sssd-client-2.5.0-1.el8 >  A `ç`U]8Q3Cmp 0s, o <B ux R@h$>Ki}n_ڕ ;?,F_/ 9zG4Bb?g5?('B6 ʗ_~Ko[5(P7MUYATvH_V~ D.n9)EGjk\ ټÑa}J^/D X]<J38j,5 Cv}i:Gz^% mC!;O.F| V[-9_ப1[cs8w],Zل6^ŷ]2J02?Ɓ4p &̅0HVy@PS%^TG[O:u|vcA0syLT6}Sjl`1)(ϰյ1@DNrp?gEZ&[yM]pvEԓ; 05ZTW8Z{@My}+UaI. bH11d~ѡ=zh>pAr?rd  @ !',0&& & `& & ^&  & & >&  &  ) ))(j8t9:e>`r?`z@`G`&Ha,&Ia&XaYb\b &]b&^etbgjdhehfhlhti&ui&vj4 wo&xp@&ypYr<r@rFrCsssd-client2.5.01.el8SSSD Client libraries for NSS and PAMProvides the libraries needed by the PAM and NSS stacks to connect to the SSSD service.`åxx86-01.mbox.centos.orgrCentOSCentOSLGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxi686/sbin/ldconfig /usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin /usr/lib/cifs-utils/cifs_idmap_sss.so 20if [ $1 -eq 0 ] ; then /usr/sbin/alternatives --remove cifs-idmap-plugin /usr/lib/cifs-utils/cifs_idmap_sss.so fi#0+>D<',_l=<\o4K =  1 AAAAAAAAAAAAA큤`å(`å_`å_`å_`å_`å_`å_`å_`å_`å_`å_`å_`å_`å_`å_`å_`å_`å*`å.`å.`å.`å.`å.`å.`å+`å+`å.`å_`1`1`å`å`å`å`å`å`å`åfc9eb350cbb3f06eeb7196f84252eeb89268c53c1bea0f32540ffcab47ca112b5155722211f0bd2bce00f35f6b7796434eb9a80c5c661f115461e6ff6e0633789d3e899750f66eab05afc92871e60d365866589eaa1364d712ae466f2ff01a844a24da6715caa836f215b4a24ab57b26c29836bf1cb0ec130b40996fc128f8c61fea9f0dc7d5dfa5b6e82e9fdb9de9a96dab077526edcbb492d164cf867c0ea8ae4c94d7f2ea34584eaa2299cf5398ab32bd1756f343668c6493bb18c7559e8271aac54e5858ce307a6b798508bfa29fc158514edb33e16a708378fa1a0203798ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9036c57f43c939054fd4b831f271a14c97a488c38f98cdda5e887c5d396e3b3bc584e177b9800ee12aab90fc5d47078b8ff62a8303ae236fb4a1835c2649483fee6d16d7f51d6287e11ea2bee8e9dbf1a4f89774de371c061f1688f6367ad8603874c84cc28fbac7a1aaf93dec22e5f81b81e82537cd0c7184ebdcf44c95ed9d2477d5853b5fdc3aa84be2c6a7bc612a24280c714201c1739941b0b21fb3dd1b04052bb61205495256b55346666f65145ca89ed3e315cd01ff4399d480ee68d94321f66922958bf6b245e4b3873a9b1b60b3269507b0c900ccf595e90edcfbf50d84e96b9c62712f78aa1d202f7dd7e34ca0ba4a5a6bf1d4d03ad865eacd65d0b20e1391241787b4bdb197c073ecb1b85c0fd2fd8e1c96d019532fe126b22f630f6../../../../usr/lib/libnss_sss.so.2../../../../usr/lib/cifs-utils/cifs_idmap_sss.so../../../../usr/lib/security/pam_sss_gss.so../../../../usr/lib/sssd/modules/sssd_krb5_localauth_plugin.so../../../../usr/lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so../../../../usr/lib/krb5/plugins/authdata/sssd_pac_plugin.so../../../../usr/lib/security/pam_sss.so@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.5.0-1.el8.src.rpmlibnss_sss.so.2libnss_sss.so.2(EXPORTED)sssd-clientsssd-client(x86-32) @@@@@@@@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/sbin/ldconfig/sbin/ldconfig/sbin/ldconfig/usr/sbin/alternatives/usr/sbin/alternativeslibc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.28)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.7)libc.so.6(GLIBC_2.8)libcom_err.so.2libgssapi_krb5.so.2libgssapi_krb5.so.2(gssapi_krb5_2_MIT)libk5crypto.so.3libkrb5.so.3libkrb5.so.3(krb5_3_MIT)libpam.so.0libpam.so.0(LIBPAM_1.0)libpam.so.0(LIBPAM_EXTENSION_1.0)libpam.so.0(LIBPAM_MODUTIL_1.0)libpthread.so.0libsss_idmaplibsss_idmap.so.0libsss_idmap.so.0(SSS_IDMAP_0.4)libsss_nss_idmaplibsss_nss_idmap.so.0libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.0.1)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.5.0)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)2.5.0-1.el82.5.0-1.el83.0.4-14.6.0-14.0-15.2-14.14.3` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/sbin/ldconfig  !"#$%&essvsvukuk2.5.0-1.el82.5.0-1.el8   cifs-utilsidmap-plugin.build-id1e2c2b00492007adfeac39b55972f4e12ca694272592585c654cbaaa0e183258becffd236a3496e65444f124bed4e8a0ea25e48d6558cb7249c804a97c185dc241eb8669a44ae6aea1eb2115b99de89e887df7be8ef8d4619e4449e22acb62457d9fbfd6ada57838720779cb02a578dfb2b832e625a7cd93f90856c6f5ecb5dffd223a3768af62cb376d143bcifs-utilscifs_idmap_sss.sosssd_pac_plugin.sosssd_krb5_locator_plugin.solibnss_sss.so.2pam_sss.sopam_sss_gss.sosssdmodulessssd_krb5_localauth_plugin.sosssd-clientCOPYINGCOPYING.LESSERsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzsssd_krb5_locator_plugin.8.gz/etc//etc/cifs-utils//usr/lib//usr/lib/.build-id//usr/lib/.build-id/1e//usr/lib/.build-id/25//usr/lib/.build-id/54//usr/lib/.build-id/7c//usr/lib/.build-id/88//usr/lib/.build-id/ad//usr/lib/.build-id/f9//usr/lib/cifs-utils//usr/lib/krb5/plugins/authdata//usr/lib/krb5/plugins/libkrb5//usr/lib/security//usr/lib/sssd//usr/lib/sssd/modules//usr/share/licenses//usr/share/licenses/sssd-client//usr/share/man/es/man8//usr/share/man/man8//usr/share/man/sv/man8//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m32 -march=x86-64 -mtune=generic -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2i686-redhat-linux-gnu directorycannot