sssd-client-2.5.2-2.el8 >  A aBU]k ` S.s%'-T9%Цj' H%b#YѠV;3D9KDWkuU~Y-'pA|?{d  @ %+3<%% % d% % %  4% % % : T%  D! !'!(v89:f>j?j@j!Gj0%Hj%IkX%XkYk\k%]lL%^obq5drteryfr|lr~tr%us,%vs wy%xzD%yz3{{{{Csssd-client2.5.22.el8SSSD Client libraries for NSS and PAMProvides the libraries needed by the PAM and NSS stacks to connect to the SSSD service.appc64le-01.mbox.centos.org CentOSCentOSLGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxppc64le/sbin/ldconfig /usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so 20if [ $1 -eq 0 ] ; then /usr/sbin/alternatives --remove cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so fiF%@-2)>  pxp K =  1 AAAAAAAAAAA큤a(aaaaaaaaaaaaaaa(a.a.a.a.a.a.a+a+a.a``aaaaaaaaac44ed754559573a8542b9550c18675002c61fa94fd0e60fbde97be75bf4699d806b32cee25ba6bdb327d0d4a55c1b5a57283826d8935a638dcbe13feadb88b9ca4416416aa584d2387cf40dd16a02954a4ad230eb7c7de22d4d44b666f65d47810789ad24ac78151b96f848ac8f489111bb2a1fd315d44a28125764e6532c9f38b2b4cb5305e1552a62b1f3ed69e0c30d8204e24bc3f3bd2f794afbf6cd82166dc9a6b38b9be18441d1ccac2f7716a62e487ba93f6960ab5f7c602c5abca303393515a294bd41d62f2db1736213ab3f8d8d75f02bc80104e358bde72c93ee31a8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9036c57f43c939054fd4b831f271a14c97a488c38f98cdda5e887c5d396e3b3bc58812079ed2a2943936ec3f1dc19b3fb11eea172f7c5e83ca7f9eaeaaa4bbbff2ee02ac336f7acc81f1823c2ab205d6c12798501a8df6ba03632ab36196d81be0447976e0bcf42cdbd8ca9e68d762dbd3228c1bfdd3151ce4e545702fc0edcc69577329bda83ca64d67cd1fe1297632de590d15c5facdd65e644ce4a304e233a28d9d8500ee0c08c8f1577d28f413ca2201662c1d9eb974f1177b7a0b2392d0c87a6b4665415d4cd3a02599c08941e5bd1c90d027ea5ed514270a20787f8fcef0997c985e5bdb9640d934e6747de348da4a1374616515e562483e5ace6062f373a4aaf81d01bf118c19a414e4f3e7460de3251bb00dae2f9e80569da881793302611a60d85eb6d67e62f5f533e43f1d80b5fb73a9453485016ee8761f831a1344f../../../../usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so../../../../usr/lib64/libnss_sss.so.2../../../../usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so../../../../usr/lib64/security/pam_sss_gss.so../../../../usr/lib64/cifs-utils/cifs_idmap_sss.so../../../../usr/lib64/security/pam_sss.so../../../../usr/lib64/krb5/plugins/authdata/sssd_pac_plugin.so@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.5.2-2.el8.src.rpmlibnss_sss.so.2()(64bit)libnss_sss.so.2(EXPORTED)(64bit)sssd-clientsssd-client(ppc-64) @@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/sbin/ldconfig/sbin/ldconfig/sbin/ldconfig/usr/sbin/alternatives/usr/sbin/alternativeslibc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcom_err.so.2()(64bit)libgssapi_krb5.so.2()(64bit)libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit)libpam.so.0(LIBPAM_MODUTIL_1.0)(64bit)libpthread.so.0()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_nss_idmaplibsss_nss_idmap.so.0()(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.0.1)(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.5.0)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)2.5.2-2.el82.5.2-2.el83.0.4-14.6.0-14.0-15.2-14.14.3a@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/sbin/ldconfig  !"#$%essvsvukukuk2.5.2-2.el82.5.2-2.el8    cifs-utilsidmap-plugin.build-id3dd4038c25822747918c7c327ca50a35aa99e920681c70680b5bb552bcf430ac77f57b68300c134e2c847d0ee78d85e447cebbf07fd29fff2248447141e7ff1d30b3f8c71a688cb60bb68e84aa1437b428f2a9d9096ac19222037a72d11fd440193eb0ba41135c896b9ebeb0949a656fd6872175e20b41b9e0ee839494f7bf16e44968382de8a516e256cifs-utilscifs_idmap_sss.sosssd_pac_plugin.sosssd_krb5_locator_plugin.solibnss_sss.so.2pam_sss.sopam_sss_gss.sosssdmodulessssd_krb5_localauth_plugin.sosssd-clientCOPYINGCOPYING.LESSERsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_locator_plugin.8.gz/etc//etc/cifs-utils//usr/lib//usr/lib/.build-id/17//usr/lib/.build-id//usr/lib/.build-id/20//usr/lib/.build-id//usr/lib/.build-id/4e//usr/lib/.build-id/71//usr/lib/.build-id/b4//usr/lib/.build-id/ba//usr/lib/.build-id/d5//usr/lib64//usr/lib64/cifs-utils//usr/lib64/krb5/plugins/authdata//usr/lib64/krb5/plugins/libkrb5//usr/lib64/security//usr/lib64/sssd//usr/lib64/sssd/modules//usr/share/licenses//usr/share/licenses/sssd-client//usr/share/man/es/man8//usr/share/man/man8//usr/share/man/sv/man8//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mcpu=power8 -mtune=power8 -funwind-tables -fstack-clash-protectioncpioxz2ppc64le-redhat-linux-gnu directorycannot open `/builddir/build/BUILDROOT/sssd-2.5.2-2.el8.ppc64le/etc/cifs-utils/idmap-plugin' (No such file or directory)ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=b428f2a9d9096ac19222037a72d11fd440193eb0, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=d5b9e0ee839494f7bf16e44968382de8a516e256, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=173dd4038c25822747918c7c327ca50a35aa99e9, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=20681c70680b5bb552bcf430ac77f57b68300c13, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=ba41135c896b9ebeb0949a656fd6872175e20b41, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=7141e7ff1d30b3f8c71a688cb60bb68e84aa1437, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=4e2c847d0ee78d85e447cebbf07fd29fff224844, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix) "+  RRRRRRRRRRR RRR R RRRRRPPR RRRRRRR RRRRRRR R RRR RRRR RRR R RRutf-8432b2c722206546347dd43035d841698b39e7c7bd5e2dccc74a70b420414f136?7zXZ !