sssd-krb5-common-2.7.3-2.el8 >  A c 0U] V.NߢJQ0ebran̏ʾx3zw>K,͞9ikVu-UTeSǼepy~H[fM>&FƇuעK:zK%۴k9WUf˜ypEDxXmb-٫(E$ ~-J_Wn;Xu^S^_ajy䪴|Wb`RVQX}VKb?5 dq"0K!ѡ[aglpdI!x#8}x2Ԉd@K Ώ gxQ y  c,e X[ ×4ٔ~"X tCdh*I;C?RtٕsM$)C tBl9zD^q cI6B$S(r _34bfe0f11273fb3914992bf445418ed7dbacc725af554e6f17a5e53dc9ec74db86b992dac6fffd47d69408736d078cdc1417045b c /U]j$׺.'oVRe1,`ב9 0J}@W9uh*nA!*C."sL&.GgeWI˫Ix#e% ҢH>˿QP\IV)q) c|\ZBI.9ӳpoUdWFSbQ~'Mŧ1JgHqd¢K&ꤦ;#F\|t~&Fg~ Ye6礽>vTpA4?$d  Z ';X^f $  8  L  t  >     $@ h ( 8(9:_&=ymGyx Hy Iy XyYy\y ]z ^zb{hd|e|f|l|t| u| v}w~ x y@% Csssd-krb5-common2.7.32.el8SSSD helpers needed for Kerberos and GSSAPI authenticationProvides helper processes that the LDAP and Kerberos back ends can use for Kerberos user or host authentication.b1ppc64le-01.mbox.centos.orgœCentOSCentOSGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxppc64legetent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd'' xKAAAA큤Abbbbbbbbbºbc3c2a92bd70ddc63cdc4b123d9d1536fa26a5b721363d9af15a4a9e89abebe326a59ba70b161b7fa85c4c876e43402de03b6c9c34b55c3c2109acc58ee6980c18ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903../../../../usr/libexec/sssd/ldap_child../../../../usr/libexec/sssd/krb5_childrootrootrootrootrootrootrootrootrootsssdrootrootrootrootrootsssdsssdrootrootsssdsssd-2.7.3-2.el8.src.rpmsssd-krb5-commonsssd-krb5-common(ppc-64)@@@@@@@@@@@@@@@@@@@    @/bin/shcyrus-sasl-gssapi(ppc-64)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.25)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcom_err.so.2()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libjansson.so.4()(64bit)libjansson.so.4(libjansson.so.4)(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libsss_debug.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)shadow-utilssssd-common3.0.4-14.6.0-14.0-15.2-12.7.3-2.el8sssd1.10.0-8.beta24.14.3bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh 2.7.3-2.el82.7.3-2.el8.build-id82381eed20d9341326e0cf8021db32c2def41dd3a06c57a53990f60db46870716bfe38fb547780b2krb5_childldap_childsssd-krb5-commonCOPYINGkrb5.include.d/usr/lib//usr/lib/.build-id//usr/lib/.build-id/82//usr/lib/.build-id/a0//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-krb5-common//var/lib/sss/pubconf/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mcpu=power8 -mtune=power8 -funwind-tables -fstack-clash-protectioncpioxz2ppc64le-redhat-linux-gnudirectorysetuid ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=a06c57a53990f60db46870716bfe38fb547780b2, strippedsetuid ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=82381eed20d9341326e0cf8021db32c2def41dd3, strippedASCII textR RRRRR RRRRRRRR R RRR RRRR RRRRRRRRRRR R RRRutf-8c44ae8d3a9ebe957ef5bfd41ee2fafe90a5cb8fc5e9254b59b86a3ff7c26efb8?7zXZ !#,] b2u jӫ`(y-oDL\J_H7;e]g:>Pf5, nҲ¼ħ}1C+ ;xN$hn9iՠ~}.su$Lqֱ|w牔\0e !\30PwaU?pKũ"xMsz:Mr8#X(#KKotG](5@H*-ŕmK3 <9kY;hX"w1~Ue.jߨ,AwB̌sE*?b6I@VaV&')=d.6m e<ӹ0lY"v8, ;i)- ;ǥ-'벱.䞽т>1ul_ulvJӽJ?_sudqY;D1K pwnf|f (_4-Q1F8i4VMVDKT:;\|:$u"ۭvJ\+*@)!!gaf/tzEs~3qEDPhY$B[-+.H[lύry3oE#Q1>XD4VPuNy-ѩbLJ&|ʮ[c`ޔTc m*Yx&f0@@HJi N18JEN膯Iv Fc-ȷ :~l{j$' Ou" %i#dS Sctā$vep,{US!#r0Ә@)-BwJ]{ kkh ԇY 4R}tI2P@83#&Aק]rLnղ X=f(=Ix;3[xra\X\?ruIͯv6~ Onhx B8\,.oRі W[b$wҰP߭#e=*:IvYdP\ʄ2(g4#7*Dq*@ B-[cxj&|6Km% ZiMHLk>DhLF. 2!XЉ׆k[͝+K%m­y22D5nmD{XORtOv=jFB-7uDFu$@frЧ#[c̽R5MpQ߬n<Ĉ 6<eG" t?2h k4A=Z5o3pNC|SpܡKA!:/Ł!bZuStx+ K/[ 8$$bő8~m|e?2dӷOjzsTSŋr1M~+}T,9 䠒smvHFfLdz9]_]whal& y;[>`|7 <(ީ* *~wJFr3T5UA$3{N{ \;=?t=̙~`ApO0NVT=#gQ^90IIG9:5l0,Qha_)X H[iӳig_΁ }ǧgS2$}"$Kh/-s[xCƜtzL(Xh~+ X1pv]FmT@ a#M$[G#QfϛT;ϱe-쏪Vr^&,L[/={5;)h Qb(FzYHݽ𸵈>(&9"]8w8+x# @q_? L#f${H=!/IzD{!oNդ8&wj@F0&aMlfB| h֧WlM;ԛw,,_wԟR3Po' #S<`v")`' [aYeid+=]Ypk` M~>b+F''BΌ3K͎-j.Ys$Je4igCO*` sZU?vŝV|"H)AC˶(RG 2`QOW_\5 сuѩ|\vigir+_IK wn Q~nSuj:сli grQ.Yֿ.zZGe;U!#=&pTgDw!H -Γʓ0"=J+oS8\fXt9;kwuܔ/sLhӪZ4ȲCehN9א0]_I+~9Ouo;T[.oA.?5)Hh`7kC3I?<^[ȉ~/~GAgq*QQz.v 9A7oHW9ڐs;/(QM!.`}EEɬk$ !1g.\  Zޡ#~62)1I2=TM,fҀ[.^tRȻ->Iwj߁2Xlf.D`Ubq˻6ZIԬ7D*v7^ F`՘dr# ??Z]Q(ꗟHU}.~Im b٭Y?рr2I;~\lRvvЩq6֙Gy㦴B/xKN.GFoC+!N~ij:%oV5\^wQLd8XXXI(=c ~.9|5}Ů>Eâo=<2_zޖP}TkLA9 .#e^'w )iHe/&k{chf)`O9|7cxfўDZ.ekC^%!~;X @AbUz!bcM5?sU#UdnK_uk$B^ARAeJw2P-4 fo {J;Ȑj+ecT+-A56ftx?od8~hx 2u/BUѤzVtʖ~ Ǖ",Xu$b0 >(8أ&2AV^,6;S ETLa8*͂7e62^$~mƭHAH.: l7Ġ]4)]%断B`Rql܍5&!\9P|6\1 G}LK2 g@iek 4%<%eYk.