sssd-tools-2.9.0-3.el8 C>C  AHAAACCdpcU]A c$5~I[PIN>ramYb)Z镦 a(yӕ ؊ ŧy4V&Qm6О@: s[\/^~fZ s|IK+8͇x?M,"^:;*^N̤t)X+aہ^ڒm̯Ȩqj<25VCh(/6q3g']h(>P7$&I»C,*u9z}//5F>n^G$e?n6Rq\hWRͪ|L:I *k? -Fvp7IlĢxkCz4!b?2 "TY뇡Ʌ#S5Oň慳v<^/(MmnR }3b G&qUKN.o?D6dR[Ը%]@A ]b>ʒ08ba01e8802a370cb1b953a77d58811e74c2795d252386a61f78058add269b892df5079472d0718030c0970ae85f858d1f370c84a30302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500663064023005eda00f04243c5ec94f9834fd8c1d240aefbd563b1732df9f54efe2dd5f8b0cce689a3c363abcdfccf9f6554a14c46e02306bb64fb7f2d2aed9c71921d775cbfc91cd809a84a1df0370bf56b3e2e525d53b69afc6ec756c6c56563ce6c3c67b03520302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb50067306502305b0ab99f8128cdd245220b479a0ff0b74e61e265e68117ee9061ac83fc02723aff475f38adf3f77d359c04e28a6d7e67023100a9443e493572f15f79445a1275793e277863392e01dcb3e598438be57630146f0d84095c0d638d2363b6175819d523700302047c435bb50067306502305b0ab99f8128cdd245220b479a0ff0b74e61e265e68117ee9061ac83fc02723aff475f38adf3f77d359c04e28a6d7e67023100a9443e493572f15f79445a1275793e277863392e01dcb3e598438be57630146f0d84095c0d638d2363b6175819d523700302047c435bb5006630640230308ae5c9c2b04116494d5faf30be4a477889d3af600827824075e9ee375b252b46f3e381d8ca0be5ec7df7237bdf0e5c0230522d41a288e11512520a287645f594c84f665058a73bebd16086afbfcc32606ed6ec860ebfa455330a8e27558a338b970302047c435bb5006630640230308ae5c9c2b04116494d5faf30be4a477889d3af600827824075e9ee375b252b46f3e381d8ca0be5ec7df7237bdf0e5c0230522d41a288e11512520a287645f594c84f665058a73bebd16086afbfcc32606ed6ec860ebfa455330a8e27558a338b970302047c435bb50067306502310082a48220c7a2ce6081fe567a73d1decdf5ecc1b53b91f705fbd3982e6130e4c91467eeeb74a373d61c5ef363aec5aee1023058f3e890f46223b2a9562d65feb588eedaa8ce8689dfd467e12d967483e775fb7c233097930480c6fafba70f937877f80302047c435bb50067306502310082a48220c7a2ce6081fe567a73d1decdf5ecc1b53b91f705fbd3982e6130e4c91467eeeb74a373d61c5ef363aec5aee1023058f3e890f46223b2a9562d65feb588eedaa8ce8689dfd467e12d967483e775fb7c233097930480c6fafba70f937877f80302047c435bb50066306402307bcbf32940a0d0791d40e5cd88bc23ca920a95cd1f0254d9ad3bb4f0a1eb25340479fe9532cf5e667683ebef56e9c6570230099cbcac7f2542c096dac2f5e93fcf0b7d13ff25935ef9b2910df74af73b3bc0dca83994bc5261fd18c00b602383ed870302047c435bb50066306402307bcbf32940a0d0791d40e5cd88bc23ca920a95cd1f0254d9ad3bb4f0a1eb25340479fe9532cf5e667683ebef56e9c6570230099cbcac7f2542c096dac2f5e93fcf0b7d13ff25935ef9b2910df74af73b3bc0dca83994bc5261fd18c00b602383ed870302047c435bb500673065023100e6d6e0c6af8964fe4a62fae8c566c2d696f2e836dfa3ce3fa15e8ebb6ddab676ad56ab3ce60bb4d236cfa87c60bc4825023025fff1e03058b00751885056d1fc46af1f720fabfec85e8020b0dce7e660cb97e3ad9f9e79c0f59c5a17fcda6c09674f0302047c435bb500673065023100e6d6e0c6af8964fe4a62fae8c566c2d696f2e836dfa3ce3fa15e8ebb6ddab676ad56ab3ce60bb4d236cfa87c60bc4825023025fff1e03058b00751885056d1fc46af1f720fabfec85e8020b0dce7e660cb97e3ad9f9e79c0f59c5a17fcda6c09674f0302047c435bb50066306402306f7cc1c79360791cc6203f1dc306a8e49183a4a7fba20c50515c9615619b523781b960626a7154ec6b6192edde69da730230411fecebc7f399f090fedd7f5ca47fcd01b2eb1b1189e3bcdf33d3d71914af1cbe629eab32e487f26b841e644a3330630302047c435bb50066306402306f7cc1c79360791cc6203f1dc306a8e49183a4a7fba20c50515c9615619b523781b960626a7154ec6b6192edde69da730230411fecebc7f399f090fedd7f5ca47fcd01b2eb1b1189e3bcdf33d3d71914af1cbe629eab32e487f26b841e644a3330630302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500663064023005eda00f04243c5ec94f9834fd8c1d240aefbd563b1732df9f54efe2dd5f8b0cce689a3c363abcdfccf9f6554a14c46e02306bb64fb7f2d2aed9c71921d775cbfc91cd809a84a1df0370bf56b3e2e525d53b69afc6ec756c6c56563ce6c3c67b03520302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb50067306502305b0ab99f8128cdd245220b479a0ff0b74e61e265e68117ee9061ac83fc02723aff475f38adf3f77d359c04e28a6d7e67023100a9443e493572f15f79445a1275793e277863392e01dcb3e598438be57630146f0d84095c0d638d2363b6175819d523700302047c435bb50067306502305b0ab99f8128cdd245220b479a0ff0b74e61e265e68117ee9061ac83fc02723aff475f38adf3f77d359c04e28a6d7e67023100a9443e493572f15f79445a1275793e277863392e01dcb3e598438be57630146f0d84095c0d638d2363b6175819d523700302047c435bb500663064023030b0eb40233d27aa0cdf8a133bb5f367a9ecd207c78aede288c220ddc209cfda2229ad18c7557a9adbb66ef15ba7128602303b1ff4b67421260fab27ce45011a1a45fa16a6da150c3cdc56fa41d83ebbc63d6cc5b9d152cd1d5966af7efc0c5d661f0302047c435bb500663064023030b0eb40233d27aa0cdf8a133bb5f367a9ecd207c78aede288c220ddc209cfda2229ad18c7557a9adbb66ef15ba7128602303b1ff4b67421260fab27ce45011a1a45fa16a6da150c3cdc56fa41d83ebbc63d6cc5b9d152cd1d5966af7efc0c5d661f0302047c435bb500673065023035f259aef7aabf472244e9322548940a6d33fa34756fb155db22f1aba8cad33a8a5ed16e593e25e6cc507a6e65e46cd7023100c1b9f407c22c130265c94332bf9a6630f6c48f5fbe95f8bc3a40c94bdadb37f824a673fedaba615eeb70ec1be5ea3f5a0302047c435bb500683066023100d228d29793075094823c242158166bb74c52ecf587af2be7509f16512ed17eef576648c07fb37eacc2053b15e3a72905023100a3f4b4ce73cf6a90e69d1949b358f528c45b60d45140292f538ad3ea68b7ce58ffe9fa03f52c21bcb99b27c15e0759720302047c435bb500673065023044e5bc09be3cc54caef664bf05cdc037a8198549f8cf9f4ecda94aab9a433cff76c4e3a4656c379b2b9b194e781bade9023100cecb2d0dec521fd91cf441361d04ce9f49d08160bafe9b4b71c4bbc0c032ca174659d08af9a30389b5c4c2b93f332d910302047c435bb5006730650231009bc8a97f574cb030daa110804ba038db3f661c3d4d33f75d9edaca6dc92603dadaa2ababe14ed7abc56df24d4832c0e502302b2371cf9234e8efcd1633ba5bcb7f640df9f9980acd5dcb198ff2c85b70bde481ae32a1bd110845f861f59f5be6a3c70302047c435bb500673065023100d51668441f166dcc5ea8ddfff9f5ed882c7bb78ddce650e884f0bdbc289cbca32e0164aced6111ed19e5596f56d6bf1002303fa221bcf66fcc4e8eaf1d751fe8d3447d8076f47260cfa8287798c836978bdd3cdb27296f37309e4f72ed0576558f8c0302047c435bb5006730650230309442bb47b829388237e5654af18582330121a57983472912f7a30eaff98a3663f179a4083a54b19e48ca04830f49b6023100ec0f18b158297aface4ba2f3581aea3d917537ee7309f56c83fbdd8d988b456383dd4c0f835dd8d05ed9fc4e0680cb2b0302047c435bb500663064023023c6c9ba1cab963454b875b755487b8d1601ac90a658edb9cbda9329916a753deaec7a2b733eb37b6a063577cc93d4400230497f9e4c5d527b3d0b4b04bfcee7681c5990b201616201846b2b19abe1cf8f9f2736f38a38aeb0042cf5184ac688d0550302047c435bb500673065023100cc5f78ad41638c6d09bc2d83ac3b5698828de10566daec8803109cd9bf2626ffec07853b3f19364b0907cab1702994170230221fdd8cc2d763e58c28c46d4e0eb97ef3dad8ad0c165e813b5f8203762e2c41996079acc434a84be74ee675e52c8c1e0302047c435bb500673065023035b053a4dbf29ace6684ec02fcea8742bd70c70b3a13c632a165a7b91ba5118e828d91ce15f22b76d8aa1a17ad30f2be02310097a8a2a376c45da879a462a84387a03c4af1bcac49525b11fd2dae895accbf8b16f545869d67c547c13cff17a7c5832e0302047c435bb500683066023100e0bae6492fd29186e04ccfb08cf3688c3413a0dbb5428ccdf3276222e3798df37f62abc0013a8eee024e04fbbc1d6420023100cf9fc306c078eeba2b49454c6e4300b9d278110baff10d98fc80d9650fe48d741cf2a5675c7833570d365d90de17a5640302047c435bb500683066023100e461ee67dbf6f1d0357d3136403c6bd85f60c49e30ee12227fd2a6fe25a302622ffbb88068b78a87d623414a71437155023100c445a7d74143288cf46c9b29ace526b09d0fd9064dd2451b88ab54c79133c08c50fe0a207b17bdafeda0aa895ce925a20302047c435bb500663064023039ba936e7f76881617e40daf9136b339685924bd7f483b9a91512b78d3254bd76b9cf5a071d60fccd4d8abfbc5c3dcd702303d2a9b0df158b77648ca002c5d529b8d2a6e141f137161ec54c9f6028d622f2902426502ca1d7ff233d08c865389e1c70302047c435bb500673065023100a14987c9294400d7da46a0685bd1d13a6861a331d80c6404c91770176c1cb8af5cb86581d41737ff48cab5367cd8b1b2023024bec0369ea59f406c569a751ad7ec11acfbb0fff397253757ac050b5d013c01f5e2f33f0b1335d06630affe74035a0d0302047c435bb500683066023100f5043a01aa5862c2f7f85abef3b4dc90d94693f71673e88cfff435d1a5b951d23d090d56ae0b9212e20153ab1f1a9e9e023100ed597ab22e9d8deb558a4a04c049cfabc44d0b6feec1c72c7f5e63bcde05b0b5e8ab15e722d798e9fee9d4fd272ab54a0302047c435bb50067306502306db7a8056f382a1752d327d41697de1cbe504b483379bb32cea6dbd627ceb59d0ca86526bc1e8e7f96e2be3637f96d0b023100f281c07a369795c8a8e7b819939168a5587e040ecf31c2c4a0f565edca21daa780a9970f5549dfd1fa27509aab0b9ffa0302047c435bb5006830660231009b4d49726c17f22e5aa9c3c194bdf0faa0e762bd2aa9ae0b449a48dde516126a198858af91b073ee97aa1fff1fce72b0023100e5847c61bf40