sssd-client-2.9.0-4.el8 />/  A1-p-t-x//d6CU]\2/Br,(PYId:o%P2yv"iozKM Ne2D&| LW; 4ҢEJXtЅ uy&@p L;;nG98U6[넎r`A@?0d  @  %(11 N1 1 t1  e1  1 111**N*(89d:n>?@G1H1IP1XY\1]1^ebdef l"t81u1vw1x1yPd,Csssd-client2.9.04.el8SSSD Client libraries for NSS and PAMProvides the libraries needed by the PAM and NSS stacks to connect to the SSSD service.dwx86-04.stream.rdu2.redhat.com=cCentOSCentOSLGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxi686/sbin/ldconfig /usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin /usr/lib/cifs-utils/cifs_idmap_sss.so 20if [ $1 -eq 0 ] ; then /usr/sbin/alternatives --remove cifs-idmap-plugin /usr/lib/cifs-utils/cifs_idmap_sss.so fi+#'#><0D- _=O$~K G 2  e ~ ;  AAAAAAAAAAAAA큤dwhdwdwdwdwdwdwdwdwdwdwdwdwdwdwdwdwdwdwjdwldwldwldwldwldwldwldwjdwjdwldwdTdTdw[dw[dw[dw[dw[dw[dw[dw[dw[dw[dw[dw[dw[dw[dw[dw[dw[02411b5acd6c081699f942fe1e3aba538a408c985608927d9a83c006f05b9dcd74fd5ce3eecbf79fe387b9ab0bd4927470449af3c027b1e47f6adf67b12965ef38987c4b375993502d52d8235d4d16aac189e17cbd51c05216ada764a82afb5a6d639b92b8ccf7bef53515b289598ee80065ac5a9fb0694fc1874a8886d7f1364d4087546d478f8be57714b87abef0753e8d409e99ac576abd2a024ffa4a0e27c7bf96a7c6195b791e092ca6f8768becef006ba82bc4c334af0eca97abdfbf9fa530a5f08f459c2be87300d0ad5604869d66fbcc93fb30d1652cfd6b441786a2f2a7a6a533d997ce2f76f5752f82260bb618fa8dced3543bc692fda92cd2c7568ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9036c57f43c939054fd4b831f271a14c97a488c38f98cdda5e887c5d396e3b3bc586d8c6cd5ea30b24fef9d62d1f70637ecca46816672b9b1f643980dfdb6ea383909ece8c2930b227d6e1bc17f46671e95414cc7b6b0aca3c18185017ee09abe5d68a9c2325ffc925f610fbf34a7a4857dec72a3d47f6c04ac2629413bfcb78aaf07de95e21a653677c56420b788961553868fb3045b059c5c310b71de001720b1cd8caea5dfa92d8e9409b27c814e050388da2a0fe6a16e21629a46447cd48da301125d9d9fafed0e57f27773194c4b46ecf8d55d12b5316713518b77f6e468dd32536a7964e52fcf93c2d3ed7bec6598bdb94858f90067bfa475ba66a4ba29dc16446f056814d57af7bf5473a349928cde8d8c9672556eb63a36c7bb96045c5340b34e41e07b9902736aeb52e98d83196e4e6effb7ad241ba149bbfae6e09da01c2e81872ee6ed64b92333d8545e6f143aed845149de859f9fc5f3e98081450d598d734503e6e4dcfe5aeb74bbd654c7c75b45c08061e82501425762a00fcf19cd13df335fac01d980a399ab6337559d8257dade73722a21eaa7d07b6dacf8c4ce4614070b615afea0540ee9b7f1f60af7c6e7aa8bfd56b1d90209020ca5df20c11f69eb8da50e4ce96d868c3a3ecca5edac6cb2438ffee42b6ca43833eee9cd66b749fe28638552d219f656c3ae4ba2c6ec585d18c450961c1d7a56cce98302b1069f6e20ab67b1cb8c8f8e5f240a39a7cc791cae855a14f12a7f4370f72b46c5bf6af6f5c3b834be1cd3e1be86fb257381c88058a4934da432389e60f3794e../../../../usr/lib/security/pam_sss_gss.so../../../../usr/lib/libsubid_sss.so../../../../usr/lib/security/pam_sss.so../../../../usr/lib/libnss_sss.so.2../../../../usr/lib/sssd/modules/sssd_krb5_localauth_plugin.so../../../../usr/lib/krb5/plugins/authdata/sssd_pac_plugin.so../../../../usr/lib/cifs-utils/cifs_idmap_sss.so../../../../usr/lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.0-4.el8.src.rpmlibnss_sss.so.2libnss_sss.so.2(EXPORTED)libsubid_sss.solibsubid_sss.so(EXPORTED)sssd-clientsssd-client(x86-32) @@@@@@@@@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/sbin/ldconfig/sbin/ldconfig/sbin/ldconfig/usr/sbin/alternatives/usr/sbin/alternativeslibc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.2)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.28)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.7)libc.so.6(GLIBC_2.8)libcom_err.so.2libgssapi_krb5.so.2libgssapi_krb5.so.2(gssapi_krb5_2_MIT)libk5crypto.so.3libkrb5.so.3libkrb5.so.3(krb5_3_MIT)libpam.so.0libpam.so.0(LIBPAM_1.0)libpam.so.0(LIBPAM_EXTENSION_1.0)libpam.so.0(LIBPAM_MODUTIL_1.0)libpthread.so.0libsss_idmaplibsss_idmap.so.0libsss_idmap.so.0(SSS_IDMAP_0.4)libsss_nss_idmaplibsss_nss_idmap.so.0libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.0.1)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.5.0)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)2.9.0-4.el82.9.0-4.el83.0.4-14.6.0-14.0-15.2-14.14.3du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/sbin/ldconfig  !"#$%&'()*+,-./01esrurururusvsvsvsvukukukuk2.9.0-4.el82.9.0-4.el8     cifs-utilsidmap-plugin.build-id5a9166e2c7536221d7dd9e9cdd6490d383e361420ec60a455fe2f822dedfe186596afe7456cc905588547a6a5b92c1051feb876f1a3d311c31f2da7b63a9b9500a6d3dc1bf8313332466d01ed7dc078a3f5145fdefc5d49a9d0d53e930300b6563818eb33df0e70a9203d806995f93bdd3fd9b20a7ad7bc35e7061f8e77574d4b06f3eff015b036f2050e3eddb61819c990b54f4657bef50e26b7438846880cifs-utilscifs_idmap_sss.sosssd_pac_plugin.sosssd_krb5_locator_plugin.solibnss_sss.so.2libsubid_sss.sopam_sss.sopam_sss_gss.sosssdmodulessssd_krb5_localauth_plugin.sosssd-clientCOPYINGCOPYING.LESSERsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gz/etc//etc/cifs-utils//usr/lib//usr/lib/.build-id/03//usr/lib/.build-id//usr/lib/.build-id/42//usr/lib/.build-id//usr/lib/.build-id/55//usr/lib/.build-id/7b//usr/lib/.build-id/8a//usr/lib/.build-id/b3//usr/lib/.build-id/c3//usr/lib/.build-id/ed//usr/lib/cifs-utils//usr/lib/krb5/plugins/authdata//usr/lib/krb5/plugins/libkrb5//usr/lib/security//usr/lib/sssd//usr/lib/sssd/modules//usr/share/licenses//usr/share/licenses/sssd-client//usr/share/man/es/man8//usr/share/man/man8//usr/share/man/ru/man8//usr/share/man/sv/man8//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m32 -march=x86-64 -mtune=generic -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2i686-redhat-linux-gnu directorycannot open `/builddir/build/BUILDROOT/sssd-2.9.0-4.el8.i386/etc/cifs-utils/idmap-plugin' (No such file or directory)ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=c35e7061f8e77574d4b06f3eff015b036f2050e3, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=b33df0e70a9203d806995f93bdd3fd9b20a7ad7b, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=eddb61819c990b54f4657bef50e26b7438846880, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=7b63a9b9500a6d3dc1bf8313332466d01ed7dc07, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=420ec60a455fe2f822dedfe186596afe7456cc90, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=5588547a6a5b92c1051feb876f1a3d311c31f2da, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=035a9166e2c7536221d7dd9e9cdd6490d383e361, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=8a3f5145fdefc5d49a9d0d53e930300b6563818e, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix) !.8GT  R RR RRR$R#RR"RRR(RR RR R RRRRRRR(RRR RR RRRR(PPR R RR R RRRRRR(PPR RR R RRRR(RRRRR RR R RR RRRRR(RRRR RR R RRRRRR(RR R RR R RRR RRRRRRR(utf-8c1426ca9249ed4c2f4615557472f46b32a16e90b32aa9cf2dcf835be6419f04a?7zXZ !#,] b2u jӫ`(y/+jyJ/Kܡ ~+"D!YXM2x> 0 հj~n˄84/s[?"HD [a"FCj_|y(bܰuuCFXb9&йNfz^J#9u`$C} ݦކS,Ʌ2Dbt ' S؂?ûc?W`Dڭ|OoUJ+m8q\нp'=7FGeޡ." <c[C?Y|K 0•>6¡)%adZu=ݽ% t׵B3F f+0(b/do@!S\ 4TC&9†3cAJI~skV.~H L 3 K 0X @q;3&:_ %LTP_*.9]!x`htr4~@:8W'g%z}냴|R{͊7 #F{CAE5:DzW3Bgb>j ˂~cV X-ifCKW8ehhoF^TvC-h,9%d@}atJ 9;rR%{ɸ)R7j6!F̽l6dIrI Ogx#5IVa?'d*"w*WﲫHIœFSE$(~ _NGI!:冄MOsuC6>ӛ}eDSqL|:arw|т}g-ڂ?s5dzVK

