sssd-ldap-2.9.3-2.el8 >  He[U U]d9[ 27ӭK^\B ~+HP=kZy!l9.9숃`Uyzίr&T.\gg:=75nizsӲ8="6 +>jࡑI-Ij;}хVg[oCxb7|y@NqBji)c |ufU.9R6P2 *pCn(;LDޮkWg"my?VVg*ۻΦ\⭶Z?pŊj>|U]Yn:y-:T50\XvoƇ"Vp} iᴉK~ /Mg|]-wtȴ*D]e4a>)%'fMfJqo)6ax֗,<ɳol+,B/.4`Y8(r'cBHڥ+`UN43e5ba482a27e16af7a31883a44659411f27aa485157e1e76e81880c1b62ed35ca110ffde8bb92f5e051a7282b02285981a237330302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb50067306502307d843387bca8bc3f3aa4335d5541f7a0736cb7c68b2fc5d60a132823ff4bfbd83f20cda63b1396ff8517f23d9bd111f5023100a888ccb6235fe189ee972583d31c26ee18ea65772ce14b0c5b9715780dd20d780a1cd18ad0a7d263396bab88a6c005850302047c435bb50067306502306e2b1a7a5c184c479b450a5fae9c3d2f6782992d38b40381bcbf6f003be05577de74f9734aa642a66067806c65616ba1023100c81eeefad3e98b6f4d0fcd09038e7ff5b3fb95d0a0e8995796855d64e9a9823df94e267d09047f961850b77d9e933ac40302047c435bb5006730650230304efb3685479d3c0b9b3c5b56585fd00205df6c94a7c721eea1678011d4622074fdfbd1ef290d4192fbf1db6f02b5d9023100f5720c01bb887b750482e05a432405ea3dcfd32bc0e4bd029d7781fb313400331af2092c7a3a6581edbba195bf0358d70302047c435bb50067306502307534b2d5a8106de2bdff101c3a9afe29245259a06c4bd9bf1dcf2e85c7fffff349a72819135e57ca154c72fca410216e023100aa60554189a090364155c2be7830749ac88fb967d9baab8b46dbefd02e09cbc13221856a37e586229d639fe9d8e460860302047c435bb500683066023100d4d30280c76001548ef5ea787c36db0799a2505ced68d25aeb2f7bc455d8d39e69b4ed5c22ac691a5b7e4376d84794a3023100b176ba384c1f087f12484afe4a6ec4442eadd2147ab99823e3b0ca7eb5bac91a6c4b04e80d6544400bf0d1c59716cdb80302047c435bb500683066023100dd46083048053b3a04ece842a4f2764df6ca83c9d5925229a11d6334bf7dd8153a1e16943ab09cb1b63ad45ce38d2f08023100f538af5815bafed4492542b9b4f51357ece4b07ff6f042576ed09e0c4cb7abf00b42c36a8d4f080f8b6541e1f3f270b80302047c435bb500663064023049b76feb2e68f5a4b511e5b67c5d13ec53970549d65eccfdb4e450db854d7d343b47d529d0af4d3aa59b01396062e1c902303177bd6e945874b9873aab57fce1d8a4957b47daeed4c75529481a2778e55966253c84bfa9413d53aab562799eff58ab0302047c435bb500673065023035e3ea004c2ee39e01250a856ef32d85c39738dda2b4b4b90be63c74c0dad473f3c91a53a80a08f7c8af7aaf410c6fb7023100f1081aae386b36c8e89c145d43eb3fed17bc54cb1ef84790319d492b8bb2a930ad59a7e0ae4f77c74a97ffe289a007540302047c435bb500673065023038e9b1d0c40f279167e722210bfb6d827161000c58785df4e54d0919f822712cbf8697b245560765485ff0b6fe74f5c4023100ec042ee4fba7478363d93ab8a53293f4533fb9d5d9fa93d17dcc0eae303c2db93ccd95a8efdfb7b12dde481f3a57fea10302047c435bb500683066023100e8263b6fb9de340533c8a9a4d6fa3960a7785418a74eaa6ce00bf55de5416ec1a3ad12c385782cf2cc1d7e06b1abc4b30231008a80831789fac3d186ebab4665a100e7d49c2bcb0c826715cb09f35baefe90e5b05c3cd44863d1547a25baad4b8de6ea0302047c435bb500673065023040242313251e8f0b6d2b43483f50079eebf16f4a7dd0f095b6684862bd1175157e3cd6f012317215f01c12213820983d023100f5957c76bf9b541523a1b907d9ab249616b22469665313eb549da251a7fa5a7827454f5367ff0688e1570094a7c277a20302047c435bb50067306502304431883943ec3293ef4bde43d9f795e84a6fdcaa9b45ecf72ed2b0cb62a147565b1c3630df6fa3c278dc94f840eff9c30231009ad124c67c62052bb70d1925d9aec342d974fe32b653de071b5a5bc482b8712d030711dbc9496950de94dc006e20a2b00302047c435bb500663064023079e478298f3c21ea8c45d185f9632539400deb6120d69062602b6a2656f1bbc24e2275b49c78ff0196a638a94f0e847e02303fab9e02bab3ad0f58017ba301fcbb23445c5cdf418ae169570f747cb444b3f1a1f6c16dad2e5498c4d2c17dd5b84434δe[U U]Q}겠槠A@!Fئw]vE{pkC#i:Wⷪ|(FAY25lZn߮ I9Q2@^q@kKn4]Ѯ[9t{hG5GDb'2Ǩ/LU~7J^tV>G<%l{z*[B ̘*O"U#={L|;/yAX!-QŗvmܧVEݵBz/g58)rgKcCFQ9' {|ƉSV:p.ڇ.uËkM !*ORϐ\)ŭ^u(Hc+0=PJu-g=Ank>*X$ ŃY٥Gw;-W'^a[EO!.F)0+6}?++E$H K (-|d xgK[6pwݕ@ 1>xP>̒6q Tpg=jaJbb7Hb}ZN>`?d?Td   6 17@     L,H.t. . T X ]( l8 t9<:fJGLHIXY\]T^v bedefltuvXwx(yh'PCsssd-ldap2.9.32.el8The LDAP back end of the SSSDProvides the LDAP back end that the SSSD can utilize to fetch identity data from and authenticate against an LDAP server.eRfx86-04.stream.rdu2.redhat.comśCentOSCentOSGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxx86_64)_KIs?-(VC2YAAA큤eRfeRfeRfeRfeRfeReRfeRfeRfeRfeRfeRfeRfeRfeRfeRf07983cae770b45076d4a6f24635eebd7dd705b3c3fe466d8c7452b732eb914798ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903ece1f06be42d51fdc7a9f5be812f629cb277e859ce1624399f921802bc732634430e60b9f18dde1c5ba6483b920319929a91f3bedee082d2b808c7e408ce18170a1293eeea7622a3b07d608dbac804a683f46641d451306a95233dcc2b862eae8d67d58c89757df11c40b80e2db7a74657aa9ebc13061a61d4caa2a56a5f262ea6136bb689c912bf2cb40e09c824271fe414f78c1ec17388f068a70bab85ff292c4bd00fca949585212db1ff88d397c05a68c8d19c86d113b534b736b526f3a844c92f9edf2e9e9427ff47cb733d1b5df0e0d7d282c98222940d92802c21c0f36c8910aa723951d35c717e74604715ded803385356518d823458f408a8dcbc490454b608881a5a8e96ffe30f95e8df85ed44a8fa0c4c616141e786a6d09622278f908a05ec3727e8842157f94cccab9b7af40085a8c22ef06aacb47361dce13f../../../../usr/lib64/sssd/libsss_ldap.sorootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.3-2.el8.src.rpmlibsss_ldap.so()(64bit)sssd-ldapsssd-ldap(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @libbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.4()(64bit)libcom_err.so.2()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libini_config.so.5()(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.2()(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_certmaplibsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libunistring.so.2()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-commonsssd-krb5-common2.9.3-2.el82.9.3-2.el83.0.4-14.6.0-14.0-15.2-12.9.3-2.el82.9.3-2.el8sssd1.10.0-8.beta24.14.3eReRd@dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.3-2Alexey Tikhonov - 2.9.3-1Alexey Tikhonov - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-14070 - sssd-2.9.2-1.el8 breaks smart card authentication - Resolves: RHEL-3665 - Unexplainable error "Unable to find primary gid [2]: No such file or directory" when SSSD performs lookup for an AD user- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code) esesrurusvsvukuk2.9.3-2.el82.9.3-2.el8 .build-ideaf890f45b405dd7679baa5339d600a91ff10d14libsss_ldap.sosssd-ldapCOPYINGsssd-ldap-attributes.5.gzsssd-ldap.5.gzsssd-ldap-attributes.5.gzsssd-ldap.5.gzsssd-ldap-attributes.5.gzsssd-ldap.5.gzsssd-ldap-attributes.5.gzsssd-ldap.5.gzsssd-ldap-attributes.5.gzsssd-ldap.5.gz/usr/lib//usr/lib/.build-id//usr/lib/.build-id/ea//usr/lib64/sssd//usr/share/licenses//usr/share/licenses/sssd-ldap//usr/share/man/es/man5//usr/share/man/man5//usr/share/man/ru/man5//usr/share/man/sv/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2x86_64-redhat-linux-gnudirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=eaf890f45b405dd7679baa5339d600a91ff10d14, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)'PR"R%RRRR RRRRR R R RRRRRRRR#R&RR RRRRRRRR$R!RRR RR*utf-86531b446bed6c36cd1b8530400b0b5fae7d67284585724e8e37358c235dedb3c?7zXZ !