Db4Ӎ-l txҺHciJOf.k GOIkH1H4v G;)xS;DK֮E0Yλ[i21*+Gi}Q߽K)ΥӽӤFRf:CK$;׫v('Z JHafD{jq⇃E-Tz e){:Bvp:4REA;I;SlB%fTٵ=bjSp%'ΉOM:M_9Ȍ~5UHY\^g֯Ϧ\+Di[䐬CɴLW=X -&տ5xgؓz`5Xі 0@% ^NF)C1Y@-F-&i7ATWE ;MGᝋTn=~9M>t{?=捯.4+fm<ǾF.{c8Oj2mX}6I@'l8|"RpB˺ }k-G` iq ׮ ^ vN.d1l|Njko6ui^9PԎ1>weLYl%+/\H ,3,e0'W/'E mWqYAmi8oUя"-:1؉g$ vw B\*X@`K -< th:e_TTG|@Qҋ0iDE LH@FfD )V+8H?;8 V-%[_~ϓmNBEx8p#8b@r&Y֤J~f{0xH K[A2__{c.jPy''* ,oyauXŝDEA U)י vq5tn7^lv9,>ۅ)8:#[/uYҢ7,S W&$:8B۸}:b#u7k! OYhH ďSaW>W]ֲ8.]z^ɝldvNB(g)}J5wL4r}g9.lTQ}hҚe?:9;st=TƛDb\x=e?Ijb%&Ix+!p`hez8e*`z6wNTتDI|֠]s+dF5C]}"R]”-"XH֯j~Z `na":[z&V)kmhQ1:DŽk'znXJ{~d5]Jn_QZzIn]b[|c|ktfY(Yf=+nO(PౣeC $WӪЇ\d l98w?b#S ޳5 B*N +P2+W v8~"+XۮeZBLC֫"}+d?-19qQo}"7iRSh6MC4%nO_X"tK]ʍfk-=؆HrDnuH$3m8&o&ܺ& "x^ i P y[^uEoсaxkLx|JG2i_ycGQ#?i[O悍y}+JsgZ=ɺ/b-0*Trp JH(^1ROc_KR軵 .H PϛP K40'{jb}~@Mrȝ_(b8_Ҳf&4*yk|5gccF"ד/7F~PsycQI.Xb=ZZl[ qK?? UL:mD_  ;Dx}]`v,^ ;fۈIbmnu™ri&]i Vv&7mCtvzjy8Rn~k{>FaϲP5إBUBXZ Qu 0|۲ E)!08HC_%D%ۥ_p“go~hT ʂL|%7DN h-$G-UD9mZ E"a[X!qQy9K8׾fd5Ә eyd 7FN}p6ڒf#OL渝܀za|b$ Ab&z7K`E/i ,QYsm+qq'k-t8/ )i diսS> b0Sς"?o"ah;i3|"-f*sß&jukyj{ߊy0$c'PĖ}"EAj z)mtOV~J6LtY| A<\@ fB Nk'.hy&>]lsF4~&LU8‰g:xDZ=Cn1|}r2 l$n÷(~Gz^#<ςVIISo33˻b)ypkM*Ҽo+J.KikRtX_N߀aF_uDСeLL1F=D!d cGy.rY]x:tgRfk/3+*ZUQ@a. *]hHno&vq&7*qMƙ`/$oAc_q {,/O[9==) TL&/n|DHaUG]< ϝkABaCiH8 Otz(闕}j\. `qZ) 4 ]*׀'IC@} ֆV Gן&!2bs ~]zNРnIi09Ds4vHGmއ#ԥSgرIY\MNY} Xh9PG8m΋J9;:]f_9q5@fgOmǼ^q&uR A>p(L@B~ ApaDk BҨ<`lٝFX;LE8j$MB?3^O,жY4J^]j7z( ;TY7S6'!OOj 9ܳSw& vo=#"]/"+a4 v֠)b~:d~bMFwO=D_iIc]N ]ƖtW+c.;xR:!R K wd dfа0:P"LR[܇ qVƔ *e&%Ƒn {&Fme؇T$|nQjlD@GZm B֫5aX%m*qM|d> miX.7g*1+NlK!vE_Ղܡ\CL=iDP/E1F Sv5`w,@nc_9V~?=;"QHeVp%/ k=BP9w1 iG?]7sV<>D3m[5 =;aD|*Ϫm6QQ؈Ev}"&v/DXnܺ~|!2.:4FkpID ߼a&oY\?pճXv8.WBƔ3ә{Ҩɬn&Ln.)^|:],>L*%~?H&.> a$iI,aK#D}DLbF#}u1AcǓi^G^轓sbEPj7Q|ʷ< F.^ 3E^k?H qQ?-ZI8uΜk 7ֈx=; BNFiڊD dZVr'd 1h Is[_۹CUtdxf̆vz-C sHĎQu^nY&G=GbV-}&F_5A7dQ4aa4tT`Z㚐AS%kgUwtx "3r'4NEc%.8/qI= ,;(cF6m4{܌Oqщ ),]! ]oEٙ{8&9,$n߄z ȽvLPvQ]Ҏ&54J%FDd:))Qب?Tq9BÖ̓} &mQ@ {Q%Dqv=`̺0*?eE }%]D()#uus 7Ś6d쏅kg Es ~J_>JHE\su$N1~< \k?ym5@O#A%*V`'ݞF`Y9 kt)m@XKkM4ΒלV{KQV-lrl-Pl^0PHAh_Jfe!b6?\U^ҭ,$1}]Qx;qn]C9Xi13Y.! ppV D/KnW:A*Z"6gpE&nZ}s,XSdOM"> =K˃)uMhrѱ/5]!ZȌY,~X3b/^@ ,b2y1 ܤʧuy"@_SΤR!MRcNu,v{\78Ņ&0M]kQ }!E3#|T}B0f1q#Æ"p2܇HE%3# Wp#Bxk0'wI~ߧf3.Y؟