sssd-krb5-common-2.6.1-2.el8 >  A aBU]cdB4EuIi΀F{[`h3eYnWh *c 7O)h^o-}xX,̋N%ǒtz HPQI?ra U}rف-w"t-;[5ۄspʣ!Ӯã!_ɧg,5;)^DUvBӿfKnt~,{T=jSw1jA֗`cEK@ iT2MNEOU]uP\s>z[#X|eCCHL5lB|+b@Hb@4^ڻ< T(z?.x7c!8#`c,:s*W= 5{\V#}[߸@Z&L"J4fiw"E<!e4wMuf`]sJ֭dNw0E`&> pϜ}imD;F4q*Ui3473680e13583042ca8ff7975dff169bd1b03e877fcebe884b63b793aec57f77bfd5a8ba0520a435d4c7327a782ad7f0c8e3d8d2ԘaBU] TazYyLAgrv(@5f z j#M@r+M a}f }-ю!H"[x{;!έ|1C>K}^8jTRQ1w yֳܶ^KK+ډ$33BO^ˮ!l(~3}2`=VB xA P$EY2 rv5_Ƀ2\kW6\U-{3iJ6mmA's?eszY_WYB2%] MYмo( ꊅ'CE9 cЭdI^QrXV6ȶ)} U q-&- @M BV~ad@%)IW6d(ooCuAc^Hmuzl9n]chE7g}Z6a5-F<Í&n虝2̓IP-4@,ht0-B>pAn?nd  Z #7TZa   0  D  l  6     8 `<@E(T8\9:]=gGg Hh Ih( Xh4Yh<\hT ]h| ^ibidkekfk lk"tk< ukd vkwmH xmp ym+nDnHnNnCsssd-krb5-common2.6.12.el8SSSD helpers needed for Kerberos and GSSAPI authenticationProvides helper processes that the LDAP and Kerberos back ends can use for Kerberos user or host authentication.a9x86-01.mbox.centos.org3CentOSCentOSGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxx86_64getent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd''(|KAAAA큤Aa*a*a*a*a*aaa*aEa1f50b8dea7f6790c2f22ddc1102aae6cffc57930844efa608b10ce492d7f10a3c4b27b2e4120349d404dcdd69cf7ed335f4de9712f5993487a7604751d711eff8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903../../../../usr/libexec/sssd/ldap_child../../../../usr/libexec/sssd/krb5_childrootrootrootrootrootrootrootrootrootsssdrootrootrootrootrootsssdsssdrootrootsssdsssd-2.6.1-2.el8.src.rpmsssd-krb5-commonsssd-krb5-common(x86-64)@@@@@@@@@@@@@@@@@@@@@    @/bin/shcyrus-sasl-gssapi(x86-64)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.25)(64bit)libc.so.6(GLIBC_2.28)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcom_err.so.2()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libsss_debug.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)shadow-utilssssd-common3.0.4-14.6.0-14.0-15.2-12.6.1-2.el8sssd1.10.0-8.beta24.14.3a@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh 2.6.1-2.el82.6.1-2.el8.build-idb7542124c4d73476b2dbb1fca875cae0a982e7c2bd711269ce8329607293d66a817e058176dea06fkrb5_childldap_childsssd-krb5-commonCOPYINGkrb5.include.d/usr/lib//usr/lib/.build-id//usr/lib/.build-id/b7//usr/lib/.build-id/bd//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-krb5-common//var/lib/sss/pubconf/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2x86_64-redhat-linux-gnudirectorysetuid ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=bd711269ce8329607293d66a817e058176dea06f, strippedsetuid ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=b7542124c4d73476b2dbb1fca875cae0a982e7c2, strippedASCII textRRR RRRR RRRRRRRRR RR R RRRRRR RRRR RRRRRRRRR RR R RRutf-86528df9cf16965c8e70a024187877c91eb0da424903dc91afefafe45e59e857c?7zXZ !#,v] b2u jӫ`(y-6]Ť2= !ǏV4 !X#nʦw,LxF7…U:?SS@yt!=aO/2!A&@\ z cQ&wп'ɜLUrWT$8InR"NVbߝe7c/=yl8{0`}jJ.?{p &=FlYو'K}QP Jܐk GJx^@h{svFԎ& wmq$L01LxĦ1duN:Y$OS"gPY:Xoo+k??/:EYHd񾓑(pM]B/*2יWJ4 e{j3ks\sHC6vT*9ibG"*{F\U&  3>qq #dLa'}yжΞtXp)w}\W:C6ќG8MLi ܗ:r/b]2 $ݰ؞H05 mW>['Ne8{Uyu!򰺾?ͶNeK./̎rQ;BU$f:KZ5 Lss X{6+m[O֍Nj{И_Q#)6&cZآA=HWw)KjQ8u\lmG+?9>F"7/PLpBJcʜ'^-h"]4NH{,VRSr<xivX p/YͲ"|Ps7xq0hGqlrMehCah'G-3\ʕeCXevQd̽D9&`V}$^oԀ-1 H^},1&uԜqU!6T_yL4<;Hp{-cbM q>Ϸ;N@%=8yZNBҚ4t};dnjO;fMYN)r\lnJt^v@$l A@*S.bKZ> 'X@OڝlS3 Hpb0`x11jχlL5gfIC:Z]Í尿M.5hE˛}߸5xO!Fl ]jJZc(c@t~<w~cⵠ{kof&EƎVrƠ1ߢiRrtžeIrJdMaMyv\:o >9S4}/&|~ÐIg[rاA6!`j[m+ eZ5eɝ-Ⰼu&;?aX䧏7 !4mMQ751, @@W6nrBO,)r"?jб:.oJnO{-Eǣvfd NXg#|S hQ7/Wu/&X)tAA!NNR>_[7"h[I^ R-.XSGM &%Y"+dzሼ,.`&8%潽Ĥ&݄Qg@[}Vpʜ0KM8#T} A9r}oOī #r TD2 oq1dv:SXfepi"{3A]NgMKDDހ,XU;n %8Y_ x2,CA}֑9YQYpcAQ?)Ar D~̺6RN2 1EMJo iMػ|0CuE{p(a3ǟj[ `i>%G{mFH)μڔt!@Nuw3A 9n~sEafء4ʤEղ|B%=D^@mlɑ0:$&2z0IިHmS b)ֲdn0$̤Q>'3@Tdv߷'=*fЍGqe`EQ pEx/㤱xoc>e;&d/$RQq4U6ޞ4lqhlٮrdV OJ>JѮ}?;6w) cܞ %*y Y-H,Q1/c#G~[g(e䀲"f QF^2zC2opրzp jKf~54uܮ>.