sssd-krb5-common-2.5.1-2.el8 >  A `{U]ng;ΛLٰ (tb:,] tiva{fA /91ԥ\h4Jݦt+UMU6'?7JtGJ֓-F{:U5mEY<7RfWn=Sp^IH}zKHE.*~ۃ)heӒą x3h.v>Q>G))}*WGD[ xNG_sgPn^ufSM'e!G$=i,DtXO eH ttZ[n]\i|^A>2nl>1=+nD`)(~d*N= M z@Zn {ufO{ !?#q#Ux$MPG7>1R`d]6x 5F9U7oC\+GpEF yXrFcVVf ]* E E b'7a1d96be5628ba04dd939fbb9b5c4fcce40dc635c503217931643dbe8aa51c8da50c1c469b2834274e92dba01cc2cac29a969485`{U]6Syp کuR'P DWXzIGx`/ FȑtM S'; Vʨi Z\hvzmȠ^dqrRkK =<e7NX< ɰ>pAc?cd  Z ';X^f $  8  L  t  >     $@ h(89@:\=] G] H]< I]d X]pY]x\] ]] ^^Tb_d`Ce`Hf`Kl`Mt`h u` v`wb xb yb#chclcrcCsssd-krb5-common2.5.12.el8SSSD helpers needed for Kerberos and GSSAPI authenticationProvides helper processes that the LDAP and Kerberos back ends can use for Kerberos user or host authentication.` ppc64le-01.mbox.centos.orgCentOSCentOSGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxppc64legetent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd''KAAAA큤A` ` ` ` ` ` :` :` `@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh 2.5.1-2.el82.5.1-2.el8.build-id0fe96d009da8394f8984cbc110ba93858d5e84bfe946a304382b6799a3eb926c0b4bd8f7ee8c6ea0krb5_childldap_childsssd-krb5-commonCOPYINGkrb5.include.d/usr/lib//usr/lib/.build-id//usr/lib/.build-id/0f//usr/lib/.build-id/e9//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-krb5-common//var/lib/sss/pubconf/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mcpu=power8 -mtune=power8 -funwind-tables -fstack-clash-protectioncpioxz2ppc64le-redhat-linux-gnudirectorysetuid ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=e946a304382b6799a3eb926c0b4bd8f7ee8c6ea0, strippedsetuid ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=0fe96d009da8394f8984cbc110ba93858d5e84bf, strippedASCII textRR RRR RRRRRR RR R RRRRR R RRRRRRRRR RR R RRRutf-856759da6bf14b7aad91d2fddbf966257e3d1c5882f3d682600852ac1c8cb8736?7zXZ !#,Ե] b2u jӫ`(y,y ^,䵪s2HyHۆ{9˶k/ xa\ǷAT[[xOkUc'<|r$Ї1;/Kt ˬOޟ4gHLMc$f5'/ZbՒjqP,Ģ|-% ZwT8tK׈降ѶfʛrY[L\l1\SC͊d7 L)Gqyoґz^g%oI=B/!tOE``/10ޛ>8&/F?3}=QIFCG'=UT&!5(,h(BTxFҵ3|E=!Tx<84|=Pezك+_R0>$%68[PBI0GV `qFy|ǔLݕl6=Wr^&&в ϖI{Xu2 ǽ÷Fײ| p> SfF lT+&6N ^yxjDroܘ\@jQQ_{2sU;(hzºH-Lb'9s f$WʽZ<ۥ>faKCd ɩu'"JHir »KK<14 _d󯃬;Wq&ҶuvqO[uuCc0<5.x#8"o+ސK;4[=BiTCVep)'ꖨ+"h;oUnfh/`EE5 CO,LRӜPmq6hvհ%(AuLZ9Ԋ[-r1@K} zimڹ z>w>{egŢ k}5lxD@u@  pgח3ANG)I OFPپMkFYlԭPG{+sYBwzE,TqHP{u}KN&Xz@4qE#wxh{ :o:ڏm5Ġh":O~9̒enmRQ2p~{RhגdtZ6#ۘ')a/]HlgVI|9a9(j*J eY+1\ۣ+V"{fuR*Mj8(`|=w;Fqa>%7Ty4P rl9NDƯtAD ,c8?\aVu4~^#Nd̊.3(_+W@&APpIFN*j~WO|"f= ّNQؐxAN=l/4#u"> 2xWAjl䕱~>)}$~ VJWO|X G&PE[C0 C~?}˩a' q <> XJ[y1f)@-/E8,yxW&dDOW&C&q4ZL)ұEҘJ4k-9Bp:wڒbׅ CW7 yP+^u7*K.ڲϹSQ1 ~ֵ~Iea KKTe}:~\+oH 3AMN@ZNR@56|4ǥ19ȑ4J``[ zڣ@q+W/<J#YŽs3B@0ݒ F I(W(aR5<&/8Bp lXfY!5O\GSY ~{D4=|>@L@w.f-Ŏpm6Ƃ.E)nޠ@K`AM{w1e\@Wf.|"ٞj揝5݅=g gjž:Cf07MPUb\&]U?J=ARFe߿ozdԗ{gq3 v"%rUo=ǒQ6lJ–an[F}ԋz63}@=R&mA㦅\N;"/,~{'ZDcBVWI{5{+S?ܘ@|OC䰴7ղz+Vn9P FEHy޷41i,' O8EΉ,h SLoU-šmyLc6mZ=6q5l>|o%ŀ K&3@O趪:VP]x!p+0>M_{##P9|r1!4u;-iz OP[K/8]2^^j{M Ϭ; Y )RY1noAX+ 5ri3Bfo8/_4& ruo'Dt[ sz/ #[4g WN yl{VΎ-SCʱ֡vw>=`fm=yB\_z,:$V1_&?7k?^d٣.+|y_fr E4@ @v;hqMfbh+{^P 涅 ,CNik_7 ƮLc5wZƘ@apEeu+`myl7MXҧUkC ^q?sLyЅؑKtv J lb/Rv QL~Z8#09i|wՐVo-u 7.~Cc/jUYWlTOVSi/{ά"fQ#syT+&8RĎ&=8KT-;wܝБțw^~ .m.rZX6o>_?1m ؚ0Tn_B$M\mM1^r ڹ#1ؠXl⡩xN}{r=̚wV,[Tͯ@>w!Z{X@n8Hl 6X#pZi*쥨$JyA* y_8K|a= '!w_CUE / ~ӟu)6i)5 6cSl!._% RV#)PDPq@ e{^dʤ&ˁ-6#q~4b/ܞMvK(9}w(o2ZJ/Ұk-dڴm[쯨nB[2F$E+:*H7 e>awH22:@" >Nl7cmg"*UҩH>o=J.DBiQٗlÊkxo 1a,ᘨŞnDlJ8QZm7X׷WϦ#[Uq˙T,趾~bm"`Tn*(X/jEl; Fo)aMlKmbZ˄jY¯!`x{Vr;̯}n9[p P̌S\/Uߋ/U^_ޱA(( oKN{DGM :A]Ws[ ԚP) $EW {zj8Qx)NN-i-٭Fy#mҏ: NIcanEl]:^abӄT+Z4 EyLFGnчgJhIT.ب+6ug:ΟJ'H58>t(M!) z+(撼~!H2 +Wd;defT8ԠaJoHE~eP_Gu-oA@Ʉ)q-ҮnӞu4Pqd!GZZEww'G  @SfORsiq @]y[;5m ~pj}}@Yr>(-L𚶰^qT9=RK:[#2xE #6dǹHd88O_wUV(qمy _s +R2-T>YN!`Lxg=}ǰܽ{(}LUJ}msaDWZz4sD(// =f`MnTTv!k"ca2<*N O@fO̹CM>N: zHMdJ'(;WԔ_`|x*TU:XCM)?g;5 :1}A6 Gd{w6jS=SE;5OZr}ԎʷNJS٧Zg0c&ļmsV(e ]+U8R]׌G[.CL4׋ajMKL9m(G'o]QQcs|6 gDKcnLj:P!