open `/builddir/build/BUILDROOT/sssd-2.5.0-1.el8.i386/etc/cifs-utils/idmap-plugin' (No such file or directory)ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=2592585c654cbaaa0e183258becffd236a3496e6, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=ada57838720779cb02a578dfb2b832e625a7cd93, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=887df7be8ef8d4619e4449e22acb62457d9fbfd6, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=1e2c2b00492007adfeac39b55972f4e12ca69427, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=f90856c6f5ecb5dffd223a3768af62cb376d143b, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=5444f124bed4e8a0ea25e48d6558cb7249c804a9, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=7c185dc241eb8669a44ae6aea1eb2115b99de89e, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix) !.=J  RRR RRR#R"RR!RRR'RR RR R RRRRRRR'R RR RR RRRR'PPR R RR R RRRRRR'RRRR R RR R RR RRRRR'RRRR RR R RRRRRR'RR R RR R RRRRRRRRR'utf-859b41c5599eb4aa0fd2f297e92e3813a90b700ad5a6d483548d1777395365c23?7zXZ !#,] b2u jӫ`(y,xoIӝ@<Y kEfhS00X_= %FhIl~knn_g7:$YKpŌg&)8q5]mmIc^/%;OQ &>@w85};Ვvo\zÒ^` e_7k]v0ZÇ\6X-0';w7Iʑinz SEŽYZ Ǩ3CHUĕ09Ot~3)be*x:^1ZݖR(SuɊ,ԦFB.}f-Pq{.} {)Vi}o|$Zq\w,߁g=H47wKݔHr|F="r_*d/xcB y:5ZezP=I]W. S4=!sC}vMleQۜ`s{dN*e#p.}23HOEfs*sXl#-uZex!}{gq*KspA0Owrc&MŊǨUfJQ^96[HYYXm67ӯ&d#: Ģ:s!tS9&ܜQ ;R&J*z$ю)ಁ8{䂠^Cbw؁\jЄ0?ei|]8q'hʄ|42ە1; D V`ϴ Bcs: gxxLlL7s+.m)o:Ch)(p䎋 T!NjEb|S@ȯh&fI߿x'Brש w2m0^r ffts uĂCr3(mbPnt`'K2`zxbj9 ޸.X˖V0p޾hQpL3 d4ea.YHo}c"_|NB:vD@#R(ViO$՘iШXӮƞunmuj9--!~:45jO֍i82TN̋沋9g|a?$ؓgQ ̦(|R&Uv9\ɽ 5ԻNN9YS}$0%TO}w Z1l9|Elct˰l-;c?Sq!~'|/x?8 2pѹ=}= [P:'Aٓm:V{앏=`,8Zi(BA`kM+_<%bOBu\ .Sc$Fn![':u9`gf5g"-~4_moFFBq]O7J4-8wYv7T:@Ocբ$ cF{)"Hv. #7"dt"O[2nnkyksN䝟6(Yf3`dm P蛷 H>ly0IJHJD՘ƫZ'p݊@%0Μąqb)u @iVT5|z~mY28&pݍ?1cȵB8_Շ,v[9a}]0 %o1t UVJNdO- uJ$1,N]V֨W,Dv]5߆xJ{M 5C1. i BG|-(鈀m+&M,J+ * pO^޶[y[z4lmO=lC.RVxa5\FT[WS9\f|5j2*z0&tI}qBq:{dƁ]j|zYjWUS G7b yR  sX!**䯠.f.tL"dŏ^%(Y B9Ç(U|خ)v1!2k5:=4ʥxj"f=9ҿ 7Zap\26!G-и=x 88韩)) Zu^HLJuPZj%->d)?/F&>g% C䙃ϔ'G9{|$?$hx(3ei~Vg,. SOvߥ-7#BkpeoG{>,WHKdl<6R0'ea`k[2.n1ꧦ`*LB|6wUB> t=80)ރOTOV^pig,Ooy)uO"_%"#yj'mM~ `|x\Űy*q9 R cȵ&1=,( YU@wGT-1_-Y5篕w>o R⣢K\̘ 0I۲́vHK7+$OcO6vv¤S=~kw@ռC\KjmfCSil6 3ST>v|_~hܣNW7 0h\,ŕiΟ`kq-Q׋~0RQzIE<6Mʹ=@{,?L)ۉL6D'ϼlBūGhK !UJ |̂3[hr `C0+:")&V''y)s%NpVsQdX1"I!eGy8(*2&Y@Mq^ A]M'uGt$X@u'4@hOn2*(_Ux_) m?w&8PF =}DN!}kA/iYL!//KKa2+6E60C7\|g%ɺ0,:ނm d'r?`X*(Krh4`a؛9(Q5TWR,M8?jn~HG[_mJHv\g]Uwxg%B:hq6-+]7h\ vúC!L03U=RLgFtFeAE1ڹDO‡$VЃ(bT>z~.Ӈ0ԟE-gέwbT(?jӵҪHG>uh; (ofR.$@{[ HX\:ϳ`g sfzg'^ .d,մVjL{G &@M<:\HH%Mk1S㲯U| xe@Ρ|K}v*;j#s(1'oՀL!FC]c*)]eNPޢmצ# |*\, ڊuw Q }JyUTsdE tʓ5!Ld~ g-Ċfe$mL %|;q 2E> %SM,!![^3pwnM>ڼ~E1#gOI@O@;~W}cA!/փhBTRN`f7 g1u~eĈj/UB- uLp雔pjgZ#ya+ ijFY܍{!,=U?u*dQ'E,ep\(-y@&rP,`Fa"`4P14tb@XBgtl1wr6_(~P؇1a8%fֲ$E݋x`\_&|Ł4@x\X+E0(bO%z%"5n:<)pnSUBl`(];$f"\&IrM cAZnp,y0z9%ڶS$Wrn͓'ᑀڶyyA[kbyi5Cƺ<W>1l1C9qUyϜ)̂RXv1HGO% H$ RuԸ1dX 4m(E`=Z/Dj<s&~x{#K՗Czxq {mVZ${S#+0cB˾"2a\)}ubak?DCPF措Y=trZ;2ˆ1ܩ%'<{wuzUR3ԾA}E#{k/#6?'u'QP+A`skeV0''0[1sAt-`ZFfc)\[PS q3W6D;]˴by@ 5cwz(ޖ!"˖U T&tҬqهijU0"Ⱥii÷~bf ىRMU\1=Iq `A\P:o@9`/*ʋR. yG>21nTC?:\bGj*GbG;bV}FG?F3oo@<+膏?M'..noB)rԖĂ/-uC10yx`YP1a ńkz-ݣ'I?.`Y|"fűNz>ڴmfhf%?=O'ToD!TgBi7Z¹څW)gkdQ~eXLoWg|f-^$XGˀ|Utf^eFr7)};g1ZITƱ'',Zy/u_l[q^z`dTcC+Q@BFrnK F7ڄ(m )zX!BjeJJ)=M&\Ȣ}1p*.qwkq+h]Yۨ! ВqgqU xNR`л,a;$Ev›Ҧez XUb{A=lhQ0HW5]״H$ǥ|74:~9H0.92+|:p%}(.2KmN"')E.* WQvg&i 6fJpFbL!k $9v.+?l7Y(*4MFn_e-:}?Ly"]O(M8UJOD(TjG걡!aoq7W]굙G;tmc&XEh½Ȁ$dIm ʐ jmtse4vU8wuW+7;UEy^.,p h#zc+5mm ,tg˗1ϞNGcai1PO4xQ@rO<6YH5;BXdw=ѰL}2Cw"S>}љ+9 B3&_m=kW{E:ƒ-Bscá{i{̞B]3C nȕ\~`גo"ӝ6yɇrШfBO]h:`谓7D}˰Mp*  *$%* "K*EMGL^ &(~1)յoк#0fB|ݧbi6=EZoŚ5Gu APw: 6ΞP*H.};CqLu5 Y>kBdGyVwq d~A7'^B"HAkPnYHB+@w Ǭ↧87ޢa^@ 2}L#|8_L ,AP\` dxbY!'HDy ^ 4h)砷e>EҗVJ7'SWH>ee+fLw{J7Oo ot*_BpCC=HU(<V `xUsu@MQuc\v*or MRD߬}9 x%]I^A!_*b|8XK+Twm/yςO>uR 6Dt!UH>`(\"ϫ3,zFߓFOH:u^Za5Wmʣl [oa5]#vmg68,^#vDCSJoXF֓Ǹ+T@ VrƏsk \KJ8 Mzhw _^IGj9b|4-{)7'\Iċ gOA6{%G15J\qȼx'UGR>A,{wau |@ ca"+Qį %s oeS,lf7 C)N uZ7ۅMsɈNjĎMFSM|ՉN13ۈW! mv\x~'lG5f\bp ˤr= 0hP O6$1Ya^N*Wq,N 9fʮ]##w=)JћpN9!0䷷^gdyLd=u?/<:8i_-:n|Ij+¤ J oS{E8w ʑ aye/<-v8ܔtHS{>vTHy3g;|;b:*yRE?E!<zf\tDv]~ sq7]L@Ζ"_6z"#J,d.  e)р$ZO^ ,%nyF 2Oh;|vm pEV]{ 5dewT_pz6PҕXntIMGtaF06B{7=_t.Nl1x@\YjGZX]mz# u%!N!,=oX³S?}J2:p|ztUt^$m VM|T|#gR<|oqO6$QPz]Z 0Kd%-}B+'Q|.x烼hqq搥I@?T|(.6 %tUN\s*!NX@ۣ) ŖHS3}Ӳ H+~`&GEnyNj&%Yre:n `māB0T*X*;sv3!K̀.QuMEl`EBghSW.{=( "#JQf9sF*='1ȏW70:xC67DM׆I/j~V FBL#Q u"\?N62>4B;P{Z c9$㙏ZS׬S从kId[_7^6t=HsK3?j Se| 6.vk)bP$mAF409}ú|X)КjE`fLTN  U\Җ2+ bMPo{F`>_Ģ>f4#6Kq/e׊b;vSi`&х []o1aH%s0Aڴ_}6bTij1\lZ;U{tf[ ;+UR7?Dek3 LLj0o#x(S6 t}0Fۈ`DO `vsX&L~;/svGJXxxƀ 2= @@o:cPnJ/+.~@$B2bV@WOe>kvρoH̏}~rAXݼ}c(yJI-֫>MG[`WH*A*oG=Mo7Ӊ)"9j![=/NZ 0 .