#,}] b2u jӫ`(y/k(&*|} !AiMy f_DmouEVeX-e O eФhP$ou+x$06z\.]@F5-&Iv1ӮFtR,uD?[V;5%E7ГЬI.pj%) _>O8*EM0 2cca; Y!]A%lo,aK0Fވ4<B&eWHVh-;ݮu}k.|deV:Nᴨ0j&d* O4 lr7d, C1U4Npp gؿ 10#[AiC ㍙V-K=zVo5K|C$=Zq7uLTo479IQP6)^q?Eo/ ;- Ƙ/s@ҹ ND6_nc_]u_f^T){,E0ޱXsj[9K222$w:5&s. i%Ů|ežd9c{`f՟(j(ވv3)i{ΟΓyk!B"lPK.E:ș1gz;æ3,#vZ4C E3 קC +v9FmNH%…riBxU HPSr;rQpݞ-i@y?^!U#{ryjAzI}Vd}#B1|sV;Lelŵ'2@ޏW :b]/|L[硽._SlIiHz7YI <:pRW pSgȱf>K$lm (mH/u3+ ɂ*3Y|ۭt7( )UU<֪E([v@K6":P3RRy׽L6gWΠh66d\ow#:3MdLkp-dh7UE|\Qx6v|@QFE~'1a!ZQR)Qa hObLTjoaEQ6\cA1 \ty >CrաD,( )N]Ml/tx3_yRrZl-oG4$5S Lh:X$2eDf Tؒa\G *?*Z2p;^ijݏ(<12—hg*WA8Ttei6:8Q]π?cV_K^ T`1\UVE`71yBToz(Z(1nlo(vϤ/{=d%`߸>B$K!8l 5/? h5*@acw]SqC.@n?-{7k¬z%4_QiI)*yvxh6w^v=K?D+ZTCuaqn>>FeSa.QJj*̗ .N,|FC`Kv#F?:5؄qV;GnrVN5IY8VWʦuf?¹vz#olYKp0V)!XA' XO X@¥_*C8zt\9b=5Dž@Ke߿W_}ȭ.a~^b ?F?}@;ĎT[=QCSk3xt'DvU{/*0HιWSb0QwY']=3e9s~.+^MZ6t?w(>n-7&"fxRJu(n2XoCzFwָLa$ŐVNYʳvuf$Fc!{3Ҋn~ ۟iK :}C߶]syݜ] X ԃ^LS,Jv-z76A3+FzȻCdl5,AH]M"؏Dvhwfʇ9 ($DܯLÓ)?oqv3>ʺUF 9 8>~ yT-kp,Ra؝-gS5L;8Ȯ Л~SigO"T^G^,4+XSE`ʢ b䬪#jǯp8 hotRO'fyfN֏A잭t튰apnm:TPI[(jpxˇ3+u+;JL+)rcZT,}1QIlpH&1m0_P5&oz_7{Y.ϠY/L&~ 9/T,I{͆!_J2[GXݻu{ 1H 5#1K5d\Mq  V͎(ϘlA¶%vz*Jczfx0ڮK8^7VJXKeZߦlze/+|e@zy91pZgLX/C#)v?Ęaﺚ_vNfw^AZ93G3d=!Jzx@u^ֳ dG)v m#_lMhihfniK_2k¤h&$|l D;JJ4>p@#ٝс%|v8! =.oUQyIzHu JF\hJnir^[FDZtGYtѾoiwSdP1gay?E 0QcL Q߁ܬ  \( 1S߷BzN9rL%d*~$c9tvTd8<\~IwBL(5qzD IıF~T 4]W=ަq{Kolbvϸ҆e0pLnF'okмa gN`]9-SħV`=*(ynV#aN!RM˼rױ9ܱp!NH>RMj%Qjuz\fnG9iZ3=Nx?u\r(q> 7~Dc}f';噍Sw$J\!F˫rTg[qr5t~.=J4gpβtG iqk.Ju{Z+4l%8/h92k"6Z˘%mtFU`ڑ2h8{LckzC bc;cn},}}Whx] dp<Ό B,ݒW.§P8ABc`x\|KJ зKM3bڀFeUjmp}ceLطz_<rMb5U*?xoGa{.Cp+W|==VN!?Y0̠) Z$AO(Wl{# E"Qn)a+=7|XKgKxNX$`zȺ%^#0@_K,sFm6/g?RVFŗ%?+~kz%Ǜw%c;"yS3aW\BD2`)%Kn%$GOTĪW%|-5~2gVOsD xohQ#:iLiiɐЗsLd?.U gv~>nԒyLт@p[hAS-fhiQ%iOvus\'3H8Cn@^,l=)lݔir~DsV?)(\TA/tZ"P+Yj@v'%>ԉ4Aae:ߜ7=7uBJsBw;q~X EBLGZ)pZ_M$/=&8׫U DJߣB[MwV#uNû?&B5A?Wyv٤)(idKJE~TL$rH,]M!dpnfO e;F教{ը'H&J2{C/ʉIN8+ɭ|9L*ǼMG{ T?7Wv3EPi+[{]d>s'e`t}J;3 aé)|ϫ 0WD.]z𲼑Y~a`X][^a]}JY[H6Et,G2zܛk4M0s#XU F3ûA^/p~R uzw ʅX3Bwg}nuh͗CY UX;;|G.cV+9 l?j=~.݆:B$]7drYJHKZE7Wa̵?pDPբe 6t%F!;ȳ;YJ=KaZR)"C깿; gu9F;$Ѧ(H&R.PʡvėUgzE| qVuYO־O]T>F /H~>M#J; yݶ9Zq!ڸ^[%40kb $Z>+W,J$YFF8dY[`{l'D&.ˍYǺ8?ǜjqؤG BbD2նm+2rPvbF̈9E5@* W< ޤ?u﷌rZQ@Ҏ yC}j84?s񾁽"Ŗ,׸̡mZZ!>.roY+ܠ4"P* #L GMd1`KZ\Fr T,i]7^ dh\ZWY $iJDHE+M<0+kgcB̻p| }hEɢYͪ=xmV&'V0J7 }4JWZ#lzgٷ<"c"!ai@"z8UJq4E62Ȧ3d%F_:SV!+qo tT#5m!ŕ:iq" 皤q,@fbRk~3=w8"~J2&跮|!?iK7z[oX.鱠|PxZw?l< +5!y|$!u O5Rkc8+=a֛y(MIg4z$ o q9;Ys1#V!(1c+w'ɍ eέg3yϟ7}_\LflfzB㡬pPKE,Jl{I4,Y7$$®KCP,:"A;nL[٠iN;|kYZ0D G1Dq,Zy6pl+;y2Lגp3/Q !gQ?YVÓR_>ٲ {K-G?OR|9AJ!RrNSٸydMOxf?` Mn_5MGvb! kv}UQ߯y CO/J$ I{ hװGgu4UێCZ=2/Z[t{DsP v){:xzAuBx Hηr 2MwcvhRK"?"Hj C@DlႲB]ڎO:VR/Ǎ8&Cw {ҨYq\8 :$Q 4l !5`n ɯ&6iBɾUSgȁ k7 !fOg i]%ůOLmK]qщulF3x,Ѿ"Wo8Dm$GHzç|!>}Qoc>"\3iŠy$NWAlsOW>E>&J0å7 t% ^Vjdtx];$]$X9sI==kyCaIC惯 놺IMA 8-}CDtx޳U *A{TY?:F(̦h*uS/8rTO40W4_iz+ky{I6l3L]P!ъLyX׷5_wԤN'f~PdUeH 40ܒ 'Z}%RPĐ9F2!Z-x6VN+pGJܧ tt(cӎiJ S\tqXm oqĨ4Y:Mn"'Tew8;?~~6:EuW@' bŵ y4DC772b+MɈ^m[s14P % |q0% @yLa]x8̋=A) 345W)a1&@'(W;9@M gpv *{V·zF^wVœA[4:x/̍4cĔ8(/oF;9uq>?sm37xR~^2@ ĵGz;安]ygvE^i_C9ݵuȝLB\B9~s%k"GwBv`Ao^m4C!C J,C"{PyqG,$y~).pģ "nԡ5$;ؤq?dإes<݅;5Z)-7``:H^'ހe%aV3.Rg M?轿4xAzj!)~Z,H0By3vYy>GmP"e;i9\2F>eaY;Wř fhsN 6}.k6wLVH$PX~G+\ ѱJA#)#_P3CާSgtcP,@cTn(  2 y'>r9q1>LJCnQ6F捌'(Yn4{ QiKBxO)S {%UL\A}oM1$\'pET<Ä~H:_iJ}zmLir_.%O\9 !Zڙh{;&1xRfMwJfe(.9^7r QÔDn?ǏLJ4"s4vɃ+8,ec.l`%[XV7][-JԎ 3,wCQq]%RD4 j#ڜ\`8HSe i !@ 3'9y-8svU~`\=5 `=.U\C99 ׾%^anC@ɚ&ihʕ:Xy:Ȇ;w[?=&plh?x6;L Y4+kѪevЂ>A]#qԐw)Ĩ Pѵ2b/?!1yVv^3|Yq("l!%VC RD!\lS+T)WKKL8{ quW+`r(%yɎDOuYoq%+ICNet!頂*jGHb 9ر]kJWw>ų+RB}u$ 1s$,[ J)Wnxq^a,K=NwUx[ `Xs/zo#,).byu B5Ducw Q݈fA>?MJ~/7h",RbpT';_uAccHA Q v%1uG};3 _հu}0iEKa;ߋ%50aĉl0&p / 9`VN}ޓ6@ɿhR_oѿV7py\B]&b3RJ`YmfA!k>N/B4WEE%AX,vZS/y^l٪*LP& ֶ/JszY!fa+ԒhNO@$jC7xd 8Ji(0Q[ NZۇ u9$3 %;ssmӋeC^`ހDwTr*I/'+^ t 7ߒRiQJ8t84Л"UwJ:TdXrK&TVPƀpJ*Dk̡^kGAaYU(sL.Q-oò 7 y;,ܳmOvk>yT] MPcP.oˆ5amL۠fL(D3vt?|@#CާfM퟿TPEhy7"<35'.1kQ B(/,+%V'ZVS</OY&\4Cp-lF 9A#ڜ$$T?e@P_!r3pn3Br΢6az茇UОi#ڇOѮ\;3y^ ]rn]5v\"5Dm|J.ݫ[8\$ݓr$sVAkEL|hf߮͢dv|u"1&kמW6=Rqɧ.G:αi3 mÊTrd Qޣ1A܃2S1yKǢէ,~u$LS%^Jr?%{ZNb"!gI)K8C'fk^ڤhL^˃Jט"+p ;5sa~.d=fVNUARtQGb.M~oiԩTHiAP&|PMWg J:NTjAf_va&s;+ [ Uf)b**.5lhidDhg)h0rj2qJ!֬:p>ZHȮ[_)R*NK b|_ y×z z>6Lax?7PHLG#㳕6PPWŒR@gEK c {q-Yyq)}KzE-jq&{v6yr)լ{ ,]@̔x*@ҀW9VLG!s/;lT Q[ #F3^Wj`[[?}Рnrvo ! !_\562 *,_>تb*9͚~(2C3$ۉ/vW6Z>RRA yxbH+\9+Jӻd7_Xiz =]_YGߊ=k0 q *zSawzC&Ȯ4">gϴG MӹQw{) ِ0SsH9Aθ?N2ֆUqɍORe@49d>JdAP98 5r 0!+u3 vFVʶ>8%w`k#*ٶ 0\g;+I;Ͽ0,H07t[}K,ahvb[er1_6䍸\=g}01>ƫOo>ԏI '[Y[{!scTR3 'R}9IgA $1WF+聖6qf'n/a>=SqxcoZb&331'M= 1nSuuH"#@3aD(f?j6%iY(.3]*:Y~[JҪ M@sN\<6kxHk[,>jPg[oTzX`6xN-Kx])޼&H1h̸蒖s֮7L8O%^Vx$B3T(JDD nb+ D&0w.d*8b%(H p18EXaU0y߷.}"Q9S7TJf$Sఔm}_EOK}j͗T~`_a.%+a;2D>Rh|% ^e βPJ8us,l:xXNc\>mb~X6v*?I'Uc|2ejH@. uN('0vVqrI6qW1:`G5 7ulQqKp E> G"&lB`ğ&?f:og eWnscc3MׇXO*]9 IAݪk]gw#َ%V)ԗx$sFw&sr߿&0(k4c3+7nw阳S+aocp]2ObChښkf?Gt!Nz叉)c] *Db5ƒ˅WLcGjGJL8U *[prPx1"4u;&xbUI~Z:wPށ/ p2;ϮOLYUj:i??,t۹ޘ^K" une 8Zue_'x6Q[cw&@>b$PpJ2Q"e+UT|,1lu1Ne<8%\{JJoaw 9Xӗg#7935DĶ+R7x+7j 렁'nB$D&M1M>(q? T"߶Kq\Qb?+( f9kR_wk`*Q }QfG)=-8v=WurLPF4$]ⲵuv4;W-Q25@+rB^+^8j)Dn Kz=CF H<@ZR$SMEΟxl3ct kavԆ^,D' HYnlqJc|cB;a㕓OGErp/,Ѭw7AlNB끔}mxOӯ8{-9;3N-2_Q-; ή2E&@о=\u8(_;veHbH6)kN* ]R? 填t>.Ҁ2Y?6Q^Ҧt F`D#ƻu"i ,PF -*=6CXQJ5 ?s@q蛧HL Q]M'N|.dg?nN,GJZ-> ǘ97ۯƸD`=|(6"BIu (]2BFq~Xv +*-QXxg*,b ,%/5掘CgV7_{~M˕^O|E8!n_(N֣/ ȴvЁ:lψtxr/<>X ZoATdɽ,>2kûJ9QEovmS O"~[ / p^sda9z3t&ʳwN!h @lI\PeWC0RQx|u72?)@ io9ʠ7 ʝ``FD" I@EA˙.ԯB [2n2se>`C*j\Kgp Q>} 9pVx&IT?.Rāl2H}%aO~I~{W0oᵜ{ZҽiKJg2*`8I}U0b΂ś*lIrjDe֨3҆-`jnΧIn,_ulg޶Z2N@~7TXKMn.jn 7͈jN>}L^-b|t7ă"!