cf3da3aa39d535fa4f5a3ff02a01e7787647991627091afc50d30a94640039c824b154779e94edb3c29e0302047c435bb50066306402304088ae1a0f23028da1971631b519ff340e8d7af72e892fdbc38efae0ba405a5676209f2d6a0fb6c5ddef1ae90714fb4102307b6dee4b6fbb2d19a82ac57ce11293ec83bcf9f2cd22821de53a1d3dc42f94a82fa6b6fdac07cdd8894a433552dabcff0302047c435bb500673065023100b98d77a80ad36e9012f9c1c0a5252044878d91f0c805c2c9bedae0225ae5c0df4e6e88d8b86f8a5e836585caba0951e50230409f89e763bfd8dc784db8e02da542c2141d6c8befcb65b1ef0814f6e1a9f5226e3a0c99d39b00124245ce98091413300302047c435bb50066306402302ef8d6991029ecc0c5aebf3a37749af41bf244bc3feab0c4ccad6baad202ca1ea73224fd1a3ea387cbd4e5561ea757f202300f6533e80f044ca78b65e653c9366091148de0fe43d44b0d58fb9a7e453ad7766a1e3d89625eddc9ab30f4b550e947520302047c435bb5006730650231008bc8c23eeda7e20daab59f898c5270420cf3452f96d991151d2bba812fb03c62032206960b6e5dbb95841f67cd6ed366023051ab4e6b842f8807f2f3075f273b3044e7e5b65020c2d23176575134ecf5d3866483fbfeb92d51a8eb727e2d7a2831ba0302047c435bb500673065023020087075bfb4dace9982737e3b24dba457ad2b362f369eb8032b9427f116b2b71e0faf8a3928d66da3cbed1831ac0a010231009c43c839f52b834c993596b0c5eefa7e8cd7083f7a010ff5174aa4a506671f22fbd3f70d83fb44cc2be1916fccecd3100302047c435bb500673065023100b2a07f768f834abe55c0c166345f9b3a664b74e1f1fcbc3d658616c5507d5aa3f7551d611e960defeba72628d94f442902300f4afb72d5e1ea3af6bb2a4ce060c0756c6a030a6058d425f4acac2334a0237e9c0a61710b3d8a801ddaeb86ad9ec8220302047c435bb500683066023100d7f4f4db361cbf22536a44feac1b54bc257b5c96d25ad3ccc017ff1922448c2e30cbf2be5b9b103ad5b0bf153b92d42f023100aed678d44b572ef3b88204634673de62e8d9fea2436f653c49d9ec379e5d89f72afa3fb5bfe83be81aff67f8163235670302047c435bb500683066023100d3b6d16559398b47ff7b6e662da484c7ba865b6dce37c7a004cbf6a1a6ea5aabe7ce46448a6b88cee2356027fa28d49f02310084abf72fd9c452f2723c0e73b4d6623ff5318adb81990bfd1c6439b2d752b9cc462807c5fbb6936a12e412d9259c03670302047c435bb500683066023100ea1a2a5b560d78fa1f1c07b11ed2b739bb1b3c6430aeefe53cb57f709053ce5ff7ff62b6a2f65f2e5cc3b2e57b9a6801023100fc2b01415f510606e1ebc343596b1ad8eed0cf9f329f7a5ef0691d248f43ceb3f0f901220e597a8e2c5cbe4b5d21b9cc0302047c435bb500673065023100acef07a6fdd9960745e9e7d7fe24085c9e1939e2d2a4ddd3bc10b85c65b9230c2b74044861e1b261a2ae8f15704522ae02300f0d63d77347375bebc829f0b3cac523ea488ab5b91ffe3f48aedf6c5c05a9b82576403eca62b19b1aa81c7035376dbf0302047c435bb50066306402300c58d86fda720515774f5bb908bc97a8dbc155ce4ecd955fcdd4a0fb9fdf5788c5fd7c94180b0ba515649041e472160102306fb858f90ba51e0badc756854027075ea049af35dd299c6f28fb249a1d7106c1044ac28601dedbf030ca806e2764fcee0302047c435bb500683066023100a964aad5af03e607fda919cb23c8493bd9a90a4e3dc54a3d2fe1149472c4399c568e7b3a90e7158d78791fc211820e4102310087d80215621e2290aa17ed72e0412d1b7137526d6ca6575d500cd6d0c76d38e95330f2de5b34434867dd5a9e946f65ca0302047c435bb500663064023065ad10d50dc33efed89ddf2530275321daa1ec8404cf579ff9079373e29cd4e57cfd1e1def3c3610aa32217f69deeb3e02306a0f64097210d1b4d068cbc26351e8381d8cc082e8dff4f4f92a888c019d974f84d63ad8065f5b76c73fe63629639c2e0302047c435bb500663064023045d0c7a8e36b887ff0cc4b949dfbb13cdbe7af52ddb32e9b67019e190552dd65e57506315b41a4aff1e954f53d41fc19023077dff3f09acc21d0868c6e89cc8ddbb8b303ccbc2c302c1690bf0f930ddfc3846f573af1cbf8929e293dfd20256c8c9a0302047c435bb5006730650230075e81173ba7e25d749d636e897dd0b73457bbd2cde54fa5366e7c86a92ab3f0502b0077bfae862acb4e3b1cba1e0019023100d7c02781315640a372ed9c4b1f5336c0f80b3858976ee16f6533b2ad0eae89e0c99755352e7ff2d091fd1e71397d56240302047c435bb500673065023100d556a12c666334567eaa563eef5f04f3fdc0154e782abda937c4971bbc38f6c6aecf6abafb953ec0d4a4c19adcf5aec60230504cf5904a569aabb1dd4465d05550e4ea8328735e909e3311fc7dd31bd170646981a73d45aa5f7206837f19559b66d00302047c435bb5006630640230715f01d983c631f0a5f9d7cd9e4f5c1011900870566ac6adb260eb42c4b3a188aff88d98cfa132a4cb1e4f6f106931cd023000c28418a831bca867270ebe938cd134a219a220984f39f02bfb62eec0d974a51782a3438373d66da16cdcce8c099ff60302047c435bb50067306502300b93f5021255710b646b90da05e4619ad9bce42abfc430ad346d2c58d8f28fa5428e4a64f4e32920573321570c965222023100bdc1756239457cf3831cbbdb9fcc7d2e7a13a93c295f3a2d166d84a93102a7dd4ca48a6ea513f358e7d737ba1add7bda0302047c435bb500663064023014032ea8ac8440840a960a7958bfea521a6f939c73f36dd95521064896a587ea61bc69c02da29d4849dfa66986ed643c0230350a551d8060a3f9912b3a53d5c2fca01569219cb014153df073c4ebbbc6e9044215285238b06dd6a5946b273d4a11660302047c435bb5006630640230456e1976a99f3a077505d81397f06070675699f233cea4352784c208bde5b9d339f9d616a8de1fe436131152bc58d718023022c604124dc8a478c66b4fc25c720abd05ca3520c55f86c2aa749d6402e630d4592fc3660ea3cf140846fadc6ce268930302047c435bb50067306502305fc8ba9db84724ab98a9f87ab477edbd3bd39235963da9ea0d5762592a5d4e9d6caa0b330ca7b95edbdcde121431cf67023100d32e76b1885ccde09169109ce9e1292e245d71c827afd37e127bc0e2c51dbf08970482f69f6608da152b6a80b08eee260302047c435bb500673065023062cf09e1d689175522fe17453fcd93367024f5720d1c94050bdef3bbe04b0b7812d593d5046b518c8702d148ba4d8dfc02310092581eecc2a6d37e9e56456dc640fdc6074c234b76fd4234d26a34b3f51a5d9d2c958f482f77c2dbd6e6b467ff14633b0302047c435bb5006830660231009dda199ef3753fb15502f9b16cb5c45df032c4de38ac5866316c8f743a4e1724eb33bc7cbab5169afc3e76f8acfa9d270231008074d6eb137476f872be83249d92952850b647620bb626f5d74eaf9c93007eba2712bd298d089b5504c232aa471c38fd0302047c435bb500673065023100f26f2bca508d5d0049b3b006777bd537079d25ea02a2789519af0276f387f3131fb5199566a33587b4f05e5b742547190230655d0197fa48c6bb4b50c5c11b4acbdfdc6934ce95e01a2f61fceabcc7c333b688f05324d7191b89d49daa26487422e00302047c435bb500673065023100c392fe9e88b31dbb306e44b14230b3320ea291c4767076d34b003dda28fa7eab6170b03f9b1997094f1977d433af6d6a023006d977eac195bd26ad2a2097a0c6f9a772e5e92b786e6d399148e435edf6bbafdf55511fdecdec3cd4d667ca6c87e1300302047c435bb5006730650230154cb2ec3b4af85f0586dca739c2a4bc3315ca7de5754fdf85ee9be9feccc3a7cdda15f7c878b440c829acf5d2dee6db023100e359a268ede8a848f1617cad96ced3c3da0852b5776d3f74d383a490b304d679f4909cb7a6ec6c0a268f821782a066910302047c435bb500683066023100dec7e9546422b9f18b30f0940024c900437867bfcf1d275ba03d885bb756f9f6e7ef944abdf0d148bccb8eb623fc4b48023100fdc33213f1260ca9684d133b8aa8dcc356523ed3eeabbd75828e3b2f59d3770ed3b426c777249b5dcfaf8b8482f0b4928dpcU]1Hf)V8EJyj12gI5#h0IC[yuPCeBe3bUK ŘhAb|!}g`׼E i]Y}g8B|g̑cЊu3ZdNR- XL\WGytZ7b=Zz|NppCŲ4f*?p7.6viو2$@b}!% i?[Saa"ʐRdd2TxK,(!ypFze-JQ%NhȎ_Mi5WEiל1?ykZs%iiaz]LqK~&zˎcmj.:NSmκ`*>cE:Wj? z[{%@sC{4eV ЮD{j+>Y8}D[ $,? AUku@|%~v uC|hfq0D cW$Uf |ރUW &oT-SOU(p>`??d   ?X\ H H H ,H LH H 8HXHH(DHd:l:!7:(!8!9(x:zfG$HHDHIdHXY\H]H^EbdefltHu8HvXw Hx,HyLLPZ\`fCsssd-tools2.9.03.el8Userspace tools for use with the SSSDProvides several administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP password * sssctl -- an sssd status and control utilitydo3ppc64le-03.stream.rdu2.redhat.comBICentOSCentOSGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxppc64le!qq R R // [ [qq!!*x 1 TxxKx#[Fr6 GM o .`! AAAAA큤A큤A큤A큤A큤do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3dTdo3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3do3e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855f7c9a2c91f28a6c44cac4861e6986c92c9d56b7e68264b61d005bb697858c652f7c9a2c91f28a6c44cac4861e6986c92c9d56b7e68264b61d005bb697858c65233cc629a6cc3e5a30e2a513a227b1f09bbf45e6824d3a35e46c4e8bdbf76990433cc629a6cc3e5a30e2a513a227b1f09bbf45e6824d3a35e46c4e8bdbf76990425ed89a053445a6131c298f642d73d8c454bdc31d27559e5f8f4bfb1305691f725ed89a053445a6131c298f642d73d8c454bdc31d27559e5f8f4bfb1305691f79239706c5c89437a0c3c6a876c469eecd9051cb68ed78c348a4e2d560816361b9239706c5c89437a0c3c6a876c469eecd9051cb68ed78c348a4e2d560816361ba3d5be41114261a2370e6c8a58561901ec1e11b40fbd1db6541359374804f51ea3d5be41114261a2370e6c8a58561901ec1e11b40fbd1db6541359374804f51e9c2c10bff9e440459acfecf022d605d9996efd63b2e48a84796ba30c7f3a44b49c2c10bff9e440459acfecf022d605d9996efd63b2e48a84796ba30c7f3a44b4e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855f7c9a2c91f28a6c44cac4861e6986c92c9d56b7e68264b61d005bb697858c652f7c9a2c91f28a6c44cac4861e6986c92c9d56b7e68264b61d005bb697858c652ecf6f3e848fd0810e9f1389b0179dace21f5bf75ffcf7a350c5d87edcaa55e10ecf6f3e848fd0810e9