sssd-ldap-2.5.1-1.el8 >  A `GU]MF) E\;pξWu *+-ܣ:n")düH#d"ki<4BGP;zH޿sBvKn5nHk}Zz)e^ & z~ ƣE%-t\|a'z_$7;I&Հʭ3*}9Yz0S\Ƽtp#]W=`jo?jdV$269"Ҭ|ӫgLԊp( ,7?cBL/瓚ֻ'mLқF4 ~ƍ:tX]- U2?X՚SoaNWY|3A |U\tn u!ëEf H}rC #132^Ev Z.ubæ \m9K57 5X#Ҟ>M. ō3Yݽs_.Jnћn@sp@ F2L41ba3002e095d1392a741432fb590b6d9a5a7ab5a6403350b9450a7c2be05097e1269fa53caeb4dd08b1b5dff676e348c9dac9bb&`GU]WbyzgA}ulYi(@0׋Nθ/k_i)wMyVV:2*lX]n/SoQb׌GM?thm幠SKܩͿrP:Cd&?A]X)G.c 5Q#6J` jBv FATg^%qٸWHDN5V{}To ~ i]_0OOóZD~?ʮ0hr)ɗOm52]^Cp^m 6J5u"5t *3x8oS<4Nw@|%uC,N~Lqh{F$YQJdrlu LlhKxgn޲:=oe68w#dFUӅgX*)%d0Xd:8TK%U j6  Y`xbGE%6 CM̐35r7_!re`>p?g`?gPd   6 8>H    ~ 6|.. '.   ( 8 9:`JG_H_I`4X`PY`\\`x]`^a bbdcecfclctcud,vddwexf,yfd'ggg gLCsssd-ldap2.5.11.el8The LDAP back end of the SSSDProvides the LDAP back end that the SSSD can utilize to fetch identity data from and authenticate against an LDAP server.`5x86-01.mbox.centos.org\dCentOSCentOSGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxx86_64)oKE\=3A VkAAA큤`!`!`!``!`@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code) esessvsvukuk2.5.1-1.el82.5.1-1.el8 .build-id8840af64225502c350876cdd8d052287d5691b14libsss_ldap.sosssd-ldapCOPYINGsssd-ldap-attributes.5.gzsssd-ldap.5.gzsssd-ldap-attributes.5.gzsssd-ldap.5.gzsssd-ldap-attributes.5.gzsssd-ldap.5.gzsssd-ldap-attributes.5.gzsssd-ldap.5.gz/usr/lib//usr/lib/.build-id//usr/lib/.build-id/88//usr/lib64/sssd//usr/share/licenses//usr/share/licenses/sssd-ldap//usr/share/man/es/man5//usr/share/man/man5//usr/share/man/sv/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2x86_64-redhat-linux-gnudirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=8840af64225502c350876cdd8d052287d5691b14, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)'PR#R&RRRRRRRRR R R RR RRRRRR$R RR RRRRRRRR%R"RRR!RR*utf-8b5672a01e345215cf231d28f6553fe62830ce11833d2f34899a8468bb1d0da65?7zXZ !#,I] b2u jӫ`(y,x݋kAfe)\Qeg ғ mE4?J$P 2> p20pp nB.{dSWwM+''i0# }*8餫0kLi4kŠjSvfX PD}=Or#IB}G}7C`(ʢZMumD]2l)wjil?,B-(%;;XlaT|C}uHoC^ZtD YpzC4.3C;/NǁjZ}/A(+Ʈ"c\VTvfԞf_&?"vb$7$Rn?Av$\>b#/[c>Jnv;!`c7 5ZPǞWrkJWc0N;ZkHfoe=^c/7aZWLhwS}%tIS?[PS_ߤ_o!RNؖ|?J*xR戎~6ą=Wfj6@|Z]d#[Y{ك=zXhhp>Ǝ\3w, G9f̬^v7z")EBgpBm Vu ϙE]҂cy-0rKi<ʢ׿v=N[Y;tkY6(xnKl:@9FJ}UK݁w2d8I9̄F /X/B~]hĮYDbl1:ʘ?=<8jHlBlOgkGW]{&"doƿ} XxzN*VoӿI.t$Yic/!X{@QmG>T/4̯4=q u5ƅd\a(of%s6:i޹$ kg8u߇Ǔ䙻 qTS1~I{oZH#:aui4NKCLb 0^"`?H};$T-qD'xwQq_Z0Y>{$H<#]A.$%soy|#^U}3rh鸫[i!&ޫ,&uh y;b3><杁4 ?g#,uL~̽U{4bx¢-eXxp  lgCk˜!ٍbN}< :bAۘƭZ΅ar.dԚ+DYzX#XX<1aJ1'Jms%r`;n#꼅F OUpxcS*V ll\bKG&6 hQ zCm~^ 4blw-S @CCn/=QX3KsP-ɚ/RLpMy0آV 3=N/3a1~=b|Ytr T{*,CQ{g1u?It*Ŵ]njt4&Ʒ G%6DD$ؼmhXaE؝uws @Fj0<ȜܱC&HoҬEaNxmNF WZPYqe#܈:zNH"БN@^B;#Puu"u HFgt(/tu̼:$E4E!C h3r8qpo YECn*@x4hƾO.m'" Q'U0(黶*F':gY{8CtD6~a }h}(N~o1 C݆/0Ob[Jo lQϋQkR` n?RYH{l:Gz_"zL,<9ѣ6!tўlCy/7o+[!:ֹI=̯]q^j}M%>'''xso%WS|E:<% \Lc@` QD8{CЗICL_my p;4Y-m) -TS'҃_zțz5aoȜ@pWt*c 2rtI@Z6ۃS:ifq=c[%ϼ!_e!vVvd{:$:݂a(pKmgrl(z&-Aϰ0(APWI60]m-'yѐAB|4lO 44!Uh).ĎgGKitTT pkF MOYy 8H=_->"-4\E fm@d\0>:h=`~]Ĵ؈O]K+& :ڟn˖T&><*ekYd-PZ>TC摠(MH^axcRt"x\sY]Y9jK:& 8e#--+ސ#oADD~ ܦEN4]^ f_Gt'8Kc^hj3gtpN2l|uP1,^VDק6n[_=ܚ'+-n .M)jD/f㋑Q;$)|?eԶN{CUxW_5:jD/rԡ9]/Fz (Úo:ӵ}\k8[<},k?D Zӑ)PAB(do͸Uxu;uδB^9 rljEq8&J|rnگ6$(PXm B؟0suNwxQVc^eeG8,bA}'MvzfyVYMgphXH |]QMQl¥ 6^+y+3a5/Qs'с"3ݍٜ"bd\>kҽK.ӦN`3hBWG=fDZR 7ZV@3(^!d]SG>rxW`Jsx?G>ncsGfxm뮞2xL~7DJ{,iK`R&GPPUmGԉ&FO \&v#L&T탽{H*IҢT:jBy4I>.c(g>>.IxN3ԵIUyXjlE M\S8 artcSZ)E2 RS6eNjw7qD¦`3ht=ֳb r?2J~3Zypۨ -^qF[Q "ě[e3ݛ{'LN^wCWK>Z?;n{:gT:TԊ8R+xDصc-_GPb}!3x,PG'fvDS!D_Ÿ7zۨD 'X'?Zi3J ^77̆XǷ1j7m_vuiѪ?5ǡRd\XRS;WegȻ)g{xch`_O-: aӐ"usGcK=#A͢ϑܐ~ Yu⭴4#yEҒ`h~Dcfun {"eiOpÔұ]# Qĥ @;,k!!x: EW[ɀGt6\#'o@,ejXzAGBum5~쮾V!?p H&/=p.X8KY9PjS p) <9ʶSCOxLUdN엣RINkxaP! u-yQ}Nu1 0]'Ћ]aFII)α+lWvvCdŃJsv;_"}VjvleOʏ,sLٺ8ZjFgЀEtDqhÿ́M7_ , 7é9\H?w**I~DU.5,@X Uǧ]W{4So6ty DBaO Մ:`t98 ˘f3`SL*Pd7Eۢ3!#+>7f uc5* (S6u ̫QU֊l#aByxݵR]S>fitP a/I 0ٟ[q,C%VhtG=hj:i j:۠ù|,$m[E￁K>46*qe>X *9)~ zv9AGLA]M~VY%f~YƖ.W}l.GGj3tu3:MƮBY 6O`[WܾQbo=OwJ7:zBhodO'J)0u5mef-#[ǔk3gw%Vׅ!DBQ96Ѭj ׿ԗ;v#R5 vN<1 Kg@V68 p4U0(`;>nʛ4s# m?(" 6ax~ 雬lW<7jq4oEhbE剝L~es0-0.Nc3)Ie-\"Sуn;{* 늸.aE+ˬ=) x$'e,9UT,3+~m;)iL1k>r<;3嫚ߢY͍suE`ӛg@DD;J%BjG7Qa(2LnqsBUCig8/n np 㶮R z?\b̚F wS !44.^sb7g~ 1% h% fk[Pp 0SlJ>9Ǝ䁼L/mˢ;<"<h“>+I=$lL~o%qCubɀM6>ppԶ%NԼuwc ākK4SԈzN"uc229&FH\c?ض~%oUH;`oW(; NP&?A|U~o׎ڊS>Pp-g\@tRPVs2I'W2_tO~~P?6^7KJ-(m]諾Ī { \IHvfa;<cާWԻn}}sfzX`)j'6vUUU\eاYMoy_E7F6U)lkkp N# qr |)Z3MjGȈ@UZPJozV40HE;~*KKZT僷CkFp0wOI~Oeh,F %;My8dУέYDAWGU@*'9:&뗍܀d yO T 3s3گ>rAjR֖RJ;]5ƭF,AY&/C'ֈ"X!