*QG1(m˄^CzSkʵGEQ3Wrm?tɩC5tғXL,΍}HXY碧񲿃}=[Q8bI(;wywyPDH$S\ ^iVUih}kU#;|("mzQbBg#ocm#7y A9B[} R ecIR]ͣ!UH׺ީ \Cqtϭ VMV?MC3kh9&ZWdfTXF.Qqwk#~f'ĀZ~eH44=^~Q'R&@-ˁ=Rĺf眞I[. Jf653&c4fdNPZUo(lハ i[<,9n^C:.K(-LTBșs^c\FEbf0_TV^nƂբY<,RSv(FA լk5XMO^7vDI.ifa&Gg $ 3|dm3haA2qGYߡؑ*.y!!zJOx'9GIh78mq#xo*IY rJ@V$f?T8*U٫HR'zXgrJ dⳳ:MoN(vENYRR?淥Gਁ&RC|+\e59ڲYDH` #*G{ՂԉeF,Y0' +B`7HbسFC" 1avcϘgv]à0gh/CPH4Y9IvY5a2AazޱiLnr1ƨ}H6.'j ":i42:^ ͠S74.Ejx \ kua~xAG/,N%P=#~n߃UO[N1_ݶM5qod_l '  J,߾ʝHt7& })}e6//WcLzhMrz/ oxg13ooڠQ c ˮw< sۉ*~l!p`z!)*+G 5ϘbA(K-xڅLXh[ 'ċEēsE=1+^{FDM"zkwuPs[^~7@X/0M'OlZfu:9s~ԈA 6gV}bB]bTUz-`ɭ=n ߎQO},s[ rcqm!+d} ^Z CJW|5'+K"Si螞y" ˦$5heX&D܎C((&6!Yi/C5H@ L39QqUxO*qiyj&bOrE9 Kr]Hsյs}9?ӄC_*K?_~g"}<yaT|!A:^[4A` om1(j<atMo+T_2#7VVfc toFky;{ˁ&YvG>w&iLrԇЫ3*H!r0^ף)qk>>+T'5LjNrzqhq,[0:5*a~e]GTI\ua(xkwGFg=]6ޗGc"~0c'tŃJeaN9~"|L5|J5#TN%ua>iOe!Ǫ_WH$_#ly{G}[*~>(F_V#E^lv2t I/Nwk%ֶ c4i!pKrc^YvD;%Qks{_,ǩo{NԻ>BƉ{xXxhhrEKr82:T-0h#:iUѠsޚ jf OQhHf[R0he 4ˠČ8Zg#so'5{쓺J߂fX`jDx?%`dۀ)Գmū{G{a]CG0_A6V #Et;>#ݺ\e]AS ˑnvHG@1{|]~ٷ2-BkeM-.];_h1;|\=N֤b0mS>7Up2?&'r0"(BRS~!u溭S E0WD[A :IHSL}}2:B;"W۸o ,P`4bt_Ix+Y˸/2!X܊bM:TG X3|^4&&(Ǭ^0O:=Q2qAE;E 51٧C7[9u\[p;w$L̽7γTj&:ǜ\5趑^6'1K2Pk>tō!J*þ)[v eyp60c[SHޤ`Xע]-.V ԃmNq@LgmȠ8ꂨny6!M{odRZ=Yʯۡ!!Tܚk <UQJF" _ t97)jY 9KP9yuGMFx γs|vc|f K+qV2A<؍iaC784*YyQ! />cH"NGIys0bIpЍ1 48N 4*v|ZyM VDJTV#d\{MtKҕGyĐK F򼏤G>deA> /yŖU&MhUk͒C0sI`6 5hm)XQ\1lމ4Gd~ML/\qꉌ&a iMoLվ}  PaQYam"╭No6<+Xr ^ruغBB؄RG;V&iqI`$ @걳iEVMOT|.WWrhdmN*TOVMZҫҧ?+N@E7bՆk␿ AhÒ  rK0)`g<Q( ,*shc^DWH%ԛ/첄J+UT#)ɐWeR봋59l!;p?̎MT4H4wM/%OaZ_rH&*˓w W&bmvD2+reŠbtkk))ikuK(MaAJ3o(ˉg [ ^1yjfmAA%=tK$E#u&DbJǿ((^o&T~1p9=r'Hդfe$IHlOEKvl1%P  ?K6'u䩼~EiD5كR %$u Rs# :FOw^AqI|AW VPѹ^*.4ۖ/2Z4R *AUW-+.^kٍ ~U4qiht%!.样ZU̕ y1f}ѣTky(PyL3I6.@T}9xb0=cQjxT_ (-h O uU(MjڇUeʩ (E;yt„*i%sCHraM zct{Vf͡F<@oQ7ݲO/)bo_/~ y94bx.repnD^rAA_D֙oؤPKiJ+(]~,Hf|1LMOƨ#p|n%"M",Pꖁ8#); ?P6 E͢'j1h G wfr?bMq&k5|g?m뚼tcj>Hӗ m>m5m1MBҔܬ?z8/戴hfN˼s*>7q„1Q~]-c.c]M:T] 0xig@16Ui=D%.%{$AkYu*/$99cO`MO놳_"޽|sK[ǻ0&#XQyp5 Y- $Mh3BSh8ߏQ2mJyJ8/^aPb:rZ'u3HR1UfC%-$aH 2gK-`3!0L5!?6D!><\)3Q |sSW{߫29_a_\Ҝm\ϕ캮,`%3:QJ@c8OK3+gut-Cj踨< KAՅv,xsI^҄5:[=IT>d1Y#0?d $" qSW}q\Y̠0Håq:vBpZ~zwK򽎭LnAzPgXpqq9b[WjFuOb\{4Xhܼ*Ogx;}"g}g3oń;ԗ%'IУ]F~qk AQ2[ׂ72R|J}5/1{GJX%i |鬸sq/WmZ Y%2/BH|IWʖfc 1HGWڒ[_lB@DɅue]\RO04NE_So:< Rh%yΜىܱ ?1kUQ荕M=YĔzP.ZmaFTa>'TGDl韣zH V҆#&a->SF{dylVNה?s}T\1|p&4X&? }}?