libsss_nss_idmap-devel-2.5.0-1.el8 >  A `ç=U]65V/͗xo$uڨDeoKz${XcHe4-S¢qX?2#Ӫ"AG";h nFGV a=~aPg#g uϰw4EݍEeQ5l?'ωV { ? u~< *y@h<֎C4P)W[ngٰ)1r=X^+<& xZ{>t݀ s;\+;\|* i?P]S'P1;웜e۩fWߩ[LeQ6|J,c>] DM 1(#>l]_uJ2Z32z5U*ga#ȆUeKYB848214b4a3b56f7cdf465535a37369aa30a94635a55511d774eecc6eacaa7ec7ca159dcacfaf8a4843ae60b60e18cdc5244c1137`ç=U]+k~=D=fKwGLȯLCM 7~X,"o4%m*V#tU#ZIW YF]y{Ÿ"^`v6.lL-tWz[LAFrm4iZS˝JlUV+9%+: =4 ( ܝ9d1i+wh֭Je);N;v #v)b&T}4';9iTXbU,3[@(v u1j)er5ūf&w˩ a+Ot&4DY)ԧHa;„Zˋߙp[tmޒU>f'jJw .[t;O4^aЩh|s%_T֏ ;p`Ipp<i?id % S !,## # D# #  #  0# # k#  4# 0(89d:cbG^#H^#I_ #X_DY_P\_p#]_#^bbbdcecfclctc#udx#vewh`#xh#yixiiiiClibsss_nss_idmap-devel2.5.01.el8Library for SID and certificate based lookupsUtility library for SID and certificate based lookups`åoaarch64-04.mbox.centos.orgUCentOSCentOSLGPLv3+CentOS Buildsys Development/Librarieshttps://github.com/SSSD/sssdlinuxaarch64Hf B7 m8hUF $_b{:\UM$=AA큤`å)`å!`å*`å[`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä`ä9a6265633721f54dc1145f107f1032bf2ddadb7fa91828a72ef8aec04daadcb4d35e0ce1ebe32e591ebdc9466b7656f473883677108a309797dfa818bb9f4b0a9e7ed0ef70f99bb7f763a48ddd95d5990e103bb145eedfd0a76d19c122374be2782b30d237bdbeddfde4aed01f007264cc116b2d4be2f398a7cb74ec7a5bc58bc98c02adc57337f58c40aae15bbac05a3ccb364e5adb1d610a16452e92f178309cda636a25234ae57749110a061606a7cfdc55ccf9ea4a28186996f29e496fe1f645287f3fe753773dfbafa9e2c39a3e86e684994727f837192799b5717d387c3ab9994d83187f8a0592bcdacf896e6daa73a94a6912320936ee1ffc6dfa5d105cd4cb41607a30d7820cc20ea76b4a3b8f57d3d2b7d102b58c8e13ad95e83aa1d95fe86c0291b1e5eb2a4ac28881b88b3c8bb76e5ead42331d1161546a61ef666973a2aae66bbb99f2b57f2ef160182825fa5305444511ca1eca4e1b0b38528b3b10bbf6fdbc2543bc693af9c6a28da8920f8508f0578ef44c1d240fe719ad870630f67da2ab33f96c64b3e95925cb713bdb7c0ae1ef9e7ad21eb48188988a3ea6ca13a1c87edcfbfc91317896452c31a9d49c4768f1b4b46ac32e0907e00a73680166339ff62595dd2d2eed3a79fb9fa0c2e8250e89539f6d678aa2e5e51e2627164dc046bd9af0084934b2abac0990c904386f156ad0c49b38bdb0172488de01affb21350774cce0f6bfdb161ab423e7c09a6b516e7d4454a73462b0470c35df650d8a9e2393566309e45f9c857c6a1bca1b6e81a2b2be78facbcbdd3947c57d45da862aa06509195e7ef4d0432e333728f0d9dea49acb95173c139f69a7804bdc6a72666e1b300fdfc5ecf102714c9fd57df76fdf47139f8dbf8ae59863643171164c16baa5953c17821a7ce5feac673c05a56b287453ce3a0bf5048f0999b7711604d6cdeaf3cdfd661fa21fc5bf18de929671c801f00415eaecd35abda3a04665e9dd0ef5ef2c6ddf02b4a12472984485adb027fd12ae6c60ffd203b1a41c555557ca84ba3598f52c281780dd7e22655db21ac383712e62d4540a1bc525e19cb15791263a616384f6f0dd03e4b33f4d26d02186f724ff66454f4499ba6639bcba0c183ec442cc90fe27a2dbafd4e1c791aff374b5326ba16880a16d98269abb731904dd1f8eb00aaea66bfef72d5252931d84cc01cfabde3bea854b5b145ddd37bdced843340e0679b6b4e7ed2fe318fd0cef76d160543722e0c3eac11f901ae15db25905dca7a17b81c6d51869fd12ea569fc4b072d217786b4b4d73bde4b9bd9425bc87b33d6b1911e6398673939aa2f15ac505b9a1ab029b8452dd0869f392daa28adc942272615ff2db16bcf084f01ec9fcc2f7f6a632b2bba8c468655e985a3b271c25952b7ba3a9142a23515947e79dc051e75d70f84249a4b15elibsss_nss_idmap.so.0.5.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.5.0-1.el8.src.rpmlibsss_nss_idmap-devellibsss_nss_idmap-devel(aarch-64)pkgconfig(sss_nss_idmap)@@    /usr/bin/pkg-configlibsss_nss_idmaplibsss_nss_idmap.so.0()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.5.0-1.el83.0.4-14.6.0-14.0-15.2-14.14.3` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#2.5.0-1.el82.5.0-1.el82.5.0sss_nss_idmap.hlibsss_nss_idmap.sosss_nss_idmap.pclibsss_nss_idmap-develhtmlbc_s.pngbdwn.pngclosed.pngdir_612d9a3ea024aed236d313a9fd3b6597.htmldir_68267d1309a1af8e8297ef4c3efbcdba.htmldir_779a70902e6daba0de62226b3b7785d9.htmldoc.pngdoxygen.cssdoxygen.pngdynsections.jsfiles.htmlfolderclosed.pngfolderopen.pngindex.htmljquery.jsmenu.jsmenudata.jsnav_f.pngnav_g.pngnav_h.pngopen.pngsplitbar.pngsss__nss__idmap_8h_source.htmlsync_off.pngsync_on.pngtab_a.pngtab_b.pngtab_h.pngtab_s.pngtabs.css/usr/include//usr/lib64//usr/lib64/pkgconfig//usr/share/doc//usr/share/doc/libsss_nss_idmap-devel//usr/share/doc/libsss_nss_idmap-devel/html/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnu    C source, ASCII textpkgconfig filedirectoryPNG image data, 8 x 30, 8-bit/color RGBA, non-interlacedPNG image data, 7 x 8, 8-bit/color RGBA, non-interlacedPNG image data, 9 x 9, 8-bit/color RGBA, non-interlacedHTML document, ASCII textHTML document, ASCII text, with very long linesPNG image data, 24 x 22, 8-bit/color RGBA, non-interlacedASCII textPNG image data, 104 x 31, 8-bit/color RGBA, non-interlacedUTF-8 Unicode text, with very long linesPNG image data, 1 x 56, 8-bit/color RGB, non-interlacedPNG image data, 1 x 6, 8-bit/color RGBA, non-interlacedPNG image data, 1 x 12, 8-bit/color RGB, non-interlacedPNG image data, 6 x 1024, 8-bit/color RGB, non-interlacedPNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedPNG image data, 1 x 36, 8-bit/color RGB, non-interlacedASCII text, with very long lines, with no line terminatorsRPRutf-8dd9039c7eec50aea27df3d2ce9ff12d9727f95f0ea66d4b58ef98f9cb7aaecfc?@7zXZ !#,4] b2u Q{LQ^/ͬK~jtmv da =(lqۜRJ> ødw: oL9g<@3"t#+m4Rr6=-ZѺi5'4EARvyX@ N D_8Xw<iT4{U۷ ?IJ}Q>R/\C쉄Tۛ5(:+sإm(q'":pėꬦ{k7JW~ulⳠ&rfSMM* RMPcu-+Vc)nw' hD𔋬= r+]axl}H6Z>d>5X5==is$ FQ(l 76$T=PHxweLj<34ɛVAfS˘_pm]M;sJ~hR-nyApĕ0P4 'uKXq'ײt+3*vS֜nb9H9ŞOC:{"險5A:JZu%F$NTzMVgCz(#+$g/wi܁t-uf5^#ZyFmsTݫ uH<;r]‡,أLABNa޴o\lwöp}50ĻhM\^@u[ƎdR9|͡G:)-cnݶ[Z0'ueu"nd[r=$5 5 c:>45ዥ)9U)&VU_^S߶l^r6Aρjڼ.&u1VX$(3zP!H4,vXy8>D&cz{E8O%lmq뎶+-۲hG5vEYvϨDEb0<۴Giu܃{<'P%gwv!;vuN/:Ы)Jbpe9[^"׭Y4-[D@jiP&!訢^p@~tw잌G!_H)[WAx)YT^+==y\B"Zd(O8߹566M~ eBKgLC HSAlla#yqYe"Ls3|>{Sv_Ur3p\2%S}eB+n7Ϣ1_8%LϻŨ}YK>SXћq8!DBRTZ$LwN!_70]Oq }bJ#pBvOߎXSLmBiY1{п(qqke(P`/XOmɥ'EOJi"ژ92q2}6Β`(7R?/?0S1f+&Nsԩ܃ z~QaiX\94dLkKۗ^xx3ۅw,gAZQ%܆2h%Npgj4ttb2ˡ_=l#\hYrHg˝ āyYVn\tŨ-K(9*}o#n=%w^A b]b'&MW QzUFN^;-0pS"SHx&-3N+D}$jVvcm?^)s#$C6`I [ |JxO`Z٩iYK925Niʪѭ͋*d7~+-ZR"=2X5dl;9xB="\]i΂0[}$@q#osSuAb7FT8MzӒR4еxWs"~iC9:#OL0_ȣ2i,Nʚ+Z87V7sTTP+NimM|3Lq`ʒ64OuƉcxr@.NGIB`0, ثCBkG=@Ir@ءSNz%Tc@rQ;K!cXV` U#ybk6y$MRs뽹?{ mȅp7V[$2iSmI2;oBy~ HPGh?PFZyb;T$=P>f ܆`Xw6&} Fnj[-vQ-4Rj #֢f w%A Wa*Q@;#:\vEa`UU"fAUƯX.$Jx;RU -zmbGSR=zj|r 7J#e;J=cX0v <‰&_I0¼+9Mh&3Tk![8ζc"a[u8Ys=jh0}SHnM.'(F6Muy0^o.-*NY0^=rg*e H,áuR i#cuQFxqr#v MjlI1kz f6J>Ԩ8|c}R ]F3%7jcC Dg\`Q }6Q>-C g(D,c6.N+p'`Mq _1ꄳAop=5&b71^JJaO<@;j?F4궃+3LrzpBER"Kxۼ٥G#S~$au^eȳ*;cjƣYVuڅ"{ G ou7߻M}FOWh= 0&!$ΉEOl5A$+r݇I@ 뾎2t_>Wqsbo Gdp[ۧx 3}]3E+#d{#~f n o `ADQqꟑ# ?Z;gEұ*~ t5gZ }`$kl'vJ P#3;4~p7`?Mퟛjs+0Z ][jZX# Q4ͫPj.yˢ )Yc 6bM\Qa:2ޕWٞq8` .E6. mOǸ*v0hG|5+,=0VP%F(%U_ 0{/S,"D#/E_٧"c*L6ʊ/k{"Bw&')Dxxݛdx)(VFzrQ[Z4ɬ 9֞O1Ax Pv2"ЦFVU1sTͷn1Q:_FqdV>` +ޑ+0ws _@ut_\VIW9?G)9?%ZF@\ܫzS)l)ڂIa.N/rW99F >}hFƩM¹YVMr00l%^E~x#990^a&1L-W'C H? *9Բ>`_4 rw[qP2<ܰfsm ,Bc}/ȮHPH%M.s[d_3ݦI#yմ˞άǣ4!f}ko=z!Axs<Ʒ7Rw/ôe4otbmp&^3]Sg`dnFGbP0r5R-KۋB[41zR AO԰/,}*=$KqNrWG~3J]d5(橓]Gsy$xE2KF uYlTWELqR5'+AZfԕk5 Vi7Q*AѸnVG^^D1f\ DgIvjn80pR'{fȿU`XEqM0 |pY <7B6 ?wʽݾ9Df~%|yLJAwNqXTwtY,`svQl0CˏX Pܽ>&*&o_J:a1[˩lP>'mO]jiܻ#dw]58R$ڂ+s ξdRM S@Ena9&Nh/,*<8 D)/#qӐ́DQyN썆2SNd@)m||]Lcy'ZOܤR[R 9 Ux]Sf ]匘acCh_Dn `i8i9;tqIog W<r@gjדgU]'UfW qX4LQFzY*'.OcFZ>QGvH^>zP: ; p\Ìe@n۽sGZ2 !z_3v9)Aؐ+?W_SU,fwõ5TsLԋ<߈DЧ/u~<{ /Y qM%? FwB uR[g{u bDx>:c'+glci`&OFt**{D>ԟ[9_ʎr}%'_SYo6DW9"=)_YKpRpill02*qd]Z-1;CYG싀Rw WkIhEp?9-iPF ASYAb{ K4mfު=ꛍ7=n')Ѯ.١pӨ \K3q'17udH.rC6D.vg8CMr17!v=^HQ7Jr.hkRZ \IMV90JI%y)ժuǒA" A1=;G FfKfέQɔ8SEC >l$^H5{6v@vu6X,>;ٷEdl#%SD:Lٵ4z ;u,q/O8ۮB<(})d񫁓]u s&n8t ]{ h{0愰k[V^.*8\T]bWO; o ]d~(ba¦ LG0a..-ؿ6~pbSe%X#"Q\'FzkqcYS3f52)!8'!)%||l/'KW2O|zM{8sq]!d՟:NW^Z/͙ZncF*ISg9  IbXs Yj[KCkV52793pir⯁tFۨ"k_ndT"HhUM_1)KW8xPXF0) lf''9 z:pQ]†}«QM`jR$ m$M"leR wtnu5K % P_CwȚ[Ǻ֌g!=i2j3*w6,$~W ɼ88ZTpu;S!TH'brw-~|/+jy2{8;k?47f/[4^@#z# z8<""=~"ݾGnӿzOwϞoRX;xZ_6gl1&`*$nbØCd GEhY=fmdn8&"C@íA g5)I$i),Kc ٴvpw;Tq=Q‚iIHTأERz"&Ƣ"&W21J |OzEgRmHP,JIWZJLS}l=W<0jw҉ ^E~%Knٽ\hhuyq/m VmHXK_#`cn>%β"6͸Z>Xj 퀹 wY"ȡ #DHJꝹ: Ex{ (!