libsss_nss_idmap-devel-2.7.3-1.el8 >  A bU]p^2/a$UWKF"W.JȡuCXT qdFt^eKTv%~͠sjMk.; =7z/yBv'A~%^lo 1#~r|.Gd=BP+stԅ4wąN-m<C|R;2OFFSV~F"B6.ԨaI'!r| 4}Oe8s]Kduri?>,^)ͷ=`,߶$AА_-JjLwMY=Vo>+9G8X+gѦT~Se%G(BzlXFAMHfU73ѕVEU2a|bh-`wm)я6qe.qudvm$e=se 'Jzz-2٨ա񒧻Ko4zZ>]:01f9023d8fd4ceb1a1f602dfa94db22e4d300fefc782fe1940e04cc06efc065260891ada12c727cd6c3f009039f0a3fb4e6f6f66bU] PH>/$Kn)6p ֦BV/}Ϯ+YlI3v"Wb^N|{48%(z615]>Pz_QɆ=vnsY>V&;>>wEh*{{C%;L&C7pէW7XH=DJ૰s2OPt˘:/%DnQ 4&Vϔoi-ʏ.~RjQW˹t˒7chGQ/JwW"e:(|f'K&|ݼJ`)Q4g<6R8O`k`=3 I-U!ć6>|w-Kd)|T%6KaFNyhU w!:D{;&D.SKZOk ܉} U/cO;5oJ#vhжq4Ok t/ w*M(ĆB A>p<?d % S $## # <# #  #  (# # c#  ,# $(89:eG~#H#I #X0Y<\\#]#^bdeflt#u#vwp#x#yClibsss_nss_idmap-devel2.7.31.el8Library for SID and certificate based lookupsUtility library for SID and certificate based lookupsbچx86-02.mbox.centos.orgqCentOSCentOSLGPLv3+CentOS Buildsys Development/Librarieshttps://github.com/SSSD/sssdlinuxx86_64YH B7 m8hUF $_b{:fUM$=AA큤bڅbڅbڅbچ bڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅbڅaaa7692d4e9a893b80776fb92e71cf40d125c8d478c9e170962c9ce989d7c5920488619975b8f552b269434a5a8f5082cfbca97b2837f62c7b2ab77c660c4b8f9e7ed0ef70f99bb7f763a48ddd95d5990e103bb145eedfd0a76d19c122374be2782b30d237bdbeddfde4aed01f007264cc116b2d4be2f398a7cb74ec7a5bc58bc98c02adc57337f58c40aae15bbac05a3ccb364e5adb1d610a16452e92f17830aa81e3927ca930aea47041855465f9cee9e7d9de708cb8a832ee89b0f6a08b037dbb21c22cadc96851c25dda7ed24a4b8b8fa4daf84133f2324db68ef0029f1d8bf9f7db0da18275caa2dc3ab6f37c3685851e42fc36f797ff862bc2ca53b8305cd4cb41607a30d7820cc20ea76b4a3b8f57d3d2b7d102b58c8e13ad95e83aa1d95fe86c0291b1e5eb2a4ac28881b88b3c8bb76e5ead42331d1161546a61ef666973a2aae66bbb99f2b57f2ef160182825fa5305444511ca1eca4e1b0b38528b3b10bbf6fdbc2543bc693af9c6a28da8920f8508f0578ef44c1d240fe719ad8793d030f9899f3cbe66fa8510af70d8a3c59cc4fe71b165b27b5e14394e975e55a6ca13a1c87edcfbfc91317896452c31a9d49c4768f1b4b46ac32e0907e00a73680166339ff62595dd2d2eed3a79fb9fa0c2e8250e89539f6d678aa2e5e51e2660dc19c92c4f81f0f6330752092e43db6f5198d68eae0ca5489bd79f519c1f5001affb21350774cce0f6bfdb161ab423e7c09a6b516e7d4454a73462b0470c35df650d8a9e2393566309e45f9c857c6a1bca1b6e81a2b2be78facbcbdd3947c57d45da862aa06509195e7ef4d0432e333728f0d9dea49acb95173c139f69a7804bdc6a72666e1b300fdfc5ecf102714c9fd57df76fdf47139f8dbf8ae59863643171164c16baa5953c17821a7ce5feac673c05a56b287453ce3a0bf5048f0999b7711604d6cdeaf3cdfd661fa21fc5bf18de929671c801f00415eaecd35abda3a04665e9dd0ef5ef2c6ddf02b4a12472984485adb027fd12ae6c60ffd203b1a41c555557ca84ba3598f52c281780dd7e22655db21ac383712e62d4540a1bc52571ceee38ee824b3076f0f9965ccca20ca0ce8330ad99dd1cbec0f5783fd50a9439bcba0c183ec442cc90fe27a2dbafd4e1c791aff374b5326ba16880a16d98269abb731904dd1f8eb00aaea66bfef72d5252931d84cc01cfabde3bea854b5b145ddd37bdced843340e0679b6b4e7ed2fe318fd0cef76d160543722e0c3eac11f901ae15db25905dca7a17b81c6d51869fd12ea569fc4b072d217786b4b4d73bde4b9bd9425bc87b33d6b1911e6398673939aa2f15ac505b9a1ab029b8452dd0869f392daa28adc942272615ff2db16bcf084f01ec9fcc2f7f6a632b2bba8c468655e985a3b271c25952b7ba3a9142a23515947e79dc051e75d70f84249a4b15elibsss_nss_idmap.so.0.6.