|VF=-( ZwRW/^*FKrZMGp\fYgo{04a<@념E{P./DJMAZ-70`lY*%8^JDkW ٽ{]d:p \Ep8xW]e7_گWo83  _pQmS%3#f5^k"un0?թ i 6>EHybFwNg9l)E6G[Eʼ͓_`jFBC%36> 䠾x%@cˑM[Jy`%Q*U*XY 6F PfPa&ĕz@r`1%օnNєӋ>8R=j2ڳw, $A4izAvKA=峩$bɉwaߢ6+;9 z &h )NC|`R~kXh)*fpbXw+I&P%\Pޤ[pC+=!wg9i\X]:G}6q$fi>}qeۮAbU''Gw֓*xYr#W Nf`bH{Vt`'0M ˻AhHMʜ0IkL+ѦB16)1.+@,ݝld'v /'n˵DXZ$ad:=ڞMԭR " j۴$~e*^O-*Q ,zϰHF=I@&Eʔc S)TxmĹ0<䶃i_>)ƌql;O,gm7Gz}V '`cҺ°F-lSo2r;Bo^!r5IRy`!ΉO"[#X6"UժC)-^ѢBna,uAB=Z/~SjQI5z o)B\f#KVCPs3#xַ6vx R2e1yRbck_m?d< )aI(L}?^}k:7rGoPGɣePl.+xϭL⃹5aȲ)CB!g)`BSFBTfpkh^mT͊ sS܅ԡM 0+@@4NX yFhwljmi@[QO i] )c:,sm ʦ~r=`!{Qb@1AOb~uַqoXS6!V,Iȉr6gTЅL9')b0Cb =|d^j%ʉ:,մDCO(mExX#X=rΐr^wq{r7fE  .uGYQݟ*W*dgi "OiIj7t37X'b;^= _, WJsqsOOD9'i2ʭ{GCӡ$^Oj,^/Lh]S)32S.iwԷYԴ2Фa5NvSMIwm.%LmXOLPNE}л(O$Bu J0VA_[htSCit@3-S VaAJġvñ)FV$6mL$I$A4 8ںB Fqy)vs2(-ѪRIAfkuVnWyJ?׶+x+װKqwu4tP?D/7" ݠKnm:w=I|{^ ﴫ:U;0JS*ֹ'\MnE)J=,\D ebW/fK?s<0B*3xHͅ|>6y-;IDQu=kJ8a]U8ke2yhp4]󬌒ws_QGOg(t|]޻PVR#z7fL=T%I!L.xrY;˨<~}6@ht;R%'&-?$ 7jy=H䴝z_JLϒnjA54k7_c`*>۷zhQ@A )ȻU}ԇe~7\ZdRjC YqomD& ],xnk@3K-Z2j jsÝ/l+0D򳸓I6tH[1evu&-m+]p|g= Jv77>FRndfpnk ; AQ~idŏ|;iԓU]1Y/2n %SQa;r ^K8:<5T@$p_nMv! KgM(.0:I,m>"ݡr. d=if W6QcX{M!?z$sQ~Yrn3K_9P @}-$XePb`Q- 4(BzS3U$'`%D0nMeefgRDxg v5χ] #Ucs*1j&{p|€_d@%%* HsiIT0Fvٽ-Ǵ] i43#렜veՏ?r>yc3KF#>+BWqD:.mlYrJ NS'&Q s+!ruk-!uBc_Lm@p3GGh#hij_T1Q } f7܇# g2y~q:[Iv.Hp?- ,aK5Gѡ |6.1kZr=ng!!"Aur ;FTj%\U חtm ?{QS+(S44j+:c3լ)c0&gvroؿ*YÈd)#r$b*DoFXL$f`JK 0χr;m_Aϵpt%;Fƥ![ۦ>6 PoŰ23 l pyri mL* ?ɖo!F$+Ȫ:tf`7Z8&h1#*:-cKsè5䔖\ME/2]W㥷*CRRnμѾԼq;maqKHɱ` V ';*ΐ=+iIPvp+ȒaS) Y !@PtEYsp/vxhs=~OuAj ҉*lPG+^ r'cˊrg'dPfСZY%L,FԆMΩ*&1LNAaVEU,·P^&yųg}*c"|VBэaﭭj,|#u]=Mڤ`AWPJ3~.vrL¤ś þk̏z@N$kX:;?YYcA6qb٤&7cp=m ;,G>KD'v4vcAoq+ ~o1&_OG0Y]ٌx,}J<7㬲o԰/)3guzB|frfa忟(}H{6N.{hxSbrjaw#g*%)3'z61vod{9#Z!DH dhх&RE72R,dUJpZx Jwf8.vkk'>zW X ltt hWKgeL)ZG& \cY_kF@7HPS i׎NJgZkSC5 $CcjgA0i_ WC~|~+ KZ"7?cT@?FRaj#_} lyVbJZd{wU4Bk׍ 6lvӨr~v-3$5~Gaz~n1 7!j|(+ kװa7VtSP,`<M'9F*u5a2shxĩbPR=Ck9}mw!W7)wvA?kvPi6E %?úi䑕Ws从)pAz WM&̺BtD]?j%PmRM ЭmmDAI-P)W[یO1&NZtQuK~I\EjK{`uv0jsi58RߙUg(0g90P0q>TghWZi`$G!NWͪHlVp^? Ьx <>6p?fT g~, ,CM*-OǗC{7ڏds$o\CO5}U}@v8E :1XE]|aL(PGS:ukS=(+Tf4g~€Z-Q* mKQ/iWssDi/Y VR(p# Hj6[PmXvʀ2`7I =:_Y.O%aiYx"39r[9L][r::Q2mEǘ*?TMEb.:*p7RV !ܠL.NdDS(ºL=A!Qx3O~|ʒP9e.BFY:H5"34eNv9YYV 5C3&:OG!͞/3#<+ #42({~TcYt¦& yD 7:O`؆ō:x%nDͭ:~t37,<0P"S'vG|djO"p>r16ʕBɓOLrV +DI]\.G 5Y!c?w[}$a_3ҷHDI MBo P]HP'㙟b<mLԗ<Ęl,G{@!g}TrKLZv \| V%\sJSvP3[+fZ0Nj;ſЀwZa,鿩k;ņ6]s?WrcY#%Y8m{[WymE'S)LirVy0qҶyb8#>W>~:c 5s-u z 9ɔY:yQ AG}Ɲ͞Ldζdʮ*QovR&X;w/1: dCQp|~LW9 9/сx^/etF0&&]%v=M{RGZVb"+ `i-x')0qWJ>> 4Ch봴YĶ,.S* liU&X'Pq8`SA8\uh~=Pgcͳ/ #Z\#\`ӶgJ- q8,-o?4PÇQq>o @[btf0 F] !KӤ(huW ݼK}@]1 9١\; A]aۦy~V|B5*Tkx5B "$9d}:.T^2nPɱxs<5%n3Zw͏Z[#iXJ֌6}IQ&eKh>9|A?UȚ݃Jv| 2vvel\9/o0D*Ǫ3qʜ۞Scװ},J sph ?X K.H?Z˔AI27 t͒yJ!v֔X,:!C-r^G X|)?( a@F%e|{Нp3Tl%؂*(~:x> =+5󦦠 %r՗o@/^|ChB5`W'GY/h"6=^0TpĞ W IA4itE˱Dxl 7Ηdn _e0X HyهZ^9vu0qLW2o︱HH,y9vO '𝖍;yQ+A _?Q }PO 6PQɥ,‰ڠT?6NzI ]F`ogBԷ:̟3}=YxDYzM- 6 jTW1AYmp 7> UW<:yʘP:eyj G0o 9 C?sB%>!jOY-#AP4X߽HRlb!i{Y9"DH^N,?<73dlίgX4'C2Wޯ_5Ι.;ۺn0}mǘfmI3>Qp}}N8j[|ϭJC0?*-Ε8%5$1ƴ MpSvbdtُW4ؗl, o8.WKYAX=b: U~ 5 z_!Lǡ|MRޅБ,GTQt}=fDXB6l*r֔A7wY#sE\xeG . ߴ]<3hف0`7'>٥6rTrYr՞9ܤQ>AޟGtz)NTL Gp ZtL JsB12 ^aK8;͖y9-e2T42m)*yVZ Q"ZUw%_@SO?lYTy"RDc! E .a^]06Ɖ=íl1S4k"n޻L{U.Gna| +e}}h';w,>_B-Ý 4O|EZ5:`ģ?[k+>qϝ-86 Q.C҄"`B Q?ըa,n4M2M5_\Ա4ioQ?Ty^bSC)mC:È&EF ^|PdO7]QI$&8 Н+伣`#/$Bb4ɌNR1 ?wR'5j)ZzLBխԣ w4R-C6fH7xd˃ z(iyf{Ɇۆ8ᚽ"NuN_S|LR" P!S3E"%z}p~sn*GsrqV8qW~! ZNOl> H3FȲ0Bk>'Bd"g(*[jK6inm703~OhPShrC }7Ky{=ֽSd+1  ̽iScJO'1uT ^ pCVPA@3q+?ͣN'!B($ֹ^>Jt ?2ǻh`9l4POTԼ_9x9YaI L ˲YsD/=Jr֊($nb>e%r$@m{Fļ6d&x\Mk(gRյ,n%(P=p[PɪlYfCLwIڗQ}{L%&)'RL5+q6u(MV}ϡBMMNNWdWMʱ`|[d#ق'Rr|~`؃u~'![%%wqũCo(SԳm BhX634OPHC聻h‚MZBJMbFsy`"bc\\6hfkE(أ95׺\9"ml1iK[ :WA(Gv_+Ffߔ[i!zYNC@hΜA%ެЅxNh0!ydwPxK C&u=W9 #DSKQXhJ7Xhª0`UbT7y}.UvaJG䛋<,Cު)S=)g&`PC?:ҳBq9 /e8'NbOo?qqO}Hn4n]$n9xuWv l\5[YmpoB 0:W(9Ճ-$,6U.,cIOuesy8?