#m BxFw CY5vNC[PG1&Sߍa >rn( 3z EsD#3R|]hA~ExtZe~#U'FU T1K{dZaund2vdT[MPeCQ;EL"[o>Mdl(ـ)τUj2>iYĂ't(xg< &zǬIA㓔zʻ㕝2-*7 -MimGJ{8[{qu/>mςI`8^}i)uAR"vM1)d9T<]D/P>+ }eDIy[MWve6 H3ٕnuwRҒĴ;X6e Pe8#`jӡBܪ_yD N*Ьshl蘵Y>j|U`f,.+/WG|_/'`\8pK S1t 86Ϟt lT)Dlqi<~ 쏽_WY7n>lL~ip d7?..3 rHfMۻB򥈖ܣ Kvr|9R( \񏞒N|YN(q.Í%O+MX_isiY!^[0]Ɯ@>9Xaf0pC+ţ},N{P [F&67)A`7f4\Q^*!pb΄>Jc+Ida_<>oiE\&RJcUiA_"d2mWpoL=[> Ga&#bNHta ܙ{0 ?F*ٗ(罥rSQeZ$Gҁp-\Vz@hwqe!#&/!YE"i`[y 9.!`4aW#sa 3~X7/I xxn& #+kbU_ %{=R2,} % XhQëqRŽ"͛_e^Q <+{J\=(ni`U\Xz'W*{*u'&̰TZod&-(&1/~<q/EgdUw/dA5Tk( Z6IǢSQf+' w J<'):ECZIR_aIyH"U*:6:gC<O5Xp# c f2$h$&O  \!Y2ځv2-j*h 53byu=ם"a6czA1UK. S7` 8!湞a. fҡEp N^'&h+ۦ<H4nE5UN*iξb0ڔcQ@43 "Iz]4B Mq5~ˢtuk=|,Rn>~sCԷR9&$+6߶?k"VA#u,Ouu1ZIJXB)+GʂЉõz W"Y;7'=|nFoPg@C}V,aїۮ{}8 3 R sD̯Dxֵ9q8VU('B/zjǍT엯LְU)DPbI _3LsLrYػ+~CpݦEۋ}U˘V:B IΒqun$EX&xFϣ(ޢ8VFW?퍵 |ۭkӄD&|QHݯy7UvG;g{WǏh\> 'Q$6PS:=x>9/'9W9H$X6m*Dk뮰8O3i9MshĮ f9.~,Vt:+ޕ-G:!b,k$#ze oykjwqj;`d #7kbқ#kLkcQ9cfZJ0W^MWDW)"%!lЌuJ3]*ʧ ~o`T]Z](JXB_%H3 :>AK>T8%ncMBB_1lӜG-1ȗ9lT*m3:L Yq/.+jkKKё?Obvjn/p* oޙdϚ p l)r‚:#_m[{&^*p$`u]}H1Z*+-Dˏ@f@WkSڻ\;#7|9UV9mBk^wLv.&^6eZ S) W{6V@I bKF%J@(27nm'm+CR%W?#C3y5WwLI,>Δ5yBS)Ny<=A~~B+q̥zK=bzDߧt'qƐY&gR7+\cD{VPb[=r f=8-Ux#T/_9KӤ\K!*u hF $2v!8۩_p%ѱ V0.UX,i=z(3,Q<J,V\FdJ/D'Ol3܈cw|X?ҋDAg XJf_ =WC՝8_O &AQQ@`Y$`iO}oŴsB13' Nw8bK&*fYlov Qp!ܔ|%RWKڈ#l2k_(qפ;_v5Q{ ŲAMAΣ=-rT_2ij^W*QMALr>X`(7ftC$wj(sw9p%k: g-ڰtdًE /+8+tY5< d̨ǤYP>a%zO]ue5?~dhG:M!6+!Vey:/8Jߊ@YRJ[{Oټ?\.I\ɬߪ]$lB%a߹¤戅![X0ĂJZBˢ|XJ /EI XSn$C܂PxN h.XU 4I\D,_XnU5~&\OOfz"OkDQ`L#'J ptU#99zlPnڴ<3\&x̫(8[p~%Jt8mM ߞ*, Xt ӓ*pZ$ ^@?Oq2Q.gr%- c!ۡVt/#=(Yyt-'(bz#Y@ry3z$c>[Ch"5HDz.hx(Ir-G ù5]_r*FuUuaA| 2GS8;t6F[SCo??.Pz_[n6Rj"Fm1NrUy?(Y&#nbF$8i{#zQc^'yv%2U9%Ad_g瞢Iͩ(XM%Pe"[1 sz.fܿ p͠%ٸo W*yI3DZgF%x'ԕlMVTwkZMϊo-ɀU 2aƺ(I2w:hZO!.VO3ǝu%xd"8HH}K[%52h\^\%B[ mΜ6%Xj~  5f PFԾ r}(TKlSXAL[eS/5l mGjhFmYL Z?إgiHsN ~C VvwM[)yl˰PR4֦}8+D Ol(TPkW ݌SX>xMi|L?@pj" 5]ڪzszr4\\Y*@g>"2+X,ٽsU *ɏ|V>}B!Qp?iDhefz|| 6,zPފك}8^󼌺7춏begaFDmǻj'#>b1CpsvZ2{}4IB>(r@-@q-V1Qx7^*oCru(Ĝe6|Vka(߅$eRD6sSpGכMg *C JӍڭVYI84 ˇ||=tto4@4`ud3OFJ[K cur\pw-= eԐ.R8JxSSh'nI3d3(f Gp(ث{_Hգ y}gӡ٤퉲u,mY3^rG+No# 3Rn5IZis=PLB$OP{-XBJ<[?~ϫ*uC">KhУG<ҲԼUm 瑜yFYLt$:މf!44@xy_$`b&_?y$Go4QUcI/?o^ٲ)IaPE@uAajox.A؆>Ͳ59BARN򾶰w0\'Cd%BMPJW?gcqPsor*vA^҉|pdhӛ{q&jIׅ%k'aLghasvKގ k- V#oZӎ' V`Nc\}!QAJz9N2\Kdm& j"O/8/=S୮zj"ЍqOWƎ J'ŝhуŒln-bEt&ԫQvlwfUS(qtUbq2,LQά.x%$Ҹ6y*BUjzBqrScJ.xz^QrepMX_Wu"DQn->̈<jywR{'|km\3SB|S{+mj5 Iq*T¬I@  ^%,52oF!ai>- 'd+m@ '2 R۽}iwko]Dev |xAٌ~pzV:"&slk|}Bsا1S)޳qFnsY|^o._^İ[c 0aeI \#Y>k^-E1m&(o,I 0Tc(zlȔL 霈Fߤ<)zv )P<# W Yˑ߯,[e_M\G>tmZ5&_6< z *cP# p vF]7PfM]-F\4E IM5!@7*YQ Qx"* E{Py3jYH81 G١?ܽwi^1^_yV}tSD{CQ9ll-B.U5$M`#{=XsϿ`iz:A(<»ďF,ƽ٩z$>Dc%Q[4ŁUӝ?\xXђ x+ۺ D;=bM]eG.ɦ峮݉Աl䥋EFW4Yb_‘E܄Z;VqgXo0$Σ Z)f罤tnj"0 6oX&Ȣ8sJSPE_ gLPgnvLul!ϏK># |r|VCI(뭤ADKu%Zxm¡ ѳӁ^D-?uم+%\YtM.og/wb8AC_Z-##t}LYGV;^57k.٘IjFR g˺#!Cpt #@>]E|zU"%[T7e=hSM mJW+Gy(FɅzk`KgL+N<Ɖ!G2.!S ;9Hu 0J#lEH&WJ?c23/0f9a~${M˨u@T8G]/R.:[&4P(W TLy4exW@ B_&>\=&n tO' PweI"֋<؊_uG}Х{6!=Hxi-#fOރJO܈Kr]|U!m>K(4gSpj=v>=Hе\ FBfhBF]O'jA<ka ;,/"}zULAֆ< JTx_'o47nZ(I=f;5vQ ;8̥N`&Eݣv -;?prDJkt JT2}S̸J5>#alyJ A-e e?'o亐&I0N96(bQUQZ!̍D8W a)|.xͼ2ŒB]iO ?T;_x @=k.q&s;/OȰ_}/+c${hMl2!hA' YE:/&{NK|;y2cW8^!"M|M zⲬ@qA/ڵJG-r6Oᷝm/kxBt˲9N^nå P.I:Bf^i1n_qGMT?A!GvutZ_Wy~!"J+yyW^3H㵿-Lf("i[&Gqd[*֓[xhQ{" "CjצHs.th>H @H<ɕ]WUb%ˇwx7S}ȁ,>Q.=Hxm|$R(e,5NdI!qۙd9S)fv>(ɱ2`2݆1jdTeD؉?Աn`rUh\<|3/Aų52{Qft&dΈ\KMA䛡GNP=U9bdk<)#F4Pm$?|Bͽ&58|~wEhH)@P%X46Wuf6-Iv;ɲpT|}A7)}gEU :I ATv5޷L:蘤@fHCޤ8, [(>'B/W, 3Qڶڦ^ɳ8M!/ ӄavE!it;bwԐ*eקY$Hp(|y *˜~nk 'lm#YtXX'R`@5ϥHoq$MFZ}M %&H1%ʁ6|cAF =Ub]HAnIH; L_|\s{+æ1}~_қK̨\иZ LF)s*NU_c)ּXb ԗ XeK<!ϊ[YE(; ;O`rb *D*A% Ыr \8k1E]̈́_\\eA!E,!'Wh+,`u! PD( YϜ=U[+d .n]s'/۽Fj8{24孋M6qowdT9W5c}Gl12,ȝ UX{0};gDU?65gkyR=y?Fa)Wi(?lKZ8dRxcC?"qRbKUͼ`Qw!\:B>.mQ+' W kK Yҽ16}jngTڞPBGq AQ#\a%p:G< XpfګZ0 Zg~O9 ~D=7z=XoSE>A/ǭE3 l?8[kY;x2Wʥẛȿ?vCʄQ(|&]<5l=7ޅoJV=}`j={݄ϚoK"%2 v<oSX kL!<r}pl`^ND8NlBLHyxyy lyp'ZXp:r-]%vuA1.6iak7f3CiH=2IihEcd?kwן[ORK'd RLT J/D )[Nv_+iLy #WUծ?鹞=; oҐK\F)Abn. j+m1N$AR -du-'>!ɥȔeRITb rS@_ mX69䉒 \~m6 ~ p g!IG8_ʼa5o`GJ~>i^?D*5 `"ŬjZo+TT2,rzlVב 5|lSޔDTLG~@t^TI>.kAzts?h ld&aJZȁʿ~9,k'^~Zp  Y=@V+OzbmWx B עϕTS~8`zsFP OEQ[GI~ߓQq~0𛀀fdS.9^rJcv?:׼1=Q~ZOG`Ha#ֺ/hP{ 'GQ\>owRkN*p%ԺW^vtg98vADSpW aI1F29'/{rb:04;0=#I]s:bg2 A<:ٚVLgl\5oҪu}VKv1k ּQdlZ 0gk6,HysٸX$(g.Vτcw"t7&+$y\GP&۟ۡsVE*jؽ!i!6 ˤh=td9:Lk2ǎq{b;mk8ȯ +pr}?԰7dұrrQPW#o5K?jd/]jIbm8(9XR?"/1 7z 扞.iÙ5?yKԶ6,(5VMJiY'{P3hl墪~D3+l ]0d۾˧D֦X_p3>c{uK2B~^HUƹv` Ʒ9U%9E_+dYgU$XZzsfZ(ee]?kf`fO\YQ^LB?^XNIJUggGKc*-W#Y5d#i+vSĖC*o~/G,%wxJ6=cZ2SYˬ0oi_L%r1F̒jwzd,Ү>!y92Аz;-j7CCQ*x> ;S\|BdF}@3P&Ѿ>D/q؟ :lXEa~5{n&GAQH3Q. ~,Iz Hugr8 VNF0-Y9dk pvF_a/RVb]G0;0v7yӺRḪ1UͪFC:n?BN^,*E߄ˀ1o(|dSuXޕ }K}7G)~62-1o*%pb8uؚÒzN2!f& PDϖAG>>u&m7ro /lA43U#* 1]k+ ) H]=yI4'lӃ~> JRg6}xydeR}X޷ʖc5'm汚PQD%"W+XgߡNOybki+^5]LoЩ|q]x47"D̓8kGQ3$ϐqry=?'bA:4RUC:Upc,h$)vĦH`En|:b WvMS\s1׾Z+ؐ~Hǩ_1ˢe56zFQtQ&?qd"TYё VmsNKˑǺØ$odWZeK\._D^u~@)KvAhEolmXm͠#Q!ɧY~?̋ɀ h&굕7$hC>N;.ЗAxWā6L Wf<߿׷lDMfTUy~Ȓoubzm+ӈv(؇TDd0@9 "kqaZ˫%!9I*C1ѱc0ᔃ+fY[% A%da7GÇYȋ_4C.vE*ZW6 }6PNx3!hF9D<&&1_>p~Ţο}{" )}".F)ws-aH>xP6$>>%dMtH}kpާK;?E.PD:Zf4CG;7ozŭNw2j1f>ǔcdbkx5CJT|\\‚x)տu0,}Gȓqs2JfN. +Rz!a7G#-:zp,6h\9OmV8Agl+yş| ˺E]}!>.͐Xo0,Nc;wowcU)؄*N9,r 6M&gTn|)܉6VBxqZIA頚q*̭(DWm =.Q-G oX;wzΎ;6ND:K?QERbnOK5$2#ecE^Jͮ41-i΅iȝ,?*KJȩKP2i&<6 LbXS畚V;.1L+utk$[^:?#42ew#/Gf;DL.DIuq #"*VQEd?+nMi ß m4z!xz`| ;@at 5M9I25]'wSݜQI0Z4 $s!>(L0r1grvD_1eڔNf`iaM;GtXK}ɏ;8OHBK$̦SRJ1S~L_ ֺqwb >8H?c¨z75fJ(?g> ?kcD3j]=!ˢn(O2!~U0 m{]L3S4 +Է,s^d+\~uJx,wLk: j#%8~LӀʾnڄȎ*F@DpJ`ܬlRT0P7|R' 2s8l4R<ֶg3R52tSʢ{zC'mHbdgN4A>\;I"p +ua[jW ۙ(mb oHް٦AϾ_lڿJ,EM"VhI< 6Fv%:nⓠC+el$Tfw|]E}w2V4q>Z`^;&+BD&j 9Ӧ?sXX+k{`H0JwpH#_7CO@(|}ذyCCno!)lͺ;us =!o߅$Ej`,3+аoȯQ"kjm U\ѐҩNM™;Ab0 ΔSCg˜B W1OU6k nc+E-*l4_VHwu aܷ;xF0]{k_ L*NMЊV6 a" /.,r~5`v_ʇZe^C)AȽV2cu%D0h `I L? }P+`e(섳Wz$ Jtr1g?YP&襱"SUI`fw@Ww"-!e81K#%;}IӅibI0-pNf~/rH@~w8bK_3Z)&+˽H-@a 9T1j}k3qw,m9KrgxdxGғ3e͉g\7&kD*s99MZ>< F!ڴ2**@ˢhݼvJs/o:RXTkf mϲX8ejn] /3P$e߂By.PXM4tvBVUēm=NF`)) 3i {1`N(vAρcXKcoĦ&l8)eyi}R΂ "cnl5n~8fnBle^lų³xK9ra1,GFjytzc5KJ'5ÌԬj2Sg<wEp&깲Z'OQ5D,#輧gZ~>PE|x+{zCw= e?F>2ꕅ }[F#`ڼC'us'ox4 NJA\YF.NVO$06{w rF@P-V@ .-sy1 jM,ۗ0ʣ~N~Ɓ.iqAլ$j֤aܟm.G>:ƀ iMrpZ{( GigRnCp@O83 ~/U_][6gnj+rU<9!85eU b4$W@v΅EV,|8Ϊو, 4?tpO!0`ʳe3mUc :sڢ3y|"{E9DD]MD2%O`ZYI)QWM2XRKk\=9?U̪C>z1&q 'B֯rcˤ? ejt[SiS_?NR44-w`'IRBdE*RuXRz5)X<C>4hdgd:_mLnIgFi!