sssd-common-pac-2.7.3-2.el8 >  A c #U]]<w fK19`#/2qvF?)N~NX~(=|3l9eF~|/WԉW K?[03 [[r?l:p(b[hnm յA `RW\+jc>Xv? dCfeɖU!%:9 ;<g/W; TR囓8M H`1*(NLA̚N%{mWnc<#;ɰ$jg=S3U2uyozٯ '7iF>i6SǪ9㻿Ga L Q$k>P'wc0X1(KWLeT{fH.r2np\RZXOa:ˠ@t?ZIJTfGg&~'oM2+OY#: 3qC=F702e33c71c1bc1e7cb672bb173d96f892579e040ec559c2518267a5cc912c0a276a2f3689dd2c8139cd9eba972baca2fe0833882c #U]o ۈ#Qʹ>WSmM1"k06r-P m͖B4T% ^wY[%H&.֊`& MRkBwh&"ylJuJxy$&c椣C3b8J@- 1 )O} #CBbE:{wSש +wRTcǺaqg+Z57K#u\.Yq9Z&iMI?{]ǹ{aKlua`Nat[t>yN"/R&* X?Oҭ Sǿ͋ϧ=KҌ.?6>p<? d  P 'DJTl x   " Ph55 M5( 8 9H:`G{H{I{0X{8Y{@\{X]{p^{b|Gd}e}f}l}t}u}v}w~x~y/Csssd-common-pac2.7.32.el8Common files needed for supporting PAC processingProvides common files needed by SSSD providers such as IPA and Active Directory for handling Kerberos PACs.bx86-01.mbox.centos.org CentOSCentOSGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxx86_64%KAAA큤bbbbbbº88f7fb92e51cda67ceb4df4442a167826ac7e01c153e3d47edd41041053e9bc58ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903../../../../usr/libexec/sssd/sssd_pacrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.7.3-2.el8.src.rpmsssd-common-pacsssd-common-pac(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @libbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.28)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.4()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2.5)(64bit)libini_config.so.5()(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-standard.so.0()(64bit)libndr.so.2()(64bit)libndr.so.2(NDR_0.0.1)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libsamba-util.so.0()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_iface.so()(64bit)libsss_sbus.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libunistring.so.2()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-common2.7.3-2.el83.0.4-14.6.0-14.0-15.2-12.7.3-2.el84.14.3bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)2.7.3-2.el82.7.3-2.el8.build-idf3f06f375d55ee2c4fb0a9ca91676cf181b0d8adsssd_pacsssd-common-pacCOPYING/usr/lib//usr/lib/.build-id//usr/lib/.build-id/f3//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-common-pac/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2x86_64-redhat-linux-gnudirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=f3f06f375d55ee2c4fb0a9ca91676cf181b0d8ad, strippedASCII text/RR'RRR"R+R-RRRRRRR)R R RRRRR!R%RRRRR*RR RRRRRRRRR&R#R$R R,R(R R.RR2utf-8502642c0e0421cac1678bdefe9ce5dbf96b8f84e931ae028ebdd221cf4a8778b?@7zXZ !#,] b2u jӫ`(y-o5Li34<5LotTISl<QhB(uãF _k& ъjY.2֯\<η`G"N9fp-Byh e@K$|TKY4ѾwDvy._> _\6Z Y~2ӑPG T|͎%Y\& 7Q}3ݫk"eԲ_GjrL,^r @=3^!¦(HLԖLRje4F=qs1.<Dz9* [pP[ Oj4{IX3Ca2UyNeݽ/YG^QZ/m,aW6|f$o,u'2T o/(Ƨ (_"j%Z`"Ed7,oRx7 nYei4Mx'|\ʼ ^sY >zk$2>𷼀c)ɳ4Es%a=A)Z%8a#w sy$hJ:8270]k!C]oKvkFe T\U]ңuA)*`ysժ|).:` &f@GhDBBR"XngaG<֥ %͢T! nl.ROa@M˖ٶwGew}O0g9T X5K)gӆq tNeQP/C#Bm_Y3F睅'dNܸ@=xnw,`w*]#͖0ٔK!~_2eYq{k> 8Ol79yaTVڨ >̄3Js )@&;?IBQ>y`K1,jrpX; 4 1 m95ioko HѶ:v< $t #+W ( GKoH#76f{Yʮ4y^su;BBnAhBOtz9&(({K!klQ.:|Q`O3do6ކxx@ë6WwE̹jaD?VP VZ0J6+*ltbhF5/7gYk7D_ИَOgY6:pXRASGqaFOf=G*tj%/zpID,%[% B }و:`d Ctf$;LR34G~^XLh8}SF.Co\+* _F {@Z7huYn? 3yȺ r8\WyfZ(~A]aQwT`0gK(gW3cĊ| J ؍B"G !2 0s"ucH(m@< Ѧo?G}WQluo;Z2N|qu9v~p1 nc03oq_sH~ h~eXuՊG uۭJs Qߺ ^|p,xlLb߽VoU;R;BKIf#\`@+EsDBvgܚ"-I&3kP4Q%eq;mG96F#CҌmp @ L%#{JC﬛+ҨVS#(-q^g(T;_[4YDjwF9;^.pkF*>#C't\?yN֖U8XdHiHVu/;re jy!#aOMoqᳪQ7~{` Xȉ,-IUr(-}qɶΉ(neKb'yL0p='ī`W@ܫ8m@"fֽ])\ ({ٙ=VlY,: [Ku^^fFC\(CA0$>=υ1V<6s3B6+cޭ߳KO4N5Xw%/UQp[Uhmٟ.|)͘>iYcpu>s̃6O5[35j;PLC(_dZMBK6K n>fJR,mkDxM[XV 厨FoKsl6_xR\xQW"O`,A('_R2v7>|E˙v/hýr._}pǦ(z!ˤ_;rqR=% neLe`+$tA9=%Lxqq x  79^{i*0dw ؂k4yrt>: 7Vݦ\Drb)b{[s=D|D@s;s-S8q#B9O8q+Uzi^UN}? oq#TnGQ=VnZ0n@ ܵ7i0;m(jJj>60E>S mhqǺ| "zYOeE>=a˴hl`rnF hF$;#mn## _~r`{]NǘݫGIa\gSP3+oik:zN`~-ArџѠi ݯ˳qDDg6`**duA.mCOL^K~K[JRHYpz!