>^Amr)'tiT8*NM6^J@Q=;x}[vEjWLFR K܃7z/8bo'g]wF׺鷳Rv?YW_zkRߔ<hLU1k8IPy]/MGI4KHf;#:1ppՓO^ݹSR9˸Sa,xW/c$u2n扩2RotG΁B d^Z.ٖC|[Fa-ѯ8JӼLG vt\H-ȄM[ML;^]F4FC͚k*[Ŷ n& ܢݹk|cܙ̈́Zep_%vlVR *rWW(*et/uD3ϒ=,<3+!llFR)F3JŮ\CȡؒZ䮊նj+<@U4N7T5ˈUs*m揌ZڐH9z;JL/ݒ5R%Zԅ큨uWwDϟ\GkI>:+h⃳kU2S9unQ+.Gbknpc˲Wغ舳:85؂SSN p=d,.ڪl3P^Ǫ Y>R71Ę$P4CZڻ|uH?ʃ 0bo*DzdՌ۹)ko[ʷIK,0&cFN8UY ^^T!ܣ%K·?P!dZ^7 Pk w/!]]1m1dm+J=_19ԚG".UE>'DǤ #lJCcɌZ p3wC]CM?lY|3Q) "HZyKPTaE>?D i"gkPEgGrdFC{ɠ \]E1uԑ㩱)fg7fhyr}`]bسE3|ZQJ+x1"/P(WhktqHxs:y pm *@&uӆflt9Qyh<~`eN[ⰶdDuJ;t]_blZ~H` zX ,ʫa(XllrYkRp>à[Y_k^di$kz0Xt@CW J[h.+@ =U)Y++תXwumP#&EbG_GKCVʆy!jpޘy,sښ_L٘ Z<3whBgj7m1RS}N ,ӕU?kljc{SO #{x $B0!\>$NQo,pP&u"憚lbvY$OQm?{'\'—?c)<-I{ht#'"=Nf6WⱷQ 7X=.Ax%=IXޠ^'KJ)w?Wo-ohJ5@ >\85ql*6ÚG27sdka49!+zR}W6P^g ?+P]EhUi`'I+3@ShtAD RfHrؕs7u:!0[ea9R4,꩏9y5-v Acĸ{knMXJ^0Ͳ}}c#7&񈕢!D[1 v_h7S9 :$ַ?BϽ2t߄!kw(ɽ N<TZ~ZzsjRtD GMiD˺, _6K>DSبȥm0B{1lwv #cXrX&8O<=V5%%d+ꪵFrP8xqeHSa$aPv|5lescS6HJߝ&)H$Vhb3!$;'" (_h!+OI9~>.ȕp7Q?qS5 impO5c>2; @c@8Yh_#% n'5S.냵H Ļ[>Wm3_p#;n9*Mrꄆz)3bdT.#%!ԖrM_,!$ ]Ǥ, A~w.+YhgJI`\~4Bdžn[cwWipTviI7tډ. Կ>4,|qi,$HjnkIsК~4 2p͓W1!yL7^Ӈ:]N/x(AkVoSG͖u3< CڬFatHylN> ]4_n,zB7d 3s3(>B}Wz/6PdrL.S1 xjemg*pϷ*7/[fnnTRC19iֱٙ^e%s(!|H^6dڑK(xwmsN! eٸ& @6E@g{Nb(6beMA wZ˴-Vt1i:%&1w$ݸ ӆ}c9d6F ȻI{Nm/} q[s HK>WlWhl?1`P츼# *VM-ra8ԣhx-ĕ}dfWZQ2CK3>?nȲ@H8\kQQ' fX.F_܌/Yo^62Ejk~ CjFs0A]Sdџq-#rgR~,eN31Ľ9.&><W)4&RHCnCǴ.yq?ee2:xߖFX«eWu[̌l[V8,5%\r%$$NUwl!1\T+e$/(=pJMcf^N胹J O#d19sTV͉ R]lR5zDwV Icfg?nMAG %@jz~2J_V3D!舃HJ~P*u ='"@y+Ud9\{|]nYRaIoQ+[GۃLMpVFtz+P6Fo۶L3Zj3Ѣ^)s:`gBPs*DlMJ&nR 'fpmR{ ?2Cs'O& YC/˅U>S^8xv-P΍xr vK/iw!U)WӅG$Kb5bI( NY/27$SBEJohGʎ/ض>XKv) ,9P渂[/NmLw\ό3c[D"rSimBrOHv<8Cm>6'VvJ_D_[}l87Saoe͸SJV{w6^F0:Ų{MG_wDfPt uW;QF1Dί:~ls]tАAVaͨtt0ÂDV5UUvG(lxА &+Nwf8~ .RdQwlb*UA*8`m" MG7B}}oGe0V[4B :&D8?:wZq=hZ$$Y'wMy|д?9s@r#ĸV{ԑoÈ9j@Ji#б ;b)UgWh[k`&NP )T;1*|f''U/ 7#+1!u 1O  Ɏg R\$"^1ɺOOz{nlqO9^i*˴/]Taڱv7sdA qgqMǧ*qDy2{mHU QaWdm Iþ]G P <U>iHq +2[ 6{a\AFwػ$#vʅcIbXG9SCʀ[lǦ5NÄZD"> eC?$ٳmPWv,4\Zu(J\@ @ȾkKOG"ʇc'Zys;#s;Fךb\MMx)WFp̒<7xF{9R c]NiʹaHq&)d7iA*/N7>C<yKNgWWʹB/7;-YmٳhlG^ہ?P~=9~7|i9Z5WQ͌:C-h2|HgoiUt+%fm+雡v.~k7c6 V5 $P/7~w\$#gAQV Ejj~zib z h)uHR˧7!-s}4n=VPf1\VHUj1?"$zbpa#{3o9D>h蔪ݭk ]n ɋn6+zXy} N:pRL"1Q2Yy̺N>QahCfnY&2KsSeǺ2sB:18f]y-ݍ^BYԅlGefvq]98GqD%Lw#S nU A 6w/:?@z+=ć,I P#\m:ɟJS3iytpJ|v3^}ߤ%-Uqk^Z%Ol '|n̡W+&k3rEv0_A{;2|t<)72Mmie V2f2T2s阱a6o,N`GK*jV[H-ia}fٚ1dѣ yH )@ƭ[/fBXΛ.{=5NygiOn^(4>}L. b_;JNk3.٣dh|}oV3x ,-ZMW! va~("^{{ȕB3SwqrAU+CL|>$ZJ^N=k6pϖDbY,]wOX676 5-*/"e$( #:5fllf;gb+@s~>)fCc ~Z &{ .#spE>=G#NO9inGyc̙5(̎)~+fbSCLB$wRP9{uFB|MuF*j-++c}^ښz1?)%#48*26AGNRQSE7Eu8mG ۺ;)Cfas`nzu=䭢2l7}c,a۱ZdO q|!Qn>si ߋ(*YjF5/G3gMA|0ƻf6hL`<3}8ۭodZPpYfVN9J/T@,i4# +/d-:b<~Z=v(HZ_M.p$s:ܢrzA<۠&zvC:O!@Jn^ӈ~9+K$\U]V*Q(|cF =fzγ զS{l1p-yrє-(CK,"iPjgkVO Bh ǥ Wk yΑy~ssibk2J`Itp?jy!U Cy2*ݢ'jky={TxaNJCP.G픱m/Ti @~4`1;b `)8 ?<'^iX8gB{y:#Bm3<_yVq$/3S<)꘭x:dFA_}}^},`Xys.h}"wj DCow#ɠx6 .((ro n oNci{$=T !5B;;ev@#USZJ'C7l^A?k.A.!{tXޡVQbm賔}XݴlPK!Go HQ,N众DWJ;A}$jSR [vP8+؂qXqVfwE lb WR^fNyܭi نBR$LXIM!zci*e "ߘK@tvP[DD3YR*#;Hlל1v|~f{L<% )h&@ 7?v IaDҡ>а6 $cW`yf"Hޫ9*5_t~0ZGGx,Om/.xuEeW`c0D.[şӈD8T.QxM7BCl|[)(5Q|!xM)C*QK(̧m6BYOTP(a~@Og ^9U  hYDX 2ST4 3Km a sBEot5H"Qa^E"=ՊLgMfd7*߲rVMQdtIcjEDx!]tNl=̠1bUIfm0:Go5ػqDʊx79o~5X77.QRF^N3;5oģ^kC^7D L|qXFmB/S,7CUe}8#^7㻑%sꅗHꠈi>~=5ZZRY7˖c5W6amT_HٮNg0C/d'7eb &p̆!b:x%tv_EYr b=iI-ҏR0{VTo G8\He^/EIH88!)02Q)6ѹi<:!ѕUuv4c^mؤ,/wvWXޣn[e : 0) +pUMƪ+¿DeZZ~HfOf0lDž0k&;Q  =ҡiWD_t73wKoimm ocOB<+!H?4o%RVUmA/l,]e=N⌕_cnaY| LJ9:*ݝa!Й[i m&u hNV)I3e^^T{&Dc-qx˅:zF݈@G P863_x%CٶrC5gljP`HrVmz]AMl'n'%YfYeFC\,RdI$sVv)}V=k|c ,*ڬgȻ@~iEuTHHoTjnKC9Q9{J2 ֔㞞i:o?1_/<ne=gkQQ)돊Iో"756!P%W6q =B+NbXUnO^clxmnvL\.< bU6vAhX,P>Qp8:> N-k qy3!j=xH/vWQPJr{ e#Uwq/5,_gb3 YRޚpJiDćalQFZ$MdviN|/LuIoڟE##[rf-FkR+gXQYbu[D(3?#rVFDo?/]cMݕ4yLm {M1u|g<3(J'[f^׭a̢c#s='csxA]cC\Szg$'~ʸiIyNUպ0B5RJmsK ,0l_(yl)01ofO$F~:&׈"[u還feyc&V&˪!#jݾ" ݖ>^x<ݎahȼ P)R G6׬{49:yi h/ _/iX7|U=LW{$ZE)} Ty{I)z8M\棑۪p 'FMje8Xyaw &x4O2esm%2$~kj+ΰzDG0@Zx%ɬҔ͕͢CPȂ錾na[߂2Kqu.qtrӧ)Q @!y*!mC7Br-#ݼZtetةȃ7|Q_>DG"Y=o+2ҊL4ZU +AbU7`߱iʅ(I[ Ņ8$\(%ɻdqD^1E/~@=/Ih]s̒Ws385!TաܫTq]Axsc_2Rۘ 5iꮀHR)Kw.Դʐ`Y0oGv^yU63V .P70a3=k+*'O>JWp\n(sfG2/un%YiɥRju`?pֹc²(FpɛUT99bsC ~r~6h6aȧhZ1J'A fwyM[,iU2AxlP+!{>dPPClMĢhL.LWFJIA%Wxͫ$;SvXpp6hRsjH3Ct!nqq,y#ir?i+ bQ:?ʱ7X=yl[&iy ؖ20 xdTK꽅xqZE5LwWM  -0Kۤ#^J/q%*\Rc~,N/+W&s͞|{@!J.+0V06/`K4p*u)/>Nƒe=meAYk(@…S<9txbKE$%cMـ= ͪa5xhܗJ$ח>OM{&)<-Sc@m1W䖃c;`rJ:+hLI5!Pū`Xa嬯{ܕG`e7^_FArVM%ߴMdf%֥!'9b(tm;:4MvěX9e;O;#]y27 Yq倆`y֢aMVG9hL5'ZN١20Eܔup苋4=f x|#p @D++0Xś h8qdzY =r0Y;.Ho6U@l)(S a\Z'|aO$ε~gAW3 kRDt'a.lbXpGн" ^g.Udy'`o?U'=C9  G9y2Oh +tNĺNlԚ_ (> iCxBb3x/!0LcuKxcG$n/U;R(o ҶlsMuy=+ TPZX:.b.*S-`¡sA50M`bLpu344RFG~oo]Dwa#K {.^4~s{98 ⴜfr$}Dm֪.nh;z2TKbAL~D^k$*Z0{#ĺNQ VA=R;6Q@74nV/VىFl9m8CHI'<8cj?U`;5K+*P5?Qʟcμ f;ໆ5S9wYY?#YĦʾ$&y,b(=@< ЈD.ǟ`kcA_Yt9|P<(J&ws]4Vo?Fi|59)z~e]kNK'}U|uZ+ԺEv.{pd@U:e)mMDS9bG> f7_Woe{,GDg&/MplL2]<ǫ CLf  MHͣt;C`<7(sV5%1_~)d>(/Ǜ Q_ Qxv8߃SUD(.={We vi Q KWl#$MLMb= s XWbi'=[j钪e$b7 JsWFLAXu>6hԡx*o+P\P_ɧ9ޤ>D#ƅ'I?57q9XS ō~hC`̴&aI<T<]c()? bI.ZBF֟`Ûf!Tl=5E2=>`Z}{ "RLd+3Y37_d4\c3gknɓ*Viy_W(N `n^a}S9 {.N1cf8%ʂ-M<?r",`VFZhDN73̓Lণ7*I4 Ń{)BTmD]cu[` DЏTt6tK>'T͹Sn_ ܎BH=fA@{G8ݶJ]}Y4;ܣm1ϲ. :h恐%W7B^nu$Vᓚ 3aD ^˴ܤD) ,p3[Q*WwXT}QW͓G0xEDR8xQFp.Sp]7a'B =o#L\0w_m+C u5%IJA V€40y;;T|`㹑XKPX$CxUNtr '9D 4Qѯ h^T"@\V@b n#Kl ,sϾp)/u9U;?yܚ:sGSv>=fyT.Zz$e+׳hfJ5 ;W7);F(#@eMYf()h U>AU~zA_>tN+XSKcj@@xV ͖ׯ%$avI{KMzX/U"xܼYH'N-A0:o{rt)J#& inmz:3U ԕ:r uF)fP}4ib|Ɛ\p=ZS/N(~ Ě^`W{P%1\a lb}G%P(*WrFYk:Z8,SQ&Cڵ&ptGM5'ZNz$A`& ^b܉? FiPJ"A5)z^m9Z'.]7 6*jW "='GR;ۮ5+| -4%Yy| fvy8u1kh",(%q?