sssd-client-2.9.1-2.el8 0>0  H2.x.|.00d U]h ne3 K@'CҊڧ 1e+􆈳}c}<6&vpKɳQx&xYEBp}7j =7Z[Ce Xl}SJOwȶ}@$X6i'VCIuWM}l\Ǒa |esV>sM'?4е+=4ğ_gCx\%/x#3[O^0؆?&T1;t'Szs_ɉ'N~ib䟩=nC(q PfK79_7^[mv\ڶC[L,q2pvB˲&PLסwf$N{WP-w}B@pI8pUvB;r9{:k瞖8k $c~Ŏӽ'eaݝC^bZw9˪؛m"2LQʊgP&v\*כ Ҵ);).A'?00a58a081ffb97aff6d2697d9e5aab9952ce3bdb2a0080308a425d8f00a11922a9cf460556c54e37d022d06f7b8710b99c0ed0090302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f2543a31d2af7a4bd5c8b487caa42696ab92164ea9d85e456195e8e69c9841027d943b787be5b5ff14bd63c165bf710023100b932947c6b4f35475cf2091ff552e0fbc1b2353f9dde7b838cf7d5225cde6c775477469e980e39bf578e230ffcf258e00302047c435bb50067306502300fd189a33d2f96578b3634dec05615f33925b365fd8326cb9b2a6d6b6d97b9dedd60f156d73449ab8f33e2e8edfc69b6023100afe3d750254aa5350aa576c8d36b865767b037ebcee3d08e4f7033ed43d0ceed11a2c254e41f268de67b701dd64296560302047c435bb500663064023058dfba55dc8e805cc81037ab99feed5ed3f25b3ecb402514a5d5e45997d96e1de4a0ec7bce354aa18223c3f0dd91f9b902301e33f40f8730990f3a9237c0959802411153d57b2e11a748c2b70e33f1e0f59a5af47333fe9fa54e193f2e86064fc1f80302047c435bb500673065023100f7e599f508290179935953d297b8016560e05aa3b5388616b4b0789b651f2941b6b1f8e2c585d9ba7dc98aba8371810e0230521ced5efed196e37d5549b8252263dc650a23f1a192c524e1e788e53ef8271c4500881b25a9ebc8ccbe32b1f5dd546e0302047c435bb50066306402305f0bc0be0451fa0a62e8cbde682ea47f8ba62ed1c1974371d5dfc94f55f9f61a44cd5a69f8d5a587c913877e1b7f477d0230407981ebf3f56c9e31fb70c18937c0df96f39db0f4094781a081161f59f7947a0232953f9d322a17f196f0d4f84f15c80302047c435bb5006730650230541af24a4721c64cd356433e190b6ab69b161d7ad72255fa5d105a3c81f3d91d5241591f909dd5638b011ec19d774090023100fb67a5f314f4f758dc746d9eb5d3f81d48367f398bae885a21be43f64ead89138dfbdf23a04ed654f6500ad794166a3a0302047c435bb500673065023005da23473bc10f07fdaf9fac71e522ea81f7005007daba7f2ed2f947c3edcd6f1cec7ce844798ea79c9049ae7442afd5023100893dfb8f5f287d09b5c27099b4c62c0ef5b6183c8bb1ce19d9edaa397a9072c11deaccbbe6830517e8506856564aefb70302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb500673065023100ffd9569ad7dc59a8cb4131623db0342faff574fa9b1dede9e8d58e8d6b68c44ddc139f072f05f8c57e8739ca02e18cd8023034d3dee5d69cc5a41291dd6436010514f5ab33dd97b91e8d2bdff7f78f444b3d8d827eb60d8019d8827c89a8f67af25d0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb5006730650231008e3474c25255fd5c6824358eab8c6736ad6e4be06489738dc5507c8bcdb3b95d90280e31d24e6ad1359365feafe07c510230247e6b337fb8b18cfc4c81e323e282b8e3bec0b88446ab1200cd1feaee0fc14c00d6135e3c40a62a81e04651cd5ad32d0302047c435bb50066306402306a137d04ad8d6020eaf47ce416c0e5f95089580a8df60dad07d36776937f041371fef3693f791fcbdfdb95fef74941b30230452940fa9260f2d1a7342890306d18469ed59b674b901822e1444990f40b3a47458f58ce9f291404602272bb843f8d720302047c435bb500673065023100afe4e20370c8114e898e6c5af787784d6cdf7f2e6c043b0eeec9111c2d175d3051cf2d53c961d53db52955cbee374de8023002186005f2422b8666b32b03dc7e4b5ddf02881d63b681a15ea581113bd2aa605f4670eba866d9d3d1185e79fb1dc34a0302047c435bb50067306502306d7cb1a1d5daaa6ae7dd4741a14f423985b011888d67945be865be27aa98e91775235c26ebd235d51d7c0ffd606abbd9023100af0bfd8b04904151d0f78cc7118e7231e5df7adbd120954097de3a44908f514cd3a5dde06ea2f9b267b95c551b91eca30302047c435bb50067306502301a6d0917da702b17b207d6ad46f647464fb81187b1cf25ea5fe0525e042a8eab9b07e4123327110db34f24e05038ac0b0231008c19d037f10f824a7dc88d721af65204ff29d3089843bb6f952f080c6f64c5131d13cd212c82d4f5f77eb9498b8189070302047c435bb500683066023100dc08005774d7bc8376fcd900dcbc09ca3ecb5ed97474d5dfbe910dda8b6907b14ff15cba3880b26781f6b0290b73cba6023100cdc350311373717b74bf43509a51b861c8fa07c3ef0112b5dc15f65064d79daaa170db145d625ca5bae15ddc4c42ba960302047c435bb500683066023100e4909ac1a80d2dd46f2ee990e0b2e8dcea2294b69cf16284d98db7ace10899183389641b17179806a3bce01f98b4f803023100a75e8b298a29e699c7c05f0ff2f431f918877144e97363d8911f3a0dcb6bd6c5c614b0d2b1ce794624399692a4d51ce30302047c435bb50068306602310095106e138dd441aef5f6b8edabe97fcb386298fbfc893bd7c4b247dbcdbd4895577dd452f5a8c09a7c1aa54f0786ffcb023100bbe1beed0af92db208b1365852c809a134964b51e1b1b61b34832fe07ff7e3009c57e2bc4e9eb85d47b7bffb0413d0310302047c435bb500683066023100f49afcec174efa3fdf765fd4435b810b5b887f981d1596dc36c917104cd5640f53cae64853a177af77bdd57eddf9d9f5023100d404f00d53011fb9cef88422a2e027f6a20d7d7bb82acdd55e20f970a26422f32c99ae5d56803e35a5c864df7f0d08790302047c435bb500673065023100ce1b9a9daad84ef889ff0a33116cdb5b35ef18345d21f4220ed2baf77bbfd3d71fdfe9d7aa3ca1bedff1d5ddb2fae2e20230714d174793c7a19765b3061ef6d4276bf5db7cafbcb72fa5738f9e55a7ff5e8c5e63be4269fe3e6bae0767e447d585770302047c435bb50066306402304f67d40a99cbab211b540aa603d3f46be54781fb2ad4f3922857dcc584afde628b573f5b893e42ad6a067ad2e44ec9250230404bc17bf7e3b202799d356038a2eb661e4ef9481f8c7840a4f813d76f2be7d17b6736626ac33c7f4231fa0fedeb08f80302047c435bb50067306502307ccab9564b75191701b882f4100ca9674b14bd632200431a9d657b95bc87a5eaab20dec72c08a139962b504bdb3c077e023100d0232b7ef1929f331d244b0f07de39e210e294418a4e2dc1bc6a374945f62845060666b9f10c0b727e5d20fe51153c630302047c435bb500673065023077ebe46f8d9cc39512b764bc66a056677eb0c195c5f4242535369cf377bae0b6a43ded8ec800528bd933e0151a56866802310098caf368a76a2f5c33548e8fe495bb214e5e885772d4674b977886046761b2c69d917c51c96fcd1bb6b444adf9ab59e70302047c435bb50066306402307ddea59624e7fa6f1de8d1e7dea0cfe418c13ed129f09bd3068f67e93a149a329cada7e17fce78908a2f98ce7447c4dd0230012a562ab4ad752c3f797b1ce40fc0e84ef2b09ff317458aaa81dc72d2c07adf7c48f83ce577822588e939081f47435d0302047c435bb5006730650230419663ed15df666e89ac42886bf266ff7baadff9f7bae718c056fdbe9e2b44aa651263a36be12cc1c9d98999c28c97ba023100e4713479cd79c62540154feb2fcdc8d2149ce17fd37eb65d5b050def569eed772a23f0bd355300889ba3f19663b6aaa40302047c435bb50066306402306d302b2ef47fb7d92a4770bc66a7ac44a305d9a05d4c3330045c5ae2829fde826ed33b6ec84f8a61674e65cff065e25102306cf8837a74c2e68fdc543fd18e2b06dc7e2f7c14f4c6de5353b07b2f9d28f21874ce01ff552cf22dc1763ebabd9c0def0302047c435bb500673065023100fef8787c39e541cd35b78352ffbc8d1b189b55d6890db70df83ebd3632a16af9c0c46dd7ac76c9632d5412a85e8426a802302c968ba5fbc285a4db2b7914226d2fbd5afc0672fded71c9b6fb78571144d9234c377f49db11a6d945b8a2edad04cbce0302047c435bb500673065023100d3c2b1ffd333fbf3c4fd9fe15758ef1c495a9aaeadfe561839e23307279605a386cf494709fdfe8ee67f1a221b775c0b023064c564b99cd05f0717e6b521f02fa00e5d7cb8f259e4df8b09b7679748aef6b346bf87f28d7459232eec15a1a8b93c590302047c435bb500663064023011a99ac24996485619bac44a74d892422bbc90c01bc06e220ee55c5e71b2b646aa2bb1a49727297a99a149c8c16e476502305b26ba49aea3286af011f0652ec9ac7d1bbfadd7e51063867c7acec432a7c881797086f57c137d639ec2e11b77215d8cd U]# Gb.jY04Rܺ e&(w`|Z| }7*9*UaYv5V`\p_)p+!n_R˼O*x4j>.x&1dӜ.n[fKMm}L٫l64idoPyL={K), NZt]s T>Ƣ<ܫBz V=ⱍ('dQ@ÔY%z(@G RLc,C8$L.