`bRPZ)=Uȵԙ [30b,2 Dp@ѿĴ6IB9iwj´@UJRpFC:\?vsv4OɲS`yf$nʈIB6yF(0( Fw;]9ݹ`_oUq_W$/- M,4̷ st!3`?\K˞AOeMoƥ%3Z t _5v4]HbBU`hOD*[.W𖳟0S!<ƌu9WJ]49.ҧ]+%)C\Bi41*٫#2 5#8 \Bf8{ЏoPnLX@zchwBƱ_ t% o[-%X]V5*5]۶ܮ9.޸9n7d/сğ~qu+O~mkPzJbS5q8Ǽ~ˉ/ m6mG.~kJFՏ@Ӱ 3_npx%ei`y#SPm-׮hsٛ5BюE:f#l3k_ҁy)e0$( ֛:9]`LCufw zdB=φ#4ZQZ_K5a>#p49}lMSc$9239#sh ew6s:*`n^x[G羮YG~.^z &;sM +9h着o5jA;&uditG24y?cQ%τwqH~}.!^@"Vg۰TqP߳CVɇ(!+y. i* RhuqհA%'OQ<z#*.GAUiWR:S'J|oB?G;lfŘ xq/A=%-.W{ebp͒oL3b! D;fN4KT:XC9J&yi ;#}):l([ؘ>l JjH wUvj&Xc ַ74k&[yg5~5V>7ІJv!J'RZh bb:Кz#P ~"" 䎵^9\09ݶd6DpWk\ڊtxj:E+jX3c1$lPn:5~i!X0ǘM׿d 91є&s$NmF)LڨWb X1$7fͶz,$];_ rpxL'Ӏ^iYgu^lH$13jCQ!Vz%`r?lxhV՟Wr"Wkܢ!^%Qҟ0<:` (7ml#N?G5na1uB]t)D.s'/nb.8!A$=B@DXr~h7*=S Yβf@ч4bnzJjqKWa MKY[_C1xD1 cta(;@!5FJf%bvгokIMUCAoXSm~5w?Fq#CLze& crη ,}aƑIPojB@iIrwgdC"LvLj0Lj{RҷϚt(#%%m3}j^E[sN}uuBhUsJ %ψ3ub,N܁D1614xfԝۯsz(6vp"/&_NB󆠅J9lczOo^P!K_yEe/v)<zp6 ֫9ܝg_1"Ԟ4@D̲=e &>K40r?h{>4*=7C'Xc߀җ%lSʓ u2}_%>Y| XQc!MQmNYI"t:z {J!6sQ}d*hi|8p,e^e=Z7coꂌ3I8u; >&ǕwNhiN=yNҘAuALY?%Fp8l 78dP۾8H  ,/lr'tW2#)uܱ+`:|d 1dn)9e e % \G4Y<"5hxziТ{3^WMBVKY@@J>Ј{;nRa@U9;S}hdؾ[΍ob5d S}9!3:Vyݯ+WWNYA8vgW}#Esq5e)=5oM̾JH6Wda;EϪ<&$~r42N_0[J-͒VWm  aԄ)(E}U2+F=li(L-0₸f0  Z -*8ߓ#ʘY8dD;!;_XT<,f%<|>%@ȏzcg Ҥtc޷2ǭ7Xw?~N*&:*PZXzŕF(t6q+ MD%.ؓ,}ӵT]v~.O.W !V6}STxbiEk\lPw_=Jކ?>}k w751cY\@i/#2Ppv"]AY x' ': A$V{D_o0hMgP~8<üߵjye(L>9ԛv "vUg,/aE9dGgbeMyl(lØRR`/X:S"Ħ ; J[zK|1cFu);tcuӃjcʇmF]xVJ' A,+-gCjEV0 !_z+C-1 6%#aiVhb:sLlI="w rܠ( uk-ckѴj"L/}ԘQCk+SZЫH?=R(?П?DB<ƧM5ށYп/Bg؛@ҡI6kxg>v)( Uihyx34'rMN,t+O|b ,_˒+y .*$eZ1_-w-#^,dOCaxAZ.yr!]qPvhLi7/^\?b.MorvI.õK+?kMf%5t0VVdO~gpeiS8XEoCs>ⅱ^QL'aÆ>P$X豥2} A|BX($7[xT,Q60@9*>M1+40ƟǭaO[0na>Eb1 7_),}mp.yIK3꺴NTPϩO.>p+Dle7mqOCc+2^pчy T`) A0mRJdEО 6'QĢ3L(f~օ#єu]\x2a '1Ò:$p OZ7؃ xP" o`Dhaޔ8XOFt浓,Wya~4.sר2ve&b}LE+ET?&.җe=ZoxW0(ܳ,[xT,T@-X Wəcs 0{J$NH,Rh]J q(i*lo5{Ξ要C'l/!L+mli@2:x%*Ku }JwدYإCqKC7E#WgOXĊnZ#v*B:QoeeoC۶NY&_dz Sp):)=z;?;ņ"@O -g9]*  l 'UAhϝM)MVuΙs~6fܒE-PKH%mD\k%2j_QWf÷>Й <龛Z{K&ذPI7WT򌟈Ul^+rv}n5( Tp;XĈ-Kdd(GEٳIQ̳iTCs8<r?d5΋DCǼ5ޝb~ƌ&?n?b% l v߅D)^͈'>Y~ڂ#C^db̙.Ҏ'EQcWk c6i8F6^#r7hVoM[ fr$e<3QcRK =hiG6N+;"{ovmt45:Οy~iЖ69ln)7l}Y!שXr3ñ#O* kgi`P^Յr >9 Yi]MYϧLg^",oo3T- 3f1^p^2I MZ)wIP+˟e{M+M6E*X3+pmR~@AX >(l~_ p{ [No+ּIu65O9z:^AsE12y+&R.$(jXyDA)[OM/e NN:XFTJ.*&$XO(lWSa+k[Z`Y۟|͌phV J7#Y!Zjovq7/T(8n:Ena ˺^2cK%!N#ݢh \=~,>F` #S0qP24bD9h&nowD-B0Qgg^gbl߸TZPzlNX*H4wHE,“jҲq{,GT/l}~44!x,1b>-NTC:a4ٌu4eM g/u(^p5mȕMv/kJ,% "turrW_O붗Y]=wڅD&&mѰ唐#jS&%h-xnyg{bmV$)$1=_ZXy_NeiR'E qZm0xtd.ԜV y]4lZ) |6?>&\'Cx阔ĒGLV'ɅduV2l.cI4練}S$!.}H1Bg fܕWWh<^3QYTksF`_Dxɺk•*07uzGF7Hĕ"]T9Xg, Fq;5>҈.=x2 7++!D2'TYx*6&-`)w>왶Ѓ-OKpcQ~!_ʭEKG~-H-bzѐdfa1D6p ni!/AR!Cgr ́?ޣY!fѭ}F4 5 n@g=DEtp ݽc-4˭.9ëG9Bg32}ٔK8dm+1k ~>#{AU 'C79ʈIhGozZV??5S1j~jTV)v r mIޝ#tВn y#kऩ!S^~vwF}[۲%(N8ٹQ,Q$u熄ZuMp51]D3Wl7v_C(q$ _/MA[ߺF#?Вfnl+R$RPh|p.aJ01l>p~XH7b5;yI!"c (vGUܧ!*}GkgOYOva22tS>7st"]<# l9'\G6X$>P.Y"n$$y;LZvGҩ=T ]_E[pof.4657(BD\`Oxr'%)MAv7PD}PT9NEiNN/nƌraEO;gԐ5zs4t<]\?tS3oX=T::i/ވ'exHX@N9@Géۃc ‰{ O/ߞ f"˗&SYfB@ 5uuZvKS%=.ѐs"9R Ys&b{gdSQWyTG2qL N0Y$ S͵R/)|wċ$)sVt˲b^b'uSD`{_PY>Hz+j$Ԫ!?= Rv8RG&`Ϊ #A-/x i&58q ίk1VIB$϶y3bI@I׬=(a#:mE}x"-Y'55(/rqߒtE- b?'T1̵z UcċE4vz_l:md?W"j*jRۅ,_Hgj_X4FZb!wbNM TWg"ڠI8) &Z:k]?0s'X<Y8 ӣ(faeĆm>1U 8[mݎw(y痔_:2~μ%].oP%>S.8SǛd.'K+ ̉p?̉`[g_pFstFȻ @Kk^bMg׬L>:?B`-qoƟ+^wQ~"EJˡtTp4s2*}%x+\XU 11p:)8+ABAT"ihɿ8;? *P0$PV*׻Ω|XỚ]51;a_wvEK$^)zjfWKi0s= 7@1tCVƀoEm^tbB>9¦6a\7iN:Z!]BZ?SJ7i]f, %hSФvU #U21wqQ^$_¤ZiHkf>?:s1\tB^QVUo#ɩQt N`,k'v%*OS.?TQ)E.q:n $ZQN$4_B'3+VMOeƪGBdʏJm׵Wi F=H܄sH&, ":*kqia6§j4 NlC!n|ՒXmdT6Ȇ&ꪢOމG$FewSAҳ^ehd3Ts⌋[ 5A/(" LUHFB_ 4 JIejj%T4oIq'!kbfYhCfA+~ӖvR2waJE;4hUUizo3J@ ">9ߋ/Ȝ7Ԏg 5[Z(}@ ?jRؔm\ R}Ũy^T 6HYzAZU;QV7:'8ҚԤGfKǞþsQ)4p`>(uGLa}=jZ'#v$ZBZC}8'=ve;D^uM5:zbq2;tV?<ը,zKz}\)%?3f`.ґgf7ݫNmrE^\_oi]ogܦ3K+׍~kWp!-N&uAMHNοnTCT``\y9,sYw}dv3+o7bFգi98,n$f8BMKIY7 (RF#vR:nRi0E4&mѰODRdk A-)p0(bbſHtmYrS jvP̬ߌ(iA[ɱj" nc(FAD [v4j,4f D03" L aCw%C!G/';'!