\b|cm'%Ke '2̱Mat4>F=?9i 2)]^Aќ-,V q sTcc޷ 0BXǛ̙F0$^RZPOy1nVqꏾ~u]\6ԷãcFsw:[ .[!MF>zDӕ)]>?%R#q8l߈'ɺcx|ڬ}ʆDǂȜcen( BQ*VVs@F#[$. CegYf arС)WEZbGXު(?f䰖*ڗm %IQ'8# %d0J*fP0 X?UV@+IYȰXCGgs U^%8VӃSi~gƝ [a 7ۗ3怐6H7Ic"?#bb}o$췹zo5zd\wMb GxDִdnyFݱ'ts={=OeAJiݠ-C6$`Xbz@-RX]O"[?%D/hYE񵧞3U0"hɬ! ſ~#y/\+Ez r Y FGͯ|L'a,][W #o]a[DGݎ)uDg* R[$IsJ;חD!q}Orx4Sج/'1&uL]P4kx41~#z LVRhVd+.`v7ki&@mD w5$(]ugL!cMDwIVY`TC]{V֌Y{ƒgWr^Hai<@"k_=hz34kBR:?tmUEMi-v7qigKVX}YыCrntA+;,B:3V%E%C=C`Z/ JbsJg=WS1Y)1|[HLLdZhW.D{¡o.Ϙє [Ɇ&;=\DrI9hʨm3I_]'߀$ھ]W:#}52 t~mm㓂b&I3Y/v͆ؠ@׬mQUtS 8(6 s̎.:/0R/5]%ư(/jM$Z8U7ic 9EFi.Gιdӷ,ˠJ\@[N_4>+WM>cI*-HTVHܷ6%ۄ  Hkmޔ7]|ͬ@Q3ibbF&,\+P̫Va}xeO]+tv?'c&O @K`RkZpNTJp)eIؔUR(RO5{)'ѶM) D0N=^8; ᷨ6%'6y׹W2ixnEho*J|;w  )Y*58`KzZUU_H9;yhʎHtؑ[>Ygjc1Gh4^IĮzȟ3SGG!0¬dOc;mAs;A?ښߠi0qsMEDCzBCN.gkw>Fy+Wټ#;7]2 oҾ lTN6JtFŊ--!ƙnp}K`lG rYvab|Z]'^xoz_Ƿeړʹz/d *0?үI)D"7^ߴh>M դ'[dZ m&j"|(jڏVn7ͫk `E~vc]n.Ҳ-4Rb$T؝Uc 22!}x##h#MMYd@  $M|p{aɼ"؉R3;_W ǗםUFbƹ0x6 53z㯸?ZxUi[8>NY2n 淋8 eGey!%\_ xَ ee[#)jsBy/r:s2R;$㜇Inų@֘Êf?3^; ,+^8Cw\ 4+Z]Z]Wʳ  /=0iEDrqjk]2>)H?/H e#\U"8jʒ2*I(C=A,-k7-xڲ*ΰMucff+y"bf; >dH{}|!J GU'&dZ7Z v[#8`'珟zieWҪ"9SנO }_4cd^BΈ~R5?l]8*jWS]iVb\ubҽطta[5[FeOwےVrm %}_)_oP٪*^soBȰg)U}:':- 焛񴉻 n'jޔ9`N&Х `Hm nNn_;:-|!K`DQ 1Ԭ rh½(\SҎq_͈,Be$ mXVxSR8.4yüxO/Lfyt{9l\f}cT@eo2Qpubu|tlnc$]YB7]a`mu1vߤϲTA: 3OCࢫPc+_ &@žaҗKX`qsUh*LPtPq;[ l?'r+`ÆV2iRB\[mJ]1^Ƿ |TP$IB ᇃ[2#("R ]ę$j3XDʯظJ2X,#>8T(?/Ұ;@K_"QX"OW砈&r-ٞK9O!+*bٻcN⬴Mߦ<>t7XR`giP>nO9h;bwX4swx(\(H. \8T()ep9⡑t/U+Ҏ& .-(>E4Q< EC)@|`Q72vnJ|mN፮Cۋόv1 &a2d(0Ix?]9lI(4#u R?&E`vI1S i2~8P2'FWb5'g/ĸcZMDUwr9j,G__E/]pV<^!w_ *4_ 敚,k}n~eZA>:p_C}@Rsn6f {:D{#*W<Th7vqfrh5d]9]ZN{g;'m,='7]$>׫I#c]kdRC *NIRL+, d=bH%c#&[*jmgIÍh~'r!,GPfXz/Sc|^V%;T~7x>rcYw [^Tq>Kr3$OSlo@tYR6*j=v/E jEI&Dq8Hӵbo\k7%ظg<᠂_u7۩cƮ (p| R5]QۣL^_Hij`Et@Pbrsj^a}k8JU-Y/ <,S' m K)/=m;Gw[n+ e8 C؟X4tq/L'%f RuћrA\Z͘@gλ;Ϫ';̔긭K_ڂ.@{uM8quTrџJc|Km(֕Za{3RKיF?dL 4T*ui%2(A~?fR*UGٝdjVڟTG`Y hn$$iHtxH)bhJ.WFBm7qj^|Kf 6Tq 8,bcwWj{~3 ƸE&F-VB!AAF^7!pŸrP?л18ͷ8S\Jҍ4@P.}m~<ه~2bl9| ]&(5c QVP'1b~iRTxQ1ʨ4\Ǩ׫Ej7B{ ˇ ުh|"§%4DuƽA$507҂kKN;gBDu3Q&ULR|O\:P/_`j 7K?ty;u?K r7!9xӮS ]4db| hdO 3iAmPor@_zSal}1xB#&ϋ0mrLfd{"[Lʃ ҡH,T0bv;sGD?x6Bêjx*r'Sz|9aLLOni(dJK_BՊڨKRjeGw;n |̩fWw2 K8+,A=66^=+Oi|uhC+sipwF5}|YE'*6 9rh69z1kSY(Hn!