#^zHTCS.A8^=cU=ڴ]o1Zf'&3&-Cۂ1rS2Hu?cRMMw? 1Go%{) +BR#jA⺅ɦUzq#WMwI$ dxM ltًF$m TgxwjObGJX {P©YCOP$%~-}Ⱥ[bHFaW؅#9M-޼y?Խ" nLUv.ꄛl $^ȱ0)a<U=G> fTͭm{%)KʸUu:a$m%\b(dz`ܕࢥR!Ӓ$/?_p0ҹ)- AݕKtB: ـ@>asku2xY?ML~ x'#rȦܣ5"?֡mLt#} ~lY<5^p:#U.9ﶨ` FK<BCf?4k}AĜ}h/w,𞻜 B㳕tPnf3(˃$5ٯgq0CX4J[ԚA?n&X\!Hg'KS.3 T ,H`"Ag&ڔ<ٻ\T*R-H P[l1Z3䵟-y E$0 ѻC}`nA7*칐29.FRZ(u.^ģx~lDo'g wf`<>\%ִ٥S +!L/_bzAs-ԆWo(i xp5mBT'Sm=w0% 8 4'Whh@5u;-8IPDV׽,qADM]kSdb:tB0 줫x酒jZ8@-iI}/`&A,8B9qy8,M'nۢ/T+j (=#`Yq6هy0%LC5>OdMK^m~A~Ru4K깅@Rj˷Ts8@%KJlRR Px.P1v\>Tv8(ƙ\GQ/ s ]\Y ـH!C%mF+KTΘ_vr?|1up>s/;/%W[VWPqb$̬#fֈX&#-D*ݾ%.ڨy9FM${:NX4>4ta\Pۋ"9\Hx<˿M܁5C;x 5MAɊё\Lq[;OiKd w:a~wƿ6!r`5Sy^W BCRbof/-Mn.L׉ԅFo1;N8cx+6uT!)RGGz 6IH]yk 4tEr7f*5b>VDW3?P,Hv+Z91 2@rD|rr9#z@[sG~D&DWځzCFkU.(3r$燴TrKR)dL m~I#MFc 1dՂ_ (8X|rj,|شpij|5s$ [HWijeybH~A8t_jp7 '7}7AQTbi=kRD#0%,lG6}n|ՏI|#xE2mMwezvXMm5+N-+dN-eJObq>'N*jڿ"h""U *yŷwS^}G4T_W)hO#9V7_) Dp=ox~~xg۫77r,_myS be0j$7.]f3rFƗl]>OX$γ;6!~ǞR|:au8`S> :(1%-w\NB>9^- GɃ4YW^[[eW5nݳґQ'\Jg$LQ)Lu?>~ni')+Qh<[_KլrN Ea5[+=Sj7Z fѺ2Q%i>4F0l<\ʌy!Xgf"yEQK $xy̳4悱T MzwY 'Fy~;aQ1Ga^wCQoQ5ˇī[yr\$̧-лgDܯNs&RV7vq!v¦kٔ"ОBkj/cl[`ryCMmd`K>ӢJɞhh[i_"P !c35$&?"<_N8#M\.9ɿE8^Zh?=^Mu֭ۄF_fiMt2{ #U-ꔠʡ-^Ą\Bz$%F +zv W%cMGFur=LAE43\$񺤄qaS]$xh9;v/k2kŢ vtQ ]ߧPqrA&O_ Kh "\*Y<$ޅe急cр~n sT[cx?W01k*{@ׂ~Ys[{Z&\vLOїS~9:bWW5+JȊ?4/bJn+ԫ$/QmWIF&pĪٕ,z8M- WM VLկOYJ})‡ \,O9(rwQkK*tk6d~x*A7xb꽻{- )x*>+%Ҽ ngVWZP4xy&ϡc #v鶢)2/lZRTB(1835gLJ-<7rnV?d"gTJ jV=/\anZX6M:qb+03^]zi SPi?]4jVQiX/x #Hzq?+33\~ =Gxa1;6fP*LU z"EY(YoWZWF Yӏc1˲RӁa[twռŏ&c5u1LuQjt}\7} OvJh9kAzk0zRTLCR[\2'+f[' Dwԝ P ~ƨQ59hI>6L.ù9{2ڛYtܸ酅DI,l/*^"'-y UWOl2wv\4OI%r$;Ld4(bC&Nn3[GT"U}/YWf|eN4𩆸8d]xdhZ 8.M&?渃V&*=lKa>k)@xȶ× ĝ ?EY8A ^/9,= A H1WSꏫ"F؋5F`*cϕX/ $@Go?w-0Pk6NMU'9kW7fJ6T'UgX^i8ÐXtnm,0kl+-I}l;͞4PYAw:/uqL.5aിP(*1lp`͉+]# \>09ٿpEP#Pv/"d:_ n!1E?ՊbN=m1 Qei"h J 2IvS;"xr4 ;WkǗG>~2% o3ڮȹ?j !>Tt 'B1% HxgV'V}ż:32i>Ci1T, giC$OP.|) f0lMu$oџcΧ> 2 v;^n CjY,Q_&RzؙH/XӺ)̼9X|" vRBZX/0aҼ~3gEMnZ 'W٦_lj> w:!?",&G< fŦ"EArd(]+? Z.P&qV{I|ǝpT7VyLHMj:!ᝉ8"\^rAW .ϖa(Jqq^]!%vxh(8*d@mlc LocjŹ\CstY27ǤM5Bxσ.g\PB D ~0 Nͭa iN5"H5 ioW&R+ڀr9 ^&XVvjM\08Қ*_wWK^{d:HVM+ӽI=޼uy]&GҾCoUL]#}g^ԧIE /{@mBMs'bH+}dF( JTo pf`Y {AAڕS#lS5*4J1o*3#B}hfxU]lqB I6"5 sJ=*kIbCi*qef'19tȕxH`gR@ 5[~~g&t :۴J YbǞ/U2kADNGv}mxNEʗ YM;p" } kE}f~ro%S1f7 hTv6Rjf gGi3 'h(lWrG*WNb;۲ F/tʔ 5&Z"!=$78 ‹r^ bKp3aXZ5:{mN7U!B|Zg `G:qJXE|%"*Ȫ&t1yS'K<c֟2hWڥCzp *hT'ģ5G~[Qҫ?A\uoRzD1˻8sƩ u]B_/196hCTA1vs[]+/Hڢ6CTW" 翐-y. M hn|ڱG=E"jƴAO=**aS29eU䤰,KoGjVVN\*܋=y>jiXgZZ}j6”޹n61U?ա:VXWMF*'jdq1j9FV.tcESru=!vvuQPc?i;ЯbepA 2lr_s[s 7PQ7b}0.z@uBɭb"_>@wIi$ ?[a  <3 -$vdR76qȏd)v 9WuSYU93a-mJ@O:z?ϷSv IsM˕>rJ6ԣ™sW>:bfKn[}mԿ!י..ڴ1MͩJQYR۱Wr3e2݈ ѥlgc'b2|]AawA2E-Ѣncq{NǨYHp Q}\R)Wp >^e1$V`MSqf$ p>̙|~da3nҙj8);MBnle 6![5~TYp%Ӡbxѻd卞raUGkMa&noa @{tv3 FC Dݠ:s4Jmt:+&Ȗ5:W_,X/VE0f%y0rlے=Bg$ǚ0qᤃX{>Mp_E'&y(R5bn^huūXK.NiD=R0\^6)kD^BY2c=h)PK`ɵă]ɂmLCj2swt$ȍldeB4$T wXrN TlF1/w$ۺsVb4 ^&n+墘ңi;y.D!_WdhݯP唬if.Wng}zWgh'2Ƣڴ4#wbfI_7Ng,ZwAKeXcqs8BLcVkN?8t IhH evШTmZ$l=:d"\S!ёG,hZ!\hz33䗁Q&7 `#L"!ՊM_ UxQ2[T6qo98T,{C;@\$+p13/E- } * d;`+̴w -ͨHC+.nNz 1J܎(Q[(qA^nz͗M׶(ZbASb7P0J YCT }f'RWL:{{{z7A{ ɺ8\WQ qnܭΉِK#=I=8fՒ KxUGÏN J݂ımZR%^_ uX7Gޒ`pucBkKzgymR޵BiHa]!?N9) IϞ4TbDvDc4&F[˯R>5r;U{9Oܩ>Kw=04!{FʸZQ꧌lZRc {8S@l ³ͩɣ|V2.z@@4)TBl,c_`=aQ̹g{xۯ!֠*,:ij=O^ݼ5nԇz[j7N ʑ?[?^|(;>At2HxI\At92Jal oD^/ﬢZe,zz-?=%l[lšXXo-1#0w5\F[umxly>Pjɲ| *# .YЩ@l~Ӫ8wO{Rxh/ hаdzKJAyXty {3K@4 YP 9-K))m&aal@ZL*0cSa>6TlcT{ա3qo"< !d`>*VJ dQV{意=1:)"ɚM);MƁډ5~1PX?픶^WՓINXw`Fznz4D\- /r ި@#/Bb8,mB=iw -CAWNm}T>^m'8g]jSƭxp$Y:d8=WC4 N.B?Î*$_m_,Q*8XH& 7'WqWQ.,6#"%|:w_ix 1agDȌ7L.VF{]M`` eX%jp zVT nn٦g^{QE0)mW{1{Wl9ǝQh?7wu(PL;|88pml|G7Ԥ& M1ґBMs}Hb6Q^ӏk8@{hx;!cO>*sV[tI ޱpB!V {^۸L.i)ē~:u'?pIg1;\C ox&6[t,ߎ%&bȩdSo7>B2t6Jx`\9;Qt7qh]NGˍkh>kX%h>ӗ-Bba~3yvmUw?4/F]~,7Zpi#[V(tQTkzb@"nrwO^0y3N ٥VVjB5/Qѹ>x|LoSA1uCӁ|3̳׮ ~iY=4aq5 qdZi/ wg ;E~os%&3.d#J8E*/# ܃dU4v6r|+z5P ?:#K:XZvÉŁX %Wv㎶J/`w: H$tݩq F+Yq ?_]WT eu|s5_p}4q#o)yg/a/]M\O=NvUJcѸ,л K?2Kf )Ej/OJ;сK- I5XmEx Cln;3ET]I;Fc˦|nGc܏v#XwQwȠcl.bMӤPHX:YGW(DO>ּj;r|yw|%ڮ8`{0FR`zҫF$CL<4*"$ & Ϩ<@|ew)@2T7܅z-njg(>7RԷ:B;Kˤe6d0f)i ChN,poi6NFěP:PJR?_fSs' ?O%hq3P68 .Y?_ HJ#S5!z{Nk+l/ELEGR%N3O$PHm>5Q*w̕=?yF3 ms/.{_d*쇉&=ו)A*v GbˊB``s LƠ u~ȇLC )YA7_h!Nx_JEc 5UjÃY@-#.IZ˴W? ^h(M0X~+0 <\H,XF!& 2+E1vg G:yA$b:H3Tv3CP mYlPrr*``l?]0^8HA;`?BZtz_о[2 ܻlB/ɊnU Ӻ@lw %2t `?zN^Mgenϡb&Q/[dɔm?t^z gyi)F,CrVPsS3R0@n^qFõh)yyqRU}+L{YZF~d,Вa}eF |Oo(6˨|es!Ҍ&,4-^!sPp'܄W4EqOs  S._ e:-A 53^7RFB[xfڤ۲d_uk=-(Pȅ HDjSg{[ ɊFXQ Qhy8V~=H|:I(;8yy1 JO m '~׻1ǽt>Jq6Ӕd:rb-G#<~ 94r|)F{ .ڡZ./TnFe2"/tTo}#ѻQQHZh\41/γ~Ŀe?e{7KWyۥe7kw7$ء io)+ k 3HȣpO'-BZJ˶H)oHb[T)K9Hm@.-[bLXXE$Y mBȗ#^l.1JPM{΁(oڄK* >zEKjRSd>qڎ! AKJZϵ+0APclyV6\!cF(#A@ح\M9vJwr*cK@@~L˱A5IÈ-Sp1u[(iIYT6,q1BrlY+Pשs o AA.C$Jfe>&V%^ā̌K&{s1 |M=( `X(grI.C6~ ҞO ||،Aoh+5%Bn=,S"yA;tżmv^||&>kҝ_gJ} u Q\uIkw %ג;*ޘg C4쑫 4|V{_SQ]LkI. (6cY"]*>%ˉ2CN)E2}FFR`RK&Cʖf>Fj hgm~51lLŎm|ćeq[<3݁sɑ}x k_E^0J]3dỦ@؇PQA!vVH}6O$nMlNlxiy>P"cd`4j;8O{[GP*@xI .=}fT_x|~[alBV ZsX&B./~Og430RuGPnk`eɧCwE1Kqĥr6KGq8}S.)c\T(OObCBB pLZykp<1 KW5iYX8{v[ߙI'- vKlP?}Uh6،<[XW$ vw_=Ĉ+-sỌJuU1!d\ܫOV6{׆'LTAv'Y%_ުۭg,"_>"_dm|HGa! Xq,;r`ty!~2k&yiaWȄs41 VOMmx#QpBl|-2+:~u-E9>8!;=h+;jݯ ꆖM%Fi4F艭_zBHE+3ςySsJ!F%4 l"wGxGx}KZik욐Z\YR:;ct (,YP熚5ٖh$ߵQ"M ތqym!GI-pN0-Z_Kۊ2W&+\;ړS'"Ί. ֏RI;Zfwq-Ws0W=n iHdu{d>p|7 9 O0fmC}gFH_]&`tߪrڬcHVd/+5C2F@tNڞ=;%ٺE֢"'_՜u9 0@,uJb? ܺo+<&!OD/$B7ruwAMwx#?LO~xD|37g.W1!l> GX!Tn!~kr|F&aN~m$N٥.5@Y%m+Ah2XYxuZKJ`Zq˘Gct;) VToqi(lRώVG,D,KWA"CI~NN`9Qur8kl\7RMT8 |\@~L<<81^4r: BCvOʘ3{y{E+eu99nspjHL'B{/ ]+y,q?j.QxmLbp"R2$)k3cW)ݗ* lɜ**)4aƭ!ESq;dc FIz q!W/Ph[ =iYFzXX2 ǽ;E)zf|X_m_i3)/Դz\̕ChT{Dr-u5KnZpJ2Օ~m2{Rc%d.v1jn xLotQ5fh*¢Ղuv/^㋯ϼӂU H-p3h@yc`IG+_ ey4މĞ$U[p8;;dz؀7~{.E@"`i_8s/M3 jFz<:e '|L<Λ̞0>f <yrJyq<$L# *OȋEo偳Y o2?O1+[433 b9O P{wJG2Mɲyorwbs}k'(~/:4@2м P|DlHNo ̌ |rdIR}K$9 \\ԚIv7WfF7HN]w!G6m#@/B5¥ |YkILաVM O/Utde (A_<E  b@NB+hK`Z7pϘV̡ 1V9aJ-)bxh@Ӓ8ު C(>人蠼.hbҾe%hn)vt`pN Pʸ怄]'NF&${C16/Ua$De}U>P҃,\d]Щ5q(K]הg6`xJ:REA=/evua<;7>A:>׋ɦsy/#胇Zô8ض)~XM:Pكp޲sPn͊v1֬pwi}nyl_SXHm wD˝k::Rё"X¨s˽2b29<~wNY*{gN;A*) Cz&P];oAOffjE<5d H҈3d\SeەݾNy Cp O[?FJ5BFP;oҕasE .'CndsaP<ߗE|mM.۫>iRvh8͉;z0{=F;l)%ז"2'xiqXGL̽Ϟ!Ꮲw5L}VP)0qĈ6/|1[t " -ʆ\q8f5ej+<UO9|c>- uaW DAM0՚Y-t?pOX[s,^jr~?V'o_N]p yIlԋȠŸ/ "ȐUFL^h|q#2w%x47hP72p/~$.p)vY1Qiq:kLPb $ǙU!ALw]^$蓤Lȵk`Z*lWţi~hɱwy<}b^phIuX]&UEH" KMߒBeL?