sssd-dbus-2.9.4-1.el8 >  H   ?PTeQg U]Ñ|=+RLǦBHߵxf4f}=wE% Z[@T(=桳LŽrZ.لԘs:elMEB5,A%D\ ~z.gW% Qu>cjabrl>'=W2x)T0 #@=X,^2?jA.;K"l di" ʚ CjAIZyPךm(Lj[D;%KgHћ OM \ORgM_h%I3 Lsl6˷wRxaU`h #\;P7/mĴ8 g_' Z&0ܥûJK=MyBH2~#ώUtJM 4#ư6W@W[kYip]`:6-BT##YʩV1^IQU}^bʾe0 4;s3_|T\y6<=LO80978986ee089d4953a53cff5b80a3775d30106aea53b268c9ba0b666519744718fb6315b3a26dbb2c6d0b61d5bc7ab770c12a7f0302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023032094617a8d1fa0d45128e02723bb672a2da6b0bb377c1bb1e4e7b8f9b3fc6e6c9b11580c7e0a68e8e5f2aff6af02b6a023100fa646f7c12acc150289373797e1e19022aff6c8b2fa1338a280445b3b9ccbbda877cf35a7c42f29978ab5cbcd5680f0d0302047c435bb500683066023100b3c4435c11f205625f543d90ec898103a21206bd99d9b99a7e6094c029c5dc3004239ce48da8bc0ea01cf0c9d58eb303023100ddc5578bfae2a23c2e40d304c8f22b21fab0ba726e3dcb6395f5d95342d20de112663f23e426f2f1236035d45a5a722e0302047c435bb500673065023100b70254c419bb9826097d77cde518ff97ec2903e4a4b2723fe86666b95c4fecce23819235a5f1968d6355e5301253b25702307ea15e845e35703e7abbb3abb98a4c0a5f381f9a2bd2c4b64265a69ceba165b689d2416a89611e576bcc58c2924e38e90302047c435bb500683066023100cb16f1a2069d2d7bf916eb40af766aead9461d1bd5d0c8f2d7fc1a858e35f8529a212d15d39627dcead2253bac1df9970231009c11213808b1a993811990bf674aa1babd738d8704cca38d266f626a18094c98c5fcdfdce8eae062f7d144914bfda8880302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb50066306402301e1c632c69bc2b3acc8290a4bef5602abfda9a0def7a10712cd98a27ad0a26588b90d5e8ec4139694b816e72688d768402301256a96fbc006757e447f3c1c02daf7da865c47168f75ff2c4a8b66e406772266323bfafcd97cefb75c3ab8b6dfa79810302047c435bb500673065023100c874ca817a84f9cd10d3d72b1d8b7f0ff5891cd4b0ac38d8a92c2b8369a692ae887c43ff0dc12d8df41385678b9e948502302d1e61187fcbccd10a0efbad58a9ff15196d1b0ace93e4a4f5de3f63f19a78cf7158de2e1e6557309ee0c6f720baf64d0302047c435bb5006730650230542dcd665caf6644b86bc4c0df60046e271cbc764504b4e44b727fc686b445a8e4c8c5abb6e9cd6d9c11800f285641ee023100b0379afd6ddc778871afceb1bb750e159a4f48d247a3cd2a6bcfb8c4a86d3341b0458a96817be14b91e66abcf06a9a2d0302047c435bb500673065023100a5ca66e97f6e2a98a0d1e60e31d02c75b9be28e56c59ee36dfe6ea52932ec6d29076c606bd363d36eb0d1528da8b4c540230177d2c02f2db36186bafb80e71f35800d74ec179a8af73b7c045b2c3663f36321ae066470ae404cd345e4a3333f8c69b0302047c435bb500683066023100ce4491c567a0affe9b1f8f012003455e2d169bfe33407f39bf1a59f14d21534665ad706604a7b269c9a42b9c5094d636023100d38dcfb1657df369575656b42f2ca8ae640ada9b61252570edb9b39d11e6127fd2d7b52582929db40cbe7fc399a71e12j eQf U]xZ ge7E pW~JؙߑTBۜjLV khA|сՂ.P(\;"|W1$^4|!mgt(w7Iy:f]/BvӹVcu9G..Yo1wa{oV6 /rkq{Ғ(J;xE"yOv1{KƯDM[6o{;T3rڻ!-"ˍ-&ݱl;«l^"ʹQ&B> Oݙ9j 36':cã{6_1oSUfBk Fd% "}xf9-ĥER;sZBMbWF4fE 0v[@Lx`e! cEs?L]foj=W]8ĕǖ%⋦hd!+a>o]mstAhXRZՒfZ]e %o~WFz4&RL[Ik/WP>`B?d   8  0MS[r ,  D  \       < x   55 5( _8 h94:gr>?@G H$ IT XhYp\ ] ^ bdeflt u4 vdw x y*Csssd-dbus2.9.41.el8The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.eBaarch64-01.stream.rdu2.redhat.comgCentOSCentOSGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxaarch64 if [ $1 -eq 1 ] ; then # Initial installation systemctl --no-reload preset sssd-ifp.service &>/dev/null || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable --now sssd-ifp.service &>/dev/null || : fi if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-ifp.service &>/dev/null || : fi%&KA  7A큤A큤e,e,eeeee,e+eeee09f028cd5ad8b15e0d13531d362fd4f515952a830f6c821442cb3f901cf292a9d96e96c10b2296fc3b5ac000f14ab4afd54aae33d8581a85b1e75df4e56099e3614bda7917c82f59b9e4db0155423adbe3c2f1e3c4361c8fb7fd4d1dae5a9e364601b3592d313effe1a70c44167775b06693dc9b72e7bebc718b6c9e8b094b8f8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9035257ebc67788c65aaff87eb593fdd3bbaf9e617d9787ea3696b0ea4467a8fd0494006da27f6e40a22d66c83cb4fa486765f5a58b41243385f3e2f0bee14a45ca4774ac7d3cb56b52fdba80ebb21f20bf15b9f30e153ec3c2c25cce3d127d3b3ba889d9ad834caa74ff8e4a49a14aba19aa4a24e61371d0f2ff14b0bfa429aac9../../../../usr/libexec/sssd/sssd_ifprootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.4-1.el8.src.rpmsssd-dbussssd-dbus(aarch-64) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @/bin/sh/bin/sh/bin/shld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcollection.so.4()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdbus-1.so.3(LIBDBUS_1_3)(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.17)(64bit)libifp_iface.so()(64bit)libini_config.so.5()(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_iface.so()(64bit)libsss_sbus.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.15.0)(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libunistring.so.2()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-commonsystemdsystemdsystemd3.0.4-14.6.0-14.0-15.2-12.9.4-1.el84.14.3e{@eReRd@dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.4-1Alexey Tikhonov - 2.9.3-2Alexey Tikhonov - 2.9.3-1Alexey Tikhonov - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-1680 - auto_private_groups does not create cache in IPA server SSSD cache - Resolves: RHEL-10092 - logfile rotation for sssd_kcm not working properly, sssd_kcm never receives a 'kill -HUP' - Resolves: RHEL-17495 - New sssd.conf seems not to be backwards compatible (wrt SmartCard auth of local users using 'files provider') - Resolves: RHEL-18431 - Excessive logging to sssd_nss and sssd_be in multi-domain AD forest - Resolves: RHEL-5033 - Incorrect IdM product name in man sssd.conf - Resolves: RHEL-15368 - SSSD