쇒J>78‚L)Nʰ7㇘RW|\[80|z=EJo:YNMݍ@h=~d~_ 3;[%*p=H[h{d1CJgŎX7+:6#vkJT[a=H`ՠi'̘yNh9hH |M!Su:,WIVfPX` Qod,z+/gX\q΅܃l^dۛ:jZ2m= 75*@uNݍ~,[d{T"2=W9):^‹,E="$,!hI_{t3.HL e!ilI]eOe(lJr)3ޗ94g^D%1*}bY1_SXO|z h$^-rbAyB`C3֘2Up5b#CeR*E ^吖)u.J@rKby&AD^jKdp>,J;˟U׉ ui \law6l e ɁmźT⒤ g  b3\gbU=7:' AV,Vvhµ/満fmOjsJ+3YsY7"8_4n$+$!&(erc4@0Kcٝ\ÖC8+ڏ#[^x4gsC!t$z~DS .TU)x Pրrh&2Bd.[_za M/=+na%l6kqcÀi uyq^d[h!l7Rڮ!1}9 B ܫ~I🷎aoltӐbm(`a9WKR%b\&'AQieh4.whfQw'[}=kD&|"Q7F2K=f+joEQ{c̿>cjЯ3z5Z(=?؛1 ^=F<`"(L{w_V[9H5<"B n6<^<^M9r6P&HM`dcF[NK?q[RDT7zSe]$F שr6_c׏dA/PNF$f8 Ttآ%w o'Q#|յؐ:R*/*+$i wW1;`W۲Dߠꔭտ>Nȓ%jge `_1?Ӫz1d` Or99, #Z{PN-=~&FS/&\ǓÿڣB"k` LYl512A5M3~#3=r}мBdgլJkڈP1ᒢÿ'Fذ{PGBQCB ks0 ,ߊBFZ0̎ѳpLɗQ.8vT`Y&( 7sk 7G <#bjDi؏E#QQFwVo6MŇ^ӟύ7PZ P玪!@ Z_SְѠ3.w`D}FV~$yS=AyT5Dm>o @4rAd;/rCGXulWVIanK #pG:✳eMiJvL`ȕEN()9@i Kj6TyO57\#|)AX&=m: 'v\Gjȓ];U ~8өkQwv/ɝY,X܂*$ܯPVuY35ы񓤗Dx"Ji2Ɣ?d½*= {b~}svBS[oN2d{:9ZdWU]4Rcݾ.^KNOUu=ὸik2  5\E'2F)Z8HY1̲?̤(rI8kTʈuPR4]Pw$n~uԔ w.f[/=QDDvowCg=U4V-$"{;L<[FTOJCmԯ _"/ GUX3W3]JJBۏY~hw0;׳R*kѹ#Pyl;68c(;Xe3A #Z3me՘  b2JQ 㒪lSG[HK{bjDqoU.fwq~.*7H@x>T XKR>铅o~  pv[(?GT`r9%N&H%_onjEx9{Yj/E]K["EIsx$a}+\q @)xi`bpУUBoXJC#9قs:.E-B0kI-}XZ Z5z3g_A0QŕXd~la˷uSGz{8 z#d='uNTp{Mf'T E ),gs*j"sXwjW !!q 9Vו-*4}nkȂw)rMZ9HAŎQp@VN8>l#mCf"Kql1Gݥ<*ؖz CېhxX8dĹNKE0iX#sJi8&-線fQԓ*Qa:G9T2UjZ$>,w]vv{ڈX: &<߻c[gZg")VIizq\L0)Ԭ?V9Ӣ-E18;C) Z7a{ "ݼ]=hԊ>?p1Z9OY3~Sn( &xiK*h"t | NVM ճ:Tԏ_|7Fj<7!]Szn6+>#&C#2 pծ{\g6~>~0QzOI%&:ZB8 b-v (=+.S0Fұ:\JyHRcWQp#hRguA/zx^S86R'bs$t<\>}ȶ@mJc%p¤YǬZ\j]c$@ҙhǽX#tJ7 1y o-]Z&NR1]Rs ?U6};S~5WO U] HMOʨ(Xu=PFP-]b/.Yf|'1"`|SoS!r1U>ҹ0ѱ QgwA}ۂ?eOdb5M$p@󶦉aQ8$BBK|?0%ť ;Y9뉳$)S$Q,(ک7}\U/c}̂țRNID}1Ք B-MFn~u,!AVKx"R90F .GKtWu}p%3r*ݪK] ĦF_^Y:@lJĬ38aNJ5=q!2?F]i ) ilpQ`GжZsm(*~3|/eƅQrR,X{cQ\=[Yvrvw# `ecEm6;ǺJyבJhv(HSg"n~. }Q)D':lj N~eZ f&ىfJ<(&:hա4**Ykd-ulZDP似h =>*ǒָ u(;#ХǬ<nW Or?~Q<#@mZX^t(a>YEXI b2wW#ma47m ehn`b/>=Ÿe:쥖[y52jW9ж9ShlWl-3ܸn17f'.) 4HW_dL'R/jvpX0xLߖ1F^ 9|+ǀ iP^{O*!67S}4,U٩&D'^)ƎWVQTq\@T)݁sxB14Rj[稄cloXxdbP(F'/$oZk`eػ,LCBaR 9k:BqQ+p@2fc;zSR)B&sƑmk# L`iiS'gmZ 8K4\*kʹN8Ïw'+'t ;T}PF 1W^M$X rPűy*ո)<Wd7J.=X?1{Q mfxc]`4e!&':s]cc4`HC@ 85Vy5-)^bМ  v57 fUJP" PX{$}>؋[XXW;Hjg0O5?G?|,SBԤ"#O,xƠEl3"wM^0T1LI!|j{:3 76:fAb>(\8CODtHf[TF4ɏISD 1Cc9/UWt>qxĻA!jCŖ5HCqqrW8Td[#-h'W[q,xn;8en?*=Wۛ=g붥0ަw鮕+6 W(Dܦmz h*Z3gz ('Pev PYq3zrrhIfe'*/IӸ{9K:Mi/gM9jSMqBF1,`5fTUW9Uv6*^,p<%3u w1uz&. eReP HߗjqЄBD5h,]WyHu#O-pz\QĐou&`a>p9Qi|P/ϝu끿mc'J8zynP1W5Xs(s?ijsvVH0tI~2tzޘ)E OAF$ *<  jcw9]YxP PX_R\8M;h7fu))}k8#q$6M |?ذnlRJ<[v_?E``: vs9AP {ٓr>Q.b#nc!7wåtmWœۻa a+ ` ݐc5ja _u\^SS i_m>k*`byd45zgºcvɤbu;IN獗h97?$Gy[W-. +&} Gi2msn>]dY~&2Vlqg7mX˛3Y)$Pt[x|Bߙ}nIl38y&f]dl+;u#JK*{8Eb{[*|;=X\_ߥU`P@b%eg$r-!]xYګY#!A7U`末Ǎ;X͌w_2NX8ZleG +xwP D0pyn OMh.~QăA)E3ܣ6+@> ],%re7,=nJ}]-j/&Av ]+pʈԞS|D˱ЬZXi4_(T0 jb0ĻOլηeXĿQ#k"íTmI,~:O~XZSGУi%A;5mFoW0O XȌ YTr2G%ѷWT G3 hRoCmXL£%u1ʠt|ݞӭM/y. Y>"Ҩ>p, Ivd c%2,j`P-U,A~4QbVvFI'Ķ3);B3?G6CPҥzMx ӂ%D%ɼ4%z36>TF1 īO9S!"5SNn?jƾ2%I(sNsM:?Ԧ/+=墅Zk]v l Jh T)<@‚'9%ܥ:Й\{f9=?ER[S#͠r,>Omꈁ`r NjK4SyRi RB'8KD/X cfG<^G *6L!Y;5u=.H޿ FCXݓ|x@k@x AO(T彗Յ㯤xW?T%"(ٰ<x>c҆Z#Y3,opϕ %t١Վ䋇1:u`:r`!Rm`lZY6!OӵC-V Z&qh]9ghH^)⹒:k&*FPhchMꩦSkU.%SS,v$YGUdzݢi& A4CEI„)F=H Հw w¨]c0GF䘐n3]cyb|w~F+b @N)kdL'ɷ`g=h9ۉ,5ChWs~PTb~S9iFV!a'rNz>`n4-aF!Vھy`8D0~?ZZ!z z T#_A"h_%]Ce`4)tvu 앯{/ߗiSV/QNharseLEÿ)1/Ϗ(*z2Bo#7C>mh\k\F8/3^\_Sė_|j x'mĄm9M?vD4Gf*.dL$`K?܏u_?b3C~I) J(Pb wJ)Wov-G67&gٚ#i8ˢiLo-5,FLՇ>rfٍ>u9g.BFMOKϑq/E;{JkqX~ĞӷGex-P/%ƼM>d~4J6 h'sK1PĠBb|Kwc_Illᨎ;VzTh5~B#bVU!b?Ab`djAI-s%ZiזEi}ɮ$v.[9mtG1[TS[KEÖ/?0MW]{c*},S,Ds~75i;%?!|CxXV?%h>K8SpPM} CO|zSqWW~Ȍ}sNدe){ D8pfdSj aA1N4-M!f7}|_VkN7ҢG,$c]=Qn/XToESиNXLq+Ez#VV#ǝ&K>Z#eehi)"Ugb6M '-BFLpwfX#\U HD{AajaP&쒚f^\$jVV׷S,X`#z,Yq顏rrL㿌&pS`&j]z'NhxRw$2XN =ot L,z1mXOH D@4L^նXo;ަXc5k&3f^?БL %4Pd`}18Rl!JSEmpR@);499(;32 l!*y|uO:ĸ :T;&P3( fkif1 5&)VBeVf 6ci¢^l(Ӗ^7qlail\V*L^Ga8=U7HR1s!? "k#QLwjA-)IƈO]0hVuIjuc+X"e;ƚF VP;;ʉu~pѶ4ۖtmx`]-UUXvw1PeSk3Q2(-[ϽUzS.ZG/f&ϊ۷;m] KKi#\GlK/>iYB_*@(.ٞ*!'E 06/@+̅u~/u!Yc{wtMM@0I3Ol&S&VRm^`="qSPH;Yy6M`V >vA*e `m) q+f:t)_'-Sߐh׀1.y!%*'FקG ]?TĂ+:D}VY<%۔MU=Ml:ðpĵoN&-ؑpxڐb^y|нr6sy:d\ _,tW߈J k-PS2>j{d<|?ݭs_ѹqC1kt^Ps*?>d.sϱL8t}ĿHT;5;4#4*\ٸqD\zp62 JAFK$hfb9ر)i鱴eTy2I` y)5$M75hU;?6Y&\R|Zz$9 VOaJ9+l(LY:tL%Bԏ܁ }90&1F7-SVz~7O/t)WnKcaBÐyj^yNtMgjub.]8&Є)R>GU ATF]p&Q*{P3ANI^HVPm~e&[5'IZ3cϕ| e‘Dp`ӶB,BݿCrBB-D WRw~6q AD%z5B MY r:<#\py[Ϙ:\"3L'Boqh¥ QAxR?J6Eǵ-σ!c3օΰ d;7||5k8pBCߓdS>Y̡4`7ɓ_N?N]˒pblf;횭;Fp5Vxl#-dg>]tC6w28 Eٛo&2Sc]ߩ|$_2^*JDռퟭ`%,b_AV.