<3 }ŸB2Y8wn]_~@vd!ڵsfe!X]Qvqd-˟TT3Bgy k (w#ۂT(Is^a\ TCoH#+qTX#H^+ {bI}c7 ;[BS퀅׆ 6^mv+Ҥ&ȈqPfah>/Nz/ԱϮYꤴ:hx/ʐԋW\Q,G9S-cRW!"eP'Ci]o8Ήڸw`#*SM챫i N떹<+RNFOTYؙUuwZڗEuTH^>A(~֒#Y}]w~ }x5x$znT]ҊwrPem恗 OwCW+ЭX \d/H|I(۰ !Z*|g:QX~a}(Ot4(H+@S\p!lu玄@ moГg{9nSf=> OlpE=@43"BezX9 ,a@ә]A(m}-ı'`A%l&% 8{UWllk!d$Gh,6ĩ"^ʁ,Ǝ-OxpcぴHd S8{\١ Y) :~K^ؐ599pK[=4x^jbf8š<0|'K񰛾Qϸ9sCp^~B@>ؔʩZ BԴZi$j x}ks4ҁѥTb?fS5ZB|MbMN.oZ9 DP/e6{=Œe{G{'1{!ǐbaƶ $Ad9mvX6!0)'.IpWvJG69甯XM43ũPT)4ճIY +vZ@ ,% :;5OgeVBL:s~ QKio0J0\>] b+L3 z~mLF7)w Wf5kxDx& }n,&=a|3j9)b :FhsO QwO:ϒ]9{a J.ʵ,X ƿ+KcD ɓc>v=~3,߻Mn.%VV j?l٭aPT^Y`+֡QkYuE4t< Z6ȓ>u*sN4s=1["-a-:bN?'oyBL΁M^$lqqQZ *훟()*wGC- pOv\&u_#1ݮ&J<Q3f- ?M}pc\C߾v"F3mȺ@rhnE-YNuʞϗrME3x,Ƣu?;N- ]96lz*l{ G%<)k>o)7 MQņ<#z )jtGQ 1lĖX>W 9ubQacB-[C|(F*_]fLIMWԻ+֓%ISor8#HOca;wa>?RsAdXC'*s*Q֚Jsz;˶X.5&cGZLJagPK`uV- iTiHV1oG;:$-k+t)®۷}I )ffub Y `w.+~bw~x+#kDKAv~yBTEr;(ѽ'M%ٿr+,pzeT$wV w'Q9Rrz]QC\ "X^u}@dMk0|Ef  ԔrL4-, M8Chޑ?7@ä5flpk`ڇOc݀e FD88қ* d4F`;fclk O0@)5XAͮL%s1 8jhA= J'?,%."@f|fb;Hy:,F鷆'.$+9|eW\LAGNy?~keM 50ͺdLP$J }oQ) 5SXċcӀg`kzr{bꧭ#m K_6F5kf?]$ f+~p"RAn'ۼM| w:ܞn_;ـl⃆A ܠe29 DD?i Lh noc6^Ly'~K(~j9Դr0 4c5S\eK9anƽX>U\UQXXlVK]Jթ-ήdzVfC1n}tm^+h֟v'i3 !Yؤ'ͮ"5'aߕT9ӭB"i-[Q D:x!r;w;ިbjAyV]{hrz4v{lUi48B.C}nF[<)B5ဥwZBLRWדI]*PǛBH a;3w߫qB%[`H]>U)Rt"y[yу%=k3DVWV:4fi~|55BHaRm}8:i !Y?87~Ĭuuu΍5}:YCupyoF;jA_&1_vP/V$*"t =#hx%k\א_T,:fESgY{cS֟-8o+өR1rJF)pRuΞJTɵ6BQ_ TbsmlUXˑއ>ύI9tw&M4˾Zߑ3yܔTn lFj_Qb7OQޕ|Tkz UɀJo#Umn_S]huCZrѾsOVeC :mWo~…|*s7y%jteeGjw>0_)޴kiPu 1-wY#xM"#`s )ċcj>HmӅW1Ѝ%ѡo>sҡg$}X 1cm+Fh?'ӷ o"]:srP`v< i{3ܠPlf9wevRHLgo`5.R<r'/Edv+N `4jk%  q!LhGmyr^_;J"gDʛ-M GV 6޿xMƦ?5줷u?61T|?QD@K.+T# {*6i;(0EeS r0]]YVM"1rwEi1׭`望\%{X or<_H*L jJ⚳N&|e"C˸9k7C/97+H5 uui{@#̤ DZZ{JG=(fwtSr(7(c֘A8DGK. ɝSüt4?:kD\jA1$qׁANrE ]sD! !W)eEnV .hF^LXRHzy0̐iw Ln(אF{i#+fC< COZ/d1( eGu[Ư(rg>6GgJ@܋5D/$ qX@صi[䒩?S%U/I,[ۗ^\ʀv3.)UOR?{WuE;b5MQ8!$8t3xyȿdkJJ\qi:Р|d~6,:Y\(cfjq݇5d: ?tϜkA_>o}:G|nfu_y m/Ռuf2\b@K/1`,x]Ɗ0@vgE$׺'7C0`cfS+:ce͙mm_oh a0 eyj΁P +X =ۢaڹIn}<Ve_Ea6dsw{տ5I :Tjِ`6*ą`X~=*,#󘛼aG5rJ%˸ +60뎡ȣrXBv%4$R⫈9hj J* s y}.]}fP (|6~k$uX76|a;1.=(T QJW()".Y9xl [x1TuR!" &[h RMRE<3pV1TE 'OأY]_ƗLi¨I[Qh@ۜ,⪆mee?b$ʱ7M.C* ?(qyuSnf#z\ 꿀c2yF2IbDX Wc. &6]|VRH5beLǘVv4`pK3cC  Sh_MWDn`R7r|żdOP}=a;&obT KmC(O}w\%+Y_'o]"c[-3>E/"`uL`xiOE' !gzxP !$06;,1|Zi0L&[fvu}{a$T}+3Bpl00BNg9½ZKY)g,_0ŀV d~^" ~&$E;Ȱݹ;As2 ػ/5E2e|$zϋIL^2S?t^/dN'[etCӿ i>4BрDZPma,0=“(FR4 NHW.j럲#k5q?aE?!'ձOâjz1ǝeN=<@`kN1B@c<&[7^ۡ3~[[`?l"hܺ *H5`=F"oA BtEu]Q .AC $.l`4k}d@-*VIm1f6`7Xͷ'DEaO׭CQx:jk`?\.q+2կćVղb* ^՝HK0#vگihwu +jUWt ?yqth1]ro6:%ܽNCm\)$:O_h }5j"IcO ZMڶve=x a;wm0,{7 ;P1~?WȲ!Cya`upe&U^Vt ,ZsD {EFy;ԛ9 ]aܣR &a MgCې;pמZ& 3ZPZ5b`۞.C pl~B7bcSDYfaB8aؘ_oKJԄA~+U~zw J?/ cC"дXprB̙Ac;Ѹeˎufqh~CG:1},#GA(#/V5G$I ߠ"\zH%;8)ͺ%M$g'&1_':>$]\}G.If3ҍ |5xd>^ҥ)t~a ~߮L|jNn\NBJWQI9UbAJڝ. J 6`@9rqL5f\qQ 33m\3ѣ8*X:9VI|W,zs߭1"R۠InG(^H?ikN3ֹ"m ,˲ʌ It "J<'5X2$_R7U}y ٗD#cAbw[Z5e5;*FrH:>|p1ʏ|巊Ppƍ=樣P0yzġD67.°sޙ|Bjr{1C+ᦹ/h<5]Wxa dK`G}X( OaτPA/I Ek}N-OͮpfD(KO-˰?fWLi:_~A_s͎rLq82|0x%+PQqk :A4q;fYjQ:W ֒|CWUΙ͂3kbL |/R 1{B;׶a+;fgɈg7Yl9sntlئO:HEG % z5=&\: *WX}V$L Pq|ZR=)7PAuӌx9Gq8gئVBg٥Az)@`Ii66k=FĘe$ġ\@f1f+ sè٭2+øbc=>zA) tC@UU g&+4YrTpZ,!X/ۭ]TͨV{ qzV}tŤ갩ɽw""h.Z@8Nh8x-@^*߰"0O6a%`]fmnhX#zij~5eي|]j* 0C&p];4CQ쎩5r:&` +w{rԐk cw P7AI3!WU1hWp#Āke{j>ds"-]`~D#8:I1˜XϨ':[y&{;9X6l^7ȢJݞؓ]i-0xm%̾.Z&\LuK#Hp辬e;j(棿=N1ZX2`h]AO?>)tg]R@ q #>ї2;K:LV=jB00`iJTzPT\:RE_eIӈV~E21{3N/5ie~-LPtpDkq諒 #hF-y%;5+[{ ('1TږCMraL8%^,/UuY?%&,@.eԘ=ib؄8ůBm0]mFY1f@n<3s-gSAٺhts6q( 2Xu{AP}ź]{Ր6Gi>R=98&t"#QHx:^Fmw%Cpwa|.L4nHN"O5@KQ^د"ޟS /Z3<Ӹ) xNw ,`XH^:_}o)j/߿ؒ"s9I>u;D/+u"3q@ mt;>(6$Tq:κ5f Ɨ *g!tۥGaSH%rŔSTs!\5F8u[X)xL$Ɇ[kR8 TL0-GͳjxJ;^UIJRu6]$f?#sF5+:*`z=ͨ K[9m궖]Rcg| ^Ҫ>ϑ!}DZU9dpPL 0} []7.DFPs%@)-*}LEL_˔FG#BmԩW"?k3'@C E5H鍲 'Lkq!>ف\B^8CBWr礕tYR+jЬp*֗MD_0 UX5 n"ܓ\άq@jJ ۱ l@vMIWSU..*ٖy bǀ)z[f7i$)|ޗr_(!xy(&~yGd: #mu_kB pCS!9O-YyIQh4~ox__RPQiU7G-Ѳ.(Km\qƕ\I"zWRQ"JͦsOJʕe9`-l}Q9QqD~3\DvlW(mZ~$YcӝAZiTe,C'jLJe)گ{o\vx#4*i׳].qѧ&^( ^ d8OV`[g{Zv?PembCkr~oGK''.hᢇxQ 6}0PIG@ `=e5TޝɾDk?R IX8#;5OqI9CS1:sɲ{GU(T !s39z {HYΒ߈ۈ{xY"vb!`%\[w?]H(@?j&OT}ܐ<\+R YB=:Y|;cRl0y#2JPHBQwذ{N. J[w,붿Eё.BR~1l8Y]|L~ @V.oX{_dN|lojYcЇ&nd {"!~IA_qiO8MF(lCϤMry^@w&PO HB-WT<NyJı%<6( .>U?YRhxɄJ,?{ȡT4RB0-JrCBЧzUu")#{D؝+jq.DR <\_M0rRP@ H.䮨˅k,Rf~y[٪&W]T=c1GA$s'nQ!INc-A/VPm+v*1LG,,RDbvvSv|t&%\\u7zw$H}ow(^cG0>~Wa3㯛Q-NE bxVcmޖ0"33 yM5q0)M5p-uD}fD=i>ڳ%(SzGïat$puzE\5j {>!"۬J1= l]!;⡡ Hu>q?vM'7ȉ=®kۙ9{lcd)?uz*2bOcz tWRuũȄ |2\A9F|1T>U$szF3WYYH,&iy|6%܈,tF.5t9y-ĕYBȖŶlxx@d`9Ze|i80Nb`{yصBa8c2G..e y/vc=Ic)Gt>-n9C֌3vSr*vhރHDf׮LnDfh2*{ Bcy.IE_` N/yrO>{-߷ sڍ>]~_ TNm&]kS_ÔB)6EV!콂w #E֭Y#:䠦:;*|  ᆵ=rp<b(h·8,8fBM,5ւP{l5c czNkQzMo{v\K0s6kC7c]&@ ɲ*3)qZ FK$gmńNM[MnE[d&ϰ}@'kUgFT`kY }N$J20&5 y 哱W5 ٗwTFt4)K*!nr7ǩ8Q~2ɤC'^-\!.Ľy稈78tfn6ȁBkE}\𽉑0 YPQO0>D(3Mp؜7ˡĻ=cEU()%Ds9oOFoT, I8[c3gzAaqźJVi3ʪ;3Hs4ʷ]3n<&cT/ [Q,zoviIX$F0l|J4>X+p5V՘5| ݃@>otstopmD9@BұٙzC&[# z$.*jWV5s k;tOҨϾOsݲϸWY0jhَs^RUWu<0V)pGJSFv׬^,1f8,uA 9.$ w6.-%J{N'p\AN3bĕ(XXH$"PUWQf-".\;DZHu쁶K4#&_]MSA(:Z.@*n iNlP扪 9&Eм<0!U-3m /Ef_ Ӱ[J˼8j ˜gDK`9]YWU o03-qHuFN}>fR^1ַ2&u`"BtC{Cv9n%* TY(&kNvTȲeƱ*ԫ8 Q ()]ra\/x]+,\Op7~Yd{,kT21%EȨUC;m)zqrf6% WݿC Na+'&؈=q3*A:6id!t6cu[C6>k1;n8ewu EO^}r'f+O(1@£ +9MjJ!BWR^f%t^4YGK8<ٜ?B]Qj2_,>p$g͐:y]y ֣S[!sG|eUqsz0b"g ZF$!j {s0wz@8hVLqB,K3J>?;HC?]]Wiyz. 6o/o'K3ɽxRTU* %QU=7gG@1jbN͘j2ތE( # jAg=wwc/jY_ZrM1 "Y|PxG]j<QPӐo!E l^ԆˎC\,R,YBv-?W:7uK@H)b*aJ 0uz~hywh6ӈh÷6.8 y]vIʻ.$U q`9@;jljk!h>i2iEm 5/6Ǭ8+({6Tu :…ÐP8KeB)]$iqnWm,:3@:p,_f,'io赑E2 X/`oM3nK &tҐ+Ap$t'! B_{Y<}0EvIU#jįnxz,(b$+eSjVuw=f2KȼjjT*?35,B{Bȼz"NA`6hǀV&4kzv^Ȝ -c\lR6cUnIR*f$>wG ޥN#lxxHP'rS?T%)9$%)mHz13~-/j=S+;f}i/J]$~~g#~ P)K\tZhV5\ާլ= FW h#^Gw)ٝK2K,nJG)n(* GBE$l^xωڈb}9kok?2ov*akw e K b<]t,%~ 8wL͇v'oM7v+ʨD:U]46Vi\bB 086ˌ}F Q'ܡSB蹵q YZd"zbX {>Kb|h N)TZ̴ՄD8;U|$ 75wRxX!oBC,m^Y.;PY_uhRRv3uiBRG;DRF$z4dg<#q؞IZ{1 m~b.+}^2";ڏ1TgI =:N| Gch(((GcwEΗVkZϵ߯(&C Hmo91 wqCԗ>7wbJ:lhH J&N@±8ctziWHJc*TODA)'GDMA@!a oTBK)x؈*9 8 Ja .6r=-Bs$E5+n'K5eܻ`,I/ (R]φYاE\-JTs$S몕@Ef+υ`TY&FHswV'E`)n_!Uop@'ww\XTHoACZ"5?qQf{;rr1\$Y*֗# jw(%]@7"(y7m/lfz!Ц7O%rMDt.Ŝ#s+FkvaquϴH!{?})eD[`; .81TNMv30$oTřX_!^tPULn2֖!țI;xPEƬ]ə.Z9s6wӖL0]Q"iKNhF?;~CHtL N*|=ܝ]ԑf=6mOw3m9tJ8n;X~4JӚul5FsbZϖ~.t 'r:Nr CmmԄeǺnHb@ 3Lꏪ&uSꛗ]w#H`(#@9SkW8O'#nz}ֵsȵS aڧ@Bb(y+^[P@2af4Λ&^%Foe|XwqvbEO6?C&ycv;MePCƧmytˮ^ B7/Lr&ɡV?-p >nn։J:J?6%c.tH9ROc0XOYe-8A2ϩE .