#,] b2u jӫ`(y-s/V<?8P=6&kSH~aqEx!!cF oсM23:in5{؟X)+ pm^ԼvECS  6n?t 4V9; L|LS icA2PSkeXZA"|+|mF{-xbaqAԕ,N8?@W)+q"Wd 8SJ!=kGt6TPrEaUb �<` i4C|t)Tp꠭ )W,d/pPnؐcJ=\ ՙ8!1۷Ҋ{io^hך ųbvfVIҔΐh@@ Z,a>j\xA (:؇f%C"Y?Ӧ@o|Sn'Ywl˘f,';\ [Y%FwׁvMG}ʮM(xḬ'fF:JcMW˃sV`m՜:MmAr\c݊1;(c1 LD&Ё52Pw5|zw6E% ?;Gi}nH=@?T8k[bP4as,6FwhOCکvE87N~bS̵҂!V; 7f_Pi5=X1,1Gs7pmOxR, ݸ?(*HB<B#YkS"6Rpr O*k 鸫!l܎ыoxJAi`).Lak#epл`ŲQ1fN> TQ$` Gv935!QW>lW< SM⸆̐}-L[_Nw˺<,!e cRDzY r%k=l4N?A\EU^( ;᭝9wK^c}y*#ӄKڎvh}LJZ]k٠I}0=_0R,įnu'ꞫZˊ!եFx},_!2̫p,FyNC>56@򁃔_$H؆r4niOX}0`T!-#72n/=@jv/ɂg>8Btt";V|ǐ{&wbV* 0.y(@ %$ K/67!{Cck/c:G3w,Iِ(=~n.̬k:ܦ*k@5SӠ7T$׳BiuEMvYsIu)aSnԉ>*~$!kp󜘤}-G0yS%}Ddd#>Y bF Ѻfa;yJ7Q?=x8VlXJc4)Jh$ʉGbd̨͂lX}9D~|@w z{y: NYnbxb^g<1aGΣiUW܉Á`K /z2/RŠk}{Bi1Xܾ2ߪR` b>|,[#8qADts_]WHmv `R421wb5SM<ĬMVz? ށ/cnM|gքE Yޑ?Fۢ]mJ3,TTG1~< r>]i0~~I+Q&# ɴzk8.GܜCs[x(*) *l&rv{H 5'U +Yf^QvE\4m1q$eGƇ($Uy C{V!Z%+G"Mnsnվcv~:)k;!n.ĮDM}j"WBܖ"x+"=fPZ/W*/V9T#0M΋* iɑFASE~T0\"uPp&&F~)oA&V`f ,n wWh0 Zu*ّB۸\Y)L a.Y|{—,c-í\;> 0W0ڒr￟N>lsTlj&f'aK/v%` Ό,v`.b1^`CO9OHM߭GZkc6t\ {!,6ԵCJnĘ#/r0!=*:AvPv[MDGwK'З}gQ͌h5F5+af&Z fsNhĹрS ȌE78Ld| 9 )YBw⦺nÝWB#x &nzqNW2[8Ӭ|Ş7MEbz3n ,B[&UB7gabQE^Yt無.͚.;q$-Qw3XQg쐨Vk4gV7mf.5w9;N܌[ʋ #^"@E`ݻM/>Z2+bt,d~ }>#K([CMu%R}Fg({t#i4)[A=lVzETbB7LlZy9@%D캐{!Aה5/q_'6z$+,AWI1CJ|XB֠2UV!Æ5JVT&E=dZDR/tܮӋp¾eV* p/6>Nnò> ցV_!b<>SMjY$< SLs1BӃr?U0 IfD8\ʐCQz{wQ\Rm=%r>u[؎ BzgCOJ6=>(#C*|0. 0WG&.v  cT :PV5X>F;Fxu3/nSM=B5/^XYPӭXIQicɐc >$19CCω=نOJoIJVf]u7.GRkDA{gM ~WD[+\\Un*l)uz(("xA)^I(Z)zL124Waհ|3VG̀ߵ]R,x&rF"8hcrpgMx*=׀r4E`0fMRA w$z6QB`c hC5}-l%F'].Ysxgehl_R֪D_wPHr{_{aFgXʔ',1F3h]Q6ll]:t:]ܮ#=DJ8zAkO /b TssDPRlCWmj#3]""RQ8@2=#xe,1l i]sJt0 T ӂl ~axsA"[VhsPSox87NͽCDK`دL}K l1V},5e9[;vbL,HL,ہpbUk!.QUu |9Mp{ 4 HO}vRH3To͊Dd#sUWG\]\f pĺ#4C1ѢEpzpv.MaoX<ߊ<f&o2]] Dncf;M>A(WNJ}D,CE4n^a!͵$& )tYfT/'5^Ni0BW┨s,5 GN{c!L䅢T vĚc}}ߓHre\4l2C(&z{ҡmĈ f G)ᶎMǿ&cK-q >aCyIxp*&PգdSs[/ OrqrM+C`֥/,RgɢZ\1+ccKz[7w6Q3RX\jQ rkmՖo \!6J!{G)44/n,Z:q)ZKers6-UvaDPQWc2/xAFLX!3.eN3lrcRRSxWj3V9[JDҕBv]thU,B17i.o#xaiVpV3QC?sC0@P|战J⋀_W\Qlad5PY[95Xt M=r\4$d'. ޤ`8?w[bp JhRJвɯ s9$0cɼxז}v̑;=$1rb^ūfA$b8~ %B54" ]1=J.䗝FF% 95 ҳ\`$ 数iIa`~{."Xh2(1{W:S(jД<=k9ϗz<6M_m]7ϫGіa#WqDNOYX?+j|W;SD%KB+ч&~3a@DXLAjr>\m ܱrH $ ̙ۆ'Ը{aKAq{&R mحB񂇙xrUtJ LҥcFqBU| T3\c' VJŮ1lp6nDzL vJ$kZP8O A>L.R(=u#5*փ{HzЮ:#?O_%T|O Cx<;6*+("3Nz[}d/rQY_$ꪾ}id7c8'acS%[NR)IK .ƣG#<1Z/WN-0nrR[T{A.O:aIx}<'s_tp\9A ETd TmLn*xA:JX%&mWdAgrM'jDž! r6A?4Ε.D1+!cu IpT=dLJ$BDj;$u'|׋"C nVSjXJ'nKRۮhogm7f5&I(-GJ krɶC OnO"%ЄRKv%ؾM-2v.?@SrRbzju8צ0WBluLL1WLp8&ea(y҇7:->0^J]w5 $' HVe=tXv¾'h||+ jM:T0w3)+ lY{*ۼ >Z}>yKp3#tg!BnY-13:00?Da{wٍn?؄ gҶ5ט1Bzcɨ]jTnXd3S 6iPTWKvypaF]y-4X8 uS bSj[վmcF^S:μ7ujgҞTy%M %`?7xz4q ki!׵PatzD=î{Y*! n`AXTkpp%xH4 /Ը Q~ޢ=cvdD3, *wrqO@ yI?ߦ& + &ϛԕkZX_\f78xyy:y-˴^@xL&e^N{t,2J[O?Y!jeE?+9RQuiF/n}h)%`drTp>Ls3kSi7XeϗR4d%O$֨2ZL̞Gjxj$&Q4 ` 8i?B˪ujESt?phQ[o6;e$$>c3l,QEەRΥ"WT6 Z}O ]Ao\n{D*S RH&lSIc ꗔ;t;)pC) wC5YȮANO"n#D(*j@6LkM^ٳCؐ5I!HC!q+EI,Cڂ2ViՕ e!8L| i$أ9vl o6~AJqߦkN`>6ecYn3 H*qNk\J]^.x1O(EAoK^QJEݚ{h&qDP 4 W^AAԵ hA>/{ +6xpD+)0(tGc>Kgh0)Zgka1ms:{bbKP~Fq)"'m,~E^-9闈sDSDD4Xj^GCjx16ó+Z#BdI(Z 3c2Cd"0d|3pG:={K ;GG-tF *l1Pƫ&$`|6!CI>tR 2Zo=Ը)ϟ&C$P1`pA% CUоɐ^a֧@];pDQ،Z{;Tt'' ZfRmyA&S,+raC^W[!3q,skbٮJ?_ >7zJBR>EM\ ?>@HȺpN#vsI Cn4+nNlha˕I'&A:WEvQJW뺫 Y~JANݙ,8+ߓ|U10EJNʛŨ g#w/";z4l: &xLwTܠjfRkF'wT9P^SI% N!\Jt_4 8|LqE136Qh`PϑRM"3e,Cr !r,,8gZMEU2?f tH uj&ң>Xz~̾cG+.3-~4Y>p~C@ (vKAwb hct$v’28gYmG4ym_'JGt>}I8xApSE.;u& {ݎS%7Π;qio<'__B;Ȥ _PܥJ>BS|ĝsScRc Hx h8Pbp/߉4VIt'3'c _e6ЍIa6fq&ܳGLRQFUkEbHW;`St˔,mB^-k&v|oA!6Fk뽹n2jMM*?[9Ef!n-d(ekybK! f#V0(K_Û4m X@*Q<;Ԡ26gdޑ^fbB4Z7I K=EY ALW4iw+WKJiRʜo)v=x'e*Rx< #u q䚿R0_W^ 4MB9k0%^*î'{ ,# ]HGK_wN#2T hkú%< 簓=U75̸וpt08F[ƖdvB>^BEh7+5Zbps߮];+Λ~H9 Ἧh9#~dYfMilGaHƈk=MWIy%[ g;4-3#sϒǑQ<<ۀ«Y?*&B"-nDI3%.4!Ϻ!(t3 7\!}O~o-k:7@KVirݯ+>72Lr%/RLaD`Bp2=rc-3҇^3]jPPYP%ѕ1>+ T IX\"39OrժC*%-zC4n҆Р$wġWǖ<:LJ'=![W?1BFe@k풘¿jZ\╆?'X]Bn|U o  ձ#"u@U2:s[Ǘ l~@>C.z<gpCQƮ񎲏k^좡_H>`0"D `abP#5:,xA O8X Ճ[ .VlFGKҼs+^w5_ 65m> d5}BuK:josrTE֓3@y9s_&d SwGWNc ܗ!I8!s-(%G>L 6!ORE: i(&O c߼!8ܜU44N_ސ[q(VvB~1?cEhE|-T(0-QqiP"UKf "Ӝ 38DwIF_S ;kÇ89/H{Y"k݊TS$Rl.gzX!w(&F \`O`IQ V5{{6VZGbQDj!Zƥ3hmCd} %Ϧ&p @IL=d&$Sl^-ٺ`] Xmnr1åɩcZz//ѵ(JZmk9^6mOm(@xsaCAj ܞm{ Be&Z0p `]a&nNEʗ}u 8J@Ni3Bzốg7㊙t8(['(-pik> g~oZDqA 'X|ǤDUMp#PNҴrlt(KNiC1. z6eR̉{wၔ =lgn(e9TRwYbn$0\&]U𿡟s$GW }%l#UHAKD؅LcHV识3b** _dԚU29.pt^I^-USF~=9S`t .Hg~'X"@ τe} ҴAZSH&S*xl ׮2`8 @S= ÍṶ pR #8 oi)%w#w)76IخӒ>LbqF6S k>+Rz7`,F{ofS(P)U@}Y݅PDc {F. .ם ͫ8+pEO~h2ζP6{p}PD9_8{U7AOX"Ӄ{:rƮ<}GqGNt-p1_WpY>S~2EʃcU;EzR#יy aЋl'ǣu dsRV`}PNHC[9ĢBN[]Ā/HuUօ/RR,6[Thuz9ITД UհRw_g4CXC^JFe)!2SH(tsi .RE9covhV\C l;4y[ZН2d} $a8.