sssd-krb5-common-2.5.2-1.el8 >  A `2U] efLAMq3u7õZiiɅtB4 PimuSXU`WvUZJAF:bv'Tt4x TNx` |7Ln V䞾:4!Jqﮍh䟵H!%O-%.{E)S=54wH>pAf?fd  Z #7TZa   0  D  l  6     8 `<@E(T8\9:]R=`G` H`H I`p X`|Y`\` ]` ^a`bbdc`ecefchlcjtc uc vcwe xe ye+ffffCsssd-krb5-common2.5.21.el8SSSD helpers needed for Kerberos and GSSAPI authenticationProvides helper processes that the LDAP and Kerberos back ends can use for Kerberos user or host authentication.` x86-02.mbox.centos.orgCCentOSCentOSGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxx86_64getent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd''H|KAAAA큤A``````````f8ea000627650299a54790e5eed705148ed910153699c9534757515fa3871537c833e669ee11cd672988c52ee1fd8b99a675554af53332a61d1309898819d7bc8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903../../../../usr/libexec/sssd/krb5_child../../../../usr/libexec/sssd/ldap_childrootrootrootrootrootrootrootrootrootsssdrootrootrootrootrootsssdsssdrootrootsssdsssd-2.5.2-1.el8.src.rpmsssd-krb5-commonsssd-krb5-common(x86-64)@@@@@@@@@@@@@@@@@@@@@    @/bin/shcyrus-sasl-gssapi(x86-64)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.25)(64bit)libc.so.6(GLIBC_2.28)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcom_err.so.2()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libsss_debug.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)shadow-utilssssd-common3.0.4-14.6.0-14.0-15.2-12.5.2-1.el8sssd1.10.0-8.beta24.14.3`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh 2.5.2-1.el82.5.2-1.el8.build-id3dbe3b55227c2ea9cb5edc92634b99b23fc82cb2e8b8522d7a22e44ee1bee4faff5d0f5203924985krb5_childldap_childsssd-krb5-commonCOPYINGkrb5.include.d/usr/lib//usr/lib/.build-id//usr/lib/.build-id/3d//usr/lib/.build-id/e8//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-krb5-common//var/lib/sss/pubconf/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2x86_64-redhat-linux-gnudirectorysetuid ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3dbe3b55227c2ea9cb5edc92634b99b23fc82cb2, strippedsetuid ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=e8b8522d7a22e44ee1bee4faff5d0f5203924985, strippedASCII textRRR RRRR RRRRRRRRR RR R RRRRRR RRRR RRRRRRRRR RR R RRutf-8a15dd72ab0fa61984f101ea31c05c515a96178b8b70fa710ca1102df8e66e3e4?7zXZ !#,w] b2u jӫ`(y,y/ܬu xOb+Յ:Tbmؕ1|͐R*L˹lQ ݆WdD-2<݌`^I/ 13+`:@_$GI.6eis]ƀDm7x3wT:D7$<7L4}/u.wo;X0AݲT>ǀIelvSY'#LuWd6H߆KZw|Oq!mZ>iR&-#`|&P^EϠ}ŽY*pڼr| qwg29b1*RTAO]$ =Z:2v0OFSs{ |[)քZԌ;@7849#lST^ڱH(h $ppN,KЗZCҶo+u#gM_FlOcH}x =; q ^#dyцuWmS T2@oO (ol)܁Ԓg{ Uڍο%x3`3~ǥ tZ(D)V:|\"˹ټKeTq,C "EAD-ёc$oN%RyY@ !j6,Ev$t'!ZKW^f5_؛BEsENA)rdak %?nNջ<Pa.m$/`U輶4lt'SiD^кKQb|G:}V6pByaeJd85n㖫0jaY:_1 r=@SuL#q!a5lNer֢PV͖@mΌ5 $%RMNhg CNjjНB匱nK$1J3]c.j8jI':ȴ߀?'[ q5g]HQ(.4&|6CKTKЛbu5v(jvgIqMvuj+FohbmUWXd TpLi[v7@#NWrLPS[Ab3Ex細!qLA.ػa=SJ>9a[`0\%|@J,d;5T*@\e|ϐ|Zt[37Ixl|2.v d<"ŎLƤG. UM͊=| ;d 0@2ga?h 2ķhdJ e ʏm,=8%#UϾF+.j"sLi`Lʜg4`61Bd.2(9Ӣ fu2ͫoӁq/ږֳܰpMfu=UV3pL895rme2̃,"v§ ĵ n݆'j /7nAHLGmZ¸._eJV{:zh~߰ܢ~ǁ :4#cYֵkB1 %`nNa\VpLsY2cb^"Qs{4XE? ;?? xA `?G09heKs+ A[S"l`#B،wx9//z%݄i3VD|*4RSr#3,{A7a!S!K ;2aş$R4H$ߡVuwy3ዑ^j~حN5L`WGp"Tm%{D6aBGCy ߩf45/j&"Q& +L a^̂ٷM k7:k<#1tA%]/ZD%_bI7c]38M,+Id stPmzSفK$~EQ >LaM6M -iahy'g}HKQ3#H䘕 #,T{2,֙)D~&ix0[:.TIUVLwXvV?R=n))JM:iӭTgcrp ]^0?jI3KU[ ϻ wf3)H;g+YpR;??3|4:|Hj؎8û  E:g>03WWV 91g04uO IbH'c ށJ\8)1#A `fӒ`s?TwS0`V*Z+d(kkdEi+khP9B4G!eO)vj) qRd pk a_,-%vNXɩ\}WjS;?Z:47"zVT@F-[aYO`ty❈!Щ<޵.>ЊK+8Y, o>pMt][y.}W{qزIUo4`ecӔĠx Oijooav;ؠV(z̧3cѦ[&[0gIڠF:@ ai{Co@ [?M[icCe` ]`3ruZS6\6Xm^: U=JǓxyLӄKxW[D5wV|wX3kJcmhlJWj g~M>6ew Vɭ̐2WC垠wrG? I&gjϼF+zw)"q|C]]"a5.ijww4lLh@9)9Sik l'Y@y~׵ \pp]GoDWSiBKH^P83֖-:fmLnb{FAX HѢV$RU@T`F p,v~ PxjP{eGϲ3PwvVwhca P=jNlsfCG ~ˊ[z"5ZV n 6<Ӑ::όvL4ܶ-kV:OrRGjMͅ_vup+*q^J/S`iz-?g5֊!mϧXF=KD-4$8`,V@p$7M03ǥ)FS̀Gx=pNnm])Z+{b3!Heq%Q(-DB%6 b" Ssa^EFx |Rrk.L5q1K$Tc0dx7*Ul 5YGڼ c}}rT{[)?nK)/\|%ν(e!5Lv?