ǚA9 O̐+M)VXf4ka1`9?A >GFb8f/-! }%e!_MG[t^zWZHb:太en0K!sN;jxjo.[ jB>t)ΐigP} I5d";yq8:xȻ@tisq":t)'8Qlm-li\ 1}* !W8n'D\=pFvhiAՑ<&:$;~I,lǑ6-%E¨e#|KgC?E7;x 瓪=:- WH܍.6B Vш,V;4Yv9ԽE$S)[賏l8MTc1 2b%lw12tx Cl[3=pWj>wсYז[pք܇)<!`kJCĮb+|g3\@cgG[\SG XuutՒ&CaݟK2L 6K7vy'pt}l:Bj;:3:ޫ}O+72Y?o#C p!좐9HSߡZ7l}Efs쎊L&02m?Hoߠ(.V >:M5,7sGt&rԐ<@71( /^QD;N=ʇ[]VǭD{ />jEgœN@i%m4mи;6Z __f|X1$C`:ѿD#c~f}beQ8vcZ {։ztqlw 1~mYw%J&V岋ypZԚK"62,&&o[3rՋ+RUB{OA!UbHt +OoDh#D;um" WF n˱H,Ѡ/z*DR~sɞ\3z 70URQB+GZww'7uw^͑@+ż4xW,!$Eo¦fƻmg2ϛ&~4<#il¥XWce0̒Dm4 '))md(dݏT =Y;lŒ xۇ5o",} ] Qr[ 7KhT 8wvr<=cIMM)/!tz67\Q*>j}9u{h^O? BS6)ACA5zZp2iZ @pa 'eoDR0H=}. ?dDSR*4-n$QCǫ8ڴ5[x?^L5 󝢰QL Y`WWAʏ2g[-mAg^DC Aox FpHRK,~ti6v糁%I+VO0`^V~imdtyй!۳y%Fo$SpOnsyB@5yD;󶪀47;a^ץ₮s + ^w(gfhɰ~ࢲi~C7|Qgh8[p0#X`#2#V;VXT9 5ph3j04$F'|98ðĥ5J19ߕK&1N6rw3vPVEtZ E뵉a!R7fTS|B|98Kcsc WkDžPكٔB[e~/N枇Yt, ނ(^עyIP3A-(QaLK"^s~|O3ЋKG[c` $|S9;&YK8l9N"kK XXG!4ձe/0=)Ȱu"a! kީnw?7~0wxR뙺֜2j$wd#a2"kJ[ua|+KEα)y(!ǦJ# J`ßu饾}كG{3NCun,jW難ΟR۸wѭdA7cPb<ծto ̈́;~eWVCLW 8 hSYIbU=Ky4!L} O Z+oLiIVSSGO(kRxY/?0(o9s/0\ V|?~JFT wȾjŖ?Zj$r2]P@Mlw0/y:UJ>uLǍ>jiY|׈ǘr~3O^qE) \Cne' {xCU'YT6[ۧgxĽ5d:qKGRR_ƒF{93Sjz5${:i]?Ũd3dWt$Pj,"ﰛpH2(GL]߉A LBﺾuup=|g&`(}T=`%rv2JY;cR.MZXeDgܼ}$"׌rF\r[+d"DxvsǏ][(x=HXƸ en0)ǔELҳ_2%%dgH4p:o~pDгI8r6 L4l),huDo*Wj5go 0gF8{ff/+½r(߁#R -aPYS'`ꦎ,݋l}\Ȏ!w oXs2*X5\_6#cR6ĄAbU}lXF[{$VS.$ʳ`S ꉸ."=v.\xJ3ɺVsLHO<_~+7lj_/(Q ?W#ܷTUo&Y v-ݪ2+0*S9/& gHcI :[q=z<-ٍP{/7ԑ\m`=% c6y>HUey3֠軐0S67ĝɧbLfFaʂ:di^_76b*rn҃Пf.?@ŷE-@1*õSUt5uC|*R &˸5y9I.:(#f s$Db0:3WzH'6ΰc4&X;'g=ef9;߅L0"Y_o]+ .')qtu.%T7s($'%Z~t۠}|K";* ~xf ґȿ;j;yd3yLM'8E>-B#~P)%ahv igm`"\RU JZ;h0_cx|M4r n^A8<%W-"TE3TGØ@,B,^uQެrqJETTR.'H>E# FZ#R~EJصϧZDA'^tRݗCB^ĥf=t e`<^QR%VÐ l2|11u0S/3$:/0b0@܋ft5K-JÉN]n £]ڛ69+\6CْE;.~}eng$~N ;0%QZDݷX[H=q` &>h{ 8tK ֬XZP<˘ۜ'kOMd뒳pPa)oB[o lAH(с:u؜jIq bDMYEBACսv0.tԊZRM7ry0[DpO^TX37MS'U-/#(n'uS|~dtEf|MsXCܰŗ0c,ԢQ5Wc6DGؼC~bQC}E |G$x[-4+;A xMzDܒu g\HU:'EXh  ShXhWRC: @u|.׳Wme,L*Xr(ڻx}Œz.O*v "X̩RBN̍m<'e uƪ"O֧;|s!%7wZdφ@Y/,'K`c9=q)mGdBg;+t3/q+S.8w8(PNjO’: vy2*rIIn Ҥ,Qx+TQD%[$/Kv,Q\lK{,)|k㲺UJ( dϛhZqdYvdf̚T\#l%-;n.6bM)UL𖱽 ^4eC?DmU+!KPyٶd55k54aRVk YgW,F ? YMBѪ/C!2+@f& :P!vJZ hAg#w%-ͤ9 l_4(3?jO@@ߙ>V"^Y 4نSzSɱnc8x_،IS-yW2`hw9և_,;Å{~*O}Z>d0R fqNp48Ŭ`u*D;ZGֱ*KBTSlWAG/h $@SE9Yg VLf_ < /1oԘ=7[8s!XZg, ZQh48nevŤmbk Nhr\s;Zu~Dc/dʷAa,0wW h'H,Q0XOb:3oE""_ӃIsTiҦW4ڐ~EXi3"02 ٳBbp( e%lngیdRi&9y:*%A/sȣk Ejt܅SR1_J䟷J/gc$Ӿ lfD䴷A  cRSouP6E 6tڋ2MkC+LcuЀgT(}6-m|B~,j$%oH)HXM@l`5tT,P4 XY֢E7*~'&@}jEi^K"ФèJ/P49~Qyc/y \g $u V=𖿱<϶Ez2W]P9ɞ+n 4msoeƢ U,j Jf]qk o5pK3&j*VGҥl^2E:~C'; * L-f09Y7\,d\IC#/b(%0+O I=8@viKAɈ!N38<([Y/rR-k g4p{Qf{k@) Y&pr*BVOr,,í5 {M^[8OԨP3" Xo=tN6CIy -9DL?U1cSeƪ:\3 $T;ɱHB&􋺫Y[E.r'qhC pt)]!YnE%)Va,YY&l.A04FH&'[O`Ery'Ʒ]~ӹYx PRLGqˇߣ"Mlx8B'Ή'WiYyʡ/jlɶLgc>v"17ӹ<Ԗupt7IHZPQXIT>'4i!ddKm%6HMIJgqdǨ?\'/%2+.Ȉ$]WVዜ=EN Ł=}~ۉڀHĘimDMtrv6i3؎Q=C;ORCw9ϊz6h\ aw{i)lKMl-/W{b)'{oUൺoQ϶5 -3~!8J(F` /k}*-nQ ^J8vs9ᗱAx1.(f;k0KQ yhҨ.8"֙Bf̽ZwXFC] yG! 8DHǥqH2tRN#t1Pֺ)eoH?HGs0~[;g#d&@Y+?y@\E@ SERZlŢqp+JCB 0a] HHP0ߣ! OqCX?kC<`񤋰7HXKf#PI.35@;(GU%Wc"VfFb^VW[k6 JI [T "aP?Wm[ݘq(y9&^ѡT?OUmiG:.(!r>j.le\X|i˫YH]'R㍄d>u _ÉՒ%sɚc8+'}Ez2ZGSa)~2-%S=WɾН+/AO=X{"+F\ N+sdbHS}dբ/y2hÃaJ QYCw.̇~`(t: 1|X"eF5[V1ِnGŦQ{7/tqOɕ|u%wk_ތssih99<]06ޔI?S{*jTrerĎQ*w-xF8Rnhv7Zܡ3߈;x'd UǾ%ظ;I&0kj'0q*y$Wˠ `]ombg!+m_AዉIzυҷS$ <D3rLTPT"歁)Ɗiv"q7eLǨ.?S] "Xy_~Ghxy%̩:IlwRWbMv_l*yjN'6H_cG;z-A:@ˎ{Y!( m'v֩_9>ML FWoKX.nWE9[ʪ@&i@x-WO4bX`tCL8̺.ϔgI-T$hY0]Nv,u/ƍd]2dUxZ, ՙ<4Jz=.w4 %6ܪmY_Ph7$0Gᅏ:Ǝ5#VCY+i)6r&Bے; TGNA7v8қzMяmjr&s L^$nIjCZ9AR~]J@N2D@i`eDOcG0uϙ4d2aH >Ie2ni 3P*E$SHE(#g3C8qUR]1gш9gFψi+ꐚ1ƕ|w;,@Fx([ZNҬ<|Ko&cə(0GJRw(PZT|%uV5-[%U;aǸio{@% *oN͏a=dX3jGx^oOG%h|qI* LvAOb*0ӭ AQȿ-8c;=8.c6 $@Q\FFC1N-zw0ہu1U6%KbԘr>5P;P !L{8ECV7Ƒ}Şgyw' FCc@ n mQ몼✘&О8@8mf>2@18ys+) K1vSҷۥhH.:"tY]ssz<[ ؖlȄF;,/ y"=41Bd\f鎍UZ,OL/>uG^Ӱ ޿D>ؙ~myx"(N̈tBgN}a4ܣ%hbr c[w,Nk$Pj)BQQ5SiT=ۓ}8xL uxItCYntqYbu0.LN_ʴXԹ?_( =eoTc xy9@ەIM,KM:2Żd,S :zb>X=uA+Fbf\`ZH)>%~bj܏..Y(sokAN o{@Sebm؅yó'iy9Rbb?Ir619\l̷+/Ӟs nR.