GPO lacks group resolution on hosts [rhel-8] - Resolves: RHEL-10721 - very bad performance when requesting service tickets - Resolves: RHEL-19011 - Invalid handling groups from child domain - Resolves: RHEL-19949 - latest sssd breaks logging in via XDMCP for LDAP/Kerberos users [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-14070 - sssd-2.9.2-1.el8 breaks smart card authentication - Resolves: RHEL-3665 - Unexplainable error "Unable to find primary gid [2]: No such file or directory" when SSSD performs lookup for an AD user- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh rusvuk2.9.4-1.el82.9.4-1.el8 .build-id6c05475eaa73a961d4b13d1bfeea9852a7025asssd-ifp.servicesssd_ifporg.freedesktop.sssd.infopipe.serviceorg.freedesktop.sssd.infopipe.confsssd-dbusCOPYINGsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gz/usr/lib//usr/lib/.build-id/47//usr/lib/systemd/system//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/dbus-1/system.d//usr/share/licenses//usr/share/licenses/sssd-dbus//usr/share/man/man5//usr/share/man/ru/man5//usr/share/man/sv/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnudirectoryASCII textELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 3.7.0, BuildID[sha1]=476c05475eaa73a961d4b13d1bfeea9852a7025a, strippedXML 1.0 document, ASCII texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix)*R'R#R RRRRR)R*RR%RRRR!RRRRR&RRRRR RRRRR R"RRR R R(R$R R+RRR/utf-82f2f0afa28b582d28eecf58afa00b7e41d95ba8abee65ee9797151de2b6c7c46?7zXZ !#,] b2u jӫ`(y//cE}DbT!훥p3qyPO04͋{OŚqyVSvp`_3&.$;\(~8:Jb%-ieG#1y&B=5j\ӝ6mCt_LU0mڪP*-Xc_nox6 rDCc>t`'5+l.ԌYc(  ڴ55ߌA+ ?.f1-]8DF\GVRQ@N4GIa,{zHmcciq$4UHRqP ޲9._F.za  8|sΏ ׻:?{YC.A܊^'?_c8|[ ~$=6å/= Cuy/rm-2魛erDo4;(~c1Qg2?bIޒ c7ƐB%{ڋDt {d6j]c1Ȳ8ڛBFͨ\kl#~$$'u`]@TӜPicwLPO+mTf (xwdKʞb?շ)06rI&ӎ M&B Hp$P~.k4OC ӜWH/s@z$zg߻,8.ĈkLFu|x2^-5 uYh8 qL4sm5: _-"R+@5\굺a@?!ܽS<M ƚ=5A& [1{wWd@Ƞ %m6>l<*YqXe{>C\.(8D|vuI"|հCDV$j='S}י̺X Z_5'svAA3=oDЌ,|5Uó␝Hz"\\6̗e+M(_'񯅟5R̒rap~ɧV]? v^."xQ#M:(uQt[:QMg^ ;vV_#ez2%>Ს+% z}{DU;1M:cG h p}d>7 |PCw 4?oC8"R Zr}_xy!W~4ى ~?D[/%ՇA[6UiĸT[ƣkf5u9š}evȬv93ٱ5r<a{ jټ Ch&#NKr$iA2lOPsbFgcv>,O!O텠}H}v* _1DKg*!`:4t UMh+z,/HT:}6b,ԅ ܣa\m ص >] V5\gNTF"P5ǺmdG^ɝxMhS"<.%5X(՝d"ۂO:6k&?E׉ZJyB+N7+|((12ucS}lЗk o b3oDW!s-y0NK d͵vP580λyJcn*ͤ\i0^z|ʯMĞn4bk2WL ݡ"8-L3X.2[@zke%+N=^֮4uF$$C2[,%Zp|*4C}q=F/.k}] T^GkMcU| ڰNfA(7w!]+:CgF퀀r/0Z/^-cl]#6X—¹V E  J?upW 7SuSvӍU5 XsdQ]GǎG LjB 9Rx*)qȮ#=R6 #FG(I I68 -ˆUJ`WCzMmdJ߲M"0.%rvUPd7XU⢺L0zJ;/ 09B$9M%v?±f r)%Hs@PD<[v}.u({L bf%:ȍ?$,0%߽⧉anwĽC(HP>Fq:357]}zqkB4] cd=ur(od392~!p@&R=5ocI 2%fWDɎsn{g>c2+˒M&wfJR *t0Fϫ=kT{vCDoHZi䔂C\5}XS( N>hN5^0WqjSnmL15O|\\-(oZKl)Fo!cX@y/PӔs2Țv3ؒ-/>^A;0,+=n#ѷgFZw-ZNNiV|oZ~b^φl^^t=X?ꮏ P,׀Qg4c pcS:fZL o=/p/IѬ k}: )q,DGD! g]{snY1BhqΜ7Xxk&&/Th ;bT| ><4 *f*YYmƸ/B`c&Nf(6z{ZYG<#PNnxŽ׾VbߖhK|}jŦ{}gIoz%rSWAAr:QUR}@AqģΎtdLXaP,T8K!=_e\N YkZPh3]rϮ00[SJGv7:lT9eR|em~vzP% j&lklI;Q=loCYP|]{H yL"T_&fqj=rU/'(v%Oyx8[x?(I,WPdt ۮ0^Ř6ֱ |fQ;Iqp:eo9yIXz"Կn ~{4;\S`o ?u_;P _9za DmVTMiU:pP-$*&I/9Eon%B{ɓH!ZH")ա3S,ADJme'֥Db]G|a>gJݛmwp,=g !ga@pl$kZ({([_6O-l +S<nD̻KYGYb$ӳkGKFI.5m7۫P0$ujhP'_R`:c(`ʙea,TfM)z'yVB‘aM1VVQƑ&D_#keͦ_]%˦#z(1vJ,5+1ƨH4Bv,Pbǀat9"#Tfn<"5D+u=}Iö`.RD9FX ! fEVAq@qK=9.#1s{ ɒ3?*B,#Hj{SN fOE. %y[H쳉cU $Ĉ= QgVy2%ekK[`ƒRL`3qa`:|' T`ƃ0oG=t9xcmV`g 3}G3Nfd{L7dj( {Ft?3gJIpܦ{iuaޭ, VpFyr]:⛿PN%%/j|?bAiCW"[-Rk - 0_sdR.JH0~"Įz:_GKgwArAO]Yx-0APxX !+\}A>9p.D9pwhڧ޶O.1r:ʒ`}Bѽ$fw_-P=>K"&rh`hZ}jYtPKgl9+`.y߈CEbHtiTˬ.q7Ӭ94-cR\D»@U {ꃥ_smghma+_ܴ AS&F"+k79E%XY#y3R(=9=̉zzYvzie#.=TX\fofk ȴ_͝.6"16U:#Hy2Io9MI/6NZ~WRn!7/ϓK,&7LRw9US"e #m5NQ1R|IJ?C}`2k~FFAhXoQUαX^ .q0ԣy1BcR1 =%8r306h| k'kZ*jQR#-9}:SRgt9>~'9:oNvN*8yiV<[21i/oRVe`LU!OIrr(uDFyqg$w< f+}ȭ:d}cRңf#x&L-=DT$׮7vQM@rYdoTF#dׄP¡_b!-p_ t ~{jXǁgvV(ԫ';JP798ެ"6?gתa ]kI] 64'/zXx.䷀5!?S̮ ĹoCb='|uW7/[+v@?ŠL5gB#nQ*h/63 p^.>ׯ YtȧWYYLҼD{ҟ.LnMts3Ol&{Lzx5D+pГ VHн#ܦnƳWԵt !i7s`^YF Dmwcb 42@{O=\Z$>X0ʘ#yR}l5$QYo F2zqK ()Ÿu)Z. ךlKkMApW!US;9E׫)DEʲBN+|mC4)y[&X TQ˥eB]3< =C-"uT*bO(=f XI+NJ ̛tUM-)JlޢRexYJeWHEeoxFyK_n930Ph]+JG({YVoq?v<`m”+ȺfWg̵l@$#s3_?8"Co8&55gltc)Qm{3X>SqVkvG/3-{Dŀ -.,Skx1b(A \Ct56?Gu#B-L8``vO_d5`LinӬW?vLoGp_Ss҇&Z=*1Ѧ %O͖wONa9a./~Z -h@v  >+56а|fm}:=/mD*4պƛj|} mW+pJ)* O*6hh[ȵb!4\Zcif|Y5RdY tx. fPr.]Ə[Z1e;:H?o~y%#i("5ҭj|N+dHp66NRBǓC;~Y0!aسۅ2vyUkzUaM3i;ͭ*P"p;}#_.iRw/f WM  Cb{R{BRzeRڞ)I̵^sԈټI h҅ 1}Xv4{"&(XObkdS&4= 'q(I/s?%WW&ک=D}gyv#jf8qHcnS5JS2,W9J!%6{3/026?uƞ4by\M'TN.ژt:b3КN'A#i+`mfr]3u\=n$OPMռ XD)IuV?k_b|j2#Mm7?e+֩tR;nSQ\|?v2:A>tlvvEbsgYq [˗H\kL{?S)`XͫDvSEvZ8,0VC6${O8)qaSCǑU9lOv49jS(VZ%!{Ⱥ]Dk5cnj:ô.>㿕7иR+I}Wzbu,p;gq}xO4%"X'~;xX+aV39;iAuU)+Sqyf.(pnFPx}>B't6Bq BO9;.Hy V5&tfGlQhY?yFvǴA$s_zӿ<;:#'BچI`\ʗ~!tGш7Ffſ%cBAdâ…T"Xv{7Ffٙi#,ɽ[A D~u4rıݛ=r_Ql붋=OzqyNl}ק2œ78#[XRҧK[ vP.J~Vv̀~hIta Q\#&TV*_%'?H˺JJ\ivltiY,(`b 4|4IV'8Ϸ ,ѵflotF^ iqXqPyüc ]q#L mbݿ;HB*Q͍sk4D<1N/`]}2ǡ`6p+f1JhU7&̽2Z 6քQX+^߱$^;%<#k2fF6aإu#̉ pC?#1(#`NB6 C5Gɾs, )&sT`U'gnSq}.nܻ.H 2Q. Qkzۭ}={W%StMU=ynO/NG,(eŵ,,q?j`: NduɯOD\qxli^nOWJm7WQ95|hpeߝۀSn]:!8t{hgܕkR&\+Əpg1|>r]zF_YZ@O儧_ԭ(fmd;e!wuz6I8.dNuZ8ӫ_ {/2V Ӫ ylYU . ʓ~u=Fs1 eDA+8ZzdL> ӬQ]^rNCHc&{S['B(8nse^: ZJۓĭ _X b#1W%lo!(M:>)ޔ|1/جBi~&u_QbOsΏIz$io|&jpL;|fvA01NG^Ξ5 #g]DV[eIt<ѓT5lFā+wõ*=rFW~= EcgW&UwEy/|'C]бJUu鹜KqiO@ɍAmMǧ x\B~CuAr Juf"c'o?|eII]X])6u]mW~AX Oe^ 1v )$?Zd_{CPPڤ[\^z1ttf}'Xg_K/4 : 5^"/xj!2:an)u

