sssd-dbus-2.9.3-2.el8 >  H   3DHe[U U]/2`zbUm(7o66k{Ql܃']umu(VGf r=wL%W&a3@dJ_PN ^2x4x PcϖxtDm# ]k"_k܅thۭAJ٭e臡O{i?k6} QVfX&~̟7v1 pF#Ig B_@S!kG*(}Vݓq`n9I 2NS:rmPrq(nL* j׍~ލ5wv*<ΊTK浈ICӂ(6~+|00+E"pZ3J;ŇkNYz æ[%aÞ7xY>wv+nr6EO#6~vZz"C= Es{0ͳIP*|7=CAtocЭp& އweR[h<כxG]x%f5qFQ921e85a26cfedcfa739dfe17b36ee01bc2877b6815b43a799b85cc3b33b95567dc639a82328c3d2c7abcb2dff45a3b008b9d0b050302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502305fb5cea78517558e54fb2f7fa05d7fbbc3bf71329631dbe42cf21b20fd186831b3b3229236562fb300508e92428d9c67023100e031d9273192d982cda257fda5ea829190c0e5d9eca8568569c9bc4a13503cd24e4e5ad90946c71727e875e5f11bc50f0302047c435bb500673065023100b6671cb61db5f492882dd1ab8433fa288ccb36ac1fe47766a1a4627839dc4d109fbcaafdebc37d4560bd417794044a2d023019f5822331448b503dfb0dc7cc99d0f502790ac35259ee448fa497877c5e4159958075a7ad0b2255fba64aa8f059d8920302047c435bb50067306502310093a2f24fb1c7de3e9cec73c3bb17b588e7857f44fbd3db589778c74369e31d5f908a02338977c29c50d6b7e636c30abb02303563b99e52328b93164f6f282dc0d13dea60fa8bcf20238884244fd3c12387ff076a55e8aa5089376cd20e5ec93d3a960302047c435bb500663064023035112996cb5d8ef44e48aadc3ab876459f3f2008927b771c5b25621899054c951f0613c29ce344ab9b232e75c3da1a1c0230754805b1863c9c64ded967403f972474e5a28bc0965da6ea24190fb2ab2d3ed02bdbf9e35af6a2dccd34f0983b5ad7560302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb5006730650230304efb3685479d3c0b9b3c5b56585fd00205df6c94a7c721eea1678011d4622074fdfbd1ef290d4192fbf1db6f02b5d9023100f5720c01bb887b750482e05a432405ea3dcfd32bc0e4bd029d7781fb313400331af2092c7a3a6581edbba195bf0358d70302047c435bb5006630640230313701620d10014c059562e9d21ee9db30a256b96c15e1e74db6fa6e8bdecf642aa930f70ed810fb771de97a65552629023045ee64a9342799f0e099dc838bb17b28cb0472892c5d4aca6ce2033a3030c86dd54f6991b7cbb53a1038b6cb87919a2e0302047c435bb5006730650230141a7d92dd827605421927ad9f66cda93fc631ed4a559345ce4e48f43573ffd97cf3816719580c5d802f3ef39eff7849023100a52a7993dff91858e4e4c765fc24adcf59c88d462f655113132f56cbf4e82caffe16a9e17177f01a0e0dd3a90c5967ae0302047c435bb50067306502306f1f1458faed3946b5bd9ca3d6034db43af444f2d2a9722b2be14e75d98bf5b486118fbcea9ffc54a9c128634b8c4899023100986a4b0a4b835446bb3ff8e29625df99b66dd95cb2e2b2aced6665039155ae1ccda540c482bb594022a86c58753452b40302047c435bb500663064023048f30bb8ba20b174525c72a7d3f5fbe329c5f57b776e57be286a4737d5732e68f6f5f357142d5a32cb32d21d43d2e2020230796b31acda0c2ffdca4876ffa45b89257288ba99e7bfcefabd434ce313b9c4211f4e59075c74d38b27ad3e09dce02abdxe[U U]J\U ~gęVgOr @v0Dq@~?d!zf}=sٍŤ5r6 a}pTt)do*utOU҆๢ǤnhE EǩIWގX?qdg$r[iiuϮ9o}oO2N4O2|b).uXPr6O;5,H!sկЉ>^G،J$˂lpOvaA# *-B$SpҬ%ҧfM#Ih lєWp Nxi ((\)y* Uۦ=Wh| N8QkunH>`B?d   8  0MS[r ,  D  \       < x  22 2( 8 9:f>?@G H I8 XLYT\l ] ^z bdeflt u, v\w x y'Csssd-dbus2.9.32.el8The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.eRg9ppc64le-02.stream.rdu2.redhat.comaCentOSCentOSGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxppc64le if [ $1 -eq 1 ] ; then # Initial installation systemctl --no-reload preset sssd-ifp.service &>/dev/null || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable --now sssd-ifp.service &>/dev/null || : fi if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-ifp.service &>/dev/null || : fi%%KA  8A큤A큤eRg+eRg+eRfeRfeRfeRfeRg+eReRfeRfeRfeRf09f028cd5ad8b15e0d13531d362fd4f515952a830f6c821442cb3f901cf292a97c64f6a3da4038aa61e9c96d43cfd927fd8e68543fc14fcc7655a73d92a99520614bda7917c82f59b9e4db0155423adbe3c2f1e3c4361c8fb7fd4d1dae5a9e364601b3592d313effe1a70c44167775b06693dc9b72e7bebc718b6c9e8b094b8f8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9036c7a5a9fdd4505e8474f5a9b1291d4280a47df053f6fcda8d811384e4bd96067d560a6bd62cd61152cd2e2bc1663eb07b090e1875cda133cf4dd57c97efe07bd5b581652cb8e93874c8f02f2a4cdbc386a824d6116e0ee777cb694f81fcacf0817beeebd19633be263327903d585c34c6d0ca514eec5c40ef168f164928ec416../../../../usr/libexec/sssd/sssd_ifprootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.3-2.el8.src.rpmsssd-dbussssd-dbus(ppc-64) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/bin/shlibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcollection.so.4()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdbus-1.so.3(LIBDBUS_1_3)(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.17)(64bit)libifp_iface.so()(64bit)libini_config.so.5()(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_iface.so()(64bit)libsss_sbus.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libunistring.so.2()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-commonsystemdsystemdsystemd3.0.4-14.6.0-14.0-15.2-12.9.3-2.el84.14.3eReRd@dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.3-2Alexey Tikhonov - 2.9.3-1Alexey Tikhonov - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-14070 - sssd-2.9.2-1.el8 breaks smart card authentication - Resolves: RHEL-3665 - Unexplainable error "Unable to find primary gid [2]: No such file or directory" when SSSD performs lookup for an AD user- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh rusvuk2.9.3-2.el82.9.3-2.el8 .build-idff005fd47959756ab0423c3b3c63d71042cc92sssd-ifp.servicesssd_ifporg.freedesktop.sssd.infopipe.serviceorg.freedesktop.sssd.infopipe.confsssd-dbusCOPYINGsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gz/usr/lib//usr/lib/.build-id/86//usr/lib/systemd/system//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/dbus-1/system.d//usr/share/licenses//usr/share/licenses/sssd-dbus//usr/share/man/man5//usr/share/man/ru/man5//usr/share/man/sv/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mcpu=power8 -mtune=power8 -funwind-tables -fstack-clash-protectioncpioxz2ppc64le-redhat-linux-gnudirectoryASCII textELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=86ff005fd47959756ab0423c3b3c63d71042cc92, strippedXML 1.0 document, ASCII texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix)'R%R!R RRRR'R R#RRR RRRRRR$RRRRRRRRRRR RRRR R&R"R R(RR,utf-874f60df14ae0840bb6a1a838a5e786445babbc5c11173c0b2509f09adfa44a9a?7zXZ !