sssd-client-2.9.1-1.el8 /(>/  H0,,,//dp U]K/h ӥ>-g֏Xt`^1nl<q'*G/)mbmy-wmPwTVHͺޖpB|lu!i!Q@MlWxefxezmI0fZR`Vȸ']UtO>#gO.1amş;nSΌD)݄4B {կ`aot(pQ'$L+b"-̌FjTMirh&x[ B Q[Nm!?| X40o-͋ PvWAmXwU'}s %Hr"tŕ #D4׆;elD@%Ý6mE B "ZHk!&>xïC K'_~2f@j‰UtW1ݘh?Bdt?_S#\ƷQېS%\o{N)d- 6 kK>WeyDJ t2ox>] kҶlE*\ΚXjwa '4~,^#$YnQ'FJ{uYU~y9-oYO=fAGrNCB^w~[&gj[!HW GMHw_yo`>ե 4EZ䰩"oE믨r7G!O '{RoWNzB9[>`A@?0d  @  %(00 H0 0 h0  X0  0 000**2*(89L:n>?@G0H0I0XY\0]0^bd&e+f.l0tH0u0vw0x0yPd,Csssd-client2.9.11.el8SSSD Client libraries for NSS and PAMProvides the libraries needed by the PAM and NSS stacks to connect to the SSSD service.dRx86-04.stream.rdu2.redhat.com=pCentOSCentOSLGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxi686/sbin/ldconfig /usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin /usr/lib/cifs-utils/cifs_idmap_sss.so 20if [ $1 -eq 0 ] ; then /usr/sbin/alternatives --remove cifs-idmap-plugin /usr/lib/cifs-utils/cifs_idmap_sss.so fi'#+<D>0#- _=O(~K G 2  e ~ ;  AAAAAAAAAAAA큤ddAdAdAdAdAdAdAdAdAdAdAdAdAdAdAdAddddddddddddAdududdddddddddddddddd88bc3b6b5aaadd3895c5ff07219e8caa00f0c50e1f5a767bb51f0c09eb4bd209eee3e68a3e1d25c82aaa4a65c94019cc60ed2c0c93277e2459d97378953d1ac006e5bfc821839208e36441a1fe9fe9b3681f5a9708ac9bab416834a481e1f38df0dad67181f95fed85949337f5b547b9aee61e455d83f9183076aa3cbf7df2c22a95aa6de8331e659562d32f3d5ad26a77c5eb1808422ee98637a877afecf703676bef7eca65f4a483683587f74bf0c5e033ad19bbe2495e8f5289ac007265fafa1323d0faedc082f20eb952f0e2d2d35a1c14611aaa0fb77a44aef943e2a0d0a49e9509300e9f9768e37688f0d08522ada4b456791dc9c384e4edcf7535dca08ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9036c57f43c939054fd4b831f271a14c97a488c38f98cdda5e887c5d396e3b3bc58ee7766ae82668689a2772f3d154b35fade02463c9e042ab585b603d7a147e496ae12cd3a128a4ad3d93fed8530127cea54d146e6f40e68354c4ec5fa609a3666b396ecad23fae4c9126f0586c405754a3e46ef64598f9fb5c299a5d0397cd8d71b805b0a752da5a001e16d478dda0ebf6692a752cbe9b89e4e45dd7c6de46704a9694d78a97818198f0f4bc0c184933d345d93553ad8058481c60763202867f6b94e257c9be334608bf12db02d0c9f94823a746a03d6e67282a21436a356ca42da30dfd7a94949ccf329024fd1944b812fca2d141c604e0c96e6b534d630eafb5ded437e56278eb161ff08e5aa36cd515502d559d5539f75a851e6ff937e1e751e84afc46103f433667f3deaf44165caa9cb60a81b072611b01f0036f963644b7ef173ce55db42ef3b358bad6781942b6eaadb4644a7abc5642e0c68c7a591b94269c917bdddb4b3908bd126c1cb2d5eefbb93478013cbe8620b7ed611d9086a346d901068a3e37498f6fb9e45821cc9f56417daaa865eda79ec8aefe6b28ecf96507e61357f090380d45218bb97ff3a8233df20f8ec4323f1d2b552222e035c0ef01d73ad4a691891647ce8f3c28f1063305e4d6864ecf4defb8f1ddf832d3acdfbc5772425d1d510352a2d89b7bb7bb5a0309cab7982e40b1fae207271356b103c0b4ab014c18118fcfaa93eb36ca385cb6c69543892abfaab93a8b92d27573d146d7af7b2879fc7b590b0e638627b45391eb32a1d7fe04fb40c9fb8080867../../../../usr/lib/security/pam_sss.so../../../../usr/lib/libsubid_sss.so../../../../usr/lib/security/pam_sss_gss.so../../../../usr/lib/krb5/plugins/authdata/sssd_pac_plugin.so../../../../usr/lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so../../../../usr/lib/sssd/modules/sssd_krb5_localauth_plugin.so../../../../usr/lib/cifs-utils/cifs_idmap_sss.so../../../../usr/lib/libnss_sss.so.2@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.1-1.el8.src.rpmlibnss_sss.so.2libnss_sss.so.2(EXPORTED)libsubid_sss.solibsubid_sss.so(EXPORTED)sssd-clientsssd-client(x86-32) @@@@@@@@@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/sbin/ldconfig/sbin/ldconfig/sbin/ldconfig/usr/sbin/alternatives/usr/sbin/alternativeslibc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.2)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.28)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.7)libc.so.6(GLIBC_2.8)libcom_err.so.2libgssapi_krb5.so.2libgssapi_krb5.so.2(gssapi_krb5_2_MIT)libk5crypto.so.3libkrb5.so.3libkrb5.so.3(krb5_3_MIT)libpam.so.0libpam.so.0(LIBPAM_1.0)libpam.so.0(LIBPAM_EXTENSION_1.0)libpam.so.0(LIBPAM_MODUTIL_1.0)libpthread.so.0libsss_idmaplibsss_idmap.so.0libsss_idmap.so.0(SSS_IDMAP_0.4)libsss_nss_idmaplibsss_nss_idmap.so.0libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.0.1)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.5.0)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)2.9.1-1.el82.9.1-1.el83.0.4-14.6.0-14.0-15.2-14.14.3d@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/sbin/ldconfig  !"#$%&'()*+,-./0esrurururusvsvsvsvukukukuk2.9.1-1.el82.9.1-1.el8  cifs-utilsidmap-plugin.build-id06c6db9ea48de1a620bbbd85387d38e09942edc92343c3d47373821e3fd84ec13ded69befe08fed673b160029b2a0df565cd841293035f134af91a4aeffe2f37b4e8c788ab067bc458b7667c6ee678a405d39dfc716ecfa8cae5b8c5bd7f6fd6c530f5aabb58ddd8e1218bd866b81dc819893c3028623ab62e7ae2c404aa2f5e0c159ae6780ea5054b2b266255794dfd9545ba2ee644ebd41753c7fbae0ccifs-utilscifs_idmap_sss.sosssd_pac_plugin.sosssd_krb5_locator_plugin.solibnss_sss.so.2libsubid_sss.sopam_sss.sopam_sss_gss.sosssdmodulessssd_krb5_localauth_plugin.sosssd-clientCOPYINGCOPYING.LESSERsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gz/etc//etc/cifs-utils//usr/lib//usr/lib/.build-id//usr/lib/.build-id/06//usr/lib/.build-id/23//usr/lib/.build-id/73//usr/lib/.build-id/a4//usr/lib/.build-id/aa//usr/lib/.build-id/b6//usr/lib/.build-id/ea//usr/lib/cifs-utils//usr/lib/krb5/plugins/authdata//usr/lib/krb5/plugins/libkrb5//usr/lib/security//usr/lib/sssd//usr/lib/sssd/modules//usr/share/licenses//usr/share/licenses/sssd-client//usr/share/man/es/man8//usr/share/man/man8//usr/share/man/ru/man8//usr/share/man/sv/man8//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m32 -march=x86-64 -mtune=generic -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2i686-redhat-linux-gnu directorycannot open `/builddir/build/BUILDROOT/sssd-2.9.1-1.el8.i386/etc/cifs-utils/idmap-plugin' (No such file or directory)ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=b62e7ae2c404aa2f5e0c159ae6780ea5054b2b26, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=73effe2f37b4e8c788ab067bc458b7667c6ee678, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=a405d39dfc716ecfa8cae5b8c5bd7f6fd6c530f5, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=ea6255794dfd9545ba2ee644ebd41753c7fbae0c, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=2343c3d47373821e3fd84ec13ded69befe08fed6, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=06c6db9ea48de1a620bbbd85387d38e09942edc9, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=73b160029b2a0df565cd841293035f134af91a4a, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=aabb58ddd8e1218bd866b81dc819893c3028623a, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix) !.8GT  R RR RRR$R#RR"RRR(RR RR R RRRRRRR(RRR RR RRRR(PPR R RR R RRRRRR(PPR RR R RRRR(RRRRR RR R RR RRRRR(RRRR RR R RRRRRR(RR R RR R RRR RRRRRRR(utf-8c03f44a0bb70749d37c3705e54a86c31ac35c3bcf22adeb7821f09e43504af43?7zXZ !