sssd-common-pac-2.5.0-1.el8 >  A `çiU]&=<G;$@6Hfީr 4e*{cL(Zp89ʩMQ_7Xw*ƳEnY}D,(lGd/6gB|72KL.{ໞK`z! q Oo9r7lÅ 8^%.hQZ=#ѝ{<b_Ez_p_V~(sb}yyȐpϹ4K9,G[9& KՆA(GV‹cMBx}j7;y`&gS2V#*t.ݹN"InQc枌#Ga|3= ykW9*?q6G MoG(Aa7>` $4rsY9i@Gƪ-_y5-3;ƅ(}0t6114a5f8c65e63b4fa48bcda08be5c3cc7b57e069f899d88a3cda684c25b48a40a6cc0fed666c75b4c752b096f118f42cbd69a004L`çhU]/`(Ⱦ [cڞAkY;Gs3PZ3*ߊ el9=K7G|‚B~oy:EJOꫭACv9O zڼ-Tj*K5@UTD̵'CHܞd1 a.)!T@>]p<]?]d  P 'DJTl x   " Ph55 L5( 8 9:^GXHXIXXXYX\Y]Y(^Y}bYd[Oe[Tf[Wl[Yt[tu[v[w\x\y\/]t]x]~]Csssd-common-pac2.5.01.el8Common files needed for supporting PAC processingProvides common files needed by SSSD providers such as IPA and Active Directory for handling Kerberos PACs.`åcx86-01.mbox.centos.orgCentOSCentOSGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxx86_64%bxKAAA큤`åS`åS`åS`å$`åS`12c3ace6339031e82457c30be8712f4f38f68d27dcf7473f0cf209ec1510cb2268ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903../../../../usr/libexec/sssd/sssd_pacrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.5.0-1.el8.src.rpmsssd-common-pacsssd-common-pac(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @libbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.28)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.4()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2.5)(64bit)libglib-2.0.so.0()(64bit)libini_config.so.5()(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-standard.so.0()(64bit)libndr.so.1()(64bit)libndr.so.1(NDR_0.0.1)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libsamba-util.so.0()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_iface.so()(64bit)libsss_sbus.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-common2.5.0-1.el83.0.4-14.6.0-14.0-15.2-12.5.0-1.el84.14.3` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)2.5.0-1.el82.5.0-1.el8.build-ida2b98fd3254d601b4993f49661a1fe508fdfbca6sssd_pacsssd-common-pacCOPYING/usr/lib//usr/lib/.build-id//usr/lib/.build-id/a2//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-common-pac/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2x86_64-redhat-linux-gnudirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=a2b98fd3254d601b4993f49661a1fe508fdfbca6, strippedASCII text/RR(RRR#R,R.RRRRRRR*R R RRRRR"R&RRRRR+RRRRRRRRRR R'R$R%R R-R)R R RR2utf-8e2e79b976437d3b8c90ea323e65764733eb151a55c1dbd8e7b7069948a90d2d8?@7zXZ !#,e] b2u jӫ`(y,xoI&׾Z$ erQ<5 e8o\Ѵ!k~wٕĽE..pT&r{P`jf"sW:Az!e$.|;v ?s7Uo^!1H7ƕ'ۂgx6gXp$t|pviU˾k*;/séTju8#_iLA '~&=Tʒ,FT/?*2da$oQH{YU{nƀccm7ZFtϛta0r {Wݤ2pk(&xZcg#޴c &^1N' ꠈY™Ib6D"1+İS a4[޹J:Eg}fm5&cTV^nxK}ڀ탙`G%՚j\&|pE<'2AM- ĊWGo8kr{a "E@NP [-Q8(4'LVKj$xxC0\Ww^@z3(!p#?s{TLwv(M\a(tl91j&UtˀrCkLԤhqB4\;?kn0z@٭}`~/׮ؕB Jj(N#7b MSTZCEp0eH Lx4?;Pw5:ޒ;\?HJ V kߘϾeEi0,ej€7س#Cl,oIX a+ <8нȄ3 _rY-2lyT.daY@gK CHdp fο{mSB`u\c4_O t㯵͢&.tjx=Gpvg11f(̎nD`ɵ]Ӳ1dm5̟h ѻDy1(_md&/x:bYinn#BV6 5$ F64VoeTWiR?qLa(]B.G]aZKt8L>pݪCDsej IE.VpD"0y` OL1k-lsKuvgRAK|0a5NgiOQ*\NU'^:>jN!vF){B*U>o7D.wLRstUKbl\p-!,g_<-ݼ?:YoWzT:^-H0AƆaqLtW"0w#d**Aӕ. "jp^WH#%K 0d8zu%.U_$bhvbZ:as]߾af:ٙZ+/:!VIUdg8Rx&iO}$sA( p&v{5XjGQhpۖ?F.$02Vq]JjD$8&<^9~mݵe_jK+4::X]];t5 2PdŰJSf1"Ԑ帿@G(ReѠ$>!G0$J$44 3d6`gǁ?o-F /:?PJ8:t8 - 5!cL;B9 n7ᄠbQ@J?r2-6<} {$1diEUn>X:4wwhͯ:lZ$su SHLA;iuΉɍZq(G-J45bv_~0eҷCw?z[~w:e;%E1SQ<& 'f<-j"y1ZAMDvUk N %~HxEM7Ȅ+@p5|/pI1&sI{0>TG[.6-fdP#}fÇP4%# h`CRkkM,D94RŨ;LN8ė|Bnk͛60زlـ50R~M\8#I .M,E̮ Sޟn ="Z. ]("UCi/"Pu .ڧM--[ O2\f:c:SA3mrB؇-NN#PDG*k7T8q:*/YMco<)}"(?R9b$L={Ƌe1FϷlP",^KlzH.M O6GƂz` K-lP /"h (% `p;?U|jED(XS"%7sG4Ǽ{h13tN$gU P[#{Gb>A^puIHj9 ޴(d2|=|nq>'U5]}*\E+bdM%5:>D ZHP3히8|PaEC,A2a@G^ӝq?