sssd-client-2.5.2-2.el8_5.1 >  A aU]Cw0Lh]-K꽨 MiՏ\g@ I'b)N@ֈ_e4eP(}ڍTABJTGľϨ/|sFfV8,anLyUu;'JwnխE8d+ę)_MD yM5֎&ٯ:fG+GI v0Hi+4_O)*D9%۵ޭmH|-)ܘ%}~ /ql5+[mj!:Ui97.SdB:QlhcI& dd$˼XШ.BL"XH&CZ3P7T:*CjnNT nMP!pxQ'V7{+G;xFi,ぷvU[qFM)j&Òt UGB,TF]i?bٞ1Np T~+3<RLM~" T}W.Tz am5?F-? >r.@SW(lj?,TߟR?Nuj?%qYe~' cxiX. >pA}$?}d  D  )/7@&& $& p& & &  H& & & \ |&  p! !S!(89$:g>k?k @k(Gk8&Hk&Ilh&XlYl\l&]mh&^p2br@dsesfslsts&ut<&vt wz&x{`&y{3|||}Csssd-client2.5.22.el8_5.1SSSD Client libraries for NSS and PAMProvides the libraries needed by the PAM and NSS stacks to connect to the SSSD service.a?ppc64le-01.mbox.centos.org CentOSCentOSLGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxppc64le/sbin/ldconfig /usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so 20if [ $1 -eq 0 ] ; then /usr/sbin/alternatives --remove cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so fi-@%2>)F  xxx K =  1 AAAAAAAAAAAA큤aa*a*a*a*a*a*a*a*a*a*a*a*a*a*a*aaaaaaaaaaa*``aaaaaaaaa94395f293817c40167fcefe0351d020d402113b44bc341a577a089cd1dc38d022ec5d1cffc559371c6efcbb638dde45f8d8ff9a0ca9efa2d4cdced7848d806e0e613ecf11001e4e1ab0a6792361ab41af9583896989529f88c502847a797b1468a9c52f00b34af832784aa56534156b30b9aac8bf97f9601e258cb53c2ebf54a68a660b2cc027a3ae322931d991d9becca668fbea2139e55c3d03ceb80a62ad38946150ea1174e6c3c5e4ec7fd3c948fb9653eaf57c2393c0d4ef79da5e77ccd5a3a311408540f054ab3b883cf320161dea243cd2d688a530e3326a7c84b05f78ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9036c57f43c939054fd4b831f271a14c97a488c38f98cdda5e887c5d396e3b3bc584464cc5958306b9a88bf08a3a053308863e0bff48710bff2acb2c490064f48b91338c399aaf78cbec6ca59ad3ac833304b588de0c021c0030b45bf8945f73e3164648ea7d353bdd42f44fc79c15f29c49b6177638a5d6faebdf01f518719c5743047b59414f7c450ebc10e24a045d3346fed9957c96b940d19d70802d9a1101d52073ef9ab08f3aeaede2cabbb0f287d150fc33ac913cd2f1621dd9b978bb926113d70ac68f003350a01397a6e969ee627da4ce52173f82679af52b1729002e604e5897b369e7389d4c1018c710ebf4fcaff4922a8abdc3aaf0b1df297e4b7c2910c91dc3c719108d764b14a39fdde079ac40c644d206d4436869c47481998637d4b345d603e012f724019e496335da7bd0f4624b242ce86f136eb147ba17df3../../../../usr/lib64/security/pam_sss_gss.so../../../../usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so../../../../usr/lib64/libnss_sss.so.2../../../../usr/lib64/cifs-utils/cifs_idmap_sss.so../../../../usr/lib64/krb5/plugins/authdata/sssd_pac_plugin.so../../../../usr/lib64/security/pam_sss.so../../../../usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.5.2-2.el8_5.1.src.rpmlibnss_sss.so.2()(64bit)libnss_sss.so.2(EXPORTED)(64bit)sssd-clientsssd-client(ppc-64) @@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/sbin/ldconfig/sbin/ldconfig/sbin/ldconfig/usr/sbin/alternatives/usr/sbin/alternativeslibc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcom_err.so.2()(64bit)libgssapi_krb5.so.2()(64bit)libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit)libpam.so.0(LIBPAM_MODUTIL_1.0)(64bit)libpthread.so.0()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_nss_idmaplibsss_nss_idmap.so.0()(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.0.1)(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.5.0)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)2.5.2-2.el8_5.12.5.2-2.el8_5.13.0.4-14.6.0-14.0-15.2-14.14.3amaa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.5.2-2.1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#2014460 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing [rhel-8.5.0.z]- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/sbin/ldconfig  !"#$%&essvsvukukuk2.5.2-2.el8_5.12.5.2-2.el8_5.1    cifs-utilsidmap-plugin.build-id4ea64468121006ee8dd03b61d0a27c37df4035ab664c700335faa8142724cdca89d286dcab2f0deebbaa5794f85a84733bc60c737095d57b072ef581f285494c69e73ae88ff7517707d95ae47ca4f2cd117794783912ce6db16470c8fa536e33fd2f6dd8a7d41bfd5381fcbb1e66c85b1934fad9afc602f9fcf50bc80e299971fd6fdfaae5082944c3ff6acifs-utilscifs_idmap_sss.sosssd_pac_plugin.sosssd_krb5_locator_plugin.solibnss_sss.so.2pam_sss.sopam_sss_gss.sosssdmodulessssd_krb5_localauth_plugin.sosssd-clientCOPYINGCOPYING.LESSERsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_locator_plugin.8.gz/etc//etc/cifs-utils//usr/lib//usr/lib/.build-id//usr/lib/.build-id/4e//usr/lib/.build-id/66//usr/lib/.build-id/74//usr/lib/.build-id/81//usr/lib/.build-id/cd//usr/lib/.build-id/d8//usr/lib/.build-id/f9//usr/lib64//usr/lib64/cifs-utils//usr/lib64/krb5/plugins/authdata//usr/lib64/krb5/plugins/libkrb5//usr/lib64/security//usr/lib64/sssd//usr/lib64/sssd/modules//usr/share/licenses//usr/share/licenses/sssd-client//usr/share/man/es/man8//usr/share/man/man8//usr/share/man/sv/man8//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mcpu=power8 -mtune=power8 -funwind-tables -fstack-clash-protectioncpioxz2ppc64le-redhat-linux-gnu directorycannot open `/builddir/build/BUILDROOT/sssd-2.5.2-2.el8_5.1.ppc64le/etc/cifs-utils/idmap-plugin' (No such file or