$:sc?5 @c`vm9ךʒ J+.& R_Htfh?8W\Qi<y+~KyzSW{ MƬa*-#gׄxd{؆z4#:\oے#w *<5IYTږ@a>)S V q?1'SR2{|+Z6QT>`A?d  @  '022 \2 2 2  z2  D2 222x'''(t8|98:o>g?o@wG2HP2I2XdY|\2]`2^4bqdeflt2u2vtwT2x2yW@DJCsssd-client2.9.12.el8SSSD Client libraries for NSS and PAMProvides the libraries needed by the PAM and NSS stacks to connect to the SSSD service.d7x86-02.stream.rdu2.redhat.com1CentOSCentOSLGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxx86_64/sbin/ldconfig /usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so 20if [ $1 -eq 0 ] ; then /usr/sbin/alternatives --remove cifs-idmap-plugin /usr/lib64/cifs-utils/cifs_idmap_sss.so fi>)2-%F@%-bP0QqPK G 2  e ~ ;  AAAAAAAAAAAAAA큤d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7dudud7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d790c151eb03ad263c6489ac252284ac9f5eb2b3d1ff3ca820d2ffd0e68f35f4ff5f58eef5f0af6feac55e39078ea4e15ff29ecd163f3b49c52efdb765137f35de6c8a8c4573133e48c951ebf451f249def74867d34b3b21d03a13c348ac620e4371e1139a4769c2e565f8f6287d1ea507653fb2ed2d7963e1fb417899e5731bc09fb5b7d1c9e10d9896bbca6c6ad9fcc4616a35be84e50ed59b3a0a29aedf6b71f8b69819ff0a39d078fa21d3fce74ed96d6ddcf22770e59ca5ea9e42345ceb20ad875e6296b6c268c424547f50d3c61b40ab8c94091ba420896671a277d2600748b8981dac4d54577eec3aff96f3edf525d9e1ffdef19c610b93f1f1fb36f4ac8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9036c57f43c939054fd4b831f271a14c97a488c38f98cdda5e887c5d396e3b3bc58dbf4c3e3bcf7f3e53f294be290e87c35a4d0edac375286732832f9488e338ff64f674d59d5f2b064ae57340620b135e5906a02ea0f2f267c62762f9ebc9e942611e7c0361e024aa3287f23ee483aed032d225fe62250f3b16c03a3081cbbc928c94383fcfbf58cc8b651c466edf4486f5898cb0a7bdea1a189aabd7d8ca64dffc8cd41030775bdfb7064a931bcbb7b5673ffe3ae21d31454d9c1c496763c5f0230659e3ee0967f4983d4e143be252900f1cea73db1a4417a550972912d7470db4d2a2ffbf25f2648d59a6a2f2ffeeac2df32afebb9976e2f9c53e9e5e822b58b92781d840674fb615162b82c950f00e55d55289403d3f5ec43226fd3e0af22535fd4e66037cbd6c85f0bfc489d3498057e4449a99d35115b5fd79847e4cc0e6f33b103f9e25428058a6e6b5c21e74d78d9c572efc13d0179db7b773ed708d00aac065e68965adbf3b2061e84c79659e057d907f2cdd393913d3ed42a2345e9e5579e5da2b01dbb3e32ab2e703fee8ab9d7b731b1d357e6f61eca697c22783df41182b2ac6b1dea7ae229d877541be3d3b9eada5d5e50608488ca884fd895c2ef826718bc93f9c40dbd601bbc1baf81e8bad4340246f6641e319c8c49e31c1886955c24aebd5b58132c41a51f7f60b3acbec9faed91c1ab302e721aadd8b3261a39ba2f71ba733252476f930e3ca22d07eb467f3b55955074e2727e4e5516a54770e9e6ca8a45a80df810075ee08aa8bbb20f615603df52c39e574e3504122b9a../../../../usr/lib64/krb5/plugins/authdata/sssd_pac_plugin.so../../../../usr/lib64/security/pam_sss.so../../../../usr/lib64/cifs-utils/cifs_idmap_sss.so../../../../usr/lib64/security/pam_sss_gss.so../../../../usr/lib64/libnss_sss.so.2../../../../usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so../../../../usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so../../../../usr/lib64/libsubid_sss.so@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.1-2.el8.src.rpmlibnss_sss.so.2()(64bit)libnss_sss.so.2(EXPORTED)(64bit)libsubid_sss.so()(64bit)libsubid_sss.so(EXPORTED)(64bit)sssd-clientsssd-client(x86-64) @@@@@@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/sbin/ldconfig/sbin/ldconfig/sbin/ldconfig/usr/sbin/alternatives/usr/sbin/alternativeslibc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.28)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.7)(64bit)libc.so.6(GLIBC_2.8)(64bit)libcom_err.so.2()(64bit)libgssapi_krb5.so.2()(64bit)libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit)libpam.so.0(LIBPAM_MODUTIL_1.0)(64bit)libpthread.so.0()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_nss_idmaplibsss_nss_idmap.so.0()(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.0.1)(64bit)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.5.0)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)2.9.1-2.el82.9.1-2.el83.0.4-14.6.0-14.0-15.2-14.14.3dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/sbin/ldconfig  !"#$%&'()*+,-./012esrurururusvsvsvsvukukukuk2.9.1-2.el82.9.1-2.el8     cifs-utilsidmap-plugin.build-id2cf6981523c0f11b5f7216493f4e44a5e89040723c381061ee9927d4f7172ad357ca7a801cb527fd5a59c5ae26f381b36e2c7bfdd1be9c33a4504d7763dd25f2258ba276a6ada0ff26b25e57aed3c6718275cb64a6ec3151a50a94db54583dc6963b9f598aff7bc25e479fd96a81cab5ea1ba7d9c0bfbf58da67c0e5054059cbbc94ad3c4402e53fff69451cdb43f840743b72d37480da7ae5f5d6d9e002825dcifs-utilscifs_idmap_sss.sosssd_pac_plugin.sosssd_krb5_locator_plugin.solibnss_sss.so.2libsubid_sss.sopam_sss.sopam_sss_gss.sosssdmodulessssd_krb5_localauth_plugin.sosssd-clientCOPYINGCOPYING.LESSERsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gz/etc//etc/cifs-utils//usr/lib//usr/lib/.build-id//usr/lib/.build-id/2c//usr/lib/.build-id/3c//usr/lib/.build-id/5a//usr/lib/.build-id/63//usr/lib/.build-id/82//usr/lib/.build-id/8a//usr/lib/.build-id/da//usr/lib/.build-id/db//usr/lib64//usr/lib64/cifs-utils//usr/lib64/krb5/plugins/authdata//usr/lib64/krb5/plugins/libkrb5//usr/lib64/security//usr/lib64/sssd//usr/lib64/sssd/modules//usr/share/licenses//usr/share/licenses/sssd-client//usr/share/man/es/man8//usr/share/man/man8//usr/share/man/ru/man8//usr/share/man/sv/man8//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2x86_64-redhat-linux-gnu directorycannot open `/builddir/build/BUILDROOT/sssd-2.9.1-2.el8.x86_64/etc/cifs-utils/idmap-plugin' (No such file or directory)ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5a59c5ae26f381b36e2c7bfdd1be9c33a4504d77, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=2cf6981523c0f11b5f7216493f4e44a5e8904072, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=8aff7bc25e479fd96a81cab5ea1ba7d9c0bfbf58, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=8275cb64a6ec3151a50a94db54583dc6963b9f59, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=db43f840743b72d37480da7ae5f5d6d9e002825d, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=3c381061ee9927d4f7172ad357ca7a801cb527fd, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=63dd25f2258ba276a6ada0ff26b25e57aed3c671, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=da67c0e5054059cbbc94ad3c4402e53fff69451c, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix) )1>J   RR!R RRR R RRRRR%RR RR R R RRRRR%R RR R R RR%PPR RRR RR R RR%PPR R R R RR%RRRR R RRR R R RRR%RRRR RR R R RRRR%RR RRR RR R RRRRR%utf-89234145ec39bb83ea7106935e8b636c7a1c01ca2a90678339d685228b3fe627e?7zXZ !#,@] b2u jӫ`(y/<_MBbNIp9b{M^,Vcိ[.