sssd-common-pac-2.8.2-1.el8 >  A cPU]E4 d\hGMp#p>.SkpXQ-mFZg./~R{:Yw&WHI\ȯf^YRE.ӱ,un bs,Sd~Z'~>A#3)qY)E޷ S1\ BE"5oE*7ΛWZ_Bd ҦKwS/~6y,rH>9AswH+b`kR**#+jP] ~50qʮM#wu9 &~~'"s-ޓ2Zѯvu@@M)xkYճ m!*vQ"*qt(˿f.v,qBK75^2a1de9089cea9568a68171791c461db0cd0fd6cee21a010963ea145ebbbb67975f326af4b2a6f35332d751fa6d73d9084fbb861ccPU]#r*7:3I-Ӓ>g,C۞lr#hQ#T;_[̓o[ʐ|> TXSD,Yaa8wz錂tQztP&rGavԴݸ0rRcxYss W)}3ce]Q;ijvkA)HBY=Qjd&!p[Ѕ_}č-ښ)76SgS; ռb*k,0l(gfp%Ԙ~ ?Qʧp~ĺ^1_KlQwGVT il[B|gS_=PLL@-V;a =\7I9da)xku8l|5M2^VuHJ@ 9OP}I΃fnvm7*ʹiϙQ_/y0ej؞UutNIbqh@ Kz>bI/vUhl>p<?d  P +HNXp |   & Tl222( L8 T9:aVGHIXY\0]H^bd^ecfflhtuvwxy,Csssd-common-pac2.8.21.el8Common files needed for supporting PAC processingProvides common files needed by SSSD providers such as IPA and Active Directory for handling Kerberos PACs.cyppc64le-01.mbox.centos.orgsCentOSCentOSGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxppc64le%"(KAAA큤c=c=c=cc=c,5834560f3c08e965be6897883d7dd7110e53ccdeef953187d4d82600382df35c8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903../../../../usr/libexec/sssd/sssd_pacrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.8.2-1.el8.src.rpmsssd-common-pacsssd-common-pac(ppc-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @libbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcollection.so.4()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.17)(64bit)libini_config.so.5()(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-standard.so.0()(64bit)libndr.so.3()(64bit)libndr.so.3(NDR_0.0.1)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libsamba-util.so.0()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_iface.so()(64bit)libsss_sbus.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libunistring.so.2()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-common2.8.2-1.el83.0.4-14.6.0-14.0-15.2-12.8.2-1.el84.14.3cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)2.8.2-1.el82.8.2-1.el8.build-id010bd193dbd6cb08117e066a8952161329d6a240sssd_pacsssd-common-pacCOPYING/usr/lib//usr/lib/.build-id//usr/lib/.build-id/01//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-common-pac/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mcpu=power8 -mtune=power8 -funwind-tables -fstack-clash-protectioncpioxz2ppc64le-redhat-linux-gnudirectoryELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=010bd193dbd6cb08117e066a8952161329d6a240, strippedASCII text,RR$RRRR R(R*R R&RRRR RRRRR"RRR RR'RR RRRRRRRRR#R R!RR)R%RR+RR/utf-8ceb1d4aeeedfea18bf950ba7c808429ad60fe4163b7fd48cb69d61a34f8d0aaf?@7zXZ !#,xR] b2u jӫ`(y.b峼uIB-lOkIÝ2-NbmsU}/p֭\DpFYbvYƢZX,yN)̸tПk oHv7?p[叱xZo:7vP[i愓eڇpUxN= 3V(4ayA?|d!3O5WPrEVͩ@T\vA2"(k3 Oཎmt7^ٻu\ةNX7FFXݟ.knZM104WT0@y*C/nSm<\vuv r:H%S#u%LQe^B^Y]vL_nax$[Ͻ#6)ɟ&Gie46P[׹W(- kƋr/zzbȌ9Vr ,My*'y% ֖ acO[ HD:$HSdh$ƃF!8zox"T" 4AԠdM-!VQ!SՒIi|+ 5s~^~tesjW]a@K驲n/c-YJ.z4]qsfJPO# bkʪK.oN-P9{Qn-Gu~ }UW@G.dW(R wK\!2T,zh2 eP6Aٱ2  #01GnV{ *{4%P{J#,#z4`'E2E_@qa WJ/y-ȣ"#üKF_.U4\:y46k@JM ǼT[ƄCL跣lP& IoE/P>rOU)%Q O?p1q~[Z>$zJ48XD.=e^p7y83p=Av~aOQ21TM=8;||;vQGH¥vc ZB|pS}Ca=hWQV,Qay 8'c7gIp ; yI<ԛro sp\D^#|S {HF& ¨T 6"G6jbc If\>n\u l8U뛵P%06).RT):6V5͈PX֊7UΨ#W~+.ٺc){sv\9Y62 _KưA6jAaDm*KIHl^L "PpKޤRT} #>-,ѓFVNR)<~upE. ze0w,,VݐқCؿ0gUp83cz*DcrbsN<݈{O$*jEuzN,g>Z;%+4a1d/Kz\Wv(XP*icEԻɵQ>]e$ܺogsϛ_.On;p6oN3;nʅ=cPk|SwZgiEضWI[9i^7H]wɆ̹dBQRGR/$<ЅS|#RYp罠sY'B-!+jh`lJVOT#M|m+l ۉv#ԟG@d]#SPU6!OI_g6hvdt~RāMH)miyG>r+q erӿc_9;VDfuOsIߑ8#"AH?@B{P{(5d=KiCoy( }y%@L+sj/]g7r"QCͽ_0]`ܫ*x#]m",SяYHjfK?MP1q,k%I_~M wTЏӯ>:a5;K6bJ 1ssD*BCa# K; 8~ZUżm]P}Sԩn]Qk슩+X:M˰d~Dn5D7V_$-U9hށ + ټjL+bdu8u۵Τs< pij fi.\Sy=~W r%'P 0S~_[13Q"tFkّ>)!oX#>#]:e7X+=Eԟh1Hm>tl~kQ< k!NyVzCw-7*=$E5we^bvXRwvFNt"MXi&E (Ρ-77Vvpk}h cQg z[ςPO4>adHE7 mD+M?ރPSdc#2@Vv +7fI#=޿+`\R{)NY_ZFomd?