sssd-ldap-2.7.2-1.el8 >  A b2U]3\Ht`FC Pksd3 F,="<?tR¶ȁlR8fD/!#{ nTEonHןú$\Znmn}A5e)..ENΣ{qqH<8\\lcQ ) Sܒ8)t55u,8 C3u80dvdn|i-S}S`v+W۶ޟk ]ܿAqo{= ͦ ~B 5Ɓo/,]?RHV<}&߃I;PAxde!ah>G6?X ɼoQeܱPCͶ FUQ.zp??d   6  <BL      X8T-|- - < @ E( T8 \9:bG{H{I|,X|LY|X\|t]|^} b~de f lt(uhvwLxy&dhnCsssd-ldap2.7.21.el8The LDAP back end of the SSSDProvides the LDAP back end that the SSSD can utilize to fetch identity data from and authenticate against an LDAP server.bǼppc64le-01.mbox.centos.orgfbCentOSCentOSGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxppc64le) KF\=T4Ar W@AAA큤bǼ~bǼ~bǼ~bǼ@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code) esesrurusvsvukuk2.7.2-1.el82.7.2-1.el8 .build-id8702d207026077c0a3ff435b981f8cba4501ac9flibsss_ldap.sosssd-ldapCOPYINGsssd-ldap-attributes.5.gzsssd-ldap.5.gzsssd-ldap-attributes.5.gzsssd-ldap.5.gzsssd-ldap-attributes.5.gzsssd-ldap.5.gzsssd-ldap-attributes.5.gzsssd-ldap.5.gzsssd-ldap-attributes.5.gzsssd-ldap.5.gz/usr/lib//usr/lib/.build-id//usr/lib/.build-id/87//usr/lib64/sssd//usr/share/licenses//usr/share/licenses/sssd-ldap//usr/share/man/es/man5//usr/share/man/man5//usr/share/man/ru/man5//usr/share/man/sv/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mcpu=power8 -mtune=power8 -funwind-tables -fstack-clash-protectioncpioxz2ppc64le-redhat-linux-gnudirectoryELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=8702d207026077c0a3ff435b981f8cba4501ac9f, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)&PR!R$RRR R RRRR R R RRRRRRRR"R%RRRRRRRRRR#R RRRRR)utf-86a3718aa9b614138128badea0644d11db14156f97fce8a52c3a0cfc64f2663ab?7zXZ !#,7j] b2u jӫ`(y-q8yեL7htnnthؿHrV"6U.LW7ޤJe2]>å⠔qXtOr<12Cbp[/v~TO^i6>,zɧ_0 L:5 -8^M?[ .M3L@2ȝ|G7lZ5 nH#,huZx¾ߎ>Jӈlo+ Iz>tzLbd e4G ktGtAZـ26sP}'JJ/ʯ2G~-)uI?fZ -zN&(Xl%?20ДW‚%2ft0|ȧ4v}4H2@+!sxg.nRxA}z<&Od>me;}˿H3mlyVw9?=Ff)] P"[u/.1K_bZިd'Z΀*{^{,Ev4{Khے9P'Yt>h7H B˼,q&R'=Ctt%UמDv)Ԁsw\5/ӤTLux2*tmdP<:67v{KPb2s ӳH/N@Ni3#R:;9 2l7XHV&mg{ _0nߊS !gfa.]Gi vatnaƝ4#8꘭…X ICs(QܟQ 1YIz~$natf?dP]P _PxJuh>2Ĝ02Me5/^teJGf}*^gakS FH9h[^&ݾM7Y5#H-dçwUe[9RXqKܯrA^mx)f2 .8Amm&"u$W2ܷ\Jy'*o ӱxVT`mA˟r筠ɧ~eoXC#.Q*hZs単sTk9.$͛` :h(a z+ ϫG|jL)t d-NaT3wrE_~5X˿jZt&UqWuy1q֢z.䠏'Yϝ_567X 9 Zʾ_%J{L^i`f N.y ;W hbʭKt`GGn.g쒫1.[H e$Za4WLSa8)#1L˰5CJ6sn~wD#*00q^ġ!mؔ—mcK.Lsαs<6ٚx)_L`'^-(AyChS۹Qi K׎,1y着>ཆ!stYw3ra5xM Sk_zKHA9+<㑨x{V =}2^Mʹ2n~9gیcDz֘"EΤ^nHZտeI,^iteJijs\3;Q]lUyf8cvCgȦ\)yuD]R?g(#Z\q`U؞HosՅ؍URvh ;WOjD=W;2A  .D3<`;81>uHy8Ik_xdwNEۦ:my`yx"l|' ۬cw u~.zLq~;ˮXA53jVRsoN~ NzquhU]L>4<`,_k=N\;/=͘ZKkأЇʧORP*c[WkTu}" Zx<Bl쾌ø ye܍JCWzwEirRɷ3!˸x@:1F^oX6U~9֍ M fHe40 1K\smX#J tm\@{ Z1&ۈ>aQfhk m@V~&JiJCR"F$nF^q=S,0U`_B_"cJcq_wqt&F. .C|?m|<8jvH^k^`-Y0Re"q$ a zmoT,kY/j@`v) ыPѡǠᆧAKxY ~TxјՃP#m` Q ˴`X^PhCmPE_I ` !KZոrCzV6B.^nGRlU \Iu"7Yt=Q/ݨ,k qa-OUyG|%ղɲlt MlbZǞ,P.B<ŪO`u/Mmp;L!2ք]-@8T'U҆p|g %eF4ՃΕN|u)\਒zD=f }^-ȄVe>r{5B02I3X2&Ȍu,\^H.6E89N uo @%}EYܠ%1;DSWH]plI#G{+7Cb`7ZJ<T=Zbθ'&GK v{|+!}h>Yu#_;FYEo'L7\9WCqoqcK8IO}$ HqlRl9ϔˇyJԅ_ԊŪ"+^+uiA@:;Ԯ #u2$u)?5OI(^WY՜0"d&%l o-~U%}bm/icxΖ#c` SK-;QAh "h#3JNȳZu=Zzۘ!7OzE@sc/_4fɇp63XehH@_IGQQDD?r67 _i)LMu%+8VNWփ&IܔMRpGiyW kLF-A`D4<}%,Anz ]Pʯu tJwFx٣_s5z֋C Rhx-ǬXBN"6RM-#t3by5|z[YmҁF.ADmAhbChizw0YTR[U84˰PBL.!^)^` D|_:@cIΒ]ot@B"p8pPSN?-:ƱrB=G*I< ]_`m쏇!e `uΩl$).{0oMqc*"ʜ@eAReBDžM[?P_Rasj z$c)a]LtVvG#dM,;wJDc^G,(w_/;5f'ǽ )BpG1i K΢ {0TqR K2}i掊@v1J4t@_.aZ!xpuf-ZgJ9u*ŠgVw zrI5!c\]K8۫r9'?6J290O,qdHYH1Zn"xq 4A#1/Rmn3'eϥKbDVTzP9ﭕ{ԙfH&в ]4Y0NȑpNIG6Y)ywDE7D  5W GZзiR,iF1v8pq%7,gkS_ " `oь2Z[z1=H˕d#A=>}Y)Bh?g2$m-[qK=06|&Sa=.ubܩjQhuSZj U}[-ݛ츁WCs6ѾrhE7|De$36BV "AZ62⾭n6%֤046á)yQD],U򫽲,OzbD!,'/^{0A[;{z:!ow`>GγE &Ku`=N&:!O %MASn@YD?d7ٶ?LE!UjT$827OϡD+,S@ O!ޕ[ͶN4ot ¬/ 2$ҋQU\w)WaǮgǺ6 *cƨr3d P@CCBnȶ)Jd_uxN.)5dR`GzZ%:ћM⾲|A>IA~̭hEO'C Xurװ";vrM^;ؔ-465GbB?þQE_D̍riz |JV"Kwb! Z!g" Q'xsܱ@meOFwNM|ey YukwJuoC '3M r\DO0S"F:M?`@Zq[Kw>3 ;C`Jޏ2_qco3P+/6gFҊHݚv1dSNT/ N֬:a`S4] ^Aevjё|AY[,ZCḂ4B_f'~  !hJґ}vKejJJSHᘮ!~/WGJCӪaĭ b!YC~%;Yd5WppF 2?b8~mes'v]lHPf DgH%PLd6B)?b#pAa6c+Mp@BlϷYn+u6jAY|9,C^"CH]ʙ틡%oK~ CVdG%"KW]N5"Q; ȈCI=L+1+sxza SWjS]`;<(%ִV$|4_~&=H63'CyAE`typ]#loRE tXiPvC* TP;@)?sM{g61г] AJ6e[  !=k`2&R^ݟ󴩏XX6Хڌw Y|~J|Ct6k$ TrLj,WGAS3j;m3ԳV H k*y=,_k(ZQSSw4ΠB#)x,/~l/x4>s; bZ}:!BYr(H->eq T܄dN&QT@Č]CdpKPz'ZIqwiJ|I<<.hFz=mL.}߳VpT ](ۮRkF[J%B K|g >W>$$G6O+W%VȀ=Ri#$Zs5GMc?w3r#|^ɩ'[pi^Гz8#p=hV{\HjR h #TLo Rw9 7#62:gӐm~*IShT,W[m ؍YBṗ*TXl>8?S 9=酮 LQI:ujqA/vzUib~W!M\d Ho\ns7osy^f2MC`Pw %.C^鿁?eȧ\QGb+*C,V{azi` qô:EfZ+a5aMPx/sͼ$B7ԱF. ?@v]DS/O۫6ky/ɰq4>t@nmwqM I=N+#"4H?.x7ag E`m(aHTڞFU?N7PNrWDʁWv6WhJ&CP!cN딎~7:%PXf_5_c2ٔZ!h0ȨnW&7i㏔I̵l w ڊw[s2k-rɸ{ |+LjffOีgγ3HR Nִ U;JORp>\о0GOI 9>`ޞZAZ;lcRXSsA K%ޡ5X|aWIRh4k:͢I1g3)T8Pe?wGw7pmKDgqkK9ql+X^6NYPl5VKXbŒdt6۾['$r/0C% ٤)z% +Gtv7䑗p#[2z..:߈zcFa&âZK)'Swi8Vy-SL>+_e2 >%QU!x iKڰCc5D>5Ivޥd`;Ba;a!D% 9IFGDpNbgnhFYk jl? n|6߮Y+ XAf49Mc2Dm' Lm)|5?~UQ>#y4)JB5l5$tF).Z\Ȅ+ezAVL,|~߆._@$ȀN @dz6DQqYB󷐯5Kzܒz6,Z/H=hNw{p[;ۯQA`̩vDIW}r=k V.r~-]%6 Gm<;/u%-v0`]im nʕJ\̇߂WtgӔ>]ad4#z*lx?907Z`ZT~I%8r>@(܂lF"lJxJ({2*Or'--.R_n2Oy4( N%-9C x&W:= *{/Oa,FUU 9VD=iLNfؖJ )<|F+5KS%_;YW*|9Ȣnn51㏣i`e VS3)K(H-d>&ՋNÿ,Pn}zD;B,1RbV,]TbW3Kko9PNCBhuw}Wl2ܔn,:qhBR斪GL .֚31؅A-2D4Q]CM+ ]':1VVii(U,&Dž÷*z~o;rd|+2]Oxͭ/~ɱ-A_Wp'GC)m\̴eHzn6$odR]<X,H٬7ŐFp CUHctΔ^TC= ER-yrL ),d_k20< .L㵡ӷW1 MiJk|q-JXU$cz1֩?Hb_ջJԏs'6C~r*iyOT\*]|xK$5901fg YN|dR1Wuk\PףRɳjwY@9DUƗG .jfcoʆa,lMZrUKsᥨ)y?ɼhzL%  &>ϯ8jߖ$hFX90PR[ ЃJ)VWh:ɐr# ͸VtjsRZX;SԳ{*j ;.C-8Q(@Hx̥rtbMp!mF1ahĄ BTX:B/! W}t%++\$sȡAB/oc \HAiiWM8a8kݷI2n38a_ u܇ݽq@а}034ee* .k ɣ $x ??t-!r .