ůLiY"#=e>z4i$ua+!ItjF40rU':S%Qi6A{dg%V=7QMTh\x s& b; AoVž%G?A62e$J87ǖ$/€xwq"zeʶ̈́7a[c-=/#y0,e,aKy1XEUT8Dp[{k/ɒ&eK1]ajQBu-!0aVx9%r 5I P0TM)TuܓLϽy*7+OY/^y>1#xc+oi@,W^*)!&[c}⮓=ƊC[bcjmiLa}o?U̙ BLRZѓSw{" z#-.n2_Y?=e n[ؼ7#7+RZ ),qE8(3g[S&-%k,QxOVj a:dՠw x&ٓ6S՛R޹x~S)x5xf;?,AحQ9^&1$&YhX ?UQqsUTwW%ךɃ+gi3sX)wk t1't(O|>2f}C7 V*wc@J2r˓6?ayEX8% &|v/^*Yx:ʚJo8ZQXaf8Q ŏW[ervn[IJ_Ib[Z0e^^Gh=! (ܗIzx_֋E$gP-z zO#Q 蚴A"o3E݌b>4$|I}\Qa>; w/10ߝZ)6 bšǨ[b_|:5ys`ޏ_oϰ])j": $w_)noPO{+W'⏷"Y0?HDY<=2F6l2\I|ǭv& +u'l-%<n> m"SPhLGe <ܥ̀`wE,VR+E(NA2!\=M,Ɲ(Q+׮7iИd#@lb'vS9wOhRq-{%&ޡřSqȾY$\UGQW QB{, Jbv\ԪH?R *O ̡7luiv -8@4AQd(ݪhn;w۞c#\x /3OP\Xz F$~=WdFi{ Ե@dO݈e-0eּH[ÜReN]|wd=q9Ee]{2:\`(Tq$Xogy@֦>^ms0AW_.据"X"MX˜?C-hA/Ŭ)Ǚ4 D}CF/R_oo@XVv *CCj#pc ^zN926S`oUM>:PI2^ AM7Iߏ- Hj#CO_f-_)4gȜ#ŐXSOlH?b]fź$j^7 &OKYlL?۰x2=@ޝ1¨3awFeF49=d8}wve.a{yχuHW߂$G0p|kΟWMޙЯ9 .V jؽ ?1'@bJ؎JGU,K_cAn1|DS jWÛ ҟ.`eu`5@_:cYsd8in؏_eWy?x5g_81>7aSMPIڊEnmذ'||E: :s[g1'Y@oa|m 2)GfRb+Xje4'T`)/.c-0^qHt,_HzO."閛\ٯ[r׾ʒl(f-F6:$#rp>!W8UZKmuB[ Y\'5!å$_S@|żIEȇa}T^7rf4N"j0 Z3"w#d1V4z O3i (шw'613C`>iC .;Uorj1 fCBѧ<u nY 4mۡ-(33Zfd:R_U8OGA~55<^yVV>=au9RʝLrm`fo"t'njt}p_ʗqHgT*$Gx 0k:uB S-(lY>hvT\nѥȵ4,2 2n'np~AO~x6Svf"x&55e[ȹld45[NF>qFiodZ66xK]>fR]DlX%N)d%c-T@/* 6d80;E7#4pZ*$ Q785-Û[/1_U eΏ`LrzL#DtgfK%1oxFuZ-.W g_wCa .'/b3nޠKM8=V `aV:|'$=4/Yݓm)>T>JC֓EWނ6=PڂN'Ի/t69G_ʎ#haqȵK@8 lQ7C4K^ 曄0#z[Q</!4<#=i%xMp~feKG@ɖ@/n!;N@訜?MVAkj+0>RL' :G82EvFX NUq=ƌk'K,:3l9҂ٷ7u$@Drَ5B޹>8E!gh:VMUN8I;)@g앺 l"@"ƃ#lE{~-Rq t5nyw>z؝=d%6YxMPY&yh$Uo$ KUm!nqֆޮ_S8v|Yg&gNj1}!(`aG?)h Ҿ. o_t$CPӋ&;}U}U`v^[T8f yWFHb g| ~!e oe ]/5ͰO!,߹ @`/4z58ج;:*`GIS`*ѵ4ʴuY>lỶkF~0x@jU+nڵ0‡W3{w01rf!"-֙885֍Id%fˀKT+ziC)Z2(jc %PW)Tk屇h4*bDçHOwCgkm!TxJPXin /4"&͙ѪQ& Q0A1` jqMsGN/2I3t]JXs*!daC}F ,]os7 6Ԭ\m.gp:kA~ye`8%0`^u:'+_@-t<m!Kڂa>ߊح aM4N*61Ț$%8A?l*7{ÕJ̔3VByRDtMubA)pʯSpP W&SEk78zI6a$wrOgvd!3y*{z6()z<ĒWŗSUm6 9}h^9J݁j/=i^2ǒ Kdsu oV?ljsRRGo8&7 f$WRۯ`PYtHB7Tb xO`UZR9]'$-:GI#IJ%odk|W'[o, ljxϢé/o_ 4P 17iAHӞUGyfڞۼHxtq'6IsNo6~08[;-: ]Uݧ]>OIKair48pm 'z H)rʊkWiE׻=2=4pZ-\JeMzo%)-cBN"]|hɓMX6Iɲ6E LA ծk9@0^%LOI/=&a|"nG> e=&kU*NNɗSdfgn'|tވ<+d0\08[>ut,ws  WQy m`E-2L/- X zm!/*q?wyǽ͝Y_.]@~eI| ?KkiOwǹ)z'9_[%yA5v:Cc4`W;pzǾ"|٘RF%MB!u0! J93`:VN[-MXśW2 Vw*M\rQ},*ԟPFFMb#Iau 'd  zt)fY/f(E l,'x:!"a\p>4 ݾAB;x}?7+bIsjWG$+ьL;_)}!mȨ+׎K^=-IݛpOC`bxL3E6f_<1g<_~/UvD;GܨռS+}XJ|+ĝ|s<V b[`_4wZ9zZhqCp mƃ)T#p0nE~%<Ე8/g S2 a`tJKH#k_qh:nш685= KK㸂8_2,\a:V|(1˙2z ñFB֤n إr gȱ{W@ru\*tkVT5Xɕ=@-,9QL5jfp1׵)De:5 ~ô}nҏvQScIgP#u~=OS+eg 6,.=NjO2f2AoW?DMD5tpwQ</n7-$gEpo2L&p㋠C3΄ c]atⷞ({}$LbPN}BFHT$]cU;;U; 3"4dQ[=4C!7n`c*;OyDvB8ɧ;29SLGa_T &W~U3_ON`;*(WF̬+GC^gi0^/XRe֤2 Dp E,)Qoy."&C"StW }cԡe%ECWxbfFr=^ag*iY@/8rMv>5W}=%% t?L@ 3LPIl\+7x4.>0$XFmt˜th^|^~p9{ nAvsFS ݦ&2,R;N5=+{gnՂzղjȸ1Yy\#hBc!ZmH`; 7^ٮ{SI`zM;8K(sA'@N0^!Jgt:BOLZ&M!.),Wy5i@L \ҦKf]TyoX{6;Y!4w կ5oQץ:w"oHޕa xEhtOUO/ݕz]Ef66pt9Y@x579gҳ8,̉YP8;iHO38muFC=FAj-Xi=PAztČ?'߼4Io-GG3rӲwA.y 8\>.S-7%J"KEem5]B L[`0Y!cC ':A @E=OGGQ %n)end~`~an4]߮4PNR{]]. .1 hkZg~hN`Z7CCoR-_Z~  feZ -\̒fgS˂h >7[Xsh@Cl{sWً8Z? -т{Gw~] ØJ_;;+i=rJ;q|:ԆnUm~%W(.YY7 64&~-(DMyӌ^̭qZD:!K&hIб`1mSV$?wlIHfF3Y Igtbii=iן{u Ss2:зl{ZRZ^w <925DA~YvL3ԛz}Umj==tf 35ski'rp%L 55 vRQ: 㿑竈Fib1zhj :kŗ5O<oSM8i;“V0fV{XC ꩍuT;J5B&`)rEv_% RD'xP%x\!P;W)p7e]MW/@*2W͹}FIot*dp .0Gk\n2<鮯!:'ƗmH3ъK`=mEa~VL)>6|{Wɐtܥ"9>x"^)6cwoGyů,-Er)3et0\oC̓P>ofbrHpqGU>߬%>) OmJ\ V[~oW\p{XEپr@qa)e*= ?emF]1Q=@|mRpN-t5aY$D9!ePEl$ܘf!t%<췷 }֞ bR_q bm:^II8N3_naKVi优-7D-òEcz0R ӘV“>FCl{w\L4Ol7SI RKHG㿊LFGw |`m4 gcxtc)_7Y'Lu.U2/:";7 O``z7Іnd_s7A>?}V+Ss@Kyk1H+:+^b~gb*@ ,i]իi2׮VRQ u'\Nf1JKq'>fu6坃jV}>ŚQ? l\b/#FY6ʻMB+bSw\ܰ-Q-O{Lj<31dA&)ڎy(SG]ɡL5wN0^HUs@S6T3B-: `0&"N٪`CJ~?sK`/~(&T{Z t?ϻ.&g)h v-17cJ2#1u>~ 䁳nXSSU/䱉 h1q4"c#E\>,)3M\y*o^#$,z:"/z@п=ԩKz"#sasgC5lG?g.pCi( [؟! 04*9:%l=E|:cTfp x|}D䜉iYƝȾ'+S!F :0yAQ-bKY[/UE @Ew?4B'_?z+T:y i95e|gZ@Tm |_d.D7ez^`zLӋU p% xߏ}"$w|Iw:uNpy0]1sͺ-Ok0lg79b@~&𕒌XLWx;ڑ~_*/ O]&`*H!S0;eIɝ&8?NjA'O,͏y[MIhn iP}&[74ϺH]ok!/G] `V D!pᱣĪN\~`,|VʼO9BHm @ROڰR[-e[P/9?qK8$ILXy}ZV.N!'L>0~@ҋl";B$*۹&U#&u"qQ{j39p82CLs~.KJ6F{ne3MGKCȗ[BXާLu&\,,y(-"j#Bh; b i6rs)5@b8ŃOgKz97bNq ^L$Ttr߮br$j ߆;q 5:ot[vuRQawi<ӓV07I_ɟ .D\ńAnw}'ٸ/SBew;2^8Fӿ ^^x*؉ɖ5+#s`E~9تCCZE27)R[4|Hԥ8˦'HRt3~b|+҅>$lW~/@8˃J.3ȳ%?aCyknXPڄXBůaH-рOzdԟCex65 ˈ1."/N".-ȗcLt1Y`8U0BSj9~E%5|.l_vhH/o<+PP~+A^}@q;0vF*B c75T#{]g*cXUW~IJҐ])ECQİj7= : Vz6gE2rz8Sy!dQ[qb'YCٰG[ւvPzRK+4B=FmQ_sAvs`H Yx/㣳DK"<ɖӍ -JZLl^WIg״ɽut*D#6/gIvPeȽ3մX#ϭxe[_쥆yK{% iY[9G"uiH Qsu6umM!hep4α"׊aDhUgͻMbi]p4nemui AU|qS 0@ь@#"~W`_KrjwjEoJ[_&>FB EH:B]3jUM&Lߐ[Q-=Ug1w"+nʝ׸S0ͱT2Sn9Bkɰa]'#pT]_DK rJBBsɕ4`* aHs'B*LpR3$_iHDuR2/M<8n B r^SkVvd;UG4lf',5#@&Fn,D"}8>t  4~ǕyE_I#H~'J7|GB^ wu)iʖOf< .xYtm3?]AŒ2Q9z{+X  @&dwψC G^~d =z⼏P OROlj.ϲ>! ʢ8oG|jU>܀an9(+ku@Mȥ|"=ʈRD"猶4MmܒG| VkgtL(k%:Lzqz|naK]qCduEX|;|p|W|7f| Q-WW_1= _XS> ]OXNXٵ⑭[D0Xc\ۭ])ä`4fF#KQ1 "*ʿ#S:ɌOF[u7i`읝#Yw E:{dn8;(\KnitM0f?|йe, uAI$ݍln쟫8Q|Dl6n7?]{nqX>i][U*fY"Tc$Q06(W]I v8{AI04#{wj5(a8߼nHredKs ˡ[ߝGӭE_/M5b`Gt'0ND JubI8!7t[c2esWޣcVmѨw@yx ɝ́rXoi_+e;Yse%D'+v TT;A/׮y4 x 9-B253߂IhY w[YESky "pBE%YxǣNzH:i$pLk`I-ۣ"I^h00ϟ4G԰FC<'-P[3/!V zc nz̏Z >-IP' ^:,߯Oyvq .mܯ 5_ 7/xvb)2"i# SI+IraOK !5& K%SbBIKcƬR47tCOJ':xe.wKsl8UKB=O,Oh֣]d lJ-ꈉ셊ćtOgdg9+{˝_T a:e"eI(UԻhUdV _{_c*$ OP0ݝn|y#:ĸq+| jmtΝG FMXqc` 6dQ|)V*|ܙT< ڃ ӟ1@ߕ#w?/<㼁kz#tŠWrI:Q_sCʕU©qMϏW3HU#aCDTFs&QWs|*97yy9TjB,ֲcw:K'69誱`:yy(G@y¡i7ti([0=\#1\.C{n[AY}>sAQ4f: -˾lpA.P7R%iE_tY@fO߯n?s,W,% z2d^}&r%-g0>Trؙ"&cX1t;C 7$aN gCɮ$̓p[>^Jsz P1 kz gUdQ1p ^;8X 'F1ĜMkdHI24ڃ)DV=Žj"BI+N,P6ΈgHuöߧ$twy7X#ƓUweE 9k^ԢKK(1 S"V9}}ްs&p!LA~v% 0$QǙSڊؼƖ87LXМ{6vkF= Ok H"VG~ʷub # aTeb;,uZ VLYNi,ڽU!evLykC)wdN1>j2a/7s/k[N\;(hX?P2JC56j'R#3KVgE2RW֤3p"폸GGǤUPl@F0̰ A]WJuz)5~QI\fmϬW٪(D`6Jr.[N$㺿Ob]rvgBp}dJ#<仧P#q8/,X5' G$׬Z& -׆5Y*5L1 PhjΏ *A ]/_]d;S?wQ=ʬ FMhDH<I/#$sKe[1V/2 ڶL9 ,Kp^`#oV5=&,`\CZrtwc15ak,4qDT@y]򨦮G4X "HHǁ#ՅdDy@te^,Mt }-(=\FpT+VB9!^0oOD5|p#@-yC0>/jP2;$`aױ}r-  "c; aGF/x.1R&1Z"w|7O^Kf~iw4MɋvEݰE 21(9e8Iiʼn ]xl;-IUj"ѻ)gE ~ȵ2+ѥ%·/M.^#l+{DlE|i+eҐ0A@, ILms{mcl.rϖʒBJyvstV¨-Q.z0 74I^:cd.V;P(Z|+jVrBռb̞L؁xnSv4=y|[\kZ ӥfit dbhJk}BNyv[m_Vۂ5A mEZTr<}j&c nOaЌ@q;8%٬DROEV7{Q>Ͻ4[4n}cEN ){pa=gm#}7Ic]WO^X=cDg]=W &{_+I6tRu8D=yOL3cyܮ\Va?~ ΋.\~iG٨PT{W] V- \緞~[!CBXy0K , ᄡ/yRW yIbe5^b;8x$ZsEAhdaEC {Z:; 7AU<=4iapDHj#el k<ݲ 8^({%jP.)Cn.mʛO8 oxsՋ`%_X׮"f qL!~є%>j<&׸I&ܝa-Ų: 6MJde7ݎNiD]Eaϴv,_n.ot5)? a]a ]ϭK <ʢa:ay"@JQҊbkn[%h?%nxd*SxkWʦh"^Wrexé:%.4Qɦa8ISJ! ss!-FJ0+~01ew/;wH{w0@YU7D̶8E=> ?w>ȵPDTB1D&:|If=DbV /{`+s@wSintH<UD㫦r?Ɣх삯SBiL<1nN#7 o/W `Rjɀ_l+<8 F66JD'x;p|䟙!-MvYͼlgU1 .<z]R팢8P|Ͷcuz\uݽQ7ly V@-$~&~I^kJLeg|ǘAps2 [A: S(d57ρ1x/Q!uU6$Pd]U}L\? Ie^iT%2Cy!wU-nrl[ 7<9MND:5~y(2KnwȤ};zjѥ&A_H7(wUQB=L]obyۄ_̦[x{v mT;i;{=2f3UKu8yFR@sEƟ^`np1w95cvY? R';k?P&_*%҂jO?oso.