sssd-tools-2.9.4-1.el8 D>C  HHAACCeQA U]~"Ip?9*d)Vdk̂tX#Ui{PSr͂]-3.6;v KP\?ԫ(n[Ő:$)[@ Fϯu2%7 ,R`aA}gƍwCap/#bz#m8\, =JP7ź$l&vZ1b@P[M7} TKOww+} z#8 "Kfym}.|{w[CHT|^dp:S1K?]I(zH1',Vx!<ڊԚK^1rl(vdp.˻X62GQ@(WA%o0%5=^nsޚzFMbk9_'E8_i.#[ߺ.k rrzEp:ꑡioE\Gz$pd3277d04fc6a12fb5dadd9ccdb5252255cdacd48605db2dedea5668babcdcacd846398dea59a98f361de07f975bc639bddbf13bd0302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb5006630640230585031abe9debaf609d601777546d9187c194e1456cc01b2cfc5c214a83790774ad02cd2116e9fe63d7d1b45586f49fd0230513681db461ec64370c54b30887e09d33f2f803c03458593ee3a3c61cad19a4e789b6120c8eb69900a547a11fe8672e90302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500663064023047a9de45e68c3b632913c637e75074827e409e254f93da30d1cf7c5c5ff7a4e89fc6811d029029a80c0859ddd9f84b82023056c209276108ca4c85d16e9657bf0212ef5141b678d8d1bc4f0a9f6359f28803107079055a7450f138192d9e4821ca970302047c435bb500663064023047a9de45e68c3b632913c637e75074827e409e254f93da30d1cf7c5c5ff7a4e89fc6811d029029a80c0859ddd9f84b82023056c209276108ca4c85d16e9657bf0212ef5141b678d8d1bc4f0a9f6359f28803107079055a7450f138192d9e4821ca970302047c435bb5006730650230659dd658617b2f68c4e9b2444b4654efc80a04a407aabd2cd5c353dd36ab396e78c69b801a57ac384664d8af4648f3d9023100e153d85d27fc215c647e8b77225d43d95042779940ad85c7bd05d9e0be3127cb978564993aabfd9b62e05c539e0a9f340302047c435bb5006730650230659dd658617b2f68c4e9b2444b4654efc80a04a407aabd2cd5c353dd36ab396e78c69b801a57ac384664d8af4648f3d9023100e153d85d27fc215c647e8b77225d43d95042779940ad85c7bd05d9e0be3127cb978564993aabfd9b62e05c539e0a9f340302047c435bb500683066023100f36c12548454de961c1b1516bab554dcafe4e01aad1c793535fad4f5deb1de0adf7f85d3806065cb6e1ae406de371c11023100b5be65c13021e56079497969dceef9520a7b90ad12b7cdd8722bf3be95aea588480632165247979e8611a475cddde9f20302047c435bb500683066023100f36c12548454de961c1b1516bab554dcafe4e01aad1c793535fad4f5deb1de0adf7f85d3806065cb6e1ae406de371c11023100b5be65c13021e56079497969dceef9520a7b90ad12b7cdd8722bf3be95aea588480632165247979e8611a475cddde9f20302047c435bb50066306402306354cb06b4fb7f9eb24bf08c0abef82754d8ebe07c0cefcbd45cedbe98bc5d1810b91e28ab27d499018f2aa6285ff0ab02305e21b7d939bd30cf5bb72a1c89612ba0ebb65e02d9fcdb3d9dc3a0e22f4709d086e738b291c739eab9731cc58f8d9c9f0302047c435bb50066306402306354cb06b4fb7f9eb24bf08c0abef82754d8ebe07c0cefcbd45cedbe98bc5d1810b91e28ab27d499018f2aa6285ff0ab02305e21b7d939bd30cf5bb72a1c89612ba0ebb65e02d9fcdb3d9dc3a0e22f4709d086e738b291c739eab9731cc58f8d9c9f0302047c435bb50068306602310087b2ea915174d34d3b9f1016a7d3cb1ef355ac7c43949525d646e2328119941e88428f542810f6678007ecc9ded492ec02310082a1910a043fe124fbfd54a0636b2f367121d920dc242dfabaaea89455b7eefb6e9cb6f5d08ea3a379f93f37ed27051a0302047c435bb50068306602310087b2ea915174d34d3b9f1016a7d3cb1ef355ac7c43949525d646e2328119941e88428f542810f6678007ecc9ded492ec02310082a1910a043fe124fbfd54a0636b2f367121d920dc242dfabaaea89455b7eefb6e9cb6f5d08ea3a379f93f37ed27051a0302047c435bb50066306402305b1bc31fa5654bb095f98e11ce220e18f42ecada13d320a969518e9c3f23a5a593f0031d024ebbb7353bee0da5806e01023071f0cec4824875ab6797c3e485ae9ce2968c76cef13bca6ddcc6da17ff5ab3c4cde1121822ac90095021c6091416e7f00302047c435bb50066306402305b1bc31fa5654bb095f98e11ce220e18f42ecada13d320a969518e9c3f23a5a593f0031d024ebbb7353bee0da5806e01023071f0cec4824875ab6797c3e485ae9ce2968c76cef13bca6ddcc6da17ff5ab3c4cde1121822ac90095021c6091416e7f00302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb5006630640230585031abe9debaf609d601777546d9187c194e1456cc01b2cfc5c214a83790774ad02cd2116e9fe63d7d1b45586f49fd0230513681db461ec64370c54b30887e09d33f2f803c03458593ee3a3c61cad19a4e789b6120c8eb69900a547a11fe8672e90302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500663064023047a9de45e68c3b632913c637e75074827e409e254f93da30d1cf7c5c5ff7a4e89fc6811d029029a80c0859ddd9f84b82023056c209276108ca4c85d16e9657bf0212ef5141b678d8d1bc4f0a9f6359f28803107079055a7450f138192d9e4821ca970302047c435bb500663064023047a9de45e68c3b632913c637e75074827e409e254f93da30d1cf7c5c5ff7a4e89fc6811d029029a80c0859ddd9f84b82023056c209276108ca4c85d16e9657bf0212ef5141b678d8d1bc4f0a9f6359f28803107079055a7450f138192d9e4821ca970302047c435bb50066306402307ccb462fc416f962d8c85206965068b4e97141ddd31de8ce5e41b344eaf0e9ff606ee09adede3ee3dc051b1ca197111f0230012d2125ec34bfd57d564c063f6acf874e5d451da9847aadac84299da557a17522934a10e095f15d10c1e372cffec8d30302047c435bb50066306402307ccb462fc416f962d8c85206965068b4e97141ddd31de8ce5e41b344eaf0e9ff606ee09adede3ee3dc051b1ca197111f0230012d2125ec34bfd57d564c063f6acf874e5d451da9847aadac84299da557a17522934a10e095f15d10c1e372cffec8d30302047c435bb500673065023100ccc62557c2bb94e35daee52a2056d9d06092ed0182cdb7997962c102bb3de9e82301ef32e8adb793d2150523b76d977c0230153199d0741a6056bfcbb71a41678f8f989fe860e8cf636937fad9122eb3ea85f695a437e395ca0f8b6bcdc58ed895560302047c435bb5006730650230348e8b5fd3f1b2c3e29ee38662932155e87dfd1387b5385e57d2ef26a9613c40c1605b7a86a2caea0b52e555754aff8b023100b7afbbbe3174dc35ed9ae621f01b36d8a4dca75e8bec233aea2ef262f8fbcc19c82f0b78983886fbcf5ddb8b6dee9c040302047c435bb50067306502310095f4df6947a51cab26cda1ea83696db1fb152cc70799169e07fa7267778cfded7302fa18003bdcd9853720c3295443ed023007dd82a318bb3fcbb87891954d565c6d088d54a2b909fc224495bd5d859f29df04eeae1fd3c764bbb999d146dc5b29130302047c435bb500673065023100bc0d25d646d19144b9870efe0cf5a6b3ba99f2f5b8faf8bf9ca1da913d0b2619a65910d873ec44408d4fe495e620aba202300a5efed620c41e8ea2d1e11f05520fdab5879f2798e9672b647b2d95724560bd836f8f02d1fea8ad9ff3cb6d9530cf400302047c435bb500673065023100f23a3b6ac694dca94c285f6d71ee8db9c78534e2d8b9b8b63d75792fea86c955a0f51ce27a711e00477b8e8ac206a62f0230633acdc91456b0a741c52d275db7b8ecc03fbc5a2dad8800c91bfd489d6863d371827078df9b6b324df2a6b04697a7fb0302047c435bb500683066023100f7c14faa071d954c52216c422cf3b88819ec6d83fa23a1bf74caab23539a8a108864d0d1e88aeec5963a4e92f6e17b12023100fefe66589bf9bd7f4cd4ac36ad1683ff5355741f5a49ee15cbd2fc3cb7ee5e1cc64b973df6aec870d5413ab95f54ab8c0302047c435bb500663064023071731ecb27d4502312d420947165870e6bd2affa4162f84a6ce080249f4be081ae7760dad9555553edcab76a5df37ebd023024c7dee70d499ed3a85804dd6823535f8277eed3fa87f2e7ea4b75dcf2742175b577495e737e61056570603f4b98eeaa0302047c435bb500673065023100f4a69ccc086d9dc6335b9adc680679c82c11dee27981d7915968a02fbf58a179a86280baf4d85ec648c42d7be6337b12023009a6f734a07c57e776bccb78101f7cf676f61df0ad8e248bd3f396664f50263eeb681e5e4c9e5a3df8ae22ad0b7183240302047c435bb500673065023100d560b50d5a7743e51ae4aed85225cfa7149e65b82943efc41663d5b7aa843a314245c2a9ca33bf5a7b50989beedd03f1023063788422d6c60824c65b832e90df3e6b6f20bdca8e7725b55276a6c26f2008172452556fb073761e9bd0a857d330f7b70302047c435bb500683066023100cc28969bd77d10e0a26b4045b25039a3c7f394b3bce81dfcb91fe75009b5250cfad16fc4d49aef78d4f5557c895c0f600231008e391e0cdbe7241c6c600632ee1dbc926d72b5abfa30ae4725b22dd625221b541307e345dfe33a9e4cdec0089c57a6400302047c435bb500673065023100ec8fc58d2ffa21aedddcd9b23ca5d090336bd7611afd6208f6261d935370cf0d7d3ace696cad6d818d29478349a176aa02301c9fe3161e5c768062c2df229c13fac002a0e17187f80f9802c4d027d73376ae8f042e701c4e06e48f1d4f22304e87410302047c435bb5006630640230763bbafaddf2f38b61f8920c816320d477243203b87024a8eaf4a24157547e3ec8181c542aebc1865e2ba1c0d11e76ea0230582d66aa910f7753563068a6143f982598ec85bac43477f4b663d8619a49b8a56ff9ae0aa746c7c6ad8c85580e5e16b70302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb50066306402301e1c632c69bc2b3acc8290a4bef5602abfda9a0def7a10712cd98a27ad0a26588b90d5e8ec4139694b816e72688d768402301256a96fbc006757e447f3c1c02daf7da865c47168f75ff2c4a8b66e406772266323bfafcd97cefb75c3ab8b6dfa79810302047c435bb500683066023100bfb60d9c2e55b288b200eaf39c7e1867bf117e72d252d90b4c137b16eb1475e2e01602ad4b2ed81c9d86eaa1eff111b4023100e2ca87fd20f2ba29883a11f20da1bcef2a2e303d5c01f44d97f5f83ad84921adee156643041478c0b856b49c6223dc140302047c435bb500673065023100cdddac2fabaea4c52e4d24e46c3a5cb1e42274df162571ea17ec4cdc5e726e8178d625331d071c0d2c4c3cdbffe8bebe02300b13109956e0f2e7000ba6e496630c6ff6462414b7a5ebbdb7fbce5facb21f8eadcd1397b0360f3cb07b718441e9fbb20302047c435bb500683066023100b6c2dcf437dc04754c972b4b979aaf9e60c46aad3b38ed3021ef1abd49ae97c2c11585060b096da3278cfad4c373811502310095ada46e541baed37db7e29567e12573e17659a4a6cf54764cd160084250c2dd3022f2305c67caacce30889f932834920302047c435bb500663064023