sssd-client-2.9.4-1.el8 0>0  H2.t.x00eQJ U]>@NgD7x#C #-MIBh (wp_D_R|d.=;rpOE9C W992%~sz)YQ/J CgV8ysݽ}= zZ6Գa*S.Pcm8,l# m7[ {sfeoTH= N l ڭаMXO~lWȮGh@ ΄0إecDH$#z+tߠn2m 6 Cdi,])Yd nU5\.GX.s "͓lnp@f3k n۟YݜTlS'c.zxҥ< Bs]K/BTTm }ܖd'T!#))߹S$G3g2B)p3E-گ+ri R!؂#Iq7`˚&EMmV )$ 81b9353cd3567e62239e698944259519b8d0b30ac733d7592835ab92b2c20bd8dd7b8ea6d69ce74685878a1700ad950808ba612b0302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb5006630640230713416b8a215cbab3d589731055205eb3643307c5fb9921e3d71fdac873336faa635da2a7accaa2f7945789c835ced9802306b534943f35d7683de4aa3adb6b405452dfa3b7245257fd6538af755755438b77ec1b0fea1e62eecc55f1b864989e3110302047c435bb500663064023046faa23679e626550f303923345e0f0204c2228463f1068205fc9ea44d4c35be1d7a1b24b1ae39174b0ccb2896e0e880023013799699b0b95d8553ec0614d24708c7c394f1cee203d6606c4046f8bb57213a194549f5c835ee7367bc3c788f337d7f0302047c435bb500673065023100d876160e8038e896284bceb3bfc7a3cc33f9ef544313fcd7d372df57ba90aacce713651f519a471be964266db87bae6102303efd923b7276e96dd3ada5b5ad52ab9f270d4b6d65ed408ce33241d634b3dba737d04583a32a397e93eacbc7b3e8f8af0302047c435bb500663064023027a2d967000fa139758693dffe502ed35dd0125204ccae9b24705f8129cee05f4fc5cc29d5196ebe21f02b671535f98602300ee280a804f8f57e8eb5d07665f5a036c23a0c14c45c9ad0cfaf1814636890ea8fb6db9bab82f11c50662c30dedf16580302047c435bb500673065023100862bcf29cd625b4ef166bc45d235c8dc47c73c7c7d80077e820578f9eaa7825c5fb6a1f1e6e091b49efe8e6c667c45710230089ec88ca4e8214a5a4d4bc5af167f8ce9362300d055d683f6b4ba54bf8b872bab3966eaf97ec120fddeacb36d8fbb280302047c435bb500673065023015edefb4c55bacae347dd4d0f6ac37cacdcc9c8653cef0d77d2ebcfff0b11d5036587d827ff294b9d1e8c88438da1244023100e0d679a28ac398e3ca1005936fd70bdf36abeeda12060372fff4c9bef3dcdbe47c4f54a76c43b45c2a64c93611d6b7d70302047c435bb50066306402304ba30debb3d7ae02be858abcaab8970d5a78fe8a541957d9e7a1c5806f526f97906fc474c9626c0fb8f5415ff4d86c6e023046392ffc4b22478794949b951b1c443d965d2da3b505b8ce67aacc52e59c691ae3d73a758d8870e30f6ada7cea6756cc0302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb50067306502310091a438adcc83ac55086d28826517ef3c86db8839cc40567a41d1373e261bb1fbb6845061fb38640534b5b14db5014c5f023054b54f98c42066f28cda2e10dbe03690afe4bd76918ffa8d7ac3829b465ff2ba1d6beb598bdab9dddb01215fbd3ff3890302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb50066306402301e1c632c69bc2b3acc8290a4bef5602abfda9a0def7a10712cd98a27ad0a26588b90d5e8ec4139694b816e72688d768402301256a96fbc006757e447f3c1c02daf7da865c47168f75ff2c4a8b66e406772266323bfafcd97cefb75c3ab8b6dfa79810302047c435bb500673065023057e9016342c269ed930f1a1109abd813a9ca14e6fdb98330610e729479c5b58a85993d911fbfc3cc5168a6e1ea253c860231009c6894a0c667f29e95ff5e0703431be04936cbcff9886ee41b53157879ee7b29f93fe5a0fcd25a2f3b244118bf6ac3330302047c435bb50067306502306fb6cca35b6f74a9c6cd394f3e7661c953f04c693f6565fc5b535f6ae8be34251ce9b68ad59538406f4ae8476b99ff6102310092549893e0f0510630eede4648cd3f46ddeb78798fe84c7fdf5179f8b430843af892e1ada7aee00ac0134cbe9b3d4da70302047c435bb500673065023100ef5fc08a4ae110435d7b152944e4d91525bbbc90e50d178928e09e42c67fc2a41925c9505c5ad079a6649a6e869bec08023024cec763767dea4fa84a47ccb1d83385c893a5490d1dbe0ba853bbce88e92e9d6b3fe8f7bfaf142116c61daf9cad17d90302047c435bb50067306502306f5430335e1f1f620d9413c23d9ce5ba96ec62039189bc85553eb8e07627a08d99a0ef14f1088828953ea9e227c5f6fe023100dc7dd81fcc59bc40108453cbe9d5776d13be6e46f46f8c860009f4f261b181016ae38aec43edfe977ea05f019929b7a30302047c435bb50068306602310093afc4f094bad95e27304f81119caba3521751fd2ad823096fdac9207b3745aaaa96fcb13466e3884ad03ca0e3b59d4c0231009c2cce4685b63e4f78e318158b405058c0c23848ed8ec276d3b6c18dc1f9e4878945f17e1a38850c1dc37e72360c98640302047c435bb50066306402305edd746a520a2beb56cfe5f486ef2781f74326856bf997222d2fb065abeeb4fb99b313012c9b8b73f7b2fd4a06bf932f02303ba8e813cd0305f646d706d28a48ad3da38f55d9982e2cf15db8f43d918d7e9f1c7b833fcc462520d4cac4af56a4bae10302047c435bb500673065023100f689899d0fb9c7698668fddf9b6b375a42ba93bce1b46e66672021876f38bec9915d75dab72bf35ac8461f529521137902301c4331a31b26348e7c84cb25eb6e321e82f7edc0e78c7143594f5b2da149a6fdfbb1f202d5ec20c705978ead10c0b45b0302047c435bb500683066023100b0ad52c07ca0c7264301eb7b29ddd82e2c1fe2c39cf2dbe48dc1a65a4764570e95229909fbad79b81f0102348c696570023100d34ef9f13dda608aeb3f1c546cfc46ec80dc2b376ad114c4107e94c0a74775787acf21634b2b84c26a1d15ed146d88a50302047c435bb500673065023020ad0c2d54e734af7153b22291dbbef9923300ae53c363cfabcc0a876454c86bcf3e3ce35b9016512b4cf85e2bb07c69023100a4183ace8a88ed68d6babf49559d63f3e582e9973a9ed206fd4e7bc94665851534c0001705d2420a558833d2abb0ef120302047c435bb500673065023076d02d37b83f86644dc5eecf9ecf37de1626cc8fd07cebc671f15b1cfe3a0062318c17642b4649d18411b7bfc30b9c33023100b9ca763b28ebd5c8cd28d0b78b8487622b32120c939bc8e7306e16eb4ebab0f4f6730d1c92df421bd3d4c1268b492c620302047c435bb50066306402300478a02a7bd09d284ed47f610e8724a323de65f00b0c49f014e44d27605925de05f0945844b33ff75f97dd3000abfb00023011d3ca5a96b08b3cce8161c619770305e07bed099ea8441438c6ea270ad60a1ba3e3916152489680ad3753138e93c7300302047c435bb50066306402304227676713b7e3262a79071d06e87a07482467caf61d83e6ee6ca618c2664047cb5bb8da9866256db59cf17501cfd4f302302f91d63f26ee008544f568d141ef44f30fe7a28bf4cd17d79cf4877f1450476d68f9864cc2c738554756691303d7e5cc0302047c435bb5006730650231008388fea435ce1937dcc059522168fa460645be776d4c7954cbfa558ed404c0987f2af0dae188f94cfcf78320421715300230123d5f47d2f038dd3833644f0c8e458d29397069f0c91420d9b3af7328d6002610f94f5eb70d02ff8f5b8248035e72820302047c435bb500683066023100c6d38927a79e18a323cec71e511799fb8795bac89e2ba019040613a2f390624bce3acaeb1377d76964df24fa8f620e44023100bdf0822260b7c1032671c9f77b76ece45c67a6776144feefc78cf2fab06f636dc8f9ca51ee9932cda3de6d7dd8cc275f0302047c435bb500683066023100c31c1180c8f6bb4b56df83a43a45eb2f82d15ef3ed38cee040e75b5fb7faadfe139fa37b4e1bc8c626a73e7513134cdb023100cb9fcf32eef3407dfa0ea862080d0d567a31cd19038d1a0293f352127ef9ce8d3fb011f9cdf58c0490804394cfaf5dde0302047c435bb500673065023100e80e3faa33aba1d631540b66eedaec36737dfc8d6638599437e088ca367d82b0323497adae465fe869d365f781606af3023003257002fec745163c262e33f6c91e4f146217c85e78409bb58de59bd9d63058c53a683cab9cc7f53791392cb9434f7a0302047c435bb50067306502304b7eca29c4fe66edbc7f0da4b375c3c6d6db07b8c056be8d9772b8c56ac5fc31258abdfbba760e8837c9d7a1019d579c0231008ff3450df45d0a99d1579addabae27753de8f2dbf0f5c49d8bf8619ba0408b774900fe028ec26953aa8ba5577443ee290302047c435bb500673065023100e8b2bc4ac00d9a8d909d2e234dda50f89c535c712cbfc49c89e0d9a3f98e8c4426de572572bdb6d54afa489f9b7ff88302303f56b453aaa9bbf01755cf7b50a3fe795ee2e087e153ddd9c37737a6bae1daeba21c372c0dcc9b63e367a07711ec82d8xeQJ U]v7{.j.c.HA +tzb T[)$,*d`:gc25>i{}7zZ,k"%mjj߼ (SKuw^o=a.