(cV|&|xaop: Kb 煦x뷖9x ;:LãQ,5DA.d f%+(=~߀w5^'>_#e`ZĦ"F>$4хI?:ψfxވ{zO#0nky،⺩\JneowzEZ]S?*'(-K1Q'bq=ofX֓l:ŁvOg773^r[iJXD`{bֈh>+2˨!j7望;Y@Q+EVd3> SMI8%癫`{"\1TY[TKPU||2GC6,5ڇ֬вVW8Ua$k)JIaU@a̹:Ol&0MD蜟6 \E[;յAA}HPu>m4nBrWtrI@]ȕǣkl-tHBD8ڎA;fzzudDn)Z N;[B%?*ؿ.:d7XŎS(nn5yp~OsZ͐]ګ$";b+QU&eC2ն;tVg~$~+tXԓK=<-.ĿC n UhO9< roCCB4Խjo /Y'Pa]/Jh"鵡G$ʝ;všd`ca;Dέ.8vXP1|}x&*m୺/_P"qy {jx.2"<=h'Mح?y0wڴ0>וn><IXUegIz`J`vZ%ՠn(@!HWKWip!Dŭp8i"1E\{hAm`B&ܮ %N%\nEw @LF1ů#ԭNLh hFDxrPV#a H\F͸%y!jD;URCtw|w*OX-'{~>W!pa ϳR$V;ߖ !%Op8!KKZ2yAI|8}S3~; ||ձ2qgou nUzEȂp֝ntd6O\jWBcYP~LHVU؆iZ|]/[7. f`^O p!ܫ9CP),'K%.i~*?y5[P9x̝dtSPV(A\gosk""cb ͷ{KKуwO{M xNi˳Y4cJ˛[W0 -R3e4ˉ^Uk"O>S:\L$u"JݿB*njmJu?nMu[|ߔ)Z5MxG=Jɺ"*Jˌ-0K_D 18ނjܠ6L{,2d-\Iƾ׻L+U->{'x_fa0cY2bHgtꧩJr#>cݺNy/ }$Kn"zUHڛw7b JOvK87*P#tҧߍZv4i$bg.v̀\x(ym=z&;߮9C^}5pEI7-Nԡh߆c%ДbOj1-atEcE$L&h~{KSl#]MbbYxQ/]^p&K eԆ72h(shs4 Ta^u1)=B[Tۖ)W7qrǖP=M8 dqoyM T̰6<bCiijҼӆP^>d()j4u`JN;HZ,J4&s|+&MV/5/* Z\b'Q )Mw TsN#y좢 ViQHLvϰwzX6`-r*ZLC!%NߔN#^]|UJ5?dq# ~G+ЉV:WN~J,.OC%~*C9RabUVk :;Or }~Rs' iQIIZH:o{q#3U\`_zrՃMg2@s`{=ѧj8 n[/░3[p!@s'!',HS -ǥt!).K,d $(1]'CbkRXzfÏ#;ۜV%=Ҟ53[DE,\)υ 3˜b|(V}%*\^3͡uZ苩NyO.;޽$ɲ F o6۔ Ph!}mtf ܥl ,o݅x7r7H M0S5߾IP%sب |[CpUF4(3wiElЗC@U#ͳaĠR)8S\Z$̙°8Q =솦nBgm14\i4}GÍ9_[SZ( 8UGӬ+4uzmmeeMTW+͌U##cу{}_{H 2@Uf {J2Ў_Ntgemw h\3*& N!撆ȉܤfQƃw ǻ#BQ6|RjaDAs&搰~.-h`$%Y铓!F׸q#}W @h0([Nm̍'!f }i c Wڗ 65)c30Mf@2pԛv^K)ӧ;J%:UR׸/},1] Lw3~SyߧE%u}V~NΨLWLxwީ9ItɈ\m|oVMT-<[/Ũk 3Έ;7"En(4(Nע@Wjor5992mTyaں50O͑DMho~j:[\v`GF+ub$$a鈺 `[.39^=u]2AS}.j,QVy=GKuNN}"'uhGP|#9C_zSQU #b]w(~"WU)4}J|=RP~Y8| S8_X=(gIgKdUeGTUؤ^vӤzIs>INe%0ǂxzKM$&1yӢJ*J+y ౕ\GoӿJ2G U_+(PB+5. մ DYIQP)n`˷"6.ɩъ $i_Æ{qlAsL0_ =%[v=S79馢ٟi'4pP:0o ?8f9t(>` ==^Bf&GsDΌm5eb>Ra*aY'>ة%7z-qdV5ƈ|gDG *٘Sł)RSRw:j4(h( "uL;O@G >m"n7-Uyז%rxud;@ՙn۲gC ,Q#(&c[WAEvf= 2Jyܦ\E:ATmyYrHOX`8q4W\@ܼ7v\co.aeȍku60Bbp]a(S1S3jQ_dSGCE׿vkj͊CqSÈ/p(Q1 Eq{t0QaYT,U1z'*A+%Ghi0sPrgolpx pTaע[3!\7zQE.9.vD!P0p7 #C;e,UsS( _y bJI~c7Rc"F`Td+I Gv"ceQS< [qfBqՉN 쌖DlFαr* G+yLd2tdr" vLU? ibEc'"×4s_ۛ)OlY}778F&H Rai.s%Fcm[=faFd !&$ ^t@ 2 x! ^gG-eMG]~ı_Mˢdi̲P]K^̻m'3xٛ2wԱ/hhc'fGÅ=p]#ոQsھ;Fp7+D҂)Y#z ڨhisZj_z҄&hzuY OZs!Oo8JB%yڔ0Kcb.߿w`MU{^ Q㌕x®|ˁu¡z3{\;lڸS_uآuh}C,8N N *fur>$Z, Frb J "*nHČy7d<=ڼqOܯi78BSzs.pNõ c.E9; OU|m6b>o~ȚHw`PLU4;ˮ,8ypUZI({dRHɋG(B*PWG)SQIԏ. ڣKԲž 8Ɨ'խ&qXVC1ŠYPK&/R gRjFcnĕ%)nfFh+bQO{߅1p.vxD̥V1T؈#2Xo'L`kTU?{ sv(AP<_GmS(M skӡnCM6R˫ͫ+! '~Zd V̖Dȇ=Y)GQOo(}O79W [n:8V*/D`fw?U(eN~1}RFC=C\f* KXzG?P^ICEDzމV#%K <*2srXzU}^aXdY`*X*vgǹ))5m)B5r(qZ}%B;+NZJm; };%)fB:q" w&Hx2΋S*  ഍ |"FL;wkZzo9/x;N0i*_lWEPFEʫQbPE_a@d HV)Sӝga"vѫckAqWxvOWhZ 8v.X7~Y3&Y|gٸ8* TI8WמIfR]wy9ˑ?!okHLLN9 j7 1b}}QnsLJFFfiucv;f@/AvEdW|T]WwJ c"(7e#c[ĻlXX 5.fzz@MPgM3IT /s:&"Z:w`YRĒ闔b)K1VrBmRKQnU;&s˟,).HmSa2tWǸ2qt`*/Ʊz,^Jc( q١"jdO&c~u,EW 4B ~J73S0**k82*!?J MD p&4b)!kq8S%P:'Vz}iB%,A*Y `C-wEzeM*ȣ5 ՜ޱR };{*onpTI I#ԯq/ZNN$%(#a1&~\U2@\#=O30yͬpأy*X %<} KBY3#Ӓ{ҋRqjwCD97ciZёq{lsKLĶ7h}Slu1XAi1"ЕM*my[W Ez ]0oh.K*ӠM/뭤^  Yyޔ/;wA^޶vy1Zbth+E ?.\|WcL.>`.\hc𢃜g1{V)JEhPԩܯc*A8o⋥骣][OBQ'7F+O_f_7eM=K)I>y\.U-s  @'@5P:iG`zojP{chtCᮢ#[PѾC(hƞu0 T^1Ut9,u)tj&XEd 6T\;"+nimJwK>tѷocHz%=߾̿]rji&P̿Xd)8J6t $͸+%2D0XfƿwFP6y[ϕ+kTF b,T )ؒ-9Yp{v۪BR݂իJT " çy1Gs|#ɍH}'S^F-tL KۗBO*>S`Y.r6Edo˱h$܃h Zg\4w)LS[B" He g03 2Ji"2c`,Sv?5!,B#t)Cl Ro/.3|V5U,8tqƿU/}` ΄ӮD[gL Jžd Ku 8RSUd{~HY=ȹKϜn5jj}FЁ~kGRGC@/ vL}TP3r]S#,ރ֧Q/4`oC;"RWjBeukK5ac*(f18!* N疍M$01R^wFs5jl^d,O 4fozp:ǶƦS` .YGngV, -Ԥ FlV1Q]ܨ5͖>>iƎؙTHf)N:`J߻DCRIo \ɠqpRwU(_8xdb%Q;8P}L=ߙ0=t-Bq``' qVm&V6a e?s-Yv\Y V)5 d:NqoJІ39`F*v?ՌUb|O)jiU8;<)e](jz -03 2"*ֳ O}SH_v Ѵ5a da2*:N 3P]w}g!$F_Ts0 jئ2Źj:kFwyp5xqkܑq[s 70̂N7P91K=Mq1Y0o͑$zQtŚ\Md}u0传hH@@֧0\.')Sy-/_LBE'Iw-ƞj6E #b+=i* :dI/5Hrq8QFpy"s< yX[#C1?5.x?z,R[+뼻9FbG(*w9ۧ`*c–\Z/1^ÓS:rU]n [>XZqy.xS$ObEi R#7ʓ.T-G%migH(3rL&KH}ՌC/C8y|~zn$FIEPs t囵kLh盞dxφN7:Ò `Ŗ{V/F:};AMnr R-bRnWI&՞+界>,U͋y6oّ[ CԼ s>-MV K9ڮBy689vEVyt_ 8#[zءK1qw/˼V8 \ᯆwy4sq%ђMB$)o k#ۭk'Ϳ3C M/->IߨfnsI>NolkѢb䞘,bvtcJFp`w#0@'w?EHG[d*yDCM ɫKU$< ϩ ,Ssm8NRUѷ0|\'dS>-]|kdor\/;kQ-.Y~2Ĝ% oAOk"o~(#֏Ȝ5Lkx?Y3+Hu<ߐωGVB2ٵǚP 9^qͺL~!