<3N.LYli!B7q~ߘy=veNq0Zem*\`v_EڷK?vZ;!in홧s'8\+3ot1S̿ueF|DN/:O܄@eDT!T[ݪ~C I!]1 d->tAj(lq̄Iv "\l|prF+1u dcNع]"B"$o&uy(l~{)ۋ߱<۫?sԩ]qqd4|W{GagmXϟp!6Z)j M# G\{e$} C6 +qd,Hy'{w4]M@2+1#$riLYk}iKZ…!;*`! b!߸I;r=6 At@w^my8*cI^uHPB9Mܒw@D>-Kr S+J3ĥ0P3cѫCq=~*k m-R+V9CC!sWu1?r 15ݙU1q;xU&Ic[z^z\$kp%F˦0NJ 4*'Cӱfo1y,>xSǣeQā\%O 9ODIg[偘3K~dq xM7(I1gGS_GD6a:Kah7}w?vZymPVH׎x"}/Y@LpJbp%'J@w[5+vgpN!'5& W7Rǃq'c|ڸCjxKrvY PRt,#IĚ7?"=Ց|4l:%XhK<IU*bUR]#Ycw!ڼf_[?ᶤ&JJl3@SkYB1#4צ ^8:my^<=_7Rҽ_N< 9.L.C ĞU^E/Rcj۷F=2/{QhzZgi*jigV g+ !x)Eǩ} =EdX ^&ćL}-he5Y% A#^u *L?Z¼]cyיs41#_5: L50՗DfvH̕SLf1궷RҴKIhP=`zBB^J:dLu39ʊ{_>?V[Lh7|n.?,2⌒څ iK'>ZΞ|yr>0nSTN.Fcq nZS,X>$of"DcW<rGzwQtHUkY8P҃>8cK;~ݒlϬ7dLL>4_\B>>ivy$ۖ;\cH(`W˂&yeBm9SQ=!@mcak.ZS3yW`9 DR𷤗@ e6B D 9S4T d5g0#)Js{PxLjb z Q6X@Xؠ8m]_*ԮjE⃀AZ71zL P٦zԹ\eP!˦K+|UCuh"+úa|8绅(v4Q,DV8/>O5FH 88VPfSnZ1Fgl~ f^1[B TsfO(J2 39}'E&ȓdut& te$?+ҷL4b}aFB|vٞs<"<[O ׺Dn6IOcۄ3GH4Fo`f4"fZswGv 5e^a\!3+mN2>((*D.)eiGÅ안F=}g\4j ̳͛F"ZM )[(Z)LqWw䡻g.{)O[>a `@ϼ|#[ȱvD3M` 6έ`K6,A*s{;#+9&RCT!Zd6/)$ʽpJX n._<|wϳ]- Eǫk vW U}TYlc췚酌 K~T\Ih$6-`,#(].J>Y`^nl?5DWBvFష?mr9XR])ͅYb!0q89faU; e7Iq&>hLr>tCo^͒ %SsHRd`]0r` 0똘ZTDK~Wf]r( L!ͼ[='CPPXE Ȼ/o WˌD[$Țle @g~ g/ha}<)?QH[Xb :J^f'0r+ʑ=Q^a0Z>F(N ltY> CpW2ݾbr&x]$o!70`|hr͂:F~{*<(+#>|~1ab_ΧJh%.(VwT* i3jmA-rvqLe>#]lpF`iv,\ek޾=Fk>bR+NZgc2g6!,ti !#jĒn0j) ǜK T`:.u>1v-XJq=c9\TL4>JMCx?3 i=[pe4]KY?ܡ-4 @ NTIHli`l]&>ճO?kxy qH#^HpVSvqs<~@w; u1 OGVR2v+QPD=\wp>{o$dSG,!Ӎ(SPONDЅ=]`]kVmk"_XU wz05Xk:yE؟cv.o8D,ÉꒌE s-M> WD<n!|゜+P~?B:) NCН'^ l{&xGZ {52q^{$7mzmW!weFs Ci! l!4G:+Ug(JU4n)LY&:zg[ =H9,lUɚ]O)gKkd8xQ^C2/+F @&,(]qꂰp!DQyP60q-c?:h۟CÿI'vLƯ!Y0Bw14֡)}ƛJ[Ly,&6 "M~|KU[vnYVavl[3ziirrkީnٜ:,Ju,A_ j~e.3+#uNϓ2lN‘B[C8M/7WZsl+m倫ti%)HK9r*@7t]E)n f[H)/ 񷛩FE1:G}R%ҁZs1a 2v/ʏT7Vyv2$$S\i"ML$,2Sa)@\Uiz]_ڮ0{?_V(3oAI "7K&0\ G ʓet:25-@}~!;y\Yvq"==D6.|ƒ2m >@ŔLM3/zG1,{lé!jkXɣׅrFDuDuZU2(qroJg(uouZ^ա*Rj3B2Ro*q˛~ظQu@qOC{0 vF0Um=O7/uO4&?WV:"=(Zq.06{|ݛcF FV ]MK͎Ԓyq8 ф_ %XᅲBqdeoM3iXm v`zr:n'tumk,bi7IUZE\ I_H! ⅗va~_ .B]b~vX$T7$%q3ejبv(*MV?aQ*]wCGe}"kF^\1_`Ɉi;n B] dXp>p#V3[5jQwļ'> |im7̘웤]<4{%.bm u^"3CnD8.1fe;BJ\GxOvL~Obra5~UoiG Z:\dCϷ$yϬzR4^)bQ UK8 !K{Gt4xJsJhPY#^ ^- ංB?^O_O]㣧/#@Z6eDO f: `HIX-?8Dy·=RiiQ;pEJ؉Cw&4˱7"o^ɹK |Q\CauqHmgJcTUJv=౻ӳZ| B@t9͸Бd*e$UzfͤR D00/z1 ȫ/e uH}۵A1QOtcLC?d`E͆%_Q't&e XA_Q fqK;`z_ >"Ʊ5{Ya[oL0+}gWje,޿JHA khc 6.Vq4#zZF`pLGܨ7xLjCmd܊0UgX_:~ڦz̔${.hBhKʨ_}bXIϖTwz* ,\(<1y T@^@'\۫' ^L^pK=sz=sk~B|z&>FJg =LQ~tBAⷶt- b~N aܪ}M ohZS Xv'sNK9BT^ygUv bD9,aۅ_]+Kg_wWaAjqnt-:6cu/f$/=Tglkmnj{lۧR7gS(̢% 3UL V:a-LǗSMw >n ¹)f]Q$fm>+ u[]0h3j[Ր4 Ë11Xr%@Z+ErqyZE\JBfv+kJ .ȳIЗ!On5c$SCA\5'>~S`"CY5rx 9Zq:>zm}Z_~*F 8'jk^hST# n<[ŅMnZrC.TQPŖ͹tC_-[JwF̎Elx!9A G ^Omp`{P;.{Ej-lLG&+Ylx;S;ٵrW Ӊך$CØX&^Jؓsz{;sU[pYjz"Q ?m+ͅmÎlu\؎j,h86Ҳǃ'Y%R+&e5i{z˫(4VR[gF`xD$c FXR2)YBu76-ȩ,$']H%A'e7u!KMSך98d)U'+bwbg@ee @QBX`JFҎA^\'"Xumk*塶3p &9I2V=(4gj#z ϳj̒Su-E6)đr.0Am]q+b䥄aB}WR5hh:ae43_9jʷM"%oJ>続{IDV()cKcL8q6qI}>0K&\bFPADK]ō#:7xWIi"W J rvj*|S`քĒF,JL8Q x$xA|/CdO#5DNmj'VjeH~6{~ew)= pTz&tCsZGv.unADmdB\X5LLXD^`=Un,~~W<j$?5O6I ks= =>TԺ \i¬hHwt?H:W5C+PxO[)퍤a{ 7mK܋j#=K||u;޷Ҫ_ޟ)F8md$V_C{9QXbƬxK*χ_ py0^ӞWBVhO%i= Por3Z(0!4Ja(nP.>xgNz$⠙vRb6I%PW#@S~oɽn/H=!7-s rh7+6jc^uSVWRb&^ v<҈ v]tkaeSxoy|Gtf6lڹ4c)r/Ev\a}ضPTt.qFgYL`*76yz߮d]~@77@kA]-'0p@:F9gO?nqDчbl%o9Ak~kNX<,лMQ"ќ >D=VA0)`BUQ`SAu_S'j55PPbFe'Nu"-{Dž7_2녖&L{B.PB`יѸ1 ЬYs d1-"Ft:ȴʽɫr"eǑzAia9eG>XM .GMȭd#<, ɢ17K ҅9eF̶Ϲyk8n`QZx7ۖsၢ9vBmOoFE+IlV-mYVwU+oz4RoL+CF ,9΀Fx-H(jTW^ ejzLyO6/a,c([CI[2Ѐ,D;s.C%&),R=&Wڅi^N(C{:sI"d =/rZgD47Cw_I UÄKPyjl!:ږ7ۛLh{_6?]**c.HoNaӊD-"b)Ûm*u&8ywr71I23ԦJa'%z됐R-4n-ӹϙ4zd" o ]W2,NȢ"Jl#;yMF c}?g4 ҪjPxA׹m -vxM~'o' bfҮGS+<d90!Y+h2 $ywM`#6H.FZ&Z& fY\ ;rh?Df&CB2ohNl"HX&L6ݗ;[blt {rpH =´2oN%=m:g7:k ) ^=mR(NlZlT?zdvy &gpD'2PjJ>h~g7b]mo1oZy^|@$I/(z3dw [Sr;u?!.ddBARN:c @5@%0M~^I3XR0?0`Anh)іf㚠nU4e~ ņ:6^zs[cm l ,UV7V}شrMAg)\"*sTc'/<`)S;Pk2͒AA ?kOD* `5 BH>KI5t/aIeD6t;;fqUÑ|: ĂELn>ʥxy4F/6J/x!J@utn'0Mzqd: 2.>2d8JVQ'레u)[Q끋.(~'BMz%()y><J9~Di_7bU&66k~'gpG$;  b&:5{74iXrEHPfU)AzeF`[C|h4?(򜜤eW_|*?mF1د cC/}ӌguIil^1 l_5\{RL 4zʶDpsHg6b/]Nmq* B\QǞ^h)i ݯS+2D~W;Рv|U vRjÀr{9^!ۼ/Hb ч{`DɵͷHa>@fSlz$Im4ʅ|{27 2Y~';twxS7zTk '31A#yF2CmEn_bs۴ r_ Nu!jdE*u/IVtAAiSzuG@MPl<>XZ9X{gPX;%[=kѕ[+p"/!Ul1'-CI/ދU1g2i6';0>"{"tؚRi_{ԩ$&&j6rșΣ.a*S!M(xl |h fdp Q<5"fޏ~QpwQm}翔0Kj#Ibw 8qkvGzV`QM|L\G=E|HYT []MS Oxs{jhi5'U_;Q22|Il)` :B[(, n'?Hxo=fѢ٨L:Z `ƔB'" 0h!`{O  N5}ןAgKl`lfLg9!F/Zv9`yP Rraso#xnX+2z"}L9>O1 ӚK@:15 0s֢ZNJ8}c?B-1LeVӒ7 W`[Wjv9V)Tv`ixy*w/h G8صZTX\`1RIoGPݤ`;愶dHk"M, W 73KD_TޫEXQ. Xґb%Y%VZvB 쌖lM$SÚZ\1^fERluT=ο)spUd'$!M9z42Z,6'v1õ D>-xo Uc^h!Sΐc@uKG'U'C*)&:!}OwifWZ B/@E?Ւ;">߱" rZ#M ђhI]qސk,CVdAڦqsHA2(歮dZXA'͟ ;\f'y;Dr!  Jbbƥ[n/TMWrj I;; 6,PoVNWVSDz%mdYsNU' gr aXf:?&#{Yo'|(,`3v\ j\z^m\drY(d$;jMTY-Fr1ԓX*oiv̲'tJqz?.R[Ť!3cA3y2|ynXu'9fS D,"Y$$Ԥ`X[ YM5dxJo-\̋crjnMUnPy/d8!S-|ydMp"bkm T<&FT(;" RDm8h"[qzWn",*3֦&,&fa!qx%T8Tin1DD,}#"[/eeAF!lStЮaZR&RyI[-Ѭf\yH\LL7țORuєҍߴ4~dQf,W׮}6_]6h@oo}Y;˞.'BKޓ)pZa5ONj24~)| Q^)~x`fdZS[9D3,V/mD6D{ٌ2a~s )c|}T]/EK evLX;*rބ,WF"W R%q/3QZ^ٸTٻ׶]IZ[uiwwfJa51't+qHi0Y _(9lr!8'ɃE@(6|jAGm%"YI:/%U/K6Es-cLӀOe4eJ ҡSanI nК0D<Rْ/dӉ :&`%PY`t5WDZˌQnr!?Ĵ ч<kP[˙vm4TI oC&][(e9aQ,sָG" G#=R8%ͮ(!70m&~+(`#?Z=&,aT8LWu@q ?|l2jjap˾W-|ut7 ')ϒDF r40dhT4ݧi(1ț.ъq2, |Չg1Z4rXCxOm[=RySC]j l@%`I¡V;J~!Gafw/^Yy(Ct=mc-0S_j*_uԃ+n}Y* s*:QO8#pzӲEqɺ_o,Q{A*Z7!n1hm[f?)1hˋv֭Ӗ uuF.hFA|g[&}aޡhA ~u=.NSW,J^k-*@݊>ryJS~W'ċ8` ?+idWouջR6sN#*MK~\Ղ`t{EJXfldSYR n⠝<[Վڏ:Qٺ+J "O.P*T9eU4S^ò_´K|n\R^CC}D)I"KfG` XIy PGJM;,>XDt|MwAzb"& _?P .?)R_Yۓ?rԀfX^66$]۩B.9ru/Wn k޿#)C$  9ꅢ*٨qʤ7IL ㋗TUpƜn_hW[s${<@YUݷOYMx QYeU!