sssd-dbus-2.9.1-2.el8 >  H    ;LPtd U],*+X6 w/w,+(BXIJ%wö,-kXoIOHu |+&@=WLKJKH ZTr'ij:MS!RRX"X|=FsZ4R}?isdI!4o.k'F{x SUZD=ʓB3ЋD7*<' . C4`jRAlSw1?H'vb(sLBy0t}WbKT A`I>ʿ)1f<TԏZ9VTmŻ~fEHNw UMZp\B \_S:e ٗ\>G{<-O4,^:wDg >zC8߄ 3f5029121e2e2c35ab6d7e94654ab81b1a66a5ff21450b8af1a41975bf1dc1dfe41ec44725a1535debad6ff9b95378e727f18dae0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb500683066023100b7d204c0b48b730aca0239292855bdc5030fdbf28f9194ecff6df2c1c751437984904b6256151cceee7465e411eaee56023100a05798437517ecc537a7904de163a9de8d907a8bd789226b0684c8c3d0cb86060de544a17e0c3b6299b83288fc5bba500302047c435bb50066306402306f8d012d9de9b2fd405ee1439edbdb08d07ccc022f2fc114ba1f4754dcc4d3632db843e4eced34d279921bb2ef1661450230385597a5d673d7808f664e9d96905b9df34952a4e16638e4eb3e23da054a6c95d74923ef7228b6ea5ca3dda9f24446c00302047c435bb50066306402306603cff2c804b5c85c26b6ab328a9abc32114a039195ac847861585d361affbd481ec1248059d963eeb2f810bceb75a602306d7cd1e3bdf586169e2bb5b1572765979009bbc7b23bcf174ff3cf37648313ff6ae38f5b4e816826dc4253b7ae9efdc60302047c435bb500683066023100b30b2bbebdb5eee6389eba082cef1cb75422aa6c63ec11f2b9325d42e48e56fccd51d89b7cbebc26884bbab24c6a2da1023100d41eeabc03a6ec14205cc8dc925ec0e68558a9fe5ad10ba3098d0c1f7a1e1220f0fe6215fd378c810a82b956410a3db40302047c435bb50067306502303f5e393c85feaa8571d8276124e5c70f76fb874448fae147681da09cf90c8784fda44a27fd2b5d01788badf5a1435e3c023100fe8e78b1f18a5cb81604689d18fc5a2b2ec47214a8edd67db40c83ff5c00e7d15da83d52877c2849022f9a054b10943b0302047c435bb5006730650231008e3474c25255fd5c6824358eab8c6736ad6e4be06489738dc5507c8bcdb3b95d90280e31d24e6ad1359365feafe07c510230247e6b337fb8b18cfc4c81e323e282b8e3bec0b88446ab1200cd1feaee0fc14c00d6135e3c40a62a81e04651cd5ad32d0302047c435bb500683066023100988e15ab8acfb0885e1bcd16a215976be7f485c896b38437f928a23252d35e84255c518e13feea679ec2a4423aca244d023100b3a6bb3d2d212e659ccf8d649c00dafe317e432f42999179f3704f3d30bac681edf257c6e218257597b3fe8f8eb275ce0302047c435bb50066306402302fb85bea3ad87b1a7a06e485081f2ec93a163d08b79f031f058f2b0dc7110e5630b9a79b0200597c11d5f64b4cdd838a02302cf1799c10f4c03d0eb474252ac04a031b179ca8ada7ada90060cd1f326fefe175df0967bbce91e854c5929231036ef30302047c435bb50066306402303728c08e203a0fe7f50ba2c3ef9224cc32b6b1ca16c13ebf8735bb60212905a51188f5350d695c1e16fffba1c0ff0cce023066984baf9733bc013eba84b182f5e9bf7eefb54d1eeef96ebc37c441bf5d53dd6dc300f23c4f02a91e08ab7a308920570302047c435bb500673065023100c980725f263737d2183cec1a172576f3f81b3c8d1609df7b8f7d480c64630e5f9cd0b2e786096354d30d46150fc1852402304ee7bc41b1d8ab5bcfc4dbcf6382f662eec06856b501ca94d2e3fe378458efc57895eea7a71b6651a438a1db5e7564b3{d U]*Bakc:)-r9W\ZI;"h2;i r;Z"A> y>qttC]GC],mil@&.G7 ư p KdYddLYG ڇr"QA"!|BKL^!unru RXszr,#͛K ~ߍɲdǾg؞=]J`-`Qo"zk3U$P3 eH(Ece3gTշ8 :\UoED9 1ԽŴHҦ_Q Fhx ]On~?OWg=6^-¡]3]O*XKbh4Mb >94~hmo!68`[qmlJY\NP9ZrTdEH (ܟ=>íjKvN23_s %֚Xv)X>PB?pd   8 ,IOVm $  <  T       4 p  55 5( ?8 H9:f>3?;@CGL H| I XY\ ] ^ b d[e`fclet u vw xH yx* $*lCsssd-dbus2.9.12.el8The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.d7x86-02.stream.rdu2.redhat.comCentOSCentOSGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxx86_64 if [ $1 -eq 1 ] ; then # Initial installation systemctl --no-reload preset sssd-ifp.service &>/dev/null || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable --now sssd-ifp.service &>/dev/null || : fi if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-ifp.service &>/dev/null || : fi%KA  7A큤A큤d7d7d7d7d7d7d7dud7d7d7d709f028cd5ad8b15e0d13531d362fd4f515952a830f6c821442cb3f901cf292a916d09f29c9f7dae365a7e8e9605b61007058300dab89420c0232c37f9f53a86ca2631eb70e5cdc8392c97e19924dc9aca4ddcf4b38a44ada079dbfd5f3b5c8734601b3592d313effe1a70c44167775b06693dc9b72e7bebc718b6c9e8b094b8f8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903fab388c9511e663bd65315b5273be49c612aab0783e52a09fa4bf40904d2354e3aa74673a5d4ad7e0d89fdecb42adb6de644ffdf4de98065d76b574194e9feec80e63b6deaf076e6bfaf3cb88a7cf80464e6bce7121ba82cd3a23e1652b6affce057027adaa26f3c3ab370b4e567faaa4006477cddda1c8d356fe729312626fb../../../../usr/libexec/sssd/sssd_ifprootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.1-2.el8.src.rpmsssd-dbussssd-dbus(x86-64) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/bin/shlibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.28)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.4()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdbus-1.so.3(LIBDBUS_1_3)(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2.5)(64bit)libifp_iface.so()(64bit)libini_config.so.5()(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_iface.so()(64bit)libsss_sbus.