~<=1`;FK{Ub! q\7pddZٍ* YBR_xـZ@j~Tg=kBF-)Hn߱m\8 y:O7,zZˢрˠzo<hVQ4l9 Z;Tު(D%2Q8'zw(2֖bA /$f6q՘YM,֜0}s:x2Xte]RM89H4e,/.@=Q ٥油/_Ğm NgzUP#m,25bmLe9Bܭd)s.R}%IS>Byw]A?2E#| of[ĉKBu5Ex dS6Vl uV-Ԭ.ߙx_Z?D)=NjÚo0-0 }8~hq/>0/F{jH[+*\zPI%(,>iW.T7 iڔ5@:ӻf#Ir 6GchdR 9mQAhh" ̋J@@{2B׎ M;NuS| R.lIyb_͉'Ǘݞ19`;E+14twZ2,)Z/ugfg̚"akh!*| =nv$]l=3 TkQ`ObOfrD 0Ҵ\އL <>M{--ݻU"iÛVa_sRjƧ⎟NQh!ռ~=8A ?dN^0/P/(RJǹ%|LCt+xŹCj Zvo=|(i1l M:c q ۺ`N3Tw94 N&ƻ6ʺ9KNЪd_@I; 񸧿 o,^JZժtS‡N\mY:e]aDaVpCܔ+V Pc<&q2&gW;OZyR15Us^5~zsHzK>"q.,ztJ nߜDΧl#.U6t7nq!((\-[Vx3IGr`4 M4*uőɊ^ _;Y ,WZ1CZ'ɃglPkƴ kF6t){$F\GXJI@ooJXr"lz޾QA.0\q3 @eTГS"z51*jI_Dczg߄4P J(. )m'4zXTY Wqp $KlQ"^Oc/T/l}7 w\cdk(DӜr%Y{$'QPh > öa@oI4L4St j}pS_FIȕ STx+׻L iGC.+%~6ߎ"RJ9G6yzY:߼><+nV:mȼC@l@ MN&W9SI᜷9Pe/e"C%QGv]\;Gn|D_ 7> \w6ڦ>Ha&_X߭iGwX^G4Ya=Uͤ0fz2<FqdBQTK d>5[2ݘ|s+䝉Sι9#A!H\?fIQm. ew~\)3@p:kiN>(`1|ekH皐Mt [*oTNz 3JP! L2MG ys= nl;kVCKǒd\^OitADک5E U)%f xѓ].8F1߿~d"ϴ Ҍ]ƪ>|1~WىSLZn6ഓ.jo,_}FI1i[0ȠuT\xVU>f5j9@+\S."yR(\ۇ-h@AXQWr O6pVΡ=*"ovv0 ]  9뒒ֻ(#|Qk]ƂmSI;S>z M?^h](<|R|uIq[U-|)7HVgzol5n}h~Kq0C/E] w=knW8$#W +_]8Ēof,Qp7wQE[mU%x7~ĭ^Q2VHCHai28yn9SId8ϑfϙة7X2 q7 e%SP49haEi(SS,k/se? ҿG2aL\BUO\ ګD j9(vƪɻd'F#vl7=R$ԏIN$dYܵuWEUt{̰UMgX*qwhOPOZTծjUG -S`JsS>)f)~.L20 q3S)Bhm"=ێX7+[bݰ^@ di=Lkg "d,'>WJ v Zž^tܨ/ W̔Ͽ\XL 8J25WZD㾑>U:Sh~ kuubx u+?Ia^Pؾui5[&{v{;(hԚd$A?lUh^D/"-.-5g^u'zB. iFu3fWyuegTnH3z8]jgJt~('a ]#Ek%Weeڣ`9Y9Mj 0W?r/!J/B+ 3 C ԟА%&ZI>_] |Q)0yc ȫD%(9:s/QjQ \MOϭtnz yJ `Iٹ=7"ք9f˽wKH'h\- {ޒ H,,+3S+3[?R}(i+ 8˷f=g97pX,إAԟs!)I`"{GN`l˗Uv%Jw=[$Tp̀45vW*g _eMi{QuНجB4q@OA]5U?!BQl<lI{+Xp>uF=U/ɋ,o(r$ )?\ÑBWZ9$XeQWʯ 8Z_-bh=YWMi-r6?~rP 2YO_'ݜOP!|Nѵʹ֑l '1pigB6cm=P&>r?Bhzښ:\m*^"Z(+:n+fiA0~Y9 A^wͭxl@օWIw\ƛSt',!,锚 eXx0C5=K$ڢL D}] g fzpڌv|Q^3̟/zkfD#}Kò ~\0?WEmD3;|#<~L4'pu xS:hz&TPq!hXO.Z3Ǫ;?.Pl#=/t lHyM\ݬQČ ;0u',n&&PLqr.t*?|6aHg2ȥ P}=I7)7ͪ 8 Zjm#b'Yv&祝&zut,d9W b) Suz[r2VsVO];/΂ȍCk]"6u*֔*S{yiuGK۞8;9{.]*r% #)Po˹yÄܲ@SN;.bR棧nKL 6cJw( n'&IL~w2' +nUhV˹`v.Ct1e셖:] ID.WɾEkΕCo y5&QjjpiDE+D@ˋAF2 %xPNLu&FMTxxT$k.G05%&;qȊ9%М59EK~ )_Wn&۟h޵TʉpfO[hjG?@!2BG+4 MeOWd3 a&iuߵD.|묽h5 ܥE@ Ӊ"׿o0 #k_\8Ɲ4 qw[U»`-ZM3۳[qlhT*tҮ>Pm f ݒ]7cʎEv|[@}K({٘bH2+P5ŞP}0|z&]2]Gz*L6ѣ`<„}քV'zVY-AsSכ3Njvծ#eRW6!4,r v?1l%h{y{dA@mY,xKL&;87L򷄌pPW)Er#@vxNkiEJX b_tYׂj˧^]:`a L֐-ЁHpX;6Eu)G]Ө@ԲZ)$+)yvRgpW)Q%j^f9Hap݋G`b[XU(K;9[BU֭cߒvDgWa9˒" wPQ| IE$򅥧7S_\p'ir F!}'a 캘=[?Ŕ0)O<F-WC#4 p ERr"az=#Ca]y "f4myBHՇ`M@24hfF# m&dN1LOu6Ή)0|~I`G5T>A>Saמ 8 |8?/54>棱7#hT*';| ﬚ o#OoJ&>1o8等PgQ;O, M^Nmzg\R4`9HVnSNWI S*S<]  Ykj}duqA4vhAˎЈi f\`kZJLxu$cVb.ֶm51;|ۯ|!?@`H@Ki|*8yVOgbۍD@+ $ײM!r1Ӝ2`9&_q?FHsyZcxVW=+<,_rH48ǖ!<:0 dJ&M@,@lh撹H`_m:,UHM Y3L-y:RS:8@DF\ a+6VБ:r,ƀ]q=Y鷌] ;zK4iC?$]R?Cكcʞu"c-%ڠXш *HGdgxD .o23Bpο<+ v>õQ7?)ʞ}fVt8yA.EB~'>s;29KX-#a~ ;as}y]J ]1jP#Lc>^C[Fi\PU"{<_*Vge i?qaq~^ә/ :\cEU{׮Oҫ rn47Em !y`nffbxu{j!w]\4/}?@f ٓ]V' Gw7!,2]49lWeg@h'w]_Dg5W@z&vP76] 񂨒ryoazs^SHyh"A \ rVz%_>'> 0+gQ8 2كI3yf?Pۋ8f[4D^'Vx|M&ÄwXQ3ګ:0 o(s䞾E !ЎI9џA U=߲ơ.W\s9"ٓkFԨyNlɂ`gK;bɪbןmnp OWgoQ{3d;Lkol>NV-x3TemV92~%d`%uiYB[#v VfB8Iyf2WI:YM0L[79[O82zM(0XLl(=' Lk!'(ȎڊӀ7I_$e uK&#+sL[@ox.>A3pĬyV@?EPΘKԽ:OmX{aPY[C8e<P$a+40vx '-`W ol%F/@.ʿQrP$bv{-o}B=o aO;ׂ!}EȇlL0y- es?R-3gDŭ&zZGըJ]$h poaMm,N+d)iH\x?)izW=ݟ AV/,Mޓx Ghs,&kA[7*_jͬдlΩo(j*aefM}SE( O/8\,MX%e"m~ڼfC~` /e> n7/}E1ȹts|rrf|߁rh# R&OFVvrKWK vFc}Qc7UZh0&~A_V)7,f;ToTǣ h$ɐDG(u"X:f׆ՇOizrͫ(%lYߩ -6-["?xA D\6IpA厾]zlMp F/wnŞk_ӱ \HTTW`@8ƖM ⏡B :&ՙzw7rmd{*?kO.ǫ 9G'MaصrVJEŌȣ42]I`E7kM;1Fpҧ, 0ez.*`%z+&~QpanHae(>#W=C 2e;°OVN)l@jd 8d4`H=w8!_׎sg֔|:L[5Gt&$P3%ϣ+,/,6O5 ZljB5(4\B2%eo\hXۏ7{޳R4R۸@ a0g/e=@s=˲nc1! B]Jw8hpt&NEk?0Afq=IE_ "w=t<?cZ"ai'X'{t3? uS̳OND.*QiZ{ܗYmT FԦ'8^[$;Bx$X#11c2)2NUܬm4@_PGن9Ӧqn3=X܏*NEH_C|bN*XqL|\Puʰ8|dcm2yUfzd ež1Mnl_e1f alעۣߺAK}N3 ^oS ~D|'V@fq"\/Ut?d;&!