034110c114319f838288e094766f3f7a9257bf34a67548d3de63b40dd666e6007e68bf9249a434a1c7db314a9c1019b1e02306c76d593536cd27fee9d9fad8f8694208f8ee001bcffd7958c3461cb62bf8f89e7312d878312fa8b61621aa07b01c4340302047c435bb5006630640230126c7a7783df1e489db6e91cb8017637dd12a4fe493402d1f281e01a98cb2c6bfb000fb45453bf0490707e952359ce2e023052cc3fac1caec72ea26fb89d2fc56fbfadc2435786b2916e029809a47ae7146db2bbefd5dde8fe752e02a7c951ef20a50302047c435bb500673065023100c4cce58deac35303cac7ad733c4009881ed42f101b0ab1097fc1c08e2aa8db41e4b6edf85c2694fded9090522d28770202300daa1e22541afa5e03beb5c5a47bba7b3864f4cfd5c38b58a4e62ffcd6382dac840de85e409adb1d91c5c3533dbc94e80302047c435bb50066306402307a8327de81d53512c6ab55fcb9fe2b218e3346abd7cc4ef5d1c80a77f0f4538c42040daaaeaf4a1e641774159e55f57102300db3517b4399bd777a26b644de26d38e538e0d26d87a1323e400570d66f2384d9c9d6c2c9809d5af68ddbed8332916b80302047c435bb50068306602310086f76842efa6e0145c0baaee977db306025c68bb43915635b0c04886e94f7427324764305268d950a9106c7a5145a8d5023100ffd5d4502c7bc90e32ca5f3482477bd05cb17e8dafdbd846fdb8eff2f2e18a2f1e8ceb93f3add068bce3009e05f750240302047c435bb5006630640230195a29ff2233e54ecc009b089a3fa6c1da11ae1a108477db8a4e27cd119689b056aac49b9c452ccbc9ba6a9a57f95dd00230652e4e37d42e38388615c37783316673abf7e83c0fb2f4c71c4914cc830834eb16ba8da14a32a34ca2100d6e1439d2da0302047c435bb50067306502303b703d332ac03a345cc7d9c1037edc463de39caf2e45fadd63fa02a67b07005884e8016c41df5e1e1f9946fd899cb58b023100b2129384a84a18318666403f5f55a30e0b47df9ccdc30161f13f1e2f47c0d3780c459c85289c869241829c0d456c82890302047c435bb50067306502300b8a77d10d60984614442e47bb80a009a35bfcbe5a308e6aa67a99cc9ccf93fd2c869dc13bbcc6c23092a4d38b9a1d05023100a75ea4902132701cbe09dd4c83d015c2256beb2c3c38a168f4db72432d2e57bab1af1fcbb9c9a19d624485e4b478650e0302047c435bb500673065023030af2a312f1b48c80aa5b2dc7c8ae06857afc67c14d46e04426cec103a08feb42b5a28e211b47194c21682c89c99250c023100dfe6f3d0fd91c765a206c46d617313025eadd5344391965871c4549faf37bd5aae43e283922a7c7ad99edd3ba9cb4d350302047c435bb50067306502310080748ceb80f72f9af9c65e2e0e6bb495de4a473212760b6160845964d758db2395376d6becbef5e847ed0c85bc2d644d023007f53bdedec7e5abf0ffd52041d295dde5fec65967fdc580b4980813c55c30b057857e1ce37ec33e0eda66c3b4d096b40302047c435bb500683066023100e192585361b2f23dd4d7ee0dd1f4e735dcfe45213104cb6b26a1551b6f30365c95b791462f2afabc1f338e70fe4a96ed023100c1559bb1789b181aaa6c67054744a6d956385fc4d017e05db66e975faf211ac8d4706ad88f8d131834a66c5d0a502dc80302047c435bb5006630640230721dff65dc005c87fedd06e6c6436f738e541b27a3e05eca64f9886eccfeeb12c5a7622b06b495f8f70e8361c29fcca5023067f699f357d7d8884fe5f5e207fe310397c728cdc32631bf8a23d6511be084cf886b56e93d74a0ac9e5baf89a939a9740302047c435bb500663064023023cff93e36eac1943817c8a38a620129b17216443f04af9ee61329f88e252a129ebf03df504ca1ae2b590e0c2cf67a1802306bc40c66f465e8b5bcf21905c59f6876e9f5fc97dec960b24a605a4f1b0aa12b72673f773902fcb982123337ca05857f0302047c435bb50067306502302408c25053cf87ee06b785f8e230975f73dcfb2d63a497d896fad9713823138449998c3c184fd5fa3992ae7f0493fe450231008717abd8b946ac9fc7a1461c3f1d2c85d4d84b03291a58ba5acf381ec9ad71ffc526b8d19b2e3e5c6153086f706ca8470302047c435bb500683066023100c1b2e4898540503dd2dca35410d0d2e2a8b938a04f8a36742d0798b1a4e31bdaf279d0b49b56f83b7aeabd17d2fb985502310095a77b7aaa3ffd7fef1889b70aa935887a4f0dae960feaa1c8390c2fa59f36ff364dd672481dcc8e9d51d54b1bde6fbc0302047c435bb50067306502304cbf049f213490ae53b3b9fe6dd5f42149799df59096f132de9ad799a698ae7b9edfda8ea984a8ff93b03b137b81b0fa0231009b6230026b821392142328117879745bb5001079bb2988e450d833e301f152eb9edab44f9ae05932e1ffe892307514330302047c435bb5006630640230270a01202fdbfe90b37fa7e678c4710f9006603bd90de0bb0cfd16411f7da1945e0c8e52e9818b7ec418a1c53a49e4450230667a1a078418b0239cfc5601609d33aa1fb8852a89dbe96c1ab5ab994eb3ed4e100b6d102184779b3bf8c047cd892cfd0302047c435bb500673065023100b31f7a9ebb47f175dcceb23335949e4d76f85303001ac5fdeca1412b402fe8096c1747fc043deedf1ae0aba9e45c8e9a023011dfd1f043dcd8626f458ebd636ce171496d68a8c4418d16d9617722693c790bbc735fa26867ead1585b40133aa7a7900302047c435bb5006630640230414b59dd7f7f17ae97f3027974786f17e77de60afbf2cced52a3a2d9b1d1a8dfcc6ebd5fec197ab800f419528ba0f5c9023063cafecc64bd1dea5f3709dfb284d1a43d6e85fe53afece0e0bed61aec412cdfbf00cb41822acfb37cff1e3aae5f1f4a0302047c435bb5006630640230241bed3924b6e436d19cce884ef10b19c1225e4ecd43b6075bddddcb2760bf6602d4bc40fcbbbf07a09be3ce6934974802301d0ae58c5adf3e2c88e22efb10b6ff7e906e7f19b0877fc11a3c93951b29e71a3ac74cadf32a07bd76abdeb183207ac80302047c435bb50066306402305860aecdee22b8f68d2d82cedd31deb1f92454d2c53f44f055e59f3f223ca7871eb46559a775e00ef64287eee047fb3f023061ca05b67b1b101ea54d6f144405b2b8fb5b52ed578402fda8cb95b955041aeee18dcc4639b43a270d9b01d7da4827f10302047c435bb500683066023100c0c0cc9c6fed896d0635e33815dce2d6b073cb30125a41daae3601f0ffd69604c0dbaddae7acf7081814e19b5265dbb5023100acdb616a36eaa5dc6326374d29cf530d2ff109d7365bedb15888a6b838e68243d6725a289691bbefb655ef400d246d4c0302047c435bb500683066023100cbb70323126218ed3a361b54bdfa98c4ed08329c02c495a5a253d88fbaaa4cd808993cd0f68dd321bb9bfde7c2892791023100e9d6e9fa731c817f503904e9783fb965fcc56e5e09629bf13730f674fe8e62aef9f2b2da92b31237f66869063b2551b50302047c435bb500683066023100a5897b83b0c7687203f7130824641c8b0484455bdc4404ec42301246bda05f90fb26c5f954c0096cebe794c0cb181b72023100ed2484dd62ebf74573372b50e4d7b19e542ebf45fe8400e2b98b8a0d6bda9b5d5443dfae84c7f0316b200385ba3852bc0302047c435bb50068306602310097266a80a93d4cf78e7f702dcf79d6507f5008f8e4166ade043b32813d814ef2232772a12b90d0549cc38b16c6e117580231009ee93e923ec66520c944d01c5cbdd82ba18f03fc883a30dc5c2c16f2f8958c5bf1ff63c42b4f17c6e8423fbe727da0830302047c435bb500673065023077ff94d7cfbe4ee74df6f0f140c3ba8b6c5b22a4fa4702bf9b4b461f35dafcdd21bb2f10edee8804680421584eac4f27023100ee4758edd29451949ebbf3c4b08664c96efa67586a5d6b9e77f91340aa08a79b61db1b57b6950de8c91d649c09fcba4e|eQA U]e,1N3ȇ/nJvq+"*8Nqpgg~TQPMɂy Ro#\a"ɡ+J e%.tvzB(ii.;k d&SLܾ2yp*f{nR^bYWDm@[ޢâ"nSF sĽvgI:E]P(:鮻:E4NzN;lz8kMEHn"7w[t'[QfY/e#ljoY.]Ɋg^ "T;' hH] ?y hIԇW6))0EdhhƘګWZ=6p?Đ?Ād   ?X\| HH H (H HH H 4HTHH$@H`?|?!?("e8"l9)8:|vGHHHI HXY\H]H^brdefltHuHv$wHxHy $.04:|Csssd-tools2.9.41.el8Userspace tools for use with the SSSDProvides several administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP password * sssctl -- an sssd status and control utilityex86-04.stream.rdu2.redhat.com&CentOSCentOSGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxx86_64!qq R R // [ [qq!!*x 1 Tx(HKx#ZGt7 HN p .b# AAAAA큤A큤A큤A큤A큤eeeeeeeebe_ebebebebebebebebebebebebebebe_ebebebebebe_e_e_e_e_e_e_eZe[eaeaeaee+eUeUeUeUeUeUeUeUeUeVeVeVeVeVeVeVeVeVeVeVeVeVeVeVeVeVeVeVeVe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b85575f7eb06ab01ebde92aa68d3374ab21eab9434cbce271dba8a1b28f0491d2b2f75f7eb06ab01ebde92aa68d3374ab21eab9434cbce271dba8a1b28f0491d2b2f95eb5d68895a116986ef11945abd8473b5d5a51729e9b06992eb12b86c53c5dc95eb5d68895a116986ef11945abd8473b5d5a51729e9b06992eb12b86c53c5dc28565bd16a26c3eecd99f2c641c7e201086a5311392776bac0c47f598d79e25a28565bd16a26c3eecd99f2c641c7e201086a5311392776bac0c47f598d79e25a26a6d9cfb827cdd1c2a615b44ecc0c32f7d4d57cec7814eab37f69a92a90900426a6d9cfb827cdd1c2a615b44ecc0c32f7d4d57cec7814eab37f69a92a909004b91b1d929f475de2d8e188e36fce324e57cf098791610562daf0c9f5a1665672b91b1d929f475de2d8e188e36fce324e57cf098791610562daf0c9f5a16656727a7fe468e35024a22710e1a033b6f2c4f36dc573ad6ee42376b4a8e898a667d47a7fe468e35024a22710e1a033b6f2c4f36dc573ad6ee42376b4a8e898a667d4e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b85575f7eb06ab01ebde92aa68d3374ab21eab9434cbce271dba8a1b28f0491d2b2f75f7eb06ab01ebde92aa68d3374ab21eab9434cbce271dba8a1b28f0491d2b2fd8d9e5599f548f2dd6c0e7e656a05f39e481a0072b81a33b3e25d2765ad0fadfd8d9e5599f548f2dd6c0e7e656a05f39e481a0072b81a33b3e25d2765ad0fadfd1527388b4619d2ebc0752c41a9c645235fb3c58b5eb3e82b4c1f751c36ff3fd8bbf3f6402f93ebd7673626798f8bfb9263532407907cb8f3d2bcc86bbba34a78170cd384dc74518bc7318764855a7a30e67ee8c7e11d5d21fc49f762105e67ed82122c936ec008f153b2f9fb52e2e491296fff87eea33f7538a1e561652b279c2213728d475326b657d1479e9bf46dae662c192eb6bb98917cf92cd0073588ee53c3f06b33c90ebc6539c459ec8a21fd0dc92bdbffa1544e7c37c8daaf53ae6320fa35fbc4badcc77d42d6487887dd9200191ea438f9835be7aad014bb2ea969c816bdbb3d6e375a19c3e64afc9ff0efe82bab45c37d24282d76ec0d052d60c328