directory)ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=81f285494c69e73ae88ff7517707d95ae47ca4f2, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=cd117794783912ce6db16470c8fa536e33fd2f6d, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=f9fcf50bc80e299971fd6fdfaae5082944c3ff6a, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=74bbaa5794f85a84733bc60c737095d57b072ef5, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=d8a7d41bfd5381fcbb1e66c85b1934fad9afc602, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=4ea64468121006ee8dd03b61d0a27c37df4035ab, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=664c700335faa8142724cdca89d286dcab2f0dee, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix) "+  RRRRRRRRRRR RRR R RRRRRPPR RRRRRRR RRRRRRR R RRR RRRR RRR R RRutf-8b793df1a433b9efb8aba53367023ab2bf45f60e89171ed61a7afc92d87af4eee?7zXZ !#,曁] b2u jӫ`(y-$so+7bla|&gN(8(Pɣ/\hy lO$Pqy:{;z lXw: #2t*yFiSyxXb1eӻTl W;bpt-2FAײi!pA$YFe1f0r4e剋nβ=%MDwrV@l_5 qZa6;2qܺg|lɫUs-]o1ַ~MfPrs>;չ&‚SMZni*.(sGş-Ւ6< zn@]+zÏWvչQ[E5;zHUTrvBƻ@;% XVMX8־C\u'MpޮP`/y=HͻfBL/Mfgbjv.8X^bc/%XflZԑZT+nϢIK%UX.;⿁d83*oގUkɡv \ʦcSbpjmi`

ٰ9H*O70}4: )(VPɠ:]K7k#qv"\Ŗ ѯƋhR*; Ecb>씦p7$ਞD?^Kv-͂._=Z;y@_x!'y<,tua熌]wjP >f9fێAҶ#/0%ɦړsV?BǑp sњng&Z5P\I&d_.OY*TX/'6iX4K南ާ7Zndp0=.a|W/ Zɾ񧮗`)Փ~N.ﯲʟjl \ClOsl+_Rf{&QsQ_E6Fvd06Om/zoa0;E)p$NAQ? U'"$E ͕mk4vc&ͷ|(዁#1%>ՓoE= LLrP4بO _;J\}PG 뺝NWf?$/:\]#z{ 80ؾj75_k{j5O>)z]T%G&|5juv`Z`88v4PgkjWpى9]f#7wLfl &uPj nF WGt)4qi#x~X1ԯ\oܲI> 12Jf2EKq*;@>3I)Jsݻ{.^T 2lvP}}ؿɿrft/6ZmM>]:n/aOE>u!L.VE#BlV$S!*QT`#aOj:i2 aWR.F_Tsñߝ<}u\wg}o O6IO\p$zpZ%HGG Ҙ? Tq&;)"`+]*vJ3vx$w+7qk!HpZ7J˥SUGK/7/{[ݽ3  Է5rhåk !&?:h>o6PM^ybQo'۬<ͪJUl>ό}2+mql0w:$g&j\n=\slf5A("'14o6EK|kC8&v޶ 4~\ܾ9Sc}KMicT"7Am HiXI(( o!ǮܣibJ)"ܾYך<,*CIߗ.ӈNbj.3v%QX7y/FV]!eܭfQss9 Ց|^mH#"PAP'7(U*ǁ`XLrND7/^4Ri aaq$N'8hr%\t_wX9$YB2siN¤d)U F۰fy=H2TҲl!5$;6p~KPփ~; ۑ'^X9Č=j>2p9z"AR43ı8pݵ;e7 [kZ9:-`vKwc<ӈKRFk4H{Fh^^;&h"K^qegn$?C/2c㙏(.oNٞTAB01|el|e1`o)೘1bYW"Ic)G=i~1e&pa*/Oyp(+Fɱ{BYZϮCٳ9QLb6a˞0k PNH 2ʞS?zDj4LšBaYGߠY-1Rjb}:% v?vȦ/Pec))%ZM0N/Q(VJk 2}# [̜k=HgGj8 F G}N]LΏt<|չЫYl$%Yrɑ{ f7,'#s=cQ43dnm eZ&@,!(yqr ז9ش^ m[õd;]ޙAl, BXݥT8C9F&P!OE 'TB=K:F_3/2g9czDXVX%z\H9h_4ڪ2R=Eѐ\l7YؖoVY)E+# ¦V2Eb48C!2&z7>g?8e3LCS?T߾) F FQf}^ǫՙhe5[|pUFHܮ ov#cmM3'rmHUy0I80R`zzsxyQDt!:uVu:-,_8+S̄-˕K;o2N5*C<@܌j3w8'eC-҄qwH?Bj*Y&]aulJFMLvHv3, OB|IȲT68>|]Jn ե6j+;cfbo.`Nmz^ցJ:RDSʼnu-ޮxIavPr-C#<1^W}t3 m2u_T0_sBp:ϭīlO+|]I=^y).cLHjcR_tNe.iOEKŞ;XjHL|ut2`kg,ݰOtxVw\Qġ, op- B9XҐ[4+rd6gԨfI(K1\)`4=2ױHR2ODH#4@*qNWe:f{of{ !;wCBQi*HE՚4H`{eN Gۋ݌Gb 6t@_뿍U p2~E 7犴IFAY7|-($t.59>&,pJshh @qN֫ b](6xa0D< )u f\@X]?K;0a{o1g6ˑ$C>mXykw8On^+^Gj쵶Q3NT,ti魣bO;-tj0 | N573E~V3DW}>#,߈2GC8T2`3= g Oa$=ϤM4U^$ZBW1g[<a{| 0^HxۗOݢ+ڟ~[ '[4qrY/cR;Fh&l1,ԯP2њʌo 5&SPgU3[4j@*\K׃F練;J<>D0L=H F{ض´BR\qp3-𓨭մ0puFJ*!G@pOb[ l'>[G)yoY ^d>!Sė=ʑ9.61PxmfJY0D F1E:9 ;wPEaC4gI4X~! S& hY@vR26ORJ 1mKӫWW3L_CóRT-`GOjI`Dlv 0#)H)ZQiشjΞYj6:ou4׮fNw'& XU'66>(/dN2rKz]7% {~Y+Ek_|U\t⻛Z>I[?VC G[E/5@WNd*'r$cH$p7׻aݜvj`KЂyJ\Ȃ߇8f:x)\2{ 1uqXNw~Ě 8gR8:0Qqv*I,2 shi4]UAT|6JIAq=9lOK^fKHl"_Y~_~Ĝ yK5ؗ!e/z$8$ZdNݶ,ڙVœay%rdUR?*b2q&4QiL e/k+ö}pS]tVwX@z@*Y~'8@ZM(A:#wIO.i:\c֠Z5z<0ū9_iGs%Md˜m323OaQG3Κ` ͩJv)6.W[{ +(=lߕu'ma| 0*EF]v0*Y&F[|,wk!֔\]! rҽY6d֭8 /{,M~֍\&W-ڲg|LDɔ+]WPPe]ǩ 6ҩ< ~bVw]rM,vj<"x{b̬`fqrl|+8/@++{G`=Dac:o+Az9ާT} [lTҐ4?2^G'FޜP <־òieAab W\>,!ELC]1YSDBa0iX.@ǀTivXHճs82 t† 4:OkÖj9S3\&y>sb!J2ᬪuh=OKMɫHm5Qr{lNiPͬI("> e fa.9r<CbӟdFM%nU\I#UYfKl0F8r n(bLŸFJc~^ȩ܄#X~c.ĢAvU]tt屧P5pȰճyҝ[ ZqE4S΂k*9&N@Wܨd9ab`{ lə`Ӻ,0pV5N5dB?&ݬ68%=󌠏 ApSz\9'ӭq:1ץd)<0HvҞ2nC:4Q*T4PO;^RҋA&\<>F //ŗzWzP& 87anJ+jC߅PdF՛gk[ʅ:Iݟ]ό3;:0N9Evl**rʓ~D*w$k'xM#wz⊿\oia# :gl 96Hu=-.ơp2΅ݡ5#C,/T̃k p$h (,BLF*&sϝ_5ƔdFỶ3ҬuaҼ޳yHIjT_o_wWY|?(*aێ^hJXbc#vGNB]rC5Vр;tty$']Fv2ٚ]fe{"{]E#3Ӧ '|a92uG8=zIpi'zSSQ0[h*%v6XyFu֜ ?GEZowQЗ/!pzg%1ꋒw"%ןT&?el| ΄' +i,/7jqs.2 8B 3GOQ_c X[w Jcٴk8ld^UPS<7Q52 NYhշ#u(B9JCQ<] }Kyo3( 4`4)ڤCU2O7 !GN9.ԖHYzJO  %=W)l;;_5X:kn2nTIp:k9 [->=r"4*2HSzRh>F ߕ"Pm:%(Bل_Cu!Xt Oq] uB&O֨g5OUk:7H?)]/硊uy_0TSn:%c2vÂ$P H&lyĪ.}qMuzf%%X\7\" Eccm] #yn1u"+S4_xPf.w#;wlk$jOBXׅ:YSMV8ql%'?>0ܦF8*0ZzRqvRIGmy.ǀ]`* /1PbBg'f+VLi :uv|QRe^L |S|t-Tu ʠ(c1xVC ozr4g'ʪL%|~AXnop h3\vy>9\nӝTruwE"A\ϻwGFL2O\c9/7.H!?@uBfKf Du/-g b1"yU+ycmO,k:Y F1/u@-o1^ǘ D!(Gq+baSq Ð[ɋgH."ގ z&&@ó[EЕ|r< F3-f(r֖% |¦yL<@x*Hw)c:[:r8p&w20+=3Ǔ2CXb$B%{aHVD [ݟEA舆bV# 2rcVvQUf~8Zo [z ^z;c=tj# DEƶ*8isNf9U( }gQoBX(,u*NoK6dvcsLA(/o5*17/Ov昃XwOPL#Q&NZA2桒d%_bRt><[8>p?!d4Ƴn- n5XԲ]Z| <81san>t"&CȪTg7h!8#Ua@*chLxjڢwR| )!z}bqeaDMyמ;5Esb"O,I~ &=!d}#KX7_H'fV+_fvVTd9:f"&h$^̠}au஭5V2y(89v*J||^@@Csa};ѧ]=E'9iTv{&nAE*4wT1J#C +'m=K>l4rPPBƇyKڗZP?U`Eiu}~EA0ʢgX:h SKS6z;;XbWGiNn}Uʀ8I:[=R<窴S3إSo%T2Q0N?8=EIҼOg{](#RWCґd 4f"FXsUU!%9ND;<ӿD* Ps;iPp !v%-OMBg5RY[nah |xE d? sPy_rH4 h)++ڰ0UgYM <Y L 'Bf4+y Z# ;\%lXnx!e#mߕRY*Ank所-:1p&^ (R0\ v<ʞ#‰T}OVQ_Do1+uIOER?JDLN\ɓ`9q嶀8Hu3 |0鵾i ; T[tqI-`i] _* `5wց$b3,%75kAc_i Yp9݀&-׶{*?-myTNORjآL/=*uJu/`5 4l,eHŌJ`xf'8r^GNLj) "k׋W)qh y4չ)Xt5QT6ůf~_x{$o@`Ŀ,dyѕ0keGmtnjωl{gmNbZK *$ S4,>9Nӫ/eR"ˑh֮olv_x>l;I1V2hyku-i=Wg"-5˟[?Xszlz՝e!盍 B7ҳTӳpZ2InDe(`\U cO濬fpo 1Q(\vqOi2JwYkuA:KuFSr:i7.#N`ps[S!J0=FMm ݛ^,F9@O~`Qɯn@tB7xu[~F1T0XNS("$$o{ZͿ){/}蚃9hMjHncWT\z:3Y8jG6>j*[xMh'غ֙NB[J[]EtksSCQm5whxY'Fs0?XcNʀb=& +:72B3vp0A2h<"9ojt#=_hU,:M/:|D`hD7RXUN!I5*AְzKHV*&pN/6)I7ԟu=@-2KFJͯCOwH&m< WBnBYY]M9C;hQuc{cߖj1w=3qWmkAQz@"˚hHy~E#:DAȾFE̘'Ղ4pJo1u՝|dӹwN~[D4Җ#`'jG<^=+g4'2u%[݆A" ѱ ՗Pՠ7\U _ԗwMEAy48a5n{>~cynN+MH)> 2DH0g5D'斔͐Ih/Dy (dxe0ڍa{%}7kgvaf2&ev`H WbyQFX3gFًtRr-tFne %pi(g$?fe#0m:G uޅ(}`DhNSsoHǙM6DWS,qs~^o?On gb4Fm:m|@D@WVatcOc4u H-yje[܏x5-Ms\pD%E!lbߞ:ŪDJ^S|@x59J/p`uR"rt-<ܠVG ԕ:zLB47g2x(1z>+xGéWK ĒO}-fܙٖH9%!֨t&! 5u`Y0IUrjnK+R$eT(R>'=n1&j}c' DQPLEPs &g9"\f kL7SH & c zWcsy –ӡ"kh!@vh\빃d%m7m*-oFۭ Gy hYr&pI+ wm&O}{2S\?xfeD6(@w!i2_c2T;MQ% ws qbd i@IE:"o"r,+Y4$ۛAuveqFAShӢ}$j#{2Z0FhP8C