#,>] b2u jӫ`(y/kԫƢ wդE=$tJ}7}mcQ]{>=MUWMM[o/̍5?`(ĭSϵ"ޜ4$ 9o3j ɒ6h(cm s&qŕ1~5m@Mf`"uozW@ ;~Ewy I':W3UʩQr,8)!>2ba7Z8ઃ$ 'Oې[ضT 9J-3_<ʁ}7~7/fkܨw+5;o:K( %߯RX1Ȫvv6& MΗfdlp/Ҭ{}HI^oL3Jq LRgo}97߅ V ˒K sq=jy|kW&p ZRԋ4R>?s6s L bί&Pe gNwopKd07:U,Zh-ׯ?ܼ:!]/Zѧ5l^O KwP#'8!)BDͧ1,C0VL5K0ԋ2H#߅t48ZWW8P|NC@w36q\ 0QdwqIގ<pjp JNM&Lm{J*GuÞ4B?]p:8KR$d9J1>it)ԭvնtԿmnF8XP2-`y۱IQF0rg&$H|JHÊy[F:oN$vA٤v)[UL+ ZE 36bc҂ XgX~J@tUq; J^*UʿiXN:IJ=iL*{( c A=kD 45WɪLʔ`S$cVu=5ƗdYUk3S&c$-ךP:XhlkJgj PZJOo㖈k RQM_|ItD}qiFmڥHX'\\`++GP}%2>{O씲"=ia7{Z3B4]?'HOԣO>.0fvM:In$65gyjH(sA7nF( qz_WnA|`VP#Lv L׷^zV8᥄;,(/ӷEB gϑ$̵H#C72 -P%^k !eJۡ:J u+Apnwв:?N^oA`ud#mKk#_^2Az c7ۉ&ݵ*֗}^u s@2:u~[HnǮTOZ _SenE#wv{ބ ܿ?u5px*Cj"1nJ.j:NWHLxU!n8LgV0aj rld֧#iٷWIGrGJ~> J/G3#}$k6ptYs!dߊ-H|~y9BP,Eu6/Q_9IZ !nlacv0(4=QBPx'^چLv@8Tf thyr'Zyj_.[.1s3DbWt%P,K6k7Q,UҤ񻏧a}_0YmܑYi,i+c{s tҿUKӭ+.^g}6~1&:bI=ҵApn |m ~Q ozPt^5iv Y{ 4 4k-%EMlscT-g+;t3R/)l~ Oi xb}i^2iἎ4FS,A״'AKGP1#_HQ \)X GdzHQF,k:.E-,zRkUp+fG臃ΙqDžt[r.|RkY~J7ٴj %Ë|unwG*žJF^թm4SێA>I0Y@7a&a"Vr WqrAл>_ W8%.O6'79nxR7Y:#}RRw\͊q)k[<'xoܝh!Pv;OtMUb]%y5]|}y ES3 XUG73c{vAD2R 5d6hX]eF?*B&~!/27㩼b[e`/|0}UEL<)LɓP;+5eZ{%3)ٔn' NhF ,h cCG *F,W"4*3}~>@iLatٝa_ϭ#C>heܱHK' #%Nn!AR P.ZmaB\K31l[Ft9#(r}g~K;U y$<&Cf6f圦W tĽՇ쵚<an4$V*ə(=KkFv{ufc8Q0/mjI/XX lo4԰eEH^wIi9N4C&gRy&wlU,'V786@ڈc +v̩" TE P]W@rWhϒ8 ]OYjc*F):mInlpexf3 L*[m󛬏tNf߾„,&)}S7P! ^{H{ ] S#P1"V?sZnhF"ki#)3+fj;r"+\>~1h@F61L7~)6J2DB}ECVeph8J Hfgg*]v '+ګ(0yϑ\t~ł!QHdǩu.9$`h\H-Iz~WoW޿@N6d4p:fҏcíQZK?dިyP nu> ; =t9<>.Q[5AGCcrI>X^KӗLa, <@NSG"mm&LdK)\93G=3p lY_qNE "мV G$Fw^ ulTt-fccuj?`036%Rǔ{ N:+=}gmI 6s!?t]Ǎb? S6 7ݚD.!3\:>q{4)t3u>pύ>sHVckR;WcwL%R2&zl!+*x9>t|VbCd7 + PT*OEMPЙ?{khXgp])A'í#@6+b`Qz'"?m^f;t $|7!ŧƨH鳱aa|}a1<196v ,\ qFf3#CP pjbqV²a6:`+z,lˠ fI Q{(bU bE /|&Owev2*-{$3zOn,))w2CyKrZ@pG9#Gt7#Naf+i2z&Qƶ"Q;R{TQV`tY0%$}$u5azG=Ʈү/!1% nJ`ڌgYa];jTKppLʵOʧk볧md?`Z$])ϤtA^FJp{#^$hf$~̈q^Დgf ;aaI]馃e6_z3 k'%{-*PE abJ"VfIA' B 0QFOB .MY*ϪH7 a_P(am;;s׈1, H7$EPP(l:ld 5JZ?+:{A>MU>^L,?h.U8;C[uIv7h߹nk*5 Owl# m Hҁ)zZ!3/f~~fQ,t*$57'? bGrSGaQ;Jb=C/D# XT׮j<<@GTOz":7;HVY\X0$mF|:I58]GVL@Vle = ,u̩6KIjhLhʡW bzT /)+/>0033rK!tB̩!`T_bUy =2QÌZ/X |C_t.0I dbv9X5S eQgefR iDѰ;c]+H@?lRqv3j[AS {Hcm#X1ML׸bL&>Z8QY5pwWB.s=B-u,5wC Y1 'T7^vݴjT/^Y'ƍ$B8$| m/!y|8|<[5+9 KHҔ({5$B$[Mw` -:mpp2&/su%c`lv8 %jTcsiʘ#7i&?(,ɢ.Hۅ⥍feK8=+{X>JiZ;SA hẌgo>w}=-R)Jn8 5hSǛ4Z㻆Tf~yA ō]T_Y0e<6@-ظZb;X˼zr΅S>Udm)'&(]3K_^4U, տ*Q52.}G"ƿAU.[3MCxZ9!U̱f-5gexO!c"p]=~ b}l^svڲ Un$єQ=P%OlsU:5|5uq{=E漧`{2c԰N{dE>C8rRLV;SW/9`=vQK.'&K!HJ@M X>ӿ0-eJaw0| A8\&bvȏ6p Cݝp# !vim6PjKm"@&q/pO^8|nbNQ9gZм.0ctߊԀVI1' }Ƞ(/` AQA#8(jc g3mwzIA'KE m{]?R Gpw%XY'jB~Y[sQ9X:V|*gVZz^y-CyL۽n91*6$0R,^pXT@-ŃwHOY򨸐l4[ݣy>5Лƭa:DU3<4+>MP#iYCq)r ?O|M^8m@vbbD{=]}P` r{pw%i$imƪX_d΍ kmC~=ڛx|dk ?S{FL\) >nj^&p0:}پ27-|YC'[MHOP/⯞+5^<ؙҡvz~ H-gE)aT&&okGCMfh-yB]䶕Q,d4ݽXp نOW?Li+ 3ɮyPi_4\Pk3_EPǟdrzPi@Ꝁ?Ϟ^`E|Ɔy[Iq'eFYX1>~'o?0+]\%cjm FfV `u+->DmUcMsPX8N Ga 4w(m֓w)i&lTJ:j PuO?0󲢂_pD:H$__ y6H"5ÇNi+C\Ò>q&DdiR/e:G7 \ Q5"cwIk#NGs\*4]*@ڶ{+=껱7&sn#*@ pCtW ׭rV -R^($#v4@:WH-l \LHw#ij F}i9xࢀ|Xu:_ UA`_!NҦ2#eOA.nSY,JF& Kټk˅B$|*7:B_.$M!=S~:F?u:;mXuu-Jn; ˪5 VP[.% j,5CFV-E.ggyBrMvj=Jvv5Ne֍y +[?L2ԛ);r[=knƐi̬r ˇg4*P|)pΚuўoX6fI724X'N XwJ妳/;ld1pr[UU7n2Q KJ(9f;Ŷ5]I>v>MAyPHUY|SX5O7fbjKȾ@m~1wq+i8T@XJlu*S׿ pf 3&v Djޗi,|w㯌Ch -[G/~sOp?W@o:8 E,'.> |x|q'KmcĊgo8c'oO n9nMW659~^hWoYEabT . ceeuUEr`0Eyt|Tϔ62$ƿlh9iq?oVu񆮫%vmI^lsųUW?GzƤQ}A]p6yOt&.%,P1rkz .4ߦ]l;h_EŠ 3sY48\nr -'K# 95)hNRBv4EU*Fz/CR _y-.POy>at]c1hXy6GܱK>6`8 78<`=)∑H!(nU^UZxnaV]Hh'vV 1l>{.`=[b)f"|;GalQ,#qj۹OKCӄP(pxb5 w) ZWXtȂs ]P<9#@yt 'k2NLz|iQPYF1#@cJඤfg ^Ōt<@ySgΪ&ZJ|fsuhb6}@ .1_&35xApB Ddj 4"BPBTĄݹnH#\|G^€yLZi7hz*:0J[l(yT/TSnIg?RQ˺juv[O5DムUL?-2!hjk6!鋎a>UP7PbCSMU4:67h%qy_Yo+牿ꗒ MDQYmӌr#lgV[dI{O- No6+&-rsNhz}B 6 c)lժO cm`SIbQ \F`[8CN7r$hSٝTB; ;6}Q~w(y $jt$R| {l&Dc~"h[qv^lIO {JFCn0⫁B&RYAEs-KB.?͑!L=;?\d62kFGq6Me?Ü+[D8~"*t3*tm 􉜩k5pFW)oLݶ<#kBdF E@-OI05.,sBaB+fЕ҈pgپclM*4$('+,5(/A<6+#sy*N{w3Q{ćtXNg= tX0$(9oGI6zcB(^~/ѫ.f!gud7.Käz޻8SH?0MϞ >>@vw3S}Z qktm;@/43 $*0!Zor܆7\{dC>W٩V5AYvm&&a")Or[gڋ- | Fp7 `"d~݊x9ǷoQ՝++)F0PNɥ2A"yݮۡy^HQSb+Ÿ ,mH.}բk,|{iАcF.ln0|>>u%]H5e*i Tp^'cN`` Xϖ ĵLB͍ޫSm}0c5iT;W' QW|!~$OmX#~w hXgǘG>|ePkDV+[u;}D=!Hc"40?0Yx)GdTեr;NݴE  OɤcMFY^P1_]L{]4>x-,A9cX&Vz2* h7K :E,?lVv Ǧa5U^1-S5W>,!1N<p"{pg韱 G:'c9* 1ڐm/N+yuG!ܛr4~\|EڅMqܗAr B堡#r#$h[e6n; 8KWfx}хv =\G2q%+WlC8kݝ+MJܥmg%4i)Ph}n;x}+= tFfH_=:L,Ouq+#[Fhn1|_ {Wehev9slTCGcu;76瀛@`/B1A#(BiSسgEw߷D9ij%n t .In RA̒hp$6¬4i:]⨺Z.>ԏN4)a}exucwξ3*%ހLUa!QcCeTɳrpp}bs>H媱_ hX :q:1b)Q9䐇ĵ]lU`-R(LjVcָ)oTi,a9P?L.|> гDb1ά#Ew|VVv),+x_ބ էJ_L'5?ѵŝ{2n)Zm3ZUkiƣIߵ3ו@h)S ԓU"@D)7ӏ1I( ?`"nl_Ō;'uDl\13mS%;y᾿nBDe1 )[ g6&_T]7 LjӗK ۛdַ" Z+lROC p72"˼8X6QhvGi ZFuK"hn&SGԶhEwc7r_+OJ 5sTR~x'qÐ垏rD*"SUYzF [ 6Gw2.V7Yk3Tn7u`@K k ofL=?B1in*@ Ug"'Jk " pxVV]s6A&#TUF)o∓њiמfOک;\G4+!:sF鹖G"9ᒻ x k9jsx4@0>/ˢsqM( h Ojnt:`P(##a^G9 _SOO-bx;a ;f ѻ`SG?"̊c8H>({@ ],j t%:fـ^֎n'[R/ۚ"J>V6PTSz`BK1.ptgoP~Z]AՋo 85'[u5-CeR ȷs5!C.u T4{eٖ2+.ĉ]sy]!iތq}IGir% FSH/~MnZNgYFٺ"raG4{+֜f:@؍>øe`1_rw}XdT߹3'q[G!Cӑ}A F_)ghp(Ƨ6tAǎGն:ţ*~h/Xy>X `HN)} 1x_RX$~݁ 61|qm$9(τ1<)mWட_̯eK{B_."R|Ɂ)8ݾge!&Q F A|g 2!`]9rW6n@2fX$c;5,71FtTP0ɰ7|` GgJj!I\|;2O^WO;&U!ȈEСF+j2:O^!+-y6'O}3%Xw3-ɹ Q<2V4VcPD/ 1 U|1,Y7׷:8F*ezQjW)8e+EC4#%Aqr#׃P`h,m`G;^f? x L9d6ڤ\ԁ[$ ⠸W. hl ZsHD52o'|.g76u(Cfj|ZT9c?4uhe/e`. k_,,E$N" >ôDҩ+k7WvۛQr` y;Y@kW[j0$sJ:rxq:sÃyAߣQʋ9V-+: Zzl 9'1,vG<BȠOBdam6 >rl9Uc^ta/m+:G OBπlJ6?O9KFZ>/\Il۠chs{nҚEeP?