&Bdغ 71\Z~g(x4pՕ6h+?pN2mIhӶ~^O;iIYd%k/\״RvvG>? cuIm$ʬx7Sb^y͏zZ8&b0mؤ_"ǞhN, wr`#X;%dbHn\rAxsǣ9>I0UY5Ipb :rgTYQ9zW+ .ע7L&ջ a):5UbpĊ%a :ZU`,A6a Wy3dW{r!lT+>Tp&OiTJ=8l|}%}&+Tq;^7czfTGJ6yK6w[=S->;^"X- BWHB .cF }W-:[f߸ȭs@rU9)R|.=LgKڼTxJԞYro2{m0~=AVkB؂2P"1\D) [7j_qޖK%bQErVޕ0;t|׼YIbVWi/j1&>SJHԙSWq&n sTMd4DriD-oZn10@^G(gSk{I#(2P:@ހtP֥L)ht}(C0!yK&WVэsɤ4ZD(2`e$LKpsQ532Ty0R=A0W?= o^; د(*&̂>4^T $9h-r5Ǝ%Fgԯ= ,.S9AM>DZ[4?Sv ӝb]!VT0-[uAY,DmUƵ\ ĔK$"/ V [mUlCy0om d4+*`nyXq#XwényaJS;SM*V 4>powf wl,Ad9$ex@;E3_װX1'V]m(`6Hji͖}A<ն6@FC1op~8e@@m)@^ rμݸߕh†.I8g.* \jǥI0Bxj8{.~ËsX|{pϨ(d{i06znyi;@̛H#s ImRˠ]U`.ׂ-={9*֜f%$ .~r`նʟ!ZI$K埂z9X[qڄ>5dM~feo5@ٯl:"su+^*殻&*Mߴ c*q6 S6y[c%DD%2sr յ^hS&8̅"hhN&@PЮ\G\Zdx5H\n!I",ԁ\ڦ3;mPʚ*;e"%0L ? ^?}?զǬ[BZ A_>nYVɶj pOIRxJܚ3% %Rx4q rɭ(N2 $1G>'ןi ,30?[sM0 LO@c< "h3c!WX+ۯAgQ*P&F1meؕeb!#NB1^(a^Brꨠ gKml'R$A Z$}aB;@2! )I^Aje:O84„&Sl]4\DB텆Bl1/1w={D2\dlwQ|ZsgeFnK6-D;Lv/ziWV!M'es\qU5GaG:!musr5VLX+"1rfh9z|3Fe$72Q]4_s<6n߯_+fttC #k \+xBM9%]$]! &Behk\zONn]z ]y Id:Fk׶?fh>B?Ez8$חX_y|Ej ^| i\ h0$u8Gs3 :NK2"aѴnlSgG0[+pC2q{2 kQPNѭ3 1(?r~E 5Kg7B1@ *;7xҚa.I㴤 ~(K,Ą jqm,(eH~x{Nj!*Up#P - lر]Ar h#gW_pАKiüIm)\-3FW?kX^A_UXe/a J<@*!86k!HvAHAqEUni~lDoͮd^ ^Dӗ4Ho$rJ+R:"24Uc~5x2 ,提-@iiFeN5:m.(xc+7-j+?a.m!Lf5Bg0A,<=A'㰹aDڑQGg%%pH@x/U+[C g柼RsJD(16qVaգq4,XRJ3TWZy<+3Sq}L(cKĹDX!rNXIC•Xuy48)@^Rrݍ/Pw_K"Mp; ZjyAߞz{4WEP=)7 ^{K*z2+ܲ@3 n ou:bX74b2y]ʐ)Qڞ+HH{6Ov@W&l',(k7B72fAχ?aP]´1<ap [+mVaÐ<^(9/U;eE',2<73QX2vjO?ʀ;Ku7KV4py2 eKA:g):b 4Y2l_M1{}:G(4\c/b͐fz+JM %"Ȕ$5)U_<}[^%rO*u6Ky9hEq;-VV3..,$x~֎DɚG=RL w"qG*lƦEuy|J,xȩ*3~ʡ?ҔܫINV(}LGiThqVdGHZKe'!f,̀\:U1axv\^B3:oY޽kk3_9Ԁ8& RKyZ:>jab*3ƫSN8-vX: ` =gܲ $mA΀}0CP+7 =:1bbRg?Gh/z<4}'3,Q u }獭z3IKS05"^h؛*b|;?Ubprw ^?e]+ BF&]x#׏#t~Hۣ3QEqnb" :'@9'Y:T;Ö3JQY HgWe ~uvx5R \i [!)KâDiQ\߯2SkR #Bvg@%Ka)b x_> w+ 72,No.I7$g#F"_do75E2jƠUrc;]=L!첬ҵp3ۭP]<U-y-!Fk)]U:zzi $R|tBayL9Dz>hѨ*}eiot= pz)`(o6CqEZCo ϟZkƣ#})BH9u[x7k) i,C 1[ǧ`o}XcY0Đ!!;"jW~ͨؼh] l\H:4 "#0 A}-TQKN[&H^ C:2f<ʇ1exv%$Ό2XoJ9G}wtͨץ SA j{"S,d=kw)pCy :D1LnȦpMQO x.+'.OO@Gk Ƙ|c&N;AWL%5ЍA^ ;.9@{::v-ԏ{CW8y%m{GkњbA;]mdv3o p¡7*5!'u^႒;nM' xs m)& Hr8C`6<~ⵦ-<-;T^8``"<o-Hvˆ2iiZY |qo)B,L\5v2n> HM4Wuf ,syr@_K Re7Kv I=K|Piy@ }%/ne:H T-7JQНw.-Kڱ7S}kÞ:Bz`ufVŖN?"^4g*~XDMw ?lw߂߃?6}Z̑ Io۠e崸Wr= KU= qkPd'wŨp " V5P973e*GFHc-<6"u_a] 3hV̌ K7-Ȥ*%c la͢-$[=脾Ͱa"( qL6q9ܔ1nBFy:2C[⢨qr߉ey 74^+K{]?kNӄbRrN=33MPkY"RZk[iCvCqXGg$ 6LѤS[r>{ݼ+媰Sn;JOzeip@-^gi,ޒY[W0o̙#0uo9HRTsѪbCFsθsOoXq]*I =ACBH\ :D|h~rŎt>Y>$ܥmY.GTD㉗f$.tIQy%~)iB&)[:Yx:'J2` tYIvгQ/jBMd)d iJ#u":I? R+qrLaH4wW9ͣpruiO}kpiҨP`<-DypJɱ9d(@ DZ!F)X)D:/ǝ N6iHL8^G3FJ rVp˲ iSZ<P.J!ۀeTr&f"pXN2q44 P#e|Aw;Wq;LRMKt@n3lǯ,L;^ z~cz{D+{!,#?;yfWW`x| -{,qkx|8 h |=x%o#%^B N//`xF 3/l zb#nn.l)cF; X'@4A~aIGhyE@-JMbSlP&!:)Xk-YIoa&[nXP 0Ћ5.9dCgh5bf$N/9ʞ8`59TdbWÌNj"@˺ 24kW|m(׈ZE@5>*/s`&F&o yB0%J(t.p^)ڇϑdF:G1_:YTX:h2e,azrI =>5X;m@潤eX+]yWٽ<=cIP);&O*"NcwaԂ)pPD{zA_fi&k #~G4Sbb9֪KpBεp-lvϚ69~mޯ@ 4yǘ\_ ;F VwBj;&[{OKgp6JP[Nqvp1)9=$DY3E 28A]kFqѵzB{# ɸMܵ/HJ2:uQΑ&[06a/ 8HNj$R _"VQ N$IٚVȭ; WDk<`k;-J|XAb@ NeA*<8E~su@x" (s-л# (Y4F`hͤ n'T9IƻxLyP3,e|Oj_xr%2]nj[cMqT^Mg[`K'K,zt{cOVc-yY:[{R%Tᖖ6SJouN|'6Rv͵:9fddMHʡwHۼ]nF_s~KVOLANdiRH-1%* Imj>RpM8Rf #毾aFgYJ he߯SS+ysZ}< yjQVmff9b-5*obLɫضQniGN&2t ߡW1/X7DO; FҔPPZ Č<ˈTqd{%JcYNys8OD]i \ı`Uoʧ*/EloPw#[7V_3I A/bZy|ŷ>wKsRBM޺>^ܗ9 *>;-N9kKf} 7l|FݻqZ%bvo?R?N8Xi*eEl.'EUK 9nRKò<yC81L,:,pW]τ"khrmɃN%sT{ʴ?H8ud۳ĵ<a Oa„}2X"S*e;ke_ge'b!l>sT$gV_ [N^չS&)֞R cֲZ=I.ʋ f_ OPs j9J*?eq;:Q)9RIplL^[4X5C#J?<2\/X}G*aC2xNĚ-7YiU S sJ8)Η$LT&?`D3e\]ʲS#KF٪!rG|Tz(dL(!9Nqͽ-bBMÜçkkGvV)`Ӝ̗ԈB`\]3ʙ0td+zxe>c0R󅉭u f߷$S . |dƯgu" |yZ(pQf8$2h\3؝{^ Dc33*.axh ϐh.'Cŕ-qh[p!w'2ļϋbQY u{56v'SSr%[2g\kmيP#/dGl6 ! InOg]?