sssd-dbus-2.9.2-1.el8 >  H   $CTX|e(: U]L]z26J{3}n5.^۞u`alrGؾ_d"%r.Z|:[@?+5N SvM枰NN~an~߸)%RpHXO>"" d%[rW15xj6i2a|vvXЏ|ߥӕ&i`Wu?zV|u7B `̘Fwa~9b¶WQXYll4~Xg=Od |dducdUpm%g! ?\\h'bL>9@@%B+ h)|L2ʍ-~)UE7Ξ szhA#"#hmL2r*#u1C.n tRafVBYap-?\b5Tni{5٘]E*M`j@QoڿƁhqჺuFY٢eb9d57e9e4e918bca7ef9b6d15cf43c179f0d0cafe7b99e3c65fb8c1f3e191688bb114e32de3871e983bdbdf44d828729f5a4d150302047c435bb500673065023100ce96220f13f1061b56cdfb9a9e4236790f8ac5ef0cc9a43d9a1d00578268b8461b503db3b0d901dbc5242035d2f5dfc4023032577ad0190f2b29ecaa6bd64c1d03b06c5935213555350cef10a0fa5d7c5a828659101456979c1ffa7da10546d6ce680302047c435bb500673065023100ce96220f13f1061b56cdfb9a9e4236790f8ac5ef0cc9a43d9a1d00578268b8461b503db3b0d901dbc5242035d2f5dfc4023032577ad0190f2b29ecaa6bd64c1d03b06c5935213555350cef10a0fa5d7c5a828659101456979c1ffa7da10546d6ce680302047c435bb50068306602310087ce8c85fc1ea20b60c2a6740745f4c6d3bd7428d6eb5e0860095af697c46eee0ae50219693f7b9b57b27cc02ee75d86023100fcd02d1eee43a5f731c87c08c431aecfc829c9c351b84dd875cb758832de8e321f8cc472fb482337dad30c471ade13e80302047c435bb500673065023060bfdca289487e7a7667f7683b0a6ed7e128f4eb2ac53de2663bc7b73419abfa988e44719581588326155d8c4256bb910231008d5cc97d16b743fb9fd59c344176a7284ff923ebf0bb489419766ac575e54530d7fdf26396fb6360232eaee6a68e96730302047c435bb500683066023100cd1c9b12a95deeb3924e6f447b744c684c56886521e600e806caf0bd5636f554e027098eca7000a6f2c816c977d06f830231009512c250cfc39b3a2b7259b3ea91405d052d13c5bffea899b6f314809dd0d75d452776d554606d5d23ca513300314c900302047c435bb500683066023100f8d2fcdbbb8c50f46b5b6253446dc9f7a173c172f7d5ecf9314d55bfa3b790c39395072cbd51997918cbe51573e0f51102310095d24b0002f7e6802e597dc04d52ac6826036ebb5fb7926cd2514687fdc899cfe2d534b115f77f6bc0d6c663d3f1fdb40302047c435bb500673065023100ce96220f13f1061b56cdfb9a9e4236790f8ac5ef0cc9a43d9a1d00578268b8461b503db3b0d901dbc5242035d2f5dfc4023032577ad0190f2b29ecaa6bd64c1d03b06c5935213555350cef10a0fa5d7c5a828659101456979c1ffa7da10546d6ce680302047c435bb500683066023100cac2ea055f5da5809fd28370b1722270ae2498a5209df5b51eacae20d1527dce03cf9c872ba2858319010dc2be29c9da0231009f769864f7bc8ed340df9ea51b7bdfd1568a500278fb1ed27c42a347ea6796d33d1985302e9b9690dd0e36f48f4b53c10302047c435bb50067306502304c78be1992d701f87ceac181afde0390e12d0c2aa422a33a89989beb3714482d88e5fbc8653a37f1e567ae94a427e7a50231008e970c3d8d2f5d6675207f424a2816124bab49aa4ea5b44ced3616e8855857c8dede070f4cf53249f392b08c16ca0e6b0302047c435bb50067306502303b4b277b9a70f0f4f534c1f04a5c2d082901be5c61afa70c1cafa8b9e210a7aa577cf8332a04f5714f9ea901e9a5a810023100d404ec4f9db07c4add962daf76bbfb1ee6f3b7448a58a3924a74d65cdca87547c5426ebb805cf6ea6575c7015d967e7e0302047c435bb50067306502306f2be7c399831f95d9653ee6067aeae259221052c4aa757a1f6cddbeedbcdd01f49d22745d39c7e681c094f0a5520d6d023100f65f63a39de5a19c6ec2a9cbf953417308bc0617f0d887fa66a104fae721f96415140111f3a0a611a4056d91c689e30d0302047c435bb5006830660231009d0d034938aa4072bdc9a6b7ed6819f7f3d802cec4a66ddc8dfb4a35b1e79b1619cb8db937e32d1f1a85f85ee87a5838023100dbdbce60d2a709186d6f228f92c7391df89227728fade076b9d20e5eed706dc96d87a57e6fdb9573baea09fcbb3d8776ȉe(: U]}䍽9pnAJ9d᫄y2s k8Խ9 v|B0 ZD5G}-nmߎI+ 'E4 86"xMw8*3j}. QneqF0 {?1e?&iYZ\]TM~/^%jS*C:_p9 ȇ9>1-X$vLa,mx%;d%aK D a@>`BT?Dd   8  0MS[r ,  D  \       < x  22 2( 8 9:fV>?@'G0 H` I XY\ ] ^ bd.e3f6l8tT u vw x( yX'@Csssd-dbus2.9.21.el8The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.dppc64le-01.stream.rdu2.redhat.comYCentOSCentOSGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxppc64le if [ $1 -eq 1 ] ; then # Initial installation systemctl --no-reload preset sssd-ifp.service &>/dev/null || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable --now sssd-ifp.service &>/dev/null || : fi if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-ifp.service &>/dev/null || : fi%%KA  8A큤A큤dddddddddddd09f028cd5ad8b15e0d13531d362fd4f515952a830f6c821442cb3f901cf292a975ec7e6ef29ce8a406f6193a8089a4700aaea9234365429218a94e938936399d614bda7917c82f59b9e4db0155423adbe3c2f1e3c4361c8fb7fd4d1dae5a9e364601b3592d313effe1a70c44167775b06693dc9b72e7bebc718b6c9e8b094b8f8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903c56bf3f8634696cabc43213cbb356f0a68b4eab7513781f7b731a0e23fa1d1508e78486839c378589ce22f4d8d7daa59948a7d22e0afd8a869ba5496d9f8d1b060c50af6d9e1b3ea7bdfafcf9cce6389ed7d6e1397c129ba1464b34857e50f68b4bcdc60ba0ee33af56f3a26ff98e6dc70e784cbf60d642feec409e1fab45dbd../../../../usr/libexec/sssd/sssd_ifprootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.2-1.el8.src.rpmsssd-dbussssd-dbus(ppc-64) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/bin/shlibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcollection.so.4()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdbus-1.so.3(LIBDBUS_1_3)(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.17)(64bit)libifp_iface.so()(64bit)libini_config.so.5()(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_iface.so()(64bit)libsss_sbus.