ݕUzSOC5e4,t4%_CGY뗉ɯFb%A.$ GȎdI a%t8Hrd$e_lh?*Rl, glV2vg3RXå~ۅԷP'p) Mg:N[ӱj޷#aˡfFԋ"ѼʆM:q nb cGsƿ|DE#;:0]Y잝Gjo ;dȯ&0cՑ:|ejd٫jh]wV`m*w4槾L/lKh$-™1N!1ȸ㝱bQ\΀Oj%_׌ѷQp߁F;Hy+Zzuh. v/4RI]]c}8Z߄]>vl-n0"Ia WXm XS#ƎN҅GطH((ߧRe*=<{ƁaAucu!KN*PIφhi-Wu9?f03D:ײ>sopg2l[kca04ǒ_|9Db4a-^Q#jwS.G &C-3'_/闣S rlx$-K7t {)Wv *Z-e{i܋7*D%} x 8*blZ;猯~7XRJف8GBT-8яm+Da7EuiDn9{dy4l<(كO]W_Ph*_ļ.O۟0#7j+JoLrjܰ @] vDsӦdڧ~ ťfio,nTQGI>S\R& z*OubFUVv6bRWU=1:Nims#漬 lxCUm'aIwKwM|<&y o%a~ Ydi+7UO&7©]t<}5/' U'8Ǜc:` vDYoNa)ԷUMo*ö9!mi1_0xfWͤhܣP(~R sr4y@qo&֬+y'_QB §@-̥HTj?vßޗKxL(w-M` a[*Wʰc M(42HL)"VseX)>ȇjUoQj[Kezgt&^bD=l!q_+LuMg# Hѝӆ̠kiUFjZ@r>(ʜ}ViRjgu&ޑ:l]Ii;U!0{h/>`rîv%zw/9 qJ9qS?p&2ϹApwmYt}4 ]IvA (&|!N ]۸p?@f:Ha;yHiQE5"v= U5~ NjJGbp q:{R/f.\=eʅU~8>d9FnuĤ0*ICv&0}t IbJ}!\gqIYGyaIX:俅g ? }ouwHb.01{[r~~)3[CAkC-vG x Có̖hנ"n֌`^kY(/]+EaNkB,^!Yt ?Lb]"PF̦qivJͅɢWp@W*";vכ%5e ~ T- nsJ Du5ǂsg.xD?/Z3&UǺU&؈Q61矫mԨK(5O 3l7[dW77%ߘStM)e҅y"lЪTq X_{ Ǥ׭][g0"$6"cTP,.'LID$mYόPǔ@\v&>ӂ,As3zo_ȞlH󬺖= ϗݴn'~+Z_%Z`Tx!-:hIߏפ.5{Of \ D YX>uȨESQ1 ɩs/CQ[a^<op^4]Gy}>g270bאpSix[ٙ68ɑ``?ghw 7ˊց!=Ժ[Ww*~$s7#g>&eN|Ѡ^ $u03]TK|50ȀXg>ǹк[i(9!5b03h U`em?2\ 4'^X yM cf ;Pڰ.SXL~[4t"ˍn Dn/X`]*ؿ,uߤ:qId @Haq4v3R/A (z:M"HG}O{iPweHRF}vI=|u#3 @ }NvE^ A-;~b#ZؠSݮtٵV#5091Y$HQY?@f3$hZk\ΥCVIwXD47wV1 27 t>VX%Uֶ_ᇛ)U[<+Cv:}%mqd^7=72;1%b] N0*JIz[5I*eShR3qKjt#~f 'WgT[zփPLొk&>XªB@jYIM7)iӧRn L񟼼 N%05 0 &٨`  97y+BZ,G}&P"* ro4eF$` JxBY8^S0)xHD0"2փT4sS!Ij<۴)QE6eU". {=R-_;`y>Kz;6KJY?%^Y%$!ky >6|* =HP]!.՗<yFnJpxhw; > kcPuh/ScólI7=WuϡR!h Da] p4=saY;Oo23_{oZ,sT2@B a&B)~ !?vU/1n.(Kǂ2mU1/;\Qy_a$G|ZW;fdX'C`v=_F$׫f4)i5צn>ֻxadJ}/<85!\̄6ۉ&}g؟.@ms4=-^T޽2T?Jmk.XlSjml,X#b8Ն+9@?uPolh/obj2*!)~*'E0> MM6E ?_>3~_T~g7 r |jU.Ztzv& t͏df{<]R>ć9b;}0g5tZWR,K?m6<:{g('-SOb-hv<ںg+_6OD*$<_P9w0c]}_>6lƩNⷣD_7e4C'nI(_SAKD؍Cl;7[*[j4~= QZuj֚umAau&PA(J6ɿu}݆6CPQsWDBfC_ݔ;ek(0U]K $`z'&=`t>BBs`iq7oT&tzs%QӜ7k/u3Z)v#0o52䅋lm{ Q)'@q}bCw:ryQmI]g>}:GsRx1KVKLbbqưA [ -8O5qț5d_.1T*Bv-O@<9O;tB7<;&qoysox-)h{~T}߲GFn`q&< ȞBL 7r " |]cO'x}$U PW}cliQUO37DbKL䑫d *:9y^=PFI a6p5VP-i3w!n1\HB?W99BwȆIUQϮ(d\JrT 9h׫i֖P ~fyE.73"9#t^؍WopY;~LCxP-vV e2;OJjۀR`[5x]K_o/z sἸ (8]4.Ք`߈ֿypQg< 6|HKr!_&D-u-gl~9/Ą'yrTIzlPRx8LbǍE g X2%oIRF_L'R0l'{ ``Чi3cRŐH(4-,ݏ&_ inT3ח+!1~H $my\2GN -rbvw\:>}^ ̼}`,1Z,:Y3ˆ\Q>oUC"S+' u=xtYl,dUݡ[s[Vb@U xwhh_r51\AHIO#x@4-78Ȳ,_-6%t0`PbV[ɉd~BQgL vn|^T!Fd-jޟoZkx8aeOXz@sL6@-T>fz}nd2E>mfovZ4OjO/!\1}{ݴċ{ѳnj$zҼ pWm$'F:ńyٶN(%ԝFC1n Sژ^O%5σ lM-کTaIVz4:%=^HvgC'"hL@2JokVhrF^b=k=aF.hœ ~Rmv魷ԫlv's+5^+6 >_j &+5~9&ߥ`W2 Fu!a%Y$xa5!, NJα<8&]Z*\nRߏy&ǁL^ε7$vMLKX @2z˞1;KflgFS[+ᗀͥBlJ9\N 62c ϔe݋>h9ՁQu"s0l Rڶ蠆u?lo :ݪp#dզx neCWԤ~H]ݶ R4`щ6m4)kZsz3&ٶ&EevhOub6h'4< ڢ袮>lٔc?o.E,lD?^# A]=,Vw]SLrԃq$ .wFhWvL'rAZԍ8T/Kr3SAgd2 "6YO,PpۤiYwS|1k9MO\@6ݹup٭H7k R~vFc0nz݋yum sAmeu^kKtZvr]?倱JH<0k8{W,ᅣCgx\؞ )zMrv뇲aQ+ZXޱm:ʍI0_9C7vِv /[u}f?*&>^,ǔ-O ;ulHjЯ3F; j]H;?;PR}xecAt/ԇ}M ͸f0תܙ&V? >cfvRS8%-}d[fÚZQ[;#S.d-bFHh ;BK.Io1}ey)Ta9>`Y+y?ΔXs`@F|oCAXxFA$gs9*G5gs'h%fc؅]m\9&MH̍&4- &F=qlJ/Bx_M1#$:ܑr9;p1gOfݚ X0$959&DY%M1cSW"&?r2"S]}Ty²):DK$w΃#*IPlegQ5`mt3&~-,A0ݖ⍽ \G‘~hoK 7KOeG~p= }R8WLɖle\,02SF2R2Y(}`4 K[1CӅ\YI}9?2U]&HL_*8 u6ϑȧ\ꯪ h. ;ZT욬-x=d`GbemygؚXCΓZjiȊT ű[ylLcn?pKl-1H;IhA or=毰+ɾD"8.Lcw4[H"OMpAv+kM3|U>HC2HObg0Qۤ^j`0mΪ[ܞڅ o ,_)lߩ![yD(ݗޖ\40^@5赬#|eU9BH/]VζCb>-Tqp *"QԹEෆd )pdʡ0#PP=IȓTn8C޵#)_i}[g Rم0@/߹Aԍyc ,qTswֺS(ݓgat2ƪk16!ͮݴZz< 3O-bHcSflsv! Twuu(a6ܵ{SP@4ؘwlǕvp'NNU6(Iy0Od{,HLڊcpOUW@JqBX Is!6O_eŬIAHEZRm>(VXì=Iꏶux5ԪE* lͮ^U GqI Y=cDYͨ+j|kܗs25qI@=qtf;F cM [ ҡii1yWC̦CB5;]w;H>gS`x[8&7ظͶKC*;P1 t&Mr]\O']A=OQО4Q[(Rly=6.O@VbϽ۱s7e3Q89Qf3KO,QWڑWs> MG+, Mע,zDWk"VqMBx#^8DCWz "_!=HNC (D5 $Mwv_6zidn'=kTH@tu6;^1EWbq\'ݐ#tN|t P^~&vp!.KR接55pq< NN'5۹ʕJ.rX}2*n`_pD~e1_GJ$73z|t7͇bMltפ,2!z#*^;MJZ EIHOssi LB0rw딯m``ϣ/_iz0}iiHn?:UUf&$hA6/$PxBDaf+Oj>>|:lz,4(yHLo*vm:2>C&D.\怣͵\֧KH0ʵeNj\^`@(06&s9(b ÈO.1ԧJo*RFŤ6Hm5 YaR)  5I &a$)\3fM|:OS1'vJ_-B "E/_7JY.a/.[D7V:Fo$xelHؚsؐ݋TB u=k;V0V!`wiӜ; vNs͸/qv^8q P̳T;CS.~돽 ǖ/ET e OP ߖ^UQCRL $ܓGuCuY @Ki=EƊu#IU,q)&U-'u |s2ڸ5[koa~4cӎZFor>+, $_$ oۈYKzAfY'uvF[#!M6jК 2k{4DWuuniKy,M U%ѓōk`˂ f 2fc=i]jV&|:q; siwGq=:GGh71mNT\7r͒;I^l-d舽5FLub6)0*5%DK4KlM.3 "ܦ.=$DZb#nL+|j mG"O0|[vqLKGRmY`L]ȆނHɋ  ͊f]NH`lbS'G8(Wf֙|O \a{ZDdY-'o=1uU-' k^I-.c GWP!0s@Oǩ.#V Afϼ] Wu{?\0LՕXZA}Bך)nЄ\һڴ}ٴ an2g^-H)o@Mkb$zmq?~K<^v@|1=/tl>6ha;b7^C`5`vb ~z94E<}N ~}D`תT^? 6IMA3xhS;KY$("#SHDу Hx>`rYҗq7nZ~Ry+d,IJ۳c]AnW{@\:C$[ΧC{ZsAKc}ipJ)A?evJYЧgݾı"v!H]ؓ'hqtT| llψY_Q52B@>>.Qs;$ ~BbZΞ' [wcYIRWjuUTBVuC!U/BN{rJJY0>QW#e[_ cf.DF^FU-We]t("20W'!ɀԋ9FP˟Njc 1Ting~Kѽ oYs7L{C6l JX 2pJ.4?'`34}H@;-i0%FU%> vYET.䆛bTky_"$>4A5 &X/c眯V̵t!vyEq`RHkqjzZ%}Z3P|SI`I0SyqbfM%> ivW&GA!>!bDPG'J8#b K #Um%O9"[3یƹ@zghխcyr0$$/G{%p;ɰòe4Ee6r QE{s5y|2)&掓ڭv-]4m5 )ߒI#.IuIyn>uÇ7D_72HY޸1pi_MڡC}s= 7ܕx҇c;'3Cp~,⁞'I,K7R~mߴ@~K }⋺~MMp4VǮ2; )q %ԨuVƅ3 ^"%~dl%`M}i'đh9/߱MgN{3<v ~dW m]@ҼQ4AQ;sv O5q)#Y@0B!u'˔@WERvE9,\"npxb9 L@XcH:3EW͝勗ـp7p$%,+ k4+)M(\84,233p@DA?p5`5rl47WV;jہl58`Zhz& cMlvoiBWK]u^~'ߝ݊ fFhFTHF9p /UЧ]zQ(UwJ^u\Qƪ&Qظ]%uv`lе%PlG˸mwAL~ OVa$1Tp,?9&:H;2х`)Bc^}mG}Ni?2Nཟ863-,? QM|z`DlS4>p5XN,K2Q"-^ IFyD.MC2J*$vU:eNث1Y7+yG=#Wfǎ̛d4=])#ۧ`5H_dyپ+= ȏGDL "4v%!6 Fj9'U$Ddюay-E?