^^$q|>=FH7I%1¿ŲI6qavw^ALAe!VݱK)TDPcbRۿeѶ4/tԋ= q3G>,?&g`.FrI_2=)ץאz{0ɝ~D c"7L0 N.'}R?IuRUrqW ȵefNb^O{r9d%u[m?91M;E~.$.1Ӌ/`ni(>ajNo#>p"w?&Rm£Aؔ4dQsٟݹ@#|ߏ@KT|˃;pf47T^}ЛP YF&IMZ(_:aDOFj=pkoԼ*,l!Ӻ~ yAB5ЪaXQY)XJ4|{n4TҗoH~EF$`F'oE 8~PVUMG\"+SpNDP S1W 1S4IgӥR@–!Oݙөވ9F@~oT|/3'=]l<q ~YOr5@U*U/8z$ vVq٩G[]ER Ngf# ‘/;E><$d!FwntBf411/alKL46 ?[pXUBb}W{3wDĤ1Ƈ:OzFH=Hy$R*dl 4I]iy̶$U.NeJ9+G*LKF`mm.NC:=hbEA8& ż_) )ڄ4*+1zΗ۳GXR+5"ƞ5ތ ̬0k`dEltcr| Y340x*`۞]y;$3[ < Zh[رICLk=17ȷb>_aAK+oNķ/F'tO11T.Ԥ"Ҩ Jű߫_ s Ĺ:Ҳ{W]mwFtu BD@E'b P2g!"g۵ܼoe ,bW^3~/{dH@q4WLFcsk'/.D>.PfUbLCoNã;iG` ~7M~XҬ'Y7V&bg')5j'y-N|V́ϲ I%tRyIOkr,,l-@q7֘8GϸJ鲤lmHW4+S^ޯs'AqHQeK*Hv̌1X]^kF,]]?NuC9a5(ٝY6pb#Squ0W4#46+ k 7*()- BE(.؁42J\w;Wa4[x={b#3YHO#V*aS噟?~FX|;sU-WWQü2q#x-H& 7[?StP!jju\5^+~zu?AKƶWc"I;-}6*vXۮ S)P#ȜKv opM{l2;yAv9ȐբNa%V%!qa A\焰O*Vqlu QhHLt%< ¸=^PIC!g̥q7 ;Т1G]\xn5+65Q7򄐝ݠӜG@zM4OA'M0yTmP8{4tm%>E Mgke1e;VpZjoOei(~=4T:2m  n\TӴakȂzOƌgu5FhB+BncۻF!$rBb>/ BO)}^Y`Q pik &zX.f] wI:!q%;j5hA%[t櫂b81(EV˝qE褚w K`89̩[./>$i Zt ^ԟ/r/VBnOשQ#ҖZt)6#"o+dK]4J'v nmf5.NJ~J})~eBQ';$'PX ;W2קɷfS>i`x7:oQJe0~E/>mDbH ٯGND݃4Zl]"T 6";mjx+{-sRW8sO52O"Bt&r8&i3Hg\l݋O8 e|4Y {Jrna6jf;Qs烑+ sg,9fwPG&<GA*xTTB`b;.Ȉ&kL£t"ocUC0e'ZY]Fz4o?Zn9D-{5spr>M $̬{^~ǭ+3.g93]M\0_=舅YVJicZAFEs*%Q;Pƍ@WnJM:P QEΠ7m븯n8A0e,䭂!s[R4XW4vGtGz|\//,V?3 JZNP*]{7}p.`ำaC] ʹ{Қh_mA+}<b7yyfneebDn_G{HrIz$UK)l3j qyԷQsiY%QfkUSq* Pa ,el2 &?Ău];Խۡ8 F4N|dwTJJJ`4@ uÅS[LfN_*+m}їg,]Tр:ݖmgkG.yQ4G8 :πtzز"\b-x7}c?h{;:}G&Zr?:YY䊢SA,+Skg\`ߕoOUe;w=r)ܻ>S <^U7dYNם;h?a_]yC<tO;W =|<(GKv ΅|#= ęv04) y\󫠤P 8\όǧ.EWNp֪4$ؑ2x7,]hth!f_zK+OJ^7N+_Œf~|.K=ni +WxG,h>FfA k&n`y"ROXO=qp 2%3sA46[Mu.d Τw2f+,> _dwAUtD/#(;YڑƁ) d53)' (LߦyȾ8o4X@:=w(Ql~ݍexЧT`FNP9f3P)) cȷ DD?KK`єW,C ?`G@6Yz?~'BzV԰(Y~9+ j[;BmMǝ1n8 \I\ADv^ ^z%'YjXGg D$A/;CE}=tBb)9?br¦BpUzZsm*튱bŹ܌[zza ߙ^iMڅ=RO՛ ?KdXګs8tO!TA %oT~SWxlgm)_g32Ts?SbV/|.zGԨ 9F=N_?M·soV눨b\#;H58F:o`~ 3ڟ*nO"BZbb}F0vCK'k@劒k ]LeuF6E]f !UCo՗LGR%(tH%IȠr#d}|>p րpw>&e 0 §PZ_}ξKל%@(} ĴKf`L.X3TjOѾ22fLq^U0 ;5<>7P8{rv{]AA={QeoŘewsG osnmon3a :Æxz %:.\wD#pדJ8qԬ}2ֿϿ@4R'J|ꌋ!NJZ4HUxQ@5a,:n%] j鱻.Uxӌujx^6m3gekJ@]D(9H0Ϗ4_ť|,tk7esuFb~OMmc)YͰ"</Q9F<#'a__ͱIOVCR`~C:(A^B\Fӡvw)M!K;N.#uLFf[шc`SK=lg,JSVO _éF[P9#$f}gPWEːIQ*KcN/>;$A UN8T7__9.fl*.QZ];/icXr~V Ӟ!zB{$gR#}q/0ؼ Sr_xй哂òsbל;vB8*!D;;JΓ)lGZd6{3}%rttk{xZl!ʞ$]i`X6~{Am8 }}Uy:?b槒X >?SmK$J0uQ4*zh2q17+Q.?uEGLZ26Jr뎒H7I-޸@Ի2$ p(g$8m'H91 NʛZ53<.%]n=PhO 87 hWNwZy|ߗfuuHБU1VWQyAQ{U\̽unLf$޻nMʘ: %j'u @GLy)q LU9vK$& 3r }\(!+(;ul rG;&^|ƻ#@$~[V5 <1$ 2Beu8"4QL/=ȈP]ߍe-EG+~ŲܓcGCPQo1ȱcu0>:z@O Hx}2]S!džR*[;I'%,Fk:&ncKtdnhl$Nw`AnN~hR4HҞf5-G7skjO@IiPZZٷ^B1D)o.4ũUz="u;[ ̙]c6v,=mF-uk[7/j!kV;Ŋe=[FWs*Ctj҆G{I` wqw/USmX;|Ǚjq7a$)m1>}Z\(*Zʈuֶ =@;6 Ci]L;ՠR)C4"\™jsUE[OQxN4[ᤥ_b;#`~Z u>Q4ih!=]{v̜&{jr\[_ʕMBTOOFqz2{_.甩w^gEkp_F <ق FAy{fT+jfNUaoěBY7weLɮV!o[@Zy= tC;3}W^+ R6j}q0iI Uױזގ&x-5CXװ2U>s80HMSuxh糴5VC<9)PFd,†FcCi/$:e<##WJl+u0Y94۩8VN0Opzܣ4/6mdjJϛg$W 9D!Drpdn %MT)t ɹ̀}x,G #s2lƽ%.K xNM5Ox=Rۅ_Q$Jےk)h;OC})cf"1ur}&n-413, š?xl ȋ!#Lq/DY2wGg֫3+c -;,>/ #> ~OΧ4}a G?|ޯҾ+۾I5XOGqX6t4}9Ӓ)XgXx͜8Vvgky2 uAYBNe1x~r"gk<>|" kv29 ԑ{sk)!*#)>\1:-Y*ɔLBXxvXz"LāK&sqQUVWRI\j@ LFu59ܪ*vOl-]r4x%H%J1n/ .1( XҚ7շB彐?bܫxrz sަeYϒA5j+nSR-[Ýubhvpf," ?TʴRj7cWpnuz*J0:5c^,[-X$Fonm:!m?X< ?%;0yRY쫢 ׌n+-PݺvF@V OPnRIE]cCKcɲ:>~a\(g}: .3¯_?D=z ΝOpq~(|i; "EAHsQ{q*B ͺR٠HcnYr6}E5M2nvnۯެct]\]m|͟;%f$ab%j3+kHg `d^ ʱ,`laz>\;aحΚ ?Sp'!塮ľZK=7v8V>bc W-`v3е" T bPfd<nt)‡kh ;:Pt~pzW ?dw}hkĪ_sZY_%j/yhb[@*[l tfxM6O+ eQI)N7Ԅ)MZ㘎yG+XIE}Bے?kQze Ɔ[@~1AXSvo_H7)dqh|^Rme2r꙲HPw_m' jc6?"щѺu~O`Z0R%+cxem0 'YƂLX%Ass:Il??HFuc;.`qW;dAw] `ԟ,ׂ@ ^]4ֶSMuf4WG# qR2K3eGO2m]5m5V$RedeC0ӎ.r4S.C{/L(&S2 4U&,X./b$W! B~4pp6-sO:,*(.a: 8ϣ(tdw=>'CVAQVfģG+ىqSSM t e5 ,4,)E!WF ,Uhoi}7'=^0]˝-wZ[ &Pq3W# b०uDX ~=BdX0ZVFW޵]NX,ɠװBED4_4)s`rPq9nw7ʍ.v9V *}C=t侩PÇ`"8{xmer3AqMD A uxߖNM8@ BO:Eh\kʏe~>:4茏3JSV{Ĝj$Mh 1RRsg5,q1ޮ5N&[d-ɻKBuYK=M\}&qVk@z]S?