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libunistring.so.2()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-commonsystemdsystemdsystemd3.0.4-14.6.0-14.0-15.2-12.9.2-1.el84.14.3d@dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh rusvuk2.9.2-1.el82.9.2-1.el8 .build-id7f8ec20bbecf2cb519bf9e4a585b0d363dc165sssd-ifp.servicesssd_ifporg.freedesktop.sssd.infopipe.serviceorg.freedesktop.sssd.infopipe.confsssd-dbusCOPYINGsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gz/usr/lib//usr/lib/.build-id/d8//usr/lib/systemd/system//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/dbus-1/system.d//usr/share/licenses//usr/share/licenses/sssd-dbus//usr/share/man/man5//usr/share/man/ru/man5//usr/share/man/sv/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mcpu=power8 -mtune=power8 -funwind-tables -fstack-clash-protectioncpioxz2ppc64le-redhat-linux-gnudirectoryASCII textELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=d87f8ec20bbecf2cb519bf9e4a585b0d363dc165, strippedXML 1.0 document, ASCII texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix)'R%R!R RRRR'R R#RRR RRRRRR$RRRRRRRRRRR RRRR R&R"R R(RR,utf-80a1b8e86031c9cb14a30a2eb19d2b263cacaaa3a8f21efea757cff7e636c6bd8?7zXZ !#,>] b2u jӫ`(y/>(ZJaDޕݸϐPmN/ѝ'ׁy9X"x] {&s,+jk;9iEg $zvٯiO}4xi;;CKWҫBKO^X2D+>xҥ Xo(=u?D]d\ѫZ#7sOx`[Opڪk&#]WdVmЂi&*B fƎV 6A)j՝wPܔN-\m9N|ψGM?] ʜX6̤./e(hݠ#\}%H#|4( LQq,B߇Jp5^#YGF8J:bk-~擛 ]N>|’x]Ԉ&AQ~ l&蹉!<yFڑs`lF>m29?2!; & X%V`s>/&6*90ZfY:'.knٺ6\NЁ<`zpJS~Q/WIALo[Z>o]sKk?! \wG&ҙ'yg!%NvV 5mtwN-#]Y@bQ?I$d0+B"Ʌ*S P43mwbDpæ 0kE@E *L&6\!!R 8U.Ǚ#1/Ƹ,rlJSh$xǢ]5o6m5ݑMS NnWhx=m76paᬢ AP.l&( !1|G'H1Y}o‹|2η.PuGۣ\]l!I`Ɖ^ޚ\H ٱ1aɮD{/اbEJ_ gf%qHn]tuN0OčޚQ9;!zi`PHߠd]P@ÞDCۻ%x&flHcNѨ5ܧtQ//?'no떺 Zu!=fzc;~ zEW>ctScߚ*DѲ q?m$&D UqtR%֥uFfuJKxFR$8om [1Z߀ګ-t_mI$5l23LʈgBcblpf;^2 |-qPMYѨjoM64=4oL_ -1}|Y9=!}0~3<'I'"@m7h1~c3 yP@.:PN|~%tG8?ɲaIn K2h&J@YP#ekabqgPơl%#G [:\a؄V#P&"&Ad;d,%XfghD1*wV$# 5T~fKqU9ұC82lDrv97 3۵s- l)~qn|S_z)WFW.lE*޻1|r3!I'́qhbm@( s1:BEvm>}d5 Ò^1lM RNI>x`s7Gӣ[U+m%=+D]WiA@ە8ғԆUkU`&%}rq N4*{!2~팄TgLru/FF>M+4dQBP@+3:r!fϟ\=Ə%"Л($FЏcp<~) u}J/nxZiSXc;֗,Ng֋4l-o,V@=&aaΙ}+ӊUDEȕc"/rԢ # WilrO,iN6 K@uѤXUkY3}Swx# _?G_g?ޠKʊ`a|`a7eVd{n18 Yc7(#keBz7˫w{ DOBjcw7m! FP~}RJq?"YB-qz/'7^rT/9m3`˜y܆fLd{9Cڎ%ce1bRyd9yҁ;,Y/8uH6eu>*h=moWI 9ȣud9$6 l/,V'"9@L$4qՉ|U˔"sXegٰ E'D֏ޙ;nB+og)s @YĤB_gZ@EsN4'd>~w]i=i5jИT Q5ncd"=w\""1\ǭ6Sc.ȷ,r(nq"Z-D t7KKQ2|3[.>e$Ww+v]0lGvQpT_ѩE(ij\Vk4qGQ 4Olv-$1 Ґ 2ö%O<+B̜DaPp*rgW)U&j6]lu*yJE[lYl"NwmPTZBhG Gdw|^VS)x=Bf ~/tdtN<&_ Z%*/}1{̿Җ$xACkС])N%jd3$BmiȯfI i(M ]%PUדi*B]D @ؗo}7]'A~MT"uU)ЧScaU߫z`UἽk@ }Vs 2dm f[3 7!Oqޱ|՗49gCOb-Rc-j{#ʟ(_aZPըBpSZeluALsކ'VZz [I!ᓏH⃼lJ,cCy&t$!\K?o%k*EB\wk" JŀHޢ-_/+cU9wSaU1"{!(BvW6PM,R +m;~cun>PT". 4ٰ*X"y׾~BBNnMeJ(`v)u;D!^Ж dkQc|H" pQrFiL1*|gHŗfy7;\D~8?~挀f;27i@;aU9*#qbz-/yj%1n{&T f >yάZ#9G5ɆMhmMKpP! lT46M+,W_͗QV\+*P|\Jb})́:[!E !%N>cX$W΁sӤOVZirr{_oןն2 sE-G3TUo&\u0'πvB8.8Q@G" gٌ-8K7: M_?H:H+&DΊe tJs'|Va-Ӓgfh,9KÐH!. @tĽߔ[R'R`༓.US u'&SiM#&~!71p *=bcy3ilڶ,H[$IAk]m Pxop<+^Q4TjWsja SgӘoxتdߥc-Y'te} vB]컾+ _#nHtEQ*xUkU]Km GsM9\JC+GWUGW ~IBlUm2[t ]* *Btof7 {e*ψC}mQeWlxSllS=\ AG.RdU 1Ohoub'RJǿz9b٤In fXħRc}82:Ggy^8c8 6F'DOؒ~a5t'UȺr]>qzE:Dv2Gw~ժhPjK z!Ud,Fry.$h$kya΅ XFBxTTΰdZsCq4Zu2 XHQ#X?yGJx],̙Ʊ_~2j΋i$^ ۯX6p#hء3 L{gLM([iIHN9h|Ά >.0TEY_wёΩ{I%k,I#ZbL];lё7fpsd8PjsgKP(n@TUި|qS4tM@1σCLQRϠ#N}!@/ b.2Oex^$6.8vpgsQmA؂2Ţje}A,OLy̌̕> h -WT8Lخ7gJ#Jd΋Μ=w`PWZU6FTm8U0ra^9BRϮ66uI;SؓLJc{v@pKޏ2)s y-re{%W|GjI)@Z{&@l) d&qsɪ"Ce!6b*T٤/.;HP KjID@:D3S54ʻΑz|3"i$6EwW^zK^+JW 2 sq!k[LjTWK4Ll{#: /CCIF ګԒbQ aH8p9@w>EF6vT:֬6՘|Ͻ5HnWObu2΋c&ԗ) ruyH.܍eY?(Y^6nv:> w]e i!rB$.x**T-A^$t0ZWp5>8MHi1%S}4zĺ\l3SYl =7xuJۃd{2FlEr°'7>.xߋ71(.Mm ˖{Ћ8+c[kȆ-8OaXW9u $ ]kDWxPDֳI;q.!$XBWHځ4WOsl9*ݵ?FqK{U;cطd}Πc8{AHAipX< <ȕ: YP{8bSDyto6-R/29ɊOHΣ=ω-@xm-9ӹYUV ˋEJ#umlIcP؋e@OXqY5'ܺkYb-Ȇ Т rj7x=^TG 5BdmnA?k(7КLnR'0w;A**2v !333~SKe"1펹M~*jX^Xzr&\cNnwQ >F[UAe՜};j\HD..&D@Ѐ!}op(V^*Z lkA/4'ĭ}d$w3o@\Ey'9OE=xַf"3|pvuyF@V%P+IIfPLT %dY,/hݲ^R06ɈtgRt I6ziqMg ,"-LBtU  i7cՃtHZveSRݐŠxdI#W{V'f`p]&5 1y5ohT]3%h=h UL[ĶF ?E؍^[z}\Aw=.y}N/hD6y @xH@2' %|oz4ױ,C֜=|J9SV HYe%J6zhH;"ڻ Ҕ&z~~lc>@dw*#,r`)eLlzoʨ3ߧȏStDb{iq1$)+;_ŗ#uBha֢K Zͯ$eU:E-K( N&PLcW*1h 9yw[nw%OJ鰶n+ y&D3?0]Hק?2!y(Np(֎ rt㶶BΨy.+C!uLAL$8HW*$'1_X\Dṭ.8'TtM `Sm ˘W5({W]ump6m]6K(\:Tz9m$@b9T|<6%G)EmuOcUnDHz:S$N$ۭN#TM4}Ppސ_ a=dMlM, P('<$2D4c|Q/%SP`g>QbrD7:Gڋ'2Y_! #F^ͪQ_С"gg͑?U=@WTNiV E@˸ȵAxBhE{xR69j{J4ݓ2Z&1r@?%St,4-FQQLQ,`Q"MFxlȊAGdQep6 ֡e^ƧGycM}d z>&`fz =Ѩ QΡ^9jX7s8 M{zwmJ׍SW ,ӓ1LwR WP GՁ^}:M6$*S|w,`ۮl.z7cn/3%{= VL7 BIr|^*IUXʼn ;Ӯm1q۞}+N!s nTJ+m"`BEW"ZKZYa n+r*H5A㌠?\6ۄ$6lG+d[X#4-]tu[aQJSHulTC轼磂 /uwqA%wUX#?)7'>ȄOJqf$G35vـ\R/0THrdvOt ^o]12y륙[9cpS['\#~8tSr{SJB 2dTu K\]}/Z%/BDrtUCDŽqʃƧ*ކNx6^YLa2p{~(_fyƑ.yL@bTJ׭z3ԷZJB8*S2;k^Ye 'rUY?{tb^c>= !?U" n7o]Eoz0䃨! 2?/2 |Xe:5*4wWaj.T1 q@Aw2:o!2p@*=[Ob>[rm1]%닁}iT-^ ʕ]+\TssIu]ɶn\#rtAMG~^T2Wt+c=\e퐛`d7E4ݩ1bѕO8 |!8lPsR0Q A 1*-7%$ 澘'|V2*Eb&玺SJ&w?lW\$D<6$(B_oޒMp'a>닖}T1ӰA:5CXR}ID=m/H\E ƺ:_4PLxp;h:jü?Vߟ$eD1_"rfxv;83#luX,,iN %`"߭ֈG'+\KO3/RS,(Oj8T2pKe\tcg@!8[Z_v(:"KM ]̝Pn /l#[]sB ׌}R!3!TAIWcX~S+/ci$]hSb363#z.?vi}|4P{'Ҍ#vş $) ; PgcGc`oZF?S:7gdj_HK y*eUo>[D5uQ:ie0μ&Ystql'QjR7mOɽ;P"Pm)HG L}Ȩz~f7z!tفOEb9?hx4dVRsq{t8/c',_@/ڏSa TCW4=mp;!fM(TYQDHIM'nU;+BlXk>De5Ka6uڍ&`TwR^$p$cubם龄WW86D|rf=][;ok9 pg2i^z$?ۢ6W}fk-Ʈ݆d@#)Ɋub7[)4t}k eҼGfZ iMDZW3y0CuKH^FtlAUl CaJN^0j90U{Coe0z8b^cx"uh, m,xj~2? :rKÓQDER.e?UgZMvg!jTSٜJr`l^l,=J ANpe&OK5<RQQ3DYy-]1M$=d&rMSY~r@Fr00|66 v_-K0 = iĽbW .ZD0c1rF#a{W)%s ffO ZtpYĦR7TJAh0n*MYV,6|[Ì?]oR=ګ'hH:8Y/ hIxz)k2W'w{|^7A)I3kw>pbb6MW~]efNGRwOrb;" *z5ע7p j61E\d#+0n|L ! %v]l%.m_Yr Epd;)y/cmxXKbP%_ bMۺ3(~a oP9mWf>)k&@d7|v }0V @BO&ظ P8DvOuؚ>Cxs\-lm@03/ӥ{ 9_73t#[+\B.R_7B>fO2kT]:e|^yl{):/Ə~7e?Nhyy>Ke)15FZdMI )*k'IPקf{wtQ_xgD߁ӯ7SO2oR7M.עka-- bdN5<6x;@_GU3ƙ|F6D4W+vT%Ѯ.q]個%9E%瞻b̊j3h])6~;JyQQO;tԐ$@ZWDGTm|x?01>nI}!UjDxe^L[?[|qL9IL`C(wn.#OH NM>u.0_E\';<2"%CZ&27)*K3h?tR}'6op Xks^DN)@4n$iP/+SMrowPYnR#eoGfc6isSc\.=R`:H/R1ytmhQm?oM_:T0c' U}P٢mZLVNpv j+wj/7KXͳ[BUvj b_QIO(*#dVlN͕J$>ܛ :6vK+%>5xN ҏGn+.q op|liC>ii7XQx=Flt ZA>{d^e }L%pzT :(LP A/5#9y.2pio+/}eq y bA/(J͚Z J2tji;A "Y3FӒ>m#R~5)d tJwH}~:K '\0MNqBs6 A )Io̳PX9>C[O+G]_`쎈Ăm;r:vaa(qxQhs۾؞ &s2os L[G NLvSΤ]q9-Իz9gNE 1Sq3UKH[g'DK2ό?