z9޲amiتG> G"ױSx۔{_gyھ*ʚM c૧Nyr Q8xs+kt`o4g( gn25󂹽5?:9Ƅ7t|&gFKe^zAGn.k(U p?q5&9$FV ÚbjB&MV33Wۭ16Xjunh`:| "2|Skڝ,n_hgg*F=ޮ(t 1| 9#^对&q<Ѱ[SttZ//ֶ\D@#ކWc%Z&,~cl7$]{׹jc$Ӫ/Kg߭_7tv?4'$( RV*/N`"$_.~K Q*@Sc$sZ=Qd Shf+9nl(l^T=u/|2dܽNyO};H*wo|὘2`j] '|>"Pq(su]{:5 -Zڶ:/*N1 rLI۹3@WjNvn}iv>vgJ}]YDh. l'ߖdƭ>#p0 OYH^_3ѓJOHj`l'yfk[=V/BY/P502*KOG흇]l+rȿ~g\ƙlݎs3cXm-=Ĵ3ޥ^zR`ˡq,9Ir3v%d<6nx˞'nivg9pD& ލ$c[{vdF3[ydD{pl8pK`DLԷ=zѺtD:uA,~I jŏނdTTHw HNԙ|hoLtk$^4&0+Qh/iyꙃT%' V##xY^5hY;̲?x5)nQv[n P72I3&oy0܄if۝>Uh&I$#ޓT>*HQZCRÚ`*{%u5bG1#==^%e4vxɩ1uq13!@hn77x#0o2cl0EDv: 0n _J:%r}M6ld[V#p;Z*&Zs>TRo焟]A7uk.sQ_/ytfS5! 쾲VnUzU-:$(ER+CBj5焷ߊ'3<GqMt},PYt"oa?c7=MypV`t?8FF|szw]QHχ./aU21îl︰ml{D[?$[{^l'^_ 7 ?[FAaB_ڻb&p=i.TgR8 rpOʝcV:Bk/] HIX;RmewY4J]̖>1Vg3ъi@Oq1jfvV#W" LA^?  A/ʰ6u;0Ӗ3tDR|h7߲>O,;TkZd+9Y(6ȓTXn;Bgߴ m~)4Qؼ3 7"G֛l|xɁclw47vYi(Y%:߳aA מcchAq5ףE* ɪ_x:h,{;AXA("g.I߫=JÉx^-֕θvD\NZ`-M +T2! ةa>6IWwhT3AXMT,D #Uj7-i8qetgְǠZ7yzxdk>x߯SH)`\!*(4t|@Y5s6TޓlmGmF޺_!JrhGJC(Ok0t[#:7bkd t[<0e{0II RGFƌhT/ x3'usҹ~}㛽v)ˬ& iD~}U5'$'Q!|I TkxG^qOXPUEĵ#B< wC>gsm1I] .}T ܇d׼~d-}-S"ş5;RA+1_NHq TZ/rϥ4l Y0 Cަbo<GG(?ZE]tAm/Dfۅ66q"+ =\ oQZ) C>AyӍqgޑ_,ʢJ}I HoٍlK^ jzuH-x~v;N}}h[H-䵐6=4Vt:B;}!h뼑Zr 6\K1SFe1̶el5nH]5%SV4$W\j9Q_)5_N+|1⶜^*Qxg/Ø+(`xz_2SCڠ'|H?aI/xK9XEPklm*!fї(عry̮:h(F܆ŮZƿ @vc7X$%Ɩ/m|Q$14SUU*uiFMZau4:II T-*5W@ CQ31R9-\Ǿ%!B;.3奨ib)NuVJSS/7FC3b)|{M48U Zio\C@(Y~nt5RUCF@7,pguqz4 `qUn! bt;Ѭ+{^5VF([e_@Q2.J|wXW[su1yoM?Aդw!XYԅw)T{j+1Ay8DaKؕ9w\t`YT9LENnT/n\.D!)ǯEtyoC#1d^aA=p.7pR BVO1aVG[fgE{̲'ܞdP ˬ$gB[l`xT6kQ55jt`'tP+WJrF)$2ȣ5ۿy#IVKZ'P*3;S? :׻vɆ\v،CcN󥋰ݨ5HT]w0+Sgƪ){! S,N!F$TgsPE,!>^"o5qs~տ{?׬/1]@XL4oYxB Dï }ꄼ3D9pP$ZK~uD@Q+/x RB q"1ZfH/YL|"RԽD~TS`@p_rPMXZ;lĊ+}"4ˠil&&|6I~Z hhv/V3WĬcw*6-\8hk$qp]wĶ(0Y=/%, 0zј LNzdӰӣ>P-ArzOV-wJrwVi;t ^BfGDyI~r39w(? qwD]+NWZ}fo!_! :,ʈ$un `Vz9bP;YyLqujf tONq8cʚS =_tuޑ=kϬ 7P[H5KVݱ9 P0aARGR8vGyEsyU%_ؿjl% _Dj>:ޞ{_UYl?NI +>+d#ם;40tͬC6@ XH8J$2`Z;݌ܾdRџ#>D 4,M7ddgoW 0!Ao ,͵*NOj9/ r)Є;l.&V 祿qm!GG~ U]#ĸ>wۂfa!pFb-h?"Г3EJDqo'ak|je!p?+~IV/TROne/F9u4r;[W$,f 8_)EwHer Y0zEH4!g {WrjQ}>knM=IT룓PPmfH ھT;I҃[YGdEyWY3 ʳʈGřnd7'(6 XQ1Ci$øJj3NĄ>M<([Aؖ,n̤1ߑu:SL+!a8A@ؾtx\V~]ЀάUŘ8I wA`զ̊A{+z}8.Ĝ,)a%1YMDy5"㾊n7k qh@@G}nnLAl6p,|b<4*) RAb} xu,\ȶ|=/v=,';fkфKT蠵0Z4:a-b*xM%'!?Gu8TOW*!<;5#S ZUH@F G{2rNF{89ENh X[KM+7`\P"BaVF>A l 跒_'P̪fia!> 4nE鮥5)fŦOƘSx'>ĝXךŧbe~QXSoA^M+6SVOD$M : 0 yD3Nol^ƹSMcJM0Z0*6=VW\f_ОZԺ> ~BKJk_&bPi>nu)LCU#Izؤ`ԝ[\cѿ)GŦ>+ lEkM~K*0v;v7 17䱆zw~ Q~l'H p;R',TW)0AbA t/4,S$sU pᩇ@}ScQ(LcOP1/XHyW~g¤V2$gL@츣_JE +W4jy1y'S_[ YqЎUd`ʊ}:ϫJTA P8^\ҫtY"aX#Seqc/sX0rL~ZoFǕ7g@*lt<묕lgT$q7Y^TI@s|8x5Uc$NDzal/3nm3bcGT֫6fpMQxxjk}%&vE!W' ?^03x#,ޯuKf!UFx;`%iYDӷ3J.IΆNVÔ{WM-3J8YeUXc|5D1WO8's݀0A1 )|x$V(x)IŽX[с oCBRǕ"5̐[)8B"h(%x=9yF' kfvaphJ6 ָgwbo^bծ MMĚ7Aa,!P7 WS i˅Taړ0@&}ͨ#//z:9:nRBhHUQ{۶T+!%Wa}{x;o_0vh8bTԮ?7Gzo[\ NVvs>eʵg%kB[DbE4]Bn)6' p2mpW-m/7c}ԌkҭkN^|d>_kώmzѾcxJe,yqlEH3(m Wʓı}N7W7~)Pǽ"\šF i/u9  LGKIgҋQ: ]ŰI .H*9|Be 'Er` 2ݾKo9i\u ޠFOLN;^ddw?ir~MNƘC+oιpn1H',_߆L]8ګ=_&aAENGi2έG& "*_7l\,nki@ M}|PfR-e>Ua0 .'f}Ls"L"R~R1'P%,#wab9)d~rTAEP~R AO >^E>wP[1çU)\bG쳀& bs 2 :FAjͦY12])t6H{/PƜ ψ3#4XsyI;bK =u%[Q79ށd3u i}[놁 ] >|= Sb?u-'E:be`wv:%aW =>⟳E!\Y> "ҙY;(&DkC++=;3&K"Tr($cx>H(bkWH[ola0@%*-^sۨk}unKw$1)&k^TqN@Ih xPlV3vNja%|A_Hچzx@Θ3AQ&(jG֑Oܭh!T+qհ>%)W̮hr49`ڗ[jq+n F͙)ޛN~U4OBf1]G& P=4˙ϼBl9˓?;Mʕxf8:ZH4Vi(]:H(P^3zu\M <B7s]Ȕ6dLn[ƭeړњ#݅mjǾiٰcKa_ڐɉz?9H!r5'9 ,~bDގ67֫j$-sLk}y(Ͼ DϜ_DU4,ΆM$bzO,j#Xxu_@r*bM~91T)\J]OvWiރ|Zg)> L|lX򔨷?TX׈P`jpY on`YV(ק|T󒟫ä Z Cߥ`QcJR1&MqLޤ:P޽Tp8ڠ&IX3:^Lq@ߞ$~=MYhdKE #?6r] ǩkJ/}`::7h5!I\r@)2kֶp uX8k@GWe,c$nܢY f .9{Qv^.xģc&oJ jUta1◮_cڒL _4DLuKKÊbTI{B9x|iѱUWAH)_aj(e _5]7:5hGNCeA;Zoiz7.6( 5> x.D-m Р.^ۜY> }%kX- L#J j&apF(&})giyqU%Cѫ t+C ed٬XK^%G5 *0^10=<J V-Ό3m儵 (CPV8_#/Sۍ w+_ßcz8R5'g!/|]g9DI?a0jκ<nU$myhw? k]bw.g\]v5{gWceeX]`1/Lg,qA" + u{𾨣CH ]9ПzoGJr!m Hqyh YMSF(z|7wA2# B'Pgd |~I”|EZer }i'k*IOxw]ptKt,%?A1\U#T$5Tf@L⥩Y!7f J#sID5Ξ+w@;aRќD:MS~Bi{Ylarbod#72__f dQfSb5,q~1'.S09u3!K,4vK:xEŘЈi jf"hU1b1/mZq])~ݫv."PS q@sOD^LE>۾W3Ham~I+PW+)@k\sM~E>LN8/kxTӯ:eէ+RGg;Z!Mk'_[ń)%W- 'm0Y^45%Vi4Tq%@0XaG)b0X؁ٲJ3?g w*v/4jAH~!EOmWG;x ε*+edj.Fc(^^<$n r L;6J0p2z;^B͛\AkiKջMIg?{亓bںe7"!ii+lвr|L 0p5ALgKkdX&|F$YKQuUtC|ceq6/MZzPwյS.Yzޟo&ק&mtJrcCN4&,^RWfDy%W8;mȒArULx2Z_38 (`gX{wI<9-;s Ä]f<(@7Az)}i~/zE,̓@Gpf|?)_mS,^w}7^[X}0OsDmyd\cH/]KÈ-ڴe>mkeA&PK0{wzj~snh8k"""X Y?Zvf)PX~ū^WfܜYR^1 bG{`| czvc9@[EZ|[e! !|!!Zf? S+~>E xe׀RuP nLcňOp}`ympEB iNƻ*-1CG^O͍aczb4ݺ^FI`qA Nh6WؘJɔYna*>NiVCH>&\lX /{7cdyl5-#] ㇔Z._?>.Yh{΂R! A.H1^!JKus:e>y 맧gI&@^qXW bL>6s!