#ScF˕x`%xS ]a|lER؄Bq3!2 65@:LJOjU#k$dU"uc0rT#H5N_ MJ;_L@(q4 8'TH+*]kn_/a+q-F8 ) 2P p{C _.Q_6f2)&p_гod_^A\;DFx q8 [isN;*o jkI2?7Ӱ`Z˦c|x?|aՅIٴy0øZNh>E,8 ~ 'uAQt OzN mp/w2}RLx۲xb!z^<Nk£ ]éw50ԃ"61UQ(eF^8-p=Hf޹;2>q5SGAV|-'џlc*C ec4ø92>=pk^Tґ* ƮV(?2Va2Ұ V)M!2 mg Vt5[& HsZZdQ?fttRFd[W3듯JE;0Pf9CY+S"mEٕJ׷|@QR-ԥ /Sy(֡X,cJj_^iHrH'@Ը@,$؈hi~n) N)k*,c=$[EOaK;lH{ufw<8_dY#5eoCe?_$@9_k1m=RBQ. k {5P i a]^ϩo`5<$R+ j9KnGصP,mB,ʲBݦtAnx1Qk:C K~7Od)N/ ڏ@'rXc[VuL/.38᷈ rO(6C!C9k*l`XKaL!עH^D⹆r*_{i$'Fݤ͎M;Zb hW_|adC9E.c"uπaz"w/TpT--Yű &(?NՏIu24B̏R#Y. QaD/uVuM>mwʨ?]yUoq|vLz8O'þP^_([ℛhd)}2KlbC\S%sư`g[&͎>Ǧ3ٱXlIGNnSY4C@ ~s= O#PiEhmMJWiHI [(L[:)/RT@,h ID8;;6{*CW2=7R:b9BiHP/[h*<-fi~y?dalQ&ygmD[H7z4 >{=Љˑc5uRXy-%$LduK>>W6)q)\M8'"2FsХ?2P8(+. 91N#+*nQ}G >4}˯St1nto LlN&Pv^ ShG?9Qi+!Пssɺ祯L' 5&=`c7Ko'SFq`!UD&J!>=oB֙AH!Lv[˶Ƙ!Y0? }e䗕K1LUP·Z"JfzDzՈ:X*:ptJUW5X"|X0nxr؁pdgf'#^"DURq4SJװb}-T8oֶ`OʴT8 -Mu7gϊ IIi7aBbiܱe2zlCzؐR|v7M4v[?&j (E0-XED*2G 5Rer BvSJ=l0aKR1NM9pjFy>ԄrA{S>ê,f+&+xSK9F&Wfa$w+1h- [ ~ss)tN~s̊!afp6:n3rs7%5o('<.;+Uin^r>!43DDlͱAlc{f-_WyhY56!eECu#?v(Z:L!AD}=DrFb_ߣE) f)©& P- puQRdkC}eLbq`!T HH_{RLZyulҺhH3y}&W leXQ0. O84Q(+$s)d@lVrԚ=<_Ce?9E3"L*◾}v\fY$dk+ϙ޲Ȁ/y/ a`j+ߧ*p^4(07[ Q= ~bt;ÉYOoǯ4xT&tuR'_RnS8tf_-&YJ -͆K~aH5# .z0Ivemqڕա#.K8?2Uʜ\C6aV;3Ѣ(x⌔Ͽu+Y%v[WzPoES3籶A )mQaEћeQCnchm}zR# H\Y^lN{@`!v0v9/ obALHC;&r"X~^7]f>6}Ed0UHbe_>حɫ*Cׄ$#g[ǣ1M^SpDf=Kf9JO14yP+9䶸PmnN^Y]/ e}E=%]^=Ws\B9%քXk~7X7;r?x?dPLJ i/OflP` , oу04sΎg$7/qoivR51MN&Es޻*g7?OBľ;*?6##5t\x] 72_C7Bz#pB߲k2g2{)FFnhfޮ\GJNN3 aRvĭC=XSSl,tIXٞNh{ӊ11Cڞ¡VzI&' YBEJuv6!0==oTC+m2v^bvNRPWjf- ܻo;MGAX}C"![tߒ7WP=< }ִ:P=/T= ?l3B>BUT5Ћ| Ȫݚh}]Krxj>LBD3/5'MxVI1=eݎ v{k |d%=р=%i ,xcsaDEWq0g` +QhSc7.NA_fKrΚ LFC0xߊW~4:)ie9W3$>t 7&Ư>m-5Vi}Opie׉ۄ$tobXxy6O}Xx? ue8lzoә_~0‹l]߷t!wP7cE%p^}ḽ7乩oHzUdgc'Zrxrf\ƕPkbcF=3gw']6OԡXUލ_;j BjX -c#|`"%{Rv RBԼR 02lgkp۰g:)v]Hhup6ԓFk&%Wr3R2(*\"_'ׇtA6gKĄ!ƞ\2 bVBKo/:"&Ci|E($R5W]ڴ'*/ɋ-Pa nt'v XdPFYn*Ⱥ$ȨS ^b!;9==ݕ!5Vr fPppGA@U!!*ɭkN~RSc`'ȝ->:Vҡ'ΖkYB{ew@q ZjX!HGYfߜx~:%cRZIf.3PIX/OdwA{qi= -DpJ$3b&E}E=Jeޏpmѥ0gQaOZr2Sf, ftiƮP,w!;Seݺȱz *<~hjW\Ny.&XDԞT\gm¯%*x7Wq?0mD|Z3)eF "-n:5X&9 MetH%} \{No n+oq.`lPL s [Zrb9Pa0“.-Bnq(,fle<#>EqobȧePeT6!k]Jl[~ŗ45%7tImg'ozwa ASRG٫whԃ%ub+{/(hK=;ih."koAAw[,3}ng}Srؖ"̓1dzb2#^!T[t ʃ{7GsF~#D н6S?ܞU yXz' zv7 YA@iTqɆ H (=Ljd~wlY^WQx\`{P46|AU,]olq|1B _1Lp=O=EBj2JN\@ ڵbqWY_YcRccHyBNڣ"ԑr'i|1#b\+.N s%J޹ʼ +|{Y>8aGd6d) M IKRO?9Ix5cxEh/e'prwhT^V&(<ղl>dpMh {:Oh`KV [uB8 [ ^Ql?HJ>H &5΄oI0c+(#F@m|fܶ({-vF+T5!xiMXE1Ojag ޑђ1ˋv] FE8<#ܯuI\:IUcNORB@X-Gv> $$h}"x_: E*jXU/9Y #YW 0&#vÉz' [E'94pR n_u쒂yz`ûn]sLW[hͦ(YD=ޑMeyL,W|9:VV:ڗ0ֵۍ% Z*Qg`6bwixw:B]^knrh]Pn-aa8M_VyMdu;@ؑuc \R6z?ˠilO s'i |Lvr2q|5.Pg WZ uMQk (ct7q_C8kS6q]$'Jk-A@Z(!Gp}תWcyIͺc4 Ѐ{lN-91l^@e zf4F_Tٓϒcl{Rc "_,4i X?1lI< e8:ࢸr%vۃGWGPӼݱzEA#mvȢkf*x8h=ޜD?Tu_R)GT)> F~>pUh_@[3FnuI!_*UCNT Y?Օkb=8&vLhd[ZRy>}p'J =Mأ 3Ayu=4ksQT$3̻ȷ/֒1qVM%-w\Z:P11UXj~{+S'hep//9ϱ kkMa KALc6MZלˎ򔿆W'0"KmWHjn :Ѡg<,4JH| /pn,Ztm=%q~SWL+q?"'s]KhI.~ͥ\#*Śr<_ >Jٮa,7-׸*.U+LPSfHD\Bз- |0Gpgn, 6)p3(Й-.tg H0>z_f0f '<.pp̶qy=н?(D%߲-gR{m,.et~̼ɮ@05TG]){vVe(AN\O-ra[W DE.d]&h1+l\Liz U24N{=vY@z<;3]ePAv)Pc:\ EO\ HqK0%5 N<@lU&ajn!$K@Zgceѵ(R VknT/l ;Œ2Y|wseӯPYx2όh[~]eiFɋ/Ÿ=ը.FCHY3O0~h'EF7_3D7_]d~<>YED]^HŠq7ɮqzfTEw!qhg9ny hm:{BXikăs IJ2tӀ`q"! iE*rd ^1N<r!Y,Bbif(>S=E$Gs[-Y +Q9ؓRRj|oe*60-6lYQ=_^Ϙ b78' $tt+6Zvi ~D$)1ZUٗ-p8,FC5|[f1u^9d.gƩ$A no z|Wو{pc~#_)Z=gaDc':|mNt=e+̌ wGdX؆@z&FlzC<ÞѾ$4nJ=M=UOXW \GvKRA8nմj^"w=ߥ=>2Yʶ@߆RbFGFgfjP i; b_n7VXǬ63N1ݵ :zUs]?K 3jw_FPS4{o-nZ1GCs]J+e JE'Hrה{+͊q`g6ߥǞhL `ewI]ehŕ73*@ǩ~`>9{L4Y1G+EEf?$hz+X4? {ETzq| XqU$ K(n t|X**Z7 ^?="&M"*9qF3vp6pܠwKA& 5&^ꑓ v<ˀd]^'Ĩ_jNQL{4ug˚{K>N!JASbEחM򶂍WF\.ZYغ6N~a9BJ ֱET[B,ݚ_R}(+,6|b)da8![ts#jn'S5c^ z+q Y-a O__qWD &]Ѷ-@V{# ljƐl[´c .~:Lӧz6~aEJ^\q Sm,An"nуCT/#maD@lUʏ3n cUܩj,-+}`'?߆6@m^^DxV|FkˢJxm#]#s| /TI,fB Y,b·^όDwIݐ$ACe4i+Y` r DmUK׫0}T ylJm|vW'BxSXi z9ت XR+K `q޾}aNL' uS*PՔ쳯n.R5MU@/d[r?+z((1n`7,?:4zOB+.~BTi ?`WEP.x *,֪: MCSx)D$ #ٵ;(Z=" g6 #)ɟ/*ZTAS{(B8 7rmY^7vdY^AȺ4Pְzb[*#ӕş9"Vxi)5p<-(\i!oxFIoe,%d (#,a|YrpqSx 1y(R{,|I{CmAλQ5i6,?#ރg5Kz0eC™pF_qefISƼK&zD4?~)uL/D֭%("{"lV۩BBq+lvs1Hiw:-) 8#e mP"䗽A!^@>6ۘNLRxĤkdJ'^=f0;n~8wPKU`"=e3m(ob:{W%̶JNɢQhQD{"6l|ZVkIf;Iը*yj;q?}F"cn{j"JpTʠ3]FqLikǧY'H,*|>~((;,{#s| ݝ"hL6:$/&s4lҖ?!E;ދc;) '2 P,ϧ +Ɔ`=cg%Y+>lFp Ag_-}o_l{Vd.