`^d|RQݺ紪װ *1~^iK|l@  np5bB& ^T3ay#\[/D³yl-u4HaM)d*)uϟ PpUFe^_ MJuyN5_x=ZEDhW)!Y|5RL>UF42y1VPWǻh)J5y?-b4{`Eƣ[W4lV}-8A(1,<ݹ]BRf<ݻ*נ@0hijbl='+x޳ʙd=@r;_ݘxj"Չ:rs냉s2]`A}X)})}BV.:30́ɠRjҕ&/qqx@-=6-hS-ExhLNlP8,{h_-H xx#!YcN]4rflN2wV]ucu>5,cjTzsloR'q pucF2dARi5bd;nq)`2mTwX+$k""_]7 KRT]"Aa:Y(J ɯ2p:}O/ʘ&?NQS_C^)-,m7?V؛Q6쪚g^PPJOO ̞Zb7on}س 8EZ79+Oq*0b Yx1b # (֢-] ?;PF@lW.fp)XzkCuA%q炳A+w6^8{[wh9y!q)cMUbE|]Ti?U7)Z9ցvvw>'#[{|J9 sijs O1dϭUz8Cd&WL.&EԊ/bWbS 0ֻ EW4CL4W}qGnz[Zt ZkjV\~iam+E^r CHRF+"q}֚t2ZZ-t/U 8p=q?rh)sf̔ON^=L/ +6⻵$_N8 h֠R"* 8:x&+rW3e3p=5v4z&ϳP%S⸒O#O t$嚏\l<)cȍ)ivɞMy׊J^WlqJDvY+B3 Hd Ep^q`'v[ux8mxI(S\GjAzJ!n+,Czԫ(u(}S 4K.k6W {6{6{S$%{I pd&`B LzxPSH[+MǰkA0ZAY Rnqg" s6,dq~=g8p"iddgpz(QV5;Z tϗ[s8&3[[E= 7%*HĎeS,RB&D07I'`sj ZށLǘ-o~mO)Xf%|:#wV2Dy*o$+q+TSZW?5Ȕg+i-11Na@re57%*lS+ Ch8P\Ȅ砛ph1&Hԅ/՛U'\/e-c d|da ym ?XLfWp߃qehO_VÆ,8iE[8"`LqM3KO3cUlrb y#`Ѡr +IۗҺ9 2dAF5/h Ł_o} "'ߤٲ2bh߀墒5="J7pkRWgY~^]HGG? :x,T–t#eףNyCw0# F=YmhM)XϪ"p3ox1vDC wɮ q.8S%"B9fQMߧbeH峧o:4!!* U#dk^Y v,bײ'Nwk2cxCػV>i.fT[(2!0n`) ߍC=B-2)}Cc_!t܅3_jJ0ȰˊԥL:O#>3*X`rꊎ |p4pr' g9$4 GX;|yEn.xnw%jMO*ʀhkX"j)d 2EP^R-hyB5xcƂm_7<Ofo$I9d`oK|}>V]%;R+]0S"4gCO%vy&UlgxzZ?^-3:xK,ƼhMΞ7PVCcWQruC$ܦ𠵼\[1 y[: l5uDBֵYΙES._ 8*$)ITMp301er%+>'4-F!MhתD+f 9v R_0-U{5i Iw^K+6n"1Q`f>sMlF\v&%3pY9'?]d!6f>}v wөSAH8&OpOS]P73޶AMi/thr챢m֧B.73,b|2>k`h \,`/]^ zk@q SSzco87',XVE(X W*o.VurP:z4=1Zܓ呫V#.do @yɝGHrG4AϹ`8 ' TTo-*x͆{w'itryioT 1峖~f}>;M4#ؖy&FXoă`_m*#؅b$.u聩E܁t=ۼ:$6o?7!Vq"v!H^ ([1iQ?6Nةd$fwbOGX\̈c1o:n]X5Lqy}~4%ax1vhER˿R~<9E gD"%mk4rOì{Ou.C6 OLz{ki/cU)\^ '!Je(U*9Q(_T7)yaPKr_}lel\Jy&\aVRh{II k}EvC >QLڭw67! h E$7RTYaS2ZdX&rR ZEOHDR!y&+L P,>Pn.o[yn݂V7Mrܪ miMvyn[s2өV'Q~Fej| 3? I M~(Z<\U /r볘LNѸ͚TV4м^f`8'B%K߭<ڥ*2j]G J?roz?U *!lr|wEt p[OhZH< Z:"5u!N_B=EuCj+OW*r_55)lp_-Ga%: 4/9DuŠ]TU4ve/?b8&həJw(IE-IvyP ؽ =՝sKۣKNMwQ~BvuOqvrBq~a_9agN>' , mzHكz+"dT>FGW ))鬬a>c*aV߻6&=vX?\%(qЗZqgĿM./M{"X~\ +`\5B4ycni ŁJ ["M97{Gfa>/;"9*Bh;8c -+Ub lܶ^w7G b@8* ~AһM?Ə[{ʬ}Tq&rTG{~)|>ob{|Ar.',O >o3[Y= -3$W zy^OQLȺOfŊPD?>qcnO*<" ٔb;WbaOYi/rnRv]O(s-kpocfYLYwގfp ǺJi8N4IL mBj>,8bL95zRFtV; zi?U1 ؟fKI4Mvr L7 o^l "5LIYc:2 5[} XNeqY4 R+%+l*vP<׉Toak2}$[ ݞ&Wl*Np҉Rk's w/ ـHæ Clˮ%PX5hgx`6ao !ľe,^ćf±PFyù\*h@n #ZwSA 1:?*% _䫞 ێLݖ;CO d23s oX<ؘ*o|䐚fBmBd4G/=/zkȀa{8"Mܠfzl"?ʆa*[V\ v6u,sny`:GGgԪU!#N)+yxzS4+qh s_0?.Xq*ua+]f5D`T3o]cfݪ8 ɽ,^LCL0^FDVak |6o5--֛=9`{;i'[@ޖSH etZ9mrʕ pw'(#g> 7h1ZЙިhfj\D _*tk#z+:]xэdXBD;`r"zqڳ?z_4z ~y$GiٝY)~p)4SÎ\B9uR0ؠС-glgx|$8gɕnoYuIAU|zhvѻ nhܿT^A^ IɧcaI>5N48d(_  7 .G,5_Ô e'܅i>8.׎^ 1FoX"uhyc)cI\FEt iV'H<(dFw!Dyjt=RD{ɹپ%c35]1]-J//Dۿr=φѮbOQGF䎙E?K̨$(NJf8m]%hs 3Qxѣv9K~P [iCSj{89j=Ƃ0{7r>$BAƳ))M7ˌ-Ԃ X<TYVHB&0E [SKFl-Ĺ y>}u)`zi_~Z1,Qڿݨ~M>VIA森Xv?mX)RcVmX1X*pLxѭs^CX h{BLtْ+>gRby#68^0 jcެ'#&2CTSa빱7`?PP"Z"*_ ӯ| )2s5Jcy*Z@;XT%z=! \+61Cn㷣9( ֹǎjZ^vdeNa >̏ϪoO`:>&u9ǃ%?z5-(j"3U{<2ԼX |{39l# TA@F)<`#Nco6?ڲ ߕRsFm)X!e͊ OE{q3oD4tHkT'wۚeh=rUd0,r8nҜ(U–bwyp-$Eu~1wnچ;f -2:Ò떳͊~PQ#I-4Z:nmz!g6׌IkT/u*ńO'/I,:0cRȋRD"sdx4Y"$}u\t9_@ɫW>[h߽?ڌp& g5g+"yiARqMxsT>c+/8A\B$ZT,^Έ̃v øY/f,n]?$K]:&o'wN"ݳVb|7.dH1L^V&nW`:Ya󜾍a_ו~ {W5/@౜)}vN5\WLr `ՂzJD~z"ݪ|nsOeNq4ExCL3_b-"#?"I(M qN oltiX)[џE#w&ۑ!3/2bnNJb<$Z1_S)\[| ^Jp K|&ׁIyxz1Mx 8c 2t=$H"F~VMMC}x:*R=RN*) ½캓J*~3`7LgT@6DbW8Uw(fS Yb4[@ E )9d(gp:`s={h"yۄm 1D.u'@OHq̇}idћj6^};VYq<\Wڒ^  IJC+ߞR&oY9韜\{E!! "AM ahe;Ja vyۧFϷfvBu~i$0rh#Qg A3MqZ-mBIhmLj[{q0au M2wY{uWFND/tHu [S$kYsàiKӒ[7?Y_UxQM}36X3s2 |D\EʤƆc,b~+NaׯH&(Wna ܐ\[7 5kBzji[ 9}U7X NÎ-jsOriͣ+@vӂ< 1qIƥQE5GuT8W 2 կR%t5[MT f(A P6/vߘmH(ii䎜OW奂QC\h={Y&2ݭ3T t;R4uSbt١n8ʄʾ$PZ2o爀Bi󐏘e}ñ':n B #w+!t8%F$[X0wRDu0yUғ"_QɝZh 9@qnL*jwjk::@Os JEM0 nֵ`kϢhOg<;׽@Fbǻ5.ϕf~ N6~$]3r|z{9uGrt҄z~bW "(S`;IݏOc!KAA/i,d6>[-6RUi zbemvF1+è7Js5a;5jr$'|@U xc§x#mLnn|:FmdWl͸P k)N7'àRL%*/Sdš@4bo-V갿Ўg {h<7 yh-k '{x*9gyIN />/+ 3ޭU9xL4iZ]v;4F:j*z?_ngԻiL̥WVN†=Ƒtz\<aӒ4P Hh8J?PF=|`YsTZ819>+Iȓq˴ʂVa X4l4C&z+ddpe(]nFb E8?PH(«bqԛrp<7G+>e!BJQ߿"JLd>%!D{;ŏjÑy,|Iz<&gd ׾:Zc_@lP7%OKՌ!}3E}老CAm7VA[r|^vQ}9V)vR4+T.ب-1x=M݄)PR^ @qM)9Ge74l6* 7Íϫ2+}Mq):r!+[!?@8#91a8+veH͉SwJ䯠BS + ;H^]ҩ2[*SՈ]|P\)攞]l~QBcAL{e3s4cVKm҂"u"a@׳X3\P*ǮX=| ه$DCT[68&(XXߜº<!"^VAA[B.ұi:Ě|PMvűJ<2=mװmjʝ@cB7 [*&;UB9*;7棾/@<%4~]{G'˝VMtȹ.͖BCNXjhYcT#8Mp*4.hHů(\~(O8˜;7Gu`x,*Gb$9a:W z Xs}_l) N3-O"\wmwdP-c˿+Cj)ƻvTq?5#o- sCgk a}W D+]@8 8,\";nvT|<_+k5v۫FXl'A|`hHpߒf,!>l0%*!b=]1C.{ns#`l 1a mqPuZa %4tлě=;ﮫ#Cn#$AB$Q^vш5J^l967w,T|`3R ֥0??a^NR5'wnBLJuIޫǍ?fxtފsj%8P#hfMq =e.`KSnJ&X?o(Ou+AΏs  mm p3[@'%[*<:-B `ߙ8y>A?) 2EYJe%qR6epoUIԙGzY8FJ'7>y[0`}RRX~phx鮵i>Qֲ.n:TB1Ftb,_:q3agu2} ̓Df ۙ ͮ}~ 򈵽 5(`ZR"mT7䎪uzi>bo.LOˌC)`]"6,Wn3⁀I6Fy%䂍M'JuQio*gu[i&s="Z!C`7T nn݈D˹=K?T#$d["k HĀZyT8)zc05)ₕDU7FI2J;VOYjѧ5jUOIzvRtZ_DB| 1{`V B$A}lqN>g0_`=z,aQ aa.Tp3S;W.pt/44/K`.mt-8%uUi[[oehar+mı3Ī1 w*bai)Sوzp*۰\dt[C^x7H83o>I/Gn[P XHiJB}Z%;Ybja6*5 qOpM: ҉Yu$_Re_є 7U@M{xCJ+NQȍ6\M#1954K \:V0'P6#8SKOm Z]^I4@!DUY$m :Uo abꇔ`(y! {)b. M7qNɻNO XiOt3fWRK@LS"7޹ [ S#³\ h&Rk&I k4PüQb(Ӵd娞>hOCzҊb7Rsqq)ܒK(\b>rވ) x)^at3 k$bIos$6t`Xأ yu "Mr_Ss6 hnut> `qZmZ.:v5 >Ph̟ڵ 7r`~ @Co BUP#\:oIzui"~ZN+mq||2fgy"Dh,FwftznTfw@L(S Csνu~Ybk[Qzv: Ĥi bsu#S^J#2?jNhs^(.