Q]U0?_]zYwMBe`}9?=Q4ȸ k$cGΥܬmެB14}9̸MYG5˽,6pߡ7LA" ,46W3Dn÷oXSʚ{|\P埿Y0oQᅰ%53epX\*&jX?--Ê\lw}>Hl>0H( UM$@ߪX o(Ie?M"#I@q׶~.ݝBD Ln3Iꪎ1YҒiP}1S1k$BpR?g9O'P߮;}lq#Tx ۚZ9꺲n-Zv"'t>na\_eÁK|PPmAvP#_'BVi%sOw!PL* G|kf_^s\mT~vu"ZSW K"b=dmmAbFbNW|`CO5ܿ_s} u'ˌ}qfN>2lu?R'D/)grplPsmӦ"6yICѼl""֮OcS-^d9P6uJ)3`\jt^TZ/yOq;S-n0_*'d?M(WJ{49E.{^cg ]/j1[{`-O]#Q7r4bx;l;J)d(5c Cf2M=IwӘ"(1f5f\v`{Cql+osdP\>?&*DƸ^c!11oȣ ]{Sp{&5/q5$ah0ݼ@cèWn9 `QwcE"rsŴ=GH%P@c\*+>؟L30B(i:s:bMa/|,/Vy:-AYҁ[JΟw2a-0 UnW[aV i 7e9+F O `LpF'3FD=2DYZqScpj~9m^:[t5kqƈŮc#nӘ U"hgity=ͮh)ȍ8,F.eIQhq9r a5=iL49N͵Kg'}3Z0CGA-˾.A-? J9RƤe@eѕc/ @(ڿy:RӐ)G_OIaMͤww3rY>3Ȏpܸ|=p5+EL,qݑ}#5WU_mPhN'JO{}3?G;-!6/H̟LJTG4[TGxY)&rIb[H"vIʁ|Jߛ،`6h oMl 1$%(px/uBF0/td \ %lW ddxPYi=D#<{Ο47T'ͮ&ޑ㷹`)ĺ4/e*nڣ]kwڄ*wcXfy$JoT5gMbRu#Α@۽*r╎W9 yIƗv(6H}7dz|X2vVȘ^x"_H1a,p9MW^F` KQӦsjixMōY;ammaswIJg6e֐_ҽгfcǏH5VG*㭪:-0]I$DF\+('DpCe_wAOxi]Im,KDo2$&IJUEog9.ha)˟ >Fu IN7F/U@ 8= в.Z3~2m150խhgUs(ǻF" C"C֝Xq|LcOvZ+Ql. :x*wJB>gتl+qUgKy AOmj_UjgMl>e{硔 ӉS N!I> x {[hB[QPA]?<5ߍڱPT7O_pxkS2R6L]3}2\{WH9H捛;3# Ј=&ǪE_O[sCjh#3ONq(f>xk l0g]U7zsQ=_QѦ &wlb"|dQb>=13eO^y+:c6~i0ˮiwdLm6>J 6`ń:/&VVUa%Rmƌ*Eokѕ5MѸV{^ +ay(ܣo& DAEAW j(K0du*Rg'BAd7gjcd),6q˸fBbU1YKdR$|`lå 5f/E;mļ:*iȉH+"a vjq7ޱMhvu+\̲nR;qFIE e#;=XH=~]݀s[͉c>Y޵EycY{]A3m{2s!C*лL0s]Mg|qH|B~T̝@ SW(td sqW~6MK/ܥv>*t-`-ʪAخ[kMZlG@P"CkV$K]_?x5>dz+kp^9jKIa^v#FŕW5W{5JfY!W@Zq7נ54k)Pɲr6cx̶eJ =)\߹P&JUutsbz>- h7Y.GV!=.ۗZe뼏be ϶A`¸OorBw4צ,&zBG.k(Kit"WU{+pՉ3fHm[8lU/Ga}Ac(bUvZ@S7E܉oZ5_:=đ"&2'2أZr& q9X䭁M*|U -3 O-U=Y>q^&{y'EA嶕*JI.Z )y3 P'bnU0ؑwV2ķӽ,IճʽB_)$}w=]rR~7b7?{U.rj<ƑܝeL2;|8@ת>@2V-#9'@P>H{1ĭ3L*_L`~Hv2bImh!$[ו)&q0jU.G]@jbN^eT :/lª+<[eA)ѧ(#G\KڎXe`{fYZ1Ӕ>zT&FgyokV Ϙ yoDRU#|o"zxQۘN-IT*-d⮀;Hߣ%MzjZq|SIe՞/{wc[ + CDuby'EIPL&BZWF 9奡 z˻&WkZz$|$JGW: Wdi2yB|G-[{hV]vPL81ozzs9`%癵=*?vC^AJz?T^({53 R]gI+*0l/Lp7eR3!^$O }zLJ.G| :`^ISx{RkD7k^x PT<8`ώ7/!<] {0i~h˟DqkV/Jۼ; "ZSܹLekTfbD 0!(mۺ t Q嘯ۆ:g81‡ʱBZȢTJHc'!,}0POgOlYg;7]DDV_jA**IoLe/uC ;4t]BQ"AA;kǴ$%j g6 Ktr@f0mvVX' LDdlߑȚlT'Cn3kH.?,+j(.z KT~vDHN"݉bMÃ$B\v&BFo6ü)ɐ?6f*KZi^KoJ}t5nzͯ? KBY1*-LM]C}X P ^vyF &S-ϖ3sDݲk$1)sHhkȾI_z*Ѳy羢d!!qD.l/*H ge6K>v%fx,oױřPmkkx^Z#Ϲv]u\S+ݛu٘5Uh)BuF\Ʋ,S+ D#wgab#dpE|a}=)ݎD"5CïP4FTVxQf+M\ V=QvmT `DZ/Y[죘}F:SuNԇ!a -7:IE\k]f XͳGDSZDi@R:w&x-ntxw>\M#Up XIaGSί4en{aSbtإqOYMޕQ2'kbK:#<_9P3%Dpa⏨ \}q^Q9WuYi͂pǛ9 [t>Gô21- XsG>unc*\Gw9w 絹S˾`,͉31ȴ&~ɛ76 2w=={ ɝj^`ױbJ$|T4o5^f:uJ߄ nt,3NPDGs ]valb FbF{!=N}۳C[^ (B+Qc\vv_s0Y_t3$jnRq i~ϾwXO b*cf_Do|[hWeRm ģ':!ጩH;c~nR]FRVV} .ӏ}"8"r&MUpiZHBݿ0Vm /: F![ uu >}}QŋN\zWUO@F0D |t?䮓YdD C $l0T* YyӉEN} &L>m?-yt#c1A]O5~-RI( H8oǘK)^;юdqz 6 KS_=_:£EaNKcM`[ N*L ~ERؙ|MH͎\ɭ0e0ۃ#JB>0NATgpidA^#xXNS*_eH^lC DAړaF/ʈhd+-szDnh$.oǡyE@wHWtau3#-({WZB DCP,4 <&|Ax]4<#q H+uє7b~"&幬nW@EM3l㮝 lu߷Dn1S b^!ƺo F{:xQ>ܨ3閬 q B;BL,& x$sVmnx/ΤKpY$JgC,(v zik'>_-6*+!!`Ġ~7f1x}!Y0>Ie `06qӯkV2$ߟ2[D{$2jW, rI"3  \F"dI8(w*Ds OV06Biҩ`3:[dH,_]g!$XGW-(^=@XJe ȡxZi+ -s~}}u N fK6o!;vapr‹d=z/O(!"lKuy^`xko?s5gUV V mG2"(]$3 e|ȫBƢ;es#YE&7L:k"cE8UH|>|l5u'mr}Ily +)/h>s\VqΏ.R~TLNȂ2?8; HAV.3swx 6X'3/ϼ bV R4>&p0 l ΆޟY^L-!DJ9L5 3>=+v\a"w750q+FKqR+JzAh2S;ASuщĦr "LE "Y(K#Ui;:/Uۢ x,ӠAP"ES|rf7+Hy!NQ4;Y]+BP0P)iJ`k6d#4\w` |/;>rIlQ˕+dgKY>,MbzGvqyCFrdPK(gWh79zC6v珯^\${9^2{hre*,|9yF[Ӷ\7і"/)ǀ8RUU宪BkDH CZO'칑9>vsJ(w*?Ze=RJKhS" 'ة  Q9i.tnC4߼^^7z&^,RΉOA7d 8m u\C9]L~MM$J@PddUxpE$yP0Lhb_\$翣Zl"-ҿTJ>4k52AZQוql/E(Lޥb'l}Z'ALrme!nptʂy^Ĕ9iw|=aCĩJh`]fMYd֖iV?WJ>u4|p ~YNK]Ul{&$,%>oSyq f7 .F&v-5OBȭPO`ý#I\5Nzk+.\ G`I|\sd![,8G$e-|<$)XNCJx՞-[3㵵mֻivɞz> Rԕءhِ.X} BytٻXJا}h3c9\hXkC] ~е.eR7o@+\f3X}2n咎|x#*t͑)RUMUŶIO3%DMOO 9Q̶U79񤏻 sKRi'3'RC!cwrqUzuGmI!6A%ONb#Is[сwXGL;gD~grEԅeH;NQ}'*7:\h"%[}Hlʷ%4"h)M9I&"7^^(ЫS+3t#d PƟ|ObN~:\1||1NVk 9PTc{^ y#Xtssa}p,!P{3_ n c7@ k~,݃1FY48qk[3UEt_8vP\p+ =A9IG:3\J9.WhL{G,@cgyi&}sVPXoRQZPE%$Hkܲϔ2ʩFcY)w >Pv0#D-.H,G!Q.Uk<,Fd"$ 4[ p3p``眩8QW%"nԠ8j79\koWYh%0 $|Q3{i"I_>p-'P:Yc cK>WoJj%7BU*s J큎z:dz;v!UOB_l '{FK<ˣ% gZPƟM՜? jc̎ղ0fil{/w<5c(_+AﯵTgGxч!a?L}5/WmG?Yu;P!.AAkJn+ԏ3= #,ls:Y'S]~\v%Y)[DqZU0pP2ki,FRg/\ߪdϿI#T7ϧ韋#䐊qUwnU9 H"i =b,}re*4e&ݧ/]j'X4FHJvă-r/bK p6/]vlvZ)!2XkkgB!la-W.$[ƵYZL8mfZXi9o[fu=8|.g(/돶$PW~HR7{ dpHy[^i7{WwAhdTaiEDFd:Ǖc_F2%^.Gt3[E~Y͗-; f؇g^r1ks˗u?XpD hP^̚=ڍY,߂헠XMwǷ5qZ-uqa؅kh!o9aEr"pmB=-Uyzbxыq9 1(R>HpWUb(Kv!'v$\h>cVh N4K6̥zfɿJZF2Zγ?w-%öKn)B\NɼWRc?t{>sklr9+ox>EgpwӺch6,![;7&[4V@2(RЧ.] 'k^VN(AƷxvk,5 \q c{Ub>?~~\NOhzpB=Z+k NoXRWCHFf~RcnQ=GM[_db~c&:"" 3JS9#'z}IwP(hǵroj')<ǧXqBh|Nժuc*iۜRU!%nG5̬Z+G}|a׮ [0W~`]dKolVm"E_Ps]Vd-TgY5Qk *=Rc]#CzRIU*f>lgT Z[@D_ 1E]᱆5/Ώ61\s}uOrOZc6)0 cg3P|Q J{qh5YHcoW!VV)0 ]#XxT|gWf?Rٵ[f̀ i8_C17p)g h?W2rqzys1kNQ0.k~D w3;+V/6o8d"DEy0赗$ úo ttV@i⡦la1ύ#-K'!}ciΒQUr WK`#mq!=urBD4zhŽ(n{#(x:%r" ݢoWwaP^?te:vP@$u^F2f!`K'iĪKc[wpr~_*s<:q\Vn&Kl)`岵#NFzKNYp1 Zu̝4ӝ=~Cpೂ`5 _(OJ ĈmS+rR Up Ud`iȻb+b*?0~ed`M-Ft㋁3"OR3L밌v}wҖCu^U˳6_d T*obf+2҆UVg ܌S.5w3AϏw1#."T2QtF53X?v+0K;m{l8 0D^YAE?vUT0!Ť!L;e6}~UTʅPloqm"]҇\7D0ݣ3{$ }d$]r%+A~sA*Yy:mֻT>tOFp9U=򨸃)XY9r,jV+U^H2]jN 6^HWر4K@]x Cur؈y?aAyg@p";OD %S+mOolzv8B-G~Wh't }~s㻞= \AmsBEys ]owͭ!T~<5oz RLbO%, BsBY%DOEr3e {{QVzi|UR XC50\+H|`Jn.y]c>ݎu؀q+vIb": oSYJ,sRm>L%ş5gqZ?mĚ.րݪi<6 ) A@}X&WGx*;5P^NY]$|HWOMR*'-̣O^;cq^uRaZ(wc}R}@),h ^ ̌C/+BlPZK WmaxM.Ü}"4.8nuWQ=;AŴJմ~\]R,%kL[5$s귒$@-M7s_ ]{{i~P&jE WM++ӛ|%Y` =( + !zKd?J|Ȝ- A؈K7d€jq| 5}2f69}5j]Ò ׷,]-nFxGTjt2vw=ZS؁1B*EJ`+v\} xs}H Eo7 *_2I]NLY`O6_&Mb `\lU&kkiLⲁ9wiOG"ǃQMy_IN̆3夙% ^??Ag:]HY}úY)\OJY >#6,F67<HMϰͳ{l$AYJh!Xhi~#Kչ+EZ,ԒC[Yk lW~#_#xBKIy~ݍZQAk88G4):4Uņ/hNq#hlJTHD|,YM~yƓOKWQtfjκzO[Gz2$4j$U)ZJdŞ⯼gWQGa%V&?ڊ# i8+XHܲ6C;>><^5]Ѻ*?'[9 P;/zfNJ= 9&xWsg_5;t4qϻ$wZ]Vlʦa󅕓J_\; ,1e 'l_y9.|\ 8І>OY)yٕG\Gw(N3.xŘ qՏ‰L0 rhaZ.z1O'CMBYc՚@i !`)e/LhXoSƋqxԓ b͌_ȈR^-q-3@?8 N70?ihWp(=46[QIӑ~"2KC;iޒLlQDkSb/{$Vg .cg/2s~\ytEGkbiqxT5.N p^<D{,ዜEr 3\L{L+y `Kr8hMYT/Đˍyi18fo݄v6T*+E rezLz2?tWO %cE_?wlKiȁFɛ 9ݟawxxK q(%؀Gեν'Wq:ep_B?]S.tJOp¯"޷I$}f *uOi@`ٜ&ZGD\=wMECd*{=kX{\Aߜ-qzqON.ܨ^+ST a?DHιMB$*#2-aKg|mYE1ny?S3~L!@&ZfT|cY;bϚXrD W(\`juaz|;/ RcP~*7'Z(G0!,ۧQzo[p52Zֱߴj \H)G9QZjL˦˸| mP `udǼwRSϜ} Lg>곜L5dp gwCCBV2}].