\JOkhGC6< 6ѻ$ߠBCgAVo*NcXXɿvi+^kLm_3K0'Bj߅. goЦU1hs`,jG@Ɗ2O2")1t范gHa#yKc$|p_RF칢E'ꂓw[dB*w/ۺ]&D3 ;螘.ДM41V_MEFa)fϿUZ,*:? J9) ͺa#R$w дuB]iR9V)_E&]2T:Lstj:6bsΨh۫9lQc Uߓ,@>˨O( tcEca'7Tk/}ΊW鱿skYX鳷x7񎊽L O&5o@B?>mB@k˿^8¤)\^gŶvO(FY4zgPk-s;h:YVk0W&PN~&/פAh]'ҘS&jߑ/$ n9-uL)hK 9Ϻhz,tLsvgG)3sɕ:F3j&x 2aZczlkxu.>hI{зn6Ę} kG.47:lUɏNۥA6 ;5Hs !-ZupYg1|G~ՐT4TsE;BlZUQRwm,TS̽c$_gIX m,j` w5ވ@F/cE^`-H!``UC?cv^CezUXSڸJ7@pr⿞[CzƐwp%Z<ф0DbYkfۻL*RLljUDUI Yn\y8IvPKR`ͽd6 aqiL9aTdB~l*$(re$ǮE P<<9.Á|; ZgJ apS/!$70Hdp)#kޞ){!ĹgPpf_HuU$d]#͛dyxБ>/];ݘՖNOA75Kq!ӫi׺af.?74 Yd L=FE%8FQ2۞ҋYOyt`iZnfk;&̍zJ-І_4% u^Ai bܯoyh N sdf= c`6s;h_1e'#c9F#{RzAE m2z\fq3bjI0meT ޓ$S U#`Z]ܟ)f|tmHjb16KƆX/#~kKVO@} uspvx ɘr-i+NQ|Ä5F>tdY֑/Rzg5v7[>PΘqM0-_]Ҁ4<|/zN'|^C(- ^bsT'J;5A*aEooE|*pȻ6V!Xgw`iʧE^= $t*׳5D~ҲLK\3t:eq sȌ l33h:2 6C(>rBU|ZwW\d b I"032:ůXUIiAlU"0P doA:yK"1]´vDն{9YH欤4h,F.W H G*խ/C!yj#0~KceLDP,oЗ*oz-gppio7=;;Ǝ΍(^;!_yXij)N)^qmQE;Xz噎fJA9o'o3[/x~T_B&h<]^Je^F6f6öJq& wR%uD/U.7aUTQgvf҆~a%ǹ'(" bP!L4]X։ಐ'}\hEԧrpQa~3!,* 0}|MdnhWf]=@LKM09܀\q3)Et@h<$SM)>:ixI&"c'yIB(HLINUX}a>`4ϡb*+LdB+Φ{}tJ 6n#I at<֙(eL56mXC Q4ף?MO/c9MJqw :yޑEkOR`]΄m+n $:g%W],8f4@&DTctqF K@Z: pxVu#>dz˽O*"]>CNi;Q\&+a䫹-ip# rlVԔb{< ۿ=dz"L'@Јr8ޜ=U6YO h yO"@'|tvx3n2bLs36_g4%vx?qV G'Q|A*KdD:jbev3ӸM,!Y Į~rHMyWk%XQ&r=䛥lt?/ǁm`ލZW`g/ي~vO8GKR  p]w>PDQ}H^l0Od'4)NlO?]fWSOq9ۅuƔϕ4|e!RkhV\&VD^ܹFلK:+!*Q96Eʿocޡ╸y 3 fSSz,]FcBq%'U[V13ZN2W?H((?H;:GK u/֟>Ùf jR%$ŽҘ0w3 zUCkҎޕ;0G=X1Nv{Tw'3,ȨV CMDFj`iXϼV~k:eM׽^jiIœcKtRDUS QgfT%,S!y U7C1ۇFQx_,>!kq _]CyQ`$aq/|H؇~j?t:84=absy<Ƚ4 c\̢⣃B Ďо߶ve碇ʞm'XqJRxʙWo;=Bl4Pw(ƪc-ԐbYgx TGD4|bZ7,R6 Z0ipfOj>H)ǬDM;O-K1>}7+73pAD@2JTXDGUxahb^qՍ}]fSp33Ԓ*m`y*adG6]=7{ j4?/|5 alU ?I64Zv5~- }|¿˶y HP>$PnmV!hrl6zi5*xz(۞n}ե [<• EUl>8L'jn$#%|s:$wO=VK*uÝPJ>nڸI+cP~ I)(-un1ƚ4Pas3gvЦoxT[W'/v <*FXqk։ZUIH2!QJ~4?*}*YqWxt;#ب$tj|ӎjђ8jow1zG#%tw{w|cuޭ?&k׎{$JNoePGKTSj;;&etcQ9$wQ`843g a ]߀qo>VN2C;'f;EKgQڶ)LUtjQ|Nh4nڣHL *&bd:qnoF*m'z?/ǯGpz~? SY PfV'5hY!)։V+PO*Ty{GG7œ6sۗݔ@v1ǧxb 5yGѬJ!L"rvO5q{ iڰ`oJc3b[Zǜ-1xj[엁bܘILύ v{>0P\5c:Hj:@7[p,Rb` ߷k -h{ԶY!syi/yULߑM!G:\}gjv<\J3%(t|7om7g& h+b#8W;YO fz2Pg}e74#'$KBQ =p E):dr6 ghg;[hiy2WZ 2D~jQrQ]_>B`c1PH:j@E+rjүW&^i,ec YzXg茓/zV!E)&:lxEsȉ7&jEβXh * yJ<[FDŽ)/f1 :^OHb(Balou8nK K9qx q[0 zUGSR1 )qߵaTe>`S#_|c^GV!kQ@ iʠR*AW%=▝3[d"@]Yir^>8a0ևȕӄUGS1c|en7sX)ޮ|w=9ɫTJ(7giS6! ٪Ր \*2}iD>'_qnAL`H9T^t2V~>S˘u: %-ʵ\ۨL!V%Y9%!0,Z?#U^eQH>[tBLK 7$ʄB.|g(#Hkj0 \U" Ab8"(`&*ثu,T30M|@ ׎{u7]e^?P9c@t;jYZʶo\+0b]Aw>MV\޾ qf{݅IneT<hxyy nxMCtzkR"j]~:XvZ R»{@=yXLj1-><{b$;nƨpVM5]@S%5m:$$<+U٭64XuCg*tĉR>Dhk=/<N@j ~$0vkbp.Im,pX;?# 4NPO5gsZ!θ}ot:#3;8Cg`0{uX)6*wH1 "eqm+sc,9[(,µ;<[mm|JE" ,EL81~k Sh0 8kМF(hngR55eSA`IBdM {JBie87PbLSI$?䢳g-CXv^ '4$M G%?lM!G3QRx^ ɛW0XGW Y¤c6}PZ'Avm:UH,!35#jK=5EЛqaߟq|~wn+VK<p߽74mb]a_]06g?ABcިSo,lƒ5"E*{F'icg%m|[ ygWCe,FD gzɏ; e!y!x1]^nddENn0[Z>K/"L3J(cfrⳀPzxئ^7;D+D<1WdUt9IɓW.QiG|SLJ(IۋZM3d i(6n3GsuJ6ه-#ߌ籊AM`e4pA2?DiEɄM[@i +U_zSfrWQJ G'w">mX(IN4a(h,y g MSy pMJNmW1z{IV誝U vh:c:`ZW] ;Mơ00fCGqmoT2 )hf6ǫxB< ds'>ՆmYz8L/$ 0~&n_u<҇a(y*ּԈ F 'NLr:0溛6p/kK}n&>YqMZ?7P*3dXVf&qOY.8a\{-2j1R^L>{X$tc4I1-)"i!c\;Q 4l .K1nPlU?Vh4hj/cBֵxM{7Ua7ƙfۧo`>@z)-('VA&jc| OwLtX+:XP#悪+p^SU"ox2*+!I@8&M63|)f *{Krf>_5CqGU$x=h~ݣcn,b\% 5pM4E ZF y/ojTM.E_<A\NpONƈԢa|MH}2|X0NJ0|ե\$#xyxcw&t[&}$˱gm)P+ }olH$'"ZPBjxfW=3Ov 6HW[jM]==C |Urg]d V^ m֔ihl5Ѿғ|Dlu1AI4Zêa.F ʆCcF~9;9Ae#S]q05\b,1 swݥ x+}+ +]d% ,ȷUj+pPu:Z-.4thm2hg0\ٿ X3 CEycCv0K b$,gokc x[ o.<$EbJ:.jF1O# bΧoMyV_䋍F1 F_X{2HҚ5>1~Y 0d,?uV/'I>֎5E` I֛ Lf@d^l۲FD(è~JN\ u>9D6MN X<)͢(yK!K7ȧ%,EuK5]æC[=܆N5+I?eSRh K4qnSd) 7#[]B箘dpwfC#2T?=Ͻ[C6aevא8R sܼw#Ur MH}ڿ J/5ًNI\Ko-`FŮ&!_a#ϦdXePb_+Kse .P 0Tӷݾ;4S U  Q*:aoE Jkz؛sDU'Jl"S=`\jAz MzҊ<w>5p6i:PIQ:;++)p&st ̍ۡiߎaxVcu<:=,S: O`dJ 6LҞ5_< BV+S L4e F͵}ϗ_7済O=KU8 *4ARb3J&- $-3#.3#B*!"sO'[}_5>,2k#uXypD d%9 :98&ohݬ-TY}0_J-~ز6ވyM%+/~@Xc5{'FP R A?AKW)EX(n2%NTTirt j0Hr Dz#y`+G e(\v<>"2k%vW"뵅\0X ]o̯~wNܽ% |KCN)<栁bvդ\Pu%hWA :Wy]ٮi_pSo1bYSm0evrG+&Q"nj+w3- ;!yf"͑" V @V8wre8#v X5䁪u . M#^}"^}1TePg]+j%"`iÅ&j.[9Cs< u؞Z ?1)0=`d۶*,&!Czzz3SXRag;]NM!$2pZstcZ5Ef9y@J )(Yw7A<֣J7Z[uo?yT+ڣ]K<():c][= f~"7/e2… ,RaLmARMS>>GOb|:pK8W8;TY!4v+*G}Xxml r%(]8 c2Es< JWpiZ3SYWȣHVLٿ![Ǟ)-IHqHUJ. bW}8 !cN4,T%`c&]Tn&55U O}.t%)iBLޑf=>dח[dX6luaCe zD*Ismt ^DCFHdCU`qr5ra%F#nZTf{A1(}9*{82cQ7,pobĀQf9^Πh'"ཬQkn85I14;*ZOKGYus7 '!x/]P~Z?|g [jviW%E.DcX;ÙW-l?Z)pW6z+A9=A3h`/ S^<Ab@#[5{V;+oaV:i/:GbjQ7v q%\W"g3S;_S_vC:om}Uf+TKct֩SqЏdGC@O@R$~l |Q^ܗ"(u 㾫yqVC;O}kJݩ+n*~;\. R]LY"X7 :vyKҮ{w\ ei %Wrt̸? d#E"y5DD/ =`MT@s"ܸ o.qU?lo dBd`̽dq4 ya9:Xp̃*6GMTChX rUES^%6fقP[1[5NmHLHŮt'8C&jTLR<HĎʷ\[j_/bȊ?