%WjïtB|F&#c5p?kPȫ|Dn9bp(YCksNgYT6j#g>YdL-7Jnw)'#.;䂲%^q;- ^$*Ghœ] +'& ]E?j*TlDA= }@ Y5P1O8;z|&!Z;YÍ5! w(ڧī#BLE'A9RKl/kjL‘@0OOQVS3dE@P|و: */YFޠyLZ.C9@AP3lN*c?L#9kS \h)ҽ%E19i>4H&[ kϯI~XYqI~{`tFKKs)Zm+0!z;;R(PK1_EWn/ Mç;[ 0 ;-Q%dK(yU!.GӱXsQIWf{n$eHWC UzVܞxc W-twQN&|hJ@lN;jԄjvDʍa9^5R#eEڑmy22η1qS~tt3TO-sCĨU\Aha Ĭ e#({{2J gB,sDͣS7 Ca,ؤpn~̘ C>Hr낶d|Y(-w7v%b{r}o*f6JP/fnsl_G?,}t2^v9x|| :+mP Eepdf^O[%Q}LQ u0GE}n/_Ԡ;O]<\4P*[oK:iJ |i{HUC6J4%RнU|?r3C ry?CL2Yn[qu_9-/6=BTK*Ku,*R?)*=Bn|(9\B7] = _Af/RV+1l.>B,4E~Ua$mwZd[m3lg`w Ud &AC N-EX%|hd4|1˪ϒ˼>=˛4ZM$](3@k쀒 ?,̓[dfœn؎|%=6S/"((^shq`WGdP&'AQG/5aV'1CR ~&Lހܹ=[[;;r)&M]ԈW%ZGcV>d:}jz5?1[uA5INR9V]>TWsbq%#q|cꡍ N튭n{tnX#TfFh7*u6QfwxBP* SeTP[YEYIj?+_P+#[vDS.QS{z;/ڷ3UPH8m9qUgcsuH0o9ǟaR"H̗St٧Fp {3E 8yj;wvϠm[њ:0PQw \;-w@ ҥ3A Ab伶hꣂ i57H  :@F4Moa'>YZX DrM~NXV8M,Fx?P@g0<>*L Xpr&wE<@Ǜ)PgSxW@$,fuĀdiBHݨ#ubͬ+FzDAj[l0Q=U( wE$K AW)C?potEdxzdhTG[kYUq+]$!:Q"a.SiQ#;cn=qͩ(Ep)YHiQՠX)J)ЅRB oR`hJY2(/$c <eK7hB3'nⱹfDl#m>{G%pu:F=,r C ࢙ =ϰwKw 6ØR֌ۢX}7␪m UɠA3Cʹ =[}+BK)[cʦTR]W@q'%V tC05t܅6aW uEɄz"ƝH>vY}wvE{=j w/C%>A˘Ap]QԻ)IxZɺr^>-Zͳ]lu ~PhYINẠk7X B^F! {~4ڕKI>gbׇߗa [ Oϊ~m3em7F>b&7MlyqBSm[ z]::\?J&ݙ_?FEݖ 7^ r̰7)ݑ ayWPd3k"5)YLZr"#Ja\. n$SXGQ")5˂ #Qq׽,?vqS?f9Tl++-ulR^(ky2ꞃ*`pIBʌC{Ikms*#E|/uc X\3aRc"Y*Yɷ7R??́qfh6*Ї9ǞQ фק8HycTf<4UI4;lqfO͘MG NK͇eU _C8حP;K |/̃z ю:!B-!i1=~ዕSig wiܐߵ:ͣh8z+0 l72Έ wlfVNF+"rbN}F"%SSE!uYDӡz~k:~ \Sxxx>̴^vϡ7ЇX>dEgfҵp,Tjz9yZŧy`oK)z&_8[YEb Meڥ+Mؑ*UdYQ}0P(|D{DfιR~uڮnxqupK O89v>6.9Di+"AZώ5߭ʗ?_.G\||J)8݋yY |v1&s{118B `nxoZȫurj1&oQ9H6A&yUN!L%FH Ă—(9egt ", -Kyiamݖݞ٠Կ"H1 ӇM 9hAϊ&yc(3vӔ,<0DKD'gUf@n;.FEQ*$1IYDjl h?.t;r`y|kgrN3M00QnT;p_-t7Ъ6nIl{1܄ Oi&gi^[˷ޛt=,r(Ud3ڑoLhR|NSxw+ S}j"~4vke(˘dw"L@#9'޷Yc@ ~g;[Zs˔Ts3"QٞħGo`=l2*gaC/s-`|M^|zeB:)͟lT%v"$\G!Հ_yQ/\w1l78+sfs)h-Ɓ&ytNHz[I B;FQ\EM-#Ezn/@J9g4}&~(C(K廬UJኮʵy搵.r"LBLH /D|RҭF Ff x?My hsjЧ!4bth sXVkST`wVfi?3E\\UCO{;K@<տ[gc ^n}(A:BNG84S{ QZ,*]Xmb? H_E<[1Gں(739,1L mxѷ20]-z79%Au&lfC똷ey6e&y>M臀R{ /:Ȯ 1'2Mlztk5Lh78^iы0hiAk#E^[DT8Y ?׮v ^;GUE,ujov㖲W.('߻c4,-H0Rtp`lɕv!Z6[>R]&W@*xJ5ϳ5FC,4C9]ioimywO)CQDU ECM&%(xUȤŶsP3L,>8гxJW՗X ^s+LU BZz] YVzG4<>rUş(D; H4x7v<[h%nb6-^M fse/^'kXx=נO`<ʆ.=a=\WD\v }Zx]b3S~F'1G/b[ nI߲Ww%.$]c K5* E'q}&GMaX !H'#H𱷍L̫50)fUu^IysZH퉉%J;B$6 a,Z%oU [7$d5nZ 耶-XrXm>_@A+ Ґ} 8t`ƃR8M/ ?Lq/K ͝8:ˣ߳8;g녩p~>Wd|! e =B>}]VؔѿG2&{!ޗ0O8A?D~D썷=npnd "#1I K{j\/ƘOmh!!֩8͗IyTI5T,6DZ8U̝_m eGkC{XY+t` [(fdF<{㒿@K=ذY5/%Lm 툃=>d$Vo7"Ƙ^\,EUJb^-hh%!F4Bd5,2$Tk.*0Lϒ=BZOsFT+QnIW +W/;3|R>;!iH0>tPsSR/9dd-yԕm ̳0*qe>*ܱR 1m7< Tlh:b@CɤG]0;%nGR:oŵxxdr[:: B w*HAȉ2~ \u5>Vd0 Td6"ɍ/(nPp$$"?M,`Z6r7Kt8fv 9586Ϭ=hc""Iny}3ߗۚw}?h=a@ExORdy~6F;M 3%Rw'Rtwxϝ1UJ%D.Ee WP]k zple&9XVd ǀ[;;ED{grZ|PeK˾EyQ9 D#)Pza퉓KaTy4 OG d~ SRqM ,zF',sbeء>67se9ڒeDu$}}RORp!ywCG Х. ltSbZ94^.!KL4cJ [Vi|T#t\(TWeG~ٷNiǬ\_87Ų<ڭ7Vj_*a9vM lIBJl'V]0-5- r"_p6rc)URiDiJah ߩA3r+E<^F kM۵~6}SvX#ߒ\41!ik{xS;9njF>}Tm䜴5|6*5o{Q Ti {#O$ bWI;گ+:Tf-><Y924qjaPs%0wE^b`S7"*~a[}"͐Lp8NRÅzF *i2 diB`Z#K)!uQzYpGl0Wۋy$b^a? ~j 3{%ntH}X)Taq $5ѦUhiUÙ9ӭ_-sYӚۺ^MVQJ}F>U}$S) },0LԠ^9'{%?goJ?ȧ t*"lRȖ?Zp[8畫+ơDdSHZőw%vTt IUu(}v@;mOɳc_Mxُí!҆t]?bR6/\^L|s|-3𴒂P GJc1E Tam9X>Kr޻~4F@S LO?H :$K J k t?K  I r+gv$MIVu8nS?WlOAm7tR["c|rE |Q!ĂZ6ohO 9YםRZ/.cvv~=N@( 3,q#\Fi8pAgXUjF|F"@w'[ -TWmGr˪ [48Q ;ɡsu<tBft4A6aݐ=)smB][}wut$E~dtdHdGYn]$pl#뤰:FPa"jgO`zb,dse܀ DX8"TʯJŷ@t'pX#q$%E0fMhǜqځId?GO^՝BΆ:c-x5vm3PSHe1L&|,YTخPȽ~1V iZrty\)_=$Ujo&UR4+2;RHP]InvƳF1Q&Qт6*"hUx78L[s&  '];t>HY>S3V3#WG[L7q42q*eĠVShYuEBm//ŋjA39=Vtڰ-XZ2#ؾ(xŧ6vy0Yry׾A6vn Aۭwz z+A)`)s@3 @bl0'58^wT!8N8 ͐#ƚXt-BPâ`L!S'y?JQ#v g55MY'rGh-p´=>%٣GLۦ@ YL:%# ޫs V}'6hٺ>xޯğ Cv<L-5l+5؟igIRjmQBAiۍyYͿ/^H9otlޗnPQ},tʋёт;(Fvl ֪%$d隧PBaUUk@ODm{8mXT-{Ngi"n ,,84O9Gu0p5q !~3k`b% ESH.2L(S{5.;JOWHnHD$3CmW(\² ȉ8uIl!cՉѓSaRq@EMb/x~8΋*/7W Р <}O‰k7++R>xfQiG:('bVMH^!n5]cQV&i ΧԢXT3|A!h_*Epi~#~faUPc2HZWp"'-Nq?Ӓ!_%즿5iA:iuXB.MY1} {QPBۮ%7\n<YT"޳v|P'͍8Y]pR{{zdʬJZ#uF\ 5[P4?5V |Cp$er|nEԞ԰ވaI-bqr3ǟ*a؎j`K1\;$։.}rxTSM;߷"W^&tDgZa4g L*!xj$A|oz.AZq; Rr&P-_++W܀¹ɐ s(r4 6"O.s|8* //DcQG Ļt׿ Y8" "[>r:`hF="iZFG(yj,҄k-PDdP)ևR r p{793roG2hf{ΟL]a űgWgR}U?ApQ3 /ɲ: !PR?.tOD>\ B+A9_?g0(1WL*w?Xbz^tm;@!TT_!o`JD؎1|3"m-IؕbH#x$8D}e*JQҷJ~::̪)S <ȫlj 5X'7]\еjaޘe+mʑ-)[olR>3q"+IKN-mدJW 7|3c${Q5{ n-f$gUYJgFhZX6VߖGeZ &8=a+nйK?V{r틁M^:-wTxH)&кK|bƂ1cYdsP; TŐ-M5frG,r2dp'}Fg0Uoy*#+BKQt#xgh$o`CdFe({xXDtk\Xyp[g#[&5Xn0O$.ؗbľQ}班ݺL Uʃ`*}^O+&~/?IYpcHN˔*B%#idFjh\*4.~81t (BO!E%ح NLnj1ԡFA9ľac7a_'T?8ިuB%'x36*lfߣSr8!FcsPW=V܍$ۢua/Nd.T{FRϧOj/fq }K;O5Ş8Y Ѯ=yS,$Vs+$'8O;+HU8F`R8OBt#X`.m?rP/HVu!ze\΍dw&=(K*ʫDP^^X} LO]%\e2PIy,2jkKl$NCogP5s:?Ma&MJr(` ;.h"q -h%&ʤ|غ(cjUS!4EC~4"kYR&hG4WM5Xwd+)*" FTjhFÞ>j5&~R# M];A)987M돨ҩdTI|D8|hp}3޼^ |}5] ȇJWÐ!UbEzDs<$1^&ӝA.X(39 ou΁a~v3"CEȋ-u Ld~%È=֤}ID[d#Y-m'ĄU?8-,o7Pyge3҉8>h@JG9-6I(jС8\jYr qT~9 T͍a`Bo"2&|ȆsQsDךP-Rfnp+9Č&]f4#NN螦"QN9CoĠL^\qY 9@,L]ocɌy}/N$U,DIM)cTYG`)zE.}Ó1EwR]LՆNKH|9WõaX4lE\[(;2."lQd-"ѳ1s_ߡ1-{csr&88JHqzB #IE.Pf_I(4C_}V% 8+%$Ԏu Jg--[~1?`԰x1ܐ]+uBr!B4^{l; .yγ|kGkawиJ 25SP :PyZk|ky2j^y@}_׼rv#\uHhKT<%KpvLUa/ɥ * IU.%hl.<+$yxĂ|qj i][: ϝ7pƀ\ qW9"igYJM TI#M2'Ј^[5ZAX^r2H$NifvMP]R*Lή^#O.M^Y ISk/+t9x5nH=Aw/V}h8I==VO^fYp2D>0| AE$!vKy@iR/jrJufD6(?KR`>^: U vjbD?2ȼsTH]A| Yrvh)㥪2[ϙbl/ތ\|SDqIH;OVAGp : 1^%"cG];DF ).z~ $پh!7~FDJv1;sQ}78b>IMF{̚}#[4JWVyYɏJ!N@ǪpqeNPO*އ;W1Jq8sY+p[[Pxfngf&a\.!Z~yqrS3K,ce|Y=iݩ.Yh\ ]51g؉㈜Zۚluz R+W#8BxLkoɑ$RܧЮn׌)Sax6 Wڵ%'-r4Ɍ%ZQ)#^L߉Z~AZ%)BuA&dP }PK&Sl3A$5++Rm0-vONJ4< AZSNRYO p zp.