@SH86UtE{/ew *O`غY U;Q?\u f⋻dzoҌz SX H <:3Eה ;it=UCjQ c,H頹'pc i$95 ,.%guTx;eFdmX%Ht~oB,%2!=n[ʯr[M{L-giO|H4Snˆb(• AGA 8vИ`mxkƇ)F &GX9$A%] -IdxN1%GCk+;|;ٽt >q1o|g8ek=b^LR)GiT{URƺ1gxpNi'/tHt*کRx\艏G/b,c%"o7s 4#Ԥ)+ 9^8WS1B6J)g2ٵrie7I@]Q,ص1\~_L]1s( D)w8ҩam*l!\ Ԟ‘0|Dj=d.oh*2ga*9WOk%a-k >8eN>]8Xay[0R8~yϑB\<{Izz,Hnd8_Y:EjvA*l?8wڹN-\[I]zM%'fU)De&Mmjr9ʤ]p(Js7}%Wn[2Y%RnHo^Qw, 0Y8O)#KT |IIx)h V>8Wnk!pjm y 1\찶|OB4NB Pyԙ{ͼi,`.jq\y(f 9|s׫KĴoN/x@a Acjo5m<】 &KZ Sf,ƈN8(ظ02 kV}[%ô+Vev@rpW-vJwޮiaNg" _٣TE?` G, 0q/`=DL톫 QmuKh\H)%|UP*Dhg: Q*1ɗ"o{T5u _Pi+6Q\ȀELĪ2nEXdÜ좟:/!ۙ݊(-;N"9 ,;gb40M>8DAV=%0?0F+Jt* 9rf)(gOaϒzkNj9o֓3{w&}q0vFkPkuEDB\ p:<_]Y>C:K!{\Lk*,\W,ՕWEP ٘1EHqwc3# b\9(RCd?IzH I"&mrWtl_~9(=[m {Yjg ٷ;<zk¹0~̾U7Εޝ?b1Zݝ_ʰ3jM5Ulͯ9"bl4eϭS2wȰ&TVSYNzsHNȎX,0c7@#hp{N@;['A嘯 Of=JSϘFZ׹BDڬM:ᛷXΧxmK_L#&u˶ B}.kmJ #(`y(xlgf*AZixn_k+uLnDLr3sܺ#->$Ci:?-*@>'.j8c#leJ ׇѴVj<)R K`m-MI"yI*l0l _YlMArr^l^ub3 #53R4Vs (S;X[1KjQ|koР"|o] 6asv&-OŴ)'P%^܎d-6I l:F0YyiD]k=}=yӰy H>9&kHq (S6+aILqx7#P=xKG6^9H-4V?Hʡ(!-LSؗU}؞ R<E uD$˙_2ߕfo)8u}ŜءA*Vv,;dCw""еVcR e&8?kW؛|o[RNӀ .3,hX5A, HX-e{/Ǯn Ј sy b#bJ}2{d<D™Һ 8ln2{S c\7T1i٬P>J $rp+GyEd8XоL)%MAPk-]ߨ(cVTFK;19s[Sd Uƽc8;e Ir.YM w]hD"B@?X 'Y%O:Pypb%|LSW%~ T/0ف; 3IH,]CM@9[atOEm6'}Fd~g0s@l8:"3@O8]OL^DZ;XL{ߘt\pUz)%p_LqWe*jLjsLROkNBQRbK?b%JN-Cƽ)Ja@? %jY{MJ@ۏZh(Gr]r,+MJȰ(ɞX$30fw23lq}1֯Fu8g ^* l0ﱆwRœGIpMKҫ_@.BI}I[;(5q{Z7nyq'ľ3mj 40Zby}oG"dè^-R07:), H-6N~3?,&\U<\['@bQ'š _z ڙ+>ߎtQ-HJ3M IOvȃAIC/<GEHT *ôH պ; KZ\/J4[j%Iq-='Ԍ y '?Dؾ HyG|C94ĮǘΛI3R;L๰7h`u~`KǸh^qNRMp}z F;.]9?1xQh5M .(Y'/#FB^ vK kim-%ރ2<զ<:+3"᳀`Qd0[=dqw8.e-E]1&;0@۵[vFqLiuZ$AD3@՚9QJ/{w A^R^dOcf AAG7#+0C)=L`K@"F$@Yh4Oνz)-ONFI#ʑ"mʼ;|hAo8׊ebG<)JǨ}w&zZb2]㓕e~ 1*7 ߷Fع-_װ31k3+$Ձo&9MAɏn+48HOƥ)ެuڶ&Y1 1xyD T0DvZogLj4\,\yfF%S}`_6$"&:6XZdw3 s;+ZW"x+VI-mŗEx>P@*f+Q-i) 3hhbԄTz ~b?Ydfb% .-ȣҨF_D̰ q<`2Q'TtgpPpC>a/'I PRi ]-}|k"q0D[G<_* Zfmn_."݁Ӫ\@ uZڻ>~h&R {6A!S?k(/nk<erA':Oʇ6ښ42p(.BZֹrpwI?.Eדl zBCy)마9 km3^WrxCs7hyVwsa.!<=qD f REݠ?7# mwG8ϒEA{O eu  S1 GqU(Yƛnf%UvsB-/PX-u] XFo|b@d@aQ)#=RBJ BǫO 16Ǝ9j_OǵS)lKqxw#pu]Yo~O$*_lK':\=K5yR|5 {,"T{0rprڦF)/*#DOEdt̵2wu@[Y%'a:ָ-[UwxJJ w*QHݱ4R,ζp$526巆7~͠8GKcQx`,|4y g狪4 5]?ĥ2vX*\i\f{+<|>*Pje1䐄ԧI sj!T_63ՍdRCNVˠ ?؎:&'rj$b0=ċۣ#4CsDzΗ9.z$ʋlXP2tٻ, #WNFRa>^:?V,?jճ-^y/Po#Wn1^/XAhڎdE^g`۽_! F{=@a*GA7jJ33'_8G$(-|h9HoN3~ {]2V4:PMxj")JUL6ԡ4C)ni{@ iCLTn;W, _F ?!0eNPA0pWs~J_!9.|ҨUvT Ü6P& :7]!KҞ@*7Z5>k\#>4v*k=wWrpx g< 6H)Ea{jy1GkV}VEoƌ4_Lv[u7I/NrͱTy dY¤j¸f_ \AoPH ATnI*a>;yLt+-,oY'/< oPlJZx|izZS|nrsE]t.w&p烸t: KHOPAEdxLABYl$(^Mh'KLrG1D{P7|8  !>u-MbʬCsp7 Q SB~Ͱؓi)P3q $@ &6pҾ&x+`]s%.xd>]+uB7\S׍0(TyG|~ΦqRҽzEC(FE7H)=eRy+ȊJƽr:eaXw^ B2]M:B_{D )/9^^*R$ eb=5b3WƓ WkQgm $-Q=`a-';+v,/F[6, /V4xL-zEƮIj'a1e(sC=Np}J0Դ`aT@N32вm7 ؇|0YSB bT TEsv3Em :wˌ;Hmj)e썤ׇ05cP9PTr%=?ه X'X ݁&e#q;{ۊķskHv=Jk Z7B(MЕcQ[Kt@[t8RAdPrY)-X>̂#Mp|{^ؘb=^͂k1-i_:<,7vtPN+8C,!{%f0ku`nۈ Zu6KOm:/D:4?bBߥ P-zw)%07uC.A+-vs5.aᣍp;t;L#ha;*YH; [=_0U=%EdԛŸ]R8n, E> euܢ/-sE՜?HRI-1IqDS X Ul,.03XBavCSA &mipTE.55 :&(viT|,n[s$G0wY~l*˧e,X$1w"ԍGJ 5XM0gvRq_~Q> =J-Fx3=O[>>3dmyPO2U)HgI 'T*] J+ \6[DKw"h{C:"&ӶK =J^݌ T"?Z2n\˛Q6vDg\du:5538dMj}ONSZoFA7Inl1ilhy!c>c?}XB50$5*@MLZ#ёeR|;`h؋;:-F?YKiqoSV \>{Lo6]fw$a¯@(W\"NS#* N&F9u^$juB;zZJ(DM]oP@SAO(oY&kS`o`u\؇%T=wbt3M0r%z0NN#aSi#ǫJfpAkq)|"ٶ~NTF;V (_:q(D}'`/`U;s.>F$ 8sDglv_r΀[RNg, FڻEK UQR4u\} K(sCв|v]cxh !"Ŭd:+5/[<~=<?VB X3Sh&^19׏<4n/uar?8j5S Hs_dvIrOqlNEM[bSlTX uuF!aNyY*3ip "̢8qj(8/ڄ$Qg3,?Ƨm_Z)Y3\'_P6: G!' yCl"=DѴHvʹmXveᒴXДIp砟wTStb'oĴK*i @0̌7D*o"b͆`ZG#!! {91%\gGZxͼ٥޲.-ܞ!Mt0%qiNSv7YǕl؞e~`i?Or7@U_a"ьl|*ޘ~r!`7֡)vVOfE`[TЧ+syt#x$4HN#Bʧ͜5?_,Pg#njܷnScG(ׇ+A2/1f.l}4:U(.^:bzFB =[lwH]Oz8jܚ%WH:ӷPȸw[Y*H7Cl0@ "qd$و2?XUl~] =o"[b2ӆk=FIځ6oty=yJM- x?msXi~OD3 !K;hWS;:?gDQ\%1PE,%0Zw 7O\cP$suxSe( !:iǓWDA[U%~Z}dEW#W+vb̨IgJb#F1k*W +`P{|T'  <ddwxLV4&>".