sssd-dbus-2.7.3-5.el8 >  A c~RU]UE DA* uJ~ {V^j7OiS8..HܼAzE凖 }k9%DJJ !ۻO&yojI, 8Q 1=?WDPo'ckjc>!:?QW)3Dk$@s(Fz6p.CPŦ~x;'e C`X< 42*ڊ_IWyva#PwxqҬtݴt,eޠ %uu@/qf0}xf;y!ƫsg w츑*za8(MZ`yxbk xEY.G[6]j CRN|CjquSq3<=UtVg'rqS9ޗt,LY}z#8b>gł[{q}U&2H-7&3&5֯: v`%pr*3e:{l/xwc*Io~%gi n9n>׿l5'TᝠmW˳ݷΞ Y87Vғ8cr@rC-ɽ\m">X /wϿ}-t>pBx?hd   8 #7TZby 0  H  `       @ |   22 2( 8 9:d>A?I@QG\ H I XY\ ] ^ bdTeYf\l^tx u vw xL y|'"dCsssd-dbus2.7.35.el8The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.cs ppc64le-02.mbox.centos.orgCentOSCentOSGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxppc64le if [ $1 -eq 1 ] ; then # Initial installation systemctl --no-reload preset sssd-ifp.service &>/dev/null || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable --now sssd-ifp.service &>/dev/null || : fi if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-ifp.service &>/dev/null || : fi%%K;  3A큤A큤cs Jcs cs cs Ncs Scs Jcs bºcs Dcs Dcs Dcs D4601b3592d313effe1a70c44167775b06693dc9b72e7bebc718b6c9e8b094b8f09f028cd5ad8b15e0d13531d362fd4f515952a830f6c821442cb3f901cf292a9c85a45a80e15b6bf0ca5995be414a5567f90e7fa6f7f671215ea2a7eca309958a2631eb70e5cdc8392c97e19924dc9aca4ddcf4b38a44ada079dbfd5f3b5c8738ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90309b6dec3db24acd9fd89abd32ff68cff50630a3af302c4f9ac81c993a91f4314fa9741d51d2a830f790f4b3e7f0e01f0a597e30f973b5f256aa0d098c817269de7b68d39202a8ac75448efcd6d9ef5c223eaa771e77cbee6e3c4db0c71c2de7678cf30f51675b5752abf1998d76dac3f4966f215fa192f81bd344028f75fc183../../../../usr/libexec/sssd/sssd_ifprootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.7.3-5.el8.src.rpmsssd-dbussssd-dbus(ppc-64) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/bin/shlibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcollection.so.4()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdbus-1.so.3(LIBDBUS_1_3)(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.17)(64bit)libifp_iface.so()(64bit)libini_config.so.5()(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_iface.so()(64bit)libsss_sbus.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libunistring.so.2()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-commonsystemdsystemdsystemd3.0.4-14.6.0-14.0-15.2-12.7.3-5.el84.14.3c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh rusvuk2.7.3-5.el82.7.3-5.el8 org.freedesktop.sssd.infopipe.conf.build-ide5251b77a4a22aaa2dde5233f42bcac9c54a25sssd-ifp.servicesssd_ifporg.freedesktop.sssd.infopipe.servicesssd-dbusCOPYINGsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gz/etc/dbus-1/system.d//usr/lib//usr/lib/.build-id/5e//usr/lib/systemd/system//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/licenses//usr/share/licenses/sssd-dbus//usr/share/man/man5//usr/share/man/ru/man5//usr/share/man/sv/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mcpu=power8 -mtune=power8 -funwind-tables -fstack-clash-protectioncpioxz2ppc64le-redhat-linux-gnuXML 1.0 document, ASCII textdirectoryASCII textELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=5ee5251b77a4a22aaa2dde5233f42bcac9c54a25, strippedtroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix)'R%R!R RRRR'R R#RRR RRRRRR$RRRRRRRRRRR RRRR R&R"R R(RR,utf-8f6debc0c6175f987a7cddc35166b3e446ced7f54cd517664dc95cb749a5bec3f?7zXZ !#,A ] b2u Q{LUVB6AL(-ĝ;!܁F2EB٥Pߊ3mO^OUE DF5G&c@Vc+*''_8<%AfyE\FA tT#,C'j~orGթ;2jPw/ʛGdn \#+KRޚC+Fղ eh;[oY*=Dž3)lj4]}We~7O>ćfTG]6) lE\%gGiY$3Q, m:3NIz7^! 镄-5Ze3n3DNCp yUBgxQSCos.dYZ-7S?W v#š1n`D~!v&G1bTd,=:Ƌ\s_Ё9x)*+Z{h0N?G}plTuGv1xn~_D穔cNx9!E1s7vdw:Yu~;Wy>Q8?xPa[kITR<ۣI&g;'r0e ULJ>kg yV R`$[f ɺ_<)+ڦ8KDy|1 NI!QV3\RY WHnv:ZSZtۍg"[J_CtrQ|ptXKJ EJ5 +H0 95p/,ͭfe)&؂8I^g-B53!r~E=1w -sǚlTpaq z# jF :1W8Oqzw1dDmݾ8۬0):X[dsR+jc`vn" K6L6v- Q?,Hg$~'Yp;E:"jN<]VlkWg0Jt|}u>4o#ya %"H&kh_L|$ ]o*-_1g4sfѬMSH8kV5EXWqf} &'Bܨ> % (,::{ ʚ+=M [=ϖb0ށ×H.jTkgœx6Jq kxDhTyt?v7jܓ iz'B5+|C `%7-Lߴׯ)xe#ݬEeQ\ -!ۄ!}r~\x7Z;cwN#{;]}&U4wCvDpij飚wl w=Ƈzw4*]I>oEr u% D(3TxZ\=؉'i+h*g )ۙVεMՉ2Z ({'T&O&lo6yEKTY$$EFW)^Jt4Qv\&P3tL@t??u7liH2VM \>T׍"mmz$< H8ϩmrJYu=i¸l)6.Ic:k}^hܝLiFV8|U {Y1aW;o[2p㎔*8eh ##>D:(0]L5fC { 6i]rANXc2;0i%?¸ x@GX |d.VAv/5{\uiGQjȀ2آ#ʒ 5X fY5@ɲ~ykT~ ~!j&Pm&Mhq(ڒbQZ(CӋ&†{OaP%=VvsZ\lw⻑Q3)Eϕ*gOH۴n*MLB=1pd"IgRuхvԊ%# {Bur]+|toe`ET;ׄi'+v}2 ^=qqL Q7^!HPbxсg֑~-Hdf0H("[jf`cep#eIl8^8EʱlwQ'o8MW0,zA]Rkfm5(>O_M P_1OKX'bk'r%jSqY:'&q;ʅD8/&`+Zh(M\02cCq9[pqj#^sw ;P׿ݣl>wڨ#=-9|5ȉE&QuPqT tzOIT&T4uQL! ~R;`=flA;0~#v 0@NrPemFBw:Y7xb ۔R}_T(󤦚|*~UVXvر]r)Z'Nn,-@mB2TI/  H(MvMb8m'3}uNxv_a@shA; *=rmRr< oߦ `n߈JH粵֥JhNe@,nn p2ȥQ@O00`xw4f;.;Ev`wVW\0^cB~25-TRb Ufp}slOxpx?Ϋ$"ɠcB*diw_g^v'7gp9radrߢAmM4:侷'zd:pbYaM9m% -NPWg3#ԫi@'~ ,4+OUv`n aUInI0OnֻYaÊ;769뙿~"hA!ݔhS@L ^0 dєv rcc5KLhcEښ)}NnLlmmHoUg"7X UCNHJnwHU4SI A+cF.&fbhXC3 2l4Y&nm{/j? gdi4ګ9.\^'i~i1 p)%ES%M4ӈe[Tlʫܻ̿f%R9ïsH<#9ln+vKm7]`v9#A[Pej܎ gHSGNQJ0ѮlyQB m 40iЎF0L#p;/lWġ(<`(̠ە\#@g>S/}]d)I[?#Ǣ>nplWNC(4әFY +*loKf c!2i[_bG("/^{ΝO?woQqj":$sx40Bs};ϯ^B@Aa 6}'N| D$6Od# ȅ4SY1oFfbP`N_[G~ߊ%P;%Z1b; um :U}rߠClTֻ$DH,Tc^ٻE&#ܪV^5DZ v[*wNV.b9bN2 V!ZYa5FaXU^ɶ݇4O {I%֨vi,ar Bχ :jMA_u27~0%&(?PA#I ׄ1*i jo#h]?[2{Q7 ɁKaLt# >r)LLܡ_J.[)F%FW ia Nw^\bg3OnIhe59h%*:LY:q*]/!9@ޢdWIxW[Clw'rkE]ʦ%WټB~5-j7u+|[ܣ{'-NwM$ v*:u,E3]g"W^'Ʉ 1&nJ{̵*û =h+Qm҈%pCG|9?MFv,+C iͱcx/G}R5E~,N!v$ٻVwl~lj賉N?od2ԭRGw-gcIBZ 9\:ZDӛ76=+{6%iU}$eûc[WѥXS_mT|:"-L1 :r ѻW&, >wZ&62ͤT%E)tqNV;>6R:@}T[@F&ըklC98_&ڣ]yN*.:I v-Nq- bǡS vTU`r?