sssd-client-2.5.2-1.el8 >  A `2U]n Fc$C]3Wy;+X`O;2jrUuHw{htMXDm)1狂_%)Ax?r0[ %!<Xr\ǫy^c}pb<&/&Nד_E=ޢ 1V4X)TԮ]:9hi= 'y$ąepR17Cn3\Doj'7u@m%AEYή8fv?5BnoGO3m+({ Y>I5`?[ y}B=L? l̗|t|=A˥uqBA("vIP 9@G@ h qUG0^EMqw~]uX۸kH&P4(γ-xHNʖp*tCfaZ36fz)ζugas%KxvǭrHL͸bKc4da68dd68c8d42b61ff4690a8239fc676735c719db4751b02774eaa33f59d7694654b9153501d046356e203a2a288e53e379f0b6`2U]T[}VC%g \mTbQ6>ty*PV$&,ɂXH8[+A2vqqMXl]Qn,uZ5m;}k(Cglܲy I αkzPmV xc1;Mt( YZ(Y[;#A ܳ՘͞-E&r=)GwvqN_M3 RΔ]|MD۝G)W4s4:LC%cKcn\?N ( ҜiQΑ%f.*\HHn ݒC:ĭ~cc49LB%0$Fm&$Dԋ<WFDOМ(]$lZLR.LA9J(֟_v.߫yݹHHt6 5~% $>pA{?{d  @ %+3<'' &' t' ' '  P' ' ' r ' ( !!g!(89(:f>iz?i@iGi'Hj8'Ij'XkYk\k4']k'^nbpdqeqfqlqtr'ur'vsH wy8'xy'yzp3{<{@{F{Csssd-client2.5.21.el8SSSD Client libraries for NSS and PAMProvides the libraries needed by the PAM and NSS stacks to connect to the SSSD service.`ppc64le-02.mbox.centos.org CentOSCentOSLGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxppc64le/sbin/ldconfig /usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so 20if [ $1 -eq 0 ] ; then /usr/sbin/alternatives --remove cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so fi)>@2F-%  pppK =  2 AAAAAAAAAAAAA큤`Y`````````````````Z`^`^`^`^`^`^`[`[`^````N`N`N`N`N`N`N`N`Nc6eb14a2e2aa47133247cae819b18b533cd71cc581d049f5b720ac53f6587e2e22549e602e52b9fb78a946491ca1f3ee5def37d237553e750e1d6a72cbad869fc56f6e8a21fc54a46967db901b2b16ed356706ff60ecdf8e216d6585df0664fde59264abd95ffdddb06a1d32aab935b3d0ed8f009e8e26f38ce759d63656ae9abd7809396f101d73d0e03662ad5780916095c2634133173f1450020ee4eb14b8e87434a917eeee5d7b973d3f19ca6996832d865b09d73cea2adf1e471b1a7ad47d868011b3ca21b347395141d679cb1ec2469a796ae8ddb048eb5a12b2970cbd8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9036c57f43c939054fd4b831f271a14c97a488c38f98cdda5e887c5d396e3b3bc587afe804e94bcab6b7101764cd276fdcf0e3a3db0a4e60f8955132c92a824239f5f92c09baad20bdddd3e9ae0454173cde561b251a4fc221decbc4c1a1a9db336d41c3cb8cfbcbdbc475304ed04fde6e0ade747eee4d78ab9bd50e798d6f2d7291d91b7a48ce24c1281e83c42ab0b6f1764e831bce978c2a84f6fc4a8a103f7b179fdd1b981e3e4e8c84cfd512c11816b011a4191b709342fcfb16512fbd992132e3d1094b8d5451113de4d6eeea18d8e8b6861d50e8959232a8eaff722c3874ae6324a13845c4471f39826dda5305dcc4941ac0840af769da88d980a8f3b145cbff0df8b28eeb23cfc0464d7300c33be6406e7465fa7e585ac1863a71e479edfcc6a0e09571d2b1006c1279c8060de92be49776f8307bbcafd9a6c9058d0eda0../../../../usr/lib64/security/pam_sss.so../../../../usr/lib64/krb5/plugins/authdata/sssd_pac_plugin.so../../../../usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so../../../../usr/lib64/cifs-utils/cifs_idmap_sss.so../../../../usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so../../../../usr/lib64/security/pam_sss_gss.so../../../../usr/lib64/libnss_sss.so.2@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.5.2-1.el8.src.rpmlibnss_sss.so.2()(64bit)libnss_sss.so.2(EXPORTED)(64bit)sssd-clientsssd-client(ppc-64) @@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/sbin/ldconfig/sbin/ldconfig/sbin/ldconfig/usr/sbin/alternatives/usr/sbin/alternativeslibc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcom_err.so.2()(64bit)libgssapi_krb5.so.2()(64bit)libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit)libpam.so.0(LIBPAM_MODUTIL_1.0)(64bit)libpthread.so.0()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_nss_idmaplibsss_nss_idmap.so.0()(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.0.1)(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.5.0)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)2.5.2-1.el82.5.2-1.el83.0.4-14.6.0-14.0-15.2-14.14.3`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/sbin/ldconfig  !"#$%&'essvsvukukuk2.5.2-1.el82.5.2-1.el8    cifs-utilsidmap-plugin.build-id3258ef31ad507c02a96a49b3aa2fe43592d4f96f5ca7169feada8aa0e1a7a6e765225f06873aa12c6511ea131a4fcb68306f70f0ef055333056330a9702a7682b5b1f17e38541acbfa2d84133107333c72094ef4e0ad300846d85eb91c17afbf8fcc6562992f460e5613bfad563beca22423a4060167bc67cbcfb0c3f01c6a6ba5272a1cae7c5e2ce471681acifs-utilscifs_idmap_sss.sosssd_pac_plugin.sosssd_krb5_locator_plugin.solibnss_sss.so.2pam_sss.sopam_sss_gss.sosssdmodulessssd_krb5_localauth_plugin.sosssd-clientCOPYINGCOPYING.LESSERsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_locator_plugin.8.gz/etc//etc/cifs-utils//usr/lib//usr/lib/.build-id//usr/lib/.build-id/32//usr/lib/.build-id/5c//usr/lib/.build-id/65//usr/lib/.build-id/70//usr/lib/.build-id/72//usr/lib/.build-id/99//usr/lib/.build-id/cb//usr/lib64//usr/lib64/cifs-utils//usr/lib64/krb5/plugins/authdata//usr/lib64/krb5/plugins/libkrb5//usr/lib64/security//usr/lib64/sssd//usr/lib64/sssd/modules//usr/share/licenses//usr/share/licenses/sssd-client//usr/share/man/es/man8//usr/share/man/man8//usr/share/man/sv/man8//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mcpu=power8 -mtune=power8 -funwind-tables -fstack-clash-protectioncpioxz2ppc64le-redhat-linux-gnu directorycannot open `/builddir/build/BUILDROOT/sssd-2.5.2-1.el8.ppc64le/etc/cifs-utils/idmap-plugin' (No such file or directory)ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=702a7682b5b1f17e38541acbfa2d84133107333c, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=5ca7169feada8aa0e1a7a6e765225f06873aa12c, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=72094ef4e0ad300846d85eb91c17afbf8fcc6562, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=cbcfb0c3f01c6a6ba5272a1cae7c5e2ce471681a, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=3258ef31ad507c02a96a49b3aa2fe43592d4f96f, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=992f460e5613bfad563beca22423a4060167bc67, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=6511ea131a4fcb68306f70f0ef055333056330a9, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix) "+  RRRRRRRRRRR RRR R RRRRRPPR RRRRRRR RRRRRRR R RRR RRRR RRR R RRutf-8eb38a04d972d6b413ee02a797eec48f6377302850bd1e51c501a6c0edd637f9a?7zXZ !#,曼] b2u jӫ`(y,y/A_ʿC wJ{ũ$5BaOrО:#g:մ:%IR{~ኁ'5h{%? ?r[F: ,ʐhԍ Vu'̱aH3Ч=ai oa*#8XkegCĢu]i~׹mWV5 QqdOg=Wj)7>\H ^R6Bt=(iV| xiVXYMmy1+Nq q75 })x\9ޯ|TՋct  C(w\$Oȍ7I\O΂2~,sD[a` jp/'8%ϦPF+Wׯ xq`N¤?EV%OoRnhMR ?_i2U18PF灩IL 7\soot]J} _s5̓ PmIcI+>?,PB;%06ЅqR[C4OSVfr\,Lw=I;łx0c6?4=6wf`a'j7ی`p汝FU9ȿz{(b2V+--(ƀMs`(F9cpĔ)E g[@]q o؆(Rz1`(X^0Eb\ǩR58YT'~я>-Dk|:;v\~ ! BZgAӝ9tWwR+yQ2h7~`Vez8=>}rDGy0?dbhFƼ<_ͱz*1Pyuh0YX)+!6]XaR.0B& e]1zIک#焓E'֣| -Jr2pZSD`9}f`N7:FN$sayF(A$IU7"BG_߄P~Ick]i.O.fGZuP@/O7A\=JJ)/=ةup; S ǐ0cWƕFdbM0$Zs"G9S%Bh n/c%KTD8kK!6_qMԭ<۟#Ulnc}K!12@$u `Wj 1W꛷puy=,wK|rUo>]#A44:[᥼#ݞJX J>Vef0|,v$~R?1dx}a#5!qcdcһ/-}bkе >#WF=0(_˼ j1i7wISvlcPvW 4 pIȹ4e,~\98ϮdȸgAmWLni/iZg?5_`3!f7!ԧ(m^ܝAQ}8fP60D.i-zO5OVEbPj*o)v& XbpF$"&L~#8m,EC3O)Ctl ͊ѯ;,ÝBMV॰ѸϸM֤ h/ҏ0j z 6P$d(X6vi0ɞ.={$).H9 t׶wbŤ'_Q0Z*%8ތ4='4\W?bƟ>6h>y<6x5ba=F0ěw%' "Ez8XX/)'@!9c)xxflzb+nZxlc^^Jt(8y1-L {mIGNYY^xº<6>K 3)"8NFfdWj%Q"`QꐼN !?Qt!`#fKy$`m'<W zuu`QޓPM{~G#t]fy0fUHNHt0p57бJ|9c=T+yU|?4eRUeFӆ@2 R p.{+Kw]NEMqy(˼m`_gQwc0.]8(3|4l;sALnAѴ1 g$+댁Jk<ӰŀO!LB]ߵI"W++]f^P&}6x YG08σtQ36wW;rߛeP˙Ь:j"p(eI{Y$OIdz$Hv#]-'N \7"E(xn@z?4KPpOB}”sҵ@ +iWPJEѩtw-"K-8+ql2'W2ԭ86Ui14?m /u?*Q$>:J&e H\R˜JsKCS}~ۂpj.orz'A߇Tr𝟾ȓTnjVx)DC?zIaEl$Qnܘ&vJLVPPECgBC%X0$3XL)&Zp 9 YmXЦJȄ+*ylt8YؾEK &|A-F,]WcCZJ]5_^v%j5G7,vžy,Ã%OI5zlqNWrIEܝ)WGÁ㐍aNRТ 𫛥ɰ NJjyZ|onV5Gpxx2ȡe|~mPOشjso<I>Է[6qu4)ŐVm6ejlٹ{Gi9tOxDrw2*͎pd 6h~ךDZ'W¿5-ŐwADB>U O2F.65x~|)ƴox۱ϯw$C1gcGfc+ )^ýS5BKxnϪ%4}8S6F]StF+3*4J FArj޹)I.a+xhyTv81'K>ڽV.GPgx<&&#ِBYP6PMM|Mcް!k4N[R[; PA9pepuD{3M)賌T/~O6(ifJb}!rec~$_pB}Ŝv|-0 [ӆ֕JXkQB 3]b_mWT˚MΦv$^I/P-k!Rx\' ;B gUe "v4}KKpY~Q;Z{hpߡ0$e#mV;7 !(V|4s j{ZK F:d3 &{GM pu(}ıӾ,z DMƩ/Ir]䅪w]{ǻ!x-m/X>qA~W,yND {%[+lJo>Ϥм4Ku:"+l9p)wGj˚!{ [2kO;H 9douf$ mOl?nXq{wB ȹ{AaHʁ9MbI䤫.,V=I)~d"#N'nE;8˻ y7f9utX$0&ǁ$8)/yer9e[I7wUFb "tN ,'ּ{JѼzؗQB]3A'8we ٻ4}7 %Bo\mŲ 8R;[y-6}3"Cvp)ß*ᤉ0#ԙy 䔯0$V6کf7oR̡ & ֣FIZ|BCg{,Z RYqIeXKŃO>(MU_Ъu!"8b;Q\hA- l*b 4}<3wB<q/pAn:$:Wk{s brR頛>DnfD0B< iN:y2R3;<'{:- G Sz|JYJ|OEѿ" +c]5 ?$u+*]FAEY:s 2#l,n=CgU Z4$e\kzcvja}HwFe4RՀɩ85 '%sub0܏N@ꊓ<;LkMԷsǝ̱0.-В]9)ݲH)[%5/zw-i~?#%Cz4bGRuwJD U:Q҂C(PgZ ˴BTud6@ X&m'Pѱf㦆G#}ST:jzjg+Nc<,! ⮋ ?8zhKѕx]Q>-: ʈoQS GW3uӔ" xyXZ">Lj7w^a:&+C&YkI3Vf/ xQ9S>x'zk? /lM2GA7 mg|hUKw5Ts܊Safh3{c={]FB<̮׏[R<* `1UR-pUw?@h?a%oDl;8`[5^ VpapxgZ/:k{ݫ$\w<?- O?\`E% /K-vɪc6/oNCaٚ,m# |6iϮ*$եYn rS?1% GM(mnNk> l t4/>a8JCACW2 0v3CiY|ADZ* 7Qe{4~|hfjF/}~{F2n Y!|V=v `]V-ls 3A+TH%] 2Œ*E2 <\^R}Kp#\ PY+[Ka6wh >TGuu´!-fpI*zvqpeL3bezKm&—8.mʦC1 J`>gDZ|@^ҙs\`Y1%NfS, >uy|xI7I Ԍ\|Y16%\{ B7!nӘP x-ڊ>^Q|G\b7ݧȫyG ;jAFDS)7Q:?}+wj26ʢʚiBwOZbc,`%dghwI c_%lrJJ]צyc0b]ukpC!;kXk/!>. ҳf`.NS19x |dL̜GD=;泻El?2aLnX:jRG n9b<&&9i:hnlVȅ68Z;e樂/HcD1< jEգ8*@}ρGKt~.a;0EV_!ȇ׶2zyhH5ـ4֪vɁ  6'=A"qh/+=DCu-h.^с,Pڡ1Hѩ3]5ͫ%-NYp>H^ähh ȍ븩*ՎEvڄ7ĩyH}`୔P:#Xl$Q]oj.MTi$qE](6X ؤpkL!W#C,jcFӂzF~49~){E_eǔ4#&p+rd#pEu{B&Z"@B=Z:c>=CB9 ۭ(f rEt6V7꣈óCp g%a$1h6)0{7 {y/ZG{xc(E CM^RDl܏~5Gld^.֊cqձEHX^9ÆWA'b \Tѫ7A"YpT kټKy5Fuץ*ljH8 _Yp2$\"/|Qs$YaϮm(Lf"޿0itL4X eɝ~Sr5@/SANoX;?kw|E#3Juqܕ\9Hy z'ݦ7K9QBlk%GiӋ. $p%k.?lMidiNaC$W)@p`R/-?')pS9M^7&6ui:uoԞDM0q(2VbV1Nߥ&C'_GJD;nS›7e-YC#@`g71rP*t'|uz'`]Ñ\/(w"!u0,FRq>0Upw|x27*b75ȠMd[*pSWk#DQ3R.K څs~!*U J*ͨDx~8#J|1&>ΛU!lhdV:V,$$6[o# nAҜJV`f}+ HP9l\3zFt ؜\Je= Fn>NdV(&Gs]A|iPWSy3fF:#t+r|èV$UJήiTX|f:Q5]T6𨋜хW; \-Xfu4t0-P?ݾ:VgP4#{ۯh7>e_I9#'>(V]:VW<h%Bx]ğ87(G}\s[;Y ˽>%P?Oo#\t/,m؃;VQV(_wOg(;uD PgCnڬ.ݣ~ȌBTvla:q1P!UKu`R C7BB^!l.9Yb@?,΅_KH\["4&][|g8ɈdIYAXy%?9E2&J $p=S2^"j[>떵3$sr,Z_*AĞy0H6Sw\Es!JпrazznP.QU>Ms3[BVL5~=OTq/0o W\ϞEkʬpEƌ*5WHnxgDC<'_G/&q$?2=1l=FX)&i 5_V=S ]P'Ӂ'Si_`UݹK&Aե7v Ȕ#d~!fȃ95~3#up?5Lc8)ksxdv+ҿxr*i3 RǁoٵXD`V3+#28Z43e[x%0?4WmID犌F|?y{y*4Uqa;{BTs_V|MDP G !