-KfQ-IGh@545oؾ +}G@a6Ey]R56o. ޷:!pC,[3*RB:~T[%^ADt|;70[`DvxYIY2L fV?OMt\%ѳwg[A;VO۩}N= Xa  -AxK1]H->}&ٓD&"Tv-{8Oʟ|NJ6~Fp)t0>ްcs 0n5#iphlTDT+؏7W<(ýg/eP; wLEokA}ZtabPw`1OT#V@dh1hοk7؎e)f~Nփ2eDϨK*;H8w޽ U%FBiRدH}#7$7lDűYbNPxZBۊ,&N{JfMk@șN7R̥$sL\+ic+W#5#pYE;mF31E>Jt4o#LJ1=u*HGx*2KY ~':M:IQzIK`@&T/5\v'j>ŝAeEyۉ/]Q/h/e] ā3QՃ o 81`Y|iucFw3:éѣW\v̢fHzaj-RP* ˙L2^5!|'B!ºuuʼlNKe\ZDg_8 G6lttY 78+rxYkO / %B,I}1jx s9L2 #H,)z{isŪG5Vˉ%|q-^G*]>_hl8ETaEZ0r8z^O7ֳrbӵ~rSL`L 'Smq)ݭ0<+-u<.|g]yJr<@@t;CXnh5e*bg'!kEI.NseU@1ے8]uN ./U'6p^'J ^aμa[y\ C&ީ讂^f[c4po(>mZ6nuKdz[f `GoZk ,)t@y6 ҥH}mۭ&^cp~k&n8rD^w!j M6VnhާDhnTHX{`wvxtG1:9gQwg|IɤLEt9خE.ʔq#>}IڬTCj8Gc2[[lJ'b: ma} * &M eBpPhN'*p)ZG`k,|C'h5:V]_nW7HR`OU(4p.xF҅m |NCDG+=/Kκ= AsjGQta;@t(!+sl3GS{G{J\&Ԇ=g8N.P`kc@^p"y! Zjd%~g \Ma8{A庘{4$WQDTY k @C$>@[hTc#qUZK5UV=|uc C^ LBqҘom YX?|+GrW.KK ﳣ_ח݀o[GՍsp'g*|Z'A: ~՜Nmk%+@EϭpfoZ~9ۨQ,LPryng,:jS_4:H:bX6\;b5#* JC4@n:]<؀+2C3s5IM|it f̨RG!.Da+%њ2aLQI^aum;<)I&BG\;lm}I^<*Z2f)ՀCOnKk#}~79SØor=Jlxaצ(0DD2~ƠONN`cY';#D^c]e|1{O+Hb#@kr9ׅ 邻W?_Zt =\TtXi&&2Iu585C`= /;}h|R\I<2v؝G=@3Ip: H֗8>rqhZЗ7wwBڪky@ ZSaR18b08 NZi$榆3DtP~|O-};޴ D|PGCW?AZ\F ,i+$&ul3ñ<”ߢӐ q%L.ݎ DemyG)huqhmūI&sF}=[Jsd`ЮżAt(KL{ʕI1{[Kun+2tg0lcR4 ؖi8C{$~ d?0OSY{ָqġn!> ʬ< PP&aXEGO WJ,69A ?~4=.Ռ*(ʈ!>ڵ Qr|XxI[j/;|-W"t͵%>>z.:YEQPX \,uTcJ W)Zs YY5H Fuf:)%69 6xV}x8@]oArYCcԡҟQ} mjYxo=upcL(پ.׳Kk׶2d%=Z^VfkυD'!M<_@D XuOW\9{ˆ>< Vrn#^2 }"162{ڄ,X՜6ٲ87.S~qpFӖix1M$XIݖ*h0Ŏ^>%n5C<)擌0\e_ׅp{KL[|lr$(K+H<>~8&}.=xNfI˘_gD%ypf\ob)Ńû}bvJGM?KU9Tۚӵ=دM*LGpDCI۫ 7uXZ;jW_5WzC5d1ud^wB81W?E ŷ!߅_<=Z>Ysm@FKS3 cڳ\bt7AR|R֬HI}Vsٱ:` lքLr]>01*xxKXqE<{7e :|ν_)uKܩ* St>۞m_xd#5y~zqnǟGWI3+LGaҥk`Vܗ ,t}AX-RҰe*{QlY =A ,?3qGͫAamW ^Va A[Km(MT}{~^O; J$5eo&a]ps݁'& f_v 7g:c,/Ӊڶ,i/tY;ru@xG~,'zЪHCl©HjR2|n9d@g[DۭZaxƸ<"4?푩LVd}B(B0v*8_UZ83 Bk*OY:շ/OQbTr^ZIlh,{[<"ҲW/í-6,ۭ V!H,2Z/kDZtA,`ؙ: '~>5@2Low?U{+SkjJWWWT:HV W " )̢Z{VNy׍[.iqqϋPB6Vhb"{~Dcz[|YPb!wƤ?i,I>V![Qͻ(CU_)  _+x@K8lu%ގTT#T(,N~3+Fꥹ[H:]ucݸU`c+ks!Jb+uTӪsk$zǹKKR9Ny}y2OW289$a 7yRtm\MU7e$1 ~ 3kh:s>xꚪ^K$sXg(WUEeM@<3{(Am٤VHa7Jdz6o)vƜG,ffjW7Ú>ߴWD 'tS^LUi=N[\.|h4o~M n :::k-,tQ04f65wkVIHHEA/)y-ߌڞ{kI>H~ |Q=QL^B E{n:$ia6++ϔ^NaP J(o2ô%Z 1Y/R_<9SVoW4`y{x k2Y4qdwe(hqdmS"B9^vW}i{nFWu\Vxv]+BY6#ů;2*IZ%.:!+&:66sOs'% lʖ8c ̥+M7?9j Y\7)OUNhE֜/}TcVj$xm4 ǿ7ԟS wKn7_b!u$h1߮qaLňQ iYs@ܣE wB}DV`DcZI'3RmV_Ԋ6KG[5u%@U{ۛD)j3smӼl2 C+!Vhm5G#jo04bĦNtUN>)Y"7UabKVN/d1iӏ*c/?mEULAEwuq>F:x*V>ː"9c7N%gcRN*&j\sVc :{DFð2o:sN 1q X1,r9Uaԛ>2)M][L!'d٫\A~=4-X5 j9#[:S\t؎(qۆb2xD^tP &= }WWMmo*zHk;qT7`f{ |V!r__B)̻?Np~4P܊u}) wrxR™H@OiSkEgv(jEªfێ:f&msng"̱kO=^3T= F E2}sn֎GtdxFp6X ZEn4(6GrG{D4` 3VJf$ȄwN~鐮]s`U6پZ&A +*[n,|!dTw{/[̜rL%b|EkVd}OtO}sIU+Vr]*xs6dgUQDZJFiW&XQ:Ik𶿺bQVa|z-^6vPF&%}A>æ)Hz6܉|Qf]opZFD>9ꛤ1Y7w2o:vr駙a{^ E]þY$2P bXAh-Y.Z/S(+/7'y ?j גZZ~,-C.&v?>UcT+2? {TNnyXE+O\XX_:w.t[G&]:4lwMԙL8} "V&5C!,eL%6?]Y/M8㈑mv$D% yT#6N8_\LVۆY֎Q?-б!3X" g4+w3>ج1?2;d)c_޽5uf\em;'>=%~%2@|! V7Y=\ R 5h9x *̂y\{jtW ikE(j%S '>b_gC;|OD`۲g5&QJwg?^M̴!j*bRp9TFU8HȬS΃ YRj/bٛ[ r%݅͢9Ml?{ޑƸ9 P]#PŲ0JmJê9n(_?ϣ?򼝱CX0<ϒk[fs';&L}y#N Wz|Oӻ,Y FhWYYŪ{=Dd6%IAbS]g̜׍!$hT'|H#khsqD>':2gv%sS">C3)&!?ÁdmXR.q)*Ak11ym4Xȝs%ڋ>Ʌq`A⃙͓x?'jOTH샩5AMK)wV?,('1U&Mղ7[ꘖ@B2?9~L8Xy ݄8!^buF2lKuϻ,д J.2&V%)v9熰ye[P:nwd(9DxN$܌A~kAU9Ih` r2)i1q2t!yɗ ;J(3U0 ݿRbZ ׷ZƷAzfa磛N3eZ.}̾GZB272별Rea;;&u/`KuVVS{+uM_/Cn|FXE|P$bo/ӡ}o@ Ivh6ݙNѱzԯǎ&F {hULlW YViI ('B0H9@?x/]= to"#NnL{wv)P<]Sg?2QRy@;vRA;W]k]5XO϶sQ~'ޑceDSSZ17f?'K"&#׎3IJs$DVx[Xq2seRV%pH#*kf$M# fIX' AMvJ9: Q?P}m =B"z[vaBNІD 1KY,uU-M`=pBL (̓e"CP,"GyHe]0,i`l~gR3׀ s$!v",i_:{/]t-&;/Vd\ҜѬu7VHDA!b.S(罌9:5S2 "}P{jѿVa*BU>t@ lNqnbzRC 'ܪ) <|jﮪfƹ;6v~-&̺qkRI ɬ$XR)ƯRTp=I2pG"DC-Dn&iJ6_G-(KPlL^ZO³itRDvQA/P5;|¶^⡐@$(6 ''Jzjܛl+%BSxQ XdF Nv=~/rArФpJr⦔e!CZ&@#s(,3LP]/H2n47cIo;N,ub=n )SnJ$Q4Y![[qW?K5- c6!Xo8dG:/ÉvCtL[HEg9(k=Қ\~l 2Aj@}>ݭ~.a%>:#\^?keYX_ڦԯd1.@)n>n~VF0q D:2V7W )ā#)'T 5ܙ50ң^ѕđ nRs;x0=wAk+J$|BS:: JX×KU6͑ywigkRWohOFZ :rrjgbp~$ 65?I#}poivQ;<ԣ:۬ih,n?ut2 ޝ8z6w_mn]Gҹ7yYb`E[^V}Um3OhY^Uʘy+fؤ5ul}0'L U[cܳE10#V&ӹ!`|\lfl&@)FW͙ڹ dh⽐?.׆8uk R0 3`XPkJiSZ1bW9ufP['qɪ T6&tswtO[)nK%d_'G!Aq@C,pj~Q 5n.Ab/|p;!dOّIL%8c gpxvk DOǮ10arw ڹr~ j]W&N;}d;'yBD1y?h9$7'+(lR'9rxtǮ"@Г,3D}IGIg֭8 gJE8?c؟]20i8AsGXo%2ž}(EEj\Ȅ fPU OfOFb8$Ȗ% av{g{k/7 - BL=JI=ef`.Ls35|6;aTZĕ¼ zX3EĿ+5mP PwEtWĮ2{!q@}J\Pɡ[(Au"o%M'}|Ud<˝eKPaEϤ&Z4OOG0|N%YC4UfBac6a`.ou3$| !AqDDf:q -]S׫ʎ5* e6z}H s=I@ s1B{@D-QIrd-=뮔ې{rl /&O#9##inw Q1$󕘔j~F2CA&۱!1ΡtvL.M֒z4Ma$.Z=L#)O\<5]̢Wڙ=5;ֆOD~P )Ŕ95: ZXDq5 )#JN%bBw\i_Bw}//䢐+j7 &\#nr'Pa ܱZ7]kuxeIsD>#GaZnCxC8Wo V;9PDzH"qI||`}B;VX0 0o2rhTsm#7s4rY#,܆at ]IF`)-2<\:olMk{wD1kѓhBpNggg?.jsKP[ꒀ%$A"*"MQ`iKH.tePZnH=8t'˕Zx>[KP5˙a"GT}hUbۍ1%y^/z}p3(as}`ʞAh |Yx4KP2@AX Ę=Cz m%;R314{ o}2/h88&5BY5t!W Ǐ!?7 -A+gYSob(G)7GnHBuTUZ@A%VPWV6;ڥg D :O0C9B,:n~ɷ)SҷX5XSkWς}*P5utPF$ls{wMPgT ?fO7Fh5kM&ɟgͣ%793;F.F'G o$"øKt8$Ɂ_١Vz? \:R2P(?y~w xh+({S*%_Pֻd#IdWa!qiV{?AY}Ȃ91ClSżC5Ή%3~jyZ2zdgB/`}&/Rn<9Qְ2t V!IVѰz6C#߾ #c.+ksEX92Ikh C 1CAH#M< '_$ԩF|5Q1 /t7 ngu!bTBUVH3cJg;# 7:F))Ieo(wIVܼB 6UP?͓M8ZCsrjտK]F8Fުp:OuEZ`c/Wo 'g(b *n!gC0B@(a4wB/0fpY.eUtIGU6BdUTmRlSjϱhu Ѣ eQ-Z{mʛɛ2ouD3#gbT|;{&#B<;/Ɇs\665{S:*GT }͒LzcҫwiM,o^]Fnq -mXğ0|2!?"