#,x] b2u jӫ`(y/,ŏ=W#? .˥$4Hd;ْSPl(QV(.nھaFA+xm_fe(^j rhfUYz&x-@;-碒'PsZ7&HHS7P|O5ҋbG:ʁqs*j g2Ca;F+U>u,!'i `]Di.BylŒPuMF"q)3߿벸( 0vBM;[5i4[%b׭oiǰu {#צR#&xCBFnDHoELr}ܴ4Hc~Y׃{1\*d2CHLrgt FC$" !ܚ-tɫMnUU[*dEfB㏲̴܌zܬS{ƕZ b1`R:z붨Bf7}lqWvl{8KцƣmY+Ҩs P</x%bVw+~f#y9m" Z_]ۣ?Afӎ0L6wZКOӣ0Łt1> @ /%GyQ`h5AI:fsS;95[ik+qQ󣼉!7hJ7cŸ[5-8}@gSXl\'sp.;2EI%@{6%OWD9bFܓ +‚XLd6׾MhLú )vPp]V cd7McIA"Vj}9$.3]]+pt)L2ź@)ސѰB @CbIy'"1t :)ծ%].YE* & /0{`"dy%}D^mZBB6l8q?ſm!ԝ0\>v+`wl1uuI -d^yt7vk x\f^L$(.E;;@L`Q16y%TXScў9RiqA:%efqpH' @h{MӸ#Ý"HOEKlIF;̖vRGKx1Hpqه]%"+F;8X;b3#v 0Ig=e)Mvۤ:uY @1y_(ƸCY6+h\2 e6F,訦NEub?4LdI_;wx B.JebR|*-"g3j_*M) @ {gVjѧ $}{*'q[AUi?cʱ@AXYv-MMMB +wgxa远rZ3RWMxtxs>[b_E_C Vaf&HC!H\,=XrF{ˬ|64+ CN >EƯ|CR_4IAPJ~\35ĥ~G1Pv()5׾l!!NZ7JFv%q}[}/2ˉ{xwv~Rbfڍ#V׶/4tG]J( mk" mOx=( 魃|#w\݅I8Yջ{ ՘hjCl(CSļGXrr{'k4PEJX9̀f%x)?̫IӜ$V{[D7ʀtK*rge8)GXOo:_c0M95];s0f7w(0( x!6; ]34#nm 4f1V~}T{9qX]iA_DX>:IpWb!i^p%j">0BiJAQ;X[\$r+ D؀{мx8ulpW8X)GvIgqm^ yƢaq>@Z"vpڛ56~UϦ\rhSc6 0 bL E /jcs/,] Rs#Ѳ.-4u}AFԅwoo\d\ƳKp'مt$Og_aNU8es*~Ʌ!3w-=GE.7!?a4Vgy> ~[L߱UOT(Wa{ظ5J4Ba,1xdYMBA_rS8LNTvOvwt14^hو/J Ykq07c)+k_49yFn,m$:̷h7k`xm>yӍRࣄF;ȏ0&yu2!l=^+T&=;*n<49"MS}އx<(ؘ5@E!XJ&J0'u&U h!=|2h_ǿ3I,̽![;t2gJ'?zTux"FO7c- ĥvZ;m2LLT#іo"}]J}і|h0#rQȒ2sy9ՋHk{,eG2ٟ d<bw[HzSљ_zs} Q  #׹r&BsV<@IXCx5)ڻ#V#yV 4h-zQJw ܓC{q B)A3>`}@ύ"bm4HLmzG}BL8I&O]𶢩8ǰ5DԄL$2eʀPUFރDcd %P AKӘm,v)AzBϮs#^fQ̞؉$hň@с]Ӄԕ~K[QXk`tᅽFviNꎰ9L̫].D"Duf/Z*w}, %uP)wNNx޺ݺdu 5iEWj&$/NO4;h!Bn܀24 gڙ gF U_Ν pyB+8I!ˆ9/3z5A<ӵ} V"Wdܓ.>ܪO)$ s ë#G@;qK*f~xky4"ü#,9IoП[1`* ,NF@/s<fY02+ y kHv*fȍcѹe/+OP]G1hVg8\-$E2ȁ9 pܷi潳B; l/|ys!~g?[6~ ei{&=u^D4R.v1d. adė~cGhzD@EG;ސg?x/N˒Ŕl n2c_ rS.R!Cp$KP(fPpL-=0[*'SJDAccuf`xSO|`G~mWh,-½mxwu?/xb)NPQb:ڐc~ifky+Xϰ$蓮oevʫz;&Z n˗ *B#GY&*CT]d-(ƤQ#Ь)/{s Zz*dԎU:K(f,cBWK*'ݿhfmeb~L86Q~|SZ=YD&ʉ\^0 Zj0 -5Y1wk0)&,L;n %'HbI܃~xoBӓ#5V!7h0x6[dsgf05ZnʓΗ*? R!Rs 11w"ۦ(Z`P |c1݌vMuMiBC|C_`Dn:j ay4Fp4P,&ͶG{ȍ&,6Tff7eu_H=b$owȁ sFJ^lVUZ@S&>Xq*'RwAc[)W鴌 ~ik1|jf ڠ!mOlU`:哠uueVyxD_@rƅufE`U'L۱"3+fp. ۬YPl3A5E cS͑YIǻKAit5M^thTe2ϝ!Ӱ W\訿7By8\ȥj\bgg ٮ;}6hW3{4ծXPy`hFV5H 5]懡dIyuc= s6Z(Owr%d\iC%8&j-wb̄~Nty'XE5o Q /mq IB Q-TO~d\Co, )E֗:3g|G 6yS&xtI@SDTp6mտrQ*TKXʾlb#MahiŊct5Oldh*ؘ|[?VuI Măvvpue $#J^/ӯ(K^khX { Δ p !Pj:S˥fU#f›j}F<#α7LY]4󸢑}lz#~;(v zGSC`:mCz/G湋JIW+% PN"MhZC! u:`x'O0[` dn,Z88Jm0_&˲\ {V+dJXȶduѶ:tA[ aˇtG\FVεE8nxuW%ke6p1^uȷyx~Px`P. \fGLù4~Q#1Ú Qdp| ^ CQEBIk7QC JDQp>FfHZ~ :׋q* 2-5s_͜n;wsWPWy\2Ю\ v7?x6: j^ /ۍ[ÄUdUI- y寅d`͚\ڭgBL8{;[iOn9 !\(\ԊX=vZ੠mIzp[sٱq*]-/]of ^}L# vlf vGwe:YZrov2;z'A '* H_UحȢس'@暟iV2|PG`CG_sSRt`V _fSFL(L'͙EB)zpiC >k(mԜ{*9vDlx`όPMq$vH.D1o@~?~d7 ñOs1 S:YbXu#F 5o2f^{X"!=!MA A{'P~ \EwkiDQ6>,5K-qJT溕(K<O$A.!3`'1rN G*#xg[w#ÑFҾ h(i^-VlגJe+ F:0bpj+!MNJpЂ@ea޶W&HS$-NVGãT卻Nz-[fYl !#JU.!)9IU]SxIdjЂ*#fe>ZrbDL=η]~c[=lv^fS9D[ p6vTF"ٱB0:tH $,!̱:> 3W(jhA%цׇNK.W9X~?ypGZcZWUw2$@y wX)3iN~]ݼj,V7r@]Y!K(>-oAH _n"k <pڜg^M$c7 ޖZd4xGz - 姮 v$oϳ~鴩)XcӎbΚVvVʡRt;Ѥ$rpd}!VN͋enjjұs~|wLXs r(Y]{)i_cKƮwGqM.Dz2@M0odq! 2{9/f3Qn^:2ZOsanhsƶqHuy{%aKo.7j0vYdC$ ! xdI[wh1aLX)~j֦OA~̩h#95aX76jIޠd ̫p_nC#ѽ%PÊ;=_X^ie(92,VikcW2 = #R1mW&V%wDqtd 8ퟁoG&A<<75NP */JdÅ7AS,yc%  ZaRRIW ~S5TFt}2{0~Ͳ/]g8ITTWmP:Oj)Y_揁<#L .KC52\HOOtmD4+i#F{#Kb>7 *hx`A W\F K5,w)ZnS$ ?n=um?Udpv0 ~M_Ub'ewa/;O`'&^P~\\528VUݺ à7 0gz{Fc Lqo 4qMѸLuyH~bήUBG͊/P@MLl=±~-_ti/)dFQ([4LgL[h;TH{ӞҨs0wA=7[Ǿ}vN(Z[tS8,Us"_ĕ*%ӥa!=!X0 +9fP-LymK)D to ]nfzQ|f1NW0b밗ƹ5^9H>fQ+4}d"9NC8.*kQ둟eK]VImjo͠}5wT+ Ub؉bhM㠅U aNfS cJ_ Y^cLwf}8;9%4Eـ@U,^Ow  hgvbKBHd-=c~Km4pHZOf9}c⋑ GV00u,Q5z\]Q=ԁ.~`L[޲gI0pzoHLN`5g}4RjWvnTabCMRC ÙmR[M7u^ٜiv#7h;+JuDs__mze>mr2gVיBϢk#uYz2t7rV}>&b@vRA@ڮ/ѿJ;3s%'Cl]+q]ݴD1գ!b^,=<͠dyXɺ) [GX9kJCezXXt^}?O:%RawCj=R,-h+ {{jCU=m}nqԋIǵUKv.y B68zED@ N]<#!iE)L%:?TT/)i"gɌ+U3%XOYVOdTid&)Ty0ꨫeR `M[o ѣm?VtMU;Ϡ}VmOnߌ &^Yܑfs :?iN(&N5e悫ݾyicSo{u(p^)#dByP}r$`jxz-$t XɌ|}ҥ`9m90k>xbB"ŷ|@1!jLxqT̓th\#]o9G%AZUǡϏ˞SoĺW\xom$knn~sa-<׼żȴ^z?Pɢ L%ˍ2O2)]nZd(Ar}"H.wLޔR 7JFC C`W25Qj4flEi;O Exe_.̩61=CRՌ 밃埇!)*O fk+[ 8(lx8\BD! S%Z`2ъRf*JaG/WT\=gN^i|?GցtoS\CVl m|2hzM{g5sun/.I uo>tX^@Xq3[ΖJG 8eѧN6IBaWxpwaѤ"c5> j}!i" ɂo4ZDF4JD?_>e!TMk3_8a x+vub dRjcz,+RY(xw P[;[U@|ΝAхF9%^y_%{"3eOq2␭ߩ-ޙeN9* %.A`vÝG<Մ-8V_'Ai:WOI-gMnKQwdFjdY;y[C _rkQ2U{U*4(wyfx3 7At6AB4swQnfkBy hɤ^MzŻoo ~9!oL, &Ռ/p;h3V]M9l]1;Ѷ; Zrx03"r((Eq)A u!wykv 1W)x/&Ϫ֯>+Yџb*~<I KLb>$$]#8Rr.'z/GO%eR z.2D6S˞% z96Xu3'mCFIGЌݯz& Hta,Q;K&f'k CK( P3]@ݪEq96oQV)ZTIBKDԚt_0QrfvŹ2iT\Oz &j0ZZqAFC &VoFFE ^?jGݡRyĩh%X\,HjX,Bm}%:H0<~[. 9H B%q J̗uN#08o"t=@"cc% з,DL/krd$$f۽JEϕ#ؕL/1a ].UOnղY |T/]sj@88il-%N^/9K7*&_2@L3SM4,ܡogZڱôZ|eɽaC0>aW6Pڇ T!Vea%@Y:E~~ra3 s$"j!ˠr:$]o~9Bq Pf3*V7-p ^aL-EøvW{j)Tg$ ;o0(#)Ztlݦd\uR*c.;sl kB)Jv}$6H1C: ɼh〉hq7P-I,V7y;[O{^ 䗸+,PhNfu[0eAF3O0,Vȭ+nޅ:3<٨l:N܁| <{=.v뱠UzbSK;*'--H?>񇎧- R|u0UI/gShrӱ!-2׶Q@vs h䡠VE$Vןl+g\(H50c ḪE/u_HZ"ĭZ^mRCZZ&/k4qVYf%XvM $i[(rrY"j75W213b/I1Ҿ1UEL. ^Apn˄t@&C5Y>GϟX"gHSuIb ^q3LQk B`8 c5P9@6trG׏Y܊[thM$ːdҩWy;P_pX~.~'Y xuS=fed&p,ީD Unˌ93{BE6X (VjPnr ­j+6h"f"Hb=Z**|Zj|_"Gs 4yCcK )1An2@hL@\QVC1b&rj!@aP0=05F?IOzi詌6+X#qn_d'AWmBga:ť'd$AݜŦE$ tݢ!q ia9cyAαd`xɤ([fXGYg$4r= yՎ{>8ܿx icw/_oo62 AdK-]bQX)=nyhnQ/ǁm@Dk8.6"l x&@HNᎤ\-f Q%JOz-rp8iK>{KYfʋfrݢ u\d=$s9ۍ56?!!gņW %zuXHҘy5Cq Ƈ,,^4oe#,GR—ɨ{0o(/D_Mu &-V?p6݂ːd.փT.kޥJ t3T25IBT-N9!&2vO&SrLp +b#Il'G4 >q{0]}:Try$Fz(4v _#D][q@IZp =-`7/6mcE-dBN`0 7B`kʱ9xs ⥛D6U [R zRb`N 쐅bX<'𺸊(Il2y2 iSoCr-biC@p <%m9W^[?ؠP #x t8W<I&+`M(umzį3cvrߵ u ܰ``_{wڪ mQfWZK1;PԈkE88Cg~GyRNlQʮ²飨6P[c s%G*.VBё@Uļ7~n{&S(eFÏQ/B ]؟