` 15̔EMA ډXNRJ fL־yӗGD3d.A! 577]bt,6¸ZY;5@jΞئj"{w`/5/!W/=Al4KSRp R~ FY0nGl}2쾘/H'FE]e]v7WCUfژ{knyNlMa@ Ԇ'-/oh 3㨑fh@Kίir"8J!z'nݱ^d׎Ѧ_yn?pQAd:unt KFce+i5A6zuP-.h hjBqU}6bpMr%;X3*HKqA%S.Sti9*0bА"ম~A״B }Als0=]jC>*w=6+9:'d+۬O}֤Ͽ\<1)5mBCraG@`*3cMO0^EAL@1m[;#vl?l=br̩g)M'4"i- Da>)Eǣ dfKJFl [pځ~S 1O bNNMdҧdF!͙R71(IV#ʷY$R2JC~ڠ/yt[cT)[)8]Fbzb`2uc7Q#{# 8ׯNgPUf h}P)acV.ޓ5^˱w4f:R1:;ʻN婾4oU+oٖk#}t_R*|nܧ.tT󠴹{~nIƊ45j@C4>YxCX辐8unrM~T{/29<,z>+|ƥsq%vSˈyI֎i`ty;3Eg)A乤:{ԉ\(~ ^x0l kUEvKn摇]V|l'OCj1l@^v Lx+A%/%1\ipP Yi] }Ҡ[Kd Qw?E`@}5Vfrϱ 8kI>ԑO]iZF+j7{fωs"_좷|d=)}<f`/Np,c_Xlq6F#ʁ4LOOwb`lAv/V]挭uZ1~w_c? _H &]ckog2ZR]ð#So@??v^;6"c&GLpPХ *ٌ`X#RUo+Qi~ŦGfs[9k4iH#×v^ 1.H}Ɉ SUvR"mӓ[PO>Q,D\B!D;CyѱպEcg"mB>-=ضu,""eŃYP$(G  @땁#PεA+a%5b|ol|C&k?~MãNEj䱍:ئڳ2=ukÙi$ o-|p:&?;\v"LF  d1*?Q:!ٻJT1,4r!ɾ_y1_JR+KW:Jkhk .#ι *#מvWc;YV뗒$BiS ;?(T`5i`m .X1UÐLz"ۄ7fse]LUIJD+vbSbã?=鱱0\u,]6U &OJuQwWuq@wR2'UU9$X@ŕj W"vlFESE`%.K(cOE ?g$ pɔn̢A:}4(XB \uLh%"Rq %8ucQ{L{ 9SzZB[3x[9ў!p2\R(Ai~͝O!tS/n{g1 6c(?}-TBEKU-^L:dU|(ZDu>ϓMM -9ۼ0-`EljłI9a2a3Th :O۽u&3QفL0\q'X}ħ/H9 R|"<5V1adi)A cQe6ԠxD4RebQ8ͅ~Y # scg ;YRq Xuz]2ڴl +-~nd%6? TRo4LBVA1_pfV4{Ŋk6ؗ=V`W=f{PZ!4@ Dj-4 v&G5'/te]*nB046Plb\C7^ZH :O;oh֨dlvϾL% VĽ쯚N8oq:pGaPTwRګޠQ{vrohr>*̊g, ī=Tm5+pt@Ȉbe\ pa.^Z3Әiu.φ87|@ޗq]FZGn(iAa;َ%pmPp2q%;G}@]{VX/c)CJ rS\TwHCD,OɎL%ظ^`pki _+7"~9_ }e˅~nZ/e¤6ƽ[ԫHְL"p1XLmz @s?2tz=r {H`.KK,z|5-mlhzT-dhpX\$7b!/iL7y/cP솯K3\._)\>&0?ZhRKԌ{l/8O`H!Tݼ(/: p!9_)_D:&AF{*5=Gag6I8o~^ݷ4$E!Ag8NYk1ICC%]_0}.vG 7ɺ ֭<NI;n,wwpJe Xu+VN5,_jkK܃F R 8 W:$c/D)N:MMqØtgv~Ú|^4$sY*xpŒ3ి&>Ce"z#nղηp󘡖JKY!B14E jKu?+ m0x \B 3%xdMDizky|[H;y _' - wIQ#e P!d՝k.<ŲɈ32:7Xk.2,\B7_ЖGvzUCV+]JŤ7!-$~[|hF`Qo']ck=] ,C݅'Uxc&>MDCPyVk^/uAjI9@-\O.ƑV#Y7pKJHUrE4K>8>|2 v, $)x4:Hi)X@]ThW͌!t wԃ<.dPUaPA31*E A H IF􄰼 p tm2b&Yk955g(\==4X_ߚ(]-;yq< rBf5G8hv!?+`U`8Y 4no+4V,a)GQC yz9 XԘbDhq .ٞZfi .Y2D1V|S[Ȯdꬦ!PP>W $ \l(?p9p0 5h$*\ y:J6,#Myg̍9vj֡4*^o-s|75-䣮"`(Q#7,{3^Z),-5ӿP'bCrP/xvэw(5>牺Hpw.CvSG \s3p%U4VMgjq"uzy WXf7(y4?=/rN0:%^B]l\ā w)-@b\Kw4U 8q+:FGQ>N_b -htT8b=d'F^ &KBdmjYlf $}(a \Ktt ~*D3Okw9lb>-u64%6BA𞵛 a6*rn*~2Fg( Z%%eک}q1t9Inشvc7q-%wxnBP 4eV*K:Mtj5<_b="JKQ;iSQIDi\ ~FJ'fqߕ2M;4$c4ʭ/c>|j^' <.d0zN3'`Y_GfY%WM8K&ZU4<r@` :n$&e|p֛d5E$>i(`CEpWR.] Dr`viHǐZs-Y/il{}Wp-X_{5nNl7_\ D_ҪǜQVuA9a+ 'AQ2_F$LfdH_6iTT= ʓH\cgmk66 =Y$TU x/Lkt\i,?3;0,VQGYK3녈T,jAbe(/)j}.dI1`>A t`[5)b/0b7kx?i %<3)?ccBHr5ya vSBb^'%XX\+%lR:w=5OrUE)j}$:V6]+9ϗR j8ZV-(V|)J)b;=bSM-¹87.ƚ ]; Ƣ?8^ٝ (4{ EBkOJ̟60^0Sņ}ovO$bZRLZn4q=̐uÔ/.x%jc#5"̉q5e;F+JSw~H L1֢dM"$m$ :O⍸]ӌZs:k 3 EO\H <[w?8Ri* M"3hEyc~hN}57s6 lCŴ<:9"*>9^0BDmfp=s\JVʹfЏfu@ d lϱo,#hW~Yُ {nkk;6HWQ("% ON+N}[xsSr\Ox&Ҋl]6N 5d(tj3fܜu2Z2OC= Q?!_hu[U)a2Tl TvISi; .ZhP.b^ ϔOϟCR^:~AEU245bQX|fO > }p=Ҥ<8ͼ-&]^8ˡg+pQr9iþK1d1a7&=W'(߹oJ&R37:\f"rv5V*\*7#нٸ'X~_.!Mm#1!gO,,D:Hq <'p0R# 2X>Nn>FJ?SZ{l㱯ౝ|\\O̓- ޣꊾF+Nʢ hijt& 3PC:Ǝ6ܜ\N3,mԹ'qdQS UY$0Dİb*;&e0E*G7c?ZǪ@^KrM"=~sI5hkysuf'xIT>*c@]h96g^Bop` :>[&y,9IhJT5--4K5lԟf5٥ aXu1Tb<ɔ6Q7Pߓ14Pr2sA(m=< LtXܟlJ.nI]e dQ]RXZegQeE5dff10:ITG9??p[ES!W" S*j-.9)(rWќ_4ml:#95={*kOhrcV#ߎtwG DLo!Am"6s$SA"zr˂iD:u5- ȈtygR1k.mǞj⃋N\`g˺eߔ5,2W;IQ;q/H:wТ|*g{?B:ojEC!_E;q|rӀ_Xތ>w׶~5ihFZoϭk¯x"` ?d.ѩbKǒT/go"}9"ׂ? W.I;2,sԭ\8 ve1y/PS"pQ*b2gP+Up8O.z4?A6`$ Lu"t jF,%źt<$UY 6<5 faI0y&$Z-@/ S0TSIʑ`պAtND1<5%43ɤ*C>Ze*yv`J/QYm}o_0<jB1>S\>fRcܰCYdtUĻT%M|?mjOjLG2#{y;LMy>+A'~܁@qy(??MLz;6.w)0%')3:ӟ{N^Ut%χ\پefl\0L78m jAB:0O@㔟d夜g)A7[WIydyk`G3 Z󜏲p,2/"֖;] BŽ|Hl=86lQrA611F]Z tZ(L8~¼& jNgily( Q_O|V:+ b0dg] #ER^!rmʔk\8dHhGȒ)7J퍑fU|Τa|io3~~i̥t;~~( 4EonmΙ]cLe20@0\5q! dR%⚝TN;Ƿ(AT垌VΏps "ѻ"" 2'2" ;?N4 ad p{V2Z[ȫʄh}2 bx8i×^` I=9\̥vd`G̯kdx殸]0-:hP[I$Ja$nA0QNIzޤF(L@τX։>dy̯^3ϔ`"P:% qb (-byHiq1ē&Q*jivb~|.|\_;M$̅UF_; ]XOO$$h^\_Mm:!X( nM'~T :wu椼 :RH iQʭkOfKRYQRuY:K!J 0[ q)\1n#&D L,A2]x]Ƥ֨#sI?\tel(R&%w'fIiJz;a]9host4CÝ]i۪=G0~\_::,gm4 (ٴ|[ %iM 7 Jt(/;\q(*#)?F$?{1( G!nV]3;޴Y0#${xpH"V31Qo n[7ӈ N5I ؙ/N;Kf{6X␽v!W{S-K`3ҋ]SX9$"RA_1RX 1gQȮ6PP;ʉ#^-8JGckUOԻ\YC;?@κZי3i2d5]i Oehy(Hn1j0LR$|{3 xaR3.tEl95-FA+Dtlk.1-o"l'5D=́>2 °e߃3פ;XՀ$Gerŭ)LV )M3OKF8ڮuA1.