􇖎_ 0 ɢf4YKSNa3рnR}Lyh;ļHf0x6Xq,cUg/+ (+eu'Q-8E1Ɣ>T 8ɳko\^<5Bn- oCf ꉳ.d)9Guz`VjG4D?Us{'I{5oj|.82NoC ?+9"5' 'jK8:i'1 D,PXi=5 2@U*+@#tp:\CP\d)֫Sy <\"1CR(jMH0 G̫1+ d-Ҩ#ڶ,5EL1|~&w(oFqnIh}Ы|M~lXq %N·~ȵ <|S)jmVH{wp{1)0Fj/PZoOVK (5Di`Ԟ~2[d^`AG ѫ$e9U>HU}FwLC:gq+W aKM\!%R\welrrF%Ć1Ef4r!"'. |Su\M) 6&,?҅RIZyg ) B@JNeTJ5d6P)6-&aH3nQuk 6FFZi 7 U5N5՝ $[㋶ѿ7 @=Aē ·WN1fS0ϜqZ-|w߶ƙ[ۈj&A&&53#t"vj"J·N[1ܡDRX<߾K\ 6D P\ׂiRafV`REnBAoLhst\BO?e˦uA޿",V!լׄEJؚA&^?م?` AZ^G~gp­0Q@زI"dq*("ZBe_3Mɺu!-:/ɉ8GAP'>݌:bIk[CIM1"&UQQ`n 2 jsMt%[Cl"͘bX!~k&i6YO->}jV? :c(VUqOmB;T;nzXOuhoPT#ngUf#or<\FbI:BYe(@/Z\ :8!7٣QǬ6HoٙUDH `m.!Hi|ez. 'xB iJx`Ta1Lf&R+BFmE_BFui5/xAa%?W!j\4Ocjd ӺD릁ռL˸0?9mq&qڤz[|>#/2ѢNdVyC X|qy&.[7|v Ρs(b~6h?.nU M+IÝV]hLegn詪t!D~5peNu`C^0f} `08#6l-P؎ ְ5donvVw AIefG}r=2&^|@|y cJKٟ_ a87-pm rNFȡ9^4,eCOU.dGvJFk,(ƥj2ّVz}SH\N#&eX8/3qtҼS7by~t7#]5;CoPݦ,@PQGk%Q ]^/_ 8WRs/m.9I}K K! St6ۄF:..tE%fbi5|[k;0@AAxxzp>lE2P$#O_4(iM"UfeH;nŮ ՕA<:f)ymٴVHNfgF0٥U0+õHi,{_kg :"hj qC(ƩC *Qƈi*AxOQ 6C;"-c(|Fe}uaUhcS Rfv~yh:@3$+GnLFlMU\=Ɗ{s`!t{*˜ G& z l ~VhDu$h4GY;J$ '@ }HC㤜Lɡ?\IK)%447We<E]\tsw퀮e~\L_叧ͲF5䢤Wt+#$vP`ZF Ndbs:\a1=P EW 6<8YU׈ !tAE_4Y1VbOb,´Aʮsǿ7a.ӊ{tR |=VI ݏ68qpX:;>cFUI`&Ƹ`,L O)՟J׏? Fc)`@xLfT 3-ϯ ^GC^hU֞I_q&iof gwYAfVG/kʠ^6z˲+SzʉP_7ʾI;l~>_9(%_UMlTQdgb2$kJj>ŲQ\6.&{j GR~$ y^x툈s:Q_037hWΟW$&-YEtƊYԣ a亚J2IL)idRƊc0]f;Wm$k"xԷK(>@b%7|Q+{3?[Ieعѿ芸:v#֏ە] ROMxfəs(FcLH'KPA&bk cLymn+L)%9gbXFnzSݹn c/U{ -&a2~DEAWpg'Fo>-dҬ~.#RGaxY1*(m*L?cDBۈQVk>}S~ɰ|ܽl=JMp9hg:A13֜pT[Uj,P18vvOB}l ѣ[W.3rVs("^#Bs;fp79*D(rH+ׁ\GˋS7`ml"<耱9Y|L; {EbG<!1ߨRxX?K;='5SU ^ӢK TE i5m~um(U퐖nx9 rZM`X7vBˀ\2.Z:BsŠx1Ch`՘֋|֨P־ fH-nh$eEv6M'R@cbdZƉ-`+>MTfFZm⸄)jx̢Ԙni p1?lc.kݘĶ o!& 47T\d \6Y%W`Ibfͬ#MWŹ+'=SO E;3GØD|ZN-̍Pk[cSqTd>#wNF0w5uR(/Wfs1-fs[2@N{~I B9c}M9ڱ ;lh¨Ԇ7Aض \b0DE&(eHXU@iǕ'yأl/ɯf60&Yu[fwc!%oI+Ϸ 1ѱs#ܫaK[5s(iĚGdг{Mt1@L^šSwqD7 2]SJ2̐'[5kl Wْf1WA X'>C O?Noor~}O,5S0=N>cj};a[r>md6l<$q2 x!waAQjBs cPan(16߇^gY^:o&zhEmH if 𷕪\ۖ@Z@\W0HQ}Yqr|KIUW71:; OܜnF 8wtt h ~uPιf8Iӎ[֑~]ABjP_(gkuJ 4jkhof$H`dь:g'8M;8!OepƿAu_A4),'!=CgB/&K6X'ss:78׸,JG$0ܲ1b&H>x"%'X=#GtB~XF ՖNR[&#c^$b}dlf C^@ȝ0#﫭Lr>F0HB>7 Cs뙪7}]Rx- l "lZڊu8wrƗ-ˁCZ$z`9jCmw$砅v/хCux2Ky !yg˝0 씦@:ERJ2U a0ˡG,v_qp4=2\P˒vm5A"WRX=ؚ}"/7P<}(\Ue %s&׫vpvb="5)r\P@M=]VaNQZ'C:O*RoWy˃έ6Gl,Z<:-b2U,rUFȤUi~rr-)i揌;&IJ;ⵄzs'iTEj;Qҕ@2<6Ey}PAq$\3BV>|F;'d\{Xa'(-Ua q? v{ܔu[R.s H =\\c%Vd~Cκfq#3WсlD;T>ZX"ʶ0I,VDx?0#1\sx~zC`Y]WxGۿHM _eIC)M_"jYЅ׋|' Љj`% ;pHY*oD])0(f"V a8HCuWN/|UA-v _ n̪ +$BaӥZ4}# =jQ3pX! ׇP61'u0rmtj_pV!cKMMPHe{撐pW#uh+XQJt|ƽs2T>сD́ +41;dc01lmOú1JEY-zs>,%=I53%{ Wդۦ!r=Vl罖S@`Ԍ=8}ИGMZ 1#lmGl섹]tpP+*;%HE@ModGj3z5RWf L6!(=b?G(MZ,T7`at!oZ#iLPb:d2z5X;4xG4ԙ?W -e{Vdxۭ> 8BO,TO{|2'GUuF$FִΗ :S2>\9)(?&7y0>Ȣn<[eF\&K0h)׬&2|k!-m4}8b\;VFA"814y8=cm*uP88)dG?<Pʴ;x*e R_rr=Afp>X;!_'G~h4LD8t%kCRr%PGJ _~_|AOwaGnGZψm$*2W+i۞MuJ#9!7QXWaYз>j |͠="䳕/UohU34u`)qpxfeҫG$xAuٰ᭢U7%9^8˰T@rOLd_moMKjg&0Q(Pp8 uM_Ȋ gGۚ |F&7:_himv" $455$yMyMi5Kέ!>sVBggZ9Ic{r<2Ӵ YpEj8>@d%D*"߿*1=%Zr*$U i"<:;@m,ܻnV9 +/_u,B ~a2P: P$?!$ϏYb |OJiHiܰ]NQAfoE?/YOo9dbrfaĘyWm;Q8 %(3437?;9q6>\3Fȃ+`lVġE d77 L_zKXqҼP&-lRXrx? -> lCW(u{<} o':s@&Y+Hv"iaz,߻xJ6?Ύha@?f`Q@$Tϙ # (P?W;!-&9:~(&r,$@yW5,\2Ϊ`qFwV7Ly!1ɉ.TnR2~W))" x\mf_asxIXYR$@[ R[C,kT Au_:S*W,X-v#E*~-үH*/E^.,YN%;U{eDLz{օAލd/v_C%R:]P8;AA]G t l'EƑp)P:7<{KrzU9hrM\ I]B+x[ 3'>rVt1 F~gJ-"nZP}5$, XLh[(Όo+;6ױ7N~+;3ofs'|sq:$aiB_Ļ@7TLjVC2!@S~mVdM*Y4}QqjZR:@TUKE/C_$t z /JVJ4Vƃ]$x q"]VGATuAQLI 謤kL5Z qe,Zҥ@95$mgF~|NLK =VJ~L4Hk4wq;w3FiSVPkrE'ހOMR#ken'#B]ېa6&q!+Uh-zTÑeD[ M2Lyhx_BKZN>kB.PrԹB5jcYCi}gy}*_C'^籡˛F#{db_ؕ{,r$UކR[Lb9>Zv=ڟ c_wKLr-H}~xaD;vAA`XID(N^6Bj(D6[ylMOh/~ܚK̗eվ_.ggQ\nm *63%Odid .óQIw/9CfVfeYk9+BH&M@Q%DH1.WeYci&`.6kR惢kʕ`f I)Nc!6icS/0y`Fe*!.Tu3m\";!ʒiB}nU:>1aYMW:EbEh?YG&Ox_a)%3G'JKl!gM;6;9UT!a0+5 %NJFcnDjwbdE>C2 ָgd锚b^f儓6lj|ES紳0]={s~ؑAĩl5,I1>DIЮ?0 6j>geuOU`\B`k(ojup#KE8Jv#Yj.u#qi+ XiBlmhgzQ1 [Aa*Ӂ/KEBǴKgr¡E\ P.Cub _%}[ *vދW(Dt- =G/:ּW+]IUE'ud8K H%WgTC/dd_,lO^!LU+gbo}`(Ō7,\4`yn#<b];z~{UM~7-(y[!j'8 c4I##l?Q[`B ~ Ɏ'.ӎuTE苵h1,P; X/U_8y'wzTnJ]!՚Y 43w%T =XJs=da2+k= ~Pq`K L)SorPq@HI`Tk->Q :)t+']H+P-rv&O Np-~w-5V U4'C鼕 6KI0c DnFs * 7seU߫|MWȟ%ո7Il>'\M_F.. NlMRS@f]C\c?C_Zɺc0 xO]pe!sӏ}xn>hg'mTWm}:V ^9EK-7^$oR{`]l7ď79A?b;\یfР-g^vw`e{l6ZY+.HFEU_M ̵uEG{d[P#E*{ NDu(%(+yPbY >JoR S4O_h0ifcH'?=I04>ɢ 5@XVEPC!k xyl0TX>H/阎-R3T*Ɍ4Ot]vxC@>GOḡP,h쪳93sl5XBz+^Fuߔ̹lJ>83 XJܰ~ 4 %ZA鋐^|W*J<^s- ^KD=SH"!yף;#wxȊ3=q(Qp.?ż89CDNN׳um6sj(r>D 9cNkWV\?gHC.<9(yV?2lK2FQ|kXۛTYHɱKnR,F|7ڵAXxٔKpo*Rށ/H>%FSKLtnOAߛqmbjF!6 "i!.;K3D:ɺrG]3~R+1VOi"HɩiC|wSNMw#v&> 0O.qme\̰)E8! S-2!\Ks=UvnD+JjfZY48}"93|Z0OA:y)j-rDPqfsXWWuc=Lxja5}?Ƒ_r=v=b"`œDS5O1#&}6؈OYz`We4g'yQ,ʽqI5&DrNK61tpw9)7+B%}\|NeQ$< ~JTIeT9GZVEm6v):Izb^d+X@/%-D/_@BVp8/jkԘyґy9yo3&CK  ZTT`"|8\^F \<ϗUhkŴX1(r6F I߷@=oYȺ3 ߧ"KU㢔rN:V9 r|ƈ?鮢1LB Αte%|PE>-п0$ ŭBߎW 4p9$W7ZIZ~4…:jͣC]H9\L8͖׌'"TgpRdۡm𠍁NwZwWDOD#p"jN;aȩprktd`*hI}x r[ecj+Xq|(ޡPJf[kxQE`,=>z="^ PA~b\}($ &R B5 |=S6rS*Fw Wμy jQ;Rd|;NԾ6L!\S 8e-*Џ9rCF9+f!wvpC,s]P?Hz)P8fgksQڣ y|;\ ^^}͉=ɚȓvU\+^it{<U69} zXB C"6&A_(Wf$-i~f< І:GE]z L JzafaJ/3ŪKYE =;`̤$Ӕ2I ET^p{ 1`LTb 7A`fBϗ PjaB`Y 70T~ΔÙ{al;a׍YjaVW0⩐4YvcFSbHك''EbIW, S/]NqMH4Dg-8a <^¿ᦂ#ҳm=ĨHe8}mY5 m RJ b>Fvm$J|E'>0j>tBEȓ 'EU!NE-?7}UZ3BK#1K!2wDbsoȋJ4H# (N5)F;t" ƬQum{߉}}g AҟR}F]4G)VvD=\H拏c4?Gh4i,0$:Y%eY=;kUJ)zW(5?IP+a1X{<;>U'$սײP]rKtyJ?bՆܣ#L9ٖ>*#,[f۾_JRVVE{zMtYoԽFlY{= .