#x [:|/A mG3{[nQ|~Cbra7k{Fێ|ݔ\`Ͻ?K!ִED!؈99&ԁ|RyYNYm$/ZDC85CT0VTmuѤFSW:sPWI`uxoo>ز 0EUmr*.-j{rIuwz>,Ȝ"n A/=|n]ޏ &:y2g&}h(t>TD-EAZ`iG9jg6laA?틏ڧ1c=o&lC,I00qݱtb!('2>Q@liŏkklᒆ~d Eҵߒ{;VXy7U}h@Ըbu0)}OYL9u$Jt`9VBkwI'[4/L佊1-zr5}!3d%-M!.Ϊ_cPo iOC/̓n/?v n?(qcJwPq5--JcDT6\6?E<Cg҃ _i8C5Pk!=KB0 r}Dj0!g I?!zˎ9}~(OB`AV萙0'@b peQ{+AS-OnqU}.ztMxY`ht]Z8sA]U+L^{Mkk=$-Kl, 8plM`4qB!D9H1mqN2CM"$[,f.FMEث <_*F'nX,±SM 94 zb1eX_Ⱥ`u70+!CMp.&t$eSU;&~F0ͮ,/ Lt<ic QPezzƬ ´|>ef  GG`5F ώwBO٨n>F%y;Qw-͢qGy b$6 6%~ +=7l!zX %x-i{)Kbg՛^Ջ2LR1ݩWe/l [OenW.<(n:H8;OQŒ߽KXyl +b;.5sdC.HmJˌ<ݾyLd~")*!)PL4D YpňYy[H_ݬ_G{*箭 b_3w4*(]GŠ;|(G&ɦ)M &34zLaunU *$TΏ/sf+#7D3Z NTF ı y+ jwȃ6 ]~9w_󔽭nQ"x`mH̹ӣ@\eL۔!Br)]C$Bٲ&B $?ji2:vNvO]fC A` Y>li#IJVA>D<''Y6<=Gq"l(&x1} G=f6_7i="ﹰ3:F=zzƙ(GV뵧G}nFK>d %DOToF>դniDa1  .@ƭ{nVF޳dXL+ C@rσ͵?e,fL29vMjGOzg6: yZ7l&(4mQHPN o46.C?-P?n[s0A';RK&+=XTZ6@\&/gg.7؁Ot>yw hWp}ƔEy1 sxt&}]XM`ۯcX՗sKBw/lG_0|?~)v2*m,jm(4!5 +!O/CԗIFG`4 CS $]M^ޕl $k d>?Â3X<]6*.ʔin@T;zZ* 0t>e(EH BE q8['VcC&r#> 8wr s 4n%wW Yɢ~09M .$skZY~UtohLkzkGBVtm@=!QuC?>ƁL<"EI6@!xpD 1l]ygc:?{4Gs`T#;V0ufKz&oH'WG%ۘbHf")PIRqjg8Fh:HweRݿ`PLmyc IFnKF_i'L?9ip!Һj0Q(YiL4$_V c +E*IgN`UWaEWa|lOHv.JDEBi` 4iR 9/SEYvE>C'I`gtOI/~#oB-(qDdE.'Ȼk-]\u%blQL̶,sWW_s9N?`[M5+{VW4#uCC) #wOɤ$mU; [?CJ_.Tp-k?/   Dc#8yk=5av!(JZYvE`&e/quPӊ#I$R@"l9{ЫjO `6 (w #ܘ#Rt,-CΔ®#[eG\L-nYfםd<č^CFOM,0[ԗNO-e}#?l> WynuN 9z0 C娺DD~,* %WDxZz~Jun>ƥm|*%wOSMX̭*a&wQ Y𴠉rOD7m=M0C̶"ʭб.y;+"( \mD Zw㖥EU}z N ˣTP*y<Uբ#)"xcVQz 724+7tqOߣg /{j=}5,EoIy:ND c[EL_ p`swA0_Mߑ]z`Jb֙{;r$e}vgiW\ 8&%>@ٶ99a'o  Szo_{TU)\lO &]y%xdIGϐvۆ^fdx4ny֕`Mӯ[kA,sUK6wEita7ѼfO5nalCo및r{#%D!y( GapI_oB`_yDr=UE ]~h9f$ާ2z;ݞeDVo`fL||m;U BOՕU_Re2%[ ȀI\-sdDBemQ0*,T*kH:Rio͊ ]#%#^hafXlW&$ҏ^q5Sx| evz#w$G~K*C(,=XP\ӕvݸxf3m!Ho/ V1]iu߉KO/C  H6pPcE5IV!3{ZEȶ 9󈩺뿝}O+;peߗ#0?Kݘݚ; 1D 'S֭6+af plY6*.w\ѡ 0QqV3]@1D GԶ,{MIa%˱Hd*kHdu–gz Iad4 EKeI\}HQ\⩬7TNZqH"Ƭ{-C],ٱDbzNq,8!mً Evc_baG$(,glH{yΰπOqBEOUY@F`Ŕե[ƙ;@iAD_iEW'yaO{V~3xru/U!*}4s2kb=gGsL0zg5-72}ΚXvU3rۜRuI|0\'tsÀdQDm*+^JI#$UڛΘx[*o3B%uU3/r/p S NdQe hX_Ǩ\Zxn`p1[LٿF^Hy)Ɖüh':|0–ӝ2GG]_ҲⱩ>lZPu.?gQu}s(f]-Q:DDy.CSէBC;.@d tZNcP|M(S hďWˣR.7Yg|A_HQµ~ 4kG77qN[hLJwmLlf S``141ںk-MUJA) ɝQƼ+Yl Ht` qs $NK (iTɊiQF)\s2BT3Z:e%Q_y)!o4 Is$_Ԑ7Kf DUum-TcCI#c3zDM֪[uWD|?@9O(L50ˉ}{?lDoj=X`.Kۉơ!$2\ A'uŠQz OEFV/ٜuWg'N,:=*]`bÚ%* a7˗r=@1GϫxP G̐)Pԍ˕_ eГc!eni0߆#Ms(ȵ1j &Dw&^%.sp'M 7AHHIzlÞ?e/Օ&2[`އ<}]j% tm#ԻPM-ߓm3V״X~S(n!Jf˟vCyi0ׄW@s 8Cmʒ%ꁫP~ڌ.c a+sK'DojG9O- *W^AAaj gYFJJ@4?28ild'Vlȸ V oI1nf\n`>Al|`,DoCN&(:TZƋ.Mgt Ϸ}EZ[ Ehk B΁ec #R_p_3|p:j@ )rHbj"*M)UUߵ\%-p5oR^զQbZ1z/GC້pV)w  *rRx8"5e,G1o 5O/_m7TT vDB9<+MJ`I)AV8`)`AIs_ n~LҪ5P:!EQ$\R䏻ES ?Zd)%`gJ\}&Q[d(m[>8$jc.I)l@U[['vҨ;bkaeaJ6 G:fq]. ౌFz.E#V6%%Am9aV3q].$BARf1W| *?[/`Bx{4,0@Skz챲t/z6ps:P*~ݼh;.'&-v2! dd]1}#H񶸄*rrgY42zWˣ#- zdYgmh_)&gAYa*۶&qP!OOT]kL- /\yX_mkx@Ha'zWn$fZ~ss1>؁cCB@˹Eet!X |j{)HK±/Xps2>2_:q'~6D Iȧnqszsl ~<*ы!h>a>6id:hPYPsP\F%wh1ΧH\v`%l9JP QO8B͂34qU^ Ɏvc\B-wzVoG5v}svҼϵrlc_NMꖤB*:Ųſ|ӝm16kPv - ;UޯtZ=| ˜jRH QHpM[4cnȒOos MN{*8Ju"'ԳRPyVq:YrySt>ք^_*<κ `P_}1w Ixz*?{1.Ȭ`]k M M"~Ej)g),!p8\^^:[-g6>&hD3ھ.zz0: bOxO|!CۘU3=f}-/wVSz*kEGLDYkĭ 55b!ܓ*Fע%j[^i@<ڮgK9U안h!244t:?Ց es˄,BrAF d0T_k?}ăYo :H,D S^ݒ-Ka!\- Rj. :&Q~P(*eNjg||= ]@}dnF <[4mG4Je#=kdx2u]E1s*i jz_gzzO}oDt)>?F\.|m !^/MlQT45euX߅YȆU~B% C\q"fkۖԩUM"lхCKtD&Άha_) u)E>< 8׹_OO,!xՌ!)ƎŌiXާncX7&-V!?'u)QpyNƝKR:D&c>3^R -H2Ll}<;zZԐ;)? MDYty=LueJqnd݆>7XIoQ#k&CskH'n>nƴ(2 kfHLݼ.d7; #dWh32Ok\8 N펄2֖kح ]R^gf{*CeCWp{= IDOw!7PMc?/}bJ6Ѣm:9AL1-Z4 {|# x'fs ,?Z;ǟrWT-tm^}rDoBtnLR s^R5Y(֠92S]`(&6QG~#ZKg YyL^O-B;}eT~9V%|zDe*’"~{~PfQYL 0өh_tWnkYfo页;aĈΓ*US?/S[Ǥ|9VgHP 3hdE3>eֳTE`J1g/yu]nar:"? f~r`a: dk(^]x=6d!'agQetKOЅA^D曽a98ġ u;ZC{H4Q -؅*;e;'- V1=dԹǒث(W"!e$wWӷꐓXzIج! <F7YNez7 w G蚐3 Lev^v!3a%aJKu(SLjG5_W9+ e|M3˲haЌb<U(, rg͖WkEةַ7:bߨp(,=Ym'^` Όg2Y|\rgS:l›#֬fS*![k +RvsJw2kH;"iGGhMft,Fd3̐eg(I?¸9F ŶR.YvZ+C=6ٯΏkFo2%7 E遀||lx%AR#=搢h,"^~2Pe:&e)t~X9.?LAQ{ㄫC*>d;/f*jDes}Ss0F8xh-3 aK};?\ieqH7jdy'tp+L3i v[Ѳ m6:= zC6]0ubg1 =bm9XЋǸ6ەk1b:evձw 䉲|Fp~etB?!-P ya+FJ4guJ%~ }inwSg T3^9e|K7vT8Ub$$xp A"k ͸Px:V:}/3%r wW|ap7!l9M ^YA0, $N +[EAA8=TPy;l7*9ְ—F]Í;M~4j}nc[MdEۖp$v F5?)Ihs~ 3/sacL 䄥V3⺺L% tOWȊJ[@ uiKG,[,[vb`fQ6]\[qrJGRV5h"lLVGQi[gpV ?|Zza)D"mpAk"R3CG+`B\9qu\L MUԌl6~ Љ*Gv5n&Ȍ܂: \{S̭@|'_(L 3ʮ3rLMemqs;l3Ĉ<^@q nryR&Kc✰u1~RC' m'| Ud 3 [wQa_ch+ ls.YgrMtY#}jOyUx8#;1Bz/i2 n2 |esB&鄼qs4$1hQ\u"bBe ,>ҖI5(+EԆ> Z^`G .W_uwXT*Eq ~}& 1j=u8äT PQMB="z]<Z#aUUΉO]꿓w'x~ICEEwOZjxеx6wfTzWiC \؋z1;Ay-R3p˙wYP>x `'=<ݎIb1Yʣ4IޝHGv/O[&1SHj*GB,"6-6O)/aE ګ;Ɖ ubS{<2ߕ35 VCcFn_fckhpPFF NJm3wtnjYӆga1Leřa]F ]:`]|aX{d9})ݖ7E1>[nҢnKus,օ&ֹ}~kd3,ϝ*=㔏JNƁ/A&0LjN1|>K?XkkZh4IhT^#M`$z 4K#}17[L4*.lۀb9cXCF8yk:L&Fmcɱʐ'HI-%~r1Vtic4F[\_].10 Gm0m"~N> 6%zc U a_SR=3<ݿ)rUN4c_i guұXT\XYr.