=ƶNTp*]4kJ18v'zGPKMʰ.idfr/Ҷ`Qq31|~#@4V˾zcGSNAR-ͦ^sDm{{.6]rE 6?y[aWy/t: []|Or)`*Ts8.ɵ ;z@fAo2Ez=[ $d>_#:KOQi }Kd᝚e[oޛΣOy{h "LgED7dMB9J1b<:(`ʢu;OZKA8h\aRzlJ1Kk%r tH1ߥ `jo}ɝ[p/b)%͙i'i vOw&4obz-ݹe ^%}Bp @إ$ݿRm 2-I]xk adeG%b@4fh`(&x$IW)YpDa33̱ߑ ?e%`T?:~nK=k, fEt?PάZjolB^ݳ?&mNZ64%Ca0,!xy{|sL!3M-+7Xֽ#lMaM9;,#_ǯ"W[t/4貂{䍡LB3>׏ֶG}bl#*ӲBu6]`}/~'wzOo~QU)ME2g&y:[4`gbR%yT%꩑kWدY3 c,dS?Qb((Pt#˔Z@&Yy!Ů!g\|ԏwf?^ӯMZcԓn -|4(S2Mp@-T^_7'LSywOE _dy#(n pman\Yt+Z%KUÿpKq}J68O/L|N[rGXe/?du0mhoxmp9C᫆+& \%Ï-1tKcNC?!c:p`䎙yLJ;Ok+:FiP S}r y'=%_d&Gjtm˰>,rJ^x^1K1I~=`"au] @+ =.ѐL?Vˆ4&nQE\?^mu Cq?Fčݧ!ˠkTfމ`}:#5׻1(hPz:ꍣ{s%1f.곏6TnHp!ł%a5z ?Ψx.΢~'R]&^6׹pfxIb]%#o,NCK%4؉5O#\U9tOm. ƢzrO`QTijjE9dߪpc< jɴBCCD( ;`9u'i{ q(Trs:YɳьެNV~d?O) J3_.8w<$4)k2]0KeqZsN6ZpO,>춚4_0ʢ66aw={Azdf/[ءq)(Ys-HlWI|N/Vvd`>FY$& ;wҬ l9[Fa߰K^s" Cc0|> t~R|1$l]]3ePzvA. _9HX[0rD3?SG{1gh7?LVld ;?&QH5,Sڎ`{5Q_|-"ÿB kLXa'I^ FknbͻLׯ-䁿YKg2uxfN]!yÌV+|tg=R ƪ2# xH+jր:( yf|qVvN_U ) <$CLՙU#cy9$q `́@羓61iRq @Uyax)e3o_n@3cE,KT>y&I?n#Hk–P~?"%)%u`5unh6OΑ©Q!Ujٙe' \YH cHA`Ӗ6uaj\:*؅fV=Wcdg*/GTcZLo٪TJP9+bD|hnD>胂d Ge1 mF%j2lD7҅ A g_6{~θoLN0e~A>H:}( fa{tv> ZH> !M!OjDc(OF㔐8@ {yӣ[>6] 1ٓSe֬B9ѝ<ŋkڸ Lf0 u6&<_ kDž:#q A![As4[ŧG*Adeo5BU~HuvQ]Uư8:5E߭ۺ+VYiʈ/Rp+cW=,AL2*k';Us`ɟ}i̽YI<|ӛYj<%* T4M;C a_Cx{18Ɯw Ծ E@[X*>RTrS2Rڍ_xr[[P= $x!oE][$:IVKb@wC0 zjeYh:TmDm$zcE P6FmB.i/kqHlcCę{Xy $^?-3V홺yhyOuDZ:m! 5T }U=#epb)!vt}˶Su>H4 ÒsTnut@ 46kF%(JMќˍ+sB~Usw8r(ŤcL0M775{Gy#‘6]ܡ9ʅ2Sr_`IAX) ꕣQ\?ABU)qdh$h4_Y= ?*`)I(ORM\uո.11 K.%7aL,EEi{ u9h:b{BA9ZyÙP)=CCyYM,)F(^r .ǧP9 tyk{DzQ"T^%sC`VPEM 1-8hM 4꼲 S\ =яi7ɨ[ۍB^ Ẩp=dCXבh*0qtA+:Z+ vWŔc2V&Ex.W'mgbÁ0uȶAY/׬Sጥ`WާkRWƇ,/<^w%ސ ;ѤLEëEJ6QT2߫SLp{ o_f{j/ ٢OT=un$Kl[vfK[jM/gG"=3rM` "Q{~C|9Јpl"zu[0=H"?:w!X׆1$Hg3.ls2a:mWt27JӌUo|#jvSŮIn&jpJF{j #).a[~}D3 tQqY%H/ʤK \hQF%`iuLxfvQιc慷XJVp+C0x{s@*=<#*Ǵ3oӰF@~&mE>6"rv|[[.[M~[t(΍pDZ'M % wдM>j3!O򞐎?NXcз#D^2@e}vkf"Ǹ6cqoZ=>6Ə{a62Ę[$C՚ _0EX}CyM.r6V$;gz#Typaz{J8R1 rz-h+䚻;rS>Th#ew.ʃ%༸A4K=먚/n&q$ ;j#([&ƗƛGK9Br:ڸ .:7ؿeI^?4D^s|\g`j%*|ȪF rdޑc$ n [ZH&7'jޞo$:?>\J:;|PGF ԭ"%V{XpY7{SbCorGX&؁j~]býmfps bqv!uz,%':$_E 󉳛H;Rp ZM(AUT3z**He3S"@$U}'5=#:RΉTkZl6L..Br)kp]4Etud#X'yxxT[G^Ơ22$ s&C$9y0u;NUUJye[p&+4 jq>֨_RsKKˤ2^Tile#5(J(I;(XDR4竤w@` x1B0҇=pFmA?Kic[qZ2v/*vY~8v;F-Gz<4}8djWV9ath9,4;c l y=⏉"FQPquM]'Ӂ6qaDƇ(;;Mg9;} ܻv'[kQ9 !KU:,G9Wŧu.)2Qj"Dd&IŦsrC]DKmCBjڛ`ȥh0=ۗHWPb2͊:i($Q/ԭ^&QCRʐ$"_XQf"+蓝ەH7X:? .Sy=ܽ;C?^d*/Q@/#o@Et3Xud09*SJ\O dt#6t?ys9:jEl*юJ~Yv>rZ WJ Q%wf!|}~ YVJycN`.$nWuI북3$)dvޮ%O_SCI7 [1Q]Rbd@~AUM׮(WN LE4pYJL7UraW金*.| KҪ]{hE{ hL6:;MR%V$&uzmm$?}π㵰KE 5 >q(uoԠk"w\ 햛9拯ҁUcӪ#؇zYBH0H;uU]ÃjW,Blx<0CjD Vݗ15gvy0.yă1?ljDC{y)hJ5a$7 ٌ^-*04܇)`U [Y>ĸBxu\R;NĿ͜Ҏ:7 jUc @j{G B}ts^^A\ؚJɪmWuȟ󢩿޵Sj}Uژd!̘&s.=p"ԇ6p#+=ʧLIY!o^"'yQ mI\Q^'ޓ!ǃ t?8gYRH]+s$u8N)V7D_ B"p&}wVv;]oNLvr~st6K>ߘHQ,yAo6m=$j&V{^@d#\ӓX.'`QEresbzeXtx6g>U?:7\*#6Vfz-|[9"Y-uR6 ukzMm'Wl뷝q'ƾO[i8P2֕TK4GNUf-pAR;#x]NBb5+X wKYEםΖpOD FK?z q{p-]qRtp;DEd>:o#%p 0ǩڞ13~ҚkPH[G@"b9cf2 |[:_6Ȑ~~qx%#w5;.z|%^˸-/ NP\KqV GJYpvꭃiu{L:n٭FC|u=w#H.3 R!Hl͠nU0#-Zo2[0؀?T ,3ܤY!n 21dxQ5 ;tfN.X!!\Q jHYΰs]@ ,6kĝ}]_rUE \k~QnU'}}Uþ߅ƞ&{z3Y7_`.#UϷqo _Xu^jM3M6Y+\ǚEoV%k\2JoNVxS5<Lt]'&l[V t|= !Y`#Ukv+6l7Kp铒JM6pյF4VQ/۳(s@G>^հf=>'3;$T9;huU #ׄ i1b1StDB-jj.JqA!Ȋ`3"hq(}FEF0L 6)*Go)`YKFCY[PK#PP0[!;9.+^gNc~fA"y-?!ė~;=ASq) Cp`WJ:I@|rKk_?>=k'rX^6Y4%.m]Qg-fB>K3ǚ C d_%ˁF:WvV5 '6|tۘü(R<;jWHJ*98hLW:^Sh-a]⃂m$JTy4O~b Stݳ_GCQL+{!t'AĄx ?hpw^B.2B Oq3Aq` jUݿ!z yUo:l|uzȶ 7:ASߛ#BFUTP(b|/Ziٖqo p4ohǶdYS,Il:}+0/3ɶ[=D=Oաf%$!H9))_lcNHꞨ2)pP|Q9G"Ʃޓ|6%xbd@Cܘ/]Q }h85ݫ=zHFFmv.V~MQݟ%/RjǁrY3uV)n$+ `OtR Hw`J|,!*R\nCHY:L^^VaT ъSx ܁*.25驄3R=P=.wև媢5sjtRz& T 8Pr8`gm͒IPmcE=I6w{