߾5G:ƐY$47 cOE 624=G"l-\ W[ 0p>)<5HH=/5so1"Gm{.ЂVE_=Z$eSy5eR MpEj;Mf1D|$o.4WQYcjoUƖxozj/3@e@ LuDO7O# `WUgͲLndX]aͺ&bQ @n=tpt,GR0lTOI gn %$[։zlgVq@eIM}nܢr;_M+VҜW\24QLNJF^cs3 a0ltJyۧw9AWTWh_2(o-UmW"Ч IM $`"sn<R=032-X54He J潮lN0  Ϧ%'tD"ѥ1&="<<6wmia@E[_O.ָr* HӀD렐Ѐ@0~orГt6 LZ E$xt'ЈGmc =*Ά jyu[=0N``uxFnOƬ6eJ 9,MP?.eJ X)\] )- {zDޚmY)l<$oHposMU2F:3.EA I=$̯G_Zn`Zd@iER Wf &*bYlP&a?ODLKTO bmi1W3DCe;+ J4MSBKx+ڣ :腻;Qfdd6#˯q}b rI!NVb eHOr v6*ɡE+r:@fEa͙7'D3Z_ΏrVq4[r;c֐fa`ؖ۠јuB\6b*#6&|N L\j|G;:QjL ԯv.T@dОI]bOLFSC|LmhHyq:kc6ky"9-i?Uj*P߫v'?e Ff$z0fY3/v͌ p-0igh'G{u7)lx{4X:OI ps{ئ&>bŕ9bM;t v['[cƞco~%h-%yKn*.y׾3C2qFw ńMsH]mNb""ؤtGZ _w ̢X WVD`r2)\,Kͷ4[5Bl` #fGQgE4DLĥ/DHch|T=ɔ»zUYN+5sV9Xu-8r}x~l^IHtn7p +4Mp ݎ|0U=w2,'+\-VJgOcl2rV2.T%'ro +:vGbC2 ߑ?ccR_Z('Gr4JN`rtTLRa(ф2x{ x𵘲Tu||÷t$g_ e2.}\YK wGքfzb^50x&z(VX# m̢& d˷J+bfS_ ǟM.֜fz;:!q\5kQx=W=) =Йy'tkuPIucMPKTwDvՂ#Ki\]&;˦va c9oKQ-Z6 q,_0È|)XQ;SmBC?jӜ{P[JAqcdHO8Qsek"dXTѷ_WZ7͊s_'R<.N\-TYƗ8'9Ȫ/w?9#dcCp eeY_9 -{:4w g}z~bfЂr'$Z jgzx#zC[X$>ø)0z6K[ֶ[ B'qLԌ(ӼO2'%=,MCYrIJwSǫ08R7e߆ u mnjʈ)5&`LR/0(ͷV_,'{]a~ WA `R)OGpb?!5(_~w=XGPk4:X ;)g9X5.30bO[2_QԹU-!Tg7}VVcO Ts-o 3|R>y/ȎXCyz=;s5'JC3oA1kHLȎJ3P;ڦfWeZB-y5 ,G1OMK(DYṲFBfKflR[XB_SO/"bSR w0]$/TA{/zrqq΄-L;F8&zKFGs}es8X3s)j fIT<6βЀj𔚚NŽ+0ʝ8X:`+nB& QPeJ3aV0Qy77 {Y5{>Pk,0ղ^Ytak]făTL㶀c kl=^UuG6+ 7U_A|򈛻#[BKC>gڰywzw- (K7]Gw.B1 z4)\5V#gK}PSa]6pd0fzد+j=dib!V<_N  `0p?Td{Zp@ׁBη@:EWzVQ2~X!SMٞhܡ{5{ɝBSV@*S,j\V2 xċqђl{ k2 y]oIZBx@:Q="?~1}FZ~e]׀#3 aW~PEI;$jhW7[e\~k?#э |,eLļ^C^+KNr#P4k[%"[Y9eWhK m_?ZK ᒵ:Qhc#ܶdL?@`ݙ|'*^?\WCWp%@k4;rL3q/xj6~ڕA ًQ~T{m$y>U+ʹaZcX5ƪP"wʓa8ȟUaZe%k#䡀hb>Jv߆)J FSpB mU1UwTuOތոv|63 np>]{m(Շsnš_ˋDvgGC'LA8Ep]PiIg>.\8x49kaNy-!YW l#>9!> 3S2S{:|0TppV #N=^lLRDq44I)%ΜS+'M95 6aƄZD%RH8Vӑ4c!|wnfBϺE^DCԝ-e,2<[-;HX-5k>}DXwA|"tr[2O4?\L?}Esxm ?2owZ^!E;|ɫ(l'DkiyB-|IΏ?!p1f-lCw[V:Ptx/òw!*ܝHK!8~ Wplz CgW5 1ٮ8BkHW5wnNY%g#\>p 9-ܢwz㨃WۗGNk }5!dҊoMmo+(xǬBiOojbz*KsrMx&1P=!\G^o0.n.EbdѳdV)s'.+9}9 HMjڍ fvQK)rL 6#6 όU+#گ.ۗQ=>&k,]V9P,M}`ժ􎿖ƒݣd=~Q[y+nFFI(1w7퀷s:ۘxq7t>Wsrn>htM /jW*d#3D/QX>'yyMuxhھ17YV!mana_)P7d[}{r2I@$CP9'2{ nyG-|p+ 黿,sՇ8\x\{(BuR.}90XzҦ|;Q-'#( 215G3ӫXO]yeC!˸?.w^ 윇Qw`?RNGi1cU㐉iL}3Im2SGJNR:r&JY 3@n8)MPjuBzxgяXta0ҸRo=mx%, @Ț]2,AnZ#7PoE[_j&؄6&Y=>~nNL=R>U:%`$/nM 3U @ӗɕ5Lihwqp0Wtcҟɓ7=b'`x_&^LJ3b.7 ыQ;EOBo {)2%:{`[r͜myl|)^Ԍ %i/LKύM'6) ߛZ ; !jN: c{ot 5Eza#6 _tg;$Әi?f'$DI}&m$܌,?+6R^>iE:Ժy:U/ NȮ[eEabٷ+G* ?[9Y0 >۷ eL^i\N?2[&T>65kŔԍlm8Bgӧ&H}71Q܂4S,HܟJ|t o[B)p(>PC7\PZSA_ [z%u|}F7^K`I>3xܵR8nĕ!B6<,\cF%xt#\'0H_!Gc+ͬ$t-Zm)ĥnE{h̗r k1Ly9Kz)yZ]M:wGkD^72.Nx/P"W`7*]Ҋʽ8G&ցd3 ӹSH>Z?йMOaO=Io ^l4M`1XxvO߼zɦ܋e%Uz?.W d3ɷ4A3@ͯQpL{YWЮ$h9s_1Mm:ߨ*0`c-#}jo,¢va Z xb!o7,c%MK<'bH8 k LN=pYKZ4 K^\f&(DdXfp<ljc*9jvg@=c8>ӚM-pLckkO(ptME_b՟y&k2 )y 2p2loAH՛s(c6ZFF~E92'V~zg*6HՃ8_%.x3%QBjrP0OI^u(U@bEEvҏ7咡:jYRoT:f T;KAcGT{4GM Ie`"!.y52 t~0eJ:ז1 !>Ǡⓨ΃JW<\n,&3;R= iK_`EtqlJglՌwc.'!'V,eGU"Pz]jR`O;6poH7ʮpqøQ=Fz*3 :Oi;.Bo}:S7rv"Y$o@q⟧lvi=ߣg2t3 o֖X ,^4,<* --g*UvMSC[]Lw_S5D߈,EB-.ãqfF q3TH]fz`PRA7m#̆L服Σ 򷠦4v!cbAO͒;>^f֠hQݵcShB h'76~wQ qW*v '>(mVhx>#-nDIO~ ^o1(u~3!Ytk 0H$Nf=(0@q zE ,ql. 7kSI4Gē JjGؠNnCx^Hj,hq. Q Lgk>S]vPUP9>VgslUlZ o.u5I׏<.W^ZP4ԵTw G5#I>sbSʋ?+7A~,53uλuitu-:d'gdǝtszEaB8l=n@R(}eYNM %5`ܶÚ)0B_^vJVo}W¿ؐw:R`9IBoN#H ) گ ~ w1&ŧ58c85Fp;5XqE_UFXv^Y:]:{̿}t,_Й@f̈HS2E, 3 F6vo&x׹̞չڪu:6@ bc"PlzH,lR$ iΧF0220M3yQaޙ{#Eb wBCC"QOWFyW0 8:  P(-y=0aw}*4U&_nLzG8}"$RǮ΢Ԟ6q|k!1v]W/̨T >@hGk[]$ͯFA;; 7Vp4\Hrn}MKZ?Qv73&aLV!r6 7EzX6 &on(Ϯ4~o5(9KJTfr(F+ShM]XPDSoj 6=@YIkqi*  A{xo#sLcȥ)t,1=DrrHR6'}U99Z[ke^-fCC3vUj}}* S3PI`ṙ(|R~jn[2Pu:2-CGᘱ)|9ᅖV-\w_l}rY#L%[Yي:$d@V?_֮ϗ 7#^XlVPrJo5ctKֆ|ˀ7x!&@uh^I#̓͛)h3S'8y_ƺjdPiD;A.#M:EވRGmЇNnx&lI&Onچlkr{K{z%#>KEW(\M@@z%/kRn HG1j➺#즜+?JB7M5ݴ`q-* ҹ 5foܟ6u[i+K$v|XXY;)6UH׵E`1G%6H&C.(>V?n !0VIC܄.8 tj(A?x*Bj:+q2w*>$Z͝3d[6J szCF86FR#{g|CMD6K.kj'ҁ#>NE+MF˻܌cYMI0I-Xlfn>-0FyQ(GQ1 u&eHO&6ٻ♷x#`1Tpl%8BB*؉(Rqs3i_T8'7 &~cV]xRFT= ܉&50~ğ[Lf qXUQմ^-'HU+gF4loWt1JhHA@*?bˠnwAj7X t#+gQ09cBz}yƕ&Ы j;D90l8z%h= Ͳ"!Z>x4𺢚3A5:q{9%}/>L$Ɉ.-LgeY5wf!{#jucQEBPَDvrzIyw khtinwR$pJ6#:YMͪ8Yt+xR2cqݬ]~geDAA;Ħ:Eiݾ{:{  w;=ቖjJrO1gvW U 0|Hb𴥽Q+́RK(3 !QIns|Pk'quQK+|AeiHv%Uv_[ٓ Q󖟍e.dhpF.]W'pM=6pl2Vhi>dejs_Yǜ:G`pӨl0uFk@,֎ Kfp .7cdV~K3f <*G S~·5 Ĕ9eOLT671:$*ep'%G0R$Pt5q1{vﭠ{6Z4a(+d>"q9N ?iW!:"lOc7"C pmbIJSV6J=F ͙c ו [XL|vR̀xpS>:C:gQ!k1dpAK骶t,*ɾhtz &%#CDgOZC?D~ԨW+=6Ugu"kX&ԾrF6b 4d fB&v4%7Yg@ry}I`|aX_T?3>,.Ya3],Q?%Txv[?^Ef<]wRob5!NZ*L)@6)$b-glz 5eKd5/y]G@=T˚ִfeUؘ>MOs< 7I3)lZz˛CX^'^]EY`haK?$n%M yTK+5MXIf73ؾvvO0<7VapD`J`;c+@68%9.-zl,˜?Nn:SDXVYn .`$"6YA ff98_eb:&OLrnq KpF뗒"5aTr8tO_OmAi|YDG>`Jy{%C1' &ռJHO[ƣRbwg" N ,\ ;Ŋ2yyag3aN)iEV$Ln8lypsp}'Wӭ 9@z=gtW/^x# Y]q FƲW>4v=mS5{P ا>${0U DN6:޳U yY2֎tvimF6no$ǿFj:![y@So|BC=dS OtԈNhвIl!5E>3uQxF4`82}y K`(OD5qąiQ`=M,UHQ:ޮd$3y&*鰽a׀+6ķףPW gE> aF.mgO< R.m>mr'u\ Okf:]AL*?k dN1 )h51(Z4cgUWjsh8 2|sPp7Z}qDWF=zJr{WiI4#愁Ey;:ZysKUZN$2Lؗ<^!޵Wx@ c`q*>•LFI?mܢUO?seNfTRƋEQ1Xev̌d]ܼ,Q[yr$ʓ«7ȭ28$])9 ĚDr1uI-e&75`ze"6 {9,6aQX5/JVXpMEn+#Ffe=]Ihi̞ tLb^6/eex(~\V@d0HJ\%?E_ ;ed#tFP!8i 3.MƯSۦL!Sg<ވ>}P٪yD~&ui:A7 ƒ'tBJf,ǝB mk V#:o-[}+ԌSG FNM BZK'Ykٱ)R`ugKi(l56JPA d Pg#, - ~,? CvQʢ_p2kGc81dȭo{bjbC 'Ȃ뙗nY\n|2a?