&UۈP+g I_9P3J M|*?3qQA?!G3n_@s{D k{2w|" ~Pr]}gyoI@Z. T`쟍0s96VgLJIU6`!"Cw%X!TY­,xSPz\ >նps硌\bc~Y)0P-ۈ$[ :ܻUZuߨ 4@J cxXlVm\>pA?d  @  %(22 T2 2 2  r2  ,2 222@**r*(89:o>E?M@UGd2H,2I2X@YX\t2]<2^b5deflt2u2v`wh2x02ydCsssd-client2.9.41.el8SSSD Client libraries for NSS and PAMProvides the libraries needed by the PAM and NSS stacks to connect to the SSSD service.ex86-05.stream.rdu2.redhat.com=rCentOSCentOSLGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxi686/sbin/ldconfig /usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin /usr/lib/cifs-utils/cifs_idmap_sss.so 20if [ $1 -eq 0 ] ; then /usr/sbin/alternatives --remove cifs-idmap-plugin /usr/lib/cifs-utils/cifs_idmap_sss.so fi#D+'0#<>- _=O,~K G 2  e } ;  AAAAAAAAAAAAAA큤eaeeeeeeeeeeeeeeeeeeebecececececececebebecee+e+eVeVeVeVeVeVeVeVeVeVeVeVeVeVeVeVeVbb343ec33676d2eb932461ee2211b2e95caff9fb1bb37b75b55f8cec45e8e23d26061b812fa8644df4d72e5bec425797db86df6be4bf6440cd3cebf06838fca07a7878fdace25f99ec5a314d0116f8e8b69613755dae78e9029e6d2b2bac4116ad2a7c0aa84660b3654947ae8763008491dbdf8941b198a20663ed3c7b1413c294c36ca4187f7acf0075e61a956e0b56fd0301620dae0b56f9fbd7f771248db3f0c7b871b7dedbb100dc4dcb041f83622d3a109c17d3af186941f2536a4e5c6b5ea00529ad9e47efeae8fa5544784a1ff65943ee76445f747a6cdb99e72fdc85fb9dc9bc64bdbf22dcb0ef7e72e7bb061a614ad560fc408a76b98b0984bd39d38ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9036c57f43c939054fd4b831f271a14c97a488c38f98cdda5e887c5d396e3b3bc58af70780be5c3d7de3145e620e04f4c0a4aadcbe0e2cae2b414f8ae3284d0662cfc8db2d9e262ddc23fdd57a6cdaf4c47ccf3bf448311980c3471808f8b31b6f2a306203ae1e353a08c59a0b5e25a707f1e10a96ef6f81d8dae433cdc524471b17b8c58c9be034dcd7233eb2e2dd0335b934ec2a74d40b0f996b6abd3ab86b844ab5a287facbbf545cb59b12fd683e24e7e682322eb969ab02c499e8495617a96bac58337bbf84dc7a3018569d6f954beae7ccf97acc6c6c4307303c7a384308a093cb315f1ec9228874dce89ff7397539ce07dbc96953746218e3302e9fdde998af8b137d2126ef731ec01d05a0d65b5189c100f25754cd7eccc4ca1b5fb62fee3901ab4827dce3bf0823a2fc193366cf2ae7136b624ed79cdc6ec519aa41f2541d90e20fc2436b7817baf0978a1d990adac828580299a94ddd2e467959fa96f6daaae1f1fc89379d5517554425e6d2cb9d07ae24a4052474e55f9390e1778fc92cfd495e922472d8ace96e868d5b190a0c730aa0f773485840a912ef8d7a4ffcf26b4074b3aa02e5b7a9f5275e157a1511084c313b05705fe6639f4ed25f2694a53d0126917de936dc880a6346897bda17420bb8d1b88a53cd13bc00ad6e8b2187c18ef27ff704936fcae635983abd1bc8b611118a258b935c98f01ab89435fbb73cecb3c6447fd6d2acd7d28a3772e44d65e1501b7062449c0237ee875de449f0bc6c7ff05dc1cfd92ac0df9156f0bb5d600f0742415a165342b02dc04c3ef../../../../usr/lib/libnss_sss.so.2../../../../usr/lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so../../../../usr/lib/security/pam_sss_gss.so../../../../usr/lib/security/pam_sss.so../../../../usr/lib/cifs-utils/cifs_idmap_sss.so../../../../usr/lib/libsubid_sss.so../../../../usr/lib/krb5/plugins/authdata/sssd_pac_plugin.so../../../../usr/lib/sssd/modules/sssd_krb5_localauth_plugin.so@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.4-1.el8.src.rpmlibnss_sss.so.2libnss_sss.so.2(EXPORTED)libsubid_sss.solibsubid_sss.so(EXPORTED)sssd-clientsssd-client(x86-32) @@@@@@@@@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/sbin/ldconfig/sbin/ldconfig/sbin/ldconfig/usr/sbin/alternatives/usr/sbin/alternativeslibc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.2)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.28)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.7)libc.so.6(GLIBC_2.8)libcom_err.so.2libgssapi_krb5.so.2libgssapi_krb5.so.2(gssapi_krb5_2_MIT)libk5crypto.so.3libkrb5.so.3libkrb5.so.3(krb5_3_MIT)libpam.so.0libpam.so.0(LIBPAM_1.0)libpam.so.0(LIBPAM_EXTENSION_1.0)libpam.so.0(LIBPAM_MODUTIL_1.0)libpthread.so.0libsss_idmaplibsss_idmap.so.0libsss_idmap.so.0(SSS_IDMAP_0.4)libsss_nss_idmaplibsss_nss_idmap.so.0libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.0.1)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.5.0)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)2.9.4-1.el82.9.4-1.el83.0.4-14.6.0-14.0-15.2-14.14.3e{@eReRd@dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.4-1Alexey Tikhonov - 2.9.3-2Alexey Tikhonov - 2.9.3-1Alexey Tikhonov - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-1680 - auto_private_groups does not create cache in IPA server SSSD cache - Resolves: RHEL-10092 - logfile rotation for sssd_kcm not working properly, sssd_kcm never receives a 'kill -HUP' - Resolves: RHEL-17495 - New sssd.conf seems not to be backwards compatible (wrt SmartCard auth of local users using 'files provider') - Resolves: RHEL-18431 - Excessive logging to sssd_nss and sssd_be in multi-domain AD forest - Resolves: RHEL-5033 - Incorrect IdM product name in man sssd.conf - Resolves: RHEL-15368 - SSSD GPO lacks group resolution on hosts [rhel-8] - Resolves: RHEL-10721 - very bad performance when requesting service tickets - Resolves: RHEL-19011 - Invalid handling groups from child domain - Resolves: RHEL-19949 - latest sssd breaks logging in via XDMCP for LDAP/Kerberos users [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-14070 - sssd-2.9.2-1.el8 breaks smart card authentication - Resolves: RHEL-3665 - Unexplainable error "Unable to find primary gid [2]: No such file or directory" when SSSD performs lookup for an AD user- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/sbin/ldconfig  !"#$%&'()*+,-./012esrurururusvsvsvsvukukukuk2.9.4-1.el82.9.4-1.el8    cifs-utilsidmap-plugin.build-id40fb05ce9fd063281c6d77d198360011d9176c2f8b00c6fc09e2f8e06ad82f9a096c74d77777ce38a2bd6a45aab45633048fd214cca25cd50baad1fdbebcf4c1b10bb479879a9b313514a678f04c2b00c67064c0117f953203250c7c66b36a25ce42770be58213a669d93735f103115d54e4a5ba474a8ff3f8380dddc7fc99d922b16da71b2d6566c6422453fd126852c75b404a7db99b9cc17f980edd66f13fcifs-utilscifs_idmap_sss.sosssd_pac_plugin.sosssd_krb5_locator_plugin.solibnss_sss.so.2libsubid_sss.sopam_sss.sopam_sss_gss.sosssdmodulessssd_krb5_localauth_plugin.sosssd-clientCOPYINGCOPYING.LESSERsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gz/etc//etc/cifs-utils//usr/lib//usr/lib/.build-id//usr/lib/.build-id/40//usr/lib/.build-id/8b//usr/lib/.build-id/a2//usr/lib/.build-id/be//usr/lib/.build-id/c6//usr/lib/.build-id/e5//usr/lib/.build-id/f8//usr/lib/.build-id/fd//usr/lib/cifs-utils//usr/lib/krb5/plugins/authdata//usr/lib/krb5/plugins/libkrb5//usr/lib/security//usr/lib/sssd//usr/lib/sssd/modules//usr/share/licenses//usr/share/licenses/sssd-client//usr/share/man/es/man8//usr/share/man/man8//usr/share/man/ru/man8//usr/share/man/sv/man8//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m32 -march=x86-64 -mtune=generic -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2i686-redhat-linux-gnu directorycannot open `/builddir/build/BUILDROOT/sssd-2.9.4-1.el8.i386/etc/cifs-utils/idmap-plugin' (No such file or directory)ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=c67064c0117f953203250c7c66b36a25ce42770b, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=f8380dddc7fc99d922b16da71b2d6566c6422453, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=8b00c6fc09e2f8e06ad82f9a096c74d77777ce38, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=40fb05ce9fd063281c6d77d198360011d9176c2f, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=e58213a669d93735f103115d54e4a5ba474a8ff3, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=bebcf4c1b10bb479879a9b313514a678f04c2b00, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=a2bd6a45aab45633048fd214cca25cd50baad1fd, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=fd126852c75b404a7db99b9cc17f980edd66f13f, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix) !.8GT  R RR RRR$R#RR"RRR(RR RR R RRRRRRR(RRR RR RRRR(PPR R RR R RRRRRR(PPR RR R RRRR(RRRRR RR R RR RRRRR(RRRR RR R RRRRRR(RR R RR R RRR RRRRRRR(utf-87e12bfdbe8c493c4c22375da8bfe8370a2d3454d78c12eb28869cfcd97a157b7?7zXZ !