=a@&4-q vq_`/ؠ\-1_\\Jbj!E>[}ypIh&wpֳd/ py@4ӧz Nܾ|7t&*wȽ @4L0dT(lD  W+m>v0dk'RԬ"~>'(:F xLH |ff߆[?;Wp`i+1Qv3kR)a^7G[ک,Jà b4MzD4,mI(&-5 +H`!h~=G@*I+^[= 73*[  ^^̜s׶bӎJWr(xlPUrV(HCXfOٙ"076 3$30f8n][~T0g6 (;l;Qbrv|ŁAdkd F}"g?kx)$g3"X ,L+&)H-"7xN #fs& p'+BL&;V`1]<@ܸs̳fF7qJ;9b,G\R ҳ%E@Z:rBDwƷJFfRDy(n( ]7CI67, /l}nQCY6"Ÿ}ZDe`֪'2*FeaH27kU&}sŘ -7>QgRӎk>~~%y97CI!8CvRqkH)Q]"P*Y+4S]8ፕ趬Rǭa(ݕ)myD6G)x>z?A9*]}K!y] =/Cy-Y菩 -\_dQ`P2.hJT-4ſ S˺PH>Щ80 fX7*|WCnA~xLFTAY?#nCxc(}:){힣vQHgK9r޽$t"Iw8FH[׸ 2l y$\؉ÒSpp +R e5)+ϭ*]whɻ a!pW"Q6p;%=w80٩<$/$&UUS<7UB{0RgMDJ .BPX KjV/5 $ˊy:~Ne+"i,2*Hft-oץRr14\Ґ72=oM64͈Q‰zi1NjN" OR-%q/R*8i:ܩg',2L Cr!MԦ1L%6񫅐QdRtO羽'?orIAcG KvZΚJ!ie!M!g 暴/ q84ïcCr:s Yaケ")HҨ T-*JYNjO6@>,ðC4 ~(r=yqt/l4E3?զqO^"73Y'pEYDM#?4(\ & hƿ'Lݝ(; î]&5[wM:RݎMNM*DK݀6@96 W_qWj1>ir% &|QED [8XOFX: `kQ:cug{Fj{?ZeH&컈TNRnkc h8˲Kt8$U]ڝ{72F^|:o0?t|1ڊ0iLW1v'FOj'C̆Tp@7FA\e7dٶ$}ރn׎Lme>NvGXDB{LKFj*|!p߄!TBØJ=ڭz@NwR*}1 㢁VILR]\Xq|'A`"Bcz& xV ;h. xj7mтҲɎmֺ4<_g@hڨS!Mzy2c͗7g")xXJ2t]*&.q a.j}{Ʀq8|\&}!(Qf4ibksCCcw ׭j >Me^V-@ֶ ǰKEkQ4$Tm}<*ُB2U ]Js[(VpJ%BCEY2GR0 X }' ɼ[gWo_KF}e K?o:`F_>J h0*vh.+G-7pF0N}`] e%(IFL'x갦ϝ_g/(*T:Dʮj>g ʕ:b"oו[Q%]@3l- BmH\S%2n}lBU;G{$?;!m=,M|"Nt]gNl s[I"/}7ƥJ5PQF'MɎ!]# ?IqdcN@%KDk3  z&>ُD`7cTpBv HcЩrA_5?i6wDO&1jO/Th`LBi$Yjs8[MN›TwD: Xza,ǔXy|~59rbCuV6"U;/sVXrAg .OH* X9㦼Mg.@iZ0\sqfd`&NB Ġ ʨ"(o*ϭV2뱹3CnTstI{*ptz`$ cX_}$5Z$ε6֗ : umm"kxց?ߗjSίԳoվcfy+"_ GDi$@w?wPYj%.І!RwF1fZdZSJƮQ(CRm~r$"1ş:=|w:M2l ) gETe[&@؜鯌~_;6Q[$OXP7zl-:CR3nm=@ uY+R~2>LCqӻ`Oc|7nH(MU-VBCAJ$RX^٘3rrg@hZ^~dwUoԽmQ&gI Jߦ` EXcE_Yp%G9VáNz6kR@ c/ʯ^H6( ΡBn?&5`٧2TIk7ٛ@Y3wpjTr1?Qjl]̩r? `3~7oU4#I=ϮY kGuZ3g|=j$a'~;εt$[qD(-С( S\1/S^;{)e_011=b`?F ,* o@* %yXnل鉚;ArP]^c :B`p-@JS`gXQunQ1ҳ8&#=ѲA?*Iթ)]zէTnO?.u3 gށ=?ϯ Op앁Uo\ݨ_3 .P G-c^͎j+,FsgPa1l:~R~WIT!^!TS2HrB7<}Ў$n/OΧ~)ڍNGҨccl0Lf(]ʅ~P9qǻ]7:0e(+HZ^wiGNAo2E3g2>LsP5c` JG X;ApPS=1;y۵1(^n~.+4h*LȼtüB.3PW7Yq[Ivpi Y15'oуR 3=Lwm~$2.G3[pm}A^n=N!) ׆ _YFbzzXCؑZStsÂ+* 0Q1h63%~[X8Lw ʌtSA!s7mjCT>rE0 qY'Cd41xn4)JBfF1+L6%QU2J£*ЏIZؒ*;S cD=1AӡNGtO,(WT/gS'Sk#SFؑ! /sQU "?#2 ->i25$JDz2$ְ X1Ad ] ֆqc%[_ɤ9u,}e;EEENAR_R$h[lC;88ׄB]{j%qqYK𲲆a6(y:U{[pUe,N]PnYzw:9X\Y )TwFOlwp;Je().u=5g$bIqknM٩`Ugp8'񜙠d-g _h4D$V{kS68g0:AWv$=axEP3H̕+xRZfZ @ % k+6!8tYZ]XZ_.PV㦡UV:0`G7C5ݭ nT3ğbǵiOم٭)ߘ?}O}%lrv7y^iRAvkh>X+< ~&@[\IA(nߐ02띖>ۧH[11&9Kmvp@ 꽓 H.+;E*[+smbW^qd0DLiH;kZؚoEcr y7s $k쓙*x0jG69q,aꯖD,UOhc=)R"q7>BpImbWBA E2p 4ˁ-t%- %_::z4rJ8t2ZN] _IS)[},D(#5v=:Pq~RxY* &)#?'^p7 !8SώrGUj Tw LjsUfS]mK*Ll@Jʺ)n$~ +'4vɣ/Cȟ64 CDe=y|ջl2n@TG|GZZ&WenBuJ|7 HV'R+\C  fw愥m*v J>,䯥E4Q酙ik8bעlFR\ю)@/N]? 1 "&%oWH1=pY[9 {<0Br+נneߓjLe, Py}/.)Ҋ'Q&u)NM#Ou(vH*gBidj33Gbap-#l៱5~ ^IEwWmJ=@k\ F.l샆@5ʩ X l]Q#bz&9k%4%oUr͂NaWa>^k覬J{.Zf4QzyLj5T"E5c슰N+HdlN0XgZޞ4ҐowqX n[BR^cVL1 ݙ[ o`MߤO[B_GΆZ_v S;j\.4'Q@?2k&J}Pq [WtҫYmQ;Fr3r먦gU+qv?f?JNa5uuNj$ @]>DUGe)[0ռ;ei@u0`ꉢB@u`S`cmT!2"ͱN~-:%GܒؒM&-lcW |܀s+k+5i n#s%5&?#YgS.Qټ+ lZy;H ;\XQDe3ц+zc^EQP<86ta3I1J&/740"څۄ}<)Aw~N6͒G̫7f."ɋgu{5j&BPl$u7}O[ Q@N=fOB=fg6 `tPN2uv>KB\>?tȾ@{=V#s  ?Y|a!lBT`zZvM*hf]VkQK##xZ:XrhYr;^0'ZAI%d;aѫi1JDe'NU|KE*}mjݺڛQdnDxC/8FX8.ٮ5)rZиۏKבƠ}.Yw$k dY8[Y/£W湱`/9Jcިa\=5$XZi1]|+0Bmގg=Ґˊ $e4I/~r\#61s1DThJeG$F0%q\zŔgPqfDi(2G>@KRqj qQxZqA|ΪԍJ-ٽW?;=J v ۭ&7Gd*mmw,@Gen9#&LCJ" `6U>M:X9ZDF'بjln%S46іIwl ÆURMҞ*8RC^9'pnښ\lSw;m&-VfEkdZcKk[,~]a]FǕn*x~.V4ɟ媠/RAl>JW q%>ݹH7Gsg^!C ӨncB͎ |gR-Syfhc%Bo@0eFͫVyg+ƃ4 $k"K"RZMbX?CV8Jh5W~ 2 :0y-Ͱ= Fj̜T Lnc-HV_ ܽV 0S^x\ PhwVVo444@Xp Ky7Jn\1`r~s2EWeXof Jv#NЏa]Z ^'PS8+VӮ}@",Lm&yZKGO/jm Lo^-L~Whv*Ic+l<.(W$l/>r,YLd[}l$a[3-e6U?Mf[s@K2 V2p3k /:CF^c n|-L nڽݩwzIv6ԁ2 x H﫣JlJ]"Pylh唠k+ьVn%##x;48t#"IdQ;o7&k6ݝ`|vX{4pYӟz(,d5 }@B us LpenfmkJ4Җ|){DNM2s~deuY014ԫe;jyQ{'쳃^M6s:蚕vcౘ'&(n^45azAb 댓Sa]Z00z[_s&S ڥۊgC'֨$XoY;N<"Xb \&. :j(§`&6<;k2Ȋ=uަoB ʁTMC޷i/U$}bg}Zg*-pG`=E1>TDf 롅^e9G~CsTײ}<9S![U.0(JHoZt6}dDs/\szp/~Lv´N:J&>0Lwc|0-1aPjS6 W~Iv>(p%ʠ/nU8ctJ$XF]!meyzP;h ۮNL6&\&Mlm sqw{ݫ d8֗z*2^zp+xݹcx^Of;ekHNd駩Q)Ai@+i:SCRu[I6 ^Y~)U)rpŅZIXcR&ѐ8o-n͎b g9R~]̀@/q ])ݟJ4\,-P/2S9Wd5*E`\j%B&TRRP̈́Y@}%@ n(Ʊ:%>CnpA^fDުWm"J^kj6B_<(Ǻ>7H004=FjiΆ. ŠPŒQws{dDٹ;H78>B%L轢 `Ӡ^}o#F&)8=mx?<)k!"+9ِ@gm¡_5I|-KӘ蓿5#1Q4`B[?MDمk*ۓ .