_aP&9i!`yN 3C;ɬ&>pvu4f8u[T<9/ !EG Tď*J+)v[; Ndsu[~0ث5L+2Q:P3_7t3UgeqD3UZHTo!fZ;+U/[3x{v{)N@艬Gѝ\Ȟ* . [ %Q~th>+Y%vgih}grbS%L[fWt甙r62GT!ZwxcXk6˞J:A}*q(:Ljkk+ ml\"!Mlc%]a/>4YhsV"<2Q0N^`[`#us/^FǶ-DŽH~o,ڎFL-8`p[ls[icbZ'`L**Cˇ^y[{뺒F,MЌ3:^R!Xt<^[:E>,hg׀)~'g=-HRoh괏]\󯣞{bր1gf+0%U^2hY0RC s#V^#ֽhU\hY3\.yóXxy_ɿ,׊c&P~ųOO 8uؓHݳ 'Xz`]V?tN骒.'DK@"%M,d|zkIRp藕[m*=EBv!L*kd|!sHzes@AW2Ö6͛*O)^VwG² \HTDM0X^)OZ&\q` %[8VTBQUܖ&GMlg}j+ЏwD7?-".q҆yEOqLxA8~)W1Ho} a9lH(_S"5̖ YX]^\5ATPF}jU]'Z#>1C7gs"<-ո?k/<-[V?$*F6G+9%):ec~کpQ~RBrNA-s@J2fek]c~ ڎ AKYc~ВT @),ITi KH0Z w+v*W= T@Ȇ=ot+Y2%)ՉܖV/ny9pd_ÎG)c:6#ކ4? V!aA-_o`~!xK;RmӅdi6^wdKEssqHbN Er  egjPrGreHwWʤZa))wkvlIJ۵Tդd7ʉ5.kK~ "s\_sz>ٜ+PTC6ȯ@'-(:xV\It&]dܦ|u?B*Dm 7+Ic#3FҌe(pe=gtk=) x>)^ ~:}1 #c*2LDx:AOϠ]]^!=}Ի˖3 <}V*7<>z' ʥxwDs^WB+"F8u }̬#Aؐ7,0c2)yݿDDZKUk2!37iU,,ڕTm[wjgN=ys 7NmE{OKMKVòg= }Q6M D/LX#ĺ-8WΊ!)u(e#20IMlFJT ̀L|\Y餘U&WhxQk LYrdE ?~3zp;s1}.1R8a8*ɥH)Ԕޝ~ lqnf,o. YS }tؐ8|9xtqhSSӹHز͞((dǒ̘͗X1neybqEe՜X|1ϏY?_}{"m|]eP8qnI>j£ OT&$_-ĝ"^b])r$hzE!m= @K!7?Άhpq̒ɭVgJڧEڭCKΊ{2MraLX` >jKy"BVةݝ2{g:Ye}w9oo@U;MWV/9Ol,&m5:q>Uo\Y9?WJ!DfˌK66*tb ]_*עmL)fN: .b F$3O jQ2,1#j$ܢ'H d4:g'Յ t2T͔+p/EJVa݋IMPYjå5^.%C6\{YGx!WaC` w `e޵I(i}} I^ nŞy`Č?)؍'FtqD %G'{vFe61]VE1;a}t-CLc5"oA5 NnP8١aqR[:dP<|O5\oiS}4`PjW!1h.uIۀl> M@,rHcJ[}X?F_-/l)5TsLR"$fB]\z co GTNMYY3PnQ;>ge%)K}kI;6&GTr4Dѭ7?9iĞa9b?q)c7Q^adN-c:VIܡho定gR_|wKQeWL[z0t{zD}rz> 5ʣ!XhC{4c^\[a=r 17"e% f~l^>nb8cwPNI=:76% dȷU:wstu~v7 }`wx¤ 3R8 . p?[' r\ ր2KL#Kayt oa槂STn|ǥ:>H×qf"D8>>#P"n:5bLpcX?6InG@z9+K"5SIZ< [;3j4:ZoiIMr\-5GYF-Р,ܨ4XDUYT+SgH68x@t; yr:V5%`yb'BTg:M~̲nĽ1gqUoB@Y?ߦ$qH5'bѠ1M⧘3%̔\{9S TMM _{qgןȧxev)׏Z)U AWy0;TLa/Y&d ,~u9[lr%0}?؉a$P e'-i46 ۅw_P}wSu۞}D?yys? ڋv,y *Bbɷ9T(VM]V| cHM*E=*U<\0!QBk3^ʥpm&Z !̞%+0EKC`,^Ɯ*] 5FQ]0D@zAخGb 3"fPXq\A6>lHSgf~f^.AJ&WPkTAD f'-1LeoH>.{u "8pWFܒaS[85=p~۸/Dr'ύ};߽lLFeT)T7L #X 4>ŅǃZ.3ˏ +EWˉ9Q<%\?YZU)hV:){BGRqx@̬db;jk\Iס%1ʰRb8B-C yɼ2je 0f'_PFt ծ 4 & THʿ~"KJc-:G%&珻 [N`ŗtC_)و1!FD znn]Q@7,Wjݰ2S5RplL__29!7p}q6;R!ܐ^q[zOXq-awu>iBm^e"?G@DV3Egw>73-32hs߭3W]S`HKf$jJK3]~|*q`R`Ľ|"aÀס{?hXXV-aA[ug/+[,Ew՗&ҍx$Lƙ W w*s[uF ޞlm*G9nF sB[ĸ@cYy` OoPb1ۄuk9ZYIekep f QvN,gm,y%{OEx:b&G'aν (3L3CcG| =vɟڦB֒/dU/Fg Nt׏ MD1D@F(o$ZMfFOUeۓNG.(Pg^lVXGP>> P[ ƙഃOo N}P @gL|݇3 8 {"ƘQghGx?]gnGDABZR k@J.)Em Mi 1Q:֋-oFbAlN;B=1WvU$HA%`&.]LoXfsxa}S7Vj"a grtA_ *K0FQEg,N"dwSX"&yu2/.ėdJ}QOgߪB;м iESbB ,0X5Tď'#Ьe_:$WKDn! ;3N%M1،*p#jR%Ou 0ƙG$ *k¶K`3'J> xtHLRz Jr^ -fUB~Q}r:Vj_=9hL"hӰ3`P%gqk*"Y)zk~ըOMj51k<N2 "\ea.o+*I7iF eo>}p0 m>,[8?xTxt'=Y4 #``RH64ZctlBZ _O,HZTr ɮ#aʺm(E}g]ܚ~;Xq/«znSxMg;dM%sQ|Z?I։ Γt ?eA`g22j%|֚mXD͙:fl/^:F8ClFY5uFKN({| MRoQ0lEgaD<ˍU﷭G?Cr6 r.9n#S`z"wXY3y#s*_(g4(p_X✖ԪE[r`I lat.MVwӋϊpk $"F5ʹ9Nx6^!@y(+oRq|'iE5fQWU57\Rn3|~ŜN5?c/Y3j *~q6f~'T] Q-Q3DAPbAG5Ǘm]Ƨ E l.oӦpNlyqB!s/i  15n9^iCr3".ִ1 d9֫'Ato!{g.% ܮgUVZSJ?Gʕ7o?.[#%s݌Al0%zKsӯË(pfgbNcD+3Y\HP6GȝDm-$4F\0'$gr%a,_[F4OR\9DH#ЎAgJB*%e)R л\NVe5=DYzL *lEq(b6M*?86T38L%e!"JsBaZ TY.QS&D Tb h}2kێMlw8`}"O RQQ ]Ǥ 43w5lxG yմ=8{9H}f,$&_$EKm3d\VeW䣊p"Ѥ]d/OX)҇+Եu<'J!7: wg&rYگJ֝ r(QSG|J<7=IzW>tǽm)s}'+ @a"ֺspځ#p).TRiYEXw d@&_\aho;ˮ%WfE- Peq.A-wgO~IF9 [Z< 'O(LA d$zm"FKL$Oɇck8WtI- :Se˺I R">lPM~zތ5L,cP O'kh"9MNOt6%F>1b%b|LNQqU1G醑ri -R86'FLCۃ|ޡ$9^<~W>^t$0:clύCU=z!vL}mƤ$MTo`5WB'?#(~HР ?!(%\jH #՗d#XMl%)ʓ7i[2r;hs95Q$Q;ic,y+.EǠ۹[[-f;+5 u$}@?c0+<煄d3yM[x%g tkDn^&&B nvёUV[^.=H@Ɉ pN,01l>$1î玘E1@6MS'==mMZ-T&%gg堑Ҧ$D޽,Y;ڴs˶ 9u_[i+g ;#͐ˀфEmD !lp\F݇-iqJ#l^V%lk-1ƫFHNL6ٺiؚTs/̞I]ԽVVz10:=+:-PɋddzWRduUCKK. e 2v#-18?ue89GG">4;J9mWWr|*PmvKYGm-q~f:<K|5๰Mx \yiH$ eюX"mk'0 ۦ;ցȊт3I D rgg%`p'dxU2j,77{7 㭭BU m.ܐxZ|8Ry_o[v:&{8;>e;3ub)D@׽Sv\GMRjvΙ?רR@CM#w=7>QA K%tʸydhP0Xmzv6aaQkɻ3J79f,8N'7 oUBRx@ c@443>7>~uNS/_C}kQNsp00^b63zϻKŐu?m3ϧO JYz08o;}Yeژ,K/N X f|{% 23C*}Xnzj( 1=VwfJ٬J,/k|7%QI|#_;k&UItSaM^I*!+ DZ(yq1[z]W5#_/NЇ0}ؐ@<*DžS*u v`< SS&Zrt)om \_"@٠7f5>-1AjmXmLD aItSsIa]i'c- ZokAGg& +s|2MY 6'O#섉__L=!@uVdpl@4.'G㬎55 ( ILIf5h߫>ފn&ʩsvc͇8lc{Msp |8QǷET#PgD-A_&U?iGTXgFa.Z/![YUL&,yWmy3hoqӼ&.ĮS> PEb2e[nS'R!ķ;;100p)⭙2U qwP.%/+#~ƶ~x}7aA[5\8TY0mY0[EgE 0 vkQ9|ǐP%;bО"x}}AHk%$fO|ftX[\ZԒw1ili= Ե` ^znt{,p^}Y. ~7:|N7;9bR # v%TF<8 ibѵ@9Wq _tsyJ"qݏiJh_:goFEsv: :{:+&A@6F_ 2BDW320}ज़%ѯki}KЗ"iKFk%7Z麡R0Xr(%NV`61 _~Uf0회#,,Eu˗\zg,~T%NljPQL],F'by3vƐ.]P;ԷWc[oBV#t[w#*\!6axz`[}]o.x }EY.S&\_`b``q_ΙՆUdD ;ٰ}GHi~Y(YH 7Hy 9&&]ręk)~C7 'QsBv鑈FI`Y *SVLs:-sj0h :̓bsNqe@jMR7tl\0KGȘ{ukR+KE."Y.H V̢-r+Ttϱy`@hR#-e-H8BKݼ1C0zHH2u1W< \Q㑥2#CEȉC*[HyC@0Ltu! c%d> W4/xo{7RѰyUDG5mQkDV2eTQikoաah92q\[B @s%+"&]nLPi"ng"/̆z:V">|XmTǔ 0ݚZyMH pdjs,ܺSRhUv7ɸXd-(R}Ր0(g8!ebtiQf2,GL ?͏f0C̲rܰu5PK]}o7I:e[7n+Hr5`tq~n|0lW'It[nbI ll╪6/rijy'TL%51\}pO>93ڷW0-οhuVVʾsu`bOr'dcFayNF 8bEå г<ͦӖ7+%q0@`nPykx8O~ Vh <=-puD' cx۽\g=]=Rp4P YrOcdH(cql@&|Z"OOlGF`֏m'26_4f1c#iQE߮})qQ|9yE O{]jm萀_ϫ9 GU&]&DQ7>a]5ݖ~҆|$[ VDΪͯL'2EQ4IнF5Tkc` []9`zìLΜwǂE ";TnRE"jRإFG\WfA@\/l@3xݝ((wxH؀ Z#pX):؝̫ho8)]›Xi(Y /'N 4vC[uā 4uWg/giDҒ߮z@Y- N&#vSO#(yąG7-`IXl纆~<3+XDLdy]7KyDWv :zULFᛸT(69yw,/`l+C7EuO>a(L.uŎy PqqpqҰjuX0#W(_Suw:Ba'hPk?{ 3>r<(]x훃Ym>JjFY”^15sRP85UˌvL( +D8.j=F0mOV25R]/ @Զ>5'2㗃]34$Hˊ@,#Dq;~EM{y6 &Ainsl8RF" ݀(䉧t+ 8 ]j (}R5?c&7oMDgl+jBE>|b7BFiG%le'`lVB,d,:[a 4F- :OW7##!.nk!tO=5U,AWK 犵bۥL>d&/>IajR0؟3U0@!l'+h;-xisC.92MЅ][ВLe#/U似 iC)a} ӱlQjR`pQHrM"Dղ$XzT (EpoNh(@w bj>%i]˕x,l"WbB>]FK(3fXdHo|Q}/c Ɨ8#/Z6.Q^Yr=sI]<@8P@ٍm^ϺGƇvuԲVTO)YG X=q:pc@$bI CIN'2¸1$JǃR%OAZ֢zRQ-!3RhnjvfIj΀.Ož$[.ŰGa"JguAxH"zx$墳:OKV-bj'x@r jGMU˞#5xŝa|ؐg ؜ce .I\2t+$lX`3̎>Qܧ Fd˪vt+@8 .T RO4 WƎ}+M|8 nNfJő.G3-yމYuCY=Hy3bCQla8Ϣ;kiWQ[ q) C `O÷TRZaV6Ӵ{" >{ m` T|@MGjZut"I)u;>H{ĀT+{Wv`ÖAsNHj, A`Z) >F\4 oo d ¬DZ_di΄,ì&4@h7"3YeZB-=f2 ZBRg[d~cijL-Yo 9"RM܀w 9 j0:HDq㌹v7BO[NiL70O+e6^D¶'rBwT&{v ]QygNwF4tB;=O&7(_-<5pSed.+|L):>M2tL~ k<66 XER`4gEK)ŗ/`?nk2ES,A,3TjffⰃKC~[tOi37ec?d^H33 |g;%6d1Ҟ>Bl ^.G1]yۥ6 ;DnmI*︓P>qX$ #eY{R 8}]0T(WwݏBZcwx\VEMٰ &b'q p&$JOl(ޕ'Gc͈xDU]7Wr?RP\J㦥Z)'yk3.؅;Z fST98!3,x/jT9OMLNWl|3-JRQ%V{/,]ݙ)%4=`{75ܠ[` r H+=`x@$>)o ( Lyrj׮Eɲ }0SIeeH< '+9I?ޯB9 %7uIS7ԡ 3ZBX}ea-[^RNr?vq W:P!kd܌4CBMa,#*t;H^-Hp>Q3)Nb;rF\xX>zȲ$% ƩͨaZ.,c_͉BqX^&?2ɽ`Bt9^IDyQ6 , MhIֱq*Q7נȢtէY D발XZ|>)R7tXyCL$5+ lh/jm߰dٍ2 -',|-ucd9W_"ߟBhe/KJ㳴wd.c oZna"ձJ^ Ij䙝8:qj<-0['*L 1WK pTd!öԟ [>.ǎͪRf"}G0^N΍NZFųHN:u0CeqiTPxh;{Vd+[fLmyg֞2tik[[*m;:.]8uqj)'"enKܸXL+ʁf`9kȡk*bFu]xx`YiI?