sssd-client-2.9.0-4.el8 .>.  A0,,,..d62U]g#frO{@i'g zQdlF)JVa1cPh]4c"\xuT;TZ.fU RsQ-55Hw6*m(q 0V-[џ~T(ѠM {޵yqxmt5aEZ9Kʂ0p}Mn%OjHNT`¥G{߬ϕl|\ 4"g}@b.Gi޸;xIB1[ĸ:@ se.3\"GB09f669e9632c286140fa1d62a203bef15a503a48b0b0778f8943a1bf80368245f454ff02012845c55e32717b588d5435a7f84ea50302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb500683066023100a8d98ecc95f03ba6bbd4df97e5613cb9239bcc39e10df50839211027255ac7b15d77e17ee1e23ce6c06da474bff04df5023100cbefc4d861d08475dd130168a6c3509e39f4e72875a301a808551837a3581e8430c7c65901072b6217522086fe82372f0302047c435bb500673065023100bf8a2dedc3994320fd60d3d9a50779416ac1b63b55b1f42fe6c253c2671c68e899deb74caeb8004126ab13ab9dddd441023018c0e1379022b578fb5bd6d05ef071b5ba6dd026a71db1303b1d0ec5a25bb576e7eb37593924087a84f85d3c420f814a0302047c435bb500673065023079c0bcc24efbadf252d1e4c737aef180d30215491e14bdb96c8401d27268829886df0d1be3de4cfd2d57a19b7544e6b4023100a9636a74b8ed29393f03e39769a3344b762073a746c2056a3c6fa327a1f71e25a1e189251c971670e7cbd398f4def94b0302047c435bb500663064023056daa0a70581abef239bd70b60b068d8eb7ad3ac96ecdb8830d614fdae03914f18460d6f1966eb8060debda66dfd12c102302c7f1f49f5c6b9cbbbd200a7d724b14d56922441b2d63bdf0271a69e24888c87611242d2646d7b0e7461ce432b3b4fdf0302047c435bb500683066023100899095413e687faddb099c137915d4538ab65e7bceea454d0f24e1b1ea564306d1041dedfc7ed8d20d6f01d59ebc6a93023100ed175736fa6038f96d683a58bc1f6c4b2226822808829a999c7b69641b52c04e58a1c9238e84ecefcb73f20fa76c428a0302047c435bb50067306502302ac6d85f63cb1af8812b4f32b3c523a318cfd62035cb54b84b23433b79914b65ade917ba55d499665c791ac003d2e26d023100db6967be53b46ee879c9d486d206cf876e1c330c342e5082318dfa9363d571b3fd0b3b5bdc6680acd724a5c3213fb9540302047c435bb500683066023100f6fd1402f712fe3a2789e9719a172c2bc00385c15f8cc083f1cece088ddbfa48ffd9cf76401728a0d65c2cd96e798ada023100839fa64229b3a3d035887d774a1255a7e38eae9628da7340d8fa2d1dc3ce092e6ce9a9d482d21d6d1d9d6f2f8ad15a290302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb500683066023100a18609d78420929f43fba7fe8f6a55695f17a3d03e962817abc15e5fcdd5ee1d8d59b9eddcc03e2f8678e70bcd0fa9b2023100ac0130a233b25f8e3b311f16397400b85a03c304784c9e7e5eba8f946da00a54b09eff30076ae9989a04bcd573423cf30302047c435bb5006630640230652f92f76f3962e7ea6843a255026e55f2ee9019d5effee777f3dba1c438237634b513ca550d7d54c6d2b28beb01e49f023022b294b1bda09a00fca43b18085b4ccd11962028749c048b25932a73efb32ecbfea81304479b2e14d051f2b38a24059a0302047c435bb500673065023100bb44a8c22b01827cd01e1646ef30cd9985d34526bedd5802866102db96aef8df83af010cbc16dffacc23c077c999271e023069c68e3d3a057af7524ab2ab9646b2b40ce41d7c55482fb7688b7ee86304505fbd0a837938f33dc2a0be95b21e1ee0660302047c435bb500683066023100ce992daa666d32660655ce8b3428b500ae32c6c40c3ddc2799200ae5a40150521ac6d0f6e45795ec7754a25cab385b6a023100999017fd39b42ff2664cb3ab1697de5a6e23fb4ef4984d10d742cfcfafa76d08276ed418cb2d1d2a4951d423cfb764410302047c435bb50067306502304c0f318b94ddf62f9050852858d27083f5525fe587befdf3c5f56032c13ef62cea2bfb1072e30549b4bf30f12659c0c8023100e8d7ea9fd34dd8a4f551970151df0f051018eb9d2158b1110c35c3894dd7c2b8093be24e0c9d13c3a6d9cba28ca0a3bd0302047c435bb5006730650230205e73fb9b4c11c798e9f23f8da517fb19a372bb1e740d13745e020df0c8037c3593933460532144b791767788a42a34023100f0a4948a95b51cfe0a675375241f5144f223e1430a28a2c081a125a2b4677dc77f6a8e863b784ff3ffe4c746fa9341cf0302047c435bb500683066023100f4747a8a4e85f9dd5ccd62bc8932cee3eb4f9ba64571cf8c05dea269010e7ed4e4f7b948cff8afd34fa2aef62651016a023100d7ab29f14a3bf6575821aae01267c69181e31cceb29a2b82cd9d0ed2024988f8b4f8cf6c1ca994c54c23b6737a73b86c0302047c435bb50068306602310080325634ec2969dd071900b49e80e1a5206a5e8ba68a53b637ceb5a2a524116ba550064875fbe0d9193cea6e6323cac9023100bf7e676b19676c2db9ebaa85913bc578fbea7a774242cd9f13861646eea3da11e8236551510c5ce65b8a46936d46b8b20302047c435bb500683066023100edd4418a6e4c97beb24846550cc3e82a91a879e0f44501c8f0d67572a346d901ad16415120256069962aaadbde9d43d3023100f86e8f509e4e3598b8059bcafed90c7477d16e8bcf7993249becf3af3bea9d460a25b7f7a04167de347b5c363e1a65f40302047c435bb500683066023100e3d7a7b166cf0d99dbbecf7850887c9797858dd611c8574d2cf1388ed61f5eaf128fa6c6d173d7341166aa718131afac023100d76728e3d1cd8401708d8b890f8dfcd5f1023bc713261988a0a839ef633582946c7ba4041ae8adbf27b78411b2cda6540302047c435bb500683066023100c775f09ec8e9eefdaf3884a4449dd3a4e828779b72a9a4c0683a988a0b80ac69b4c4c2c18a30bbfcfa266dc7e2ddfbf70231008f6b158435dd5cef1087d4af0dd577c3199ae68ff1319c0134fc99ba1e31c0d6b97e5375d80a3688eec62ae81ad3079d0302047c435bb500683066023100b162da0e6effae172858f45d61319c8fde370f4779b54b8c603670cb2067b4df8f4085b9780a571d238ebcd231cf79a7023100ad1422882f7a23abe2d31133390dbb4e0e376432b1fa8c60cde3abe8869308d5cb7d51f4c36a8476b460edfb94a76b430302047c435bb500683066023100eb9f9923afd67ac7adb74e6cdc5781770df0f12d7dbe4314d502795d3e1298eca9c3ea6cbbc0d9c1ab7b35293059fbe10231008abe68cc10ffe8c4de35a6b8e593ad25de44af48c48a8e920fe56df732b91981d7229ce7429a42500cbfc1a6f9b1eeb60302047c435bb500673065023100a257f2acc9d1c535579920daad5d53bf61e150a78f6c14f3e7f3b6d0e112d32568694983a74ec52989584621854ae7100230564f75a5bde7676f500ffb9680b8046a2fc389f2a6ffac0859f1d8c16838f1c28f521fd6166faa14180090391532d0660302047c435bb50066306402302569c8042d8966049e67b525f6c0434c9257263bf08fb624b033bd54b7780b944a1aa1bd5877240440b2a30b4b45a6df02304dfb7930b7a97bef3dac82baa960e0ee129e298a57ba84d0521f8fb24b2061d30445495687dfa7eff12943981188d2330302047c435bb50066306402305e09cca088fa013ba3419474b2ae3f7077369957cf7baf1e344078e1485346af7c5787bb2fb2748d2394ecf3dd03786102303456630754962eb25d0592dcf5cf3b6f6db8205126d8049798f7230c54dcc9a2951dd0038cea8dd87c382f791d78aedc0302047c435bb500673065023100f1dc944a8cf7c5b113ac486ccb5195fce624f7041a197914d41c6fb95eae35acb5c6e0ffb5c0202eb096e754823cd81902305a22d25b5c8d9be18ae6e2ce7028858c93a71346ff0cb5dafcf3ea967ca42946c02ab2c0af29c5919ac85171dac8bdcf0302047c435bb500673065023100a65308b7fe0c267be75af8e4b043509f415e2f43828844556aac9d2e7b9db8db049b50456e043dacb7e3354d8e827f9202300ed4f85f000c38e460ba83aca535cfcba1d4d3b0acb52e6075bb4402288f287b14ee7f18e4b1f3c9df014c59e2d1761b0302047c435bb500673065023100e7ccc0ca36265c81d1a9514c0a07fb3713367ead0e440574a89e2df5b0c4876b604fba434087c0f43377fc11a7aa634102306c2cc00e5c8ab00c8dd83c1d02138d174b8bea94de553f231ce76bb97f5695bf04940f2e3a0541726a980aee4e9ce1740302047c435bb5006830660231008f473fb90d05e1c879f29a9ffdd9ab56a031d15deb8f1141411dd18b0ebaca720b8312ef3c213f9517a4935ed22692e3023100b240166b77e11f621841c7aa7c5a8067ff88924f88dc55a3be31aeef5b94efebdc429940e1d85d772152f949d1350a8d0302047c435bb500673065023100e25b94c6dcea8a30df7aa4fd4d9f188a9019cb8e44d0f873d3c4faf83696402ad9d8a8b6cb3de3b909f1c559b8b549bf02304415c08afd78df6b02e6f9918a7e97fc5620dc624eb86f546a60e1ec18b7abf81042a790aedd04e66a68836dbe2d0bf5(d61U]A;CALQJ"я!HF1ܶMLAܬ&Ɩ`t98uc$<-!