ە؁337IΩyDdgOMVGjOc!BMkzVb|G8wBQH 0HchtA`\A_f͵kjN pɣE( {IhDɚp4 #LrLF-1Lĸq2& ]ǣn eDdAn.6`6Vӽe|W)<*M\I=<>&( W0^E쑺jP8k. ˒3.|44MZ.-,"v6pAJdq7> .JۡAsՍj`ed\60L\ 8½2%eɓݹ_JP7Tn3"u6ǏLeRZ\~e!/%3fئe@ږvI~m&Q@rLrc]t}DTڞl(~| QhѨN+{]Ql¼R9~P@ (_rS}]rBp6ٚ} hAY6ZEpq QiNJ"8"RQKѷ> mPe 9΂g-!cXjѽ8<?_&&U ic$>TJъZvzL/W*.PV쪒6s6`Ȏn+(^5{}QT/abvo0bS#R@zWw QP!Xaڨ@.pSt(1Li44F!Z\D5+CH_p=r).,R^b[f6ʀ/lCQXeGZJ&"{\ShCNϙws_ 2Zt(E ̅g: {lM`% ?ƌ-B'Vy[ ksf5xa>5p:\蓔sVĆyJ:,9[ƑhE?ǐR '%=jDj.4㺅^2ʥЈ}n|=_XΊK~z$ g߀9ٍeMKK^Z 1@/l !Nts$Y4Lժ'8HbMdV Mk{ʰE;AʧBN͖8@%5`!HB߇*A&ÙOǏ`ӯ,Te"H;|-|yD99N3yQtoc 5ӢafGǿ "ܐڏi` XB&iYMQyd 괵J)#F L:i&.r5] Z%I;?׷Ņ!#b.C Z3ȷ.!c7/yoEM80@Wh "Hi^lu#Hj~iHf]K'˰,g>6#L  TJU|'Ǩ{Z6^,)$@,h1n\%ꬺ_w*d?RC"Ydn}yby#kF)j 2ns6.F ܵ>P(Bʞ#/ٻ7*bY/v{ZK.7?Xi+Dط6̖hqWh&j94kIk(*Q۩cBaygżH#6hr|V8(4' :_*kג5a},A%?jlq j Ҭk[=|xRN;J>?.:1zB* {IU=#^˨}GR.fZBW)NB*ّGKʽ2)&_C CDk它S{gYblcu[M53?\ yl?YYsX w q늎ߨk<lOFkNJ2 1"1H[ d8!vtڣNFZ:d#ǎ  ][8{ 5^~&贡QCj~ 4a{,elX5d¾=&\kQH%3[(-uuÍlpp)lgRS![֪ ej5MX7BP2Й`{xS|^šO:nbw&9~Mhs.[^w!Ck _bQzdhzxE%`s89]C=+*x*!x1ѿi|2 wPt i3x$aΦͥp tv-{toѦx-b(& R>J.tt|DnmNm9]mIcIF P\ԧG{&{vO1sCLv~@+ivvApq1)P BZfTe Bd?BḾ^#jDG[B1έ7.<7ikD%^?ihީ2٥]'+\'*^ } ?u :iNO9wJL _' diW87vllwwMCh {!r+u]Tܫ* `̳199#,%f7q^MosEGDsfC E4u@m Ze%=c2weEs)H.gCUȦ 5=g *?/BX+É8T-"ō12 ab>705a|"NW:2_o%&y^%bB=F$ĚHY:jXe}8Z IfT7wb^83d-!y^W% m:АlOS֜vP!pkj[3^~pXES ‚%-Qv\[$U`#zZռz5;u Kwƈ->O;F̸EJ6+sѠ$!^- wp#0VI'pR~`ȷBAHpDdIO;>* }jN4ل՞n8.Z500ty :?Hە%i9͊l[q:ҚEQ:0䦥3uV}7A㸔[~ElZ$'ϻJ{>s7HOJDƞPTa 2J. s1K%Y( $ PwD)t)Ss Ѡ1fAFrx|7C`"@vb=㼯OKQ([qkX Pܫ\S Tד/Q m?ieY`9zH\~M(&D8cRjL<ָ.-HՃ1 $SQ^-)D) 5qunr!HNU`{F5 W"*/-#u 1 fM&Nps37'WQv;Hv-+(J/ᢎ_hd fz$vױR @ӉR(5kp!q8xH•f3/ M)]/zAk ; >UT*h`*v/v-Zq?b1STń)|fڹ!0YUl]s>!;S춫+C&O]̚?yyHk<"?Q 8˯UP짋w I_.JH#?ǽi6Y R-k PCvOqn0Gzr']! tS?wEZ\?ٵG(}c2/pAfk`DVїʱ)|Z8 ^`wmoԞ'Q(Sؠ EXXq!7egX hcK ב `~Rf+{Κ6*)T}d 錳dB{x(;}*G=;TG N'w끑/$RJ|d͎GԀ4ک5CP??Py+c7Gq>B}mcyM~_L%+#%by~c2&xO&2^՜ 4oY2En+N(|.9&.S|]jAi.F\i9le'g}M$gYJɍYJ,`ONF~C@1eN"ԅqSm`? !Dk)TQ;C  6 1{f;Kt#j,״}zVBߦ*נH[Xs2W3~~e] t?D~(@ FDws|x=|O_S\HNr7PTQPJX3*$Ҋ76$x#nfV$ KAfX}bMV͵ ={5%{Q"suhPkyQYRErx,jT `EKs,CGW{V#ٖ'ߥ(g ̄uA( Yurq±o>cf]0͞~|R|-`P3bE㌣OԅR(-k{;ݢg3: VElYO zTϣT7uZߥI/ڿ *dBG^7ΌGGZZS&]kQZ_8 X'ZH<+ɶjL΃yN2Q.uKzCag:@+ 76@֩i߁bO7<(w3?}\lpΦdGY; [?@>oi NEk0^ XtQ][,Y+b@]؂u(̛) vW_(Z>s:^p3_$ؿ̈l3凉6Q`y Js)M@;k$1>T#˃8慺*N4hTk23j-̝82cx9&>Bq&RZcG=s. `Q;[3 \9o6?YFop̞w$>uoh{'!I,6WjzvΪ+/S0);ʧaOj.$_6 OpsC_9G 8KY5~QkDZ.}KLۏht؟rr4oߢCڪk] 򱌩KM_ȲrW'vV*k>}/D/ Z'UsiS jzpAc2%NU{k*Wxᎂ{xɖd %b1h.ʁddC8 Ut V};j 3g.:]X;Y-Z7pA{+ϓ"SGp}'l2۔GlYrʉЭg`G1z|o яuv9TUwyB)փNaԎgr&U q6,ף6gT]0dx$yG,V7$YYM#8j1N9>zhʧy&&.G/d v]e{BˏNY<> S?ĒŻ&>BMpU;tDNW&- 2 a`9DI7ݴYՍak|3uׁ8%KA_I4!b;˂HS~NN^HZqVh¶ΘE,BG'Im#\[7,ڀpt|jMxpiF``_%wR˾XU(7ZC#.qEqMhxͱ)t9^'¹d85󡁤;9JnJVq':y#1Jxu{Ij>|vrهc)28 po/8CSg&wK8m$(&·¶鴍=Q=+NɊGG3 c"W:EFߏ,e9FQt H͡^U"?28F@*ح4$&Jaec2}yN[sڪ-?!vׂҞ{޷hW}B-_1dv[Q~kln&x2ܻӢZ{h.dB'QV)uZ@;M3~DJMGPy \$#%pO#A!OI6}Z[;:`}246X/BN…BlɎqf?%S6f:?TUH@duĦ$~cts._X3ۖ0gepJ|"dq 43\J4=ZXaX!mkIZ\J3'F 5T3Aop[ -`/zxa}߭jOnK7-v{.K(^dKDnޤt^z)i5M5Pib͡FOgI\7_@J_[ Yy9jf DKu"k܁hT€5r`؅X,pG{[8,PƳwI_[M˥dL)A{F.毞K:_NtySm[(K]=U{Ť޻uTѵ E:!K*5z8*|7j[pWQi,{p6ѩpnRH ic3?!_13WmӸiv;2 H)#Ű]kVVۋR1PJ: (XL M쯏H9uYPY0ѣ"K*~FHѫ{ ng7P3>lqpWZ/&!2<޽N-T;;(>Y#IY <QwBZ6Vw/R6+D7)ƥRfi623,v#JVWԏ/+aY@%WLGkT?iH/F 'd,Y+]7THB8Ci25cG%ݬ֡q8d+[gݣ"Ajdd\o ,?&?O4^6oYj+5R& &59h[OnP~_̶k$sw\-H~oiTFN'/:1~& ]?6\&`s0ɦTͻt2!e1zROӄtyX$.Nvl@sVQ>~잔=F&=:;.@:yV(܍t[Z sTj #|=HfiN^7J˽eL;@zq[LEk}ۈP~ g8 @>D,>:@EKAս9o1m'.@hêmM@H3AdѰXZ< #1_{CK[IhR<Ì\ "Y~"6 Yn,بF;zg,Ηo!lT}8,3v4y ;[ʶ C7àGla<*e*$pq,K*ƐIHu r|<_ʼƈ!9ŵ/95v3'Ko=hO{+L*]^G)C]p޺PY'# 9ᓜ9΢wbK+@Whl.jŀ#Hj>K\d 4wX ~*҄_~a >.[bЭÞF]^/W%?f/Ig̼cOp\q*{eC ^+`#WZA|UND~u7v^L#<}?#["_9%Ddmo[OɪxYaDZjߒi?ylhfV2%j/S#rHt 6wĩ of^ 9C!> , NZ~0HW ^(@ 1C&X鞄vלHMS^d%L'P;A) WR-v>Cq Ĥ/-4"LlL Jނzf)\DH)m@jz?%cMDP(®q FÉ1!]y @,ҤT(I9_B׵vAJukMV`]|Ks0h/ /: ƚLmheZ冯/ nE,>"5xYu.$R罥:22=& apT#BgzTK"jKSN`iE\CRG?rjEj&cvkCUc[J~"]Y*:`!