^@~1_6+.T72LhT*,Q%Լ}KHs4rR$nvh{ߗ=c6v U/, +;X⡓5Q;.'U'I|Kl844wRh⾣m<|W{-o;WVh_!1Zj>46_*xA%?!v,⎀ la3޾wMH !}l06=yg*siayU{Og'>͊M~*˕1{.9Gv>+muZ.Uao9AY-6:Q^4lf‚,%UHk!td+Me m̾q֨_KJ+O/7aiMqM]6N28CWadߥ  N\qJK +Y +pU0#kB|W^Wa3'xJC|ڥ)jQtοӡRie rI濐I* OT'Etn$?edȄ, (F+mцN)7D"C+@F%ʊ)K!)"* r7/z\J(gp[}wEdL[H u,iѸoʨC0_,H'>v߅k}+wGd-˓(PON[gn-#/N1Ⱘv+ Υ;J!PC"tUt/6y^>SM+^L%{`J3(=g++ؑ*wag ሰL7@a]M⿛Kv{eI#-+}72St1TCCe)·쑅9@&F|9AON*W(9mn}(BJ WdZ.z&4 W{ cO;EuH^ `O I|e2.8{Q)[s\_bs[a#GVY>˗<>UX̶ΫMb8ɜ/"P*R|fCRI.Ed_s6!_\hL 2~9o TGO^ZU? e8ĂJxn'@r~uo8V^؊/cɬ\)yVN8mV/q'BhڋwYLf:>x>5\6z} MT:[ztD;2*:{;>,J[13DfڦApŘGxmUlzCFdy6Axa_3X[:&I-v P,[fb0"r<~7^&sgضtr.)DYb+ jmW@I Ê9Ѷ+$&1Vd}EʔN\;oF] #j<_2\+8e%.u5d̳M|0ЯޟfUP ;{P %eGylYW`M,ȉ$aov/}?놜 lWj/g7翏Xg;{{,5,~jn(b$ Lb䨬] CbF#M}D{4{yN9p̳5+E hҧ [49뮛*p5A$r=lwz1Yj*vP Zkz~EW\DlE$eL01 !?]93-'c?n_wjd;$1z[Q8J|*Q ^^P*DnGLVq*{pLó`V:QtOA'1)_0.e,?=8I6tO7I5״@҇n&Z8O'U\. ϿJ}8aڬY)DJqȑET'Ao"^XRcd} ?÷4B4 %%-)"~7ZƟ;܌3F"VZX,}İkGZ"qt8 th܈6#BzawFl uxPmZ|+,~2x$5j;AO'xu^0U\}:-6iJoh(zdKsK b [ПMB (`" rx46.D?!gOB pV Dg-~|"U A3=>+=52[="s"] N؉XJ(#ȩ  ^6̢qd+{Ȓb JX[N] 1pKJs_aST怄0x3mW{f]`gk( y} xV"@)%# J'eKSפMݠgi }35H_'>%>|K*{hv.SBzRo=laRM{/ 4dN{CkT̺oę@; C%@Z^1r0V%WWNZS~XJ-^wL~R~} y=g1+3`?˺Vq5\q,UW}!1\vںGfzvDǤZ[Cp$g|ytO B1GirEDr3<|b|32}F*Y/17A-ÂW t1r'//qmE oaJ8ơ -5.a$; ޘoWn)9zٟjBqH`J/-!K7~v[frf+(bv;+n -C>l%] #$q?6#$_~ĽtGа:aob J KЅmw XhEӱ{}@`$Xrn'q#P2/;<ځ>ٕ?A1ŻzP0yr@2W%:!{k̒׭ FtMJ'\*%lB91Nw[2;bY $팷"kBȋ~Z{,>a,;;dS}OIJ )лΩÊʙy^#bb~N/1|}ޱPÏ>iEdIޏ|0<_V0;'My]㢖 3: W_z2r^ h;jĘ{G#t=_00Q/%.UNQ\i^_: yf0Һw$ .ȅ0Rh&F5]5͏\vfF4TX\^/V) 4"V@ՔM9h=fD߉`[$x㭸GO\kzlvc?Uߓl~~ĺOy3ʒ VC:GE8xZ8C_&vfД:)*Um[{38**P4){\ցcƜB9lj_ӅoQŒ8ND?.KX|f8f a+K'5K.TJ49!k"V C 5 @2Co]>n[ j1YH[5oAiL<` 1%, 2\mUXmVvK;.aoߍv+x~Om[_Mc;??KʠOj:$! 4zcY~?Ȉ[SXւ8GKO&u\X$?yr3A!NT1}PkoXN#*PH)[<}NŚr'f'UfD%CppSkTFhVQqM0WL_W6K-aMw%L GJӌ}TCGzfalծX!wۮ^&"*U)H oyP{~DoiGQ׸5%凙sj× ,0s/YTCh8L&O NvoEI >4wHN\ӊ$W2zY!2謍jqqաx~hO8l/ڿ|@у0a@経52}R='cۗ(˻7"NۓԵU"Kk x7:5Xr H==bT1J\ax ɏǺ / 9ٌW2QT (AAOX3nWKrnUom 旈`{=ӃSZԤcpCV% FGKu/ujf) djM#R8!U,Ï80p1~ rZ;ޏHm$ #;H ;dQwIq:}ei`ix0H T)/kZ2*OEI;+;xJ< 0|bgfE"֣d68xW;\p P YƜiP0'Sa` ̎"㠫: DsjM2'zAVI' \]'.Z#"l/EfFB>q"n.{i؈c6|LMOgz\ fA70n],=JX&MR.wH5Ym/xsALa3SQ]Crdecp-a5Piey2K@w//G JG"#K3L~U\/,!ΗUFce_L4~ fԳd3! (,{|Tn=G6lfj ̉**WQe["Z?p|)/a#"n?R 餠+xT.no\ Ih/ ӢuZΕ(yӹwBl)nNx5,4{`ږ`cCy q+ypen6Fr0=(y%=kx6*:%r> {3Htw;ft#%&hH#C'-}mYQNI} <=mjW`kukZ{j3>׏W.mdc O+S-Y3135;&p+,̐ދ'WJ#gta9f?F_Cxy] l4jd|^6bż} |҆poxK^xAҭ,8,nkzckÀUb"^DS=c-Z>I=~ 1s3qvrԓ85ԩz q7$rďymo|SLO$M4?d:/[Ԉ;93. 㚾7l*VC+ɃIZ7/Wڱ%:Drtˮjs)&m0|rQHR˥; oRymQkm'KSkey֢x^8bAyD͎#f^f:(ּ8M,Q4d5<[g6 JV "5؟nL#UA U@!vgLLD0cyD܅wv&Q%-N|/Ɏ)DXCg#!_Vv4Ԙ,`1;xUf+Rwftd1Vos-Ğ5fPmƔV}p^qݓ-n$w6W ^a/vǸ^<׎[̹2eA)e&)hd ±i/tYSHAYum>~,']Wb-[ @_"L;n5}3">Oq,yRF~l:]'@%\h N1jLK!,c'@rhZU ,qT\;)ISA}`3zlܺ35v! D&ؾGAwwBۅBIi VnGޫf<~R+΀¬`&Gl="|3cb%X6m*.8f_*kYLӌL \.9K@P,pC^l.hn<2UL93mbwX;% >Ma9͙I;\ N5\VUU:`Մqj(2`pm16we70ufKZ "hg oڙj+Fa(ӂlxD?5V螹})BXOzN m{:-uP| lMp_muNlWT}$G*&DR}Pw4"._g%˶,T-(KfʸyOAmp3RuDrH#53s#;mk%4 T鴏cᐭ<)ڍx)ռ&Α)H/hNFP.buODgzC o,d NuTjfT.4Tr >ۙyաַBUj4$.?f.+mطk(]ZMs@wbXDP`MЄ3lq=?rt;:#p;{Z>oVߨܕ[znϯ饎a!&Vl8:AY01">mdAzCH5(`qF\WH} mcbZj:l*] u;)Xc^d5j َ+f``+֞EJ"%O.iG{ $2xhx{a5gP }c#U%,_I#ɒu\[[NwmNoonH$ pU@?UBջ;aʙXXb>=mNII"8pwjO[, _o_MOӠG3z\e<Gu@]~B2yFt$({SYn-/$2"x}V?]"^DI$c@mGsJ^t#0`b7!*Vg`hzVTWg!-a&wrA20 gl{?!W 9N~]tg}2Ryhէq۫ϟQ(ea$v5@A›k\ִS<3:GO 2ob 8ۮ⮋q nh_yZ>4maj/G$6iw8ecE0 Uk4 Íߋv MĆ,@ej~"h׬Oa>AAt\'̷ͶkGQPB0C/2tl\/חg)t{'A7.( 㖡|$Z&~2[[4>{`s_h+ذ*%>ZzvqZhH{<8:e3UD _\x}& 8?u8xN~Ǿ4B"%|Ez՟u_Q$bh.ZDddp-*ĝ_13p$;hZW|,̀IiqZYIY?Cʯr*Ƶ6\8/2NohJ60V Lˍ2 Կ` [v Eب ;E%jXq֗ov֨:v?=:~>#LAuc7AЍTAhNVKLb'n;T8) F|p!DU'<wI'vJRD'SLт 8H*t 쇥jz\#'<6dBA=wYݔ4^Dם[0{_kW?giƁ\ٍm!D{D(I"WQg[Qr\Al:(ňr-C(lr!+\ (2flƧTc Pdy"g&%z@ЕT(]z1wr_4re1zegEa4BpJ8~ca/ޛƭ+4o1+^+Ǹ> n::VdQΖ}BGgirxW^,%NmrkX6[]2 v\ 93Wkj_EE ga,~?3Y7@,Dy[8cҧC ,9Μ i5b%*\i*U/`ޞ KL7%F5pIhsNO8iPd۟kUyV=[P7m`̈pyb^JG4-MhɣθRs&-eb8dɡH]e]@!6% =wGfWSywJf?o( 'n$Nz$r7k 2 v]p]Cd DD95/OQK.X G +n06ժĕT=5!3.aoiAC&t.V T#aF3yadU9U[ʔpJ]:Y%-UsX%)wv{tjwN9 O6S,d CvȏrEs~" ;eK`1%Hެ^ZjO;_k$C$k tWF.aWw,Z"8"91XvfЯ._EEu)y4DP?c&hV,4UY!0\GqC]*c{(^KM J&[%ʠ0:58oS\DCEW|iw犗;NEzeQBýA;z4hH B̜~M^]0 i;K>J]W5pTYV?[q.̉8}Əzmal|47spi% .!y󴊽0uA_SjFGVrsڧFsMOi[@ms$w4F-HJfaȳn҅>z)8&Y5߻@q5Ōz^$vͽd?\H@aG|u1q9B%=sO)kg|{,VjyBrͥ+(/q>=:Lfy|ʞ2G`1tBaqo_S]ZN0*!ظsR/S*`lo6nyش,q< @EgT0o.RQ7#P ]?Q.*EV_{K]0VZS­ĴޥRn9 apE\1=Qm2Xgm" &$llրe'|$Z[B|(˘H_}+R(: ,[ox%-'Fڊ*"VK: d5@#C.EQ}wLJ@-<<撆# CK9ʖ18@ҳԊ G;GPQ֡_W܏ =0.F>NJՇY1#ecy6o樓#kbN `.0:X^ꊟ4QĴOxھM{4NM&?1AX*"?ʟjR /|<4U.DVxF* ޺8Z9Ao.$v9FEF狨.QbnW4T-s`j hYZgC5yK 4 #l֒ +SB=iJ4=ᾄ$51Đa,h_gmbLe ¨ veF7,k혬66y=m=$C: ph5 )]7O7c1A0mAx-P|0-/)(s/Z]~GQ?ëh*bw#D=$-j+9; A0MMYhevv?2w)eHpЄwKX( ۃHgd3~!`C U_"ďdݭfLjP$dE~[ķUW1FI|.HD_]! SlA=2Os;Uu3ͻZJa1D9mNAƗCܶj\,\:Uy.j+R4gZ(鎲UV_ ҚTns9,7)W>x$4ҋŎlr&͢_^;{U"ۯ>̀8ݷhSm95|̂GUU@Z@wU{!%S!sZP p1ͼzރwLNn'gH"?ry1x`"XcӚ(Ƞ~#һL]ٲlV@q{\LCi<l*yvutpzhm]A%xI1x{c/KIqrKy/'+\jUo Sbzp:q:)ڥu|h<@uR{Yh.d( P idhmοā1oNC Oo ϝ/7&-ujU;Cʁd!9vRN]*N!"'Y >p,KGQD-#ޤg)fU7ֈh=z30h YO4Fў~`Al''̻6n3&v;^:2%jh9`~aݹOڠ.[ ٜ*?~$iCh&N!x7셮NzC fP̊뒨`EDHbG-xdrk^]Hb* 5 E  SGWs wC,&Q?