>3%<>4׏LZ7@G+>P˼ϫo,#TQ~*eKɭ/o6HR j;f\ hS-nA@L$d6 Q c;gq׺ ӎKZ}*~W͝<>_q~I4T:-mrSҒD~v)In'mo9s;Ec7y]JROYEm4.3$n60UN)b8'qN求tYAxQai:fa4@֝>BY݇n3Jx5\ne%S|s96E;":"O4 RDy#5Z0+fE٠| BP8>`A0? d  @  '000 P0 0 p0  `0  (0 0008'''(48<9:o>5?=@EGT0H0I0X Y8\T0]0^bdoetfwlyt0uT0vw0x0ytWCsssd-client2.9.04.el8SSSD Client libraries for NSS and PAMProvides the libraries needed by the PAM and NSS stacks to connect to the SSSD service.dwx86-04.stream.rdu2.redhat.com1CentOSCentOSLGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxx86_64/sbin/ldconfig /usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so 20if [ $1 -eq 0 ] ; then /usr/sbin/alternatives --remove cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so fi->%2)%F@-bP(QqPK G 2  e ~ ;  AAAAAAAAAAAA큤dw_dwdwdwdwdwdwdwdwdwdwdwdwdwdwdwdwdw`dwadwadwadwadwadwadwadw`dw`dwadwdTdTdwTdwUdwUdwUdwUdwTdwTdwTdwTdwUdwUdwUdwUdwUdwUdwUdwU4b02f6c08a036a2b896e6d67ddbd805b7cde2c0634e0541355d199a0914f979ea5d21d164a0d408a6184b9329c8a1e7809967353e8525dce1383ad789c942d4e137dd58b4336df109c524a1bef19672254e9ff79d204ca5bfa2780191481c7428c500d05837a971f8fea5a8228ba46987dd34e6e958c62543cfb9a0af561713b9ea792e234efcec3bd185fccb76f71173248b14f0f9c9940ed674a85cacafe3af0f35103bfba5f28f3eb0ec43e3d3f9864c5602975c02bfae9c207214bea2336e142c6370de06bfbec1cac5c28c22d8e6f289b18579beb1be2fee805155e99dbdc6fa89c72daa8153e0395979df162ec7026af930cd3329fe01c84d89ed127578ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9036c57f43c939054fd4b831f271a14c97a488c38f98cdda5e887c5d396e3b3bc586d8c6cd5ea30b24fef9d62d1f70637ecca46816672b9b1f643980dfdb6ea383909ece8c2930b227d6e1bc17f46671e95414cc7b6b0aca3c18185017ee09abe5d68a9c2325ffc925f610fbf34a7a4857dec72a3d47f6c04ac2629413bfcb78aaf07de95e21a653677c56420b788961553868fb3045b059c5c310b71de001720b1cd8caea5dfa92d8e9409b27c814e050388da2a0fe6a16e21629a46447cd48da301125d9d9fafed0e57f27773194c4b46ecf8d55d12b5316713518b77f6e468dd32536a7964e52fcf93c2d3ed7bec6598bdb94858f90067bfa475ba66a4ba29dc16446f056814d57af7bf5473a349928cde8d8c9672556eb63a36c7bb96045c5340b34e41e07b9902736aeb52e98d83196e4e6effb7ad241ba149bbfae6e09da01c2e81872ee6ed64b92333d8545e6f143aed845149de859f9fc5f3e98081450d598d734503e6e4dcfe5aeb74bbd654c7c75b45c08061e82501425762a00fcf19cd13df335fac01d980a399ab6337559d8257dade73722a21eaa7d07b6dacf8c4ce4614070b615afea0540ee9b7f1f60af7c6e7aa8bfd56b1d90209020ca5df20c11f69eb8da50e4ce96d868c3a3ecca5edac6cb2438ffee42b6ca43833eee9cd66b749fe28638552d219f656c3ae4ba2c6ec585d18c450961c1d7a56cce98302b1069f6e20ab67b1cb8c8f8e5f240a39a7cc791cae855a14f12a7f4370f72b46c5bf6af6f5c3b834be1cd3e1be86fb257381c88058a4934da432389e60f3794e../../../../usr/lib64/security/pam_sss_gss.so../../../../usr/lib64/krb5/plugins/authdata/sssd_pac_plugin.so../../../../usr/lib64/libsubid_sss.so../../../../usr/lib64/cifs-utils/cifs_idmap_sss.so../../../../usr/lib64/security/pam_sss.so../../../../usr/lib64/libnss_sss.so.2../../../../usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so../../../../usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.0-4.el8.src.rpmlibnss_sss.so.2()(64bit)libnss_sss.so.2(EXPORTED)(64bit)libsubid_sss.so()(64bit)libsubid_sss.so(EXPORTED)(64bit)sssd-clientsssd-client(x86-64) @@@@@@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/sbin/ldconfig/sbin/ldconfig/sbin/ldconfig/usr/sbin/alternatives/usr/sbin/alternativeslibc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.28)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.7)(64bit)libc.so.6(GLIBC_2.8)(64bit)libcom_err.so.2()(64bit)libgssapi_krb5.so.2()(64bit)libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit)libpam.so.0(LIBPAM_MODUTIL_1.0)(64bit)libpthread.so.0()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_nss_idmaplibsss_nss_idmap.so.0()(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.0.1)(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.5.0)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)2.9.0-4.el82.9.0-4.el83.0.4-14.6.0-14.0-15.2-14.14.3du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/sbin/ldconfig  !"#$%&'()*+,-./0esrurururusvsvsvsvukukukuk2.9.0-4.el82.9.0-4.el8    cifs-utilsidmap-plugin.build-id4cf07a774992ec34bded613dc0aa1318b09b57f08c4e703ed6196fbc08e884bddb4d8380f5386b10a98287175e1b95e4a17434953737fe82f9975a45b71f727a0d56e50abef462dad1aca4eb7770d18bbf51a988f885722606d2897278fdac49eea7038c45a7645fc5e8d1e96ff87d0d305d6c62ca0a43d9b80a6616d77df8d50d3db66681baec4f593bb324a66db96d8f083f1639210c9e9494377e31dccifs-utilscifs_idmap_sss.sosssd_pac_plugin.sosssd_krb5_locator_plugin.solibnss_sss.so.2libsubid_sss.sopam_sss.sopam_sss_gss.sosssdmodulessssd_krb5_localauth_plugin.sosssd-clientCOPYINGCOPYING.LESSERsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gz/etc//etc/cifs-utils//usr/lib//usr/lib/.build-id//usr/lib/.build-id/4c//usr/lib/.build-id/8c//usr/lib/.build-id/a9//usr/lib/.build-id/b7//usr/lib/.build-id/bf//usr/lib/.build-id/d2//usr/lib/.build-id/d9//usr/lib/.build-id/df//usr/lib64//usr/lib64/cifs-utils//usr/lib64/krb5/plugins/authdata//usr/lib64/krb5/plugins/libkrb5//usr/lib64/security//usr/lib64/sssd//usr/lib64/sssd/modules//usr/share/licenses//usr/share/licenses/sssd-client//usr/share/man/es/man8//usr/share/man/man8//usr/share/man/ru/man8//usr/share/man/sv/man8//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2x86_64-redhat-linux-gnu directorycannot open `/builddir/build/BUILDROOT/sssd-2.9.0-4.el8.x86_64/etc/cifs-utils/idmap-plugin' (No such file or directory)ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=b71f727a0d56e50abef462dad1aca4eb7770d18b, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=8c4e703ed6196fbc08e884bddb4d8380f5386b10, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d9b80a6616d77df8d50d3db66681baec4f593bb3, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d245a7645fc5e8d1e96ff87d0d305d6c62ca0a43, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a98287175e1b95e4a17434953737fe82f9975a45, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=bf51a988f885722606d2897278fdac49eea7038c, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=4cf07a774992ec34bded613dc0aa1318b09b57f0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=df24a66db96d8f083f1639210c9e9494377e31dc, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix) )1>J   RR!R RRR R RRRRR%RR RR R R RRRRR%R RR R R RR%PPR RRR RR R RR%PPR R R R RR%RRRR R RRR R R RRR%RRRR RR R R RRRR%RR RRR RR R RRRRR%utf-83e73eac0b9e6429a41931aef379bf973e7521d0a24dec23e714dec4c9784468d?7zXZ !