߲Q}xUZYgHVZ* nVwxNL[mI@ %P 6I]JD2a.XDe81%&@)h&rMh r&s"ɳK3ǴHD_ޠR\_= ү*9e}NH f!SU>-U|єDdlԈڋy<3ڤ\'zjcnJ`p- O ?E8$|I/Q#C1o ,BԈlAFy8%E@sF Ԓ3@/\ `06m?5O\MR컬SF[إ(NTs?&qK`mwZB9Џͭ#rvj8 yS> ECҍGZC))e2E՗"Y(iw}󫉲?$rBzj͌3It]:3cb&Eu =&QWLA bc[Jq*7wϽT^( %j0`fXGŎ!V2hNHOcK6yV5bzDU1&{[UJR١KR{2 bjV98sgW0Bq ^`Yz=l!3٭:(*HIj=j_{tzuO1̔\^PBOh1c 9Z0R,}5Kx;sF<=N{r^S1o0CN2@Jڴ,[&q 2B' JDΖKEns L}rh@"Qie2Ps|:Iݝ?~('ft>=l-ezs[!sTG&]k>H4 wfnS9A[W=jPY?ٽԌ׀ۡj;!XR+,5k;Р3s< g8<Unc`m{ mz[I[M6J="}ߙ0J|Ɖz>Lju@Myфp',l1F8G"77#+,B|*G}d^mRiTqlfuZ -]H;u5C]xOnvd/wvqӁԳT%@5,MB'[ Sc5E[cSjp1EaɐJ YsTtҡ,z֫qF;?YE8O;`=Vx\.\ 4ݓ38sn^a{0%k@9Na_[%L"Yۄ5W,orqVs/g xly5 ;5/pdžUw{y19YmbP~ EսZH9GE஝Ν{hpb}ۮo7`;f &"ւeuVNan$Ǯ">\9Ջ/U9yGV sCS|DZzjq92o& Р"JsMds4uP_\im"~Ӟam:CZ ]h DFO<"5d !p281p3,. Xo[: A#Aΰk ;(ǥV7 *el 柉3R[3CptTrܿ&G7;&4V]T1.8i.rGSĞ6z߽PM4.5`i{&biT'ñR'HCҨ2m2O7½Bjn71'R%թlCċlǼL(V @. &Bm\ }FbTQ U 5\ p \t\w58KD}_szWI#V~y+LcEPqn&iJjH3 譿`bw0PH2.0 1V9ߘ8E$}TS /7 Aa;xGJU;sX:L%f_{*ifW>B}D<\0:#%l`lj}NO`1XBhP<(J!b.䟨וGQl$aw̜a`$3` 8;vgȐN:v!9(n\8DB/bKG|\IC%?nuELz1~#DZTQh覽h*pfg-HM )IYcdQ̬19:35Sd^PYPExzS]'`pv/@R.ͦ-&'][/X)]N(-?ܤmG I+ rQ_s(nM{ Aftn(3$)OS҇Nh@W?9lH9`'{=@nN$BuO~sdϠ9p &ŐZ)PqZDTPDd&X3. Yؤ l]hGO.õĝnj`0~\.;HQδ+wWl[7Om+w&0CGC7$ΕMQr5vTɪQHwD/H}x\T$@XveF@–sHTcv5⁦8yq?Fgޗ4xIJr>*!NHЯ]eP>7>%ݱ$1M&&ySW%ʨ{feZOg5ꇷg/h`τk#?sl67g#6F~&龜g.i˜V<)@Wq;űu.Gp1ڣo0<y9 ky0'Q 6H0aKkWrsj Qt]U(]8p–Aq@Ueܭ+Sru G-;G܃ٻ(7y9_J4TOtT⒍dRYMxiiʯ!z`h%mѬmKz*v8}|:QؙBzjZzM'09Om$}dBT7T)$gBŽ=]bޞZ^^f(7~E p)\a|| SRZ$h){̚C_ˢt't[MM M^4eZiL{S}~>ZX,\7W!eSE=Nw1 O{6]0 WW2`)/c>-0:>sd%jͯ_tfy}BP𨯬`yV71U Z-76 S|v%+eζstemX7(Lv$GVƣ#EO\1!׼+Q_ߗClU#i1}W3+HxJ(\d,U}u|\% \X0PÅRCRx@ h %5&@V )SW*uSdIu+;EK,kMig,kNedߖ eغuwT.6DIhiFk6?^XNs%[cA 9ƈhcqzM0iukoߜ&PDyK #{߉R#𙐲aK2:t'K#2.W G(?H1 ܟijR䣥 0QiDO /0ۦ,9͓؋$*)se )=fM0BgnqL<yɡi HDh8ZOT!GSl:6x˛*:4D w?Y&^>"Z7+ =C 5Τ@f;Pd0JO8uFG+JEG<3F+=%,TAQk6/LvrJ-Q2\<Qig(ܸ6ǀtΑmN:nvn l4Fsy~:o.FH\iB =h^M)y$Gb@[nb ǽ(HasXW@&:W`= c[|lNÍ8+^ƶڿN⵨zDm\~ @f,iIuOAo]yF?GEը6 LD5]\ `D*^*g9q<UnyD£88X3ݓ SX=ILi^0$(cK%ZB,1Ϥ_fli%mbB[g-a9kua .Fx[kC̺hu[1m&eC87Wj;#GlfcLJnNDM=y4⫙vbJ9s@%u~sze_xYpy ^vu݀Ӵ/~W6lM\ *~E8-OkKPʐKjۆӧ~c뚲dBHե]5 ƂaN8$kڳgnD ?+Gw+c䣪pP5t_odM%tKe9pnXI[c^E[1=qr*Îk > U;Qbσx}zޔɽ[6+fQx]@;&)7jAB3?i>('Jty0ᅜdCod' F͊;#H{+zx3 ".7omVwk8,,Z{uʘϢ@6GݓRcƌhJjeteq^9'4 y{Ζh(;x-PoB `j{؝ʓ9 MfRm;Cs'WV##gkfz%^)4`fmon|2J9KS\?| oYѼ) 8Pÿ[pQŇp+QЇK]=ZWsàwko{C~VՒh7ѽ-@>áJBPIի_B%s6f1הI.zYNZ'\+WgrAKڤ۟k(^lzx&|o7C~\,|^؁ˇ(sxXYex8R&C)yvhQaEf`x7"m Ejz] >͒,;٨}58P8hSjR_Nn"tDD'ݝbUbv6yurRU%w!oNAD*U4ncuDV7'}6/_#t#Ex#9ZC:QMo9r?|:XTU/ D/Fic<ۿ\BXܾ75q5rëyeaA'3) t[9O6 vy@6M?I2yHa:J5KOV[fA(;$w MEf% qՀfTvvfs@&FkB-Y8ŝ`[ e`3@G73)G qZZbu|Z4+bk"tJB(̺(DOA\/&y0}v(mz򸉚m "lKS("狆+!\H"fz$PwyVHj;ւ{KVSnaՊ ;U-+i:!iw),uWĄ-XG'X]y'XXᤡDi33Hj8EEQYwT{#aAm-VG sC)n^xXMj$k;xa,zb|w҈8MbbEA~kV|$_T=*ŽzTf^HVqĈzQh,"'zVWo50 Ɩ#.&nx3%Ĉ}"M12 ,u^>Qi)[3:rp)!Ξ :m~id8,ȠTe/}m9a%י]hS/31qbkx^X{M<3U߉l} qSBVQ,8%`h97=>lPfK8l媏E6tmAYTqB!š-fEu蒄އc(DWk9dt=X:1j,.d5(|BqZ,& F~H%PJL0bFC/ˡBM ל^yCZ,EyUY22Hzmm-Etб23Z IzPDP^FȺM!G,m#-4PUlygLp\BC-&4kY>R`CFD,dD|6O栈=hωͷtѶͤk$tL Í 'h.OX?YM$E{g-nC⎿>w_*HeE$:Uײj.Sdha( -kQQ`SxbZS\EtScUh"ٞkhi@ċRipEVvad.1(XayOkLr.1rx /xmY=;?og[ ժY)M_:OPHh`6[{Q3'yH9\kW*ۂ.xo\ =ĸgc}սXt42+G(Z<-/Y?_t=j3dɦäd?g;P;'ItehyZV{x)76G,-ITTNh $ӁEZw7FLA?+R2|Xكu] T4m 㖨ɵ{SV!i%=x"1G3D4@[M}y1_^*=t S#ҚͶ3&CpGؚ[,g!LG8(+/#C1 ;w{UOoB\-I'ԯlQ?(Hr'Iwo}-Y4!oK=Hm!1g`L,X軁QDMy:o&ɴp+S\KAu vN킽d 3B|mBK"A/6h1PIQJ0'#n1LN4O+2N*i s5s SxTYydMhʴ"!M)[s>6ˤ@_8#`s kH.eHH5Xyf+[TTմ)xPd[yTMvFn 0 Tٸ&X-ϬMNl{ݪ-mL*pC8uKf?R3D# tWKo)0gq[`053m*|d5GQ//~E;Ե>McqpZ6ѷ';.Sk-}gVA$=ŕYdw9S`[s{VKAgiCGoA!`Cn% Ew^,B_EI-#LObE_̺B] |j G0YD[gJ `iCx#y9$ykeZGnRT݇Mن34c oD b!VBD/-} ]% K= ijnrPjr{mݹ`}.k"tA96=e6K ZfP]Atߏ .Fd<8k bA>,,v];ARC3u |( lS&ңa$|)HYNN!V#vګ >{:r_}Y^K=|ň21Ͽ[m]z8݋@얬t@mF챈rU՘^] lfd_X|#)OO8q+_`xõ4lEUoKЦʧn΄:S eRؕQ酇kKj;5켆`X IS&~hP|c?q+>"Y89r2"Vc9GcYu` >lVbeYshOe5gK?ݭJZ#ԪkswQEq{P:f AhΟN`J YLkQ/L;Sc"$yH+J:<WƦIht ųjB^*%2 ،{N=b.{}=V::9[0[mtS_RQn*~$cIB `Y-7r\E#HV^Q fFcRva^$>(,n;+JfbFT[tg+`uLJl\+;Bӗk%i!G݆ xY]i\:;C.WGZ@6SsTV| )J=-A+BiJ?Xz %Hd6cT&i"xb'72q L}џ 1{;͍+I/[6*lEb 3hnG l1sWj"%0;m[sǢLK2deo1SLVRX)ΫwNzxB Xh*4K3*:EIkg71J;ѰPusNٝ*8?ddHZ51wF_(Yƥ8ΏZ0<ȶ@©J_.(’0'2 oM|$u8R\ɟEds3|Yv:.aF& m&WW]"3y0DJ:s͠m2EC%u<,.E.PBGfh2䋢Tw8vMѪǮq/'Ȋ/zl\=lȩn1 af르~% >TA飸 _i%#$;Q[WI!/Vn٘a0:!:.y|A=z`ՄKcq UQ:0t#5vr E 7[_xF%F}[<zgT {uT<$vz5sF!9TRaZp:8jAmgi[#~//rT\WU8tssG֚JL]gHu$OE,!ur, tҜxe!#p|M덠΅{y̮. %L|ϙ'֓;X-hQ@V2$Ջֲ(X\5> :~.qKDRS_w,.2]|jjqp=}]Zvғ:-]فZD(f7 i\ 0ܦ366D @ՙn4>1$-\Z&M-Mi<@I@l3I.zjKl IPyK3I縞"z]N]qMQ 'mM1C^ 8K-~_i[uht2KVi[B?NZ]ѪT)SttqNƧbFm;dcҟ{ =ҎiCDA6''4$'; oe^qL9b ~=Ǩ K̅Ycf|'Yݼy3ɮ/5SB=b֚7(SfDjDQ{l rkNL\ :Szu*@C{zz-4$PŃ5Ð9qYy9peCнB16{i]D3R-Ipxp8d€0 'jh$3ce76ֻE>BȐ?;[p:\s;ǽ *\(JS>:Mq#-z{΅́[(+_~ hUs x4[\<1&n 4bVh[܆؞ѕGj5eSޤr,ښ >Xk޶feY2_'XgGA끀Sk/1#cJiHE"q2*ݬ({^ѻ?茫s+!V 'ó CHyk#eݻ#EMl6:l"8E(`e'xKGݘv $z`Y''Yb 2͕96 hLO@@} "cj%LY?iHfiÉek" :HUڴ'ohc#S| _w-ɱoHM|w0۟Wz8N+#'] f\r z=&G+蛚׺ںA&ƚǏz͐`*|KdׯUb.$=ZDAob9K p%]E)6+{L#/-k=c7hlfJA~-_N3Ū=#=xXg:;3ֱXgCZ4S{|i,!q Spd!EN@l(%/[]vm+V+8#.ϯ@yΔP#k&6o@78%&"G'MmI8UJ?K*2Ur6DT!O/NbXRak fR(ѯBjIyջ'vDOR݂{Vu8QU\mqʙ8[b`G6oH_gF~TgVSWƸ=}`l]k7qY]tyʄݟ>PdHn$M z +?}p e7#|1D.XCXi~-ciA{`7 !!&ʏ}]USg\uq' q{Џ=/Z0x%aPԄ4:SċJr7KDgm~)}ϋaPX=[@CUs{{Nsvi-W:ovEi D)nM([BV^Jm/0>o.;;;eFEl߰O{IgG|2o8xj>by9uoU^В|+ L۳W"J)Zj_eNրg{|T/hc1"H~{ D}OK Kn@b@7(?Tu|rV)6sCzgRuu1o$Cz_i'u0EXabfkQ7caBESF˶?-J+Z.V pAls༿/8{|P 0B B$kqE(< !?8zC>l WDz5 R"e>iBЉN*jtΣw{ *b9'c+= J%Q0tG%ڻv7T^JƱ( ;M8熹!ڮ(^[pLq `yͰ\,)g-tQ"Ήn%u>'ED#l񌚤,}nWvYNĠ ('5Q`p;{D_}vHq&DP҃Y@:*` d#Rэsb@O@63@0 zo8;qN5ATy4"3?L~U:r!j"*^c:V!~ Xb vgьM!5D:&g} T]v"wSs`gC6l%]yffu+WD,? mP}j^h: EW˧؝3yd)ZhoҴ #kB9ȃ2`۷X҄QB޻5yo"ĥQ5]@։i}/C=$3B?