@<ǨxtJpc‴X TfZw*<;0)pc*WxѵέRD0}JJ]|^5F ; a 8Uf=ҟ8a/'EsTk`Z9,d€yo"ҟ}9dh3v ۘ#:]!wG;$ W+%孤cKim uXU붓I8 _{fzRlp#s03T^gsdflkDso;n1Ks_k4Ā2ϧxq%IeuWGUj:g9{a s:s\Pm^sXeM7IaߗGMRm PF׼,#Yx ƉB6Ӱ®$pɕ.JT{U)ل4ZfyXy卯ԑ8gux#zռ}8jDpl ~ "ﻊG@e)Ax6<42$~rpA }ޯ?8ԿQ3quϞ}`'4;YQs'pOb+atr 7XXT!>Ԯ:ߧo:)zd*{K)Lb8tdf첏)w'De} iONUsǦe:E? +S4w峴Q6gW3u# +"mp_IY R qWŇ}00G۹73h"_a J _\N JF w*i`1W)\}5|oZ2gwZ"4 ++xQEʎEo8(b`y>$P;vFc Iw$ Gj1u7KAP5o6א܍sү:) b~pN1s@ͩCY0{-Zs{k>!hkG qYq=ߊAdΨ|ϕ/ɝ.:y/ H9B'xYx L*ŽD}_$U.,XiAʢ;ibZ_XV |ԁ'U=:;M,bY7 BM pj#v '$@D}ĽR1핲w_6NtN%|&VЎ~ht<[pWx ckvhXouA1k| xYP9-R)v_kAFծF +3nk/6'vۺ|ǭ5U\#uv!0gUuQu2Ӱ,jwN01Ж:2Ě^GO&"7ON*Ittel}ç#9&+nci'ȸ\8SRg4ϛ }eKfF]3 v+ ƼE[r KX8uQ]'RkH<2GAㅻFbsݶfV! kٜ.pS}mCNɼT-fW`s־0o㣗N_fKMs'*rٵKWT*& }i._[>l$(3*e 42ưߝT6,P/XQWplH4Yu2k )_Q˛'= pQz/rkqmYH$ݻ WJa\[>@,f<}Lf~{s#|lMuW"^99zUͫcZyGugk'JUFU/ce' 呶_Y^=~ǁ $v>t@.ԍd8Zj[cUjX&vNs[8ڡ N siOz33SF|Ds6c350ȗmNY D5#kN2=kx(}IN):jP߅%=(-(M}3M.rFcc-41Hq B~FEͪg>U)³6x?T1 )iޭ@&6 .] F„lb2Pq+3.qN îiBt4ݧj* r̥UC:Nq޼6MBwՑzHE0X<=-yj@&/j ˵5˲Z4NtLV57'l~*g*wE 1/V{UөpD 4Ɏ ?ZqFNmUin #ZT4G>( \ 5dL>跌UbY^dXahL;Ev#$]3Ơ_A*39zȲfͼl}9 fo1*ޯE=;%|Z@N pV]_̢? n¨%/yD_Wa+ _5$ Zr8{vX")$@rf YhF$(&wV9d ",*T%NO6d:j}-^_ˆLy$9IǺ  C[ wEΚ| ƒ(3*bInh*&e!+R ,MV0rP !d8Ըbt<1Z$4XiޔAVK60VobDb_#8x.d0X1IKd;_ٛ>׀9"! y,vJTՇg.3g=4zC@> Ombź*Э8(LO57ܓ:\nƽ_Ywv$H6߅@ }O"%υ^Y qg+^.'T%3ӹ*O1bW9F"fǝ!@gI\qVqj8Ct1[*ɯ@3)^frHkyE"#|W8^KxҾ;_u4|v #)ʒ7w¶!Ix MU.c*gV`o!ŝ2LZ/CN{I} v꥾/f`p"LwrQ0U)<_qJԭ5ƴ10S:dvMNsaܸ`$;#jXpM."*uUE(Y|Oi$ة7_)~(H_QB1Js|-,u`\NC GAxΩ(kC^PmI )Sy'{7cIr4cl0 q4EU7 :Jj%=H6OrWg>71͚q3w1Ʊ1.VCH/nڼW=5;1߿8/m-VP\}esjn˷Wo-{޻ރ.4߄,u5t%0uts8х )_X60WDfgch J n+STZjH#@yKCy\d-^诈75߃Q`6J>Ql{_׬Y $Fy9EQ1~ Oh`PuԱ-b uK@EVt]l׷yt:} Υ҃gD!<)VXTMiEwm0qtz6X(BNyeŜNh(62*Jqx 'S:0!6Aݼp ЀscTf# ׽uC,Q:t38wV`2Lhc*|E;|ryj֪E6ogM hﰮMql # JV.9ao_-Vw,犰cuʾGpt[nu>;)x:AO_GcR@-vvPL4U NV#C@/EiԐ1E]t&Ef'?svz*RVrQuD"=եI>tf`{maF%'%/πE_I=`< NԏAߍTh:Vu! -:mdAhQ]a P*o %1&o.|sj~d<xg('G;\ j P-+2E5#8j98&ȱ?_6 qEt5!hm((5Ϳ0T'iF$ch?f`s$%9"ݦ}_`*싀DP(|ii;y1yԪ^&/lMnk@< ccZ~Z ]fnlL|_ @ҍR4QwHm%APAa_ (?3]֜ЀŹCpi5ڟjaT rjRe#h51ՋTLa&)}*r炼 I{Ph[3}efO'j5Q^jdzV76 UP{8؛To!Y /~\:ײꗏtբmb{;.zcjuoۀuW MHӇ8_gXf$K3@ ?h'(L14( gK,.K[Dm 4p޳kXUogE[Lޭ 'Av@>zAvSkh}9GU;!dyiܮ5ZdRV>$+}og0y* j+ 0+48u]{`MVHVv+Tc; OjT4N8+"sbsv{Oy&4U|l!>-Jꛔ{D/GɘwhWV(ﭶ2G"rv@K:2@arو'.Bg̚n2C֥z+K#G̀!  f>$90|$|'g%] F^$.0`=;$ךǟ|-6(n;M^`~7 M~-W}EB@g(h1@6'"s^26Kl[3mG }d]Ce~QO =Iώ=ʠMYo0*@E^y8IDg%Vz C<4>QE^LHe+4Vz WKZm~Ekݜ&u. d-vduHnY#eWD7NE]R8TbPQ\.Ϊ_ISΓ&07~AAE1 ]B82ymވ].K ISIWJ lp7(xD *ĹA1NW W`{6l#iV}O硦<2b5'h>mv/iyϑ`o6Q:V^ϞW /2˪K߬N&`-|{ ;H̳by..vghu"_[-cvI hgt~>azQO|hN)" aY'RFy+f* <:&Hb'Vf3do:Hv^gOQ S4 5AL) n(! };NΎj rۼ>1/o%MMC| /-"78=20Xp7MјnoYW3i$KO QӏkV/,olp7ە 0P;sBc3j&eR%J`dEʉʤ8h[!62T]65d$o 舭UX2 qA2(aM>7mr> `W{b:O^ꠀQZ^Rdu,P>x6#-*e?]GKx Xs~;@Ŋ{8N:b~Y{)Vn}QstC~keE]|bXl"Uh$uvm:@]* Ne޳ + ջNAuZ" [vTp6G˫G+̢;<1!b" d/4Gc!#BLut4tJDlT&-Ȉ1\-c@(NU{ K-biFkk2? &N+6tѢH sVeG~e (dŚL]F/ BC>,:yAxo4fkn6nX*~$r1Wk G <,J>S҇zþZqЫ?!.%gjRdHE]: ~AۧLΓ; ,o|c:Y1П/sc`"\ܸuQ0,gk+!h&!˵[~<I)ҕ !Ci!qYc#VMpH z[qR'͆p 6I &_7)PDŽ]+*Fw£M *UR{5 b}W̤$e܍PyKhFp`vVhL!Ҫ-zl"TَLE/Bީ8kuyg]q. NtjS[`G_@i|G92T 9(sc"=IMW\Rq84v{7r%b"讟/Ћ;N%сu8hd-=* 9pM(-eО2E q} d|X2(KEo/^jS-| H/|AlTi)wݢ!(#WZ:W9 E 0F9>̵ODW6ٶ=B~hV*\bng?Mp+/SFaSϰSq+|Fǂ,h$3-gs5\ȗuM^ S-y$s@V-;-Ԃ Ns'r/͡*:ǜA;[_Ž7R'b}C S! qkpI^o9>Qk; ǟ$!З䥃WPXٴll6oOXdHgV| #od3Z2ڂ7G> o.7u\7&(-bROpoz\FQlj0n wjO NX  DW Վθь @],yC+>̑n7󚽇.$_[ٟӧe5lL`oX8bHu,XԤӅr:(b uE۱{(FlxyaxujC׾.Uži閯`qO[eƀ[.BP)R9I[k7|_AdQRd5 p1djdR{0T@#V{+89М̌dEu* Bԟ Nekj֐j ?|]|;>LQ Qiw<$.~xms)_ԝq]]{+:%' | D~|*@P̭]()3w{f9 +tRc-Gk/Tfkv볥=KzѠ $X12 uɥjInCnSy۞^r\ˤ|zu] 0G jĀ#H8$8מy _5pCjq0-J5"açش $I%ʔ+ WM@US IiR\{RΌfb[LwF:y-n%@+or3j-J gu7x-4u @?ZTzv5S4z1p Yn&GL.dwW9{~#s|YAΏ,$u{=C^.xfNFt2:)>X/HY3 TgZD1(nO@2SENH0Z?;kc< P<(Q)=V5k[u{kAXH&0?:;cGR`X^Hks3؀VPwoש! EظS!kijT ab{ִFfr,[{Z+j֏MH8"AVXn.P3V,4$pKvs׮Ζ#wcL,S h˳+  o,ƔIÍ>.~/Qs v[ 1. RoSWZIxdjLג'KPnpiֻE-ܱNfZ9rE M .UBtzWT8bev#;Qo9nzWMyD>!B9[/Sԟi hBӿ,0OGqҲ6/ |^ 4TÒ-@avAPc/P{Cu/lp(G=|l> Lh,9`(mh7l!vBptw~}O}3ИffE`+PPuAn S{VGb'hcnakto2rC4XLW$~bY4Y&, +ڤ@m XGQ4ͫс&r6")̀r#ù3]L6.