3Wby)WN#F(3PEG4p76A/g6&;􆗉=i\ Λ`ʨDs/sѮ ({ s򙊲]uVvʢ/892L;NK"WnjrFNkNmUɖ#P@鴓IԃEFۆ#QWM) ճ? _&"̿97\s5W!u98&-kRF<'&;abh#1HOr]#kXQd߭Q% miנBĝԵzi#Sw*vLGZx*yFiIh _ȵCBAu[B;aʩ`NV_VZF Ծ:.5ͅ¹U:qJaK))AbД;EtW`vNQE܂hٞǀT`C_¦Jqִ(G ˔ۚ'~ɝٜ;zoɞxƅ_Bi7W)쏇qR1rn۽(mH q@Gidܻ|eN =(6 L /!}nXNW6g &5Q>Zx?آVoÆ6d9 QP:+!ݚZDT7"jBE֓cۛj]!\FB=|Џ'Ҩv# NB!;tf AW 7}Sf*8P PFn_-ԇ=XbiGX8Cmn9w fOjo5aVF[^7&d&hKg%C&\bTa$-~* 98GRxG6-"G o1[3"zIڟE==P k):>mog2˭R.Xю:> P 3~5d*U:k1q {z;zT>^) Vxҧy'ijȧ: gw]yKbHOL;xnPbVu 2Y|06B)ۏIW ,01j>Da-X~`J*=(G:9.~ʙwYZ4{p5yr;Pb-Fbֹ<+܂/l #67 &וL%h~GfhXyW1k MꏾY ;_+ \q3KɌc(q  /(Lm$Cv8\T4)!s %xCTϡPbYzj Y\>r}̬Ǘ V|Qsȷ88 ){sj׭4]g,x!l"d˫6=G0E~` nll.h.$3E"a5^ϛtH2gqE/"Ҁ n'5F2ECI()H,j3B_DvmmUBA$;@/߱NX:O{36<=i  Nx r_;Dyj(bOLyt,7R %h /'2c`&)r7RGDk!]K:poo:Kf>;?[n44j8K-#gȹ|3=<-vE"Gg5QƽXOݟpQTb'>mm1kQ}8Ot;.b=3_&y\=ZwA,ٗQs(6Dv[V#jmI38w|1oQ+JKf]y1B1wt[}|%#+baK f&.0߄y2]1þ҃ q dqg!$qw\܃%>Vdm#FMF66Y=S}7Q&]r*I/Az)-kأ\mVڙB< 5O 8&#=bY9:Il~5SR觏*I.=P>7d@ɠ`-Û密B2,شdjD']/F'*VoFcBV =J̥$WAL0yk2!ޗ5h?J)i1НN.Zs!ri=jI '9n<Pk.\VsC6K a~A3I.-]7 w^nʪ6Jo's5,gBw _$w(awoMFo'uYV\&A@UQ'k]8u^q'MTm̄WgM۹BaRgv Z:::&3hW|ORV K{qУYD>%P+lsHP¸n﹠Mń^y>Ifb+ ˲"Q|l6x.3|*u RL~I d38zp_Yн{ 3O:­'\{O)gܳmTa/e P&d.ssх}QR r "_h9!v#XصaMsO߈4Tk 4*?a߁ƌU' JYz n1jY@ *$#@. S"./y1yG˶ʅ1x!'9@EK['fd^jD09^|2C&>u9h(mB@!76\i+ې#Qz[c-ᯈ--ߝfAlc'+bK0hFwy5%f)N/{(nP<$oNV0&1~(^/=*Ekdy8hjvZ)P,F%3 Xtr%Į[WS̒USE n=u8O^x*OdhvOAS~햄@nrモb c1ZS!C}f0rGDױz&ı5!ͣT&Y }l9NْyD gNZ _e{טr^4YC vn)87 &J?gS*hTWr>4u+ў|nVCtȈW}ldfjPVgB+E3M 8u'Χ*XhC|hc%f~^|30N|,*"V]{FCӐY WV \iQ0$3t93prQx`EN qi4V::zchQZlu-icuRp`6 ɓ~#yl1Q$jE/KIڕb H* \tKqWtxGݳRc'Kk#n_:[+phKɢgtw1Z,0I݄awf4^_/xZ bitZiXcF`?Q\iX7;g\]{t*FƫV8t%-Gp#ɍ9(RgdSAHz[ !m6s/~_n@wgj/. ٻSm"16ĹpJ`<`0f=8Jq/v>?+jΞp-p$<.)*泇ܯP?9)$m+3c@呶%s [ ]pݲKo4OWMj4xVrN֑V/^逴&e3~s'D0\=Ռ1L{ 2OV4Ȱuˡ9&HI#f:b$-U dtY#| C4 {}q--A֌xDnZʭ08ZrBil}q>^"łW3u)0\=leL Kr!+=nvVFJc#{O^ݒ_p?> 74qZ{~vm(pCq\#h5c%Z45*'uzwS.|ʟwgrt#m⟌*`.Yy4R'qy csL$NLT' *Ny gsi"k4i<&g68>;-Jm,6zirH&MDQg7pN{'9N5Әvwu ^@8'ɖ(ҹ{=!.v&$|1y|D »3b:HX׭"F^b̪[P]:uݻnʌ}]%::i%' }v3gWqxaIh}i97m~["\rǢ̩5QŹhie0WE}+u}E$Q_*ĺ%n0W6 V},5Gt9ze)Rz(N݉:AN?B3F71,QM7tqM%EpC(l}i2nל0ɾ %ÿL>|h!%]vR̀qhȋEl,uGŸ ;CB jO$ /1eTֲCJG}#:0?l)aRR/4uA}Oә_|ݿ=u",7A @hӧ01\tVpaQGΗѼn_bNoի/W~81Ji2HDieD}bq."/M~iU~8 Niw=R쩃% _w*K|*<)rW]>gxtVT. 'uar-a GJ!Yk@JZd|*B%5G5Q5܄2YpU Wf >yG{).iم1ȠwqTpi] ihn4XSB:Szn} 7ϊA2Q-6~ I %Ox/i Q8Ry w]jw!*5dƛᾎb Tc&gM@x(3}jF~5i*%4Ze;:HʊX~FV+Qyv'[m_ tonPC9gLϙ^dr}<[oPIFƁN iC Qdb٠hLehjc2+KdX ʉGcYVtoDMTv=[rGf?)hצv֢طe; :,]{s$H_VA\V(QtZU, ) \ulY2PeWV"ՖFzEsQ잶"v'JbYcfkcA铓qN{οhO7j&ē}&ѽB9$x0pح^̡Z_.E"v SьeGhyme?p9TWWAr / 5ܨ-#L0@AfE{՝ZgtL(|LxLAwun@ǃ nit]k*>)]BbէhY{#sSZ##{ {V1$B Wbq3{~ /#-6a?qeA )(8s6Oh $QXXY/OD!ϵ}"@3'^!9Hgf7uŒaa4;E 6V~+H&EqM Bkqcӿ"s"8/4@RI*kS_( 'scB(B<Å@ϓvX/&l3|>[ISe犬fǁHf w۵]{R]r8g0]jQ +7Hv!alroQlp"#tt $q|@%C=I<41@()D2%DI΅uku+h|ԗ֙E# BbP3 Zζ; B0fʽ5 !Ŋ8Cܛ#[FL3o3Ϩ+,^dp]Yc$i /v3ݺ ͐N#y]Ũy: +PE}{[k%f0zlE ƶlMoj!5=Ɩvmt(*pr'˾[Zey4pxGpz\Cbb%wo7k2@.d"p0NBӷu}sÆ͜{ ), BNhtDyegm4^["#+թC/`RjjG +GAS[(^,iǏDL竬P_9u}W{oU\ElъG~0,}+C]/@KFᕆ;Nx$9=3{^ۃeu>Qs Ŕ~cUO/3&Vp'IS;O(̳ u=A&d"fPlD$z9IDS ܖUoŘ`:f /0X֐%c&Tُ`U |;q$w N Ud-^TBzL6GY\Nw:5@r埱מ36tC"/@DF0u`XTo3RG ~pmO+LN10C%}8clBr;79\6cǓ0 {@e0?[T{Ҕ-1MbQ gCAe?ܦ.S2>A+'l&%Z hgRK~SLog8N:Ms4[ WrJbOcLU^SG0m[^"aR)=).L4& w slZtqW6,Ž CX{`?̷SpNZ:Lr: fUض¦={+x̫Qs/6ʛTD6 &%^(&l(JЁXVz @rU=_bQ]Nv>y{Tɍߒ \'fzݢ>I&ʱ}&oHL60d ׈|N"><?yQȄ0rwdd@͹gɠj$vv_uwb$@O{]=KUq#b/ztIDGlǨ"FC oѢ{Fbµb\p[4[-4DV`T~oۄVni}S=+(4`d2!x Mۻ ,7a#Q{ѡvփO|kH JVG8sPnw6 fM6L3l/h~|6ٻ7SfYjt4FW#̳sQ<ϰK#NkYXT+9j trݐUK{ 8^+Vߙ0W^<p}/ܽ}r }?ٯf$|H:šT ]n[$:]|#_wc^C꩛B#8xz`gTb2 *zgY-Ή F61k#4|-n$7^߽qP8(mDtX(vz+a R1u[pXr]|ҋ18-i @lr5 mUs3vیɅ|x?䛣3<^Ej$AW|VWJ۰4^T<$6F:h\-GgtY[͍}0*V'#:VMJ5n{{嘁-pȌ`[!f6256 oDG>+%Ѥ # CDDu*gxC3W9>3O?vpxW֓ +ϱJ*݉(0~i@2s+=rPY\v"E1 ᾨ #u](=Lk_&eurۮm DFPAR?; EDC}F_LWONm8@ ,3la3:-{j'eE_JΗĤ{U6Ė <68iB*Tf!+B|+%+#!Q~(=d_u|sg^+tC9IژE^#{SsL+pÉ񸟧$d &# 6/i65ф^J.᡼7樲Ji|iK6" Xc _17 B/\1W# 7Bh)Z֣﬑ғc*'cC:{wt,Rg ԟcMN4Aiw@W[ hnG7 @ɲ?Y"3e|CL'hq$3=~:P )\6Q/Hn.k.Śҝ0]ICu_i 5 ar<3reƔFdMyj;ϊ47NsuHOx'Uݭm}P+1 ¶-nE*VgY|81Ū1ےv`8|q?ef(yr "m̑.QåH#;|9'?n|'U*1躜Aq xûi704E𑳱`Ks؋:4TVƏA  D$՗^Yj3`̞wgSÐ)!9u`]<Y E _)SCku0ZFW]dNiB8#Ǒ/Z~H J5nqA,?dI\b`= NeaF݄ tT䛭qڒ.rSY~o{$<)Fwe ).Ϭ_vq 2ґ瑙$C[cg_*fő~\lǟSj*B:YN @cvSVz0Q&0I Vfwxʜ^uK`{4kU}5uA{hZ? % Ȋ2 ੢knVITE7v0!U4Ax1OyaGUd 5Fb0 IzoG0,ؓ ;«a6{{9LgHlM11qԕ,lfDRf9J*VVI|= بg0Ajiąո*xpG, [Ogъir fM'v(hJB-8?Av#z<$,ccvKSz."IN8͑#CGûS8#-ڼLxS}nCL9́w%Px\A>(>vqZ7ti.Mhy!7uř#b8%ՄS֜u/G$[' ].hg uZ֢K%V8s(kٺYa^ƢʪIL?WʹdPđG{\=` r?[y~}|W"H#|Ԗ)XX+Rnaق\ ~-J/N0UvAJjm WE=D-9"ͯ:eeR s>ukp=(& 6S1.'S2Z_.n<\b8jWb蟵b67]L9٣iL7LXh%cM  +;Ťo,;\AP4af5wQF=X½6(vܹAn162HuҾ&ׁa3--wF$]7k8SV$k&췆Zݘ].ƕ0FFvZ.RU !>>@u&ɇˉIb2".$y97UT 7Kw_gt3PHpKK\fIpIS^9,2z⚶)sPCem; 8f$J1Cc`)`…GA(QG4H8U fxq騬ys@D mBqӑ;-ࠡ7 V̯.~v]Ft]fT*2)BώnajXh i?a{P5c10ɟ$hُoۗ Z]\D _#+\s]ԣg2ŖomK=!qp!F^ȖL@u{X/%=Y"ɓ[Opj,=X5GCIDs4)!gyr7:Έm{`}J{ՇNVToҩ8eSY2ώ]#հ8A VUn˽h%'b/_ y!D렮8؎ Pp}23t"3,O(Fy­(Oym(&WWU%#7B7kk%>F?-hSޔue#& I  <P̏B'EeI >J{ȴuv|6^*r|ۨSo2!i1Qeq=Y9%="n2fsu6^dNӱ/! v8B"euc7 i;nmD?-]Cz` he\(O4=S-Wԯkc#[QC9x\htE9hrWl?k92} ©0+`;TCJDK,v8@CH2_ )bJMP!gGZߵ@=vYppe! VYz[׷7[&;L)\]FV.ۺ?u{9D|}"\92*@ֲ,t)_8h U u6lh1]aRUbz%2 G 4--W^؄jS0 ~19qdΛmwal~Rs(vdTi,{M>fI *Ө05|\SḢIcH?=o~-U/3eYD5`F:ё>KW;U@1FNp9fd{1dyx2,\vjC~X/@=AD~F} ´o R)҅Y|  3=S(ÓqW|L>w;,aʇ}X'OT&[F-.s\QxQ[ @ 3׳"ގuz#G؞-]o_+F琢9$X%4Bf)y8W0[ɀ:^pѢ gI}>Jjyf]FwܹLJMnWjwwQghr(gYPw5E[-F`q\ 66JFܦ\FnEϪ.bq؛Iӄ.&bl$5k[q] *40%E'{q{9d꤬1Ń%9DaUR|>He&p i 9D%W:S狜k }c3񇽗ek̏4~ *sj2<8 @ TP\PB AZv0beB:dKN.`'$_?/P1 #qnA[Φ{DtQ|Z/7e%lrOC'3:y LCv%;(Qe,e[tBpn| {HJK8\q:kcfZFG%E;Oruf <p' u :)?c4D{JimU&ͿэgܴbU$.6qaL]vS% }#T"qFԢB4(0uhH9)U\ .FR܅r@_RZ3NH2~4I:vXRU/u)>v]=/Qi:0[0RLlUCcv*Tr¾؛ ̝8tfe,ϣ\dsVTGpSV[B |>ރ*S֎koTe ܥu]N ɻA2PZ1r^>rO n{SR/BW,=IJvB'/3~=^Rv@m]T:d| 2yW"Mة4C#z/_ 47(6ٿ!/rannDJd(}ls!y za 꾑FMW=B'Vw2}6G l޹ĽWx1 U ?iTD E4.vyv,(erE; WARz5ݘ֮NEєaeN8JU`l2Kd>5 2,ԫ~o zxO'dM\e {o]ؔ{)OP#|OsK:?cHRjeDF V'g(z,9{TK\&`am9EQBW37r)CUFcN[p)rN@ThEYJ1x>XhzGŒ5)@xe_`6txaIٕgw.6?Ĭk]H2fHswJߑ͆׮0ȵ$<()x `!򼋧m%u+na^]$TBcaߢfPG4\7e"4b]RF4#Waw(< NoG2%U[}6o7 '-j[uHT2>'rTE*u)H&qK+倒T}:SǪI>( r R,^]Kwc6y$2H9a6a,Zho VqRAw/qGapH4柰-mVdl u8x [ EXnv/N$r<@?gi0 +ڙHOT Ǖ³G"|Gz ^A(E$Gۈ%)~=)י#Jԙ|`At@##Sc+A9s;agASh݌ LCyQBSF> $@'LTlд8767f`.&&^b&m{weO938"56uE.U`.|h'D"=3vߣVY7yw\x+HS/^AWr5- To2>88ҽ 2unIŢT;]0LkI^2ICwӋ$7>9!