# xqP#*QғݏvaKR2a>q%"eK[v4+ !z{,9`zC>a%YR+6.ArƯ6q"&n<ݱڽ4 f&C]rl)L([vM8 +[s$I]:9 `1ɱdj}"pk_H{7de?76G$,Fe9DyݯAxxg-^Pak$C8 eA(I`ς'cȷ.;fAZ 2/֐ݧ51M 4]|~ṿ,-TY)5`!? zt@WKX?],ugnSxmd]+vY"Ykא;J! oAß@EtK/QttO_(`BsŢc:2fbq$ y^pc2<.+-\0\th)+}͢1 %B.cJ`ƹG64jsEI؝G_Ks FO@tZ|LNGIҒ[@n2SY] W>蟺*f ekԟIe7|5yR:ck2η0Z)F<` $]_ %ed|ȿ 4/ x|8-H@3;zB a+ <= u}5o }?}uلG1?jMn/N2~%O5nakV3 ̦@P{PFIK:ޯp9'HUrFmQMʰe 43E1p~RتNIҽFlWD:[`}}un HQLv"'_IL}LrI*^""NS5Z)Hd. `\Hi&G'2n OOz/'pr@(k` z01E,j7\;zrx  3ԌS uiΙ~ _op`,IOPd]^Q$7FrnAGv[+w?8/TV ! =֑pp5r"~ٺhӝ7 nkmX{HHށJ q="& o!``hpΛ1CCw#INAN04_+jkTohl7{1:Q^/#͘rI*H0y}_Ҭ&<]DH͚-Wm>hBȊu njԵ>0yM mYQUbJӅ⎀*N) > 9i_rȖ]5# 4#Yj̙nVU:>aPby3>avFp z7z/[8CTchyeaL-lՙN"!_ >Sd.P/HHΡ{O+vqB|mȒ l]8D RDž _TR,fx ]1i_VFW=Å2l[%:'́i33JߠكZ~ o䃀7l&X;9"+?H6xEN:2 bZ1%W<qp5r++<+яD dxvÕHzJٹw"`}ᔕ.6mA+ݻ@oAdq]οK&AS;9*P/s:J? iӷo3$tqqC31ziE?R-QK^dz`y]QGNkfV_M#.Mn!DLgBٝm_$g4z͜iqq7lrED'C[Z2 1?hۙz&H%u *ENTMחL+vς*F3_,퉇xi_;2tި-O]銥 +|?lMbl|̧m|ݻTNi%"Coyp*N VlT=k{FE]T\U+)OSr[1ah@ [C#]<:[)J=h^UÔ>jg{yjgbO̒:/ȷ)K:.UAJrTDǾFo!bt'z>g\@GM/x@;쫽00E(M+EXh{'5MY8 zd:1uߌ7@0+7!G-ӄk̲ナîvшONn߻.:G Z([M-1aqQZ R wE*{oyJ;͉֤C6Քh)m6YNBZ 3g-jNJa5Ar/PoJI78Yx|rqlEYUY$aA8E\AUL6gɠ $pە !S` )#5=}|)ʼnAaHZ]+S$" L[9o-2KjG̭55l,!۔`) wc!aXM#z [gcڬLt "!.[Zv}}%CixRYn -?ڽL' L Mq[ ܗIJiK0#C:c6p4tnngfmF!ǭH߹SVi?uA iw 蚯gy ~!p mQveTVr~1zECfdXl KL: c8uscL`ЈDfZM}x|h 0[tU(/$$<-Š,69?)yj?sd$R Z˪ָ!smJWN Ssi1eEBƟ&S]&.mA΁/]\%L[ X)X4U3C pNą P\5gRSOfb1ZGㄊPAC22ST;P)׸$,8͙qN>;_(Òqa~D: 1zeafSJQkp P#NT 9t–8s9$C2_GSh+26BTZg_ޞ6ؽUp 1п5~I+g]JOZ|h[gb"VWI_U*gG83a 1T&lF7imY~"ɻHnA}wv= Vaz7C3Sid~fXwf7 w 0oBly\=x7 6xIL\m/PU&(b},9*M?TK?R)5`՗Jh ^er}PF#=xq] "s6ud3nihnh88祅&"w1d |Sȗ 'P'w@agЁ7q3(aU0/kwmP"0As'?ޝ L^#)hx)uH2=% q2y0??I:S/>cJZ0ZՒ+7ks^}9z7ijP9CM8Q Ъ?onW /7x28%jWW&XLN;=Wvn8ȗ V0`qJxc|N'aU]2 L-QbniKr=d47+\ݵ_iI{`b#Z,Szvl5VBn |mü ` ׁϻј/K^Q6cVDܑeNc-a I\K놊]h)褢4pi'LNY!,tBfK Ou Jn.tJhY%xQM$q<7*N>Lh>}+x-f4KƝjU /;fhP|i >Q!4PeF0r/ x^ey3<ػhd'WXR5M5g$"p%Y-FvJ&Z}.e`|}OW%FC=5rZ2kT4J)X>GAKrZȗr~ (8Q;s8NܠDZ0=D߱% u` fl)WR6iľbk+S8$YtĜ )1 /^I{NO"t;{\!,1OGJ6XN$5WUʡ8,Pe恛>R kD~bS)uO-Uɀ ;{;|B'fb=tT<Ӎ7* MiR:m#j!OpMMؗ-XVfh+C]<sӗfO/ t:$/GH1H:~Lef z5;@-Ux. `gS*Ϋ ,m)$~ OYy Ed-ro!thVF}дj[+44I̗6% mS5#JgE!@ 3,: #,dj'¡2P a )L\dZHn1SW:.pLKE 0G5kZV2ڌl,ShC#L+Ij:.a+c7ʯb3l+A,Nw$y+&X1oeEq N-TmԔμjA3rW)r`y[UCvo(e9Gq8jTTZBOq= &`q։3]~Ox.a#l.;61H )(ml P?s{4KclKpWoAw;q EC&e"n)677JV|1&K1׭)z{Ѓ4DAHsR2];>'_Hm/{_2| Mpi lGwvM%õIJna]:B\ DYvv7?0HWNDWVX Y})g>Yqmӗ4YCۚ.lMyEnGwR&4mu&|̙]U P!A ȩܹnkG3U2)(A.zC=-̈́Th|匆'DMH*{52[8VuZ]7* Q m({,j/Xpz ! ޡ} e)71o&/hhB-ުNSXڔ)YoR6˾ۥjY{7nu uPt fI誫7eL PMD6 0"@S!H3Ib4Y4!4`dEԎWz VJ\lCj7Zkt\DvlpwaY VAZSń!3 UCgl(aP?RsY]*xfugYWm݊j$:+~>: JA4i}}O=>(pH( uߥɻ *~|OF-Nr^2WK|zkm~UEuI)7aPvx|d:GVbni*ށ8BSVGP XҚQ/ܗm`8 GT/uT (.^ eRceYÛ3?ھ,hGӓӷ6yD Ew#-s;}0wOwHPf'k+4J_P{`$ZS J`I/It?ꗗ{b#l D)R[C؁ā sbMEL_LU[|9ZChamSJUKR汎zSnb_{|f#v˕;Y V+vSsK`Eg3m8uFyr}6'|^knm0&IT}v?A7QKF> Fg|8:|O^coƸ}ȗBȹV;BM>iuBoVbs!UkvX\ 'kèyZ.,VS$_ v(1bhB" (’jQKt4 Zx&$~fwӾyHˤ57QMP@<{^vy7Em;WiT>-vR;fvxx qBFTy:ƫHȁ.ʮ(=|mB:g_YoJܡjhc8$8Rڃb+:r.XS$5^ֿw y{w})4 '?*+Ti`d{PÛ鶔fxqOS.2i#1Ҙ!<;% r'̏&5_ k8Ͷfg6f "4sأ{ִ6'kiEZ0dθâta8 gh*EyBkF,y{ Х lgY<HKW3zLfg"xp\>-J)~=y,0 HIN Ɓ<8~6g!U^GI,y|v*:+.~T^e#_ds4?#F@sGsB($' o7딷Z,`DH;N-t+'P Q_ u| Iu.ɲn3y-F.8r\m:gҹR_8WdM VA{ |k[(}Rt?GaTUN\!|"Y..x3v2XOj ^ץ0Uk*hmE|NU!%^⋛5Ɗ+EbRC)x1݆$/i:16@r6ΞcyJQWdooUSCl12'kRB>~#C4;Y&mc})i=h2C5W;v;~ѽ}̚aZ,^f/gR#O6Փ;(׀ c_OZZ ,RRg*`gJzGNΑ'^u?։uaq}!4L0^h"wSf]픸R|) W>cƝ;_3?E ] l AE>q?B{yNv9X\B׉'4ܼ3Púw]`[YCTr {mOQXm@Ghiu!,5{2ESzSr󛘸fD,Ç(MȍKvm`q yρ Ng_r?0 AgN T狉?݆cQjmK 3kdOGx8]4tiNhw9ahw9; yx$VV8ZyD,*ƙĸ9h$6. G{4$w|$i캊ڋhŔVhaiohgCѽZI`z]|=JF(^mZcrRoDh`/;[::"%1yRc,jDc'u#7֞grBaf'w@n8`-[H{OF||Yh7㖊Lz`PNAcc jf_h$HMc FA܀lp{BN!;lH[Qm!@Arj#_FS*'wsP$Qjf=c· ;H%#Lm<$?%Fk~Y;  Ԫ,Dtј0k7 ,ai;F.jE{Xw<IjL'E'@RqQ2>ψN}o9[<7ܶxg'^\u ,iRu#<p+KQof<jA[ V 5'a4vj@m^c'\T䛧`d2 lS@e~iu6BG~*Gs$^ !R3%w؆ ߽+^sta{E쬾R 2" iKPGbD*>/"c\dz)a=V{j")9"IԃFאJ|;};IL@ė7NU3OL5.o w5 %޽A׳k>mkZ NnY!̐ROÿa: &³W40K[5h} Jc/̷{7׉XOuSI:,jibgV;+jp&,FqO;()X']˪&SEyq- H$@y#nU^7Ac?j0 A7[7ۖ ԝGoZgKp6#1}V6YJ؟w<Km9rF,>Mrk%S6C+`vfo(h_~1.:$\6dCljS D"hB dL8@6nI8u{T8|F0BOt`1~K kɲ׹l>E'72 7̏9j fRxvy'TOжGP),T O 4ovZF({SpaȆI6mJ9R¦9#XZNDA*GOլFS5Єכ_t/ "w%&̗lֱa owP.Y.mہz\C ,œHAZ-/޻1YbQ<@ȤovM9V.t\5Ҡ+pu+͊l6O9# *~H28_nbGz!婰Ttg i5[%|gY9lwDj9G9] )|wxL~ ΛB^" >חYm-e~)\׶k!D"~ү4{QlخJ`MSW^%F's~H K"msZ eeힽFzxBa2f}[j?QC@7#An赘x{ mT7&澬T5܅/sU$¤KDTKSS`L\ cB6gsNHq3f?Qy@t05yMn5U ךHo`a<.wY &?2v,a57l2ri_B!z(] _(uc։Γqm`ȓ@T\N $$?SGK^1*hM ҘCϚo :n֢HI,K `q+ExDFKHѼ &lD .2C^ءu3A>ݠ:iA߶vxZ7AĔ4s ̑/(\c,{LG閔7^m@Wv3r ieE/eyӀxbu#tg7ޅK֜`8L]^2c@3cލcVE`:'iIϜ﯊7̄rKBmܒIPHmYr9m,lo1$pV.s&3̛-Y]VBHF'O'J%Pϒ\%tDm)u7h$WocJǞ%Ҷz|6ws7UT488~\OӚ~ΗJ-_z$Gs߻! stSt;`;ִk̖2(60"FVFU\rd'k^ !  %;r|)$=q^d95.h(<ƇȌ4V*1oAk;[fp#H0O| })!yIeQ|#~cC^ˣ/ Ʌcuu3~gMTs?|U6xvP$`܀z[֏e}/6AkCH>!PH ^ h_?ރGn7o|cZVg'9QDY2;XIvmS^}F\/ יt;L#JݘHG,ho,&˩lBc`o1ZPLv9.@WnV.5*)PYl$m$ ^/O4koFz (ɔ^gݻ\o4ahc;2IBr%FhW,b.=`{!t”5/AM86)Rh@B,GV2hE1/ QG2``lmb2G8Xc{E3xr ʺ7T󵕡VZEx0mxڦh(ވ*DZڛ}A/S .U c f/TA.ByPaxxHǘ\Vw #c?LjJFvڻuػ+uaH} 5*TLI2$P#&c}|kZu!IZh%6cΌwzqZkŌ V@EpKͪvnf 3eE%sDp,Z-;Zs0Դ4aB-΅96ѕFտȯfz4Yaa狂btx.U8Q|srqsr>q9K ɁU|Ev# LZcD` PwhѴYg8~ok!0^8i~I# ^Al9XR- `ĺWɴC@6N%|xSDkX"&hiOE0,6Q9Þ4R'gIPLdEhM=:Z a4Շwȣ& Ȑտ0u< `dv}4p|:~*X rI eᯒÆgh{SH@ Q! 'wU8v0tFp@|Ukfn)qncㆿ xk%7V^ZOfb:t=ƃZIFF4)%:?% vWu$b;]X}j^\váD9JqM4m(qWdvF}Ɵ$ۤKnCDz'f0*<jy+pM18_#NtMjS+P6ۅxо a+ERlMX@g~(oL$B#e'.,*9ը6 r+QgZSñF_t86a:?Be8!5DUmLʥ! {T}ɨfx?9jX JKEJ]HrKR%ԮI vɿ;@Ζ~BIE1.c9xȉ`Esg)0m:C' "KZ ^ʣ.-o@ۢ2/S5ȗ\[W_r7U٩B:jgd܌#3D=݅0ӕ?T;[>ggp@Mh2}ኀ=74Pr[Rl[G<I CvF%On,^L+'r4NxPV&0хy6#o<(g Tw@U=89{ W R   #.}8䛾?