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libunistring.so.2()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-commonsystemdsystemdsystemd3.0.4-14.6.0-14.0-15.2-12.9.1-2.el84.14.3dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh rusvuk2.9.1-2.el82.9.1-2.el8 .build-id1c2d4efdabadcab8d3a9af8fd6b2d5f23f5e1csssd-ifp.servicesssd_ifporg.freedesktop.sssd.infopipe.serviceorg.freedesktop.sssd.infopipe.confsssd-dbusCOPYINGsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gz/usr/lib//usr/lib/.build-id/df//usr/lib/systemd/system//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/dbus-1/system.d//usr/share/licenses//usr/share/licenses/sssd-dbus//usr/share/man/man5//usr/share/man/ru/man5//usr/share/man/sv/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2x86_64-redhat-linux-gnudirectoryASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=df1c2d4efdabadcab8d3a9af8fd6b2d5f23f5e1c, strippedXML 1.0 document, ASCII texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix)*R(R$R RRRR*RR&RR RRRRR"RRRRR'RRRRR RRRRR R#RR R!RR)R%R R+RR/utf-80bcb985d30ef96dbfdc61c90ac5e757b1cffcd9113be5f4294afe02d84d608b4?7zXZ !#,] b2u jӫ`(y/<6RK}/HTs3+~kXr>|\[z}c8pH\ew g<%b#q h_N!mQ/Y$DL4﫸H~vM}[ɤIMC8KU7L/6{tz9 şY&浙UձZ!\zso}ӽyvϮ~tV4QgFwG"g)B);SĢ\i_{uuy` -Z$6-p M8X[,QŚ2c]@[魴\Q9؎ǣ~u݅h4u䛼Tb5`M.Γ& u}-Hp eV0H% )fR3)o*W2qA|:&h .¦\z}:uSP(q `i ]Po#/~k!'O_ vwsi$L.kumyp V E SXF4hч[5w׹D@Ozik jC|[yB iu³bA^1Z%"BkЂNV=]!?aM/܋:[؇CzlVV{\t@>5 T^y/q՘qKswEm\\˿_灍tFPP~ Kf{֍m[4`#D9ٻZS2d15L f$sxMa N>#/eё¨' Traq(lj[\d9tkzy1[[0ʲukߔTNqBw+q)`|Hǣ0'"bEmIO04p =7 #K#1U.^'V-w;孝EEN͝J)˖Υ.#|%DUr'Ֆt(>FB&ez+xd/tvj6jX~k ukc &u_7Ɏi,  j@p €FI,$}GF;"J 4IUhIʠI{KՄ3E щ+#I :UJm,! =͘z ,3[{[}qO/wX$D-/p)ZPx‰C]=v)ۆ\ecC? '37=0  NڱPrv-.:S[.6>6wݙnl.\<]Ӧ - u5#^@hJ)stud Ӎ18G'G$mahRS}dqc쓴]"l̒2 9)y\!pWz xLdߊ!Gֿ3I@DdEG#CyXU/p!"Ʉ: $pjG)o_eKJ~9+Jפթ58fěK&8l\ -̱_]m0 0CF*='O|djtb'tʆ)YD^ cџ G  Xd^?F B֬SJ#̷ vTCeCvؤ}mtSƥV\$+bg`MGe]Ij]l \W7A O}WG Ȩ\33ҩ d#"U)vj!n\2.eI :@ 9Fu 'p{'p|J> o\# EY nhKZZہ*!L.UUqy=:㏝kMr!~ir ;?S4M]{'תۉ&^n5gE*S9FݐiPW"gfnQ F<_S:o̍XCp417$u ^H#E&Y/ƚRCz9`0aҾ4x܌zrY HQ ,kWa1צaFpH ti`I|@t;-}PxQ1u(nh_I2W }ɿ1Qn))ƢA;@w~=5y7[@T]IL ,F9+b0xo_664Շkfj<"O x/Ry 9x{E8NO[;`L^m@p!\4܇fi8@g(aX%i Խ>ݮ $"ѯm PWa : ȄxxùNON~_}&]琉 oۆvj1G P#)s{~)8d5.ܮEYue؇ ԯ$;KV'nqLwwԬ]|ӏ$|_Y[HZJ f#;#+Y8 58KlOW|P#ƭ IȋSx'+o˱`0um"e<Y3HR~҉ ;[YnLq$̗Wr'[|1[\Ty| ۮ s+nuN*VS^Pg'P 1 .^  ;;E) x,/2'&5h ®*Xц ^A9) )5ҿ0ޡ^fI׀`=[xY.G3ɋ>O!- =мl'+pzR(Dӡ@1"nє+[l\.+Y}4Theώ+068ԝY6zoՒ}uT"7&\Xv%:z(W䎼ݽlqO[u-/:I^u@'2%ӕ! Pq9f  ez߽b iҺiZH#ę 430y[gĴ04_TWEآx7}"8zа{G'LEDvڶoJ6i3 Q;]u޶m*>כ|86|P[di<@V3;f Uɢ0{: SuPyAS7o55H0Ez~(䦃Z#K 5Gኀ͝+X- +ok;}!Ϣ@L;4>όC3B1I?tߵ.t+`cM( "iSC~|?kFƶ$iHT6Z(*7κcVy9 o$UA5RnGk)p?z_1'B_!8Q͘`O91[SIO&Z"xnځNf~*TpŐf1DqO7)%ѥ3Sp p1rƎBȆ`7,MfXJȢ;Nm.-egȾ‘r9..WJo302_u{Tеj-0zm=U-s:#ICFALVMjlܤJ4rR%af$n%i|GM_ ǡ,E=־f 9tj1Y5W"PAE-v򒶏*"Kp$ UgLw/G?])9 _E?xz&^Q`ъnǠ~L.i9x3 m_tT_&oSY0N2jtg1>}c(AǴq2 ~>P X*\RÓO֦ Uὔ1uO&iһZad}}~oYG= #7W܏8 _ՋlW$j63&YeݓuP+^6G ٚb]=Dk%q=nֻIP]4O^UՃ q3v /q߈' mqD,|A9(e@ "X=UzYXOW6o~H!S aC\D5n(p-s5BP>Ĝ_Vx̟/]#D9!6-[UJH&ƹ5߱7尛 ; jyVˣ* [ᒪq:!b3찱 i-$\?~$*~h@G& 8I=3q-`}7xc5|۲sn0?&&6) e0$Dbn+1s|͉6JéÚ_Q|ɳn0!sjGl1EG>~BEǖѕ_ jwYWyG Two~T"cTÓuYLΏujV86:1Px=zg֍i-\R3AfݿcA̷%bIH,/5t^6.cASIq"*uSCUnhk4pR@ Vq  ZF2hrn OB؁ -3 ဍ\ZYK9IjSqE5(*a/5=m#q<,hd=(3ޅ:6IdJG Yu3II pC-q ުyvﶛ{EtƊf~=]'R5Tar RYih79ӹɵM<z^Y[Jjr">H#PV9үN; p=rA<ًHth>-nRd A!iD5m9+tᓵ1W.5 tl7WH^?텉[IXsܪ61(rr9Չ%ԡ27fmS( @G H5H 1dtm»)gCoqxVhm_8@J5I1%XTbc>~ׁYX;*ɿV P. l;W"pO̓:~|Z ݡ?_$6lsh[620/"#0;:~TIߍ1KACOVmc!‚o+KeǴ;9~$g<1:F%DOR3ׄ;O)&OB)^V$hB4BѢ#1lZp߅aalUN5'Ԥhs}]ƴ2|^Mڪ8L Ǜli`IЈ3II3I͍p}+ I/pJ^ytL w0# ?}U)_kn*?m"+lx*4<;[pc )YnUE* rOcݴ͝sc@ bqjމlщD+2]iMͭ0psyzbMrEJ笗EGW Z l˳62@Mfl"57|+D\#27$6Bi6ʝW̰e<8sPr5d;0tLgqx*|@ wY4o*zuLY˪XUsC=>6޵4p^JH:(bJtj9dKM\ɄTWfFRW O|)왌;OR"śzUJb\i-L&Ę2:_мQmS[휋A;(.j[oaȣEK<I2z X"9UEmj&'=( Ft"rT}!.>7`ڐ%K0GZ|0cI,}9.Ux-+1y-%4;Av,^rl^zOV.H/_{`'Y#whh+}je{u9NG|M۵$ 43og dxF Ȗ2lÌU=Fnv{ 垇ѨJu,8 6p7.}E 4'ҁ̢^uVP= fkQߗ4X̀opCӨ$B[lQ!EA&Rpo2_Wnc.pڪP{@}XQ=|a;4WL*:O&}7^#Y$lI x@O#T `{F BDl o.!JJz$MYie*ڋ<`Rj#O˧ Z0|v {D#YUΕ߽Q~NztE Ys=>~ծ4vhn{$(k5Om 3ףԅ29T$(GS{"ĎIN .~MƳVAa\0r>Zٱ;M Qp.R c]HԌN|X8j$M 3sƣ~ʗrSnMw$*$Sm6|/:4O7rJ][Re+.ڡ]HuzTJXOf:W>5^Ffst{vpP&E7^"@:bMrA3rݜQ*rIJ=^1"4 d#ݻdIP:f+/? ZA}c|߯GHGD;gFZ-Q*%E_t?wXۙFGjxFNkg1d@NZn fc{jGF*=J3kV&r/־`I˔;TVLԺ) rI?y Y se9b]q_JOlPYgB03T՟< +$r~5P6Ob_'sQu'9{=PM:Ђ%k7 "N'0 Z@PKѴHd=2%plW==F4)pր{A.KWtRe&טHB]:Z  J7)D[ar)W݁CAIh{Hqbց/[q#SЬ?3Z$+};̄< !I:'}a[yq<`q0η_ 2%{ލ;FS*ΨO'@C)+m2y\o¬Lf*zήIz9{SO&w2ORq #63C 36ˎ~0kwO6)]1C@t*=wAyDrfO7SM\ε>x^zCŔjlh^`(qBk%6Q0\Ⱦ4qG~il+-O^hr+ CnIQ,RcG$S=|;懲ޟ#nc&bQh ´斨 P3al$͸\wj&uzڝݏ֠`F'EHEFŒ<PF< u8|#\"jrF/`| tђ،A`$:/B_v/5lA^EdFECƳ*[s>(zjHL4KK 4P[܅<B٨S0ni[+N ӶUwpºLQAאB&:%W Rݮ>)^.B2x]Sg"⒭r2>O[o٦t^o.=6K\Ħc Nܶvyg3 *H!swO]ʹ'.m j=QC$qap͠3R47"V*4 ٷ?3jhIz k 0$lN>`(MDˇ\MhB<KNe~PTNd7>'6XT4Ō?%D2* Yu6|ZĚ9mܔ5^};}z1&(X#JSmҹ4q'VWX()%= .J_H?gYbnH]D/s(=a-$ !u0f,W>TAAt]`ԵHtN7BC9ĭ ߅@}(!ב aթ"јzcpھNɮ"(82%-1oh&Dy٘)H~O>Mb8^KF4e(҃%+ 4|XD4\Ωpq!/㉴N|GڅkշbxôzӋ~]U##/7vFJ #g4 xxu:L.](zmݼ rDĞn߅GDvDzYYC/ CWun?b`_iN.;?:pmJo7d7xBIog&Tj줹aRfeRo?wB /h kTV]Ҍ{Wkfb68ILJ:ɂq]"YhaH@څac_92`l[j`cR:(wVO[s49BâGGZt~fhxHZ6#@QM<2B ovN!@]+Bn6.;&qH*؉[y|&cV_#pjL|e[2%ٝYUA4 Fz[  !U~\>3${iR_|*Tȍ|NS 'c]4UScc;aMjz9}u.^^VжhLئۡO_JE%6g``g`6!Z[f<ܔI囈Ĕ*]ˬ𓐑-2q+Z{#x-^g:MH"JvfNͺ]5a&oٳ]YW-̉}dZeo/J#fxv̏ AqATY_1F3ZeU~dKHЗh| q:ҷ!ʴcblRtuŤa٣f8pF%R|5C!]Ëܡ{Uv!rGE n%A8hT9op9k/z4I%=@!,f_N ^eWwgWPP*&fNrJ|8O&%(B.]n7sSGI35rYRq8B8{Ѱ~DMb !Mx.D\*xx#q{dcP[0P/O6Y,+4FMx߹aE'T9":hs ˹~~pIXqFp7sX.$:3&n+.wzyyB sidk.U!վT) w@b[Umm4wj$'ٵI"q{ =2yQ-z]a?Fzs)LbEG[/@&<2/K\2X+r^:B 4 PUdH(O#A]эJ}RxRD֢Л C@^ u+?!tIt<;iƻM pw,:CS˜*2l *sڍ+^yG+8SҶrWc h_)ۖcO pd ^0e*jn_?c4s^,y6X2Hhe Cnr- EpTqh5A (:8fsS1\PF@Mq*c sޚe? ︇+yʄaGFH.yUm gn 43WyѲ7ił0 4&4j* ۈ18, 0dR]1E87px@jl4s9k&%rPX6av0s6Ҧ͖ܙՂ'D%+Oi !#jݞ4rݴe\kL0O(q5 .]\>-w}:~iӂ@qi^v? \84w߽l&e>3: s;umLh XӇԀֳA,﹥On^VvN~(C$NdLK-W40V?Z8`{<f̴*o&jj u@_w1 ՟"Po  ~mr]Nr}=!;yB?tSfcw9kn,{i܉I mEv@{Dtۂƒ`Hq7ئ{+N&oz'9:nӨcJSMn;nP. K DX$".