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.7.3-1.el8.src.rpmlibsss_nss_idmap-devellibsss_nss_idmap-devel(x86-64)pkgconfig(sss_nss_idmap)@@    /usr/bin/pkg-configlibsss_nss_idmaplibsss_nss_idmap.so.0()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.7.3-1.el83.0.4-14.6.0-14.0-15.2-14.14.3bγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#2.7.3-1.el82.7.3-1.el82.7.3sss_nss_idmap.hlibsss_nss_idmap.sosss_nss_idmap.pclibsss_nss_idmap-develhtmlbc_s.pngbdwn.pngclosed.pngdir_612d9a3ea024aed236d313a9fd3b6597.htmldir_68267d1309a1af8e8297ef4c3efbcdba.htmldir_779a70902e6daba0de62226b3b7785d9.htmldoc.pngdoxygen.cssdoxygen.pngdynsections.jsfiles.htmlfolderclosed.pngfolderopen.pngindex.htmljquery.jsmenu.jsmenudata.jsnav_f.pngnav_g.pngnav_h.pngopen.pngsplitbar.pngsss__nss__idmap_8h_source.htmlsync_off.pngsync_on.pngtab_a.pngtab_b.pngtab_h.pngtab_s.pngtabs.css/usr/include//usr/lib64//usr/lib64/pkgconfig//usr/share/doc//usr/share/doc/libsss_nss_idmap-devel//usr/share/doc/libsss_nss_idmap-devel/html/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2x86_64-redhat-linux-gnu    C source, ASCII textpkgconfig filedirectoryPNG image data, 8 x 30, 8-bit/color RGBA, non-interlacedPNG image data, 7 x 8, 8-bit/color RGBA, non-interlacedPNG image data, 9 x 9, 8-bit/color RGBA, non-interlacedHTML document, ASCII textHTML document, ASCII text, with very long linesPNG image data, 24 x 22, 8-bit/color RGBA, non-interlacedASCII textPNG image data, 104 x 31, 8-bit/color RGBA, non-interlacedUTF-8 Unicode text, with very long linesPNG image data, 1 x 56, 8-bit/color RGB, non-interlacedPNG image data, 1 x 6, 8-bit/color RGBA, non-interlacedPNG image data, 1 x 12, 8-bit/color RGB, non-interlacedPNG image data, 6 x 1024, 8-bit/color RGB, non-interlacedPNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedPNG image data, 1 x 36, 8-bit/color RGB, non-interlacedASCII text, with very long lines, with no line terminatorsRPRutf-80b0ffe5ee6f8c28051d5862bc8fac0a4f869956b9c8c8bcad597403d69d93f92?@7zXZ !#,DY] b2u Q{LT0ā!t؎P {gנe +9·PSĀe霋GU% @=Fmʂ] FIϲ"b#Py-8̂k}ΗN#:];!^& W^ Kҙ"0SgH}>g&siך.di_tⰵ*w`Cp5H.Ҋ+PLZu ႘ށeq*a ΉcL-!,/ yo&*Q.2zw Ӎߦ -%|4nSքXgdmAZFg!N)?w=FK*Z7ɤ*إJؑIRBFL\?\u6o>KQ5ww f Z\MtB~GƲF<2<, i&nl:Ҝ-GdԴw zI}!n'-5g BXe0Fԡc$;4(Gu@D0R`‹ ٕiuM9:H_[D}o$"͋m=.]צ-^`+Ԅs͎gPRde2ffl~RhKnM pFp04Lt{Ia#rl s[ a8_f&EMchu@ag$p&s<ޜ7Kv|9t+@{/ž(VͅY,]F"(/$ݽ O$609i@8̏Ȫkb,4^ +9fs8B r&?PysL xЕw~-#egAY`fy_ʞ}Q'p ]t$gZ0@f/ Gq@C tҔF$a:PMy1ƭM%Ah̺29Y{ծ[;79%WjwqKkb$M(÷uܖncr'"!A4SD^4V<+<3 uXZ1UztS̿~e)i߂q>|S!ٟfDENR@eCzJw_ouĦI AM{'!hic0j-ius.1& 6hY؀}7[*@BKonsjC㖋ln_nVy9$$Heu(m솾keF|,cmE :-7If7!IG%V(g~BhnG&B}~ fsؚ( %oi=<[%JiPe"\'H|Th~@sƍl>"1@d8yiRmO18-̴hzd\ǬW"B=W{d S1)Kjin4B-9FbǢ~ƒ=Mê tavwL_ͩ&)5J'] 9/ 'ɸ*b>"Sd/%'[@gAbFGFċ)S(WrA5`p7<:F{CoA=~YSn9$u -'a6-ق9˛ qQqI!i \!Y XsX(މyhNbå!7V!(p9BNK\9 @#rfRvٌ\3=RH g2_,dKW9뢻 כfT>#1{.Ox᳤+bnZjf֍le'ҮۂY#\di,m6:I_p@zVmTV Y}i9LTż O?V@'ޟjEۂbJm#a_eyqx|g)B٪  8An0d{U}ƭRcH`{L137+3wN[Oֽq0Ud!K"zģZިv;LU c"ԺnzQ&~Sl(c WbsD{2yaxf$2 qetym )7ZD 5BvrvK ;G#P #Ұ;4xӺ$,ҫj~A)ix9I s!j‰10TJ* n#ڕjKk>mĦHDi."ee-z RP܅\wW1l\%3cȓ`P5)'F3iKa|zoThu'В3G%=u8"kJ:חA6ˍe=WT\d{}J&1)/,EɂY&uX>ޠ<__}Lg)j:XJn#a:ګJ~r" p+J^Dd "ɖan)׵|%D'd =s13B%nEJsy_'Q4C; dnfvQ2U0V\D  ^N696VO9}&ܕV吱&? ͧ]2/^f{qdDFY:Xi|/,pdsZ6PM B9equDC|/ =>jN$*~ѕZcäS:mz*S(0"CfWpAx< ZD{X*]L0LjJ2l 9"s7ğ5syr]c'i6iݠsF&1$] F$^$쁏ita 3!,R.ɴ󖦞"*TlawoxZ f_ Ŷr@ba xrm2:H(_.w;X&1wUhr7gA/ypYF'׏g,l IF>7YWX_֬1G8/(s3k+Lzq!? 4Q~bbGSKRu ez  sV2)W$HxH8pYKӫLA8G [V7*V-$­7vWޅ2.0 W^T:CiQ :D{}v)Zck7 44ku>Vpm9j iwvyS5k4\+1f|4µvZ͢YGoWO`x<;1Wޫ6]۲;i]qAȏ p`ן_*R44n 8pO?/3"{}*:σpEʅPu 50PLM\/>iT`JmLV-?E?0v/tH?U[\s/) Aԫ=H˨F.J\iqSFpͮ2dyc GYdwL[[k OHLYkPΘ $JÍ;c\+1Ө7pz8o 0̩]+aETKJGfی#Ҙf9>R0]w~6r (˅l >Ny7^(}aKV.ks:@~ml!iDJyP~YmY"i{9RsYW' bw,CV\&'RRl$Kk+r9D!2)܉H`ꈯIΞv[~Tc7hf0;F:A;Gu Z?K1'6"GFMaQ_24]іWb%usꔒI䦡rEQNhG8_6AـsXW qrFC{ڐ2 4lϭĶ G4"kM4 y= oI;brL:ϊSooNQ~Dq' Údz 2G46Utw#aEl{0-(x^;*:Suʈ$+ƦY=<ẃ-t:iڦ8G4Y-U:to yX[^y ]Ѵl0I3],$!.R/8}2}a\V* B9=DE%Tȴ9WsT!DշXe~ҜʘO%#PH6x1PԣX)r[yq,'е+Pad6*{b+G|]13!$Ç]yE`\)f!y-I3{3eZ+ƒ-+ jeP vj; hc˺!0ڗ f !gJ*'ԃQE# OVziI ?"3azDЯ%Rhv&R&`/Αi(L z+yZ2Lt΂ `ϐPSoPYر)LldM)q6~t,$KxY- 4 ʸDӧC (@&oM_G{9j^r ݙnumf0!L?