&#? 2 8~1y5 ty]vl%X՛=".{4sݔfqܟ>gŞx+^\D\R2BcIyV+2Kbzn<*(.dݏ<.*T6ګE: Z37^Lʲf)(am rQ܋M1kwf$~]+X$88{|k ao xa.h<ibM=,C1N?-%3?S, GV+ t1=`Q}H xbpImC*D]f$LRҸ~/;ާN~`os0)e_k Ȑ$ r IJG(^[%՚̬[? {oMU^i#0Jܰ,1&^0+r' @ ^O~O}=1x"XÓvQQZUTl![=`PG]f6a6eNmR³R3fjb"pW$0'BQz)zTK!?>`sYz2uV=\HA{7C>x?Q*^_^-ϵx 膂m4cwA }F-F?##\gz77w03 ȢtDHXYbQ5x<?QP2Ԣ8["{/V ϦVۊ2h_9G$٣"@ܚQm;Ohp'G5$D̴[t9ϟٮ&ѩv ^=/r#„슰D'KWcԱG(/tiSɮ_`TN+MX\{U W>}&?C [Tz8"rknJ>YoǸX3@xMnO0VRpѨUbRdwNhO^n KJϺ, |F.r2j4j::A5Ne")}N8;#FD!nI8*cIqGbE[Ah+p4Y+Y/#TI4Ol=)h(򔝮iV$wLY(MB V0,̒MSL8 6zC-@(zGHIlmNPE޵ _a<7+ = 8/݈IK-CpV)Ȃ} (i{g-g-p3ٚϏ-'TTQqPT!v- HKRd=0):l[+A • -B0l~9ss26 tZ|^RJ<߲(sR/ĢTО%YqU+O5 -<(@x6u%Cea(Rr[V3RA,м% 5- ; hoTJWհ\ D֛fb6V^"&>";fd~P}],dZqi tH7jqq .̪(@$؇b0KvCߵQFsFr܈NhPֶ.4n h-$a-e|j||5q s|(laEQ'})`*F4yPݧ 3$ ^36ijiӇA`-u lF7 Q͙FݶydCtM/͉f:c6x!Mwdm=d_;6Ůo|2*t:}k_;G'/,թ- N`? ܐsd5pj-V0ˤ^,1kQ|_JBY+H)RJp~["w*`6v6~+=w#c-{4Vi>^(w|ShB#- EK^Xf;{M_'5 {zs9 O}{+MCoa:NGh2XRJi뀕Es:^!{&_ȟ641u]I=!ݖ\q5'i+gFCܘǝͧTnS=0mR5>$l΅UgH11E}lB6"Y8DRoZA6(Us`z\}A6{Fc G@@unNMZVtݨr|9׋P9 ea{jS/Tgr/T5O`M!gs{3{'>Ϝ#/)/VhL}9OnAJ0{%Q_Y/:? KeDpcGv[U\T~>GJОϨ*m{/}-5ǮјfλݙV.g* ^T3Bեw.gR D3!j-OT攽ܳvjX b Y5D.5*)S`+?PP$V t$'A@*ǵ{ #,L1ȁڀ#㍵pw!P5D3>} 6,vΘu:-TU2X"?:A,r|;~,A0=Jp O.ZNᙩlf˔.꦳Lx_IԀEEV"e/NZ Cj]dS4:ʡ)KEE2};1ZZ7Ğ#@stN"G' <1qgœz!ZHz.l (W.M-!#V;*ToDYC V iQNiq,\I x>6/}aoP=ϦcG eg㤧#;6öBlf@SX1UB>G׺ }!ŕsV[ʉ iHM >]peb;M!O7[񺸠܋M#QYAXT:)W_o!X-wN?HXAI /wDiYχah\zU#WVX, bZle2[?k1 '5VL/5?ڈGB6O|u|P7/͢tlMO.s"}"ZN|YӥW u0+dwP@yЕA?f mDiLy؟27nXK:AY:`F{`4X `x8h~fKBA&vȜ8H{R[Q,ݎ?Kw(г9M,Fsf&d%\2N|N r"8+f3w/ 6j |H+/8,#%{`nAl<8zLܬoAɿED~-% % _nٙcu&xr+T&dX|k*Mǂծ~Qo-Q9wdiash@y[ G!7 i3jΦX98*%9=ȊO{a`֊1l49mSoIg/Q<\oXL|9n3'LT`(%iM|E)0… h: ^m v%T'n{-ɇw{s=+ wp2oZv 3Z~c?ξoo[>A(ؠa\݀!p`MzJ1EBоp)5֣D9HQJy^D|oEPmnewxݕ43#9HAfi&G[YBxAaDUn1y*F`O*9W |&Tý(I可,lʽUn<]bsb@)ekl3M 563h0^] NQkSL:%\nZU}UpHoA_^w+bCiJeNjB K;0.?.ޤA`W/\dVlaBR52g2bƀ kX~ˣ`vu&c= (" &bgMqo6\ʊ%^Sxwy7&Z'vkD9u*)LYp vy޵΄- ٷ% @D-W_$"Jg-aҗt娅]c;d'~"< !C AOo T39Q ffDP~FfhqכI{ j#axyŇ?`@EPKߟ߃|w%><d6Xe;[cez*! {o洸ͨWy³)I*wgOQk'3l֔6鴬H 2 ([tI"K8m.;-ik(w\5ic;bqNCSR&8Obңz[iD  oAEj*`-] Ӷ((஛TZcJV@KMuC_ĕXcx} $eBRsǕ?j1 cm3z]Ap _2Zl@Tx )bV0 6@\GHݹ`xxQAIx%=[&T93h.W]S$72`/\q7'[}kq@^h}x$Bcj܂Icbs3 ?qk^Ay8=jUzUp^pDԘ Vݖ%wkU3QQY/Y_SKxSO:F;0 06d?oڽuur4EH~+;tb Iφapy&i,G[GHEJH ;vrл7rmU9H[#z(p7|^tÁnxn1v4ϙmus%c4x`.+ř˘)E#w-~WkYӈ}%=C4g%[]>ИP ?jAxR. |ly<&jCzrn;i"0!BD 3 .- "RCs|F=i+ہW c&C]g>s|ij`hXωw+BMe2ivkg=Yy1;tƌ4~p?P:Ï6wNhͮTԏ1 eo+ dJZ!#2T;%)^&N#OMBY");BQzIt4*0b&z:MVN='<Z؟~OTYєnK-5 \cCq+CU},ugMp p\Òa1l% @l%T I߳g%c-I}D/> Ց% EVtĚćpRxa R- ilsx2n`P)^qZ&Q`k`ΐZ&XR@npUYH"6b(FW勁5Z+ ፆ]֝XgD-C{,>kٻ2ItcU8%>X8|*^v {+k~ӠPNS&)]w6PU2i^GQc*Aq[&OeRbpi^#Bu񶕅ݰ88+-Ǟ1FǦ_ ىq*zLd Ndϗ \lU-?e}604>,wo$(Ia 5f}Y-6z~t#kp\)kY ;98 "& *)"BdzHdY&FW;028Rt.gJ' ܷvIkO}Z:?vڕWҜ?[^_1obi{!-ܱ0VS=A@-s.!|~Q4"P+R?ܫ/E6j:07exC^\B_unzPY"k."M<4 S ?q-:b)77͟R /{{y'Q kVKKilǧ#`"K#Kz+Cx˜f,t/[74;boXX =rGMAIRq\L<6Y6K믘B{ukVC Q3_9 aHd(+ЏJ4.4ɜ|'v#+0DOzUtEn` UC kH$_)>߶oQbGSѸ3 #l [&tJ{CM*a-}h4߳PX]zB c,Φ'tB29G-NqYyGN^R@),@NHq+tf!SLu6@V$)jO>ItaQ2;p8$0`_p_va 6W{]$ݢh /YH=ΞxOYA۹6_ BG&l W^Bu|y' /u;˵M@ܐ(, j0^! q3L]wc+:r֞?P *ke)mmG>+#wo%@={L7%l;Ibg} AYaT{+F%·Pχ1iP)Q} Cmφ%ڂ&T&ᓆB/Q^'XVuɠ"ZbNR@nM&ۂP K+Uz!fn;xA3#$?޲“"& Y?Kš>r(TlRxqpy45ܵ )oeQMπIb <-JvR|]NUԦ߯g0/YMC[RC`{"HhCøoQ /<ϛ.j:|\WWGd,eJTb\ pZآؔ.K^{ŵer|` e*xJڲ^Cc&WIݟP_!4Y3dpES'cUIE:-r΅=߷YiWAD3Alwcm{hP=e(+~LnՋMŪ*[w2efWPGA@eN[5s̚SV,ÞNP)hYa:YEy W{,xZ>` oc0ul#3-O8`9O7OJ]% e-D9a]șkn N,Iui 7Gprמ'x4M>9BU{ }%4z]|wMY ɳ0Fچze>L/*!J1 թ(FvJ_ /H=p|~f Op9劸c-?V2$&k-ZOС6?$}}[JTy@a6M!ء JT}4*ŪuPǻA Sx vb-`":rwTuY}>5Z3 Wa8'ݴ $ʌ=)3#{i׸wAA#xȆf >,֤ Zj Zqt + jJq/cCo0ZM %gW7Kܩ;˜LP-0H Av hmDgsQ/i6cwkAfZ鎦YD3J'#k78S ضPԈHmTb 1;eE7&Pu\,z~V}k?$Z>4: [C>XبHF˫M3?=Yǁ!]jMA-LzRcdN(mlW&N!>e_ o2.lцӥ)6kvwq,.brN묚tTuf5+U"Ut \z ެ*2A^u>bRGcN?5{>EFx {ʰ/rvq۳-/uRU9$JK61&'oɻ3)g]4KHv덐/HQ"cµm$+ Yʺ vu~`@֫}U6/bhC8m6MIvV#.*]9O%ĺ@V]{X*-գIՋyd0n 粣Ą-t#/CV) i&dl9֛C/6L;7(һqbIҟ.ӼKI LНpBG/QyC;Kp qzdf%pmȆ$O:h%666Zr=e؜PsgE\tt-\)WSJ@e=1Zvȟ-.!uI-_x]O* ^YcXi ʱow#`qSryҀHSIGPo;R>H9*lʱ/'}O_gWDux J-:ñ `i9g!<8XuC ׽[Cu8ߒFq 18jT"0W_E`JP5 ;Hmb"~-Aq3;j8; \'|+kvئJ<a.& d>2u{X"d.?M"gF~bd olE&3(v _;C7rR(י)V$|e1ਓK|횗?.Q'#2B#ܢI4cL\{!i~N@/mp|<"3n 36̼LM ki+H%\:GbF̿ z?4V"=Ѻ;Ա$33 Dd lX;.XPUẌ́A|D+,,}8R4^7aVh;E3_*F-Y޴Z|D$mʢ2RnG$U8N(OUWM}mP\P'=D@+$6$tCKy4,Geyk'zsP%I鋼+svJ6!&5Asd|!YV*y8*CcFZr- NLO%:S H v@XЬBH |ߖ6cf hދQ7(WJ HY: t?Z5曢x7 J-:n7[ѬBq_™;G |]ĺ3P=UNl= 9Ȉ62֤&DpK!g9LFzmFfi g3exU$2xl=aPfϸ.P7PdB&ˆyΗ5L\T$|ALDS2:}+C$rʾ'`aUDVpvۤ Ln:As| "Q63LOm:\HSl"EF_SQt)`{rz/qy֕@W_]TqY]_Af$t`{y]Xp̈́I^nqVf,1N}mp60mBоr՟5uY {eBW>m)#DcZ.aZH\cNxBs q$r*6MfvZD@@庖bm`R.:0ps}6et گ.Q`Dp|䔜W I+C. e׆)Y;xlYkN ߩj:)HMl~-CQ&q`/ %*QvE-:=eL$RO w`+Uo>P@|LF b$z-d #3:0A~DNMx DZ;}]AU/ $sv׶ID c%"tMeIBWbhV0jշ*SlKsWrgRh8E˙Tҿ [l>Cu[e5~iN?New5B$Σz{M_Tv}&=x Dbpcͧt>:+$I蒆#/Yr ;ywszRśʋf;4<7}'Bn#8R/&_0E#B=kT׬RauH!T$.Du$cP%p& /kDd^f[]'I;m41n%CMjy(<"mM'raxC1a?,{2 b4rƾ8)t%>M]gYI>8-j[ULɼTf?U\6"48dt18GBE#BM `RX~|C9fL}dla?wHM.#eMm , nDBȖW BJ` 9dP^c& HGVӃ8/鈛2utF߭+J8r԰ն6??BR7uYK?D54A>y8BE ' HʀΖnLIg>]KW 9jrnWE} (/_χE/pr/eG^0J&tPzg)FśĞ$ʂc&%FG ۟&e7|mW&bD"w6EtEun1 !̀0mX P6ƷP#9*0=-jE1[ے ȥ^$ ~j <4vo!;q}'WSZTLlo%e]N ;`Bn"+b7',7-?x s42ފ?/ 7"(^zZ K7JpJFpQDɸ ЛV_ЏxF3rLޅ7vZ}iϬ zppٮ};v!؟ =_vusǽd*ZͺDB{p!*(*fp8 #\']C K^{vCy$< */tzLhO>%9쥿.*KjRAKgg{QnrU1]G3%ޔ $KZSZYX W쩱-, *0៨cTR5آιZkTOhJm]_G+=!Y<kiBrJGOIތdo^}csjnGT7쬂BwFum$"0ZOoe ۹zǕ] QXʣ(^zzj3SpUIk{dq.1l.,C6&e,$pCM΄ld%RDU5`V[87ڶoA{-*9x/dAhěPXA33gȆҗrORNI a;]^F=C}RїsȟR$x>ۙmEpZmb}TNC&rg:]{ X9Uɶ^CB]%Z՚(ZG2W}*(ӓUXS#&Bxd`2H 坎<@&ӥE`|Э c]}&RzA ťsհh؉0oZ\..[ep0-c2ՒrR{#CWr|( V=Gbf?ȆXIuj/W*٣O?l:ьv9  j!.(C@)js ::asF7RR:9ۯ>>fu§>hJQ`>,gCrsV(Y3.2T]֔Jw,A t*U*rDW F)&ӉCVnAˏN2;1xH~$UF"":c-) ҟk06/9'L]w*4,dKgQ D},+'7t#}{]H9F ay>&#P*wl\_(ّդ)h!LR" +4@ #MSh {Up*I+hL-Xܠ DP2T\/ ÎĂCL*Z_kW BQbK=⹢"A'ig]g~5G~%5Cۻ\6M }uaJo5IJQ)b%F߇Zslw8jlͮC>rDrW2) oiXڄX(9N.x!