һܾRr{GR3X&rHZvqـ+{K<@P·*O6;82\T+/hF+7>DԚJh9kTC {E8Gaݺ4WGvU.u[Kw d,)oG?jr5P!:0)(%NHyHrDۑi ujMZ xa)5av?DKw^gbY|5Bd˜&Mշ:/VY5gm5 юCJ< a%+K ۳Yj.wpK'oPǎTmoS*~k/ՙh',t/n°.ON1dvM|6|ѕNkk;,v=D᥁Գ\5ȇ r±Is&@#X*BJ(J]SrkŌ]>g!B"\`JZ+(7++##܍5sXoiyv%? p ,ŶJ)ĶP8&frj}󻰄'>*Rd~I n 2:lz=@ פ .n>^E6E8 b }^ v_u&zQ D\mC;eDW;/*3#ع') 8; "0T5ބ\f =_Ik A<ĞF>:TҐ~(a8Bc3 3WcA;΁`NX/EmPIQO$UsW`M?W [l^ Ւ8VpDC<۳eZg[C4Lq8^j>m=p T%/ocQG{;W/S=TŽsbuߖp,sd%^dNUKP^2n]DUsUJ~TgDL{-DIo#Õվ< /\ v:AIĈD$ƇmL`V( &s?!ǁtG1?lwUGﮔm-f%ôfޔޱA¿:mP:jb/Z`HRK)[TR@+C I̙]%c~/Y2-*9&pħM,b(sh#o|O'uPb[tBQXY>TSU2#IZܻ%g.B;֛HRA,ry\ohPkJQEZs\{^&{jߏ&r =ï^Dמ}g(.KQéC( L 1s ܯzީjs6 S6𺒟>>s`'8dW`9v0؜p @T'%>sս) RXR,]b)"0JIɯ>z?ߌi"0W2 L%|ܒ eV*AJ0f>\Hv'P:م[OtU|] b6p˱vg RL +?r?- pnaWKa(l _5ZM)PxWLА1 kBѤǠ/圧DČ\2KUxIʄbB䜨 }k-$'~_E۫Vh*C.%'k`kpePhŰ\oQ4t'53029Fgid5+GwE_׼r* e@YMH]/aky<~G|)gGub*l`Ϭ/b$qpf6s+De7Y},'䣅Z&ptb?̎'=6 Pm [K")z'$oAf#Rq{vKX^uC6h@THjXl+fϹQw]Bt9qVp!sSґbac}^rBˡT򣨨"%qYidhp-fZ/4kIm>*8X4\UZXxTRtFo3Xv8T%貱ն=1@>*=Xգ߁I/Cm8 L"BDPNZ0}rxV͛OfM!:c9nWݢ Ws;וPp^_qQ`~%'$z]8qHpɀ> Ͽ.9mVҸDy{5?D2LÛ6O إ RE)a? mj@N{F.P=ZK3dgi@ZgƊZS'|s뤌p{Asj3k77:SY@Cez1ɼW1F3#^?V >bn<_ )"jH/G~ f8TcF_7)sd]wKE& cxVqSsώ9xEIamsW57."Mm3gϝzYmviϸ㿪AJl n5ȶNǼ' ~:wbļz*+LZU#y: ،ub1X.WbF8+xr:7+^ud#[)Y+BxxETk~ O ~FfBA"tSG/~oc8Z". `!NaEt6R97p %MF.l)8O+䵣BaqvlbObpEzrp*\>B A֫ c:; Vr~U2 ca1ei (+L8%GӢ!-ʟ3OuuxƙP%Q1bźB=cWCtHzC0`3A晆rg{iőG[Y+kͤʖ&td1 E~xPv Dz!h,*W*hoi};`ϝ֟O76]o[钀Sdcq6 a 'Kj /*&>1#ɒ^d䣈6@Yn!RPRZ^̱sbwnШ*r!Zy86GkE/#ɘ4+D:/B1 uk;@9hK-R q\A_<:1ӣ=&BUOSГ;UqƩ}Lm 5/;q}0AWGp7^;^" uSo ?,/aNrIi?L)GUN_yYKy":a ܋)`-Xm;H Pb-^7&7DRq?ذ+|h裖BeW,kW O_ k,ųZ,ODUH$HodCJF,Ee~}w= 0öwru,lԞ&ك5o&Q<4iO1iѵFyX}uz?cl iU֍dQ9H2isV7KrR֘UL@8zJx,clJh/!`mXf6(Zӄ jY سLRrJmS!Պ)R>؎уĄK}i"Jpx?hQ`(M[=` 7=OuާY6 }_]H0뙎aӗ/GF`-M.l4T%3)=A+)N6N\qhFrXL9Zn =(-KsQEn$m_9N<*! q(!z R6; Z~89Tp@ƚ"}<9ͼxUlj:aF:N`ss5 +I&i/~9'rۇ,6;zYu K+8|kO{m2mߣNj2myUx="}boFW܈zu:c G=ws g~dr^PKɦ)mYQ"^ H|$W/;WsvE;F1}8=^ mVcơ$ad,\XSg(Hd7!Ci1Dz:ďT_y5T @}x1 eStyC06ޔ} FpU0iSn>Ҍ!P!e)SN=O插K"ͣx2@e?7ȥؽt!Ǻ7Kʲl檰jtP~cW}.s|8 ̲;̘js7ђ.tԹsx䬘~ޝH,MOÃő>qض+iijUg<'HV~~#x5@_ 87Z2ȨY]=f ӝTC jY&S =Z7|i8|ro)N]K=.`&NADuxRl]#aJLu q)a yUDcD#52d(L֯b3 ȗf2Ymk bzO]Xĺ۝+F ChjkٛY.1y]%o7UIEI1'Xi4TuoL) Bٌq0DCd2Z>P$dqIIB~Zj4V)MK ٪jveXaL;'vmeFf8&Px_1O-I16B6H V;o$d_e8w(mJH&aLh}ayL`:0efyJЁ)bt*8G7~x [#Smަ=^s#ãe՘w C܁[t'/'>8QT+]( Kp(VdZl>tV~}\#qgFa 'A\= :^]YF5سa 2gTigyM0+ UPnvk.&\zzHzNd2~Z!hī1 8&X!; S*? ?.< {G)<Ļt58g<6J<%*]DV %^ރ3AA !AnpXN (S|s3*^QT`j2c+⫵?\>I~j0*B8TS$!fP 4P3c0FE<(EЄ6P7ȡv3|Ȱ!W8(j?rγQьl~R auҝY|J$ćPp@eW3Iqt:/dSrՈ0Hzi*YDBq6FK^ (HkГ]^鵼tQtvq tn|EKZTʇuڜ>ϓ|֏{4 (ꉊ'/_z}~xFz8A!.hDFN^dлM`^NX ^X#,;ԝO9~q p8 $ VдIٌ[@>޼Yn)P6oF@!.]G.J@4WŋU!\1V0q}3>z#7Ɨ_uX7..תGZBؕ a.V-ZlX`$Ev {.Di[̶ vZRSQS}D 29ޔW-!d@~=HK^Og89h~[qZU`Y_%TN%(Qη 29~wWH[EqZ@'gSg؜ߵeWï^UF7,5-! Ś='a3̙<ځf3YS $ ƣ'%ݵ ~{2Rx'7r{ 3ts䆆c]_tz O8p5 %x!ϵY<]tۓ REcM]{c@xOq E~߂4(*iyJ앶ΦnͰޡfy ~.7c1F&U^߈5҅C(HG,n'6Jc1J#HpH\ .7^!Tʒ VO:L)d8n"l]:+Tגs r ,p3x@Jkoό$ȴYF`*DM62N RGUi+okHpL|hÂHo9D;+!_Q.&Y֩YH/B$lDD6E&?F7O1"|H{p4MAF# sBfwQ&"ib U9ooۥ63omms`n'XwÕ0RtLz6A{w xi u7MR,. Sg> 4ydHUy0E^gBv *PV1Nu9'>g2qI\9BI$[!LtO ld6iznvqCP5l15񴬮zc"Xe#ޟ(AjM}Kw d˱*q#ɍ/FӄZL*|zz]crG 5Z}:MG1TGD|%r~Aw[HoYLE1Un2~7ܰ{p*PCs4ΈQb_u ه7%$ˑMa:]Ktd}Quu)xj!V*6H1i="Ԑ#Pme"w}:кiyXGWJ[K 5q-[zsAwΙ9+Xv}h;SHw#xC5#9!#(3|G oY2gCK(~4G-ҭRkC,9\Pm Y5yFM<4Q;6+h睫tD*K"]/rh[p4f;!I S-i$oQZ&xOB#uA]͕L!ô҃|nU<65p:BKci<˯eQSgcQ^`J-PMb3X K ;}c'r\nDЇo9tˮYâ R9g!Spo|*otEc<=xO1 x1HIr{S5C{=pxj@CsrɂV:AZW(  3R܆2HVnʂ/7u [yA؜8=B(2[IB +0p(W_۟!zXфybOV^=È6^; 7&ttH&[:+Vq楝'Y ͢ `yrPY7- D3~/}bX%#-2};2Kޞt1*{1(`z_ЙdI8 .U13nֻߣQhH+=~65db`tV>T h"SKxݞ ê⏲CV|$]<gƳ{!6ZQPVxq=ss&۩ّ#}]aA{GB\X)((N1Wγ$q0,ZTaq]YK{D]ÒR\`-¾$\%hL){;"֤ݹ:<0RQK W+C;Kz1ڄ9It5A`kyִjI-sp._m0\JC3>(\dc]Ë" o m06NtATprѕ K")y:rSLY E35 &I捗@h۽81+ߡNVӦ>q 7 Zf/K^]h~Loa[τu#I![xqXhW,K/=~f쪓(E>DLU[L1B P@wT,2%)^30Xβ&&JX'zS[ @G8+$ol~%[AG2d)`X!ض˅#*;p\̠Lp"FH!p)^!z$-?I89eX2{TM ga[0#F3a'b[Wes(hb&CqLvvA9\P JKbɖPz23:q充Ub4h(A3Ft('K98uiLs7?<%O6".d7r@O8&C!,߳BNd/j53G`K{ҖEj > \.N)Yfh Vx?~ʪw޺CBq@~([Գ^TUmmNG!VSOW&ޢcKsI;8T $B;N?=&kZAxnb>đb^2eଽ,$'4[U$Ӵ2\۹F6|{ol'{*,qν`T1wU 8tEIX}P7K mG$7ПʶnOx ZC+A3=$YR.>D168!o:IBᷥ$o.WJuc{5E1Á.#k_z3 :{<H-`[ZvNY@ llEK@yan" i sos oJP(j%~v!^޵{Y- wp 2֔@"7_#M5~Y[Dw񼿈9r$5a5pb wx>WgaxR/pFїAo-Ѩ8W?ܔB5C&(/.m.Zv'h!K^$}3yvs P4n7sRD:cGӹ #lF8YH$Qs #W=ˌ 6HA^d%~XjΉQv@1WMRDfĝK!jktlPwcNC8Cœ6,Fөp~˴hEp1lڠd5IQNI˨U^e#BˑqsDc=ak^B$Y/WͬK'9쏻)5OЬEife[O:+ÒT7 .0?xO#VLNVf ,W C4JʀC21H'_ݷzod,س ƨ0VEFe ֬ {z7Nf jny*}}v.Vr5W9$EpY\z үsnl2|3(5Mb@HnmFv5ɶ n3Kt-gI{=zF+>K?F<,HL&рÆffK?{FeP?f{{7bP71{;į=)Izo& lĪͲʹ4Cy4p' w<۽GV]*zHh*ig'P3%D, ha~EYGMqZ)Qb)&w2ڕ7[ֱK-)hbP}P5 6_8l7`lVȐl~KjF-&;/ZAr|֧>F"r GGiQa./\ܟGmԴM `zwqP`,LU-.o)==fU !P|2LaUg`Hd$e:㕃rCj&^.CLS~y^A9 d3@gzϙ.>+܏?nuʾ/YޭV|{&^IΞN7١m2%`SXd6B*TP$;j~7/ .|:`)pPpഁ g@qMúNMIgt0BX ֟Qwܧ>̣D3ڧ3LTD9۔