e635bedea0a04ca0cdbd14cf68ca2b34a0c96b603f2e9b1bb732ffd4deb5bdaa0c59ea8f192ca364a4ab64839ffa001e952bfcfa68b7086265f975ec8a7e7248b78d991f6a732b54314e8b2d1c44f26bee8169ad6c703c8e35884af0be5c1a73a463e1e1aa04c38af34399fc0f4c012ab08ae0ef1c4e0960dc48dda2f62328ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903d8ca4a08a4d452698596ccce850781092e18c1e3178ad62d45c92f68f4f32671b0b3f8af1f2c8915694a5b738a7851e799b948ce5bd4b0a82a48e6ef6f803bd4ec9a4138a100693d39509ee55bc53d1d894365b1480c3daa81d424391bb5c6a0560536d4d064369ce758a7f11d4bb110ef566434a136cf616c671e0b48902bf2ee1b3470284c9f02de546ca1c163c80999fb0573500e49027b64de3de376b20b6083423e9af6724ff395eb1512007e09e37518ff3b1567857d1746d8e58a96f09add19177a80b87cfe61aae2fd26b8bcbcf924e0a5aaf8e3c7a9c4c42e809da12165f20c6b4a2c399faabcae640b3b12d6ed7e9d2ac8c8d284df79f0a4f6a5a24b5256e1c3f4f2ad086c53bddceb4609b02bc52fd8376745e0b3c94cbdeecfd5e65204181e30043ea923340d22db1a17b13e76a78c7ef0af1fd50b50b589ca3ada4858ae2ca9ef89544e75549567d2772089d750c1037b88d215872622ba080d913d0078860091d08293133300dbc40ff377222c52671db26bfb1a03c1f43c2e168b1fb5e77cdaca87ac9ffd7cbd49e49bab39aae7895af4a126c9b39c71da9abd7244311e64737d8d190db3e0cd66ba0f29f74bc893c1631ad0888053df6c6bed04f4a53d7bb94d63930d761982d0aeea42f7249abdbaaebbd32a60307f7ec93c29d98c674b2f4e9d8185f544d7daaf27dd164a4167c70f6711980fc0fd34a9b1c4151de1ace7ea6da261287d0cb6a4db488251dd1e4fbea1f25a8b8b39f7d222fadf2e716292a15637417390f133636fedf29ae3ed6f107a98734d222be2b81a18ba6e8ab846c65b14771a60084cdc61937a82b0f59ec0924139cf6207d2941ecd363e9ba8238bdd0c794e05f8ce930c582cb6470e3fd5c8dead791987b01de3f36522669c21d15e038adc64038f7ecb2853a7e21fdde54ba21a97bc8ab8fdd7e49c6c2429fee8b6596c9bbea8e891bea8f9da4834eabafc5411626c4ebb20f2252339216d851790d895522cf146977a805d08dfc02f57069175587b6b941ff13c5b47de81a70e28988b2eea20bf16e038209f0849ed5367e2c40866c4404e9360012b68edabf2c35ee5e24ab621f33cdeeacacb5aadae038e897966c380d4d8f6a2ec34c8d5d79a047c387e474f2e7f04baf364df12b81c734f35efc00d947ab643f8993d712615b60b420ee306ed6cfde1687e4a5a370f245772936fb4d6cdb6b10f8aa104a47dfede885910dba09578b6e51afeaab0cf2d19e3d38ff66c4353cef817169482f9cd734c64e23e4ebe180f60253c7d98a6100343d8bffc4b../../../../usr/sbin/sssctl../../../../usr/sbin/sss_seed../../../../usr/sbin/sss_overriderootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.4-1.el8.src.rpmsssd-toolssssd-tools(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@     @/bin/sh/usr/libexec/platform-pythonlibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.27)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.7)(64bit)libcollection.so.4()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2.5)(64bit)libifp_iface_sync.so()(64bit)libini_config.so.5()(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)libpam_misc.so.0()(64bit)libpam_misc.so.0(LIBPAM_MISC_1.0)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)libref_array.so.1(REF_ARRAY_0.1.1)(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_certmaplibsss_certmap.so.0()(64bit)libsss_certmap.so.0(SSS_CERTMAP_0.0)(64bit)libsss_certmap.so.0(SSS_CERTMAP_0.1)(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_iface.so()(64bit)libsss_iface_sync.so()(64bit)libsss_sbus.so()(64bit)libsss_sbus_sync.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libunistring.so.2()(64bit)python(abi)python3-ssspython3-sssdconfigpython3-systemdrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PartialHardlinkSets)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-common2.9.4-1.el83.62.9.4-1.el82.9.4-1.el83.0.4-14.6.0-14.0.4-14.0-15.2-12.9.4-1.el84.14.3e{@eReRd@dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.4-1Alexey Tikhonov - 2.9.3-2Alexey Tikhonov - 2.9.3-1Alexey Tikhonov - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-1680 - auto_private_groups does not create cache in IPA server SSSD cache - Resolves: RHEL-10092 - logfile rotation for sssd_kcm not working properly, sssd_kcm never receives a 'kill -HUP' - Resolves: RHEL-17495 - New sssd.conf seems not to be backwards compatible (wrt SmartCard auth of local users using 'files provider') - Resolves: RHEL-18431 - Excessive logging to sssd_nss and sssd_be in multi-domain AD forest - Resolves: RHEL-5033 - Incorrect IdM product name in man sssd.conf - Resolves: RHEL-15368 - SSSD GPO lacks group resolution on hosts [rhel-8] - Resolves: RHEL-10721 - very bad performance when requesting service tickets - Resolves: RHEL-19011 - Invalid handling groups from child domain - Resolves: RHEL-19949 - latest sssd breaks logging in via XDMCP for LDAP/Kerberos users [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-14070 - sssd-2.9.2-1.el8 breaks smart card authentication - Resolves: RHEL-3665 - Unexplainable error "Unable to find primary gid [2]: No such file or directory" when SSSD performs lookup for an AD user- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHcacadedeesesfrfrjarururururusvsvsvsvsvukukukukuk2.9.4-1.el82.9.4-1.el8  .build-id39eaa7ade6df93f3463f6450c1669f9063621f5490f502fa102bc3188cca45e4a383fbaccccf97e3f0534cfd5b66dac153e2ca68d1015fb134c0148esssd__init__.py__pycache____init__.cpython-36.opt-1.pyc__init__.cpython-36.pycparser.cpython-36.opt-1.pycparser.cpython-36.pycsource_files.cpython-36.opt-1.pycsource_files.cpython-36.pycsource_journald.cpython-36.opt-1.pycsource_journald.cpython-36.pycsource_reader.cpython-36.opt-1.pycsource_reader.cpython-36.pycsss_analyze.cpython-36.opt-1.pycsss_analyze.cpython-36.pycmodules__init__.py__pycache____init__.cpython-36.opt-1.pyc__init__.cpython-36.pycrequest.cpython-36.opt-1.pycrequest.cpython-36.pycrequest.pyparser.pysource_files.pysource_journald.pysource_reader.pysss_analyze.pysss_analyzesss_debuglevelsss_obfuscatesss_overridesss_seedsssctlsssd-toolsCOPYINGsss_obfuscate.8.gzsss_seed.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_obfuscate.8.gzsss_seed.8.gzsss_obfuscate.8.gzsss_debuglevel.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsssctl.8.gzsss_debuglevel.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsssctl.8.gzsss_debuglevel.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsssctl.8.gzsss_debuglevel.8.gzsss_obfuscate.8.gzsss_override.8.gzsss_seed.8.gzsssctl.8.gz/usr/lib//usr/lib/.build-id//usr/lib/.build-id/39//usr/lib/.build-id/90//usr/lib/.build-id/f0//usr/lib/python3.6/site-packages//usr/lib/python3.6/site-packages/sssd//usr/lib/python3.6/site-packages/sssd/__pycache__//usr/lib/python3.6/site-packages/sssd/modules//usr/lib/python3.6/site-packages/sssd/modules/__pycache__//usr/libexec/sssd//usr/sbin//usr/share/licenses//usr/share/licenses/sssd-tools//usr/share/man/ca/man8//usr/share/man/de/man8//usr/share/man/es/man8//usr/share/man/fr/man8//usr/share/man/ja/man8//usr/share/man/man8//usr/share/man/ru/man8//usr/share/man/sv/man8//usr/share/man/uk/man8/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2x86_64-redhat-linux-gnu directoryemptypython 3.6 byte-compiledPython script, ASCII text executablePOSIX shell script, ASCII text executableELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=f0534cfd5b66dac153e2ca68d1015fb134c0148e, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=90f502fa102bc3188cca45e4a383fbaccccf97e3, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=39eaa7ade6df93f3463f6450c1669f9063621f54, strippedASCII texttroff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix) :Y2R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4RRRRRR0RR RRR-RRRR R R1R3RRRRR R!R'R&R R(R2R/RR.RR_yo8 Nb!To85~B4].n \>֘7 X͈b^LPgpv̷=۵xIJa؊ Ղf|T.:젔[4 Kti9V"[_4G)l8b{ݪ(F"[Ot6`Wx6J|)GU jj0gNL>he7dbr:K@.1xKYougi5=?663q`v'#8^sB~IYL!.jhvhE~ 2jzT/@2jIx`Ol-uW7\a\P9m]΅ ZHS("S,t5 S]l>==yM[35_}H5m :.E&Uyz'cv}.xe۳nLP6u4#@J3QUšbQ=<ӱm+uW)hd,yBvmuGd:]v*2 rdL}O z]!i4X=Y9WE鵽A} U",ޡ2Iz+ݪ)KB+ѐ LB|n-+ju ZB,yNёXqLkNe#'vV3og:Bd gcHz7{( f^ҨdjF݈4-`oluTŠ%8މ[j%BF*gXwGFPP].q wh6u;:<=dngw2|TYD@uan ҝi4jUYԲiTZű'^j0t;7@;16a+#"#+ndM{kɜdH[4,]FƬufG:W.My.Ҳ>#k2kveS  >%0G.anFeHdquz01۶=M(pdv Mm ysquLP) |}<[ i q;H}5w ) (!v.Bn0GQB  Ιh4q>#K,ʈ˯/|F(W*B#'D1bѲ2e'y<̓DyP= 0KZO0t9?)Zg_/9]~tx>)b*+١3 QnO 2qͭީ9\w c0Ǭ)V]r? ÀǽIy|T xbRW*;$C, >*a8(qy?(F9T%"s mp%gEȉ{^@_GK\rz^>"TADW%ſPam07`('1L\2.P6u5ezU L,"$r첸i"jEvCaz,sXnqs% I+h2uc' vݽ>Snm>#\NXq gYIHt^^V';{<];fVkHPxe5*]aMwiwEJ&:DX2?rHG⃏y[!h,@QgQr Ita)n֜.