$|UZ SWݚUQOg"QA4IRHhTXq< C6ތM-٠(vbVgs4Uxi7)dp)sz{z?`jPƀV+ cg#u!`bsjz%Rb9}@W7<]0e *=!M7@cLEߟ3b.(/W|@r:Evu <ܞ|;;'&~ٚ[]mVd| آR>_JN[yB`O=~#yds5.8Wsf)Y9KMK}")qxY^CH"2! 5ѥq a+s ,w%RpUJPCI1kquu3꺓$C0@8 ou$1<){1&;9NFD?S?ȵX=A .j09̨HU+C)rAki7lϾaQk2'* A"+ 3EyM$mM 6|7x a Xuag.ͩhh>t`TPN~3TU-EfB99VW=2{bl+ zid0Q<LfR;\O@Gh1gҮZ! iʷuv` lUUj)%q橚.(tn0O+6ųr@ͩv1 ,F61!["Mܪ=㡗!7 xƃ7"@>rƺj~V:ʪǫ_ Nv? H+ru_&\sW<\͵NnQ~`ߖU>+0©5;ZҰI]}rф; bt4ct%$İUP9GqHMjzCx.d1Ɲ3Ɓ˹^$w:Sn$a(}Q (0ǛEj`? :f7&_&il,9yݞf4u,-𯐫;vS5i"7N>K2YbztTHP#OӦm& c֍UhM\_ D\#JN2`,13qCήC y_3y6`̳})jZXjk5A IW1ΐQG!^ Ŋ^*XUlA1noQ;v-4+ h>gRv}Z-/NM,,_a`:?ΉBn,{Rs]ږn|3`cHdfa\̭]qTRm%e |rUK~:2ؿ$nиNT}TGTaK9>6]t;Z39|J Kn*C6r,JP4'w9jBq(&@vJ7v-N- 2h2E7ՓB#̪? ~+Rē`]Ox? bT%A$?WQu!n ~ʝ03qM X8 \Lp&WG9p`vO#D*ᒞe yR] V8n±?n.𻴪I\KlGQ<2*+x j|\hEe#$9cr5+I,JJ Kp>{$B}/xg+#| jŞm*c4/ԥMZP I@X KˢcCn ̖,v65)u:.\fN3ngmLs/<:8=?!BzSROqT$OEdcl$ޞTce_P>|Fn1C HTYIJi v Eb|"u^Ѝ(U0-A&Kx.6ͭGwUoX^d7X#b~Zgi]p~P<kpшzWiP fS3l[4ﲋ~.덓`y6/~%>>UFQh=_WSM7m;`4SY?k--q8wcg4~rMh|ˌ/Q.TPpgUR%NPgce:t97=d_6wԨm/w?pi]39Ԏ48v$.;t c?NPytJ!PLπ|tVJ:f Nc4k?V~#V({٬D3I%X@_^DL }&s?gwŖњv: P7;@3@_X}X\Zi3V&Xy_q<9C>%29l@!A1E{O8\:$卆t7GIh`M|M3#ZRSsNS&y-q"E6K-y7 eL]֙bBV=[dZ;:4w ' aQo5sM`j`UћkDIFJD UKUIO+&5]? <~+ƔP|y ,@*/X="RMR` S6-YK'( ڄaEBaDDDu^%Y_5|YfͰDkVza6:"ӏCtt),(Ƀ~mJ~.?FoiqTJݷ#F^@B 5g (;S.eэyA(FrA$k5L1"zkVf3GƸ'_(OdBwF{s` fZEb; 葜#ioKhXPxÀe|Pؐ(Iqvn48-l@ 叜Ne &'#VֈY$h!0hcQ\7dxُF[cyg;i~:0 {`\߂ٜ}u]ӹgH,x1(dKjRaS G * 9ʙ:A 8-⎾ &LHV6jFR^w.zvms $9>;5 ,2>5vWMʆ9ꖻE0|VKzOti%?\\0 fw R \IվEiudavr8WQ (ڲ8]2.$v5.C&{yOCݛnR|z⤅&kqc<5 Hذnq~A R )(q'lIT@L%\tD7$`p`11_Lt=8ԅZN^RAuqAQyz 4B.^54rkfFB%=ϵ칌Q*а3% 3}:9O2#Qڏ-ʹl?/O>;[;v7#^" ܋J1ռ=[MXVܥѲ԰dG7wukbZi@i#e9&9n%n5#q !rxX)[x7J:iW s f7i0b,bկ6 ޜP6z#k"dCqxS.P{C(P]H{ju¼eoBV:1Qæ`PE]Y{Ը/ q99эb ɛyUf9aP$ELk}2\?fY(#spMǖKPLQ-i]%v  ,7*57F Ki^}87^O=q%4"O$ܟW>d gKg}֠NMjHjb9O *HH6f/k߉ؠ6.2R8^6uu(X~?Ҧ!f 'n`W;^Ry{+ ]ħ5 _z2!+C#k UykmBdZhߊ!^ymrr?;Tȩt~ "#e莨;aU?旰;{&?WvxS֨X]"nxj3~J\s-&%&k8C!AwlFR  pZR`q1f]|;ԬkG ^IVXi 9o+QbiF!kOkeYSPڳ`]4&3?˱)uФqdweO(vO5L˽}ceo`ht{Ujn)Rn;4-FCw1&K1?^"S^y.ă?EO ax U;f:n:WH2;RZ(ΫZ?μjiGW#}m{ALؽA[zO谽(uN:0.Hh<..5Q=>b&2>2r/]0͖5Ո[B<ӷ-XyOw縭$qkXD0#uBD6y|4Je?ZC#.iEtei-ۆK2lum͗y_uK;eWcSb* yaQsU{w r:F)`b];eIUs &,2aw5<8í@o"P)ihC6ǤseVIMY:ϼ(G BGr Ǘ4=cGJ&X$kF}&Z{.CoZr|K{V9gRIiûw$ϕ&WˤSY5TzEҬn[t|\NVBK G IpkHa%9H&5)įla`w@2d䤭/T>{!>mϚ:;8$A'䅰dѤO&n@KDWxY` YsحyFHk0zc$Tw h^O9LR!qyElEhX;MhuiOҴRCËAs5+M*zU߿C^׾W étDӉ\壖mʨ$|=ё(AsMsIvEl3%5eDY/b&m&+ _-5?\r:RVa+ZLGE6Oi՜?qCv#BGrk'g<7bjr"Xi.95#GՒ֯Q%*{C#cPhH@FK5Q-bő_?pj:G+ߕk|].^汣 F@녡 [[Ŷbxx,PU9" wfe]']b9Czq٦Ӑ++Z ݥ+' F^N>b,6ڬ5}7v;5y\rG&32p s$EhfKRX `.;>%DdeY,DaS\):rR,FB3iR(ܯ6p7L T9P%@{(\ Kj׭nx ֱT _90,hx d\Rꘒ@d˽~_CRolܴQqCj3 Т0uYXTfFi ,/;j6H򿉚p'one,zN#2So=4JnFH:s6VQ\6\ ;Lug^dz_i. N9>+}!;⃂jVO9a9[v#ƴcOԾ 7ɘ"\_UA##Ea0]6 krP6E9HR!`wHXXHM;-zd-i龜y<Y:$y3f:9 xe1oZcNl,|1tT棣]N@d0OHr|PȈ֋$5=fim'rR H6ÝQ~0ANiI*u1M]^~:L6?ͱuTN*r&T|p\ʜ%[*FTD~oGe4},).N >J9VeҳAM/ YSkYH߀+xS648D٬5 *(VT>\; j+{j x)st i^%X,VA/"*@sS61u`p(@ w[vợkG*8[Gmoz RK44vm1q;: K>;!Ly~ ⚦' _ 7|n'v3O9HN"3zקr%N'F/!-8YeV&$w Ċ#,K}i+<5͛i iPi2zKѷ-:j/pA}@`-dMA*⠙E.h|I'q0\O6·=;1D};L@F/">Z&e1ܥjQ+u@@Jbڝ #wl~5mԳ%u-S_YgK𼝕CTO]H4dni. ak x94A\CPט!dO6UV嵦RVp^C@Qz* P٣ڈ1 +`Hu%M:[դ~۽HN՗S^C^}{hm!1{HL\IEr+= )".FҊ]jflYlLf+!ƽak:QKCZx+LUׇx't1'Hu\|p@7r8c=M"cQh&1fJ*x׬H>N@Z*.R85jINz^v=d⿥/P|^7=0\ D5vcuv3rH.o=߼_Ghh>f[:}ݤ$0r("{B <+qo;,99 gO?QO(:%y/MGQy:T c5(]!6X^_ӥ]5ʭ+MVx:$tלiDGH -,{Ӄ37ɺi- +_5lN BdIi Js `dei :ZnLSpX}KQq"uVMzz6Wi s6Z~*w6S6U8Y7Q5), 0nJdN]N3.2!H^ 9-P%ʷJNb94s$, ؍;CK9(;y:F:oR.`K˂VXSr%CBVEC 06K[f qv VQl/S`~=WpR wT LmJWjV VgOQ|˓oħCrt2Bz}+2griŪ\JLJu j^Z֔<.<{w.q_D~L˛w~3C 1m&m<07l95ay\L|Q' C߆XU!𾘵&+RIGhVaTnlǘ ;\aYz|A924{,aQGD4f"% ZRI~X`HہO*U7=s+`Q1[8vF6FJdm1Fԇ+WNO\D昜;*z*S6n:xdCIn@Gd҃Ƃ8(:ezhq3M s?[f c91˛t}C u[㞤N{}IU|->܌ #r&w>_]bW}Q)4QåVGYY#C3$PW"s#8Xbz-m]Fm7b$5<+k[2Ae|:N D+ BvwoE+HeЯBif.tg0#O6J@[Kǁn$;>#p",sUE4@T,z_b:g8&e=)I34E3,̊t [Kbi-ONߒ'li"YrGΎh$5{K_x,OO cf{:8"h>r)̹ !DEC9@t ֗ag]K RY dwJ٫"xE~X"=allhN-Mr$dhgĶ9_PwR>ӓo82H)'0m:GB*ַ*^)3Y\o/:{̙ŖoߗLY5$õ O*݌3똱6uԎK6&Pp @nmW?53`*Ӣz}V,:n5nHA4tj-hgyՔ-(z]p?'0S<جdtݔꯣe;EB__+%kCE`ށg/4Zf8w"J&ٷ!C )^~^d-_&=Xrҗ2?S%'yZ'¦%繥 $_GH}ɤT"CAVH2T2k,zk#p`ocVxt/B!-`ApXC՝}Vsj}e纸v!AH^J K zE95c =1 m@ّJc^V"Kmu897tL& v <WvBnQ1&Iq.{9)6tl T9?gH/擥lP!"%ߋ=lM5f iZtf&Cn:,#{rJ^Ap̤BbIqa.pSaDCBDJ. ~ `&G̼F Z ̪Sn:v|VLƅKgX#>7]{dv̆{4Q=dç.+܊]6n#g5h"ka\ H)B6!RZJqg@& Sfn$AڵZ#\$A^ /> bʜ%{ ]tRF9ǵxDjaT|L +cO ů{§ώ[t %8Dx@­WdO*?t͖1 ] (҄lJ՛#0ósF6Cn"_s_yRˢf$ cC$pX0)*{}m 9X1^%)cÂ+/eR_mf.Hpo @E(_JCdI'Z FKɡﴩpzK!G0h%7]]Ƶ(#~YP9+F(Ѝym/4 #⨊i%}dM@JskBqJ~GC|Mz*`, D%D ]uV }j(POU" 搰6r?$EWBDL1ˍTsȆ9Zda/-t1<)r:F;$)9칀SҩS*(OdjJ$nWF ly*sW53+,q,P, ]ZĀ&۲ՑٶlL{9WwQ{e/Jl(oD̋c9wPZӞe˥?.m6b~6A!_׌a,iLO( ?j;CGBR?q9m(qI$xV7%b 1WؑƦFɛ4BPobpL&lD}njo);b:!g񧍞<I[`ga(Zmp4ol;.WR'⊱v#]D+:Q[G-/ C)7:-]bP٩RBGR κrrMfgX2WɣEmrqNVB3e2}'a1'<C\2n%=} )Toh9+2pJU<5 (ӜwYTGd4;ݾIEa,_ QJOI;xQoR+ };Z фWdy|~mK6)$x8D&VUX؅ Z;F.y˞>T\6)hp"o9"?1Wچ_~)G]x:og&J6YܚU*^R$bfN.FQIBȋ/'g@c[@4 * 6k -$lmzj&voqU3{ '}r;'ҷC%⮊c=Xlx1G2WJs@~*eL/gnNm{&a15-z{[pq#( P|{s=ޜB&!ΌRB='9OZUwzZ4Puo &B,K, SdYzILZpzկ!fB6]{' :-$)˭\WGPBC7yѣv|=i ŠNG44 jڙA.t2Wz'#U+hBV"m8fTxRdUE4URslHa|^NNз̫p _3t"I(x%0[jBH"lXZ&RQYG˵n@>(j3|`BO`YN.8)~mMʘ=quSj`M*k}׎R `HS.Quz=xvV5+CX #ٖiMl4"9-sp Em!+PǑ # 5,--[ Co)t{|)^:m3Cc2XHR X'&\%Y3}O[vm ,eMLfpsQ \G )*({owC״$qk<>5m|R1q6LG$C.M4`2&F*rO|TEY Xb&b'/ ^ܚ}p&#D@xO~T .rեMf:PMȝ(/io-fR}z0 r]m01DMZ6q:eDy8\[ ΗSBW웤9 Q4};"Z oXpKOzݴC& 8BH7ݸ.FH&D_@ʏg 3|p؅OO1#O"d;]HP;+Z%mєjB6 KQx/T=}T㲗#뫍9O>:L6.U&uƿj)]J[)$Pe$$rT糫TRA<Vqo3d;$YJ7`[$]F+:l$rH r޹Xyom繎 #tGKnto Y7& xg!)