1\_άH @w#QI_gFXB{y靪|c8ӄXqnex%ٍ.V zA~v@rݻ4Z`mk3VT%Y 1K`vDʘۉ{B n˕[`q]Ncۥc"@ln">B-wuU]mt;Áz 4+?FQYl:)ԁA.fE^]GSІ3Ts@w־g|/!.ۇp*)$LpB,Jj3K %beZfSk{vA=f1R߂)d1߸] I4۵2JgssHhR?-=|g?bXWUq1 C`C-B@ %|yP5OU{ʹE 8Tz0H$m~ggB׼tR=~rP3^e<ˆ2[;| J\ɰSވ Usذz*SuQAk\&4qE@M?v/8VV~Y%T2.u)\V(/&,<[u,J16#'k?"BF>^r[K`Q `( z6xD0-.@hԐ3zE L\x$hIe @fOuXrPl48gٱ1c m[-)7y[?S%`EwBC`;6?Gbv'QzJ KSW u_&>E$* gBM$}T۝wʎ14 hvY1,zlx=w_TR5[/MWp`5oޝcRuabPNwdruNRtiެ%y]F-sc-J/=]Lo5TZC+ޘ?\㗒P L{_9)W"h 4_ݕ.a|,5@N}nī3,/)^oN[!wj?uvZsh$pqN-dB IßjO AZG[)ߞrs+f]q(rC͍]a:&O(1 7z-9AKH5=f?t\ YTȎ3(=%!=[-HWyJ!M)v~ (6rd+V̿qWBwq*em17DE%cbYb 5L7:}u h}oTٴqQickoEF8 /ڤXfXd{J-s3xY\HpBf}RC?)`]!fJ!z˞2HQ)B؝zoOf%ۅC&/#J1 Vgw=h"J$-y}ؐ}䛲xTAhx`I6hs0ih^zdž f|ƢU^!N8$ս2> xFu?>5Rf2 ^P#?C$Q)NJJҀ[@c5WBϕqClfq^˿1CG )&(^ n'6> *!A$n=j\ZY{]w;݌T@cѤKB`Bey'*C8ꊪ&wvz^#AMe2\VN\ iDy$m=T6EzkA5M`Fܪw/\PYzj@8q1K"e2T̀#a /HI 7qWb"9wDZ_ibCAS'y#ԠV~) SKuHY\fr"h&Bb_ABP; B6F0U|,fwz`/0ɨ^11o?O",UȀ_#_'R/HF](?[3P ZCڤbڭhaWeDޚJS 5,yQ7 m#"ch!^Z{zܾmO+b~Jv jgX}w6N ^F=^ǗI9Dҭ2y#/Ƅ)g5W}vA} <(pkvi=$rZBL|F`u$Զ{Z+1b#X('oqVvk~; .3`:)W^"&z"j\ N&)nzml? 2#ܢK<" bxPu$W.ڿ(L w1 㥩"t^DuZ==8WS$*Nj鏚6[-!K4rm E! y+;t ,`Kj|h2P$z+ct%/81{KNZW(8X®6y{,l,Lj57Hy929W@O parDs!io (yG^zN.؉S9x1PS{ \#rw^u\ɣ$|׾x+L <'JRe׋\ E7Hes5-¡' f(U4:4)JRrOx)@|Kn}0|4,(0,0:v; 1QCnj(ӳ)qo}h`2*:w@Z3Aք. #q)MHٖ4BVk-bzmgÛ6Sƙ@w/y.H`:'H] 僵f,>[[d̉KeSl'44}YCq L5Kd34o#f)3]Z!uAz"sQd4e6jvM)/FCn(LӟZdpi V '$#Ǧϛu + 20S4g_fl;lHOVQV9z{uݥꤸ`qrjZbC$7jUYThuŗw2lf?BkN=+-E"b@å6Lݣq03&D%`C7"&SZ~z4w61;IyWr`ҳPej7w|nu\5kyYaK[(*ﯧ ;$'{.~~ٮT%q<(,7)_.Fk.+*֪߯65"Aa~6E1$~+}^%.&| 1MnG".JWxDy~ʩKAJA 3!k1{v  !LV?1GE*b Mv¿Zw" DXglT=Nم[wP!a$ACvF|Ok$p{cpou$1ҊaP~/ވQ\X) IvܶbxlrC V^Sy9mkwf-3złr+gK0.S\HQr]XkhVy x$f&2ۜT_̉E3`g=?d6[7.g1\ZSB\-BedveY[LU/!5A;څh~@cSYg6R%\Jzm ilk|YdC:蠛e\}=Jdg+ ~+Q(2݂|դ*f"R7-o@k_0(Fa](Qutn<@S# ƇFՄ^Xf{3p`2OM<Rs0cwMD*C厔jʐT2~O&S{D TE$$y;Ű2ْ"󕔽 {[4YHu;Uus|ne)Wm <+J[K;R3 :<@Qg(pں3`Kf73^ވyhC#L<8dk9 CZ8W+I&4r͍%W|E`\rtL wpKA*cs"f c>ng˵^yz0\Țu!GON|U8wHժ9ȅ?si"ׇҞ+C`4Yf7*Mlw(93۬$C"yTP"zHCN^rML)OO咽ZG|9f 0lg퐆̼omĭ) iX0w##Zt\:*mgHen3MKveB1?S2j/kC$;31|qU^b*+h⥪(C-BRBR8V탭0S@MERT, azGvSҋ%^g8ԌH& #S/i yQYWG#OhNy-'V^Ug-vAR's^4r*3*9oHg WA6egF]۲p9Wku "%ۍG ]j85)G}}B}.CR\,:} !FX`ܑ5#g,2wؐӄ`Y\*-'jQ$\nkcl37́ pɫEXR}eo[5r='kĀEw 'ELUrk<3󯥷AFQ8,eYY ;X!Za9|T4p?g0_&>ǣ_;Jtk_@ NlH8|(6g@mt6x?!S.KmV? {/C@0-V"&ēMş yM?cP&c,-Ss2?vAhxcOjC&~ܛԠODO,e,b7mZ_rzb^An`]EG%➤&M3H+rƌuѯ7bi řaҏ*tػ!Rk[ݹ   =;3Xl]WXaJ;C/c YGm9tFl )A1\4\HT*j'I ~e N^D%UPB@_v7zߡHMz;(v6uRn#dѪ vNͿ_Kf1ZSB$ozxMYmdC E)M7(b.0 h|I7AŒ36mJbjl҈:JTu *X !L#vI-5m:/j[aqlZĚ4z7ѕ$и̴zV=%N y@dVwqD/Vf6d T^^ 5'6ͮK\f|>QgҀ ]aN yIiӳE+ capHrI1o9IQ̧ 3$~[ࣩW}Hxg{uǪ~ZqK4. 4 }΄ިRY3Z{B\x!>\L[׀|DeM ~ QNy$<ʻ)Fs,eϬ ' |:+i"RXV$u.BF3%;*#ҳ8nߟ_/BޥCžu  ՞o>Ez~Ȧ5!'horZgch+Kx,2Bߺ$Q$vR+*N T"ĀQi)k^& :p.9~ G:3svx,' @񷚵_3ȎSQo'E=1fO(OҺd u{ % ܩAa8_ {4gB!$l&${9giR#拿7Yh)YetC1cgRW/0ܨ@Pd!G*1\ywoℂ#b/^'|Su8\#7-tc'E#)*—KytR?P#kq”j]یf AR=ݲ}AMƟ#`/;7 [0 l=J jN{5 n^? ;AM=wLKv"HMȑ?B9u͒%ہrdz麠3 k>sڔK:wo+W Y.]92/$^ŋօ8NGPv[&ب4xǩcM t?~5Lxwd%Usہ_L3_7ѝIaQ\5VĒ?Ufす]C!i:R|_F %V 'l_]s;q3ӧ箠Uzj8& >qJx~/DibY.+&Xgt4זKf3Jzրb9T lj[\V)k];_F+ ,Z*kϓ bs7G5(0<@ORNx=$˝6ݺwmՕx~bJcngd|=g7r],H5O>nL=P]I~pjm ibᅓDž5l %aRl%486:&ywl<1ju(ysgBq9F<%F.;:zBqם l{1}CH˟=(IC*g;tdI!nm [JramaaQtL"A&3xc_!'zrpDRB~vL]~mk ~. g/VٞO_>:y/ F 5cӰ3>Jgnx?=]Õ2^d mmgf/zLo|$8kVGH/, FA܍(˛l.-vS1Ӵ1.pqw33 Ǯ@pokv<]+ 쐩hW9_j?t< -U;oYJɨI;.2(b~{SLWIU|a#:@TKZXdNۤW*;s3NjZxV.&v~V&xƱ0_i_Nٹ WQSff' FnXUfBg=gbfӎ<Я(r?͟s_zDXρ}f ~{ \}1W >eBL$Yڴϣv!h&flM^U'.=*@bVVZy:扳]9:Lsh:)d-*TG[;Ws{duU9Z\5fߊ * BA LS8ƻ0~kckOQwŨf5J{yhS!>o:;8xobv`{?#%AP? 0"TTBr9턉2E DߞrtxMCRΟFb#X"\<T1ZS$H۸ɓs0y&tCl!)&%;W$h>(֝jsb>0Q=CL}CoBe*eE eQ>ί!ch 'dW#mGK;8>o% ~l6s_хB n{YLZyA`sY5+lro>>wQ?~B*)`&EJj A-\m- n0:_If$zg1~-SK-PdUMl4S3 -vVud"i .T-yNvG7+dL:F M.f0"uH܏&Fgǡ94M +D+Z;!dgR4"N;',!L2^pć)6 P%v*$Yc<ֆۓVݝk} ‚b\v7' H@P{>(bzE!;rov; #{T\YQo0Js ӝq+f9 gɾ U X,f>UuK UUhvwteR΅ 1%"dͬZ`>K˯P}$;0ឆS<b;;z4.HtHK3Wle\E4L0w}zOh*cT9\AE gvEkR2E􇾪quFWmp:?g& q~EcTX +{f*jf1G3W ZrsN5x&@soL1U-_}1겇w.IRm VOmd wPFJQW՜y(t{=nW@Ύ* CQߢ 74UlBSI>;:d7{,VKؼdN#P" 1-ONc448*JZL ؋vsk Ԛfz +&2i(*P\A[A&/{o40 c%Z%He L ->Zi欋 .1=!mHMG2${\@D ]|53 aXeX\G^6H%ҹ׫'vp5Ǥހzk9ZEЗSQ[AW0Ieb80JG?BȄTu%L\rؓǩ~psom.? '3qoDA#!Υg;p`ZII3<.EEݱ}c'2[wZijyJ=mpBd/7vՇa*}8?Qeue DogDgUg2յ< (G>;p)0׮|*0 㳽4Y9txS^И|E\* i0Ӻ[ PFkFTP:ܫ.[]C&mVSLt$ٛXbWj4g~58GFBJZ?5[W1;սlZhLaD$^ H%Q@yĢ*NmzeRmڭNNn ڰ;j|şĹlV`8gZ͗DՖEwYNZATJQ7m-?'mOCiLǓQnI-[c9xcBs֚r\6#K%ĺG|;MY(z!2Tb+c WjFvu01kˋGA^|ުxgJE"/qtvS9XߏV X@+u+9[GW̌ g^bȷ%.YȂ3뷜'oaOHS< W0B/<="TWGAzagAm39 S&L=c4jBIuwm 'i rqt%F_hx2\%hD!ffݷ黏 }i?Dit~Lk9ؾݔ\V`2@ CŒgF0TςKe-1 - Li4/]=j 7& AJLR=YvGFk);X.6<@#2+Jlh}ntt6MĜxz(-e .o! i4p Xa*0Rd'pWYG-|})֯%cɜN 1 ìqhNxZǮ5R8}3tt>"z8Lم"(=wq/!2q(/Z_HpL-!8 7?0<]i^;-)`/{߫|3=X<4^J|L}LBy#ޚ|0`W~4 'n>sn ImWX`ȓ( C %hv"hAI4I+ۇO]p#!U 6ZaDNi͵Ō[崂Abܓ+VO+ `m;52uME1YՈ6DA4{52m+4F_2PW Y4 ƋzաP~&@ĦacN+rr2ȷ2Wh!u.xЬcoUy"gOH^4?Y;}S^84 8'A_;V$J]:o=;r;>2ve{`fH܂R1r8@.3G3~ϟ (E8jH0Ü]AQXSĩ~ؙfU>{3뗵iY~եieµh vH%MF݇K 24cv3!'"