~(dxT~SY)WZ6Va38)VPaqUJPfzhN9Sd T҆`r2Lw1OD_;O>x/+qx~\׷G)xjPN*װ-t{}C^&0‘AP ۪e< FƵjbuA!sxAED'&gvNbE. NIB^-@+?¿ވ^BW%HT(X{}0@ 0GV F 9}4ǔJ&0XOy,}m?WeወQ݃Vma®0|^H,1W߁7W `1sIFA SΑlV:;IrP}t;\HCH|Wzo5.a@ 1{NK-tCs~U=@D$I÷@SF89,sR9mx]xMƁt ^ ɯ*&_1^5rѠ Y`k]ε@1ɦRb%dJy2 IkXLYܓ 'Q&7 j/fcz2k#␳\@1sP֋߉SlD xք ,c28}ܐ@SHm_2p{g7CjAEȰ`|-~&lj I/ov8jjf`kZSuˏ@ $w2 QlĀti7eo5SPX M,ّ<3H0y-2OXEN)}3V_`,-=OLBWxAطlrXID{̇W8l/|5Lh=lDO58HχLEv ϊ,''R?:% TVv#ÿڙaSٵ'ɗIGFѭ(AL&CD5^.SBFkOzy ,-Eג~QYJ<&+M *zmg,Dѳ&bAwծ ZjNR@SťhXǁ6I8o@=iuRN'CjByڂh0usL0רt|L"* wadrW1ؘtFYa~S]&\ #)P퓋Ay.,3/W(8o>Aj-9'K}wk0+*ŠDH8OO9Ǖ& u{:,]Pv)H_] n&N9 b5@Kˀ@ΣST V'!įTܥ#8 [x|IНO`D1ꤪj G)=G>̚dg"(z8c%XU})bmLZir /IaM %?e,,{?$!p. ;tC0ksۉI~ q.T<@:Efh!z퐽q eO+0%lꂟyA) "S<BSh'CmˆSf7kuAA SB.(ΚGVu.3 s[* qq 1O9Bb/Ρx=\%Lp`B-oGT}sfx:Pz")o|Ș$촏, DŽT".`hL`K 8bmj[+4C^ )/pMdXZ8Qa_0dS|BjԍӒ]}PMu) _)I]rDžN5"MR؂R?Q,4h/dcY0Ng|EN:[eR {i燍&tx=n1*p/DAƂ+১Y]r--(pA~=Y_g]Hx|d]LZ_L6ɥF;Je \x\e<ԟV~ b*NY yYꭋ% *2wXd6 )g)-\ đ(T![cn[I]|i$la`%B.8Gl1Խ{^cܲ]W l*'*#?j#:Pc=n,1]Ϭ$ysY:Mkr!&W} P{N"q20يmb%~i:-!ukG9b+'=牭 2Ipb諰.֎TsQgtZ|5 ܄ BA8uF>GXwxopV$3 &fxa`= T>P98XP][4@PS€<&(|<:yc(f c9"y1<ɛY! cԧS{2Eb WpsGkӎfŸJ8p*,߮źYS5<9 Zs&K3SvMNY Jcy)K9+Cv+b =Z$EbF8C4:@_UPA2a_h4lăÒd?gԆ.ѬXJ36XĒ$' rۙWiCwdyprGՉ5{JٕAZğyZ'fcqRPwٷ3"ˑ }]] lA9y} @ `Fr7)Ip/!UuYt (l%b I<)mzZm(lJO, TZ=R֘F]уiY V@M%s3#MWghɱ4mD2֙ҡf2$i=hNn ܃;"ᾮrkJg/jAڑ#o|`fAH2+pi8ԈYOb6k)>5rB|%`\QD$r#=u?oYq> >rWꧤ)Eϯuy1O=Qfg yJ~~la=T'ƜkJ0\"fE{Α#4c\^ Y6ɰHNkInԪMo2[j=%n1e(Ν 6X+$Rũ)ޞ4\dҐǮk7YC?d)uC'+V2z(TF0JWF.oeZ%ZO˖x-zbw6{3^ bvf2@ŘÑIŏ9%e"' \0/(jfM{L Y>Ӣ-MYT:ı5apKo,N l?n6 2S?j`&%9vD:\_j[z*M&zgSm~*Mz㨻 a(A֖Vx4>Ih^, *ӆΩg \@/8H uoGRj66 yxkdDzaOr3(^Ȋ8M-ɸRr0tcӅR:wbxEǧsN9V _`HY2]mi"Dz3xvJs>ϋ˅.4_>b&T.W+][r5~G;Tn∷8N-!UQH\Ӹ1ÖUtCCGx B8os~FFLT$ys?MGhhv D+-:M5#Mr bkO~nfきf12g޲¥`}Л0"!ȭI(~'c"h@/%#jo޸pH3ST"KոSĝ)xyKzgS&cDƐɢ_I[Gz-r]֫<1#9v}Y8??{3eBYBAE61VDrT-NksGHxO4LRnH)mtK9{JNqwrpFq%I9_>Te^Cez"H]Sg 1 !F6xz *d).aVfV)ΆU$J"> ,ÐvYq&ȌѓJ`1AF7?adoQ[$BGp+t^dyޜT9EN|(-"F-01s׎QQ,@6@Mv?+0FqW+LsCX$} 7/Uj-mfsʜͫ9\ jwz7:aR}{en(x'1㌇hD\ G深.X_pd\sۭ'}UtG2,Gt>Gvp`KSd&kKP\$YzX:V \aTCe&NQ#`{ _"(U/f*.$:=CEu̜`x T{zpɧ S e idz Jjh_N]\ijZZf$j58b͡>Nؿں9dκ™דiQ܌>N;CzMJ C9?̣AAgp-Fjˡ0ϡl6oz#6 pEk}lS,=^Jd.O`P z (IKY7/l,𕇰5v"wqt3蚗/wQ)(XQ^ٝw3eye'#|ڿ8A썚~ҟHAJ18Mugbg4K\P&-fQ Ÿ\Z(C z9ӛ DkaMZq-^?DO)?EDpX!.]& kTt4Ĥ !/I66wd13 >'ZZ%"Ifj+qWtH+ | f)D88 O^*_&F+@c'G@'vRdQ?C%#Hl 5]) v޵1N&g(~pqڥ)Xï i=yE[]gIy_b,s)1ݙÿS/Wbi D7>OY9^-VrqiޡΨSg)VoYin5^cKb_ q0XRT{( -hEٽjH64El*ERT,4Ql>#ey&$R?ù̫:n@i(-GVp{ev}y UkE&~ @dhb80pRJ0(/j%e-ot/Zdx۠ۻ_=3QL9Ywl`vG ?ůiqU ֍ JoֿzϾibo>aЅ=VϜNYH ,Uf.C_ծ2 >{ 2mj[޿ s#^H]LOqC t*+VsDV6>-aԌ=i/!Dx^ŕM/8r`S* ٩-JKlr6ra1"ºgXSQ~ ')F *,2ё VrH%10uBG_KT#5xvmAZdvd  G<7II;yn }Csd(ZcV8U>ƬHN5N?C~x LRbt0)h#z_k~AT;xI,F抲ŇcfQ0l:m!%XCDq9B Z2CL*=OHaQLKT$oT6 g-Uw̷+?B7H5y( X!azOD-q$;d;\-xG!4_Hb&u&~a{loډo&M qbC)Ff5M"d`3pHbX7793O!r8߁dhL.ZWظ)Ҏ4h09Y6`fAԇ `(O.uCy&*4.XԜ8%Hob(^d0>Eƙ7m-DMDEx6BW\݀ l,id ;35bލkW:٪kSJ֙Uq#x/4'ONDbO|i-ϡบmW&Vtז4^6~BW࿭%³+ dvQߑ@mi R?[T7@a79.cJ'Q <ӯs? ?R0%5.iJ.>fFt#?z%0S3Iؽ6݄vAzU4[apjklP!A`%H}bxuNt\[ÊM3n8PQ1~  IznC , ^KidW7^6(H- AQ;U r li)(:?YQS34̈́NJ5Z^`Kp&+9nx8@Xv DA?cTUtWG HuV\pg>O-[dA9Sljorي/ʠcY,ezcJīЦduKEl |`B.kڻjd"t>ȞNy?+)#%2jYb# 'Bm&o/G50WW֌FJP1 ]2~<针aa{.ͮ(Tzoʹx!&HU)Uڗ`ٞh B#L(zhTiUg)ze3Z?LhAN0cFжCOJ\n0,sF%("!/F";H) f&+IDڧ%+H )@},mpǒ&mWudP|(zbanw~+F&+?]zemn&bpU)7 SS levŶį7mdEҝa/Gw7*no >HTAՒOn]b B v.Zjv}.D2ŧ99w LIWʎX2Ul\ãfeoSu`'擵=up }[cj{r oдgN}vv׌%w4e<++ea)ޑfnvn^WZv-?7["{۟ #2o0PK#Cu͊QNӘk Y~7 r"D 1S36^6loCTniw΢Gmwئ%!( '<̰EIec_^a u_ { ^q%aۜrlcF5rJaUωԴ<)ັXL:襚ez]N}mtyte< j\I6^Wl/kɜu2<"Cb46Ɯ͌=4R)4t - rJof`ڨt(V8dE +)H>&wȽ`m4ypm90"=]Uf%ls6:DytT:~^p1/O\>SW{#S] =+*hpj0ī+u6M4vq;pynKzOFyH(Os'Kl5 (S YȅJqhmE= f.x^@.yѷpv#j!pO'{`M^ mglPFw7V!OfglNڝu+I9[ac^}r΢4UfqIl-kkO v$uFqUYvҢ$d(ä[MceŨ/C2%Ȭ%b3D(+~$^5Jjf-Ralw~MkCT$Iz6$B_s]3FL4%I\.3=ژx8vIӍ1iOMr[sҧ*#*9-],Vv/&F7lA`.ң6 ~ai fS~e1$=9>LZIY*DtWI#-[mE$tזRQGbEyέgxlآ2ճr,B8yN MDYw(?zc>\b0h֬!H;FEZ SE 5dn+Jݔ\ E-7dPfEvb0v;V*]EG./I ]K~9abX~ ^ۀag籉)w 5=H4vRst Jôdz{d ~ EO3(ixukq3c<#­(̣!s( juX{dteQ5>,40I=pYo'1, bv.xJWDh&H7*q3 @BJw{3ռF`r5?1b&zيS%V| taq.w\WD8am*豚tYƤ!.ޖh&!8鹔g %T#Xok&jg҆i c> jv\M(^j\P`&f|^iҮM(,lpy #a:o\Y7,HH=|eyA8_^oc`hYg6hKqYWumC䭦+%qbu%=<'.e`PPW]@St=8.Z@ ~ áo|۝| cH'f ?N@LY˄%QDD\TIDß{֠[:?t\z+=6BK PC|wa>Css嗶#[DvjfFwSl>X",m.wtw UГ`aHiqc }Мif bӲGklbnkbCטzJIi ʁSgg+=XK>/LT. :4f~s儷VriڃC0 3%%~yH-y L |?yh ~/j+N{ɸHz[:>Of~jz+Wqnt ⤿b9oDK&)|\X_62ɜS 1'Dv,F3Eo1U'MKX,()gƙeA~X,L *a\栍N}[4ݦdN[z>?!UeԏJo O_* RS~=OQFj.f0;8,A__.]K}OR: .)ltѤy&!'~h$Dz)Ú.8[4)48ezC0f&Yj hYk&+DҐNŽD:O7#[%e_cgSqt@@D*;p50jj#1[@v eZo ݻZS#- I:˂ e{WcզgٸԑpӬ@?DFUo֨ d}fpCs2!q Z9fw~ՍuU8B Lp P >kUan vQ ݑD!qC6Ң6`0%%豖E\}ЉX|6$Gn؏f/LHx8)="8I5bYV4KFus]`RQW HU)E$8֙{ (CgPEߡʴכ "ԵlsgJ|mukb8F/6=>AE7`%_}"O`ḍer5m=D([bpfyFgݘ{5I# nŢgYon3>(X=j`*eN㨞 Kx\JR;) g~prkGo75bb Y X\w+܄5i5K|f 'PcZ {t_UCD+!e]WC ͡ӄ}lTg@ 5/ϳ~K'%=#6^b$,/[֑E]'_܁#V>j_$vN$߮{%HxRZ#8H,lKr| jDcfjƗXpuGq5+ua܃Lݑ%M' dL s1^ ܬ[Lv+\=LC{MYtt,7 z]k'ޅˇDZ>,E8Ǝͦdh % Jt(@ cW>oxd_.:nF3Bz"x 54-=yToFC)pԆ/ : VJᛊ @l_N$Gm@Y@6AۂaѴz`XpMCy(s/1ðs!IyS!]*ĚT(4-fN QBI"`()>Є:tt&~lJ*%ͳU7rMG3U=9>VNg.u BEhhZaCt%Qr!K}2\h\jjTLlVs <|֮l`)\ ũ_|ZeY0-%dŒ7;fb-Xym8a[w2.}\V"~)My6^"o~z0Aݱ$D]f X IJ"mёv7@[L!|Nռ1b盞 c-1X=alӃ)hѰ΃ tI[ b*XX9STd\$PYZ'6@ӮJ}p>]-{0 tO$ "f4F@Q{9F|v5XM\rlw8x*ëҖ]l v^-\{,UAةhAoMtZ2$vI<fĊ>PN^}Wt#!TqGߊSM%2~NC7諊*rA~e F7~ʸ֝jPda~ԅOR&?{Ym`6 o%)17cI@*6'?.0Fot^B4 CprOreQIG\K? PЪbS;_BSy/zP{%JqL2;5fs(Iڂq Gw毵6Q0Ͽ.GJ4 8s8sP!h-?eexkC[vT^U2U>oSARfPJdBY)փCҬeZ(/ ck=|z(e{$Vg @c_5N`Vwe'NI[1LQ3KVqExn6k7_;'*;m\kEDJ<&ѴjIi8/YþSpK??o9M.q*}|'ynL#߉ ڭQ#,y ̖'̑GZ,6\P痑YL-Šz4j¶4#GҤKO ge_ϖ㇮)Rㄲn=j=4q=2f=7Cm q2mUـ1{5_Bs- E'g'!쨞 $l{jpm{Xw?FvD8>m~*P6Ꮬ>0w;ЮV:~Zp)' >&yZh2?-mO*Tg_f?M9W[ه3dX|^P>g]Yd.Y^1VDvə]7Zzޛ{ }.:фQU~nZ8L2'}h#8dPAz (ǩNaCĊ=*XE 2eT)^zq>kj'C?