%EX%VvIN_cU)+ĉ3+^D:|h *)8Vsm3oPf)1+ 7B %8!X BWFyh|MVnK0OszDwA|Y\>D95!k;`? 1zOris~53jGMQX nHt(dk<=ƆbkPGriWRhCBӰz)󆟼VB&c6E^^ǃb'/䞓|}3tgdt"8z>a!1/Z` m. zpєb.:6g\v6|ˤr^Od~w3h*nOH]'fJI_wP]*La:3{3MkXmN]/ KTF4yz|uE[ʷz S?!I|Di*3q+"Tg9tݥ>,/,GwUz.ّ?CS;S P̹_W"Gy `M0?0@+*<>BhAJ\.lkGbcs x8 hn 92 d o/ iDxq#G"\x&jLmA V(EddLK7kУ0'Yv1)keX<2'T휯cĠBN@tRX[93Dӭ>x@䔳՝-L#E nhM>llsFSnfl?,=EbWB 6!jD>]&BQ"Ŵj{-esP]AK!43^oɇ,{XnD.1t[TnlT$?}qO$^ E87I)mB^h|pݘeZcI'|[./[_ ,ܰ\ze)][XcB*x0HBسl0W.yUT9t|蕻"j ]3 iUo0]a~iaPDcKz)؂1O^&[=W_5 {/gT jYLٓB$8o.tu%}eٽ (/8-˯rp: wEMYGHaĂPrQYؚt Z.FF9'\_?vșy07(,[ߝ|TVH*d)ݐ (Q]rݲhۘ2n&h'#TBoVңR+p{vloO^sOrhU֙ 6P<'g0S20 ^(c55[ybqCn8|6 M~QbogЙGٳ: uGzyEwDHl2ʋ('{?ZlIPLJn ?O)#P}E|@"z*[IdMC, 6n'bg+.YLZ=_|ZJ|Tb .]eЂ*D"g0,e¡2DwEupiڟHmȠ<u+ Lym$A-f9Yw3ƛR1Yhֳ+PG+:-4gӰA]4;G @hE\YrZ \s^ԜnXkp"!IL I ͗!|e)O*"~N0ܝ2M UA hq+IO[rGj'ܤ/E.ܖ]{=4#wN/82C2ǯ~lD::RiU^Q\}|X%Ul I++D)Жpvy6jcaI>QfT}g_`ALFC@1#LRϡ*ⱮR8{u+ NvX[ۼjۥ\"35'L]k>DzB5NZjx[,H- %i{x#@4ygybE5v!ASI#XS`|،}0Fb?0`ͳ%YP: >yNt J6K;;qȂr>eZCR]`7i*@2@ ].3:t|3,V_$Tq]GYyRp3(0!FΐD-TcZb <cBp_/P^$A >ׄaA6׮&>)R߯9@i%(0GY {]V>/RM{7|;oӫ3 F&6a0yvmo/%MNoD]KT1}kP?fܻN,FCGBZ/meZ3"j sQ/1CKCRhݐCƦT%cϸھ$"^ DiX| 2;~af]HK@L+[hxx_xq|އe`<-\nߠWI=3Y0r_֠iqv.V?-sWT [0kzpTH'Gjd#B΁CvvkUdy-A,rPP)4>YR$;"=fZvL N[ wJuaMx^{)560eAM*cP w/+`/!j0fiNuW9rd +M)Hd{7+1dw \q]V;O1Ivt $CBHMs2QC aS //}JxLCz㜚:-rѢeyJ%nT%16ˀú}ϱ66p#'5wx]4(DgVb{#ShgZM&?S +ㅭ)v Vwۋ1;v~)w'B( !RY^r"65ϐ hVYozU,Vahݯ O8V}j}=VmzMXYˑ@_r2_cTk.4S ±Jߖ4-(ڧdXIka ٚ+ڶ]yl(яޕK|h6 ޺Rۿ@a rd)9?[l-hl=FwBZ]:RՍmHLZyYmNi64"[,^TPADQMg"v[Ww%adnWz-#rĻ)h Mw\^ڽhtO^;D7W5J֯ 6:xU믻1^z=+&݋G3 KYѝ cK~=H.W46{hhf, {J rL2󫪎J]K(*P'@& R{Y-G) lk&s+4ݥ4h^U8e/) q6͂KV:t"OñsT+ n ƒ2؈v6TI":]7fU;TWV{iX"uMbӸ8 JCtdᣓ㜱Or?TN?{>|a:Բ3K}oD6*Ύw?rV? B&t}kON68A ?E. Lch4!rFE?wL[JY"Pg?DPCQq|g{H$(^5@G~p[]K;PXkxokvOXMТH4۔5 l\D6#;[quhå U7R^OᘧH[lg >L4U5I7C[X%<)W,k͹VF$/Nn~~gɉBjYTIbZe*dNfc2bym$xNyڲnS$0(<5՛fqLXMisT/O<`MjmKj2 OP[y]Gvuh)җ]*Aq׌QܯM7hQU־qF!ׄ{ΟRxOݪavQCc -#\ր/L=Qpl.oR ] jbQ5-avyty,{[z |Z_ĺ'S˲QA; ,~R'Axhc%W8MZjv?lP㔃( Ϙ @'78d{~x1[ʛd?w(Kb6=.Sv+ %Gd0 &O)*qܬ)c Ft,K~1Uȋd,d( D z-;X10$7D6% lUQ%ְ{,5#{Mw` ,`O|}&b9Ty z*tg_avk/`xA! N`@UMn/y( bDh䥚X a'(nvB`ۗsmv["r;Z X")%N c}4^N 4|6j)83K ݲw⬷<#/MK)KoPخ>$SUQyIk2^L06wnMY,pk*pw;\pREb(,, sWS~ ֦|hǩ,1ѢSDVƚG)x;פ˝"@*7)hi/vƆF/st*p8Jxܔ J9?~`O{f%(F?sׂ:M-p|ϯ, n雩% o7<:ۘw˕cyfO4C _^Ubeʫ/f]D;1'%W,+Z ⫐G:VD#9b_\dK6ېH]NbobY\/T<:WjNZwIz[EҲyV7S="IhwY3R~0I: )K㱣 unهd=;$TmI^ 8=+޹~ȈCW:’s>}Y80{/q.4 -D%•⺼^c4bWRցYIuq Λ**\'=(6υE2j#dI(Z!O0d#+RF8h~/Φ.@"jEETFֶp.yձqmDxG~qX?T+.9?ww   vg4泐#AcU k(<}&YP('IpgۿР<%ap08CjI#|4(/%QUzn.v\SƎN%@o uUgwh"YGx ӚS>)m$BS|@!.4֠fU1 IZݖsM !7"jffK[`-}Xr1*Ǜx~rp#A,ttC4Wiq+\zEC<3EmI2oMyF JפȴU2ȐToȀ.s56ՇFY}߶МCNAR~9Rf *l#n<~[0e̻ML7[c!>{"ɥ?>9m4,4XG^fχfi۾JKA餬&`F?oKPlGpD0<֖DjY(HU'~~ݵ@17ꖻZ®dMo4@}OVM4B=|3Кl\8(Fm_])ix8@b*:g R9ġIHc&& Rp4bXgX{;xJ !&%Bkm>5h {I' FۄNw\' dxoFQA]N!0ɬ7زTPߵF&,<%.%MW-teăXx2 9k)[is~~? )9ےa4jaf#hȷ~vHб _՗5R'=; %a@ "} z8.} 0G`gڱ޼tB.b~_ 9Ԁ `9w6(<:n$o'[]^F4*D lY!"pn΍w撡cЅm y 8Zr\?0w½ "vk1+7wIm.f=Ka&_ r>dEZHcB@9[ʗo;!B=7¨+@8gPmfL} LQE>EY t_ xd^c5ǎ[kry.<D :T9us -S,0o!4~7gJR~Caa@d%^|EX+,<.َ{PƂǣ"9ڟzD5d55d_Ͽ.Ld{]k͕-@?YyPzHGs&O:@-8K UxvEPl_3b(p qlFc=zo U5njꡢ^`n44 8R?M|-mlz6:"ӭr(Is3^gc!p;qb,BChh|5k6@2[ƒEzl| 9&?*:Ǟ!.`:W#|~B+Jr8>;_e @37+¿S;$»G:DŰn5RgM-n)OCP\RG{*Q .5 Ider^k LTƅ@h~"T-njO)a7^ĩíU29e74e~3%M_% 薽"v1KM G?jvw_hX-GZWqo(Q̅1NEh* 鹲y&"f@]%LdR%+.ޣ[Y$zAҰW#J~Lt=i\#> F | 2fp$xNhpfeҴ뱌n,'+ 8܉Ĩ"醆k !⹜R_ hAg2 lglaC-?8)ys -[BqЛ_5ȒDJ;a\x68*:Vt#a:#8n =>u}0\"tE Y+BMp=bo˸edgzq5hakcG,s9W*wle&JSuUgK?Dd7(bw-jLfލ?EZXvN?"2X0krQAN^s/|o'>m]5$V|rJS3 49h՘$q6թ#ԂGi+,OO aG,iژ`y3:0_%PJFvtxzTa+N{msbJ̵#C嬦,WK4'!=BiM\ʅv&ےbSe(GDzi-fNʕ$s2;N]`"U4&yz[m3yY?-qC.kvk|~yF`5p45浤hKF*gOWQ%x@lS8%mLTyX́Cdx5,aF޿T῜ \$ft4=/Ѕd'Q f/sn֜W x60i7E1$(F5:8s_E" (䄭 `KC`8!N%NICnyPӺG=ЉD8)BIdB FPR&+Q+]niY@{NJ Hf^"pи犒rzDi+Al-v!;BؾChKsMa ?j<<Ѱ*=s@ @ H#Y;vFBu`;ܭﲡ@蕵%y/M&p]k:CiB3ҺTP%EapJSϑGC 9IgP=d_aViֶN YIGlf/*DD+8n$<ҾkFWؔKx9Ј%Uz6POMB<2'V+퀲I'X{WzΩ8a}d)+V+$i2<%ZĎQ~vIv?i/V*ic9K+pgrdTfŢ mU )'y2ÚNB̋Jjb9G@GG|e}-mm -sӀ*JFJ—I=+'AʠzP迂@BȡCE+5Np68}WR]ԫWzH(NO Kr䌨 3MU*í8lJO-צf_&&r+Dz&o|cCЯ潮*BelTFnbUe,y` m!>H90~ZZ/WϔS: T'W@.ljͧ֯L>mQib]u(1߀< :rf7`Ov8~ S=0WNoOϸW@Jޘg OϪtf sbs9ӨQ&2|1G Zʬ{WÄQ}1w8@S9g7v28Ԩ~2D 'E\PP\Ms*nXiDAduf 0:| &bVjh!4w^ -je1?e7^ѫ!ů{a}s]Xƪ eRW`])ݩ:j\¹_0D(5^]yw#V"@G+yK d*9x 0)22:8;_wp2rpG(VV%>ޡ:ǐfY˕%f5x/I /ਮ xOh>>kE&Ga$:T?sRe;NH-5'g2gnlAl*|( >Pka"͑="j)=E /PB#Gk~ir'gT옦O{n+TFS Y;g0Up*"&x`HDHN#zbpnEůEWOPOŷ+8&5x%j7r$YΡs=ݭnaSti0Gk:@4y7o -9O7#a)$M`u}=Sˋ^dIQ6{wv{gpGw h~̺ ?ȥl Y|bveyJ5:4o_6 #Db'V]ipCNM tE{H]tzєo=RmfGBP\*X{7a4[gczPkw=Ͳ@#zA% J}QWsw^"cҩbo jӑ&[b۹QISWig3pK(1h,iINMKbfdcLy~ԄgxIwkKv-+"Mœu4`_LwcգdEgakԮEZ;YX{C_ɑnsu~*ԏWTN.i^?EbQ|F>$Ғd zB=$,P6osä́Zh2mYL&RPDo}b0Kב޷Vr:Ym$07Hy.u hLhSA_*8t.BOjWeY|J]2UjF)xdMcrM"B0?$> _]Y>( UtD=O9L ЛflekgxV ̭V+ CUصא4$R^CYRe4_02.Qu}DkNf!k{8I;MK\i4dȦu&E2 nR4[gbcw⚙?Tp`grc4W`br%da#!in]vUR1l^r8Nwɷ- gŘrE0ޖԅA\Y6>z1#ٯpX:F @fK 7'Cn,|#!`}Pvy5}5ƥSOt<Ɵ?6NXKsJ3&NeO'CCJ!=eѵ+b]I+ShBGü]9׵/x(3hpc _춓ߨj/$@e5VԋHɱ ӥժ!MˏMgag ,G.v\T4WH :g,5bU,Bp~@HAKdtO5l.$C1փV:c!L0J5SWܚQ߂tjr/3z6|{ eY,! ??ڕL(|),Řg}.gmYպhq GDꀙX6oW}rIVlUi Eeʦ- J-uk$PB.^';@#{'ݞ o4j?ߐdahj20Nf**~;y"6Ҁ {L 9d@'{xԺ7_H {?Q剧 e7 tPˡ0&Z}P쉋 _41KwmcǢI*Z ,9f-2|x$8dJ Ls&gKNx'>N^dLGZX(QLks@2&D<Is$#e'ufw0˧QPS.w}2B@B5Y7Wq4JU;6~bk󶔣[5[()e:JyOpKN`a<%_y/V"]谪<2!u^XGHnAgB)0q.r`=~ҼYOXeT^.*不㣨ߢ:[e6;bCkFwdu[ntQo{ 1IS}їO@bb16p&b!6Jc؟W eo_.}TmJrm"o_)^GtVO RC{G(~d & ]j[&`m^::[/u m2yل$McK(!|~Ã$S 4"Ƈ>$Y586snO%`Uwm"\c# ߉ ܐSV%QŭaZ{N"JQGr% )(i#ps^.2(3 wW 'ۣ,~ݬ"`e/{gj6M-T FhzoiiS,+t~4UN@&х u&]}cJ^cE!