ܸkՔVO6 ѷX*Dxm|BhZI<*晘ӀI2k0oZi6 e6$ᆷKތ]ZQQG1ex#EzyhM;8 j0dn8|ᵕ7x_suS%K_߄BلFڏvĽ[\;5yH[ԅs{eZ 6+&2obZn4Ê^dɈx|2ļL~ 2̩4fIzXP;5+!98k'E@h8VB47[ENݹo(ɕ_̂(#Rr]w~Wxb6xy@yl}[J3k1AsڇyL"M)O駷., ΰd.7$޻*8a.9Fԟ.J]'TG 7SN;WCRS$7V<Ą\bMÅ^<)7hD`(ҽpIRD-~b˦c; 8{ "ŗ, Ɏ=t>@C.LTqxBT92hL>dA]EA3 `7cg'n>ƔvVJ!'l̵~tl<1~j?0gR$Tһ-g mڧ3=BF@'PDqJ,"R;mb'l+;W$  Qd&*7 TD(&,6HPظҰ S6DY' /mʿgҹw*f0X{a;5gM4vڗ=ؐ Cܮ#ǻL/g|EJ7hx/t Ezf*8za,i)%[];~1ZxǸm/ Jl?r1ntX(.Yn{v!RIou. a~>ґZ<2fE`V)Q)ċ"_D&jVЇ-Z-9"^UfxՋVN08c*p!EOcD{"ӡww&m)ng iM{r{[ cٯ^^^&?3P"8do@ ~.4~*6P<$ab֔lJ!{K(8$u♇go]< BNXqK)6D< AZ"07լf3`|u\iz'/7  e;pO]}SeJvoO¢qutUydsʬ cR ϢtݷiiF|@߲p#!Ї&.Ŧhm*]it֧AC3k^oL5nYE|#[YEiNbpumC?_KPȘx5iu1jVL-ۺ퉊eS~[5XtI?[,S.䜆 y*P9f͑XG<='p_:ԢChh %_WEF'K'eEf5b[7)(8 qk^suoF)}X̍Dfoi1? OWa7snoqvf4{oCߞW4clH16 =̃RPjH B>:8ӻ4jzH÷@ՙ̓9y,kl+mmO,4wWI[RBaOFPk5CT&"eHH h_Me,-`,DLt֫{vg}ߥǪC N&f~#͖uM+1*G]76W Gr?t.# -7vW^%&xyML2IhC 9v&}c~$"X~ =&vXf7kqNuXkc dW3,[[f{7k8uL&Vk5zbĆܯNɽ_W>҇ij ,. >3D$7uZ{9&;T'>́t0ۮ ZZ݄ zȖf 9v&Y4K?!ohvJΆ Y=%TtLਗ Aimh[|rjQe%~WgNWa?=q, yG1(w9@t܄ٍAށo_7hMP32L++yKp.C3+8`@ 'ecyJIo /"~XlދvK,u/^# Qs6ʴO .i^QEonk* P5x;J,20xc#g>cqv} yL?(g*e#!aQ2}FmNn;xs>"Xl<krͯ?bߑa+ID0 @Mqq!ۻ%2)ׂ iig( YhCԓVւ ȜDzM3~nYpvmYաEL6L'S=.0.zpq*0q7ka¹R#X~;2Z{8 ִJ@gݖN"~@Pf~QW3c7^4C$5Z!8Rc0" gFM>xV(t`9t#L(pӃ @M[`0`8t0F)a bj;.GX ˗=^6(Q0ky|icgn;2 $[͞N]4!=R+5PHW͆a5 -W伇Nt _efC%ΎѰb sܿ/߀e>(!퍗?l-ͲpN\EP&u%&)$q[pw2 2OIs ڭb\;uP=>( qPåo #/7JCtצf /ޑw Mj,dSpGDDbsa=מךN|C*2H3wxl]!5R О1RE`b/A,tAH ( |+u] &<=;ە`ކJi:HA 5@7I E3!$N0!`ő뇅 XimHitl׺BӶZ)Ɖʼ"IօxMDP@F\{3&9V˻N0SonvtR 5 d1 FP({[*}m.`2z7Z+F]Fj7v&]m9o1w~p]yݶγ kjd6:Ag.cX5|L_qO I#dHMںn7qD;iAC=jkb 5\<4pkSp67G ެܳ*mhU\`:tDlZ(GQ ^C/-;%z% 1c{s>^j*l8*hN^ezm4Ut<#KdAcʞξASJ>CC-UE(dVk:n~Po1!ZA0 ba8\mS D$ O*UoSM'cuIWb ^؉RpO×r=䥘p>)a"JG\~$yŬ_fAy'&Yh|5,|0X蠒zW cN(QO,l&9n+]~KwjmG0Lj]D*걙(Ypv dO:?Ꞃ/e;x6 ~^ېRB %/Z` 8w+a}{pY8iԋэ8(oyr&U {{ɋb:VyQєtIT,= @ 1)U;pҚyR[`T2 HX.t6U aL%*}.."3+ZiECoӷYѾM݈҃OtHZ4',}+;&fUzxňqr̥Y ݴESt mX/>wM(W|鄌c`niJ!u<')U#"T#/ƕK%l.f#,dH% ]m2 $ %TJ ow)d%PԒ%ˡ~}腏b),EIti#kQ;5}QmamonðV][ ]Pv'\̸w'Fh-osS!8 K0N&@(j"e]4 :qMl<,Ý2$o" AcGw~6zwf;dl:cfҁl呱Z@f̺L6tPHyek`ӈc+7 ׉5,$h{\^^8dh>0D<>: ghDB2|8oV~# k&*ZXqTXʬSy3M]]c>OpJTAR1.Lhr^K<uEtiy3Mњ_0FAvҘI͝H(ޠJ%Et{tN|*c5asH 4 M!t 0&Wu[F΀{ 2=j[f),t'uG> n}G3 d6]Jnk;y ٓV PPiٰ`I5k,{H$ ƿ˦z%]ExQse:IFX}/`L&LJKZm1Υܸ}urKsH2zwǶz }hK^6+hvl>j.hAaE!݂I$7:I ND}}ۺj6U+Bʴ0=>Z<_<;)väq}pXpA2+c[\~א3ɇؔUgq96@.$B IWRUD~'0 f*^cX-gi= cfY~0so{+)ZEVwSGÐ}(|JRER Ŗy}0IrcOpY-5 ӥeM'ˍQ.lE\pCRG@T{7 'ؖ®tF E)}:;Rj]WL[N)aS!e?џ0@\mgDcI` jzLeL(!)j-MZ3F[n$wBC2"v3iΟ;敩LSvEt~=1*TZ!c$[cZo1$+7‚M.+N5Vтīq驰P'R ;=\VRfPE)dU&ww]-S#Ax&2ד>?v~5q=I]0Z96vKJ)sWP672U4u[5֝~. ̛+@W>@ !$kOg47{n dxmyv!9y|Z§iHX=cyd* a 7Cyˀ1Ct*j> c QnCuk#79z1\hLFN^;Z=|j(`6#9K Ϋtx']]uAؐG(;]#o"q(P.N6 0NJ%"!=$pPmKܜoO?h5c3n{ַ B[FsVMIU3SE i]H9,cL $ʂ3b<0ß^0f6ͬUw35q@(7-gJ="{_46;=J(33)W' R&mkd0MƴK=a5˻`k+QO*ci!**\3Ufn’Ȃ(mT\نD ih%5Q`Skz #(Ow^GxcHy?oN8*J%jZƯAԐ*kvEH%Xtnd"N 4=tB2Lou<̰PǞC2"/d-O2~`w1Lc:}\ڲ86<2>24w|M@d3s#o?8PHiIhsy\kɨFV\"%fp9rzA>_lv,Czax}ՊwK1#,;[d!5D Y&[!By} 㒿mXV}brS9rk䤀ZrNW؟}Ǚ2|N!mN!ɃϚzk3bmlҹ|"S̵qN-"n~N`V64VQ"+S:C io ߇H#KN3GQ>BMN&3nCޒ#؛B둠5~%fw[; KBJ";^4i=+8.:-]u'z!br]va4B+AҀZlUg)PCO6s: 8s=gJcv[obij) U$-aʮEbeXiXe=O $[6*'Zd(aSSt {]媽W9Ij gB ҠJ80u7ȴ_"IHˡS9\)&>-|I,CG'l "ߗn#Kv.`N`#:Iqe1WsHxtLD@3GiA:)+vXe,)7OQzDg/RN7 d i*>CK1Wf@/jB?N Shsz> k ju4SPwF~2~:mXVvѾ=H F}'/>D{ !'|C.! @ 7Pwp!C~?$r.Ny ,**amdΥD4ldGDyu+W :0|a։1gg2FgMt0vz 6yuW=e6γ#co:L2SLhɒ2MFPQ|H=g]3s,Oh)tb?f&3t]VZr$iIp ]!]hsnC qs-\2A1(IWm}I"Ki ocZG|u~f ZNzBɫZe}}_[t+ bw1‗{yj`M-QF=8ևbow( ؙgNgm Xy1(f)QMˣ7.4]R*k'ܠ5m.=VxcMQwYc~v-L5?