#,] b2u jӫ`(y//c'p,Y}=X2.|:3;WxWwKZn*4oN˳/KNkDZDH2u7»@]"R0_/ƘM {|t@,++Gݧ7jHHaT̶qzZSS;$o`qD9?A3ȳX ԕd0 d0aJ#A}pk{ث18Ո#!"P)Sѥ̉8NfpX Ѕ1"d\pUt\FO!VP^~ lᙃ:C/#d3FaŰ16}/Mk$*VV`Ճ9<ڮNLvڳ״㸐,f8M!U>2g[x8&6&)αGz\c>j]#HC]/% ͯ;GpB46)G߻\4hpGv=:™Nojwdx7aH㒒hCA/ٻaRpUş6pdU@ \~஺ ڀQ9utpfur2kQw~z{y=g$oS@UFS| gyM?}Z,A!4N{Sꕦ;8EХ~6MϛAH=*k~fU f78W @ \WΥ[lKLƞy%W왪@y#G.G&#Mk?sno3bꡬߙS ŷ"%r@8+#xLˆIj$KABlaZ|B8J[/uh6zd^>VkD;;|RSIʑ#Os̗ԴHub $lXÝBz]a!{ᙊ1?X{^sDavo|yP1 Yo=%D8uzs=uJX. \ {77`[J2F{aDϜ 3zQ2FTpDlC#c>#7bʬ_2[= j1w yCbC&`£mŴIq8z.uls5%mMU۔-Ŀw, p7S7Iu*-\C^Իأ5*;NB Bu< |{e{KHy-7ıP 6M̤"$e&z_(b}vԹ\ePTO,%-ubAW.OCH%k`$4|#͵LMhwc-3kHcD3H{>1_o[SAKYovE0BfH+sߴ|hSGQf1@2s֤̕4o R'AԄ#K"S3N*3" o?gƵFXpW :q6t7TU,7sar,('Q- ITPN W_ZU/5ڇ%WXk naԜF#LlOxQ9hvZ~k᫼_ >P`M@Ulmq=4b TVdظ IBpA !IZz̿v)6 H34(27ײEZ3 Ze8R7PdSE"oGN_$5q@I g> 6VC ˊܥ`3d m޾ Ezy2V8T`aCR>v77ԷKpLo-&<hWKg#o ^MDxCWФj`ʼb^C9 ˺'V'sx. MKcҔO5bzt6acۑKp; G0 \ ȡR1=3s0X'Kr`"|TvŤ1ޥ>ϖq4bG x) i:& )ӱy{/an3hTHN^+`Z/f!IzPY&>ZyI7UBӍbmڌO%cB7y8OA/G9Vԡyɠ7<s'vR ,iWDT,&~WO@s3wT;؋2X3NjsU3ZZDp9¶uMo*}=Un/؇i{͸G(ulVVJV9i%N ,!T"PW'|em3Y QN{:1ccTJC跀Wl]qŧO3>,a2~ޮk͏@{vF7D?S8*A~:D:7Qr-ar~mPĔZeJhZZ I3&\ƻk[/Yzd͖ RC+;#@·\!1ZeHS0H}N΋3pDzm`ykc1ƶ&݆0cf;#&jGg)[WW"þJ^/O5(+A#xcѩ:2Rh eGaN| `"L/AҼIZ/Cd:e-:cn'j5u(l!N| V\5QpGӁVzfW ?͎Tq c_ 47$$ "G XlZ`4X}~VY؛ż-9W``Ԥ*~*t#hLoػd>uYfBls3FJ>Cacnbnϳ 0!Tp dt1@T`L=\ J̡_-ZA'16$er9%Zu*+$aBF9ca[o.{t]ټ J.ZbBs)1Z7\ Nkڟ<'t_&\3UPm(kyJkU mN|vl" 9tײ%n} bGX~+sԵٛĚaec G< 6O][1突CO$*;12m~ wk梃`/L FI`/C֍BhW$~jeF;O v{U RJ[S~m0AT"+[ïG10tUt`-\Qpb%` 8ֽdt%RN0܉%%Q !{s(l {ʛnoN7Ǘ,s K9Mpo'66(< Yn>IhfI1PT/&@-Υko6,Rfh+ *8{?P0N櫩3|41֜e-CLR{ +X2AT>?6ǎNk#Hُ `s*'w>cBv{bwTs zk7os7+. P9{pOՀv#e*> 28%-N G0r3 \xkf{% pr̝^HW !\ڔ'x\*ß OQ/y*;S+Qc-z? p5؜cp*Stbzd F՘H>RBc-rչR3U 8&(%6&SrAB;~+Kњ?$λ #|4 e sRGX>ZnєÒ<_pAN榽_K:hsӤh.6MQ\=\pd(sR_>p:UKhvT?}Z`K_G] $AU0C][xq#4m?wy(K U^$<8`tkZsk"HHOBc_9LXlx|"CMĺ,o>\4 ?Ty|Y'F]$k.to*T-e{bЂf J€3g+*6'=$w߮$y 2l/Ğ7*KE>OXA4XC_\n'GH2cDXuQ 锧LS=,]h Xݰ ̥PG H5X4mA@$LaB_|f)6g̞6R\E%pstMr ;gGa}SK0Oq4Nߔm:h(2eڪPBO'<-1yZC̶ag4Đ*4?zYrDnV2s6}2S#rP5W)5vNLXtuPrTjNGڍi1 XwU,'F . C$5LG@,[F2|i'7#DW\4 "̰`>}^hDJ螪7a!ButZ)湱 <| mH4wR/cpwȥ+wSsK KdYb7C0+FqvvVɝ)*d3\`G;0XGt[E-PLK:W _1) bwr=Wid982KbMN)ft[YyKN)zTDv2WBކ[ /`EXj tF ޠUp@MqwVڅ˙ط%\WaA](Uҳk{߉IjfP/-Jޖqtw }pKQK5L늻] &j7qxCJ F>w)'fDjwOB"wFhÞ&o4ܬIq=mL^)k }f-P(cd2#(iaP鸠&r֋?:$crJjP`(cliK7td]je\Ywnn k,쎿Q̼֭EkS\X;mX${b`wTCT٧_Ά ͧF4'(K fv}lkd]cQIFF,y2bmFp UrT6cuƦ09J*j)8dNZ~?Hd+9$wΦ)nB3*5'9.鳔$|u\򈇝"_ Ow5]5`KȬa p{9Uk02 aL, my[oiko-67WЇlOZBR~e.1x s?pw=$z7k=_DAyKA3ލ};; Rc[%=Js6 ֺY$^*|pTEYmdƺt ?S H-0޵D.-Mq8nǚ˜`#LZo'0mvű¥3\uh !nɩX^t(N0jz(Lȝ |;o*ɽntdGmO%<0.$A.`h1+`xp`  ^{&()dB~򸀾RE ,BD _G߹'dt`@18k>yt P$ns=k(N.lmK31kWߞ[9X^ADQjz21fHJ$zl!ΐ(יLԜ8*O ƭ^ О4aM$c2zO8?5"D]Fl:tz@B+a~<ňcC3!$#+qڒxpWOP7M469sC#mda&'w$#F̹=[k4&f4hS`kG\/c>Mda 1첑yUԒYDDgF_X>X{ Js+YF qF$J޶e7]SK ڹmRlɊ4ĒK ޗtMP;c$􎄞MwݘCUNQR%Ç-8mF'l9vWfŇZ b 0dZ:2S2+|E{oCQ}ã#P?YPU%6ks]3C$H*@z %l]{ィ>IqHjL >_:u0U@!O~~~WC{R<)p-$<;~UBβ:}Q=w_s@We+*iLEɅmЊPS|^rB?3a<݁ iQ}h7*WLZe@b .8$6̰Z\$$CṈCf/F5s  .ye-X(0Iگg ѥSlrÓJ?1dFT7,JG8Ͼy[W2|ar|g&&)lKE_VL#ŐX@(3Z%$;mܙ/ub3Ÿ᪛?VTR50ؚmIbj Q$ο vYUÄR|Jp,\i*@*{'Q*n jM4ueR6)õҮ]l[=cAS5wM}Plzg}=colh~扜LA %@izV0t=x5r%gΉ5NAɦw 4fR?.&p'tZ-8 ;(TG;1یa6T i2N]K2uoXeN'ޜ1.1\i}amGze|\vŴۻ6,v_x Ý͂?!0-="n/UbkآB2#y}XkGʢQa3G%KO$m~O>A !CEҧtgꭿ ,0/ 2$` uX Y9-o뙏 d`M^v#J‚Tϴ05x jxyƆRG~-6h(B +~7aDdalT33S-d4M `aZ <:žya! >=L['rº" XSq@96\ F0cqv/AW^{V/>對eN& >RJ%1;z;:\Vw>/wDosW+ L,P6}Ƣe1yH}gtmeY> ~Re)_eFM~Qݬ6U N \(BGb7!s% 'DX<}y"bM'HYf]M}V=psBt\gu& ն1[]uvZGV|zPG!旰ׅ$|5=f%&Dy0m p4,=4t""B%1f5{)YO vRwo}Fʫ;Eկbf^z-nȑlR-רa/)-x}X#X ަSvW#ӀQr>bᎮ>%kmcP%eڑMn a=F AbD@'.ĝ>gmZˎ-?;ˌ|ride.Ks}Q=N#]o?x@KI"gBmY"BR<~YmNf߸S\pQؤTb};%O8cq`d:Yeivy\ў!eʖ԰$ߺv0wq4@g@X]yB^KgFR4@fF=v l5mN!;RBWzZA7dC/u8`l<๳},rF6bxu{EyԹ[79w'{G_0,BY׌&*9%E]q=|O50՜3(r ,Lj7-8l+Rzt"x@(9CQDu_]7a,mj(r\7ytGig<}uoCנ.x%R)CfTZkxOdqI'hi gUTek6e 1?&3gLol__͆Gշ?k>3cue 8glo5?݁BmBtytfUR/9fK#'L 9{sYd=$5'q'0 eO+y]4Ϲ, sy OZq&fb&QV#M5_PװC8e|A{CܚP1k ۼKҗl=,9޲OT)_ѱ3אL(q=ާ aT?9#`vnG7;I S`+=be =mdm䡦Wwz{dJ-X` 8ttyjHxDI}҇Ҧj2ݪ4Rdb_Ms+!/QhP&|?)3fcSǪ3!w6h=rThnZM:މ$\F:Fm0R%)1ɳmV8_{"|A*[s|KF2‘ #vxTp`|C+ru*eN;K+Iz*Δ&YP()t:#mKxBF6:iP8J.l0d<(4Kxl-CcݤmOy,۞咤?dֈD?O`3$\9|3J9L ,uo&QU_1$VFǛ~?Xt =9#/5OMV0i0NG͙^!ZqAs-=" SHE]izJRɁEb{S;l*Bɴ i";[,:|NƄx!ۙ-LK3d*i'S rAMc<8K[JHBNs:@f!W[92Ɏ$Vu?lpYtd?8va?%&1d` o¾n0 t"ARwHaYi+6Y7T E8/IԀ6 0Uě=gԎb.nM~l +Țb"YbTJ1.0rJ6 &#ۗ0i¨2 S߉B=^^(}\da!FN^` 1mݓE\#|!=:.ѵ-!HD("fFR~$W?0d&pm7:iq4NxGf[|;HNWעOw-Ŕ㭽A#o)ϿyrV'UL.Zجͳ¤-puBO<H-^}JqP^׀)੍H1)ޞcVXK\QcKȥq`'Y"dcv%9ì"^~yJY҃g;„ܰJ 羃HC=J":st%tMe4RfX[ 0AuI,($SaQV->"z*.zM)ȳMweJF@؋Д}Fӕs;X- Q '>'r@a:0*[u`2w3 ܁興qx/Ң{D:-'#BZNseTId+ ;{4Y$T*;\N/w(H^>bJ\iJ<Tr5N~* I7# y'_gJ3;L*S1n}Goᘻp(C0'GP_ [n!R јWq]aiG,DZ|JV'exc ڐLv3g䰒U扩G̵itWRSՐC|!l&zC*3Ӕc"_CHa_Tdi:PER;N[-b qN[&„Fg$rI|:#!7:yqqIHG_zc]'UAɫ캒.9vadNEj>]ٟSX&N20Y7n/i[`u͢PT[;Rh$J[{ q lВ+upn%]\pA9x?B;ڎ({tr#l'= Zn/zx1y(ġ-=//N˙CrX" =O?wPg:`÷()id/?,' ,l}gWX3d# RahYGi5+;ޔ i(x{?aa u!UlZ$›VUvlNI3 F YԨ=;YdIwPHkbmfz۽1Q(X$,GbxsC q<<|>e{qqӟTؽz%W&R?ٯgK[au6[rqeբj䠯[f vW\BO\qOddXXzH߾ߞl۽|}}r?lj'4pEN3;:f~b8"*p\7|Qe<{"3B/hVHoL)v(KH9eqP hw=4E1P$g$`)TN66A kYK8[ڷU]r>+R6ȢU~pػЮ@L"Y{WAva^A[p diGtݤҘ qZq οVy*A#/]JqHWa(s Ő5݇,돴as 61/EڱFJROH-Q@Y25qNS&aA9ҪF0wuq&w㙅*gIڟHw؛cfT6*vjd4B[%CI!A#DD֠QPMo Adˏ#=řTﴺhPa_?Z!a@{,oL(C?ig.^z kw[ Mvm<`Mqog\g\=![G.'њ!{Ru7f=-hnZ>0 iH<0ӑt|_0ߢL ʖ!z654wY(9 .;y9I06F ]!˕˟2(Z5u[w]3jRLMKV˸\BM6A#q7n? aL`H,6 msx g]E$:so }V(yQx"8)24%TtTk+`rKwZLùj!ME7gw,k$B`nN:?Ia;>8"N:`- K[Dlp T?9߄j tgy̔h]PYkM- )wz q)92? 4k֏YR݀I ?9wl8_94ڃwH @PM. h$5{}ω}]-p^f݃CZv&\' 1D=Pl9<#Xo1ф<}k!Ysk7ݍM4 Ziq Dh,a;Ir, 箽UB`"9? ʌVRU3Ol)"*gZrR鼕`}W˽'Hǃ|9µ`8-nBqav2lt>.w$_EZnoPGVJcJBP8joA.!I@1nSV=l?-dw#hrXtnRnN2Wh}dCw4D V\+qkX[mt}'șJ𛂹"|0?`L TƘC,"٣q9%bcʏA2ĸj )ɟYbz]LS 4qטȳ"DsQLkJ{Tm.m(8&qFJ Br{ߝxZ"dyL*KW#0WZS %Cˋ1[2ޅntqkHD`!`HEn[@\?<8s׵xi,aĤy^ CF|hlH rx_^ϝ}Y9]7QqIR(F0b"(;OsA>1P 6}EMy(q2Pdiӄ퀠 53cq1"u=E仔VȐg6l s!"!SW;XwA$תJ+ lŔeާT;WFN=O60Za-[ـXjoczc?lG*8Bw wyÑz}%E6qu nr٤s<& ^J̞]B군i$GV"Tu+msF-_2p؍!2Kxp=9D\b=qMC+< F},MfCڣdݘy3FR{E}ÌCUd՗Љr9Iɀu\ dZNiN9|f}!eV@l uc,yB"7UH@^1g`ica*;ƽM<g{WE yڵ+XKma54+~TaL?emUHKԘE8#3 yƠ5wX4E*ROh'[93뛮KG|/UV,-t6[lխЫ 6liF,suH!*p¬g !ĆwѷàO"{gq+BŐjz;hA|3;@5&/98jB~-w $\K޷V*kKl /.~Mxq2X#nW>oa@AtsD}JnƷ?".C Զ,W6EEI+BGI$.FQ~:OMC8w nkj=n>`{y @EK^Zl!uׯE:L!{R| ._b3uΡUF8Hj3`Ãwy-׍8&|cdzKct\W9Oh67ZY+Ό)E)ł=0=ԞOaMc xDVB<;8!TP2>c+aޫ!,ϛ[yh TVz2SM|'m9&%)bh/CCkc(vABeY65*Z\,d qm鼒* :0Ea !MJq}Jp#?6&DgqWq/ o{t1(rk=Ac34pC qӰ@(oiS96#.c1@.N)]:㔽d5)Bg=xxk(j x\whS^v䞟H<,=+*G]=iwr ,! ogH뱹 J,DwKr"lC^Qw֠y@ D7{~p8HޮݎSH<ӱc+1Qv!{y\-۽Y79K#bCK.u[qcÛ^yp=D [!;.g5bnlPn(S[$]-&&26BZV\k@u@C3"㽱9|_XjR hPt 47*J~2!dNd#ߡz?v~Fz{ WtkNP\JS(?E .Gx?4)M+h"%\`>f<bl;"ka]'{d2ښ8_F |\{N'ѓ6t;"J$w'2-?C"%}ulɈ&ro__f}1PmC q L1M]MA!j0>x(܀wS[i %#/ gii~hN߽>QGᔏ[[_HY;!