+̝`횿1!W<&%87M3{ ҏ|7˷omIOEJZa PSJ,GT ("ub0|>|;nS]81+gR> 9b.[QJ[J ?F(+Z5RqZ"kzfy0'{Tav1/ QN: ;рA uW AMJD^PNPi;@'K W3~H%P%;Yc o6JI}II4B;?*{|)3eA!+_T/Y'HØvvUNkhafQ<Ӌ{Sddnqƅjp|ѓB 4>y0 KH#b \ܗ,MwZp-|)dC*N2`C x A^v]GEcTwz&E(- >}%7Lc_7op\i^Sc46:glGN@C\es]q 4 >QV)(JlRI֔@qr7i+Zi7vY#y! vf!cKy j$ $ eV5 t pQok H$+2kIQ ۪mqTM:IW4 eBݲ)"qkSmu\j/iD9ɉ~Juˬ,l@k+X>G?7qI)}r]N<@ٺX;pҝ.AL;(o Kɘ Yu:ĝO?4gbBgYREѴ&21PpԐ#Y$`1bK!ѩ=-n ?TP3dC!֐K-+"G7οdDحI7%ʼnZO/:(z\OVFn5H b _b BF^w9Pe;2~w; ӗ˲ aj+0eU1$Cw冝t0dc5^L› ua(R>(sk{dTՀ"tD0n;k"EUb(VEzc~8Fb~roK s- LPh-bf9r̽f)dɭʵd^*޴ $1Фn\{Z TklBrn&|\/ @wJ`3O~Lcn>EnPX=8OBj&|7헬6f}Ԅ#9O8&`θm>V-)c Ոb[5QǛixeO"-2>DqfYhа,ȁ U`\dB^6":+~X~,*ոRpzp!IٕGo31zDA<|k9U(=nHڧU{`y;|6@@nT|y{\)~!. ¶$7Jb4Dے_'ǔ*8]бqhm^X"w}[1/'se=H`eU+ݪ̂ax3t$.5t`WY \uO|*Ke2AQHXbĊ,%@z @Yh[RЛ*5y+*uBgk,R+ns}?;vX eDY6%=6]V+B3E$F3x2qo?u' <*Ŗ߲p-6&䏛Z :O5G}hћ|:.=(!&}Ư.6*59wot᭙Nz|dk^\5 wuza{FD}wQ#d.mK= y *0Lw۪$$x0vy,w Zϐ\Habh!?uPE]a}׭oGvZޭo:gB?# P̩+:]?b9O ֠m~{+A'+P՜e3 ĺpIªay/ *m[Gu̲ۢeû6ŷt0A+vw#? -NjVxK ݍz\θ>@bDj-Y 6-g9 WE:g4:WCʽu:9}\ PT3A4N/¡:-Ћ/Z0c~g17~<ԿQ:ju wcxAcdDaPDvM=w>`Rɵc|2Z e(=M @/& nMM]#Tn.ȓ\t:$5 Nڑ<-7MuբZNkl]"TPm {&ˢg__tΊ@oҐ]Q]T =Ś|BwHEW>,T+'sb^ot>{C'w9]E\vu|rݨ'k2ʹm([K2(2׬AXHLIϰ\"} 6 \h;D'+_"{FĎ.C7 q?8@9%5wLON4븿RLF!oGP96rtRL@oRGai:1DSBq8 :V(hWY~&^}TƔN"PGOVԏdAM_O|t:_XG̭0-=*s ]-"ԕ3=DRso={T3 񫹑34%o߿!⾐`KfIShD*yU)`Oe䱆f,iKF9yX:0A?<ގsL`*CnN?}}8kmLmRݷu[!߮" wmTJd~H` k%.kaoX [ 5gvS723 '59xs)uwQ#cI)WKVpZFQh6!5XG"gU=HZM²0)UOjnm:ޠT Hk@Ս#A?:Mr.ËQGt7c ̸õpG/f XE5]Ȇrn_)icש8܂U(Fgh ӕfh1t2\ ujtӰSއ#L3pESv꫅Jet^@-ORMd6%?Gd?Q,s1`Dݷ,? W Am`gJ|&er2>F]Ψ`NTO}oC͓NnϘAQqZ 75Δf-*H`{K&ELSBМơK*3 ]WRFO%{}yy)Pح}nz"Xf$3YqՀ!M&* XtiC w=3S@)xkkc'hQy ({BL!7S45 P6ߘ7^$-oZiR4_:HfF%&hfXO%ٜpva$\9%-%JEYN nCὸٳk, z?f`X_XDþ a{?Lf'4DVix__uwКʝ/;R$e;_( gFd~T4'3:sѽ3,jlYw]1`uwVmrTukr>VI"ZgR^}MڽcUT0v\]01iLHx`KQ-~:U{CNN~fh^K?l!W >.WiQ%QҚmG =av0cJ^Z~1ݭ1nUY8`5kKT^D׷,0p#`W nUW",U`QFb?Bj^I@$z ;* ږԴJG&'ѭ"@w8N LUC{rpZfI{xϪ&U!, *a#FJyh o$z'Q-+@Q^,Nsyo odav-ש Ԣ` o*q$Pńd&ȭ’w |Nf pehZU &؆G5>U19NuvouCDXsQelrDZ;'Qj\Ϲ@}M#9!Š厁,Z׍zNcH6i M#>&HCOi/l5|yTApi9~Cx) cez$hTRDuҬSb7+2VK5~,˿?⃰GRxS#⑌t2iҢ먖d~Ӏ"-hڢ/A Y*_B<ϕ# +ޙ%˧\5BDF7q-=t*W['ꀽ |,fMXBw[I!!gn].,H*ijt$+r7.浾Aa19QφZW3 KÈl6PD=_2>GVHWcc|_R?n(- Dqҹo21yUI.km[j>6տȓ]2 ONIz7gQ`Y;|5]4w,>nٷHZ"s3kBߑ7M"B;dJ{IB?=|6Y%%zmk]&Z&/?)/g{CV>x*k4\JlE#S3;z P ;2p6ĉf$" Y?U_tz:!V=Xq\]Z9I@Q3(_6Ƴkܸί0~U욛TNX TCV˗#N)S,$\e5{\:'t ;9 ff~DF&|,^0+9ßoD5t,,H\u% 8 -_ Sk㳞5۟ke㇜a<5^+@3mc-AmOu{/09S̆c W|\\aBFNL̅%n4d^ &H|KTe 81*+_אɹ~+̝NB>Sm|Ũ0pǟ} ֮ NocCipBV],6MV좨*lQe:zߎ쌮ܐ-Lh S*0zf扣 >m؛}D墻.{ UBklÃ",!|W8zeWw&Oˈqu"Gnl<}EQXCjnQQ7GYw~6gC1^rkPfYO:# {Q_A7~o DK^z#]4" }R⃒q tBb\V^vBT8$p) ݦ4bW#<=0?8vDZ[K&~j?rwe;_`݋"F4 *񂃡O'lkWg., ^SYa>K/G'S9Kk{vDBVt0Q1Mxc(;pt^FHv|Z?݆2:թI(I`EnŀC^`*$wȜ*6]P DMJ߃cʺhBQ+б*sЎbE wģNsY)w-/teRJ$: ",JHiJw/Olaz/-&©g$֪#dr!g^0Ysҁ ά ʇ촩ӜB*ZT4N4)gMQǖ#k}ˋPH':Uip@bٕ`jD\1INhV\zoQ&zT^3-4|4@Q",x4n-T=Iaf|c;uM9qPhi$l'vQf8=+|W#C^.7_%fpRKg>f).";^ 8֒#Aj ^$-EߜRƉB7wH:,|,6~o4VW%WKwR$Z|HgV~f%ZG:cd:Ju/Ctlauw|!!ؔ*[ NXnɮ#Tt2liCAά/r@DYcK.R2 d/VN4 ]NހdfʪFKJWR F&mj04[8Za?i ㄞOKuF"z.~ⱵVAJswЦ $}V٢'hk' %wb|Oyn&LwR%t7MכΓWpB(+k}^f:D#nDk")3g{ֳ}. )e0>v r -KHϟ3 !嶚4v׍6)cQC aCɤPb0c y](k3<YMJиzn .M';0VT!DwߝAV-vE+#U)mN8] )|l))++[Szl=M[ 3ۮC 4}ּ^=SGe<1䫵 TVINc{ B2LqΜ:}zI%oQrJC޳BOWϓ{ BV` ݁ q1 .cpy=WlKFbNIg%qb gu[3juqqWVB'o1T|# 4׽W0=dFNG`==dmf!] ,=є^-&@V*t>@ L`ZYxaчkg-p8h;A+Qa8${9ͬƔxzSBaكS^cG1>Jx.AۑF蹫R'vVY;jp]*)دzZ, {N E,55psIvye*|^S-JK^s4̫~Ŏ85 H!)90gaMm$bb"uӀqeD%]0POН d\TOwX,6z8b-v <a!7;.@ V\q >ʊzա9{PtO5;q@Y;f+zpCB(L<SniG #mx[ei v-n#N%#g_VBcVjVv GԠ9kKr_ *Qm\mWil֗mz1`A*Y&1]CqHu*dPMkP= I+Nz`%aG91=1ؑs~Q|mhsuJy{ỳtW#am%6|045ѾmY=ݜ*@j[8ХҽqF xYauZŠhTXMp] \O4G'5P8b5LΜ!?Z=Ǻ^n;DEW-,y78\p0u0oi/ 9-~3ɹld *y^y; a_=\{DnEiRDvٔzR8Q9*;5,EF[m[@_Un0=K?|Na+ /ҋ#vO=1kЌP4an}eu~ʘcE4xj%C Qc)n5z^ˤҽu׿]"(Z'STR> '^̃]*k{\Ap8t|%&Z3pP՜[ 0ݡDLrEzH@}^2ZA}Mx8AA7o ̎I FuA>4 f?ovN8V0]Yh=c+ :4j?