#,?] b2u jӫ`(y/+jt!-04#Ѩ( E\G"8Hgr*E'.̮ Z-4A 4sLwԗN j_>rT_ޮ~p6jK,!\o쨇7B==VP&4 .¤́@c1\ųz*[X\JM6s.qZܐV U#xR#4m3zp.@5[U5^?`E/ S?+%K|( A"Tgm='}TVtDR\|O&]CVwQ7t[@FCRğ %9 3^T}앹V:Ŋ+,. .Jjsy~+RͰz2Jy" .4 VkޞLx~|},12mzf$ V`'V#Y)KZ!('J9hښL*^1j`tJ[F`^y^ȡ}D]tJxs:naxɔo8Zj }/&0?Q(,nr)Zp*P]Iz(C0Ì5.TPwO[qDWeiA)1c?KS3Vg{VYؤ8TۏoǴ#+?S9k!*>v%˓qQö5VeɌl.C)kX(FF7.M]GK"G5pRw+LUIf0jnM$@26 Zd`K=JTnfzbjQ4cH rEdb0HOYS5!Q7#N?~:go€ u C H>ŘU0u,.8aCL"$_T VyHbh@" 1Zg <2u9ҥ[SǯDh>U)]\z쭦T<ԡO^99q ;v2 y0C,.DFR$,$!Fl,SEK5TDD8.^$5X9i/dD>[tȳ:. ښ<<]ATW&e> Lgʮ|b[j]<<."`*[3)-޳:џv،{;$O]p(2);]a܀'ߧQi]8i*54HO*tr3/'`T *ٰPV+@[%ZryCړ` q)%c1k$.mkhv*C?_A&P|*U/P5 P^UplX8DUκd$u`c?Qg> I75Yg ~TS[/쇞9Zxa׫ДZ<¢U3/dآ~C]_r/:w!@g z]MuF@Xrxb|7/lpg(HW'r ?#%mf {cʸ=q[}JR>~XMbjKȒ܄.b$&~L k?ԴJ׋蒿EStNyv/͗n-+_+1DvBfenE pU,d{-8F|*!hzåз:?/ սv[([q#ኦ؉z*[!4AUS,1^CȦ 4X߾Ft4ii@@$N==nd?.b[J}# AF9 sF^GtDy|etY&"o E?˾LUuFS=mRf? 'To;cC`q{[e:`k,@"޹nl|kVUTD#Pݕ+daZLN,R -il(iQLq lgG"gb,,Fov*kihM]"Qh ;H(xy16Q-PBh%ϭkן{(q$KKO6X];BPDA| ~iedE*M!Oa@+ϤYlhеFW>&қnTYvv*[ Q @GK44F&O_^[.; FP WSh%Z]J:O& "'=="H:N8sCz ?N]VD +k@2)Gn)9+G`Ҥd|5T "> ݛ)8'E-Z)OZ!hi[ċ7yp" #!q+`qle7j]zK~q M6Nˆk5 $}g ?†#U[fIxUc\Vbtb ,@ n?) '#uI6(=4Wj) 剜)َ$6F3ZoBX ӯm2BL2hD#sE^jdU`z( 9 zJ{7H@RaӴCbpKy3ѿ(&X[ ZH2(-UV0ґ~ցқv3[|u%(#|2v#^?,ŨYDlOe0BUtXYxE1gMBԴ!_5QjQ>o1׍*fiXeLPtK|,1]9f[*}QYiXWj9[՛%-KmD^ O(n9>Br* zV)I><Q<>זIwlD;ަ]124H[oAvWq^J(*XKN CKxlq1~pETͤl()Eà 7HTiȂCLCq9: ^l~`ydlB'L!R1Htg9[ ̪O >*њ;[ sǞA~us ؙIAxfxBQO,6j5|txdr&$, w$ݥL%Axv* ukâA}LGN7AB>G䍭@E:]Af%dvS[f47h_B}KHy^ҰEXN$Ec8*l$>Su h/+ZHZY㲑{ui: h`¬pL?q]Wg4Xd *9[uAe@ 6GhAhKBq@%f si=snSLߖZ #E6@~#9ec48>rY%p0e5?a94V~>&SP/y*Nd5lR&q塌0/F/HuRK%a7|=*[O#$ MzݣfB hm7rFPyW.$8[ds,w^O+ ?'$_MNYdRUz &'v@]CKpj5hieMwr;?92.v"qaaӕpМh[oe(x}eJ^rm^%n[ OTjXhPGPAOGjMmÜ8:}5\7J]8(n? 1)D?HSfk +&1ճ`o7/nyH_w ̃iUaR}#"_Z7bJخƷQJk'jq/@f:ۑqhD^v#ҶZwZ=N=]DlfH({7A秠w26 } Yer֚'9E;wPeh)HE݌N`=ϴRo|{.0L W 9c1@w[bvV5[`Q4cOOS͠[PY O*%`xޡc[@zv4jm[qdoQnX3@-v|x\R(ۻ2|O4_Z;3J+x%+TS 'JEǻ95vEi âKѸQ`$'.oyk#q\nR/T;N |>ho>Ƚ׶-QJcN{˨F$A@߂ O*:Ǫn\d4u:f+F{[姌7SO|Noz2=l{IVc<')p,!nV CQ4P>1ZìpND l E,0v %5ǖ2ńp]ߞmEŜ2*VDײ%%Iy]V-`&8UXZaG͟zV QJ 20B``1B$YM0J4Ƥ/\8\g兩fKJRr%u;O#(;Mקß;0Gxo@dpЖoFwݰ(V{Lt-XGw~de1 n0߃uu&',2Yt)6dM.f$v8[#@Z`e%M(/'Gܫ{v7_`S xdn#6dҍƮ8: 揋һ6Ibk!^曨bY窰~_B>& "Z gA}-ۮn>Ԙ u ӌB[),p5!C90r60ZءElis`$XJ#ݠnm3.ͽ k蝤3'ӢAatWR'Z}xQ͕@b#u6St/#,M nJ\/YbaJx^ ap"|Dg$H|dhHx[Ħ]#I&Ю+ZM9rV:Wh*w(C;g $ZE3ry祿J2djYVF%p+놟oS{N9{)p` yu}S8c(UIbq>zd)l,2N_>놥3(K}﯅YJLAc[jqA(^Hk+㆟"@ sUO`r+: CrLd)ijý>5v1,)gJ2{fv,`y+0Tj_ QQ f2[IFixs҂+Cq5HڼnoH|E@Ayzxan&%с-ڱ&ÉNRRq̀ #s ڨp Q /ΰy7@ج\Ɇ#f,Cb+<  EOn1qӊ,Qܔ\h1 =RPzzI(gEp4yƹL 2aíDw}fv!`g:eGT/.GC?2̽u.Xލ%mCdC](aaZ;y?{+{qq ~ͪhKlcOX\ߨBNψ.OXx*%wZ4/6m-{l]8_(kdB>j&~1^A =v|O:V_# PRV/L@i:R8 ǣޛ`΂ce-_ m ;(1DOW[ Gή 'Vpo٧nןi73ꌊQ%kWpp.YD7B!\9rV}O2*'[4epKQ cN1]cAgDD37@A׮R_CSbk0e$k3kf6,A/\|2[YbOs ef:5~4r@ G?K`e504й,_UD/]ɔH鱡F g1z #ru'H3fە{1Bfal ["fH~p1Mp X5ԣPD)e(`8õOMZ~Pt%.=q9>=uDbsgS )I; w|l(gXj]UVe` xbO7$K-0sJk=k*nW-v3ͧP0 GWgnEr&{S3 2F8%,l::TICc( 9i?AGlPm\V(݄^08D kVaa1j}E/oz X_ݶ(OJFtGau%/\iЂv\GizGnHʣhCt!@l["h~Vd5W+ }=ϿۂO?P$l#hz1c!>ȶ^_dWSe#b @46SP3\F\PanѳqS0=^ѭ;V^;Do9dF#(V?ir HOD]A ?諗|)50n:Zץjj"=pIZgh@ôڼF~1Į%zTjfZpŎ_cHO˝qVRYa+' D/=V? (X- s%1ee#T*ifnP7b!#+*|_*{_jI_\|su>Ex$Iߺs?R(h ej/k \Փ"9k2cFh^lLQ){uA\"W}܍b@R:wV"Ԓ9ߒFAZKY,W2c5X윰~B1jnixH،UEUYrfFr+Wgnۮ<-LcD/0?Ѭڵ 91fmˬ>{L{=nE/=uq9bTJ ^ "zO;M 7Vq+doWNZ4R֌K@厠"#L{%Oz_lvi->=vrj4נFPA؅0<5gl8PitNR4h5=e7'©V*E/|1(XOqrҿ?&R r7/GٌhWGGLRhm$G\lJi7ו΢t y^W?PXqHT 82&!ۃ |EȦ_h$il[(_dno]90v6f g8*h`F#eٔRg(Js[v>G8UgPvT47SnZ&nFwoŰ*JtR{GqNdq8Xx 2qsäcT| 2/zGTEJZ|5}Ǽz4#IEL#5`qVLެnKV&Cv?|[##I4H/j׎E kB5V*0Y4{-C}Nxf88>S&q5f TSy:ھu~}X|SϽ/07%x^wZ"9"N>yz+~m+d2~|GSXCt;3~7xϬL-KAw`CeJ#D~W? 'Q'wɝ%ǡ yK5*Y(EnR]SeR$JP ȱdt1B %q/+ ԯRd F%QgK?LC6wрy@)4 ;_xл壋(S;IW4ɶ{eMTh춵uv}IaA"X 8wǫ'Ϧ?-%jvD b/K ٱ8R}2Y|H^ny7ao1d^:/e?M>ι?_JӱF w#^B)_Z"*corS΅QT*:.Y4#Į b7^п=P f 9٢jfG[u4tab/&R@.e,#&gab0 j]͐w\d+M"8AZH 9#6'uٚذOf]3ɦ7Zpv xb/*pS*,“rĄ9r3.xz8: <-**_q`ieF'+B{=u|>aNH<'{ֻKsrBU܇q'R!φdfY!E>pu9WC6Az}Rd&Zo!&9BD |7w̺1XPӌ,0Kz 8X%HأCnu-ʲH<5p3{oNX%!<‚"&Ь?\~Sղ v hK;yC@!BdDY cœ \]42N@kx{>on(%Xof!Rf׍zXrTɁ$(0&nkY8ч눬ǿy-^&K6R3;R9Knw``k2zruj˓{㿗"6פ> M.5/m$GB:Ԧ"Byވ?C)CN^AR +\&;ă:)7p_"vfxhc ciLkU/1H [t=S Vn=.ŠEp钹yFK3W]j,{ǐC<WgRv .fف};.~kS7*v~ɄI4Oq;Gխg0F+^)6wdxGwTg n˅i{ T>i>,!ް٩sQ{SCqL`"L+dLC_oӻaqw֓c WS`~Gӱ_ͳȪgO򄢿?+[]u PRO1 i,,6h}m/D 4u36MT^u0IIQ<1 fx0W†vI1jf<7 ~V4EfPZ$Me2b[7)oD]D?̰^̼7B+#DJoK6 9䒆 #?V)A2*d6[w>EYv$ xT0gF/?`)_“(@Bg* :Np}8XoDj`ҎD")j걮 ZJ8&=4Xg7N*(R_^UNTWkoO F3WkS[ƳU͐?qY"Ov/~"\S*H!kV$:mv.N[,I}ӣW([L5>9931CޒNgmzHT>S~ 5'Evjy϶vqc3(VkL0L&_k6%yEHwKv1ƙM#f)X%7OTNMfJX`G?w:وhGwa xZ#xٱ|-k`CީW=FˀcZ{["Z:ZT NniX-7 ָ1{LOZ6 I nF-)uG5SO4:…f/BU ̺AU';i;G6gy&5.>٥!R(ۭF[h$GWh +o8Ե:Y\ퟭ^˭'_~"c4sr_&<_LpFp>%uQ 'ʾge;} oF/AGM9xmB֟E=Kߑ%/&׉lMhjDqu\=uY9śQ9.{4ig =_E%僷|һ6ǭ떣iԂq*ůqB 09*QH6Z^Bg-j&3&Rhxz(ܶGU" _f˳R :]  `K+)X0aQBdQa<T_Yi0/ 6Yۑ may"w1;FU%j:f 7Q ňZEkxgӤ"qJHA,xrrywuA=dt{5W# lVa9auÖOWYw$פZ!398y].ҏN3%ûXPcO{=t{զō B ։֒4iצּ<9 Մljm$}#ID,KV 'M83 l J("/(r[ tE Go0NZ(f,d ROBd"K`bόcASw1Ѣn56qDc?oI v~W)㰼ˏؿY`'w߃_ًR޶im$c>FnG+D֠?5# |;e yNm74FF'%sW,ES5#%JVP]`-!4[B;L43K  #NFkkiY6_ Ӌ7oPD5T^A`J'X:ӕ:F%d&>>EOm.VNH}fS(g9i Ze0X뮃bѾߡ)o k>QjfcήQqeq\vVO!H> P%XT_ԓ|ͬBJ\]lm:YĊߊaS8f0?jA}3^lA/ 7|u#m$%Zȹ].UWzB/t$sD-vఊ+1kH1 4~7}0\kG']c̓ M%A e2O g7eE#W4l _նo8~u/ 6l~LJ2뻘X~v"n9>DK=pmc91 1A=v?C'Ƃ .vA% /˴Y&f;og4y!ⰣT,tT#^@ -`h$>8`RhVin~oy9tϩXipۉ7L5Sbl_%K[ 1)RVm_(s\RH .<8&icxc_F :uT#Ą.,]0SA'7Qx-,I]h@C9 Պetwy ObɄM~~o@=NϡWC0_C   셧8U^`uo(bG={qNq?o+ Tr¶RuL)+"8)!;i< ~]q\>'ꮡG9Uޜ^| Uֿݚ$Aŀ2fEWLZ- uxĈkv -bV5BnAګD#iL&yLprk,v-'@7p7Ъ4*Pjk?nFQP:1 ׆˪@ 7|y3 jUȉO#|hE+=`rzrG/"fo+ۀ뙫2$gXTP2zqZZRN19M \r({ <WOiԝl#v7[Dj˼9 a pP!,Yt'KgN߫Y& 8sG"G e_Jf/XHu`^"mGT'4kє<=>4K1ZW=JWKÒ֛ۚw& OĦJ{*x8O'S퓴POvxz|%4Jb^X9~JRRM` *W;KuȩULc+5˷ƨS{PReB\Ze0zZPe>>.nkp*̫VAu}m¦1XΫS,wUB@ĭP=|6'vبބu1yxsA͜$=Iлoq\'cUt6E9"=VW`5@jc>#PKqmoX.q*T*Z0Д!DIR}TȨZ1*6pCC{W0G)4SpR͛R6RIɱa -{6]}~1I鱵r ^s;a3>U5Sx/ѳ% f}V#w>K>jm }XJ^Gy^iG i'0E9-۰{)UD}O() Fc/e[C$+hK4C3AZf2vPW{?xs&f6DMUn,Arp l#[ahts@ixR3zI יuwo9,5h%\@wj~WǔX_h~}}rV8lh 7!^_LEQ4F7xƬ "12\=W@J}8WxXi%C\C#&dBA2qˏ@rj ږ\ #LaVɫK1g6,%~b!r=F3b'D xc̳'w0ы/+3J> (ԁ`3H!05=0@@=0'\N;&I1e5s`AnY|.GS3JY+ ZDL; (U=Qek?H{7hc-DCz #E(\"eH O;%GJABqȺrC 8gK2OAO0 WIe:r >ZCbv|}[xd58ٔv"fӀꠕ+\rvDu WUmJ󹘸2 lՂco0`-7~x? .);BU9zh;J{{#7V*$tˆl4dHF2zò?rORǓ ȶW(J*5L+i;@7_~7("Ұ {D-k_!mwP'0K1h{+ᐻj/S̮!