&):Sbx~l>lg=ۣ7{@ `N35ri?9OE @A76U` w):aۂ`_((^˶˫`4m6Q mM z@4պq# )'}t[t-BC*u3XZ_M"/tΜjZ57XrV0L:Fo;pGCo,M2#"dUe}6,9rw꩗6}cI1[4ҾʪZ%{ bVmm>u0HrfWOMFX2/I񃰥v":|9G!'1ov8*,fD\m|QѿrR֊>~~ZJs U񺓯GA;CfC/8$u8#}kTWC8RMﴔC[!0Y5qS x0jhukvdԝaRO̎WۤKw7IJ֬+( _v|E[9$^jxe@SNBWsIq]C*hp4;GBNHj3'˦3Z}HV«1;`S53bV,FPGr1ݫpLg9;/zPBTˈIJ^Qa3J_>Z? f-LLښWۜւm/z2kƌ> |}h܋cC"ң [&6ݘEi:(8+ʜ"I{Z9)eqv+wJ*>Zkt(k*idpowcỦ8z nsJ\Q*lHB7Px@g=?P(-T67"Z%؃Y^QcfK !Xڷ .]Bq1S5^%s H"S]7#pM6PhAx{B齁4&ۜ\q m%+JJ߂xlh{kvL a4_^qE$/;5@F8adhr\l>Ԝ/Bfͨa-ޕ@QyhFa=Ny;5oI࣊00b]Q~h3*9#:c8Rn9E(X5V|/O}wGY#v,v@dPWC3ZUL*/eEODzLTl9Vvvl OtlTEiUcEڥB@Л9oU8ֺ95^bP΂xlWW $D?ǑEeڈ僝|O+GpbBg IʭdrTMo&*^XdJ㚸vedte:#8£UqD7j:G͡C&gM3(2^ɪC72DW)5pݚ$I}1drؘُ믲*:ycQFY4'67`DWRQa 5ܫV%rdٞ"8bLvg6}Ve@NHvi5x- y~m]V+B!f7/,Q)7)IP{oTbT'A<~w$rmtqhh\گ8ٰ4B?kF#Ӵf AuNr㩞`=ۃP lM,w"G3N xxr g?KMк% <NQri +ύCdj1ԍ;#eu PM‡Ys :~Z~|6YU͑C7z78K ָ߯W@˂^0)BXgc3enG(0JXi Sy5Ďp=㣬BXc4)'8(žۢ7OWZr iEYsUF4yսZfK.2>^9̯!OKR PXz|$VP៞)PPl(i䀀rDHIHg'ɹZo'n ht8= wX÷N :.R2\9N1uX+;2Rɹ" 54D=aZA@! vv g !i^V9{cxAab?Z#=_QcՏ<8M+v_T_y!YFCwMldʓB=Ǎ* ܽF 2s$[Q,Ac8#A8s xcy!I*w.MA؆jLb61s軋gTa\BsCߞ#BeKȔ;#\o9ztrzR$XY5o6uaTx+z<,= T*ט^]_: }ۢ}:V-RՋ0)1Q|Eـ3JNm-ͨLDBl$J#!]LjODjtO߻hŎ&!Ѿ _}C[tn4"[Bw|0=EH*Fv@q!~d^e;{!c<+ωR q9tC6=%%H6J/ȝZ*AY9]4J D2`ø\_eu{Ēά |kST$qi*BO?Z Xp2d$+̝55S:eP# àRn,` r!JX=@Ѥ6~N/+bO6Eo+#eDi6%q/c#1sPl*ksR뼪Api G &EyN6ݲUGS^Y\pŴ>όhc }xRIC݄S%;#4EFyŢ2o廋 v+CD=HJT;%w@"m η{)bbۧY:_9ͧO]nDho ͛ONb,۠v}"@L}5ي3@-͉æ+I}a9j'ŧ>~'T] e/r aAe9k@ڎ`"Rٮ$}hCCڡLUz[@R>1\WWk$D Y ]7S)%#έDO6ë44V2.Cx)ؿep uu 1JG^ R~1g-'@"jA^-lէ;ѽr[OFRJ}ᶝƂ:!nADHߺ_*)xapf[]Y6]~<$tB<*Omivb10G4Ӭp1n LZgSFz'ϱe9֬`$o 5.)5B^IphAQW 8`j5q Sx˾f#XƢkH)r/֝mPUyZfgg@v᰹G9EY־À(3@5A_蛢eX=釋#$Ӭ`I"ь3{Dw $l gWFGkqp!9yKyyRei<슾ѨAC@FEov+X} 9w25sض ~O> `W[[E;R 1blX[ƒ-ƢޖZ c[tq»}MVQ=nD(FYi"0mEH)%0C#⻱FKKV/InY|QO|Dv:Op?uv:T(k3x_ gݹO_9#[$ď=Nt:WOr||t_~(Jq׊lh?$ g14ֶe6̊ _OA~Xp6ƫ6{,|ܮE#Γ͸GcGjC#K8'HXy*ʚ6p cN%7ɺR1 _?"E1 fÓMCÄj*~Cy9P >pF.Υ/;}fsi65{oVӒ ~&!hZ85XNw!GcRR#ے xvH0̿KoD箔rhDDDH0tYdjWAHSBGk5DmA}8o6^5n#U }@P_+M>9ƶ;AK}L:֧̚Q eم[/SK?HFq% Y|NBRc hr@wHEɮ-6cWXch]Z`=ĆI 5ilY~Fݬ~Kz(hTNlO.4\ XpPyy`=2r?Cm|3h#gG Hf6$Aĝ7Iu]6O]&~R:ۇ!DoֽlSG'_4#P(TOVpJzO!uD}k= Yw `s.rqKLC8\FfRn^= IQfC)@5 q֙h`XI! (,|si 2[%䀦; K쿞}% 7z_JNQ_(ruLiՉi_EY.[94^BUppkPclwR.)3;p v e67XpT@]9z=%_&NF+K>goz(~o^Ԏ ѷ P2N@ _E[ow#8o%Z)UH cu &l(\pQ8{w 8Pn\n֑<(>1SDDROsOp|2oC?KA`ه0U& W2tFmqD}qU76$;)-Crl'98BBt8_\[SiLB|CtiOϥ̪\lgA<7(|RתlD#L[u6=߻&P:wN܉4\$i[rټbj!sɮ}fou+ƽA㎎?v;Br V>FQZ |@VPW3/pl 쌙ѣǏ.x_H>։-IPdTP;ۺA< bE]0#`FLȁAl {x-UU:Xrq=p迱Jyb@{ˑlf:AI $ƿۡ iE.g.u?U6縖DϤ y$Bg8{s6b{.&"8 22# 0.^G2^* [ݤ˜+7#1WoS)cq24w@Veg $AeIpQ ǣY<WKd"6dmjy 8ʕ:9sdӹa!H) ?yDju[+TpӅJG!Mt/"3r:fhm d,:_`!.A2(1P]:}񖁾3!,-Γj60{tHޮ`b7)<>>Em3Hv @R0P2M)f% T !KeN5`M=+JW2= zkŲi9f혣LGh_+8Q7WdVG@L${<ԔZn/5C߆-Xg9#k/2)LAX B";vV;!{[G\fب=4ع!m@1hfi,BSwqRhUf,OkzNOvq avy}@%KJ\}eXJ;Ҿmgmfo2c[?2*=XԱVa1/%F(l>dƅ yҖR. _mv<9_"+o&aįuv-1$]׽F2hOC`J6{YW쳺aJ,BΎ3M*8nF jgnѮ1="NL5gbN<&p/6d/b飀b+#"èQF)EW؞gU.Paj%(kD4v#(0a8t76tͩR*F//Þ٦wiVEi3^gLK0o7^u/p+[!}f|cӯ@9$֫*n(OL *t#~icbsV `5;.SPNDt` ^6]f07z8.7M]t#ێ$뵥Oz5 e!moj(Cec$5*/P)7_m2*D  Hn3<jixK?,HNcj2i:^7CUS̀q@\s S/ϴ*%*fr-)w}{8"M/D. y)@]>uB^pӛn}1MY(w<TJ h~WpEycEOBG+&Lj4034< %z5Գ[N{+37#,TԴ1ef.fʼ4.ɛ!bA;»oZ\xe7{x#p$;$_*w@;0 /\K$H J#haW@dăX'潝֡3w~m7VD.Q`\Y;,"j#͵UL\+h"jP hc!@׭|WXʄ1 12yJn7xlT@FWђ"s@ƕ F\s8/T6]k |.CnNcz_:^Hf:qSU? 9Him&2hpHUa}r#A?#ݙ!6 TjBHRSHꀝfW4jʯ npYE]zD$7]'œ1Y)Ha\7e-KG]A a@k~ Hd}E鐭E/nnK{"GIjsW~㽔dNV٤"c7͍뛇u^r8$5-7ve.@B9  :_zHW۞ O vNTM6Nl~(+/=5{j5d5X*z6Җ>67SmqVm]@{DSR6E6T%4NQ/q#755պGy f_o$X lyQCr}ô< ]8NP&b|$cəg6M`<)nL _B{W֊:46:ߟ~:IwޠA6X4{uӗn>[pZw"0fV4 Bk( {[ v-vc̲!{ Y=yd\ l{3Ɉ Ox뒅}`ۂ9#Zl!ڤAcL|@&z\veG,4}d`۸N*Ͽ$ooU{CAct3&4˿J`١lM R?ю"HnjGI<[Q9~EoM 0~WQ56COSĄ 79Xm5F ﬋E! Md,ek5y]X=%| dsx~Cm de N[HVڝQ*0u=YL+L0P()Dl@TA0SsCE _h'l9tf)⊠L7SqFc{5GWy{ewVS/ +B4jHNHl{ ^ E,{%?oV|ehSw|a"YdG?3AyզAHլլhξ|))m}r5Y|~˺w!ڸ̷,.85N[oN'V2gdn'u+˥Ƀvz$ؾ12Š͜0jJk1J]jf N>T5u>-֩Bg0NanMٜ!]4n=A4N}xBӋ5t,9});i~pID`y-}ti=\1KdűO?B[biX A C*۸#c=>c&ȁ?c%d,ҏ?ӡ;*/LnwNVŰ1 nx!?&BF&n3ޢ;ԩQ6%d^]%[ĕ2"82ARi"Yw *ڦ˧N]!5j!&=[DD4x|-tj*I Qx 猸:>| ۳ PVip.HXPVo ro|d`vx6[ꚽelhZwv!7Y =US_ nT0Ag t2r&s;vyMh^M:w+sXp _E: HŌd*DQ.dJOsc\3SfːϙY_C $knǸqPz[oz KEM2-)Iؑdj"[+ۇ[!^9 +;Q6e 1pP2%ǓiBd's[7P>ܧu!tJj~|l]A voTP3BF4{fS>ZQ/Z(~Ƣ?DĿ n?^˝OK\:Z{A Xc!` Ek<*ne0Zipw~B< w|=y'mc\TxɞRyU9R< A RU3ֹD|辂l2h)EZK%@v<@{Ҵ 6Gÿ'b#ֶG,߱SPX1plh_$1;@09V)wJV8d;F YE9hhkeW:QD脉ᇬpcsv#ѢTx5-v;_c-b<۟2SzL0Rrw7A$#=wBM6uf5CSK1IqޑyLZ똉f콫xdt ֩zY/=ߕ<~~%).ƬRvЯO+xφ5X}EַʹN5Rh!D ,)oNMÇ?R\DhFH7ɛo6w͍JW--Z w)5Z0~wQ֒Q-A#!^1`'|C1`B Ki2f(KLJŽ8h0dLDMed 9@5DrrD'?"O*!o 5J/bx9%cPkkځަ W$h^wC_4ICE>۟kD6hzy 3U;}3%jg* X;Daxf&Q*xAJH%˴M 5U pLʕu粴N&mYx]ih|@2# iw׉Ǐwb6r_N(WDm'U0ϊݾLzx"u<ؗv@Hn闍ZlC¼iڂ߯jAYVM՟Dp˭߅oަǹi*i$u[{NFkL܍*Dpsq Nv[m;ʪS^ 䱵3<dYi쏭ַ~+@^Ji^b9gB0VLx"St]-9 jZ=P9RD<'jct1+ޗUw|J5zqj6=&&̐2kl@iނM5Kwz#/)}WZ艗 V"?D pg;CdE#y 5󎫁:Ϣ4ցNCI fF ͤ(٦D.AC;G6ؠO/aۋȾ@r0ۣi>IiRhB' a֊4o5GQ[2$7Pv)9 Oq";+2 > H݃ @lj9Pxς*wwx 3dLlYaȂ|}/eFV<]`g$eL[g,+g 76hfKB%^mlL1\u?3k)Ґ! B n* ޥ"Wv~cԉ:dN}^^B[ܜ2oܼ#-ϰB ۦ&0)-1fDhw>`Bf)ZB[*)z~g(bWk h#XbS/LvsHFB//gSJlLk1e=p7Nkε' &*K[aďm,0;uw^}*d9( mI/`_.lir^djl)8M.mQInK*Vf (<&8Ý2+%ZnRclB{)\}23Zٔa(f Wu '٤6Gi'OJIsT<7X\VilTQ;Qαu\hEL/|%qݹsH2kV=أz5:6qK apS"Py|Rwc!(K4脄 `XCD+@ (j"K>49Ue+T{`].+sX}7Hx+45J&rL4?@ݦ-_-k(U@׍3X^/[4-A% +5qhonpΩWRL0pB@%f}&."*z'g6 13\Rtn&y2&Ѧɫ[5׉?_8n`mLU*..C1j XôQwVepLZEN7g2BS>v,Jܼ0dC2#!xCS-CZx&=mB{TA50S)N\w4srBV榍HJ3(( K$Ωc}6%CH4F#VUYv1bz>4$7l yq^Q^+$,;8+s4ЬT28y[k8NYl 9X+j,̀s͓B:DJ@╠PLjݐD0KyCd0G]*$9)&B!8Te}@V8b%^u+Fι_zX$E؏t?v#A]Wf).n[.ɀH_fv/u ]`Baj=/O'P_3X ^@c>=P?Hn'Udx]=`i .Ўvq~*DžPbs25\S+ҚJr/W.R՝걔N~ ,}f =7ㄹQz.LJE^+CGrg}ǞZ~`]f{{_F~Wq`߈6x- 4zDֵ,.q@.euX*T^ [KatOH*쫼\-@pÍQe0L n;m`!2.OP@p.TuX˽HgߩM&7Ἁ(3XjJ2T{@Xr_&Js:G,rih#E R<hRJ?.<RZ?:8NF'Tav!i6Pc` )|̼H@ SU030>eTt>9$[ `znvcMI4,ֿY]^mH?gH\d Ր!czI< ^#lc($si!{ ots f|z>:u{>t3tmPyU %ް5%±:xSl$5Χfl= UNrzkݷj|`/I^$w換_s8PK0[ҿ^\ѯ&b:zbߏkG1v`/#~e`^HCyY\A{PD$%T`G!Ъsq&3yVt+Nb1__gQ<F tܵF<^MH0$# PCǬ |N=7M"ފ3A x$ #/-ܬVFϳU2Gw "ςhc#=D%$W# yp2p]bOjrH*Ki- u τFbKr|"ĭu}3;Ȟ0 HKZP²oղZ&Jxi""cXex;]lH{qp5u+(/}֨ŔGܪrVz 3G!̹O'@W7X#h8CqCƙLxB B/TNB*{ʯpҙk8owׄ ZecB{vtV#(PxJ>~ãה2@f!:bEjns'RuykмR:='9+KQ3s('r^$5B=Wkl{yCf!4葠$hNekGiKK&x]ʴzS7ӬE[sf=Vqf _Avbʼ7ThT%w("i bE7M4$@J[Tݹ 9  }pc:#ԟJoh>Sy-6\Ϡ(1+"&Q{[7}<./`tM17\{|vfKK|H:&ey_la.v-2q߈HG/nn*d'"WG~l(astwO*L ?UA0S(u^qCTYN?F..br!ڡe_J ROxou4#F0*c>zZ2!;Bf.W˱D:z#0Z㾤j˱/7yn旱5y >LÒ Mw|C\9_'֏ f=niUX%_0 }q`6O}$sEE<`X/p{> :>j ȿ!HHBOdԳ;+^'4P5wsIPq@;؈LSING%){,X2"ٌ[hL7כN+{Uu4oOCg*66?%-n?u-T G˻֡-r'] ƑA'l\q̘-UYBT$tS DkV| Nfg%*=`Flpuj1y}4ƟMΓ)EYzzcCgq.9^P·Q.&݋xѾX{"dWFiD>6J&m}3|o  h#YzQIi-<U*ulDBn}FV y՞}ٙ>o`fQ8P| v#h$Ŕ95}PK.aelٱVW0\ysnZ:ގoTaLt]y2#i+">D'*u'26^ D %{ɦ"8ga}g5Gø:nN]PlĻ ~qY2>jO W'MURqc5jEI3C; 8-t PA8 S# R~#,26'6ire8 ^8f{q^&z!#Qir[S(-ֽW#9{QCM6!yq1h}V90Aw'O Ilʜ?yh( Hi.ʨwi*؎Qu@dhݲ{ iwІ^ FJ⡅šu\ο%go޳HG0cvW Þ /啟 {s<ΞVFWFܩ5୨)3p3m9Y5^<:F{ ݑZ!eZxV*xA(=_7 ]ƞ*T±.(@|;K-kB1ad'ORSsI[8Lp`+sWkOGE:6,@ nF/>A[8^KɔQlok[q)VbľIh\4[9A#΂A<tUXHia w(KΑi,Oy{ԙLK ?juܘ=E tȀR>{9t\)BC1E1ֱKGę9"{#﫳+܃db"eC4Ք|bV]oeVL Տ>\63CR!=@pX@6NPb$*]UjqijbCq4[2Ui~O,sx -lt 1{j7Mh`ma!(T4 1J4V:>DeP7c.a(,BH&i5]j_3>#gJs893&Eŭ,(kxEG`:x~wJj4m?DW EEx~O)BV"zӕ fRh_ G@. }'ubS/Q}w?4WmAt(>Kh^LE%Fqx$}7L6s v '@X'w,cĵ;zl6!