+Ue)w3XKϽIYg@rqnn.K_UM)t8`. eO'ImE#{\4M3ss\*4'ϻr)7<&̲ӄQߐ*5aWFyh.Yp[`Z(=pNXem(q9/$9+*;}X21B70EDMGƸy.._- Cbە)I2r\ VF@[-Iz$%W%ol ϒQDP \Jw-{ =dy]gwFMɄJ">&Cs,.)G=f8ٷZ\ki34d,SlUط|49kN'}D}i@[lWh4IJ; ug(& iºieD@j}$6Y~+;NxʃٙG^|4 _AdVxxV!o1qx6N}1wj 8c"`X,;1' qu?s1pގ>BX)@"aDm3&kd(0excV[\V?Yīq 0'J&=+]Yzb4/MR⇝VI+H$/q973]Y`UfA鶂^AFfZ )Ws"_prȭowheoYW 5#>b`wRjGvI:oT´lMi/BngJ<93G9:ZSZ/~Y|=deWCX@U\JK@7)Gc'6/Sө0A@'3LUI8ݤ &n Vq0Hp:3U78ώVBIm9\æ.st U } ?YhHhit-Ի(X.Ye\:_]W@%ow|5̫G='}fgJ]HBU BmcB.Q"PUS '9ȤNngt0Lj 7fN{n\ۭP,()ɟ=C&GS)l*iG,øOSהLj*c~ˮzgIh6RX;="qW HX=ETY@qwa(H^H ͝)k2~V1)4퓵WknǮ3TGH*c`jÝg7Pu}=wfK-ŤRp5 ꗢ(O-K»EPe5TMesL8/&O}șL/ b)Etf2>`hT]* p: dѷ*whJ("%edBwNOK"S8Pw e cRGb/hE5O1 GY{,HE|l1)Jsiv hG,O+c#v瞒\M;jEgvxO9WأUKS.Sh4̶Ē8ΓR"ӟ/=`Ks'(ם ѣ^}/ `I+1,FlGTstPb\K  -!/C*/4J ,QīoLv,kb W.~vfrx[Vx>HLKq1/$6OyfTd[+ *IE3pR?Oq?NGA>r"f(vϭ*l3Nx!p-YN]}DmFmx Ew;CX! cBZDc nBϹ}NhVv3/i1-}$;skń-5 X]!i |='lZo1ľ \ ɪza #Bh`k!؃nD%$tXnǍd#_U_0%0$8/n[PIM`|pgK%=m"Al7 -j|ߏbP fFCB&2 27ꊙˁroA}AE-Q|W /'6afK| QUt7b qXחMvi|I}CDձU9t" HJ_O 6k)01*7<hX 5u ^70YH ,ZA._d^~;=&/X&6q`.f~xEBDDfɽyT,|FC*5[7TZOg/M*SN2ky gH\n5e:> & 6UIvLx-gyk&~|NjW^Y:6$,*BE vg[-O~þ %3=eXHf2'Q,} P>] UV!Чf)J{L41b P쬄ͧC pzB|FZ&D8N!xDdn!({ 3]l_t`4mq8Eї?tRtf%~΁+dӾQ胅)O&Hfzr[J+ybP]wvX{J.R{T8`!5}>mwťrö\k"8_4vP5 W$Y9Pa5QYsw7 ?T 'U):9pcm+&43Z\8sV{ƕ(Ce~x"^*y$'ɕ{;僃z~Mfaj8Bo?pܩoaB8ozI]3c{NooLB*f| =I AmokSzK^aXf *X<00¬mwa{= Rzd,UF0X{}GV6|AEĦ `9Hd|D{3 *-#\GH Dx_Z3.Lr7Mz{prK$mU^˳$`,.먗9,} =0oCNb#嘕o,Q+F8ÑTP(g=LUƔ֩EV$b Gb&6_UZ< YY]SA1 H@&sU%xq~{wST)#s/9K w&T:/ηѡm Vۢ~,GIO&/p4 eO?d~Xt 7tt퐈&A_,2&2ˈuy19D]uck>ʅ N) uow4ݸCim*LgN (y&Qf*bA>h37mө-ن'1gs`3Bx}bDWNg Nǿit{uuz.!+Ms<>M`OB, qsZМ{o,_žG-ENg ;]d gHu9兟[`w~cwax$;0 OIQ5tʃ_] }Ҥ]f Cp!h![(`-8R,\Xm3&YSMLT#aD}4{#OvģJĜ+ʅ'ruvkgF:zPj'mf*QuƉR ލLLL۽g۪>z C%F5餺'QӋ;54lvO5ೖn<=[?NvZk:A>wAQE)~4KSt(DUt ,2sPt,IԒѴIm͈3gJwuZi-@Q Cѿ2@•=Y$F- &8K?A%+gtmt-$6`"qaWp_V|aHGa  qb{3͸;8}r7 5~;cT/K잯Q{c#;-fFRapO7QoA|Xi3p˳3+G50&S!xЦ_3^vњ|'Ŋ=Ȋ=o>o (C*9yqsMEPmq\Uޠ+g<+Wea?p{;uKhY Lq99۞n5,Ԭ{2\?)NGAٽ+L6TLd9 bV{ z͇m$ѧsAF˜.5[-a0PGmNMy8Acz/A ӧ-b=ب^9ս˽܀KnTXPǧ5? Mw!K7[|_krwkefaʹ$|ۄ^?2j f#e#EC 4}SE]BvF:Ų laV|5Ey]^UI~?zbI_\^*T]w "/%3%7).m ^zjsG Wq7#/)𤹼1ﴚ~2)OwZ^*қ0u@_;@<>_r=F2ZrAjG0;&ANԁnˑs0jG9K׾\.rTRoAN|sOۈY_K8|Q@]Kkoti&A$g,4an%J;=QYjD#;#Ojy$L4Z\WPMSPÙFaX7ةPmyGo'8q* =Է(#ں}Kr | y߼FP݂- kŢu>ޥ=F3r=$*Ĩ0ŽC6E'F %%C]p@?]~9|-*Qa 9.:CHɍfQ`[$;XHb>7BBPwG^`E V0# KM"Ϊ QO! N+`ߖzxc=3HM7̺QcϰUK}Lh7WzWNQgokWb .UPp{o3,7"RҜhF1A|2 kK<L$z͂_NFoksr k-4 ӱd溎5 |-`\n0kV͓Qp R~AzM\6tNQq-{Cɣqo3kt!a7:C>шV4d-Xp5Xs@i+D> 璤uQ^9I*BX<5p@[92Sq1.tgIHK<:dTt܌ /Uz?0tèͷmo`)~cQU5|I轛uSby_@I+XՉT&~H?t;jHi/QRY۩Gд07zkGs\0[{nP}<6s@Q?ATL(pXs 2-gGVҲő_Xr5uYAXP)iqlJnNp.1|>(iX@Q?ӳ_ЧHyLq3zv@8l2uj g/i"g*l0VM4P{pSٰ7r}uS_[ݺ*폙' Cjw>ϩa=- kOm75d jI=VR޸Z3d%h^$N־Dܫͪ͹?9]_'8ldQu'YHj o"B'Ho k+LXO?T~"M0Yzh#5-|iʠsO7;Ľ.yeNCeޟC3:lİ)^"[~i3,|x7 Ha iMBm\z_ `2χWqT<&{{\u?9箑) (fDa튗>K' y)II524@)oOfKfӴmw/rm^ gz.dߐeLI%ʙ7XJ dXgjZ f(8,ZWdSyԬWSLWRq\XBP5$ h|-7R#K ZL%[G(̮nmBA& Nu-RA_ug'.S}k7E1gR,G=df<#JtOcͦC4qQn(S%̘ޟ㮒 )d}T{! o.")7= v!PU7/&{2UF hPY#ٳ; j<'ՁO[d[ƛxq ]_+HIRP*1ZY{\d5 Z"3'<3tL)L(z!yr Cq3ZKb3P1zGWv@uߺS1 j~8XI"j!jy7˜8Iٚ#NS=ߦ8DTE>WΖl /^O 8&(zlh*9-ƺixx@L95:;jk6f/D?m[-LH=Ϊ8 5`]  ;Gȵ.#<58LL{EJP(7%3zYrjV]OvMPƶ= ^VM]HJ@?NCFgMg. R2pSGOhbT;ƂIyH&yq͈$I ·d\y)ɁOtѼ(z<AȈ4y1qa3dTTB ʷ?.r5?Ɖ6);*Ơ2-i\x6RϩWDPҕ^><(tf#2j*~BZ]EW~4iz (_RvRg@}Q_SKNpfWďZ8ފsNCЭ4&liy\񜲐}U~:8[xO3][ǃsĬ}k*y5DsY HP?rZs-R0#/yՔ-"CTԏ{dO [ 5LQFScx?v_4=T%T}CmaS֣8UO)v }EhPK;U1=Mi " LhTnff]wIP4xjWo#U?WƬg1벥$Ís9ݑc6NUt}"rn"| }lwWDZwrmX[밦e݁tL, 6hwo #]{A 3`bRwںal:e#"LgRZwLnC'& YQ\2^DrGti2-Ąy^&+^V7"6|%P &qˆD‹0U[qŊ[.DUaL `oWyZΦA ᰧwAB\,*wSikʟ'VZ[1e´,*tG')L 3͠GQHg欻{r0<~@CV$?E_0\`9P#ݞ2hf{W8 +YbQHfzxÛll*Źzu86Nt9Ҍb14yum8/w' n*$y'woQCv\6Sսt9{C"ԝv!M7i8-j/1+abI7\1Cc6J,Z@~ ɖ!_2-kiN&{!U"etnœ%8{ot0c'PЁJB\t.W+vFX$najdC#Hh4m}IvEnY]G$^l@T\?