$Vv>"V{ⶵP(fh vH6GXy fNQEգfwzSRGu<έr҆_< Pyݽ2"I2@It3Ҕ~8{Q_RX ѽRW u5Pjgƌ*]0MYa95xm e)y!8e清PHϦO *fH$"hP[qEWݚBQ3C$慒g$I!gW&T8Mg3E $sUJBbm{(|f~%|}cK!f#_,3|vPڙ9~AEˀšSl8B2yK_R}H(}6i!2L`!b"A/NUh±ɒRtpXܐpaH+Y1[+ aHI Pۋ^Tä́ңa=OhlV ôf\6^ R*YAܚ3rUH*8$ko#W5Jܣ.%̄t .l1a-s8qa68 [ag"οy t:zEyP hȫ E%"VœBi 0Ft7ϒ72cV= N3$n%( p8*UgEWǂ]3n K:Jo[@[ڹ4kT<=*P61]!W!<{sp#Zq%_rEM8r6c`~!ff;, XvSӛ(|YGUU Sa `nR?Y=t]Za9X|/qVo\dwgY9?d:VӉ0t㻽RȄDfXȭ\$rYQhRIw)a/؉ds$c 8<(xEM !{:S8\ƅ=1o4 qD[lă(=u$ŕnw@%C4wy rN^u菉$!jEN䖚g | b R6K +VlU$!" @p[pܚ6QEZ, v~daWd݉_1p%2Zm!0Yus /~ ^4@՘*_3VMV4eORL0Qv7pFeO!K$ÑrR;tR&):B7-nZ0YCw/*ն6(#uAKfBB x"ꎏt-/^"yrVf񍎼+'O'~o2օAK N,® '[ >AThj2'uOCfPd ]0oǭvU)mB0rf ty"MzͽpZ:չ MҦ7]T"~9㸼%@"va-B#28VlZ:=u y,fCN^/8-v~尲M7Y^X`}Ųryb֯Rѩ;543+" ŇN'2Uֲȓ$HH2@㶭> {ˎRv[d]A_6l{T-W-Pxz~oB\!@ 4Gu-7oiJ4qe l NU*¾n]/k)KԱwX͏򩹮|կ@P_Rs`~Uw4<Y(;ڭ&'T0 N٥lV {[楣^= 'L.-x`v̉.n#v>6X;T̳mxoTҊ7e ʂ4.q:7EA R1tZqs[H\{ jshBWSMˁľY_/v|mN;RԪuo8 ,D(PsJiyOF#W,DEņ,h[쁊ijAHP"`mg*M^Du7ʤ(ESH_N:eRfgkb-HH6W7\ywnENb]]Sd\-]~d-Ƕ{χogu*T= U/͘£ ôw34`7yZbksJja"WfpAPvQw:vgsM~PaA,/H(QN)NҖJ-i}4Tl_v{gpʤ\'L7Qb4b%*g6,1⍐f5 /|4`*S&Mp,H آʍFӴFZ]J:5j*/P-5%OI6UQ cC "BVX1`8D5Nqa|}8Ue6j8z۲2DT0{uFPI"537]/t))x9 |vV& *b :v_@~ o[3'gh޻@J߸$/ ]*Կi`#}=yB2Y_QMwN$7[г2?Y8G.렙mo7`mGc;3 މMReLg,n,S -3{/!kvp:S'"G".U9}mI#;g[mD;̜1-sRQa f셱t4Yy3 E~0s<2zdE>"<-gWnC1RK<|뚚 ZfxŘ{!DߏO3 Y XT0L$^I%L#v苭f#i"L[ R弁uY/C]C|۪q` |ȊS z {΄l0YcwaTSz^,e*0Cgs,ç|<7?o멋N"Hѐsrq̢f0sYdiOFw4ԜqٸMܜj6zCE0߉{7v9` M\tr؂J/[ ¢uA.Hc X$Հ8>C3}6I@~Ȭ1?,h3uWg b [0XsdjX&hAQ>q)$kn#L b`l7FWF;Zxh¾^aξ%QHNTq=ܰΚ|=- 1$P0OkyFEƉiIz[>X_#ҽ$| P_f$U̕%t-} z*F:.2Z%gsmˈNw̺žͲ(fY"xi[Ӄfʟɡ\2iA6jKH1DaZ7ZXRIh=#aRm|(A6gïX;\^(Vau»pKܡ˞_l*|NKϳC/uxNCmA-":iQ|x'*X1Ge!p1|f`E8d-N3ٛ^JKYܡ9Va\*ý $q~i3KZ_b`}&Pճ]&}}xOJkO-~rƑ]ڈL"`1J;DO:5[lILLנ[RnF'4X6嬷]յe2CxH/vUF $#`{7O|ѦZ{͛6>Tnb md>"I,$׹}/=36mPQ@qa܈գ+/r᫵ڡ+M}tS^tÈ$:ģmNfWЉjL.U5rfxQ12b -.o*Vxk&t9E{_l8cܦo#$Iv0ijIE] ?쀭GC9)%2*JqAnbK}A'{B`\7X~siƬFYP4˺X9OP72p5$G$QƣڒKa6qnl#Sm+7]UڞsN8pBRr>seҬ^MYLz<.1F,H9̝Y!wnwA;KY⾡C-?E/{DTd?UO/!ߝ׀аUik@IoD6\5Wd̃mHQOG}L]G+:?eELxxE'eDg2ˡ j)(] dsۢ?@IwpkW" ҬV? x?U%_@'6 X,EQe؟Zʅڞ%K&ě<Url]<_+rcEܧ<źh$gЛ6PHB>)<N@F75P78Cp ュ4p3&3U HF7GKHDg"rU>Ş 3 !E Ex:"@bv5Yubs],472EMTlaBcڃ2ִӖ %V(xB1)qpN _O#.߾)U1 |śA[\zU]S@H*yjoF"U,8( V^q 録J\'E6+AVTG]R*Rcp/$3*֝e4jev3Qг<X㷷<Ϩ3?>KV3e6,ﺝE$dAhzKx߮zf@ç+}4Tg $NAMuFR#B ? ra1ŷPޫc/FDSuP#yZ$Mh_J!eX#3}x#B _B:P|ن r/ش w~0;P./ũsL WU Qq/ `%=$" +=C+d&:t@^{0 GZ>.5fՠ/T%'7,m 㙬MYeCBUZfxQBY8O6ȿ&%-,dUyςD}gUubwjcrS0P5I8$>n{X(Id}g6(I2~=",ѱ`M01Y9:Kys#i ]GܲUR7b+' oGۚ/㍀W7t~5HKhD&7OPD7+] h :混 J&䤬U[$E݊L+ۂa ߭y4l#(DlXJZ2dv)Aq9Z|Md5"{CU֣lGa u^P9Wa=J:<'C ?|kW_e5\bT @b桒a&k,rc[2=OxhĊN#'Eɕ4- 31>!`49ּe,o]aIsmF8!>J#fWTmf,*e#Rp#bf)$IfZ拘hʝWxpwF+```׮OA Ą@.}N*,SS3d!#YN6̦Z.-6X 0Yr'kqI.$2USHѓqĕx NjI ڻY4y%LP))?zfkLR;}Z8օ0.WW q_4ܺ-9+E_|h_vMV\ߕQ1q׈dVZ-l/@GP4Q)2{#kS@ GM.J[>Ul@%7m,WH\iNsyCWoc~fגHm'eh$ |`i|i!jّfZ)>E4uc;,Cj@4nboSXlDT[ jIZwx͙d#'&(i-=or pHo,tHU62JfX^A_vזߕp6LfLZსPy=/좎E2xj@[*ΨޘIv pϵX@[Sge$6t882ʄGB_Ip=jv=0K1ٛ XsMD/_ ~(e rcCg4>jcv!7e _"$U:@ďMFf̧U鍒&?a- 7CjO|X& I5Z܏HݢL+3y# _lO ]񢒝0âBɑ !ݛrD-x Il}!\csY>?M(!gQR{ڪ+M%Zb,Ї3AZi*שaʃ%O▟Y҄Œ bq\@4==d[F'ݙaU8^γAϔ^]'Z99$IӏWcL`.V1 !vYmjV}UGi}OG YM!+v1jԚUdpLg+grKF:p'eʩIxNօ3|hzYMqZV훰hވ+ܩ' Ƿ]4d诺`~ af57rw1Nb(Jx86`qJIe.-&k=c@PBa +#MqQ'hRrހ~F\}_ԛoZ^( ߻:<-Me5 X[\3[?I1=ޑDF 2Gx- *rJNxt[?/MoX52Wj7|jU$h?ɌDѷ5WCTg!]^rBu g~\]_\6i)m-3Yiw!prX@~dDwo7Ra :+q}7lBj{&I ABAe&Dc €n=LGo^{^Fmx1%òikI%qkS<.G155P)1|:I c \' ~%,]]:Z75g`ň%#d$~6lq:IC@J"t K`TdMmDlzy|i0qYMʗS3YH-Xq^hNu}U^E4EYT '_plo߃5W)|z`f2q%  wg{MxV me&^St*W[\J4Cxd1o[5E㴕%L&xgv%Vŧ8]E@$P79 6%, ohni[cRƭH brv46J\k=%;0{p`d&ᇑ - ˉz~v/In8QAIj]wMEFrl,mhU.w>D*&~8,[ Ε{@ u&Ncl~H}o2<neS,I05Lk~D9@EAC S @Պi~QG)dK "ώX'=CјPfI !#B_?es{evf;NDSFr`۝X^]dmCXXzs]"ʾUwQVP̈́w-ǫ;,C$# 2BxO!N0dfDHtr`S@QȻe,t.q#QBM-Q,lɑ.\ Z>9x8ϷW1Jɓy|p!"XEr;Rfq(uKp+ BT=L->JY02;~$GS!yLBژs_V:s7upqxדʚ2nC΅Ȧ^0>kς:1Pl8|#!{E\3XA A T {7FHa^&f N( HUU,vZdG꿷- )cQy͢?lv' 8̟ఋ48>|~B%a#pt8#Y5*㛾~w\ӝm O/EHRl`O3LWF=arjֲTyOJ.7t'?1^OMN~Z_lzE2^T,{D>gDrq+H".ǧ`ACBzD#bžcr&csqʋ>^$HR*CPqkz D/"$n|Zpy V/uΐ񇩊| 顽vQ%^kIF<;;紾yunR:EWSm0]i%{qYFQ|AKwYuAFGOSv󋨻z-ԉw8}uWQ0U?|Z!節AhN_`)"RbJt|`P%F)I(vم4H ]/aزt-}8v+Dg>77?v)M%"%Hڬʯ+a62s{:H ̤V}HU>' \''rՄ ח.\V̈ ≯"ءD!aq|%YZ=|+{OzGt0v. ]`1D4,Q@7CNGi}~2Os 3m!d|p|.o3hY92df!Dz J ΋s)02fl dF|V?ej䜴&Э`kq]dxj;|ʇA؏?Mz(I|Dz:jßwCݷ6#F%?ji e[W)I_NN_v=mUeݟ!z(6̨-r&|4.YW>B~V]XK?ūxˀ=펵o32LK k_ymp;8Kk70>g СaZ>lVz!׵?z\|r.TFv{a`:WQ ݎ63艗ҳ+1pYʕB5mΌ~g]Hoϖ/#v6M2JnUfx|u 幊EiCyyC8"cr Yn(j!#>Խ:E&!PQ&!I~VDUM <=?kS Y #5FԢ(`L-_cku)P@+X]qXZ lΝ}e+c,ڝ:ѠT:x,r*}ȅ䈺 |'3k?#F#+=] l=%z)9,Cb}<VtĮJ$Ui ѳ!@yI`hƌVs3 mpz:$%dg^U>=P2x*Y3A%Y vHaF$iu:wv,꾡 4<.O| Nӹtc1xWdRC'kSRk֥Z0׎TB(9~_Iv$l8V{$ /OONI!Ogk*.|!tY^Zu{M' z{sVיI  v`$yXSn.33M"z|x8:斌ۨpy@G f`L)Bx^y5 )(I(1{_N%u abh'Kݩ yw Tr:1XT92*}hêC˕z)>gA =f~` d@"8xa G: ~1>,w8mzNZ\_‚ENWQoqsϒ pt^ OE2"&1':wL`IGT,,9HdDB_)RԬ*ӁΏCFu );PH1%:1gHX/`MW?FζM&ЯC; m^5,_ amf)-@FPY Jr>&@=8fVUNOBh65Mt>#mnFdexs 06DT؋jy+ hב6+Ra߷GND m4[gC׃bL6&iO̴UݗPX[ɬy#;[~;S| ʠG̪S!FAW%Xv~9 \ݣ8^AǸ/FqaLyJBMV>`,Nq:C5z Dx!I71W L vi3ƈaXHHi]L]uV/]y9+ xgcǷGhka+3٤=$1 m6񥺽nu^uflp Vu⸲ iHe:cjoχvLUNɎ劉3e!ЛqEU#F~M9$mP!*(߽K9#|kS!