-0s(+/f;m.7qPLvL>WC''(oH~GaJ >bp%uؖEDO۾m4>Y _ nNAxД^KW,n779wY]3E-| °lU&vnQ1p&'V&%]FJ ^= A@5XdJФ8ܨ)3$G7 clq/ EGDOf嗟 t\}nkdȚȵ[Օ233P8KS(mdز20 μY%CZEwAlZ_3mQ|NV~e2gX\QSXIf˴qR٬%ſ Lik5KjRX ȄM>OHiJeoi& Ŏܒҏ5-7,ao%H4>1`7}}&Q[(?;^X0⦢ w 8n,HEU:z gs4qqoӱEJDWWE+ڽ3f3c]%+dm#T̷ ĎϨmz8\FuasoQlDZ A{Wk>4UR=F{O'"<Vx`b/};+@<ٕ# BX*K.޻|Z:ĵնD~bcV i@)5gOQ( 3[\vob.u^leV*A2D^sOˤ*iD9vkD0t;Y; ໋ABI+qȃ,3pMwgU\վkS~U3SxXTX%}6dAkZfohw!#nt@XXF9*d+\uG'9#< xӕHwnG'I>oC%(4ʇ;7k(Panxǰ -nw&lQ &ڨj1p(EZ$cuIAPv:K;bS7O 8pQDpĮ-ol|h. &@s+C/!xv[5=`:<1ݭktaݞY2TbGքuPşwT +Ij'^Ǚ[Z+i^ir` il`T = mh xi |߂98ӛ /qn_\ ?uu"tMq&-fƱ xosC1t`4oB9;vBqxŢS5Q'$jvL@ ރey /#AxA@5le*nҬ.ѻDN9TyڅvUN_:pKǯ$eRRw =6 29|ab䰂6Ď.Ag7ZIn\ ?J3Y67 6Kun ]~& ֎ےχxs;B3j{ fvHꆶDMK6B1(ꆃEq<3_ȟqU_a}s/q]q@ H>`+Mwb;٬7a)I[8UbG{*% v$pY*5'46*~!DtęHKg}k 9٤9s*l._JA 0N7e?ss۠Cu\5hC{e,B[O7FaN9&:%Pz|/(VU%)_nWw5C#>y^qO3bxr;ZRS+3Sb"2exJo&Ä9Pqry4l>w(pc?(:̎y;@$L4HƷ؃6aͭ iU&AOITrc k.8d3W10Jx K7zI ƪDsQ&[n6ux#Hv(JgP'^"u5Ccƒs$Av ŗi7x(ZHC`֋G4ܬX=o}xba Ie %k773WG ,̓WZe+bhWigKH gCp;T{-O2 '1b|̆\ sS3(~Bz=EyPm^_4jYk}sUt2RaS?*<:n򌻾(H=B͉0>z`*cWM+otkRBͪ j]ޛRORdPJ803qoh"iل,4J:11 +:=~R(?=)/D=F$A{3ZR鍛Kgh.e3=d7遭lȅ7Lm3-UӈF\T&zI >=jnSNxxa*eLz(h@W>- AdH)\L/cc}e-:i6[\|a1m-òkస[/ bvr82gӕau2\8(4k_l<Fu )rIN t7T[FOG6clg'_E{P+bq[șQVzG$9::`}MEE&~ٷM;XKn"}VuqiI)C򹄇p1+5h0nAxQ#x:[1L’;]9W_m/ѯmH4>Ë3#.=jpWOJXt)h}c^{X_32uL cK[0P3Z^ɗ|AQ*'-̓ ^QYwwbk%\vnN摠1Bu#a\o-5k,bFyU0(S+YN+akgM 7_;VnΠ#

KgZ5܂g}Ym`EHK^dNJ SN ?}pr纹EKQ(eVAPԝBC 8;Gɳ->#^qw4^ q۲#Fxڟ|QXM]E~_3Ȓ~'| H2MkdxJ=D4iVB #W$˶/L\ZMRݩbi>j/E0^ˑS6)>DUU0B㍥2Qr_Q3u')̡ZHzٯ@Y5օK#=%ͤA)\:Je}Ho퇳ӈbBJ\'ȘCghv4RSJkNXI0]EzȌ~./{=ҳCE&N܊F䃊rOÂlKћr?*7p?U]^. PO$H^(3ԤC6 è Xv5Zh@f*AaUs韰gNCۮ$E]zn7=_xߠϾYn jQKfY~ }QŹnڰO.<;| `I]C= F0`t'靖S8W/iH74Mqɬߏ8Hy$.fdfx)G2gV.Mg=ZMZ9?-&Gɣ3]]ѥ8rgǗd^J\/cnȞ] Z^8|tZ i$h5][NLJQkUhB{fQM6%*4w!#bߠN,.m}.a >~;4S.>d3U,|i懗ZTEP(T=q8qyˆ}bu )c,-:~B2Rg?8%R+X0υpɤj-RJ[7ΌP 8 9NFU wG !FLšl1S*JW^j/zu"6MOEξ0 :r$)Ckc-@c,~3-krPЉ #oAUzDa橹⟶UF)S3Y|ݝzu(TC"JqIL~)\ viBd@Jxj)~FT'Hn<6]+"TVyD"c Y'C86]c?{n`<:ѲQLnv\*σ j}lك(=I9`>;HԇRW|&p)Y:A Phɶx95Q|C+,x>FI l"5 dGf/T_cD33JV êmAD%qRUvN&( ߶й VFIr>jd} L4qAH苓Ľ)ܩ0*O1)J&Ho 3Rq˽ \^n}p;g=GS8ւz44uџno`}IWsc]j)͇Հ~ufk06`WO^,^,5o`1Б0~d4~LMl*9V7i43Z@ 0Fda\+g[ױ6d2߹@TmЬuGp+O p(7F'qU|Ѽ~rjyJ?8M:rIg=ع96,J +=[ηg}. ݊\p}"ɞˉ_/E?Moo\E]|4NJzq+]pEbǵZ!dkY 4tCt]'ԉ)|Sc1()Wo:(I6Nː $;L\X;;yms0 +n+!!\F8/I >w %(u :9TzEC|t>8G:7vaHs/7$/ |&ǯ!Ͻ({>1W/*2p%von  >냥RzR6|(iTr#S~%\{uRs~5j*[S 21 b8"NFQ~%r;{-dxF\Oyr_c&hhJyh_.' pMyHeIALMT@x3&Jlel̋ T{X!gDRT$;>$F2W51PVE9 G^#q> IX\&iYx侘è|F_' -rI|cT޽Yb~BH e_M->E’hٚ@wo$aVkNV{37N`@s6D}FaH2]۷/Q rO^Uad*vKZi*ort7>(>:kMv٦ϷqùgI;g0&P i`UraC~^qU$1v;()-Ya@+7b 2f 7\( <!d[=chH zMF~%LpW mm;>u֬jkCZ[YjvػOgrg䫔6^_/6Ny6{˾5չv tI\,)S"SZ@c1_!:Yο\Պ6[kXmUFMC)5O S7MOЉgzld 2o`Z =$4 @֩k#j#iu1AYI4ղVϩ1F7+w 1/e"YNOm&a9[m$6AhGE$ GS^Оj@ԊشzzX)OMٓխ{wR3sm_]JV~ާ7΁\+T1a9X "i^lI5pO(q ts Xͬ{q|pKgIz$yHυ>_)qX8{ YjgוeRZ%?IA˺m5N1 ~T%m̳ =,bfhk S_ Қ.e#DrOj| d7޵VFEum-tܑ W$L=ˍZD-w-SUh,EaOxӁ9 ~'E9+Ø&$Woo )L65Gs{ )}` 2-=w qQ"1:Fm&J>{WCЎk>4^Hp[y.n>S uOYO0}5[~K CQA\gQ H$U GB"İw{~b('?a{= ?tFtz“ն^p#K簒LlUQKd~1_ H5\{%q{V0x@*4" gpXaUGZlSlPSER}v e0^nnzi rPQеF݌3kF4 !,jL[Um3Œ n\+fN6kPYIbĘmg(I c|;kP_p)e8?@nE( Z@b]d3!x*08I+QFgZ(z\;*F±Ojp@ ȖWۢHvC&!gYC[PD *i_c7$.U$O€&AB&~C]k؛S5S2Xq0Η:#qJfx ̡նo;W TrɻLѳulMiVڦr?f͹{\.A9cE2eR,>2(9|Y',c ,ytur!Τ~_8fKNecYۂ$=4j8OJ!fN1@DA:ń՚tνϫD`N]Ojl3piVUC@~/ y!ܨQʫ&1ecO:o%s"]kcȓ*fϐSW\Ru'pvvnJh }lm`֋R3gLYFY[+@l)rĚ,ԄolmM)Q  ī=dfz zfAqeLMff'Avn),L_  gVϣ g,1cøUˆZ(R0|{gzaU>ݷ$A/- i,կp^GmDQ{!nk((4U'wSNN m]?:wdexv1Bμgt4.bVJuw4Ѡ/KCZ;2=JA'/\*!q/7\xs2{^L6yf B fcJ3~L$~C/i 2 :1J#bpO|jSÝ~rYu]Q%ۆE_9 ffNbt+#2S3rӜԿ蟲^"ai,83ՏX;[um q󜍦6\*喹ԂYwC-oK 'y}1moXXEi IO1hi^clljfXQNt䩼:١ ֜X@D7K7Z0\t;ƵdW.WpOHPZ>WOomYlAkn2lQknÅ-`d ƾ.cpv ujۖmls 򲉭J.'۝( !޵F ֔DNc1Qn bhO`*k-UK[Z+rA+4f,rmC66-ndKh ' - 7jSsH;$A3堂SaJ̐w2p6uh#E0iOYba)d.3~V4=C5W0I/![Uwrp}xaV/I "kcQw@PeMyc4AW3P*D0#Ͳ¨xT/L9 D+,Zܿ3%9dWsHD]/W/뙱s1"8If}N۝`> O": NZ FdO8w*4kƐs.V*6%$3'>ꗶGt#}.LKo3b@w@D=RH-dMXf!\jf͒פ+y8ɺq{&5I?jlF ќ-UBӤjCu#BU3uW*3NH .KLʕR$`ul *Ȑ~ދzy'*Myb Gp.9!=ZϏ$6`$ Fz$2%09e)$+吹L tRI.m`[`OBZoBȉ7KnIAG _U% BsFb۰5&t yYln@I 1VxI`4rhj;ո_wš=Ipgg1hxuoLyB(5ufzM;óJ*w)#NdeIe KJxx6XV:XmJWs 7}Ո"G,"sry/-)7SľS^DYUxS؍YsĜt^Hlm2[k7`ЃpasLO4%]0Ȗ:@Jys~vRZ`h;=v⤽U&VVg ʅqmDp`a$1Yo%Il:aF_ғEKI3Tӡ|&KBDjיm-:`E$۶l i[otuxyK- KڂCˊ-e\x*iɹi3?sh^%I6y-8Uɯ3ul޿q>iB,&dRQ-?7>8#q-~`(l[~`1>#&^R)}W!lg37o! ]6kZvV쑜 Argl;ba %[Uj3&&'YJ4.q)8"5a%޸o\=Ld.