̍!Tv"H--duIOdo,!pT{'v\A9pv KHW3}%Fbf޻^]pWr=vgq+C/XW[#D5aQm'2HnZwr麰9 bkGrf-`p<-)|1 :59LFWգWh6m.TՐ9BK?A>ˁ9Z꒎/׿[v H:aA˰Fԍٞ0]#D8g 㳒r=.n%lNj>}4~;-Ғ(١dU lEEB'N$*b3` _,!iiLA6§չMbI+1ɾ3қK:2>pbudL]|u9 &!TG# P:ސyh#d o p~{shQp_8g@VD}moZZ3@*I>aFw0޽"nieB>-7W]֗^# @dT`Trmg6M!oX2A<z]+l)\D0m#6)+Vph=DP Hk߽X`7gƒS{1 QIxq Ζg/!5JeꋹqvujׁA秝OL:JټĂ}"PM0 vզ]᯽5{&2BR9lIX`ig; 7 ^#&Sx)ؑt(_-e )I%DxExi3YO,q(J4EFz<xn7O]doz<m@:NhHҳulӣD$/0_a>x!7/ޑ A:O.b|sBYȌοPu?i61Hew ziZK]kBWpRGŅd`6iZ.T!y"vGO.t3U>OVm#!^z2󶦑S3WFjnB YT:(7Uf {-g:Ͻ]PcW{gnPCRhGB+:ʙ2 k*]FHQaչݕa2vJ~(ԛ 7Qˏٞ'` -탚ː0װϝ,c,%Rks(ي}r۝d;TjS;J8 Ho{{v2o Ti#ʪ@T`ć=ohfڈ7b\= Bm kb?Xgo{4'^tbJ)Jh>N} T(u Vʇ=!U2QzRk N؟ȶ`?;R}{u$Dz *}um);%|pcU罻FfMr'٧-P;V>[ t*=,~szA#Jwʥ6# DZȟSHi9EiyR+X@no}/Dɼ7]==*S&$CED ƞ鼘AXz+lB\rHw2|gW7 0$ˢ&%uu'5]VӝU~ED,9Td )cM ;RjlB۬ a}l-V{|aPg#1ugm85ȏ텩w%9j*ʰjt\y Ǒ#dž:X£=`bKg/w=ؿ>s#=h貔DGTV+PB'@6&lJu+ܳUSPIJ$Y;]z PQ=RkO(`jFjTrTJbO K)a\j;˸ƉxZqH ] _ܻ@b~YÈ0~u znr6+\'ŁU`ٟeJM0`۬ JK6 y dݻ#\,qLq09FCL*u. ÂNKr&wLq`U7#IR3튛lx"yw'2mn͊<2Ϊ—,K9sΊִRu} S.[((pƦ_ѣO~*R ؇)D$m_#-0/*뤆On?g&]:cƅ[Z߸ rlW&]xL} @zj [,FJ"d(>DWGKW$=*<=4E ܪ1P)/ TEQ0a9}P<|.g}0H ADB>~/ pk#,PQF O0@PJ\s@lo=zC2'T۔/zW0[%:ܮEW2S Cc_9TfNUqvWy.`J/JdI*Zk|ky];i+d:@J8g\)b &AfЄ,UBWPyeSN='A0P.Г 8A<8'4؛=_Qjۑ, 5I[ 0sn%>hIFg*^X콀PϞQ}!a`~:X7Ӌq$ yB&V8?9Oaw|%{e+G\/'>M._RFg0+msa-4i=;S  ;joXQb1Wr gqoؠ]1pitor`9rj7E#׌5jtgc5xjġQCa8kad8Io%F9$qFJ0j xl6 ]lu~i0Tqj- *+D],(?B.9zEg-Q'EJ/O]6ևKJsBS?r|i9 ).h\/i>\$%Y(18ˍu ې!{Oh)ܮo΋Q5("=vA_Ub pGbBH,*[tfׁ<{f<*+}4({[ȢqM (}~EEd0.(kk]/⤯>? yЁB>spP$'\6z&*HYqKLmE4q0j18jpHPqȡ"twE?\Fz;* Zں3y3)(3{Adc؎'B=KI[,ݷG)r}R}0c1FC#"ZLp)E$y7L]z>S *Am@*W5Np k !V&ٿ\JY&~A9,?Қ, ~(`#Hw[1 &6a+ڒl3@n:G:`-omß_v$mɥ.q5b`,Ymuj +#w>ߋ# H2HnWl,H[N'S):= @1nqq}P | A0JX[c}-q;]"fC{:z _% B|S#JeL3"gzYU6TW4 a)h#b81}o!H3!<<ɀ옞e* x%ᏻm18W<k>p+ST_>m+Cu콄CP8%9 2*9_s#> ŃQ:J; UҐz'GE-YmXecU@$D`uy̰j/[!}|ekړ'c:瓮#g0TA& ĝ$CcOIiNFv>stYUftHxL- Sǁ \CTF zg!nX@DwAx%|K%@g9o%\WvxR"[ywL2(aS7л5hLŁ˙ ohc]&(CNY8M#׿*N~K%; -͋ u wvI@Q9YVuIeI:k`[ `WSN [m3ǟF\Vy Fgʿq~d1y̗@ZO$zb] +XOvYyZN5%@88L=U&[B}pX"g#OQwo \Zw׷p*YGF7y V {f38\H=8|Tk܌ԑank!-ժ1Z.8b >ꡖCp A>YdɼM"в9~|{e*tF{E;bvA6W iTWtcIu%ɾ:;xhWYZP*r?wD8֎2kS=(hK#ɔgdq7/#ZU#U/7ȓ!>߫% AU;%"+TYuj8@|KM+Krs+@[ck#^5,0zeH̅^Ꙙ 0 O ( S2ߏ{m`xR}pxtߔlN!:0|zkk%n޲ܽ#ID^7o,%(daAmL'IP&, & k~4k8PyYd$Juʙ[*9Ovxߋ 1t@误 Mk~$v],3\Gg9x/e6pĿmfj'h\+PY8Y9G8|M3E'!*w7E czaF9 #2_%E=KUh3IȡD\\q󘾾:@ƹFt"uxbvE2!W4:c6?ۡK!rP7) ' !7^t`s ʷ&XH?Nː|?B5.@)ևV txcnǕ8Syl{E7 8.,!V.@XEĎB&z B:sT`ܙx`c }J.ܜ4%<TR$ڜw2`e;V pxm&9HG}t1;vg^g`mfDhC 8P a xCIUyHՌ"~5Qb;F9;\%!kY۱ @jtO Cv˻\vN!J 8MȒ6h~!pMJ3= wR4Ks۷@/xUu%-+A.tpWD1$1@$-pp  }eEj9byI>3QdΫ#P F RZKXdxM{-+ҋJL{ ) ݋^A %]'[uO iN:3~}Y^le $֐f)#Q1g&5l q Ӥ8<5EK)pYJk*C5CB/+bɜ`ɖYiA`&D,fkui! SIӳ{op~|*>D~+Td` ?n sIU7*u1{BmAVsk^Z xG%- ?5IȔrUP,U8DEy~Ɂ De*TBV=Qα;邵pMS ˎ+\#)n۞ +81+.;xUdAݳn?Hf%r5i H2hIa"FDvg8-1cy*5RIUT;5T,ǨԝH,de( ^Zr3w P=IM[|TkʅqKGkLZ]}͖߱髼>CչDsڸ@W-Ltp^Y8O.+]due(TϭqmF0K=S^pvF%!-cʤO+]v[RvKV՚62YN $S̷<ߵ}qQ8.LrFVlתj :/% ˵ZĨ@uxxL^g܎8Y?3z樮,\]=͛d2zF^WqRcK[yIL=)dcOn!H52}%bastWt?!! dvs@Q1KYaޜƸNHzYrjsj lqt`2ezkg[ i8 r-U5Qoj/GGbjr FJ݇{s /t; V`h0\^n2,"i{0h@"uUDX"ŋfVub/K lTo=fQqeMLF6]/d}g9^)5VDVi彏mnoKSv0 rMOֆ04Nfuh28W!bQSWE99ֺ od%y Ll3?tJNhycNKm),/6eFXTG?[.XSiUi;|: dέ4RޢR鱇owe cٸ@KY>1>T (-y J1HC-5$$e 2Bn]EO%"\7:+"!P]g \k} 41/כ=TyDbH L> Vi|crsyEhti{{a7 ߤ[j-UJ2&$^+ [3&Agt ȷ'=R_"tӥ뒓Ҕ(aN(6bĝ~Ԙb]muDAFDxA$ e.kmF͙(͈v9ٵ&e]~}S+^}.9e쉗4HT. ʨ=܎kyK`.|NQwxq.Sэq85"wP!6eYzm32@l,<䷳dl Z'BZݰQv%#7Mw,<^;7ܩZl[{p*eCPdĿL54kÓC-8Աyk.fJ}ɢ?^[{G}#g8yXE}rhT\cv c#d5=c9EUXb{ECN;FHr n XB1hG5s=  I*oV-EHmtd;1t~uS BO/R- Z,ag7yZ+BW_,WdJp":Č_{K+JfgƧH\J}%aɬj$]DG@t7/ %9wNC&xD̤9@=*"j"ǴlQhr>ؓ(RN•#B<}P? jGP!N "CFpcPqJ.B3d"FkF Ldň WMA$oı@%R 1J#N$AX9X1SCFą9<׎㙵-u=V})T:Ghz =(\e&qYf98(Lh z7%r;-40ˀDŋW !:ŞEdwˇ,P=R`|fq6<}uk@h6~<N>N*eRsȨ6,a'w~OznqU&S`$H垭.*ٚ0?߯0a7LPQ@ytgDŰ騟rXc5h'ܕR p\u^(1 nM ,"GA(2Dsn297A #/"ts7zwEc V j&]U7nP;8`o oD îdFMdKX/ÝYoznJI97 {q)Wfuw,fgQ&2?ڜ>%f`Dh9#\,OlAΫ_Ϧ+է5uD*ϕ86G߿ 1f d?ɏ"ʡܟyVso}C1##sa .wCg8dUKS> &q}0T +DZA8Nly}eo͇t "d12%IyvtnSܻzb4m/_G>Pi&{VcQ,hw'[\Q0cZyHC(Hr X1Q&O!ԟ()Gl`,sR]>Xs_#E8 29DLDO+4#b*TvTΣpї3 sMEV҉%DHpy)XXCmMJӊ˜.{ؕOjp¹~ՈL&XB";Ij6eV:FG{ل;d;w\Mv<&bz "Kk5|P|פs~},ɿ}R~Yo?F_!EW~9e*WC{K%־a2/0BXScYȞ7r-EU! Ԡ 2^9ey篕tn #pZt =:j0WЀsS@Lb8o+f`_/b̺GJ~*p?(nT`V -\egOB. HoBu,`EOo= )dva9(0'0u:$!\GsY̛ ͸qL)8p#N="kj$ nm/QߑNJVky+u s";^:¡<.(,4괘8ʩ!"Ľ"Hx m% $$cQţ l.&P՘LA\LHF>^YxbJn(v:yHGTPJܵ )'1W]%V-d1HSRilS#QU[WƤqWWUģAYZ3Rv؃3Pθ*/)2p47N).4unoHaB { /]g.t3dWb P/}u׾QQ%=H L"e"X!L}qY.,Z'&B~He *[M3reZ{a*:jg: pCy}jc;}yd  @hh;CƱls>Ϙ-N>m 'Y<ә aQr!ʣs+$]E]h2,3j\`@v*L\͆ƽ%úk 0brҫH;ʱRBMP!球NʷW]Dt,I 'qGBD!ztts(Qim1n5V\IV{Sa l0-54 _TۈJ2AG'\uUKO!+fsY=4|{5S*{{{mPJj: `Ycjt7[OѴg{ c(<=BnSgOP y[-[~̸ŔBI3鿲վesIPǁ:!.Zؑ[tch`[]Nx.1GD5}&M Z_+Tl*3׼aWg6󖑐{iG2j(h%q\=nmIcX ]rNaA+XP,n3Z|6[$qvAI{oPC--wp(KTtX({Vjmoomw\A\j 7t U`xe[!