f1389b0179dace21f5bf75ffcf7a350c5d87edcaa55e10d1527388b4619d2ebc0752c41a9c645235fb3c58b5eb3e82b4c1f751c36ff3fd8bbf3f6402f93ebd7673626798f8bfb9263532407907cb8f3d2bcc86bbba34a78170cd384dc74518bc7318764855a7a30e67ee8c7e11d5d21fc49f762105e67ed82122c936ec008f153b2f9fb52e2e491296fff87eea33f7538a1e561652b279c2213728d475326b657d1479e9bf46dae662c192eb6bb98917cf92cd0073588ee53c3f06b33c90ebc6539c459ec8a21fd0dc92bdbffa1544e7c37c8daaf53ae6320fa35fbc4badcc77d42d6487887dd9200191ea438f9835be7aad014bb2ea969c816bdbb3d6e375a19c3e64afc9ff0efe82bab45c37d24282d76ec0d052d60c328e635bedea0a04ca0cdbd14cf68ca2b34a0c96b603f2e9b1bb732ffd4deb5be29e65288bca49eb522a1ce0417f36a0d75caf83d741967ae470b85715b6067f5bbb3a8d14f3e7a96e539fa50f80423deaab3ab0d876bc9d3d3b16576288993261fbe6a8ab1f915f361ca53c0a403e73be34e61ace9eea449e43c44a8a0d5c978ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9033a90562ad30d415f072d7a0704e5fcb07a54204f8e4d263068d91c43850f7f2ed8e36c1a6271d38ffd67bd42ffeaefef93866f17d57f7e91782cf3cb0eb03baeae8017b929ab1985ae8caf35bbced0073a0af6e1d6b0f78724e46a4d9627a32dd274ba339f628442a310a56154c917deea5b64e2a886327f2c141075e2f1c3dc505a876493042b63d2eeffce24750ab47119607735bab38507b5edcf5fba7271a9d3c7173fb0a3858bc80bf7e8e841a3b3506152f0db25a70435958c56c9c859cb1c448e707e9d62fff17558ab8999eac227f934285eb6d0e4222377042a799a59543b5b1df9a7106006ed0330e0da18dfc9915030da51ee5a79499582a4e511f96f75e2dcec4f325a21c08d11f23cd79fe2968fea09c492ebeff93e3336a33b58f3fd9bceef4bee9bf43a361dd70f4440d971765c984f5d17f3dcd20bde744b85ccbdc6aa8471a26f50cbb39f9e5f168d01fe1011524b0c28de9982e9b98b3f4c3aaecd315d9a40bdcd420946f9bc9ee04fd6560a2fe38cc92bc413a03a38345c5a2760aa60eda71665830698f902999779cee91aa8d474ad8180c862400b83026265ecbed4e1308bbedeef743ec6acb3b0be46aeaaaabe31bbbe702cb52013d8a82db2b12180bf38d1fae016eb6bb8729a4a8d52c18603a32274afceb8ec683e489cdfce3519cb6f708c366e9e34277018a5ad407d14543ece956bdaf2fe42880b0481a662d7039a835cb2177bfbdb046a76adb6aff7b90e99e7f5023e2872cf1a370c6279a58e7f5104e1f6bd42ee4278adfb14635b8eaed870a8e5d868c0a005d24c9a0c52dc0a2e3883b7fc595dba68f199aa3fa6a789bdeffb9374c6e50f6d7938c18db1c43fe3663894651ae6d5161730e5cea7b3d1a7806a4fe10b0c094b979293694f110c008204f5ad090d7de30a4fbd9d003ec7c395b892fe41d02b36461405860b99c7e48fe526494ac31831ac9cc6f1a95b5adc5c29e99c95ba00abf2d9b29ea3f91caaf9cf4277ac13a8294013e849d5d163237b4d530ef1e6e7a6b216514efd8697c54517a6dfac7342ff8dae09ea7442e2138e6f5c9d1e12372813488da321829a12c8bb6be8b47a0969e787b4bef368ebbec391381eb420dfa59545c4486c6af56dd632147591f30561a43fc07f6eb640563880e478de374c476621b1e60e13347e88be9d315b2bd0e0083d79dea958d632336001aa58c9d773718ef9b5731d0130c8dfc73ab80cc8d2f5fe3b4ce3ab89d6f4682c7f8721090fa9b7172b8a92079c1db982f83e107e1a4b604eb997bbc23981d34d83d977../../../../usr/sbin/sss_seed../../../../usr/sbin/sss_override../../../../usr/sbin/sssctlrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.0-3.el8.src.rpmsssd-toolssssd-tools(ppc-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@     @/bin/sh/usr/libexec/platform-pythonlibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.27)(64bit)libcollection.so.4()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.17)(64bit)libifp_iface_sync.so()(64bit)libini_config.so.5()(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)libpam_misc.so.0()(64bit)libpam_misc.so.0(LIBPAM_MISC_1.0)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)libref_array.so.1(REF_ARRAY_0.1.1)(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_certmaplibsss_certmap.so.0()(64bit)libsss_certmap.so.0(SSS_CERTMAP_0.0)(64bit)libsss_certmap.so.0(SSS_CERTMAP_0.1)(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_iface.so()(64bit)libsss_iface_sync.so()(64bit)libsss_sbus.so()(64bit)libsss_sbus_sync.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libunistring.so.2()(64bit)python(abi)python3-ssspython3-sssdconfigpython3-systemdrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PartialHardlinkSets)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-common2.9.0-3.el83.62.9.0-3.el82.9.0-3.el83.0.4-14.6.0-14.0.4-14.0-15.2-12.9.0-3.el84.14.3doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHcacadedeesesfrfrjarururururusvsvsvsvsvukukukukuk2.9.0-3.el82.9.0-3.el8  .build-id66f844d6e228b5230d99aeaef749833ce02c3d6f7a499c41c2e468acf862656655f27ffc1fd0f72ef81d0b67f650e6ac4bbbcfc4cfcabe7691dab638sssd__init__.py__pycache____init__.cpython-36.opt-1.pyc__init__.cpython-36.pycparser.cpython-36.opt-1.pycparser.cpython-36.pycsource_files.cpython-36.opt-1.pycsource_files.cpython-36.pycsource_journald.cpython-36.opt-1.pycsource_journald.cpython-36.pycsource_reader.cpython-36.opt-1.pycsource_reader.cpython-36.pycsss_analyze.cpython-36.opt-1.pycsss_analyze.cpython-36.pycmodules__init__.py__pycache____init__.cpython-36.opt-1.pyc__init__.cpython-36.pycrequest.cpython-36.opt-1.pycrequest.cpython-36.pycrequest.pyparser.pysource_files.pysource_journald.pysource_reader.pysss_analyze.pysss_analyzesss_debuglevelsss_obfuscatesss_overridesss_seedsssctlsssd-toolsCOPYINGsss_obfuscate.8.gzsss_seed.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_obfuscate.8.gzsss_debuglevel.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsssctl.8.gzsss_debuglevel.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsssctl.8.gzsss_debuglevel.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsssctl.8.gzsss_debuglevel.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsssctl.8.gz/usr/lib//usr/lib/.build-id//usr/lib/.build-id/66//usr/lib/.build-id/7a//usr/lib/.build-id/f8//usr/lib/python3.6/site-packages//usr/lib/python3.6/site-packages/sssd//usr/lib/python3.6/site-packages/sssd/__pycache__//usr/lib/python3.6/site-packages/sssd/modules//usr/lib/python3.6/site-packages/sssd/modules/__pycache__//usr/libexec/sssd//usr/sbin//usr/share/licenses//usr/share/licenses/sssd-tools//usr/share/man/ca/man8//usr/share/man/de/man8//usr/share/man/es/man8//usr/share/man/fr/man8//usr/share/man/ja/man8//usr/share/man/man8//usr/share/man/ru/man8//usr/share/man/sv/man8//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mcpu=power8 -mtune=power8 -funwind-tables -fstack-clash-protectioncpioxz2ppc64le-redhat-linux-gnu directoryemptypython 3.6 byte-compiledPython script, ASCII text executablePOSIX shell script, ASCII text executableELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=7a499c41c2e468acf862656655f27ffc1fd0f72e, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=66f844d6e228b5230d99aeaef749833ce02c3d6f, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=f81d0b67f650e6ac4bbbcfc4cfcabe7691dab638, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix) 7S-R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/R/RRRRRR+RR(RRRRRR,R.RRRRRRR"R!RR#R-R*R R)RR7RRR+RR(RRRRRR,R.RRRRRRR"R!RR#R-R*R R)RR7RRR R RR RRRR+RRR(RRRRR,RRRRRRR"R!R#R)RRR RRR R$R&R%R R-R'R.R*RRR7sssd-dbusutf-88e0ca3868be1fc281272d84a87e88162b497cbbba0a698111da54e6f5d9a851a?7zXZ !#,䞺] b2u jӫ`(y/+ St֒ ;iwqdp򡏛`~6VNJw14ayɁZc=LETƵ]]yx tXgr2ű^KÊmo"% tkŲ {jsSR^/9C2') r!9MDL ł#;*t;]9]!0:iٮ Eyo\qԘ/$=G!,-ĕdp劵>g.ٷa$\[Ν$7lVoqH#"g~4hyu薘; fY-;@O)Z  v]v#!ҫ6A' /͞E#|YOwԪ7 s!Zݠ }7y1<ɣifsIv1W>OܩrK0?M?ًE7ki9ȹ3v^簷f^I3^o7fܻe'B@UL3PZ#@69r2@O\6%;14 0m274>_N,.s)Wu˽(*N_`7HLZRULsLʉ\4&h*= q2c|R]@A{Η8L`NfY{a~SNf%${{N!5MYW2lg?Fbi^1ޓ=w#U8ڏY"d59,n?VdAzLV:q70Սewš7zT`GT'VNr{ 'BLG(8vٺbSMT\ [/#H{a8 8.='1C 3,#1zp-7l‘2}CWu/ʢ<2oS=!NNa4-%IR8+upeP?ITWc5+XqCf^7{1`Ax3uO-wŐA2ˤSg~mV0z|mV )Ǜ7]~GqrVCT'OH?ܽ%Fαۖg&`?LHjSis;W`)\MZ|KUzȼmՉ O^0(Vy&a&.>X=v`XW55`^3oJ:~˕+j" 7q7 z~ >״)S TȁeA] 7Վ Ra4. Ἴqƪs=yjђN;P[m~ &hZz@cQ$ō~oBVQMǡ0@}̖y\2 }qJPyX`l]a-@)7mUIT#cEs1ixU5Do7f vs $Ui#-foTdeCGE*wQڳ #4V@-R'f[ؽƙ|x,>KlIo/:F˰)?aMYy VCζ@缴[)I'-!GB*,*f.RJjM^b.24Jz#hF.F,$ K_>o3ӿٲ͔Ŧ >K9fSI{@köYk`i"VKE::N` fuĭs yOW==> &˵hke4?JM|nmqK<|QlD#D%y:@/S3S s7go6KX\Vܪv|r//w9{>Z{pOVJ7LON_EGn*b -IsLUmJBF8B܎, cPT1Q^EԼ`DKP<֯t 5:@X)T 0 8XךM/@ym>&*_-׏Ƿ|?@|a7.}U1BauC@fXCI)lc$tw%I ƹ=yMg<L_wi9i3qAWo/8.i|CY,P+=H`:i=ne-s$!v%8Xؚ?AxHVdݒï{*V|Oc M^eVnѪ0V'D`t]]* ڔmTdrH\.NTCbP 8o:-֥Ss6yNqWj&W' ᮉ;l$韸&wnzp_Z+T' z+#u *&kDŽ.#"k*u1i&#գhb%nz(Q:|b)>v'8@;߫Mj>E3U:5!