*NMӟݨzeRO1u )UvZ+uyR WH,%Z e^oq,cl@,ېxHZCKysg'yyxW^;SQbS"Q__ S @%O8/Yb.@t|__7B ɨ$boxo5YqôWi4W/RyV>Ae{LN{Sq8x+LHlwYwl,9Psj2Owr8}vVp,*e!r=.:[ʱG"؅+h ahd52K7!MO,ݽ'F/n9G;iwp(4ɮLV)ʗP ׀[3{V]4ʈÇ6GR (/vgDƚe+gt<1p]q^ ΌLVgtؕYHwG(|KQDe`Y;#:_hh}oIUbрD.c1|뷬a_/>ߗ( >r(4/{lOra1C#} ickоT:8mnX׿薚g_(3vEchj )+Foջ8"Z2T̓,EILLq]Z@NxoY |@#}PB˖Y=&DryV4Oxk[U [U0z]o)Պ~_kfJktr6ӎr}.xwCvl09ps #i堑ߔZ A%$, F2 d%8hy8[-ֺ+a/p6bnNc&v(Vyy!Ah!T&;T_}4E<| jBfծ|=1"GeRCx,q핲K?$]>ܠǕgߩXLA:I-ĸLDAU0>#1ۚ8r4 m1wr &:$93 ODAAlo-(9bkzGcݳ_<Õ 9/q9rYފG~w0.D\&_rhWF a}R GZéCvk ]ڼ)rp1Z0:b%g96j)ȭ@PO?Is9Ve Ef=#/_ꤠ~ ;_E8uAULqdOlˌ9I D5A舦rBze!ȼ 踁GMQIcrY"Dc,A"Ɛ*("-8 뽵h ӛL_75 mJIvRC-x#Am0dh-޾2| z*)-*]:\SqgRrͼ ӫpب 6wB#].=a!ZU0x jmCX6s0+i ރr8J~> ª`h*0%z ce",Qx:`T35I$4AT nN}OuާjԼ1uĸˑ/\ۘjUIq=4#WǫpϋIso++_}$oˉ] W1G!X@+^.bL&nAjs;m pO)lQ63VRg>A<[f-ޞmD;M"T/#w O?Z>U u S3qZ|<ڬ7w/VE|,-a}uH] lzDdNV%=yjSCuiACHR V*D8^6^a]笡^O$w$j߉L }lQdO'F~gph/elo~b)=,nn2+kJ 6]nѳ ۺg:6)tGϗDL}j<߿j2ʱEp^UQBzSz DE26=ˇZKQsmN-*؈%~5,[~3t0൝D>&e.7(?µ~a4hW#r?خJov+I^m̾0lbzӏÂyYScv=PBƢ  jo/:4= /T {2uH5]-X6| 1*5Zc/19 aM$_]zFo <KE+>#S=hU$>m.T| 3O`ޤ$Ьp*[3yԋ50b,l}ewϫ}a;86`cmkrh+ӗְri;)[TUu`eD`Rw}pQ7 N"HGd7v6:j2(l5Qy}uɯU`#Qt~(}|Ik4YKT0g.[eאVFja ;#UX 9+R  ^Lf|؜YUQzֺZJv[<˄F |'cNJ}Rc'hx4~i )CA.[鼅6Yy(4^K(ЪgFAؚ3[FAU_fU($qq0[56NvukR.?+aHS D1t騱o՚.ҼkZLWw AkAbIPWGZиf]BZ%ogϊ(r}~@ڤ0]UMUydGws\튻0S1k宐/vtcPN9Wn=X@;ogn8eDWVCb:UA,Gs8@eD'bU H$wmz3^$38^e4, ajȔQb :".%C%uΡL4Csґ7%wXf.>5:<)|juz0#̪t^@S!֛QDLbbhMSD ]_0 ޛH=i%= Զw,9ऺ}C2 `OvԜnhKH+l0xjvbYaVn";ڡ˜+4w3O(G~^h^R8N`~+*:(pv,_qhUį (KZ%X4͵D+ 0KVg7n5?%oopVp}b'xZYPe3%5A}1~L9tr 3E78d}hux}ftI,݃QU`;,}KWrC,69J`2(!&`Axﶥ!˜>Y4q1; wփhCj*Eb<`Y\8r)R?Kz҅ץ=>X!lw: tIj0$%S!om^5ӠCϟG s2=V[QM?9fBC?[~[=Baᶽvpe?ĉi>.M،_Xw}qo2`(AWRaͿڇ15}DY_!zkZnȾlۖѥT8XI-/Zl?Lkٖ9hWώCv*?G[8|]],$[nlQX .CG[XɃ1[+CǷc&"Em6-I4| hsr Fxf1%yQbL\|# FޔT'b.\Athu)T!!|8( %-{#r +BAvN 68IN0~cV[qhomq<A.\1 yH~$+o}%{f]R6@7l<촔mrq}V̌S'Si.ymN+|CQȎE:MNv_f=nӴ廮&}$k~ L ij/Kuxj_CR:]@5x?<.w˙԰8bFPJǯ36{?BR ?Yt9U,"2}H)e3s-ܚSm`Osk$:7EhWIkdݛ2+K[ c4̍B}v ;d˫)֡FE}߂HLz ×y@bü ΧAg'2]gt|͵v j AV+U~J40̲o9G d"Jl!Z] }Us׼C[xWT27bcHbduIaN X]6(k 휩Wbт-kuKPF,8q F؂]Sus x砿Q^7Wq\z![nyRm$(;$XhY17VgSۓk+w3lKϨ9ݵV{?Cf4f)|r@#imkehv QLGǶyuΗeЏP G+Fh짒ߎE+i.A2W\$r@?yǍTCnaBZVEDy唎E ű C]C<6`?/A^T-x QjSt75}R%qʱA;PlYAvP@:Y4*hi0;L pQyLdHѫ N"t uZeL>H x9ት%x9ҸKYV E$mӿ\Ix{&UQ&oķfHd:2Yn(⤹̤Slņ[ز2m7-k 64U{∝ @@.NV/ >–Q@~NSGOm?rۣ*ۘ3.P0f^Բb =Cga?sM}9ٳ)` \$o uUe?jVbh 'K$,k>dG{ ]wbȤ'9 w}LJrQq"کN4>ЮU*~^*k^6ھ!xtX Ly#rDiJMP Q2VlkHd"VGJƆ] zPs]@`@s21XS~RwT{7J7稢(גNMq FZ=F[S6HY)1 âtR8\a߲PQWM;<8n Ko ùSBdZfm0rbHГ(h,zvdP[A[H+.p(E coyp~ʣE%2ztL3vqSczoڵU}??1)GYVM`4_g dNs 8CX)So3eiNU G&ҏ2+LigMmhԑNTiC["ȣ'/<,[{|ŀ5Nͤ8;E)i|yǓ}t *99 z|0"qr"c5I=+K0XjBkAѤ)baL_7I.Dݮ` $iĮαM(!CfKz]2kl!0;C  rJg9m&ьۑc[̓B/zw T?#KÞ]Ek4[Gۄ|7c^qSn;rh XZ.xzA"-:(Flw~? dK_b$۝&Mq8k_vTkιdPO5q4/m$'E*1Q 9Ex) +wm MV2zEA_2(L`#!4?y?R;P ݛ\]]oRO/zFeg5b|\UuPڮn3~xP~WEoJ@!N"8%I (cG\tir~6aQ`W `(@ .֪iϓo"QF=ꛝ΂gFU! oѦ1>l 0LAoJ(Jy`~)? Mki8cdڂ Ӗexȁ1bKJo/'$UkTNO`C#lthpdͽ!6橏ݼfU'[/P s**S R:mкqn-54?Zv.M7%궺,1Eѥ}zZD3QwtӆƓ[Տȩe1FnrLE_OvS?3Qxic)}i /nX%C[`!n}pim]}.›BCQMXkdmD,F&q04(EGWU&/}ff?5.kIn)qmFrA`s bx"^^}!nѬ|āƒR#zN"z}m1h3MS06Yd* /GQpN|pupߣR?j`-^ fsjh_6݉sII0+V%\442,vJ:]Y#F{W jභZ1TݖRYXv?la 1fX "Ԓ(|W~(O{Ev?{-? 4}Z=lb&\ـ{7owE RsƩ05h.3kq,7J *?q96p)p* v:DIj?8y]wRqx%$sY~ꂢC +uT״8B!B-@R RrJva;Ğ:HPlKg]x[SRRw*YTV@7Ƀ-nʜzhh$;SkXl;az(𲺻кnȶ#pڻȆLv[nPڭ@yꐪHO3< lϯI9ΉHBݣDvh?}q@JgTT }^$2/ebQ[͠*t O50a,bso;_i2GHyeGB0+R*BJ]K-hơt]|{8g<+1+sILZ^Un2DZoV&;P,XY::F]9 ]Ψ"jP$t֕ʽoz2˸'vHvɊ'X_SĐy)q3zV 2XvpPפe l?.R^{٘RK֕t)}?ve^~ #Higa eσ?1}3YSn*P+6n8{ssOiBNXf_1goGП1y%roQoO\ .Ag$Ρv36]!&f^?n%JT猸F€P(ܻ P9Rv8X1Tma,D0r`[-O2-e\X ]HcwhxV$"@{JSv4}"%C*#uRfo 2|hOJԗ.Ɨ#Xń̶@DAes֟=:r/To>N_u/)mBj*I֚Sմk ړFYQ|Jօ+ & _Ŗ84s ˕ }ŨvEЖF[:}2$3>$;ґ0^ k;B\E(A޳9_*Hگ٭iX6Ɣ[v^plOs+٬aLICBKںwD:/;m@)LFzYT ePkdx CcADxp:oDFX'1uH_y<15BlS_Y.2`'Q\[Su!(C ɳf`Tlݶ[^Vm}m.:~Ҫ?pMwz֩"oy38eCk}#>$gp=,v!? }3Qɵi4 2 bHIa%;ۅs?#puJȝwu:j2bOXcc r*]Cw$E^ xrnlì 9WWkSQzo( GTWf%ƞaNo ,,֮s$ '#K5mSe0jCP^6}v5!< ˉ &DfspHq2UC֥VS/?%z``Ū8?/< M5/T@Qym2gdj`ep#\]trҸV/.fs\%ʵKkFU{-# '.hڋ:(.2q-@nwQZ_PeICԾhCvvœc#Md0§! HA[X{חCX \3/EKh-OBRR[A %flĬjPU zE|_$"՗p׳D(A"}=cMw^U}[xWgnx~7,׊&Vu΁Dȣ-~)a{zg砪dE0Nh5?)wXe4\wvGMH7A Jocg H+md(r`%Seq`$겤,Gǽd*,N d1rݤZ;ت|x^4IÜ}*Hv~dM6=˨5A{ix7I|Q"5 b мb. |棘m<ȸ$^IQPy u",;!v?@Q e  U͉yalJlY/ $gܤ-_=ỹγD[%zǞIPs F\HƘI"zpە~Q}.‐hkBs!,%At@y%gAyBnI|t$M&EMBJiKCˆFaς6xڧζ @G9H*F}) ;qfŠ$fJ&=F3Z1Ih"{-5Lˤj¶Y׾ NLLf]` v@Ѫ_V0J&ėl CCo8Jmޘ-B}lsN;R'׶~kSB@Ͷ;H+Vowk]= 7qZue9+دBһcߺbĂʆ-L(~ߍԢk(~y/2M.EqsI3k(D,訿k9̱`iP`fo!{n͓zLpװQ X$mQk1Ddv^>:c;f??9fhPqd\d:*ć Rl+ c0R3LbC;W;UZ%b{Αo蒁s%Ihf &̸p%E;JUv G*wG!_jzv'&j4>hn8V23 7),0/z:VÆ>k< a؉dcRVWۼQ W>7X;Ʌ,O2+]>K\._#̋~oIS<SYʛL,Hk\ ~ij$ĕ|c勖we{'BP`Pu4ǵa yd?] NfRg8&QFsпxdgbuɗ)1اƜ8NMx"`jFbtd4C1ƨqC?SNwf+\yx mF60|Χt:aiKgaR+5w)p?%HJ[.3!òڄ/HJ<&2}-طwNn%$jJ_e<(3ރ"}Ciا Õ[,Ƽ\q̷@&H=WKG;oWـ'K?rFu\Ȫ%p@4be eX;!( #$?V Kxl(\U2DP U / QsJx \FѕeWN6lWKyC6idv T&1߀8|lTb%qP,ebqynpA$ \1%f{6gO^!ƃz|qWqF|e~ )\U(8 i'ƓS#C `Ɂ F߮>R~FT?yʘR'F%9rx帴l'N^9oE>v]vu56'%=Ayabek#5nbSS;5+}P/ɀ\p.ȥK@cS7{pL.4SzOIӻXI* C=  !J@V83YAcr*ͥ424Dpx[Cgs:7u1N<%7U {xu~ͭÖ+gfS0Xi|Y6ILįpMA=9V2GЃGjM8&߼ kE\":NPP]%;dvz崣ǝ(yn#c߰L@O&z?#lM(@N@=Av5G:ڣ'#5mV͋[ܠJ= p`]WȢ=zr&1Oh$N5k"^w (:(#1R'q t@W`*oڻ'8lh*i@_-)מv;TڷG{1v ¾@%~Vyf@}tUJvL'h G, א7%KriM缶ڱ|8\'hIEa -۾c(, "i-x%ihʦx8rYf9d(eOE^%nIWj#ʼn/:URӹsk/ Ј]Ueǩ' Tʰ^< Gթ{'H (.9_=9j9Ӣ(!K,W,xv)($dgh*Wog*(Oc> t;N\1ϱj[ t:5m9Kuǧ "\hܯ@ѵ䖪`zi3`,DY(ݸm3^d!|H=4 BIl  ۊސ^7a̔Cjn6hWe3 By#(kdpuJyW8n4*Yç؃󺎮XW*{DQ&ZIz|# $ 9 )y,%|JSӃhݭN0*5-! :(ע@X#):-oӣg`v܉c`C]S%诵pdc6|N3go]`*R+Z~'@oȘ#.:/}s;b*dlOοBe $@0g+a*iٽLW&q.Q6(ދK ߬kk{(Z!FQE}B81!hoV[h@R,^HV  i-VnZ?QQ<;q#H guOBފx-HZp}ٔI 4/V%|F4O'Pˑ%aK9d uIdv0\C: 3(|M1a| ~-;k/{th얞"]q)n|&2F)edW+#Ufi~7gR\=_:@. vZHКBx:l$%EߗJ`A B;`Ԑu$ YfW0jz" Q~U;/գP<'j[J*,LQQ#V579wm ߫s_JG"rNT;"n\0[NS&j w+rY이Yi :*B#/X`} H@fO$!w;iy%)k,S')PK+KZ3ju yRh?!楇xK8Yޢ8 Vw[cGjN)^:%6&bif."CŚmontwhQ^J3fd9 &l; ڠiPl|W4%lnpXQ[gZ:SP€ى }_iPR(dႫǶɼK!;)`X*a~KrN/{m(ˑuңbtl,W0Ǩh<>&qhtIvQe +c?] MނI?x'yݘʼv7n]-#@6ŠJTvP_X>w2fKs5|TBJ*8Tѩ![Co/%^ ֊UcLaÈ I7"N?g-UBo<`-2)$v-OOi9,RǶp ޯƓeRp](ѩc1aa֝Ѱ/ N oRAnNyƷ_ FͷA|s#D.qJ,&rvj#PKtP,VU8HX}qފ+T]Z<]8jr3o@D0Ķ d~ \Wy*J3 UZop"7s(qhaT :7˜F 4RS))SGMQt]dJ}%8B@T-E CHb%rB8~6LnYXJeК9`1i`3!Q6b@f*ZH|`K|{\` s-'=m s b`PY]4Dv3cˢ/Q=K\lw/~w駽‡t1-v)ԯo6G0#&^/$V00؅k#7-.-\_$+*w[ӄΫ,,hD':6 KG߆@\6y( d<،iğJ*!*Zvݤ-g?