ڟfEj̔8t[J4 -%9Ġ}kxYmWǸ)S:+[ ?e?0D?K)ub-2ke1n<|'%YFN37-/J O]E7_hpڶ{g}e&-r`2ݴ6c.ƅofnZgqMDNRB=jفPZK'>\c e˷#|t RLGHWyU?[jlE\48yo"(#'ޛ%]Vtɸ.ILJϿ39?DW9=?A>cxVzNf@4 S6hB^t__e^f&U(1D*`NUyO:E;q?MJTbPFk݊q; rTC>֐,#Xix %] KyENgGLxKYc!82vឧ.'cPduY6 (Z c ߣELA~DF{Mա\閯8'WOXcQJF'* Q^"S;3Z*"~z05*PTшr|7l$^xaMnp kkڻG%o:_[4oʌBb٩| %cE,ǘk5ԟ(f"3vfffK] [[KPi_Gf`\kFRz! J5\FַG )ȋ!w~rbVs]:Tj=h[PDЈV-dQ2i=y(@iCYi!ߕ[?#S_Huvx\:%xK*_ %1~l[1 ds#<_/ͅZ~"iV\>l{ݡc8rGN6&٨пJ*j ּDʔdZ5gyȒM|[ܛ4OUܯ }?jI5{o辠[}V+4+62)ZׅNiDPh7PӶ\WCy+L kEJM'Vs51V+S8C$C!&̺R}T^jM9 :a{X])- p^ta"ظ{$i)kJ=%܌ܪ62zCj1W5KHs^&τ;VVcS֌5HJ'/鏝(vx_*WXU[WA'DO|h? ߢTq{M{ ou]xKe];jĮΦ0YVo^MN8.T>[V9ؙE^iC&pwy.M0wb}+MD''Ǟ;>*t3J9,?S42o&[ a_`,mp蘜A{W٪i u@Y l;Ѧ1f9)#} >8_~mF ˬ$꘤efFTCALd0NmzNra` tJ㬎Ejf"|A"$D8Wf/Dh9T3xdgi %aCfrpՙ(1ĭ(I*b[Y'14r갋&}X}y{{'=Mq2 WH #ؗ۠){Ͽ}`.^?d /Hܬ{QMlĚSy0; w#(Ȝ؊"VGYؑwnW+܄:S$ŭR6#@ .BzvPiwpHp}HK:afdEW*X7UjLWs G1U T[_wY#:wuX?hY}Z&'KD`M'4QzfYC$nߍ «.B@" =ԟEzًn0 ߓysV3ĞFYǤJzEA0{t%ĝ␑%\VФ2 bY|RƤY6v!xG \ tPYN̐s1GN2լ(aSe#RTRE}ԬRɢn,9Aj4&uwZ0! b,44eSYlԕxq`NWLPӘaYȥ>*u_9sFS~ Jtg^N%M˵5!KurH(^cah'!D*D^s?ӳXg#T}ɮ]z< {X4Q6،|M,0}U{h ,R/z!?4($6yII;HrJ~X}D56cUƒԹ] fV?Ab4~C1Ij۔l+q=A]KmϹjc-<\QDIw?[^iogF{N$ #zJ= 4Dn 瓔TzW[yƀYS,#/I"$ /ԨNs)dCh 8 ѼC'@TD4(`TlU,+9ƞ+Ryb{_㠞? NivVD%ӽNQ55g)*~d|A)ʬ{zԺͭSnf1aFPƠ$GI!9[ v‚!5iiV<ϣʕ!P<(Q,`=g'ՙ#a)_{g26~'iuԢapoR̀pX9y5ÓK*X.%ś}G^S7jl2qX,|n?wUg_<#I^d%P:]Tm+8$AgY\8ÙbrX+ $2}RYK+Hy]B`rѼQ\K7yFcЃ_i"@l{f^2ھ `z܃$DQN"$fCh@`c{\m6n({^gf6y2u~kHhfUuUW o{2?!A/>/g-pLF쩫_,%/G#3!:ue#zK^8kڹi+'=9\'3|?жx*խlѐ栃rPBrF Np6?*lgCZd&;p9I}a_\BJt0/2)5dmOgPF'j+@ޠNĒL!'v~[ҜGy.%S+gcC46j,@17#m>o;1u_H}5*UO(1'uKGյIK<2;7y.QYA!ʨp$X.K YXC5ֆ>+94K9Ghcc CqK- , m}vJn)S&ZXV%C l`4uK(`¯s\5KcEMA:0XfwU+BbZ#QP"(civ,ݣqE㓨)Ngַ‘!_F⭟'I׻ʉ1X!S7 $-* ]s@u4d FɗȥlłR$Rg,NW8xa%R_Ok|[m,@F\z݈j6oke.c)"~z<'S3dX42l~xf0 #M~jN|zsMhc~=kΡmy*QGUnmM'5pBH!AMy;;_-G}=,k3_D)b7#ۮQxц Ҋ?J"t$ yҽ~yMu@)~c;0Ou'#$fh!c D!qP&uJt%| >`X]{ Sj-K͕FBI 7D _ݷvz W=u p믁w>wj+uuymcr$;TSɨ;ȑc:F|=1~fv6]_?@pį֮3.bPM"_3q* OhѶbW[۪k@_-f3-Hr 鯇VN4$3z#ߴh,FVE+NSR"+ڮU$XzrhSdql}t)(h@Zr`9I(N-]O\z5j."J׎JPk.Μ3ƥ8 -w_$XcnkwENj򤨨98W^iZ4r9[2׋.B(YgYJ^;1Z̳썔~TEmUB~.̟[E `[ /VXX%082JY|rqNBhjcs}wkrh,F2BhܿeMSXYՉo2QrhRl*U.:T'znf"1&܊3? Y)Wpſ %VJS܏I$ j'Kʜy>-J7F15 ޘq6AY0JCc,xw1/A?z)tzWʣo Pe~`c\ӉH$U&H_ Qf]>V'h*εMQz`S>T׊*oMc+iuc>R'-q{,&A m;4~e< Y+zfN$M+idaDqn wl@$jͺ56Qmy5><~G^T}6ZEjAE Svm &hpxRz:a&\7=$Wk@JofOEtR fodᏗ'jt-Oh,%j0+ ۈAr{Yk#HӊlmWKMCp;\&iKhbB(卐ITvQۓ}622.db{[oyw&4:v*LD#̆'z¾;ē$TzS ǻ?Ph1V%'5ש4ʴ́(z(@|8zih'j8k}WOƏD?M" KMy檥w(GL8JqN煺_&WVۼ#2N _G<hR|uµu;VQ'-jz4&f;1st=qM8*ߖ8=MpQBNX&F.;.ƻ3mh;TcqFBvd4'$Rݹu???0ܪn ˤE4Nd/?V\tf'}#>}e$?=Lq <&)ҳYb8FC(܇$aeNmi2)z:P\O:":ɘ(Lg/$$TFIc"N^JF8eFV('4؂7|?*46B={lR. @q%đ]z_H);lOk B[[ujΔ4llj (آ5GO(\Dz? e>us-%PR{߼D3&ŌM W;]2iwZ-M'ХFr{Mt#%-۰zRRhO(O8O9b9e%-& Pxx5Q +&/)VxrɶI:cs4(]XWaǂfe}a3GVaҥ]]oB}'vanzKs-; j3 y#ה -VKͮb4G疖oUgr1h uTyZ4.}Z݄`,>8zQ0sPvUpbc 7;1nC4,P(kDd\Z`}jPo(r) rOwuIJetyN\t܁吕^hv,UQGll-)neƷI7_@r. Ţ`$SI(({JHw~) bR=Kiۨ8RgpPkxQ>eȡnx:x͛~A/5:cf9XP[lqp(d" <7 /smK 5&dep꽭¼y bS'hWJΩ܀bzǍ{P90yZ9h`3`##hx;n.Z6|=oQd,͈1ͭvYZ'Æ5cnԏrwz-gés} y#SlT?-!ʣ 9?ְW/Hb .H?P! pŧSZh奩jGZuq}H8ci,|es %S.2c"ɳZF&yS~Ҍ>"߮ ^raKyWyCwtLtb&6v(Pd yHݱڣ~ڹ $ݛRԢ#YvD1tV*)c?0(B`eWu!=x+ή]c(N+9tkD6&XÛz8ᇫt-T-*4BT~=~&@᧤:bǴAj506,dn& T-<N0?PwAN|H@z݃y1ߧhE IDbq@z O !Hy- =1I{[s \F##¦2Y 7wz-#X~v$p gzJMUC7^^ $3=U܂2H2էtQH1R \z]hmn(gUoAJ-g"ue'9УYkEܞiRm(??"m?-HvR~'2t!IY<};[%IPJSed״dyon,u^l8fXvyJLݻrtc _ 9o# =#8ĔͥNtYJ7P,06T~R|ʰUHyKcrI8HSx7a\zߞj[j /fUhDI\ZҎvo+PjR\oiw9|->X/:)lTAv;>Y$Y<*'US5'D~EKI!6eJfܩvnnHm9B5 Rf:a#(uԵ7(@GesVDAHW俩 Zl"i"R|~v2`N[;3g|( SI%򱕒KAm'N.~@U$-Nܒ"1h7<_чX'{* jgF鮉5 [>x<GQwjg9X+>:/ڱQu3iv /~HyV1wza)]em2OjBiPwΘi5"+aǬ/Ya=:kF3>q嶥4 t$2.MfG&-8m 5&1:g $8=s"Pm`5Yyʵʚ27 +~BF]Mx&Az~zpk'Ǟ_Ü{@lw ?E,,- u7Z4V@`,\2XC`p!@wS(YI΍4,FŜu"w\AE'<4R=On1Gz"Id!p (*0Q_S\?׊VdpމSnS1K~y`my,1$)J|IHs`b͗VjDh6*<{GB~װ\+i|4 fpg;V-[V.3}jaNbW!hVex&[D|/meG#imlW*Hw͌'p=Q&`>rk؞]>SrNlBCx$O^?s d[td_h1lt=xMX?_4jN'1rrrv}O_?Y'@Bɳ::I^8l-8]ADWe78k.GØ!E~`7c4.)[*B^' F}-5Z~@ɝMO0 txesT&h:% =q࣡u6Tm7$|=Q˱s:%{NJ8f 62)0 ~@XRbV'#)7)`in]S"JgDj@S$^yJ> 3Snyfmk0\'QtKBx8.D (nhɔj~#Ձ R>ɻ)bB;sY"Ԡ P)6xIO?Wuќn /]'72"l@kDilBtu+k'V&;?>!XiL8%40 \f[{hsP ) q}XHtYFUw?dB)$ pgK+' "EX**c~ѩD0FcAػg&]c^FЬov繏xwQ,YES>SWB9B+/aضm ce}a Qhd+*]0a_Z#r _,dhj]s^$F( KJ h *Ɗu- *V%=`3ェ%fϔƴ n+*KyW@ԘF6/YeKaK>KcvK%=iS4bZ.#'VDH;#A ߓd"R 1+dʑm^sz;d[ XKY?]ɔNQuTUfـs ;m?dFK9?\\ą=JXY!%1]%(xbm\_0},+PH>i)B; v\gW\.er4?HEMAADDɭXdj<VEj#O-UPDc͐=毦Bl&jޔBUec x@{֍W4F-O0"&%,E!kO&7}e8ː} f|p"|+(pc!z=ttu M] vZy/1b:"}ױ &lh,BUӫ!T\tp@(S=בvhgo/`(AG VwG%݂m?;1f$)Jm5XΨ <)Di0stmDi`T8M耹 h~iHuP)(s!ҋݥ|ؠ JXOfGv9H㎏ Zv3o޾]w " ?b}?ϿIq]?ZT('VLn m)j9LR Ь#Dzae]_F0d޸Phza6pz?g2kqo93V|UE!^f<7ݫlFH8SHU))zi.hXf-,%0i3h$$AԐv!O;—dZ(S5݈pGP&һW~UB5CVKxNp$35ڕz0|X3Rt)jO -U2 ܘ5D-"\5P M\FjJ8\XÅc+Z7~fQMPm6-jW4Z9Y3I0Q$TRVMQV0̨ )y(ND4ԫ!5CE Eao7>{q́1IP҇㞫5a e!g>+4 ^h)bVc*]NG_kk>պ#xJU4p84UA; zk.J 0Q} Yrʻ6B6e^PH=0IS#@6oI7&.(L7zq3Y*i=Ѩi]7τMOZ``Z0E!i#\ |~kjm^6!Ȍ~|ЀSߑjDBZ~]"]uw(ߩxDDJ'VVUݲ</QBxǶOl&H搡8 8A'??ʽ)~}q >HC?/d$ڡok=; D5K`̦KsǞicyhiL.ӽ3+!t ^. -'˾TJb`<UX2*^7);E ;iD=\;GL@&7qLǷOU1t;Q,YXK€Ԏ`0E ++ <0pOsWبӵ}) 'æq\2雸_I`/ iЈu툤Ƒ f23%bWf ~=X{ $0p)TbdA3q!"=zE#艵*s}#}6EXA4vJοC^xfzzdR YHqC$"/0{B&C C,-"^M5-c!͕}ËY6L'N 3zc53jy-_1+mQI 3S\l__@;]+xb WJ[&cVO9yW(F]2O{ԅC¤]w 3=Y$9fgF^w$&Ě]h3 lٚh>Q sJQ99ʘzQ7!Tt3 N18,H!|CsNByC(Sc,\oTP0(阽@aY@ 7XļQ2ŏ {NIr{f+6iG%24|JZ^dBmߥڗ,{&,!^Y.ԄI.@CY R#jjYgunkCz {0` ҭ;5L{cL;C('+l^\y_ۛ`.ڗ[9B}%'`Z./Hȩƛin`D(WJnlL,-dSvdx*=bWՃ.jK9ς\;,c6Ib2(n>F͒[vv>7D u\$:go؎ih\׼^̵7p8,X7v7(z65TuFƏ<fKJ Dp:Q|#w~L)H+$fPQ".''M5T|ZYF.qsx^+AqMY٩0O(CRN!-~j Dv ^.1Ib7)83]MZ\ *_fgxKM6&|`mgSޠSx)٢r4b.ƛ `1Jh5$;EHzb+mKvZzCy@$J4*Qv=s@ueT #q_}ͧk(n.nRU1Pl"&JZ;>HP݃'vߝNp_?%;ϸNrEQ Z#@ʒo+L&J:GKO/c~,-2!__car!R!y]xl~4h'aKKu1jvd|SR<0h|xg52M}Ho^.^/9$zOF%M},fBR]CSJ`(J2f$ XiHXy~״ofCt1J-^g9歹mլ⵪asSX#nWG>&P>#* NPr0 f-+ #ęMcPDl\!