|CO,:*"r%.|. ~{k>CO"w{wQ >ިoQ@~ߐ q BQ{}>~"V1V)q- _MYq~XaFD?'R^ݘRr/5mB_"P!z>- tꞋL{)] R%:Py ݞsȾ0:bMc6kb>| ~I2*v+3 !j2a*P)ݦd <}kfv>!jJ Yur@Gm$s_?\y Z_]e×E4Q9X/&|71An@ؒz{zdZQ(\d~>_V-ΏQ%m.G᠋njadаo BkdTYkE1ߤu\X;M{$*6ؙHBhsl7$qΟ+o 曐ܯc[ڣK1xv(uACөRYQIkI;mpUSS2wM ;{JC)f,fV>hy .)<xܼp2 q;J5D `.g͢^EЕE?W,L%%vko"AѱiS~#@L! l7-,W#qz4΅3+Ꭶp!:D,/'Z\;A;J%NINJffE2^XP c]HLjmDEA^# I6%qdh}hf޽oQiv+:PBAޅq9cz5I"slkH/h]J]lB='GAHYuKlk6e 6o H+|"{23 q+%ۇ/V7 X,H[XS#ۨ]EqrPXUi~μck^ 7@ԣ} $2rd2v]r.ڇR2{^䍼2J7zpq &7EUZ`"UhSf!f\6Tbٱ-Ez=MξM0aDatfC;jYz/9 Wa|p]aqr1U/Vm"yS2$q*>q:(X~dZ&Ab!؏"[]ݧݲ}UߋMtϲUn7v(D+9 %*-F<[Q7R@N#ע}N٥\;Pr ^޾h3!,ۤ ]S+Gp8L2Ƽ=ޤ&M M}EqWaH >o?b؝l|g#ᕷ  1m|$'qF8Z\qu~0Ю .sz$Dw1_a Rv{<pp) ҸfI%><,R+K* ÃP\l-ݲzE#v;saz /I}tHw=\yo*YH}s~cNs7 <#8)Ls[ 80/ m| & R%!uo\gD *^w;;!;`}9wzuX)47iB ,NFCV/qE~(E!DF5 t^&F#\QDJWUCV{S7a51[%x.v.~7z[Dj! ֩ASfY"k=dxh:'(w]GRei}6 YvyhFQ?`I+f_k\MNߚy;d ћ7'Dc"Q4 w4Z?[x;s]?#M([("y{IYfFo~ 0*+:=>)G)AP:BεBO3g` Բ00F?>c CkRˣ.t3ߝ?a[ZޱQ#ESM [°yRf/1?W_>#7}~3ۢ5D!,R׻m.u}aLOTiVgȴ{%ɯ[e,QaeU@ݍxbݯ/Ϣُ3|^`iO:#[^ saeG[s}8J *Y >C:)1~4$[sO.Ēf4њO7loߠ՚+ ZqhsfM}؋С?mCc\j&5q{iX%L$͊n4Zn ՘5>TPl8YɛXp@b¬Eګ:[\)uH; k7>RCAZ߻\?>[$XѤPw=?)@\KEF߈-(AAo`æΪu?㭕Хv6`@7Pe=ZӮȔ- y{h)5q{7n iR!8x;h?}>SͰ{ɥK0˃ p ~|Muj:k,w^5[²KAH8U=51ǂ'ه?͖4rӼᓽ:]ʉ>֡kƺhaK;DqL[:h"oB 2&I( R}匙`¼rxcnt4cQ4 ȊXjQz>*E8͖ G9Ưi=6󄈀H 'XEb_4k@<" ={ɄM~лJKWkbIhVsWKOV QDGQ||gyg$u c̓@mXEonH4<,]9&.f"F}s z]'܉KG$Ź(?)J|PƆ}?hZAv?I!N0=F<]nٷ,tZ !n%+wSۇ LKcL)WN'>Knu>;܃n\#aF_7ff^Dpud}刪+2%z "XU󓌛4 jSӰoM9ר#Qx_Λϻ7k<#,- -걟k`p>r׹ߨ;=db|o#߈|XF< b~d[7B _^1$kD{L-J]l)=i m\[и̴h9y+$U E%1."'$Zc㖳} Ѓ goߺΡ[Yˣ`K& mKX,!@Z$s֔MŔz/5G$ʪ& REd].t&NW)n#)y m]TNC }[Ds{en~;G3Su" G3l6&wwxrg[bb4*w{ ~G(fʭӘ?H_ G5lvzN]IWC+I2*ZkVg9j6~&<,<şޟj`0>](:7 |ىP KJx?X?dll( taΑ װ=MSďbC >S&EP[~+]? Sց>'F>@A|b+@UP36>}D>}!oqߎ1\`GuY?.Qv&]Rp[<{j`@L-@fu(Y}ULY4 !?B<"8o!&0{?5ROESM1$v~XW 6i1bL(P*Q0$5T^[A3n?)H+;32MyvO!o@˦0z$0]KKǔVfSUOLs^տLBSA3Y]%zV0TU #|0VE[2#TIjVbդj04)ޔҰ%>)vưB)TN}XƳVQN8G7xD/&ǐ8ϕ׀Sua?|gWtn7~c׈Jp䭶ߺ qpLЅu;>τ3RC Kƛn5:$?~G` G +c&΂Gu+iXlSܑr@EqE^@j?Ԍ, wb[Q@xsWgF?b\^wXjHs{{㾉`AF TvIF@e{ !*㪰-< 7'y(9H˕M:bYs{ԯD&S8AMO~~82 }aZn|f>!YI8b%l=!k=$[=&dl~73"`В3Yw1z6hOr.j|AE57@{\`HetW(t.xs6̍>bX+I9GVEAϲ&dM%&T79y9O+6YCe38ٸ{:i+.f"n ##hBX.&anT/>:  q'ƚ%C Gzc]'S4!a:'gJ4)Ԅ!&b(wT}6o&f go#1{I?^9G/2؁Ot+~oR7@49>ћf&8K=MH~?~`_$7`[Cǿ5+7 A .,D:(LItN&ɍͫ ?=oBB١ 6H>'(tj*6PǺܤإ\DXzI^cRej#3bz90q o mp;AhbYUvDXHOp@GWW;'}BFx'?Y)AiZl|bH?"¢n3o I~٥VqQ6ݹ(X帳eUK Ii(A0OPH7)Cu u>|_o(rj:jގ  2yf! youaiGoPxBfLRIȔ_'r]:!)>qiV("m,o&iCy͏X:r⶗{g etb` T=HuS*iv!m>I+Si 1{hE<AaT IIx(#td*)5tҮJ$ Ҽof7  Ʒ]Q7|;P'ܩѥ%C0sT>=YBQ87tQ#CI6`ч#Y9hXr`쯊fg+d t(X~>G$} ->Ky]njUv"* wyk,j*cA(!.!Ed*`inY潟"Õ'uo~[)]pmg[ցCqLH϶ YkA"iggࢆ|-8Dz9a(z"PCjj bkiò2ȱ?$)Hu6 '=SH@F'C ej  De =q-Zdn9)i[~p2/@FPlqSў3Yo*-,,ɔ)![ = ʲ#Utq#0i +&uerw*ESca#P4Tb1 h6+.S |ӄ;{VZW;J^.s7H]Ju,<*pngr07m6OŜ' C|}lRD1jS+?*)4dg\Uɏ)NS@(TEUJ6rqZ2)MoU]M;/apx_U18m%mHSc 8 dX]%&Z}!@ Rw [4;qΨNs1-vimã/,7\#<39&͝nwO8M_/zdlKf 2jςZ>ɚXr1ynX c@ H! :^+/ܯaZBWlC;/܇n%92pYA0D V&/*Â!1I?9xUnβT_ӈ~f ɏgbIhwԁ&o{' 3{fo@.!HoL4#}lNc_VVHo1]v0]r5ؚlU+ >`h(O?i "\|eg~; W29OC@\6Y&NQE^̅\J+P:Ľ=cAT|i`NσEݹH 3&ؕ32Hփz"0?}"p&ϚSM-7}&!uCiU :XfN4W+O-\MNtZaMFoO?83L A Qcm!&UzGP]Dĭ|-RF}0?0Kl (.馑]k۾ oA\r u_٭: \U[vy='!a_0t'O 3wwҷ8Uch-B0S qOk.9`y\2h*"֐&|)H)7a<ŖB+ [& { BlQ84 w=a;a.)Ds\;jɎ49`Pj?UOu^* z f@S$%YMg[ll<sX<إ=u8:q](}= <2nդ},,GJH5V,l^`jj5Yr+h-8Pًd`e0 >ަℿ$,`YGOƿ*(iy \*e^s St2Pи;f!|`tNF뮖^P xsޯ;i;)ٯ(k5و2s7-Ga֨ 7V; ^`ޑ ]i[U>l8Nމ7*C3);@UZ{6Eu؞*>g"r#A` (0gZc3ᜊK}D,3׽5pÒ4u`yge|/TK|\pY9ZҼ4OnB\LߛpX7!Lf!}Q+zN\<_:8B.<dq%l;J[ _Fޒfg{  <[+q8-FCG0/%~|fG̲[M]fbI(|}f2W8}5)=F_-q)T}{@4LĎ'F{>(FU((EaJLPuy&Ӭ[oY=ap,ٰpȤ;+ąWCXuO\GK\Ĭ8 $,Z \/dd\V"g]dK̬^[wTnpI8ř)krc s q|D!j} +5y֑ Xck<~<ʜK=wڦGJY!9Trɇ`MAos|pg %43Kh/z~"ۖDRXm @IDunO@i}Nex#y̵)(u7; x/8:aבLpxt\a"dPӭ |tX&ӍHuxF&C{b(Bփ@1/5),w9vֆn۠щvm;+ݗy%l Q46V y+Aϭ[@}V/N w|s ۶W  @=׎{#UguBL71aE⿒TLC=t=)^zj^B=Y ͚6OGpk-pHm.sT~6Bο[c\eU8}^-ZiOYv vh4@t)y Q%^S<-}!<F '1,hJwPA.9f@>r#C!u_ܡ2"D l]QER"VDZ薧^i{3OBAJ8m?W[,.zקGϑڐ>d( 3ЌR s[^tC$^"?~gC"غoGklcdX+)hs,G.ۇNk9UtQ-o?