鿔 ^F02C Ƥxi[qA"KwGb}C'A)5UIXl, hj|̥хYk0#I}dĐKsS\i OhcYiztUY7Cn j <{cM{`)o?%GiT#if<-"r }++*s!!]"$j ٯ8 mO/( [;鶸|a݆6,n {M]WC$KӃi~>)/wsfp^+-CEqUk~6cUHH"wVTs^F&xL>p@js˚`ÕxuŶ 0,F_ݫkIvCdOxJ+2p(Hy2_S<4\UPN}~2fp{` RߴS|!'dJ͇}Iv&._HW(_UfZK~Co:t!: aE3(Opi$/-/&w! L|a"\Ś>)<׏ˍ>is,̡]7+)2byUqzDPX~l(m}> RB5ͩkptf,^I>v̚"EcԤڹ^p74U@9N1:9JpH/Uɓ4Sj (38XN1Y6rQUdS+*./EýF쁘g]ܨ*Z`*C4[Dmsb% * 4௦Eno}rğ!fmޱ,j&=7kn@|'] +YVk\ agFKhSaS\o:c .*pon7.pK"ZlS߯}"A%6MuNq5" Wz #F+rPCJX$]Vnx$"7# @mfMgD 1^P~SV[Kl2GQv{Q!GDWlf.J.;k;&9{4Sۥ5Φ&yq]*~?0&`8`f9n~UU834ȫ.?[ բzϤ0 m|v' _, ۚs̨L;_E{6E &wmK.Yg@Sl*swHݞw~Uj ă9(+mqk b/JlkY˂\C*䐇>0YKʓy둈؉d-M̍pAC#vb\>l:C%{iՓamzϕ~k@VqP>7m^h }xaAuqS]>Bkٵdn4x%o3X*p`x _X9GغbG1h/b,.{~p^<1SUG&xI۳[YFU)L+QΈs:B\5{Opdro4dBxyp*ׂd 0҈닟<v D:L-pKp& řiz{jŪW3ԏgsxҎ3{t@+5kb^ M͕1 4Oe Q"Z`竝B"ەQ("a>oOInE<T _/ η@E Rz¿k"']f.8"z6k%SެǶd;²D5˺K@ GVt@p +qy"1{4FOiM؅= !YC"9_X`fA0x,TeE ~4d>p*i%D,, L\pCbAK&A(0b{Ш6C]{*$U9czuK+_dߍ(T+'U<(Mظ=RYARg߾Q)p4vdØKܒMk㻧~yDIZUi+CoO0dQ,5GڝM%%?dXSg!iZY7{F.0S[lip6G /B~ŜA\_}:v1"ǟ1ϖ;/QceyBR"2vk2އC c锪|x'aT)O=FT]qnW5n;c )g.fK.$]+g ZoTAՍ 1Ec:c6~ƣbQ%'{~8dAc׆dvyw` BG^TPJ7  *Q(~^E=`~2aYeWWw{F y0s6}<91Bq4=%R]1{ͦ>-a|o"V+*Ź3<6 x˹,ZÚ`; |x&KSN!UK|[C|DvDA{+6lĆiV(*ཥX#wѴ޼챶4h\ /l9rBw)#']wq nX/yׯ)y^Ubc5NH27DUVVf~]g<#'YrXHGG eF/ ^c+%R(ǻưCHt3epJE؟"Ay5"闃@!0xL :}lXgT-:U7A ]3+qWǧ7W0v DCM6B@q:{ GsOlΖ[ g1EHϔQ BH%_R8toH_{)&9`\^\p'hBx.9jbvbuDpa]~pEZ:d vr5a3%|MR4XƪOP@ M{ D)TM%ߌ9(*]I\f8s5swp@pk2wG1"(ڛD%zC}o% =bJڅ0bO8PjKѢ9JMɇTSs3P6ͽ5M ,H@-36k$z+ߊӟ:9^IsP^ ZsESgBQ<ÉmI\ϳ4R'ZY;%3徒,ås9]RM6e/9%gTO92̲pU`DS@-dMcK@X%0!0éƕ1[uȞ0f Su?dϽː$6E-:g.%4h|4e}gJc$72O? auQ]-_M>bBTu IL$\k E6ozZ|7j=W6r<@&s/eȺ_u<ͥ˸2Zu|\\4r9EӔ^&BgqYCp˦m7 *DJjT6OC1M)D[֝@ 3ˡ(%c3~i wR\dbM] XAȝ"  oiaIeͰ]p!c^,?1T!ПݱdJ+8 &՜fEјA;7`LW&X"zU% tƎPUYӇ8t") NQ[IkZ$7X N|2r Gn~>0p'ڜ3g ˳haFR[q.cN^\M_ GO2̖5=hy g7Y՜Vx3.*s6uXwcby;Jk¥odi.;(\=7*|aK4f-/(zN!}Z,\z~7K?J@h9va2f9y%wLYфQgp (U%/;~&ұu:'і^%\7 ԹcvSqq莩PTM7&- R"ap4 z/|PUQq>㘐s/1T-[]  -s.Z0ֽTU ݍe*зٯ@`~vg浳KoTNl\_*# U̼͔%3`#vo1(|S/f8O_*t6J34O&y"ƨnj}Jk&#lC{.O!;bI_<_/l]h8mWTwNWi((RM#FizN>1K6A)䛑P;֡DO h‰f5-[w*O?Q0S9d.EN#ZE7 hb9J]1W\@I-5[A'n&wU)8`RCcz[ Tu  Yp$K<gY~?[V\;NR8-ػI4o>kLMb: ]\LH?gWnx%aZXn*QruಱC w6Uɼu|zER'Ht.=R  AkzG6ZmiP<r5 DP>q:5G^D6Xu]{"QmItR}8pKǒUwz56^5Oދ+j)GLLB tb4te0# VÄ+os2t(U7RRԖ-ޒO|D}Kcj(# oYiXd ÖE_CXùvQsN۾ }S[ërܢ|=b1$Bs{t}&JpHQK,CsMˋNdj2*~?ԉAMF,#; \hVՀήN7mq\`=3xc.ǫKp_< \Mn?i =l8xN jH6D➕gJ'FlVcd6p64nFJkn+ n#gPI,/-E$jz%kC'%ܣCDqF3m{hbDB;ը 肹} Uz3Vo:$u.}q>Jm_aН8R o U/I͑NtRΫɯ [OK&]eχtJ#)kf#jk5 rp@tx/Qsʏh ,cOmm EŠp}DfeiZS#ݮ\/4>5t}ey9=U}]Y.LP Sbl-p R$'?Mkڒ难_(OYC UFGF[8 M>?8L,+1YRu"s6F)^k|T9bi:\psugtl_p$DU5ҹ1#xy_BƑ07aP(E )ڬM7ȵެuEua8:e!XgX'Y6b Zkinj#Vt<]-ϭTwNzNJ;3f%i1[ K ^&hDZH.)YI4K)LQHεy_ЙR%3؋]jZ>lɓ /IIFWQ%@r [$I*@~Tg2a8:pkB,>tAxPHTj6,aCXT١؁9mxFf)5a5?58b])&&Q#oIn>CsgfV>aUZ:$)/u{BAmxzI{wbMSRL3<$<5P=>(('I#)䏚|ư>l\!Qwj%N󑙤uz0Ig񴃗;XC[\AY'KX,d!:ޔWO E-آyL21N$f d>0`KZb R^xŪ5Kavs7:&_- $ogޥ7 wkkNh[ u6adkǾ[KnyԺxmDY O~'T-\l/r k‡P_Tv$,? pb;r_p`n<0C y0_tSjq@P)cD޸ozf:#H/{4ă`G$L| 5ӥ52d4ZPwG(J@"lYX춺Ć[cK{+u*BT@2+fD}X&->Sۧ.C rSSyմe/t&I"LD7/^U*8U2c+U$ž((I@؊(0 !Bf@*>VR(f=gw4R NW=ǃkC&mRՍڊWs\.R$v&>j#O1 yPeS9AiOR+`%E6Ĵ8tBo՟.rt-7{oZz,#GQo )fɉpGe,> ZxCڹ#[&E7 bGN˘6š:_ ⓗwKƅA;xh SU` 6|JaL,I (`4 z'\_uM)/u _;Ζ޽A) $#%¾dO)w/-(#p@KM¢q"D.c,)X}ѝ;x%cz*wt n7vXDH* kBM5G# g i7EIkLSJ4@dy㝭Wfqv@S׷oRa( *j:\Jy,cqg>#⋥01ץ~ m&˖֭Et+9K\Me إEuلuCSל‹F }5 2V2RAM?3.cu,DK7HQPZ2WL[۶߽Thr^"n/Ř|HWp>/Ȯ[L 37fe KYF:FAy?Q]ODؼ3-4Y0,J' [Gs^/2ŎgMc` rdx*L'1<1|{&Nfsbd5A,|*qI N|"ɤ:SxsϣHc}UKzz{.ְ@XQ:MFY"fB=\-QX)cr)]*b%mJ,=Bp' "BkmM^(yWV?