~[`9h$Y\Qx) D44.aB6$f"|32 &("|J]o@ҝ%3`{Ӱt;8κWǦIS`nQaFz0EFk7c `@UƺR6-s­m俛ln<1r柌vZ Ăsဇނ0A}e'KZg#VX# I7pd FzG49V+{S:l%IF.4{H!ȄzN5R >P8 Zr]Йw]^ΪF⫑Gِc3`Ӈ:^P`9A~@INGcrՠ>øaj9P|Vy0}Z;i`mx/fN˟ђe%6 *t(nMܙHC>f>;ٟz`({*fJ[{8yƇ||$x1,I)1cYHs,Z  s/ DpRz[XgM&HSQ\p4d8;/(*q vo Sqx GCNnj۰/PLT)3Mͳ"e.@+KLl*i&A7͈N/chB}^_#X7{!*UM=' ;b+xEr$NPeMLDֺ;7[ $dmTJ#|zNO?jI[DL48!Jaq[)#RM-*ԉnvIa>La-!FfʦS7Xw\ݥT űѝԿd')D e$dSY8^<(n$Ihf<ǨU1 CQhCB8;)/0M~ǤݢzhIeh'ۤܦ9ΑЖ1@4@nN98kj&`M\A'cK{7OXS)8%b?be:֭LP.?tզF睝Y|lvOZ#24`letuA-vxP0xz/=^#Xߛ_0 *JV:'!"A.ڍ,9jǎ^~z[Ӛ>@ ZտfOc">pN]W |5;a==~n@TN5_|Xvsqf{έbϹGBV:Cj~^ rc%z\is5H)X 294]w嬰yX2.0_φ/8|`B5>Y6w?+=i 򰰥!S?0@!Yb\[hPqxd`:謡98Q>A-+ !,c6cMK rFGVbA ,!I # -gL U% 0NcqnӟJKj1А˧tD_O7,4sU=ߍNn_,Wsܶ)@pTnNRE2۸2UoT5؊ }ݤz==pMqexXDj]Lf+BuΦ5X)ːpV74KK?eO:?s1dzRySr8q@S#mp.e{|ȴ]%DO+rA#^"*@yq25Yz* A8pVuCRxF-ح tU!P\q*6%%@b  Լ!1!+->\kn=PªǕUzÝ8:UOlgMԻə-^^ZconH5>0au4J.^De;)8n*N?":ũtRNOKJ6~u:_ FSf[֚+ qSP%X BkPF sGϼy4+Di@KY0z.8CUrB/\]H|{'S?%9FYbGP'vvLѲs)]OQ1(׏ձ>MNdȰl<]RZH}g{V_%/;vVGԐ}iKfp!b9X+("IX,uz*Gr;'0* OT$&b / Ɋ 7#m!nj5X,GiQ͆ Pzf |2hLtV+$q~(:$"ɂ4PRhoJ1"aڞ$?@C aĕCK̍C8p c҈PgU䉓39m@O_c=@0 2Uq!^_'&Gj$ϓnWv;l$YV .@B$HCP,^e;&BSohlݯzcltͽ5(Š~3Dnd2>HG BM:T0щUl?VohTWY*¥M4ϓmjuEƬa=J92G fo.`XE@; ~A.T!>^c~0q[Jܐr%S@ O.Z0T)ͩ6<#1iueYI-.ͺWƝ,d14]\+aGpafR3eWn&)ULa0-M쉈|q}aŲOr)Aȏty2!I2D@nm1U&U2I:k8jh_LR!#1:y6VO!{k='wO]0Z|lKXW/<1.I*g#mԎ6JNj b3F*aC;"2ͫPzNE#;-wj=<,9lrSic%sKG5`!pF*Wk{B1$y "|~xS e;7ş`%}d=Z7;b%"U]$#PV+VX0݃N (ɍ hCm~%r\2;ųk$1]S@+8S ނmY / :b.SΒ x׶-5C%{dPNY⏆lov|g&9%6wHaf,9-Rt0A rNyIlX8!SO 'n]Rj)2ؼ$ EG(lɘڤ nR_BGRnszAm.J"I~Sl|1c#@LP@豁n*?ԣ?ɓ~Mրb:$GzkBcJ]]q%U>X:digY2<.VmKJ">SH-}rx{bms wLY:ai}ٟR;p /~OiQ_haȰsvƭ!ʬ(tDķe$g*뺧1R%{$g탎iNxs: JY_Euxp,uN,]<2MqRAc*~W_ſ"\;+NmνQb>ϽP_FغCv4Y*/}Lr.\oTRX!̀YTƐ_H>y &Nɜlyj)l8z{Av?>s`1'(bN]Q-|177#EzL@衤-MiY⃊(2a uAw ^UE˱^0,sR@^&n;vLXVy^l}f!I,(r\LFֈqf`b )y}f~?) XE xcsĥXg>Ó[c#{_yT*C"ꊂ8t@M&G" +Y2ϰ`ns7pm"+巀$peOoG>_NpVWZ97!q-=0´L~5V~`L`à{ $!'4mΏF's)0;ʫ%ț?LRxS6΂dt(m#Xy+t3y!1KLh]mh>0urJ@=ݙr_fo5NoA5;#e vc34&P,_Ps-/Ab!! YMcu1>{C~@C䏏V :T M${EETQ,l z4am0ːQc 8=, `$,ߏ-q~;u, !q0;A83[`sRtG禥&"pï6 䴯* h{AjzA#6ŏ 0L̗m:]߲sD]edU{iZ` &M%>\pݬRKds i$, &g[ߦ2>Ժe)_Na{z;w10|I@mI*6ѹ\v?*LdMjQX҉C`7c7t48 V,Q#y3Rn8fޓX`nh煛-[7bT$ &H}mr63B7oPG t9T1d"Eܰe@(^HXl/98}3)2"IdDG߂ץ PI0ˎw{F/݌kA5x&(Pq{_4 ͕bXN0mbC7a!duMobȯU|F?-aF,кHje]&MD/Ts BhaG6J!zdHk <{pDZ3s{]\cm7\]nX٥, DFĺ-Hͨ=CM4USقxgԶІ8. ] W,)vT:Ҫ#L(BhvmHMĵRq> f5z(LJaײep;:9"9`Z pK+Mk]QG,dUo{Jѷ߃^x-po/ѣ=~aP$gtWiQ9R6i΅§ ,0uzQz7p27s' }cov<逩e(1Ӗ۬: v ~n-݈Y"~XpmKȰ*.ť݇1sopP4Zq̳t!eMRWN'|f҄4 oRH0QB&J*i#iDћ#bְ>N1N|~jM]ܜ:kuX +8c( r5igu)9Bamu5=~Oz8R;OY]R+Bum peot_)+dW_SGc̮;7"X ֑5Xvt#Q#T[K֊6Hҕ@>L[V\Ӟ]F nQlӊN(UYUnZ0g䍠v05l>gf첮M2PpT 4S9 uXi.$˞ b) tm{CJGKr<;=[ef8Ӱ8Ƹ0\L|Š%4D?K4p:1^.`Rugk}`O|)c;W!|Ԣ*b3$˒!;=j)%V/8/Z#|Q{<iFJe;OWCOH`7:+F߽4%_Oz7Br됯\$ "5׍̴Gr/Җ'2{Jڂ:CAX[)hk ة[67!,^g4yHX_$*0.Ecw U4Rf(vO[$wiH/9 5e 2[ebX媕SieAj5F#PAG}>pa>]V wt'F^Rx4*Pў1FFyPni|71};U+1&p2mg"T/A1pCAW(eݵ鮙Tn҉0dj UEsW#:r<'olNDAarIp"+E eYvP'-l0M5<4#`*(vGo|19J6晦,UvED]Cz]P>ѩ%@yM Vfc6 lMM=F^yߚG`r@< URZO0`h?h,i%T7?!&[e:i< bi<,㳞]g˥P&JX*S 6$ NJi0 L_Kkw4h $+ 1P}(c)?1<߁2g<6č]:fX"|t :~ü j5g+GKy1CE{؆7}  BfK%.ﯣnKD_h k:FPӼf.V0 6It^jfn.8snpLoOS9hdnfU&/UXk(dž>!,zw),ӜbHUy;Ƭ>[ٟ\pn!9z, Rb/ڛ.X+җۯh֜!O K *`} ne{8k(__#CPăyo0=ݞGZlds 2.]'t{L03/qAdlQH]FɀA^͢1Mq|OFp %A%j|x^Kʜ6Js$^6 <:|fvʊEMsiXJAq$_"{ꭡdm;66>C[ܢT}w}'$3qhx ?v-'/~QjF'JlB;>Ғd1g+!| 43ex@A*ʕRL0r/ 5D|4Z}v0Ĭ;(`]c?}}3Y~1+S kS)K/\`r8aXM|ga6O Dh"Q0sC!̕KS/;kvyF<<۔Oc|߂G5_4 <{Җ8alӳ -?HSw ;ugbA\w@gs%"%<6>A6( io,?)ȯp߶@MLoikrox )*g:l[![S?( `jfJ6?"H]q$(0\6\rw$9 8ҧp==ekJtB}w&](w$.wލeu*(E"=hN PEL*._PPыWΔTx Bi.St4hZAFM;a_wD |pр(zo >f{\ ?N 4 LިͿ` \LmݛFs_SaN4vnm5+т:?whwO5P =+Ƕ3X2*ȃuT\r1w訙c\i2[SfGu>K3` `0;PdJ<-O!t2z[toܡb1ҰJD#onώ' щ s,™/%pif (^iנ.yl[3Ǫc~OW'2e$)SM?KSD*5r{ބ&&r^ܗi@?:MCQu u GFn &<̠Ð} |.};TzhKtzATqmB2#ggg,H٥ "d;gPrI`64B Vwn#sFL~aW^A/aj1)}II|ǯCTgBD& ,ƸqvnN!8J^'6gUarw6{qd0U.oߩV$5JmUdB؍B+w}MzFxRS|z8. x`u[{!SnN]0(iV c9qa2]bKnNl׋7g<"P :ܩJ&x a~DďxE p[xk!%,/ Tcf{>3 ]qBӡ(KudE55PgqwrzE(9m8՝-6Q[$Qł<֓33hk$3_=PR P/ʣ"f]EI$r=ۢwoBr#Y:0B0Z9 l(sΟڭ rs,o>{Ł@QLk# tmQQPT!jP\+䚊ۜ9gG*C@ svdt/_F6NYJ<1)'0njk(s5D":I҂=UƉ3_U`'r@)9.'$Z`WB*ΞO:' , 7˝뫛K<{{ӘʲU9Lo LJa#+441P [iK9F[ S}#BPnd3iH#2vm+|laڂ>$IC7G. , ?{* ;gU!bF wvMQ 1!ptG9kO;Z>||5M{^Ϟ~mL/Zޮ@!\3Fk><AgrY㯌Ma[]2LgpNGJHH__Ɗ`>|ZV^6pq+|=/PmmY̗)|rPƗ|6C&Q"FU9X%7jsDU&V.[LF1xaΥvC8m74vxhLȘBAw^@ztD"PZ.+ZWyQƅg,}^鋐VJUG+x 'X#ygwr).l /'~Qc}\[Yvb_4S8y3;7d[p0o=1/vvi$4pҐ. ߆$@Ş;"sI}5Gk簵)0wvql%:?f!3 Wʜ-'EOH@m[sե|R]] Eb%E04.NzJKM0?~O#P+*I|ŕ;P6G&TAq&ڽeU$_y)*⺥ѯ@7Qh5@_L ͩ6?_0 +uTnʋxK!(M<}\rؚn2n#o1`r<kl&jsQlZ Mِ5'LZ_!u_%2}>D)59;q .(G`CF~).Q$_Iȅ9Sy6BS>DD'p涵o [ޤ 5} 'Vv˚~J|I J%N )Y;}#b3]H3>[eGx{U}g;yreV+T|v7pjn|me(52(Q24 ($~$_NS9MBiAY(ROeiupKdj>)R2ǔSJP# ~0Si&]o*`=1z=(;s"KYN9-fX_ղzW&(+lRN{ԝ9 pI5k#1$}"{N2zQk;*6[WM<&isq~p!ݾ!5k,e4nUHm&T *O X,A%%2O/pw~qȦ|iNL:W%t@*u/ɚe\ ϵdG#[9+|>G'Ec72J:AouWfɯ_ oJyDW񋱛L=}1$XmFw TM!^J'kE,s=%4"$RB 2/GdQUSȆͬԵv~hE2\ 䩰/>MaJ uM$eӆ-:t}[]rc쎐c L;d{Tќoasb=8fZpbxMW^`'|>JB=:禾22qĩ#tyE]͖= _n"}ƄC xtYE!Pg?+]3R ߂Edo0ՌGA^b9$Qڭ:nDf}8;2 D/\=/A6bE_4n'.#HFrk@L5v`z<Ş0HJn3Lgyt'#Fb877ZHJ& ZѼ`JNwDԎ>+o8Lg;KYw,E%6E#؜KʺF5JAJ7ڪـj;\<86w B|&ni5#!?(,b =Sc$3)"w Kn7P@o,%&>ԯF`4{r|B8;nZZ=X Oa\DA*<9^$Bzu(n|v@kUl! pGWn'\SBa N3d6^K$Sɕ)ʜv6]fKtܣl/7rbX4w:D(ĴSL U YࡍV&}۬7l6;ԑ/҉HbFDŜ3i~̨jcBR*0ʯ^mxtT ,zkq7љJ::05 4UI~@=\u]I^l~x3g)0UצqBLl~!z2y!E*tRr[9Ty\e˷5lgY9 'd#dM.y51h=|>cvDl:CY0 uKSnjtĖ:ON5hY[ہ멡\±>t cX &u;O jшϫP{5[[UΗ~Hyq_r1+T,a]q6D.T)GFl.m#\PQvd`eKJ Ӣ2D^InJ9{` 7ڲ EюփXC RѷLmZE.n{Y\]']C>o8{<´mp4sŋJcA)!:wsp2 -{G7(,b?ܚNkZ1N &TÛHyXdp )(&k@@ @ ZFzJ nxIXWG\*r7eX T<"R؊13 ԿMI@.-g8g@Ԑ|^+0^y*_i!5;;rۿd7Uc0^pLK7Lx32[Er3T Y@+qW'7 EAEBM)3&jœp` ǝjL-?LpcS9&ȣh!S‹~lN+Smb$wueHysk1 dKmOJѳKqt]O 7~1:psmH(w g7-onP .BmePS;)<˰aϖ 7Ft;2c 7V3|WŊJ5j WODlM縷m_sk9жˋhݱcI5 pw)"=RP"vQ7|0`Td"F۵Qy02Wt]xpYF' Hf'w6m] Z<'_U}dB:oi /5r$uVbut;a5a[ڡy 7̙^vCS#>aX@k\Ar _2 > GTPa` hR| yFcIJ~GV@ZMuVɗ]7?JI0 F܆[M+{Orw搀lǨM3dbxV9,|uzV!x8vǩSTbupuʂblm/8[L ▧d `}w`LCشs hT9 I:m̋؈%7qAt#|&:'ƮKFgg[ҨK1u XŢŵw[5ranr036rceB i ސWH~6QlEK_YR)H}PHe̬ZBْO||U b|g qϯ\VSQLs¡#t~NkN%PL6_sO[Jqo] B r\ [KEobF1@e1?fzz:~6; >8^tyrqcxJ*zdؒsBf@z;L^j恥ǥFBASq{;ޘkӑُ'1|ۍ+! O: qtz^IܼL_ƜJ0S8W >Jj߷&ywϹ 0*ǁErn,FCz9nƹ 2XoOϏp~J/8I|I@f`u )MOܜ+0fO"rZ~$EpU}c|yӀZ =\4ϦcN6i,Xh %pf-1d≝mڒ52OB[s#{ hIbڥ#e=4d?NvO1F۱, x mTP=ObIF䎪>4 Cճ1eaS@\NqZQl TrxStTX08pTr."Yp6Q<~\:(Ws}\5f7e Ր/v`ů6 o͊=`u-<ކ4R WwiMX aB[_=in6hC]Ҍkҙ`hh2o-ąnrwr~}pegUr18Z>ɓa p[o_ q2>:nhAރ>z)uǹZ'gqJчup_𷤝APkxw yu]gQEr Tx^7%{WYqdMF2N{ql'Gԏ?dsid$> _#{u;`dh%Q'?b08 g!