ƚKfmn,_Q>gQ+v!PGtMnpA셏¡H}" ۶%A.tS2Tu Ժ2ĭw.=UTHm[~՟("ٰy65: y?ShFB}Ꭿ?l ^ 7]O^nr eav=(Z왯ᝋAl;;n+xg71"i~a; n qeAs+ <ݼz7 IyQ3vFzO5kܠ2\i[9?7EtV]?mMRS(Ya~O Lnۼ,Ѧev:I~; ,0\(m]#RvsC#Тr*Q/+F@ gƈ]0@VJ Z)@rH ][Abs~|=G*:DIU•2';}ȳKALPЉChǐ0i(ÇzcDfb"V !l}]:~JUAA 9]X<(Ee12O;l J3ZʔihBIm]ρr;GK[漷qqfID+nT eEaYĘ8 \Iɚ6(bXҹXu9u&u  _+0G=U4`_ԾOs^(U}^{ TT=fO,KmJ8WaNҿx+]\&" sNr{=_]eT@'ݔ3b6BՠXB$O־57¹ ~G ~W*%&S13# Ҡ|=VP>}JyXM^- dW۳:^}|ѨhQm֥ e" 3c>ܻ )׸MWU5a \_Uúp`_(h*a u Ru!r}Vsjzu"+> m8 C#Z0m;܌,.<%o`Q)6'u7ybY @`ySto-Qo9p*jB{ JmBħ=eQqftAwP'5ɵօQɐGWş#[3,wؖ$fi}Ӊ‘4YrMnFz'9?-KvɪD5hDU)V$mB-t3)$Cp! @P!]i3dLhWǏ1y$,rT*U8v0X+zsl9( |3BۚR=Kc]c^Ȉ6`Ȩ-B3+T,7ljADdݑKkEF(<=!M^X''-D;y)״v 9$|pX 1+燎(,YqXUljJ};t-S_훻o&џhqgO5ޘvgJhѕݝvFN祱n[yS=%W9l0+UoQԂ\:ρ& j+p?@WgTh:Ds]rf{>ʙ~5K sjПFy&m:I|J8-;C t69i8OL33\/hxlK8L@BXǂCx\v⛹3>(Mip`d MSkv ?{R&_|h„4 %z_[0yYC\?eZɞ3mal فpuj8jv IU{?,Fk*m:V+FFfIkIn,tuL@ow F Fs(HԽgL]ɍ=C."iBƯ|Dt Cq}hYp)ڲ8 m6h֧*10OEu=C?0sVju)B^>-@ J'щ(7S7bτ;vTyۤ \k_{Ri:XMf}F/_fFmA?Ja!&*dPP]ORY']D˚H8@y;O`4qpX${fAb]CwԽ/of /]]F:w 9oQS*SgS *̹Qɤ}Hx=}Pg#czlDNmE'q8]fK2utSgosk `IkMι|(,*9 Ê ĄosyƖ}j88y⊕MH/lYN*Ri\ӾH5mU^A*l Ԛul{+g]jM@.k9ldxʮF:_aPam_+vd.DA6,ܢhb) cx˛GGdp [q C+Ok@bmVyնR(gw [)dȏ4|@+Tobn}(aT[\U*Qoa R[]amfZ4{ŭSWj\# ,5h܌ms |+!@X $<ߧ,>7;bN}@&$\)+T@054`DTחk ̝ؾCgr;"beoEw(ѐpww#7 u20<8]p+a_gn4 ;}!e DhNl;ykS$Q{`uц[n|N硪g7S܂IU 75YNfX{!'fD?ٸayR!$+C; o[/яj9cn @6r_-oL?O}g\!C%ŀ4śGG$fkګ̂4Pf')^^z&`J pùʲS^nkOL22fwfaIsٝZya9)R.UfkطTCGԠkEhF $Q5o .T02p\_ [fk໣D$0&n@-E}pZ#VQu7Z-*w}x +(*u@ϏM 9*O3IZAݴQqL'0ZqjR;UR"J f2Ukbɜd.l6MABU Wl8xs"̫ȻA? KΉl`Swp9O:`ڽܡnwڊ? G?!X$}i5T%1ltzoU!ʉgрuGȣw)s[\:=Xe] R·zVh.&8JKjTۜB}! L&CSRlSpz7_㮕3Br31D2e=s0ЃGpiJ:KGuǘ9ͩω;[\4"P-F\@Bۧm>^B(- hR_űFNwrG%U dKFWxgS7,f)=I3#nrwHCВ9hٟn1oBuhtCEm VqBMhD&OLa=eًѹ aiHC/^"w}}kCz}w#9]F[φG>k%n,Af :7,\R)K`4"EK{|QVw5u6J'Zt |14=`V5D h5)qV͵ X.Xw%55Ae;{8fDh&rʪz~r8r2sPo'hM^×2|zp>~lBzǏ2l_" A8UQPz_~BiXO3K|t _.b؜Cveszo <{"7Jb,̊?\˧q/ v>u)B9 7ďw=~ٷWyy:Rr[h`/kYym5 ||йR#!J(.8t<}@;Bo='Zmu?aQ@o%/Rj\N*kcjc8مgl10 Ww~Gx)4sH!`cE-\]0i"ᒺ'(I?luݭى ƅjU[!fnuv&mx˽l.@ zWc·ă۬Nq ueobA* mVUcJy̙b1I0+A}bRF!;6~h̡فhA= UΉrnP. 31p\DQЂ)(VFg *!dBQQ݋cYXCM6&sڷe Ώ ^H\v&@/7!UάU*(Q!  ?JS:kTsDj`A&IKi%h%bTieG4(z?@3B+Ǟԙ)IYNiίXk7 {:mUGM[v@xLo3ӰQzn9-]r'G_/+fk\q%7hm 02G_gx!܅ʭs8 @`H>{㱬_Uϭ`O? ZYl2˗w%L6y~3e@+k>\9p5 "t^x tV֨(!;;kQ-"& ݤ%؏P90<ϯSr&$?j⳴9)6s#S ŷ&dTX/_ƁSY%i"Qצi3/-\ɋHh vyUu1o9W/w{W ȽR Xԝ3.zٍʺM 9̜-5k6Ol*c=HPTڛ-׮B6-(ڃ ?EL*$t9~rdB!eO!);(W>Cc8 C'& &GjetHbAl^ĕhTo`6(5aI 5]J/0f=D0!^Id폚p[ju!p_**F5w-]~-!2BKVzG~|]a:?A^ߌ`" Qvc-3gV6, Hs֍ĥABU<㩲!-S*aa >A)S/Ҍ*/o7Ȁ f3ejSKd9Cv*jnI)N"I! =q E妴ަI3?'5W45A2HShjE@vOƛ<.I eBFv7~粒f4Mt+jy{f}g$s%6/~Kn꒝:&TI Z-6ߠ0ǣ ërJL:ޏA~Ԍ<l[뽃8_.:,{³2TmTTyk=EBglg Dմ*GVqo*$*#m.Y%hz}wOyF; ϭN^T7J4}jA2foe)d^V0քNzw>w;1eŴ 4%Ԡx+mؔ;t^v5fbZ;~BsBpzU MBw]bID떵I0C*vcӪ=o_Gdn\wWC紅F{#->ba.[H8L V;^ۤjd]~5c lS>O+-a(f<$NbN '@deyawuJSzl6Am"OHeS0DkdM\ PTK4&7.S0@Ena.f(Pm?]tJ[?[>ٽ 2ځC4+&6Yx)Ӭ=vDIu׹Ҭ˟YKIO$JDܮj׺H߭h| Wی2P놹^}F8NECpVft-GI}FMB8,l7x;hTXHJo|3`& L=;opl>Q/"!Q<ߴT[ys0Zd&d Scaf] qL1".c \=% :yh} weN`Ҫugҝ$ Kt,$%k}j`͓߳̈iJGY,n(w%=UG`d n&e̲KeqbÒ6ό^Y)+JHna1Raˁ Ŝ1hj> qkLREU-X NGa X7J4Kl .J҃FS3}NEI,:!;NB+9!j<|b=d<)Ŷ9̊iydƌ;_,%Cc q[$>{6  F^̻=Gj 䛴 5޴n۬?-2XFuɧJ烧sGcwד =WM-7_֮L08 "I !>͈̕rۖxu%jKh%l"9U^chKr(?fxB&7n ]rhɺٮ\Zh@G.^FMO:QNJ;s/J8vzGĖ K=;VV2gFTN9T *}7xth-YEv c(Ef"b1%([\Ԧfc? 3>O hnpߌ׌eʇZ:̚UCXFzy˔l}M\[#<Ǥez5T@!&'nS͹kCB]9ɶ6fJY(qv3=ڲf1zYǗ}Q NpKbaL? b,VGŲӺIV:Qge:ƇwR;pUVPEiP*TzJ{mNij*&#X)s u鷥1 q'qױ@Y{HehB0y~Dm{[R0h{jAgXBVYҬj м.jơV<:-7>26W~yub.$C~=+88_+-촷=>8KPWB(ր"T~}[m=+% lF.@E?x|xD~ @RP=6/mAJh b|'vz&=JcvD6v f<l8VZ/QX.\ܣ}7F*yjS[2!\> װ&Nܬ< LO56[>5=W|qE!_"6;Kp[4K\k}fD)a PDsnD{LIk KE։>ϿRsw EUPp{* ZITh+ @((%oub:ze?Ob\Ը&xiAoؽ9~>57VrE@h,qxmNS3D>`ȼﴜlGBq#k%W 3G?,^ǚ3A8>pFW;pGI tRbPFu#$tAI` j6: AWG0S+Dm-mm["he xWKQn}Yw\ 1hM2?\=B^O/%ɬ %; ^5'!tD7֬f̢.UЄ"fU?UW^6$o+i#-+QӇ𧲉FAz^$:$`kY]dS 9-fNi00\"ٌ מY 7LPv?0#m{_ yW 0Vz;&W d}'Z5#mRT@ ! :|'9cð) qJ,g_vPUCԎ׿d"E{ 7'V>rVaJǁ*8)e-'/C웱.Ϊ NF:.Jrsnǿ$Rd>еU`Ͻt$#5_41 .CRV3!+dhj Hz lU2SaF6C~ޔcHkVPbd^LjXըS xrbf9!u$ojܟ6y|g[?ckV=>ipZ܈8([0=Tn#uA:bN.1*jC:VI.%T_GW ֳ,C3ܣ"jUzhl:eUF߽ ]vθ#W#CeV+ O(Yl#V}`T\`7uΕ9{Jt  -pO: ZU؂R.C>jbݯȸ`&beRƭ_ς$i3~0 FeҴ6"A`ɺ~ZTш;u>F~"A:(Hpg} ա1J0rrnb``Dg|({(*7a ^KvTSׇI"U^=='^3uSD@v6&!i: `w13^5,'@S oÐ",M-0 ^O\d~OIK;>œLx{Dyn cF23Yr@a;:>t*{͝ 7\Z.1XLPr(heܖ]yL2dLHrB*5:;Q '+ H@*'85VWN{㠲1(QTyeI\=[QyX;^^꿠+ᇎѸ0?X; x|2@aɃ1L1|̏T,F*'ƺCgQ}x^l`o;PQ xϿ=dym b6]PhL ntf?jьEnj'C_N{ȋY+f k Ik򀭱<"/s*ؙIdCg#qŎg ֨ ǃʻPրcb2CA0FGzB-gPK[bc,ARK0uv˪\3io Ъ'YLۤCF@. A7Gh&$oyoJj٧iU0qO^oIp¼LZk; ՚2CZx7VnWm q>~zp[`]̺y n(Wa 0<@@qɓ7j.y~[@`"ITl5l!