ۂc`6 $em o*bYBƲOj˵w3xtY S:i- oڢZnD%́"Tی ќ,nM`sp)(uɢ!"G'Z 佩XP}$li+ۋɅw93c%D}?1bC懣c" hՙ9 u mڧ/mUw7?Ö,rqEb1Pt)2xk$gtmW 0D@لPr!)`w$bWF աef= e\ 2FzD0f rȂgc֐t3 +3iMoS z yOIOxa-$/YFxӑXU5Nv #6%jÖ)Ny+=80A*eOҞ̆RkDˆ/T|Iya\Lгmoz(H+0k+^EY_+Re( rf0n; kzDdH/,LKdƶg\U㳶F}FR ˵"C^qhccul) 0_uרh}l6ܖyml`M9Om4?:f Fw^ӆ]\֭Hi5cdBK!l\4&t?hUa\ţyIFDkdp0Y0S3ߌ Ec.j}/ZW) "CbS斡FJtmƿ}&j S>>;PMkdgvЮ$%|B|$Y]MN#^k16ĀZX'X'u^zڄc2:}-_ڦ.N8z4RTXQR8»{J>%怆sn: s,*I%]Ÿ[mA fe1ba|h()󫍴:WgO_/,-(C9TdgőSe>/¯jg2։h%«~n_2R)ZWYxser1BΤ j HIJ/oĉ(Ku>σҢ,e\oF }n)ԂV:e]ޥ"[{ǣ`8VVkmhfOZ-1U)>XVVXXTJ$`t^UFo,Y?h&d[ms*d$nҎ֕Izzl<jn{Plcfz) IIUrye\`bhr^$|LR5Z؈YqJoW8z׊Z\[lPB* fP &v:bU}Z!³FNT"N&{\\}h"WN ^{>ѯ@vkWL 󿘑Z6P oÏsJ= O1/0כ"$.{#'s1Y{݊'dl5(D| 0>S]Y0pa/ytC.=w}xR`[)M7VLhWxYuK$)|/) yҩ%#RRK&HB+3'5MSfQFHЮ|6.ı9|wLjLSז\dK22"z+B' )6.P}^a) }+A{}$`6_J"t Ó~{}J#oR/|R~c52J'tn_CҗȻ3ֲpAj;F`e-:2Yp}rr)s,tصa\y2D4'0*flj "Њ8r'~ lz +ƌy/D2vee< CP̔y* o? LZk[r'l FD߲ۚo*"eN聧}Xx6ȹ8':O@,UtoA+6SDY3)?,[zGđB2ݑ;F}4(yy;IiOcnx'>{iޗ @HG-ӱfɗO7{}S b(,g6ߊTrvzdj8OՓlG" *֑U;VM*/G-֑ۇ "9M m= 1({ǣƲk= #v17I URjT%kG\e'N5)R̠&ceVg՚}1#/j`?5i0bn1-p*u"AZi%&l`nEϘMlg;qn%Em?w' {~ؼvĢ?r?X$s,Xe7i0Ay^x/ٝ$DKp߮֔ۄ'|78~#&4xs}_:3}gTJ@{(棔J †vI9j)DP!8\F;8XM:inƣzX @t|1asX;:䌷#:h/D47u![ad9icXYL+2rHl]}ɴ\WݬI \M h 2nvm.pc$A#g|T /`mCV*؆hJWܙ  &$ g/'ޚX `2?#-@-/yLHTRyGb^UԦ5Eƫsl¡1nH\o>]X 'x^Wގ5QhRĶ~>/Hq.ׯ6Q BsePL}q.,WЖ|#] >91}doZ~ASkg/]{pr{/fxgc`$H<IC;8Aa084X`s:5|^R䆾s5ss/RY?2ڳC33]cu8oށ0X]pE<{-btvuen$R }2g%uJT1B&)4,wYrAu>w<8 oBu:t룀/fnaLwC*k&-y*K YSybW>?xCF:dL(]8 LjNҽ+!jxq@t캰sb꬀ ;|  ][˲g}# -[7̱? uh  eZlaoȬM5, hmEp`c4GI.|>ICz+{z!PZhܙg^YY:}H Uݽ0 4xZC0$lI5c< j{\}Ȁ%S0,p=' hߔ¥d[S6!>< ;y~M-7" 4-qZF6cVd;Yb1Se`׻L8 wjh #KHܴͻ0Rf'V؛ep ~ײ%6Hȃ}cۃ\-ι3`gU]xQ~#خ&>և5jz>?3СzL9}f [ aPa?#7C# K Ճ`+O3[ec _{3;Kj6Hu5lW 3OF'd 84b|;n<-xӗɕ3Վ@zm &L~JIq5gex(m3*ĶN> < 0јj8z@/z ޿s9id* }fxd ڈp5VǴzYq[eA0- Z@W\_yk怯'Ѕ|+1-Q &@"lOg4(98[[SK3pСCMF!^.kTvñnEe }P7nKpM3D+1l`T+h$y\)=n;$41 +UF bѥxmAPyD:Y X^~Ffc:]Ȥq~i44l0jQ #MLw}KqNBz8s ^dj_l6cpjc7-GYp@nM~VXe?.}1}^W&G`rmǺˁq·{=jE C7u1BHweJ#}Mj 9Ų͸0rh%Iڕm%pEV\f+a"^YJجEAA=.#W!no _Ãv rlv#kqW (;<KRZuM ٍ"! pSa- فZƓ|쒨\锑`+;fO3O`pj*d*{ɳ cϚp1 j% gcp- ;a~I[QѶfQ r᤭?YIOIAWMz9Pr+`Vr(TN+V>i6X|CQڈ'ev'zYB0=H燤|o0 "[3L0r0K*<'it`4!lj14AO⭙-&!62Ʊ)hϒ#SI?=7;Cp(| _0,Ig4/V+xnQW{=c) qh)v~ZpBOv]<6+O p4%L5؞Kig6a?rv#8uu!8'G`bj%p9AdM?K&fr3ceռ^Vd0'=q1+3&.4ZTɏO_ #_Y{~E2-Ra`N@$mHq516(7|h5p|] i;"P>cH`j碢13]{F@)*Zz}U %d{IDLI qqGdF` (P:EAKFӈ>sb&0RM!*ޫdF9 L!-b3$+[I>:]6@u7X+%Bwpk bA3ׄO0PF{@fA3޷(xiS^ xasX]?g0F_7Gts%7!O'tldϊYSgg俿eoF{~`QW2 p))w[ϸ}5irk%0[ucξuȋ49L]b3qe˄vBa)l+! Si#xaV[%@oC8UuGV[lXoNS[M]v"03A5CI.?]QmP~H%j<ځq#qfu" $$XjǑ|1®8&f]>$oQ;Jʒ[kE-Mt[d5puCB3D측k\2NxU!`|n^a@(E>qUlރ! n]bViX^JK[սF$*/ &})p ?m+<&9K)ep/= O;&9_~l:!Mzh xȄuQnCMwYNe,? z==8'[^~>c)oCE: "hc/KEJH=0{weͯ;اKksl<&j:F*K\̀)m8EPI=}XŏϠǫH6jdbW7q$b.Yf݃5CyY@bvueGWmí9ox&=ɩwiخp$۟.h>;H֎ih6;F2&bBCob2'![>ڵpQ>˭q8O#+b̏w;Դu[. oώQ5 V͘0H dydtIY Zu>|~l-`Qq}J/f+n{2wgIt-%i;Dr@l;~]BtgzwRPQCPip?j'&=z-;+ Iz@cԡ,T6ƜSh*MJ[*_^QRanD+;|kE^qxh!~Xär~`B??iqtO*ը6t%T+.Au$%״/oi6oWDv[ؘp$6+C46} u1 mރ>wk $4/yj3Ky],9QeUuÝUC 1qi>hϨd#j&%6: 8??vU)G8,iՑi~.8p<%Kx0u13kIooo'K]kx+N1@q M,UࣘקB6QwkΔ:{m%~0^2A>2[&jnZEh"&jLH}Y01i{P?%Ib,HfhR9;1ovd3O?ߕq<%pi{Y/i=V"44c6G3M5ƚH^RWFu0kJ4T~CL/܃ TmhA}BlEJ9fIdvqmfp?qњLٹ0A+WDU#) :4SZin/ox7̘Ƃ8~xW>>Nvż4G҉|'~mCe|Wn?-i?-HYs/jxQc|a&8Xf֮f>u}0'+JYB<3&n'ZmCدVk9Ҩ@@F8N W>@f/0EM5[BF7h5 !PGl6s/cb=˄πj\d> T؎wDI+DpE[Hi6FB9˷LTk"yCַ5>)ei5jHțVfTs$ƩEcG#bjq0c U5J3?C2|5uhEsέ V&S7Z^_Z I*m<1*8!IzZ*;II4drs[f$,Wь]]‚uDԽ$ĦQdEnÎEiEDa~pƨ{$)CȮ֝B̥Y 8] 9TѰA2\.([}Dd$̉/)GC8kGmз[ZSS+h W9܄lCOӊ~%!ދw׎].8+,TB!⤒uĸ 9sLMXL*&0ȡ(e-ވ1,k=bq3S4aaVqY u,q;N5Eh"n1E#8+nH-bh߳NpS{$r+A ۡSz@zNdcr !U!