ڛ5cn* ʽZi̼X/@dSE3bOf${zU* z:g~A67m1gHd2QUcV^":5;7`^DKYoᶯ8\Xmڝѹg`%J뇽Ж$b)=~~,Z ԥ2 ˻\ l1<>/}Q"OKy-~}  ǭ7mb{)܌ݏ.] &#U6ӊ_h\ Q`{N$ 0 8 Ⱥa#bv}vۘAYM>\=9pK[ @4Oae0/|Wpv=إBu`I:\L}W  yjˉoBiA:((= ,gxY[C%sA] O&|:si'ʹ@k 0/TF8e!:Iw|Ru]:ļ"\;68G'wU=þ-M5WmQޡFSa]C$z<߼)|$ЂIUV+׏bh,W&#]iX@k#}MwzKS\$܇hĸK,+cy@&Lh)rYV3]؀g19xZ kLm0 䞕4"2w47nq*V_Ujk5 t8Hdcv1RTj#(N,B?"EYX.a6$U.5RG ME<`igj0l3Ov^Jivc ^Bmt cI@UQgh"@ʨ\_D ƱX7GvnNHnk OO4[FM6x@T Vxm}ߧA&kX0P'Z"?"#\+Vomc.pgxSz}@yB/oL2NKClJxzdq ~M Չrޜ/G@]CLF"2Ϙ3#> L0Ogf@k(FQ::1aW\Y" )*Y9T kזR~gh0,Eal }K%zAZÞ٪d<:* YD BB \/)or#̂aq260sP9c6*/:[WZ#ryznBԏVZ2^)ee%=uG_ξa9,J2&Ĝ^@TjT_i@_N&&) Eդƭ'tx h?mkNӏQ6u ߦI*驒Bm+Q_m__|<6ND|d )ēa]]y:-o]XwZ> <}d./ͰP~@fݤ(ruo|I$h؍GW+1W O+ղ")B$eXjI^*uG&[>+]o2lޣE3hj$ )"1>`>x!Bb feoka)jZCB Y.gLw1g™vbP 0 %wm)86gch/`| { 5kWoʏ+%2)F_L{|* W f&rh bW!ÕSZ9P֙*Q,*Cy8^;sĕ@456QBEzXu= zɃi{j Qh96w?FЋ+P.!Vq بC?EF9痞5W_ϠkR-9PUeioUDLgl 'TV鍾te#\̨R%-ԣAO{ "w G5y$(iS*$nb6w3 vG9[LS2]9OFCZRexgwz XّN;^eǃaRyo\62,{ vNl)2dC_OJKkN!Z͟5t9ȳNct"[Ԩ !hFA.rP"Ey0(?JmV0S'c˴y&عu)fH1l^Xn54725)}6$Qȣrm^Pyx/u*ًD/X05hɟӆ/Eϲ]\PћЧw _M[- B  ͵<=VJ`^},$z:E+:x2dui1Zz~ ?϶`ɨð> E55ww 0h?<񟲂\Vmg(qIaNcyW{̉:'b+)Ors\)jg9Iqh H!19RUS'>@6eNMN|tc@_[?'˗6^Z7grgZ48$,, OMhX/H=="NN8?wu{K6F֩P?7-ux3^e&SoKN6F8_GB9cõEWEH5?7eLaDY&O´;i~YP,!U`~jRT(Ww87,-xn O^msD,…%O{Lkwxx7ig0yyFTcg\m6)JFOTV$o6PYV-qLY+JEIXhzzDZzac19Ƭ%@_Ϣ^ Na۱ O`' l:{D`uӣD'';r/TWQ< tz` K{F HdCuðVVּA7:yn d \0խ 1} E,fu! uuO]MA4f{V3vT4̽!!?S ] 8,x3=,򔷶R8҉ eUfoPA $mvg 8E]q'Nasc:b<4GE#DP(o)IϩCw8WN ݣG҃;Hd".gesJ'^O:il]t3çt8P$@ *O>3oYPЫl_+6$gF;my^ޞ 0~`ꝯ}s*_w[lSQ+vW}߀h]<ğ thbH99g}[?]?|[*Qi͞ 1TSX.n`QߚJ`xwk5@&r!hrxeiMV+81nyK&hF~yRk^?N/!UDQatJoAϳ}:@ J%16^փTsm;HЬX:My?!}[˃}PP AHK~u׍fjBCT'_ʳ7_架;:ppĔ8 a^$XHnW4."(VjrwpE#O0qEڋ,/Rv Mb,kgtKD])z Kd扏x&_l%< . L׿!ɂWܑZ]UYp \W<ÄFuIjο9='ˎ{{Ò2~.b'TuQgoJ ]g_Pu^ ˤ>6:f8& ~|k&^ЪWh Kf}|PN%kqU{W,e!hcc%̋㵀IS?5:m!Xգi̚LDҐjN'^ƌbszn mD= Lm2y?!ONg蹴q[؀/c2 vl%>"}{MmEG._u j+_zN3 вȡ-kx% ѠxK~- M_m͂)˦y̅ic2clMτ 7HlռnN1 Qyv, 4]ULp# ChPF~W<8d|Y|MCִl_a{:pW]*3o3.mNXC{vФLPAwn:`OGKh8xNL#?榢͎`&]G) T>wb@YNtJ3DO$ǷZP8.|D8{71 p49ePx v[ J ʇPY<`l8s2Ԉ6.B+NK%jy2[O^y/*OeiV_x0g-5oٿۀ/Jbrm$,1Λs:adщ[JO:&Ҡ+k@YJXNJ6FcQ+wK'7l>@&Ie? H'IO7It ;w$UVP-7y?W R Ɠ {O!Tlۦ-%VaV.tNìf1s~opV~5cKٓ0җy KO;խsEs%9|n{Y@C乡sH~Iy$>C-kM㧄|~ jlV׊ù8yƀ/=YVut@>t+y>Uwlv.շ]"/=i-S%r-^masCzZ:' 0|bZmg 5 %>G?>_BC[~c B/̘g+jDbw@\{j }WP:Q{Qu s9Ous!a4c+e9c92o"ߴxLuѳ2|/YeN 1gtیOXH(]9]*&x5~aҝƑOMF.50+ɳ 9%Z G_%ysV k+HɏN0Ȃ' -=VKteD.Fn>FsMr*"piE~9{̳&K7|Hyp3MP PBs4 ;Z~^u@1&~r1=YϚϮ:,((OtBb$L-7j)N5# gZը,* i:n֜V1)Zpy&/?z֤|zRdTo<d:/d8ew 绶[{[FS!4%J V58MM6{PuWg 0JYJ7Ǽ?-<(Qdq(;OdqD 0&iy#!fNay#il?h$݀ N4"Ó崎1;`ӓєM4[2a&0O-4 #&1cGg`)O=C7UҠu3nj˦9#|lYNU+)wM TC}Ϊh, lx" f4NظU  s2q)LEƲ8L1:qn`wy[4`J/S)OQoZ(2 dm'ѲMFk0)G /Qr3  u| <642mV9u|o&^? =Mt|aRnjF;Vq )W9Cx 6 \Wv.P;zuWޮ"@I/,z6 v'aդt-dKZr]ϭ Oexq"dl~,\003p~Rqq( 9 E[./s3`9?OJ1Ybl-X.{>nUj ^,Q֋ȡ TFSNmp"tG>)  בP6? ,9wbrv8_Jun 1>yfu_]1XNGmS8 _ovQ%;([H/|Ͻc@JRN߉T/ cK5k3%^ AQI.?gy[[6o.)lwf[2]`oyP Â={g-4(ٹC:ﱠ3j/:Ak"2AUӎ4P?mw Ka+dYǣ+?69H.Tm00 "b/ .&E֘|ӂRD!Eb\4kFp=6딾) 'vBactվhؒ+"v+t|xO>GBP]6x՟gEWN l4 QLEՃ{Ez!$?Cyi}]5MdzL,h jbBhj14.y OwWyKɢnw(qǂ 5=Ćf1SҝK7ma<^ "WxLʉ6Jzx.Z?PʿL~0 WʄL >KiHՀ]d71eH5΢ÔɅs1=s4g+;?kg}:לp#T9;35Bو[<98zH"k ė~if䏐c9gP2dѻuva+p(g_NF-.m†Tڌ5ZrudsTi<ٍ gH,Z]]hym =ַFf9@=+\c)w HAA5WC(,}'H{^R f W:EwL& n̈CJjs : ׏+RXߘڌ[)ra*AOp(kP)oC+شNA,Su'X wK8NE{̚~Qd8RZnPM E0<wwS\)Dm~IE 2"1; S8(^\½8xOc/@ !,=BeU1hixloLDe8փҪ5\.I9v>vf)f2"b$O\7H|,Ҏ#Wpj6S['RI@\hw7aMpZۘ9?jz2"&xFY&V_ۋ9Kz[x{OR1ѡC8=~~Խo_QJsg3JJrf؉,: ]E%[7ɰLS?ve>SEa-]~*Oۿ#ȓw5\ ߅zPo?,V*J]ohu(6i_7pcKsq;N#O^ 4̭ˠK|܊{])iL ǝo_'u0[`'* ſ{# P_e< ZYJm{G]#ۍ?wJI3%9-7Y#\iK?o]epN=‰1"s +Eq{nG3[ohrtK.m"! ut&,_o~ -6¬Y-Lb*3,sTZ~=8"xIܚN)'u淨 ;m&p(5;caL2IÏoiv-G[]D!c,:4%D-]*'革6ȵftVn3ly(>ԟ/oD]< ]o/(XLQG vU;=I͢ Y5l|bW:J1i{ྒhJi]`הs~2W6(WjVfx~3fX 4']C R_Ɔ.r:8h:a'  s K 1yGA2h:ٵ}od$,Ppk*ly2ܷɊR_^Mu.~*cuZZB|Xˉ!jz ȭ"sM+ /#H n"(B=!&к-$ΪW w &|xbHnH]撚 ;Y&x'{  cc2Ql_ S N8}˜-p.ak1ܯ<(S2fwS[#H$9xFz" {9gHgmnV⍒{qBK"[npoFR$ANex'[_.-vK.^˞EN 2 oUD>^ #VBF6Y+wnarhiW<%z +^H ~[jr i/yaseҊ"4O3<0P9 PԁM k=\UwS>*D֘;_n2)'3;!7M~osϧpQ7x#RN6MѴ 5ZDDz`xkpޏ.[jd BJ nqvs-UKӣz`薕By,7HVaf6"ɪN7| Q5{0xuP'Gz1[p{>A$LqlSEqa?}$jז$)rs-r7۬.JuGmyHo(h9- vh*vԙ]BX%r9*{CIk6' ; >]W;2$i*Mf73%{?a&8p Ѽ@,^Wv592 cJwD'"CQ >>;tggR!8= gI25<,fK/d/EU1 @i-;Z#9C k~ʬM-'lrr4V?M7v!XseA)[JaT5T7t˘aK~ 0Ǘio]{%hj.$NRM  ƭPlu- Z|Z1۫8o\ApO>_#%5劥H*V̩JyaTJ}晌Imkڶ_]K7H*/jYn7gAҠy{Mސ +Neã#)[%-gDQ3% ,I(s@5#@\OcnSq>H(; ß!"lf{ 9kO:࿫{RVݜO13 ̍-,?$>̔Gfz~?gAHb>l(NeMG{?0ceǬi3ŷP35镠ՉtMkεXQ, }8buuGT\P45Ỹ io55D4?K_nPe~텅̳i(~mUC}eh,hsb$E[Ց5I#HEGcūF(m6%9Pde5p)#`,0'%<擑IPbVa%B5.2A b,B!H|Gv;"%3كYg*TKr`p8Wm'譹'Rj~wn?Jt`fݢHqBޚm}ΆYv$>4MsS! q®/N},~o3ʾ72%ll5&1BTL.؁.$@ae{T!0T0#bQ9Y'՜Q#tib\^ٿy=X}{x+ 4iRIeK[Bڛn g?nm]{$'(Zp61c- kQ<mCu:oR|u-@\`Pt8b(}Y 1{dl٠l 3*xG;*kg<4׺:HҺ}%ic,5ΰ mC\VI"{wAKm2)G4Sc Sݛa#ބl'!?X:hy\}V!ߞu [JԔGge;s8:kwޢt֚] GUfk #I%{T?/{4+t -XrrVQf~)Cf'Vq *` . ݟBEJq!߅[W+X$A)u<.\]b(z¯%ZٜaFEye'ڣ}, FeCրRMkVmB(#t^AKO%D6.( */J3;KCK{$=n"GR7 Y$"Sr n4UlK `/͋%@_F jE!z1)Ee$`8,KmٳeL;qdb}Lt-0SNse!mSYp9]R(C+n%ЏhvjщkH#'W2z|iΣ$4qQ׵W!~="7]"$'Shsʲ4i`\١5>-߼\?H4㴄YL4>@ A,&tvWTEH~ћ 쭣]3EW(ۙoKEPq@&L[e7z*극`{M6Mӕ6*(Tϩrt_z٭08Stm/8ݽ T𖠡i#Bp!?9gUR#ſ$z=P%k]^,͞!? Uz"{[Z6z }vNE#^_6۹DOzF7%$#*&w3Fk`p*pRp'クfNJFI潫5)gēNOf,'|%QhG)"H em:' +f*x0`f:5?e$N<5xVBW3SwwdYoC?5  $@:)ŞP{zH'"yU{8f蓚&j7:+OP]&<%DXYX -#*Gdd!KҦGlz_z0hchLJijj nn?l0lj[>"ĄuԭEHm̙Küb)Wm4h e7ϕxpg~6,1] doylޤËRdzrb7[8W*"rz>yI[ƷN[\_Y]qH%֫OX}O؛Wðxfq]_?cn }PųG((6_,S:C8*<ȤӪ61B𸮮Xdզf_;;<̉;Y b#q|XrۂtQ-"5i6R)AyM\e̖5!'Ҭ%6~f=;o湲-EUb "B |E jCjp,?w ߿.β>ĕݒ& Ӫؕs+e`Gx_yC<8H_8TxN\m!4/*ҵ:us<g>U@(KosdXWF-bfeS/VË}YVoS΃rʫxZT߷B |).םi橀t/T(nose@PW;9d0ٌxlAcVU{62Uc( Ȁ:;C34B 9N㏣ {4x4iR0ʷ\*|%[nߌ'BL|a^ԗX5-#E۟=/G#HiuITkqY+Y2WXD*LF=cx')~V.k5ưa<awG SjSy8!0/:Ddk|x/0^t>wx|]L ^ډfmИu)Fn$XC^ ~.΁L=EIn%zmS!UT Ⓖ^M0jW&308,Ə*vآ=3|n:b<|ej4xcp&/@ Exf[ll5ij7vCH݅h|E6-3{p]X9g"{㰭1A'.:ky;'GLx, M:mͪrA k)n.oʷ(idQwց_nS>ܦM JFO麍o)JDH%m57C_f| x̾|" !)~D%FTwzDwde4y}nF>#̔maɤzxrACd<=ޙ{joP>)ŖyE;Hf ,lX>/p~n n|?#R|iWʊ&s_Snc R?hB,@#P ?UɮvX*Ш~kY깧7(4U叇]m%6oONb$xGwI 5rBޙrob9.Oa*n"λh{&iYr5=1y+MfxkBg02\dp6܅=>&9u~6I޳@m_n M=_~X4gBaxTF\y!!O4s٘+ e?z :նT\78#l3#zD[Qh_EG=E+zA4 fHӵ4He3^E GiI }@wCfmG8TܸHjgΛv8JUduEuC_߸:YrLiS*˚<K@,5G[bHjc\S& ֺu(F *&ϼ~~2LLkRp߶=V't?PF(I!DJ{3w('8 y//IDA#N'u?H Ù:{GjL0$x >¢01Vz-jqY"p"f&D;@ f(X "R|F뗳DNnJac@{_PPs5*.slF e4Q kYgʪGؠw+\3V=Z'j7x]Toed% `XٚC a}9{MR f.-m/zk]:1U Ռ#"9Iקp1׊+f8 #cmvLn(.8 ?95$:} `'JLeQ.H%SwQjp[20P)@U NȲb` xmۖ cg?Dɘ˯1i4B^Z=Lh$, nykS|:?麽NB1Zx(CA͠){ퟥ!G<ݳ3Ei},+eo|"m!Cg!>q5KSn`_u#-aό7t  tU.BLiӭ F ݌uJ:<'O>S巐p;h%0#TSak$jỉA쾄Ŵ/]\M ߕQ[ b?USDBR|fXDGI`Pߥ-RuF<2G7mDMv92`}l=o6L@嚼GxV@yԥ[n ;]=Q!