*zxaۈl$]tfUcȘiٳmm-1n1MV^_fɵ]Gn3i8ۻbcL^Z?9Q7%Wu_?dW@EN2$oMNj犽wr! ~EQvxF Mo=u:mc&e>n7t1Ll|V3q G6xY]C8L"OdJ]Yg1o_#E~Bb,a[E#rTXaunz+o4jēm2ZԲTnBml"Mڛ?40H}2UUT3gR|GgXV%ԛ yLWUgFe9sh쓭U=_Eئ)[8fE녍fbs9'5mVδ, "k ԟQrL{Ljnq$EcQ}"Zz g i鉑2C-ɍkpO tup :a>nT3\6A88Ӈlj|#@|5]W=QsPI5$TT}+9rPFf1|:̳ 5׳+mS1{R@Q ORO 펏]䧳X5]Em>b]uʴ [lǮ罵+V8[T`frΝMt?ӊaM>L2tԼn!`0Dp߶QGH%9m5`~h$ΜwnU MD(A_5Cz(2j'ꁣ9}N.@{4K<L"[,EHS3(vRTh!yxؿ\ oѮxC3ɦ 'ѽS& A&7 TTUx:9R_oU@V`$izr<ҳBK^\L _М(!Ѿm39iz'1هzgאmXF cQ dd[ȕA}f=`fcbl*=”hES/޻]l L.+_sg)| IW;ɐN-Z՞E7H5> J;y|IJ(5x/k{1GY@b/{i|}TS.?U(gfr=b `C~Z8bsL +9O2 43rpZ؈Vԩ+ʴg.4G/ùBSư M/mg Эϣު ^*ǰ.7]NUlWo8a^ekaS }aÐtP:P\<_ۮAqZMd9.+PTv!Q8,ޅE- 8m4c7?!/v̝l- a[|@B=>Z5-pAQqBAC-4TnPwJW=Od#EBӇ?hƔpd: 8}yFXg*痩`$qv(k?$n(Y 8n%L_{jD>2 l"~02>F'Eh'7.K\?~UvS׃ƭY6d{+I(==s%m:2P0M"¯+zv%ktE`!&CNc8[H -}\>r˝Ake܋I:#VZ‘â+HAcG$f,+ޜQd ?'NO=3_X,—5OzqCE LZs u}^/-˟WXJh"Q-72Ѽ3pF@aig3u[`$7PT}*O7Piv9' kYs@=Zymf^RzwǦ1'&t1+_&FpHom?@MMXXUm6>M9/[HO]Vz֍Kl[BYy%cu^K5tA ><㫲ō]N}_־$ v,@F&$4,kdrm5!Gq^ w|WZ뭒+@5t7C*n oLiuKdȆf~<, }>2»;Bdd=0Ezلt2:߆MhzKn;11]CG[ACxnx\f`% Ҵ><*p^#!}GR}#F-h~@vSxPqXs3~ї ܗ~tzVۃ>J Ydo.Os$q,DZyojڀefV+Yݺߝ_@Qn\lR7Wa`|Dקt~EFi>|>~ngYэ{"]BwzpiP1ޗxGkk2?[NM 7m`6It4:X>30f~=4ܒ9FSA^Y0k?S;VJѢ掹raH7"g=aǰ&iyq#dcmdg^G|9.,>ު%*(:r {ht6?Dj-9MFTe}sT$1pY,!z LMk`;_-OP qR)}~y/y|⎢;Cy7,=2ǯֽ> Uv5utcۻ[~)ObdUz_ 2-&oio߆Rʳl<8}wNe GҮ##-W2 Q+ /o?e :o4[DC%Pޗ%E6J֠D/rKimݥ"NP53 yph ;;2%;*s3r8HP]+UU/䙫8%KZh$2^*t%#Bٍ;C%qr e/7#)J0r?j%6 cJn4нoq4 8\l~Ѵ(o~CrDTzF$ͦzM ~6 .שdx윷/-k\1DՅw2*5S]td5/G_4 FO2}i#PVhnKKe,~YC/lqŅ3/f '0ar{JAtawwe!bFdjS{4/dCt-? YBc=ÑǡB\ Pv=r<*TεhǦ6^D:tVyR0\U?u3[ ߓ ,I3l+H"S++l;Ě&US]%d-Xy6ZyNv r  MЖJϋjX#h7]88/Ә0\KK/?چBUȎyT~{>a2f"!Ǹ7MPzhSMSMmOoD_3e Q.#+ؾȒWN Ec`}h0 f40ӡ*t@*׳ ^Itb;TA^0 B{Noxo䀱1'.ƱjJ5d "/%)\N`Wf hlztc_ڊ-0N+a >9gpF#Ww=ETL1-fӀUJЄ@T 5ρO|Eй> ~0M i_ SB4K!y0 +OWܵ3 "x:~P9߃ E $k;: &TZW"~ז_^Ҹftu`u9z=QZzhE1J)։pROTǯ)}+ s+Ƞ=nO0i:ORhaa1uTJ? *h _b(72xVjRnE5кAJ֥Z}l:> v98pOiRQfXܣ3ў1Γ%?I9ej غ^B׵@́":Y&~f鲍E؄ ږֳh1Uúitރaܬrz]s ,sf4{p-cn ïlg^M4H*f>{QC.!ىۡP+z KFҢ#񩿧ȫq-nq(V0hM/V #DlhכGߖJ`" vk'que蠅|Тv [Bk:!tuUeSqf Ť|PO:}xQr'QRAwu E/,iVo`1'OM%ZAzmWBޒ(@ӥ3vuC`lk`ubJL/UO`Qq1Q4mt#6)F?0cag^z _pDl8_,I$cu,6p2zJUw(Jml[+^r1hܝrd g׍_JcЈ ,[*Wq܂|wV^*&4*A'ilM(nxkt#H1 ) FC!n̘کOgªʿ0'񆃆LeY$F| /L]&&=T N\q#?m- 6dC# -\+BmH൙啋DC AgP>dv:y\ [k0O?ͭJ'bW2rOfS&66Ϧ?f^( '2~9Fξ |hGlR-Pr|tSTA/u7%Ɠ1dtapHw$4""A)Tf3SOl[ܣl恈zjDZr-)䜧2O 8Cf-BaO & ]{^|.=TFf%Q |OO2 U?W_HNaBoF eޕ`(<wl Ge.`-OW-(3Xm3E^m$K_›IP8]@NǙᢉ?r!KNJSe &'LfzF, ᫩Lz{ Wzq-aPذQ0D5^DNSqJ^2NG{tO|XJTyvF=G>?CLϵ: o6n- t=N!7X;:e{E2^l1)\';4v8 Pԧ<Ǘ r.!Cy.8a-oa4 ƔVW.݄D-jxqZz{R;7ϭ "u;c+yi^ "E$®ʅ|̼)fH>wb {۔y5d,hP_g(Tb]_Pg(M6^pYNl1cRuw߲^`NЮ'VOV<1>K?UUL@ΗuTΐv 5M0pH<-fdlaX,ҼOnT.e2Qfn͆$|L/Y=)ǖހqdǑcޕNԵ3?k=k=O#x%ޛ{vbugB {!qSv9]>܋MM#wD%~LD8yjg:l83q҃ɝN^S-';aHw< piAŲqM_``t=ʮ:]93=@@Εص^ºC#j/ _9k+~EsTj%sWy *|D.]Z;^H-T;z P`uj(nBRsN_Pi0&q>-TNg* WpkX52]|{k9c* :#$lWlQoja+CrSHe.O?,u=js:Tg)]JU- Rq>Eǐ! BXh>@v`x/aʙ$~|[")COs0/Gux"BBq Rߞbȁe>az[Crbc7cKVnr?֡1@4Дw~°r=!aYN Ҍ(=:'h6SMTG&r78WT@==UoЂ7vѵ1C€*rIu3+ 哢3EM,Ehu,^{-.E;RCQeY%)eZq`e5}2?Qn&xȣUKa.Y Dv!+ PC1qVoWsDf[0-LBn?X 8LOT kҔNn1t+Qc'4k¬L횶a!'|H?mňܤx9*P,m Ӄ>)f#:;{^hB~ĪBXAb5y 5&xAkyn@$kF!ztmt S+!]ʋV{d>z&Qv_Pb\ +%+IKq2rDb{K(0Ng1~ӌv?KY=ppb*0meYA;a&YD#t>;FiP(KAHg`7x.ҁ +_r ]䓒cKvߒF5# 16%H dN͎'8ӕx7!0LU:yYjr\<zo73g=(h.ai `ӺL0bu}E0_L\`1sJFa͑T(3%}Mhyy/mZ9t:^Y"*n5D"Zr;h{+x[D?({ -ɔ =]eVY1be"D6f,j X?/|(vZJ$E= >ZGޢKcVxNtE9'u5jW@mWݎ!An[v)Ѱ%f &U. Wط 1RDWU#!\88@a_2 d9fϙ-AdT~e\TλF^:ɜ=GԇFĈ'vޜOCkGPxHl+b+sIj< ǭ" Vcr<=NIvoRUD ^JNώOc\pXITlzm^6@|lm*pG.~ e|zAM}XӋRDc_\J')eJubMj>HQt&[T oтZJ -_9Spe%e%$`+'A-i`:+=74 Nh*@tѲl(HɎf} ~"qZ h =axK_;B5hLzyDEIUg:)CzNhsL'",$ltϥP?_({%0tnlQ]_%U#Y2SN(/m.%Ѡ?ZIiR$d@院Nv9Y[>b@X3fJbJ ,Xj7')PfDZe92o@ŭDtXxCHĔA%H(FnXKh.-*f77J?9 dZqsD1냗BOe~o>%/T3:%l76 };SrS}bΒJ< i[t&^sm^zx XRFzC.$R"+ b`]4i3xq~ނ7kz4Lsđ}}aFAo߉gnR4µ9K4q$TbUǁ1 82T WmƬ|rZ*&f!los.?4 5@,ZYa{x U(0nv, [*BIW .hbb$4VFvnHj!i ܃CDm E=s9w(r 5ֲhZ+gXBNvY$B&6Rba}NpECgB@:F=t֡~/'"6S!AXKK%m- ]gPCx~ Y ,OWT:ɨ$<3y)]6q^V_Woi C54k]W{#d8`yxyrYX9E._V*3Nèl-k} ftsoCFmjxF&3]j= f‘miߘP 7etYc':&MtX%̟%j^<.ㄸӞ^rz -)l$>3hҪW+(5 (i5ȴX:v7)0lfɑ[s>)leX,n~`Rb7t1*Q D7Tfv[8IQֆ4״p9IQ˘[Lu vJ<$?X!#!i;e'rd &>JN{Ta3.[ T(: ѽ=/;{EF$ ӺWRvhR둣"u{!ts@\TQjۂc ,X-d4hLQ>CNU2wy NBbI'*!ZZf9[к=.Bg 6HNWӷ ( W6QĪK,৒H@.PV˕q"E_Q{IAvnV7nyK3moo"^lg5fi6;E,>Y7Skt l: zs[[6Tel>rgVۺn#JU4 ߻1*w.!ŬKIVvoQv5ޓ+"=/OT,+tA>OpPǢUxyRhrر p*t+Ô׈~ؚY7w)|] Q L2NB"k] xdcuczC.B#Lm[w0N0GIOj+&EHW/l3 U-^掙ѤaϕMbN=Q2p(۷5E6{I#Uqbqr @&?Pפ/E Xj-9g­WX1/`TڷU]RLjׁ68dW /zU( 5/`R)ѡC*0>Q<02GN qoܥ6 {SF"\Ta`@cl0 Fem}3Qn=:-9<͐U`!8m@83D<[0#_3K ߲a& [)L3;vs"^jI[Sx4I)W@Π! jϤO v6K9ŧ|i-+˾}3}i}vg(^Y F۳Qk_1+G5\ʻW1'ܙϽ vUIΛy@^y4 ؟|׌ѩHDCB-Q䰧T _'] /8K't%߅F- \ e)Mtlܒ4ΉR"+S*OGK$oݶ)C.B:@X pa>ϗo8-t6xuC 4O!S2.^![ײf__H;*L.+MFJԫsZ\WafY37p@7u}ݕc^$6w1/|J ƱC8s~-g[Z *+.|wJ 7K$֤XZՈ4|a| ㉛* bD,Á+k⼱qd~1viybAј3^Qkd^wcwh f^"ZCw)O 'oaM;Nތ&\nQVwp1%G9.{GGiv%=۰qkKAc%NtHrZ㢅0=r98O:M?Ly@Wʓgt:C6 ٭cuGj߯/ s`< Dßgq6\a2^t52PNPaEؐ`zw9yF[sۃ= kSL[Ӂ-,0x;k"vZ&ݡOt+Q뺇?ysХ8b J+AB)VF^k9[F2\ыwVS?KAA= ڨNw4xiݭ(A_֮F!䤑| HV]@xGYEw: {9G(]漇hHU81C~E%d~AL| 񧟌=_l8ܯ~̱SA1ָ6Fs#B+ rǥ6(`͙|ybĂg\TBeǭ>{v ~xx\Aw .[$l|N2p]kً36R %} 3O^KD"IkiMm GlEo8YS: .d1{NVjd4tV{GQρ&moy(X%!qődbdx h ϝC?`EFG-h5nA76ڲzz ,ø{f2.( &ʍSTr󫓹ylyH#?lɚl`qͤ}`՜!b_]NK[HBJȘT CCs %`X8q'#}Mmq.4(@dct5t/UkPTt?&Kb{7)@8WV]/ #bsNo"ăS(:FΪux JH K#lP2pۃۖܩ}izaXL}`+5u_%=ǰ."*xTc^ד>"*ĚKIE 5? tjs⠐Ye= yWGϜdFXyZ옾ˇwĉhG:xLm)dy^Djl|> c_ /hYXB*&h@$/t]: qOG [ksy}w{qZ+z=i0N,ȨΎ rE`g,Zl} BEđ%SI:)~qC[IJѩY2-`pGv;T\w{_ qfSjAJm~ 'eIcG"A10Gbj/3Q/H}%! w&2dNa{6?|X;4" fw'y,~].~Ŕ)gG.SUh '㭞ia]t/ OEvu[pOgyNpbB2Զ\jt+t!bḕ!(q޺=5,\2U FM!/CxPeyjrJVr),֡F6w3p3Lb*C{*) QLsSMn} nG~_~ƒ<^eƿ q|e;;rZ(Ⲃ{#0*Ѕ ꥿_eI늱E}熩-k/HyطPSU(%X=CJ<)[@ b͗ϹɷF!