̓$(vId M#;8 b >Ќ.gx*v41-9)d8yJi<]l75Hl= :{Hɐ)T_[[0 u3WM ,a ueOF^S5`џl/VEFeLE^v㶪"s+U>=:QGAfdk ֛XhPn\8\8g 磜B +?6Q%s+wda/^zuE~CTK J" rDj"WQw ,y ;$|Z.ÅsJU8yC*IɆVCWzy7H UdQsE>fxAo)sSc$ip(i C^Ĉ.h糚:^z:Z3"X.i]TëV!!#..DՑ㉰ׄv6tAdW`H6мac^k}5&}vA[BY02;ߍpXo 31Kni.0.PHGكsY* ƏG$<h KhtHX;w)A/}%j7xZA, %TN3t)_@/HΰoF4.Ģ679cHw`tr("{&;O}<[9ăgla?g^#c-O) _ 3Dm:A2p\#ulDe iҡ1ច vܖka]o5ɱPM;x;RZ9 +4$,rR6Y8w&X0;vؓCZXsϓѧ9*08H;ga#*ťjIż%R Q>rg&-"lV;vk/i!:s+}O^VkJ NN޸Fÿ鲒G{BCH ύ6O|h| Ч=! &N&0_2D SIqcFK ЦШ{*&h]gk;wԫ`:\XnCr:$! sEj9`Oy#Zz+ kwig)up8i(9=Y)\F| U &P >qYUu_ l:ͱV8@!e>T\b4 ۻioCS DgՔf`zϤ7g)19U.xow7tEg~ܵj>s=)TB HyԭEPc!Ca dd0~ 7K^bgBv9A[H\b3h 3O\U) "!;|@TzI<4Gd/&[)xEaP2/5;Z%*| wl->(lANIe⚑ˑ֗b1d7:T?JJsj'B…?\Ya 5Hrf=Q7 fޢ`PP^Ev)27 'T>elj+Ɔ~Ar2<.ih\MQ/+E-.6tj42ƹY /yݠ_@J/c9&]lֱK)}z7ڧ Hj_FlHv HYJ=TT;aRA[9^줱G&$lSN ڧ ZrNI/ЦrHP" cʵnR&NOU:ou?gSkǥ 6Z`6v/k"yyI0U߇GDE(x8t=[MRߘ]P&s3vQB2Eh*v4tffcӎ;_J8@얫a7ĥ0J05O0(55t HacA1"hS (|C2yH2\UözC ɭѺV pprЎNk{ c#FMVAk9&'gK Otո=n쁋x&*-.LdQ{>Yf| uLބ^ lgGyMG괰ȢW]4mN0 U /s# f4hX妚{ "dFjmV/?ntc` <g' inNN|R_+  H+uEY=T7m2MdF/BZg|rH>0yIGEv:euL|ӟ͜m~tsD` yʪ`E> }C3My*6{-xeB5'6B-uu؍vױ7z ҺNދR2?*kL/ +[1 O2à1c'v}&< ?b4v*n.ȂyQ'xnt6 Zz%9xu-1IR=xu',iݶ|GmQ/}CKӎSx0i7)>_KgS\[X%?'(7碨CB xŽgK4OŨN-UpAϞ%7֬/;W2uSEO)=jW%a#e4mdlZ.]yB[ju^ GoXs0% /|LkL4 PϮ!g>8^~*+>^FMjZu-$+ }T r0G'|Nʐ/w Rrxa>W] d٫~qN#KQqz}k8XOjbfY!#yϧ4).(Fi; VWדgלRM߇, x0LnC'r՞H lLeՌ?OC8^߅."K>`w U ?۰=iī:'&x9biN~ܾ奖aGdh():z`&ϯNH$UB&(SW[{D4gV2.J4+F'NC~Н0 S F]q]s$ z[kV= vZ$qg3@tX`E_qaAm\OG4kCԣRV`_ mQ8/v.rW?w$-֚BTa@{VGJM_d x.DuJ>Ml~l3nJqʲHX qj9T0Ԉ8-3뙮7w 8Gڅ'f>7vˤmC*&^_+[AA׬Cm'c;W؃&nwS)uOCivDWL\i>LD'7mkMP\jV/E|6 2")E&P)ogJJ]eFez -;ӕ{;gu(;`iv+63uxMzEg|5p!L­l  Nӹ)+H5s. O/W_(_m^bfL)<9*q AI=ቍV*P(Jc;5꺇O;!%\Wԃ1`'OEn.=Lh0)%E?K)-I7 U~ÀjX]j 3Fk~kƺԽ'4pYsmxtMv@3wKLVhzCHR Lde*TZpFqVᜫJU@g: J&۳6w%$68S\6O`ǐX #rQL 蚭Vd3jEL;khRgNZt<_MjR2F?WnK#\/` +E`3c180~V#֚iËƦ7ߏ!d;ĸ} Ȅ1KB dy5bNl;2ԅ0s?5-pبIW"?g|Ѫ]Y"1ʳz?qgd#7m_[H;Hſt'h \幖޵6" f u9/ٳ>u-īj"&!`/F4u2ۥA +*{ rZHK0#9h ˷$4z kLh +Y?"sX3..8oֿw!oKy.k·l䱻*1erl%.ѽwT>9D|1ߤRyV^Nf>̮ z/FM'NPX(l6|]y g+)g0Zq4e}-/Jny ֟56Of ɞOufR^H̄߄/_kz8i}[os/8~8ˇ=K9;Gmu%8H * mgC=ؑnJCXKtA'~~>V2shj %FnmuiFwj;utI~dM@n{^/2;llC_d((ɜ>-ׂ{V eJL֡^ipiw^OANZ~ G79=rzǹ]ő$evw\ mQp4E³xMZlDw w3 r x_!>dQƫT aRMދѩЛlB^r%_s5W>=DEߛwv^%jh9Ϊ_e UB@w)BV*X<6|k8(@! S䯯Zj hHO g[ l}c.i˗_GK7|YTI֘)TS r+P`yeBn^cYаX(e|f2k-B{cy~,"1Qܷs?·h\rsѓA 짠e$8""zٲ}U4|+b҂4LJۅ͗ O354:^Z4k qщ."mFIYDyx8Ua`>1+}V}كA*=eyF%+,GӋ42~$ tv6 6PBaLZ':dgWe1=,Q,ܚ l [`-@blL2*h=lߎC8!q&j]FF'N.]G9lxu+4U1U;q505Dl&]:`XeͷL)ǫ{m?׀ ~Z*8_k|gT6 M%t´I/)4K./s@S%P\5̅SI40%NOt98r[Ր: 6NI&/N;*vpp)~ִRHp”+V8]?Qb"4chuGjQxab!]*u6-:]=9D+kC&]"dOoܸ1؁G/duA&u9c`bml`eHlog;K%;bdӳK$M]~:M6,`—sa]ug5Xt/jsO;^jR.I\DQSSv]$F7?rT=IGXG n6**BEKm:nM0K f=N/tD/꤫h2XOBqLuLEo`iT阽i +R]]RזRd3ϭߟW2T-RP1& ߊm DU#FǤ>'4NƿtXGKHNs4 X\bI5mD/SrCBil1yE:"'bv &n!}dF,A,krV {`[U~HěG1 _cי71 MaN>/~yV+\yb0QD? B>L>FeAزaP(o`I~V㓽Pҷ:~7${aH5;\I=+I6!'~2Nqō"߸- Ƅ<"c z40UT&S\K֧ jM5apW ,41iHelJ7 ֚+7es0d7%^w >N%ٲgYE=Nd,s.qSB2H",P?J ѪІ\7<Բ&"z0!DR% >vp?.  !NwŬ(jboGXʦىl+5V~ī"kgxϪ֧F4Uekze-^R509SsdtC1}Bd6AD+!yWp)RK3]p8:ևi!l M*&%# AlS:R Q)JZt|]TDTgT%|D; ~Q(WҖ"PgYN{qx2wϷZF8*w9*Ѳ{z "P= #`hb(䔞GH'$OO0ޤˡRGErZlD=ta Ħvѿ|DVd|¿4^>l:/3/ 9$#&뒷99-XWn*D omuT,$br鱶=̉Õ->f<")qaҙьfX H1J,P>#Hv|D9[G$ˑ}{5 \c Ќ3s5R$ Ȋv7!}ۺYM.u a)@H5h/ c+ o=%dvL(jYFS͹o_ev9P.37%;WdV[fުVN/kd9s*& Uׯ@xڭY~dC:jcݩ<=~Bk馤s,]揿m|(1j:a=}Pqg^Pzu7c6 lz}lH' _( -7%.v]j6m Fnt'Vj/Ze㖘7}`ݠ}/1Lź @Y{I8x=ԝ R_%h r82e,$Rq+:i|ʷf&FrW4;x*,.0co<d?IccOo# u`{R z&BNN)h{~ȣ  k;xI4q%܄7~#8\5ʔ̙&=p ,즎lԡk3:  [4O"7+@Tz+,h .ss)W$U7Q>qlŭ=G#:crSq+Klr8KY/dK 37c;d%o\4+=N7P^7 ˎG>K wa }|{b#vf}ج>Zdbf#mn-0tiK(Jv/hBk L(dVB6z֜4R׈wΑơOWϋ1O-kIzpdCT 66uM{.O!|D߫^k *x%1caB;8-عr]qiX|6&1Fd Sz?b/^ ]Z=j'Ε07,ʔFJHyx87e]>HeYlI Koy1Eb#?9d8 1l!M'T;;4E=D'Kmq t-)-GVbوQZnkP?``op΂]!Kr7 )&ѐ\qO Wo)ͪZW~۵ ,1J=Y)0+\ŷ+~˶ѷ39[@6%7EJh^\=T:KV1DFB#mFRf+~ӑIڸnj׆,DR[uI͖P7J d3p42 Vpo5*3 t60aBP]~v8 ];:ͩ U[jО2Kgé?ߵDt6dh},q“JI!ag>} O4 4sapoM9V&|(dYh|QE\W2iS^W]rLJ%2cb&Ά!ߖ Y.,V?$ڏdP[D5pY&ԯV6y1,kKk,~R qv34ST%}y=|<$A%~%&I[H"3M@YL .B ko!ジ_9s4( 4Ewm LTSd"^,6ez-r&fi8znZmAw720%ڛ 2uPC(aEF+N@ZgQ7e ʲ n{L2fWI@k(fbsOs ,"^#|EܶzTāE?E+SUpYHq ,߂@N#g| &#n=> b'1=Y?sEߑm6*f,Mf`y1M0XhxUv`c7 K>nxO/l^ ѥTbVt'wMB#xS8vôV7M7O {J"O ςMh'kLcAƒn]lB:?Qi2lRQ$jLgK858CZzHwF#R73cwY][ĵqTUL> at0xeaC#=cwwQR}K[e'@S:q|416AC{8Բ#gu@;C8m&!-~.|zW҆]u{rl"Vփ^h  T~ܦy}KO6ﺟPh "$wT) @J@ELcCbj} X7XM,VQeRwCH :E jrأBJn_iblVc4^gK9辒" 4r$Xnm惇z闕lI 3d-Ok꼤eDNWYMAw9[ZiBw=dK8ۦ+JE>VSJI zT<"{ԍ/tv ]b$(ljū9g ӄ9!Z8@4iECe^Y"c `zomq# )Qf)o^<)BG5Ifޟ>~9<=v4P` y -[ ,RQ3ha)i6~M6y>`)9[ Ꝅ̘ bK:VªfJ+Ds]<ޓM?EIj5f[*Z+ /ZuB:ʥF?VL@PydKL M!`@¼Qz  i82=,1g[#mW-v2 y=k.Ǟ1T1 $?`]r.0ѩ7;;jM+=iH.kH^{s{syI]Ax&8nHIwdtKc)B\WKP_$7o3 edjgټffrR6g8(aREH *TbܵqER6AMC;X#bsc^ϰ7@t/<8>CI'YgIֹiD cTC-:Jx9PeA-ʙ u6lk1dléͧc0 {cr- d1y1Zy,W*Q~꿕l$_ꂴ3cḕWKd-O۸ @S&5+[ 5rЋpEV.e(;6Dj!\^YB8Nʥe#ZdvkHyY liPKLs*ˇn}sfQ@%ERg&T`fwŭ3MwSN֑g^"9KN_2{操TX P7}12vʶ#J۾~w V&b-lO L2z`MD'35)hЛ_`EroJG&'rD, ڨQ]-Z{0]߁g晩e Ṑ+k+>wBpcsZdI7v1V-{z픊=, yυ%_)pWI^z z/[$Z^aFp/pt0\SH8Eb]ȴćP$0$29ݗ``-FWU]rǹVRĄjSCEfyVW3,n:€nddo|Ȟ|Of c}f/q8r2taQ6('z.HBAub1CCi^sFfZ}a _v"T7HZ3IuԄL'-arc>@t\y_$<Mwm>bb _6]ux㨿d ɒ|3LjiF{`[|<)\V.eKp,2{1ou$ gN $Nꋔ(U%spi?5/Ap 0;L#ïr9Mn;mw,]S%Ҋ}onѨ+ccg.*ݓd=NWW1aOfOCPӋǼ1??އ' *1ժk_H:ݟyTV3G ];xvbLV r`0@Mf4Qȝli>]˼ytT噂/;jn)G m;.9"KjA\Uqii樇IiuTyNFF?Ŧsk??lf;A%K]8LM>ȑm綬U=QeJ}FQsS_'rún ? 5_qmMg!jA$ bs^~YH)i*4e\ Q"0('΢}chvYeEK HQβG@+hG۴XIiN DeF]dq"k^1'ؿ<N{ 騆٠Pe_ᄢ J:WulVRc؏_OFKR(3V&y9 Ǽ5$h_uq&D?}UXY}w8}7~XK0)!"Hr1m(j&Z7`ዸkToHHIg~&{rMZky#3;Z'1/&67$f]4|eT=gןMœ n/ Ƭ709x@MVlm߉aVԅ&|js=vD`5̚E((Yxv9sśו)SFrc豄 Rw& Y4~|CM8yTfea)ejOE'l йJh|~s NRK?-IOn:VN3`U}Hz'IC%\H'PW5Vm6@G @|d%40mn%M Sdߑr?h7F5O^Sw&hVS<Vǧ '4eTT4=/Z㑨^S2H@Xn{t6*rBfH~Fm~$WBNKMyup넕uvfiP*dʀUJƜ6Ы XB4 }/Jۢ!·QY|@&iCVbum(;'1,_QxcKNvH]a+ CAt`i]q Q%=VC!c%%4:>oP롾*c҉ۑ|mAeP(RZڀ[?fwNǼFXܑ..~K!Q_ 3X\23ƎEPp5J^=jX{o I6O ~=㇦Q,,`?! BS0?/-k.M⽩{b)3!gDXv DV,DClJ^>>ڇ2h^3Iˀ@;r*UNumc%pB#iXgߒW:.D駧3N-źהؽ@/һ@Ȏ/?z]aA]V%Ȑ o?X`a^N14K,}|tbdIbk'r ?ԎY5j\vaJfXB:(&$SfEd'}$$>bY( \DcH#! S"dzl ܁Ӓ#FW%4(9P&ᡏVw'ݪBn 9Nc(\}-;ফKOb"G龀cymR Cw%/q `̺R_|)_J$4 :- Y0Uġwn&qNECK hD xe"hO+!w5q6Q=mzsx-HN9p`zdYlBi,?Ө8DFTF:e;[K]%IwBK,r.RsF0rKt+18))SRTYMlPĸzˌ/5R1d[!.AɂFu. ҹI#CuJw?Z㷞XD[j&O36*XbVA*fCYv R_1 J Z'Uci.aHvq,]7{P*4K-؂20wzN`3I5tzm)r|ڔK ;ޡ4xKUB?e:OFbwK,,kv3FQ žT%|8BomfFn@&Q\pR+Ά%Y \wQd) P҈G6BNE F \gE<&/OE r)c?nv@!";T_^"Jg $[0`ֶ8i>L< Áö;V8n@o; Sj@wn?