_vUsdݞK]ݦ!f DPSZyQbw+-.M;0rР8p(9:UA|Ҕ 71Yd%%_>e|B*tY_KQ!X~o(R*7@sUDu]lW}nnko.,.A_13rogl< T > /,r$YT )u{+DDBTDTԂLg92G/d>YZlNr|G<ץNb_^sU;W}6`[# <-Q~V2$Y"2]cz ov ;iZAo1UH{6;?Tμ wD".n\n}^WY=FA6 ꔭP͢R.4-,X[4tM]fJV)jpb"jf(\H:hէu-QA+~9Y0+c7wZ'Ig̈́k@uvƿRVW8u'J}PR49p>hƍNmiQ :H!׮477x!>vq}JwD ?u5src)şQ9DrMrozxwbT"ⳑ0Z_(sJ)~\)̇6N0ctyZ1*QxTK!Q1\TIq/=8@ٜ~AnҘK#ZKhwVڏ6ʱn Y1J?5Ӯ'e+$rD7L %ě]Ϳ!68䟁 / Rզ47sIiW Q Ls VٛɞشW9;z> M;Ɖ+{HQi+7j nbEZu< hŽ 󚿔5I `4!]^OI1Yhhg\(xfꨞ=")q׆ۑn-@zs?$[~IK)jVOYk4Q& j)Q9H)b?(&[:rQiNzJ^qͷ+Ue<ᝐeZZN#k[W }DNQFR+|&mE:CR< ZpX_җfY}T㽍uW%&TdG$ _n2m'<%ag15v`*0ue(ÜhYn'Üb'@AwFqS *NE$efG"HwiIe_- 3^U;9O:TT"eKOZ;-eYx 8?&vƟc)D,x*jM`',@Zy3l$y7@GS} #(bSl3PGQh FZw6xF.5L٫/Bw :BO ITQ 75P|@Odgr/iqhoP a(CUnc͜U\WRk!Iz,+-K`:'f/LlI""hF,\"$ Fa?tz[[ pGs|wt^!F-?L7sAB؍Z̳Mie;m9? n#LXyzI4=M<5S3 :9<_T5REPmg h";#Cxhf,OXRb%88 }Dj~M`m RfL8𫠁p6my#YNx7l TE7P+'tAqx܂aF)-ETظ?Loϣ滮XxbyzqVCČZLg&v,_~6N-r/" K# Ts)&(OM@ɋDr#{[?c_=YdGe!Ԧ3+Ϲ&BVla+[%X1ĜkRnŒ~6*=[jU^yLX#=1?~ץǭbNX:H~^]*bb5-$;JoX WՐf -tsӕT%t$RJ3 IVGAN❾,'%bpd?z``zsYZ)(Lqע\Q vTA/9-WLۤʿ.CCU_)$_P!f&;Sn(w$ 0t'6ܟ|#;{--e ;h$ϼN`MX/m $ӽH/u7[LTS҆>RrTGnZGQ^}v\@%F I DrX&-$ ZJ:镢zC.Q&SDO[-zl UK,VFF撽!)o=xIy77jOlCeXM5?Q:&Bx]sbF g{yJY!Ӑ@Go]zRRF>d@2Oh%~č^sU[C2xuwʷRCkbݠ莐N-Q=9oFolnjꊠ>)Fko^Т" [G>y+,1v"fd՜\SjMEe Od; gr'TlV>HS\ ّŷTh8 КyCN+CbPPݽ#*OSpS?3Sd јCغ֜~ KPw]ssr?xĸg>6]GhCps !9 yh%m;xڨxbqESŔBUfX[ PBOZ4|N%V1sl{[Іv[zw+R_ $5) g=D4rx/ӬDƪ;=kꮒ9L ,*5qd'[W塻8caiղ߷Z ZtsJ ó1FX: q\өuj9w8f6rnfѲ~ļtm)⼩IXny5]Rg82LOE ʼåzJnd~-SĺwۆMB-=0/+ˋe1jdPz"nP90Ś$f~萛':5??ŝyz/<H[CD燚 TL68nKXk_qk$a̓mvU@HwwQ|U9¥DAZ(lg}*"x ]Z$t3. @8ޠ&^nt4q k+6%'^: a]+o eE) k$AQs j>*шz [diCK&*{vQ`|>3W"#PTF_#I-(w' 2Ǔ77=IHI6OSM*7__/"Z8]В~g[0?NG5d bVZP-TJPE^L,',W*s"j:H3oNܓ \EFKrh9ذ )K_S`'ztɍŤ5))%"EzN6$:Bu&b|Z^yF!8m9pXjS[1m^J#!:ppr< Fquעd07}ۗbq}P=V̱/l2B9f!-jRl'?emDtdǟDl$tCw]mt/KJ#>4!cX_c|,Ly ?κhέ6sev)bIx&ݫrC,b>e:a f[i9!&'wG#nuCMj8Ed9 c-1I)\HheBGSWED<(p  |^(7&XKOԆz`*Uk9]n@N"Oy">FG|Eko-6SS)qqVJ&% ̣W`eZ6D ٫V *CZhğJun߄aIy}c.^mIAٳQw%FM%9;P!¼()GUՋғ @D7;I$]/,VtܭJs2=f)_-kwhe P2PQ'+zѬw|ѓޫJ×_\ r a̍c\3[9Qhʷl$/|4ao_r\>ƺ L$Xtǔp;j$ֺ:@-^qm^U%l8O܁b(a/H~"Rlk62r\ܑmN|+Y(xgp53Wh>IrʗANse JCe$O-JyY|+2TC?A e7&Q{( 22)g|幥[x+ oDz5C"5==nx(җaÅ;'EQ,e:a?iUHۺ|SIHq^kPEжm20Ѧ"d> *AE Z` EG 5)&jHͅz^}KO;nMrl le5'΢H&_CLnp# <2VQu8ؗh %e5xTWM   3L.&4l/hW^d,_g$A݀~Lތ0~y8Iz~%.p@Q5C`+7fc؈Ɨn6ab;_98*m=)<=A|bqX\.zՎL*e zQ.M<`كkǛ儒RvQͫ z҃c^d?ҩC2T$"7yF[.{y^R>T[a_1-DZ>)&LE! ](u^}:\6ѕfqPbk5+d H @J;VzՔ Jx=@³MB+>6zagW6/rd˕Y!5PlI>ȕΏBOq_Z>Yk!H3v C^E: *bY:|&D \C߽2' sZkoI"8(~atͼ2(cIlN !wtE/fJLg?!I  o~%f,^&UN.jR@dzn" w? R.9rln=ڌdR72g:.UVuu5MЗgx =аzⓝ̜vciI0Hr殓9|s,ƕNEƩjdw2x42،A.ePz,޶ƜOYvs|78f֡Zd+e7,_y[Mɑ܄¯>Yr`Pg=p݄΁Wذկv:pãBQ7nD/BR688@oRkaP;4RlF|II3L1P҉DyT~U ͠x.~GRCnHJd@ gD})|n떻-*k:[#Ս/! m6;;71] tfx̸]ӻ[b-@l!b.^4^Hckwbgs+YNP>u%\oaH!Sߌ>frZb3dJU1;ǘ*.smHr bⶎ ϦJIߜe20$xuUxE=r.{V dAl׳`Oq-X~=MQ"Jmk6MQt ;dm)j]Yq~XU`uf8Qo[J~ 3-/ 4§>>Y,ʥ*fP^ߺz #PU*GH398eBkx/5uu.ˤu> H)`)-Ǘ E3jL{HhWFWe?Uk?ڂ[FU퍓dRْ9 Y6c͸Ǽ[ZGu_z !Ѹ(X.j@9528BeYV_Z٪9宒I-Vl-Rw5ض{)OؔEE'*q:JHŽm8EZN͝N豳zP;OQYL`؄9iYR sH ޠ+}:>,_`slWUM1Q VOpThl:22?o7/hd1 m:v c-7^2͛Ҿypdxf#Gh9j$k"4Nd!VAݲ!p{(&?b(6M?DDc_ xC%f߸G ș⼊R8>Bq,d6"lpRw A#G<rD;A*.&ub2 4gh nI+jјxu>s,wWNd(žUJR&ӏW*^M$sت3 YJ( 7|5h14 'As;5ə3OXj@L QWЊxN0$PĤ6kzycx02 _ qkkCmpG*^^̀ID'n k K~2w5zѨ3 T芢ABou8)ҭ),(^4̳SZ!'zi<, /#On}=dQIy2(6 F3ەC16p å5YJfPNmH]rW@ASqS .r2s`HynQct_2؜Z'7Ƶ0~¶<2B@>e ZG'Nk$SkFp$H&_afO06oY HVA{X<P4k'W~7I j"ens:~Ư8|kKV?kmh4& QJh z,ċg^TE=ʌIgun|{m^f#3.i j&ؤ7Ek埃sU!M*+S9ll,>o(_%W0hǰ+Ǚy'sgG58.;k^5HpLcf)A|l .uP:4*ʹt; !ڗ.MI4d8]Lw[ՌΈ.sb(6wՐ=~aKWvwm7wzjfqM Lh)B4֦=iW]ܔ>/_L*HdSY&g{M|,DPHP 8ϹP MqѰJdiܞEW ˍ>D(9Cr*#8$'LDȶ?