_ڂ賑'mHٺ$7j7_ L&++"[=A,A5İ ~sL)4gِWmrk:C[_>8"bSPA1SG8_:5F;0qS k \[@2*2B>\\Em!C~TQa,Qmç,3θpnܬ,aK VVBzqg誽T{$;ZvUCDQ]y'8Gn,KޟhmC9gZRe-K檗}b:@ׂR #8ˣ UK."}u>%cׄ={oYdٲT~-$GcK52bPb_`C7Wc$}[~s6ﻄ++c(l`uy{{(1wv$uF"WG$8~Z%6/BWT`:S]I3Cj MFۼ^]U9}dQP/I#ڮN8hI(pI\ā ?p+S9Mxu4\'H@d\AO XwZ J>|D[Ļ¿|i7%ƇHp(7̞T )Y  aw^m~5ŠjzIn!A]X(cXfF%N)ncaVš̼Go%MOT7G"}ʁX\X畦sLxPiaL]`* ءt &3b=f}qI՞"T)>|x Yę- PJ\qST%]?!C\hM-_)1ik/Vmhkn}&&GYEo=AK_7pnG6ЬH>2`g| 睏4w,C6~ђYL*<0#KM0Q\a~~UΝVqbVmxGq8?.(4OfvsdYsΞfR(cU`HOH&,o&]ڵUJ/?72J+FV鲥8|*\wgTo~1:X:sJ= a*'qt,\C`1/#?B<k6ߚkuf V*Ás *WYJ&]ԪCÇ~+mv+Ǿ >'qk/OXfmۙZtv\Lύ戇w`_:#Pn%R0AFQ)1!wpfxl^i,Uqz.\6\mxAa,&i"%0KW%,0ٖ=Ǚk4 xucF"it]v|LRL墧k/ZRsm@;߃-4z9;Z_K^Չ4R'W|!}USEEwwXid0']Q$Ԣlj#UM-x#Z뷐@ 0v  ǘ`AG >`-o,qUM#[ :'dC 툗Oqԯ=B){|VՆݤk5&Ka}!^HKڪM}iKoVC ->|d.AӇt>9ezku9VJymQ`n~dbt3u*JLU9n [ mNZϲst^W-?g0}L됤s_E(ݨ(#.T,EV3dd{20%A;9!a'~ų^ju4K(yL5>Pg^ca$}xCܚ6-{AN)JV7K)ȋ掊 S/ *cVZTd,Cj\m}ĵZ?Mf L۰Bc: ϡ1vY(BX^uv͟߅ǩ<,?:3j/ fƏBaܠg>ԧ1C/HM µeivфzk!g'w7KƗKNPt+&(&I 'MQ_:lRM&j[p}h3=+I[jL,d_MMDBT,_E ׅ4K6Y.B7zw:9x0E%{oκÓ=ص7W  x1*r\vȴ*@{"X  myHn Qw TYd´Z` Fe_zGtwEP8 ~0* qlo_*q&*ɬLdt@θ|3' M{*$TC\vd:veKrNϰz!;c/T퇯#(NI=4plCVbwM9ֱS2llFò](|[\*b=J n=0~Ԃ F&5rT5 t0o:iuM`v ˙Wҡ {W#2{l7q 1{C܅@u^zt/)a8mag6Z0Ml;>SΣ{\8#BW/(@?;w2S>MN$3F#=4v()hC灴+WL'+wLw!/-|%C}S'-|)1hY̹f Y%(SXzk9&v T9?D.Mȹo-(tl6ڰ!<ؔg6Jq$GeLT> 0i*/;Ƌw7F}Ů(̪Zc8H>`S̝$#q][DK;atR`j_{`]U[X86 $p?7 ]970ocjIζ T<{>ʝxշډ8sISYi;SO R)+>M%`Xw@y"۞`݋Uǻv؁Jx:wM')Їp8=ǹe7g:#u5H61:<WWIK(9}FoGu$Fv5|}qgҿ")> ǹ}'^btSAb$GjM$[=7 A2 p:WH\)nWp%09 *($( U܈Qu2 8:SS7)Mr{|:igr6Ba"WQ&@C?W];w8#Xe:"gf,U0*k"~S_[}U)s0b>`u|A9@D@KӋ޴ bu8}|ȰQp2QAnj]=[a(G?ל-gŖ;h,9hwű`-mmRCjx@Ϝ!R+ffCX6+_oH6E1Hմ'HeܾN~`d{VbBAniq84NYVz>4cj'〦o0!AZoÝ9P4K,׽'cq'A'=3#,a jR3FjO FD5&>8/!뗬¨ z1{NNX׸yX1& 㢘&k.:NWeK gV1e^6NoXv)bNX ۗ=8b G_&;,/ K-휫NN˜e*ap&&_O&c'lle aᓤ" 4 6>v}{5h)t[Yz;,!kҪRIF;}8d_9j),cZL,POo:^GX_u-FW͡Cp@֞M'][B4gGbR/FJRpWnއɶ/Izja&?V6}W!qDX]rg/|Zwc֑8W^'u{۩2t9Hh9tmpz\[UB# xTyNH3.\?,[z`?a`<#+T^:s2h6{|Zrhz{ mZf#&kܶ|w# 6\Ԧ XH+O:/+!,l4r뺳v\앾\æ•n~󍍀)ϗv4i\ q' &l€]3d4T@PcڕK[qU?x)K)Ynᰃ&7 * DnV<Ɖ͵q*n-G & $kaKAëL"E}Jvc)'K‰SODZ$9gAʷyƟHCힼ?M4T1{^s1* oqIݰ<$&flzc[ǚMWA- hjMjҸmٲ2s5U;  ttM"X=(PgՃcMp̞@l1$WIf|<9+pg =_i7>k#C.1۵Vʀ }%eٷN ݵ-NP?m%=I1{HLJXƊ jKBHҤAļPnÄ v݀h5H0L8apףj]߁YÝHSWJpϣ]M_|s;/7zIQʉ(U.>_kGd0|6/}yj;Lk"ٸ$` xd-%k _!\6Nß*;D*:eyCk}?d>RNBdvdCbK@'OVYl&Ui1(((x'*x%{mf=cMEJ5m_52LօiT4+J[w+r"b :^cհrm88 o~ K<eBab/j,'卣$ofQy{W}%lqY!JQo a}-yQs[ H~尛3; FȘu}-# +9 U#DeLYΫ|a (`e!fRXݫ+ۇ~|AeŭV ubԮ: 6>\!N"0 "X<+E=p+mϤDraPb/=}7H=CP,\Bsl01,v׫JeI\E\B?饇_œyK#6'8j>im~Esx,m7 ?b"YW|1JJ{"&@NsrI a\~SqrɝW>;/pfE$wYh/ʱ= "!*2G:'',yFoy.yM?0՗E崫9{XO|?5案@` w0jVFi!lWl_w+=Q:]&q;%ԊP(Psg+c[WbkY 4o (7R`}Ko)q/xEiQ٪ rmJ*5<3v~f;Y%эijtj1c$RY2\]rt0ɵ ШuT. af1hxtPl [OM OӇp;ϨB6^gĹЇTF}K_V=涺)Kʅ4)G&/V6Y`p*'˴ςh` ȿB!QQf w ÕX*gqz̺tO6ѝݼI[W:ŗ" X[CIBKąnU}!H-iSgq2#u;UuN>a)$G;{\4`zi?OtGu{q#WxH+ ʻ9hdsq P8NӹBҪaVWNll=1H˙/xY/uZЬDv"LJ7M }/._;t{EV4;}Q!b!omʘB(x5Wɚ!h] "<&(i2eIeRO V,$4Aa\0uʼ5b!@7k9x%e^(yj+>?%2U[.oRIk.6ux9z})7$OxMDTDD{s(>}nV:)JE- N:%7k+I(qĪd!Y IH`2f$K{@S7+֯F+joX]8<1W°^@b5S9gzw})SoG}4'SZRTJs nɍPI7Z7_¨,-鄝y5f[D@6]F.f39ƒ 淅;DqOp RM0y p@]  @w=eG} r@?sF6{@’ vLȘ+Uw_Q %^bCbvQK {\:2":6> ENM[nl̆%l9e5RGMVKy 4P/kjlڼ Vj n@dx}ʜX[.z/ b@`0'pdC)Ī?nlK܏|'ux!FY5slŤHqfpm L|pSc]A;۳W{!!#k4+B1X_ :ezakRYw<pVu[]>0Fzپ[!g |p9yvzkB;2>=)4zA#so߈丟0yRΔp T<Қbg?j\55}b3;aR6o!ɃLۯwx#ޤfV3~v+ ^4vلRd -BPnQj~ /rŊF 2r VM,yS֙مyFnR#aW1;j_?6E* *`iX/8o-ԉ3 %C0Ò K=TBwDgI͏KPq:aGA wH_pwUe ? cVu$o]Ub7*cW5|?@2ibe}k8d`7fC9׵e)N3.tjhm̼,3& d/DQM wOoM}kR!PsbkvsԌ2Hn&US:?sVGBZ Hd`WP\J}h5\eZqRH8NKw[VBSpVR^ѽzE>,#*Fv&/MPV>m+NeBQ.*j[a*';UaCٔ(P_{8~`*62un*eED &"ߩc ?4ׂ@"}/bߺm*Qpe8+UCg9uE=*!t $&FfJNrLeM kWoVrY)Ė@n Ě  E J6|ԌXLkNL?rZW;aRSBPQ|$ h ^qV^ 䱚 YbW2XI OG9i531Dvj*eh[t5\Bweظ<Ìc^4 h=c(| !{3E G'mPhMMAS`Oꕩ;PU-tc(q1+5lA;FHtk)fŮ7n?af7RL/~9`繯[;fIEjcar?e!St^'D쿥a1S)IW{o.egL: ˘ez'# %/_<@^^.%\-纣0@`w$ G>)N%+_=Fi #cqb \0^WH͏7N^C:cv4eA_%8XИpM],u۠ɼV{Y$v1K8yD*vhR (NҶVp:g4˜R#kL?&*uOWސ*kP-OU9,$C>$`%5&~wIJ 0zUS_ZFLOPW>)cWG2^ZeWx8: /M1iqHln3L49J6js Oں=,TUEc22m.: <솥O^5\:{Ot5FaJuv7K?`ȉcH01,ݛxM.R7t['A Hyvo=Ҡg bQ"%WLio×(^πl .-{tʃߩ'sYZ$IQm_--ڢü"*sJ͑q60~wɭܐevu~{[jT~+vxՀd';!e(x v,1+i|cN|l!%s¹bXS?S.Ave IegPi}g,K7%?ll"1Z%Ј(NewȦZtdj^T$50 dҏo;&JiՇ]Y-䃑RU"-ZyɂipEGWm砍0Jn`Œq?WN[ s~cnHk$q:KXX|Ȋ,Wh#^2,@2uK,@pXqa @qakvTUPV gUk"b'qyZ-suЉ iT[3jzʯS1~cgzٹWڏ%rs/TqOlNPxuZu3Ҁ[owұ;^MO-2ݚ{DO[qAl>CuE|HB;u+3}BW!nȋp Bg>O5)L9* KRL"}lpA 9J85Fu=5kqt6X[ofhY @Ve}5?pWE^q9.QWMOsQoH;mq%A螼"(Zn uTRA3 [ `^3D sd5ּ}bQ]y+4R3mYsDQѯ1=4jkzRaUkv~4GOJ @q6&#|N});=)I,)_w"7~)\noy)fZDn1D PݴN?Q3jYi5=M#bzp OKTJ[L\p g&T6\pqFyX'|El4ՒE2,Qօ]z +`)9AyY"烙z: fSu4Ea| #+d:+M54 |PRؗO<`7. ԱJ.e$%uI"ό!uȠCUgY]oB"PݎvADAR}ג%rD:Q$SKh -`џv=dT\\ 2|}ëg;[>p}?zS]}|OOBFa&8 #LdW**:u_x ގ::Im5 PnT\Vme>wm7 %mIY#ԆwnV \g -b>rY4'ĂLPHv)ׄJ&4>:%)ke8O\>ͼ5w#w̢Y'VC<B3PvU: >A5$< Pެ6a׮vQ$9#.|2,P557pԞɺi5<;S#7KeɳA-9CN TyBK6[^K 3RGmlﶈ2"`ΠN wLD3ɺ&h6z<׮L<нC+je伷bCbc~%Xj f=0d*gWrq(ûPә`^0܇6v}g4}\weczdjI<~Sm%vT}}sʼn3B!%,3vKV0v`9p=SLqldž5I>]1V>:M3Z lؠQW+1*#mw]9. z W#+fJd=5L>cywXW}WS+S_%K ^Nb˂nTYUiN\\wsF`Ę\ؚ\ݧ(H|`Mc٢= !9Ĉl,>Jp7.A.K!&W-֏E$)g#/*nL( f`>]Z~g.&d?iN_z͇$q ;5@#yW2\{t.[:j dڗd@,g#4/ε$ȸw%f[3+Y;ek1qHo@kJv!irdӓڗp1Rx2'ӽn̪sL̘ c|MY뷄0 >%qޛ (+3[vXh4vRcs> Mμ&1x0^[)̱M[i-+;DX^sbsmo΃ %2zؽxYZrhaɷ@HԲysRz%`;B_vhSk.ЃWY c_4z^JUt:g xOS;/Q$ mz1$2kWҫVԠv\MT+£, @1Q6i2e?}%Wvcd@V$N+%f帋i ߹A ӱ!M;J@ ƻ)ݺTr뉒]xM͐vűecRJt+0[W![@zM[ @LKZhk2{dVϛMNMT-k$"ykW6K MZL 5RBaVm^y՜q:1!