ŷ#Ԕe&V@rkΎn6 e"#Ho6gGI* G&WioDe٨(M. ;f[J; ݢa5yCJɈn`&8e~5}5\c+9&%Uƙ))| @"o8Ц]<n5Fp^2u?ILq\R Gx.3h.;z3DO0)d]E0rsG+Jw ,zV^4z~(J:+->KDdoz\s`bM ]XF=5~.l0i"5IŃAgdk9]%|`{"DZ}At0 6>Q z>t+r#߻P_aJ*ȱqZZ<@I^gŎ&d"`k±jZ5M쀣vau4KQOKc|JN8Q@u10rM^d- `N]\' HT'iAe/^Ey>k[+kM<њdw3QcllQJ2=4.E{y|3xk6R=Hſ'Ox7OKCSu\dx%tYڊ`.iq[QkESH+w2h[E-JYiVpI=i]F\W-MɴĮ#Iw6p-vYJv9ob̈́=WQkcXeT3ԐNz&C3rT71,yVNڜy˂أ[+$(T?RRw̬ոpФVB/uRLi7B3 3)6s7AR ]+|h@Y@+nsbRfY(bP 45C@aq$3!)mvni" 4j5#_j];yh-BV6TʻZtZ?Goϒk $ Xov!6sH)("`|lhMo G~]0 Iw|$5^bVZ:$[.L㚩wGj<.RKg-nl]RRqH?h(3C3wq?+NW/"xqGq ބt_""|>\wXR:1{|Q!aj! l&Fmyg~_PĶ1Re1x5T֣bAy1v4pY]`Iڽ6w>w2 6aW!olJ/:JAPqp{{x6 0Ҷ삑>`۩OT<}IxhĿ2i>mڬ GN_򈮵!qEÙ|/jv\zqv(OwxVk|H3*w~XGE<`{+-t aLoǵ30fc;RZ|8?x5,2{li|k*LĮvlg-/6pƨm¯^a6Q.쟸J~D2jpwVmFNQEn=?6.#bU+>nلɯBh k$? LVueȮ=/DsO[ښ_xh:y!YO' (jf?i ɯ8u)Svq컋0=CrQ.ݺ{cS5Tux|=tJԏHg4@`SX ,٪$ꞎ;TyRLdDpŭ$Qu1Ү CJvRRY]Z*W-` )^-bƴڊW{C]ȁdEI!,>ab=U-6z;a~r1ugx"fMzW`ev=!lA__+ fRwCQQTV,*0jO[}14DY2)U&OŴlًm9C=]X4'MM1BT@u=|Tr0P^}&i%>14ŸbnIw^/JЩ"FL!j@hǜoPѳgʆi\Y{t#DwI^YDN qVccTO3#N94l9ry"7Њ.Lbhf+s2W$"{Gk{]+B/%?_1D2긡<3D6'N˫!f ყ&f8CSǰ0!^IjkZ%=ac$qTĜxalBw4ۑ3zj(]飌MB3 6/IWe}}3zDّ{4&A龜N)0[$.|U;q{BHYx֗lT?\i8K*ze\9`d?/{[Ih l"(\ZP\IuG5:Sf٣5H&p(^ -H w҉Q| ^/ToHN hաfKP=K".͹S;|*jF:>Wшh2裡$L45gn) hHOL`AdmԸ--ڛ|bvlXvQS'~a1y!MYHR#q{:#z NFg$O? dFPZp#Ξx&Vӑ[`zց<::i=ot +qjM\? E@_2zdKnE[*&?hn(G" >0Y1UܑS݉́(?KI4"Kęͅ맵uOfrLxdqjYI^Qi[(j|}@հ(Tt4oשb%.^`J3?@3z nCo9:,&@ ]EZG6_S_Ż*lJPyD 7+Hܵzoې碠A 4x2F̥[ ;LV1r`pM pPII"%؞Ql`nmx*JA]+5_fqY>s##A(l|Լ߭GV_lOKOò*a+ n RM5 3بeN:M e:+9橅bu.#TDN֧eIt>/ݤٱGIQtuILbzR2iETO?G8t@\1m$E0\Y-u|XGcLx,<Kuҷl!DT݄G_g;°* EHF[NMŞyDb大]4(B"[MM[|2Gn)A`/ Ĩ2 tSWo}lI_d3J$uefRþCb@-+V(HK^$h]]3-k3Mxqn2s٧`B&+κy9"M=~GD1EZW|I$MV_5[tTzb={rq >,>5Zwt|TUI)0Dz%rExa! vZ5khYƢV1"nbGl΍ =p tQM70Kqk\nbza~!K^<*(>o;\c[oHϷʛC*Ƚn?fϠRfHY'76|UƁC !*80[?nj\A2<|>Y,Hh0` =AjUwn2ƿ嚪ZZ]*2?3a 4 B=\ÔR@n;Mgfތ(U e;4D}ZoԺ\ME–bM[KZa/4 ĉ:ֶG2,wvv憅k]le'Ƭcξ3O(R8LC USx'0VW`ZUTP5xD@"K5?o5%%t8Tygif`{iD\mbH(jx2E?NĂL%y@፮Mgjwa^n!ll­1A^O~c zE*5}Y9!ئ6k8\5g <FZof`EJG2UC+N ~bZ `\J\|¾QN4@nq쬗^u\$"BU`{jjerH5UBaq;v#!KV}j OpǠt) o:_ NMnetXZ6OM萠L|<$UaWaI*UHB.E^;gɵpfl)h!ʕM'B~$@ʦ)t.e4tY5=6`' "͇`Fyv)QWFR!/l3`*]ȡ +"vSH +%C$/ L+#m`lihܕ̖Hi.FR#n *גGt=gd(Dr@v6h MSJ?FhKWhRl]DR| o# `hM;BN @;L䡧e]7x 6K+:A[͝'s4p^,ZC#ByųOQ{ to ր[ )2,*T?'#1@o豪=|G} *P߲KWbUsÝpxpS~}0pcR;;DacZW_|#FIUyʀKWT!xS 5 ʀ+]) fLts!u·S 4[3 Tnel/wμ8cGO8&(8O$)x5UL{0Lfʁ[taM<o(vxo4"E4tu' r woQ8o`I5Tze"給ݸ,Aݑ=4еmDZ4<s+/HoL_,:c ѹoXzG1SrcY1WYW}47+R&hUnKn1-Cf^T"|s0ToP;U:04 };#,bI`|Y@im@ l8ښ%.477eT')Uz#uR?drösl- ܊2C9E_e۔ṂBoXᓊphqvEkFOT`\;IՋE aB#j=&ZqiaAaJN J%fK2|QXCX=3‰,Cx+@rP!bu+ ƾNCXt#J&y}a6⚄-+ձі: p85Y* zr̔7Хf6J+4ҬLhtv+qEB!pPju oPPC6*9+ʴQU\Jas5%iki5rXv?ϝXAKû^I/^~,a;N̢Tt% BG^U¿+c_cJYy_UA9Fpxw:~j7?Ax _5߳/kFbe˱pQ/w6?/H+UJ qilǸx6uOgY= |&ϭ%aye^ 3\Иa04cMe1滝:&:+` ?HcV Z kNSNbCe@3j} fD+_5d {5J- 'y3CAx`DT]OiF]],pf<6k3JYgws]Ҽ%Ѐ @`uV kB<34 nI 뭒LԴC]aY(߀d2X#uiA?4檤 !áDbN/] }ᵾ[y{LŽK$aaqecpV.74) tSk R_aŐeI–lib!ϮڷנV&aC >/'='Ӝ8Gҙn!gWK PT#lA+])f2|m秀<Benuɤ.z$TH㉲l1G-`K.9IH>/l<2r5~@L/[45M9i& N_5ѩ#i< 6p` #S(s-DG.~pb٧I빧&ed`uŊŕI5as8kuLz?w}@ Ρp(i.鸽qg^MHVMvcoz3U[c|,1lu=P#tBeeiK4z1.}&N3Jaƅһ'K/ps׷\#HG\ 7jaǞNOXK z*vK2󫂾zQP!m 8DEjsj'bSF_]ruؤb [ n0M,$™Bg#yWssTKG(ͱ.e⺆R7'c&x]FYC>~T8 Ej Wb}hry|\1ƀ ~xW+/V@>^oݠSGHt4.-.ȳL9+Ȗq9kk;/t5!~ ҩŖ֚<Ù }mF ]]""|')6zT .2~5l!Zh LëFqIG-BW)+&bi%}ζG)7An3*Qi%1L lȘ "jhىn\̖)ŲXBȏ)wاJcŸDFf1Lk5nû(sm="҈"(o6'A7L*d+~!i0 (Tv@tBs|shUxf9!ѦaC󀍡-)Bt{  XG o]8lK8{+Gɡ7nL3Ͻ"  𾱾h04*KWenI9/뇀\Uo :@_-{F-¹}D0CF8d26㊠k u\ J1е8#*#}aUŨj]&ɫI+EyLwt 2/qx[-S֑Zәa}pR{Jofs<QC(!Ҙbb_7O`]TŒ2a+uGkġ} R:S(zۻ9n;-D;Iŝo2t@CcYsPH_oKGBz~>2ޟRq)5WE˹<ңZp[HB$԰yk,^]pY.bnձëڏ)Q8t ln%a+q( Jڑg/MNMf}8,г3Dt~h/< 6c:ݴv*d$`냧 8X,ep:P8O1826?uR68z*xf{O$5hA/nΟK?~U<Ŷd 7Ji'7.l:I ƿג.;X(2B*ϙ!dt+9v,f<x-\ftFu֨C0dsjLXiÜ/F L&ԣ>dPcVM- m˃.zE\42'pvQ?㋉]y%(pa'RBJxjRl1`#Y߫2|bt:k5Zm}cf_1]*nf Ȫ#d7t91x]cz2;|SjҟcCka6nG3,ce@6 L ;x*[It^N&0R>\'+si0Wǁk#FKخo̒2{:oiAhA"oayȍpnbY5H¢BRWbKw?Wz}RNt<\H8<iRt~']I4Is`SB) (N[{T35@ŃOd4IM"Qc|# e6h?T~ThV`!#̏q% ͓ۆϿ6}g1Z1O\)K-Bc5xpb7MF:~Qa Ι-kO+f}E~3 +ߏkqupYU2dxB&3Ɓ #V8{,CKZǤDa/tпW9 y$@.@n>NoѬaԆ"Y:,I&bcS7BsjtRG3/ YL=-;X_ʔDeM-{Kp:\qn:Q+QhMʆ|v)4^fѼlT3FgUo?C =J_nWMJPoAu yѯURhze2#C=?/DBk68TS5Í.'ec+50Bz c#Nʦ}d͜Q MF*'ȫ47gayn@ܪ~l_=8@8J{ cutkBޯKo+8  T`u1Dgxs2 $mceeRJ;Ͽ~DpN}?nu{wYfcDK6gT-ӧߵ' :ޠš.T?ҞVNq(`@c~=y˟/T26[hA/C2 Tņ™x7jBtZLeĉNLp!\Y P) |wVX8hdjY!~P|LL k6mbY>-ȧ+G媦'"z)Nf]HH&$n5EEG4b,wgQZ0EDANpth[w}-]<3vPѿ:;aF$ 3?"{$`Y=]>DUۛauˈVzE[ N#7i`즞M)__@ɑc %~ӱs^I0TfoZXcϿL |h G-Z帶b<@G!>dPĂ$wJww,Vx kJGkv^"3"UtAe$I뿛Uq4UCL]db:h^&SpX[&J < Q(67F҈y )P+m7ھtX;ښvB,cT;)a6j=]9`zn.|蚦VM <YA&|<&tϱrs9LK+y9$!#MoDejsSbx9j+#D07eIغZ;lUPɡhW.jX A 5{sN|oG,See`VP)5KyZ1*M+լUDVą_pw*i0Era)|,w\jX!f6͢t0oDwYUF'd.< ?]epzt dQ.J;46W==07mv4@{0U܊lGs DyݣCƯ`f[jY[JWCνϢ=wo!埡~)[3%lzdִ\hOp.LÚ~_)&N0B@=WE?XKR@p^ݏ6l|\tsmN-#T|fnr_2 +ZfEΕьu;:!!d% 7h eLc"X66{$[>g܃R}YxZ*aN$jf "#@Tx b ×|_PL+fd7#w\U@H5ڿyi6赜Zh7LTߖ=ē _zH@ϟ@at3e|׸Z.Se5u}u~b`OOAˋeG:XدE^ʎC\iW:Ob;Z>ߐwe)r kћ?sdJ'۱K/0ׄ\Sxx޹ZmMnOfDY$/ʍE0Z/2NuQq}6,ڨEB"דӿd􉔽;CcO 5#78~+9i\ \?rW~ i[ݰsHSRUKWj~#]{ i\T׻Z?y`r=ΈwL+K/4H_"qu3"c1#AQݛOgC$XpG9)߰&bPC00HrDE<}11j?S :6߬X]n3#us_Zyt"ǯ$75c4WY(G(tٳr\a3 >wsl?0v BgsdMKTY̆#`͜ZBIEdR/tEhGPZb!9H1R|Wz^cd,317&Xu 5TGh6Dnm3Ѵ?8f.d)n-.2&4mFzO: nYsCi߿4׻i/ &'@Qمts]9oKTR=@r#\l?