-NCWs90,PZ2G%+jD^F'wQ(qtAn1h3:q21mW}+nдXf9SI%Ȇ(|5A0h3<%sձB7yl͹ m}%➻L#n W52-nP G  j\sD~ID䴭-4 F`Kuo|LQ]IDaH>SУS(TBӃu^ЛIw{ Vm Ch! +X bR]I츦>u+pVn76(0#Ԕi@PtZTg ~f'zQ#pg%,TiQDkֽ]Oci\W!*Z}a tNOn=Yer0\{ݵE-kCGžSʮcƒ9DI %{w3Gy YSmNpeI(Tҡgꋧ/P_QK4y%?KB0Z;}%I[mB*4ϲz[/L<=rv oQ~RvF+LZL\uչnb3N f:06oe;Ч}_{UewUdyBdQ;` 䜆N G '@Mk\@QyD kuaC[J\"-OpEhW`$ maO8{ X)' JopƲ}ŏ/F,tT@ۢC~hu M)6h:$#!HjfO3o``XY;lIj]ws7Ec2wGC+!^7͓x{Uؤb7 ŃgggKGݱrb!P+ `rpb1ۨΛPt|pAGij?xGd:,UN m"#C L,E'栧2wهRU#"Ս ٸHk׊/'،C fdm>M*\k^'dfQ}i.꒲хkS^w56B<0q炼1`ᴖT37IVE ) !H(őӋ@mp8'̶Kx`g\J -PS'`@·nl譇/$K(iMSwyl*(_9Egjy. E '5|kC`7qvQF7B iNGT"+P8qn܈_@V;mhF :G̜ڻxdh?CO@|WO~Y.,%-p8pMnr?š8xڧ "j8UDʻ8" ̍LD>.!8@N-D(IJ݈*֗6`]6-Ҽnm vR0qAoɄX*Y;"aE]J*UZ[FY[Q kBry6dsfͷKM*", #m h )̀*Kz+fy/$->tb[b.S c_=: 5R†NGu< a@X|뢡z$eրLO*u`?Sl12"_H+fFpW+4~JH/$G@ `7 vZ꨽M#d^hXřgG{įh "3ٕd̵p Nht"K6KFƃu8/\eZ!Oʹd 1iq\^$DDcd= y~ra*\+\&lu!ǡ SJ. yCY!78'4/TxPUa Δ'<k+o:'d4k]'CR&ѡ57Ŏ[jg>7n EC0Q:}!rb MBU4ZTDRR+I$MXηcMzu  sUїG_[N@ _5k "&)^o;MkNc&]7& h$/̰6b$>v{]Cvax}L~VFGE,A_!$G`}zdYkA+֍ͩC?<]*%W9dieE  wStIuDPÝ͚kk|,UlF 4M3RCZw2FygA}PD}%U,Q(Uz@\;/L!pXO \.A}պ4<Ҷ:W9IO ۛ6[hZ*7r5]4%Dp1 E *F G;-%&԰e9eo ӉjMRL;*!'Zd^tG"N <3c}!;УwPp GS(Ӳ3&4 `?bGqznX=jSE3o*P DS+j\yR诃t%mpuv7a)8;|Nz΢zA p.=W')~~9^c-)T`= xi6[:|3/uJ*M~kNGUh|6fNP< H!V ! +1'P%.bDCTuIU?-̦1V5lhSv=GjK ãtRO H8stI=.@) 9P-'s> 0TNEgh4u"}w#?wYCǍW@Z™xQZk+(*^fđ4jl)eD:|\-1,D}FO[Ll,+KW[%#˩[ͥ\aop' RB^62xbzխֻ24u]𝗨q_!(B7)0DRW>b+UJqzhaa*?տEFpTw C "?Kl+lY\d-8t\IQTe6[~N.H݌{p*{aKxl[?]ET<{Kjek3"A<}PZAfX$ݶޤĽ樜DÈԮpRn}Hxo棩}|W@PPSxTyJG?7CD&'硘ݻ3CW{FB.DI!; <:a<Ԫ$2όЕgl7ˇJ/sH81 {5y+En'?yF%uG9H}W]ҺeQjdמ*7gIR%vhѹZT`YW^6۾$MB HJqs/@Iyf|h20XoYG s@&CzP~s- y PFiJb%yaÏm^*N$f|5ejZ4(~.UjXf&q^"dK_v<;͐Eo8>}np}([LFb{NJǘn3% d+WkƉ m1ȺV:v"[yc2[%~.UZfMq'v ~[{=W{xѵܕ|699n.wzBa񼬜,r-ܝ;g#.6j=%ITJ_5\!O2)KTvT_]ݞ;b^2>[> 1v2p9HRB\nJ3ؤq7Ԋv;S֬gyhWEFnaA-$Y3[_c…Z/aGRhv~1%̼.ޛ+> >y4%c:q azW&~+__1yI UDϵt:›nCv1=؂ܙ5"b [DXhe8[RgdnW!Ģ%9y!*`L04'0JCwʯι4bXҩYkٵ2[3Wo0(I!!4bXH[ QQtXM/#K ~]f{ 1ҡ^[yOy3DөA~"Wl ,Ojիj~|XJt %' [qsEpO. ,үurHl?^soŽjj]>*g(tkCu6X[+1 Кw8z#X0h)Ft{HPbOu\ ,vy LNL!PANF5[XxF3x>-h@*<3uc5@l5MO(؊BON[4ya^+kO14 7G`YO;f^rc/HEbRgh3!1Uv*j #̫iuG oh6jJa'R=`PcZ\^?m $*:݆]-,!csɹq]T!S ᐲW<T|J*ֺkwna+i^9XEp0n(p&ެ3Y+с  VMGR|̒pnlثV%:[}/ѧRw~6Z~6mgS&B67;.p>'郷tTNdMH{;&[$܊W +=ncdFN7 6V JRJ#KsZ(c$." e#dDڢmlFr">OA:u1h"^xK=#[)_pRoi{p:ߧ)L4tO7ٔ^DEPJ5w@Z=;$"S.j|(wcud׏Kg<{x_HR_nmcѫXLjaS|6 & I#}ev,DWÕd37%W)R/ҶH.?рV@hYŝz$T-m Ԇz-ڻ_[@Ămt:L<'ӂ':d,GKR$&KpalAB\TcPSAcd7Gk['a#m#V2,bU>7\M1ws!E˖ N1VLw(OJ՗7Jo 6R@+:R ҡeESvAew cRp.pk#-uQ55n@56iB@_x[x_X&+K;?6iˋ<x1`o؅W)|M LXv6bN ~4n^=`a,<4՘TH~X@_.q!=X8bRtNuS!ur6CEn(É{ax8S{(Dpʱ#S|-,Wwa t.3!|ո~6+\dEHO|Q^[cI+#ΧP9{ers+o O=&Yie+!,Aߑ6VCsW,yՅ >nĞC+ɾWcɐrƸ;'c_zg}&-9.ǘ.摋i0~թL%~9as0=K-QY/ܤ!t8*J#;ݔc-*B̰ޢO\_݋(w3|?ֺ?#/\,3':%c>0,<3 oK`xovBXl>,BkAY aNiOξuڌ!i_B"hyLX>*E^ 2&j 5􇆚;C| ?[swQ황g"CG!r|:e@IE(E:|LnnMrݺ* (MHSWKĈa|70\'Z.b+iuC&T1'C;X''Evb7@I<2MPAŹſW:|sBxtБ=jFeRѕ_-cUVnwynb6оd\qEZ ׊`"s LVCVxu:`tʀoOr|JVu&c_-^q uwe$@.Aeo2t0I$6e[wa[1.-l)73RKnOX`; Pulfo;v5?S)=o;}Akj^өbOiYD>C\S} ڨ68_]{هZ9 jc퓽{֎Gq]Ծƚ?D8<5I^R8$P{JCKYAgqs #+3LP#p;Twt\G_duyb v!: 64ଡD &eQۛ'I!WFst+piK=1lhmEhwWܵߎQ19,+SE4ԯ~T=$ B;q녚{-}&w[]]C%ZMG6PͿoUܙ281B\ײ% "M!>x<2w7=_zڒ ^hY T"ÁQfxn&R#\~#tAIwe+=j֎`Lar7o#sZmޘHgErgWO_; S{TwnqhP!lvT\D@lʘ5޶ 9 [}>%n> \:FK-XC>ӥyb1xg\XS P1L.Ya/U%D{ӆ7ptfI1Y} FE  $7|}CK{YȍDՒΓy^U˥#{Бcppwܱyo=o$NI%zPah+t}'Y(wp`v键-X=.6e6B,e[.o Er8lWxͳo$gvM - JT瀛,'%`NkBq֒#`@~0vE/8f#r.b*ށ`D%8$-Gǚj5tNcO3=q7 X(D[?YؼG3hL˅ݢ5r0^DkcDoq<^dDg/@v ?(˄$w@͡l|n(tl|zDfn_\#u_6(+ @Mx1P:4a*$ۖ])tc4'y3ȥ{L>7E$e|n` ԑdh|B+ou\@`WrmA}A;MN(b\vJHAULEdb?5*ehNpqM閰W*ρ-ÌFґXZ^Ed=sfը& YȒ<`ӵ/8DnrD: Lں 2Cŝɪ[X4,?ZZ>kChVoż/vg%g*q {v 8s?nG 3-3!Ccd_ƹ2/qn @qxDj2p.`W&5eZ*O 81Fg!a8øybsIzκ٪ҩf86 MMX4CPaxAť@9A俯D`{jw"h`Цo6P;9h <B"vZnܿv$51NgҲVrxC{3zD$i 11$[(ZnۙWs0 MWCI2bkEl yAԛb2 I*b1b"n6¤z8I`^!