<{B!ab_i PNdyLt.1EnSsuO w O1\ٳX&-nmخ{#}e/Z  9TUF$A*KHԪS NovE_og4't[GfSPcހY[`)o(E C~d!v#cݲOKiI8xENQ7(σgB_Q! rz7%]yU-%Ase?S8Ƭ=!|.ul_{UTp:;fbeG18%x/x#qg;Ȉ+~fO>e&\qj11,c &ځm^Æێ:ABZg:YPz72=|B$.e(CH/5a\p`iKKދz^dc*2wxQkY3 tpMr4uyC+)"aۭ3V#uB0sVZuЩE8nLɚ;s $|.J Mvr1},TG&fRM,F쐳`?8t23ىj{ޕ`ͤ#daWܒiAJd^ZGaTewh2[*舫SEhS6Z^?PtƱ.V/-G UW|}!O"7`|f=n(m^rjL\C,PKbhd>6גKϊX߾t8ZN. p~$CS3URW QʓZ@B'ɹWZ;;ة gS"9Y +Ԯ\n; UXv)<T.*H_=Z>k9{b@a&8W~ Ҩ]V|]Dp\ #Rfc͐q?@p5`Pqde_1&N#9eԺQ}[mO<(h`.R{=#1xؽIR! Ah-U<]dMA|s?wsrJxPqh۪iwp&=U\K\`abk [#*\./)8Pshr2Ihp+#} s, SXuݴ%)u-g:HvoeQ}b:x9C偭( A1nUm07j0aF2굥( !ޚ2phO'Pki:$ZEq&L@~ٳQ?6nK̵g$Sz;",ť2 {ɯASmTG8s,ɁIȻ\X]YOݔ8 y O@K_oQ/k%PBvJ  KN"wT$(E,Sp%cNɐ +lVkmSa¸y1K8<%$O V[Hd*غd PڹWzzR?HkƅFˡҭҽ!fטIYBseFG]shaPocٟC :]:\ X_Ύ%1+Z tpJQ溘uI  p3)Suq"q")h2FtүC;!- }>QiKƈ^U09@LҦ&@st4WbdQ6+ކ8,ơ!OJ>Lxf@8{?T_lpo.KTmD bR$Qs D# gWHr@C[RSqxI 5)vt urWTT*^ϔw8Ө]dc<  QcS=[(IPo.eV4߶HUIocS Wyhׂˡ1&!4t&دfWb_ΖhyQvAi (^w7& \GAt&݂J?vx/YǾ^B|aۜ,쨪*YO`jz`7w)xi ^3W! aR@7ϸ-T OD.0W3:Nw}+ NR(L}}q8rѰbF+'8ZP 3_I'+$h$8)lU%ocvW9m& `;KG 3"(RDd.)Yĩ+wS=aL'Y2FMcF6=k s[km.Uuc/h{ rxaKO x] f*C2m${jn$N8[ؐ]\F` BX@F9"`(-wm,Y \#b% zzqUWx7#d=tR7>"e w%7)(Ul8C%DI5:Ɩ'~1M}!zw_뷗6w  ϐ_?/;;aM6>8o,)ǖ9x>_ -ޚ%"vLFyY\؃ԱLRs&D Sk.,ɀD#L rb_m͌¸!lxVPPW-i0NJ!VJh#wcCP ~y"y =hⳐ%p(Zx 'onum+(5XLn> /6C'f[z]I܂'=g*9^ /O0)tQw(Bٰ1]P8׏𲑠Sp(/Rc=9\×eZ)/L45uϸ~kdYpni n}~?X:uOd#nv Q/ Dj%BJQDj{_0# B~hpI 0@1GbBxL 6qSKG syL66n ? m*f*k QQs%KtLpuzWS` f[!Yo@޻Q;\}lmsIhUk8u⽲vNhOLxmA~t<2[QTg"5xMXAs6)NLOSL$z1/; 9z[܉rx#7?͔zJCr2 ǢrgRf.2+uQ+lM崽*YȒzr_чapq4j ҬWFWIʶ6k|K?Eu6?оi4e1G"qSZ()ӞΏ5jî!#tM~ݗq J3z|}瀎@gyF.ih>i6A;]M԰=Uwܶ>>UV@|3kL6ިB ąv$u z귩"Gx&~?3!Ҥ!KA(EHU~=Xo*W>beu[`;(|poyXVvT^;K^h>֟m~ir.NELYHc<71lWMeM^-i)ɣ jӟ.2[u3)gn9@t0sCOAQ\j/œaI>ikK@m,NCtK Eu;;\R WU):/ ,u@  yKeˢ۵t YDž .r\xd?h0lVN5aMl籽'^Y_ 'rb`ay&49Y:}6*K`p;QY49s G4#~T[zU:!9U A+j4G;zLmaBYGNXB_){ q/!{cR+f4쑊fuթ_>WӦOOzWrorRXVJ˚YDNF|Uzװ_Xw01 6݃t0<[-Cq.tVegY*~ {/j᳷x"WH Q} Kl4ҟ0ƍPynםY~SrBU0@Dž!*hnfKni=V]o$ rlH5=-5޼HP7t S -R~gr3!|>Pp?4WMڸI36$oPպ3ծn, `\Vorō NZ*Y]*T;RMd [_h%mXaJ"P$֚޹a-G/k]xnC7.\."xΙJ)[H@?|YUV+$o fzC+i]o(IYcm1DAnۂ_/{\f8d)@U:Cg/ -3F67V-i ]Xgd@MX#d\ ]^y"dTDťL0a/ªb nfw&*x؄XF>Rݱlbo)V.,3Lu!TOASVXĽ)#I4BhЕ/"iaܣÞ4) Q5 xIjV/-d~蚠\_+=o'-δ`4ga N2G&O6jߙ 4EyvQ5g,_+h\gO cnVu[w\#Miښ7@4ɑC+WmKi[v=MxQP-C{ƨ.z>]R8Ϻg& bUȃc@`,tg'+R < =YHt\6cP={?1J{PǗ=O~ClI8dY:a7(a 刟HBey4 BE$NӀlhG萰aS[زpclw-pe pڿ{A.@6,l0`[=}c G-|M 9ܤ7];"@+/D8laȐ=o"-Ӿa!yf$UQu8 5phMC3xWg-$0]i]-2޳ Nfb{кՋv kn@zVF)7DɿUr@";{K %{PSCS v 4NVILMLik&OUUZd^H#ѕQqN?x2cN+AE\ޙuQ"ơq ۱LB]WCzi[wȇ7Y7-{*> ٔ\ǀ.IIJb5'O@" NF~k'=Iu+2m:΀ g2g4Gg&1甩w@nJ¥{tqSJԛBD%W e!`hUe1- 0BƐhC[DI jf(wU_cok7M1KZ8o#t a(^D$ne[]} U>u9_'<*aCGXGcs&"U$3KDԔ&ڋY^O;W)YMy-[!沙wDwZ/pz9r\vxsąسm7T3H6.ȦIv<&riӷRg^rh`?˓[R :  ͔#-MI;訋IeT&*4: Q7* 5Cm:&+>jD hhJ+G)#nP1TɋN-cګݯocY^ZP- X/+dr^݂3BѩSBF̦N|gD=ѫ !b+>,o_;p'`J@ \)(Up> g@=NQ'~N^l-s|'+-3M̰ BR"1x;^q{)GMdjB[d+iRg aS2ѸaR,bbZ5GN@Ļcb6BhMJ9F4kwo1rb)qvm€7pD~-H x?_>h&d [:A ρ%kvl@:Yf~hs {%϶G=j n:D]M3+A0懏$Ǿ/ƫG'71XsgN2\SK@BG4Rnn3 BH'!, J'b b$H6S 9nПİh 剛/5vBToDԎdRDYkTk3/SXʘr 6R.۷4Jp“"ޒi2"#?!uƄj'57m#H>|n^PT|„KLM{NegHK]$85Tɹwƃ9tX<@1IMT@$=勨,13 _>?Ƭ&VR{A~m7"|n\fd#4 B)0ńMZ͹_wyg9g> "+Τ8Yb[@Z' /rHc^a%=s|\x>,>4)oI=SARqmhм.M1W (jnjvy7A˼ɬT^j< !.UfT:?w (XO\_׀@nuy,`BLfY[OKr<P>ޔoDa9q՛ yVaˆ5f_BLOHUJ)R.,6F8V- o[-aO)1-JǩçUϋB~yOP@qMT ~z{9|>Eouei~cZ_M.>bVJ \ѾMq}4[VK^OQœ.TS\X#vh׊k?'0g*\SHe'>8|aomƹy`=d)PNX~-bl卮R뿤oSrK/X'@bmQ{t͝B@D8ZS:#UΊKN{:Xk?E4Xy3~s ֞Jn6U&6T 2 4:r,$C00Sc6\m~%%&x@v0{ዑ0ˤ}7QA3zzj*#VS_cc(4[91x6'%zv}ZUO {'u+]6A+nAvUOr tAO4J+(O0v2g@is`Y/ TA Yi%V?-5]AG 0m?N ;WƐ(F䨁ljM8 .tİIBn;Pb\1Zc-EN#먏y?cyjʦcuu%FS&k7o/tw͹U0GMm(whT>wA>2#-}֕v!3|͉E Tu):㿜mȍ&jL]ě/=5תTNU 8ԍŊ F?mWߵ<61O=,A^V[i';9K2m+2p ۲`FZa0w(vk'ZT .sNIZPc*io}j"S"y|ʘN󏤇|K2ٝ9d7Y^ g{꓎ضy Ŏܘ>"7J,\?ׇbf}e' GS(jE'7aa Iе*bΕ騃ޅe92B鄨 :{Vg+vB;"F|\zv,вz=pq)l=ގڶ !p%pS+XVl FMgu!W'P% (]m(k&tM*,?VHjp!93/wVf)Ӫw'aä#S[Ԥȭ5wl_NZ#[ග(ٷo+4o*; J@5jD-!G5k[.Cnx8lSE DȮu'GQTћ ][TyNJ|nC.I^[P,Ff͚#9S[R&/Vwu;DDJm=:1)yZ9%UzxPSEe艚PޔŒxԵeE @i180m"Qh"{mh^> %~Qv™:$vV1J®)R]t m@[f}أ&Աaf}˥d@ ,Z2"h,I?t#44jgc{#Z@p筳H+}|d-|wpA&a5(*jhs` RZIŠGb.-|~n[6AĬ.MOhNZlܧ"_@ R|ZtM{6E@O