$m:h-_iQ*i)0t/)$D”>adEN;N Y&Qi{A_g\8B#bJb:ܤV`2@9&yPtơn&Д|p'-UdP,RAY 4h76nA $ԜxFKAfq+_}4d=QisǓb`Ybc2|J4D(fPDH dNd U.2eĈ*9i=eo|A9 xS?$KO݁qE)nP\_.0XdjuCHBm;AjhF6/ATx:u/85ܯRm˾|" adD`D7(fp{{V*cS+c& Kz)=ck7^d>j؟ dĭ,-J;-.TY鑦d5?.Z+\)l舘7 ZgxI29qޒZjlC7 p,R (ȞI's&%;89?nBcz2Bd{Yo`\ą6\V%Ȕb)w} `Ï@+_QS36/2.&;Ճӂ*?Ct16܊}Kc+ߡ'D\h ˋx >SĄuO퐰}jGt!QqD[,$0dc~zPZQr*^Ü̞P Yy Fgq W2O@D~m9EI9v>R4H;&\zC`dn^)By򩓓{3ʢ_-VCxurԩќWhtLvRWo h- :&u'p/axȷ>B{V#UTYxjz&:%j"-pSd-Lqlou1(lDmC4_rg3=vʻG"k\3}GrJ|0~>Ԩc 2~^lB(\w3g{|MYl5,菠Fn ?WDv~jk_0|~/MĮJ;Eoȅ l9g-WȔXary7DhfGּޢ)"8\jkņtZ!vhB1 'b%WiH0j81b? !Y4(מ1W9n^nRC!'[J^>3F-nCcB(*n|d20(WÂб] SOdvtj3ĭVJTҭr䫎]4[3-T[ 0L(9}f0H|XNʉ.Iip W~ʬ7.0Xםvcɻ PQN +HtyPHHW RO WLm2ccHGGwr=T3Y'pS8kYu4 148@^P*Ɓ.93!rkU֛J#VB#ZJ0|_-@L^ʛW"W@,=JkEB_e7jUi[q ?-Ȁe\(폎לL{#PT ]U˴/K3cE>0܌ T}j;D .6T~:[-t![]bC]ܓ9uO<PzlKYL3UUO} sݦKwIX{xBœz$ʇg\Œ!jN#,r{ΕU;A7Hx"xewcra>6NA&X9-X:T>Wm!PK-x:RXF-?)%JBT 2hg|Jam Z`˓¯As]1}0pH:l#NZ@ENc:C: B8g8oj⧆ `f_q  v\OHgFj)Pi\R=PB#oSCid]Y q~ JbB[M] M:iZEܬ/u21x'ވFe=]*|T(VRL~C tz8."|aJj,1|mi݌P@˭ J'@,0W ~fJ>dmPw+>Ķl{^UHr=ElɇeAkTF6YNM"z[$x:=?CNqUĕٹޭfugsr3?L-ݫP>Xx 4v^t@shhj N`,zr9nHuG #yhGc (5@Q}1T&xcW[]Y\{` & Wqud}u}1K8" b3Z-qEeL^xhWQ6ЫGXvAw/d+x!6],'Fq8|w1_e2ӤH@d 2i)>J[mCs@2ߨ`=*LhL1HBt;(i߾NKzh׈8@BK*V}bl-?-$-"1TBSB<~XһΑ\}sG wXfo})OÍZ*"-t{xCӂ=&ZJf?u% .`ۯ%8h.d/SW4H{"1̿~'G410F7ǒ#N"s"5G%%Zlh3/ƝM-H3CopQr$\˩ԟJ(0uw;k.*@;nU@,[czxvHR9tŐxK1?9#Un^"ߊb?"a|n N*s\zr^T#xaX T R|ʀw>g}V@) ' (T<~m߂낄QF6Y@x?YqZK INy3AY,\9XIprq"4Z\(5Z\w)e^p}Eܳ7XB#eӱYXR@{EswJq"y0RBE .e2c !@ouoGc&eNZ}6σ4BE/pƇߍj [ފOJq=M]qC,s0 Oįj^;`5Qk?]\ev O@TIa[C}̶t{nJQ)<!p=qak@;0Ðxu4. )<;DI$=3RUf<`hZ=W?mMY&&j E)⪌3,nu%ZqPNCp5s΍\YP1Jiq*wq!Ie}Ɔ局^&E38ҁھ?ޜ z'SEEKz9 ^]kRd9yhXOȅGͿy@܃h:H5U7+ېAaQE![/naբ@Oz_Y 4-tQQU{ߡ+Ww to=<'e0]/-O9U!GX!İWkZ8xjT*߈#vWBGq 9Q :A.^ s/ L@cxYjͅg{0X^㋑7 ~ʊj5wC V2!M2dE.Cj bޏ()i^X76|^苮Zz櫓8mښ{:x|7%֞_x`~\Q#$ Bu$?=t-h4%6|РB/in':B+Thr ]]2ˠ8%ګ"DRDmr=K|QVti|WuwJA-wysTטPFJ.pFTDt2&<'1 "J_3WɫN"56{YS@o~IZΐrJE\VTyuO-bGCtB( 4Lx6KZǩc* cbZN/u'oRo%ؘe |KI܍&d8"g&)ZeER_y+: 6~)!:5XB$%r8Lspi8_q=[_zqҺ,\;`0X.ݥ5UrjZ(3Lnlo4n])å⯝AQ\Ĉ^YXv"TnLLIcSTHa oawӻD>?=Rb$P/-&`rCtaN%@n;MC BNE_ Ş:ۋIaod-;:'P @ߏ'FdC_N򦄳e%ݗeތg:|4캧?d@MҪjds$=Yd۔QcR'c`\e}6-N־?}_ h2Ti0_I!:-ss/CѰe𞡩XB:2(LB#AHK̉HW^hda%rZ;5V*=K` Խ[FDKk\7IF;z&m=!