吮SxY:vRˉy;~ Z1\eFzK Ꭹid#RF:t$uvu(|RVht̜F,d+]%K52>h>/' [M\u:k*1(i띧*I Xm\Uq5Ć1eGWJy=~ VVU;cn%L|vNHYܓsɿʀD 4&ui"5[~E խK+2X8ll -H;F<mt)=qꬤ-ݶ쨂R%?G4Jqw&}.1Denc[;%(4= O2t [+u@ÿ? %;/NVXv7ǡaQ`WVjEܭeXahdP>biR?ڗ 0|e@/ ¶$}tGh|ːf7(VH3棠C'#wI;>ub:׵iV,Cxs?#zFac 7QxfDޤd\m|N45;_4akEF~PP83%V+=⎙]'_+ Z" hm=53_7}ݽ–xv;++Hr'^̔3`Wp1cd @O[%RJ>^YwX-G6F}Pfl2:.Pq^zɈt\SW{@LmGȓEI,L+FVElZD&%}19H?C`krqL*.hs]F1w,"ձG}H+xwJ۷`(gHՌ+k& e$pӚ~ΓgŖXð2_jR.213%eD፼N4,A@5%' 8OH 2o[cʜ8^7?ayc-UjߋL?=>H[ o,*mpWRd>O"^>ec=PFQ 5AblDA)//ݘ@b|-;Zhѵ4xo8 (+=.*{l_h T29_-:Gž|H_;?kfFm+Zߴ]?"8ZĢ7 YkEP޷6DDyށ|17sN~8nd(@I3J $jLjSv{0-zf|No_oχaHDOj@z7˳uM6*PѮ½,J"?@tfo_OW)8B^0\y?b(Vsz!>()\#l϶{°4ei'b r795ޡЋeI&QJ1&@uST|*|Y b7V&DZ[1?">6t)6 Zy5Șd/tL RfXõ4Eқd:u"Bq/6jdֱK,6MiC]4D(~o>eT̬i3MR|($ $ l x`A2E_+M#TH#$%Ւ ѮA7UyڌhBNxzHY R7BXGϋ`?;.ͲЖQKc){&1T@Jz68'7%($Sq[g,&hEeis4=Ip (F>.(Bȃr\~O|7 |&P{{Wo!,_g7_k;'-FtnӸ߰sۻSor F1Y = G?Yt^t\bT+bPCW fEO3ŊSF@\[byz, SS{ԉqU`4]\^qMmu>V6J;A mR$l_t};c|Γ9w:JS1)X軨ChMh-tFwZvBSt` +p]!?aTdsEsP8⎉|b) TW ;AЦ RHg7(NpmF+iWL7:c1H큏B@ĺ.e~,6)faM'|ْ:{g?*SU&0|;dd37@~EFݰg=Ҟ)$ ajur/%A#&-kw0Hւ|2pʥ 4N\,)B@ MwQG<@mVy WJ>"a7zż0lf ֚κ {G.,gW r |aoݩtG@DYa,?V^-8^@qEIIacs}4_r|b W4315nʁ@eO|`1Wm2W# [p&zo|6SM|}I'TCu/*oZZ]yaBQqқY&Ies/tfw~k{P6oeG:orQK_SWd^($` v^z."5/cZ>LbC9)wH>@zmkw+(r'C"FPݘ^'P!.- op?`d`J˄ʥڳV0n41oģu̍=?|ӟ qf61kc c[VxQ*` 79-*-?ћ:x((ȐIp(y/ݭ=Ê;5@ nvZ+ϊ1nGSHj1ZuZ;$-T`vd̲~ ɻj+ӉlOÂKspT`|BKI'H!|eV'=}q`a%9|aOLFjn5s`w97рeoZMmIÿ V/\-|a`8rOlkn~bƆopc6EA08"6D!sdLg/+ :s$~?XFIqq5tь;UH0z M wz)K[V ߬InM& DndEƋL ^N٪t$T]q2N[j"z x|$&g5HVz$*(&#\AlCȀ*S@ nt-͎\zjЧ8ܐt.,h?O멁]F HmDSabIA4EJgz4.:hbmkjN7|d ߗ%:g<\ 4oOjks&">5yP~$`F)۳h`E׏ lӷÉe.\ʢ^)*@l4݆-@@L76m&'qɇ1b+\%nQ`1\1U4#+fϠWi[]-fzF;H*I. 驿6s%X3;U)(zm0NGhH{TxcxIE-F\7BtG-oTߜ NȚalO#s d>'(kRh/51ɍaHWHfz{] ?Ǿ.v"a4\%/PߊPN측R5330PU?j'.lѴV[T CcK}aN!A4^8ڴ(NLz> i'a oc3ZXZ~9M'hSa&u֓T 0 A YQN͖0}QY7ӫohbBͥY(?LZ9fC3ƟXZBm4cr(K#0NAv=Z+`\kJlvkV~ÛMD۫ Wk_~o L ?JaNŧ;&[n_D&3fa;PKI ǕAwO1W?OT٠ΦyrQrӦ{a!_Ƅ1J%)~mZ1ǯU[z'ٙᡬ}m'vn +tGU0?BӼV 4ߊ?qSC !c!ޫSUDc}qۧi-×xV*+Ӂ@yZ+yz2Ue0`{򥁼÷7:Vtyv:ng8ç.TzeB>pjg6@Xj7X]K)*NܭT ݗG~%n#ܚ'."]Vѝ{<7ifY#׏*-5yio[$7j6=U_h#sY}p ^s#[&I~WqƺTg 2!HXtha1:韈zi|0'Q9ԇ.y3y&Huh/A10sPL2Fv`/:=चeޓm.@jX僙lond01rA<5f7Qޙdƴ7l՜^7m^U"{H} X1Jԗ Nd NeJ{pH*^>/Б>q۵sdu!'#@#OOI>X gƭ˙cL-$V9R'҅\z3on>+#>c>pjCifMvo#~-Zj&$d-@#].gNʥZs\H9*6!ot;&ٮ$C݃@3g%E&T N|5xsjߠ-}ĖrEOiepNˀfʼn~﹉Fu t8S:fX~X8CA_s[[ zY) 9+uirZzuǯ?FXU:z58SKgCDI{jFnZB mC/9z/u_kȈFfHiH.m]26y;bYTFc[ڥ~"TĽȕr;ZW-7 od d0q~qZ3&l>W2<ɶp)8Pai!v-7z遽ބ 5 / Ԗqز`ikdybowtɶ88i@j */]ĺXZc/U|: FȮPH!Buχ9A%^L[ٌ}jmG( DAoNsf(N*wɨ|:~|!HCxƨoDw9/PLe ޼eW^ݟJWД+ǍB༼ "@-Hۨ悾nVQ#T)7)Nk0s.ݵEckYAopΌTl}|DzKp t-Ėj쮋@_lJl6%ղ|,XbSЈ7U)LMjj]v<<77v%3u UfF1T sgjCg1V#(o$p ȣ~ȥZ *Wy XÂcÅ'c$Gk! (!_>f+~6A-k) =;ĎCfRg FFKCY ưȥiɢzԪa0 ƺHio>OگG=/QOa0x4 -m^izk`*ZU_ O ŝ%q,.OB2!1P٣ID9֝~2x g-4>-CfEv¯|T\nzg9ag0?vR9$?zH~H93>蹶͛C`+c:5τq |XBwGf/V'%D~[p) M ƒɑG)<*stt"5MXx'NRTd8gGcGBs%=hWŭ(dLa)^=G`wA3_cd`w㴼3n 2{u63GYt5fT+Co,Ǒx ?j(Ib )AW6o5G2M +XHs-.^XMfy^ذI %o@7pQ+/dȏ^<낰:T^VAC2.Jd@;rK s0bFzkT8TțH߈W[W S 2-9LwF$ C&:bT l؃mX9<Tu]m1C}Mhwz^mw~>UdA}Ne |dNC-t]HwA$GaVr>+pe(Bϛl*ߝ6n0rleq/[ #:"!y*N܇Mܐ%8_Q[%@χ/U<PZj0-vq6 \))Cf-d4KDuVf6&5u`vߝr:98C9&NOuF~#GB#ODW QSlI?Tx/~M_RfEVp9TrK^l֖A]rX ݪz$HqXQjSjtGqvbNxM&Qh\ɘx8D_cAG^v.ݮv`&v;Ox:ܿ@U q)U,*7,+/<9fv0uiDĀԐtx7+A8D&eݷqgj1;x=˶z DZ⣒%B!Ѱ[\(e0>C~o"lգ ԰{gkӟr6ʺUhG*}G k|s@9)EO*) C^㦟; NFN]'Qf pp~15p빏NCp~"ݴ&Ӡ[5tpkbÏ홦;ԋ`=XOPCpkyjՑZ^IFeaCV1(iB#hњ[3kw~M6f唑.іfw?G{͈B?G % s|j#/?)]xcgZ 9G?ZT7 :QWtcXX0E~NٻoTd{zX"3o "!{<}54 ]*'5q>4Ij7UpwKH;f#7#>MΘr!v~tMp@o>\p4ޠ>\3l.Wm B"N2͍/y^ڀGLT"Jz:iv(*ĽsxV*z GI%FO`F!q&7+>[殊.f~2|09_9qڏ&;ԞnsR-f$k!oݹ)019\WHe)TVT @7Fǡ80@*܄i{ج٥%r/ a(6v(p " i<؏^Q*'ݧjɀ8sԾMʦ[Q%9m՞ZPeR:#l܁i\A9ף "Gm+#bnl')0:2)8iS`Gx۱q`r <VΎ5--%Xi0y1R(>:I(bk􇡨%7sHj4U"5 w1H}_44b/HcbQꂅ0s󦠸ZWA9zZ;V0d3>mT}#)d_6,"ZTø,^lu1<w%BXu9@O ]< 5-q Sm4-z~;eDM8WMK7fT-_2Ռx ]UM9/qE8* RY6Z;e h|Y _z-<|TOgoPUGn#!V4Өԥ4[υ DE1G-J_Ŧ3>EM2Ɨ zbH o^+K7gwKX8?w5 $ucWמ+E@ń74,5ɛ'T)ld>7AI?(G9mT:ByXRBi'p$}_IE9e,  7XT^."n8HsSZmvpQzK!V&0sG 8ūqHNI(l8'^= $ڒoYWo Q3I0aN*ĸI\<-^}pi!&ws`:`I&1eCQC/E5 ;]|ahV֘^ Jz#ueqhH43nFnVITCw:Kyyum2u })GC fLFl+4]L8 6F +f)un'ɜ3[J|B3g0cAljMXsiĪd]IO]}8m\# w5s}UoZ굷e SajSvwVSzx@}I ݬ'٭'n\҆w)6#d(-_JLٗrR
  • U#ۀf#_stez/i{_;UƇWãUB8$j_n۩7$V.LbA4<%-aV(wMs{]}?G 9%|(,\4Q3婈C_YE|.lZYd{!W}S2+D@ cSڄK3zCͬLO,= ,4F *b DB(V84F-u(aYB #ԶBjWb}LE I\;WA?bOI%/>0h7S"{\6>MAkCZ)@Tilu1ژig= 9 ]r# i=/5Mba(_4\\-J9ǜմз_*U߇ K.u7RbKa 4d>II1ܭc>}[K̆RW" ShN軦Qόj*lDi*l!U?+n#o Bz\w S5eāU?Z$D,|8SxN 1'uތ/a1fMgY\}3 -8ih3?mnX۴%xm 3F#a.WԇOV<m2eZ zQt#nLQ k?KK= UdF`pUO5(Ƽ7Yr[^}/dX,f6,! ?2 <cv8q;%I%g85z\JT%/ͺn= ym [wX Ӫ:?̍t6Ώe}*;P%x- AlelZ0u^!=џ! .#w7ϯpDJOW8ŀ ěm4b]mt5Fy#'<y%;1UոsWgɥwOYEfeс5d_,vbB1z!s_9 U)TjZO!HCQ/g 1 o$[)aHHR[)A+E&d"jqu6߷ou*k=<%+ ӊ8 ,k)8.9vJ㽨bJĬp:>f΂rΒLN]49 צǎ c?PqM_f,^Qۄ-^ol+_{?0B#rz壷 k? "/2*mAXzM 4C L(FxDŽuNw' yEƒ8W 8pFFcLbΞBB6r-{580EKskk{bu6B'ij~E=wzDR/䖆== V & ̊di>-\E'jg}ξ3t/^(#Cp'&4¤F;(O?hB.1Z ɏIF=+aS/JAEfrY@?jʺ_[vZ<.icQV)y@oc%#5z#Vvx'vleAڽ&)X_,=q7ˣIy8<O5CNݎnJUq|LҒ2 vtc$:dH 긞?s^c0{GvQý&ʞ_}i>~M$*s_~'6!̗PoǴ<)AiZgATF_GX!v^ "jO?k9bNo<j$JB 9k{v}4jiU˞fss K%-wYwx]̱EQڍŚ#*[!C-ȷ#99zGpNuOjY8f"sBykZnQ%r6'PA ADkj9vV0tM!EL`xUqU#-_Ej8L, Ϯ0@,Է17rk7Z/1XQ؋ܕܪWr_uVy ,p 2n!&\K^BD+GփT nfVwY[jBXgp'<6#cץɞIdAdB_-Lk:jAZXZt* ͻ+l;S̒8#iC7b6,jkÔ汒LXWǸ%&<$)L7cK, *_Oq$N3TicSIj@YîVCrldҖg[בOҲXrlĘoqK߹m$a[bǖ~lgH;dU` J_`u` P`!0'ϥ ouP@λ\"+[S5v$IO1%n:DzmЄ86:\*sn)cC%[Bog+3nB2xm^aYӤyjvq3O󂝝ٓQwd %Sa`11򖯤2gAxp3\O7Rc<^_"EEߌݯն eBaX]}X$T>Ƒ;D\hʭ'ÿS"c8778D0>!BEu?SFo9HY争LA6cE]MQ6w(HPBf6H0C٨P;aˀMS `I1@YiFBBgp˰Qe)jxuEVS- MIê4ޫ'-@9? w{1 F#b XIh" +BFn"1᜚|;*jS`Xrb_RY)CX|nI޷pQvǨ dH C@1MX, ^ԣs^6T}FˣNd9+C1K@^$ﷇb(SҠ}>Uԉ_~qJ\*$ H+=i:濔<>0 ?