=Oy8Q# Zò=s)I{_'vj<:6]>q,[_c-IlƢ"q"GF;XU9P!W'fKR(W` /PC%tH?}_+bfdwɯdM@XnXJ棂cY(2ȏӌrjvq yU~iK"m?ཇ̠M , 7H76ZNF"^ Ln y ΅*bٌ]%̪< iUn<#H6}Ҟ7<޻*~~|l B2bI-6Ap~Ykyb(?\6.L:tyŒ,FU£p;p TBxKw] F )a j4Lk1Chٞ|qJ Uz~8bw%0݌TBX!= K3* H F6CMmdlșI8,-m؈($3e}^E8Ex"&1YB]6|>/?SW`Tq-'f"xo][m~fG늈Cڝxq5BSsIah ]7%?lķ9+TDSk(]^IgG?MN}c0,3[c85*J]]C2 lO1,M+5g(GU]Np;gzqGYd=:puIU٥ )Miߑ’>uKo#sk1bDvH^`xI2$c7&{تR 1)ރP;u̔>jD5CnAA}B_f7nVP8Mڜ &}c36}2IG W$5SK.N&}(/%z>Y?@: *I?fJN[WK8@޷F}߄LuB_^l^u~JmbRθҗ.F58M5@*~, m򼴱b? |o֭ߏJvLkY zrXD8H 23Vb˂znMk,¯T+!NdD) (+CP?~YZ 4FB"a@,wH"Iu|&$~55wcv*[xLh&a!6j>؃ ݊c@ W`T7y8G\D/`6c0dam <$ JmIdʩȼ(t}L[F)#3WEI9]Db-vȱ)ݷ'o{,JIVr/j>3.cn,j`tZhD˽SͽIsp7_R\UלQ*=#䦉P*jȰalfhfqk$m^;i~ӗݖgI&'mzn)g=62 J Vs7lnZtѱ)S1^Qy;Y-% +Ҩ@wu2h|dsm:ht8S*QYp}L%\HͰrF#K)mÜ |EU˛\u'jbQ<;=j{''68fVRpP1p{i+U>f 8%|VoWھO VXޯNIvwHUMtLa p5`iK3(g8qx__fD3?EZű_"HD- E8Ж31b4;q`W*#kKB~Cm ߐ޺|1=$-d_lGJԶ`+i2k#0\ѳSR6œP~ "'o ay-f9u/)X wRi:cIzwel߰K3޽3h{ɳwyi=yemS:=?~Sє0:e+1P1KmgBb_T^Al"B`azC\-Ug6_Pذ#< #U601Q$1twD3"BsPgrX0䃍\D%D+4q@U~56"&R MKs]f=NL/>kDE)KjE(4kU-=h1m%[aAXkMmpߝ(9/ 6$pNFu/YuEiWQہ z؃CB=˟2Ǡ7 a}KDI[Gş,xuf6I[\ p$vc%A^fD}@P""@, L5ʄs&e9Af+ GQ ă.7G8nvuzMZ, "nIS3_SԼ*Fe|Hɤ_!qOV|b@@[Z~O@Uie|&i02ez-SDpXoݨӅ~65LXumڎH@+&R_FpVtR$NelJO1 wݖ]F>GwJ%zjjr+FN$|,J#z5H準Ƌ ֠Ɉ!/(I,n)k䷌O2 d]cA-k$i"59ټxBr/, Uet1%:nrF#hH&2&y/!|s2%85dU@>/R\Z#9aպskʫ !s =r^|2~XJVc%1#9X![8}|]ؓS#QHsd ⻝C5Ǿ*&KsjMr&c3N+'5[8 !W!Gg{*XQcs~ÔkOgE>0AwX2سC%<  1A`km5Dp >)YK,]# +!4Davse}.T7BSM3HU65*u*ܨ!U"M|y${wI *ʯ"{5g-kP)xXw'|q_74c,g:!> 2#0 vם-;9f/$ĺM&"xP@4۹jGKCP7/7#OFa@'}r*`K>=G">{ܙW]G?T`ZJ!rLC!5Q)cyꊽ{W,^ihl;Kf$-GTtkȧҭEÆ௉s%DEɶOY6/Bh?zDH) H)<\̬I377Ggyr֨he ۳vD.!C$TiӞw/sl ˈpyYXc *^$0=&gL{*euo.g;ʸ\ֵQ|c_ZT9B wb7xa/ԟͲrw->a5) 齃gbՓdg7oR <Ӓtu.$Uf4Owޚ 1 Q D!| $8G|p/0*T%B?1RL{ @e FpdW'/5ZWaU 7jQ?_#,}WHLK/Ԣr =+x5Z\@b˥6qϾ\}rIE= VqQ/-?vvi7=!_R \yf$6؁DeXO;: ?ܷxh[MXі|M&[Vhxtv&_e- Cwk)r%_E~jH$8/2qd9W957 .wl&WoycذR/V6yA}`CS1c6UizTY }PCQĂsVr w+IʹMUg[K’"_u)K0Fl}&ь<3yj[pp 8)I>rӋyF~):/47ibt#Ƽ~? ?ʾI!`=Q \ENB5fm',U{sqP }t)mZ f(t-V0!lU;N<{Gxiv"Cj ˌN¤!n CRi 7aK9KGÄGPl!:)+QK~a6N>}⋘V4$cghY-Wᜀ/+qCtKe2fdjL*<ӌwl hw7cs_ٙ8GB}sD{Y僕=!a{Ax45I/GќT2k6;8"TͱcSP]ܲ 1†&WiJa۝<ȎÅ?N;#Xqgj8'J!xyj-=8KPJ{ɃֺO8rn%CFqNw^-ftBN,?> xr"e$ w) ~Ạ55D&^ƴ蟲*74nNc\]f-Nz95ϗ\ǃ=H7'"5 ң"Q*/ZZVh'Z6"3] p7\,m5o tWhӮN9}uK[JU"2˟Xyr\-(PԳ;ȀBO`Ľ\KskpL窫~f9P{9SR񑱱 %CFQ/r)6YRW{]!mD4<)v[[t@R=PE]s^HpՁ~RL~(RSAwSt5OV4.[6j 2h 9=qj,_  lK62%#1rSݾ\M '[Oi'|&o׷S#R% - 1z5|.G@Q&XJpɆ UuDN^ W;hߴNC 7zêz` ω9NIjM[*w?I4^WHvk nǛ~)&%XΔlf 밴~NXHyL00H=͞HYV s:}hxO{lWLJLlkk:X(%h]X#Qk{d'e$t*\Q}+sC[/Hüo/ V<3u8U wRoK0}[R-Vx БgPĐ t׮ (a\a+TcR`_]?gU}yi4MUS?({7)G 5.ދ`Y I|0vz5Ն)+%A rr`[F|q83$t6XNIЬ꾺n.[(XQ20XmU85aQ>ilsQx8}.$7^'36U2֬I+fg*<% ąH !{n;̆6q[&;CR}(N4#T){uƜ Y3QA=Wlr), :+>7[Kj<ſ{Kx:K>*f#8*.n51|7G[ Xw{F7DYeLZTSTZi피9I:iS8ȣts[[*@@EOP2ryEX"q#)Flк'ӯk)Tz Ako6A֫suȣ=⸵ǂ`# Zgweh_W#fw[ zᬽkD>#mX1ja+ \T )syTZKQ߸e ߑE-vڏ:,NwSLj~l18[cL"súŊ5%D\yrЋE|^d,N84ɸ ٩gkFm7(gh }1X >hHn)A0z7mNV;*jB^t$3:HWݔa`yLLha37ϙw{5@: c(B6S a7(8a =-׎L sȚ8T)Ecke~Gśj|K?ظǴ<ן-Zlr:i;xH#F0/{3/Tw"1SM& p1*z^i:L X P=% @|ͯcCP&n@@TXm2V/m 357a62t:|Kl ] Rj;^ I~&m*NJM8 { XN-PحN׺`~{`TpF K])$NcR"E" I6"7[]5S]YIwP * * #`2#w[YIK\2 fu_zVdua UΓdJ_I + XiϤT2ak 6)ikpL:ޮE>tdnI#0Dd-vQz—_̍2&;>9~ēy;u43*Tbz|;aڛcpU\|sCYz30 >͵/,$ <s[.6ق6,Y~H/m5ReZ$rG^ݏA}XcO~3PޫRҌBQj&v\d|FSV"$|3r͘Y&mwCȯmMm~nER[ REM.`'8lԺt'Qj-V"1Waw\c B"x ~㨌/_n`1s.nqg7P&Ǥ #t{qF0MwDoijHJ_X|0k=,XT |2W=*ԒiES#?-aO bY*օzڍx33G 5\ȩBAˇӞ~T`@saZb}|jmkY8;@Z>U8]QTq-[XzpR!cH7GEN z&zHa\9yXJ-F"957@ce7a+4L= ̍mqqXr^Wq% 6u,ή}eo[ښgO~ cv< b(t"ù/-$#Py5O(UjpV}Μ gjqkEhHJl\}\2eq(C#w.05 ֻ H%-3+|xBMVYo|ϗSAcfĜm=Ө x\;gt䧟 af@T8VE+BrKԟ+DkCJs+uAEaX*Y|Lp`˖ɝn]ٳ$&suW׳Vkfk2g`Ѵ 1w'RYYeS0ԓ8p׻ GF]jѤo`ϸUMB}zMsZol%QHD7>B%~KB!֝v9mi]N!Mdyo.ytBv528W'%FbrAFyeD f(a#0y] u(1`o0lۅ(u P_jբݼY#镃/Vb)DP\ILMxZ{r yg ]Up*ےŀ7 AMe.qVm@,Tt(1 og+{n'EGJAmRbfNUFQ`l"1A);n>Trx*H?,%^xb.iF]zAj?e`+9Y44|c`jS{hB"/c 9E$R"e6;VYq)Ka<=Êlar.D!4y".R >d;jyԷi<8zߑ gj5&٪•UEҭVrXwjڀ+$썻hL!̣䣟l_zi"_7վ͢;p7j)qOQ+}sqyZUb[CІgr^2,qlJ΅6'.T|7X۪# {l`F 7f{<-<^̆2&d2o-&ZXwbKKu@: [d.)ة.7X$oR! Q=:]NR]7xlrJBZ}#&|C[u/ToX%A.:fԪ) \i?=}A5k0Lt#JP5&| _|P 't_u_bȎ,&Eej.dU+PJ Л [1dT En2BsOfX7iX#AG_˔W9["f#Jn`{Ok/N,r Ҕ.! )= ts_(){u62Lri||hÉn@RoJEZ=퇟R ۤfKCMΥYF9#&Aafd@h^M*"X{ gc`I)PzsQ k;24Kj2P0ToZP1hnx4XH* V r뎨䭋F!rǕ9}p,%}6bCQcj;xdפXT\ ۝ʞAb(r^.gw1 #P\ٕ@G N=?s-(#}*]u̿\T\f8j hӚ5e1/a5O ?fRSh MC(`ȽmuE~]{T. 5Ĭ <8H9DzQEyWTlM [Wć0-E5LRTzA!Ub́aЈuYrYG#?HGÛeqm,p~w6$jBeŚyp"SN۹]xCId2 FY2~|9L[0xϣyq}'KXϮ2_oUJJU0m{U5W9+ p^^hΓ'4~_F֌ȤWgy D Χm;Lpf(&tagP*A398nN"AwߚB8W^] wXa*UHTݙ`} wI׫HI]I/c[F'OA.%)*0Na5`rΡfp5,3kHUV%0dKO'lM>Kd- qg,tz.HE@>Rޔ# I~UM3#2[T%n1ǐYj{|yF ^9I@Z7uxwZ/foScR"Ō0{V=sT ֮a:SC W8KPq\`ilnSwZ=@~GJWQ${TG$ȭ1s S6=ƾo $x2h+=F}x^Pm޶[} B##ϟb.q9 jQ|铼Tһ>҆Pi&G֍$ \Iq,2A 6) E9U- >4x\4nᮚ߁zPE@jqd[D{ Cl ;T@r|q|;"u˽(x"8,Dc5'{\MHw6E7+F>W ] wia@~ce 蝭:-XR~µkwBz\b45g&܋^1t^|g/WgmE)o~?rtG|1˷):Mm՞i!]_&Oa :Zە`OC;E.lק`gB;՗H\Dv#,Q?~tr9 Л Ϙ>j=xnvKOX͉ \P[8HGGwyD/-Q0dCn <zZ2W)8Au4J;MUw6^Rv|^Ab h {IKX`v#xu7DԂ.4leE>ϋ $źZ,u۲ OuQukGD^%D` D@tNYpG=k|+ Fn _n=`a9 yS晈r05v-Qz<6]rgW vWA@w+&vI+%Nth#x0_vN/U^#q|:WK(V^1}237P4= ƣkD$s:oWWݶM`\3".*( 8<nΟr4Wh"Çrd~U4PQykL,ÓZJeucBU:N}I۔.uε5s4&-Gc~:}dn:BflHKĪM% ߪa>f݋}+ujn!}rm'ExCQBpo_FS%a#=R#.0)ntec%X™yk @4^? nHg<,y kW%cpg3V-v{n#7=_ 9s28言`vUy5c(.ƽeMzӵt8<#f-{n7ee!rAUk$a{ Hנ2Xg>IU Yr2愗F\8Iu=dx ?dS#1d5cuw,b=3 Bpxkl&PBy$nq.4250kyQ&q4,O޻I}Y~.