(~.*da^Nt8ᾖU]S8s4?^2It [Qb >՟vۄ[m홻G;&:(ɶ+$1LddBc5xuuT<$8@8Ptc"O/ѯfWi?tJ{ !&Nu>c5)gbI͉4B!X]&"wKeAߍFdDZh7g)/ s6K-h1ڣ;ſFU8AB2kbU O l{t.}ˁK|=%-L~DjfI+MΈ<&zBobA;/PRԩ*{5`0L{>.m X%`TMe=@S}30`q4Gݴ)S#6 %CfF >W QGCi:m t*,l~-5W+efK\<ٿZfb)}ZDžEpNVWr!O} s;d$`S /gIDݵZf~M%oEMlt 5-뙥5]ԉ旱ExY}|"6]ߠhՍ{aFUdc_)~S5CU(>CFTy.G@!&|pHKM!϶}x'ʩhو 45JQPUŶ~Jk2.vGZ 4rb p=LydW@b'Gy½ - ?;'4x ѓXB(MdB+9C,oM2 9NF[ {uURMAc½F {Y@Kk`Q,N ӓ8t;3M=V@Pxpj)~Άqޅ\G}R{S )|oмmMG˩_nEtgE%\.8d${Rp#߾]\]?W O@2!M*7e >3YVBWBDjHj,G!"ƖU8t\V۬QrqY/dKƹ= ~)ؘ.`慘oPFGYZum HP^cA`v9."PϳBm@+@cp-p¥_\.2j@g.ml_L6c4|qh2;j7+fdB]悥پlhCwAc)P/d ӭԆ 9EL=&" GDgWcnϑ>?Kk,29 WDV<Ufuq:10cL>#h%-fV4K7ws*`0{A2u(_|) #$cH\Bm=eKt2yhzStB+1@$2VfL }StOvc?gOHCYK"} =Yk됽Jz}n"60y+R!9 f+1=3*mՇ%QN&ߝu>: f=}Ry=DQ.&MټuӺ$5A QԈ4e7)% 2{iTr%v7kmTf1rA}bL WPzޜ)#Aa(1.!TG9̀GqRMʇ1.VNbF}Fƭ2lgV!6OEZRSZ 3weNp¨D"3nc[PO0!Ȅ}^VXR|'An5ǭw*iٲκ4x3yF`'ޅh#LI. yz#@;|YLˏgR_ ~ߊ{Rfn䍗=7*k#yM|L:-x:APi V 2uڂ O0Z-ئ(W :m%-;Oo{ˇ@GIK8+*[֕J`:".슲cB\!%Я&>yH0ܳZpI _w r`,MK)] ApkmAVw+*P At3PԑMB}QR6yRQ&ؿJ6^;Xpmȍg9;!uE"R^+-qZ3L)zWHfl~M5\Q;Z_)k @&QM)~!$T\7LkZ펌sa5?QȰж$1(ro贖~~ %kZ$N*:i ]nfkzsIe!oW&kbySAq@z,%gq꠵r/ ބwAToa =ޑ X0$LvLfY'GTi0vD(5cx{q0‹8vu#բycM0F Wxʵ>KZ* 7CL):}+@L˩F w olV憼Pk ۣǹ&Lp>qB'#&hyog=X0M`K|2)Q(1.wAh= 3rDTɦ6H4fV<P{ $({+G BKab&=`wp9zVdWdJ@k覱%ff)탔lG4L?ȝ&ub _/"'iDSum?íeFw9Hi׳|RQjVQ]N>pV[ ܫ~!(ʹbvRcoH):~mʼI5u ~U"5,jٴb']1cH1u465Oiv T•j~/:Wks;iMsoܭC!%1}n/o`}?"y!Qp #mQh[qD:&iis9\Y{&dއB(Ql"kD&*d(Leҏ*{&΢Ѱ&d [ó>z5% ]AB a=_!!s+$N?&̧3UVXEү+|rcN,kLƫ(F̏ A}{ב8Wed偏XKXSD}[WJ?(2J2^uq__W&#xd4qwBy]kȏW˭lA52V|<,!q 1u6SU&0.wF֣& 0mCq%r[Lt5Ukvt{>#3xo&hqzGn~W[Ӊo*@3- LikaYS.wh , V~z l!W\0 svt;"ӴYr4[PMڪw<0* E~Tj%. QXu-'κXZ?:WAlV3Jwm\\#bi14g ˸2zbb?q]Eƨ3ԑ>& _abePgj$G?el2YooȈCsTUe8ZBqj8̷C'hΥR/"˭0U,Er 1e'*ܜE{|87hh`N ~fE՛GZ,l6{Y[B_wd8"S!UuNTmoP_A{S?i(Gj;ўer<61(3G! ۹lj 'FlJXFhor\gg?-͐ObL-]K.DV7tpf})pM!@>GA`/A*AG'/xųHoyqBq/u-uq*kTQf&zdd3p{ud~bSZ˜~7==B*†F8CR愊ǓY)*Eyk! ڟ}'=-ƸzwzvYKECS:g‡Ju[D]$D]~so fU'~+~3Љ+g[&9"Sb RyĞpfy `^6TJ a}ٸS9w;AJذ wh#PLw!BǂoR3WZuׯ}P=R]B]Z Ќt UMaܚAF !!15-Eϡg`IvNq+߀H>+s'=JuunT&x$ٜm\ ܈36:) ݎ|`FюM2+!iд"]?qqqض7ʗI~? Ń٨?2xP¾aDf9x*2po,RTi˒V/[Ikҫvf=uҿUDݼuڒ`ջmt0k[>5 8(qBl,LjrZB]F2'cOT`Ξh* N~c4PgxL{q_"B+IҕnEĊs)G `o:+:lo/&l-[^kihº π<ޡ/1olwЕ&D+# 5xBwo3 ڲG Ѿpp^{ugq̼3@cه1g}sJ5Q){݁^ua0pou`>2fRE10,+`|7GH7KruK3~U=F5uĉ;=gKB&`u +eA -s)ԳyUEV$PΕvc~&٨GhÌ19(mR4'|+9ʕttj~\p- 0@$S.Z6ox%Vai1fsŁS x EHвVuW~D]nZŐ9*<γ*~0nZC{yjE&*p\BEӅCQu,~< qK 9xK1t^UnMD6E-():ݢZ|bH60CnD g5m?B>U͡m<=Ϝ*,Zs)1G?IZ oLp7 hX[,Y Nn^.,\\:Q=_ _m}(rna,8_e_2V֠jIկ&t*"9j֛zD#ؗQ#kG_s ʵ@| VV V_#|Q)zܻ9&jVѢ)\#90fαcwz Ye4\PpK4{Y7D "* eߊLĘ`w6%FI sP 4pMOMQ&Kjn[~7O6&?_]!oeR5Myqg 9㧥\>, ̗kˎ]+B\mʟp9{#/|v7dJxXTu}cI><&468%%G{ {s8lQ]cCPb-HjB0O|br)>2bS#;x3y@U+,o@  ea ET$gKC<2q/そzA/p:-<  Eq7CŹT_$L@YqlQ }9;BoWs#Rji=rPO(N=@+GmxBBk]`jEf ՚m\=DrY7B<JUvaɫ<}uw~kĨ)U;X1+j9S5~Q.24r1Tj0MgQ6HHD.]>Χ .9vu>YS̘ \%}?zY_ۗ}-`eԶ~^ف[qK9{MsraaPJ ^PH"T jenۣbhf  \Ksfkހf˓wOY1J* ڥ o#6 NMU5\Jbe%F]KC$ؕmWr+յ9̩7Yp('Q&iC3LuGRy\ 蟈W;i]65@i ![V}jALWv.Z@QeK̕(4u`I&%m@ac֢}>tUܾIl+]x+pj#o s^oDi1rn]æ4LqG3Nݺek|0_GbM!N4ul~BɈzn-=Pφɒ,%zs" !OG mVZ[İqYyM,X}!z+:e+03{H4 53}sB:b*53o CWP@JYDhz7j4SzӨQJkcmy(-XNo83WnTp^&,n1UP$*Њ^˝JN ;#~C) EO Y%6(B^~Spfoa_>29`:)ec݅ f hv֬NI$ژܵPI*z EzUh;mBm*ը-DtQ<$1 *ZB,(u: D*"cY86_-IxCoy=Wj'/X@.7=C!54pXtXu 7":grhf|`~@b|<|aeؕZ˽k5xKRfFbn,-O^df_gv4afi$TڷG)r8E^EmџЋ?QSxv yt\gpE_*:x%j!iR\*_7'곦>rW5͆?DNԘǡg%_ ;ʓuѝZrw)p#ѺqaϾBd0!l\L{[&B Smxu CV3AZkLW IҢboPknl^Y#q4}"ֈ *,@l&Ph^ sS jpAg^!e]Sm^{HZQt!] Y%'- -80E-)Vu I08H!WgnRbCV y 7V|wz"'A]ݏĈ>XWE`JH&&4g8aaj>w(+FlUh0ʍ,TA*P:#IluUAG) gzOIH3.p v2r5V@cwABGW:ZX_ OCo6dD# hC^ k^V0#/(O %. 3Z'|z*HDj3"6DάA7FaѓEAXB^r$Rtbߜ3|Edey8cyF.k.S|m4b̾bϭʰ)mar7/P|[eXT,d.V~N)o2T/c哣8*y0>=*N.7"z[cKq椻_lj]t6SĢfgc;# xa_Us]{kθyg3[u>,OY7?T9(m)w"1|f/|JcK;#dS0wC{MӄSh._v̟&ng~W*)k7sYƬ89!_jUҀRQLB7N\٩vz:#HJ1, e؁EQ(v)|qC79eby0ms)y͘@zIYָT_d=1ŲuLyL\Ole- ؿMQDD[炧@4м&}fFc ,1 Jۂcf:d3@JaAAe""nDc=/W+5rx*'o*p7%F[:.dS 4Nx Xq2={ (J޴?x]UCuc/QbPҶ_-^CƆKK[cl1O*]tjohrbS T~& eohyCN @ʽ\IS9wLq< [?7s{(wףgy=}yQmdu" 'C - l˄.:3)&d[RA&<Ğ.XbCm9ck>QJeǮ5[:h9 KC=󐌐%ʼnu{/XFĥ",T/Y߰>ߪX1٤Fi)a~$fz/O̷<| PJxW6OeĶ?6@b4u0$MqqJ/Lk0nد #Qn2zfG,BVr%</\*L{` AK| +o|z[vIz_p6cGsb^!QUL;ښh\؍RѢfU*&zDY cf4t7t{: %-H=eNAI9[>$~M9-jnn!1qío`l9x=6qBOqv 9~Vbt.P,t8b7?t_8%E{:! IDnXHBAErH3DCGT{ICCgc::vh3:~q-{FfFtp*krh(^2m7*,_5QE}K V`7X1Ɛ΋DӒœ|n>mھVMEu^ga 6HPf:b̙tkd'0ΐ̡n\}͇kUz/wmmmҷzrI.IoV5{Cɶ^QG4[.;p; 8?۴+UѬ2T֤eMzz-!RF-8MUXWGaPI#{RUN;Grp&CŸq 'jw&A+S:u9Lu%r5fԲse*d01՜9˱?!o`Ȁ'? ^J^\9&җ1 vEGX T .sVw9cútl@ģ*WLPZL zYgw y`}rX _|rQ.y[n>˜G͐jbk>/:QJTrA`ԺДB𝚐JNjKNE<>2YB嫑l?O/kKT)S!J->[IH9(G8Fi:q_jE6q)xpۯӋ9-L+HnptFPѷxB}SXp&_-9JBɏb;ƃ;6p~)o-6$["/G3#>^֤rOݒMp`[Ilсb4\x)\ ƛoG5wȥ !{e\ȧaR#R|K|H|*^L+:{⧕-4̄*a,ޅd*Rj>ƾh?c]$v1MO&@yE&;wמ332Gj$dQL @!oǀ3qy6"nvox]b>s&  +R6 kfi`/׏AØvLBaЃܜYO5>x "mLw&|/i-,|Ri=G*f97+8/΁L)^bUtWћ*ٯɬ&'9eB*)SSҁl6R2a0oGT3c,JHVMmϪW~A@xj%l&v?7|ΈHCܶz;j4X+#|rw]A⼗#sBD)bJu98ϋ ҳUCJIeExSH'WoG5ro;80;R[xqMiF]X 7zư5*dWſg&s\ Ej˧'qvvF>JݴG2ж^g fyR22Ҝ+jշ hv_^>Ӎhel.pPWXBG=`Vb4ͦ\vdo396Np׏BoDTdf zAIAt۞2l@5+T XŒsQ@" y+/i>%v4|@.{$)uX%?۱ }m{M@Z(xwND A5dZ|N Жʿ9"-s1O}`_0Sv)*ćb!d)f=?)f_ϊ&%V6,Jb5ڦrhi-˨Dk@~?#85vaNϹD5PC[`(#w` /vG}%qm&}Ჩ3B<1=zvH#U9"53$gÙp!YGXxoˡI@6=nqh'Խ)pI% Y8ƹbUMl~ ʶ! Pmd9NWi&1&],n0LO,.irdm)̲}SrPZjM:W}6EojlS|_o,뀽NbSJA)`Rh7FCx"ĩSlg.lu)>(&BNdbf (!^'Bb1$Q|ޙRyoeAA1m)|rRV EgFLeρe[RA4Ow> riu- zZxliF6aqfϰ3, }`g#͠dЅ=b% UMG*dzFt K?y(WX hY& Oz P ³,tL}]CjD9ktTӦM_\ZmI I1}V+ ?%'9(C.Q}%;ZO`:7,v JTLgLmj?zȁrsFAJr^X@L+\WX1cisd{*1!BiLItZy(P +mFΚi)yÝ4%!wmoopZf?D)j d0}Cu~ğ-(-":\BZGةo?G5%ud՛s;m {PV Wt[nx!QiMDd j})*{ߎUZM }r7-{01t4"ѝ ⱤH;"괔XRElx~if)N T2b"e?& lo!qk uQp :[Z%#ByrPX7 bX͖S9o DKo(v'Hx> <ԓ/s09(TVS7̈́Q̼"[$藛$ cL/%@=+RB7ϏSJ/ 6`^P rڵLS8AH=y]k"H{AV $b  GUX_ /d_a^q`xiJ1꽢5/,"-pb(5q ^2sf 8"]%"&W'2;[Zctɘot*khUD #ӡ,b]VOb ֝u.]IPteC+S6bc.p'}ňyQn/r <G`zI{czgu?e*Af8-zph`)L vojh*Lo}үot~Zt*@K.G?YP(%,X Tf:3{ w`u]1J p~ k\KQu[&X`ÞY|OgKC=`u&NfՊpk lr2^͛ 8 <.6<|P+* RZy[x%lwx>k啺's rǕƢKX}^ m*V/U}C_sD/g$6m;ߚMI W:_ g^:_3G>"PgEupz)x,X$sXf>؅*M/"diߢ j*.uL[G$)+.{Ҟ!@/*^ekY3')Hfzj]3(.{4 UUk!(- ْj L"q؎jhEKvSc2p7"ymE7hgV ۍGk)L JN PP^$~ʙY>j)ҽpĒNp|Pcd]QAH$5)!2vC33V8lf u*tt[ Hx:p 0T>`8[A7#q;Gw9R`qa"g[OTQVzzFbH+5HQ};l8pU"RO8)_ :|`{ILⓛxͶLμ.U1m"D'aCC](B 4Cs:x"#ཛྷy9xCO82m*ܻ?$eO)Ijfݍ6ǫV@U8'~F+8R/0E!k1'}5Pۀ_cUD3DHkņSOH9יKn9<|U}W7M_88|.+:RLszʡ:4qNp]!2xwĤ"O5X6FazjzZ"LJQCń]6kӈ,s])5 FKm+̉Y7 `}ț`j_8(᭰QC@܃ Y8ƑL5a^\^Ug?nUf+AN)rp֊alm^W2e?f򞲤NK(̀I{/G̮;_nYUgY0mNq n֨8> Se);+򝙛xLcF"7@O^0{QFv6cFxpX囮l}c8kVbwKvd& +e+sM$GU0 vm웰=gk2bb(9 2Ke,pXЋ(wHdD?Db{as)q4i4٩|}pyr{ss4` G"\t‘84SH0LP3V'ڪn@БqLN2 ,lѹĊ~rB?$yedK%*NOg:["( Hlb=6p ю^)!# ޼S]kâC_<}RJ0AdԅRyUSk`(o+UzDߘkWZUL9/yt-_er%3h@M܅ ҳRƎt5;⡯% |nV7)VD(PF#b@i ='h8ËF_S삵!(hV/e0 F::|h(]3-HKWe w%Tvń}XִWO u)4j<$Yj:bEĚ۱a#KCBqOqgyI%$Ue$2g+iU!@,nah-CM 0ؚL_& z<:;qԓ:k受l1ɜ]8x;呰2ޫ}{֖Yy} 3fuO,BV$U@xa fK$˞7wI8Y!PqdLsv4XpѰL^ngTᅝj>h&76MkJFu VAZKx 鶿e m!7͞ȼ# *v4eH_(3YS;;HL7Nm%dqLĎ2e_PwTGK.X*S'&zVB27}z\$m;Wl"V\?^ɈVnß_&<(hYv\vwx+ "<ٌ Ht@Vk32R{bj`pL/A: ت2e{='?F ԶhF( TIR[S=V)҇Y3?2Wn- ۓ 9PؠReyO>C}sknn+ 9}MuZ%Pv~0֭õ.W(27&P,Q,ˌ^Z <iD fC',1R1GηǮX_}"yrЇb-XJ_>k *xq^ĂG&'."U!&3{ۇ ^V@aUwO& wtw7J MGL6c?b̴m8J}7~F&ލ8=] udW3h-$h:Xb80՞FXwuX㉟A8y's"-`BĈ/r6e r e6 +O`fOÂⅅ@ġ0ARْZ_$cm۽+XzB(]R,0b/ VF |9MUi'Eea"E `g%5ťlٟE):M 9ŞbOB@ő'w'sʋT`ݩo]8u?0ޙzs"ce>nJc@x1ŹU(#tYfSZq@CRdN!=65vE_rR?e^Y/jaeOW֋1Gw0=^ruQ&k޸<ߒGaf;Qu؊D'&a9ܠ6m$xKp7t.-feJUY"JJZEhdcQ,jR'f}rx.²]5͜+]]QVż(T@{r+q{٩eCٛy{*Ɏ1ɀZ/Ri=SU&sqaS߷?(Sb$Rb9{'mG=` z==P=^9ўRWmv'/*)?lOWig8 }<=Ekcے,wF'=ൈ_Pж{ׯa?jCFH2Gc^]g]CIQz Ɣ97. K^!;"7$S?~#2Dx(_E~GD)yuG?Z[{+[H:8EvM䩍M1Mf^!!x:8ofrMOF)Zah:}yP<ҴyO@gMOVNQ!5ÓHC[ȕoEݼ]j3CW[=X]Ӥ*co%g` ebG9|.S⦳5kVDzt0xdq؞e”Zw5_~> D/-xu= `:nz)x﫸8y%㫍|/'^.Rd2Wkn<X1}X.}l®7МsN: :s;A%CNw8琏4'=y?}4.bu^ɨ ʘ. )H8frP'aشa'2OGDvJ]_k~Ŷ7BrPnk:{yOҋhB-fJjt)(s+ Կ~WS\V F $S n7 \:0;j. FWkCSVxYEk̻oeS0E}7,; BK2<&[Q5zZӟ<ǻхz~E ۀl,ԕ= ~r%U*!֯T+;FB!!"~#>3eFn~!^= bhgj Hl"Y (tQ)m {75 58&^3-P(Pi ہYѐL%fxdQ!\YƟ?kB2ۤ'u }0L!b+OS$ʂ zuWp?XjFTD76c)^iMBj璁OO.'>p˦t_D?'F j;OMإ%{ۗVtĝCEKA:'FL+qi .aYySWvH`e¤_+ސ Y7"fn5jH JQB^l'@s9kES0H/8.a&қswcI7x_d'{# 3df |I >!g`=V=}D4rsIxj^~LX_P[%Ea8pF _jnc>msҧa|+b/a;6IYwf q6btr")qze3c[ju:VqEeMaes{`U! :/^x24D*?28}VVUx8KmsF~B8@idP0ii6)PEmA )j3FTR7 V|E^ac]XDz4Mդ蚉#싙XnJ7tte}+v !6 ]8@dyxi&!R2{Aso>5\Y_uvT;j"{ BXJ1'>g)Tk=$ XW}~?g킎>"hPa3zz2>r4upl_ܠ+pFK> ѡZ˷4cHF L7lQ<#4rϞ#Bq" Nr8ەmXHh`cK0gȉlE[[dB ~#9?;Ѻ-a+4 Yc)k*NW/i\>.EV΂dqQP wHh^y]@0~;z7>FLn P UX(^2$?/?ޭu~"xS&qd[+h4ۣ}s\Fq RـaO=,0 /լ\BLJdg5hFG;$l eZmC.saDw03)-B~EK Y3䫸}|82y97 c9cc=]T*?4Jp4BK&)?1U ?QE\S@I Е`~>-dXs7eZjt,D/6礱hw*Lj ĉ2^@jll`_+mxRF'$EZ`~((E>^^Ke:f9wkԐsSтVftyďUl-E+$D94{JL똃Xp-,6y~Gtj.n̽r׌@piNiU]#X aKvhbHVhYLӠCoɟo4 -' 3({u᷾'cEupq *E8F PGRZ} 1ȹNX!