/X JkѬ]*Asy6-p,~ | BǟsV}QX9HҰ*yfz96^{V(ע٦씽Z܆@|}Nٔ:GJ^坎@3#8:uV~!iQR/]U(ѤBg˞1rDkl'nt/I++ 1$6GSz/Dݼ7+\gN .5+3gz5)cs`T0j:|#2g dO0% fcVjRs?JG˪_P2J/~%ﯧ[H~-n(슑_ȞGm֒NEh`_pd3LhB^f-'B߫B[MVɱc" | t`9Nr|BJE73Ҟ8>,Tl36!_.;A㳗'Jd?dyߺ# a,2cƿ3$۠pun1\vީUqt6QRfKX$8OPb@CU/܌DcUAc,0ץIOʨnc 8y~O!GTB$pUd"vOn$ @ŵ`8\ۗS?K_rm Buʑ՗63cw:nw:*{ ,bUNGo苻^{ĭ~5PI7>=)<,ӷq'])kf'H a(qMBӭax%%Z E1<.!Nk!zL|g>$67j9XݰI )3PYn׷- e.GɊ Y 2j‡?AZ\=18)Gclg&HrOM͞;i3ƥL+;/RJ劗|v҈ڌ12+J.hM~;#zk"bVq{ASE);Mi/Ipt_ڧn^,ENNJ"n3lӝXsQE,ՠ Ԭ$!^t'%w@*t:0  " nF۴Z]'Te vqEWb6qyTA)liIUꊀCNYIPxa֒|ԲM)iƗo\#Gw͋ xζ_#άB5w|JДE?puY})."O֮'uCo`>>A=./%_po?K`3)Mqˡ|LdiOgD;.sBJⳅTu^iY.ͻlNw?rSz]$V^up%[ 0?'.lʳL(iR~^Gx+{]1HZ4[v*͟a Wf*~db=!F㋴;lsx5ٓULb1G69$o+ [{h?Āy: I(b,褗佘 T4d0-Hq=ӽSQ/CJ&ip|kJ?АHfJ?N6gA(_ \NWL~H-4v?}BLoG vz}2 g-ݨX .DlЭv^¦E*wYg7I#(5%c&  Y}zyͤȲ6x%K*ɭ-3>,*bxIQbj6Wn>9ѯmu]P>>1 5 )Je#L b`tlRgXéҥG L]M-B[;hQLeŹ*!byˬg[ (T\8+ *(RH:[)*I&-$;Isp?ʠ!G ZXQO tpW}輫䅈akb.Ӌa,;@ q`H8Uڼ`(^4 [ 5)'085keBde%Nd&QqBju3+I,;Su05RR \LD ^r/Cc{#:ڽ\sfuWah,$`"{=|+ 8Hi+ZVT>5Uk gsj6!X&A? 9p"?(;7$'ӷՌΠ?WB=љD^7P> oX D.QhHw._rJ``m/*q/wRst`Yz%‚xޣA+ -MoA@+"Y ÄBY@:nFy$'8.3T/ePp~?@g*'K@'D8!w$cF ZU>QY/Ѣ(⵿7g{&F@ZG>}޲jB/H hpkFp iӗcE~_B*ҋ=3A"ޤ3zp>#!b?U[1cM}UPA 7ƌ{j.s6:7IPƛ3]ABѸl߉9TsC$ؗ3oAنÁy&XncM=?r漚IǣpͥRa?&i?Lk}bh7^tL7Ӈ5Ee[DSVXwBB`~f-\b"* ٰBB5g)+?|ԫ~Ss k$:l*ۏ! -T\*Sw2['Re[+>R`@9TAViYB+`]*tׇV/X0xc`.1X?;#E-wh*.)R?$0LGFi7ݧ\-A V-vl^E;`saؾ{>w8r=x)j/83׷:qӦ66mʃ[[i[緣̌_2'M`1 Ga_a'P)yԣĚ߰|03F:G2=T롙mR6G|8] V˴9"g#Zׄgʠ~FO&C*!^ ֫oɮ cCx1zw- 57a` (j!ڇ^fPl2FV@\)\۠m\̫75(K9a(^0a=.cu$zqQ$vS!TiX7jLџ4l2'61aڑ[< }bN+% $U(*ݻdbXvRRSqeϠ Kr.p0Q~` ۅRyFh/hEj*u3vHo.4Hܲ1 >V;*v_=H RLU^믟,05ې,"~:uaw~:AI<н`J;^oY fX3}l3F<,?9#m0lo loeP[țQ6o OxyRZ{hhiys`gWrA#("@?>">}pmi,5t 3DD ,#vH-6ߔoaYb»?Ȅ6R*V8R! EDMfͱi9Iͯx#rVݘ ";v"n{7'WgXY55dw{S{9|v%]Vf]bZk>yiI~چT_$m7w⽅(v츹#q$̚8.)LNqTۗs 1op2ۺ asտl(=D@&l7G,ZG}=rGF.'SWS;S =2? ^rQ|ҾAtQ໕2$KpD%}SQ&|B H^ hV`R\©Vhz]@2JldЯf\֌JV0忔iu򜦵'N]pt nӼ/; ugW"-\$N~@"pa I콗G "jߙ #!yu"ƚ1d Ʃ>km+f}`|֎ޒiTT*F8(pZ, eb[(FY&^KTr7L:-\ئd#cv++>{V'AE azMzE0L[#*>n)Wc# KGxYԞ7:nI鸦Z zFL0ăݱ> XtɵxvCLIg5L B$*d0ە'g2@& en&K^sm^"| 2;njwu r-€rs!-˱teQ! ("u%k̃krƀG蘯ݚ BH/n/U?Iၽ>gHa pNNh_A 4y)J( OE#߼|ؖztONZ AvEUܳ(Vn/I \k拕rb "S"%ۚtR[AE@NZuiib /قG}[پ1 LUbtx1ӂ;mZg[Ce$Hk){PG<TQIXeکE(ń!UWzVceюcSDQqCG+PJzt:&rK../ԝ@b)Ac).xe1  $>Wjbϩff6#9*>g՞2{++5Bj(@>^Ze_8D18d P>\s4 d *cW!3o/=C%(R8ͧyopLFI-)6/OKiL7nj~%CFb 2d7>u/% +@rRib0TM Ddo]1;@Hsʐ{3 @3W6SaXs[вA)'%,3?tk?)2fz *Ϗ%Ό[rp&knŝZ`][&[$;^QUq8wwO%PDSXݏ8ЀQ{Țmhx]E[!ZUE3}-3|Yw<7V_wf r,ΤVH?(|+H,B!R)BǓP=](ySkrꅀq;RZ)2[(,)j+aڋh㜒tָ\oMs0֠kG\L 8}_ M02 {-G܏ =p)ޔr a"FYj̀ }'B)*'w0CǴ nZÏ<-+`qC_ԻD].іաcpMT{p>W)C'5ػlf9LΨ4X2չ,pF,DFFM(NKݢ<v dZ& JDf۴8*ڌSx{_OB!X )ޛ( Yiso,u^ 6K0.T?a7!LAu e *^D Y/Iaf\١l ݺ  sH!81HWI,[t}; d6~Z% +&n'.)&.v3ш@)ߙަ<0pdH3¼APoF LHs_0ˇՖ Gxktzh*t 0b"f狕˶D&FTlL)(|]zߛh]\=DЁ Jqnb֐}zt=5Fg@vLJl:>|F腏B0|ׇ~^6;,J)Uf+48?<.U?oR7:ӚYdjz ȬlRp?:ft7>Z6FO7Wzjv=w|tw^F²CS Z8N)jU*ԪFV@/ES ūt-9C";O'$'dhH#a7v$8e O RgN ˥9oR\V'XGB(Rj: a=_ LqxJˋ 7?Q/~t !X0M5\y$w [9v^S_ Ysb0t-=lrҚ1_nus7}DLR/Yv#Ͷըrƍ%H/7k{NrE3oUjfM'Gar5ΓL88Ghc~{8bI:LNPlJl͡_+Ҿӂ8.߀Kk"xa({!j_/aj Mc/N4`O$Y oֺҧ!ߤs iQ`ϮRϗ"@KO@UxM3Z[Pg%gM4) 5_@e9|@?b3ڼyC/yQS\33*ć 7Jg#Og @ѳzzCSm0wr=P>4ʓbO,ފzMXXEnLοa?smaC):E6.Vf (F ~j-L-reFHE)#J1 {H~aE[9WD.6E:WSJfFr9m9 _Y-_ .WIz*ddϔڗ}rEգ% 0:s@Ihg ז?6TT h{iF:Ӗ0?hJbP"(o0ՓꍇFȪ}V,H! آQha8An3aSb}7otxBJZ׋pDhT@f4#45IޅAi 'WEfG%D)+̞ ڔoE`9e=]V.T}5.uVii'\hYTfNB'ê5߱;&t4(%@%/v l=2NN~?'>0"w8_J«F1 fr(1SX|VcRyU6F~[*l,M$vM8?Z-C ֔(:Na1vj$w/:3Q`EgRMc|O<%c.auG|40O)%Q6`sp2o2ވV?Y"1%ۗ;N3vLaWDgxMϿm;Dƪ噹>vr1<$*x/ψ^3+E11ϞuVFcbj͔80Yښ%ݙeղ.瑃fw90%K/ـN`(2\5 ;>Eykyx{Z^4 eY0y}RxUMbDaH6HKi''SVƸ]y,R 3v;RL2#HAȽI !(;G;|siPm4L6E¶w',vOx=p"ڍ,ui-;zx9vqG/܄3⺹Sk2 t>,x=28e! =Ym/ @qd$mEs`)_r턬%a[WP7k,G*:>U>%9j 7!wU2$Xo $Y0j\^, V ݮ7 M<яipIc|#@:"v۸嵾r#>&DE~0o4<2k8*i_&mUBGҦ"7T.St7c"o#ܐx'ViǛxuc+_XSY ~d J943 _GF*VAJKGFH'u3wEN~fHg̪WK҂ L4R^=J$qCӧH2,x*w ٥Z **\"ܯE%uML(: mka釄7vZ9]:/uGf&jPYKQalO9BTb/."K(*xL9u/ Ō,%"6<vAlCx}eH*>j}o_iІt!`>w*D UaX;碌>:,}b)eb>_לhw3NE@ pa:͟~^ku?"Wp aJa1顮MKj\<#-fN<~ (#7]+}(dOT+^Fא/zaxwǡvS0zGYTi7~(h/?Ca+V?53ژ:-*<5mM"2uS ? Ife{T]w~@4I (<H/Niml[ #Ks>E5E1juL߆|mj|@em4: 6D&lvѸH-IOy#YPBGw9vbT(*)6[A hC.bʂlZcP1͘ /4eu:xbXåsK\6*[Z,q]%Qv1"ٻ\Ɩa< }-vZKbu p^=o΂1Gp@H6Ax"CN oeH׷O>?=K'_yM:w ʥN֏ NC7n{zҕ$*ou=`pA;B<:3"r+cGOQfa@h֖R?˕^jbiȤhc(~Hכz2N(9 cBvyِՉ"qPjIr3#.INO,L<"$k"!Ra~ ٖgMhfm-!1S{90M!6m,W+?ޚPCj:ff oJ;(BmR} K*/k]c;VKX4b< g>*R&)hᗞ7{ɗ!~r+g6^:^&`{8# rUSh{5̚8svH1,ji68+)-M/v3NsȤgՕ!N> tұ4> I ,RGf=y)@;siXa ۜnJ-]D`!iua;VH6Zt晵C` JIR\g5IP%g,te dsFΦG^j^vι覐}'?aln fK[+,,fy5aw&}1keɰS:^lf<[mqhPYSLn]`yufjRXTm.2](۩WEo;<]5QXlJ^}T:M,&fXz¯ر 9$?1ZX+(K$O]>&OcfWu_i(%}f;+M16B /d\fuh{?F* SA5~_90,$$ {?́@Ag727E,g~Sy؛"uoB1R&EW?9_XIxHtkؘ|5oLT`QHmHWP7W=1` 6u01+EL 5)Q49-Z1zi* :Qۼ`OoP֎nL][uϤyC+y,z9PNNGrG9C@^nA"_0TXwlLcY} 聅#a?2$/S3 `8>u>S@U\qեͽ-22XuNw#1Gh {buc{"hK=[l8~"@J#/[/ #o6ˬgߋVbPg,柱,ÿ"[@H͞` )sndX z673.2 +N~RI~wthylW>y*\6iei*[ :x؎ rHNYׅk0|(1qbP"Xdq=Jyut_ p6r_y5dR*p#;֡w5sY,A4ZzK֠k:؃ ۑ`%Yg+=^:8a;qvs]m+tt* # beM{kD.05:=!][(y{o'XiT/S0" _9 ndT`Qlf3룩EyF<"RzFX$i*fV|,JYZRc3}\zsxIry Hd@j^Ti s{"zaW}mWjtpÖ ~vh#KV9&=`npo1P|ԧmVKQĬ6g0˫VA; S58C8VgR3r?j#3oFGQ^mј<(*C&1+%ҽ|e:U hѲ!QBFEP//XύB˝#ٿI}yfo3\/<yxFM {`r YOŎx3°ΤΏ,xjGǹq ] u_ kZپ= }씅ԭ}j[+=drX: -Fgb+`OvYC4#0 Q¡Kq߽:cj 跸TMtOC]Ⴥus^C45l@U2^rl>$>ً.nHg[OBL#t1( LcM FO\C$Y4hX;?z!<ɚ:$aj@[mu-O _=Eݓ +ŗuLX876 o2~ ͘(EwK4'mܺ^%&D\AY]xbiE?{d_gG+hr:-O`6ފje|%|/h5xigHzT#M^TRz} Z9ɻLӊP)s̮h&eA6I6i^N1r(eG^";pc,GDw,S)ܭ_??zl;y Չ&ȹT{. xE*L4-hhD3=Q'v7P8?avR^;R%稉l "Fb_ l1RwQͶy PىM>q1)6U>v4 l-DTi#mZ[N!kJL-<*G"?eƙLQ}YaE(渻yEH`7; NJc5;7/gVB}g lӼeZe|Jn=%V<{d/;+pO Ri3- 1T!7T:DAAv_$ArO# aVrP%;Cn򄶼v Nx76sIE&w$q{l:/-L(ír,xG&u џ"5$:}Ue! m@)ˠ#v)JiL;&u!