=W͏VTh]'g<}yb;֠DtJ cJM%mqp);;tyms1?UdF.ֱ/h.4S\lx` 6Z؜&@'ĕڭZ=}4k[yq$\`EH9)lPDb&/kϲTnWjQ)|Dg녒(vl2INNH3qWHt(!zN2Igu4'ws2\SM+hT~ucޱO4ޚ$A G" hSN?N7fRæ;Z/*dLM:0 +,h2&l`!6 gNTɂJ!'y{Ad}٧GZp枭q@iX6Q=#)d$"~p11Wl8gT#Y-eDebp4<˨Д{N}I'j&UϿaWbTAv_Q'|b!q5DY0'1ԗ<~HIiU?k  ?Ũ4E]jAy,œ3pP{1j#\}<ĶVmb~U[sO٭^.>ED;e>|]z̉}\##ibCxaybI@Wh?61NJq h<1(%P/5B2Szb4rI4$F)b*T>Tq7-Ie4]QvB=Ws7Z2#gF5+DB0:Hub;Au9~So E tdL YvNNճ?W24 À_,B<큧H{vXAFJXoEE\ c%oi b:+hW?Nᇯ=uVDuMTJ#"N'3噔RrKEF Ng;N:JPt0 ss+})X&aK!28)^d9#)5.Mm9jC/[ҿvnzୈ3/XR >Wo_|A,9&b<_`ͷi&rgMO3IZ0w'ŃbP_>?% B5~dJA`%bV|0>UDmHkE\ <$0#Oe@ ^vQsyiy#"OM|}OdO7Д<5_B%Bc /rPAS]_.$1c9O%2ʓUpv6y1uoVg͘ϫ=И};וC,kmzAMO#eP+`D~mX%.09k,*vm=SbQe" -'KQ Wէ~`򄵶偮E[:|^(O*E^SQ(K[*IhwF=N:6qN65 uX&?9\ >AR<Q"=pVG>g -Y%0Ǧstasv vw}/ 9idzVlK*2 #{( Ho$aEYR̙Z=-Kc[HsQ&_)W SrvfڍIoՐ- ⢗Il魐y%.6l>ȌVwp2rs| fOG MT:Ծ:1v6+0~:yh(Y \@1UTdŜ3nB/_ӞHVu}2 ĹD<^`%U&j؆ȵH\ İ89h-j _c[)\_ݾޅjka_h8q6i5q QoNA,OFrUcj[Ю: ,Ec'u7)w)!hBS8N \{=wUjc[9 B.3\3|bDqz4f4Y1Z";(<ҒҒa־;*`#Johш+ZN2\1W3؀XS&[|D .%kF<ʽ?2m(aaOQ+, Y^Hk#Thѣl09zF|./O U8Lsxpdn| Mkb>rJT|PGM 1uO3+ ^{V{fzcSS-EV;dA&;RU32B,>U2TglxFjHVam`}$ATjF{w-nY\ƌn1)1Ew]6643H bIuoU(rL+rw'>Rj(6Y饸17z0Q~Iw…Ki(6ui}f%fוvyhS;[kK8˰Il F,nH\c(cx?276ՏsL%&!wP-΢k+tL؉!'|v0EכR=hȪ+B_1 s\@?#Xmr X9Yz߳l.˕Y2 ] 3_od([|"aA_6'V>x1;وAF <?lN` M#kN֎^5d)4Unyou t;AI=z :&8Tˡkpf"rG+l *Ok|s3UYR*pzA*{pW^l>~SqP<{(F>fKWQr@ǹs`P3dLYA'8+u'b%:[}eltCPY4Y>܆/_ϦG@ ↯lKl۝*0=;6>#tpK B]PXHdK(}؜[j 0ڀ 0L#9Zst[xh,֝Mi] M-͐/"ZL)7WYYM $J|Ug$ `37]߱Mj썙4"(&s]H;DķxeVu'a<C8nR]Y/HT!s8H[t:PyyGaYSArurb2ᒨ{Ʋ!k+1ȩK"3'#*>axGmv2FʾҖ!hro%u4w;eE̫\Iu|Iko41 mX7 igƟ1 !gCo8do}oCl} 7mK@qI Q bo҃9]*;wvY2 r(AX" @q*ЧaEOM 6k_GD)TPϝ#\rxfvc/qjևVg4PE?Em( <@~$Mc'h Vv3vʍ`dTZ*m"+:)se}TV/B$C"] 0Y0񞢹2w}ouU,]&Yί<)ɎSYկw_r\HF6,"jq b''ڋhؐND `j_[XcS&8c7& ;lL3'Zd(18,V̷;Zp$m-Cтd0?JVWeن_I"f@a8 ~ǃ뚉\:~g <6_2dX 37<`lJ\V JRcg\llM<kd!'|mQ҆ɮD&Lyu[Kz .σ7CcL HWݴ,LbbvH?rQ3vb#'ZڸI9c~ԫ+1\XW{k>3:2a5o4d3jj-O]ɻ۲21jK8c W=g0R"S -~1<^` tPh .h!2;\13ut6#͌`,F6}'}=b7̑+z1CafLK愽I7;UgjeG t55%8ZG]-F=GDtkd`nrLICfrMj F=G]6?^`Df:JueBD "'c9kl6ylٱ#xx~p[Pm߈@YhMhWb}SPxjy }O^b-/v#;jl߬kt.%ˆf7JP2no9 fsH}46o:)(5X Wsdz҉P,FݑmOBYnŖe΋Yx,*}z 4Rjrek Bo5(@;9):I $/xi|P\+ >gi]tCrN=L X7@.o+0RL7uѸ-^m*'տS[hpOtR=%&;Z4'M\VNOą<E wAd݆ G6 JNTEFtߕVa:>S^:   H熥04LV^-Xpf" jq)MIV c90bvAe"|#B1!'X R SgbFc ;$ DT0m fq 60VS\=X%0)j+l\#Y槍h?p[4Hdd)Y3uĉ>3](G|P^'` n`-JA1DA҅?n жʹ"|h u˲3:իCW*vTrzkq+ b۹ + /XPɽ!Q*kA$uvJba"2:+H1}4O: U)l-Ҙiy;N6]lTasWh#T+9"M Z9q1+۩gm w0|OeKEm4 ^dJ;d? XؠiZ Xa#',C+IFaȺ^f&-ieʽxdtn"eL MMD1V['ƔV둺8bmҜįVbP[cցRr]XGJm˴x 9= r\j'#iבLA'%괿p@NU&hcB儋Ǐ>86qe)ޒG1[结W- J=NkM!O3508ld$-8Ԑ]{[!&mѰs_*c\ν3tVT"#76嗻`P ^G(Vj ?5֓R8P=*_ ljcl`5պA?ؑp(bM3c2ү:FnL#Z9ɍ=U6|`߂GGG )sk 'q *.Tp,4}+?iM3"2hJ[:zW~p0Sް?- W)5zBD"em$jY/3W7ڗ :,ϕ@{pf{@{ QÒJ!il]XI\> B|7%} S"od ^KpBaI8Q٤/}Jn#|Q kห<: 5)-/e~^Ӵ^ j6(i!+mnZoN S7綨&f#-Xl#%?EȢVke__Q M܇,ã<5"yJuƏ8? 1_PU֨T/2k*XnTp&  +b S{  f*UL00o}ඦJFȃ 0l^+|d>sOEΎ HHq.rymw]93/tF&mA8bS挳JۏƝ2d͛0kvfVs#]|c} ؇*NvǠThϦD ĩ4'KwDnE2rPTOڪ G>9~WixSmgP^ )"H} `@/ev%-O4{K6$HS|ʞ10hލ(s H4ePߋ^ 8:-}Wnܐ!qxG:Ni K 7]@[O4,+!ԿVD1eGעDyYJH ߆L&PUo3Rq,, O.)=^\[rQakJV=AOۨh 3xF$w )0u璗2eIp ȩh%HLV,;qn ;̐AS" |~Z׸̈́:DqjUݠl5Ќ'1 Lv60QSv~*  Q\Vz.)nUiBgym]]ӵP>0dgvQgc6o,.6pRW<:Shb*Y /ҥWBk`~C~J acL,H!5U,=\ ,gdk21\B3'M#KB} Jߝ>R)bkAk Rt? V TQS~Ǭ+A?Ѝ߱'*syBf."HUyx$-.ˎ/7wy HTR-T:J΢+ZFTo $f#MBe+Fh`Jj\[~ʷgǀC6Rv3Mu|\^\hZMW7zhNXo28N0"ߦa{9vw$N[ }'܇-07cWAw[$'BPD$a8_CH2r󢀣j2BCVb5 H!}X_ZͭRGX_H"7HjӤYo3E֤BnKP*收aBzt)؋v" }bóoM4mTUeHk]G̔Gbވ[HpSXW,NL?rDuBiͦYУå&ϦH[{qZR#hMh?(q^.zHr1 ,H~D%=X3I^#_NkH>d߯W-RH>0sM9!EQ5S{uꂭ%CUoQ+5X^H?@2%˞i({Zl>5uw̖R F>xR2Kk -fwjdC/bȩ| v(b1_#;r5E^B{t1+#KZ=R5Ah/_=8,}uպV%͎;*daLh8ך4{rnU%uU/ =6rA@XgkU٢PL},f}3B0y8˳B+GĚ6@ v1yDn(0 XyXԸѤZv75 ©@3V'z r%}9/!/ƥazۜ7 $P,yE: ?\ĝ`G'ˈv S>xLZ`/ W0ɼfa﹧[ gBw:rٿ( L$PiTTV&R |uz0G?柸qa;X˴%6[x—b[.,<{9)0NAʌ9WKʳL7Uy4>`&-AjdzknA\Yph4 ?KdRXTފt@ =NFkIR@d-8p6,)={%*NZaXD+Т¿*g Z`,WDlqD|qbO3u/v kwmaL[a*:` Գܘ"z/eZ|:5Y Ё-8%UzK*s;g6v r|e tB<iu~ji+Z:@0 OsXb.HQۻ`1HG7"+.cDhAO!#GnBpm{Ywx{ rYԧL41ņZumCőAQNAȉ2厺joOn,Xz :A86 KǼ#u?b$ٱexQV5wv.,Ws|azƎ*2g[=$O71J&-{,c"%uJ$tCB^~N^")!b+3c;O _8P яLK,H!m5x8^Ƙ+ψ0X_ܷg O6 ';9B7y~"5"ܾQ|(>>aUG92je"-*"W558cN bT]DT9=!l ^Arx($gc5x8+NO hx'"WnT=ſ1}q6-˱(B$N_4m- σPWԁ2>^K-، *}S5q="f# G^n^^Q6 :4mv g柗fBͧ0g$ћ dou)ڮ:MUSJ^޾h7 wu^޵{"Vԕrt7^jP9!l#vGɹ؏ j*#M<"g K;l| \($DŀT|)KxWaPAn| KvŮX Ly@weS+BͨAqmXK@/W-.-f NR> l 8{@}Jɑi/G+2,6VvOt8Q#%H3s?E  cr݅!)W~*Xp[]))![+7qbi kN8|{G`Dt k\ci-:U뿱۩[=H3\[Z_jG>2' ;S@|)n\d/B-H1T'Պjb nY_}_SLARJbU9vZTil%? \-AnNL=;~Al>MK9`d c$iv%Pv]Μ0jǓ=xgK펐rt*.^i. 'xs;i$5}iA]H2^-±Vf$)onTiAQB3S]g t^Y8Po<3%jT0=b͜ #aQ^dHH/i8S|=eåjGC)@ !F.4RRA&F=tfXo*C-f'(C:GQ=x_'l<2 <^{%DK(,w$s!S!b:QUAnZђ6aMXg-E"{U  NX,GaFMm<y=_-O_:|AD<ΩS?5?9]RKA#ot0[4^5y%eɕKV5B3 *h.Bkm-$"7)Ujճ!J#QT C2G枂*k{\Q侔 u.vMl\w;pe ta)ESZY E!~?gl Q9"dY\ވ TBCd#̈́Z#kMA+@LFYF%4|Zv]Uq;rncvKG2]tZ.y5޷Jo8UY?e?y<("rp;oƪj* ,avx4ԄVܖZpuW=5*xڙx., u70$gl}DY\+rHa9QƢvKXblsl˯ڧN9iTҁP0.buUl>NTz(+,XnoG}/PWInaGW-xR-YȧukKɜ?N "JAߐ>\b6K:_vbMf0)L0s  pض bHiB@p@wٚMO[]~{9W~-KvDl忧*V7ѳ7M=de&gE.I1ke l ckrz-us,ʙu3.tvŽF0F<[Zρ=_ b c'_4-MAن 3:HRe(-T9q[|'!t`N1@HFaEn'-`py{k6E9F)/ ONP@ϭ2v4rNK c&tx_9`w~Kp'V.8Ub sc@~YUZM<'FPm;7@KJ5A]4ASW!JƆO).I! .lPZusN-;9oʕɐ#Mǯ#iC8A6*tw8#*;l]?O%uI@j|P6O^3X~fU&>^뚠Y{{Ւm5@kٮsD5*Qi:sLNPyC :g7q3fX~a 3qZ,owxdI Gn<~]##:nɨIȬ֫iَhD_(}- m?88ŗ8w\;,yTZN8#P|8^E=' uW*iYhM[dbF }㲽QPU$ғ{z*e;*PPª<%&rBſle.hS6̸:[w@1@aV=mTMQ`>2SVɗ|/7'=4jTR%Z/7Y2q<pOT'$,vCV,sQu\GtQ: Ilŵ:U<0>p_6t솶aS1''f5NDR 7S!h ]&A~5V}c+#ȕ穁dm~.8Uvޚ 48b%qD^YҗǘLZ)uAcQ\NM;pL qC`.:iۙ.v8v:qR)f j,Vn=2` q>Er҉tmOfo*A|coho T{Ό4ho\ nr>uւʆ#jE^iΕB9g0s>^% hj(ib&mtdB㯯ƓǐQ:TUAV̡%X:D+ŲFgYYFgfcSV&/κĀo_Vy 3}ihCjݴr^BiꃀkQϮ$dXm{@!]a# :+/t"*4ۊ*pEکs3!j;q+6{jIۆ(eXpٴB`c=5Rm|+<8e'ji &d}"1.CWڬ˝} kZ'b`*q-D`v1-tFO7zE9U[I՚<`: FS)Z*rwz\#1e' 2xBr,}!\6ϔޥD%~ 2Kqc=/} DT +a_|F%q6'Í7HG_QW,{ckw 8%otDTAגѺ yHV̑!