~^6ězy3gD[֕< #&t5g/vm>&|7/B m!?y2-iPe5*=ܙxqg(q ^ư]n)c΢(B5 B, V GfES=c?wC!H$k up~-Nt1t0ȵ҇Ltl:V,@ 3L$T6H1aam }TfUe~bZW:$ u/bщ.Cu+[fn`Yy-B/ܤ t ղ:5ro "]%UwY+A/dy=U_1ЈRO[U@:tXAhIq1[8*w Ye@5$kUG6"E'i'T{Uy |%L[8`ŧZwaETiX hkrFA`5NvДRR>j mߨѸCy2{n'ւF u߆] rb4KB;ٶ9y%/ԕhltO)ⴸL!] Qmr8" p$^7Jly) mH4(*݊/Q&Vj Ohc*:A!^Y{Ό0տ2mF2cN׮5Uǫu=37b1_a9W@յFPbj#M]^Ir4 vj<-6CSgbOx[%ۘ(@/ԀU^J*g%̛KҐ18x*;\]Ї_S.k3c=YJ4`BD^f ┡ӉM'sN҅LI>ra&NR#$RҔU[%Ѷ5%3rĴtucdY)Ix,sYSu (qzGxG%#l (WuQKiT]PkEFbot“_-i9 JRryf*R#/tS]lױC|,k_f/{<1Po;߼D}b>q?mb s\~]4O\Oc|.I먥㮅rڮotGH\DmbFN=wʦX"(R cdQUSX#a}" СPeLШjV\:"IU%ڄv5tѡ:\ BM'fAvNݬ?zB8&SG+5"$=z\3K:QHFy00u쨖9a2^T1i˲k 磄P(~ "HG{̪F7:YE} G(]qbT,:So2q]-j;#k2Ҷ$ذFJH3`$~MӦTsMXKa[v Dj⸷M?.Ԅ⥶Qx4M]GWe><}p]|HuHۙQ}0U+jcQ-9vpX;k3 s.<9NʯqP=^2T[-_2Qr}Q8)o9BC'-K`sKGs -Rvq"/;Q nh4U$]eÝ=/Ƃ}ډ3İ"l]W9[w$4?%Dd3|ԯ#%fAy e)Lȧ#f hm B xUtE=Y>"^@(į~{<cO b>ȑg6]2Ph0 Yo0 3k nsX6*5>{+N!ܰWIh4'ep/0^ $fI+ėSWOsT9ej ׅ$KE6mU@ *efaw:|I[j-0q|}d]gÈ$ TSE(;@"Z $|c'3\y0mNgm@2ga|ѿOY Ѫ+ XЬzj6ayAHi)/?%OevH,r8~ #B6\z3yX("uKyޯcLLDktQJIζs LJh$WeĄo;(1eqjGf=^Y#9.;>[EW-Jf) }Đe?~LØ!M2 <>\ш@N|WGcA`FZ&<fZ) UMDVR>s>*O=ʳhPgȩ ]su&.F$87O?3gR>^x J%Xi+-!ta ?U5:)c-  N6ݗ#OIε7i4o- k?*D k{q69 1D 5I1BWXv0~O'ZNuV=39rCC O5 }gJ $&`Wۊx21&ݕye8篍)>X -(ɑIsɞp{RKԁǬ4k}Ttp۾h]C9en `Y_Dz/i'Wㅣ>8+W۷?%4;]Ţ۷/P~9:;}:TW}A`{$3lyluA Wu>CBr^b> Oq(0ܗXʂ =x}Nh+߯(ĵRfa}q?'=UI\~r"5\|H7\^5@9Din YB`0 ![N >K1z>ȣ$(.l1H:\C3+lȲ'{FGO1NG7'3yǞZ,\89i\l AΑ_gZ7zƁq5cѻOͯ?[O* V\Iꐾػ޸ fcsT5Ǿ_nHB xUk6q9mLGכL#c$%@Eq ;m`RhzUakŬA\<1˵!R'`nm4P?P0`$y4!4'HḡVE1 Oh-#2Ck{dF,|%6d`Al*M(U%sc Qnxھvn1 syȺ;rMg*_1Zp'ߞ ؿm:BMČ`t)zɩnf_cn4ٗN#ynKǏ){|bV+r>iO͗>Dt]۱ONA颐f3 4ω̸QB\&%@ %ܒdb@׵_pb|U\db+xȹa2"vnŽYW#KhWԍ`n X3r0[fi$nU0Nl]3L؉W%uJwm2of נʂ/T;B@mZ6g!!PK$`}p{/U}BvJԕ]"ɁcV6E CD0.ҔxcB?v |&`[Հgm e}[X'aY}&\[9Ni 8Z1ߚGazp L2[@p~=Va1yS h%P+*sm!}­ 6_;j] &Dk92 4/Ħ" zB'`~;#(5XUR݋ܝwLur76 ARȱbq}2i,t@!} ݃t[vI˯FͰN%4v9?b޾^W1v!4 ~1tT|\y46E: HA5YF٨ndK5XՅg4BQ=bC/ynwrw*2]ș]M!_~x|fFƊ]YwTy,"Ky<.F dJͱ- Kס!3G{ ׏NdaI%X):fbh}C3j\?MPDM*)t*P[ܳ]ej8>h",2Ik}O9B (k'$FE>UɣEpN1ꀮQ:CE{D0_wDž*VAΑ"dб 6d'}gYp GwۭHz{S ߛT2<У|6~gQW/U 䨻}FJf:1PD r|z.ګ[Qf|c'2rL %_ K"}ԫQeHA뇍=Ӓfʹ$rϱSԾss7I7MyK>Ѓ)֍X*Ip  3hJ\N &EV-?p+-xxlp0caeC$H |b"GARĿ$]߱|=hh{pL4 }"9GWOS/{@jAd5q[xm8G:KgFY{) ӢZ+ , gqP(\Jʪw q^c ȣZCb`iC(J! mH6P>P 2Djx.{*ظD n-:ȋF<؝MWoJZxĂ8f!_@ ȓdzI}-vu!iz")HQ<AFRw ׎<qPbXIhMv9;/x%kD E~&vZ!^G{dAH1)xUD#<]X#tkW'zb=ѾxfGޟ3*0XGu\5/mU[5Jp|Fh@%JHLR{NlyWz~%s ZA9$ oF[Ol<9sQWnן.7NMGЪ=ʜwK4YE#$kEl׸G"R yhrglqW-9 e QʚZ )gm=}X 3?tbR":\ WOiE~ \'ϫ;^N%[Mn^ Jj4i#}]Z2%?ƒ6`Ѐ~=">X5_&聟?\T9mDQU4r%+ U2,nmR:) ԖsvWUzit[83Ų[sh8E(mI5]N@-Z+gŅ[g:wn#U $W HGi:J L0)\ S^:/9n8>:oFKce-n6VBGad&y 3;::42rnOسHD2.4v4n7Pw;:fǯfj3vLSIݎE9vGd`fnإ`08)/6:]L4݁>E?wPcX8//E7 !dR@RQzZnjws Qy|߁Vvi=DSSR)oa< ~Jn[5&OnM [b;oWUyecp }B|8|StWA⦠oW AJZ^5[z ÓiBima 4n"5#qUa1X=b‰g|'a PAz2xbfؔ{>/Y~PYf`k=iz>1JV[[ sӁ0vNWO'S{vMT%EC)(0m&$0xD`([7ֿUs54{WWjy&ω~bBƆMg=@:3h5ʟFKxltuA)y&O _qS: l)/v`gC'ڕ~aXZrCrfd uX;\9OcJaB 76p%*%1 %t4' g]@C֛KwmEfZrluC˒B 'ϵ|] Tr^ca\7{3P+iw$uz?J[|v a%t= K]p o niJݵHuP<4pQR6DL7#ܸYT!:{xoюeդ,%˅)9GsJ<ӊI:{;hoj~{vEnڋP5p7s(R6ɤ4jD+vbM>;ݳzS0gHqZXJÌz Dsr69D4T[.+4z͙|fFYa*$ϖ("U x:ul" ӓ#lg+Z}Yܯ;o|/7 /념"iE&NfcDm?:ȴةt7z}Ϳ+TxL>f8;]@sv+uUߎ yVCLAEúC\I$Mr^!D¤/Y]hnds 󢏞A܆Qp % Yڠ`:SL|]DL&e8u0 71*G$I2jp-,d)@| RŒ Y+*sp= )V*MGZ|y$Q>/Ź(58U+(5&$2 [1ʗ6s+ f*kp,Q?, wxǚy GkHWezJ5#E.ߟݪe_Wĉ78"}Y(yop}]W_lVy"wADhhS1uh+x\TNŶ™-:puIT`YF0*ҳᆇWÎLAV! 9*f>$*7A~.{Z,>La$yJ@~ tSv7نT7vېָ5:MK񽿺/ m!!l]6P~HVG"sHĊhژ StӉj!12,GEiNjPN%7wNNpWvA!c(v52AːtyNyᇕsi('V@ $;wD~M'JF#\5i9ҹʡa·"frI'V)\J\xOxu {v|!r-?r(544 [{calh` TKLagc*c)KtKй֢t Wsye2-`JLbPР]J4]*PZXa{"Ձ\[2Vq]ȯBb`9׺ŬP^wQ7t|~0J }q/(v 4jt;ruF)#>`{ 9wnUD de"w@ιcrz7Y M٫y "k]hP+滦D~12ϟ= Oۋ| Z7Pƣa lرejŲESSR=v }>j3$`>:2/()>E0H~lßq6w-"wΔ0[5Z_kt|*8cxO._.1{.-F%~km20dBQ~k?#׍'Dg TCr}:}غizhM|}C P|e 2`01wI}ϐ(Q7L>=:~cwz Ak6gϧ"V&g(-HD)^2`̻{>Kza?ʠPx_)G e* d/rLư( P Jnc}Jj'b3kHh9%\]' Xܡ]GucF\f/pRNy>_oA]~BA5&e"ՄQ0~wȱ5%B(l0v9T">Apw3-G%: 6)F&SyM?s% r7XWڌ 5σYyl΢7.?|F@w+L| w8Q+Fi<ve5բX Uj-^+ ]jD mF{cD!