-gyŶe܄yj(kҟM#s8%°Cn5W$n3StJ,@#o]0W`#QyI=_Nڬ SKdiXS"[hNaZ@ Ƭ9 Dj$ [ Ghn"q:b S6:ǐA6iQހ[uj&ŪK( oP9|,|y}ԕ%׎IJ⾜QS8z+ bzŐPm|?{xUH7ŻѬo=DhS[WUSڸtoZ.79a-EK/rWZ&{(ɖSlf?_EP(GW̬nrd~/f[o@,1r]dpJJb_aDj[>?xz=ոZ·7J5|-IǓi 34u, YKQ5_jc`)!ZEzuz@r,kLatwfq z1 T8W0IT`Upq6:6%zGD1a[fLsPNgq;j$SLK mr#%@T?qKz;Efiyb0higUP)Wo_}3uR !>L}BH{NK90BBR cF,tZx+b4 DݰBcR,'wУ;ls_D8r \#05^\egQTO,I~?A .AFlp"CV-?QzX}" +6S( l({6w;Bt8q)mH]6& k1Uq[!`臼:1K UgU*) M&4%W =]*MҼD>Apz+wTfQ2tjus s+ ;)^Y[zy0SXFdt^i2M>;Q-HUt8=˾Oٸɪ_AB'bpWgGJdHxAn7ջ]3D2p4%~4/y= ]FO3_FV ?b GrSrC׎44 l:gUESzz+YLi{>e|~QJ^Mz_3j9:Ba "2ݯaE϶r4lZzM߼:nKnQ,<7[jV0o1dO-? L|!ZɇRW5-JM%3zY`rz&Ώ0|s*Su' NoAv=_; b$lizW! _U Zӹu.rPYvw}1Z2H0V3Pn3I6O1QxH @|yXIwb1mM^#FK F!$1Q@X UcNNJ6a0Eԁ>P"4uGf膡h[X{$(A!qOxS0Mim%RbMfm ;KBde}R\#X&F]o8JDO.ssB<0OW>"ld (+:wSr\G_,dWP_BLo`ETD*w oA-YRb)x0!G<QTwc`?XW-Aˠ(;Ԕ+-?4'pq1F,un]@8ِGVo^xH{&v@:Dv?\rPCmxT.d^$xRi6Chc}=>(tԉfX )oH`'waZ(נ+*::/exm֢;"9΁06XH{7 %a^LlvqyW 29y9Қ* #6`5۫d +:B.D.?|-,JZG:uG(uOsU.jSPO qa CJsiuGPJ`ǣ=J4'Vg8G=>3#=d]*hq>S #a&*=dae@ ANܭ*mo+ |!DbS R/G7"<3.aܱ)RDžE9!&H 8wLLe _Xq8d;*JQeva'GZ31~y?f]bKJ0r!8xmGr@5ɀr딠-V;7D_B\޵ '+;^s|#|TNUbvutXn[/7=bwp=;{ެ!sQOFX9=*kkGn䯎.|]9Uin=*`Ш}"= H>C4I>9tfC,(`K1큺 <˚>!6 :[7;duUUV(ů$sϤ{2MQLiʜxqkJ! 8n0\7JvJn9,7:P?Qj$V/$ P|,HG)r΢_kAp+Ș^D'3 #i(lQl1 u0.GV, ڪ?vt0:И@~tQd$Qo(z7 w. YaQ OAˤWchPAV$Gʹ)"j=Ȋg<5\6&9ku٠g^oz(k*Ӡyw4(|H n őcѧ5rsֹq#Xbk9$*#cFHjtG&`h*7&#/(=5D9`)rP_o[ " s>LtB8%Zn$柫vpRmgIYj>p˶].^w˶`HX%Eu"zsؗbyʵrx+7 3Z#>Nat"g߷&Q|2NnYPǯH\lV{dڅ1N#RM'[pSқ/O#ZX5hP\e|7װ/Πsw)Ph bC6X`F.MS<З*YO{y%!X`B!>`P9Vl%%"6)K$ .5 XSӆ#]ѧ&,l]?0XkrW~^է@Pd2ԁL y^{ V?P~} dk!h8NYq|aue qV^%fiFK5H1Řβ8(c2 Pߩ! tR&mGPnM[l,˯.]A:̫u] hPyk3n59/ z-/)]3d#z6gȓ洜aٞb!>sJOiDh7I=qͭˮNx.M#9 1=Kx&!sn%WJ3 sV蚄Q2~,vpK\Eow*S_]9 Ve,P1g5`|d,РQINw+]OːAd0 @U%3lq.ns+(^9 mYnxpb$m<{mJQ7$MwX'QjPŃt` g?l13) ^>(!)Lރz,[ ?^30d$B$C=-3PuYP3cu8 jk_}8$]#S_`_qHT3C-%^ CgQB &e~P ΠDϸ<^Q%jz>>}7*5M]NE|oؐ]{IJB{aڳs"dGrW_Y}omxN)QFmhJ"LAi-e7uIbxFk pLCX2VጾC R!ñF oF*FAg`>SltQ^?dQ,wLO`@\u0m@e / fMA>)d hޗ-%IhGNȯ.}:5qB`>/ fGu/1wO %Mh׾W4Q^wޕ>&B> Y̞<ˎ-6_݅'S^-We"amQqdBb6LUĨ\< Ӱbkޫ7k.X@M>V+sEY=cx`fn_>ځ8Dix–Gk>4bzkbn۫>P$p]<ז<@'ΈUO9)E'8aBq/vE" ,*HTKd.vQŵwGNZ!cGbgIk,)YU@^]̢}-zQ,-18W&:"h0/U}5"Sb㲜L9T,l&p AXXo!2kzT%n|mG%`J%+,pmjui3ThjEeҝ~zLyĭ&9d/qZ!D|Ix"g fŽ#zalΊ9Ⱦ\h1?S<(Zs͗5^iw9:ȃ?fîtԘ1@YoڲT㉦RqiGjV/ļ:~} ±SQ?>)c]'HrL| 5Fgv>9}dwS]ksyE<1]- W^xg{A>SӑɅN pӎⅎSdPpovQ]|ߗ=7*fNHUdٖMK1`ƢTID}ksZqNʜ_>`QyfdÔ0Clv 7oyQ$w55'#q6>DҘTQY["AyU[K$d,փBGF}{z,O}PNQזN:sqK @Ty4L>G0P1IRO=c.پ _mH̍tv$ J]ŷrdh+s dx)[1C[ʇpXP{ͻRK!8kga\0[ih[}fE? "-n ])%.TS{]P 5+#"vi=,vo԰c!Bݳo4pbެ r1 ! Y~BĈӫkJمdԻqzC<.Z@_or!V,A\`!@!IĔUb:ubçPю?e:TGS0hlD hmw~Nxo&9PWd~fɒ(1D`37=& $UA,hz5WrzJܔH锦R{"4Q[ Z0˔YkImHp^"8$[Is.ߓ; x^Nd;G0!ݚiRf?׭sD 7[E L /l+3/^ YsB*F>hYF wi܏0\S[T:AJ[@cL Ư+RpAu#(_:vEgԃ(O dfՆ>F֚|Q:3g ǧry6Pcu5S`gVڙD?sshEЦadVuB*[yeX+ jf0eKAN*! b %+x^YP`:%yVVom NqQQ^ʎP״}&1]`$rỏ]51ʰ7}**8һ / G2؛wCg5tZ)@0h`$ҬqX#fw&u燀^fT 90̀^Af64)/(/-gb} # `r6Z6:S0Ob>jre<<|L<Mѫ7{z\&T!)0P.oHf{dA0͐ǛwXlQ&66!dÿREݔhl)^Aw!7PtaA3@e;+݀J_HwA%"5` 嶣[O+"BmUNO$h@H =!"+=eoH$#ngh/kTrSﮤ!Ut;>KY~ ?&A_L}B} ~Ny蚨$iaf Ѹ~IҾ%kbE\>Q%v9m—/gjY߂du`҆ÓVM2/<\ıE;T% /jB q/o_ҽ ,p5Oh<u'[buy+A f\y""IXݬKOZm3*KqXC*NWCJo2m>Aq"t3nB俐/AC>^@ouUIi'ܘ T!d|{ ߸^7Pd-``7Φڣ2)'U?qtey| "J:&G*f-9' X\_j$ +.6Tb$jLb,b"C H*+7GZa j+>SQd1|GW./_R`ݪc6ck0_ QxJ)Xku ݷy55 "jlJ|22#פ} E Zu)w-Po^&R W B/ޓˀ08M.F6?RA(bwQ4/x|ʞq.;j_wS1OW)z;;*PFo8cG唑uP ɗF5|>\YUcgᄰ?HLa:Z B 5髂H$fN0iMc+a/9h(f"+ɨGfmP=0[ی+VCב=o ڑƲ.Ctݩ9/̪w]%c#~|-FhLY Ss^tEC9Oޟ8^,j=VWtܠl 5MWz5T :Ygr,pj?zORJ?Ϊʟ|~Xɀ-%<qR \ ·T%L ]n;#vRt8r v16 =ѧU^4%{Z7vb1ʦcq]0'2 W|h6v+^0(.;} "_:Ax:AL2 /\!?љOe.Jp(#S]ao{%@ٻ@w'%sKehJɓL=ovM{U1B@r)6h.h7PY8$Jr Fq/<`dN 4-|I@pV%Ưԓ!