\nVrY?!Qxx&rZ6 ezF%W: ZjGl,sA<]z,cD,8SOx=dދx@)ύu TOg`Ȑ7TmP>bL롻myT0kVR` QpX8 ]DZx}Ģ>6;>d=o倩PTw nunGrf}㦽ydGFi:rDc59(B2vuC62"5&p49O>Vd9ibxvSŋVXQ/=Gp,E :#)e'=g=h$NfJ2I#EkZ\݌S <=ΧTz<2/jeixRZuȁDeEnd85ƩǼoa&0{zHoo2??رKO(]aL]m=70kTq.߃NyG 3 ", ܗ7:+jNuja3űF`ձF^(j~j ʊľ19]N$y{Z{²zQ$qx#Ѥ?ϕ<8^WK 9 "hVXmc_/]y:ʏ-h{}_3m+{:xZ@~"Dφ6K )87O5c9BG1A,q\qx8"RS$qw'ޜL,MOGlġXwMH i4evTV!JX@_ܛAn1\sUNFP%^m>z<_.9#ˉ"] \䫣HϥHK7(W;CR|y& (Ub=7e{;Ⱥvl(\뗨Hm#3JazF:rFTP]H\,Uj5r%jT4pU4x n6(9 zLhn!2(@)y:#Tyu C З@%S#PWz)}>E=r%|_\TR G.}#B˨dY)* 0tk¶#I@ >HK`.rM*i.cl㍷7p)`wwq|]@ӹh0md`;}8Bv3Y;7E筻1R\qv2 &jj),++$|%3môOzCO6d raVv'?ݾbI{#2S!Irt|H7*?XNw^(.RߜjdFNЗD@*Ul\|YD7},gn"U?.̨)-C,t>\p ^STDc]:$p}OJ3]r;W{ -M{TEBb?oZf!I{e碝 =yL踼'Xa ZUx9o`n2%X-nMo?\ZԀ<9X`IUmƲa,<\}U!<h;uHUFp`!'Ixt[$n *#?CXE"ʸڔK;No.nomc`5#@h6b-+zҒɌSjw<Gӌw8jPm/QFj[2}N`,^䵉wHZT9t2h vD8*xs)#[$/eA\`B#UQlM|O=uB,f&6aDŬgǥ1gRXaR;(:VxAL 2肽fX37#%5VW=2ٴvvO*bEI:m>W1hCJ& G;v|w&G_ k1=q&IN3 [C JcGq!Jy d~Tіq('vfj_nl6!?GaeNa!d%_"tc,[M.%Q:ZļS4 UӼ6tw}hp *w0GD^}Ut9:14 #\R3~65n-+"3 : ɭE7G5m)ߢ$6EАWXMQPžE8dj>(4!pYD9n,Ն `i^2iA bгZP2݂v)q>Dܾʄ_CHqXK(3B)8>Ec?ZoS~yO;)d"O,FDسjcķ#b"K1ڎ +aDf1cѺ>/P':|FsDj@ 7ׅސ%r1={8 eϫ-C @N ʦ+Fʗnpǟ~n\٤W;6NxQLKn:wJ$Z( ʩfU]҂ "B?te Y /!oAةkJ$P\p A QlT]Lpf7d+Da2M3Y铢9dAd R}=1*Z^"q;sPZ؁SΫm 6u0\i|>XA ͕GZ?U{'N/~No^rW`>2ZѦUQ^Jz>o8"lGpMyP@e 2 H=k=GpGv^NV,Zb+l ^< HpX"k-n%:g#5_\ꈬpx]7q~>/dOXYiyWKemj%.f W w(9~h<1IDryRoKaԝJ$/Йm `IH<&OƘHMD nZ$; 2$пnP@>d)&aD>#P.OćH8 aC ~*~DX(9d#cJk.Y*&yps湰]~:&ka[ByHiv(VJ%-JBxӓ%wvQg?ui:X28"Wl3&VDvV5I UsFtNhěQU/<ͧ]HrfGmP6[g{X#[`̔hMOe.j;k.WʘD b8 OIϓ_`!+Inwbr4[R$f3`%,DeŔKeCܣ-!U2Y*e,vtVYNfBԉ24Rrk?wJ>5vU0TMe>Ɍ_JL~ l89AI֡ؔmwy(P9%>ݢ{Y~j( AQi42AhB"Ѿ#[׍6xQBsjI1$IX9 84J r3gA#,ɭSCuڿjql*7Qs!?`uT2KB\#qWV(_LfYc@}3V+_`u|@;5}3*̂jf7AHE"f5OsM%bD !C:u-r^CO|}.i=c~_<HoAk=.{PS}g-`'sR(_TZtIxU2P r9~YKǴVd0⢠&x:G8Xȷ-鄘*%Ϸq*JyIXRןJ,iKJ,s[qaۧ> pF8ě,QkIxS^E`,cpl$47m>Z2 џsXBTm<=(MFf!4I< UZ1 Zde0{ Reǻ6&G')+!Y7˻rS8WHB_!]Z*ctOyQ/fU%V>^ğ:a%R$땆zҀW+;Hr_8 BPQzJY4opxFꇫXN9@^ =njPU uv:Ifu'Y~" B F~RB_AHA$JN(o&F7FEeG:$CV/0[+"N*XZ$.IT.WzfRjOX]a"'ιÏ+: /Foa(YP7nx$#K6Z9`A#azc%@Ma/CBcKs*~Y0ΫsCu!vV)T>; aީE=]pe{:b+J+t4u *vx:/Qmk;iNgS`e{i۱jd⒊Ip=A1J=iKFr= rL(|"p<yϯyhB<+b?[>$ggiuՂ,1ŏ,|Mamv߇t)Z{ cQ<`O(3s j`^R P޹anz+CVIʠ+>dy8*jG%zу״]T{Ab5=)'倯U/\sk+pH.7PpA M9c.cqЕ˨9`^Mˠscy*3mLPk_Z=߈eڏ(xF{mK/@BT1xpIK=&Y{w,pF-sr}7$#5i|O!QT\{tsz98*?olu${nrw̯:nSv[> |Y57W%2~]=HFjH[w.ٚ٘& t )2Z +=|O28ހ^hjb2xoӦo~}*_ee˲rLw6l< Z`)snϵ,Zk(l8e9Sq.5jЖ FѾ[n%AN+t9XNjz+>+\w,+J%oI&B>HcZIJfWe;E_6$2K+w_ڽPKd.g| -ʦh+ /Y>nxE$yhrzͼZS%j Uښf(`Ufbl>KU*y(₱FL뜵temf`C"s ˛c_r {i. ?J+?\:_;.\Љ.6yi5SMT9RZ"N9O2ʋ6PKIӡm!WL4C7Sz'{ZhMn]d~7PJkmϨhg)br58b_lA"Vka.AgՆi) Mnjԧb(ppeCED%qBƫlmtAh_h8IG '#@^$1e'K EG8wɚ@XJ)"'>nu)6[̼ahE/`!ʷ/|UH'e[!qXe> wy:!SmO.3FxY3؉Wgߛ { H˕ L;F BɨMoN1M0C<5,!&S:DL Jʾ $ 3 jo/av+=rx%c+ "KS+#DmQP?y!ΖY8)8ƕr򋜐ަ 4ۿ|<,1QBo6@=.H0$I4s(wmT]~𯅞LgdF9!9!^ZafS˾%r ™4Y un0.R&d7TϒDO3W |xza(ASrFKOyShYCHKF./8?eg-%b~'3 2=UDҲis! f7ZObZ@i}e8UPu뗫3ɟ"an~d QѕqClƈo@NWw:vF,b =+Z'Y Ky"v(W3'9 #qA+f+K+: W}o,; +2 1|^ȥ%iqﺩ >Q&.6;Ce =grߩt6 JwDt_ ڈGu)'9I7,*v9ll:n唟dYd^FאAkPsG%NTKY~:;iDcY݇)i=sAZ U©eCRƙKJC|4c+gM7gŸ~dr1KFC|'|mp=,"M`5d(8OR̒-o8ٌb:LOxΛ Q4Ho`?gS| ZRZ1';S2{S_,j);6saDF!aTIaD)tD'r4CXnsP18[RUuwTW(&j{Z'ŕλe/5edDxdSfO9ڭ2t FOΔRQb`WKWQ$#j -h㇏uHTa@\/iF5:GSTq Vc;-p5Q~MZ/#UZ p+ P xM#d|MxKel*'tr%~<{aF,I4 /ŐHSU7B^Bfd7zk_+s:w~MvUI{McЈAn4mXW]&x^>PAOZbљʶ2UG3"wWַ܌ӑ &i%_ȃRfX[~W;qy5aU=Ktp/I{w0O؀ų",㡸& | ҡthGQKO. PՏ;ɷKEiK-S,0`H#[DBZ[=sbiW>A;mg3uxlEkg[fУ j W f[{vs0R I;rP YhQZR;봙f{Y,hu'tFJ-վ-uGC[8)r(_90׌|m7P҅^gv A._xç=R>_rn_cPLMeZön8G˼3X VBW{pP(II~% xkNwMt%39}ŽnD5\WmoJne<׊x 'R@(_Z;~9(Ap}\>Pğd#uXR&>ϲZKbDA>/hj+V JO4E Ǘ:;ɐTS3lZYM o;A-VI30yb)8|؞Љa,g9kBC;ifvj1/td*$DWn)N> !LfI^`*5ٰaQl(.?em^Ny.47[ydQ]+>A單aeW!PW.U>f"Wˊм~s7܎\#Lzg'ܿWUcL%'Fۓs>؝wV`S2{'66-|ǬfhJ5}.m% kޢt!GC]y/xA)~ee\2{ct^nIͧɾ [ d3[|k. _~s'HlGNX_@tgh.v H^'5)a }Hf_aLA~avxJ68Fƫ G̙Lr CO"iprMcۛxEZ@`\ c+=hRݓ5IM.NXԉyӳceBlJ 9 2#'6n QjaG~$zrDߢF/0Ss-f;DC щ^8g})l$R' O䏼z1U{zGrg²9s<jF閍5L_574`(N/IE5HO[z?:hx߲l$yPuoSffLJ@YrME&%(K-q᜵XFaqp/?c}8;HR(FLVw\\:<)yļ4pn"*;Ęb*gbS\̀j!;ll a*@pocX./2A:o *ncȪ1xb#v$yεNW-w_kkZ*H%DŠ֓Rk /v܅.KܱoMy@Lā,i#6VvvcQ{{|PpG9u@Nf@A#%S~O'CU.a͌ Iz13hfE2" = R#ً0B,Pװc|ULO߷yeِv°~2+顕-\C_zWm5Z4F!FEF\Hp!J ^0&*'V[GVBa J^LB>4DgrK_m!c 2|a)_z4_>)l@3MF6;)- #rߗUρLKH=^ûrq|Ukîx.o$o yֹdSe:ۛZL[aON$+$wC&L%/~chwЈ5F\V_]Sp?