~ p{:tsm чK|H$Ͷq,@fXi]F=LÖH0K=8HC PP VXfM*,-t%mf~|L픽,MqҿA}/|EOejΖā$D0ʳۯRsd|"9_昪ӣ =w$'x.#@Y9.2"k';G cߗu:=s7bp |P 鰸Paf0># ɺu1)'55n#c/Z G>kn^`ƺ¹mm~u+v4kq?8n,}Cت*MueJoaHz[5opҋO|Ƈ8X|(;Kdn űYh,h]h{eI$K쥱lN {CGfmNRieᅳ7YP[ u٭{d nMrW2I I%1iqPW29FH8k`v9M=(R,ーcL8V ,9?|lȶ/W'5QlJJ?x+n[vFԚFc̰Sf)%$kOs̬Lߪ h ͽC!g/uzMYD{0@. (?:h({pl +4RB2'iZ&W%K:' Tu T({Zr}2:xw77~'6;r:ODp, !2 c,ꃏc:,f|/:ӡ#F/񩅼%^b>h&fZ ;֜w.n*9%0wi 4& |_dPMaH6DINIu*{i:TajPz7ÁSh+؉ w5CpTdnwRVd yR9/PK0;9HDŖu  ]硧x5XjpaoaY҉@lԏ=&2VR # .{d-:~tQ l1NλεXYSMLa hgѧD26K_jE,̐BY 0b2o ܧ ҪDzxa!øu)LvL`aAl4a]%F%ut3 5R4>>^_%c- ӐuΌLP/??uzt/B`g! Z#"2B .>Aۿ" Nĝa0t14JGQ7R s"/g)%~cypR˖@Xԁ &#Ak$꜎OQi@6d)3״^nPQ3 bvո_57iQq)\2v;~UC }掄5_t%D!S[c1 KETyώ^#8Bk<q qefҾyA6-ŦCllVknuL M 8Q2+O<ւe _?Tz*w$,th+xY߲ȐfvF= Lؿ "R|ϊe纡hlfPxtn1k:bP'DGFŧS:w}rmfq3?_;^8:bwt |oP:֣}=Lؿ>̓n&kʘi3jk7 I\߇]QscSo:E9wn_Q=l %i7 |+BdphEΝ0:L(zˣ}\_XsC`,]yߓB|<e!0UTs^ ~Hz/i YC DfL_Rqo_jK|dvrLN{pmM|w>, dCVςu{Π2?:LНyEӻօ\,VD92޹OpIEH& 7#vnuu0|ﭷd# ᷉zp|0a(а'>EkĶdW|7~=N M[שCG>mG"a141PrވWN%DP?#K-f4ХDkg[6&$/(X$&}!-$24U(_k.>WN%$u$!x-6Sq[s6}R퐼D/EC0x^]T8v@Y@Dvh9"RU9d|Q+u{/9ӹ1x;&U!ɼ 3$ٜ~}ឤ$S{igJݠ)lջ%Jg NtVm}-F uBe*8"\Sɭy.}y4=B 5`权x'@N??ͥ4#$yۣ:r%͈Jϭ8&V\.0}qgJҶW)VQ"޳6??+ d-ű;'N>` Í 8DĎ;LAn)5'Q;_Jjf׎%hlW71dbMf#O:Ɠ)U [1\vVQV:Ku"zT胛_m͠՘J}r>wCJ #Ыpc#hh0(81=>vvx:cv޾|EHTA.YX^+܁LP1b.]o%DDW/A)EXaOyX^TLȻ/.w`ۈJ!٧~cy.2L\3 V'? [ ` hX`_p( yg˶6wT{L& dvgFH7./C*!}v :^^LK -oS!ːϠ[&lI-1,“rKo E㉙.FFNui*@>@Z4}i%%-Iv2>ӧ05J)ں  2 `sY52T- ^ԢB^odW4H8g{g=TAx%ܢ&EW#s74xs0kHhU3Z 3.MTcrlrZzV#kTH;ĝ \̇01mX%BdK/}5V~\F(CV-w6НlDabtwD$WBMgdٕ𰴮#Ỵe1xԹBn7lj;LJyx  c gU*O)xlsCbhږRuhq2 aIՊdLYp˼F䖍"u!E@2P]QlW #s.K:@@KZ`{U`VX.HExzG[)*`~j]5#YǿqW,$ ʰ\GKJh7wcbuW÷;V80 E~R]-:"ߎ&Tf7_%*.R_Z.F~7j#J8sXUDXi 3p [N5slev-E;'bP~w t"Du .r<syq} FD["ȝOJ"ʔM!8گKk'Xߜ?ScK_c+{fS&o!k,rRϦk rD@cg,! ZheMmCE\ʑWNL ͕=n\>S9&Ŵ14>,x0dZяDS+-#CQ; Uam2Q5 wKu!=l!ׂ"iLohjO  R {;|=`vʖ[S⣙# t67O>iFGWQAFÍOO#猫]sw}!2Rlf$glRJE' cV 4^x,=1bwЫfJwio˥O+G/cwe=%,x!҆qߧgCsP(N(dOlrs9"BܽFxA>d.H @ɃQM3cmDkkRdgyil[LD{.e.wJn';ZwYΙċ&SM3>?5FMAcɢQ+cgp6uJmrg Hw&{⁁@ryeulfw{QʶCˤ ryCǒѝTAPON iPSS M!\Z)ޞz­ aF.3%!j5 f'Gr9@ʘWdV\?s @619WS]'/זcT0Gdq]i2zv8!xшaA@&I(pcJZ0@&mF: P\ft3>Í7C>5ҸEtu~aN-Z$<{JńIk=f\>LqwE |:{,\DrE>۠6Cvu0 14NWRj.^{,輱BLl: ;VW Ҋcݳ'+EJz; xkY8s#6OWP׈|V iB0khU#dU3;˜9QDH U65T0ULLIZg.k۷ES İֺO15)ͪNQj凞+%Ux u_[?\'zd6WIO=~o֬z;VGff?wZ3H8j,2Eaf':Je<9 u&7a. eVF3NSST*,`ӈ o4K-!pn: h0 fp.k!N =bʰà jUFLDrY.2&m.oC[*g , ]60j[=,K~0 /}tI`"#O{ؤ^ ]KBX iuwZV,"KfqlAd%ݧqmҏUEK1%:}U))ǣ1+K1Ei+\` Fs@}%|te{x,d" #{R9;iPE>˅qvlĿmbOV"yҩy&V_1g {Q2$LjS@'YgILN 9L+-GHƾFjsxKo)A?i~N2A78Z3Yr,$Sʼn1RIeTҒ;kӛHJyaXΟh ;kQv[qU4&7QpN}1l0ɦ -?s7,J ۡhg])5h-E ɚ4K+0Z|Ff;$_OAfwmS,w\c!/Q,(#H+Z8"Q$O `hK0Ak"^=P#\Dy7N'ow/I0=ܫᝑ dpq&QT>v-p;] 鍱}̤AYJݚHxd91[qN<(ijBks)M[&0ui1K߱}RS5tV#ţ63NquQ:wĦ4H-Z śsԿ{ k24FHCyc,rټ$"f7l(˜,HGd: \x"T۵ZG+̲ҊU,RAiԞjX`|<2֌NCz5ۯG&i 1]|[^qۊ{OH)8 |?&1-8P>xF'"T.p{t8[O+v5.egƂsu:ž۪8H0T\&EDۃXLHf29Y^KTLeܨu$tOzMHٰHd.3 pESGD!U;Y?7G^?|`grR%LKgU5 l$L^R%OmGHc$lI^Hb%Կc\kPj3#~ q`s­ϋiza2<[ JjB8I:j]炑0z^|CIch!"I(CJS$sj!]IŶ@+24A+rDtB :hσ7g MN" F='D0t,.*Pgbs3xM5y .`90f$t?BvjGġ.9 0R(#HZ%vB+̪@BJZxUYhp 5e/+󃷰cw8HTOnM#*&0Bu>TDte}Q$63AG6hw$Kج@w}.'ԙb"=r\/TSJM+%l8rذ`09Q}9}ɒ δjI!i'`X.$/ cHof^.U3+-cc牖H vIƀ胩rahrDhV',v;vT2'k86a~eQi@q>"qh 3; ԐeՄd2U-+dloy'T-Q32Brv=.ŪW: ?ܝ=7~u'e[4kQ}ECaՙ. hZ8T߫n|F+aSP5& X;)b.vGԊR9ehLUDn M,CYjimGlo\o*HhƂ s%\sŏ .,])Xyj_ęǣ+ZgȰh u2*{6i]ɉ )E8 Β1Zh{ DIDsoD^ +VHzy2祛"Z p. ʟУ['cg^%~2Uow_mjDaM[oe֙,Cu)Eax}[ZG\~X`΄àZBP s~ `Ә81$qtd5ʫ!XF7v޽H\P_`$ AlAl9!0{Oz*=ql qemn#(y%UtqVޤC&(UPHpkmV2dI(zgPUFI@*ݠt"U~M+GoF@p"S3lc$J3%t=["2ӂB[0)u(Ki*=dCtƈn: JB)Oi,~eN3\D_r[{앶p]Te7T73s!< %1(7thXsyphg :v,+HD_GZ)\11]c5_饅>榕[ vxr žڌv{e.ZVxPs;P[6  ;]J+"yzcnHY%C~!yQTT"M!0N a Q@ NI"xs$1h#/E$h;%oRk Zo#TKk~=rWӚ;|d׵hY&/nQi?)b)MM}5TB =Sh7zk⒞/_S:|nkL>cp9iA=@+թ:gH'[ TL[Z-$t;i6jʐ.Z>1$p6гw|__C*Sԑ:ʦ8o*{/tb]jYtR(U1=~YQ罛3Lgh$ BXzrbynHxfjYx0/-,XZf'#9dt?|z+&@r- QGw/Z%C7_t| '4zI./Bz(_dщKX(RNRTAE|S6*[x`S9TbKn>l<ȓ8g-.