& G7:ۋu0pwnY IX;@ӗЃÆ7 F ;w,G ^gvE{i`d5n<:Z5$sPe{yGsOhE5byzcM|cY@ߔ_b(3eEQԜ@"a_i&ύ."W'hw^GXm;$5q23VYh_yOj rG˻I˻"~ԯtSYnvLw)(5~E HW0k^k& L ]S70Spoqk4%V4F\[6@ Dx*ەЅg}D{wFeZ0,&$* -=" jF|&#;kS 3X[׬ڊ! uz_do>϶m+d 3o4;'/4xkHG>d0h(Ԗ7%yUDѓ>A瘜e䦴Øp*@.+Gݞp*Ɖ39&^R6?*ŗ4WggQQyD;9EGP@q `0\>U"J).M,,+"V9y'>:H(\3zO̽ wb5\=`+/aT))?_~]T^}i!Y4ZxL=wX}O-^yH 6byyݩ,Q\Co jR}YĶ8Ps1te(/Jw{oW4U &Ġ˗1(.|Sǒwf;vIq%࿚Eڦ!x{@`GLtvg 7:M= 7A#1ܺ/G2M\נ$19XYN0l)56;I+ II]#A.~wqs"w<&'al>MxJM2>&{j> WGQEPTW Eӱѷ7XCjU:8o1 RC=e UE]{kQ'P'cAV t BqԿBaܞV^dV;9`zlm${46?2%Fy0-LZiALFlHo%m݊\ݙB Tp/'k{e) YR6lg BsWֆ#{4Ln&'ft 5hB"iG5rKcR7r f@N x"S ʡ>e,N徰 Vyez.ݐޔ\ehJ'ƒc~hdA{'b롴gfs<1?~L#:{ & U1 |qK<] RUmt@`&>\"\4.' AtEwƒBSrr5z]=M*.J\{][MD#Cŷ" z:4rtH' -ௗ4?2X_~nXp?Eх~= nOM?/hKsBӘI7aS-a~V_E5GͶyܝ5ۿOMOhz6vHaē>Ɯ$Bш)fnhu%ݪ䨪+=X~%w0x{Las--ݵܣ{{)hE5=Z0a3ﵕ)AFx$%:p&lm`s5nKaRMb”^M2.Κs= ?cz=CIKj9LpzEzґFhSTFMSA6.\ЕٌkqoL n-J>Ab@OOM8a9Bq'P?@oм1._ sou3 &Y?Yyw-Nӛ({5@QR86/aJ.hkxHpQid7e8?{q?ԗCIS̋gM&6ʢκx NALkwB]ugLMd5DL<ͻӢr{Z~Uq49oR}UQͧjW3[ /'{SۍLh#Q&#;nʐ Nصa/ N }ċ]u32)::L*0KC^ܨwI^>k0îDA3 )NFW kJKB-hW>\Sg*"DZ9,y6ṴzVA^ҭI SQMZEZ갺D\U}ṛY;󭕅vuG.kQa^oŋ#-S?KqyscQY8Kk$qHN4XM^I4>Ҫ%'Lu}jfH]5GȈtS;X#iDv뾣R!v.8BKM$N#=q88$ m&noO,lDޕ {c$sS7_)L(=@ڈS Fu5lgF niA대PNjO6-꟏d3#u;kTxd 6xq3Q$^~sˬ1Vq#tK IG*j*[JM|9G=Zp):2z9PҖ[0j5WQ%m@~_Ki!9Hy˥,.kp# w[RH4X(zڃ+VY̰?iMIA&G ,2ex :(wrD2 !'ϟW^hK\e$\i3 +Z8IHY.!ʗ./{,9:4sA+b䪹 *Fy㐎8c6U8ȴǺM CWes=-~j\ko|2_&^zm 0xhn/ d (2z| wC#,wDז l=9x;i'_01$VkyBnSjȣ4&}UW$%<$]#M5K-wyr~0 DTا䰠Y%r:V-RXB Fht6%h(hy'2 } .q 8lr{g')Ņ ]8Xʠ#=e~b_N)V)@C28)&;Mu\ץ JvN!u41i\J4>Lfb?׈l/T;* X`۸m۟Xu$-Yp];;oJ#e)u;Qu+9V/~6%zV_kHk (v+gK*l {(.ǔG.JQEv=vt;nG *{YgD _p1(,ZjxAU vHKx7񂻻Ͽ/ 7J9vٰΪUamy.ܽrZ)hggph9b5,tqA'`UNLA=_.AR`'?gd7!dʟ&ŵ&簪63f6U*?s,cCLccdN6D#'E4}G7[Ɵpx28J&/5nF4 Kưк>2-8N)h:B:6Ǐ{ADGmmŌ +Taq< J]A"F l*h+rL ǻM)' *EIlZP]t% 8MK~7wI'Tq_BTEk)s&IoR ހoCXw4yW JVF0}`ڃ}Cx@SSb%?V? 53WbÙyO;#\r _6\QbH~>ӁV D}=y2 "fY!ʂsC9٠m kquRƸI@v^(%pe9H2gDU] \hwmiy3AJ_rA6H>TԤz0v+2RbXmeeԟݩڡM "o$H6e[~_n:OMGӥyB wL ]~òUtءI5ڷó_gMEZM毐k(슪گiTZ.`?ox]4W?{H0b\mI휟]lZD43;vMt&pTxPDt 'G%zHT}CQ5xk^.Ǘ [ JdFoZ=jznVsqi5{^"B VZ[0i{ c:{;%J7?(oQI/"e-O"|tY^lNN.{|wazF;Ф?`RoϤ g8dฉ-;3JxU%xBV! 6j-: cRi "MmQjsJGh˺όzȃjC T"W[Lo茐04I69}˘7l.:gGɶ0㌔?-;9 ]p#}K85A=MRCBM!mf^0[v^ ?A-h"6դ\ xiq05z-" ]({m+"| $wSdz[})w8 ٶ;3ܰA/1-Tbx{M4[SY޿ɖ{5>7\m8Gdx%L43Cn ^k-vPSd5SD% +RWEpk2!噽eU>=CsH7gbJ8tI@gaVA&%UP0:NBz r( v9wWC'|/}nal<2كQ|Qz'e W'$Zbnu{Ƿ M}{@h6ur<~U{k~>AMQF)7u:Ivĕ-ܡOGrS2 " @x"S/3}+ho06Կ091 i﮺cw 6H3ϚN[+7za)iwvڇ+;TJ:KC{U%W0|̶[7P!-ZuV}XLOj0 m$ACw˘~uлuK C]#AL#10]E| T,e(, QD)s4OP ĈK"973J^7%r0 s+Agp1{Rmk3 (k^x峥3HЄ\f ӊgj^SRk<ޙI2߃.dct| .1C_p+BB -[];[;E2$)ɽJ. fczsduDt5XQp"y(,rl(l1K3gOӈ_ & w@|}C!d{I㯫j:1ܩiW:a< ̤{;7/E6YN~ #:8ϙ^aͤ$O̥LMcʬj4Oi[N+˞/ZzSfOm$UXᜨ+-h TUDU]j,7974r~V^Xdut'1 6<@\-7IR܁dKHGsgڨYA]ۍki& V1j$Q Zgh=v)ph!~#"NƓ]7$8:Q ~F2ZG:5 /{mru!ڃ@~f7FZmM*"3LimﻲT4ݛ=vWprC ;v8 )xAH[YFTwضzRΌ-c^*g>j Pl+hΪ:8WYN`辋Ti>m>nnW`L*]sR"gمJ!~=,>RЋ'j8!%@lƼyB : G<,׫}W%.|.UOK Dm|1r"G$yH\wbpVX܅ 7TfV! BTki:AzT6+4q>GƜkGg> d$\YgSϱ2gYUk{op#=:L۱u)Gz^BpQ JO $IczTG] $DrM@!4# /y ?>gڐ -![7=`NTZk/_pneengdܨ]2(Y` 2.|Vis IO7˥sq9Bɏͱnf3#O pfNgSdTMڤHdw|N\6^C>1h6.Ja(ۙCG/^`ػW졀JkG&-8b^͔\ 晴t)sfV|-0X%j{iw\Xa { q0ot5v$͚N҅e_ɻou{(!p*MSJS(#+y ?ЀטMbQ+ad kf6DF1ش!.ePL/hv-Epn1zack//Vǟ9"3ün#BuF>{p<+ {%q0??t6@~0V}8ߝ:%⌠-d_lJNe[ 13mO8^$Q]4mi\Y=vN}_h oJ \AмDV^Lф|#8Gk<֛y'*u!r F(JN8p.Ams Ǚ.?Rvӽ8@~t 0KC}hHN k N_CZȲ/ԨMM.t%0m veQ|TkJ[3).֋}1!~i+*„̍hK%t3u8,|nD͕S"o/¥kOśMUrʫ2U޳Š:+Cmq^ M2]ei훳I8ly6r2r8 |=ق00sպ$1/q T![cm q0 iZ%}O.k.;*:.f<-|У8}̔Tj$U8Pg.!dU1h=G0D)ͯVmTzH2=HrG+A2{U[gT)N-|'8˛Nl_@pLg/^MZ OkI (H{hJ{Ÿ8&ʹe~'Fx"Alw򶣑3HF1ޡfJDdgkN L"(6V||dM3!:9 /mdH)n#\_S2z3 lb §0ۣGb,qFW ]2X7S̎a?7+8~w;?丽 QM:a&!!w#<{oHIn4lp[(WD1MׂdlT.R+P&/xW :]KWdHw9) Q D3O '_%EQzZ ԙO޴d GVpuJDKot,ZnhvlOAY uŘ?72@ L`+4o!e8>3+QXנO,As$Nu\졑 ̐+@ q><%a/Bs5njxuMu 5((U)RYuDC2 eQ.!*^%@k{iꥹ+VAb{B>C*z/(ͦMkdc  dq:' $YgozNz xϫe8DY"+@2%nWEk40鋊AUM\$?P֍֗I_lk{CE+UMۄöp@à+\jeV ?  TgD}W.~q}b(HuDZ*mWPZڿu {o);̹R|KHeXOVydOb:\<-pEpu#BZc(.j\G&ݙ2xnbۣʊ8:ւlU9,_^04, `g&zS;1McejU( Sbr /RlʍJwtȜ7 9/΢R"fݷ}'V\eUlb[7ZҌEK'g\w l [zVK)K2/_݆|o0?+;r(Xbgfa$pOۺpc=&_eC͕.8G,Ah0EEUp#LuS?̰)Nв9t 7$U/<Ìyo!0kA/ 3;T=٬kҙ;*lPV}=2_?SMBu(=ޣ `b7-xf('0#IΤFzؑ1`Ɵ>4LooArVpSs#poFz_&M4n+[v)w[9ܚť,b =ܘhʆ Cח :F8 *܁CZU/8G"·|I*!R  >)]8 !I`KAɚ>(Mq$Cf;OEARY_$!lu_Ua oT"$?]?b72kGԹPk1 x_ -IA=xQ7#/|l[g_ S~&i Ax3N؁[1 χ.g` c$MثRļ7u=zP$^ YCXqHc)BGvC&'5r+j9 D|3;kmlYNtM'`MGDr\瓹mF`4R<[S٨}!l/(a1(˫3wrlߜ8+u(Nimrâo5KC7>CxF,UfI?7v$^hQ4n60;nF5]V!Å{I1 l$8~嬭5FAcϲېU:LG+h_q%5 '{Iދ"5Ŵµ `{"\vܩܓ2E~wЭK޹c;@j R`B:g -&0b>p8(T6 > {/?P͇+({Th쌏J]ՙz͇GXƛIhFI1Lm&Ԃt?%8_-dÚd̠T9MfUHm۪pT)_yIx/LD$ռH5Z\#Oz-yo;As Ŕ?#8ORJ,.-z 3eO߸ORc> drt! ]ַ$Ֆ=*zEYipzjh'j{[RڬɅC3]-r7y0 yz4Kdp5}] &"/E Ӳ!xJDՏ8Qq7I}=64n_lȕqY(7w~+pslu4J0@|yQdhS"liπ"fr}>Q?E,:ggslZOi|LYt 7*AzJe،#1f/8g!}.njgȾo\3G[jJIXFNUf8IXI ̭= VkI ޟ$'RܯؓPHK֧ʥbXs)W<+b1w:2EPkvi΀>zE]Y<7#wn/ڝpǍoR:r+r"M٥ޘ-#V6.5<3D9r!@ݞN!⌤:vci* L99Ds._|=E9KfW!a7ڤ8w} tpHfBzS x6u$*tSp4ߏ`- >8?.0U{shϢ|r ^tnKFH՟#Q ʓb^@$\u5vvD/MR(>|Hڒfme0 s(F4b:syё mwS`xR1Ϸ+Qo%S4)MljuKbqe𲚡Z"J(ͳwX 7SAn=^X ~SY E1{S1Q7KQ]{UvʂR\uZ R0aPy2̳֩i"-b'hn]d.p˚ژݡEmIMksnc06HXGM/ׂ} PFNga 3Xk#VTHfdie)@RSv!RLNy?