sssd-client-2.9.4-2.el8 />/  H1--//e U]R} O;6ZƖd|I\x}>JZسrB(7zC3{ge+4/OvH1%кxGaTy vgəT2Pؚl4j!S"Ox8q#'oŭʏ:a*^AŮ`q_[Ybz}|tG:=CE>{#~j`i>By3cz `۪(h| P CKUf΢_$r%t% D6ߖ=Om1o.iڃ>AGB@v5y8sr}3oO]S72ee2fdc67b1cc937c78190296af8bac61fb817def1a4dce11fe34bc925ed9cebabcbce76a5d51bfc93cf54ccee88a3e35a4896b0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb50067306502304bf13ae56a77a601a5cb74f2784fe46b852b5d654a6d635a29c02c4de9617a010cdabb66da8332e710f68490e6be7096023100e51ed1e27ae12d58fad6898b86f097655ea836d4fdb7484b2cd10cfa0245ccc1f23fe959e51cc58add9d8f6ff25b92ba0302047c435bb50067306502304cc7a5424faedc2cb48a015c7c8599f5f623a2508ad1458971d91daf1f8fbc6f0a73a191bfd9761fd042baf9b67bf38e023100ad0c8daa0520cd267bd3d3bd83783a60e28fa20f222ce05c2781c00f2efe5a11c10ecf6effb8b166f8c0e47429f6994d0302047c435bb50067306502307dd460e7e6f810cf91f60ecb2f65832b67d107d456aff5753748c09e77d6625e5efef981d34729224bdef427d833187c0231008cc37cbc6c086fa927ab45e21e8f4f594c38f29b45c90b89796356569bb0c9a5f89a6e7c0b64e10e76ead59758f736340302047c435bb500683066023100d36966186be7387fc229e8c4c3bf4d26eb319dff2f6ffa806dc8aba3e38e7fce368a8dfd3c25647b8a22ae853d03a9f0023100a4b2b291534e881f8cee8e8fe047964cef155a2d1e155d2e698369f6c63aac18e3d061e4cefd18c42e386acc57f016c20302047c435bb500673065023100eab42720f3bb2bc6a94dce59de0ceeb6a99bff5ae555a8fdcb6a50eb7971e773faec6b4283b944d9f1f38d230e017f2002300a97751389b39cbd50fcaa87445dad65466ad0c00088dd4c0713db90cee698eccfcaea6b610868e1b6d52c701d6499f00302047c435bb5006730650231009f70b3a720a1fb65c86f8fca2f5052e06fafc66c9a707386b4c112f40c30cb6d2286171ae504df588e88e0320abadb43023021d09118d6b544f16ea2c10e1060e2ce685813521e04b47eff47b79d52f32572b32680a9833a777e58019aa1208776bc0302047c435bb50066306402307e15d1da6c73895748d56854cc14b36288a8e2460f2f13c48bc0b37ab901e95b0c1513d9585cb9941fb8719a90bf7a4c0230253cae01d78db56eb838a24fceca96508c0ec85ed61408aa99a094047b24ecb1899b3ea568be28039672f0a82be4704c0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb50066306402305cc1d8312e409cfe988971b5971578e547e843eec1e10537cb0d6a5d6a23a0ea327befc08a66ea6113ccd5e7ec8e3f7b023051262a6ce11b6f8ea09e598427c860b2a83e7a497d30e0ac62ee96aac9998eecfca714a68a6c79adbdce83b92edfb3600302047c435bb500673065023100d7823fe9107320fbe6fded4b2916a32fc75ca2431c6f4fdbdb0c19af4a7bcc35bc5c009feaca4aebde77347df6a1552d0230128830ab81d4bf81f049925701efa8bcf596c102fd589986e3a59c9b4d9a4f849a58a6207dc8556c80f6706124c63eca0302047c435bb50067306502305bb0bcf4e2ca031b7d6de3c6a3df1f7b4a200570f412bb05decaa6f4991d4458e1b4e33636ab411af3697fcacc728b3e023100992a9cea98d6aadbc3eefaa0eda385b74eb65dbbf5e24197ad7d2ae9ecce312926d59d4785852b7fa1c1a921c67c63430302047c435bb5006830660231008ab954f619dbd1a79c55e02b0b989d5b5e2219674701a01c8156ad1faef2ed70199f63c1e2ecfc089d929a0ba33c4fef023100816a73c291f5245c8b2c30cb1df686515398e074e265fd6df94ffc0db1531276efe38f85bacc75ac33f5c321d6b1f1720302047c435bb5006730650230127d46f2f7d9a4ec61312a4908516f25881785bd8d2acb287ab25549ff519168fd6f222c66b8deefc44f2f042137aa460231008fc4447cc60f058496fb17c530eac470b7a73f9098c0486e29715b11c022bb992f3c86b10c8555c4701b61fc7c884f910302047c435bb500683066023100e7783fa3ded0d0e08dbb4675632489cc41cf50e548ae0ea6d6c63c56922ee3d62e18fc4ea69591f7a131dc8f4da8f82102310082580c29614bbaf268b69686a0c067f85961f0f397d85e48af35af88e33d247ff3c795d9edba9a72bd0ab0c51acfedc80302047c435bb5006730650230726f34fc18da92e7a965665271d5578ec2951c76ed570af30e9e38173e68aaba0c7e12ac3477dfedae867bdcd327f8c1023100a8bacfb585da8493337f4907e57d28a0fe3e9fd72049c076bcc69a49197db31821313968e5fd882f9b4d784925d4a6c00302047c435bb500663064023008db66e4192161a84ac2d83090c38a22315e191762a2d50a7f7dd4953b9e0dc83aaa22c92b6033a120d63ab1d869e9db02307f5167d62e36265ab97224d10d2384ed486d4974dae15912b2717c2ce9be6b802fdff4568c6be92440bfe10479f20f220302047c435bb500663064023061120b92777eac9e8551850d8d843245ce3b3c7e368a469d5c44103f021fe2df81b558c50c83365c8ed65a38f83b989b023052e3c5fc3fb4b9ab8b6a5c542d6394ca1d6f5402745f8f769555653b9e5e0b0c5237b1307052c75ec47f0c0fada9b1470302047c435bb500663064023072a5d068803f04aa0256a86d462bfab1f9fae3e25f9608cfcae972a7a7523aaa355c0494bab70a0c597bc2a883cdda3f023050e243853af431fb488da5e5c58c72f3b8a8a672b922549efb1e60851c9d0d65060da8e4315aafe96ea25f9a957382b20302047c435bb50066306402307c30d9e9303de9c74e213efda1ad215aaecccd87077639361a8e53bc19856207d0fdbb10153297e8f76f4f0b07840b0d02303ec630855e5a3542175709d029cbdccfca08a52daaa6920aab35bb56813c26cf81c668cb72271a6d754f2a7e6be6d1c80302047c435bb500683066023100c948b6b2758b7d56e55a860c45e31015f7d9413d1e497ff1eb0488e405c284d9f4cd1d9f3bd8058c6221232d042ad7e2023100a590cb55fa2a3c582b6aef6e45070573556f33eeb6d785464a9aee3dc7015b6230fdc268cbc0b6b769e89fdbd4d52eeb0302047c435bb50067306502307061cac842efa045f861de26a78804ecb005c95fedaf630bd9227ff5877eb5377e4c4e2af77e5e4391cb2c2cea6b7997023100dc22d5ad29af7f966ee9066180eae15823844c4c0cf7deedc167dc55f73ded97fd4022496527a1fd7b0e5b38397095c40302047c435bb500663064023035da3019791f8f774485a64be0622ad029097b5885667db784e43ecf037abf508715c2eb650b366e76fdbdc51fe8a868023058aa9ed5dcfa918b4c2fcb81127b2aef64d928f9d2b30febde1a13594ecdd770b0237d500603a974dc2f7cc2053457a50302047c435bb5006630640230453ec5126947fffe4f69c20c6b0dcebda680649d427c6522c1b77da31e132a6887f5ca4312ba3cbe6af6b2b499b297d402302b65cb779fb54edeeb63db451dba18774595d9f7ee2c4c8871b2fb33610a3c498c46e23027b0c7c3ed2e438959a92e4f0302047c435bb500683066023100a42790d323eee32ca75e4941cedb30cd06428e1988db3c7903926b64afc512849437cf74c7563287c2ed01949dc395e2023100a4e8fc0afc00d3c8f4e435302afe1a159f3d9711c784cdd45209d66f88ad52efced61d09b4f8b264a241f12277b665110302047c435bb50066306402302a2be004ee7ac4652d2ff889359408fa6467de5144724e2e7f51d0c93f0dc49f32b3606c0e86204cecfc5cd4208705c10230190860ca71400eb11eb025fbcea9664b428d70515825bcaf3b44f7b2bdc6177ece38e4cce50c361253f0f3b1d90bf15a0302047c435bb50066306402303d0ac5722cded3ea56180dc0d3973e1858e94a070ed036aa600fd526f5fabafd49678a0e5cabc63c875cd052e3e3b19a02305ccfa0bf8d33fb953430e99d5fb01fbd0520844d9c5ffc09083baa13effc3997642d8ee12faa35195d4a5c955a33ac620302047c435bb5006830660231008ce317782088ca3a0c549ec3a6ce96bac0f0b4c97452c99e7aab4697e2bdfc7c51638aeeb1530823fbbd23c7000e11f3023100b9f8e97d2c64401556c05d96eadc6176f65f0c6e453c12290e46b5c4e202d16612097316d62402d13ed5954b9283e28e0302047c435bb500683066023100d5807b5944bbf68ec0a7c0be39a8eff5722f4edda1940bbb66ddbf118c588a5b13080811498a799b53e25a5f45d1da41023100f0f9f2dd41979488655b22a0fb14afcb7315f16e98acca0e486d55aba0c3cd590f7cb6203c47efaf2ae15f6ec070291f0302047c435bb50066306402306a1e9f347a2c364a7e140a4d457ceed968db8b018ed6480b95fc157ecd90d5e3f3d049be161e25600ce076acd91ef9330230207607dc61e8b4213f2fa0fb1760f1eb4867dbdd7749158d57c294aa53b9a457976746f83f0f54a33faecf2c92b1e6f2\e U]18$ 4a8K541Aƕs!1m PDیDE╫$O[pɴWo>OvPke+Zc=9CHai֊?MzrTɩy" :V -=S5XMswX**5#K !7:$)]UKZO(t 7'eyب7z@WԵhU}pI޸ پl+qGۯ|yLɨFԕA;1tuu78ި# Bh\ਉo˭լ*փ _&9[/TQ@꽊6z<5356q2JKM}@w#Cs58!-k>>=h` XѦϐ\#N!~MY\ ܹ `8nb*yJ>"Z-˚ج\ >pA8?(d  @  %(11 N1 1 t1  e1  1 111**N*(89:o>?