#eg\p{^x"bL-+4659x}x_R %oU~=EK%U)þT+b3AZn]k߽楑!I0Q #h990Qyq/ *G,5ѽ:XN_4TS˾~ D7M: $V!ΊMC[S#gKVEMseĽ- 5dM7[<"=v 7ǐQAԻw۸1e-P3&h+Fh &E^ _B'+ȢXT)X&*|+/rFzSJJ4΄#&{V GO9>V.6P u5>ׇ$_O˳&]!\;L䘪b)8F |(!VZBC-ېɧRaHɇ4P 6QPe.9kP;",$z=~k+t[>gSnNjQS'V2$7d>P\q@Ʊ"~ è>`ɦSvW4"敯ętMkG)Ƒc:+x5Dz.d[*%em*jLE%C$ Lf/FX}/rbʴ?oY^ZM_vZTk1lׁN5gJ*=x2O 8[5Io+ѣrj9]H-);rA:GU ^`{y J/=~ik.n>-&Ӟ0ھM(iKPgUT3x'C! C 2BDݎ/\'v~"7Z_>q-q x\dwY#a-F`TMMBY(wA93DӞ Mr ;a:ŻFel~|><`v۷tFkik!=͵Zďi@U{oL,eب&jgc%|/$$Fm q܋nj%Iܩc|.r8iXO]* jRI4 S]=(?rumE,J[^G$paG5p: _ށ gCC 䪝Gӿ(VF/UOkѦNe a0"򑆭[, HpУI'_Pv2C÷mxS3Xz4BCI_Pϒ3VgVI6hK?i>I}n] 3flgcuA9lЀHsA#;`܁(1$|um0 ;$ƗAkr |qzf%բve3T"TcqrDvgk-拭%-&xl]-gM_F?8WL]ǍAU7yD eGY8YRx;  zmd>lv o3iHI=۝&p@c7yȥñH r]8V;AmN;= 3RۓIߛaP\~(؁DҫEX~ ZHдi \/CsHA?Id[#s(|N8G{V6M&X&V~%(6Am~&1ar {Zoo ;]@!zs}a9Z6xehYshl:9Mc+헌P+?J*U^=1s2'_;JHV^N;|6`TBa8O\a8YR/;/rm>8K4 IDhcu2/$It0nANVg@A1KXHKD Ȏ35iܢ v~ڊ _kSf;KlC;aհm3}dt& PLCm6AƝ㯼)xDf̵e2S#wp7D0?G#x/(ĴzK }M8I4Zt$B55K!Gs=e/I+'t%[BP# j #[ϑl.ok5]YR7šQITtiz醩e!]jtw7>Ћl4ECC -ׇ?8-嘠wN?qV #fp*=Y2L]j#*H+G$v3 4Fk ozE)A!جD1.FK뷅nkGѺ\nIK‚3_B[7,4#8zNHLAQ&4W388C fq6Qyr@p> >]2" Σy G V@3 Fmx dX0A!.62PǑ3*RaʻPˠSHͥ]p4ᔈ*(lEA?*Irf7L[1,؈`3HȘkW|@ d+ =\Al!;5֥mj4*L HEo@D0XZno!Wxͫg(R(J a-6u;5"arff,6ɣM"w[/dJx?fAb}I? u (Td>C ۨ z64ΰSۉAn{0V5"|H@-|6Щ/= 6?2Yy CI}Lڰ:-oDc9Ϩ[!0{is.{;5C2|㱺vF:pڶ{;pP`wi~D(.ӱ1Z"l# "-kf:kpHmR߬ 40{ 7SWi4"zPi\|`B X'0y :D뻙LQ=b0CN҄E~$ BY/bk p ~qȄ_/cvp?%X!KM4ڣ`Ȃ7wul@뉿Pҕԛ:ӁZITȪN1-ڠ<]զ!(Y(o# Ssdn[ %Ku[Q+8/ ߎ-`Ϗn ohsN>Sve0G_BDc\5&EA!K#~S8c-+z KҚWbu@jI2 &Tw&Y3Xi=ȯ^ʻM%\[Q{tjF'na:Qr+22bI p>cRW$ _>jkϸ5q -Ȍ+jknc>QZde{aLa{;NoE:^Pq@ 7O|nbmxx־ 5D]N]~T 5|C\1/7K\H#X31|h^v,`Z閣9Ӎg$0 89} GrFE|ӧ?l_r&n*22C4]љk'"! _Oz)RDyAUdY ӞbБb*u\u_A;MbŸ]**8cpZ2 :Xw=a4{k@!jI%ޙQYD@HxB_Ÿ x"CNꔤCf19"8s?Kn:0j"@VZ~6Tkn65s6٭>5&ӵ5Ifg.nySgHBAfkA7mKؑSo$J~/Žy ]"A9u3!E$Ϫ8 φEZOD|g|[n3G`Yw2['̦i\FjFKd"O,M*Ia|kW*<"9$V;Gy{ϩX$߼o1GT]ۋňUѺ )9;[?ȴdWP69|䈴nz/#)9t!;VfgRh 5oN/'LѵF8FMӘxj(ѪWa9x>^1y#`(X|4c5x?29萈n'; S{@[l֘Yg 2, H)Zj*NL9%u&z GaVU*}qQZP!KY3[E)Q_Zu4(VGI(3塙ۃFQ,jԥ̽M(K4d* iv6s%-sA'[;'kI؅^WkP@OL=XGĸihTM6NV\|s;5122JW1^l8ϕͮd7f()?#+ڣHb2"CWlh;)-q ,N˺O((˳\9M3dXd@~БQgk5:c~4[ίW4qMYT\У))Ԡ2pI)n}qW+HR%jNv/\70FԈR~jc A<Z)0 :uc~QcvΊ֣\@ltaQcԹh$SưGgQټ/oS?VCS;1#c>zB"OةIjDw|_|K3נ6yH@t !N5x`1E اy!"i<<^`v@ yX_GwU6E ۣFDS89c϶Vw2': ~fZ(HTՉŶy'P쵘.FIVL:|Z=ot\MՃ堪ք\=/jJ8ן"WE.OPӰ R~}{(-J PdqdCֽ0^#*:j? {D/f]x:E!(|)hI_Z@34,i"ʲd,a0%Y&m8ѣwVNMྈO_]/xˣm'<A?p.yVUd!Elx[#2r9ս5p*? ׵VУ_+]:i+eҥ!^a|DXH,M8ϨT)k #gx\.žshnnY,nFǰk/OPvgI &`#;z"n7Nw]5bsԕ[Jңmf87K;#_9iL\%oV[/SǀN_◼ZB~D?x$O}~6zVާB t2fSg Ö ɬu^ ;9a'ڲ頄AA|:T0$Zy_iK `aΎgAx B[@&>|N[gmnKC 3P:$ e5l=j">=(8ཫp&$氃z7)3 8Mk2޽.Ϭȧ4„` WW2z[&EȂxEu!?KeG~}.՟*=6cמD_lAX|oqW;lc`QEcv:"Cmov(&ͩ1ȣ .[~bEwhkEW([K k o$f7p:Tg7^Y=}.F)QGby ˕Jnx_V04MR"&BGAd@dupqo!̎u(¾2&DhǍ{0w(Bl\F\(r["g8Œ'tes^ O{5;ŇEo *̽@cX#zZOa 8ݛES޵"Sr >zZ8GЎr` 9f@JPXj Hڧj \rSeo 0 7᧨mEUi%>jb >kSC9|zJj0ٖ^txKxYoWB-F6-HNH~<|TI%hlIS*cg6hdoXiO2C |)Kχ-~;bCt+W6Y_Qk#2:/~&E;p҉c[r/]" W;X:H*Lz5pbgoX<#*Hz0y׉㪢A`ZuA,<EνYl_"Wmqt&!0jH"}+Űb]5I/RY4OHJu:6Fc( )O9B<6RiKjsap}~V·[хN;`l(d-ҙ x)D u^,~ q'#vz0le6mJ6=fbe^@'dk_4i556"男[6GJ .|u{!H'`%E)AHϊwWXh]._ȧ7v 3f%T]Jƫ )V`ִ @}I0"j?;%=fʉ,:Taي]@-@퓀٢alqs\)nlS .݊(B]N"kKFЭ؜Ԗy|U{q7v\zKU;)]Ylnn\ 1v6eaXD|Cԙ̐:33QWp{j@a=KGڌȠ]z ʑIҦzxQN <]"]aX2ABjqCu^ẂiehOӔɄR˅O̅?dJ+ˮ6g*{HMlT5%"oꂡ'jו:z[sֿE6-hc?OZIm_|4_ l@7ƙ:#{\ ŗ fX&>VE<`Ce ߙ9/}6{:dIޜ9bI, f*ǚήSuIE{ L%KMWS_x_h{ ׊Xb>Fg-p,2;<0dYz0E.cz^1;6VKdU٪%o!el1HE57H7 ᬟ [itX;?^VPs}BB*w :c:<wޯG7* ;䴛ؓc[њb:wdЕnZ)~,Pz^Y79.N%#ѐ{׋^;FE[4,,=WIb6Twb !@BTj̩rOYۣN8M66U]t$gO%s S-"L_ER3E`unۑZX_ZF AA|$JAHlm}!?!w|F;]?I`kC r?WP@rdP;]unjڒ(m\O~12RƄ!!WR׆{h&~J᫗ZcA)_i@ʁ.nxM%(gjYO+NryF\iQa"'߷}X 9/\', : cMgyoI~0ux Z$lNFszkC=09_k:BTbp?jtl LTM[9 U! 6EOow; Bth[FC +ϋ+nr~.p/̶ۓ\:]&lg6.z;:rStk2@GlYI~te.%gL ' iۆEtyZl(f_z@^̑@M .֗_("& : 1<0\Ayy{b  ȌTY@ĵ2h%#DQN)<sav;K3`?NR.Z']]E~i{9@9x$_ *%f! 4Rۨ];oK 4]ye\9I=׾=%iBСixMv⒥~@Nsl0Kd#_z~d+괤"y ٺbP]~6M"N'ȡĵj}-u=T*$dl tH9uNϜM+wI{8IO¬w4KA@UĪF=z#:ze$-ӏz#qz1ҏɧ>c⿟Uva[:vk@c<<ĺZ$?drOkxk:^ԹgJ|5$umnIpw^Y[DTȶb?wPJ)s9N#W 7c(Okw#e@O w@C^Ł`oXޫɴr1v:YS1ف9ȝۓJe`.6t\u+HحHaW|"suQ\FFM %O=&Im_ WT-L5$sa r&6Iՙq^(W cXJA`RYMf-h+cKr0{04Y{[cI0&w{'c:\z;,ܸ4M,wwS|y7uvnP <Orb>]OTnpMK^Z #b-}#n;(mѧ-m!H( v)i G(҉-r'yC\W~O_ep6J;2:5-&Տ;/)4I&b0w\EEp!C f0G9S@ńI05""0a39p=d~ *V'UⓣHu/䊍&tާ`zkjEB-Y .O lpz_7U7ί;W7d?m/\ZM4?waӚ{eXN I'fbļ90Tid|5%ˡSSlVI-mlKf?q6#w:cQ\i;M4VtI" uyal6|O8~~[M薆P[ZY WpcGj³x&Hҷl2S wRC?ɿyۯ4o]L?(z(b5G'i՚nh 69jG?5.vkO*)ן"2nEf+3`t䓲BXW:({XʂlI0GZT? TkPg7he2= ?*\D4h! ܳaS 4?x-;"` 8P (R/ ѮPZg%{̵QW .A*Ƞdt*1Nb&{Hy7 _3 ?teS0 kb9R?/#.X*<9nS{HB $Yvpnf P [$9اF)߶ʅ2.rKt3KϫX`F>G/GET~;KC\R_"'nJWMˀoQb܎(PY-n= v#y۟(zm~gL]`߶b.