{mo -q.Z;Y9ƒ_}בEat;{KwPJF-nmQpѨy$>[MZe͂Q(U…SWG b6GBƟ*JY@p$Z*$uc1΢n?z|l[ A/k"k5ż* iE'*:Gcm5紹 >^VmH$Ò+Ds3N:# ݌ɛAѐv,ʨva/:&8ܗksФ/}}#BWQ?!yR ~^gK'8[u{ʹ#9kh,X+pG%תkd p<3v4<ҏ(?*R^>2q [O|8<}a@]Эfohr A"bh%a-+"S!ゟU\%`߿=h`*8 ) t רr8>HǦAJjE#\mg}L#3Fv&Rk#|QC y=s""mqeG^n(FPqv縫e17KJOˌ67<j7/ ['@C{ޫ({W &m# zh7]6}ũf==@TN^Cʌ:i# ]B?%> /svaA۹ӖW>hNL|l>̀4#%P P窞ǢRRM"6i|Br6ťdR%cN!ڀ0m:ac8{%yRr6SR1s(FPT0]I9]zNuJxh\6s}qg\JTa[#o>p$]R99'u\m }Gȁ鉹Q5zr=s|fLFVݸ!4ш `LhlI.G}{D]O.;z6wK·U}Qq%Ӟ *{~ě(:~ 3.z 쏲g||Y뿏"9׹x' kXDTT]`r]MqΏ<C}d 76cW6,n9<͟ 4̬>>*מZZ8\TaԳm NA&jdn#>۝mb&?c}P[!栕b&/DtX39_Ґ>^ 0Hq=|EH,Ed.AUpfHqĥZ9Q>ʭ.Itgm>)#Ӣ5r&Fot.rrTk~)vʨ `D9m-V,PxRlT BT BvR=M%Tr. *1Z2@ɰ&|@]tĿdc{%vCxܡ@0N pCj5cwFWn̝C @6$ˀXӛ%PQQl.5$I%N{Y‹F2Ϛ?ZI*ǀ@g!V}Ԉ%sJ&fB.U=h^u6gqFLn驡).rUKi L2JMU:8``%T{,7ĤGT0Jo,ؚ’R,Fu&ƃ o,*l?Ur^!vZ^W d#UExn`}\Oϵ,A>t[FTXRɽ?[h1``o 9 9yCP$meaxI}O8M@;]l 㞮A !ŁԵ 67*;Nq`PG|R(ճ :Z""֕Yܸxg OSH\)Lfڂх,^F PD[kZC =Go!ҳbF"u| E=E]H%O]Blb<(H* _qe\6Rd$e8&1րͳŔ2~{[@) ~5:me0΁`<ڪC]^_|MSTN !B,LXZɫH߾yNM @L # f! _oxyN+܋?WYlHCz٣k j2`@ ^%rigF%Il(%85NmȂ(% 4a%plczzYLn2vÆk^}iCOva T겈g{\#u/{R:T5x?bak~r!*B&j]`*ېT" $G53HxU9:'yFftdE1Z!巃 W`,j$-̭sJ(T gǭOLp7,~jr"UW,i€ X\w4,¹jǷ*{VyG"owD<, n{p c`͟)i}LPB@uvup+a9>𣏕u`?@^$ X-an' H0=K󹹝Y@=zr/B՗!2|{"&J$$n!y [X|+q R֦)GqhYogb$ 6dn[F!x}{PiL@{E"l]a. +_ RsQm=Wkʷ&#Yq/SnͿ=JbHv[ӿ#;O iвYܫ5Qo.5R&W%Unw6-܆N'2 HRCX{,2jhoM]e/RяE5ɫΉ$,yS n ?-ͨͲH!H{SQMxN<6OFtP&b;ғORY ,@z;IHbG0F:YdW't\(gݙvr)[>![MW SuzaNcP۠1gfCP#YbN6fiiq1“!$`1וv@-K@U$n8qT<z[XǓ*Iˁiowv%>IEQ䵫_p<K?U"8ց.ϱEwO )2u[<QTi]d8|Y urXV- XOȊy^]7up &6ɑ%lN-ucM=M<.QPءг=֔Jsf H-,yGQ"9.ؖ j[ļr@ N1PRU/C+ԐRԞdvͩwNC%J't2G=jwSPRVMnԬex\ZH&xyb.U #8~oQS*jYwh( /zxP,#ˮ1Lz=~`zuC= !]<$^df9LHqqsz=ݒۄ5*&8"YC:y apÇ||dR`20ӌ. 4vKJ3 ɔOقH$`\hpUww:lVG>[ZPj{9Yy2j-y=B 6 ~;$?Q4v+⎷sscBPRfZlZ;wP`E/t<:_PU@SшO۔=B/⩍__Oq~dLoj\Հ|n}鑱Tq= Zi#.m.>vI9!Ã$gW%D 9tLZ+/~r 3P0ى#`E`W#|V ܸk㻕0BaK:6 JW`vPƌNqXw@1@.i.?Ng=Af@1_jf@ɄRnFMagu؆{[h/^8kʷ% 5/h&K o/فQt$Iʃȱ[$ԀiaW̿țǁS=:@!)[ 7gw%Y;~ J"HMKcYBϵ_R&]V]i /:j$xYb˚:hXUnւ?0k `$yyA;U dsLz,&Dd[tMi;Szߟ+_FE_-=BCl]qurY}:say|aw l%Yl{F6SΦ84rab˼̧EB j5ٟFa'g1ïj8m\DeLAͣz0.I:j=Va+#irUTxD` 7 Yqj<~f*ʺNFchŅBX3m jHwo(! nkReܑ,F4j 7a31GK0jop6 fO)S0M#Ji_ csޫGB G8sWnKQ Xv=4cSgDnj-J>mge JbhG),X~¹bq}B+C&k뢖ݢ+e!ڄhsZ ]W wB[$8y.tD/JUHlc8<@Q7P5U=Rr>ҹ(|Q1sq1&o?p611CM #ﯩמovEhu+kVRO'$vUYt vߋ~*9ǟV|lsg??)cO{sef2gBpdgmO_c8ګz|mZi8ZnDiZ]vn =/XCαJv+a7hX&=i sE( 7ձUB'FԴ]nG?DPjyM3d||i 蝮7E|E>Qs­1< o@z:Q {C^MjMwa P$e i/!G`aLpyB $`42Ǻv |LM \%gKY0 Wdȿ4h$X4y8P '_ʎ28͙AL(+T->>nbTxFE ln}G))C0 E*>'邭{xo@i|+ @ۉB#@Jlǂ D4Ց掂=,.'Ncf)iSQtCje. {k=׵>as}_Kc=`< ӦwihOb~6oǾSV 2~ ==g^V@6[[2eNbUZpX{} T |]*31] '~*{9x=3z ')b`xUKlAO }7 7Z1d&&2n%(k1 Ii`(1*ՀqTa Jy3KŵVea&n[^>b@$:vbע->q8WBaBR6F ѷ_tē}]|Uԩxc:nY!v83$F%͝sfpz}RH6 tppH)ol:u;WwiۤN%:~r1K<[z&=|!WF~[T76Ԓ]G^ӚlKM+Kwk Ն>k6X<4 ]m8t1Rng=ٍ1RlA=E2DYlm~ 2"F ݪo@W[Ñ]ƠFǔӠP) 9]PQo{c):eԓW"r]s-ONN4wu:dN #6[W?CMn'`Dg 1e"g<tA/ܐSOd4d:!,WbCMٓ r=nxDxf̞8z!"eu SL_ğpߩh!nn%yMR98_*Q⌂mlQ*4L2ʝ /۩A[rP@+e>'osW7*gEU#V|3!L:VoR,V 0|3+Qyh #]0 !sZ]xܢBENz_h.'`@jf[&~e_ JzKľl.,%ꬨ& ! ud6|WzJ]jMç%m[C֤CWnhpĹ%} QRCdvfT$ 6T qL-5zr>1UW7C4ʤ*UKjXx/7=(2L(iQxhCn_2gN7ZdwCSCPeNִ|rke[ѱ[KD0=:^ed13fIR}@뙔Y$[՜Ʃ0wQ2 Go.s@~6:DVtablSog^2rTBQ$'b~.xl- dX`7UG8/ 뾾<GMj=Π6 "WjH.겱.@_~/vbLU~̷AkJcJpk(-2Kvoc=iJx*ΰͼچ\U*9KGG `-ULBDq^u{۪xs_~&I#;E1jwO"[.-5gAs}I )5\;W);za;HTVFeNT&;jt.fēM+lW<TZK-ן}\pb~d!SYKz`{u%c'vqi*"j %! $d )Z=[HAhԞ ˂]uЎ+ &M3DŽTG{7g˛Kd阥[p~ݺ57OaҼ)&du&`]4e5 5?5 |g艆N rhfq)]J߻?sՀkR {8/ΌFR%xя_fC'o9&_ml)t(u39ҬhƝSMfn1Ļ%ԹʔgƈyР+C3j-?\RRթb裢ρ$tϋG.b OuEOLC1m3|?+Raw7uۧ#Z%;T ͥ5܌e?޷:ԅ3Į 5{"MH|˼A9:UEeY+$A6W~4WcZ+ U 4'{NR0UM=|\O*cu{F (`#tS&RKJ+5 }ZQ(e/Alq)~}3:A%f'x'X^CBi112Ls\#yM⯯B.!4^Ԛ[.ϛw-]Amqr S;낸(|{/-n;2zCҌ{Ya)tzgY݀BTXdؼ#>Tq/m^)^ ۏnːyB3gR=U̜ppmjc>CNQ:B,T7azm;c!6U@RpfbsBuJ߬1nP*:aO8DI (oS {dm@ls8*}|zZL:f᪌F@rX+".蕰dž9!@*c ̔t?ɑMctwr6e Y뫮w[rh\j應m3.pjbZFAWfc1(ij#' s`|E!;)#Acr'` 870&4_=[FUĬ~Fh(lTdƼ($ܑNѪ)25SP Q$KgiT|yM %Fɒ; Gw@?