%h_9nЉ Ai2Y0d'&WoS:ercʫ$\BmOSo|-$8Uv+,\ a h+zhQ c}m{1!ty VM&PVdgUN9h.qf[09@!#s*C/MJ Yg}\0-E<@S@2Z!\4N_I+dLhp`Oi5cNJR@õ9AW;܅pܰl4A Sf`à'wԄOss+4d "W(oN* ;yV i]!oaNZs~=B$4rL p_N@TPȘtꪽ4rץ9XeÜVggS\$1`?VBp)j ]4cV< ,XLqw̻KiQs>LEi tyANac%Qm:dK  ErKb/tFqbǥz=(zeDNN,4_јw>mrh۔=S^ p[I;`\܆d  sW$I{ui!mȵ2~g>zB1ly0ȁ_?vr ; -e^y$IWH&:P*$ګ)z & }̈́fnlI 3 _6mT4J4ތyBd8mw~v*OЩǧ9=ԥ9/ L̆NtwHMzb{BabL&fP DZ'f$E.{<(YY$+b+_!0agхmoTa=78ՈϏ3嵦X՚L<'ohsjijq5PobZ\Wp(MHO[39sΔ !?Q[FnesSP{>dOWL* j=MrL Ź)Q;A0%5XWՖHp[.vp/S՗k28mu!!E|UCt'N$>7K̘T"L.Ϯe-u4zm)&1x2b 1ܳp9; Xj ِCʲWt>Yz{v5|g#P7ՕpKΣ~Hu)9d(頯Ui0L<_GWXg͌5gUXKO{+Jx)ZȋEIC|;ym+BRYX*>Bß/9kρP@yeJօlje)[#Zuu@ 64PoT`M,P]"o qR{p Fx%,hXm. 󗾁6lVH4u D*I@j((t%;! 8=躮e)z]=&R4Q;7}$o<= ( -h'!A&mtshga~7WJF$`ĽewKwB<.+!Rhu쩾S{c1?.h?]7%X`H]&g\N׹B3xw)HTgCU Y3;tffP_<72k6ʼ&DJ;}@H[PLj'gf;s!ٽ'@p[{AɢA8ZmD՝[b#(4<FfR-\vܼT :dC:F~l@H8_4 iC{ojg^fgfJfrC򁺤rH5Fж=U +Tۭb|eU шsPpl*4UHx;V0ߗIYT8e5ere{/TsU&*`9 +g+Qt=r+.3ܑA;PKwأq9U%4tHrܖTd9J W QN_TLmu^R`7z ȤdT*9gB_J7-$ÞŅ[t <xeD)KFuҳ&_R\\{9א/'ʶn K3ehlF!}, e(Uj[6m1V8jp_ҁIw*LuUJVK^ax>A6x'T/bbç`$D=\Zsn`}zl\m?=g!DgfKKZ'Vop-G+ @Z_u-˪ɺoq , &!Cv 񀮎cUNKgn |C.@Wٖ;S5?o#qRqK>xn_I13WiE~u!o_i~B?,W;M2<+SRW ~jazY\]dɞXC& NKbSfL#3z$_X5 dpm֣,u eESO$uWBqr 5깎W> L+%QA$DTLH1.Q٩V74|5G=rwj[ۀzb ӁDLoوư Lk $FP/Q<VIq֋É)}BI}S0`<7=\%CH ki@[y\kչN2߁[wۏ&kM2QޥaT[. '>k tVۇݳ%挎 4HɏiY}C/Z4+='f ‹5rBql dc9 Mg8d>C MTV6ΘxͅTԧJj]v>}w;tU$iϜ'Fä[x>wt[}<-Am5t3l9SH~w:s") _*W3)F+iwPk\vGh.>,\d#%%8f '4bL-z!ܪ@ga qyZj)FHj`o?xsxb@ m2eB C"\5a xܙx$6H*GO8*v8 wMC [9#B31};H^,!tbY׶ L ӹmw{0žL @A#vNBMVq,Q-8!."K0F`o7IA~E暂g8]"q?hnm5ʐIW u#n:\PfZҖi-b]B65zn=0ؤn7%.W z3X/gr|N&%-+ E!g"Q1oץFVfR$%}E|~wEjeCjÐceBtL)@Rk&%D`<9R#TJ WW';ю!l{flq@N};@&ʠXotjzoSPѯ )ISOjNI#{2vޞu-8\@bXbH _G3lvBnu;t&]Hc(~^j aDʽhdn$\R,d\̚PɮE͈ǃzвdԶB:kGJ`= U GP%Ĕ8uE*+IJP &tjPrteeWbbx] ۬~VYt{ϐ8:3.nPFM"EnU^-|$gݦ͸Γ;C}Qq^}-.U3)z<=V3<4LO' 2|YuAu>ƮOUӍB6Ne!I 8"$W(E& Ws]Jlz+l] ~zaW,sXl˳GǏXCH@ ϔ^kɞa 4>I='r77OܴH"k.,3J W%E3(SէqqV8 sz% V1%+YJ5UBN\"చr-ZGO:@A)WOVEcR|R̺l͂9T ,Ȯ0lx|uV*NB&X&6E5paPvLdg24;8Đ]ihYz !ǘ1s@;`#yq>fBѥkPg<DZNA;*) l_`{&V^YFwfفl)=bt53%{-*`#*攝9l& TW 9 R=^MjUčupM^~ubt͓ P[ki!@ˮʦFaK\fi04ce~{i4j0]j$i&=~/a >cﴗP6ցoP(Ԫ{Gْ{N|? @x*ԌpI"m+qDFE>3).wqO>UEn2QW)P.ޏ/i٧to)Z䵭=O~Cp'b|Xoh W!Hκs`O˽UܻZaѝ):ԌMOO<0MRW^sRFMUlЁ.>*Js?@ps{4ᤕv1:!oecuI(dK}S􄀤_|o%Z/+WY?-/ (ݗ[:V,U{mJIxM ,=֝"ܾ??dŀek?l{umү\гVO8dX ̏+& $ht-]i"&գ@ R̙5QʽZwˆ]kzN(".'XLh>P-밃Ft̴: 'Y8Y!=%(84n,>SÎ@V3lGR0]D0|WF@1_# 4$Y$Po. TfSٽ2p{./Cj=ܠ7S1}<;F0};c* nr]\V_/9hS^%7v$6C$K `SdnQ,|N_Z@\x/GKf:ٸR F a73눒a;̓*~#GѐQ¦Yզo{בdC;#71VJ0` D'İdWTV!Q @ӷvz߉ DQH 5u-,Ez:&q}-x@V,!'DmNl 0&ND6+%Z$ 'TOf?vaShR?|klBWF@l{D~eC8?9`P=I3NS]r4}Yz^n*e% IQ` 6EIYh6:xD?/]ԏliK1AUU+0ʼdjT|^i0~wﲆ7xV9$(́=om,4LVa<,^X+}#-4s5 &<_wwߵ]H-AWgdq0L,F<7pO ,|9R)~A # i$Pb[9URi9RZ$wViRۀb>s7<;P:\+E (w<^̟Ac75=B(p`v'zDS0QB:" cw!;JuXWg%BiGD;GY>Js lKs o7_~[u`_|VRO˒wIx3&Uݬ8~dQDL>de__,5 #8 ~wtKJX9x.9{7 ՄB teL(Y q\La$*a&DKK䌏[iKrSIC'z>H* O"܁UpvO 4+>;[<I*]h4mKw\+!: g$y>$~,5YT_p(ݮ&&hskΊ0@Dk<2^ ˤ.n/%"iR#24Dq֙fu׊UyuΎ*> CS9 pw1ywƺȿoxN GpwDZȓܼwkayyUR4ђX3dITuQѰUɬp9Vʚ>[si %b27˜wutzA(A|5@i=ʭ c-e߲FYYfbʦ =f)2}GK*pܿCG,O:" +ŋ;]%l' o'5᫢AJ\hԶƣmUs*Gd^l*.f*J$ SNX^D5 ȊŒ&]`!-; Bf-dysIcrbB; '^f % "]'Wy0myJUƫ%};w^+[q _'.L'=0~Ok԰T8{; 8i/ Ϸ'r7,NV3@60:Tg*ИjW`WLsK< Qg'i"\;(G~O6Kr8Rrv xN=Imf]xW<1GQYyiqŒ*>Cdmt_bJbJhX]hE~ HBVlt64s>R޷I/}}cYUsA@49e}!)zЍICh :wf$H"W#0B{i!Qsr}3B̊ء[V\b(NhpdobFa>x1E2qTҦFI6~{l8< xxyVQȋ윦u q5tx,tX=mW"8jvfu Bq-ıZIЊq_RQWäXATjjnHS!e-s2-/lNh}J UjTJ3 fNF_o# !Vf6_`V Ll3),PoԑOLy_2+ y\Cʪ/ǂfdMEUo1h),8,.ni d./TᬲOWJʛ%:0k=U G&ZsX"J(jgud9q0WurwH$ o-Ʉg#ݘSm݋J"$HiIr:$&sBV^p~֠u W`bncLU\ HsP̓&԰R} ~8txyԤ;bi}9)WShF4K]hb[ 9.%@6C$;wjoB+4}=+j\:oX氙ۢF@z05%뜆h[]ĒsLL  NwI?|t!wi$`\z@n됂 $MPJsC54<.O[N/ U">B`ۺ\JgΓwQXgM˒V]9]D  j Qw:mEaD%ݰM'Z&v(;U7Eד$qv\8@ dєuN_׋W|'y@MT*JtX9^fP0׳tr]>pJi{b7bk8*3̢fHraFC-~{|m+ FI<L|Ae>֧LE 3X[rgb&1یeZ;% (5G. .>*fҔoǮcτA*K>nC CU\EaA=vK:0UʚCWF޺"Z{. 6묤)7+gU]_*c}ɡCUS!ٯ0 d,71/RV:/N6`n H20_jk2܆fW@r]b \FAۏ_GqOFPrYё+:#0)+y2MH&h!J מ+c.%` :$ .(J>c.;Dmby|֢CK~wgy3|f m'DI}/xȳrAM P>0^c(ISdDZC5SCe3U"cwm$r]%OKM,+5qbi@iױ5ā'%WDBV|g7mS|A2w{E hK6g˚5٭[T?y-oޕu obS1#ܹ<>@>1Ҷ8cE poVE-hX| Q\CeS1H1%EJuk /3ѿD*Eдarٶ>ėJ=#vi?f|9( o D]L,w<  -A1"=86Zleo$Tx5c(qX;c4;{FUоm|N׻`CLavj"9t}Q]/Xu8bˉދy?qYb؎z _ LmZ=j<Rqe7tIIKufCF٬%sJ@)YY)qr'q+:n"*-uRK:ݖX6Bco\Żow U?n\2ZrW@I,O4F++-/e4 ڏ-cLo]2},E$n(I-aKicEY y&ˍ׻ 8pek gk72e鮔ԏ RO&g_ZTp^8?ԤFbn ((ʦyp&>%KsPOH(GyASmޫ=tDv/ e,oؙuF/Bz>^jiFȼ7@-=\$R"-# mRq;dLW6ea`M4~^/>?ztI9 |i>]~ ?oCЪ3xL,J[a#*a?h֚ >*fez?]YuY\^ݎ/YIjQ@Teao):(\"Gqo Ör\+#.-{S6 qyN` TK9_hzcP{2a. Ĉ)lbJ|Ęz3SWE@7p26k-k3 5ڠ>o^/A8=>Z3cy8 yx"ݭ'M6i#zώ`t% qm u^Iq֙ȃJSVǭ^N%Nj{?s=&ﹸ>eT'3 um݈3%Ƕ. $Tv?L&e !?P3Pe@4ʻ 2rX" ϔJS1RitaWMb3 ~݀qDrBwՖo#ꖲ 1u?P-n"OU)ڢ {8%aoRo`MP xC,f)j Uڤ %gd"ʬ^fI/ ,vd fxAtvNg7Eoe8MGf2f#o^Yۼ:tg ɩXm=;Ya\&%\ #]jCnNx!CF>ޜ#tv/OudsFYⓨm/=NQԼP ؔ1ҠORǽzӛ> >f;qܤPĹ-FȬ{̎6y٩ f)k+LϪXlJZSJrةLPks\R[[EY<|$Q`dmOQ _xܢ*W bCVrXwwf])ZO}5-LQ9ʔNwі_:aPc,gvo{Njjr>a$q6u-tͼP!͏5i[SYf(J3!֫`G1 ߩy5O{7u5V{o%/Xc?ԝ8 " sHUt K>-MdMV'w̡ɭO&ϩeZ}Jn_dQ.Z M<^eQ!ypa8{_<t3_NbAvgw t2'm\IJq -[,glm[\Ƥ4I7BǼfw<>e`\iSxhq$Quau ΈcB૔>.-55\kQOH޿(m/%$ BGYnHBaoLd^*|qƌnO=z"O!_Z+${ŝPb}@e eekp pDlh `>i`Fa1v>ѹ_6~.ζU>RjiCY(B]Dv1YQaNA_I޾Dc3.q?DO깍|yB@28QE!  iJޠ)#[J:= .L_-RU7:aWR k  ƺFfjm9ؐ{IOL)ڽ]-Bveֶnas+)>W  '-Nh ?zoQ>Uj<5L[-*d4{[] sc7pSy<VF%a$ 6(YD+m a>*9eej)ULl\8<$[ᚺ< 2^nl6Tr| /I)"6t&4_[RƬTɪSZ"ki;% rZ Nz(Hyb0! YGd5䛋;s.p8rŖ y1 đJiF&7]Id y%G+/DB~~.(mM <z )8fבQayVt*G /{ 6_GXO䦏s2&Ʃ?F7V[I[ǖ5"G $\=X&zet }f[bd9B6E)'p|5- * ^k V!