갟;{N=&%RVw%/DJ(EK#2ަ+e%|9r>7W6+}yĚn`Fn*Z_ /0лVrķ8N݋K؊ 5~UZZg*[pOcrLlpr!2V2g,RZas ({Qi=|Tg{si-{* #qX'm &3rcz_CP$ݵ 7Iѕ+9kyZ)1NCC0PQUmt``C(2Idj\J٬㕥Y_2fR(L@y9$abCAe}ՠ0M%޺ ܣ]!me򯟻9]mYG\b4h,R&d֒:gwp)&?W+!8X-9:hBXſ8u-D3J.ۅ͙%An<of,)B u^vϿ\ *yŐoJ$F`(?gr*X^ ,iNcfa{?JhLкA? 堻 d .PcE&u0h-hBS/BMkWMfjDkS-.Hcƭě3)ی&*A^I;1)8B(i+W+(H/DuY_窢s(^%ڧ]%.r +?` ! H|#5}YO$.7}.gv+Ku-ͦi~a *'v2UFǪ Úm8o`ݞ>\82 kax[ծISǠ%%q<. SpĤgT/fߩζ%3{|JFgz~4fHQʦUǗ9|+ܔV2V΅韯gPYQ쯩% gf!/o:.r؁D%Ҁ!Orir']bWhse~ Y_ߦnE#;,6輕@fW}Wvޙp[~փ\DS^{tsX}sPfYcw[|Sn1vx<2*Z@9>ߴ`HZW?g@ 34 |߫4b0P>k~)?8jl$jȁ. V -zqJFI}L)P1uv?U5NjO22| ː‘hzEDn'+6v@f&w ֯j:+A~Ny' Lz2/Y!4g.c~#0xT9$ٺ:H#| h`!:VqvgU7A|/l^'L@Vxl.uچKQ2`sb`ld<*ڣ1=? N&7c$+|n=L'Jez8ҷqEpգF &G.36E eCo-# #Pic8PXd[_Ftf]]GeBpk5]_2Y-^C8[`na %sL/BB=ST)L*V~mګNmx@x[ai죙 b>4Ux.(_\S;e~P[7c|dRGUόIC[NI]ԀY3A/Lg[\Vs~ʤ@Ťvb>!ݎ7Xb'o,Y-?R}{$0Ii }ϬwPwy<(R*c z|`RB|p{qxÅ{`^ "?0h2_~5 Det]pvWyayQ{%Ҁ˙jr-JuՆ^I@E=EJ-5] ƄR< b4,XE~ VݚaV- u%zۦ^jE f(Ђ+,Ηg.!*=Rk ~PbQc;# g 윳񷂻_.ݠt41:VᎥ'~GHX)Q 45o8 }B Se}${nc!{2? 2N"{|zQC'>fP/zGu>nGÔV9YMgl[D-|~yw{wɥO/icK0 ߓENxCԴl #iPG3D3L4g#=HȾ0' kTv6gWL@rw_,#?"JC>+%'IEUᄀ̊TcsC(2`J |3]J;GM댾9u皥?r],1cm3?x޻j>4TQ,4> DtQqm.<@Ԓg V?"nqXq 8 +팡`a/H !ԟ;tY. 1X5FIv@zhGeUnvAiҶQs}èG< ~۩J2\c/<}DY\T͊gTjpYxބ>.@,԰Kd` }iNp?[e"be0WKC|ep8PPw'6+\GH4%I:SF]EE"VA'erd N"QAY\["8cu^o>w- *qO?)=DGc)cх9L#iMFv6H5\T?jSb+gU'U>R%x }So#.MEƥ*;ׯy^K˴B8-ChNmx<NxYwnώw~l[X g ˀ)UK7;?<@68_7k iG!kONhv ,1lun'z\KOMVr6`_tz)2jw}xWQLm[HCK6;]]Խj9ϕi}Y3uo ;56Y)Īf&hDZfJuB/^k!MdblP|>KJQAԘzh+lne5@OWfpWibt >3M/VFhCH&kc.OX/&Ȓ37` Rֱp=*Af2իivyIz,A2Bui1Awן抧MW*W7PRv^=ldida|i !E'܌(7;3uzWbWϦL!+w>͞:ge_P!=2?kԍ^Nm p7эxkwKtKW(C^ s^MuDKk/ZH=fIJ[3SUkr;'lXtI{3̺P!?cҫ e6'8wIַcPdZUͶtu}GdTرlK^1# GHg MW!&#?1tR"2ErTBX!1Ah&)`.a98n1[Of7:%aNll F"B$T Bm ~M0С5ƱHˉKWKojT׮'bekD9>/ )dNJOќ?JUB9̓Ԃb4I;oYD:yӨ`+)| Q0\R.<|S@fK:" BVeMxFuWdPFtIvS;d[dF0u\+PH:KMW!,P0~Өz[y3]̖:EOY y6@i;cn=ӬJuI-L|VlI.] NٸWpsr'ZA{CSҥ̡)W״>rH8ut$߮rvjWIX?j2W*HTg鷓;c@ Mrl!%lTpBmW&ݪbj_WX䦷sg,Ĉ& O kyD+jW.(h"Q) ىGZKH= Y]8)೗iLMNQbOx *4,Tb"^CY\nqv$ ݛ6=x@V\S7\k1sf&6xg+K6WӁ. ZE'GN\M9Vj`:7S:Y]³ucN6"$huE]vi"r))07Ҵd.H} zּn  #э>T~za;wbmEmA(IOیb~{i52sWՖ6Iu;P"FpZ? =g./3+YaiUǹe 44dҔocjv~ExS$4r2nq7j> |D%d%X-ZZv`'-ouVm eO XEy˶EGK9"D&IC# vT"6ā,FcŶ40B;h*b"aVfƙ Z[v|ȗEs]F,(l4!:թ%R#97E&|t9icZh^ߎqXT >.S{ /Tǽ;-=5|Ey  ڀ6`pX2~f3 u#[*5#3 V?}OnLDFjՑ^$[g8CuoXUop%?76:cT|`"]L?O$IQ@ټtIْ_WJ3Ʊ[ 5H8XZd9_M5ycܹ߄&Y4AYhH.S+֍Rkܘ!lZ$kĜ53@6ԷH|$ 3<Ѿmce(kw]*y$7dLt65[B^AGx!m2CՋ:W2xtNբQy!]6vc$T_0u0v, ;KOw«ËtљC z@q'+m^ޘ=춁{ڣJoF^pyM@>vG8Za4c8@\%ve&;{U#sXRwy5Z3:U]-߯dp8Nl-wP',# "3}eE;'l5c^UG:1XU=2aqIߞ"&TR U%'rr1Vb3YqtdWS3) pZİtBsZ)6>zȈHguj*9~˘[[kxq;Ϸw|O0hIve+F{& + A(^J$ ȴhSҽ g ǡiJY$"p8+[Pp((RC#2?D>{eΡ]2Vn!v?Ay:Y2co[KHO;P\̖,M+$ pm̋a3L9l7,(s 9EHig|/O#ڢI'ǹNXN|š˩qڅSǪxq{Sn{q%FprDbMԋ V͞Z`SάG?ۆ߼d"ʋpo#$Ob@':}=ljzHf&xt;bx`x߂kԐ;v8 -F\Uۙq{=YdK4 e=% $ÑB8 s Vux؄UTڑ6*8pMٔ֯bl /,b͎wiމi؀1/K7P%FTmF+_Rj pk؂[ߛʄ:+=%0ܘku"|㙮yo [6h#/ESkW%gjS6ʉU{uP]E)e}H zne*1 T<8A2A{ IbvP4邉}|Qkϫn]ż;bփ&8T*OD@CJn 'ItPjT K.NQ?oTMDKPHV_=紺g?1`bQݢ 2s\?GH/J0@Pqb4g#5s= Ĥr;TC"@Ӊo mh}~,CIc[QE/<#>Μ$e0#\7㹢M9@fޒtp*.)bHI,;J(%Xh-nmoWңR ߡs7+1g.)?M*F|br*:$Q>7!DA3W(,&y7ߊou=8Qb͌)=_w|j߾ I3cS)Y!--;Dˑ1lYޜ;xJמas|Xl&^Pϐ 0DŽYPP'~z*0:t=Ѝ2 eZ-L<JږՑ6 /elб91P;Cr,bF%[ Qrlj%"ßv#"Ȳ,}p!6.XO 3-cJk9_s2Z e-Kw3,h{3x}  H9YR cu"BA?T[觐+2S-ZnXNl> ]g@b;^x1'-<-[Sr足d&WBuLA ]4o#6>ekkA0t}//{ pa+xU[MUݯr:VޘbG>?McܝcN RMi#ZA`6%꺷1̓ zTC4{j#ESmBiE&)Qzij(Dfk3Ѳ6p^G͗٠Uj{_ܨOȀq/"yv`0fOe tv=ʚ槚'@ P|t,%֕įQ Ku9%DvBɘx:t'!:$:s<ʏgd0PP/ރ8~6v+ L*- O+tXJT7uߏWND``ٺ[&`쥭@SαzȌ} $xdÉ/O.@C9H0uy*FS8dX|CQJ]ɮu^೺3NuՈrNX!J-kyb "#$n0W].Yj8 YeB>Z'Fgp$V, y)5?)aJCC+Cr]O|펙"{K`$ ޙ (BȘyҧq9OOf){ /[GRԜdϑ@Rmr!LY;%>Ҿj~νqo^ (Bѵ֣1Ye< WU&M1eߗϘfgkԸ(G$"֩C&\Ɯ^uF_/An`'8I Mo`=@DEuA{.pS1Zz0?!nX4!& ~z񋦘(5Uv:Ƶy~4_&R ;.ߍ6El*bzqOrP"OkQ.¨匭$} h}}Hn-@,&(r]Q#q0oEn7[}rzSd@JlpTwv^ۿtivƑ)$^"R/$ߡ<]ϥxUisd+.\p>1!4Mq+16ui;j#@~\oFFL{2.ʿnŝ @|K. YaO%wbv ׹ئQhHhaߟeK U`䖜Tֱ4qw%/ i:hDGk}}clͰg╽]F|*AiBDyb*0k0^fΗH0ٕzPBSYx;ˤbv<ʈyߡ״оbw */:,dukbK!O 1bC ԶPRʆ}rg7+]m⼽IS[ +Tui<t~ %B-ǤlPBχnFe/`2b z؅}w" 2\N#,TvȤvvԴ# K؀$uVtʆ" .hK);xw{ۦy+NV y+ 'N] `lΪh}@_ìq_Ь|a]%s I1.kE+\u^ꨮY:.c~gm60wfjB{W-܎5Lv8W{STob:ǬOeLݺtoa-] 8'B]FYE݋HDWfsGrh๒;GI,nLuhyzu k@|;0Oc( uͤ^ p@ߺaP*1^a-63moˑr!wa?=BjƟ$f%Dp3 aRM!R* քJRX~0LÎ/*ITl,Y{ wi]A˜ +:3fs*fYاr=zBh 77.Ea  KBMxV Qh .n.r\!K | cBߍJ%&ʖQ,R$2W.?4ZFʰ|Ŕe:waN 6X۶ KY|pA[Hj@4yM[ h.nU/w\w3ʽ 5@Eڡ"xNPwpvu)$'|ғkP8%mZ0v`lMɇD4l\tRlhځ;]qZPP߾BZ"@ZH&Vl 3U >H>1!Nlu wDt"+;6@ˬbLA-l2'24'o8`{7kYnˆ󓗌J >dI >idaNQ@I-0<ݟ*fr0 ouu.#AY9+_z*of4&D< VTRZ֝ʚC\1N(e&޼}q3/alF>h;\ RZ6ٽfP oy^.*.QW#QmhU `yU9{x%d^-u Kw;MO 7̠i(wf%kԏh`qQu [ZvkVM܇86"f-A /AeQÔ|v~#8; ^O7ef X tGQǡڧ"%OCGS'=y wj0Z.$2϶ -γ յ#'xIgS ^([-tIʍdqvt W_.NRD8. 7PmۦZ"Ա; d )%yu w:}T̉i&p3H"xd:Hcr8E8ף>"DtP >:r;CjH?.B\#[K7J|߂lw 5fZ #^DA϶hov<2-`*k.䞠~oܘ%5|t&7Ayv}wcqVU9}Ał4df<#";(k{@d.cc!lBd?AI \mw/P<\0躯XU) g)G$j6[fդwGq88xftq|hf-D)(y"oR,O ן<((h>zvDz-w0~4h9^7J*Rp_vr:teX?v{|ȞӛCjo8]`Zʥd$ͻHEp鱢畭 4_W*9*MqZp~ Ús1}!jjCLGJdXÂxzQTk!ZSr !MaV_Gg---wdtSA{;~#4wn՚㛽,E?^pM-ypx[ltD..TG!ż]rZ':œivAbm>R߇Ϊi?OllF@ߚQ%l @km\xw8?;=rdp"ϧWSrvpڟ⇎zs5ሽ redK^G"`Uq:S{gI^BWoʐ,ЌSFQ,\-7yW7~+'`=a[ƺ@>` }?RS<I&)._6ᶴ;%/*1sz(+`>?hRP6GgWÛzC*3Ak$wj(+,tJkP<佯 .p5\.wWߍa2VX^N)5f束#z/pB%w ӟ%J[5J Q!ttb!*hmُU/ܜ|yY]̖R Y6މM'FZ 1{+B玑tG RfLwU(1эd枅L-ڭD7Ⱦʺ~yrZR]w@X%!OncmQhLnoJ:̉2L.ݿe<Mdұ/_kYﻩKR^u? j~m`oǐ! brVFCMuXMlb,um1Z=$lBUf NujF]UTJ:[ᰵدVz*?VፌXp֭ö/Ogس][|OOA(~*!GZE|wa +xS ";q@뒖)7[{4|݊ .I7n>AG%\ t u#x6& *˷fAw苒1ߣ_qW tTl`NiEh S d;zੲ3gszuh? P/ƈF\JNcrfR~!94pu DJsf[C΂-a,m3*=PZ=ۍ}4nV&: djI_I)Y5TJPaG׆NA< KwcSmkz?!+1YmiuH""Lwi't&?Qbl50`X+Fk4*aO3[y{JIYgQ66lN4?Pp%_DVYsܲ40H]X ?`7KO1㨊n,n=\iEJr"Rw~P5;cPKQ$o)0ov>?Z9͘K}6<"AȪ"œ6YmF+>#7A.Nt]:B8[Ml/ݷEF(A>X fFj p+}ec^fkXu [ p4# IzybԙsSgvՙs34*$.xÀ&c/%H~u7LierNfjQ&TH8!51L,Z/ިrhO! ٝT-,L2oV[{WUISQH^ J%ub*^d*ND5&.#/T72Ap|w(0lI͋=cM~ۖ؉ӐU6YJGiQ,El8O yq ;۽SH|+jྙ-">$T+a9%mtvjߌW4٫;jV-X{RФ$B4A;q8zcrP@ p\ea2N2=]B)&X`}PGxwxܪ{X|aM?AC,#뙮3uUl c,Nw{a 6D?"x#b@(sS aОC$dEVg;)pO SBG-r6c0 3ZehB)ƃQixb,p=eDV,e;ڑV A9P7xf?@$k>E)Z|^~NãpOvxc+39XiO$ψJ,=.%gb,xY}X@QAToIFjhi:Pq*Zso"a)K/q rZqJ:ˋj$\W1VU2F7A("*;S?Ū- c<~EbH@ᛣA ]S/6;ڎ9a^Vq!)F+LQ2-1O<Jx4qFKH5A<%H X8Z֢,V8^L2{јt}*ÚHMRTc%Jٹ/uIs̮8ݎԝ_9Ǭ sX w;,v8EpiNJ] gxN\78?3iUsġV֐2—4^/lWfY6=9J h֋V+FVoz5LCd6r/b|=3*")8D1'P+(2#u#` 0:w>>0&R pcxڨ:+ 5}jWT9z zGڒ @e:D /Nң][{oN0: =ŕ3='*Piw4)B⎉'@?|xG֧Ћ}!U+ &BГَ8XKIg31˺Eޡ4Nk&16eWx~T'D")zDяߺ]<5} yHMW{/jNg#J,n+7{ izb}:jҪ sz-@^ _6ƪrv3pՐcu X*qx`R|/VHm4tEϙey ~&޾翘(p2sNNJv5bٱ@s?Sqr2+3# eUJp\ [z;2o&2 !?^aw`՗%Wnfw@kPƯQy<9}z{Xbp{ԑ'#ޫ)Te"LZz~Pq{Oa*"?&m>Hf9I76 I&X J&lὩL?.)Ѭ. g\CÙ\\p΃ܫeuT39 FHF^tq~d8Z֣ZW.^QEb[MLuߟ[B4Fuq2JPi aYMNᦱ+ W6ǕPwQ%v| 9j(eLi{fN|FrCg}UJr~I:l5k&p_v AfᛠSKx]&H2@xhHGn! NiM V6j%5/6 Ln0΀i419+|׸(⬃{ZۘTɛ_, n2օBlqD67<Ûf4Qf;AM` FUǷv笢TG1-Fb^1YVhH="2p۟b~DlUOWJD("b\sc{Q+ɒY.ƥ=39q9ۼo"? OpwKc򏡎arX/陋>1ܑpQO!rgEԑ?74uĵj.o}kIIAItPÅÌ$B(^h<ъJ>z" O"1_rp'jrL秷'Q˵1ot&-%z\ri3{ 2H;]LGۛ]їI$C5|]@R|:[>kXRhhfh U q$aW6cd@Ϭj cj`Ft8 )^Enzƕ+E~G$RS 2[{h@;>Ab-Kysͻ5nnp”D; UA칅7q[2GQh*Z5Jp[,Vdw+NMAȤIn5o6M*tzߡǿ. G V(o}GeTk33`ɰ>bmxte|l)g^-R)wuVkF2[/氿ilV BCpO,= e- Sp LuCF'li2\;S}NNt::hw^m*X.) $$%立PωƱ>`uTS*el@(>v"YݳnKܠTVQ} ܅=ޒ~98RB*x<Ңᵮ[_a޾Uȑv ;``XHo/Bwq(G}TuZf仟m>_i' a]p4pyk:]5g=Q_VbPtFݏj.aWV~vXayc1~F lmlT:GOHgږZݛM,bu~D0cLoe#OGkyڱwAt $.