(3~s?7)ԜÈ`f8 O,stxf%Z12?4M6Nt^mQM6J2Arܲرvq8G1#-i TR2L͵~>Ffžh @cnŪ~yۊ: XI1͏k?g~?f4_YRkV6oAߛirZQޣ m=J_!^ /[IlK3l֧Jp/eVCѱ?S~gW2p^ǰl{4^`hW#'Y|z*)9cO]mY6K'KO%E%C L$􍕊&Fveq)?@lQy0aD_08ɣ?h  `Ƣ]&<%6yXku4zx tf;n *$VFܪ%Ƚnyگ#lzj;’~8Wm屰n˜[gb42J8>bu %" Pn7J4Q+omO-xw{u 6?%1T^x<]m N4{_Cm!CѾCWc7yEԋFI:'dFtOyJ>Jc$gF}{zPĸx/ju67qy{T 'n iB W zJ94i}eEqjނ>z{iĆIN$`zDS56&z@|p$Fz /FpP\HH]Ӿ!>n#(:3ή87oYXtj3n{ "q!;(7S.}@xu\=y@T>;)%p󰴦R}T$(>Ph _ek\;p'4åAKf2I(8mGV5c3Am`?~uZ%d}Mx˫\|b~Nk "ɒlK ӓ-+ћe ƦpOxv Z5xC> @L "_eHLa!!cݓ/h˜iGܢw `h QtuG9 `S¿q ߦ /f`CPZXW2L!n궥<׭;vV^Q9Gsca*(KVq09kpC3>*v8⺜`4\M`3F#>A8laN[+vU;wN-,d+Z;(i1Or>Xt,C ['*O y(d;l K;8ۊl[dZd*[nP.r,:_ͫ%n>OĮt%"FX^+أ4}&L8'(ETwb@^au'wB C{II-^GCq VF[LVBeW VX`+0tzS rgĞxIgՎ䜳Hɖ6vsh놮0x"CSlP<hq[+vk>kĒ/VF0yʐuP >xab`A-:IsG5XхÉo^~ìLE wVu߷zpLZx;>fg\Dɪ>^zpl9w&k򈯭[62a =Ev3mcP4xBt}߂<̍{?[kI;BU]z2D\UתCȎA,-`'XSROܩ̌q(y |9Nf,I(1aɭ J$f]3pa>)-_OE%:,V#Lf)iRg ޿")YC,9]+D83, (ÞMhbq=5%jJ-8|Lv ٿDM77FPDzʛtBj̦oa8Iįx֕=C &=V qNHc`b?aaͭlNYƏZ&m5p(**|y1=`5h@sj~4LUA(-蝆}qY)@BJ,2TzoɘV~BEv041.Ȫ#1Gf'(FwUbT?>('*CQ@(-'*U]L.WH/㛳bP];M7MrFf%ct@{ Q$]wE*Ew5L[J8LE 7|kMDzdu->#MoФP$#DE9GsE0R b"FH nܿzSiվB<ʊ ORq|= \:G/nL8Tpcd(LѼb\E@PK-l̜EgV1bYZ-M1)qt"}( 59]LY+5}[NJ$rJޖzN+K9 \uY^N<#_(y2X(IZ^FVv`D:>{23%Fqo 5_;EAqp-418׀bC!Q @hj,FY5~VOժ:J  p"^-0_.¤P-Ä6*duAv%p0m?%QC?LIMp٥eo?4kae"e=A@?H* \ָJ@ ˦nC6Q-0xLS|t$ Zm~mx=lB*oE馶I7cg#uch @vZxzaUG,)gbJ9gpk5"dx3u,\{@a.vD&"G B1jʥXتh%2硿۠>w²|HwbYRXB|} ‹Fa7jYj9_ kA}wm Ҭ|R^ow۝c`a%HXAܒQ.P~k.wo ,m\ܤ?u#ۿD24U •uTp(gʍnC?޼ F0fܵ,98ַJSJfu_ҭ?o ,;t̒}ƩMm۱cAsf9tGf% m4e/fź9 >S?Ew?s9a ]~5ɶsҺ..DaB12~\O H۔FFmX8KuAV#U5- $_ Z7$Dqzawy%b;zi֪"Հ H;Lx"S,iv1j̆U\VX2(WtWʺ'l;R~ '~Ȇo_b:׈RT;ik=V}MRpQʬAmJ{7pCqO5bq9Я=.^ќl hZl -0ͺؿIQ]]q<$>ARR>Ro5MNe03xcRp E2Urʭ {*0Z.@N]ֵC.i6C4^"ҠXWY'D+ 0YK\ܥOMUΔ YSJ8U!fͿP f8yatF񥽥qsÍY]1^#=DZD5"9 7H⥅=qKuw U5߷̮/Eng5 C /C剉PJk 6ֻ|-k>&12:te d6CS ƴԷ& Ȟu Ĝ- O aQY1hf9^weƗc{iDTZּ@E!Mi_: zqzE cA_x!T}>Br2N~DXs>U|HYB 7'z% ĵoN i{#zy䛚k=#f5 y%گ<]q[\Gũ{2yV܁GXzDi%50D !b'|q@B ) /~VWQe^xBuQ$2[Vtφ_2B6; ENY|j#C_?v;q*jn+ݮZ,x-s5uCkA, fm9H"#b3ф-ت!:<+! _AAJɎmްB[NEN8׍?ZdpD"pU4d #oֻۓ܄U=dz,pUV1G83xib(ݘ{ED( eť}, a%0aVD!ܔ김GJ48q^ 0)o!sglB~$K1 ڽͰ"ۓ箒aRh7dKƘ(&XohHr+C/};\ Ǯ~ |DK\qQiYzOKg !EQ`lU/]^3+V&k9~GODŃgN;^y5H>)Jo2]?Dɖ oЂSM܉տA#XjZ B:aZ7ZjSdY;?