{v@ %]EG^\AA)l!C/qhskJ >[)om>|m1' vavţw&\_uPœji<ƎZ.?2 G>+74L,'\>oxl/]i\AE.~Ylȵ  T~^g(dw&: v6'\aJZokɍgT;x"EOc6N OP8bQ$ȜkmPA4E2$mpS;ZJDK=4 ۙ bD>iHQ\wuv;ZkKyK FhULjUD1h8G06;Ӈrd~˹)e\EL/uSRDU6GT+0 PO6sIyCY3o̗i~w,<y|mDޑުq5wR[#QOXh9)USB ̆l).5[zۨ~iEБFM@M?`ih^`tb:J?8() O%Dv8j FX]?~秢f/jHpjXv, P4X *󙰡ax לY0_ʹN:B݀374.WF05ЇV\35B${4wߒEܲ=OҀwP\e_U{H}2{"WкvZqԵbiԍ$~1OV5ٲ[X,0G~|C{e\SD]$ MH$Ū1 R&ٱTwM 8v0vihش,vo H; \E SW*uc|K XN](PQeYTL fQZwpT$r#;xH|po E {мKѼ|gߊd>ĵ^NR> Rbg%R &s܅ 3a6hiK}|/g~TM{޾ӝ#}8=k@* /&l"Enm/-_6pB.S{.^RkUaeTnuXY'&XL! !4횷Q[+ 6b&Ǯũ "8`"JXaһᄉHqfŚؕCq`Y/>n2mBY-#8jQAI-Lj eb"v \=Ec5 Ǿ%M_0A"uDn? M^|UnpV9rKiJ?M D=u[>$dklc2/$|g_#b~IG*R)C( ֧l_qgc㕼vV\*-\vt-gvÀ-[BX ±˱@9yYS\]ՙS@{X%i0`%cQrO,M6X%l/\3SɀjW'#Is =ޣSZN G+5H†aDgDzpS n֫ ~>a!B~gD_} !o 3$1}z`RX2ˠDϮCco? 1(T06dnAM? 3>oC9@zf,0'{1GԬ\fl5 Ӫq3k F>͚T;FsZJ!\y/9UNa:KU# + i¼**%eq uNE#`1KNXTVĈQ)-x띚I90A9EtkL cN? OGx4oX;>:CBMuJ#jxjv4˕: @FJ5Šҥ*%]0y2Γ">Ifz#I^h  NRHԦ%IK`%Œ:@Os^Ŭ$h Z'3U>&ʼPlz~I$>7 <84xVi4weaԅv8L zPNlswP Vh Ė[v (M/i/P ?]UshOuz/z跉ϿSTh.Zi_; kJ9›u}i{1<6En!kWK'@/aR!l*H) ͻn ' W $Ӑ:}\8 gUn2O(7f=CAame hWN(ͭ|EE*‡[DxwGbؒM'RP9)8\2_| @q>%/xJ.g HHi$, T HUs1ȯ)63 <Ϡ_f8;5.0l7€5֝ IUg }4l8I+]R+.ŠrPJ#yl-_;i"!CvhI/;WR&jnfn#_ 1N߾J]M#2;Jgw%OqXL|\]_ e: &o~qixk Ii4_IZ&?ѸvVaLm mW/LB˜U_4ޗT\{όq,ng8Lqv2MSc=ZB OEBr8'ֽ"a|^y}lS}(9%@quOks⅑V$f-0M"r#yFH(=JFZ0]ˋ @ԩa~fH}uPH0Yxn͌# ]N 0-4Ś\k">/ U)a!?ckDy7 X.MnS c}Hˑ~I) {VɰK:nsM3/*~l o}I8ϒftcW/zG)6S`ccw˷R6rm7c+ cxTVKSCVtN, k_r+%[[bn-%2`U yi-I#K_Ѫ5>|dw=/^*S>Ep~EYMӵVN=/ 3mC7%%P2[hJl9U=5aɴN@:=:TXV~/̝Ѓ>.,/]f*suAxJ%y{78NHMPzŹ h74= /ᳺ|3/.2XFO㗓fti" ,_uܫ@GrƵpޛ^}2G ڕ_j)}H]6ĄE%ߵ,YPQD714ܟQ$y<YѓC)~^xʄՈH>d+(m{2c"?:%%I G=X[Ez樢1(|B-QӓR=${T+(Rs)3Dp(Ywv9`x#@#O\~bB9B%OQhO*C G_XoTw;4c4R)*NuW7;ߣFeҌp Sv]ճ5Oȑ<ۍZ'XV"80v yiqͿd%|K|ʞw9>=SsƅʹsA{8%-{BDo-&&緵iowd'DE*[p]$i2J Ԏ LKUAׂ$V:Ŗ[U'LN6P;"0ܢ3uWh!t׼lj}2lVN-~h_ISp'cmIi75YM͆j_r+'yZ #Je RY1nAT&q;{ћYym#n1`Х<"MA."YQi&FvfWѺI$abq 螙?JՇ:oNsfZ/};EKP/j9 }4^z@AG z!.=SNٛQp y!^28S"%[pE4V~I~*"ɮnqGxQ\z/SoX 2$C1"L8콆l,<5E>Fu(1w̌ZS"9)hE:A`@<o948?dԀDjєEnm6rUce1C:4PQH&7/vJtF)M)o) q%VGZ0-dYTxJ?xBZͬ'Yl#UR!0"ex+lLΪu&030RP+OŨ0NL1tԒZ}:ғFD~>)k(?5ha#)U*<+M̑Ă< VoF/CҙiP~h;˙U1EmwEP?wGhr2l(3 L9TƱoX>b<,2+>:xL C>#M}KTlXv_Y{WR6$?ɟ~k|y6 Ot|el{udqE[O=27ƙ5XW@N¦Z &{][VȂ.vȐ$ Q݀=n%Fx&+=MFbxEvn{Fg3K" ?crdFB Rj:3q5"<GJM% F~vąۺӹ6ͮnk]EZMŸY,M *c80dzټX =mlͿLGfEt`Їm5mz\9"HH+-(ƱQU5_/x_C;-dEDQW:krѕ'4+KmHJl (-pAϿ6ǒUo(!@a+\nGމd7\@ Kh* HYսO׶6bB%;穦,0r1'TА} N0F"͙ґI)x%F ]fos(\rt*sU%,x6OTj3Cr|<Hu~#R5Ph[*ݟ nhcN/pz}j~PakV69"fzI?@]gM7'&9+? g[j"C8|wS͂9'r z*ѹdnzNW+AT@kyܸv׻  Bo!w f]=|+QZXUH`+Vz wر&TE\)S%dLN]|ӝ8?iTC3kᒞ/)XFoe5g8W>jC] B/ٯq9O|ԝ?̴2Z# 3ivM*ّͺH75kR8iH6Qx&'5h:}*4Œk߿]m.@^"'}*9jaC(ݯJd `W/>]i 0Q-Dg|AokEXewa.RNIP}[#:n]Ǐy3"#6ݚsI!!ߺW^oNֲCBvCbA2~4|fp8sҬɎFرL䎊ȹmس.<%{e ?٤w3nLZ{Yk{2 d̡Y4ɛiv@5,C OZ֨eO /7ji`Hhl[t40PNjXz [$ %Fʥ$Eݎ>Rs7le&Q.Qܺ;Q~oLn%aNX&rlNĘ웼jJ >h Dl&(t6%in,+pjVbf'~MtCnds| /VZJљO\>7b]Ӹl&qszU>mEopyW'JZ/鍆R1-gx!Th8,BH!񭬥j3O$`U"#F$8L*XG"r}$=$B:Iٿg?7kjs?ms, `l$Bޓa׫Nы]ܛ)%Bդߨ@@Y#f/h!0ܲ9*lFS4M O6/m~{qugCE7U2Qk,agP$iީ؍'r8:$x!jAM7xAv9Z P5)r]Zz<&zexhjπYMtAYHyBb +zSs{g`BAcU+ 9I 2Fʊ0@GG #&[IT'ծ-{RZ\=QR'SQTD \e ru"xTk^}?<> Sd!^tn$鍉J}WwD(/=im$YTux2'][v #V ?myŋ; լ\>5%B!” )'7RF~:[eqΦ6cIx|L@кeJsmM[̶ge,G1 yҁqYC%Ճ3о19 wc[V4^^)ҟ@$+.Y@Ғqg8ܒ tcծ X Hc<*pڣ,& f b,Mauf5R##.h;]8drn E[N@)9 1v jQ~Gautg/07D ]TBӘ^Ir"pҜֆoa %AjA"ú_"aF]`\";#teB~Xwգ{͛P1d STABaMs Osr;+xNﰷ6myjc^x$/nI(\nF߭=e3/5A9tZey h&V)ΠҷOgяa @̿'w>@֧OtX XaCe[I |(Em5A>KCr{\)؇ٯvOeo~DVW(_-oE :PҽߑG^ *JfL.Tj+ ?Cz/{S1x'y8e`>ؠTϢZua `ؔpҝԃM GG}Zmt0B I<#ݺ=2 exѫ+.5ʈukZGh5Oz W));xFtq2)u S:=`bULt}H2cDh]}s:F%0V WX ϥY2Pz] |%.Glَq9U};|qYiTY ۜ_|N"H"Vz=ϋF^|-$~FAɀz@3"ɯvg\_SL.94(^bgu?lsK7;+ Tp)Ť .=J 40ʅxR0ȇyʰ.02:(ƥ-E1>H iFy@t䖽4`w#e̥m_2zIXhyT:߈qv?jP[>f.\ 2U 9YTmD  :>GNJ=L wۜvkUo8~YM]< M32V3/KҷU=+QGN 6X&q[Xh2@(J4Ə  dݔ PkOCevsO현lk-Fj>|^ `r L<`RfSա.SXgH86c|c7;E'Sѭ狛bLV*{JR8ܛME9#֝lM$3͵%X`KHQ_dg-jJӝK̬SeyfF-VV+ IO5aH #JJsQ$G] j!2R~A)0,MeqQ9u;D-xb0k.oN 9* ʟl%>Yr29 ~ 1"ݽJ[-`?2NJ񃧲6ѦԱ wǕxA_J'vf2 G3w8 +yuږZtMm5VK6:23t94JNN< ,N[1!&!LbOQ  iv Q(UV%e=W370{Sš.3O93p9U"N5;w~YiyؤOU={yos o߇;Z'b>q܉DC)b0G [WB4Ɇea.틐T9 ÒưAebuJ!+ϓ3mg꧂WBqY@LL}:Y4c:R@bįz}8z؉B$L^A=!Nje";a#2ي2znxĢO#OzUB&ILk7/az^l@QRO:4<ӈmOb5Podm՝3CmҊ"ElvV /̽:HH¹ݱ>bO'i)w-*Mشw{NeMsCF%LŮ~## '-8RA -ԁ!~B8 ܾY RzC?.l`6 82{uOpF3{zI|虰Ư^w峵Z9 o̫G~Hr4AIa߱m|G#h i3a4o!?&N_VƳ*DZWLaeιfv-KTHGE9E!D yA`"g(@YDJV!(r=Ԭ CFбtwxkM$?`}ݺsmE F[<8U˞t$w)0FF) T-zL="t{%];\$"f4`Yt0`fP,H}r&r`K5Rʜk#.>FgV!H|]nb$9TrQW){+OnEk|zR֟͡ao:,a3_6 ,+P¼'{ܰ6MM_E\h<[Vܝ~251&R h1su <^mt4Vg*j^o6L~tEVajomZ6HMekFq$-VpYi Xk\yg_|BN9h/٨[5ec,TDG T:l(毂@'>p IFЃz1oG]} Yȏ γ PriWQ bb_e"S}!q2nS"Yy1`W(-bף*$АJiț Pߞ< I/TN;b=S>;J+s$qEr,g:j-:'*v0?3Qݗy kFAzriim-\BZdVTg>T_Ʒ7XTb //ٺx|X q9nr2pr;v n@HOs3;؍KXp[@],@|J<_R2!5HäYޜkfy-݃*j5Ihr̞KM"g|&DM:=+Z\*8BlˀU2oiO}ݙCOLqߗ. {oAɒkICA΂yPY^QTCRX5Z3D-.!jsإF/EĪ36Xd(`pr;H}]Q(y(s|[Xlڙ~Q-JR<3Bpt&]pЖґvg,6#)-7 0hVjZl [ A"i/o :0%DB%Rg(ŝmv2司T`{g1{L%h,񦳖>p)$ڛ+ts["06PBq@Ծ\`OMr[]$2@Lxz1`g[6,'vISJ`86rl&v"&nGR0=%xH졏̂kتf~OꚲalJY<l*׫. -7ʜLh%8iK{ɬ4NQ PO*ޅ4CZ~sHmGby2L"i <ɝ \0~WYc;]SFs)38^ir'6HNv%1(`^NB$gC8/{0&\$R6.,W=$hQ{Mz`gR]Y~0O^YyX]pA\VhvKTyeCq8gf?Ac9 f"׊OY&UqכQZV}?вxȄ3۶v\=qyb$͔5$w9[;)- 5Bώ{M!T:q$>[Vy l?zݷэî.ȕ$z6 W!q%SVI,o,Tq'pEouG18}X F\j&՞R ӥv2+琮|#*xWXEWtWa/E ȏRLoI /t\Yb/V?5bRQ"-|EDV2|ɸ"y()cgO:+يF+7|d& z^jԿ⮜!tG9Yp'B#=*:K?}f1vXi%j(pgF((L0Uv-ay*?SI ;_szfT-w h Xqبu=SDr&@*ÏBdyo ='R`,?Q,?"k!ú6$$rhM58;pIQ$ m04~>wN1OΰkUU0g Me U.rdhYAkqY~q@$M"zԯAЪSP9cvG%=,bkPB9g728 GS4V >|A5ec kd|a/N5>#MC709H#Yǫ!e3 ԯx5f~_>鑝=%;.'ސSmcw܈'di ;U JpƓQMY{N$ Vh:5g$0M|0 <إE$,jä E`N^tыgR!>)H#(spNPJ5]s%>f<$<գcAw4?Xy5Iv3Jp'Aq}WOTv# it7<)rmnjhsD ?a zűL)" W['4΍ˮ+Cȵ6ʍ=񎔢5J-&JcK I&H'jq+}ca4||M3LQ0G,>z&sP`l%XlZzeaLaW.=7'y+zɷ˵bFOg4o+ŠyKZ{g/s!NKjOwXB 1*ħbvrTHY{Rl@o1gMwPeIÖwc(cs|'d& J!a)jsrƷ2]@85xF[GbX+zpNjm<5?F=Pe?{ y z'ɓVlb Ylg{-+"v'ZkSܣ= 2a}h(M-cOywh!,R֟f'q V[(g]eCƬ?~&~E1H#1{cӘR8(JF &jl > Bn[' {1B"xKtU>ԗFKsK ~x[u,H]ղ-SwԪymR!wD-(z caw%`ċ%.2wD'͋#nfYm(/e7#$&c6e0R5yv'?[3 çqώbLFaA0Y 2JуI^ZO8jEzLH[4m盯8ZOphfIj2W%)^i/8 $pl|IJԺAN)+z1m&6>OCN&F6$hf_]]7 mAd ~"Ԃֹ|e&!Cx%*9'W"5 c !fC~wTVgIiI$q (AM|aO]1=*ŔHg~7Hf"2H{V}m=2ɟf͸ c>֓CNN$3bbS!~x4,[yC\j|{G%vns`sڤ~ Ȱ-}72m 8c:( ZgHxQ~ɔ豀r0ǹGN{ƶI(=Q ?}JK2 s>DT\.CE]Л"1I{)9?Z:Iq@jeΟR@&|\ve| fu4 Qz!'ovٯL@DLT7}1X⾋tʱ]Ia'/VgLPÑV"Q1 Z90"OAW~l.-˰#Ll=B}-t YcEUm{]?MOd>ќӎsA^%!