\($΁p;Fe*_3tZՔQ ZG|wNYb]ӭ$Y'p T淮ȎkoZ, hdzd L9 Rk)vعۃ 鈫XHRJTg-*Tn-j'\(LMzEȣľ?4}-х F+^3RG/[dF3BāiHwxz(>҆~-OXD6hS ꋗ["g?ۓ)ߙ& -W!+S!0>h Q͋YTN[">u 7S_:%GJ~P6w`߁EۀnYh_ >L=')tK`^M>@5җBasU>@Gh?Yrgy^C!l`)0%T3C[3nһLEzEd{eA26}dC7|n9zR]0e]Fi)zvr5p)P [q)9s4R-IPaW9zv)>+l8\JZNcpTa a}rQwQD3gȈ_rnlȆ/E̎2۾{sòvoX7\w+}ؼ&(7k F 8}lHM1M|-jwR$8qʉv˞v~^*%Y&xs%N{Dܗ&;P-@#MS&md=?9˃ WF7ɦCTF/]̨΋Up~[-ř >9#s&d]>Ï僬yT6)]pFsl[xQ5s`<>eYL ~i&jڢzB(A93j׏d+BfY"7ʨk[(($Jo/\nB"*iGG`T74e:ļjxAo ^m=نaیk_'+WL=v)H8>؀RS>6t㭎 h&\y0|xyZH;:~'Ԧ[H ,C݃^]%c*nR,nce!A&Hugx<%"ߴtL͕:TuBIS#!4FoBw>ޠ Emǭiae{=UyapC XXX济_<(?D ϑZEd 4"<#~3BvcB]AԐ&ĵ;hxBC8E g~zU2qr*cmfGK4:ʚ!9~ցL b:!.25ղY"߳*Y욾c |F; ||O~xNlv8.Ʈd~_ʓ( s4K@Y{D6ĭ[Qʡ UGR+EǴ9P= !q 8n3da8 .'&nv|1$ڌDg;s1Z5ZSo]J)!C¾r J:A?$\ÄTKOD e[jLesmZ>aD\+[-L I,3ad()lt[c4=HW˱Ti@IWud>TYjEԕOozWJ+Q7#Ե!P{\X_~MGƼ$ɦt8h5ݓ#0 vlոj ӊG[rԇP@>AÇWMKhf4+AC;31AдIPld{$oi%@DҜqN_7ݔǎ˩kZ?Z?'8j0 ^5f)6Dzz"'|K(̘T@@ ٠XbrOC@mȬ$^4sRgLBvIV-a$bfup)=s?Ď# o {}C?2JF HԴ"i(0㜉K;zy r֜}XuG*'QX &NrG#*miai֦I+g*]?D19Q1dsT65g\^ꮗ;rG Q^#LR*]QZh1<&2.qLʭ+ў5?He`^wZWe|ڄk,&1ϯs|COgDxi+PSn#$9pVȳpdhqw'fxa:dY?4<%su0g11_҈ >7QHɕ.3NVGk:Cx83BDgݾWt>jt5q[֖Ax9Z^۶vp'ꃏs:9.O_dI#Ljr.IS.AE )67' %Ɇ׭LzHfK/ܣ4#,9#\Wu^3@ҷ85Kf0`U74u\ L,]7#Qbj5(LN@~1z=XsT_! _'^~m,_@H =r V?rY:\T~>WTz(pA{o$Y}Hk3`C81=^-.=#}ɗ>uR K"}*q){RJD)[V1tۆjſ^aZgi2wQ'x,Vr9eĐbۘެ- >?E%j-]dx`?7$X0,: 8/$2g5W8JJŤ5C1VUQSC4a>  SGzH0v:^?2%c ;o"ߛVz]ұ<7Jfh:Ib" -L Tc~4A R0>ԙvB9vGփgOo'Tp쿓/ʛ=۶_ !_:olm3Wy *kH7٭`[s]W%+n1=RTSq,i磏Z<-msg4:*K&gy,旲, D6'[c\MR=ZݾϪs'o8"-)*Z6 aKuؚbP QÎ7C=\!@v4otsr)7er^,:7vNB54VsCmM3Qnz bz8sk,spDU͋|iKL6/G@]q-/Kí @KhWqL eIu)-D'j,hӐE\_`^ʟL5+&dNl֟&fb A.2.7@͏XF?+AOZL!4P먁h1K O"j Ҋ|{˲"cG뉝$Q|uߺ۳㿳ǎ w)nf|O(zTiIv cIaCI .V!mʟs=ݦ 2"!8!()D**K?SCZ2`ηL*d L+9ځaEW^].qCr (*x[ڋ@v1Hk§)CȒ ߂11Ys5I}u>sR bqy^; !UT>gP^S(]Bm0DH+!fL zEn: W ԺcP*/bsgډ G2dƣ>8 un]ޓjVtc2jXWE>h[V!tg8$h eÐ&Yޢ=s-BK&!XϱDy2z]LԑSJI"NETM 5K aoQhx1W|`npl3{>xYpaJQ{>HqUЭI 8}HK)8fً:ˬWSM?g%D@Zۖ6?:Fu-e~[ owͪ|.-z2xLGds>z2-пx 7 aR ڌT5pld|pDwT))qIFH } +%{-VR*B#lPMӸVʜt{BK'G{@)! !W:ܢ!ID ݇;ć5j ^,DӸ-8Ehy1r&폛$节UFZN\Eɦmq8ToCn)IDh-3V&P=lbSJiOgl!a׿ F7' ${րW<8ƨaBJz;_[(b!IK ˛{pgY?ЊmtVՁO9\"()^ʮz]'6p88_Zd̂:z+|zQ3wY*H_wDy >r?L;}^vΒϒz1eZKC#|O@w}2àu$&p#뽥& ^ y>=z1cY˸Y<%`-aBѮpa`oV(މ^RO4 */\gE ,4^̩3I en)Z /c$*_v!a' o=!J;Bu)-qhs]>zNalSaӹJeqh+V4^)VeV,-5lr!te⋱'j@yHR3٭3‚Mrq$k.Oȣ\ +=PEj"o aEZM/TX5i1V{1&-iρc.A0Ŭ,fbRh48Y KY>o%"d}h Ì5=#WeͯRD'Jߘl?ㆢGҤف~Qֿ ;m7Fl+ְ pKAlCLkDh(/o|"omvqJBHs6+K('S{f5iFW bL-% EF 3HC&ټm#foô>8 xGT6$j=uj& X~?J1gTo܊"z["kp^ x64ZE}7q[ÎjO?Tqp`ߤ.cW}׃!B@}x9Mj@G#$A^4¹h0q[wa]:h^v\$1v\ pSڄh?g.%8-bGbx+^K٨s$@'?ބxy䴤\4d2@ 47TO̲d3+P0> Joε6v9dt.|q@mm >XbJK]?VҠ 'uk+mŰRQ׋֔)❖f@W`!C0_> l,1zu nWP(s64U=. ~Y,tUE5zpI!t@Cv` K~`$<^8|g&G;!kt5\%@za.X.Q^9@5_A+1xD6HXIߡu}]IF9tI9Ohez g &?}9P\AX`J4EM^ibUe6+cyq/ҧ8̕r !X)ݼFi ,VptSBB'l~& C6Y >fԕ*u6i l 9f̜I MJOT--ZYyE4L}F[ 6]5hS1Jytõ@rm9TnFr;BxD'HTv)/)L^6KmB\/xkzF| Q,:{,m|{XRDy(vV9t $VPDe[kM4}wM 5^I,[C'D 7$DSd2\/ך%NŵZNuNLt¹h`֠ӏ<6G Ќ)2ؿ[5 nޫ"a?`!h<\w%{"qW5ZEF٥#UbJGflu9zZ.ˉjLZ-ޏDB$X*p`UnbWt ͖Sژ'ۥʖSryo3u$ PQ- ۳{yYUeJpǝm؄`X E/>>mVdz50"o68U{>mXۖ2ţ8tIeכg̰"Kg#|']A!a3(vq!/k`&{S5gCD3K>Ӱj] "d>{Y>qGITaZ<,1dlj_'g?ymWބT#.+CV]ݽ.*#4t$r3yj"\=,,&@58uf%7X&9ԉJΰ :q#V$)%yѣ)eEMyjG<}pzrg-,:/Ѕk49=ӟ@y=A)a|#ZbVBO͒] Ͼ/+|g?(D?.(9Mum0}C%&r>Wv} 6$42,Qnl4h+!bSì4K8յ&)ad4@ܲ$t "*o9#a4N£Bo-uuWle ]Zs3ࡆ]pz=yz6W`eƶ3{k-CS5sFs$܋{*L W׃c H :C4 h-?QZbuzĀk֜KT* WĻJ~l<6Nʌ޴Ppsr*(XHLhT$?^O9PNBѶ}ۦ=@]{=3Bq c!Jx֯&硈ձ&i vJBʫ^-ex}z]tyX ہ6lXWR?jȥ[.AW k.YdZ|@u;ń.9. cfPrw8biBYn4OՕC1 O骒8ُBd6S2]Zv-ZGlKFOAjÕ jwu3c \ͥpc9C?!ƎrvBi(1qY5n9]f&_dc knC@ VDBrfxXlWܙMuqG<[ɿ[ j@“Ә30b4V~a*#MQ+V. s15̂F%:ʩTBhq,lOi!Nb ^T.'NDthEUU>`<8qD5Vʃ>Zc5<jMylpPv⠰嫍ذP>ɛt4r閂kNti2,o5f=LO4l'&XVOxfwND.,G`IGNVC|7uf4c~p7ZvѦzvt8G*ڃtHXˠ.nfuO H+jJJGիg]@03:7C%Њ-O6+Q. Cpf~kMH-p,*:fĽ[_Kت$Hi0c|-7^%/7ͯFL2$:M"i} Ri珢ڠCA98/*eX]e}ՁR/ =c<6_=׺~!!]_8ڪxg6t0~>60'\׏v#"&9Ά|pVA}3j?AnxT4ZH:k#k`nֿlƀ[R :mkpV@ )kHa@lw:,… IIO+<:r,{npoh^yL˨4=OOWȄ1KBsj w\F—]$N_\ZZT*"q_$}> %UXGi,EvKA5Uqwse"\ Q$FR+Y \U|wOrCE3,iumb&*s5I̒zx~CTum_r_۹pL- gF=ñqtM6җ6.0l5=o._])nX2%{`Ыád/Ȱr ΢t ~aZ+`7 x iYa*} o5H Q%!742sGb'PG'ۀY;SXTB[:@.niҊy"42Xo@ sQjFYi-nwa˺ZakU뚴v<ќ->qA`5XqZPHm|ٜlׁtpMokR,nD+ʻ{*͠v[>0+V:yӝN&j J'zWϢ}iYj/0=c?F]X")5hSP-PVW%, l_>Z>$@6a+W0QωK%׻0_}LnK$}{[ ]SޓbهoILI,1jFwx䙭}- ϒBK0<o޴rnJCY,-Rf'JH)Nh~#16X0˯5Nh^O`>~[:6]0}~K.W̲}cڣQ.G8+2.R@kQ:*|'E~cpm2D1^6X͇{P^*lQaW%> PQ{b媳 ti+ONҚNR#j9$M~ Ix3=a$Y7I@$Tށqd+ Q ?K8dbëJefʊ{~ЃY^$9tOD*X7tdLӋ|o,nv$~yF%csmA"P~,=Av$]Q<V |t]䜍g$;~}@G?V-=`=:ܫ4nkK\(0ߏ$CԂZWV!FL_}!:yUnyRƛ5ceѯTӞkGkCao=E0)+WሡTY-9kY"{CO7o5{ȩVLׅ۸ pwfg-"S h&ʕw9t\p_QfPgW vc4 scj8+0tʔti1ռJH#M\nN=stFC/q!p*oY;QV(rhoyxV쏿JI_P.