罶WNyܛ .hĩ/@nY-";҂d6HS ݤ҆1}pw]%;AM>{Iĸެnޘ8\ޫ^fF0PPBI+IW\{REQUqw]I TBXebW͇.I}gmKIPsEj7Q;c g1g2/צV<=6j9Stt,;`W} &p;0` Ota&Aɑ@y&d.e]J.fddqz׭H6"297Zy#(MEK$?f>9Yjiß.>bBQܟKc.~GnzP<ڌjJDŠêS৪klz pyh%/;J82+n-FP̘ uSyg>eg`v6.R`6QcW|TN^l/I(v?w422+/ <׉r&*߯+i賢 [ ŰUWq*n:N(eƯ~*_"J:[-_?W2G]*4.{Yul-EۦoZ2_nF`y>1lzLH-O"s 5Nm^ZBrklFmFM<\mލOU%RK# _htDn0s ;矠BNcS[(in0;;> kms'ā,\NB&Fm"Q@zP@\"xdlY8}85z(=7J@x,zQRFuL9&;6'\v">Wזߞ)*$/3u^c ,?΋ M2IA(1 aL"f?H|Ir5ޛRo[Sr#_4o>м,=nW<6"ڏ'TwjЀ'JM).!No`h*>28M3cM~"u"j↺|fOJ8veEJ@Kj1V8! AwEW]U߲Ko0|΂=/{-JSJ 5b М>*ǎU`٭+KͩO&~\G6n#H v2~7T~ M  Tƶg >\@\QC@yw[gDevrI>Nk4DAΎ73R!`vȭG2n [6Љ%=~ 9c6 'А&f+=; E_@unM"ުsS {`Kng# B-ə ;<ccHRf`O,G 0XZ#+<ް` E4qnxtVM :?Hk4rvj%f[B<.faWI'CxP$Nr4wa~`U?5(E[zY'I6jO\4:X0}@'?{viJ%Bn[ j*S$.rR; cZ3nQwgnCo)|?|`=bx,P"l P/"9ʗ2PQ85'.]>L@5 zV"VG08?;3aon4 JN ֱL 2 pArz[*שK HvDq&s ?DV&xRI#uΫ ;E팁pe&auj͆e \#D&Q-NNwo ^.g ]?$ZgyL;);ŻX9yg I(}Ś#;m\Bզ|Y:M7Yއ p SK3*Μ71EFp7A*)_"6 A*8^nquG670oddA<ҥ5l(dXi7MM- +|P=a NLQxF=]ߪ;A1}Ők] : Tb s΍ᅵ()9 6~E/bbH2 .5E7+v:]d N@ (#س(ϟEt\KҝKȨۼO[ewf;2KtL%/@!}YO UU$ W)7A]QJEնaqHlO۟VeGGM>XH™#{VuU0$NlukRr+qgr2^1L Ծ~4.ByQ`&0MW+ e4'l^عt<2I,+mT?24 SuUі5M@x9QJ ÷u͇>Rh=VI)4д+mp` STSeFaqi*qc"D43d1?eJo@ˎfW#L:AdEuהֺ9?t-s4ܿ^>fc'0a-As%uB 2ou#m"\͞}[=yO1w-NuUkVQ'#"Z$5/h6ʄW6F8ΧMS8.†C[ f;2Yo󳕡C}B>vKQd/*oC癙w~J8KFnsˎ~An^HyeĿOԠАgjNLtqnc K?DN֓I_rS]-=tfVWbcl%U`Eqqz0 />k]o3uF݉l rjxwwٍK k)n)Xh$tVf ,Ldkuad5.,˜$6 3d,aRr'rLxkRHF$) 9B{~9WFˁZZuX.k..wpLH^e9(UMmzv5_b^ꄟ4X.6o?꓈;)%7; n'Y|OK-0B9j 8o(/3T BG%Tϰ4t%narT&~a =|1$/;sub*gq@܀=[gVbګV2mx%!\|"q l#*{UAǰ}`ZZ:=3:AaSԇtnk[T0dayV>`bBwcEqQE `hܷp/*C.!iW/ ymQ/&e-zv=iO2,E۶Ȳ~k:$"Gmٮc'.}8&rF_$sq"2t:HgxD,4* # ϡ\'׵Ilۙ+OukO)|"^gBqgtO/5E8nM\6\pYWhȇA]X,YAieyrMSbRi/_2OEzRї) (<Ө_ed&Jc #z~pSiɞ(DV} Y\R OR7NJ3bKˢqά屏O1M}jm@eeZEÑrR cjV]nB~v'cE.G:?_=:@&ElퟚKFK% FXS= 6ţ5yZ2'y&̴Z~+ыw_x pkgzQjO4$~;]0'5&<$btꋔ֞Kc҂},h9%f+ WǨ[VRpN:~@Z{Cs3ĭQ_\J8Ά{DDIdut@X4DP>xPzLjH`NTD&DViChA%G=r:fܐS<U'zठ8!fjN=f.28oG)APomY*ܼ K^?&N1䩧sfuyic;N]?򗋉{ki,ct{fAÅd =K,K v3π4 ͪڝW5 ۣLv1?ͽinmtꏝbQYyGV^c lakEhCAIˡߌ/:,š~aӅǾZg>!W ty<"9.Dg46>%͐.o 2$wRX Ri'tĭm_!>X;L4ec6kMɵI4vy3yU$Pj&<5W7c",[B.m2tv/:53', ]V(vfÙF.&zKYߠAʰg%qf<PTyX7U{ueu;Jɦ=!>>l#)LU52 蹶@ER?ْе \gҦY  @ZSseQe9'v+kvke%&tz>m\\$1Ǡњ>P%#$7s!gy_gL8h͍AњkZ)mNGj'eoa?}G8,>#uf \׼Y<-;W+J,!i$Laer킰9ؠM'%=aܱ{hGn8yEDGue, |A2D&d|&,^K$DfXH <T9ɏVUWV c{6ӰuujE(H/U "CWVnYdz&X- Ǚ|ɩWBq$R֙=j{CR<=η4g[ v H?`q1t #[/>X ޯDnP^rR({엀[@^S' 6+8JjCVѵMX-8޼#]K/$M45ܕ/ z!H+/iZ/+ji0'b/}?9?̜dhI-}8ȡT^2ܗ,˴i7)YD)^h[uqO,+*g_ptlī} MԿ~fvBk014;Jb]~ ;L ?)VdE9"Rn@8بe/~04wU" EfP/Va19B˱';r*HiN{76kMdJRu0(Π*z޲FN*+&.fT Cpl@2MuL)P | ͬ] 1|N﹎a_Dy?Xē Dah?'VxDƵʊB:Ǵ9L36g}JP𿕂x:FA ]^ujxpa ՝"@kmvݞFˉXyPg R]{?(3Lf(~KzNa3ϻ'{ U0%7"(< V*u<_c!0iʭsyt1.:vJ~iچZ : v1AϣT:F?xq_@įR^t\*Ӊ9` $5}816\wV띠a ^]^RD / l  d p5h䳑\0!FwmHPSы yٻ+n;[΋h=~@g: /F]*1 6kKl [+66Jt~Nd&2%Zx|p=6 7qUeu =YwSOc!Jzr9qSQĺȷm|'v`6 Sr5ݰRE ?cSBFczkTSK:5TlkA ˵]_ÀSk:]j Sۇmhy( Kajsx57Ei<fI`uv)Z)Ț%*5n8&/ȳHx" Vܠ?phfP87Z]JfAx8+&epȕ*# `ExQFZ\HlжVAIG U#by+I?ZƂNbt@1lHGuWPPnS]{sɊTĘ+vpz.{F+ 4՚`o=DFŸGmy b`*-*e4 +2QOvmEĚ֗2}= 5 ꑁ/zD>fC4*jlU\/; L4UsƉğ03 }^,ػmnczbngOn+~z. <+eN46@`=3yOt 8hulێ/e<9'7RO%fIE6q6GVhd-KRu|>"f}.ƧէKZߦ:s_`:'vO|UFyzLe->{o¤vTh́2T{*Rw֊vfK2;+!YmcDC֫S؄֐ %d;ʗaņiC̮JVj#k5l߫ҞPhJ6Sf܍!WKn`{U d 2qp PE5 ҥJNjpN`r'{XD$UJ&^W?.z؟̜vTq %ڥ] S"hF^M{%]HH MKcBi<.ӼĀREKkd;aFG*<|{EК=N6s-cpǿɮ_pk\^p\ϜGMI;;eWX91wRDI:Ə;HpVn9E=`bCfHlc2&3JQchcAlWIYNFE^urFμ19 NKDްߡkm|18:^{[ܔYiؙ~wrQH'LGv/y#cKO"hhiTཇbee(T hi,Jx37r'{`:fdOkK2 dZ0"e?P(%@Gy3s-i/࿾B } |6{ ;QY|n47e -7 筛ܿtQʙ%:jS{V„u씭)@ SplzU@(W= \6.;YM.ևSFQr65+M2m"hdD`*G$m:@j-p(r '8a+}h`DJiق\oSAPI]fR+UDZ$coI`+Z.WW͋+9=ŏ=BfxUyWM^-_[yբoԪs¥< Kw;Xy7p]m$+S%(1qz?ʽ g_ f d&c~fU18Uq勾WjlKTo)|#/Zd4>D*80&y x4( `o ,?WꦺuEYZ*.u5VĻT t? LN s8`}B?C"+߈8l)|߈dGb>4 {,D\;U}|5MD#hLLY\|}ˈB V QGgXAckЋJe óϕ* ״/U܎`0׽RX ۙ뻓t>N/y|غ?cr՘vА0 n-r"x zKq-z{ꄩ`'^3S Q`iE88 2l4mt{K+O'^.$3y~avF Ql@#p4ȘC’v8TR &>>Kip*G%E<Δ@U4Zc7+bk^$PC#\ `Ɉx6WŨzBK>sGD[!H͋=syyއq}pnn:e-m;r˳`_AZӑ+w&U + ė ,v)\{qJ;P`^ou݂3ɡLD cgYh$eu]é}Ucbג>v~O$#ﭪ G /w2HD}k.âSz30!\)AF?SГg2(]gj5}7|l\AiցF=/x8o@P BҾZc KԊ9B$깓%#ӯRu^~$A,U3)ϕ7aiIٱqձGc >;sWwvrrtӾtHw: /h'Ꮱ \)Z^% X%͕TR!۾(5Úa ItΐPѢCܕ^$݃k<0Hin ^bQ\i!mf`yJ7' #\UAEeY%k~a)d8U۳n qٯJa7op_frM4 %i[|p"__hIHw1r ޼_j2'DfZ++݊22w$BpT$59(ж<}v)ő+uFz }\1iE^ R)=5`UbVE?.cm!?bXPEW7咰:4wlϲ=kpIG+gڬwWU,.W/XhhwlFR㋭H0A,i얉Ohe[:>M&(~oHdOm9Q׻=8rg]\ʜ]OO(`%T1 9L5!LeH]̳w0ĥznY0jos?n2UI6 =mƧ+T~iK/*B}*$(|C9q}./ƁBy1)kɈDT`$)8rw} 0xVEL0`!;MѨ`3 ZX&.̐"© Ѡ!;-4""}4ϋ=dz{^} Zڦos;5w^-gfiARښf o4xزE Bi^.D+ NIs`$}Q牫lG@D)އ,_p,hE&J)_3ܞ?YA’óC3Dsqa٢hr k䐡ъz$id".%}7 sc:5xir]R3} |89_e3m.b5$.INipDPg;Kߤ)-Sj;G?YwXv^@يK8pt]ZugٙRro}E*•;{j %Aa/C1۬.|:FC6}T0\-xU3zayH6->;2DS8MXO&pWIJS".g& =[r*s S~J |js#6OkQE+Vx&Ϟvj:T8NK@:"k0\gMA^=ۯӲBڽDbhKt8ZCҤKB-t܁2]ª"l:sȏ7SM_]$t$5{S# ^D#֙^o1|V ={dIhclEy!/ʧ8`*yEY8}o5$X-.xDǣ6 U(; ke{tuZi Bq=C{G[\K/SF-7;ˆax_(&㋓FgiI4c4+w算W37goE6up>|3DJL i^>0L̎#/e i 5խMFylf5*+PN}RK Y{֚u5(($RB!iHo7`I(bݱEjSn S!|3ipGɞOHl{KZhUqE qmJ.p zIzh}rG1?ֳLEZEf0қ {gqQ9~Z)7Y.a300~.?fL dJ*+5KFk}^Gô)7hb4;f`t3}mf& ZUU^c.cx-SL⍨)Q]ނ:[h} lկ}4fL9ou5[A)ҵ9]vڪN7d O2nuކE;m8}VR W crY֭,G:v]>.i1;AK(ϟ.o$FfY{ƍ7!'ђ Cǜ@rimY+J+B#}i[0"cMGZEWl !&z/hHd{ L癬 KC8Mb w{2Dr聈uLpt$QqMd'AA0"odp#ڈ=o?nT˅ M}"Nm{ (ؒjf}@eR#oxؓt,ʇ.sOv«IU 205hUUh 7eQ\o(9(Gl`/F}*r ޷cran&f"m4FӰ 74_奒;X/f2+8 _D* 3E`Re>K~:|C@a9=4ͷ=AŸIE2qwbu)cZczcBSsqa{% {Isv!VSy ];_5U9ǛɃ9w%_0S+ K|}F3;ۜUg=WɦZb7ݟǩܭoO3 GO8z#FBt7D_qN{o'Y|ʗypWN^H{r ^V` n `f N]"j{KyvqaMLLnr^xN C.0XqVH9Xi)pC9d2_~+_ԊHj.hd@;Yswu^[XA97id@:aE*h-K&)g@@U\GloYOAe,Bڔs+`zzS qѶ*xgBlP(-_WCx/0su`m/:vd^K6ƢKN\7EWtQ؜ݞPʐ @6:@EYMAYd׾ qzW1F;P9&)cEu:K8t̗a Tm6 PQ-UX>quu=~qY6 HgM7^8TvtC δˁ>f]H-ܪ,h?Rΐ| ʈ+R-k,jW= >6I~&Ź]6{^L~jt;0F@P^Q!yZje{zh`:H~!(+dU'vif ^\ i[3¦%E6MzA[ATe_6ZgGOe4 @!ש5oPAmzO׬- ؐӶ$'Xe]x(FL;IPJTP9ry/| }Uhd4~,s"a3\45t~˨ay['8>rWXHJVxf{qG{?v#Ί|Wv(:(Qà}2z`x}9Yd{f&K8М5>TrgrD_]8M4%3r n;X?~^X;Gq-. PfPIn j 9(Ǽ`F{oJMFbLB#?enϠpa…e̺'oIS^:uv|YFGg@tu)v0vyK1ZIt6J'v6բHIWT`C9:֨;떶 L]l;~ 5/QG>BdoIZ.^L+$[MkS5&s[Ք;ip}9M)m|?ְ^ \_~*E/K^9t.{I cS;8m IWs38iN(']\@Ư~BįKx>Mmq}u<;-ރ{#bNA^@voZ\k*;d ~Gl?]X12R$kN,輁5FpGJ@gKĝޭy3Q?AI!)cldky"w}$u5l =dύV&h"-Jˉw?)-lV4UujW>_zI##ÀTRc< Nilߓ֔cbXB#HԾ|.RIJOD\2I+%h8l&U]]ŧ=k|*-+Y>q6L|6?ٸ&:Tdô=܊X˝My|E4jiUBZUd:/igzkA9=*֜[X0Ykvw;zM*B_ZKBa>բ‡;TUKT[݉O*dّ4'Roc,{)Cߢ |A-8niUdsn=:PP :\?2X;jwhNoź)^}j+bļŗ*b $9ԕ7U=GRr T}r2Qx1g_E VaORI 0{' $}MO#\Zy .O[zC䂧R)I-])f^~,qU4Dp̯c,im+d0Qs]˳-T1?jNMJi"UޖY&/eI)ځ|/1ֻ {]<6$*Ɓ[(J'W5%h()J3n$$NB{JeԪ}C  |kV{` ޤHh0n%`BJC-4'~B!gHFMi~B.Hc{᦬-Ev]JTm69Qh6a߂g o.> p4=Xk q"4 춼AˡЂ73JFo|~+_RNzXPFAѤ9P$l-͢ a|Ւ!aqƠUdkI'V@Cd1%yFwb;iwD$6x@Z-ߎKw‰/p6@#o *5TMxs>mL)ߏ_߷)ڥn"AzA/*j&"'3[x01-,S=acaACtv*7ߊ^[AP_kLNs5#i9"L!C^ Shj4%YsDh)*p`(sc3;g& ̒1rRjԜkn'ENl;pVy#ؘ?H^4c}G2 H.puKb(@+v C!Z|SL麑J)Vqx?F̳[=w417\f6cAV!J@$ڙKD>aEw0+n VplΟ/br(2h ]RLk?t+6NTV-795`v٘vg:c3g.=N4Ik.e/`rmZ3"ytak%$zK6w҅F8 ? I[ܠ\}'';K-cM֛~x؄hl8K] -EWRhkyv7ŌXڃ~ \.Fd|ӰLOMJbao 7C^ T:X {jN$ȫP" 4{ T$g12Qcz*g2H(!xΜITj2)*LlDEVSCbj@ >f6d}~X''_(Q::2NGb2ݲ|/z%i ȉ{nߏxkZLX΂/mg0>b3鎘bM@b/ks%%iԵd,WL}{6 Q|/OwJ-fw zzArdJG~κʿpX( b5~n'B@[39J(YNQDR\$q70Al>;'\inG'ԥhx*K-};%?K-qH)1APҮi /FySQ>ːS;!D TA 9zTsaxњ GAu*@ 5<!BdD3toSQUުO!XݹE[+7ƖQ#`Sx"N[Blj5XRC RF^^IM¹ON&(L 'h&Vxsqm:lԆV\#́ܗwJjOQp4t|&j)>gypg\,9:2`< hGGo ~k Š|ʥ=qH"lAhqZFx]rrwYWT0Zwd1<av'3@z\1(˦]$Y–-F=q'hC^ HHJUcHr*LNMª%Y=J]چC5F^0yJaJg÷x.NhLuo˅hq(sn(sM->͔M%YkH\@%߭LOeV`o4|x(RiC^Njr QiݔJ٭g` >,w,.kbTVP,yB4̨cmJCF߉^(*Q+p*1s1ҕJ-=*6jkԻ*~Jl5{X]B ŝbM[g0:/h@G Wj* ߵRk8wC>b[yj]& CG#3Ĵ}MҨUbt7sy<'Z49XӁMo8=UnE c-JMH ?VARWP_S@. _32j{W\ =(g6cb{ dn铈3`b31i"݀/>я6AqDzn͟eY̽vm3Ğ4*K)lխ]> )"%˭eT4?