@G1H1Ip1XY\1]1^bd eflt01u1vw1x1yHd$Csssd-client2.9.42.el8SSSD Client libraries for NSS and PAMProvides the libraries needed by the PAM and NSS stacks to connect to the SSSD service.ex86-03.stream.rdu2.redhat.com=aCentOSCentOSLGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxi686/sbin/ldconfig /usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin /usr/lib/cifs-utils/cifs_idmap_sss.so 20if [ $1 -eq 0 ] ; then /usr/sbin/alternatives --remove cifs-idmap-plugin /usr/lib/cifs-utils/cifs_idmap_sss.so fi'>D0##+<- _=O,~K E 0  d | :  AAAAAAAAAAAAA큤eveeeeeeeeeeeeeeeeeeweyeyeyeyeyeyeyexexeyee+e+ejejejejejejejejejejejejejejejejejbf4606346077d031827ac55435aec6e1bfcfbc9f599b0afe9e33ffd55b80d977d091c4cc3cf2c80d80723fa910f95175ef50e3c601ca8508c425f13a196eb0d80b6af1e37ed831543f645eddf85cd4b3e1e183c18550ea4de821795762166a04bb9fcabb6013c9673977ffef47f0659b3cbaf4629182327530891b759169c796da29e1afd71ebd50627f812d9c99522b1425c7ee9e514b511e188dfadd2521c95d0c85caa3514d18c640624a8937ad45e02bc97b702e0568d9f992bf3ac636d80a935961e1c1bd3c47def36b9268488d230b16304247d6cc7f187140f64e0ef6f3fb092707a65b1bdad64f9ba2809d5f1a953d3e3a62b6eac08708a43c6ac14d8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9036c57f43c939054fd4b831f271a14c97a488c38f98cdda5e887c5d396e3b3bc582ea0babbaea5d2bd5ce07fbd47c3f7a4cfd516ca71b9ad2e4524fc9f455ffde8962732c3aaa7a7eed27c6e5409ab41bd5776ce2c4504c116e96752cd129d2b9bf19978ad56b8dd0816961809080d86aeb9840930bd004d7fca9f0f0788b32cc24b2f96f61346649139d81b58a1169e03cf4553a3d83c8ac5fc0f77cfb9d85c55746aabb624a031490a76f1fe07e3ffabf000a49f4a9a6ed01a5ad0980e338689c182ff4ebcb019ce11e0d0172f6ec8a776d44751e7e23f000bb6c6df66cf1f0cdd6005608331f352f0ebe842d44a426144635229023cdef31b8263805125972435c1386e05d1394b739713fc19cf136ea0c2c6392579eb87fd1a7b6da99d1403db866de760de6592fb3d4a120358d98dfaf46aae41de13e4f57ce38134ba7393d7200747e7db36436726a36f39ce3fd51fd5eb889c14dbbcea7d596d278bbd949e0f141c3afb1cb2a1320304c3b3dd9ce1e476d88f1dbc80e6f1f232750df6a709a030c64df7374dc12c47d3c4895e5460d2923b893a4a0af7889b357440e612235023bc180a62e581b8a12a99093ec69eabda88abda3b9adc8963c58ef6e60b0497af8792758d02e50c7091919f7525b5f3073e17df1acb9db8e80d4a9686b8a33ece68093800f236eebbbd143d81d0c10998d9ec4ed3b73ac7d5868defbbe0ab01321d2a8a454b705c7af03b9d912156770e95322384f03e79b35187a63573bd28f4e8a2451072823f7b3840acfa7a83c4cc8d43f0a88cca10426b89e86c0c../../../../usr/lib/security/pam_sss.so../../../../usr/lib/sssd/modules/sssd_krb5_localauth_plugin.so../../../../usr/lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so../../../../usr/lib/cifs-utils/cifs_idmap_sss.so../../../../usr/lib/libsubid_sss.so../../../../usr/lib/libnss_sss.so.2../../../../usr/lib/security/pam_sss_gss.so../../../../usr/lib/krb5/plugins/authdata/sssd_pac_plugin.so@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.4-2.el8.src.rpmlibnss_sss.so.2libnss_sss.so.2(EXPORTED)libsubid_sss.solibsubid_sss.so(EXPORTED)sssd-clientsssd-client(x86-32) @@@@@@@@@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/sbin/ldconfig/sbin/ldconfig/sbin/ldconfig/usr/sbin/alternatives/usr/sbin/alternativeslibc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.2)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.28)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.7)libc.so.6(GLIBC_2.8)libcom_err.so.2libgssapi_krb5.so.2libgssapi_krb5.so.2(gssapi_krb5_2_MIT)libk5crypto.so.3libkrb5.so.3libkrb5.so.3(krb5_3_MIT)libpam.so.0libpam.so.0(LIBPAM_1.0)libpam.so.0(LIBPAM_EXTENSION_1.0)libpam.so.0(LIBPAM_MODUTIL_1.0)libpthread.so.0libsss_idmaplibsss_idmap.so.0libsss_idmap.so.0(SSS_IDMAP_0.4)libsss_nss_idmaplibsss_nss_idmap.so.0libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.0.1)libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.5.0)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)2.9.4-2.el82.9.4-2.el83.0.4-14.6.0-14.0-15.2-14.14.3e@e{@eReRd@dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.4-2Alexey Tikhonov - 2.9.4-1Alexey Tikhonov - 2.9.3-2Alexey Tikhonov - 2.9.3-1Alexey Tikhonov - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-25064 - AD users are unable to log in due to case sensitivity of user because the domain is found as an alias to the email address. [rhel-8] - Resolves: RHEL-25066 - gdm smartcard login fails with sssd-2.9.3 in case of multiple identities [rhel-8] - Resolves: RHEL-25065 - ssh pubkey stored in ldap/AD no longer works to authenticate via sssd [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-1680 - auto_private_groups does not create cache in IPA server SSSD cache - Resolves: RHEL-10092 - logfile rotation for sssd_kcm not working properly, sssd_kcm never receives a 'kill -HUP' - Resolves: RHEL-17495 - New sssd.conf seems not to be backwards compatible (wrt SmartCard auth of local users using 'files provider') - Resolves: RHEL-18431 - Excessive logging to sssd_nss and sssd_be in multi-domain AD forest - Resolves: RHEL-5033 - Incorrect IdM product name in man sssd.conf - Resolves: RHEL-15368 - SSSD GPO lacks group resolution on hosts [rhel-8] - Resolves: RHEL-10721 - very bad performance when requesting service tickets - Resolves: RHEL-19011 - Invalid handling groups from child domain - Resolves: RHEL-19949 - latest sssd breaks logging in via XDMCP for LDAP/Kerberos users [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-14070 - sssd-2.9.2-1.el8 breaks smart card authentication - Resolves: RHEL-3665 - Unexplainable error "Unable to find primary gid [2]: No such file or directory" when SSSD performs lookup for an AD user- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/sbin/ldconfig  !"#$%&'()*+,-./01esrurururusvsvsvsvukukukuk2.9.4-2.el82.9.4-2.el8   cifs-utilsidmap-plugin.build-id15b0176a75699ae22d0958cb791c96ab0ebe8ba428e3ae889a69cd55fff483dd48533898f4bbe2a733b57e9159ce00a62f400fd6907de27b1a903238c7337f53b072c15af475c6735254d74576c29672be25b242b11ef34446295007e1b1123c95b4f1a884c2dbf07c0c432e21fb38b2834b8bf8c465f4bf60ed28274e571383b32fc18c0450bef5217246c97aa07231c85f0fcfc26c44d028fea91fb7ef07cifs-utilscifs_idmap_sss.sosssd_pac_plugin.sosssd_krb5_locator_plugin.solibnss_sss.so.2libsubid_sss.sopam_sss.sopam_sss_gss.sosssdmodulessssd_krb5_localauth_plugin.sosssd-clientCOPYINGCOPYING.LESSERsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gzpam_sss.8.gzpam_sss_gss.8.gzsssd_krb5_localauth_plugin.8.gzsssd_krb5_locator_plugin.8.gz/etc//etc/cifs-utils//usr/lib//usr/lib/.build-id//usr/lib/.build-id/15//usr/lib/.build-id/28//usr/lib/.build-id/33//usr/lib/.build-id/72//usr/lib/.build-id/a8//usr/lib/.build-id/bf//usr/lib/.build-id/c9//usr/lib/cifs-utils//usr/lib/krb5/plugins/authdata//usr/lib/krb5/plugins/libkrb5//usr/lib/security//usr/lib/sssd//usr/lib/sssd/modules//usr/share/licenses//usr/share/licenses/sssd-client//usr/share/man/es/man8//usr/share/man/man8//usr/share/man/ru/man8//usr/share/man/sv/man8//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m32 -march=x86-64 -mtune=generic -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2i686-redhat-linux-gnu directorycannot open `/builddir/build/BUILDROOT/sssd-2.9.4-2.el8.i386/etc/cifs-utils/idmap-plugin' (No such file or directory)ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=33c7337f53b072c15af475c6735254d74576c296, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=c97aa07231c85f0fcfc26c44d028fea91fb7ef07, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=33b57e9159ce00a62f400fd6907de27b1a903238, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=a884c2dbf07c0c432e21fb38b2834b8bf8c465f4, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=72be25b242b11ef34446295007e1b1123c95b4f1, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=15b0176a75699ae22d0958cb791c96ab0ebe8ba4, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=bf60ed28274e571383b32fc18c0450bef5217246, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=28e3ae889a69cd55fff483dd48533898f4bbe2a7, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix) !.8GT  R RR RRR$R#RR"RRR(RR RR R RRRRRRR(RRR RR RRRR(PPR R RR R RRRRRR(PPR RR R RRRR(RRRRR RR R RR RRRRR(RRRR RR R RRRRRR(RR R RR R RRR RRRRRRR(utf-843592853f729e44b6834ed205126823e9daeaa1c2bbffd5d1432ddb86889bb56?7zXZ !