>idEcԺ]y~H0gN:%g(u >Nul4^V= M-Gh>"@ϴ:@> ?NN{ Շ]}.R|SDuiট3G b Ǝ4bJmr>m>`}:h>}W9^Нg#0l:5?]RH  8j0cX3hyiM[mEbD QKҼtRUU{my#~xe;']@2Iy\X߼We r]O,SFWGr@T( i@ AՅ#U~^Or˝@HG6#n@ޅY ~<I\7V<-< 'P!"3#_BgB_ [a1vEj~0*2ie\X+2 'AkjkfKCAuD1 k<--ٳJ. NQlM>^n=B"^.ВPYFM*n4VuȞYwo )3*"oؿ95"vr %is=go{RǏ$r>(*RA[WsR$ ҷV1m|ǟA?|W7Stɏ f2[XO*Onysthŧ*>ّ'r+|S$AjQjd T<gk) B᫏؆Ծ:.Ξ&ɉ[vE"5>|.mma~d{? 4yE"/gIHL'"Ja#ƿc:<fA^ b,EYeһ܍%G9K)D~-8Ed]+N4;Mru="'|?U-Ke&8ML*BEY昗v;|zб_&hGv5堘SE1^" {r_Ol좆#ڮ8.?ԵK++('\u^Cnw@Q2>/$Ae&ʌ~B-Dǥ-iZZ*U._^FSIx[cn&X}SP) u@&]ɡ@#!==_KF }gf$D ݋%4آr+Uo ![cѰًFhf'cupP#Vz*eg@uo|HRB |ls"=pM,"*Q[ ,Y=E48MnWƥ`'`V)o܈iキ3OW4,?3tVqzGBGZooHH^Cbr?Ϻ3$8."8?αa,r 0af؅[0K4Hf/OqdV} Vѥki.J܏@nc 0NNU_œpX^~yN ϳ<=Lmv;B/rMwPmۥ@PLX.ʐPQr GG /x%,  1#\1pf$>Gru"E%&qg$}7fIg,9Ujڌ:% GQ˟ق/4Y7up[sKBs!ΏKh'b;&'6YZj[XGV:!؛ftlPTmGELJ)1B;)kk)d6WQ\:dV(n1n~P y"R^$0V^*S6v P6"AFT"c3fdag5"K~r`/QhMiWa|I^8t-ݛx笺+hb\]D6WUj_㠧;&} 7aY7nB'*:e$f]{)Ƽ)j:;QӮ ^2"qss9BnG24DdQVpFEbYNlՖ['.j%畍i 򙩃hZսg'96m(g;YĄ.@3%4`_>ă(A9f{jٱ_೮\3 v؈ p}Қ̾\na%>#?ܴ< Jx* 'k`#[H:Ć*XMvt#R dj3h8hh"1`1tV1}l'#;d>iIz zD8 'EqBP(mEo/}ʆK0w2Ynt~ hkDd#2ǩGRUӢ eH:5GK=GM~e*uaTCY># !vE1Id\keLYx2oQfG ƙNrncQ!Ӽۅ9K?3AlAwQ*eQm]Bgh)4f"ܻ]]jǮkm>xv!{tJ9oŸND86PtY dH^laψmnWSɃޅ0oy  Ù B8dζ¹C$PSferYɳj6UF˔؏d[)XѲ02ɤ6%g \ #0grQ+Ξ-E)2@ܨQ8x7")3譁 5(a0yp>GLSnj8=별1e *ZTpco"J2\Д%E דjJ >t )zDVξp&s3cxC6B3 {!Gs؉}:sVۏMK>謥ګK&~U)- 6R:Ϣ.Oor 9մlA\yΕ  ~'X'ۃ9 p֝i^Ls^7;j+"EFT[J}` hgm AԈx#p31U!axrWť"pʙQ9kBmP~٪|YrFM&Ԅӈ08w"YC g37{AJ?/`"Q^^TμL 7_Ks<>,(@*`! i& Vo{\ ~STX-VXN :N>Z:.ɒϕ{i׆rC/l& .^k6Ԭ7*_̝ fh[$sxf ,)z@7 U.cK6HQ+dG*)Ȟ{U*V\" ?9(hT?qw!ӕCm3 UBBe؏H=*BƸ#q ?3=0Dg :2!(FS@~\ʟ#T}sv4=rsT=:úp hR =N")CJдtK46`j;|͓+*rW- aV' v``xя40se̊r2%SZ }z7NPcDp~Nu%,B YJmLj340n\1Z!&UER(N>yH vaFצ$a\.*m1a ѓQnR"ԳR2l$kcjz<8$nHqF H&VcTgQ mKβ WWq-TX@b-|!%L vHolDZؗL0d*~>''SgBmc1;!tIw10KpxÄ7m(xtai2FJǹ9':,d YJփa]bsس+u.ړ5fZcT`xD+Rep9 &9ⷢl7CIeWwTCA^*p5QQ=bDWi_:{) ᆐA(V ,幆ݝǗr'[31mLnyYU?{UNU[2/.brׂk,u\$ɎWLGT['noq>v1c*LA]tJI;ѫkJRF[պeũ8XR|)N|)X)+~&I G]V[mŖד¤$xgoɑCFl?MʖMb<8 lsŭ N/mQXHʈP:I `B ? &Ҙ zb2|R+?lr15L zC@p;ĀR_LjipPo?3nw}YE[0е1Y),O `yfQh0q>_:'GW,l< i,gi{l>;m+89v:/ɔO Sq{ӧh)1Dut!D ϴha;paݚ>+ڳH[tѱ@x.H_3&7s1dAXA5o}߾~:# Nw%'jLAf&aM|6왈~4]my7ܳf/"14W1tm`N>80~ǑN1TO @_X{e2~$dCd?/Ayl#{{cfCz3x%PF 2G \>T(-s,\Z2d$/\fT $Ťn6q32U  ؑFGYq4b+}˨%f|-,ÿu=CP ?@|S*ƛHAixEgt ԗVꡏU3EwdO r 7mj&-L6pPsXޞMRwyf+bDtF=c[Vw \,)$pJ ˽P{w)'eIkۃr z<,>tXrGګ^So@-PN4'~O͈rvNJ{:x_`uE~= QWzR-TnԊʻwGySh:Y~Ӏ9x{t D-" I?vm#5˃߮́Mʫ<13! yS ϻcG> ӂi`eV*Ēw ?`Fo{e6uMGX-**oRE.cH҇GrH-Hq%XjR+++ߤyVMV_-y$tP 6vYNE*ĸ􎁹>pZ'VcAzE2FM^`&F]QeBmҕ##sK \z ;Tt?qOVq>0m\LӞodY*AT Ky:BEajlM`v&%I,]}VCURw/o_>8qqUn=\YÆi(2r%4:bn&W`(9mq䮑$8:) VrB⍠Ŀ;JHifspT@= hTWsPr`icͧ$68,}X۪NA}5 {~3,yF8U˰nktGM!iٛPB v0%Z݇吩|`@^IŜF ϛcjQV4FΤ-Ā/? 2^B$оYs@:VX%颒e4/EO7}d|*OfT] Hd-X =:FMqszho_ˀ`y#1cim8J?qvx4Rإ@8.OA3ݐv#^2kw DB# rfM;w)FƊJ܊5_!>$MQ=S`TDeY*v9|W `F ]2#XS:s`>79E]2֘Zmb)#a(#Е~* w/ QE4?`\U-*"~ ]h `&؝ՍpWnH١NOK|1U)_%X@CQ)Քe +* ϰ gNΙ3 b>/=8{Q]c<~lm?GsD60~m,Bӷf% BobM;k}q)RI2 ~'7$*״M$dkC+ ]!2r鼄"Kt!yL;ԛCgdY%| X|nH*5-6ьVLPMF9xǨ񸓼ٙo8$N W:9x*uI^ T2bڥ,4D=CV:Z4 T|byg+7Ap>V775c4J鉅:fn_+H (bt[| 緸xD!/U<Ʒ@̶QpPa"1$cfkߋ79b$ee09dm{D69'=7< = Yw]*-y)MVZrr873&dd%.c,<y zijMcw뿰ٜI>@ _ $X`v}~;;kQ2mpx$82]^ӥd*n $#95{}rE(WAE@ul UO@E߲ԭ_ &bEwO /li_Mx1C[(*P*y;w!zu#3Xa4G(dKZhװ3JAIu`{ž6{t#0l1f-=H@{ޕ$ So/;(j+p{fx1]?WCF~my6$+FH`dTfa6fu<‡ұ ԁC[/_aHbOH>|5}:)M͍!4Wix8fOqFEx! L\kxٝ} \f^ 2P~T7 AUsAR3wN !·.=Fߡ*}0 K"Y,~R2؛Pa=Oh4wjjnVZt2ZVEC5;{)f˳OK;3\~IBkn|672c܈8pӛ(*Z(FlbszkL-MWs O]q| ~̶\/{ǷN/Y%5EJ}W'0_P,Mn@ qXpMx f\ !E^_nNy :& c$|̼^/&,u~_PFem Ieö +Y%Dg'Bp6w qUJuF@S+>R%V$̡حCV/KGXD 6.a_IbD V P"VP3p6 Q!Jl ;y&>NQ2F>g4eshojls5ZYws7gvLlZ+eM}('A ~QIBdRbc;2EFma}OQ8_ÈWqNM!l,v:}'c3zM¢ӽ6g9*Ím3N Jfx>*܎b !gnsCf,Z#i [MceuZVs跦Nw0ʧ6dJA`mG9*)5Pd3>/bTӅʲ|~ c2Er QP3ܢZՇdž)[F#"RHnXI/p2!L]%*s٩8[b"A_#W5sK>g򀐩*RS34o`rDfЬ+ W(G˪ T鞜\Zn761g[e4G5`A Ӂ7^Vƣclocm$ Ȧ8qsj4`snj I8|}7UTh2׍#d6Te:06iӺ=c Q<OKF)2h"mX @ZHUO1>{S ?Ӈ/n׮JyevrJb}Wm'2]n<'),SZٞ*{"2[%h/M!VظlXLe #_)Zhh^z4L9Nl7{fzmSL", c?yRf'퉶!pM<iAx췼a4f9,7FJ\\ ]nsg[plVE*:=` 59+ewggۃ]p" !xY8[)X~  +E7c >Jf|sy۟Ti} ,inx ʿ?aA8DXnYr䩪J8+;8#CvU09!C<SN}9T˸Qb7s ZM C NGFޣb̺]nmch~8-6m$#޵6(a/X t8^3\x6\ڝމ'c7$Vzs%j :JV͙xފwNWyZ|O*L5@ۃۿ\0zgLI@Ԣy!3sԅb PɎ Ya놀8o> Z驜E>"+#>= K(w8&穋%bK@\{bSxc3 dfN*mu@R:J)#YIJnG86]"[ŜQVZmyeDL$XAHǥl9[|[HtUm4.}(#*-(.B*{hɁ}o Jqxh>#7o 'R%9.u'B]bؒSjS sx KCAL_˜U+]U2Sk>d}; V=׭~j 12;.)wF -KF׭ypPS'joi7!50y!^x&2Y5ѯіQCw7X\i} lGqAs)$} =!B(4vTj3sBkG.L"#GQbLhYn7kϴq։E`[=j"IUO|XwskNW${ !a n婣$$Nw[g0X(&a9 uu3^qfn~%}}iiY]b\S" kS` y*=(Ϸ;=m|ӒRr$TE6!$1^2.zXu7ïinumG2(=1w&X,oz4"$Mq4i.ք #Ȍ_ΞB2gMS~O5w?7^GN-/聹v+W*S׀ʼn]cݝQpj?돒Q*qr{a Nm޶#vTW%gaHKJ'lIT)_ުWkY>Ap Nᯮr F;oxNw74pǻåsCu{!dG 5OlCX -+A5"t1fs58KRuU`Y5-$>Sfbdo"]F,?