#fEWi$:'K㯙 _ЌAX@#,:DMR΅(ϴ ߸aË! 78ɽ .u_-OSzYQ8X{ 9B@'Ug# Z/bql VK]$Yj yrmj}(9L~9זnj}L`ErȎq3| HZb<7mdv!2xzF ,lG01NWoX`CH85'- 5<a5ĺ;݂H4>6v >zN"qjp F{8E~ԈIy긢dH^/|c1.eI"^r[ }?7Ey+ӝ'vH. e˫X4we1v j]4'&\D ,}DG /=T1EXQ8xq&\EWk7ԕAT!: ŔTgzۤ,*{a }ʑ#tFE\) <ńXo*EA*QVS wX|316Qsmde\#uD~77D* 20p}EHg eBOK41'T=DFʈA' FiPܧvU[ a4\fTQH'_ac}\t9!ܸ\ {GވlpEw25״4(1c幨C\2Q<$ႄ7'H /K?tإBΎM#DYt,.ۙ aC3"c[5ɴť`-|rwRXƇ;d>ư jT\z{wn&YźSYoi T, .1w#rщN)es"D˥.R'*@JcUT&l>ś^E'rqVF7vA[žE%hY)*NS3]}@o8$"7`D)iuT7e̫~ºx?vV>? Rmhk Rr5 H7ՋI ٌXm5+d#JOq"2qvbS~)|9|IuHOi_:9[;A]TR tEhuY(V)CJ̣"Rlo;FL| d$+(-?qpww*Zhlp䰮 ҝXZ(-1slg&?ҞI= Ezb:HmlYg7F:P>F$-vf{10B'Q3Ie{+bkCkqpfB{t렞S)X!ۏUUJ{Sy (,{H7ՑVmGD£`P2xdb*|͍YRkd 6@_l:9&OgdsZrp?7|t AcST@$9B -+\24y9kd;O]kݦ{Uoܱ7^>C-^"Zv )Qw=eXxe~a uC iUm\;7:Ij}`U*ޛ%g)H9>QYS929fPҶmV=O%bZS$bD [{&k~W HUT߁4a!1ju~c0qh3iLR; I5E}P(CQ]CF+m7^Fb3'# wنKwcS Z)u^qbnxf#xXMXe40e `R\+ #EF#,qvͭ,= _0a6 ,U4^к{sF-RUO~;zX)Q->{4߾lqsA],Й֚O*/3/s[W/ ڿab.H?r)F/YA"N]cQ7x{Y^tNJ>IHm?GuėEW^vIXZs-a< ٪T\0ϧoWFڅ!=K>M %b#hʽrze#H U ZYeĩ3lwHD&ZU.hF(MZt{ EXU.7Z75B|Lؘj-9=Wmdl0Gw[tޓy62Ay q0|{gM=؏ɯ}*vrɽ] :-a=6DJQ)<9bgKVpF bzp916ߣ{ gjd K%,oC}Q<Č=J[qH>Xh9j]DVWtN]Ɠv:g"nXĭ 5>MỦm޼L+$g +iT1PPSz}UcB(ܵuo`7Y4cy(˼rvu 7C`5;>oIv8v~P5j<ltIRs t^@^VMK:n$8{+:^ĩëdM^בK2"ýV`$!gSF`e7|h X؇5iə [#O- 2TZbOe36+`>>D~ѽUu8efuh1L*CA?9uo| o=h!2gXI#?xG#| @)>d9te0LcvMkm5yC\XKr>W/3oafz-MޮXA_ǿϹlǼ&cF3ߙ@FhQ,ૼJި"jflA7Dٶ.19p?VKdU@V׫{xjU[yR/nkd[ȑ1T"j {o<,ej3[1PN<€3*ADž9dWFPHm`Z`ŸY8tp'~tcp;mՌD^~bSǛT;Kh؆&> ?*\t8Mê_ˣ ÊK91EikɋD5Yg7IiAW4m'pWt"H|W:enZٽENYwT.uF]F$K #Kݛ"fmۍςC>q˶yF%+ZAlF( |9׻NW:` A`K)bǿ^=P7ˣzm"Qo}iISHҵ<*I[Sw[IeW^['z,_FDI~TZD"7A=bÜ* ōF((Eo$\ 2wCckԣI@}X~{k#´.KL(O5(d=<M"]d|wO-Ipsپ'YnLdPXI|x[CMq)0E-`b)|\ ei Y* MB|&?\Fn)e1.:یlG]G᥷ iU<p&$ NTCU͆HR#J/r܌). Big :$+ce )ZTɫ'XM|;Я;+ٝ)P&$z9[sR,t%@Žp eyH3N,. @s2A';]Fj8ɓ*Si*Tޥ`Ǫ)5 !xcGq!~ڄTa;s; -H]A7KNƶ3Fw&ЋQg<6=e\MTl|4u sdһwI-I6@F BS/, gnM4_޹RXg)>kI7 3S./ZϜE?[/H 8R38ЇOb+ >Vvm)ckk~a >HbK]:`(R8(e(]4JPתj`S($e`"CU}8#ИNo6A2C#`heSPڻzxU7:2ۼNr[%O]j&yL$:v 4v[8FJ֌ mUHa>.U݁X@Sau5Ќɓ薞+ tu`{;t9C-V`;p#`҇@ZaIrEXzQr8OKRȽ7}a1̏+ns`+Rж)sRno+,A:*s"/LF\&;PKFqIzb{Ck@'wJ YjtI3&Ex>+^赒ck춒T 7V9r`s<K0jDF b# y7^ %j%a}ޝ1W #_)@?2HLxvtZ4nAXJk)|+.Uj]sY cDC':q qT ֜v#!!!^fj+FCCG.QlDdH3!ܕa09IbՂCf™[¶ k74J Z\pp  Os֣+c&Lwlu1 ӆ\kNK/Q, M0u_jMQٍ2 vBˇ-I׌XWRFtQw3^zR|"~\hT&U7D_F{*:f=" S|knԬ^CT@~Nt+ٷ;=nb"YP:#$`(\U\O&Yo_ZKrڧ"'GBex&>l$1/7J;wU&pBQ p/d{ IA+B1hUUpW~Z41#Bv Yd+1ik>2휚}BA<-[@yw/u ỗmf!e'WYZ5ʥ$+#%-TK3N#2#U+/vj?@z&q[l%Hىna $3z{$m7Li4An;+ Ob< ,U#g: 86譱"D5s5+5Pp (bR8Iꌍsܨ6G$G5\tPY8nHt*ҿo\6uaD v*1Љv%eX)<r *IPʈfmr?; Dq츆_IR=q%If㍠Y|lfpڋ|쫒; vf#)/:ץjOƤp|rqx;,Pɡ#s}4 /DL!U-`!2yu3xu^gJ5bc0)iG&^hpe|׈Rv\ #I*?H"3@_; ȄeҖ_zۢ@z戔!aBrGy>HY(v*"8k @dme"s#`s[qo]Q_"gj[`lkdoD3f#Ne_1qdI)q΃)!+g{ I|+|2Rx(A/W^FҌDcj3Y=R7n|лuX46E+ {PX7Z9TkjA٠-%YW{,dݱqLg?h"ٯ..8;w\Abel'*JQa3 oU pY{ҼT*NhI<'Gx4RVcDtMj L󇣋'F#1SL zv+5'E?x_鄡0X|kݕ }֮$o[0)q+@aaO%wcb]OA­836QK990p` 15K8f+.̀>c"|tK@`gf( >:UrqF ^ˁ+˙#/bq!ΟV08y,ŝgX+A5 Fo(ìxMz 瑎etw 'C}wXߦc5u' mbTN?wMy7-6|#g%0E?fT_dY^FB ryY&QϢ`ydh5xnޑ2x!b;^ ]N]ꌴ2Gi:n3B ]J8- 7Al^|F}e|Xˀ)q"Vi?8~>.?3KM%-0BQM_/"C"`?h[G*<.w~5iYm WrӁĻgAWliB`5nܼl $IV'XV)"yIKw⏅=O2y5_1;lΤk 尿i/ hCYQ#T:_>L+ȶ1ybaiW&98†g4'? ~vRwX48E&v:1lS1u)Ω"{I@mEhS1vBɚV#~&iC[)G* rsihp6t&=)NuFPrw(i?(p{zd(U-2˶7zK La&:Ol1J֬_^ a=$>xhvl_/Jp W'wfs*XClLV#\غP4iq8e4\5 `?[EZ%-X8cXCzJ^^ajuY֜a^A\n_RR?n*-VVp3;J`IZt#W Om-_h7Z&!Πz4eP,,:&6k'HgAkB*ڃ{Cd4sa ]8OCk"ZbϯeFrvRp!8%2݋gb tr%1d"3-an34. .Ph-Oel-&y횿8c-޹'zȬoy ~#XtNk xE.oD+VpsTå;E ȳR7ܨjT3v7} Y"t@y}އHJgs3Y%w). J|[Ayx526S?^Ҝ&&SH]͝Z? pr>u #@kVvi}.\xgWI[ɼ`J\4(d!ԑb~Go 픲rЪ\1W[F]+?1gs6Qo- NגaZjYJހS!v9;禨@ i!9@}1M&Tʢ Z- $=Σb㖄"l֞)*akpY+%?0azO.գWbPA lGKxp:Sˮ)dk=-93&/=Ź[QTb @&FZf-'JWxZ^M;['ԗN*m$DAF9h[q<_8I/YEp׵r<%5ÖLG$=Ŏ(ޞկicI ~o' Hڝ0Ca] +5 hۦ"Mwz\,'ĸߐZ`PADgG"<=OչŵE[U?nr5 9^ $#KX_Si2^RH:Hdw&I|l߶W ]O5A7}6`p(:D3P7?_Ї6gݯ'mY-{,bb} rR;dlv? SMⰳ~H^ yY,] Vq @Bidk.YM6[+ $:?&LKV5A`!a|-P}iTi"h@{}IQo [2gŶa6H &/4Ȉ$_̇xLѦncNےܖ~ 6`BT͛bi @Y/<"Jzt\\}#nI [l+M-i5@iOT5\O 9; f!s߷e C(/Q'k~rGpZc+!`QRqs rۊclh" DR ͒&#W\s@y)O!ռ-Q[–fT/1-5OCj&"Dmhsǒ&ٴ|m<᲌,/!mE 13Eś|Gb]b$+ ȰS;ޫMhx>tG6̂>pq^9?{$%6KMYzֽfRڍ[hV3? :mg.m݌vd%jz],@%:Ɲ0/&љ"\Dɦ%F=2򣿰kiT2BlQL1<"-9 e}nJ햛nud"h$UT8\T#1_ ^1%j5Kxr9Λda]50F.,(TGW;I! @V+HSoeFʐ^ 80~ (qPP%psD8U"n~;0I%G~ 6c\y& *{2A0Kdz fﲪx 7|,3xr]M@}#, 3es1Go4FBdXtJ̵+! [: 6$o]O3zOe^[.{h;oU/qCcIȞrZH[[Oo1dU YE'zs\%xc{]-&>oH|yqߐm+5 (TS͊*2 n*?!%8nބ`+kzԼ coG1]AΔ khJ_ܳU^"5/{k\2Ro7UyuˤEVIqOc?B_&(=:{:gD}EcS!P7)LQ,YmBݝ"K:+Lz(EKF6%c(+V=aтKD -B",1 26nL 4?Oֻ{nދ42k"OnL\U}4 Ři SIvg6GLF0!QZ\Ep=z%Ao 5x: oG!D~qZw`s莅9f1y}DT%M"ϬP\?>k#e?daZ=jٿm! I6IRg6;ÍW0)ᐍ=ջ Enpj0ň^l&E١Apr1 YWgK#r!c7RY߬<>!j1ӦĖ~2{D&-?JI_FljV$&'fK"|do,֍@0YQ\#H' kM |t]RQ٢"= 5HJT:uqE&9ANl+ה1DUjk0$VwE&*bjwYW>l,u'xl םÿc~ 0 t$xѳˮभ)^ onj VJL0~> @FV}qӺ Gv?uܑ䮣5͠:wBjmr$zIo>ѿ@s}~תCNԅR4N<Hs`%1Pi.<*3_f}!fCiD"L 3 ͗x3,m< ¯t!ӳd_n$$3R|/dK`aޙ5h82'.U[vXQrp[ЄA1\ur-5;@M!"8 9?=:8>zZ79⡿@njXؐheځqdWV}DV0{bP^?)IG-ʪWe^t&ݚQV솋C#Azȫ v69w02]S?Xr(̍Ε Dq`=;Ӿ^d2=A!m+e םbΆ<=\JBQ2s?z)hƬC:FѢ~Cqn_ִ0ܸ"GC6ʼnG#}z${ X(v҉\tK~W"Whqc5&)mGݥU\m$8o|+bl&/v D!4&?mW:U1%"M^MoM\lLSqt* bA=Z,D!1왬V`E!'cI}78 ֚ny99xi8) ibΆ-3(_Sn$ 2Y;5 C@T}_7i_gE 6(&"+*mm̘w ܣ S6K= AB?kѷ#G(sgu1m2+}-=@y)A| v@$kexɾ7)Ģ} 55Dlu}[JIQBU*) ikkJ m"Y)wtu1m&-x@5.j.V-rV6Z1~Gy/}rr{/8;O]xy(5yJF][ٍHt #]$㣢_uT ,'B? u V~|h|dchL$P[ XuQ8Ƈg2Q}`2bgl4WɁhT-n;ll KguPĻ(`lB)̰,JG K cGKf3nfj$Jmf[5XO>3v1OW%23I\^kO~AA%Ϋ@m`HI"x1vJ=2x-h6֛?I!6Ezvm]6rB1fixIBkT-y]AblҦ6mΚwsb >PMtO@ hHb3oM+kJÀSׯ#+&Pp'j` ^6Ufg< slSorQ6,GDi4EZxR~$=LP HgB;_.wgDc=j+ Ki L)!@z&҃8_g"rP:^x<{M5#?s !A Z*]a8Ļ`TF¨MV#&3Cު1l/Gۖ~ydP# Uh#ʢ?ef{ߧ]w'j1g,XnE.~"B0=q5r12h W1𞈝:PArǷr#h/ZIG:mAIoDNWd:ؑ ȯZ wNFaNͺ51- t?S47l>[Xs5U~xp??:h2AE H؏c0=~4[H\֙vk[Z$q1VͧoЬbyɉX]1#$Zd"4M"m[I׍35brVniMTmv`zeS͝R,|ӾrZ p'SKLN<P8c0:1ۅDjh G`CE`bjMkk'ƈϹ'ڊګ3ڣs ~E|?2whk|G>VS^:|K{V?