#,[] b2u jӫ`(y/u`T!FljZ~P `^d-+fXQ`beǙ- Ns)(?@Z#)D>ݫ䘺)H2I9"]ߟ)hbmf# cHK.+ٽ ?VLN mFEz΃e3-NH<Ƥ_JL&^y $S* ͳg!4JzKaeՄF]R{55QEsn0yb*jJ. 7ae?6 .=Z s+)թ׵TmGch 䓄=H$8Itސb3hWjQ`8jic!Ű\TU&UojE(W2&IgB!U#m9BęVb1.Źhog_m!?R2VE4ߟauy-5߁؝1L|ˆWEԡkdmv$j/^nWakzKxтvҶQo݆SJ>d\ Sflm~k$:=2LӪcxPrLaxF G y3ݻ{ffۯa&m/J8v sggq)ԄUI ZRg[!ꊮM<%J!7oCZK]q.A`U5ő"$O1X?c9Pw={!a+;.$nhh0v׿vJs![6J}F#1saá ڏ֐[Glnbӛlw9sܦY5i߆1 ^E;K4!p~-]_`E5k;S *Mr~X% M.H_n*`8oc׈ Dހd9$Z yDi,A@a`T-geSB?Hmtj4k]v J%lZ- ػ=6tWU |?pl4vƍQw;nU بg-[n'&& . W< LyA0tl"ye5Mf~H8ȴՐ|%lCn wqcp/.a^Rf&F7PJy^΍1:WհMc!g"~/D~AYz[[=[AP&p]y8Wؠߝ@?`{鯣XE6cՒ_6 ',z{N$ HT"=VfzV\"Wa?FE/;ysJQ@^ i ,uzz6sW|̿;5u^Cw'P|~N%agq pi]ö́TҼ2tl>hL`a(ßez[w= Ŕbj?2: $;/d .%oP߃g}Dnkb\"˥-2d2D.zi O˰-ngP ]k~ bN`C7'MV1qsJ :LXNa_Q:wc~ۅU,ĩª3+*ZH6ofIU݃lԬ6繂Ra5Awt:xA_!=JU~zުU'p z-[SٷYxf^{5 %|lcjA )p N[1Ҥ$mԶ̡n^ JogϠ=r_^ϳl^`PcW':L]H\ O}<>z d|eH25=K.pN*rI4&Z~w.*Nb]i=SqJ^X+<,U!8Y8gmLz#xo+B=rVc?kM"?V(Wcʴ.C2/.z@8u6le.p8<޲{k0'xZ4X7[;!4z,KG)Ȏ%7g ={ WUT.um&Q_>_ J((JPRސC똖 o>*,jͼǏ󤎒1X;h2!*.;xdPx& ?(^eYubV)q/ n7HyZjd㡅5ZtKOzk-aկ;@{eSJ|c!j]ΗcӊPQ$]q"$M2W<7ipVW @҃)+bZ4|Ufp `nإQ91yzϠ&g"Y s*BA4>{U­hT B&WX܊`b#6R$V//`McXύߦ;{`Y4-IEl-cʯzT2ngw}"F$&&v;9ӳH)69p6G-%]VZܛT* zxGl?:>Ja\8T ܫA'(ycU;=A̺vjCG}(:kD`Z=`9h$:dI%B\Zyyۊ8[ZY9skDL Ȭ5t)#]ip>^2YBc ;IfkEj@rIr÷}S kѮs9Y$,!,nU%$GʜOeQ=Ձ3k "Qv C4%ne&z-) *l तV{UA4*89S;r]}0 `ČOԂ9C;zM7iAtw-rK6;Gt<-L|(Ig`((7N$i;_LLyxfEQK{T x++uU(=$ؑBWVr*hC8' >1Y/O.QÅ[uF,lyۼ .ĦVgZ-dQR?fEb'=vF&S&֔$()n9WJ}Eu1[GHf5 HZ~RS4 "B/KɰPJpseVz#/cyk1(!O͉QJ=/36>u~Gc5VgZ~m}}(iA r@n k?Ű=t폁u d*理M&TvJ† H0ڭU)iW($_2`%Ip;"M7]NϠ֝&dP_CBŏ'$ꭟ%U~h Yl/~DEn |8F77X2 ABt7ROQSv`x|d¯U4ڿ!I+CHSd9W\S]vS{^ I_XVgMham 0U82h!3i#2!C/p"K; r/H`۹Iбvw7 @]dוiP,"kZ\HLO'&luIz}M4 cJyKG'9;۲n2 _;J}Ib~rk4:a 8d45NO۠AȬr?I^*35=~e>7ٮp74A?̨*֖:uj˧>dVF7@#*FL]wH*ܨ*W`m8'(ՐiRђ4mHɂ_7Bk9,JjZ&thJ4en^^K!$UR},NT&ǯ1b)t=k6 A%h='en>ElZ}} Z)x[z/ j$fR "ݰLIN!B:+`b7IuG%\z{P.RIWzJc:&vY29jDWtI3տJ\1eDve7r;sg`cOՀk:u5E6\aW/gVX dMtVc)oGb'켐^A{e:0NiUU2Wlu.M3jXgK0VV|[4?X=)ZEHIêJ29C_## v 'G8@rB+{+OV9fIԡ^oôvܷi9VcuN*-hF8V@ zr nt SX'D /@d/owW:05)Y-|E!GUHQm h3% Պ`IPZz_d&B PafԞtqA+ 6SqUe5{*pv~Ngi?5tjWJxVQ(?ϊ#A$0 )[!l ^FC@*֦ڤ vg ^7ikguEXEs 7P@("&aD+n+~>›"?%~K{CЉ ؖqc\| 09L%e5>/-MAHcmGdTܼ"є'C)ԢӷA!_ƮKi;EP~sYjX"f#YpKiL0n}{fLMOV|:]ZǧPL 3,TSoՇ~OH0ʹP:\5~{afP 9tS\*Gh qQ&p=XVޔ2sF̔z8>k/N.5XxK4ӡxUMM, mnm]TNgV腹9?HB>U͏SK=ԕռvO2qFJJ8p\5vhc=;cN RyRˡ34s˛a1iL w 9ũesĶQS)G/eFb߰&fx=s-n۴+J6I7Aɑכ:Ɠ>{s taqd>Q Tӣ.w]Hn)WɬM"vj˹-Dibp%AhT鱊S5l49n^~&e2dZ6&<'M HKO0ZQ}]t֔ O.Sӻ/ z{z㸫^ 5QR NLA7?Y쥯4\Вv gpS̨ێ鷻,b %Z@_P(:;qRud,?~di.#w9zޱɒ,HxL+·}"^^d–K ȃFg 3GIo%+5"'r%(`oeTi GوET*T750=Ք(bURDJ2_sP{;fWU=9!$zE'\mN4ۉE>Ԭ3+4Q,~[Z'Y{NacG?2ї$%#"8#dW\t%cckLVٻ RX>+c'ʻg-`z5$L8Yo)2HnmrwJחgKǶu!{!+ d׭ pftl? o geEF<n)Hr4?8 q*du)G WVU/Վi7;UXsRm1õlΐ4Yׁd*bp=t\=(6zX/[vP~ KN1ی7MDy?ÍpUeH.}ãF7q9N>Sާ#WSLAih;UX04\Gw]#>b7KӨ- L:N#@lP<;  t}篨&Eq9;ɿ\|D 6 /TՉy~ٟ`K:(Z>v(G2ȋ̯T-xTs@g>bwY>7ߛ2ϣg YzQ\?9~x:})2:yjt_WJƩRBMu1*40d8P{`%e RvHiJNY6^ho'G\eEa(&5ыZ!6"2=$LTqp%+Q-u"ç̷sdB4Ɩp2fGgJ(_ޔ- 0|2vn/'j"o>7Y% e.6WZgJ܁Li)W\c& RX¸&fq"4D{c!xF\zŮ*rBG,'zU+Ph+b7&@Q۩]ctp…'?ȑ^m*d{9zU?q-8/WC 6<p5)(Uʠʧ0 Lk Qo^N@*];]t<KIϨܱ+HgM7/P/Iǧ'ea{ơa[Xl)*iNw l%[\@j`q$c&fS!m7,S#4˥ 5\2/;ڭ.WC6zYK5v6A-OȒi[K*Y^Xqut^tis>cL?'Bf>b%"Hc-^+k"Ty( ;/0(0kVbxQ?(+M%nN2&Xdƒ(;y+1%ϕ -IؼS 9q9XSB0ö}3 @D9amԜ~ĦR}V]y{a$qw-i2o. _=8{DR 0~]QҜ "6 &4SUi@6lWψ0ӑ!I%p8f-ELO`}W{/8L6ߴ[6ĖL0[>:z0KOUKA)8z(0dgf_W+C K!˯&NxMzD:I̪0,5}`dKTT#lcc7vaH6 $fIbhzs+LYEi J!:l֓]P Ayq0k3b{$CTv鶙{2/y%S,'D.)GSAERBV쯎#1X(nvZ~&X4Q .{ os|=⛣5^-LKBC1AUqj_]p(}r9M6 )9J:9F 8MgnޡPԖl嗷;!JbrFRye^?<WAձ#d4x\.4ۑsIXT ;{sS)z*BcH jJNm7=|7E p \|M'OX:.Rbc7g&Zz(=ȹ ewq:. 0J]y$z}z~aG(%iyT:U3ߘHOK}H{h!^$<(7<L7wZ-[ufZ/fiRa~s#V58Ite{~԰GNvԴmW{.xiA3cPQCf?dB;.*WZ<AEFŧ=t ͣ6yICTGI_O]1_'̦DgP\qs UѴY+"m}iE1I=N +{ao0yQFDPn}uū4Ƞa/ɍN{1w}Y:@i.C@]ދ>KTm0sAo5*|(U 4<ةr*2_/gt5*H>u1Lx"f'&\Bf#! W5K_zZ{ By(EMvیk}QD&a92 P)qq=ɨBMYM(kA^q e{swq.Տ6[ݱӘManԽn;j-BڹUUa>gQ im Κ\._bī`aMkb>s apۻ.g! AZ@ v]|Y2o/kY%(7pۛU#cN! v_/*whp#p>[dqL^PI u[ĕ}oyF2=e0)$~ѵ q53s]~(Nl褿D6S;riMp=C0dEl : x #3M<}]NF$5|hze")l >j$F{͘'/vk0Bsᯥ55ȱw?JIt28T\~4ď)IU.H$ŶB+}@DVSZ_")=^W]&"jJEʽ@(qIqLS%\F{:i{埧28?du(M4j6BmdBG}m,3p%V~wDJdLTP +m5oCjT {%2~B U žw p" mq۹nTB~7(f"12D0Ml[K;{cl` /s|"ZچS)Dm! po?$)\Қ]utJItE+M߱XvrV .#e$p~m&A9$[ yeUB"76\"7t䑫#6rr48E# Xc@3iEFJFrnِId%;Ul9a:"ޡ3x5X "]ipcC#0'&{[.eboбr_tx0ncrAwEk4ƍ SpX-#}tJRH7&"Nse@Ͼة>_IcL_'HMK'Q$?ֈ' ܘⶮfsq1߭G&?9ڤ-/lycC&Z?"E"pe#3KJVcqPJTnaxi#ů?!`;CC=|R9DVv&Phx7#sKt:#Hx 2GV]d!2ghbuѴ᧞U {ʫ#5o9f:0{2~drj/6-?2P@ erb,c1XEWuT{HgAz$UO, Ą-AbB$kѴ՞t&c܌兛*ŗ-@tG}αXd5E7m1Cq[i{쥇'%Aک䞪m?FfleYTԎO.l@o*pX(W"hy$6<+U\bgQ<^Zӑ2FrD`A_|25_TE F_g !XH]'(Pcrĝ B{S=h6~@گTW(A0ۏ;ZG]5P C86Hf ]i5 v1ݮucMϐd6rr:6w Za+#Y ؒr[O1fQ+&Q*7mfF{;1 3`"ߵMHMa;ӜP^$L-jS@[Ed>>&޽VNzRI#4P:'uT$woHPpuO3?6f(K1uY<5~NRvr7t%찃ߙ~ PiT(մhdm+iR!UO%YV֊JYz*"bY fԟ&~%G`YSē4ɖ7nU/I^a3&>'r9>8sކ#0w-H7&խ); s,X⁔M?ڤ4&Udom;*dEǃΘcr!JA˼ƽՈ`81\ ?T, 7 GS++V7Q| d;+aKeGhNj힀Z>DGܜ>'r7[]7SI>#ނ(Րe2u>G{P_}n0ěnդ:={D=iz4 B\]QqLg^&'} p7jY8:ⴤTIPo(5_%ZnC^#H'\ܝNpc<=+QmĦ9F}gpڝ}$U ֪M̤9~9Gq|I:^LP)f Q t2ABz?=}_/6l#1a*g?kˈaπn}Ku̔~Al1_M*k lcugΘ,T"̕-)!'&% fU(SicuGqEm"F).J%4XBoP\UєEiG az` l<-J^iqBNe-5lN5wUo.T<{!QgboZmRq9[$|X`v69^ۢ`LWi6#\X]~?\3Z._K88s q |A`Y̼΄Yer#8m ZqXmg^ڲkQfg\p8]Cni[<6߽-$Dd.;Q>vR|g ׎󘈢-^v/a4"cGm6)$U,RKǒvWG*K Hį:1J~C/C4Yy^YŹbtJm `.5[eme.Xrq?q@!`%4xSs2vtm_#8!ܦ,K?/ 1H4i1a>#9{5a] Mp Vq]C~ɵi|p;u'AΈ>rXU׉Țw#@Y̢GcK,ԄZ؝%NqQ1_<Tbk5w/YYc%|>A<?Պʏr<>x}Z,`a!+9ED9' F.|nDpkh':-2q@  Dz Y]t3@F/:.j;P/7YŬ1erSڜ/Z1bYNIh )"y.g2d8[׌wfϖS1tW͐8O YPC]\L ^G޼wn3;}KFl! gKo1.c]{ݬ܇S+X߿O` a:ŞNveRj#Jh̷nSma;M$Gss&2tRAܗ&xBf,CK6ÄӬ|VB~ !充%Z,AƠ_'d@tdXpB7٪#:.p5 v$kw(ka Z[ y׭q_պFFԨڊ:\H_? >UkNV)?(Tcϫs?RV0jޕ<&%OJygoʺqLvi߰92t;}z錨O{ݤz- o~JW)I厭}XY'ͬr?P hx2q*=RͰɒ1)3S%f\UGnjC7·>ix ^j'.#[si90]ܥeET`j:@տ2^ _ϳ:qޱ-88xoarC2R!^1)$㾇upe(L i?u'OsmՌX1b3ꭊ7eq0lh œ|=ScecX$C!dW-cܽ%^W0 Aw>K@It#0_pu2+yGp/{b]PM(糿E@_;S Fw 7[1h}DJN ,7BECc.|+Դ-@~=> bC#! E`i")f#GMpJ{{YBz?̝RVUְ Z /]b v֍9VY?]C?ٵ0ph^v6_Prl(h$>6]6i{uM/ mB$ծJb &fCc"Wkܿ cS%&JAc0r^?A?u75cr< VoQ0r`n &Ի K6#W8LĨu~Y220;!kTV!S7 k`DE^pjs7KDddXҒ_B{;߄:'Jo~Bm9 N|D>AvUl>c6zWczIRG{<窬{ pYFi!]3cɸMHEC ӼW _X*ƙwRJ\a$cX8e4u^T y[7>yJ!a@I@ˆIԽYSr/Fyy$GOͺ ĽCXv<4[v,X]RǢnuR\7{7\!`J׹<\~t=v[R6~x4 t$!Bn+vv\53p3 %ߖQ'9JDӞ!NnFն >x`\^&'H6m@  ȶMnn-5W>} 7{&άhC{$C|@L`ACZk霖R(r `鹲6+]WGC2aĦm:ª1-W bdb{542@h)DMh޵ldbQb|C%; q9JmLB Y(w+nQOŲ YŦQv<Tm"N]qJ4O#=>OEigkL3K{I Qi-tyu5#7%(E o! EqޯtM]׾R'hZ_]!YnZJ ĸɿ?b=8?rckz&XoO`:4Z;aGLIbrlNtnH @Uq3 1rVe ڠ .wC+U&`v1lڭ]6`c r" 7Aּ)l=/3e{諀)Zњ >#ISDU͇?