Zm o?9>-l^5Pl(Qpf߄ m)w(w} e1##A' TYkLʤK_XkiO<񫴊GQ"di$CYZ?psV~ C F3Wmuف{52CeeGxz}hKƾ=il[0֬p 78yVʇ"_2w yS~Kqc+^ʎ=vh6S~- _Ûaߔzea1`'@ݷ3}ȅcqc٥CzAAP  }C4>7n 9KBq1ǿsbST&.Jf {Oku`2hdH1Fq2ɪ*-'pԵ'<۩V.!\n0]B''|O_;*iuq< z*( M#L6%$ϱspN]˾-wԵغ;cOWHJę|[ }n)+3^HY B84сa貒aU tհ@[bA>T 76$a(\bH'QgZ.[CgJL=:D =-ڴ[xX 8`1Q1'Ѫ&P/*Cl|5V*B뗺d]vE6Kj`Q+Yjv3H/V˦ mM9p⫆'g9|2 j*B Ǎ_t63|8|;lE+ViƠsy84=.8`x-:|Kfvw7 t;ISEJ׿)[?\*d^ocy `bHr d\A%˶=]tjPP6z}#@;LMƅ_A^7.Tp)W=erakMq6bpaxq. `27HQGMVv&go ~u#v8ILT} thlVw氖eS AybTQ0dMTQŻ;UgW4uI S&aQ.[j=o?z]D#qP^ch0( 1tF 8+l/c(LK`M:+$U1{w t$P:ԶDH_EߚIaǣ;쫡֞auJ)ݝv%VbLSCcԖxE Nl0kUO b66v˶jTQ<;-;M2#vl}E3W2ݸURfIl/2nYÁ~NJr&1}G ? 9\ىx(J_sݫAN^ɰҴ[gZ;˯7Weck֕yHUa:CD45 ;3`*%x&^Vٔ_,cWY7'^5uVCoP]x.ʖ;ш!,4c. ` "NF qMof[c0)#]vҜ y\GA9& Ԏ{%>Tl qkdZQ1HVsI'S&zl|Pc+*I4Yt47̵hmZoRq˅ E_B̢Sx9ͮÊ|ڕȵ΃1~S]{}Ѵ2'ۥ ibw/T8n?¢xsZ`3.Ҳ\T89aS"R`1ڈ;#&t9#8Vq=],pv,ohYFu3'Fuc_1#+Y6 G_!FOR.$ vaL|ޤ)+^MJ:]Xd"u1l=@3sZ6"dr]-٥le@"zx&HndwPryM }WQтrAfQ_ΎO1#}<g.[FwXKYMn'ZKJأ -ߧUHk;}M UNw5 &~IbGiDkG" ya^zVߚZ-'Zjm* k68a~|gሉ}Zrlen6xvk;Dw*!*mն5qۏmr ;9I& 'H@9ĊtF}9O_m/uipW d =EQyL -6vO6 _ЉQ].RD;UVw&b rhW G ^+7WqW8 9BedӯLEC -p#;|1R* ݦ@`)Z3]DBi0VJvpU/|vD!fiF`v[ْ4hOKCĊc*J:*Ё!b ZŐߍቾ8 m g==IvpKGšRi_ƋI`{s8Ҿ(*r|Gas|;k"!,g$H"$G9+\Vmض6dyxM@xz'` []wl pff,8"+jy!ޫ`/lU3㣂<  %HBXC1%<?קFj?.ZÇRr̠_n7JJ[ؒY*'˯ iOs%?@rӿa5D^T|fr4q/"|@F+x??J2 Qwz/Q/b.}w>5DX;ʗF5Fß^&zx+RK[݅X٠4T+7P3 TD\In;_`MHt` Ro GvCrV(2@& :T"}4Qnqȭ?>;׎[aڗl($]2ޕ:т:["0/E|RJ :_z^WCF'5hq=C<#7H[*$e'AŬ N-8- u ;t6ǙuK |l؞;_t78Lst`+B ayHy6o Pumbβ=YЂ*覠!5nCe 4w fp6-a4\* z,ԉG!Ug.Kf@d=t^Gf2[ܙ6>JF`ۊUnL *l]rB%],U S4-#^%~|!n?5@dԌѶ$tk6#cHNKp[m[ AElU>g-7UtG1$? ? )?4BxN9N! rMS(Ē-:V"D4d[I@U B)?*hǃi84/'G-?lT=&U}e9tu8/%F IirѠ\\+S=hf @ u(00O)ɹ>oHlm")[)O봐Acٚk;=-ٵDG_i|uwjKGhAĞ#C12zG ZBz!ɚy>D#`+ѧ*Y9,x+h9 ^?Ư~ " ['Hp3[԰ʙ2:G8HKY 9& A/u6;@48d!H&_ \u 3,+:)QCq=hj dܙA&2 ~j5q3cɇZ(?M~zKR)%hPưR!/l%͇i09TF?_/ĥ{i#%{bD&.q'J^&|T`udcן5? OQNnpo o`ibSJN4+2/Q;:64N\kz%7lM %zָ3Ɲ_ӣ^ݦoMQSתE!sui.Z~D5"ҟ*)ۃpEF8hXBr2-A& n*jb$.o>8WN*o]?:uD5C\wgrmqL]0CKkbs(B501qpz<})xvQeR B!]7'#mZs3E$J/f1$ooEFW wLi+E qGbX<С!ey0Qp\CQoZ/t\j\Pggd4t{3eZL_32ecyw-f{6wF/q^͐hozj`r|PC@YC*o*IUm4J58%Ix{Zit$6{{Aé"S#v3=lG]ŀX苣i?PrHv\A6m,X㡰k !;PlQ:OWϪv *d`FZpdr(vEQpK "Ž冷 UۻiX26T_.I/mGK. ݆з"(3!)J"Ԙd=z~OUB`D..٥H Y?-H)+,m~ߖ`WRN Wk{82ꅲΛ'rXD-ZV{| 0`ԢI -f5tf>~a0W^DS#Z“JmQT&/bOAw{c1g=k4?ST8>c)>xcI& l1$p8:cw3 Gi#6hCs Vqle+#).?NlY/'}>C[-uWV 4hOq5ź ɣU\)RqS3R_8Gks1G,U?<B\Ybdk69g"јjsatT#FH$ͦhPq.~$y w-!\G:uy]pa f7h푛'FGOȑߩ6DL&r_:BU|{!xzdIDh$* йhYܨN!1-NiS7'zvk{H s)3%&ok9jo_f/,s݆"6m$NĽQ h+? LO.2`pR4rꇅ0]ʭzdOx)⍥aӠ(wݻ%g^A[Pi'Mwmօ_Q^ :zۗ/tUV<5C_9[==zyeόyȊ0Ơ[#Pᷩ* 8V$H‘Y<>03鏶-$K`̈hFv tvt~$ݜI]&RU-2Td %4OY\BJM[ ~yBq- en8bu E\K?ZrJ0 QyPr??p M$W~HGvs,8c븟 kei{j X֨GLO-9` E1sO]#0t " G-̅|4/6FsGdN.""QdjX*Rv@_s|OzArb Cυ÷"A1#ְ?uT@xo`)`Tq(78[y-L{%k,Iه80^g?{q.M$ ɃZ6H0U`RZ|*H./(||S3^W/'&>3+I!IvޫM|-#Jj;~ /NN/Y:w32L wbe>MV=H(mJِOPo$ʌ`kɉK1XQ`PgUB,"/oӛWe8C T;^I'Fv*gt*$ߠӌ0P;;_(;ha{Nu l2w&*qJ^;,F!w]!zqNvw8:k Mp*Т;r!^5yH[M@>fL߳狞^uNSexYQ6ΖV ״3xEGuBy:#)1)`2N0#Vԟ*_ᆥtmۏd}~}_";o?fomF|RL\ atc N!b,fQto]2< _ `KvP~e`/6M^v埨]DZ?eY'Ibt!;(^9E7Emճv8V9tz J"ՐjZ:a!}vJ&ic.$-owh0D*Va1PUybP us%j0M Nj5f-f9zDÃ-Ool_{b>b;d V ZOMo%'8\ C z;.q ]tϲ!Eּvˇ|Wx/Fصۂ$7^A:30"WBuOW, DbKnuSd 2`Nn[z==6݃wdZ-mVnlqʾ"Qa#4(sn'9r*VI_ STYH,L[-Iqy{lhܤH 19}S²dcw}jJ1V&G wDŽt?"k[óZNySҟZ_DfE*ψ_\[)VR&]?g{:BH8MmTdD̒бMe3kMw' w#eFhPЍ %sA$ind kaAW5C;;7Ooq{AK~7;.HwAa9ԼR˅ |kw&"~ETm ;;0*Xqy7|A΅ʴ?Welh&)4ۜ~^H%rLb(qk x3LIRu5+⵪g!T; <5K ZoC{:yF(g"~,=_ٹl[7 !;2 'E4uAsh3ZaDM*\YEպ&)8ӰiBeim)*hD2I!ESőG33Kurl 5d<]6VTjԯ&#Xo6)Yۭ]k(q|^ʨ 4ot&Q8-+)(mA3e$wN-hi!XD`ʚ5YgQe<~i-5 j߅BfUEnCf8LD{*C w\_;띺_xKBfMq9|o4F>};]p^E0]zb̑F ƞȕ) s#x A\ \E&Xɡ1jM-_ꪻc/r 38<-מ}18ۚsxD s0/fD(^[.MCZ}6n4+òEMg6hvx^lt,|k|^:)~6UZI_f/$DА-FhÐ3֌g~|lM߬P}.,# L;[Յ!}g2HnQ.-nCy5nsxAE(y^낸PV&;\Jnpag.tjR(4Q591OPrO2sߺ6_%_\*uGՙN d>jH+Gx#N,ͭF?`R]$$5@dx/{^g{{OrwӃWO=W6o'dM6-At, O9<3:<0t281L]|o/;57 MO85mh~ #qZ\=?