`VOӱK1n<-ѭ*d!Xi0 gXHNCÔ_PN$yA+⡁:Wmb;+Dg,)k>K#ϊ6NR"6. Dr|v\r`įM j)U@S~"D5U]J¢"ųn54#0kt>YM?łDߚYa= pı|߫]6S9]2&x3sBدۢíbIKw!`r褒ns^VxS1vZl렅5vC9|fV)R!áXIа-gv;q!Atgag9#A_o,{:v*CdHqM6:D| @ECK(|x"pt 󆎂v3;KǤmGRlDO&}J;4rᎉ@TgH[{<}̷̤`"~5m"{qg(H+ N菒7if9@IeqG&,Iail;}AB8 ^-w@$^F\Y9Y5*f$sWB^'Ԃ2*\lfR^bFJ"smnQe@01ԏa')n#sOCbi -sxK[zP3TTg`7>jUtfwI IRXډt(9*O`ާMDSt28\j 2MwR_9w.[}E*w55Nm =+&ϖ}*O}{+x֡O(l7Npߛ'b={VFnf 2ˍz:,KDj@hmY|@Z=,I| yu/IEešH0-!'|Z 94XQwmڰa >AmzgQ[)ԷݺQ_4S[fDrŝ%y\QOj BPi))Ht}C'ICOwYjA;E[|i| v#}3BjASװܪ ̂zRiVXk@Td6'5QE/y@[7j3:Ӷ딠mڷ|rmK3;T6br4H/1ʭ?)CZ;n2k(IH8$4W~ܵ h;ً.ȸMh1<A޹ r E.Cs6/#n!#x1kS׃d)e4EF4Siep;t4++ -4@"q '$qK8&~o1hH=JV!buY.[C^ ). bv|~MGhet(/yH! &`9iō-noeчO?TNĂh)d_=c]c*q+*%OZ*׉"Iv@֠Ů#BgҙD_pqϷ|A#E尚C꓋92o7yOaV,ĴZܑ :V<+YgD-zڝvٝz;JY#8HwD0)b,{Ls|hILsɥHÀ |F@ ;8nxRw\zz]Ahh~-KU:a+M{r4N17]iEҥ.ϗnŸɪGɂ? q9 \߯&9n2༈DaMxe[pe!ߞ4vX-~cfuNV鮋(/Z2D)7-G%-yq6(GgG乜L#Mtj Lʴ. PFz ⹏`2nōx- @we;f2=@]+#F +gp}>d-&q1T^ E1oSK8P@n PLmh02Ma<'t7u=Ex^dϸ}ۄ @u<< x%~3h{X{ۜONv;!SvXnXvU0pf*HƷe@.~>j<ÒsůCHq(ʯ*CroK_wfYF;E0ŵyԿcC%^wU AA󟶠musqlŭۍRs5@Un}'۱?)!4.: y#b(|L 5g( a}p81 C>/7B8^wEXeXDMF[dLos1K2Cm)B?M<燱!1o  ]7X\AaQ[ mI, 'ܼاi^n/sB bL8`xmv`@@yqFIIaa 3 V?'g]O7C5Ͻڶ4 ŕA*I%$oSXC=ms"Nnz\q8Ũے9t͒{r&'$G%<"Sd$.h۝Q ?heZ=mi\J 7fHȣ_Q5N<_Vc\С ۩F _{]RT2ISi6~וFmJ/ϰH_y(^?X]|E9Ǘ->zwʮc/3\c C>sr^ ՘ET%@^K-k `IyB[7Zj\]+S yvUH^oj 15@ TF&_<햻CsY Kb+&웱]l&,'vs-b|]qx@٫ȶ.Ť>|V~ܚa=QyaL^F[^bo:q6*CW.S[i{0@?ү@<"FC6eh\´lxawFܜ0Jsg3 WV )9Q.}Xnq)&g)doRٳܽXBH:6^5׊B S4#K&'0nKc|HAFBӪ$xu_XT-sFXBMYr>J1TܞUYnq%&v$STsHFp@@eO0&xB˸"u:WGRwjZ80mD=ϯRL!I%K,bZSDi/;q y֕5g eΣ 0"."Pfy&ǕR!A/|?F}kDvuQ@80^ļw<1tNZʓ`XQVV9Pe-m ~ :/S k lltа˩! a-uU?;;nʂ_kalGq>Y^ @ Y{ h}fF:I "NAؽ ؽnr^{Xn9$_ڛLV?ؚ7 [7tad$㭂akuc[\gZٯ)fJTQRKh~~ĺBwhǨѹc4xWwSlu~VӴ=֍X4J#JYE VP/30-s%!SisNej2j+#"LgSڶ4LJ'iCքԏz&.)f?3 W|rlrtyZxd#w@Eج)OdU2֤=-zchN2JW~"KLC꫷~fF0E"6vmb@"vLx_t(Ti4tCufǩa]3R8tإW,z9CzO}a<O.(VK?=y ˋH#РʦWP:AI`q'cc /n2v?&iԲ 1fM#eǜBrLe'i|Œ:Ͱ]#w#˅&cE N5`A:B!/ ɦ DMùǜmw ֜ҵ"KR_d L20R*hL2~+!)[ .(-R֋ʬOthLJGj"4:vWTsS^U7ahskbY#"&pzM GHGF~)(Q$QR=KjswIY*:gK 6!\_x\)/cJd[}%ɇkE2V{GRL K17ض6 ׳RTٸyܽ톘$'fg?G:[m~c@S!SՍD:hb{S_-1ڮ=oCWd`͡MLJp=EW5Qdxd ~5)Hz%װ_mk*xUh1fDN=fLt'i|pMZMÑBe?}@sb݋&ہ$GݿO{D)D8OxG%e%'V _ֶiOEY[^+_Iy^cɏ/39>KRy\B9~\m=iqA4ScDLeݪ\lykg/! zq>Iv[zn*#>ϸͤX PUDuK:gV]|&CqWTWs:m? .dFl#} 9[Yyorîg'@7߉t0S&ktTNz&ٌC=-xX f?1o@ 38w\sPUOAF[{)6[  ^%2lJ.jD4)ɈU{v[NG?u@?OWјu\ |&&͢` \6dЄ,sy׫>y]l 3!] #jz'[˜ٌ̇7vie`Xu^|%FC"JgԥPTIES P#4G?nI:,~jkGP1X7ִ2@1橗*s7)Sդp#FC 2cyǚ=. Eh+# e(yl) eD֮hTW??wGb}W)#z浄nkry[_0r*"hLW D3B\!Cn^Ehm%+]B7Ͳ$y$hy*LIF̬/Y ӊ*-2Y[H#Ь; 8kIXJ,8z)ZcbAfdzo9fI^08/7w9;,R_=sdj=i["|"턝'NVj/~r3-D@t "V^2iLbF,l\E,m͢a?0/Z ķS9}sjٔdh0YZ!oBPXm8W}C.NRaTxu=6InaqUͅN#:OC]' ؁S=xeI:<'hk=S[*|j a'\p;Z9W(.ɑbڻYCrt #FkT|T $JE쾛Wr^J_>G!] )o˲[.xhQ4ϢƖЪ7 m_@^% 0{ IZ}CVT 1ni9c[kX6Pr`#=|K,k 2Ξ3VĈދ#KCOR^Z\g+rSjTߪ{#9IX[_m/(bȂn&:BN(ft_yqd-Gw%@qfBDK4^5?"5 Xo4$di D =3*3qs#4!S gV,\Mc8 h\X:NL@8]s{)1QiKc=#V 2Λ l^M6/ON/ fe7%/˷?J{2(&}z 5UJgݿfAR%C<}G}&u 5o:6{@:$tqψ_z,Dv+C3U3N\sG/}6X&Zpdՠ5LpWCY&3JP-ӨYpӫd!҆ƇU)U*Ub][ H3ot|I_P8V(P02<,SqrtV[1٫FR*H )S.e;p( 2 ڷ8{}!-^_'l>nTp6t.xc߯HQT ^IL|M?⡖Y]Wm5}Prig._'RPeuz =s%ٵb$%)b>JSL]O*WRw"wΧc}h,qʔD#Ҳ5&"m$f}qE.1?r8YRIdqn3 %K)4<>?b2o^ #EG8ANh lJn[LjʟI9\SW.B6fhtJ&3:Lw`of>te = ; VZy-J5I @dZǸ,V>XͮP|~[r#kjNP"bT·WE6,.C"V+] kD?ARB݈:#I| %TdXFsa ".<ǞGƛfŊvj_3\cն[PZDII (('_[4wPz7Wm`$DpqC}S:O-p;LMG',Zpß"N`/$Ö'?a9zaI!QhS̷N߇ie& /P;P|jra:j{E ,v"'i\i<~k5emyiU*KΩic /7gsUuQKQf{DɺGp߹uRG7 Ay}X <"hLoBYьސ@eHjQSO#x$E|+.Wy@H:jIp$}({t'f$Q/Ha/XS.azZۂ {Cs.JzbK8[NaVH;Rww=Oy>lo(gK6(ۣɐW6~a뗃lSӄ0]e&ٓE:V*I;J^Kc\ 9a1szHGdi(e+1tqZP߁2[\L"vq> ^l v~U6$n=_n)C:0YCC ]dEa29qCm@H-ѣV0ڱuDBJE0̍zaCq!4(|G3n$XkMD6YU0BWd /n9X) ;km@҃Oɰ Mq/+0T41[6MhN:[ j{ -[|V< 0Q !7|>).,G.̈́$WXg0'jz<\G&6c냴R>=5H"5362w"ܒWsTBAi4^Zbq0K%dh=%MNחyOV:jdCOLw~);wRTuU.*H\&u>0'rl.Ɉ TRx(mDG]4 #"q{hLE %vJ 1_7Q'22!&k Emf: Dxhm_j!} 4d gQXpP~ptk*ݺ9=b=ˀf+JbpH=eCU-`738ōgxG; NVnkA@gu̪u{|PJBQT ]guC9 ?m@9;Fg FBVV޲SOyUD,DxH4rpxyߩd64zgUyDiCj!UlAI'A(#і9(˲sj ahv/VhN]t5Y R]6kRjiiMfx Kdiodn!][W t }Arh;Z<'} Яxw/Rhu2:lǦY rT̊M2F#z_-(hE$\kF,sVTu0׊$^񤆮Ie<_[֩H-!R1&W-XOm 'dz~<鎠!f:rdMʧ9!'}d4gXBr&N1ͱ:\xX= vm*ߘ7 ;r',7lc o|2?B _Qߏ^LN}*<ͬE{Y"5h+ϦP&xuǚoPDm~63,3Z:ƻ;5&iR6|Pi;#xŊX +yX/ x׫d /~:}wZķL"}n sAs(;`!5;䲙C|X"XB|?!\DT"g8<mϪv 3r-ߜjm驊}['z[' ?%ZK߁5 ƭ0(}Ϳt#0ķN@œ*Bo5ݼ}Ul `ݛE )P|FM tumVW(xBP.&zЕPbFTLoRD+y&||>^*E.MOn#FbGkK$0Iv .G$/VR4X GWjA:KmKoȄE]IAt6m$DRD,/9Fjt!Yc<->/bTMc>S,?w=(CN?Vai¯a'Z-|(4Yy0|BGtxb?XHWF pSs>\4\hM욵n &ͳ<’lWɎswj"qn-J2a;j  kO  L>:vk9,Gmw)E=$֪YU(JdƊ}ٶ1XE}#"Vம]gl⏇5ncH}ۚ[NϹ#Zh,62E5w]/xu.nΥXZD+z@7\S\hJ0I (C%%lsd6lxW9SJ3_VoS1{%ItoQᛀ,]ݻb~bp=h3]^Nì*EKahnl#9H@dQރq( M'X$OF֑FCc_;*񛙑ld?@lB "W[}6PgޑK8ӕ7>'B<.=muE)(>ΕoJ*VϲX\zc9<=è(@fu\d"2zLs~*|ɷj碈Xֲ^TU-dxo4 F7M(߫yAv DVp;)mW(̊Jefaݬš%i*sQ#Da< X`Mop鏒3$Օp\TpP@޼ܶm 쁣> 9ϿLx.֣N'_h0l|MoW r/3+1 2|s*x΢Ɠ6R5N\: ȁ)tQpљ5?CNѰ%OT܎Ksk>GػZٟ4CXj&$Q- .x;l:G['/Nj| |lYEALrh$N"S ~{bu at[:1 +]BI8aZhKelD߅{!