<ǝz$ X?A@o! w$'#~(DXP?7Q,6%Cs9PmQr <5&~烀Nw[j9( NR,0J SvFOT|7ZGp!kiw(o<$^7s<ճUl56k3Y2r{ּB%?CQLkL,ӗcw^ O/*n>~Zr/GSkY;V#1̼b] 4-PqaM]߂"4Q;$Oq%j=*#Y* i]# ;ChT)&ꇄPH d鵽EO':{ʆuz A4ŖF@k nɚU5)Bh1^:Z˔Е9gZyg NXVp[+yĞ Z56hGVEC.0Sj|s&yXG^!4=&HzGդ_ \#p\j[Ծ#2a)drT2hҎFCO&WV]-'8ܩcyD-{.iK+d&UswMmI "Pu3ofZx' ¯ԃ=eWp(~/ *Ŀ,X*{h"X!IAF86Ȍ7WcWSfwl x  <S. bJ<ۜZ8R9?f&8kWQQibɍdٽhK0$;IqE>&'T onE*c454SLRLQH!ona`1YS!. ' )69ʿ-BvqP'"aʱ-j]Ԍ 7 y !0 "W[tfnIe1b؞Yʄi vV3zLZi2^>^ W (Jx;Tx%gA]UewlgO t\8^@R ^wWobOFIbkӀ&``h>J }JK?w/0,HMsP^?l;iďSf,?zxjL}R\c{=E=k0RmBnr YߖN[2=OUlvې]!/ ^خ946iM.u}7Bl(\mMpGt]x/aTp˂1gVU/-Q#X~7$=Y#%QقEa]B*~FY_NJs.}2!Rvz>c^Om縒JYg}3RCRZ~eR芫QhѰ;G0wc5nN.u4z&1tJE Q4J>0.}|*;h򍋳ʕz &>@K(wgPwe-bV4pYB%ԏKA{+“_6nHJ&G P_.=yHG9;Cerq d>YWgrFG̰ DJf!ޫh fR~ds۠5[=v>_Re?~cTśVmGg7:VLʊ8ZAw;$ʏQG+VcKn)GC=N<0L!r.Ox1;H! 5Ee{]=. ߤ[UG47dpg A0FV{fh LO+Ldt`+/1(߱RbMufoBTFn p,wLD3>4wH "<,fq72nZaxg' 嗗7?^y+[ZE8'=k& rXwof6Xɋ^}R}Z>NDvUSh_$i]V9][!pÕp௖՘vm_2W+if*plPiQ|E^TP%X{бr4,UH;t@'|ЀkþN\tE8g[^C( KgBd] >ibTן$ް5Q~ _{A4MG_Ź:pW6-W3" |^耆DƳrL]\ |30*-P+f)@YXp6s O?Ope_CB UEWĤ26ife1_f Ƶk00=ѨG`U4Q=R`9Q{0¿Df"x*Hm 8rx  U,[PC3PHq+מ3P7q/'EaQ=Ar17!^t!C yZ=MX:1'1%6"Jgt`q3Fyb}n;Ĉl28Y!9nWRa0@K&TS2liІ6H֋N8# j(Xss'GZ;}e㙮JܻǷl?Lyםp 3n{tSNJ?}?s#5g+%yo%9{dI]S5pG Ÿj8zC*u>*jqӼՇz3lSĩ 8Tgň?Kz#I[ JD54*xڜ4h(!8h@aS`(Yhg|,EZ.M̬Fd@^ಟ۶N"SEqN{]x'ދI;md^GP\y&}D!qw )c։xr. &~GBJa*f8{>IPS=)`E"!x|VT'}H !sw9oeS?kxP]aY^ jkịۯPgH现Qgk UT 2})$~"k:l'#"k#&%ߺR Ze |",e |#*'l#:(t6JkMl.\ 4[<P MGGOUɡHZp3g26驘FK_U%26QpiwZфaI13^;%d;Ӣ`q!@f }y.ODtYu,)3"mV\s%Jvi_-`c/֑N%s(#' qdY!'AI[2f[.5$<!.[ 쿔iW<։m: bwsNNq/z pŘW{jzDF =OQֿªyT_םt,ZqktovWѣL-p0P1I+˷6jp*rڪe"b$IǮK yR?Ԋ<,[^(-~(@tG;vw`ZF+3HG[֐0IjO}FJ[5-!ȨK[O\@q  CPf֓#p"-M`KEeYlW~"TnX,RKbUΎfXC+_ԛ+mJA\Hlj#"NHfbOa nh1Wv;\Tg(13b +Q}32øi$}xP1 cmDiɝ%v2ϔQV߉~h<}R }lxGSΣȰ{;FBH KOմ;*`8_ND/^G >C ^@Ev׏4;Yd(@a m[oC-\{e#B~;dZX%H s^ѾF3f9u -ޞ'n}SzVŽN㍱pY5't]j#iITSڜ ,17v2NxR2}&er5zl>"%z 2e: ,{ui^):l_R#~ Snߟ !¾r1%k%Նh}gqU c%KďuT^b˨,imF4ڪF>)*sŪߢqҏ9NPTK^)ɶ+\@JB&2IܵYn~:o ¦ Mu`XF7FM"ەN2%I]dS4SϵPsRBb&ž,CTʳg[>:5V@~zCr>Xњg,QьHn0yFJ zZ&AxFlLm ӽZ|Jf4,>Ҙef`8VJ<՟"dŞ/ǭ R61)𗳒*U `N9!ԪDhe#+/)^p/p:TrQ`&HEUaQ di {)OyH9YZ:]SZ"a[ wܑ.-JC3Wj mRfR9?%H]h`4V]2q]}ډFFO&~PGc)ߧ0nQu(iNCm HiNQ^uT}QilY=6?T#Zpnl"8s|rubw@XJ`F{E)15FVep}f+A>:wwe0XsK:aT0NAgVD1bPZX8@7G 7|>F IVLK:{/$Xk!{0Ld(I@Q\ߚT&kvmF(ak͟j;y.Ԋ*rmレ|wDjYeH6 T9#Z[_JsܡފwdOB0`b@jvE~,L!V*cGy1qg̠p"C0p/փV8*_]eUN6)wc4`XU]efQAlM`x [ %_3]fk u!$Uظv-"(e@qq/~0?t5ܔo6sQUwJ/&x4;nVT-t!qd9y]QGU#"ТYF (a 6D43hvgJډmoU/&tϕ`\)|2_dأm~7A?+^tWE&s1YqSÕ6-0Ma4L%w0Qӧ;p0CՅ/s]K0km! B@Vh>"Qַ+~+o?3ʺރ]q;+B uzCNt&Y4V @v]{! Qz:N:;x$W6Oig!#&k9o;[]< .BĊdNm*{kj8#RR \&ֱ" 4RȌ 1wZ|_ qmkITM*nJi&.a 9+φDF#CÊv Ҋ>_Im>/ܣ#4d )%Yr+ ʻR1FFtz*'*+]N37tO/X-]:/׸bZq>e͝C̨Q *]46 P\W= לsa-rp蒼Kr.\X8wo+EU8C=TN9gu9kC'+U#!V뺸n)P`¬! s+e&M v&c=^Cc'oi:[;ծx^cH4ܖ^3-0]qGL`j-LjȌQ310kיokrz"۟`(frSc_HrxG_ID{hPo2ظb'=,#ԓʹCaI3Β{cTʦe4rw݇N:.S+ Bs[ő6.lTx\LbpLv wc0(䉲x`碳~$p3 {ĒmҒ(W+cYPae|oU\ cP0ЂOO]'-wH*7,I )j3yҼ]b^gĦg-q1ٓ٭{+%5&߲[LKX0+}x_7*#gOǼU?\ja #TQd0.͹Cym>}} "SܔbN18{D&Y`hMZ kj7:(~[([ia=Km5?U6 Bx5HsKkeӥjf*W0)vnr|%L),*$P =J3Бt)kĄ~vĵ@VĎi-)1Vz&U\|eH2*_IIg.`: JB{]`i+!p5"EP=Md0ԡ̯Rŕ_Q%-dڷEr=v̄kX0B[e=dr)!lQ:y:uL6"f~pp墟C->#`;#6n6pSMi)Ociow gd\' sM79_V z|WaAn+Ki\M?BcHn';\q&L;YTeQ~ߨBnA۔;qeΆE,Ɣ|K =&xkn;OLea*bz*!2 9܃ -+]n1NS?x!R'ܸn82~0󬔲~ˌ_- Χ"sq[L3WD['X< _ h]_ ̿J%*$ 5WqOdD|sHXZ2dUӮA)^ZE\"`Im/$#69P4#JCMpdR:TL/Wip-ULS65!jB>@۠e԰ޟ+WXq|Yq{1 8ϞVy㲔#6ݝ8L3FR!7{S88 Ki+x"XSɬ# _gk|ߧW-lEWJT4JtkH@NG=EO*G[#7eU7-1Yy2OF7zHj&بcT?sxS3UbϦM8`]43j mj"c*}1Qq_Ѱl~j GMfC4w,>?6Aޫ "'Vttsrjl5乔k&eۃ/PP2ջ|^9dm$;Q3㗟^E`Ik 8Nىd$sm tK/Bz(`~"g޸paQC䇚vUj"!W(O6G p*qޭZs!8{׹꽓;/] bг,vS(w-mO, $ON$BjO&!W'g2|HBsODlܨt7da~A@wGdH^Kך,c+HnbiVQ_8J`\ffGqJ"=BDMT3蒍F(r$NGpjBNz_mdiDMC/M B5${*\oNO]sJF" 'I^"Qkim nγ-6yCWؐxf-UzX{[xf:WrS_KS-'8׆ܝ?"gλCZiIO=Lu80jF]ckRg"f8S7)^uwz3.ZI& 9GqXJش}B17ho;視~uI*PCc v&H+vrI(O:Z dJjTRẗ́-O1, rqEu̫! Us07=ةS 6?[0gs@G҉ 'kNDY d%;)x6MC="8њMM+y< x0"VĉXO8CD ׄb!H1ЦRݾ4g]:0y(KCRR ,4k[2CbsYyFZ[w5Oz\?Вk \6fݔ bw0eqATԏw60jIXEga6% X !) ,Eʤ1(ȔR;C@S:FxhtoV,SiMl+"?dX2*o?OJ$)H,=a ;/70$gMĹGibQ9p>h&oƉ̖ _h(/W][$ i4k lRrr6{zdw\Џ)8[?tCQ O"pYNwj~^S}3 ZM:;B;iH云2-v^Uv"B39}!9&Aj,U٬$IEF.37{K̀:'a(,HjY WI(ZXwղ HEJJӅ퐒ۧ*j=(3E41b܍~p)L\ o?