䤓3Lc:&4t릜ia,4S-R eV?p+F5RWα}%dZ)! p*VEa,ٕZRطKT 10+Vm@. K[XLaM&;P Zm#ddoCrBKS+h]wi.l+4$>( jIGZ O/Fa+q0CJ^/VF );ec֒]%PUz[9*fݷg̝KaILaIJL^C7 FUɫ-'1jbKfQ&xG$n +7܈Turyw] > v`} ' }fRCM97ۡ 0bY *s5<q[ Zp3[q^6;o :U5Լ%3*<ܿȉ"$xE#gJX?y DʽҮUQa( 4]~aA @:zӆbaSuQOr{9x;Wzlq/ jH/ ((nosQcW΢28HV,piHv%0H%mw<{eH1D%cICI xp#)QϚ=oOU^j;Y?U *?Aqؽ C27[hxsL`#m#E#>[!jk5 N :ۤlUBmH 4K;r~Luh+#b:ǵ@]w抓3IۍS$#=JpVIX@QKmx #Ù-$Qek.4Q\-'}zȃ Eaĥ@QFv03wRM&1aj!uK}Q=j=olzijf/d(bFZ|wUJ&q?~tH#tO:4@mEh&su!M<䤡QW* G\Ĭ\-2~}GöLfQh0P$EXVg+Hb"vG8O>{}PQN5\m@Kr y W:Ɉwch8nEz 5덽dG -x`\ĿoQ RCWTJ+ zXCmˋ:٫Gb459 USlѳh H}5'e)Є ,?G)/`$ڽٚY^tj J>[$퉊]<"OWE/Ɛ<1`)q{GV_[s 94~Y(}ݥ!Z%sr#-̻K! w_BVkӦUB%RǛBQpF#L>+,mSL1/3Ǔ2:cV4ohq/+f P4jP[ɞЙϽi63K,C6`q*ogD،`D>%,nʒ(hz2C@TAz"%Y}3ը\hq8ꂉ勧φ},ٌׄU|s̬ E.T1zc 4 Nw6Ŧ"pZ 9P 51:9Nerw@7Ɍ'~!/R9m$509qedkީd@`1}1snEm>Af1˨cBCNh2K!')=0pfB{Qf}"{^l^ eUnY9ʣZPɟ8%(}s\[15?,+^[kV_Ѽy6S_þ]f١b (S>;?>z6;*u qjҤ)Mg#ǐXh}lbP8eh 5gÿv`5A6J \0u|Xlm ^I]'㬻v"cS7z:=Iǖs>x%0Fo6K_q qHa5kc[tzYbom`\̕Ղ5w5^vXM(rMT04c0 mLjK(4 ,e` 퍰zFG^DbMX(Όv9g+FP#ݕ<:Wt8a&U  d;Ye2!o]#"13jA\ CYSb7 RxQ]qjCOʞ\QoWv;j[jSbN:D'_ (ǐG'8%gqx6ЁJ,cء3j)^6&i?PlIdk?T(ϩL7Y2s-m4 @"רX v u5g` @R6,ŖeTh _cN(=>LG5-~,G^m?1Kkv4hq˅*7))lor1_3ڪ ]T?@+^`ǒcm2wC/uI"a7Oh =bz_T}P1kIS_#+(XHc2="]6KXq}q\ ~=A:;{V^O]@LI^y*Hjb xtwPhﺷ%qgW \Mm lgrd0Q| !0KBF%]4z}ܥz/6(.{aolX+Ixu)uAлPPE6gCG ^0x5vj"R8Ue#Z?e4F^>L54mixMIOdfW`w/\ |!Xq?(#pI+=Va-YM'&WIve C|kߍZ>m oPeDNIG0'>cIPt'M +sX츂,ouB O@aWB't*]$SJ^ɝdNfI GփDĩO\(pbe$kEݥeB;sP֑8E)\Gfn9O!1lkI<6-*ix?)HgU^@=WEqQ]F[ 4VA)lw̮;P~X@I]C=Bx2MՂE!djx/MR6Gho_Y*ICNX=%R Q#ڻh1jpcw8 ZJFμxF*9'iɋolRt>&X?C~ࣟA } օg +Iu3nQ!8=SN}=-ȬĕB$郑1DګL:Nۋgjۀ_!\JF_84=WhK3.b\#c:Ý9}z!9`U̟fkS)tA M`Ubw3AťcW({J-Uĺ. #os r?ɓS5e_7&/*<.5{2!jZAJ n|f,p_2y2Y@GrEb!38~'8fPr7&6%] .Y6ǿT4*Yk9pOw!>aBI'RTN p.Oxʚ2cD)NG6όH !:$_w7"f:jHKG<*Qn~FKr3 F=ۤzXڙ˟qJ1cNVǷS $U7mc{$il|kN2壆ge j%7` )c 9 L3-9aO5.}m VƱ|4꽞 @@ӨscFZ8eHk/6#kЂX 1))Ns`;zF:EZ<7`"|' -a Jqz5pXҩiJ%T9*(8:AGٙ-@ 8/rq'ƲR)τ2@0gr%]CnM;܌+ ?a?T%0' ݬr"(|eTTm,LKE°9^) >l(z.A yzX.)y-HJ"9ca :/ .aFt y{LPPOce e+P,@&# R3z4(gHX$L G7\S% )⚱_dufT'sSd7|OZW ʎ_I+/%h?ΖQwU-i]X&羟fȬWV+ۼ)홁07! @p(z(ԥA O˛ v4m˦~V70C.m /Hٕ>Etcz,@}x$\=Q83zWHjsD*OR~9!P[/\yFJpl )GPeΙ]\VB_aނt%oqyTc+p/@ w7?YUX?b=II'wTm5{hA1nl> r! ϱ&wO}o1aVp˯ lirܶViv-n2߃Lv L2aIvMu:vo  ;z)n̏Ri1Ѳ .C_]G+*w5p]t]ʠ+e;ӷ1YRKT\t rk ZXCw{b=ؿBA*kZHeODi:;H <7m A(&Z_1f!wY~ i-SBCNV6!\t -ghp.K塓"M]E bn̟e,6~bm3;kl%oN"C\SzOpm Р{p@늗n#Q$EouJ3b,IRKg K1=wiA%ĵFsM6m{3 MV)\mCΌf68}y}9qN;5QU`i]Yx?\>m<_al3^ѹGqn[!tޘ̼"zO[2Q],LCJtYkcXj|"={VD2z8iIʧdE_"]c]}KWaLEc%"&*a:N1D~`g 6JR%ލ4 I򣏰j6(=QM53wwH5Ɂ-ʫ{71?*Rj<[lN0E7Rˤe=x!$x$.,dB0KRg+T$DӲ0 G|Qݿax"k_:T3ⰷWg%Etqm$N&s]V1ÇIh&+%R01ϠeɣCB!~e;ʮhCM@m$|9M^َ\&=Ċ~#OQ|r37E%q,4%xTQ6,@5|ak,®\ta(@-ɥK7RQW9o y|{C,~;qd Kt|"$~Ca \zo^@<0-UjKA:ipFX-u\<{\a%ݝhpquz08[)\4Da۩k:`-J'esͦכa!u*c#NBK7ɗN?5 BǗ`cM 'Hu܊;*:/TŵxReb^$*V:u}L=MS:.edýqkOA:]H/'Lvvʘi 8;T .HͅXGb$t}!ikZQzx˴ }ɱϕxb"kkQBz>46 | HJv\>pف7.ȒFfKء1GjgR;_e6d΍T5|W(N?U-Pq{l;Gh%̆:;u ՟k4yfA, '^p@V+w]_;ܯWQ22{(s.lU38۶ H+0%Nn0(`eq2䁇 -эܦIͮ/yۤl* ^{ n/uLS@^/syKǙI(&2?Ys/ &(%%ۼ+Í[ۮCB<^9zk_~@vjvH|]A/(;w?4=v+1p{i`q K܇GkMjzo]L4jOR/_BA;PA펀;JeD[-MvF1=}yygP7oX_튜!,rE2fGWg:pF%p1Cھ%Vn=lsV+>#{@ˋvuGh]~@@p s}oijL!ЃX%}o lE]8Kz`yNXӆ+OnGOjAtYd %'Ug>Ḅz ,DeÖ<,nQ4Gx eo6$p"QM1[|4F8U*> lNy"Ov-tu]@vwp*Z!ˆN RY2ΆoxBrQ{9Π4+NKS$qFcc׵`m`LTBHS|8߿SGaȆC}q̪,'.&fl;[y{6LN)Z0se8IrwxWƢd 23?Gv@+ !S #D`nv":@/j WD&j#t0 ܓq0/:ۯ{#_xʊN=\nC6#r ]ɤUScd{yki~ea. |~tr/-2ETî8Ե!aص;ȂO|dk&1J0|c<rW8/%p G2||W~O!u9j9ޠowoЭ(M{x@k鎆tN|DC#p´}/OꎃR2ϙc9k dDYcB?䟺%6zHi鰏T9@ӣrRDhƪmFa/Z9RoY q9C[\{f\i@<LW(/:ag6'T_B%"u)֭gȣ{ q/, z+V*o`:sX:ȓJ}'@)J&is9C5- +Q_ <5 $.tw#Oݮ" gJCW.~x3܅ܺ5s[#U̩"n<R\NѴ>y=u0!)gnݺ<#)߀a84 Ck˩h4qPɪLRe9Io!A-Nj_yd;]h5kN?vv/cX{;6xkpbc玕 y}ٮ4Utl!