뻩BםjRyH?rԤDf>L6> zvDU"+1[Μ 5XZV-V:~UíP4:z%而L=HA@`e$'Q E`ih*Lۋ0WDTqxtP& a~Xq-aq=a [18pCnh)R6et S z<1 Y9,U׳j.=wOa#4~ A͛ё2ȴ;nqBZ&, P; &=&[:ڷ\&k՘n#M.g*XH4xK&64J` ?o۔m=jU0^^ E,%pAFX,$x6|COiף%,;;4~ƚcX*}S+kڐ%i # Zmbp@\+l;]XƓ."Jw, pCd N^yyʥZjGT{q ?|^xܱ!ue{ HKOcqjhnPҞ?%"K(P[D_/Ѭ4xV=ږ&[\׈ ~^nDF Fw n6;IdZgV:Wb[5PPtmL ȬS$N)灷6ӵb] q3p :l>l3vlI6 }quektf 9u P }Fo5Ty`< #g'{z1%̗v'R0٭Gʴ:қ~DB|%hנ챟}z m0~9+m:QzM*52iMVʑ#&FDJ(`Z!]2{ Yw7Ts/BRT0} `{kfaב9GɅ0'I 0"*)? Q587@= ) (,(caYLǵӼ>rw6)-݈xrG9$ƞ_̣ؔu4aKtyuȐEQgA's0c'S4[ zT7]6X«U8/0X <,@ja|I7j=0{1n^U7[OD bXm(3 aV4#H|U]lW.ǿ[f!;. Z*~vl%].(~&Jms&jhrN pW}H~˂ @rr=y=bv&`CcuZN'+HnǨP*;?XwMSB‹.\亙t`o8.CƠbzZiL>W\x\<7?iTi $#xwg"h]P?(eZ( b\ >ΖAR{_ˆfck &iam{͈cQpُW ֱbhn}L͠s?B!vUͯpץ;o( M3-v[01m-#CԓX ޕd=e[Qz^L+ر{lj\un!Jm7- UlJu[OR6\(3=9Y5J[@~^4X+:8/([Yq8|/JsJ傊&&G5-Қώ-0oU1ŭ(Ǹn,@ݶ gpt33RmRtq23Hhg搚 M)q -||o0+M͚:?KF4|zQpl+{m€9C5ͦ/onL6G:PRXM r#,$m~|t{ҬARc>zӂH*>Xiu@mr;5/^=4NJťA&)"ϲt0_:bU۶7$ PzgvhA@:QT%# }A;5tk}"Dk0f, &"U $Z [(לGjTU`GKPF|QV}ZM7#D,/_>=Lg/Ҕ?7}A/) X#T҆qL]$OCfhU>$\H8iB~W﾿M|vt6z{DϬflSꘆ–5JHeY"$Ci5]pHZ2iolf颋4:n dfX˻֔~{SjO;,W˯~3qTHЫQB%KOM+zO]M7h+@  Kb}oJKFZ!lPgV'>rYTR<džl\ぽ,l>{ˌ.!-Qlު)IrVH~$ սalqj80IdO{N0+;&hPe fTDže~Fr|pB^(zzbz}BeThw8@\GpHb~)KCԥq u4K7Gd/&7 k4#QO)kIK+(w!$"2KΕ NI=Nuye}[PD6S8H HJsR@` d`{|}- #cH/D@,kD0>k%Ve d7=%ԧ(/K,{.^q!]@;a//̟ҎaRmWd̶fH(vg榊8-1㡅! s5μ j^s(Չ#!6;zfK4е_˟oi *Et݅AڌpQw*fErLF F9G,R;#zTo:42r^[hs^qKc^@K9Ye{n9KTEY SQ8wΚreTZnD5[q{b_P]2$ܶXj(>zoZbGcd ]ېxm^LCɍ.nU*+}0&o1?tV 1{ VY^POYxBH_M%4/208C/u*ra ҟNw߃ qr (~:Ji(+0$-*ץmήN.bynF_HY W ,.{o>F!x{[&#-ySw^VOpiL@P<}JهP!$jV̅ b>DP#VV4z#B{lBTth$BYEQ#0)*4M& go^98(i'33 а`tjqm+dH2eegSp&dkz.30Â.i./Z(5Gɋ.6:A y3U]}ۢhp)h)RT:8P02b=_t*=IPr>yDa\ϢoW70>bbh-]ES3itԚAw{rsT!W͐gyOP&RZVEkU>Œ||H_;/|9e;~*VX0/ߛ}5յxhm֑=P i4\K q6{p:sQ61h̔h7[m< u-m3f@8ܨR9F83*X YWq Q|FA#Q@6)=R]LJ!3+ }&6z"z6PHoj<2鼕Z:T<m!ɿ]?;g6*vZ7K;FƩxJ+ w%ڱ&Ji8r@Nmj)q]̖tLA=l3 p09#rb]cKWjUdۃբwLgL*sn!90U]5hmpwF7e;v ܗ;SD)-_6Ƨ8MJ T/w{AnNQ#:kpJ2 9EϊGt2ebÒZU3Z>yɰ?ct+ŖTJRofA xʤ Y]~.k44l[;$'䵏&16G?nb>+SZ{[{ 3(O~&WK${u,zAXAΈ Y}:KBxP}$LLreۑ d^7xOf%]騶+');\L^Fl\8Rtw0≭Z𩶷SDt00!!I^Vր#{(ذg<heҫ^5K\o#Ti JF74%ߔ7*&J>sǨ< кh% 칸WW&" ❀-)#.۸]VgR!֣%4ad\s`B;Tb~Xe|pe+)| 19ݙ?Sj򏃣c5Cf2CtA`4νV"gd41X (جTӇtH/#U˓Pe_So\ 3FHw.e\ R;v8|x='v$4܌HNC?vu5p 9`b0~ nR'd>m¹d:Ua fI:8 Z).L }~䰭&p1jS!!'wL\M۷t9}[K^?