`DF_onC .^[|D:2e=iAGgvneN8!&.LN4J3`mνJ0JHP yDK'hS%< Őfl*Vm^}*6R5Do-$nHW /ӛv !v+F ol:rX٤] A4F)Nobړ2YWb[ !uk+P͢nu"$w#"AxGǿP&|ħW]_{S_ ˞$'Y\Bk\xPK$Zpv\w%:6<|ikǐ#J_SЬVʺ|K@Z#+ -{8ᮀ̮.p'jtUVY24vOIKQ*p%A?hdž=sͺOP±yGW}y,hfB23J[(Z \4^i\d <_MC@tF_1h ́&/B@Go:N`PscvcIٿWGGMS\:$wY: /K@IEGyLaWV,}Wo |=0 y2vK:TgNibPEYzƣFA H`jmۉrY~ʓ'm7b-Ǎ GOdT[Fd[xDph&gU 2 x~+3-̮N1`%gF'2*, ە.[#ȁ&im= F^Rua 9%/c%B+%z=^=(wuWjѓr~LG03P#<]~mExhTouyD]ӿrz(nB-X# {fvV ?9 4W ŇfWn8NfïP8}:Z}q͘Ϧ++sfY#@E[qj1 Y(Xv#D-y" EޔhLJb)BѮOP|V5P$%ݡNF7uw`m,WRPFUwy;<;â;fRBt`6G߉F c#0:hT\H٥~VF[GS6&qֿԞIiH~ۢv$dz%WC-pP:`0-z0RwE-ijFFcHS$S &ƑL^L ir |)<ug|.I;ؑ'A:'6oz^}y"TM]rG}۰5BBz%8 0b=R}8jHP)7In @5 !<kG #S˵;LOڕHɃ?@ݕLp:9~|(K8Du!.kk^.uB7@K<> ]t h z$+N8=Un j\dN*|ѯ["ZxOAVY3 eLgM¾=K܃FЦSϥzh貃6PZ玳/E42 $ km %47ǖUU tZ,1o4t8pCr&*3 4]`8-t魲;lr\,]ʀۈoX-ϩ"uNT_̚%ZVpm s Eij\#+&u&W÷iH ("QFu:4}Ɠa؍Fשm?Z9nwby3;VY!*Bw2ʗd2S[u`Ƃ=s צ7yaɿf·v{-c-@0CMuP 9t9g/ɡ}lQB*j /UH2 Qc|4^ӮwAj`5u9·L۞a!8Xu6 '\O 9%!-caikZi\"I}a4o({RqD49=Xyxr&^'Uz ~¯ё >*{*ܬ[#n ̇`$6G/Q|(0}=@ž4OQ.0%$~{I4DJBsa @v'c?Nr'C/"gFXD:Ex_|YP#||Ɗy5wF*6iߐ˙zc4U U}=#6u]kyy~x/d?fïO?]61I\LgczsK IqY=Uv;*Ku_>c[+d㔤8J':1:(aY4 W4UhwEM8)rYA ;1FO<̕e6EbJĈ'c)SE1Ǘ3N^QEOsB"X^+?߸xеaqׅ=d'Y1*T=d#eu߱\弚L:^s#} ЕR]Mھ{hȶV.95y toTH|5#UPK~ܱܐ{C:^Le: u5f"*>Bǥi^{?{f+[# 7(pQ ܷ'?a9dOЇT~TGe"9?V[5(˜MXp0=ٖ:AP VRN+O-f̺ar#g?pn `YZn&Mip ~$vq6  ZǺP@𦋟l)2y-|pvF..s6gB#p/Gߟ_sɗbFEo[ٷȲcY),UtfYAp*u3$QtZF~oZI{+<{D>qJ # mSwЮ A՗&5_L9h4΁lR)WGI43qm3W T=SBy9 #.dž]fܒO#ciPLiQuۿf}(Xw# i %a&D|lB}|_mbAkNFuCXXf,WL-u&3$0hIϴ8 )4bs%}|ĞnGQ {PwSHq=COjTh] l{c:Jƒʾ_o:֪ȣnz$!ڵsIXoa]ng`wa$( "[.,|+JfUUԹOs.,K?HK".4J…X;k&tfQt>O@RJޟqt zv|ihWGdWX힋ag`-_g&G݃C؎^G7^?=϶20˕*s o3u7'N|Ƅ[v10w.Nz Pǥe0?*aJHE_Y)L;QEQ\[Fe,W &jw+,ϛBUy6xj%jSXT2yR裸]>;%T>Χ uۅ_b]UzKBsC">w!?[4)4:u3@#Xtd$tR }3t~bB X3*}zROJpqL<ߵ KDa@kS7xv9g*SEUc;.h't`^R#*ߥ&H5h66S nzMhFt#!*xlٰ:rjۼ*̥*<LpZ0#}NYw}P!~uf/IG#z"lRЉA2S5kMp4vˮJ 숭|}`jeF T*G$+L.4 _ N0 iS<ڛ`ֲ˅tD(h„VpNHK=GoiO5Hl.ˠl TZ|̲2z/ YȬ!oWO>L6lv?p-×4/Nv^b:~' !p|y! bx-KX9"_hՠYg)drOn|тyU*KmNFnx_ˣ:w/imzz.Ӝ!y:b=d%fD<XyJY.h)"+ok 9S k%+A$++ŵqϭXݕ-#a *j} "hbLi7z9 ھg"8{Lc3cN4+$G)Ń̎E;mrPFN#KqpEd0^m닒!B‚5G&oNFRN}{銤c[.X┼m;0bx8sZ8v~&vHzVCV&mLMkU59b8Υ&q'~-MIbQN3~H.ߊ,F萜@1\ۅ5 7QE^Dr5ik-\- Zl,%_gi%D:vEOL;35&8Ƹ_N0a]iWO~2+Rc80]AԩoJ0ʳ֕V#$[ꄼ(uҚ!;~ð+ ^ȴo~Z~ pLAFaMk7Cgɞ&[{SDA@sHLʢJYkr ccF\qVXS߬O 򛠅B ~3 F{ {w MC6;tr#vLgdt- ua׬ 譤-NLN48a-t#nB"rtUa)ʒa!luÆKɀ!'eT0~{,Tc{7mn@_D/ W<1:Oܘkiᄏvg*h!Pū>irp‹޶@חK мD/V<΍ CH/FK0ڎ&Òb,,e5+cn:EUeV9=xD?)x@jlMYZ ^,@Jw?]w  Qs/0M1Ĝ]Vq S>9znLσppWf>͋Y1o/t' N*?Tf0JYT~ vn;6mª̧"}[ P e:kׂaLrDVnwXDԾ!楿dCPQ" TG)&(2UOA:]vzʌZQ{5ceY*ȁ01Wr`2wxskYl&hFtCޒ)E)YnG˯7c]@ |D>5u5|Wi4Мj#b_z<ǼD+>3n[c6ؐ*"_`.tw/H$`*~@wKK+;Ҷ/HAzϚ䷛uɁ!LrVEf0p3tiH}(P2&j [DQ|kyۼ7Y\Х9+c+IhL1J{H{`v(+@b ǭ; @O.^&Zf`{>uHsݶ,7U,VL$*dF D=ɾz4-2Gdsvd[ g3ɂ۹ -_ t dB-F-Jf7biڕؘ@P8  ==;[Avi ԯe]`{>\ 'lA]|tYIaly+ΗsNR`+:< 5DɕL9 - 4ÑL[Nq,%xy2Gsi| +\4ܛd0ՆAg(RXL7jR6 [H^Ѯ0r:B)FrդFPEd[rQTS뛖?|3UJ=!MteWZ)r%\q`1O,ZJ7;b:ˤ ]])C+hΎ!V)ХSؒ-u`r ښ;H0q w`&Ò{$3xY:GoC<`2+|JhϿ? ?jLxbfekՖIXiq? ^ 98;E6U PH}jb~iBwg)஗`|Q^m ވRH&G`N9)<tHq M`Yb:֮1dOlKk> *ѽa!.l,л2M5"cX7l\xLjI#[ -&u!4 (naM<7=s4\k\k0yۋ+Q>_Sk@Y/E$3ӴrXSGBެMH[Ğ E|u3Zܾk9sN|)g:P,XP(bYF q٪uxΑ͜?u-mk;c?$#MJ3ɬ\[FȷZ>_ ;j :ŒP״n޿ Ԇw UdyZ]kȱX+ eEM]񯰡7®VoxNL_~F* PZWMW%]7Ƀ*kc#;OU6ddTt.62ܚ >@QJ~mɧ[V9Mp߉ZF^|" ?@K-glชmɏUٙǵzeD'#zZQ]\C $ercpYն(a`JmB(S \>TŶ%y>BGc~iyk'JɲWv%?FؒKn̷C2;[v>7 Wh 5B&WaEwfsŠC2Rop0K_Ҁ d}[$˟E071ru7|ylY9eW;'*&kñ*;6#pFl.Ǻ6(F;-PP'P;\ŏnH >?ܪXJz'CJ_φVNtǹ|66pg>V |X 獨VlVo~v5.C =J:5HM %O >o{\H<zW/Vգ}AקSeJu씍S /:`# 1GZ  cq1^f(Droh:i9XFinp]n=#HyBOh]ݷ U";*Uߟzc8K>z=I{3V`CDٍؘk/˯>e~ὶ)y1FGUTȀKp+u>]޽L5Al[!ߍ!*rF([/n V#r@մrP=NH%vϴ}|"Kj.sa.XpI`1E[hPY 9N36XbsV=2c8]QCE tae_{3KF6Tq3-Um;gq EJ3_; s9;x\SY Py-~,Ԣ/d|0\T}n0ĕH!6Dza=C(BTTnd3ʄ ZXΝ8E!"M~s#ld%Oﭩẁ {u4ݣ?zQ/U*žP >AbcMG D ˒RI8BdR߶XyNSogr닑t> h>8'ա8`LFd0 B8؊./Df w'5FMujDh Y Ã瘎*VJV/Ng ~wp1cT(o?[9YЁ8Cbw ^ߡӨ#F=kpP\ WV֢sɮtSFDrϑ3'ܲoW3]Sb!rF, 2x/Ba=57SEjGIw-3$Ջ92 d=O?afC}]zpڗuݢ& 鬹,QsiμNP}YW1̂ J@+?i?1XYMey@e8P,ȝl >\ MB$ M=G{£ogڌ ,oԯ vZ16B%/SHMo腣Y@ &8e>ޣTf 3 R i&(<4hp r( h˖}??[nTmB-מK]5U>.n5fFj-EtV5*ش#,^鑢9Q>it?\)dj@Bĺoy<\VOon{4%qj_R/gG/ib7ަޞ[ܺK{qXSml9oҋ7QB>y$2?2FZ6؟y|*N+5iTHRˮ3a4:ku&t0Rif;cndcEG[< 5`Ʀ|VcHIz~0o;Z:{]8"S 5`]:FkT5c!MBm s=6ƵJ]_nL=Cg? ϊ ՁEGS e;HZm<QޅCwU,(S$*G/V*Ӭ &>3XNw;U=jZzV k!$ #|~^O3vD}]i@WDGc3t5WQ6pɿBfiG}Y6ͪ^X5cii#o{GjgQ¸tT[g S_|w.NrJt=P'~ER"YM$i~RX:w !4øN: ۡG KO^17$sv_g ( B } .x@WGɽ4V f<2BKb#a]Qu!e$`ѼX~Amř'=᳇lu߭?Sۨn Hmv[tU콴eME'><6#MXJOzdQРƒ1*>hVey)[t]_t 3,0Rf}tF3poE =&Z9\QgЈ]D]gk˂`ؓLyQ~)`aAgMqDm8wbD.nqڋ{!7FM٭"ʭk?̬V&JLC>⵮5}$ճo2d l\tk 4586^Ym0 㨃R=P3Q->a.+bvq@[t$ >$T;Gj4 AerB6w$WZ*>sĤ a6ދҼrc:CD`aﺭOls* W,~쨩mdC ?nφڞָZ=4Lz'cJ2),E *S: Nc~/iٳjZ>2a$Rd]X8cBU* bLj ɣr-<J•}y.Ol5}/(t\hV,N$}+?يtU sjpf [g(y$r+\VO ¥e{R/= ;>SootĽ(~d'O ]W9PPk5j"1ؒ0g* NxSV-Э LbAiedM u:ZsUX>el!k DQBϓe'v4rf"tUXP@Mnb~5FM&IVކlufT 6SGn]QqK^P/:+ΆC8*KlIx6J#Z&AhiD]q1% i1:е[C]7{!\n{ vC..$P=7d 'GU9ꇯ!n{huܦ-SUҍŽcvZz!Ʌ?;aL*l=_1 esUfi*"flYʶG0 ?YOov,YE]وXxN NF\ qhT<9HؐtJc#ܲ3嘷J_Ǔ44I#oSfaCs&&{ ɖOO̷(S#6=4B1VydvP_Zͱo@WՆ[_OG+=T'軟{$;c>e^{v\sYX`5&Td R-2q@1΅ >lM}հB&%h ٌEB'6m`_D#4X-6D=!<I00֓̉3Z9Oǝ0Va^/GS۝%ޙg2y 40gex\_PD9'mC)z- 8,Hb0OMnH\Tp4 VҸm!PXH=Ly[PU—+ c2=}+ugreN7L Jl\셈FlJ|m}[Vy^9;_ҲMKUPXp#@Ou-x5`6W;wP&Tj"zM8M@ ք DzH7JdOۮqNg^AD+4`$>vVH\w-ps 0rͺm˔\%AaQCd>սg 3R\a5; nqʤ LMRTWzqsPmlY4I}{o<pCuhs O&5@SbHh6l8+\[,p/鼘Жq7[z&ĉĩٞ;LJkgT=@/%q?JywL[Wa0ㆫAa4+YQt'{ZugPh}ƷR<O@L^qR%\yNS[i}fk&"ߟY!!9BerqGZL/ORynL@b,Kf3"W@B;Q]6&lbMUN^ʹZfES\^Pw{=[aenol6lSgBow>KY{~d7Ht;TTwZR{UtLVd:?n<RΝu`Kmڽ m ojlfBQ]9}l9i&t,39D3.cAeՓZb0Sяy-Kj`N__͙I>) `9IR>+nvbr%p]+NT5Ś/( |DZ2rknuaGAO?SuP<X[9AЫৼIaz=G !fw1u mPn-@7ހ*ڸ=$5td0i.y#vrC'R#iE.-0$Ly|L[SK-fPZk0É1b}frs9.wHz*5A"om#XEOxkRo 7Jyn6{|C^Oʟ;'JrŪwĭmS mnh7h01[G0X|{>_*{lЇ^_ Uy;}oa*x-MW9c| Cy )T[ K 7ή}ǓOr/C:|^{` s#1Hul-݂kdwJ'zĈCBy0\%-iiڴ L aZ#$s-n})yiTfD)Σp$Iz^V-  RSڡހKbʭ N9{E{ {V\l!l&#<<ՑR8 \#DOD2D40#6`{1R䵏Wc Z`UncJ4&Ua @oYglMJ?EŸ? `[2bܢ[M2w9 n偉r:FE1pE5,uHy 8]OX:N~DL-D>l]]`.& +~@e]sK[!kVaX5n{;AvV U4E;$,O˩g{ Jn/N˾޹Ij9;үke[M% 2[z灂y>g@TP7w)2٧kuX1*u "sR*|zKE!|sc+xWEYG\*8kjEй\w0Wk)<;oCy~=i hq{E5Nf¡w ![tLGcw!IS4dFfqhQ_ķxq40~'@ާ JCR\Le(XVs7ʄR!Sơ:f<F{Y+~mb ?E ٩Đtyܘ\:Ń)ދ0@\4 ;m2w{>܇s΀9_U'rԇ=jLI+NLPrmYi@)3kA @\ntp> Tgh@~4Dr6P,O>ihE6ߏ^+Pȩ(OpF3{K, r( ‘JJ-VBkB+YO f|*ϯ R+t Yt  Z8 .B) ʶ]f̭`f~ؕ! Yb"!XbxkD!/ԷyW·}\NZ鹩OI Yߒ%#J@:`rAZXV|GE ꤁ن!dD *^27Vm1)8Q Gk|vI'(풼"s3p-!Hw|Sѝ`=P-~bV 피ti]I(>FqC';] ve5Tms Y` ʓ~UPQ\otn'\_t-=ƒ;ęvrzC v2hB7&I( )+~@-Vlb˞hz> *2daz m)%՜y 8q<EKɎL!\WX4Kh eI^nC2FKD{n"#xA6*9e7s+,XaqV7]jK.e.oF"DNT8,B^ϼَra9{ejݯ}8VSʱrhuַ&kNr"J!14j$hU,c$ޑX9q&a:[x@$RȔ(CpfZ)@w^xem`Z۬e 1Z(iKqM]wt2{a2<%a$!nz+J{P T\3r$֋Kr} L֎fkӧyaURcyRѰ|3S,:3r{ )';K>4( R5 FbB5C+)eG7E UhtH )j3Z;<3?a~:RH1Ukh+ H ˣ i@.m1Γ`\Ae"VЏ>7Ћļֱ/OM^t\ la##).m gKDWK{$vl>!aP( 9X2)j;ݵd8& <ꜫ[+1:4lL2\766ǐ?,nOs͂)dk=O0<}*)41xcN0a {OU[hZ,El07:d4]#`7.yNOVX\֣F_ΰX*hdl?P$KKfmL SMا ?'VdzQ"$p#^g!OsEHAs61u8{PYtYpvv[N$Ji`;{v{>? ")M=޷6 ץ tԯ؋7GEoclK !#5IE<EDٟ \(a[籐3r)q?RmRjK]l#2"nc3~iz;S1zЪNrVl o7$3<zۭd\ݾ!zH+x Q4A%0roXQok*Y4߻[0`|DB9+=B>I ak vgޥ!O I!RV.z6c.)\/(}g,6 98 *ؠް}I!co<9YF,U\f=! rZwpG[ew`b޳A]am#&/2JJpzѩw0x| x?F)F[h=GSXqB(Bp95Uhʇ"v xdžKy&== dRsq BMC#(sl-3t Ӓo;c̟Q m{ٝb43\Gd!mk5bډJ&헣S-Up s΀a ںDx xU``=ǜ{Ď]TVj-#0d@>S`GXР<~9 >llEB1k!oG(I~zK;uhL1)(Kz3InFK6' ĭu5"`!)n}QS{|z<^+OM W~9JEM )AJ[&G5;&M>~Bp+y` tRU K{v/ZQ5ޮ+s2 ѡLJ 0 v:djv̏Dz.wp)8Q:f6$ !