@p\*Ť-!uA%*tI?gu@4H p#hhH!ѨU!X]{Vۀ"S\-an^6U6{r)mO4_^-\EL~¹\!n|ꦋW L$ci.ܕϞ#"_~c~<V SSWhS"Ɵ" [zڇC7`B RK=(B8 k(4yЉ01_EZpγj!nk_Na\LTohͩ U{0<\b``6U)=}M`$= I٘mx'ZDj閇_{_*.8H)$ngV~@p'ja$e!5c]>khH/OҒ5'NG>Kark$|pJXxzV02|e[FQ4W>\r^)T&?аQ0gFKhh)-ԘU w}{ȿG]7A.ѰNגsjS`e9T@?Z!H8:16=dh]$&tYoUJ[c,uCT UQOh-1Iceq%\v%Xm[].\yJ*q\ü|~d3&NT>QM^`_ʌ~9J/{q#NeͿ%}^pB۶ )PLO} x٘VvY+3GOpyt %R>^ph@i ɞ^(ڦ lrKݟFW˘-ʛ7=^fC'OqRs&8taxZɅge~XfN%bYY_o쬕h kҲ%  5 cyȕ“QsY0ߡ fLSpEy& g-=P\@ S"M6i9Rhx(/Dby>:f<7sV׷+y~TrČP%ITGhA_h*܅TV: UfR \cO CM\g6clq+hU*hĊ[9}9$/nNe I20gl~K$oDדR#aQMp!8B˴\@S/z$hUً8sꨙ ;u8)pP'M!IS3 >+jYI FL2 qR^ Ӕܐm1⵫!JH\[3EQ.)=C<Ƈ&œ1C&D| :ŭ{ 2C鸜?t$2+8J`(Rfco;w5F|Za`!#(.(mtsDs򦑺n&yO7d ENe\~'wqDdjGPqt?CiVj b[z8.~ O;qJw?Oe>r `&Ns1]V\fQANLTcDW1݁}'d-ND,p? Am_vՠЋysYwt$n8Q_Z.1M3y?f͓j-2{fğn 铸s*tz)$";<5g}#eAHȚlێHl٤҄;zZzU} 4 K,!{O>tk "eɋfnrc8ח$FaٛřW/ۣ$}wh>\Do#Y֟bKGS)_'{@4/B{8U_0zU8uȴӭˆl >,H]]#- r4ymī̮2F[M!l}+^}̆Qto Mg$Y:(=Ws<<~zUcݘL(|Jj')oz9'um.+b?VSd/Vsk<"č_ K.~zvqF_ <} yW6H$J|8ҵkxefK8 Щ˙_J@41*9A!fYk GK1;EQX>$N]v 7ji}J90y@E=qӆ@a#TSs{ ؛fM҉v3] EW2\BUfn{,a9*>5o'o< |4|&䤺Ø q/vCiD%kmd]cgK:7)3A OV٩ecM zӤt gw쾑{K؞c1zŘO"Cki"0}} k.>.fgL9^͔s|xYuew ŢΈ0^;ȷlo.{½J%^[Y5TZdG䄪b+"}kI#vqu Z6b ^moj}蔲@$" }ʻY Y_X%]00X܎usN-'sb#YHXOI$4ú,-l~( l!NJ6ڿc5]~Qe%5ip.1OJP:f3|/dݒHwD2X|L_{yPnNbk49Ȏ?͉vJ%ڍ:>(C <R$ $|5oxxv&&D@_y+((YiV:. tVxGjqdSf8#TzFexfE:43\KNbHY?K $\2zGv5KXBwj4A@0>Rn{XZ+Ԫic?\ãS`ZG )@Fozwt/Z7'7)h)k~ U[_jL_j]_yd~S#ZX0gHX`hLJw$V T=BFSf51mdD4 Al @!butWB,)mmhT$gjCZZe\Y`&7: bL{P^PoNMg{Ct~('DOShTJ-)sH[{yVO_|>8͉^?ZM&̳렞 dg۵ 9Uaږ΋QʀwBP?unPZ||>Rtz6Ȧ,ttCmtoa2]/ Xz GLC @C m)@;@r1tdgb%Dt:imvuf~)2trY%NXzi F9a"uk&{'|_ujZY#^2Az6ۚQYk- L 4kuݸc2+EɑY]":,ddarJ$25 rʔi Scr! N;u _MoljONCmO}ჩl3I*h.JcY%DHF8$/t'n١B$JЊstھ, JiDՋ{c]jxD۝*)]Md]h/rG Ax*8(nqFY,kkRDT}I|j;D`6,x*+?&V߀>-Ը/G o327@b%~[YDP,H}G9a[s궡s"C(v@x=L1XPNn -ޛ8NdHCe)W *.hNz$}]/z fi]s2ŞS I=m7󶸵|>*RU!KSླྀ@* )Cּ}@=Y8sߥ>,pw3~l!ARyߣDQ?e[ZRS_"" oYHv CF~G>y9P0ɜGU>{fofOuB%E ռ';ᮒ=PK;+  y4M4Z٫E8shJME}deJTuyrU; 8)ɠz*M駟Lxs;R"{ؑQj'gQ|; 6|u,myNJX%ŝ752e7,::O;rFmy 9?tҭ\'ޱSXX>8#G)ʷ#O`4E<[R7VVa}n;.NՋN.Jsk9gU1(9ʙZf3/(qqTH*q۾Xjo_Фڬ]H_;FJ=^.^LhE,k*zi;*/U9̠ɡNOHZ2.q#OU᚛*%גP! \EŒ9]1"(og\ŀT묝p55]6) Հ{,m]kN+ s wcԪJMydwAaݎLLya?tV7>P8H>Ȫ UqEY&dEv6oMޘ W90w!"}_s| /hJ^Q޾"uiD'%vQ hzIYQM.!7N;@*6U PRs`8ֶ@Gs z[-佧byQ8HモXTPD͵$ei;6 lx9#K~ 9=E'DG#1O^jR>p`|0vnlwWeH㎿ Wi+KYquЯhNPJWT5 KIYn$NU+ zef߁9g0[}m[uUM ύO=thj9KQ#u4n j3.wDNΙ7M'OAe!H PY u ̀_^1gȠ#kZ 7$GveuWP-3 DL/#㵬>CӠ/5<"P"#HgMyvO̾Z2U;Elնr:ÀT{FDL{_%9)怋-&HoBl!«(?-BՓwr{Jcr9)cqW{GN @{)v%`v/HTx?XT>5K/laՅ47e-fۡѬ[?Hq#UWn/":bSDqߑgJFOʺS|̤'gVau# HI_Y?e|ӫ?kDUn٣ l7:>'>/XhY$*9h,:^ /p *XsBX%ud9 ֌,Q-I.ْeAa{EeCo kľpW$OSY6ibݞZ$kg*rSE}Dq1(D V&`-kPNK5!WS>*s`3rC$ lj4f ؓIas-Yh9,n+b=(Iz,,NwhKe#1w±l`ZsXf'Ol `f辘Y8茽}R,)f>;_ayMS*rR@߅!<*'& Еjl/9 H 'N4jp}|!M0ȩ>_e&p ܼڜCSi#¯،:>+IJ]=  Ya;9 )Uq҉Qޕ*knaA77ޛ$Gzp]AJϚ;э!ih9 ]hI/b,W=kع"QA1uJWޕwn3Z45o̯]T _^dyKQJ BLtlB& o%%UL!G#F@tժH.~zJG3׵z;i]Ѧn`t~b: 8uE5>U6b&'Bz)I@ϊ@.QiL[ql?H3ţہXR9$, Ҁ}~Ȓ .By̖yq"ѥJf׸.iZq{W툇!#d7pbsur( Bhb*Ah՟UE:6\3=97t=ͤ+z Q 4_LwX+*:O4{E@Q ut-nC#pBiq"ø+k/MQ^o0NSٚ:}KjQŋ\ԇNZ`7+RB^tm/WFOՉt[dq?kȓibyk|| ~mm<#b3j4`",D6&` ܖO?f|,`(ujF8^6љ FhʔQ1Iy+IsS"l)+_$ԗf2՜;Y9$~l:+/R%5]{ݷ ~UkGcMW_=# L% JxF-,=>-5[xLh+YhЗǡS"hZnL.)bjjRSH5+^?^@\Mtvٷ:S\oIC~5h"4F@Q[5H#MdAƈNqN6M&.XP |x N߰bqKhrҥ`h0'r 5zSЎꆔdkm[~58Ôhx(xfzxȍ,C]̩!}DE&o2:HrM\׆Jd"9rxr7O !<-KZP z>#B_oޭv+gx@nؚKւ pAf0~QMy4_R03t$\i$s~ҥ jO`B|| g ̈́.2MG&+Wɩ .K:գϺ3D{inI1s&aMbf$s:}[B)AàRpjFz2oy0C:g/@%HяH{mXJ@>\5# %ZnC&:oeҭ\BowUa ⩔P76fYgCLSgªp m :~2M.Ф61 @2ÌK}ک}skQYz*{*6V/UC2('iwڈ) eAӽHK ]M>εqPJ:;p"v,Drݔ rTFеͬiS}g #y=C\&L#vHz5 *HOБA,W:>oRaƈk @2;n˱!,儻hT*= ;۶ z#TĽe)q䞖R#9aiU,Xm/Y8O%%o>禎^UG[QV1qGKk)Xu RnIiҍUhJ9S]8#2KoY|gjʴqZ0IS8(a:q3\ZСö9n(Y}i+u=f֘>4Ls*,]}yQz#ՠ?|W͸HsWY+2l#~ f(U0&ec,M"=^_XI=s{/D90%~'?KbNܚY&Q16Yi&3PtaNN\c`,ࡠS/BhYع9~ EIc KiE zA\ڇJ| *pc FN1mB׸ &EgCDj{|@(OLIgJ0*.+!RхJެSTtr2֛bUܡ;Jf6 =ߺI6A&;Mi=')wS,ޤc' KD '|b+HeA<^ߟ`iejl}0 "GFtK[-p',XWpM|@ m`65JjunTj7U ln3iXn&/4)ĊeLV*8a`ۯxc4gk`V'ԙs~ r_!l JGEi͜ԇ (OB_$ |B BYX̶Ko#inE*i@\:M+YPvJSJ(ͣQNpRW̼H_{dddh"`lgEcNRe>QrdЮ=8cH?3aɒ[K*1mH {4ߨmU\lYzecWI i ar.