@bT *C<3ߣrQ#PRAhƊ Rn@W_ωjw5U nLXH ʐVfoM^wZb<8q)x1 +HwGQtU(ZϤ,a;#+?G}ygV.0e唞(&`ܨs2N+p <4 ʚbQ{ƟD b/=ɚkVp3#31XQ_JOK?H؂v'#?!r@E˱Y3%ϔЛT;$bwݮmk'rۚgnd&}rJ(h.UpH~梈ޡR,M@J6T +? op~S``9IQ;i1Ô) a~8w׫]p=;uփ 0+3 MWԘ7Vê2O!E^}^ztʢē,8<*$"vy1TJC~\ӲH58W"1Ez}<]3^ IiׂkU ajb"8Q h\ba:_Qq3@_oAvsOJcS%ʵf MK,r:PCepu:^[Rx`"d7(xcjO& u _Ma+$H I.UO$MxqNZD7= z%fO$4\wy&#.̻ HNRYzƥi©M\ZSVvwўh>IBb4}KW3BbC䍂=# ?mY} \#$*!}DkT~@:YUJNDjI[\fܖ0qK ^1.Md붔|[İiu)8ƧYs܎ܶ.?t=r''MSr<G'FaB՝| , ꎔ ӳIcnbS~GA'h[nS=uGQ0w,V$z)3-HeUH`˵7=ٕwCJ/vEbCDRk ]pD!M90_ oR$`h?2Teb!3-opZa''e׉Z*_]DDe,G4E/ XCe@p(zqyAX6oap]eVE?Ȏ0CnHI+ܻ_fq}T8q"aZP;<{ΥQI*a%谵iJS*C.%6-aT #XǗR_9NF 4u /k ]F WPT4nq:M|i6 Xɏs? j s*JiNOvQ)5 '_0"mh{5g%V3f|!qr[]?}ٓ0G#>1҉ZqOmYd8^$GȼDCx\끮g}[yqJ񞉂nw­ jʿdL}; 2 k@by Է]̩z?Ý=lvʞk@4;V#cJtfg;~J=yPdE뎺n ]' [|Z{X8‚9S f%nu=M|PoMfO= 'DaZ}F[3lSvȵlM#DAڠx:~Sr;h0l,1]ÙEVկh 4qHh"(f<:*cvA污8RI6Z4 j#B-W~~`L_9J!Sי-QEl4b?&$Ӻrz\r1{ĴH.=jU/oB C;+JE:y_8|-qGC`O=|.>ʋVPe8eWVdveQ"[;:{oQZkūVj]71J[F254yMgRg phAf1}];VK7}Ό~ݗ =HACˍSbG VyU;^g÷6@ l}3, [tJW%~G$v$4 k۔AfC)F<~"}_Q(R7O?غ[oElS`XO1է>{5ۡ㸃^ܟboܢ|RdKF/r> 5^X|%oPVr|Ϟuўc}Tqj  JqB+7jcobRtb9 bߛ7 .GxJ$Thp{QcYHڹNfخd LÍO@#Vo[ci^}`*\ABcc̄` VBO(8:A"-IA >JJHTbv$1s;FHx (>N"~0IcqTK$#`PB/ȝ/<5xv+tR]hJ%j] rf\Z*vQwF<݃k%M(>'c>1%(˲;O#{wWn !֏zW(B5#쭌rF-pF6]H,(¥3ˎ9$7YZ*<Ȗ .k8dhHLMH(zK*)&6IN نh$vB3(وnV:& vLC76@uKBɖ8O_ʎ[̪|vmyw^ڗxZpU4/ NgT +nctfT9j\W>~iXuP=ici_-Haw &^;PŠކр U =q7w/ny?yZ`A%zdž-hgfqkQQ*H"/~=KYV~@y4UBvYUE>w{Н$DͨK\oA1-PKt|8qM@S(%ޓ_1zFKwqd}di\>߶ ÊzqKY.4qM4F$q_2i f|;W@rEavnCۏ?r?XZ(WqlK[ 6y\!.QƘ]0~k"[7jqo&'jZ#VKXfn[{=)TsNArpj+"dFu# 9 9K)4!/Z/u-9W|{-CTERAFd҈R/ %c&z @iZqo]f 3ܒR9wWHaA*^Șn?lO aHޠQpg>,H;8о*<:M\=j8tM{ZfFn^="w\V#,Lty NyFqzP)_e; )|pbMM 7Xs}nŕ q`=u/|Oi!\\1ʆԬRO|?owfg4R9D 02QfBYgcq2q&c'Pqw"Q:PUo]xtvׄzvbx'Ak-ܿ6V I\rt}ϝS)tGPҹac`h2$F4n[Q> !~G #d,j(l=9jkBCrݦ*=>KG5*DJky2s<_lK"pGm›*d%iD7 b Xݼ\zٙliUbXJ#^,xM‡X7k7ijS$%; m^5W[mX])U<+ 5TwV'DC hC]W]D7=P?X[3 [lG%U{bg G6I& J~"Yw jnlRflFϒ) ~_lp,N"Qjs)S.6%sGJT UqcMPZ dHc^A…) Cne-Av rNڔ_o A43o G\0tTWv_DR%rp0T9PFMWGEJ<\rEz`B)׸o]΀JGb͆-yگ/p\homH]riXb`@]i5&h'ȗzL, "aZJ8!d͢N)Y;Ka=$IO㠉owL|'s$}Îb).tRQmԴQ,a,T3󱏶{Bd xy)8lT޺t0 %Xۥ!c,Q0LQcP߮Vj  ȞawNKʬɷߘ4l-*J 1mkg,~ysN2/ZkFPX 6qW"ϖW^ZNBb {'W8_k dzv뚡2ƣYqfyV+3~M]zbV5m6 F1$|K"xS.܈VXolzZ] +[]qFtXgj$S\){,s@e}0IoxW܀i4r4!cg2"<n͆s`err`n;uDЛۃt(LAcNQSf,S=!a'l2x5\!\pnǹ*%w~oj ?\d%TRJ*V%*e"lj\bFѮ=*$FAį۩{'f4DyJifNey1^F0&"2%}< `,ʯ%=JxGhݬQ㗟z`NNY+Y~DZ9pS{6Ki@zRKWhQW 8iz7KWk'~a,<E)Jq2?"z[[v{6@aZ_Ѓ$+#P]uE Zn> l[,#OA2~["ˏfJI[DkCd CZS*W 9p{:atQ8\ʶ#1wJ>zMk$]a:UwOjkȐK3SW5bRI؉oNTg*"BVL;@BQM1>MN:T@_6!=% q1T厒v,o?㸞A [b3_Ia 1Utk?fS>whSlT,t\K/yzo^~9WA\O0^00>iږi.߬^7wz @e^隴(Y%t[)ׇPZpw+d>bK$ŖE2 9FUWgho$pY;X{}( $pXHP h|{+>RkfbdM ˑt3Ìl>P'Sp[,n2;v$+{ͪT!x «_x%ńǦN5u. bvA,\a$3a^[1UtD3 6%N?unUHb g֖EaܓX k% I-絝-PQF@[ \? Rwr6U@uFu/[Y@&27ڹf FGҷ龅cV!;Z]sЪ]hF0@ź*T=1Vҩnx^59sK)W#tD"Է "3daSA{ f<\A'VD~Z{Mk `*OTJɫ#T:]C´|=*.] {ꜽs͢OwBRM|.n6KҪthaqn輻pʖ"&&yEu.Qc˪^cJނlǯw;qm`{>zSA.sW?3)A*^uby ~nt! -/P~?fZ)AU73_erjam c ,vUe>['n&'%}Ks5x9iCSQ ~VR =R }%9$i9dQ- TMI X =g$i\HFWŧɅj^$R8Θ;B!Fby*=ħ'z?aSq#t:qYX d4@E#.%0χOY!Nje$6Sl\ko&OcZ2;2G|\\rXQ%mD~gŜYgqTُILZg?(()DQףR9I&G܅Jf"V9*W#uZGZ06oy,mx tnLpp)D鵯J71E-=Pwl fM4F-TT. M xIsKw3{=) =IHݣPՁtJ@L,?[l2=5 Ӷ ^*]Z3Q\f6'x1E#;UwTZ>ohZme% $Aښ\ttU%޸R}EKG(7]BPF2.o>q42iOd Xg߱n\Dj&: heGm+d갍HZ}/[Q! ՟炆K2C+~DfOmKs \◿s-ì_DRC5lvQ cR/u |LK4{CȻZIƼoN\.b8xx49s* Xɬq{CهT9u-Gm5Cz( -e JO}LIT)2~g;yajJs'g.2P7J1)5w< elV|;cZ9޲YT)yeBK,,ӆ9+ڐkMykɹ=] NŽ2Է`n:Wf{zn#}IڼП&q;[j)ިN)%=gɋZ]"dA+墀zq=(zL VNh_[u^`@n,.xt3nٟ-Xj.bޒ,>Mow{9]JA J6R\^660 ($~"4(u<|x): f7vu&Yvb@vIpy{Ns:LN&czu/<xTweۈb9L1*v3wajG^O[m'FY4Uך]`ia_(*B?MR˽e \tIygCֻX5c!^B 9^*F\(ǝx G$ Ӫ3ٯiA:K8x@`SXS2eh*v)z`aMSg9Rq#3dn)Zhk7@YP9p_W4EػrZ1"f>>/B2z}M~Z:\`~K,KU"mE6PY6D: b۬&},pI%K|.(zBX/_9&er ]_tԞun;$yu$- j`TKֶ_L)Ͻ1cD ϓ,Vj#%J:Ə#zN[FH:6uwl;Wk/&bMa-Fǯ:ft   Tz9F@*h*{\{q SmAK()`>يx &?bGn!)δw֪q2јi a)Vn+Ҏ l9|QOg:Gyٳ?Chwnw|fz%ZNϖd *%&דxzd /a;&uloHp?>i 8Eˣw#",1߽i^Sjy g ܝduͨ85)lv]4]|K06r.&IJEǐxZmL޹P }8󣣧^,kc="iQH#C?N5cS.6ѿ~U3loo>&I~)} Զ YZ