(8kG´XHp%~wRZoU=+zXW8cR-Vy!ulv XnV6{JWG{̞HgGP1UM-6QWE0vi\mÄ]tx)g兟^gIjMo J]*ct ouy,,h7泦ڬKIk_oȇRXMi'jE /xy"Ҏ/<ꓳ:,.CHgqbcө7Y` 02V$:WrL%}|ij k z)Fȭ^łׇAsE4 ޱ>1]3\u/.ctC m] `>.E`JF?ٍ,&2!j57@0IE}y]CAVE yxW]Wn܏n800.O)bve`6l7˜1H_vv07d=;aDG*|9,5n)V3 mwlv躸ѽ uzwybYߥF5@un~Ύ7.RrV{5i!eB::,Gmp0"*=@#Dry(RU(6Ly,{f~d)Kql$śf/9]߂Rw b!$BNn"\/%$v՚Ead~@ӕᨁwNG Re b׾*wom5:SX$1FSǔGL|ֈ|Yx|T rum8A)QjiX.<7%|Q ys>.:{46? : A;Ղ@)Ą1M]gjI\] 3 n(y9_?G2BA_ko~YBG\Q"ǭ'ޛ"8'ۨv=8Rdy2b~7Ջ( sTn0BZ1:[S?n'p8+=ޮN;K돘$2%SZ"~*> LHDИW =m3M#jvm軜Sk"hIH,=* 泷;)jҠXDzk7>h^6;p-kYSbc~Ġ~&6`:뼛G}zh,?۴L#@oʾUO{u%O:fcDGρuy 2BI9uԳ PTɶ[+s `̵_)j?ȶӿF+H{sŵq/IE)kl푔cbtYDZ6RPR?zd#d%b[["J.NUfL6*>O"XSj˦qVfDO+הDjݛѓTlχ ߫=mo4xyE^^U?v1m YyEt_6u7qQ<=us]6w_Ѷ)0yXX&W/$&BKTh#F8dorӭ$wFߠ9QjEB:Oc&J\.Ivq2`}tq QHs8n<$bȗC^"3!#_zCnyٍ-6BN*va͟ҲYO#ZH^-bX9|wG<5',+d5lEreؠTފ[NPKH1RwR'y`*bn!J u m3 b༁pOY|#!7˱^P͛6O_lo/b:gdŏsQ͂-1G!"- !e)pbQh]@ʺN^K6҈Y¡x'ژT1ּq7՞2J*Y}CZ󵮚{۞E/Qjl }^#$byA=x+>[ke9LΏȅ\a`};ǒs5R-ܾ m /hܪFryUŶڡ u#E@A2b6yU>A@LZbWi4܃⡙T ntd>Sζ{w"KFܡ$@0ȽQb VK`VwUaeCp4d{[e'<^g ܯW A/M9$\ H;!"2juT1?\vM%L9u[~~뚻%$Ϫ}s@K)#ޒ:K䗋kfF<~SZ9TAN4 `2 d8kE~/aC(H=N/78qk V@wvullI߆(_xPhúRyC&O؛K~ML@h36MP#`ï6F-WύB 3we!ʓ/?D$'[:w>-_Vk'ET0c_INP"tWE$~Lё~E?E6"Z?Cg ]^eXY-Ν1<\`W)^|yMd&GOX. $} (TRB+cIJs~`>!Y~_\aG'tSdmz1VޕoIH)Fl}&&5.p9[gUF(],D%|w p[Oq.h g2NX!nƷ'V* gslE==k] 6WWCgשԄ̭f 6zb)h+y-'A?)t{oJS`YSٴu?01b~đua?WYX`5(~9<#Bb6trEA>%SLBﮢHbI*$iTI ;giY]L c͡&~)?]N9Yek0;ޱTAӼ uyA`P&a`.Խ#V[Z;4zY>̄hQ fmcӬMމKw18uxw @&CpD3 8Nj">ඌC~ꁒ5kØ/KzJiG`; ^GP Y+FW1fPmLwpfR,^ВǕ(4I Ǿ}՝'*`Szȵ٦zZ$R5[gչ+J@S7~ 0Zߥ<- yhõ|oCGw̦UAq)}9"0B6X{.Ԑ-1ZJٲ /{@f~uCvHQBذzJ@ii9匟=As0 Yf ԅG3ZʜHAH@/mBW )%3O6=)yuJQD >S(RzRE64x퐍X[ɒ!Dmb̾5Axf0qg솶coobv<4~Ժm,Wg{tp;J%8cA4K5696JAJlUIJlWiEk2BiCH 76Nr^U.!s-F꺨x j m Pa $9>v[NƪOHqJį1 qdߌb4#bX/j?žrh%^p8 sLN|pq6A$NMh㝼gUOQFz c9cYeUX fI<ԷrGGJ.r)@UIlDY44]~^f|0r%Yw-mL(DL._dŧ6+GD{siz̳pL.V(Mo=Q+'?-Hi^6xh,Y$y,%u$-;ˠC:)*<^ Ll5 e|R[ oh?;?"f춓Z,"Sf1aM@NU@|Le%3\nװ?`@էoSR`Ocq^\E[BnOC ;#2f)vX/8/Ə%Y8}p[pnY@6^ BcR#G >:w Bys֙u^6%Hcq)6bdzs1t@څF[]Yxa KQ# "AVv^y%4nnl+_+%V؜IlKإMđ0 Ʌx@S#2TwLt- MD-{.WPJ%2,t$.b^ ؀[b_\$#R`^Jp800ԕE "Id.](dZى[rD x9HlSyl=gkTi P /'Ht 83+G"Hʓc*No6/^Tzzia0΂QoEv:$<4.tt ǧA C MEo@Fݭ4\ۗ'P\|PF6}Ge%;;&F2Uc7u.a`]$MGLVQ82$BB Pϗ" dИwߛh!^[o#omXЀ7+uge&B*cT`.g O c1$j@7ǀt |g?aMhBƉ8L^$~Wtg$1f}t ϒD ȉWmpGGa8 (1W VznCg,joee[)_o87E{0ibuدQRbk#֝Axm57?:v@5}1YDG~j"1)zuy>oM2$#'L^)fpej4 y4ڍlK,u_ \QtȘ+HFPWqQ"CY@x;򝮘r*U28/rzu'6a %A2MyPqu{G{pݴ iT-M=|"YHr}bP{'P=5n*@6o]tnT Μ 6zH=GȇB0ت%}~1p;YjvyðrQ%_H|Dq DD,55\o1DYC3@IPgut?Ih1bTXօ< seL. ȯ;@oYs(U ~DӾJ+$3ӟ⩺ni&HCUbNgG^Th #vCeWR|zua\Կ*,j "NC!b0̓!N#PX<ݷFJEȃ}-&ƕC 6(̆%aHhɲL+a_-g(VϘCM#‚S 7.rxI;1m*VilVWА|C3ih4& /Z&-hKUp:ŗQryck&@SJ-}ʤdLliKw$,JoMkΊs|c6I2ƁS6ove:MG.4c֣_J#XBM"~իFjõ%uLLmW;Лp*{fFOivS'2/~`_";d0C;eZb&.شRb@#{$2G \1P柦}b;svG֣՘T=pRN [v.pWZ4xc?P>'m0¶;ʉ"+ !Q?{3T=|v? #͎8lX|k.T Lŕs;29O |R(rNKh|2ܙW S5LWv+M>iAڼ/ />vp)W" q Yra4zNᇮ5vn+J O='$QB%ހ:Ucs'ms)xK,pi N|pM _hs;S%WPT*޷8@>MW}h ib8V7cku$l4Z$F 8,܌& qt`_}NhLm3Je'!)ՕBd\nCt?1&In`Ut=H5;y#z-=˫_o_ i! (ugBH?ٟT ;\A*DL(Ai~G3cDso#ր:Fn;ԑ8OT3}> S{i`p !fj{9tzd$` z2%6fO/ ;xq46~d?|boѥy*.JM`I,t5df C~zX_Q#^#t9^~*H'd)6uw?Mq8U3sOv!'-JUe}Uڴaw+h&+BN Ғ+Hb%q(忢UZ1{Gċ>0D:jN~5 4;p%Mb #%c yy֨NV&κWV_?*zXA > -WAIGeLҥRyK6U]6sM'׉uG$W+{jGU kM3={HjHK\ h[ ;}?zL_#ݕ_n}n߽IaC sa֚ΟL8`.HY[G:IkyZFF>OgY~ώvtSx%*֟x+)h!R­_Vsq$QէxE܂] %wټ$|?n*}R pg9pW>nT=#^SwK:_'>ހ*[C$k }:6:&$4a)a^ՠ xMA4Kk7L7˨Od/V*xP%)R_G/w[d*?j+b&)RI =]&ihZH}iiтhϚn;+P0v_SE;t@?]L 2 ׃#0%Wj %kZ9'HAj 5ϖ2wsA0C0[q!קԒO[}q^2dӈ?שl=;7U`N`Pw7`i9g/ 6q*iwjpq-d{:E-(!Ptg,`~29IL)-׳A(E݁ᬬ3Z:_P]<:ug_vP]j =A?<͏cuhLa~@ KIkk, .2gFjbEU(`DY@["1Γt`a+(/.^C>3@4lT"(*=@6{ыg˺:VTxwk-:&.SSZ,9.!xH*Lݝ꧐Q/o8ol9?dc;iż'Vav |b]G4!15X5'ouaR'0_ u+#C">CmmcU>;PA{ukD_s Q:b4үuUzU-$U:Q(M#yY ч@[m| E""{!