Σp ^ qte;ND"s;;ړFURcj6>HR sF]+ }P#di@7kZMkŰ"Nmϲ;WOFA|Ph =Gb̬u9,`40O$)y:|%Ҁ[Sۖo^7EQu--iܳOJrfb`Ư{ۯu)u,7`#"64E}e">Q#9H'߲|u| e70H{L_F0 Xƨvl)׸ VIfNB7r@cfcX~),˱5zuLCjaK_i/lV#MD`@E8,hu&ywk} ZBr]7lr#PSĴB!q2ߖ(i +[sQ&]<:J'Xz!&$6ru #>#2d~%ƉdqDhۍm[o͏w΂ n-.J ouR-[?K`H%OYy 'к(1;$݆/毉 xmS>r-;(.Ll܅&-(X`kE}) BsWض6: p!5_8{ˇ(2WomhP%rlࢮ"G厸W6HJ>OYm{'+qiAAw#hN\Ua1@rXo֑/WTh, C2 e/,N7|טJiTG1q VVkl~qH請A5~cY!re c< {_u"Y}~# JeZtd2/ژXxbj,E a_῁C .i#OR1Lpm<7B wAx%~uߨ!4+ct0-BkDB"4ݽY΢6H* X. 25ol,)4VЭg: ՏYY7,B1sv5KP$-;_IʄaQUr7zDk<P?! ;F!W-JZUBu:KI<*nd@%Ǽnذ5{f(yjr %poPY{3$׻]WČOi0NA%T!|f.%1WzIX}BK=nͪ:a3&qn/z2I5 έZt$']*'lǛ[5s`=ZG"'Q7ԕ[|O&Qd0LEj5* U=ZTj9_ Hb28O4>9(]{%c_Vm'֘PAe] ay땸lf l"nTu4<l% FՄi)RLUO}썱U[e&|XVW@~!Ҳ15YjExOZ)W(@ẩҋJO)~̓Q섻P~#הȃu350 咎,? 79r~]ŇWOB]&g܇O2*jwJ&^. Ѕ<fIX5s c8(]'L/c>1抁C~ɚS,T0$-dJPG r%9,Hs X\ Jmդ!yvSv`u[A'jgS(/!9=o^,<5CP?_#p&)t\[(Qf2@660j֯|%T' c P}Z0]qڙFN,=46"@ A[0K٢JŁs(d$$b:;ь( T^*q)*o)t yFY7EtٍLC]O,UJV(3dh;GTMV#!!Zk @#Ƃkݢ,k H$m)#}IR{Wshj{k֝e*\!t9,/6dכWҎZ,ь8MSܑyrj^Y+>f5^^ Kyh|&]@80_;] єIA Xr&s*)}h:l<1DZQ _jZn{~i`ZZޓ, 32mLZnjڂfYն2 [yƒ7gU])Hp*vPJ[iŬ9Xkr(4MC^-r'M N{zbJ?^vǽޅS O45\fNBA\OLl0zX?-C|-2K urAW ^xb ٲDy9TmӳEw6_7|p"vH, ߩi ih79Zn-,؄5H󾕮ھQEH' ܘ cBLe-;şaNm&HjUi;@^ +8:فXB8Z/9 5 RKfvO2Lj氇25Dy_1[_pUsw0C \?Վ}4@j6g - 'Q8/ZwC)BZZ_fuvJ3egwaF3"+-M|Ctgd .VqN?B݌6=ۂ ]Ztj)ka=aB4΄O@@6$bgt-K;nnS{z,a 8aƚ$U ;>=yŠ~=gQ!SMەlZtWsUNȡKGM#ycUOl?x9 Z~S--.2c琢"=tGdL؀~ o:EmX1i\Be) ".!_s]Wŗ\:U%vۿ~3~PBĜ/IXYle=xЅF<\QH#JJaݘPGS벘u 8ƽe ױ5A ,HPe‡*Q깩L K?i8&/$`;Pțg0'Pvj&lW[&GQ(~.#ΣB 81Gǟ.Q4N5g}I2b2mDDdw($ǁיfIl+sޝ`y xm&?OH|`\L.c/[10n -1.BT\F)4UQC Ted9=]I`~* ^!g/|P_,jo-0k.QLzwq5&Z2e帹aJֽsQnվώBYgYHm(=z^zNYkV#w@ A7Hj,GfVu48o=:E ˩EjB! i/Dz0¶g#$g!V5Iss-Ac78a+Y/I 'J^Zu)~Vg>hԝq S A ډ\2 o@ޥI;*JA縐{QLӷYPېx\D"/X.tsu㷈adIz^0˼H=A6f81pQQ|[m>O`&iBy &Xx׃8(c it(n MSN6AuIqĿhK 9+:7=2hK}O+4q \2K+v&8)ʣTqmgjLݨmXGS6 ȧ%t́@{lz!ɀw#oK6#Ss HcO?G $COw~mnؑBqm䖧.]G! p4o8ؖO_7p=^H ܖ1q7,jÀnM{ٮOc^Jrs3XLytcUG w;ZYb7p;AZ/QxXTmPn_"`ܿuJ 0SIJi־ݶԧׁL(5|eoMb~&.> R{xe8 KoE hk6N#U$@9Ar |} c7Ve_gbEv'$L9LS}=ˌd- " 8Y2Ypݳ9d!h.+IA^hL\}>'o4\j#ZU*O3j Y琁T]"bYK=bv ۛu?;RMXai COIIhv0V$bV֍\$er4=t4~\KR ydN۽ۖbA.۵%KK}dM}݉yc(zH`da[Jt%Ƨ5Lo,3*:q`+m|# 1C)kn\yD4Mb >t丰ӾgGƮJ5YUN2йTSK "}W#S sPCH8 ymzo~9B,w<l+M՝^0Q/7fv N-N$CW!0ΫLu豔,YW̭T)'{ NWVfYZN5#p%8'&mZUڂz٦”z i6_nf^.kLQe8mjt:Bꖀ _ytn&i:GwN3b:3=V*ڍG(iRiHتԺhH4Bu#H?R^(F~΃%&7l/'rAZlSg?!̪vhs"HB><816lA;D։K1Za?mC4ќZ[X4B;_ne ku$Eр,#t݄7n:qr#}e+Q H[n ef e`RhBD5ۡ["X^b(fc/|s<W,cm24bY#ȷ_MS !;Ӊ{8L㎶)~vI:(P#E V*1\ŏuQ֭[=S*~TV*efAwҨ]I3ͻ*P*R ' YrU K3 lG:u3c/Y*!4?B'|bhm`l?a nTLr%]ݎ=5Nw-iR=ڊjXY}y% 71ur[P-f[S0o(o^~iن4Q x1} |y쓍ՏԵwtt~|4 G\Zkv3dFk:-&3'O! TÄ]tb#}/|~dj >m-}3˙o ɃFXNM7kR݉Z* 5Nn-%|_FIIښEw*4eJюl;%JEq:U$v(DBu32 `$̉r3:tG'--FRp(ȓ] sg!>Pbq(-QT6~7y c/; ?vj_GcTSqbg*hؿBWEg1$RQ0[=M'̕{ #3-|Q`D,^%ϓNٛXt:p.Ic!d*Ϯ!obP0z-- e(u5HtcȯUY Ps;ј}.RfOդTpSA33yH/;~V@7gѯ(T'R;a`erڱ~R\oV TޥbsP3§GlG_ಁo:GI]1qu&K |a5֕ 2.sqQ>9H+ Nf,4Q8t@*&~-mt%/;ISe~Os~&Խz8LVX{xcq%k 42ʈ'k^o#FaO)hcG~3V7a,*уfj/Wqɛ4D@PEL܂V[jhN,bm8 0I+'.Yú6s kP)Z ;FKs.Qwo034UGۍF8S~ A#$}[Do#zyj;׶03p[^O yQE1J, Wji8ʋ0|*=<K3UgΆ);P'Ed]o,^W6` PfKW ¬<  % M5uJZyf<ݎ^)9pN*6&Wzi+"cOWo}_*Mˏ_<F '0ʰ3QUc2a&6=(I#uNYhvc6Z ʓYƝS F- 3/H%\uw&L:Myo7[ P;+e76 QLǝiB'U7`: -; ݫz-sw|\* u՛ïҝH+a.~3CW%s}ftEw([kMx ÐlgwExTD5ge6%`OgQ ֒x#I|6ߦ4sXy,>gאjA!'Z5;[D{a-> ~Q []D+do @ÄN_!OkΣ=龺/w@njk+zP~tfzwRqH2=tsB Һ.D*3BM]ngAb-PaGG" ` ΊG5;JŹ! ԛ‡s.HG~7"xf>xC RŷsMc$B-Ȝ8 +_\WtkoXZ>?Ґx2Y^.ow9K>=V#_lK^s,.1 [S y=ig1C@*uq-lFN0(rCR|V;wA{|=8[Fj y6($ Pe6Du! j[ݡ%k*6*9&]7#qJN?NgvO%̹i+4}ĝ@c!u񴌗JRVOFy34in:pxSy ՟-zʐB#\\7}yTTѳ#+eh+jP7۟Lonbe,y0Hpt-, 61':{#Rߠ9<&F[SɰfnVSr6覻}jmPq.\lTX8c^nXp}L,,O LGʕC g رW!K粉t'7GHq vKoRn\ P.5ǩuܼŲxr dG! 7<;UPK+%? ` ʁ. Wb8陨h؃E9K(NCeW I2{hjS%#?v^HZ{JþJb)k!",ϣ"Gb~tL :0!tW~%tg&8$TgyW"19ك !:R97<+}Y4{(z$H;HfoFk}\\c(ej#m$\cU🧱>,/F, )Rmc@G^k"@ O]j؂&KDi#r#HQFmY*i&I:d ov뛖EZ~ۓhyqQ"|o];|W~^_H86>Z!MH>I? (D ILT:)duwI#?^rɣ'`1V; ә(MMvz10:z-MqPAla!Kcl?e"-(FQ[ G\O_µ+f9 { }pm6S3sfytCF.\WlqeIB8%mCB7{%hܝ,28tyXG,w>ke' 1{R}3«NT`Ŝ^TFӽ׈)=d6Gs+BUjmĎKlיbv/l+.E¸1ݯf2!4R0|>Gډ߲rPmѳȚji'R_o#~?J,kF\9*p3ׄwo#k rt?Ju"h6w皥s% f]m)Y/⊮<4 B8}lET1;-E{*RO׭,8"-׹GBogeOM#Dsk\s-XO~twqu[BwEMRkd} wF(VJV(7}$k݌!8pY27J=K1ϿDX7) X_߬rYRtzdZz2n*/31s&ғR9ee Mh"6A*V/JyWX&i=b0TbAIסּyG(+bʳ~PVTI{/ jr#y7>b Ad>ǚLTta@!-wBp@-3YB^ӢIE2En X~;Zm%FXX%=p%̨!@?mVxh4x2=A(gSo'%jsMߵҝ^wEm [`[*yW_MI)?OqJ炼<HE:U> ~d3~3n9~Ǯ8*f]6{3:UdLxGMc6E#fjJ8{+ک| 6 S ᛹riCo>gqLH{)WG8pʱsDjxE??_HW2 ĵ:0'5h`ccs2W@nGۖ!_WC3*6eFw6.9z=6!]G%Xf9f; צc[iX1gkD)jəi+h#<ի}?&|۹ҨM}f1$A絳xxK'U .sPAxB*>;~wB(qѼ;,[OSX3_8NJkPGoCx%t}208'G z6*ؿlE&n!Ż3hnN\΅[ QRx$5*#r fu<図1L.?CHU9mKp7Wn iK0pB ?\Ħl~yeGRK_gD@yZ5z6րg1ܬ~ %Q ə VۖC Vy#~b{jPXłebΈbfk[wWUR[zKLϤ !U\Z 7-yh]b,ZbGp>61>̠Uteaj0("FDKJBH|)̊kT!eo[ JrjyDH('{tH|cq)zLuČkzAˠpt+J)wwߨ]dM[ j3 #fj!9:zaf8Kg8xD+s54Z`y >T|d1A+d zQ8(κ ?Pf`>I1WdۏB +TFljʝ%buMֆP@b~̏ȬvA|,8v1M/J =J.cOB 0R#7H&Nӯ\1{$8 ]cI$'vÞcA]+vg[@'S@ :3E: eҸ۳ ?,[qQlM/i>_;P#O+v2۰} P V=?d;.سdY @ѷ-oI#*3vZ#c KmtU{+#{0,L5 gsR: lVI0.yE ;1yE6Zm+O*V3ל}$M˝VQBAq罫xgd": "b@y &c~[/RS Qt#SS03<90I\s(z|)'n)?c?*R?n% `VqkK.2 "o֜b+]rB-R<{ /Z1mAHk C㤌%A, -تE/m-w$`{+"E/b+UST 4z5J[52#3Sp)ILYyRX2W5AA|@$|LkT[s‡,0rPHk@yY$vfcys.av+1V^ 뭒EaUb3uC2L^^:͟=5o4QxPN@B5 +)d+!WiGŁ++ ZsH>I>Zk*8ڦ.R>87)L+ò8hIn*Nq+Srēi!"Źw}o?eM/P"ñweݎF }݂WnjkЂrs>X4\@:ȏ+U,Dӏqw-FS!ίMuQD0*9\xӨ|8Z7#ٞxNs ,@mR ՘pӉP{(ÉFaS R\Ofc QnP D(B6~L"qu3Fw~o|IS# %O?= (v(2"{?{dF/POU)tS&ouFX4$H2ӯyH8+] [u_ws$ZXٓ>򓨼:lw2b6Tsig""ƨӻ1O])DϽ%E6\i& 5$ "58t3%?kvyfV&M~^2)ZI_E ;~D Xi͡Z% z \ 4ȨG8k^!rźVe]1XU0qطl+LhHwTrHz< N =+N|U|Yy 9k /Mk=ܱH<S^NfLZVHn ې|zdW2eҊ^8=*f8oU:3>Nn^^bc vݝ@e6,AXn^o _X)/h,̓tD:Bw{UU̘, 'VPuFj3uGArÀͮ®oXgm;-,`,x8'ILZ34*":|D:Q>rj2fbo]Gmlo4+׹}4clZR1yB嘢Vi|,r88w.rh+˪ٹ"(WcL@PSֲr3ZiY;t{[.z(n|C./ĬIδv7!,Aƥ96Xnx2&C;qKvg"϶!?ũ-n ϟY",v;)%i:DV7~!7UG]CTaJ=aQu;H&NCB_l!((_3VqȣwsvsR+NM՚~.VRҢ}vgyô |-F?p%1B, ;xi|ND4|pً 4"~^Eh5 .+=_4r \M5fj"h|mzf󼑋%oO4"WU$QLT cTgxљB(pQN2jlO@r3 (R5=RicD<υBBmI8%~XWtc4>˾nqc1 RE>}Ҳ}A@%5qnAs^+(3y]:j*K6 AʪƷI8ls˕C˰ISg|42?|FvLŗYq#>8 +V+QsFvHqO^KeqKAڊ7tƙ{s6\/!8[mWZNcq.Kswu3| ĻTUYWq "_K Z vH6Lk xΤK߆/D^B|oMpR=eh=r1tI/mE(oL_iLmoS1x3E !R=qOQ0}[8Ju3t繌d 1/]Ѭ c4[wj N ܺ\!Aށznq~=m}pV[@[vS'EnkW*>̬$gOtFAC:2͑xmaĥT*|`8NTqzڮ&wʹQ26| &E 1woay3O10_j \~~")KYtHE,n-)%Bs`껧I'V͌T>ѯ5MkMX%j`4d3'tB^t[A_1O-w Cr'=R76ԔYb3EZvkGr^rn|2kzJPYIy=iB~N*K- &Sb6Dz* =tq"xcu?ҲK f4aj|`LF(60 WD R鿘XN.Xz4*[;^ڑ1"CDŽS)V0\}= >}ޒl$R8Iy  5d=J^`-]A$ru_U |40\t7NPq2r#왿\:Nb$n[]Y@Wb^9(a c싒g [)#ۺfWa@%u;C}盿ukx肿6SyNM3[=)Oc5!-NQx0&n*|Ц)5&|HcQhcn>oϺXI ' d =4N''(L/[>PX ދIU&t%X8ZTv`L%rʢ}~7{rUMwn.B?bG*U %5[( kꨭGJۀ 2Ds8km[`?ȶ.fz&9Rl% `ZL0sS !&dE\iw4yfN_805fIv7j-ZQJBd s5 `us `B YN^L*U)$,p':ˉNt47ώȫ7T#γc&|fq{(w0S+ 5JE I/vﵱ:V)| o$51 TgN#*֯uA;f.#m+d~ߟM<57 8rw!r65jƇ'bćnˢQ'ysmRӣ C;uBlW=/rʾc<Ȱliyr '/r받sњLMjJ|&YJg!{U?J8[}Cjm5{=Z=yh){/X)7Cf{:p=xsGPS>玖D'7v.o%p煰9y?&o959A("C+)4(A}$v-J=l m@Ί_j|$헎~4"FUlkV&4xRu ۜ}LNͱ$uZMIؐ_oOĠ5?Z%3Y} IM ꪆ)1J0wnDPv,) G |Ӹ@PɩX'mڅPHa 3$vY+M3*eҵt3&Vk 79>A/ZNI]:[B0s Svة۴ ( EfE`H|)_3x%>'brl諗f7SsP= Jt9:͔. 0"'.-hՠ{~df(9YU퍕4%-oR嗵1?!$S@C2WGT&fcn Ebg[&Q'ׯ[z̘@@j֪GW`r)/<e?IvC6PR,I XjPsBrvCt}`81jұe'\6XTHvA jTh;G$:uZ2X-ܟu f#MxE`, "!?z[6:?TI40-kfx[*8]3Bv"ZJP vo0X;:uQbfh!HYS,p%Tw n}g<%$K06ҍYDP9%kA۝cm1[RWjN|뺱"b8Ζ%;:䏁繤t~8e/ }F!eې7\}l*^Chəܩڒwv&J%s /g8m*S6?11 gP#>Su9`ƎlOcIШ[ t/%ޥ؉CB(WWk׭h\X13^u&L uk0AB5 69(`<0*FD|+9ּ%r7`m3\1<{`Yil, LFY%*- AT7 ba+`ZXs3iP}i:~ٲ~fݛ p؊ .4+ 2i-uU8&sP *ñ%Ax o 2?gORњcxCgг̘˰c8 U>rDUc~6Ŷh+ϛ~Rǣ- .jvHzR2j۷FVȏ ;]Q/*=T8#^Y\nFynPq_@!jA߀~W-#(`w8e\;sܟ¸;QcM}Xu$@ fG9pڌ{HjG@Bh M7ESlwum( )5"-w Ae]Ka(*P[Hg zp4-7)RK#d̲z-|a-x:fIlhC"2Z^fDXMkL_e{ `OI em\M\/]KTJڮ|\1a$s%F D[dӟ$c(dcsfu*AEYc[o􈰚ѡ|#|3;^G8$EXdDyF?&y 锔'ǫN0_}}jׂf|XgV[VhF6 ?nX*-7s-H?I mo'm՜bS5pnWe5]6!hq"d"gWӎ$isM9rO9^Z^rqYtEauEeWۅV (&H);?*=`i9 L]0t66D-L0^wv $ Xwq=SXƕϤijl!ZDxQu[O%:C+16('4}i>Fĕ`zEd7޺owgM9g";d*#[ R5Ī}'"Pmk>I 1KP@ԩIfaտܩ\Tۜ IH4!I@ no#"H.%r,Bb2m1pvó4H FJ@Ee=8mPc󭋰sx bf[gr-auن)w0'•amj↱cVfwhZB+orY&BlF/xxU0qPxqlv-e%0XJ@z42*FSqt}}\+'בQ;njoN;`>ptI} k倁԰v8 $AishC Nw̶IgFnj[Bӣ͠I 8;Db QUDA fZҔ"3f4&YټqFs񳳍EItD:"AJe(Bͨ#*x<@~s퍁[X yR1_Y䤦ٺZ:WvB uyN!;7JGX kp|Ө.[ӷ*RA{F5sꌎj;f:Ϗ)攰4@6UL_3NLߌhSUM@#󤞳%!ӕ&{`>DJ^/-i56}4 ZRC7[v9?&.h+X'5v2e7*Q}\|Zyq.zjD ֳB(O_K1 !xڍ ↅ=77LmGBlnOI6a4Kd)m>|ϝ|s9LV L6=A;80T>,6 d e}z0 /1KKKp4}Uzj%%VyD4DOSf~mR9 ! Z 'J?_Hl+_e/)ӧ !+W:޳l 1L5`E=@IH:acoRjOCt?k/ V^QSN=%}v:6QAY_8%jY?J]0Jj鑦{|/I-W,Uo7[OT[ha[L舚4d>k4:1|?H_])i=Ӵpdj'3%`!Zzڪ_[(r[ƹSE3C[{ iZۈl0״nڤ+b1%(Aob&&t)qq0ybAmVl.A^Q6dX+\8d$pn[vt>t [X5hG$ EmR[4ZMq_B[ V&Vq$r!x>=rU/0AYiy|+QF]6|C7J Oq1 Ƽ1~P%Q)Ձ[ 򺥂,*bei=Y t&zAO1Y-WcQLff;^$^ьؤ/kWY_Ӓ(ZzKGE&)>pHDFuٻL]HVXnv\l9I>\^N^d^KZ83Mv$xApz@A.p.1Ny W'c-v M=;c5LXP ܪܩXŪn*а \ϕ;=Ħ-^> oVU"B#zܹ,b9Ԧsv;5PF]W{!6UJ2ngA\ޞ4cXIKj/C3>}oL:df֕-c>2=bsa@Y~E|" Y8Q"όey!bi?N8mh/3quH06CkAHUTN?C]ǜ‘yCA iwO! T坮 cCcRTyP!c`<7 ?7-~ q#kZmym $yudv`lsT~i!