\ ̡v"UTL2@ <%/}canpf*<"*Vބmq|.O۽{UbyWM2磊Pv%kFY WԌi g!2C~h8є8qqN1\%&L]x)q8],-7bakF(d8F2U(쎶+6o`;7)O|}=U4H*ƹ ˄~=m[T^HƁ(tI *G)jݧpf/( X~hPtqY|X(= |e:5ᝢ=- Ef=@@:zH6hNK,f$E qr2K+t7\ͭ0hPhZ!m['hUR(ԟH4e!1J> @r9 |̑_#<5S|/xOm[ɻ1#]z޸ G`ȣd&Rqy"[8?"LHOó1mz(>FK.SVL6bVg~{(ܷijZ Kp" utxߟQM7Žw6c9UFdtuz|"eyOl&&6..fC}Ψ\v >eF $fbyh ddl ᪰In]'ڤw7>UtxIUӥ9J}?jǠ ͕y$}nNVoO;o*i}xܐIc:2eFyMUeSPXɜ1weHTz,g7cbv-/v-(I1 \pj;P| &a1Y*xӳ=cfjjx_옑_ u%sG$?'MM!Z>UP_H\k*fYPuWZZRXmnBQ$r/{q;/ļmg?{ދB+mtȮWcV9 Ǵ[XOxG@HEv*pNq]&ڋ@Zc8~9 +sEʓu[ZUvj+4 O.Dx`}2M4P\,֕t`lk W7jl/2zQ˻+Q׏JCh5^5O@c]BsYLj\ r.PT&7&7Km0m&cD&~j⛎V5Mu?hZj@{TtP/o&yf9ؔR=iVc'/ 5<| G`~nQ/$. old tKE܂dd1re.JN2߂cP@tj_ZNyy ajqgͫ]ujU_iVp_H/ (#2)yȹVև |`>Ԍ@ny.f4}]eSFg?Q lߎ8tV/30RGl;'P@paA{0upr"x{ ҋރ߬A.r@]l= 1 1 ?-v|W FU^V[q_[ uKu>sw#`Z&BApϤ e*/`"T3Cl!Hv>l~UdQ/Hc3J1Ivu.{}qɠBl/\aoS',*GgVc"q@Wq2aH,nNz=lEը{<}l)(o?:U]UnHf0qM5F(EBˈ0V”Bk.J\ʼnHdX-LvMWn\I\ש -͸$Jⓕ_9 G% B_5,'ީp)tj?gk'DذH>{_BOY?8.( Gf. LImsp(JuE,$Ғ}[PyG@@4D[`GUeh+̶͂#KU `N[Y. ;~CZοOɜ7d7ڧGS6㳻06KC<*[mn|^-q6ȢvQG OSFZ,MXw!0-*H &w b b|C02E3hZYw#<8To$#_􁢩7Jklp`:EmƢBBnin;y**Xon " G\EqZ!(j)V톂Koy5)H=+=PNB=BѐZ8N QqK`yuɂĩ 7{ }doy,F޼L Tm D -!8NE`ƖUyӗ:gZ-0PJ$Ď5lI CRb2γA7E$\7MN#{R3XZu I\FL2CjpG%o]IӴ֢ySYI"w/D&k吿4WA&eU"\ H6s I2l"`fui"z==ė7)-iLWo,\\f,k\7֚A BA3 mU[{h/Z\BqѾW8|Pt/,nuvK1ˆW՚n hE1';GnClS'f>2,^Ĉ7=Ěp$9…Q,duT-ynv.iLx6 RvbW^y?!8|IR`z`h]8i tѶM=Ldfq§ra67 LB8E/#-B:B""%`qJWYrm3 77^;'/8בpkā)ړ 8<ǯSA)9Yp7{J6%q(VMI2Eҧ++EYCV)X5wcDLTwz&px*Ps16ǯZx+qg5u8j~RӠtGeepm=az嚪w3BsXD/Dօ)Wj\,dw!X V2UuۻrH9k~[ݮ?g RsgC*r-Lzv@aﵱ߄JT p;MsrAmg]ͯ8 ?:?qX'P8:>$2Loxv_*dF?F[A!m^r^~tT>輂 i-{ JX_J/> .N5l廒DpUe&']Gg\w_ضkt#C `iWIEISA9ft6LRDui*Zۙ R2ZaZ;_ܼ(_Q(>EȐKguڭdbBl}raE oi]zjԩZYv/f!JR'ׂOQ<䨸(A&i xxq5blhY.7ukq~DTxo ^U0=N p}m'i~zWs-EO5 ($AB뜋2Bg5gZ2.Ϛނ;1] `~D 0gt1H (B쮊;:;7aW84 vH͂ v4zWEedc 녡'&;Q-vwZbz eB_"YN<^*@;Z t0>vY, ͮh5 x#·(xnMT>Ɋ_Յoi`v+Zf𐬅DdEbAp{_`P*mc%l>Qh7gGf`LK\!渟k8O¡|D-XSpgWh_n|Fu<>VMLԵcCdkg =c˺6 n8_fA&Л%nA6Z;DyZ4Yu5/q=h j QC -;pFcS(銲#t×3餎,!ɇJPdHi"XhbW9SXγ"ZDj{u&pdJ6/*LgX"@GI j.rǏ?ӴٰοJʘ^"jYؑ[{>{5Q𡇒G#濼'.x%1 zꌇR)f f:>KAc xB^` u=s{0X9\PW$f6œ$~x3ꡜMpD ||Nm=t-'d&ҙ>#An>]u DX*.GkUF(S5 F8HذQ7!qg谷, WlOdTQ$\%KcCds* :=㞉-!TG WXlY-}]Pև3eH d}j WL0]2k3xU\Lvt | Chƈv:IZJHKS-vvgV[YX؁)n1Ƶ# [Kc{pPm}cJ׌glB׷O_P0M G|Ղ%(f)쩧Ok :1,1}W qx8g"8SYUa/z{~o01>&c@-zDsю/^4 /*.l!サ 0+X vzLϨ KY/׈lK|ót`]U!;n9)ch (l5|ߪ"2A65}`K(—pg]!źSVؠ|dR*׀-m %c1rTqNGxbN+WKO^pyxE?lXT:X}}ů#]ٙ5&6{$[k/+YX sk5 O4^t=˙} {m0-}nͷmO+4I%vE>+/cODжD7q3~ΣqCж'%%ܹ_;ޏVz,E ( Yv4rg,` Kz0vD0rqcBYTS%:] t6$]#sV{^\cy) K'T˷1(%SsQX4Y??XԜjlzyw=TKUs:(uIU^m~Wg3:; Ƽ%(Q#LS{cTa1&hrcSWiKQ=LWJqUH"ˤj}8OAy>I dTs,a:y"ȽIJX,RoYcPk"d% (,?ū"|t7^d+s f?oIFFVڸ> Dî0Yne\Mp3'*ZZ-zr3!܏[Vyh >Og))[RQ\Ip-~dKf\\_bq!$˅?L/R a7I)Qy~Ƕu(aYز#Oe#VuL!pTYqxJ4/z 8Ѹ|lG^U~J-cwƳnГS4kvQ\;ȋ l=լ+C$ K,7r2$O ėǠPeXeH@s ى-MGX`jŠ)Hzwer~쨓sGp!ALY2/Ci R=\8VUHox3{+1-*327r>C&/5I % !ae2FF}W479KPMMp2R+\pn#&(LF?䕳*]'])Q\KxFÀk4V{SA0 鷢&mI)ݷ]pjitQf.Q:h3R6}B$Z@  m|mQq!0H*/'._kBCe)}TTtbbz߂=/Phq b#u bnM|O[T8nqAGIMpjc'ZY9 [esݲV7N*YóB*y.129`[=1-3ڇ|I9ig(JEϦT:#r3tV9 6AIl[ڇm_$dt22x/wD-|.I|l `&>r~cJ˪l5L/ϝ Ddf "$ǼE_>pSM´豭ue(NKw8IyX16CD>FP!g1ۍf4fJsx;ͺnx A : 5A~!新۷9G%8KU}tضji@} KCSqkh#xc4FǨjeBX"Byre8 g^{ʱkvҨʋ %_\k?5/kb}ELJL"Oj4L "~ǪxRym?T瞈%!kY~XJo^'In:iO<| ˧{@q|(}D}yLrucYا k͜?>K`,OmZǪU5"OAk(uQגp服~ $⹶g IRu 23,T3(~W*{ᶮy-mKz/BG 0Qr-./MFȱuIsw$]_6;vXw-okύ^Ɉ̙il 2)A,yrHۀɱ%N:wXv{ 'U^DKUY)YA>!\&zn0tz`à!~I3^ppc%p'(+];?~/0/'l?w%/)B+ h_fKȰDQ咂%lg.5~#i5MDP1$d\ )TSGG/WLN7j:N>!'AtQxA7(H&c(9#X%gFZr4cL ` c\J []P(߂< ӳuVQ1/.1d"։cea#pdbFQL-ؚ?$`t'4_(J{J* HhsǓsfB~uT~mX1rj|\QS:_.yHPs_?|%Hףqo%I}(SA?F="#~)<S1G`p1Үl*%^H痻`^bed]A{X@ⓙ7m?($m Ƿe)#@o|_ ,y4 f:qWn Z8F(7*z/)A`/&ގAנĂ9ogroQ/ywrU +R0KEc2$-3zB;|Tc·N)i .Jt=aV,.sǟ'ߘkneZZkO ITQS)Q甔eDU_lj5O$kɅ4>"DN, B•[=9Ӧ J,0񹺀@)O9$>8ry),U #ӑo(K Qa#=Nr/գB(6^j5dN:oΗZuH?"U Y#"MUx({S^Nh ]-~ ݲG 10 ;T{vKЧZGY.p~ex]퐆CRY]h<ThaHC+TzHFJ}\ 7jQ9[}i!4?dIqVY?gDMK xĔqqDD9;" e j= ?U8o$a˶~~!K'?u5b\+0տk`KP9i_gʋ1O_Rf "#B7]s|^ZP!,CVn`E5nWhCVztma*BNcض`A(8t|G)dz.A:|xhs# jK =Pu- TP}y:Os;;R@nSX6pˎdZ R1ӵ7bw1! %Nl{@pZBXZu(}+jX޼nfE)f8f\i).lNA*i^]'])zݪxݕ+ / ]ia#X['A J620j`nvafog~[#)d2fgVYDȞ]7ǀ !T-Y O0hBq(HX xZf`6lfz;& _(6}ֻ:. vV&}V& R?v+as2#ӆ ti^ jus)G9KxڅXJ-"ڶRy-7BGǴocuIo}HX73MFntg,|pO<)d%;ٶz,X{^ C9&.zM;~RD Ӡ?7/V2'qI$Zwi:41SR; gszE-kS6XLJsS$cO'OO#u6B=ى悾5fR:n,`8OkRMlklt=!'.vki~(ӉfQùПtm!so!y}2u?ʛ fX[twr`Z \aQiNy  2rXqp)53xcb9<j%_2O^xY.āWYV/ VpkcE{0y;¤c~YME@5 *79ʔ& M5%fmT;}qa^&G54[}x?Z0YRTLQ7wf*S~[nFW33 .N!0'B$)DS"Z)\6.r|ParH^aMS=;!}g2[Ic_6r|bWij z8ux ??aplXg9PҨoS\|H/sZ@9 d,JjٲUh "pkT\[\IbAPO#$o!󅹐^˧S`K*eBCty:-+d@i)o&=$}GkxVWY8W]^soG||S JK3F!eH78ɻSr,h` 9%@9t-ro*r&Z*PǺ}T%$ mdOp4_(|oCA{>A_!? -wf#w--ώ/ oSf.+,`jr.B˟$ ÀG羢S")]Q<}[^;G f4DەWANX8O%.׮N 0ែ–. GF(agIUz@EY5'{<'w@1q+1@P` "aQsV|RF[_ӸJ3~Id4*[{w=#+!kHcyIl^\PVI Je}*{[;P A{^ͫv~AMPC ya҇9vZMfG77KM 4~mĊ 'u?ۄ%!oLV#:W&o)'^0Qs9FTVLRdUZGoj~1w+6B!v 4b(F ?/Hݢ "L(~{b6Pz@ꡃB`蠺A|#8&V]p(P7j+((Odl&|~|K,e0otc>K,\{h&B;)!`Lt42<\ʣ3IXvsǷni*sx[cL&UZW/w$yF4^\E])s*!6F_O!TVISl*aN}?ޏIO-`!Rglr4z5kg+2wNv^8:4wH-B 7ڜC.3z GP`Z =0^ZJeitPgg"t[mh+`R+[L2J[O#)TY~TєKu#lUd`c"y o[I|<niU閻NHEEkU!bL5kk0@.v8 \Gy\zƌiaS)͖ @?