nf)F77$ =70#P'9aI {K.1륭@\^CC &1VO;QFe@l=rAGGBEG87s{K?-P1 O- HٸC4KxWDe (X,߼=b[Pb{ngʊWGC!7?V,% -@gz/g)&&-m{:|e11 0F R%݄ɥSY|;[wQfL?NhZ(UkB=?x;8Eą(ϣe"S?85sYbelN{ EA\ oHvՁ ˔AȍNn_X8KBntfc9q%㉕+v7 QDP yiQ\z՝5>TBT̢q.lZ'*ҵ͇$FWg?%X?;!|kVło 麂#eyTAK ZTXf"&%*uL&y<䂖]9AL+Ih'3$D@-jb}ScTNvs"O<=8ŋo #d<ˈ\H6!%+d] iB 1!V̥;m9 :A|$=ŷB&UWQWaSWf]A((ɝh(P01S:' Lc3i \1#w1Q: "`|- _#$c8YP';MdguВc@"|[_;93]!j$\EJjC/ՁJ/a/ȸ!|ug 8Q3 qzFK[Ƥ$։^ryOybRZ Xv06peFE6b^W6qfy`\Q%r {E.=NlF_>]H U̎Q4dcNˠEOTĤAӝM= Q\ Vlz5Y .&lr?U}N_1zzVP.!JfVL(Wh'qN#{3ׯSzWDpγ{?+ν˳c؇˜ӯiDG 0)Ս6 D6PnW{BXe99hao=%AoCVjo`_ B4%=߻-J)3jēȩ!y*Sof_Q,9Z^CPD?M !jKV(o8B*Wё/OIlj'd).!ף|rR^ՀL:l|^׽WpY^F왈!7>͈t,ꆞ(2Vl$ V|W%O͚{w3VJdx,߱!~V7G( -r~o )zb85kGS5X#xxj7"d]$AOgdMt(s sӤr=uSkJ5 m.#LYI`𦤯l xtP"<7>y61YD LsE)nXp&45a矿ϜznQQg@qҕ@hQJՒ@e MtKd cmc`h۰=1Ϫ_dF 3'>Tt1>88w|c .bb4JUM}/0y)7|kr8GMzGff930xj:vRc8"Mݐd^{=GwN3ZqZCoyΒ9A/~VRbo#lZ#%Y򡟉@}w;Ky#.fVLhu[>{1gK[o]|&SKN#*5|t#>\|^;T&14heb_ y 7d0R [&)˲!!Bf#In˝&ZMٶQ_>zhΘ8 8[\&,8ڙj˗Dkn ixqCwaYHY=@aK(f`s%[puR%Vbnv=ZcS<: , 6PfD.")˗yXc<};n8Bh+;2FR\4"IK8ڬYZZ-Zzh/Խ_WЫxғGoSRuձ>6ȣacHo7N‡33(j|tY/bF{`) 6nqn:,(w6b$BB̒o2c`Gu'1~BKyX*1qf.rwxw.oGx/>ߚêt2>>4Dc=\P8^=^ĮE^Q/NSͿr} ;f.+9F]2a$[,$ft(JzA~# B E- |Law!C×Q0F{LTI+a{=Oۼ(MI\7K>n}A郆-mL7M xwMUz6ETφ]~4>YrTvG^ '州Xۤ sn}N%& = M±׮DШb,z"& [*@-qGo%숽U"t=/ A3l0>MuCw^֜Ծ^ .vW4ÄD#aMspRj^-XC'5 !uz![pj. Pv {X캢UNB2[U#DmfhH& prؼr-٨N5d{܋W 1>.-C}fi=f.l2H1!S?/Ud( X3j|0P[ý;MysEC 2],@=Y{FAgSeNpguMYRH$kb28|L*$8wwr#^P7:c)jd;/MK3s ]#pT=ږF΍ '$ȢtX%GFJ۳B[s2a9VA[h#@x,!{Ml؛{@yAemPq,AJ)c{ %H "Cp?!oye&Obйy]Mkjvܡ1$ RKFfNZ6{;{q/Ѹ[u8y rWa.nAysߗK7d{NX$xiݧ|\∖k nAa&HB3f2ʾ@`ssV 1ft)SlWF (jf`đ*oFGX4:^ZC0 6^ܐJ5zs[6TK?wEthҬ[[e>3*}{䐏[B@Ilj"@@B~; VOPjV!yB0zH%D* *,rƦG?Żo&, $7/<Ewj U5eOͥUU:k5*rI^(IL7LB@‚ MӤR(TSww:+Ie%DC׏pd;d> P.n5)Y?Z.OH Ѳ*VyT(-BfE'{ iх uJvsFɴ(7ɉӓsc]"qdcDHQPWo!sMUCDٜ|\IvAJl%Nx 7B3BT.5>CSO3:-[`މteGDxн v(@<$QYW*V}+9A՟j%?y $[pvڎ,B>]\9 4NHO]!G ": –^!O>rfEƁS7b ݪ+Yu_?1ʐ Ld [5dJAy,KtJec:Chq%lUi1MqߘqO)s >gSY3[bѫi=^Zy'C7R퇣X+|KAݫxVZ J>1z!He:XK7Rd@DzD[]O\ ^;xjQiz1C8*Ԣ';+ 80m;"E~2h} wuHx m"Wqk)*V5{be[\371l[C_zWE+ɮ*?F O~%d3=sGCRGۀ8*"P]{hJ(d.kyjH*ɪFUqmF>h@ -Bx+Ӈg6\!KztrmFԨj: ٍEF?ʻ$=AP2Չ={&>הxPfΟoE;^OOj6Zv$]"؛AT:Vv-}uy՝^[in@wBpl3b`r9𞄻fk?5{oS#ْTK:>.ߣ-ɕYPX:k&61d^3i>vbV4斸F Temp1Iè܀x*N,xmmjsJըI D ѫUT(?;R4y Tc;W<.*?(KF윚G;$fq+]:\⥃t"n4BQԒO2DXsތF8%eSs彜 pE|_*$-ˬz7v6߷SxϮ[Ɲ҇BL&1۝rlIep+!H6'G`h1`@ "- ʰs~R;"X뀟5^òDB;SaU#O9լ(YȚvu^cFǯ L"5LjU/3--!cN ѵ.~m=Ob˦Z_낌X,DĠh =6>J5 Ĩ,4Y{gÊk4,ǹ*yX5Ц;dxϛlԊjtAo: =27eS\˩  CH:M_)-OЇe`C 0/Fq-}ڍ8-/'oUq]ÐtDF0"ձ:hDG\ɕl޻(:7@FK[黁o2}ZjNd r`YN|jq@Rq1knbR mV27=K.ށfF],00QyK s:#z=ȴ+b #Mf<*mRےw0Rw+@J lv-\>JDsݽEyi[X—k!D`UUJa-@q=˼;+h-Z4P1FM E[ h{kK%wﱠ^2bj|k+ @Sy" 8"HմJ: -,XbaRGWL狓lΌ[Ll ǦI\!] FC]uk}eiVzuM3R $ rZ3FV:0=!R=^.Kpgu쵧_+GL<>mRGU%Kkp$[þx2N--E$&=Hx]fh0$[?AGi4/y3*z5*0P.o0((1$&"1W^e>ejP=EYdr=0wB t9gX8}HiǠ;#y…wvo1 -_m $.Zf̷ s<׸u3$Ю|[/B9@TN$P%$Npg,0%Q&sM22c !Hdp[ێ@$4[6$1@{ ߻V/ *=_B' D%skZpRU" ?avLd }I[/?HF+/ځW`Գͱ ({ r{y"_dRD>'bc4$LdFw81e"galQE|M%^^oM `ó8: {H.8X+H>[3Qh3򰇒P?h/al/wX3ӑp]S qkCA>ݨ;J<{DjOD2V[C#} )1Vfy)6,4]OSዄx}ҽK`-m9N-PaCzyU@Rp >K뿺_=-UVw=;^7l9Wz' Y?Oh/cM]XK,R eDTa֓O9 ?M@ZANs܍oF.O[2zO/+3Tp@mYwRf8!2=*!\hfhzΟ0bIT}6] $ցbϋ@gFOEc~og`e1,xdY&n*tpt8- +M e 熰#߹ S~ -\dY-Jb 0W\oӴJ*4㑬xd#i GXNLBzRps [?(bl! ӝ VMt5r QKc&Yla~῰Z\1橥(; < GlhB|p/ob#!xa84*w X(a t3~7uߛofA;cR.8@zp)m}"z~ Qa?'$a(ͫpUc.KX_ 䳓י* LHџRM}=]8;߮i1W4T"ҹ܁ԐV7$@4naGd AGT9<79o3U효C*څ:l+%V#E~k܈ͪ$%K4~jwFXiћSPypn4悄] A]~35(g\ o7qheL^a`.XU=&#uD0د͏†+ AJUa!$6q }ea`\[9e\i oþ\q!R 8=_,ZiHf(6tH;BY=m 4;KaD @);LJ*OC,Kh o\v5͞뇖++U%31$uu˲tTͣI:LI͢Em스 C`N/ FX@妺~1u`O,CQ$YЙN [<0:fc^ ^ǴbZA#PuldHߥTuY=cڔ, ~bʸܽي5[>g{ wz2ΜY0vdmj|9}MW[l~Qԉ&Sv<4S`&>X } )sE|3LEB5{\AyVm68uiMqiUŽ~ nvبH R I2(Xتd|:4LWH^ tp>^iSA*^U, r-]Wn>a!:78$U'$V Q rxTRX$wVڄ|f0ǡϢ|b@0mVT.Ci !h/@gg Nɤz!X6`MZ2#}LeBL``)׼7>i(>|3.pש~#n?$N6D\4Yr'aԦr/-)~4!_MZ#h8_YcG~tځ^rk`u!Rj 4`$"*_mwԈ>ZP@R5cW2{S{ Q|Xa0m(ˀ1ݫ e\&fFli!| ,);-5҃X}ۻ w XQ8Ql݉a/K0-X++Z!D,q:N+"M%M ZxK _@&Wh(;׬^ISk e]ƍBknd6ky3Қ :_YỌG@ ]ٓp{ 2ZCw<G7*r34i8wEl$q}^2penڅ} <DMPRFfÏ^q&8;4~JŁ m'(bB\VdQ=Y ѾosQǘ7OU!Ɓ4e/33dk> X mg]Iy.pE/a6e'9F(,Gsw!$& ,Ynd?fTx'eSPpg i;"2 w(Ԋelf"v/;Eaz:A4*GW 6j0-% uQX.j 0x&ykBt:puԖO.Z;&C2 |-UrZܯ*}zcb+ȶOH c[ rGL;Ct)N>uo MV}*M#L o&N7Vc*~CnǙY/xŢ `ylfyW`tvS斷TǕdhͭdbG뻞ICGNQ/bmtV[rйp*P5r[?P-$opT"_ߕO%N)c#M>eB㊄ < uw$$R,^Z 6KD''!_ҰZL~w'CVaƿOR`#V J*\_,"|={w x̑[$8lAC|c \8 703U +rZkFrnFV^Z1ϦL+i4GG螋dR&l&0MV2MдN=d {LCKH:/[=ڊ#N|˙Z{knB6'bE:,25 lߠ0-teSP]<'g R~x#Qvbw+R2kcbRM u1X+p(HՋyd.7Y0- TX_N`G bTlvVVo*#EɲɄ21=``_D!H*BoE|tY]s^ xƦ2 gId鲆:.՘_Í%mbLɇ(Je%.# ѹClOE!` @V2{J<0virF<5lotd/N{lhBY F:RD]P~h&pٽ?rkZQ}*1fYdkQz9q񴕡FRϗ NXrlT[L2mK@ߵL'"QCDz=zN#LRE<d[9yLZ7E ǽ2.H^K5(s̵[4S^IǞAvr]_0x \]zd3E $_\n^!\~Q`=?Io9 瞍̓_Rl{>ɪ!m 71Xc8#/I4C%ub\hlQC|Hx֖zw2?\?