-׹ zxs .-aYwi[01HiU29QPQ5S9y6yS>*G`' Z:G^C^LJT`u% E{]վupuή9h1D9>Eދ4jAְٙpj؋1"Wm./"EHz &x:xJ.p{K{O- dӮ-u,{/89PRaQ|fa%#I[͔K<Ky0ࠫ8v.sZ)u|ク APm U?V_](Ӥۈ`a VyzG"<҉N=_^k^wmWvHÔ\ ӷkz"toc'؃;pT:{Czj@%R:^XeM 顀"]yXQh%Rn)T<{ͫ"Pk UNx/h<9SgF#7X2EkJS;onhFpjZϒ{Ga_A̗ܠ҇Ɠ̛=J0RGi6(jnUB͢_ܦ^.&+bYU#fJ浣rJ&tF`VOgDwsM/"]Hqv$؜By;bj!;,jo 72bNY3(Dci]KÓs(vsW ȕj6ltSXT C ^fN7w\L Bݟcap)a]@^saiOԤk͔_7M;Z/o]нsU'wm-tP:ߢ@rpSR}W}u/]ڽo!C39}驪klD?]:4pѳ`h M@Dh3m/(nAnm,`d}]G6?od\ HnD*`NEi' Vʟ_)[IJekdXE( D@<?v˦Ca:OYW 0{9G‹oPwpAb8捌 ֣(VtPW~k9D1C]̢.>&BkWsaЛ@ gDqxIvyw2 SKv"h-ݍ+j݆IG$oQ [ߔJrqunl+ H*`xz Q]a4@JJ-#qmQ3/ΜpP+CvVړŲE5;5KtV=h0ok t.ݿQA}XÉ-e+2C-9& g稃ϳ'#+ b“O{Բr5*0 \m;_tۯ9d8-,m%q0Ѥr5UE=v0V^|9 J9*g+{B)w{pp%(z+0esa(ERQd<]ps9wf{\.-.+~<7^Ue=>:/}:3cL2SGkrdcOB4c7.5%vۘ@BN1Yb?Psef3>Z?mm^HrN6VApelMAj68sFަ|nC86SBlv靵:xO1X\M;pBx* ٰ[: ߝapְtNh-ӣ4l#],k<$DerC75~dT?QwmnbIFcт9dbJi|rrጠdwU[R&=^SDvXAO{_F/Ljbj>DV:H2^?J{9@?Ir!3+< l.S?QGUC%-wom1-JR@ !ה9/y}&q r甇:r@'.42eLgFz= Y@E:1s%zRAįEC6qҧۛ#Qs]PːΏ30gW 2in.᪩ڹG#+=6r#"ZpxLŲf㓒8j(4K]:OherʩT(ǃ7l^FsZqA!ĉ*i]@sX_Oe:ӟA#JT0<Rhъ 5-@9X T[)#J`+1\ӣ~QRODf")Ke2ftU0WHFC%8~~C!߾UG*`dF=  $MU`ڢ>_Z屚LӟW [ *]_ObE殸N31نч^}|wbkh[p<9龭]Wgw`dd ίJk" FWǟ9O" ;mi|4:YH/bB`OZv;X<nŵݐ$$(BYjZeMGUvS-Tv[/R}:/<8S94c!t!);gaC2XgځFޯ$oDGM%ڰlG^楶/Th!\ER O]PezȨY4Y͋a܎Cin{)sY1xQI$NeZ]LlsY@5SbT|SSxWb )|AH`VON tuz^upY saL{WԼwd{ӣ9)ZǺD ujڝ2;T,EQ{o ĥ!\X`ߐ(T'7I5:%Iԃ~Q O*rJ6̈}*M 6-\9#3УUl[n&pU:ʭb\:8 "u{wFfq!tɻ9 2G2PvNft0Ld ,<3EZ􋍲 FDX//zc޵Vq1Ǹw+HiVQ:D xމJ7{=%$i@J 2ݘ49_QY)@+YVn/ɞHA_&S4\Dok\Ey:6s2>ٸ", U+3mqk7? '0%P0#[T1hKl}ҴҧQOJj">icQ k&Iߗ<@(^̇`zu)%"^9Dѕv^2=V6ĴQZh fFz0bX5Ij.bevdfIL$qVqP]Ly*6&_I0#P9iu5)j8Z1S#-1mn54+/Si &e%9/A GT125'$%DTkP^C#LTL֩ӺhSnҦppQ]"S(\޳MeFj/P$=W¬tJs>]Mnf{*?5SzKW 59X0ߖi@.Ss8r#.y)A)I%ZnpI|#{p}A\U5>fSuUE׽Sy+rաEyfK0+4\"aS>kr "iO/\i(Pyfu-[_etmG(dVO_l$ hbFa0@@ M?(CnzETZP|֡!c;Z-CF H\!wI-d;^fσn2e#ih'Rv6ބ`bSݟzB!;rTC?O4A-vr衔V](C14jз6&^ϏsARzC k ,:Tᗅ/VE.r!NY0vh5H8>/xs[ҨsÓO݇t ֈf՞߮OhT ir;n8Rya /N!\jq\(y9乲=\wv"gJQrirԐOvSl=I3dʰjr “^MAj4Ih KLv7kb٨#+}|,gk<{i>s突yѵ!V]xd2ܙ(+h*p)mzej+yO?&֑pRyVyiu:uH"~= u ^;*ܻB/ dVlƵ\wЛSZ&aö+-*f٧VJtw\L >Xx?hCriLZ#A.æHNea/ꋭ9C5~ZZGF$ C/&"tca3cQx3{n CiE yMWMe{[ \mH[U-sznM#36GY4IjFHoM"fk鳨3:٦>J8C6qq!ـxiZk260}* eFbvJ.yv@b,K :XQAMyTiao*1ˢC[qml/Un(ӿV%CH΍g3(`ys[8яSܗk4'^t½3LK@ A}? AJeIzH3ܸۑ'8{)W̤  MDm3, @nHځYpsa,G@_%C{}h\D4XXfK=g/-O:Pr܉l#'P7+0ˋS.$9(` `f^ɳW(nfw)07yb;eT<!ZB޽rQD0a<@S4Þ,B~Vl gLubϚ"xjEvH+ 5xa #h@meNb5p}aq8%NI>0f:ubK*3qZk.u²sO$r}чR V'ٱHYɌ *gbB5']V #$K)J̕X&]YDbP]&.$t .rZlWAS:5_W,9Rj mhᔲ={*qtRX^>9EY>y\dFx|dhT36!â#0%F݀ת=|z=t;)nߍwDi# 17c.{+B]7آѶM3&a+: H}+D?Fr_&+YRpqK֨xl<6gW ?Dǐ1?9ӑgndر] @j.Gd~d[H,>AWiz8A[L(K.ʠG k&8B߃^ piwfuAaZg&vOSuWan4d,BeN-mֻTX4GoPo#i4y{;I\G3% B׽bK +\,TZ%9MR=?SlyG<#*ҤOd'rpvCBY]"'L-Rȥ h.B  R(|f;jl6TCveow<>Hx}J=2!;[^FP\]yȸ{FKvN*PgċiV )DRqu[ޭhw_|X`QVkrO-H- ؜$AZs5"-gT}u`ndnAdҘ &@Y0@_5Il<&9,-/;Ue |zʄZvu. \m1gh.:[Q4yJUr+Po#3J|j&P3ԾJm+'MX$Á.ex=6#1?p_d`"j&?ܿڷCOj X4 t%DDϮ*R|JB(Ȩ2Pt1{1׷J'@*K=^e!=x-ܫ5V PI-pcexIW$0Qi],X_6iEۓdF|*Jty9swh[3g nF);Zw>3998g']Ι6@+v.Kآ.Rb#9B&#ڜFpg#9>cN$LD eNJJrj:L9K}g;|ŤY"}3&YC1.>ToHjdo5U֬?9eF[g$INTKsJ9}J q4mwZ&L Gc_f+&ģ9zb@ģ`rP4=\g{Fpz&|Rw`2mU Tj ?+ qK]C)@Zp6t%dݐJ%\vQH+X}}uzN?x|Xn F߽vbHLzy`CEODw:vx7[Fg>8|No7G{hn2/\|h)aS#Zχ!Oeg6t|>&>J^,ZG EUӗV)f&n0= s2͓h o4bmմww@Tc(6z{'.ܱ SdoWGƏ̴my~%\>Gs)YD.N>ia`HҶy(!/?;N}4)/G6Zu_j:^~Z<߈We{e]C^u)83;k#Pkn ȍQOi9xA#Fhr{% )WP-?eumC+Vc~@3XD(z.hF-]:D_Kl@yPq"2U_wk?֐"vLoUp0ܓ\;)zlЙk)^zژ&w! U#4/uJkSG5Vv2#j{ ܧK.Ŷz2 v`cSE $Z,<#̰: d9W9k|$;5 =+[{qDA'<*(OKw?ePuO1%RPAʮ2]_ -s*Rk2M %mmGc@XQwf4um̸V/)u8%?Y"n h@*knKڔ:CQqŏtu?;+*&8Fj QUT_(64_1*(Eе:7xC//LEBk(xFO_$]n4w/&ˀ.bщ!i*hO0X/4wE啴ysy< bei=h"(ו(1{} (f!'kAJ$^RʁQa4'c#[cn? &ƗN&U-,uC^#91ozCXB]ErU(Woz9W\TA򶴲S1k!8t2H ѣC(^J;ld ޶:T?[0z,,IB6"h-.Soc"ճs+]xcn6)&v@%hwhYt,IňfSTS_![xn2ꨋ5 2`Koe͡3So,\u.m*S#Qx 0D>\"Q'Is4;V^Յ/N&uoZ7Z77M)`([l'(^KnzϢOE<7g|n9M2x'茺+d&L3%C)zdcNqnIV[$p׃, +{Dߤo+A Y;e㝯@+|VJpm %?;>CZvv`A(&<t8[o*6vg^lxT䤤WրD]g0AcqH)R{/)z" FESDjp\t!]w1tTRNI.n|~vyT.:#~[oJ]ɩ=UN׭^pj_~ %amg QbmG;/8C?M.I/t腏Ô\L򱳬J_d3 9IoӌD&8k&eFXH f01xBkX 4WFv7q>,yےr!S2O fDL3w4yl0>Ch; VJDYXA~a=ET쾶R ɟ|WR4
    ]uW5܊<`J/[rv2a+Q$mV;]rݛ o{Qvo +2CmvYv= \Dq HKzo%[(W X?\-٨\--s|EץH9͏WR}v,H0`0h)Y2;KKmһkS ?fISx[)ѯqr &9&#zWpffd7}3LU^Y,?*w*C @9Tfp㡀o &U|؂CƹO]i L:tٛqg+Ct8vȼ i7 2%$S~*dɥRDݴ.JЅks}4r]8^.OW}WނvxH警}8 9{LJ rzb?=X)m;gwT*@08@Ye`VRd\C}^CƘ^؆mJh"7A;wJZ 3P.Eч1@]e \0nQg73\R0kmAIOO| wkt^ +v6g"cyin@H3Q:P]TF8ՅYB`|,)Nmi ǜPZt~ nοC38aB +/þ+G^|iӛwyг{yC6{S"I㠋q'+?=rEZ,؆Ӂ#d3w G+ W{#⍗S_cE]_9MH(ԆPCC m{nY3nx_}Ym[ҊDi}8:lF}X aGm2l>)!"^0UC;C6#"WnL'E>W]:gℬDF<8 }[>]Idw/^ S 0I|eWHuK~ImD=X/q@xvh~tDI'r3O5T!,Cb'- a`{Ɛ̱1ƲhEP~厒A9x$>=*$a!0M+?Wj?Z#;9.#40P-f$хmcG<0 /'bt4b朻5$eף Cw'nǮod=3%&V-MY>crST}s߮44Ўm>~PcH]J m}W|ږ2,Ҏ((&AwSkIS&JfdxKX)joO_X#zZ{4kTWX9T%%FĨFAIjNcYejg ; $c"C++׹]lkQo}p,'h*#)̽11JgG7ӮAʯNk'#wW1 [I|505lxq&)}x]7aiuu9>N) I+t ambHy=)r`M#҂=y`nX5җ]ŰP^+Քq٪+vI,COӣ8}aq̾6K KZT_/Y* W(BNQ\AugNj*" j5$ xҶ#&&Vn)ʽ(e^s$O@:`vbr ȵȽ@aͅuUW:nj(S):`dJ>Cj72W +n3Z n2bb\!g5鯯j) nV@D{ '\n&WN3tTfNw? ?dNZ ri,TtVRb |ݚ0h)0ׯ]f:kI:ԇhl8qўP2\mVHp\<!yυ:9?z6XEDxܚ1&d8x. EׂW39.VS`e+QBE_UMǁPP>!'.Hڭ (ن/^& fAt71>ah܂jrSv]v,paऐu?;J˨ڻ.`aOkf0N< pYZ%ܾ9'Z«Sif;=Fb_yqV?Qe&vh3P"<+ բRyE$%sDUŲ>3a0Ldl{ҙG GF939;ߓc3gZ_{.pч_n2҈Ņq*4u!CxskswB`ہoɄ w@m{5ģ HDBHde3^p2! 3j|NܭGd%!&:0)-6 9[J̬͒Xc  Rnjֈ`Asscv9k 7vdUG<{X:%Ie_Ó+}ytf:U(̵졭!&';A'H”wJa' bY8|@j3cV;.QXpR;nuR#Րtܵ%:weO5D- *n2|/=l)"!k~WMiJ5HUvT@+P} uN.MwWa"+' xG[ڍaq!dLpxg$^`2k4u1%ZYzd(KE RU+zS{tߓaA{ry|aiu 6n͟-u.-}}<.A7#TZ2";rncDm!A?9*},/\?OP7WGѠJUn<{@lި?[-_Կ`G7GOa\{+pPjgĤ>~x347! ET-Y;wXM&b$4ٟx'ItHl|` V,E/ϒWt-=uC~BLݶO7/eפoA Ii2=fQSC_Uk5D\YWqzꈖ,ym`GC{rGˁK9 Mt$V&1/uӲQ<ừQ~FN4 q>J=kf!JdyB'+~s)g"gX{ )[ڭw5 >Fc_.{rQ5@ Jk|F=ixW̽:=C&0֮}[+j8oKC{yī0>LL:-݈uB|-rehШ`Qn+C@Mpc 5B rn=9c1 jR뽟sڬI*,iTsGNٙ)A! 1Zc$宙sИYLaק _ BX[eQ#/&0I}=48:L\_a$a>B^5CЫ &M-xUnџnxܩ'vju \5/`%=$!wi>tNeıM_q@cJZxɳ鱍xR"D_IW+I)zcG oUzD>0D U M1vrrdxr/TwU܄MJ2DLNٴo:*V7 j).u5"HOܶ{[gMT>Z"_uz&Z1s3@[X=W-WpO W ՉΈgn"MEA+s1&Q.9- mu&.%w4POT}Cz;@d40x 8!0 $OЌE&e*=/_Ia_!rtz᳗WSo| DZ"qhgs OY?:j<`226 z}$Pl0+X~_#^#H H >D%/2F@!Tl٘{.Ebr{3+aC~i ٱLKa W, ^sJ4FZ5+JЙZb:p ۝mW ڵ^`_ PfՊ"ɹIS` mPqj@ٻɛwodt0#q$M]y~iݻMVRh!%cvK8\W_{DOP8Ka 0ɐeXKDp(*t?#vBב Xp.QBT8΀Wn>$? 5_ڛ׼p'Eh;%/VƜ*ջ~XBuH{T!o]ҤSݤښər0ʽ4,(H ٦ځMΪwD2G'jbh:k\|\.U/9lF HS9,[~UvH ؐM,m(Y:P-6eMC߉jc;n ίB/('oc*v-\m,brߤfJomN2}E7p T%D":W>g[|?*x+;z`4Q,Aಜ;T@[i")ӣȹ3 a5GҊ=R>rW̚a?"~*~ ո!g7~ 5# k} 9I$D y;'ĆA'\1͜|ѲCPDJ0ʍ8VVb[Е!IT33B^ߤ:IT`ruFv+#|yJ $DgXr)RLF#%PXV;qsQk`y6&CUc$Rx"q{K =Q,MbfcdI l\6s&_^tY"tFB(#_*U6`r83 } Y4Ut"R"@T/@g͎R08@:$$YڲR"XjIq$o3Cd+(Fe=4 AWSQWxP[WqN,&:bF|4҅;-u4U"46S7A.?( ul|Ҋ+uQ0'Vduts/ԋe[J1nBPk)Fͦ=-Z$)sTLLB #y"^lq|ML^ϞfxcB&+w[iցr%5@#"^i! Mfx*)F`#.HUNl"`X-^KP.u0/"#EvkyǢW*%/ox_?gGE3biUm 0A=:af#ZNu (6Ĵ55,&+6|@FiUP&NB4Dv Jdѥ&sC5 w]#M^.JzwW X`!d>?X:44'c8u}`qvЛ5* lupqc'2Ăw]nO0Re>(JL1ˏ=vr,BYϷ605H?@/Qmޓ6𷝷@A:~9VW'hs_yޖ%aBO1lڭ˨c͎PkTɃ6c3C& xrlٞN(X-?╁Pz5z\5ZgGX9<ٔR퐀a ?)Elk";ŠK?gԿJi9|@> _f4"6{*]M«uӮ!Q 0wFqB~Ìn ;ǎ|T]kdn:~wd`~N~Ls% ^PSyq"5bIcf^013_c(9#J{vCliޛH;s\TWݡ& e+C++ ]C&o$@M C2۳qLn~Bil9aCG1boƴ9cԒ5g| 3goݖZ6juWHȞ})kvAO,y?2 yA\$s<|8G.@$ޜnZ=zȨ͵/ GWmq^QZ՘~x8S3#OD^twK+ˉnkf)=B]Xlt+Ic <kJTM8p&#" `EIj~rl"'3]az u,qcmwt"-r_}g)!I7W m)C.E]It4i=s|8u pMHriJjUGJ5GU]gI^L#6!= eYQ~$p4rԹmޅskx7a aŤd6Q3و8ʐyY6ͼ4UkApr+j!1p\J%Zbճa?,B%mGL۸_l kV>Cj)0i#c'+nݠt<VuiZsnUN[3? Mch;~ظk#C3kzh%ũ,UX] JޑCIDZ{;16N`ռSJC54Pf>huSlAn5ӨF lyz<=6@% !?[n>4GM YH3XHHd\{"Gʂx9r^1R}"kj1wIEbƐCv?kG-K[畍[1Іv04bEB)%t$`BS(׸99 H.Dxz@e7\3.֔NrpJo緯 C]M gƘY6󑭟)xA7mbFQprNI\*YHsL(j1dN!LrpT̫ڏO=?:S0֚>L G6ZM rIfL)K/Ն7v4އ/%}.paQC#Ulǃ56 Duͭ"˴'2ӟ ]LcwvOG2ZD;t&0MZ4c8@sJIx^RD[&Ct~lC~=rSo05: MT1_Pj/4h>/9p|vnewSE`<>?$hsG֙]Eb:=`Mn_T͎rp5Ӈ?#\yUChQSH[^[Vq ]"ob i-'{!0tJgwiLl^!FnTNnou޵Syp:wD&C ί?{5`sq䤢?jG,wn=QWjP=PL屫+&%|Eʏkb3?OvaLVSJvzfkc5NUT4Xz.-6Q> hOUd"4>`b}%0e;Bd,2(ѽuE3 { S\.#%.w"=^Q "c4vZhS뭊ywS5LS[$2Mi1$4UD;rߐx(@aYjA%NmޒP -`RA SZ L mW~^{Pg+NfY'2 B+fY ־>d'~AY "j]*Y6en^$9מiY^ЅՍP(s8(.K%%r|Qjy= >~Z}ﳈ:W23]v٠n0c`ul;4S1a VZafhog$MY0d KǩM݅tuݸy*`|hY\-$?*ɳY"C6;96S>'B˙~9Y"PEPf?^gv nc婯<@Dri}Ux- px}:釖FnzL| X YF&-G0$kCaqJ)?^rsݬpqa3na3콶"'̎[8*فj.)yq@B:!rDx*M`+gi)XuufC#cFvBVߩܧ#m}iҦA(S\f@(@٩mHpJe.8f?