ЯIj0z0 N1O4s~ MBrNvUu%=CfqSu(*={9bJ4)Fתm5*G€#^E$ǀ(29xz3 ,˿kC&%Q䈑mc(|N^&ɾ9oK\,ܻ{I_0`"zkdA* qΣD}lTvϞ:' (QkXSj> FR=vՁT.t쵍vJ*kev{t#I:ᐝ0qud@BΛ{PQ;id2덃@4qHQi z{Una~vas=9GM_"ݤy.,ry@upJY*RiÛntnAy``\ʜ0AhXIuxo<_+ryq-GwP\(? k!Y}5w:ᲆ^#1sJ,bh ^eU``avԳ lQ8/+PKhH'1bL |?OMݕ )p^O`vquI\oa-#)~]atpCF>U4d wQ.sm>(UqٍE H ŷz:YݺXV+삶D۝o\<}%g}ֹY WR:] Ɏ[S[n롎lъ`[?۴% 6:xx.{V,ϛYEͿKU#pO#yͳkJo{X~8"8:Q/jT`yğMm qO@Y^ #9o+ vP$#/XzOܷ}t ƄS5PN\HQ3Smx*U7 . 4~0a&8\@Nӭ5Jxo f\ !iÓmf6zӝY>tZSR~NC\9;̳5 =Az} t]"؞jx  vHŁ&HdW+i5V~|  +a}@Ur{SUbv |weATTB Wnd \,SN:4'-BXbjϑ0iiD7vlBXǑ ̊ͯ8`/S#0Es~rP_֖ Wx':dY/o.;_Ym 0 ~2y tPRis"WHiU(I;Vỷ׃օ|-s6zwB%9Obuz$y~wREikZٚ q O ̻*aXX~2MsԘSOSujQkQ4mOgs"A+X%(*~8G+.2\wG:48hVJ"Z(wT@kv  \#flx0.y1vb:0DEE}.k /g\dE7#(/} R& L1<3#~ 9Wr&nY2Y5!I; } i9q )Y']g&W~GFi, _ RG? xWcg ]`Ajzc2? |\|P w:>b[jۤ8OQ~ JyxMh D߭mh;/+<KJ?$>wF(iE/|cџ" RT6~$ĊR^5 ϥ=QՙuDEQ\] ncW nZjHRN QQWrl+nKSl#%C@ ¤rKU11vg@a}mgĶ緪nٛaU<襫ҪrxȊD|"ƑQR|~6%el $O ^-Ԝd Fif=/@⁍!G JmnCs0!)o>b ;TEzW_1*3LLq+QiZX'(:C۞q?VX6AprbX!X󖧀ijdw%{S<NC`IPk8q0'9|?cZ .Dt4#hzDJ}YYJ/d1*>ﰟT;R<ak@kIسr+!# 81y)Ҧ?P.>9Txsl|箙efKi]{xeHDzuDF..JQ0%GwO.:Xk#3W%n.tt pNirIBR 'o(^K n&1]H}].jqF|O8D:>2Q*1E?9Y=B+7$πk> C./)6NmhehM ̔B)`F[T :Z_25G(N=*oaFe<'6uũ7|鿃}_c\B~),vzTYGHv|c &s|(1?310,MƔ,OfΏ?n75S5,yUGH}ӓX':k}QEޤb [N80ZҨVDwrdkQ2d_)rVMh`;^v5=C\(G L0;eFsZK7 `ۨ^QsG RK1hNY.rSB> JrYmJ }cZ3D2z Ė-9'Z>)0O" ěD%TJ쌻(QC/? p/Y.$+%NP^t"V?E%D6J1tBa=wY Ri@t1%ԙ3]ɖ-y/J=.u|SC^OYIX%W!U7[eN?rw?t[9 ogK:jfy*[W#L%Q^nؤξWr_o*ͭi\MD%Լ& &ITMmb (?^72̞6Rlb9_⅋AR ֎Y:hkk^ XFU0s\],faW%;,L0Nq| (*ahʠD2"deq:[;+ g}5ҽ ~ݒicBwZw =|+ nR-{blngnYEh?iei {q}Rx@sf[DM! 4('n<9 }Ý|w%j|ݣ3]E!#BQ3.x(2\廪Ǹ[P>jP^-к2 cGsAqh|6eón+[K{Ǐʜ]aK aHvw}*4[P5?8I{ÕOcqƏn6iD$,*pnkaub8xxB]I21s"_| `D{=b+e0ʈWTkH)C}MϬ4N[%5g~BI6K Q0M P]t%t^&ʷo a0.~)U/;:4`Z6߭/x(KU `a3YٞR) Vvvߩa;:1O ŷz bCuFAӤHn1l" 1o8rn 2ó3S!/m#S-ȩ@5y.iFP/0*⊛{`(f5%+#Φ-.yڹ]7y d0g|^uCC_@I{dV^'^O4YNyKYXCن3vWH6=VZ-LxOzI؀A:3 "ڠGqLQL'/$;i[V!9 ۿ9Z19zVHd( !u @էtwyP'ې³K]5@S1ѶEAܡc~<32U4D¨Do~B̋7=knEͥLʆ UK׏L@t5cIek'E)-kOu.R. 4͸W: B &: %4ʜT[UOdQR3~騃ey.l9zOG%l.;Yۋ`tdNð}3&1lA"2tqN/&tزǨW**zb!L Q'ȣF9@\JA9J`G{fur{݈Pۜ"'m^}q)l}ﶼ2~=3K{EZ HnV9pWn 38.H] 6:Uw#Qn]P'-5sܲi[fxJu(Hw|:0džikvWV@R4G{7 ~~^9 8`iq`.T^|6!S>A/!?|s15-PO7JczPۛ~A DԣuL'vR4T,:ĩucwW=U)UR?93 m9.ggyld {h O2L~y?NJKTEJrg/=!譱r'5AT-xGp<]AqA*Y+R~C,yw==]xBj_=;^9+@ Gw#wV1-JX"'j08j``ZJ>$T~˞} u14N߃%"ƨheB@*M{. 3,K̤s]`jѴ4$404U@Aqznd nhttp}-bΞ~||-.`d_&}+{3@<0--ad9m1^l'nR5(h/|91 Rw 2ʢY~Ż iv$]ӓܻ}@9H_;ɞ3GzIC-Yt9/(ІlSq-tFוզRyv_JJ79~mnc/ $rm&Aw&w@¯cm7qS!SbS4&>}Q$ p}o $˥;#Qqǂ]ؙMY?6IXZYJOdSZK 0DWUmW7T~tt2롴eyW05,Uu)!v(h׎|!=LQ8j!ms[y="Ώ G6aJ%Ot66jR0VݍaO( V\&٥}œq E(&hh?8`~9@}W, +&,gzP> pH0^~/¾% i8lnq;+BHp·' Vva4(؛Z=8;ϫjȴOFIL`(4vp6C(Sj"}Qׯ֑O}|߃*p-'ֱLj2ss~Y@8#UkKWIE8jНҦhˉ(C&'8L3+ig=5f@|>46H¡`R83Ϥ=24Px[15 10 þo]x9. ^|*ojX{v_} ]j pE71c6ت$Qi frl˹/HtP*DQGoJ Z/BsM-4hC/$ Fs6: M3[BEZ&1>*S^uBđF+ڿ եkÕ`?n>n2!ʂUW7\+'K9_R>t$ZUN|jEhǚrn׆|`"y * LH&'KR1c^%tF?oQ^4z"P:uy2':$pI%KOߚ7M*}ăuj[PBP|:X_G|ƏqǃvZ'{ܥ̰8L6|( ţ(abƊ?Ĥv;(]!-%#(\al>v0?8yҘdA-@s\fΒ'1naķfM[j9*҃eJ-qEvҐT;rEԽCT.1(GEm; La(%RzU`gcGj1LUB4)BX8s^R`K^[>5&[\k]|e@*_gNs#IxM<^\z~ӸYKbcm7]Lw2*F^X^?QM 5]8zbT uc8j ";(#Vsnp 0}L >AaLJ|f@U| \5Dy+jCo%U!}k:^]HO^{p8"ܡS=u`^sLN7qSPQ*lN ҸBƀ C(Eœ0Z$Tۤm#mQY͙t* xʫ?WIrG G|a\DMytwVӳG?sy)$e,!(Y=dSgGLXp[SXp<~~AG%f^-HnF5p]Q0 Ʒ4 E4u=\eGV pؑ7cdWj3W_q`/iitrsL(<׉16h.Q:ZPkssإۏGmmNbgPi|HՂqWm8zVvd p`Pk~KNT~8eg J1_ΘO_`Ww>Y^;Oza@%jfNFα0 ߿utLCѺKk.[b|<N0J-^-~N2ѻo?l|'0jƍI VRhX߳JJ5%U,yZ.c,9J?xT 3 >cueT+҇ q"H<،{X\ [1nyT01Ŝ-j3 )?L(ːC"A20%8)NG"h&n}|CIٶhm2hL{Cݳ؊R{q8z;s<$:$oeH~o  {qMsLff?NܺrxQsF0փ6{~b"5򟦚Ҁfy#De]S|v$GU.ZʲR@gLئf?8NdߚsҘLqbǮ5nCV!Nt 2*϶zgq0vfbˢ,3F |%'v?<鴉T7F㉬uc8;~'|pYX.w8Aom$/)Z,5QI[W/sԙ\C OD*]0`K!َ}d@]6d 2>JB651g|/.Kgl$v&n W2}@\4FHV5hF s2 ?̅mmdp'tv[8voYO3y|'ד/S\Ã% N55y}1n{08(bEŅcv!Oqw]Bxu`˱ q͎>- ّp~cU胷| 2WN%Ȓ3Ď)b^-ۚ<xeHnbj ~M6~b9~"N`𤦳siLrmV։`Qrk ?a!60ȮG\/ +U.&ѭUO-xe3T pCknZ_=ZnuT@m՛>|{i(FFP٤JG ҂uj M؝@9c${ʋs=ܶZVp*. ۰  ;ټ{Z]gOy/? 1PnIaԤϳShXvw.&P) ȚR?Zg ?1c 9,{"JEc3܍9;=1cط(Ob scP;'C0 4΃'6 B]UF)E`iWVnf_fQb}#d(pJ]S͜RnC4 jg'Dݵs4OZY.vr~VRl%VRػ|`7 nqp 0JtnF+U"[יy{mJOt(!źy´ ̄2+.BgɷˈyX`!;mAǀ[m$C/9i!1MwxUeCU1bLWo@Z }I&7͊hdm ӝ g|υGnT$`z\Om'D q-ㅗf,\%J^qӢ"pҴ \K;3ng'|]/vSBHUZrٳL ಗ Pɥjr{0xoH,M&0>f mkC2%``I坣hG9xsJ~Ovή 4Ix ;nKK{fMĪHjOao$_tƖbDjk >daTP bLIz`ñ{э5 wTEM/zc1q'K(pT;%oDwWEԔ9r'cˠΉ޹ۼ Wf)-6 1(nG?OlZF>/"Nsx}"&/kxv}b%$. o-wx=~"ޏobw^z.R@; 4!u <;( y*JlLvͽɞSŒi×3G<[GM~j __@x @7cGPdS*lOz3BfuZJG⡦(_IwTJl+#k29-_3kjuaK>GpgB(.+4op m9 y!h{c" r&5~UΙ`"_UƧrܞ L-9 57TF]ΛRS$}ӱ{^)`.FԳgg9.%J_)Ccϧׂ ȿdy& {0{_Cj^=sQ./dt!Eft nMt aBڌEߎ^!ٸn1Ty)%3BuzRiX4+7LK^cАIŒ#Cu:`2!g,Qؐ> agğ>~wO֛z=C =k.=΄:J64]ɪF}tg\7l:hmsXxbwdzS)=cs_U~N;Jd` POj˰΍Ԁ0^,/gkcFgF5/S@WLpar_tr_B,rpsե_m==EUrsϥn H|rMC~U3 P7Q>JJԙe9ddYƔC豪դV"=kX+{-f [8N %b<f\)K[Ϟ5૾\xU]Vt,ixRѹnN?)@hsvx]|$! QB=qZL4NE] (ji1`)^<6c`'C`t Pi+H|.f2j$,  LSLraFY>]_h2,I} TM+w0lQu= 2Ց) %wL>qo;5VlAyO4gYEᅙbqo]2[QXYAIMiI*;@x MK'ERC*UL'e`͇x C2.9j&Z@x=au6bu Qv˚XcvWQ]G2an4چSfM$J[y=_âhȊGQ¨)TC"o!?{r Oi\Ky[3*7/p\z#]kF!.,gzO~jLdǣ]HCjJc+nRil$&(كX{#8Gq`)EB73o=hf\&;>! Bπ( 3<Xl'3.\wu(Y#4Ptzrs#aOt4_>x{xL۞dq5f#\v_+WP**Ӿjmki{ ɼvdܺX]@e |{Hrh.1Y!>3=9z1߅auGi4G¿4 u;՞*%r:vd8~4RD9>@< CGa~U6p /Ӎ%cYu}K]k+Ugkbʣ4[)W* !}]Qe?F$yM|ƮޑUZ\U_c#\q?dWH2EE/<Fv͖j* X MAw/)ס׶w&0{b§43V:i U va]Vڎxtw)b@>XQFy[9 ¤f)hb/0G" xj HNJ@hHudv@gr|FmrmpBC 8yQbM6G\W$d_GSP#B`@}-H?[/M2RL_Ηw0^XW}FхvTKRF+!&k:o+$#`Z zckY b˓TϧH2Mydk@$8lEP%&(Ğ[ˍ td?$NYD!KǺg(ĦgOF3!m5&"_mZ$p[]̘?eUۄ>iP`Ә8/(#YBlkoSJ0nb*Mץ4`f1騌 QjyoB0^i <$Ew)'Sj4R︣!+o^w[A^2Z|gaӫֵhԭ>,_bi3!N=o*Z\CYA n gk:j5t×SO}^yP#$ Bn`xNĂv%5&8K*:֋WF?vH1*!o( uT ϼ$}I dS)r aJ o ~->0@i +JDzieQ,E7LޘVj5ڑiHY ==Rbt'Se{%/=){X9CiפDF E^A(~d3S[  5VȻfRMԮ׶qr*+i`7DC~-ed4 B)-_?