{39Ok޿Uc3ΥL˟=~$s[fnw9iDb*+hy$!9|D)2bΞ򡵖?p(J3v lٟ2ϒ+Akq+1 xrk}^*7CLx+5Ҥ\W\,!}`>'Exw^Z~1y(fm̻C>;MHgZm{GB]pDLYb!Ȃ !j5*%+K"!jS,CỵhBuzV&o ŮyT)k+w$ȥyY[W*,'e4溉MOāF H)>s^&ɶ;C;Q:B;/(yCx* }x뢖rK(}MJu[pB<ƖTWJ^y\Ԗn) ~T)yQrnN8,vs~@#/tj foEŞkă'|9K)a{̈q0PXn%EkDݠ.l=>82'xm#&Ԗ/<Bqǃ+".+Ć=/Ȼ sUTTӳQΫÝ0{L@ɤ*.dY f [ \[(Oa xdl{ݽj5Hĝ;7|':E9u:fd0VnF|}ޱ2LJjyg'=5BY_R2?y_vuse+揨e8&NP . 12_9 P:_%WGk,ՎU.qUsEyo;@1'L9^"IҌ X#hEɑ̎qT7j d\kX0 ws5ud^ʞ#Z&4Ӓ ʂogʦ?ߊ} 8EzhVuu?bgW{5ʪŘO"Ҕ}R,hNV39?OG(QYJ\E_? 0[/XU L=)7/k|(N'5LLG)xf,H E~4BжxJգCp9z VE\m4p Ž+0QLq,bɵt z/K:s|6n~BSːA> 5w}6_RKAI& f:)kiN/Zt)"v[k@gD1/ƴ C}&n׍M :$5zMSP}|~D7ym;Xt֑b!2ÅtrfƋkqLT_+D䶓U)}BEjrlBuAL헻edIQGFNRq aڮCu=փ3EPb~$@? *&ETJ8.) LDՄG;KwlO0&`vGEFDž^ԶN>oڒ{1)2s Gax8NOvr4frR'ǖvu? C,Bח]2\/RĴ45?Ęp!^gUlMogP28e1ԁ`bh:Oz4wy$U+ky3Fdٶbr,i.Ph!|-ùhR )؉U` kg":ZrG!={ |GU4A@*Pw+=xbц*+$@ޫw_ |&|jxG7D6bW.%s_ș.xuʝ@5>wиg,VO+g:Tv{Ǽ!qr  \ݨy-7j,"HlCcy`3 @3]^ :Ϥf"enu^MpfXۧY(jWMOlddB\|LL#_غ̗~/dm} B$Gqbdz[d%^p7l#_OE1gfn?x!8 T1V6t}if/]-%Zob(Um@n#z_,wR%(bWЖ ]<_el(_/"^5b j^.FKEe^P;c%/.y[z.O~շ |?Ze q e;J5ÿ' GC %%B}_q/N@q^R|i>H%'Jo2+оw}q{ĩZWa%x[-Sy)k,oT~ ɅIb<׺aCEKw%MƆVj~}>N Ÿbs͈IQ=Vݙ+6*NSSq]-n6m!v2S'DCD4t3؀|fңz"S})5jXSpH ]Tڷ8pp\0(ݦV42u}՗͜' q[1'LQw8rYO:;P*J[ >5ѬMl`7vTQ޻5Y^pu60jiS~!pvQHWW&GRpϩ=db+TEfF %_R/ub:Gcshpm<)8 UUkR|Yy0|J6nFnzQ*7Hkgh'KZxfq(Cux%HE-K9R_ cOQSЪ"S6W 0c;uXd7DfBVO-7Ơ' A\eR`U/w_> C9<~ ~&'zwHjR me 7ΠP@fLn:R8k9jSu )Ņnm@6FtZ<'{/}99j,Acj9/nM[8ҳ8CC!k'jAz?/%Pd)}J6Wy 'ѧZf#jAXXSZx]i2meJr|(uo+ Teo29NL{ySp_.)U#Ap9Byb &>k9;.s ~L}^_嗿roUeYr)Y'!DpAi,s4\%m _QEe&U)oh#,D/S;Cy6gEo3;x$ܓpd^K'LĸGkXΰPDF7/Ykꁢ*|hqP)u= KN+ zzx^}kMjI\ X*@6u Í1x}a(U|d_|# V5 &l+ge0,y+}`U<zmTm@.Ϥcn`[7NvgW.D"p7g ? 7^S't2B9+X~|N񨥡tG_WӞI!ieEcL>ru/m.~[+9@ c8轥F}W،k],}yX,ɯHT,GmO(KCZ+KnpJ.D{oKQƎm^3& 3@ٰuud|>Xo2dJb@4L-& KrS 5`+^ά:*j30a =c[؁9 1F3ꥳrq(rBF_ 8bB֦!NCNj_%׫ H=7m W: R4YcqHҶ-^::ax` ͙LxS w#T)W ?TU*` :q {l1^P/c`~ ފX+xJ%κAER|QwԛkIf<. [fnCo٢ [E2-&8)+ֆʗR*0YV1b@z6h ހWE۶$4.ܟCޔlpӯŵA{G ?4FKͧ mr@Zj?QŬ,#LL =t}8R{KZx^&VА*0yfb0/7TQz7,b/|ō5IBUzrYyt.>RKQLеqp+h7 s/[5`!?%HcփN. k]Pl ܈Xh%ɨ}N?3X!ڗwTߚ۔xPٯ.lAеɥ؋`!hbF^U~/y8Lpd9ă+C}b;D:x'LϤ͋xŻw| Rp/W^Px/L@ԓ J}0x7KY Ǻp r 3^ĻE3ѣN>9\׬ -/U@?:H+!Rtk6ڡyWM/ʜ^+!vz2WGLk v9QGpcU`*EE]& +Ӓ-+/4MMdl2g^>3۵d-TrXӸ驑ST勵 뜟T^Usi=7b•sBj_?GL<] ;@L!'udk2$j 1]CQd+QMTIntnMA1 LJd~2/ HhФ^ xA''SpT[@ތ[]ѐE'Pmޣc<ռ V\wo;p(? W+^6xLѩ|¡q (Vz씀OH_^ Ȝ; #)识OϞSWt΄K}E<)Q݅st씆4| \Ǽjq4hѫZmF(8r{ uӻ}xE7]>Gt?F^KƧ#6bp3kԳbFJ7m&r*y:"C{v&Ίᯛ+$R"X)TCq{OuTb/j;mԚ]Z@Q qe+== j,Rɹf d3vILnK?N/ W`,M|Kht/#|oÆc{Ç ñWR~^-zb+"Kfp(ͺ>$~D L[rg^w6~"4u%5(Ӗ/B1^|LbD$}:C+ N,C~.T)^GŚuaX2nsr VocA xՋ$oH|Wiqio/Ђ2"p9 )~4ʣmsbikˇ:-#nM:G@*4$5¸+7 ʴs AmFuH[qaޣ)bx e'U҅7`LV>ғ.Pf\ƊS/DBLT|X~2&7+U*GA`qGO_wk30oI炭ڷØ Fv$ d̞SߢՈmC$g^Y* v Qیv~dx?OɊjՈDhNLSqT|[Gpw.f27H\a`iP$y]&. s0lfM 9t L1buUo66TOᝬKCiMeQq!(bcUW W2V̷;~ JLˀM %-R.h JU#et_JELwO=l}DdRj_9#s: 18׿V98gOzv Ve? Uu&w-يN '}4PGH }N}q(NwŻGuM0vT;5ٳ:VYq uE\+ca.¼^?umK UGy ><Ȋ|+dVܝuo~k9 4I剉6fgmƫO5 ,[m. EbMq#jO&'ug7oDpeP_Fs+SPS?&RGk;Yݿ!ŃFZNj棹 " i}Z86P .#$wYNQft=WsԓЕ*e-vyiuRmφҿWm?!t+&ciNM{bݎFŐƙbV%1: ?I+%вo|&hƒdQPʮs~/lm1~E#J&@ k-:K?'rwhOʇ UHG#YUL;C~~Zcg氓kiFq[Qbe`FaZƻ#ti&D t+cQma9n[ 9@E8- Aw$U oit|86|qa w}haI6P_R73[F^hSЗ+?EM@ N Zʐ٣IC?3f'S'?tbcCP -4E2"lX%e1m_)N2jrfMq,=pji+(ij6,zMU68egLrSmsj *z: n+UV)f~#OY#>G@l+' kq~jEʳo秚dA鲔k ^ h)$IU64 :Xq vX^ZHdݲ8>MT/\A!2e͇(;>hkB#ѝufACcš.M5t+]L9`lM]b3s!4qQYxeS[`PJ*OΚw|}U! 8{ue8;bbѴA=mTGԹ]Kxᗚ5+Kىm@D]CyJ8BKD A C,F'Nݙ_-(;2k8)d;)܉fC@`XWO`V•Ӭ6qSa# 0B4R2{TRvi+Ke(Gb?LW".%Pw%~%oI9Zny4W0n:<n"޹KDK1=3v-,-tub|!~z+x5 a8{B4(‹y)ZPnOuX!+I+L-b4[RОjͬܫ=f+9pAjZܰTiExr5SL"E!h[@;k38z+R Ĩv#/$&HW(dqjKRc / |] b[.FZEk!!#A-VZ;_K+eHJ` @^T}0ÝMI.RV1bs`dWĞ3 +I ,V{eG)*3^|-"C1yT.!dF~e p2Eq9TpT\U]KdUbq;lĵ<"70T5aa!:!"iggZ/U8jL/4d,}ysnȃ75U_unj_Fƈ7חdu?K>fWq!b,AXMG*̀w3Ho5:#:-M9C0;f63۵ƹvORX,D>'ggtVp:}\J%r=Ө ׋3߻y_v^La eVj~£e;DW7'y[lFΨ%B҈J$qnމ^"<Afm ί]ʾNG7 >0hFcvR̬BJRW-@6Fqs͸7Mѵe6#őNi@ctӑTM.* l}BOv5Dʼ]i/[&dw0_H!_)~骘0䬿VDwOp/CB8m<5ҳG$"C6"GȚfM&Z04d=<!- ȯ' 0ǿtbi )2nY#V.nJ|CClO(<>ovM&J8&}cAd_ٺBdf9?Jxx- 108߱qgr6&YLU|ՆXwjN$Z\J *.mJ37JIDdg̟@dべ3?660ׇВJKkdʏJ[^`P ڔeWJBU$uaZJB Nw1vb%x̨%z TlT@= 6 A9bhe n-k( OWs: p-z~{!dwqSVNrTh$>g vA):P6ÄaRtC̿>^*MҔ]FĖh%f GxD#δfx%~XLdT`IfI\zkȡmHpmeMͼ@Jsq>X8lF+q2[mέC֢u:)Nvvր&#Ag0_xI1\'Xl7` n.Q&4xAR ?Ne-s]:VL!!_KZ]R;aϵWFc;=y5`7j4q?E*"WhQ5$`׵gɏLaRFEqľc= x&s(!U׺8"U055%n_C,%ՁYw~iGj2(Tߞ_>]s[]Lu; 53 }<7$MU1)왥QLYLDvMV)a~ E.BϡjLRAgpI $4ά@kaSJf5I7hnwփYnSpWIy 6:^'isJonAdu2ȌS9g"\ܱ#dԌH2Fgy";bi)|wgʄ6-BHH;48]L;Y&AޗdET[iH ((AbERw<{ Eov7" !%{OW ܫMcA}9H9c^"-ҚOE޹ XF(Ҭ{7+)DPu UPUS4LS5>v s|P1JvJ}Ϊ /=sqbOHM։挱V$6FQ@`ɪqDBӺo\aF}%;žTjE&ZC(Ke'^@ ABQ N%JdM\H Һdo?|H8yӤ (v;1.uNZlj"r_lR|즏 Oɋ/됨8ҏCM",+r.݈BϘ#ܐ(AbzT237.=2UʙuN޿NѦwۙ6<{~'=bT Z2_:a$nejϴxT*3#aGO@fRkЉt3Jk;RD}eK8gJ2I$`U &BlW;0܎pB~AY*2\m|o _5A{n%Ñ nV{8EfN&|6 éو;D*­zvn24꩔+$&Ũ1>:|4]p*mqo:yohJ䍛iqtdW[X]&4 h0AˈcV;/-|'pq`%6s,uʁpL<\5KHtYLAĨfRwٜ&-NȀ@HK&SocOѠS~`9%,#Zўl;{8غX 8cPu?M+'ٹ $S5~vNNGݶZH\cGc_(k?ɱ%k+mv$G/E虑@;lSd3,֮-:~jI ;cq0H>N_ez‡Q4wH`|NAjٗP3s@nÇ浔NR`˻ &;C`KI^1P[X="ƎLj}j]dlR-Nmwv%o'(c |.<³.DJc.DEߘ @rn66/ F։e[b 4QyʳWX^Tؽ. WYZr %Ja^7%IݞxҖU!P&%voaɥg)CmCucŠbߓr(j>E2KH J̺gdU~8I1 %$sb'+weA+Oak$tDo }/tm DW8$ &83: a9Π/2kd ɶEBbmϾiQUK=ĵM.(StS9VzvIǘ-r\Frj_h|Xq! D 7oy_{J>ͱi50.*ݪmL ]wC=%"pG_ 4F39҄|B R?19AF c[rӘ…Rk PÈS{Փ5S9U]ZȩO}Ɖ<&FxC!JQgPLU BT pL>Z}N MXT< h/9- 4"WRUbl>c|}A1 6+DM2Bb=-{L-cBI; m2nGMnA8n=az}V:e%-1~3>6 dGrpbӧz98o[& ?R0̺CD$LhỴAVi܁'HWWw"S\#VOomO _f kED@M EaK@L}e+HjëyCuh\Vh '8[{&aMjQ&!^/NXV g馈A{ 9ȼh !j(* y,"wg˿aŒh=BCW/h0!(vr Tf\r&4^g0=\꠰jA kWɹf@VcId$GT"OIߩ䨍W |IgS'٭3[ar4t{7V8u]zc }<'V7?|͗݇w:9wR7 wuY}paV㓪eklw@@+Xey@T5X?Lx3,])kɢiL⊏#IIN NJwB 0zDJˆ X8(ή{rpo4vz&um=W69{s^/EEzĵfC= 0UAuXZ՛${] Z"1231i:\ϕC}qڐ>>L_G|blt?-]5m\1&LEon*l-5c 0P{hOC.ItM6ՓER.e?p?WiPIs.0%N@M*,\R&P |mWèl{D׼Q>=o&wW˰5Tޯ3Ӵj1xEzp5뷭0tmJ hmq1%9XئZAlu[iBR>R75pz7v"07Ihb #)Jw؄q% Uk(jQO\dӎYgSTjqƒ}:Hxݸ9{>G+(cr84c0:Ib=@nѲ̺dc"F÷M] + 6D5>[,Fk5ٸ /K#&YL<݂dt3֏s4}i0 1WL1]jf̾gIp_GvcZH"j`rۄ`7K1K|@Aa8yBRW~Àg|cŖwѳJ2 : XP7=!L2l9bm2SVөPTX_gkIukŠ sD&)t{ j;=A&DWsaRI)3@Lß$K9XZݠP-O# \"R#ޚ"24ⓒ LM% id)|3&l~밶#?aeJ:_Kӌ.1 뚽-W[ ``p|=}-P=p2Jsي6u+ )тX|b:[!8<)GN5s> mލj%E 2dsBEzWlT("oŅxM 2xǴx?II2b[Ϊsd"3oL+sͅNG؁ Pu/ػUD&_g2b +NP3L krc\?njͭ(_Ԓ6g6${{E *u='#xgR @ܖHh QP?8dU6c`sT Eh4⯶j~86 Oqƀ9%̈́ʆpt;fnJA(-uvT&Q~&ԒA d&W&깤I Zc]/a,RRx8k(cVw(C;m:n/. wWwYQn/ixqĊ3v7 ȑ*T>5~Ћ 4JwpЁhcb n +|U$'T{%*VVLi'R>CM⢼BSd,$39(h BqBw ڿ6Wܤёd$um~ױP2UYP)jX6 Gl-+3o(}٠&tsB7XS a(;f2{hL5$6[G:Tlڀ B@n9>%wAQZ$4ˈ}n(IM4E҇`()`6OVUlUCVqy|n!dJRC~2mcx9|u1 [wKX=r,b,葩Q#ri^tD.^}#<؎úGiN:\K1.H}85zj˝Q A@m|ʈq Nl6x,<sB"JOfn#m(5xD1X0wU/6_;"O[d^4HȚ[Ta!Gf#uP*/❲%8`Οg8ҳVW@a،v,z5jӊDfoi"d֜ݷ Φǚ*cM0I%K<볮\ պTy<~h<6b]w{jrv{M:,pf W>0[A4Vh6lDK B4Q>(0Q0'e\E^U')ܷi bHRol2x|Td \vs,n5`Or~Z1Kqy Pܠ)dbÖ6Չ-Cz@ƞK-g]0mͭңwkzrlc5hpqk}r΋;ie8^a穥`jx*PY\Ⱦ>]{ Js>q.