%'; 7oİʰ,qSX3Y- Qɶ(x,xG^iBǾAfk-yQzoYᐰ-lɗ)/o~{nϚ>C?JRz4ЇNEj%+`ǐkj{kr֋HmY؇ 5&O'&F`zc+X5 V}=W,W-7;B˙a}uR6tfw޻3`}_G>$e Z̙A`obWVM{4d2r`Iѕ v0EUkz-HϪg7l_}u a4=`ixĬV1qɣceF [%C4F)?QDx6ZD=ڠ4)6/DrnYfd\83X:2,ƎDj3,Qa^76=U s Uޛչ^VA*hgh,*׊Njj]٧ #2}J6 2Lʿ]`7Qk'dR+: }w<4,:?0?z[m Gq9xoXyI%z/+bf_=KnU߈gGGץ"x̅JDX,UIuǙ2 3wЩW%xh0|w!SiD8޽ <aWl,BypȉִW3‘9\4pD~?k"qb>4^QREp,.5LmbTDOD]ƘLX/kJ_"[\Lr;ts':ڴQC~6dCx6; `x; "9RE~<[ObQc\Ctqsm+^ee;d9z} ۜjlOJzAU] 8r;(|&X̫0 3zm-zW>o{=/Ȟ&W,NhbP{M|բ@QceىmWl F4/~ț0#!o\S*0;j/G^EPAd@۹H6R>Q~yVuT Ya&\Z&D$G8H:Tmj%&n `,d(&3M܈y8׉ɪFL/r~itBݪR`OBJtM}d6n;*A i {@lrr?Tn dLf2nZ>*FKͼf@\ht-㻚doAU8`&Rȅᦱ&{9z:]w0pYѣzBEww]`Y+T+Dj{'" (0T< 郢Z;wHtqoeZӁs%^!M|_BhҽdOl^V0Ǽ6H3mx)\O^W/i |v0 -v>zq Q]W S5ˣbt0FN v0 H_ DB*Hۧc}0*Rsv*a0u삿% RV}8]hc-b?bBRpJ*!(^ĕ@_d47c=o1ϕ cO V!,/6ˉtO5O@$~陴(_xa:X\+貜 #2'Qu1fgO[[RviB;뽝ms{2 .&h3EI1ﮗ6{ݯ`*&0qJZnximZY.ܻ_4TG!4O&+Y#NbWBk2E>_z!O i ߔQZ!A$U.&B9ؿjLdʸBY n6z`HmksFY~HkkjeΙH2U X#:Y;;]+n3g:,?Q"j[3[4I@@}S}#(g 0\b_db$J jcUo4@r>Lv*RcŮR?*k%[h %Uhޮh>h北Q7f+{pO x=X||`I~q$.:@\3b/"Sm62a7ߗm]X=X??@lg&r׉oC:mTӝ| ZƼ5u"ғ9,n"E~?GҡBK:V0hh-bOJ첢ı7Ak/|q'-5raҬ$FŅgX2 T0;fO6rmz쭭ʉ2UF]RWV( CNV(?b AU̇ոl**4dS3XG4hdj>,,UG@3k^i&|~pK`+t!Ew1FWG7bi6*މЯˀ?U+=!쉰A 0s wJ:q4Z;gb< Zt%gt<ڨɏh-h} F5?/@/,蔼J! rAued] SrKd\Dn&?e(zM$75Ggh7 FØiPoF`"C;_V ?7tf2)( >%?CFt*Ad3v'/$ZAIyc!AKv~yprq߷] {F|'C{cHٚgPƐkfju2g*/_Ӵh'5]C#XD+&C aiX[kǞ^"#@㎏Iy_|i˹n0!h'FF٤a>xWY_5Ձ+υ/׋y-vX6,ԟ`^.+{69il` e7H|1{b?1V8'1ƘdPعzsU30MD n?D 'ݧ}ap<Ňiׇ3Nt2 QBHi{7v^7D_/sIλ/xbG+i@"leovJQfHky"T @n= s-p=X[7Ȉǎoe8/ʅSpITGBx4QNRQ-y áf~1ZIHMEefKgfLw]CM=>7""[tK, .$:@vщZP|Ԛ_{Q$`7?gR8vrWq*XU=7a2W QP0%(?Ds eKlmpxX?fs)^_Ѥ9cZL 2t Є=N`KzˍzxԝM\4rV8C|"|uNaWOѼc4]c|osi1eۢz5Ȅ9-|k܄E`$vHвH ơ4١i :q YZw[م(֞rz$q xAT3F.\3΢%=];o^I%>ݏVYT%>nڞ{u)Wot;e=J- E*|n@n__-qh[`aYlˑ÷0͈Fo^cP:)!1Aid/O/ 沥*$34t_(A8bY ݃*PuD%I|̈́'tIc$1t7)q8~0*Ntt *r 5Te_qǖl(ٛJU|y1ha #'&F4sneõԪIľ&kLuWwFW₭ACĦ׏F.B h'j4J` v!O0j VstHf;kMakYJ'5*:;+ܸQ ?kVyt&tri*mLZe%h@Jy}]a { ['Ey7#)_}Z2rt=S<~Rov @-C1Y+Zƫ/apRRz{‘\P=^>$M5x`nh:Z R)krYޘ`'H&!V+rk xQ~z"܀8=ҨṶ֌?@(I5Mb༥OiJ) ~3|p,fR)285=H^č(#]t%2EsǬ6:.ܶCg[f6Ӱ` Y?)إigogմ$5x,HVؐ[\uF1IzAd߻y[DMYc΍{8lMh!bXg0:9RdV)]<#g Nylczڍ4)mIҫsd{= cq3nyPZZEFmhlF791dE8뢅W =u:4P-םwojIE96(4lS41-WT@6ƽA b%p>Rwg-]`G;n nFY&8Ŝb5S_vcY50В<@p!i*<ӄJ^*b$r'q`eq+XH#kIj}⟫XX0 u9Ue}"0G?&'iju m=}5nn,Wph~Pa`e=WFbUiVY"G<̶}?&bՎОнJF^nzxLysL{ۀ_ZtYsD x ?UE!Ug͖yxm{SCS|=&t9ud۰m?sa NӸ|ݢ!LBR43vuzWN"ps(E /FBVn16kߏհއ8#S0wȹi64  lMH"=Xފq'#ܞp&Iund ?qϿ x棲V`nUu4+S@>d㪂KUk¦UEp!`[_}c4&K% 'iYzv1;ɯ@MQ{+?>YZ^3#力ƈVnU|وf-d#궷 1W / {d_,e&wJ0(%#[#{,/IM .}GZ¬LZPrjGܞ9^D+=vsïlaWd#f6-y]"$W# e7yDR(?kIFYuCꌶ/e4W4׊[rG9ӆGq;DE}0hLL;XjqC1grw$QoSNΑ2A^R|(͈, 5xb J-R}G ـ_ղ.k͔ QiS[=9\ :؟҂؟k,bhGdזpPGxmՅi7n7_وfPQ( ?m2j`$<nўM#kaĚF,%;{onI:o47-B[&z`7[D%seֳr/ WO ݲʅPHk ejC8>+GNBUwP7rY 5*ņFp%ch|B?KY9fxT_qM@v: K3ƃD};m t¾ '^}d/wVK(@\sd$y:92r&eq)g&i~qUxV>er*qzz<ֽJS98*%{uҥV #]j Ȁ*>~d~*"Vۏ1|6Ѩ}o ,%2ԕTC@d SYU,% *_Șy;28]:LrglѠy\8^/VR@Y9bp6b3UnjP]m(E4bbM%Y KWH֘ `*0=F,y_sD⧈I qk:W #ןwv*c>l[Bz|~E%>snp,ѬLK,/nB5٨:o(хv.]yL)dl_/.W( 0ģtv[;d*霣&r3ar^' c# ׭4F,CP $➳* 䊤͢QJ0mQJ|tC|HM2(r6@4@EC]\2U^Y^`ʘqsHG0 0BV]^;Ŭ* 0!/a@&iWܭVg9-5`huƱ"H7=^|9.l+R_v/}8e/PW;A;$75Vjq9_7EUdj1qK;8=F ew*->ZMQXe$r{57t@f b@|3 cήlu@yz:f"ZM`? X锧%|݊7'fL`>Ta5 j{@f]Kyf$Mf1T3f[2M+~vyitНa Pp' UϚB,[cXGJS'_\\_T"ǖ5㔒˒؆ yCU%ixM(tP5^Ix0?&,!Uy$?:i >i~ȃi8ܟ: ; @#_IKPI(@/ŗ[/+F#k61ǫ~ww(PZ1ކ}B_8Q >+`+nXN\$۫&C3BDY|azʬfUf|C>*E9FzŘ̲.4 s`>cVFUeC#C7|H DRIZr(7=o;eWBʱ,wgX!,e)0#ks ɕS"|[oI~8,!+<7erY.Àn1gOQc$yGFB!Kx9k>,\(xi0{&^ٹ;},"F : (e#2*R:%J3$4Kʩ9.n9)\GLTz)wPQ&b3ɜ4 [9(AoXEM]fTE4+B;ᩨ0vZԱnWCbC#Yy"1iGWsP|gt8LtֶLKrVMHub v$G&E?8a0iJS~ZwOB$7?Z2#/ (Xq1m= uIc`;'1,=z1=Hi54"6=6#儢6+Vo_Sw*R,(dIЃ9W`~PwnZ͑nOxl$u N>0e+O(P ǾOP6]k3B3נ7E%0>b| Gǫiؖ8,Aڱ  S3Ӧ/{! c_tfǮj|֢$&y =bB 润jQqȀwldJHp6O)Dܛk{K}f\_ho]K,c] y42-Pq+y?ivJؐ&qYv 52 i^9_""~]Wouy" hxr)$ﰝY(C"!5'09 )ԔОT]rYb n5TwU pf}+ԉ}{_ǴR,'kf:)3(lvd6K-"ߕeci9viFe!uNGuJNefC5,@i|Po{3"/3Of]7G{z,&ca͋-Q݉>_dxfo%DDIM4Jc t_ >Fl$=W1;))L[PY4jR*h8RHnn0z' \n5U@qQV:e{Ӽ0ބ |7[rwއ. &a^ЙXOױ>b?uSh˕|5MoBs79]qEZoʜ1T1{"ά,U//JSlú;MLy9/1|kݺ5̓7 ף9}aI~).znxQ-Bփih- ux mBAe&:;t0P_@9݉i2m.LC. urw6~}~NC[SA~`>wU) 3Ӹ__.J}ō<l$}{B)8qiiUڣy!1鿢JK@ӓI4OGuOX i<eiN/A+iA74XpS"IyҏP _6Z ?gU«f_!#7Ң ^9B@zczvljI*_ o 6`O变:6BpYPrX׫6u$ym&E ny; dͩM9&}?0:+]<`.aַϳ>Nǒ5!s hj /Ȕ׻C9:"u|;je!mKume}Һ9];⃂͒үbbӆ:yᐧϢ$t[ vJmdh\ʕfH]&~1 Oxl [H+jj`М6T,81O)̇x5_DGǶʺ} lxU;9~R42,xʈW];3ׂlzcl?O\g#ý7@Iw0Z$MUx-8ҐOa[ez(G,#(fT2XbD|&)8p1;C5,L;KM2vP@[z/ _ pp\q%N6CaTO#:]φsyw(a/g鉦 .!|qpL߶d}O.QF LE˹/u>G ]0R; pϜM)W5wki6$Rt%SaRFʼiWfs6:m+3tPa@_i}bLjiLlJ4行iNJܴT n-K Vضm.0^&(W=vrlJlh8[wȈ`V:)nH'ǝռJSPKLhFd4.4;-!n@k(iYA0)㪉r=[>9‡>0{,VptMK55c5'Z̷_yok$b;K/QɶT4ĩP誵r^-mhfEi80`I]]/}GW]X ZI*>/wQ<_b!ȿ0)3@\dz}/Ƃ L"44(VH?twj$rfy*}?s+C"yw$anOgU,Ė8ѽvIt Wz|fg3;])AЁY÷ {J9ƹ\#lhr[gueE^99mFm)uMCZ4WL\!a&% SGR-btJax !`hфyjצ4,4uP3L:54]N=cvuy*a$^x׼<B{D3'V4+m$sQ +׍T!x  ~'(Ȉ'D {^yW%G'ƚwû&|_[nYY+ާ VxOV4NM̗$c>nRg抒YPlqzȒzk+p;xmd~n,g^iWqjpUB"F1ew@%Ho7?cI&R&gXsyvVhp!N{_.){\ju۪=*A]aUd/-|@ LBƴ@Y)}j\8г[jʅY oΊ }?"rY w\enD q.̢Dť[B:f=@hiꡥu/0cHɗUQ(0נtbY!$ an{ -dҲuΥ;(CS\ױ⦔4`ag|THJBzN2Cn0},׽'۸F f縁*>D Nk9BvILӽ _kv> 񝢟/`bœTh"IOJ [S@=N 늮jy"]6~e#Mx5A=.ʪ-L` Of25`tN^jݳ%!eA/ּ"KѸ!]:#,F٫.dʕf@+.nwj&s7Q[ RP}5vcXbF^H8S 3gaF[yw)dPK[*Hs6bt @g:m _ n@hԦ5h\"2k: !<,IFHgsbnvB4`}nF8Y!|ݥZ.{'h2ݩT4Zs~`Lx%!F (6v?8po4/]ˇ@-G_5i]]~sW6w#tocIL*h[OpmKvvT~+JXfΜޏƋ f%D3-7JP$ |L,QO*@yV0yt$062QGrWQ t)-ؔ:32hc 09!7{TqETبE]b>Po\L*3n 3ѓ!@YD0`:VwрkZF.LDtm xvqN~,Tp[> (%cD@!BTh7SosDEޏ_o+R2jU*8թOr 87Up=0~؜sHxà&~kNZsiNAbu0Eho.AprꀬV13S"ؑ@ |Kj_YQB&Ї2Z̈'IJ#;Go]E\*lWkatteuـn?EUQL~ߍֳ[PY&?Sʾs\⿚gx' 0$ƼF *F>@iJ.%6q*ױb حF{hA kׄv"bC{pӳTPI 72!X"2W0~ziwݹq٫̎%?QlUqDb*=ql=ˡlӠ۠u!4Oue.jp{_񝆞óƤFuM*kw]cHo;4Ŝor4yȒ˧;2+L>mc5(a@ycU=Sbk),GPC"tkK%~ԒoS `Nn+uic8n5A rقOsJ!8Cq1(>BAp= /?}2^d{!IjsDNd\PC_`@Ax:1G@~ek$r0 )^)!bk] $)~fXJ2$8}e{P6>ǿptfP&RG'{$u4һ[Pwp؛ڢㆺ``nʥE?OjvIdU8VCdwcoT[prI"Ί Ԡuy 1@x߷JΪZ,߻)ۗ J s *ˣ}X(xhf _^4H4;L$j` +DeEFmv6s@$'h4v)4AZ_AWGtwnTE  mc.vH }GӞ2e(|$RdhʁK-Hgsf7bUX{]>PDȄ+MSy@TˋёƟ:\l*@gGva5njv\;#cx Pcqe^/E̵( ]qu$)@=LS̯2jXlKBCHj44|D4A!XZ|`R@NQk틐ͧ v}E"j{ 2$gaюF)uf"X3xd?1Rg~dP|vc&5$VkMD,!9ZS O#&<&p+mӱiVpáx=̢/j8tMYut"9:/+/jgϔܧ Y: -zN~(03{{}U`5A܄$!InbT v'(AY1/Pu22=MgDlq;1} & h޲;]%OjiW DM`:h_=*7|a<ǜw0@fn`bV9aǤYE:ǎN9TMAT VQP̊9/Lw0O縡@Bn""L䍃PBJ w&gL/1, i}*NdF>Qو$}=8tU#hY꠆g»jAئI*:U)~/X|,xwDMH,  jh+B|kP(Qƒ^Q]w6YxEЖ2ϵtxo8c`z>R[y򗭗g9.Ŝtqׅ>㳃6I\WS6ґ!zi hi1H!5e |RO?by<Ʀc5/Fp&7;ًGlW1sʄKuA&*h?]DvA ;h9!KKY*#gŲĠ-ߺ)`E_O){Dl~ĴMo5ł<>_=Rau4"Mq`c֥7;N,+R }E"e3J @5FxW*;Ɵj -d:@,XOQ|4cHQ?nt: uV8|;So JD̦?ǎ8BptK`L`⮹K􂑭O (c9KĘ\|m0c|:ݹʗ]}\&V t z9Z+~, oVN@7[Z3up%8ZC1 TLw9(S4wV ๣4V7nLc0?)s\L944)5J ԊP2 (\m>2ȭ90q4,[)o"tlX*=hlm 2e D1dš*z /0#. ᱁]]`ZZ(,ui-q(5t =;uLkQZ=tSzla€8IO%lܿOZ %t e.03y|iMr\BYAVFOǗ? _@[kz@Y9{{隠2…Ֆ݃(yr7ʒ-lw 17dgu7TrFb OF:Eg*KÅKuY..g}. [&cZ[Ӄaײ]^SXaG`_mmpsN:s<D<+gkvUc* )?w~3ˑ>чurj^2pVvJBZq0\ f>?۞H5R^zM:5m6qǏPoJ"G(2=,*EL(iI3[?#PV`p х*1'< EM l!9]eAONjt N7X2hjߠ[^K+"OAG]3H72T3k,/b'zi0UkּĐgp-<{Yb\Ȳ;7ߠ&*9_@bwΤ=)ʃz2K }*m=\s5~ݔvl- "O*Y| XsVDp3ze  sji2h"h 5c s@5&\+h D D9l|شvҚC=YR_ɴ?p)3F >|ʮdMp@?Ֆ塩_H2.镑 X R󤊾NjfG.أ[JPA" HX:ta:[=5]I7dZo;0.Xd;MkZT+9tq B^V{Z|bW_ZB͜Q,hO,dBƆ;}V33lXskXn< s=.Bai, z=ϔ K搀%v{As4 } ZO9IYkQŅoﭖْ+׍"1w^yqkH(wKy9Fel$7]Vi_iJЏfi8|#EQa} , Fk"902u: ={L٪nԅ39;T lXl!o~>!