* u+ W=LlQG9M%ӄ.(IeFFvчM#JY loG J(d,)v%[)cEޖ0>H%~b$JhjSf{vR>Fȗ4#]"3\\ȵX|NR5~",MW,[iHE48gJѿX5qٷ,6H2]:[ ?;<_߅JTFQN~ Y~O0܅VmFY*~#YLa0&ӍmE@e2M$+ ?y+'Eϋߴ0) N*GzB3vC٪zPzo ƀ^QP)6eTP OFImPI{Qt2W  &NS(cƟՑl3(Qpg#o?b;ht};qr- ??Jk(Zi)O̻hvNy :?%>>.TK_lJ8bݲ2 mi cN*\4(6dT+EN!%G@CBof]Sm?gu>ˣh*EiFշ鄧VhN偍Dw9ZK ҒcGpiSoΊ/ҡ%2: Uy~x-o5^pވGj G_pc֐b"XJClF1S^KG%PRn,bASpYīd:]-R㙝[T.Sj@8RhMd9_wU+S49yB|MۖٯHk؂C(z˸JeZz&Q2hE$Zy2kl /2@#tKQGn!8 oO-Y ;}sC!˱ܚ eVMoovkpl~U(NQۄЖК\״ ~!tʁzq)=Tb);$sOe6lŰ%'µ}਷&ʹ4kJCb +]Mƌ(.šiiD@LkJY M\KH\v>{bܗ?o<7R1Be+^cu+Id-a PD;{C zA[$oY]nxP@f3d|;  -6\]e$VegGI1 ٓK3=ͬ ?kC*Ÿ1KLPpS+&Bby(&ڝ#J:`o'F9}4ʨ@OTzdYjz/j}#7"oTxh -TzXY*:8BC~R=Da0L@_O+1{otUg > /(ȃT\2ߊF|OzڻLwhI\qN 4 EG%'wmcW/ %Mםl jiix(#CylǑ0J s5@?k3TGyyQg'P^%;\i&`i6 l7S|tJٮAj2Z6,dZd(_ǵ&mWcV:{R$o5U7k =6bitׇh~*ը=^η?]Lq$wl}|xA>mRm({/e/FCZ)$`o!ژfG$E&Mm|>0ςv$4e !uP@_iOVp:TFO)% L7޾NhC2mKv-6i'T0y#vVgaI @'ꁡY?N}6:({CQR  `_'@l?Bд+d.)ޒH\BL2flR $J/D}#Ƹ,.긥i*tfu_HR$e.bjzeS}&iTdv(JNZ4V<^wzb?ߡp |N#,AT&^Oٕ!6ę_{PjWk>,[U|!Js@u61iv 2jE3wѕ[!S]H'yUW#4ޡ4zcô?2rirb؅~U#[6(sg".B!?PJtʧGPkNZVvEFGj1j!9k畁rSZ Sq+12EwxNd`[6ppMI4L0 >9fwi+[\lޛH@/2pq&z%%DZ`t~NCqǸ$nw }{BGD+Xت<@ %;5!VOkGQCW}gMo{۹?$`l=+P5f֫"e+K64 ˹z[,#:zFLK>{j_egM)%o`d<!1jf ؐ^Ȯo7:s&V%vp]n8?8 T}gs:5XPψ -nb8k#JFxr e_5oz;k1l1ـ"@9|C7:sv9ql[NZ`΢?-wls6bgp(#L򴒇$ }4:cɽZi$g-% (eȻ,1mac@ //Spj;mxN #Bb>ؓqm<l_ ?H>1q"DZ?|eeaI)a,u. dIՌKhr ~1 7ŋQ_廃 "8V! /49E&weм%L[`A o ) OoūFzb7`NQߡ@0Hm27=2scɨd\pAq|jZȐEoٻ[[2da)PӂDyVy[|ʭImHM%#ĝ-N/hi$0E~WuKVjiuLpYC.0Z6kR孯+dCZ{;nQ^>mK0h}$0D(-(aXb?_vʓ bO@G?%m3da .[چ폦Ǭ'n#cҥR OMdixlp:,{I$D)KZv d9L.} 1{8-)-fEɮoĄYQr;8xG L#J,uёiсSP ]\YH<ӎo{1|WBGpL\,?a\Smlq|௷HZo]5mf[6#@'dbtXJnl^*K[;/K|h< 21vyOw4-vA%w{j#ww#?rҳ#lVNA!toWj-T5~޷Ah,En&w ;= ݣ*_ >] |xp3cF}dS<9u1y'P@1Iǡ9kKh\R-I]lJeu8Że\lX\H,)<)S u[MgI3"%z&*s(.ٷ^Խg{S&հLJ@ 辍V؆&ck cq:ni͊ !XF/Hj9U 0\VOeJMC}֌Ň&_egc? zu@\%9oLЎhт"_LGe4V6, CUXidx0}QBބݍ(fLQ zҨ͇}d:ҕ=92~(\jY51񅙵;4NPa6Q[JBR:˔xʍOhCKPy ,TN,d4U[r.Մ{2au-D(40]]GnI;!d^.T$fO:ήͲQur^YBd RO* HQ7WHKPJb؅1}yl\g!z6?B.50!K=OE86+v],J }t,{i&O OqP*έ`V@l0;V1) [m ѝy"Av&1f;^teGѵJXoRn*s rЍ2[ܠ[--êBR|KQ(Ha&N㜻&򷬲03?⛓MȏȄe<}>k*d5ፌJH;a(Hw7o @Ն <q]JV b,( V"VГ5kyt,6.;y/)%`dWWk/tmo~ fK겅 4k e +0qBQ ׅٷ޽_xcO?tCE1C6+hp].Y@;ȥ !drfVtgX(uh\șUM5[51(|ud}oqO哹[~@$PJ oGX,}Ry E*UOLAbVj'C0 D3{X7Zb=~}0;T_2{k>q=2D3؊xQNg-\ WowY EW݅G];c4m"Lj=+0oP⮷̣eeSKK'ٍ^3#K1n"@Tޘh=jxdw8jW (H@㷰8y4'8db9TǼZ8[[B.q.8H*gʐQ?U>51A~%DIFLXc[jj^rSAŷ[͎+W*2:*ӳVQJ Zvm1b ~8L揞戼P*`p{4̔)Ɏ)OyeAھ ~@0S5dy6 Hi^8zm T}!a`0PH`6d+Z~a#5ƋRwwc񈍊\p.ir)%쵖k2U>4"zʅuׄZL7مlË́RAkfnp~L/Go+F 43;;ѦN,KGjcL>_*4\cqEBOk.o,m @rL/c#`rVRq*UmESF'`Dz{mE>edq% 7ڏsޱ p($vVp 7 8x_ԁZ X `̮J_`zmOf:-^٨U,|,s6GG5n}mV13Mc˳s_rft/ʆ4T h7aRk 'L(AsaSry=ꐩҋ$^ԗ.we~v\U,zky#n{Д{E7Doq9{C# {ۆl:j$xD^*?ڽe\[}*J6ҾqCh!4c9˛مX{mSQ.G,"Uw$N4?uQڀopӅphikSDLf=ׄbvnT{sH#^],=e8Y^՚yu(ܥ⁕҉ ?cKi㿊X{8Ɓ ϙSI)KĶPAqVieZ7}y~XW7 ~aVR0bEg 185Hw0#ǭ""e}z'Z߀2|{}(GU~ m©ԯnGL %tE UcL};-˾E}fɡ@;m"F@m;,N]L4Msa\oKh`Αnb#hĪsuMYȓ%qrwE\Q hBDSt"|gh#=KSM}뼬V۫V㭬W/Ԑ h2x_ƜmٚkʼFOЍLrheA* yy{E~ 6=Vm(z `n{Qef/iBUWYXWe%aI@G֩A' q+gxȅ ?3+}y~u%i/T[ǸqȼcX}u@F xGN?JǾ"c"-WP_KWc\Q֯6,-u:P_NNPh%|jPHL %5,dN[s"=+uLOS@4i@ojJ Zݼ*CQ&;H>Ur8\5#T"Eܦ/# nb(ۮcdIDϢV!^9zva稖,;ˆ樬'eb =(wڌ/Zt: ǀhCA%3PXB)Zd=FWUגD?ݩ;%&~đ ]_ ^ ޫk?`Hd.NwOS1{FkvBTx"ޒ=Z1 `o#CE`]WӔĢ@ş ů&uUbw>JڂN mvš't+Q4E3fjμdq͚(,|gc;0<[ W.[VCr}yE*4izF8zzDQ+X,.;}QD(3cB"6 DvA ל!_D]]B1tz+b'Z咍R8X򦱂u$Ln*3*>u-6帘6&%Ctg'!PPp7+]DϒtLKF=h<Tp4;/T$ʔ1mN윯Wu/ c/ZL.E:)$,|lWUA϶1AzZd7jq|>xw.%yCpAe.̿8Nu}ZtvQV3_r(]3*>J}e3M8[^Vsp\*^a\/*_"ۯx|&cl.1 Mu"`{z"cG",UɯR} Lvhh6G}c% 2nZh'ݡFgMqZ ]~9G6(^,Rԝlgb(< %_4 FY~M۽arTihvۻ=kfK();J$K=Ķg [UcNt~;;RRd]1@W_,0 ~T{4%ѱKJ2NA4= ]`"MpwFrl7V*)v $;W(=N0]rȰK ,H:Zͭ* AIDr Oޅ$+-bD.wHcnm[ZRexnc{ S}Z&P.3v;јA5V 3P^F;ö[\|\ltsd|!z^4˔Mrkc[ݎl3z!cJ[5#LFAμCtW+&zT{uF/F:Ljmwcuf ic hEiNygy況L JF+׊[oz*1W*|&<|g!z)ҖJmt%C3v"rw vlX]n;AЊ[upDTa6=3F?|AAifHO[ We{"?xfIkܬO _"ry${=yYG~xy/ 6n}D[ nw9V+ 0 ocgg&x=Qf\㯸߈EנO zq[SKu:W飩\gLfh 15R):“x( -Hr[x 5?K};Bfې}fc>SriZh^kCLx K#^ک13+,!0Kn"h5V%aY<ֱ( B$`IMUyVЋzl>fTϭNly} 48Zjۛ[]@ҹUfj#V0>QV˥K=ώ(E[栖ԇVMl5lx޷JCrAF 1C^eفvin'7G>&,HBh#Qm#N .<~E!\!6SޤvtI36%@#xT<)l#3}@w@gM\aY[<[CȊd7o?ÉlMa]n`g˿+dᥭ1MSA ┛gZ};bF[i'4V@/f\-9C ezʩ+y=n3Dݫv]x5.n"2׵}d .YH`BnLBsoC |7mDBgRT§A tZKwg`|'gBƐ;/dCp0IZk{qY'y{ R\TmcH"*% Q(L֮(r3I۩nή24knFq#Ack .|ޛWQ| ܥ:2V <@t~ͷt]<<*uUEv-J: D;8tEtpyk lEZPƦXgFği1ݾt5eXk9gL1ppoAaZL6)a81lLA(( Պl.zTzgK>|ːq&t!(+E܈2܀UuFPވCezA7].0y|rFx 23.Q1"w_z;]+JoV^WĤ c4Tj|$/ '_~MvHX~}""e$50 2 Z|z-.?EqHi8gJ0H]4~J5CUx7"@SwTv/3o(<_r=zL&zA&.˔eEjKHlIqUXv Y,ܓxd9bglw7$/CB {ls߷aY#%ѻѳ)] wVLd:S3Qvw<.֭V 9ZȢC1bU6cG[xiy Km"nv7/V9͆'Lt.V%_ȩ]Q2f k?Fc% /|{^)7:+T*)~{c6PP`g5jmsWA*U&^֤]@=rɢ'WFVU; HN8:o6hU]cكϱDڣW$U>,䊘UnPYCo\HߠdC i?^`6a1/ waaՇy`D`~CO/,'T+g:M~D y6s{{ym.TlZ닎 }`y:s^Fh!k(-J@Vt~stC%v1S$?L9[EBQˢRg'ˏ8Rorqk=23eU'p Y3e^i ?L)J#T~Y]3" nc,L"=!鹴)CG*&t۫ QF:.NJ(WhQ T0k.[_?6v W+F9f~ l,;G7G[lǕfU cY }*Fp4[4~h"Nr}v,:mmh P)XF:?7 ٝO䫚v0ꈢ-%,%qf 2i}_~BRl Fc!PLf2vօ.MX|'LwZ/W)*@s./=c m!LC=fjG}MqH`Wu5'lJJ$Bg 3jUfڣFqdpm/@z}Xf6%8 NYPnƏ9qFEr;d>g\h͡w99A3{}Z"q9 1cZ-"1Gv۶v #x ݆zt yWdŵE-EB뗇ӥxv[J !p8FszU;HFr!7ȗE[)y;p`eEU5Sq٦Q<ٙݜ18W)UJp89#ZфYk~~ CCI"΀3d InJw],,[4mp ;΀-?7sr .b$%ܻ_HSjkM5âdz]2(PB1$U^՗F6hq?