=<*P-27)Ɛm]RQL-vz^iw`:J,`=ѭCdn 1jKkT^GcUɦ3EDț,WuCZ`&gh *M [Sk>WF;FDC[Nu9&WP"8"_,* h+%yjىmB.hD uhYZ,P/x35Kc$qሁ 5Z,44jna1El2&1߿"*qx}>7ї##:g] W_&T,/<-X-+u,j1tP)H(toqMk"͖(yұ]#5F/1p/M]:>r{XbW`?IKmWΥ{oގȧ5.4o{lÎ@`E3 U,4N*[jIA9?XM[(^1_{<Z'R{[.mۀwTK+F Nb;]SO{6Y2=^T]k:z#dCarR_vAZYAZeEoLѧ,ux??#e/Ǿf[5:=  1?w~H&Ħ}Ĕ3;6#h݉ET, d]9ÿM$X7T@R?j0:+k$?`0|pXE)֭e_t3x;^q=FXM :+<)!/(B d5([2i ms)-glŔefֆQ- sC^KɇB\US;Hj2baw:v/϶kϓ`^:VKe'B!iC~Vx.""D N?Ǿ`'<jP^']Qj_H3zcD?u8#Շ^ƨg|O\>ɉfHĐu2\mckQN_RIjN,d t$\}4䪱Jkx*>@Buc*кI Jc#&U~BJTٯD8(JEokp~el.q$McZtH-CkFrStۧې0br,]fu2DWd|Teyt4Mh]Ifn8jҸ^hBhajR*2jY y3EsvطC1ˢN/dMeNEƿ6u<ϔys%]6ʀ=KٝS nsK0͖n9o\.8ei[GywDH=Gz%DRAnKiS5 `}Ԝ*l)^fHĕ[x}SLqC?+B:Bޛv^S ƻ~Ӄ޶QQitxzH5 Tt5c嚌p];8Dp{Mr)؂Q osGjG֣MԢ h;sY q6a Aƒ4!!tVOL'R$3W 2ėk.(km lNK=5mC'g++ET~:tnamFkNg!CU+(subv$dتdY 9 -nRD?9Ny1`ٵviu@yz L]kE%T3LuO u[ܨl8/J=k@sD_Ȣ a=cWqOsܜB騅3퇍z#RΨW8{euuQ zR떙/J<{_B&e;}Aʵr3HF`Σʐh#$(H3KJZۊ3nXXG`\@o蛘p Xz<{/ҿ"mBbt=mYX숖+V SaP՘;Mvܼ}ΠZWL d$t@ӝIDbkS-6& sUz X1K| ]S~ ao,&3zL͋'viUqj[F :'RUa,=69 Z")pWMު!ƔG*PzS8靱jאw0Akԣ/SWԝ\MKsף>hD .޸hûD@ۇ^qI_b_դ|X(zILf ],tR4"랱1%ԁ [S]C}7Ŕ(5Пڗ,s&T鎄2z߰#N^ ȍ^.6nM?9:ӷ\;6 2:ёG+"k+AW(gף5'!p;7:7`RWe>?&/;ԻoӈHK0s ^IAM%\hG&QfPۮ蔀UÉ+u7'.[QGJcӷ3d40 tqct9q8\D!vx>>}-!E='&cuLIyb 4,篶4 2vy!%pD]x wL']FD1ʓ7CGN`Z}v9°,;[]&wA1:0%R詣yy_|$Ûul7vg;?ϣKO#1W$yE<1Z@^ .fb٩tͣz ?_ E҈K5m,ȋ AK4MmSy[A7;pZX4pM XL׃8i.}>pAu$KKl׎.̈́GpKAȤG1gOwsҺ#ȭJGO1Ҕ5Fcbӫ[2sԯ9(c c(z%~L*VKhB\Uǫ&G3OԇS['(nr_lYS/7v=~8W!%V [4 0GF9>Zs iOV5th#٩G$)0c- NA r`FK➾*j$j>| FTo߼5Zۇ~r@UFpt/ Sw!|cڝH~T JK9]oCBKnMɟcfm6cӏ=$H.N `\iS3bPpcւ-A{"fkGc#:{Ok_snKULƫ"Eї6ʫK*DLdhPXH@7(}Vqvm|fNhDi&""c|/ik̆ccC{5E]8atmω M&.,\.Ys<3Rň16?蜤At__K67?WrG,>t닖,<;!TrHML`̯6{pP̄.~~T^eƖa-q{s*aS{r$C0$7*)&Bw'Oѳ pLzwzynkЗ'za@@KvT\;uJR=uMZ:?j|)-mNd5# b14u%QT0ﯾNq@;p܀\)48ՍU2vUBun6#c1 w 4|={HSՑ "svtƌvI4Xt=f]B"a 2*9*;2f3iyBJ;_#v`ϞD'˅vER#s+SuqL\XEkY0U ^~w\Z[/}C=Ng/rUnCqs<؄}'_G&۱nnz (do{e4Uͮ!oUNY.a^p·E<<2:3h$Zx~t)ϭS4YgC3EKF1 l-q-}*scPcUrf_Q!Vsp~7SwQ:lݽoupFLS:kBX(Sp")! <=d@nY\^RDǴMե{3zїA3&5Cm3悩n2^U(ȡ8?_l,xEiDl.6>\ rXh0Pp/**8`Q ;xD&DIJV\1324s!W=؅] "<9cm)*S&3^;lSRutf #찿ۉ'{ CƜ8FFLȠ5-ɻ(Zˁu^ɡMn5V6fpo%<Y|XC*뻥ex]Zi;Zw݅!PviU}a>+Xѵg&{lSECю'q+6+ I0dv_ m%tqlf'%eQ|ġgJm-J_nSIeT/{kd"c)~{.l?Z|l^Dv_Y/AtΓ LedAiz@%vJzz/Y|LO,B~kIR`Tt8P5YE ȶUi&h4ZfBĄF;&DKqS0 \)'8cQ^E>v-) M2'W^ў ={~o՞.ԇuAs[ѥtj|W ǽQ v#9|l5@bJ*yzuJ.Ks$}4B2˻il0J(ˁ'/Ā:JzؽnO@R`֬zڒej߹zrac@|36'ezל(%ĩA Z^0 uRq7qqkȬeGpL D[B*:n@`0⯠8 PPؖ|RN8䉇6~|x~R6Rm=I34BR˗Kń΃hQ,ݱQOom!&%dr1Y;iPnfo\14 ^$ @ Yr\77^q;Zjx0p 9Ɲpv~-LntZe1:cxe8YI9}1RFEcWrrX[>^Օz;sȆak0㮐H97L٭#NjPQ.:F)N㭘:Uk2M<"iߙlCKCVqX" &4+w3FL!_#␦x:/Y#[օIZ/^qgkrymfd :Mwb n? 3^z\%dhe٤~+ ;89p+VւY:T :m۩՛ 8%8!eg -@L2Y#kEO("y Ҁ(}kQJSSН@9B`1Q2MhgMGxR45=͏+"hݏҴ,>rE4L4~fQ?t7S>fUӮj!pZ8e5#cܔ4̘xrrL/-q!n#@j#P4z/N(I}j 5[D@TY-J̚l!/)>JYMQ l8P볺cu󭪆^bh ykjlLA^f#Z$']Sܪ– %,Cc-wje!Ѧ@0;6W0Jna <0n&!b;kAҺf9X îgr\ z Bct֏ D\fޫ;hpR "H|5΍Pr^8CVό$e9◧_ΘK:9ԗQ켴4吪5b^EH8_sJmVU!:&ϊ\=klo}~EѕW[m1!ʜ`]"^~PFbu;3rjKGZvׄ}Ȋ4OX;i#oΕ߇Bs?x魳ƍg pG%i"Ṭv~))8}on~c~;#m?8 +n%xe'^?t_+3KJTR}ԔCn3Eb{)աU< Eɦ@))X}z>jW|"V[~ єbc"[9j J 9쁒rCWoV%?mgɄ~ttpǹbǽIȤ{o8J7/9X+F%u[n߮sQ ;[ =IV< =W)uTpC(85s6:8;e{*Y'*5ftz8w lw?Lx䥳Pg@w7%?w4y}2Z̦,8WVXGeXHi('ӌtb`JS^ ̧evӵ,K)!z[]@bs4DN dSٜ.%E9-sW2$sxKE㷄ȱsme7 Lо൷3|ϚVXbΙg+P lAQ76~(~ӨE}ZxW HtY/^Dn &KZaivHot yj#Su#P&1&f9(Wyp4]ALk!nniGBd:o[iȺz$Eӑ*EKܗZXͅ3 }Ng@x@0Ž \Ko+: #3BX8A;+ 9=%3 Y,v){:Z 7 @Q,ѮrѰL3LjNKN N^mMl|3A_0.zCQe..qID۵q5*4uI*Ҭ^U/z^U?G=blےR=׫%U ][PDU&c3uj%@m]|K 崓){؄`Pڅ4BVD0XxUgNc6 J_A93T >5Mzn:,'REQd'392?kr}c3f!s?Jւ@?H '7PRM$@#e$ k/R|NMcᗵgZX^@ra&@O>v!lS?lKuE33U%^w _0>- ctr&Ch"4 G*J$vufQfMxo7uN>7Y\..s"7 ?U8;5^[Ԫ]Cܻ)ѷ e稰o{m!/h> !a]t*|E>ZKFx%b+Mhm@ 1,(!BBݻ{E &}bu,nj[J@jD y.Yj41˒#~[grwwA6)nzM`<_hU:c/Vл8~KoRnv4Ԇ~;!}QycOo9 d)u.=YiC]|Qw8?25AS,,NX#)>e+)Vv=FQ؅\34Mg_9AF=*&A!| {0.rY(IK$8F=XSDYJf=C 67E0{9ϴl+Ӯl lg.')n[R=2C3i TY`(Մ꩑ L!N;ٞaoJ YV%RT'"h>;2gW8ӓql"rG! ",(mݫVXJ9 :+gSZڈ\)KQ:voÌD*4 PE!<7J<b=dv3oYTk?n 0A+*陵 :,Gy$!u>_æ T-M .$zֹHKaXo-x? yU$s"KRs#(0IYf@PO|NNn[`iɋ,aȫN*;゙$[{ZmDYǟr)qGT?=qFɐ?s7-T9]7@|X0@ǎ5*ybبW`aFX3c ŘyϵМUWeM\V(-6rqI.