=ՋtDez!R\45WI,s,:^QN`oӰ(=Aj25) ~nSLyZ`*Kt5O iZ=$ )sg{in:\˱J=ZTEze[.VMgHnxClN"5!&;J,އ=PWFmEPȼ8$hrrޞև^X{~mXB(Z2MVԃ $v[^}3$@.4r/֍mof߹c  Zqe(4 !5v_yZ\MF:geDB>͈ޙ*ˆ4y{J}W(CZQ-k013P27 7eDAJGS<'$`n)Y&AdƜCJ1&+h6Wb{7@\w%aЋ ЯyAtyq bW@=ik)/y_,]gK$?5҇#,k)e5L%PFwzYp,nEfQ]=?^n>\ПKd,'Eީm1yS C FQqW,ǒkS$JJdE='6u@«eaNLMĚ^@e&f0aK2ͪ {# L! I5Ǥ&!DS^irS I0*n_ Fq|XiƓ|4mS;>F!ߣA--EtGfi VNQ ]é!t6XєGܸ[$Y/J c]C$t?#㮡?ǀCVR^!^ȾӰ2V S?cuǽfO)˰{(0}\J=MjIn~$eHװj)զ)thl xˆ%]elYۣJFI"%74[֬6A F[8&ua$w\XQe1u }@{BWrg)#Bg,(ԣ'4yeivlNӗK#PstmY0~v2p1~0^puȷ' -GW91{7.2kD<h&(Im;M e 6xdp\VZ 0ڲH|sLvh!j1r_~/wS XjZ_W%x>;/ B݆tIي;0A@OO$d2W>hQ7٧4吲@eI HУC]\+&.c3[%B[jNI}27 aF~ &8;G?<P@jA\1XJ/  XV Rm2T{&dPk[!2}MIlEg.WYnh` LKzs6WBlHiո);T^\;fƅYEPX 7X>>g2wf8K'Ͱ< b-cRk E9(i{G,!GySOa?s>( .1!91H clߍhNp2a 'Q"P{p$ kyhk#v,#%LFg5& mz G$<*zK]}iov\=:|Q?omcF'ձ ^KZn&$!pgRb2nw m&9;wC#-Y8m4r=vU`0HbBJz?NxG8Kx[?l(|, "eĠ6NaAE+1C c>7)%I,t:|ڧ뼂'!^I?SBתFftf \k[4^ "fwӅkk?Pa\ڝK6 CgC6U`9!JΙ#jٹ~q4ti @3Cr'VAfs`/ .A>VfK1}6w fؓP,hJkýׯoBXEJ OHKuRFڛ%$ƍ5(b a[͓|'+D+OۇCGCkQ!E>0;eQBfJ8)6t\N ټO2Dh0{z.r}dT O."*cu ; 7oG1h/ںYXh^$(d-Z>yNys=<|"`uklߏ6!.aFdۭnG16vJ9-ׁa/gvΞg6ۀق"Xb}.&]YV.[[n>=W-߯,E>oW+86;gnR\-~%D,J[ny^a,C(&>px{Ҁ<3IX E5u;w}E[XWEb,^d7RBۋI-ye&a$~VM5C Kz-EH/ʻLz]x`9umzq(`tiZMdíHv⼼ 3@¸i  tlg0P'xy{x{=Q.XzG%4XutQAGh:;I7ɩ%˄ 3'FJH4Z1A|a [qjd-)V-0ϊn=,-)tZpI |kH&CQs*! 'I\8kp# 9+pMWbNZ'@ul.$_-w /.(a)x `*YnV)F"Y:^{}~LiONi?#vYZ%B)hu3po .}%tHΥ[1ἻƩ䟂" K=Yo,wKO-/Hpm>ßR;%dJ׺& N.yKjMS7H!3ηw9y&TcwT5W3$@$psTڞ/Bׅɻ+oAaYJyWk LsK.l-ֱ`MŅ\v.8Y,1@FNWP1@ SFGs.F=iKӊTp=mfzpHX+&,]nXye۽-+@f"3TەǗ@Ken\ۊ|LZMRb)YӁ߳it1/ov }Wm MTީ.Z9cKdȭ Mo>mTq w=ZwJZN CT)s ;UL?%u/W#Ozv:>8ȢoRdy/ĕT`$3G]r ;L3&6HIS} f~&󐅎fTNF ݥ? cCwGWYiП(I/_ r3m*o%XiFA:m>*Xmй(ls.|𺨢 Rm+ 62QeE-dO'icݹ5f 4FjIVr1(\ :>- # qo1 w]侬5\?hu)P(վT)zÈxaٝ9mqI#Tܯ;OvZ,o sj18m,d/Kq\{m#ݼVe_P6SzNx+.@AY"6/H1cG&):nKZ nұ0bw|XOYYnⴸR)}DvI] ӌkvGzk95>\rG8lQIxTo2ѻ J\)cB{VITB4L5MR(?H7\{a-N4o?>60ix6%^ l'WQAݭ8]TG/<:'+52Uʛ1&1uzdf5*avljlN>n5oQ5%~.Ho26562`180{]1`xHdxzwP׸5d@=aSvX)Dc*E>=5NNVIGC"R{$m3w ,L(r QxzŧAMg?:(K"b~nУA&pxfk6?E.rΕ `Q6zy aidKnsv ޶в!* CT6|YlmRi rvކ {Rkwjn7 q/|)/wЗq}OyE[ &)O*Ҽi,|}=q#2.0Li rdS6ihomT\}* B#hF/A%H# U'|ѵv8T͆8ۀKUSWs :XcZaJ+ǬiCN,t Rq$j5 od YѐMUϜ ~v?\9A 3:91JnjR3J6;& k!;M?3*=!oT.!IAgu{[ZIc0-'=%C$v+߬ݣwUMqPycڌ5o̹׸伒_ɂaws:p;Jzitj5A /^#,V+5ϼ>¯_?z;v-~f"rA%RkW` Np~;v]5|$m砱ԎY;f:j˧v3IDe7_<00MYlQUL4m". S:' !d@dZ!Q$| w"/ۖ`f4d=k\ClCp bhTGI~X pT-LŚTw{yR=j7{Ejd&8EN g|M? فzӎ_|qk{*z~eJlwTRID- MD֦WT^8ur/Ðgޡ'p/&VXk&e—I<ũ|+S"tǻ~қK>W lCr&(%^mB@ ZSoKo;|A9$,5S^MNҦShiN \xi'r偤܏<1 }>''X)]*W7 `ߩ8i{~[ᾘ[s,5ILBza}v|>p]~%͛<)0iRkjH* 5>zۻs tRDKj[gg:֙, )_ȔPYvkؑ,|"|lEECi'Iˣ ݋@O<|nU81 Ɛ;Qڷ]?8fcU W4k_#ur\ [}Cr|PzXr [8c7рXPZx UN R"0ϭV&MIf)y .f0mn:4<V+ԈUr. or?T:Lrr6bQ F" Cqs?Vi-oN Iи.,MQثy^\n͙i3sPL8mH>vq D &Y+kE,+b˲t9P_?xƯBL:"5\~ 9}.K#2:A6v<.|#ڈ1{bBA,A9E<.Ɛpnd/BR zLXL,ṹ]\"1nF8N"8ĠWw~69M5/s?79-lhr8̓ld 7#d mSnJf/GAl)D.ؓ29e7{;̿`{Ĵc2$r:qQ-1KRd$ (B1m\^Ourq⏩jū#2¾iwQ>>X߹zJo Oo2I<}@jȧjyx_Q- l)-P )Scn0輎睬^XCG.6wN4"bJI.pٜ0w$/ƞs- />i3 a頃? ?Z!IJjLfH9DmBNz5?m!Ql ^iPK -Un:QAb[4ͦS;VdA-w|G' 8Zt$ιI ["p1%n4\&Å}fp͊tY+{I}QWj0GJQҥ2#TI0*%t=>b;M2y/^ U]M.hӨu6OI w 8|xEl׽Ҷ]a*X:~nPDiBԗg•_5UV>HEn)Bl=yX,*ޖPr?Fz "լSTii5=E1\X 4:0`S3x@<,>CD&>ڣe_hXv"sUfJpfz zW`w/7B@y޼4 yx)v ҹ84]rZ9zAbRcߝwr%P*&a'*Lߺ> ށ"bc"Kyhj=5~z`|Z/! ӯԪIxxUF)z\ЏS)77 }V"l$-:]h^*Vk$)Lz6~^d]y9ףiy{DN(XD1塳hM5+B9,0mr0?gkT9&x30 KUx[3:h/=/&yX1lkL~UXĦiשA$],&t>C fRʼNIaVA700|~2b"P /b%red(5E KYakEu:{eTCΦzQYZ 1 ީ,Q4J1s~/ lE ce |!jtĮ3ZV?m,"ƞ3(Ilزն1$ybyǝ\肊_./_&ⷷ V7Yf􍦐"پu[ kNtjUM\$K"30UI00TDT,W._N'܋ES^up0f<0\E*q?(agd: {kV ?;D;oN2\wih Nr/PWԗClKXr ^X—?˥UaU*~تW}yv@Ƃ:C ݨMW%o JMo&?f(*bd:m{ 5̡gnVh/Bo,%ȉGwx&/4\)`<0%,Baloa DfPҿtl"yI R=KdzK?cO1c=FZ8;Oͳg9P_(XR&^Wi쵽#@xrb:LS D  ZvmԦPJsO] 7-GM oF&8эsgD0.3wu! Rә Jh6. ^G\ыRF g;L%  j( (Tbf#UvI#^Z (SHk+?6*LMtӚ׮~VxTdf4' ȴX$L1bR:7Q#LCD煠TD:]SkN#ϦV>0q`ʣ=&n2۝)qޡq7sMgkris;gc~iHW"٧ayt \X2&K 5P .{\M=z|Y37FQUsKtoI-h\sζ[tj5VnwJg|?3-er.M6?x' ,m~H?[[oNDmprNRꘐ`>~X/&[`ޠeS\7\'Aͮ`3l+.T9#m-/. BhEBK ~*Lh=+iA ='${ezE"_\7Vq&|rV#R<|C^Qzf3YXt[JsoHwN- ߸pIMH'eHYkQ4tdQFu"|0) *S ivV+>wUE.GgnvXQaqr1IG-0K@ϕՒUn:HŃ>JI:$5lE{I&HL9e$WKIB bƮEr?c%h@&M<" nnP"2*bj,\r7pN2Q!I>?{,IZ+NPRIC qMP{kaЯ3B )=D71E}f'&Ton^hHb"[wx*,ja\cPcF(w:˹L#!u\S̈b}]Wڱb:jN! ?QQﳁjB8OObyDr(= -=JKzs+mo[nY+6\ٜmUux:3nL 5PZGQ c ~F$z@S~/-!yF0$$|ڶ.R?GB[.Ew(ݑ"O''D4;R,¬0JV}lUiz5Dw$j{P.3)}`MU?>1XG S:s쑵0XdNj|6>8ߒWǩ)BC .1X\j>[}sXp6-G4X5wԲ@]gO6bo `]mF8WsPRȶ`&lW0#rI ckiVDbS#Wa3Ңx!HgCMtD/PYU/6MMpf&/!Ti,):́XYU ,&)F S*!ʀH\HISI =vT k%RL3ڵvM1 ;Vd7`xRPo=3.հ_fV@gnu[rKW5t}iu!¡|X5eHϓ3U1}-Z#Z'?Z سK^Khq񯋺(ƨiܢ]>nh⟷,8|{m8ݫSb?x~^Y{Uy5_AO_RuDDI>BdФYwFF/fLc[> iZk;p^ ܅}*}gGuEޯ_L֑ҡ9]+אָ{Q{; MڔLS yIݚP0 l&:ЅݑZ0na&X4Y!xY !R$xG*( +z9asŲ 7M<< 2]gÂGl S.dYфڰp"oPƍX7 ն_ KhF 4~w\!Yq`EU_BWվXÙz8~χ#P)^;LDГ ==訟2D2_n^bt@9D jӯ494+DYWȞCp 2fqCX1_o beyG E<̔5Jny%Lsѐ\ZvP)ʧFHw %.hwD1|`MvE!%E6k}D U0!kVt^?cdbg cAi6? k cxLHb_qmvoJ#N@靕 L4T_j1V'@!3(ذɨ߾cki;1T.KpٍB)xyAϥ E \W:d?[!-肥VkOW\rαA=VM6#mE(j0lhGaBl188"%QgVR>18Ta ]41Q&(./}y6A ^6TBܠKG$81h,I ҺdN]p /Q)tVO\J;?нXPC&ϒA9MQ,`}\hSbAOv|GH Ph/ђg6 Mv5 r}K^"}V|{Z)[ >UDo,|9 pi9 {& &iU{ʍJ#rj:,!?Qa0U-Nb Md'\4Rl} ii;B{pih,М:b2vn|W;p$]C5r0*?nhBE,-xmi js2~m !W2H̟4 HBh$F7q`Z!\Fy;b\rNA FYSm dBOKgO9'D\ CS=dn<41yVV`̋ެkC+)w 5:XB~Evky!z,X+fZYʏowB"&V{9 7TiټtO@nSè7K͘RA ː}5*[+^SFX&Yd 4ȀB-{t3 Y!(3ܪO7 H5?T[4{P,oUEG2ӶD6I~` ^@oл.t`ekM:}S= Jlϵv43ExōԖv}֢WjqO4QA&~!: XzϤ-k@׫_ .