_aYLwCtM m-O l}$x{qf%YNx95ұFPonlAr ).V zAķARnEfFl)-#c!6N{HqN`Z5T=:ѿadž$q=̚%D(#\c1Kb-e{68p_둨l<K3m~ү 8Qc7jn`Ui<ɠ\=_ 4qM\hޛS͹YCpuBH'Bkm]aW_ %Y $s00|kLGgϞ}h"=mm,C ]G,B78|x[$ˠvk>eZ<ߩU,ɶݽmO6Vf;%HzyL~ts|[Sa7lYT-JXuB9z7y@>LJ+b@CxrkTRyl4Kd2Ȟ2M&1,'DiRMR딈֦=QmW}˺ dIL5L濕rhM{־bB߸aYpa좟œ 2`>y>DC,ψvЪ9(QuO/nep J)sץgctP"'P/;Q_=DUy=rj3l}hה@4 r6Iy/r&gȼG8#Zg'C4F'hKd Hgpt"d^!6U {y&+Lxwr3Dk7oP% ௤^4|QYVߛ]ll0݆J˴.)TCI23\8E9VhB=1.̂c )5E:a,1h#92f+͌~}MBS%nsx&in"jtX A=#{+̛ܵJ,ÏxNHnZIy/2#Q_Y=QB0X,c~6vpvW(zHԩޥ %f@*вsݝI6PtotugK܋ƹ`nC &O 2A\R<=lxZ34jIaVԕ½"?$-X~gdEލjR%P05 q~\+~f:  _P5TpZ(ֳkel>+jNya*'dwNu+a~eN 77Go{(އ) l5n%gQgQ~Neٲ=.SC¹AIPl_nVACZW_?%.8S]IkbJh8QgE~s |d 3\YOo7RqqY| OQ̂~/UQ+Xεyj#Uy [K.l=LyZlUG{Tf=oedD_E #G.m| x2(U!02AмI*y5GDk(T TQ{d(͕p Thh2Y*|*3pj&ʮŢrCTBYoѾ"u^Kz`~zϴB|;Ik8G,uAD`# 6c/^V`(&qғ wrmgP-ezp6!):"y>f%y{+ֻSGUy'|?Tх32"녋yY̻;Y1'1  h[3%3syu@;!ٳnBxe`{D<:וwP_SsܡDO<usFǁzŎt!X' cJ{XE;XBbvצ$-U a*J oMc5xDzvͅLo)fƲ_d%FQUj]A6> j.=^lK,=DvW)aI(Ͷ[Pojrɇ7e$߳Ц4.ѷFz<#F5Kd__$<>OdL\bČX9ՠh4Ds`nAשx/6ˣs"ԸQ s_1(r5m_(L@+:h+P!Uطz)*bʒ+z!vNڊPcsĚqw(KXC<C1}ۢb>2>S0,-g(I^;TY._71}E";KL9&;8~^NUW5p[7iIqX%lk!HsCJ9=\!< ,)z?L_AXڪT`#DeC۔a6QFxw aJ*z}.[ /~K_1vSb˖01|ob.HX8#vo6R'X7D@Z/pU %ǝНS!3@Bqn}z|,l%34⍏s6sBfj<NyیJY/, |*0UI1hdVe|zVj mӡ12Au؋{^[ sro"h@ln ITCSIF}=`P?KVWLdxnP3+* A?Ah;d {y`7+HqoBb"gH[!3 ޓ}ӕV+Bx` zJv6$J"TK]Ou&u+ZA&K sj^vp:XʔO}+I G}MN0 +x߬ʳ||ŧjv .5Uh_aXU7o&08uBgRz 0u2;; ?V3O)лC>ی[Hc.>:a\~A/Hw¿3:(묎G 6e]L^ v6IWWh&ˣGAMX_6x7[ѮF ~+7ֺ\+t 4C|d#.Y\//VE I_Kn[6 c@zMث-U>Pi-'H#]YO_x&1ؽgr( aab( o\kzĕ C_rjf6$Ck=́8X/9!iØ L;/G2p?(StA_$)ԖWNL ;Ȑm^gQcy:dlՏ}FtW^3/3^HX=ա a8Caoț*1/!q`>dLɼ(6@U*E{r`F Y86Q[! m~eY_4EF'5Y`ӑ oNnu9bږSU֝e0N_Yߣ]g<2누V?Gf\VQS,4/tnIٍU*gq)27aMjLhߤ6xmń\CB#bfi;czJ,Adt ~k먥6UU!a X%:d$dJH&IaNeoy.,9ϱjjTdDy |n-8)_/Mv6҅r'dW`zxU)-dl"xʵJˇXzt:/.ZVզw1,Vx*-S)AuW7/T=b e@Yʀ7蔞nҮҸ)HHVN E"׈$톱   s4)J﹝_ݐ_0 hʷ7l}N>/Ii ɵZ п&O9ȸ7 +*$q4- >;Fr*=B@Eyd.)o0msNE9 Hu}B7V$,Εpd D6E\j&nЗ*ُcJh'4):1 2Pj?[6 W g & )3P ]hh卿 ^I$ɻ|X)2Vʢ'G;'c$R2' X,5ZLUS{Wx|yllxgޥ".=f.-yoߎzu4%).f $ɯf<1T$X/yIPA5=1H^^6u QA&3"C!ۺu6V\68`.D,Vt '~uOpg%F&%IL͌Q2?Mz$*{w *VH<8* Kn] fgҮ}"Î-dݡl#J&> 'VEaw;6:B!]2ʽXe"#+nY9EӲcXEtEזn@Tz Cb_%b ۻzdL ]{"_fz 28ϏF `-=B6!AhyPwY~T4Lk6](. 7z :qHF*dGWN_}a}+Um'p̝f=F WDPm 0)> X{lsN- YR;@ =tg"-Ʋ ޫvMײ>Pܦ?1405g> Y\z^DNсgX J7>K؅ۯwL̿2m5[y_}me  $`; Obh]ED!XK.BQ+ޯH4)_=?}#'Ko] g!N趬AJ])bٟ1u2 _ӶU ~5E\ qIMs ă ;'YV;xS:~@Y4.A2e|m?gMCF{ u6#))'GtnJG:*#G~mgR fb*8͘%L×IjX41H68nyteͷydR]~6+jХ\+NdE.(T QR.,lV~;qh-#73c=Ҋ#2%1Y]WǚUf4YUݤpAM⻔}/yor[N[{ye v݊%\ZNКM]K2|"eFIc\rp4o ?@p0ަ ;ܱ$ޯ [Q z$7+DZ'ZFW3jrWr~YrVf4r C , )WRƒJN2q@ey84I  P}[HdQ{^E|b_ M`A&ܼ)^[h|ko -nae4%ごܓN6OK @h Κ~^o[:/z9Hw]"a+pj,PC`m-0AuN@Я{ۙO, =%yf:'8h)Gf+1l4p忎B^R@_ g5{\DyK}g $E>XxkNr< q,*{W'ûRLg#CDMOq4TH E Rt`B>oܿ6b2H!grX/R6O(j>}fz.>L 0GIl2 َ`' t=74@q%SB/׺O8tt. \ֳR7XjvX. K[P(9=#jֹYE{:+4hy^-+XФW:JNւ k͹B33_f 'x~t''*JyW,uKT)8k_O{ͅßϐؙk~g;qm7^/G/Agocj59}E a60 Eq@U6w5u7ggJ@ MY}z =*sa}OPw )pV՘ĺObj0??\g{ Ho`_[7TT~oh;hّvcs(>]3%$jÕf*6B%|yXOei+7o L!-HY93Ő0'(! iޑ>( -s+ ]\f1R]% E>`*&u]AVן%CR4[PZ9C'+0˸t4 kϗ*)s2*p/ERPNsz%կ ""rsSѣA֩^TV涑k3$:GʙgvkaS lxݷ2&R8^@Œ쏾 &3ɇ1aM822/wwRb(oιR1J^Qx=zcU[ qݬ'mڿ fP̡ 6B]6Bݗ#6ܡzEU'2R3Yf;ܗС"h9襅2^+$(B 8`~y>+G;xG4nQ=0oO _uhSG+|=w_=Qm,ts0d}1Ya0Xw`]I=Ӗa!孵 Aҟ2jU;"gh޴Ou\&t$ q'meTvҎoFA5kd28Qv~Oo0(H25zݩ3qQ)^3ejAf+w#A90q:N֦41?L 4π D6ϔ a@M!jo4}QgYX#Ŏ"=!(W8.[{~{EcߠO5K Ez*=oA}No74FM-O8ӐjAg;L )'`ZG8* *w!^iMkozsPz(忢Ѧzdd,}s;ΉLaHAnP`dLNRْt Q?zy&ED`mf!V]t2mνK-<چ1\=ϊ"ùr&GE_WO5|Hzy?J- q SHܤ|5j) B LĒ|4k:}ݰ.DI +=Ahɠn 9=X= s~UMvf]1Aaun|KPeniӽ!(ja*r>'3 Pg8Xgl$E I~V.Bl4If?Ȥreu1` ݍd&3~/׍_>!(/aa+%x\Iv"Ϸv'-a4c~GmD‰p>K]E8,b՞)BėEs!*~͂ߍk T"չXPRHTٕg5C*2.g'+? Ey"t*|!U4J}h-jPQ4Q(5mf(n)(x ͆*ALh ך8_ -!x>쿮\d #ynz,q%RRUoo?/Żbھ^q|"6~_VWWرj3˯VZk06u ~bX9cR%0v- /ۮ u T#zzOάuq!WZŽ!@3CfH[4?Ѕ@Δ~9y;ߏǼp̨ T\!|#TǶ Bla.̑o, v njRr#K89;D!gie?u+;>d>7-Lb<K˥iw룁 WϦFzǠ++9*4A(laWaM]n#Ꮭf#;UN. 'nňd\f@ýV@\ϵ_8>]E8gk8_]:ݙ,t^m{@+%Dx: X}V` :yTb'.?0V FZy~=>ʰGDU FHhbCds*вTczEM"-`2,{P~ݥHߩBoa):D^ PAuiL ?Z`. q0d6Y3+ _:E_%E\[ݔuD Bv}%MZil^Ô!ď۟GEP՚hU,UϯO4:;!oQxUYWJr|>,p$f:W6toef()0) Gb_.Kzgm w7CEG(`~-W~ 3Hf֭@gմQ9^8=4{DeTMeE=0!3oH$pʋJ7 #:~e1qU8i| J.pO;[BhdeN,Ȱ'|4~㒕^>cGy{0bst/X6F8v)G3Y SZ+PóAi91yen>1\:WKJcfpKv_&2l$0;p^^-JCRGj-D4-ؿ#(We$B.t/'eZ;Qn?Ol CpgGhc3DuKқurNНRg 9P泹PXpړ:&4ah;HE^_gࢻ”4U¶gɹh ЈI8zs>V˻;;wDѻG(vɁtV*ϳVM ȹVH؛:]nr9yIxГ~=Ua;F2R2?5d.sN@_CEL]UW4,Mw^ &{pZ&e Sw POeK0GVzGy@3\ÈHN;_${Czٳ煯:Ҙ|( ∱%lfH$tK% W12aVhiHDfM{HdS}֣Gc.(5,y_(@B܆VSE(V0>:kNqbCBClUIC%d|m"EқCӵw}MP"H,p։˿=ݵ\қT1|!s\:"ɦy#Qd  nNߔ^%\syE6 'oPYp1}oQ󋲬} ~5!N+ J [[BÔ{pVw_@Ǣc6)j=v]ȪvXr9 L  +D!,Ymj)b6kM[K:6o@u [Ӗߖ`zJL0hr&Tk `7?( bzW?sG[a5oJVeM;uCl4N5K)w A|aM0wIjOڸYeT9ղO?OmrH'LNo)o[INZ4%tp߱M#|+jKa^.Et>{ӏSh`WUeQ"خLL`))Wg [+ ˡk<22[1b{f,$Rm Y $EY޷4.peb+ }%I^i0 vC͉h:h>v(bBo ,$TsOE5 Hս/VRhV<^Ҝ^ʵ~Ӱa-a`OWhAģbs3 V7Bgd "s-cҍՉ?2֨Oy383^.bEtLd?;U2{JLXԗr헷NE\o•g@/z=٭V;fXiˁ=[8ܾ+.|ഓy)A\2`,/K5=t_rmTgXY+s랿9O߄][3 UZX0uML0L>AA4o;l 4ɌM{ר֌G,T,)+@:PyyVA޲CeF%UT% (zn1ݛ\6Q}CtnyT&YA9oͱrz@̰&AQKJ xAX/k*9"$5v|@_;!I#c o3U8_Q&%{Qrj-{oK 6=Gn._{B]PFO ,xFUOgaY55 ȫ',巽UR B-O3Ե߯QiLG (HD 02 Wp00jEWh"9BقナAsÉi4 Egp%H϶ Yg:,1M!^#%8ɞ󍁬M KDn1 ,C}9lzZb0M$֌7m6'I( D/QbFm6SV*,5)o')YZY]pȥL~f"@%5;0dBERiTzkR&wih 8Gnc4`1NWuƝ+^JZ[T)-P=9J}YשjK A"KfW ,օ(Qr}-BM+o&2nlh:_}(sLIM"DzG ܱxΏWҞQ%w333`qjޑ!n%03iTy ci$/_vI:.We8^̇+Fw])cWJ߄hteYç5ڊr"F'ʰ}5מf3A37]Bdf(Gc4 n GPU)͑*SKWy =ka۫+I:SXΥ4CS*#T4J,tYt *Ҙ:SrI½c2sY2+ŻbX@&SWn9gi#ԇmů/ n<J.NO߶X$®_PikSWwt "/Ve %^Ճfv"u'XAeSoJC;`s)@ GR_,3+2z~.i)ITܖ/kE%ن[Յe޿譪(k~n'3va| >0r'A:PN*Ja#h#'PNd[m1Km--|/P7];10t2&/]*J/0ߛBL|k]g[aQ>FUW0&o?F՞+5#eȈ LQtM&P 8>a`.jܗ;0$MCx{c<`jEƮtziVK6hIP  ejK(: _L3;N Y\S3fJSxހr͐[wzBwHX Z-?Dg𞎗a0ÀEYqLi';ė R RhN~^\"~R^JxDV(bQl$Ko%k|{ygdG[jbX-t[ ʘrrzv·xuA/_@9Ikq9Dlϊǁ51~x:*h` Z`B@a&?)䜗Exׅ<}~ye1cfkvq[2|LЙ+6~ Bѝ Ea}8aX5`4f m`V۬1y6ԡ V tO[2n_w'y%#t\?*J'nC},8*FmX !1WXoЉ)~- 'HPt;dXB2.Hs)k]Z/7vVPtA^˿_޷ǔܣa#TAVG0*dGRpy]E3]$;Q yCJM'bsCyW?