# q-wS,i'hz'|FM%|Aq7f? _谝:GFz͜OBPdaTflY&E-YA6lk方&bvFӓ{ãDJC-4?([>M<zоlGzKV'f᳚zRSlȂ35aY[r^$5CE$*Fsa+?_'S{+ 4Cժu`)(zPXxO: 3Ӽza2Iy6Brʮ̆2y1PN(0r\;ʵ@ /!ڌآ3ڈ|狱5F]RLZ.vEV p}{,xK^`Yr3>xws72erK ͞&[&/\9}]4R)z[P/YuO(DKDMyp|tJR#λ# ԉưYΦ@FaKx_5a?:I(Pv]ީ̡F:6>nFB0o| qLhԜ߿ sb6-H <=&tZzzM& Q duX{|%˿ڧ?@NRFcig*IGFsh#h*H?Rf [PΆ<J4NuݠC0-clbn3ŸQֺ;5#W@c3^.Yd *gIB9y)fsA}M1ϫ/`ꀞqz{e^3]V-Ɖzaxt~l3 քP΋\i<\+j)#NK*e;XoeU鋦heϮ2k-̈M8B9SL_!Yՙnٳ~C&Gௌxu51ĥj;T!.^}>.\]!%Ͷsi;73 *uxe E@1V. 7v y8*~;Y(NȥOL!-4q]y'rz؁q3Ӓ4(sK5ka?-Ac|16֛YzKSd {OViJdYIlbP, Sݚ*A6EQ Gqwi?Qq]!$.!3]^Ơ8?,{,+c:ȯ mDG)HjMo 0A-7:N>'?ntI.^Y:ꇟsVgU?VZDqrUiQ!WhqlԚYy;rXt_Z*Q\f&gAሊJqlJ8ŒHbv9?ttpW1\E95b7< ΜFa<> fCOvA6 y5cu$CwWnђ_oB hfzX#S=U2y|dTuX)!<B9VYCuZZ)(m+f ua[̘7 q'dT>Y˖^غ䎋(E[mGxԵZt4㙓{456ݱZV^Cf2}P1cN%)*; q=w 4UMho46*UQ+a0_1-m{:dnR@"vGeL}Oi#]|GdŸ9Ogv'9  uܳO|( 8{xArnFBoGO]t i;Pp 130ucfֵ9Qe*zwb>)TUXT.C Y2q-NBvOI|"xO1tŽJjzh90Ntϭ>z$hyhM Gxj=ZdƊyK,bocn33_v?Bc5K)nHw n^+y|&R4 lLم6mW;/dJ9Wc68T]~4 @U/2xv~OE{YUy"pD'OFYm:Pb͂' >M dA#˭7\5B:9ۥGh3=fʐ3ӵpLJ@*ylġZ}Pe7.#/iV' Z`[}7.8R^mC0 _"4m͘F AY@zz-ɵ>nEpPsC܏SI#$3֐FIwQI5^LnA_:sJEj4y;kwEe{S( #V(E*:EXszԙLP)[y/ي}F.,b#aujapx|:;Y4 ss}BfόߚvX^dYsuhʢd4?%#(ʳ(hKZȟl(Qd.>5*kɽ$NHmz5Bp#M.WR }W+7:1b4޲UQczls=q|M 6֮! ئV};X|cgFu{,)y VM˳:ٌ2h'6Tm-@ou7n1Q9*[3*ebCT0B6 ܀Xx{$XEC# J $[o°\A %H3_\* ZhVGwoz7¯G{qE?.HL:{`nj Bi|3G#9+,<`w;I1iUT6h*̗?}v2f YY.bdHKګhK$OYӍMc24 b]zпt/s%LLGs +U2'3v`\(q:~z6sSAq=f&z,/x^V>87N>XZ(avs:=~cNv fkXffL32xvr9;Mwn~q<,'*]nBNP sZ:li&hNWIo(|-¬/i8ZcʑF̆JrHN塞ȮIģҪ_y0TM6l/=$ˠޮ՝I"ޭ;9dnri>]E911H/vgV2W=9<4+E.Ԯ@bNχ/47h=`e0?9LUEceiMQ۶u2`{ҧ;Fㆣ6 r WkOh~7;+o[#RJ76b e %Ta x^I]FFJT>uclNcr NW(_:Ʋ vAmHϑf`>ٿyHv +MO$DRx`J;ek R~<3\F'zQ%Q5  sʬ((ٰuLxzմFJ g*L R`.#uѻ g0|[%3xrJ҅(i*)ēmj 9Y ޘ+=rg.D8ƺzԊM~π gsT@CDĒ'{]ɦAWH^YsԄbbcf:1/Pe 0#@?%sC\M^!;J+x/M{H7 A$%a+ϭ˄GmR4 Ml^uԓwOE섎 ;ERyxT` }NgQgFO?|ˋ(DJ4 q}BqYٲi tKފ4+F`/eU]3Ke[ pؔ4\f. z;,;gLgd~xeTý֗- oTeW{Po[/j ^-8b˯&S Q|t; 6 X(/sѷ8N~`y4,F 0ƇۢA$EoU[ pFO} m3υwJ@Iq? 1zIuK@H?1s;M 2=Żq+/UEјl^qt_6@#@?.IBýL͎-Y+t$eo'/hhX" >YF[0YhsyPxЇn槗ŲFn3$G\dye>E8+lj ?\0 SdoI o>yj,>P .Tٷ=L6CR4VAjBd[rSF=a݊ᄑQ"Mit`/o":)6/€n(FثCEw}d]/NEi3q@ܶ:}}?1c޾.qL? VL*KrRzi6hI|M,0V,]J^?@ ĂN~X >|^qU]>@x)ï}f˜Bn{/`NB7l*2a` \@jCv y;!OvYF-H#t C=|,96]$2K7ql>JBF OҜnm .+s!`A[A/WG=(#~xUFuVqc 0Xwbݞa?!zIb1Bj3~ʨ5Qy:^rW.'0%Pߩn^kABiIXGȰ(xX;k !/ŬX\=@R jj #cשs2*+ek#Bqk\Ao+[Ƽg?$.sOYb}q_uT@7;f+U?(KC@ 6b0To#}"KP h?TxZ7ܸ9f :zh-Hb(g#h2K@u^UӚre"^=jPWfݢG-Zb4k x9 ϳΕ)D]U>rRzec5avwO[֫%VZOgQNZ}XtE2>၏X0ͤHdm21 rqWԛ@͏jtG+s+_X7ӄS 6a3*A,MLnQ݄.tzFTY-/4ҩX m1A"t@λYfh60`8퉎5F&!5?L~;a;aeY~3$I_J0RZVO2#vl'֢\:.m% b$"ҏG$r)t|?*]ڐn2w@>Zq`'CL|Uei2raҸtmY,c$턐@Za 2m|FftekN4%1iĞՊ71F gi53+{d]1!ϖ0H.ja8};ڥ@ҭD=|dxx,@%G_pe):-#mE0罍FZ` P07VQ p܎K/W QRJ)8| iq*V#4&~P8*mSU+ ^Q iQ1ґZAsA'(<IȈ0(KzDTCo{\Xc?*UfcSfq҉?QsE\,aW NdzO e㐴 ⨔M!y ;dr6& MNc|O߽ PnW<,!H.~AӣC>~xA_Uz;˱S$/:fA6r[,{qpx*gk:uN0꤫P?zN?hHB5MV|d{7&iR$\݆nioWFsQ#$\ 5p.>=Y79S[;Eu_K#*C8t!xڡ+# 創+Q$q?lӎNyODU.(q .)@` Įî|O*Y%Hrb!(lR>:Onh:/&_|(7&~e5WDegѦ9 55#$ E6z#uCam/^ҚXhaI>XA iƒPwsuԝ$ xUNTc7m;NgϜBnԪݍ[6(oy!= 7!@cl qhAJ~s/" G\{(!{ݯŮYEsOh21q4RLKL0N*!C}QH7sgjP;fq(C̑뛆/B:Ndx}2)yxjM XC;^vw: ewM%Z8 ^XKkՅfko ^6X(R*a7PgalSrQ$d5\H*GIOI KZ9 1Zlj۶ebO- ?Z6/3L MaYBQ)]LX7#TIE>'VY] let,c/[!p8 u ?{.m9xK&{:n?jf+8̵Y84wGBwp_ZKeJ|Ӈ\=Y;0}V8>h{>(ɨS;N,uo~Z! 7~aId# @Uy+?Q!G5TȅC w'G - Ojstg/'?i y%`"y}1BTQN4DՍD^GS<)0L,3u;]t*0jfkw7f}8rh5AG%gƣǯie q( I)/^ހ!D[rt'bT~/c)$7Gp%ﭧW1,'r@хp5baފ!frH-He'9 ԛ~\ʴbΑꊏ95'0cWaQȑ&X=9.IפmI~ЊADxF/bΦ6TUe~ɋ&Sc0v|Cc[Rdc5/qd`q(knpdk9};a~6۽O6`*81[X]i=Dy9}|*CtT 0r+4q7{ݢ15E%A38^TMQCx8 d֝%|FmI=MҽCQ4 .ig^߷vJ9ŖF`!XBq Z#5%OLd6 jѧ# Pք;Vy}]Sqj#Ohne5nYI d vcjpUb(p wSg7@h띆C}@j$&voD{&t\=jҰiE~:/ݨs"{ZY.OUOҨ,׌c62csA Y3yXniUo9ju(sI|OfǎOP]y9\hBbT*'}g\ҋ&\eS$ee6>^o+e.m'MXIM&م6"/XW[ o勓1)]]=dYiLXИizrԣ6"cN`egti@G@j|^p(QPY pD#$#{3TrhҜ ?a5? V?haHՙ`G䆇 < x CŻQ yrz[w J$ibbEmuȴ uT( V*Ǹ_J`w|bF>"a"2pVha]znɲ[ 艊{ۤ& }9{G434<#{kRav7gjB`b{: Gߦ[iTzNUUB{ϥ NPL ¸Z}_2>莪BV-g7 'loS_]폾B&= ֑Aͳ1ʓN`m]éDFe}gF|= 8SueYv0 }h 4k[Ɲ&O^ӤӡwS۳ur"!ncق}9v[[{4D/m7~#U/5/3zMԠ= CN}^ V`E(wPUߌAmG;ڸ58AE]Jb]tu#5W0e*P㽆yCYfw#VA]]KEhd9xWа@$5) ze W7n!vTXƃnpN+BS0EU&*334R)VnǥʁWMS/NKHBzUeC&xGqr Jrh+# 5-+'c}sZ.3- T>>Iyܴqa*Y<;s OiWSg, [/9֥f.g}]O ނsr xY2EjAR}0>< ;rОPٚPd XIZ HM ۝.ܥF\ X= ;vµUn(j~7ht:puu"MS3A(eT}TƛHѩ/91$fטw.ϫ?dL49/Pk_*y1uTkpF7xzD*|D*8'*?4f7kw:[`E;c<c$\,U ̐K4зͽ򞻣سwQVj5&&H9dj~&Ꭱ&"s^t7*h$ɂ أq[[{~ΉkAb0] .~4s{.-aknF]Aȡ.E"|Q^KH57 jfۇ j'HK =6hHKޥI~;]g_hi.TG>.OD&9YMTB%އ= uuv ÁRKiwy[BT=c'W9b Cڱ7z2/|`Nzq2(@WD׋NJζ!Al]Lh9Pj\cijѬ&]h@٬?c.T2{Q˼ D3auY]TZmt&`EfxasֶC -|P,t)N嗻IL%&GBZҺ(6+SK콣gh{o?o_$]Xρ=n iBƴU WUD܎riCc.t.>^Zf$Љ*5HvaόlʊIIons rVqI@ өCN>:B1<\ׯnu4P9 .%(Kr7SG:#٘˶-rLv7K`ۢVMvgq*L!íD>Ǖ_MO;g@>+ȗ"TeN}XOop,|^L,LƠ8Ku ת>ŘJ(SABpvp6.FCzI^3nW3H}{MleN1Dh=?A%KGZ1 Bn[4}~@6'|.z!m!e7װL}ys]O~ގٸxQ]e8?|^e* D ʹÆ < S2;{E~8ēע&z"%*u޲V֤#<|)mwm4DTx]b68楛^ULRAڔhuj˶"GUc]dUΎ?0vbbApjD˜.1:&9ky c϶?vqn]Ez>9~$Wݱ1==](κF?T`  5"gjztnʧ'#{sub$D]hȏSj>aI,*\9E(|T;}¹b /2X<աa؁Zpƴ!7ɩ{/%,(!# JUZd:* M~еd+Mӈ%'=f7J4tG~U[Ӷ? ;Yy?5lk3j2f gcR:M( ڸ1`^v!>Z]+tt=O%H F6v53߸sITpd˼mtOqMRHV6D :I./4R~4`À-K/fC9KjW.(I(6خɋOҊߣ2hz23, GXx`BUOCTLkK vsj=Gd=li9@̴(/|3p.uG$1M0 <א_ /Ē7GCX%t V~ w J$vB&#lkɍf6@o,bgw3t^8stzA2EXHєY @oo([قW5?G bOsd)%j9Nl`)#@\+@*B= :,%w _`5QP,ٍ]g\mgowt ~Xs &mS^Jǝ!,VvZ9<, 1,PXFkOR%cAo} 'ZCi7;cӴҝR(ơh%ΠCM8w,٦ b0h?tXmO(hP1@J(0H{Es)h/pS ,ȉxȔL.L6fQH(1Aq3/cs)cA3Ac`?Eۍ:h*,j>@! Ý& "z#(QYÈDU&rq0ix0f+tfi,=UO I tbyp .Cf#6{ٛ8V`.+7Zv Y}@j#h`9 ::\ |a$XS' QDռUkެP`.Y .*wf o ۯt?`5@W$L~Ρׅ- Jؠ ?B v?'