|?uM*Ҏk+6>TVLHv lW LYBJRD1LS.ڌ~9[G8DmݱVޕ0#ys7/(*aA5w/ʾ}1/Gd7rżOZ.N /!4:O\4u]kScE(p5 쬸Eo3#X)@qI=L8u7J=)Đ䩋&2TpFts/T? Z;[QkΊw ;J(WX_  *4ہX5(P"YxE9C.?B$ _*UTQ. Jg܂ߚR|ZסUImxb=2ٍIDr%>|uV?YJ{@_ w QhdS![*(, 3<hCMu|[Ӄ}{k]WrW WpgTʻb;Hvsk27k4+'9#"m:${-&+y-m`ؗ8bk vI\#mWThj_9&J;ʹڢQ̀nl8 JyS/>8-+X2Dxq1<9a)i7 @AUS t;ȪcI5QsIrGO}p4Xf7eq;.QzCs'Cv5TPwBAF ~!k-Il0PFm&?wep@ Ht _!6z7[e˜Na6 5~>|{J#]qnEJk"]^~|2D<@a5R"U./wdZcL7vQkII{(b Z2s/w+7[<JlŚ>P٘5 ڢq2Ww[)*өɗ|~&6gt9PPk26cTBlU6y:,H`IRH!ŒHܔIV#ua8$\3kJUд`]zn*=ĽZ4y"sKSjz?#Ev}X=*%=tib\Ĩj3U(SD Zx|⨁UO=c7)5Pq ,g}}}㋇B]] 2YCXkQ5*fvwhH=zLb찇ɿKA)U>y`'=i˙:ARM+" #;f88!y~gzv lO%%w{~9w 0]i@q=E lM. ײZa*c r*8ؓ2ض7nYf+1$.U05LA_6 6~}xCQE'Uh76ue?>dQ|ƫu{h~S} DԌi,8}Pj8C\C҃Rxn]u39k7֫7(R w )]ύd`u˰:TQ8fwkgvvۻiQM7sHaa 8o6FQ-{^Ǽ)(>iW=f'}d)/Ol-ݑFm` J0L蕧ݨbg9J-K=$VFތkcEu;`n$6hhc,DUWim)Pܱg IZץGfm|#l[ITPPQ\6"Zr0I"GGѥ7YysQ,Wq9Hf%1.R_MTTY9.I;Zbƌݒ1qZTtɎbd _Ykvv$m@aL , Ch.9QC^O*s5&􀆲FQAC̈wY`A!41[*憸h IݞA6xvJHPK|097\ө N ~ ELl>X{g:`RBya+kkt}.Hҵ L8|B0@]=Z R{U| #o.'#r ]ote֦[;9k"(>MOy,XCsbnI4͔F|vܯϪj6cdc63}Gm=#pPfI9ݩsf[B:jP۳)) C)39j ] m4p;0/]+0 rg5Mo_9%,?'8 h:g҄ k;tW,K/ 3N=!ԘE6ՍZe ,Gleca C3{OpɱJ?Oqē_i,۟$ [u-bU|"iܔc]ֵu94{i)Г#/Ȳj|!DG315Rx"BwmMhb_icó.\9a8Rɗ*ΎP zF: 8am!>xJ~푫KZh>$,_ 쨤AsjAh4fW;rFchwi~ ?:7܅RŮurS'뼁_|lœdJ!+Pǝ̊t8XtJE2t@`VyjAy&𕣨%*ہԉ#+Zb~Fs,d ~*R^0\oU|ؙƘ;b,B7 uAo ۱Hw |<"لWSi<1";9a"!Pwl(3]Z2,U{CCU\9/UMK*][o4) 's%?D˜MLB[Qpݽ^A*}ՙǡSwG9 vxVDς[5bMCRpQ(G-xEnS2.*% |R6Ou1!OJ y|lԫjLfVKH 9>qd78\.0$[$:,'\vc+ q& i+:q~xtNL\ n.>WԽg suJPj7c$Do|Z:z9Ibw8ŗh`aY>@zd|Ggr-%:SĜ`RAW {-4lLM(=VOaѭppNhdk+tl oD=Wع}I0D8RpuY! ט4|niClc`0 ;Lu5]v1Irm@\w',pLL5VUyo#;K6SQbY7 aT< mMܑF$ iI:_!)XxWPd3*f0I_8xf!wHrTZS0}\ď!NyOdާ pXGl)YB h}I"cR.:C=؄0{P!dy4D6LX 2޼@jtzB~s3_ qg!C9?30{N͌N< pK4_HXx#rS ]S,d)2%d^_5Va)3`VjPۣ09m֪/!dXxSX(uѱ6F|G75Am&CHE emid_Kt#Zd~nNʁ9鹖5F`ِ%qBI+yqLlUi?i]2^|ioȏ{ɕE]c" _s*`eeR$Cg:c~hRs!=lg8O&BmC)kE ĝ@!)ArQrωOD:ɺl[,# yJﲜ䍢wM^[٢ 06E)w8gR7ԯDD }R%~ai btJUBӁf1t-~Ës?%(j=#6/aۍcӕB6AήJҦk+Y>  Dr6|57UKx-l &TT[H6SN 53zۢ 6Ui8ٓԃ&`I-ÄYJɼ<@`YYwN x?]Y+C]iJGp?,l<Tx8uN ua.=韴u_;=D|OǢSRr 7Do~:&y[!C*դr5h ;}Y#HU]qer1dIh'r2:^6Bl0fLvSd ̝X2~ƦY#nM7sJCԄ eվӞJ%Pef퇁C ګnZ&AM$+M[o 9 R1QJ(2MBOEb7Eji|\-vn@A Yk"Zc?Z,AwHg aBǹ Bp F(J8LG'e )e@Iپ ;CŰ>>@X0~^h0QáPxze6.|e=u׽k w5%+Sfm-ʕv2|XMyzi'U.Hf76+/nFԓaݜְQ9M1``b03L2tSY"[OX|GR;EY£L6x(W@b=!0K;=6d@؜4x˕0Yr39,^;kV;?B:?fJ{<m6DpQm͛w"zdsJB!P6>{44ސ\*.y,*H_`Rn&PKf 5$E!Iv_!mE_Qp _筰2zpӗX}ª8֎,Mo7f̵z^߰g#s70K ,-"R"lE0KN9{WN zD'Q#n`UAX2a 貿b)5H}5Ώ 6'fbB.Ip#k}G"J*w_Ax0bd|^ g)tK 9(c6o4F"D*IBZi\Rkhؙ[ ]ܐOtR%ƁiWgcsTgc~D9@#3hq[8310fwcd!hem MNEr Mkׄ)}Pqy%؊Ё ,&UK[s ;(*pdӎY6 @C;U~§ %#+n$:ocw-k #Z?aUt3kJtߩ&NpYP:֩rݷKVF'RNϿ^Y abKְtɏ莝ӛX\VҰȥFHkO?ڝ&/"\:F>e]soZkJgko!Fi7lE QEW\WmpON'S*f\lK93QuYArhό0`u {;–}"ϑ?YtiJ+P[V$iɜn[NQ#Jo|q--tOlW49F6C+ZeS@G<fO!=/8!$k %l/GoQuMӺ6>߻r9F< L#Z n?{?[q11vwi[{tNjO`p9R OĀ&"ey+bX8|GXb9bdNƤޑt,т~)`1Ʒ b'+t׷/O13xwe 8/`^bRZ,2_Ƹ9ɦ1a)$|kڬL՜!sӀŻRa4>NBV=V-$wG%1G&Zu\e[@[og% }W$A V R",.8ɾ^bR\5?b Z+ [$,Q*P˅`Xv~z !8@p%"GD\ :KhfǂmDq]rq2 qIfHghAYV`EjGZ.K+OPrk`H])\ɁHGc_xyl;@? QC2t⢙ W! 5sno2glګ{!g~V0|K~? :al04g4"Ӿ@usb:cL_2oq,#31'!P >|@YfIGOr{r**qnތ]1DYoewQ S_d +(D4LI42js1f Xc1ӧuyGJqcze( ~y(I*4He@㩺.u][9*n?G^Z i)% O>7To&d6u[)}A`Lʯh^1PedaTbB 31v3Usx±R 繻T'G9v=Lhi{gn5V~[S({@)pD9H8!יLZjSu)";Afޕ6;gRџja)G˚.U xu q*m,V ,*bgVPã2m Wǜk *$;cr )w[SyWNd@8c%gv ~NXpOVԂFC%_ɪZ? *$'`RϛڮRoKҷpP6y̵Z\G?z㊄mHz2ΜH;G"TvRHS7Zz6AP팝Aw@C^2tRk+Ϭfl[rsG[|>uI= anPtN !:w!W3Y# :Oޢg^@eJ*XYm +\$d>`_"#T[K$ʩ5R´o{sh|8'yթvs'&]۳^:Y?vzUIfF_ wa8µ̠德õݍi}C;&J+KFì{YG[ qYO<-;Ѣ|YӨ1孖9R>P";4!w5,wb=@ -@nMw,g{kIM 87<_CM׎"ތBwLX4g'N2Fj6ۉyZCT\ 3+UZ7 ~XKAUB\]&Gǀk!_{\ՆQb;ڈg+`ɍ=B׌1{>b8&$~_VrmE tm.D-KfB/KvkxGLAŸ!,/w{AAe&Qe{bCUb{qծ ,҆p~?V<~T(_)N(9`z8`1N[igU.-_nn,zF#mO ,D z6Q;cQ 0fV/+"Jku]jxRꦬJ[ ʑ$EXnrPHf$Y fM}S'x6L`WVmhQ¦玝듛FӼ4S64G7됸ÆyoLhp8xRYH.uDlA}O jp~<Kȇc&6P~ߎ 's`ﭙ&EcfMv8Ki6GxM1""c-BuHp7LmѥzwV@-ҭ +O4i{Tu ǜk /b :dxOn'UdBDe boͷZ l@"B>4Ƹ"{XPP*ds7pb`[l/8f|R8 "xD}g@NtNˑ]y {v_S< @ZM9/.3Wtvv5կ: ۓ^ ¯ S1&-( MFRS4(ikNIԍ_m\en4+SI~Am[L htcaqO6nnš,%b_ϏkuHIv݀/èB1CpA'cEK71aƻY`d$}kjj6އ;>s~5*AH,'U!X2̨7U,m;vs;AR,΁#sB&N 6;u`?