ЖJF6Lh\?м+bg7 kE7}2} $MT? gėwRksҔP-ү &QNz#[ɂQ]rR[w*SGՙ1X'^%\h%AAuE9C`m*ګ|*wР~Z^IcYmzPVjx]~K u4)ٷQ-1lP$KaE܂:υEj"o4o/][%R/tXtF~#'HO&}2oP*ھ9t5=˄[Ȯήǵn6Uc<9!l;B3K\-[ojtC#CäNh6-ow (qyMpzL| }W9̧m}WP8ce;t5qYsͽxUa'j|m~g``ZE1g 0 .~;a҈HliY@& bp.M7`7C[m@\n$uM\JЖ)FJ߈OnIHMrIvKЀ/$Q`mTCƏJ6nRPaFV~6ZkaIf;XGMʁ7I=kz% /1b-y!YKmuS:߯[>iߓϾ2t dIrHMo|Z}{z#Jij}c֏g 15_>C& ]샞z>:b&͔+j\,n1Ir)ri2•C:$yFˌZ_@&STiHؑ\2ه1g}9W+ttwpbJIk5"_|>1ԇu}=eejލ ?6:!_D5J$" aE{rPPU.\^vQ,/4ܵXJGjȏ 6;e眆ex: 4*BY\SAop L S8)#R;gjCz94J8v X*8l7^w]B28khQ|G0lc0Y], ͈ t dohf| L OYrq&ɡxY't% s.סWHe ੬\C$WJFcx0b" ދs6`I8q q4o |'"=Ɣ፜覒T*C^`@"+x kwe@\B2)` _|Fܠa (k'n !52k{W5D) cQJ22l SJq#4rSa9Db ~Dq=lC&)4 -4&U Ltti$-l`1\|1ș5m!6OK0Ԅ0}c?.7BGҷݟ]}i$c? Ρݷ|sӜ5 4 R lM<-I kF=/oŨ.@?wP~ 3HPKxZR.̒g_*g4NТK1}l+.ClmR.cmrg }x.6'eO"_->_d7ܘ2cXzY.3Ӑb]DE /MYhH|8ʚ%[L^hg-&ʜj( U4bTbsd k$̗zVnx4!vi4ވk6ЉVMCH0_S<`ĵ"WdeSZt%+ )gT_:Z?8i!:U O^%ʜQAeVBl637 p brx*sHG-K_Ij?+M#P+qn!=4>Y<mtmHC螙jU©O(M8ZKlGL%kICDe+֏apPF%HTG2'#/_Ms2" 4%ZQviFp,+:M2(Bg 0x af@ MŢY'r4;g3rM9/6g|0mnjs Aj ?=!",J'P= . =k6a)+䳆jc50^P}{5DKRE3,&,20aK 3sˑEC}ir`$^16^wf@wGl娻 <" \r!KˬN J1(G*l2owߒuѬcw\q~a+oE=~/*t( %_ DsyCe"+G-o'$& Ns1R5|"UqgUa4A!<%7hT^ [?,p }J`fU S^ԫP,!%O *|rpJz(F"~mu0U/ W |pW#N=ћaCA|P#/rxR; {yOѫ6TF ܊H_vZS'J=e2ʡN|I*$-0n DNZYxdRJ[Q3s=!?%5u Z8MN6$*ZvD&=z;2Yo{ݙOonPhA4R ড9nHKV'A7;zn3ɴ;|:Ie/t6_"0}@ ME~2C90ctos ޯ-1ћYlGUǝ`ҬSU_ AGv{G:ez^ʟF`p#j $3u{* ~&&mLna]h*D,3?R8!@״=dIL|I7ߛ Tu,Y{}Я;p@ hC9ݵzNdžCԣG/:BͤmfQ{}u1]cvc]1SGnd35C$bK] TqiD$.I`墺vN/(HF5olN Nz&pyTmu23Vɞ:1h:>l<r7DL ߉Yy4Ma;c{$]4ק疃3^ؔߒK. s]`D"ZNyRPGө ]y/9q Z߃q66k T؍G;\wJW:^ *3fgC/$^:i'LV1y:ZVʧ1DYxp_^Ћ| B&eC]`k]p 4y29#/N;FTw@7r4(_8x3vSEGG{1u/U@w5Laa\M314@(1uFpp5Bw=yAjF\%y-6|ChЈۯ}([{> #.ɬ9[4Z)+ /J_XuVj!y@ILĀ /3ddžiE9a6,"Uyl\)f!]N=\?6z׎>I%;r~V{u`~K :ÊL$`HKE򬏚s)Ws yPq$O#YuIʑֻM>{-xxT>1ނ+ 1L (Sۦt98EBwp6i+wQ=a  *QG}%e80A:>&@Nⵜns:/iR>ADc;v ";"_\"r´GqqNN~(5 ^}Sv`W5 FQYx_=y]ZKMpbhUfEuи@y@^+5A}CLeO a{g>KS) bU39_T ;W!^(#  }csQO¥_t$1]m~@^Xߍ$ӥF䝘eqBcXwɻu0ĂǏ d"e]a8J&TcsWt䲂#ͨ3'T;bGE]Fa' 20cXpZ˪AnTɫ:Y܏7$0;~20;ͶGa 0~d=dBt l^(,d@2VIM5._:ԟn!)|ʲT$puaH(ßXۺO`륥)nRܢ xi0YG(7*ʂt#OܰʎX0L}%`C Z[bxEɥ=tG,/^ <؊s̮}'N!@du< :zQ jRg854K1Y0  ¶2nRHzUJg ݤ!K ;/_\:}xx;Ip;1m:23.'XoR[*Hh|+_q4e0`mǻ"!ꞅ~$:)o7!!.ڂ… |6`/ڴ' ~Lb_"ȍٟߴUSl w׀y!O0/d_sw#CM73ew3W$%0랢1Qa]0Wt Y-u(7u"VⲂ@a{>dlm/iuJo%gۂTز >fzamYf,Μ&̖y_|D\bfma7g|&$_l v8)W.$RO*EbĂ\,sV\:%@'zU`=.zjAbK6rGB'J{=92({VGDٻ8IMf9gӿ= &ؑ,c^Cy@}4Ѷ~pAl$6_e֐)g 6'3gy5Oty١d6$$yB\W[. J ;_I-[Aٿ H~xQr~CQoK< HENxc4M7I~+2,KyYT*Goco쌹z& HmߕiOHj"͊^pᄆW7Dk咼[:R;j˶WQ Wce^؜@ŐPMҟ\M|#]&L w'hL}Lj] 8/CA<0o9Koksַ[.<ʂEmXbqd7J--K{Ӆ"ѣwu&Fn4)Rl vxށ=fUR}PE*v5]N0T3ѦyzEI?)͐ d]i546qrcXeLwDyaV"{dML@<]T #lB6Ti#/e wX58m%H H])i6K@q5sw$g=ENi :7{"PY|5b :0%e';FU'pY]OJ% ڃ]⍠""~6Um8pIAPSse^2s k+^4x([((%Y A_^B.cj`:6U5e/iB|EY&*AiZ~#<v7`b%:5<ξ1@s_{kFdfəHVkSe7#^qgRYU^TLL÷zw3ڪQ&z@ZBOw-p!oRKs$xʵ ;d@EهR/&g,,/|Z~aT@!Fy~ ]ߞtFfv7-3p|~ Ѥ/J q &jGR3]rZuP&L YP0h G:QbyP^$Q"X*AʴA%R'[CEe$joRjx5Ɓc(YFsK1[!Jw4;= Z]wpID ռ%b@m|Ja#s?)/ԈO,mLt6'9I_(b5QG  յKѭp'Y;ˣA9þ ։3.VŞ c?;Eg2Yߩ6*N(K eZy>_.zR!FV̼ae1TULɛ لÇY}/AV$.6/y`un݅|P'L(mg@ ?5kֳ4'Pֈ0B%h{ƪЫM>) n^#V`B"u֯!]EIsݩ܂r:]lL;rb#$<-^< N;S Z /x[dxD҉ ,[q33}V7b _ܩst ><ǛM_>7M!FRǔa~jbO#tk<>7hnx@.\eܳ[ɩ9 wߕb LJGD7_jɱ'C~*GXsVSdbu (oȆrIEF\8{[ A;v?8svXiޤpU2;G[J Jb2 W"C%#B&ea4Jj.۲Cf: D"WY,H9|as/Q< 9?81ųYa/C4cs-2xϚAALaj'`)P3JAesڶa_`R'츁p%mf7pQ n]̓% mr9 .g>8azXBՁVz,uoacnnqq/sYGUcG]íPvDi|啈AbW0$Ӫj;ub/j-6bv~[ ~xEmC]&45zؤ;uIss"h(HCz7in% KCWˍ1BqL{æN^|DWc3Zah4#N8<S'kCI` n5~YKpm ywr=zZm<7Q~o $4B+ÅN*ax 6#u`F D$`$┋B6 \#M-20LoK'#H0z >Ѕ24\Hwt\^#q&.mXQ i _M(Q"+."2$Ԛ$RʹP+ovPjOK?}* au Ƣ]ṭu@Yc/fŖx:yׇjHAGCAћVm\iY}A&WmB:}=;1kzz!빂 vRYub]n'm\[H%iy",Fs&+vNC/kRUd(ؐR 2CU11m !76AU^q~Bsڹpi0 HQZWI9H`$>0 5uuyQ(`??Kq qx`5Ytg;M^~Mۭ;R*̇"r@ou"^B}1/Lcۙ\Oc90"2¦Wxqgv]dƏ//ӏ5%\ 'D5V#ďU}$dHh՛V.{'N-bfїlMmLj<#iEyɋ/ѭVtTXz,_2+r@.-+v+z.Ġ^C\/z(>^7]|>ʨ0mKJ5A<@=HW3vF-?/q1@[ۂf8HM2ZG<79M+爄d!㍭3C'wPuLK4|s#8 LǴd]o BMQ;|kM$ctcgEmHOܯYvOowߊ Vk?Bgz]?lk`B !5Ɨ߱hK~y9 !I:w yU <= R0\h?M)WAGj\4CF"zˀ$wCy3龆AϺzpyx`O?nB=2lw^6@WgW;k{*'I}z96SUBKP2JP:CwLܲ$fu +gljncH 9Z1b"̣g=7TL`TyZ{d_$P):=l#.0ʆ=fH;*rd_ÚǢR+nw3?TO򹲠,[5zhvA+|$ jS(dd8v 6%x԰A=7Ux.;9.cKY"7-R67r|N Ԝ$;<4EՑu[v=~NDrv H1iv[cMWE{d>w=6ޭr j3Cx{ddd= kf?U* W{e_M]HbwfnW ~Z[ޟӖݸ- 9?0o;A'F L&AC%ȣ { w z`ۂd3HI-TH?1-M{v2EClaT `rG h^udxF1!2o*:,UVDo T`D;&0H{!ghW~]pstC)}/ޡ+c_U2ShORm^ D}wllC1_c pu$1}ŦdDC#][lI`-f{5)*ÂKfE/T)LuŧFCw_WE8ʖ͒b?Gd!(|N-9Qzx&89 ?ntO6BWMv{'bWb |Y}Dnc|y{"-Y}u pd|pǶ[re-G^<|}+*$X}`b|#yfemOZphM>$f|1̤>yñ<&g)׌\1O4<@[ $~9 F"pQ@6y  SIy^tJ-_:>w$="~oQ'$STe.~"N܂Ԕӈϖbv `&'<ʘ(@[o Phb}ws0Mn9'sh=3ĵd+@={ƣY SD(7u?3ur,2 !/y>xڜe#^ ,lJy:ԉMsi-]nd>n{*M|b+Uտ1YtrspHl_B8VzBo]~x_A|3[62kTljyS>/̙ 1kn/p]3ZCV,"^%bV`R^`Dϥw!`zp|NSsK>=!TApeiqDZa[ F1WڭY?g!@^K|Luǚ뭐 _see{^Z<ˠxQ.冄ZTYP4AƩ<I`{1&n6ort3`X)e]\U<>i.2tW@`:Ht[u+My{ehzcQdQ4iFpJ}u }LͰ=- $>ՓjiE'6/Fam[;Uzj2K~|Ҷ)xb99" e \`AO7P]/IX& AZɼ_=ܷk MQQ9MtnJ]nZ OR0/( j')DU~E>Q[~ fվr<YԯkMR,W NlP;kRԙp!'䲲C<ܗ3(C6lAU#͏zyD=ڐ`}]I ^UyS-olqU~M%gKuh ٧XVv89]VlA;8RpTTY`8SVѴ33n{ H,)ۣ\"UdBV kLqgeCe׀qb~`8Z{/cf lRI,@b½\`R`Yoj m*x~mqC t#G^)~r' PD`rʹv'];=_5dPgKQ:R ="k,nLY! Έ]lKDg&.cyKb%sRas]cTM3<́Q>C,BevJZ'WFMFwg+{8suu `RgTpe^n5'"-| Eb_4^Rq?ÒJIpZ><9%5MTdrZHegs+x!WSpS7-zOC%vfo,Y$l\'V RZc =[vsA,GHsVw ^t}rAKyae>-xpήZz}\^ucK7\/i>S۾%]NV)\ `ulv]gJ6|B ˬ~kGΏ>g7h`x#%c'5^y<6I](p38)uv%ZViRI0 g.7A[m4krG\%Iu8OΗ0{f! `!~72@Xne ֭AI/Z Gc@o:Kj<5I" Աulow3 `o[4!%:֣lC^1]p21 !wC4lAlQàRq.D{' O&:_6אZ 4iF%Tŗ-9 -/ C?={~)5} w4 4ڮ| $OVZN~ЌΩf]B1zȓq qT!'~\6AMD'Z^ Yʯ ںH|tΰj"f#tġc||i*^]uTum1g#K*6]]߀cԩJ>Ά8#hgA`uI1p8/ulgg63ڥs}!Z$Ƀ{/Ɯ`!=\hoxڒ#?D#;W3:? aNMUNx)՗sm22-: ?~$j(D%5܏d.#)QV R1&Q/ӎezr4LA?ub' CM̌t HQBŢ_JX=KՈ3$v ZJdїWS>F-{7bʹT+XQdUظtáUenGe^Mԥ"?Jj V!mtVBt@@ X93ŹIE>Ux# }A#eH;D{S:7FqW+ >D9"fQ<Ւx x,%<ߕ"n]YbD\yA{sl Ng$bNCEgXx4^VVo|-f]q[oXMе@3\*rj]UW4 i&CIZ*b(Șܛ X$ԨY?@/ )屌 ]'ϖ?/($sD׈~[O,:odܹ@`\$B.AYೠ9A8UCgkЬ+"D氉AVoEKh ]Ut3,Xy zsys泘ݲS4񲣆$Wb3i_syJx]x*Yo7 #DW掛h8' wrK)HBHRE*-L6?fwB[T@dZ ŚDMjzE2t危%lT5+4g3`O$uKQQ3ns oH9P貉%+#ȳi1ַf髛b[Q9AםSt\dٳl9+8 F?e>[ŖȪI6YjVre9hȦhrQp) |{&% FQ}X׮8߆jЦ䃳Ǖ ڱ{RM"p&L|XAP}0 KMᕞAӀmdYаS+Ҟ}@70Uu$rWlt[m,-* ݼ3*&ӔQ1}[HҬBN~/1۪IrPlwjQ4ʈ&.X^9Q xzSTv$͆ -Ĉ:Iɗܚuއ?-F~S\c{^$d7ɽPQ0~֊L=c %0Қv~-٦ڷ[R'r4!U=5) ~kNnIjTⲧ.Z/6Mݘ;|@ xmA 'FJpT J,2]pjYaNs;OFsQ$C͖w(k/V3 y8 Qz=J7f&6C&<$E0bmFs2 aC ƺ0)lϟa^':?~PVo nٳB0 X)&b%of}76?ʗmGu3]2MbνEN0ǝD-ot%*K˺RM6Г-Ѝ9w"Oy.wLcvp59* xhSezha؂)I3˕}_ Gh"0yG+LJc} BK  |} 3:c{j' f{LP}u RR.d'KI-I/^}_bptfGgNw>1ݫ8IF%/6\kb&,-75N>Ebǖ1Bo<{䅄ܜj"!8 &t=`񔗰+ZhDŽ2fI`/Wy |xҏD5Ki_d̄󗿡)OV2 &~H.jH SmsL`y:&A2$>5v+F1zX¯@cяHf\sy $>Sc&#Fuq|Ervd"(R9a=yppm ^;B[`@= W:#Vʈ%&UbqXF%ZL+%"~f(K3,_r $ GT4{쌒xR ݀XR^ oX }tnVtG= zJZС \,%AEb9lF7ɾ7m0ӄݮ@K=ڊ LJF WEUyQ㰾!boaueeݫD$mG )2[ Z4  {K\a#:x2Os]iW E;>օ1-TBo]ƜPZq H7uUDrF$ ­`{33$_8cz b-quM_҂2V_uMo[dBn T|Ez8K (r>|cAmBܐate~2LRkV07b@ ̪և x*ka( &OCe2 4uA YzKH ^KVdQ_1nQ=)2 YY88GgFWb-.яc8‰n{Ji$O3Q vdWQEjuFKB/S.($vt<*&/njvv͑u{ Lo9gB3جUzMZ_T2:Kz\:/ /+9=t4.SJv[G9U|]2u!َ[wIwH B.9#%avHeN+?-Q)ܽ18N:KMy,[Fi'EvI.S>hIoiF@!BRMS閏G>|O"N Oz$H*n-d?lt;M!i-֚ hz@8/Ď+`_ {~!w;i! QKB6ԉ r"?dpXbJ*"]Iۢ6q3"F:S ͟ ~= f*ulƵ6oЋص.E:,K KB ^ˀ7D~ =ǽ/(Noɨ=B|R됔0T>=nΝQ`əQs[;_!9OmK۷UOg ||mqUڝiWސMJ֩o6 oIN됚 N[h|Ɠ"xeek>H]}sbµ:e5!.#O/!