+JfS"GEt#GsezH@e]D*\X^PnՂRV@,iGcTËr[ӌplW?)~ʇL <||Dߨ'f\g&FVz`caN꣒R6M$S' Sң7Q\U:rokf::?G.~vXr$]ֹqc<=K[-_F qdۻ@(=*Q&ʐP52W #eҷG2Kj"U0q*FOL^КJC&^\i|؞:va^Z%g-Gt2J-˹4(瘤Ve?#j;W%=wY?zVyh nU1? /uJU)lXZ|dT[&m:9Xyf_6H jKc#9"O{ v^ -Qź"_%RIjQ184Uy.0 _\O-qtgku/癇%VxƻXC:^ϩl8Ub;i|}[Iy('` cvJ/6O*a;jɇl֢z?j< (.ԄG-ໆz 1aAp>w-,hE=% ZY=xL6lk[qڲ\W>gSKbpi S |@>/Ry`tF6T_vכĄ5OQLlٱH`F"D4kUӼeH~gW~Fӈkˊ)V2 /f[X~zX8JR):)Г%rbuCI#!PCb^j b*v{rZyS,DЌy߄seò`+߫D~*s0UIZY30,,2~՜…>!bZ, < ~ճ~x0uS2BnJ12n}6Ԡn)NCbt?|6#Lʸoq؜} SǮX=l"}!i2 ivr[JNe]$_;@8P4:zc dˇiv<1{ #F~# @!B Sp\V#'qc]F$%Lc`٠ :J\d!Ӗ[ $õHzxޯeB.}.enB,bE{pD|[i8#SX$ғgxc#)޹z.DE+P#;ZCdxT}ZqCf6G$ԳRj (?ۧwۭO&<_Ra3CBKnJ**>vue8wdq;m֘Ք 4uS\vGj6|QnCLE듙_],؊;lhi&^;s!uJ|L>"nF}Ȃ 9*Eg(;Kp)?ו@7#dw\Di;[L u58 ;h; P zV҄:o)GPKcSiԢ&k>ij^UcM($BeRJ鍙:eL_2w"]Q磇pWo=mz gdg7%6>):"5USH"pg1HA!.u zl ҍh./`Ir;MTP$hgg /w`3ֹeX {B5|- =Cq (ԡ/=W?2. ճAȲ .EU )g]U "|A`DYL4bXϙ*Gz VL(&2toM ϯj9\#-wZѧ3ɍ櫆&|/Kaȫ) {M (hSڄ$-q>]ib5}x75MrIZ0NKT>mG7Ni݋]^ BvEcmN>]6MxL YofچDd ȢЦzcW~gc{fn^)ZZBd *Cύ-Z ݇]700ܜIO c- P0Y0JAIqw iEHϗ?:j8 r+%۽/G0V2>ԠF؞;IcJiiն,Is$q=mY,Q!'!#赱@=Ll=!1[n2.($ϸ,t-JH%*E T^ ,8h=Hfʶ5a7Lo6j^ 0Y$o. UGxMլV56s ƧE5^:'XP0,F $,wnto0[J>rH]#õ`Ǫ<8X7ω $> ܞ#;DUX_(G'`%|o]\ζ|tȟb+5Y 5Ŀ}Ϳg *8&`mllYFŮ؏\pwc RtЩقFMF *l*ԓ D—Y?Qk[b1 ӼhƲu\3"z Z,\?KfYKY!mb8n5A<\v0@Bд Y"Hnȭ~/0 s$ ^)|gOio "G,#ZjWQ BsP9 $ujW`Z$gnUC+\ "$Foaex`lz\}cw9,n pS{RiPPiXAU7#ib^w%r>@ uL$G!2HRMձ-MOGXi dP߉d naLMֶ0ٔ doz-~LOwqdCBIQup9ih~Op=8) w\ˊƄ =jMyoj\&.b1.y~A_]yuoW6] K i 2~'z2%OIQIZT_oU {<=~k6@5"9ԮԍaFe|.MJ5T,KA2IhEA4wZ`6,X>/)Z3JKx[-iWL 8<D^ (hYbmf;?190VlMZd> 4 3gTČBC )Ⱦ8jP~=h{]İX4YAH(gl,p XC nV:`ɖ~u}U\&#b ,5%B:e4 #ȚXҊޥʊ!phH79߮)U  >6_ܝ${iWф4_x}4vz4@T;-HgK":iNPnk8="r9&-VL%y)<'+--s:N@p6R[.|p=٢/aA#ˈQW,2&!wN@yrЄ4[(?(-WuNMBiƾ3/ ֽ|OXz͵8OAU,$QDB`n-*MQVϖn^Nx#HT9l7 $"yP+p&'H☟o̠I`X>q + 7ٻh> ;@6rHC:\{ jZHY_9pJNtNh q뀦5´:9T-eQV걪pm1[`ki۞6nzʿF.<)GJD8_>k኶zKFϨ2ϷV鑋S\ԯ)ϰgv]7!m[up![a`*!Eߗe@DN`~ӥ/CHr;R/ l+z#vK>-#sggm7o9վ;w dl$6ึدHVǴ(и09Rq>߯j̊ ݂&xZCXeT`ԏ+ߪ7c# 5witZZP3)(tN6.}dѤQ<|bHŦ$/Nw"5l$W!uY?<Ã+O" }},E/a?3'f,*nT\Z:$~?OđB15>cx5dz2 *{2# Y:E)([g nN_BF?Y]Q\p,ĄReD(PAチ3ESqfk:_ Ӱh; =L+ ?tu-QNr^ pRX(M_$,bܸUv:z}x9Ih UZԬRthV"JڷAavz[ݓ{|Hb݋GҖeuMF0g1UY6*/૧B>q}BAr r_sR @=%˸0 /R|C0i?#*!m^ sӕ^o<;5uw~j }]z ^@ ,_)ʀ. }7QW*Gqܸ([͑)6٦k|Wqb)k9_905aNefƂY*]BJvvyhZ!x|hwh `L%T>*-uկ1'p,(6w2ՠsjlDmדtƲ`G FO[נZ8a=R` i޺jPAgLWDz;t#]UahsMjQ~n6FGIt6!Twd漢*!5:ޙS)(%KJWH̟}W~wQ'k6k0zjmb7rHM1-l]eםI+HYSB+<: ֕d̂z=כ ǃ倭B uA YB9~8l&Yt+#@{O4PuIcrID*U7|$kZP_}ܤ$xYy] _fP ;}"ATȧi]GGO 5$&⅐ӬRA*|Jt*hBC>m*5tЇ:+ƨ݋ݛ+1l#=9U/DYz h$e0Jf |A`VY1t/d|yPǖ%·pw<:, |X.wުe5ԗ *l_OM,xxLQJ5O Eo++wy3^vOƭmtTBI)>YY4 *%H 0.x4AB{ 4b:TvXo0iy޻iz1iYz%<?dOCn[-5X{㏦WlI84l~JuV3tOdr%PsXPz˸B/kʔ#1Fn-:{ʎ::?c[Gp٩*ZgA 21ƻ>’Do*A D,5 y_2y Hl\NiJKШİc} I.Xz-.积m54ILve;>9 W)R(PzDWimpݬN>JfObL%kU쟞:O/Ef^N,]4*s%lt&S}3`c힂{QC-E[*~XJvֈ0+-\!wCBsAH b3 h{Qx%uMZ\ 괟OXz#ur[m)WnOkd(OZUci%Y2-\t4 l*Kgk@꒴n׊dɋ3MLV#(AD]X6Y\kbAO5I*'cjLmnn Sh},zFަUdFA\S_d_YGυˆK2ӠU;(5ޡ6Dz*VIy,№6]\5Cz) 1JIݚ1KTG6F 4lw>. _K$^mx*WA' 4% IwFT!:kr> {?keѺƁ3lzʣ,{gg1$Żxt[r~ vZRFigP޼Ő<E?|gDJ !a-5F;wƉ2Yjjk7mp R\<-nׁ߰kԸT^̤,nӯͲa>8aP-@g}<#?ܗ(-ȝ"c ~\K NhdaN.qTcoQ/Y?"{SŒCH% /.B2|3-M5C2h~6qIb--RSq^y0&|m jQg>%tvWg,#?wXg.dq~<<. qϥ`bv1!RМɓ_q.%#vXõ)ns^Zcm0n;׻Ll=SOl8߈a_Df`uEh`v}PסVy@fkG<:H&r^rX&E7G#K =ޱG.DIC6hW=X>Me\8AS@sX9/39fGjf"Ppl0*@f߬2$,f%Z mSvwxiTSjn7zCn+~4 E,ڬ{; T&!V gijWo%YnE1 [5x/Sug(٪Sn6 ,7 `:h|'IC57_ʒbA.@x*bU&cpw>x?ߎƬ2\wWD 78H͸B^U\jM鬰l 9t*-j6pRQXgrA@sy#/88H \vrz1`zcBc_h 튖"sK <Ǐ7s3(N6㸉y}`fo5:{ރsʹ[p<`܏詺 YT[M}18pW)21uمCXOG^VwweH# WJh)}7p^՘ f&jG b6m~):J=$4f{ն[s{JulO|yÓ/F2c]@Wc08mqa=j7 $ܨ#iX9qR-/O챤i]xxof96 E|TyA#RQeAXR)8S^@(ܓIMruRt>jGF0uh֌Df|Y9BJ9\zRKٓL6? D&N]+|5Tl fת2ELFIq|{ N'>W*+vh[`''ۈR[?c~Տ7<ҷ771Fh*L$qZn9̔x 83JGEd , ˢ jhDLq8Y@._VBx(v JzYk[to{AAHuU^6=IB #hsߵԹ_P0( 56&F)8T11>'YkmuȦv;0%cRk_u,;RQis@_D'xӱd?d@.\ Qܛti`~Z)ZHq^ 8c]Q CtS_ 14$$5%:{챹%64nj/;<ݺZJ/!ZV7pTwEnAo8R?m93`j5yҿ"]qPGi >h}6TD3itv7[~x#tg h ]k,EE$VS' b,x ] l{vMlq9-;D -R^iQ,=$ ES] j/ǜSjIcHJx!DU2]]=n|Ex4zܾ)-d[K7>% 2 hTP#@M"~^ox k{Y%xK-0A%3mr<"0V&-c 3I0Il$x ], 38Ծ8Z,*,Ä(ނ ߒǔ5oDZdyP܀ޖ*~ML9ًPYY^v=H>202nzYKQ'[.EimFƘ|dlGgɧRg S͕9rQ`@Rg_?bbw%'a"qƷΤ09 ?gY룔^7_c,(:M-]nR{wT]i "<-o+Wu&(5<%4tO]JXdiRV4W.ɲGQֲ['̉aPV|f鲯@ܚ}u [V.T_ķxvxۉfSviĖaUM_Xo /yYtS쓫NN ]1LqX}S5 wƤ r7Һ,$:\RyvffmP9^/&Iht2a^ K9p53o0moB(aE@ #LYxiڰ=./5ҹ@},Ȳ~v,LI?N6K$2ϒlh%uO@"/Z{zOaF /NjJ#Dgw*v48W#v,#X$OмZtkPi E>Xޯ ƥ*qO`!j" ##z"΢jDxx VllƺU9C '%:Oj~9w+U=jFϔ'O2[PRoRvmΛ5 i|&GU,&9+%,R۫TQܙ'yBObߣrcBt"fkt#uT_7x&Ԭ‡0Y+z֙1&Y[NY.~һ;c?7v@'}Z" Wdb WEKl9":oLk\ @#×CWB[Vkn&4H`DML) ϧ:ƌMDxmIӯ-8nKi]KZjEY sـ. qkshxԎ'#@4>ORxO5STa Po & 'Gd]g⋌$3"ET˚^-F:SY> ZKh|W"|ץI^H8# ]ﳳ\:h]љLiXl&iM.'&] F@J}{ So49)65ow?7{CYjȇ(t8uL%xj3(#B@h#`Sۻ!ukɰM{$rGbL0QT\ g5,Ǟf2hoJ\-IeǤoODUN׸_V@-V 8y/-aCnJ)_Xt6a/N\ MnOZ6w ̡|e'l2qu|hc< eipÜ.)xt-7=#[ȍ^w׬B˧#}1'ax T.ֺgy-#fxDv7 fĄ\YE+}2W`mS!?S z"Ԩ§$=|Z$K̷h {zz8@>[ 6dcpYn+ }0|M,#mܕ w8\ D# wf-q$nSc&ΗQf rC+ۓ0(%Y}D,mɁ6JluTp*/.؎Y&ռ!JW[$gZVd-wia%k bB 1`k9A2ZĿ3" ezM iM,|'u)c&MJ8WRLHRf!bVd/^WKy(ia'iۢ?KG&@# {'(Yp {v_x !ށKrIʕiޜG^1wc8̈u9N:J씌K:'zGƕr jY!_fB^ o)~-O"P쁭[ x .dWxE&Y2)drB5sJvC[[쵂5t:oIS"t\j؂HtzlOs3ZО6Ol]Ka^ 75Zx#}p "5߿\,߿,d,OAV5Gi6]* s eQpcN9F!*U.hܠk OcS&ȀI7*^XڅnSZ8θ< ?WMfk#^siדPy)bԗ Ly|"K]e+6ΘIZ\sa,ڱhk # r ˂DB<\34aL='DjԸkԚ}]梓3:Sh?6z%XFd0ԼuBEbk%/k@?[_kEՁN eU쬤wvg=;lM60ʎmr%Zli-!(h~Z@Z]f5- ˑ,p BP]`ENW͕R!?G5(w6L33SOMoW2ƾˋb9SضMcxNn%pN &Ú .q%3wgpO;x[PN@cn?fpg.d*t,UF2y]DyUL[ߎKȳ"qsА+Ai9˚6Z> rkn<ͬ &w FHw/S~`x?s,p"p,_dg-W觐5%|"e6'LCae-(-H>[_Q==hcn~.H^: R[Ljp EE9S٬i\ָC M\U!ܘGNei Jrɭ(3McKXjuxmEhذ\ͶcߎW{+? 6Of)ݪQ&Ƴ5CgBV0O!˸K[\s4 tɑЖrU駾 4X@U!9eE{1V24O݋,n:b*SLe 8\_g/+㫱1-kCbB;ַFF)2+Sܟq|nѿhݍOMY5|&0rפ9n-m#U,#ɑn P]Yes\)(=}80,qUJ4JR c:MŖ&7[Ur F ڡ}-]v 郆OYO]3堪H2 j%p끔 H6s,mgq oacb3~ hdSb7 @HzUbo3l ʮ78óTiIsrIaD'<([a'~A0iKad`T򏡂ؒ ̲GX(];H|HTzNIY{a ]=?}YX5XIfr͡ɹlv!)+9%k51Nje30)SÈN昷T.'N^H߾˻3Ƕ $kM=P?It6x)Wc%7x'\ ;+I$żX*D)XM]{+Cp-wi-@Ls71&H(a.5l~Q4ɪ6Pj"_G|l&,o$7\Λ<{aQd'YeqRU's>1ﱥVQmFrZPXje}`TEpmQpGʊigPФPhs 1!i5bu BѾNj0u{m$;TGOյ0=IAKLksq{MG̔ud B2G\lPǙmZ%ciD rĉSђeX[ڳSIqTNAJeB"<Y/Cjik}NUȕ) phJĮdl p^GqgܳEzx~1uHishܪQH=Dqh "^%JuyGyMdQU&%C>Uv? C uCU*rqArfG5Kec.N8\%3pk}.**PG+pQSXEWl!Qr PQ9{z"XuױzEi ♷t}qRSmu~}8'jn Ј%E08bo 5G(Po}f<9̋#j-"a4yd+Ѫ#F+M P:ڰ.R̪Sxqe0ZlC&J)à \j&mvVBG$_ 6[@(}i{`BXfUF uinoC{P"-j4.WxO#Qlq>I>+jE@^ǮB8w! %pGU9B-OG"QvWU3L5o+ZZ> r^2iؽY]Z]`+a(W$ƒ J5#lLRkB.!yȔsu8/Ll}Lx*Q:ґ;7e9 ^B3GQ ?u|N8687LxH9˕xKOSLTG+R?&cx4w2BqDžbm[<+~\b;b@?Lk&b)t݇b?="|4l}uM#`WLY δg NH5E?kYt]#[r/gTU1H]* { z}p J^#}Q0- :./ELyM1^ j'*U1ޑ} Q?d77MZ|=cisteef~O"C:& /byCщ6p93:u /dc[dГV}Ȯ_2g - r!q9W(B1('ε68;BMNmdQg~6Bq^ _Z9gZ7xv9\m2@IlFO DK7BXp^5層-BȷFLm9y%j@Vpr۠PZ-]3"b7_seebx%$&rt9l3҃q H.һ}Qd1\i6ƕ YI?6 ~T棽E\'G?igR#FXs/k5l=%'PTuMF\*y軝2yr<*7cxe b; AU10gN g *YōZho 6GT(,G? d$0 bIEJ>.9%K^V^>^iXOGv 6l"*'\jHH¹Mg~dNr EoSFkePXMG*߀CA#rG?~" 'Bُ#\ްWB} ֽ~:4*Z"l$_ `3现^x]=5n*ER2FM3EFg6MIȷi{F\489ר^9F#y}>[0{o}7XlA~26q:ډOr*q쏽}T) 癑zxZ!9wVx}7c!