.wf_%~QIRsJLhOխdW $%-Ӕ8ES@J|I?%|ѷQJ$XCWuE&"n(!3hrjljig8^V\5PvŒ(&t93_yQ=O ˎqw#`ɂ܅ | >?V.l?aFW&K  7;r7tS=EF.ќk )5uobD %ǯNTԡ L#!bg[5JTmp.>!֋0i췿hIgbrP,Ud B֌\&N8-(|qMm$6716`pGi) \sTz%ǡƺ:s.S9n˴\ǮPodL6vH̳iB,C}nک$? *-p^o2@_PĺJh.eROH)Π6R(R 0or|ާuVМ]׋x:^ t=`u~ֈ;$\eF~l FCL?`} ܃̦ՃlH)x;Fh,~Fȧ+.@Ӆ '*= rsJ걪(*r/_-ط̾)"VE@YX9-[r-R+zĨ`8`N;cj%t)|Bءd0 I\m7=KB\;gh9;^K lMRt%e!94 ☞GÓ_'\* \8l}}EU_0Vѫ$.l `($7dlk!';Wq3`49@xokj3,tqMq@FN(v-D?7 nN*)18Nk hS1] n tWQ/Ek<{ܵ Յ?-x[gھlRF겯FrF7, I3|le1:D'/c~:"ʕDma?켜V<{V@cqh[η0Wh!GFwS8C7jsgG$7kuW>E0J_Dn\PBJKxC Q7c4M޸GI*˄Dt8'nj&SU04-eY9LU%5Wd~r3{ ݺݨ,y]-hgGC,GSJGK;1cBL+mH$˔W/(꿷A(· FZ&~h,!P1VPF7fk ]vb?廳}GФe!UHa@/TTH5LzSjXoeak驿w'4b|ިҔ !A;PinLEDj[[phL:;|R c-ڎ2%/JY g-e,Tވ5Km8=0(y417_FRJus]ya9~E%T;B[JGB}T/\b~P)|eI'#Ys۩(5 pBQONonT4};D'2VJ>2:& Zu#'F"ɯ F=gK7Qkw:J.8H~\EAWHx4ߙ~ t4Gc!lKRH7BE"rwFuG7{ A&?  _Z z0.K,ٍc%%1sukiH@f6$6s/ަ^d@XHe?s "HEobLZ6oA)2/A{5,6;oa1[c3ɔAkTThv~c=wrΌjoLJGN`AD,S6֖2^p3۽zMbre1&.hgj jo+2.&Mn[aJV9RklH$=W"oA`W_]HY}C*|K8gĚ&MDwM/K)fz:dep3Պ3 5)]" `~iiAU*RZЧC\M-oөsM>cG >%siخ \m(M5e ױ^* ,6 "xa!,Z)}K.4`K5Fur˃*5c&GXyQ\/J-!jZ% ARŐJ={?s٤^#]nw}[%Z@-!e V5(*?Detc̜7) ;N 4Luy%rץ#EnDŠRh4G^ifczhּBmZҵf|XޓvM$"͢AȻPg hSz@S^}pH 2`rр % MTʺWz.8"EH"p, \""/49;UZa%I.{iբl@i0Z9]cOww&Inlqn)w벌fa,ZEI]+7 ծC^ҶJuk o{Lm:~Xhu.rNf/A/Æafѧߪ a]Ca ؀E5٣lVM\ON=DKЫGX FHg^G6kC)t۷Ll4l-}>0iet.m{-vȫ.IjGl%dߝP 6zFR_ZiƉrxTޜ{l51m!c"J0rxq슱s'X6!iĹ;wKz>$jO&H$o1e7yʌ*l Mawz{{랉hAT# Կ B~/A(/6v"r$]*'dPԹ/Duv*/.Q7Q\JTehy$TeWHƦg^I|;UQ]H|B9C vGmzT*# xz&z|rڐ젲*r ͔z.Il誋_ xĬ{sCzdK1AڝNNʘ{[:dm@(lSF 9˕%THq/8$eXuls}`t: Iv즰AYЖo$N) $A2QL Ǣ^=5 ݷ5lr|.1d] iOGeS#!NBM)bOr8SޚNlCx-1S$WVlH*9Eƶ;"Z?[u;5\b `~nitNcSEpՏ M V6 i‚4,{_o!8YʅF ࡁ! v3F}l9>e\}$6V3>1=(4Mwju`NNZ&?tݦ'ja/N< a>Bn!܎,d~q%hNri.NJցzn&0uF O[ oI61d,)IY~kHp&'WDEha_2uG{$/L6osݭzvoƘ^ hzQք *r]U Z h--w?1x|S;,5yS[f#/0 2Xl2nzx ")/% cO2X/J.~>jFI:Kx Mz4}$eÓ+TR# bm#֑ O<ב5ܬ9sZ[';(nF5$'np>\ mX/9Dr{`|q$s@A 5 C7ÏYdb`} #Cp[zֈ-7`]ȲB+(N!z 86.E!r)8"$B3B`!NQUS ue%ͪ\~/Es1g&H0f =C0ft vַ?/~rK(nP<!ly dZ(LAQ&:ieDZAee ~upzO! ud?ws =aDTRNAOOmXr'apύ]k3ܱ4zadɍ38Nϱ!dj GKnro0"Y>sWiҞP dev4-*E=WNM:[O56rT⻢Xa{W.&תqu<3cdjTrds{ަXe<ʳH,q*`m0LJew>A]oi6)*a"tS8䦊jXaΓrƊ_nɓG:x*ܥs##UBELAQBFMH|1òNDwV^&0b%ZMV MTV(̈޼\!)V^1 lӆ&{??X>Xћ8VsVi x!q/oA]<(zRLԓ'cyLOdă;o4x} jeJE9 bJR6U־5əw,0QXĮw}= qYD1xX{뭯XѲ^EES,~ [?GnI8 0!A!o}][Zx|| t]GF d2&y6w^  ]M2J\->l-zgGNx=g8ksO{VuaR tN`.8LvVÞ .͌\`vrN EjNhBU4ZU҉h d7(.$%/” @1oFcʮR Q[VֆS19ie`q+ yKKGLf0Gd~Axe 8 Bńro)nFψǁqa]>jc(N$qK1}GQڪCxY*AR:m|z9X$-vv1X8tjr<e(joUVD͗ǧZl5c\>TE0̞C7KpM Ι+ }ж9,wniL >R({.[)|wtb9GJ}5W\*2>V)c4r7GϚOϬޅv6 ?y;{_`|EB8/+*[Iy h{U^u_žj'S"Rcݠ@Mg$5hؘi{H1mDa,~Dlm# G]CƎ,d@8"Laya˞s>bsi]JLVu|VqyԨEwdp}WB)z ƹfX E ט> :n۬JfiR^f(wfW}poe]#FOG5s}CzzT h)1\"1xrz=["AdPRFrt՛ ZSq2YDh[%+Jm3 Fhr .{YBol˻=0~_fk;mKlJQXAby^`_#xZ!&ҬRSp%= DC+.$t7 SҐĴZH 2G OQ0_a ~0 6Sz8-IB^ZL`j,x]3*2k9,}> :gyzNP}r.DD5*^?.f㉽l!Wʚ,<"9ZX+thU6X̀C{$]E1Jcgvi Ws Zbr -+Xbr邘ѤHOdU V:u7e v* b ~ץ>$SuG;- Gm\jyb5[^T# cfɗ'G&ݓ4$Q{) Wb` Nw p8@29/f)<"1Oo%Y>W%E Ekfפfc C4)wgگ0 Ɇ$Qa.S@b2Q!䯔=.39/dz]"VKq h&G֥90w8V4ey3ߔl-o3FXCU9)/|,[p[S4݈:s4`ۍՄ&'^XEebea·q-C7 i=G7lLW2gI֏RhwHGwa )Q|Pv9}֚Ɛp1(N^qKw˄>x1@Be5t:zq{h-{l55GCߕ|K1Y7W;Dhx.#N>^ٓ;zYIq)1lJ\t+ra;DJ.$Pa!a8@_!Hc0#VDU9UC/H!ܣEйL`NOp)9i(%W&Fr2XrOMHlÆorNvjZͪm`R #IN(L8@tu.Co΋̦94 8̔ P<ḝ|x6DqZ^k)0v^05VxAdxDtBAiݗuCCP]8Q9 edä['|Ps\77<0j%TIbȗ:;7wy;:$du&xUcT[_O@Ŝb_7_d={0Nȭ.kxʐLA/ @X}U dunJHALP;u_Z_(o:ȅ.nX`YQɖn.hɏxKѝSxMQghM#LK&ێ'=|$[:'}-%0gAoi~~ *,WPհ,7E|C uN *FqF҉˿%cϼm44'bJH/ 켗H_3ͩZ]`\ák@Rܘft@6lN^m(x*x2DE+=\y(!N2 x뾅Exj.6\xsYrDSD9ɟ%ʻ*vNW9_&T:J(6\k0Gs{oXE&j-w6u1 {U:ze:ݿ׮ 8>5gkò`0da]Gn 8,Cr Fhڛ`y[MI ‰]:KUn:΍[JNlL )?;<> @_[1;os`6C@}H+T7W-lhh;NS]#5'":.A2 !X8JMUQO*:3Uvg̜uK5)xV&M FX\\HP@7̺G/Zv)R]J}\f4H,7%, 8HU"@&ahQ* OO&Ϋ:,F[{oόd+Qx-\V)0=/q,m%Yɡ+fzSxG \7Dhs /Q\8hfzGZJz6)rL+B wo>>̍~/NpeJPEw\1QC>P%8=pi|O+<'PB#BHЎdk+M 5saxͲ#mx٥*qsdBWq~jg .WW` 7:߅y 2x1 0Wj8!J6 E|i|'&ddati;5![]4QK.CZӋ#$f䢶yx >mT9, IƓOI$6YeHQU#UhƀWp׃rH3{D])1$ a_-3;UQ<#hk6*5Z0v@`00 }T?W9ɮcB4Q^*X|m-TDbx8[&n;&BIz$4gba*~H9_&kf R y_VΥq x~Nz+ҀEzf=9Ǽ a哨"--4+GpK'*M5%_^ᮉ{ru3geW͚̟J@ܧT̂Uj&)&0uc*y-;""hy"!V0+V 䣤݊b0YDsp+ ;+c.=4![֎qd@֕۲#pA]{gbǂ#i 1@ jE鬍V/G B%(gT\npzXyȗ`$GE^ ;x:V rGbIm^AK.5) By%_ :V7=i1cTRkJxM>^*NF{SUtCGZzz!UଆiO6)//A0:rP zqr6-jE2MKhFhjM @Jvh֙ X}OĎޑJ~d]C}D`rZBE/f ZCT~Qc?V3w7P&ԧ|{O?Ld-WdZ.YeP ;D{%ؕ68B&D"ikRLѧ fɌZL=8 LzD3zb&*A]*C#c+X$ wf5"b> lN/ΡLJdK DB!EY0ɳ#,5bk |#CD N6π+"YT&t4x6]8zimFeu]1Ve;XwxPBXAJȤmvOMY#VVTI~)K-66{ ipe1W+j!aiKbd@bPIÝį6yǰ٤*)oV܈.\g#ϔݹfӒXcNDY\zs "xg7fմG23-^mڇj\+}ϫ,$dP,ar2B=)}b5qoasJP!abYf 2'/JL"GK9gլ myl|Qߢ?t".$0:ff*x5\@dIELї*cn+ǴdL#b^ïIJ"0˜7x赁ͩ&ˌ$s{*TZq+U>sN>L͐O@y}f(uikZMvߢaGwO?ȆP*1q'_ c(;9z4+KYz3|pEɜoEɿ[w~'$hy՛?za$FY> Tw bRSzh[|Fb߄= \P>ʃ ySuIys,CSy%7̴ NC|XҏHA-ˇ* me= A%&xz-Z\Byh[|wYbՂZFJS ,Q:̊Ǒp] TŊ_ f~Z,eaTM6_c%Z,u)> F 03Ĝn(y/[鵨`5܂g2E%8cKE.@SD JrҼhiCqV*"I_qiIJKf̂2#8{`xgءC|R9˫;+ +MFHtήexqFACTZUErrp2k@YmM:6i6:jmZrV*%~VMS4c)B0ې ˵vA+FZC\KyOa5bq {O> 6c~ tQtblk}G Z#.Gr9 T佉5T)DyCQǠtV ɒp}hD%PꚰC'11%"agFZ/l.wBm1\|eDٚ#ja7$c#20us:˖CDŽX 鍟x̛V/Z47w pyFckh-ޮ/|Y?CFҿ}"'elj2 k;m']?VB,WqE\{p|C~H˘a9]ɶuS1#~_Pn#ҪK)f]ZDz |?3J(/#'1`r *xrOF7'3;25ZXoxIs ,2hs ĝZ!Lp%̝qqb)0;H7^+$8+ aZtKy_Htۘ7JX 1uEĸCfT`E>?ᢜ{6 WVtO{&kV{o&(X4@K`QɌ7k[lqe;އ}rоp!./ BTLϑ -_J6wJAGVUvIgX/AF+ir]C/P`n^ny7av4Z qkƉZ+vTb}Br%+_sѨNzb-N{vhL `u 3v^e\iQiuכk#<G.B4ҁ<#)B2h(m_4D= 'YWjݴ^XfT"$)Ԍ饉t ^^}^@"PPމ48bK"9-xI;L +JntЭuhGC Ǣr͍>25s~zMTE׾7(^좋|},T _z߂jg(d3js&׳:gI#0^-Хa6 $SV-|!4Svo8cLݫ}?QVX^ޭi%p14)%O3ڠ^cBs^ /r#HgPOSցDs"ĩ3&Tf{V {hw'zMiY\4W4bk ~ǔBm̠ ph}>,r$;_WviuS̓||z6w*=?