>'vڻKLyJݑO,q)46F1HQq77Z:TΌT&c' ZBnB֠F >Jy klةѵ '/N!tL(XS 38,s.i+49:&Q<BWQ%x KlKPdhSO~rFGj̓}b!!.ltUaJ("B+.Z^ЈRPŤ±%V@ -4S59)>.WKF #*UklKG$KD')/H^)ߗ&+&77D !07[\8z >Ĝx)aÉ|TsUbk@ZCq!Sƒu(}ޫ*؝J #F/0u>דB,~E't(O舕c1*Oe#t/0()wlԙ;]zDg'VUӁ%gClo@Tp7̷誔zoFHH<[iWxNk-FCf}y+"*OuE+ۅ,%v)PS$A͈ng2q?, ֶPJ8K!^\*1IuiGxܴijZcA$zG1.ҭ&Nrg'af$kj{+dŜ6D_wVY)[xT*TGey7ۏҠݯACNKׁżb75pJdv:kkl8$8Ec/PHUNˉz/yc7N~; E{HtT:O:dz7\l], f&2K +겗Ó"ou<&G v zcX85=۟z EWo j㪰va F/Hyq9;}5iLc򍩇+)0 u$%h#jMQ5myB"7dFSLĎ?0G ^duV.W[óҌC7}g7A6 hq+Ax D?d2tւ"ՍC~c#m|&$7X)w|/u! T.33a # xQ޴1[[V,~zeb El5eEE)l]L.S*E-Ya jCB%XqB9)\%7<307 ɢ{\3؎k3$l*"Tom9&pc/q‚Fӗ`>줃RH pgVaG\ؼ3덕Q<+͇щJyn~ =?n ;#j9­+<(T8~tojdAv`Ngk1ѽ>ͣd,rQmqP̞5 RoTE7}Zoa2"t~]}vdUH:NzlWWi6b8ydb)Iږa̝0=2[RS mH%ϗ;|:´m}tZJ"W*<+_d@.w.iGc$yNyHȜ$ӑn)Bq.m#J!Q*g~% LТD&X[)I\Ee)\+Qzaef ,6ˍ49n@IFK3Ɣ!TpEtnp=]8~0㎭h0$qbSޗ< feQdyf~-̀2ON2$bHq.|U6Eg(rXiuG+=.g18h:Yth#bN_ nЌ2Q?}mId)oGbӜRS%Uj.vV$TN+\S/&{$|]:xbCi!JMosy>1J GX[ bGn MsAGwGb-gܲk`bo8o0tPP(0\q!ltf.;d|씛N6~"󥜗\~&.wK S"l̬+h/yVcൎ5 K?/*^Ь8F@I B\lװ0ː!Q09R=Dty]đ%[%2BW|A!qw ' c|lxo4 9(1GG?yO&ШV¦ûֱ<:^ sIE_V+SpG̯f)O%lA>e>ß?s|_0d%J:8M!5 Qo(L|W0y9z8ٰy:V,7g<iFdHGJy9f t ,C̅kp5;| @Wτj@ C\ Dak=Z+r\@j?|+'WipVSnڄM- ɩL4RގS#o0foU?t@U ֝}{[eŭ9Ķ`Ǟu<$,+:Ey`Fi3 BLR& qɜϋoLGV;܂q]Dw~1^,CN Ş*/$Drߩ$<4og_A=vIxW,PwKwP5ػN<}A E Prq%r ~"0q!`b"WLB'UhWjUB9`nïnl$δC=9=9<5F #B?y–Edi714V.~G$V3h(yV?KG?y~e\F Wtff`5,SBc★$ޒ.%{uJbĖ0F$w2*|HE*1Kc' fnN^LyOM'tՈ<T߯F !;^)b|^KBU$Cm)Z(5@}qvP_ w  zzG( PVbH fCEdrK3AM6@ߪ;/.Hd%KoNuǺXfuQ/wnKzi`.d|(8ZwOOF|«=QΚNLǧ x\߾TaQo,g2K{Iy̹T? J%[-kam9E+~S9AncM)'+}J&<*7WK8)QX2$4!'tO89[&b7^˰ H /[z"]2xO[0\{Gcw:2?Qer{{ ɑ@2BOĆ2N=% ؎ J@oÍͥ %^":1YJG&[5  ?MunwGP [bwjhFSke&hXhFq}I„4%ƢaU.xg 0(,}O`%>lO{qZ UT];qAνokD8c'vőRdVE:rz,t`_ J-i1פBa@^%R=B@BTaO]d,0 %b;(q5ǀDtH,oRi>UnW׮'I3oQ{'HzjjUu?g$ gPVؕؓ0~j:U9^v]Ʒ641g4;p'X، _߇iզ{kabyb o-x$DN+ۖ=jl[POC_RcNeBw֖@,84D;qbLa,(kI-^4]GFpd[~4jew{|Es JùMtی 746 @pIwK|=[Ԥd lǫ/ kZbK Uӹz9p.?dR 4nn5/ՊP w+B0zFb4~I QE𷿅~d]gtH.N@9D4EjK}h;;HD_F6f9$ڕC%ks͞FF2=w%9VmWn!%`sqcŶ,. 7%mb|sTF{gӀ#/zGM$k=##I=\$s$JO-Kp^[L7=&8^o"TvEF4CdY7x7jX:h W:Kt5;m@o`:^\gӌkcd pb߱⽡69 @p\=e &%?Cu,1=MfAa+3螒 '?zԊ&,\Z=Oç)u&t`2VTfHa7<QAkǘ jVK @$ZA$p82JE%Eg?B$eO\$%q$ײ50_w#W{\]^ev!>?3a 05NZ;0N UVm͜O8˟f"V-2*,](w٥q= FmcV9>ZyhV.GfIbnpd4s2(?[Yni|CȆw#;O`&=^qi 9ŠBX+qFY,4 ~ T]V :y X0 oicnnճDiͽW@BE45hRdzԿ8g#Dm:Z /NsVܡ o^,Z 'U'X 2=Fsycx/u6v27}}3psۼ9__Ë;ß%Eύ:t(kI aԑZ4e9ruH2ʤdcrx4u$Ja&Ƚ EPRs$eЪ[e-lP旍]៼%vX:tL1)w8Gc15.B!Dfx>`o-6FjϋByEgA2VܾtmeYOhPv=FWPu!=/} F MMBO/?]liF'hCpw 1K9RyɽpE J/Ĕ ǰs_1]"x,BL~L OxVGEw =x梋s> ry;,^`Yy]pVzaLPr;HEҺ BHqoS!K"{{&JR]!Ϻ =xW^" d`&WD/ע3wSD?pf"hZšre\%LDSzO?j'Cੵ\WbWN務/yN.Uk-3h=M[tz%Jw8Fn{>a< ɾ ;#K½4Ǜ}OGſpV2JiU,bGԕ,MpH9n ؝Bm*3fKdtK+^a/'X8 ;fyo(%$)"0-\Td$)!㙽J3 lX9ȏzQ+sDC Kρ^L#1x M?ϾIiKE(3[g^]uoYcZ+^ǖ uɆnJ` vGW:%.ZBSr CU*Xrr0&o%Gp=i1Mz;3IELQJ_." o0mX>D#5$~@NRLvPPV5ڬ_[]ЉY~Ҝ@WK4r4?}~Kng ܤ=LnRVFO|ISt^'_0\d@[eȗ͇}RJeO |о66pFPN/B <"1oQ\"e,Cd;۹kPgaBv.eEqDZWX{ [KPgh0-MF`zjQ`kW֛B= ]}>oR (ݗ?M:aqwTne}rIY#[a`2ĘHg<ǝ$)=\C=T)o{;ߌLƋ|_ja(C)>yR9HC5$ L-+Dl(aRZ^0TE٥%,$ r*^ < L#Œ׾'!$d@z"mX`Fʇc"'i%^A50 Ik7GfwجrJr;@6wtq.JHƦ)۝ }.&uR"ɲlx2JiîF6 8b!+ġc0.o2B1l{ hh.ҷ2akgޘ0?{C[@Űmo9z#n"ڝ\8AgI9wۨ)th꺖M6J,o+ }H4k=9*q[}VcA% ; nx&f"BH8`. "QPd" bX?챒r߷%;%@9N $Zΰw2V"3=:LHjQ9ġTP\}@H /q4ߥzFg)N`. (Ǝ!ENA9A+Ϻ%S@$rwqjAZ)h_~e! [1aV!(²Y﷧F\Rތ!7B8Y" *\RN5FLwQљ~N6&;DK(7NB2o%/DĽ8w9+#^ @+,2еI#PD!egB{R)Mh *I>QUy> @K_l4_;:_hEȕ"4]}@ .(V@ yZΞnz dkW+2aA*7;-Oa?A'UׇQ$P 9@ILbM*ad#<|:҅Ȁe|&ӽ$P*1^95).[(O㹚ǀ: Ks\!⋲jUBZ=ۡ2axߖ;CLEZvue|5Z|R8D|c4Z0_?!]c?ovqݪRY /Zl_ຐkJlj %(~ͳ𧜪x1%;GeI *ԂJIWI`mkQ=>J2a2wkKݘЦ?mkŚ^B7@~u!ŤzY##%MPxӻ qN$bQ.% })U."_ӚDiFuhQ646O.? #bMb˛ -꺈T7[hxVɊ)-;. udI@vtH7:.7٭uѩi]Èc!$dEƺvIg79E a7kvk[9e] ^Pn91狍˵OpWm4\Q$5J;4]^>_8S9|y BexlGx6 mr X!#i\;ZRfW:83ݡG,u`dޞyb,e}k1D=;.:2A$@I)dao:TFbMLqP&ILOcB>lI8`91a^ن`#thAtb C gDe7r)!tHڇkSqvobab2y&<"] Ikl97*-ys=ORWfv&&eKD6PHULeԁ6uήAD:[u~Dr}}EQ{0u:/,$%YLUt)$ѳ5wU|oЧ)}3ۓ4r)m<4z|lC@pr?$B6AwP\5stWm񯊔Q W2-5 XӈDa;Vdy#>I۷B4"~ fz*v6-_A/ʼFHy!:yjYg ڄ|H>=_oYOQh@J hwA\],D`4>jҳ{|\ε3T|3Õ.D=!Q[ϗ8'؏Jc`h0}/d 㒝/!2|Y}@ ͱ÷\,Bi>$'E*zH&1l:F\tiZo/9NY QttvtS-yEC!z_BD򢭳?}S*C_  ȩ(O?͖ND&IZRm=i"L!]m庵Umzb^Av9` Yo5}FV:9[e*5_m'0G\Zj">% m>#ٟ^ݛqsh Z+P"L(>JDi% TEc¨y|ET6 pBÙڄl?Q`rP#bxF_ !r\`L:54^ *M]B^ut{Z \]*W}zumhErJ>Uȫ&x3(,i3~K*xG"?_+[Cob/uߪ1'n!݌y\ss}![H'<(ws꬟gB /F6N|$1ar E](h3$-铗т}Ϡ3@M\j`Ӹ^M2) <\݄x|C#RX.{GeN!sh/~ cFoM-jq"Ar=cRlWFַkV p +mmN6S0MV6+0^RD-`%R-(A]7t?Zx0oRƚWF43YVFX |0tiw;xQ;o9WNW"Ս/{ 5 b'mNਇ@ GIz'9b!i@AAqjnUl[M+(,3)b߷fg^@'m9Xە4) +ܱ1sʳ>[z}/U !Un߇<ͫ OyBr:Cid#po%OMׅ݋I`*  NMH I!Thm) GmiXe+$+_cPFx"WՍʑʰŨdkVRR0y(xfO a}iw籅}nV2UQ+]{4rϋ-azK7K xKoܩ +VTm{iա!p-q1txZ1ϓhހKW&mowcM/79ob BiPu`^*xWŋQ>^ #QGJ]۝.Y?T ɦeM޵+t? A%[ ;jڞ >2vʔt>(\tS"ܦ3g 1U4#4 /SCf`U'ggSC. ՛Kρ2wIu#P!ѵ@ʥƴ 6!`Wt+b֘6’Zoـ;П0_A@9_vwf-#z݁jI)Cou![ԗ Z'pX-n:z,3~QKS̗q!vxoeZ3~h.00>-MΫ9` ?CH+X*`ntCywNՏ{]l¨ Wÿcɝ~bDzm"[eiRƶ(zJzySzwD5'!%Kc ŝZ" һ 4p).dW!s|aGpGڐQNA&lc_Vz/CPpk'$Q&~% ;kYHkChLsq?I$ cU#I%d~PP1<]< /v-F*ȜW vhwtq.l`jK/PĈQ*M+-{1jLtReuúOxq4l@ I+8z^1Jg;*97%gBPאԜoxde/Xjq+ɼ?&Srv؇ŽsfrGcMA2t&7N`1M+X(}r_X7L4u160ZQ+BwHM40A*H_%_Mѐ V[9Yӟ*QNPY pzfNDb6qMESee/n`鞌,FLNK"}Ϛ@0Բ`il+@-aJ/bqWi^U;DXc3𵝪%_6`?(۾GP:G㇘6')(a /,^mN-SDQxP7Zͅ:Y daoVj\x*g_EQI2 >n%\6=wc-C8kVhŝ Vݕf/S!aSr2!B-A]%9EIA೎_yVy^$\ZnNZi9?W&ˆϯ-\l)p ̌gxJ&D4p&߼O/KLH&{"% xzz-C'&ǮQ7d,R)x[39Mk{uo '\(YOlQ5%*ǼQIN:Vc˹U$_s0G0[]O SL[QA(Y^_{+JF λ@h8He%2l+_zPz9tI޹A- c3l89F pat؛pv Oe@ |4tOrV] ƠIa=޿NYy~a ]nCpRJOoݲ&=(p3 @X[͖7u#֓cf'B!,j\(}Oc5o .]