}vuwZ-TU\L]3 2 |$uUl+;ejEi%bp]5֣o?w& T"oXZntT'~..;%gG2_NȆ(!ϒ0 AFJwv əAѠY\;ѻe:ʩ͟߁GvXw oD|D) ,u`x (oo L>~Sb㶲<1͈>ܖX E,1IH3pmb!\i4S#u^&p?☛KH%fl򎗼\_NٗH/EG'/k揩7#|]oALlи AUp#+0`CMC+eZacFZ .cgΙc݈ދy?+ ,zsG0JLMR0YRDtB=}tv)'B3b [ Ke-ۦ>DVVڤйad=y+ )qn MO^M'⡢#1&+>PL5fVQ i?w*csBTECm!ovaI%xyDhqĉȭ.b.EFʁM? :[:MCBxgdԘ 7|7~%dx K].:t]r01s㕀+C߲.?N^7 •qD,Wtgr/v#ezr3bπ{ ;Яz`TΞqrՊw7lQ\K !` N3s /nezԚ OKAC)%js},p7GPCǠJϔ7\B/KQ5UfgH] :;oU I,H:1|*U`'yJfӎ] !;_wT_,<8qUC'mh ^hAt8T 6+Ȍ5 |xX*2Ֆq} n"ې3$; ?x/I؝S+X\.OFy;ςn_p[[#^҇iV"Aw `Z#9C!R4_땅Xa@FN1?y* .i_Mu= M8.:o7~#d- ~db촿1<43ك)RԌsqMpyx Ku0l˛,NNWB,A:PdƏaw(94`C+A)Noݔ>Ff^fUPbklQFEM Uг] (N#M6<4񩿍F?'EkGeCREN+^@{X)i B=]ng'IFC.XX}P&= qTs6ZG{p]l*5oPM+v-r~dc1b. <>!evn6U.eqqSq!8xE8r3A9U˳fZ1Gavc:$Bp $OR zs< !sEvgE{_ub{|B8?Oz\KXWspƖPϞeGmkrpB< nF.Z߉ф}F,:<%1bޝDv1G7jPXקɽՙBΟB֖mo/|s2-XB|sb'BJ 1GB1PduLWNÀU@(M}͋쌁j$ESkR"NTn*8dʨPe]iۗ1Fȹz t$:鲚#E8;7$Q3(oGm؍QuEgn4`ʦzA{(d.ȹӿ [PVev-٨-zc8)={[fjޏ| sHVM *j:v{ .] A,PM5Vd ,kvv5 ձfCIA.Q+F)Ų%S^ޮN̋kN.ZfNRX%Nj;kKL5znAJ,68!OJ_fc'h*{NMURZEvQoaNfyw\"e7:qQpYJY@ OoXcР_J|Az2eHw#|P{.0vAB rPS'WR#/Mnʋxe$bnʨ@V7p0ֶ"PZgu6:)7 '&v&A3N!\ ",X@s}R1)|+M S0V޺}j 58chy5H^꺝pϲֽSBebX!]^?3,ȂnXQB'зn+hN)&oGbbIԴ3x%i}O/׫-_. pKkMZp`hRbY/b!m oCWPn*xup'6[V !aQ[b3q7}]s=͚(O;[{x)ߧt۔ (Yzg-N`#"O%P>\ύTbq{G*5(f^Ir ft3[dž e3[Nh9F`V^!oW yf^<{f8kA6K]^=q4N`fbR*7X+ p[18ؒ[%)ubk]:$ݸAq7!|%."}A_=)u7y)Њf=qt(f0doA -/b5Ak?m?Q{fuCķ"`/40>n\NO8@}[,7^z8LJu?<Ɣq%em{2@I;V XmW̧ 'M0a"wֻѸTyiׅ8*38nKAA1Ej5oltJ@Х՟X (d߻Rv 8a|XطsÔɞ Nv5״AԾƿp=sqDM6g CI k:  M#{~ 7/L'ո1kIqG*X6l鯞pJ}2mgzlLM@IcEAןw7#zeQdEn%znrNd;_ɞ20 rpNS2 Bce4eaZ*Џ۶-q2N ;7RDpo?e|ao>D[kʂݤaܜ\7J > pKhI%}tlW+KAB/)Yo# 1A%jU+9@ ;KA4XVLNgxi bu&]]Ў{UV#J1Q/1qhecfBM6b"wvB†qKV"됢CI P۵$J_Ӻ9B`GLM4te}ù p:s; s2 nڿlPUدZ~%!v`ñǷr3&˔ ǒur oj@@"̜cgZVtBMjH՘DYay(<{!]J׼KD':jl-]vő N=Q\#zoJa _ye;ԳmpmBOs+3Şb~l2s1sI |*;9Hl:%̟dPXR؟& G:Vru=ڑ&PZ=jYpƩ룢#dV~jxUvXr:Աd:;7>Q_mmԱ72xfv)Mm!5hcY=S[LZCq86auGQ^Y29.*x|}l!xjG QxmaT >#%ؙ&[R&W>A6oFj6d[ e\*Sģ;F-S;rCF vO*]#4וXأF.Yl(|Dʹ8o=Qk{a'|"GZ~C8{&]4Gi}z59T&k # QM-M` K߻4ĕƂ w'I&]Я|]瀤 ۷-ewqi0NS~ï?ʦGH'&+4m+_2Z=X :Ojws 0$8uIlk3b,e&^z{ _0*zJv麁~D4Gq )3>/\dhWTC7ïj+8܉|oz2i^mNA2>:^2rgb3SM2xgv)+<ǃ+ܘ2!ÒԐJ#1egʊlf> ilG젰y>Hg:ZԼ. >9sH{]~hPL9: [8k\5UtH`1$<B,LԉPػ,,ˇs V1u(9ՖL)WtÙx8Ѹ/ߴU2H8rnCZrȇMGpQ^ڂ`eEN̒ G!&ŵ+&ٛ0_7dO"cX[6dK@fа5Y=\u4UDx  $!S 6̂zsm^ ءŐAr$CQ?g)ſ)/ gy,W,RwkqBIRj83SI6Lo.q 6Ҫ3wZCʍކ:HUwf|iē OG(輚hc0ȖQٍZ( k'ok'!Yr}dM|=iB{hvE5aFB0[~LI) 7.ٟ]B&]}9/1'X"m< R7Db|=qJOi5z/خK}Gٲ"b87g7>?1g˷0?F>jYٜneؑsGЄJCY~܆lq>ObҼLqJ&?鸔V2 pV8BNk |A֊Uj' FlH"f,ت\&'zb{o'`Dp wlE|V=a>8Z3lfp]Llnn-fe>bY^uiXf\'z1La9LVU ߍvJM O_ޤM9U:lw"f7 '&CQr!Qbs/dh/T ? D9M9^rFԽJzWjcy_=לLZsVWl9_]Qn׬b`k kx PF!bߋ[6XSe_SIS6I^FB"~ ]_/c!b.Zfҁ#J(,9ZDC|kģFGKK՚MWyڋQŃza8KRCjK.}M:-S T(NCK߬1F'b ul+9zA}ҀE~oWmuYW@DoI\ j 4@hݟ {88W oCKn#VM~~ESVs mw<~? Ъ9w.mSu(I`TT1Vp!_h1:xR I,crk`~A&g;vUVTys1S5cʹi>)P'Cַ[b+:5|܄ܜ^ Pj{6zܨ׸^K󀌳XCf_XS,W lLpu1廌LE  Pr̤qah ;Ns I:64Q$>"K(P&lOfX(2/LQ,H$5|?7$ɥ,9gʥLB\ 9m4B$OkR{.C8/ƑW|.NƋ㈛%[ HJZ^U=bHAYQ|O^%V&?X7wS2zϖP{XMYǃ{~ߩuL?#'rvΒ}9EeVg+J]L x|X$=P!P>Qq:ߪ6_Hafo1S&%bua{R+?Epˆn Ee.u"}Y|HƒV&u]ytFpYmLtujXU>k5 E7}!)4uw<T:&X} 4 k3*9ILlCr Drq^\de r`;i`~#vpO]`FEk4ګ`mQgcOP,$tsdCη( zdCᩅb@/pGUŮH\`e<͗~n=](Aa{K7YKFuv5vkWGßD*(]x3; ř9h Z!Y(+a G&cGk%mÅ 1ٍfChjvn@`B"@m"m6. I~ 6a0 E$i_)ɵ% 'ɔ s|4fX}=* >1'_ B4] + K r k]JkƲ" ##x0{7񦊕PP}N #Ky{MPјg;R1 IOgp7l_pkALƾ!d CUiO;O3(&wUbPa@b5nG1 Ϣ@1 D77cDx+Aۙ/뉳NYHEM]Cj;Ȩ=!V(O28hs_݃0㞈OP?#םd|JNQvNZ687]O.(Ft_ e!fz~(nlD?zWKt_ d~~lҜG#+;u`A8'HIfCZD|!Vݭ%" .v4%n~0eڐ.EޠnGL!`AnfG!宗^T2sUm"ΥlO}8&=wj?rpy5;1lqѥ_̀uO n5D ;{Q !eQ;xKYŁqڟW%ǨC #W[0jGs0 4sK'f u1`D_WooMEno;`儬CQ3Tj66R?Ί@Ue"|zR~M5A$lnppjj^D7))(cs(8GҔf>*( +ŷLgQ !ϼ3+^5@̩-hȧG.N3Vo垲эxWqUB:`DنaĝިSƇ7 GP#}?j0VEG=ÐXq4@@%ɭHϜKQb龅ח Kz3t>Ů6lza)Ǥ9RW@ }!%~c91-#)zogFt(ПCT; %GJcwuVfL3@ڬBPxe`$h`>oLi{Z4%[eL0D 2Qpv/?+1I摤 `0OZWwƴҿ`t ރVDžgr $ sGNWGb<9׶tt?!Di:ь3a[2lpgRm{-a5H#K*_}08\^(@ΦCQl8*N(ړ(VM7T(fK ͭ,+O| ` PeyJW~`"DCC(eJ ܴ@w" +97`{<1eǎOI b zYW# Ëebv\KL>uiM {0KoQ@SL<tE[szȝQMA;5+Ѷ૵\v3@j҂rş"Og#h dȏ|C'Fr*,JbS* @P:o"R H8NjoU "¿˷ڗӍ%"BL F@)J<|hR",E3kJ Vȑ> 6? TïY3nb4r4j[[Zc= vӃD]yIN rX(=!plp^~ ~Pf#OXHv=I)Ђoqu7S%tNbsr}"+{.$V7+S{ (g>PW{_K`^aO][ ߆ܒ6E;ћvMy!#)㫊T+$Ե2eV*pHj/u:P_X\o 3/,:&ƺfVL,6S5"4uf'anr^%@3McN )ٺ Wt**sYLs? mlJpKIz,iϠ8n)$2;*6[SEd]I k8_! )Vw^*d׼h@^̍gD֐*rl흊_"[j/2.+\ja)1DQ=)p7uSy҉}h/pc1eDkpN'!ya_*p* 1g%`ˌ͸hRLCca&ޑ;X~&! tWo9(A3y }Fy!~3Î3/wQ'TਕL`ڎi,a}ՒKG` #3#мP~\2F7t88V0j4:UnTi sOqL )֣0U0އwF0{z5϶@s=)86$9s/+?a{9#8x5 հɮl ?tp})S앶sM>$v8*be  뫡=SĻx;Ă"E7` #؛`bLQ٭mWLyLVjLr\*Nʹ<*D<3/fZH4xoF^V! fVuZq {BLjk!%屠4(SgZ 5="ͽ0 ź'H7n{ eݽg'_C)ܽMo 3e\a e#! [@]E;!ҏcRs eCƣ{E%VeLKUaw!<{g?6tTenFpkx!"|t9^yixxB D5GM, 4־1{nj)HfVZ?!/G¨,)%ԕA>"d~!ToR|"ep8 [QU>Md4d!P[*w#~Q _VIlFm;߄w\4i37 S48`2"Gն{'yfZbW`b˄7KR bCg נn$ Ir)A6=VQ=^X=KB홦Fu,=Vk_yE<> /Q (m*GQ_Mk6Jݹ՗-|]} P)BnO,( Z \V8D֒{D[S 1Bաr4žG@' |1U@7īfwu{ɥ=w'n1=cvھ5f6{B{R-d ! B-(BI FǵCS/9[- *Ndla d}cWPZ\6r=rVmi]F01ikA]eͿpqLukDvWMQM 袴[LPv 骊Tl ^2H>ЮG.+fhWLIqCfP+zs`H1"6}%m79E;()m1b %P^TLY^#ҽ̜{CN5>=L= C]?Ȱ$a|@+tu@ Θ9-:ZADgJ⢰LN=k% ̰mBfJϦNitgڨW\@y0oީ D{2p3RJ!ldԆ;җCՒ ?QN IqNo4pƇzFՌxBq~~gV,ndXM+@*DWFLh7%&^m{+FT0pL?p/{Z2ᣕ")>a_`%􆽳j:C[eJ@Z(& (s(r  AJOQߚ$; m-4dT, _@&Sa #pH\C礣sĢN6P&5ճX!׊֧5ˀv;Q"#ޏoᙹxs珆V񒃕ֽÍ_wOl)lB(q*\+^ V"=(-#1DfRg8“yᭃ{ypi2vJnj҄xQ[ 5o gL497F:&5-YRD`4h 1!MIq @ S)Պq0ִ35qM";h $74$^^ yU mAלS/AY@pHl+ #R00nO9S6$ʤZno{9 p) L8WڽX:bL'_v\E⇜Bȳ/iiyHJ<}0؝h}E̛63';'2*9<FCa I|1c4jFn0)Z~ 0:j ߲ uq>($#zdvFa Fq]3;#,ڽUث m9ZOu_Fem@"PAly*l3X> zA &k".8>zZ*t [W,c Rjw!4W 2bH}8y2{u5 }{+X%S$ ^='>!zwHP-uz OBĮyʮm#j9e-|3 sU԰!Zs #9k:O3PA5-7g8JDοoz3N5#i6m+>AXs8}y3MvIh5~/y4#+Ѹ搈*eH f%^S&Uس\jQ9iLL[}C$3Yd_obyG"Rv ~7CC[~F6(A*7kfv3XvF,^;^mEE!]rL71Dq7f`-T`&vP!j6TGG7(ɯOmh7>87x.t֣P4%q@ @ͪ3g]mYf},]^gh} I;b1ldhnv,d*9|TMJ%;eb޾❍G0 Iޯ$MiDMy4 8_Q!Nw=2'T;kq_Wzlfh3=.0jbq~ =:T%C`è q=p @]XRVl~iT,tz\<,5UfŦ|'<٦^v\ .-Fc11ZbY-dz)R%_ nFH](TPfn/V[&x+!/̰x2nqgtZ71Ngu}]'ϭWUn(P@H3F2?<} }һ JbDk,'nYhee;qdk:Udh&EiOizdQ