/L}se^Vz4ůsrgAK1,f޶K w+_3AĽ` ^S785@/ǎXү*v#DM /z_ X.lBc܅L)[Ԝ!lFv,aTTWyLn(͏WM,01TjϭFU 9?WR4%u>K@8:<+cK١)93832t۾QH@Q/Nk!Sn\Edk-*x\ =BG], f "~[DW^0Y^1TN&nc{T')>GXXs;LqEv΂:?X8&Y\ܵ1qp{~ DymNQE7uɼ"mO+0J@};5 U/}S dJـy`3u(ujtb5W ~Z2vXB&08#E]BvƔp1 %gږ "3W<и,H9--##mH.5m'^>:f_+93G%mQe~_> ^.D;֘R[a$}kh cfz\aRm!h)dQe=o -9Op%ts T'qMR:#+*X)xT#2:5t:(: K3pHċ _)9SGUu \;n/mB< px1dX,T6o 㼇^߽g_:O:GUyKMVf|w&J#)4٨;gxӟq UH.vl jlV`cv@E\oF_v֡gy$n^>GQKZӒ ԃEa&Q7TZx"qc%Xj, 7ʑMi “hX&|*}1 9pE DkW XY+sbx~CWR\/؄nV@{D<(wʴ@ 1Th`uyjC-`Q<W><~^`.'&]C68Ug5QZV`~IL j9s4~s~8h,R#=Up[?)y`1J̰;ANz~38x%xr ?ɔ?Ͼ߇;z&b7yqs895аZ۴g!Q_˾ Rݤ舷*-t,MhXU?[KӤ B4R_W[[|}Réagsb,Kp/bη{zR6f-qݣϚz %r/ wE iyi,{{>cȌˤu/1o& .- !)krC.VQg a-?[s%bg eۈ2UR\ )VTÊ{I?arj-8(XǸ9f.ks #Z)ӘԮ of {44x( )ƏBU }?;.A= )b46k՚x'2)ۭiZ';A_,r2³bx[0pMN|L^juPkό Diֿ^iꈄ)pe0FNsh}e5#D>A}b;޼  ,MMIg:-I=_ *KЦ/ca4Oj,QhZq2jz(`v\=nL"(TL1QjiʟCӧŽ~#ad_OJ'XDmy&m,yux1B,"{[$ZJB"vTDF2hϾ访[r]+7OMK5e 1-pIz_mgBl $>¨yе-c"dQjMئQRj|-ѱԇT5 /i]&g-"(M2jKuiK\5]ˣL5{C'懳4Oo?]ZڄI,~"%Iݸ$è.uF\:d#~)gߧE1wuPiwLD)饢 !9Fd1S-;*.UqMW~8>l$, ,r8]S/6kZJ NA>]+A9kԤG128P]ZilۯI9Fwb%.-`.rL.Gߒ(N= 'C8$ߒ#iITVOS^u+.D+^a:*/{KNRq=rHql_|#f<ӳw':B_b#!0b<Vv7_ mDzt)mL<1Fz/Ƕ5tY'AڏB+_i-O{(TB=s'Nf4d+rz3:P`n64%TiT@y8+\-?veD3NmhÑ<#u!>2,8 X1EkJ|G|[ :Uo8q색V2'}HF k+4Lhm\svhA3,Lج^tnl=r|TlNW{> Ĥݯq~se¤jٸ -=մGkS?Թ vW2p9ڬ|.⢋pї{(0;7FZNp -ܯ" $bK#<#C==I&304x犮qă*+uw$*,M6;{ r$ 9:w1֪vM@0iP?=\Fz/vNv䃿Z 7A0g+S鸶ZTGp8ql<X_LFSlp ~l3Vh#Yl-dҠnZC{-QHlS9iWͷ t4xfiˣh‘5scZ(6ӽdT$Q|ш}PdX5 ޓʌ1Q)$ 40'`E29e;cKgǍ KļP<ш\y?]vK; 0ܦ j)DqEpAIsDwtg>U3AcS ўz^&:Y6.ҋ;17d[]c2l߷ڵ2Bg,dA@6`=xav,򾴙w${MQ@+\g^AT$&JkL.P 58YϘSղ` ]WVK3f߷}tWC$@ fR9tz2WÈ\*č[`r-0Gτ}4y=on7-Ӱ;˫Jw5g^ȭ;h 3Z4@چN8O٧Ih{:^ww>uCݭ[\T1TCw 3G;UTAE{V\W32` ?$~m + (j{pT/NޙpUjl ;>e+ezƐA A #~5x6R oZrĪ]M}=DIo);k.ާtL9k9:LB[팆g Ŭࠚoc,[,oKSnjBʣ#l@႟^id[U_7着kUGa}! NT$daRRK뫨ކp ΍Fǚ6/z'D,N(P<Mdr;tǒE{Y5KrBBPW#1KJzDyz*%Y.+YQkl)LD Ů޲#&(2x-Kes&nN 12Ȋe b$aUn8O`ܯ0W')x{ j5c暼/a?Aμ mo}]n)/x{wӵ1Y*39D8Yܟ9-@s_?cUטꯪI?0#NH}<ДsP)yyI.CT$$̓ ?(',7R{е0> ǒLveLaɍ[ VH&XuUQ j1Vm#hCкHK4@Ql r dL Р[K۔5[0D xv,>(zaeoFyH,S{Ҫ 5ҦԦT?aTx4rMu@yX1<hQnmb`pDULGGg,#:+SH\^&[ʛj Brv{ Hp $ t0{LHXĖ8*`;CѼO#pX ;-51Yi ,ŨXfRj\{ƋUMz :lKIjӇ7,=fA)I= ^.U(Oj!i3a7$VHp7CQ'3 9jЌX0t=*L tQ{禑Pv45kr/mtp—HCn"!.sjAe+C()`e#*R6:VKV5>~[Uӛ.]r8@nk_IU#vT<$haܩ; ~%qD/kK07&>S/7Q1'(Napc{[1c*;Ì\Џ\q7%SśXĚ[A}iO':Aʈ5 RE ʪNX [dj}!9MjmmDr_ִí&s@"_]ֆ8z]&¯(P kGsIu^:X@sn4z 1rf A 38>[ly@0[+Yڅ׎b|xbh|HYp [1TNUԀ@W/<@TBcAeNԫ1K Ll}=7tO҉Aꮌij9\ÉWG2?_3q 0(k8 rQ39LtzW/ Qw4#sZ\tØ *gd5W҄(po! xG:_nUCI<jDYPbvաq `9vdܐ>2NŌh+13݆\{熇f L' Fofg̺Ψ*mx? +KLP|[-z@}dAd}Go}7]nV' #"@2a~ıQIguıeVF9x _(G6Q:at%8"yCid.xǃ2Xə7zv 0 !gBzyi]wB&vKIE'eO%nʫߌ g։nf)]C?c[8Q%2Y"9'$s vN39țp%.$z$Jp"uxZU +ͤPEԡ$e RGҙaTJ3wT.|5 kȆ|%ťct7t[-tK[P\ۗMi;y1/N\O0Ν%{Y)t؁`,vxsw_=csDU,ᜀg0)- {jBrq#NFhV &ݝe0}󒛋y಩ZCM`B aمgcSNɄXݨ2CdnH[nUaj 4t;~r1Q"))΢2;R&ɯb^tZ=gcUC{mmSEnUB7tfܞ07Xb3KS;{Jf;ht+OǎN9 AfVXc8.>@lmp-'SyJt1{%%\UU2{y_0 3GgڙF ,Klept1Y6vEZIhY,4 T8^0暊̌g/OEnO&E^f-%%܀R.,C9U*[ DMEri=צ#FY~]T6ǹq?r:Z"fPX5 c:m," , R{1U 1S(q9vgY(-7>pXo ŒGMA]jNQ3x꺪p5#|тÁ%"a;e BiA6P9#3s"ǯIMEGWQ,ÏewKu3~w5[ J]z< uypDޜ=a8&|jJ&Knㆤ`,{?.sFO ⍈)> :ifѵuJ)Grc&QSN>V D[ MŰ/@[G2iF=7Elр+nyNT\e=N}l'4!OdBL4[toDO^9{i= ye*)%sXEdĽ:YXR,UB"&'&mOZC$LS .y?Bb"z sS/P-d,0 4bo8M %`CfQ3B"h_PnxO `2_Nw}E5)Akk${[>+9z{A4{sEU3.V?yxU!R'"60E c)U.C RaϢK;.eh< Q!$?]K'ӉxsPR|!&/r4 !H\ޚ7^vR|=RNJʍj|V‚Jd±?lGQyfFwJtM~qoZЪN}(TwбјJPzO|{{s[r.UC'Av\R ooWah ~5~LFT^jFY4FD-Ү,z==Vrz*.DNfY)(s*r&&!"n(ZթNa6ۺS,WОbhs};0(] !}N552D;/cnr :MƁ/PP r+|IC\Osf es~,FW zB' O}y2G;9Z^RBay!!1F庍"k3M*MT & ( iA)hE#.޳@/D9qͼ'+2m^u7_*4BnL]PwV&a{˂KFv%|Ւ:+EèRxC4F)?>4G↉jؕ,8xKt2? ٤5?_r2w/?>up=bmT aF$; I[J~7d"PtnQ0Q\ ZwiOjpY6ާad_W̔Y)ћ۴(T(OJ4YP*[%˶x)! xvrvnu9Ak<>BM_H-=OcyphR!