əA{NM,qc)@-VDf9-5+D蓲vrqI0d:OC%*9/*WzG!?z0SHe\:#WALp֋={l7!yUy)|mO 6 APȭEԬ:k}"GW1uEҤE#5PStVs.IVyeɁu(-g#5wZ뚉i0OD?0q\fm:- FO0͐\HٱGL ߦ ">uԥ-a?3v•8~$ .Rnp<7,on$%^s1'/ GHsG{b[L]`^ua/@x`.Ig>}3ybڏműIB68a*>NO` H/Y]*0V5jDoIT[YJiY|k{>2iD3-eQ_w@cmvT :[g(~&z@1h nXGun6ks;:x eIUY!я/CLPjNO;϶ :9ێ*P:ȩ/CP>=e<%{ٝpDUN' rCʼP䲩"*:S,0\r"VYt5yhr y6/W+q@ Ɋ9>1 73/,%ETCqs~jvB5%ɬ([YԇtM#}AhH 3Z Ѱ' QNԼT6 XSUt><*Uia:y9 BEN~-jjw' 9?h)3ˠ(U>SXO0%ЈXx)lg|H67\qBK06jz\/yCt0rvD4fa+qWY)[.5Wv #M0"@v &DTQ_͟1?c ;0߾s[\hLFlix%FBCB#3D1j4־}gQTO@X(gaˢ[WNܥop5\μCf[Hz4u tjwY[ 7/"?1`]|{1s?P8׈Ki\1X?x8uvSk|犡,U ܳ6U:(VBBZK+ggX}v]l0>`Љ@F9GZQƢN o7dS sR&?`#:`"-!o]h9%bs^:i3}im@޳;'u3t7ɜ3,\&E/VP@U .͐4tqI d׍fx@%de}@񔸶|$_Qa{x>G8`%.kʃ!d呶{( 3,P+=aU#2+ l]~_d*U R=r{3hBB"*_] X$M  r#)";CM \G@ aI1@=QtHsU%FG XHۗ 5q!MҤ)*VЕsx؝L>23za~q՝XB_>@!q$v_cNFt}X*.=(畁ڄaGJ^@N9nF1U)E6wA$֜%L`ʺi\s'H.\BS\~pQĨz]ᑐVG.P|X@[GD;G2lϲ-;*.a:)HnZJ`N$~NtjF Q~ΝL# $\_^"mlDǯsBT6ݳ鮇"QIğ%/Wn{;,Qsw>&}-h'"z{޸ztY4g8:s\K|z͵ Y1[b+j$BRHE:Q- .BLJ6TB(lp6Tq!xi4ťIo:h4%3ڜpƀq`e-vg`s 9'@mY$ ``\J;E,.kKX9ŷI8?o@ڛzj$7g|1NjU}jI-q%(L'Dŏ;EViF:0ϟw?DI}r14? 5f8F9IZ* ~N%Kz|ܔ/vte̒i՟sK/z^_9TP/bE D 5^9Ucoa$й9^Z4ȎYυ; !~#BL(W .t\rV 0CײdkСWc a+.tKpĹ&99jbڡ0dRf/wt*sG짍h G%Z}y5OQ{$-c᠂C 3}{1ts^o,&F .⮤^VS|9z k۳ >*0KHQB<{-WJG{V?44X-,AXuW|C(%Pt1j#E` *&Ih%2<3xvy/a+}#z';\щ" x8R#X xFL=aVbJCgQ`˺p4iBhKVS34iuLEHgmi נ[izfGqo&Ng]P8>QR㿼fc5z#^k*XgZG~ Z#1۪#ʧ'UuT"כکS9r mfZJчoT2B||au8dKMMVd (ۆ1أT绗6|AIwq[@l"e52NC893SIjRjban =C*HO#"Qe@P>ɱD hD6;b8;]v\QpUbJ9<lvC=j D]W\>Vf:Bq}Ք]ti87[:߿6 $K|WdUӴe8lR+f7&3z rq%w}S|.3IR!/:ְ}If|n Fkc|5hdLPMqyP&pU3pn~淺! 0Lb.C׭օ_W`T–Z^2\描T'3Eu+ #y^@"=Ǎ~i?vU=1A2Ցw#wV{nU$j83\~VF5گ?ODB|3S@8m.&ѷʙ7JqD>YxoBDHA)JG1rm0-%ADDy̙c_V_R/v&mIy3mymlϭBC'ZwMzA_D4W)TC94 D<:Țsp{ihLOF`ѫyZIB3BiH$bl{A$0lQe9t~?ŧw.AZ?\}ٹSDC(42!.Ck~M5Ueb*lSsO] ;>z<(3aCz`豋J%#t ffkE9y'42d 3A)I\W'}uYY/Ya۲םm∗%Rb!|^av#$,yGL8JvK736dUz-Q#N__(C4أ{ˡW0^p@ɹxAC֊mG|8@1DŽ{ܝeaԾcD nޭ=J 6\Y&pH8I^;m{R߇g3_4= I9p Yߧ {֯R)BOda{wNIlXj[eaNe s ~o"IpfIb=%ߟ o|Mmg^;=~n3n_S==b5"DE. C6ehn;muhfj5BAU%t[ⅷifFcݾ^5b*+r m q@E U_k_*cw[Iqłj31X7Drc8J >Kht D$*I _q[&#C9k6Q!usom `O#&h| sU$wdGs^LX9Ф@ Mgƪ\ޏq9)X×?vShlW -^'(0{xPnBOӤDܢ/>q{oYj 5kbjMdL%JҨt@(~ ?E ,L& $!G E/B5'}Q :Q+=Y\ӑ6t՛󋢃!${/'+H â8WRjUƩ3V(?%vʿEbbjF؏z,(z2,̍0XWk}-G[4:=`uY\G_)p^- Hȯ0#ܩ% Aq@d{OޱB]Qkh8bd?