&,vg F0D87)HvÔ]jiyV\\ѫ n+ :UcSQ+MzKɢ OÇ4jb[~59Al'|H]aO,ʱn?c)I5ynIX~[Z G:LڣccrlޢJOݘ)+\[ni6茖T1^,;$FK}"m Ҳ3(I+Bk`b.]]1? `'=By,~>NF`uw"ѝa-CGq$$mm4C& 9Sh>Sj!}0' B0j9?HA$+-T >zTV fWIK7w)xrylUoJwиjtX}Aeȁ(,ۘS{EjMQy|ni6fx徇9 LuJ7\-#-d皛 D92)S/ 0tL틕!h6nV)\}و1;;ue[%][L" o.aV7e\9M??.ynyԓ ꪂ2 LV5O"vx^&Gnז9d$Wĝߵ!ȯ#]*ݨyBXR|ߣѤ0+jfe=JM{pi4}ֆR<s{r5̠Pq2 9e*O~*B.~RJ?^ ڰ xYQg٤IDUk-XilQY72(bHM/!}iYE tَ:C Q),@`dZ{߹vc^d|Ŷ([IuZ+=7 3k<D2yTF~B(RHh W ĎX07}6fa.*Y׉Vۋטc{n[)*_di6V@bƧp/D$Z9ZV2٭&'q?FflP$q"&~upJH5*+oߗbakYubgy9xqlr r !$zҍIp&9E_wCZiy-QIxJvίcH˩+E [썰i켆)M8^ҹ,4?ţEB&esb.2ζ4.wƷF]cr GѮ5gbB,cTa/땝Al0*o0$+󖲐-(f&(ZxH$t9-鹎Ɔ0랝+{0*Y_s1h".RRJiF}Q)RhT"}Q^LgDM'PhRMS1x^ͷhDw&q#6~R5S %zhw\ꄑA8 'UR,TZLpR4-ڎen2{OHD) yKZ-AM}{5lčrJkƁqj'"1NpnL8i`SeY5}QNMsH΃E(ihDTwz0%w:U`@~G! 4.@rĩ>>[ӚJ2z*ENnj3*U I5r!ױy'oBP;5{0AKx޽ۼ?H>IJVHwSt$= Ntn'w>>hhff7j\NQ|Zmd)F1O2JgdMrцmڗi!Eu.) G?O2Wþ/Tɺa[GyM_=`lp[:cyU 'ٖ@wgex (̚K5 Y*x}D4dVcAy:MLeṒLOdpZ읍 J0`xDD# [~ӳ7 IZ8s8;W\=M? g[ӒI S*O!}S"3Xhmӵ="!г 8?a5#f&SXE0Av^Ûrtė; iN`E b?Lt1CGRyl4O.$4+vR[@JEgҟ)JKjci* x Xmޏ,Î2xa; f97[=Op( EtD&%5ahzejeX \8 Abn%QV%T'S>]rv} U*4;?)vʖxA01 uި t_?tCl '!tqgk=ԠEVjkV퇇_u3hH( G9@aErCݱuыWeGӍA*;@4,jrhRyrw7>然'7\uͯS_g? #42V򧆸|R Xz:S *RtgڮQl>7uiWW~N෺$Y.ٰ*D-Wդ~F`OPs XC3.$7%wy7WY?P{Vp'{rU~oncݒİ1P(jѡ֊v9f XF|p"^dbp{S"xE1B(C">1"w ј!eGd˨Lo] hewȗ^j椁;OiDNHfwo#ǥ mKcKO/ k;ZY'`cU9t Ť٩qPJ)pNt'jD_9O*RfL~GZb"{bO5U0>if12t7fj]m(o_Tw9rފ]|gWL0%YH\|ES9v.Ieu髆 0Cw#A Jլշ+4}$.1e8ph!l0 oZrq_qU.R=U: @LŪ9:n͖b!r -e;)r ]*_Nē)dfmWA7y$싛G:j'D[2 )l>izotК1t CC")nǂ gJ6*X~52R 4Zaӷ`]ܗ^LO↣1:̀Xk?F';c[0 |)iPp|*RV3ZNleLT8`m۪d,:ӳySkp-C'rf*Z{n0zzqO yzKجZ= zh#Z՟ziN:@X-̫:,k}1)Nm{P4 < h2ׁ.sF2'/KԾ-E PweBUU&X.䤄0Nzr~ Dq]t zβg&roGl'΂8kj;ۀ2B nB)/KI63mlbhrTObAy_:_Gj̍ʅwrC|}Vx!9z1(YyQ@iuS@nA |FfJ_co_C"mD7< zpzۀYlb<Àv5>{#c7˱ `Pq ȿ^ Y}mp:cX|uź_6jaV Slɿ0k✻bz|.++FQGD&A&tqeqK;NBmC*NYB3B'?zS_CUuzIuiq>3$UO,+Ò Q9`$umeңrx\WY~]Pjrwe<;&w1,^ǬJP.XOԈ _$]D.[&-=K#8(%VL݇"D-S[qBۏ% >O0W#W^Dˏy E,zjv7Fzٰ76Qό\<c g#^7 s4[#]/ݳFLSZhyW/RyB兴KOx)qHl>T+FWc w Jsڥ,˯;"%!6 c<4P9ڄ+}#(;P~ДVЋEk^ب70Q2`¦z 9jyџ V5OM?^Q!6a @ѥ' 1oeumF܉D@dUlui ̈VXrc`,Fv$T'<)Rbq@Urh-: X_,t̀8[eVS-jQZWVKA[ ,m7BmZ˻%-e1aT6өZɥlڰ b4*;Ԝ&!aBkJ wz:-w}zYu_p&gB;>#g)jHFj ]YC1Y]bпJΣa*>C6*6Wx]Q騑v*v[xӕD@Ԙ/ -ꫪvN:)gthm.h(yYȌ1n @}ҌO|V[uI3D+^(S+O6. b}E~v?J:pt:۲;?_<:;+4W P]d`$[Q3Jzkٷ_,5ZGu:kK+IO?YjjUb^rtl_Ha0--u~o|R~*U${z74Q7妸ra3m' YC@R;Mi9IJ:зghj%3VƏ􊜺ד E"/wB~WGY. zu)"8ٶoQi"Fb,jXdpu܁_e>NJ5JkL DqG<1^%=+9Ï=F(Qľ]ukH?g[b𪈓cТ6 PrگV&&d r+ Z*3Z{ r}t :Ot`q*Bw3ͼO{B%u[!BlȈCPH }pp#p jPMIE/g6= 7^9m:I$%G_Yl ޡ6岟%T#g,gt}6M1#Qw o`IW{ $+vC<Œ^c %W.L6F(&ys5!'T=U9^{\FIH0!USEX9>9ZGN<֌Yr}5/[ ҏ-Öh]k n @wIѲ*sL5N񱡀-fU o?ƛpH]=șd4h"c  Y{+h]oq#5wJh[}؀1vB7(}3k(4 uK5 5n߇ e|O?Σ5FmZb,d?[\#5Uu3!wȻnm$Oao]`%xf&i#2&@Ҩy8x2\ _nAFV0=WѪ+Q{R 2R?Jֲy 8/vvN1%94,3QمɥA$>dmG~=G B jecLe{{5&%H 8a7AE<ӳU9Œ\m0iA#pr)1;7?=F Y:IoAH iPӰ7|Y F@4h7-.yۼǑOh#8M+V|׵Tz7>ԁId5to"Œʃϼ[9!tD]H) y mwM4։[rmeAΕ`n GwH[@1uG;"8d_|1՗t4.Ԟ "=H6)@*^`2k" $/O`&cŽQSQNp4E lDq l@1D5V%jtu [}hѭY)7Or#yTT1ہE[b̐]@Zݪ6!@;jzQ0^fGw}Up2>`Vl`CV1M5|j^;K;yp<G2^!cH&!Ԅl%$-߈mSB䈍m9^?gexB9?1Fl]θ7&b]!Rq48/?"քOY|O QY05E~ yI:`#xgix/F̖\!RU+3i4/_IgԟvsW{zp+ !&**\bd6lt B9~rò[%YҒsB!;( @" 7e˵#`- V!ڐw~!Y[65 2v=- d[ 欞n<[Uϲ=d E&ߞ{(yHZ&/ݴ7Yp3)m]2cL51XtvI*y'/=Q9;4}4mX_jV8#8[834gh8X !08Z̹yyγM5e%ݲ.-6r/][0d9*L%zږ#6$TFiBf4r ByD8 [Ǡ9GMMK;vF ;|/E5sW uY7YYj[M@)9ƌV^eM'O(̻ϚI[~Wo0*vnlk>ҟjZ<,fQ9GAlh ~nȽ@< ᒺ zFB4HmF{kbRgfI?b2EaHS3j]=k LP((4E\)&ׅh-Ҷߺ=ho`!鵊<'?/Zv&u{PPP-Kߝ{[Fq:8b]"uP%ޛ;r`k1f2&mh!w*t ?^&\M;`DƣFU?r@x"$F؂ne4ds.Xl[7#EUfkRkHZIӲ a@ w:,"Gnb^g|1'G.Hh! B ^tIUhf[F ! Wc֝ȘN$rV4鸼nHnxCK#8MOw;䍮Rm>aSt߿Lt)P9h5.\d j9Ei;nfhK0D %HcOHմ3/qGQbqrV/o7YwAPLuMvJYiM 'B}rEPO-0D# NA>@+J-+z#$k=W\/k[hk'&"aIqj mW*imzݫp9;m1ٛ>0\Z.P|nō VW'om!#(i$22=D:Ioю Nvtbz pZ^ x{Z+u|uu5'١nHn4<w7%Б.߭;~U2׬ q QXiL 1BjR #f;10,&C >2;)ȝm$1PX׳ې/Rhщp_fC@ ~,}Dr*\PʵeeT!Z]QyєPb6e%vYu'Gip*od3ץNԍl۝XSn4!)100LDmρlsa:вnT=V(1zTj zDt/.4 H#&\!tC*797-@!Z@eh>\ՇP8F6?aiJ''^vͥ27vGE~bnRsѓ ot5dX>ƙU{YkOwq'~rvJ9 N.'1lWz!&B nQ|9p=)`Шo~U4 6.<gD06 m_Jdk-PK.['::Md^ CװI嚣 &ÌНx{5ooccpc^]n|apfCr=fO6̴ ؞ ZpnsBi9p6ÈHf<-~/mj3AQ>*U*Y8a J Swӆ( 2Qa3D*J{cFǴd!0u{EEF"l FL`r92A山i%p5'X%6#_"ً* 'w?TqK MnDzM+ԪjEI搾rCv"aug#$tKZvxִڮ)Nl,9-h gVˬ#u#t6x ^KpG٣k]O啨y̌ӇM#rK[m3@6s'rSyGSy]cg`e= .VoKSĝ*߰KH8W߭gb=qp. @CW]~e$׺y]qCEdT.01/Y-r|v)ɩS ,6۸l#Ц[40RwJ@Sng^Adbh[yWb2)b~y}g<)^9so9XfE~ec G"l'W9UŐTq0|i3cQ#{2 PQz7fƂ,ZǖZUFbH8p* [wcՄ 4GZkh خ~~8v 4a0St2^6s- ry *q2AyhVZՑXWA *[hL`\ݪB`PM# jp32r䗇(Ƈ8ޠ"+HAUIc,B.4% DC \ A C  +0خnw(7 Y"LN (12,_s5ROC%l9o5է&b$[5*b=N<g\Cx Aj%*:F7)d{)|鳿-#iD6 ylM e&h픏l|C)/8v6>:{Z`Įv/F6xZՐ'= Pf3L`KW;!!)`{'ykPP"bƉE6u ¶ݽ_kYOT 4%hٚ'C/l뤧J C ڜ%EadhnBiPPQ!A~6 ūٍ㒺4;fhPr3VC]ʹ3YV"-$"Ɓ=$ KyN-UՅ®?