*=@Y~z(h[-JveGy7F[˻5^JM^$R I[奅Gж菣J1鯿smzQʆsw FcT2)ɲ+^(l Ҭ.k[hŎM~hBLSC؜s}g]8@)pߕ5wZa4ەOq'bK('ƹ}"Q}ʉMjvIGRa# I|~xRkYV.):)bB61yrtp>{YXza ĒwHЭm3 +e5"o도t0``ig@~Їt'̋ZĝրtʙS Op D")/ ɚKl #i2jgE`hޜWeȶ?nAO,Z,.S=5'E T0R9r`'k~W>"}?^/剤rr!ij܂oF卲ѣQ?~j9Fѻb vY=ɨpN4 @uH'Ė`E68 WsbV :x7t}" DzmUJ&/ :;TxL!!wasT3j,I˦ټMx:aFd"Y;%Ӑ0S,[ +7tp]G[7&G̦fQڡH$6ُٕ>r5_8k\j,kf cUt O,G"hdΖQ_#ɛ\Z%M mB2m#&)(~j35# qMCZ9YGnqzFpV&^1[OLk|.ijN|fnN˕\RIS ޅ@wVpBwj//s KSHa $DN}ӳn2/3Q%wDſ 8M.Upf ;j 1(v%HW3N:8{QD5 y3ޤ~y6IRqxͬBpԬpquwۍ>:ن#]Y *M+{*磖)<Kt? *@í"HSQ[ѐI=sA*6Z?Ujl;#[Ρcȧ\_ড়'Si/a+0YLg-ZcCI^d氾O0?Cѽ WNȕ>J(/DL )6ly Jő բ^C211@ӟJwuEPBKҎB 1n[]^)0Jx40/0 mQ;ͦ\K?b֧mnA!|()찬{b,wQ,ͽs/0O57ZT*I71 Eeͻ"dn!ágj,;~b Μc{aؒŽIxتZ *B^[CE;1عB}"%{I&=)9}=vo|)H~ +ΧM 娼JnCnĂ$] Ivqv_S:|`WZg6 )ÀA[˃5cչ"Ԗi2;]]+x'D(%Y/2RW;53Ser -z%Qĉ_|%\zI=CW[kʴid k??+_uCTl20^沓I/ %: _%Nܖ(o?;ZkxXNNha{EjH]D]Ƥ )'2>O*#m*e , Зm'̆*NSā&"1YQ~a 5{IB- 7m=ޒ%SJt|߉Ə]D$]~tuK *%Rf\ߥ}R=$k9⸷u LKs/dŵ>"%׸hxȯOI>ωPvMɆeZ 5K[ O|fûaTm#J ;+š xhe疕$8 \7[owYUSw׶33͐6a,Ǘ~Q~o3,prg+(A?`$Cg$[wC /tP/Fjt{gLNoK^vwxh  qeNKF0޾0LBsXeFI!yOU^r9AF6eU'8eC<0IO,14BLUE@m9f>i6< fnw YjeVI*%շݢ0H7G@LvݢP<%a ) 'ч`vO=eԜa=@0$&ьjA;\k.0dTߕ!ɖN-EW9+QAkEb]/#rk?8ꨵlxɢL+XHQe酊19E72VE~7С`]͇%KW@dm<\ćuw+{ V2 rLR*RB"9&5.3c~9>df}X<9`|?9^3߄n^@'MPJ@O)'A8 6rڼrD\Z{yKhZ8ABie#,z&{fHDJqcD3̡Gk; @}(\ w2c dMLmt]6$-btRۦc (cQTmIuן1Gd>ZQgQ8U>v>gh.Sk› D ǘX;F;ϩQ.fca>?Ol"*,9/ G Uqy^̩S:.gMX3 `B0%O+@…SĊ] *#cV;3 ( }FLe:>IQԨo4Uq" XHV\ojzL`y9xʿ[;LcQv ]ۺEji)K$f~bo#ފ@=գD 0V虱!Ra{h3MDX喛N]wJC˅XoW h Wݼ&T1b91M, G"L JZg. 􄅼?XsRdNDojEiGΫu+̉ZeG&vrudļ6 $E~8׊]yѴxOTO=+3R@0Xz*μKC[oɕIcnw\{g>Nr8WP{kG՜alFG䜋eCpÃE3>Aeά {&Ԅ0{O_g/-^*{YWMqy/-g(Y'Q$)a :v"Uop8^iRoك_aJm.Kvœ Ab~e#0*C,^j"J02M&:`lS+: <9Nkk3 !=|A'28zӢuc_`.OdAЉ䕻j 3YzⳚ7@v ΰ7V\UvT͝q_O)x46cEajaL829٦0Wn)<Du=n@?ҳmL~&%@r!C)O0ۥcY^ WΆn"9DWY] T \b [giC is:ȺƗ.7(NG蛱;#u!BxBgBdd*=-cJߚ >7|[rDO$(ȪR輿 tNn7RL > YDC2(xM ӛW5Y>/,Mѳ)NԂ~ϱ7ūXTBoY:6OC&Y橃y">`o߻}ϴyD5Bbf7gƋg*CDHER{svuW,62fȏdUyE{wWɅٱ#_(BR@M ΠUeR<3sw*t:=.T25ȕw[8er?b%+# O!e8`!CVtGm 1 -~5'`廬UEma= b obZ)Q"DƅaŦNRgH ̽w搊Am) +, [)`.qS*h]Ӗ翤{knKbބn#ԕkzHSfb8ي ߐda%\ƶQ) s EZб33%#۶ܐ_ĉn(IsLDFeGl=hsM V ^쫍s<)#ω--L+94m//7QRf__bx范 OoZYj:N^`G}e}{Aj!φU|l  \zrBE QbIf9P/gN\ )þu¯J0p~JAix,5#0ZȶH{NAfe{oAq*ʳa퉢qlv[xs>Fx^+{VZ) N8=RByR,3RsΗ X)(Gzi9Dʷ^"˄q`M(ZU? WmHI sNw1#]2u-n?{6O>Ot?.\dC7f S죦f4 /Qf@hRO``cDQD]Wէ-}@9q $4J6z5U oc8GIss0G`o| >蹘8b/ tu"#DhQ˂AJ L.j`tfy'F]y_"cA|넬x 6(.gwЧ4bOϰb$;;{=OeHp0E'L)|bGM^2Q騴 =՞6&5] È#;f)pi*f^N!zFw?W4]aV}z@ VYJ0a)-|<J_\X kbgM#I]~'ǩtN!^BDDqk8~9@I<{ `ɿu%ɕ8zYptUqfKIa~֨NWK c=cWşhT4r2"vP<2ռ/WVD nF زCih'F|=k]=njJ4[ك,{2jY J,_뭫;YrXhx*&u؏7o~-e6͒/D5mLUP}Vo IL,iZ%soqͦ6LlW_t2˚OA) F#v 0g&;R0/bG6Ц#K7a wXt< <6ˠٯp.#GdB[ n.p (D>:L3[[x!B,J3^XGS^Mn8;;>os&bPTT9N05lJϻ`T״u=~ſsAv*.#ж^MA$%{XҥDr;=I\5 ,=/XKC4x=sr]4;iyN"͋Up tm&> l % ߟA\/Liܯ^y^;(eVb%j`pP7IG|b(:kG[.DN-m?ROCIUz ~k/&yPC-!{bdYGBAdwh}~yǨE{*Q3NWDk@K? 4W֝5=oioz8R>Ë{MZx"2_ [c@G⑙}w'm}{(Wv*hl>+>Q\!grFHa{А{FَQZp7Ll$2GJq|R냦7!g>N&S1DpfQw;%V_0ỳIP0-ةji?ҀN(D7b&Nס1hU͊'oe5~DO{ɛޤJ; ;e/7瞻K ս!Lo/dgClEW궍EƮq"[{C inb= j^p6WaBFec2y )6Dn{GѼKi$%`Ofn4:O DJwBS=kcnj1w"+^ )4J-QsɰX?kêq) ݱTW|! vy%:GV=90.Z!{7v'ܬ-?GҋRBR͏H2_L[2r |<9x]5ބuEf34 ,%I…4b7I3G_9+7q$34Sע1J=4'7T -d o'4"nΒzo$3]F'fu76]3f/[|| Bu~t@ 꽟´>_fL /ڃQR3;$``Y-՜UX|o 5)gp4yk=DRIҰ~Ӛ9L*:ѱ3 6cphBx:EY R"=GG{7)ˇ\hn6}]R'8Ebe_Pcb/s U1ćv*\H\tT9CJl7|GdJ勇MD fET[NW`* ZRYPJ j|U>uY~%kC_PFGſzhF\F"=bb% Zo[7P07я[Džcyu)ޢ*pHi|IpǒA5$X\liùss7W>2C㺜@ȨED@X;k8x#C]Ǭ#O$|Zj^o^ʓ#8A׋Z鰖b-!`#7taŴ?N`zK/ڒD)gvL@yi,bHA;ڐ8 ՐOKWe_8zi\8NC2KRPdP*=t z&Zs6Ƽqᅛڠ0 R~n(;8ߒ}LLgó}eP/;4/dbh \ eU•"sFx;T 谞5~UbU  F'U|coȶ"mI6}01Ggr%="ӂ4shg01׏L-tu^wM0|l:"ӱ9XL$c~襎sSG11dX&EBڹ["60MX\gőRyɱ>lZ m3KzY/\^ΒLJĦ7%{e|TKbF4|GIrOrw[Dq2Ƞs^EEj(M]#Cw[C7YUI5(r^[um"Mi;j}$rPw'qR3!(/\{)Pj3aWca_k.L9WDm>c$: ajb8sφ-e:ПbM!TL|͌%5!]j鑽Lg`Ӧa:[E+.&K!Sp\̣DGv 6|zZ] .i `Ί! C>}4~JΗGnd$'V_aﷵArK <" 3 byq} Tgҟ̞'KiwVc˰]By8gSRAe#Cl+wi"[ϿrU 8F"68g2搕eIUUKTn 5w#5ZrOwf LZpĆ-l)Ƨ*! Ң:QbZ%J\=MΑ׀XɏهiJ,UT/JZTj-j558qg';95dL! F dKGQ[N .H}⴦0i74% W瓼Xp(.q囜i$T /j2\>=u^-c1OiH­_׹ֽ]gkɦ^C@㢿|‹: Sf=xF=F-girc>^砎؅'~>"ae)l7JzGn΅6"#oYF^@2&{nJ+`9Nd2tH.U[J$S 'L0=8TL`w PZuDMuCv~*)g 2"Up6T N#z-~Cf,QDNrEx-'P^APqҧ_c<$<^ 4ܾ|C3Sͪ$WXП08SƐ 6n Z8_0}gA*;@&VtxSR;YV%/CإUJdVjsCey\Q:uu8;\Ӫgȿa'?mw)bީ*ľN /sFx)yStQD*5|<|5=K(,3^m-۹O/$7rH=JϚ7B vsyÂrG]du)HưpH|]ŲSEɉsar;xIbuEp؂vxj;gusIJIg]W[q˄>Rg? Ŗˊf\vh{~(:i ֌]MrSN:|eZ׃̏A^fBAm9Hf!e!VZ,@`<~6ˋ.K]KS0t4!+55DwbTkADRB-ՒLӭ=(D QmVF%KĤ(G4ݡ$KaJγڎȷ1gt*Z1~K.oyޠHѡ8[Q Abzq \u7^d@R.lK 6yk|eBJ"QSL[gW9{ʜv {!W'B2̈́6+JFucgdz1!$foG*KCralZ|.NjG!@(,Sw1 ost=颗/>=Q  0|7=Oc}M 2 U/Fa>}'J./IHKn\}[}K5m,q*a_`>=<$ĉMC_Wc#/#^ZAAXwJx?#YUA/|sIjc:b05vִgDbxeV.( 񟟄XP1ԥdB8$ɢ̀R0EM~=&؉rV$-Pm*Y4e1t+}|T |Y4ec]F6RۭtR @e2` 'a'Ӛi}r!~ea\D9C@ඌ C!\t<qt܈dbe?oƤ8sonHG4Zˌ;C6~$7A RUy8:9eq-B x>Qo(AN5;:$vIuLoK=M0q S4jȫ5m ;fxxA&+.pPTφax&kɻϵ򌈡жVt`RܔC{&(b&"/!ZA+%XR͠^C;sBkR7̓ow6Gp7 G~W)Q%LoozpȌzMt\]xrwOa RLup5JGu! #kVT`cNRNE\ j>8 lx KHhKF zN.l HH}^PX '>+hFsFO r륙,zƦ#[ƠUF}A2[(g-fD@R2Udn]4yn׳9D2Ԇ_w)1C ~LH*bNR%UcWXf^|.+k~B3?'20Ts05vFg"ܸ^PѪ P)+ %>})[JUhh~)@OlC qNôf78o0̲;cH6 K9`a]~Tw NYV=[,Pȅ粮!)Nu<',%>;/.+ O[SmdGzeV_tzjҏ)|goV"eg!缺*[QI-ͷf#STd/Gi5::VXE_ l76.kaVEm9ǁ8K?YknlKYОA O a|>Xv:*+pݠ=*s5!$]O*q;M@y{ A泟+SM&aLE^( VM;-I7JFDUg;hz;u=I:i~ju[Ʃ8OGJkT9_5%\(Ax- sp.tYj(h7E60OqRZ~_܂s>a66vڒG?DNIGBpPAoBi7u*TKu@Y _idEf[Q\GI,. ֗MehXz3uFi: U\EQ"&ޙk2FM* $ei0ɫ|bN&3/N!pWQ'+zI=_P6j׀x18̉ v'mg-VfzƾJ)۹md]1(ZY|3̣j*V^ J}n1m$& #H,8kO k*"}2PIsp|BK2d<)gG?[<ρFiO/Դ|Dc_<ѸܦqȞüpy5 QHW`oN㉮ >)b2]7h|)2%|,|5*p:Kp`亢wE9}U|c8Y@dx'iwc_97Fz$uNG jЂre#0cQm'}Z=p$#9>+X[:Qtog$s5`Q1Ŭc$}2۳Jj:w.yfl-Sj/֜Oġr}F|,jvVu,+Ay;.e9vؠwd>ݒIBRۓq #Bh[T^ܥSɪqvQ&5%J#\MmC>]*,7EiF06[ #nu&ݎ[Y2p{ <y Yt iŤ&lժbY?{܇w=\r.`MS]Be-) 8.j{0AeePXdѮF>gX?$KN/sT OKD01 /wOQ' ,Z@]$` Gܱߩ೯r3Ns]2^EaxAFЎ~|^rB4xJuC㱂/'kMI_pC7B ϖ)6'T!VEvO2@?ܛ~{[t#P I_Uܗi.7ᦈ'%6չXYnVnq4U>t-1yZ^ARyyV+,{#Y9=Et^P2=F̜)+:msnE}I-*>V]C1C_*PBQNјM$uN(N"wWZtWs;^%i!z稲LALaT-  ,oLQ*К,͹coAftS3䥓s)Q4 -w!c2^rKG 6pkӟ#q B^1vo9~ izLHE"E;=rXԮ췚:)KE=w WW4=zb4VAbOC9/\+@רbnw=_=% $] Jj84M۝X NH) (CML2q L ۵vMEu' 17p;_3nj[+ZvRt4!;M9PCCMZ_L]hfWޫX{|6PУcaI*Hiwcچb\E"{yvBN^#kjŔ ^iƶ8 1lDz.xZyQ~hlIíMxnhj~g~WdH<4ɶ5t#Ӳ2f?͛e.󥘪0p ꒋ>{n6ad="i,9@dQ@4o 'n4_9@,EsZ!'ްI$-&4ҪXz񮷸IF<,ÁH6?Xjq[+S\%bϏ-4j'q~0,3о#,w\ 4qڙafWjLM: /1hA$n cLpÇ3r*usݐ/健q]691 oȇ!֦} QA@uOW'8nvړ`fKR4'-<{س%imeF1?t>F/#E*p}pR\pixa\D+ΉsA#QW #qކ5tCI&ISntn;wQ7̧y,(ةkRy!' PGV-J|Ml䐐 S?[] sħbe<:H hz>Sݧ>i(!2.wPp$fd8>{hv l-} ԡD3*ȖV;*NLj"w:'.l 4fЃl h71p˂!}Wyamq8.f:ILr4D)u߶lcWx[)童 j|z#;taNF_?pg8[th=+7>mO:b@! (,(]Ah{TŶAjLH"9o?8rDXY/`j 6nϨv%N؅Z}>JvY{kR-n.yJeHw|9Ȳ ۰Ƚ9LvX0aX6"C7NrC?qfaRjB4'ald H5,Yl$9|Wh e!Ie떥[3 6¦pLgZ]ʲ:yJUh9̦:g{jiS$x㵹Y1GQGcFܞ ,M1uRh%Lv܀3o1p$1;hu3cAGxw^@6 vݴxKK {~OB"~Fn'BLVCLLu[@u I'yN, ]ێPגMc^fƐi<\Ջ`N[~@h%iR/H`P'A \-Tv[!dXh<ƛ,> P{YAG" ,BBPåB0sQhRqRӗ_`t/f} nD_J&<QS‰븭 |9!Z)q9G-NqS-y3goew;&A)ި!,ckD^~zq)h'ȉ"g忧m3̝؈kTuNqk݂>Wxw Q5HZF#Ge$E)8I^VxwR@%Coer34Hwف',o=t}@@ܨ.1FyB[\Tt3VydnoZcQZ ۦ$ϐ4Р |;7qiK![g3G;Yh ӛ(~_PSag.7: i`~oUWdIڠU?SϜǂ(`bBHZ*o3ՅwzNl!$+XP:9];9%k)%_ZhGsxeE;\!\PBb׋K{/q'bm;z @Z|taR\ʦjYy<*b3>`.v{v>󿎚v׋Lq"hEsBhK\ m}9/acEk<*cxN[ 8HM|^m C@ru^>۟PX!;wXS-\ u~]"~Ř,~54kI .[H`aR"h_uc@mtg="' kJ+_` XkA;=./f!t2I녒fR#p*b$oM?ƦcF'A#aŮ% ]'",F>>|9)MaD{h+.`FI1li }nBhPόRntoI TTT&0}Ir}@CKwi/I)!w8R*,$*ILQ2CHǑ]w34lzd\FA>u߱P?{y{UOvXKJ.lgL_dzNC?W5.͵@kBg'lb}P8 c TCI<7۳0+lyK~|CQΎZX5tq PUd1{ y>~;D%D7x%Wkh6Jáo"V/gpvIנVÎ| ~ɲ3-s$8mlG%F!8/vN.Xi|aj 'ώ 9=)8љg@TGaB( NԞN,e7P};7!