>b@p c^sI& ӡZ2j8PJ i{U 7:rh͠v gBq=C`{8LFڦ;˹K%*6Iq[e+YNo ji GuIJHv>D V?;fA&"K(@(_>Kbs$8ԥ)-r/`JJB$Jh|*6(f=&ڂN~y,+|t+^˵{7Ҳ{`I }:"s|u!7UoYANneT8&'%_X1Q4Q h,a0mhU|8G0:y7Ӱ5N^G^&XÐ(۴Cdz)lȏgwb_H-, W0qWc^;n|xCMUuWCܽK!ԚhՈ?+իis5s䁛~pT$@545Rbٖ6Kg%xvK]JHSшm{*YE#ƵX kT</dE8%P$xWvT8904S?Z[`pZ:"ȷ%l?\@4ǜ&|084%>:-@r*TJ?9/Ӥ9 04,!jrBV}WHI5 U?=* tY'@svQMt&Sװc& UdP3i';π17Kwcȩ&Y /u2Dja Y|2?S1KQuE | 2;!1κːX$,< cDfZ9asdb"lO?K q.+ cx&+, x. n|s =i*R @/r3l$*ʞMe% <ͫ W S%ZAPM8P;)f*1Iҟ'ɫ^/M8Zn^@a]|d3$4; hr]r =3nCrSǗOBn2ə%6{16_|ߙT<@c/_ |oN}Y%ˣ:&|(HBϊ8v:^ t+.?敪>Ë'42qƓĞ~2(aX_gׅuW`7̐>ȔJwGc Cvŭ)= jʤD#n7z<=%da1uF,$JZp1DjN|1ȜF^Y B m``L2(<|nhR3 V3 jO5i@l^sM?TSk2QmhR| <&)`ZM@(olH i`Ł3p,_f_U(t@6} )bG-<ȍ<->lZ ,fbLFQ]]v0Wl-q.M{*[;msh!Ap4Xesrj@*h[*6k[u{'5VCxY>^~$z1XRMp)3M9Hq0rŴS?]9 \$J?i`:p׼@f=ٝ#Yaz1JTi̕(es惱aN+[5a$\0zpFqֱdW5\ԟ2k_Ibԁ8V$ARa3a,n$ڗT :Vl0KouGMW fݧ>`[WlrlI?۟tnsӝJGٖ&޽^/]/`tipB|r8ImMjAy쪈J*W vFS=sQ& v@Zeh1 y*kiarq-scu- V=r`NQca3U_8.F.8R(0dmŒC`LŌui2D_M_pe@:ĂnBgĨl4nB%U>Ɵu8. ~'<+~pcPfFCN%9w*;~a]5oRf#8uu._jtAC8Cƒ_gi>?%] bKph毅4 ;B#I{ Og2ickCԩb$'qSw&J(p((w,4ԔN{4704<-S_.^czcs_%LKr49!0?s6&^y% 5tW8nh;)؆,w;mt^/Yrstq֪Ֆ4RBGx&OH]^pH2qV?3[]6U+>ϟUHFC"H5F:NX3n"b};aCFFGb)JDndHUĴbg88:4g q.j/pS踊b0HL|$:+lGN]C"@$ZEX,g@ˁ b7YXpQdR?=t[s^8Y">;MLmvvH/ <'\3.7>S@KzdXɋۦEDM_!FZE~ 7'@" \AR,^?=#(-z ?:3X B~|l/GXM-IU!sNP=n|1]93'rOrLBkŬc3:S6y[Vzxn>Gn2Eu37k2×鑖L||HJL'EP;OtɬHJֹpdaـR&YѸ2]rcn$g;ܟ^8*!-װȅNI~lX۽IpǗ,MofrfnʽJ#5NO-<6y?$ 3U >eE g: 4'ڶ) ແ'7RhݤY}J֙c^h0MZ#- }d7>ΈN]j,/qp9T(4k$ w~#훔|oSG(9feS>ߝs &ɝd_.,ơ9j*AtL57+Dj؍33L|_2<32$0!:n*pPmL8oCg%V{Ԍ"% k֨+vfnu0'M!NZ90wytf]O%af \GK|\T5J[Rjsz L*sny4P?J`=({Jec>!O3D11 ^#$C[[!CRO䮠(qO+NfYŘ_$;e5iO xsRhDLcn qvAF5imIf0k'U)Qu,E踯zǛY}^gq;-ڡ>$.lVl1`5n\|N$- :>Ͷ͜5d,gL rw6.O3 Tî5'Xk` `}+{TbA=6?E٦y"J;XH/03gELP M,= Zzw53d0ws#7V֤m?_!lLlY)QaɌU4:2<ၭ[2ۖ|xC6y fLl RJ[f6KIm!O2CM%Na"k5 "g0 VP$%,aþӺ)$hë)QCw.z&^:gכss@73_D} }8Yg&3$eW0q߉af`ƫ&(v''`YJRFe`wP#ZM/ e:3_p ą^59vR#ygP:VB`%V!wɗ6w4I{@ \'A2瞫B?%f!cS Sঙ7ךD!tDVB`wl᳼`8A^MKkc zAюհ[Pxvk0a\aoA ]+0lad_}n%`9%ݭt#P4zBˑhGuTNedvYҝ V5jE9x!:5yGsJTVϟΙN-(Oi"h3V'\v-+F( ).8`q܊Y^*gTUN]~ȄhI$&QCbd},Z0)؁D:~間٢!B2&QH<{Eg!BclCG_Ew[uO0a\('Iq%*NSCϓ "6ğSX-li)Sw;آsokY<92YbбWM^pg+l4-p?oƵ1$=:SښLAclMl{bo >$•X2?Dʳ5*z60Ia_^ʐU,D̰&-8AE4K}↦Wb=+B iEạleԑc/XvJz-TFWf_VV׮U/'G8/\s# %MN) ߱ 8Gn%ByMq'B|cLB%K5:]hD3s=tg舻Z/R`J/ΒyWc)+ /gjR3E7znubZVEAho`; VRJ_nr*F9SaDzpV*"lkhYaQCLj[*ΚaZ3%@T)߀ ?G4QѻߝDsvspU =]m΢yjqL 5D>7dzPr*u~*e̅\~zŚi^HlN.zdBErDh(}qBD 4]MtZmVzd4ȄfZKb.B}{@oVe{cGhg=1E7*U gԏȂEǕG_RܜK]w B8 UL_W7̈́}tK[?>ϒ(G>g2?I5ށBL:O<jK1{8v$HDn^8d(=ڐ F4/vR OxŃʷs`vbQ0 xOJлs+ Ryua6 ?4Hɤ63 @Dxm NFCA?wɨ[Hh}(SC^AB4҂-gZD<3 rY/?EiN at@[$jǸ3DT|w#|/OrTE.!bKŔ(jc1yZKKY/by!A $IC#y%n)Iޟ xĉnDS )+!ANBԛnь0Qa䘿Ec;t2?Bc.XKFK.a+MD0\ʤ8(n_r1r9ra !ȅ{gjd9 S618ɓua)[ElZ$J9u&;eb TL׺B`B6J]vԒ3hM1QedE*ǽo|Z:_[i@B˭f'{ײL ,fjDN`\5RmD j;D·ع 5&=Kc%|3eQxV.ܨv&u7~i@i|BrѴ(C~oPNc!nɛq$>oXkb s <ꊞQ 7¯w.+Chyg3ZNx]}9P|fĄ8bA]};UjS"-um;Qڙ` 뤞06+CxYY5\65P,cJb\v\~7FXZY<.~X^0ի7fAqņ dj߼$v~[V5E<?.Wce],ğM{lɚg me}s}wzciNQC &6"ͧZtP(>(N>T3J*6IeP&do!HԏVr4V ooMXpSj ~oUbΝ#ͧ%cȑ*w>#.Ye0֗?;X=]Eݛim$X +Zɝ`V+l'4(K-)bs+ihnU !xBrHR5 %m[R3x'at2 O]]Ư]ZSd_MRj@jx2[rPXDWcss+5&`FIu:_$'x~c!X\òQِI3HoJiθAs xpM@mmad&[^w8lDoD3.aL$ Y{5;eg+<٠N^2_@iFk$ܝ6zUDl%e{^GPd}IAzcwnKyUB&"*{Z KS=h#1}-ZAW3]UI㼆U1e'UM @3뚘x&K]CΎ ҎoNSQ:,v~S7{ۨxWiir~>R`{W05Ɗ _~dS#s3d>]AFSUo;cUk6x&-w@pO5"n 2*Ltj CC0gUgxvͻ~bO3e7KSu@&b! ,H'a+ sȱsTj =A=&<6 72r&^sm-pRjwqe*  bӉiW+Jyr]2g@v kK^ȕqMyP#Kqr );iw/32U H&ܱQtÛ@ek J~rxp6r)̣A ;ʷp!fDc5'j]&ߏH;Ȫj~H2 HgZsJ6UT:>ٞ( Þ=c?8^nj~Fqx Nȉ9I&aBvųKO/Mt+ |\ɝDQkq(Z1ˢrw(hMj:CE/ ֱsfs:1U;$HT+/ɨg]8JƊWZQn\vZ45+ÒFimilU|XigSc򘩆#HB-w*-pp{@~)S@Td/:'#WgB">OK󠄮&@B5a H*zh\$zC֋$@H ȺazS/g?Q-B{D#}^켽\ ݙgfN~@?D, ) }$x `,8]Q0-!+[F{; g!C1KG'juCބLafo>MLGjc(kM82Z_4?:8n ?(-e4bAHd(1{>7Aiק=uHڊ YW E5 ?L/qR2=a+}ʱ[|?kG0o>V f@ }E4ŎN˿fh6sY|?#10fmR`ðtE.!ӂ> }shbuzڿb?