ͽE5oxf17K8h:&PTu"ԒKcb;O$#XX,!?: 1@3l 6@YH5韟a=^ZƏ7<|D@^[$@StLB*Q\Aa8]i Ֆ 0?lv /_ѤlgTЀ`>+|]!LnP#}dqEL"-^M} T2;sC\8߸#Shv2Dd]AEr"qF%VRYcY<$0jHɝ]2:8a=hlq׶:u}J]`ÁՑwˬ{䣗r rv[[-T}wm(bJB'%)/iuSMv #u,;2,7Qf [da=jExH:$H?/| ?F@X7 .4\:Ӑm~&gU"Q@:<* $_C*<~7 5͢ JJz.|c'w5 i\('p4i EQy;9g3PS9Fk*YY5ZxW;FrdC:e<kv 1[J|heAA8z߶}I&A_u(;4}-牽#TP5 fr֛{H_Q"WYeOg{jmno0?0>: &H$MT+D pMCZĦ !yU`֛f%{]SAjzk7ɬ ׿C1J6ڹ5̆ށ m@QM#{~2Cж'7edc.-Z_R4|{ʿR҇N KPzOx~@쉳SC ;H\e_:!M1Q_ ֆKSPcd2e w/#UX?Ksw:SjkHl` e OtUA}eY%ϳq:,w<:cC3Hg^n#ꘙq:VE$ΘBPtS֔_· oxtX:y!f3ʭ8PXu73fA0pͶ^AV 21TZǤ .NfcE]884p&ㆳ9uݸsP5 ZJH7{{ZۯjiDZPI=VXW+2Tĭv/\-g mRX8U!@sx#nW>Opn/0֡aL>3Z+az@] Vq} S}3$IY]̦/Ɋe{(_ &\إ]WQǫ{5#aV4џ ,t*Q^$׊GWfU2dh2( ]YT݄Q9F-!1ϊ]JPKJSqU496?Vla~Fڲ? Nxm2K7(w˖Xo ȵbR<}~o+bR]jze8z.jSuW96-g-W*t&d"@ds;Hmb?)5C1yl=_~(e7KD|6ouȝ:7 IQz`:o"&B_3L!CPد-TsB Ǜ]zS4U[m> c`VEƆA*ȑ+K9.HEJHϡeXsQ3UJҹhP|&KYD8XA9Ŋ,8apTJ[:do6TXT1YUAئGh_vg/7 Kĥ3ڰRitp1LF#&o~ċmz@iFE6w\0Ը=q]2mhRg"v"+z LT<f1Zq,5O oGxa}FL9{&um\>B޶>`^ }lhs[s+jI,\"/?*QOjF_m(=-sh/bK&6^'`}ӏV*]82zʳM<04?'A5{6$f966R0zNBL7P&QWH7p\#Kb-3; v~nMFGTsb #n:&jxK!S!P>gq؅h jY$Ds>!t0~;ŒA h`ھS sh(7ܕw̮$ $Pߎ s+ioEANAZfyCr`^.|\`6G*TVzpAm*۱oފ߫6e=?@h/K hDtoaSPbfȳ=2 0_^MN "VJ;r{wsO.=׈sc%ayuN96:v%u^nY?M?/c}cbpOTl@u@В!;rL&/2Y̜qQ" :\{Mk!x焞K9yG^H"ʬ/wdE't,~-r\?T%e3K%^`G[ -[b2pJ2,MfmY]ZtEWGlB =ѭiƁ⻋[չMسleZjc&>hp,޲25G@NV;cEK #O8LbXJ|[O6: #H"Iꋤr%G|Xv'i)¾k'Zy !XO\@ 86`X^o˥3pH#q!W"Z>g(7(> f7R;0Gҷ|}7f3E-H֎Lm,n>}h&oh( kh <6ѦLJ8$\rƗ&J\nSץԶb~ < w§zq?Sʒ*+ŋ6c\cr#xZMDy_Թ+mu񢰑gnѧf@p{Z6h)0FhrleiY|oC#њW+.B3z ڷ;ƥ]Dn1~ |q >eA;b{5_1 0/i42Ci 7ȝ#[*zQ8$Ո9"װz/]Ҧ-"7E0$"Z|c+@+^qw4vؘm\u:9ͮ[hWg0$؁qa@Ⱦ|bb?'0fzvD5A |tY6awEdܭ(T덊I|?C @ATXmB26Fȯ:|0`jP9 fdyI*OؐϹ*ΕЌ"ItQ@f.?ٛA| O_@DKg! oy8lGָNg xg7"plW1#ʺ 0&B<P]VE1i=Cjl\:7jKXD>;8b1%*"cTYGfb׏5%Wz/͔wJ0fbC`]YpRo ryV\9w-W MnBy;ݤ"j<mʉZXQbM |mjn%%gƋ>9q2݆$%V0]JסZ?>}LR W6h xDA G~L R9=!&xB> Kh2~~yih V&eNӭg.OKOVĤb_/'d#4@U18mZcƨSjQ3? C\wkZ}oC"-+԰r*<Q3EV]Mxvn@ E`?BC}kwJW&H{6fnO[ R!9Ս M g&ki(͈]k>O\D :L!OkR>-!}4鸗2rŞ P 4Tz3jzTDe6iͬ[u{>i`a>6CHИyBkFC`}_mV #]# E?T:6ǓY/LKۥ֐%JHw4O<|u~ՁB .L]XrVb0' ZIl^ _mTFBsu o ÍSyNCG"Mүd<&+2qhka,siC vʾGj' LO'nQ7 =eE~/D(&qn#wÀmgfB7E(/@ ős[4Q¥\K"ͤԕ'Bv;ȂH v]p:>H^n}ZppZ!C!zQfXRZټGܣ3{KC? dXvun]I WQԨ0{>{]!zi M 3q8XpFѓZӜ=׺3*!a%2=["C)fLxp^+tmyNF6\fF+S @ICD-?Tu]ሤ1Ǻ,yMwKu+UJFX<$> VǴ}{Z s|Te,o;tt寻11A$3 =~~U-ktTrQ(Do7F"//] 7m ൊr\C2rɰ%\98۵2\wt]LMb*J6!6֦Lk{ qr/606/,I7<;haCyu9X6_}c@ˇCNt)S5Ui| u39gƍij.D!s(?]UG/ˇۓs+%s|PQm_B:24)F`ABكrCjӘH:5D'nu"F()<G:U icp`&䖅*2)Y}A&So˪=GљsὨP 򬂑f^5[A,NqeaL+,!&qMMpTmFJbzMC>zrg;!!w⪸vO9,|rMh"_E ?kx\ "Ƚ\)Od%&(P݊0Mg;^'aK8mn` j/#R6"t7g EMrP$(AƆ_JAyȴ_CXHv}0^ⓥ.D>^_.RI>-u!)k)8 ߚ_q(Np--j-wr$vG e?uZPeM"e0>a ?^,:kPo_ugH&9Qr!>˩W_X[FdR@Y;sY+ǽ#je>!Сs#C^O;G4i6XaO]z@*fur) oIcccX#bI\R*ݏf(b#f@zʱ#*,o [1zBg,) "&?XMj v-~1;Q8&Qw_qR pf "P& \o?4¥1|MqXv󁿆ȹlͣ5_`dB z>~35vg0H .쭌RZ[$D-XWbӦI,6^!\ %L pԦ}!+ @"`M]q[('{sz9@gev#-3AJl3ĥXi]2G =4[x:#Z՛sH]?+3,׷rU1@?uM1 TNeddzK0ې-EtSU'{͛#ڧҶp#瑘F /3֦m $RmD20 CK͌7Ξ74?/Q" L^!{$/rEy.e/R i=Y>5.%F%8>d4l=$ %EIc*:pVYZ`WU%Gu4F}`̍" FxYmyɆ[qxq*s>r535Lq_[܇F._CO`(_Z5C5~|iڭ6$SJ Gt\9^U'2<&.ú1f3dZ pxxWLʛvtxR+(@o7"eEhDQac{7X ^4@_JOc\4P|&jh3p~2g!;3%(k(\k9ƈ) fK@Qy6l#۸Q C΢z =p.Yd4/o]<r\7%p~Z%i+%VR!i~dmĻ 7.&#bn0(F;7XApd2j4'tm>^޷{;xQ8DREHAD5,] l,AC<r36vBidW-rtQkf@! ,>|ϮɓSNk}Nux׽hs]*iN4^d )]9?cQ~YyW!!9[T3 ۣaKg_`֢7EL8 HUzv ;({+\G҃x$jc~֬!"J0!ߢx|RR1wWE7Y܄)vň,OZ*xvo:ܰ[n A$%~/z<*F,?ק6um;JaC,h ؇" j{ol0ե0Bf񞖺1.QD j ۏ6/I50 Kk-"hQuU2ܲ5#(J>?gx<+[:w~/k.[V ʕoPV0([ǰZ\#:LG4S`vո^3yrlxZ]d+fg0juLXoڲBO R̟N(= ,% ɽqF .g zy ݱ5M%+!H(z+ahx]P;\ 1r)oZO.֩/ɓK^Ψ'KTv 9) oA[re߹dKaT?)3IKhdkߔ T'-f#S]kK}4{pa4!J}F;笰'#r^HEimwM3ya|UY(β8r-~/^p27$6'OSҷfљqgeFg ݝUrĜla>(bA~yivk5B8asǩDfT_-y-hHe!3>m%~>oAu?TX[3=D޶yQ(Ř ?B`ϵzGн]Fʎ91KB>Vhtoiu1Rو|53ֱg$W\e25@9[Hr:`ǃ9X9<k@:u+(`8AZ`6A"6Bmޙb F9_Y, 060*Dg/vL$!<چ>KĹg3ۃF1Rfl ʨ{7e5xFͬ\YL_Z2aïѴ'l˴*3j=R|tZ$tףsaBԼgV*F7;ng#fy=Jb9'j?qStNV<]VzD]demswm'$!IdlF2<3XNebsCŖvZ@O?5ƅm$ä" I 1Hv|;sZI!{ySO J{LK\; R XgK]&5 6' ݼ6 Vuz;UxƬ5z0r&;G5&s~Ʀ&gu%_~F"A:`D^Eŀ WߐJ~E/w]HU/yb4mgJ:9Uh Ӳ#V}6qr磏'd ȉ_d\f*R4ߗbMfIͻϷɳ܊]Ko^W\Wb%F . )1mWx-=?$WDFA.W'AfafBdB+'E'\p9,3ѢGwIxߛ Y:3NNg^: wa|!9Y3bЩcP"peAe/ڱRX:pv0sYɮ7Ώ±$Y<#℃E| q,+Yf|s(j!ϋan!èņu0OF Ti'WGݱo$yeJl){o%\rWe55cٗË0ʘ W[ }fmAR뚴Ⱥ&24%< yHPsmI:K`[0 qLKf_^ N;GzYs%"U !w:8$E[2!LŋE].WQF`÷J>){zO-iSSAO_IQ mu~֩I!k@DH/-J6[߄\W[a`S'_ wNS57Xw(Cɠ~m|@%]1''x-]sf엂*,8 :l KDI&^{HO9D;Qp4+`bR,_ј{(Z^RfY_ߛUDO VQ\\|,T)P)DW;Mڐ+w`]WKiYGīE_Nb)$̟LWmZ.^qCdϙ:ٹ@$[e95ٍfR.%"脠06a6T|] P.C]'u!:Eo]}p/8S=6Qy ӦVvb_]ƫMMTї[N5d+P;bncm{'s T}J\"v UҼB[KvL4ݳ`mݼ9M++&9ajKzЅrӔ+G4\#ֆ^ٔ"2A. Um%K(5޿^ldby'q|C[_ڵ%lF4E%[ܶ 6I=g?׬ wZ Qa#qZ:B& j^@zowjIlK_*Y+ΩҜdXZwS DEk҅jIld0ەcXK$$0z%WEՏq5G eO=bY y<eh,{x7+җ8߈$PBy6-nia2G` ۰׊.G3 D9|ZH $<NRU 4{?/uބ[<@J-EXDa*'rcP+p,=OĎײ94&^7x߂LeԈb*޼j?Mlgmy$c1k7蜋$vvlH\r{7Ԣ{cPzc<]0SE5Z9:m#׊hWgVhǛJ*|V {A%83dj|5>(yUW}5xN|^4ECV5 ~%gލcڃU1X)5 |"m,q!!<qu\.VZClv("]p?@;TI.1I!%^Ǎ? !{ik,:p%•iXv{ ?חXL:uBTWp#3 C4YGGD) )1 ;m@g"#]Ta~1)87 =D$TU⋁N4>cd;] i0wYgư 0Ph%HزnΞNXUܒc d>ߦb (ը-B]0Eŋ 3xqṠڨeZ({E9`k2A^.;A{މM) oͥ7 QmIΰ5*ۢjLp|؅(;cKt{]z?@Zӯ>`l𾦙ʃ)'`|Th\{h/C.J*+cΎ*@ ik=m6a#Qb:6[AI!#{?3:sGN@Z?X-irWx nk;W;dnQ_h3CTuvhU^̚${~\ErԀOśePBݮMAmJZ .əYL!y~dnr0$(BDy$ߊ]47Dko~꟩*#]$HR$2bCL w|}ﰤ* 2DW?yٴB9*[E{^My Y4ɷaߌP!sU"L_]@Gpg1$yG#"Q1Uo|jc>:=)#!}?k+zZGqþ!U'ZbK);ɸ%Vͪ;\4*yEx((Y| INe)j^fAlڰ{02uMVMtNYs2{ٽ({8UA޸|{ڮ[j2nٞȬ*VM skR~Z~ж _,nk+O 3,Z\?e,yJh|{[VKGW;2k஘mtKxW{^F5uXzqwQﳟ[w"۴tY/ޞ jj (V`bǝv@fCiv٤1)Wsy]֩ڟe^գ셣j],00] *K>G͡PT2H1 r(16y6H1RuvJ3A O _j@\aM7?Xl ^pA4۠Y)Vh MՀȣGsyAiǵ"7'`JͭfC v9S9Z'A?'gH0@ )æA C36gCN1s3Fml*a¸1U[~^1euq"҃Ol)4qJ>_h6Sp{zn%g#mA50dlb:x|S/= /]YR= OU|(Ff2X/^Y=ԙlzFK-&JIF}v!PĵUmYJ cwˠ䊲-gnEU:%[f;rDEP_Ʃ?