~/w`ư:hƕ^27PC-,) /(lUH~_Lx-ATj䥙OTEp6;f-}ԩ׹Y`J{nr`E>Qj )Uniy1F7Ӄ;m5k12z.uˈ3C_/a pFbVol(Ҥ+6/6.d'qzݯKuF1<;N3h|ʏ9vv =ۢ6"`+K32'4tt2 L {2bn" [4Jʋ}[RURGzkYX٥%:Bq>UY1(jg..Fh&sP E~\Okj}w\׼C6`Rd$gGCGU%;IȖζsQ{db}`2`%.T#>ϐ7eFef8FIy[Vҗ4-IX6Q5i~fb{l߳JW;3UN:>>˩hV!bDF wZ}/Lݰ̄VEKiPoo0<JܔwMq;q G- $Gg0GX BKBszR!PXn&;: l ^ĺdm_K0{)1q+˿pV3nD| eȎgum#V`Uc=^:_$R+^`(;[X'T}SYc@)F2H hJh_R֞f2| mxm[Q0 N  ~~kW/5LG'țSQ\U^|t"р?˹ݞ,eXcS5.0y"v2\f25$@%ų $v_jsQGBrs{ - 1'܅r(3L:x#⛍0UK :1|@6!(< 6C:R>XQae<]9Py Rmv%a0g}yhZR`,hL> =}TrFtc1DbȒ[F= Z`aH[1{Td8-9B APg*п.(^7sFITzy⃚!rxB_,4m\vtGx3TrD &F W$Qdʷ&x"ȡT-q;(۝p$$ _|'zo>-0#A] 7%;\I( &.knXUy~k2ЀܓN:RUpw$0rBWdqX6 <vatw54?ĞhAZ锦BQ S~ axXBKLcn^ƣ% ?;鸔tekZԤ7Οj9rSr k׳ &F_dGˍ-.0yVߧXv u;tV,SJiXֿ cf` ʓ3NcKMHQso'o hHXځ x?JL#M6ˏsX ŵi-R:N]tY?{VȥG4VƉ\)UUGWGq0]VF#Xdo$] QyiI2~PqJձoa$t 33U6vI3SJx3]3Iy5V>d!l_h"w5xLCY/r̹+Rn- %w!252|eŌMԫV4*z@(]A}"? >QcO'qs4fA`?:NW%~1ĠKjR9 eG̱$.|Y!$rȎqox&0hP*ZP;I6U6鞱/|.GCƥۮoܞxN{vo{*ԚOgU !͘ɂ+ ۶8QpV3{~z4Cv Ӊ%\[O5d *@3##/E8"sD32ĤYtp"T/PUږ7o9nnjD3~[_Rb&k4m.&Q^IQ&pI rA5gAI+ؿs |ܕ e^B u5a oո+jU4(^? ,vtug{,KUJҊJ<# 'Zϰ&Xj,Ly߷M>Ji:j)nyXty0K3!\9.OzoҙBUIB?b02X9ҙ_d1JCH4*%e an ~ɥaHvH w׻G=I}yA'/k&D]LG"P *}eE^<Kmì˲^qB+Fb|5']DS1e?4'XR>ΰRjxY3$L5f)DYFq3}l O hF&cz|Ou%rh)ʆ 0* `jXRG)ٍ;wy'-zw"r4D~a'D,< }`^LАt05=g~j jgX3}@fY}s#a:'s,Ь83]||FX #D06aO''ÿ(`]o$1lstZJ_0 +($8}9\ /L C.X5f汓c_)Wq.+686;@!T ݙ_Hy`I;83 9X=d>1hh.(ҞKl}/ g!u4 /]YLT5 P}MFMKmyS|}9NlXɊlr'b윞-^膁xo1bK<叆ucl0N[wi!l4;kp'=d::$ K^ 53{ }\=T>|x $! NRݜyEڈr[0lA"Ebro @bTQ [צst`)J[vL%6HFE#HsYǁMv+dYG{:"1)*Li4>9RcCm :Wkň%.=Uқpט?k*wtvoRֻğM4w4?+[9~؟j/#]̢+KpK2@*3f~:skȧO8l㘥- l.8qmXE˃#-xX,СENw5k{ \PZ S?eEW`nCgRz_kFi*֚Ïuc+VR Uu!ߎ¼wRCY]^ 5>~},d=Tt6&rejĬk]/Hha>u1oOoBx_+)vft2Ԛbc^eg[q INl=A(?W:R5٣R]!d 5,UCx}FTc&^ Pͻ;>ر*FVVn&"q[4чk.A (tm/"?GxB_$Z];mz&rg_)3F.r9m-Uw/~]'<05aF1 B[Sjכb|LL"с'VԆBHC4o;n\CPsG<㙋(6m%1gNnig{ƅPz%A6O9-1:JAR6CU5 Lm&/:hEI0~SmÂtHn K=<& ^ǜXJ*ps@0l@jG q7M,16dZ)ZzDPkϡf4O>CnCƐ^9r_sy-ĈxiM '~U1d<sԼ0e<)G3}p9Ө.@c TwG&2R4PS{-7:ի14AgN_SPV"t[Σ.g؁C!ڿeU2XjݱD!XHP骂'dʇJX.woXAׯ⚃N-YC8 B6Tb>A_[ܿdJrmTg5!iA=;[ƹPRio)ψhVXD"^A2 O`Ot[X7s .C{ XRK=, =>>Z6VXhBzQߣV{,)\`@!L }b.>:UI6W3M([^(b[cMxj|9T>ҼPzsbW..D iP`slLz ,H@D Nb ѻ:ίnyzFwvUYCz(晴vĘ붗Ƽ5I/PJ rXsLJybYDBpspunL+=[fXNE8Eh(YՇ3-kմ:NAA<0~<0?s{,cC22=8"rRK7?72Un 0VS6l d"cPYMk;..aPS90 ({oR%!a&ۜ Zh.]PZ=oe^XCԓ#%yhK^a *4'"$%S S;~X "@W+ j ^Ko<&2pu ud?5[gou%Og +C!ƷpTl}4u*b^i WM,9? |;&rHN'VaǢfY2e*]- KPȩ*Nj뗈&EW/VѶ(x~&G@w4>~xyx/aΰw7Q+2/J??r!htG1TY`t2];m%i8&S QqDlF-v]+W yjJ5Bm q4~| ~br:ysn |ի_%p|8:sˆ@NPP0JψQ|O'MyMw;hB~y`4R#vF;%\rZ̼f&|%e4sL{fFwSѣ^\&FM ?ڜDMK mpU*9ҢQ&WbjVڧW3s5s\k1~ zm>yX mעygC( C8 [W|es>.zgmT˖`S{EI4mUWJ+8/o,yWE1WYU5h;Ic×sH5^QfuC>[:n>&V >VVT.p|nv=a!cBuŸ˰YjXAK& iqx# M$hNBNדpƜkk3+fv-m ygn=ySnr$5 Q 6L^gT (`7 |pwCS)4DɆB$ͰXL@$PJM \jo=W5zv4U>Y.38sԎ]@;39w̸'Y [J4: qcf.%c 'a;Z*Zl=p#[+a6-F}Ov\# e?:#;Q Chx 8=5[Wo2X>ȢvɔtX6m;f(h2k1?bCRA*{_/W_( 3Bf8b ۦ:H\N qTvQIא++Ӑ/,v\Vl掲}9^AoPUў^j y}\|c茨^"BS;7ʈM%Cqʳ10 ۺaL\J+e1% w8ɁBѮ8'͚njt=1nP+7#S <0fffgVe)7}OQ:vm>bd=H5m=T<|mٜJ$fLmžh^tK>Y$}~ Z4hN;4Sn|8#ҝdɈn;4 VC.+ 50^Xjet-CV6B,{}=E~RV;X|w^?U_g-삓 i).y Q?-4 Iltu17;z`* ^]lnЖd8{|R:R]ttC:wN1$S xA59/3Jo W3K0ԑL$xzr"/ tƀr+$A带T:ac}Mpj=gkvz%*t *.lmL_]mP$(T?VxDV~DPE8Ѧ/vu[ț},H1be’Ryzzj u=Dq0'mS u6WsTed@ȭN⨽;3pXK{u`dM M=Xj`F4+}r5&7N N M0rg/R8#Iʪng:AE0֟ %@ćmˡӥ Ԍd ܝ2RIZ W,u;GK o!I `3g)]B}Yi-{K`|+fuJHh}L6H)gǧ^CbZzJ}l*M>υ/\-TV` 2hs[E6HZJk齤 ͢Z\OzĭlAC8f'ܯ'd & ' ,2{l4vE4} wVCi*~u$xoW;2v7ԚWԾG@" X^ Px(w /tLR,'h rua)C;*s1PY7}ד/nwʷ{VSÁds a  6[,]eeAJImJ7ÿ>q%,% bpnX.b)wQ~f4sn fqE9+LNo_+5 i߅L- hsId@+uw$kf^g F 0c){jbyCɩ6"x< q83;BKH[J64D:*@v1WS3i[`!]sf퉬I兗Ŝwj0RV([D.)U''LGjpK1꼶t6Ѵdl.wWKfr%C;Akoe*W\ӈ!,*^٤>1W7[6ʄTk=ZA>GA&؝d휱R,du9[L#3/9yG^G4 & cɍ8 (} RnmCClO ޓ )i6~\u cx#LElZ>&/GT~HMg)+MW1)Q`=A<nUc\aCgѼxnL6wrxGFaR*  fNd_dޱ Hz;! (T>$x7Ǭ 嗭ϯG!LM%9&Zgxr[iL*(,%Yo;E`-$#_g6Ťoʩ}F-뎧2_ U|ݨ(}pkD- p%S]wz,$~i藸o^H|\h+$4of-Ӂ#U۰0^0YYY\N@Ѓ¦&7* .UW"l_{^.թamFaK!N@ǠtD)2_sd. {^Y0%MDFwe}Z;d ( nnW\ = Y:*"F{`E27i`)-dX?B 9uqrg>Q6d\1*8 ̙N a/>x"A/BB@88| /an1 z@X̠P{u#L;NL=,tv HS^dRw&_d4@lh%(Elp٪ plAIfQy`x.}RiR-UADYDQb&Z' g !n7.fC G؅y~c8s8$Vp+F*k Zrr&㔁Gu t:x@0*}!^C] 5++VM!-N9 /! $:ǡCO,e$C0K [S4E (iuⅆbCJlK$wrG-/_)XzEYt/q{k=nAy j6mw^Sv}om Ec٧5Wi[/6WܷhQ 8r9k`trС_:Șa؀ 840{.D'vqCze"[3W2 !}!#6|>]Ca)>Y"c+eY 'O쇝|>ґf|,?OD1wF\ BݲUZ>x؏=wf!%:^{4^_Bd Yѳ AHlySlG{S\$"o5(# 7^l;(3ՖogV@P]2eœBɏ:~*UhW<We[ʍ`M|{9?Nm|mx1 ٤vIk^%W?n~S;;{Ծ|IZ<ؼH\6-\mD$'rPQa&__k~=qL_WE3*/L~R`ɵ LSϛN\4X^3-P_Ć"ZU@ {V^-# 5Wue]+pb b}㋐ r~?E52?j?@~>^t9/?fe\}" Yh4rㆠr4LTvO26׏`@1oĦ,-$&8(載Y;cFuPc+"tq 2[ ;F!r 'j .KcGkjT a1'ӽб[8x:9TS|9ef7IuIbheYYq(?Wgz;~=ڸRiF#|K.főiq ~H+}:HH/ %C+ݲ˯ 3q2ULKNK!)/`tox4Efv1dR\? [.]qNÞ5Wa吨!+?{r˭g @jzf3F`]t2јY+HО|Q 쪶 YZ