Ւ. /J 3jfʘ2 / #A;fڙEԀ7Iך𶇉-]lD}C~OC?@?beBl-ְʥ92%̝~pE,tm8Ci;1fndlQܴ^|k4;SF2[bU69ZT'p[Pw8ѢQOf\u#<.ArY_wnX _%tu.O8 0fcՀ0Ccd^ԙ*[ 1 +H཰DEw8Aj)"+2fA}*c6!sEF⼲kEPR2ۘCT>+Te󻟽j#;?n&b ݉/M{&缟j$?D7Kr ]&-BXImAĿڻ5Zc"<9JhdAscfj=%/{v;>kUX <ݕ-Pł+Z}"i)1CmB 1x'!L"҆Z #(LZ`@| +3 IȪ#4%T"+ݨҴȃeh?ÐfB|cŒ,X)}j~-#vS<m*DCO,".,3̨ dYB/IhYeUdRώ/l1(&Кͫyj3|Z&pɧ"itѷ^ujVANM՗N{g+a)I{"jG)IV 6H{gKM\e?C\>h{S""׼vm2[LмaG8u-yݿЕlc("zdJa;xeOgmVeP$X;"B}:hC!3,DZa? CT43 9=(* Y\sPV*M3!fzsCt?ɢL2?DC+tb s"(@= 5`oE:A/a4l]h RgZ`W)\WTӎy .UU B$[ {7‡9&Kvpr y *wseì4n}擬 m1{ frYP o5@* C7Ĭ WMZا.e S7./)8{k '7EAVҨ727|%?L](PA@Rq8:SAJVxtWxSgB̡E`pVӺ6V`\]^ U̔/(05;HsI#"s{+!:ͺ nI[r?+qӔo1ATO-F_  .O}=v1y|p ǯwQV}>K[A?5f}l6ݑldyOm<$;HP|&cFv!D+JĂU1C~ -+D9t 8g?Ͷ 7S2zV 2?vb\ٜ{M[rc=%i VUlFCP)H⺒L鯢51X2ޢ>4i{ɘ,uv }`ŵk2D?W)g2 kBH a̩) Z p *4:V 溺T8_ۚ^sK6n}@72&μ[.{!90h:X e&(] &ŬOUAp⍥e8׃IIG,_f&t;T+4ZOAסYOہڮX+SBaU.mmv!XU%~^ [sE KY.<Q9$urg(t; jn3.5@%nZ c6 ʇ_Qb߳N Ū9HKD4jNk;IE"S6TȄ Y`K엌Hnr:- =;1[x&fG +x ug-7Ͷ%sf;t lpwCB=UMB KDžF#lj7E;Yl<ڀ9 mSn2FO`s0G\@ӋLEmbh2׸]zZ;LMrzB@p0rz.)63'!B@X]fbe#U ۪M?!ExYfxۺA%Lu}\:͑K2CsT8 շpOËhlo9yA1'q,_8xB_!9>'lBa/Mw"@fؑÇ2#Ҋ.1]^gcomD僱)pܭ5<6x[J#j)u êbK#o'C*TQャT8E@#]:{k3Y6E#LuTuJTR (i!@J&u;{B^T$DK!\ V/qAL٧]l4P.4!%db,UE+fS됣F`?~)YLM

C^䃝&Ө\ /u܃f(vö\Wތd I/}}in˞ .]j[qwNzsup~/03N874-*y$zUMh朊{okK.u=^;0gk6'L+{_Pd..`|O޽f5-!F,%%.ःqrcA8mM&ب/f䊕Hh]@|M!tZLGb; xTEg%FR^] i."N"O AӔ7Sf;Uw: .udyXfc>_v1ϽQCyWh/`ދ/ .wE$=~e,ZzPW-RAc\nyKU3e4AH }â,֝}&QVjɒTWuG潡Z~OsFֿ.N76L( TZ- 3!Ťi&-`Atޫ6#h :7TV'@Y3Rq"bpճnCHw#h91߰_׳ulǖ+ծ,CG5-vi Mn"tZ0:ZU3<2G(e~t,_`I*lfb 7J4PPDyJpQh&)ڂ$mÈA*8sC,M+]q9N8|T0=J:Kp=A:5i[!qqd+EtFz8 H |ZrBv2?wTak>7pAR9@ʺјJUh pzdH)EJlJяׁ PΝ,–~UA$#Ztl高,EGzLƒ! f{mqI&]ɱ4((hq8SP@qƼ:O#MxA>BYe# e}]3-wE)sQI"ARӻԤr.;j֗@B=xpsFǞLPf@C 4_!ylMA5i<:1^-8 :QՖCeQgͼ' yR '*n%e֛Nq^ J:R%Ӕ$EG#qe=$4ĢXxz܆Ϲ Z XzWt%IƟ#7pUrNmXP?6 ʘ9R:t^$`B>ji9?1}):l qN})C.}4vZl ™j6IZ􂕥zjˋ]\׼U;lT U#a TrkmI#Cfabr6_C@V5śѹG/#hQ~4hu5l: /*d'BN  kSPJ ;J﷣Mp?u·>{d3I/)mRKIؑ|ylE@m]&ғ\5j2o;Ժh4oT[s0ޚ/0ԦgEkG02pjPUo(je]#+ҙ@84 i!噫=,9tt|nZ>0zY<-ip>@iD 3de?Ohf >ɺr-I쫗!6_ޟWx88.^ޓ »}<[/z~/DqTYF9L8}. lSn\U3#L I%dMF{(ޖIAE-.ɭm#1n&cr$]06฿(h#*!""rG  IB-{V/uvV`zsp"*](v)#XU&es4 L/Sl=${wU0ؠ*m&uH96ݚ%VY`i~;I^p CG,\/\FqYǘ#~D0MZ14 f4,]>Qj9S4cYk(x!$C&J#~BXa#&~".«fDLjL6*C X +ru*q1?/QRG Q 9 s#0pNG\/"G!EaV]I1#o]vBD"_\fg-ur' _7 YZ