`bE~Ai_c)np5Lwq 9}̊0@A9P ZYoeZh#"tMEFB#d[ZjD⟥ %j zBh}X|[ ny@P %{kyKfxJ8bKVl7@j+tmL!D8ڠzC=gQz#P7%^nGSq2Թ.$m@ _8f|նM˴Ug'&- ! &||_VFb6qtɨz2rkݚ>b-B:2.k46uU-&b@\k7|`$n{>=I@G?VqYA'<߆9|>SDHuSiM,S<ڽx=NYkΗϬxMC;ݠ>:AqXO˔S2mٚyhҢC9ٺ0 QTߞwn91fMd)#:CGNc/ 6I,]A>dXU ,ز*zRM<qpZh ?_k 3rYel02EUGeW*vVDITw"fozT.%=H=ss2J--iCv=a5,Cw&GF _]#`7Z.m&8`+N+O8v`\{8ʰ朵Ҩ_$k/.oB? gZDU>/s~ 讍1K+!e94lUy.joّXu<ZV q;L^[r_1pa%^1́k1r?q&]A@) We* R72%)2sdl`N5\^!$[)]XtDQLJo[kV"Q*G2KRI$f`ꈠPbR@pV>-1Z993v2Q~k]%":T R]ھySa+H㆗RcGX|P-&|۪W>Mt( 1JgV@By=&&VU]XgC}e?XhV.6# f+~ZS۔>pV%qzDc,ufE1Z 8 i5@X*I| hcZ7GckSfAoDHּ[NֽqƸN݋)sM/ /GxŞ1_;NqRE9VK;Ah`걂i( }#_34n8y{TNOF yxTRzRߏ.0'-* V?],Љ=ݧsAOr;馴p{:Fφf9 A݌ 96lD=a fW$}/n0*%ܲ@fh@PnJh 4ߏXScJˢGU84Xc~A͞`"咭04 dyx,Рn|=h' E杵Ōh\,'H*tW*K{.QL,ۆvCKv:stUu+.㴧#ZѫP6Xs&11c8dT̋E"xIO@2}:t/r2 IJbXӴ_|̝0'AV 2UKtYFn]6[%Hl݂3Ǣ"b޶*d}ST2IzonCn9nxiV#!P_4 fK܋'RM(hh<<[Ĵh=XS] arnGU`8]07Q90umԐ%.m3+PA% ?TuZ[7sNغ4g N\е2܃ReqEx§]OEO7G=b*$stlV8DGѓ<+8 0h:\Mr(1jhz?Pxstq#&<@GX|F;>tWE:i[rQu㛺7b9P4Y^9QCKF2sr1%oT!7ۼRtX)`Qi=TR"O|p%k %~' L&Wٿo@8UjD W?H͘p [lqNz[x(TCMl`#kB%3Z ҷxzVٵ9 ^C񞿱r4<';sh=Źur݋oe?gPO wg~59(&r >a0^9Msͪe!'p+ds49BO_cz#a:꽦 [FlT{'gZ Uɑ5N}Bc`;'lDg;O'hƍ-dOݽex0M`%۲Z C 5AiR&󖝳RMkX*dȱCU>]\ޞ-sj&kY-a=<:n!hNBHa&чz A(`*"3[XwyUl=znmqiGf7'vc5ޖ6)(Qw۸-xIo`fտU|5Gehn?']ɌCR0!pLޯ+$Y^i2 d8Qm$HSLFf#y),A/ ϶'N4E'V/)(llƃ[%G@#Xl[~Z;#H?$QΡF@ 7NRF[ƩޖJ}yģ*$d$wijKJYٷ2d8ABд1DQ.G-53esjOVI;L(Ӟb͠R5GO!$VJ^- @3F d!!JmmhI-QL9p[çIHSxGN$J,{$,G}§$܄wB\:V܊"z_g:no-I܊CDPh~yErhU0iyFadΘ[6hRۯ!/˜i(L/ 6S槵_vFc?Υ&w7ʻmI [Yv7]"я.P:cOET?lCcm#1\+uL7? Gp߈Ɏ e1iLt-C{+Ʊ4\n>yscJ>+_{AT kŖRU$XGFaD#G X Bn AO9[t fJQ<=reE_vZ - R7N$g #OLat">zsY^>͕W-;I9 ŪmQh%IH` QT< گ4G+=g܈[348R M{.\Ίq+U93{Gqyci>u]4ޛr8AН*ɷxH4WOƶdS~Jm;M&% n>`MQÌDc'cX4e/j~ߟĶ{ kYWhXu ʙ{ 8tltp)Q%nɂ BV|1t8R\KQD˯ݶVL+zm|Vԑ{%,< #PQ#TQyJ\:kTCm>Z"4_6l؂[JoV9gylyEk}ʹp拭/5PGJ>ۿeb%r+D각Vvv"d 6AD`m|p5=}qhI)rq^E-K[&4c0Y`Om'@M>$AUSdnWi6*/ҩ#/,Ŕc[3ѩ2̳*PvnodT=WH>U"K)TvsژQQ sC*W4&tMPntbcnklW:"}GaJANqV7;ՕyU|/7 ^̓Fa5j)w'}%lSDy7b#"ҥG(IMl};vL%%zz߁lIPkm@R/8yJ >+H2t=g75jM%*,ӀķM)A~ ;˙ZZlSS藽I} D vӠ)4rv[ҨmqXL, /g}VlaHQr! TXUڛ#Sc_mAd'j${{aANv"M2Wv"xJ םtr,JX2Ϫw̕ljj]Djdj`12T5#;37xs_%.6ؤDQR\d+COr!ZT( r^mhRS|1|9HW PF';6_ɀ K>ޤo$Fk+`vS 9w>>"n-i!H,٤ٖ+4s !C$g'w  ԍ|<}< , O:QϢvqĚ"jmAmuo1;M C({"xH#*/a^Qg*q0O߇x`#=AbzU@XT1#}%28Vj'}e@pv|!c z2#'SULWYVP6&Å^•dCq(y9:_&BHNg}R߰p߹vm)'v*gu,>3O,(qӬ7sgf`ai%v?jg_EvqoYlFmHңcTU{*H]B74+ Qw &Pȭm2JW"*n/4NTit{ǿA9S~o4 :Q4] fXr㺅Ģ8IxzJ :s0gaye/ԩ">~q^Jآbz//{J,O+&z?c ,=1b %#4Zh< /zFf(iPd=}?2c=7+4kDv"HLƲ'r4)A;fWoo.DpTVj(%2ca1>]ٻl.f+څ 3z$KEiP VJT#V]G&S)j;w*ILq}-èeTAmky<҂680 e 5#1wZO6/_)Фy-*tq?CJS2FWbkXW:4Ҥ;P9t3R ]Mwmsan?:hoG}h\Zq@2 &oܻ$y}\)i 4əl\yWSrNwxDAـ'PijΓotm%ukq?5?@DOi=hy%ZOaT2o2âھB2H*E/@3>/pa^+ k j4 4MwhMfDF'_RU/c ^,?1SXƆ~W N8]R86f,60]XJVE붂KI(}_v+4@Qk!ؿiM9r=NkY&y5!dO=m=jXAK d0R 2ul fÍpފu+ -y ])JdgnYc'SʤN$9֐ n3q t?'W8k gu\¤Y%44s&-\8x L^']?K; nF2-ʋ7/{0GG.<HK_Afc wUKuB -fV4%#: epмrj2(U<8/ H%Fܑ:\q ׀'mW((}SC s\vQSyʆ`!\?\wU^ZN;jWnweWг4GY@O*Q<$cbn/k1wIZyx&i- RV0hg6~811Bt~mk4q~RMl?{u;?$V^LAŹQH<$Bbh#;_F R84>=s5eM"\^6Bp5*~n|}rs:IMsG[rE u@3w\ Hsxl6kZK{zҫ?i`8 Ҡ%! [U^]&Dxm1g-'c3z˻]u>s݁bWVq/`͝ch u GD㬺1̻pbS(om s > ? 2!w/6lC "Ez}) *APvIjLJr&`1'n.`_rjLCˆƧQXS$]>`M. bh 1Ǽgc%}s#'r=lGb_Nޮ~'\+sX]/QϮ+嘦}9Ajt #)(dz7j|斏z㾑s`K[zV&^?jYw,kQ"0Bسr ՁL(U$)8ۄXT *n 0(wrsq(7uWI"6sYK @KQ*li]Irm~S]KHм`ha\oϔroT@5^mZ93I <ȳ]:oFBfyS43:Y9.9N>Y0Z1Q6xVbtP50F(tjTltLS za/=̠ uuON8@phxůt3(HV=;SCM,}" lzmMޑ5-"bf@M뢴( (즥a!ǃok3ۖp ¶](S"WyA]@ũ'ڛ) #n'}sbWXK?2g*: $/-iè }I[2XL2w^F7agqiLM)u"TfA< TZ_Ƿhv$VTvb^||g9*/qɡ &[_Igzf+%~ IK"oҪcSHsyM( qWFݜ?wFbc>1`"1m>w>ap=(5o;hE*MQuwn@qS=P3rP}񇣇8J \/{j# %,f !$j~WP(wPC82eEI'5@ +"0':Q+dyB_ L-TS>!ĘƾruL0ԛ-7jz_o$@< ui%S>;f0ST,cI_L:m ~A2h9N%hSuٶ񾀉2;0ƅl˨Ԉwh,{U @OMv[G'լQDX>_jkԃVaAesww|\}lsKx{`z+Ͳm@?E2d.mZ瞿?W??|Ȥ,,A6iQ@G~JtKa`/KKQB0`7Uoi'^ZyqyHV ~N}R0||Y81*#wN/cv%d WP.ZAr@צFZ D!(m3+X+]q\SD@.*; "Ӌ\q/B[jέ Kqv] *ng*K=&۾~fuL\&CBwхjX[[U4Y1-9z ‘~|ω$v^n K6ƗAHf|x%bENաEWFWoF"#~.-ZGA4]quF#^(Gif %Smi ʷ$Gy\=c*H5V?%K ᤘ́z˜Wd5cAɞ1* 0a.dnC5h\ 03w2'ڈ!l-$aqAzC%b la> Of%-Xvڱ-xԤG=t&%C\j0.p?/;ȳU{Eoq۝`_Go7i֪~BO;Ta!U=o#QD}= ']+1kѵ7xN'?qb|DYZUv<K~i#\dAy i P@̥v4X^8m1HPP¾cí d kcU[_l~?-U .Y+>*#jXIZ,MG/ U`q kmobbX5kt#ve F)!S7#ĀF{b_|l%~LѬLjG*g׹!";ȃb7\2zH'E@C wJJYLI+ 1MXM܏ d&Q=ɘꕐnDKT֛Qȑ,L_Ӻ(WMJN`P:9n-R2$uf݌[ԅR.Pr^TyլZ?R9;eb3zzwQ4,55Нl}yGr!ӿ{;|椝Ir)%nQnc ~Փ" ;>sK΄t34JL9|jȡ7 Fc y~cB(''*j 7i]Hxybļx*Akf BK:B{֍i(v j&LCڙf" oXjkGdJ7mc 祖̡J!jOfIlRԗęzA7ˆXQU>*T.8LTL$ |&:ަ.fQ~Z~ D% rrnr';-NܣYs:uCav%'UkǶ{(AsSs Z_%TJ2Vr}S>q-7j'} JzHB&2zM}Ac|Av0PL4ȊH|Fd}(6n;r![)q3O(٣{}kۺh"g@J!ޠZq҆[<8: pk-<`HK]Yn0%Us>E0': ?,?‡#;82x1XDW-$x7)NѮI澐42;1C9K_>ү, Ք9?;5 yt(#4nkdT`UJHzXŵcp*$|:d|qZܲA0'巖 st/͈\ Q uce/"BAK`6 {i@Bxƌ əU}\[!lOA٧_XLV:gU<ZE9J8[ G! ֣G8]`ɪR=05lW\?KSm7:TE^mOr3LAXn]k]#G^+D)b`bDb9|e$5OBZYdV T4Ew*ᩡ9=\x] hL c畾VUabߍ5+VH Htڭ,#@a se3@wPKH8enh`YuC'*`gtv(.1`-T1EEYeHY.AWpB ] mm@3Qӭ~D$r|;l^UXEFMB 3x`.0E (2Gvv2 =$A?[n71mmK'Nd8t7 }1zc*\e g񙟠'WYa8bP%tq6A dlvL T/be.?eՄ-?a]ؚQś>@> uJ;;I 4fv}fh8{` IA8:St/JAVN;5 \Ë[[0CƼu9!Ju*,%$'WqiOjN#펍_҃˾AЧ\G*"ج˷.Ffnn՗óA^>3ܭ5>4 eB0{%ԇ^+1BϤ]I߯x:ȎWwHd+'B_Ȃ/iM-'ۆ9DAp "^c`5oFLik(x8GcY QQgDŭMxB)3=5G<=])o. }yZwfZKdsUTD̡Uk=3e1xLnA.:+ƣnyÐأR/LQ1OݷTtx%%^5aw$\8,&G@qed;duf4*e);˯RZOe>_9Uv^v쳎қPF͗ĵL0) Z|o"7Gi ;f(=pzc`dV4 H޼w5 |;~:Znx}{:wkDŽW$!cl[?!ӰЦ^( /״d FʎŤZ;Ǣ*8I5x(޸]0{-W.{hAk<1Jt<(Σk2p4vdse`g@(rL率ʨĻ/NԻ^QU=߱_MA + <,q͉3_d<+jVd5 (&l .6Qc z #] *-S78oG{l'1q)2vnlUBI Mj=)kZ1S^|"<(>pk%cuS[p8Gp18+Pkds;Y9 9*K!߄BRͻEV2aT ~vE_*"Ve`ثEo0K !fC!!xvꟈ?}4{D7" ڴ-J_lQ2j!U,`VSURU;BJvnH%:mO/b#Acy! f 1<Q=)%5as+ 'S3V yrK)b6׶Qv ±e*.[uِmn[qDUSfa*H$k|7n1w`+?SbZc}L <'?nG rxDb0~4Ϩ|S*Й+F!IerHM3ToX$VU`bz-;|^}h(`RmYuǼL&"D4DUA?Hz<$TzV\W:wt! eq^Ccք7L҂-,q*C8A\G-&Uw5_Yא_EnW˭ &-Y)?-Ku/\NePP$DGjJ#ti>7%uFZ DqE}iࣣ 'KU ca4^m#Eþ66(Z+c"C&inhv*[%qګܿ=jAyjvoX./l{dXLaw_Z4@jfUY.doTFב7.GLڱ0Gjw@q|"-;ԼB/df9-ϯѫ3Ϣ,ag/m&Z=nPT"WqKr%,C56S05d},8s2g4\ fR_;,dD 'l?ت}c 3rxc*10hG#&KhVhOtET(F(kf#R>1'*{d0UJIn {W l&+pؕv,VG͌_Lл0t<=X3ݼ1Ċ\Y*vsW/=WM§VHKַGh8J2n byhoWcX+SV/fT^SsKu{/o F ^sIyM[0_8LBQS3by{*y E.9&U[SFKq:-(@`Gɨ'[4C٢Wk͆FB,? CfuLP٦`6}&uXUۯ"g72sMOP#`I hAQ{ Q/l={ |Xr%tΠ$ ?J ܱcԊp(O}Ҷ|,] pKӿV*k?妺>Oą=Cߦť~Զ1ΜeNO ȍD)ɘc iQvhz|\DC2C)ǴY^.M0Oz%Src/-Iixl͂xm:xchgE*s=ox+Ml q>di=VMbUVV%ABط~H% 誒 P'%GRWZT4t)")!T]pqY^60|9PO%['K3tM#:ת0bX}v9nvk, !g)帏tj!