\oP7|1WkфSN6NKa(OY5Vd {UTk"Knߵ4aOeYl8p5n? Ȇf2;;?DHD9|0㛉V}Զ̈́̄*#fb"ޟ⠼WAj<^gx7U :י@L0)Q@5LJpKw}EoCFs+{ \FMT.|ю8FoCɾBo;"ьl.C7]FU*;yनkfb/M߫=FID&>?0~4(}lllc`s7xŴ اSnX1H-+T{P)!e]{rۃ}9dPCS6l88ȣ!˝a/hţxR=uçu.u m{<k9 wuR/dmP綇eJ|8<Q 21miNDXP - S*;ݼ3&ߙ}uH;\]0f)L٨ 7WE9 VwMA 6 O~T;p) mMҢ8\;qEd߅8aZY6*4g~e.n J9j톽˞ĩi^3{h̔xDRse`Rq_E/MWh21<#-]H+8'6 m8ܞCE\HJɏWlzDk]UA˴|@w_Wr\E2|oA3{\}iT?CWF󙉗k_O 83TGTTKtSȪ=+wQJND< XL L !jЦ[H@?(Ew`&ü5SU"&uϹP#>{xTb7໼NŚ$ H\hlގJAi(yr.O\A1P ~c7//U!v ,.JwCg՟bkWҋඍi>ߌ NV^Qdx˷ jgi@J˃ϣ*JL4U)`^!9 )DžiQ;?wB.MVެDmPMsQ:{Jc&` ) tAaqR@o%_tv4 Z^z<+'*k]R['\x >_\h钰lm/mtIb5"p`D1v O9-d+)o|lH *o\;{wg27-Z981}(T{Wl3K]IlQ\@ v_zJ Z4_הx-h[iRcʵa=w>6>}DUޤfRu@>Eɳ#IXqߥN$9qKןyam)RϘoՕ4:çv;KB42UvUrEo7]#1k4y`%rH5nTu+y RҲ/o;/BքDި>Eu)bH2I ._P,8Ս#LZdu(&0.t|hfOB-4Sc`ϭ x{eEYNv5a~ qmNxJffGꥈcv2rd?5f BMu{IDY#Cr8s33dlROC˷$/0=x*q~`Iӽȷa9ȗj@)Ux,h֜tp<*hOq(O j%r\<"YuIWUe"ObQ(kLN_690s AJMF45tyMzwq,f2Zz3ʍy"Z6!h(v)FtZ'0sjrC!I/wǜ)_X ԃZ:"sXp){ŶhCh/j_Sw;? #"5621#YX}Ѵ(W*"~H\}؛p!$4<'. &ğ/ݕ7HDwX~e_tcɷ$qq=)S{8ٖNųi9Ԉĺp F`)^ɒØ,Q4LpٽU1)gX\pCU%A]@cgpztKTh0rP  -!KjWWˬT7S906C luۙJ j?1Uݪm v3Q]y؍P' CY2ˉ }՝WSxĐixF$DߕGlNX&5vAjg>9LZw)nsLnR ^8mHU r\Wr 'Rh12Nץe+8 aƬ +:o,nj.#۪$%bBĭ"PS'9rj@˦AIG%,Ro[Rsb^̑ ]YEv2=$\K(i _f/ރ!f{ifb HP> x x;JӁn@̇7tDFBj+`OC 'mLq .[E aj:%ɾs/6łqռMJW:2@f`A560z+3>O}gz8_B/;0%BD0 2e!-\}1mqToтPG}J /+*ЄwO>Ic2&MJkr8RST>ͷ! %( [q"|."!'1(Zly+ıy~Cyc Vwճ~z+qH0Q NϏ,) B(AcaBII3wNl4f ~sݒPJn1GC[ѢzhvdV]?P~<:rlTZ8`y\߭#bqGݎՅQ2z14 f+CXfR]za/S1l@huY)QGPQzƁ0yoGY܁UVrVsk=M\4GamӇb:EfۻT4Ԯ7e7l7ʋN{P=^쟷\*, \$ ڷI Wr{aǵ&q0K%k'xҞQ%&.!B)8 R5 26.{0PtɋE>͎.9Qb/AƘP/$}22T<$kP:PHG|Sźx?+ P僶kz V7}+t]h \S^ܭowxeHkH@oWv6ƙbuҵP}F/=<wш=-"ـxyb5@; Vi B3W5ӈ ɟcѰoˡ4›#U> =1 00?򗰆(IU/ pΙnuBg4;*㨯Mvj澌XlwΦ/ ` iop0$ r⌄G쌈7I0K~.TaÄ*t|Li@.X𧤧rK˲+< %7L%`N"Mi1-ZN8lx be;0aOW[`=-$Qc` -[OGloAN}`:*0XMsE\ *׶'7pckֶh9xMsկUw_Ijv] L}_~E[F+7=1< #f" ,Q˛ (b86tSWa^Ug?jq*+X.%5`{.m.[Hk8ganx ֳ~]ˑ"s#-96h/TGlITRqm&i*bM\H2}mhG5 sG~P#[~2_Co{W u^uz%ǃ-09[aصhn|˩{0Hm{_˟D 6*G @MW(ofh,KĹ~$__4ad.9>' udBNId4p]vWع8y#I(/?pJJ &XthTW#9ף9%\NJ;K`{M-(Muum 6ΖQE@YO# 5g.3fqПa^1 |4N+ϊѽм .[Rn8p֭D%CnC_EazIPT;)ߤ!' %i2`:[,pvaCO\Wgd}#_kdG e9FRcUv"=ߓ!ϐFhCHsf)٩Ol,@yo#  {ۙB#Ox9{ TTk^SjyWe!8Dku2?pL{Q7G`\ƙc6>:Xe,)peAR1x1Mmq"/cM}4|%ɉD73kJ59HAQI#,((c0IB>u}S2  D^ n JSgVX5;Wuj)Xa|nMRa:0:9vϑ=L} ĩK߬v25+MW'Y&x% n I{,Z#ХϢz#<l+A{fG6̚ Y2a\Ȑ$t!wGrDa2D[y_ Hҷ@r4{EEgPn,LخAZla C:V;K_%càV3|vD"2B&!Dٙ;f;.n }=Xv ^4XZ8aL4}BWX-|/|1m^]ʾaK-:o=:]vlU^}+RSQA/2wLcmM40 &:3lCʩ,)fC>IrNgT_d?ׂJ$ɲh1Y9AlX;yw/zoCCC0ecg6TI-a~Y |\/BFT9[Cn')gDqRދ-#>.{*tDQH"v[q cX_X8|.b|I2;Y3r/A V+"(aQ7T$Bj'xSԅ& ߒ۩R9 1])i7a$قhi#Ph*s8d*$ we(( P Z59}$Vj\CQ{56ݚ$tteސa;k>s3-b ѽn$.wHrhg#;ͬB˟lQKR'sM״ oz)-cB!q# OElr7 SAxPlaPO9Qk07`p[ػknCjb}i)UI0R31dubӞ16[H*-0skK} Z^sYwg&$ ŊV/,Ŷ[o7u%EPBbC~fnq+Z1:dGD8=w/4Wfpo )%m{ ؒ}iR!H#Z5A7TD5tyf𕚻|-גi tjқM34uMi"_"? 3 oir% T=ꕞY3yY:1jH\gd^uOWt~}pD'$DP1 v7z}C󮲘YZ8NjwN.Z8?g԰&^Wȷf)HMS,W@;.Q~ESth񚯰&>1jXŲaĴ ^!x]f=%=ܰ8al!TQ޷M!,$f#TEZiX>d6}U$2Oz RWE\~fQNᔐ~1PAad XuC78J-z!;o=g"XF\;ƗT ya IDr܉(H MrQX;Aa0^Qg&5%Vh stW)\Tx-jZky*J+ϣɎDEy<՛zTI'Y ?fX2_Yg%I%:Hٖ.o4~u1}2gFQ;w.CՈG.HG-y$14XM]\.ݵz$hZmL_gYVΗevWB5I)O)xiXJ'PuDўTc| Dj\Ylse(JOw1G :m0?&N0/[ X\_0|q;sٹf>L-<)A.b<#0WkQvdXh HߡD[x.kNҞl2ەI+jK  no 4֧P\bVwNgnDtG8Ya7;Vըa!Y-Xꊵ3==]W\P64.G"|Y4;lh-O1)~<|r q:S%-3}ZکxFL79Z:]cU MSL"]>g ~?viUmK`4<`S@ bG+<_" !i쥧[aRa*kߘё}df@hYō:.\욨GI~.,@[cZzH&J'fުRສOꈓ5!d/STgZx=hezvn/Kv ) Z*AVl|]`!N:JRIy{RS$ $t&HOZ UG.FJ쫖 Fy@+z_jPx)reh8\ɱ=O4h<@4-p+vy]B؏!'k"2IjDY W-ӕJq=$|()~:ӷ#!~&h@X86WNex'um+®/$`4A1\#I^U G:,9Ҟyc^| B#E"O GAq',Ѵ<%TV@%-j4k,K)^3wCgC*f8JupO&Ss?ۂOO%fn*$~o1JJH%;Cef:~,1J-aS=LfAb ?Hp SA=nn&\82mvYo Hu$oFo 1Wj~S '~3Fg.8ȼYt4 wڿ~3ae&zת I [wtڥ޿)X:ycDefc/2Җ6d HXpBgA6.)^V0JW*FæPGZk0հbF*^|]*3CN*:(; ؽL m wCp媀wJGKp[y/GKXրtǂ0vYPOc>[81[w]Tk&ɋHK%0ܶm+s%&RS"9ྨ{dMr1DRފ0Jmsa|{p[iQ*ܞ; .iXHfP2 4x܌i8wѳw_<K} N4x`Xy߸tqD.Al׊k_mQ{_5G&چ_ځz  J{Ӿ3 i0 ~hSb/ϕC]]Ήʔ|3a$e,v b-@@.vvCXm'x1ҫ]YƴNP.|]p)нsa`P%v4<'ѥ(Z]:Gly;:a!4ώe[rzsl1-GRN#Z$ŀR~{e\Ke2XJ#v-A0IR쥤~5 pzTGHkk'LmyuI"7 u<K7Q[F/A) 5aiJ˃>RSm!>G rl ӡW`#>3#*)|Luz,|(z!nj2z2wKVG9ԯ1O Aѣ/JWSv+= ג4\Wi>!= %BXvQ\rg6>N74vB3Y=tK8Pl^ٻvT m(2%t+!iqwrҠGc:jc 7SxQ{n`asY|$D(S@}.QJع>z@?lz3cF͉6 is{AC[Ãc^uJ=1ڊ}gVP;u EZ%,o]o o㞪 D(s.Aހ⸂KkcEG{VUIڽ82Yc*>'KsMRC01}%AG;gc&ugRP"_GRM.l^`lPr۸A`eB]A#ws.GQy`^T<Oe8KZP/[QXCgJhPX\ i|џB dz=l)j(YP%Tr&(B.tC"YpT؁aW }Ϸj(4lgˀZYb;GİD5xkĞm}7̄ >U%g|~>5ZeFW@ْC? N2\GMؙlʼn+; rsW#yfo񱆠"bi7>Um9I:A j m=U"S˩Lgτ'gw nL1.b"\Vk0]Л:""C[^bK^,,ʤg}@|FJPƛBK|OmFH|tla\ ^mp.̘ >R4C')|lY5'14{bNj*\XcWܐk_H|ҳ7ug]~űڶIJ]OpYB8IY>\o4f`Gn-3&`(ͅz>Q*ə& ^Q;(fRte5;ʑO8Xi8}q*0ׂMiarݽl2UX·(`XE*~ |1^4":tnTs+UF(cI4AiLm :.qKEۢc*AFsv9H6Ag Ed qd0X:; E:曽:C~U~%> V\E3a v_ݠ"5aIQ/+m6']ŊT #2T-?=\21K%?G-gՃ2}l_T,T*q@8-_^:txVCN㬋c"R9 '|,/<5;lM&*W8ڣqtľˡdmA;#34D`6{F !g1]O8 PKyLbyL>dna`Q)5DRC!k lSflYYy#UҢqRشgڡIY m: WDMRic}`L-rw".vdGJEsz<!8ė"@9I/-@ы.>Y-_pSC(u.ծiNbͽ㻰\u团wqdN06R޷on<  HfOwZׇ܎'dDݯ,J9D l WLwƳ|LH&P2˯#׊v5Y|ޑʏm x(>o hjG9]/ CjbV4O;d>ƖxUؚrMMe[Gp{&.R49=nsfZ&qGJBQf$2|'{ԬSyya|(0iZAtH_MAkGssyS ]O26^ƣIzR h᧊DQӉ6r;3irA ~ctico5. >4Wՠ_E׬AELzFf3aT枙x f\?-+4%z/V2י@X@9+#LNgFs >WQ?׈DǑR= ^;4ZBz(9M&a{^Q5~$7f=nSI8y/kQE_dND#:0&(;Pݍ]1c!#0IQD/,q?k6&'˕l5uW{ 99#;f\( 2y 3ގA[G~xix&/Bykb̼G͈ E|$;4"ΜO.rO4@(:v:oGh1,0i1)"\+R,z\`xnZ7ߏo"Љjȩ\ل_5%`JOwIKvU̎%%c,>iۍP8@rP% I6I\_ V/ѨMYx`F͓ m$vL)y8*Ϣ?D:9YQJUo5OӈD+: ְfj-))!Ix$ﶜ"%[B=6kmrFC?\^Wjٯ%1D#mAh8 tOݜ=^*2Xi'clx~b ^ݬIԟ~jgU-X/h9)+Wg ` :.'