?[^e;0բ/WTc߯>ng}pi%Arj? oa7blgORhhn85Uҫs"تZFe;dz,[ci*Duj*̥3n4c,Fsa=䰽zBR@xǂv#JEjMڎ*FX4ǖ `^m)[smP*oܵߓLA.Nk"a=,{0(F8$jLj$ǏG0^zЌ>(am7Ku~ͩ b#ձX/O8ꑶX;M"B , q77gr]n3BFÙ|xێ2ReWbv!Gc8u-n< +x#V=%@J SH7HRJN!#?jኻ17b o噥#XXOWԋ"]ߌ(U $%FZ _I6e lĬ[ȭn[hSn)GxYs}AѻbAnyI 7j;Dlzn7PhR9avؗ{JǨ?-rIKtGVP.~i7X Kq4:ʆw}/QHؒxpdy-0q߄qM C=DT#˔Z5B>=IasV>qPpx)3 `QST bwyPZ&ӄAvcGo\}~'fԴU N0.D.sHX̉s" h/+/؟(ݜ_QxDZqfDv7W e>y09Dd9hͳ/wŰK :kB;(:(=rnN݉~Svh-Z1-3nދ*ntWK1 Rj:,щ`.qU7Vo|/KJ 0S JFiEm@X^y~m89;\~&x}Eg n+@׵0N zJ(agEyrdM=׾ ["K <Q -輑ï>"1j-r=١ hHa; AUзݥwC|Ud<(ԛi211pY"4Y $Es>  L݊F sY4ԧ*nuBU=',#`(^R>( 0`Ϗلy|)UaP09xB%}b׊)^~~:!UAu9= Gã;~B;4R#R}RmU_dn(`ฦA2_+]d[yLY4 B2=Mi@_kf42[G0[XoG*5+ҏ:A$ܹ&C;UWmbb[:o3Di"0lµ1rp4oҫ(mBݡۉk+#- H$$xPNtJ- .c4_a[<> RN\/|5 1b4< jΠD i5VxY`[v˞㛃+i!I㺄4Io(Jhpif̵]gF#xݧcH 5U=-):]Y~ފF2mTQɐ{M!Y2"]G}BXRbF_3QrHI*ՌS DxJ4̘x5 ˂ :Hv SյyRK9,5Wu+r/?VS?D^,Ą.,Mpu;8i"/ZPc^kCIs zPll}YOa.u)-1i$#\}8ͥv_}o$p`"ݰSp 0L65P^lDs#SY~MsrmSTվJ)ߚf𥹧pJKM@d fnw僚2C\߀8" 0" !ؿе[\vyCnPs.t[h rt>!uYQj$pZc(z wQ\b'W {`AgC`0.g5p SHFrY.9R)Z~i/.}>4ǸUeNOg ֯_ƚmL6%UCNCڌ{a}#*Urk܊fKZBK'Z%ed|SN5ĮKC}{x05P.?z͎S/|9D 8*=})Y"'M}_|3yxFFga}iE)uUgak8xY.S^䣑~s1y0]UiGRn}s׿ XM"2@:y"b6}CN]IbvetC Q9=5CnseD_d} PM \m[Yhs~ ?xcK %r:yaq^bQ ;"k;g.qKTO!-b2T8ô65ǜ'U;Qm)%|\it,P7X2ϹĦ(+Osc&^٠ WyӯMKε!Z#`3m8Zp)ՒXB3*Ȯ.G֑vC0@*Q+Q²/Bh|TE?|"1L8rt S%N+ї:s}}ev8[`p%|$J j$\v& @۱pݔɈsHƍܟz%QjLpf45ښ[Qln):bђ6W"uqD,mY0B ӀGU.h^ ] ޥԽ] Y]̠|*Xy1ba ȒekA(/s<$*bٌ &z jY")zRXD;ς~+ki.!$Е;ica_V8eS'JkŎ$(?#-a6ܸW`RzFe|?5Wkt'_?8{]}@EN#|f 0?>5&$lXG =,˒Z248)~UŮNa`3+?fY1&$a"XoG&1nXO6?836 sL&ڊ zoq|Eӫu=xȌKm-I;S2QhHA~8o\OKI;.DtaLzVr7W Hc-ل|RS+Ì^셄㻒D2i.s/kR%B&lsy45#οb -jg:˰bّch fn$.Tcq|޲ Cm~#a4ܽΥ,Og<_I!<1!f,XnQ>Vy9fM3309 dY`2 >Lg`Xf$?Y~}|'NTۉcpnK&96Vί_w/-ç'ֻ'i8Y9|6զ_ '@;75B~gk1BauW68cex L06@]0NQkFjBu3vS ‚XZNCh({ sbfmf*õSZ92.V#TbWo\J,"5n٪|#-Qy/5O 9DQt*_n( jY9t+$gmlgKA y (_= ;2[=2C(wm~-)Q#5^T]F<7bzw5s0L(:%Z U ZѪ)S~72t(1aB@q4FF 71^LFI P{56nf Y 30MQ5cZs]'IUN~hi5؏J0<XNn.GOR>mvTI1(Mj X0rн0q:zp̚hAC>aMi)I,a4gko(/@+~JSX2y# AUL"Vsu7 ɪ!dBvɌ#☄ qAO-PȲ[#fx5ԖݖNzi"sohS%,[{myAp* .gܰJn )aBڱsI;օ^eU 7]1#2GŢ؞Ew+PFN(V;q='X@^8<^62;K~Q0drHY4*U.IՕ('N M b ʿE¸bo&:I% URT}ќ vWmO!N>LJTDk8*KxDHc:+qK5-nj2|{2^[Gmjb_~zm?T''R8üܮۇmd$fH`S;@+SaQ`R` aλ0@.vUdUp'?Й}a|G2d +D~=!+{{#N7Bl&<.b[) x3i:5y0͘x C]$9L\mɩrGEz;sqcޙV%Hy6iK54|FDj8|dDVH)K0!fPN XʚVԟV)HcpugZiվ!}&YZWZt ͭ52ߚ 8>U0Nֆpy"ərn}h`n -ip]c '{,x#DvIN\a{v /0x1t(gˈhxg񷕅KK" SS>|R@1:EOJÅO<姡"Jͤq>ՇѨXǹ=˸_@*f!] z2rp$h2kOc!WKr 7VGZߛHb〔ct=3N=xf#"%{-Wk}PU5*>Y!]Sv;]y{ FavkCDg9- ]|I>^ L h\&(%Kؤ$j2}NY[chK>hB>Aҩ0W%:VF ?'(] ^8AbqWPl1 }4DŽZ_%AxͶ ͬu sBaˆX')&噶4茘cQNcr]~"p܊E䥚5 a}VV`/I-)}x۔AFe7<- ?('ڊt(nIkq;(A9棗D~9h2 0z5\ÛMT˸78$ϔ40zU)}M&.''O$(]/*`/ݵˉZċ-(F[('㫗PIP<`~EkOS1lꬢ*ևh ^`Ge _3 z5ҟ~O +|=yXY3.S>1c!olLm:ʇvXK~xLG{HAsO%@&Ѕߦ8]Q⫪C;ď;%20J2nުZ5&8Ilad83De$O̪FdbRYh ⥎4wAtAA5#sU|UТke摡Ev b_s3ŀk ʐ{)7Do P| gUbB39g蹿fN}Jup r_uU-~ (wmp!n|Vf6'1bdYhf7YWW1uHY'}C5d 'ʚv\g8H@#L_|)YM;~sH 5GAُ$;KG1#Bk+,ɲsF9yT!6`>?ΰӝ^-"L>dM^'; 1DT!~Wjvznh[V2LuY9˂dLR#Lc xL GzX /hroPؽ]LI$4quz(J u"CC Uی+ rlARUt7\7PĉDɼJ]=-֥S/Fͮξ/  ^˔0 ^|)3`m%[wkyBP 9*IUm( C媙\55@#[3lmC zT3ݧkϐ4 g-G3 _V+ cR\J24üӰ bԲX5| dI~A4zx]|Lڵoܐ3y'k; -o^)PK6iHI=20p7EeQDt]_p4u k^rr"/DeKvp!+: ^{$vyk+:N1RހR4M-5پbi0O5?Sl͡1:j)-$xrե@XZ涘2`j%WmѰ0_]T`X4x\-W+nӫz`O K`e;=%}f)K=1lup_::S&gոXZp$nk'}sR~ L}.ƀփ@2O={M#~ :TuX>b+uX-MMv#.~5 a%FzIB}JD=j'"ojvPP$5 6k;-P}7=:Kl}3 80 <*.@`=x1T38tVՃ>cDF 3 \T ER uTyv7J :_Q޼"ZI8c$TlJ`8ݡ{;m$sko8K!;ʞѻVVzw4ܺKmyO(df>۞s 霘C˩&OyEOJbϾ6Y%#ddw2[h0>JHJ&KȜ0%ͦs1ygl1)S:[Ԓ~l#HmRwZOZq. XF|äNȜup;ՒhV;˙2MnKfHԑPrp:@CͰ*>;:vtVWˎa oۑJMFRx4:r d~Rib;ָ ;9P_BUǬ/1D6sxWDW$47D"HqrNg~(ȗ)FdV H35p7O0hC] O`Hӈ9̗ =6D^ 8% k-#(ySMM8palZGp0F&!z>98b:&O_LSL~ZeMf]~!y䑑NH㞼Xv M/?Uox}A:Cq$|&fYAHE29;~ w?`[s}4zQ;TmcRyx}f#VUg< ç@´Ŷ,K1Ӭ5UfMDkdW}mN^|ޮǠƥ' ѨAHSyX$ma,P:]I(,gZsDӖvC5кY`n'XVZFԯ-'rM0dϼI~?^ֵ'1Ua͜*k1-`e5juOO DwċX4:g(qE 'Qw2}ܭRNB˟k37R49lH6PXt [cw~djetp8XI1˺ ܵd)ASQ[H.;6屧7VӽVqA2ZU^8`oېbR#LTf1z$sEvڋ>䚆C|3XŎHp~-yBsv-ek\&Մ\3̇ %(9~WkK0$קOzz>FuaNdTfӚg 9O#GixA2d'~8:$Yro6"fi-=4?{y~! Gԅ\vCe0#љhz3;u^wp\j] }9|zw>?_U-:jE:Q&'p28dIVqso&^tK8gvMf9CQ%?p8ND)mٯmI,Pr Eɂݥ2Myx EY)`(ij.n6la` ՛AziLg(vx%oP?#[[>p AVj1lk$ϴ᫺ -~N!yYW,dL Î :-!4r/h6NǬBqAb!v9.Y_< }fk`ɮ֨*OLL;O} (eD?@@";Yny;xIdTSf/. \Eʩ=`[ 6YOPc mkQZ]LJ8`dڪ5&gd5|p(HJ,f 2쎆>"4$/kqY#Ğopeų]dnZ~Ha Ф,| )̬QqK"ő=3ʪ̏!-ζ&!S]y#q.*f&P3k ))5fjh(08)w#aO"Lo&h%gR<5z!&9ʼ35r qrKYtC,8YD&siu$TL6!@bVh[-콀"hdYXГAmyC}3g?s[o&}s":FU3WהwgpBZD]^K^Wfg羐KhݲPԻZ9$TY+ghBO#F%Ir VrD `Ϫ*/ĀYV*nkEglN*da4zzDDf09z~B2XU)ŮwugsAi>~7% N.HK) SkKZmmB"_n"}5h4yJ>ز!MwDh;7=ng(qK%ei7&1XXU1;22L`J`;gqٺhOe^!-D|kKX`̢bhPet%̔1W(<X/i}_N%YL1s5Yd]H=g[YR5QlV_qd^f}A _GE 7:]OyLxh@MB =k[Rkz `һZ?ZmƑf$L fsp b;0({H[Yi3ѷW+^^i.~Q~-LĈa:kjg!BΚzjW*7{L; R0'ҜoƼQXWnHX/`_H;Cbrc5b漁ܼY[ b5lkw@Aak s6\ǞQri͗Vp_ f,08;D-!. M(/HQ<@ y)A/xKb(Ys~Hӱu+eR׌+\@'>]>Cssjw%zw2\knܸx4 Ti&|C}[ +!EA?.I~_ӽrM(8[4!Db: Ӷ4=Z}dqƚx٫  ,P,ltxDC]+p,쭞ӡ{5W* wz8?Y3iw #h qxcNPw%UpY>(W/v-ֆ.]/DOoZQrfM&}bk^C/rg ,,R_}: Ȓ+=XZ8;rF #I179SfV*1EKdG{SKF$62ɣ33`bB҉9*GOb Q+gX2$F8֒lp h`RG'jѦ Ԝ ob?7:Bꂜ`WL "E@FJc&Σ,@ʁ, p$*~_+*e/k$m1Ɍ8ca¥Q`x/'A1ܮGDX: 0!!iS5~|:Vc['R fn˭L:iGNgSs3Ɔ6t}wO'DHUcmĽ )cʚqA 1$UW˪ey F ȳ_\C'hP?\KT(It1t4;VMhH-z_%d1ݛۭގ]m[(FaT.H,\o';RO(2")&3([N'*7viCiQP; sWتt|itP7W\7 }c)(i!~ۧjz8I$u6) c<̥3hbC}S+,\;+u GbF+ai vѨ|K2yE䑣kM+7rFn1SjGQXSF${,: u?RIĝʌ1GؐD03pg8~"yHBc)Αv7gyy\aq@3p BTt]#QSurZK=E`hP2MTƴɛkv:HįH]HoݰRhJ:~%mKYݢ 3ߣXԴ,;t50Yru؄[ "`<9>8,y]L~sW*qF[(*$j`̲">}ȋEzlxK;:R8*"['\'T&[-r"v{aɂGѩp$ΈKX?|N`sMpll4kӐͯ"g#O8Zx;@VG:Lp)l~tvqr >{%*hԚ#]\Uw S@]g6X6(K"9(ީSVXB8ýCT3߱7 L~觊_6%Y_J UE5IqT5L >?V870i챑XYQ^V> +op}أ0(]iUs܄z.ΞH2)n5 (*T;h͞4#<;T(..dž=KZr&gD o n2#5Ť- vD;׹A5[y3ͽJؽo{'O^\-(O$pro y 7>FSl 't> ̍u{$4{Uhhʳ[fnc2՞bqKbBDOw`]j2$zO\ƞH6֥u)NFln:XZ pc}9֪hFQe`4}vK'=1z~@_t 8zDySIC?)FK*vj%?tbQD2J74(p&ADA O!Ecbjxj|r.2AOp@Fۦ _9(UL]hcHv7 d u:Kf*tE泰^ɠ`tqk}%y2lNSS1ũ!g$pIs.EEb.ϕa3Jx=eDBADwƬ񛳣`2&1G,´5ŕu 7;05(΂:ǜ%b#>\+R,-L)4-3s*n l*#ș/ IydIm1~k07,lc`P@d&{eD صڞOkF0G/-l\ >)aX81?W_SYK%t/A 1~CFEN{gcOrjإX7cn?y:9} patRlRhN,OУhrМ"̈m!}"LID7- 7u|k<>^rzm ѢtcэҰByϦ>w<\Y]1jq#Ӵf6sKjV.'~Qgjr66[(yήˍx 5$e"XfHNt>̻!~r8D=Sd܅/$c&5:,s NidtCV]JBA=Tgeh_q@] X̠M9x sO 8=B^ύOR4,T!Xr$%Y @Ym1Y%lqc% E<~ON%vϤ  $H’oGSBTEPD~\Np}I56 +dFsj +,i()3XU$$: E#ykEN mme|?皊čI>aZyX_S,'Tە{Vp<Ͼ!RV"TB2 &#yƩ[;(v6B4ofQ^M{u"%RbtOQMΚ"mx>'/o-skuJ*s:LvUdZ{<LM6.HKsE)PU]6 9k5Y08$B>٧﬿u-<ňwĕf NxCXo$h?ͷ56EX)̌wbZ sc+ouI#ٜ4/Oo6U@T Vޗ.%?D-T6e/ԩϢok{0@"-mO]g)l(ޑ:k5uTevXhJ`v&POj&+< wq52g_ We4%՝BkU,Ê% " !'j8Yi\+YlbN/h kc2rۯ[@9Dz/ ^ >mJH-3v+n#PP'w<kgGQ&[<Sm΀Ԥ|$'W0յAKbe1b;sD^ U1QB ;Ѐ,q'6 ZuACs cCCOЄ'R*=*s) ܸeC}Avg%bW6|'y7<6x*Q 1th/lwZN6L⚢ik#50s_Ý2 o82{`~HFomK-8"<;*ųWʰw˰/h4:,r6if;ePՅNL{5 JӲLbjEo0?ȁN|WcL~Ÿ=X1!4qE!F{"'8*XxRjs򒛺SV/Z+ !}zƉ>~}R`餦SwWN+Q\x# $gILྼѮB"hC#[mŸ!4ģ t߅ќ!DO|ߋv\bЧG0kTd_v9݃ žu߳Sǂ%ITM}lz_P;*(K(ז~.jUibRH#3I*N *ゼ7}"q^%&JXUÞmgqsS8)j Zl_(Qf.3]pb-loB&VMI-v+3251sx 5`nI~#cH䠹U:H;eVΟggPQ'/7K_dsKJTߠ xnBz[=o3#< M}7\m!"|^9F,)FTDp},,/u[ƱaB߆oyk-QއC6e<ҟS2TpT6-[& uiy}3!邃`FQ,S!Ok>:*[𤧇iaL~[qB1)\'3IxtƫKW0wv{?k@x4/U\#匕_AH{CRa\H[ j?n jEH'h\#G+s&|)ҹ=r8S%Oun?#C|:6ԌR~>&O|$=H0<FCpGD-jkkҮJBաpz} 1^e%b`1 ]~ iuhG_kp30@zvC/#lK[R '0#\u|Q4Zi R|^x Q+hcVp`h klNPD@>Gi('l8^UWtA j'lVDu6-qbX?4/Wkdi4u9|u ~>S4J+$2S6GφNb4>Y<-,&3M1yPHw.q,}[Y 1 -!kbVǑ\I+U*AU8},/Xg,I pe5z+zK1QGZMG4Zf?jDB$-rƱ%X /Yӣc-MK輭+GTM q8\i+'g q b؎t o`$`:_pxNݩC=킾W"M=pNX&#T5T!"'BJ"i-=|[ಖƇ-NbMݔc>'ܟhUI.H׾d;J~&7ĸhp9&"u WVRn 5yt YC!l>QP$œq2z֧!.T0>j.k V EК%P<;M=K$[ixe;-g|42:;d#v;=.D?UD,܉CteH~u;~}Ey # ߅t:ၽ`3ޗ|ݼIAyFh!3ЬuemՃu3Ŭ +Q w1t&0GåRAI5/J~}l<69yӈQ\L%Wg׍1fE+n3?0bt-Ԫ%Vu=KɶXTRS<0"pShh霋U%]3[*]PjXoȏ `K53Qqۚ;F2p6K`(ݾ}*%cV& / =s\b_9\00q$4ψg|=c>jG(R/ @6bُp?45|-M=J"J|"bYky0u V>Oi~6&{tD)? >zR _BC cO٨O 2%qt~Z.wқ@{׍D]߿1 hڜպ3"njG'~*i mLǢ+R.ׅm|_0all~%w68*nz؃A:Cr<w[A7`>G!h"9X *o;4ɮjs0v %@7jˮ0B $/FS_omY)u$X</(KQu d(?