<`uCn' ^fPEvCJgR=Ni1 ؚbl?,U|ڬTDuJ?7mrBK;lS؈Cس@,d-`+s SYtui\ЉG[!>?Nj./J4_svhmvS9\m&h!2LWLtz/+BK{z ]y6[cg`QóOL":QE&.in)!ݱtPG6F:)/jJeɑM{P3(gsf)p{Z,Ŗ%)`n[xB Yb~πgpȓFjsYys}v/+W^7FdY>7e5sɪ.߷eA)LHYZ.F۠D&W7s Ysޜ1Y#zQ:+(zgp "'{'YQ̜ECAVrTYM _ qnw_2|q +&x\S>`6$Kk#3t&ЉFn|(!ۚZk2t6tMNQTB9" 5YIwW47r(QnE+.*G$0coN.jvwC73^Cqg$BLyKnhFÁ{Ňc":=С^LBM&$CztwQN.?4:*:n=Rkq ;dOh6=Ux[V"఩yR\Cmb6~謆և3ߓzhǨY@jZ~/'说 p fx y)FT/N"Dא}f.F2†Q挃)yͦ6W9bz4qlθ BPP˞cV*)VˈՃ̀ !YrSOAHɯڴDSay rVǵCf0vd9 ll.~Y^ P0 񧾨KN"41p}1};hhSR~%E!ԍ zИ%4Hts'Z=6oErjեm-˕D+pA$naprN^W2W.tyE n,.H]}WjMውKEAJK,$f1fhZ,[ 4\̬/[O]%2&n pO LUhST8Pū.ə<7Xg*Li-4|2W;#DZK `"lRmDP|Vϭώh8FT>E)q&) 9JYe<ٟ TE˩޹m,H\f{'ծi t4) W\tni`!iHLGkKA_Q HQwk =հM;S,&Vj_>YM.X\b'¥M_Y,һ,k $+`PѷdH8`LuUz+bIW|U( cѕޥНcI/n@@=93NLKI_tӿ,isSp*dkpyW8B| !0']ߚG2*_ӭky}^zoh=,8C4 )cbNQASJ'ü-WA/v'H@qW?5G(={mg<ӑNLI#n -OԽY R}-ٟX`C4af`50aD**,W<z U}b;snI56z 6ru~Er'm=n`2L"H3eБkyaq}|~?%r#]tP1C&_yڴ xv!V%Lړ?h'%i4at?鞐onSz}oOC*0#Ij;XXa̫Z߅wf;S}_##܏C^ -],.p_6_4Ç lIof}r5bZ $zz5H-_O9cWINu9vAd'gj[涀1HШZ]&A[`MfTT$zlX ڐz١"ءܺȗ$Q8gY-6Ӯ IEPg8Hx![M&$.DDžH,8RƫOlURGCSEDcpEFⳡ;Tc?ϸggL< ?sͽ7>I +6E}*FťP2]{ķYwi5(B"5#5C1ކQ;L˶coWp[*zd0YaAjiJjS'3{ n﷧{}@?W/7cx'@i݋L`E\!!V߫[r͎eov-s{Ejۂ X[Ez~==ldAdTgD o€R3_x"ͭZi6/`n;'+q_e eLaɋa5А"?{Θv"mN5j"Q"%.[G?m9 IbԺ(#b_ .+*) 93G^@7ЊRcMn1+ 0߸CvZM_])8&gdk*]šԝoZN2WbF9n0ujf|>=l.M[Z6]~@Tv:msRˠ!'bGZ|Nwk䢔llad65@a6/eLq%V"} *r{RLxV2;㳥=(7C'mo&Y.h{,47 _glJ>jetXo"19 qMDʱhVƓ 6[Ew1g h~xm:*Fŗzލn%Ei-` ?CAoDBc\/ oPiA؋ʸT*EPQ{xQqҜ#4LM'ltR)G<v6dN c=~lg2@W?kWQ+os&g/UlCȵtMU'y'>%ғ {^xJ{įOԾ;0mys}e?U瓚\s`~; $>RKYGAb:۞d (Я)Sc͊Pq1a7|Ղұgc'3^&>%6gb:"@ d5ui,7#IC<0ڝ/ЙP|j;"P.ۖF;-yAߦP2P|ZsE7&Ꞧ_ <8z!`wK8$jNxf/s|!&_.4ۚuHoM"afmF@z)cbʸ-RMM. =L7vJi5vHَYEN(lh-ƪ >sHsnԶƈy"5^d^R]~0{fuQnM31 HQm`Wf?ح?XH逰dw5 9DO|r)m*z|5V9#>etmbs$ѕEpNOvTXЕ)VRׅJ9H^j(=[Lxt A"ˆk9/juHHc [f/Mc ?)(`~Yc@b~2vџVn?ԑ:*bѶ#kHeV 8wf{⿯lK~3lRtBL? .7mвs'{{Ř y*e60C<@rW!r?,ФD[ѡdՃeƯΦ@Z?d4PJI&qYTzۇHѝ sf0ülc&RD2۽hOpZݢ7 3N5ޫ^ 0^45<XÓJ7 >Zor\f ]}] tz˵ٱ~&v֯uڻ_氱.QdM/ AN\zܓuCBO(|>r57QZ%aMWc;0U9*>NNIP}Eقg0~Cʝ s^HgţZh"bFVrP6*[| \ h=OnO CT6ݾ }T\~JR er|=xKu)͊EU*zPYC]ɰR9hnUֈ ^GݰܿpN}!ea &_σ E8KTO\Je٭6+WL/20q78Rp׀?GAB<}}һpMs*C`ޅ8^;?m;dc`-Z@LF-A%\daSL|g t"'bM3Y;}(,w,l'WHFdXXRp(vrNTE1%h<ݓWOő>U)WPۅRN` t7N':Ya`Ψz$Py'7D^T G_`m,7VJ#^ڔ-Ij'Ψ>!WmGY9GwCP v,C}F^r0d 䈪ݭ'5Lo{̬ [4yQ,䆭G 8EQ]Lfgd~Tqt #^xzS-AyYz(KaSJ|˦a;;\_oo"{HIx[ĩnM$4 xp&M>gpb6e_S4"+{(TA`t&z[:įwT\"z?Ι`{|~ `EeA6.b ^Z"&i%fP0ZTxEZ\n) u0f~7{iƸ%-9_֍@|qmC%YlV.ʡ!1_Yxhx2ΏVsOn՝\+, iY$!*׹2tۓtb^)qXa8 .`' Q `/2 (fGgA蹔px*rV_YBמa?5hJx6_oK@4h tޖM:\\5]okoJ07X1}q{h ?q,7xdwp0$)p ](Dڄ N' ux Oڋ 8$op,s~1AYĔE@f>Ě=)܎x[GZ`/ɠ/ͮ-֊Cy1SPT>|AȂD),5*Ax禤 |kHF>Wf /t %2SN״Q]Ẃi? nv16pf.4bmrٴyܒwusg|-v/VKU-_nyGᇱ J$f݇ S#蘅X4@ˎNQvۑI[ Ŷ VTLla{%Q!U+̒lCg &Mw8Z:qmcx'Ӱ +xKЏURhG_ =ĝL PQAw B)<0Ч]lKǩMw s;Ov[DA'F?Kf\VE)5D^2NiSFD'`JԜZ=5*%=T~ur34ƸZ2@Sheu]CPH'6PsuXn{?m9#m ܵHp]vEg6msUפrf!8?~no; >~ع@h)PA H!G"C5y6AP\,9QU¿ړշ<  𼌮lxzf>, z\0>2HԦ0^f^hf\k1ͪq Xߣ Oudeq™G`#~4\mj>m*>39H  ?h_2Kx(!"o@!|gbJ+_  Vg }vq8>`{CֲMzwVj@Ź \So92]NQ!56KSmO ٔLۏ*+mT" ÐItE2:/]G3)xQ4;C;u&ֵ=>{Oɾr*ѶLX+o)FR< γ"2Q1Z[ {EӇp鷨X7zZgRt"Z'Az̦4r3/NT|6oSJ}3=\X,e9t lP<2F4ׅBsvo6 i+2ǎVast0@*FP}8wtW|e)volڞЁy&lj-¬aǃIGiG2zb Xy_|qO][9G7谞Sb1j 98lj Y43jf8wmUURA JC)dp;"Iv1Z}V%[g27([8'2w// ?`4YT o`[%JoQSti}?0oABu i#1*BN+6nEa}og_)~FwD2\kӸXeՂɞ_X\}A(+ry$ g`rOOq},0!]*qN#U7Slt,T=r,c0뺫+1N⺝$[40ĢP-Д9nDŽ(wL[@0%?=׊a.a_KnvᏧz% '.x*̛f괍6"ߔýyK0j?%yg**=:g%4iye #T0RIH73ǥ$kfZW5 (}dۈk6z촉?hNiZ!p **<68u}0nffO4VkN ^ML(Aqf~f>kUݤ*G;4츨f KaiJ(93V޾+J =-$ple+]|!oڱB]x9 V/oVo?fV ylCw06l/<U4w{:rFlS/N̦lzHZP@P!-Mt#(:y1Wf<<9Ȭa:'gTPMFPiE/T\3ޗت@ǴuXwZf"ApY^ћշ~X}eB֊l0ㆨmA.3Xx=Bx=e?>wzsM ;[R& +f^r7t:Ҹ[|Vw=փמNϾ(]Wamָ*[ SktOf{ۥѲ͹?