&RXxfMB *pTFsQ9Lgb*tv 2-uFT*f"騤Ĺ=G' 47ic݉W79\CC:Xd'{hl8$s<ƾȹ,8 /(h[5K|ySnb6r\ BͿH * ȸ~IIw#a "DCᝋ7ُ9.g>׃N=ZeKq}D/קV8O8}lSeK^kfg>+aSLTgl-W2hTL׮(bC_f0]h qϝ,Z(0GB/}S|w(X}=0"_2mH\$?!k 4d6My¥|_qF%y`Շ񲅋4+:lqrw?{.A0fFer=$,E~@/|y{=Na-'Pa^)BpR/3PJᾋW2D,Λjlqn^vs:EN5Ђ:JI29@sZ1S(TbK&@ڐr__ՙ[ZޟwS%m/I qjSrCd0͌(>27.{Az!E)&ouTEstvNR$_6S*,3y`oM/MHC8u :;( IJj @^V3}ہ3=ިt~?`#Z; O 29ve>s-atpΚww*K ˪*<ٷxG?ƺqNG-  %LZ d-7 *.%Opqj3 ^)CUd(n˼K:DbdFn:/VCfmc'+ڹ z돸GeL26cJ N6nVc'r!PfmM$F l-$z +N=u9\&C¹3R6j3s0\lnS-y9E!1?JRⓎ 1BYdUѭ]9S&智cۥ;Lo^s/kZw 'BOU˄u8u=u5A"לH]'vr36!1;PdN? |hIQ./v's<*B95f T\(A0ɩ lh+J tK#M7Q|&oIW+j"['rit-TaI O! 㵁}i!cO1` i\N;")ںEvo]*Jlu-wQZ"Q "]HuǦ㤣\ܭ0®5Ƞ`ܷG/c[乌@,0~Id=dk!$^lA˦n|n?#%kkpXkE7*'tDYhZˎNOرD$}{m>dCF;VVA. 5#rEcՈ&>_)Lب{,vU'YeOZۆZUgwjN 9\xhT|݅&{/GE mU-ڼhF G5b||pT殿d W3/)~~`g-f`u1޶謶 Z-fQlbك9Vv TY)z=Dw8vWI[|J`!c}4Q"@H2/ 55g nh )VҙYTjЄ.Stj}sCuiNƥ鱦>̌ɼ ^8EADC-amsJ)@$ E|$ΛCCLF3-R`%Tا+!2L-t'7S\Z 1$,fPBE$qbf>l;t~fcxulC!Ar%|IE}Kg@1žQ:ܡ gS/ܵE U'l?kOd?sbӲޫIN>x٘_29gS)EqMX4IhIg쫺i?CKu:LܖrQ n#*'|pjZ(b2U],оlo1Q/55Q=>1ZݺY`tiWsDy{,& LOgjzOCm7C> k@!AlWĽJh^a rFC$}xB>nhEm 5$Wzse/s}1KJ4 {}_5TN+mPPr;@LQ.G?>6:K3*I{ae?zbf:+nI}bs| ,#U!衠K_cS3Pl׸ 8ѭ^ ң,,L#4NlLF #u3F|Y0ː+IlBJҟGjOpLdλ1zI @LNWס?[yF ܧEEcTiU0{]o0}40+5--c5'oBۂytUu0At0f;h5"ȹHy-4ayQƷ+%zzd^U<(õ& 9@_>:zn! Lj[Llħ'/:9RSۚb[m)/,'wؘb5`=HB@bœ",9i *6MRr4=IL![9 xl'yM6>[\v;]?G!(. P,|VF6f{㴷LxyPͤ 7j$ Sx`1Y XfsZƏDigS]zC [)[ܒ 4*OYTlLEA$c 1nD M%mܵ,ک}wiFϙcΌ0sk;P 3#; v#OGvUR{W3RLJ8aΠ%l!t`o9&yg@+]ǟ{-Y'Q/,݇`osUw?HGKDioڹw\XeҰ<5ã,[1nԷq^oL.Ƒ)8(9GΌ,/G({a[EnplE|g{+OCb8 ӱsґ^]Xp_ !6wR7O7xZ.d &-1iy=f%BpL,4A-n4[p ivʮ;$̟T|<|M2ty!.e&5霻" # 64D` R~yUSd]ڶ{'a!颼PَK^z衠*mІr)1cY{ xz|VB7$4E2şnV_:b"]^Buhf#xFb\e|7#SG |g-1ַQ \ ۇǔ|#lWs.AͼRjSP7nBԜB`:A;pu%8FN&{>`jv:0ÓWf~? ::׀iI8¹W'wL4y'[>p?L-v?x=UbYڸps^FJQ?B%f ^?g kZ,ȠTZ!ݢjGwɖ?+NC#%:&]M4/he&apa5nOf աiT "yW&1-R7$1u]v? FuyV|/[!u_-YVG>Q $F_3lg:TGwVȾњɒ+H;2Ck_:2V*5p@53twhӔV@ |Cg%q:tZvJsy)rǑ|k6XǕ)QlV\ʼnSrz밖] ^QάCLgw2e9o t}n-xp&`SW@:wj Q:Bts8"3ɬ:p%@ʌȖ \&5飝?Z$EJ,gen+_qŸ熛_|FKxVx2 ,g9+`☼zC '1*HM%3h E [vݦ?JsDR_7̳\2_g}1aZw`XU,  %4* ČߘrBx5čY6w{M!ه׽ yh}T3$; zfQ#8U1B_#mmiKCM%^g(r];L;,Bc^G ^aVTjr^;^$ԎeSRBg5îvXaazOŹeZp|S>ܺ>pPxzq$܄^C0n%=q~cJ-W*DL {[xA#|b edӁS֚zq56l N<|VT=% Lqe%zw\@)])ջ0R#4> bbJk+忨"%( IXŸ-M8#8V[gV2E aC'-hϥb \6N rL&FlҪmxu~}2`7U<ڋj7?6TgCnbHsiTMT"0ygܟӞ[`nM"#B޸R`;~/ !gTz1fuGV5QFuw$"YS)o! `.~8VT:hJ1Ѭ#Vn]E:EK;:K:!4ULr #x+p:=h~|\24acX(\Fx\ޕ$dguI;(-Y`\&V>Sb 8PFpfWRTq|$61 {nS1G}kF0c 텏"7j̩f#(*IŬʖ {[N]O'KH\l*]WLBd!Z@1NAO%Lm>-jK)At^FЫ32E+f3jȶF*݁rhEFSj2,2C Z9Gq\w^'皅K_.dcBhm cN8r3~wЦ!KSP G¸#X֒W0pDND 7FB*:5`zL}PB㓢+4 u/yO R? igʹd:ʻ>؇M>Tאy}5gEcHc=B)/9(?fQM?Õsj.J %C[}JV #Bp )p¡!.'% wH lW[ ;6P{EW=&hkfE.Bn=][HB_I[T!o3\j.ݡ ]^ -c9+@' R3&71辙: rhqʤfah&Z 60Hp5[7/\Ÿ 0U )Xco\]YC? p* BeƱSY`n /T-G:"?Iqޑ+Ta~ :(p,Hi_d嚔;=ja7 1^ak׉bSIЮNd8XUm(pje4EUKuC8̱g1$| ʡ72(=Qh`\1^%;V?prpIDFvrꖨ])Wg 0iT>^nuhGBlc3ٖ6Vȯ# 0"4_.':ٜ0 k#\Xǁ*<*bc δ3fU}y&ǔ#FTI2Rr.MP[0dAfy<"hkY/qs-.%2Ph6X]v1ZrlFHML 7YapFf0z1! rV"@dh,:ɩn# *V'+쌴=4rđ,{L)EJ&7{" }ᶹDtǃi<5ԮKu/ag+`7(Fw]m&:"d+OD͌гzIۏIb Ռ숋Rs$މ k0]a.C'+~ҟy8'nDvF棺J{&jCyDB.jn_ ҚU ,Wq\.kA H9]>6R\KFft>U-H|TI@`4]<ݑt4?.K'|UC- bϖ6*S:$j묫[xv2ѯH||+U%+$s~dSO gL"jV6_ӟ oa%fhfXB‰Py( <`1Cb~30kt*d DoYRbÇhj5a4eU\8{=y)^*=XK;-VEpݏF99FeDlñīf 1okfݾ7l_ˈ1T(l;Ќh]Ĭl@MSh mzrMO9yɥB ] 'y'-F%V8 { y (mGG,_b%,|rOSHƩo9)RIq~53Y g9d,[XdLzv *`.MqQq-o4{2XtqOSwTC~=@pt~P^ZAP[KBX7B|Y{XmwZ:4VU9vFeݾ[jA_P~e}k3s]S*hh\LMIJE-eG_wx2;쬝T.l=XbwB9Yl.gʤX>~,\J.(e4]LJg6炫s ]^)i)fR oAؠ,G2F!~ds>*P:S ޟ5#0rS$\ ,++V!IxԷ+=a҂`nq`_@K9ᔑ-ig߱~=( ,W-G;^ZrPQ?+%MZgK+KQԆ QY G5^& "uvTm cı3z98?fTu V}n‡cR>^ȥ`UϞPau9\#w~Ezca!g9<}/KkoaS.O2Fでb$q UsqQ8.f,-.IK;^I:S^\! w1tsh hMgE6,yGL̿,ŠSZ=Q/\<[ u: !YS!yhkXnwoj<4/k{*`reL]sC< ɿ./GBo%w^NG@ib:W?G⚗2}dd-XpSq3(= &,1ӘBabZ n"|nz\KEb- ~۵XL1~Ѕ5n. ʸVZ2m fX5ln3&袾T ZoDdY=ϖ\9Xc!ĶqLje>Y:NawD$4>595;};MHTsmkm8_D&LP|"b'YTgfarjߠ-'!z]+1oz0^ D QB<ݭ]KqdT!kpZxvwD%? gSg氶Tdk`2ͷua:5Gwբ_98=[%[ 6Za;svX[Z ۰M>U}L?a}AD\' +k82~Q,M©Շ?b/p?;*NJf:e Ɍsd;s5&;kd%9>ފyї{\ 0m`(+Cմ G2-RFݎү4mZ}E Ɍ몌#څ8|kJ<;a{<;kͶYv]xEbnY5Y]h`W P@oL [w[u'gf(Ԕw iǠIM <֊Җ0V#'m50)ml=6=̒ɟryS^7sy /o̙g(ǭqKD{cdQcgaN}A3jL_;Yw8K8lh7S Iް.GT!!Q+#4Ϧ]BU*E \ލ{ћ {0O{RKҖcBy]gӗxwmr jlc3\9-g:Rx> fUKCT'I %R(D6ooo_ވ}<iJud/L4X'RfxCpY?蘥E9ixSm /mja.uZGvi < (5lG~]$xy6s2H>V aڍ:'[)!7%' [逵5kTc o ;]}Cv^"<_t&K+=U33 W1z)\T'Ӹ 'R4z֐ںY:)圜p쪟+h5'p\[ns@`b,LҐ?*CisgmGN@hOb@jVuǚ7thڏu`CxT%f7Fw_۸ԔcHRGpQ;'$a61|IBM5 MeD]0 Ӡ䐯C{q81.HX~4{uXfv;c|Ԍф_/tuڄi4y2Eu7-omE JC 7NA/b+ur#{PFEU@7UT^8X"5=hyLh[b*O6.rν#o^k-'V?-PL (5_-ſWSr=Hb:P'ax o=<,ꆄ;rF: *^iRo4ǶMſ=V'O!rTd[x'UP=qEw;SubִN5W,w}lo[bAr\AK`>-ې"94>JM< Y)1F9'  K, FgJ@{+{z (FUKZq؞O`8sNǏU0rغ~Oiw19_Ra 86sXj,O%DXͶZQyk^ 1؝2)V_8ǘAVAсW@Eu1W8S% 4*x3i.ɟTaE޲/wZ̴ݤ&p8'["w N=P Lj2ZkS] 2D%H$ ^n_jo e7 KkǹdnB/N'\7ƾzK#:+e!D%|FDJ{9>{^cf$qh,UtچnNO8wmW/LkRߏE k)ƶэUi"t R,:pw£ƽܚhN&R!޷%겣`Tk3g:>]+v$xxMSoPWX{1FB.:L܍}prjY=]FZbn'* H{(7X"!=X/RpT Kc¤\'IwbpQN[2# ی\5 J'?Lf ۨXN?~>,\0ԦGT3b ! qRvRl٫głWwfT"kxL|J&zGPO0qOfC524M_7vh.naa;uN{vFFZ}t_]/沭2ϒO.|btA,:$z!7_Oo/KD(T Egp/U)IU@ [9@4&Z H†,)ر@aw|A˖Gn&|k*4dM`o0Q{+0?kbfė`2dú[PćNѺ0bJb]fYϓŕ? :wx<ݑ>|-`l 8UqV co]C?Ū5t^?WMq:dtOabꞸb{Po1f2+= ?̀7P*:q _{eh8gMv XlPYHK|ߕ? {`5t&oe.X*m_rv;F=<8kdž ņw> u(^hҴ`'_7 ц)yäAM&Iu6rbyEeHYs> 5\ߨ&bCq2"(<Bv &7\TUAW`&[TI٭ެc IZTݔ'bڪEHᾩENq.AX;=='hmX1tk[ Gو*[k440dxI1LKqؾ{2Eߛ#/!V8(e=֕GkZ"a2*ByX$Q3I?BS8\Y'2 أ·߄xF7d?o%#)l_Jr, ˁ+%:э&hxf ۷O{L]ۉok#_K"yƲSS%4XύXzHi8ޠVS+rLÒMPᬟE;3E p`i<";R{E pq>E5~{iJhCk_$H.;g  yvCŐ𿑧) "y-x!eFJ >K AeJb/l)0V > xKބ!Nܯ.AH $x2yZ/.S{J*x- [tʿ 8ۄ\R-ؔAgN"'9Vl2 A4iyPdin!1Pv>]8~ ASCOJzMQӁF4/#%z07Wl!