&)mTsHHG Zr3k/yEklER'&Ac kUH h8Q/(L?ᘌ꧕XrKBBq<8\B͵ H֌1H 15~Wk"~dz7 ÕN.T7  mca}%VaIYd0/{AU$ƥ!+66ik+.3 gѱo$2E1z$W>P B)$2RO 5u:쬉ݙN:Mы+j7v]A{RXá& :D{|+bPnұ:hLmdw(as{yvQ'ޘb*,D6iN \wepXιA: 񗗝@lzyu r%UX,]ҏH-x02z&nCf8hYV;!1.[՚#Ǔ|Y>9 qLdT"*4NgY0+m~Tm!L7hL!MAnri'{$5-֦8JF-ػHtuBPUADwɵU2MtW8cCFZq ~GSKt2DX<$a!z~)3Sy>'׋be]'`Yәdc?D^ 6~ ozP BG7Ĵpb=O2BBoRΰXƴ]1u;$887ɼN~"BQNJc8Va`o~%(" Y2jquTS\,?pPNW}&p vkH>pi37- ^I&֖]( O:IHQ??TŻ;0 h:D4B0~iSZ?= vQ}PJvȆ_I qWhM8V2(]S٧]6 PiK@˭ӿ' jÆr VO}*\- Z3GP)t*֘wO&LCm,)3Ext9jTK"/Sg,TqA(S6lvplk0p`uC${`731<]T511PnNO,[X|'z=PȽ<z\B kqi65F,"^4J.8:ctw-wjh3DGՀ5ӘXz>;,!ZbtD%Y0]-1k gF4).`~YWrOA(xaRꊇVJj+ kMt?( #LdSq/J*Fm;[ahᨄt v݌)r۬F Z 5WŒɝ60xu,]`uHlO䣂۪:&VkmƓR1 -o}71͚mkrȪB Vh߆,Y=73$&qF.0@_s\D1'޷M,QP,d9(HX l$v% #W #qz&KE(K"j D`f/4m87Ʈ ͣnw,~3;n;K!tDh4 XExr8sJPcx8>3[#ez9buY)q`#Om-9[XNGz*M>a¢tiO_|#pBylؒH2HXwդ!5 ,8IW P19EFTɋ8?E4m]i\uWePfe1Ǎoc4;W z P8k͜89\2i ,.N滻E qn0>?K9%wAyJcn{r>C(}FsY4vwn%PxĄ|K3c!I/(/ȇ3p$ p }eluẼ~gMb]Z&Z nY!og,?@z?JH:WĪ>n#η?5I3/G^J؂hF/O&uMd^ SK/)݌P&V"kUo'iK!Zm彶"4em8hKͷu9CI2 HVԛ&'4#9"gب- X{B0~j̘QaDFZ=v$*bkd,>&˚wݠXoQϺ&"1Gh^].sq3(*ej8W,~nLݣF򮇿Agޤ޹3.Z +5GLtNkP\A x4Ȼrj:-t|MQAt{(;ݙ^fPu .pvjN 3@؂έC͸bz|O Bn1əKU[?"HDPLc:θoSq)-m[IX3n4; ^q)4s^L'=[\󶌉jNFL6KMZȻgzhF&e%JpckB]Az5B<|+%"Cg8gܶ`mE-ҞL@p P<Ӑ2t"EmLBFpR g]~o;2٢ 4Py/׵IW+.b!ו>TZ wQ'wϗ}|ߜ ӣp*S diM7D{czn:qZe W(Lhr1%m6NWPNltPA;0_1?A(},"ԅsA(n%xg>&d$%Z pBX]LibxWk::J-b?`p|_*ؔWG7dvI囸1cuD8V5gN+6gD(}Eؕ._Y>إJ9+:tсtwig׏2R2Ɔ͆R"~ Uc"{'v$Q 9XqYQYGTnN@'H>mB7{g"]kQddz`)`.ɲx8M MSéY91hȮ5ГFmxśf`cXf@A9,;OA"}CN?Dͫ՗m:kFRt*μyhYI:K Cs-hfG$?!W..d1|-5piI/=;OKpȻjוBoV߀.PxwQM7ow%G`KZrZIBUy6z,iQPAO}H[T;N˓G:ԿzEb+|8anL 9AR6*CT3!TRU2$*+A$oY:(N!E=]jeC^ :19%D6{4i t]pjhϧ?ZsQ%Bm#)'>~(X^!_6ku:TuA-|㺰-I.s:z'DL0 %èajݔĄusRҬlISO"'N@# b0jD_yrP`2 1f4_`RB[+I,Bɺ36x[tRvsTuKgu`XӿC3dm5z3{%"MLW/gDt+ }Lg`?ٳ6\dGc|-AXDxra);mFT>B=Kv0EaX;@Wa|6OAeP1eK>$-^Mk pJ9Q'S cX %S=Wȩ@G۾ ?,EU:"V9GVGj\*`59)2=q䙠t7E4~+vf?1mn4Y"d0|!U t]%}=s hՑFܴeUpnzܸ')ԷG9FK8>;AHѪ:$O O|+ĺGU;6t6 uauJKW6_E'(?bKZ.ura$@mN(6(,-0QQ%%*ljwD $Er+t1wOpx=QjyV ORQ _W#Ge8zpO2b7ml^VܻjoRW(d|W &}W'T)Gtα2jGsL+N:`Hc h,\n(8ܑAw*=#kuj63.oFVCS-Ņ* $|ONvy,Jbzd 6!S̡iГA;)n"VXBf xz2D& |ߍek@;%˩hy (uz8|/Y9-KttiaItVâ]X..6&E_LF:e1 `9,}Q-Ӏ(QH wAI+T$c&>esLJ!1ũd -ѳiBn8>D$1UwDh:S+lNE1?U6?}i W˭@ _ XPGNg]G:o -~C+ B$MWAjff*ZZQ:hh!cP/p#P M4N4K{^}RJ~ c@ u7u8m @52B)M{:j s&e4AAX~^:hPXo^k׳jYG F~EB[-j.h'Ⰰ4נ\ ?XbP$ʊ2~Hi.R,'㡏tW(AD $" SؗpmuuVAlnQw4!nNsPy0 -3B!0I<Ɣr{ []w:Mqu4ukAJjo>Ft1D^rm!.`Q:ǩ$$cR@K߃/ͻ=98f"Q,8n.w}>J148q3`?|ٲq|u!0~<ӄriQwuJ# \$Zҷ5IYRw s[Q\'>ލ :sY||VwH5b$lI\92j uڋcf_VFlcu2;SZY Jv_G ZV  !mu07&*B, TjcAAo75L}eX:g~Q@]#]-:p*)T xI~$ ~5~KڃCZaiS4[\re?d0-& I/4|7NfCof)+3v08 $ҙ}!}~)p,C KE.ٟ2a^ LIĿo}|xӦ&N{<쬗$3.zFnQaT2%2i9َSM;a_;\Ҳ8_ļzg9 Pii`WnjjmadF*SxDObQ礕r?%vƯq6eqgED+~1 E) w1.n`N?)0$B{$߃>Ƃʳ2λc2)@rL/o&"PxT[k!Ѳ5rZ"h(XًORx,N$ufgQ,~hZ##`9O❚pG6 f1[S#긥y5c HKVߢȂ nJ EGHkv T a"E?@X s {q+7be8]r 66Pq u;ւmYgv-Bh@[(iĀg"qsSeߧ\WC2+ ~n{Y>2a +ikHo¡Z|= ^ ay}'6|Qbb 5kn0PÉDdqH+W,Ǜ^}, pu1n5`ü^N,*DWDnh&_G[rS)ŤNA*C`~=W_Ml=D,LHO~nkeuH讐֮GT& s/-s3 T̓d%fRԫ|]sBh8BRctl/"ToZ' gL]sz ,N Cb%bB+LȲ+~k:7xOuҿcCl{ˡ+w}cI IO *>tJ"-*)kxyZx**&-8asǀv.u5y6G߲vTdL7Y0lf0![Yukg4` תY5_]1Z\t{~fU %U{K/`xڗQW^OFĬO } Ǥ^WHwGՈQ:™ 7:NmmD}d!r^h[u.:=}tHkS#W3>r"3(|re˞JUO,HKsUuYUXgt1y9(d+ u-)5Y68~ FUOO*@K1 zDI[#*\m*lr>@ΰZЃS)}39_ָ8P7)"ýSr\Y R-j Htp,^'z]D DT'we%w%Ya'h3N B2 p ;XayP yV1\%C{qTWR߁ߟ7"I^ϳ2@1@*6O67(FD};*j<[hJ ʔÂ17nS&@nWE袣, " ;pդ@K2W1+.+M5-zQ}}$cƍ@ 4\Ik~~s+6*`i#y(O,@tR5!)sJPDw@H58m嫯0{:NE !.ՎP bκFƮ{^3 X1q3hrg7Ix0 4Fqzʨ,b+aS,_^K]eqkAh&lu2bowr2}fqߗTࡌrc,$뿐:T#Z}+DKRt61|VI]6l5:O;,R\,Elv}oE]RZ2 ~򳅖R=GlY1ީ|a,s>$ir*K k1h-Wz=c{H;X/hT%~2uH`q7!r*HfR.SbhQuO&{zJSb) WY||U0)3]TK[Q&Jm>e #BtJiLإc(ܴ# B6 Yݳf~gr9]uy#S GH?&@AԂ5t#Ꞟ2u|l qQB&ƽG|81!+vMKgJ:,2rwy԰ܹ] iVcu@m-S93 1Kԗ t@"\ 8yחȔLtBL*}T[͜Mj1ܗ5ՀL"󧵎$!īe4خ&`y%LewhЋrYi \`PEKw%êM*R*~|V I\U:#zOiĂ='B'E>̃Zf[DSs ?>@Gɜ8O: "7xP F hFm0ׂt:tdRnyrC4x.{>9(a!i=>@O&sj`!13_0*C@v~UOӪ=Bk? 3W.6|uZI=|6+4N*[ĹxAoq8m(K 0'8}!т7,eݾ*UrpP9x5Pb+~(uΊ|>g9Ѹמh2T뱋׫n5s 3ad/Am;b<E4Ē9ΗNq+zaY 0п=n~I)J"(S=YQX#&+{b\!#S"U9.sZ8ZZ[,z 58+:_4{ Y"0ozיTibv_> >W gf"OMn#$`U.}͛ɐפkWQtkO?,Xx =X`ceY@نɌxժ*>֭,Gf7侤u7:m{4#A yMa|,MY8y?.^\]KT4 䣁-nya!wP&J6K٦qX(lq'7ٌDm eijR7(}6Nn!{\)gv )f[#hFdJ"1r0?Ԅ0ގer'10 `u9MBW)q`؃|R&lQ$i4+7t%  rwdAB(aEgTtbqMS!{AfY׉ {Y3;} 3ޛC5Z9f[K`ޖK Z9 uˆp*E WRCJF\WOG.7*msdVƅn]A; u5Ybצ'V}rEb{T˂v1G2jq}YV@n)ZGf! m>`ur7WIp9jD7R鲰0B"lz9TVhި$JI̜FhK#nW\@-;te#a|C38;FYV2\H8`47l+b79pׇ4L]Ψ %Mq 16$'IhDoJ7TW ؾ^BOI9p@0%@2`;oVy-%[-S-^m49&/KYAjZl65@aI[ l p^S,(7㷞w#4_iTJ9_<&b h0V"# k^㿾7'Sbr Ԉ&I[}Nގi !uEi1$?~f#ύ^ g:sTf 3re^ s*Α$ KcB^6Qk=T1\.ۜ  U.~N0ɥZqP1rp0 Eyvf?5 5 y6n\oQ|дgōaվV-q3(7"#h:܃ `24G߂E.$轴 Ub"v.z&⿧؉$T+ۗ9Cy8< ŋK,9 P:#'^kT=z=N~RW;B&&60v fAUW0*KFlgWyANj.Bxggs.N(|,I~s?`務nWEH{!;wf櫢+Tngi.#NQ7v65tn|0bGچ ͢x!WGU$Y^=[XiFr]mz&:WE{ujNxؕD*kIR~Zp`Jc|sv'ңV DM F[.#,gtJk b wE޵zS}+˓˖JF9`sMWقA}64!{V_%o䋛iʴ38WbOaIQ:I55[y<~̡~z;ЋRb9#+e%yt1;llyjn}Vxc]KԆ4qm#k[3u!Xr5Ԡ"q$?n|- \ܼ|TԚ{;3_m!Xk &E`hkA Nᰙu;\{,] BVeww$oRt+/~gcb1BX4ԀmE6gLs:YJ.X91{Q$;dsnCڿmQ.?]; ;ghX#͎h + #ZtqR/8'>ngEPfK͚+]6?Wh\uc}o\#a|? "~/m7z"PbK=í"IuL >ezo@"2&:|oM& q8L]|&=hכ%9*>Li=U͉RF ̹E&BC$R擔ܡ:,4Y<"XRѽTe>Yv5|I`SYO2m5qgC8r\,ERF ۦr~0k\) %uP# w:%Pb 2t^(҃naJoR[S9-ypB9apa4\i&SL7 >(0O BvzPKfgf0*Uu^.Iw6: bE-vm|%hu%oH_g'1˹qR~UG -kP*gfx@<>-ŷP˫&hskZt:M> L4T"5s*%m%_`~ uJ-8c+jUWMދ j]A>0 Cf:pAtZ2ep3ރǺ&Bԓ{*ŠZƌ 8Ȁi,v.壒}}`kKgphӄ|\bD&6[_&+ ;Fs8K8@H N֘tx%x($IS Z~J{>Q ̚%Dg3 ٿ ɻ[x'qK Jql/ ="T)XRa( "["&`4p)zX}|$`Ÿ])\n}Yu+;Ar3'E ! ZHM8'ƃ2,t d3)&V&5<7-x蕳6|Y&[/=%@([ߨ>oіyx/> S2:9>Ϸ2-ŠZyCa F^1}ƹ;:2q\8)k6w><6-jX#J^J=ذߍ+}`%dUEjoҽP,*j!Pw=9?$IJ? \ ={CqP0:>7V|k4!OJv%x GB5=ଋ*puۆܺ- TXxr(m&y} 6%58JȬP]CνBԩ#A';lorXY @U nU6"ai<)tr9& MsC Wid~^!F3}%rMM]{I ޿zƉ7 >N6vYr|_8=:E-~pu߲Y!'$S3N 5uḢQ` Ts@7rFJRz+"$Um7nd>RBC9;$иb?Ȥ#{yf'EUr#% ޗ/8hiUj3 $D`e˭]_u8'n#cf׋qSeUt"{+%!!`K %bl\e,lFZci έ2FX&};PE7. "D3wGLOq'^/gtfDi}bm/H˄b%Pp+8zZKnI9¿XBսk^ . e' nͬ, !`y.db.%8sqG-s\q^9#pə!D2{㎊oT'="@#xL+^Q:ϼL:V6aQė^,D1>o(r\k-ΔtÂu8 p<.IH<<@yJ_H"ԡTr"Y bd+$ׇijUW7\U Ϳ$O|rS/z`A|GK{+%;v08iJ[گ"[^qlqc-&NoBІ@f4<!yavynm׸*nv-* hץHN3 9=SyC&MAh޶wW\PBUƛ-hsQBT*ԏ06SyƂo5 Y}4`kCe56U-|Ͽ l{>O!$o>}"@d~eɾ5Uõ!\dnNidrjd);"lz#X ùuz]ӠZcC^>%$`J/fޖNG.::a?u[&򙌐9kW6^0ټ[v@m*\9`Ԋ%ְXĕĕ^wI#K=+?@fp7j\DTAw4Fb" ofe1sܹK^XsʽGg"6z%J(Զ#S_əa5oWQ)zD0/RqIh.SLh}&9yr$"ӡ A@Kx־ tS >%wu_ KOyzʲX4NwЉ"̙#&]@͍ )XhI'(GƦ}JҶd2^4Vl؛l d13o\*2dn{ic w g&)cr̄m۴6r1Bss9nFxxq{[G>6WGYG򾅚Ce;&az6ZXٍBHٕk@y:ҁ%m.Eg~ 7*)$~ɦ=XS } [m/6#4{kDeJaܾۥ `)Ϟ+Ǔi_l_/4+،ugNj6nX>[J:Ң,)ErvT p|0i:p9mHMT6Ϟ/5h3ˏ>zem{nְsgH/h7)RK3eDҠORr0"Q* ePB0Rۂ*SݦߓDne"n 6/-7Fᾶ.N<}t )0Sd/L?a6ARԭ8tܽKBœ=C,Z)sR 9L&3-Ӭy72] K  =9ҪHUk (@.U"sWF@ys;̳UU?6D0q[J4ٱS(1ogK^| *\g< bܼ*s BcG\`w%ya"@)ۻAG)l %uj5"UȬ1)%wp0xv&b= 5f=APѺާ1b^f6tya,F bso4e2/[L2߁Y߁W;pZsz7ra (!y LD@8.'_kt-]6:X&J9Lt5TbsyFLTh-]d+B:6%7 tLwQ ߠ/]sn;<9%a|Hj,}ؗheQ @jPM`hd?_AP lM(.vt ۰?(3N1m&xfY~33,ڬkq^Ǵ(*$ bZXV^p\-]r=z) r͸[RF|T.ezhËpSק*{ ƪß&cz^ A g O 7r*/dO40+(Dv:<(_$@O+8nxF!O_ .庈W!a涮 L;ktCr樒S]~im!־rѥ! סNOРQİ?2nf⒝QtLD4(7s L+ 2#4Cf!&x6`G2F4~->i6Xq.\jW=WnuNi+Qǻpy0TJ-^SjrQ>k=C9/CV>xs =oDce#u?,"H(Kֶi^#A2^՞.YZC#i}'<7}:մ˨5RZʡOcVZA *_._-qIx<-8Lf][Mj۟j`y5]^:b0Ȗ0~H,/׀7u0ȇWkMBWqg`qN-~ưA !'K.FbyL1f1\ٹoTŠ.gnj y5doE2%+=[|x7NhtyU+>]#M?@7љ@ ܗ@!A65܀ƕbagm/A 6{5zP׈(N뻢bph8h[5VeޱJF'BU?'NNcӸEzsW`\N||d~g0Q`8ٿ)#0[8Fr'ַ TA_n溻qcH;1ɓAĽ|pVr,|$#a΁N8ݢf-vh5:y0}uC,N{w'_=CU-Kk&7hɧb&Twւ7Z3cL$t=̓fa;WF?-[4.8WesFzJF@ o3uB X;EȻÛu4283n{\To3{#ahB >-[ȸYk e/).{[WԿC t\xͼRro h 8I|)P4@CLv v#ЖQџ}]:B5xq*YԒ<%FA-L}vqr>2jICh7ҭsE y>6̞S&zR8YRBFH\qF@7݈&/Lv<4zeH=;owq*_Hm4ClK!GvU|?<KAEk xjˤrtS` Rk)qI=,6D-$fJ7] SO(2 Oۖ5_v ShchI&w cg)Ȧo) \bHlEbz8QqVRz32C>sL\}n$ Xgؘge댫*[z c4Azok@֥;&{m(N[ ՞Fz\Q0' ˜#{U77ݴ1z#⵵D⮄%&W._2D^9Ti@/('/AG#d^]Yk^2̋C3W/D4dT0!`ɥgO.r-QoLCRbSK2\]q .#*IkW!,L |o :ʾ:dmCՁ-1~ NkdR]|;/.}UPC%J! +WFY'Jφ] M=C٪"amRʈv @_:6u}:|l8<6>I[(F68ƌx|lڄ*.7o8w7y'/ һ!na>$emI jLF2CU!+!s=y?T!VT}YDžXp"C\L,+v=ᇪ_P %uX`$= r#bNĖ7QQ b6xDVav*Cwf~*v]w; GdKB W]w\cFߡ3J(=?QcZfmJV` dq2FI}L(3 `G SI@EM;#>ޮ L`K0B,/0aȵ U&PnqV[n8Y|=rTA(Ҳ`aq%k[warU96 P܀$]^ XY,rIk\A q?#k8Mn)))-8ѕvп\N!w C)g <{3y5I'VuH݌B2˧.p#,do;hP *CY<;Pߏ26E#![0lgGLPF:$~ adwKL84?шv7<3n\ DuXO3WvnɃ;'Q1rxM߰ܬ@(ÚaH:Cj|GI:_uBo<2!wYv42x^Z~\g>jSX7::0[NoƂ](0N!'[aJԴ-bsU~J/EQV"Au\ŕns?Vq>=l^ޖ|2,CwY) ֙M`TQq"=xkLpMr!mGc1߈p9hKTkj" W8YSc݂^)9lO'{Tczs"u:" u̢cgK)h clkř`YC0N_'bX "8C ~ e/_kxˀ}3\ă0AO^Ԍ:&"sR1n OQ=2@4֔vXneO0A5!ZV2+jBCɯ!j;x|'7,^#")S(/g\8֣RUT{l#} {%7Mrɦ@+>5%q$,me^x'l?ûy]:9rG_hꞔ80ݧfMsZ<!kPX΁Ş"yՠ`Xi?;,6ch,x`Mf'*d^vcSm;Yg{Hw/̵G@.g,U*5.[diMSMW2J蛂mc nc|LJY5~'^I1~ζZrfi{=E\90yL5۱Q%N0\ܸC0s\ofdװj|A`?5^l&@&=L)|~YT ffM~׳))A=5*v*[w>}tVeegCCP2a WV4_}$%xj Z^ c8VV1/LoSn1#| do$sx7r!dw42ɧ샭^L ,,NSmTu u>sMzYH.