$d057T.WS; Q<R+qoB ȱnI]^cQӄbl WW}ФgѴUv#Lߖb͖.)6jl0Pi# !xI01"4 DZ97+ڧВQQ)Y "; ke<d[/˧d#-{lȃ |%i}|A(^[Zm: 0; '6&[MT*;|Uva{hY?Q|.Bu_,7}0w)!,/`6zr<#.8݇XǾ@̞u[2#FDCg}aK9G'™e9{CpW5FKa{HO<.fn[,Hx$-]> kYKe%]H}j?r(3bOhY$5Έo@f\ >D'" X2/g7ei$n{!Z8mEn)&dFQXVeUU!o9dcͰhЕx)FBy!] t jG/tn_%iNm *.-xWHAqEv[甧ۓ]-Td 5R71rHq,/ O ]jr nLt`}PN`gPsj\ؑ1MZt6h|ɓltޭvmչt!y]jf+mvzg.Ẽ {]q lz Cf;![GF!QQ঩pҦjhh}xߓTv|%z "ex085D*tCA0ń=)XU |(J ^жpZ6*1sj,QnbG!Pb?\ȜJzR:ϒ+uHi5L<!hbp}HgEre0[[f4:sX.ЧqS#"˅b&\QRE_{TJC7N!ʡlOu3;w?.~8Lya$/l_e\Š-!7T>@m {Hg@S;`YdQ=.ZMU!"SaSַ %O[׿?=< 7JKLxg9q6۪?x¿(TzAEO:<-{ݒˢ\sm1Iú\_/ȤHCDtc3AXt$Nw YCRW74Np'L?8=co @T?C={ܶerߖsme-do9%3_>6.>KYC Đ2^֗b.B9A&l~$="l fXaXWڧ%QfD[95rk7f)jtoU! ~ki)29wa41'OTU ) UfREԮs'`hwslp3; x RD` WZ #` [T0Gspǁ6aX"|tKP"cxEkDSLI v%-vEyӨ=t ½bkX>"_l-db 6'܉D)S =?yYMbi,y/W8ۍgKGV*(`v3^rA^nCQjDɒ. ;"]ZU"/n;Ӵ ]upYO*eH=nU"y}4A1`&y&Xkx]InWfCxIf2/UGǸsdnOA:3q T84H :`|YqKhjW( }+Ok,^+I%gq=c +Kk0aW`WE+C>:½|k jG*HQkץ+/OzCy/Z6^865@V|z?;>bA2Nf!Na4hrC<8P@upH.ͯl$S\!sŲP`dtG,ÞE­5iX[UGR6 P7m}< Iu3,Rɑ_ezmeD&w с?7y/ee+*=Y vs)dUnsy-'e ѿeP`rO8 Ncrmj0g|;{A4- ; $_;Lig}R DVYɎn@eeB9rBGS3~>-}tD_IYm`9ct}=B˾ܛǡDF2ڀY9pzY|,VcјT{S+qVR~8wF.w1˳nX15 $:p_Ha+vNӞX 0'vwQHhmGO1hlEJ jMErhG8Z!)>;g-XWVT.B h^'/% BeEva)\`Jd<XB0G(NT2cW A4\yRE[).;bi 7eJ7K?uy<'';8De! ) хژZDލQK<3:7 ZЯ?Z{iSζ⣔`Q\2au"-XmTpO>#D0|ڀLx>L~8>s.g:A"'b&\%G೸Ery@?-|(L/O#xy2tzb%Cx)VIR/,3L0lp,%Oa;FpˌD>eQ(/$Møm.wIM*2rv*T104^HMliTp f4e*zJ2YUAS_edpZY>%Cl P273,$qFC"*RtglxbD5ܙҳz9sD[kt:6wsz)_xME=tb~0z E* K&Fwɋs8e %,SlS(KDJ0^4?p%L5(sLڹؽCOr F/%,DJ/(m'L*@?Vɢ ' G}+_]x㸗两t1avfZ-'́S: b:_ʴ!EppWsﱃ!R6E!N}%ӂP%e-DtVimL-kݺNNЖꀁEm;w:1%mW&zm3_cx7 6n Kjp(sSej*S{3i@,Xl}9lPm+DBWNyCF;-tG.W PhႄoPI(~(>,NPc}">BD9[Z'/(rf&ʂQbS"鶓\SchURF=$_I]C}'}ҩ{f{oeY aL57qG1[\k׾"g><Ú{c6ڱ$_J&+;bz&*)`u/l\hLS>qEqxrijZ c$#`FoF6z Q [|5QFM ^VBcǷ.qG&G_|3-He1E4ՊuP ?Bi`9=>.ӺZBkT 3CD2~0Ru~?53 džԋyՈFRy(^RZsg\ ;&-߶!5s v |mܨѠ@.Wژ! L$Y^\֚hDl? { fXNV7*^}Ƨ8!=*@Dzw'x1 n}^¨,R+5]0g-zb@BX|XC":-Cx<;J iC'vv^W3DQ^~j[8PQ7O_FﮒBx9vidf> p-g+mHέc&h E^lu/O㗔U퇹@) >UDyz1Ę:> HYkUBZ-}5wLm:&MITS$&J{_?'rchiFLөK=/J]KPwr?Ch7,(xɩ8IcyT6nI;f:.rEeu6|T=q˚=l/5}2eYWL1Z&ٜ&:~٤yt͑Hְn~|w%8DqhkRՉxv=ܵ2,dlx|V2Uށk8/8 1'7 Jš.?3^ E_Rr9(mm:Yxf-0Z~ hgϻPD{54NoM K FQc!&U6q]lJ:8$ZNCP?G|;Kuu-`ڈd<;*049Ƙ{NǷyx11 G=t_ _1t,Lta}$^2L"s-Oe:Kro3A\s+6<_դr(x,tql2=4 }H{?kL , zɿL6qmEZ_THZ?O7b/zn퀌%5o\PP0vxYJ}`-=#y'Go!˵OA j}ƃcޤ6)`Cd|N}ܞ͛8N07^D*H1:Zok=vy5)5.ʌ&މ$Gh=fW*r#H)Kkހތ^J?>(7Rm ׹B E~5h "q (ühȺP`ȌVZ܈=%kֵ4Bo[ʝ-.Y_v0" $3m * LD}*#s%3} iHϏ>TY ?~^cMFTͳWJ:6a5,R*RE[nƤќy{O~a2)K"'O#Y 5h$W1˨"P)B RwZ[vm_耆;mZ|1x.%.&4)rE TxNUO ӈK@/F|1OA;:<!{D,T@R 42i<Ɉ&CmANFm)-F }Ah@{) V(WJѻ|_x׍(pοhߊˌhm9?nDb>=-uy !&H/y{;m f^P`R(&WA_!w."=cƷhWuטB3ΩɆx Xu[q$ bdmr :eȦP?Z632 cIĒ܃Ģ@1bCSJ:P?(s wg;v5r㎌M!ދIVru&Jba)w,;Klf [@ 8At,8Anw1ѥNBqa 8Rj\6=8 <;4N 5a-{+z!gdUP{SnjTYm{77aq zIڥs#mduҖ@oT%4Y}}]6!7: jZRyRv^ȹ%^[̰ܺB| H81jp5]xj^TS"5sGT0J4f4Bp8`4Uxm;z 4L;Lce@=Zn(A-^dI j[ndAU1ᬁ0z.kPV}(2xdMhMj?,eżȑLvvDWkC˖c%~L]&?:^H6 \ N۹cUfGobVWx$eB:B; ?Qd36gFT^xOWavP9hiVPɉi.wۏ~-d]Zwt3Y0]{i͹Ua`2P!P-݀eUP8F6EH*׏x-w9OG2jֹge"ɛ,7!I/B-ĽϵWY(1 #%aa<-45^`#6ExLބOo Hqzr˃bv-I4S^D8~xsd?維 o:"..tΜ*1]5'G<֥0GlN%eɆ%=3!i=MY%].oQ/gj4Ypm7۬j4cB(6 -c]`oOK>[9}a>k\Kj u ˄#͵u~nj]l^D!+5ɌIJ"R o,xTD1 JWN?GU`G\4ޅ=FdW|?ZXhzT$I< h.p2Pv%xLc%6@}hñ嫹̱9~%VÐ yQW7&bS:muR7ұk:_|Qrii|ll i;kwz'ϘxHjF6 t-CK` 󻯺>!lg\%m"KDA-ٞ+[×. 5L%>󏾓FVeGNG-a[S*K6S2Z2SDCb%<vQdOKЩe:mQɠZA՗|x0 gEGxm͑[%(.fD5x vPˏ!N;lD-ۿ؎#}6WrQG UV=ܯm*yleݐmx~g5@M8*z 1;܌RJk" ugDuBW,ȅn#OAOKˁp缬`fhǐ}`Qܝ>2E(MЃ"YIGkG3W9D}< p4m8`%~_Խ]Q7gM1zW%F"c!"LLLw^UJ;M`{waKq,z^!04gC^ovC?4-go0^{ZHwy򬙬9nr_aD*,z9V_Ij3F]tJnx #",r]BQmԿ7r8Ly r;ލ~Ċ[mk7~ aaMc|󆍐Crpj?\J8M. x|w1?0t%ZSci`e3.0V-;=@W B@PLBI5 ~~ UKHJwO-IYױYW7,ڮ8Zw_y| B!Hl@PR A<3oe*tfSݯs.Ix' W1vDisNa3xVwc+eY<'rh{b* .\}/Z Be=?[}u'<$J} Ƽ+4@җCNcw*\)D2ё7d o.m)Up ĸmzګ.-x {C*1CLMLE [Bf 2B]]tLGv߰z OeXLcjP$d؏{ؑ O_οit_%}(쪍YXFR;z ]]}9Ĭ%-qM"\͘O1BI@TWOhulBk[!Y:+=-$͢ F"G|#RfA"26Cxl,Xgʩ8<S d!/snA]d̩Stѩ E Q2pGV3On/I?p!ލy ʡ;'f?ܤBH[jw%mw~a054ӝbg|-.[c'WŠx:yYDzc>Yvʿp/;$ Ċ\d,W{kA0MSmgR:c⼂F:`lsk@>D11'UAd.d}>q>C+(f̫:À(x+A:L!n[@iWx7 v.N;G/weKgر5'uYYҒspPO{/KXG?{{T:^aA r<` :|u)Tk8@j8Yr }XbjkO1? F%U#)T'Cu!eSSG,$B#DQ 6#h"SḱP%*戅Ji>jL@ yIJ n TW`QsPe$wD%x=V#i3"Q .lo+Tx <=b 9=K{dBf,uƄvp}_y! eu8Ήc86/I3R 'i .nt7,T8<=Lɑ#yǬ)S?_B7VAV бIN'(+B, J陌Lup?/WFdTҩΤHj71InP>E8~pU/ *.[gJ/ u]<|y aB3\tjt&sɉ%L[ER2.>#"PSwby%8a:Z5meK1E+I6^vDWyuĂ˴(=u\4&#dƳHZ}'=> ⎦,✶/?&N -E@@EE*"׍=ADq(tjs BB%blpӜO1[]x2Z$ ?I̺7U4aU`PsE蒦:QSDD'O|d&A.|GܸuaZBA4/+r_֟ai$`[Zd"Fr葷^nr4\b8@7 ${93Kﺆzj,jNPx #[/W8㵡Me&DvqCzj_VƖ_u>r}pmyJ7Q`0!HTzC;^#j/YB~+(7 1=s'2 .~aiְКW~NZ<":AQ \Hj.By!G߉|t IaIzʼn\ZY:m!No>ռ֭V0v>Ȑ܂3"[-4#4N8q'0uNNh%0dXZHeZj6j*Zoѩ ǩfp+h>Z^ B#>DR I؇;s'Eʕ$5D_7 r>JRTST}%8 ݕ-pQƞ@`*>WX+HEF$kgD,Hq]P`/y[NVX}pȪ43>4DE8|pv.ޡ[+rBiŁͣMF1벋lHlG|L~U몛^ew`$#.qWvD9``trx}"E.(O\LhŽ+Ub; u"3S3тV3O6nN#?gٴگRL rki?3-iGgBRb=yau&η($-qdgҨ=enzҀWJ R'㬚]]ޢJγb:e>:&ypj9GC9DXoǩg,|JB"qk_.x2tOSHBYc*ބ3F 6Ub!s.W6@>Xv͖U44a>WIMG :P_t6B {1ҼÜwq"֣E* 㻛HՙnMl ~E3mǢ;a5Z7hyd4"@d1{(}`^|>RݠfHSB!#pL =)ss#ߞe~6 >ԙ@S߫ (m5ⅆUQuV/j E¹$O53ﶴ6ì pR4*'Dhc+z'۵IEk,SLC6V\읝LGCpKwt7Dk$ H i:[bFĮѽ=)5&3 G}GzD|^L&\{r U>ݞaKjD5.mVyl*#ڠnӕP={z` w;esx/UF>;jzゟ`Q5I~ga;2wF cp+`=SHpi}7ώ%3>[c=-$3qPŲ'-qB04}x'tVPVzr@$oMNeF _4VΠw6hUݜzƳis\UwUtfM [ uv6@n7>1 \yu+6<#{@[+,RAd8]1Sf#$ŸqlU=?jA=|%h!(5k$ܫ2D!>wfYZWZ+5so/tŭ^W HnWC},Eh ~#3ת! - Q&O}n` =̭ Ⱥrbfkf$OZm&=h#7x glSl8bAת66OW2X>iz"6OR'*r){"7d:_J h@cE[$$8loK= =\8=-h\رh7O^^g}oƭ/nIAN25sәBs1zT^cY zG/6vl3 5nD-NAuV Fj$}pZ٬6^ Ϳ2rm n_.VU)4iԁSX)pѦTDб0Y!3-| _ "т]§)2'Κf1/K k9UwGOx6v?;KVa9VÊ%;)Sq8߿Ä,p;*Xi˨E-X+DKaFHi㛹I2@TEaGP$99\h#&KVZ#96I郎 7>8wZL1lHvt"ixA~f[{kE‹ f㟽E*"]11IE}o [nɜhk$j0O]mAԵe=7n.V(=cF nNƙfRP,!sI,ZGD4[k*OA9xXr;Vk;o2.x1W@Uksj Rg?VQ9B;GC0I!Mee_8&FZҖ^ޙ1-Cf{iaWEҍ#G@8YQ/VT=rt2*^CN}u&bJC?#ΏTVQ&E|+ճt1NMN֔m Y|u1:DjnYrR}e\'ғsaT:4L}aI4"p)|sS~dLTs®PYX- \Ӟs|Qk\bP5{Y6M/Е9{?<8o0H QGh flmnUYB29"mb#;M]'m2 5x,I'r4yN$\a"IGB %eR-eKR+MF|^Q;5gLvxUTUXC|N Nyz8' x}0>Ror~gc` ߔeDwPG3 ?eS=\156Dxg6m48P7T{0ߧnjkd}coNbMB#gozҷG_L:$B1f}zb^)TW/٥)nN!(YJQyt{Πc8+"O߮la['_N SjϗWIIJ&c^_HS,m"a@SqͩMD}VCrj0U+8(I &'GrW;p)+췥# ht< oYZqO~;t%].qgُL.6.Z?.i>ه1uz #?e3rj[u\/>I۫ վEtZdj&j:Bqd|xg>ok-X]l{$=^|Cepb*mWb9nn?[h:W7ң>'=&x_ 0į]k|.VROFW= L'P9ן`Yox1S[ Z.C] &yHdA/weiH2HmV9!#ߒ:D{6^^5ӫ^A|?:sa[ x?(t,&gg*@-+b$,ۨq=A,yyT<-DV2j{q ^34ͿoEx&/[?:꽥T~FcqU>P4:ɝ_u1\ ݲt4LUq1/ws +sՓmgk K'D֯hYً=UJjT _RP/~s%껏h6 !=%51rMjYn` a8l*>Pr e@3lƼ:I2D68MO1X*Wa}Z&1-@ek,NdL'tp/~PAÁƧ$ sq<(`,ˮF9ɯ]>Fz+N>ďvXCBSeT9;9OH CT뾾a[PxeCdLA~맼o N+ ɒ" (^5 clϹ%*W̝K B}ێFȞ[cWm=Ҏ|=N>ҫf6V~(e!h츆aot/CjAI#l%DiubCM/cJ v追iBG14~4SQ]704lqt';A'=jl8Qm]T,Ç6)<].t#^E$o#v2rG({p‘5{Hk5g'Bh M:Xn g,leVSN1xi ;Xkr72"į'NUюS-G[Q`ZM X?X2%:ZVG[IiC8}_A2r/X؇yqDSsCU-U+sq<w-n9 XB<;.(h˙%kJĴO.^ǯbT-7f/ӀR4[.ԣ&hl[zSV0iY~>B2gTPotbvك=90::J )"ژTD߉:-2@ ̖V{my3\钾pzq|3>CjožU( @s ysNm: 0qjğ 6x/?s/fxpw3$Al hR4tt Ǐ>y^r\/RsEYRQ(I|:O%(3k-7?3A+ʽu׬qon${W0IЕѿg߈: .G R9ۥKet K186BSwѯ7˿VhHZ:%bh? Alc9敉8b’BGj7BtY5"=$}utD(N$Z+8W[GsoPL*C+D8op2B!s0 fkTauv&>L&c H7Ò^P9ysϖl5ͣ8e;89"vM%K$+)$jPUC(:,Ye9^3s}-fțr .AkqcvKr%&RL#*__szzAĴlaQw̴<µC"35\xQլ6jhg*U}M/~Ɇ//xO'rEHOLJɮvƆLj[x̧iw qtYiW@<myU!$hf'%jCfB+(J=^mK }xTp{fvhtr7_R`v4H[5m9?Тx7c~4 Tߩ-\)A3ޚr~U TJ.}.] !OՃˋC~XhC^iD ĸfL>XuFInMc_vXuS2=ˣH`lik*~<2|cNQ'|VNP:?1F< eDEwٯ:AmXKbKt+0f *jn.Q LhUpM!90 GĚ_2\{[;[K-LK*b7!HnRSH#[La1/[eDQ4> w_5 A9ʤ@ YZ