ܙho%>,b / zE=i֍>4Xmr\GPڝ)鿏\@ <{_<:DY۾GX 7FP "hXHz>8",y׏q!^ jŝvFvH7xۥ ޸mYT4qr4ozU50 TX`K+mCsFe&c=iu{ظ;>T:Je 6Z#^V^mqGt59}6װCf$p"!̺ \)`tfn''}v+Oiu;T KtE.w;zd d'T5-;nGd&W?,Gb-$sĐn ~HyR^6=Cˋ&9w. A|RWT-iB?'\2Z_CiD[!}U/a-,]%*r`~Dr~=vN[ *ں(mQVTpq+\ŢFtRlaq ؎x`X-6.?|seuX-fae%6bM3Ϩ >0h?pl3 yEUލJI}ė G(X_M4s>JQhjاWq蝄_͈Iľ Mg`W%LԡrdxnYmqN;X^ +d3M/(: 88C9tב^s^:`uXGI.HpzxD#SP- 6i.M3"lCMS^ժ7l?6Z?Y #-7ܡX@e](rduur;gm h2hddY`C;)82~2IaKװ$(#d9'[m*NO-ƽZ[㺹G gϥX64k#̤\F"WNfLTpdcq7K Hhꩼ7r&@ v_a|HR[+Xow*Evw&jbU8g_mI/C]ndIM/`b%܊BƂ?qc XoݤtW{Wɮ;69X3C1!T7USkC4kRbk꾑X[ i$.%j'(4Rt0BT#gە7c-/S]Y2Lr|[L#HrА,HI]w3;P6͎DwIsq$ ƪ2ѪiU*(Z} UhT~lCӴ4׺hքcv9F<dW) ~ׇfJ˴ X?9 NuoH`Kq;K2V;K#SQ;M8)\NC,]~Jd^ppt k-"ɤg"(1O` C}:* W aG.҆q˧X-L,ϮhpL> GQ&:uP_ (o&X01o iHLF,0n]͑[:Хn_̩1XO|fL8r!.zgocBP,qy;D1>5" Za~/rrY|gcER\ xZr v8$%@BO4v~\^jRZĖ{ B:rםeq+4"gYvz#vܷCkW/ڛ6{b17K\X}(uLC;AUɀ 1 ޻\Wlu/1 e!9t-R)15*z3z݃¸uWu"4 Z)]&2ht"n#!{R"K0nuO/S22mLNϿb`VƩӠy m݅% 3~f: 0ehG h")xy^oLw>3'c7ĩwo1&3x+DdD^~\yd^bfT_7{ZƜ%qk36youN`oA($|;iڰ E(E~7 H}a2o5k$d[iPMxI-;r QjIB#anC\> ^'hEVQ+' "g[lu)f[y!TZm acÀj3W/ ,>`ݢף s:+W.?FdE;X7ju[&^}^}/}5_?&([7y#8MkҦw ) t۴r3iݬvCK=տ[DV?"*ҡ<2#2L(SU{ h 2^UpCԁݙ jrpǶfZ dÚf (uxvL6&ȝd޶l>HH6bSJ~UhAYv.uVxZΡ݋_.GQ`Wfs0~X|+ϳ<:]>vgt";`Jc9!%LrL'`$I**R ֧AgLk>9tfDCBd?nnL!nϱ}DS B,$XLAMzh,ODMՙ~c3Ȩ_C C~V)aZi. scGoJxO =FXlvyYTt!'#*E8G*/u H.$IPq[qs?*E7n1Sz1ȱ>A@sE5wݿƠ[tebw UƵ*_3@%7` <ʒ/c|>^ȸ6P7h-&@@xKZ~Zx +Zvz3M(⮻Oyo)X&<4MVZtb@-([z׻X} eOTih)ƚITjiS, udAQ!a SR5O reT`ŔoIuP$FpX 2܋kUQ;-#=eB rۢb48'ZHro/MrlӑRJ{O*&>@X#ID?TFPv趚$GzL(r ldžr0j<8"$lW[1HD?u]}n[ wܡhmqsgsdtR2F]<!vzz]otw[#a`M$GdpF!{Wo nh&}iiX4QMQfyEsڴ{ ocsM~jh'V3@#ѷn[ ΀@J;PL͋[Ҍ25K>jhy <=rc_Qq@mISq`*˩c]/&Q޶#V ҩHnƨocQˑ kKM9E x{giCot)5XV2_ν{((Y|ʖ:kV;3>Ŗ<PKF>x9}|DL|psggVT:.K+cTWk_ )WMg6G|LhY ikZ?|X]B [+E xsT.T98lҝKP+s~5 8:N8AU@M*a\>G>ܺ1i#%wUv+oUNW_ZDp+`+ex*!xjwi>y"lTZH01"aENrn{:< * a@UccXd; CĺX,dbitX aU 8WnE/`,RrY]p%Ӣ'B07Y`ҪZn/Zd $o_|*!dlSDfOP&*+LRs3?>/e(bJ^A ( F2\7=UO $bM#JS- J=ޫ OŚSS0YO#a@|sxLK k 爢f֢t9U! % e]2LF6{}7[ncJ lTlBHc' ǨUuF w6/7-A~( 䂲jۢFn*{`: $%a𓨗V8|//@xy~Ks._,˽VRAE|9 gUdlW l&5  m=6`sՐJv2|w&PJPWlb"dei_|sw&&(&QQUeň7L*ZJYGٛRJ" ^@$XcI| 5%NβܒǤ}ڻ3'ihIY͵~ *!|oά/K$YUlXY0N3QG)nqboͳd gQSD9:׭g_?#6q%$ZTOK<5eUm]7dZ9Z~ػnw9k=u!o,@`Zu?ϭ('53qːK zѩv:eۭ=)0Typn^}K_Z1'Q~"]Ql-d y}Cg\}'5EkiF+9 9;]z\ejSz#ݳ5󠪣 7gEovznΉ+4os =B<މmBxgFTy2({ bnH-8{*&SuϞ2kI`aJ䷿Kюwq]򶺍8׸kxS0ݫ^"e/gme* y3P{UV>-v7C>hj;h;0R4JQ$V#c&lߢڮ*?:iRg5{Rܐ7Z4^wpǝ?CICA#o{64u^)oɪo6raSU,Jg)H-%O@fۥwp' 9g&7^ޥSBwL$ Kݿ$[Rid+e[&Խ5uVGd_njS p^)r%%[vX&m[a Qfk,l)0#|J0dJiS<4!C(.m yTæIzET*fJo##Р6sTb9ۭEj(5T^IpMI9^CA hji|tlQi !SV9×TXeKapY2kR792b!pZ>؍o8)C//"!)R [b~Jh@#?Y.&`+KLA;SU^16YuQ~-# x-~T(}m1*`Uwt,^$F(% awfaNk樏Sy?| FMRזoy:beRHZDn JE$E$$XzxK.{ў_sOBHk'&Lء?1=Dk-Dd\-*^%GN cKM%H.ec5& PL1Zy'TH=i{^y*kN PإT?ۂj<.hNTwJ \AdC:p=*oJTBɌc@HpMU~s%ze3YY2}M5d/ĉry;ߋ[0eaBj+ЎùŤZFqGoJ"`M1K[HƄ}ȩ,*9rA J?`ޣS"lb*[g4g|tOc>~dR`ם*a0XZ$k ubj lx1mx>hR^5ӕktx׭"V;IE$9Br>83{vGV0;!gE $"2dQGĩEfn.-utx,#SpݖGY)mY&uSf l_JԌr{*8[S7AP8RdܖC8Baݱ0xdPE5n9&/n~64p{J~{57n@vUf`6(ßEr59:.x ^{F+Mo?; 0 RkֶYhEπ _eEJLg) t`E8IdxX;G<e#ag4+xPG&0:3ȍUI[ӞȷnCPb£y7>Ns`1m u>g&S18P$`T}5cnژ׵V1znd.lhR'4̵?(߫WjTRq=f \S_K=w%3kQLFmh-CVHR2͋o-p$[ k׵QC j Xĝ$C9kW y2/k'8FlҷB>`!LMw+28yP!dYpExm 4Dtay( T7(MXonUoɵBItSRݒkܶ:e̙ifWÃ..z_ ܋@֑E3TKN+ѾQÊJp`(~eI Xe_I'$2^yhjMG7qb\!ΊyQ;*%+ 7 .<-oR&/Zt'6IMg 5ARu"A n`u@<ЁnbRnP)|xvܷkoq86^[0wfh!4)4k1-TAg#xƓ@Ɍ5H[3ˇO?q]@!bRkUQ1;,*& /x͍2z4=gӦJ&H1ӯ+FK]J+3Uec%2ljBP=(Q,v=<^sc`O&S:V=$O-jy|VsH kYB|CEU5^CQ>H nN2b7#G#:*Oa@Ṫ6қ% ̘#k(Y.iFiGs'#cN< _3u:00ب!q4ݚ0{d- 'Br^|AzvraTv}H<5/]z[ 1E#a}=W=Ij5;k<=)۳h;Y C辷C+LEK C\UpM.sTSK_qh8F_Vj1JL'ACf ϡ6pEU'¾Omsȳ)O3* K_`htȼ!EHBփ"'7˂i>DOQ"A6Z=l``-l6yt,0e7$y$ O1 }!#.!~fl3 ney qo`e2"/T<7ӏ.gP6DPHls^`AVfe195\a|nw0)$Kx P^Uc$3@z~v`.IqF)8%!8`䋤t! x:/NIx,7^B >s,*ũpڟVUϢb XJ&Qq{dM0\SPu,E(˽WƩڽܱI v,R̓F_A^tgV|A1FĊ6UHx/76T8rD_:pYbJe '3e^I.^yZleDPW\oU)ۦmؕd8گPrԑ8iVq2L<\׏;6 ׎EZqR7tɎ0˺eHfUz@#8&'a= IZk,}na(m_BX) g>)!Aiy@wNvOlWTxSjrvγ33;i12#3{gGn;VwвYwP5~Rn/u cD^]M%%e9[L<:Pg 1fPF]L]Nc]X+Gm65q\C̀61 $! QIYy^Ef rA3f72w*ن[U }t@|ރG`Piv Rk9GF&Lq@_[iX2lR. vswlbCRt1(s>n2f̱&wT[’(a!lR":0BaCjI"r`Qg~eq`΃ ?Iӟ$9mN4 ?Q9qx CmMDUH'O_AE35 + h7Jy( KYDY)˱(AGJ.yS---z*ͦYߘG?'*VkWE􆑉0KwG~bu OXj2iI['}[B&@MD^&f|1cj_vx]2gpQdm q^|mJ)3-mdbf%W )2xcPeu/U~/TiՈ _ yP2As[2U̶~v:@ tW=х`˕@q:EsOB;\qIJmq7!Ae),*X(ӨF=" }{.Vm-p9_q1Ga^Pq>1Whvs':2L6K)7o-&?;{22 ;SR#O?*}&]It_`]r>& *D>}BlqTiS D~0a4?ٛ6TAK?=--DL_HJXTRِ-@X%l: }BĆYtpGO&ՃbH'DpeE{>^NEr(0%nMANmI5 r 2su7 ^nqq8A1IB@%Yϳ2$.M)}a 3hygf%9 K;mjXd!ضd#"X; u*0\Mz4a0tuM@-CCq8Xٜ=*Au>G'h\'{pӔAb @OG%xnY*{l[;%jY2 v:$OM,O# )~4Yqk`p5Ef[`åE1s&\:aے <ΕB]+ Z?t.u~;7o|ނ@H^Ǖ) GuxJ^:d"ր, #uXu`p1̼p+ s*~Uem"ʦ_w]NP߻۞Z͆Nޅ1?G t\?Ihok A8@vА Ny3oʞLWVEjST&#𔺊֡lbP$#g+s {V%iY!ipJ>W("$gjn i2(Q2vw;h^X& R9<2ZjjKKKkBcɕ<\[9fmr.L8qwzf/&X3 ^c0ȁvP|vJo\ǩs_Zy^ 3 kI+Q~qgye*\n%/ B+̛%7ǡexm}tOxh׷ʂ 5GQ|W;Nq *f3FawP^\U@\-nE-qeAn> E3>L:O QMW tFՕo`ɠ>t*~];.o~bx#@ ZV5u[&M"G"S؞!$(BP ɪopOŽG@6͕nBi PoƇZ)EZo@YR^SJUWKGJ R^ T>պs)+1/{'%[H`p>bB<\BKy9l59.-.|*ŞkߐiW3=a憻&6,I4F'SOWp]s:?5c-6S66}!A=pLfen>v\W^4.h<+_Ys?DNJe"Ax|wKlL-MƗz!"5U +a}] svd^X="bN[d$ČO<&y50Ih_"i,nL3+WRÏyf!c{ T NJJ&P~OY&엞Ra E<&}G Չp/j'0uG kH`6 <}3X1z# PAH6/{ߑ1;xq{<C]_a;Sx8H]?VRX'E%reOKQ&O^ T0 Dv(FwVDgbMZoؤ&A{>]紹!pL^`$ '*ߞz]̍@:"3eեp?cӖY$ʧo G wԙ(ش5QO* *ەhh0z2bԏ CdR:e(#BSl0vSCk9dxs-Դx>:(j7eLQ]V^"*Ϫӧ-7y<[G. !0 FpG%qÓܴkI0',`n (B斷7 r4mܵи$%e^`fě&6Y:{F-n 61K 0Z޶.0_Z(o?;m] cWyRox`4%w7|"d}8: $8 }v-suB61 hiܛ#'nVր`WRRW^?x~ӓ5@'M!iԩ@CcRdd{eJO:U\}umJV,6C@jዉK)mߺ% ܊ [/U'2ٱؿ(M>GnSa/g9gA5O&X D[}(rֵ]ydBGe7<MFc5ͿJF(pVs̫gDsp=*9PN_b p8풒€):<~e0 0LFclmRUan>`Bܬǯ;@Wh@&&ƸuqE^) ~)k>Sʟg3EIO-3mrj7`l}[EK(Csv=m&~=/} D1po(|^0 ~> tVI=owioRU0@rCL\45~=7?X P/Ew =#wefĥb:~N݂:u7b<d}zfZ`~e "]!