ϣ->8hψK|n+)ޭW޽x?:#׍ϭRj$u]Mr|I6§v^(Egyj بcۈE"6ӐZ'up.y3GwEJ(J%9i\}{(eikwbB4KH;ܥ6õAΉ"h)aDe)M22KFi8MT$/ z8KOG~ԯ%,xaFFVBz3B^Mpɣ8n̑XN@MHuE8,o߮-R: (XWvBFAN(hi6OЮڠ,:mC@vAYXrL17&V襾+~Ƽx,g,4T4ڠ\5Q4FLh:5@{_羷ɽLA#]rH栝\1yfeZ-2!ꤎZ$ UEeto 0iYm׭vr=J.v`3Ѐ{k_N |ݴMD.jXfBcIwxE0;0%y<  cnR/s6@;R0/'2vԎxk26NS? [;4+Hٶw:53U5 q 3کsGf 3__BO{q1SU8)@%h DJ Liwwh lGiIVfMS-E$rSdNjdI!Yo*1h `mWy--z|i 0tmn=*>t֝iQ{'NrEӏ;o`0֗HXGtxJ72pl&FRUa  ]w]+)<@`R:cpC)Z;3;v.K)K/1t8}o XOUN V|Y=SjpQyH+S2~**Ra.BR} no=b4Ckb-(إpZ sTˁvJ>yNtYZ%3'S!P&&0Aaw;MDR>?Xk;gv9\*YT~b?w>'=AUj-KcJOZK}嫵ڄԚ\,-Yb 25C7 =/G,s ¦~6Zd]ȫZ>YU+A o6n"ϷWzDx~ vf ]XZuv9Otv'3FF}ɕ0KQ"sä)O9-sdH=z"> tȃ{FMcbA P3>xS}z/KU˻=!g»ƚAVשּׂK쀐mXC To3֜T(w6 ҏ'gbg?>W~Jdv,8~XFI ՠ;i9 enP,*ժBf+3\Fr#nxƫB{G?Wr/b) ԖŮGQ#TzޕJ$N+6ǴG:N"32 ]~7#(mfIޗ|17CJ^2W=uGҹv4ޟ s$`BPU䷮ܹt9DG-pB&0uʄޡuNRx799A6 *6*ʥD"sX `>TF>0)Zd#:;Vs9a!˰?r`P?\S'QGUzuL!˩G =GAېm?Uws`OD7@D*:LYSMg/i+m|.]>gI䅻Bh{U@es_v_I76[ho OKg6n?^dW5= <8k1^ (q ?Azem)NxK!R7|2<0:Wb[JI4>>ԁU43|˸KV /IgV7%dAl,FB]bX_+ ;n&P- x 㥳1–)>XyYo̕yE -9%Usj`oMdp İsFHRt\+;[kLBw3D94r^sCowGS9`nմ$8P _o*,H) ۝jlݗ4~QvJ؃onDJd]#Iwkb_Sӗd{"9mQXUZL rByBIo 3fG"^e{s;2~WɹF=O<+6,Nq2IlxM,R4>dEM$!e2F/ިԗ%5 4?Ɵۗqk3ײ5 7-ϣhy7;UZ'ʇ{$;mW}PqR_!g06ڤةY-JݤJRM@Lo^YkꐖN0@9'-!jTe]l_Q IvP? P) FofaʵhRsB~AͶ19†{/]T2D~1(HR<[BG>v cψUQߨw`FaVٌ{a}\&P1`rT=3O$W?Ɔ?GYeehD["h*&$}r *Oq +$VE٤MnB~z6A%(Kz#jw15鞒sss${~qiX_G;U>meezo,'@= |?A]=31w !2FZ"p _kC9p O{Oz#;<g_9䢂1rkP1gҪ}dWrc{_N a9ػFI+˨a~™Zl?3p SVGI'Ql B"0+*kR ·gDŽWQ=Q m<X ҹ&!hr۽ȏY(S|g dn3b f(Xȩ6VRyf8%Pԟ(q)p4Re͒%`N#oy!t:U9=d)yM|UO[*1Q|ĉjHλ)4^ދSK~Ih*vޭ|1@y_,9V>q3G'SVi*-Sy;[ L}e(C/TQ =$~-\A;& 6v ~VaRk[ c(Q<ІyشG:<0Y}`U"@I- :n!(b+QKxrd ,vd`2KfO}/sv0ui㇠- Oo5)5zQOL^z Q'*5t%,w/q^"u{( X)gxKq/;V\@ـocB3<~jSGO&ǬP,L ǖ7_!/ŋė4@$#+2u{Pwѫ+[6wV^]| ā*6{]pt7hJF>:ߋntñީ&*)WB7!m A$wPWݢ43B`}b m\^3&E|o.03Q=q9BVoک1U!W9vnMW)bn5҅ Y!l<:B`# /t9*) G³![h+>p XYPq.դw$Lͻuߧ׊][$y!6ͅbV )o[Bif#a]cټNw2g'GwLJ#27i=De5HwEeQO?D7 G~q!ᭃ8@`\ k&yEF_$51ghmHq2.7ojx}u?:eD \PȠ%'{6h:n+ɻT귚7/`!~*qUo-vN6  f@A9T.$zm" x2QnvuZ. Wlb:036\DƉ LI)O2鬇%ө5:P1-3~$#Jxœ P:>@ѲlzmYS+&UF0S _ ĺ:V߼~?݉dwDޙg̬qwۯJ.gra90<hBPǵOJ+,$8p;6ew<͆u 5үfp*gS,/6QF3nD @J[1ʥ h/:;]C9PG6PE2xçU-): O44sizО#34>"`$ݞ;yٽ t6᥀;4,nb=k,/2v_3_Yr٥dE9j0vlL/_Xs[Jy;;>lۘs=tj,!([F)w?D,Rъ)o=!)p*6Ӥ)ӝ}#xN$n5\v ,_^JOqŃ9v>R(lOY+׵vTQTe {[{*(eD:%^;4 FhD*Dlk<Ţij"Y<<$O091r2'2҃}OޛyAax+#+"V <Ȳ ;ygPۀqp\7D=Cim{c(қv Yd5c wZ (U]q+G7`޶p/2&&sE$^~ íOi&q{tgÝI17\T9=1qN4prY"Q pl0B2K2Qdݵ8DML&DD$oI^K5IƏCtq3{ryІ ȝam'qԟ5p7{qspߞg(J|n09N%*RS5S|0ҒLcۼŁnp *2ļuEؘ71/o*f`@bt:yJsW86FWaJKW'8\fQmts Nmvv#A܋{QvEbQ/qs*U-HwG,Ꮤ4Y >(;+Z1RVMO WK&hf4 绠H!cS.uH2!K"MH&A^iߦLcwj9jGg8B)I<\Y}40hJJ#a}$Q^D+-ϤB|ϡwZ n}H+;mhED#f涑y^,eqfF%>Q?nh Si0[dZGLNj`h U &-W.%k R#| :<NKfIl/b4,MKR")6Dr'v?]5f AE?)X %Lw?8΁fq>\'^] "LhoJւ/U|u_oSa&aUi <.]uBq Wɦ~pDU@9 bGFԶ[|ZlAL/4ƞdڣC{Ő_]$oS25{˶oҩ^2._qtWьZ^C@go0.GֹR1@쇜N3 N2;b#[Ƃd")kԇ&yj2P /Vqwsky"U k.Naަ n1U~|%z%MQe*N&ZQ۷+c) PWi_AhhAoLOX #ܥof;b`UCP`g=Vgd]Fps:+=/My@M.~%U篵4^RLo)Mߩ71lfv>x WHF;fJkA,2ҙL.bJ҃Z$O۫f8^,|ǝ}ھL%C:sjUQ}U T ͏dCR%(wagEWp.6*ܭǿ/sӱVbGV|Z|75 i|J'uhgf쭂Œw韟xDG<;N7qvGOsUS$'jE*!@+H\ҐըrRTHKX0x)m`esd .u5<#~$2}.- 0-d[Vd<D1HmKcTQuaUO6js-SjӁ#M^v*x UN,}g0ef%*5U3#%b ;/glI&<M$)VmF/AQ[R>9,z ; Tpɂ׃^bbѲad%t) XO) <䦩go M2 k2't-h^ϲΞ&it6IZbE&H7)5Eswf^vGgٗDsg?ԩTZ 9[Ԩ^;B>h^TذĦ@i/N7`Ee8]79!z9_mb; RM`jJ7nA05mýkbɥ^HEmBʴ?U_3?> "y'I }F38k\|^2c 뙁[[/0̥U~; X&wJ>:@zd9LaX[7Gߧ,o }ZݓEt3>V0/؝jEk2Kin$h(;'{Lo-@W@4'`QJ8ɦ[fl-YqQշ Ƒ`1y؝.W^פTk=hz6$Gꯆ.,ɵey/LeC<܉Mkv9ڕT6 C,1)\ubsf䟆p6_rd?P(-{=zEs0*; BhP]IiPUɔI"qI;G-r})f=t8@ \}`nE=C o]3 FrQ`8+! +8^)x,NEԲa=Ӗs;9x \ܭrdyڲ^Fu!󎢼- IK}e3?xY;ke>tL8$p5_n |Xu?Jo(Ăc?odg[ Q{Me+W 'GH{IA;}((}jjvU}Mb C +U45ŭ*a a %l xO>BLʬldO/r0jd8'ϡߦ,7a~w R]CSwM\Id:UJvO+X`M[n-DʶIpjL 9=ᕢũuo]N~_A=ceULT+ -܆ڈYb{`җ*̽ib7ueje#+|3KiA>s"FaGTqTUWI7 u!FqǓTԣ Mh>eIOe/g|ӛ& hF+J܎E[(q44;XCxmlݶU#h*F7@aq~#K$?X4-0 ticW]rsv63d%+#LK.%|>"SԵ qOCu&s|@*Ӈ";xF* \eF:ba#K_kdE^2iG thqλ>Qz4gw|膡2ژUEEG@_^BXi%퉰h'BcGG[B=3Mg*~η9>: sK^]&ء& s?