ۄ4sԜ WO{ (N!ϒ 1lgɨMǼ/IJ;`dIrOTн'qOi])W3F)-wKi8 ~i-u~n'|jZ%2qeQ`Ku^; 2~A?.Jc[nt.ǒ7so!*4 =-%<:imjvwN%>`PJӊ NB_[k҉8?[/^3(0nZlvJȆOW#'@̶/?溂i\G!aqu"zLt]l) l?XwZnl ͦ Iz(<U闑NXW)QmM!jIQl l&JL!2F{36\3xgC= KrUGTL2&IRMTV3:7kQk"`).55a#11DqDL\t"*(V %8&YME2̰kM;B]s2w%&=ʢr/B Ӏ/qF-y ~%v`v UG!K9g :+`A(@UNcؤ;q#KwyiybAnG6jnBle5DdF=nJNs 9*ihp(XSf40^|X8o. ioNF0p?cFZFņ;& N)ǝ58hf~)@oEpC]"IΧ @wJa ib߈ǟmu+ݒ%vɌHuZQ[g>Jvӆ#rAfYXTv PQFVqOG) 48ok'dp[>tzg?]v.Q,<(͋W$ lX;c͛C2)UhpQZ}VϽ7a3Rn*?K'm QFʹ21|PsvM~2=!a=ܑ3{i]GO["me$h2%0,n-;"7Uit( K7EV<ٳ4(FEp~OPv,K<ɘ?f x ehax b;Jǎfy]bfe __llpf70L&;8NVr&yZV¦o Irf#ZKo駔@܂ &] o ^U ZIvZ K w+ 唻Evx̉!m8v4Iz9P%K>:Ⱥ9$e*:}Utϡ('.dK.nn>>\{8"2wl/xAAD(Hr!i~8J!Tt:I@1Gxgjxq =*=3!wxEVkp`ePOmHYы© sd_B,?=XBs6CaOhr2Yo#U)ROMs{<0c'齈$"T;k<|7nz蟚xEƽNPP BJY)!*i!SX" _H%k9B|n80'?eKo$w E0%s0kKf}EJvsg:JIA*j@M>̰(W 82*H8NEmaM_O;>_P`𷩥 NV.ۿwh(z>r^]plkXXP-̭, 7,8# bUY~stV:Yw],,_b(ɆDc K]υQ8 1}O뜂 4MYjéq>]f-CRp|}hJ '݀|yD,Zg Ay a*Tʅ9 /Dh0B,\GcM M13:%;A"QFkLBdQ Q> HoM`Rk:Qz-! -iʉ@UԗY8U&M56 R*[#R/]rs h9:e79,%k:tk 2>Xh?ئDNyEZt8zl,НeXV֌o38pG5>M >P՛u6+gnES1\Y.ŽBb🳑w`hmrRj?:!džOz6M~_Gdk[nDk<#FzZ 0S qavƜ(a&P/R˛р'9LxnY>6h(DiTlÐI l,e%V.φ%gdv (ѫTg:Џı}5BoO2pG nM9#`ةTCJok2;xy^ a2U284Sߥ˕f6/fo[!h, zf°C7q b 20 Ԉ,Hf}96" } Gx/n?Odqػŝv kͯ>?y_?͂~|lmHPβV/MmdLe28=3ؗ5b2рvC {"⹁\{U4 '׺bqG?faH9n*j<:hY//Ju!~ c5$ jg;HqJ-ᔏngDE< PYi[myęhfX)qr?lX܁?N]LDf;O@PIxpHRB)@L7udd-29e",\fQ*k}x'ʐoI$2!"?pcD t23P@5~z2cC~hL4eNBZ{onYK.`_`G󑶒D%f[(ഝdҒ`{ŏfmmU9EirS̓_T4K"-20בa;.-0- 6}56y$wOB% zѣg ~D_PNd,C=r$&4.^r!(C%kqz8A`pv<}4=@~>ѮvA-9'0.Qmjh3$ Y^GPp-Ǥ @\.D<2+z[}zW\贚V; {?p }/z_3vUz15H vZ2 JM@mr# N"4{2SM5V;ٍiKfܴQ ! URȥM 8*բ!J>(ѝ2, )*oƆ4 GUM øWH>Ţnh}$ѿU#ꢪL˘$^&mvܪm1fHP7q-rM2_*mJ[mB Rhw?4/HB\Mw>83KKbҮVP);ܯ[M%O.|`U8 [;&R|+'/PMN-OԂLحX $rLM x=$˴+ϵڈjj <麾HQY%e, d(U$0lJ-D<,M-HxnS+LaGQ$̾4-(ǵr9az+ERh'6̭ZD5ɊnZd:w[B)eȁV1Oш%ગ %ҥNcUglᮅԉ1=Oeo.ۤ|C<֒k`4~zX8|"<k~[Xaǝ ץ˖b|"p4ըX{C]d#$moa o/vt6%LV|ie\P<`nn'~'!y4ʆb d-$&T!@㉋B]F+:O$dS>2rP a\~1j57AH!!TOݥSV:΀=Cd9L}:hU Bk}˧a5BbXұj![lq4N 5g81K7e69m:qV b]ǗAcZJO=X^ k&LŶI{{h gɫ$^*6Ԯ4{RV} A)Kȩ+-aw`>%֎ɂV-1"/B,;]shH 7N`78`}['˯rd:EZr=D]PGI(x< Mh`{ 5keOcٓ4{JhʯiSj H+F&'gIs6H@4ٌePqJ/d;MW l X}ٴ%T"# Dߒ jmr{VVLkNRW'&RC>1~7pb3`ðDW٤  Sr0oR.BqH19ڗHqhϵ +ڭr5IkͨqayE n еHxE1PCyq\0iuvȹg cK2fVHL">=J|Slrn/\mLQh1MBt8I+Y#f@OMX8=aAn"sdfb'.fr7´9Y V5"-e=_7,x&|vч[K]Iۿs11Z<_/_xW0^2s7wW>R+ ֟ExkYHȇI<^~?a w3ğR/agק 3]<*WON[s2`>&lC^,1..~`,XTaa#!X[kP|"J`>lQY;IP }Aѿt;s r&s-AQ8cƎ7{o_OI׻dd)@z K|y$=«qaB1'E} -u{$p:}:#x$ug2O] #`fR6TY{lӎKEؐdʘlv?z:}:ڤ:(I{yzvgr,Ӑ^'6p,(cPAR+Vl$`C"0s)yS.Rm䲞x-MCbe~yyMFR_B 7˛@7'E(X żdeA<볭 udQpsu{EDs@| SPoQ=sP]> ļrt~E[ {މI8w>*];?acMv'Xpl1[q1 ځ~'B!࣓ '#tfL By3WBgEɟU"U-lqr?zyM8bUՇ⌹_Toϔ<ԅw)oX_*=0oHB `'| S]2]Xdu_֐4 bDX~{Ġ'$(Iu7E* l$ _,wK-EDDXoFRCl[& Aȣܭ"i:1ԶW?~,$dA"+#2l@˴!`AzpeW x-zp L%߬.m- 0Ww"JJeD/c.kYgUyqh7y_Q`CIUH%f~$Vk%*g\hՓU3FOt0M1&gO9r-?) W۽r3heuG*v{Z[7e˛7p$tP#cIp07uGrN' \S;օs=h)?qopm%.<XvzJ>  ʴ2+prEc T)q-&g/r!"  dXu9yq̻t("?NYS IYGL}k$ⳐmKi8UZciCqa򅗳܈mVghLmɒ˛0f*FRtKeU4 |$A #br9&Fy1w,r;dVF K(s@(_hVfs`ZWÄ1sv'eՉ D4YJT3:[p[ԼS+MPeysU+lYV;)]SB̼zacS.㲭6؍ޓŲ@F)K젇ul.OC}˝ʦjOVP]/A$ LAt}8KS fӚ$y)$r_Zy9@l!ߨ11Wvr:,:[ʌꂕKUe=4̳×-7r•,-qz]ωL 7z6%6I`xXҗ91[cerWnxR4"V7f7;iKʌS~s?* kt8+P0a}Lw1h0bӓ }t͈ئե1J |+2vfY pmC(xdp3to' F'!ֶͽ(J[f$@:]B\Gr#{63@;?& Mxw0?v'-1f 4-cSDZZwőYL+GBSr yE~\ݰ3O:뒱e`tœ4>`[ MFJ? @?}i/>WGx\cOr%V3eKIe\Q(UI;!{|wQ x2Kcp<|"m,G rq=]NLcNkdB.{]be6w{-hi^GU#)!/͖F[\%qRh[5x!>DF`1 a'dͳ1a rחo#4!AuRФJ)M j)-kwlLXƅ%8s 8 Cr-IBؓ!lsQݠ>aO6&jUw*Χv;Z8n6Qm5k-& /d!(mO0R\N"9}Vc;ZcռQ)SၻI^ߋx#7ig=L (TՎ<\cS72<4XTc49.pK*{Q_ 1HV~o (lC.T Dz~P {8d@I=1]VJb-ՉCĔ w)מ.>_"%[Y>%۽wx&x2@-3qT'K(Vs;f,d-M#'|`oezmcSFmsO CILD]ϐ#=tldE]HV*:<<['@܋$f52-h|؅Bv}Ї|ފX$ Ī\W #9O@>4,nky(4'3=ߙTޫEO=\VNv7O?+z hf?/3#9I"[Vy#wRd]5 C5jXm Qq2u,d8M}Da#u]oyS ZtIBMb^- w/dng\&IYGwE׹o)=#%Kƴ%1M(w@:O} !WCB^Jf[sIXȢiMwXȆ{@pď !g,j_UhʜA$WxQ62@{beZR!