|ٺzhNjY$6SSEz̛D [*N$K? vtW<&?.g.o5w9Gi,ؕ܆ G !I 4.3ۀH/Å!3],n{ 4r11MԫNXVbz{8$O$-VU#ɧ\v=~d"| Ufvo=.4.k&;~ ADWqXO,eHrM:8CW?G(+9q;AURVk8=\6\*6YZC<)|Aª8=ĉm{A+ ޺Ί-tJM^RɃA0) IԚss@LZˬhySoT[.ڧ쵏sYE';'>u1|MD ffZ㬦*@EJuң j^yBp lqE9A΍CT*`Lm^JbRͣwYmj$/E#G*="}L-;Nvl rugOeQϡjJ?G2ܬ1vt疳d >-7|$c;Ea-،w x`T΢mÚ,\ >/3Jt4j' hx>ӊ]}h\0@DP > 8آ ׄɊXߒJ{;kɐMvrIj)|x' Hί)dZְ+ONmcNu8ƺ# 4\]@-7͈&گ6Y!a$g#^kC FG (ߜ*Vp91*e* pT*y/켧Q1od R `mV"dسS 9~< L-79Dx84 sJY^Y+ې&oK1:A:zq8HԵ-"҇/ ,WvPl'}@Q٣ڒA_ˆΞ#+A&'U6t@e\[W%B"xNjA^f״+IyDs8 BP!l(zcIA0;A]:T)ej_qg#N!4 ґnS:`35[jo5 bR2Zf` Ćy|;D h#"Ft`f\ӹd5_Nq-Po[2DGFQCo#Y1u'lc":!h ň Z@>K9Vg0x;g' $hґJ7Zتs:8ZLq7!ν4QIReR TPu\UVဎN}I墖 7!9X(G:I-/%YB$hLK4gvs(RA߀wY_YkW&T],~}UQbLrPϕ>DCa1RU-)u FXNQ}=n8 x~߂B0N?_CI*!'':\mBP+*F3|`I;(vYȣ!T,O>y+h=@͜~2>QW\rn4LbzY緻y0o݊8YbvrcH_1j9aJ۳yMa"Քsr.[9;=+qg?<я%薞lCkxHJx n-j/]G[WEEJ.@>FId&Vk}^x ܶ2>o^/$\0J-_Cd$L`lDIFL\P]~ۻ)n4txxz!{}K73To-/DL8hmFqGU!`|D=.z AՋܣe),)Ybfɟ/n[;nDgp϶yyP d \@!SEAf*l8=X=pP٘:i/:XB|1/Jz4/9`^z'NIuow'aF5@$lFRz\M,C 10%B$RQͅ8OwѤB*8kBmJqDD77쮨Ѯx#<~f\aV*Q٨Qrca ]hq {WiBX!9QS ^^<b;3Oeۘ q2ӊ&rilJYۣu8Ϫ,x81}. e 4`Ҭhe6?{]``E\whumee&Qx!vne %\2&C48ec~=ǧ"Wbȧ4 uw/bGYa %FB׹ oʼlQR扵p"F{,P3QJ~xG0vy4yeӜ:g rЙPqp}nֿ͋ ձ_}O-(bU+EzW#vpRwgL G#x:PG;cV^XS}sd$>wlw`Z7mIo[ilfz9骞Ds#+n2jӟ*ђ0Bs1'ܺt2FS/FlڡzŬX9M);IWF-R_Q"HhC_]Sa߉SZ+'5 +% -8%^rpl /ˢ]8yd7،&LLA-X. U𚂁fޞEP19ԭ=vZ/$b\kM<8ijA$9hoE6V̮ϩRH/S%2t™<Ӣq{]UoZMeы38qZRNg}]nMh )|!g˯+h]6-h0 J«(:˯I7 1 &AQ½[:gsi4KY V)@LȘT5U GM)Ͱ ~`GЛJ0 b+֞f@7ەu!e-`R`yyE9&\[3T",ў$sG^6BG^^#al5XI#ېSfǁŔ91.#tpz)ޛvF>2\~7R#U9IhbQCK*Av3KcqHgn9yr_ݷs ed+Wo&9`т'oqVf9 @JZ߻ٍCgg ӑwhniuGUT lglt,tyQԈ^PݟVGS?d/ a!5,{2e2 :.+ۤǽ;wOڨKi@G@+]҉T=OT\ECd(1HR_%{'a h^GOm؁(r&O6Õ+JnF yJ]F! gr;-tSʩ1 VcJPe}y"5yJLb E&Fvd:o{`ܾVعU>z` r걇Jo'ٓ 2.ث􍝟ԺQxq?Zŋ2vg>>Rv_G0TGd4wL,0{ehw UF:}e~L5ksu+x_ypٛ2Hmm_<}Xv:T.ܣd:ިqGNa¤6Ƿ"2`0 bFsus(DМ \Iԋse#ܑ?K$vcc-!xx 6ZPIo7yliE񊆾e}Jωl΄ۼ?p3ρm<;7ިFj;Tޣ^_q%y 5*D;l(/@rm5:QC w4a`ԫ }BȌmZP";R=TF!= (䱵٣ocH%0lA u S3mfHܖc Hv^CnM'#8Ɉ91kLpP(B$1J4@#\DxE[0عzG6߶]vUWoq)OU YP6v @ُ_ $z{Oc}22Gƿ--f/kTOLFN?.-'2LZQ"xbLJ9`wefl-GpB3)iKA#F0w\%Je_gSCÍ^="+.)y71`<3I^̋qda(2_m$u"-܍ ~D3q A}fL>E_8fKJ̒6gƋ+'z<5~Tl^ ).{4\E#gypבs'6HWZ[)sIgTT4< (I[өD>m5M6 5#G*0ppd)aH[!{j%.qQM鿕l&ғHa-RΚ4a MA,Sy_HM.C:av&K5 ;!h%„ݔ]-{Ȼ, g2 a9q\ٽBs9h. FY3lt1tsC Czue)7Xβo1H܃k/#`5.N=ꊛǣdq /[l>yV6.ʙP2YbaSFY/z<:2ER^>-2.@ <5kVқNcFY]߬bرL^e0эsX:mپ2u}$`宸uair 1 Ya(Spa5n3$CpˆW*_G٦Q:MpOF'أp_Q(顲CFʚ~ ({ VD U%DO@5iIQԛl4\9cuV0TdiL3Kh<\.ossE F[&,jD(,\ ʛsG/`%;? 2 23`j*3JU!`L봛ވ0P nHmA4_Q[blG+G1jܶmd'Āxp,zK"ǗY l/}UNo?({ &Y̨oSGGje}:ȏ1'/Py= "?/б8x`|cNDs;g4S E<B@Ow UzNz 1bkC>t2@װ PHF5O3y9Wc]>ٺ]c(C{KTe'{4V1=T6Fn%ނXL+EWm;31Grd(b)o>IN K@]G2BU@`Tכ垗d|eLiKlEɆ':)JrU!IS; ~s tngr~x{ O됣ASQ E/;nU!D(.G h@-ܢ ˕47ҥܶLDÚP['KU T:w 56-Z7YlS݊ySҏ6w2%ԍ=-c9z'z ܼ` 貆@LJchsk%=QoLn?*lrf&fse\ja[ax 6#q$DK~[8,cZ$р~!G3WHEj -AF'˞,2Ss ?k[6OTjln6IJhUz r`BIIKP`杶-fnO덧 NLBcS>_}R#P%?sRq]]%Tw"zF5N4,mA>Ω+@mvg甁궑jiDRd|3 +4M1^e"N>- |qFF2TsiXb]l>NڶDM;r hn>PY4qL3\9<8:bj_Hj7TNxӴ(WP E:S6̕]dFmXf665%Y =՝&V*>s+\o.ԩŀ# ýZNڣE7~UMe(ˠ?V"m뫵fJp<|l%E0frhV  xj _0 5,T-Y*;`o׋X`,>k#]32rge[N4A#$!.RЧǿTZ\6l+FOAŽl>8E!:7۶?:([r:뿻$ ?ko0E [N]Ö0cϝ)Hn=x;Mɺ{{9;닡e5ĺR:N ^@@ {XL H+R\E4@{J@#u{U(p8 x|/,pU[fJ~B!3FENՊ PZC'ˇ>-۲E{Q}/\ 1dtI;GWBHnT򴶪yj2~+fHp͹h/PDVtΆ$A/ћM~޾v\az>+ǠqQ%Lep? $?SoI : .l?6?g|g'dD%~k}iLx'5(h;p^0AH@?mk?]w!!Ɏ3h1 gdW°pŠ.>7Q0ZA N+ԴsѦgbé5@:CRL~Un45{NMsͶEAZ*j,XqGNOn j|.s }hfWs zZN!<86!Zleݟ9GZ42n̮ . IF-}8oYԟ21#<~rPE%8[ `wixxЫS@7rQ-`ԧ:)M4ujjĖ/9B_|(Vq" X>Xzt-Li U{ ȲdȿzMў!Ab@Wz% # }mSӡzb^dX#ob_Jittu"&vh=E'OnT]8;IU ܣ)*3QMAD(WWJ-Nv[ZTLYxz6;y;'ֺ= B^ٺIQD3ܚg?oiK[Sѿ_^Ѕ,}|zy(id)}%& *Rhl?[nox¼$I+Q,.(XR(C-uHgn0ϓ.oSc U){˯w~S6k2,-1 @݁ B6.\1BR!,v1:Ԧ3t%ٹz7UAJlѱe>])By+鶃W`):Ob*ƻ87VzI,K: _E'KE֥zY9c;diǖ(3OKMRZ1ǩ.-a q> /*2}mfMaVH@!d=# AD/'M}ŗq8[d_Lil*"MߒrHKl#Z*Qބn.L˯e9\C ~{喨5_-"CbLa*&c~};T7:s#pK͘׀R_|wB'_Mrx"ЙAڕxzڅ<(A!~7jzK|cW1' \a_7M_4\b<\KXZ tX]Őr龻zSF)y5$^D`JO#KMTJg_ZJߪ%'T,c4MԛfE73VXl5bM#)&Uhls浛ao(Qhcnu:<\Ym(Y}J>$ . Or3}gv(ƅ?ʖ@y@Nj .#U%o4N֝z*' J,OrZ1 q2')ub\6 8ġl}SOQ\W!0 Mq=JH;k/Dzm9d2(?[JG<;*#5i*ȉii> \PʊY8m҇ cOhh Z]XliGnF,k *Qh7 ˡYR: 4Zk԰315{}*Rt)`rvM9!ǜe\2d7a?S`mv-]^Ouq =Q4ê!˂&$%̜hD:jne=8̦ -Y6;!~~R#k;No8rB6q/|db>M}^ԧ6{jX)>LW[NafN r{cmWZ^e/Rkc@bYRYbv"? !ׇG9Z1cWxk> [#JOWfp: ?2ϏL?O2{N8>TrJ;:\vEZg5UP>R91A _FTPφ z1Sr03(SQ$;ӏgY<[J3`sq"j: HT%;JEvU$RMv.$Zʵ ?@I!_2n(}O8:覵0ɔlR|PZodBQ:܍Ig0 C)%jJCIq&ɐP!V{/VVl{AzBje4I7 @4GZ2;'&mˀQ< za1 3]銖n}}`d Z8x0cb5Lz%O`r+}EզDϗtTV!B=z-J.z[Ոe NgwrBLvDG 6/(;"Țts0yS.3~o3+ExكͭuᅴmzooARK?!} s@)YMxeν0 :%D`FM ',(3͛}DN#J^SXUJ$osι@W`H7 GbS|~u@'"LRxeSG;ŏ񽿱Iߝp8<&|.r-JBdMPZNVsӈ{½|lr>:r^?lI(~o ^=:Hƶ"jˣnY >1זPzU׳$x2XȅeϾv}E/oVfW\ʒcx. Eqɭf`wSVk&Hw2Yח)j>Y4R_Ȓ ({CT5)hziTT"y15Ev 4 R < dD&YN|C_ bfsY8)^>3M/wK#\0㯄 Ȋ> ǤIm! 0W5M;M>h]\lOO*k}RFt2!+'R&wɭXCg mNFz.o4;9!^{-FR 3IA+;b .SOoU6yq?JurG8(8 `t%V8#LSSt\zYL =2Xud`]9-ycȍ0h zU~爸̈́|L=4DD[Ռ?iV!an&0{8/Ǧ.綕_DQ`\(8QhᜍBW Ua[k5 n8~N;sW