$4N@x+&1 ;~xs) tp *JIZZ'<كjvo3 O)>>T.&BQЎt8 w1@⃰:^a#JRb[8dآWrd-8:g)9 Hku_)K6?UjCk1seӾvMC ^ V@,6hݕ7f8`O^j qv]=x_vEDjiZtyf^-lFd@֫Ԇ#tB%$kJ5zZ:FdHq=C Gx1s>5Ͱ_w5y$nrE6 ZSm?gHJk֭ژjOIM#44>(AAd`ŷҷӚ0:2[fO>f%3 ZOaf^vڂ9vxRHh7ʡ_q4a1-3yrD\U s r<d|7͠w[D E!&Wco8 'fTcssA?|ȳ~c3d\Ǚ;] Į&FK$Qf$ 3 {HTOVd~F<-/%+툑k7@d ^Hyq6U z.< PdsqtA溦l˜tzGߑ?ͭ&] 7(v/}065$=ԕ8q0uk $#d 0mk(ouz Qҩ'8,QSiWrTE=l[k#:7jW& wkA֧w._"Nc/k)>U[p>&p9PuBRݧY} $wtL+`=z~Jh_y@ޤN&ocV1Da(!SwukmjX㏎ W<|I#yI1gZH9&0I d_y4R@^TBH$u9a{M.ݬItX/wn)NL>$dފh6[p| yLPeVjZue%éhNj)+prB5 KgCrM-9WJ`!åN]UGƃ^K FQ|끖Ms_ֶ#mDVG.-噢O\d;EQw?\ЉXԠpbT!yl plC'7闄%A[&PVFyfKrCYlQ9jI6T]/NNg0ԗwP7)ԫs:>m;Hu2$a2U;r!J ۴juSsJ8i'hv-u,qU;)CkH}5&TyLN_J392s:@mE{7S+vD&xG{oww;mz;W-D޶#J~WI&a]z9hnӮ.b(v*`vjeoՅ @*_t{՗`Ҽ5 SV0S}C =U'1$R}!N1vh#zN3d 0XB<߸EZNT w3\kpä5wUG;JU\ɲ;NȈWs~v$ t~;e)gny! DWTȩP qr0r8I.+ B[&?v>^D%S"1f'ټZo)JeMxݛUmqu;e!yrZ \vPƌ0\blÀ|"swv,3xQ9uܦ_)"ȱ]: Xa9'jLс)/ۥR^ǖ(CXSé'dc@Na0[*/m{y^Ԭ|w* ;,'ӁlrA!qgbgM.X+U0]()_%q՜U he^Ma4 (n" EubxEO7"h((1VGjZ~5D3"9sl0 um#+N? S>FE4#2S,eCТ߶8-ȉǫb|(B-֝c<)ۡ! ❧[!L:ui,<_NG{~%~n'PUO`M|Tzn/*wIsH= 2%j IIt^xa)V-g NΕ=Ukiن{% 1^xtABQS2O!Gho&z GW (8Eᬀclԭ8i".ȿgccHg}j pXo{MtAv^䑊Jg_p6 *xHϑҨo&ur^K/!xc'̂ Ri_Ǫ$)һG"EȳkIt"p2U–:N: ,sj*YI]$'~xT=t|wu#t`B(@Z ^R۲ܢVH 2}c[r-sLcIdQ"{d`dr2&ACb9'2! k, TTNhW^tsH7y"vEhheI QZv =P.ƮAJgjdĤ4'PhD7TvT^K:u}muG%}ԇ8'wNq=I3V5  i{%S&aXL'=3+k4kvwyRd;(<J$z0\GB [99)ػ΁¯!w`~iֿE睁Tgtet1ĶqzUW 1vZ1*CD5X,C^,6vUN]KCNp_OkSêguubw$T} #d_{T\Bk3f"l|=@-.MdG-o]9JojDF)b!NU60A4v5ɘ.&uX{mǹ` bf .2Xw[,s=R:]Z'RwMwluE,H;Pk^n,B{C* 5Qk ).}hz0nJ(r˺R3SYED/_TXbU:K3R)YѶDyk p zB4_$ UtNc%n1>HQoXފ%gz\Oa֎us=Y6q:rù"2\n& e8lg%3U}ߛV|m&X\`s 1۟aB4 R]K1CF q}ZZ4Ũmm~5kE8gL9QmyFɏBB\,2q,4k "IR gg+&.U/_,!7 u? ZMAߔDNYҢ,>*HKimCG*K䪀[9|HQ5e\P W ea_&B~=J\p=#G=5Wu08_Ob@eF w([ (x؛r=O>XݏHPIL zTl!&c B기u1PW.LDcv!&&NiP87cbV{*&*,_Dt,?/έ|Cv$>e;JڱF-F0SĵcjQ8y3ByPBwu^nuCӇ 1iFƣ8/ $!618քw@opJ^ 93~qSXFǰA2ڪHrOV$G.z(m-g@Oא}T8*axʙݶ#vXtTWeN~ ui#A!5{aGi2Dj{h uy&3%0eJaUYu1Q.x|vJ(G[DKU mrj!X*!qvcܼ &?JV4ꗢx[,o !^_Pʮyҝs =6r<"m_/*g h\2}37yyF/{0˸uhmQTȵHR4739Vꦋ̬9_[+LGV4dC 3?A5䷳,M(ԂyR'ݫƹ 5 `gLAwJ+ 8א@&1p ӊ/Ck3l*>b*`U8US }!fV`&N¢sg( ]4mоk"݃UKGHPMr]nHtVwU|OM_g'(G&P>X[C.}[aVݸ +krؙ 9yc_<ܞ4];(%׵qFcL^iԑB@hw'cEI'9<¶ x $(BǴuQ Ab5K<匎0rY|RB#.+*ÃQY8I}3g>8Ora[P9Ġ~hF !"9]tmPouMSώک C{Ln7~x((D-Do'+^&.ֿ&V`_M"}"dSL`#~O]>N ; j- S Q&uys@; eMG]NHM"BD$b,șkQ<@mE48PPLJD+zI[͢a =^>9diGTz`]|9s` :8Y9gj4⦋T61B?s-8i$(aRF<2Ur6 Zxh!?ǒ2S+Iȥ%^fUN ?Dcd={ D"0n̨& SQn^Sb餒 ACzP5t i&] M4#*͘x,%g6YGw@ì ˘cJXWb1Mݰz_.Yd;;9 gkL':zMgn=/򫦽2O\y /V9z.U0p?骆}➖5B\P$C>.e?=6-'3+hbY H{䢩 J8ojVpe;@1A86y4&'>rf#mZvcnjM`֞_3Xv/[x2&>gz u;R:Fl־"~;L// :"< ֜S)$ 8ȿǗ3w喺1zz6 |O `ټR+ښr85` V=A}iFP.r'.xٸ rA KQWL/t=“녈.0b`㝡ĶH.ʯZ4sY ]X&ކ1H%-ۧNsL׊|= Y 1WӔf̨p V_3V3t^#X!fF'쮚 Lg2Fu` i~Pj{Vڳ 'h;eɜ$1BlF2[50Ex.p{F1XX%>[o=EdS ˄Nb.to8{Kkptav2Bn 5L{/Acg碱 'KIe ЁsfRs=xAB ,-\zCbQ= A=#=ƾQ$H|-(k|]e!V)Ȭiz4ݎT#4BNԺČ{.TU58tG /S&2߂r&b7ІNNOL+ {P9"-U߹=/bMVOΎD7(H}#+LqSq-Ì,T_daUqQ^Np~@x]4=,zB{R STX(uUA5&<8w-$~qׯH 5.qw#??NsMkOɿMdbܿv-^a7l,@6 N',6*RAա2j{ubEB0.(ޫܸ2UWX*%mIVRrTpslTVly~R3i3]ɡy>?ja-݇„{}~Xo\H*{ȧ3A s 3I .0|8ILY%Wo6U?N= ,R\2IgpeҔE w*~!j"pVtMDHm0p 1mka U*Pȳi(n okaџO8xkCZ3M^UPϠo^8ŀMQQ;r;W ۔Vc֢`-g he^uӭ %_lXW8 TfG۩^SK OxC<}43Tmk'Q!Xf'rDfQנʞ"3pJuA- %GOŪRGخj–7kgݣ! XY%yR%y)hף(^B!JE\:q٩JNn=3[vw6ox ܖyZ@i({Q דt[?)4;t*fxM!{KbKy=Oݽy6>RFH+r$z/fҾp.\ő{'j$ ־Ag9]4-|_L.bi YU\Ee$ft_kW tHQZD{w?.EԺx /l8nWmԍEB0ae6PtXAz>z3xrA WaƜ)5!;dv;K%<h`AZF>pљg#d5RRІ4}[ߑWN~qunLAt)SRc9n( FΦqt5@uv*^/ )[P&Eyҡ$T\H@{H,EʬGQ{:UEghEeYA;e9NJm0R'*z|ٔyV!f:"m̙xQPeݗThIK%]L $ۓ~jqpH:j!-In;çŒ S[cG.?fSt'XY^k'Fg}$c\+{2@TzTQYpnORXHYF%M*_|jbDfje"gR d"\FbQ,o<qG5,)eT`"gĺ93C 6RfU1%; 3y#qѽ2rH_AXLtnL#RR7JM |)*L,AFD:#ɰx]5M,]1Q/GF`6Bl pO7XWu[7n_V K9P:~`:p^!X=(kMHlMy/ag"z!YĮ% &S5 =zv-C8]qyw c]p3; )GQ߃85J(vY>~i5+0.X"M~ޝ.,BGɴ;ķz&Ahs_ \U8X]E꾢$eH%[Hiv$.Ө sdUX6Zq /Y4(1e&I|K \0!i6$x0E(Q%2%*Tj&-Ȍ4| }ڀ?z8 Vuc-~&s/XOr22*OC,%JAJ(>8 ?v w8Tq.#7IQ/ujf\@̆؆,™0#]niy$)CBӭOq Of?71w߀^;}"ɔQ߼\ibu^Xʷn&]LWUͪ)^IcE]\b{=\:KqOZW,i{96^z&ƃhF)v8n6:{d8LXȎB?{YIJ>בMT :yFK뗫1snX0iR?Qev&϶g? {+P6#:d@Ku0@ դNBF?EbY T@a"H^;5cū#`q/tfDG"bkwIy虸NrIS3J#@ukQELbE]i ʜ7KTOMITVN"<αK"':}SA7 "Q *= yطع Kid;dab ؤMF(@W']A"/5p/єT8a[Xzq{*؅@iy9mC,:gGƈm:<o :eލl/BR/gƑTmۯ~ uj,>Itgկ4;X7t@`&nDi"&QxPcTak ^'+e C-PBS<ܢn)ynK JҹjFS,rCl,vULͅcjBoL֍x )%հ:f3WCX<>[gڟI*pX#P#*L/d]w<ݹ+sqc3tu 'ƃXdAֵ޵^(spfqcFe~ {` 9xPLF&`/W YByЪr#e3YO KA;""DvPضf1]ņ-ZIje+3`\ka1 Bur=뙖$*py9I1V#L"&ݨ@sG%$ _aA֬/g`M2D yzġ_/'c֢.|WGzXB^ѬeL}9P [=epL? 3h W㉽tUX#{LJd/UNm<#L&䕨X˘FwZx-&ʢu! %Fvv܂d1^-hHPԨLt$d(FZ!+̫,f6*\.0* \5K5ᅃaw(-Y $B@v4Q~rRhj9ۋKC9fxad݈jqD;)o$i;byg&.ms' cO6Ny7.V8D'ɼ>6#`w>1d!뫅F5K:gY(Vp–' RM)QMt ]Nmm >6h]eԛ|^`࣋1,g]Y72Z|ǭB =+P ^6$W.ɹjk"rww9!1<4UC-D74 i^;F} 接ℬ:"ֈ9EU!ZҴLVwspm%|Mz'Y6s;am]dB3σos̹Ԇ>V51ރ{{Oz0}yR *@@F @xzCp3dJj鏻0ᘄJ~T%j.n= :}ck l]SoцStE/8[R?I"޲@t!Z#n賴[.B\ߎ[tHy ͇HNzhrf_')U7ү"9hib}[%c KdlXIf@3?BOs1o:Tىmo`㷋82CNȐo8wt{ah+i1+ tI, @?Hv A&Y g|@hqie'|\`꨼Y7URC寲!3c[)JzlSӱz͢"ȁ̜ >`Nڢ g!У76U>ۯ-(|d:"#RBT_?R=g3ķY<²k\~&]7<.GPI?>Zzmf|zyrOݯġe3qA7OnUC#ɇ&Ʈذy1E(0輢Vl1.6nf[Cr1Mظ(l9ZV yܢHӮʍOF~`[.