|Fefckɯ;r#f9(^V$$t 0cJB-MtAb-QfY+Q˞+I:Y֤qEBv( |tH(ܖfywI7-+qq*V` xX͎uj9 ̟ (d3FGuճvO&޸xj[ rt֤U&޳H𞘄T|p^Jpѝ *, }[BcrMrxc/ҡŻ`Bݿ_ 7,S448fRo̫_cK>׊[[:@Qئ]KݝÁ2f' m2{@Y0é,芹];emF.P#FآArSQ~ED2^CgXR, Yp='  A ;tc`ʡzow}00%GBf!b#nDy[$`C!a W콛)D+炭ó@vה0޷#\$LYrڿ›Q4(AeaNp-89,J)i6Dwguwj.m(S%Wi4k?sqjd1U[▯wƹFk*3N- _iYRUa~c +LsvUR214У1U-=t Z:+nLE]ĬT҈I^>Vv*IuT(jZ+JRd"Eq?K.QjLN,i0Sbebт[ћкXEuئ=;ifA4 N@\;kЉ,~,(թٮIh'* vZ)}ix(@Z19 ^(G~s`4%F%A  &Rkg! 47 㦂WͨL\1>T%P}Mo"*s}G S-5׿>6w5K.w,CxFM:g38;'.JYts&R''ue|$d2B?@t7S< "6["Tna钏6Ühj)bcd sÁ[_ k 3M(R sk:`1j}%>-/OIammXʐǪi@~*h5e%wz4&Ό*cH B^_$-=]̷i]=rʁU.CƧvI7' o)OR.-MZUd7(J}bfY "5 5kn^9if|(xH骟F{t+q*Jq'-4lNP& ESʿ㍏d#<4ܭj$0qQNt|GICX1,U~xceX?G-"M+ZKcXC9dW, BqrCC;O" B=y}'*Afe\?] bDРotZmo\NyQ⃣Mc+ JTdǕDվ\6jh7] JU?qfǐ`MdrCH \4^ī6'Ѽ$6;2^r0`նҽ.sBƉ'r7EXєT|^~ГWZ~uۿ2$ݓksn#B4_y5cTvX2Q~ *06`.HV賜=BZn)VW's#DzAo"Dw9M%U:^7pa')K2\܃fUse#]^ѿļds*6,>\^`Q7Pun;{d5u$eE6JwHa ͼd`I+rIMu.[&5An? ӛB‡()|䰮zpAP9vyfv9"lU\k >-i7(J|t+r[A ։?(&\ބ'DP[簑8cXZG723UTm"_}\g!a>YL鰯 K/Iٖb,PT{ !G 0E<n^VB8E7k rAh2u|hܤE|X 5XMwY\(qD5EI@QֻȗkGJ–;l8<]y5]{* {61 -+6GZ' !ew'Bnph]=y{k56'!`@!n7/Kۚh#|gm[3ga&EY(zP((1{LDB%ZR蚾iBGȕc1" 5!]F2vw>y[f2?t^% !Qt'}油-*fu ڦd{t+k~w W7 4fH.ں7F1X{ş/6^k-8 ZGxmt7 f9 exEz4^Z,UDg4 ký< g,Tk} M˷p?KB*J 5Z,K.}pMk&Y+0r W{jk|HQu (َ(U󬰚M0ʺ-gJCC(r]VDAc@(w81QʤӊX]$vv]sУ6p4eR9SWhˁd A/ "l ؆Ᏹ.EE_R"`3UA@֪Q$թ ,XU 42~= uCo+D0氣3n u?mO/F;|^M`1+>PP2*?-ɤ-Z0IߚĊ0J1]_*mV?sM*SEa9oӨy+T8_, !m#LIބG.b*k\ ΧdfDv:`.:묚](T /~eᦪDablBح18T+~M_*D ي5>Mϼ= h;H5θq6LK) l#HXu땪$RHQ˱Zl_v̓Fc&BVYGTzm{*~(<,+ɜZ]b<٩oK<& ִ?|T=VK̪QcS, :.^g<7ժ y;1u_nNݯh͕58L#BBGD6b$O>^+}`h{7S85һY FD뾪8ۖPKgY9c9\Mlԋ5r2ȍIH?NM4A ȩ/o+S/&/P#6-smȤȟXyӚjb'F_E 4nv7(r=mѫ$;:2}IhdtdXIwhe2ޙ,y7}hKa_(ƐBv=r~4IE-N+lx<{JF@TE{uN+9SJvQ,l1Mڗ'![5NBR "7kڨ-@Jt([S9| fx+?!V۰~$R٤'`=`3\s#c(ưeۢ-JA`@ d$e{Jޕ ArVK9ҷ;̺e\co\6oia\sdȰ8ӰdZ}Z"  )v@d 1ՌQ]Y$xk2sREjIZI&1Z`~x`,4\;L }fb`Z5 aS>?ê7FtH*(RH}Nց:X>;q_ip FR`BFlӨg[ڐ*{A**(:3Ļ\h2kF䢸OԒZt98:)rt.Wd!W%o-">Ө {NX[ E߻MX.깬DmU`UL;ǂs uˣ6\EOq58A"J` XpWXBvdԚV182Bu{Hc9{4^IwЀ{gz"^ї㬰V>sx0Q mlEj,%)g2'6@<Ι"C Qkkiޫgmc>|"4extɻ4W{> rf4So)A)ΣC%dW2 s^F :,T,iď7h>1 >Z r HSi*#c~HKw'I 'πj,O}/nw+yP m87/w ̦4I/\iSwȽ'm0q6r(aع̩2ʘ*xJ $U[!.q)/ܚ~#S$%;\5VupǪ5t q>z kɓDW^cO*vG0k|\ d.؂O3QWgg|R~ Zs7ȧAOGvZyZmErCuMʉaOw)ImFĎ[O[Tty{Q >gCn 6ͣY#-?تh2K(_ϝk /IQgckE UP7_b?ֲ∴CM\qs1QҗW$^E(RyJ)Kzy{sոGAmۺ|V}%M'Qi"Z߯?26,.WkY3<߂ Ò^hjRVu`"Uܰ\AQv]` jVY{) .;)ɋs8&^E8̇8݈R}ڳ&$JMt谅 ''Sz~*~}R(!]wJ[JxZDY6Av>SI&lO1=<]-;A96ü[|%taZ봧=}N}Mz Bk3Km@pދk l~qWP%4]`bGőW9V9%pD)v%H&yj{]pv0pƪ!jB*ځ}Ywa弾0JF<n-5/[ <*` 9(u#f2`.qxU%C}aBXT]nAS ?ցwˏm8Ď0ݾY2Y<]>°p¬=k+kF}עgS+X+¨$ XhֵC#~)\kZΚ@hdsB19K'_aWV{\Hw{(1M/rcm 0Aݓq, e`><3XUXiq8=rU 3$"gv/>pBZ14fj1ucӱb4!D 4Am;6uD%܂bLj_R.~zҺz #;3_„gI\$̭)=I)!Tk ;`Z>LJXSyElYč6$}C3YZ*9W)07_=e6կ-Ѥ4Նae1!t?SpdǷ0ff JHڮAFP$&`J nXy DŽ BjҠ lCLe<'ܬWn7Gj 5؄Z q&u%1(g <E<:'\R*-A%ggX iM.޳ȟ'ז=Yɒ{t' _vb{7"d0\$;%83A[)C Uݿs/,M>m?u!,څD][̥p0(UevxHG;jz7!`MiTZ\#s'Ԅ|hB/Q}"WaO*[>G&0 -^A,9k ?H*_ށM팂=AV0]H6lV *HZpm0z n`iFE( fw\rPrʕGyP̷eZ YCR̻$KLĦkWRvp\B(N@ha[oHb›dw 9#3-Y.7fd LI;=e ^~b=!ok'__tWךqaz4eV)ν*.uHLx1f,ji-Q~nZLCMZ-7\~fiASa8<~r*lɳavKZj^HVR1cz|:TxlNUP ;+6.kb-۞ K: F YPmmDFנT\}ٲA *u?bkY~5${?,jb SraGXB4>cQk}:F>6xxͻ>{D.-G3/'fv% N^ D7m jdPb$҈0"SLJOaצDT7N;xm"|X/&XOMGq2UiBvv彏juW!Q"Rr%;ZV[Bq=4'ζD-x Θb@ ^K\Oe[> `L`bS2tXnwA-v;tM\›L"/ ls CMy`J> P}NDh%o'pLOTمTW"ROe~׽X .h- $Ci栓 eQ`<= kit0p4 `3s iU|՘HLm 0Pv|"cK}zŖEP}ճəp;ȿj4]17m mT(dڊ w6"/ysDW! 2Dl#!+ͪPo*iױǎZr!IZG[>ᙲvu'`͇*us]pf?lG2dkp~+r`~` #4խaR96ɸ(x~j6qg0X.qWn[XƲ9T hƕ).,|Rd ^59Sq\ҹ~zqâ lduqQf80E)~.n͕w>^AH?U2X1mϬqKەXwZ*Cl:sϷRqþڂb_2AùRm1G[_%km&}&PCL?4M/= J{9@2 MFaiZ%FjXYN2; qlɳ&>Ɣa Tl1*_8kc|?_W$1z.e9BD"M+$jm5Ѭ=3A꽽yS)7F8L(p-wο /"*na`WM,|qCeQ[U;Mۨ:&' nn~3dS/>E. "Ƨoɛo,/PϬKwGWϫq3}{l[F.9l&j91-Cd1̾c9 nGC~> c$ӷ+JͫWt)Vh'ΓlFAWKBNq>!CcvG;BOR0^"_U.