^T7szB~wF @Lх (Fϱj WankL_ţ@P~Pdc{[2ƒ#쑸YV?³^8l'C͊>48ٺa@;&xC>8"zMz.:}s +Բ(-ۗp˛ybD*.GBQN#CÌAm8^#UMA@Omݶhe6") On/2Q3 iSjt{RǬ&i8؆ML??u25#Nhs">m1P Ue}dDP.$:um޷N@A =gl :BHμxknCj{A)Ѩru0:p`M'؃ G`"sÔ}|ÙG5No)\VMfFᝨFu* bֆ@,׻-0K99 ;Lc:fi`J ޼fEx~ypA91[/v];`-x غϣ8sLN:e}vשe<&qX{ܩd̉fwWۘpph7V 1M_a[Y`Fr9mvU,CvtvKћOoǾ;.s[V],Z=ZdvKx1hd}$zR!6/gPHe#'̞$Yh{5ӈоq$_;6VRN8w_+iźfIǨkN8'r:/ʢgkF0!xډ@_[aQڎ ƐE=omt_vZ7_OTLžܲe,:.1'䬾NEcs/6d^@+4-L7"` ۦAZp;R4[0lӣxXCI |J;_xz`[+Yc80*lR-M'\ՑB L89oVRZ>%$bBX[ ܸ8>^$Q%XoMNPuWϟ l.s߃BgZnAHLF芷GH8aQ悑}Q>5QoC/q#yeLBVj;KM$84~IpY_ Mhhh5gyܨxuRXVooEdY=b9Q3ʨiU=G_qU?4\a2lbD!#%iBXy_72gLwm+Sy TNNԨv"#Ll\%>k[+y30A 4>^N+lg.hoQi$?>e>iu _a@*;֞]ibeY;e& e^Ae6ϲAKN R=ɾ W bms9Rka- ɮ)S }j~C(jrnn+Qmt --rΨ:VLyV&4 JM OE:H5D~}de?Kp˜JwӣC$O{wF%x+0&V"pqSo3{w's˩tVF^\TؠWkV],3ٷd[J%  7ÏY/Ig8x ~L*pVy H!  䱹Z'GatU<⵻n3? ժU`qQ?h◐avm& Gl7:'lvj@Ql$i)Lb)j[ &;klthܜ8(- ;M깹Ċ\ZFtQ05mff#NхeH?E G0FлXBT>kHaJL^c"_X!Gf.!y;/QxL_4luu?jPAc |9 htgk4}~ܞ2Hm@(mizsCcg!Y P^T&l C3lq33+|V&Z@A1w cN=83fٷOTz9s Tih1g-Ls)zzө>4hVW{s(;VNu֟0 \ [j{ az(L}VCOee>:Ϛ;XNpZlxfa*+쀳p1#_ FG./}9QvX302^|OiuWǁ{(ՒHs =I; K2@x#$e9b~kÑ{=Ù};5Z_IPLƟqhH4< ,<9yZ#X8N{j:)"[,a-;ގ.;6ЛHE® 3T-)Gԯsz.m]CHE#WPZԐ:7ۨ@>y- %r-Z~U?J'%Y7Ϟvf4 MeGøi"e>;{ՏfZ7Р<g s/YRp/ *-9Al縲ǵ#9ij U_ n- .Kz '{EsH,}gX=CK$Q$4j8a&[D f?T-0Y qJ#GiUroV!ž?>1o?|kN]r+U'eH"нib׍)u2APJ^$06avIY}oDiVqKE z B^+2 ^;_vtxW#+TS5lD〿a_@mU)]80m^dp}I0tإ&0ɤ6t!pF- &֬W5GZ^odp-nōDo!6MS) X)5!=b@8)_|DȣWޮuÎڒ)Ί>7;_>hyRN[2jDOdPTVͰ9l@R{q6mu ԗT3XCU_LZ'}&QК53.ZUje(Z˓_Lj9JYg 9̑{ڴ hTmJjʼnOYTD;/4W8!:~ J88| GG:g{̸ -lИ_XS.{W+ Dj|L!{9!5oI0Y>^[ά`~}.^|0ݨςޓ۾) b=ꚞqЬF!9J;X9c_s(YuZ<-VDa#Ujd@ҳ2~ZFR C }P93}tsU<)N~1`a{"c΢)27qT2p!mUp'* vF NQl_G sҋ%qȻ) l{33j FV%ogshB)2*T cK]sSEynCtLn^dY{/2zN_#w#"5l+ַC.XNř@lѢ6E^4 +<Ʉ5з$}ioM0V*=q@p0f$%ʲ>}zǹ+YP \(6ljVyŒl1!Y=d@1ΕKт&i>6F;'嗓i7rrS#v+m^⶟+# R_KWqӹmGl5kv6.q# 4+c][|^ß+=^֗9_VwA~MoL^Ӽ/ \5Ă{rYΏe5j(L"fH $A5ȠXUJsT|}P~^FC'BW^nha\9b$J4\5ȓ=:T>:˴ϵQ1Z"F)BJoSak6W/})A1pSU+R΃J@,!Ϝ0H[X~o-؝\*Tm|TE7}َyS$θ)@,-0 9ʪ;5a(c8ZfoW#e0]`$@ ᷣ;54/t^+fe $+mhdoU&EV6c -p'hu.kkC=%:ˆ1bX3[UͩF!M=D</ t+0$ 6 ˸N.!TSEFr*8 (Q -X.)N팙x&7>D0CSg"beza-2}*JXw_ Xz <`!i}S|2+FyM>/Y3ȽymX6B)*Gx};~t=‰JLmʫԎ~oXcW3#s\/0Xm#һ?#xO*R]~Zwphhev^1%ߊr u:Vr̂#nQ΍_ DzgeW9Lq?1[`O7.ѷQŠAjOy0:[Sɪαmi-K*EU(r=KQ)\)9olom1HSƭPV$YOy K1T%oP|y?)\q 6ma5 Ͽqbz#(rѯ4 R^m$ 83|,1@h3n$ٍ1 2d2XVN*jREF)r9NBGH*90a[oin 9?՘+wfG><kA v&h0o.g]޶gE }Hh"0j.$XM۾,_ hΗksL)qV,0IY^ɝ_*ᱹlKA Y1>C?6%E94҉XɦeEXަL䖎Rɇ:ZPS3"-d)?Z& M ^qZMܗ\X@0b^zoR|x*t趓Hvk*겲W![`܀㕒5z᱅  E)A%>׿ĊǯV+tеW;0b@MS+NVfg.)MqD)r:w<߶F}LJ:q LGWoڝfĦ$ ȅm+Igof?D@R\cnsˡIXyÎmNŖ&/+8qza#*6h&g[+rCYՀdEkY?-ˊt?5v8:푂^?̪1Rˌ/"g:ݗjMP7aty~fF&@'>%H<h"u)1*a5Wƛɝ~/Wi)t[c/Q4WO nofKM&-Q F_HO-W[hS@(pcgp;dp\)3٪!7^AT{d0o߄5 S%@VKd(+uZL FJoʀDF[LO|ĕLW|Q:k|:=)# έqX8u<>ϑl&'Y>e7|zoH'0l?-IFoS:{AtiDgH\> ͙{Ȝ# elr=M嵠a ˖ g Ua E"ʡn(7$#LJ`e(;Hѽ"4h<ͦұittWg@1M>_=~Qx,kka"c5*cI!m]qJ^rr7gھQaIn?ޛ&I6qR29‘.尲7Ȉ>%I] 1ױGUbȓ":@MS%#Ξj|v{Цܩx셂" ~Jh˝>v¶CXtAsji^NBoRUJoq}|>Iս 6!_vA<`@Q;nޯrili󭑬Er"/ߘ˞αW- ݹP! [v"o{^+H܇M<ٻkq(g: wV}bJٝz UYL<){mW,CcMXs9 RNui) kuXRAok!b2׈Hk6oHJ,$;[!55".s#^Xx ikV3j*VS*UdM4۫ZըSCȀNx<NǠy.Pp_6뵘s#:8pKC[ܴFiW6{ϻT $R?XU&62v=Hɔ33S9nx.ʉƻɺ՟/]F&Ϧ8}hq}G"AZBujLfw ϣT 'g9 ֊~ᙙ xrf{i .~V)4YQ3 7,禶`b+hy(P4]Kل /-w 8G?\DtuZ V ܉lDB4؊ܖnǔH<a!*L(^yJ֕v!7MH2@,Ś Xz̙ƒca7WgrNfȅQ!u[Dݻ.Ga?vnےKGll.;CD\29{BRD6N7&*H`sY[ \87wf+FO0#?vG`! V*Z ԬǢTE/!Rn.R_; `;⇂%Z@VF$.ԛ[t|73Ti!DfJ!,^LkkBnzB1rGѠWE?:4YУ؛%27ekaSEO!d59ӨmCJg鼣D^"b 吳j?ݗ ?&C@Dam -dE}YC۴N< [w$U;Y}ˀ`#B}#虜>jn\0]_wդK$-+ܴ,(2j0ih9\atv ԗF.WF[݈/d peY2*&(LkN]7<:ѽnMb>.h>tjzl&R!PЧ7 \=%aE1p׳[gm ;q@]ěL)jAWr h U'<>|5j#‘buת4Ο*x7f]4D$Jo58}ih\!?{u4N{WOHb]{Y#xC,whV `SD;4@+pB;#m+L@|=r|&i:u|XI CM:+A5\MW`EihABB)C.4>Ql?u&// C fQzo'.'/0Fޫ9P`UŴ1?PȂ'n7wTu^$|C+ کg m1@IV J5ũd!cYd1I{_*f.jAAvv E]oVsKIy{z7ty2'YZ?l6uv@Ϫ2TcTLɞ,̡hb+ (¶O@ęy~O4ьX ] fl-j\RW \mւlNm^eh睸L.WO/xH:qFH%뻉@ |_ 5 sU 0Zu]' "٭-sX|GyXDMtؼBJk}>zn#ާN~ av /xG'՛Txa-SF_<NL@Ŝ$\8_I%Ŗާ}!Oۆ.QYӞ_4Uc]ī pLY&w|J$|!VЉ(r~R$H8NAf!ԣl%JyF H,eD,oV0`Q5Wz֘v[ƌnLaJc0:b e70 Ҽ34Ӝ?T鿡bpJ}[ulo&fP6yVv^.pUWiGk;0$ rYtJFl|"`FSU\!5U`O%f*8hH RMu&|X5车,Ʒx ?!,U;I$FŎ?μaUXa?`s 7p5vvf=`nX2 /$xÌ۰*.l]?)l2鐁F$\T} Nvpɻ 630=UGe5[Wx|q)<D3`8Xs <{CRIQm ƁOHۙ홂Nr-#VbBv~JRB6_N6 Ob =嗖/@ 4qF,9aWx5ذa>KD@}d1 \I QmS##n^X~q'1x[0S~E=jD0 "oJlppOM &Zsf k83 [()7bECBmyp;"iǽX/=QD܀8 ڗݴxrC=7ٕB kY( zPphg't'{:#ˌâdv2?fXmmHlK%5㆔?rK-Tͪ]7rE!Y[!'Ldv ӛ"Իr#L;8= )L82yݼ-?wERٲFĐo0v k3+ym"5/ ^[0(7*;{ yT[X:]Eq;.4,z@4kYnZPn vgF\M lt#>b*S'& ?T%XVo wA\g9 $+]SAo> {O-):HCG] pB3J(~* c7nv<<#&yj'aĠ ǿX +-4q8(͆htt@>V9&Wav|M+~f*\T n 懈JϨ}{}f!$AnfXnOY:'>3պl Aـ :n' $=(@a+P2am }xWT~#@ND8')6o tߠ7ҊdJ+pv6u̴ ,LpŬ߫Ԧ]Ulߖwk7@D@nNr:>Q=~5\|x l=UkKG9]LRt;2܋[Y~xD *D..¶gPcɪkI4 ]{nĀ*]ctF{;a._«LooO]=0;m! wpR sk\fHZ5=Fzf{}9>=:P's7E~?dLT8TP1geo(sel-2yE M{bؖ^<`,~ 9X+rjZ@'(_fK$kjߟc@Ӑl̺ycJqm"t%&<"·ytH8f)/9)b hʒT6m m wLuBL#Qu6,2n0n<„)eO4?LN aC=K~ヘ"iQ+ILR,,0$EzGw+UHuH -&9^T5'&?-NH,;`N"FDQ8ٜVfHZC]cM)-'hjɒߝǯ=9U@?*1,]7mnYT8Oҹ@[}qz?֝'ۆt[#!mzQ~u= MPުHr˾nL6ק.Qw x樂g+aLJ A7l@6msu#7FzSxX:7[ѢLֹPVy>XX'E\ɯP -v^ClTSrR9]b.=܅pۢ?߀ҋ嶔b#Bܚ%Ź1 ::H҈{ Q/I_2):L)B!\P~(:⼁&Q@p : ̒M!(wT׎Kzͱ6v(c$LZ-Dk//aS誄bǓ4A[r䌨~iu6CsRyYYq]G' .0/ibz!!Nzl`#Caבk\94/'^rgEd{FLq,3ʎg3[_̾($|DeVF({ ; `Cb1-&`V0+ ISUxC!X.Q8g]:m֊퐑}u"GcbHNg֩TJ?ɐb@J?7T'yo!"V]kp@> N^]">nrW]gQ2 zgt-1X],q?(Iʍo>^ SdiciA1CQxAV, +(X5w6WaDjOFXZN>0/"F'L1e Ʊ'Ƭ:/t!bG|a8RN.ެl['+|)oLcXC=aKlI\[^_Hf2gY0p)c*n ]aQlSel2q̟fM.2ykpF'h?fEpgqޚe1)* -&L{qwqGX;kƃL[12ʲ0e|H-[r|g3$2<& HJn,ۮ͆zW3Ӗ=C) <$_`@ZP;M y8jU亦N܎0  "-} 4U v4vl$6d >Up`H|W|N@ Hy>wGq-uvmFs&,\q )-վ ÁcF).rxZQkRh7yR~səl^c  ޥ<)/l~l OwLJ*ei] T8eH$ Nъj-'O缊ƒPA^t]oJuσu݀;|dds3^`d|2gie(Є|gLzLWki!%i>-f>QowLFj:3lM>?c744*$R?q$s:~#+(X 15`~BY *aiw:#y]{Q|k8ݠ#L]cz*lB[__Q;axyډS#%=ȆAX$RqѺc qSLYC34gquYm^AOV`Ri1hÇ8T0ER7C޸#˥CZ+gE63Mם@IC̵(t#n5l;D̼Y իNZ7ϻA2[KAӋ |ww9NꯋbX zh]snνgR3^ hjfp1Og<\N삔u5-U|IV?yPqN )3'y4D},ѣVZ}"|}ߋ; 埪&LS]|pM8HYtgZc>Z񓼣슧xQ/e4 0'$Q1R1X0%a']WΗ_wkG- ";x<‰96^>NH~5oym`a{r"!O?6J\+>n5%-&+Ka&i5%qBlrkr~2nmD2%ۮ>r3U#^\/HpkmkR_`;7ȢO(#C5% -Ѡk:+CtՆNĂsI;}Nӊ.vhEaM(YޜHO\?_S}IlÙ!gjITD/fV0wyxS:gw? i %Ţ{6JdT,'RhZlPp_05gt)0]kȄܜeЗ=j~x-.?@Pp $#űEgn w@=}/>?on#9k {>@ܯTAWtvTҼE_+}WȏWOJCй]od{gs)CUeyh*ԝ%s$ !Fc/Bel ~&ϴ6Xe*mS1@ggѼJMXO̩'F6I݂hLw^H7wێI/wBqxa0ȄBogog"Z :稌\;A|帊W09Y@qoB,=m@jk:nEv͵Gbs%e5ZO-UtW n.})sxȕkj>oy⚈}M ".d)XN;RM/:Ɇ2өdG.R}[V _B휗WeDmo??\j?Tk}llj8h3n9e@I @Z2;B1yu9u'  %\p{$6FY= :μVaBRRC&:&Xb`Ar(4O3l4+oaQ#T.