їTN%ea&=zqs2W6u )z) &4l U)-Os3و6rmL[vN0vai*"P!OWšiUs޹HBF^5{ҷr tx86R:m %)].kf *dKO'`uuԬZDx<8!G,ӨA o2$ U8YNv|K"EF0.^\nJ7VŋqշYSW-mfQ Кi-yꖗ S^*#NF6)P,?@r,oUMl>Z:m?իHq pL6@#Ԝap5o__R*KB±c*op#-МىakC$?"BB>lUbk\e̐A3l@cP&;Ǭ{PK`L$@DvGFm55m`^lknl%C2ɤY3 ߳j6kb:jqJtclO}rJ5'!]52yص׆sed)Jv˷OF _DY1DJK nH}Oz r UVdYzK)@AmН;{;|5Z{>tr'}=S&yhui)d3 ށ 0R}0ph!_k\bРJ8!>٩`*md7[[.r/c=˔<3& ΉNu9P7~NM@&VLǧ`gռPkY4@~fG_`xF^:RasV s6HYC m6SkW!SCѠݽ.Q^xO( C? 6Sӱzy &, |bWeGcVfs,Lہ'SB(?'p~ bPu>qx'zGl?}p}6wK6j^V ڱA= U#HyCgjz?s7Yb-'X3ef.S7z `J,Vu*tZOMg+X5| 0L 6iĤٱc '#+CֲO-#x.)&(,%TU>Qؖ)\̂Dvd0R?reQ ̦<-EOՆ?ʈf]`ԥE!ƊhbU %+4v Nk|03]5J!{&yb*,i{Dx,ΐI,V {VcRr2tPMw+hV鸭9HPAX eSf^.HJ-AN8>R fWck&zS~(L"]EOgqW)[s1?/Wk)If-JGWDW?7#rIGFeBz‘ND@Q!tx:O{q* hoWArƁs+ %pFy^|b0V.A GYu/;Mlsטj8AcQxC&lZ#**xE ٶF=șaff-C54OTK1ܲ@8\l$^QÍQTjkmЈgmU\u9W)>J8Lad(H.L ,s3uXPۣv9g)d%릱?{#-bqj) 9'Kߢ/#5Z߰=pN{EB9 g1z Gjx][Fa,Py|6J"?0޺~U5v5TO X,Ǩ|NM9? I::ct[xp\*k#,SGjб-2NlJэ*&K*de}yzz}w>r[+:o 䢆(H: 1bQDYR(M/53@P]@htee/-gBH h2 E#jyu'D9@TE4==#J&0l̯ѧη0Ν׍NV4P.M6!_9)d?냜[SLrgxT,25 ! (h)[ d:RD`UEciqFgj~iVG@o: 1]U3&tOoΓMq\H8i+װ_qJU(iR6ʌ(-*ĴW% L2ZR!J*tjM/K4Ia̳'o)s* Er*Bͦ@f Ⱦ">? O< >RUhNDƞ$:bVlT 4m4᠏5~g}6AR 9"\85㓋^=db%L95WKh)5ɼQTu+5tSkHI*rK&O$u1lo‡-=?L%{Cz@] Jg}Pfw'Ob~/{R$G)`[!|Id>JaoG 沚"ό3jge]e+cG|uF`nyUݨh PP![I^T2w $+ܩؓF1pA&BT#'3*Fq*a.$Qh0-Vgp+p$S6503~޻TQ+4 BOʑ+)ZasK8ʛ -A2| vu/gCm?2YG^lwT?;_?R oΓ,V/@%wpg^ "o$k15Q& \QW.|YӶjhx/TDԿgWg3WNci|Z%JR?\F#L$G4o + @qHLkGj\ ו<ȏj!>"" :=G^ib_V[jX"UEY> "QR>I/& 3E\t@.~ic S Txۙ+ʲĬs[ X2El,VR~~dj{3=e?8lBE gx^*bA? *'vqNh.<_+]Vق3qcD6@{ *d$h'9;wFK ցD4H{K: A<~ qC̶T!f$`x@ ^ !6 XQtn:Ik9OSOlp[B"9,~Q]; +\g5sٌ&$)V@{bCI`RqtڒgT_؉5)-L-gězZrIJpcV΃M/)Ċ&XF¢ ](_TZM^L6 A[b\iΏ[p,62cVB@fK:p?_E-::kkE .Ր 6fuɦJ'˘W@fgkOV؉_edz.R Z$z.pk$YHw4ʐcHDlcIoU->ʩ-/eJI\RnFtbi;;1c! oCwUW,䙒ˍ;X2LkUP郹 ) 7Y/|i0Xn.)p=N 7KR08Pݲ!$UW6nGJؙExHgS(\#v Gy}?]yxV율+1cgN񲠇|l> `Zf'4G;;vR[p[\لQLp 68Ip †nYnH^#]CoBIߺi hy?lJ=5bض"tXArd@nՐ ?A@` `[\<9Ʌn}/K˶+:O 8(s,v|0%bHh4oHlU<FQ`uoyA13-O_eϬ"`BN|lq}nFV;ƙ.kQX_p}lk9q|TQz#jx(^LA:H]1'P&N FF(bEzX0ɹ"ZG XzTg*qd |ӧg;#ALJ@+v9qH\ KEuf|nJɬXF)ojFp0_Zm XY/:g"*0^ 3Om̊  [pͨma 7=Eт#xoߵ)G!3gLI uW,/^7c'sR'έ٩p4\N,kG?:gBtq$ _F$GpF́fhs9=o > ;DCv[q7O RS_r<{sGYFFpÂ#W\%? ܅n,CzUazɗ,QETzClh(T@Læ=!>6*=N DD,z,]>wNiɁ~Ri:Q׈`! >8>嶘b , D A%ҠՅXDT_Ԧuٔ'Oq%bt9hkYʯ-aʁ̳t"vy(6;@1+VUC3Oӌ"zv,8ֻ%Zޞ$G푔R<^GA+_8GxWQUn #&RP* !ۇXƔXXOM%8'_#< Qr)msl.kK$bqU*!"(EKȼ Wq+r,2lJ㟐xty!st@?:},8poJӺ=h|jW32L ii1'b{,R|YwSS~qPoz=}J_1 ]AVQE/ q<5dȡgFӜˏWUKu ԡ ň5_">.gMa@1<ǍkDG~4\Ȅd!YB: 5*ۓ]O ~Q8ǭ]**nz"%Ll4_A<';7ec|'޼#&BS/uGm6yt+uƳX< [bxjz"eGXLX#sHjMKRLHa2,¶, 5I[.R `ŷH2b2YwPZkd-a'bgܕ%҃[oC^㮯JwI*ZpP~oleqǒD DYm7hA_!=6UcH*jV>\V0]So'tZxt&&"-Zy)pY'0O'HvØ)Lf]ء- v(un7>s@$A#-{| (璌J#v:qʠVD&oυ{axRI Y^6z栛/ƀVWYvqD%d4!##"67ZXvXQ^xˎs?,òHa h|kNnߙ@?EMSHWPCO\pFe#\@b0Yլc},Kv$o{Y"eVOGţ{`S!#,[$0g&t4'&ȿV" r}PgG %=Е{$_P\z#*vOc~M+5|"Pyr΁'9qקp.&U ;d6c69Tc\'VnQK P9, j6T !DWU,B?Vw's7Lf"%(5oϝH:͗BsrNrΎJ!mη^}e\.6P( 7SSCD8^[>\5Y2,#QSl {ꅑ),L яp :rh%%s[e&La ܑ.G!ucOH6.Z4AlN:V~A]sDނV1/>`j;$jtjE)!+|ޅgLdqXyƓՑ#52C | ܒҬz h/ e2M̈y(! TjAbDty7$Z>2 #Thf/8|u>OV V%FkKkTr#08%\JBAjL%YZrfZ'\Rܘ6g#RBx0Zm.F$ߕ3 % )1IwvAPT]d |/M٭['1)| ^ ,y#K5#nzsg UEW4a坎V-ĥqjILwЉ9fϣmΓ䚦/>ҐH@rL i>۰J9- ئZj;A $ $^C?C/i ?!ڵbj}rX@b&z8juU3ƀ**{$'F^>JY%*%0Lc?\˴ J7r[c {@^)!G].>3y9%J+q:<̗~\& ̓:OcyoiRԈz_vH ✊[zusI3܂#F7]ӫwONN mŸɾ vG+bGU؅'BaGD|Dib h@3J(TAL4Z z;{ o# {-U be~;-KzAGOd EU 3G09\ު@.W^D^hDX/S:$z:\LU y-|I!aI9҅f<-l[;^vq WR:+g t9|e- WjWJ+;_ia*;+΋QУn[Xmr~qMW"s<+]@.yM6pni2FUjFSe!Jàs_q2Ƽ b=HÎmw&q%˝ dWS ~?Z H>󊵍UincQCX heGem?9Bi;}x<]mCG,qչf#j9.f"!|miF1-~L$c\*cCt#ƨ/)wt#("rOF} wIA";ťCB^*,DqV ri*֋-d\o*X/Spx^$7^70^)JPl0[oݲz64.tLK=xtg6#%zii RQɻ0逩ͥC#d͞FfC@Sx Jm7Jz92&,4WF$>I@B/GbR)b3ډŲY?Aڎ _Ang8/Yɘ=TA+`H72 Oi=uC:QB Juۦ̎I14%JvLpr_LuZiFJݭ73. 9^E_}kbjyt u1|Z.ZK<Ű_ny ReY:gٶ($ Q⼿7孼jM\[6 B&)Iqqmr8 ܷ5q!h`9g)*9Q>6V%o%)3 <ؓ2)N%&KѮU_97ߏt3aSBBmRURu#:SZjyaB$5&o{ *9 O3dz{o!扗ϤEUG )l[=V?~3d;+{Q/LPKsyz&UEIa.VtƬh,CVa6$VIR{Z#DT V"sQfZ5=^N2m! i$9% "PC8k,gw ov^d _r{ikʷ1+Y|hFnzK##Ҥ,*|ӈrTQ{x꜌u!ْpI7ݸDSgE j}G~ܼI+B)sK 0$wƈw19{gwՒzbB"Ob].T# [Ϙz&)/f\^YQX!E'\T+Zމv9!)@'x[Qk <ҿ ~8F,[!CC١s:%Ei_AQ(:n0o-U4y~7ۭ 3B^Q 7;'d9U;AN2zbz'"3x# ֔<$ώy^W&MᑄSR( 0@[0v[cSYƘŌ&/Oqkiac8[Li01D~X8zxٟwo]P~ L:x>9G:dQ!\l%mke=Wp(߯|;1ca+^n9[g?-+`ozl8v!_#6^oh{| %V_'层ofKXE-R (1Vs^u}a@]=bjmcS1RWo& N}V6AuɀW.ͺG)#5ALy)Lc:t 1SËWCB>tѨ}KszDtkZbg%~gU|c UwBe;&SD$,y|\>{0'*gUbHZEXNODѓW[sz٥e%Wr8X{ ٺЌ󆯘_7!@f'q;ltt}N4 Y\3g ҇C%R2B.` .!AN.x܄<]B<y(XʆQ[+-H%Gf7U@֩q7QR8H.'GW2žw=5h\VcsK oFsQH+6=Z/kp&D S}$nz$#X.N\7iR{epóh{bKn!͞,z_|步ӇOO T.6|Kff)Kvp'w@ .SE߄Ta; ̗=xGmjX2M¸۵롺~ю?14\ߩ7Gk[HV8^h@-4r: 7CtsS.CR4 9ċ.I٭v~aH`k LL{ں戓E"2󁗰:H6ØAE$~&Wp? a9gNvCM xȉ[9*C{zU1ClHy bM=4yX>}RJD(\IVHQVNq̛i3{` VQ&1󂠕Qw==W7ߥgb,ڟ,.~02ce'RzK4V\/~;y_#{ȮCqwӞ ʅ1۸`C ?.ܟ'3e|\z2F'"VHC|. ,4k֧>8q;⠁+ZR=\}C(-_86=?静Z}eq|B\dNɺV7۵ _L,ُ<'꒼ċupaSv)#Q ݜǩ0bB@fiP#Eeq`.z)YvXc+؂o8Ud"5WGO wZ_YaFt;3-לau#q; (x #"TCuI45& d6/n55^hx8/gpQȇ1'2-jfw3K*{3Vh Oi&تM׋[EZ)w&&S +7! #@Q||0i6&]L鑆;= -K;껙%u)T,8 $0=lF . G'iGzPu nv6A!)`owk} zfb"fmI߳r\pL+ʪOoZ)T! z4n4_lXC.cC`0ZW?6ф+Q}:^rV% \8>P9=v?0_C'^/uǥ5_L4tYb{42Ye_X MbH?qWM|L45 ]䮥WL1`_V3V9b=h6k =\vK1bbM[}>}NerP&;^uYegk-QF$-Y']5t$TM,' "u$LǨ=ފYt׻ GЅGq1q4ʟ#9\]Gb:]8;:>q4pn6mNRJ}F}4'ٍy>dVvhuF>V)H0> 5PmP(+3>.~be3^; UYWG.408ZdSZ4^ÉJG䖠HIs[!bLt.(C]L1)qpgI[)īr9 F[ >^K7Qlh9/IBJ5&ܯ6yZ %&!iN, o cnz}:Yg3I6&05O6~OB^dג;Gࣙp>_o% E#-|GW( ЯNF~^{_NKxhľJ JUܧOu#k]M]qfs6 "n*&Nlg_C[Ei  IC#ǽVט8slOU&F0ٱx@c4QݟPy4#p b.cLrC󽜵V"T4qlR6Nz^wS*e )ui8ܟ q?8/[ X1KvUU3[}qNi O$({6bee>%; lIiep-)x`b2(7uU~^Ə,=[d#wG{5DB704N\=}ZC"bF< %qqgsyx"T_82.|aTO~f#`g`mpQ ȂMhFvM>Y||$~Yjپ;eN7ã1~"a)6o4E[fc ªէ?oe?fz:r6O^P/3D$Knw{MY+o*ϳaw~'Ҩ^},Q[7 ^:eiUrAh< Zg1?'w{YV7=ONx# 6Jf; ,qq;? a| Vw*O_P1hc$w6Sz )Zi#r\\vO 33OW0RZsjf2o$pbl×D^._vPrtE2 4(AרY-BLQD&9<=r0N+FKhD -XߑG 0jilc%ެ0l+ SM$ tgAjx5|gRl{A*6 q%/y+c >.yBE' ZcR΁錫 SvWQU7ޓ,ϙ JlP'{bD9`؇ ^wS6r CzUUoq΄N@Ea&b_%$J|bpG.u{c>anɣ)$oð+v&As)h_.}i$"kD?bYQ^JK4yMgR_%!ðlQۈ. kC Z_ '%#z\6q.MF ZXŬ *v%NZϐ2vMuW5ۥoQl~FbCƆpZ`_N5^ QCͅ/._0вq_gr}r KZ-o\^1Ƀw:uƧ\@iTsr_y|%[z(0M<4tdAsgivEPueB|5<!$Z(46fCW-? PM^>LD<1%ɹ>b7Pߺxx[7tk: Ӏ8E:҄QWIM+V7dHmdiV*y<|Sr}B9SO\dڝ{yw^?[E刅cP-!`mΝI15ȱ58M()툍o$ҏ4*quoE/tX>Lm۷NOGub)XmP [C Dc.'4#_ږMCz+0&sYdu#0Py:dr ^60 o?e} CIrE0Uq jympZi*iJwӎtN4Nv@1>2S0TJhĦaBoH zy!G?JUf-vC7X ߂D6I+I8ې򜸺3l8Ͻ6i17/D +K%lDN8hVkFhK|bq@QrL$oOC|;w:Ue˃hAZ.3"YOXIfL^5h X ksXGIX f<6t}B={m;g'(uK{VԮ>RpjUGsEZ^"35wTBL6ҝ; |+Z[]5ymR(eGo_?.?TUQ_ݰ"+?UImiڋ(Sdۜgtʆ:k@M{ 5(7px8:}'\X( j-qҧ/.g˅}6*f3tFJ`s/2:NY~ā1I% [SDudM] #2vlhŋB #R~xG OUT Lt\/ѬOBqO y5L7xLht S>_|@WqDzgQVL/ rCGDzɿWaM{D~8OAl~= _E(TUvc)t7M$Q`Rm3m Xy~fFq$o|n9`DXI^{n 9FbNY@tM9J@Ź!|xJ%yƊlFhz+ ʁm„t );"=?OG~w4< Zsӯ _8`U69ʁ6Yycök;a\?'\Sh*͉MJޮڳg@*|@ќOҧrH!'60-9+D znj|ޘ "c{g$NmABfrƔ# czg,w!N6ϯC=G*UZ 9B'wC}yϥ3,iy?Cbue=x x3_YP.m]t3w z(HzMCDxCM2H.%^53F\6#0UE:E_w.ޞ"_6Ϫ1RC2#@ _^"u2 ldɿ7D%;QnpwudžiZqht\e~G \޿of )iU?8L͏Z):?~ l@Ay$cFۯ>ZUv4ɪ&PT]OHl9 d\0iĥ2$7E`׾j+Pu]Bv&;Jћ-U'2'>.j1/Td[KU֘e|&,WB`6+j/?y3XtqxOK7ng;7# eHBۚuoEt|\az: BvT/STu㨡35hۭONT?'WP%$!&uacG^kz;%%!'\e3rv:f2uis,mʐ)d4cXnZJf;ڷUaT9?N@́2a &np>b0ӈEhֿ IgI$&`q#4F0^?Nպގo|+5,ߗq#LI4aL!)m|7~ F2[0N)gٙJPPKG_*YPf'ooՏÉBtNyCk HWLGbɀ̎ZՀ~<۔5 J:*5_ԞB(Ʀw(H5h(롳<|8qUưUنC6(*3Vg+ vrh. S('eZX+Y= 8)/+>K샔2f0%^ʷ & [tnvrS} X83yLx~bzSr-v Gp3k^-?+sӳH]5D,Zߖ9G[2PE(V $vkdҥ`۠O#)2`3bcj /eS[!!xerF:yNJ=9iH9c, ﷂTzfG5\Qg ki޶5jk:nPN3Li~]B]:쒳gJ!%_X;E?@ b۩ޤ0;ʓ ͜x}c#hDa_wcYSs zW3rBJVapO?²+MD$# >Ws_ uu5GZ,Gv?HDϓ_$f׈sDv a eO9NE9F*{wQ"^_8RDڊAϼe3< N͒ VQɆ9*}~b [k!>+wMb ˋU{EprGR$g,)ihrE9}Y^0k>esܧp,_G<؄a ¡HfȠ:蔷Xq]=@ Z1*߻ˊAK2:JvJ9XF-y$ZcCY\^NFq*3񩜧̙W#:>:JdB qvqk?YRziݦi0u˯%%R7nމ=fe 3V8p[5y^8B'p*L0ss 5[p:S0%PM{K]Yc*Ó ?Rv""a 3e g\l ~㒿lQ`BT|"ZAAbXZZm ?z7:Gy/7У@8) vXkeޞbݤiۏS&CTe/!/*8!1SXD>l,A 6Jhz뛵ƶ1o"7~QǍׄB`Ld7 7lPm}msPPRmfrǥ>f.Y&s Т@bˢsqLVͻSM>p/]QLʕU'ىxU}AmeI[lALS2H XrDfiE K_P&SܔmcңUeCD]ɯ k9OC*3jDŽE5=snY`TYTבĐe'/`E^MZ2tE<1Vc`Jti\"ODKc#;۽NBCnw(wTʉ|A4<݇Po{~0֫fvv[Km|*xװ:/J$g_w&f0 fD*v<9Η[`%kc- kNLJkDh{DOEٴsDϴ\1%CP>O<#ubaEEطABg9ĆGs|ȥ(.{y5Kg3D;dDKoLd鿪pO- @ fg\DĠC`ۗDuh$||xX$D` Xb`dL}d5UɌ ,H:ȋ)|&n@Y Gwg7mp_awR+&UhnǃMC͕sŵIu_ Gn8ҽ\q0xP NR;o7#,Ap21>+\f}^Ї(Ԏ DgFET#;Mܷ8 Wd?yٕZJݔ~v2z=`֐$PTXTNi4[WU{Rl1bSb(}D4R6"z~M8h=͖`?gѾL1ZS V⋌l frr )4EYєE#gAzSY9 ){*@)O{qטy~~t ȜT U#<W-#!&~1{iuǂ2x@ajxEr䚂nXozj  ڃTW|# (Г!H} =9tۗO,W kzVS ""6iֆĖ)憭"S">׫t%j<ݹU: m@gb?= Q<-}w%QD[s3T r-g#ِU ke M]L Rᤣ +XP"ceO@J_P?J-mNS(a9WN DfĎ >Y~AWHŠӵM]wJQ}MxC-G/>ʷ8{QfoћPFJLkGւ?rUߺSwttrGoQν_[*Gme[^VMPO9h&;EmLBr_Ha9Q',0@ A#t4pPgq$PkrXrf2F1]ΉJ~2FRm_=8cuF\ g\1UFOGљ?٢#7.][Q9@v%ϿB)+Y@2.{T~3{"Ac.b熑} Eg2mѳ~yc&+ /<3s|'X-ˍB@ 31c!iP[gڦI-SKRIF4xs Lw=[re%yLӕ"cZ7TQ:7gVq)P5# D_UjMR†JXv>v\ K 4-X6kϓ?A!