Ƣ<К# cƟ]2i'6?a 2CϘ% 6 #0Y05BJ[Ojc"DYVߦjr' |^'|ojY,:$RhU-; n!is FjC%^ɦߋ5&k#FizDR$DMj7-zOl,.7V+7fcBfK ._۪mD֩ =z@4Nև^k#i8? k/18/ݿmWI`) )ylFQ $=mWC"97“; =o<bb 4zv*x|ׁ>([heXsǂKFfL4% 4*؆&`[n,SzqY2=&+L;F][tʉzN_f*M)~<֕&XtԪ^Z\7CCq($!]1m+43z4\:AvSj"X@HȷDhE>S;2نəx*ftؾ02ʘºVĘsD<v"~{ҹ.2x ߾~Ϫ] MrWRP_>?_Q Hko ^seٻ7m =4 Lmכ#~.{$6q}=Em[k6PЧbhVVF<%BAD'ёE,.VW^$ɅAy@ õ[~8סb9f͉7u҄1{p۲`T^L_qlu9ٱYcr3VRJddQ:2p=`Lfz.KغJn肒]CaI8|nY޵&YQz ~i.V}q&9[*,( 1,81"~;s caJȳ$֎';5B*xF 3#ĵZx]^ȶPJGREIsTݡ$@n\.OKTbڳ#Sm=t]= )D[P<ʊXhIÞY{3їR_YEtҢPƍCz-Ίx3_?GW XZ!Ps/s-v5Y(d\A i6$ QQO cZa{x ~s-jLr)C[,۩Gˡ,8HPXivxNA_sҗJK(9>+3?J,υ.U.q$ԤDE iV Ot".Cـ|pis=\X[^_%pDǜsXDbҟ :`3N%~V#ƴt+37Ő]6$-¢,ԡQm'BW )W>ŒP׺@y8jv*'Khl{2꼘&+"%zftpP44U[ͳ+$))N)e>ãe{vAV9r#-פ.9Ff~eصa)tbގ fb\1/O(.T⃫VFWdbU9v݆Q1<1\;f8Wh } #`ic2-XOYGHQ0Ya"7*WQcjqjy!s-LmI*<7,>#!ԯ0֓y q, h3OӆCGDEkI!Jj9+aZp&fq b%l$=-G5s^oF9a`Ht n%zj͔>9彶ms/Pk3*AWZ ulV}55@C[xؒ>GI=Cqgq.o6 ]y- 5'|-3]w㯚>2,}'? K죎; Sc3Ub`$-(d 5JI߄cDWB֔I32cp?p\yP+AʒKby[Vnc@[nীzwiu󦓶S"W䇽8!u厙#vGhpgṛi%q5͜-'E2aXoi)m!pұ{t}{a~ )Ih׮ˠpП-Sj)hHN-TyB8w-^hsbF[ɘ//'' řyKɰMŨ3mv; #y\T2\gq$Ozo)KLӥwSCۙ_ɬ61շkхy80S\povd1YE8_MDOEOgyE952[\7g`6kNF.>E_!nhlAm\8q=C;su]95Z/'\ʓ(,/LTCn)Ʌ <4{Pظxij1',UQ&6:l9H-Ď޷MFArڝ4˫#=yw$\ߐeVtuKAkVS2TZ5aw >"cpNۖF_lzuVSI&Cm"z[9Ei`jcxZԹ,?;#u"nEJ!lh؝Oy?{F[3)I 1kn%0<l k߈5&',S]5p머;H@T3ep6IQ[ %ZrRg# $gYƪAe0NtQ3+ښ=50iGb5'?"ɡۧG9"}-șhk5;e񆣇[JIL FGEcxFlPZH)_jO)Luofى:ԡ!ã7 C}g28 n/D@G0&ِ+yL`~n8.;ݪq<:RpPRϬQT36 ING\¬6z { ul^BPհ ̲G1 >D1NZ@#hp1Ui׏ tcB̑շq+Tw2CA8oIutA \A2O{!Ij E2fӜ5u3Aet׮&^dKIv WSTA(*?KRH u2ENmԏ7MNAfHq)$9PF :B_^JY)b袧Op $KQ`]ʾE)wVԨa @#EjZ=vf rC!#cڍ֡3MoR}nW=7HAUd6 ɒcuF܉Z8nS-^Uc9J6,ve֎~`!YJ?rh:QN^3"?{[$bpVRl7=Rr>XìrVNx*x/=WC~CA'EI, ; h.!rhI0qȕ@%Wki {h#eae6s {d2YI" [O/f(&|3+1LF=9Z MGZPi{O)zQz:]FU:ƒ?/V9##*&ox"PIF3vm@">NKJlHpg"kݚiجE('U٦u_&<4)@ oH)hoqo 9W=-0È FVANԐ,W# Xѓ# BQ 4g^wW%M^ROz Jhe&<csMdVʶnlVv|W8po_l~Q-ͭլr Zm避W,XY1[1a篷' %xבPyQND3OP"xIFw T}sGTYZ)d K{mh6 2B^rERRvB/)g|jWp``$mGXejgY /-a+֍/Z\1 `4_|(0rYJ# k#ߚX%.`q3(kܧ66\ U)Xl`K)]g{̘H%ADžJ0[Ƥ^qTVYe%1;Bj8n1g}ϊ[Ix`@T R3e#֣ߺ~=rџNhڱb"b-uAW L*TG p8XALyF;h3D%Ԓɋ&:) Z<CrGeZ[b +cgspA2ǟ[5X!G(rNO/ٿ3rRB*M_wp0 E (>+n$Ns3+M%%5f DhAj"|%S;[.|pJcn L̘L\]C _Dv[ep9?5q筚u(4T&/HqxY&w 1O(`Bˎ{J"3QQG`A@\;#qMNo8:Iv|i ˤ PcF0:I/~ w'JTp fG% z FJr|hzT432DZd[,d?1QEMn #<X9 ;>ͼ2u05|޳|[3q_nZQOLʍ(뽒:τ֫%?Uhi[-V':%BE=Ú6S'Am&0B &{FDf@`ܝ&m!r!db'Zn*Nhj%[.>Gh D9Z3dM>R jc+Ϯr %E **g) tpk7=zge F=>l1w7i=q 8'T趑>$­.:-"HiںASGMxkɱŁձ7 !;n!naan;? 4p-NhZq|K8lozMO#x>"2`QOMUx&UlvQE'=,GlO:)-@jnḟj+e2;LQAߛ?hSX :M޼\C6#D 5AG؛,ܫ;˘u&}W[I afWR`AJ=%{@HS R5Av*&{W߁gr j-ЧjX~&h]鱐ܐd}7:1$ **'oD4-8Oӥa>މXAS3ҡClʱ7RIC ul]ub{x\9spƽ9YW);ZŅ6%P;STj]N;d-lsFm O#2H*gOTD< @JpP?ֹ=p*I.h h_ 3PD9h H{JQJ&uD`MmLjFO</Q!=Gʣ%*m@q&"O9Y=Cnj&P6`) &պ;S\+8RJ43Aa)JL`D@B*svj ^n[C|i䗨%{MRARm>gOuȎC]ceGȏ99z8CZBKO{Wl%I׾\BLA+]ߺ.dB_$G$<:Hcj ;/1WVՄtqGԵN720kk"OخКdSyh!U萰+זP2zezE|< W3ɯOﻉtϗvˋ{U-;W>;[>vT: NR>~ ^5qparR6n&ֲ 7V"/ h8Evʳd'5)- \|>K_I8:}~uy2s}Y4͙q>~P}!I ZyvWi"n$%l 5 NEi.DֽUj6'bߠT^~s@ujY@gt?c$sCTPH&R9fcRZ?N=d5 6n* ީhk%âIgYqsgHBrRv`+ÿREEq~vxw',7FJ(_&_L[|FNY;of:^ޚ5?ۿqZ'iR'6v̄鯍B$يfXk^!@:єzX 4:3Mh.&ez*#8|:5NpW#aU._/XOG95vlР/\[QŮ̌Q~yZ BȂGp9*\4trExsݘa9gc4~*.ف5Q5T+&*P7"]~:M`aٽHUtR9÷m m[UVD ݃G/!)y"G#ӐUa KlˢatO<޽zϏa(GZ cLzAlF/ A]϶\e$o.]xovE%8( ']l7baOC%EҎw復rU dSQ i&Oݡ"S@{7j El2`5O{EI'T$[e?ѭsO:2}[QtlHU{X Ÿ;dc+ӶF9UiVO*W3gʹ@AM`Z I2}pf=kꑭ眉 6RV4UV"aZj#2mԂZd)# @TJs d8t+p`]?nVo<{wJ}H)d T ee2oi=H"h(|(TT]'q=)D/2 I賿|q~j>W=>?Ƴa˜tLɀҫS':@n(9E᪎«:^xl9?D 3~7)?!_w$xo#OM814ȮpQfɦs F]#ͧ׏pl}-V*yΨQ&oIrV,3X#Lu|ڴ+3B+{PsMeGy}y~+2aieJ?::[Hb ΛZw_tzYMLc}6acjf}2&*8GD]HA͇OwCIv ^Ɇ՗=j,Mi([<_(8 9}aæ(9&%{!?4A~Rjc-LJ#Sm,D-QEde|ElU 89tϩXA;FIBHc/#Q:^Vj&[Bevwsmax`\3߸|c 4[ Av6Kyϩo֏ۀvAYc!h'8 >dw &dȂ h$'2f}"Uq ND9RI.8JmW%2Nj<_*-Qf+>;>%PT1fE/pOЊ_AO`N̡-O=Y* U)&ib%0505G_{7ܽiDs<2ލe¼U3]\?5zS#1TRnI߷2js kݮ*"UT=9sHW@2<M@Ahm|o1n6cOW؊d~[LH,csa"1LNƥ L ~S:xl6("͂ֈ G0AƧ*|[7h)1W/UjDmȓ¹̠qmŨL8m`:6[=k I_ٕCh짻W6 Ug0 h޷FQk]eIj8h7N*k>˾Mic ݡr&<ߡw󂘭ƪD+ثM)l\vV!8~^m3@ژZ3'ak\~Oi-ӯw?}ꚻ2 9 uqK#啦S)<~ 0^G14;<=7*1hTBGEfP$/ .jo V"nY[T \uVb,؞VȹGZMAl^3l'V7ޔuߖPdgE^S]ql$s{D{4W |fSխORڼQ0: U(i<'בlC0&DzVt1( ~=n{_ R/ |kuȨFhvo c2sqMyȨ ' WUzMI0StIMW~*_.D xP6ћ1@rFe8ӀrRĿej9Ld$r9_W6U`#Fxi$;ԝ}κr[c|iW,N.}:6˻oiz>t(1~?a8[l9~Y{bI;K\gOfw_9i^X Q%S##C' QlZ/;n좬?㳂k%{*PnQ@ûq+ƥ֤uX+$(M!pՋ]aSL0)G*]{oug%{|+ohq7aΤUˬE STZuHL/Q>%3`\e{(J൪p}J+7LHJF⎝t0ɔI1*Fcm$Aֽ0 K271:YF'nkCo|JP6 ZU ˝~Eυ![p('ݮ$Ju\Mz7 0}d_j̟v$ 7>Bc\*T6JXKg/טQP&--REÿ`pLR_*5wiݬ-.c#6KhJ:ӱB졪lǭ]ȸIR¸W5o:n<ܧbmAuDn$9ִg)DE>-Xc ]Yb}%zSp|IyKᳬEX KGz{qF36Q~6F %s:7sBÚ%o۴#SoޥsNƙk1իi)mT #Uͫl6A2.2oup&tE[~krcRҾ@зg f_BF#3bٛZEZ #1V14T/W^q9/.V,~.},Q򶨝r"ur`wW#GJ||RC鬷p 0WW/uniwaM huPۺAk_Oeѐx-7s#[*rU$IšRgMI!g׳*-74Z~, Z MCIdJGV=RlF&oCGX]! <A4~ jdMDyٌo@K}ƶٮS3A1:| !3Ce;}\}dI_}6|re: 25hF0{VފYhk8Tl^˙W"(Υ[Qڮۮ o4G1ؒaSksL'ɹe@CKӜc j̱e3%.4dW )3%P^0Lɣ1(pX hQ{ Y.V6;D(f0M̤E A U^` "/]ͱeͦJeKScF z-)f9wg 'EܑBlBfoq[(kJP!HD?MHK"n1n9U&{Cнd'?3)f>BvY\@1-|חLv8.k`-?"Fr0 M,.:ڛOU_حJdHB%1E BkH|i=Nf~4IE|ዐ ϿWOUqz->]0>$v(jRZws뗊!6Pt.PmjՖb z- u'*Sz"lp'Qu,dQRs/x UTڕ&z̥v;鼤+ŷ]>Fg@^LXH {9WO *=HRsn$[1mj[JkԽ/+RLKV `KoQe$gYzYNZGSLAш-hu³TN+r)P Y#2`2]پz|B NV.)l19(\"z6nzbieZrh;HxÛ܅ {(MT  ,=-62kj'y Hظ+|&:عjta$6";KBg-v/^p]*GxgEFG|f=ԏY&jf&}`V/KĹ֗^xtLb =.CDžMb7^ F/rSSi U856v*[/+tRr~RP!u>Bkۏz6+P?lJrceish}C]YgS{cQ"~pʳև ;8>G#p<Ş!uey-@m@h [ϟ}NR41`)FrXԩ2k _1$`enp aHz4?^DӛIo?X*@ⅷu W, ~@, ,\a}Jqi/o%Wէ*$òb/qXbHz-5s}` IyfeK1Pk\(ؑ八!mrs#3 1:S:cHŖւ<$aFz#`/2,I]d6hNR,]C5w!GQ>wĘE:jAZV ~vuR[TsepO(^tc*lL:ȫ#',?!L\Wk"Jmƞ*CH5@Z)Wovܵ6ZF DcJ%i6J/ԵBP*¸7\aP0^$Eh)!=> #-O쫚¯ч[zRnF%شӳm7L%nF Oƛםwҏp.b\:y{\nN g%\͐S >e|*}]ç /Tc]T0t(=7agBq<] Es%ޖƛEnf"rvk)&hJD;kx>ޒC=%."b>T=W,Q@cH̀>[$(p@G%, шte֐V՜nS57P[%Ϗxi Rl b@p5ojC'T}`f |kSWq:[67hNB՟|?m{(;, Q0~ {sb9F^V(rՠ6؄0Q4>@{$ և-]l }۾|f C8m3}tg`0G!SO~7byR.krhZGIhېm4B}ñde&A `b҄G|M-:ؓj.#WS#x5iֹR ΝppƒS"7e?yZ*,ߙW^L\bQ |.@O]:e!=DL wyTRX: {_i+`Dm(6IېXVB"@I @Yj<,y s*ct@}qYǴ}S\!j:J ih 5x-%u1Zb0\qB<:!ڽ.%63Zw'qxl '&Иߗ<4Ws-ooKs:-@녅L:!DUd̃ run{σr +|?OD Qj/Sg4G'?%8+J  3p|W8D%c"&H#hp?:DT\aFYa:8xt&7ܫd$ y#~) fm|r5S1X։>MNX]nr+ӿ41 7qC>M~5!YNzG.+.Kc!kr``f`mZْt NMO+0C(\JnR7L3 mC)z*A,TП W[Z&_ O5z 2a ihyZ} 5ǿȆ+'ܢBs& mM_=x&єiBrRɟo׌S~#ٿqE">HIrW[ SO-ou,9e'um50qO$m)kY u |JDTqmdW5xpfQ5%3]QN- C<+3!oP 0Tkt/^*F}>&y=g-q!=~ ⎥Lcu>޸Е_b6HǯAo$"쪈$3 u9 #3hxZǤFtU/#Ɍ -<}X8T!m7 $‘%)IKI}@7z]wp ; Nu|l^8nu@= I;a NiaJAǭ 3:^3S|pDuraya|J'w6N@ǯ=x|ndN+#{#Rc%Kq 1AdtmU]?Zsd & ZYHO(>->T֣QirM3! ?osf":?jC{eCUuٞ6z5x\ٟDГ)bߛOwZ`E?ܪ=Es2΃OpsNBx 2T=A$q_;vL@9su:F9&IuBE-!1+x{,()(w#ݫ|j-v_vC7OmKi wNX̷l5XL5'- -{w;,\,6WٟR%7CN{8N$1sޘ=Z;ƣ2 a*|F2a@H' T HG(ĮOtr\._qhPأecϵw/ !"H9ޞ|:b_% *"WaҘ νxpgl@MF+nF0Kͳoc?ieۻz~c%Bmc4Xf&${[mnoDd`5axpZCs^ur-luwLaL9+tAC$ ilSq\A7]3՛ۢ .