諎]nnd\ƨY3m2SX`s%hw74_lޮ4W@FV&j } Kj>q( nDMzC$#ù~ (xu 4|9*,ucQa@:1nCZ\U`SRkAYxcTal2Qf@X<ȿTJwNǯD_n+$slC3"ufHa "ӂ㬽N14< NshKL"y;@'Yj%kSvyPa3gf " ymf6\sMdQu*xّ',)lFkTus@t#t'RlL VmZHDA Q{L7Apfꃹ]cQ7w(csKg'CS`7r=USz'cOw(r8ܘf_mH_%!-)H]LbCأX]Xe3˧UW%]D g3A>3TIg'Ur6nuj2yVoՂU E DݣE X/vBZ̪&ea`Ä.mXJYN]Uh@\%KY£h!L J56dNkXWqN]!f+; .ф^USә'z w?0sm2 9TMN|MQ [ z@H Ŭ6PmdͲ|vF=aέX5;+85VP!N5|~ g83Ε^&]͟FMҫ&mF}^m9u ϺA-#uk9 zD0d[3Xyqו`O7(U[g$."p"gW{KE]>Λs|+[eA_j̊+1A5y;B'J,I=9ߔJlʜE1X#7vs73&,LЈ>>&pב_r>].1Y{<=zJn"M,EEYSYOw^{IpĠ4WcґXqWِ;xw|ˁT9+ٚ .#&ĂWEzwl̅4{wy'!eaX7+UGxSzVG먍4^}ݻ!ߜ Sc -ků\-7f5gwe(*'Q[ǥ}'3GЇ' MXp3᫡֓OōmM'qÍ>ƭWBPDS:&:m£&yLhtxORt s9n87b7.Wj8sitaP{tzR^%\oڮ졓_ԃCE‰ab#̍X6)>e}rO+l,yWAP{<8 (8St1UF>`ş\GZ)Y3S_<Ǐ~IIgzz)UvUu%:9W kطUB^ih07C{?[w2leMqV{&4LQԲwo~0 aO{"gm=<ڦ|QJ о-Ts_zpMՄ@!,-j;WzuL1X9V`XEʇv#إzf ydmfJѿ2&:$}{*\13}[9džZ ?E:cпpVv[͆<9e(RvE81yÄx1ظ.7䈽 h4R9}㭉_֔6A2ˆ\VkcɅ/x7#aIkv 2(7 s`XQJ9l$410F-BR_p>B|[B>R*xbqRavVI邴/h&`v4wW)U:!x{LXtBWwS?)"+[غ;ij\|cBܔ́аj'nV{#&=7%\4;u@ 3j8Ch}/&g’S<LaQ'b〉\ziװJmAB-AduzuRix-;k)tYS^Ɖg,4^aXǑ3֞S~׶eP:JS&'q3pиd S ߀_界>;> l'^Y'8(wK?BHeBr% 4[Ba⧷ҔBS"_Ъ߶М;e3%YvLa\ `>Z*E>I*Axlӥ=_ɫu4Dۥbl l;׽E w^+Rf6?ُ/*AS%)1Ν"GR8Eas[Nb XdԆ@ E#{..'ND5 `M?'1-ޙ{b3Wi9)5\'eo[ַ|6rO}z0H)xi4ic{Mʊ$+Rٳt$6LȴJ U$YV;-z |^=s; (/aBǟ*Or ![L[ɭ3BB-sh~#Ӳ 4)cMa>0ϲ(=7gK;O.%7dRG p y@pad 8I2H mU+5"V{?L#(8o?#M5.R 'Z1\3dZ#}@bz87(@3k P.fZbl)s@ = &Uk(TbG^iě@4BGQK G.DZj Qu9~q c"y}Mr o\E vi-}ewbj'4B5@ORdo^Gϯӧ=C&m[r=J 3]W3,vtt S1O5`y:}'Z3:ɗ_]-9mb&=5Z ~kÎvlH0lu]]&! XO_.Io %ROScAٹBd?bۦ1 ~P0vi :gAv15n,4۵bH>D/)Voϱ5x"-<5]>n.Wz}̉H+ʗnZ~-ʦHgzC0|QH5Dtױ>g<=a2-Y=&wy )#HE\\)]x'GGb[5uBfQlB]<Ï!m_3 1Txh"__H dѭfd_mTL0D8zXt)]%pTHre]큷y@ _2D%H E߇߃!8KO v8W󳧐;g. dsgw6˚HoR^ɗY9Czs&$T1` řѷ;,Ƥ1Jט:>\-/Om" [6]naQ㾤 jm ec2tܷY3qml9 " k_|3j A4Mv'z퐤?d(B ڱh5Y9%"ЖãUdFڒՅ "d2Ԥ^[d_FXp0/oz"O* MbO`}eZwx`{-)$8R^bUD1'!УӘT&t.f~ח4u"#M)pV댒)ï:*pS鹮@M -m)jLkn|=5õ REΑĩJ3L$և?-NuK ĠmFIq>chX'_9rszMvwTY_M7eRfgkM`D6`=ٖ IjAƎuMdAuֲ '_C9jeX~6SaCS%OE7qY7U<8eߥfuuVyV?ϾCߕ oWIpC$WvNgCK!pbxHmҌ].~/w4gl;!zMK@s{fl >PNeQU#xm|6ۭqCRgT𖘤cǜG1]Bo" 0{  jCˣ7cCV~gIABxM! i7I[Y4mg:z6s:C^$.GY.E$bK=ii}}ZDyZ@YWc%%I[)xkT$E'PCy,ԉqZu.gW߶ 8P:bM? XLMvtr3?=sg f5-΅fI5 EZ r^-E/g5$!nE7ʐ}2^F+)!t*bU"$-/zJݻLdCfX?8aF\\]/by,*#Swg΢Y¤pmrDz>zژ_a7"2b&o=I}hj8m'ntWƔ7gOZuR졷í!/pw'tj KMV2>֎w~*J/+ /ฯ>lJ (Y |i _ޣIpHOQR?VASwt~ƺx 3%r1M/AdB ]KTXrMtu XJ? i7y9d~&B6HmQ^:Ѥhǝy*ѩ]THqi8SLI7fӌ0yԖ@^vC$;B#}goJQJʀ6?ih%Z~sܢSBLhP/}EBT,$mwY-)Wd1eCQSözeruhj>?k FğǭSj3%mwǔP`! a<_z]^t^gӪ% y}nV-y%kq$x"VXE&ƂRT9>e+A4ɞ|kɅ8ͫRߞ-P̔ 9nOp/$y7<X!/Z7ebք 9' cb-tEO'*UвN; v$#v=sӛJcGꎥ@La?x{7d!3܏&4&bP q\1u ,)EaE|0{L yn 5}w]bB@2:liC;$'+fV+j` Zj?#nӚKEI!9fBz鬕`\&ɓKg^.Ί>A@5]A1]V[:^wt1r{qnK~6JT28ҜϰlK SNv'\>U ]&ÈCi˹G;$jW&} rdcח@>ôz#ʹ|hI sVZir걟/Q33y'B5/dA9@y] pj A`m(cI? ,X6ŚZ 1藔|4SAys6"3DaS%c6xxC/2u 66Ai[ uz@DbE; ųpuV.y?Bir*UŽ|BZXI 9ݵ mR)wĂ௑UOaK`gDqw[Ywcg L)yAKz Āw"EȥLVG[zY:Gx'*_XH虞{mB1a%l >كq,Zx1u}1#*{cU,O=4Ǫ1!(c2]jj+}JI J~A1+I*F-2'洿ZM] s'v!^jٙvFj`}OQj.6`mN~f3b!,(I_^Q';\?ig'O`sܷʙy>vbX ȥMw\FP~P +<1[i0$nƘ[GT!쎟豫U 6*?Uk8^&C$+Nay`~< \CR M/Ep(Onm} Vw,OyaNۺh1eG P% $A?7ylj-:~\ל[S 9D!0Y!KSn|QD_\Z.bs$EZsoX΍M/܊K%gZksvX'/͇McoYȱ_2Z|g3D@YRz!lm"ɉ_|~+IP# ȴ9i10ig9}i&a BWoEY?jcl 6eaO"d8L75hұ;4-`{?L婴 G>tP+Ex k="ҏB\BkCYͺNE2vnsRF}p\=]%ݓL1ik9 Ǻz.NLJ=n_Ls'e&K)ҍȃ*ᅙ%G(3*mqsc6fV;3b|QgVxf4ɠK&TN6үǎᷝ|?.64I.ESn1?iE1D)Mتxs ad]hrZ_$Z_#DMy{XWdʼ8u4h %pĸt̂'WvP%?ft\5kQG#ԠS򯁗ycr/1I/]9$!1*& <҃7JLp>[1ZVѨ| u~_ DlRp{պ %qOn1^<_H^nRPHm1s-9O;GM@RP1g3 pBI>'g,swSYmt*1 5408y_-,b&H}Yʠ!:h1!9>guQE~)IYM܂.*[};`^۽$_rwE Ē9[g->fLq(Pb+Niu} פ^&&Y8QnOg##sW&ZnيO' R8zR<@5"Ʊ ^˴kJm\<<8դIA {ݎ ʂ~g`,5w)7D0A$M鑊ATj*6=ICП&Hc+:8NgZ't^=K<4ڰٛBPKSɈcG)@(5HYj;~yl(*4dEi *F3mf˜ M"Ϳ~ݪˮZ:FņeFjIG~ :6/ެ 3$ZN{)VrbыW+ݠuwz~L~VHtHA)|Ғw:· Sz~!g#=5w=AvF 4_Sgo3f$M7 NFۍ=|_dٹlږ΁rArZI䑇[K]LMP`@/8/G)nI0Rn4QO-i(cŴ@hڝN@G@wMrG^pq!@0pz<>7A!.#efpYg/;+}txXN-c!ƘKQ$Y+jmU4lYh^?ٯ'OWA<U녈{De nETBB?2PC(oCE>_*TW1$^s/Lj"`KοF ןA}eh=EF?wG#(Q3)(^#ت 9E`LI R9_Ui,O ^}n2)PaŠ)4q5o`϶RbהQC+}=`DDA{ٙ%ŸoȦ |:I;svى l0Xr2[_62i3_ERQۃhJ·ǭ*)=q+X؍$ǘ66^OkYA- A6 ukqdJJ>0'e1mZKM/F 肋Fm'Gpٱ ʖI4d o+&q4/a&F=Q+X~')檈2X6++Eajտ,OQ>T:zUWS| ]NDn`E|&AxyۥYF<C"qX@TY|y XS[lYWf]dJE HN'ģk5KQ鉼FGYnn9jT8r;aՏ.!(4BK'h}5#1Gvl; hYl NA>hb_pG2$*`WHA"yT AW2~4L[V Eچm@,_B7k%n? sPWqr^h,~=1!Iq +2w0qf'VsK!oCR5 kP mS WY&srGؗ# [ =H@'a%ux̚d0_Մ5#KJ^nfTLñM0vkdW4v$F)@!gK$HrX|A:CϡIr$% tӌ)jU%&Ü}0h 4)oں@Hmf{\WlD8bx2b;,`eDߦb2W,5:{j/P+6@u+O;S(U7e!X ?g:F^hCP8\9Q(̀DS0tH?XR1cx8ȕdX?h!7y@ @uK^O H[;pE$É"K! !UOG/y:̞/Ġ譯j>i9Q>U=,N%,;Ju< #ym{gqYUnU]PKՖ* OF:jd~FPQ0%Y TEc:U0!IgAPɑƆ 4eegN7Nm^ÅbG͕ڭԎtsh%2TLuD?v'huجQ+ =9}]YD9WR^gACymM,.y/X}X|8AǷc"xbf_^Jk^ʓmScXfwjC#;ʬ&KRߚ8W.?-[H聅 8{eZ@3~3t+8U"JKp1铃K8󧱉'J'x8|B€O>7ϑԋWuCZ쿧rkq1ѽ!gW; .P¹l wW }6 <@ ~ҁa$G8% κ~!M%#Q%`cЖج-XQ'Q2E~W$:;" kEEa"_SLNҬNb?*q& q1IHSúqf-kW6ЙOL(?~#UCFܜvf=d<>Ht~ R,y .B8aQ4XOuc0{^ɟ_o/Z4{jr:qGᬏ'u?o(תS %Pk#Lt DPIR2*]R A-N&On\[R?x{} \Z2yycl%ٜ] \{vj4Nͨ! }cN]|[ 1C;m6bw.׌eد< ӊϖًRMgKs, 2qܬ6ʉIGtt=ʢlzn f~i]>\hUo?$JPbƝ)uvk@(ػb؄y*E2y=!q<\D9-W,A$M2~d2‡6 ?^eG_pԞy'3Џ LWnQa^q-Ŧ ~Y%!dsvo8>m{4ѼZ,v}B-f sy7'2A.d6r%7R9aS#:LwΉh~ԍ|yzUd&0LV"$Qj?AܟCaG5^eh0:)tX`NsXěbl*jZbYiҿA+XluWr QʑjDDZK"` z2k^fP@;]GN0́VYO \H?Qw/ zۢl*ή\K@5aGi_1Fyטo7U ܯ5UK07wQD 'IES?E~ k*KrN#P$kY|=(ޔ@"hhB-! O΢ W>rnEh.&e4MwUg$!uK0$8DFt RIHB mI!%v2i%`$J(')S#n 4D\@I?6hQW,GC2Yޘw8?Pw%TlL%w:HQ]V636`oǩk/&>>M$[ >LK|famrw# 3>!(pel,=s&&l)Ӿ8/`]j'z`g9 I LqNR(A^].Yɏ|f6;q{pva0wuwj9qILZTRq2R;0(ߜDx1uz\;aU9󦢥A75k#R.ߒlQ+&zńN !`|z(Nuɲk0 |d}p 9edCT/F6)^bU8F;? %U{+|K:NWgVZw&kF$Vcw5bN)"R-$p&jX07*h>4Ɓ[Є&3?[!zEB-iV6%&s>>4͞K.Ǭ1Y'8x蟌ۊt-}-\N՟z?S';v<Yìn2}L֑s$dH" ڣ`_]qOLș(U4qac)ML~fu\&ۀӽ<p3sʜk .*/%,rVkN@#}Fn<1e&f08#S~<.aT?[>8m7oBGW=[-;ĸ ͐ŏf^WR~GO;bŖ%:% CfHk]-i;c0Y4yhsRbܪ[yiO0U1 ֽOTj.ͻ$JVM$28u7]%ZbHf2z&| /wsc{Z 1A=wiC驹\EF Zھ\~JRo/"X":ޒ-S5*PtArFws>̎6GQvt*LvAJ{PDҮN_r,s;eWH]X#;.$a9-*4)0b/čK¢ YZ