>*ew5EUF;BpN;,2Oc' ]Y\".hzm6& {x{ss\{wv`t %6:''TXZY 1 ̨X %oIK=|{='ʼnrI g$ oQWk XWWv8ܻ&\}!Q[P@DB#6"y1zKPGlb(02٨kiׂH{Gb[R]0SBl*gTMi3qw dőLAVۊTMꊫ‚ދ1OWh( TWM%+Cͤ-$+ KaNHֺHnCp-϶T%'i>+]UQk׸iq&[`'Yls˞N {C< ΃m ݘ2U*(+y|*q6e ~QĠSkQj{2RJͨ<$4$VdX:_@Q 7zŰ!UD8hc;׼ZcxT`Ut6Q@ GZ#:2W5j&Z5!}0Yť6[yHޟr1d⫖W 9IxFBILdEp `(%^i& }b+sJpA*-^-rCi| aIXeѳFڒ2 7 y+݄3Kʰ Nx~ hM1dDc'M6ƺkwQIzM[%/􊨒t'S)Q&~9Hڳvy7 XD( 8SCj!d`v=EӇd- ^!y@ic3mˤe)H)ǡSط-׆Z"\W:uijH#ߣ^>i~ߕܨvP{r* ^:\2=hISb!dW:Wi1`{ŷx+%gƒh=?a;@gҁ]Yk8W~ZBeW +mY: \Xc#Jۮa*ZI wQYQ%J(cX_.ȌblWש=;sRMR~Ϋ_9_3 G !%yan 1<\\ZAƜy9q%8Y8&LAʒ4MdAȑY:BJcC*1Wҍ$9 h6zb1}ԩ,F8rP;R:)7iq6zH0VJsSp4BV1% {N g1}0) "OX񛿦\5sdvS)ċ2PӀJBF&p9t` R 'ƈ~6hXX "\pJP97;Rkx`kM??ibXd!Vjvh:1cwD:8ۗn W>V7iTg! K x~LFč{4J0eB_)BҺAxRX^'fev;lް*_25Z$ G-eS,l2lIBߺn'+;f- N΅dɂaW;dP*1&\;:p\o+C\Eds2nqf.Jn'RjiO!R™:0M.嵅!P2GqQroUvc'z} ;=as$u*[pàB<qϊ~clֹsȂ B$i/ UlNM:ǨgƉͷ(N*Tycvi+V=Vq;Mka\ͫLZć< ^F po q@4yA4/-䆦R*,` #x4{H?Ǡej\ 4.k:Oys*+ "_+Rr121 Gz M&Q1Z޷ ӓoSC\EUe TvL;G61z Ì';5>ϖ ,HM]$.ȷOYwJHQה|gOAYlS)?QcOXoIb݉tj*wmƽzݯ(x3 nyK@(Fn P24pU4FWZ~R.OMry X'wP4k\CErraֹ@!.oZ|mYf. ?5-PǴ*OX[cnvyycW)>gvft7\mcfsQ=8,bE|ȃspufDzI?'o5OWmk*mm^g]>K"4FrmrF {`R,nO9t;#%x_Hn7^lKc 2*GZ_2.J>}B >Qg7)'‡V1k\t7̑_ mj82ǰ|X`j*$ǠZ@ߥ@=ӕ^: *?ot_ÐP3>j$bw#ÂV# Ҟiʠu GP rF.NqfovIֆrL*-`MHwB2KeFV1 1$> {,GAt{33 .GLIn]OȦEI&>2gO|@,<.I"ݓ< }[0.| 3[W 6 $~My}vRᰆ\]&\}>>Jf 1O L8Mٝr46уXP#h# KByb ]|蕮2.]@Mq] _9Pd36.9=T|UcЌ9X1N #{/ywUF%j6K/}35|fv*K)氰5sz`@v) 3<Ȋ=+ժ?<;߬mOL|:~w<6ucXOWD3ylEO8:c?đ :w0l+!³iyobP]~wП݂$/h =@5 [ߜ#O`6A^+稳mu}Dv' H[l \aȬ^aL:$X:F0~O'E=5aqԌsovdx]ӲĈ+ TE ɩa1FH$~:z .q"1~PK?D9Y[J߉B ,=dRg E4"6xCLh~];9 81MKK 3(ҹ./k;$&ta39R+Bwԃc8GnejT04,y60>d.ͭ~AKzۊזw 5 b.80b"hغ\&M.M, HxQU#!]^qnd#zs{ɓif5r,6豪W˺z/l zZnPL򜷡IvZ=lHKi-qt@ʗxȬ2ʥ㪆ȼfVĖ@`~fz\z+ C+RDx'3DjmP,ZHRiܺ 7aꒈ~ Nij["[G1]2GOv3(yH$ 6 -WY-ɡ"79Mc@߄ÒsJeu5r$FC^×ʵxϾ@$`0#O۪vJ R1^n TK#ns.Y[[ 0*5 #*|C*О&Rmc6Vxʞ/}N#DKkM tg AiBe'ZjEJFI_ 2n< &i=l&ʸr^u1kɼYy) ok:г>P.%6iR3]+v=EaDσ]NkSe~e+tT*`Ԩ4\%LJq]L]ܘI*iLnQ@dCF*z(Z9 BQ" |lDL߾X1mdS7@A9/v \-:f,`Qح3dme|1+KxV0YD!XC #Cyc>8BW l 8l%B$HYI e%qX3-R߱?>/A:cH< ю46Ю+#? FXLSlwr_Bf!"JETdoEPg?7TLGm#w[jdoӀccmchɵخb&^1L讏79jZCFK*Awtc_ʌڍWD'Oʇwd'f jehl=ab/kƒU|{?ɣ>4ix7Edыe餀FAZ@@eJ,-;f".Ȟt?嚐hXVCx\*_bCTq*Uڗ" L,^7ƭ'iWH4 ÅVt3Xgx7,==cha )G0tkQ-'ӮE%i0;Zry!dd9+5,WL'خFKQ; '-mVQ\$9~0@ͧCߔ};5=zbН?5&rqͫ,!Fj.?>#8ZBN8UEnfN۩FeI ,]Kʡ{ faD¼Ы@压A%+>dV74Šg]1wa[VV &jNz$P3rm&̫zSld[lҥ&SYC^мh/[GIrExRuÛN^̉oaWYcZΰȟ'ڔ^Ź 6Ņ[@Nrjd7)xauMq[\X0(/ V09; XͿB7.ef$}`E\C̯ǦcB:ЦN@w߃8<}s޽w/3{gz"kHN-f<ʻFmφQAgۑ`NiWupbeec} 1U]+5C^5=B^{x?1 /R{0+zuzJf(~`o"E`e=J!k0F|yx?|]ݿ 81™4/Vrqo먁=eAG $+;N [a.Gug)3}3.NhC`41:D^ptqʁaX܁Ճߏ_< 0ɝBd9=j(>:`ànm\hc)2%Rk:,hޏh'.?TTy"r5[yl ʁ{OoہZq$Σ0#$o &Dq]48ZjS2a `}x1oĩDx (!V̫9!"%jZ ǟ*  EiїO ؅ ;f|HS[-rOqs0)a7!UGoKjNaʠcyvۿ"h w1Ϛ*oowsez5\8*۫tG/,a/_g-E*R/kRW牲8e:Aw|mKaǁяggSOܕGN e<|$x *DLlд f$@dT!LX؁툣拭Nƣp5@14Fu5xuBj1sI!ih,mOd 3 imA{^h痝'7NZ/ yD+ל:Is57Ȋ bA JH(eC݉[JP^g;KzzG xz:'^u7hhPPWLY3}W` " }0|I0ox2x'~vmuvVe}.h_ &6_F:f‹o%X?,o%JyA8`؛ܪIqnIm= dPqYٽюc- `pd%ak/ΠHۅ# "vG([ΖktT&p'PL0~fN<1йgC1ssxyh8D6V0b A,Ec/tQnhmtҍZXJcy_҉oÐU[kj.i|)ܹq1uVi"WwBAϲr0Ւ[錚kb,XѷA"v}?mRn3(E4\즊?gm:մ!nv)}s9܃y1b5U7]7hS0<ה\[4?QIēEizs=P0XϑYj8q\՞xS>*A,vcCT?`]{AYqn2_V򟶥UѢOP?'G@ \V/Wf7j*&_;w/$pe Xo%"c3H.Om8o0SlgF1PЛd-J*[ vKC 'DE ==ioN2X  mN5D-pl\p=%9g!X [qٴʲEɀ8k.d]xȤGmƀ(BrqJqD7L'&fiNA7լ~YGZaW!YA@=ƙ+o'9hV|#߄l7Qׇ]:^ٺ KcE םp@#d|o`yxG$ꪗ- 4 ĩ'Υ`(\аpןKexY5N+P}=Uu njsj><* !Km[Qf੓>cb\)&KTbZ-}hC:m2 n3Z'~bj}|kbW`wxhU|u4Eway$A1@ހ M{y~$ bȦebM}9ΖTZEVVc*')1l@J]]--j%.mk2TgSLjQ6yíE러j(8B*| HjRCX,XRΎ~b"<**2}ڸ <⡷ /GokehC "ijeCYCQu,~?;S0<3TNErBXǶhӭ51F.w]?X3zuC'$=>9 xI; ^X_:Y{`[hg<snL/ JTіlJCK$xS\+jKG1.oPqTSnݐ|&A^coHWh{4 bMXhNjˈ\(,Dg= 03|"6b)t;,eWAi{T @ _F:|W |kߪAgHB"!z[T\k=%\P6}E|AKW𰔪Gȶ4$ʠ m)<5OAD2[? d4/[v;9ػ: Nd*AY 1'z+^! س>[xs-4^nƘٜI ҼF_Ffk 0LrUN뭣L[Wi+-s{,WUǐOeWQ6BC"|n"KvEVx#_ Zv-^c/x] X EJt}VKe_EO *^cyu 5`xq Yd%.+mYEզYmI:D7!w*5WڐiE;OŚ+g{Kv_KTO5%x5oh  Qcʡ5S5@`D+P|9V;꤈51,)tWؗȂFLg=vcYY<ȸ"s<iRou3j~g=k@C^4ΒqJEV|;FΨ%WN_Vdn>NrK\gR Yw6v5vJR!4pҪ#6-ZH,|\|ilg?T^/eDEp?#wν;gYq/0*[)u C|D@cI녦k*L b0x;*lk2%X5-?F";HwI&m(u]s}:a8${.T椮&H_8TŰ.@=]jnN9 [$DI㹰Mv+arqb1 3얕 7t1V+uI0PJQ,1;KR'+~ާOXӐuU0%SVr;@;B &Wf ; sď{Bafֈ=VaGXݽO=> t4sd1l}GZ-z^7I-E?J?0y}m3W%ZDiL/¾qbl՛Lj@U.|j8ԡy&*2:[*~=Դ^D%A%.~kxw*h{o=W.O/^^yNǣEK#3V&ɒ!LݹEn[[lsfn<+dðPSR†jbjgk޽"*0Q"4lLdMF~%KoqU|$%9Ǘr"G"\;=AmS5*'4pV1حLd붅V< ziʳPe8@s8`%k<U3P+*+kxަh?a=gCPnOa \7w9B oN@7IY} S.ON쉂c8ف}SVmuTS"0;Aj6|!,JuqP@䈬ϯ~pgYpiiퟺԞ_._&DЏ"+'@{5PmZ tmOw)ۄ^*\r =g0U *>(۫) BQ,tz)=a' J7)ՄY旅Og[b`d"$p@l~m k*n/+ishǣ؁'\UQpya^ټy`|^_t=~!Ŵ6k\ɾL3H:0KhiˋyGdAGl~'dįAT284,%+Fo{rB JMnpbZ{ kͪNPBW7[ LjkaY&~;:wY-i\xa*(cNC;ϡC^Wu7bJ%lGH-LbpY=0fJS2\Xtn9H[3LEC~,Wԧ )2TT`0rg΅ҳR*ڕӖj *- tP?^ܳ$16-ISCl;%`+d"́g8t wyaõ{6Saaϗ|zbKz'ib"!{O|@>153߁EMc5t?qǷiK!Os\gߠgg.^ܳHWoMaü{n9'U ! y9e;XZ1G~.bt%Y9`u)^gDһr實iD6.4T$s+D%tMNHepq6S%D<&*+tf0D d;zސI{x)=o1K(| ׹/yU4}|hy>}~G<w*UТcS݉` @'0] ] n )Lg%&As!MO}7;=ALCU 7K XV|_{ܻGYDw&ҀHN홬" ,BMʘٱBM)oF/t6jm6"#ZHPXT9؀坳͜ /CA0YJ4sjm w0d1,cEm쾻XPk´5\y2y*,,6<煼d3q')`kȀ2d"EsmW.En;WC.'`+ܳwYNT5{0W-Hvh'ʱx_=(I\Lb9e=-;z5lo̦MA-xl=&o3;)ha6ˁngc91Dο@1?/{@(DwQ;I׎qWi !"~ }b^>j3tЗWc o{j:6HZVzoR]͉Bͷ MR Qә5gЋg%pkHHmPE &[@ kci%l櫀 RhWuΟ{o"zC"19%P'^$D` ԩDݿ_8#xビw^́}3i{B bnP^/]YM6oDtR~[w=/YgH4SLy3XUQ+S Nn[_dth2'522DsTFpSք_hM1}p\1{畁Jq cULw(GŜ3~kqnطs?=0beUPNx@H}P9zo LL1;VБN<_Sz^;f]^ 0 uіףo7UCҧef%V֪dl]l~"wߋ4*aX[K/{rCW}&`@ cױ4׉Mhnv;ࢲndn[ѝJ-14Y'=:2HK ŚA`)M󎝼tޔgZ8^h6%=1W|hMwCFi(ٛDΗ4=;EM}p°%gE YS8?MoʛT<q1j/OUN)=[-]{NǨY5 7e 8W =Ux*S'b/Ҋ(/Z^(òzBJH"п:aL\%lvHoFh 7.Fm5a+Sa"Py;?\©!,O) mUA"'D&r(BUD3 l=Ab̲򈾏a 3HnuMpT;M*Mb:8$oAs_U~To?Jj5&9rTOO9`2"n-N|Heؙc++p <\ϗ'k iv6ioi@b=7*𸠰JR68/w i {WO雘ks+]a,רB htiX#TI{tp j̧4[{a-=QhY[2*)70s(1 `b99OIQ@_~DŽɹ_graO]/%C ,x-${QߴJvC6uyط(,GQ^fO buݽjPs" f椠) yNN׸C Zű3[47 / Y;vq{4'u@VM9WIq.&#xHڰ MQU aYC{lL-&_UfCaSSLk~-7ql^ur[2s\al>ګ]FZR= dk餙%,7l8W'`_4M!;as1H-iq~\‰G5èY@o=& kVhb_{}{Uİd?UBk֑uCuҠ=R#{OdL@1ϠivꏟE:ob_Z5(.ΐK͂u:uOVqhXloA^#fC`ڹ7}x4iEvcW6JRS6[Z!OQe_xSmh4mg^婕:MUgD͕ݱ$ XnNKȝ@-vsD\AsHbjݶ?GBID,L:޽?P1WuVdW~#R!F.hXn~2ZlzT6?|𴾑;!s!c;j"-4{oc"R m}٠Z OQ./:)5ԡ,Mg S%sj*ip%683Ih :55'oEIUd7=qAwh,>CeTwvyjrScx>+נ{hٳQtG>׋pX4?ZZ1=ĭo}bO~| heд5d*T]/V RRHwnkvl] IoB'AMj<Ԭ%4CEo5;sDA 5 rĹfrޯrIW \ 0too7ē !mbU@) ﮁLCi|&.9[(y Ji/=g$&TNMq¦Kmәb;|}VՃ$'oNzm1;M3r H=LL& @`}vO2 0mؙ4:9MJU;.c Ů{' ;Lil3x./s\c*`R' *K{5]R"y#W])n5i*rY"=環OyA2N漡q^nԕ/T?לN"aK)wSȧ[ ؅rP-[ HYwr𜬻eKsE Xm+g[Ui4ck% e#ViYDw-}ŏ/ +lu 1#+TS&tBM2>.vm;v '<bۂz(-e }Ӄ_h.dXW:ͳYq8c q'*SvE޺R!yUA,nVҸn0; Xj4~HfS(UG[ )gr{ʟOG{g\WY ]QSuB㡇o\rS*l#5\nH(v'/bz~H-UIF9]e-'[۬qnX!A" ||cn!,|n%~.xKAוu3Sϋ#;%JJϦ[鯉y8s} MPv1ʎ]5- \ ;#3r.?