@!3':sv&* ]/2i6[{m<OM*l4TNVl :xMxCuW0{g.,8Ej̼sMsE u0U B_w&+JU0 2+KyqH3m귧&wC: U%8'53 "o\o1:صXyIOfyN"XB4 j$V}STmZ:a oi*A\ s~#CLa͋l Dԙ1YXF{ȫ.;s~a-~_zX}Էƴ*ۤȡ㌳5nr[sFi c,O4f+*n-H^1S=XؽQ뇏5QK0*FqP[/J }Nƛ$Dm"Xy!WI 2LJ96 ^߹M6@f,$1'R`G"}Mi\<&JeGBwR $Eb4% ,^473XI>3_m jZEY_h'hEAb4lU}(786׆nl~ <:4S= 8_-߱资5kVcM?&.=\.͔'\60KߨdŔ]lhW}|kEXmpSK"V=k EH"n)OsO4: 7ɡ*{JwH`5 =H\[S_.b6o--Q7(YN- l'Y/4+`i;A+ȏv,uy4{G])"XU[ސ֬>l/{}js'~I\L$;K߸X8 AIJMpJ*Tah]"?F#&zͽfjym g q`) az*w h7:F/^@ eʯ,oQ8o;bRfݛn$EXSw Li-O`C4e7,WH/jhw,t=OGnT洋`»sXA 3D~xs͘lZ i0!mG,Zí13T}68qńGldtٷD$p|X}9!R(v绁ũ e$LU~D4FΏOo쓔[ ?㣰lD~+?]寵YSd\gx͉ZddC콕y[a0x=)>R>>4Ļ}xeP"P}lrz_8R[zz}ΰ\R} O`HEArԏ9ԷXٌnwD?ǰ"lzmpk/c+s;̈́=6nmkI Ohf0Kzr%ۀ&_CFTd,6MbbQYkpFoWA|^jƷjfUֲVuiFDq# hRO՚CgEӀ3|N̂z慝Y_`Y:8nu,3/ %JjnLHzftBkא.+F XHk`68O{ϻ WM[CթT[R+cyvar<^:o`)a xhV2Q8|x2FYb^6~<=b%5,!h14, Tv/MpYӬ?0q8{0Ҳ )`Xᖺ:*~*b P* w#pV닾&T VcuOݯlLq ?}Nzcژ!2fv+ α\0q?'NA:=ʌ~JdS\A3 e] 1 8ŷE2C݊f}G٪oKT}5Sdm>OI >cnDa<]-uh`yA;iWO8N2ɫ,9#{a# ylMFͽ2:Ŭv9Za?>܄`6zHzBψpc? N]ȹ}1h"9{ie!3_?()~{<@7BJ>f)9cY7pjKXY1m}RrABys%*KK&O3(=הKu*>:MgJj4j}ݐs/@zS_Cڝ~6[p=VL-OkIMMvl0.nLd0.-׊ulمTYjix))8S'ʃ!]RHSF0wVs̶Vu5Q3`b$<u\V \F]_2/fPŚgeEOFF*•&vūPrMì=|#7t{a cS/!"+"= Ut. ; d}u>wlW"~VZ(w. xt̀%/tBhRYs% v=\ZF{YKd}ߎ*ZTc3`a)8 YJ:P0H WnQi}&u]4UHYL詶i0rN؟ Q|:i!ͯD0(uA9-& 16CO[ZD2C8S~H$m7*Gk*}ܧͲ )+X;䛭hhsFBףVXUd~u7ehw,$w.UG|߀]ꚈVͳ x2 P`":X\R5 :Y+۴8]+O]ւqj1*'BDe"c.ৼtS4V(`+9zW{T %zy!F_Hri+):*1!(mIR|H47A= ?  JGQ)d-# 08ǖN&T?oͳ[|)8 ϯ|7c~)PalNHCRK&E |Q7|4deRf tGm?ol /-,]2< B C6I}Cc漛.#(]t.4g!(5"RTÐ_t s]ВP q@]@:ݭK$<5r:K`W_Rt-_ԱKlcX"4O?B+~SjĻ>enJU|&.yKT^mQ-]b`QGMMd!xk+qa0yN$/A;䖟6|WhH&#Bt\u+B9]b݁E} f]{ɟM#޾_C W a"~3C}6v4OoJ=*aM**`cZw GиBGIo@pc p>Fk _;-Xris MR8F s:5`Z7Xsvߥ$(yĻ_OP(_*fpڐo8B}ٿt{]`&R,>!޿PbeMޱ_xĵv7>b$nB1c|R2rK |ሸkkZIo~OCUΦMPt^\utw~[ja<jHo>BP2څqsaC)XV,lF.#Hz[Odc\yO=6C҄9lo{'yAKno#jdbCI&$-]{b%p=Ґ< Tm?8~t< =րB or.kk'KK$7DIÄ\wPg {P b?Δdk@ b4g~-?JoŮYQ˂i4 W/NRB LܢkNBJ>6 񚖿ZfgL? WLmR3֚A8ΉECA@-! ӾsŜvMHAes` ٌ3#7i.C=jn? $Fj?w5Vdg {6 >x?AW cEUO2wElٳ& B ,: Is/IoK pUz}) >L,NgyՏs(W#4c3!6a?}B,~T2u E"o7pMta,,?nӖh]Q]p!7'ʍfDJ3`&Xw20FU (4qZ~? 2a+S9#>z 0G1N_'Bm *̅M"פIO217yT:pO , G–(MC}H v 3ޛmղ>M[^B/,&=A##8XߢJ]d2:Q %>rKSdd!)|gT/p9eQtD3Mmu0q i>wE ڲ =y%خKSE40gTtF}X"_"+[x QҠ.يX•#*ㆩ ܩB^^G VPQkue:1|,d6qw,k+>&u!`_nXod1!ѽZ%2gX,+ZÖ2lMc{AҙiĆ`IbV*9+PɄ6Uˁ FU3lW$v5/ѓ,uiՀR >tN{؄QwZ87bSZtEΪ|c"_(r|i.I¶J~?1$˧/b0=r3S#jI%P~ \g J0y3“׎(I%}ǞNDnHtU? .J涱_+g8x 9N/>O%s'eDO5:LO[>+`Eם{{׬vx޲/^.NIrGybPI'#Xlݔ qj ~T78BU"EZ,94qud^+AGOzS%654٪u6FLC< wxb]qOq8|Gޢ~ct}W 3lR{}.ќ e^ .F17. GY]qRZqd=XV:e @BUH|ծLT_JiarG4+L?4Fj{L )9O&Xd P(D3s1omqj|9ֻ+T\ަ=h:RnDN0!uܓbNnOR8\rZդ^>=kP=%n&dkb\C7@`WΔ wyr7fxҚ#I qL hӵ*o9".9$% NoV_?NE)۪XvL1U[h^ 6oCY5:{A"op OT נJysʳ- R;GXI^ĸW)/yu;r=VL,Q;Orfke s ClyP+[``wQS ٳ WfzՂU">\h[dΣ/;Zd$w E#MTQPa/t:rƦ:˷蟙=րH,dJPZ>@;CMe66>ZA k8*E7'\e>[ըcR܌dӧUJ$ۂQKS"j .&)4>ȫ0T|5OlrN 8FJ2Di}2C2̊N,KUlQXKg5Ui*U^!nE1^,v³7Wx7VV Ov{/󴊣+N[;l)\_tyA+)wυ)Xzzrbf%hq![_&[V{?# wCdEsO{am(ѹUVho1_uG=i-5ZcFS9(r\XL惗YC.C =OQn1ܾۢ`4aP|ےjs-=i)Y&k9"9uEA z#+.,LH=$![,+*j6!z?yZ^ ^Y%}'1"=1ϨsQ^WyolNv(uK"!ִ` eOyr;L8tNdbJ},6BL;Ds۫Q!CׅB)X`ɯ\)? D*E.Us qw&(:*)  '`O%Ř_ )($zt8 {B:ihF ]:Blmd H%|e`b_Jv ;8܆l<۫eQK+'.;bl[GEs@Oi38*g"AY5'p?*[9rvj%fsfG˨K:k$y. ֚?YE[4O߯|hK:s bxsuJ𹡏/ٶٰo\#3~±kS~xw_WYTQY!tS"Wgz5@ih6Uq':{LJ㏭yC: EЄVF_?*h}4~0GL.B_˯GNJT7*49 8{<_]A4>C]UԬTLš5{p h*%&@v9#1g wpŒ'@L 9USc"AjU=HK Š-zfY]͟S@?RI6DGkWFHr/,>C T20hU7wzp.S'|wnv G / }v'464e ]>Կ Sbu]hb*nqvwz9A4 XK4#>`fdAfAM7a_Mߐh^Qf!q՘W֗䇚/rÎPm3YCk><ȝHx,hlH`MaYuw ͱ~g?)Ms.* N%8vg9G̫-0\YNb,R\tIJ(֛k\)ʳS;0] ӔTԣwD<'l`%!QFr Tsvr8q|{M_FI[Wuͣo]RG PzZVoj&z%E6HIx/64q hBl]ץ5ӵvZI)V<Z vYU"cZӌFkKH=0:JȽ揶aRرOv^ U"İ;<*m!.L F0sfGԞv#کEuǀdY*&Fh\bHSCa tR^ U^(" 蕧wO8!ܐ/4=s_zgzX RqQz)Zi,Wδ̱Ju[GSL ꐳӎ\,XƿfBkO*5I?~/,N(r ֐$Ŷw1vz>YAImKC$Ꚛ`Pl!aq|xAa5Z)p7BВƋWٖhnDFַ@ebZ|A: e9 =^a\æ|9 g 3܊|Ps zg2pp]@+8ٮ_dF$Ѧ:2**bsپo[۝S77H{IwɁ? lmX=v$Qijcl}evR/7eO_Qq8l*J͑$x%y5 ga:4@qhu,x6e;rg:Snj߸^ s?lֱҿ3g'.q88 nIe3tœP>L;;¬[d2ӧ!891U'4d֚_mbR j;7KL[oCbl%0١MI#3*?