+IŠ1Yfz Fԙ˻T#nv'w؈;7'wqDlq)E!4+pW Iμ|? g%[2NrR֡ˊ=BeH̉4$Cyd2oP_O`(Ȝjڟ*|,-1_K >`;#AmbDE<ǔlÔ\f:{2VbzYM;K Eҙ7XY]&Gh7yre)f0+O1qѓ65@l:}" 17b tS>nC(.T0E7B: A8*isv73`vPǵ0 V,.`򑚛/֐ nNuJkijڤI'et BԼ uXN1orDY&cG𜁶sp6(؟+&ZfPa 1-zr%fnW8֛},E"?2Q%vj>wu/7tZ.Wur?K=Lϙ/y(gs u׾X%6ʘck{8K@rsp$ Tm~qFEHIbjJj;~dW2?"*L/3` -¶۹~WQ cjC:Nj:覜lQ*MaQ\|?@h}:<:ds?x./ƅP$EyDo{`WD?7]s(OHܠ88N)ϨIԀ CMc=8pvٯ!٫met9ceDI0:ycx>2| Ђ[aL2!J視#I12jb`g$™KCcCA <>Nڸ2θo֓П_O|4}@TBۄ% PaYe)`=*ul=ǧ!£=!chesg,t.`!A+_p(>M$7??[pjg_ze,a_ lH{2IƁ$0<}rsWBJ8fFJfF:p`T韠f^Z\,|= yO]j X'NH*`ϰ9 Dc@:h0-d<ɱ1o2-#{RNv!>mL/x X'cp> +m  #fEI#^ԇ$ue0?CY_vv2)лj6p, D9w)Ubv‑J]"lN9p4{܅Zq80@sDhX S;VZZIY*ߓRi@T i#j8wW۴x3Qޙh':zEԆl6i] ^JG{`J(+j_ߓy`UŮLS|Ծ$9dߋ>ulq{='VQ L+O2&-D(,˳M7_ܡ(А:7P+%CryT*{uRv=)V)6=v1fb ޳!AG zqytN"kҪP_9-qxņ#Ēجj2$pTLɰs-ע<ٮIh#mlf-͝K]؎b)uրQ0b&YUA.c`(Y{q>swW P5rJ*&y!LInmmnk/4p6D{$ *od[A8uպׄB)_{ ӥQb-Va*qG6:,eF7F5=̕^uX=jlښOHxO!u~v[ꃆؒg/?3۔=#9_[͆W+,QxXÞ=ʯ4*CN@[ lK׾ۙ/4R٦@x ;R:JYy at +{g:%{""эii Cq[vzQ'HJepC VI p*v*$}VƍGyZ{yq6u~#D+I'4˒[aGRT$\H }?z/S2"XoG8jZ9%+uXC,-3}KlXrxShev׽#u2)GFs;fk GMTˠT%`30aɘU9s2V=5l `VK@vޫ Q{&TIfD&>osM^ !-=zcSTbe<|]JJeX¾#1zޢ ՚:0KncnjM)R+d-Q8j)<ދ* 9_mz * b92Ɉݵ?/9GN=w+עt\sk,U$7Ɯ^݀K"AJX5+4fTL`ƼȝY&AE@A(ډJwcsx{Hū< +;B;xm)y{zH骋(2fb=YZ>ܡ/Fj,!'䪑DCsMo^- 4ns|#,0HXsE3|b\ujS:Uό_Tu^X{d0p# kGƄE)gȄhI.W`뻡JPck+y-)Hsd3If2'_OF^L/@ 9 1KqA*4ax ~VZ+k 6s qYO)%5O_cjT2lPGqM#q9䌿$$MuL,eWl,-NBǾsX4Y=āVe0X˚$$-;%t6 MxظE胝U,We4J0X'${/ .$ϱGÀmeRF jUk䆚O=BqdP{ÎLN}zܘne-g9o,>!4?xMa>=OCV{[pp. H b`.UAR}$S٥n}1ֲWxx7> v "0.vM@YSڕ'@d(ý:u~LG9iԅ^&7 "^1\5%Vj@>Oza:fbȮB sb؜kDQC$ӷ5! pm7B(BJԸkc~."aQJcxŷ:|ԎA蟁+ꆍ՞HqZ%δ)\0i m!s\I7}P#)FmjXn*N b(&Cr͂,YZ'6~d#'4] זˎSQpvF0Jd)<1cK7 5j 8HӤb7KV- :2PH:(#TGcD]2D- XuGf4f0~:v̩bRf){~ym=[TG"S>|@:wUݦ.̲ަgݖl ;bz%1膐M/б 62ѫRy2A~Kף5Ixx(c͐ Px|/I>A]}E@j MYS{sDŽL'T vm˲okՆ WdEIQ.2`WzEQgD,4E_wKDtp%]\83t(31..4 Ns9ٚ`I&[czH ]%ZRс Z"PJ|top8o=),#Ug?DoڦIr+jƹtz~qWpU&5B)%KL\̓Om~]} gKVJkٶKBG)|'Yp/&kVu:1HALyK2u9+*M@ l5JWY8pRmh8?kqCy T()Ռ]R0ᡟsO}!ʯܡDm! =ڂD%L/O8)_^4aiPH&iAɽ5S'},[g,gI{<}5)N0br uMêSsEyJZyH]Jd¿=^)x̍Ư.W0PM[߭: &hD'$<Hj`]r<%Gp?_Pms <}c6]/5]BS1.43GoTl1K籀  9 Fd΁3jF 7Kjy9KVA'C^n v5}G ;RĘcFutkg=W'S`I>crm\LEd|y h3:Iȍ Ά}rXZ62P 91&Y陃D.i!b"g_p6boFE ScN}#E4.mtH&Ayۆ܌&[ oc]og$­и֣֯iCVy]UO(% 8T;ڟnNzs+{x:J=PE`H+ ž[XN]hKX ]ӗS}KQ%HkH\;nnTͬh kgGr6\bP ,a svuMnjNƿ1''?gQW^gqL'~ ;-C7Dz:Yv(шpp~L$L~JJ!xkriʵ iXB 0G8+02^~`S*IŎFmKEq/ΰq)u3͜!*!By(/ݔy*ku ܣ"Ԇ"{soFAi+*|oy-ڻGN :jd 25j+l)`$+gG vof]X@N V7|Co3\>;_f.V˶wBp9p[0ɦ4gNSp(h~Iƈ.W`EҠ6\ڟ, %u]P bz6tA!?py w/\ulhB;#tbS嫥q6vJML}EW;QN۝[d]G}HYgޟa/zuɈkABy#h !JR(qHW}ypΣœPD3վbD^i-|.nƯޅP_qId;YM`}~ddvDD~c ≙-~Wmre/b~[y?54f_}rkmg=zwПY%ɁU]gQ(VFLHx3\7 Qp_ݞo'r`arfi2jpB\N  {!ͭ>)b( 8D(ZIf/,f4AVF4 Q997fbP'9+"2_šZB15|n՜#ό YvNMuHHt[fʥ.>4#-YY 6jO{2qJGԪ w,GVS)P-+GD|8Aὖ[U1VsqbNL{jD^H [otW4~p C/=?'CGW5kJ#@ ӧV{TcPeOS|9,>@bt7QWvU2r'u|.n+8>$)+& ~es\SpyjY8ПFgWv3Yt{Anm}3*p"N@A " Q1c,q#hf~ѝt4OF% Qv6j_Bgeu[ a_C!8c ꯞd)_-Am7qGOQH#ڎX;+t.Ml-QVsj$'*k|rU[ r:'8I5.$Cn# 8?܌򪷓Vuie4J=Ag[ 2̹ f>cU2i< r],qئɅD*x4sYޕ2.Mk(ҏMi94O<6e΄6eÓ%N8LV*4N62~DwbQ?cqTGq~j>:0NL AiL'D*pWd8~OIW8 uָJc3f{0=WzzKXDh*mCf&rȣ3ѷ&[cq握\!L4]R P (BZ:#68$`w'6du*enMC)x~*etJɈU9"ZOJpNIʓ0pIZ>dFZ}pEQC)s/m&%D'z,`&8֕!kN$ [&I?7ík!<RŲČQ;8}CC)Lj>u;::%pr3 B[[#J_C"Xޮɦйt7fzDxydy{u&CS+Լ*l1S|V5γ. S&sA%ඞhߜLNW IKX^J5 +ٴCyZa ϴ%Z 9O{V'Crri"]EI8 z ;ǸCap ^,~tw:}? 5O @@ǠX>n+ jOE0(*NZmu6zyW(z5))G38/0j­AXy-@rnBJ#=GoYv>1/B(%/WI'bRTbCEln6 Ma{)u>=e<Ֆ6:3˅V7.+}erj8Ў*Lʪ1+E$O]oN0b@GUɄNg:B#d"[1H{ p# qݽ2+ߟ"jAKɲZMUtZFrt6eT^.Vs&WR?WRX2eITL$  W>>@d;~*.STޓ杁<@ax4{RP@ XbR^V¾zxd/r&qJ?2Հz_(!xD8*Úje)pJ [ k⁨ϔ=NfsUVs_G3,$?a5}K {kE v (EĤuz iM}O@TXZ:(TcVTB]f'b]!WWвံ1m􀁛|l 3DQ M w5y  i.@SKyd;ӉuD&ԚY ]#BQ/9a }ɥu 輡]{bA%O#{zRsJp{ح?BSu ه p N 'MsNkHqIq_O?)*ў#ga2֔6ʗsm'zڮtZiq NdhP7D/wE$~}BN)3clvˉVSZ}a,ոvHqٽX/QAn}c ^&j:UO/7`PRSE+H@b]ݶ"6h<8d.)Z _| mS. )ْ.}go#7`iF&9k P禗k!Ӡ粽1PSUldRepsZ`an[y]`Fe5~qS}i{|oI.6q?wI?!_CYozF2':vj%z@ GXnԡ V(z޵]u]ҝnI], xRK8]*f1Yȿ%Ղ'{̂SN#&-L 9y uNfp˵ڹ)גe_0=AkqKx؝P"ޏ`A ] |]|%"k)BoG; >ZHzi=؂7ʵYwd#0 ){zgL!7@ X ‹I dxȜFBۼq]^h3 _Md<ٰ8{xIWrʡyt.)#MzJ>41[aѹf_' ¤GxV(` +Hz~h.~htf Bap  |"`, 0{LUܮgR,y5s *cT0[GxԦ'_ eV0 />g\=s9nQb۳W2f$U9u>Dծp^Ĥ[>&o~_cm@ $q!( Vr(i|lZCS1>c_]ގqSu\[l'PMU Тd17}UOERSyggs>}cs|H12|\'Ya,:8N8+`TǓvsVI!yҕ'q^'KAGNRih , L^95߁iqYڗ>edvJm J7oM JX9~X0_Tؑ;vф3c,WULLҷh>p%.U㹔#kVc˘ZK%RU]pU%/h);9m4o-+QZf ]H-UJb)qcD[?] Yoa2._/v?^SBm4*[dsDnq'GoONs#[῏+z! T|f2*^ f].o@ѰCao^k *NͅurA$Ƈ:4LZmRaM@&=!ae5HE0!F ӮkFMyl)}I!]H"S!^cn4(U-^J:Xbڤs'u)M.ž̤r0͵XFX9"sX]Һs_VwՉ?y"Z7{iSMVSXU;Y;ӌS<#dW]J4qK|ĂA/L#>&*7iH'l /NRv ;2we\l%rt;F sgϨ0JAp~ Q^HjmĜ<7`jMJl>f$32F}B~/I{1gWe/kǡBc\ zQO>]O\JHtS]Y&o2oy̰pfP,n3߭yX^Cr^% %XjI_f@PĻcǐws5>D4n}bn_/7"IuPidԔHט!_qhs]+[qlWT7A#G^gA,,{{³$'[OV]rc@Y W<2UR@=[`0w;F_NB5~ WH=i,t cLHbblK{QTcJ!`oF70Ľ)1;5V8ƃNj X+]6~,6Z$4`8lVJ,@C{Zˆ,5CK~BJX{Z`BiH[sƧ]fS]'ZMGj|;ҵL{H$AEK<XTSD9rՏa=GdXCA>7XMmdo^!eHF 8?0+e%C(MLv TAͬg>^k:hM wbyd,HeOjc7$pbp"\ Vx>Z~GJMlp^C #KYV]"ӫO̝1֘ s{d!v]HX.]ԙ3v#BDϤ3GHvdɆ clD^פYpuR#䮞~j==>H410T d&pش7V[lHFXAPLLɰo#d.RX\0} "MFBБ KV_v/.maq%x~C T)ssۊkY |Λ98 Vrnt9,!s8SP-z{*C)]2@m]!GٷWDMvOv&׊2>p hD2E@0 -k+:ۿ_gIc]L QȧX4ݱJ"bd0 6x?uv4،-@UɪjTO;ރS e7X#i4_tlpʣ6+D?frm⼎ *6.Fgxk#MApfD1yߕmNyc pSs7#6q:\ddQ}ÎxZ>Ӣ *auƃ&.zC w> @V'rW nү $}& S: +k`T4GuzOUff{PV]ٟEMCN^p%DفƼĭ /rj6ڞ:hYܩ.