{[Q[> ^֒A@0z7zhk^5…$Q z%ٝSuN <5B?Ps㶧~(j`ncF]c0$MlfgY"W [/ٚb%@,h5A2TmotGG{th1 ۻdȬa! B]F\Ar?TrRQLλv4.hN==1C,cnChQ˜)efrxG2Z߱32 T͐O1=oFl8q%O OH &vtaI4"w.@$Y)E1\Q вl9b]^r_7&P ~F 5aj,tMۨi88ܬ-yJ}2\ؗ{: T UyAuO&?X8Wp~jNeAI=)eœAݻX)$BY5" &Tt?핫Y{ cdFƢLgJ:; VH.ቩn$| `>PzI٩Ca+>;c/[q&Lj"2_w^s#sM$*3%0n0l!_.b$MWƂijH`Q+Z]+1bѭqEA&GbόK&M3S6ZNVSt,1Jߤm5L[*L"v:#G!_l/XFF.Sx1l@~NH2 <9(~ ,]đ`o?d'z(|ݖSOO6ZA`CP~!|(vSL*t" );&lipql<)TkaEILqX@A6#C;VeE }AhrE8<\=WHN#_4GOVDӟq-qS6Iq=1Ԕ3΢ymG -&ZX3%ا?tV9+InquMK QNܭxȿh 5>jYU6 IKYԯtWRRXh\7N üuh=e옶BIb9LSL.U{&w+<Rd|`͈bnWىnjcc T4-h+V5VP)Z%--1(x`![X iNya oYFؙYD lRƀIAi2R 4Ox"i&Z'Q5_XLKE!,usaw<J$NmN82߃Z4ҕFdsQ=<ע;ܙf|ȆeP" I j[9 bv=m_TwN%CκcX;96SԚаH @Ƅ 8O=^ YTAi6Q~(bޚ9FrB9_}yd_ 5BS[hB2Ot6iX u5|-_>!ۗIތгAχ7.ik{ r7ZFR5^_|WNPB}mqp]ZCC5@E<hu f[iu93)f'q[2n[4X"0 %N YL8ٺ#OKuISRMj\i7 U;I=ׯÝ3V`[dK]ם?X$f 2g15,EXm"% Ue Mjab[n}cPz.*/fg6SFQv_ 3>Z3Bݦn|*5dYNU"\/^]xhg L|f3[cƶ:xwGI@;<^ ' :+ OfR-~zܿ`M\JjIXOJE=NƵ{fpe=.0|͈TD<)FtW(Q_);&Br + E)u-x8AA0QF9.Q06$vH:YiO}wį)H 3pkMWU. +?Et`Lm)exW3xr!kTxqcsm0sgn?LwSBYG# 94fAle&aTY}iKW@Xհ0Ա<tO !.R18! I$tOmruM*#ɯa@ڃ@Y1Y c Z00'BS{Ӂ|hT^^ FA`*}QqqC=b^K[)f)Usz:=;WWl@VГC+~i/7s/(h4{D4œߊaRWۣh`Fus2ֈ dw]a4[>A+YO6PE+Ӱ^:k _,dH[]gU*r(sڛo~K^`vaڲl5> t!Ppz7G;v׭J7բY*Mn#Z@0u(r{aYpXq;V(ʏY4 0QLܺ4K ndT']TbYZ>Q,Sp*`ȵ1VS v6jڒwO΋1y"yǼ 3hB`K `]mlsb?(0 6\jf%IiܴW PbYO"F6v`vƒM\23B76*VtatDSM&ߟxc;Q4lT,CZ .c]n9a*U@'6L,)@%+dVo-US^l&OhIcKw)2pR̸Amp:Ae'Z:ePJ-zC%v?>(sZmSZ>ۋkVu~/eƸJ'*H`"Nޛ:"?tm"ŋq(#qx{虝_<"1&z.OQ__ٖ``O(O \}F1.>2_tev#2X3 :uՊmS.,.OeY"]ƽ4u-DnoG0MV%ߺ:oll|ƃ7םhy';s5f\s)"!@S} ﴝ9ͻ?} PF s"bggEj({URXQB'Dsd)%Lp1M(k7CYP4)s26O[L K cm([u5HʷXH־P/oU}!`DrK!v{9CG p#l8VE(}$fzFREڧByl;"R"xm; Iw3:[Ɂ! Ŝc9L"Ώ8"Qt>-%* _=u\4w7J д':lw9uh#8' py[ lrT QGcéR«|"<"|{By[45T@L_>Y18cA&a_S ) KJ;@gW8K7}e7FsK8hŖ܉O.dH W'cDF-q;cF/7?zS}c挥[&m- 4.12jTuwh^uhgg/kE=H°cX`1C`#ѝ|z&>%^L 0+9%w\] Q_ `O+ ^贰I89lh~zf) 9a]:R9VBz!R' [ `/0 >C(b br)@FWF_ SH< y\C9.q;5pk15:2XqAȎ@wda_: lAƢR\񒲤f% :-P:wǖ/["V2^FDZ|'Fͼv#NƱrs"Ip<-*daOV{^oRk!H u#  e]pcэ̊mTOGZp;^](\68;ϗQX lc+TxC5~wArG}u[+3 FHAP֎mj)gjen2aa 瀋>IHP{dªNV.}$;͋T )"x/ q)B?>1;ݖˉ׮?an%0Uo.3*iHۮ?7TFe;/ő471MʅggT*G1+ 8GK2'z8$>g!C}5upJ7y ~>OÓe7a>rVJ޸qթtvNiR<Ȩk_0 z^ # v/4kW̟#,Uqm79劫(<EEY-Кr&Mԡʱ.mUU609,IzϘ1*7'*[ףHbwn27A @;X)Ppl,i.̄Iu]+3@J[9#KWDQ~n5??9t ve0Z+]9A{3G:cdT[nmIŝ$F77ax+xai_ehI^5m_0}":7'&kezb:b  <s11^9(kovQ{تYUXyWan()?]N9%Br_FYe/*tp3JiV^2z0 `O+T@IewiSfGzYk8nE mwOMhM/byU&,0 h [;/Lb_ s*^tB2@<.r4Eeh~ՓE KGU ^#Zqrߗo~Tlеbcڽm7b-gyy>HkP@Fbّr/ w7] ;δ:le;w9?w PLXؑ˩w1Q.$JJDjfqzFJb:G/rY4@h%Th|8Ns[9u&c3zDn+ytdQKn 8Tg2Th2+R+V\W. $PO5 _KZ~~:C7#ZGA`Zq4p{@9Aٱ`8_ ܄e!9*ܱ|A$=K[H{t7TF9Q^a7@j}| su9eWYg\Dqb彴NIdn t:O>tBg_$ <(N3Acx>~ T]|y(.G.;VJYBB\]1fƿ_Є9UOASN+|%I/=-rI!X] :JNʎx)4"5='' zMI_HιNTSy9 {];28zqo;3=)wQTO@[ŧɟ#!e݃>k?>:F>i ;pV=މ$HlVB&2347Ty/nIJ3Dy\4{9b _A>3;m(*ؒH: 7.X2ī P)vs:xn_zrWBQ~lq%1 W !7,])w5p wOa% #wSnh]xӄ.(k&s?g2BF 씀\d|~ e-Wjq2& Z!Wco͏a^WǠkYდ,"0ǞGYJYVh%ځ|@P̺q578R%_.SQdo+}^1@&{ȡ `p<.6oB)ķ}$Duy`K塥rM!m {Iî,VR_XI:noHSb%U;K V%|$`YPdkS:.RR>TMȺ#+G0^ ( .@Bp@I=t7! Kp@@FEx@6MH<ڎf4c!8%R6*ҹ-/)GABD wd1mYU<K-PsC~UlD]8/Xă+xA pcSb{E@)y "R DxCI bo?)荁7ToNFsGP{%|l "!}/ڝS3EdsEϪAkۢEDcTޕX#`Q>vJ$:`z.hvoul‰k[_?ẗKص=#y_HX_M4K2+뤅t!v} t&) ӘNYlp1_A܃X Qǜ",zS˪ 7&,HI~ ^K t8ȯfoX'qMBS_%Ì> '@KtUՙA[XFȶ *j&^̬ sD,!B ԯ6 +ewりuj͵f9/Tڹ*.+Zwiz~a+G_g<' <>4پUҙlƼ5P[ {=F9"l ɭ ?5f٣Kc\琾56{r}GF/@b818و_}@ q |l7j:mu' Fq?TEZ![4 1g9ǟ3I&o1 eJ6ji6~SLM!K:4^\&R/Kue2+$ Uz] 3ͤp\&ҿ%%TG٘ t|"Wȅ>ι2pjn+ཎ̃pF7ɡ9<:װ\7&Ϧʣ $nE NNerKSw`jqev % e]g? 6kB.\%Kx9N_3QS;>QrˬV =[RXi*g,ȿ[jmo#XNuRRtU[W,@:!"tne._ ux;P"Oاa,å`t|b>'w8|p));4*Ʈl u N^9{dA[oz3gkC׍6}zٿNku#z!SHAtw}4ӷ:{b2pO <0IF1Qi 煽nLnI.6njs*Qn9„;uwbu~Ljdl|T?Gh=9ۢWޘV"쉆3z4y.-`#%JS&H.:5b!ʬeQ 9,YH.x'yd]yr/RXjϜQ(F6N]z!jl^Q}b[mgղg4|ipw1P̨kzYo}Dx.oj]IM[YceB׵tLKڏvĄX~bx%.ħ1U N+rr{c$w'-qk6Riǩr0:&H;1ԷO!I+:Uv*VSML$ ߛ}5'4:v, ie(RURNGQT]D&N5>IYPם$DWQ)A HՄ@~mcv,2SaF P"e:3Z _ߟqeB=";pM(^eĩOXK }NLTY#s-N )y#}zT-iEJ"fc~q6if\$%PVEڎ Ear*bh=7}I= ovEVsr'_7E )g5x?uHnEݲIR{8s>ubr'etm`\`L-w{Qs|f3"/`DXcc38@0Bڲ@WcrUju?x %p^6}Z$8BDWi I!6pEHPD NŢ HbRltsl$XU$BH/&{{@ -쐔aI|/B^-X`8(c>MBPV1;-tq k:Ԅψ`@)yyK%I q#u)Ha7^ϧB[dEǥЌŐiVz_$vnRߠ&2z ;Ǥj7&"19ĽsB[wFS N&ťӝ(M}:ǒ<^y@yew9I1?1%?B*ytlI~_{Tc/S䠜ڊ) RO*/<IvI25ՈCh$[t O󭧐R#@8*{!϶zٺݵtwSt$<*uo(3,չ٥q2ܧ[[M.l|q>k2%N,1yNPN5\=5ɇ*kIb4GO9$*'>MfK1mujmъB*GOASJ"Ftf&g 49 Dhr zȿ8 HPxnz1c Wu}ޙ qcZVzNU?8<\}yMܥr >-,eratFN4AuZ mgf!@#ÝN1 ԡs/B05&M lNVҬwhysjv*45CGRvS{wF.&Fyx=:}j t3wеGnBonX (`VBŁVepFqٛ#g%ȃg>͚Jk8+˄q? VC_6jr"urSR]Lf:)h9`e]̚^0$m_ J=[I1z߉3 c]uJ)Fvħ^9J/:agR;A_}[F QJq:~p"J "a֚!}|~*:(;:vfgK | sL+eDi3+nZPai1Ml@*ߗ'L#D9K¾We,PPqv9APH3?5DžBtc٨B'oL3K INͺMS˨Ҋd7&q7 BtoQ45*.ZT X_{nؼ{6;bR8!-0fN@nFp@.(0Z0&?++ n^%A:ȗxYPSSxW>USZN~w:HuNQm@(d 6 ,Ɨ2鸺ox'Z)d &-[cj%i62cz^v#]ǻk%7k"ჳՎۄҹ; r;f :eJLI_{Ẓ3-j/N2@Pf2}>'(k ҭz'FAuxN)0l4'=a%0"@lY Y5E)[-0%h:z٤(զ jGuíʺ˴$͡a>zt#-ba{>Ϳ)|dā6TE&|֑磀1L#!]tdڟ5Fnwl>oK<Ys("7_&f:$;`~1D_6c:AS7n8:Gga`$gx-UtPL=oS {¡%Qb6]<;$ԂlϬ* d _NrDm&M̔a42:l,o"]Fz|iו0&uQM;7*.ĪoLn|5P|=+GpIk'] i뎊ҬQ33`[>D7Fq~Y{DrLzwjZ/,L YZ