$t!Դ@wh0N@a;%~BE_=ނ 4[7Z#6C 9D+As5 l|Hk+m:Js]==T-Ic:=W`P^<iE]zPn 0Xn,ɸ jFc*_ax(>o6[[;9]2Cl˲L|Γz~)b^^ÁP(>{#3c0ՍA"|GX 4V?ٟ3фL5 %34:; .o7}x R[&MYp5 ;0g-~Jfn$;|ߟ8,uֽHơ4lond"y*=]LhS/e@yUA157d86@e6#z˺3W:w. 5.LwZC\-yPCesw~"w3f"WlG9ȅB#z!ɳ6SbpEV1qFK ЬJUک6Ьy:Kn]-=>-k{IlG21_usA<Φ'g ah och̅V?[Ia&8+ʨy:W#Ol<贛>2jcx`Ab TB>Td\Xp]9"j/}#Oy3.H3g?v?]G567E2:Rkv_W&*f7JŚ.`0vX-SgJ[Ct-f53,rf&\҃n䭎v?·Bִq]y1:KJ5,ʔi6e7wɾSzY J?{z7ŬiL٪;HٕWRdrv!9{3*i7qDy9' bp"YpVg\^7[o0H!5 8:Y:k3^v)TS7jT6=2ڳ8Hi7?jx [80iBj]/dx rЯh`NTT-O-OJ _ 9t GhȐBp`'xXJ$~>g?o=ȅq,o3+~ #4=IQ5Na8XQl ~d{-zɟ8q4H֜tCJi+wYoEfǂH+ЊTArI֡<ѳ6fv*jK{h6X!?vX^BA7VpTg;`3O`3ü!+a@ZJd @D}S}>2~X~(0h)G0=sd(#9!i\rD`5W-AZ3E.mu 5}dT?)os֩J/ni8LC꾘S,1䭒xCdoχ_! C*ǾlԣW*}}Xh5N\ϝٻ-o\ 𘰌v_g:xS0X鑧)jDW';7}K|2"fHvSN_ R5:']J&Ki/XKggkD /!p9ZV;Fi;#^9Y^l}{wR@E?f/8(qz+ K o0UyRd7_J& $CyZ屉7a"Ȕ}060a9 6C jq}2АgRCt{JMk*B&r )9=[@ DgNȄQz9oXybެORBc ;hWcxZDr/\s'Ki,Y*VÏHeDnz7j3Ƞi]jnV?cPY&%D=ݳ+VJQc־_ ]Xbg][u+=;73o}vB 7szkeΆj"9۱PiڄA@YhϹҖS=_5RcrIzE:\MnfքN96ғ侜ML/Q 0h$A[=ЛTZ 88˩D3}r|R?~3#rolJ5%JH0wZJ FNng,7)RA=_KlA5ʴ ыvb'dysZoOd@CD qy R(f6XucObcFgV_ytle4jS'\s:(A<,:r+r6&%{KB}Xxt9=6R}ٽ4*lhR5 =TԡH#|eAPacJq_p1{" E3S&wުo.E>K|f?zf̂[ZsCgB$/<'8c(n HOmt'˥) uҐgQA55(#5sf_gpC[U `8hu`3kyOq5ё ]c)h7{;e<ybU㼫7zurR 1u~]a}+_I E"!$p@ ^(7Y NFؔ}4 5Wh/f*W"U{)f"*{.$:nSuz3$U䱜 &JV>#CA>ckI3xq9)iu˷*\I[O M15W7C4^z9V!곯R$ 퇿t]18pxje*ĵ1z"x7H ̜׮pu)d |$geYT'D(jhgi#U9оW<6w3(;*~Ls2z#nCoeRbmkn.6L^hɷ^= d孱"1RJ6+{Vwq(u%~Y1FZVwXdR;orw tO*mtŠt?>4j5R-Ɇ[K&c I4 tF悐sW5~Ե} ]NhOS,HYGwh8;QC0LVkM;^GWya6W՚_Vڜ6䏽昍-vLk_ #OhhF(~IF,8n;=I6ʔI\iYFѸ澏Ռ)Ɗ`mWWQGHTEG g^W 6t7cX^Y=v8h =;&ujֲ76lV"أȱeyh}Yf4{@65!3d)Xh 6ʕ^yܴ ;roih*;MP;B1%i6pkci=.w@YLF.Uq|w߁P%_h/L9SC^ͼ*v\vWByWA9W$>sfֲ!h#~5#v㉧y<\Sʔ[ުIndh|lǝD6Z\Gs#N+f5WC1ÈLha0fP]~?l;S&ňzAa8G&S)~rFbzGx[>/'ީWF#/ Zjf7YQ Qߗŭ+{"Fg%΍)HS/K3ydA|yp^.~ Jh>@@,n+Gp gDKMq1.@HzA]!3b`f*$Fƥw%h ?" յTW|<M| _3ÙzAۛpsJABtf,fjFT3ه*PHM,K̄#~Qo9ړ5zGԛs$b=][ l~@n$-m#9)!i]zW3%,0ٛfP+*Qh>r RMU>soaW n,oe?E]Z @z ?|dvaFR8 dmjJ q~5b1F sHl-lw^O NGVׅ'tG΋GF Ʊ_j'.Vb] $տ x5R *sN$1`8'8n.^a׶;s'0ezsJ.H6RQ1f~ʌbkJF /G58ݻͅr8v6qs ]˪o>s7 ȪDpK*}yЉңe/>_m$]]~'fBh9yӁi"C&W1Vus=p`GÈϪY?5 'I.Lhe SLiYw׭ -s8Wݕ`в5h#*;Y5|`F(LޥqR.@|e.{yqSc s8BZ]04|-.;<6=^xI8qW%xJŦRH<Z֛Hb'sH*FO!,}> #΀=m1+ޮ|R{3~|4jN|탱aY@?V09fZEN,r/t䑽FV\/Pg8WLOMun Z" ދ?ӉZW{77O JW˳3ӈVPmf7]'!J{;aÑ&ITg A9@Y:p+Wtsj)eFG jOv4v]h20 9C?8+okl{8TiC+MLJX~m<2V݅da .;ٟ3+-\Ph"Lwۂ]*"f25aMGe(>: vbhআx9=; y $jf2ZxU&P䥣̀)پ;؇{Ž:<߂[wvz"3t=بX,;&eU}.P.0m>u?.>L[EdBY\1b@yYy_Փȹf[C@Xʊ,v?齜ms+4}:lEoopD.K4!@oWA1E,3ãd1܄` Vp6E8JCX TB݇b$coGFۑxs7<HfP&i%֋vЁ]I)@tAIxćGw̥SF)d~ 'n$^Ř1 ƗjwŘav'oPOf[Yz3Ctie7jދ+ns ֮ù.ʗgʥC0ޕ-h˞MKnh˦k iG^@>U'W(YV㇘ěQX\$ۑ949'ǀ\O-#^!\x>O'%PNObO2 ;2 3v~\@k9;fB߸dYm.iA+7"*ʐaE9A z_d6vw&#dv eIqmgILgvHX&5{iA*՚dPRjJDĹZZ'qm`,I `.F%S}{d2gi~^JX/0h'EK?@e a`" m2Tt=kˀJ[ Ijd12U, `+`L D?0܏ʡMm'43`^6Y:2*ᴦl#UvW}\f:0EIFv?0JM>C(v£h0P.J,k eTgG.,< *KQe$0`=_˧mkR>>Ectr0|"{KsXk%Ֆu;{8Br 5đZ b J̐fDv=#%wOc- :/%_Gq 0`gN2@ ",Oi:)B B>@DG8dgEbEYC? BD0P6*HќtL67A$caxx,,t5s 0DzqÍVUz@é_@>lgWѐvJ߉w%r*RiYD%SZzݒ;_ܓ \ >^`;mK ;, #ͣVsw%wVČgr]/ISr¤BsnU!F^ G}  udS3|_!dašڶPХQ}-2&S`,5?'*8a@F~0:G?qeO**_y::8o6*f:MTx.k^e>>[ubOtsDbx}@nvƷtc:"đ^J=p%AqC-zdt/ 8ct^}gcWn@k ycVO "V: ՘B}n/s=0ґ[!.(8(Sw{o~{~A) ڬJVd8Q Wpic'z |ĵHe ;%u/qy%%Z.)kVLٸ#2xG6M5q?|h_p᲼?bKIaDԾ:\ߨep䓓z2UVly/( +A*9O %D AFۊUǚG&[uT+R7(,)MAM%x"Hzl͢>_j}=Q]~j+h},v(![rkn,dm6O9tS4c!paH<#^f)?Q*U l_ YRU߻kڱ'/M3 XBkXg+Y>&\AdC}3bHL=,#ՇlUPuIU_5ђQKh)6Kn 9- S`LDs*WUךlC^S5?ßk>Dn#TR{Qg.b[rU6Wa]M 9KuI^HHWnr[E~kA#&˦?GO>=S蹽.B{u/10SyA9přj;IZcΔ4E\dBmi{]>!;G|%e\Og0dG-!D'40TSwWByI+Ox/֝sҵj) O19B>D4W-(]Zyzm^7aVp9f*АJoN͕SYq 9Jy-f?@Gn/1HK Բ$%[o(86p&GtrBx UfOF+BE?Y.$,x֟u쉍=SƮRPp3JnRv0x6Bsa?0>j!d&w%\&Z!yúׁ·TqƆ.qXLLKG`j GS웯0g_"J7j zTV=^qo+HIu=ޞ{3}"/jj5X+!dI,]q]d+Qrohxdk_5uĂ{&@(( Z6[")tzI!L $a9#a'|U$B J +9`9`| ? ?lP8ky"ᦥ8' = L[Yz|;b}:6msljvsH5@$k>%W+}~\E #~nF$d*BW$]XdX !|S=?)@C :$ҭ8퇒> |ոRdIbm(^XlL ,Y(Mm ͐:(Y{7`a\=_h&=EͣcrfAQM7fPJ#|pAp{Z=4{; 1;|'1=ؘlTO2sȃV~Hݤvf1pK*m s .P(m4Nc.kv- dhdba`5lʣL[RD)sF"Ln0Aȝ>E?f3fWfj<ҾFY]dh##r̖sdh1!OnkTq7L'VsD. A-Q1_d 4Q9?8K*pOibZ [VXܪq~sxڬ>2`z%Re$*s0P%]a-(6ۼ7sVuj?=| Cs24:i޼5B<3MFAU7sዉW,+YftZN ll:? 6Tyz0p%\×xȹ-A@l<8̑s<);geN !ˉ~_:FJW_&dP ޯ6U)^OU7x/Ig'v9lv@snlJN9˚ejLoy&:y_u ȩ`jb7BZ\v\j?(.UQ-W=J5^Nc]!݆!qJ>YM>L@i f6T;}xGŋW-.e# 5G-%n*5(8,$+Dȑ% S]&tK*`vβHC {;)$n}j3Ԍ?HeV-Ŝnퟐm1x\2K@vsk #=ʩkpվ ŸhXs 2rV“JsT:Mo43(je2pb^C']^f72޹&UJu~Ø ;udxy_,ߏ 1.5c &_'Ou.]@9b .pQlIDJd,4BPs"h@&gއ)AkPHc,ӌaoao*A~W؄3z>ZyL]tQW*cC_fc@OCh|E{N1G[࠿xm'D]qCh6X+VMVF Zl4Ȍ<)#{;}֘,qyb`OY-#lBFi$?kR]sq^ARFu/kաs[ K$cE mEi٨ҥ'KZU־"`v7ݩ&%`WYNVg0\-+VExۏ4&rLh$/6|tG(c޴ =hi(AHiA|Bmgü.5&&՟cX/ѣ K oԎ~J볱zWZ` Ԙ%еo#ϑuv]_<hnpKc ~VS˫bjn ܵ7$0[J'1g\EɟD4R92=/!'sq+\8v_ag2$j`YHj,q\5Mml7\?u].mh"in5վ}޽{(#Jc%:r@0FvʀPO:FgM]4zAO(./ VG4dk6L?1~edGwXs743Q!^VW*^jyek"%㳊 {hO4&D9<˷#wKF癞ikzCoeQ_`*?eIM1_@n6@6S& 7%K3v;@Eɵ')`d"Q*AKs#%x.Iv1+D} Ш^k.xc-5X6'G 9F r*we6Yυ.q"2YG/Q.W}WSݭ>48z0$%SqW9c^-KSSH[yeW4[F .#l/δ6SdcKV]Ip~VQ}3 ;b1h^KUMqtYj*uYµ-N)aq FdK7ˏ 7HFutϗVn6.}.sɉy9sY ^DJ;ˑ]3OXIbCPVߤb&v]vC?uǙlC|5.>xgxcW oڔ*ʌט{f>4B삶/sP\xhׁi. zc\NV_zɲ2uQ%ي0Wmfu'K ֮$IL?Ghd Iz$JxŐH=*x>XFhiLj˄qݞ*bsHP_ &>d[1v 8ݯ*A'ӥ5u9sZ~ȾY1.M6]N"W YX3y>ɔr : )SwZ]E\k DrI[)iq-lطL`$ >uGbi73b&"S,vh|sv6Nϣw`N=1l< ly BØ =:'sx ^Ê2A+@գİ oA$[(@˔x4P+B6Q߽e!.[ s=I\~Eԟ zd ΢"k3?-hvTTJȓKQ$3YԸmj-w[ԓ1&PE) O0/(eg7ȵcsdμ;ܢ*DUpEÂm^7F TGzS6* _ (m~"zːhI} OE[g!dY4P/"Ţ |T.|^׳(;zwnx`* }YcX7n蔫m*7|IVX˻rԲuٔ́M_ Tĥ=H0/BB١8X8oxJ]ؗ`p(6uLQfv_(:rsDPyQ I9v}b')3bLwBrR";PRVfY]i|zNVSW[9{v.@fP:f5)P OVzDH>.fEafAX Vʵ*oWr;(4X.Aǵ<qWאxuOs0 h4cs*'5<Bq; d>i3=ՙ0-pXfƘ|gѲw mc}THGS,u2j Fb<ȉN/o~dN ?