Λ%g.CЕx~~t-ο=:Cg~{v#٤;EÌ`]dyyN>DLޖDQȟ6OCB1\_# rbfZpIQ:g*V q=USwg>p83ERY]Y}jMd`]:k019:gjG?,3h\߼+!3FVE:&| yq0ety':Ɯ_FѿxM"Ώ1RZh[9bISH _~G O/=+cx [gLTgB`v6qWuإэhUl"+z~~W {㛅s-@zvRͬ˞dS%HEz`ԕ}+vHW tõgQk$WŔ JiU| AC Nr)1cA2cMr>K>be:M Q<x_49;?Cݙ!PH\۳\ΝH܈Wʏ"Qkư iԼKm-wfmBKM^4Q$m|MS! s(Sۙ7/eOSOdApOoO"kM_65mz#+m7-Csg6>&hf 5Yzn60M:W玿pv lm 8jTeVݽ|:0{(Mk c'h튎NMlIq@jӜkHjL}fBXKG2tyX}>:9 _Gnh70$Uw?z/.𵳋!0Cfeʕ#r^>6oOlw agζO4blnV>?NvcF}{JCy]c6>|)oϩ=;<zƦFB RYPm8CXJd+r[aOn8k.Ms{< SPfЩydq #~8qvΞ1ô!L`a+fȯ qA(~+vx鼜-2,Ύg#{()v]#t AT-5rjxN]g>6dM_@=M .㴌YR'HJ"dZA#;I=fHGn z^#8q4D5A\Xy~RCy; OYȴuP#i\1qH.1ES} WO+O45?ֻEVmv_xI*hTaSr l72`pۼ˽ PRgmȁ ?kht^mK(=͂lǚ1_(&/ {6B5OU(ÈkTXjB5 ^o0𾊙3]e=5~oEbr.B#dq҉b@ru%AAgd8~f0x ݇KtBO_cׅQ$}VsIcqsv{hJ8͚T'H wd~wyEf{wV5K[Q3স#-Dr"W5|I4nG:Oj7ivky5eWVX!o4Cbd EDҾ}D2/6FuC݂p | SlzB7TűlBTp|_^c\V3>D|9Ta 8:hv |zI[k$$VQXR- %Eӱ/KKP(v e 8`Nn%dbx\{tIODg:tSd'|͚at载(SE䣱nX TYU WQQk07ҫj IalnlbI( ًݩL* N'Hf[m%!!n3XݑmX&}4Hw0Mdk!!d ef}XЈF\߉E߻EnOWK6z8qڅa B\~iJBVj5εNdִNYK2 K= wԖ.@g\j?4/^zQ.^x06 /kXa[N/~SؙTF\M,E{)a/EE=PQH][K 1w+]P*!5&kbK E%ZVRTV/ۊۥۧ[Qٯ|M+do-#|[T CddZl'jqOu&縖fąp(l^lSsԌϐ|זiIBحszbEIs=ץ-Izu?ڹ̽a`)b \#Tܱ'I W1_~h T 5_ՔܦTyaj0/$YۨCgN9煋UN8˷nv$?DdK8n?Aтq*l&; ^J{Fwk6Mu4d.&둙 <$ (blƀV:D-#`N$3tK@o%Ⱦo7<SjdM\?IjӘ1" jyܭ ٷ[3|Sx&)^uVu]v[BнB OOȸEV5FzFy\{7oK3s/'|v /7rPr tV}o1iB(]M-Ҩ"UˬHE`lrR+HDkMbgIE&Z+3utBǜJo=c'ֆ;˙*K#cg5᪩7Dt 9p͇W}(| k ^ڜ?.)}cZ%#zU $Y訲Vaʓct?*n<.[ɩΗtZ}ï* _ vr˛؟r2Cʵ&޿=ӎD!tnxdp. \Y?Yw*5_P`"$>}y׶oɆY:5Qe92ڑ*{՛Φz,TO2oO#~ ̡"uBU7X#nM[cTPC X!(mx/_E D-)bq*Qѿm2F[׫}L!7HTϪPS/F4?/*:{:c ^UD.m/‚'\X 䣠`/ XnqHR>W")Ъ*VzHRrW%i1j}3;aI ླ sW$քv G*ވXAؑ?vKEs_dd+߰M<1'&1oO׵9L;iPe@ˊhf`[WE??]^1(q_,UVfQ#ntO:@1?>Qt3Box|-;g$,ih cj1:ò\/ImzsEz8sN=SB9U 0, ŹYO-_PztM56}'?eNF?8/mM@#IiWKo+MSobw?,hl9('rXdnmlJ /2˰ҙ AwM4=X%9߻M}0˶Tuq!q]SRz2c${(R2NAM>v'az )P h di9]gm*7y0&Sc(! QI!>m g-0. ]gh1Fp}v& v%.ٗhGֺe34ȫ_N̰ Ӌ#!4>1Q!;DVj߼6)/>XբwIJ ug_ȟ-46nHR V:M~yw͎r,}K4os_ީihd<"?Hw攐DJ\~(@sݼNd|gZ7?f8M4UCWfx$DdF|*/7ZlEħt`BϾ}" "d8MjV!uMUќveAT~kĠA9(wߨ% JfYMNKd_B"rWGyW㷢]&cgkK-JE ,тRk ̄XQ`čIr̿gt,zgYH4vQ#QB!H9Æxΐ߆C6!n;cs @skʶ±RB`|RBN:V(L_ h [`=mvi.7?oU" .ws~5)^®k?Cڴ`JLYy0MaDA,#m0 NXEW`1voųǖi63ؾ&v-Պ&yZ:Zr#mln0rl/,c:ڄV5N9yiS\ip^f*ʣuL*WL`k@t.a'E|yB]J-_ rgf]N]Yj&ΗpjG0V!ǖSX'4{-|v}Fٶx35}fwyȣvim<#A<!ƿ[SK{O"Zkӡu[NPӱc^{~Gp*Pi98<@BA6qiRQ58Z&Si̕ $&Ix׬SA}OZJGµf:>nRoۀӉVp6XT&iwL1s'>8G5f L{xhvj20%h~a$N>FX쀁cj j<Y1e%80p:٪d&voI:,p)cعJğc(fUS^vKhg!$ $>G̼rP(M2MBTBjg|{W(.#F޴IcL$Ib z&*I8Ϛ˪6L/6ϟeٻN>| )YЄŷyfcsCdt sOP Bѫ *}"I8ǃ W ꖖ~4F*W%GE(ȽחιBJpu,m`TM2UڶW%(ƹZi(=YR V!k)|Be;; ޱbV؎ɑ[yIQ!# ?BPx*OQ_ v)/"^vpuܭ~+M nys CU X"UaLHut\>\ Q])Wvktnl[IB˴7|^ơ#6긐A񯾟9lM72 H'V03=m" _B`k26uq4[!0ҿ_΋Q BXH:7 l_jD׍ry CB p:1=Mevv "g\ Lu4WPB>$Ќ5BB6.lP]C3c35 \ODGfw$t2RxpMdULGn@ã>Vr$w>lP,Oa'Xuq*9kDބغb:kz Gݙ{k ׆Uh(G 7Y4PB%+a"4xݴ>Q(S@8(ߵ6- n'G7,BN+ ]o3wATOؾny-NT:R+7>ɳS0IH=fsk0|}+Pr0K5+٥f>~4|9!?t=AF)}Axw@zy,=zҊR:{B:ܦ }7@w`!!1,>4:ǰOO?zc?^0fWU,KL3T%2j= giD{nӢ]ϛ@oӫ&kzuPEnPpx_T~CE[,cYX+89I&3tCb[sG]:zvmp|_يG= [wWmCzm6:Lӫʇ#Cb\m}H,p/qC{FQxTy,:YK~NK=sv,tlhY&r.2h'S2y֒xЫꃕʓou/"ͩC/z߳C3-jb w_fx'$3B3š(n)9&ŋ=}8[m FEzoe}>hSp.; V . v0-t$|`Mb,|ԿW&M8߂xBW^_~ <ﯥRK9`~lZm*2V>y I%s]?nP[`=c~̦H@|5/r}[1FRI˕nG`-_d^a*lw3Jp=w&_(c8o>wsߩ7)Z`ط'NK8#f ~{} +g*4 8H0BSTNpZ*ALK.9Y,wAsJ#p$d{ajZQJ\;VNQH5sb z1`FEP&ɲk9>=6uMM6H[U[o9):VAǛ?2D'j2_2Dfz5vXŔc|cn\vl '*{*A+(HV߱ ̢YRnC꯮hi;uIyQx'ڀ9v7# +qb{f4E=-eץ ";{0*a0Е/ȌyvGԡ_yz0\[e+Ky?7g5lvl\|N-?'Eb2 :VjFm %7Z>|1q.{Ziw 7 ~G t@hd8L?}hCTT[:敢w3* - e}22c0:>@r lezry*bsdt00CqRPrlW/䌽YOw 7gu!uv}}/}>"fIQ!+(" 02 jGw/O}czJ7l3^4/:4ԫlc2)Eo~7!?>MoIJ_Eb_°0UǷ9>g<yN,Z~mLohckIU -Ѿfen 0.U] ܜ3W8C,nК@AH`+}S8yL`92 '猋RAO$kRl( ^3D/ƃr-pٷ['\DQS[7%IJf5Zyfj 3,Ce|cL!-ZrWJ@!?+pNz;~@)&7<0!ISrt*M)C^[6EN| :KP ™/ 7jpU۲oS(s)jUF;/sʼV C[tҧB5D*F"bRT1UXd3#C#<X~qY$6S3)6k5&@:3v,{lnD>d=1(aE6-|qA;jSZ2$(qnlX "y6:B0z1#b?q0q\m>ILѭB\KoO~XI8V7P@|:zu%e%Iᖂl.C8n1bqh щ!T6oNIhTNe;\b/n7/I)Oa͠ c0?+"׫PXzn15IrdB2n zl42U7|-c 8tsf"X|E޹s+(fY3hFX[,Dh)3RMl f߇9O9(dsq=;u3)*f5mjZ6B,m[WH"ai>~6K=) &KtIJ+1;}]? -2|hmmS?^k.¸.&55qBNfHJ4tG~Z;)V;gBC'{U! ??,@{0C*N#G-mf[BOG#,`! 0PA{yO KąkoFRZx%40µ΍ J9v[9Zo-f|M׌ lYUhd6I˿ I2NEߘJA&@sgtKn/]m=3OV[C̞>ݥ%"XV+?[.ۅJѱR[э4+Vb끛~n7ӒhXlDy q v&i/jɴM#{ NV4q^\xGƓk ѧ7cfRZ&؛KģOD|J{չKGFi{MZeʛ^B jhF ņb&[=:$h[ς;Gq[1/^D|)x30a6~MR7RJL -R̥mTL?VQkS?HgGۯhDihZouSokn%P@L`ZTw0/ID[`]笤/rSe(0HtLX(05Wy-|`O`v+LAx3PQ(a{}WD?8N=%=UsL 5tйQ#"vBJ5?cd'*eSd9_nc!T5fEFqk54+¡pV~Z$FҖ. =c6D? m]R0n!EӮת_61/;5~I 7\Po(Ro*OGVǖ令OAPv_}>V 6 N)Ρ>B`#C\x4PA[gvk D*d/ Fȉ/q*h8;_Qx'/C*V+J۰&۾EOahu*{1eeLWulekYݿcf:9"G rh_jx'>OyBQs`_.5gX2!xv/KSdj;&Y@7(K~ڳl7gygCY7}ND oa"uYs9c0NDn1 I3hYrwa ?І=2 T p kKSFQV/Dp`|3;h X(̘;%?lzlH]w9ĿM%DSmvY팷1a.jYʨݛnAۅPdsƅ?|w䳐9 >+,=ާ"41{7^䖣į8q<9H\?nתdUB_F@(}K=q.|Nd_ZcU6 n οU R2nu4"k#Q%09ωPbyk)]8!VmQ7,=Hې㾭!B0sc*'6Qu1jXP :>u,:K_w;eYx /vR/Qt~#AocRRhpek[@+\m5#PzjpmLou\Iss+JdCp熼5t)J*JHZ'gvYˣTL3ItfP&꣐hfݽQ1P3 M8I,+u9Pyi "_MRҗ[qv+ҩ5^$yĒrd{N1,1 rې !u@:YA2?Pz7b7AR 3ecYuS<--YDbrcCn`:!)D0|=1p{9e:,{),*48W]d&iCFfQi{ghZ卄PKvZ7 \ҹ vBGH6/t,pu7#%i4`'$ڟr ŠDEEJ66>_rQ2RA^ه!FW@p6*M6 L9Vvh:iӝ-` RЋLߺAATor=|}xLAY9;@I-_}v2%.*#LTȄksz? AWDK#;0y_[ղڧ!+ RM|6r~3 ܝ_;e_g#oxdtB&dҰ޹:8h) "d.wF2Txь.?kL_= gé07sNT |9MZ#:Xj㒍]*a'h\Dib|(7?n? X[oDR@Q''&l5^DD=n?dθ\a&)hC )q%@$,6ït{j̦J_B=4qy띪.T f-K_+oIc$cV:|o "p'mȣ\JT6@YٳxF(G)]xƶa<螐 I6qmZ̸20v%ATJJe"2PD*Ĝ>)S@vP8%$~;oSޮ28+[&C0yٵx2DKO+:Q? NQj8,6y3wƝDWdv5Jd/ lXxoρ X3Q}tad,iΤqf D?ix  @%~r(qD墹y8f 4~qMyOF8KN‚Gx1^|wQ/&;cZ xF1pba7.#KTPI<^^ZoTBU b: qQNXuj"E̩t0jᗬU7%(E_¸fEz .fޢu qШYG^ ʟpe i+8f'H1VBz!tLElu;~zo"Tn:~:D@8çA2ol?f0AEd|2Ϡyr~A&|K>ʍ; ?q<\9i{   =O2 EUF-+ h&2C.kaSPl tZ,oBbyW ")cزF]؞20%HiQQNXtWmVdy!