יS}e"|D}$4/[P߀hF4\&fD/cM> T%0sK4!l-m/vko_jpB%xI)e2fNfh.J6UI).Vardy{d"GGpB䰁J1#!I圩dVlS1%O@L)d:狯9p.T*R Vue}=׵*xd hR^[Wxx4Q> =;Q`"ƞ|Aq`{E⒠PxOORֽU1WN_#kԚ}zʸ9y1 >Jճ9uguyNXc c%?.6Cy| D7MZ'-;4s9{RñU}i ZU9pl]Xh3u;򫯝r(bߘ>2II޹zcmVq2N 4ô&nM<Ƶ{Z~/iF-l0 E=&1,p'QWCpzi&\/ &iڥuo,cGd҉ }*XCSa^*Kzۯb3Ԉz&uilI HWST  ">w&Gg#wGg u FMnn"m-ѷ7pnHu]a ^[@8# E?6:x $fVZ']B;`;.!7x\&:DC9a?ş؃ kN-8 &W|< " A T'|qIJ"QxDmˠiPen!ٽa]И$T(i}wIW[<ځfBBrgCD xRAp٠LXNsUD]~`K"H<.홈 9HU = T)UB>LUhmIʈ$7/+`+X#Ly}e;gzzBl'@$ XW3ZZߗ5p6B"GUgI ^chUܖnbaODJރw($%.c!P 8 }t$jߴz $UŪZS> oBLPy_־00#w& 8ԟ"ߎwbfA8)E%$\ްDK5="vBWMM8iFFsTӄ*L%†A-bX>j%ߍOzF3ռn!¿2ut9@Ív?{( 1O}[C_awS#S,Nsu&a6mY͑r_Vې#6 U7B]Ai*#Pc6a,fOXHŮ?rūFo!9g;[gң2s!ٲ'TNUsQ,_v6+282o#K6s\RO3Űgn?ĠÐk3A$:RqdZ=g,0~+. }Mc-o{fbD0&ƏoUǏA苠 d/foؿjř2< E6TH>gdZ#{2v"KQYzE@HV# Zs5)Hl`^I:}eL'D}~rOh*)|q&I d܂Jhe i=bObxIjjOm#|8,he@8U2^"$Qxc_d׉9b:\ B‘-b9˞xߣeH+S! 1g4¡'%)}i$MH:ox+=* hlkvǨU-b뢴4`ua:<:sI _Z<~\ʷR+,֗PnQLu֥pNycufcm&8N"/- 핓WP3߸l2k HP8_kƁ.'L P'ҧ111!-僱;4ȇUA3Y뾞{ R-4_vmc놩臹F4~^;iC+)AHi>];!D8u{&ioLzHDV4U@ڏ\J hsʢ AdN 3Hzcp\6{\ ԂlWʥtj4Z.) Mo1X'| =NyS ٘T ifmήf-c '=*>[-$Gl ;]::c Wv8HUK 3;H5+,^% ⓁbvztC6j:6U%++^D!'d.9].m) V0r.[SDcʍ:P"Kozpu=؞M?Q/.*hIA\3p[æB![+"Ipф}7M6adȵ [N@MӁqWt*Kúc#n* VbYAʼ"ꐞ!JLs TvSەG5J|],.&Z>Pv JsGTk'h<- ֖sܾp4:&Pr CU?/"< H &01jSWF0bRO 4?/mR>Odį脀'^ևlKw 4N'6..-;Xxb|i:$ v{_5>GOap62Z 'țme<ķ'hvhsjB MhOMX5؜Šºz$];+OE# f2X0LvR} -FK\z$8ɠs{K0 Y U!50hEQE2ݝlh4_[3ݛfm@_^^ W_M _.|cQ}do^&֓fO<l$XO5˂\;-XC WTRwrSBWvF#wfӳ]l,,M]K$N|5/{yJϒRWґtj)/e 0 _]#1Qo2Xc@w,ʖK ` D4jAh9DAXcW2kBplaQ22RVRu<mxP@]A$Wcv|`k$uUZ|Xk-74R&>8߿Hjz(ۡEnl*ph9י=vIT8G\%?oM[뱲 A<" KXCzص'`o߉LWs0ʮAc{TqQzz tC}/M֣YSI3Ft8GD 6>N^cP|fg"G%&sQ5YAT˛ooR.?XAd*[NT*N:|t'%~q-d:89%[*ӊsI{{1ӯ"%X@=O=]WuVU}!ښhY,C%S(ؑ:ޗTu~wל <%rrIhM%/rw|Flz f\ qD qu xVbL*9i)7aMKp iϸV>RzbO{vy-?qzq3[RlLD.):+`=ZȐARYCs 3MtNT0/PG3j^s)\aA7E#ޝ?iB\-ܕfyPi-tD /BL| p-dHИmnmi^&a#ńV(Ka A KZs|T@6AL%N(SgaHH*reo 0PW·LtRԪrxrԜ([){_ CaҎ2&آv8 Ԙd޺S`TfgɯFFpGzMO*UAhv*XL+Nh#Af$x9&3~&;#kIi-nǪ)sԼ8?&#^8Hu4XP]+Nn" 7`֜ YY>9Mvy<^o||FuK^vLf$̇ԛk.Ye'G pXb؍=x$qQOy"8Ⰺ"_qrDUxQb}6= :::Y N/zgò!ƅf+ Ʊ]`'F1/p%Hu8_7KI8o ںOHBB0ɟZUfЈ_ #x@ƪ\lpxrHdf걦p;M] j ܈Px K3 L(&Dg=Զ!~| K*@ :5b \ɖRy+]|=Z!Sh _/"龡4D@g[瘂r{Ф*]wܛ7/ik)5>NYՒV5" ${-ᶄ c㛤YWѮnmEڄ]sU/PX:6vp$CΕGzUA"P3UTܛ7UL`}vU&er0T̞t"c\F$0i7f$>5dwՀ!mqcߡ_jFCn0z g`sWPæ"}i4+r9K<(Q h_}â߈Ba b{X.4J֬;kU,`d]fowRg/@ԉ"sPNaޞbtI]ZʺP߮] *?Yy [tPhʼE@R/*lڎ P2}lhABS;_ {̈bOF8{8_\.UNmRN!> Iu<+YTqZnT";a疻j ȃWXfۈIc}0L09ib!3>E c-bK3V aFʡT鈥YE.C^k 1/pRK? 6JP=BtU3E+ h>h|ID(DNж J| +uMQ6ًxzƍL#q;,:up1GH_oc=y SByi\R!^@Mo .+%C9% |])ï][ _م~39OR%O&gÂ-vHcu'95 Pk>F?h}KJ:H5|_  %?RJyZ(IoOkXt氚i8u/Jp~:ΓA|%E|I \޼@^6o5onIJ&?٤!!8twnl\'Fuv_n_lg˝z Ǟkc?!ڰl{Soc?ajV7)8 %HCJ *ݒKau}8a@21Ht7ޗcMK.*!DwVq$BLŏTĥm]ĂǬ~9`ZJQ)U’'+rFڂ`Lr^~n{N,{+nIB|\H򇇟; `WSm(BHV;%u[r_WXZqs; XL)ÍUA-kOX=|(IA26 6˪P`b(؇{jqB3۸} NvF/ڼzH0>jt&#GnˬSg7amd`%yg`*jDoPxyK Xl6MX Vm=@9@SIBB(t6>:ou: V`R]Yx1!nEܹo"bTT3!U 3֤*< S_0 iKh`q"D;$ɎҬ/~M+ 3G'48u-<]>ӥ1,Xjí=Eg&kFW,޳'ay})2MꅄYy=KNkWӅPV"M-NUdG TcC͐QKh ,I|ZÄk2u{, 5X,U8y1P"vͧYQh)C-_cĪY+NoӅh Nhחˏo~cG]ULS4hTx N·jt\=_"(0w4Į&b^/ PY(^URN9/v^7Ak J'>3 =c࢑?{!NEI-LY= JU(_TlUtH4Ak-:Fi3%(fK;[l*Uovo &K&B&R@&PAFx51(Dː͘/q<[["w}>ғ*EO[`bl (OO )B@zu z9? ֫m=i`RPk{(CgذM#3pIkv>E=I^ly)W@ 2R@Z9|=&k1q3= >s +0E𒭇])$@PO8~X[XAnmhv 6/]zب+Gw91nD@~-c!c Gz-",U+ NŜ^|唟jz8ëX2VrBvMӳJ @E~#>BuzKy:$A‰Q({rJx(lq^+ί ̃QUi'_a.XJ>9ݫ Fa{dw%ː{yH{SPI9.ʳջz؎ԧжh(޷e(I5{[ƜX_MVi o> &7n CsWOZGO. )##uiJݑh#`(ƶziL8lAGG>Y-3;,r)~J|;`r%m_q>ӈ(VҐ]1l!2۪&9,!vQl8TۆXmכ{O.f<*eZKH}PG6.BƏE@KΣMpאn#.h6nK7~GBM.˶ӐQ T6~3ol%|{ hQG*Q_{L\hVJ7⛉*UCU,%ޏ{i+쵧 JPOoQ[q-( \+t9{Qړ]gC5 hP@{ΦK^=FMFH [œk=fI>Cˤ!kq|n({|1P˸J[˺Aí Rh}J*V/!M{N{~;ZG!F?mJ` J7 uvjI?G\!S&Y {G;@'-+!Bd [q]5Vؽu;6\ /҂abk)F{`t, YVVc>)4fuQc^*9qZX O2?Л+WmYЮu'}GC>`sSCCr?ھK%5e徏Go4LQ܎R喙tOJU˙-K_ QC %t4za!o,Fu/$X]d!ʳ9bl R@6w5J!&Eٵ*@U4s+щ%|b:y >)ض„C .B@X~ə:LVB&kp"6g2eG)]MW0_iM$RS io1Eq:0.>;FE^%U=up-{9p}KH7="q#+H*Sf_8q֌|pi)~UJgTT*E~2k*ESb(6cƻ=c .պ{U,1f`?J?p1rm 1S @g{ʃ zk?ۋckr#u^T59?Ɂg}fIzZ˅`;\2ޑ͌ ϑH)^2P# [J(>&Psgo>u\vV/ *'h9?^88>>.]X`QQ{cu1_8MGoKMRjR o%$wD7/ *9#/ $+zu?^ [~x+/Gc0Df`șG](mj-7E;t[[F8MLWK&RW <Ùo.L-SAAŻ7cJFCRl>gǸJ ̫;>J:(6wSIț 08?םIpEߧ~Neig$@@n7:Mb%/kHmw5Ê$$8\fo΄*#Be=?~\,#n o1K'O 63?~ 쥌 ]eLߞH #!Y0&Zl8j7 0c=1*!7R $:E~a6nJ߀ oVGbSy[5A[AgOc%4Jd/7! }[\_O׊\V-9V˻8у?\W `k s*cƿ+Q ÓGx= NN.ﴷ%'Ym`}il`Fs`s.=%--ӝfu*ynFH`r|1񺨡+}xjb %Ѿ9XmhEՌVE{ M^@b+#׭Aw7XJPR"]Cx,q chgBN 5}`(ݢ ^ ](1<۩"-`Ihc[LGrzD;(_>uI+>+cܐ rq$ѲQC#a;.p/:pPr>|+e44i1îx涼2Y{j_!@?G:֝J {DQ -59+Xw.TwoЬoi:YimrDQc^|]Rb w:c;jWh^7ZnP~ҩbC B%+xݚ+#m_&YjuN~3fT[rr Lvzs;PyX͗t YR꧓p҃K5եu E_F[=ٹFy܅޼j{s}3ڍ= ekOѳE|LOQ|àޫC8!Dǫ!uc#sWH CJ-njo6 پ]JWKn76kwgoB?[38 ǥ$^}WXb '|lBf[,oeM|q)y]™z`!xJF2#^G K[ 8vP^%r9p4& F"TxncPD`}4;qu}+U"Sk `g r,'2^mWwIQd)dz|1ۥG9 ̓d^tNM=_" Sgqu@L`MەNNF\=0T65cgTRx,lR|L$[U~o+E,JSD=koVpFŀܱs::Lln%:KOkͪ]kBYCniȥpM O7afdIEjS2mXem>0`idY1*> 3^N(Mj_d;1mV='΂xG{${cPK\"=Oq"h7#mBm-P1$`7x?$$- !;50ޤoL`ͿJs, pհou))ay _ǂ 30Z-̚rJ8x~zj+N+jߊʫ=)EMv[.$tL*o.+V)ٜJQ vɎ/ݼégЕI"\3%H χpGExsBiIyT[sjcG5Y"C[Ԫ)6(r/ʵ'Zgw94]ac`!Q*q48u ~[?)B+-ptɷZNEᰊ|#Q7|ԩHE-5[`oqw1Owy:sk$G^zzG>։VOL+@tn{`BIž?p _Qe`QKps{Lc=z]a!4 yN_\NS*06 {בnH?6d+É?U=VV"~1#lM~yX~SliO?JNgϊ܆8c=µERQ/>|M[ͮ4ʕOy+ _C0fFDVYO%UD:HoĴݻE]l<yޠģ͎MXwJ| rga1Y2 I.N-BzMf]*= ⣏,TD35`PWUjn839ĝ3{y*|n\O:IlIkNAPd~β뇷h*ٴyE[Mđ{[uaz>xľ?vM9oEm;P|w?8ڊfe-b$~6&v+>b/zT* QPCeNW  -Brjڡ;,!((2淐X&!B2寗A:O(dr)_cKį;iw ݟĉ7F057taˆ<u7Z-V(~4Q*Sd|N ABg[ \;JvibG&Ig;;/bz\iJET&S&S'EC|Ll`д%@Q(2tyn'76xj܂^$o5I[/Sm o >}Oo+:AW MЪw/v7?q-.wO??sHWF ( ;Ԫ4B#ELYMbR8n5߁W],ӆR1:,\ 1*{b1V3u!ED6Daµ@}mSx +*7㨸sBoUƶ8םL/f欠12) jr3OU˱wֽv%.M-p0 HcnvdEMI k?xgm#n_IU5dZ=|umF;#*n+ϛu, { F& J釩ƄFw5/2 F<ПՇ'&TljFbE+xuʶPmnmN3]gZ /OÂL#t^\{;6LhVhdު{~(jigi٣zå{] u77ow%7 ⪀qNY4-*ǘt,ҹo0ig~gjhU݊|W2duR-kźII]lZ@^s6y*NA1A2ח>l 6oW_$LQ>y\I(H8o*$d)-ύ%do},.4˃\I4s >N7*z5O,\!PU{v*|۰6cR oY@QZ $\&sd"s$x}zMNQߘm-?@3tЍEU$KW6<|S.hS  @݊0z|iq/3.[LūA>㗺麥"D+R ܘZWaH3eGƶ6] h^~p?yݔd@LC)`Vsݶ rPGÎfa Q,qբƁ17sP!VNp<)oK\szL(eƒj$ {Hd/U9o$)FeE?霢2Mlkщ;@L^3~32ӱ.VH "kb<:˾pK!ؚ*5[EH`)Z;e NfWi{"y)-Hfb$[˫S^Zat) n\#`d3oACC]cES#^7sт0X#W};ͨh>w/}*Z3`@0&6 5.U@N; ,mCK:7 s4rQ4צxvmPwl }Qz\}1iN43 0-> Eh8;9M)b̉&7mSGe˱E$wj|c@@͐". 9/`-+~: M +#cAޞQe[[ӑڋ_JyWt($'A~Ѳ[&iD yLo/~60!ZNO`=ƭpgCk0p-7JF5fRu a<= Aep)pZk3Vn0̤d :d4v˪\9t,Ѽ}qc4sc<εn0EmyLn! Ed龱a%**ԯ tyx"rw#0}Wln(=/oKsm?)oj)P~qAPĤRVfHcI wccY(#)h:u{R쇚h@3M붟j#wwOc+8u.։ӽDh/Xc{1Pd%7 .<9(1bWRY~Ghoj:Gc $ؓv͒| WzcTq󔧐Q͞D:ato+M:пEF_gxq0~1r>oɅ bK*xU9ixdeg!Ɋ+E+јi^5}P_O٠yƂJK 55m|i~x~D9R`dA1P ]i}_1"",$AnTWa鈁IM+CUo|>-CTW @?{E?$cs4ҷ qR w )LdK;,|TBpD4Cb58;}n١ihMmFu6VsXZv|W'^E%E`f66CF)v=2? 9/ܕ&Ue1\UN&.XD#]]q2ݰgxcBE>c>~4TP4Q6}CEܱGR6O?yV7r !j'wBr̠ʩ+z᝹f %ؚ[ԶE)ћRuL>\Q59P@sM^JN}&dyDn&0qlVp~u ኬ;0*WtD0_q3dQF>u Ur,{R!Ճ[*ǣnBJ`&y( E%tLH8CM5FHԮI-n_\D\Ƴ,Hb3 H C- )+밣8$л3^Z& LHT|4X{nV. X._|g6FZHҗMai{xjb8c&i:}9ȫn8P[6 3$U fO,ezj#c1fƫh"PۡCrc`,MrkFFQh(|TI^k[尌Gt-p=gYQy2%Uh1TT-J=t}(^#~>NY3(eGH7D5Ɣate+W7zX*k}|69ܾc/SGPi{"F}lCgV`&nqz蒆XKҙԋt(J<`RC#4,"rrCTieaUSb1>ZHFtp0U4@=ɺߜ~zODdc1fV9Y#x1 _[z2Gӓ~"A/Ĭ+Cgʗ>ƒbCIIg"`+TN s{A aTEkuy1ccrCǚC/]poK.1 4x z@nT +zcRĴ_A&zjB}nຸb##,gQ!>lWsքCM͌XC&ZPA{T!-p:s%qĆ1k'\ډǿjkae^Z8HB$p :ҠصqzF~4Ӹ/WKF|_j/+٧Rk9kgm^8_ZԒ}G&Fz16&kx2nq3q$dIL99k [)T{Z|*jV7c UG[P\cme´o}BK+k Q=-Ȳ\.)PhF`Y^P,O|# 7%}*h#cjGLb quUK, $@sI4[?YvwTk!46JVIf/ 䳚 amnי*]/xnh'K)R"L 2]{ F8>&LlPpʃ~WCaN†ѭy4xWvF- _bK1'>} 6{֦ ~ μMYږ@^%{#Ma*MmJ7ޤrX4ׂK]xI#W`~t\^ݍXBO,=m2&D w" `u  ӎ`@Dɂ2 ?\&cI" QJm:A)H%Z hk7Ezrݔl=fGe:|p{@[l $' ~T\~0,EbG=4y k`Xn8J͊=Y1 >+ ...2FhA3ɭK1FMȐC%pZW])ds>b9Ș${U/5αI _!wMZ#N*㩒ooctGG>|FnځW&qM~Բ'sk+W)UvC"#~Gv^ݠ=,9a2)H.7}D/GGr/r*&=t,+M& ͘P-Q uL#@'ADX型v.*}q2^cj5.L/kEY r<38? 5qJ$#+汉[,3&籫gkzٚDPNbdR-15<<]Lſ7o*lz/9;4!!bi~hRgVrSCS)zSAa% n IĬCy8bfl{L*b`.i$ڙ Amplh(fGl[P64noˤF½VxbQʝQ<[bhOKӎC= R IS"_O2Eg%hXugY&(0z.={WiYɰo Pf[sD/&S;a3?%!n!:BU,Jcuu;BWNBJ8ޏ?Pp@52eftDw k,6ItldK).E D'r֭>?RQ_G4&&Tz(%Ȗ*]p_sCwQl4 ڕ_ <'L(8<ҟ[B:+ uix83@6*ù+Py1֐z,U|nmPp#< .tdTl mmɠ ;#b2C_||wIѽTˌC/xW ,[Ya?#6/ !yb/|uYQS׷@M9 vg-g]n(I?w6 bƿ|@GGL !V5ӋtJ<3ȩ>biZ"WuޖV)ҶAƼi"YgZ^xd l6&̴Շ>>`RxO9x6ˀC>guȥ:7thJsx{<71_`|- $uCoq(χ "al)nSWcuu6~ĩ10ť'j) {Mh|=op]F2ጉ9nH%:1TGn(ݘx5t)|ڴjnQ[,*w,i"Snd͵Eo}Fr xb"枳:ڿwP}&LJ I%_LѺQ}_$~g\0! *74Q,gj2銴%!FO$'IZj,~ɹ1 PrDGDɡƹ8n(H  ? Yl3eH4RPi;o=ڽ@pM`ŁeK38\ۿ0 @Ӏ%'uc UJ;=2Ť h%ӏnͱGq |iNw \ia^lWur X|ݼijw ?5xƁĶ PN7 r |DNwvִDq'/2omoGqdZILwxH,#1.fT'JM1.1\`qLĖǨ>ٚJH 56NBKoWJ4yJXrRKVp씮?)u$͇&0 3^&eY@]HJχقM"ug-C3Xͷ5eou "3`D 6?{)깹";$b3oS;WK[ HF^m*m$=ia:OzV)LV("n&k&Q?6]nMt.mϷ TʿE;;-콻%<&4 "YVU4 wET俸 ,wC?]~,./G] ՜yφf8fʓLlNWxW=Zyo]8EtKyreǹw)^bSܳ!`e"'R,"g!Re˛E:шdt° PqLdn; |/= 'Hu㹺ȭv;Ыж鼃{.О^b!,ͅwpہ.9~7F2.CTזz >Ҽ'cHyς-;1yWߜMbvWo,. dJP Q~^[E5ۍ6Հ vVؘpx{[Y'xڼ\t+%. v]'U s18ư@7 JD*x6V{T7C/c ^jrA, zw0jg !ciօ(9G'_эy=Mɭ[@ `HM$oy%FdkCI[v7O fՕ|fZDتⲊUkt ^')|n{ Z>Z}h2~ spuirE__=?fQMOn0v곗|\K(o wgN}#̓}XmrΊ2YS2GG, _O'|'eR'ns.lKxA2% ,sb?