\_,o^* u#jF1ɞ;b AwFg?7<>zZuUvl<C`J#6 E@6iT(g38U'VLjx[;L]n:(I=QG[uC7wnUQ>- ލ2;Mf3r=~Hb[ 8l%c{=%x=cznn53L<{4 sm)臑rrE|XWgY0{3oaR 107CB^3v%-=3 JU2ĸ_I,&WG'aS,~kױݲ[AmOD*&n`!כlܓQ32 z*g-8Q0fY<2=94_6{`Bhb{&\] => 駅>;L5CP;3u@>)3YY h)QwKŨ5ܐ1˱sPPǕ2tV|OK)*GdnTC6&ppYdd؟0Z!In]0!b= m%->J۴Q-%Zxง1 Zr$̻+M:\GF6 GUlS3MT@*]I9t_ #P_ X e7yS ԝpƗឪjT:q}&+֦Ji-zB$/W Ȥ)w{"a/*Xr([k|}zN$Gۆ V4ZkdIzÛ00%uj#2hk8"sI|PƧ}Ͳ Dv'nih;aϸv-Bei $Ћ+:9ӻ!'/2DO^v皫o:j˝.h$_P/(H9Vg]@! OBE]WTMo),26VA6|DRbl_^n)Aі e>ชK %ϱqn".qC@[Uwyq9&_4[ƫf1VbTJǷ *~krAjp]3 $H.pR~z>\OR HV"$2jD3_UEc[ߺX;sC<;*2XUz~HD>xQn/&MDaxJOHiKl<#n# )dN(IHGݠQD3Qz8g5zsB=sF1\Jz {d]V CӸL'jd|K>i,ƭsD0^JEߦ% wL jV*%B#IQ ,68K7b"y~37%ǯ 5tUYSa~ΪX ]/JfJՙ=Kf9 Ⱦ%:&0Vו!RP)@zKgnaO f1Jt$WoX>12PJ1_ oFVP6 BQ֘Lgʥ/"/O@b6#']Ԙ rԸj'5p(;גX&5kh{A#J*ɲ}$⃝\͒mwV"SpR{`%= ݈juwu/thW3j'"̠Y'f7$bQė' Ճ\]?mlAe*79S"_Vp]&=y" zSr3p?ݛJjK&OG5؃4$<5a1/1CF  w׭u f-2bZ,zo z3O =\oMuHʶgkl4}$2JzMFæt+FkT90c>I!m7$mNutZFE]zr>5,s;"uvf/\Gs` _*hU /k.}Y;䂅+9ƙ(t]AYU%[mK.ؘGOoUBKpnQQ|۸hu̎5<);PPV G,Z)l< l1kV˚KՉ0%t2@ BGPa :1[ֿ6ߢ^Zh=gԲY.MSd4#~|!^aP!,N4ޑ빒OQGT&F r<ޭwY]] CQMؚb1^IgD]Oz^;ՖgTXjԖVAywu&N~f}bNY!+5+?T@D-tV"!p]'vވ_`6?UFU5Ae3#T,;d݃a2##ACߠ,C{ȷl{ck{Iph]wd#t~az82ño$6fMTgӈ 5:"^hԻv {=kM!V2'q(o-ڋ=A@5m46vK)*_ IcSm=F5oA٣ e3s(Xg6}eR6{nbbrZ;V* Q>V}q79WXѨĹ< ϙ-)ݿ_{4{ER%hBc>@jl`;ǏPs>Bs\.7 "`Δta$@!Ra{}V1XIê!B 3H@rZ_,\vԭ+tCJI?./{vL~nѮ CD!B}nab;~ H䉿)6҆]e({DȓC1KX&N VXi*[#6K,O0yAIZX4KyZ gGg_/kCɋpgy`: FQmw_,Qlb4>tw+3lҰrNJ& bZ/脷 q_}N^O} JXdTE%1JKw),9 )(ԫryjY^ +\fЛkA'evJȩN஭$/a'x'gX"Hח<+YY{K(W$Ȧpx1Q|lC69æYGr#La¯34ne÷ˢ,*qFn>{F_`Ox|\!KRM[:mcM6#"k+qC Hܬpi)cB| ˞!PwHajԶ"cIKe3!㣤KQY"CǬ; ',/d Ղȧd!D$>[!idcM꺺&AX8> 5S,d@c̙_ExC^y<Iq%ZI&L)9+'G窥$a8hC%0{5ܬ'7 )28i NF(DEic_)RGWrԫB]l*#dz,/4p58-a8ZUqJe|Td{qE/}ʳwȻF_qL# k2BJ89<ozE,`O-Y] 8P.BOD^=BЛEvMhO#Stfrkf[?){IBn#PI⽹yV(RB@7>S{gtz0T^sEq.TDgN95KOqHq;^*Lkz?ONa lYH̭5P?5ViX]Z#]a~Lb;g2yU:Vfwob>G)UJd&si]8g_ i!RiK@5)IEXWpׄ`Dnv8sCMؙ?8&(4ɾ%uIA;0+p@ Xs.8aC☱κ'=eօ*吪z2I͉+^UCpg09nfv/7q}Ph%ApU܌JS0))dQ(%cnzmM[uqW䢣jq1z|&GbPo 'В̘R;kS39CGUV%ރXF S+sp0;V_7ƌD#/ \)ӹT_– N>msT=[KN+Lm[slOZ{?S7:]cWriz[&'lÈ]X J|~?AH{t7h8Ҟ+ ZyŸ\S84~S"m> oi-򛷌.6n]}v$BObtQY(ĩ8f$h&.M|NԳ+Y ֭2,fЮˠABh$)=$sN62X"'p߳;%DÖ&)A@!"5#KjO-]{.@ $-f}*m'R" i# peԕA<ƔS7ޤF~Z:!wK2f`1d[q?I`y^iGmiԿ?BAE43lsc7$ vsDzf (D7nC"9abEmj& QU(1|,6,Auιg5,"m+򉏻0񁦀#xM B1~zVO!7y[3jIp`Jg&h;Sbexg[ld>E yB4$=G=O$I.ea+ [lP7HZs<ۿD|o1 ʓ @yNm5G,NSMX1~TDhGqބbhd-kY-ob'[ %4@>q2Y#]moU9%Ŕx/ CW}֩i6rVyQ|fxL? P%dĚ+1m=uBCHlX(8Zc65={"\*qĶX66گh6RJ8~ @Hhe&rN6S綃_KR%9_P5b(u7Y|⋂zQ%=Q;\e0]9)eOԀ.G+Pc.BS*&^Jj7YNQDTbFQ"QMt fee҇2fܛRт @gMP/l,-PYU`oީ9FY["?D֜~"ufitœ[\sʷZ+qCtcI/K+#Y2xvoh]qji &굖o$볂V^ǣlMP?Aw[@ % a勏h]4c^E;|P8;G^|J=dk4a7!l'bB{78x?>I*\6tTg I9˦ G4~ϊ`,d.mOs=ϼr;/!!4Cكqi-E~}1H+]/PFh#lЅ?XU00{dV@ xW+hCUM!EYR }MZJTXKI{CP+̧,# XuL8=7\t۹ eRqb¸n 0m̅ϭTj_=sDߐ$շ Ήx(SJ#LlzPy+}r|:SC5W?=Gu=S7X 1+2F l͊F߻jd+t-C: .ZҠ׎0*+tc-_mx <G&TWXT2vٹlܚ(sE̶{xd{/]uAW;ݔ#N\+9]ʧ_[B95LsdfsA1=%WRH[o.9R qל|R>n4lU=Ned9gV:?a<"oP1 BaPE47 Z.vz0~0WMTC,,K%̜BfzÊ0J\0.n"9?"j,,ODR,+[ZJ1ڤ\Nv3+)$nM* =hy'`"!sz44"-~8,kձT6 ~ cVmquNjԓy U#OXM˅0'{u GSzX_ N! x#J*P>k#*rSi)S;~)# _8Ό47 #>䓤cB<&ӣBƛAI=V*A SV%#J"JDt6N x(*Exg^%$dqc1Mܢmc]-xpV@dSN)CHiwI|nIbb&eP\*jbFG!͆699M:M-2>@GQ}Jg4[&I ;k޶!c"J7kVɁ\9<gkhԯ1J3iPQe,<>h*t **Rd.?.U4gpD `C;,VS|pX> /4a3W.W)c/f̽=~^g_*Qk.Ew89\x*5oljgIJۛ5.FLєۙtWߋG^#մzy. ,Q?v=x7q^)5@I6RmNh廜s<7>ӓ9]C7QOZض12->J#NPY.Iu@/Eh\x\f'!Lc4AXAٱʞ2½6{![] D.ՔCtAD7ַr(Z$Pm*0:[;`I#/)}xT=oNpMUO7N'&g &eݺҰcm(^tk9޹% 3( 6!zKsCNtwF#4itK~S;*IoT \\vvЍ-(Ƣڑ)CVD̝D51ិG7t]YqS":-Ewڰ*b`O;<#E*6<>Q|"DIxAJԚ S,o1j_> 1c>`=&$b[xCͻիƠ68xf\FTT;svz׌;83n|ŵC#<ױ jW"OYD\nNlI#x4QoG"c:hoYJtS iz,VBdqbG8):n#o+RYWjQ LbӹEa^WѕbvLdۇ)Gpۉ_ 8`5w'i{Uy q,)='˽ԒgYdUm#uT"2`rPlJdR prf"Xm6Xf|%=Q*Ãz yGd٘#^E?WZ?s)F`Saq1|1q#BbpfBU] ",n m}lۃ#/iPe9ϖ>s+ bE/)VE ?CZ~#dKQVH.9cNMsE.; ͞9P(t ƏڎC~ ꑖ++bn!r5 F5ɝ:ĸGQ]b0O(K,Uds2ojiش^ҡG a!Y_~!5kqÃ2i"!-]#b5]r'?ɻ0لUwW! 4Yg|ߋDz2u+<8b9/^ʶz:dxȭ:u5wР >e}Lf.# 8CX+8m* hu͆v>45?:&]g31tz8-#*xy4ߨf iBI۰i"~ݩJֶGSʽKcaK_q<QF#F$튈krpS잢mXAܝKRpٔ(X;CmMH&b&E藻;MA UīVV] #%1Uc3 dϩf#~OKذ76y6R-DɰLMqK=ReKF2n)cvUOB0jztzSOT4ӹsmd!%ূro%0 YTKdCwF"f1Bu˭5wf3/· %WQ.V}Y})4 >6SØ~aW)x~mԛvi tb݀L#bw 1a% /btg^6H@sG=w^1G,܈9gv]w`\! -N6p ]u tp,:/ ٘hP+!]ԉ\|umVzp?lHY%0X-TS8MBOv~*GχscV ͌.P֊U! #.8 |lzbq"ZhvoJzFޜc|cW6rm$ f)O5;rBB͐tz"z6{ L#_%N)~6/ ^d9uAH}< 'тfyǤ:TOD nsjvX!2rȌqa^VĶro Uηd|bIR[g}-"G4&;(6L#_ka{_iZ@3/2V8ii~|IVx$\H 'lϐIvcT \oƓ:=}=rb *{tT,RlU) E1{bw\$?$(館{cgH]zpo6О}LV>.E>O5X]t!ـu@"3{Q;O_!ʻP؉;[tf|Zp}$4s4+DAg2Ehbk'7HNܩϔ 'RdnQJf &%%Wd,oG*p%lM g8 ZoPMyn|.h Ks^dQu)[TIښEekd Lb80tvXD@CO?l; @%nFAgm@I>X ^x4[n.F$lHĕ&ıJ#@y@mJj?sd4xw,fS|r q3#M ۮs=z0^F%lw[x5/yGYcVCᅎiQv`)QxmDdo"`ff ,27,ISb˦itKe%kljܘ;_ג٠AX01eT3>& -{04@qKF!< hj|teDeU4U$2N`~#MT:K?3gncBQ*psl\'(&ۍ(*!Kbu?á Cvb9S=j< xǼqO+8,Dkֶ,q;sYW#EdAH6ϹBzPKs ^Hei$'SԨEOFEj{s&V_H֒$w@7P b$\ %% ڗjSZ)e%k؊ O"ȯ"YO^gVMȲ yGsWfh5{R\ LI?Gh,?tղy}zLT+'@{{6\ -"WJC܀^*Cbא/FX.M8 z;FE2V621Z}/ӆ%$ K~,:5sKoK;˶\s_N!ZىEdM]6(0 <-j\Z s|¤/ըdahQ/GXJKDM5zowKiK]O@2>̔`}r*|xQ¦]A}(>6R]X`p}F!GG&*~ʳN 2*/q*-Ш2NdDaMς@Yh%)NM}\lOG0@ 'J+͍vAUuG^B\LAifI cilW$!rcp4H҅u |}{|-,ؘR8fmC?z^|Es, @̞wkjAw2{cX3g\ ݬ[{Cf tSЏp_ѳՆEjM(|dc#Z͖Ԗt6K!+V~fSw/h,$$@NqhV* M#Y!bʁ&YjO YZ