{vhs` aUzњ^ON"%u#l&ԦF[C 4M7˜uc}gK3uf`,?YWj>cs{:ã"| Vⴶ.,},xU5@ ; LqM/ 4rB4BὴЫۛgEݦT7&ޮ@2f‡L8lɱ@|1[ؾ/3n`BVHoxtU3"˧P+Lč{ Pp7[Rá%gH@Dxow N04T*C>HFWǀ_y hǃ^5pV_ 7B B;j %4g8 AYqaizv#tBI,D3Ed@V{4'.ofnjݿ%AF >d>7/nkDR<5~hž{ϒr r@8ka1ufjqHn1KD|G]\Ff}vQYsE[ݱW)/$)Op瘭/ɱȏ4?&_=VOZÞQv̢yN"3&_Д'P9u6af"):w*hsMkl6kȺc'M%Q"dP!(t_DL;2;0ӯN ;wwO[,|WTpX2@ i-#Q:?y׬!kuУo;2DepS~!k3,-e27>V;nwcf>.:'JQ(mk!nt R@ Wf^$ѡ73:eep"ql?~f4zd@<BT1sR6d-Z Z(4r{Hr[Dr#Z5,wuRU`D'&ծ&K.zoyP վQlL7 F>42Q%Hhbp{."?c"]EW,8_B {dbV?w+8{|"ux8Xg/0TB}UR\(ak]7c~BQȑ o!ڳw}5b IrtNM{9C"9y 儽P7oflzo!H[s[^"Mg4l\5lL}<δCIΈmX#͕h!\Nn+E&/+2\@[4")PtTwYLzaAGNl;Y6Q/w4?۞v;[eǸԊiQ {)_ɒ'|i#8LS]=z?@@c-27^w>$=v&SJS`%ϣxUO h,}4ⰌpZ<n׀:[O `f}*|]?dFGQ^K5 4EdE7^ȸ![]$xNT}-!Ȅ 6ׅ/9rс1[vDy8U]M c2BY` rAv\8op&ۛM򊰂~;^~ކN4b8`%!SN捛 510JAohqG 1 ~m6nM{y3#~,3Hؽ7ZU^ӕ[cj* ZWpT$ƤJ${aTMN$ׇ Y}u,8Cg|xX0"e|^K Uʉ.uO͸Jy:bpm@g5ae),UyZK | )}V~DLBEG@~қzZZjo^`~YRJ14I>f]}N|j:V&捠GtSu`٦ښ.MgOuX[Leغ՚~f#ҏR-xYUVTۿoJ ^xި7 7Mu*Kϰo AM?l~R+7nt?2[^i5γ`\$[p0e^睆4 ;EPFbTEL}%)WGV3+=CQBWɝ"b2H<|98ΖHH>ؗ왺(tC4kʭ9!` GOE n3%MW( (KAܬQk ̟{!={sY_-wZ^OW{C5k ɚpa@"47&,— 42~prv9f/tGn)M^,Y8үB3l=ɳOeJL{Ne 5G+H}/d 6I.lؓ3"tKTa*&J@RuqLy4wj?Z䝪udo_U&亲Q\iz2RCcDr!f r&_9c$[<;4} ]mvyu/P}m}&K9Hs:k;mH.V @5 Ly??Y81S?JbAHpx)EG;/BKRICW7ȥ|v|4yd&Es*sCSp5Z ,D:ձh‡0Sb 1Ŗ*@s)Kyphez&Kн.X_G0u!T.T`8w ؈Hkk ?.grhWɩLmVwdn"ǧi?;\Rqqk[x UkG|{չ9h4 1Q{ԲcW=SwPxN@nut6m EЀp6ޟ!d8CJ>2N› b_epDM;5JM _ e۵(&rȇרRuRe~}SfF*wrԮT6 CzqoX%aAW j跒YhSgO^dASm4{SQS^ c"fJGf܋\U0_2P Gi./i*4X2y&WAw>% YrhZI~4:x] .{\ȉo4L"o  9'u5E~x 7 |xeYJC\G'ʛpNr;D7*49$2$&dyn`8."X}ZwĶ8^C϶< וqc|g<Rx:3l `\Ep|6Iݬ3\!YUoF &R9lxG2y>ej;N]0}ņ-aݺ:s×&]ror̘T~ dE6XΑ̹rk.`ԳQŐڅs/^65=>4\6N a+/ <#@@(SýؐQ`#>7QBnsנ={l(YQ bsr!emRM[V1)T ^0lYe-iV)LcO~^ߍmUւuQ!k2i3b0BL'@&ɋ ߀Mvqx[ C,$Ħ:@U?D,qMc*(kM0LA('hO,oaۗYL-X$5lP,Um)ݡuQI(M?(Vߑǽ ]%!h"i(,}yjwW+Z*27Sl)%!UEA2jRQ"G2*nTk9X3}+sĠl_0%4?Hm2EÝu_N l]A[[U7l1n4I;A6uۤ~;p^'_[|4q8F(,0oPj?wpDrQ! fƓxZ R{o~J[W Efe9kG. Pp}QG> (U]Z|!תi L1 wdKSĝσW9Ewk}HW4:jF*%ԶxP S.1\[))ϔdd| $l4a).[,- `zGx JskUt  YͶBMrOD)?B+[ ^(O3wf5s$Nr ڮpN8S^JG]nmf3Amg# lU|XG~PnHz>V-ǜvTi mx?̉5aY~ɝ1o' xMrbn>G{O>K]tLX׹NU:|L {<yÜ;M3 RV비| gC>ƫ۰$MiUd)'xMLtzN-`}c߼>J?5:Wf)uQ*KSKWKB +:vG7xf~Y*H ˞~??0'!' N_,`:o$ܣ͔c/~bɋ}d+RJAQY?:ß,0"lZ<7JCƫC* /EI"̅OL勫y ~V.ҽ~|7q?yubE(X @h$*Ƨz:Q!:ek o,(%r'bIPf/d>xEDpU:]jK-0 F//G`+vlzD-=yN5AEhiO,5ssΌy|՝մyf_3 m4:PQ]SL4,B~ym Ş߾BW%`03s1d5Dz1&Gџ' 1%-AbK1$K5F9u':Y\a2;ͯ` OϤuk>*| tA` ␹ ]/SHSUǓP96e3"p # B-@]'s`a`Pg` NEpU&Lf428A(g&W:i޾F8ZJG-@2A߹6[oO #v`kQD Yzxlr8w}2p(_xTS3+ܬB$5oZeiN"%-♰|͍\8"H3V>Fn%/s}!M_)V?DQY=gGy [4!/qVD _ࣞG!OS 1XB烵g ĔJ \r 2`4QYBvwe.㏮'v,j]_O|`mJ;;(S{=d&{1g>kJ&#-Xֿ-CFRC;8s+BL@)y(O'I|Q$ R_֋j+4R*Yv%c6^v 41"uwE<}+l)DlKJ26v恖# jZ~\AAŃukE0۠xٓ;4r׆ 1EmqS’mA= Yo`c̩V05Ds BJzh Hu,'NHB,P>'ibE/lȐߡ'6e&[ J4;w٠kx+w}Z̭oW\VD}VyD1}+$~˲f?/^2zlFrMnSL %TIpu$I .bkqA`X ˑeH' 9[ 5 ӪmaQJG8VK^@s'tP7&Q}]諊ր.,7'S~~|t *{tB7 S&e4w{>@gVsW=yB1@ }nz$PM{"w`D̋Qdqha:o\~L6(/0aIJ("zӕ?"]ݭRz w F}If@m1psr|Z[;MһxOuk1Ƿi?S0lBթA ^ie@&ʩL;r +Q#FL#2y(֝ ijWo3V=Z./\E`anI4$ P^'O(JWB(8X-z8ZL6kecX]msǰwx pNT˟XFۏ> bd@ljVxY?/,wFMy gE`_)1WհEҔDʕyg{\?[ "IljIfNrZgG1ɒmL/ k&(vܬ%5vF@tTB/*!Qg &ǭ[%A:~7GHXA6_5pR >V~%lxN}8^lh$r` <8+ݜi4nTf !EF٪+iueޒgY`Lgot^7mviۻ<9uƎ5g }bJt/z5GB9*#ʕ˗*8TƷHEA2jy$꿷VU}tsE+ORgOP]Wޞ_n9r'*3RUm3/?jd .LV`uMCށ H 2̋vA$Jwl3t@f7OeرHߨ$莴 oߗt~۩<7'KMQ)6 WhVۃ4aSPuȻ,&e38ADw؈/jF+l q ($RebB?JC-93UڦrŎ+u}al-ׅXuV٬¿87z%g?$^fFN_L+ hI;Ijj_W5)d/95Ζt٦K<*!:ګ L_aznLCQ<kDXx 0gT؃HQ(tVch3xYK?NjEI^ګ^N 8|'~30qHKõe*SK] .z J81%>ȵzGUtE1%^D5:Vdj "&~Hܥ*'v>&J-$;A`<ΰɆEtʩIЭOYɚOS׶JV]50s OɃMtz+"Kv$dHtxV.<{O+l uu& #`% 7喲k+6}\D, PcL@(Aޮm? [K4?MEkHFv=;D6o]5 ST! 5Y[i@`^21?e]w5YaYHdϵ5l>L<eqm3aE n#zA3rYSe>'-`&qj3(~Iw+udƆ>vC=5[I De_d'XXBa$fHBI׸oBI-3qؼbOMg52B`~@if7@2u{ hJv; g5 k} ^06U2#@)F3 :ƽm&c㈮!}P֏ +Vs|M=bq#9HT ~Gf;m?@manUr("m,FtZ&'G\'{9-nJzƭbѢ3}FtR+Gq78L06ҹz-!qIr. UT$'EvE.ʂӞ5rZs_J=}]z^\/ kގf7Jl@Dl]x&yxǞ\%I,Z$olI\9"MK$KZ[\M$= Y}[$_?syZ4^z;%>©(Q+At,!ᡒ $w74$#YҸAfIr4Y(5EyyDRxL= Qs>ԅs1)!UUam(.KX.B>/0@3Rmq 1>r2F;'` ;w:5l~SbU&5ѻUpk+/`HOûgOSM0^*Y2\ \]R  /7FFLFPKjduRC[n dYWT Կψil@-q,zۄYө1^?BxZgm$-mE g˄yQd5ovK2>㗺UJpkkpL]g{o{ O'R;\"Ƚ31$^| iE{OѸR!|;]mxƷD=xA`aMd{JXOϵ-݉\sq@w +s斶$!=AW'*|-:1md_j ]rn֞ge2.n#͒G]7~]w iJTk_eYvDċɋ HE>Q$zs!xd U˭Pj_1c*9W 2,!XXFge@} 'G E2lzMp^x/0xӡ(Y+?hnmεh `=ETf>CN~7\0lsQkdbRfAnQuҦ hC O_~tǘyr.Ɖ0x o`-h&Gz.Ǣ$$݂PHLl2i\t퀆\dۀcoC^G Iy\K7߃*PjL؅.C/mq*> h@lkuy`̭dR+I4{GGZXXZJީLo_Úl4J!| Q,*Rh5O:J&wʸ܁ hh\Sa?|dW 8kzqʿL&3xJG4xxdc%v}'Rk2}hj-x0PCIl8ɻMp;ucӉU,n2njݨ\ {wKor;h:XĒi/#L~f#_b¬axcN3v+NyPWa50M&';!.e9 6N_3"ǣݗeZ3H 2mz<6Fd>.W'F3SJ!d4S6c ُr82gD,6l ] +pb;uӖ{אQcI^"tx4`H[#~۩{R+]O^>:gO+t, FσK! s|JfFs$xJ_H2@fӎK@c-\\8kt4Ӳ1D8RܠiUAř*+wl;,SO_V5 bfe,R?j۷N>Щq'm8cqP*τJ UyU"Vsk-=)yX\!qIcg=s9ۜ`f'/ҝrFa|>fR&5J;'^=5}w6㤈 `+aI@~ + F9m:sh,Սw 4n.P'6qlHl7݈tOb^Z|cus+xG7v"V.R-DJA[""_.6Uw:$ )e9 ?H~9eKd{~~+3M1 TԿIoQ6wj9=mŠʹO0K-|m 3G#6hS!w0j@׍f^2R yJ kʾKB[w@'sڸo-U.O+T™=xfj"<8p$l6Ba9#E Ȏh6 p/m24X֥ԁfe#}-* yU9gp1$t_Y0i[(۶tx!j#&/pJ2j4GsLQ'G834L;1&LafA$%4qƯQwpQNDB{Z=ҀuyzA{|ONJ2sS_GXidz1S`GfOO>y[\f@kxV)0`Ҙ $|sȺB3IS= | .] (KW 5V(N5KQrmR> 0Ne"y;=^gqBm#Q/,1Jk4U˼ wkX`X~"\}yz\܍uyZ0n?d9ZNVtN߷9ÑL翌yy@2iWBqѤTE)yc$AW2a|\WJqZF%X~5"R%bqz>U-Ê40>"X`NA{(!L^} _6so^% @ RH|7Wxc{[ 7UdB6F@䐤@37-kli!ys{ @9w`Z`ĢnQυ0|=CW(6` 'SqU,YEGRO+@g_wIXǺP{ˇfԛ;#AUe;^ɋnS)cRټ"y$9IJ!(钷,NWēI( =W&.K(L}_VFs$FYjy`Ahcl RRhl/LAe A cCR$s2QԶ]5&ͤ5M0#}6|~IIb ßʠO{~ʫTuVGTМ%_Xh&4z4R[KB'd.wNP"-qLߩTU 2v.㖗k:1AnPR8O%ķ׈UcO 'NNÂ3D?6.S\e&B`%|V%WŎw]}q/"@ndкt^/!|<IYhSM˔]YAj=: }*O&[Cj+xQaq&C׿'}e4)pi`~k#r ) {Pw1"svB0kfodBbf#&!dB5`_!Tϗ athqp)p^N@Tv$ݳ+ Jt2 uU~t0e`]&5K,2KYN"o=sU4 _ryG7 h FFeOؘVo,e\f7gO28nsAa}6s+{wYwRpa^cCKhGWK ]GaN>$$y7T\I7l`0 1 B]H. EA>#1"( n T@ \}-[.K|ߤFp0c ,4oVG ˲ug3I"'"NW|e^Tз ܪN,aA=jv; ,o,_!5ikhLd!Ү|~j>ǭ(w0nFl~#>Xrlpcz#wlTu8$JC( `yFSt;S:9).SA*Ej;WhOr/vA3ld_xXU"9j$EҨMJNT"[..٪d {ڈihdXUw5S6ڗM G*=wjE)=InmU?:)(5TH`n~/@pU<07Gcz⺸:Khx˟ҥ LR \%.EX)A ̜Fxb2*z$l8j38Ԟ%1.Ә+5v=въݩ?dH!%tvctD^dR|iQ9 m/Tu`etG\lwLv5Dn(52$3:`KH"W`ڮV~̡cw[kp}fHk8B%s[SϧwhCMEZpθ Eؕ }7FdCЁ9壛r/eMq<nr@#1t\*oRg s`s# AmԣUɩ9 $ rRt0J.#e~ fZ5/e֍' *[(Sn8gwMMW0RY=jCzZ/, - LbirK/Q`" o.A$k%I3k-V~ _&ڍU@AZ^ -k= AZ |dy }`\)l*#"v.?ʦ:/DuhWCas2?7m"l9P5 چ ;,k]-Vx]eS$E, 5RP[@&dj uQ*"w#Aj+`-{0Xb$ՒE|knKĄ0lh\K݊_?QOҠ-r[{}eUITI/#&/O_T.in+?3Dv~\ `R9WWĆE&Gcf`[g:Xs61#E.5GWJy͊>e=Mzɔs,TXU\Ipne I16Lux[\PPQd0AGAاh,Q4&ND饸 x#q:2u K!RgAJ.2$PЇZK>Ja twaYƲfn4},#XcXSg\HDl m:3=i *LD cz$k2VyIXl7o;zk!]>*"\d" E1ZP#BbT%m3׀j܋So0}bt,lj7W=P/XzTaLդVU i5@HU#9aaV/dSv2G"M]Șp&TqOً/4J}Mew}/#ҍ QhUAQiM+)Hl kH vQks^c訵,gwq"3ў1a>}%; :*l^6°-\6) >t!yvTL~qK4 G]ƣ[65埋2{cXmr_RYjJ;R90`b _LD +l)eV7$܇0؉WuSY]N3'2[N /I-[vtx݄vQ0>STfl^(ї(! ifH{tZ~Ss(sTZ aaؤ%Ee I*h1߽[&A((Jݏj|L?u t i-n{֣bWL{:(ˀV0 ĉH ][V]KQZwI952Sٓ[Bb, ]0 B, Pj ֝:#& LC[ HO󚷥W;I][k:s|EADO_q_LdH>~'.&%s~<'-95mqAJ"X=xch7MT-M @ά^_OcTl$)23vca0%2Sq/"-'%SY]v6Apg29Nׅg~4zGY02Y{BF- t)+sb͊UV~k *R){ 0Q]{X iiTR2QA&~rϵ m -쨒xYD;V!i"]WL)LwTGk0Tzrbw_"{yQ1Гcl0n.{fQA1lXҴRZpc*|5mLg'2L)`,C8!&I3 cʴO U;x6u?^47VR^s8\K-`g,ټm.CyK[!/mc?Lhs=H:)Crk.AUgt{AZ`A|fv,մa *ië9I㉙ѿ_7os1sX}~2NQz(qiH .\-/#] ê,?))X)׎3>_H Od-Fv|ag b93o%cTZr7$$e,Bt-Mq>YR/s-0IUኽf I@)3 ltXWAbÿ:сBhTd992y+bյM6Bq|ё %Ӌ@| ~[{%98@X(nC̮u[#;$ZiDOuaZ=GS'@u* 5Z~;; rC;;tHHnU`ˈ҄6=`0T\_ݵVI +ćZJG{3$ɤI6R/(s=t͟ОV2#ťF/yA2324NwOp鼣"2Y$VCܻ7Ԋ7kx=t=E"F'9{f MrpohYCEYQH K%]W-S'*&ûb8&CbŶe3m\+{SKTrU Dg #`';=y{@>'^cI0*JA`&- ĐS(kDx}y⛭s㺿{t WqA'NwWnx<Ӿx +cq :Ƴ.w{)d(uL9 62zEJIi8`Hw[^ sKaA ˑL5{P*uy5yw9!7V0ON4֣A&eկ2ȱ-࿕fOikei %=G'qK>B^)Mvlb_U໲>.{LtS&墳'v*v$u*8V_B#UbK>Lg?0EnGdDIZ&x Zr+f.R5bR-vZo*/`nIo ې,O,)Vp=!%q?ǥU29csS&{n(N'>d/] 0~WX@Ǩ< _.Ztu7amumxdTA51`7J /Fz4ZP (/r1RD.1Ǩ4f5ͳ:Q%mBo8JOvz4PE21vԓp6^ZJ{2{oZ0/vÈKU{`,LB>9]6qQ.?HA zi0ĽyeCհAF/ ED"E!;LiΔ؆7Xq9[y5>c߾ X <X_t$Evx-URna?$fʅՊP%,B~ͧi?bjSAT}|:p:M-ɺ07NR&-?싪N[mex2;?NbgIhS-5"㝓d3u5CEݡQ5L*ot1Vr:{ 4-P⻖CxY1Qh(6 =2 =FKMғqV_*AEi/WszsuFwV4no+[vcRaW ]Y7Mse`"Zm,-&m_h5*F{1H+=`1ǘ#^/yIIɼQln!EzꜜkWMɍDY=ʰ.TḌc-q%.&׏L'){`d"/et֦s쿤#$.J;N>,{K flǨ^HC\C 3HXMN0+C@%WFg%ੱGɉf5K8]k%4%c_&a#TXdv G1#b.r.6H\Rw*:jW~mO;Khj}g?%]#QʩumP %؆_LvѠ9[$_ҹd3a[M,TO :,l{㽵Yg$$B 8 # )Ua)\JRY{94U3^AmR ;\F.D-IiU -QȘ:qt~y ƻԠU&$ eUNLfWs3#[v Q2 nGZ㜥R?䠭fXusj ns{U*}MX 02K/{ny hñW5SdPx{QrkY0RPM` QvR 8/d-p{_M\I57UvǨ >&yJ=D(vΪӾR֛5/\t̄Czk4ƞl=k˧?̭VUY2Zmܚmƫw/ +0zjÎ)\>dk쒖YI33m~:l+f)(L&jwY}Opj.~-YVrmz AH@g4}T4I={_ֹN| !U]|;1+ %RDUwir 1)Psp4B4T]"}jqv C.ldKnSs1꺚o[ɩ+F; =SOSr.@@fi8yKbǮc9CrwDg딖 f1\pbȯ#uOeL S%V#u;|P*©*'ttt@k  ? `J7ƅw0-$҆6PiՇݩu0(V\`ai{($x TT'ĄW"o،)Z("{,Jm&`;I{HY>Iv=~"Wdؚ])iTޜr9C uݕ Na ^nܠߟ))L'(ni+#yhZ.9ֆr󻰡",Zu[J4p.vn~r5uwQi]86-o h.HvD/7lG>V&բTyCzRE4p~ 399"!R|iVNcd*0+{Ys~y(nIc}IԬ"7u<,.gg-,S|y< ħxm}ODh$:Ly,8B\e: s ?u^SJԷŞQ溓s=Bk;P*"(bZm}-B 6VZ6̝ÐF< +קd7Nd5qWO! Ñ7)ru e?IylD9|~"\E?VWF!f!