$IDƆ0D<*1TA-7J 2XBghDlx3U ؠkV{'4Jm-WP@0-ð}C=ڹN(+8tDrjsQ!Cd+*Ƽ ,#3Of̆t_WF(]Vp=j0$Nv7hw$Qڬtx ^i)ჭ6bSR&&ׯ=7 ; -;2J-^SNMyDE_l\,(F`7,ǷW|J&֥}tm3f+ՅJfJvls7L7rG^I]TurssWYhOae2CJ;u'#n]p+zdi.A/.h F,-K7ݞdCv'S]ACNXdӹ4Yh"_;-3 wٴ%ڹWVhڌѝHօjY9RzqmQi[ݜ6eޥ Gef((M* 4&7yǒ_Z4%[_ؠ2e -7̹܇Rq4mgJQ-{t&.4'q|VM*JE&H sFv#$m}8y!N2 uP74J%nKG8,N@,-G}I⦚剀V;SJK!ĉ쑭[+[8[NKxB~f~$sfE+BgXri鷆Ň%aRhV \)ez` \zS9A_WcQB^A c"Beܛx@dh>40( {JmUJKP^;%t};S#E'K#lh }Mtࠒ'dA 5XRrOބ'#!n{d Ȏn!)5t-K8Wmu.7Z_g+t]xȏ.*8!rWhIYxIiv.i%Dc}``(VGpxDogT_lxqH7.VCx.M$Uf z\v 8CwGxzm5N^7SeiþK7M @z&ui~F fǃ." " yRV{cEY.|XY[ եFBxe6 oOGkjH!nq?[$W֓ v Vn)Dv'p͈ߢj!56ջ^-~< RcX0\$ϥcjxŽLj*G#9 Z¹*CTM\=C76F6c,bi HlTgY 1ca|XpDxd҄8sؖBCA!&s+([Z-:-vYOnH6+d2_zq ]]!Xi}J4!G̚ Ǟ#h,e0^➳_ }: 䟊  ?A&"'(&~3o~҂itĺ6#6q,u-Z /P&wq(LS^i* 8F&R}NEUxJ7 Rh5 +viF:aKzXfap"#65 ?6<]ҒjMmǵg3  =@Bg.u̮Zhнo6 ωSեE a@CL j`O/j 2 {N ۰ZE: ?'f u GaF\ ݂a96@ @t+ϕ_zQfϨkZ>7zzR =/&x][j+CCsO+)4u[mT., {gHM.g(ѦU7H^jSR:Jv#E9dAL 7s[ߊyqZSW5D&?mOMxD'L[1S"zN-M(Y)Y eؐW׉e@8Zk||,ƊgqP5jA$~ iXq Q4@ =@•VDwX|;KX+JĪq~di3x)}')H]٨_MAT^Y 9"G)!ʇ U~n!n7_7ʹR;xevҨ&d' )хx-㫁boVa Kӱ$QSi <>kgEXdʒ2}.T0ih!R]@2/"},ģFHq͹,pن ]aeW1jzƲ5*ˍ^Jْk?+D*њX/~~Ix4QI3hosyֶ$Y(.\n+QepFQa{@+HEJ( !'Еv6RP3|_Hs($,Y@/,'ΊbD+"Ӽ*~SH&3W ~ 7| lP,mCW3㪡y5;nPv4HYX9cOcZzeFrl ·rN/#x~8l-og7 lV|n{4EJ TTBR#_AY % b*'o|= mxjڨቛ$^9>)x:x nRCZ14 'ϷIM`|13 NtZ {̝O*Zt@"XH˫1iD}I*1=9pn7S]C>[UH˾"'w2Ԙ~9)9mc=_d:$4h:iPCis{ޯXeE\J \ 0MT;A]zzGrߌqݓUFlb^Cr)y2p"Dϵ(}I" ֝*O5ҫѺO.ESfO>>I*&T"3OӳXpWvفҁa|=WBxe\K\Y1IҪ8ЧxeѨQTCc"YD!nY,I||]lZ WQvȻ10NDط s(i#lIkL&禷O\R}ݡj2j9w.vhӊ_B[|(&-Mowt$Ĵ}x,>((/"7&y BE|`g 9\'ȉ8j?7h=YC̑C"s*-.md(X>9E.i]U^/yIrvۊua6?Z˺I`Qې*R۶gO+{QGSP:4N?@)%U4t-*8<`fP4)fqǬROK@^QlEn\ɩ<%BMYZ h_}^ )?`|`%.0;եSӅ|B!09:SɄ:uYh jhvpj t3)Sq>W0Hmج-0'8 l:|܍:G,;<}P.kH &jcQ}q(gt=_`*fXd/10؞%qrIiMt <2Ica6`#nj yvJK wp([a! luzM\`8n鑓T*k.dVt؇xhUTC"P@L 6CosWԈ':)fT5#CFqloQd0nOi_-{c ["z(TOgsWE1g&)De选F.eUr֠z{f5 d4mYV:d(ggBsD4Ovd묻b h3R]ÞLgqɒ`l`M3]ʎH,Q6sQ#bFUnpnjK:u`P(o!w}v]rsˏpRwvhPꈊja4D^0X4y[I̚@Yݾ3 _m4ȗږQ}ݒAy0Vh#;Rq[(d`8Y C\p,(O+aPx 7[";h;G`,dpBFF9b -Gi՟2~ZpΧgNxW87F_ygGLX%>\TV" qРqG2r)x(Є6WNnO%U]/Y6]I#ja,$4?rf[n#Vtv/fQhY*~'^ͥ pKg֟1;ۛQȢHoQa_V?ns6-Z"|8EHP8p%fMrc #T9r `@ ANJ/\$[Xb%kkdܜ#ZzxnޙpA_ АlF\iؚ j(gqR،Wβ+Ni$v&vApf_:J38M"A2e׈FTFv?'4׿6j:Q[A2gd/%!5K:U`QkRP m*sh\&q k?;I&xТpvHUNU%7pQ2v,qpLȭtbh߰.;G q!flC_ޫ|CI  33G] wz{xwV^b1)ny~Ԓc(pџ[SI]cъw[ܪ&{{9C5YeJ4.S8 ԓ`|ϲwCPrAhr$M6jL#`Cwt3 uU{i%|bv`B#-س[d .xI` \VJU<؛V{V*T8g%|5`[ΎN-Anc9w|ZNCו iv9=t~=.9Nܢ#a .dY V/iRLxc,7S';UF,d6_&m`Zc<2H挑hvN)YE "9O8Z>]2ƩWZ5PtD]]\{k"=xz=n qkd5Ƶݲ0Fb"OG!iFa+v~|+@77b/prԱƷkX;ze 6-U{P_t+<%"^Cd@ai)&4^COf0Rqcc:0䎱cIXe h}BaK-[ѵLƛߗ>:?2\iiMs"R쟌z_XpL7ĮЙ-C\N@R҃@^J N\ݲ ) #R88 *d}vҝBbPaA\sJ}M1] W*OQօlKe+6^O4H Rye:ǘf0Q܆x!i㟙A4y# Q).P%_1[ %l7}Y19`l.cB!N}''@0ɯ )ڂ8q4漼PJ]BPzO1m=v t)* k#zLLےy<Ğ {(??DƯӪ^!sj"R~IdAHVDi~?3kmrv8Fs9a-āeu=S3yrlq~}Yd?$FnhcX1oWOyҏ,{Pŭ@hYw*:la9(y@m5ZbObw7Me'G/ԶP0P?CUgm?κy4Վ=tKP_Ͱ)d+"" gt6Cy \!Q-nTt[)x3FzTB:(ѩzPYiB$K683kҐ~8=W<_Mf] ?Td6>DG2o[wBBJn &:R8XiV*]m =i*}OQm5BT 2GlYoyd9 T>$@3>1J)n&5{ *nޏh 9 @CMj/ĽCmJp*PzTEF]gVa1S?)O gi% _xe τ1oܜ0daIpȊo%RMH J:E#Xpa{5뤃nެK$;"z\t)$p  re"e2^{Fr/'RHuZ3 {sL| [;3 tksQMjaߧ+%Iʝg1o^ri >}2rQ[rDTe\͂BgGyţ ;3AhA>%4akz'|c[z[ nRS91ԍ@)C۸fea-ֽVyVy{+_H dq96j8ޟqjVD_X:g4״>{V8nrxO;6;:j!X| ՅǠArVI%l4ؿ?3`OO1~ψSJ:%\KEw2y$}W.3B )(Q2;TyܘH ]~8NY'fL)0XNsxmM+"}C|_SP/>ggWsG͖Vbmi+BGO4v_NH-b w/5cĚ:^125夸|$, 2_مqԆחc+W! PP<^=%f}@n!Rİճ9 `ٔp1;`j7@̦6yd`zf|m!wc*O8)3/4>z:KCE*-aRW7#;)q`qԕ=PR;c-p %iUr27 VOz ]jhӽqtu3dILw}* k ). N:$g&L6d8m]]PN,:ث11oC速p~t(,\"Y3B7NsOc,| & "8;awcj.%n Z~ndI/ =7'E/vz>x7BAP$ LGo¹4p WJIX/oGU1ѨPPj6dviw0|'F.Ԑ]tuxKtuK+ZAAv5L_uK9k: M}]˰0/<Ȧ~(`?Ik@Ҭy"G ]#gaS 駣 &PRX:RJɞ̆\y sBeoyU#ng )y. 5UPl\oAmnsM3a5TwJtQ$JZ7Fu>{{a0u9+|i6lWJ/B>:w&/?Nt.b"RߓbEo6ɱ zײ0;P$窵>:vY_EM t-fG,J4d*blWݪ^9~HbKYwdP6 V3O_0)8T/cSP:dp}ewK]PL{@pN(p6n2f,7T!2 z>BN;~0זBEe%$>Rؕ˄nߔxKG!]mQ? K?HTypG` G/3<@4е>\y #6lhmto~ (ɲaL֦xXGSɷ8Ķ_}hRpĊ!mIըhͩ@ky.5j 5*}_Xum߀hI$8~AeӘ:DEu07kytK3ebw>;1h%#k칽.iاe.?wfNnA4ml͟hCR3vn`˝tTm~fHg.b.jI'HDPB89A2^x_+l{fS+WU )1ḱ"kT'k4D+^0ɏ:|.=+qZp?fBN%zИ* )M۱ bLӛf sC,gᆖ t6jX *Da+k7}FEA-*$Cdz6(*niMe5I-EMchIGJa iHAyU j0D(:.7Fo͚gRgBՑ0ZNu9(ĢW-npGi18TQ#.D@FGS;/eК!(2ލ$O7w$_ZP?.ޞg O9vZؽIWGżW|V@[cwk2M^K4fȎygJr`Yg .%TabLFoP4|Iuģ S+֗J:4ЯY}JqS={ލI>ԺUTA4$s<:Xo\ltJ?tc&pd>N~ȉ$@[$-3C8&di@I4eLD}*(1*Xm"@LQ1z u(/A^;UV-z$h~9Qxݫz,çGd0|:vdi50 ȈOC';9FgkјeճezV̓MYv[+5=n) $tr98@Α5j)0־+b-P=[`h7j얎~h8ؒ0cN?_7MI=ҨSu.~qM$^UK}q Yyo%?I86K&y CcF PY5eU*Y:77WqSHoxT!xbGUg$z>qP%2zw4 ÖЕK_חqIv_ a%tC)OŸ\n1dӆzN&Vj/8E}K#<;dd6l3F@R\Pbُ?m @b~jDZ|04APL$@o2*X)lzCcd։FDc8trDcmYXɖgo4>u6ך~S?r4NѼ)x$!!dˉ8nKn $~¨T-(IbiߎeZn.WL[Y =Wyx`DD6ъgM`ˀI1޾3HQZWAqM6yg<HQ*Cq4)XŢ?aNIĨQC}Sn7͔l O>.E28GlDH-X٧d mJˉ[)gvkX~P:Jsӝ|\]u6@BQsm 1q)PInyzeRsJWB=%&- LYD\cTmubb[ԕtsd6Z6ю%+$] [@jmOWh\FJG%Zb{ăoޢBOGlMlC x4-Keض,CmD#Pjb9˃9ƠeF7{h?nYv/Y7)  A ?hJ$ $v=Bixb%xDJ[7Bkۏ;~\\nmƄk.fgpԁ8%+(yP>յ%ݔ(89Ey=(MHֱaj@AłeWjo/nrjgM윣;uPSc$,p5 VC1(0@#<֮ xAn8<[{Ƥ_.El@A`0{?_@zsZBh Xhh Əse7F͸_\͊%CmE&7[:/8_wȊIی[nM.nF;۲F*Dr2"$C%' 8i~ {hRʼnNcFFYL.UZcͭ+)=_s(WS8"*6*̊m55fɓij 2:ځB@ֹ4yFqA+jAo5֪it :V"r朲Xӌ%-N-@G整15KXh|VaQdߢw;p1\vx*XW 2//T?h_*ZDҔkD!9 0FVk:Tf2L0W+ 2F brMkC<1G d~KF0^d\􌔀?!JOQ6-y&}|+ˈ9Xbt8^ ({ 1l ;hq]|3 e%pB -+QFk/)mC;n3kN[q T#b>y]i.|BUl{39}.>Ԥkxµ%khʫLxI /,q#L;fbLa5SycC7CbrN\,ExZ .5D06#P,9ۡ‰ӂszZ6N>wf!sR9429fbo_1Ur!*d^ rb1&N^-Pmpx/rx//sٺrx0' sx0z*ăHn*P<…_<0/y*>d$XðfjDW[*2B94F(#!P0fruwyXl9R.o!Uz!tXۄFq'6UYdF@(iby;ZHQg v[4*Ƣ0[.AEf6BY2Jlɺ-a|]F36b *^h%>>:ceU:qoBrvf!>fVώe$,?