%a.#сqTBg0NPAW_*PwM>.gL Dn.*P2D sILBG=8hW9b 'i:F<\KhOhݿ9|1>9~:%eЊڤ;:ЀW]:WNφ8'%e93C T3H]/ô500DfZazgp)gCDR|',kxAN~ IZ=z}#:ȃYuPwT%Eur8whB6 : aa- S,RX@BAY7Ν)q}T:T?Z&ۼ~U#?ʅRX3xEI'k3bf k劚F|{=(Ѽs nQ\x-Oj`Uf<>v*ۃKy`5'K#]CiC#;lSFE*@v2{T%!srE#<Ʈ|X:vEб~9m)‚R.掴: P ͰKad"HBl՛Ds e<39ZѳYPUg##ą+dHFQ*/ya:DtZ]ѡݛQ]+Nbh>rTbvg`z?#b\&P=vgsXϨ#C=3#F|L_3i#氌Q+A2#N)m̚VX 5 4G=hl97Z9WqVYQ1۠zYXW^%u@h~B.?+iNesbKmliCsm#%SvM羌4syIaRy Fy PDvSmDH?swVv-^y&yDݚZ1Au8j.f"CcՊ (Vo i֠sM8%ojs|+~ʻ`':"Si J`m o%9l{{m|N0ֵ_xIE6swS nHf,L lL5GA©r޾k=in O ٕʿ{CitHy{>JD7aBy}[kO昝;UĒ<+re@fPF[\8O!dO_H| Qn|B$f}أ; X&ez M(_簯"ۻPOcdW9|:(HP|A]`K j5-M \sr.[~uOuIICd˳fK&᧹{lT$H׋s7g#ZVS_րDUE,]G~J+Vf!/ }lKϨsT^`Y8Sd{jd,xCUyŰ7\tǚTWA_JxqGUY_AUk.厌֏OKdZC!ZAY2d{ߤG5xt̎*mj+n*FΎr`^'Zts?lS7$!ӱx❘YmW>H _'M|+wT͟՗jE^XBT'oܓ dk㌷nטJOr2Y>! Ϳb%-`# {^F-XmIB!P-?訔sɌw0}785֗@tq(m#B+(_ |3ahj*/S**d-v8$?Ƙ+jGYY[}$`-:gF(*K n>?vƥJMFaJ b3X>nIԪp4OdKe_#x#> ے0=\\Fs3Ҕ] O}~o=c)]OƋ2eSD-Am ; wA(q]B\ ?1TĆm ޏBKUUǦY^\rDp+{2$uk&<1C՚|H'#c-j]6djTEo־Xio jWHŇWK=--Fi^'kR~j*DoAڀXm[ x Ji8cW >'쯓oG64^?fO'ҩ/NTi5Yt~Nb>ev5Iikpi?b5^]@BH7Jhx*,G)7gDžvEI _/*j:Wp GLbATӱLxLLL[r3vVM">|Y3oߛ-l#j$lqfG(ϝk1voB14;W}4tVw>|]#q;!eq-CWz3bCc9Q k`Fڨ+&|>\) M}Ek4FBdV/-;L ʸ 퐯w̤ A̞;*Mꂈӱ9yx Kce Yqc~HNߔĹpFBQ" tL_-;Ef#=tbkCO/N-;/gfh{/`OGI;f{gaC, 7LP{4 $x6@'2O92'xK3RX#̓ƆY@@|f@8.<^)tӐ?5(km.[UP5|p-.0 gbۑ}v%;j* >U]./:Mnj)f+@<"r dh4ͧlh;T˪N 51,Tw"eNw7ȽƬC>Zkd.Bqwӊ1c ;6;Tܲjz'R ~gy7?;+YT?w[~)5zT}nKL\5_ S cUTYϐB~7ȴ]LϷc5whJOϗ sRtl3J& DA3CຜR/#-1k9 E*zy`H)U)f#w^.~X$$^E;ltGX iTt%vUTI<"*y ʼnKF/znl9nK3ڮ)TQ!/e)NkC9{+{ͭ^2A_E,9װL<YqsS̘UԮkBܰ+G]MQqSgQ; ܔJuZhW\:,;iDŽ[Øudx0ul:|u2ĵ8;!uf4y+TR /ɴQRVFH7ZKc +_O*:jDRe0%EApxYΛAT$3ULaQ6N4c #j9/5JlKͪzʄFRga"B R/v v;¿G^(s Т79V>NjoG5$g{R'hrQ! vTcz%`Gí*CF [YXW.xaERż門]-RlJg$9K(|5U.~g`voZ yhM<ب͔]nZ0o4#H0:`*'õH^uKES3B`GU/mՖaAۣȴ?*8s%Sќ N =N} ɼ9[39;-DM y!'.[hOXwQsq݋[,eԒrBC~1sdO`оrWv~5rznUM .JjU M|?l 0>iĥp Ӥ[)9K`*E1,'MEZqM+w(9+ `.f@OxJDʥESn|S.֏Hr4%|l% F,3ZDkI! ב=ʴݩ cuF rsr6Lӎ UT)'Qqe[7Ӱ٬1>t#lY+/bRcu-qC߂.I򆚩%@wNWdY=4,sZQWcK^<:69GK$f .`@[ LR2ܒ'4ĀsPN[:/T!5kQ87 f}(=ҭNL"!/g>/0.ACTpp?mxP ^J癣?6.K2~e>O;>|}.@+0 |}܁ϒh]>iչĵ!4 7㼝MgꈊV99dL T-gB8x +ֆ{^%0d9x2gKjJ沊HZO o;e}^݃~ݷamV:Yvppl{ޞ1h Qɛx}FslDUK>%3YAp1v?kN.tޞ߹ eSAcyd<_ S;+HtgV+螆f{ H \\ŭ| tnIV{ꦱUE,}v`m qD,R<,99dfDJSM˓*β <)P\; 4P Dظ臝D0z3 teyw[G#ؔkh f,X yedh1ZR'hR<<Ç~ժo16Z{_Z6-]k^jD8a± N˷DTӤ:cD?#qHK {IpԈGG/\ř} !M]@uvu9n_SiG@O"@( խkkP?fTLۘG vȑTQ w_f,XuQv~g\>{Rw@TeA@dìk_bn2P5xM 6&gDiVP/፮0;gO#t pB>*JĊZlE׶o߼,.*p> f/oWqjpwSdsv5"5uJ؏(i}2+R%8Vttc1[~ [M ?61㑯_eU3I';][f H{Ȧ d6_ȵ32\w"H noc-H ;L),<ڀPj 9 0ׂ'5Ao`fœLF x7aیS:8L(&lW=h+ 'ĵ5؇OI,Ի[i"ӁCM: yLdFl$xN=1Fo&u8]#w+wsyz@vSH]Ÿ2P*qvFe|i>-Y!k$$Mt"_t8!܎)i2/4@K<A;(Qq_"OȒw"I!&4 uʞ<sNˠ#LG.i%Nz*ЇO=̟TqHG{Ă6L40j?5h_De?;&|2"~~Թ `}9ʰ׉wtfmK#Z}_ e^|a ^%b^m"! ~eJآ-iՕG9-߭8zSs83}P](pj)penI%` ~9_2I}( dv\c(OGLg䐗w}L I144F 1u3 wC Yx?sHMIKp3k*ovP(mo|<}V7򁥆Dܚ0m>[lz'awu-lԍ]7<Z 5n,\ħyrg'm;rmR,E +suwzX TΛQOYL]m N;`wׅkf (퉍$H6 LwZ@UEt6+V-<]Lw[iH׉w2f*OH՚~:`0Aºs u)ƙ`9 Om!j-ToTnA47<)΁%Q,$h;ϳx3V< b}D,g`^V:e%ɎNO~_ 6V#ფ_+u.2_O5&]9tt,VB < Li\ O?{X9K ^3:ttF ߏa~3 *w}^q)UPʬ&hL'{pYئVRś 4^' 0P9QÍhP^S3Xj wj^,j|uߊm4@Ri \ Ȧ\_ Ճ=)k xB-I#,U6 :vEbFeSF1xԂס'$9KeL&9a;@M9r A ~@!#BGa"XVnc:+ܗiU!:I}(ͨs3@x5!h>cu88eW2ôX4٥f©_wjP%\?%<3Q,hlY{l]^ć2=}xk,4AnVi/vȥ'-cmxqc;F(*{xZJ|U!Lp'-ٻ%pڥ#j& a@z7v(#x(nE!=u|[[Cq̪VkylX4{n7ع1J_5ZUf$j⿡#7@5SbʩD^{Ŋr*-&^n,˕Ϩ+֯˒g>J`G{KM ?ӭKNgoWo,Nnk>4 %*{r2epub$,=Jhi 04ßIZץ9)̏a OI&sBj7F]DJ v*2s)dHyԏ[+zxvkY <Pⴗ]QlCe}y\a*?bne[nq͡bIrzk 9/ߴ6Ȝ6 of昚+\eN}- 0oaUm~mYn$IFIpo29WjϞq꒟wlB䴾m6@N47/҃/l_|r,Pך;CtG/o޺ݧs ^d4q*^ ([{$,E@E~ME.qI0q4'6w˟%c,>zO .ŧ%9srPVf9=a2xT8ٞ )U@ qsJ2Xy]6*`zCTKzfō}BɈsߌ7 R݉>#)G-[Xޚ#Yq'd{['SXD7D*~Y%x9Se1seN (B RvcDR.Q[w6l"Yb '׾=AQ3(JgLA}i&TSvC_ pvܸ5Ғ[7|5 Nl>_X ռ&8[i; */=шuW8uS+3ڹCө=t'ҪJI0~օ$ yu\ = rǯǸm۟7F.'>/{ήb8CVތDc+],}"ϐfy#;_fT@s#ZFM"͵csYl)?ٛR g-x8@Ylޢ[ => hٶt=mX"6&L_x45C#e#LiI^*4<WqtlnRzHn7jEJ_>1Z8. yc_xx4kWPz)AHRm"O=X$]Swl,=dQH>Z^'(v`$%`sϷO9|n~Js4$ g@^Mǻ 1sihTN!^G4OdlBq+ u+WS(G;2?_uwpCS _LΖE=ƪK4 MrnƇE9k~Q@A" Om#ė7k7'm/`ـanfnGzҙ*hv%;T҃q_z%ez\yaF|*~:Mw\jҫ<$M"|F H <) cIR{Xؾ\Uҙ3Dtr~\ WӢ_'Iv,QZ{<nkYsu+k 4u`!@dde?oi>nt7ـ}3U=3i f ݎ%"~womJb&:`P*q-WoSFRyCդfגTLZ }릋(jG*UROc@ֹ9`$| 'J<}VZƿٌuPFOp B7UҹNS6ΜfW`}{0Ifi\1~o SR mǥ&"-lJu\%,x;q }d- *i'P2%|9Lkee!qγv;`kn27*uȟJB[Ε%yRKu5VT !̚ BC]HA.7ЗF0s1>yDM;~:, WD4* NޡetM5$ p4Q-k[}kO^ -v C?.QNzg]~;鯄OF7HֳņOapaK*rzxG~ѩ4^36WAKIdIY>YU,f9u&`dL%( ']Z.ɽF:WM XO{`^2,DT~q)j"VD0 aH-!1~JX!"tڜNY s6(9%=̨2|^>ɔSjp']ù a+.$64 ;R*FCwqV]e2`GeNAQ6v8,^.[Y`ll<4K]< JK ~zA F5 bxJmW^S &U'kq_fhVd,~4I,lăQwK^ `E=GjPepUd@&wNo W11ND+'4ao @=|VF* >%tݵ1D'j6OS׭ i|97?D^uF 9)ϜvW Q%_z8f2P#" %/3e.U&:xڗj>r NNMz8%^Geit3H>acׂ4Lrv'w&5lS;J:l:pc)90O,~XYU6M&paȱRyhQ%B#Pݽa#JN 5L>.I?UcW"lvy+}RwDK7 [B?aˆ&36f.A ͩ2VзV>z!'Eӿ9 '떔36Dnft&n'A> "N2k23?Sz2_I  +P7 xw@ljw]TWWɰZ")H\I.76׺X\CĻ_&UW~,ie6ä; #2(m*gc/''A/߿`tˤ9sΥ6{|m4IIWk@e`+ r.dm'c&8ozBn'?Q:L֋1Qљ^gm*:c7*({~Bj=9NI xoZ$ l"eWZX`pt$qb M@RYa9bzn.gg ,^9htyߦ.EKNrj.[!M?y&6A2M)mi G@0ݺq45mJ gT1c HU!ϸ(MB<x}lyvi;7 is={AC)Kx RxWM)namf1q9F+0Phn?OT |CEHV6bEKA#_ǎ,P,hm6 3o޳U 7x},{DZ28H WF٧Nqi~wPԁG`/ƑR=R+Lفh`1<-W'pUjtM3Tcv?7nw8 B-?^܆՜v7S%#$+@5Jp,ʱ {ÆL_N x [/UM gT?"Aj DC rcJw;`xϠ3S~pb@,M,{ V*?96ceP=x r0wP&kf6U0qJܪ\ALϳ"[ҷ' }Bg+; [M7-XTp c20VAfʍYv06OWX*E7Dc9Z0;!>KXGާbSޚjp˵mH~8Sq~S՞Na )M޷(~_wJ[Va6>W^FEP[!{䎖a8zPJvJ B`M0*vL;/F&ta\`fX?Ԍn^ C!陶L=۝5eK+`qlMD꼆Sq)#~(*gōT_AM_0X݆{Nt'jdϨZhk X)v ²r Y50.368(,L U$JpUH8՜7`%(ɯ`tg!L\ x{+.j0b2lo+A5sIk"TX5 fFW91А ha˓b(}ۍ{'$K Wvw~\Iq Gcma>xH͇GKЧϻ|}L?rR~V$icwf ^=*,6]^;UOC5o4DAˠd&r-c#`Ov5,wv^G_f!ȋ(P`ϘZ A6PmO *Vu6~"%STWdó&K}X txߓK1R_ܧEZ?kzaf"}jx${vm \cLn3yOz@hB,,mvALo_`g-{3lgKcq7)/. vImTiFSU[ڡs R3B PR?L\L3_l3.K߁&? Ne 9Ҹh8F9=UL>aGO]q$Vy7};ffTP91e]TYĜ*/f" tHX(Ϫs5\9&8V_W$~ c2%!YIz[+WL6U``B!}+NxIp̛e@]3~9fE"nu9p;Z =v0̈hJC OZNoTiȳd'rj*4gy !._No̸7HjoM\=s W1rz1zPv&hkʨIFX5i?o1dR$|OJќhi5DZsZdX Dz OfvwHf:U #aڙt *7Y _`-!α 4) ?$1ZD4`"XjR}VKND$'L H8f֊ק63@0D:jۥf]KC=3-$d0$DZ_NJjNuzzePjARMPDxcSAV@d_v-dybq7>T?FWoؚ]RT9. ,s/yj͏hqX0i)LGX5Ah: +j[˥g~՛>iA k1ҫ3RB;Ȉ0VK>:Lݗl{Jf9Wz۰Rh8=D4Ÿ!2'(}J*9܊@b 7cPau[RY-.uM*5QX_)Ʊ<X^VwGwO'ѩ Hi+,Ŕ>(d٧ i16U@~_*I}"ߜl@`\L~p,O$ݕst6 +^-ͤ8QOU.Tp]KZ=.Y\hjoȉbbYND]);H$oҗvT[{C$t>;qmO>Z0e'qa\]^Ok.0Tllu'Z)/pMQQybJ(ԍ>ɘa\6xW~K1USj8ie ["tLryH=5wJTӪp{C UZlv3a]Y(%lyi;DrCr) s&n<4R{+Pfv(81&e5}ae58aH/^1[S#0 ^j)ka)o/bǩ2YZcM_Z͹\U ^9Z=sTaaQԟǎK aZ$hi(WiC'Lw=`h\2il|n֘Ll+(K󌘡N߷D({0Bwp擳*"~cΞB^R`84I>Lm[Qo~5/ x!1a/EMO@e_,AY=]Iħʢ[&!]΃F QbL,d65>0Bڒzߤj7ُ^f: $_m0CI"YǝC(:NX_]<06Bk/8{JZAH6/11Pҭz wPwDL?YoZ!/>%]X>{ Pî{a URs8Kto֫/M@x-wQ8YѓS#z.knL߱xIL`e.kN:Ti'LfgURY VLޫZ NFC bYM4yb#K5c{1E`7IŐ}|ݦ-'Ej+ǿK׀ޔĉ`ۈrSr|I޹«z%*Dj˞h_祟S^\k݉S 9~ D3QW⎁]׵겸-*?we*J6h{ޛ#S8ꫂf, cr+:>ÈMx݌%.wnz>9qSҺoYrJt+{뼉Ev+' I~]J3c_z<=MN'ɡb`%|+/cs]L ?2X\J QvcWեJؼT0I˹dtLn NqV?_%!8='H_W[0|zVuX٧Ѩ7;7izo>w >f9x7Ոj 5A]̈[mOPMW^uD0ҏ{5e͛"c =C=4I䎾:^h1 ? ؀9ch4 5:ٖP}C}ary-#3yS]LwN2$BĖŧ2Oe~:ۍ|\%Du_6WάOi1"~_, gP\0GjXWf>m]i[Ӫ3Ʋ"hSc\O8 @g2 OV==;QFBkDp5Q1+)iQ ujG)#<mzxS؆Nu|}弘tSY|K ӹV$(38ZhZ]`A|F)?G*~Gj9>Ym BzMREHIMp;ӯ%s|!d:LJbs;Sχ] ,Wk!fƤ,ab/҉$p^v/HǼ2w.rBOF3r|P7j9!4iVu{V#o?do)J([U/:~bL 'Z3gYOd 1,{iqIV,&YE)8G0Wb KM,|_t"Q!Нe' UA=.k'rMˉvo3EwˣZmNN)*2#L}2ޯَ#ěVJD\1 @"2Pw)<<8ШIf`8`-o 4:R6th'leu4xV5|n%ljg\zfd`nwɢ݊ ].:p? 󳕆;bIH\ ki)5"g*ȎzqH16F/82"7cDXkTƑH9x֜An]U+?1ٱVEJZzC,~ G9-\*NM>H +hΰD]Gy5(`i}1&")_+ |8fEyGt,6T!Z+5tͰuukB Exf!~sʬz pB#d a)ic#kنR< Ӱ˔)18dwݷv}J =iIR_͎2Jo| 0Db&SDfJك3$gxlP|% v3;w ObCh. dGB߹-lin6W't|c?oRDZc-"И` qf|+鋊x K6*&"Tw E}e.'3[>d1қLbF̭oPREzs7J͇+0ݰmpB+$۩&A4ÇAl?M~ٶJKO[0e'Tf;]SR ρxa.9d&+U֘U- j&)BdRYʨ%[qfw,ZY..{x(% j1g}dEGjIX2ZɇXe ;+j}jX:B f9UnutV:r-8+$"ѯ?X-T2/9q~W(f y%j"^j\? hbSGx|!R!͔R$5$(CGKn<;~~WaP fr#kM˦L m z% Xz$|g2s7L3&`?byMl)A`*a-n߾?XLYE;)O0a]f돟) PmKU,8&)J=e֦}5lh׺ޮ,L){jKnk)w' jP2TG'l`IГ]ok z]Z.0I ^sHC/Z(!3%,e@]o}-gSac僰똙PrdBTM;&-2<%lBO}٧->7[y14 LbAݟ{a0Xv\TH윭Trv- o7 y/KzNTNUe񾏾-_ )^;Dny ٍm-x*mhɌ|ATN~]R;`ZzWuޗ,a5 }wTơ;0oWvf| 1̂ !t2i`?4(m[O)qZAڽ`gwBtǨ{]u_x5ʼnZ/[S eh]J,|I5PTHnuif>3^j=m Z ASA=5+ƞ @3X,]Ӥ[^C\\stXD±sT]9Wp B{z2nS eG CgGFp79!ki]bչQ}rPljMGBʓ~L7ÓǷYx}'9\[ϣYO_0Ͼm:o%!?l!ڍEnz#!A'xmg%w !!߅i>hN KX˄۸hf6M^7kbi6T7GpUn]);mAP_^wiOUzofclW.y/{rNG8-P)`I'%d8/MQ *r;с,JS[#?У룓b؉œ:(Bp29ZӺ݊4hAw?FP^ol#'d )Lg"k6pQSǒ d9s|[Jw{QHp|L?A'{ uIʹ-|H #) {;3v5j 8 800~~ĺIu|gV7JD9eջhzs)'Jx-].swcFl|凰"_'o.AƑ$'blaZ %HleG{cZ|Ϝз3JiEq@ΈE4->\-6u1P-ݜB'Q\vSbqnyWI> %OIkVj{~t5ղ1*BH]uLIyPx5׉"k\Sƶya1!Pʫ)GgRO[9` O4T|a^|y? My&Jj.!Au x@*keZ &o@Nwf8з 19tܷ 7~k h7hyR\=bQ [fz]QDmYW}%1,d*_IWMY2aPs 2E jϛEs,Q$J?ZD)O j3Q .