ҡ>˶ܠ[z$ֺWfHJ,:LV ;jsTF3`nߛga6ީaV d&VLpbn޺$Nb|5ӲA.Mf gTBŬt 2W6? 5 F#ƶw %R:\Ͳ dR N-<7$.qӛݔ®᪃r:^ ( laxrA[<`{zMvثРcyhMƲ튩YLac=-k41ielUyq;O!  sTRlqf4ooCڗ[lQ$CgCj4$}̤!.R(L I=I/L +AY#]ͼvz:Z6 IyH0X`T1j!'bf}2z.tҏ _hq)aT21PR׊%[KDgMH}SOl^LqG \ϚR~,Hcw2_OnRٳ<Ѻ^_-vٺN\샷ʗ:P%GCƓ٫Hm>h߰Z;(Ӏ6q<-ooy8 a"*ǜ|}{pXI֌\`$gas BI(y]`IG^7ae:: 1o.BG>홡 TAH^lڜ8c߳S\(~GL6tl3P /rSbC0h'l_kYj ܭI<};pmD` Ͻnj]S1CB!練 "m#` $( |iu$66@ =_duټգ;ЦP>=ȓYYX& ?O{i>v8RKJ/Oǹ߉+st;KwN: bC3:M[[fdɏ<`TтC@,4)fQ> {V.#.AW8bw%.D^1ь wb%: (W 剹ȀˉJNVBAq"!H'+ڒJذ T &:ٗ\Q8 X;^mo% Q( I{]LBo0(E6_3@'T=v+j'jO /%ʼnAX1 TI-EvpNQs|p|Φկ7='VS >w߼Lk s:F Xb5&ݫm LG|@ fm;T6 [n;Klz#QӴS@( tFxiڜ]axz.*9Zi5BjnU7m餺 y WD( 0MOVT/ ?9S k ljuO2ܮ2kKjAɫ@#ze~˜7EV7"/M R[Z^opOTyz_8%(4&a{5Dǰ5ǯe:MOQS >W5&yQ?93+%)BZCIem !M:j9=Ph\``w,p^z0oZlSvD#.;«pZx6kIt8ob6+o0gQ9he/ln}̈́粩i׵x h3:; +A e&kZrPٞ6Bʸt-7O% M|@{GcQ^9h}mP&M /%@vl.jވ޻cpa_6 Gqjh/ c]d,k8k-7B:|Rk&6v>[JrLpde➼6dnȚz跸@#I_[-f1y\DEM,ЌU>(@o6,WzƬ̢e#AxK)i9ֈ$mP[hOCGy>,W?G;Jjs++t? Ev]#O\,N鬳]eR9  ٗ}|%\ᒔ"C] ]hy'rd~1pd !f-|IJԚG,CYXo8\,C`(#UA}yОg{ `ĸe!%CTڼe)Saz7(2W&xxiM9L*dg Ĕ% K*nmdVV.`T_9ЄLB|~#8w M5?cD7T+HXDDK <;VJ3r6c.S!$s֞ V2 BY;VG@S E_gplBf߇o>Adw؆kg ]ǗPV{čZ9Y*+bĞ!'APdN˾ޡ*GyHEˀ'`[3Ds>K'(1[ 7.@z e-4Qsb_LO9@ pbK kwrGG^֋AuH񏪴M5osDŎʫKZuЉhܵPᅜVV%^eڠVeZΚQ)%ؿGőkD1~w!wׅ}? ė K8i]CD[ EmgU[e]3=#5mS$x.&W5@rIq[Mg[e]&~()u[s){X"߁ e@U|UhMգvUh>SgaApiͽEx8i.c\V)@͖<Fw)aON+0OŽ ,kpt-~SMHRi XNl"hK;~6kyLt?^)){ϐO}g1<tF3j ۶<[Dx "ih7E3vp?F\ApIٽ%i9'enpaOT;AJTE1MXbEڣXMx{~AvGȄͶg /'V=!ӎ72Q9ꅓU@zJjR6Zy0< ߅܅T;XQvRN8FA2#qE`la|]2Ox6\4;v11-/rg5'h ;F-z'B_X'%V׹Q?xˆ ^%]3?ιh8ޣB{bu )  I 2'X;C)zՔXX~0XĠ_4H t\#7!+" vEKL.7`6 I~=mṿ C Fqа.BXX p[r%ȕicR5}Wݺ{F? }䋼:Peh#@ujr[9%YU$W(ޟO|2C̔VrE}>.zHg21ܝPBߵE+ - *lZ{@u4ycZN #cdil#Q_9 _qT :qk{7g& caum#*ac(Jױw9=~a}u`7[h$TDUJΝ\"&0Gޠy6ME<(SS3ExT,I T$?OLi0D$sj]i& /&yxF3yn %p}¾ Wے>'Spn:-7#4ͥsI9M="w#y.1LܪpB: ~gfx0zŹ?UZw :"gQ;i{Gv,Ntv)7 =G w6\8;?1͞)~#=XGϯEqGj6co:c}eȲwP$[Yحw̳1%_.d(2$oʜ}{;F3.4%˼"Q~Na}ZH+K%+n8R<şIɐcÛ9h]lX]@ߧ"|D_F]a*(ӫFǬo4B Ln5&ZX kڈ9v\ofl׌Q >vK-^dn7Vn%CPj&WHbMBk7 f%{3'm֡*JOF@"$4qT,i-U,+m# ATl8#p|'ÈV&Om*BdS4.K,CCt. l1 LҢ>2leʓ^=m[1L=jUH 7~ן$`v7Tg{IRrԎIh 2@;2ƖEwЗ=+fUU7G6hfXBE>y2Q K4DOVsܡ]{e4>qǻD0 R7ض%ҧG!팶;oYQQ0~=̍m+ןRԵg D?h0n*8قաy&Uk7LQ|KWqb 6Q΅5a^Χ|9e %Jkbz_%U w2zR&[MVY#t+vśGKO%fT# #E]%PLPS_ie/w5-80 xiH3auY}gAcO{b=bMXp~o[b@qh72%sVZR¹HBwt7_ s(Ө yl⣷{ <,Lq@ۢ0\lW[; ZXbK0`8h!6Y{5 / BCw2q q9 =sMe;v$AB+ޙ7/2@SLGqP0`k~2x7[>¥aC|n5SI- 0Lݞۯ0lz3O}]y΂tZ]ț S8%/ge'ľX%*鍢̨A >DodR:@@ڬ26;dêpu$ L۪݄\lɨ-[-R9IN`8zN(ADdwC qϡ~u"C|mu\8r;UΤœBbJS.VSA;ҬV^>p̀{E~#f$[!k</~]kϳ>gPwtW`Cӊq[6:6ݘACR.U8tcJҮAK&r ;%;7j\DVBǜ[8z0yϔ$<u*I@R2׵V8ۺ$i{Ϛs*Y&c ELhÀ$lo'EH6+ו4CR.KѽbH@\w5F=98J0 Mkqs`ԛwG}l IbTv0>`Hp#la'O:i*+2_% <i߲~(70$n205D7O7mk3=Q|>Z_!l WDƜmk.Yr~ٽ\x 4<}ՆoFH Ӭ6os'r*?y8;ߎq}R!.EʜG^[{RZfC"1\}05fk' X[QS>eO.iY·$xB*QAF/MφLs֊m̊DǸm}\Yd"Eݳ4 ǵ^txQiQL%I7Of|k,la.83=Âk 2d^2,vdr^y: @=`۶_ < 0;$bg>|gHtũj.^J;2ԈFif/tyEw(т'V!B~^b{-$ $ 4)X=cW{MbyJ|bX۵޽Vh<ˁJs[p\f_D#%R"[WHkb6-ܘ*66PXP^I$sj[Lpf^ӔH8Ycs˺ +Uǹ"l-bN3 z~ye~1)WR]2 %WqV6cElז# 4YQLo!U8xC1dЬ2dᜭ B&v5UȎtiI:7̊څ^}.gQm;q[+~vk}@u' ?8| ó4XfAA_pvi);Bse |yM~Sj0e~x71 LSO?t+UJN7(P e^(Z_Ow 8͵D6g*G]b&V&nB$E.= #?(@d6e ;GPWثlxF+gnVoC ʯ`itc`= {, ]w(5*N&n*rD\ԺOuY[{w'  ;&k+Y(X;/¨$݊"Pܤs z3k )g4:_:5ЩU}b\\6Jpoњo0ӻ7Ub1Z5|oxYlrH&@[cow "xLY M/"'ʼnjtl:o/)UW d碩[mi^/^M]J R,Enx΅D\V{@&~k-KEԝS8OG6b@_#lC컡ŅLI쓰jE , 4Z3Q"0B6uަϤ-%$vۮl4o)vj-{KCqpv'=s*2Of/r#h ZG.t+'[L.$qjC 2_v>8fA}}i dέݛcP}v8e%N/-L?:VEsƒCt*>+'h)vJL ) !K,DŽ(@jg{F 1Z,}03tKȾX DZkıщ\asߕ 3\czː%D~|^k{ԼSm8vjF6_sF6ij>.WU.7j΄O?RC"6bf0pks гT/d'1h$KE&p",H S‘J&[p[CESU"W^VA ";Pʹ(RJX. _ˊ޷Ff\";q,5cI)0?r)LgT8$Ҿ0 jMBIQNLL j@xO4+x=S$.פjVXrֳJh)ҟ鬁uj6U ?\Ln d? Xk{%@8Es俍D@v*u_ 75.'"w9_yywzauG5A|nQ%*Aٌ6|[ B-įɈ•LŹ@M{ZTaߵj] Ԫy4;|E'RbJLŶ=ꩪRԢx,͖N8b4I iI>?k,U1)Tk}lKmʬwBu doKZX 4XMv]:O%qB CNv YݤrU~25[?APң:<*JЍX,m}ū|ԨU~CKe!^2.흈$1`?e:I+(`;'=12l!K/3)Hs`sXs6fZ,e1=G8`HgE0dE/} {K 1ENޯ cŠHdR̠GaԄۍ8i^xֽT+ԛۧGEwr2nWgh_2:  oJ$ْniRy*h!CCo\>AcZ0vY91vx='{^i3$B@},q+̩.+JYQ!{G5d4 NR0k;PܯT! aS:؎"ꍸ@(g%"u⎗P[oҺǠMyuUbY &m͢u"f`N Wsx=Nہ55ɷ xvXOB+R*pW̘wQxIOs:A⃓]!0I˝|lt͛/[_p%(T|{ñ79ˊK|5zDi6{VdQZ8͎o:4F < ŵ'i3j 3,έQ+7͌M,FH:AVs8ɤ5#83R$?@n.;)98'a{2Êhw$P%{lu7 O*ܳiqwF?`2"v6a&x#LtrEфuRg`~ Ej7~j*[]} Pyיی**n ;>JT9Lj mYׇ|+rkf~檁{#˰]R({'Ua͹㽂UwkyPJ{ϠKjK8!,8cAn\FJ[0!ERu/RT1Fxv]ዓv?4>x=Jed(~5(/N7{)d굒x}ʏ&-}P6Mnr'֧8ٞFqiSa뭢>),8 ! hp_ՀHRb/>ԬkzTZă36#g" Y^Ȏ^\Gok&J?] Ad~`T3SL%:΋M>'ֆCxѹoWmO͌qD]ʖԕncB'G~pIog!(w@{q hyC+KnEVgB,#1EW# }9pu@P^;"|>q?3C[>( VϚi*; ~=*[?x;;ۋ$ z*t= " !J@tSxgb} 5Kj'݅iYal^ heYe6R;V1 m'ZKAyF Tu 5i"xxJyd}:$[yԿ:`Bʿ݇zx}G=4'/l@^ nZeZ*޺ecpblp1m4VldE;xna zh7 HfS]󇰠VEuy J 2okC>fdnϻ="Oh'1|*UqZ{̎22td,ͨec9*i Ջu 4Yp H͜mW0vR'_+[ Bz'vu'S[ ;_E3y'K$\kKЪs_KjZW˲kUϡT O4tJ{]eƈ~Lfb}Z#mS56?ϱ$o{6Q(puҟ1IJ$/0o(>B#t3\G (&Q_i9_[tͶЋ)*03[5̙ҜjIةvc|=B{rUw9ޫs2rΫ5vmK\Ώ_&gh)eTKzp 9sC:Y=$\g͌0#7$LqR`,'¸uʮe 3Gd<0a5B$!; S(_32m?|m^Wm ;Q J>n괱,3w7}qBD5t@\ktM7URT,n5gC]вQ50VK>2u,e%98T;2z fΒE6;;`@HJ}m ls/{A7aGX;p1}Ԟ>\j) !wn+ [^Ů] م!hwҨXMm=81*f p<(^lfjh3]0Eؗ/RR?GXXfK}2v,4,eVL#f|#.¿G9C@0ƪ<Oz2BpV1 -_E7Ȝa7 8 ְ=(7Y#O QXun}kl 6}˲!8(A!H.C#yfQCJש;ъ!R@2Blh 3qx̿KʊQM7m,c,9!FK'ʂ}Sꀰzw wgc?BzCz5BG?lC<:56m*uH JWnp_ '?BH^.=W'|ZC;[xJ~\ghuv\NB8ɿ^@Z8gs& X\])Z̏՘6SUs(>:H.v)nSYqwԯ&+i YZ