#X_'{{ڈD>$L`Ge2O@6gqIK8u{i+d:ukU&jUs;ZK|B VQK;1Wrg3qx 40dt4)z6G4DwH-{M/;  8}~$xL{'2`YҾrWe~pֳ+-^[De h;hdHgU)yR}o5a2VkD]OIS7rnNV9 4,n([j~ݦT{!ayv˿,EF CrI1>Ԩq̘yŻ(J肿Glma$0 ]K/@8;YY )̞ԶD#}N]Ϩ%K<]חIlFp%?tS?Ov8ӊW;ڎUx%[sGi)9AVn'cb97X  ZVO׻1:'WB@c5E MͷPČݯQ{#$ej٨?vo1ǯdH>{۹}U2Ff.=녿yj@ K}Ij }˾Lm3M"fRe:VOQP@`щ(_b\)z4gg?hZwrw|r@t8߫է62fNMgǥ%z50 I]} d&㕑"qhc?[rNv_ag?AC%#vpl4C\]2=P%JӄőK]Lz~[T. JɄi0߮PrB+~4n osv[C rc^\B^*1poHX8+`qIͺIz^>D2S]L&K&GπF, Σ1XZ8LWKS9N$ݲ3@ɿRotI0, ^{C0WvOx8X\9ۈ\'vP;l48uYzoddN)9G#rvyݜֆQ"<+Hf[ ;2f T%!7:OeEԟ\ZK!} m-@}; U{eT!;Sxn.f#dF&Jj\&Z;Ä-}<4@ E :8T0K7qF쟮CeGݐc(s$hE&}]c]g<]Pvyl ۀ?כ@(b@"H@9?VԒ|R/+[-I9n?Bʛ LOc@.JrǓс&=Q,cJ.zY(2Z bFg^,vzvg ?y-d1hN0% <„KDr~`sGH5_U0Nd,z=nͽJV 0_M4vfCـ;UQІ@_t@ȹ sרTCQ{mX.3*c,B aYˡzƽR`jKrB1@Aֶ 3Yzj_D_!1Wv5ށX@IdUumHw]Q^bE[-S0w;s@i $G}$^$<̕xv& T4Ycwzm0PdFoA _᳍Dh/4,FNIiCaR5I`C0[#^0A~܁ݳ< h==oR|=D[u[0ܹZC5ק=?c3YHF}*P“z˸`)oGۦG1bP_֗(w"fJR0}HfW1c Qv'^^sF G b#sR3k^6;^arHJ~(.!5ڐM洙'Zl3ccЃckt[VM`[Zo큿rCk7OULYIûeOE%mE)p fKx$VfIRӖqg*Fq{-l,͢ ~o.YkxQc[,Dwˬ'f9 5.ޱ`m;,b>wh6}luBSm-c3G.7  - xks1v5zDNMzT!mm<N,˔˹ѕAVn@A˒G̼P;/2gD^f3)B^ݲ%L]v(û9wV7\!ɔ*{{̬y\c;d8CZX]R**?q_sE]D2vzez̃墚h~Ї6㐧)h#j/Qm-&n4N R<qb{g:E9wF!XOpAEnt8r@HOhp92ܼhѶ\Pܮ@_v\/I}XpWOKB!^C ~],׌19[=X>rSd3Z4'~cڽwjJN'*RB>Vf.^!e3LfGDVulj!Iy]*"|@k#BɄyg#rbi=ocy-zbO{x@oH ,w~5AkِʭF46V01a7"}K,@OEݶj~c1B? @lX2,j e UelzlGKbjw%f$F),`S3ǿhוtWCgAd1 -;U51xEJIPn $$=?N8{6bmaJͣ'4̤#Qކ"/(txeKgx@;O|@R@||M/ż6?DYVz,G$8(dо*D hs=QYEkĂ -Lw{;Ͻa bydgu N/2;%`ؤpp@'97p[P Ϯ$T=D )鄟ؾ\!b%i 9Aʔ}KyBm6ԧ?:$) &4,q3jt=4tyr:LOǻu/6<}.WhS@44NV(Gzt@+ZmA=)ˀu E`iCs8 3I(|n tr."L<&r;3%MWQ'G譅"v?>m3ar|T=ߐ K]ӽѕK|GeE_O#Ÿyv'!ǪfkH,(柅4/Ú!jFg#ǡwYǷƚV=`]F1UjTJh?T{E1v0UO=^]MI0Jq*!.o!  ;](K1?%z> fТ6,z xxR|^OH\TT+0C: z5`fɖ\ Uzrժ6a(i~Jf9{RsҳA{9mKݲ5.O`ijHQ\Qċ1m˼4ǞiH3F0%[6M_pĞ. NdԧDC0f )d̼ޚyʧQ\XXaJܗr7븏yP7vn֍ gޡ-2L=u܁yEF"е|Ks7)婾MX Xte RFY}HTRd8*8ԝfWGt•_N>gѝSQX#XcZRߟSK.9SSr$vV#2ROͶzhA .m(qs uu ߊ<`$8}fȻ*v>) ~:r,9/cFeę]"}6g_s۶xfǒ[W򴫠#.S32dzR~`K:Hb}N$OBv ѹX~9ü܊vKA2΄圆T)K-ު:F<_ı &1ڨ'KqOt"EU4HheU+vOl?1ӯ3)"o4nUu\?! t<> H%CʕR:;]nRAFͰh "O)\h$i>νC`eWh ,Lsl6FNFW4륣Oi"Ub;.>i34Lr%uktUWgp"NqEST˛bָ['7V8 ъ+2 җ$(_YfT/l&Bn? g0] a4\Lu*!ypi~ tKO9q迦 .j` ʣB{l&ٵ/#HЛdYжpr9u}V z=/o]D<(zH5+D@,ekN#Kښgy:`"9?O>Y:W͹Q7M>sY6_7]Gk )[Fx$؅o{@`)Yv?GȀmJNSgmv+V(">H?&M΃o&v^ ;R :k/ (>լ;L 5ey q-%8J5k@ƽeRhKM6v ꤀m+ryR´kdFf( tȣnE#&z~4_:#qχ-o)^_@o2\DyU!Ck JA2'5_y |$wT=D=HNh]\PX(o@: |XRy&g^3gG&r gMB=֧Z5FG?V{Գ3?6RX>dD|6a0!.\h(au>̑oV'&fQ([11ckMM55 T_ |}۔b |NgE4Mi/0I uuqT O%>R=ҶzXR{7Y?N?c>rxmz/"jȍ9S6-eqӍI 02 o*,$F$,51`Wm]cF?K&zAa@~m?wY%9Lӡ)oOZxEĿG)V_.HygBF.x 3^ڻFy2LӶ~ߛF7smk/C1dLSgTruAR`Rw}Q'86=[2k`]ذsz` P?jJO '}0Նd8"=E"j" 7VǤUYA:Q8)ށhX-@{l>R=Y hAǭg[]5ϰPF8-y6Z:."F~xL4 |WV%X#dx K7VbF5bl1 /gѲKTB]ߌn+$V% lRV_1W*'M]?3IkG5gu?T3LctڽXuw*2!>ꆋ!Y]] =2r,.>#AU|ܮo{۪鷩k{t0{) ߭"1 Rv_3'j<|x R؜ v3Kdaʪs_0F$`)ht0$ ivHtOrς@b]Jy\o^g~E(俢=0wT ׊YcALX1yEe2H;\7δG/[YMR=wp]xFFs{h/fdpq[ɻyr>MIïwN@}TUr<ٙlcV-[Q2)<4˴d~.j®0 רh91z)ϛt$89WU>mLb˵bֵI,6k}%C0)3&)\͐nlXF*6{j/]&~PR3F[8&{+ Mlx~- d}2)(uJжFUL&_N¹3d_H-D0 ׼ԋ,R3f.*[>{j ffƿC6L4gEC"H C8(dƍt n+`ڱ3٣ ffL&M_y79 xU:xmٲK˅6X@E~bS(:nd|& ؐĘ|'gruzRASCT8o?"F A즠ǖݖyj`7\iGp(vF_H= ֱ럌0yy[>x*˹l֎>5H2H]ҧI 1LdhA<=jǍNDH N5qy~@mQ¤|`OI  56}5LTA>^_ߍ^_U݂1W ;穣k7o/V6ct7@%+Φܑ6o*(>K-pCk78w *8șwλz&K❌^ Kt4J*a.+q}Pg:S qd.;*<,Gt:ewďxXs agDfTS8\+`ԾOJvm~uaeEu0ŝq0XqSz QtyeQ JMMk jx`SX{+_ { N{LMQPF2BHՖLeyA"ܹ.ф9PbR_uLJewø^P@_vUs^4fM:=ΊM[3ܻ&oAVbbWA_jY$ؠHFٚؿ!t2]wK(;51,1ߤytcoO$Dp"M%94f|Iy66 hN5"hx[Ns؆Xг*Ա/]y[}+ zJzcOOy̩<&l7#! eEBw 6d@3.ܴNA/(IN }uN愕Yb|cGdX I  K;o 7wg:Rzg|ׄz},vYΥg(#,GJiF"Z"A^T d/B挊XMnJYofM= y\INwS/ ȥ瀇FfƮY uRx;uc#*e>:`SJ^t pX!DqS)z5?' ry,Sq# n!VFxj~MQf4juV#R{n\RJ%]e,bpԆ2 I:ڈ{ռD'b7)ܘȫ@wKu3D7CGI@%ݰwtըFX#׷Ȟ 54a7>z}Mb䟬]NbIz5r5A= ? SUO|+2xە0sf]9({qfvʶn:WO1- 6Eq6mYiЬh-?cE"kJSF[[Xh(q5ۈе?=u!'U9l>8I%Q?qKZ>QdenF%yaF~=0i~Ryv\aLxcEjy>DE;lڰ!qwF!?HLA?{)Ts.h^N,{s4~o5O7\.c ٴ'J5;3>lQZ!s/;WMY L|yJzvw{▧զF ' Q3S# j1K,O$Blj03314 <='Hu$kL#XT%=Nx)R%wU/h^nr3q9鋆2c_Ì놵> ?h? rd3P_P{/[2@ZYL w0,yYp~*/iT$f?5F}4/BnN0P4k~8w:u`iqUrm?U8g<aX+d\0\ 3}왌[0awv'l6(dpҪ%kֈ\!uIrt$ o ++\JnPy.nH$p|$w?&Ÿ:TƸyi{&ȓ(1jZܤ \핍!j\%=3 +/ciMobIJ rUHYN!ױC5aU5 PyʚXдvڎ>#^Tm`n`]E  R#QG8>BKh`ц% Tli C% J2Y(.Z*0+# -, zu#Nq5'wn8WD!Oso=Ї!vƄHnCY;ѩҢ|0'OK3N!nuvI*xޒ?#Cї[2 {SdVmg#aKb i WR4BnU, #T-iϣьS8BAsHlOp}1-A?XdHÈ{% E)Yjv& W90`l_b{HڠQ6rp 7 _NVάpغf%U-/bq8wI6GqpﶎLI,YTL Wl0-J_]lm)]񔺛ok"" X2̴S$ # F*MVP.#6e%KRrQ1Ź^,h-CЖ].Sz&cWؔX곬)'msC *Ɨm,kI$U6EkQ)Ѯ%.KW\zCƖ>MdQt裢2  -:tyD ۦd42O@@2̝|)<$~gY؏3M&|EX?ң9Y{.Ht<)|]Hz'nVi&<Thv6hѭFW@$D*kQb jRin}hwab1EyYJ9hcD;H]a#;]8d7+"KdY)V$4ʄw~L*KF]$Q(Ԙzxh1 اL1,onlQ ,y6Tޔ-{z\Ȳ7q _ӿ/'w~%K[0K5Y]" 'Կ1(ue=Ffr#e/AmHnX/,2Pܙ^!2 ]o;ͤ X̸0!u&7xВq]l4'!98{bG´*/S_K;:Gb[h4-4_ŻU+"ݲ;ۢ;»\~RTo94C"ޤk`)N_Og.rq;=9DUͽ)/)GZ W0P҇/uj;/4zD:97=KR &f @Aq~zǻ' jґ#0V:sJ@!X8mImO ՁMuun%6q2KdChߑjF^G_j vO۔I:ap XZv.AL"uIJ\)qsfmoE_.z(]#䬓 GvQS` Rʴ FM9&UzhяG +ĸK4& ;$uGNadD%Ś_rST&ӕSfIլ4c~ ] hv_0p* PKrin [bs<w +w/=jEZ iNLvg1nh $)!s%MMӜ )~A0v0eY|' wjZhǵ7m$w"!EO:9lwKrFԙtOא._J,Dg3 N$ uZ%dEE|BO6ɆzZ׍(#}=%vJ}p3`QyT@$ nZ #Fv4?u+f٣2 ʟ\JY7[=S,kTe 650T?셣PO`v^#bb,wT_roT!0^<  }qM ˆz!RRykJ&qVoeS&:9QZ޷׌!҉ H9duʧ+4`$3uVĦ݈&$@*J'= (pTVԔZAYN7)"e3 אF哋ûmo%/ęV nmV[Ѭ2's`cc#x!ndNQNg"O2<Mȇ:; S¹٬TaHemy˲{:R?},!DU-Pt:] ccJնJ4C1ף(ޤK( pY A{IKx&>johTG'bEMS[<MfG_r -ߞ<] ә]mhK,Za ^H޽ceo[k`MSFͩY.]FNW_3-}џT(|\ՌeFy-IǤ mzK]v,jc k4AKح_&'h?ɦ6`J8-Zo`(>kd\S JK/M v{5 9DLzyrm='NH:\ @Ypg6#yq%>X=>؋7lԿPi uO*oWX{ǔȯZ}b!OBWD;ԋTLDSnBr̥o3йu@x!${b A?3K$RD<S&mL>f:۾Rft[_)Dhvn]1ā1W=9䊆si=ueu5~S6PTQH7A˰Yer"N;-#=GOXWO/p0|l7P͇:siIb4 ()k{{f=K8syp`Pa-6߳*q< a5A+cWx"ck|j|xi{qއGڧ'IU1v1FglԷ4`Lx"t]D5#β2__x4l^r)%J1Q'ۑz],ˋ|DFUdrÃȶAV`oϨ ,M:4 qf6eR#b;#r^{ndiX07wNf[@ sb0ªr_"44t!Ch=t཭S%riRȲ؄Ea}97DLݽc,O>%FGG>PE{w5/MV& Sm1hf9bZN[+AZdgMCQ%Yװz- 2q~Cv!Ie#0ͱM0ə2SQ-ea.Xchs1ۅ{}3[sH\5K3z yGҎ NBf.|]2[wU =[p ~ @F_50k^ + T}K%F5)>?DyG/@zl\AQ("h_ý3? VȀNHs,i;=c,0EItBsy2Կrj{1T*Nm[Q eP@+o3p۳+c /Q'~¡.-S mOTi@c:4/5^ZȏXΤk3\+QnDqon&6.XT%b^;Ocw"A`%V,Kͣ KOؿN jDޱ88ӊE*N4Sat<ŦwU?t1j*Gn7Oq6C %?a>/D9yIC+ohSgOPħ?MJ+j M^$^jYʰ١_ZIWT `6j!] "VrQâ/~ M"g h4U!bE%Uc8ϋp _a}/y-s@~P]qUx 3skLfD^cV|g!ũLm=G] 67rt O`ж IU&gw'ۖ|& Fq=&zG񈛊C8hE^ 8$I왩-ļRU ;:_> K. JxE&KPCTV6cr y+,=,wji>L+k$r%J]( Pl/S;tô9S?+/m]c^: 4` |%9}wsyKY =7lpҠl GbiԼzkDSQUQvB T=Nh=~!וo]I#pfbEdpI3.j-f'9V#kM<㎇YĠ"עzo/Ӕ.PA+ciݿÉP*6:o\O]Ҥio Bdu>un&TL5zt {9@pbJp\r&lL6v5w_vGa+.n*vYG&! Љxpb֢s*')!1{[%M_gSi] ژι¶HurV3֏ >o;~$Tm_vÿ+E\4.Oے&JLdHcV C>kDe#0שI9$,Lj.[>>j+N.* eʮ`0h "BC^XV[ :lju{7贤sw62oS ,zPu!Ƽ$<[(t4jF(a8:O3wM,&YFM?w}j_,eVldy} 1g׺N-43&JSՊGCᙒʱL\u[&pgK:4!skW"גVU~B}}1 oA΄BOa~2ӲEFuB4RԃB5EY%5yk . roښA`]+ Maj E^]x#|5┠%^QLwň,|*;7QZE;'NLK[}ǛLhX" qexnq%ug 84@U#͸?OW>doU7,N:*6Ϳ<](=LzR C1.%bJ\Z*m]f?hw1RbxګW+BF/eAX Y Mg΂?oֆJTvLj,+H;#Sȫ Ew Ae hżr v5;d (Snhf3$(0]) җN+&Iv: W >}ĤY Gz MըV3ITQw3EVZs,Zզl59X;7zL16~me-a |Nj]. ęXׯ@ h^0#M=N]RQ8KF6YjͯI`QŇ#2G_~ c! u u _'Y;C;9' |6qO?za蛸/Fα(FUSezyϙA_/ˣ^sMoiRǡ[c=yD Q3yF2υIQ[I\ }\ 9ȉӉțYÛ̈́oFiya(0 n r`F|WмP@}I3Έ[tbb,S6N=$=T׃Gy,kE$|Cˋ7N uC煂AU%Ўo;IdïLrRfFKPOu5Rʄx@k[ܺQf;5KI恆%,8~}b7}spv4owTjbC-w -KO*=]=i| -5稼:v|JSh ^Y3h8H35N8ByVrw 51*,R3*$5b LFjf& Vbn2sh[XDNށ,9DawN㊋E UXU `ܝQzV#?z pGGl$5 H'ynԧ?.-+S“/ \0`#j}3ժwGd 7VCܖ䌡s {LI,Oj HKlLW!7x#=\objל!hIRxS}wh:㜣)$gp9_RS8a{sv7Ǝ̛@qHED$B]Ԇ]@&i}OA 8;8,ЭP #׷5|`w70drw/}"`vaj& "trO@* @1X}f٬p4B$wYepAWp5],!ϰ2tKZ'ܦg(_q .qFoq,y9b廰k[A&i?Gۂ'x#O3l!!Qd >)ߡ{C~ x[uor.