{u\ר,r{ '/&'W ر1MxA(az= O$,bGՏhd+21>ی2d?TĩLk+u?n425l}q\ ޱIOYeB䲶 ?#ٵ_ŌB}Y24+x@:=dD!`_-g\UF5-OhrOd#L|u -SJѣfBVŰVEoqLafp$ͮ)!ۓm8{F+cݴzPԺMt?iNFM+4)ETJ!"1ҳ4]pĝ aQOB@]:0yց~\\\:l zm~[ڡz? Oeխ"\y~Nd^^-^a QC%:pk42i?Y^R?(;4Z$5Z7ČSƩV.A}='J',0)A !ATS*$5wʮ]Xڬ:V|jhdGb}1V -q/ge%ÌC}Sr͏=15RPY Lzf#EFqG԰sj^BV}ɪa[UM)M;@$mzsH ="H0)ӵcSoA6wXk3pA7H ?p^[sc5AcRrcݭ7_0ޣV* q~- s#іpj_`O>!9] An *d#};a@}DѨcӸpWƌ1{`&tGrN's7$ Uzڄ:g@0:0{^Х4iG{"Ph4FX9欺~Δ-u-~Y^@m*GWLغ[iF!AM>WBҵ FSCFLjq޸o-;ܩ}woJ$vNJ #ᑹRgyg,y3ܻau%7慡(͑ %3gpG&C1қBA rOq l m7I wlƮ\^V⪜#d%٧ڪpK!; 翽S7md4 ᘥ,J_Rq=>P̆h`L;VMa#uְQU7g>RH\Q ԳyOis9 NvZcw)r:,W1o1KB}YKeQA֮Ne-S^9a mr׵_UnmbN)0MGDDw؞D1IB֊,-yU6k.3z%?P ȱTc.4``@(!Jw'jҗČ`(Dd\ =8E?5]gC+jOHVAë< DttmDG,t{O瑠JJgK3 0{k`{ۂP%;Pj4^v?֩rEF@}I͸thc39A6,*Iڥ1ֹkw0hʳ8 LwfEiq:0 l LE!?'[Jd`~> 7_|8/5x(.c*N1V}~%h9cw*`5>RV5H}Q 3M"5ӴH iPDL &'3QZdjŵ_K+2/̽aa 5Jvz"s?Fd5sKBnoZ Ip%Bn sHƧ3lECgRB=gakOho&[\SZ}d)V[۲fC7k*2Ó4jY״]g1p.L]vVIDm9;Qs jZ WK"i,YҍNd9_yIxøKq!2g8Š3 ·0?Gj`e| [&gh)*od_,rs!\(ayZ )0JybMz,Dyz,)&SBOn5r2Y †Je~|ky]?3:];뱏#Z͸88A pJK g}b| =!;@aRc%yl7}u?@7T>/ߘCp2Ǫc*qs1Doi#^ n8@3]8-ű@ZP{"ϦE%<fotK"2r ";1!0+^SU,z|bv28q_ y~ eoŬ:ߤʑ~=U([SQ^moLBӦj/n l4>H?~y쪖?t&m(s? tC->):`@q3 oJUeUcoܙ>j_d<=}26ZrR?$i ؼ2c&(WxLc@5i9Xh NG"DYr3LJD.1?7nͨ&`C?YjGAG1tKJM s⬱aЏD71?#ІlVF']1gXs8lS*{~uOYfGYܴ= ګZo4jV,۝bu*б8·7 2qQeP"$Ȃ(jA4X+;,DěѬw+; cyO%XY!I d7&sxAYܝ3ej)r'71r ,ZC`MlbYRT‹L =i>=ϵ J[T]O ق}[(`@5#9­u9LJHd߯yX-ibȽzD"DI7BEsd0/>HrD9kg'満jn:A=d;EPDCy67Dl6 _R-V!ÍC9RgZ_S 랽;Jr H5eEǣ=}9'߼:IE#FLb4/7lGoJOsZď0r#jt-}ʿPV9t౷vkZ,=p_GdP{spf >Qas G#+:,gΫ {OA+jߒ .Aȫ GbbW _Zhu$ $!2ˬ Jt DtNv%8tbrRmb, +wů/F]O O["2 L,YuvQ8W_9H!:?Rz9v{lx Q$AwknKQRP0DZdLoʸ%Q\zfOR6>kMHEk3{xGTbn(X/wnܬ33' 7jt(')8f@' a1?qqX4ԀT}/fVmV|Or8ZHu)(c!7ĠK]1E'J9Q:)0-^F$leˍ-BY 3FُDZ?tdlV1ʭi9emOS\dᙧ4bRVkUcY\k"J]v  + HE=t\D"kxcM$^(+|#2sZ)(F7iE!~eMyŧ"tGMMH=apK+F>|b•GUg !KQo;@V(څP\iT\i1v2SqoWAi|ٵ0̷mgOFzj$6>nHI|G5iHT [K \I3@EɹS3voŜ[7l G-=<\bP& @o ՘GYkX_U(`ۮ" G?jTᲷd> d[*S)="krs<9N =j#[zBߵBMb^m.KK7w%$ןZk,ʈ@S:i%&QQܱ|.RK,Ep&B@k8/T@9;=nRb>;~ϟ+rz=~klH2bRi&b?j9`u-.im~{jy5Ih\̿L_(0*Q }I_0#硹>IW#&r]SA.+gWTdbq1N>H*_Wt50 7B-19jIC}GmK0ZR.ZIBJíP`'Ux`<_r>o;] RNQ+P9y+WUIt)=pgjݟu-loYS(Сq{5C54O7v/U^$~ł+V|gfK0!3 ~Rleu4:w.bR\G 2e@8: h'ë&& ݩuP^#nn}$[7]_ MuPRXdo0E_N&FvS?l!Y8@ɬeb㎦=oV/f8TnFx;JÁ\`]&ʏQm:4 J+Bg?8Ԯo^*F :# 8pm6f̡fmjGwI,sWR0ىc!0g}JMyټr'4+S>'RK09PAd2٫8B6IT/W&rBSXV>q4+^hܳwZ?fr2x;: +jщCZ110K \fv|''aRXQlnV077ɿ%Gw\\w1DvMD4p 2*Vp)\\IVxNx+w..DMPB9@oK`Ƿ:Nnjkv NVߩ᠟T"*cɹQɑ;{sN|^+:D[ ~<;!W֓bЉlRtt Z^1jbZo(*{7%tƬ/Ӽ/awQ KY C\IG?a hWl"ʎz0@V}BVS'Z{7cيk5((醍oKI]e(+cʀN >5s> 33_- Ē|HP>U:>evh6-js I:Iyd :`7<3rjF8M{l$PDw~G 'h`f@j] N;`8I,"&k lJť4fNJI{0ߋBaT,Q{.EsJ| hy%گqz'BK:#D{K|K([DN1X[ހ\RQlSKߥc|%> ^d,̼⽠Ȣ8s?PU3 hKR#Ը/8Y͡}!4Sb28m-_֘T8(RV:ýUokŎ١;F^X_(QM14Fےfkj_.Ro9i?+h&Q.i;kW"?b(/v'rYlH+~ 4aЫ'H,b;{sJw+TmcCe;U+5wiaQ‡5?PkBWPߚpojg?ƪj,~tJ?l:E;WĚ:F1ee9*V#0cfļr0>h9D" ^xCb:.0nrbX?^|}qu@ھqƬߜx3jg %Xޅ#cܴk(uHz9XgD7pfБ26J5PVM du**и\v'{ˢZ٘hfJckAb",&4G)݀@?΄Lv&iaA>iLOUT!}YpEJ/Tl$0. wvff.bY~ṣ6H&0퐋 S>D \`Yp^hkar`z,^YG@Z}0HNA2F%~ i_":Eȧ].(tQb.z{p{ފuWvkE,aY?zIBaMq.]-dJ[.A$i--v{DŽcNߔ]_TPs[_TVmpb㜖`!syzI0s F&UB%>(fi90*y΢$)D.d0TN%`_WX~L"<K}_OHo["{,#rR,SbK- UHiAhCgp E(]Ury$io48UҼ) Z_ƒ1q , J;''=fE/Dz=PYx6KӛIt9mKYor#ugoY5%"~ sN 4iJr㥮O5(2xfY\Ű8xީРx}ƿ|ǝ:Yi^qym+o8CE -Bh1G/% ʶ^"OULSyhlu ]5HC?rϔnOx *fJ2[GʆE}JKb68uyʶohwAhV5nX V?NiqRHIXI!*#/ʪyi. p|F&36 UށUzt6-;Ά1J.[{xY/L$`:)ףNIpؿ;|YxC^6w\Qo}ƭTBZGkOtbiWGvd|:9.ՐOU#[`U5Lb=9M|b ț~fr:jSձ\ɼHEHgOڢgBZNuK1븥`C'CXs@re mGȞEMޓdnL#(| 5zEhukKP>\_\~)/ۑ2H$vf0xUkvhZ.Z.]%E\߾FPE@~9_ iǭ+2ɗG*4] ^Y~ަI}.X͇D 2#Oh0>>Jo"A5Ry7+}F[\۫(pLԝڀ+-)ĻW!$PGZxH'}iZD0Rhnp7BPÄK B|BMTgQbd)j !7P"JõI feJY&GP\22PU11NV=y%CWYDҚzXA!35X- %~p|}1Moc=vFa7 v_ "Uⵣ{,Wv}(vQ3֐|Y[>7L}̙BfTT*LOn/ A`z-(a =KIEff|_IpHtOU"r%GNJvBDZ萧yׁY~-Ly *kq0[u //GV S5Mq;5e0WezW%I]^𜤆RCז(C$^ ^ؗR+$/)Ȅdu7f[]4@OQI"_fO0]*&qIJ=HTLFI|p5WdԝQ5N)!ne-lv$܋yкJ +ޙV\`OͨMlxk(׍Ew"e&G,] 3[H#˦,I蜆QK4!XZ7m1x+*) 3J4gᅲ%N~ |:4ݟ1`X[x(W~t`adI& &nM5bQqF[G΍s9[|a 1;WyD@EW=R5o+{N*s\>̷ǜER2'%ـ ^$:ڷp_80КmP XfO:8e./)FCL}Թ`±6$9wqѯO|ֻ(@Mj؎پ E{55ԿHSy̛S 8K,"IV5 i 9tHs%ٲ&#n;tҥPZ:\mm=" 1m%(I&UeI7_Wblrf Xv0"Ohc2n'bSsLvSIKENS0kMu*n``&澿+ʸSyrff.Q+i&EhHĖE\T6k]ɓOGVOϞpeTnYd@觷طnc󓎏@7e]SAv^n `Ҹ_#hLE]iE|/ *z.RJsyq$qvL`@aeYS;eӮ}#w.;D֟p[}~+o v̨.7b|S~T Qw 0>c9~VshWc{Cfn7mEB܎\#cFRAxu&HS#/ܻxfCe [GN_aT `);6.