##S짟"&K`ˇ 0q#Fv 9^k+suN)\ t|* MUr0m|~L\jArkG4/,rIcfٞ,~\Jo4,{}3qXdtiӲ;^*g"&E(0$< /uWbGd%~Q^ Qm =5Q\=?'؞*4ȫ H\94zīarAV">!^_80[j=8$oI|1bafa# i7Zw`#܄aTIRwi 7\.6`eԶcb#L{LpV*'F8ϲlFfAiqv&Ţ`TޏvBͽ8]Kyzh9Nd;ԇ,oa%6uI˿h12wh1̉\s2JKWX鴵# Es^F^n^❰8/6ɖͅ mW f2i R`9CxBCŦÛ%t ]< V̂O]TK2E}_G*DkUP(-bՈiCG^DЌOCg@1;Դxf<ske#ypkȌCl?[8(1@P竤PXf4|K:3W|kk4ތ!JS2OmK9--YEr=+3H[ HORJ_f)㮭3+3 翖4ު^,% du(I'g#L% ^h%Ux] qEu.go)vNt 编|XƜA1mܒ)kuT%V-` #}+K\*xT➩,Q?]շzM!C4󵗿9]K(ĺ ^4APDdjGD~C  oLği4d8z`m;qZz땪]@ /! mxҢxzw|!Pb]S_xA/5r8W^:k.l@LUO-A*X>o5ڵ&k =ѫhp+|Y)2 [wB$L$NUVjЛT@ANJIٜ,et.9GGن$)=<ت0WLvComWh=3sTHDI&kU]찷D6%9G]m5#S; )bY+5fF1RA GvE?y˹=8Lw$4%ٰz`9oC{nsI?bO2Ǵ+lGڪcFR07Í3_Nv? Gv2(h#.(8F+ K+067#/xNGIHo_/&Ȍ|,,{zkҳvk\_4QA8݌{?A?}ǑztݙgN^1CiY1 =y6'ش9 F+ FҐ9L΀#3'՚5GCT#A'wqk'Xn,X.7x!cNKg<+ߩ\k}gJvC|nV`mm՘ OҎOXt@ w; H{DݜKU OX"&Ҽ]Խ=aC?>11-֘~>Ky?RD#bڙk.AЌ| 0BE h0Bhg&]B2`hzy0U+/)9g;q].4J^҃`荐+H>R"K'y18ۑD*5*)lBeChcjF56iF{S`yDj"4jR'k+wkBPОٲZG" 4ٚ-v@.h謯B-U`neQ"S#klI![ K@Lq#L+em/,q2<7p^}l@_] Oʹb̄,F?[KXޮY4'& (԰g`ڑlrzR}0AEEbTvRq:=,:'poTp{Q[{H<8dfD~M4jVhؚ_P{ĩ/?T'<)]3Y_8,1x6360pۅ o^;Gfn5+:u2#'!W_oXzFZ[@gW.4^Ci!;~Nd,֔z#(nJ݋ \|+a eЃ#U润/vAUUMA2v{UU]:39?Axya+<\ {3V(D{#yqI< [sK_{Ы^o?*;b='@`&~KC-q`kr[=rYBuX]~._ 'Ndlqj_8+v'p'4 dE-P7x8:85cӶ#}Wi(c egxpLP5/V)5j3tļb!Zsޜ7*8\X­ɂ6ꩫJ(D.T jPOR Zê˄T47)/Np󬕆;'m(E'{گ(D<r~`W %n6}4?659ykšO]'qh'/ZAuF:GIwxp@&EU@cʹ$уi&t)Z^"-zRZ;=%}v:Z5 &Ae?K@ƍAçJ E8S2zJuT+`tU=ft! A31:nY+*ts1#r; :nV Aoy[l60S`P/j?0 J%V:iRdMx::s$ob;z3  )PgҚ. D5/d?̉`/˨8v9x&;/MRe&FFbƒOy7ݨX_6`黇;`y2ug1FӴ gLN_h]N+JGV.@ՂAKjp`1@#Ud9rǖOHq$ M@aP_ hӗau F[!!3RFpFhWMa_Y;Z̬?,6qdъ汭 ,8_ky{+IV쩙#zY<`[.eTO"Gu4zَk Dda]-.װ+6Xxa2ɿBf$_XKiA56Н-jX{g1|M\^oC^ɣ %_Iľ8"+;8@8YkLo],#TJ+l@B#$dC wW:l9QX(1AѢ };GЄQzND*^.8\=x[Tp9|f״tX7R l]inq%L?v=MR둵$9_N[*+ƍ:nݡ#2B=P/92}֬^{l r;îzBZgE].a0z$̔6hnPqP8@*߼yOӲ C& p0 x~!.S͜$x'$ZĺSF%,-cXK::St ^<m~2|~}챕q4-ɶƕ_/-VWndm@&4&qt>SNsü%㼮RUcpSDg1/NNpsdq^j ;pȐ2 d CiC?p,o8wk Νx|-'+-"c G+=硩UV"g_+?F7D=kV *q0/ 6φHV{Y0ؖr*A#}"P&KF7G_ݐ83wK/7m7c /qnS6p;˫302>y^8ϴ 3uncBO j@L wِ.T( 5/!h?=x:9> !}qZߴ=9h%>q_zDA6qXs\ƤgfjSQ/XPad K|xt]$5h଄T?;L||CQy75Bk`7nS;$])]TzcܘgyLQgxǔ0@dwp |^v s"9 m/GP!.ĸ? m$F\I1re'oG&D01n.g!?tbt Hܡp/cjm QG_pf&H>rvKf\^X^^_Yr?;CD梹ZBh d`2t0-ιUG;LJSzyAO} HzM&:5xFI`B]^e ,IO>{YU>>z@DO$gpI$WkC-+(BV)rUɶ#؅Ǘ_P ,OM'` JMw,wsY,bn$[. l )My.?kw9B35(M,H? 8GtBepÏ}iC-1w?Ffn= MX"ATX{\6nYX3)Zf`oLZ8Ce2:2Ue+}!I xj ,FG_^7ks>96zH#l2o>h CD) %u b'Y܏lŻAxl8=p^jkn#]P79O/r"wKk_ʝIV``9oLb>^H&yIȅ_uJN2zL1%J~|uU՚4#)8g㝛D$~cKN)k |[a%0I"qVg.}Ca"kPw<ɊWvL/\uI)/1TAGeA~J]3PH?aӖCb)ќOZ|\XCc ·{ƒ%1 r޾G^gsߚe /Srpab;3!&0SΣ"`Cb;KXh[,l(U pmbʄ_1{"-WTZVeSո(F@=æc1t0d+}.)!\G[fxW;iT+"յY#F (MZܟR;H{-7ad=AC&?bftH*A1cw <) |dKF! D)=႕^R"bO@s#HoXtepMO縠MDC.GE+GB\B#t2, ';# t->ך6D?]=" ng#fep9G!1R  -k/kaXXl.<:,OƎ6PK m2">_䉰 <"aN%UЅ$iYtԗL҄~R+}(⭦riE0ߚh Am4弤϶Clva{*YzC$@+XY=چ)Ֆa/gBfń$㴢>R ~l39)vOLk.@ͮLAzSvK.<|lk*PG(ב |j򯹣j˂q;Xc1hpVF)Qp ~L9A7YlIzH@$sZ V<(q3Im4ޠe*UX,g$-.ˡ285-6FjL+dTplirxdK (mYkXUv@zW{3yfl戶'2p3Ę5󔋚1hg,ŌrTۺpqfs\oRAeسGR~%%\E_ @YG>y?ؚ! BzD\^ +&nfk$T`0qp(= KpSv+AaxL–y[IMTRCwv5EוhV.:צմTЋ{F?G~Np3m2;czLIyL~ZT93d[#ń@kIv41We Ėz88h, Nkgd6P\ 1z*DJST:x/'6~Ě͎y^C*WC- .KUhogFW#^<¸uz&*ƔO޶Yk%࠻ITvSN׏'`cR>Fc7ihU4&.m5[Rl Ù9>ShFT`⣐ݾ]pV/T!͌+g22CB\ gkSy|3'[߱?z qm m9ì@ColH O(j]J,KReF`;P%ZQ8Zc=c>FxT|4%31%gjS<*Laan~w\šXOSA(ɐOl>ߚ0'zf|R+E s`VȍoװRKbm^u8Isl){1ڬE 4a+ݏM40"_ݟ0kU*7 uj^( :n$W䕇&H-zT(w̤Ju YpFOgo~qdd@sGƢ=t(O+۳ؕFݦ K K~PvCt2? ÅY #r$q=NftXn_R^=w6Ge0PJtQPI:WLmSP:|kH:>w@alBA1)Cxޜ k+g}RèlY1UkBr]RMvskyu:]JI"ԄXˁLN_9{z@֚*Ƒ~wK `pAa1z9b×kenX괣s۽x 6Kl6FpP%aP&ȹ *Lӣ=Ƭ:jIgVOD"dܵ s3tK)X K;J~VtYĥ<+ 8(wQT@ +; E],YȄBCe[x S{=:#QJ:%} )YNGWið|hnG[:z&> )EXV)OK x'vs  |XGV |Z8+T->c*qoFP]+6H: ݢ_OP}&HS ^Q.o+<@ЬM<^UdZ| 60}b+PSjΥ1݊7fcA²/tZ$W&bT@@%|?^.