{@ c4:ꞙ>wi! v kz"BvXoĠ:GݳfԙL헨Zq4ߝ}7(/:}QL<_|oS5EFw'hixs+c?8):O޷=~*CL0ttti[1x2Ppa[85q|";Ѣmh,d0c%n7ߦ5u#mXmѮA䙏 .z@pR}Oc1BMDTRA _^5@b}^Q&`ٻ$j"UfbOsۡ93N;ơ\?HFLOJێptG\2aJ/ H2홐f.337*ĸgv&o꣧ êk漡Rx3<9XH<ܮߒa $\Hf^4(TICU?6WL0W+ մLwvYrY'Hb6񙻇zl} d"z|ۨ 5 vs٢C#h ^ (c ۽lj&#8pJNôWȍԓ-( [:p[#gb->AX2]5AMVz}Lf_̻\9Lqs#(g""dr4'Oҝ?,Gd3wQpĵF\]30.Y[ ^XrfaA`=83^i?(o#⣤Enλ/_)0;۝0obj"WB͐YGY+Mn|'9#E_bq,0aOӣ<:;Y̨d~PF"@TXP%P73Q %tkQ>L_ֵBȜd/U T%r6E(JeyH;p|Cs6tzJU 3ʘhTv2r٬k~2$)M3h'kդHj;!4u;7{Pnӎz[!Ncˍ$mZ^O.VC]ܨ/Isrn%ٙA 6w|:o,֓ksiC<^]lRi/,7˕Jsb.p6<WujShv Լ *(:bܢ!&jpۋx MPLU[V=Phߩj?N1nO}+b3H $#pdcOfh(Cշ4;}H5P~(hJAme_q{JFz9avl'6@CȳUS}ʘc4ZXכx7B׳g3p ! `ͽR<䖦Ug8J˨@𬸖~> [[b"mI Ho Nv==MIVy1}cGLF{«﷎wmQ#%bc)}c(Z%;RH{ 岻zqDZ$\6_>56х~a@Fdϳx8ҶrTvN%IQ2ğ` 5dDIh9nXSD|tІވ5%5Bq3\C~`}wc#BDI,7w~pF`k D=Jh?VJ7S%hrE7E Js\˒.US,g H9lc)>ttD4DX" { Шcn|:>:0w?`Of%Xn`;i0Dzc,YO&cnӿޙi˵f^+~ Λ;Irc 2RXz(C@EvHo# vhWC1( cI2/mxZS?+߈&VEj]\- o0y>î.w{mZUH}WʍfV)ױbX$Ȟ5D696ZUs(\!޵X̭ & Qkt)='gwbhHƅf {–DJM0я.Εz|hs;Za讋TUڲ{tu>ï("tj+ig^IP{HnS̯Kl=jKCL>o%pIYoJO/+WbW>ԘmhØ*E@ 9R"8x؝r QmxC0JnOoꥉlc7ù!^& n6hP 9/En\!A0qU.ጶA3S|\z,;!(w_EL9M&ayA`T%#[jdS{ZкYy7`ä'#*$6% %OJ0F |P(؜*]2,P_XhwGCgbRw EN-HxbLTzںQ!{sɰj5%I!8ǨEڠ{,.i|n<@M^x]4MHmŀ3=s69n)a5,PU݂-S؟\mMY30PVce%"`2YI<&_T]8\a@K"}F7-2,|SnaޚU[yd,.T˝t^nwKx0q^, XM3 "զ%tX&aQ / jKi'Q|h]sOB4FaYcbpR"1mXU"h|n8Xa@rsySRGtu1[gGvB3[QlX*Eq{ I'؜F[H[7~% bIZbc3ut!RM3frIs KUmRں-rZAC|Id<θd{&Gu欷E4b =rŭb&q7.є{5fHԱvm~z!Y:W t2{5 ru=,OA>Oad9R5pߥL+q)) O IZ?8mhH3/ ȻD6mzmGlZ6~ק}v0%j;؀3xDBa`u#̧tx`Etx ŒSl"JPl]_%$lO:IE:2BwIQo8y${)jK q0K^k{#?8 ͅG ٙ;|RHnjbC5$[_*:à,6۪[᜷J^1 1C݃[I6R@Pjc{mX d&s*D <=RD (Zw ^Ik,!¯:LjUqF)R dT9Ka錽*r_i6:f=tVv˜ZZ%Xh2f$W'7Tw SayS/*J{m=|6Tdn=2*ՍYzrE _ԭgkiLz KOq[ۓZ…",2&=Ko-;Y2m ` u5ƴm$.~$>a! Uqvj[רeߺ _aɣOv5NFykxByvKPkC`||qXuCJ u` X!`#s"n ntc!lh6x18{LE ,faُB ݒ9 -BU_AWdkUR2Y5':F(?R<$ ?pzzz TbNWDAzĹ\ƯO&y5tLЂh<;\ܵ]^RMW+GEUw沼8>$ DHduA8D[>6#T?BPxQyZ;n3n&Z!ȋF;F=A%cD& NG2g.n5+5$C)Kn&_zWS84ali#rKA70$BE3ky[p@:`^CC;l2W!r^Ga3yAۆC)ȫ;ZT eU}Z7OE~SjVPr0SNd {,-h^9@`VBhOeE+sjPz#VkA$(3ZD޺.LhӺ~=\p*#Z#:4HYV2,Pn˜dypֿڠ"́E_8NݾVTòv`NTdIAB^JfµG 0#bWȨY$DgMn=]Rpj`XT9Eԇz˙},b-%o(UIꨭs[ʵZZ)|3"/=FI$jV9eقut$!BЅc4vþPĝ3)Dv}5f7c`60sRHJ4>˭rr./NוR$9:.{v<ѩ3;T3kYAs؛p)8~I9o93oX,X9}{CFJ1;~-fd:sw_ـSOߨ#(\ꄞ9nTpM҃ (N% DACzO4UJcIY}zTFZ@#^!"?#[)*7L;-+>nļ LJ +8j:<1rub:Dt{bpm-*," pakrx^#kXOA%ϛw%te"DlxIo졆˜Q :4?u3C48z)x5HU~N TƽFg3U а]6FF"Y'VD-K(-{O?fZQZRbors]}tMn?1o5\p=+nFT DW(uYIY2 ܁ ܪFz{IY6I~wuMf\଺^5P/̪#-Ŝ4Jo/DBy_Y`#fޣ jf%9 kTtrigZ^bbnYHB1sgГH?h@~yڿ8Y/h`MDnk/l5-ѐ:ɱ봀jтͱB˳1VZb^:rTmܿ>I 4W̞JSa["8RNZg d@T9aR\&$9z* P)g%ԒPJt=>&l WV !EM>a: džWhoQ,"ɣؙ/}ɉmpR]0KD B<}]ҽE>یDιU-:Hx;͙6𠨟v8Nm= 9gJC\0!`0\QGLayjӦ+r;|Ms~h9 eu0Ә&(Al_ߙB|i17Eq .lrѩH!FR[#1k/O59{%5P ڟtV5^ϙʫb>ރ>Y4Vk3$㢮'Vee FEN,[.[;l/Kʶqk{4/5%j5Cc-rA9Y <τNaM k)O_G\F%3^IRPX)&8#$\T3m< dVT?-Hg /P*)V\sY1{Yi.37½ ]B|k1Ӯ4w>!?S}{?#&4 %ü|!C{%DÝ"}D;`f#%$D巈n7N;FsV-im`yRЪu@Glx(@5wHڵkՠ;ZMMjWJ.LྡH@q]!F;a;}̈́1(E+פ>Z1[bE WĐM~s<6 tSsaW䟎U"%Z i1jF,ѤEuTz)6ȑbiRe܎D|x.rx.x.rx.. lf!J mb ]MwWA!uI^1b\V.s`x%gap:P>?H/hY3hH] 0}'gHw2 94FCc94Frx/rx__2X#BB,h(>/t0xfP q,P14fV%PFǗ:0]ݔXLj:w=qC{&M/և;PNKfrGD)I@eFRXF WJ5$/F|S܁ap|QTk-GjB ~I F#INhR׫v) x{\PJga.\ĵ7Kbm-0Ɋ\93gqןӁ:,.PȎ w؛ţqJQ-pc>ο^HT^X)fW X7yoJ[F7@b1'0\oXlS@r"˚>c:79,ĄGmpCݶ*ړEO3l؝,+=RX+#i ъJeZ'i<#ćc\*jʸQLfEk%[J^40n#ܻM3w3HQ]+\,4Ēc^QaFUUՙ_Ƅdg"VV.1".ѧL!pm%(0f͉ ʠ|PwJ0I J+d&IP,V80X$#_e'*߲y3;EXd8"[6{dI/N$PdXLk$gt< m'^ae8Þ"nX$r'M)vhn:A?(ٱեg6ӭݬ_Œü:}I|4>Se>/#펎:풮Վ~q]ԇ~3qs0:<" 2͹4*6ئ8!Fw$ n.dNn8rmlV.Y0M l$̋pjzuGx}WŖ[&L8Yx䝮O7J;_oo%= Ri Wՙ'NbJDj1lY$JDU &T&+zP6믉6qix{N SA%2/S7X-<@ `+N{Mk[h88 /6U.n)n*~R+%pN ܳ"d C=HFf "o G\|]7ܹ_= /+߲ӖѰ8ރܥ-aVcE:+NH3QEHv?Q%™5!Gf%?G`t_5OA\]G)|AT0ܣۡQ=6|-Į-*"_0˙>3(QΙܡQQ L$Z~* >%!V}v4]\S<0QՑ b9wN@ʲX.p¬E7Za;I%,qn^^D,jp0OYaYyʂ "> +V @;V Ј蔜-1R!D9U+Mu@]6˵ ~-˥Ǒͨ|̈6=W| $-&&)|>z'?s?gH:]{{-6&G?i,T TBѮ1o8ecGᎺ`7(= gdn~7x\D*YGNGc Fc.5:Rmwk] nV=iԳOk ^\h m"'YN>x 9wF0`r{FH-ފyF۳~~P7ŌEUlu%-ya]8 V74 PEy[IxF6d-"7фfKF¢B`ۗ6L6llI;?&m6DNHpU[zv\F#l61rIQ)!V"Nx4tAuo˓JߘsXS[Όқ߅Xx _JȤ@gZ A-6>+Y=ZH,zA 4Ƙ 7Oes]\557~65ryQ'~6UTG |(9~l,y&dȖ׸Vk2Sp}U[䅃Op+—F=7-Cs` BT.ʋs񾹀׻(oqf a'x=@hf93GL~pX' 4@We jݽrOLfg?"O)Vc% \8'ϝ У1"L5^M;;g*V$ĈXbNƔKsgG<1*Ub= Dr0ޘ"񹳉\2-gU-\xݲG<9!d@T@QE1SpR ۀގ.Z0m]m/7sw33QF$GtjGabnJ1\90eOqu9c|96DQ(S@'v 3`h17mp~RL-r{Dfa?K} KnKE ЉScP1ō«.eBdzv2W2NވՍMTYFuaXGj@UXN}dhQݸCg%D?zUidY|)] ;54ngwӳD#``jg½-,(^1kvSk0D u73M_"Vq\=bGw/0ʶs]ag?}jIPRt-B%͵*g,ʬx`fvcFHPmQrmm-qP}?q4@7ywϾDG@[aL]!1Z  !hd !DD7 y1`d$ M>ݸCo?Ɔ`&Oq2Jc "yjU|Pk&K)*s|YTfѻh\k8ϛiC儣J܂ppm/xQYqQ]/O$'xjHopmϢAlsIXkHL 0o4퀘}"mHHD4AR }Z@t1=_k(iu#]9#GP=hBlGhnUq>d6{>chRq#shǓFpo-hm..FuYF8Y@Jx .j=v+b% V0l4H;qCg<'!UaP XNҝ;"#"Jjz;]+KzeKs.U|He@Fl*}(][+ȼZlec0@>ӸD'jh'٪̾wNYr42+>2ڵJhadP&06~I,N`E00l4ȋ*yMw"ÉcuRBL^{(])64b3#zDa'h+~29'97šip2{xt]'_4!|6=dK>虤<5 @_ $kS'3РUjܪS`X8|avg9xPɩcSc'Ǝ'NS7NxoL1q'P>}T ϣCZe Fe9Kގ}nj!CPA}P.7+}52ʾ 04V25L$5K!^ە^P"94Ș! )@h֒Σj[Dǐ;#_$;H@]6ׇJDm?0Eqb5)/;W%GE,%70p(IQ =H$s9ԁG ~5uuM&wrF>M^ŃqɌ-: vnvvK&~u~ɡ=wV4V16#xщT_OenA Qj<5vmRzWgԎH:P:9&-W=|ָ\kTͺG{Y>HI6zފ}a 1q\ee:~w-9="XY+A^ѷ˜yқcCN$%{JָI@"-tKbbp|/ԁeLmzpMSNLuZ=)2artX/k\f| d*B%,n-YTae@rz;)Ź"^7;1Nͫ9A3- CXڸ$=.EٚU T;#zrWqbv2mKz%]N$=ွq4w=ל$bi4Di!Wҵٓ0 "$f26Du_C;b|ԿWCZO]y1 whGh][q]IyPXdFد6F DL#:4diS͋ܓpx?Δ#U;_k,~>;T(?`਋D дeA ,ye֦v;cCz~6[+ŗ5744ML(P6gc*3E#X'g;sʂ\}E'X,8hW;;a#;߬_=4$7me匼Pd(.)j%Z1t_,ꝩZޏBnڷ04Nk$]e EaN 9:ykrbŻ ^uŵѭ߅LZZ!n&f B֚M̮@Sͤ;<28 aiX ֻ7=88W >]Qc,.lu>wҹ EHQZ./)z0+~Aٸ H'5 \ l(jxA c6]TKaPcS꒒^HħGjVj)+H}[585PWI|rZ~7ԁJrz+N+6:5ʫ:Y4~0A'n>hd],W*i=le9]oV?+YlST( pOWJB^\/5Oo]?eYc3 VĠOP¨,/@k `~fg~6P}Vj.V p_jQMl¯hӈ+#G1\+'ڵzZ[(/+3zXm)5c֘u?תYѼ<خ;iO4