|M Vw7qKEՂ_n$7ujB^ Ns:h H0/F+&i}e49 ]_2+#jm=;mRmE TMD?A",I‰b2_b#摫Ab0%:-Q@gVu$z#|fjc-908xRChV%8{6WHݎ4&8$Gަ!㒳עt;Rbg(GqByXӜ[(fJ;t~g]̝!tq+c0vO Fw!l{B3[WU\ ,ad^<"x7$j0A&IP|p?i-lP^)lij sfziK U[&RPwiJ1t&Js[qɥ^GT٥;1CQw3#={+>,İFYQA To٢Z ډIM<<3/·Q+fg%"DL<γ UNkx7zU&\? @\Glw# QKS&Xe2^sK_u({i"L(rx# Q`|y/Hg{K&ȂD:HNL(4[EلJ#lml   F>Ru@!Hx!8FPBRk{Z j*X/ѻ,>R<=q{}%$-Po%P(U ϣTx"Ưh=uFk<y7 djV~| e~*@)=W%QNACvJBjmI"<غÍ6hw6m#ٮ"ĮUڹse't]Rضh`I65e<| Հ07^[2R*fzq wgݥ՚E8M|ؐx[WR"v}ogBE6b`4S5>V+ue2z%p=§yO1kF;OI_STTn]9H>X=eyDGO9hڢOhGJE~JTݛɦe$n2&STf3js^E겆w ?5U3> Gx-r:-: [R`TURG7@tfVF` ^x} ,{k{>2Gsqa3Y)+lgvyBi{dS%d\qH9 +6Y]c4٘ )-6\k<r4l޻ۊ|:U*lml7Dr.c_LA&h0y }A#RcN U*V@iacbLfZl;EZ: ,%m`8j7K<UH0 :(.6fP rTb/!`+cְ\T+K{pDjphH,|L7`p#f;R0K|MQQXI%ZNb#vG$ċ¾@_mdQ.#GcsI[n<{= [8]t ,5rԷH.75T1nS/eBii__&i;<5B_x'Sd[6ЖnX@S-;Y RM)3paijshmFuc~RʥR'sFo2!9 8I 36)CPvɵ\1)? HZ^w 2~oxFB)ގDG /B2^B-1;:Χw[kO4ğY8UsW!C6Yڑ/c ά*jno lC=5xZ#NlMû:>|-눻*f80nR\\>HL|b(f +n~; p=f֙Fk%]_R&1&ōg۝* ׈Ѡnq8u-HgŇղ,p.ؒFZ4i&0.h2Ef.y2{ u~V6wWtDUabJR p=zM? mьKqŷ46M Ѫ̴\#aOO."Zh9; /WMn~=%،ETW |6vC~&")`\$HD5aT/]=嬶K! /ye;'/nI|)xD򊩚,uGY,PƝ[U͒ '!6IgۼNk,Y>N)vy;NY9_3<3%–Q*o^w-O .=n?RH@\JWׂtI>hnw]զhau0oV.+K%5TO%+)H8Rl@ +×N 8v*"ﱫo0g'}*c%967e!N205]~֛@R41竁墏bbAuf pdk|-TچJV¥ LF@6&NIqO'y,-gy+RfoAmASQ ȺWaˬ^G?w jV$N_

r tD^O[Q~6&QG&nDW+":|Pn98vumW~yT(#]T2% cYn$Eeh-zsˠ KDFʵl=6NnTUWif@jCT: BClW0fB&{Ό`*8BkFO.LmNRe~^x% bjG4&8KNRs7gVe d1ő`<*v h0> /'n§:35R)~yz Эn Fzr9< )Bg/Ea]}Q%V| t^ZulW/4]FdiFS(P$&'iQX >P!,6V:-2=@M7 .\Q┄ijw0!񰡮$ᤏy% M#L?:ut *^pOW+5)S哫f }7÷o0M]cH{ݢvnEU}T;Y"MHkgfd9>L'ܩd[sBو\8#M =a]эD녹g:H_u,<\SC -a2š\( [p*= PI%2I?9\ja߆6^owKDV#<%Yw B Y̻Az+Sa׉Q?Be~AD#vb6|_㢋(C&Wt#P4aW6H`C'XAe|xf_3 QM{ծ`)dR6*DZf0-8>  NW`f3 օ854ꘆ>"͇:J;~I<0Q(yVpke0 -%)2-ƻ"XngnDVM/)0EMc[*?:&SiPmTnm~8U~L(govSus;guS9Gl2f 7Љ)éSn\1POU %2 &\e+tf+ G!??m iqz`no-𔢚΢|%oSjuy䖇^;dѠk \vBcMۦg]JpS`Ѷ(< U@*ԚVSFVШ-VZA70 C<Sb4JF1'<0n<5r==(]pas[ `/=~HuWTV6$G{8(9G-de-Iu0N*kڙL%ˀ^3[CߎO3XG$p)S`D!A c(ƣYs=1 ұ +szAq̴g]X҇DjHGaVj\Fdž%k󥂲hMJm ّK ß V%ڊ9/zZζy$fGb.: >3,k7 H3:4uXםEec;+C8>Oi6*s3(-.(A-w&^@p8ɷx0p▙|uVSA`Jc*V_sPvh qZ<74*Ԇj!ҹ&9b>COv/(\on0f-!ޘBj{vm 3.e1ވJڱR&bQ|>u*@;X1Fwtecu)FpHZrg&oqa: [󚨌6HXUIC_:1foBί06!qP?/8$}}8w { BGF+\.$N@3:9h-7EDgO͞UKl%- k sg% kµssƏ5p6s0<`<kʍu?ߔnM^a?Av.|C R0ĝHb]ID.fΈ籫 vGAa=+BKx ńj^ιs>҂ݤޫ5 k.&m#J2w[r} n`ۓGTe42/^~*?ͽJd1i'v/嬷]^Z??0Z+5=_=7'ЁZJ:zS ьxKavAgC/#eMrz(_?"C P's3l¨st`S7Up9P$5wI7lu駈Tfٙ*Y |)uY]b3>bE%dlvS o <,e"BG jD<&ὰz9VC:|G }@JN^gEzSoBת/p)=h30&[_n/gg̱5^G⛁}W?ҙH%FCj顎a|gvUŜޟ E@gw={.n{ՙ:I7 ̖YE ѡ%7)ȝh t-1^6SܱnV$ CߍAq}՗Ӏ %vl<0崿\& ïV\a;%>Ixڛ䧜fݜN*iYߡ%; jF.Ui`5ݙ큟.D&2 X9TGR8 z05RϧR U5F4Eٵ:v5a~?piwbYyMY|^J𡵤qf܋.#Jq Zu:tJM9m7WHќC -!9zd?Re70Vt_(5:~%oL)u־kp)YK&G k*R5W,ˋᛧhtgi)Ai)?S '[JB)zU>{MJs'a\s˪,cD"|Jf7d_͏sOItțEPJz@Q5pОvE UG;f*)֡qi581/l$ȁ3^.S, G7"Ϡ\Aէ‡?!sYotE͹sEDlo֨2C.y5PDY:ʇml'م';X>NXsə33BQ0WJ6CQ4zx#y = ^U鷧G_6Iv.TU@(9,ۍwj4ۜaUWi?ps`UV%gK6#]zDA;)WczKs(wCn5R6FǻuvQ XÖġ[HcwFvy2InQ/Dr|w/f‡K>4bQH'~va2 !"PC>eAϫ=T^ kJ0=0`ídU"P-h]u'W|O6kB0UBZڱ' =k p8a!틻w K?mG)_tҼxF8v˧dΜ6=Oq&} ],i=6, Cvo;h~c"sIc<2%X2-lTNv[<$w|zt]Q.X qe` kַ!$`ݮ]w IhF1Чⷕ񛾓{"Q}Xtl`5zJ#hDъc /Pp'ޤ ో H)ʲ\.i2CiL6y"L}rB]gʝ0[L00o;{S@3#%m )|9 R\i7|Ln2:.,ϊG`zPҘY=林t,?<JB g2V胹V%%ƷcnūYuvU-pNdztܝ ;kqcW4ѩա9>{eȃnlA\eP9Xo>U]YK|loNfxm#YeVc2\)b Pc7?9I>(C|G/KA5T_im](J5qPe>S!@BL}]:'5%)#C9/$~mYJ7akT"GzF CJEnP'.su=~*ovVp(iVhԧwD:~~Уؚaeŗ*{&agW:Hy_*7?=aW"Ocf"[~^)EP8U.LJg,N_$)Io$ ^9i3 Gض*{^8"‰95/Y?U@:.sʔö C) FyrkkO @Q8:*S>y} -"頎!pRQ7#_Lr:!p2sD X.cіT͵VMa+Y!9VǖSH6ⱇF?+T!:|(>1(|“lU}ؑF.39T7H#=ѻ@{;|񛜚:|>5CV:ѩy!}?$Mwcd8%>wLe×N SL}_*uxLlmuAM0hApx\C..2saw#~+LY1U3(!dڞ/GEjGPf+85q@nZK q;qfj0Nm'O=œ`YS!sv΍{d ,:o?A]~45:~f'1ߪ :GeVsxVaB鹹\HkJ僭zƄ9j YZ