ǰ od@jklƃݗLtI%y0[5'>=ޱYHg0wce_QY9 onzLj,1ӝ)|Ҽծ[c{;Oq\Bp\ҏfF kf=TOKz,yL E=5z9/#23*X\hguL>;$P8Z{B(g/ = Tkb \gvDd#v~as !""$8+g< TOA,r5I-a-fP<pXIqr: :'84toI͕BZ~6Th.R3eQ/x.,<0PRImA,gq‘: b9ln/2yET3N.=)rTO̅QqPZFkDO? ޤbwBV#Y(4#:+qŭͪd>֪6jVT|d[w=8lXĖ8mL0ۊ]Gwx\Sz؈?'^aH" ʲ9D)L _oAJ/ ߪu3F5R90/\twiGEZOZj?޸u'h#8pJdٯM 1*j0j-ΕW6/_Ww (8LL-Qss}~|1Sy@^1?aRm|5pu_)Pz٥ʀ{ub|A1FQ%:%{0$Mnea d:(sOVǤZҁJ }M2yzFu!\V9v,q? 0~1"2JG"B!WHqҵy8ІM֡~k((Zj7i{pfcUao=hg];;L7@J0et޿_g{dߍ"SPiRi6\ #+Yp#oC\I?ș(fUmA Kzq)r"ˣqD!rIB$#?{+DFNnjj&M"O`1D㋀%>Rqo(,25_nSr{ڴSߙL'pa +2ʇ߉ Y^/D\ۘf֒zyGTSA2;i,mL$ E|ډ7I=D uJ[|J{ASscqUgGҙw {3E+`WqP'M O,ӁrLa'C$d!ێCy 90ƥ<[W\4WfJptaYҵPR:%ii9ZMuLJK99"Ǵў/ҌiMhOTUXtzE\/E& 4fuѤ~l #61^ޛe؇o?[PJO\4'|E~Br_&L ́o"rt><"9,l[ Hmb&!|z\u񱅴)=̾ GFk') Jb3Mĩy\-2 U:'"D\TpYj!4bN{h'FӀ~}k)O^Mu.hH^]#9 if% t9#*&2󌍙2!35`ٟ[NC^:@yR*xA-{};OkD<N!'b#:epHmX3.xVi- N *##[͏RGvQ : v&5rjs2**A?8LUy$ҩ*ÚNVcArC2ޞ]>KapY~T"]W6v0ntجU;Np'㵘l.jF ={yd)ZyzP)=^^z.=G4&&%bAt, 7_,ȕ6$ oTU0} Ẋ&^W^ON(?#bbTMf1DoWꙅbkFX^efq?*CI0R@OvPQc]w&*M'RbȄmIZﻧ"Bnr-hhT24e@.N.X Ǟ0wLș,Icdt@鍜a\Yx{T?zITSzEl 34|(Bsts9'ç;0;ݜ/5X]H yP |R5ٗ8HoP]l'I)̇ɕJ9k | 2t>jZ7o[ fW8 XuF{Tqa4ᯟz5dU;et-ˮxwRzL1UXVgˆv(~”PN%"x^Co*b;oBg$fu'D:pYy'OwGpLeݗ*ރnWaM0 B7uKQ dbzzڼ-[ 78f6QMV.f6$Dv艟: cx&# L&*>y U`ꘚ(8X:30-vJshQ =?"8 W7qHxը|6u{H켳+ uQ텸杛I,":MӎI% ; g'Bn\TH*G9\Pb^QK+т"JP42kY~1]* -AqYiv҃]I)ujpu;‡..L_)SRl>;X`DUՒ;fwND>wr?*EjHN@z_TK<`c`}MTo##1cy*tKg0L}HHکO*;ݛh_-Oh+D}ؿAeh.Pb{%(:":俹Ds$) rL~&xa>U'eUJ*c;2JQ . q/r)5; S1uA\+SXr"NsyOKRUoE[%38;T'nq#O]ޘͥ4guKœ8G0_x}%6\"bc`xpr!*4&Va&+;grkЈbX4orϼ(ݗh`zl]utk R}zqPVJdQ \vXk uAgl*aiclUqdr^(QӔuDK*/FpJC[пRcǐ[lr)l Œ4,_Spdgy-Yr"7iQZp=.<"?jw[z8CWeT0HV&?C1 ܂ɐ] XyֆjՅb4t&콟{Ȅ#ãQ lYvţfBuėBhF["~ hAs~ɂבHtRn>DPe JR~%/ jN.U -|+ޘ[$9AygE Lf =mM&4JƬyFj"& ~4bË!ݗ@E"*_aŭ3#(%TWxϸoZMGf;Ϩ22ɑڮg,{QsrgT]\Ib:9l# ڛsRN㡁D0ʛ[jYmzKϊ4oyTׂ͚Rulc),'wˬxH~R}{g;[bACjsFnj6@ TiBUϤOhFZ kaЉPYb_&?; r`vvIR[lgAY&aHfk3#@.Ԉ E~_G1>㝊dfkK}솅xQ뾵tUL6+Gͩ.0wemc5>o$]1ޭ7|FuiAoz"Sgit<6۹6 xOg`+C" ۖQhS+CzyƳKCY_Z̢KتKsh:mߖvhE+#CugRawr'Iօ%z-}-NuԁNf.mQ +Z~NL]9wIdMD岑_nj!z(B :BB}LH*9(6ڡrqSU/D8w.b :zP X.RUzȎrtOZR^lw|4'q Q~ Z{O+Y,_wJev&%tj; ;V#97Xw11095J ozFɁbֻpɆ}i/JF!OD3[^ʇJ.m(E\Wͤd"ؽA;}6wX9gb%seN*b,4^Vf"w̺6b% k?[ePV-p1?m*#U#=S*o~l[%g(GW}:I[t4fHo@=MK0{~ah`, ni pd&CcNRhayu?Xv_CLҷMtdk!@E:hz672PQ~@YRY'smqoY)hU>" tXCXD*j/Um#wU膮cf]S3D(\@#,.HJ ]7'`e7WJs x\[ 6(1l>YVV%+tuUR Ϋx u 2xn.Hp-$l73/E6M>LNdhķR^scЀL/1#+AA*ȍ^eqI6t=W>`{|µ2v q] %ÆF_g=/5N`jpxwʊ]=`%' ˌ߶܀lcJ&,A%[~vM-gk.٪>N930K-r~Kh;|6XI To3 C|w—rz5pj7cScܝV | IM1;|o6++y@ws%pyHH%=] >F<΍Mb*=f!Ѣ%N |>p*ڼӚp}Yhd?,mbh4__KǐTfw@]L{ֽ.ǝ Ysc bTﬞu9nUP{.3RBLUZX@/(xnKJK2~ *7TaFˊTܖxb|kj ݑJZ[槯#+O.,Չ]7_7Mw AQ(:PCBśכrX?O6Z4aR|# mL !=$pNBPU MːYN~R%ﵭ dfmY'X7Bq['(Oo.+c=sWf Sԓ&K965o)}G&gr~ 1b wsZy"&Ոez* wa!BВ}{dދtʣ0"뱱H#b;^MpCf3cF>EIBGlÕK@h!-cH4%#C=fdy$GWӖ.>nn(( ή'X̑)F8gπ^ù&jq[?9h$:` н){dn)bBHÿS L$F$9~H37B)Lq-VOp]j&|0xRhwǏHz<ʅ6Xx#O;T Yą`9VkVSֿ9qo/$MndXBrB.otEN XU sZeUZEѿl H=_u4VRƾk%DR:D;k^"閹3mhC/l?K+)"r-(a#5V"T^e-$։ 'D+_2Epꫜle s27. /x?1Ҏ+ sbK:w1Vdn#le8(Y1ͨ}-*C-h'D x@|j'wF n]yWHoic n*֢^%#X)޷>C═0H=۷YHa$2D<&45V=l-jI/ۋXt@RG+%gmo-ݤ\ jt/Q2dGO?N| ]NBs:))f"b(L^n|C3Xbեyt ̖\~P[k, {S^ϒ8ǨO/ ޅ5%%Nlpx*2 3M1f ӣ"E6eMXi=[Df/0w.sHAk:Ǡ6As?5 $16?r/B?U/ds-T}Px"Ɉw{.39orc*Xw,~ v 9ܧW?w!&[\Lk?,b_V_y uk֑mKG=x r0)F=w ę-0J&*NI[X؜p& %[ o#Wq3|W[AO9Fw(Ӳ4o} IU~čA68/7Q2v 2۶sK"4/8X,UOSצvV"msyM/0LtJ܋ pe?~@Q\i:95Fd'_%KhR(`a/G N@\ mϧgW,_uWqQadEm$L~d?LN!-7-b]_F!ȑH̱M6R;J>n=rxAN- Tphy6vZ(\x$O-+Htlx~Sjʷ O QV:Pw@MF- 7ECfk>[͑.f$@Ym}D|6zetcAeMsJ )Zu$S&ib|eK@h-F(N5nmqӂ\KˎLa:vfR)tNr/'-(ElȿerCf"]^5b2?Y/`X4W)㉱/+XpRA/¦"L_xrX P GĺTXj]` u1Zv5eS) "@򃿠[ B+tqw XBNH G~QM Xg+{H/ SwR2f51B '+8sLw^?h-&3T7=JmL#3:1u]+E`{I^Biqpx7hsԦaezc*S b{ CW>@o,(RY\hj5L ּcQlCG$WXUIoL|rM+/u,-E.U:PY::>IUni;s5 `eS9m>>IG̙yyPJ/s/^o*&hZ= iB xɑv8ْ?