[oZeuPmrfE?JT|tĢZg+[G(F k oUɭd15>TEKA; ӽl~^ER*&W-lhf`.y26Z:xzۥqd Fˑ=_6"x@1ewʃ{܍[}i`cq\f(&hUjyèW2ݢS}:kE5d15F4*y䷽.W'Ĉ[ٚ1q3Ѡ=bC9;kӝwf0]Ay2(.0\1qDvQ۹n~5gl[ZEY :땘AωcRwSIԒk`JO+*{cA2o (.~􍿓\b1J^;2)VgHT"V/HaJa3K7npꉄ6~cXmabdE0th5U2e]sejoX fؚORr 6U@ fqEL邏Wm40QdEX/5~7ż:[e.}Kr|N o\rjϓvF'y3 dZ?$sex']`bLLr/L\ٯ "uC?tҦ5"'eh#0C#8S#J_~.!qGGl.GŌ܌{ 6{,vE:UU742TըNb5)J+ՌwڲJ/qT[ԛ5qg)w8eZۡ:j 亙TwOrjGP28螻J^,3"Z.sڎ:WKȥD+ R$d"leZcUV}d76Zsl?z>kG@+ Eos҅DLmM!chqM6[#9gנ=Qa$ҞJ>sy`'gZhFʋ"[˖Ʃ}!GJy%[J VJGj K#& "QbAKWS Q\CQ, :ԐN>D ^>'WD(L=BcuI !`j&ZԊt )jQi*BZC <9Ho})]]VG `#'ޗM̼4a:0:ah'\Rgux/XG8V8~|ŬꊅYsO[Qwjn~p|I/CceRIHo<*q~sYDuGa<(SV?)J`<ɂX.H9%5h/K&*@{>* z(XNl^\Iڿ 㨴ᕲNfާ#YY떟8d\fgQ/( CFoVhy6zNVy14h/ g|('1+v[V <#t6Eyfsx6ʐ6[dy /]c%+y e3(k}\[CUX6jJٲ_]J@{egxO91b%p)~!9 n0Yo8%W-Nr,\`@68ڢFqzV>)F޵ PABYㆡFM֬$el>/n4%QQ "s{8ܟ=sMb*E8#.fe *TbFT }ʪ?7FۊP_efJZ3VfF@pD0yc.Ǒx8˝ DwG$L[TOBTZA^gr۩9<(M9}SzQ(iQlʔe6zEXL pobuyDߵ&3Ѣr@% IMWo385J6Η@0B v]zC%ʔv f9Rʸ;mu<&89 vHS!0Np˒k-)7_eFS"1*,-C[VWfıˑv!9ybmާtH{X1Jt.E$xQP wc72_^*J~+z66ʦαHȆ@C}-k==f)M;trK@2Ռez|<a1ۛ]<pnˆ bOmjWB?TXρk_sPKa ~ s$jAc?wvWsBdN#E~[CyO⿳hxRv2}ӣV{&y{VW߼GbƜjZMctfz#CSE$g `<5KR# س+X!I&JMZ5(G'Ü%,/Ov>FI&EmE|⦢iUz䱥7 ã:-d8YaXw ԥd+ +)1*T{ 7!5W{ło[bmG']ɿNVk (afZ'u2w(9SuKܔ"g϶AԇJ6c; 'l 'ӡߚzh32_:Nd6y }"<?wիFE~Ӥ> :T3ӯBڿD\Gi=n"~ v7͉*7߶G@IuMRT[ Ht"28b궎ŽFr([b[jtɅ>hzGSSYUQ~ a"z[xc0h!fT j/kH|N%ݿVs/O]p]YEZr2[?9/qI.u@Q!﹭GPn z / XCa-bȞ4}wy PΗm9ceL (n L-kT[zᯛp r+%zA^;0PjsZH-(1ZY0N?_X|0#{uH.phBy`2k"-HHJf?Ƈ@rp.Vɤqe:7ೆ= ykV$R"׿,4 !F@v3ɻ,u+~CWc} ֽPeT5G'lYIL+J7z(]ng *WyèRv#pj/XŶ 1VNfbHN@1tP9'Wl9+:#傦tB=Ojb,pgyҵ e,Ӳ$vI,cj)+|{! -,rE#r(Rȿl^5˱e-ۯ@q /JږQ^{{3:[cOKṆ= =Q"m߼;4ዪ&q_`4fGҙV=/+kV||P-C(.-t#35xDƴ|q&]k4KR++D'ʶ%>)uU0К2])\׭jkeC˹*Y`mad1RWߵK|*9U2\~ L}{DrX)r\Pda0g_&(v?Ddc/?Xi<6̮*`rfdVOϻH_Uxzc-p2|{~,NEHƴ4%J<w5Nd;[^swVךܺ$k]_U9Z (",r > p1R@fٮpOp. &;^LI EZkG77$v|"h`}1gl~x 5+Vc˭`)&9x岙P*e2<;~W?Y+ho Q"9E=ޤӟ&!rޔΆ9Rii;,C=@%I]`=!J Q`Air;_SJSVX^ mbH~#[W [Y*v-5#^բq9C"φzKE:" ֢Hx^͏Hrj\<1!һN7A F9F] vR`Ww@j]g-{;^_C(ƪj1iYQhcN4e? Kgؙ>'Nl}v:5K펽ZnRao5<jWCsؗlNo,IՉ\ /&*O^x\B^It$YxjKbw;j^UcJHt9/J<}vozEvmڷIdRnw,V#l5لPT#P}M"3* ^7_v -RqEJ: A$[HO-(YrKRS3DDJ;3t,\uTr@SPWD=@3 ͎s-*)<1!`/F4DM 9.BUu ?AJ ,ZdG iv~yTjgYC(M\)[}ؚ2\~T>71x[A3{󉵠24Kf+Q G0'qPZ.<|v q ToL4PzSH6SP*f:<5:g36\tۭa)r됡=0JTl$$3ڔ\1aw fI(aGf>_"=Q皸eW}x>4U5jpQWVߕC}d _2(C6]O+/&g\LK˙ Ѻ(O6v$m}4玴wSQ _<%X,R rᮧ/{e:IL@ Zr7|4Ȗ=J󼈳qȺg v1'rMJ?H"XT1#t1Kmc@XYЉyomBEv 3Fp(I#!Kfe1}2C>6-\oLoJ1TI$߄Y9,θ.4ـL4"+>~z]wn\=spn/`729aQAdK!iԤk,ޅ6yt RJUy K vP*Ұ$28( JQaĽ4 %.E=Hz6C*2id6=$2㽯 VPN~DI(-'ɸ=ܖR?<1P$;Χ1-o NǞ7|1J >?aYn=󃿙.f3 <=@\y7e~*vj0$TW19\`簒&߫\_Ѯzt / @.y{!OϺ&}dGLɱuI@#g~ژSջhFBP\ӻg9ɨ*FW@ɜE ~\p"n4|F*7Lf;ۃUn{3*V5 UAH#R,?L&O}4𢡊dXM\A(ڛm )$R% \ur6P>PSvF YZhH&{Xe@6| " Ӟ4*%1!s_w]YTro_9-X<~y/$8ru3Xq\ ]rD[RFjNw#'M`ijcEig>w:~nt mNHb<\p=}Zcĝ *a3rY~;x$# ki=~ s8^Fxܽ8>?alc/Lt ߠ d ThOEfH(JVڃ޸EM.rwGꨌ8tTtݠofOҒצ,Xޗ]XMcò]嶄Qp@F"ÞyEßܓebU98R>/2z`}8 -8Nnq e+EEN*p&;l 'vmqrhWºd2b/bhNԷG0#sIzoןMSr}1.!RҘhCڱUNm0G*_'`ѻl]Kiz=$/J4O wr6跻9Iw9 O"O:-(.Gt]bcN3:7OoHJ-"nHfQ%qN؃υP~݀tO{ʌCtW 7rHl܇FX~t6Xٞqg'o6Omz?F4}É5oצ7tFasLiO]=cCO GFTvN(C'p*L;~-9osnVm”؊ (yJi6WIez 2Iq 󛱓)euyR4ΩR<$[_&1. M2%zYZ =nr"f@ Nj 0 sm4)?\OiwQT)ƏfE>*(_:`p nҨvnRC^\}H(#zh7FJpju0w{ʏUAIO%$>WPW*91nj0(Ѷ|vB36)24S;񜪄Opi$dєḟx&RABBK {>ydO7=/;BL^dtHK]+&IY>ޒ%=ǃRX~I͙D˪XVתD?~+dKĶt{ėl:Y+$QB0l㾅'bүFA9^fr#6O{Q +~א|uZ7=w׼⍎Y^-/`7)Dy6۳ lLW~2^{s~WojYP&l5+ e{#PX-r?++mG bet]җ\+Й/9J'OH5鄃`I#>oߋt/YbE⊮!m@|cqL.e}Si~1(^aE吖e(V[ɗ đg\DT>79$e0S|"S!n QF  /UVƫ/M @\^nI!MGxf늈DtkvĒ{ 2@v# rV e.liM =]w"r؄ɚ=h[zm,i ڌ~8&)xOsbӓ[dLS3g:o磭z1*6Ǡ}vnuu9Vę֐} W (bO}\=/헼gkL&o|jـ|-[aqH⃅`fjՈl2#6jw5mNmf(#NTԧޔ1mъ p,ZBXʵ˦_h-!fXEja{P>&72bUT\z\8'6$ ]KEr]Wa J)1OvCrɘcٓO XRRX糡U^K%aɔq^OګX:0bk<|x DvtR2(vcT̥魇Z00Ű‿?w;:_MDy:t(mGAҀ'I'fI%(Rͧ=FٮAbMH~ ڍ5GŊm );5Q,[jH*|jB@^| _[0XqB{k|`9mL{JPERQZ%e'}v% .?m{)U@4Y6h>Fjaϐ!L!3`%n4Ԝ#r}wyhm`?f)׫)Ȁw+F˫`_[0Cbj@%6M-y3w9 4ܠPR`צ_k}*PO_G8qn8^)ZmzJ9%*nkO^91EgkVL0Vf#BB VwjIJއ#jyY*X-$cA)?. HƳzʖJަlF@n]h. z]nnSC5mZ(P+K*(AްKF#T"v-tg{v2VRj;3Ixg (VFh=ob^[m*[wΝĸ<ؚv!NbzfȺ&,;y Y©:H2 YONW4xn:/\2$ɄXEDuPPȤ 5Tki'T_ijPW#"mDHx0e9yveTIaUw2Z!>WfHmƞB1$&mė^v5|wvc!LTsaD)G\!(| ju~x$yj70H[t\M%W-'HO+ɑ-G#nJ缤axQ?5īL؃԰Iml(lvROyWyS Uwvxgդja/`ӊ?ʷ"TNRrMuU3+/zخGD7Wȯk:Cx*h!WwX {sX,ColfxL-X4-Zy cUmk??H;8>PiH4ܥ2%"J -hĎ<1'6&q\Q_ФI;^?WȳY7tfZefor^^vT"|b l{2`:# dA;r.Uro oUց{ |f8j,j4󴀄3/>gmhy?m4s@J=wV*0:01 #-f]ucߵ:Y)\pUL ȅr@dtI@P}m β;v#43_V`[h?ecï^0Hu~ag!smx=Mw +Vw R {48S(SrI.8tyJ1Z{x|+-/(AK22*ȘH$cY(",ӉU9ikK?\(u4orң\ zl>F{pBkרv'd)_@A {T.~kx$̼Va1mBhMvQɷݸxe]S֣fEEcpV-*t_Xiz>=UĪ2-Y9?PKF/Mpz6&b\sEJC[讛JN.6s LvuPe+_{fؤv!:'xJvT2L+N/9ItN Q`?~X5*}p;ԣt$ 8Y6 r sbHN/%\fL㍫Dwޝi0Tq'X=[E:4N~pQ;iL<8oy=Or ¡k[ '>BI0۪B[0: +.LxLו0F'K Ha^52STjlavjN,"ܯdmn7,t3# Z+Z ^"-MFpGEKħg,XKKXL&?a]NVo.KZ;l*(f_8lW%͸16^U! wu8M+OhCW:^X(UXowR] '6S i, ZM]=[ y&Za[R=!a^ZE).JqAo}ȷ'DDU؛P/'52ݸ;73.Db7{~"ağ>g#Y*\[O篤`$=jd+-/-aT)&g<x}ua' >uz0rJĪg%U3C<M N`[|a{s]'2&N<^'N+`RAqE\k+DM40QV|cqqFXGpw% '35bXv=EdGn1-ޕ 5ġK .fWӥRHG1$9a(ܵyEI6cmg ! ;떴T$WtҢ 6ڸ3uf8U}O.S6ꐩsm)pj,0ķ^3ʷ8!Z ~aXnԻ?pG6R6Yzf(*oHPM'dzQCœKc?SYS@u.Imh˫_ҋ5 sSbZaD|K6I31$I{h B}J\A/n"mxK3ru6ZTn}1ʢ>[ͤh2ZO#BwGHէYeH_81h朠fQb9|LK[CP.LNLc2L{=0{nmWY^!k twe6ZpF`6")m ~c<(}Ih>.1b(C$Df9t[-ߺILG] B2 5ٴխ߳alm.75􉦁shWDF ?酃z͍#Dsx~2I ۼ7mA 0UqthCAQ?( D`&1Ժ k]*)"˼hPnL6Z Szԝ዇rI|Q* $xTJI$fM;EjbzFݥჄ4ˌEWJv9QCNJpzN1XF {L%t(BnAq!ԽL DT!2zߙ[wSqp }/ll 1A*W(VF{Ejk./UpZQ]&@F>p]KsEe"~0cHr6*1B{K_PD9 /_ Ȥⶵ%DӘIKBqOVR3 5V/$,VPB{i# n-JSwb~=ciռˊj`Q r5!#JR]ĵP;!Q80+GT^L4sҖA:uC ;<|HxD]C$H?zOR]$NPȣXWZfWZz?.%Di/(qvH> 'G԰Hoɺ{TNvꥃi/;w_8!*=1Mq+O~{с(EH=:^y7♒)D ;| HJ'\\=+ng00,遳6K9Zo9峺(,%0w L~;,Et`w-qTԐ\ߠA~v5֊`WO$ ]s]GX٭`6qM@2ϔgPx,Cpʮ|Ylt)1s].@!#7=qn٭q 6Ƀ,cvkLҮN/2FrHH燹Ao9~hyvun}vfÚ06jT4ӊFDIqm@[RlJQ"* ˙;< `e_wp|,A(Z"%xC;K^G.YZt,vz̈b#Os:~~1fّaSʰ1Wp(m1 +%;*AdT:x~Ӳ|UC:aYfd @H&9le ñIGdMP=W!VQUW|i eug= H_Yǥ!?Xw x-L7oim{Zg,3QV_@16#Rs()M坨J\-K;ӑG?cnp3psGܠ[Gv&8KFwP;X,ě<"awFl* /33GE}؀BL( ܥUpޠ+){NU 8hP&u}(S'k&(ZAMKzAH*nju(W=@7x,0KJh:],xћDj0Tf(^ д?mQ}[u}{]u۾"Sx_|%WC?,"z1")ռ Gn,!.ݶ3d.V\K!+ys>Q*xaf[Soɸ#6Ӣ:o2u5;g-2^kZZbCҗ7j1mn%|3Մ^cdX)Ҷ)Tۃ ިn3DeOW{=>/GnPT@*[Db@+>r+A`n+XМ\ Ӊ8s @[%󾃭 .O'(/XƴJ-Btfc~}q#Vo *ޠ@5m o_o]'0Ȧ/5s E=YFL܋^^S_<9&,y+-4 t{"|ǮKh]憇K,ad$jUi*{Qӷ?qCTEXP.ptjmA፦@Q9iQazJFAĉϥixzeGEf?H4v*i]Uߗ7<@m3t>MЪ]ek&ezYY^=|t@Pn&^AvEYw2zJ-+,YoCs"c VNc {'pӹJ;?#381[7&{U%{g@w@zDB g=@m 7q~J 38ɪjY':/@GclʫcΩuvmvIgZ=^mQ:} QnN5jvG;Y8*?jCPa3%ӜX<cL@-^q4iW.#8љ6$͆y<ʘ.rG4Gg J"=銏*);d+DA*A,& ~W=; pxz)FiX4I:C9T1a_ \)3еf#d6c˹DR/仒Z3[ B0g@ބf[EW9^x0CvHGnf$%Ss<,˞h+bČ ᧶5CUMrO٪U{ьPπb2h7EІ3 “@؜;Kƹ=j_-4NԱC箨mR>$f %܌:RЋbdZ УO&3_{u\`^:W8ݠꥐS-b6"X7G>Q` HNH /zO9.O2DnYph"'/C2 =_EMMK3{1%s,v֯%zC0nP.HǢڔe:); E︠Z>t&2=#Eg_;ӪEב { UnJd૲."TWꬣNh?K^FgGg@ǜ"xk^dShT?D. $\J${-KV#t+ Xiğ{ ^Ր{à !^AgXD445ж[ˍzYY `8J@7ėEl/EV/ʣa $|y6.