+]X N:}ԙx\#6ݟCC݋DkCumD meկ;[b= ]2K;L+2ȹ,qnGnQ6`VHP^ _ݣP!3HZ\Dx_zB6ަ[4C~eF%\#v0ZBv= zMn"I|iz`31g(Bv\E'ӝ.z+e"w.͵wZ=h&7M ْs4إrX.HE 28)..&JF@z{Gٯϰ-&B]ᘯ*c_ i{0\CWpcO+oaᇉg32fzL"23KIzfً=2V ŝEJ1 qV}z,T>%Z3v ,q =8G nGjKIJ5Է.Jl}T%9mq+&.L" si@-xPwm_^ຸrUXI:Ej + l3ܯwc$e?7j.P*3qp7$(Ŀj&c}-4=S-2;_T` 5s@H$fzfwuV?m쑾T /'֘ G^q"0K ߏ]q)1+Y#iȷoާ4ǩ0Y_Y;enYr`v.oz=4ا&Tu3"u:^u_U׎ :;i4EmΖBulJm K"| ZT}7 Q)wVMjnŹ)[7xɮH#K5UsC,Wo_h:3+Rɫ$NΛKaz<#ǍK|mc̾_(%Zk*WoRFNʋ xv~h%`kaSFw M(j}߻PcGg!Hoo~fIY,+:Aj| w0R͋Է61ڝ#x;л[]&Z#l mc-\,3}[]vVZ]_4 ,e}+rz^h)mJ^޲e{٭i> )V=2 8`Ӷyr)>کB1ŞGz]E~Y7R+ñ1>Rd4兜HCh~D6k1B@@P{ EN9]*2A +V_PrEc+>\|Z4{dJ+/m[ E颩?4pCWqt2'ރӉqĎsSns!2RW 24c0op b\@%6fxv696p٥ud`Ba" xaUA@7V!=\pP ,yJdž&l Na`F ?_JQ%(tewhgє#"/~b }i C.NQ\| |Lf=6+JrC^1 T]ꀞ"4E#j)A;Ny=^Ɇ[XĿP'qBWJjQYэ ' \ُ 2 EXC!+qK&, ˵sAUfMQSIuݑΦKt6ٱj}^FM_WQ[ 0z:|0}S@_oQw3U/}ϧ/, IۉJ2F0mN7QiA[V,zvVCS1OjeL>7D۬}Y,gu+p_64BXZHk7XoʜF|3KeNNO謥}l;4&'0zCk "_hG`ސZIZy"j\YM]G~ ŒamUB=_:zX¸=0Ns,Z~O4XfW=CȨ-No~z4v|d+ @oxUQ@,:l(ϼY@$k8'qF*TؿPwI{r1S5q43JK ;6Ipf F@#؛2ma!%ΐr5j.%w_c2(B{B$O_FN]7 \lv3z7AEtQۇ g4xg82 ׿Z bD :2ǎ7nak'MM"ӓ|xVc >\63yqgʶd,4CyqdӢL%kZ1(X}+׏@nuuX|ܦ8#LIF9y^; _ߜDqc:W^]Y2 `EYڲ¹9=:9ه}Td1*.Tb^,56lTqw] ɃO'z*Ŀ>Q!Z"e.gŘsiugiCJ8vy/i*hW--Q`76=~4X,)r.^0?9zP6NU-ZY6ٿpIR&r!;;.~ d%i6y5CcRmic7cĺq$Rt0)2G"OQE;@I72LL~H,X4]>2XjKkAn7Juyi~;sܾ j5S"Y "=(faOvZ#"@FP׾1f0r-mTa^KzsUN%Kt=TwEؕj+JHu#dӸM.QVr@;.BVN H#En0HBjГmL|حb$Xi/2vjmq!(;*l tz6F_]%%(խڌ0`5A.Dw9C :׀[-ԥUdc'NgFV?]'4  -,ҝ^1hs7}|YќUr=SC;!6GWg2zN +1Î ZZ=:^y`ZYeESEܷa1D5Ϫ\O 'U OHIK#\nDFt(<|bJ$fL ȸ׮= wvxQZ8ǯ_iL^DŽdz7'.3m5$(>i2pw#!jdнpk:|/p"k֡$ul>,lPmRX V)9B^a#XN'~zl`\(kNSu2_3xŒ8ؼT+ǟląPP(p3=_i8p×jtHUR=)rA8m{R0 )4j&9,L"q-/,j^g!ٯF?yFˍRffC| K^EhOd*:ws%eQ?ɽw['Z~#}~+ S uϷЪgR8"|) qy0u3$G8 jڜH!;n2-)M3?st(}r34`܌7ĆA}4,|Ŋ-Bfx"J%gao na۵C$ SQ^bPNV6 6 Grq`i03Q`i@.NTv1g,"DžesP_euy//Пxt0x8Zr[F~DƾC; ljǺ.XG3$W%y'JM}NJ<:{18J,@[j%"JrTH%q%cmZdMɗl1>cLn)){te.wZ3&nU¶R)N+t{7M!pbAV`@O6ޏpΚ kO[KkXD%37,jh& q1pHI TZOrhR̫S٩ X EMЉY-ģUl󉕦p^抆KSslJ1/=fJqȞJsrӯ2\"Y*5F:"#ul -s R;ի(HQdrȵbn;NE e!6j_'=PUH,uWo9'>jVC8jr[+)pTe#`UhNGfc<3輞ib%@( 5?pPn3:g}g¼Wim{Ń-}`6 WĠgܥ>0:f.3`LI?`'-#XD4]4pwf2}}0߽`XHrwBs Å,Tk+8x'e.s2]B4Hu8Z}qOC \ņƴ)'!UsÈ~]%jAbs>4ӆ(o!g4LP9aʨOdc2[GW]&@N|tw-BzΏ=,tH¸v*qφ\ ǒnS}O!3*#$mo€ESɹ˥Gu׽+iy}.$Vi .ߨlm l2z j]MZku!tƉγDieV2uUy| "}Km CϥucA1*F^< !BSDK-̳џRq[Z@P1v)d^d9J7tI@ֳ]/k( ekJ? ;=hڂp0r6F4TSZz<[?oҔs[&fdIKrWIbL;p5^mK r1yaKc ̲# ~L[h?fAkz1 7^AqQgE ϺOPϻ$x:{*],/fs#@B$.Ǣa 3J ~7Z:]I*Ҍ/ƔH(0m?-ib{hOSBVv+шfrU*`at9y~0%Lg]DsrHfX}β# yB8\ U5j;]$]R3̇ʖV@$GW q²QN61[faD[9$_ 뇫I7 _nֿ{UlĬ;- ~߭!mx0۱fKʥI& 69MǠ]'n :­ŗ1tY78S2QI:\4 };KϷ67ڥVrKFj&@,נv  [ 3'jI`xhdT&w߾͈)Qi;Ocw1!r&^E8Ȱ`Z L)<,B!yŷ`z篂PwkޝO1jXđcD0(rDm edlQ#N={4gNnY6I^J=hSSj/c DO[NOv藼?F% -m%m#sBM a F8N8těyhMke 4b=BH9xǩQ[|OL3Y5 &[ K*'hڨ3xu=f:H\HE4_>eȫ.Y` © __6:0W¡~=(dg7%A a-u26H+% 5a9"Ķ8zbtWx12}W-w/3mZ# ~4Z_Ajq/Afo: }i?MBL*2hLVW"wQҔ8xmME\2W%*Xk,jlx==^Zr82wWn\`~GXNUg)w9c(,xޞ 'O^z~-[}~BtE(f\"sc0Aƨ},!Avi6:\x(Cnʌ~ڊU2߂w)u}8U7U=׷bLVgY^1j+Ε'ͼ(e*wTE 5FN$ᯞg/PpŜ Y/ܨ\ٽxBRrkwEf"OB\fn;Pd%q7\h3MllW*xlT Tc)9X6R"β":y 19p{w6dfN.c;m6l<52x,8ċI'"KP!vCYI͌9J,>e27P$p˥]v^aen !.5YUN [n4 ;MġH ݆@|N muy*'7/L+vB)T2/HYXRRkTI :jr3jT a3zr^2L??p W0[Bx"Ћvy`,.c|kYXjq ~$JuB#~$'';7UWXJ9d¶u74գ,a Ss$C;K]ЪA]?~F/cYpiP} VtA& ̟KFƖVU%)=p 蕢z*tP=A$- : ̳%π L nsR/Q|euoNZ{PqkZ= Wx8=oGIqŭ& ~z?탴hW0?c))ֱ+T@/nSp.wQw _nT$NzA,Ȳjl>2Q~3Qj/&5>7',LCaJ&<q~]Ah h:U)>j9]<[F!M8u5=3eٜ76,_g :eY@EW8"Z4>8zગ`OQ%!b gQ-c6RKՓe\jA l!^B8Ә`AU*}ڷr{Cj q| AԄ[?dp˰o6p$8Px25RM>.)rd꫎ԶKW4Xq܆|ѧaIF7qת$,6s܁\ͷn <+Cqz1E@DV{[Ϛy-MED.UXV,,j7(B=sLn#&2*HqRG}}z v`,>r'M۴+Ƨ$Xt07R톏7I 2z/<6Y|D"cdYWzVh}')=0QBY2dx:is2g6N}YBc-_ ~t٧Xq~Awu`4m "搫 Gt{|ǣP{,cYSA'8M$t(='uMFMxc. &431ݔt7+ͪzsSrۉQx?Tȅo8=r!z^醩[}5tni0ϼ2*u}pRr4}Vk-Y `f?|g'64W׬ QwY p3 C*zHIlTCU2Ϣ$*ִpdU7eu웜Vly3:iryYyᷲEbor}8U_OT3>1jm36 1Cu#Uk%P~\̑A'.6iK3~Nv];*z3PHګ݁pQ-]k!>15Ռ Z,w9w8 6:t#+io+`R1iOB%OsіXѢ64K0Vؐ4:\^ؤ~>v`«۷ÊJ-I}8fb[-cz]h JZ> 5tV-^tRN&xW+oqƻ l վajT2mr%5C\{wߘS[AVaSg69#;38,y#[/zr G e0L܃{G5F[O5h9KN޽ln/`ޤ?,%ȋЌع.'=ǒ{c<J$ɿcH {'UoN{ +8p֔^&\GJXġ@J IF fmD5/]( 㞳  9PbV ,!mwゖCτʲKw댆V.84輾 #q\/pDO v*< diBd\Ȍy>2bm~t捺"Vc7E:Z=lٖ * uXwA花r6%0+5% FvU%!d%.n ; )#/=UQtʍXxYbih1jFXT8e]R <',jX_Uf{UqTkIp2VvgMR  /1?n*dTl:*0lY &MBv\KXϯ~}V!jKr}vS $}90{=:w/&[=19@% )Je8XPUYnHAaSWgm0~~KU`W"2:$\O#f9,D-=lJ 2低0?"Qj)nͽo]}Ǘ /5/erV~">-;!`~זzVv:&=7G=P{cn:+=ʁ:=7)Lh85nc琬$aѨO`)}"/[ E_,shIu|5hX3m:qFb ϼVCgF삭$ԶGn (1 ,- 9E6{_ qjAA} T6'" SP}ܶ&M}ҏW:ݎ"qjZDε]M~UQP)㕵ֶm[|dҰ>Og unҽdT9qKj[!u $) =jj.YXleĜXbLM* ~=P]X~>O* f YZ