>RO0>zNhY*AǪep8nw$ѠRw A*dv2I:c=mk)]^:/W!Y]8vLg>g܆$/6iTg{CAJR>/ڸ Nju\UrgUL.&,D$g2g[$ncMUTSsLS4&ZE+WB ܋GQ3c>sND41{1=$^_c=^i!22eHQ`)\OL&^(m羲3w7-cMܟEsT2Bѵʇ$KDl犹7wA$]V"Xkb0)%a܂{%^aE] W0(OÊd4URc¨zIF506"jA+hx;Q{7>`}blbL/\ն+@3j˜> 0}1' _@7}eih1-2j3]EK;nAXSrQ`elhp r\bO1E 5s?uQ"C+ˉW:'qɃ]rp!r (]\E.ThYr-M/ ,mb5 TEG=FrK@ |g]0"64]EF(-Sƴ2gu*E昜.|ZㄕHmzø38@U &0O=Ț;6 &ݾنV !%)aKE"h\[_bC8{bnc*=T : V&JHo%kR̍n=/qK)qwh>0hƎhnLs$:(.KTNBD7S;<%xg)?nl94.x^9ƉNr,!MR+a]pWDo\[a7%Y:)vdўxb5 R;K/tLtʞ=AL|鳞+[#A<2.zgAb`/.'n{2Ax$^-`RW+ QlWi"fIUZCpq9_X/+u7*/M$ eR`x#]8X rKWЩF+SӔ\<.{wjXCu+aL˜gAVt͗; ]˺(?R,y@Q#Kz><#'&m5Q# hxoI2PXō(Sf٧k7+|gjoc1tj``pWQ>\M5(iȷICs 8 wci3ί55̓T)̚>nm1B{_-:~,MRZxQ!(1_m2QnUI.="JkόV` A W 6n Mtbm9|~1PA-)í[BipC4 G5fGZh;rgfHp_!{̔[LK=[^FmO`LvDm}h'$`xOM?h|$NqCW/OY1fr&٢3 ^s@^W3_ YaNCz&! 6[ODZAT`lLM4rI$̪ V%$E[(a:4"49Sm꺉aw@I䛊>Q-]MJ"9pdpi#eoPU7C@*O v}J=:7) !g7锷ʸB.G@-+oR*Kug.y528;LL$S;>F\o}i(&^)D 5}кH)'0. 91|pEZEu0AqS-S~Ĉǂ肇/@1b2aq^>y *1}:UQ'BiBQxqmr'HE0N rU }QW\@7c?g{=IKM9 E&Bt&Y[ 8tpV}@r5J]f,=q:K&P*JsLu2hmq6\R/4[\)Kg[) |Xe+QXNbNif$ qdzۜcӨXWFN#DV³QI<;Y.ֵ?uO ( xUY+!VA!lR10S3dTAp$p!)`CH+@V0&;xۈς 6)ya6'")~8+KT'B<&- ;]tSת&n `}}hH6pD&y@^WLeQ]6dmmI*:R:< j}5|:$evkQ 6aCgj.M19|u%TI"BÕ2 V&h2jn((}4PΘ><o|FǻĂrNz3*kR`\X+伋 [ 8G_2\^7MǾ]}1zCf{7E&}iI]&? {s-ű%X睺z< Y#ǹ~?D_>$VQ ==u ,c_B3 ^C5Zwhlgߓ7+zBSBC 5z'fA5vx2m|{|/F;R9S/L8_ؚJLz8` *y`>{yLjXX0{,ؒ9\][cm>@vFrq0bQc~y-8d!zG}wzE(V!; 2ł#P w=p9E+I#(A3 }bN'gY~+.+6Ă{ "K,Y}bM7p,wAvz޸@bձpQ!VB*< E:_Iec1<#0} O2'G)xȡ9q Shr_{b?Tqzj٧A't9AT&Wl27ߠ皓;ȗہ<|θ^bN4o\` {tH_}5e=6% t\KzKх'}4^ K~s=5ߣg&fW8ԑH G#(_s5k *`jnQ3"Z>C?&l)b͵):sfaZ6p%iU/YOr }LL4GZTo!rílL̹ K &5t1fƟw4@%^J+/Fl'םi XޝSB%葹Hhr=)/T_h\N\asBA+`6x \"Xs@G_=[Yգz>Yxqb84٣6yt#E>$H(ASsEyiLV δd%2,߅t.z/Xe1sHbc[ŏ߬Wy9 i7q`/9|&JijDP 뾻YB_h n2}|#SYd~6#OLj`0]baGxD <ZWnr6$7^J!W %VT3|ѺQ?rYOEX*O3I_>9T>*&M#{],ZnCϣO'a I{-Rģ&I76,E*H*v0Lֵig<x0>zi-nCթÃB].|&qFßP\ x|=)FƱd nW-ϸ)[:h@Qofz ޲p9J,a7ѼBݗ؉DHܾ[*Ez-/UۓCD!6)4𰵋2^ݖ}>4E ,O`tYoj x0BurT!Pgl 3ԛM~vXwtۥ$15s/MؖH2ʁi5ڋRrܫ>aҿ-t̹sB 1kB{Aͤ܎7l /hp-M`ЈI|5zY N|㐇ŕET y7\וb}Y~L'hIk.lv`v|5@Uޞ\P:!UZ7]*"Xo!i, 07.wzdhFx- 6PKڬ^6#.E>H0J× ށŋቜ%G(혶qD7jdɲ;x؍,Ժ}; ]fMӡP`:R:0Fjq{Kb0UZƄUO d:f:7Q#^1Hb35%3qѦ& Iq;8WR Nû&m7Wm[<@\K^i-v.AZqN>ZR upj')Qt.V~#*v:$?-.7@+fȫnS>{Dpgzfxrn>M" $6g4{dZ xQo 2ǗN>~% qI "%kEK|co<@o,)DqyTOӊhhdk{S[g3=H%R[@.z48rˉTQAѿ>}#M'tM ϮmE/p)fMz#T]heL3-A/p9@6DŽ.YHTER\%T,B֤.a߫M;ZIKQ%%is5Q?߉]|%dvFj}~!([5ܽ\yis˽BXaG=A]תXE쓩wC@^>SMfx8|=w"-Zckv(iu$lABقpaEc_6ߞnxQ(o=fQ9-z،ʫI4e}n;CN/!cyN(52c58~$i&™o;n/IH딹|e1u@` JM_d\x2Hwc\G0WI~čM̭ BjȐDKG/|%HeZi,4ppIijld̴2l;b1эT]\Y+C>/̈>ȔBRoz (b*0sw[G̟dIfhܹ@$rK0 K*ǰ 1l/}B=8 /Z[QA^ՓG,7fgPeE[9v*1;5c^ tNg. 9Icޢ=(ȠsmSȎ>)FHu26G0v~faqS"4XI&%=uiև/Ky|hAg+,o1&Yb_@f=B5\/ȌطDJӏ5w`6/ޓ0u'U6*[N`ĦX}tR5 ]ăPP[P1^~3Tt/vlUNԘM,`/=@ 7. thM8΍LJ7Qr>G"*9H|fORZr(EUvUD-b=TaI:PCPޏuV]ȵ\AQ9 7t]f ;9#iE>1[|_U]hZKmowCTL|ېW+{O^nDiz1L>mx~l}./2 1eafYFWX(4Nj^zL@ ج慸GZ 4yf\CeSm~bل:ãE4e TT JC Y3p3la蚲rv_ GQC2(M|E.^;۾;X\ )ZʕGPA4aQ7(,@qK;@k/i hÄsHs-RoWKgZ.8nr(xG!.bQtmt^#wo?`N khKEɂ󂍨@m|"@t]契ҟ_w _ ]0DwW`KĻ;T(Ϯhk.XP+ |H RgpP_s|}W|b)eVO+sǫfQ:-a$F @?[*tSo46Ip2zRrI J-:xL@=]\jQEz׸=vy Ɛ Œ|(.IȚK]/})3;R=\Q.Yd~pD(t̙f# ?;'x펞@=&j$V޻\-UC…T߱= WB "L35:sBhqd駡 `ſj mɕ)S):wċF9ݪlg<[M~E {с+%C\6_ڋ45Á,F?{FgYj cXd>xxv=ЅPFX# ɜ̭2V|۷KBL"3f1iS}rLN.{z FS1c&=xCly`f3yE.RhGWt.TÚ/eS9/l#zqE2i]1/tF.f I5ZFO\v(Ha(x{\@YWWaSM|4O}*=Q<ӟ #+S|Й`uX?GN ayiJjZ/}g.g; WDͺY@Cth"D' W- ހETNլZb<"t|Fؿu^Y;z[ʍ.JkAޅզf3;F"1JeK-^r uvzS@ *#_%"9gQ6KuTˆo%x2R[d[NT .֢Nm!p!5K#:^~ktS3 5pfZ B1Aqe]}! OJ8&ԏ]5 RQ9(9&IK*V1չ:ł_к3/a/@$ )tN>1:8 Yw|ڰEr'$\ݫĭcA:8cNݻEoDdm]|1 O&(J+3>Eb[̐InQ9(Zm/F+WIZ_$\?-1uXܺ퍽qT}5 o":`]0ZXRqў4sNUo9|}}LsP0F<[-]bȬo3e|xOwx9IBߍ7}]m2w|JCHHv1YM, J,<"pkzH`W<6kJrso;t4 bndo25 eRܱWJ*k9a4$(&ك/᱗-|TB@ 9"$ŔKC-Fq̛TK2S&̶z`wf/VqmC(WW5%I N>(\YÝ . mv12A~.+Z A^xgnpE>*+ً069Z/=)϶JsAIhh.zԟ?'mq!i#'Zr$Lh}Adhrs%P0,}oW^Td"Zˊ7v܀ _MrHԓOTH\.hCrUzzE- d~u '"հ > |*x cGyy#5x=/AX0S@O=TzlHpDCj\1]';vK%ױ17. rkܲ+xz}lcAۆkЦNԘr@3CpLL< r^}Zg.IF bAEoOky;XEn^r D'LĎ{؜,u˺//k%IB%ydeJPnJ‚Sq+LkƑOl*MMc>Bۇ]LC`I;V4f5P^>$Nuj%1pw&? ѳ:#͌u7ʸj @z%D84ZFQ *?+)Ì <'(#5-3QXn"%@FJi7`kB/A- .{"2#Q/ŨlhŻ@(P&2\EEpMmh >Jmm) HY lBn#d蔆:r{S͓lvg%qC=U͟p;өхNȰmJ)0׎˙As.'&܅ƕl9%մeʷܤR1~H*!ڕFI`@tr=<_xN妔cYZcU =<~|UCHn׀5Z~wlFwn1b^?幧|L!C_I p}J(XR'Na3p~*a?RڎeUָ^Ff++:>JIgP :1 Rd:R`zH譃Ŧ4yێ>xg4r~O{4&Cxq-z8?| X3a8Ck(CLŪ̱gNdÎ8#_m UQ RAcm|8_aIL%2,Cץ916#O:*La%z&w3`wL: tgp/J?~ ZLC{kd6+c7!4>UcgG@,ת }> w@p^Ya"+X@34tKЕx\oАDWjk+?cVzPS,MsLwBP1/$!I03F[Lc^x [NYu)o;W0R$@-l]fOCRMT8P #.8|V p=J9V]]NVh?ZU۫Y=5{U?c Ā1NyW,-ݵ$G9` _Y!sXƠ`s-6Gms p1Ib1h"Ve{\۫h%W\1G$Ԑ<_|VW4y:8ci_6FO|,j&Z#V b/" ރ>!,`FSGʋ3Fa(ځ'AρF7'e/` l#J2rUdjy#7  +6TƈXJQe܇* Ո=D4st6/lܱ@4a!*݊M̡wt'7XO`+6O^Z/i19!7E?UO9+4WxOnkg>VMƒ]?˪?tQ04ƽIH;r-˞E>I =/^P~{9.NFhV1%3{l'g6Ш܊UԀa'kG\bae1ho~C M k`2}@>SWA  תV֠[F&UD9T7SvQ [A \)pS"Rk&pI 1{Ye)PzU׷ 4~`qиj@%s*1M>MOZ$Upj(yTyyr2@*qP!l |Q.dEkӕS~/LlOKƲCEiDū&EԤ99їkuR1یBGKaXpL_iic96g&7LK1ƽCJҬSGAa1ݍ /qirJ@9@Y̎o1MyL^8ȟ0C3 +o)o>$ ,wIZk? 1,7uXss1ǜgcj[i@tfFOɍhtDjD"`4<]p1(vXU9/\CLZV"+yq3)5;: ܧ k}KÞn\ډ1"v#|hڤ{h !iC柊r]ci:a~{!WP,C+&Irȣw=V9M Ljv%^qAM]}c`rG[rͫJ{`ry([?Xk0\֗F$2@G`4yMvHl.J=~TI: dPX7!.*%sGƨ%j% ab87*)V6;BZժم-oQi\p*bS"j&]i,#`-:}X*5n> c ]+N4c3ŀVroC#eG15.MC=0D;t?y,g[9hR QŒT \gĠ(OrHnKi21h P5Nu!oCt:Nh !r~cf'Nr v;_q}Q6T?mAڰf< 11njo0Bt. saJ:-6]_ꓷvQS"3_K6<|8LaZӞ+4J@Ј_ګlkaMŃ&`>j."]