ɮ"F2;6 {t4R@p5 Y 8؎yE>iy:K^Lao릣6T}Qc]^>;) r#Z#DFv%aȳ%[Ndzo耴Wk9fm2ic}p{Ky ~-{[B,aAOL8^vvU` ~쨾@w H柭dQ!m;d.q HoK&"":X<SK48S*D]țzi.f1e+q4? \mv[@!gzxVZNK$Ņ^u͸R@U/o .tJ9|,Of\U{=j,-Hb)D2\.Ri^OKʢxBw 1 :=:Mzq&ý]m C>l?0Jb:Z<> D1*fIџ5P~ǛzMZuITOHۛiNB&2QE ZKYGӃ+o-&9?]%EopH׻5Gx?VҋSճRu3d7ɱF{N! xw}O0H|lNB[zشE[ej5 7ȡT~-(Tu)6wNdGW3'9u\k+L&s%G։^sMڗaQzC (\`;wy&Z?/s5kEj×A@'NUF@MhBԎ AdNOd[ 3KTSv./GY5oC|̕nKRa}kh&ekrFj2"6ءXuV}Dͩ"BZKp Vva%;nan$zB6#Pp/qAjR :#l6uͭ qsW ΈSQ4wv0}^T=@]dٛ faH7oݲ98SQ&+;#^ADB2v Dha֝1'mϪ]iz)9- pP۵ )myw3 7+]Ln~W7 C GȆ;̡M$|ED$V.r;(}f7I h%q4$0*~ uz1U: /2'0.h?H.b&#^VEn0d,D+퍙.v㾐mҞq4n̜˚{tzKSWd ?,a8ο@oK.j.ٗev!ǚ</5Dߩ8OJ3iŪz(fDjAPH@ɨƔjFؙ$~4eÂw~amrBVٯ:pQֹ.Fh3uiKB5Ƨz⟮yMf% Og01mVJhB 8bA5[C R`)`77Ču$ZA\LssR1DvPGZ&_q;hF>;6{-Y8#LZI>t%J F:0!sޯ_={rJ欲Fra9Um/ؘ"h֓\-X `(V+V$}-XS!{f(ʨ#uu,"ʃGPQoJ NM&cS>'/\ ̊ca0Ul0#Y /L Z#ј>sD逈6Ij:C:d'ғJÕM%{ۣ&37AbaEt1C6 ޶cIkh-{i_?L7 Xbzy00Q&!imVuC_MCWt0aIǥxL} b8t$` SӒGn}?dL"P6Lo"nRwqv9'\*jn!\;kU)&j aۉ{]QMKeyAfojPK;$,} yw<@+~z9^;Rv-4C#.\D&*!tRy&ga7˴d͌Ӭ[+]%dًe춗 mA;1Y,y >$yə;An٩^y`HF%v({ߕWy %f)u/D`Zt*bZD5gas6f0A,QOZ3cX!Ma;Eր>Q{=pܘ>T.+g'NHDm8>w.zV^|adK/3r/ȯu^s?h.7,0Ǖ*՚!]ƀ@#ڢn]^^Gk (`kϫ xp$e,9&EȄ m\"tDG9F[l^ kcۭLn@3_SUH-elF*~2+3l`y3Ď/s!<FZ5=+1E 56CٮdfрB5} 7삖$JYNv+wqLED9M$t^Ϸk0NVR X0φGXw=b3#@B.W [v1*1@毌p}e!G })Ň椫Q"im w{uszײWl2EKoӏY*k~c ̎Xy2PYfP2d&іF~NG#dcŇ3f,Ұf~p $îKI|ZMG)q X$ 5k\q(2tBdߦ\3Lk /o X27{>eC[_͈W0)cC*}jn p ByY{D0Ω~ -'͙0&m,fR]բ,>3VW#p\J6FjhIaVL5/3zj" L'TW_t` ]!%֗޾,h,.j:} P,|ugI%#SOVX3WJitrcN O H`w*CkŇG- Zb/[Q:o}gqJdi`7U)lhFߗg}rU5mwsܤsT+r.y$ 66kOrh}H 1ٯ#k28* *%*ΥALN/0K">\0R!5%wSAJw/+<(ag.vSGШ f,5]:d]zHbZDUאbi0$Lt5cyr/e}P 2 a_d!a \= /Zagp0~oΗܗa榘^}]Կ\YtH!~i8t~"qf]^ȳQ|fHWzZ;H;aڴ.l_w|#w޶sh5Ms5B%gJ bo%`>VkSu=I+mۤby™\t. TXN>7 $,m𡌵x Īt٪DQ^\L8>m޹kJ% o#Yt|`؝/zުh/K0[= e;,ʲ3̎9q9A^L Sw-wT@CԴ ydǹ?[TQ m쿥Z MS\R(LJ*Mh7 O+8 ngΉq’ҞXfۯ4-LH?w.+b倛wigqPJЂ{fLj#$.ɹ0˯fs7< T  OVw0VmB:p\_CP%$ug@Bt2.tk&A@֟#C7t iuFY{!hw\m7BRlb/ijD1%vM4JzرT-ΠKyF2e#F|&Jj\2Q. TPvePjW?NN{~`Q٬R ~*o#_T8~ibr%C*%/q#8nq8a¤S ^ %u5y|~lK/4Օ7MGh3s8cNHK`N?_AgCm'n@-u8J|?o @%owqE#noUAV)ýZ424 G}"0js̐Tkj0( s;J/qbj䪠=j a,_P) Zd$'cI4F}6$ebOCܾ&^೓ctoc._EX"j~c}Z5,"-wpOeo7=fL ¦ +J G;鹏Ô L-3^rF(3`_i@-7z@ax{2;+gUfGlp%=+ OS*@0=CiT\/;ȥaKVp>/1 إ&MYTM q7"e:`jW&Zb{fBNt[{D.h,0w=.*Y| !Jdw3g7=n |=EP*`-V+t^nB$,A/r&ƔƏ7>efE821^0' k(/u{Wy7v\_×Ň*Kvy_f_dkk|lQHGsTR'  ~Opr!@=i Y}e-Z"}&ƍ7oM-UOffp EvD&Yftf olrG<&`GRQpI%qB ?e8sꭼo1jifZ5 MXZ; c?1ȏ q ~lryqo,(.E3 09.o}տC,-5EsCx]G>J~C?| ܊4D "zugvnfK U [HuKi(euT+t 4)CniO7<2O(1@OX ]X:WtWz,iłOCpf 1Cs9 V 9Q* l-g d%67nw.l+{d/*s?:o7Y!R evs1V_bǯ~%5.CVIIsM3熋A#<G1M=,IvQU=/Q{6G^Ih$ge{}(J CBsTdnlUUڛ#|m/#6_PWDž6woP_%vm?1o3)Q]Ke/3}$J2g{h%EHi*p1+ɩ'.W˹e{2ꞅ9RT@׶钥X'/ϰG:nE~s t NDL4oCkeBؒ8JJTJl(`ݠg*R݌>eX_"fCV,mKs5 ~ؤ&5&}wF$6pyO*M[,iOuиkt~< C1d!DUOy >5.C5G"UNÕ2C7͞#4yjis;_OƯ^skl6oDt_ގn5&sAͣСL6=-| Gbm uK8?@GJ c8m$StȐtrO}}x-Z~N9V1@g"PĉñXNC16|.Nelzm(=E;bm }zR[M+1>zg`<[U 6 OyW]qyor_`ݢk<ePvK Ro,¯Mfg(a`$x| kѱxym#ZR+K.c:qo qm^o/Bz,|i@ 0Gsu:'6Å6[˹` g"v;Px7Fʀc7`aq$*_d{dGMdAs  Gc!-|^4Q79znB/WUq(bG'8(%,SbzɪÑ.G z t;sI9#RwoN:[Do$DC)0v)080PYHC,z = ̂F z3A\*x)ׄf 3Y!~X؏+ ]eU&_ir +Nkdʫ mnvX-gWńAbGQE{0QB@13LnO}#t@4F![(#Ÿ [t/$5*"B[~4)bޣD#qI:6/z~|vmW \BS}df+B*}4$i s$s{*(FT?AxA݌- 4c$s[xIH2BkS ! Jp.ݛ.G&\`݌5m5/==~%<VLK#&jE4\svw&Wނd)-}h"%wr.BSq̠BRM><ܯ*9$p&0Y{\`YhYh: $?rw3{ZNL^vILmݮq5 oFOQ=%"246u2dƻp]@B~[5qx^}fF'cFnFl>"M,G03']Qw@+ggA>t\>\y9p؋L{!fe0`0MLaQ|"$;j i}Lj[^𴘤(neI"&lYJ:@r~`$$y" l3.&$zb}UF?/DKʝlJ&#>qDb?xxN.=`[JY%փ"qm ㇧b [0 ᷽+YGRvyüXާLr*HF.WRoK>K:XcX*w.|NEqے'}ʐyG #UA6n;./_@vގ Quu^pY0+q?jV zHkdAӕXǰZ{ފn]yVǑi(M/!rJ:1О֐(oJY-d9-@~=|N, ճ -FEL_Qw8JT啽1(hbO"Z~W)b5bt >"U}.٣\f.Vjޕh V=>=&*m15tW%\'`RCL'OoQX^sb˙>"+H[aS}ሎh}&罨h%cOmS- ;L$RD%,<a}*ni~~10k;dXBfDlP[08&&on4\]8-9^JjXaiHaC~|lmԢhKDz]Y_sk}6ZMh^('&%eGU/$X:ԑnq<&|l}r_}φA64L@Cft6p`@K<@2I8 y~C :a`9YQ&ChUq̈F3k|z&RD7vfb &'"A ܄S+b79D&Ma71(2 N9xcg),#ԗ}"SD@RS8MwWݒP]us b``DSmBkƤЁ ` %UWa6 m;T,t6'M#\<5ޥkHՏM [1~u(rOa|pXJ9ixp@eu eV;c9V(RYyXhTVS7Es e56TAbNJqpWT}kYɨ[Ŧz9.*Sz"YQ)h.#uC)1Ug EXƔ3ro>].>aJ`; n<DtSЅqVn,U &5x&9HlZ0el0 A^7@z~O +8 @¨,]ܜƒ jK.w-%󎯰ro-,2} ۙSc28J&GGaIhMW{jZfU.h3$Ng7d9R1E1֪[_U5z'cL=ׂ{ ۩ๅ`DFgg IC$$?bol2[3].GXx{h;7/4v|naz+i+g{šf ]$%JA r7ƛT W LjyB\2 ʖe5;Pk=m2-BιsڋMbUlk 0u\7j{w;[@6V$08K*~,݅i/4F**ۃkJ:Ho HX( ?O_CL1]#<[`?:I .UW{V xQLWmJ[k *\]8f*ƭ{PW0ً F YAǬ~'pD10,s)˴I5t*U0K L {8/S?؏' l(mVۘ+p3\cJhU ,(;M#Ebe4s~G}+ .m\{N ,6kmFl'Ѩl5xSb)D5C<ƛJ7C}9/McZZfـO|&d,(1'vڥᔍ[ej UH)rvj `۷K>.AZܱ`N C:IWB,Qߞz}<zx` N{Ĝ ZݬV`jF>D<ZpVI3$w!LU|^J΄6KvjxdfV'eC`vO?)=eȅFꏅfuH_ HAbnF^>l F gVh~6KΠvihg%,TIPcE[n"|07FanΔԥN>F| +mxs|Wh|TftapM YQw=dQ^g[?'5 S3A$ 饾RՀ|#y("EYM,hݼLzXIpXttXQ <)'=:aL]G3S7}9#U@1;jM`řR@{ $`8!w?\UfR񷣢 lm n^2XUZRՃ]3( ?jhPHvB!U9%FDfm\PǀDYi\E'2Tb!X%9l]xC/Mֳne4^q(ڥ oYw.V[hpAI_ϟ|u*ZANЛ*8eVia;ޢB$ŝ AEJȩ꼷8=mbr+-[_dlsପA:dgFT3J$0%1CU|D]+髉843CmkY갪68?Y d{)+1Ck`Ae׼$oV x, pJ-$CG;\\@;x{{[,m%|f>OV{b>'u3Z83Ucɧ}CSn΍.(<48 ma\ziФ.EOo#a*Iݞ{N)\Mud/;kSRzj ԅ\wOQx*sU#* oUx رeɱ*Uzo]7 @Հ| \AOO}誉W4AP0=i*; v/鉎aIQX XZ7E^9CfļW\/AHۏZܿk-L5a#{ ,`bfmbS>opo_iO+*eR~[(]EF L0qu!jjAl%GFИՑ9&rfwoUq',vh#vk;kQF$HmPX%ƿCܿϼ`n2.kVCDt;0g+݌YC՚fFݱ ,C|n֤(yƩF\{u,C ($"&ӛ#OVGr!vn*g{9t[B؎0WU,JsX}uXgLX**j)d|NF]4eIh?Ma^1=5[r JYۜ+o=%O7l*`kpvT+F8륝kᙥ3޵;wK j28MDm)Lh'&BNc> nz-i*'lEZŐKpue%T-^Goy5MklDgfk2/Mk٣mՍ#1Nmߎ~LylKK=tZ寢yqjqPٛM#P9WGёo]xc~O_K~i} Ycc^t4fw?ȜTpz<k)6Gkm.EnRŨT =-ƞqߕLV c'n⽸RAЄk YP(rw*Jmg2W[|a H ArCr}GX&C2LAy%JQ=/IGC,|w@M+uD}녳*@P;;ɷi/ò7χEoHp|󤯻[l9t|U3\7-@@tīO,;5z$}vVy?تW3feY'f핌?/a+|5K^~VMCR/WǠaL$V į$+|0^d@C6/vtv|d/OJ1ɺhE;&S(Bo# 9J@w@ښ|KEmL@_γts|wen B| 5kolIkG1kb120l gh8MqC@KSA5V*L뾜 l,HL ~iBwy~,@>9)]dII-SL/p]BhָIWIu3etTXvLuǮ±[CP =!cyCĂ4Q*)xV1Yk1)zv_o(5yWPEj0H&ƅ7V.,Sb \8Pqk>v7 ڈ> 4iߍVj@XTe>IxEX9;f#06K)p\+ S\?(svdXB"&GC /s+rmxAB,MٯlGCu4puN ;72ș $_ ~%A|*VNU&)́)YUK5x|iTz2lPaAy( 1nLHFn)忝5⇸@W8;xp!$@z4r=kwv%0vVޢG:{W܄S *7Kݗ=Tp?h*7x89d?d8]lU |"|f= NcމQ\_9UM1(ʭ@3!#V3SjH}U?ܖ؜^eߥdGnh}NJ0uؼI&og}Ox7/=v"džz=)**S)HVS 8{/wXI;7[2XMSx hSxUfd[a\ /ÎH^T)Ul$ܳ#mPs[<߉1k=7]KtF*@b}6Tˊ*9H =k|PhrSOr23|a3Wn|Cne\Uuܟ6Ot:N5M%F q{X+]D"sEQIȕDѸ~N &s&XͭuM<坶%K]2{uB%0 Wu9vyZq$)\B!Ѷ&pv0t|Ԭ}vpF PT7×qP ,9DCƫOVh5Em+߬o9+QFT.C3![aWy2U5eWMAjVGя,6F=2/z-0K2yfne>m {Ҷ]`90YdL9.;Hf)fS H{ؼrt^5PEhI떦*_Fғehr oHH1җd~ݚ؅mgk%%í:yKazTlcoS3d|L˲Vy(w_j湛 Mv̰2` ﰣQ$ﵹh=۟w9<֬Hioc~^ Pbp s(=6zsN OJQGY,@}.Bz\~yooD>?nQA&HF=!