̚d]|4rfX⛬/O*L8O譶c@OQ'L&G^]Pz'Q SY1OWeI#YGyCo3x12]| ~l1_%=gq.R=ǤI,ȢUH Z ^uJʔGEVg:$~^-+ ;N Ȋ"G@Oе-Vw *cE Yp$`IZe6OL59iPqDmS ז"+F6%"vSSW8t c5ɖ(͚,`6^$sғ{P}5~l8U0W\މ>cعkP)`2Gc;>NY]/ˢ,*L!e,Dj2qqr9B>]rV9/$ave"Q DRV.O]qO٘MjAz:dk &uwW=}r͎ix g\Kϕo4:IJ 63`ʺXegۼEe|KG3`V\-ͼiٗvD&f fTmtmMW`4ZBھܾ΍;sX-S܇AqT\\/"Lpr>(by)߼wL8'*Tvf dq]Q$F,egu!p+]F~~DS72Am3i^t3NeD >+uNãõ $}k@+&u2yP^]}_ *JltMܒ~ hyK'ҟ&)f;>0VLn%PfDTjDgq:t+dc`?JfvBGcG\hObLX85u\JVH]ƄkۧZ8crf LlҢ"~3QL z=[7Dq, Xnzˏ-|$&^v݃%-9BVV5:"@G&w5LXd;ѸJٰU۠Q9b8nܙ`&(md:^ LCes:0C+) 3LGݦV+Kς&6 b&0^ E%K9YqؽNn>իbGN7P:f;(tӦ3& J"9}CVrD'V1v_}:$a]TÀpIZɨ~hPVQrjK H)7_q`G@bo?MP(p Hn`tQ:'@ ٫Y'avVocU%:6*ܖoK?: }A)0[WiOk#C 3S?t BZ Xl #2VfUIe"^[hjTUrxy25х劎1`PF_˭+z[pWU8&a*dXyQH!'&7V], mx& dN!W,GfX|ZlN4ߞX5 u<qQorz6)FѼl +ӑe~me'6Wo`L`rS_kM8`czUeG>t-!/k</t .[Weۆ>sbYm5aAx><7cm\iQzEo:C(ASM" 4\v d^`C` NSfP+ MTqaaMUe%O!2d^!DGfgU7-sr>\HջqO#=^N2aiN/o1p} 2a40`LG]>Gi*]?mNt*ERd}4^YlXܸGofQ ߻ 2/rB ,P@ 5Vjdug%;%Bd:S H:osxX)'+\\wrdhqdUqI}7=J &}[}Kzfz5 8#L'kk] Rtpl*"~#>rOVڐU й;5 ;)@߰]oGT0:].`fqaN([[N2T[ۢO#<>xzL#jwyhAhyV^bwc*P_ ^B i|5U5Ν`9Apmet{-ʭ2jΒ;D`+ADWusƈbDZHFC}-@6ճ &vFQL/DsY*oJ'oWǡ M:J{Yƅx2ï Ud$DM[> ɾz؎S0luܱJ% W#/RFtBU Z&`(y{`mc0^RE gJ8)tBJ;zқ'Gv|)$K0; )ɜ+ZH$KCaM*ᇊB(,+r2*c?c n~?_hZDZVO<5Ri H1[;k$QeYUUN2k@^'wLiIff$7Y6UfAw#^$%FiA^:07;͒7-Z=SO8k,G `#F}\-\CO,Jyj亷\A#qA}tOGXtuݮІ{Yţ.-0-K6k2wII@ vW'yJFczE(c9^8'+ 0kQ УP"!Ni8UnZN76]R8́kl D?'#_9f*@TCBMT!adofjViL60>bNpmR^H. 2go1 Q) .O"Dv-Ń}P럳8AxV2E=]̩Mkb(Mūswr<چaE&-QluKtxٰB g;Xn4Dt0⸖zpfQ0 +֐1y% lNԯkGWV:#*JEwsGO(V;ݍoEƝnJ4Śf) ^y :Nv{VVʩRC>7FR6伺\&Lه+8ʽ7 \^)lsk3wn, ml .Ok}Fre0?oZoztZ違S{۟9Z[뉡)![/k qn[q~1 esN܅`N- {<V^7>n k׌(X&Eћ!{Yߪ~Аc̔15-y%b$ +M4 :쾂 Q'8JY ƞ!o4sZ̙;O0 Ld$'Wc{9Ed:K #i [־5iz H|G&-lOHT(Jٕg;% 4|0-Od6͗2=̅4'NLÉ Y1Q(N6˙*,ޕCSl}*/՘z0DZ$hķ6"Ǵ'd`90omM=x/: U2"_Gopb3W/Cj?&٦n~wWs lF\ Kz`#r>apn[_~վ*%MZpdWCO븿SƔ̧a"Ys APd>mƀ++ptȧ,^ ;#HU$W0%+8 |g1<~r۽* 18;y֛Ehsjbփbх.Rp_02(iT;9|U.5jҜuhC${*} b^P[4gэۭeâ$ת(zOqn>h UJ9" KfD DY؄8J7ӠgzF(*=9WV 4*@=ĈT nOPb=kWKK_M`]k#g։_+ t:`!f _ŵˮnTX[̘P8mW/le]a B>]dJ=s)EH\֩ZPm[޿ॵ?ty>J acfD nc-hX L!c: "4˘nFyU v{ a7 HBGdrW Ǵr%S wdpHB [9i$E0-?Eft^Pٸw 6mji }1rp{aU9he*d;ĉ'@ JMl G7ﮄkҖ搾 HH+#V`+|]g}*$r>өqWZbe$;^]cpQ9̈]wLX?rk8zEi@5Lwj+W^<ȟ{kxgfV]FdITi!bs`!wM۔vX٥JE%&5i b䌍>ɻ; yB1/1҃DVG[ bY2$0:"3#Gt!S~ŋg|F(#W$J"z^kt( @i=cT%i `z oƔ`?Ƥ%D̀ m5N`UamKPS5A7 ]g-e>' 5Ӡh`gR &@P_Y S4g覟2TS'ƻTM;."5>ZηbLsh|ZHK DEgNuXmm15,9]_^[hIk `\˷aug^Bay2΢S_  G sm=({ǰRMǠCaX9y\UYܑ Fc {;IU1E_/GBM7ةծ"YTA#FCpjؗ `k&V2|V+=J,/N NjL+ T'_ ek. SyE 9`1}O7w^O kF0JZ!LN_--2)wU'$ڞuPa0}Gm> 6rS1 ߽EZY6 R/P,/PDUN@4hfK-3M+ӾE*=.YĊ]7ͫJFS ,3w*[=xr RDJhm×@| +vgV]ƀ+Ug=0O\He1^j_( ߼}&Ɓ0ׁ'A=?"(0Y.KaRD·\KY^Hi5Mρ7,X+Bӈ5a'X#8yºn%6S0}&ۺY+!V^D)1=|,oL_hbliyplrwa<;H:vS$< Kgm`9L]C#@ʘ3!Yara؎|U,kV U_xʫ!N-L4"_bQu%&=)b)b#ⲿhG eKމtlxQ1SA@vt,*{}s&0`f0SKZ_Uso0b=+yf{Eр$=|4W(f>>5T'~.AcQDX"!t؞k{MV`YjP`[mUOFsZvM8yt.*45p\)jYxCrڴyEB鑞nhTٟfd+ȷ+(tI$RL>uLG9f.zQnucQNThs&8|E!O=EbiкuaqW/PmIW/'ҏcd[c}ȦgGH\}+sn+\8_g&fL5kS`@6dohwN U8* o/# O,#tjq雞PfI*`-@vױKzLALxo[=x~pObXy TTi*ӍDcښDI[0w}B ~zP*;F/y<)KA"XYv^jU{+X]fjՀk_ʳ *s’k'O7-;D`Z*SӢӶ4{kv||1ySsMg#MNlߵ$Qŷa[Clu·u@Wo[\KY,!P{^9 y -j>&Zf崙IT,Vp~*dȥRسc[ lj@ԋ0xӄh g+rĤp:q}=?|p`D9+/ڇt7&fci|xUbCٸT EB}Ov4! wZ¢ԴTbC98(yY2%P!rZqK1}XG?7crQ0?$b 3~-^2A*$D X6?TETcnBJy82{]EoaZvoRP՝D4%'RUѼ\P8?1Dpdu/u+n ʈmYG>?9(?):w]#6O'9 7{NjËrb NyFhovPꂮ? a.yk% DScO qvڨ~NNfnf!鵒AuwIU&jLh##RVYC#༥QΗIX͵̣h9Mؒ(+"UMoH~_u#Os֓Z#%Bƅ"QLj4s GAݥT0J3 l+e F>|+ķNEf1^Ԝ=pDdi ;}fOlzgdN١?TxtBd,M;u 6VC!ଳFfdgT Xs p#TNB6ԁca9qM'ҦFO"P%3 e"ID܃}PKM1@F,+wܘ[!J:z4>< :0ҡ+aAȮ(es+v3V!BB  W-529d%IU26t*g]}uYjX^?K9eb04Q ޤHguE8u[vF)^7 a$8qZ`yuCFQAZ]$_y)v <o'XD`gV:7-N^(cH I0nDx O?vL$nomg4dQC.TMU§;̅epW !um-yZ|ТX c#l]c-=c![_9Q Y'n|{xc:A fVp^ %Nhuqth02Qޚß1Դ@m ƺĿzQdcNW>ڳ4-Z%Ğv^cfAO80H-3D6K~]St6Z=hpeXk;ǭr'꪿UWv*лBHÝhd~Ckcŵgd!կK_D hŚ(g~Žϓ(RU0ո%nȘIrJ1m$5tc8J9=~^79}Mro&wV&2(,)?vALڃZ+k2luL(ZMdQ}ͣ.޺z:DJ@j?< >Ř8>L0\'H{-JL4i:@ŋ_'Pw)Q\)Fxw| %a0 mu9|s(N h2wa~2b"$nXc4{C_}`ߞjқEƩx%ą~z?GN-2r.7svƤw'#wsuj5q cn|Dq9cW҅Uf@]0y9)+o.#“^( *aqjM2VL#5Gz T ɕhR"CFtd,ݖ•e̡ j9BHM"K=M+aޏgyD-K YWi|YRk:re>H29gP7^3J`7l ^Vh{*4M'.g=9rl`V#Iy[9@ (ۆ Nc۫@dHTW3t؆ޅ+vDyhq6PO޶#v9OT.)jݲ\:vM! mj@ m݇1yөRb-irwVHk#6zwew #xHH&Q?RAk3ې:b3vRYt (hA K*=cLpR+ĩ޵IA di጑q1`atmbr }T]e' (h,h4O &Ԛt4:CQ\QZ u6ZS/+~y3™DTT0Ka+-EnTG5}$s-XsM-G[ȇհ|ϜKa W7hpL26e$sȫEz ѱ=ΩG?TԪܡ#mn6F(Ljҵ]8{˼Oٱg[fcS/,r1bm^1ñO$@Rݸ5AMιZwv6^ :GȮ̮,f \EiՊ˳߄J+9-/S^Hān*;7ɧK6Pd}AHRY6k&h5iXe .`34DtP6>_G)8\9i}Q<64(([~~lC:j4vEZ8oRg/<2/VƆD_:Pb391`[RX@gATSquOz&gB,o.^IaQu\ zA&H xN)ܾRׁ8Ƀŗp:VM Luk ƧL${Ss9t[D@U7yXɸQ=zR]uSz/: Vfj#aX<o|32ArK|u2hW3eR/ʴ$JGֿ53 LrV!Y8l."^4f~fT8~yJԧ+Cw_vhNbSAKuAiŁq/@ݖ5j9i~}{*E?Q 9JOQEo66C08zV!X"E:\ǣ  XK*:Y1NNE?-+6*xw+~KҸ[nN'|/ r-BXR+ V]%.^_M%8`x풘pUȗJvZ=7ʘ`ޑ-01+W76s\b?l_\WLSTKQ_#"]u-0Rfrǿ*DxfҿU҉:r{M, >1?{[FI|!(S"Exh${?_>J$yPe(Sᤢ+~OE~4ϔcēJ=dx_ B#Hv([V۹A[@x&zqwbEa]P8Vr>m7)I1-!噧FeV&Wae֌]F'^Pfl2",(aѶ"8{5QPj oz9&##yF5^As:=m!$]@b ,S_juvP;qXJ٦vSԂ@99s:tK/΋n\n&+=ϝ>#* ;u։^3FS(sQ3(ҥ0d٘SRftVURxkkYMȇBa.,)̜S^Nk%"0f 6Oklf ݞ8s*8FbmU!7_C3Ov rHB 68[_%2 lf2FKw(,.:/.}/?PuFe"Ouyrn=rIn޾_.w[rj-fe6kABv2~ <_v>yaBkyinΔ0jMs ";`ƙ.ThdT< 1` X֯[xYP:,(O9{iYK2.tCw,0 !^Ƚj.aMQg8yu _ Tn',+1BhIl^gܥu[-Ț+h3%pbFMJ2Hs˾ꇖs%fZ}>d7'TkTG̖x}8, 6aa" g8&xӰaǛJ(}0F֓Eo}|.L8l޷Vi PM2{[KnE0Gw۵K " Y Ş1:u&$_?GU^g.TB ~B:ׯjAN-~Zb l]L~. 1ueFr3Y0DDYgl |I}p}wOL&ټW,!xaC 3ciq v2 _[ɕ(sNj7{^u`,zLDX^#',5zQ PӖTB1 ZLK PFy)0ƣɭې'ҥ;y<|:WI&pwJեFUYSs% t+hŽ ܑ0| ~YDq;ЎP#lYDbR,B8-jo ϟT~HPX "^d{ʛpH'lr5(&~+ė=?yCaMqKvީZ_cVuPiJn|$ Sk&3s*H|{#ikX•Lh>z >mxtpyr0J-,w=Włՠ4K@A?;d]&ςw)Rc&?z" 2lڂ+8lؗ)ViV p2˝0N66QLuW %RGC^oŞ D++;siZYh@u b?CԴ1EXΒ'}bS!.^*'kM IkOPpoTo?.520ڗ:;ʷr&M쾂غ-%r/@ F jF$u5w2*C+i-Zg|i4 L;},x{Ǭ<0D6~Jm7\Vx{rx*ۼ^Dݶ3y&=gϧp_֨ŊWBԊyiпB vx5vƭvNZ]ueErN/hT-ϋajTɦ2ZT|ܚH7ȤπqgVPo3 0_HaR3lHZqhD3P(6Zڅ&S5!vc AZh2T3ą)trU 5PiFtdT%vir|oS8R舙6aaҖ@Yçk1[3s/7fQǫ8FhNYPFbuQa S03"(;6 k>,`?!YA~VN_hV6i2dB,$E4 i ˳& tWɨ,F ,g{9@C6$joPRQ冮[R v/{Gs}V#1WS0\d*Ϸ/9Z8 6>@ 0Gb4hL IfRZ8 f:zJO+z(T*w3%4ݿѦ`ǗhNϮ`1`KU o`GEtk~M˵m^jФ{}N0׉vHSQTuNP!_w~_WA-]@FCܮ\BUiۄ$NK^JWqTFG{R~wu!祧]Ppr(59:QQФ|LB7W5PHWrbn${ߞEtl5\X}A9!iK;s}Ha~%/QwvB|oyHD֙ ˑ(W𑪑lp! c&}<.!GP[z2vF>% Trrr[ wI/.'֒RA$ӻHi1ނn^_c^'zO:Љ0GP2 [B{bLuo$0اvŒ}fv'$%EET^Qc*Bay% PH,B)v|K[LzX0-Nn'\l(wUx?EpPbq`0_Dܤp"n il؀/ԃ Z*vӌ<תv dgɡI?5C34rhcB%L4:w\0>hnNi@dJԹG2%'q _l6ޓڐhnϮ*1ӷ+jyR$ƞW];ZN|o\Q>) E5y3m[p~(anmߒ0럏l ])9ρGc2=u'FBGZ`I )pӄ菖k e"Sz2/lp%_~ Fay :a\ +
    sot-*,9IԖG$,OD;P.Z'JaEMɌ1B}Tp_ˏ~%!7- CG8O|?jų9Z!ub>nrj47Q[r5ygj38J ȌMV$>m#!i;.~|0!R첨 1>u참^ywBIs}4S!>ߡ]`EAyM/t2 W-֩QUHckn`A w$ozXǸDM -6G,gPCCg_JUkf8l[sxHy{,JS8=ݸۧ4 Ov>Bpx`{9/p2AbK̏>zM{41$S75Fd U`꜐]BVP>L{_w`]I(l^)nfS!30A|so;9Sk8iWO1P(f._H{ysXrJrM=I&Ԯwdn/1#w֐ίOć$~GyO{"SQAaR\AjUWClfgeL-( i} Ąv1 (IAt{ŽG4Upg m sGJf> L P q34p؀5Pa36^Y>Pi\jmagNڣ, tsc[a͐,'I7X9MJ'bEP.r!hyQ͚guBob&>p~CA|0pLr>,=5xBх??[^J=4ע؜ ;.ɱbfV< ^hmp^']w" -P$YRTꙦk/I6ѽQa盲ѿ?ӑZ6KV,kSA(wpv/ܡoBņx4gZKq< :!MLd`Ns+$QoO ͬ-tl!T[ȟY"Cu.$x0{`ʭ6:"ћ2]qa ]X+E$t5t[d=Bʢ)i!_ƂS$)aS` GR])6Vm`*5@~'Cdz/̌oXX(*iLy!k3U K`f~>_.rKlJH!0A~ xRUGV! Z8d7R(;o?w9n{BUfn7(/ h]h7b@-6%*gZg`Yݏ_k]~TQCnb-oݧeF\@3]#\pNIR&RX5o͛z};?] R+ɍ|:AsN#qĶIN׃ƟxΤ1[!3^ 'V*Pٱwj w[lm'ӡ5+ÒZrM|id" 2Taì64+E5yŤ/5 A454#A󈯢*<` a2kd%oC. F,Ujmz:xBJi RTo5ŃkYF~{xabG*"1I9uR Eޜw&^~. ִ8/y.xiF_ ~rο#( 6t-@X>4@.&3ս-xwdAjI2P1 F?Csq%nh? < X:{ V'r J\k!|XX`(%ͬ凱M8wͬ,ws:xֵr﶐n?.u\BeVv>NujW ;RWѰj/4_k1,v=Fr>hp2)T">JI ӓ= nGv}4ADZ#;Ms(cנBoV c6B6=7ʠslkOa[Чh6De.+j.c*=ߥHc qjH };ƣեbԝh`yzGެ~0l$t"@( d[^HgC*:N{[V_Cy}BS>BEk tʂ'wQ 8%_Y&REJ㨢0nݯQ:Q/(svxfRmf5,g24CԤs_!,"N B!dW)ּh@Wg9nԇo,Z/z*wVTT`| z}5ʯ`x'iKJ3%AxkɸsX0n^c hB fc$IM(^OV]3 D>Z2.$/m0_zÆrB9}EcBot;{e*2 .n>t, fKzNQlDʘ")Җ,ܓ{>ԩ>I8Lig 1!?