<=ecK 0 hz4(y d+z,Ryz }qF)6m)k \C_PI?0wV<qJUǤꇍ9%C)rHņb_o{[vrGg$ 뫂@N$3?5 +rwEADso4-"DՑIt>ҼQFf _@VRYl+#,`Dĸhh WAS|Bh>Aw"~taϐhE{Jhkd;@ AC!f) 3NȲvl\/U ʼPCF]3͊ 4J6+wd_o}odKC KmK  yn8W]w VsY}=-@$_ѨӼ}qj"!( wsUWVj#T vpo^Ap@yK.t+Za*Mp ӐliԛnBz`#SWQ|>H[ ><EA*t m-= @xk,yi #gpdkmD@w*t4iAh'H6-Sz9'aiAV* !NwGz`Dz>FM+8\pP%WPp]ng:0i#WHmxԚ80%3[óZ?:b;-E}j!25=%&,["+ )RzdR˨4bH@|$ݤW=;>*x7>Źp_ݿN~Tأ* mVoqwK.nOYfϋ(w$6|yAHJ 6Upx6*.&ilGN2O\W@`AS}^v/I|ODD _jǏyA]g76k,>n]jφv ˔%:o"o1-ex>#OkCh;tՓb$Q7 .4B|kK#nLfh|j B^ȷ:_x'Fپyz w 6`O펅N'2$I>״˪y%YZӴԣ,#[5/TԕaBBJ&ΫO mj-=޴jC.!dGvo06}_Ṭ2O{bUmOxg o(ܺRml:j6}Z4;YZ6Ֆ .^rV??KF|=h8ŒCU*2؀RC{KL Hd4mc}Ȯ = ň/cyIH!֔o!?0J] G"X?'Bs6[`=}:sBA0"Nvw}..@#U/Ɥ „p7-($ՏLx6h!DRڡDNɕyi |Q'c3w\0SfZT։bV LȚo_xǃ9tU6+SfӎN V=J>zc%XTC!u-|(y ^h$p_b5ƧVZ 74#Gq OBS 5nfU q96A_NIqgkmP 2`{K/m[% B<>dJf"c'9Yѐ' 6"*ձΓ [zD/A!ȉpt.n AhT_8}a4ә*U*uW KN|?DkQV4x(g =r^MmIZFzQXЉ6yM 7 ]Hdk&&GvM! K)?Lss;ۙJRK B3j pd&64Za@k[> /%ݯ$=8kS>af+;,bɢIx k.֗eRx%i| [Z+豇Inj#vTnjq[1?|Gej[EO&fz?`)?>E GW4Ě%:-ug*wUg1tQ(j[.:V`c}ޛXˎyZmZ-$E^hp 8:Bv*#\Խ_jM5WlC_V"g A30,C '~Q:eufY).o=WK‘H=:#6]VȨ&uap=3mV'5L8pJY!;%:ў8;.,xCE!7kB`]uiٕ{ )a5a"7R8k%A٩`߭IGD8V-6sLc؀}L4uL`C#l3y*1!{cJ23O#8M4w5v;4mhA'*nl^r>AQE`P2/ c\jIWj[hIqEf_%Ɗ txrȾu5.ַzTgnhܳ\rj`FSK,xwG?@+2{r}u: }RC~,7PfySIѰqH>C<7=91 ȇ}kB/+_W8d@3<9jWޭxP~DPF!NoEjh<%ԼԶ\ |.t~Y.,lp&b[i)HU\!S k $MC¤/`ݹ)רJ3G Ŀ}/dN{`Ǫةel RrP\LsIϾA@42p Jj7ثR-cDw$p"uѠh2_.yǎY]E,bA}U@ʭRkOtJXHN5Q5 4h-YqB˧qy`<yUJ(J7%]]t *#oAUB vl KL2Nf*G;]]3K9EF@ yT]4RɲWU8X)qx=aI7&S^[әvs ^$U+r~g$^KPCfinVab} ؄ÒM-"j-s0H3( yIT]ɪHG(*.}$ rwG٭ ʋ(9^b'-U{+a0# M0\ZE*|0kc gCS;#D5'x9ŗ.079k=y"Frxgy𭘾qO#ʚCۯK!Ī2 ƧɈZf[~7r v.ջȓ:ZF䠬[vuGibD F.Ei}O1j {N,x–8܆VR칇wB1͝ XV jw 09LNaӾXTIQ.WјIu'7|dKPy\YWM[}d_R4ǠW+eb"}cFn>p\MUBIM \l0KmGމprU.I{bV|2%K=ZC֖ T}G;m.MrDs~N9+MU{vdjr] ~Pkc-Ir-3 D"hPK\X4E$p >PA*8l9,Z&.Y-ub~?,Baꚡl"YS葼Jg6RIISQMcu,RqZn]2^ z\x4.NZE}pocy[cZ/P#x.!Hgӕ m]s(uJ{腺G, ~Erg$ź*a]Ϲ,d,bʦ#4U \(?$|QE8{6Zd.XX Grhõ}{uݗ=xad b0d6T KHDN|,mx. so jeC.ٔ9wb6^"eI6%3 3/qޓMSJTI`} rFq^V8Aqcw'![Vg̔汻,]2c4 *͓S>FڜvJ#cG`~0ݳ=jYyի_xN8/i7T J.y~z<7Hꎃw4i m`Z%:K;n>)|',@1P_7S] %}®Ƥc  ZL_.a#؈pHW'iC/[ ،n*飓L=|t:_hSmjPE%|<eKA`bȣރo 7ྏNƦg OՑӽyv\޾"^BU I7A2p,mLo4m)#f]<*-uAϐZ ^N8Jq ]yYYM.uݐiX~rwfOlYffd+cгgbG%&_iNf ՄR~FQ WE߷sglFyJXQV Wb!ށ36Q4Ƶld?j֩MKC;K0Nx`nScF#=, .cǼ[r]"/,hz3TVUd07%ч.cxV AJ.Ty\o(r뉐ozI3x /P(>b7oX.b,aaԺAûk݅Y3;[%ȄMc+1wbGV=t%Z/=%믫ӖE4~xT*mO_N/n9ʄ%2tW;(,HEy!{Xwx$Nd2Fp}Cy2e}y[*dKK#zA: X!W[?F֎BŖu'b`y`0][!@XX±(eC+#j^g]N#(YTV+dpeS<r@~K*&P%k fr3~1Ʊ 8R`AK][{jm}"ZNE٨2נdH WI<;;]Wyz!|ɓHfk -)vpKGX{`R35wd"wԒ7"t6aS"3g[OtI NblRCx:tTewfm0Iw&K'ɘP?]&-5.ژ=g5Mo(=7>easX{8I@8"(ЋӚ11}Y6Ou|%iBA?vh6CV+`ľeGԷ΂aMD)qcM#z+r342z0_9yēu篘יKSҜVcRܘbVW(Vvwjn)!lWDfK|HX㢀o ??i}\}p֢ҫC0C DZ}? 6;Gk˜q!6dS5S̠1u>6+A^6W_iFֆVp~Q/jdN $~]I[ ~"AYm1PH3"mVx_Wom"_f $݉ vFhQ^A@6y᳊.m&Fـ>!DDH ZD?*p)| WZp3ַ ~TbV '6yi?EY0eÞb$lk׫7[շeN;H@lnJpZ W'xfT [Dwq۫ot=@ d0ш3I EG>#T?ǩ/iJSym>~.B 4 )o;O~F`1WKݮw+sˈK$ruה5b %_<\y>D SoZl>gzm2VZsS%@QC.:W+f f&Z^SV7yc"1<͡ +yi|MK9:L(=zC3tys">rG;# FFWY*6Bx 2dbi5"D;J(ʧbT%&j82C>gk^ <Qz61udSgf9׬q趄>T 3~mOP'>J|b.q_9ͽ,׷?׫1CI!hzL]7Y3}_=gȑɕrr P-9Io+ ʓ6 [%rhb7MFEn_Lxo|X5*F<&߭nӼ?Ȭboq>itO܈ Qm0ZS,>"݄&YD- w.j yq}q8BՏ/_vguQ"}g}N; h 7 b_w9GnwΦx #߫|=54ި83YYWG$^UrNaqQ,g DwD:NJU.f߬2]b;T7"`#5qMjW=FAx'bm`JjȉYs?P"x@&qr W !1p* $Πfib5r24t#g4'C9t8lja) ۚ~8axvǟ+tǨ7*yʯ|DE}'nɮ0eNr.z8 m7`䈪T wnY n3o!^(rswE j TXUi1"z3.5=>f'qhAdzoޙ5I,I(ӕ/nrvCdyxJty׊ BiwgK~V/VofF|3u$ݴ;;gLw !뽬lA,FzXg!@R̕PvO%uX9s<x-Pl:t{ (BذӸ>FKL$1y \~^ uG)gppawcbFI@xt!`pD֌KTZ#Xe>X+J44~8+ar$)Vpd[, N'ª׈׮_yPF\nMt+7G  EN"_R]!k G3ϫlh\P=]I⸵-zYpmnF%?5HYb{@fȁaU|3nF?{}ur/ }tj \z}?>)uGntr= =4ޝPLt=j IŘ\3q`gdIe*fSj DWQ%[82Nj> z&o!!7ִ> $^#ݏ'#EDUb2;5?iC)nogȪK8c.a| Dyb~[t ؤ̜'lo?YGm-v*Qn 0yйbN d4Sv'Xٍe"I[q !ͱ˴+,[Orr2Y0>.$=,gMCb Ošq|B.\$Lks"lgt*#lH- t&>,yt.&Sel$Ei_'Z71ZM1kJrIԄ7j VqAod|$d|o}A+ GHN;uX 1<_T9ŜMNwmq0/jh e_ \d__ybZr[5SYy B@EzI1`J]8Wq6b!wciAH(؎`*0d #0 kـhj1bcZ7FشA u_r!y>aLL+~%ܲκ]U]%y:Q،Zr*!eșqLd[k~urFșA YZ