>٤9eKG&W5gmE kGCEǃ鮢LgB-+k <߾ea1}mPz_U`g)zV3۬1܁CR4't Xܽs~WyMi4M  r6 Lǫ9I'DPC2K{y*>6"b\aPS SHa'Oe#8LX!Aj G8od47?T^Kϖ3D ^п .E9^B`ٮ9T`v 1azdW쇠L0KԞ'ՋY'fsd7O9#5YUc)␃B % `xi RtZ~#9cG a X/˅g*tx ӽͱBSg?n2\Zv1/UK>K/<(yޡ _g_z\Ncq!rL;0c?!o'WAkMdqԶ a9:ic"VVXF8\宄f'o0^=ܿ7Ni~ 3j[בroQ Ueύh . EJe;r5 VA6Gz[g} OBB10$vv賚?,:!N[՞)Ldznh >Ā)1Xg;2J: X~B礃rA+WI(֙PϠSTd6=t<'/†fTs睷ڰ." m-&+ IdT09W-%2˰ty*͸W؁I\;v7)mo9ⷋT4٧b5{! wa+ 6#Nڸo"pG(;1{v(}H`|*MI3$r>t[%w;&k}29k2 Uxwن2bX2,Pm8!CyJj9YY]8MX{q8SV=52\>S,Z|mTuv-i? v>N,s(^gX@'IJQ]L57qGNfku|, R;hPw"l/Wxe^ޜCN~./yrT,( ½P 2p:@m/CĴh5 _Y,vH]A8>qΒ}Dfչ 7At\9.u6WQxJ/ w)Af\% >5itQ@7Bd=h>"OSu-؅wU` ^+m$}45C쬈oLٛЁUyicv{>I T h#CvWb½+#u|wfXt^@RGmy'`Wb$[>~e|a3SWK1ql>ApteSL$ꉄ!w~G-*w@"P߮}I],* s ^Ўv:]0ȯ"?)Yŧ͜Z MZ|#I=⽺d!KHaqJSr@|s+ҹYw;/0(nOu[iWY̗^_[b^,lזwTic]eRYR>į*HOd~&l.wȀwo+6z !:6Vx2B&)'zZ_,E!'t}bRL>Y9S:b_3݁JS!c_i3 rXa)Je7>~\Wh'jHE -d{>=7f7z9ٲSDlW8dֶ2 A1,BD `<`pFә<\Bxl'KRt۾SXE4Gv#uO3^;z#3R|}(UL҂9 ѵ#,DO*iєN|'KQ8o8.*X} 8rq˖% 3a@(l],i5l[lA0c+RШRոsnh)=lņ9&8n8yiyP{CF?s ,΂JmO,ngtf`Wk\5ɮ l[]gޙ:% %Q5 zy!6|+JBu,/[?|GahifhVMU~] j66<FA4ars+_(D@O= ;xޛvM>6z'7 Y'фD+a]IXbɞ^;}$M7KÂu 8E4KQrE'V.dd׫Q=@q,CVw'/U(m:`C ,+[F 1{,8Dq]gcÐ82qHavO\j ,aK08BU)5){88;YyB0?wwyqɷZ׹)#TD[**MLMd/a'-&gѪe&{[cgȠKkv!GBY_J]en M!Ǖ z[@yoW,' lJab 4 o1NnY^K՗-U bZ($Ie떸j@Pv^^W& j{[TAv{^3Fw֘豶4 ?jo%9}1U_iWafGXR 46Q)Gk\Zh(A} BLxQ m΢_z4&(f3Z10rVFm"Q&ΧƮ* vr09Q`whmy?d Oo\7R b>P C^u{vJgS۽ҽSX9(XmƼKr鳩R:iv)M0V 'wg_i]".aOm*:+lVxڕgXH7uI Oة.2:?ty I(dZ I)R,\d+=t%O/ ofrj  8kZߠXfs洢.ntSQRXАݯ+-c$Egm*" ?llp6\Ѯ( IGt@vm8~⁹˘tRoE?vhbť\Z\z;{`5rWoH/)Q|pԥ|Q/Bh%.O5uhnX{; ɐD'aJ2xa ߀#w_Sp0Z ;L^栦uӢ`280ύn#(iong QF9ep6Sum| @Q=vt"sȹ\'ߙfָR(vZw1b+y+U`ZINԇv[Su  }tY&@-ZةBߜ=3 nĕ{ i*[Y)fa~)r̍}̓CZڎz]&qbHLLm|iDFp%A|>|')FϺ?ƴSuA v 4v-#LńK$Sb@r۞Y>#Mɠ~Щ؄$2o̫™Ow O<).u/*# [(_;Yeq敲@-6$xOAvFoOT%?C=G&ci=;3Y@l&Nq-96?W+r,BV(|1l|l +9E:[H{P>Q~m~%8b_@݂_%7g .&e ^ !ȷb;b=ok+_tbn`O\.r}^uDcѭTJ}CQ0p{qŸ!^LGqKz5q97b՗8u~(at CftF;^uN QD̙ Ryr(Z1Hosj`vcV$9}[-D߂?{ O:hjSo%_~PʖV4lD\bmr!$mml@#nx//1+Lmr;d睽AsNx#Ht#W7_]u_Ǫ<ߤ-yk k;(Z_w>!\e0Pרu-nskg*VOÓQK3f6s D>}Oݾ~ym{5? c|pz2~2}~Q?Y+A!9Cfi]m[c$:=캟&' lm2%5곧ڴ J ̶;%H<,Y#gxnYkU1W`P9&n9jDp(j.29D"&cC |^9% \}\Ud\,}aѨA5172.`gl: ( <9@:p1μN*q36O3vbpc/dV& Z[ ] ]R64NiBR !~N Tjxgiiq60sŋvXuOoCgGT{ɪ%n"H؏>@K5@ipv=_-Q˪ɭFuEDh.E2$Kr}331֗"4Xc|6+H~P';IɊrN ׀}nϡ sxWMbXEՌio >|ܒ"c.&!э僬p]jA5[qЗ"Ұ cB|N *+NGH!/6 wKJdűtƦW3[rIR0^A~* 58nj׶+aT6'1Aͼř^t2@i4a7t-n>Mi;.Y܎N.UUhrJSR8ֺ)wzXUM٢ʲn5VPqy:8VP)"B`녓Q0|vxf⸶*$E gaޡN:Sv@}<<5NH{Suyy% */n!aj(^\j4^zwkwL@V2+\PxtO2(Nt%Ժ u 1raG$}к31#k h  3m2:xo$&6I ?I6|[ZO<6ܚ&S0ۃaAƐ].d֦.FL;+׾EIu C <^!:ԥulkPD1eZkJ03&cE4OߓnԷ%PZ u$=/94YQ!GN0˵]YP3q~y6AWT^Kc 9շB":)n7l֔2rk-w#ʮZ#ڑыH&)UǕapPq-!+-1>5wyrQ裯ɧǤ =uW;+c~8mC!aOZYs@"DN 6C}=hs21|y6{[O)QaKVd3A0֖:?ӝo!ZhdYltQ]EӦFm~7O˾k[OoB-¿|qe\%ÐH1 P73262W_ߍrM}l997N`#s@?64 7Gd/P}ɿQ\iQ7!Leh4x4yIgbTįoژ4S1S7!wq&KW'1^c zRtIyH'(=i:VT4`~Q MWؓt!i_؛L&).:/Haؗ ?wA1̷pVgW?.y !Y,[|àILz z*#'^fj~P4 ʟDp>(xXk`ck3H0}ϲy*M A/gaz)jZ]N4' R0!JJ8bŮ|4ۤKʧ!:,MM7E͔UԔD7fx":3 mWwmh#BX5i\{O7Xn/즲W;8E)qtT\c&][R ׫'ŷRmȐ&-KWGu uЄ@E3%Ѿku; P}pG+JN9 1j1.>Y Okc/z?m~F,2'MEhN&<6Zq^!Nlj@y`-OnoQpR"<1رSMAm0H1ߗwVq}0~3u\ T.`|mY%*9?Bѻ)tQGJ<},7/ݭ?aBզwQ)$Bi>t8$I_f,Ocu|^M zch>ewJbr(l`,`u4DY&=yre v {ޖZ#C2y;%n~2V}XOSv}bS͛s%]%B𔑍-WȽz%)Na4c`@HV[O5>ًu ZȚ$<XRҗSN[-$]MRg ↽l|S\_pu/Xuon$0;Ȏ̡`R_co2BdOmȋuVM,FI~\ )#MGIUHgU448 AvBr -MA+t"KEuy{%UU+S$Χ[,q(7'|"_ÓaeΟmUu^A8!H_o1r(vsZ?H#7m#$evI8jE`[HcEP3V15U#} ܁  'Ѓ$-tfLϜJRMHqg"8 aY?͙lPR̤-yasj]™v.`](Ǟ)k5nJI0A6{U!,Ii#zIZ;b!ԟEhOã7J;ME |ɴdv̌?߄VULrS+f lR Ж q8+Ȉw"`3qwH=UCΓ'N8x1%ulwZ^@< GRF4>,1Z!& 㭵Hs$>T UlW}!gYOwG74{>_a+pAZJ_@XĶ\e9 RBχuN}돒R&? wRm몤G}m`F*߸ݒ%ԈB s-6uDMgn\gK83s8g|\BSġuN d&ȶx 0lM%}dʝLFXՆYth[$ߺSЛN;80ύncrN&jD׶bgK%QTᵖ6|Fe_"5˒ DU'ܟ^zMXB! g->2ՑHP#i JWKZ.u?慗FG3| J}ʡ?O6!tpq"Ijk"dm*AY/{x, )K5kusSvk"`ު@P"mD,\j3C <=>ͤlO7䗣褓XpC9wIۻL<'+߹kN*GǃdWy 3x6xI#`y>Jσt+Z:݆><~>z#'krOԬ sZ/RX~U;aiYa$QG'CC 7{^)\vq#`m ƤN`H_vSzVj5DpV٫@8]2'bKW* B,ҎHˈ ѵF;Tj/ȁq':8UeYhpoPI`: \ℽ09ƝX529v ]_#(]lhp`<bB=K K$uQmV5Y={\կj9`FDIrT4;*|Sqr+v/;KXOU Sut\r'Y<6.YG3/Ɨ<3y.>d2op MHd \Y;=(P׺ٸ stPp,S06ۄ~KZ*e)H:nnf;·ӺI-%NTyOՀ'+P{jUf5˽[xf7%.~v18d2{&zhm"wбs@հΔofq,EKlrdʌLWgҰf` Ehߨj z@sf#1>#U3ɩZm 1:[oqMc:$콄p"@R4@ϥqggAL4ICkZˊgg)Lqׯ dRPz̙-&6O_HERr{Y1/(:lL"]z6VZOwF%y\g[u UH5L ˴u @l}0RRf܄o&:2\a{GUo?ܣ$4'jPK9q0Aڧ]b3z!ɅmB:VR](WL $R) G *\.q'.;D3Gݑ>UtH5(f McOD pe>2'";;~ڌKS5(mohaFx#m' @|ϛEԾ鳵ElrvWRC~8 pM MW)yh7(\ԕ6-VjE:^:SR\0a|EhRmNԃU\.:M@j[Fx>8{ GubT;FVvD_@[C;xu"7hΨ)Q聦;hS@XGy66}޿V1ě~^oR Fl[Bţ/04zMCt{K)AȮS9e3POD}i,6 U6\㡔D|Ydut)H$6"l3lV7R3E|C() JuͅD6|$_hkou ҃SOT[?^,O1B~`K- zyؖUOyZTUՔ+L^;\5'NjhAO} ~eq/接&zm+'tH`~+ |{2 W[5**I?Gcu/n;GٴR(Cys6eS\،0F]ʂI6@z|f`w,΁"Չ@鈳/KuҋB-oQ<'6Yc!ė%Reg@̱ό+XOK؎k9]|4 RUe0Z)XާtQeQk=ûS?n+@0Ow دQ096Sс_mMI&&dw$ZZ~ 7,*y{=^a7[n>c/ /A n~Re/q>֪[[srZ>kb@E=9k,b 6]`-ݍd*z;<)57#0s]]M]|n<}ݑI ĉVS],}h;kA"SV5C=q)@޳LPI$Ӛm3ZcC'm@Ȫ8yZHDѽu7RёѣEDI8{Ct$IL#x4Jvn(ZY4A,KU2B/,NUQJA ޾s!}y .EΗ~!,'R#s^kgwwb\P,0|l( 6I6^;s;Xgqp7\\KAH^-pN%G{{C-zb*JPnt'㊟QlwEU}U\ Lң;w^"ڙu8 7rg3a(OM%w A]* hnE Q^qT3V!%rw_Hΐ|Ps:_%qfESf$[_5IHj/t_##=6y/{lҙ?uaΰ[ij_80]h;F :{ |/7brC{<ūAG1 ,jp+Vup39_P%٥m,!χSUSy몫R#"v6@c$C3T*Ꮇ=A5^sg3JkPe\%We{Cee 6%-0[@=K[?B¶%T=U/8dXnhb@jj!I_+4}L\ؘR9ݣO]Nk鲘J ޭ9Vjձh_T:yU80>`\x~Aq݇BN'3+~R~NOy{NcC F>SqK@<ɡK|dGf+{a(<| ူgA .|E"nJ vk] pލzGQ``:,:TD̔de.{ad/%==ex/g<%1^hهaFR`_+ r3bV f^I  Kal }Io'ɶ//^Khл) iuj0:3Y8{Rz/܉#^؍g*/K80Ի@SPic=[Ig()~T/AMV^ R,}@6  |ۑ3"p惩'x;m~'[m$VEJVHy1pR>Ps*@x7zWgL" Y&$x 碡Fd$M=Ϟ2fwZ$$h0~IA X ɢ5[)L e CW1=qu\zog@;:y <WU=c6/] x!'iI>7jތ;19J/aEL<;x_TDڛ6ͺHh':ճF |?z56[󠯱&PvLjF|?Xa+$n9 25!ZiY˺XhyZRzSvs[0iQx]&Nm8ȉ;3:D6,j.'i_abZoSRekL\MC{ P:"4|ABji>ZKe*6/8G>OC'۔/:vD܋Fqk#JKDN5ԅ䶚ET]HyȍXYhqip<\HU/C IMݚ?;d,ۡvJ*py ^sNk(WYOhklC) Wʲ5xݒ_jp!k'2)$4oWrgbDHg9qTVH&:MC*>تfe?-]s!nĐr6\|ߑ7Nld9O8!38+_6N 1BXFwymSOmZYPi9*X~$(65<\ oXn~aL`z*/EZyBGm]%ď/9$ ,#Wf&@u\OA+*r)oP#0 ?g#,@ŃKMH%<¨F3 )%M}γUJhN++h\X~qPߊZ0:,"@z=PA#MEIDK"#ڧ W˜>wtE«RDHTVFD.#xGU&V^ԴPn2d1 Sw:uMw?ʏmͰ] v)CdM06@ K|E,ʖlxif"éK8Q{ŨѺgɜMecQ\$pXK"u=zG!3Q GR)K=#&bw[uEcv՞dt Q! ?|o{`=ҷ&9aWSl5\sTKb[l7VkwNBo1)e&k  Ukcu@ďʥI xs^oƮ5; 4HiO@OW_Ybִ}K0H4Qw:CtM$I~*B=)|T_ +Wak䎊Mv>h-xŻ.Hup[Yi  Jsd Ux.'뎯XowT|k16S/, *.a-/Gxث9}uÏ͡~'g+ˤFSʟpoN,nP=t5bw0I|ގPVkCw6jA$\ƿ<23{ey:Za`(p$-,'n.loub ]^5p32inPZcQ"a3Q[` 09w8[֔Lix}32ZxX;{E[SMZg ,aOkH$< []~+ *09C`ct'e.ő{JUP3ǖWu H<9%lkWRE8ŘD; nhNO85zX;r%(,tS&e;3q1m*SɿC*t~Í)Зnrbl=z*A8GG6;"4uB]c=9 s _`Y7\5w\̀Xv\ZPC>MWjR?6`c