} lOR.&OLlFG7,qʣV%yo6]'}ʐKBud®lB驧9O .lKHyD^OHՏd0 ҳHHU,2 ksGUH?d;c2 m6C/9ȹnUR~3+/$,_I#}ΈF./Y :pAC=Ǭ/fp{$D5.psUb.YWpʫkm ^zz3=* aNFK1T/>Ɓy~:aZvҎQn ddz;$Kݞe&onq' jT1|V/GW5npwv )znII40\'oy](!1c e_ִJirMT)-隃)?h8srϻ*Y,ER,[v~P+f[>9˟ 2ϭ;-94?#'j/"p%Ue&K 0%\w,:| WD|PThe0f*zϿZ>@#'hy3rYEæ!r9}jsCûe0Set@1W~ȵB*9lc ѥH M; ZKd|eL9 9(İEv\m'P51OE10lZKtu[|֊_Ke9^KvOLQ O2\ClYH]"=bpףnӠiS[ T`۪Uk39ڠ"Q,(_56Wp}Dr*!cpf OSC%KX_B$D;l9oR,jat0c{ȑ?K*$.iHb|Es[ (a~jt[q& m)xDagw9iq;vƶXMBD}#A,n2CJ~ZQ%WbIH͜0SwRB}_W^nB; [Cbݢ:%]9\ү-:{޹=I.+hhwߊf}R.\7z!I/½O?.F~1{ćҸ6nڝ[mچ_rp>k_/lxi[bh˝u: e*/>W-\#p1]]|\̃mkt^Z(BЬ8wɕG^.6uE+tN=;DZ#+T(BؤKY`/_A!|GFMvYF¡)aPvbB  x8[bljr<|)M##l #s|+P*۸(Lc^@w\xdLq`Dbkz 0)e;J*KM$>סR^q}*%:Fœ O@ϛъsJCwL-2r:B$&A1֢"G!jGxH]CKɦ$-Tu1/txdQ_aW ٨)6p *Kc!DrUQHx% m"H'2&LK\g BFn~(  9f$IԴ;3URݙI(z(#U/4Tr@  EgW_)QznuID=q@][f~M mOO=I ) y~iwiE=Eky0Ӯdw|yʇ]Z{mzAUl>'ґ3[I7v̐e 4Kn/ Aҷ7!G;鸈 H|15wR,xR5>G'+4&(ss@bTtذReqZSl0=l#ݬ`\o3Dߟ\,Dd«ܝ='N|A_YBߞu߯t v;*QBz9AݟR HH$>I?$؟ǦC1d-a\`?7+kB&Z `%H=GZu ~{Pt-}6sYqk$,˭Rj:]Yzew|ڜ2Ϛ@:tκq(mFxZ#i#&N=o4\1\os>dz ОԦrC2 k5ًw U==Y? dNNt$IUF *} hsâml[ Dā[jsdy B%_)O}+Gۊiw *qa\ )0=t(MeKa^`(TEH8+] c{eW/M) a$EHQ4 @ZC1<o΁g׊_k"1$?=iHx _.CeRxL rDttܮI?Ƶd-u~IH:K zlQiݙ* r$FW HIqDPI-o8rv&{Sg^ցT*}kL%FT[h!]M$ܶ ~m4wXK?Z 9]I>z@}e(!080qzA즕qƥ4[oJL&i1YsG?3Q/g0~]wUuwmsLȑ>#FgXLHnɂz@~З@8wx#~6=3gގ C/<&M f/II]άUg vZÙQao7\*mn.I!ejޱz|fz2T ja8/ZD. OҭUqhCΧ+%A"5*N9q" ͫT˽#iO{nM@FϋYSu;5͜JCh@=4k.◌>zD*<~&bvZ&rZ O='v . X~en0?qU2Bm݋Q5N&\f2sD7'8B^!V^u\QCbGD POzcr_SG" H$;2\q\+A&&lOIمu/ͽy~Mr˛NIiV kN3%8Gݤ-֢c+?)*Y[h%7 +4 יӹ WrY`>A<F5:WZp7XXZv3(cFr-8:xƆ[X ڿfӁ6C@L)H/׏+ۜ"R(_"-gmk'1PD6P FHqNy9+#NJkG:*_!&m}V][ɉQ0T0,5RT3+ueL'ZJ#uP.Zjs\Sn&hk"Umc^v ϡzv~pmcv*AO5HyšcMbTui?u#kѐ+8~ZJ);!)2{o EiqQ:tPB>XQd G*K(gyF ǻuX*=5KYDAMV%|NT, c8q>BrrLh·N c"mh W5TV9_T/M$SE}lú9|r Ƀsũ$;N4CE:hR @֏o/T 8,FQO9ݏ~I)`rW{5<##`AԜ)_evig1a[Пx2.D xPdǭ޿[Pc%`_c` ZXy\ ;˫Or0j뚭v(r%Z_O%/"[e6FEdSyj^RxX(!Ή'Y/v\H=J?HEPzr9Al-<1fDސa*D$.mA|}Kqp y yt"aFޱJzl+<=i23,Yr_Ly rc?V`wO1UX:C͞kFc,jD(*O=i쟔{ǭ/dA;{h;dL!Q4GSn$ ူxv){CtiYWc__=a6q\UBNug Jev|F`V[Q؋4 Ъ%1 ފγ O4vnʔ\ \r:Nɛ~u@A=-݂/MJ)\Q\Hn7Jfg2\TNſ#ÏLm],hvn) /Fʺh3y+v]ɊAI{D=/ `ŒcZ*"9Rc0ZL$IVyEi3U"4/l#5AVV 7 {4.d:u/{x o(#'S&‚"5a^ʿ;/4W_|Q@۾SVEHq\v( c󶗷}oOk~G{#h˝YVl " 6ZYwnKݻJa-[lHզ},xN8,8NY"i';L:ʔK|) M{mh8=!jdlvBٷTM(wEf W=C*HʊCw㏑pU?* *# KqW@ơi݌_HYUA;ɚԚb~Z<o"9tL=F+rwa=lWߜJT XsQ f~i E܄/^aV.=z\%rv),+%+ޅtQ}1LlUp:ݥq5}5vSerAݑxJ=~ & q/;$14M_V77ⲓ~ 5R)8*L4܉"6-h.L0t Bђc>3C_ 38ox3t[5*QÂj+Aɂ +%Ã7R)v v =\|)}rT c˰{rYjp{Y$,,!zP ׎3W#Bh^g'[mc dUq1;姗XԠyӿ7 w;ИM22PBK lj 5BO/R* 7 N|YI_%5և1cC@g\7cxS*.~C, ~c1Ul1NLIb.pXQڍY.$Jl8˩E] -9\CTp Blm]@q.0jA=5_t˹'`̕?⭎F^4(VKK`yhYCQ7CCo*Uoǩg<6r"I)qcNd UՁ< 9۫h+1:@%O4e #{Km=PDelvՒO 'ZrR=sFB3Lzu+Ht*ě+B7B:('P"nT:I+8$֭c&NqP(c94qLEz`Tc7[MtWwp? ]N]=/<:h_,Rȍp|KR(!iibg0 es4/TKIڟ4ʞI:-UkGG4U m֮y€lj TeߪIJǎb[= mT-ώP"s)D,”@@_b eĨޤOB8NW-'^_59 $ʻ!Q:R{aW]A~}Yq ]Pk!)'sja T(AlD`}JإX!x]x֓\8!>1W?.Aɴfdw|%i8]vHH^f j-q`m , A$Ff沁{~ѝṊ$jW$|3H"pϻxtn%p\ ۿ `cxh?vJQX}&rIi8\X[Ox/3Tu~$ܯ׍jQ&Z{ܴ/"4tiJE8<-Wsc!(ДY , -cXPd{[0124~VP䞃.fR[ 9F/7b"wEelK/!Bk _oPumϯRP T`;Kw <`aԇul#Ch9)ɐ0j'<)f61Ԋ =:+o aOGZ!h|Q*$Cӷ523GogH&!>f=;*!>eCP{X1ŁZb?Vz067NMGѵ%eu#^5H iS*tM' UOʍ4@VQ}\ nzɼK)3- H!%7wYb02j($D(& ,L%\׽zp˩T.WĬW h w%9Pg:f&pg$ۨ:iF v9U9_#[v*J,Ks 򷧶40bJHsn՞@!>CNodH淬kV 8B!0휒M99(if!byv0k *_ ۡ~Cl"H cWsPQt D>n]؏KC* Ì9nc35V & GhiZ.j^jD\|,;2<Y 7IkC"G#t/;C`ΉZ20XsP2H, h0lׂ0TJ(g*A񊠅 o*„H}Z%c2QS3X:MveZXq9= HnC,SvvF(Nf{x/ySP;RL°t{ob0!:@L3}NFCÔc8xC_C5Sp puڕct-Ϻ곭D)Gl|4F^sq= ({ X-u5wUDqlzy WˬAFHH@g>+IZVpWDž沷A{dM3U0"6o=՘e9zl-ziI ?U4khX;)$^<Cz΍uS $(*7wkON'!*l7*p7f(PȪaĎYTsmPGcd\&ɾ x=4>CVK/ԛ83ވiOkL}%o#/Ro3a'e5YOz PY#gʴ hɅa""dpјI>SbSS RҙI;uF-tRw4TVJhdoZS^X&aC$p͡[ؿ֩,Cf4v 7&{2p،SD4ns#$:%u uOUn[)ͩ |x0HZo>KT}K%3:*ePUY{[臓V`[8ko{n1DἯ < aIV4X~˧46aWZ*M6ߦ7:Z vw:8Eб_x싿 m>k=io˞h{! 