%qWd] ֒`faʓ;,r}3kEB5ܙcZ{]9 #/mz ( ^ǖdQw~3`5]u>Z #KXd~ 88yכ} Vi^QKL ܭ< C{46GG׎+Q|&eCmY'l+8QhMN=-, Kp UڏL:z6SH1(5陗>k4E׽価1n}F|ٛc H"'(N?qE}Q98ƴ̼UL.\p`{>_019aLҀ M"05 ,٪`dۏ ih~h^ܗ2tJj 1;>&!s>x{~5p$Or5`g Յ9VȖV+ Zj "B_:Ȥ:g= { g=NުPqKvBpi+gLҲAm\rl3WCߜ':oG JS\^>#W!^峜@QYes(DE-+st~8LЏ/Kl4 لDh(Ef(0e:v} e`;i91KVFW ?*^`"f QC*HYls V܍,ͽ|Eq9gvqsQiqYiR6_`l4$ Tx"SF/dd0^j Qthl; ZZ-NI\N2rFфfbvD*>ll$8W{QEzk:im#F%Ma:]Bq t_Q,\)~\0v&7Aˍyp՜U`qHUxʲ tgU5z7,9@rM,& fm}"ss`VXǨ@L?<()܇D(686tLs;^PlUX82|5WVu& ddZ?ݵr+MO 8mZuzlʧѭB i镭0=a왰6(8W ~iচDv3mYwr& hVh-S/Lj/q$|~W|mGsjźrL%ɺTvψjޫ_e,e ޺f}?+W Au9KM( @8CtZo@#by<'/ QM갭otB'=,=)fF׺x.Q)96=k4m^jmO.,G9j 5y;T@;lV0>X#+sH ^-00/]0,s!?vf:)#OJ3 #r#:曍J-f3+?4U_Շ3S? W|U,Knt#,9 5׀,!W ޼ZF{dQգ8}֭6"xBWX&;]!yy7>G 䭟D6N sIwwŮńIRTNu yS "U`߿[_J ìJB`Ka'|71)BHeӊ0RI=Q3ߝFn1K!; ^cVAᲤY(%h;qB>j6p1嚜A8˜,3lٻw 1"]Dvn:u3Z`8F`;~cMF/ymY(TK>3UkSz5f:省5 a00<.4ԶFE^}Yy9LG/8>PmÿO.ӵwE)hjA:@&_"{4i)tI5aMpv@dKu8x,i]igwYu N^*Ufˑ%1Ӝ'89/3.Q۠? |j3l_l,ޖbQS1f4_@tJDxiw4WA_Nt? FΰȰEEzR_I^xE"k]zveIVE署 b?*Prfb! FwVϧI83ﺯb>d8j:cs|j!B=,eW,e%SoA{bLG [ܚ+J1֏+BCFss2:\!ZC%,}|c,LU3C<}e%c-`Ъ {l+=jox@Y{j7]_ o dgwO3ب5x\ ,*HBAʗV(m2ʂ30%1_ȥXx Clj(C3U+ȅG *Mv'f/X2?YVeKi-Jۭ'܀s|Z ~%FJV3ؖkf'*=^Su?+3KGg6{1cdn{3XmFCl/}2{ UtcױqߜUB,RȜUHX< )"i_V"^ECi!r ',SylUC'$Na79c2RZd9?Xga<ٌGDNJ>C\*#7jlAVlzl!,=il4X;#؀t#")8F"Ȇjn5BW P_0rr7[v (>w[~6Dּb5 Iu1BdRB TަBKΐ}\]xЬJ#+X#XWZ݅L~u??g}/(=0m6APZB >GH U`p qma9sآvBlLXV$4~ TK>r  G<'=#dڪ# <^KjdHUq[)D.ύV؆j&)' UAzX0m~IG2WrT<& L~Bݒ|Jض|h ěKH {ʹ],OrBkHCS<8s W]v)ÒޞU*)t$%:dE,1 fF'yW+F>AuAz'tNWϜ{~[@%%y~Vtj![u/Dvd: )>*SH@Qk<}?~@ƺm0Qz)S_ihա['M'_)0@HgИPpDhDUE˴C ɢ7Op'C \Zx*9=pkIDK:?ygYtX25z ~:-a;L35ӟ:wXuZo4v@8]B"vώB|gm|Zm) Z6,x.,:|)͢j@͚b$Vko' ^(~LT@:>fˎgf!?V~ [[yg6ٰuě򹨨CPi)%IupqbS2tW4Z ךrŐpGfΔY!ϦW\}^NSTG3!'4#"3'bEZkZH97q5 OJeT$e>y k2JOQ63pLU)I g܌1zMw@5ZW.-¥R񎸐ElMWm6<ݒ6^u=:~ U H{Tއiܾa?}`F ^@ŬkM^s}>Ba{P{0ࡖ@ sj}U0W-d=BH OӘtP'ZѢ ~sYkm̓d쁿~".Wӊl *cXYL+#P+x$ЫGëĉS)@{j.`5o@|ǟj9TΘaSx,P`ǖ'|!Qjv!? T?'czy-KDzR[FdX=*iKy({d9QatN:3ж-[Emzӷo:`5( (P -5,i/fT pі Ǐx[ₑq3J2ҥVf1 ߉Inr$aI=AUȡCe: iy5NY[۹)X#̍_]'4)lWBs#-!&"}7d6 ڧX0AE5;ΆtKGG1i=6 wt ^pAL<0.-^ ~| "*GM6 z)7~f}ފڕTrٸ!S\YٛlxQؙݫ,cz0u-_* ̮ Fϩ.cFR6OuXE22 ˟~)7/$LYZxe6P sQYXRt58=%!)lr[BU_f4o\f'^ROI^hk||/'Y)׾3:{Hb*՜g S2vKr%U*낉ͩQ_YWrZDٚ0#\ Gd}Vt9g Jw =xkqJ8*kF(}d 3`W8qyJаd㗃9xLf-CƷ W0^Cva/\yBb,J6>FT X9X3q:~fJqb÷5b\yk*H6kn+$`K_;)6# ~ـ~kaƹ]uD:%Ӭ.5ځ߫fT,"LL]]3E_Nĸ3iρBj3=T4ARɱrt!t_Y+Y*ks\0^sSK}sM[@".Fus?ͼHYKF=)[M b9vm*7.Vib,m"P#DKT%ܰ5d/P-򭟿K5 61qЙPzJWpIztAH7uo``clXҮ6W}PhA͝VJW$ϠsX(>w Uz߉( GOpHrQx&tIbf;GNE1/P~v V*1VLAi^[|H<|I/*sN̙T۠)R01k}tW巕5{_W4I["3U{HHҦ12ggR5HPWy3IQ&]֊ҝIk8:YRKNbx/M^srɵ`銑O+ҵoQg_UT/wY=R/-L7STuYoʾN ɚK J{Mg|>h?e)LCڐJ3}_ $HK[pf ] `D4?SmdMw[Q# ]uyOvF;08`:f i%6Bl F{Y[ʈ><&V 3vAqgێC qqUYѯS2uZй#|Zh]$Hg%.^jwV#s4 Sow'x7Ҳcqv`ooyEt lSӏu xɃCGwLHYa*u¬Yd&H "ilb@`97hfyt"ys!XK⨁C /<*.T1$lm)f␲\-|ye_ŃuLЯq<&JHY:TtP>iֲ&Ŋ2J/p)f~Q(s"d}/=dc$fZhGZtbxO6*l(chѱ/rO?E))9#ْ.b9Oo"Z/!}B(#-$~ZhF*{mk^c L-n_?H.E.\؎y`*>Z,7 f~aaq;x%W)WR钩<1VC܉~mfa7_$[d.}vtWY4:.`73V hU~ 1^/ΊЮKaߐyJ؃kM. &G P+眳n:NI/|p$_=`.vWvt#Q2#٣lNuQ&\ce2p'NZZXչZ5u-œty胅eTUɾ9;Ց¤>@}JFbws[9zZۨbHNJsu]*D 9Xj'aA2X5C. L>!O16Gx 3u;T_'j7GeD\@քd!HwI V{r3nH&P34$ 9vŦ\BsWha_OHoKvuk! TX`1δF_CЕnZ/|?KB\2لv#S)=(֭~ϼ Ŝ+UUCvN2 ГlnlǍҌNJ*Pr < nY9tpdF&:LTD4m]z)Q0_^E@tE"j bUN{{CԒ N_f 2 +~XPLubWqtal*t_rR˶ۢZ$QdV ״Yb_ȏaW庴Igk.BOg`cI<[ASZ@SBv ^(V#[x?["1p{qT*Y9H(M Zk~\VHCgQ]P(-,HMpې D|iî"ڞc|èXAטH ucIczu׍9|L_=D5z:H[Bs(J/XoZrG"gK fNEjW,Hn%U`\@Y{/ lcZq]87>GkѮ\\}o!lɞj-LC$tN{agYY'.vFM>&]9+gf@d?aYZRU.Aڃ0i$ʽ鞊w GӴx E/Bٺ!touJ +< ^<G3017;[VcU TԎB $%B%(R_g#m x]Q;ޱ .^\>&Lŷ u$z7'*gV2`+^T'Z{PȀ/>7\om (C 63t oU68yJf%{|Ϝ6͹2S@|1=i>w>PΤ1\mvH^{ ;`鍹8<Q "׹.Rzgn +(Y|t7N%$UXfvfBB_uZl-咤DO% |6iJYY/vSSi(Tb6;lH XOoJ{Z5.c *褠EyV $ Qd6 N[e ׽6^y9ed]4e/\~xvsYC@EkԮ6s>t}v-ڡ+l|I7Xky1Qu'ѥG59RdRb @vCG;W)F.#(Qn&sĉ5Q*](zZN̦RՔ¥WQ)D ]t1>ZD YZ