(Cy\zؘa ߿ T[$(Iz<6\sڻ!aBm*VT =F̋p≮CY>l-_Nf fPjqT黬m6umn-M@KTдi=n!/#hZ.P!W锿ccxe?6J ]Q7Iӓ2MRs$CYrW>}ꯦ ӐVA2n.Ŭ) !쀳 L² IrFfŰK .иM&YlN{ — C Kʈ Y>XFuOC YJ/\0*yJw Ҩ78wHzP p$ˡn~f08t̳ u?gNp+p |PD?[\EOci?x5%Eg%{a&s}B !/c4 ,Չ› 7+Xޅ8xjV$3U9Ft̑B?\ q[tqSL+"#-BҪ`0`Z]3|Dgҫy mA(BMY*>j$"HŁJ2YSvv|+KԾOt=KmE*L/9:l{+4+(-3 )>4#V,z\Oi*Go( _$ X)mG4rMo fhT4HK23'1H/<#kF߄vd]$3޻ QY\G{8{!uSf$P#ËIAu$r7j?#dI8/C(q?ȴ/o߭n*;0 U`ԉahNC47CT{qsiukkP@W+;-{gfQ9]Yl]8ބQeI cB nZcU7|IyƢjt̥4%=ܢ=^fKyR8Er85Hw΃-kM_.R/Wޛ̢I<+E!ێ(~c#'ϴJo35$ oU ;*Ak\&Gl,Kd[ubsA^ޔa\!}4or0JCrP0ArIЪ$na!a·'^=Bn#IIEMGGpE+Jy.WATX*QQJd;n!L}qpe;"f76?\EoDS²p=_bP vtd4ɞ\wwKTb@ {"S #_,IQYJ}u>6Gvd-_0Q/^D)EhhQ_}kvs^}AϟzENj fk)@н@Oǰ Ec Q\cMgfՖ"w*)EIH2!&KPpΫSytAӒҷs@o!g#T:]93xM\}]0bJ L |^@M (k@"n~(Γۯ;*wꅅ1 k;qEp({ f8Q?Vowp!)刉-֤m"k8+:VL(h|oxPp@d7/KYA5QvUb~ڸkKVbnDnT#@)tNVtY_H{ L8L]'sNH`6)rvJyl9f"e9bCl6}׹ghG v[;mD+|dU6_-M KK#+agٴ߮0+$5u8Zs5}:ِME:9uP{;|.9tmir<`ͨ܄ӚiYTa \(\mTJr]N<KN4Dwg45-VCsڨOsYzӻt5eT.|O&ANY)u%Q82Wq IqHZȧJ"6$46b#xN@s|?;1> n**vRH<AmrT휷w}e-LWV64̽Me#`慍[>MbHx28S>PݽS!V2peǑGboCr[RNwZұ W@ J碋B!)+u'Qk[[ Lcػ*'aVa?2ARh 86ǔ(sPb6̓,ȣ-٩:]}>K-t"~JOlIMZf(ڌ?q>{(KWGK΢[yyn8 z0Yح[]]f ({j˶%vTo}}Hݏ]Q2,T@mo0kC!]WbkZشuHeWkJԫ ,QmH0U_9٘"ڟ4vEsK Bhg- ʾ46Wk—톳$9޾uVGHz+N{nzW"J׫X m?,ήKv,G闯 n:J~x6G>>^BEH]$V*YxwbhC!U/G@I&y)pblf3 )*SJPb sСnܹ[%c07S$U)"I!>5jZ}A=@FtzH,pe`I-0s35!z,JkfC-XO<ۋ6^Fq0wjCM> l$Xs7Rt!`# tѪ99{(i[#bNз0OIK:?ټ@s# O"ΖEWX1D7$s󇄒s{ _`&Tj˫ŧP` S\}SM`ʩ~d .7H eȗB?PGb` w=+tVdkx&ƉW|n*/7z٤f0Wtɋrm"m Jj똕tދ$̪- QɁMOQNBfc&؈z;F&?&G$0>z~"EU>U vD7Mr0/lKƣc%'2~aJ+N7Ӕ yOkLDm&5ӺJɪq՝rg)"IYr+gā?1e %>zY<‰!0Qy+-.& t8Fh:kIF-6*)FIjF뚽Ihj'=it_AdtgHn8BXvJ쮘^aVqX AIb+fۮz4xSu.N 5?VÀv܍ K%ځrлwޥTWk^`y%0[:JQ-욵#+*O/mVWxPR"4<Ф<ye | P/b 53D hܸ`:}y=;e͝VzlJdqj{@Rcf_h=SẽuijS;[6ZH&9ôƕKWm:>3\ٴe]Vcz͡SIz:'[Aoh: 4 *nl!8gVϞp}Jn [Ow@rV0q?Yua}inOq*^ƭ[QXZLw )*>.%X>X"f 4i}_`21f0V.VP`_)h|[1s$]!5[&xAsϫGk e셲/K>*#OY/zI)̉s@_9BW#Ur+hԍ;]gDʠݩ J$$p3Gp>gH AsX7|ē"#AqsF(tx/Q5Q*3ٙ 2|ꃨn@7bf }< :/LfLŸA&vJbSݢU^k,n87YH9[ƋѲhU yK<#Ii{1őhgXmr*ݼ3$LRCۑ!aH/,0y.?o\ffNHSEg(n0^XEhcnt#?Tb>\e245@&jn86U<.NE&* }oR6Qp6WJӧ,tz,aAiľi f-] qYA}`*|i4.a(iĪu6M8 '3^MZ|3]MKpu'R4nyb =,J&Rb뾞!`&'8А ̸ YĨgh!RO/9X V1/jq00ba0!y<ˑ.9'eݪ23Hgχ*d"H)!/ĤzD+}xw-ͧLz{[s1s Y:;(o߁A0Q2YZ}5@6jt5CŪ:[Xp0^w-To˿¢j&oc.'p@;|PGLyEHǑJAldJd6>Ec|5P%ߓlӿ~ PoR)#B-CgYCܯ֕u HɶF8V!< VjJ^Paӡ'Jl7}"r:7z`8nptwS%SPzcw~MB kzMkGIc Okb3d/͖N/ژ:0tC](}:l:V49FW2Ŵ}vj"2[7jxWݠ:3 L6AyztOG@u4׊Ո_`MB^UxAչR1j6sm={ ֝v 9A>S/) [R&I|9'ihg.X ]/xfcIE3yHCV'ܥV|91c>g(W@@x6~W=rdXbz;ј]QA@?Án$=;3mjφ.+ןF>dz- >y|'?Sn_'?h/vKt Uwle^0qqk%Qo@JY&@S> (t"nVyL_ߧHpsd; |VϖUc=F< G` Zܓm !}l`"\֗kx?7c'kW0ec:D"#/BͪSh``Ĭ[ODSEjK쓕(؏ hX,p_ $Oh>4ΐxB~ƨZWy ԆŔ*/,j+ 1B:31L=ut/++ꧩE0Ow&Dw1/t@5*єk6WOJAt >hcy>VI o槿!5C많 ]vjlKgRn6K UG FQ[q ;ԏ )k1]ߜ`Xcg|Y۠k"?W0}(nqf+[Ҫ8E@; Nkj`+ Nt:ao9^YZMtI7*Qy('r^sRi˘1joX_5v%aO [McɊ[3d,2hH֤6VlHּ$|vÝFc n*"^|QOMsv24$ i Fa Dv q +qr9$u|hƄ5 xb*s "q+ciq%j+N9@U))"5ЁWe,,$2Ԣ ,kyh*M+BmtŹVB;zt7V̿("*tp~_h\#Ѻ%+Nѡ#GL[ .evLyA F)\&- **SE<^9WX!qܮLղ y"?єI5mME>4ۯK(hW,;pNPOgRG,tzji+2leͨTчؾL0? MzFzruU. 2h%l拎Zp9Cт]4iq;J؅Iu8}XHOT1;dn!,_I֨-_i[zMX{ޝ:=?)J @YYϔ^6j$!kRB]7:`;D<) ƸkeWnG]AVDPuZatG_T:2. SH{Wy]3}so4XbcPΈP+1s$V8x84*-]~mtgWڥ600,]4nl7V(kSM$Azd%# 79rf%Z_+9Y~@|A0lq|CC`Iڛ-sp;'h(7E~[v $aA90G H! {67+S"HCZag 5PIoW,R>^Mr|M[3\p2vA:&``0wiFNõ y^yxdSԑH+`^τ;67 !qfPrO-@|$qcc]U] ӡؒ 68%QG { _L Gf4:mD[OjBH3ٙ8o@CA&\'CkVLe&=S,0uLU?WUX B dr^+{abc£ŏpsX&~oCPhXk%ju Hٷma;@"Je3YPԡ;rƧV8ӗ=:O%1ۿ<[1cC# ڈ*,TiU)ǯyced2;K^I%F4=)ޢOJ $Ul2\UZ\S+ԛOӾXRarUehe1gh'FHx3wŅwYˑ~gN$ )9<wTf^DJK#UuYIvu? q7(.G3Q73 ozs89M^X;Ci e6\ -MpbxγiKПK78`Ji}Ryd%CYOx&W3펭#5LuoruD}Xy 9X/Fϥceij'D7b*yYi]G?H-ad a&Y1<}hᙋE Ap}0[ڰɕ]jkVy so %:/}˃*# ubZ3R-Or6|, ^sTba u")EJD!a[=V} oݮ渐8̾2dGk˨(.>0Ua.8:v]1ڪHf_q9VؙqB'SY D{Q oFj`b4"۸\@ ƩwWF1LWՏށFnyg70j^0b)tί>?JQ~ =ø,%AE0"fu/)]PC8{_"RMę 5x@= 8\M5NYq`Bg|DRTH2l3yZ`=y 0q:IZJ;▾0He5_Lc0E70[) GژP6V)Gb~g aFIeȾYJ|ᵭV<3дAOOHʪ*mOWu+N`3cjMAqPZH!@Itd@2XO YF;|M9VX"4[UQ e = MZ|-Dtn7rFgp7KStӄ_ӡkQ6Ci p`ap渆DpUH1)EWh KPТޜ7:V6TԤ{ oVarrF.uٽ}S=)(̊.F>8>oR%3gs[S꺠HmաǹbmD P5"ՕMѧytUи~~;ь#ù ,|Lr|/` W7y Negx/kzĚH$6_ 1D^{ nctl]@Cv- Qv}g.zqZ?vl6m)w].!i<(N- _!CC Bdbm<[Fj5 3,&'I|x`è*j?OpDS[i1Ai}:EX%J}eͼdVzɊHtk#  :"rx~;9gҿ*0nM*Nb 2g U^K")c~q5/LBA6oG&f5lƲ@`U{~J,4 K5Uzs/O-}yV5=G,IT GuB͖MN紹.u@"Uqr%Id$z=5!D3XJG%\;Mf_ ,M.S,Jql 5Dp\1D~f yh #¦naB=ɔ@u ]p X=%m8QBN {:՝Vw956,=V!0!ŬŜI鎵6ԁ!`V>KMQT(\48Sm5a"k y_'&nnW1EݰgKSUKdN{%Ve<)$CX!hUsapR)KC;R%ZaL\X~)F.i& !8fAq &a7%f!F2S&$* FKॊZpss8%/cx#pskou#B`E`0#`]@IsǒS{ Qn)`,ZugIqV]ÒN2!_sCe2;V+h;, XB,dJ fٯ+C'癏oYd+5iw{A{D"Ǟ5ߛ-WTį_ggUủbUz+ i ׮ ^:6"Yp˫/Ӂ*]{E99nlGKOfPrxNlB@_\C>??vm {S,"g"p &H?Ə9=6@,o(` a;x!LhApy- ^Gqja [,߭"p=FnP3y˓~70,0$"{nH, yn/%|GQ5ξYmVQ^𕃡t5#غ@bqK#-gdzf\}+CKBQ.UO |WSs3 Ps"h~.ˡ,{}/0FZnۼȲYZiRZ7 1{<+F%(iqDg4<#ECK7~8,0j(IPѰ]mE M4SE58TAH4r* R:a Q'+vR 9I714Ski8@.c igvk{&Bw5%XzB`JVݢ?Dzu8S(cЩ!b2VJ$n 8p*PM,eZE@{$_pjfI@7.&oS3Cx#zp7w3{]L:SB@ `g@teȭ=ӛqZS QKm5iX#ej9yB%|WOn-rʆi*Gx"#b {7 KYw0XN>q dڢ$RWz0Íq9b?|@Hc_Ifv R4>"V\ s^N=%c*w@>,*9 C=1XNȍʜUJE]>@j(3j妅 q[M{fXP2pB,IEr24emLbK8|`nT {;oq+b0F͑<\|= ם?sa23è-Jh7-7_HP[ytu[I x&cZG?o-y71=AORl:Jk-ip"-Ib&YB>`%afy/c;J*AqqDCiv/i2/:s:=|zSzYqz+!ɦ<<3!@PKĒ4Ut,֧EjԿbU`U"S0-KDf)2h0a5h7 \"XQLi!%1<_R>Pu~q7@?htRXER0+#cH4%`&!I䢿,Ww:3ΑW71QJ ukM1Ե٥`mk.J M\hKX3#8efn˕5X/;k)ٲUJdAK7/?[0`_جY '/HCB. 1۔F^ ώ fjk3 'k;;_R( H^6ɞm ZbƦE.>T@eXƳQ4ĞUM5Kma? sJ\RQ[kUWG:exZuXMoɍ2|P(S;2x4aY.8^$ۋUsNlU*RYCh_%j= $ⶶoQE xǧޖ Wѻ"ӂ50d=hz:&*+Nhv܂"d(VoKk͗T,GM8]ULoxTiAM0Yβɓ^z;P׍C.'m%x ^Crhccy?sRN&(&FW֩TW0 m{x^-@|NkG'37}{쨇~?n4kfah=! :7CMufW9frH=%@Co|NLʄ\M1?bJ\ݠRZ``6GGN#غOD &bEIv:Ϫ>9kU4oވJP,hъv|jdթpe.Zȝʖ}D/ grϋeC[9yr#57"sqkpTݕozcoϭL(3ewWtKu}kW̴F 6ő c[5Їd홆n~5A̓_9+xB J>1z-䶘+Qc,z5LDxL?,WX?mZI@R˰r+{6G=6[cI5!%5ۆF{)3L=߯-/nEÀSC/uitS{d6y#x"9^n&oI)IJ@#?V>y&~Pc2hm;^ L _Ijk[~Ho / QJJv+g%ij#چ̓u7l̟=reB7X TnPhBh!33_FmUZxrΫr[wwL qZX7:6˄Hʬ`LpaWͰRkl'Ea;C JA|"{l Nk{X^=a_7hTCUKb*o{*!) M ,))<&m8[3Ba~YK ݤ*=69;EL$*PO0n&wCpzn8ŞGވ!d2>}Kpvv%"]7RmS5+~{|SդํkցBU<}7$әT# 3! wcſ7팚\aZuEBHXaB]?.w7:o;2a ;k%QwiGR?lJ|痛lW.Co|* 5D1 ѯ+i S'I=MZ M |PIcy(Hᨂ9 ;:+GSt?BG=\=ҴI:•)~j1:H\/l4FxʨQ,l7]K`i42KE g%Va12=JkzqvkgӜD;H8t!s k3vӽ&[lB:HeҢ㉨0/ `xarիk&9`!^LhS2i9:Cc힣P۾F=@E&0P)QHfnqobB1%yAiM![pݩѾhJx%GZ K ,z+طZ'F4Wm[#hHLLXD:CAŒϭ1 ~,_],~PF36 IXKDwq,XIߒf0,7&J෕O nEIӿ`50heN^㋭rɐLVݳ)0?Wk05O4!G&^{N>WpH@CuJ?c }w._ĮO&t#0}Y)~- -aΣE:U+hY"V~21BX4q1NvcڋODi5bO: gsx; X{I4>Tr N5ww`#!/+"^>ob.