\/Xc F /M02' t`[6[BE`5Ś /JcE+ḨiN Xbإ$=dф\U }h{HOQGOFŴ?}fJ:jJNr⊠Nv0Na7<,m\KV c3 !o3卑EV_}rFšp,Th .7SE¦Q'4/nJo5BS.Gл)2[%RCOxcgX٧d *qS|GtJWB=z gR<0Ú^m5Ea0"&B)U֟)-f~8$ &bpEz\DoEl6ˉY6˵T1k]rqϳYhϦJAU҃Q=Jۘ"Fn,ZTW8+Ŧۢ}s)1H/j5y)O-z-bG;[<&Pv`*#4"C|*h(5  .xϠNغQ=m]Z(sY %aJ7ӟx1`S˄0[ Ax`_sA?=%LX _5@'$82^,F<|= ({%xexXn”Z%CO ֞@A .ܐ>]elT~6  +j9{[(J!ژ9&7:f+}=w|_nC,L͹tѿ}s^C=c׭U?.YdQfqq=Оɓ쳕CjCIs}h\,ExZ .5Dd0N;H+ڝP1g?IѸFуT9)ؐO}٦mq&ƹJ[.D ֋A\-7fjm0Xkx9:^e㥑vo4׏N9:aNPO^`Z{pqFAf`4.4ċpA۴aw i(t'~=1qC|ɭ{#*b*$)Fka$A I喙GW@^F3q$ACjƹ>oԕ2Sy$nl|L'p4r|<9J\@jwtqI5؈u6/򞌛bV-*i:ݧB09˯QYQ֪=#(<87` 4Ѻ.O)e]DvJ8|ܶs*tCT"hlgөNiqם߰/4*4E5}(CwzIa?uaj݊Pr'R]#DA9*$'mn+G I|V|.?Ӎ^ρ!`nw(VLfY49[`(Za;!'dc8~呸)RkJDz{:STL~ُkٷ]N=y6hJ6I~R\li ^7Cj![`GFeS7FyYyb\k^:K&L.L_c7Q)nRzi8 ـ q rw餾 Œ+eKե"{~57qgy2,tMo,"Z9!<֩ᴔ(ĊܷK!" m]?@@Wԩe1*l" !PɸMh"e>nbȽQrDLĦX6:3-jlV1nJ?Qk\|AZڡqd*wlP ƨe&E9XNS5:"ׅsQ'#sA3U@_VXP࣏uffsY<+Y d+1f}ecw4 SyĊAw)! Rp8Ɏ31y(CĸKKB>+ մLuYr0Htlbj 2Fqg:exOc搝EcˌZgH^3bRA@^K(}BOW3 ŁsWr/8eR2P931B d9&Xb?, WӅmrJkՐcWsT.$st0;X-/;cp0$ǡ;6b 9Ti{g`"C]6DN"h}2DOTx~t9{s4k6N,}J Ccj\:݊]ir߻mn2b[tSlQ(GPOIơ5Oo.LlAY0}$\UN`V&Q!*+f\Ԭ۸>^j]k1`,(eEDN¦Ei,`!ǎ)fv:h*rڨQ%F`=F=Dpy%`TGWfURiKSY6 0NC@ ˏщ,W}eQ/-^2oS*ۚC+Dm>['=1k%@2-edZ.9A(q۶#Xޜx6)yZxz&cSƒ1~Jb@%†f>t[(-A%mw߼AH4%<#E`\0:;rr҄L_N AXŅ0=K3C-6<϶F!\9v 2BpZ˱c c(<&k74ўjzyk\| aGّܡ'~ÇZs`;Oig]eW)S#-J#Z>*h-%sVr5F\3AhJE{H7ȹ J;| rereR; |t T*\Z1ud7CmfAe".xDڭh<Q¬ր vXl{eNu /Q9p*9nCSo 2d<҈<7PVms +ƕ&j׶s:GV$%Lz6W)]631oZN|tvnI7GIXyZk.mOuj݂]| Վ={ZqhGD}WVz,0ה}j} jV}K| bN2pdY UDls :p#$ZkB|eou֪Hہ+ ꍞv\JAʜXn2&lB?cǺD}Uu@4ܢI:v1[Js~>mTj2l+ ,k]xi6:ﯣ<_n%N=R׸$FG}4Wug/|ׅ7*XsaMܞjN7$Zb}ܼ.fmH+Κ c#*Ͳ'Ye|"5|q NCYG&LMEm\؆n)uBq鹳ǕJ uELFFz 3vFdVܢ:5'qr+Z)L pw~W*9O}Y2Då1.Y?meN4;X1xgeq94z)[|mW cƺ?޾r ;y{T;MZVhIhG`s"erٳ$0,0Fy>oFڝ5;Ἇ˱$"`ʸ ]$Rv3FN͊KߣT{3E 0я]\nyA!CG+ ߸v$qω:w06.'7~Ea]he#Kצ*iWy%YX' 5/h%#̗)4fH)Gv Qo)6XƸ"aIg,BVv굙86$3C_*NSf4Ĕ ~ԟ=ܫ/ĩ6ʂ>%:˕ -~By7XȋW&0sjh Hnκ"3W }Ey@X(S)ފɼ_V]طQR5<8iB¥{C1<2yn pn΄}EM0<2iv T2H7՟o "[ls8`NNy?s%nQRxQ[$_jXء S[Jt*a5,Ҹttجqlh7nM682|U Ԝf1v[Ӑ?2M462G9Lw>S jdMwS}<@׆O"tcyHkDFњ.VP$f ?/{KCĪ(+G Sp@z|ʠ9S"2!if"c:ԳUb8J(CA6?Y}R mG1#ƨǐVoVf{U_5ٚ=*sn(YUn 2WHD48KuL[ʵi6_XicE[=ZePUnxnA *5wI}8>#nPQaiS={H;vvE /]zmie +ܦDoS{Br|)a5i,uiU2-9\mt0QS(f. ܋a=mC/clL2(ng'HRyose.:;D if3L*gGgU-wөzӝҚCbiŢ3pZ`c{]7E}"-62]AtıY!ܬV*N^ M ՊrOM;fG0?]̭o*mM`m =L$'R#f =ƉPouSH8Sr6=na;-3{,!d쮐q%YjzY9ɉQpZi{n8Lh:CqkYa= ,zi,Y.i"=aꨞv` z@16]s E%_7ΧPΌ@jҁ.x[L,bCPoy@/2ɑ{f{ =k:= ̐cc|zo@.9bd$UjLk7[ru=v8+ #SjL%\O1L 8>ԍ4 hlh 2hVd㭉M\N fmFzj/r°`rl41f;KUnboyϺ{K@d?evT#e"g/0 ) 6(hXu"=&;Ds7ĉg0钡'd|۪h᜷Na^=,Cݘ[K:Rlc/M#FXn03&v&w jR 7!EfXx%4jXSc愐x Uw|趛Dr-sJhi8f-2$4AV>I&uOPqo$(riEM^AC?L2窐Y-ϵVYx_ klT.H{eTfXC߿  4{W[SȏV$pUvJ{g[W…"%]2)=-;[2m t|D c'NzHƭ9zZGUF֘$-iI[6 a1ÁTvƺEJ5`ס[VXW؜`-gʳbEN kݨ#Ấ:^݌eA7qh9_ 7'V2S.npWl-ͼTSՆf_m|@ӺiIaw'%Q[KGg6KV A[L6mϳWlFNhYۻ)E :{b" ygwL6M'd *"ۈzE.gL͕5hfZȨGIJEy6Rc> dzu[{|J"^Eck5ӮS /V˖$w0%f-Dc[Sc]1wPsW=N""'n+idJϋnR+*sv<YD7ynF3ިoLS+%;7FvHoA}sPS@n?fV8{n^"6+ŷYHp8S)b1I!h$6 C1@$BB?CFKǵ4fL2voi?;ilIj$-qh|]}6֔ Ur s/_PB SJN;~JJN?gI\29FCPwrDzIQ"/[ӭ ~#Q`ե aZ\Z+wM3y]Ȝ?VMwr#/|- 7!dSDXa ]2dНkkM5L'f\ALLwflHy; N؀0u ~/­t^cS*$3-Ҡ"bxp%?ᚬƀnG{X6kש `Z1]:tcgHg8X^CAZc^)C3 [2vsAGX+:[5z)7-, Ρ/##2Ay& [tZ8qu0':dKV>fʼnxI-Y5*wx[YVgCdͬJR87vz kǚk: JK pPHxKR'̞8+ax3+ܙ.k@Ƭ&34lHl^\V[QKs*hݒ-T}i䜬T$Y%te}6!'+`N|NWձN*g;͝寂gN\~=4}S{.9t ꒢y97p6X~C 6 3΅1) f6s^ny%bh134aM=M NKZ{]P&ߨ1*$w#O;w7ST72ꩍOC9w xˑ1:¥N>N\-Iza8Ө1QW8MXUT@e#^!"#[).7L'-+K"ĕq5Oy[fNкKT1r"=9 Y}m^8كZ}uSp9Pu˷w,':ϛwŁsw2 %"DdxIoPPeN UJ\ 2}sݫ6BeP"1!4^ Rc!ʸVTaIST|(H$ĊheseSWXnA`XK xMMvʇ/P}(bm FLyKuDśPx:ii{W[.XGH9Z;[V*KڕXRI;6[6lTLM{{xsz֤"B=03Wsjt@(q=Lpy_YZkT{ԑkKѿa5qVIX5*j:H9t3-3dLwt$L!Ϙ Oh b4 \bgzuʗVY4+`KDnkl5-IJ@ KtI1mi ?7cV˳It;-_7MW'!Ipڨ`J2l}SI {f$\x'A"|˜dAj1Hb[sOTSm< dVT?-H٧ /\\{ "] lYzYi.37½y =B|Nd1ѩ4[ݾKt٣1Fs*%wƊ17В"etԵ YS}U`]cMzxX|]2deVRT:{j%sn̉fQO={b;_?_9y߬Pu;clXk@wXƍՠϩSw?Fj55Um\'q{D^"Źr|~nA {@5'.{C1$hGˆJ,*ﱔuҦXf.:lO2j<ӱJDaP>FqK=a7Av[/9rYFv-UhPNDGrt.Grˑrt.Grt%``tQ^h9w5m^OY"F+ (XYn+S#?:^x9:^8^~Mc"t9h]^rkK:q<@vո`AtKvW2+iwa(g`ݞjE|u@h 5߆!=SmÝB^(%? 6#c\qj2#TNo K~)DMXF WJ5$/h%F|S܁ap|QT k-G~I F#ImNhR׫ڶ x{\PJ&pM6L }lx]end%1c-0Ɋ \93g?uY\H-)]!A7c[c)G]6f~&w MZ.&:z!QuD8{b]Ev0ݰv %)MnܟlryڻaiCe:YOmj,i`[Mt{\ 栲pqYxtJ6+.)yY?=,I88h#=6Y&(;f%`Q=}G|m5Ϣk`e 5E2b5 Xr¹-<ýA(ùI]ȉEJ+#]\֜,%܍ x,㚎'+ G]qYkDn%57.M׸@o!E4=;Fgv$ 0N_>MTHrNdA$@_\$5rL\$ HLs;m͍)1NvHF7C0bg '2!V5 v"k汩-dyQ5:v68q?[No0#dMϓw> (t|lJIO,30^Ug:)a#ǰmf +U͓ւXPl/gvEB&&ǭ9&hOe8@HLݸbaw,ƯZ%c85'3m}qGOhF6[$$dQl77Ti)?8wlVא{?8كۂ츺~l/)dF >w/pqIU?OihXAR0BI,e'C$r(a{⁚#lbvo0Ƨqsm> *SqfPgz~( |aYbq/o }LHWY\E(wE[XKˀkݶ%>whdDdnyy-,_(u OI:vU'zhp.h0QՑ bW'?SceI,NxW8va" ՛+ZaI%,q{n^^D,jp0OYaY Dl}fV>wơ)9[c2BsZTꀺ9UmΗk DAZK#Qm,{_3=̽`2խ/ r`@ '>wJQ1q;a/XU릖Y] kɧ$IS3ӗ`~MLR'|noϑt7<[mMrYܩ5t]cpquq KnLQz[VnL?rU jP+L\Wc Fc.5:Rmwk] nV=iԳWk ^\h-mZAN,k| 8r~&ajjZ󜍶gJ ϝn4*7٤1J+n[A ú:8p@ .ni8A 9BA17o&3/!oe!&,x6sLX2۾%lUaaf+L_1579nWpKOo 7Zie;-h0z/+| Ěiuq{ছ {[LǼTƜz*ZnZv䌡PHx7EvNص'K0N0`Ɣ&ù^}H1/s 10,D,%@OMA 7bc&23 c䐹vFnlD2 2?:$W⭇*4r#Dx7ȈZ+чzjG99ڏL.p}HZBQfQMMɗ=EZC{v7=M42 ܡv&b#!fך|< HRw3,b3 NyFXb.:=OU-\ JjEȴVHsJs02#نYݘ46T?tdTb\[[Kl9`p/b\$ EMi]ry/–lvbH̪ACôC)39zCQ %0FA^L>? Ƃ`(owBo?2 ?Ld,DԪUk&gk)*s|YTfѻh\k8iC帣J܂ppm/SxQYqQ=/''^ ۞E$ >́Q環֐;ޙ,aԭk0!1#E^10hZbjPHGF4R'sDG~ `3>4zф؎Xܔ>|!lФ,ӸD'jh'G٪̾wOYr42+42:ߦCj0@2(g 6~I,N`E00l4ȋ*yMw#ÉcuRBL^{(+RSlhfF6'/kYȤp PX2sT8lG .&[xu}̡+cH-IQ M!p }T ϣC{Ze Fe)K^}nj!CPA}P.7"+}52ʾ 0,Z29'HN.ehI/Y(u umrddݔy^{ 4kQQ-cȝ `S{Ԋ{TLoyvXsΔ]FP#"8ʨ 9 F?ؚ:[&{T9#&hddFgTMKRrIEG7I'^%x:ġ=wV4[RP߈^Ɍ1kTD2 tIzJ~(b56)3jG$(\Ė fg RQkLU.26\4[+sIZuI1{NCaN ]%7,bR ^*E.ݦ zE_ Eui^^kGzY",|6Uo/tӁ+ wjK&,ArYʻjz\14[P[jqz\I"qkqZ%ʉw n^[׻/ϔ`l"7ȇԧC丘]cl1ޛ)axN=ՈXk8`o]tOuIX1^rFȁÕi=gb*KnX}A'CzNn\U3/i>9ύ( -iomկv瘇 +KC#b\QL!'tY(D$'((pa L -#/OnwXREN1Ö,oWf+u6#2 *@ۂO)ƫc(uDl_ msX4S^q({#wn;"łf^}#%e%?9Yf.c;Ls<}5fAŌ5ald*=g=kj]{)Z[$#Zջcu͵ ".S㮅9 (\yksd0ػ^^U9p )6)Gt6uBΞ:']#$-\R<3)a"a|.o|0ҟbqA0*b*D_I] s)Ԛ:.GGVNŮ^}QM/N u \g0#qKs^;W/^/D";W/]q8s޹{s/{%tWoF /y]|r#w~K.^Ibd,~֓bs" sD 2I)z tuW ) H.x]!զ\f0 O=`r xX:j7?UvrceuD/Rv?s5ٚc~ 2jPIl>խ݅OFNUi5mtkzGhv'Ⱥ'HV7OįsF&Uqrv:SͶZf:=;Ee@ޠq{U}PoVg[fVYj.şji%A}Ŷ=92lG),.cEcRkI7P) :c= }6P}Vj.gvj& 6g4Y'䵱rۮM/tӎ+k|ZereV=ÃԆ5cE1~ЯUYj-ќY@.{MOaٞjf>ՙ< MӛU >p왹fQ;]j3r!Zy% ?_ݪ`NN7$q}ƺA&@ m)ш+t?@;JSʐU @#ڻ07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!!OV\ (S PsJbH-"Y؟ "#t YZ