²Q@^*t\蕳G|GrIKr "f(@;/3ֆ7eCymxa#Dirfx{]47un١C1SWh"oC֡ïui߂FuM0 n3|†Nh˥qeboSL2n]WܗŊo%`kɉѼZȲHV\Y@UQL8N$le^{gV98a4/(h6N" ?:,ѐt2s:_X ~{~K{4:ura(*)3Tg,Bh^tij_"iuK=s'f򓠊ނi"gB'BH#`w9p|[g ~@'Gvے]xpVqϝkrgrI\J j]TF$9-/pAEڧqGc9 r߼ By/j vߓk. >5뼆z blrR55*͝ s`rbabgIBYڀ0tEw[mvNM^]PaqRʊY mQrIF Oݻl0Eǿioowxq,h#Q8 i؇+of.| bYL-!p8&@vHKn4 -&Jn{C-e&8N1fW5ܴYnqC;r|CJW7&M:'\k+pE4T`a^}W[eT'Z"W4fJS֚FjnucΜr 2'3"d#tIl߅ngv lS0,!}ꬰX' e%}x_-WNN#4R S/ADy(.𥊁J,W*AKyh"yrO؈1NzX3ۓi2VGUEtBFi{CZ"'`:2^f7S QEg3cw 2KT,Zޡ֥J#8WN2@Q MuyUL_Uh?[̏0!lPɌۺ㊱a־ mЕV\c EOѽ#fRzKJa5JC_P6 є!#Y\GdS:'E#$8F2dHWCPqKM<~[{9v 6p~j31~SP2XnNAK/]h/-LeOA|o~OV/W|G{GaH~u끡pP:@**: <4y/Jo=OS.h B[ 3>.(OS!f:A)/`XKа8Ly--Keg:iDlKTӡ^M!p.2YpJ5=}w71%įP71%p%]{҂3N2R^C/]Xy*r$QW'f.Sk*'_,;c5@v`PODnٌo",/Sl&_Q66l;:2JϪ!+~R&r6 o(?:hZ_ 2XL% (FuI;Rz?Hc.Ҵw 9>ш.(a n ͨ v}lZ0[RiB"0Ja /O#$iZmbk>gW3F k،s=}YcPˏ2 QӇT* 6*;ΨO˰T>藈1fFf~y#Omˑŕ;4QS~ S,9H['^`a۲.?e5"y^6Nw^Ɩ*PIVP4S$; PD'SH^il)Wb9n:BfL{&6Q9zmguv =$# [ٌ gPbRjG@{71*o>BdcĢ""ȠsiZTck@Kj::^j8jLA60y3bu8In~%h`qkw ѹVkQvGse,8vԧ 06Fahg?VpdF|j 'ڱH\ҭ}gnZr A!h|FzR`Wnr7ɟi ĎO6 ýwʃ [5<3 F焊{Fb*%RMD2YaBVfl3!I!Cwҕ mnf7tG-0q ܵC5늂xsc<&nV+(H e^N:.tVKk f&rS_. #"b[iU==̡Ͽ_Gk*烜6%PB|FNT/t%撽s{$Kgd i\V܉Gro,T?mDF0`H}@svpc(cG9:5m!!ԵՎ-;!xbJWWb ;ȶcBELw`sK~ ȌTqV>~laX)EG vo0E@fDLHmma {eh{n֎x_aI7 pA]}]Rh$ hOh慮wh1VZp3}r{BqQҢx&TxhKtY"Jq!iM2 RF}rRu֌X"z&cxUEb# i(xSf(`Oyb0\=Yb咲(XZM`r2,tA'?̀ j荼Kn\W-RIx5JOS.UmjG U!0ߡ#'t\kk"$?,rQ!>b+Ut:LXdƴ;t́czy4@T`!GG Ƭ٘|C=7~Yt.l#Ag@B[ C! 'MqYs䅐a7iMäcDȎ:o\CEB5VO"YO'8ʦa&A 8FTf34Igc0zM`5gpdG l/zzWڨ_SGLܨ~K}F. NCHWFuR.S`RLJ}v tN`Dݯ>QnV8@/UGJէE?%Tc2F0Z葖k6l?1F2w3 g 0$KJ77lm9*C-&aq*qF q7aX1!!vCsWZʽV ?$\Cj"&=Huv$ 3l숬֧)~B9Jޗotlgng!)X2H  0gi6x,ƭ.Z`BԌi .#@,a8v>ޣ~3bt[kWd8$|*!rZKJpSp,2\O3al5pzPS/_ <{J v+UVk.m\F$8QayίQ|+曶ݞ-SkخМac0/7#“ښ[ՏN*}m@o֝"{3eH}FIo6|7b0堔ҫYGI 2F!ygdg=-O+w ӛ6lI?~<"ykO*JVc>%7űEiwy'-DrTN8*0 gr],,C+Q[/PMaa*eh]l0@߮~[T]9VC~w8uO׫J7!R v%.29 ĂYNŧR!o,%df(F͏8äxt@ux dMLJAN\mm@)!;s =Ӝ#ٰ>`\ -I&֌b!t1TCNҍ'iY|Jtl#j&uqm[Opx6Y7 t_]k> yxVOHF}0/B99}T4i{-H)e(^0Pɿbʰjڊ:HW=ӿ`D @H02wŵKM:)\y)6)A>x0e Ȫ^, WNDPak $RmXV 4d>;N+?9zg\'jY,|6Oo4#Ac)81w_NzV^x%1R0$qXFة妙ѽ;"  29ij8l/d"C uJSmGbjC7xdOe.eZP}k0iIz8@$=r`[ %Zŷ@bF]" m` d>pU&"|Og!lJ{5IQ#cw f#*OZZ<3WoƂߕ#9Ges/i.؟eɠ9y=Wsvd%mv T[x0}ׯMY}&%oGX\w}M-Xj ZBm^麺|/^-iɵ̹JrMK&*pyz"Xqj=X7MgЎoG8h\rPYV }-QOǔckQA5cj,g vz ^u1jϓ[<2mZƳ6T'~/>B,PjQsZfh욯9S|8f ?jdS>y_Zvg폶W_欱Mhd>vlvCptʑ; .֝9 Z|&e%R|ی`)&/ udCr^_sC~^}OP+T$KHtp72G+ -<׸9SCטwь1U%c$BdEė%x5,T\4'Tdx7 uHhPP>oǢe埲0$&)3Fkz)L 眘|Ck|.+510 xIvG1 2WA ?y?d];ltB&ooʃ}]lV/%! ?7|F/4uWbWm;qA/+hc4!S]Ez`IC))b c 8οf[ul@E K psQPWYPڎ~jꭙ1OtAXkotrɳgK_gJX{ȁ~ivmR3p}+bP n8 ՟Ē>? 0QM YѩC_ɜ2DqJ|Db@GpLeFVіN"|Z.|pHs)!!X.0 XL~tܞLkX,0NoמAm9^huNgƴY߽ZA0wP$$6r$޵׆=>joβ-PloE ݇oq(W0zZk H0k%y{e1ÇN;̍*~S;a;4hVITA,.q=&գ 킓AW'_kدAm>TUGMލ #`^.o~_ъBLmľTU7 I'j:!ݚizdӊ]OхbCKY d;<뻃`Q'Hc=TA/b@bwQj+ѓfZW$O{qM@"bbW=]~/'NihA@G1G T:՝h`o1{*;fu UiYe4TyV|S{9t?}]6p!\ӧBESvDT&>_pl$cGVʷ?0jʅK` E6$]7lSGKœ)?Eir!2]J~)>9VGC)0 ZdOh3J(/5z ."˥5.}K]=of> zJc>:+u XszQ,@YS_ASLxN/4z,YPb|pnD`Rv~UAyKzlW'4nh4fu=枋 cr8YsXa\/X0.>X2@m;ǡ5'mora]#q*e{1m=oza(HYqKVykq̒485 r 9B!}pwO|c)r- 16'A: qI<'n.:?RC`ⅺ.CxNGxF9- A$Q4<ڊ0{vd-a /6!+HYgrl*"~&:u]T:*)Xf.yAz-OHmo:!|Q:tE(@-CXH?;'ۘLNn«.WO< hIC.C>f.ErQ;0lS"N,C_c\n=T<0ז*8qQX/bG`ǀR<ryqG}[Up_EY"; Z-Mu꼶*R;^ΆŨh9@o6y-PdX2K.u;aC}%tp0~0=툓B2Xna~% ^"×Vbz ݩX۫H%¸T;7NjZ6oҝoiq {)%ݙNf v[vO]|ki/=phAU~*wC hx}'t>_ ^cLX3w$<شɢaˊtlYZ´ޯzFmlڅ- ef{oʴ֨,`}r! D˙ԏ{%Eyy'"nуf.ДqhQvoYBD0Gťi=e )RH'\]8ڝq-VX+w'm{DhCf*3|ⴧW˪1m+[*A+٘0[;n9R]oiU X]hcBK+qd6@gaL]֤Y7]/,=Q8Dmw$ZtLn,0NyV>L_D?,&Ĝrj}\wq [y \{&7u,̞eA8]yt(Im9'{U 5;}|%G ҖT6hoCKrH;Sy?2d+$3H|aH=SU•|21?nGYAЉ5,(>694\Хw/D2M+cE@5BZ|j`*Es/h% P%%H{.ZnznI+)0s{`+W>f-Ӫ=N)EcөǞgW.Βb'm mX nMEJ\2n@ ", 1R[SJ }aZ+ "Hcorc1U"EWHÅ=C!w#: Yn@sA;6>%1Ƚ:eF=[mBkNJ biЮjU䴿MZds*%! ^& 5>?4I淅.XY]j^/ 3qp"2LWb T5*"|eB2𸺖6r-D'g+nHUъxʝl[< r数~|%+ZX~-7 K~F)dFJy+`Yَ K#KTLS "DEPeFgyAzElSlc8x"TvgL%l|?>6B16q5uI5 V# AU=HZ`B9tE>DmzE;i/ׂM^iN7lP4^Vq U?.