4EVu+[`ʔ>\}8{>cZrxسJ6(E SjYp~X! ?yeQė>$J?[i0We93s#@ifͻRJ6Q 0 Ɇ~ɯL ]ҫa4nv!PqXfϓS1f8dJ}yo&k'?qRڬ1@5qKȁ“}e0IRCbd!%Vk{kIZ:qkI:)" ~88= I=\&I2͈AC<>i3Y%6xt+4S,$ny*DБ ;J:g܄D:f &|ч7rՑReϯd$Όպq]1 Fn&yB{CiefdV{l tbn#@c|-TҝA*Eq7Aco2*3[%LV>Ύi?>){e c,|̭e7G` ӣ8RŎ.NF6bq'PbZtH l<󞥐V^/~spgd4-CbYV G؎ Id̓2>o:\ nݱkMy$=X>e!Vml+ Z/HBl19[BRopFeERw$'?*:Y3gև*7cqgE!N"Vu3u0a@ܬw0=WhV]-4R,'^P \J#_i6,6B3sR+ާ{rZ{W?1['b1~>M=lNxΗ:-jj/[%e;G}=7nXd8.﫾5DA#ݰ$0P.j[YeM];,!RŚp-7@ ^4ke#C9"Y2jsR,xXLv/H 6<lf_jӷ 7lOS2ȃZw[( й֍+bGEĐڵ*@g^*F+AZ_@!0k1[kZSfusDfX@6 %>?zv"MLՙ, @Mlߖ~-Edw޷O+o>\ h!k UJO,0!L6qze5=ϊn{<1uyssWK5;dz{( Ї<(ǵDW}d_n0YU1y>3>I!jx`ذ{WOWGf&'9KKeՃjވz,CG5N0̭q#Q yuŪacČOM_FҴBFj糜bzDd"8~Ixyo&^#o% 4 [űbm](6'urO,xת 9er&Y*M\Sd P*4,l1ڦSDȽvK&_z=gZi_[*-E@ LFHx 4m&M,'PÞ|^%?[*dE, pSOogzX]2plWblwVݭhԚSqyCɏ_tߴ):{2/:+fP'[dkъ]x-Kч(+Ȉ]HzK͒!*i95: UG1ެ@0 _R[KV\-1;_N8eX@Oj?olmBח9446qvai oN~E+ WL .g+E XQ [vh~{h F|RypŠl?VVzIG12N:׀92жNQI^ l  n{8ZϭDx"gN1־G2~k-inSdbL I%>7LYan/ pqtOE"F+vR} >dC@44-k2XWbe81N#Cf g'??@ԜvE{%|굺(J\t5 ,XAZ:riX=mqCFݵtW]PFaJfy<pՙsy5G^xh{UFD"?D\Gr|.}9*?N$/. d2u)苵kp,t!fCmFHUilQ +89|֤ wq(wWh|?) 砢KDJ-x7tMFk6}DW,whuYo^|g Y?j-l.7{z~6;xיZ˦;96s/-2 0qFUL+qNyg#޷ڣaH|#Hnz'~A9$k+Q}Kev#JE]d%_8Io7E9p9D$Gac~& e*sZ33KUŞUH,יv- {~]鵙DP?YjRb.K'c#0Ty)FDيj$94aN!/T`dc!,yo fV]k?A3xtK мS?}aJIƢhNjaܾpȥ$]oJ;':xZQ͘_BLc΃Gb3C 1d9z"HxϹ8i J4~SrnK}ݞ*0BoW|/x7w7Tj'C%S]=,TҼN1ȇqcf`#RZߖ1t/*Qdx(;CT|yn*FY7r hR[ 1zĘ i~4׀D^\|5yhZaf}>BJ(`l%tsi}q TP1[ s`qf+!hZ>)(Q8=Jy# nr w D#4+> :{7B ؃?5lLW?ɹxnTm[-٠iő0vT^c_j A4ڕ#/l`^zAU*=YP kB>~C}No+0vv?S]K #m`vs`UWT@|@4d, dGK@W)?ƿ=`x3+c|ffnh|9JIĢys7GYb1gJ0&-amSoF3mqjsʐaj9,ke Y{kĸXZި?CP\X 1o[MŴZa0Ԑg|mYzg}%sSفp :py 6IoiUj~8VDPpxFXJ{xXwzxSF1?\PxO٠JZ>ןџ[S_NFǫ "%6^¸$NQτ}Y׫˦&BaṮBA*7t QU'9y6rǎS|c,  /Jz*Tl0YjEr{ZG2M'ahq=nn+2Jb1GDiΞvmtd`Oώ[,_E! /_t\d2^m8W{`8> ΍H* .u,KS@Ub/ޡZPZuˋ3(_6,1sHN0D<#߿^U6l~.Sf֎XUq7{l>9d)3XTuOV uEx3sIɆR5̀Ut(o9M o`qUzH0?ɞڃ6gT5ffO ;3rPÉHzl~˷ ;<{+@xa Ѡi4#RQVVT1oEضy-NȨ $\r^S9gWDlZS "nP8,`MYԪD EU'a>] |VN Ҩ!.!=5,<OdOlυE3OD`۵7UgNmzar5> 4'Mg jQ&+PBMp#]oTX!$U (I+Kmv;2&s!|Z 1H':/:k?%-ڔʵkĐu=+wA| p:1+͹uGw!Cy1C.em(,Ld>Z϶L;Y[lY,8?ea)>kir`Hj/8)4u9A@&Aɛx[Aݽ$W1"킐p8M|NL|s8pn) zE?عJWG13~ΉØP]D\ Zu]{V6>ݿ!9,un2zQ3XS}F逿̮3M ה[?g Ӥun6[ﲕO 5(L1G#|;4#8>/EMU]ZS8Ą@tsf:4 ~^n$15MH$! [F&ò3b9q&k`P 3zU<Ԇc!psl(h5 I7*$Qfu1aK,*7導ljDr76qjXzl\Vٽ/]ՕU `5MQ8!zg柇`M=e;_CnQ92>.P8n:9~ÜLY^u#B|ƽ-y78z-[I.Y?3)8Wٛ;sgҙya~g 7*fLuX1޿ҾæJ ״n'J<j2K@H=X ` K:5R; vt25&n965b"j%X7,Fk 榢L2l%i1CdBMy|Z3`tbT 4mv8 {0f\#lZhH=$ h}{eicʮٺ1 @wI|mZ^NX]/(F93f/"ک$,,&ҏ4-XK sjpm6u,Y$P+!i>i 5hMX7{G]mGHz-t,\-dpO]IYIrnwۧ6B^ $.@$)fTV9+3I$m6_T}zn5CB?M{ڎ4Cӿy@Z" k^bH"c;}T)ȿ}q`cqkME:sq6N]~?bO܁+"O~)l4`^uZmZ/Z蔘$o8M4l9 +VN0b>j8U1B<7c\I32#1WoBX >lZ-Vo/cm/K.|- 5?3f \&Xd[F4uEu=R')aje5X.= {EO߹ [7^5P qψ?k&7SgHsBk|qƺ}s,~XT,.Kd̴$rnǂef ( XU{oehHB[Tb ˨)k):rܯ^~(j/*q] ߊsY24ӗ/YmB#RO e tWβ%A$jd y9c1H-@v)N7'S^V_\#P;c XYq_LP.iy]{IM>m+PNG`qdZ>!}64~;CX:[q@%'"ȃ{fg~Z\0,|y5kKc z ܵ.۠Q>:;%c';/_Y! sH9yoVXJvؓ1~)N ŸG_"-*[ґ3LO >M p\\lmFSs3F[ꊬV;]=dW;'1. ]b1cb1OGS{/=8k#,l7nډr@_ !iR#\7gesX|`8SƋR+[wlUHIƕ'K]SJ0WiGOqE ":>p? @6м )r =)/V.47t@7>(,MgW蔅 AtfO ŪM lp5̵K]jӳQ5^-4Ny׷D}0Wʇ(B\mվ)Գx#pe fˋcK%z,D|r6ocn{G6`4l@Ȣ|LM(! ntȕ o۬Ch<.Ŀ\Q)ގܬ4;'H_ĕgC& O V϶un9Qߪ\+&|Vڮ*p*TNR3D2#ax꜑qS+Qbeuq[~ކ4wo Rs.aÕ9^Ca9s$Ss Ɣ d0 %.CjayϷCɕUU+'4$:/F*{:tc5aGgXyʔֈ,3;rj|+?Ŋnwb\Ϡ이n|>>jfČvMsyr|M|g^"2Z٫`c^)MZKz04Ec`*+czk A{P#*1hʣU,uTIIt;~RXVyO>F\8LBB )TǛq[Ǜy+%>(7 ݰy1 .ROeǹG}R3ZR̓\e-[a8YfSʍ xD͎s+ڀwmk"m/E,c7TE5uGMh%i['GѽmPe_|"9%+ZZ x-׾͖3I~0$0<` 6%7mUu UFG; u^x;Lbzwpi_X`_Z5ufN`I(r*#XE8eB H94f>`Ԑ>1Bam3h#+ƠFSۘ6-3`Crm%JY<1G=pn._Lc`˃=BD܁Oh[ tκ\_r:0&RC=0&p j"xCSDd?ڡo0Ǩ`<IsBD}9uiܞsrp/=yZjɽ…$U7HGt!+$[x2F(~&2{$S?=/aIU8[+i{b?M SA_MءR,Hu_uGHT5RžV