\|+ynXƯV+pY!){t6޿gѠ%<"{4^)#؁yę )R2;̄ˋNFuP}Vsk7U;|{!OԌv, hhjzCxR|I:)#%/VyTwN<W5xcWS\C@H M+6O*j7PfQnGU9ߏ u]4IARv†/.XPWђV2#kO +c1붲[>u(ej0kSiBݜ*kp' o z"H.>l CWG;9}kӔ>*{-cQ%cmN72)y= WR}5U;<e63+Qk*mY8ˠۈc(%E㧣 l/-K[ :>jL-2=<-Rλ^2iKN^W\˷j  lLxyl;f] ;d-*%Rgk<|3,Ɋ֕0wkԮHhh'.SX-&㎠RSJ Co;<R$"i6(KAВb B;_^]dL0V}cnIe/ d*r3RI1esoJ$4rĪ$nË$Zc<]]Y%>)̕u7?}zI6UAC|WUC :͔kd3c37c YbfĨHƹ3Zʴ 'h\r"hq+Koo}@·"wQgV٫„̧}L$`Q7eCa?2 ~UJKbӱ}7iq!t`t=mB?•G5vN\EuZuAV=mτe В lu89װ;oPMp*yN=!csҐlX>W}_%Kd7#}B0(dQ9t}_0=NXTUߍ~Yl(֞gq!:PK -LErx|}W O<8 ijp)/*g jlrAR_*0LZD\M~VIMxE4q:-:TV8}J3#]<?3v6%6y݁]Noݲ,ɴ ].k.8({9 r0Xu/tHD959ms^ė[ks9!tWEgtqt ()c0˻N8Dӳ {U PDZ)FJg)DmG'Q9g zV LXjԳT?:~]ShXus9po?r#140 G$3:L1H'8یg^NN(s^ƒȉ Ɨ=9cTQJ!`͑6 8)ofeBb1T Z5 UfU*]čږ R:zjR`%c:iȇžbԼiJvis%`٭MiM~{IVϡqh;\fRMcP-mGsq=B8ij!_AvhonQ#tf+&Ieֈ{rt(t JlcF1ӥr0Z4 Cgps;mB7ѨW2+6+TO/2a:f o/ {;}igl)q- oK 0glp!5i\ɵ5g͵CVҟM*(I'U[/sH=$4v C}< OA5n[QT 3P.t(Rƀ K0`^`K#z.-UP2v9 b1&mhym(|#\} h]AYddO-KG rHQf uOFuca1/.^ 3{5juv?n}!:^e+`3x¼l҄Ikz;xJR.n/ciB t_jU"iME1)͍2 iGynw˜24uPTq_<+ Wv|g@h"/:aASySW{z$![ꬎ'":v8x8=w^!%{^ltILr".ߤw"d@/6Mwh3>(3<Ր Lr͋Ku%t-HO3ъ( ὺ?AvNt#`sIr'"(?]l?>D˞k]v!jxS7AxyUj0.iM8nLxMOg:Gx^хbz@݋{?3vRƋ(@؜ī/1" Q`ew,/fU{B >MNEE{ZOCC_G.Z.r:kThFRVb1YǬKg˜4C✘sPF+e<@6GgAٗ[H!.;C"aBkkV@mdiII\OHnYK b BA)e49m3MpO@/p\HV4XD3:AN{z%Q57B X:E_]d#$_ "a?_8*ưLVnG$^2oq^t)_o%hgAA0Ggf؍SAChG|; f "rjkrjRh : WCbE@'$>4~jͧ ycd&4!W SE.ͤ,WNߜfm֚_{h.R~PM]6YWtn~6KhNwWՑۭZ2' <ð7d `й523D<2TrQݵCq`LyYiYB}Sh/:J2WGzQA AH^DE k8bc&F xd`;6>zN&7PXt_h=$qY~vYjNpL~3PhVhނs#wl{_)aA5W` ٜއnm& "748aqlhc̩uĦpqw܈o$ij,DD:a\+ک?|T&,/QN&}d@K{IJ'L?}21.O3v! 8u^E zp"qr9ZM W▎=(eQҸ.B8)m(:g<̟ CD4wQdV?MLmYEx2"i2ܝ^%E)JoZLh#AA' I$cZ:NA(Loe?yko#[xvK]n&xUaPVՂ}|e,9+e-fOm~B m .B@` (,cbqT(KxeokUiLenش7ry5~i:N8+Ѳ߸vs5e*Bڮ jJ4;c7Iw+6Cx8t K4IjmSzGƃA=v]Q{`^Xgk`D  P8#2QTemaA`<-!SW]'^!T؁|j d`^@3!GU܄,+5YZ |#g' ~ w3Ԭ\G=~b" !~24&2j!w`>>%Sm^aƚS(KYN^n)俏J@d$޽>'S*݃Bv?Rxy]h^Vw/p– )23bur?iav),{pFWJLZ{}}`"DG6Vk-LH 쳷(w 5ʔ'L4Vޠ(ڞ<.? Ifrh;x_G;d`<19:p7.vI\Ʒz! =%?RcNkӍ3xUƐ<3b%&OAXFGzz3mg6!DHlt꒴9)̰nm4crtWi8잳36)XE!eW* :۽5>=N1{Q X(l7 vN "Bݥ+ y8+ȕd @!p{Y O5p&m*8EW V}^89TkAثm*>yXxYhӻL\yN1YPt& ObH&8+AҚƥɴK@u6MCaQN߱Ѱz8*+0D)愣oQbl' e#g #Tn8U#;\Ӫ#/>pSc$_*yϡV疌!N=EkDm]\5wi#k?¬e:hߊWF]7"K.wL>յUYv"d,'WS)QmZlPcm530P$'O}y;TOS"b^lhO_ގE,cr[Zb˘̡7@c(Q y׳8dYrT YS9:i5YMj&uC(`\DR3)ǡ"9$Ljm(-k[ FG^QɯУ<=}8J~G|}gVOݗ_8m6#b7)vck%Q SH G\ՠbO fq 0[X(TaKچ.\F>%(z-c_C!!FW~ m柕.{X}. ~\O-Ɵ di}cr$Y_:*Q,@Z~3a)l"ǧ;4XI+Oӯ:_^ )sGv~/V腡 6\X.pԍC7>yˉ=A٩ }L5p %wo J;ϣ)ø5^;KZS6uwNK`i{y)迌R(D} +'8襔g\K (|ŭ*K5SwbDO-}3щFjz!Jɏ(LJ)xgdžVo-@b_?='ف ;q) M9RIo=gD=аOPJ"yE') ߻yj͞ |ԓ{ rhPJgshޮ/ۂ1/ _ڙʆfTY䨇w~WTǥk[i3#z2(0"J@jm/PSE`Sȃ{1DafᏺX\,ݡ3P7a(UY.SWyL50)_祥f՟B@J1;ST; |k&b.D#l4 X͓](jE5(IAK6:sQڲ:oj19A"Yeư=v|yT.-T D^ҕiY^UWLȸ=R ڎ6N#&n3$-5K汮۲pMjfk>Q&jigw%gKc/{".u{)+fL@SEX"l<}u fCym䬢/ T }shihXM.OfmUƉ#WPJp~a#\f (;=bD'$]+/wBqWS^cѰ֑ż5t,6W, NVuMv#~CAEr|a 9Alm}r.( ~F-0jɔޭ6z 6Vs^!./$6 L*mT+Iy~eT::<~ ؙ\ܡqu(56%ODh[r>Ky9 a{6ȧ,kS1.)@Y `ӡӑ4Qr%;1]ȲB6DK0,\[PS-ۄ껂 TPvDVdM(\*ЈoN:eu'g,oT[ZwN ݻN91O پ|Lb'"tGLo]yєr8+ȵ3CDq(rEE|F tê1ɪI:[uF < Msҡ}w~rla|M={?RO<:@cN8B8L$5刁_ !\ >:}RO! ᒿYq̳tVdEOyAFSI‡k 8npW薴M%\GFtɫ~1vߧH)g.2ul2oQf a*RB]ޥW7P5HvǨ~)B$8 Mf,U c8OM~pe˧︒^؟D]aICq11UhYI$2''rUMbIf_-*Nz-[Kf<ʼnHM!2Ő[$ky&MA)EIKDEy. Ǵ#<c·vXkA~Z_ʈ}h5!pWR\P[>QQ5~$*Xx|Pǩn"k%~oo4y,ڰ<7Cn(-'<**@Y əa\2}P}xL*qB/]eԹtv\ yA 3c+)x!U? S=-ݬ]4E _`bz; h԰TuE| ]Zbg7[zĴ:#5iID=PMjvpPg$[2^- 'Rh 4:DzŜR9mliM}@ق- !L7F!%S)a mf/2ND`@tC ^qݯY87MusrS `a4e]b 8H}X Fǜ$S]"ДW<7+Ť!s>Z$gp0dQ @=\;DId΂O1&hVJ5;GZR ʴDe e01TyaOC]~hn@ 25 2l@ z$ xTMb^_%gO1N$hJ Ckܠ)({!C~M|ՎEh1 E-s(:GӾ1 8DA`;X!) Ც;jV}@ k#NgWY)\u-qbЬF򎆣0~W։5ZS!2录2kX\J5/qQ ja!7֧mo+o~kfvr( л>s+T6;,35"jG: '$ؼX=TpcrJ-7_z%xf/ގѠkk_&}CQ ( ".\'\iψH 7t_ߋZi:K6_[/Xs%UٝIۮg B ,,l&REE)`B]ɵ/=`Fc8Fg&z6+7][2èRtk:wҠ}*}CR/1َ椴 1;$ЍzLjgcKwɻ׺dRsSaC`}>R/8"Hv J2ž;FKx35{4+s؄KN [KPzxBPQf)_ bŔ,Q!b'i@zBjI}P6bJS5b9WS X2iLa RpZ[Kq VZx. AR5r(#R*̐M>8ip q˗2:sCd{nd\Q,B:g ky1~%of\p}zPډ|TEFC6FMaita4l}PE@$LMҟT&`+N +D Y϶Y'r}E8DqycYH*if dauA\eRQʓɟq$:‹=H@M_Um/TexzReR٧j?FzDGW:6ʯIR@Ia|."4^Vw.( qعʁN|Oݰ}W` * h`3(`"pSfeKl71V'*`H_Ro9nE²[riʕq7#JЛCL|BfXjDkV\XQUv*4pI{,\R ;v4<裬oS ,$Y}CcĊF鑢5z{ٯ51rE>xG,/ E4RJwFki$x %HDYW7)5c:ZIwG޺ n?4ɴphLeIhдՌdQ 5~fy ̙[Gl<՜3DGjR i*:X*q@WL'n+o&e [LK.eueb ) G9`.C5"5D&"|>d~-M??$Xۃ0ykIVeU33Y?}GYS)SS5?[Ҿ8} UWڨ!n .AMYMM'y9Nߞ)KI/yV{D+L2E;F*)IL9( +KK4I7EJKQ]_6`{!F̘՘OQ(s1XqyozR}ze!Sx KFE9/DZ)XIҹfN=T6" ;OQLR> I:{wu+#˧ISkui'$I]# MNa| Ϸ\eFT-نՊűA2}磒z3=Dz^4폌?9%YCR{j*UZM¸A^U%#p:*/ߥC`5`VnvBIa?j&4 Ȗ3Ge\>ŌM .EJ]z2ȻB(W|]@Esxn-Z~TU{Db48{awq+g܉'JDd!{c7Vpl,'?|f?<ܧV|l~ԏ\8kBwh, 0@,C{w9d.>xѶbj ;PHDny02a2>:*xN%D="A\oe>-39C\YhW 2^`-i4DTjip$*{ SN վ%QqԖڹ߶Y+KY/q3ZuvO!b̀]0V` sƔ [9KP?4|gBH8J%Ocg̬>S",148^Nөns0J,5jmD&4 d} 'uw~n-aWؒ84䙳o1o~RJN2?3rNK00B6 (I#ITFaf%XhP&:톈.C)poYg;`~ӡIF)YC2'cʬer>W.qaUi'xCF| 핔Gu9ә >66HM{ IWky"Wf߂H#]bŵ_8E.'<&Ts.ޥ~!GSsB!O3ISc>I7M߶&cB{.&8L~9+"Gg n8R7Ҍ^r:G Qb_5F߭9TNZm/ιVU9yF2\0=JL *ӝ߅, 68<pDp^ ~Dbl?Uښ0eDM(е0t*q 4+cw+8uNd zt0{TL>d%&PՈGtUߋS1HX^>Mj Y<[`PVƶhmlcY|$:eK6xþK68$E-ky5N4aFBTRcź0毐.nˣjB%)viv Rd` 7Zd,s %w&k8Qp1F3ϊK8үz&-qwu:StenKQ:Tp]8) bu Ȣs`qpx0)j pH,a[(Њ JQ˭ "w=B 喗vOKNZʼ! @t7Y}MW@ |<'0(ZB+1TA: 9uS}AhmV;8B}fX c:/*Qŭ6Q]Alg)}s(Asn|UPEycJRA^* ۉE.T 51/)9Y=ְÍ3]4ut|љY`ѡdZcAv4~/y_IȯTFSJ/BgYKev(qTcuX0ch$&~CwDƁpO#0\![M"vv!X:%mP`(>SvC1e|Vj;y -M_xJAˎ0DI״Ja a f>ri:"nE2(~~nZf `EdOjU'ǀDҴΞ5d T2Rn`գDYLi{+]%p|$+BqRɖx;4B)]XW\$sьtm9IB) v,k 'c˞4wAUoq#%ce|k39ų}OX/u)4bݓ\NiнPm,zC@UQ} T=WO=^ft+еx ax_62rm,{ShANοn: MAt-|ҕ.!zpiq?$AnkK[7Jj1-l?-f,NFLVļ|de}Ū|p[SM/vZNND)]J*+݌*@E`|r %N5c "TsK^˿[Ce0 " cjtU, j҃fEX$:yvfEfn 8"t Pa/uAf?(s'5k]]m#?}Ğ̓R%&_*5wJ2'ƅ3s48mr YZ