$jaȁF8ڒW_y^v PeBVn>̪+=xx_##8מ0uWb䢔_1DzHzwcs M93d8)Oٗ^Y{{aj ͇!Rl>c :J=jnccG'# Ż9耢aiꎺPdZ8r6w\4 ml~pJy 3N$,-9dK2cKtV2&?䯈-7[v hQy$*54$>Vn۔>E,(Ej9YKn˷igg"Β|:g_AlJ8Dlt5.sic9 5DXIM=EXwx Cm5+}&PH5k2KĒƘGϫj@Z  4t^Ba'*&<1ؘ5$)U{K1Z~zX 8;:%S&UU:Qqzb<}= jpPcx$ ]-TeKҒ~~n[^c2^q}j?Sh|KOv/,Fg% q|wElNkuwjKS] aF77UD g(7g4-v&ȥMS^o M`FR pFL&k qFǭ6עrPE  =9+f0 '/3S[*zh1FUX<\TB\ĺRO/d:ʌ-IOݮm!ʩ ⌆3_;C19E;ζ kuL]Y^`7ܻ:ɠ_EL`7ƣL: 3?oV)d5(=ke)RY+i;K$rJf }JTs* hJ&y꼜ɱ6|Bxuh WԱdL]YfA3SZHB;ϳ,~g5W?+џ]URc ~ G|yx92)](?O$LuCO:.C#;C zjVWj[~Rݚj.ڈ/CA+\\+i &=g<~BUkVe} >/cw]8eȉ}_4FRH)>GZodM$ =yԷã}9V(67ɑzRWp{=v=$ #j0hy~+JC=}%*ф,OΜUZIٽNl2d[ !I`|Ir? OU]b1!HP`"c@]w/ym8@i#1S~d=pRW)[LSuOC[O.t2ż*4^3+iS=y{ 'ЃCMa_ vPJ1s|SFR֔oJ>}+tɰC飗&'0OGp=6i |Q' kW𪷽zmihNtOM=`M"2 /sbXq+HpR,8uGx?3nj Ѭ`f'JJZ[txaåi07b!O;sVw ]%Ȫ^"5kqQ IO ,]S-aRSjW-N:T712_^Ä? ~_3`胣F<+xiWWZ-kttVq4 +\1qvK)Ġ+Cje -4XVHʯwAfٮAxIotaG Pf=8@qא>ۂ]h@`Uc> XM@<ٳ x[KLܔ4i ʾat*/(i Jn地!L06Orɮ119yGwH4G:n[_I+7(R}ޫI޴ i4Z2ǒpQ#/sF{lA\v)qoe*NX:~i"qm2[T&$P\t2XU~'G5q[#gSO eHa찆02h\pHeq*[.j_-UԎj: [4%0Az4Fz]aS0,Ry?n.XZu3=p݉s68Uj~%j iaj%[.LvNP9n!/j[g"ݸ dF,i8$+1@,3~:S_oh'l7'z4q+FK<|JOe0qfp |ڰ|déVCis*YCyג1+ˤ oD6BJ*σBRqg{QpOQibP\n8q "[ͱI?c餐#h r˒]g-DXCT2Yz1MI?5 ?1/ꕔ|Q[qi$~KنhPE㊗xup b،zNTvi6'8Λ4?SCMnK~7BL*g؁J 9:a)LIK00~nwzf[-{;:D7ϸ֧;z9ok#1Cf,nG@| &8E$$Bsa\6f{<j`7"ZܡnVJcGc,W̝2?g1N-1o xb+B1Ł/iW1QeMDNoeeP $pq"6X)QڙS,kty 7cpQRG- {jE*)Џ0>j)t*̏FϸrX@#Fo;xD<ߵ%pQ7#]R0>2E߲a00\\S$JKtMe!H蕌lБ\4u͑0sh|n!fŪܜK(c"!O,}[,pPl:PAѳo靑Tv捡5'p0CZX)0z[p` ZIBFԄ}uϤ%: $^qUP - + -$ y.}/Y1g `%nwbio `,8Nm17FrBT\2Jp{[{mRݲ5@k(\n+zh I[ [3+)g{/'.w`Y%u?F?ˏ*dݮwɱ4_?<-8V׵=:6Xo{K^Fn)"씳x5iS&w"UC|rNQ j/s˱1ms.>[HH~R<67uog GtxLAEΥ+%QMB}sP:b09>go* 5%B-+nwISJ {n-Mfxd`7MAuS#%M'pX%/~fγrI]yGJ=c+$E=XחWWZ֨'TQp7pېث9[iNp#e PON?kƍU̜+C io^]cEJ<6+t],h$}ORl͆>Ch|ݡYAy9x xMi5.km%CV`(>]Ĥ1Hkҏ]ql\yZdMi йHWs$cd1&υ`bNZUfA[J?*,أ$.۪ .rT1.,@<7\*GHc̺9Sf7m#)^Fw8{3 cuܐ%yjiIRZ*g*w@ wjlX|pƑ Y.UhlZ_C"$ΆSӉqhyZ| (-";CPzz_^?m@..C$բ:i|\@VjDFoɑ\l,D]͈Y kLv2S !A3+q'n[sf2i)+cIO&R+YIvKځ3 _Bc=3,5,FWZ loyijdU:Vz=n:2y*w:WpY5zuS>u7~>hi׮^#UfǍc)8@XЈ cDs!В(`][6[%Chmn!j8;:"kɂ.PĬFyqk'\RMG%[VJ؁sG]0yNk͹9t%`m?2#ǰ!Yا)Hv%czޟ9mHs ]$7Gqyb`Z]|s&/qg/ |{yWeJ͔_!|($n+9mzi(pE לS)C}u^t_R^;~ИB Џf 4U =mPre.^Շ"B0EVDVڰy\QcahJka)N۲c]Evѥ;s-\[TMH'qƅOtT9Bo 0ˡl"7P%lАG0uc)/Mw-Ѓ_D"B؞*Yt 3{Qփafrb'7^م8k²PAq7MlFtX۵U190l:.Hv@n[G?ub1D)cuefQU0>->׷;IsO]q2[T6\wLJ?oXπdn8DVd>}ړ_/K=E?ҭs OsmOmu5+zߕ qz9Qڈ@q+4{eWwmޱC@kn6i۟c!+[< ՃqVm6iO_eMLve'>ȱy| S$xl]k~ɜ{.3J4BFLoتd<Z"@$SY6jxfh)kCNiYP^ʲtn/ZMK_Tkw7((Rh~vJuR<"8)}ixh%s/AM¤+-;JwD骴XF&@2uW}e=~}ЃEI"o"agt11@^?Z{kU2qwJ,veТfCI5g=b ,H{4NZmIY!2t'"H^ (Sy qw@hv⡜_@hiB֛εh't$< ԟ[Zp8)8y׭KT ңy,~Wy:~^in8sE^Kt>kU{_.EWʈ=号IZ8'ɳS&:J|3:{:x4wo{N5Z<WIVCa?HE8k!=jeoj߶x9F%$(<@.z;7oeŀ%6Tv. xQ5;] ՙ U8ˇOBӥYp MnZB"%L{C#Ȣn\#z Sm "'WP&N*RꞲA(M21ե(| Rw*(P:J9ohbq/\QbCu ,8}wVNC m?Y<<_xh#Psby.o G6荩|[|maUgk i9ԅE /|bپj$Tu`B &xtD,.U9#@" I>4{OZߛ[c뷇#SmXh#`?g7]]IZwIj-J>E$*0BMK>9 m7,b/EW`ar/JZPD2- +җ#YPTB \n) )H \'RV&NKSU@H` S{nt>#MP1m_PKswH+c j͚P{L!UYsm_EjB_(o67&/)e_iP#T>T1 =٫av̞Hw:1ux;qu`]穂mR/:k9~:2<=ѡ-HgW :5c Il#β1 H d؎乂=v[{TQbdN\%%>9`IufAL 8:ٔj,zUTgF56#*!UMm}7;p;&m0^>ՍM 虨Cך^ᜋ'zǣǧԏUy?1qh>qEtOFqh( 5nr^K{ oLlz0s vy(CUT|+ҎF|,NJV8:蠗C8<Ϻꈙ]@>tۯM2fVߊ`7'J2+"&inU,z)Ylܢ|!hMPtɪ:,b^ȻK{nqNO^xU;=$Y{nx#t$.yT/v;YB`$Ҡ͕w*(>d 9VŢsթ1A%}`f nO ½'P|>ÁU |^#\aIW4``&&l;W@o~F4Fܜ8b\pvED50(ԤjG]*jFk0Z f@M.!_}P>ӏov ǯ$`ՙp49~F7[G掙12A#RɵR]^>a ؂Ya?$تlN뷨[;jo7u u٤Ѩ5u}@&5W9c[wS;1,uLR]\rXh좷%a H-( - ChEdvैqF!TuQLk(]q'.&]u[tȑnp|=P{FwZ cD_qjF_vIOC 9T/K U\SR,ȴ2r؁]+Є29etaS~ KZu0O(.jBӵx엞"wJ)Pvo>llW2+}1J {PJk>5cFһm 8m&UnQu,|K~uru6qHu_g> }?\q>kB EѦ;L$A*_˰{W/M.7 $5fH75&_Az2z0e0̳QEw5?)A=}@֙G&_억lٳn3vivXf*F UzǴM z 餚(q-W{i_ha?FkѺ.!{A`^s!Ϳ?㛈!ry$=Г=0jN?_ZC 'b֘\8EG­}[mT%>zs: N0S>J@0$[bâcQݞx}XB+Ɍ[O20+9#,`a+L hs`"}RPaN%D5L g4߃ǙC!bPjHWh`3mgL  NǼG#~Fl2I$_ELKAb7@P_ o5e5 zF `Шݠ^5\-÷·!%[wFo%75 !#2\6~0ժCvw_bCg&>eӧHs 4[1Ux@kŜP/ Ӆm/;Rی]#zy0.cn:d,6H/ZWpsTbpo<7-x rOuf /Li "2I ^jI^''ِ11֎Wi8d\#;;oWwZ>W?.? \ML/Sq[w1';Q l&"8>Ac Z _^Oj>8nעld[XpW/KrR !ԨP"F1e;}`HW/y~- k{N^3uDh* <;~ g$eެM݄NIi/JP7g= t{p(r#ڗd [o`6+-\ū=Z$0SĀ,Ae?Z Uy9BS$oLiCӺ9wR8-~k^ u Q.-!)*3^K~6!t4ɭJ )WW@|w\1 hL{8K>Y%L&)&| kt-uAl2@Xp =vקj %ݸX2)HuhyqmNF)-/\2 &kMA(5LR:&D^AonWdp>xe$s;e`\'f66urM@ N c?QrIQ[<ERj'\eFx/ aB 7#*Ad>eBۥEmL'.5/8"O,LjVZ+R:%Z6^Fyjo)Xڃx'L:[aOU&{.uk_e3 vA+]%XDNcq?o)Ћ(xqN g%(oM3[GV!}Q[LW̻"wFME$>wO61/ah\24~.cY#7B F=2˒6M $46=%,tUA:V[850 ltTgAK)4Pm Ltr1Cfmp2Qa@x] 0n|:TLGYF/UǻijxW q"b4A !3F1/ܽٷW0u*pLAx7Y ^Swk;)^2>۝DEf3pmf~ .0\[6Ғ`>r[\Sn"VB)Vʀ8]Ogr^mp"qmgJnN`T$7b-'56^Ir̍fi"O׼UQae`Cf%iL-|(M2R=魃zp#<<)pSs$Zg"/3c<.>#9r0zng4}Zg6|-z7S YQ"9pqGKim be\mzq9@HtK}OK2 h5"e؆]³9(]7?R8hmL*A%:ǚ]5n[ivV k:'q*ZCĢ "9B繱}+BI6qp8wB<,՗{Fpl-~҅wb s `~\ kVJg{c)pSʷw6Ȃ *aW8R+{x1( e^톒(|*8?E{ٞH,hM$, 5](FkQMI+Dh$<5gg6Ap/ڇ䕭`)*8}Xto5ܪr]OK2kSes~ _lv@t)8A2 꺮bF +?h6[hWM خ*vԓ#UH@X! 'Uӓ'|DYzJo@78nvB_>lк<] N?i@X̾C#_dQ܉*önx3EzQ~-T%AAt+qn)?ƹqdVKшyҜi!|j|nn {Yxtۮ >Qes HsL P> eDUM8Am3s7|Q{& :"C,EbkA[DO+^̿ʈC*yEm\]Ad(]4tx=ɩ˪0vTZo# 0dc(y\ :&(ek1jŶ^$^ d;Ij u7S<]zE쉉d)zvR[aSR0oI*_j_fQ*^t<3y jym"*U;່ւIKݼlRzA`Kv~~n\]Zƶo5B>8'a2cxJn:x55bF!cV SƒPY1?j}+W+rBR,^Lqb4 7 ?^aWEوyXD#p؞yRлN38Ѝ'BTϗ;36%a>㻔@OEJ19v+ gcb#h0N2;-r) q: Ҽ0SPLV~[LJ^&9K;Sř٩K&[:xM.6gVCQ~q^kg=>UV9")\TrZ"6H/0z'%|Шbn*` H@Sݻe킌LDQwKޫnӐ3EYä{=I?5I6hU# T" s5HsbIv"R=h͔I~>Ȃ%0>T֐&xWp!'ݹp;)}$lNuL* lZ7TTr *%9 a;E~r2c_Qq>fA]!˔SXY'mԅI00ڏySmYڤcY&[vr{JP WLx׀ Q&Yu@Ck˔Yo3vl(⡜jǂd,:qZeA9TMwю^5}0S>Z%yd_gOk{*%S/uhp>*E+[)t)&עE q#v(N#ʁ/g׏)0w#q*FvCJ'T˫E*h u9-aEqrNU"KvKߨ9D6deO14h)o2,d*".ELj_;* +pЕ˻|Tm{if>: 0 C&uHIT(18r6 ,bfm18Z@2q8 VE7tyƌ'X$Ą!CTg"%ƍ>e'ř26*.e>7 7v=@ns.9g鐒; P!: ьEfE(q;<Mmwu.wVbZlmm|W6?+v%y@iyҼJ`4`?xA) z.ҡugEJ pM6Da\=WtPeublf6R9t 1b4dE Mo Kl~ s-sc|Bn?|M8ݒZ!J7fsb/ϖܶHSvOތ7*lCʯ2ڴf>LrNJcqsҌōP M#M;&9uէ'u_ d(W]%Jcwְwzb/+- >D[mdΪw$KPbx;C:," U<0R~;w,?:Y )J8˶ YZ