# ~ѦN UY?7~A7+H8O81Sƣ58724.q$u(uWu EI\-,qk*lA-N]t4Ȕ {0م=E q9; 3RBV$mc_5!24u6 G ڶU514_-4U޽;ű(`] ^k*Aa!"I%G%\Jz.u3j3y$̄?[!nnH~S?y 4gְ_Y#7TD#-$@A&fhRvQ&b7h]2Bϱ,ϾR-r%Bރ; <\ʚf)ռǓAG/B+%HFitVb烴 & M^Ѵu?0@<&0 ܓ+d}ClT(B1]MX kmDxn_1(HMwU?1IzPl?Cg=v"qAi@4l6"e\خ7yID ΁ra0+o^UH$WrtDgHyKq#?ok6NP%rrdk_EQLָHTtM߇`򞖂7'Ǧ?x۵jeQϧ,%\X-JbP/ Ncbs9rk;@,CFt+ aJ&H H&'6*[Hl~bZ5-..^uK\wtKj|&~^^HLAa1N#"fA,i jE΂} ql_i6:$ *U:1\މvܣM veC:@_O!<;m9rjWV!kA~ple?M'򚄅Yi=փ!PԌ1eΰњLZ̐A"MjPXNWK'/3t>\`GNnj=K}u֏ུj+M(cUY!$RZ"Xsl5 c- 10<3P lbZړe/@ro4jSY 2قH\)鐊yjqA!%r&L󩑚So>9Ư$j?{JLo-$ %:e_SrY X`V 79q"rP&|w CfcE;v,ﻅn~q`yB+V YG7CnH(,`Z,d>82aQ!EƢģJ.%u ((_11Ĭ3 ڷ"?V2>g=pZFn00 \C!؈#@ܾPF QA΋@) &{8e-D!e.bG4mi|] ptthH5)G4mO S1#^g5pأss_oѕ Le^5{XPKp}dcu !E T;0kDwI(cԎr<hs3Q+{LÛȂz^~/kļ(:pI@(YsQWSյ}/$vGP+U52{ R< c`~csY{_2-} oy# #*KjuiXUSyi7"]R8'f~t7Bȅ49<(iG%R/J|DpGcrRXd=0[ 98$MF,PnZ š7; PAA8pT-?/josP"] :hδY܍T%$Oxq!Rud;vNd/ G b?3MqtTH {l[c / Iovn̘͉d&֝e&@!=z!*)l_tkzF&])QhP%k^"zkֵ߯@o Uz>S _=ŔR ɮ2)8V6m{7 4&.wc+Qȭ":⊐4M9Egl.1TaəcXw"&XK&rP[2X0Z$ZTN7qۤB)oSC &1]h/5㻦aJd*4Ba4mB/9L@e@à*iZMY jY㊹k\ۗXScE+2DPũkM,U`XUe*|t)V)S0e\CY[H4򄿺v.oFO~]/W @^I){k8׽~_RZ^) !j(x۴k͐YsR2&829*xk! Ǝ4d4=D* + p ,k|TY]q DZ#DQfX}'zJ5 Eɺ*IUڠ7 VW!shVQ4[\֘]˚D҇ q }#6Zц׶s /+8Qd*t&:TRb-iO"\:[a wj0bVw{TkGxo9KOM1m#@H^|h— sRP#HZanΓn2%ιLe GA.z땼zUJ;34SzI iJ*(] oޚ_H|i=ot"RQ \C= {O(+6 [ewŅ>/6xZl:!kTs;zׂ߂&A&Sգ xb0 W8ċIJ {>CPK5K(U嫿 Rsr,rrD٨#+)Wn%|k5n@( g-'F/t >zu2 c71.xS ژv[G>i{څ,蘝4+aon5йljYܟxCQ%iXƚ(v®l!?Cb76> FE-$-lnRA)ܵgB6bV|{®cRh)-M+<])-j6aj/8~H\U]ș \ BM)3uN6dAq>+{aQ@.FV#<%m0yxJCWѧJ5xkJ֨hX"ܾ7sfoIu덜l}tCHຣ61fx[HlkpL8jZsyd9%eďO 5j̮?7fBqgBff1:A(A99,&N~O .\zNiԳŠv!{l k7 T X1Ǡrgҋ58o[,J^gtydϽ{_Y#EY>Vr ov⼗5_)(|ão/W!tfy2/7IE/w[hMI P1_2oӫ~ag,:̝Fu|攔[Gm_~GUaPjiyI䝕Jh1U۶Հ8@fJ? 0yR OU~<ЖE0;  'wOG^>cB~zMK,xSőẂ:l7 'E{Ƹ[B }oߋYYxja`xJYJmv|X2T \dT<ЭŻԌ,E"i)#o}ga%Ӈy2L-ﱛ7|\~|4RX86ݎBHH'Λk݂09?Vd3@m!JUؔ8 r;Z>ImHUlʪB>,4*?;cE!-؍;* \OM\}W$tp^ts~ "'N83.F 3r{ WR-|>4&FmZlʢ=sIU]3iwA~;fv~*71Mu+/ˊxuWiw 6J⤥-iG+*Z,:Hk\bG6f2RՐ1ǔ>Sش}Sr[xH;kP 4;}K9} ヾ4w, f,/*c4|q].KY̝Iy_+''o!\ 0P %?):qAq gj. S9Vym\9GA6p H8[*=NwJnuGjm޶Iڝt XMZN@l.=0|mBXC-quQgg+l µ { 8yQ`iI:V,e¼(.-2ŲCxXV^ $%)(;rS_9tk|Zbzy`s)ҼU|s*ԅs@NSf)@"BL)qxȟ_kvXcW-7i+3 CqyǖІc7 W#! n;En"d6,a{;4X;d> bqg=_} 9ފuiǑh+{nR' LRZd!?Y r)z:ٚ;NY特i@00M>l3h(WTzexd>OHnw=Pvp^>nKӹY(.-9x1\dDaXMvlr 7 11N/Kuq^}:I }JKø&|hce(_m?gp'>2k[[\;L8~K`Y (D-cc<ߝĦ^fX`=JA֭sY B3ayt\W sMԲ#X+-5nGhkbqJtŰP+V̽+ q.Aăwg)(^/<e~Mfi1(f0k}f#N az~m zJ'O8-$;[P}uMRw5g^e.eO<\8Dk|\VScv - ;!Ut33zz[Dߚ{Ҙ X&8X)O@O4wbjٮ${˭Y/]TjYiĄE9l[h~pl1J{!)dRP- m2GzaiOu:;2W ; d-+ol]V&z-qtU8gG'0j ٦ ̃jj>9!oy_`ڒB̗Q?c4)AEyfFwV*nf3Of0̨.]C~_- ^LBh/51.'?e]wC_Y"Vn\?1w *~O.yBlT4k'At=@@)X9F_ ;M<<)N1ڜKß(\M2l6%r9k/5au``%r5t2N2 +QnÂ< N^S}5_)˜h)Ш(f;j'uO/Jq6wb Ȟ@[} YP R/ZAн&fAI7rķ r_l^ _wbMPϟ!8 4i])p^u9fkV;TGJ?,ٝi swGJ2A).O1g㫭6[j (=8"PB n1>IzP%Fr%b\O#wW2~D.hZ2սgԊ4|1mf[rǶN_ sV#2>}k|j#1V2kUX1Bu^H"V,Fd͗P$L3J{c۝ jUp FG>fk)p/"=-jdlTIDovgWJyS'* *.Ί BgxV#L4k-[dRM9Tq=pZP z(k`aC>}GNY}Ԯ wj5"(&.f,Wj:?>A˸pE;:?5Bk# G t"E']>aOٛJ~'!~;l^ <袁׎C{t?-'Ennn lfHP&=հ"T`J!EiHRyŶЍHeҁ·f!Vm3TRõ juڐx7r?np,A͈5_nlְm/k0:4-ytd1Hw]cC=&w( ZB/ȍOm +t]V<Qx5Jv/TQRrXPc-p%g+ !e53 "2۠Imܦ~}$dȾ٦2 ׆D񮰲 nha9ZO=ܹkE0(}'ˊyɍw%Iᚶan [{:D\}\3A9m6Q 5r@ &u!GK$'aQ[ozh'ifhzNTeݒ=V&x$Hp=ln}d-]IOF(U;kę#JllJ]WL1LLƇM"OY Q$/ s"cb8ߡIӉv _*=R'_}"`^dZORz! B腻 X䓳WR/lrJ\jxRLYgIj7O@V ErFj*H$D(rS0Zq+wPK3Eoᯙm;l3@MbB]%5K!%;_*p'FO'jcvxa4CA&3R]'$]5&*VCH,jLO9Zcmz4| N$L j%V{A ?7>ZL;VaK)<2m2OB(Q:)<`܃r7FL3~ MZ3/`.gP߭B-# {C %FvUjͯત=1ݻTb rrNss=4X;6$gp45}0^cꐘ;Y<ך)WB 1l0=b5)f)&S!֍d]Srl0d:~V5X~“_`3K0|CDa'hTm^+٫[& u*2}M1pc{~!13$Qlm; E]uoֳJ[EI'/GAT:8zNkc+%)<`N~jvY#q+="!}D D;P&$~D&)쓷aلZ9вc'XA^Ի\mQI1ZBTed|5~#V<$fGNqEc\7wI<5xJG+yh0Ze큎6<> @Z6k?q,ޚY52~Ւyy4Kj54`Nk@Q@zd{Q}q`hEW4yshTfij#fRHq_W=S*̏ aō) 鬙uIҧP yn$M`%YnC; WoFWj *!sFE噼tbxBˑۼ)w(-egޙ^ դNɴ!-d%{Y8< Ir'~f/-T5U̍%N95jŇxҰX}9ݲm#%"f|9I"Ǣw@2eMO!is/:=GUk esj]hCb(bi^@v? {2[fn;htJH@B8C}AvCx)?#6S ?ʽdjþ )P V׉eIЖP>kjxlM[/xb"f7 t`S.zXsgciy|FOAQhvb%]tj@D́uGo9{PEêXe ꣲ^nldH{eW|*K%c"yz嶶ҜGiB󕵧DqݙMߚ6!*}~r"r@ORͤIP姲nĉN~&q 1(¦Hj6v+5t s L)ma3!^uc  MWNrxqk.XqZEC&@F浛v&$[d@%ʟp,FZ2^-g{T] I8:fUp`(,o3 K&S|g\TgiEE݁gؒ`ۣ}r%D6p*M[`Znq5:och"@NـEa&ɷǂgp)hxcxe`<,rs;o=C)s Bvmؙ4q!Y[_g6_UѥpEK/ 2oLePD_QK6 L 5\JFWo>|X9 s EGg WS_3C~I2 %FYiUrl4r.52ӗ k$~D>Vv 153&FQ?'tkao!}{k[pS'x)s3x bJ)G-j=+ xOޚŕ1-3=C9@ګ"MЌb~05lq|ܺǣ}7ˢ˾'Ѓ FSQ\#)Ee]f`eV OvwϟoWFm Vfg2aA%%!*rY4Q ItK3S1w.^dE HPyI]pcd*C4q׻I`ˑIᐠ"ڵWdE1LU7Bӕ^ЩX^,qɽtӸL7'S]ze,qՕŎ"dv #^=]su&ϢNP6{cO!јJL.8.#r1{Hm03n:`y+ɸ7$۔,gY>Ex@@`5Kׯ!= iqOm+**cwR-%T jWgyۊUr@6]y@`uF(9|"z5談 % :>i5i3*w. ]'iX:;={nKM+96D<(Lv#ifk!!NN _=^nZ/,\FG n%t2 ̬?<1>~+}"U&8| & 8pǪKYYK7@հ؜*u`,48ep@qFa_F̶,>IOk= ڠ`bjM*pӈe~T,KC{>7Y"{=rCӃ=O+0!"SODUHK>\u۬^~l߳;V|04@$x-b}z5Yr!o nRtHӁP ߚWaؠ|`n-^g/2}$+HEFrwA-rȈ_H8)dگ'M!'p7<^*dXJ4m=)d=!rZmS6汑5:K3e&{__&ѷbSm<6G&艕Vu҃dèUuEH+Dc<Ǯ3~3 fZ.%0$LJ@08e4XUu*_8C\tiM|wY_FApg):pb znL7/Vp߶B0se,P{|1Jy@:#,EJ1֐TuUww̼H%bpy$Y̝VE9dDZ]av} 3iJ==-o"BBLo2y`(~j U}C1=c^" F 0~@l *Ӹ4W*sYFQCf<0;*j ;~#Sx+86D>,$ 6xXDbVD# W,N3}[PSR3S.}Jpiڱ{Ğ/˅|Dk_?s{%(NK߃m!3 >W1Ɠی4jQrMDŲٲ KZ#xiUNp﷥ '^Ǖv߽ӴLrR~Eیh똀L/Cçoө9l!:Ll^5&$K9[XMy1FmϪo~2ܠQJ4 9"䏶Kq,9OHN_ͷbDSpŒ: u\F +],Eۢ ^P%g Iz"iql#V7U7Πp?Q+]bVQxMTۗYr [6&L [oOK@BH˦#,g 뚰vEത9j<_<)Yͮ8B1ȶn#i6`X?CfQwyz&Ɯmϣwqӌm^ʔQyvS\R%>m'#[ǯQIߞ/=pVE&UdO Z}Mx%: (mӽ qZ H=R cNd_xHg%B kU ``;/s5|(R&_v"]Ҫ?p Og s$l.9xTk4/=l~'Ï4Kˡf. 9hz9o״ס<:ˀֵ0ƨ zAAt_n{%VoO&~p20>/y5q9N_XAQ*4D_v{CJv+qw /A [E]П\>f%1QqWo#!,#UJ%i0C. Jý7ڍqd Jw-OGY=6{?cTFׄ'jz{,|<ޔ[~_*zvPۆE8*w&1np < $Z͕PWBM_̤EӸPR(Ql(L (k 3l元ÇgI,٩`9LxTex{OH5p||qzŔvH@4͟ FSp7Mۿl`LDLӑ%뇨ݲ6Ivq6H ć逌4 ^*?gꢧu3CPxwcI!%(ZHe"Fr2o-_kIQ6AU^)JGeBj+3 0̙b:M[qM֓drXo.'V( =|Η: /*ҊpsqB]$0kZld"2-bURA_hrµ=(V%Q~MŲ@sxL}gzƫEkXe7fO=HEk$}FAFQX+s?25*!av=u$u%>"3oj`Y3ryeEYn&8SNVEާZSF}&~4%AΖ>+*AaZ@g^16a1%0hs=4CP,]˳Dre32sh]Vmrzz[ ABQQxUz` |`C]"bZY \n3 {\$`sĊjިp ]ZJLm)*LbLWo!:!>emA8)#im ~{3Iʘzo"k%E=.޽S~ቫ@3uAOZE~͢~ŒT+XZ6N\ (_ߓ{BĘg4$NG+e $Ȕ;HȤ(x!s0BsڵM6RHL0m; bMؽ/Tf\v<Δd"̯ݺ*0=4iqN|ڊ'6A3 I+%s|_qof) zp㇏g^f4ދO)P%;h$Z"!SOCNy? P¶F'qIi6Yd"6`~ƽˈ;GjJ|8جArIK p:RDB&9=wK!q>N9.1?.;{Q-ml"@c̮8`5謞>}|28w*ZLi Z4n %]&ԬO>ݒRRP^~∔z&'#h{AjZԍ2 בfsĐF@ .h-6%Fytኂj.CšNF'mM;n;IWegB %cI8S/Q(m=oqbZ[`aXZ)+-b|i: FdfZt|yV nffR}$f(HTXBzz+#4"GG XS"tQd+Lދ&K #Q27ɐe-C;s$ukd%J hIa@S: />iSJ6"Ϳ}:zTrjP=A|uT3WͣdJ5XPg pg>! Dߘ6ћfdU:s;gQ!uho?D\ݤ tAM*I& C,VDt yUc.?hxx]xƅ*`(rTzo2nwo 3>ź ;N=@p뷦 ,w3Z fvk N4`,]eN2\oZQľKu9QhC9Q2O=W'dVgcWxOBfKdl^N d8\jlwJ^F_>#/!VB;2A%0"Z0yӅ]/=;kॶ":u5MS¯bk)B<Vz2s߅;YUEIvn (ZX!do,#53ށȩi8yS Gml&|,C(+B qɒ c`7Wң !5R߽]W7eBD{{4 gNd!Zd7% }ͻs:J%BBGn|3Ћ_['n O*] t ەi]90<2?