мsQ(5\% vv^u :*[coފJSU>Gf}CH4s;7}! ; 㴥--Rplx1utzyP&w(awpg'>:QgY&[Z7Hr~s0:JE{6;ܒieW&h}*{9L=X8#WA٪n$C<v'=b VY(< J SBUo4%Ey=.DȈgVx$WaW5ڞs#"wfx4Ic+tg IKo_?Jyb{KiTqD ۛ#x4!v5BT;[kJm5SAn7jxK?hUgph1GnN9RABq4W~Op!}-ƾ< c~\f8C=u$b tHlT*FT@]|5VsNoC=ՠ߄C)CP#ˑgMD u([Kbad\U'__aDs03 ۍ|02Rm#BN&Vxdq^#pc$ X)ȝE!PW|EQɰyE9ÈIrcZM"VWPx/)!UadR PS!its&e,oPF1zX)OZ4+0bAt*:U['.u==IhBG& Jp18CoQ.+^Y)ØHAVG&[}[|UYJ+!p06dra!^Vo(Z8Q6,)w5oًt7i!ZZ<]%Afa5"ͫ֬AKX+B7aNo98߳ Bɐ/t'H~LGbи[ݸg (s8"(sm ڟ`oנ(v[ SaRz+y0:eOWP;;T{cY@%oYb$Ts),M'li^ .. s`"T {HG{^t ]zFoYzaA!gi47W߭9R/X=sn) U t~-/0'>ޯ.v~WbBvy;KpH4:'Bgޒb|=0p{^#dVxOҘ !i r$[rOs;DNF():ݜ?ּe ,Mz r'}tѹ!w^>֤NßKU~tZy*fsTZԾg' ]]L lJkU$JmPzCihb3fՁ&z{86Qn߫?PFeQH#P0t}>FUJ*gb.mPpЗ!Ο/*<Wl YGrer<S]QI7msG $ .0}~sag>%y|"-Ae@8L WN`mtjXd~3,DG}H^)[Mo+Xa7@w&bM擎wh?H8A%߷&P5.4m*MVAy/ P$_R'Jr!Waj\--(A ԒHpbCbᆻ;Y;du^Ҝԥʘr8XxM`Oݯֹ֎n;LOk̸ kqLA:sObǬƪ)'X -ݐ1~=ҲjE] C{r-hƻ'c~-{vP eZYN؀Gwku>9UNqC%2 G2B y0$BM*T,58Y|eHЃ2fУ0Nɏ#21n&Xv톨mɺ>-8*N)&v݃'ODZJWJ6܎I2*x5WY-.$G }(M%]q29-]bVv܅ska_*!m@5Ι7UhER]F+;Մˠ[4jD_ =O@Q"}0@|,fh+ dU64|̀PV q 3;,kjR"V#-r@&'w⳶ LK'Tc݄K<Ҽq5>6KT(4CxU鬊,VhO*т(跈e%TFhApWx ̵hZ 4A. UՃC{.vf+7 ۚ-8uz[RףtRiZ +:`6_ &dض#{uC8Z+!B.ѻGK<{أQFOrɾz75d6YyZEN Q $ek2CַXCP} gZ. }KssXDz7<]F]##"dZSѵhJ/#&(>~9Fh1I2Ɋ ק`]:wAj$*2vY6asdɩHWu] +Olg AVAxJZ:4e?"L%@_ڙtVlk%c;;(2T*sc+s[h/#"gmҸC %uJQ?v[X}_v獊A1.%DR.ͩ~rba\{c'#\͂ӭ,e-<{6ykKؓ3s^;_њ R&%P:i{-t)Zգ$# }̽6LBZ FEqDZ = _Z:;ɏY[#3vM V^-_$Er$:6x{k_ţ:'S)$3ݸPrOL^>/aq7!MM|jI߱-aur&oQT8sUS+pDAf%PX6Ӡ$ٓx rsG9(k9pbTg#re(b^u14A"TvK.J5fg1ٲq[Ox$;yoN[m|fSdHoIm7w[4|c\hQ#|Ցevr}vP3L/B3-3Zjg6%ex3B^Ũ|ʒEnq.qN舷q7ŶVedyx%>ЗQiX8h[%Ț#@B :z󢿯mF>M[ߺ0>yK84x+eRLQ >Z0d)-+hˈ."dhpR}aЬWak88KX{J'GU҇ǜoYdrTwJ[ێo3\ /;mMFkw. NDMΖh8(R@JT MkKpw'p꬚h*αd^w.TK#I9!8HC/+hSl XR:t5XT̍I wb,D>bx iL w:wA2ʢԖܚ#OS (m'16/'P96pJ<0:]b9#> եKo2aTĞW/& `g&12.&;Yy̧]ɉ:,(ؤ1~aoRE:rR8ݔ>er{;L5'[MEt<}GIƿ@<@L)[k)#ݱGƉ<2ɸCt-.XrqǪ$Ƀ~)89aY6,;|CM 䦁Ÿsg75H=٣TL"pL.MnR|um*fzzTp+ٌ{(yh`pM''}g&^JH#=]Y VwW6(B[ǔr3x|hߺ#C_KYA"GA+!EoR}Bԅײ>=:TFlp>V񘝀"~/ҋ 4jVs=c#a $W0]p?{5'#>r3%wboD*2C:&WW>4I5\7]r!=+oOSQw*Z8sOgVNuEf9>~]NB $xč'55s``?nknw\s`/)dOIh4&5Ѐ s:V[r;H8<3(;By㤻z"8KlaV,5XzgiՉ8=lZt~72ôlao-e'Z<3@=V<\ՃjC? =HL5[G}5cQ"ܓ@5&g)Pp ~ q3o-}NmG#Gΰ k6@*y(t&=8Ec 6aù`<Ѡ#cs bBZr+<;,r W!] B=9g Rٰ͍/>Rce4(ЭLUzyv˯d4d'MDbxc \=:M. uf~ckuNK~B.ŏ6^ɝW:mxfvmůfg QWf'wеmXxlaqfdLv 11Ju4 ,Ց%c}qBL k et}jjATKbP%Z9'@;.:ڸS\F2OOoV(#|o’eJ4 ǔ:YdZ0g.4zjC7w 'VQ%}Ҏշ `6X)@iP̘jiB_ 1$2&Ĥk|b,JB\XצOXYptL ǡVVz6!CnSHD IU)nQqn].|7=[$vg[0."}u jwO8h^&{Qޜ 냋L3$b]8%+jCK՜WV|)I~BMp*ޝn"0RBy',SԝH){ްPrۯ}]!QևQp'=. ЁL`mEEg0H`Q-FD:y+e0|W 1ct)~?/Bw:0JC)йHGh2<vO$VuNħ0fBTN@(`v3u',Hg}{ɐng(^q}uVM]OgFmhȸWDF4~Q酺 > nHl ֖]U5ʸQ:`|FFFM dHYڈ?3?Luv 'y7{ c2^dj_w]n }O<z jMZ"v,(^zy~TI#g 'd5K[Ԑd|]ژC({LqwG5[ho0Wa`=n~&u|D'~m"HxBk|cT!cc8E)JeTNێ;/A:,ퟖY;g{r롨h>8զ;M{‰a^F )Վ1oΧ [ъlp $|;:q tu*u聸ɠv5D u$vG)<) cd u;m`hY]n'oc.t+BS9'GO*  5nsE5dH39[_p~Mv)o6?U@i)m$QEk'<ۏPHO2 QDJr"knn_rUbwKO4bH_A3݄VOJ'=7C|~CٛMm鞝)l$.{5ڝ1?hR -Ƣf'NzPS+N!J8$s_n#vU_~ۗ_/g6Q/DAl|j/PT7 6rw@ϋlp" :AmJSdq!^:qA!_Tʝͺ!*5D8ZQҧgٷ@ Y"!,|׹BѠX(tς,))D{Vp&c޵j>¤g==i#gu5,/T}e)0}/U&^C`m^tӞi~2kmE)NuZX@tm^l/,RK8R!OS)(hȩ9,ׁ!QB/¬A5h(eS1 7'_ӜQx; h7X#amZ/=wƭ3hWg[`I) APw| A`hp!p:[k8&D6D/h6 Y'Qw߫ [It40HUSZ)WNRb㥦N'i rA0܂~‘hGuRaHa(: =*;ҁ Z2R*oftN_h)LJ"Dt#Y48fżvx՞mXm~ fظmZî.Jtct-[Pjgoȫg&9s"Hk3c\RQNL֐{ !A^hp%]>#'Z%6Jd8T1㕮7hj/4oG~/E0EcF teVI荨ԯCG{3=j.B/m2XvHVWf[Sl}0s C[vzo-)yӊ1ô*?gH*,+yq=ǒh'& "ӫ V|^ ?yFI=s^&8-1`k]{1, `x3a{O Vf$T7{h|GrqݸTqtI-Aq&[*0^;튗O)nrqt'Q[IӪ#cVSHM n*0z&[*Etjtt\zj>@P9vm錨%7hCz(_(} JQA|6C$7m-Ϛ;Q53)BDmcy# }ʋG(N5,r~cڜ.?'i7?D )ץ;yhcg3/dj""i؊c7U7I'g_kxq)CO݇ 9l,K4}cPi4\s)p@'/\J`uXHq4dCDKaNdkΣ6 +\yɟ("nXwH·C< ~NvƚGtI3- UF`M Sġ6c=@kWݰ3ꍇ(!F w[ʉ )Q;O?Q %vo5ߕ/>7&|ջMEڴd2@P7?Rb)!4 +}e>C(j̾|I(Xɿ^9*?WL) !rktY ~~qVـ۳ 1+q硳'@,_tG(vDŽHf }?hk%tp0 αmEWe x;RғN>OaDTzGC$ ASnJnVzF]q$1a=:P<V-g\͑=0R69,$WFΘ[gAka.[RE{.>SQ7tpS,{mvf"?&5`[F WeY8z`*f7;ck@Rw }¿8Q^[aɊzT۟}q:"ut`:yS{L4]gGBY^ڣkbr65˼ MnP:3JL4l-wz͛fU.zZQ<}kP v7~J9s*lIqoNhn)} #T.v̀X|{"Y.6<~垱u "xDj'coq/h@1-$Vi "KRv~_1c n`]ah)LA]!@)ݚg*N#{-{: y "Κl#z|\@/Nc|Y5Z [}49>CkYسfG{ g MsEw[zJp\2ЂZw POirۺ ;wSnSaں?61j+ P`׏Y}l@{u>0W;AY\i>:} zrք Gy=ړ*~Ǿqr,=)gL "[fx׈K'ѤɫADEΤ~Ծ7զJ-w?tDیE/&kOHbݞvi,J9 X%I˲%"Q-p#e>O B׬R^,X[Vi5JFB,&l)_TQ>5QC_aޗ-\.𖩚ɵ%7csup ϵzS;W_ʓ;^hfW&bt?5suk:s(yW<(%"Ly3 ymL-2e;A7ߖSADZCXEwvU1CJ&O4=8)tz2K% OY$4Zw>.H=oT[%HT"HK%'k E\?jB%qŠĵmAb!y W+!+6[?`JɿQ!=C^El]z|#e(GѾ:ㆤ6}psF1^71 Pr;\ɍP$K}#7F$ܢ&S N)>7vt,eɥ^6@*k~I5򟐞հ$34YngbZ=޷)@TLF}1Eb^'Qck'#\}wNEB(lҨg l2~*S1w%#zfAbݸ1:vqƸ,th iQ][>X{`D@wTHeI;1 rxib1|t$y!7JȊlh?E8^Ʊ5ץE1*`4H]_ڄ !n?(AUAj5XYNsMuxyx8mI. [%`b𰊶J7H5ܠl{Sys"~Y=Zrߎxqjc*?ͪf勥E weX]_Fd;(ZFxdSݤ^HIVNgP v݆ڦ}zVObOQ| lRidf #8in.sVM 8IcKM!\~ ڝƶ ETi>3>13R6{&2H}\7)׬an A f8 YBCb9cǰ.]gw>OFC 0ߨ*,_(tUf1x1Rj&!gN8(B bmq补"h7c[lQuN'$~yM`7N@_ d la{s|Ӿ.d̒Wɢȍ+ am0':2]\0$޿!sYɏ]*[)ak-fCUGyIΠ#*h1 nVnXxL1`vSw2]:Rl̍5[ѶϠpz'ڿ@j[/Vr>[e##d阗{il|ǣu䡒UHeMp:EcH!wJp;R{Psfy\Z*@*f.탹蓵mw"$,?5JBYϠ jA F㫫bvbi;7ZVSpAH0ID+^%Y@ţ*lhINniuM+s"­n C@ ۠bZ]2h]d ;ܻsO|c9Z1hVL#ǸwQ2PbX3 ䷴o2456f1+znCRQ}xmrH͓2>rCkO&Q WCAU։.M|vH$ŃՔ}nRv5dQ U 5fv["y0[-d@r5 Ä&z9HnVh8V_yq+0 ڷnO/7.g .xMNcL:u{0";pTF+N9yb7㨫XXPƈ_5m_*FA$O|F ,^D{Y}9_u8TVu&AFY~ӦQ{O66GTX؝j0ٽ!ADcR)!*eCZ H^;4+WWς.0Ur8k;ՒcZB%M)ug2h7\ 8;n/mHv(vmR mOjr^l\,hɵ;il]&঳ ʪ2nGnԏzgٖ#$ԟas*/Wՠ +ls 7e _/[J z ajRl{[N{հ"JrjM.L&cE7 :6?j *@z^iQEFxÃ/q..Yj/Q9J\9|!yƻֿ+-*M]lIʦs7O "k.Q3V,<Ł k6dHN6f<K/juSx6З~d?:7MդV M)b3?9OXl9H& ^WO@u..+6qfSI ^G>.fp)+2_M/]fK5k9vu%-G9ҳ(iozj7j $A(J8HsMO\M4 ~̨x%V*i"ݣJUqc*d CRuT )x|Sz@ˆďy>mKyOP Y@1CpSD5r 7-e6Zpy (t`eY7.o̭_r 9 u"+ΗZ{tٓH _}WPtѣǟQs"?WSPnBT`֥gD:zA@l;< rDsc0xK. Ff14DVV!}69obcVWO14YwHB2X(IDgDGI$8wLjv!R9/_GHF\\,7gE]4)ܰik4;(FB+V/%ud9d.0 CX` (oVc7)>gVk#acIw.iTu^٣ -Fc@˝Ns9n I0htm_y{i83lwrŪōA=Rhjn.|InFN2ٷxp\Y/-ۘ_Y_TBۭ@zV*yIؽ _:DD4|b-$SM{  (DqE2Z v\ s"ޱjvwǔic5c€fioL Be4P gLVWw,'p(3={t4 Z3\5jfl; >Z5 pㅱ/rU^_!=4#BHAY6\𠤨CC7Eh,V Gj/?jAiԃkq>Mn$8˸S MG#N!ʜ#AkG_pXE`b0 w͛EuٰK@wcWVJͮ >h"쟳birԷ $bBZ ǥBYS. AKq[t#Ya\G i-0!3Xyi.VX= U\|Bo:z2^:ZSKzhM#θS*hqNYؾO rCGl=:N&pf2D"adgaZ0 }Ę@0We>'Gk/p*`l5_,]X(X5 evB*0|@i`ƥeZ;vr+$&A89+Wn X=C~8'].N_xVmE9luΎ(C(r a#_JG\Wtz[/<,WS!sӚWl:Գ\ϦZgQ, X$+i2 DݢXgÜ~l?av~o'BWIi >(rBU,߁+ñw|=K Ci!Bf:9 ;h8fOsXOQ͠ϲ 2bm/J`۶DWXLAsD S@iLi]ZC!݃4H4zƫS?h &nΎ T*lgƁ 7[ʵ.(Ю h CﻙwRjϩYo:oZ+w&ǬX빳,Kh;$!E5EH*tW =VZOC@"~g1tsBkv{ݨ 7nn}G[=}lg!%=Un-)ǝyR>Y~˚Ο#Aҍf͈PoP{Svߟ,;,(q7߽p4'F%QeRpuOm+o9 ;^ = \8EoU! N.}\>L1? O5l񱧬ODj^:WE?]R_6OD!gy*y16K* #/nF@fY)ym@L%tTl2Y,y@M;Tzt-U~w83 g%*t-x("Xa[ẑO5VmU:QfWlEXue-tp-Nd]:ӵj$1429n42UxtM«G)e|rSJ0mUgL}wB~5G;v:yWe{4uv 1% F^dUX[dܖ_ QFP*vҏ#ˤ _hA^@uJggў[E&N>@~H̬t"Ą"~2dcpadgFôpqB3" _qI}Laħ儉NSJq‰Mхn(o;R{C.Yެyf~[An|@J?EpUKfIP}[&K2z?L,͞!?_JF5++ 37)M<<*Z+Ҩ?5#X*b6_ʚ&96#Di`$0L$,AE|S4tkn>)9 q3|t*&UT wq|Ȃڱqhn  um EWf7/#~vV !teunva<,nDMb[\SW]W!45r)ٱ]7]w䭖Am_)2$4ܼIb9YhxtJn3r:O:Hg_e9ѹ_+K\O= Q9=.4R5nv?~.`h6.)8rM`^KdfgA4_5'>ŷtY3~'=dhSމhEXNOL wiu0xkc/)w+vfiG+;5*SO֩$ ﮋۤdΚv '{T(dp*% 7PV wjH|G  *;X;2Pbac Dc.UV9=8_-v3` ,_0 :$2[(;$x}jzdV)`%F(P |lxU[pßݣtAb>\kKd"y*.}*!2JϖӬF~ti{ o>ýt%hr~{@< +$Y,ʶ-мUcY6 ;4y9wn><&9d#IUk좍+ ~7(j<=Y 7 >]X5Ǽ<"6`P\[2@ 5Y^zyi-< lzR)'PC*Q[bX"i'EDz6Yx7lʖE9q&ٶ d\.b:j)3~ +:e@.O;&@Obm1H褓| 5q$nolUjM\ pN:ٮǛYD 8C%%] m2J 21@8RkD:nESV=ۥ_-4*fx3Io'6#Qc ߈QV)P'凳u)/YlJ js=#͜sgpbf ]6&fY\!W?fFcMLǰPgx\+N:0|CXDѻ7՚{=ihO_ }AD|ilseHvСK{[ObO&56N3w=+'+▽'w!Fqg0\>4R>eл^NX(ר)=Ej|e.z Sږ-snH#T'6 iZO6)/R^9J~`pKb4bJ8(7 (voY=s!<0Y^G 88&kF:G&˘AJO傒.9=ZGxYqh+?MPL:G>M49ޮdG)g6 ˲PU_`M6,?5tV|1_&ZnE<CZs9C$ Zoj A JݿF|Lb \ό ӱ/ _J ]!/=Ky"Wk|7'`<.qZWw< rS*%J1K2l~~fgF7BXr0r_glj A>X!*R 8! 'eսCӆ3xHgfL:L~RYZh*k :"U(i]?.ņ,(0P@_h#'ouUZ%ed:x3Xݾ8Fҳc u(+0HDPT}Z-_w\z ]9Ebv|C⫥|c*6z`o'3?\) ~>Cd#ݸ.ϡSȊqȒ -C@&TR FP\^)K F;3ߪEq8m ̐f/U=M%Vc:>Is12ӾpǼM0oX%0̟Zc7Q~Q,w=Cʼ%o-{c:z8{Yii{O|?oOP d7]0'fXg;@q gC9'`)fb~ դXE"2@4%)Wx )tQ#*s @CMCv>8V;Lq.uWkU +c41t_ &g_&K\wx=aEb>.4j v)U uy#bhx `lC䤭.ekŷ,ZfMU%E&kOPHj"HjnE^&B~DGv#[o+!]W0jj 2qƹߝKZ 5HM ȇ6_LIs HrgsîHUooh(:>D]<cmMmRb=R5t; 1ըM<4gFg>dvY=[6}b5R~ 5t<{uPuX #+M`r8e v%:uoCڂQzD:/ 'M0<sgQ|q-*31DHp1{BŚ6i`{)TPv lEFuHSWƱ:DeP؆0 v:)5 kNGuJlpOd?Jd-%H( 3CPL $@i :6#DzA3v!TA@{=eB7?j ސel 5/#v`v~Υ՛mz4FQ߇!6+n浒o'/mܾ(Cןpiʸ>tFt9`'^{0JZX*N@T~dp p&t X|,:"F {$ 5fN\{bUw]St.%k= ;u y:>ᆉe##zN+wk1 3"tFHa­gin,cZ2\F"EJc X؏.b6/NЍu @ L5$|D5@t·XKl,- +j{zV͂>[j$b`{c3Sހi)yI锾oPF MY\+9߶x/`'jᜓKC[>0`a8&}3Vל/yTNąoI Oʮ߉xsgj#طS#FO@0ώK̓ H"9#~, YOj DZ5eGT@" zb[INmO"hU C yOlEadE$KF*.t )Bv?S~!z 2«u\I)a&7<$pG <2\BA0t^ͷG-Оb*lUh`ЈF nâ rs9f "]QYU(U7p z+Ec2~Zj0. ۑ`)?"]5ċ"I:I)hmEFg(RJ! m^W=9QPZ;zc|w14AyBWo^/qױ YZ