$D~OYBf %.~u5 ۲sofaW:$^GTV[(+;bFϒnD n]Lܲ;M¤/M@۠}u!)cRÓTotGw3)X]ۍײ4[o2ZHKd|f$٢-&u:4o꘣goYy{K-u7ھS%$#4 .,kpF«䋿^(l~}aO6fpFl&@cTpH (Ȕ#XRIhFS~KDlR[7)H /;֝*9eWj37XkJ12Uddh3r?L\uEa@e,b%i)Sstd&,@_]Cthx\ m.*G1z=RP966r5XVs6JKfL !seW^%QD_7̠͊.ZH̲:oB+YQfJlDq=Wo*Ny"DDTncB}VRJҟy gm@gP^aTr`puO>N y1ǭ]Rjғ;4%*->eX fAp[^Zd<,Ts]t6[scΪR؁D( 7!%E(͘DE"ZАצmk:D~l62؅0Al 0*KBYGZ]gi]oM/ǟ?>B[XL|zm{n_P\RÜL xV3Y~1r2MBuU^IfW;F憩 l0_i-$S 4cB 5zJ咶.%睞3҂400B\& kx]}B!n<3W{o%S6(Fzj*3z‚FR՜M`0X?:'f߇]Az_y LE:PC@ η#mf[i=X:  9.99ɂ] TV,8QqfQn \=9͕@L!8a7tEqAW3@ C-$?'~~7j˅hXn.^8 <&b9{Y@qbj[Gix_dNi NjPM|K)^`K"!R@L5[30rte,hNrԹ͢Fؑ6t1Bû4~Fz}Qs+mj$C|r&l%eJ-_7EB]Kb::m:G}SPLӺᴃ9ǑKץl~+ԛnHI '^\zvӝ_gj^j<4chH$mJ :uc`) !Ons[B&mv*zBSѕM9&wEx{˿#$TQWٳTٴi;os[f"'D]+uKO栧t9G2Zw%(13 I F9Upy-G*l=u.RF550؉7eLU|:ëb:fƈvK[:yk0Nbn*B1cupظ=6Ros k 7pt&b-nJ?Hxf%ؓ*@褜b/Œdj&aX~%BRwre"-h mIu.ٿKmŻr}Т[ 2&V)h#O>厐)r{qܑC8?LZ/= ³i Q #fMx @Ӌ@*l1/|\k?sAzF~QHbؠLK Hgt>yDznnXnejH:X/Rʡ;MV,pb,Umy?}юqwa Qh:c ڮеgʇ\aD`*GΰlĎjtU1==[tمCb*Kd P檘rxCR!HO)I^~DHm%1]mNa•|" ηa8k{x?ENڈa U`SWR`V w "!2xD݌aZI8 ~E/kYrf6o\4+Qw˾*I-zsLybcSS :C"JaWN:q9lU6!wxOTHI~^dS4΍޼˻+gYI]Zsߋsp-?.LΩ$E R[IچIi%>M%*~[Ip7J0rYXodMO482G_]cx;kf yhL>+k')qf82zW 8aiW jI]\3_gvSdǖaԭѴ?qm~DqBżj|k4 8NZUS%΍iïo'5짠a^7vhfOWZZt 6}kCDxrX(2grf#u0=x3bwEšٵx3O΋i&l؟v9G$9n3@G (!pAt:Xj"JY l4M~T&"#o ũo+N9oc(^tfwl!drm%dJc+}h~I_?EP¶ZS2PA10@xfPWm3TP<֏Թ&t7Hn;bRJ .Ŕ+0ܪ c25~dfgK uڜt˵찿m5vbG8S"nXJQv?b bO?xѮ 2^VrɨK7ab+UttbAF$%Ol @2տ7A̙{jsG/ڢ.ؒ[qqs(MOvLagA%>Zcwr6X'/&(g(鄤1©d޽ʎ] Z-q%ꗗ[& L+%"ϾHIMf"K9<Ѝ5MvmY=e}!BDMNoD3d΀4݀(G}%YPՎ,'SE<>1iSy}}8GU  T"s>l!άx3Nɰ!H;>fr/8hWBXPr3ƍTMy”wC7z2FXMykLn.c֎=?xM?/^ p#]&!GeN̓7yLGA}ݹ~%3*NRVw ׆5Lχ|ml!Y8(0ؕOɃedLG/fN?ᲙPQ"&DACj7F:8`m?0?6 MaJ\xa0lC[{m a9^ҫI{vpRiVl6oP$6x 5r)9{TwIg5sšA[ JgzЙR]f 'nP*Aq3*uZڿBS6޺uszQ^è ֓xFF~)ס7Euܥ%d]a;*Nc }Y"tr$]x ("Tut<ٽ[X.mcm^Kr_u90B͉Y+ =mKAd:>LxnwhթvCtu8tQуS"0L4kpvyqٱ'a]qg%eFF2gbE62!>"Zm^?dMY(va#'x*`\()]h"B C(-DUibբgʙ*dX7@}PÒapla0 NOB [ LKtWOb 5Fp@`U T>H]iHqb{Fڙ*4PQ{||۶'3DY(h>%{:Fo@{ؘCm ?;+v}%o-F˔wc(;,G*IyE1ը_2n9r0[rCL.TY=1 [r迮/gӵX8皯:ÎO'!) jc_'ir2Qn#m0)g@]0(IW= nq,2AݖJCW3p@ E"N6'A4*C) osjЦaD$ŭ)¢-(63<cz޴eҙiz=qAQR"c`K`+Q UEdc:9Mt(g߲XpE4H2|)P߰<_^oyI0..w0\E┢%$Rf]%sNc\*|p俀bgzjMcrUda] h"Ɬ`Ԋ9kgYb W*FlnBn gĥ94y HtQ~OLI}/-|:iOz\Bbӄ`Kz#Rɼy-sxw 9La!:lSQj2B}AOXdlWHT|n=YEw@85ŏ[4Zm4XO.E9AHkE0 '[-gG[k5 ^iEh$$z2*;)*u[5"]Y" r& 8#^P@ttA ݦK|=:]U.C4x-'1 .odM2. uQͼƨ=2Mw̠en<%mRbW9_!'98UDWXSW64:NH<l\ʛm,8.q<֎;4UFtY=Nv'suﬕRB9XbYk =g0_Q5uޑO- I evmbiN r8Ke#k_) ZHT,uޛ5">?Mwe/w_+EFXm9s4?F*Ym#20ڏJަ G%l޵Ied4,4s>^0 Lm?8*2SkCLg|:@dTY)ln9~~.{w߂fky5b~^V8FHo[R!OdOK>/ A0Xf`>i^'xe.gUJeizR~M({F{ސĉǐ;.2^åJ|ڐ HX{8yD_Ev"_uDt**hDmi2pϠpQ*$Mdt՚1K\!_a1ilZXbb4î=,q.]_ Sj;@1nckԒ뒌 b]: =?6_\Mr\_&К/٫и4|'6yĵ҉%INhvb_n=;,ȵFkN3BysZr7Yx Z(zz%xzBtֈ{){4Ol !3@DJ*x*E ؘ&׳[}}%;mB^CZz|l\MjC9[CK-n8yDMx߄TBfYʯ#tRL^~CYʐtF ܴ䑧-( pI4οK'*o~FR譲^X:W뮍VkLNGBݩ%OΏR&)l $MH^+ U[mՏqET<jpxڡ!/lOf4nTDmb/S\$ls #K[u}Nמ;Ee1e1x3^ EH:36> z\WlxK`&֡ǯvó!;y.ff 0` t65*t,jtF2 > /vp>E"Q*"HޭTwRh)3u %$:gY{:AqH_-B`rcRaN5+ָu)f|KΗZZnNFZou/ IOZIơ6hSG˔tc%ӫ9%YfBpğLϝccD{% ^oݺܺMA>:LJD1'Ƿc/᥼Է΄:3w5Y$P޳/H\<`E&2Uw6n[SLsa[j1CM-OA`_)S3ҹ~<B/k8/q(3h2 ܾbk7P*M+K!%~W7]l&9#i(ܸl;AfrZ&+oȥp)0ȠkT]%5=}#1ssL>2Eqφ!S#!8(?Tx_/,G12ܯC_'%e KW]ৄK¿P8+A ׫I`KFeo="?:6ȾYxm]#rPr]DB~ Vۉ \pO;!V'0Wce"VG{lm {&a@3iCūȺdM96:NFZn“B['XYl 3R#v^jږQśF֍ܓHc{(pfvvI5~|j׉ 9IHEt48[(&0z\Qv X_Hp;Qw >FX\b{;d|~ZL/a *~ђ6ۂqG;:Wu jR駾 -@3#@U<@C<*Ѥ\q+>:qCS]mT]M2 =G6Ŕ HO 4B|aB#tԯ85魂ɍ,l }ֲ[ :R8;6T$[[aA6Hi,HVݜDU(Aǭk{udBp`"Sz1<ڊH<$R {U)=%m~uvaDSM@Q*"sU46.V b"ata>B'A9XeY;P~[dGuLנI8X 0^ՃYe{xUS8}RD/Z+>Zc4S)+R*Bc?텆F#G?cRa@C̽w};.rJ|~ ;,Tf̗3 ;$3]Oy&F[25vN *3|:@eo%슗!% e\ŷJ(T\-} 0йR?M8OhBt9+S +p+›⺙œM:%6ɭ`4hOOLs/ ~9` 0#Dmg&ُ>n6|AP(L 8K>` ii/> 32g~\Hֻm?oyLL##Ǹ+,'sf&b@LEHQgTf/c[h`MI\%i8Af~Zx hk{q0/>p\LN o[׫^wmy(ܘKtO;Zw j0J u>i #}b"9tA}O 8=cRqtk}{pkZxyK5<"kUQm1BM:ABTľۣaP|ٕZb&cMY:Np( iSF]1fwEQ&8U1Jh LCL\Fqާw)Uɧ ;={dEZɝLnqG) l7IÿAn!