+2 I}$-ԛ@t1Hյ:-/Yъ1 pj*8a830K6'Tr- WQ3o~XN 72cb ÒTG+K5ୠV0'x|^"*2/2Sy6 e:ɫ~)Yƾ@ez0&J#~4+nQhO-ok*z20>qxZu";BQ|5%@ȯtŦBW5LAv ef@5.ll23 5û%@V_>kBM6(5U2@z2^S\t=6*R 6Ϟ+h=JyOU?a_ 4}2_MuBX.zbhXh= 1j}9_Mve:`*ί\T ȸbPҬ,UDFCHm:v[Fxhe|8sY9`NpU"k4);Jd4s*C3]d,#K::+J'O[bH:"9uNFcb r7*h'[=Ν† < ~#Ȟu >_=*/{ĿxsxW)4Nk[!WdSf ,Ӊ3*(PеήDgeAl{_Y;KҐ'W=Z5m)άXi.6z3cLr(Hq8Oe>g8ty/aRnNSә{]ϡ}]lQ PLR2J1m>eV9q,I6$3ݤum9BۮO 0Ic>9?R(@ۭVO`AAjd؊b" tYk'K4F*]3:r,7诓vaWEI u󶦙$\P1=@SN4m]17J%"<2cֶ=JC1L msO+5Q^o VH04_?:'Wwg_0!N/$㍔1NƚFK#~̐⥶E"(b W]nULHNf7(/cIYF^H!fc:薜5e~ʊ 332$@o+'? C!kiýS&Qxj!&s"EeBiNtWi)9vɳi‰ص5SÁ#tRW_{ ̨:*` Э1] 'UkJ!x:EJg-r=.US ]\>B;8`H5e's4||RI~O:;q!Ҕr +l8GFO'q&'];Qh4 \#f' T6aWޅ|-0?`җQn1sèH=h.2EO~'<*EJD@ބ$CTŀ >k\09[2M^{~bi(2`#+[f;EzQ@Vw ;! s)z !=>_g?(5oǥ_Δg4\?ý˖<=O)aM!'Kkg| sGxn6+3858j;|-MhIdâ~2!g3茆X+٭QxiYoK%׌?$L"x`Qh7sRFT(Ю &Ϋ-->fސuw뉝--f썒>ηnCvf Xx+- 赔W7mzք>ߋ1է_wϙL0X͘tS\B>`hc.CbӋh臽Du>H #c5\X&W?4{}_l # jddv=eseM"hI5ʒPHqN\l}Y^3tcZÛMnUXiIy 61rí1BԺk W!,ߕTvx<~ z&ORVBQxnNƣ,g:iY_|[H6솉vjd j<>dbO[9lĈzLqSlنƎ;^AcnuJkXc_F؁rɄ$~KWQSW YN5 L>ےtO ->'Ԣ=넥bg_XQ!>DnNymjEd:WgH?x,T)"}&?ѩ~ -'~nbKDN7 `-RUד.uRscv`ܷ~lMwwq9ǒ/ǎj[mh_yfK:!D07hl'U8>+] @1Djsq!N$qq%hꤺUIBىF1وgvolT\Jezp.2\(Pʍj[}10ͲLC%"ؚ=wF$vvi)1#]1]e-1/Mvعf KtJL{g/tH#tsTbW1ГlxhRά:XQSM^@`et- /ʧ8XҗJ5**`Xˆ-v$>A*c҆u/Hh)P."ܧkZ4nbyPÓ-ʛY$AkLZ25WBbLFvjeu„\\昪ٔNɴL)h=$|O!3bK=@]RY_l=v%U>9yOp H4Uvgf؈z~lE+ ZJ|$g`TGG`%;OHnP =PI=Z,/qhq;;('Vh>^#M1NDhӫ OHz\LN!.s8.C*P*iiiuqQ`H\&XZLAbm~;jo& N[4 %*hST([JB>~)lqCZ=0,`ySQ~loFİָ3F6 <$S/U)~)a7u&d S]XcⰄMϪƗ:evP o) dVq!ܶ2!CqĐMeMn)037d*63_;.Y'BΥOY>G/e7#Dc!jwC^fH֋qDFdOA{lw%5Kg!j5%2+tɭ1Q.sEHAFFyJ&/r )!(b jPu8}"_Ӟ.Q@MSA. NS" ƞ%( q=r|.ec8{`ֈFFХفkf#1\mVD<׋^쯥qTk4­G݊k[wCy+z(ʁUfn?.&0{A S5:3sgr4D2BKޥ+ Zևє n*O>\9[~sw.@X4:P(֊O::9|?+RO{'G{=.H# ]Fɭmjaof⌺—`j@9$Đc}SpA^m?m+c$?o%}.m1,ÒSۖs|Xҳ PA\N$ר̔MÐv_uw!Qi<0T+%yvB爣r?*vw2C9ajcWXk^?m Kg;Suŭ2:G-6&V*BFӁk5Vά-H'i~SǵDs@K CbQZuB!eN5f. $TuRd?xePrzz)$.p Xinqs!E};tȏ']-eXY#}j^0_&;3Dq__M`#7F{7kM1K< [[å4&N/"ˑt bQlUT6P`:R<(PQSRLUI~ӵe?pCk1Q޴u|}(frԍ6GqYo!@dۖOp@_H^d;"tFΤw;yղ$}'@'=Aw 12hX:|8~6:˰* #%oОS1`Or `zS )1LY%rH}^Qn̺ludhr6{[A}ꬢvPFGwF1a^9O}<9v(fAzukgnLNqeAєC1$KkB\D„pP*&cԆKolm4.rաzs<U㧎ń qY5: p:j4Ӕr&ċ?<X˅oFcEVRUo%3:/#i ;h8:Nw+MrjPxg#s)nl ;5FfI9?T px\"0M=!$ BE,r[z?+/aN 403v ߈d4z=b>s^46Ì?pE#7oIQ:oa9!c'`^2{(VlcS ˑsy=jc+曑Į ۏ0A'xp^;dL#VyH=߻һV|qF{K VދޔLآ"yDlKpDd/ɗpuwQϗR-,/tg[ъ ه<|^ Kp6!e9.'8y}*=Q  'Snn+u. OM䉞JO`oH*.Æ6˯QU$hoH7ƀ5 aM44ܟ3רR!-_yWv)MggH$Y7)KʳyK5 ]6G("NBs.dՕ_'&P.܎hD ZVJaOK1dE,wzHt)`y<}7Է;kh|+F$0M2%g/Yŋ b%Y*rQq+R˦JdXidqHWK)&9FJ- Zh:S3WĺYy+1Fu pRjt6>qd)H;tqV:E-'5tM ,b?_9.BOp /`s±*hWBYҍ%pL|?BF-iA 8~`n2H#] TKwEЈz̧ SJm|gyVl>5oM]HeEss\o#̻/]%u91׸`UxUC[dwݟW$Oyf)Pt~FCz#΄ov|m>ʦ1P)L$TQw~<9 E?NV/`FXII_qX(>6tpf{Lw߱82`DhyTϸIsB )5w+ QcҪg.{WYX6'rQI}@: geC$?x ,gbWڠ)jwALx^^JQ+,qm^=\Guņ`9F30V>V$~۾x< 'T/;0i4Z'x;wMcKYƎ;ϵ)e-_lGրP̧~-Ìu)D ظG9R* U&Vh1u18Bʍ"r!`c-^=*NOx6]N&ASKB[~aHEA >d{Jd~qW yT&j9.!i6#4ٌPo91@MrvP^1+ʡ4u'+Qr"5q5 &OA@ Xkp^$myДmm}&V+D|0~=u/1 k.V4ciuu Ԕx 3*w摶SX!ܼb7-HH6'MsQ+5bJl>B0*dŽ e]FJ+fݰPLnl~I=Fy "P#(}vFp1M7;S3U w1IDZaTt\G!M5pCv|@B{ȍ G>ݗ8=!꫱Oډ9ܫL"'ܪOL2xGe=h(#JK}^'Ld^[@<cJtYXԮxnEp2!7Xh-yN6푋63]A:Je&?U=pO; s[&c7VV (K(\ngoP]e wt:2hSݮDvoȕ}D ޮimo;h@؋s{s kb凪UyӠ<q]JTͽ黌3%e}9,}2[Y(9 Qwy%i.ʦ e]<¼sB#b>CeJ(}ϰ PN>[Pk[P7k#ML-J [46n)Qs?Ϳ}L4N`ؑ,AqȤuA>.!mֻb"OcƽWpuągj#26eC^uQJGM!EG;?ׂC~bILs\?B? Ȓid9_~"]QMPiu"h^jTJGcȚDKB+.''B}uٚ!yiսQŵQQ?7?6$qw:KսPO0R/P%`{F[5h4`Dok ?fpIXz4ރOEƔD*w )ė4wk o@̚>;9Nm:#5VG޻،q^S[K<[/ k˔ hӸPϺHgo0۾Zۅў~\2Gj#~-Vx PD<fΥ{{ & qFyv0Te3ZeWbSW//n8t&'va&) 騼yQ='µOSjd&ˌ^J|~-qg* hzVp:$oljKGpChv깒Jtuj>Q :ԅ9cj`Rv 6вV,x7ut>F0hbxd3ý/n*5_E0pyPbPE uXpX FU;Oj7[ᆲ9fqC*S 1\< ,W enb4^tvͱTȽMjbe,o?F  {!R񵛲;մ3<^j3:0 N+VO ! \R1m6ed6 *]eE屢pxS OA>Ng5, FU遪fƭl2BAjHxYI"(o$˼VfǎzN4#/Xv)("BEw@?W+^8"b,>F ©]fm!=dZoDa)1z}$0SlzIkg閳Vs0GAm9:J>,"}GH?vL%i [DԀ"=-˃dClpZM{_V5ޯe_?FǡTP^LR"6[/250P&ܗhtU"[>Qκԁg01VsGx=/1!RN$!3r cfu0ӳXԗmvKf(|i" |0Y>^a?ћүn1.u 2aYc#ig(X!wx`xw{z Pkaa/8P<1_4e6bQEI#D mc⭧ْFne$ 0P>Eld'M5`S? xEmsWsu%s;0 &_M9"|bifɁ*5R.]~+jm {ЎUˀV"e(7:Ǧ@O"J3vs" hմ/9̡1^xR[uU3K-J#ABW}R a@BMkH6^J)Q'vEut$R E-VȭI96wxw `[RI)YO/ b6}k"\v9ǕB᜖dnx]jw-_, T+Ԁ#K!z(G ^j85/2=uX(^v%|h抾at"A/ GNЅΛWXN~Y/I7Yx*1zɼub"A !k<ʅΦcB%:w/Tݝ*;SQuל)pKW:Nn-8QElrꂐ>0Xmhpc2 2 /s\1)fr)ߎ̵閭7X&D4;,Ѡ:Cf ;BSzLQ+ƘUw"=UCdB}BagSBԿa=qͶūHuRKq$Xcl{S!*LXrsy'f>ځDŽ7F kluzcBO3éCf"')mM>\Ua"rQ o]n&n-ŋ5&p 7G1T Π\DyYnh.EfT$5ݩaBa.;S6E{VAɑn.Fn)xt/:PTέLi|.w\ 3|*8< L0f9rKl+mog2,jOC_tNpm(9\s-a1&'KԘk] @gDxV&(W܉QwgE|wNCĂ!9.gj[4; `ڶVa5 u"Iͨ};kV4JϪ azLRDzE&± 7 VoQ-hu@ʱ?nI7Cphv<ƌWot%0\ƴH[ lneG;nq  -ixq_)DaUI>)LX0z/ބ`qswjɨMlzL^N)mJ͕nao_~*Q;|5b?λLךUCi6!몖/dhОF*nϛQLX0^cG{fT9祋({%6wcҕ ?ZgiWk4ҋahΩҲE' %B bR2;+Ka^T>~eAyl.3 AudK Dv N\pRˆb.e3r:zv2FhJ^r4a|yi9uvEpԤj3@Djcj} $“m^ UȒPzv qGp+-"K3@䖄cߘpAi@ձ B*ScaC h0{Q| qJy.qajyNvVcK "ՇDٷ`◙̅|b|h)umČn~iU!U@v-8:S=N^/1]fSʅL-єsp nOQ}، L 1s2;& 'k5V5 ךּZqLOԏ Lzf /sbVeNZAC) Ƌ/E'2+gOI6!dC;x{I-D}q ƌ}5 pƵB-.7/G=1|w{KUE*&UhǦ[J*6?0JtG1©S#m8ZW)Ϗ&Jl -u\,{eBU )ɘ&$6t&pVwtHPǏb'^[ 1JAҬ4]]f,R TLS- >&.G>LW\pz};\ζ({8A1C$2(y : g1Ph ^i2!CaIQ7Fu8.=4+}oѳd\0 EGvi7,ådUL6&tyFsχgli@R}ztĩ;C s<>k6*ջwqcד"ׇiu߁^+h}'o?LЊٝEa)QR=]I밼n罻'k5K*7J"uI((#`t^a?Yzl#bxoHݪ3?BF:E,:#4N$XV.1.6Ih$f%H(FP'vU ݍ]3? z!c7œlrg&N:.ݨ4iŷ/iT!/8p|3ϥArݎ?a$uf h%:tJIa{'"vv3SoST}N8md7'ph ie4p[缃 ‹fvmyCfo@ ="]ƒu_׫p];X7I:`XL潸9%hdq1q;s1îD*NL8yKw j!t-WneMBE 9!6 UInyWCkf ꨣO|1Qx3%$CEBrp4a}g8%MF=Ifەt/0> NSg&7P{FbYQU>ϊ Lv7Ꚁ,WǺn& )؞mvHq$uVhv>f ġk?&cvy TS&ZL)HLͨ5L3Yi#5\X=Vige=|@c'5هjdfYhz#(Uu~9@&?d-$Qt<͠nceo 3[95Ǯ㺑KL9"6acc8: %uhפ%yAS}$(P\DŮU4[S95 h̀!(+FlĵzᕗzkG<@iˉʦPVCVʁ]\ByZ0cs: WRL֦"|eXZ }N'(Z 毣oaoUJhg2k!Эd_|q],.u]~>S[B;m(Km+z)}' J/Mmwj"J:E2(YQt?0VRxyIԶV Tw(^&ӷ;,AD?9.d(|vDz^*¡@`Ռ*sx|p-%GPTRN#KA"eV'6qL<^mZ؉DƲp> V\[\F醰vҖ6.4 ^+@Q7p^mI99iFD7}g QӴ/PS8gmvKQ F'[Έv[i\2F-yOAnLwjdE5q8ybPeR^;9g-_*@ nԗ%ϲ~'wZM΀#Og 8',ĉQȉXsHqcͼONVFUBfΜO=CgMx8ċϊ>dg]S!6|6߂x"DAjگ'mU^ׁHFl ƽX{JS*WUL:Á9fv'U֫9}yy,[o}dD &jŞk7;e”UG+Dh0qKW =5laqS?ۉو-Ӧ񖚚T'j& [FVo+OgZa13ͭ&$"nd4?a^trQ,0&L~1gC#z|' y_9D`AIQ@h|#CxV.F1v `ڸtcc` 릹 n_7aFk<1$I- qi>o`(4_? =a V',բ+t)$ 8|^kt EdP%Xq63CrWUEif NO}V&!h7Ĺzᄮ\z$Wf_1!%â81&9y% q)SlF@nB1U>а6$#.DdT2}yKl-::O2텉]icд[C~~Zyȅ108ڈZ5P-yc1-z-Η!TGTA $@%6e-IRI`ːuT? p#^:ҍ-Sb$_bL`c26Lyȼ+vNkD8u3$T|icujDn0?Q\nd v8%z) uVr߂Ȉ_% [uqvKx '[@l݉|&:$$-G2Y'yKe;}f˞Dz+י/Xzhs4rjwQ 7 L)g3)LltgKO,,zv[3gӪK{u]Hl]0if=q㸟a wT !OF>֋'Kb=WG)%RG 87@]Z2 q.r/O1 NkCyΊ9wF%xIo~3H^d`1 ;H\K~>mx!R9' \+CFHȼ478²sÀü*loy?:bhuWPВs4 y6`,^HGVA\E# Ѫ)43fNl1ˡz;քcڔ>W3E::Tez96pLs F2؋5ڄm;;z7燙ڥ2#44 V8ۺ(`cg~q%cգZ@]HRHkch*,r^8}O<*j*r?#Y͉Ob)ϱVwBX^6)zf^ S,2*ڮy~:Y;lnDI -4D)Yöίũj1F ۀVFh:-=i_~kτ{hՏX^#t6,Z~I|9𬞰1#7;QК!}$Lt!-%'8FF64)-~gm!IYb$0E-9lIbNmAs PSē֌χ_%1Uŀm}c7GE yVLD_T{gay`}?]ooqb޺Zla4$imȐn8Iio{vNWCdj֎[7-/G6GzV $nz 1,jQ wO2ӹmǕai/C܌͛gC X>.S[V,*O. 'dMU~$Ϣe,0"`Ek R̊V8Hl'R~'>O_dD5lfǩU̚/)Qw>kd"k Py1'1X}qTY9,]%YNe>` x5Κ%KuISxèv 3͂)_ / OE0)OsׁIC]WpSf]z* ST" ǎ^9=u*%"#219_K6+rN?5Ai#HW3R Ty<@;4q+#^?'`O(AZpDoC ԾU 8_[{}%Mu|(05vR=RZ؞ /MV{UWau3/a5Qޝs~=2$e0if8J| ܘ+5D(?^_@kCzbF(`ϭPVZ65W[ٍѭiUuj;y}6Y7~J|O:n_$>\gd3^Jo IJZ}FA^ٍ_8$F%Fjt94(xkY1S!CB#RGs< xԢB YZ