$r~eU *6mvB&:\&0Ҩgkbu B`na*$gc#=Y*9S*u~b`ZNOG۷ÌFW-``#3iR;F)" "H@+@qI (,tt^ Z;v1Zls<≯ajƨ쁂d)Cprq$Zml$kiF<0w>][M=7DmQxa5LV9#Eөj¿|*>Pk(|4S ?6k*[<~<79sw&QKA5[ǽE)8Vs&Lh/ӀP5%s 7<(w+bZxg9bcD5隦u{qI  De kJ_8znF=~DzݧZI"y*}g}gم% eg H>5۫(od4_=Jˬ*d Y}5ݙʲ0Y@{ *]]FaIz\ 0J>NLyl`o0ws3}PP2A%:;eI #5*oY)Cg k孙^;8l=4  bBYo=gZ5ͰQ} ^p" o 3N.8 ?I&sև" nMՋYP@ ԓ9ڞ-P ".i?PGI6i5Ccltv`y}=iHeym'p}z[8% H-0Z|2Ok_PO:H05zB(|i<6 |*} R#,-f>lAX,uh h9em2f'xԭ Opd`MI|C =b>R:`?sƼ+!۰0]fʯDZ+=%hp얨l*t[@ĻḛHψs tgL֔}UեYK^1˘V/Q~|ޓf WI95HRP6ue ~4p@BCLXb$,\,;v_µr}7cܿW2Ϳcak1c|9yNW_fSzqړRPC\e26zf~~oYV.tjVNҞ-9dQpF]`f.֑{֐c ␸6*PEZW\e!`}9j"cͣN=&t]"z̜'j Z9=`o 0zIMшmyeD2[C5SLl{f6{[7L+)ӟ^K`zQ^S T,( KO_k1@ݧdTݵ5~g6*N!p:$itKil*ֳ#'"(8LW->i +bgGE;}ᲁо<ϸ#,bx3Uev&+7ʽZƐ?inO^Zbkd{BKyp`Iq,RbPɚT-we>n@pDOlUOWEĩ=, 8-ƚB[_ JπIY} ~$*9Lh>bq^ZGr.Qy;kB$L[]WUv,F܋)' :5 uD)5CH^=&$O3cÐ^Cii`y34!i97=YUDg؝z!]D? p) ϲ{@c؝L\ؠUk;%SbGήr\I&[Hdz pI.kNuЅYޫI:JTmj 0~贀栵k@3ߜZU_Q}r2kc|O994Tζ;MEmXLamY9c0Mv錀0nyGXH|,4ekGx5û5 O=.d kMGSC+U3+eKN״C>)85Gu7{g2/&J$Ȁf ـS2dzO!if;/jc18KR[kG ~nqc"\_#TBE64 +4B1BޙggA}nbݻ&9'"a1mh3[h+IB^3{YJl*,N&]H[?͔\o{?"EîOs"d¢0*}V0qЪq- J7H-ʙȰ!8iRtoT(V}E^P-YXT5:?k`[51#2[ro@(l%W?'Ϊ5ed~q|Ɇu%3/0”{jBC4ͥ)ࡢ(|E#ӻVZ>J{:t x`U7ɀ{$+{!=#ôTQo(8F?A}kvݒCAk}Mi?'(ɰLDF!r9\zV[8@ fOw2#/;sǿícnI$d:٧aK JYNf,H}rFyBCwjSE֙!T#wRuk_ }Eu1!_V(Q<)hnlۿ@Z}{S(SƥE.V.ǮFLxMJ˖MMu9S[ ,M-DžMQ$rj+,KhQ*ì_,wq!U29XQHOkuu֡3]AV 9}v_'=}h9v:e& oSgbT;%Άyl;mWem C|e\1j剾 EX;ٍC}ZSJ 4j0ԁZvPI\ {X#n_`p$$D2ITR)$PM/x\f=ތ1mIIFZbl̀o\]dCw;"XБz7g vёS_ !y#>q|$)eaH9i݄дͳHMY ݛ|kIq7yi+~cSrfu`ktZgk ]qC6咳2a5 w5J.ݔȔ;;͢hN}G'ݮ)Spta[E+W+.|eHnt,OFzn~%M2DN\ 3Vh3vҡC^?j~ _)Xy1^M'-3*V_}s*ˁVmCgZ(EdċK81o(kO ڄD'kBתk͛NQ=ڳ=wW0\#+&ʝpe4>ע+2޼0# ~34]ɬv-dHxE;MU6X=~PlQfã|E./j{?&7z'e@< xS+ˍW612?@$\1̼n}:E1v>D2'JamQZ歽 "Ԣ~,pL5֨sjB<6V^ąx|*ɈpNBWw(uU`y;eU4WP 7jlZ:kiv^åP:XakZU"yxVs,-/ȉZwy /4c?`TtU!l.֕;c%ʷr쓀otm[~VWi F9{h P#ۇu6GVXb --x1}<*ٓ%Qmv[ zJwPbMBg-ƠGv~$\^+Š_ ##߁xT&>šh%_9aE'.Q;u<R3܋*o3ttWK3-Uu om~6"ϏCPơ,b,6 o,7m| ֲ(2)h ҃Kj KCDoHcMҼqIQ/( /6ޗ;jeHqRZ_ [gA.-9Ά`FQJ۠eM} ք`;Tepumv(o{DҊOc n'7][kt.~) .-%Z f9YW\Zn9E5XݱUdy50[-5>,K99 "RlkwElgDgVǞRbT@R嚽r k[#W bF7c\h" bt~SD7}>?1Q<Ձ``iy41T Wx6b8M7s>,4]PWk 23rsnoPG1nZV~@fQ5VƋl 1B%裸M_@ȤA#碧sM90T䊉ԆSsAoP<-bĒP =73G_ݑg^ ~P G0_ yQGE}>ݒCW3L@2ԙaR?vbQ>=qkvM{bڋ@[_߷.BwįwqCh{ J jǻZzP u Tc4qþSC F8D! Nw=06+$lS*DU` j_1-fğ}Q聄յz3 1u4 R:뎛Zܥ0TYJ.b,z |xtG;ISR).)zΙ:g˟ä2ckXZ@e \[AL7.FjE!, u=`Fx$ۛqr!;.z[N<κ/&މlښ$\-%(]okd4wFM(\{Y!~5r˄}$2]g_R]歬*EKY H@n y}̤O!g5[k(_&oZG,L萝壹LIzؚvsèlc);k&C/BPZizda=Kw_8f#s\k[F2A=o ~O@7&Tv] nmFe\3kǞV͗Nr,N\&qaYK,/Opif(I,Nez~K1 7s). nX4{jU5Vmh>]O;Zř[d+2^]Y*WYi^ z1~ %|0%["uTԦlɝ3.ySur:\\4q 7s3fl`˴i<U?+ 6#Outҹ=?!ZNm ʈ9\U?iDz؍c9/."坧"cҬ"?᱙(9R\Z 5!!a.{ٌ8SY[b죭v~oiނX Mx-1X5g F"˜^@`A"F ғ$ iHP9֒d [U<]|L[ FSX:,eHލ|0ā?9 5 λNɍAJVo'JBu!L7%iTtS? ڌm.}hV-~h6<9&KY@IdxϤpQԲx[`e5W%qnN n8`7;i4oO%jenG!vAD#4GQ]Un嘗AM?&Jp喝RUtw)@/y>z\O,5;s$>1stB3"y2S_.'*vdDّOĨzx*^1GXesϪoY@.1*C8EwrH,x[k)|xFiev&5b=O Z5& TPd?Iib<8?F٧" |G\w PVA3\*pj+ߘG0`,:T Kt.g'юpQ/v,ܕƉX/gKE߫葟ۤ.y(CJq*P 2O`}jT^JF|Ѧ:Zy\'eCe[0'qQ aX .z\GFegߡWK緩Ϟql>?zXmCkqQ:&ŷآUOs=Y gwdȹz M_Vtҫr  B)sdvlm ZD3`1jcw!. Jl#{g#Zx! KAԴ$\Ig;b3 g¢ܹehM6:?,$R= :ZWJ#LTJ,5UF %^ۡ{ p{NGkREictڊ$gLMy  #)3kĩ^g-}$̐<:Q@إ9M*9$g'1Eu<*v5>(mHKl fˬi?cgVԸ` EK3YIf7eF\;Nn<h4X0"LY{V4"it暁H:y1[c{c{.!_xGW̥{JRv}\~\`6!?|>ޗϲ^U_5mҶTa ѣq([μAr fum5k\>G9,zKCe[1;Ҏ7e݅P`ȬH$Sv(SVC5zdűQߣ Jru. }T`7Mn17ۿ;NjYy [<'tA\W]*of3625i. W=z:rp/.;w'MLڄvOk ُIHf}]4n{Óƕ{@ߪEOOCWy2ãOrU1f|yF_B b7iȾi/C]8FfWJQ-ʕboWq^@\dav뙇^* ~Y<#*[LtuJ՚ԃ3(FI݅ODŽK΂5MD;}/ԛ1<-B׾nN+8s$`lv7[)v/6)yuFC̴4>xvQ BODF5Q%)|[˕uvZ23wӲKoA{#<>:H/r,ꏴ:ҎUQTsm2=@-[0U"9MB`Lk`@0A;@`^?-MPt&%J?~{C7]_ak:y(盀6[. z@:~Ę; . Q (|`su d8yftݶrm:$ȪXCu +r8537%QO)mRWZatf2GH-Tj4"1dt- .F;2Z"Tayqg <(͡Klh LX!+z?ZPq'>Lŗ5K3+KI˹}K@8}\Pb_jWh-osF.zl!3(&ddP˝RtIO*9P﹫o wg>e$ݣi $؍ڷMC{+2O퇼G,Jm?`5F[;Uےta1>o:,PEdE)'1G1BhH:BF.-W`:WvvHҳM@ QqھX1> 9Uy^BUP~ɡS;U'La|㞻)᯷ ;U+ў!P[}[z!Hkfeۙ@Ac4S&q Kxb3 ]!%L2:(8n/ܴ[*%7ChҡBv` -~}<}rns |dk9]=Nۉ3I,w|_7gEh옶T J16@Ұ7_zQ!I;c / `ZNac3CґQ5@4@/ǔ 3%Hm5 u{`v 1hk?X9F2QDєm3x 4O&skއ59.^)!1r*v̟PGnbTܗZbۂʨ–`qI%#5t<.芑3~ңQ KaߡF9 ,V3ܰY(*.˱386lbl1PL'U_Fw;-5"8lxLyFsM5ޠɠ^eרowCK'O '\`\B]Vi aT >[~\iҬ7n퟇u!B;v^\_mh|zZDN*3fz@+VU];G>W-$-!_pS[Jhkg՚l4hn`t9}I7v49o5*:]=D1f$+!C'- D+ 1 }" }~Imd?ȾHmN<:%߼/sh-+zlG>Yad?vDzX:ɢ=7wOɏP _BaJ[pPpr%(TChس#g ɓ!+ii=LSۖLNnt[: 9t㔓K۱qt^e`:/>E&+8R̚,xš>pHj?bG;y\D|y:KNcYO( e2 a 3Rg9JKyQ Z6>]w\#𝥕- ]7ͫH@"KhRhazbdTJm"t;q =,@Ɇpıqy"F}l~7[= $_򄧞em1ARlj45FWxƇ%LCtΠ-kf4D8bFr>b4TqƙD5YTbUѰM(>ÿSzZꧼޭ|0UQ_!g`:}c4^ CVn4`⾗:d_Ms Ŝ/:b-94]VMkFja E:L/[߼LJk1 쐡뎇e5!#_ ZMJ:y"o4Śg:Cc&XBP6u3l-o$pzکFD{[UB Ӡb!C]W/2yS bRJx.4%g hDa+N;_gD@W\yFJh~n{sAVBAm ()73*!Yՠ{G#[i>ƷOO3dhUxm6ۀ> 2*Hd4pw=M=?"_Bz~!X2Il/C:,&a.\z#1 cX ߝ L'x%ĭ|zZdRMRmSFw͎Eu(vZR!r$Ws%8gU{c|J'`!T%B;/Jc: \m+3;ĭߔ!|`[g1נ=o:y:Kx>"-g36*u7au)m`1y 3jr`0G5F硠p1ǥ]Xi7;0XX2+üId[u"6(g$jދA X|x]Ȳ!Vn+elv56s ^7Bݚ! ֙nm#!ϔ_sXo?Mytc8d +|-&zdem< &QCCFlWv=>mh+wI٢$&8p̫-^bI-ɻƣ^k:_of]̀G}]DY\g XY` 'ӷ?􀯸6iw¼< IbԠ{Tߕ؇9_1`N_ bʕyIבq7L !%^jgM:Ke7j#6ɏ,#'.9,FeiQ." K}l)܎g/t=٬q=RYўF=AE5UNM2M,}m!&CiF X+_ əe(JzlUDz8)#aJVIC` {1Nh O %ۥI@,Pb'9:j/%~ s>{݅9 Wa*]jwexY 1"NmNr8caQh.yižU8wTt/F/[JsY捸9/*NP'Q&PYNs|j,]/j$|7܌4tsZV|`:U|LO݄*ƗN²$0[AXivREzܟ^ON4>9*PM2<&* ::AXwIM JK/ҸQ.rI(.A5&|DN|o}fVl*(K"T)|RU&vgxMR^ {r8PpM%QVdq"[^tYBE7|Qw^_[5X>9OǤyV)PH3n9,(N|Ȅ(vVcǺ+T}`ҶA*]A. )+CH")i^4c~.9CH"?{ AhacOp% cY. ^W'ҿ6縐{b~DÇjY@>cwiPϚ#J@([=cQ̃+kzѭC$ .?K4KIEuU@_?eœ[g":5Tt ȵ5o(Θ4W9`<]20$O <`8{hd!0[H2I7$&D1Kҡ` W@TO5T&3E]fBD ̷{xn﬐ nt(fOy(aܾs VmuF*;ߛ<,mDz~ Ђc( 7 sg3ݿ9ö9-}W|1ՋIh2h_3?_|}HͻFbO(fZ$ձ?N~wu<>^`{Y =ZR48̓ pPw;]Lx_!p/@V1egb[M?`(.Knk'JBDcbgrYꂸE՚쐬⪷r!YeY\7cM@gk+S1$ւt]_L> 'Ȟ{g.5"!S4/`kƾY;BUav \o$%,Hת[J x\ _OڷSU9#(?2Vw}a*%Ph }< HV*R`N04NGR!]gO8JE+re0 0lU䂆0#j]BHpNENt;o+#:F֗J2vg,(93)8 :qSL":F*'.t: Mj3!wy{FB edV eBi/%8et:viϒL_cYyrd:VYv_zƭe~J^PhP ӑ[@)9Ce;0<(u1p+6T2U Ǚ)EXPkRԝ!JSt]eo9g@ttmTD"*~0륿<`OFxGdq 0V85k:a!R%Bz[jYK0Z g(}-CQ0?_k _2ib 3(rkY:iq 1jV})X $/Rnz[bl h D.)h-/v+xJ*BYT+.3!Td643lW2che\)29#6&nBG:fw^.-y*7<}ޙ&&߫T Ldh6fDFҶGV9Lkp`ȣ)E.r|qOBqEPDMVn8(R1cbL1&?szr)(/n x&oI L .7Y"0F"_S0GnߐTZ,.w:l4mdUu+Wrƅ7G!ر{`VhƓŸSYI*|HDGGͼy9%6!^T~q2Hɣ+ S=S/fAڪ [4 xl=7!ũ0+Em_QhzGӑpH6uӨ"[:^>,*Nɶ47bd'KR`4Y ?$͆2Tu/ r" ,xtIZO 4c!rWX.Fָ=h.!<2 ZSX-ce g' xn uQvObjBU*=I>X_Sw zHwȥvzs|=5=XA4=:8JMNo# Zkk%Í'[eK,x} YZ