|&))rrƸƨ'Ǐ|Ry~J(m #^=X&Wɜ=# l8F71`X6鞪W.;;om%Qbm,MRL UEWSo@ɌUk69czcuǣ;yVJDΰ[3ٳ71az0K[ǐzͻ(,%˨ ,oiI$j-hA'ȶW&A&*LfxRg[=y,!O$4 O1IZݮs͔Qag3 X+A^!=[wU"4AUɋyLUTRwM,EIn5&7Z 'Z ۪GFyͰ&9\ oIsO:HeKܿ8$@yaJ_ *W}6- meYq(L3QXw:NWZ4,xJ۠p(GF@:-'9;ӝR`)ӝJuD2luEVd_jxJ11ŗ3Io?ܓXr~S)՛26Fԋ3YaP+M: Մ j w}2C{Bd%l1ym"u:iE$, ?>ZTJ~&*Jl3m2gx*p)h:yS/UW-զ*dd7etl jH*trF.&mɎDIM X[Un!z2`)!@ n nccbȹ'^ Mk}ɠXs 2ʦߑ-l> 7pyvI /Pw).c"c s({7$' lhswnPg`VtĔrRwUnoƂD^`W<${fqX &Rf^>1%~9 /Rs+A_%&6H}~oN?D6:C3nQ:҅a;͞?["ۚA!J lP҇:9Ȣj8JVn-)$3gN/ D[Zrl'jHWFq~)6ydWvZ#PɈYh_jDywviU#UvD\@yH!Ff;};jJHJ_%'܎wX=?EFq.@H y{dߧ y8CFڡ1͇}M saȋicUZWMZ{lw$TZͥ5sB#1߄\(1b:A출<VS?Rc x@z_M}(?G 5pKmyI! 3~x~hZ) h{2XXЌ<x:!e Ay &-]fsy2G& IQZAL<| L9?f:(WH,yl]VwL LZMe$:h~f}%?YF6W ~M, EGsuZpϗ1}^RxFjI)pgi:n\w+ I#:#hbܟQ~ÁX8$u>`z&"J-- ܶD@FC\yeij=q@Qg+O$]CsD` M*Fw;0~X 9XCLnk"ȝ[vď uCiw}#)X`ov[G]3THH\W S9V4"fFcOOվTh6\ҌF x zvF I&%2X 5&Q4)P_!iYi[Fqbba/\M n3 j UonI!QOrdEIWuQbZIG w~yǭZ]O[ \toˍ~^`>ӐL3lIش `ITJF,k‘#@-nM іu~g5?(O` TAib$88ۜS[j=]Vټo1vs/q*u5tW9>:Vմ qS'RzM N/P.{@.1Hԧb7B8T2%uц%w5"V~BiCOc&j8S^R'*Ȃ5FX{IlIldҰctP,c(_XxJO_а}>|vWW6rk9cs?&8݃Hϵ!w &%sSd +IMwZaarqB\5CYeV+saKx&SCd( gx'd1XL c'ēT}XWjRWo_Q$ّ҄>vS)5Ռ 48u r_S^UO شb̫*l|߁qWx 9:&ObMw >.IQ>- p J; )pPOHMx 0%V*)|ѰVͶ&ݮBBϵ µ|~~F{az fDG^-(㤟Υ'zX}gf:`66E'XX: 7 wƃRZ׍|[[iA"GjaJ8ȘJQr!|eoɏ"f`9U&jpZ&@"iz LR{'k9@1R+'(E3Ef)gzQ%p+|8󪋇)hbvK‰{}I/\Nf௲L@/bfGxgmfۼkQgtT}86sP]_@%y UqaH[#w%aU 2ܱ%-_<}BGb :V7+s\=?U$/vyT0BH- fpShAYy K~*7dHdU/£z6ɑz0Z%X☵v>oS*kDD&pm/~@L<8\v4@R#yS}4(xJ^L*aEN.{n58f4/1 L﴾ 5Zpq!N޹p=k«$e Lh6IDYNlݻhŭsd<} $KnOoAx993}Ësz@1!,}|?bզVm >ݱBnݝʝH.+^^fz?]]U Q0r؃2_ 蓵]q $WnLל=g1 ϻvJIIi*EٍM1£cWrZQ-r{lB5BY5^IVwĞц>HJ|EHzZj DoagXEC(]U>z(~%x,+l|`YLv'=669p{{a9W@:pb1v3y/|AϿ5?1c@%|'uj=mMyf7m7?CN5tpoܐ/ (؝gsӵudX)r 8aJ$5# *W<~(:V#u9ĈBCp70vv Vs-Lk;rO֡HղZU)B'Ȋ F.\T חt1xH܄5훋 auLa0+zFY- IPMS %~G~'wL)>CtLx/2%#U5;oaCua4FT8Xn@l{j7G ƦWB2~0P<0U .2ƓKDw>~/(^V}_Wmh]!&ѐzF߉F iiu{ELc"b6N,7c7{EUK@MV|udr(r]`^0[4TncU…{ROi\M a۬Jf[]йعLj#~̮vi"𢍕]8 '4;>{6k|%Q{l;[x>+C ptuӫtV`qqF)(K˻vgzv$ntq]: 'iȆHԫFfȴm-R(%~z8Õ}a{9P.0i}F~AHkz]s`̫q\Ց |"Wgn8!K0Y: BFFBC|Mے Fe^F}-Yr!3|uo'vBIQ ٶRrpϓ~^PpѠR90G\K ey#JLk0{tIXP0RޜaiK  ŝM)il?!Sy{}5j?%,UNS Zvx#?U 硾_ir rZR ^i#lGN MQtbRf ]FN, r&czb& t A$kޏFWvЬU!O&+a7I b۷ .蟰D2y؁*c!hc3ѷ.M}$o+5:=@>8 @2˜}*yK,ʘu haiKT+œ>Kd(!>ܷÃT+18p B9;KyL Y0&}R/(1ie:@Yp]f,b#1peٳ=d"Uw z 2ʦDnNpG\ Q_;}|.̱~x&8f1g L:;}(R ʸrD$s YM/i8#5o!;BOtk)xDJA֡DָU 6p+}obC3:V9_T 6lAM};0&ZεJ ihbr *; "hm!Y1vnOC;']123 m8*Hk%L50nzֱW6]F!aŠ$_惫oV(q3oCp/WN˭O9v Z d!xOje3Mb~dRFBCjyO 0-+wMHgR`zCPHU$ϗ

NӀKsWsxgf=o6;K eE|XH,8/*ZaDAЗÌ@p$}{ҁ.g7һ5(]>BgFh2<.;/Bi QO$dqA= X6;vU yRF= p1f>Ql?B_Fp&ߺ,Y2Vu~[3Q$̓*T2mtQ˂qs_(,wx`QGl=Eh'̊f p'` ('MTkFw2 4fHg6!4֞ l.'AO|D3) :m6 N-c$}G^V=1ᜉud=Ӭf>7\A:x=۰m˦ SGގM dqo.Am'*zkbm`H+w!6N!ag1l[s)h᧎Mߌ?|>i"VX0"<}DSϡ4Z&Lrm;tJl,xHE`[ހPcYMY|ag,i0Hp$*+;hf=X%P:xrOςvMtTazm i:iOY|qE}hD.a2~*NpFGZ N TLK;}b}&Ϋg#Usd%n*:Nk>Òc|I奦X EIՄlꨗƗ)L51 2;P%I?pt+9^Yy]Jݫ VA)@LA}lQBŬΚ֧YH=}-1 (\m:V=oh[7&_YӴfzŪUwfHQ{=a6LYM;a~fJ;EuhoaۣWi3 j+EwN5qB$+YE`+"Ԓ-W-fomp*õ5rQ(Q7'Em7]_nCxlHH-@ AT{CCjJZ 9CrK6 ISXQSOۆfhi`udbn][k֤?U,3/PU(o:FC)J-Zz7(f/<ݼsb2o eU1 MgCN;kxw.#W hB ?,e\3u{/wqz.0Zm+9RԇȓT=.d o:t~]H70M6 -*0ld8Ա}A HXipգ|a^~HCMҳFxcr `u܀B&Y(RPr`3g (4/icΩ [ɣ%I~8Iҟ~2Ȭ}T}{n9X{.NUY VM5nKEs`:i{c{Fo=-aZ0DGuj1؍㺧2/洪|_R[e8jJ4>="Z}TՕwE+EvI0d0+@Kbt5JY3 $RɅrl[Km*fKVK S344e}{bsΥeB`ȥh@w3Ҙ{7N^J*B2oiiXtwpd'9_͆sAо>!-&ǃduW"8ӱ)i<ś|Ȳ[;*̵8`4N =ԝ@ίt;Qez:Es,.3<%Gj\a,{[|_~.:G7upY4I7Ts0Ψ`+'%6M@l۟ŅG0Igt do$ V? 8ZIUE݀7 B6ǻKK^=XTrjQl:^%-zI!U]OWF:q}r;VupIRJs>z(gS V)i?n2ե$ \tٴ[!}{*ş;$KQ׽w9\"O/cYLȧ6x C.[ h9=SxO㮞wz%dڸ9]F dZuRTAUȅ6q>?)i:zbOY(gN=C^Z3pu]&dvBm}o˺qjLbΡZS :+Bc/\w+DEp3o'k@>cק@O,,rLS D~?a50wPf4ygҧYJ]?@dL~"|R rEv QU!p|b"f2|:crNב6]sܭ05f7wP>(aQ|‰6I@+& G3mIC\2[:N]M֞Dk鵴h֮fs3iH,ɜ5 JˆQ/]sFyly\jpg/9O/DiELČ[YB7劁Cef98xk_?=ӷz0,j1>P鐊 uKN4<8Zt M*n=UUwקp87t#~&FV䞧#pz_Q5 ҥ\N;X#[\A~G{WvsSeMz$W@ rgFa.CěYGkdU,l .)=Y&4GgI0/-D:yr5 !}G翓I%# E?՟DZ0M6J5UMA39Wg=` aJy'l| bߝx)GѴ sX/0ʯZ_?qD[ϵeP*r *%jÙ+ kdU&{3!jk qSd\-0^1C6߸3KKde 7,:#c4'ڹx lߙ+iGD-ֲyD$Y:_Eɀ&:#f MfRrOqve"Kpߕؿ9[F6E Rr[k1Q6E>:e甏4[c+C/e0ƣ" wsڳ5B-$5p:僆D0\cFQ'`3_gB b G†:_a4O~)Xv֒K2-z/$@ڧ MW5p.ڧ`E)ltx8R:O70#[?  "3gײ$UA;UX #AH}xBK"WK-U*8>D}Kqf#e-K22TBPǩ|g pB MI{ P?wb@cFdn  Qu*۵@M([4}d&+3DJڇo'ƅ 8;?Kgm| w̝t`2aPLd~(c!(=Ϣ8v8)OSbI ӑw(ЊB})|7' Ut,Owau=!gYRIrRIwG.H+' 'BKZ1U7d9=+J 0A3e y;yzTOsʜtnbG ) }M 9aLM> S ɘC^Y>5pH~&} CkP*Ya?@oVtMmR*tZv4tBP|Lא^c0m "]:k ΁,IA3gG0:=j->'$%^-梯HBf*@s =zkЇEU3 E۪7vYҌ3GXsTJ׳`[@mG=>*&7(24(3;L;"3jf14y-dg^gm,5N(>^K>TJ{^y ݗ:, ݔ0ָ.(N& Կ:b{sҚT0bϥGMttM4˖lț͒:pmңVx[h?ReDJb_~@zܠX\|P{gL^zfiLJ[u40ЪˣdGz mG0R(?^Մ7/11:,e%Ma+l%_ˁ1DxaSZ! l0C;Pi^ o9Z2fQ># ]$"f>kZ[MY6,ގ }A]Fvs 9*l{-gB&PΑQ K#*Oj` j&mM֢ thdNsav nJfe돠!qw03-(Oo V~{x(cuGrx ™+K`ok'm,+صj`jDl5(TY iI(tEÖNA4KL"t&<G7:V:"ԼtC2EtUo$9PLEW&ACpm#Bz+P _H##/緉z4N3HMr}^g>Bl0L|fC\Eh d7|]Jv?Oŷ3l?1lQf'5}KfaBZo)]t*7p`LӏUḭR|Ԏ̂q[K`TrpED3uߎ%]U;ŽQϜr}r/)eSwk6o4ǴDW=g}:ƅSU2>EC0w Y?aMhoCсl蝉(,PB6B*= `Q6FNh7VF&pyE\*B ©ĽDN 祂#פR@a8bzH $k77͟%˙.1oz30ʎ) Vx3L@e2)fިduN4;ǧcQbRwml\8-_MIyIB[*Ț Qv 0ڮd,?Xm#{u7BKӃ (WfbLUBP1:A,%I.̀<սZyP7!டTѿ.Y'2VI!w\?듎&C`[06ՊO;u&`UJ3S*U%qSbʅsXE2U#y6t'֣9]J< xJ]G4]P5 KsM&C&gWh@K 1}5sBܭ!N>kAsO 9Cm`$?/&&ZZA铚GiJ : ek+k%϶j?Ψ2ŘKK?U#!RS7 7f3k9Pzk`{䍮N,D[RgHFXz5qZOwMHao{c&hda;Cmk 7ekTď^0㕋vGo7Rtt#)`L*r Ly fVzfVI;/mEQ+֜bjGE3v&g$'0oIt[OU/Tp;flo̮2rxW3&S#/4  : zgc,ybѝ ZZ]4r"ᕢ5SLo -uAb1 4 oRiDR;XO͆Gڨ!(n%*3]*Po3.fcF^#DZ>|eNvۗ2i U m;mi!XBBce3oe/R*TGxF 7)kVMV( 5x6[ }䩁HhW{L%yC]} S~,U͘5BЄ^Z]l"2ssT,q %RlӢP?; j9Q׷#aOy^KS=lT|IzE..r'ݧ5:p]9U?H?)n]L"{pDLj.U_"Q:\X Z|Ѥm=U%\ܳF.RlHYLT_if+BrHVu-X=6MYLozŇH=?ƃhȋpWA~KKQr\ũo UE˄B<V`VA`@zh `#fZN 㡥' `;*ͯ#* 4#/ ʧfV۹ *˱4Q vuHў-8픫rh?pV#`H0њZ9~ L$S*  ~M52n,dO(/6'ׂ_b$Y GpaX U|FJ;)rYM4E;T_UuV#/&pe'Krڻ|{yb8)e_׹}͕:wN*ڲ~%gI{JCg*uCŮǃ45nL'r4j+Un.6$$5R=ZmIA1[mxP Џ8'Im %^$fR/HaX;PrWG1ќ_?VWB3o|H&*H{@tiH5ۗMpKQHhMrbI%+#d6iTGpuo$46` ٮBahu_{\:k ([ +q^%=!6ovpp[zalQU+~^LQIҚ>e>< ?\3Fr,KSNEwVX]@o] QR/Hy+b#>HˋT:B*ᄾэ+eCWFRXm*Q7o?X BNԟzD28|0E}B=]Aо/KDT[en,(CLdrOt3ĿEvcjs2RL̫/Ghj\kN6p+H;8E6,SF]IM*?ߘz=w~##^ yAgnmƕBKDAKX;rch7dD1vNU߭ie(+Kװ4LDg&4ؽI]b6Ֆ,A3ºqc /~@e,FvŖ3>G LOa(R&bW^y'b:%(Vu۵t[itbB|RϙVy x snF,,v'7(6rRDl}! ZiT*tG525<`ZMeM҅{jf۶jsDK@T/lo汑 ;*Pgص-q Hң^|1q﵊6l8 ilxN(+~yܯUV=1ڤhAO uᔱ2#*d4H*򩜭|?HaMudLJ4%:D3ؐBGk ĊYKx-_|D5 pF4҃)\qu<"{Ѱ,5"9Rfō[~uR$0 V [ǃSj6 i~! *{(>xF 6粻 XiJ}bȾ?wBނo'^6)J~ ]iZȰo.PJ!e̯ll\dJR׋D0'!v!zBNLF~?Svߊ WJucu뛂>F WhBM*B#[`]| N}>ϡ^=8ug"oцyym&G;mFԨwulIfP~p0H``蕡fWFGQ'mM-S 0aN-R8@Q0I^ʐrAAv4I@xT&!Y1* 9B;j°FϽ{Y<%m|Yo"v)(ئwP%h}bLE4M7/__T䤂p[Ul[jHdڣ`G?:Ȅv/k*lb5A>VM&~Ch1}ϸ7unj<8$eh0=صȗAi/ M'*=UIƊGdC0pT+TXf/c*X 3|)8U^=!B<;F@^k]Hf֙5[`ȩ;bN䥸-Z)}֠x҉*c> W03 ?*IN_ Qځ h/ rDŽi_Ԛ$PR/yHQPqc qf'̼Gmnv-^]!g)V. 0]t{ mˣlt'=kL+?PC .7>|Z rTK6bt7:^8R앮j_{^uLnS_Mdj]6IM| @lӧ-by"ͽ,.窙r^2R?O_CyqZnFQ&wygYB\KUxuDuId[V/̑kZ"ZY&S&_:j'cAOB3j_Cs+f`7ȋ]Yʯ ^'*JjS;UBrh" uyly)rsoCHQ4ta8URqP&z: t;%I+>rI[=Po}!VWaLTB-g/q͎s$ @*"䘿{}T-jAU׵%Egھ+|e`|f%&`,*/%T",(p45lL=J޷Զv"9ޘ=zwg1AΘ@CX†r? T׺S0yGd6'8mnJyTa%zKvXBmKcMM>|tyzfW=ng`+|s}0vٶӃ\?@XTTfjާC8Bn(շÔ%mKqfۧE A: N#EDn `(fL͂Iԑ81st&|*P nA]PhNhM;[3?4Yq4.0T̪Uf`+?B=  ߉ݩ?~vhFuEGẊ>ߜm%٦_+Ԕ?vOx3 ǞEr}֣+y$mzi% NL~x(IBRz._@ >y kG[ <-y NjJI Kc\pX:bJf蟒}B/&&Őjeq]0;a R, *IgBO*b۴?&%ZBzKn$Ƙ#"dw_* ެKI nqR@Ujn}59o©Zoyc D @֬tM~]fml6Ba%9\Vc TW)p}ɤ2pZ~2*dڹ>+4P4WM`z}M׍>my(Q kb/+=Ә"[L{Tǿo`TE(wkC[l| ˁ"KjrdT#cxGIؤ۹Pb5De-$_NwiBߌN&DN Ⰳ5NI9GD#)İW9q,s7uFKV];7١iwđGM^w7XHӬ/JmVd,z yTeijFeD䳋PfD2Z9֑Gw1G 2qauDCn7U;3cTϺ L+K6 (-QS0?;ə2=^Is/=1 WLF=g ᄑf<΃chSeNoX|xe 0V<bp|N5T>}'GY4T2că"w>6ӣӃl.+}j(|xL*kmcx萼:Y?~V󷦳8'͖W+C6|ZORqZju3tm"G9bTcnyQӯ:E03IOGH56Y"l(8'8 "~^)7][0'KEޕ6np.3Z*MG"I%}>t A"V 6zΦ%t{`ekR5O[&]]H~i'\lEHu8O jt6јe:Z=*ԛm=4ZWD; Vs(`t`-*qy;JdR>g}fᚫI+#],iR\TҲo[*ie`z-B},$EE|Ur+(BG$m!d֪}+&6zC=IIu2upR"A:pc0R9N8Yٸ쒵5!J5Z;X؈: z] ~uNXS~OC jd; 7NMRv}&?m u!5.F`(rМGwNZXmuq ֛ÍBbV-n ˂/4=\QC B\EʄD_T5U+{ 4Ri' .pGwM$N9UV𚅣/9"ІtȪ;{=%z+bljdP xm7 "Y?Ļ-XݼANR$@~ 4 0f\~Z;lݨiPNa\y?M桯AW @WODQPR ]ŗr'4J(o#ƨ C{KW:2i}SW'^t;4q*!:vxn =΀u ǨO͠gbuzyZ15oyvPg:MFcho;Pff18C,8knc7tڣÚOұ|l#o+/ʈ7Zכ <;CFd1Dm`ge? ŕ;HB5(DZ=cp2؟:ȟ7=D;![pfɴgnX|Ed>rh4Lbfԝ'KZU^t(b|XF3e2 'MD-Ps2wб~-Oͤ.ߵ U]\FU#I^~yuɹ#oEDLw{@]6f5,ԮЛOKi`c0MfhZ?VA'Ffi*g,6T(UmXZʍ^mqC%r(I ʯըkC=UJ_)(PĎmwKHݢk `oOݜH,ԊS|" -ZYiHQC@i& 2l aJeYvԦ DiX՟ >ϣf&C1J$gclԥbMX2ݛ[d' X:S*p*qLIAr=9b+T`c{%$ƙ k1f6)JLpoOm_ K'֓;=p ~]򷎔AʖhYN(s#[,8 i?T$h~ B E Ȼ{KhDK]ۿeIpA,e1:UYL.G"#Pu # W\w n=ߡ_g{űoFuKs FƗq4CUNUE .|F  ڸcq7վcYjpB*)%̄~M{%ym!^$?GJM[[*A7ǖ RxZHB7K ~\\I%B% ѠP(YDF+Hwg7i'6$Y] 1FMJv]Cm6ؙ %%=8dI 6vIF{?I/ʏ5w ϻJtփo FpJXWNEkĂ⬞,VoMbUnp78cMUת"QYi Q׽o)M3p 8+;4δꋃw++ ͔cB€.=e>ԐNKEazRG[~+G4qud/dHbDgDP圕qX?>VCYFEr4b_<%Yk (%!njj4u6-O؎Uґ A516Н[U骤4^ ojx4.< 64ZZ!w vGW8Q1::H?A;Cj޻;F*CMp.XⲕX^uǛy+^;KK'KO,DC G7k>SoRӳ[lhcZ x"]= δsԹTB?P"$ar]^t(GZ,*9 YZ