|F]00n|^1_JA,,^;.\^tZxQ[-8zheھ?%pT;~]q] SK1uC.ˍI[>djA\DK/G@ q ?RA0Hw`DN[%%I[ %1X>]nnϓ~t0J+s3] m&K}pa4*)QGk~f䨴<3gXYZ&FuΔv_ '#J]TBA Cž1c\FEWL !࡭iKvk*@/Nv)b_&"=c#ef]PNNHhC7OMj1T]Q u)iF|JŦf9>R#f=OXt-Ecty0Bߠ| w ؙKsx#/4N T/\'AZ>uDF?0yOKg]+`L *MM &eiT"֞6>(ˈz;!,c>^Y6 &o 2D4&v84`Y>JZ_}*o̍RN;h$q9w !=Z\ /W*Pnapxv礓6Yy~86A@ >붴t+w) wVW)}>n;*CvBE`?Fq@ea?P ?tm,T"RFB<+E%Ͼ'f.u ^Ud'ȍ9'q8CV6ZhWA@m5 (%|*|:3mfw@=H7'}`(hd·сg@b_3`8>2Z4 _O ͭ1ЂTH%'X櫛9?P;wKƁD`.މJ@QіW=lw vYʳq@>Y+ z`}1ɽ|(i scIOy~\ȖC}#k9s Kn'dI$9/[:*"DoJ؎!'^^5&\rAsqljViˁOm;*beWt}fۃfrP3R5q^Z7ggEhl@t%N.ҼKd޼" ĘCĪ@tFʃIP&4ouFĕĉ0J Oӳ< Ѻ:X)`ěhDZ=ѫ"JoBS ={+2e(Pl+Z+"29Ԩ}Lɒj6}G[*6yQEYmStI>ƣhԞ'"kX&/Jv `3[͙TVukt? !Ѫ=Γ.̮M$^ >zW_d .}st*Lv6! 𥅚d75J=GPGEqQ;4ޤbNRg`&Zr\A*)*?9-1ϡІv2 JH F 9lBS'=Zy]90 +VF\T]px؀BJ74F~ |;F^:2AO xxNxdFWC#W7f=4PF~ڞm.]]pM]bʚQn)r(h?9PfG&lܝꭟmOC[:]+]G`s$vj20F7ص=-XкOYjjSBQKI!+- WBM .U)І輵vI9[`| VQ%:i8w@1]{Vhz|긟[B |E?u>VCkci9^߄ޅ/k1}IpAG$Ez,A0FJelʺtr5鴞M+@^Ў .vF \!o& Vx׳;ǏXk&gkZׅ|܁\|vW*.gm3oD` I~bY~Y$Y~vp:o+on|JD*}.($>Ppwz@@!6m;\VES0yPa3#nX^88hI$~PI(KZ} S bXNz gvyX%iLQ0`牔bdKx &=q:8nF%)@9PaФH_1D7?Mn669,R {jtg0.XDI(+O}v)| >=}eH%1J: 窮k H /?%/aR˲Ѭ-8~k6GT9 &p8K\J If``/[߁ܲB*_kw@3V&pMu<'0ji䴍6AM}d?tl2o @V%itC۠#'ibOQ@c u0EzFkHF0șt8* tMK *JTS#e)L5)1wx 7ͺx$, RF0%i(u2W:Z2E t>koS=NO-rmn$WLX\,y|]N͸ Q`/PV9]}qCġݝ,,zut\d_{9z\!L+3qYV3HH)ہeW&j0uOS G sƨ%G;  /"BϴˉqNUD~;VY+o<ʋ 1u9̮ʔoӍ'M_;Hb]wZvSQ[7HcmW IjkTξ.xaa&Vϗ|ԂcTw( Wr'r]ӢRJ7(MP1?Qj+濋QpV%V0Fdސ/ OLl}.|ǝÓ*(. Ol- g X]-r:g m3["|dF;, @RR$_$6lD{mL쵇ҷBbgGܽ֌I%AMI.b .Љ*9>ӝeF!'pse#H4Kh^*h;73KbfMnt(/?}t+5xݩ@jf<\Z>{;:۵vW2B6 ٢\ kL5T Y9ԜN=뻆q_g?\w BbY+ wԓ0zj:MM::I-#`O!,%W`ɽ_hk8> ?à8x=Xw [(= 3#(=af$ുÊA"A@ƕNnCcEta(N_ =;jwGY·dHc+Rp"$}.4nC}vrVPEIu<ʭu+&4%6'Y_<# R+3K$br`roa+,(]H= ICݚb;z~{ Hπ1Q Ȁ ]3/5 %k`>;& i|wk/3hzO_V;by!Pmg)'q}'żHkwo~ҷ6UuDO-$a[F12. 9aq<'[܍2qNK˃ph㚗Ȏ3r<$υ 3֎5T/qEp}ouo"EIb_"`v*Ĩ 9zUG ܉E6[먵GV%t:U)Z5@8_'Kϔb].P8"I~^2\ l^ @ShMlɸ6@+xHO (Up0&o  qlO=w,aӒL; 2B0H6̍¬/:UdD%rZEl"VN0螐NkA[V39Dl.@ 6r;>-\;4ڰ&IBč'C=mגmu i"G˘Qes2ɑ?Lq)Hr{=ZEYN"("TNEM\8,2\=q {Ќ{ եr mx7zclRnYUglؐ<آFMᲄ[a=0r*L#28E^1^O띏Ж|Cr, em?2t)ъz0:fHb?1UKo)Ca$쏻mivukkGs%e8K緯nIpDy< ܕ.u@n&dY! ӁO~ru<~M''Q,R#nig|BLI.zb+fDmmj9ORb8zIqٜ,bA19Qg۠^MnZ&OMkVDCAaVjt=3A 1/'²>4Ug|o=x}]fl8p—>' Dwc>*:35(_l UIqj:5OZ+Mha)"@qb`NB[@"ρ4 J6&c/`Tq :ǜ2YF2M=&52Ai⪼?؎]HDnjS#"'uG 7CŤ&1CIbM!m-,^:U(1u߭*bb2/g~WAzD]a$ko<~qI5=`Xm[k0\Nsk"0o*c=y0`E";|e =`T^IlJ4Źkۂy VC*ƨ67ooՊh,05WfP`[8riM:$pNBÌ:`Ԗo3@_7bqDZڵ0S\iVɚli,7&$ϒ)&B_5eP`{?#izwth1_^) iW]QgCvN3L/&-h X^ط\VjAqBY"ӲJHbK k QTs]y:b` uh3?:g]OTERW'r }B2&g#8}n91q EH}:\3W<#uu?dlVyCx_P mTU޹cOJzna<݉6,,~z(9#jw~Js+")ky)pg8m~R)Onfi)B A'nqVJOg1o#Ho|Bbo W)G};++B6EY1M^)mk^ʂheE g-AXb*i^F^HO9rw;1\VSL2(DYXCP;+!-J))r5^+\duv%<=z4?34 S 9 |ޫXf :vf-'N4rvR_P#lgjBY] 3CLٜs;i&H+.!5?Ik&&e 3'.ndGP8$V=p8=EU$N$+jrF bK^ S;)Th16pڄJ9\#r MsR@_c^pV!:zV > 4h-{\Qv5>'[ L-e rjڙGR ^G,2 m A(tݲʐQfY<8E?Bd<9@̕=gw9Ƿ^3fywD#VtQ=`+@K(&K$] f£ GCXk_m~Ux-eBȳzf4"z׊rZ{59!X~!$yY BD}Tg) ,3t3LZOpXQĞunoF8N a Q_O:+/KQ-]}j$Cc T. ۾}G蹨ᏌR1č$ۛF;_?~zh3Fh[ȣ䤝`e8}Ƽ|tZ@2Gc̈yaaXQ;_BKZ?#6hbۖ|Q#N~pg" a bX* !9L: vQ2Es?#mmҮLL Vg( u'1Ad ړAqNƈ{*:!ղZ;~ONw3lݙh?<閷RfRdX:MrFPil0F<@Q'C&:ZLJMj?.K#_U[h\^F:jRi7R1;ڽOA8r/wu{5lR.t9Nj6o܃BPayE{oЊ Bβς4;P;g D4ηBJ`9@aOU\ݬW@1yhVmӼ*Kvw_ŻuN4L行ǑgY)}s| gk_L~,4f1"hL=[~AQ3f:`dM} |2#N@Y>ͫ!x?­mj~K7X:Joc{ɬ\FU봊&w&ksĦclƓ["?:؞J>} zX{=X˩1r/%HWp~g:j5+$~zJ,`|bHI Ч t0|y:UsqEDj3m*&|`GC~gCP͠񔜡o:{qhWI+.gr?gt—.t1`߬rb^aT2bOGspua{"f/YF;K>(ޜHM_ϼjJ ; oY4 Ud6Cs=u[]p5x]LO;Quy=0$N;xӢ.:kx G=+ 0OrQmR1cW6$clqy 2.R4y6`SGx>=d*\6>OG=p5igo[:r)/?tyxzA¼UC(\"VXz Dng%ZNZ!X]yoq[guOwP%/ 1B3]\ADjUoHSU$ȯ+^B\o"s~N&6R~/k;ΧD(g"|ʨ} (2T84qd"TMqTRx}&ikEjN2ZN/m&lΦ?qV '\=[ 1LJy}țMrׁw% ! CCA bK@ 2fD[$%>'CfҋYjZ1X¶jbFH' y%R\Hs^.3`t ˁw@ZvK J+fڥbv%V 5F __"WDh7& (6,sTct`F[|Rΐ+"̂(=8A1AQD X55 ^&/2=c.۟)xC塒x1C7D6(ڎ#cZ1u-Ɉ!%mHv^6&ƭz 5!?vV#ͪO[dk1L{ M=y`;Dl(=-uyp)`kh}Ɂuek)dHv_8?0:-%΄s2z)9cC b 4qkj7x:4ȡThb@^QjiuewLݜ!k !Y(݇)F} ;,D`%ٍW3 +oij|Aav]ZFC)fi<,׵6_3|45YgK)r"_I)0@9{Kɩ=Jω_r1AluL -a]RD].JEM1+1L{j%u|#riL^mO @Z#i?0Nn[#pt;61\XJ&@ 8.,[M?WgS .