=-7tZj$(VWJݵ+Pk(# ab| ugN4L߂a[ h›8%r a)a\ V/U}?CWaynZ}SC! zBJ3By@F *5L^WgY@g[]Ap@a =Lp9 ,]J} auD}QDS$/ZC /T ?;`:Qi/_nVh77s{0t3sc/[ Y.鷂&d[PHxp"D֗&mՕjܵ7@vPKRK D 48&`if|D+G#<'ljQR˖b31+lI1(ft'"-|:@UR}[ yk'`GMs^ssk@ 辐WCW܌'ޚ?^~;y ~_jt;IZĘ "ϯ.'W|v=Mjdm5<0@*8kaZbfFaOU5Ӧ_cV`y=9atȡ9ʒn9^@={{#Ymݕt h{EzTՇAh]+5܈Qd,KM7='2?,!nldc$xݤєCOF:lN-k-76ۡ94%!D=3h9a=[Y.Ikq/llư)V貈[-9%q&ɚdH-+KN̶|CtxܴFާrAIo'/DJP/Tg TaUW`[EWft|eͻWĹ2C+3* K7d:j҆Kje|ʙE*|W>u%5[5Ws#ACcZ̒ۙGI >#Ui:}$RH"v: Ks:o.^M $[&rD_6- {xCB}Lkz @8ɟϩLd>LЫTZIrN7ղW\O߽~D°Nm.^9WJd\y肋U! $k֭%o"mGuH%{+6يx8|˞p-3"ea##툍+x74h0K*y9 Y 73'T\?tpCL"P6 EQׁ S/N\=fZ}YIm<;4&#PcJD =Z1v؞HqQI,|Zh"2й & x+gX {!ӹ;ש9(FlEm?^|p߇}gJ<[g=aA:sVF P ^W))Eu[?u;{ZZ3!F!Y9;6:kk_RF(D\Hd%ꈾDgbHnlX}3-}3x#<^@F;l WWaPihx%g5W!N}4|nxWS/6 ѐ*%ְ0QI8uO_]f1df=i DM|/9) ߎwuEJkt||p*7%}zeL 5=,Lr@Rmj1gCuc<>y״)EŹVg{ID67qz OI0%]|7rS&¡c*B.9-_ίi~("V?sKtj/e݃0*l՘mLq(L NZ%9͙`sw'ŕP5Rvʤ.P7`:ŠwVpWx{-T w}RUj5āUӫ/x,#vj$B~WmҦM`ސpqzِ2yK J_QzDVwឆ/O(Ν}C v ݓc: ǿ[#y wfT{,N6rTɵbBdЉW3#*{\9 {&ή8сthn~K'g[cⷱ9:bK[v@N`( JF_5«LxqWMBHǎ0bҤݷyZ!.vS:87ؾI٘r_pY p|y** 9Eٗ DhjOʞ4h px2"q^bazݗ1 Ēvt{~̋OmՓ=̔_:ٙ2I|C'o^`kbkunrZEEoHXcvq#%TM!b5=M_c'|nDieyw4ہ&}Hޏ%ft=k9ԊHk #XBaK5Ql^ IJ#EeiVij6&+khEU r=;44<8k湌3|tyԦ޽_({{]թr:A$ x[RY!Z]νo Zx^|:'?- 0>[zWC8?†ei4K ۞: 7{o-NV4;`-Hw~q?Z j[K5J .< Mı4:jls6T} xVԹ8:tY1-`%[}$Dʘ+y5eMqt!@w{l q=oaҷШs_΄NRS:yk: %s&b%?E>xh ?az?porl]kTjFA?+4ќG)Kϱe=,mN+MD\p?Vs#/Fe*y!DN5 /֪(Ayۻ.T)^$Mj8RLPohkwD5mc3v0G0<-~X:=8$wE}UKs<@]r'R'|`Q.MGY'!&U`lI&O$:_Y)oe(!ph(f:,X~"mWϹ''tIl/_0t^g_ G7xRR]õ.ŷ;ktH=Mj*%nEL`ǚCdHgJv7n[<7 D< ¹җ`Ihg}[\q/k5"Aݡ>E|;8|]Z%Դ[\Y9IHa 0.Pu;;8Va22ؑD?:a{EnʛNZ%{f:wR+Y hۤcSpm֘Il}AN]g0$)dvCyZ16wCkEA84plsB bqiP$1/eQ >\aL?9@ƾp]dy< bIeR>ɴ0օuXWdA[|R{'ULV& .wpCC'"!jauMuZApe&50JL]oGk-TB֬w# \"35u]* m5\" vCw%]J=t MPGԺƅwʡ>+ޙbR9>x-yx>:sr7ulpᆯw=&}.+4(pl&2 +2M#>|ˮ~geM_@YS%Hu"FM$ݙqMyqP;ieLEp =Eexi8_A8afGnҖ3O4%*L0sBM@_rWLVZ]"9Y.I?r>N|E$;ˁУ5mOp:` `HwMsk uQ^WP̛ sk~aEHA?C]١Xpa3撍|A{)7bYi)'qBqa-X`B-o$~(iPg~A [s"tpX]݈W=J-SȞcwfxԗCuT~ҶЂW)EN,zpn0:zGt := 'tk(K1}^G:v-vU 3OT&cU]yvjNZmXOatPz*+ԟWol_uJ\/&<\#mnXk '!^33;SxW1&6ALmTA$^cfQ#N.y)0bT E8UDIU#`h.030}"7VdnimW;iH8ͷ\:},p#|~7΂<8Q*:Dq Fq.tjH* +aڼ-&kt06d}^=#41nwSCpl|l `Zkpb#)P!THH3ɴ3~#sJYv/'[o)Bu8ELBVBCeM`mwx``놔x` ] Je ZK7GgC ՜Z8픕}gVzM^C.@fM:?-ت~6usI eD/bpM~ $U%T WUV9х;]0}2 @fEOc\ϓư'- 7Y®6Dڥ=P61b%%h3% {3բ΄'f(~9cGn0(\4  b\dqoaV/;#X=`=@vԠgŶXgcT9BA]8V 0sD8E'9BWFu19(Խ[{zQ?AuJ+<<7:`h.+G}rIMwaa 4-!{)|; xT^JkŸ9أkF-vY-(T> mMoKaCm,_S}gG[[qGcڜW05P7@@mq]U+%nźApš=`@*To#O-Si@4B!*L1. 'G1 mqVSɇi:J]D'i,ͬһyl>2AEs\:ɸ/e!$Ciq?w/CDzoA2aA+'4{DECOKg4bӢ`4 ,6"·Z8Ѵ1 q+ P (T9C1,SeeӰmJ1u(O&_Vz40 YIOZ\SϫU< AYY^^0Wb3̈́j%Z"2{ozܿ9mh&䊮GCL]pKkyW-q.֪>  1v3[[8OYbټsW} j/lrw8?KHeS13b굲='R`83 "9̐5c2O;dR8M9!?Zamlp< НR=؛FPPk6<7oND?%V&0u{UsfQ}^ݝ{0{{ |jk8dx T# 7V>o.Tה׷ӱl6zC(Qb8XaGD֡dr(tmo3"s 7H\oW@፷NqP?AV3q0QJ$re e!) .IOy'c9-L#sӛ\T4q?3Txgll]kl;VDj}2xG ct(7jw83͏!ِp5P7L`k  RSs< n|t'_P3  q$af@ ۏ bȴ.0qm 3_֤}䉧@1Cd2A"Z/2b[T8%xg<7r*'HqdH@7q=Lp^-esyJ]zzKߢ*Qg/lxn|]m/ ocѢ$ aX/mB.Yf@$LJ*4^粹9f*@snc-z2=-4IUOcNL? ďnxJ?Q%&A+T?N7DpXmk5ss)g*޻M{x=VlWOp@?>O9pTxϐ).$[-|JyƌGt*'8L|@*^51 Ta\Dj<FāxOpaaStG:h)^XᱼJ*x>-0c$Tb!ߐ.>hZTZ2|=$kӸ e|FL݇?_3Kxas'zpvB`PUh9fٽq )A~/JCf!vo2hsROVP~%" bɈahn΢ڪ|u+OC yQOp2&Pzxn;B=`1/!U<M2' 2_[1媢^+Z,¨Y^˽Aޜc$hDj27WVr~b3ѐ~se2eȷID 6B 4Jv;ϳ$W?}s K0!=;8h.I~& \dr|K\wAE/ę"?u~(GG o3?Px4/bIQ6 QROa#υ.D}!}˓Tc"~<<.G{ \:_|Km'rs+"d?x[D}o2w: Zf2 8۽%4WN Hb>9u/юTDޓ`LwNxcQأ*tusɁa0$b}"͋qD嗍(Dc ,2A\Ӿxn?Ӈ"rV0SxqGדCB0 VDy#I-<ɇLnk2"c<)m$"۬Sk+oh4x Ya" lgT*#x%6CcۄW [WI1M+hf>$>4l9zwI+ߦǬ'B=ʍ&!.HʼMUx, G$̼ƭg]ѿ%}FJ2'К6=ȈշUYNaZ* m ?.2P~ 7:E Bb $6a ]/Gk⬯u eZ!c-vJ-S!14@5U^=)F)ǎ|H[_¾(q /" GW4!$xom>C"$2<~o9;t }"#w;/=||O7az1TU). 4^=#VTu ;:.\]"A/*?nVsݪVpgaVzltW8N ~JxA&.J>TݽBlW)62C&9q(LtS nηy\çu>-8*9`331M(:Kj )<`/|*;$; )Oo˳'bd:M-k^bo=AtZ)VSJ_0;HۦY{Iw=yג((IA27$Iבѽ6 ;̿1⨰%HLnX:4w`gℽCqeh\9_& SܹzY Z `#-ac1FbgmLKٚù*/oEܜ7&,-(FfoEVW[)Qmy&;Ȉ@}MbbdaQj<GaX$C7ԭ Uj(aM=]ȵk rQ\+eTZ0k] Oc:#O?GP)(>Sž3iut9T1o(+mSɐ:e_]F~0x)Vzi2>#Ή?K|mxy %'>T=HcǀT;֏26/wPV9KYv=|X)Eo>c4wޛ :5܄ig7uHJUd4ֆꥴE`Q1z'Z1MWk EEiR][JKCk}yLg<uC[ )b)T&i?J#b4HCHA (c73߭T,K>*Eae⒭mh2 0b%Cp7v˶JL\ڃ? zl7gUoͬ*CsqMĕ_Yi7I&n8tyHlBӕႳ-»}҄BR[B`-5tC7?~Ԣ9C4~rAU0;޳s~QVutw*QM=AQ8nD[$r[1&\@&)xDg8*HђK#u7ڹW,f!{ 0-9lc{6("ǩ$|pKKK@ Nٗ%f?-aOB6"=/ƽ-~:viϹETQo0%RוUmJt=an `M~/a)!7976Hccη<̘zx[Eٱ1 :yXk wOq+.|ajn]<~E"M,ɾ͔b+ɛh!쭐 $i<)*:baː#%h"d2:1O u{!j͠$sq>J+n/}DZ1!KRភ[}D*pϲu!dE w"Qפ;AIoN5<G Ihw_;%NXKÁJS~U+BSn>Y5f6/ ,{a%aKc;|ĉ7%Xm$,1\hyGh< dvKX 񖾛`L?%SN*Ç5I `xG5qA UzE["+a9;ޜQ?`܇"5>da/XiTĴ|b?ЙmsS/tijy[,9: R*#Dp0@tPf- }EKoҾR+}Pyk+jY'1$b.!A)u[?:t"5&ʗGa:yAgD p@vR(S~IeK SՆHCNU #$x]ml ^(82t%zDZC|켎MG\FlpJ[ST"NQю9Gf"Yx cawP[۸i8&WI9=8,T, &2NJj,ɻ@9[^M9hT7^o;j(CsNEt?yCHylJ~оpà,e|fEt]/E }{SA;o͸1SrN{n2`p{b,Fã .,=Zཡ27Cq'<PJLeB2kHD9`pǁߪK xpJhLl}I|UT}C=a~g %&jcl(*iH[kΑQS#g#Z\x?8Cҙ2Ҡ`b8Hu=-ťI)-ef YwِMSƨ,ڣ02KT'\'zGX+w#xǷ5ҵк~(>scԶL_sϽvU{d5Z&8-*# UG'e J#D1ؖx# 22єk2 wL?LW13aG$ess^J= niE+ pZ{qR*ᚋj)~C |h WH%ۏ_b'TX.Bɇcб2&Ϭwט]>ruh"||<3n*2GVԟWP$=@A_'w'5ఔqIe҇OB`BװB>GݢWzNk:UNZglO?bE lI ƥྡྷƎً|ercaq,?1ai~$QLIxhuVIW/OƵD&e!IIJh+w4#PO;T􋶰vȒ48Q\f,ԍ: {p*;vd>xPݝwDHq/FbgW%!e܍Rآ<)vNۤܛ@q>&4y< 71YUr wUg ٳCH/#j`6^^%RXKM `E#fL1f[`e%>c|G^4S9Yyp|oG] Ѱ;twCZ|E7rQM 5r<>! ,%: &f~/%J!aobu}8g_ylF L^0|4G* k]' Z4ߢ#u^ۼO)T|RH_hMpjOz9>ϒ{&b/AéfLбO @!UhM|o_Y)[_H s5r(^`BGƳ'i$ ǣEewʻ~=쁹;iBd j1h~Dtxz1t#\/8Z~7슠fJKXhP2+хT3 ;z)SJ(l1b[ To*aFR'mo.`c8(sf7u%[E 6yq` Lj4?ފ=*5lb"~Rsjh%E[ O"qqs $MO=hLs?Ŀҩ'²ޭ"VAzՠOR5gMlA8-[J"%9u޵ix%lܩ><}9l߯3^ai1Zȟ582WbwR=BHGV\SorWF9cTÈk1R91A,Rn4a}JA3"7%az0AiXB%SHE^"$v!C݌mrL gN [Dt i⊺0BkVnű_b7:ߺzADag P] 'x|SiѸ%LIj^zqE@@|sEq3W$ݧ\Bީa7.EIF)PRrՎEH0cߴ?'uYgxw/I"W'>$x.n˞oKD׻`=&vnXR!E3 7Tti0Wӡ SŎ{ĆJzvc{>A\h)] vBi%u2R^Nkj&ThziFS)  jPq)IȭJ9hK'D))#1Xh{XH}W{εhʾb}pW*5Rw;2;OCʊD[}- \. 0sӓ,# /$}f񰙴4˲\}: \qV :~a>ÂXmꧢ1=ǸU vÆSfq 7GD/{eFм*-#m8x58Vmr~B~!0:MmD<7mA;A{bvWOY`ᵙn?+Ȍk+WGH^Y~|/E5QZqC$ۮߵU}}TY;YkU*嶧(7_ݬLUӠ4;g:wD&(MfnVCdp(QݘMStj1X6q:˜2 0F7myH _@]F$jX镣>+M:NVLk]4!Gsu38iςC `yƘ *sx\Fxj*ˁZ#,PF{BwֆD-(^;$،:r;X rpXʹ~5)$3dG4"{?b`sN9uw?RBQ c܍lvy[lc%i a̍Ni, s^NT@e\R =1p[,+/FUVTZlׯ]ٰ7PRUbaCvO N5V ý5 NN R5nvAHZK|ֆW( 9.nׯ]_m4ww 6;'WU&DVVZZ+qvFG(5vظ$ KfGm^Uj/C/g|OOx] 쵴6=40LWm)2jU]HP/`e1BbqW~d<ojs>$dD8"3l[L 廘wzhu7=p3Uo{lBpk_`OB@)G%3kF U՚$G:~v̻Q%XkĹ;>0QL7KĶspݞ>ԉ߹)u2<\6l^TIi.C@/SmdJ5%6G\o.|'x! n4Y*.SHiL} Q":|VAtyy+H2ћur^Ktm(oS8ݓ-/Y]Svw˸-K|+-Pz"RyQ&rlp\͗M\6#遍YDs6;oao{46"|r,:RiL PlL#z`ߤwvy,sj6\%gCBv%%c7JҦ nLwlÐKN1xa];Mn/h:?i_=H;vR\)nN#r9Fy z7nDisBhSW8[pB/ZIcTu]>eԵF4ϋ;tЧ<yܿFښ{ڟ_M-%QedeBHf.J2*ͦsqkv3v%@9\'[7|d`+(!-ek:x+aKV[#2zEZvm/Xw@4?jW&$: 3;( RDw#963N:3_>ՃzWy0ڤT"=uHn_՝g{MYCʪW븘'K ߣ A22[þ~̺t;&2jKRkr˧r.Wm҇2 K0iN[%zb>lX=L﨣x%E˦Rc JEĵe@՚[|e_ x)kvjKwHl+pY^l U l*ENwq 49>{AM]gj̢|VA;M`f{t<Bŵ[66%Mp)L/PX&2b-Yg8>kxtdpulMjk:X )oqy,~⫰jAYDͣn; T` 7ws-gJK%)ZM,EjV(dP1S,ltCBHҮ8ѿbH/J`E/'k#9 TM_YN-Joxs$`U\ W!6`=jIq;(٬랴%Ӗ2Ah6An( #r1^%f_5ыK߯wKGAfK1g4qIwѯ+ҏƸX; }a"[ߎHlh}/ܥ<܇Zj>1mp{ݯHBTvF(׌:M-K~/:~牲h$g2tj~(vwynF~rPdzP> ӉȔM1n0=D&=Fەt$N-fJdfx @jZP]GnRKKmw; }hkJ3DV*]}۳1`dM+*z.DF HD-Y]Qhk쯢xMyvhIFyggh3BTЋodݔm ,IZg =2bL$\BaU,/i`?-:nwwG-?0iaӥF,a)Ѽs^!]ݒgx/'m :ӣ @澑HXXU-"cuV^=nZ@;Q89QYض_>bn #g--r S2 O2RM{BE՟\9/wQJ),ӣ85砲;H `MoEgq A>ݢ*n_G+W&)#n'L::_6rI/&=\)Ƭx!Ҫ7=szrĥu\J,@PJ7ir|{{QYSI m^n^-J5$<!]nFXw"רnmjyq$GQ| 3/K&dm-kѸ):DVf|@ފI25fZ')P-UnkHsWx([im#Y~ %Ŗ%뾭ޱȅ-}!!S\FxHqo{a(2 0 =v4S~s}Bi`U͘WVɚ#o.pEc@!k4Rt`Zl,{D2&^_Zf4e`sv=k jO>,pOd֑ȑuN__O Mo7jM k V ).kt ;vkVbc'jߣ*J YZ