ˍ.%Xj֞uߘHeBY#P,@.yv7["K+Qn`7|Uughz*hP7˳Hl[ lQ}O;n N[5u46NohOZ V[b]Ez[S9`uGJr nkowfԔ(DȕK6`PhB%{y%]Aim\"ƶۓj&dJB(d6ǚsY<k^؂WSy-y޶WϨUj'_* |E'x 851W/\Ul~}K> +(qt'+/oQzuk2gĖ=9#":]hrq9~\81NOoj7GK/ACY RTL=Ãsz.3g:{OBw߂#KR(!\-kx_< Xy3 NP1gAzp݃-鈄?U9 d V?Y?힙=VqMj<d+v6IigUT|_2{H= '|'&M\1PW K;yNWe؂<^Du3{k]ue M)S.ȇ~}\0eUZe3n`eTo8`HS9V3BJ!gaa b3nΒX2zQOK"gF"m)7)GLo/g8d"~D@QMXsV\-fiBFRnֶQiaX`j1Zs?csu%s^Nc&i|N3|C0-!?JDA<%]HpH1\h70glNSI w~p]9m6ǫTg/ Mg-e?VTك\8B"2R@HWLkN1|TDH0 nާ]-jk1ӺTH^ŵf5U ["\ddhrBtbtD?z%<"*B: oj>foh&M}7>ΙcgoOiCCsxܛ'w+j-MePz 2dDuf{4j8x8vA䥄I bjH'4bc4+ͤ׹9s-)U6M_%45/'B]:*G^23MyV9 4261$ɟ5Z(wQlj*mM֜^u<"3#:yBYK563k1̉bΗd:`Gfu w'HCs˫1aKXF܏N]! TǣV9J'^*C؈ÍqowQ04ČJWRЇ hʗLY3\XDdfN[tPꄼB ki :f!eA:4ÄHj\ɬ_<á !MHjIL#0;2(N_4 z;Qj,7TeZcIOJ%Cb 6@{:Ԯ[G;pyN5=ܕ~r_sMaOz@Ip׷tB/틧AVw80I}٘`7_*M4TU,;,R{ˊnOE 6X= #޺p[ێ5bĈQZ&~7$YCp?Mq[6 epH՞)"=}TJ dFF<<(0:iX$!dPxQ pFV ~ ʓF"wOt+B6]t>ܜd\P-9/U4DžcڢTE?!ecT${`=bW+N]5U}`c_ʼ.=f;}fʳ yaONOݡQV?-Ot6yZ fFtʑ@d2Up۵ZBg̋kfln&) _ҙ M;y?IlBdߠ3:33aĩG* !O H2$.ﺩuh bth8iLi` .AfN O|7u &c~Y8MCz4`P6%j-G[ņP4 V[a MǓ+8nI$hn,l^>\/ٶײނZJC;- aI[ъsL|# b[ث_k^E- ɸ11Wc6Ŵ5$v*L'B9. ()3ʞ9i#\Wn?SS>q|̽xv¤^)\eYD+ǃa]JLddm'wcG^G0Z_O!=qUfWH3LOx -Pƶn4PbӖJ"$YS9 )0\ Pe{_N+UsNh6_aώ( 2Q-Hy&Nxytvbjn}I*M7S:,Y~~g1v|˞V *- M@$ȀXkD ?Qa%|σcKyJPAC-L 痈dXۯ\[PQQ5ЂGˈt^M9]]45~0Uv~ͱ.D)֔c㩄R>kX7="֔FKXwkgZip<֡=sa)ϤᓽEԭץ/t^Bٔ_梛>,DebdPI$Iݧ6qr\8r*#f@FH%X$ZPA{iGC籝= Nˤu}>K6wƵT'uĿZ t2n D楡ŅQMQF7 z|ސRi9m|O%dD>eU酆gP([Q薯tr.Dyz;| 5<彈(#AgA,4Hץ=3=[;ugM;]$X-OY!~@CQvYZ,~^mD qR{QRjJڑ+q?(%b 4?> i+tѫ[Ambl&v @RRS TdBc>8M 4B/2傷oL8@Z {I8|61 6/ &j?xXmy Z}xgls|Ejy:,Ki[1I 3PzFŲ7~qV+'55Içx7zN9Gݤ@ Q')I{z8 ٻHy^k;rI%ah(;f͌rVe&tlC>B\KtJ"9S9(囝QkހR#? <sy"R{%b%^:0 *ɾ ,կx[:U'` l칚#d2BGr¤P5 NLwk]8ݛ5ԑɅU C4d(MHѰt;҃XZ<@zPYz" +̾?K7M TCfzיO[옅j3'e_hL!WmmlIp:,!!p֡٠F.9*o%w 6XЮi6N- ʳ)h{QIXk0UIQyR=?Z 6BK=`5&JW#,d~d'iB{Y\Uk83gFZF c&- yV_ᤈ{/ƚ`P@pjO@{ls} ,]" 2OxۿvU5_3lot0!&55N5dYƶd1-5C q dOտ[n&#c9_[tQ8!L;GvjYuVX{ԫGyTSiq)ڌV{~~(%q0 ߄C"u?j#=WixPq~z/U]6fzBtF0dk(X{2sj3LjA>]MrU߫/& da%6QHc3M!^'CJAYÌr%wnϤm.ɼG|SԀZ{ZO gք'#z&QJgaJpcTWUMo<:ozyv ,pBkh0$>7 p4G 5YPL<$>`mzT3Be(ȵOSjb=Z[N$B")n=oB5bN9k ȩH^~xF_/˜z>w&==dIT#ҝW\w_d@J#.]+zG,]=bHA!d|N:NIz 3׽S @[FҚ|OtUV'+M\ڜg劢)YL^m:yx( `*z[1Ps|[F<5UareX -ٙ(hQzL" VI[wOΨ?kLTȌ)ӆZe#"Ǻ?{}DL?{-czǜ|fQӘ *Ca?NrIo塔-,^YdJۻF#k8Pfa8@PϻFI؉Ii^eB}kq]_% |X|M,zBa຾ !N[L5 5U:Oz 0Ni&|JrutpYqTnۃh@Zo4 ku WtP*ذV!`=40^vP~T?.v.kҒwa-/H]پӯ>as'b4>M3|08^)s Z@1׹c4қ$+& V6=^HoP,IժWQ8e=E 2{Um+_Ļ²S8^Pא,pQIQ)S0 冁M C,t?0$˩ByVx\%l@0\1\]DM N3W5Ak߃I>u[0;q^<>G1YOb@}n;m.Q0K9Ate>ߘtG37@ͳٻKg| D<5NR&k^RpwGn},JC1AF T-=w3Q[?oUBV2r$!F!HCOr wM!? @G Of[AɟGSW,9w1o^&eU^wkֈ~ꨨؠ/_4 K gLGH3:<\Aoj7{dfXސǑOj>II@ 4ٰsLgև`KCZK;p ߯M i#>51k?h8dz9h5/ZESEN>\5"UѲw*Mڲ($gXjô؄~6p/{нqcvG L+0k#~ks6@(ZGvpձ<xy۹)>AS AFa;Ri"te9 K6`t0zwu$Àz9߈kw pJ?GY8M8OfVLc۳\&0__2"xIb7X UO 8YU.8FMM1<{cE`|(ƣe5F=ݒ."a-9l, CB#8l(i?o[#@s:wi=`9Vv1z5*y=^:G9Xͱ.eNR4W˕H!Fk}VswWv]`zh]W6J_r MX]jbiq⧞ԙ P1\tbڪf슉nUVb&Ut/*a| X@ g'v#"o "G# ]pNJ=%fY ~HF9cT뾷/WZM2h4P2$,,/ޡ(Iޟ`>t`&;]d[ t -G3_=Ⱦ_I:,i.l?-ży粢x;l&kCnbp+';XZ}\Y}Ea7MC1 姕)4,Ӫ4c(Pe[o;PB-2791l.ۨSRY ~MǼ! /53+S 4/u2w@(d>q;UpxT:AuV#{ܢͳqdyFȧiQ-[:F>7o8]ӣh bkz|VD}&!P\-N("ϥ |Ψ(o8>yycKԏr,n =P͑y-w# s$]A܁fV|Le)8X_']^t r0w a앿w3tE*1zU4TZM#R\J '}˳QuwG-5p"mEH7VY:*K>9sMǼ1K/|KWj-.foJl,gGvdʶ+;ۜC+uB`d݇Iɹ^DĎ}wG!fˉmH sȎۖ3G6F3BG7e7I)9cC[G+x쀓;/N Lr0M7f+<;ğzTڟv:)szq X|ݺ9dÊ?3#g3|6X.gB ӿ5݇V4Ml)u?.e\#6 ]jR 'n>LDWn}ɋu aS >KӐʡKV>_0@#jA9r/՚+=Sן %Ϙ:|29Gze l|2wTK{P3,z5禖ae " %D0\ԖBؤa;9%_Jϩ01aJ(W;&7)®ǘL+V1,\E~kF(ɉsJ_f!6gUK=5t/aVԈիhTk}ocI:O\ܵRjQ`%4B Ni꓍j# [nYDwĨ *0е@dpİ,m|W< b.d"p,8T#dQs^KWW0 t1|`8R9QZlzIiMg>S@[%K=?D"d `.7򽹫%Lfk?[.D='+XP;-c8 5#CU*>6@B(yə2xo[ʺӳqWZo&r0`rݼg:;E0{R JS(@ߺ$DM۞J_$y<Ї⺮="fPic30E8 x'¸h!Ed%BH EP? /r?,ҽzFn1>J Es?bpR&[#p#zAgYb1.["Ɖ#} Zz6eBCYY72N PWR/r%hn[q>8Fi85[:pmOu} hKJ;e&&Qyf;H'@`υh\Ko@ӯ>Qɵ/U%|>1 ʞdyubzfWL'C̒hU5!;LIzj601L_P< zC((f"lbF;ؓW>.*:;+M7%]sI'j-Y;PK1No+.w* Zb,94dCMYp'd ߊ^XwaXF #2*$K`82 `7We>k4jfQw`z T]z싫҃Ggfm>0/T*[ew4nGhe@5  ~{?DHrl5ywT5qOX3imo'0 D@Kw;3M3} 2U` :uQ({g ve_Er$"'dEVUS8αi*V[M'Xz7\M2}̩*}c^#[ykvLU8G#!U|FA [Hf{tNd[.ئ^c\)ČXKX2Ċٛ [b=vn\W%G$M6 F[\(tr ƆQ*y2XZ"Q:)IAdA%H-n'@(* ɡͥѼ䟩'roMFGgA3[$X^ 0 e=$(ixD6h&O:H[y2/kJ^G_hLEme4cjsLGI[V?=g{֜؃̟9 o.*iz0^Y PnU6=Xrf][8)N;qm#;@|څŏ%]uYLNKu+ȸցoF["8Qkp_eДc3Zgf;7hq8 lxJ5|Kđ2-56@kS5R'\峀#hGu+LK|?fCC;I{d->/.  }3mp6g㭖݅lzw!P2VC=bDMwݢi@d2i}nd2' ߚXeDEz fkӊB@yQOL]f@!d zQ>9B9c^݊l*'f`̵]bWt"&{VpKmp\]e*YKLc6-/TOo/@V>,Ҋ8Rl?15Y2/ d=#SXD}Pa{ \HH x2u|W:7,'wrאӖ yzvQaG\sSg%i):v4C*LMo¦۔]mX%(a5d${]X)v-R@bAp)kkx}rwnn"vWm2%, [%4Ze#yzM{(#<7sͫ(ʑFpnq#aykO) J3@ܟ6x|F#{W6)^y Ydn҆ 7/$s'>@:̿J޾b+S9bW|T 52,G̀!U w}˖^o4-mAUe03&44SQH!$)~ͅ2/#^b> 둟狔|kƑ BihT`o5d΅zʖ?.qI3-֣\P͹;%%p*E0\E!KZl0pWbr+3IY$ap+E(8͂'-˩yJDU /r?Ix"MmT?fc%5Sey` vi}Hb9kgg=kSoHov}54q+ML -aPؠs$w gӓSn˘- ;o+tXN` uU5"^0WH*?Aⶴ[.g'wc׵َXQͰb6e%sW ꌅ2'`ƱήQN.-A, 9\޾%vy8՚~8TrP)w2jS~GǪT!VL5LAOaqhpԎA,VA>q6e=f"Uq.돪$\}?,{#tџC|-.Ű'wxwrTf?-w}JջZ?ua# *u 0,^{ 6Ht>f[iW؄-9:gU4#3 5,C*v>bҘ1D")P*OO# P*{{#paRw)DtZڴڌPR^o\fV [yhBn^Qv%"%(74{aI StLboutgYSZlwr_'Ԙ`dKs`u6XΈs0.VZ2j=hIH_ҽ̊t*-hh:޲@Gѿ5/07ʜxE ܻ0JYǢ}$ifۋCY *W`*FWiyE}U9@`MEC28Eu)k[uÍwcq`oHKا04zOeeEeWoTヒ ]DgN4zpKxrUB r[eg0:(j0_7>9Pٲ؍?-:L*_E0`g ZQjhy:Qzuq=%m"ӌO璽+o_9"'( [6ƾVY1eB![^%-.BDϧxСKy*;0ViAse2hNRO 4zIci(\yk ,%R@zx (mLʘs<׌әdE$ʿt] #4{DL.0N۟1mYg bn˵Fdݎ˂8.$jPsz&I q^v31Lp1#7F'nyAt*L$ Sx˾~\'(1WNrX8GN}vwV4D`uf'\Lzgz2:o`ZL;aI 'hgN 64mx}Szi-9oXY MP}9ylEǽ؟̞ YZ