_/tPe=(:{a;%MA#[";?=Cop[1 {o OY ^ R!8T|4Ad%GG  .r1 ShQpիgOf 'Xn3)O 4`h-| 8-}iɐΝ24cᑪ_8^D㽏g`Ky< %|b*5nHɡFvGD8sP'DLH: 9q mI|kojπvi\'vb*.-]HO8O=J!Xk998 'XI3A@Kҭuoj+`#F>FSp2f~ CVnuXfpЖ>hqυwPr5RPǝ7y#k O͞$]8]ЖCk$C&fWoLB|f;Nɂ}8GʱAV&&i&e lC8)X5yBH1tDVI"=MEV"gHݻƥcK}( tdZA%(=5`dRA$xGke3ۏ癍be\<>0&1ehm3GmQի LȀk+91 B&/ezuͻǣ t [{y/'+꫁9^]tΈ jO;Өf!D&(t`k _S<$k.Pt!TP<u8Y%[ރQ"icv3@#ϩ"~aeZB>fXіlC0{%gc)Dwz{B߼JHj\ ]7ؤ-)A 1=-w))᱐ݓ us4ٷvRS69#rVSP:"$QU| N]:i\}aYet b舜[8zep+ӨZ)鞛7X@ i.:Lg?88`ſ^FU zHɉMj2@4JC yDMs5-oC_|)E*;o;Eu1-#0Jqpz$Vgd6eH(෗S=c[]݆NӆrGS#Lsi^Q OɈB(qE(`u`m8w,hyIe7Y$d$1"`%Ōf:HfTKzC;lz"[SJ`gVkNw@٤&;FTS5mD{LC(1 wh =ڍ邿iL[*"GD[GlHy:&ĉCzf;#].0ʛ4Q} &*UޘO =opQ>f-߉75M6 VɹugM|f6q٬2G m's=v6[ߌ1'ooH֩7FUWVZ& j.qp/Jϴ= N:XÈuFqQdܧ',JH=Xht7Z X[,[ kEZA~f(3MG3oFGhhlgr =mFnNeZigqv;hb_L;%ס>%4E&^̈.oAVGFi5 Z;|?q/qiz;!RBd!nIpA;i7{^ԗYJQ) NL<!lyh* Ĺ6]G7vv/T|*B9{Q  ̓ =7 v)_Yu=b.[vzȠ!з =P/UAƎNMϪ&Nm>|1gF݁Z\'Vb 3l{b@+NUFBk6hp%1-̭xLquXi=P,x?㗋LQ6vMDlPu}\6UA0_$xsC&HԊOoYHyEg;X(/HhQHPL2 t@|]|ch{󠁞; trB WY:R:2=2p?3 y]aİ YlEݡ<,(dRAUĻhw%$)2)w=%h[ Qґ=ʴnw|#3Hu(:ƆeWol-b~rn9paT8@Z z(ǀѥr2؝22Mvr$mҾgf{qؽ'~ /7v35mhM0T|E.6Y}ƈoou tvOJ:JWhplMCkdt7FU?> λ:cvU/?M{4yp4tʒV̙ʤEҹK `, nr?4jw^ Q_V>2) g6|)AakݧЉFAȰF0W(ca~ rHӠsLt v$/`G׷jzȐݵNu7G{Z3Ͽ,W4)RK);tw}J_NZ| 8́ә|-Pu4jןYm*Og Qli`k Aksy%Qq\y wʾa9Kjj[z۔?E3 1b \eҍ%ֳ1kleU {.o+:kl}TyWRjDLB=k}p !yFcD3L]UmGT`Dy5'gv̦%CI~'O| |[{7S=X*"p͌<.ёG~ C+w!?%tZmbDʀ 0W֚uH(蘑glb'y'q2\'t/+훡Nˆ(wb牅Fߗt>S0Mi&,6.5*cch\᪝݅ vhy\j#-eibK쐀yJO9h W8C^ҥ+ f 3Ǭ;Ԕ$#dIPg;6:FE=Fԑ'}|mT#0 7(M>b4;nD"K$C *90*4QvMLїL3Ȥ0&~!HÖnv>̘%վq;/ޛ3gI;\"Nrmkaj{ghv 1Vͭ/?-<*e9937iёO܉CDWs,Y /Ckb~S0}qQ ؙhC{Z2lupiW1PlR}oy6/X5c [8ΜF?o_'"OͻB0a?upܤo5o&}5ch6#-%-N*41'dؙVW$TF b~Vg5jܺ ?S0l.`rɋ%M*]oQFHD#>6fa67 ŽiGC :R*4BfjLt0ctgX5%B VV (+B<.phJQ|KJ{һyNQǧ^V x+'q4+~\Ԁѫd<}O('0B[PvC^;`XgS肦A1I2Eĺ$#*:mQ0~EMu(&l6m`kF׉I@I@ X`ƽdł֕dc)M >sC;i^6zZB(Ԫl%bp\m:? Ҁ&'^AJk׹0v Z\COڇlN pug\!ډˇgf91\+4r^dMבuAyK%ӡ9癌t( 78$Ӓ2~|:H BK8?kD;"He*!3ڐX<$pG"u֓UTNsJӭ֢#wDn:w\eCxF:܌I7  ۚ_`/<uP{l2 m ^F|j)?fq9O xRb_3n_]Z;iPJDGAv]Shf~@zzuWaݰ |(rV_ 9=:8_DZbFjRolpp8-@܄G4ToT).jm6I 8A#>هuX m/״PFeL}ߦY/&:3%)2.u:p[UH;8&i⺩@8uŖ} $5+)r !f*=(h 9me":>U!5(06ejo+l>g!b 4Tobem6p ak"7hymϠp?w>S %L٥ڬƮ!065c}Z`[77QSWnraħ*Qw)Vbqi؄cW'YA(W $Ba2  94ތ*QloFNZlYUi Ȏö*BM;pVGDSї74$ܡև(eMVvmro9!Zw}'op=eGpU@m>g54Q R^>^4C7Q 1?&m:$ |ndT НpÄ"8K$A6hyhs[6݄.:5~w5>m) H&;Mx9,8 4ɓ"9HS. R;`^P='yO-):$R4k@_R/r30uU?vF<2,Ӊ W,FA],Q`̻s(gH/ihF BoCss*"~ r\ї*ϯ^?w 1by-.cῃkWLBbO3m(.&tZ8kh볰H.\RΜ* aq`tj]%kt!}]HWU1}\O O&-R{Q-!JҨ-lWuHw@)Zo +c^\Y7J4[F/1Ƙۗ] } V*!F͐~ޞj6eK-AcT Q<x[jqpjm7Lw$i?]w։ruUbz^>,t蔝ƒ ”t Cg0aYA$VOWFO߇Pp og\,N`BZKYuEmuxwA|a1JY_;%\b %oJOsk QQBV'~P6yRqqR3aAƘ)'%o!u Z) 8jmf6 @*h4KRB1LL$ݥte@5M;L?C*0L/ Z(k4pAeɗ܍vY+vޓ2%k&ݦ;Ƨhju+Ca߽ń9`Ys2V~4_*_@xXmޗ:ٍL5O\"0w5MO[\W:ٲ[,3IhᘚR@)) (MkEeFN,(+Bff=Ԭ)["Gj.=J@'͘O(_!7y/>~y#8'_8O* :B\EIԞ- ="4?ɝ` V A N;P)ċ`E:/'1F|9ϝޛ5NFKeo>i X]w饇 :8{YeOܢLcf|hRy8?u Vo 7 mІ:yz˸ ͐EfX>BI{=ϲDA Qѹgo c(s6q硺m}1̕5O5M]Q gSHeeX}P^@lW9tnl.鬁o?$=wXD=GUX:ݑ[z#?L+"E{X[1 T EnIv) oRz`JtTN1ZݰG ZEO̚2>O?EZ6;X]AO&wDȁ/ڟp@.}oƶ9Ū|!ȓT۞7ܸYue F"V鎺tbg'y<#o - &Kd켃(g!]1޷ 9L1g j\ʲV@_s.gQ` He%ǂ+2_x}c? - SYT$׬&tmP/A)WT4MXNiXEל)(0F9OV,EB,/2XTz,=1]$eufx!8az!Z WXYԞ/=QC{ !]ΘsLl+uH- '3l/5F7`ͦ#,APQ C*FZ)|qjĀ`oZM4g: d j;O%^yMݜDT4=H@x( J.]S2v`B?,H'(_kAL,CJ ze^1왯 /3-Q%*&Z=)ܿba0WԟsWtBmlXA/&(?c{eo'd6P˫cЀv=Ms7]I8zYMm+OnW |z=5WDOA ۼh/~U;k՘[=Z2 hx?3/I-..eƹTQnO \\fǖ%=~-+_[!M&q^g\# 剑iPdx]5 Nn|UF/ j7OS fʹOꪪ傺<:9gtdFi@$lq!佗/RYjԒ/n]:P} BO3a繦Zl ?DJP16 !W0jeۥǗú%3Tﰓw4ʇO %$O x$]dT+iYkK7E>ItTʅvXk? &_4 x֭B%JQE_-/ѥaf5(|vӯ5rL#B ^N+5j6qRГ<{ex!`GPDflQ@uuu7azw|^8Vt4ڠGR“ zKԐ3]KkgK\ڿAͶl4!*WZ ֝V>Vf)@@ASJEk[Fncdcaml/x~WΝkPh/#W҇ӈ1}֖[~\A\vȭZ3mS?yo`}Nu&}yi73+?N21浊utPEX;br@b﫣EtK^Ў#ߧP4[~y,0/| ģ5ps"B7{W296=kGV)-A]>o*ۖGKቯ੒B[>7qzXUA41ynyfX# YZ