(QOg.Xc )}8VߊE-~g4LRJŬHZVRžR]FX +KiqDZ_/Cw e?j-0OԮOhywk|A).fD $y<+WR&F5mveGӵ7󨉴렍\@UIӵITD[9=Ǥja>23)r7l0gL_vAb4LX)PH+/'k ϛ֭v7OuGeQRa(6)[( 0U|ZL >LߢnUzzkTesP%Gߕ]cD^ d%e?WŏFDsFQy XY7_/^Cyޝ}!G"'w It5EZU(/ߨ`/Ka ZUD1ưZ蹆u\/OXֶH;vr.ŸS_†BF/%ԋ2,sTOLdOW =68_T8Ig"黲PЩ# ?WY/[8u/)^</ 3ɭzwn/~DN/9+n0ͮFJ 63*i\J08G1MOzR~K$!cJ/<gdqj<3qx2~$7% <Sxx*d\DFX¥1C7޽a%' .9A++8ڟKGWSX6)u 1\EbFlÅQpt.Z$o1Zޮ+=.} H~*-{w_MKS~]_(rE4‡8Cf10:dm+v 'y8R(!3G8CtOg'Idew+ WQJãZb~oz<1^̱e^ +Ptҝ:u ʅ$e4 0#}Y׶ffĀ-PM=ZPT-ONUgՕ_7GW%Űǃ:(^M;?Gf}?6F} %"xR}'܃J|p"i"oqR)Ko|gѤӵ>眽4 T f@q.ꄦsW3)m-vC!ffT OÔr*k8vf@3IpI, Mvv]T & X: P/|\dT~rQʘu+ KG 6} JJ '8E!$G97l@ Ru}=(yG^\l#coUQw=1`=\%Q?USCqmyT7r7FR9[`wh?l 6Q?-D%*I\\y;+DYTaftrh4٪fU&ƶfyW }ccqjfSvQdFoYZ۞F߂E:=dIrW[|Z kwer!-f[VQ(!bhyc 0eiQlIh5>>wTi}o*iU`yy:rT)N;Y5-K78;I-8p&AaL{C YawQqR/HT{Y9XY)L((n}}zg_uyB,.ؽё=t౸?O;h̄"C i|4Awz Ŕ2]kr ( Wc@į7tN\g"Y8OdRo^mb#2%āO!;zl`'ƐWosr]>^|sq/sנa*za̷yzmܓ^ϕB -_W3a('-@I::JϺadI xB>j˃j)cAEDΏBicl<NcL#l~Jg g}Rc7e"O{L02:wL!LS6uZo2=̴,T`ap$}@6qDw6tUs-r`CJQ-ڛV߿l0B)fx;Hց-nhL9MŮe$H!hM *QW Z6EkһdXEp;7آM;GL ~KT[ښsϡMSbOz}wj[~A`@{֊fCN4jŁ䥹yцAn̎Tk3Re4$QXf(qpcEUQ"=-] *`ӥA ˢ79w:'5Q6).W`ꭒw ʄ#6~aLNx[>IfcPTEP O,<W!lƒ)Vox>,CJ2[DB=x]>–q~d cK^Lct/HFPW R?h5M's|Ŏ(#VxX~zݧ6T0UԃH RK>mjlq!˼UONojbF>9ضLWHY=LUhi`oqKj naܸ-JorWc`~[U?R|)v@3X%7bGtQ8}} @rAzb%`%Jc5 cl4E[p-ӻl4Aj9c L݆V~SL;[솀\k[GX \ej$*gm#j3􉦅|oSyWVY.{$N~j|'ǴRr_€q)5I*;V5oVW*ߧܚu]H {򑾉q[cpR$9nKap2Xց^È!Y?G!-H9UE,L$,$$*H]0oy|^n;a[o0 e;3(”9.E9oipfLg4WN Q-\w+kz@:~ΏhԺߜ/x^qv)n& R7Lb5 [$[(~V˼}_ř#=ݪQ]'SKٮ,uDd۰w|Pe6z(2@&_R"!Y;_{_ p`i/R@:Ig8|{cBYb&W''$SeQts87"M uvCzT;ahZ|T`pLK p@ee Y7o.PZ!' lk>`= \tf9,Uðm~gGM%Y8sV"~}X7tY,Her(ZsgMJU98lRWV}l9z~PMc> [R _=rTcn釤ȋץ/9UAOT&J\<7T=mF{#/ :Q:n܇ ]5-ĴVHYefU~}}YJVK,9XVP4USȒKUeIdȆ}9"u% `iz%w`/ӈxgIq=6LTZԓ E*uwPU9PT_Q5C.>EGȼ \+@d&隷-T'ȅ[F2r>hݹEJEgZ&8FXр sN>6D&Z@YDtnX|v26W dU3`q,Ri潧O49LwPFX+:FgI0-W+Y=V d{Gpɜ2_Z*&g_w׿~^}S]H/-: m}U JNJ?CfybTyǫ bSt=gKEExEiQs`ɟe_ի_<-i`́g.[4"9F8M<g(HCaDR;lLFF6llǹ@ol%X) Gn% 1Q``oU#u *:ua'Rd #$3ف 5*c@G 8E%kkn[r#DZr3{e![<цϏlUжTELjRlunKcGo[坢 Q*pTԅ5",@yVk(J%c5>0sͬ@+~pަU_e|ͿefF2p| ^Zb S*zsPD)I&զ nQӀCb`'r*[H!gb}_]t&ġvjHێZ 0xH|bߘ>k_#)iYw5:=b2׍XG`&|NIӾGlūS!AXfR| E|pFsw&=tV"ϐ LI&O?qT vUx`%+F+`}I'ԍ=q744nR}5Eʠ:@:yoy/ʤTV.[ }k4Hh6vߺl VUDʪ0/S 1IބZz3vfdhKrP 0&CDrV]69 (VsV' F9Rߪ\*@KF{=p/9+3d>Kt kP:( ؏Ƨ9iNY8px0X*fip0UY]9+<-꧖z ~]uQ=?Hƀ ӑ!/&wE;!G p/l UJ,S<ҢVn|^rgVlCn8l0LNoYȇ4SыLh{_>; ñy})Vd- VB\܄md*xQޢExBmN äUk<ᶝl^9$@;H1{o5CpJGDR&rXSNmRtw쐛u0FP{ʫC z|a]-5FuIij=Qm,#?FV;t8Plp+%}ӉW)ʑ5m(-qfåoQlDm >,*s,B}oȆͫSe| [1j.#G3Ş G˵c8m!'ֆ?*?6Mc_;ڥFΎ7[%9‘pf.,4X{2 cL^Ğ_yXBu)aZ nH _`cw%|c#M$ҽQ-9)=.ScRwu. o|OJ? 5^{<;U̓T yv?)K%/*fO6藔`k b6?^=O#cwz%9db%V\IN.kгhY@D+ȬP7's_g`B:Ys7YW@!gzNͬ;l5ӜQuo3#*2ʂZ!\Q&\vjsgY~`W '5NIlԅjK6D@d8ΈmlFfdȠekZ"Ea[g=1[}xFr%Ȥ{ZASj~"e-߾v#:}BBQHUq(\!XG[:RW(CK#SS[o ;J5MtMyWp/MNQ[_ssٷFC1XK1a`ف)؜4V:X6Ahsx л{,͗#z+}۬>2 W$mU;f"|&%5vRlr%z^ЃTLSAkp'ڀ(]=̨1cSŵ!{c0dt-K&r^թY Ky%^4 dElO@}MkJEi%'ˮlqZR˖N2CX&Yx<±wAR4SD=I`m•&BqYPcܜ1ZH9]ɠEr}s$ᨺcbj hΜ+X qB 7ԲV4;q߃h^c[ӖjS' Вűʻ[7!j GeVKypp;d=ߚ?~iæFrqOMƒ6ޘVԫ}&J lc8<}9@,cSoSiŏ hyYO9\Cg8=%%<}/hmw UKdE.Vߖ^A@(K=_K{VRՓDjZXI[f$1t\n0% ӽ7WJզ.?ƴDZ-V7A8N7[6ߦq{_/meq_#5bH4EFU;RI^47qCGѱ ߶ rQ* D658Ұ{-G|Uz8f ^單tSG_zPKoy|;W2^%_K*(2Fj [c`E{B'I-al+1  0Ɵa #L/āøM^P4]qz٭+ u ]!lWh8ٺty_,ӕ]٣O{w#Xi6|r?FSd\ZOՎT {rb` bn(=Tzս#H/W(H6 w?ӵơ٫$[K4)~Y1@ubyZD}〩!(O8+Ŷ^d@Duu]'ӾVŶ%,5<{jȝ(b,I5g^/\Wh#sm)Nlvj'u G4O m7ILQ~nyAF**mv ,pE?8Zl';˟ʧ~[5=F}4 ]cDeTJ7Wްk Ao>3ה@Z|bgZwd|Z@8"kqvW(yB!+/$г :uh, $ -D.-/䪙zHHEJ]Hxz^_T5 ~kr1}Vpǭ{f+{|$Ͱ8_9E $+~}%Wda9'cQHs,;vV6 SdoXZjcl-(DW;DGzkηo|ㅄjT%k1'gI| oz$o=. *!dKeYv̑QGɓ&=ȅ$gSdk(܃ī ]ً3|})Xe`[M "FaeNUb]n,eCx n5ߴb ;8l2YhOkUfHinY4LǞ:)YJi}~ʧ>k~鞱3!gY!-,u+lf9lMs#:,s/ngV{₵WMΗbp p8l MZ02c56H rցEiW<\X_߱AK,ܝz1M4+x#7P=L:iD.pRb-bi9}pyq::r[+g{9 d`y~n;B0ݓg=;4@nxwhpw렀)Hԡ.5'6MY3o"p^ѓ6auI֠ʹ T|n4 ͑1:xSN u\uѻh'?'>kFG[^2#4& =n+CzjQuBǯUȱԿZ26}\DE6r_si0Na )^GBŽ6\ͲAd'A"ܰA^?1Cep;Rk lRզƱ^`ooB8©zf 'B/@6aA5$rlSUQGjJ˟&baj; Gʬ/9GtFBk־4ӽ!D]㐖]4Ċ|"|Y(65 ,3' C&ސY`e/!=x4ӯ?$?xx":3|NbR9}nr[mKB_Y{s)pq׊_XC$+cP-*.^;0Yt͟SCbC4AXįSz!!5+k?! 8:d'guW#1tr{zb}$ԯ*Ҍa=FAfi鋉y1S^Ws<>%%/JE 4lDzG"Ib7`t屡M@3|Dj߃a L/flɨi;* <ȱ3;Zxq{6.;͉{ۍb~8 +INBfA$nt<(SK7Ec5"2GJ }e}k;j5Y?Zc+ UQف+!~7 '貦h㟾?2VpU?fVn/@9Qqd3@fa3ksޔlR.f$0`u4uƍU B4gL%ZPr^]Gla$b*+t Ć ـBNWhxZ.2>S yQ7wO!~4nI+¹r$9Yhy5CD3ux|EC>㫱/X\ KZ˼VY|؆$-K tibEǏk{~D$  j Dl+ b|m)2 qj"㠴x$l40H?VW:t@nFK46&TԶ߱[\'kg0Ry'aL+`zizHĻ.'\>pg57~ W쒒Vvs"nQ-쎯\M7>~ͩ0s,E bQSV\:Z M7iS"6 B",T/`n.oyKd-3@E@ Ȩ'Tg\?PZ0ëI(2߰r_?RKqwL՞-4c{s Cs]hsiSFf owܱeDԭ%炨  8,>tFM]L\) ~)1'1-?+3@kNE&׊~} x,Rsv]J1K ̫SP S#qQ + Ș| v;ҍ5I# Tgb&jЊl߼#qW `W2nVZ腽e/9\MlJ|;i1muAt{tҪ#lS Fˡ̐MӀDV’R ,*9|E圮~jZ@N,X}!׵ ${96ڿu.5,\t'Y?sp)T6PA~r%%=rxuex5yHoq+twXbHt^V+^'=çO)N SfT`w[msD/Fe.,ԮZC]u, uXBTISʣaG$ $ÝTZczM+-2;+Dv8v{FdivߘvRMiKh˂qUp[َ뙻").54H}pDlLM85T%qI${}Frw ]=7)ǎcCH!?L-f雹qJ$:.߂jjK NwY x>s\?R헤8g5i$I<TR?0H,T:fi뀰= 5#pA_Abd*3)3ڮ\IJ%ԄKb%SuM{o۔=s\D LMɿq~56!jv-(=B1ΕҾx GMr3E3/*>h;Cz;;rs+/ ԃ e(;/[*F'} M$а{TϺH|\;&u'C%duin5\5NU3~\c3"2Us?MV 7|vRB[>7[zZ5.xhʩPG*/D/k,?hxn=ݾ' 0/=;>(txoThc*Cޕw,يR1w7bEpKȌ%E J9Einκ2&Xo#DW[CG5Md:K%5k,px3__=Js0F-hvSxhN@(ڴup'Ŗ\ʥj7t~aHPߔcdnZֆ&5$ $]l"$iW$zPvrQ֡uN'~-Bk)\pg'l7t(iʩ:?*I'.IkoP L px+_PۨY5<[N#PZ>9#"Ǿ!5Ũ@B6%N(#E?N<Y2<ӫ"gllaOJePىc֫|JF 䂝M9VXp/6\). #o' [t:˜_ThY`E6Q? b-!s\{e[8]I]!}U8ÖԭRi:5L7n7.H.ؠo_©l'fW.[/ R^ -jtLrt`sѳ#Oja,b=FkΞ(R;w <,K Izf#`(LIDb☾hADr PR<<Ǖˎ -1יTjQb[xg;3+{Dws شY֋U(00F85/ͩx ##P׻a"*ZAsf1ɰ؞oEMerRys0ARo *CwZ_o7,+N`MVaL>7v7)/'vA#6m(m"|8g.In\&Hg26FR]sz+SAUsf96GubGdBccbNꅨٌw >[ߡ/ܐnx-:-9u&x :HxLn/=Dq ,K}kIcN)"yT Plt А_gw)wfq砸 oב QB흔?l3+L8kaT"ay A*e}/qwFUt0ϺWg(-tOnƚ΁"MVl94W FubXq38S,=5_rpMY _ #ܮ"xuz̡BuZ f9mCY3^^{S{D%`@*fUޫ>0(L'6Ph ,.m>4Fܤ.HKs6}Ҁ/:eJAfl]f+/wť| 30$j-B,rJ~]I?X/ʳ>LeTP/eUi|_[VrH=ƾ; nIa&xPK4AD`L]]Iru(΁HI#̔C?Q2wNMލ Gr&eȨw녾ihʊW@zyx`>`/bDHE 3yRj=O+~q۸ ʾ%6#5|.