-왪K.4Heb1nASUY'Hѡ@rc@˓u8r!ҀKMqzZJ/e<"w T+)(qZiRG,(˨1ޒ./z ekEZ|ỊO}2SID Mq?pQjKEw o$|{Xnn3rPNF) /G T߲wda QAFwllZ`{"&L|p !G'~9Y(3X(2WNZPn:U3nEp)8(ہMR^$?9r,"bY,^5=Zo~ès; gv%:3/q",>@J4+<$X016$J'$G ~g4ޮblVP <}к!@z>h3j^@_XX0[a1ㄋ>zs 9 _S"f?ׄ aV7'KyﳶYpK$C$`}ፚKdֶw}<ԏ/C'USxl4D+)P*[eGWB6LHyQ#+Tg'_,#p`lآPg;f:*_}2:@8=gު`AVV,z F8"*]l{ҫT:|,Ynγ-TՆb_a4nbpǩro (ZQ9ɻ?ޔDŞzS ԅɪ^(=Ўq ëLf]F  bDh3qBw!M1Rym)WlaxHp`ʱУK$:B0pokc0`F>9 E )#x?ɗ?@ξH3Nje {/݌ J9, C<Cei' V9T9;^˓T  N{,]W5ݝhOdR1-u,ɰpߙS]qjߴdϞ xgL%08/k)M0c$-%޻^loC7GnEHJQq^\F} --M|D4+N۸8Jjib!ʬkR"8 l C/δi2GPu4GRh$Vy!~ηu[l2ڊeTcG!AVj}.W]!xlGթGDIծQ+Tc}¢ҁNѣ\kGui$m߲27yH(h%iDS܅ΨX+-wO(Tۊk7C061ƎxۖߐT5Ƽt충pzH49qc ȣ%>5 _< Ww+Q&WU}b(zqŵ_zV_Lκū9Z~cj}LzSIvrYr >x+͊?'^օE iV^[zax|\{|͖Wٶ ƚl=U\orSd7;Vʙ;X'M׸A['"X-zi.r O}ZPAО`{dQ߶0K^ bg0{ !8*x:K 'Ʊo]s 4<\dP 䖉[=4|3%)UTAK)gq)/#>+i-Zr̴aQM a%MXQRc.4ӼQōeB?ah'ggh|x#*,ZZ,B.L¬^瘄y<x,=w_K`P^Hub.T~{a9*OQKd%IrwLbُ@U!Pg~Ú*|>(\pEԳ ,#߇7ڟ ~,\$62Yې|&OkB5IEG"dr*-}$a mtu3cdႤ?Y՟w_ -o>XfI 0shl^a8ݰxMp T#I2xqsƓO0YlТfh؏ĩNBb\S_=^-E۰V'xNZkϐVFm8:C,3.7&gf6( QvNj5⼻r'&fᡌ o('quH}~6`W)s'IaA,d;I/bsKeί̱qSa.H #Sp*&a|l(Sqe*7f]Y^'!fI7 hI$!MFCzu,bw>F|- r@p}q R&k| 8mXU!ڮO}$:[l_f*bΒvA}kC߇\tx[>\,`- M =1vÃI$1C$= }c1JK;IV"*ĭ@o Ir û Si4Бپ_0?vpY l .04z쌝naΐm}Tʮ$ 5K-{ =USU(iR+oY i^H`o1?J.{m5.\a|쎖 +ܪnj7] S~A\6\w;3/^::UCv\Uᆮr{N< _Q'і eR\xsiA$8S]}I\V7ߛ#[/—u~1O݄!LanǗ i]m͔E@/v_΢cNV`jwn{bbl?GzvW1͠f[⬣blhدr_eo*I+O;֯K[~Ԍ k1~ f4Փ/ZOy̚FU5 JjKIdy^xF Uxi$ zEW:RyO60 ٟTBfzQ'[m% 6'5v.JE>SsgjFZ VƄ;2;l F,퇠BUW.V8yXCqBVz .MHrVPn#PJ꽣crSZ(Gs[)vB+ҹ5QIhz2#"dt` Sto^@ |;>$B`n$f 2bny f]c8n_!R,u0.|:߈#۬2A9SW 3 r |uchj&ҭ[DŽslzy$,0JRn)z7׫r A\L# {>fԈuh5J!qj%ZS1RX `;Ւf ? MĞO\pxε`A77+G2Z+ .?  5n2 r[;tF>}S8 qMIK0tiԯ%Op2}"Il'9v Dr,*fJ$@C-MeûR3 ¿|W} }ͥUN'V%yڻRh4)WJj_eXrMdrCVW}j4bҺBL|tFnYcIvU\fHӮfҏxHK2.gf<R4?;Oϻ ho}:G2G'k?6Fdt :M ғ͟%񂼚pIld{6\$s#Tڦ0_h p( .ۚu|B2zB.ӕҁ{zɸO7rt޻}`H[a6nu(Xj=v{cS0e/47ei]7PL8U;74'N*/jS`t c ݺo#V/ z);kP!(t#9u"?v1*WB>%r ]֧Wf#GcZ܎CЋJmHy͐Ȗz`X!mthfqk ;b?Ŋ<rٴ * imL'u5~i@hc¶ ;O7L)Z !wN >O6q8N5vX*5 NۙMXzZB1zanf0|]I@K0xHAr?+jKukk=oT7ϗ~*lmz&a N،μ)kz;CB+"$|MAfkH|;wHɇi-"|rrۊz`8.$c)_T#= >P7H0!d`P9&2AW. t~uU i{JdyE~ WB`|)KS[vH:MMp#-LzS^nqfL/Q^H\&0rJ uq A z!YӬM%+"k5/ul؄9pE?eUTT6iIq+-⫓5!c%H͟gV\_陁M\|lKº5;'=K9w%E I9E0TݱƏ`ȯ:n7k~$P6Qmͦst9 ҅ nR+̘3M.u& cf~|0 VM&Q.OPY(9得p n6 Of lFNW2#R_,e4e&_ zQRհ'C@Okߴw`x}l/UEfpJ_Ǹ[z{z|:r=èQacG}0aQPT.mj]F#J}y0>RKe3ҁnziDxОywAb!c)A5{7ES1췙@]ZHU %*̬|MAJfJ?ä+XumI)sj4cX9r@{KLe WAy[14v߹&Z?Z?Oy';e 9j2L"-32i`*UMI3q&PҼp&}rC@vx~7 JĵI4 K|2ޒ:νŰX8pVT-J>4 Nu3re:(\ueEQ_yAX5آkTC:+g>VxJНY#bXQÜ84OW$IFe3&mpB9<9m5zbϓ*%Y@cN. ?|0.3QDJ83?o\O)@e!vbͿGo~yE YRW|j]u}Z /ECZM}J8*r^]CB.u4I)g3 $Ih暆8AwXwQﯡFWhRasIΆr{*-\Bh) qo&%=?{RYh6Jُ nG>s%@bp%4fjcdu7\T>`{([pkf{2$08wE+K\x/ 00o>9}th^āvڙ]) I&}L7 MC϶##Ջ`1:OUG(NW<\_l\ v `W\`/i57ON>BVJIШu91#%o2NokQpŸ p/Lπpw<\qK"NclţIN8?\I|6dÜ@|Ӟddi1)qyC pXc ;fa;Jhafz:qL7uGfEu:%NY[}hFkhӉg[Evܻ)nvkl E#kUѾ*ӠT +K㤞.E5ߪ^/VB ZKZ[;,N/'u}j`rs-^]0U"3<6 A0ۿatSR.4)1>dz+F,1`u7Vz d2Ypp_Bscs6Nv SWV*¥e+;]r+lvtY߭ `æ-K oJցX_~\Įr.5: {!)y랫F LZx}ţ SzoNA߻Ӌ?Np7NQlh?X_MH.{8kJ _a$ݵRϊ6b+8%. +*ŷ(_HD*T@ jv$Wzﺚ*Xǎ/#ed9eFcބ>hȐ0Al$ae#:߯8x77Ջ4G `u]1H$^U_U!87oVÑێpy$Քf[z;=U.)RZ,1S.26zRl3vgyk%86foc[^ i2i+= $gb}E?f1^ ӄH1y!;ѸY<Ll#RdΤ#L8Y J{[L򖜋> jj,x+ p{59>~ՅtG.u6(N=c`o7p-z\bdʓ*p{&!{U˸˚96={Lm9 S lcZ$Xt\e<#@OrcY9]LUdy?vqWuݤR\]9ZxPyt2\pxnSoH_R9dp3Q0P)t-Pr]^鸽T2Xhg?n e7њos#dJ #5F g# VABYEZP؎=Dmmǜ46-^BjbyTSwgsao=Q 5) ?RwLS|U=5p4C'STs+%T@U E`lh#`xW#i;iӆN »-B?R%Ȯk=s|*}س@<ƙ!c,l;}"7EA1W7*kf:VQ9Lzܰ9_i=nK9KR0al7 xeSW}/"VCwNʖ~tu*- f(=C)K F3 }׹ 8瞇L(Z#KGz5YtCez^Z2.1 6ĭ^CBrkb=.vk-}zsX&&ukF8f>i"m"2X x ݈IgHrz[ HbKKvWZ+`t V-`M37cUxT-8 6{70WZ"X)CG‘4\$є1nOl T3!c6ݫN4$Hkrv/%L2qYӑ${?&bu!\) bh2Q50K-8],>ˡduZ[o"YՓ0)57-,5sXωɟ^GtLfrHlB|Et6oH>cO&>Sx}WgJZusV[ADLjZ#zֵć@E{ Aw̹9c3]u VD4'unZ.I sr>}C-o-WH&pԖCv޷ ȝkG|lQD.1V4`vq_ؙ4 YZ