\b+~C]YؒQZ6Ƽ*@Q2/`Cמ UhKZ* ]T?@FZC;vP-=jD)*[H!gCCn"5$^,bJ`$`Ʒ?Eܯ[GW"2ŭӑS_jdk}KX?,D}lU; =ySW e|Q}8\ktY3ENY_kun^[w zmhWEê z>n!`*& ګo m8,<"w 9C%rpv&8 g/CIJsw}P5jdr@R d6lXF6gN `-!T#! =2s'A06R[zKƉ \:O#2MlBG@9o!Sh1sj"vY6O\X,T F}j z!E5˯klܔ4dFs&zjFnUI/RCU"e,paTF3b XUH"au&oy\an2?ŬxStA|1)&E̯ b]2>+r^B[PT75n=ZO&̶ث=46!xHx>8Yޭ:ToW?!] 貢w9=vy: 79/d%B;i^mrZv!2\ܨIKv;p8,e^(MtW@:5Vh7WYЬ&8p$MSt\X`Q+p~9ϫΜޒ:xzoޣPMB" s?j G~W4m,6Ҫ4*EQ 6$ljWaK>ZmUx۩pC{<ki;4#,D Kbj?8 hb? Z!{r(3 (.\#SBg,G8)q*vߓird7X٦ww?T 7%x/ RuZ]NF._񌄃O`k>;:!3ϒSޡa{"o`Ը J#Ξgw~sKZUFӴ)<jEtChȩ=Ҙ+~.O}rFHz㴲o^a.?.-Q^DA'^{P"k۬FYFRE.P`2iڤJS6mܡf&=93jZij֟2#ɳ7[LDt;ϓl=ӏ5 5"n}o\SB+po4J ̈EDy,RAɱF7kR\rI[ /[lP T5Y&}jE/څTlpҰOp)-85dr{͟sk !/hX$9vaxr%Mb4aa0|w$:ѓ`6NLx;=U_grWۢ }Q3 ǵcAɕ+,A⧗F!v4wQհHp-U{Q#s2|j | S|jP4=zsByV Ii`pr,69 K}W}\vnG X `n1Sh^,y]x5qIaH19iUaa J]BVo!*QmsڇQ`XK U~f:&D2mxsڣo`$6|hYt% U&5 *vo͸И%nL%;*Ak36jUJQWi΋WyP[,a|ٖ_om(/<[t3뀐cX!YN_S3B QM'r79X}s~Έef3U9eۃ޿AT\:kߡ3t]1!O5~V?1^)NH6`X:8|V~.͞6հ+pbZ&LcYr?=)um=ZĎa|qڄApD" 'ݚE'Ʃ Z41 rǎ {Nos5_uΟy[s4 G&q!Mi9K+KC^5ވ' gӤ0C/ AH€rSϩX vLb=!=Q(2= ð4X6C46Ƥkwjsa8"໙ïU8WM(YG=:ZH z:u~U+wY괊(w'{t  o"f^`5Ley/Q$Oلǥ"Lq#+M6XzrlN3.a]!Yoٔ?'eȜw.+!P,ZdM9,q|Wl(J MP.w&fӺsNa6 5r ]JD"zg\:5fT-i 6mގ <}QJ^c_ySu#L!kV U"sWh7'({cj^Jr| aq޹Mo{%9U`:4̡lD;…\q2;nNL^s#ܚ0![wqxdoA $#h%毺Mܐ&uc 8%C>gu z+ BS8&~;sFg8c'wÖYgJ{g P_bXuCJ_~͇şDxegݟ gv?d2OAOTDʙb#5\qkGnaA)t_*/;_V*0 Ljg(fJ#Pi;3)t8l8z>yH{wQONyy%₴K8{` nc2̣[7=vW~4|l2T Կc|őXt"[p/a/lwG؆"]=}?h +jӻ %^-G'~@6+Bb%|z$>F i`Izfaf*o$ŇH>{ xܿFY]4ȗ9R]b/t@<۴/UVpK(ߔʥ0~OEA{s=c3L/,WӢ`IE .qV FVЦNCؙ+ ٙ+S)=>h9~;ÖmtؖRgJO<vb;:w fvCC-I؟Hx.-&VVޏ^>)nXKoP~.~{GŵS8%rh!Nt(Pkru$C&wg;Yk[f2"9? >U\%VJt`| fl@`$]%+ ?Ϲo,eu#ݑ@xQ"|6Amg#@@jXοalj4ˉkV!}XΰX s!'gcO[փhInM{+(EHI"hʘ-oj rnF|8t f9wKaO?|ʓ a"r]eH yo>K'b3|M#Fs_fs 9?Td -K_0EWC^5VNLVwoۇ4Rr7>EÈ&6ez%OT[v}FwDD267zWNX;'U$s oS'H<;g3CQQëvȽKFjLE8Tk#P6Z%t + -%~:~>{ۂzrfayPdMb+]CXe1>ۆ)~Q[&抨3io0 87p?l+!* O;]RqPte?#u`4_w'ߨi _{U) /ν{48 D Z}h n)ra8䜓ذu9:Z K2uSki^OtGѸiC2IGS,  b)2,`́YjQ;4ZݤVG?-UWU"qJ8,QF5*E湵NGSA[H ΍yҙK) M8öb=(j5@nwXaų:9oLdކ_7gv?b]k~ɺ(75aDw'՟>:C9Pm*6CCzNp @Zwl헺dk{w~W,g*B/&(V%O"!X~͘V ܤ{NO~nM[B#%;٤Nt[蓙/Py0ُ!~ (#D(w_H[uC6_QL\9gS_1%=5Q@ `ljtP(,cKwq"GВ;4}]doIaJV[%:_3?vSez]*o.y'!"췿 81'(Q};EILߦBR"@M|*ƪ(pW }C7 3N'ghzi.(A?=+hoRlOZA ޶C~߆7H{W$5a}}`0P((S,hln5d${9 [m UV`1T]3C򊰝=-5'c[X;ts Lx*A|o>vD?@t%t䆍z3Qљ) WHEăM}ָ1,!a9iZR rGu|lVE,Q = ;?-q6O&|N'༡VIGTl"x/ž/3:">ojä.s'<^{ \rQZdJ;M6 mשqpj2GXe؃3 L|Q 5/hkRLU%WB9'oYWE{\n,wkxH:ɐ(I@\fD3QL]lc_j0bAeKdcL4sR߶714 B\~Cy&ek/Լvu,d0S;lEEI7$5GHVb[I$)tM9V˝!J"ҴPk Nd>vb m,f/)c6u&6AClz̪nC|u'ˏ`r͙}HtE,{@RWCIX~jQ1_{(tVw~뽎\-VoiþM5jTJGG%[_(_6F7եZH ^M7ܵ* =QS#TE]7C|$kzp%!KqwQ>jb-d|k*J7n,[Bg']dr0vBJ"9|"ПRC KީfjG!NxіcFH;N?/B2' %,l=fs*-r\rQ-ʘ723a09G0S13@"'r_UYz ňp0/¨.y.i)L=g 2D}uH4U(YFbTGr*6Shᰉ (ƬJ`ܱc ݳ0BϴF_"hR]t<̧FWZHwAQ3y}0= !F")l(A 9VC'D"ޣJ*mE l[15fV>v&1F7)y}kIdɁ )W7r2J@48^l_Jt#8ARr `c|ĝ|)O_@' 1KpRL蕓n:7a5whۛ=ܵuXe׹{8V$h/V7>qr+X+4cLAE-Dssufk]0Xp\S?29*k]DʟB/mPV!KR`ZX|EK/Al3;CEaȵ gN`K*ω3Yz\^I Cvnc8*VN|q[W*:;?cB/ю)a>-HuǩfEб G-JGLJE BE_asP]ϸCHE&~1^يn-G .q/=X:d]E#Nrx ~M*UxzUzBDUN22 k ,gs+R.IӞy{D-Auʳ씂i 7) i,σVBmE ]ub܏B^J6"QS[3ՋyLs3}e$a6CZsNRSgS=FQ-Јq TOΜk.~櫮jup]|I0b.J1nԄ}H0uQJAC3)@q=O#FTo짽9>8 Bk`MjHf[ĆEBx^HtEFqKH/%\P hx8LE:"@/plN '}B@vQ j/EW6l5x h':BE>9PQTm~g񰧝Gz{nvtshpϳ.F;U /6dZ} _zf.fxuaFm:.^Lr-o@w8َYbjxVLs&0w'i'ǻ4d{>u9_Z1dk`=_Sԍ7_)ȹRj y[zv}BԱΫ}|,ZO9@KlQ >8'] c,GV8+ߤ% @2[wÅug n9pf\kޮ]eyEOJ.(.j[Ʒ|鍐oVkm]nлDML ΆQ.9a[$,@`tyy=`>cJ˿cnB* 6[,>V:Ss̜Um<\8Y E(M\ *:SybY9rL;,1 ?y{!bFb(_tqK {yK&0kQI^UO*H 0L} 6jS &%ƙ>,\ jl{z=r x`A˯C_uAs^ wek~jľY@gEN058aTד.K`P0vW~-u^@`twI`/ϣk*@2gXD tKz6H@_ɟ_Dok#GIvd&^3-8;)vE- 1?E^#ވ{ ‹'nvKHr'"d{7'bO[nܵ nXsY8J)14h5\+IO0 T?FP17Ӑi]:܎VP&B[w~5ƅAReFǒTB"g*4Z[}1?{!;CB2 qJw,Wvmx z6ivjr7b@)tA >Pi Tl`؅@БccTL^dZ& !jm?3^;S~p:'zD$|ǩ9fz_|'9v!R n_3 e41BqV30Q·T{jJzGpODE QtOml839 |fcC`L+"=#uV\%{B SJD|>] O'riD/};bZo|fCC#WBz {\ ]ɺi!+JE%30F #J|OD3 I|2΄Dن8lFBTZ[GtLo;sCt;z[䜤X c= Cy^m;0vV EH믚 <\QBhd8Bf=$\vВPqJ$RONe^Гú0ztT@'tb4 DKpr@߄ (&`U,ʱ.7nc Wd`N__.9H%-OFjx ݺdä{(K) T ?:TENY^QVJ0rSDxld 2T{+bE}~N+GoG8F!|ϏB,-8,zH oW% Lx؈< GLr+(]!C姞x1\RC: LId'_,ФEzÊUb=\OI򋾅/7 widu"hKUc1Cݔ ODQ:O K gpo 9%5f&M>ky:[[֣?KDGӵDA.U{e@=-MxPQFg+ PuJܴA )ft"c\3|O7Nxx]UdJH6w>6rfۼYʾ/&:).L2D=K:}ϵN!OλnK|%,\5NߎVfs/}47υmO45XɁ`hd7g6EE}5Nيa0,ә;TABTHmz&o0`ـucXCe;.F݄dQ.> h=fRqS~૲1EfyHH m~@\x_dzQ1N^[I;cK[hCS[)|f Hqa+S8TjɳRm^i!@N '*AuXfMOfRMvf + {:1JNLF'^!4Xm_YhmŒl,Hzd+ʌym[Uќc3X)oI𱫛ȑ&QWA%˘Lc+<ē+9Q\a^]>b?QA [ZTPMԯ)7%y"?|LA% +}hk`U'%!;37lW퇴>" .b{7C>3G.E V伄ҳ7v1}Q ⵰Tn1 E+`;hk<|rrs]1&p> AIT*\di IHd=P^(&{_P䭩|)4Ȑ-yB7=P"sF-'3V9 cb/UPx<)oF&.F8GJ?߁}]o4<淺߳YFs v ղpݶE9F>Fz%(QK,޶Wߔuܿf@ Qr()6]1\mǒN XY)@hF#BZQ4JOt![ȘY;},2:.򴝓陙 s _o&;ȹq`p[ZM 9f4-HÑ#e[DP,Ǎ8R[sr~U'3dWU2i~ZsAX'Z CaY~r?GOh+?9qאz$m{l2O ~ooD$8:Vrd{HJԤ h.[4p &P-4a߲CW-ly"xAB%ωA}Eŋoe:]NyLa1vh2iǵ{S:#<IAR 6x_Io!;!ɢ]1iNweE^^sЏ?RhL`xUɺY'r|4;X_wM7eH2(ҏ=78c-\ :ۈrڶΉ]H3SPhAfϽ".*(nWNFH_[כm~ywZk-D|L-? Z}vuTƦ:&"8l4>N;?F\( WP8Y8uY&}J׭#5a?.t[\- F.0E(8,K*Le-%[F䒷4#*C#7t }\sp|zNuJcIH|AC_۲]ljFR*W]@lؼrm)bEI'CҌN [SG yIJ;[|(}TETl%(1UoESƔ=S0觍tdKg ʤ_4B5SxD"(NtM u\橈9.އ"QQ@:V6>փ1P.3)J:ZB'=SCm @`&vQTCӁKXd)uM#g˳E@T\Ft?s[fYK͸A! -&}pԯZQ[喋!pM3TB)Z`PE x@*.4Պz# a+9jmz.l1WF4R _m [0#I ^O]x[x;LyQktƿjnEafO\E!0~2oAI"nX!Fq.)9Z!+jF94`tlTFwKN^(pQkr[dP01L@`4`n R#:ި|)o,%dq)susLh)m:ؽS: w5>VE8{?[xI:ޙh'R0[ZoCG?lk!9O yrq aɛ3#ER;k[$xXqYR7'Yv#ߋ5g*qTh_vwpĤLYD-©5eC?b>7e:~{ rSW"8IAx|T mh(WLEy9ń!Mݎ\Ϩ60ω!hZB#;>ZZ;k u}ˋA]7Οҥj1h\ݐ;J?kZU1Px/3ZƗ^זhK*w| BKIOX{shKs֮lE/rðqJ Sr p!* Xk X.Sn{ݥˣ%JODQMnYuLmHՈ\ɇ]T'/6AߦG > |;Y@),!}Rnv.xAebj_ଁ5~LM45M2&=7ꨘ3Jr0z8y~TVnR2=˥'1e4._- Sۮ]qRB;B%cse̹H!'>蹧L}v*5U!5dL©9i^\vɾbRRg!UZk袨'fIWDP׃A3~{e.ې Eyr:ԷXVuS'~KҴ@8K[yڟ  O'U z?v l gqIRvؙ`􃟼5L祾nʫ^K\2FL\qmtJi{hQ#NLʽ~6[,ِ nТa WaAfRt~'#?9sSiMuh%g8Og_ouG-L#Ϛ[xVwqfh tٟap'g^IdH_зC=C~][IO '<6=OAA1&rbIVut7%!Jޯ@-!k}GF)p)2h+MVnkv%l7fIScKH}cGp_Eur'T%# [R0Sr"8WԜ,t<"y@Ҧ*y:i!xd)]"mPlʝ x>H5l$T,yUjZN=.IxWD@I3cΤQ푘 w2[.]5 V"+S8ҷ[g]wnw0ެNGm/75mg1ھC7PSgGnu\EKƜ|Q|da ,;_/g f[q"y}~B]M hYHï/|6=̎½G~!-:=}(m^=NP]֣xh>=p+wy [24Z9L%(U$ud7QlAuV{\BsP㬰 ySZL&OWAo2nBLHz㟿*z؎z(u9iB;SeJ~-](*M[ѴJ.[Zk$^9Y'$9CdjQOI >iY6Fv&= =v{*f˓js </z&F<c'8Fze󮒽ٕ:1fl~_Dފė!$)I͌/6p4"|hP0 SN EP ۧ*`䂺P]Yp$o5a~d+|?FFw蹂,(5(0G㊕hre3Z?ɷQav,cш* u† "97B,%-Uab)s 3'TsM(F.YSW>;TooF!gu))~9dwBjL8 %)mf Ǔ[_O ƺt*YPUb^ |U#`#אQd{+`K3Juc2>1zF1`XyyXn 9ae}nO ǻc֭vųhG[>_A53.] N,dHçHvQUivI!Bxl67ʹdzA9?_\]6-Bl#9AJyH~z3 RKݙRNyG4Rf a.S5օ@}po 5ޗ+*;f!MR٩M_Cg b:$S%爃&T=3_kKY8B1 |e8!{SCvmƟkѪ*ލʽN)֖C|!"1"gUHMMsD!>Dpy} LT'b 5b*f~g{E&osAH-&`UnKí)-^1\ixʥb Jgvqdnf2l{"\2 ?W)K#HGɀE7&NAU 2%BlM*c*KzOzٜͥexM.+;D߹u]&zD yN T'F P#OKӤyx~neqk!1H9ɞߖvь"/. 3*߫X?`ĴU滿Ma7#M'y^{[\2ÿwf2uCk`trfLCMsWDbBOܩd1ai=˯QSAhHِ-{v)ԄK9xr3w<M5GM(򊚲XqӬcݙipϕjZ:S J 瞖ky YZ