&+]E<:t r"oDxSeԪ-$?U*<* ߅1bQSC:O?Cs5j\}Uc^R:ϩ"࿯7ϸu+e3~$KJj,Q0 ˋ}w< pB]}|{{Y²9lIIQ;75A`xHAm{֥[zi#Ul[8ijwXW%φVf_L;3kJ5'pȼr'E0k) m/GhL.qU'z&F kjYFK)h3]3<$QS-F$/LGTb ]\ }:s)qqZoF,!9/:}GXCoۅR ~qTF@j(O8lO!P"n8gF ${K}Z#[LYRm7ђ*ɷ]'z@p{c57q|Qgw*h=W-r㨑=5̟G7n?}&e[|Nkdz,z=*=r L*) y;g<@UMO-tCc-UA9%@a- {+vbصpoE݋ wrvaɷHXOq$a.AŇ~*CHMoeU2FDW ;)!Ѧ-4:2DkA#\aq=P,EZ$83 J]8L<_7 9fI#ۀY-@*2px/65|״\{dq,.y=#Zv^;&0`zMgdVb-!׏W6rV6g|dնQeXDqRZ- uGD[XT7.p$UfFx7Pŗ{zx(C+]Iw (6LZ-TV(}=&Rp}P66K^|B#DPo4 3ּ@( CO<*1ۛYEEf6 R[}agE񣜅6WJ<>sO?g>$` eeE^ :2(wsEȌPjа+&T{Ya ]z-m$D[bMEG e篳N3ҳyyˊzfO[(cʜpf Gw\r]r=v{ qiU-E W`&/ CqGe͂MoPis?SQd)S龦.5' =wWs§`*X~oK]=z?b{N@Gts6*-Ǥ-Bi-C BrJښ]"Opw{_kâR ;x%L.a'r 0:mމi8 &5=Y]FS {.1} 񖛢۝WCfKZ_yC]T:X ߓCd砯i~3z1CQx6-~o=CɗSdT&!]ʶ`(NT |zd tw!e#ɭ 0g eq"If=Œꆊ"``債w}= iƃ٬M$qăm$ k*J(m*v/^#"óoe3p_ ;U0ģj Al?I/DJ6ÃLzҝITr Lc}eI9OrׯqAԁSpe;!IFN@uK=MnU)J~֞clFwJfN^ x\tlCbޡ.Y]RԨU&r85@J._Ov6R}RQz:k!{7w- >/8CY1 LrQZGMXw~'ew;K !?RV$X=s r0Pp PF2ŻCs`3"4ǪߵΙ?ܠq%z|knw~?@0[;R v)-|TvQ4H* ic\ǚ?5%:"6m Gi?#hq0j:cf 9-M`s:ݻ 5Q@W➈jRԡfG g[H8-E1S#h$.K@-CS@ fEڒ%ږbĽS)/&A.tokrNRXXaڐ0ܕ>ӈUg~1mUYuFވV#̪OS]h"qD̅ ٭WTzEFC`Ɋϐ eI;d jE02vLc{3YqO>]sB[CzpojL(,\*CQI^S"DZ:<nKG!WuVɗ"_SNIPA5shl+qY{ܐgY~}sO5|_k9&1=h;Sjb R,؂eMԖWr] c4å,CyҪ"J g9?*.*GN4i̧5,?Rt6E %LL^{.rSߣrAy0oœ/9?\\Pyɂ4 oZ"U_PU )j8/(<;[ۜ(#˼^],wf_fA3[nU0\j.X:Hf`lӓݨF r~_>"KB mmR 7b2κ5&8UۨH6#wf'ozd6qpϔ1?]Mf=IV0+!0 wYVI^߽So\.)'#جwrcBw Q&eqxDD/t%T. SתnUܸ m8:uąhXƷ2OjLZMHR S15:0@h:%(Z/ȚFfQte3q W?* ?ošmq:g`p΅aP=!7D\)sXƃ⣏FB-(YheDL'týn@H,RatQ dn.\ЗU٘jgn-?L{BPKOh6<iDЪ] #lF>_*tߋc߁vyIC|7a!/W+\ۨ@ubߤ*GZomP"hnEsn P֧"E+%t(KWIS~K 'ED駴T' ؙX\>Zk$4GꎏDp~p"hє7܊Hc0aMf cရX00#AQ1盚C?xNEpgNfHC'*}_K߱<}CDEK5~qSBiG'(H@Po5mDr <ÒgAqRH7 ;Ϋw g 3O'.Om<ڨ/~ ^ZٍbHwңtloq,x7h͚>bly#0 g(ZKtc{%ok&ϩ== ͱ4Q?/:E(WCt8v1 hUEri=6{5fdqGdKo]mN= [(X?Hԣ۪@ 4?+R:'}1l`X,h'LFWg M#f S"|Mt!8iY7c7zӛ;L^p<&lJ(bU{g%T 6Ck͝zXqc_U"ժxYwßQaW3'㢀D[󻒉o$;Ixs(Oai@$PoT"Yo~$>]DhvPH)o1 %N-(¦q~k\_afZmxdb#/Ӛُ{1 !ڏ'N)FY͓q "H Ho%K=dڞ@dSɶWU؂ibҋ.yWIrk*x#u(m է I7)/0 s#qM5YEB# X2N4*FqNMN\{\1R5I!Ѧ9O%mYH]7X 5o)vd;# $5~KNx@U#3;Q0^T b7[Dˬ[YD'd B [CHc/hH ]clZsH&qq!;>|᳔o sXx0ŧP~CK|?w|>6>k a>F Xi4#me"?>1ޱVʙo@ɋ5ʄ7R>уbu8{3r ԓϑ;p/aX~Z u^= !]Dr0TC!D 剓`nKQ-^&@Z-Ĩ\xj6'm^@g@1E,hK]dƴPۗ6t,1:)'68Yl(xW SDJ3@/m7fxAz7gM) BTsɈ2Mho OV7gnx{*h:j܂wx+-^ߦd\`⅖*W3XMCL|]-gu'[i}0F駉HeG=[0ޝ3:HT3~cMcFtPu< _maS{.JB(q#S7$bE v/<Ï^VpgHS1NeW=V*Ak<@of௞J6ޝюM6PUuҰl?1UX񉔍73g ԤGdbr\əq^@b J1ľ{dLZjx;eGťry1:![G~D1s j/9e5}g/TEg@\W0xVԹi_K,F戳ItHCɜ%Q|Kwy*d%vsA^u K8r4`B4rlU= srK7TshV y&VF IJ0RְcV`C\Eaޕ"VЯᘱS3cxJ==D?yg"QY w1T퟿Ν'#aqcƻ4wώ1wQ9A6}ɀf|-cSPNļՖH`3.'A!쎼Q*26 DCt6 ~ѵ1 Lt-2nE7gi%>sТD1\kcny^XaFì,̗E#Zp' B,-G`+\CE!^"@k.ao{/tG&d]S+gӗ 2A2^X :h[[lMX W:fLśI+@z &.$x K-9z@^S;x?V _i($85:Dž`~֝#Z]niߐm>N#NV֤sh'p}kL]ռCwg;Wm\ȊL 9ntDR͎u&C~^=o$6 @1m_+ ti<:{.1GdƆ2,-2bځYI˦9p.Naf c. zV:w.8=H#Ͻ$$h _&ϑ!etչ(V}NzW.r;U0%ui A,gvT;EE;O&*_DZp#mfƘc`lw#ln T%OS0wGx'"$춺w$lG|kvsBJ~!Ӊق# BoŚxiOWqV劃&($PMSHH!s E}L.F.[#܅@ IҾw~'{sW B.t?W:4O!;M_wAD#sqC"Cu#Λe X6k:|&YhWCjt;]\[i|q LfpiO3!*rnDqǢRamB^3ق!n9; ?\3TSip@ƣ9} m#\7ŭC-񉃣n9/")y$(rpu.CamTzD&hyG騧{]d2ߙAtz*;m'r+)|@m17b;6qe-,Xpqr}`/|~ З̖SQQKYj~U_޾?CQ_w vq?="M*=5wXGTDT5G2R&x[l:"#EGա g`rjW#hd$ w M-?.9Gc_AD‘J5z5*06pgŭ|/}S6xƎy*@/*a5nL,i^$.rIhrzCpJ#L`Da]j!E&κ9SRHXRy>zaO_ 7sE3›h1Z>JG~^3w; UeD_] R>k㯜A6}M 8&c; aD>c7?*.B72б fL%96 .ɬg=f7K[X p=I?vyF_2<ډ½Up,R pOy<ٽ'&rhf<ЖYÐ}fp91'3 -|Aё|nZsM?}`z#$]Olr=Qt<8mL6k+DStTw_1%5_] v WQ|mg&+Ww} ]MGN(VY;_!:PQZk"0P4 k'$l; f=} hwp NIjk!(pB"?T=xDzW<ᚪL,rEE:=/-SZv< PٍVEr+a3lTQEt GgM}̬nSTm8rLÅvPq#Y/fMNЗjD|6!1Jەʹ#6$l1&_֏:#ʬy]d#0(,F 7#j 5FBi66&"zSOhFdC%^;g?O٬^k6B PE=(2G[͍LG:Fҝ?d/hNs A$@ǹְ̃cX|N Oaɤ(qp4`u IOFCg8uUǾU2bȠq8ɕ(^$}VFwcW.82WY?^6LH ڐwOqH* W uG5P}ƮJ%T}+сKW 0De(%S=uS/J/(u|s]f3Y=r]Hݓ@df\Q)-}#LM o #&ܢ懬VfPbC"Kt&l顗Ei.mG%,%h`=>ʇ _?&5N_@#Ё9rlڝ^1OK8-AmBn@ɥ#֟8*K NXZ|tA-NQ l:Xqn` gs.H|{2K+e~U6|\#n}m(Pϡe2^]2[%m9&u<4K^Aװ7P&i]*px@fnJyH`C#,.Ⱦv:p9IM:c_Dnfs9{%G{_H'pǺ5VGuJtQ>D-6>/į $?섥<)%)ֱá5_A)[_?G39hY>9F$4!"=PXWk4p4Dpm$&:QhsWkHb|CE.Y* +I0CsX9}z<,:ŞEͻ_MuaLhvhY\i"5(02vS^EnJ\OVl^ttvβ8 /ŝR˃feUz)MJxDuQTӎ^iC1ɰ6_qs9Nhȇӛh@ \?: P{tHGO36`RgGtRT+8pң^KoegMbM%J̅٢9 m3`6Q+nzi= p'STr])YuacQl큸:Np <ijosp,ﰏDF+0!7n{E}g;L< :,>N?A(Ĥ18NJx3=kò_YZQKrFff=,A^%7{ҕnokBH6S?'XA tR@Y NdDݦxz?v=.i(ɲ~ rk{u $ di7i'Ifae E mWov6E92tUUJs: y&7 Wi@o̴űv.hàfSx+ J-|g<*!M9)s9T`5P9͂yg +, Ꚑ.,"Y Xp*na"c %pI9`8| tefE!ag!V5~R&s8DĀٰ;@ z2Z  C̥ŗi`Ե ?^|yP)-jv/i˟/‚%RXdv="ȮX $}vF5J6ͱ@]])j݁ҵ 8}(H~O7pPoO#7cjIY]k_duB;ZbB+<89qC[p*3ehʝC {<@WqWGރy<[GZCQ~Bf1 RLN6ڦ6dg4&}ANfx]W1C~^@]HK T?@Z74ՎKԘzFB#H}p F ]ʧʞv%~QJ`;1=1#_J8E- /q zJ\*g<$R徰DQn^CqYSţ<(;"y=.Fl<qp1Ns̒jAOOD#LL((~Y-ڛLwF66oP{; 4$ }2[/C4mdVFxNto8Q23eqr#{h; eT[uf^ dgqp`d4 lY]^̓3&] ݍЗ fQi ҺTX:GRzn%`C3ȡr*^䙮6}/CyJpS>mޙ9we^P3l+(d]天rt_+vCډ woA\_K x= vF >ePt,,e [ؤ"EJDZ@4~,Vbc/ĉ&dS\f@]F_!vu5P3W|4WC- !t 6&..?B2WN`GtC@`-kZU[&l@۪ƗG|I[^ګ}n؛+W؆"Dzx#w9&Co*ծJrX*w=1V ֫a:%1Mll-T8̍[~6iŃnGuR+::K󇻸Ŝ`Q~y.f?ZYEgi2ъh 98l߼݉E"@te^ڸvr+`s)j;`UA\vIȔ(8R"Kͣn1LPCıH*nmE͚N P8G vc?7+NCÈMKy}';xcDu|x04;'[ڈԑٽd(0B~R٫ϙ?,8b$`o,J_ǣ~U,:7pڸ: >&N` YutGxPpuC*ѣRf8KF^%QCS0hd5bEcU2L-T+\zpՏ-ˑ+.Vs}&No\Ih [\g"/oz TP)kp^J<?9%֑M@U mJA]6 _,D_!0'!w:/B->ǰQ&"ِJU^x/ p\YثEsB?^J&BFXԋ z?GԔEQЉ{ef! |/19znT*nƿղ0rxX t@'tBm QT9aMb&mW8Iмcvz$d7]khx55ҧ( {ʠ<%3ޭi-h,6QpR ^2-ki7IZuػ|L%4evZGv͕d-ZN5Nn+92vbf2:qW^^gi-)XmO()'芛|0nFUIc:Md,xӻO 7[z5",?|RF>x5}A>7wQьOK@z*q-0>\%UvRJeW}X&03&Gǖy:/:)v-WNsZd1w.y0