%ߘE)+0+3@Cs DPx _ͽD:kN"Ҕ\u"㩤?Ikt Vz)|XW&<Ϳ%_&?.ko'/4 ؕYLU_8cJ#L"a[!Xƴ5,[5mh"ڔMWA@<7Bဿ|!̔-} },QՂL+Ƃt?R+ߗBضˁ|`mP,=d)`(ZURc2ofeH\,2xvM\A'Jfs7Q;~t h7{u9)B_8`>d{XAb1:+KH QcәdPks,Vk}6Vwgu0, 웖%)m,~g0JnXqOygUzLEaa9AvZ&^UkNefu*};uN8o]d i)v. " Rt%.5MWT:"D 4DƜYQ/w4W[N9lV$?|TF7n#Ai]*A U3^Y|1Y-N C \a'<lj'3s9NQ9Ȁ l9Ǿ;QncW,m$>ɛ5OmoǵhE4?TL.ֶ5 ; !mxn 2I<1HMlj񋏞 b2 vƖF%14uqҙ0)E~JEuJjgCPo#;`2EA9`ܟP= Ógġ_Zodb $J:m@Ϩ: av8lw FviJkPe7'4WgM쏜2 "UucfJ51rD@T)(η-'(L^og4'[[ʼv | tk>F 4U, dj4[.g1DS:>bS* p52h0.YT0YVyieayd6c^j0I}?}mIE2H҉hbĨ~B0X;K O1xMlKC\P(#շuNl4 NJD!6RgY$4r9f(v Nh+JdE)]:z/_^Jclf&'hQ SpZ"bKn''j9cWqu8⁦Z8SRmE-@O!F^5X`8-@p~OIaV>3x/fnRdݍ宬;gncI{TTf]=a01e BnI-n |7"8ѸTWe"WkX' +P|Mt%fSu35 w$>=(t`;h+hjz@w8Q @VHӛMO ]+M)\@DM@b4 ']|#<.c|޼HlԨ\e+A&lh39# U%32&JPƂŅI cV)v5Es8N D4O0G1񓡴o`q-(hX8e|l @V";Ԯ9;&TYB(n%:pN[_!a;qKXdh7Ws}ca!v Nz 2Re\1 o6XHtjs_R7-d ǯuX]Fj+n%֫h)\][9.}م5"GF1eJ'9b#s .6%qTTYtLX#JE3Tc9h`i3yjq: Lfګs뫂1#pysrw\{OTqAVb:5TS#ErWDBt^2p%W5 #ꒁOiiuW8;(yOik3& *AiLeUnn(nB ?Iuz wB3nm4v=]X0Oad]@ydU05%1Ңc1K 2J6!<vQZlR",Af}&%~e ,#VO\Br] ,>g&Fsy.tCC^n.Dfz[Y</ңأ֨{KL/ Gj*>lE^`Q2 4fkXk`JR7pp7:$*5I ?ala/]dP8Ei(Sq4pMV)%BnTP8~ ,׶tu aW>wnʡw_)}eQF8m./a`!+N_?ZomȈIClC+ ۤѧK[KRٱZDZk&j>e|_jIYyq@~KegXg@2UDǥh#S :p13.dYR񺳷f뽪Y%YQZԊpvWi9>﷔#[ʠʼn[IUٴD硵/2M?Ce}#`Z"ur Rs 0(JnsY`cm.(VY^ ^֦mTd'G~}=LH?)5b]T yuIrᾮs,\?;*X{^r0lS8csZ؝leٖ.yإ{n$Lz撼GN UկM{Z@Ѝ{H? uvX3#¥=JV<28l-Yӧ~R5ʿ:r2kK*t7sRc-Np+9xZΈnQH52H>s"p}`5+c AEs4J(LEZdrCH\NtWlB3h]j׽aCNq|e$Ee;MmDNEr Lk PKPxAnUI_b[Mԇ]64C~Ydϖ3j?h CH% ?֞jz$)Mąh9mX$GyR!O5o`MH8vP=MJ7 ^k=V\0^\ )4`)/+OH鼱 |"!Q+FY:{cX%쩼m\ ?٘K<} w hZ6 zWW,L^C=r9sO*~lc{.׎QC~n@\ɯU dGXbNFaR[bf6/)Y! ")lDaO"wgfss>R<;dr>؈ӗǥ<%J?aeS`WΜ ӯkb8ӯ;X׻@d3SsxhyQ^ĩjF6oVݯTdrc-\LF!Ojb 7# rQ|?mLjIeifm@ąI4"1?(kTn_'#Ob1pFQA0BpGtfD2qerӨ/F\%/&3xA4Q8᪭_KaFzlðQ"OۘCvV,- ev!Z0Ɏ-V?~.|pڮg Wۺ#4u8e>~=taWB`ůNMt^J{gG?|XC pHMnĒ\ **oa{b$$ڢȎV27ږuA;Cŗ'-P?U k9UĞ/͏%#q 3 AE+i?DG;FA+pX${q j)H!tܐ_.8ee0Ym{!J*;WگX?%Ɲ"HQJ8ς ?/Oe#ˀlc]#zat]S'IْȏAD+q}̅WU4͛0n9d>*7kx ~o=UmUp`YaҍDtL/B.N S^]k 6o"g6Urzнa,j[dFW`NUSśry0} A:䟶{~~O\IƄ S(iF/V&L; De[ wY+SK ۈD#~؃q4znuS#E<pLr~w``jvZ냓8p=P2o=Knn64" \TV *J;pN6aW܍1yIn<Y]kx|3yL>qE8D?`{bR<!6U[`|Fc=16߯;_eә+ţi*x4oibtr`N Itwؙ( 4^} ۸ #26]ɝKNuU/ف(+gBcsF7~ϔ6$Z !رMyay/=XsufsB\7h @,[دkp6`֯iJmCgDˍR\d.b}WJHv'jNo7Q` F7@jV‰+#H̥pMv#IB}\x wo;*#wYN A5ek!ɔ/>aA"fOVIS7h01?"{RKڝv5Yk{NzM柢YqPP?,.jXj\wg0y6 x a&ySؖer{^"f!G 1ߘqݼñkv ἰ:ct!ܩ7-q\LuGykDžk1{뤯p9S}"WeoJqM2HrN7Ńமn邓'EOXNq84w@#!Q@ao-C>!%i<dٝy_ƄGjvCt<B^< sF7p! =ç^"$]"Gk*Cs$Ӿ1LN"vEf6ŏm%В昿_$a&/xҖ *ZLg~x uIC_u )XO;W_y!?iA2 Xz >"a2r>( Lܔ0tڧ>y(muQA`ܮ b Ȋ͕^/mv} 4Ҿh%N"vW87lwB^BνӘjЃf\WG)&qE%ӯPX5Z^bd[JŅi .8@ }ĭVD(3efP#'vt4EZ_' kkQ>%aJԝ lɣ՝eXn4(KBXVGHjG ,Rs+6hcylK_2= 뽯DJ)na~,#e!(n[7/;S AAjG+ ޮ[NLf$ +-Yn*os+c(ƓDؾYGg? Xӛ Ҫ &h6g" gdh*nKF~3g}8,.)CL:zp ~Dtp5SR/4٭vGLg%xŮaG zm ۺ }|1|dXH2.^7go>Fu cWhIzP;HI/ USU Kic+l1duo4=ٶ+K^{ Jg_4abQ/0ђXK"|?Du_alcEr5@cf]5fjd{Yob]PP&[_tOŬ@hw,3L^ Ocsck{ q.0C/_gA¶POJz(͓@ث"A~A 1ocI^6ƧԩFF5?tk:ڌyX1&ƚ1ًH7P %7ҷ=(qli>6OݼU EihtU!D?x/1,vĈgZF>Շ~#x~~~]UtQ0&=wIBQ{nK|)|T}j"|S!n~)V Vl?`,f ףۍABr]6*=R}b C7#|%I+a pj@5]q\^˔rj7P!u+@0x|"ܑU!@dN(e&@,M0Bjv9Xr:WHDeFZix/TC&%o[!u1?r-ߊoN~|Oyn8"bt3ע=X'r4B+ HUN쉞t I KtV+W~ҊTm:il,|i5Q^(+;s}#{\W)_@`Xx,HI&M Ov=@,C?-j) +>Frي荄 ^ :d1ySk7`NŁzH1+Oba:8̜cfd_t {wݐ? K8NVuLws7|;ݘX@P$T0'")ou le~!>f`U7vW Ъbód?!쨢? N:њdn3tc{ Xtq7tCԘ^J> X jKrx)Z)*ůlZ.'/J%jEǶ v0=InbGI+*W6وS}_/}F$tp+C(i(҄Dool/qC~sM\"f|cCw ^-vv?ڜo>Z2O,TiVhỴ{DZcѻfH\5fF:K8|Fz{!ͷ@,ðL! xa&]%g4X,1.:^^/7=aKVj`XVݽ>ɷrܦ!.~qkHA'LλWBf{a @ۊL揤 &(v#ɛj :4t|^%?xKͿww>UPor󢈉Y`b?= ⪱5naQ,lt~{ţ妟jueowvbGE Y/s(8{-C*{穞y"?*k>XD/|!>Ƌ *)CAC3bG"RWQ}>8̿) zpE;aL50rSo/pKzxӧ#ڱ9zw.7wnf;^ e1cPe\($^>3I%37yMf8ͲNjApj_s'WvW! *T_Y1J}w\P XПe 0acmt`rC×P@sk_ӆ/Kp z 0qNcz9D#ղa mBֱX aRQ/{FJiCξ!QVQ9Gвڙ˒i5KزIgRkf}&!°JIPX#cYY ' th)qNH[A\C^q3HJ 5PH4 tLUғ~;5ڑw-"CB}@*:騙pjn2Iq8¨][*ulEdE+>pż9Juߔ3AKl,yjw[ MKTVU #K|%ۖev!_S N݂HJ[`R+0vUg߲#D 9̨#wb_G!wq3=5E)SҢfG1gy!*IpW)_7qZU  W/\&5vJ徶3Kql(<#-s~6/·H[iƙz\)vojY0 9 qke} Qȶ YZ